Annotation of /trunk/vhcs2/patches/vhcs2-2.4.7.1-security-fix-RS-2006-1.patch
Parent Directory
| 
Revision Log
Revision 267 -
(hide annotations)
(download)
Mon Jul 16 17:07:58 2007 UTC (16 years, 11 months ago) by niro
File size: 35768 byte(s)
Mon Jul 16 17:07:58 2007 UTC (16 years, 11 months ago) by niro
File size: 35768 byte(s)
-several fixes for vhcs2-2.4.7.1-r1
| 1 | niro | 267 | diff -Naur vhcs2-2.4.7.1/gui/include/login.php vhcs2-2.4.7.1-magellan/gui/include/login.php |
| 2 | --- vhcs2-2.4.7.1/gui/include/login.php 2005-12-31 12:09:05.000000000 +0100 | ||
| 3 | +++ vhcs2-2.4.7.1-magellan/gui/include/login.php 2007-07-16 17:09:03.000000000 +0200 | ||
| 4 | @@ -1,710 +1,718 @@ | ||
| 5 | -<?php | ||
| 6 | -// ------------------------------------------------------------------------------- | ||
| 7 | -// | VHCS(tm) - Virtual Hosting Control System | | ||
| 8 | -// | Copyright (c) 2001-2004 be moleSoftware | | ||
| 9 | -// | http://vhcs.net | http://www.molesoftware.com | | ||
| 10 | -// | | | ||
| 11 | -// | This program is free software; you can redistribute it and/or | | ||
| 12 | -// | modify it under the terms of the MPL General Public License | | ||
| 13 | -// | as published by the Free Software Foundation; either version 1.1 | | ||
| 14 | -// | of the License, or (at your option) any later version. | | ||
| 15 | -// | | | ||
| 16 | -// | You should have received a copy of the MPL Mozilla Public License | | ||
| 17 | -// | along with this program; if not, write to the Open Source Initiative (OSI) | | ||
| 18 | -// | http://opensource.org | osi@opensource.org | | ||
| 19 | -// | | | ||
| 20 | -// ------------------------------------------------------------------------------- | ||
| 21 | - | ||
| 22 | - | ||
| 23 | - | ||
| 24 | -function register_user($uname, $upass) { | ||
| 25 | - | ||
| 26 | - global $sql; | ||
| 27 | - | ||
| 28 | - global $cfg; | ||
| 29 | - | ||
| 30 | - | ||
| 31 | - $timestamp = time(); | ||
| 32 | - | ||
| 33 | - | ||
| 34 | - if ($cfg['DB_TYPE'] === 'mysql') { | ||
| 35 | - $query = "select admin_id, admin_pass, admin_type, created_by from admin where binary admin_name = ?"; | ||
| 36 | - } | ||
| 37 | - | ||
| 38 | - $rs = exec_query($sql, $query, array($uname)); | ||
| 39 | - | ||
| 40 | - if (($rs -> RecordCount()) != 1) { | ||
| 41 | - | ||
| 42 | - write_log("Login error, <b><i>".htmlspecialchars($uname, ENT_QUOTES, "UTF-8")."</i></b> unknown username"); | ||
| 43 | - | ||
| 44 | - return false; | ||
| 45 | - | ||
| 46 | - } | ||
| 47 | - | ||
| 48 | - $udata = $rs -> FetchRow(); | ||
| 49 | - | ||
| 50 | - if (crypt($_POST['upass'], $udata[1]) === $udata[1] || md5($_POST['upass']) === $udata[1]) { | ||
| 51 | - | ||
| 52 | - if (isset($_SESSION['user_logged'])) { | ||
| 53 | - | ||
| 54 | - write_log($_SESSION['user_logged']." user already logged or session sharing problem! Aborting..."); | ||
| 55 | - | ||
| 56 | - system_message(tr('User already logged or session sharing problem! Aborting...')); | ||
| 57 | - | ||
| 58 | - } else { | ||
| 59 | - | ||
| 60 | - if ($udata['admin_type'] == "user"){ | ||
| 61 | - | ||
| 62 | - $domain_admin_id = $udata['admin_id']; | ||
| 63 | - | ||
| 64 | - $query = <<<SQL_QUERY | ||
| 65 | - select | ||
| 66 | - domain_status | ||
| 67 | - from | ||
| 68 | - domain | ||
| 69 | - where | ||
| 70 | - domain_admin_id = ?; | ||
| 71 | -SQL_QUERY; | ||
| 72 | - | ||
| 73 | - $rs = exec_query($sql, $query, array($domain_admin_id)); | ||
| 74 | - | ||
| 75 | - $user_dom_data = $rs -> FetchRow(); | ||
| 76 | - | ||
| 77 | - if ($user_dom_data['domain_status'] != $cfg['ITEM_OK_STATUS']){ | ||
| 78 | - | ||
| 79 | - write_log( htmlspecialchars($uname, ENT_QUOTES, "UTF-8")." Domain status is not OK - user can not login"); | ||
| 80 | - | ||
| 81 | - return false; | ||
| 82 | - } | ||
| 83 | - } | ||
| 84 | - | ||
| 85 | - // all is OK let's login the user | ||
| 86 | - $user_login_time = time(); | ||
| 87 | - | ||
| 88 | - $query = <<<SQL_QUERY | ||
| 89 | - insert into login | ||
| 90 | - (session_id, lastaccess) | ||
| 91 | - values | ||
| 92 | - (?, ?) | ||
| 93 | -SQL_QUERY; | ||
| 94 | - | ||
| 95 | - $rs = exec_query($sql, $query, array($uname, $user_login_time)); | ||
| 96 | - | ||
| 97 | - | ||
| 98 | - $_SESSION['user_logged'] = $uname; | ||
| 99 | - | ||
| 100 | - $_SESSION['user_type'] = $udata['admin_type']; | ||
| 101 | - | ||
| 102 | - $_SESSION['user_id'] = $udata['admin_id']; | ||
| 103 | - | ||
| 104 | - $_SESSION['user_created_by'] = $udata['created_by']; | ||
| 105 | - | ||
| 106 | - $_SESSION['user_login_time'] = $user_login_time; | ||
| 107 | - | ||
| 108 | - write_log( htmlspecialchars($uname, ENT_QUOTES, "UTF-8")." user logged in."); | ||
| 109 | - | ||
| 110 | - return true; | ||
| 111 | - | ||
| 112 | - } | ||
| 113 | - | ||
| 114 | - } else { | ||
| 115 | - | ||
| 116 | - write_log( htmlspecialchars($uname, ENT_QUOTES, "UTF-8")." bad password login data."); | ||
| 117 | - | ||
| 118 | - return false; | ||
| 119 | - | ||
| 120 | - } | ||
| 121 | - | ||
| 122 | -} | ||
| 123 | - | ||
| 124 | -function check_user_login($uname, $utype, $uid) { | ||
| 125 | - | ||
| 126 | - global $cfg, $sql; | ||
| 127 | - | ||
| 128 | - $timestamp = time(); | ||
| 129 | - //lets kill all time out sessions | ||
| 130 | - global $cfg; | ||
| 131 | - $timeout_sessions = $timestamp - $cfg['SESSION_TIMEOUT']; | ||
| 132 | - $query = <<<SQL_QUERY | ||
| 133 | - delete from | ||
| 134 | - login | ||
| 135 | - where | ||
| 136 | - lastaccess < ? | ||
| 137 | -SQL_QUERY; | ||
| 138 | - | ||
| 139 | - $rs = exec_query($sql, $query, array($timeout_sessions)); | ||
| 140 | - | ||
| 141 | - | ||
| 142 | - if (isset($_SESSION['user_logged'])) { | ||
| 143 | - | ||
| 144 | - $user_id = $_SESSION['user_logged']; | ||
| 145 | - | ||
| 146 | - $query = <<<SQL_QUERY | ||
| 147 | - select | ||
| 148 | - session_id | ||
| 149 | - from | ||
| 150 | - login | ||
| 151 | - where | ||
| 152 | - session_id = ? | ||
| 153 | -SQL_QUERY; | ||
| 154 | - | ||
| 155 | - $rs = exec_query($sql, $query, array($user_id)); | ||
| 156 | - | ||
| 157 | - if ($rs -> RecordCount() == 0) { | ||
| 158 | - | ||
| 159 | - write_log($_SESSION['user_logged']." user session do not exist or killed"); | ||
