diff -Naur vhcs2-2.4.7.1/gui/include/login.php vhcs2-2.4.7.1-magellan/gui/include/login.php
--- vhcs2-2.4.7.1/gui/include/login.php 2005-12-31 12:09:05.000000000 +0100
+++ vhcs2-2.4.7.1-magellan/gui/include/login.php 2007-07-16 17:09:03.000000000 +0200
@@ -1,710 +1,718 @@
- RecordCount()) != 1) {
-
- write_log("Login error, ".htmlspecialchars($uname, ENT_QUOTES, "UTF-8")." unknown username");
-
- return false;
-
- }
-
- $udata = $rs -> FetchRow();
-
- if (crypt($_POST['upass'], $udata[1]) === $udata[1] || md5($_POST['upass']) === $udata[1]) {
-
- if (isset($_SESSION['user_logged'])) {
-
- write_log($_SESSION['user_logged']." user already logged or session sharing problem! Aborting...");
-
- system_message(tr('User already logged or session sharing problem! Aborting...'));
-
- } else {
-
- if ($udata['admin_type'] == "user"){
-
- $domain_admin_id = $udata['admin_id'];
-
- $query = << FetchRow();
-
- if ($user_dom_data['domain_status'] != $cfg['ITEM_OK_STATUS']){
-
- write_log( htmlspecialchars($uname, ENT_QUOTES, "UTF-8")." Domain status is not OK - user can not login");
-
- return false;
- }
- }
-
- // all is OK let's login the user
- $user_login_time = time();
-
- $query = << RecordCount() == 0) {
-
- write_log($_SESSION['user_logged']." user session do not exist or killed");
-
- return false;
-
- }
-
-
- if ($timestamp - $_SESSION['user_login_time'] <= $cfg['SESSION_TIMEOUT']) {
-
- $_SESSION['user_login_time'] = $timestamp;
-
-$query = << RecordCount()) != 1 || ($rs_to -> RecordCount()) != 1) {
- write_log("Change interface error => unknown from or to username");
- return false;
- }
-
-
- $from_udata = $rs_from -> FetchRow();
-
- $to_udata = $rs_to -> FetchRow();
-
-
- // let's check if TO_DOMAIN Status OK
- // if domain satus not OK -> don't add mail accounts or subdomains .. or something else
-
- if ($to_udata['admin_type'] == "user"){
-
- $domain_admin_id = $to_udata['admin_id'];
-
- $query = << FetchRow();
-
- if ($user_dom_data['domain_status'] != $cfg['ITEM_OK_STATUS']){
-
- write_log("Domain ID: ".$to_udata['admin_id']." - domain status PROBLEM -");
-
- return false;
- }
- }
- //end of Domain User Status check
-
-
-
- if ($from_udata['admin_type'] === 'admin' && $to_udata['admin_type'] === 'reseller') {
-
- $header = "../reseller/index.php";
-
- } else if ($from_udata['admin_type'] === 'admin' && ($to_udata['admin_type'] != 'admin' || $to_udata['admin_type'] != 'reseller')) {
-
- $header = "../client/index.php";
-
- } else if ($from_udata['admin_type'] === 'reseller' && ($to_udata['admin_type'] != 'admin' || $to_udata['admin_type'] != 'reseller')) {
-
- $header = "../client/index.php";
-
- }
-
- // lets check and go from bottom to top User -> Reseller -> Admin
-
- else if (isset($_SESSION['logged_from'])) { // ther is SESSION 'logged from' -> we can go from Buttom to TOP
-
- if ($from_udata['admin_type'] === 'reseller' && $to_udata['admin_type'] == 'admin') {
-
- $header = "../admin/manage_users.php";
-
- }
- // user to admin
- else if (($from_udata['admin_type'] != 'admin' || $from_udata['admin_type'] != 'reseller') && $to_udata['admin_type'] === 'admin') {
-
- $header = "../admin/manage_users.php";
-
- }
- // user reseller
- else if (($from_udata['admin_type'] != 'admin' || $from_udata['admin_type'] != 'reseller') && $to_udata['admin_type'] === 'reseller') {
