Annotation of /trunk/vhcs2/patches/vhcs2-2.4.7.1-security-fix-RS-2006-1.patch
Parent Directory | Revision Log
Revision 267 -
(hide annotations)
(download)
Mon Jul 16 17:07:58 2007 UTC (17 years, 2 months ago) by niro
File size: 35768 byte(s)
Mon Jul 16 17:07:58 2007 UTC (17 years, 2 months ago) by niro
File size: 35768 byte(s)
-several fixes for vhcs2-2.4.7.1-r1
1 | niro | 267 | diff -Naur vhcs2-2.4.7.1/gui/include/login.php vhcs2-2.4.7.1-magellan/gui/include/login.php |
2 | --- vhcs2-2.4.7.1/gui/include/login.php 2005-12-31 12:09:05.000000000 +0100 | ||
3 | +++ vhcs2-2.4.7.1-magellan/gui/include/login.php 2007-07-16 17:09:03.000000000 +0200 | ||
4 | @@ -1,710 +1,718 @@ | ||
5 | -<?php | ||
6 | -// ------------------------------------------------------------------------------- | ||
7 | -// | VHCS(tm) - Virtual Hosting Control System | | ||
8 | -// | Copyright (c) 2001-2004 be moleSoftware | | ||
9 | -// | http://vhcs.net | http://www.molesoftware.com | | ||
10 | -// | | | ||
11 | -// | This program is free software; you can redistribute it and/or | | ||
12 | -// | modify it under the terms of the MPL General Public License | | ||
13 | -// | as published by the Free Software Foundation; either version 1.1 | | ||
14 | -// | of the License, or (at your option) any later version. | | ||
15 | -// | | | ||
16 | -// | You should have received a copy of the MPL Mozilla Public License | | ||
17 | -// | along with this program; if not, write to the Open Source Initiative (OSI) | | ||
18 | -// | http://opensource.org | osi@opensource.org | | ||
19 | -// | | | ||
20 | -// ------------------------------------------------------------------------------- | ||
21 | - | ||
22 | - | ||
23 | - | ||
24 | -function register_user($uname, $upass) { | ||
25 | - | ||
26 | - global $sql; | ||
27 | - | ||
28 | - global $cfg; | ||
29 | - | ||
30 | - | ||
31 | - $timestamp = time(); | ||
32 | - | ||
33 | - | ||
34 | - if ($cfg['DB_TYPE'] === 'mysql') { | ||
35 | - $query = "select admin_id, admin_pass, admin_type, created_by from admin where binary admin_name = ?"; | ||
36 | - } | ||
37 | - | ||
38 | - $rs = exec_query($sql, $query, array($uname)); | ||
39 | - | ||
40 | - if (($rs -> RecordCount()) != 1) { | ||
41 | - | ||
42 | - write_log("Login error, <b><i>".htmlspecialchars($uname, ENT_QUOTES, "UTF-8")."</i></b> unknown username"); | ||
43 | - | ||
44 | - return false; | ||
45 | - | ||
46 | - } | ||
47 | - | ||
48 | - $udata = $rs -> FetchRow(); | ||
49 | - | ||
50 | - if (crypt($_POST['upass'], $udata[1]) === $udata[1] || md5($_POST['upass']) === $udata[1]) { | ||
51 | - | ||
52 | - if (isset($_SESSION['user_logged'])) { | ||
53 | - | ||
54 | - write_log($_SESSION['user_logged']." user already logged or session sharing problem! Aborting..."); | ||
55 | - | ||
56 | - system_message(tr('User already logged or session sharing problem! Aborting...')); | ||
57 | - | ||
58 | - } else { | ||
59 | - | ||
60 | - if ($udata['admin_type'] == "user"){ | ||
61 | - | ||
62 | - $domain_admin_id = $udata['admin_id']; | ||
63 | - | ||
64 | - $query = <<<SQL_QUERY | ||
65 | - select | ||
66 | - domain_status | ||
67 | - from | ||
68 | - domain | ||
69 | - where | ||
70 | - domain_admin_id = ?; | ||
71 | -SQL_QUERY; | ||
72 | - | ||
73 | - $rs = exec_query($sql, $query, array($domain_admin_id)); | ||
74 | - | ||
75 | - $user_dom_data = $rs -> FetchRow(); | ||
76 | - | ||
77 | - if ($user_dom_data['domain_status'] != $cfg['ITEM_OK_STATUS']){ | ||
78 | - | ||
79 | - write_log( htmlspecialchars($uname, ENT_QUOTES, "UTF-8")." Domain status is not OK - user can not login"); | ||
80 | - | ||
81 | - return false; | ||
82 | - } | ||
83 | - } | ||
84 | - | ||
85 | - // all is OK let's login the user | ||
86 | - $user_login_time = time(); | ||
87 | - | ||
88 | - $query = <<<SQL_QUERY | ||
89 | - insert into login | ||
90 | - (session_id, lastaccess) | ||
91 | - values | ||
92 | - (?, ?) | ||
93 | -SQL_QUERY; | ||
94 | - | ||
95 | - $rs = exec_query($sql, $query, array($uname, $user_login_time)); | ||
96 | - | ||
97 | - | ||
98 | - $_SESSION['user_logged'] = $uname; | ||
99 | - | ||
100 | - $_SESSION['user_type'] = $udata['admin_type']; | ||
101 | - | ||
102 | - $_SESSION['user_id'] = $udata['admin_id']; | ||
103 | - | ||
104 | - $_SESSION['user_created_by'] = $udata['created_by']; | ||
105 | - | ||
106 | - $_SESSION['user_login_time'] = $user_login_time; | ||
107 | - | ||
108 | - write_log( htmlspecialchars($uname, ENT_QUOTES, "UTF-8")." user logged in."); | ||
109 | - | ||
110 | - return true; | ||
111 | - | ||
112 | - } | ||
113 | - | ||
114 | - } else { | ||
115 | - | ||
116 | - write_log( htmlspecialchars($uname, ENT_QUOTES, "UTF-8")." bad password login data."); | ||
117 | - | ||
118 | - return false; | ||
119 | - | ||
120 | - } | ||
121 | - | ||
122 | -} | ||
123 | - | ||
124 | -function check_user_login($uname, $utype, $uid) { | ||
125 | - | ||
126 | - global $cfg, $sql; | ||
127 | - | ||
128 | - $timestamp = time(); | ||
129 | - //lets kill all time out sessions | ||
130 | - global $cfg; | ||
131 | - $timeout_sessions = $timestamp - $cfg['SESSION_TIMEOUT']; | ||
132 | - $query = <<<SQL_QUERY | ||
133 | - delete from | ||
134 | - login | ||
135 | - where | ||
136 | - lastaccess < ? | ||
137 | -SQL_QUERY; | ||
138 | - | ||
139 | - $rs = exec_query($sql, $query, array($timeout_sessions)); | ||
140 | - | ||
141 | - | ||
142 | - if (isset($_SESSION['user_logged'])) { | ||
143 | - | ||
144 | - $user_id = $_SESSION['user_logged']; | ||
145 | - | ||
146 | - $query = <<<SQL_QUERY | ||
147 | - select | ||
148 | - session_id | ||
149 | - from | ||
150 | - login | ||
151 | - where | ||
152 | - session_id = ? | ||
153 | -SQL_QUERY; | ||
154 | - | ||
155 | - $rs = exec_query($sql, $query, array($user_id)); | ||
156 | - | ||
157 | - if ($rs -> RecordCount() == 0) { | ||
158 | - | ||