| 160 | - | ||
| 161 | - return false; | ||
| 162 | - | ||
| 163 | - } | ||
| 164 | - | ||
| 165 | - | ||
| 166 | - if ($timestamp - $_SESSION['user_login_time'] <= $cfg['SESSION_TIMEOUT']) { | ||
| 167 | - | ||
| 168 | - $_SESSION['user_login_time'] = $timestamp; | ||
| 169 | - | ||
| 170 | -$query = <<<SQL_QUERY | ||
| 171 | - update | ||
| 172 | - login | ||
| 173 | - set | ||
| 174 | - lastaccess = ? | ||
| 175 | - where | ||
| 176 | - session_id = ? | ||
| 177 | -SQL_QUERY; | ||
| 178 | - $rs = exec_query($sql, $query, array($timestamp, $user_id)); | ||
| 179 | - | ||
| 180 | - goto_user_location(); | ||
| 181 | - | ||
| 182 | - return true; | ||
| 183 | - | ||
| 184 | - } else { | ||
| 185 | - | ||
| 186 | - $query = <<<SQL_QUERY | ||
| 187 | - delete from | ||
| 188 | - login | ||
| 189 | - where | ||
| 190 | - session_id = ? | ||
| 191 | -SQL_QUERY; | ||
| 192 | - | ||
| 193 | - $rs = exec_query($sql, $query, array($user_id)); | ||
| 194 | - write_log(htmlspecialchars($uname, ENT_QUOTES, "UTF-8")." user session timed out"); | ||
| 195 | - | ||
| 196 | - return false; | ||
| 197 | - | ||
| 198 | - } | ||
| 199 | - | ||
| 200 | - } else { | ||
| 201 | - | ||
| 202 | - | ||
| 203 | - write_log(htmlspecialchars($uname, ENT_QUOTES, "UTF-8")." bad session data."); | ||
| 204 | - | ||
| 205 | - return false; | ||
| 206 | - | ||
| 207 | - } | ||
| 208 | - | ||
| 209 | -} | ||
| 210 | - | ||
| 211 | - | ||
| 212 | -function goto_user_location() | ||
| 213 | -{ | ||
| 214 | - $path = explode("/", $_SERVER['SCRIPT_NAME']); | ||
| 215 | - | ||
| 216 | - $found = false; | ||
| 217 | - | ||
| 218 | - for($i=0; $i< count($path);$i++){ | ||
| 219 | - | ||
| 220 | - if($path[$i] == $_SESSION['user_type']){ | ||
| 221 | - | ||
| 222 | - $found= true; | ||
| 223 | - | ||
| 224 | - } else if ($_SESSION['user_type'] == 'user' && $path[$i] == 'client') { | ||
| 225 | - | ||
| 226 | - $found= true; | ||
| 227 | - | ||
| 228 | - } | ||
| 229 | - } | ||
| 230 | - if(!$found) | ||
| 231 | - { | ||
| 232 | - | ||
| 233 | - if ($_SESSION['user_type'] == 'admin') { | ||
| 234 | - | ||
| 235 | - header("Location: ../admin/manage_users.php"); | ||
| 236 | - | ||
| 237 | - } else if ($_SESSION['user_type'] == 'reseller') { | ||
| 238 | - | ||
| 239 | - header("Location: ../reseller/index.php"); | ||
| 240 | - | ||
| 241 | - } else if ($_SESSION['user_type'] == 'user') { | ||
| 242 | - | ||
| 243 | - header("Location: ../client/index.php"); | ||
| 244 | - | ||
| 245 | - } | ||
| 246 | - } | ||
| 247 | - | ||
| 248 | -} | ||
| 249 | - | ||
| 250 | -function check_login () { | ||
| 251 | - | ||
| 252 | - if (isset($_SESSION['user_logged'])) { | ||
| 253 | - | ||
| 254 | - if (!check_user_login($_SESSION['user_logged'], $_SESSION['user_type'], $_SESSION['user_id'])) { | ||
| 255 | - | ||
| 256 | - header("Location: ../index.php"); | ||
| 257 | - | ||
| 258 | - } | ||
| 259 | - | ||
| 260 | - } else { | ||
| 261 | - | ||
| 262 | - header("Location: ../index.php"); | ||
| 263 | - | ||
| 264 | - } | ||
| 265 | - | ||
| 266 | -function change_user_interface($form_id, $to_id) { | ||
| 267 | - | ||
| 268 | - global $sql; | ||
| 269 | - | ||
| 270 | - global $cfg; | ||
| 271 | - | ||
| 272 | - | ||
| 273 | - $timestamp = time(); | ||
| 274 | - | ||
| 275 | - if ($cfg['DB_TYPE'] === 'mysql') { | ||
| 276 | - $query_from = "select admin_id, admin_name, admin_pass, admin_type, created_by from admin where binary admin_id = ?"; | ||
| 277 | - $query_to = "select admin_id, admin_name, admin_pass, admin_type, created_by from admin where binary admin_id = ?"; | ||
| 278 | - } | ||
| 279 | - | ||
| 280 | - $rs_from = exec_query($sql, $query_from, array($form_id)); | ||
| 281 | - $rs_to = exec_query($sql, $query_to, array($to_id)); | ||
| 282 | - | ||
| 283 | - if (($rs_from -> RecordCount()) != 1 || ($rs_to -> RecordCount()) != 1) { | ||
| 284 | - write_log("Change interface error => unknown from or to username"); | ||
| 285 | - return false; | ||
| 286 | - } | ||
| 287 | - | ||
| 288 | - | ||
| 289 | - $from_udata = $rs_from -> FetchRow(); | ||
| 290 | - | ||
| 291 | - $to_udata = $rs_to -> FetchRow(); | ||
| 292 | - | ||
| 293 | - | ||
| 294 | - // let's check if TO_DOMAIN Status OK | ||
| 295 | - // if domain satus not OK -> don't add mail accounts or subdomains .. or something else | ||
| 296 | - | ||
| 297 | - if ($to_udata['admin_type'] == "user"){ | ||
| 298 | - | ||
| 299 | - $domain_admin_id = $to_udata['admin_id']; | ||
| 300 | - | ||
| 301 | - $query = <<<SQL_QUERY | ||
| 302 | - select | ||
| 303 | - domain_status | ||
| 304 | - from | ||
| 305 | - domain | ||
| 306 | - where | ||
| 307 | - domain_admin_id = ? | ||
| 308 | -SQL_QUERY; | ||
| 309 | - | ||
| 310 | - $rs = exec_query($sql, $query, array($domain_admin_id)); | ||
| 311 | - | ||
| 312 | - $user_dom_data = $rs -> FetchRow(); | ||
| 313 | - | ||
| 314 | - if ($user_dom_data['domain_status'] != $cfg['ITEM_OK_STATUS']){ | ||
| 315 | - | ||
| 316 | - write_log("Domain ID: ".$to_udata['admin_id']." - domain status PROBLEM -"); | ||
| 317 | - | ||
| 318 | - return false; | ||
| 319 | - } | ||
| 320 | - } | ||
| 321 | - //end of Domain User Status check | ||
| 322 | - | ||
| 323 | - | ||
| 324 | - | ||
| 325 | - if ($from_udata['admin_type'] === 'admin' && $to_udata['admin_type'] === 'reseller') { | ||
| 326 | - | ||
| 327 | - $header = "../reseller/index.php"; | ||
| 328 | - | ||
| 329 | - } else if ($from_udata['admin_type'] === 'admin' && ($to_udata['admin_type'] != 'admin' || $to_udata['admin_type'] != 'reseller')) { | ||
| 330 | - | ||
| 331 | - $header = "../client/index.php"; | ||
| 332 | - | ||
| 333 | - } else if ($from_udata['admin_type'] === 'reseller' && ($to_udata['admin_type'] != 'admin' || $to_udata['admin_type'] != 'reseller')) { | ||
| 334 | - | ||
| 335 | - $header = "../client/index.php"; | ||
| 336 | - | ||
| 337 | - } | ||
| 338 | - | ||
| 339 | - // lets check and go from bottom to top User -> Reseller -> Admin | ||
| 340 | - | ||
| 341 | - else if (isset($_SESSION['logged_from'])) { // ther is SESSION 'logged from' -> we can go from Buttom to TOP | ||
| 342 | - | ||
