} if ($id) { print '<div class="actionresult">'; reset($struct); while (list($key, $val) = each($struct)) { $a = $b = ''; if (strstr($val[1], ':')) { list($a, $b) = explode(":", $val[1]); } if ($a != "sys" && isset($_POST[$key])) { Sql_Query("update {$tables["admin"]} set {$key} = \"" . addslashes($_POST[$key]) . "\" where id = {$id}"); } } if (ENCRYPT_ADMIN_PASSWORDS && !empty($_POST['updatepassword'])) { //Send token email. print sendAdminPasswordToken($id) . '<br/>'; ## check for password changes } elseif (isset($_POST['password'])) { # Sql_Query("update {$tables["admin"]} set password = \"".sql_escape($_POST['password'])."\" where id = $id"); } if (isset($_POST["attribute"]) && is_array($_POST["attribute"])) { while (list($key, $val) = each($_POST["attribute"])) { Sql_Query(sprintf('replace into %s (adminid,adminattributeid,value) values(%d,%d,"%s")', $tables["admin_attribute"], $id, $key, addslashes($val))); } } $privs = array('subscribers' => !empty($_POST['subscribers']), 'campaigns' => !empty($_POST['campaigns']), 'statistics' => !empty($_POST['statistics']), 'settings' => !empty($_POST['settings'])); Sql_Query(sprintf('update %s set modified=now(), modifiedby = "%s", privileges = "%s" where id = %d', $GLOBALS['tables']["admin"], adminName($_SESSION["logindetails"]["id"]), sql_escape(serialize($privs)), $id)); print $GLOBALS['I18N']->get('Changes saved'); print '</div>'; } else {
logEvent(sprintf($GLOBALS['I18N']->get('invalid login from %s, tried logging in as %s'), $_SERVER['REMOTE_ADDR'], $_REQUEST["login"])); $msg = $loginresult[1]; } else { $_SESSION["adminloggedin"] = $_SERVER["REMOTE_ADDR"]; $_SESSION["logindetails"] = array("adminname" => $_REQUEST["login"], "id" => $loginresult[0], "superuser" => $admin_auth->isSuperUser($loginresult[0]), "passhash" => sha1($_REQUEST["password"])); ##16692 - make sure admin permissions apply at first login $GLOBALS["admin_auth"]->validateAccount($_SESSION["logindetails"]["id"]); if (!empty($_POST["page"])) { $page = preg_replace('/\\W+/', '', $_POST["page"]); } } #If passwords are encrypted and a password recovery request was made, send mail to the admin of the given email address. } elseif (isset($_REQUEST["forgotpassword"])) { $adminId = $GLOBALS["admin_auth"]->adminIdForEmail($_REQUEST['forgotpassword']); if ($adminId) { $msg = sendAdminPasswordToken($adminId); } else { $msg = $GLOBALS['I18N']->get('Failed sending a change password token'); } $page = "login"; } elseif (!isset($_SESSION["adminloggedin"]) || !$_SESSION["adminloggedin"]) { #$msg = 'Not logged in'; $page = "login"; } elseif (CHECK_SESSIONIP && $_SESSION["adminloggedin"] && $_SESSION["adminloggedin"] != $_SERVER["REMOTE_ADDR"]) { logEvent(sprintf($GLOBALS['I18N']->get('login ip invalid from %s for %s (was %s)'), $_SERVER['REMOTE_ADDR'], $_SESSION["logindetails"]['adminname'], $_SESSION["adminloggedin"])); $msg = $GLOBALS['I18N']->get('Your IP address has changed. For security reasons, please login again'); $_SESSION["adminloggedin"] = ""; $_SESSION["logindetails"] = ""; $page = "login"; } elseif ($_SESSION["adminloggedin"] && $_SESSION["logindetails"]) { $validate = $GLOBALS["admin_auth"]->validateAccount($_SESSION["logindetails"]["id"]);
# add a testlist $info = $GLOBALS['I18N']->get('List for testing'); $result = Sql_query("insert into {$tables['list']} (name,description,entered,active,owner) values(\"test\",\"{$info}\",now(),0,1)"); $info = s('Sign up to our newsletter'); $result = Sql_query("insert into {$tables['list']} (name,description,entered,active,owner) values(\"newsletter\",\"{$info}\",now(),1,1)"); ## add the admin to the lists Sql_Query(sprintf('insert into %s (listid, userid, entered) values(%d,%d,now())', $tables['listuser'], 1, $userid)); Sql_Query(sprintf('insert into %s (listid, userid, entered) values(%d,%d,now())', $tables['listuser'], 2, $userid)); $uri = $_SERVER['REQUEST_URI']; $uri = str_replace('?' . $_SERVER['QUERY_STRING'], '', $uri); $body = ' Version: ' . VERSION . "\r\n" . ' Url: ' . $_SERVER['SERVER_NAME'] . $uri . "\r\n"; printf('<p class="information">' . $GLOBALS['I18N']->get('Success') . ': <a class="button" href="mailto:info@phplist.com?subject=Successful installation of phplist&body=%s">' . $GLOBALS['I18N']->get('Tell us about it') . '</a>. </p>', $body); //printf('<p class="information"> //'.$GLOBALS['I18N']->get("Please make sure to read the file README.security that can be found in the zip file.").'</p>'); print subscribeToAnnouncementsForm($_REQUEST['adminemail']); if (ENCRYPT_ADMIN_PASSWORDS && !empty($adminid)) { print sendAdminPasswordToken($adminid); } # make sure the 0 template has the powered by image $query = sprintf('insert into %s (template, mimetype, filename, data, width, height) values (0, "image/png", "powerphplist.png", "%s", 70, 30)', $GLOBALS['tables']['templateimage'], $newpoweredimage); Sql_Query($query); print '<div id="continuesetup" style="display:none;" class="fleft">' . $GLOBALS['I18N']->get('Continue with') . ' ' . PageLinkButton('setup', $GLOBALS['I18N']->get('phpList Setup')) . '</div>'; unset($_SESSION['hasI18Ntable']); ## load language files # this is too slow $GLOBALS['I18N']->initFSTranslations(); } else { print '<div class="initialiseOptions"><ul><li>' . s('Maybe you want to') . ' ' . PageLinkButton('upgrade', s('Upgrade')) . ' ' . s('instead?') . '</li> <li>' . PageLinkButton('initialise', s('Force Initialisation'), 'force=yes') . ' ' . s('(will erase all data!)') . ' ' . "</li></ul></div>\n"; }