159 | - write_log($_SESSION['user_logged']." user session do not exist or killed"); | ||
160 | - | ||
161 | - return false; | ||
162 | - | ||
163 | - } | ||
164 | - | ||
165 | - | ||
166 | - if ($timestamp - $_SESSION['user_login_time'] <= $cfg['SESSION_TIMEOUT']) { | ||
167 | - | ||
168 | - $_SESSION['user_login_time'] = $timestamp; | ||
169 | - | ||
170 | -$query = <<<SQL_QUERY | ||
171 | - update | ||
172 | - login | ||
173 | - set | ||
174 | - lastaccess = ? | ||
175 | - where | ||
176 | - session_id = ? | ||
177 | -SQL_QUERY; | ||
178 | - $rs = exec_query($sql, $query, array($timestamp, $user_id)); | ||
179 | - | ||
180 | - goto_user_location(); | ||
181 | - | ||
182 | - return true; | ||
183 | - | ||
184 | - } else { | ||
185 | - | ||
186 | - $query = <<<SQL_QUERY | ||
187 | - delete from | ||
188 | - login | ||
189 | - where | ||
190 | - session_id = ? | ||
191 | -SQL_QUERY; | ||
192 | - | ||
193 | - $rs = exec_query($sql, $query, array($user_id)); | ||
194 | - write_log(htmlspecialchars($uname, ENT_QUOTES, "UTF-8")." user session timed out"); | ||
195 | - | ||
196 | - return false; | ||
197 | - | ||
198 | - } | ||
199 | - | ||
200 | - } else { | ||
201 | - | ||
202 | - | ||
203 | - write_log(htmlspecialchars($uname, ENT_QUOTES, "UTF-8")." bad session data."); | ||
204 | - | ||
205 | - return false; | ||
206 | - | ||
207 | - } | ||
208 | - | ||
209 | -} | ||
210 | - | ||
211 | - | ||
212 | -function goto_user_location() | ||
213 | -{ | ||
214 | - $path = explode("/", $_SERVER['SCRIPT_NAME']); | ||
215 | - | ||
216 | - $found = false; | ||
217 | - | ||
218 | - for($i=0; $i< count($path);$i++){ | ||
219 | - | ||
220 | - if($path[$i] == $_SESSION['user_type']){ | ||
221 | - | ||
222 | - $found= true; | ||
223 | - | ||
224 | - } else if ($_SESSION['user_type'] == 'user' && $path[$i] == 'client') { | ||
225 | - | ||
226 | - $found= true; | ||
227 | - | ||
228 | - } | ||
229 | - } | ||
230 | - if(!$found) | ||
231 | - { | ||
232 | - | ||
233 | - if ($_SESSION['user_type'] == 'admin') { | ||
234 | - | ||
235 | - header("Location: ../admin/manage_users.php"); | ||
236 | - | ||
237 | - } else if ($_SESSION['user_type'] == 'reseller') { | ||
238 | - | ||
239 | - header("Location: ../reseller/index.php"); | ||
240 | - | ||
241 | - } else if ($_SESSION['user_type'] == 'user') { | ||
242 | - | ||
243 | - header("Location: ../client/index.php"); | ||
244 | - | ||
245 | - } | ||
246 | - } | ||
247 | - | ||
248 | -} | ||
249 | - | ||
250 | -function check_login () { | ||
251 | - | ||
252 | - if (isset($_SESSION['user_logged'])) { | ||
253 | - | ||
254 | - if (!check_user_login($_SESSION['user_logged'], $_SESSION['user_type'], $_SESSION['user_id'])) { | ||
255 | - | ||
256 | - header("Location: ../index.php"); | ||
257 | - | ||
258 | - } | ||
259 | - | ||
260 | - } else { | ||
261 | - | ||
262 | - header("Location: ../index.php"); | ||
263 | - | ||
264 | - } | ||
265 | - | ||
266 | -function change_user_interface($form_id, $to_id) { | ||
267 | - | ||
268 | - global $sql; | ||
269 | - | ||
270 | - global $cfg; | ||
271 | - | ||
272 | - | ||
273 | - $timestamp = time(); | ||
274 | - | ||
275 | - if ($cfg['DB_TYPE'] === 'mysql') { | ||
276 | - $query_from = "select admin_id, admin_name, admin_pass, admin_type, created_by from admin where binary admin_id = ?"; | ||
277 | - $query_to = "select admin_id, admin_name, admin_pass, admin_type, created_by from admin where binary admin_id = ?"; | ||
278 | - } | ||
279 | - | ||
280 | - $rs_from = exec_query($sql, $query_from, array($form_id)); | ||
281 | - $rs_to = exec_query($sql, $query_to, array($to_id)); | ||
282 | - | ||
283 | - if (($rs_from -> RecordCount()) != 1 || ($rs_to -> RecordCount()) != 1) { | ||
284 | - write_log("Change interface error => unknown from or to username"); | ||
285 | - return false; | ||
286 | - } | ||
287 | - | ||
288 | - | ||
289 | - $from_udata = $rs_from -> FetchRow(); | ||
290 | - | ||
291 | - $to_udata = $rs_to -> FetchRow(); | ||
292 | - | ||
293 | - | ||
294 | - // let's check if TO_DOMAIN Status OK | ||
295 | - // if domain satus not OK -> don't add mail accounts or subdomains .. or something else | ||
296 | - | ||
297 | - if ($to_udata['admin_type'] == "user"){ | ||
298 | - | ||
299 | - $domain_admin_id = $to_udata['admin_id']; | ||
300 | - | ||
301 | - $query = <<<SQL_QUERY | ||
302 | - select | ||
303 | - domain_status | ||
304 | - from | ||
305 | - domain | ||
306 | - where | ||
307 | - domain_admin_id = ? | ||
308 | -SQL_QUERY; | ||
309 | - | ||
310 | - $rs = exec_query($sql, $query, array($domain_admin_id)); | ||
311 | - | ||
312 | - $user_dom_data = $rs -> FetchRow(); | ||
313 | - | ||
314 | - if ($user_dom_data['domain_status'] != $cfg['ITEM_OK_STATUS']){ | ||
315 | - | ||
316 | - write_log("Domain ID: ".$to_udata['admin_id']." - domain status PROBLEM -"); | ||
317 | - | ||
318 | - return false; | ||
319 | - } | ||
320 | - } | ||
321 | - //end of Domain User Status check | ||
322 | - | ||
323 | - | ||
324 | - | ||
325 | - if ($from_udata['admin_type'] === 'admin' && $to_udata['admin_type'] === 'reseller') { | ||
326 | - | ||
327 | - $header = "../reseller/index.php"; | ||
328 | - | ||
329 | - } else if ($from_udata['admin_type'] === 'admin' && ($to_udata['admin_type'] != 'admin' || $to_udata['admin_type'] != 'reseller')) { | ||
330 | - | ||
331 | - $header = "../client/index.php"; | ||
332 | - | ||
333 | - } else if ($from_udata['admin_type'] === 'reseller' && ($to_udata['admin_type'] != 'admin' || $to_udata['admin_type'] != 'reseller')) { | ||
334 | - | ||
335 | - $header = "../client/index.php"; | ||
336 | - | ||
337 | - } | ||
338 | - | ||
339 | - // lets check and go from bottom to top User -> Reseller -> Admin | ||
340 | - | ||
341 | - else if (isset($_SESSION['logged_from'])) { // ther is SESSION 'logged from' -> we can go from Buttom to TOP | ||
342 | - | ||