| 343 | - if ($from_udata['admin_type'] === 'reseller' && $to_udata['admin_type'] == 'admin') { | ||
| 344 | - | ||
| 345 | - $header = "../admin/manage_users.php"; | ||
| 346 | - | ||
| 347 | - } | ||
| 348 | - // user to admin | ||
| 349 | - else if (($from_udata['admin_type'] != 'admin' || $from_udata['admin_type'] != 'reseller') && $to_udata['admin_type'] === 'admin') { | ||
| 350 | - | ||
| 351 | - $header = "../admin/manage_users.php"; | ||
| 352 | - | ||
| 353 | - } | ||
| 354 | - // user reseller | ||
| 355 | - else if (($from_udata['admin_type'] != 'admin' || $from_udata['admin_type'] != 'reseller') && $to_udata['admin_type'] === 'reseller') { | ||
| 356 | - | ||
| 357 | - $header = "../reseller/users.php"; | ||
| 358 | - | ||
| 359 | - } | ||
| 360 | - | ||
| 361 | - else{ | ||
| 362 | - | ||
| 363 | - write_log("change interface error from: ".$from_udata['admin_name']." to: ".$to_udata['admin_name']); | ||
| 364 | - | ||
| 365 | - return false; | ||
| 366 | - } | ||
| 367 | - | ||
| 368 | - | ||
| 369 | - | ||
| 370 | - } else { | ||
| 371 | - | ||
| 372 | - write_log("change interface error from: ".$from_udata['admin_name']." to: ".$to_udata['admin_name']); | ||
| 373 | - | ||
| 374 | - return false; | ||
| 375 | - } | ||
| 376 | - | ||
| 377 | - // lets save layout and language from admin/reseler - they don't wannt to read user interface on china or arabic language | ||
| 378 | - $user_language = $_SESSION['user_def_lang']; | ||
| 379 | - | ||
| 380 | - $user_layout = $_SESSION['user_theme_color']; | ||
| 381 | - | ||
| 382 | - | ||
| 383 | - // delete all sessions and globals data and set new one with SESSION logged_from | ||
| 384 | - unset_user_login_data(); | ||
| 385 | - | ||
| 386 | - if ($to_udata['admin_type'] != 'admin'){ | ||
| 387 | - | ||
| 388 | - $_SESSION['logged_from'] = $from_udata['admin_name']; | ||
| 389 | - | ||
| 390 | - $_SESSION['logged_from_id'] = $from_udata['admin_id']; | ||
| 391 | - | ||
| 392 | - } | ||
| 393 | - | ||
| 394 | - // we gonna kill all sessions and globals if user get back to admin level | ||
| 395 | - if (isset($_SESSION['admin_name'])) | ||
| 396 | - | ||
| 397 | - unset($_SESSION['admin_name']); | ||
| 398 | - | ||
| 399 | - if (isset($_SESSION['admin_id'])) | ||
| 400 | - | ||
| 401 | - unset($_SESSION['admin_id']); | ||
| 402 | - | ||
| 403 | - if (isset($GLOBALS['admin_name'])) | ||
| 404 | - | ||
| 405 | - unset($GLOBALS['admin_name']); | ||
| 406 | - | ||
| 407 | - if (isset($GLOBALS['admin_id'])) | ||
| 408 | - | ||
| 409 | - unset($GLOBALS['admin_id']); | ||
| 410 | - // no more sessions and globals to kill - they were always killed - rest in peace | ||
| 411 | - | ||
| 412 | - $_SESSION['user_logged'] = $to_udata['admin_name']; | ||
| 413 | - | ||
| 414 | - $_SESSION['user_type'] = $to_udata['admin_type']; | ||
| 415 | - | ||
| 416 | - $_SESSION['user_id'] = $to_udata['admin_id']; | ||
| 417 | - | ||
| 418 | - $_SESSION['user_created_by'] = $to_udata['created_by']; | ||
| 419 | - | ||
| 420 | - $_SESSION['user_login_time'] = time(); | ||
| 421 | - | ||
| 422 | - $_SESSION['user_def_lang'] = $user_language; | ||
| 423 | - | ||
| 424 | - $_SESSION['user_theme_color'] = $user_layout; | ||
| 425 | - | ||
| 426 | - $user_login_time = time(); | ||
| 427 | - $new_user_name = $to_udata['admin_name']; | ||
| 428 | - | ||
| 429 | - $query = <<<SQL_QUERY | ||
| 430 | - insert into login | ||
| 431 | - (session_id, lastaccess) | ||
| 432 | - values | ||
| 433 | - (?, ?) | ||
| 434 | -SQL_QUERY; | ||
| 435 | - | ||
| 436 | - $rs = exec_query($sql, $query, array($new_user_name, $user_login_time)); | ||
| 437 | - | ||
| 438 | - write_log($from_udata['admin_name']." change into interface from ".$to_udata['admin_name']); | ||
| 439 | - return $header; | ||
| 440 | - } | ||
| 441 | -} | ||
| 442 | - | ||
| 443 | -function unset_user_login_data () { | ||
| 444 | - | ||
| 445 | - global $cfg, $sql; | ||
| 446 | - | ||
| 447 | - if (isset($_SESSION['user_logged'])) { | ||
| 448 | - $admin_name = $_SESSION['user_logged']; | ||
| 449 | - | ||
| 450 | - $query = <<<SQL_QUERY | ||
| 451 | - delete from | ||
| 452 | - login | ||
| 453 | - where | ||
| 454 | - session_id = ? | ||
| 455 | -SQL_QUERY; | ||
| 456 | - | ||
| 457 | - $rs = exec_query($sql, $query, array($admin_name)); | ||
| 458 | - | ||
| 459 | - unset($_SESSION['user_logged']); | ||
| 460 | - } | ||
| 461 | - | ||
| 462 | - if (isset($_SESSION['user_id'])) | ||
| 463 | - | ||
| 464 | - unset($_SESSION['user_id']); | ||
| 465 | - | ||
| 466 | - if (isset($_SESSION['user_type'])) | ||
| 467 | - | ||
| 468 | - unset($_SESSION['user_type']); | ||
| 469 | - | ||
| 470 | - if (isset($_SESSION['user_created_by'])) | ||
| 471 | - | ||
| 472 | - unset($_SESSION['user_created_by']); | ||
| 473 | - | ||
| 474 | - if (isset($_SESSION['user_login_time'])) | ||
| 475 | - | ||
| 476 | - unset($_SESSION['user_login_time']); | ||
| 477 | - | ||
| 478 | - if (isset($_SESSION['dmn_name'])) | ||
| 479 | - | ||
| 480 | - unset($_SESSION['dmn_name']); | ||
| 481 | - | ||
| 482 | - if (isset($_SESSION['user_has_domain'])) | ||
| 483 | - | ||
| 484 | - unset($_SESSION['user_has_domain']); | ||
| 485 | - | ||
| 486 | - if (isset($_SESSION['hpid'])) | ||
| 487 | - | ||
| 488 | - unset($_SESSION['hpid']); | ||
| 489 | - | ||
| 490 | - if (isset($_SESSION['user_deleted'])) | ||
| 491 | - | ||
| 492 | - unset($_SESSION['user_deleted']); | ||
| 493 | - | ||
| 494 | - if (isset($_SESSION['edit'])) | ||
| 495 | - | ||
| 496 | - unset($_SESSION['edit']); | ||
| 497 | - | ||
| 498 | - if (isset($_SESSION['reseller_ips'])) | ||
| 499 | - | ||
| 500 | - unset($_SESSION['reseller_ips']); | ||
| 501 | - | ||
| 502 | - if (isset($_SESSION['sql_support'])) | ||
| 503 | - | ||
| 504 | - unset($_SESSION['sql_support']); | ||
| 505 | - | ||
| 506 | - if (isset($_SESSION['email_support'])) | ||
| 507 | - | ||
| 508 | - unset($_SESSION['email_support']); | ||
| 509 | - | ||
| 510 | - if (isset($_SESSION['admin_id'])) | ||
| 511 | - | ||
| 512 | - unset($_SESSION['admin_id']); | ||
| 513 | - | ||
| 514 | - if (isset($_SESSION['admin_login'])) | ||
| 515 | - | ||
| 516 | - unset($_SESSION['admin_login']); | ||
| 517 | - | ||
| 518 | - if (isset($_SESSION['admin_type'])) | ||