-
- $header = "../reseller/users.php";
-
- }
-
- else{
-
- write_log("change interface error from: ".$from_udata['admin_name']." to: ".$to_udata['admin_name']);
-
- return false;
- }
-
-
-
- } else {
-
- write_log("change interface error from: ".$from_udata['admin_name']." to: ".$to_udata['admin_name']);
-
- return false;
- }
-
- // lets save layout and language from admin/reseler - they don't wannt to read user interface on china or arabic language
- $user_language = $_SESSION['user_def_lang'];
-
- $user_layout = $_SESSION['user_theme_color'];
-
-
- // delete all sessions and globals data and set new one with SESSION logged_from
- unset_user_login_data();
-
- if ($to_udata['admin_type'] != 'admin'){
-
- $_SESSION['logged_from'] = $from_udata['admin_name'];
-
- $_SESSION['logged_from_id'] = $from_udata['admin_id'];
-
- }
-
- // we gonna kill all sessions and globals if user get back to admin level
- if (isset($_SESSION['admin_name']))
-
- unset($_SESSION['admin_name']);
-
- if (isset($_SESSION['admin_id']))
-
- unset($_SESSION['admin_id']);
-
- if (isset($GLOBALS['admin_name']))
-
- unset($GLOBALS['admin_name']);
-
- if (isset($GLOBALS['admin_id']))
-
- unset($GLOBALS['admin_id']);
- // no more sessions and globals to kill - they were always killed - rest in peace
-
- $_SESSION['user_logged'] = $to_udata['admin_name'];
-
- $_SESSION['user_type'] = $to_udata['admin_type'];
-
- $_SESSION['user_id'] = $to_udata['admin_id'];
-
- $_SESSION['user_created_by'] = $to_udata['created_by'];
-
- $_SESSION['user_login_time'] = time();
-
- $_SESSION['user_def_lang'] = $user_language;
-
- $_SESSION['user_theme_color'] = $user_layout;
-
- $user_login_time = time();
- $new_user_name = $to_udata['admin_name'];
-
- $query = <<
+ RecordCount()) != 1) {
+
+ write_log("Login error, ".htmlspecialchars($uname, ENT_QUOTES, "UTF-8")." unknown username");
+
+ return false;
+
+ }
+
+ $udata = $rs -> FetchRow();
+
+ if (crypt($_POST['upass'], $udata[1]) === $udata[1] || md5($_POST['upass']) === $udata[1]) {
+
+ if (isset($_SESSION['user_logged'])) {
+
+ write_log($_SESSION['user_logged']." user already logged or session sharing problem! Aborting...");
+
+ system_message(tr('User already logged or session sharing problem! Aborting...'));
+
+ } else {
+
+ if ($udata['admin_type'] == "user"){
+
+ $domain_admin_id = $udata['admin_id'];
+
+ $query = << FetchRow();
+
+ if ($user_dom_data['domain_status'] != $cfg['ITEM_OK_STATUS']){
+
+ write_log( htmlspecialchars($uname, ENT_QUOTES, "UTF-8")." Domain status is not OK - user can not login");
+
+ return false;
+ }
+ }
+
+ // all is OK let's login the user
+ $user_login_time = time();
+
+ $query = << RecordCount() == 0) {
+
+ write_log($_SESSION['user_logged']." user session do not exist or killed");
+
+ return false;
+
+ }
+
+
+ if ($timestamp - $_SESSION['user_login_time'] <= $cfg['SESSION_TIMEOUT']) {
+
+ $_SESSION['user_login_time'] = $timestamp;
+
+$query = << RecordCount()) != 1 || ($rs_to -> RecordCount()) != 1) {
+ write_log("Change interface error => unknown from or to username");
+ return false;
+ }
+
+
+ $from_udata = $rs_from -> FetchRow();
+
+ $to_udata = $rs_to -> FetchRow();
+
+
+ // let's check if TO_DOMAIN Status OK