343 | - if ($from_udata['admin_type'] === 'reseller' && $to_udata['admin_type'] == 'admin') { | ||
344 | - | ||
345 | - $header = "../admin/manage_users.php"; | ||
346 | - | ||
347 | - } | ||
348 | - // user to admin | ||
349 | - else if (($from_udata['admin_type'] != 'admin' || $from_udata['admin_type'] != 'reseller') && $to_udata['admin_type'] === 'admin') { | ||
350 | - | ||
351 | - $header = "../admin/manage_users.php"; | ||
352 | - | ||
353 | - } | ||
354 | - // user reseller | ||
355 | - else if (($from_udata['admin_type'] != 'admin' || $from_udata['admin_type'] != 'reseller') && $to_udata['admin_type'] === 'reseller') { | ||
356 | - | ||
357 | - $header = "../reseller/users.php"; | ||
358 | - | ||
359 | - } | ||
360 | - | ||
361 | - else{ | ||
362 | - | ||
363 | - write_log("change interface error from: ".$from_udata['admin_name']." to: ".$to_udata['admin_name']); | ||
364 | - | ||
365 | - return false; | ||
366 | - } | ||
367 | - | ||
368 | - | ||
369 | - | ||
370 | - } else { | ||
371 | - | ||
372 | - write_log("change interface error from: ".$from_udata['admin_name']." to: ".$to_udata['admin_name']); | ||
373 | - | ||
374 | - return false; | ||
375 | - } | ||
376 | - | ||
377 | - // lets save layout and language from admin/reseler - they don't wannt to read user interface on china or arabic language | ||
378 | - $user_language = $_SESSION['user_def_lang']; | ||
379 | - | ||
380 | - $user_layout = $_SESSION['user_theme_color']; | ||
381 | - | ||
382 | - | ||
383 | - // delete all sessions and globals data and set new one with SESSION logged_from | ||
384 | - unset_user_login_data(); | ||
385 | - | ||
386 | - if ($to_udata['admin_type'] != 'admin'){ | ||
387 | - | ||
388 | - $_SESSION['logged_from'] = $from_udata['admin_name']; | ||
389 | - | ||
390 | - $_SESSION['logged_from_id'] = $from_udata['admin_id']; | ||
391 | - | ||
392 | - } | ||
393 | - | ||
394 | - // we gonna kill all sessions and globals if user get back to admin level | ||
395 | - if (isset($_SESSION['admin_name'])) | ||
396 | - | ||
397 | - unset($_SESSION['admin_name']); | ||
398 | - | ||
399 | - if (isset($_SESSION['admin_id'])) | ||
400 | - | ||
401 | - unset($_SESSION['admin_id']); | ||
402 | - | ||
403 | - if (isset($GLOBALS['admin_name'])) | ||
404 | - | ||
405 | - unset($GLOBALS['admin_name']); | ||
406 | - | ||
407 | - if (isset($GLOBALS['admin_id'])) | ||
408 | - | ||
409 | - unset($GLOBALS['admin_id']); | ||
410 | - // no more sessions and globals to kill - they were always killed - rest in peace | ||
411 | - | ||
412 | - $_SESSION['user_logged'] = $to_udata['admin_name']; | ||
413 | - | ||
414 | - $_SESSION['user_type'] = $to_udata['admin_type']; | ||
415 | - | ||
416 | - $_SESSION['user_id'] = $to_udata['admin_id']; | ||
417 | - | ||
418 | - $_SESSION['user_created_by'] = $to_udata['created_by']; | ||
419 | - | ||
420 | - $_SESSION['user_login_time'] = time(); | ||
421 | - | ||
422 | - $_SESSION['user_def_lang'] = $user_language; | ||
423 | - | ||
424 | - $_SESSION['user_theme_color'] = $user_layout; | ||
425 | - | ||
426 | - $user_login_time = time(); | ||
427 | - $new_user_name = $to_udata['admin_name']; | ||
428 | - | ||
429 | - $query = <<<SQL_QUERY | ||
430 | - insert into login | ||
431 | - (session_id, lastaccess) | ||
432 | - values | ||
433 | - (?, ?) | ||
434 | -SQL_QUERY; | ||
435 | - | ||
436 | - $rs = exec_query($sql, $query, array($new_user_name, $user_login_time)); | ||
437 | - | ||
438 | - write_log($from_udata['admin_name']." change into interface from ".$to_udata['admin_name']); | ||
439 | - return $header; | ||
440 | - } | ||
441 | -} | ||
442 | - | ||
443 | -function unset_user_login_data () { | ||
444 | - | ||
445 | - global $cfg, $sql; | ||
446 | - | ||
447 | - if (isset($_SESSION['user_logged'])) { | ||
448 | - $admin_name = $_SESSION['user_logged']; | ||
449 | - | ||
450 | - $query = <<<SQL_QUERY | ||
451 | - delete from | ||
452 | - login | ||
453 | - where | ||
454 | - session_id = ? | ||
455 | -SQL_QUERY; | ||
456 | - | ||
457 | - $rs = exec_query($sql, $query, array($admin_name)); | ||
458 | - | ||
459 | - unset($_SESSION['user_logged']); | ||
460 | - } | ||
461 | - | ||
462 | - if (isset($_SESSION['user_id'])) | ||
463 | - | ||
464 | - unset($_SESSION['user_id']); | ||
465 | - | ||
466 | - if (isset($_SESSION['user_type'])) | ||
467 | - | ||
468 | - unset($_SESSION['user_type']); | ||
469 | - | ||
470 | - if (isset($_SESSION['user_created_by'])) | ||
471 | - | ||
472 | - unset($_SESSION['user_created_by']); | ||
473 | - | ||
474 | - if (isset($_SESSION['user_login_time'])) | ||
475 | - | ||
476 | - unset($_SESSION['user_login_time']); | ||
477 | - | ||
478 | - if (isset($_SESSION['dmn_name'])) | ||
479 | - | ||
480 | - unset($_SESSION['dmn_name']); | ||
481 | - | ||
482 | - if (isset($_SESSION['user_has_domain'])) | ||
483 | - | ||
484 | - unset($_SESSION['user_has_domain']); | ||
485 | - | ||
486 | - if (isset($_SESSION['hpid'])) | ||
487 | - | ||
488 | - unset($_SESSION['hpid']); | ||
489 | - | ||
490 | - if (isset($_SESSION['user_deleted'])) | ||
491 | - | ||
492 | - unset($_SESSION['user_deleted']); | ||
493 | - | ||
494 | - if (isset($_SESSION['edit'])) | ||
495 | - | ||
496 | - unset($_SESSION['edit']); | ||
497 | - | ||
498 | - if (isset($_SESSION['reseller_ips'])) | ||
499 | - | ||
500 | - unset($_SESSION['reseller_ips']); | ||
501 | - | ||
502 | - if (isset($_SESSION['sql_support'])) | ||
503 | - | ||
504 | - unset($_SESSION['sql_support']); | ||
505 | - | ||
506 | - if (isset($_SESSION['email_support'])) | ||
507 | - | ||
508 | - unset($_SESSION['email_support']); | ||
509 | - | ||
510 | - if (isset($_SESSION['admin_id'])) | ||
511 | - | ||
512 | - unset($_SESSION['admin_id']); | ||
513 | - | ||
514 | - if (isset($_SESSION['admin_login'])) | ||
515 | - | ||
516 | - unset($_SESSION['admin_login']); | ||
517 | - | ||
