Magellan Linux

  • Back to homepage
    • /[pkg-src]/trunk/vhcs2/patches/vhcs2-2.4.7.1-security-fix-RS-2006-1.patch

    Contents of /trunk/vhcs2/patches/vhcs2-2.4.7.1-security-fix-RS-2006-1.patch

    Parent Directory Parent Directory | Revision Log Revision Log

    Revision 267 - (show annotations) (download)
    Mon Jul 16 17:07:58 2007 UTC (16 years, 9 months ago) by niro
    File size: 35768 byte(s) 
    -several fixes for vhcs2-2.4.7.1-r1
    1 diff -Naur vhcs2-2.4.7.1/gui/include/login.php vhcs2-2.4.7.1-magellan/gui/include/login.php
    2 --- vhcs2-2.4.7.1/gui/include/login.php 2005-12-31 12:09:05.000000000 +0100
    3 +++ vhcs2-2.4.7.1-magellan/gui/include/login.php 2007-07-16 17:09:03.000000000 +0200
    4 @@ -1,710 +1,718 @@
    5 -<?php
    6 -// -------------------------------------------------------------------------------
    7 -// | VHCS(tm) - Virtual Hosting Control System |
    8 -// | Copyright (c) 2001-2004 be moleSoftware |
    9 -// | http://vhcs.net | http://www.molesoftware.com |
    10 -// | |
    11 -// | This program is free software; you can redistribute it and/or |
    12 -// | modify it under the terms of the MPL General Public License |
    13 -// | as published by the Free Software Foundation; either version 1.1 |
    14 -// | of the License, or (at your option) any later version. |
    15 -// | |
    16 -// | You should have received a copy of the MPL Mozilla Public License |
    17 -// | along with this program; if not, write to the Open Source Initiative (OSI) |
    18 -// | http://opensource.org | osi@opensource.org |
    19 -// | |
    20 -// -------------------------------------------------------------------------------
    21 -
    22 -
    23 -
    24 -function register_user($uname, $upass) {
    25 -
    26 - global $sql;
    27 -
    28 - global $cfg;
    29 -
    30 -
    31 - $timestamp = time();
    32 -
    33 -
    34 - if ($cfg['DB_TYPE'] === 'mysql') {
    35 - $query = "select admin_id, admin_pass, admin_type, created_by from admin where binary admin_name = ?";
    36 - }
    37 -
    38 - $rs = exec_query($sql, $query, array($uname));
    39 -
    40 - if (($rs -> RecordCount()) != 1) {
    41 -
    42 - write_log("Login error, <b><i>".htmlspecialchars($uname, ENT_QUOTES, "UTF-8")."</i></b> unknown username");
    43 -
    44 - return false;
    45 -
    46 - }
    47 -
    48 - $udata = $rs -> FetchRow();
    49 -
    50 - if (crypt($_POST['upass'], $udata[1]) === $udata[1] || md5($_POST['upass']) === $udata[1]) {
    51 -
    52 - if (isset($_SESSION['user_logged'])) {
    53 -
    54 - write_log($_SESSION['user_logged']." user already logged or session sharing problem! Aborting...");
    55 -
    56 - system_message(tr('User already logged or session sharing problem! Aborting...'));
    57 -
    58 - } else {
    59 -
    60 - if ($udata['admin_type'] == "user"){
    61 -
    62 - $domain_admin_id = $udata['admin_id'];
    63 -
    64 - $query = <<<SQL_QUERY
    65 - select
    66 - domain_status
    67 - from
    68 - domain
    69 - where
    70 - domain_admin_id = ?;
    71 -SQL_QUERY;
    72 -
    73 - $rs = exec_query($sql, $query, array($domain_admin_id));
    74 -
    75 - $user_dom_data = $rs -> FetchRow();
    76 -
    77 - if ($user_dom_data['domain_status'] != $cfg['ITEM_OK_STATUS']){
    78 -
    79 - write_log( htmlspecialchars($uname, ENT_QUOTES, "UTF-8")." Domain status is not OK - user can not login");
    80 -
    81 - return false;
    82 - }
    83 - }
    84 -
    85 - // all is OK let's login the user
    86 - $user_login_time = time();
    87 -
    88 - $query = <<<SQL_QUERY
    89 - insert into login
    90 - (session_id, lastaccess)
    91 - values
    92 - (?, ?)