| 519 | - | ||
| 520 | - unset($_SESSION['admin_type']); | ||
| 521 | - | ||
| 522 | - if (isset($_SESSION['admin_email'])) | ||
| 523 | - | ||
| 524 | - unset($_SESSION['admin_email']); | ||
| 525 | - | ||
| 526 | - if (isset($_SESSION['cur_lang'])) | ||
| 527 | - | ||
| 528 | - unset($_SESSION['cur_lang']); | ||
| 529 | - | ||
| 530 | - if (isset($_SESSION['step_two_back_data'])) | ||
| 531 | - | ||
| 532 | - unset($_SESSION['step_two_back_data']); | ||
| 533 | - | ||
| 534 | - if (isset($_SESSION['local_data'])) | ||
| 535 | - | ||
| 536 | - unset($_SESSION['local_data']); | ||
| 537 | - | ||
| 538 | - if (isset($_SESSION['logged'])) | ||
| 539 | - | ||
| 540 | - unset($_SESSION['logged']); | ||
| 541 | - | ||
| 542 | - if (isset($_SESSION['subdomain_support'])) | ||
| 543 | - | ||
| 544 | - unset($_SESSION['subdomain_support']); | ||
| 545 | - | ||
| 546 | - if (isset($_SESSION['edit_ID'])) | ||
| 547 | - | ||
| 548 | - unset($_SESSION['edit_ID']); | ||
| 549 | - | ||
| 550 | - if (isset($_SESSION['user_name'])) | ||
| 551 | - | ||
| 552 | - unset($_SESSION['user_name']); | ||
| 553 | - | ||
| 554 | - if (isset($_SESSION['user_has_domain'])) | ||
| 555 | - | ||
| 556 | - unset($_SESSION['user_has_domain']); | ||
| 557 | - | ||
| 558 | - if (isset($_SESSION['layout_id'])) | ||
| 559 | - | ||
| 560 | - unset($_SESSION['layout_id']); | ||
| 561 | - | ||
| 562 | - if (isset($_SESSION['user_page_message'])) | ||
| 563 | - | ||
| 564 | - unset($_SESSION['user_page_message']); | ||
| 565 | - | ||
| 566 | - if (isset($_SESSION['dmn_name'])) | ||
| 567 | - | ||
| 568 | - unset($_SESSION['dmn_name']); | ||
| 569 | - | ||
| 570 | - if (isset($_SESSION['local_data'])) | ||
| 571 | - | ||
| 572 | - unset($_SESSION['local_data']); | ||
| 573 | - | ||
| 574 | - if (isset($_SESSION['rau3_added'])) | ||
| 575 | - | ||
| 576 | - unset($_SESSION['rau3_added']); | ||
| 577 | - | ||
| 578 | - if (isset($_SESSION['chtpl'])) | ||
| 579 | - | ||
| 580 | - unset($_SESSION['chtpl']); | ||
| 581 | - | ||
| 582 | - if (isset($_SESSION['step_one'])) | ||
| 583 | - | ||
| 584 | - unset($_SESSION['step_one']); | ||
| 585 | - | ||
| 586 | - if (isset($_SESSION['dmn_tpl'])) | ||
| 587 | - | ||
| 588 | - unset($_SESSION['dmn_tpl']); | ||
| 589 | - | ||
| 590 | - if (isset($_SESSION['logged_from'])) | ||
| 591 | - | ||
| 592 | - unset($_SESSION['logged_from']); | ||
| 593 | - | ||
| 594 | - if (isset($_SESSION['logged_from_id'])) | ||
| 595 | - | ||
| 596 | - unset($_SESSION['logged_from_id']); | ||
| 597 | - | ||
| 598 | - if (isset($_SESSION['ddel'])) | ||
| 599 | - | ||
| 600 | - unset($_SESSION['ddel']); | ||
| 601 | - | ||
| 602 | - if (isset($_SESSION['user_def_lang'])) | ||
| 603 | - | ||
| 604 | - unset($_SESSION['user_def_lang']); | ||
| 605 | - | ||
| 606 | - if (isset($_SESSION['alias_support'])) | ||
| 607 | - | ||
| 608 | - unset($_SESSION['alias_support']); | ||
| 609 | - | ||
| 610 | - | ||
| 611 | - | ||
| 612 | -// globals | ||
| 613 | - | ||
| 614 | - if (isset($GLOBALS['user_logged'])) | ||
| 615 | - | ||
| 616 | - unset($GLOBALS['user_logged']); | ||
| 617 | - | ||
| 618 | - if (isset($GLOBALS['user_def_lang'])) | ||
| 619 | - | ||
| 620 | - unset($GLOBALS['user_def_lang']); | ||
| 621 | - | ||
| 622 | - if (isset($GLOBALS['user_type'])) | ||
| 623 | - | ||
| 624 | - unset($GLOBALS['user_type']); | ||
| 625 | - | ||
| 626 | - if (isset($GLOBALS['user_id'])) | ||
| 627 | - | ||
| 628 | - unset($GLOBALS['user_id']); | ||
| 629 | - | ||
| 630 | - if (isset($GLOBALS['user_created_by'])) | ||
| 631 | - | ||
| 632 | - unset($GLOBALS['user_created_by']); | ||
| 633 | - | ||
| 634 | - if (isset($GLOBALS['user_login_time'])) | ||
| 635 | - | ||
| 636 | - unset($GLOBALS['user_login_time']); | ||
| 637 | - | ||
| 638 | - if (isset($GLOBALS['user_theme_color'])) | ||
| 639 | - | ||
| 640 | - unset($GLOBALS['user_theme_color']); | ||
| 641 | - | ||
| 642 | - if (isset($GLOBALS['layout_id'])) | ||
| 643 | - | ||
| 644 | - unset($GLOBALS['layout_id']); | ||
| 645 | - | ||
| 646 | - if (isset($GLOBALS['email_support'])) | ||
| 647 | - | ||
| 648 | - unset($GLOBALS['email_support']); | ||
| 649 | - | ||
| 650 | - if (isset($GLOBALS['subdomain_support'])) | ||
| 651 | - | ||
| 652 | - unset($GLOBALS['subdomain_support']); | ||
| 653 | - | ||
| 654 | - if (isset($GLOBALS['sql_support'])) | ||
| 655 | - | ||
| 656 | - unset($GLOBALS['sql_support']); | ||
| 657 | - | ||
| 658 | - if (isset($GLOBALS['user_page_message'])) | ||
| 659 | - | ||
| 660 | - unset($GLOBALS['user_page_message']); | ||
| 661 | - | ||
| 662 | - if (isset($GLOBALS['ch_hpprops'])) | ||
| 663 | - | ||
| 664 | - unset($GLOBALS['ch_hpprops']); | ||
| 665 | - | ||
| 666 | - if (isset($_SESSION['ch_hpprops'])) | ||
| 667 | - | ||
| 668 | - unset($_SESSION['ch_hpprops']); | ||
| 669 | - | ||
| 670 | - if (isset($GLOBALS['dmn_name'])) | ||
| 671 | - | ||
| 672 | - unset($GLOBALS['dmn_name']); | ||
| 673 | - | ||
| 674 | - if (isset($GLOBALS['local_data'])) | ||
| 675 | - | ||
| 676 | - unset($GLOBALS['local_data']); | ||
| 677 | - | ||
| 678 | - if (isset($GLOBALS['rau3_added'])) | ||
| 679 | - | ||
| 680 | - unset($GLOBALS['rau3_added']); | ||
| 681 | - | ||
| 682 | - if (isset($GLOBALS['dmn_tpl'])) | ||
| 683 | - | ||
| 684 | - unset($GLOBALS['dmn_tpl']); | ||
| 685 | - | ||
| 686 | - if (isset($GLOBALS['chtpl'])) | ||
| 687 | - | ||
| 688 | - unset($GLOBALS['chtpl']); | ||
| 689 | - | ||
| 690 | - if (isset($GLOBALS['step_one'])) | ||
| 691 | - | ||
| 692 | - unset($GLOBALS['step_one']); | ||
| 693 | - | ||
| 694 | - if (isset($GLOBALS['logged_from'])) | ||
| 695 | - | ||
| 696 | - unset($GLOBALS['logged_from']); | ||
| 697 | - | ||
| 698 | - if (isset($GLOBALS['logged_from_id'])) | ||
| 699 | - | ||
| 700 | - unset($GLOBALS['logged_from_id']); | ||
| 701 | - | ||
| 702 | - if (isset($GLOBALS['ddel'])) | ||
| 703 | - | ||
| 704 | - unset($GLOBALS['ddel']); | ||
| 705 | - | ||
| 706 | - if (isset($GLOBALS['alias_support'])) | ||
| 707 | - | ||
| 708 | - unset($GLOBALS['alias_support']); | ||
| 709 | - | ||
| 710 | - | ||
| 711 | - $_SESSION['user_def_lang'] = $cfg['USER_INITIAL_LANG']; | ||
| 712 | -} | ||
| 713 | - | ||
| 714 | -?> | ||