518 | - if (isset($_SESSION['admin_type'])) | ||
519 | - | ||
520 | - unset($_SESSION['admin_type']); | ||
521 | - | ||
522 | - if (isset($_SESSION['admin_email'])) | ||
523 | - | ||
524 | - unset($_SESSION['admin_email']); | ||
525 | - | ||
526 | - if (isset($_SESSION['cur_lang'])) | ||
527 | - | ||
528 | - unset($_SESSION['cur_lang']); | ||
529 | - | ||
530 | - if (isset($_SESSION['step_two_back_data'])) | ||
531 | - | ||
532 | - unset($_SESSION['step_two_back_data']); | ||
533 | - | ||
534 | - if (isset($_SESSION['local_data'])) | ||
535 | - | ||
536 | - unset($_SESSION['local_data']); | ||
537 | - | ||
538 | - if (isset($_SESSION['logged'])) | ||
539 | - | ||
540 | - unset($_SESSION['logged']); | ||
541 | - | ||
542 | - if (isset($_SESSION['subdomain_support'])) | ||
543 | - | ||
544 | - unset($_SESSION['subdomain_support']); | ||
545 | - | ||
546 | - if (isset($_SESSION['edit_ID'])) | ||
547 | - | ||
548 | - unset($_SESSION['edit_ID']); | ||
549 | - | ||
550 | - if (isset($_SESSION['user_name'])) | ||
551 | - | ||
552 | - unset($_SESSION['user_name']); | ||
553 | - | ||
554 | - if (isset($_SESSION['user_has_domain'])) | ||
555 | - | ||
556 | - unset($_SESSION['user_has_domain']); | ||
557 | - | ||
558 | - if (isset($_SESSION['layout_id'])) | ||
559 | - | ||
560 | - unset($_SESSION['layout_id']); | ||
561 | - | ||
562 | - if (isset($_SESSION['user_page_message'])) | ||
563 | - | ||
564 | - unset($_SESSION['user_page_message']); | ||
565 | - | ||
566 | - if (isset($_SESSION['dmn_name'])) | ||
567 | - | ||
568 | - unset($_SESSION['dmn_name']); | ||
569 | - | ||
570 | - if (isset($_SESSION['local_data'])) | ||
571 | - | ||
572 | - unset($_SESSION['local_data']); | ||
573 | - | ||
574 | - if (isset($_SESSION['rau3_added'])) | ||
575 | - | ||
576 | - unset($_SESSION['rau3_added']); | ||
577 | - | ||
578 | - if (isset($_SESSION['chtpl'])) | ||
579 | - | ||
580 | - unset($_SESSION['chtpl']); | ||
581 | - | ||
582 | - if (isset($_SESSION['step_one'])) | ||
583 | - | ||
584 | - unset($_SESSION['step_one']); | ||
585 | - | ||
586 | - if (isset($_SESSION['dmn_tpl'])) | ||
587 | - | ||
588 | - unset($_SESSION['dmn_tpl']); | ||
589 | - | ||
590 | - if (isset($_SESSION['logged_from'])) | ||
591 | - | ||
592 | - unset($_SESSION['logged_from']); | ||
593 | - | ||
594 | - if (isset($_SESSION['logged_from_id'])) | ||
595 | - | ||
596 | - unset($_SESSION['logged_from_id']); | ||
597 | - | ||
598 | - if (isset($_SESSION['ddel'])) | ||
599 | - | ||
600 | - unset($_SESSION['ddel']); | ||
601 | - | ||
602 | - if (isset($_SESSION['user_def_lang'])) | ||
603 | - | ||
604 | - unset($_SESSION['user_def_lang']); | ||
605 | - | ||
606 | - if (isset($_SESSION['alias_support'])) | ||
607 | - | ||
608 | - unset($_SESSION['alias_support']); | ||
609 | - | ||
610 | - | ||
611 | - | ||
612 | -// globals | ||
613 | - | ||
614 | - if (isset($GLOBALS['user_logged'])) | ||
615 | - | ||
616 | - unset($GLOBALS['user_logged']); | ||
617 | - | ||
618 | - if (isset($GLOBALS['user_def_lang'])) | ||
619 | - | ||
620 | - unset($GLOBALS['user_def_lang']); | ||
621 | - | ||
622 | - if (isset($GLOBALS['user_type'])) | ||
623 | - | ||
624 | - unset($GLOBALS['user_type']); | ||
625 | - | ||
626 | - if (isset($GLOBALS['user_id'])) | ||
627 | - | ||
628 | - unset($GLOBALS['user_id']); | ||
629 | - | ||
630 | - if (isset($GLOBALS['user_created_by'])) | ||
631 | - | ||
632 | - unset($GLOBALS['user_created_by']); | ||
633 | - | ||
634 | - if (isset($GLOBALS['user_login_time'])) | ||
635 | - | ||
636 | - unset($GLOBALS['user_login_time']); | ||
637 | - | ||
638 | - if (isset($GLOBALS['user_theme_color'])) | ||
639 | - | ||
640 | - unset($GLOBALS['user_theme_color']); | ||
641 | - | ||
642 | - if (isset($GLOBALS['layout_id'])) | ||
643 | - | ||
644 | - unset($GLOBALS['layout_id']); | ||
645 | - | ||
646 | - if (isset($GLOBALS['email_support'])) | ||
647 | - | ||
648 | - unset($GLOBALS['email_support']); | ||
649 | - | ||
650 | - if (isset($GLOBALS['subdomain_support'])) | ||
651 | - | ||
652 | - unset($GLOBALS['subdomain_support']); | ||
653 | - | ||
654 | - if (isset($GLOBALS['sql_support'])) | ||
655 | - | ||
656 | - unset($GLOBALS['sql_support']); | ||
657 | - | ||
658 | - if (isset($GLOBALS['user_page_message'])) | ||
659 | - | ||
660 | - unset($GLOBALS['user_page_message']); | ||
661 | - | ||
662 | - if (isset($GLOBALS['ch_hpprops'])) | ||
663 | - | ||
664 | - unset($GLOBALS['ch_hpprops']); | ||
665 | - | ||
666 | - if (isset($_SESSION['ch_hpprops'])) | ||
667 | - | ||
668 | - unset($_SESSION['ch_hpprops']); | ||
669 | - | ||
670 | - if (isset($GLOBALS['dmn_name'])) | ||
671 | - | ||
672 | - unset($GLOBALS['dmn_name']); | ||
673 | - | ||
674 | - if (isset($GLOBALS['local_data'])) | ||
675 | - | ||
676 | - unset($GLOBALS['local_data']); | ||
677 | - | ||
678 | - if (isset($GLOBALS['rau3_added'])) | ||
679 | - | ||
680 | - unset($GLOBALS['rau3_added']); | ||
681 | - | ||
682 | - if (isset($GLOBALS['dmn_tpl'])) | ||
683 | - | ||
684 | - unset($GLOBALS['dmn_tpl']); | ||
685 | - | ||
686 | - if (isset($GLOBALS['chtpl'])) | ||
687 | - | ||
688 | - unset($GLOBALS['chtpl']); | ||
689 | - | ||
690 | - if (isset($GLOBALS['step_one'])) | ||
691 | - | ||
692 | - unset($GLOBALS['step_one']); | ||
693 | - | ||
694 | - if (isset($GLOBALS['logged_from'])) | ||
695 | - | ||
696 | - unset($GLOBALS['logged_from']); | ||
697 | - | ||
698 | - if (isset($GLOBALS['logged_from_id'])) | ||
699 | - | ||
700 | - unset($GLOBALS['logged_from_id']); | ||
701 | - | ||
702 | - if (isset($GLOBALS['ddel'])) | ||
703 | - | ||
704 | - unset($GLOBALS['ddel']); | ||
705 | - | ||
706 | - if (isset($GLOBALS['alias_support'])) | ||
707 | - | ||
708 | - unset($GLOBALS['alias_support']); | ||
709 | - | ||
710 | - | ||
711 | - $_SESSION['user_def_lang'] = $cfg['USER_INITIAL_LANG']; | ||
712 | -} | ||
713 | - | ||