    93 -SQL_QUERY;
    94 -
    95 - $rs = exec_query($sql, $query, array($uname, $user_login_time));
    96 -
    97 -
    98 - $_SESSION['user_logged'] = $uname;
    99 -
    100 - $_SESSION['user_type'] = $udata['admin_type'];
    101 -
    102 - $_SESSION['user_id'] = $udata['admin_id'];
    103 -
    104 - $_SESSION['user_created_by'] = $udata['created_by'];
    105 -
    106 - $_SESSION['user_login_time'] = $user_login_time;
    107 -
    108 - write_log( htmlspecialchars($uname, ENT_QUOTES, "UTF-8")." user logged in.");
    109 -
    110 - return true;
    111 -
    112 - }
    113 -
    114 - } else {
    115 -
    116 - write_log( htmlspecialchars($uname, ENT_QUOTES, "UTF-8")." bad password login data.");
    117 -
    118 - return false;
    119 -
    120 - }
    121 -
    122 -}
    123 -
    124 -function check_user_login($uname, $utype, $uid) {
    125 -
    126 - global $cfg, $sql;
    127 -
    128 - $timestamp = time();
    129 - //lets kill all time out sessions
    130 - global $cfg;
    131 - $timeout_sessions = $timestamp - $cfg['SESSION_TIMEOUT'];
    132 - $query = <<<SQL_QUERY
    133 - delete from
    134 - login
    135 - where
    136 - lastaccess < ?
    137 -SQL_QUERY;
    138 -
    139 - $rs = exec_query($sql, $query, array($timeout_sessions));
    140 -
    141 -
    142 - if (isset($_SESSION['user_logged'])) {
    143 -
    144 - $user_id = $_SESSION['user_logged'];
    145 -
    146 - $query = <<<SQL_QUERY
    147 - select
    148 - session_id
    149 - from
    150 - login
    151 - where
    152 - session_id = ?
    153 -SQL_QUERY;
    154 -
    155 - $rs = exec_query($sql, $query, array($user_id));
    156 -
    157 - if ($rs -> RecordCount() == 0) {
    158 -
    159 - write_log($_SESSION['user_logged']." user session do not exist or killed");
    160 -
    161 - return false;
    162 -
    163 - }
    164 -
    165 -
    166 - if ($timestamp - $_SESSION['user_login_time'] <= $cfg['SESSION_TIMEOUT']) {
    167 -
    168 - $_SESSION['user_login_time'] = $timestamp;
    169 -
    170 -$query = <<<SQL_QUERY
    171 - update
    172 - login
    173 - set
    174 - lastaccess = ?
    175 - where
    176 - session_id = ?
    177 -SQL_QUERY;
    178 - $rs = exec_query($sql, $query, array($timestamp, $user_id));
    179 -
    180 - goto_user_location();
    181 -
    182 - return true;
    183 -
    184 - } else {
    185 -
    186 - $query = <<<SQL_QUERY
    187 - delete from
    188 - login
    189 - where
    190 - session_id = ?