| 715 | +<?php | ||
| 716 | +// ------------------------------------------------------------------------------- | ||
| 717 | +// | VHCS(tm) - Virtual Hosting Control System | | ||
| 718 | +// | Copyright (c) 2001-2004 be moleSoftware | | ||
| 719 | +// | http://vhcs.net | http://www.molesoftware.com | | ||
| 720 | +// | | | ||
| 721 | +// | This program is free software; you can redistribute it and/or | | ||
| 722 | +// | modify it under the terms of the MPL General Public License | | ||
| 723 | +// | as published by the Free Software Foundation; either version 1.1 | | ||
| 724 | +// | of the License, or (at your option) any later version. | | ||
| 725 | +// | | | ||
| 726 | +// | You should have received a copy of the MPL Mozilla Public License | | ||
| 727 | +// | along with this program; if not, write to the Open Source Initiative (OSI) | | ||
| 728 | +// | http://opensource.org | osi@opensource.org | | ||
| 729 | +// | | | ||
| 730 | +// ------------------------------------------------------------------------------- | ||
| 731 | + | ||
| 732 | + | ||
| 733 | + | ||
| 734 | +function register_user($uname, $upass) { | ||
| 735 | + | ||
| 736 | + global $sql; | ||
| 737 | + | ||
| 738 | + global $cfg; | ||
| 739 | + | ||
| 740 | + | ||
| 741 | + $timestamp = time(); | ||
| 742 | + | ||
| 743 | + | ||
| 744 | + if ($cfg['DB_TYPE'] === 'mysql') { | ||
| 745 | + $query = "select admin_id, admin_pass, admin_type, created_by from admin where binary admin_name = ?"; | ||
| 746 | + } | ||
| 747 | + | ||
| 748 | + $rs = exec_query($sql, $query, array($uname)); | ||
| 749 | + | ||
| 750 | + if (($rs -> RecordCount()) != 1) { | ||
| 751 | + | ||
| 752 | + write_log("Login error, <b><i>".htmlspecialchars($uname, ENT_QUOTES, "UTF-8")."</i></b> unknown username"); | ||
| 753 | + | ||
| 754 | + return false; | ||
| 755 | + | ||
| 756 | + } | ||
| 757 | + | ||
| 758 | + $udata = $rs -> FetchRow(); | ||
| 759 | + | ||
| 760 | + if (crypt($_POST['upass'], $udata[1]) === $udata[1] || md5($_POST['upass']) === $udata[1]) { | ||
| 761 | + | ||
| 762 | + if (isset($_SESSION['user_logged'])) { | ||
| 763 | + | ||
| 764 | + write_log($_SESSION['user_logged']." user already logged or session sharing problem! Aborting..."); | ||
| 765 | + | ||
| 766 | + system_message(tr('User already logged or session sharing problem! Aborting...')); | ||
| 767 | + | ||
| 768 | + } else { | ||
| 769 | + | ||
| 770 | + if ($udata['admin_type'] == "user"){ | ||
| 771 | + | ||
| 772 | + $domain_admin_id = $udata['admin_id']; | ||
| 773 | + | ||
| 774 | + $query = <<<SQL_QUERY | ||
| 775 | + select | ||
| 776 | + domain_status | ||
| 777 | + from | ||
| 778 | + domain | ||
| 779 | + where | ||
| 780 | + domain_admin_id = ?; | ||
| 781 | +SQL_QUERY; | ||
| 782 | + | ||
| 783 | + $rs = exec_query($sql, $query, array($domain_admin_id)); | ||
| 784 | + | ||
| 785 | + $user_dom_data = $rs -> FetchRow(); | ||
| 786 | + | ||
| 787 | + if ($user_dom_data['domain_status'] != $cfg['ITEM_OK_STATUS']){ | ||
| 788 | + | ||
| 789 | + write_log( htmlspecialchars($uname, ENT_QUOTES, "UTF-8")." Domain status is not OK - user can not login"); | ||
| 790 | + | ||
| 791 | + return false; | ||
| 792 | + } | ||
| 793 | + } | ||
| 794 | + | ||
| 795 | + // all is OK let's login the user | ||
| 796 | + $user_login_time = time(); | ||
| 797 | + | ||
| 798 | + $query = <<<SQL_QUERY | ||
| 799 | + insert into login | ||
| 800 | + (session_id, lastaccess) | ||
| 801 | + values | ||
| 802 | + (?, ?) | ||
| 803 | +SQL_QUERY; | ||
| 804 | + | ||
| 805 | + $rs = exec_query($sql, $query, array($uname, $user_login_time)); | ||
| 806 | + | ||
| 807 | + | ||
| 808 | + $_SESSION['user_logged'] = $uname; | ||
| 809 | + | ||
| 810 | + $_SESSION['user_type'] = $udata['admin_type']; | ||
| 811 | + | ||
| 812 | + $_SESSION['user_id'] = $udata['admin_id']; | ||
| 813 | + | ||
| 814 | + $_SESSION['user_created_by'] = $udata['created_by']; | ||
| 815 | + | ||
| 816 | + $_SESSION['user_login_time'] = $user_login_time; | ||
| 817 | + | ||
| 818 | + write_log( htmlspecialchars($uname, ENT_QUOTES, "UTF-8")." user logged in."); | ||
| 819 | + | ||
| 820 | + return true; | ||
| 821 | + | ||
| 822 | + } | ||
| 823 | + | ||
| 824 | + } else { | ||
| 825 | + | ||
| 826 | + write_log( htmlspecialchars($uname, ENT_QUOTES, "UTF-8")." bad password login data."); | ||
| 827 | + | ||
| 828 | + return false; | ||
| 829 | + | ||
| 830 | + } | ||
| 831 | + | ||
| 832 | +} | ||
| 833 | + | ||
| 834 | +function check_user_login($uname, $utype, $uid) { | ||
| 835 | + | ||
| 836 | + global $cfg, $sql; | ||
| 837 | + | ||
| 838 | + $timestamp = time(); | ||
| 839 | + //lets kill all time out sessions | ||
| 840 | + global $cfg; | ||
| 841 | + $timeout_sessions = $timestamp - $cfg['SESSION_TIMEOUT']; | ||
| 842 | + $query = <<<SQL_QUERY | ||
| 843 | + delete from | ||
| 844 | + login | ||
| 845 | + where | ||
| 846 | + lastaccess < ? | ||
| 847 | +SQL_QUERY; | ||
| 848 | + | ||
| 849 | + $rs = exec_query($sql, $query, array($timeout_sessions)); | ||
| 850 | + | ||
| 851 | + | ||
| 852 | + if (isset($_SESSION['user_logged'])) { | ||
| 853 | + | ||
| 854 | + $user_id = $_SESSION['user_logged']; | ||
| 855 | + | ||
| 856 | + $query = <<<SQL_QUERY | ||
| 857 | + select | ||
| 858 | + session_id | ||
| 859 | + from | ||
| 860 | + login | ||
| 861 | + where | ||
| 862 | + session_id = ? | ||
| 863 | +SQL_QUERY; | ||
| 864 | + | ||
| 865 | + $rs = exec_query($sql, $query, array($user_id)); | ||
| 866 | + | ||
| 867 | + if ($rs -> RecordCount() == 0) { | ||
| 868 | + | ||
| 869 | + write_log($_SESSION['user_logged']." user session do not exist or killed"); | ||
| 870 | + | ||
| 871 | + return false; | ||
| 872 | + | ||
| 873 | + } | ||
| 874 | + | ||
| 875 | + | ||
| 876 | + if ($timestamp - $_SESSION['user_login_time'] <= $cfg['SESSION_TIMEOUT']) { | ||
| 877 | + | ||
| 878 | + $_SESSION['user_login_time'] = $timestamp; | ||
| 879 | + | ||
| 880 | +$query = <<<SQL_QUERY | ||
| 881 | + update | ||
| 882 | + login | ||
| 883 | + set | ||
| 884 | + lastaccess = ? | ||
| 885 | + where | ||
| 886 | + session_id = ? | ||
| 887 | +SQL_QUERY; | ||
| 888 | + $rs = exec_query($sql, $query, array($timestamp, $user_id)); | ||