714 | -?> | ||
715 | +<?php | ||
716 | +// ------------------------------------------------------------------------------- | ||
717 | +// | VHCS(tm) - Virtual Hosting Control System | | ||
718 | +// | Copyright (c) 2001-2004 be moleSoftware | | ||
719 | +// | http://vhcs.net | http://www.molesoftware.com | | ||
720 | +// | | | ||
721 | +// | This program is free software; you can redistribute it and/or | | ||
722 | +// | modify it under the terms of the MPL General Public License | | ||
723 | +// | as published by the Free Software Foundation; either version 1.1 | | ||
724 | +// | of the License, or (at your option) any later version. | | ||
725 | +// | | | ||
726 | +// | You should have received a copy of the MPL Mozilla Public License | | ||
727 | +// | along with this program; if not, write to the Open Source Initiative (OSI) | | ||
728 | +// | http://opensource.org | osi@opensource.org | | ||
729 | +// | | | ||
730 | +// ------------------------------------------------------------------------------- | ||
731 | + | ||
732 | + | ||
733 | + | ||
734 | +function register_user($uname, $upass) { | ||
735 | + | ||
736 | + global $sql; | ||
737 | + | ||
738 | + global $cfg; | ||
739 | + | ||
740 | + | ||
741 | + $timestamp = time(); | ||
742 | + | ||
743 | + | ||
744 | + if ($cfg['DB_TYPE'] === 'mysql') { | ||
745 | + $query = "select admin_id, admin_pass, admin_type, created_by from admin where binary admin_name = ?"; | ||
746 | + } | ||
747 | + | ||
748 | + $rs = exec_query($sql, $query, array($uname)); | ||
749 | + | ||
750 | + if (($rs -> RecordCount()) != 1) { | ||
751 | + | ||
752 | + write_log("Login error, <b><i>".htmlspecialchars($uname, ENT_QUOTES, "UTF-8")."</i></b> unknown username"); | ||
753 | + | ||
754 | + return false; | ||
755 | + | ||
756 | + } | ||
757 | + | ||
758 | + $udata = $rs -> FetchRow(); | ||
759 | + | ||
760 | + if (crypt($_POST['upass'], $udata[1]) === $udata[1] || md5($_POST['upass']) === $udata[1]) { | ||
761 | + | ||
762 | + if (isset($_SESSION['user_logged'])) { | ||
763 | + | ||
764 | + write_log($_SESSION['user_logged']." user already logged or session sharing problem! Aborting..."); | ||
765 | + | ||
766 | + system_message(tr('User already logged or session sharing problem! Aborting...')); | ||
767 | + | ||
768 | + } else { | ||
769 | + | ||
770 | + if ($udata['admin_type'] == "user"){ | ||
771 | + | ||
772 | + $domain_admin_id = $udata['admin_id']; | ||
773 | + | ||
774 | + $query = <<<SQL_QUERY | ||
775 | + select | ||
776 | + domain_status | ||
777 | + from | ||
778 | + domain | ||
779 | + where | ||
780 | + domain_admin_id = ?; | ||
781 | +SQL_QUERY; | ||
782 | + | ||
783 | + $rs = exec_query($sql, $query, array($domain_admin_id)); | ||
784 | + | ||
785 | + $user_dom_data = $rs -> FetchRow(); | ||
786 | + | ||
787 | + if ($user_dom_data['domain_status'] != $cfg['ITEM_OK_STATUS']){ | ||
788 | + | ||
789 | + write_log( htmlspecialchars($uname, ENT_QUOTES, "UTF-8")." Domain status is not OK - user can not login"); | ||
790 | + | ||
791 | + return false; | ||
792 | + } | ||
793 | + } | ||
794 | + | ||
795 | + // all is OK let's login the user | ||
796 | + $user_login_time = time(); | ||
797 | + | ||
798 | + $query = <<<SQL_QUERY | ||
799 | + insert into login | ||
800 | + (session_id, lastaccess) | ||
801 | + values | ||
802 | + (?, ?) | ||
803 | +SQL_QUERY; | ||
804 | + | ||
805 | + $rs = exec_query($sql, $query, array($uname, $user_login_time)); | ||
806 | + | ||
807 | + | ||
808 | + $_SESSION['user_logged'] = $uname; | ||
809 | + | ||
810 | + $_SESSION['user_type'] = $udata['admin_type']; | ||
811 | + | ||
812 | + $_SESSION['user_id'] = $udata['admin_id']; | ||
813 | + | ||
814 | + $_SESSION['user_created_by'] = $udata['created_by']; | ||
815 | + | ||
816 | + $_SESSION['user_login_time'] = $user_login_time; | ||
817 | + | ||
818 | + write_log( htmlspecialchars($uname, ENT_QUOTES, "UTF-8")." user logged in."); | ||
819 | + | ||
820 | + return true; | ||
821 | + | ||
822 | + } | ||
823 | + | ||
824 | + } else { | ||
825 | + | ||
826 | + write_log( htmlspecialchars($uname, ENT_QUOTES, "UTF-8")." bad password login data."); | ||
827 | + | ||
828 | + return false; | ||
829 | + | ||
830 | + } | ||
831 | + | ||
832 | +} | ||
833 | + | ||
834 | +function check_user_login($uname, $utype, $uid) { | ||
835 | + | ||
836 | + global $cfg, $sql; | ||
837 | + | ||
838 | + $timestamp = time(); | ||
839 | + //lets kill all time out sessions | ||
840 | + global $cfg; | ||
841 | + $timeout_sessions = $timestamp - $cfg['SESSION_TIMEOUT']; | ||
842 | + $query = <<<SQL_QUERY | ||
843 | + delete from | ||
844 | + login | ||
845 | + where | ||
846 | + lastaccess < ? | ||
847 | +SQL_QUERY; | ||
848 | + | ||
849 | + $rs = exec_query($sql, $query, array($timeout_sessions)); | ||
850 | + | ||
851 | + | ||
852 | + if (isset($_SESSION['user_logged'])) { | ||
853 | + | ||
854 | + $user_id = $_SESSION['user_logged']; | ||
855 | + | ||
856 | + $query = <<<SQL_QUERY | ||
857 | + select | ||
858 | + session_id | ||
859 | + from | ||
860 | + login | ||
861 | + where | ||
862 | + session_id = ? | ||
863 | +SQL_QUERY; | ||
864 | + | ||
865 | + $rs = exec_query($sql, $query, array($user_id)); | ||
866 | + | ||
867 | + if ($rs -> RecordCount() == 0) { | ||
868 | + | ||
869 | + write_log($_SESSION['user_logged']." user session do not exist or killed"); | ||
870 | + | ||
871 | + return false; | ||
872 | + | ||
873 | + } | ||
874 | + | ||
875 | + | ||
876 | + if ($timestamp - $_SESSION['user_login_time'] <= $cfg['SESSION_TIMEOUT']) { | ||
877 | + | ||
878 | + $_SESSION['user_login_time'] = $timestamp; | ||
879 | + | ||
880 | +$query = <<<SQL_QUERY | ||
881 | + update | ||
882 | + login | ||
883 | + set | ||
884 | + lastaccess = ? | ||
885 | + where | ||
886 | + session_id = ? | ||
887 | +SQL_QUERY; | ||
888 | + $rs = exec_query($sql, $query, array($timestamp, $user_id)); | ||