    191 -SQL_QUERY;
    192 -
    193 - $rs = exec_query($sql, $query, array($user_id));
    194 - write_log(htmlspecialchars($uname, ENT_QUOTES, "UTF-8")." user session timed out");
    195 -
    196 - return false;
    197 -
    198 - }
    199 -
    200 - } else {
    201 -
    202 -
    203 - write_log(htmlspecialchars($uname, ENT_QUOTES, "UTF-8")." bad session data.");
    204 -
    205 - return false;
    206 -
    207 - }
    208 -
    209 -}
    210 -
    211 -
    212 -function goto_user_location()
    213 -{
    214 - $path = explode("/", $_SERVER['SCRIPT_NAME']);
    215 -
    216 - $found = false;
    217 -
    218 - for($i=0; $i< count($path);$i++){
    219 -
    220 - if($path[$i] == $_SESSION['user_type']){
    221 -
    222 - $found= true;
    223 -
    224 - } else if ($_SESSION['user_type'] == 'user' && $path[$i] == 'client') {
    225 -
    226 - $found= true;
    227 -
    228 - }
    229 - }
    230 - if(!$found)
    231 - {
    232 -
    233 - if ($_SESSION['user_type'] == 'admin') {
    234 -
    235 - header("Location: ../admin/manage_users.php");
    236 -
    237 - } else if ($_SESSION['user_type'] == 'reseller') {
    238 -
    239 - header("Location: ../reseller/index.php");
    240 -
    241 - } else if ($_SESSION['user_type'] == 'user') {
    242 -
    243 - header("Location: ../client/index.php");
    244 -
    245 - }
    246 - }
    247 -
    248 -}
    249 -
    250 -function check_login () {
    251 -
    252 - if (isset($_SESSION['user_logged'])) {
    253 -
    254 - if (!check_user_login($_SESSION['user_logged'], $_SESSION['user_type'], $_SESSION['user_id'])) {
    255 -
    256 - header("Location: ../index.php");
    257 -
    258 - }
    259 -
    260 - } else {
    261 -
    262 - header("Location: ../index.php");
    263 -
    264 - }
    265 -
    266 -function change_user_interface($form_id, $to_id) {
    267 -
    268 - global $sql;
    269 -
    270 - global $cfg;
    271 -
    272 -
    273 - $timestamp = time();
    274 -
    275 - if ($cfg['DB_TYPE'] === 'mysql') {
    276 - $query_from = "select admin_id, admin_name, admin_pass, admin_type, created_by from admin where binary admin_id = ?";
    277 - $query_to = "select admin_id, admin_name, admin_pass, admin_type, created_by from admin where binary admin_id = ?";
    278 - }
    279 -
    280 - $rs_from = exec_query($sql, $query_from, array($form_id));
    281 - $rs_to = exec_query($sql, $query_to, array($to_id));
    282 -
    283 - if (($rs_from -> RecordCount()) != 1 || ($rs_to -> RecordCount()) != 1) {
    284 - write_log("Change interface error => unknown from or to username");
    285 - return false;
    286 - }
    287 -
    288 -
    289 - $from_udata = $rs_from -> FetchRow();
    290 -
    291 - $to_udata = $rs_to -> FetchRow();
    292 -
    293 -
    294 - // let's check if TO_DOMAIN Status OK
    295 - // if domain satus not OK -> don't add mail accounts or subdomains .. or something else
    296 -
    297 - if ($to_udata['admin_type'] == "user"){
    298 -
    299 - $domain_admin_id = $to_udata['admin_id'];
    300 -
    301 - $query = <<<SQL_QUERY
    302 - select
    303 - domain_status
    304 - from
    305 - domain
    306 - where
    307 - domain_admin_id = ?