| 889 | + | ||
| 890 | + goto_user_location(); | ||
| 891 | + | ||
| 892 | + return true; | ||
| 893 | + | ||
| 894 | + } else { | ||
| 895 | + | ||
| 896 | + $query = <<<SQL_QUERY | ||
| 897 | + delete from | ||
| 898 | + login | ||
| 899 | + where | ||
| 900 | + session_id = ? | ||
| 901 | +SQL_QUERY; | ||
| 902 | + | ||
| 903 | + $rs = exec_query($sql, $query, array($user_id)); | ||
| 904 | + write_log(htmlspecialchars($uname, ENT_QUOTES, "UTF-8")." user session timed out"); | ||
| 905 | + | ||
| 906 | + return false; | ||
| 907 | + | ||
| 908 | + } | ||
| 909 | + | ||
| 910 | + } else { | ||
| 911 | + | ||
| 912 | + | ||
| 913 | + write_log(htmlspecialchars($uname, ENT_QUOTES, "UTF-8")." bad session data."); | ||
| 914 | + | ||
| 915 | + return false; | ||
| 916 | + | ||
| 917 | + } | ||
| 918 | + | ||
| 919 | +} | ||
| 920 | + | ||
| 921 | + | ||
| 922 | +function goto_user_location() | ||
| 923 | +{ | ||
| 924 | + $path = explode("/", $_SERVER['SCRIPT_NAME']); | ||
| 925 | + | ||
| 926 | + $found = false; | ||
| 927 | + | ||
| 928 | + for($i=0; $i< count($path);$i++){ | ||
| 929 | + | ||
| 930 | + if($path[$i] == $_SESSION['user_type']){ | ||
| 931 | + | ||
| 932 | + $found= true; | ||
| 933 | + | ||
| 934 | + } else if ($_SESSION['user_type'] == 'user' && $path[$i] == 'client') { | ||
| 935 | + | ||
| 936 | + $found= true; | ||
| 937 | + | ||
| 938 | + } | ||
| 939 | + } | ||
| 940 | + if(!$found) | ||
| 941 | + { | ||
| 942 | + | ||
| 943 | + if ($_SESSION['user_type'] == 'admin') { | ||
| 944 | + | ||
| 945 | + header("Location: ../admin/manage_users.php"); | ||
| 946 | + | ||
| 947 | + die(); | ||
| 948 | + | ||
| 949 | + } else if ($_SESSION['user_type'] == 'reseller') { | ||
| 950 | + | ||
| 951 | + header("Location: ../reseller/index.php"); | ||
| 952 | + | ||
| 953 | + die(); | ||
| 954 | + | ||
| 955 | + } else if ($_SESSION['user_type'] == 'user') { | ||
| 956 | + | ||
| 957 | + header("Location: ../client/index.php"); | ||
| 958 | + | ||
| 959 | + die(); | ||
| 960 | + | ||
| 961 | + } | ||
| 962 | + } | ||
| 963 | + | ||
| 964 | +} | ||
| 965 | + | ||
| 966 | +function check_login () { | ||
| 967 | + | ||
| 968 | + if (isset($_SESSION['user_logged'])) { | ||
| 969 | + | ||
| 970 | + if (!check_user_login($_SESSION['user_logged'], $_SESSION['user_type'], $_SESSION['user_id'])) { | ||
| 971 | + | ||
| 972 | + header("Location: ../index.php"); | ||
| 973 | + die(); | ||
| 974 | + | ||
| 975 | + } | ||
| 976 | + | ||
| 977 | + } else { | ||
| 978 | + | ||
| 979 | + header("Location: ../index.php"); | ||
| 980 | + die(); | ||
| 981 | + } | ||
| 982 | +} | ||
| 983 | + | ||
| 984 | +function change_user_interface($form_id, $to_id) { | ||
| 985 | + | ||
| 986 | + global $sql; | ||
| 987 | + | ||
| 988 | + global $cfg; | ||
| 989 | + | ||
| 990 | + | ||
| 991 | + $timestamp = time(); | ||
| 992 | + | ||
| 993 | + if ($cfg['DB_TYPE'] === 'mysql') { | ||
| 994 | + $query_from = "select admin_id, admin_name, admin_pass, admin_type, created_by from admin where binary admin_id = ?"; | ||
| 995 | + $query_to = "select admin_id, admin_name, admin_pass, admin_type, created_by from admin where binary admin_id = ?"; | ||
| 996 | + } | ||
| 997 | + | ||
| 998 | + $rs_from = exec_query($sql, $query_from, array($form_id)); | ||
| 999 | + $rs_to = exec_query($sql, $query_to, array($to_id)); | ||
| 1000 | + | ||
| 1001 | + if (($rs_from -> RecordCount()) != 1 || ($rs_to -> RecordCount()) != 1) { | ||
| 1002 | + write_log("Change interface error => unknown from or to username"); | ||
| 1003 | + return false; | ||
| 1004 | + } | ||
| 1005 | + | ||
| 1006 | + | ||
| 1007 | + $from_udata = $rs_from -> FetchRow(); | ||
| 1008 | + | ||
| 1009 | + $to_udata = $rs_to -> FetchRow(); | ||
| 1010 | + | ||
| 1011 | + | ||
| 1012 | + // let's check if TO_DOMAIN Status OK | ||
| 1013 | + // if domain satus not OK -> don't add mail accounts or subdomains .. or something else | ||
| 1014 | + | ||
| 1015 | + if ($to_udata['admin_type'] == "user"){ | ||
| 1016 | + | ||
| 1017 | + $domain_admin_id = $to_udata['admin_id']; | ||
| 1018 | + | ||
| 1019 | + $query = <<<SQL_QUERY | ||
| 1020 | + select | ||
| 1021 | + domain_status | ||
| 1022 | + from | ||
| 1023 | + domain | ||
| 1024 | + where | ||
| 1025 | + domain_admin_id = ? | ||
| 1026 | +SQL_QUERY; | ||
| 1027 | + | ||
| 1028 | + $rs = exec_query($sql, $query, array($domain_admin_id)); | ||
| 1029 | + | ||
| 1030 | + $user_dom_data = $rs -> FetchRow(); | ||
| 1031 | + | ||
| 1032 | + if ($user_dom_data['domain_status'] != $cfg['ITEM_OK_STATUS']){ | ||
| 1033 | + | ||
| 1034 | + write_log("Domain ID: ".$to_udata['admin_id']." - domain status PROBLEM -"); | ||
| 1035 | + | ||
| 1036 | + return false; | ||
| 1037 | + } | ||
| 1038 | + } | ||
| 1039 | + //end of Domain User Status check | ||
| 1040 | + | ||
| 1041 | + | ||
| 1042 | + | ||
| 1043 | + if ($from_udata['admin_type'] === 'admin' && $to_udata['admin_type'] === 'reseller') { | ||
| 1044 | + | ||
| 1045 | + $header = "../reseller/index.php"; | ||
| 1046 | + | ||
| 1047 | + } else if ($from_udata['admin_type'] === 'admin' && ($to_udata['admin_type'] != 'admin' || $to_udata['admin_type'] != 'reseller')) { | ||
| 1048 | + | ||
| 1049 | + $header = "../client/index.php"; | ||
| 1050 | + | ||
| 1051 | + } else if ($from_udata['admin_type'] === 'reseller' && ($to_udata['admin_type'] != 'admin' || $to_udata['admin_type'] != 'reseller')) { | ||
| 1052 | + | ||
| 1053 | + $header = "../client/index.php"; | ||
| 1054 | + | ||
| 1055 | + } | ||
| 1056 | + | ||
| 1057 | + // lets check and go from bottom to top User -> Reseller -> Admin | ||
| 1058 | + | ||
| 1059 | + else if (isset($_SESSION['logged_from'])) { // ther is SESSION 'logged from' -> we can go from Buttom to TOP | ||
| 1060 | + | ||
| 1061 | + if ($from_udata['admin_type'] === 'reseller' && $to_udata['admin_type'] == 'admin') { | ||
| 1062 | + | ||
| 1063 | + $header = "../admin/manage_users.php"; | ||
| 1064 | + | ||
| 1065 | + } | ||
| 1066 | + // user to admin | ||
| 1067 | + else if (($from_udata['admin_type'] != 'admin' || $from_udata['admin_type'] != 'reseller') && $to_udata['admin_type'] === 'admin') { | ||
| 1068 | + | ||