889 | + | ||
890 | + goto_user_location(); | ||
891 | + | ||
892 | + return true; | ||
893 | + | ||
894 | + } else { | ||
895 | + | ||
896 | + $query = <<<SQL_QUERY | ||
897 | + delete from | ||
898 | + login | ||
899 | + where | ||
900 | + session_id = ? | ||
901 | +SQL_QUERY; | ||
902 | + | ||
903 | + $rs = exec_query($sql, $query, array($user_id)); | ||
904 | + write_log(htmlspecialchars($uname, ENT_QUOTES, "UTF-8")." user session timed out"); | ||
905 | + | ||
906 | + return false; | ||
907 | + | ||
908 | + } | ||
909 | + | ||
910 | + } else { | ||
911 | + | ||
912 | + | ||
913 | + write_log(htmlspecialchars($uname, ENT_QUOTES, "UTF-8")." bad session data."); | ||
914 | + | ||
915 | + return false; | ||
916 | + | ||
917 | + } | ||
918 | + | ||
919 | +} | ||
920 | + | ||
921 | + | ||
922 | +function goto_user_location() | ||
923 | +{ | ||
924 | + $path = explode("/", $_SERVER['SCRIPT_NAME']); | ||
925 | + | ||
926 | + $found = false; | ||
927 | + | ||
928 | + for($i=0; $i< count($path);$i++){ | ||
929 | + | ||
930 | + if($path[$i] == $_SESSION['user_type']){ | ||
931 | + | ||
932 | + $found= true; | ||
933 | + | ||
934 | + } else if ($_SESSION['user_type'] == 'user' && $path[$i] == 'client') { | ||
935 | + | ||
936 | + $found= true; | ||
937 | + | ||
938 | + } | ||
939 | + } | ||
940 | + if(!$found) | ||
941 | + { | ||
942 | + | ||
943 | + if ($_SESSION['user_type'] == 'admin') { | ||
944 | + | ||
945 | + header("Location: ../admin/manage_users.php"); | ||
946 | + | ||
947 | + die(); | ||
948 | + | ||
949 | + } else if ($_SESSION['user_type'] == 'reseller') { | ||
950 | + | ||
951 | + header("Location: ../reseller/index.php"); | ||
952 | + | ||
953 | + die(); | ||
954 | + | ||
955 | + } else if ($_SESSION['user_type'] == 'user') { | ||
956 | + | ||
957 | + header("Location: ../client/index.php"); | ||
958 | + | ||
959 | + die(); | ||
960 | + | ||
961 | + } | ||
962 | + } | ||
963 | + | ||
964 | +} | ||
965 | + | ||
966 | +function check_login () { | ||
967 | + | ||
968 | + if (isset($_SESSION['user_logged'])) { | ||
969 | + | ||
970 | + if (!check_user_login($_SESSION['user_logged'], $_SESSION['user_type'], $_SESSION['user_id'])) { | ||
971 | + | ||
972 | + header("Location: ../index.php"); | ||
973 | + die(); | ||
974 | + | ||
975 | + } | ||
976 | + | ||
977 | + } else { | ||
978 | + | ||
979 | + header("Location: ../index.php"); | ||
980 | + die(); | ||
981 | + } | ||
982 | +} | ||
983 | + | ||
984 | +function change_user_interface($form_id, $to_id) { | ||
985 | + | ||
986 | + global $sql; | ||
987 | + | ||
988 | + global $cfg; | ||
989 | + | ||
990 | + | ||
991 | + $timestamp = time(); | ||
992 | + | ||
993 | + if ($cfg['DB_TYPE'] === 'mysql') { | ||
994 | + $query_from = "select admin_id, admin_name, admin_pass, admin_type, created_by from admin where binary admin_id = ?"; | ||
995 | + $query_to = "select admin_id, admin_name, admin_pass, admin_type, created_by from admin where binary admin_id = ?"; | ||
996 | + } | ||
997 | + | ||
998 | + $rs_from = exec_query($sql, $query_from, array($form_id)); | ||
999 | + $rs_to = exec_query($sql, $query_to, array($to_id)); | ||
1000 | + | ||
1001 | + if (($rs_from -> RecordCount()) != 1 || ($rs_to -> RecordCount()) != 1) { | ||
1002 | + write_log("Change interface error => unknown from or to username"); | ||
1003 | + return false; | ||
1004 | + } | ||
1005 | + | ||
1006 | + | ||
1007 | + $from_udata = $rs_from -> FetchRow(); | ||
1008 | + | ||
1009 | + $to_udata = $rs_to -> FetchRow(); | ||
1010 | + | ||
1011 | + | ||
1012 | + // let's check if TO_DOMAIN Status OK | ||
1013 | + // if domain satus not OK -> don't add mail accounts or subdomains .. or something else | ||
1014 | + | ||
1015 | + if ($to_udata['admin_type'] == "user"){ | ||
1016 | + | ||
1017 | + $domain_admin_id = $to_udata['admin_id']; | ||
1018 | + | ||
1019 | + $query = <<<SQL_QUERY | ||
1020 | + select | ||
1021 | + domain_status | ||
1022 | + from | ||
1023 | + domain | ||
1024 | + where | ||
1025 | + domain_admin_id = ? | ||
1026 | +SQL_QUERY; | ||
1027 | + | ||
1028 | + $rs = exec_query($sql, $query, array($domain_admin_id)); | ||
1029 | + | ||
1030 | + $user_dom_data = $rs -> FetchRow(); | ||
1031 | + | ||
1032 | + if ($user_dom_data['domain_status'] != $cfg['ITEM_OK_STATUS']){ | ||
1033 | + | ||
1034 | + write_log("Domain ID: ".$to_udata['admin_id']." - domain status PROBLEM -"); | ||
1035 | + | ||
1036 | + return false; | ||
1037 | + } | ||
1038 | + } | ||
1039 | + //end of Domain User Status check | ||
1040 | + | ||
1041 | + | ||
1042 | + | ||
1043 | + if ($from_udata['admin_type'] === 'admin' && $to_udata['admin_type'] === 'reseller') { | ||
1044 | + | ||
1045 | + $header = "../reseller/index.php"; | ||
1046 | + | ||
1047 | + } else if ($from_udata['admin_type'] === 'admin' && ($to_udata['admin_type'] != 'admin' || $to_udata['admin_type'] != 'reseller')) { | ||
1048 | + | ||
1049 | + $header = "../client/index.php"; | ||
1050 | + | ||
1051 | + } else if ($from_udata['admin_type'] === 'reseller' && ($to_udata['admin_type'] != 'admin' || $to_udata['admin_type'] != 'reseller')) { | ||
1052 | + | ||
1053 | + $header = "../client/index.php"; | ||
1054 | + | ||
1055 | + } | ||
1056 | + | ||
1057 | + // lets check and go from bottom to top User -> Reseller -> Admin | ||
1058 | + | ||
1059 | + else if (isset($_SESSION['logged_from'])) { // ther is SESSION 'logged from' -> we can go from Buttom to TOP | ||
1060 | + | ||
1061 | + if ($from_udata['admin_type'] === 'reseller' && $to_udata['admin_type'] == 'admin') { | ||
1062 | + | ||
1063 | + $header = "../admin/manage_users.php"; | ||
1064 | + | ||
1065 | + } | ||
1066 | + // user to admin | ||
1067 | + else if (($from_udata['admin_type'] != 'admin' || $from_udata['admin_type'] != 'reseller') && $to_udata['admin_type'] === 'admin') { | ||