+ // if domain satus not OK -> don't add mail accounts or subdomains .. or something else
+
+ if ($to_udata['admin_type'] == "user"){
+
+ $domain_admin_id = $to_udata['admin_id'];
+
+ $query = << FetchRow();
+
+ if ($user_dom_data['domain_status'] != $cfg['ITEM_OK_STATUS']){
+
+ write_log("Domain ID: ".$to_udata['admin_id']." - domain status PROBLEM -");
+
+ return false;
+ }
+ }
+ //end of Domain User Status check
+
+
+
+ if ($from_udata['admin_type'] === 'admin' && $to_udata['admin_type'] === 'reseller') {
+
+ $header = "../reseller/index.php";
+
+ } else if ($from_udata['admin_type'] === 'admin' && ($to_udata['admin_type'] != 'admin' || $to_udata['admin_type'] != 'reseller')) {
+
+ $header = "../client/index.php";
+
+ } else if ($from_udata['admin_type'] === 'reseller' && ($to_udata['admin_type'] != 'admin' || $to_udata['admin_type'] != 'reseller')) {
+
+ $header = "../client/index.php";
+
+ }
+
+ // lets check and go from bottom to top User -> Reseller -> Admin
+
+ else if (isset($_SESSION['logged_from'])) { // ther is SESSION 'logged from' -> we can go from Buttom to TOP
+
+ if ($from_udata['admin_type'] === 'reseller' && $to_udata['admin_type'] == 'admin') {
+
+ $header = "../admin/manage_users.php";
+
+ }
+ // user to admin
+ else if (($from_udata['admin_type'] != 'admin' || $from_udata['admin_type'] != 'reseller') && $to_udata['admin_type'] === 'admin') {
+
+ $header = "../admin/manage_users.php";
+
+ }
+ // user reseller
+ else if (($from_udata['admin_type'] != 'admin' || $from_udata['admin_type'] != 'reseller') && $to_udata['admin_type'] === 'reseller') {
+
+ $header = "../reseller/users.php";
+
+ }
+
+ else{
+
+ write_log("change interface error from: ".$from_udata['admin_name']." to: ".$to_udata['admin_name']);
+
+ return false;
+ }
+
+
+
+ } else {
+
+ write_log("change interface error from: ".$from_udata['admin_name']." to: ".$to_udata['admin_name']);
+
+ return false;
+ }
+
+ // lets save layout and language from admin/reseler - they don't wannt to read user interface on china or arabic language
+ $user_language = $_SESSION['user_def_lang'];
+
+ $user_layout = $_SESSION['user_theme_color'];
+
+
+ // delete all sessions and globals data and set new one with SESSION logged_from
+ unset_user_login_data();
+
+ if ($to_udata['admin_type'] != 'admin'){
+
+ $_SESSION['logged_from'] = $from_udata['admin_name'];
+
+ $_SESSION['logged_from_id'] = $from_udata['admin_id'];
+
+ }
+
+ // we gonna kill all sessions and globals if user get back to admin level
+ if (isset($_SESSION['admin_name']))
+
+ unset($_SESSION['admin_name']);
+
+ if (isset($_SESSION['admin_id']))
+
+ unset($_SESSION['admin_id']);
+
+ if (isset($GLOBALS['admin_name']))
+
+ unset($GLOBALS['admin_name']);
+
+ if (isset($GLOBALS['admin_id']))
+
+ unset($GLOBALS['admin_id']);
+ // no more sessions and globals to kill - they were always killed - rest in peace
+
+ $_SESSION['user_logged'] = $to_udata['admin_name'];
+
+ $_SESSION['user_type'] = $to_udata['admin_type'];
+
+ $_SESSION['user_id'] = $to_udata['admin_id'];
+
+ $_SESSION['user_created_by'] = $to_udata['created_by'];
+
+ $_SESSION['user_login_time'] = time();
+
+ $_SESSION['user_def_lang'] = $user_language;
+
+ $_SESSION['user_theme_color'] = $user_layout;
+
+ $user_login_time = time();
+ $new_user_name = $to_udata['admin_name'];
+
+ $query = <<