| 1069 | + $header = "../admin/manage_users.php"; | ||
| 1070 | + | ||
| 1071 | + } | ||
| 1072 | + // user reseller | ||
| 1073 | + else if (($from_udata['admin_type'] != 'admin' || $from_udata['admin_type'] != 'reseller') && $to_udata['admin_type'] === 'reseller') { | ||
| 1074 | + | ||
| 1075 | + $header = "../reseller/users.php"; | ||
| 1076 | + | ||
| 1077 | + } | ||
| 1078 | + | ||
| 1079 | + else{ | ||
| 1080 | + | ||
| 1081 | + write_log("change interface error from: ".$from_udata['admin_name']." to: ".$to_udata['admin_name']); | ||
| 1082 | + | ||
| 1083 | + return false; | ||
| 1084 | + } | ||
| 1085 | + | ||
| 1086 | + | ||
| 1087 | + | ||
| 1088 | + } else { | ||
| 1089 | + | ||
| 1090 | + write_log("change interface error from: ".$from_udata['admin_name']." to: ".$to_udata['admin_name']); | ||
| 1091 | + | ||
| 1092 | + return false; | ||
| 1093 | + } | ||
| 1094 | + | ||
| 1095 | + // lets save layout and language from admin/reseler - they don't wannt to read user interface on china or arabic language | ||
| 1096 | + $user_language = $_SESSION['user_def_lang']; | ||
| 1097 | + | ||
| 1098 | + $user_layout = $_SESSION['user_theme_color']; | ||
| 1099 | + | ||
| 1100 | + | ||
| 1101 | + // delete all sessions and globals data and set new one with SESSION logged_from | ||
| 1102 | + unset_user_login_data(); | ||
| 1103 | + | ||
| 1104 | + if ($to_udata['admin_type'] != 'admin'){ | ||
| 1105 | + | ||
| 1106 | + $_SESSION['logged_from'] = $from_udata['admin_name']; | ||
| 1107 | + | ||
| 1108 | + $_SESSION['logged_from_id'] = $from_udata['admin_id']; | ||
| 1109 | + | ||
| 1110 | + } | ||
| 1111 | + | ||
| 1112 | + // we gonna kill all sessions and globals if user get back to admin level | ||
| 1113 | + if (isset($_SESSION['admin_name'])) | ||
| 1114 | + | ||
| 1115 | + unset($_SESSION['admin_name']); | ||
| 1116 | + | ||
| 1117 | + if (isset($_SESSION['admin_id'])) | ||
| 1118 | + | ||
| 1119 | + unset($_SESSION['admin_id']); | ||
| 1120 | + | ||
| 1121 | + if (isset($GLOBALS['admin_name'])) | ||
| 1122 | + | ||
| 1123 | + unset($GLOBALS['admin_name']); | ||
| 1124 | + | ||
| 1125 | + if (isset($GLOBALS['admin_id'])) | ||
| 1126 | + | ||
| 1127 | + unset($GLOBALS['admin_id']); | ||
| 1128 | + // no more sessions and globals to kill - they were always killed - rest in peace | ||
| 1129 | + | ||
| 1130 | + $_SESSION['user_logged'] = $to_udata['admin_name']; | ||
| 1131 | + | ||
| 1132 | + $_SESSION['user_type'] = $to_udata['admin_type']; | ||
| 1133 | + | ||
| 1134 | + $_SESSION['user_id'] = $to_udata['admin_id']; | ||
| 1135 | + | ||
| 1136 | + $_SESSION['user_created_by'] = $to_udata['created_by']; | ||
| 1137 | + | ||
| 1138 | + $_SESSION['user_login_time'] = time(); | ||
| 1139 | + | ||
| 1140 | + $_SESSION['user_def_lang'] = $user_language; | ||
| 1141 | + | ||
| 1142 | + $_SESSION['user_theme_color'] = $user_layout; | ||
| 1143 | + | ||
| 1144 | + $user_login_time = time(); | ||
| 1145 | + $new_user_name = $to_udata['admin_name']; | ||
| 1146 | + | ||
| 1147 | + $query = <<<SQL_QUERY | ||
| 1148 | + insert into login | ||
| 1149 | + (session_id, lastaccess) | ||
| 1150 | + values | ||
| 1151 | + (?, ?) | ||
| 1152 | +SQL_QUERY; | ||
| 1153 | + | ||
| 1154 | + $rs = exec_query($sql, $query, array($new_user_name, $user_login_time)); | ||
| 1155 | + | ||
| 1156 | + write_log($from_udata['admin_name']." change into interface from ".$to_udata['admin_name']); | ||
| 1157 | + return $header; | ||
| 1158 | + | ||
| 1159 | +} | ||
| 1160 | + | ||
| 1161 | +function unset_user_login_data () { | ||
| 1162 | + | ||
| 1163 | + global $cfg, $sql; | ||
| 1164 | + | ||
| 1165 | + if (isset($_SESSION['user_logged'])) { | ||
| 1166 | + $admin_name = $_SESSION['user_logged']; | ||
| 1167 | + | ||
| 1168 | + $query = <<<SQL_QUERY | ||
| 1169 | + delete from | ||
| 1170 | + login | ||
| 1171 | + where | ||
| 1172 | + session_id = ? | ||
| 1173 | +SQL_QUERY; | ||
| 1174 | + | ||
| 1175 | + $rs = exec_query($sql, $query, array($admin_name)); | ||
| 1176 | + | ||
| 1177 | + unset($_SESSION['user_logged']); | ||
| 1178 | + } | ||
| 1179 | + | ||
| 1180 | + if (isset($_SESSION['user_id'])) | ||
| 1181 | + | ||
| 1182 | + unset($_SESSION['user_id']); | ||
| 1183 | + | ||
| 1184 | + if (isset($_SESSION['user_type'])) | ||
| 1185 | + | ||
| 1186 | + unset($_SESSION['user_type']); | ||
| 1187 | + | ||
| 1188 | + if (isset($_SESSION['user_created_by'])) | ||
| 1189 | + | ||
| 1190 | + unset($_SESSION['user_created_by']); | ||
| 1191 | + | ||
| 1192 | + if (isset($_SESSION['user_login_time'])) | ||
| 1193 | + | ||
| 1194 | + unset($_SESSION['user_login_time']); | ||
| 1195 | + | ||
| 1196 | + if (isset($_SESSION['dmn_name'])) | ||
| 1197 | + | ||
| 1198 | + unset($_SESSION['dmn_name']); | ||
| 1199 | + | ||
| 1200 | + if (isset($_SESSION['user_has_domain'])) | ||
| 1201 | + | ||
| 1202 | + unset($_SESSION['user_has_domain']); | ||
| 1203 | + | ||
| 1204 | + if (isset($_SESSION['hpid'])) | ||
| 1205 | + | ||
| 1206 | + unset($_SESSION['hpid']); | ||
| 1207 | + | ||
| 1208 | + if (isset($_SESSION['user_deleted'])) | ||
| 1209 | + | ||
| 1210 | + unset($_SESSION['user_deleted']); | ||
| 1211 | + | ||
| 1212 | + if (isset($_SESSION['edit'])) | ||
| 1213 | + | ||
| 1214 | + unset($_SESSION['edit']); | ||
| 1215 | + | ||
| 1216 | + if (isset($_SESSION['reseller_ips'])) | ||
| 1217 | + | ||
| 1218 | + unset($_SESSION['reseller_ips']); | ||
| 1219 | + | ||
| 1220 | + if (isset($_SESSION['sql_support'])) | ||
| 1221 | + | ||
| 1222 | + unset($_SESSION['sql_support']); | ||
| 1223 | + | ||
| 1224 | + if (isset($_SESSION['email_support'])) | ||
| 1225 | + | ||
| 1226 | + unset($_SESSION['email_support']); | ||
| 1227 | + | ||
| 1228 | + if (isset($_SESSION['admin_id'])) | ||
| 1229 | + | ||
| 1230 | + unset($_SESSION['admin_id']); | ||
| 1231 | + | ||
| 1232 | + if (isset($_SESSION['admin_login'])) | ||
| 1233 | + | ||
| 1234 | + unset($_SESSION['admin_login']); | ||
| 1235 | + | ||
| 1236 | + if (isset($_SESSION['admin_type'])) | ||
| 1237 | + | ||
| 1238 | + unset($_SESSION['admin_type']); | ||
| 1239 | + | ||
| 1240 | + if (isset($_SESSION['admin_email'])) | ||
| 1241 | + | ||
| 1242 | + unset($_SESSION['admin_email']); | ||