1068 | + | ||
1069 | + $header = "../admin/manage_users.php"; | ||
1070 | + | ||
1071 | + } | ||
1072 | + // user reseller | ||
1073 | + else if (($from_udata['admin_type'] != 'admin' || $from_udata['admin_type'] != 'reseller') && $to_udata['admin_type'] === 'reseller') { | ||
1074 | + | ||
1075 | + $header = "../reseller/users.php"; | ||
1076 | + | ||
1077 | + } | ||
1078 | + | ||
1079 | + else{ | ||
1080 | + | ||
1081 | + write_log("change interface error from: ".$from_udata['admin_name']." to: ".$to_udata['admin_name']); | ||
1082 | + | ||
1083 | + return false; | ||
1084 | + } | ||
1085 | + | ||
1086 | + | ||
1087 | + | ||
1088 | + } else { | ||
1089 | + | ||
1090 | + write_log("change interface error from: ".$from_udata['admin_name']." to: ".$to_udata['admin_name']); | ||
1091 | + | ||
1092 | + return false; | ||
1093 | + } | ||
1094 | + | ||
1095 | + // lets save layout and language from admin/reseler - they don't wannt to read user interface on china or arabic language | ||
1096 | + $user_language = $_SESSION['user_def_lang']; | ||
1097 | + | ||
1098 | + $user_layout = $_SESSION['user_theme_color']; | ||
1099 | + | ||
1100 | + | ||
1101 | + // delete all sessions and globals data and set new one with SESSION logged_from | ||
1102 | + unset_user_login_data(); | ||
1103 | + | ||
1104 | + if ($to_udata['admin_type'] != 'admin'){ | ||
1105 | + | ||
1106 | + $_SESSION['logged_from'] = $from_udata['admin_name']; | ||
1107 | + | ||
1108 | + $_SESSION['logged_from_id'] = $from_udata['admin_id']; | ||
1109 | + | ||
1110 | + } | ||
1111 | + | ||
1112 | + // we gonna kill all sessions and globals if user get back to admin level | ||
1113 | + if (isset($_SESSION['admin_name'])) | ||
1114 | + | ||
1115 | + unset($_SESSION['admin_name']); | ||
1116 | + | ||
1117 | + if (isset($_SESSION['admin_id'])) | ||
1118 | + | ||
1119 | + unset($_SESSION['admin_id']); | ||
1120 | + | ||
1121 | + if (isset($GLOBALS['admin_name'])) | ||
1122 | + | ||
1123 | + unset($GLOBALS['admin_name']); | ||
1124 | + | ||
1125 | + if (isset($GLOBALS['admin_id'])) | ||
1126 | + | ||
1127 | + unset($GLOBALS['admin_id']); | ||
1128 | + // no more sessions and globals to kill - they were always killed - rest in peace | ||
1129 | + | ||
1130 | + $_SESSION['user_logged'] = $to_udata['admin_name']; | ||
1131 | + | ||
1132 | + $_SESSION['user_type'] = $to_udata['admin_type']; | ||
1133 | + | ||
1134 | + $_SESSION['user_id'] = $to_udata['admin_id']; | ||
1135 | + | ||
1136 | + $_SESSION['user_created_by'] = $to_udata['created_by']; | ||
1137 | + | ||
1138 | + $_SESSION['user_login_time'] = time(); | ||
1139 | + | ||
1140 | + $_SESSION['user_def_lang'] = $user_language; | ||
1141 | + | ||
1142 | + $_SESSION['user_theme_color'] = $user_layout; | ||
1143 | + | ||
1144 | + $user_login_time = time(); | ||
1145 | + $new_user_name = $to_udata['admin_name']; | ||
1146 | + | ||
1147 | + $query = <<<SQL_QUERY | ||
1148 | + insert into login | ||
1149 | + (session_id, lastaccess) | ||
1150 | + values | ||
1151 | + (?, ?) | ||
1152 | +SQL_QUERY; | ||
1153 | + | ||
1154 | + $rs = exec_query($sql, $query, array($new_user_name, $user_login_time)); | ||
1155 | + | ||
1156 | + write_log($from_udata['admin_name']." change into interface from ".$to_udata['admin_name']); | ||
1157 | + return $header; | ||
1158 | + | ||
1159 | +} | ||
1160 | + | ||
1161 | +function unset_user_login_data () { | ||
1162 | + | ||
1163 | + global $cfg, $sql; | ||
1164 | + | ||
1165 | + if (isset($_SESSION['user_logged'])) { | ||
1166 | + $admin_name = $_SESSION['user_logged']; | ||
1167 | + | ||
1168 | + $query = <<<SQL_QUERY | ||
1169 | + delete from | ||
1170 | + login | ||
1171 | + where | ||
1172 | + session_id = ? | ||
1173 | +SQL_QUERY; | ||
1174 | + | ||
1175 | + $rs = exec_query($sql, $query, array($admin_name)); | ||
1176 | + | ||
1177 | + unset($_SESSION['user_logged']); | ||
1178 | + } | ||
1179 | + | ||
1180 | + if (isset($_SESSION['user_id'])) | ||
1181 | + | ||
1182 | + unset($_SESSION['user_id']); | ||
1183 | + | ||
1184 | + if (isset($_SESSION['user_type'])) | ||
1185 | + | ||
1186 | + unset($_SESSION['user_type']); | ||
1187 | + | ||
1188 | + if (isset($_SESSION['user_created_by'])) | ||
1189 | + | ||
1190 | + unset($_SESSION['user_created_by']); | ||
1191 | + | ||
1192 | + if (isset($_SESSION['user_login_time'])) | ||
1193 | + | ||
1194 | + unset($_SESSION['user_login_time']); | ||
1195 | + | ||
1196 | + if (isset($_SESSION['dmn_name'])) | ||
1197 | + | ||
1198 | + unset($_SESSION['dmn_name']); | ||
1199 | + | ||
1200 | + if (isset($_SESSION['user_has_domain'])) | ||
1201 | + | ||
1202 | + unset($_SESSION['user_has_domain']); | ||
1203 | + | ||
1204 | + if (isset($_SESSION['hpid'])) | ||
1205 | + | ||
1206 | + unset($_SESSION['hpid']); | ||
1207 | + | ||
1208 | + if (isset($_SESSION['user_deleted'])) | ||
1209 | + | ||
1210 | + unset($_SESSION['user_deleted']); | ||
1211 | + | ||
1212 | + if (isset($_SESSION['edit'])) | ||
1213 | + | ||
1214 | + unset($_SESSION['edit']); | ||
1215 | + | ||
1216 | + if (isset($_SESSION['reseller_ips'])) | ||
1217 | + | ||
1218 | + unset($_SESSION['reseller_ips']); | ||
1219 | + | ||
1220 | + if (isset($_SESSION['sql_support'])) | ||
1221 | + | ||
1222 | + unset($_SESSION['sql_support']); | ||
1223 | + | ||
1224 | + if (isset($_SESSION['email_support'])) | ||
1225 | + | ||
1226 | + unset($_SESSION['email_support']); | ||
1227 | + | ||
1228 | + if (isset($_SESSION['admin_id'])) | ||
1229 | + | ||
1230 | + unset($_SESSION['admin_id']); | ||
1231 | + | ||
1232 | + if (isset($_SESSION['admin_login'])) | ||
1233 | + | ||
1234 | + unset($_SESSION['admin_login']); | ||
1235 | + | ||
1236 | + if (isset($_SESSION['admin_type'])) | ||
1237 | + | ||
1238 | + unset($_SESSION['admin_type']); | ||
1239 | + | ||
1240 | + if (isset($_SESSION['admin_email'])) | ||
1241 | + | ||