| 1243 | + | ||
| 1244 | + if (isset($_SESSION['cur_lang'])) | ||
| 1245 | + | ||
| 1246 | + unset($_SESSION['cur_lang']); | ||
| 1247 | + | ||
| 1248 | + if (isset($_SESSION['step_two_back_data'])) | ||
| 1249 | + | ||
| 1250 | + unset($_SESSION['step_two_back_data']); | ||
| 1251 | + | ||
| 1252 | + if (isset($_SESSION['local_data'])) | ||
| 1253 | + | ||
| 1254 | + unset($_SESSION['local_data']); | ||
| 1255 | + | ||
| 1256 | + if (isset($_SESSION['logged'])) | ||
| 1257 | + | ||
| 1258 | + unset($_SESSION['logged']); | ||
| 1259 | + | ||
| 1260 | + if (isset($_SESSION['subdomain_support'])) | ||
| 1261 | + | ||
| 1262 | + unset($_SESSION['subdomain_support']); | ||
| 1263 | + | ||
| 1264 | + if (isset($_SESSION['edit_ID'])) | ||
| 1265 | + | ||
| 1266 | + unset($_SESSION['edit_ID']); | ||
| 1267 | + | ||
| 1268 | + if (isset($_SESSION['user_name'])) | ||
| 1269 | + | ||
| 1270 | + unset($_SESSION['user_name']); | ||
| 1271 | + | ||
| 1272 | + if (isset($_SESSION['user_has_domain'])) | ||
| 1273 | + | ||
| 1274 | + unset($_SESSION['user_has_domain']); | ||
| 1275 | + | ||
| 1276 | + if (isset($_SESSION['layout_id'])) | ||
| 1277 | + | ||
| 1278 | + unset($_SESSION['layout_id']); | ||
| 1279 | + | ||
| 1280 | + if (isset($_SESSION['user_page_message'])) | ||
| 1281 | + | ||
| 1282 | + unset($_SESSION['user_page_message']); | ||
| 1283 | + | ||
| 1284 | + if (isset($_SESSION['dmn_name'])) | ||
| 1285 | + | ||
| 1286 | + unset($_SESSION['dmn_name']); | ||
| 1287 | + | ||
| 1288 | + if (isset($_SESSION['local_data'])) | ||
| 1289 | + | ||
| 1290 | + unset($_SESSION['local_data']); | ||
| 1291 | + | ||
| 1292 | + if (isset($_SESSION['rau3_added'])) | ||
| 1293 | + | ||
| 1294 | + unset($_SESSION['rau3_added']); | ||
| 1295 | + | ||
| 1296 | + if (isset($_SESSION['chtpl'])) | ||
| 1297 | + | ||
| 1298 | + unset($_SESSION['chtpl']); | ||
| 1299 | + | ||
| 1300 | + if (isset($_SESSION['step_one'])) | ||
| 1301 | + | ||
| 1302 | + unset($_SESSION['step_one']); | ||
| 1303 | + | ||
| 1304 | + if (isset($_SESSION['dmn_tpl'])) | ||
| 1305 | + | ||
| 1306 | + unset($_SESSION['dmn_tpl']); | ||
| 1307 | + | ||
| 1308 | + if (isset($_SESSION['logged_from'])) | ||
| 1309 | + | ||
| 1310 | + unset($_SESSION['logged_from']); | ||
| 1311 | + | ||
| 1312 | + if (isset($_SESSION['logged_from_id'])) | ||
| 1313 | + | ||
| 1314 | + unset($_SESSION['logged_from_id']); | ||
| 1315 | + | ||
| 1316 | + if (isset($_SESSION['ddel'])) | ||
| 1317 | + | ||
| 1318 | + unset($_SESSION['ddel']); | ||
| 1319 | + | ||
| 1320 | + if (isset($_SESSION['user_def_lang'])) | ||
| 1321 | + | ||
| 1322 | + unset($_SESSION['user_def_lang']); | ||
| 1323 | + | ||
| 1324 | + if (isset($_SESSION['alias_support'])) | ||
| 1325 | + | ||
| 1326 | + unset($_SESSION['alias_support']); | ||
| 1327 | + | ||
| 1328 | + | ||
| 1329 | + | ||
| 1330 | +// globals | ||
| 1331 | + | ||
| 1332 | + if (isset($GLOBALS['user_logged'])) | ||
| 1333 | + | ||
| 1334 | + unset($GLOBALS['user_logged']); | ||
| 1335 | + | ||
| 1336 | + if (isset($GLOBALS['user_def_lang'])) | ||
| 1337 | + | ||
| 1338 | + unset($GLOBALS['user_def_lang']); | ||
| 1339 | + | ||
| 1340 | + if (isset($GLOBALS['user_type'])) | ||
| 1341 | + | ||
| 1342 | + unset($GLOBALS['user_type']); | ||
| 1343 | + | ||
| 1344 | + if (isset($GLOBALS['user_id'])) | ||
| 1345 | + | ||
| 1346 | + unset($GLOBALS['user_id']); | ||
| 1347 | + | ||
| 1348 | + if (isset($GLOBALS['user_created_by'])) | ||
| 1349 | + | ||
| 1350 | + unset($GLOBALS['user_created_by']); | ||
| 1351 | + | ||
| 1352 | + if (isset($GLOBALS['user_login_time'])) | ||
| 1353 | + | ||
| 1354 | + unset($GLOBALS['user_login_time']); | ||
| 1355 | + | ||
| 1356 | + if (isset($GLOBALS['user_theme_color'])) | ||
| 1357 | + | ||
| 1358 | + unset($GLOBALS['user_theme_color']); | ||
| 1359 | + | ||
| 1360 | + if (isset($GLOBALS['layout_id'])) | ||
| 1361 | + | ||
| 1362 | + unset($GLOBALS['layout_id']); | ||
| 1363 | + | ||
| 1364 | + if (isset($GLOBALS['email_support'])) | ||
| 1365 | + | ||
| 1366 | + unset($GLOBALS['email_support']); | ||
| 1367 | + | ||
| 1368 | + if (isset($GLOBALS['subdomain_support'])) | ||
| 1369 | + | ||
| 1370 | + unset($GLOBALS['subdomain_support']); | ||
| 1371 | + | ||
| 1372 | + if (isset($GLOBALS['sql_support'])) | ||
| 1373 | + | ||
| 1374 | + unset($GLOBALS['sql_support']); | ||
| 1375 | + | ||
| 1376 | + if (isset($GLOBALS['user_page_message'])) | ||
| 1377 | + | ||
| 1378 | + unset($GLOBALS['user_page_message']); | ||
| 1379 | + | ||
| 1380 | + if (isset($GLOBALS['ch_hpprops'])) | ||
| 1381 | + | ||
| 1382 | + unset($GLOBALS['ch_hpprops']); | ||
| 1383 | + | ||
| 1384 | + if (isset($_SESSION['ch_hpprops'])) | ||
| 1385 | + | ||
| 1386 | + unset($_SESSION['ch_hpprops']); | ||
| 1387 | + | ||
| 1388 | + if (isset($GLOBALS['dmn_name'])) | ||
| 1389 | + | ||
| 1390 | + unset($GLOBALS['dmn_name']); | ||
| 1391 | + | ||
| 1392 | + if (isset($GLOBALS['local_data'])) | ||
| 1393 | + | ||
| 1394 | + unset($GLOBALS['local_data']); | ||
| 1395 | + | ||
| 1396 | + if (isset($GLOBALS['rau3_added'])) | ||
| 1397 | + | ||
| 1398 | + unset($GLOBALS['rau3_added']); | ||
| 1399 | + | ||
| 1400 | + if (isset($GLOBALS['dmn_tpl'])) | ||
| 1401 | + | ||
| 1402 | + unset($GLOBALS['dmn_tpl']); | ||
| 1403 | + | ||
| 1404 | + if (isset($GLOBALS['chtpl'])) | ||
| 1405 | + | ||
| 1406 | + unset($GLOBALS['chtpl']); | ||
| 1407 | + | ||
| 1408 | + if (isset($GLOBALS['step_one'])) | ||
| 1409 | + | ||
| 1410 | + unset($GLOBALS['step_one']); | ||
| 1411 | + | ||
| 1412 | + if (isset($GLOBALS['logged_from'])) | ||
| 1413 | + | ||
| 1414 | + unset($GLOBALS['logged_from']); | ||
| 1415 | + | ||
| 1416 | + if (isset($GLOBALS['logged_from_id'])) | ||
| 1417 | + | ||
| 1418 | + unset($GLOBALS['logged_from_id']); | ||
| 1419 | + | ||
| 1420 | + if (isset($GLOBALS['ddel'])) | ||
| 1421 | + | ||
| 1422 | + unset($GLOBALS['ddel']); | ||
| 1423 | + | ||
| 1424 | + if (isset($GLOBALS['alias_support'])) | ||
| 1425 | + | ||
| 1426 | + unset($GLOBALS['alias_support']); | ||
| 1427 | + | ||
| 1428 | + | ||
| 1429 | + $_SESSION['user_def_lang'] = $cfg['USER_INITIAL_LANG']; | ||
| 1430 | +} | ||
| 1431 | + | ||
| 1432 | +?> |