1242 | + unset($_SESSION['admin_email']); | ||
1243 | + | ||
1244 | + if (isset($_SESSION['cur_lang'])) | ||
1245 | + | ||
1246 | + unset($_SESSION['cur_lang']); | ||
1247 | + | ||
1248 | + if (isset($_SESSION['step_two_back_data'])) | ||
1249 | + | ||
1250 | + unset($_SESSION['step_two_back_data']); | ||
1251 | + | ||
1252 | + if (isset($_SESSION['local_data'])) | ||
1253 | + | ||
1254 | + unset($_SESSION['local_data']); | ||
1255 | + | ||
1256 | + if (isset($_SESSION['logged'])) | ||
1257 | + | ||
1258 | + unset($_SESSION['logged']); | ||
1259 | + | ||
1260 | + if (isset($_SESSION['subdomain_support'])) | ||
1261 | + | ||
1262 | + unset($_SESSION['subdomain_support']); | ||
1263 | + | ||
1264 | + if (isset($_SESSION['edit_ID'])) | ||
1265 | + | ||
1266 | + unset($_SESSION['edit_ID']); | ||
1267 | + | ||
1268 | + if (isset($_SESSION['user_name'])) | ||
1269 | + | ||
1270 | + unset($_SESSION['user_name']); | ||
1271 | + | ||
1272 | + if (isset($_SESSION['user_has_domain'])) | ||
1273 | + | ||
1274 | + unset($_SESSION['user_has_domain']); | ||
1275 | + | ||
1276 | + if (isset($_SESSION['layout_id'])) | ||
1277 | + | ||
1278 | + unset($_SESSION['layout_id']); | ||
1279 | + | ||
1280 | + if (isset($_SESSION['user_page_message'])) | ||
1281 | + | ||
1282 | + unset($_SESSION['user_page_message']); | ||
1283 | + | ||
1284 | + if (isset($_SESSION['dmn_name'])) | ||
1285 | + | ||
1286 | + unset($_SESSION['dmn_name']); | ||
1287 | + | ||
1288 | + if (isset($_SESSION['local_data'])) | ||
1289 | + | ||
1290 | + unset($_SESSION['local_data']); | ||
1291 | + | ||
1292 | + if (isset($_SESSION['rau3_added'])) | ||
1293 | + | ||
1294 | + unset($_SESSION['rau3_added']); | ||
1295 | + | ||
1296 | + if (isset($_SESSION['chtpl'])) | ||
1297 | + | ||
1298 | + unset($_SESSION['chtpl']); | ||
1299 | + | ||
1300 | + if (isset($_SESSION['step_one'])) | ||
1301 | + | ||
1302 | + unset($_SESSION['step_one']); | ||
1303 | + | ||
1304 | + if (isset($_SESSION['dmn_tpl'])) | ||
1305 | + | ||
1306 | + unset($_SESSION['dmn_tpl']); | ||
1307 | + | ||
1308 | + if (isset($_SESSION['logged_from'])) | ||
1309 | + | ||
1310 | + unset($_SESSION['logged_from']); | ||
1311 | + | ||
1312 | + if (isset($_SESSION['logged_from_id'])) | ||
1313 | + | ||
1314 | + unset($_SESSION['logged_from_id']); | ||
1315 | + | ||
1316 | + if (isset($_SESSION['ddel'])) | ||
1317 | + | ||
1318 | + unset($_SESSION['ddel']); | ||
1319 | + | ||
1320 | + if (isset($_SESSION['user_def_lang'])) | ||
1321 | + | ||
1322 | + unset($_SESSION['user_def_lang']); | ||
1323 | + | ||
1324 | + if (isset($_SESSION['alias_support'])) | ||
1325 | + | ||
1326 | + unset($_SESSION['alias_support']); | ||
1327 | + | ||
1328 | + | ||
1329 | + | ||
1330 | +// globals | ||
1331 | + | ||
1332 | + if (isset($GLOBALS['user_logged'])) | ||
1333 | + | ||
1334 | + unset($GLOBALS['user_logged']); | ||
1335 | + | ||
1336 | + if (isset($GLOBALS['user_def_lang'])) | ||
1337 | + | ||
1338 | + unset($GLOBALS['user_def_lang']); | ||
1339 | + | ||
1340 | + if (isset($GLOBALS['user_type'])) | ||
1341 | + | ||
1342 | + unset($GLOBALS['user_type']); | ||
1343 | + | ||
1344 | + if (isset($GLOBALS['user_id'])) | ||
1345 | + | ||
1346 | + unset($GLOBALS['user_id']); | ||
1347 | + | ||
1348 | + if (isset($GLOBALS['user_created_by'])) | ||
1349 | + | ||
1350 | + unset($GLOBALS['user_created_by']); | ||
1351 | + | ||
1352 | + if (isset($GLOBALS['user_login_time'])) | ||
1353 | + | ||
1354 | + unset($GLOBALS['user_login_time']); | ||
1355 | + | ||
1356 | + if (isset($GLOBALS['user_theme_color'])) | ||
1357 | + | ||
1358 | + unset($GLOBALS['user_theme_color']); | ||
1359 | + | ||
1360 | + if (isset($GLOBALS['layout_id'])) | ||
1361 | + | ||
1362 | + unset($GLOBALS['layout_id']); | ||
1363 | + | ||
1364 | + if (isset($GLOBALS['email_support'])) | ||
1365 | + | ||
1366 | + unset($GLOBALS['email_support']); | ||
1367 | + | ||
1368 | + if (isset($GLOBALS['subdomain_support'])) | ||
1369 | + | ||
1370 | + unset($GLOBALS['subdomain_support']); | ||
1371 | + | ||
1372 | + if (isset($GLOBALS['sql_support'])) | ||
1373 | + | ||
1374 | + unset($GLOBALS['sql_support']); | ||
1375 | + | ||
1376 | + if (isset($GLOBALS['user_page_message'])) | ||
1377 | + | ||
1378 | + unset($GLOBALS['user_page_message']); | ||
1379 | + | ||
1380 | + if (isset($GLOBALS['ch_hpprops'])) | ||
1381 | + | ||
1382 | + unset($GLOBALS['ch_hpprops']); | ||
1383 | + | ||
1384 | + if (isset($_SESSION['ch_hpprops'])) | ||
1385 | + | ||
1386 | + unset($_SESSION['ch_hpprops']); | ||
1387 | + | ||
1388 | + if (isset($GLOBALS['dmn_name'])) | ||
1389 | + | ||
1390 | + unset($GLOBALS['dmn_name']); | ||
1391 | + | ||
1392 | + if (isset($GLOBALS['local_data'])) | ||
1393 | + | ||
1394 | + unset($GLOBALS['local_data']); | ||
1395 | + | ||
1396 | + if (isset($GLOBALS['rau3_added'])) | ||
1397 | + | ||
1398 | + unset($GLOBALS['rau3_added']); | ||
1399 | + | ||
1400 | + if (isset($GLOBALS['dmn_tpl'])) | ||
1401 | + | ||
1402 | + unset($GLOBALS['dmn_tpl']); | ||
1403 | + | ||
1404 | + if (isset($GLOBALS['chtpl'])) | ||
1405 | + | ||
1406 | + unset($GLOBALS['chtpl']); | ||
1407 | + | ||
1408 | + if (isset($GLOBALS['step_one'])) | ||
1409 | + | ||
1410 | + unset($GLOBALS['step_one']); | ||
1411 | + | ||
1412 | + if (isset($GLOBALS['logged_from'])) | ||
1413 | + | ||
1414 | + unset($GLOBALS['logged_from']); | ||
1415 | + | ||
1416 | + if (isset($GLOBALS['logged_from_id'])) | ||
1417 | + | ||
1418 | + unset($GLOBALS['logged_from_id']); | ||
1419 | + | ||
1420 | + if (isset($GLOBALS['ddel'])) | ||
1421 | + | ||
1422 | + unset($GLOBALS['ddel']); | ||
1423 | + | ||
1424 | + if (isset($GLOBALS['alias_support'])) | ||
1425 | + | ||
1426 | + unset($GLOBALS['alias_support']); | ||
1427 | + | ||
1428 | + | ||
1429 | + $_SESSION['user_def_lang'] = $cfg['USER_INITIAL_LANG']; | ||
1430 | +} | ||
1431 | + | ||
1432 | +?> |