    308 -SQL_QUERY;
    309 -
    310 - $rs = exec_query($sql, $query, array($domain_admin_id));
    311 -
    312 - $user_dom_data = $rs -> FetchRow();
    313 -
    314 - if ($user_dom_data['domain_status'] != $cfg['ITEM_OK_STATUS']){
    315 -
    316 - write_log("Domain ID: ".$to_udata['admin_id']." - domain status PROBLEM -");
    317 -
    318 - return false;
    319 - }
    320 - }
    321 - //end of Domain User Status check
    322 -
    323 -
    324 -
    325 - if ($from_udata['admin_type'] === 'admin' && $to_udata['admin_type'] === 'reseller') {
    326 -
    327 - $header = "../reseller/index.php";
    328 -
    329 - } else if ($from_udata['admin_type'] === 'admin' && ($to_udata['admin_type'] != 'admin' || $to_udata['admin_type'] != 'reseller')) {
    330 -
    331 - $header = "../client/index.php";
    332 -
    333 - } else if ($from_udata['admin_type'] === 'reseller' && ($to_udata['admin_type'] != 'admin' || $to_udata['admin_type'] != 'reseller')) {
    334 -
    335 - $header = "../client/index.php";
    336 -
    337 - }
    338 -
    339 - // lets check and go from bottom to top User -> Reseller -> Admin
    340 -
    341 - else if (isset($_SESSION['logged_from'])) { // ther is SESSION 'logged from' -> we can go from Buttom to TOP
    342 -
    343 - if ($from_udata['admin_type'] === 'reseller' && $to_udata['admin_type'] == 'admin') {
    344 -
    345 - $header = "../admin/manage_users.php";
    346 -
    347 - }
    348 - // user to admin
    349 - else if (($from_udata['admin_type'] != 'admin' || $from_udata['admin_type'] != 'reseller') && $to_udata['admin_type'] === 'admin') {
    350 -
    351 - $header = "../admin/manage_users.php";
    352 -
    353 - }
    354 - // user reseller
    355 - else if (($from_udata['admin_type'] != 'admin' || $from_udata['admin_type'] != 'reseller') && $to_udata['admin_type'] === 'reseller') {
    356 -
    357 - $header = "../reseller/users.php";
    358 -
    359 - }
    360 -
    361 - else{
    362 -
    363 - write_log("change interface error from: ".$from_udata['admin_name']." to: ".$to_udata['admin_name']);
    364 -
    365 - return false;
    366 - }
    367 -
    368 -
    369 -
    370 - } else {
    371 -
    372 - write_log("change interface error from: ".$from_udata['admin_name']." to: ".$to_udata['admin_name']);
    373 -
    374 - return false;
    375 - }
    376 -
    377 - // lets save layout and language from admin/reseler - they don't wannt to read user interface on china or arabic language
    378 - $user_language = $_SESSION['user_def_lang'];
    379 -
    380 - $user_layout = $_SESSION['user_theme_color'];
    381 -
    382 -
    383 - // delete all sessions and globals data and set new one with SESSION logged_from
    384 - unset_user_login_data();
    385 -
    386 - if ($to_udata['admin_type'] != 'admin'){
    387 -
    388 - $_SESSION['logged_from'] = $from_udata['admin_name'];
    389 -
    390 - $_SESSION['logged_from_id'] = $from_udata['admin_id'];
    391 -
    392 - }
    393 -
    394 - // we gonna kill all sessions and globals if user get back to admin level
    395 - if (isset($_SESSION['admin_name']))
    396 -
    397 - unset($_SESSION['admin_name']);
    398 -
    399 - if (isset($_SESSION['admin_id']))
    400 -
    401 - unset($_SESSION['admin_id']);
    402 -
    403 - if (isset($GLOBALS['admin_name']))
    404 -
    405 - unset($GLOBALS['admin_name']);
    406 -
    407 - if (isset($GLOBALS['admin_id']))
    408 -
    409 - unset($GLOBALS['admin_id']);
    410 - // no more sessions and globals to kill - they were always killed - rest in peace
    411 -
    412 - $_SESSION['user_logged'] = $to_udata['admin_name'];
    413 -
    414 - $_SESSION['user_type'] = $to_udata['admin_type'];
    415 -
    416 - $_SESSION['user_id'] = $to_udata['admin_id'];
    417 -
    418 - $_SESSION['user_created_by'] = $to_udata['created_by'];
    419 -
    420 - $_SESSION['user_login_time'] = time();
    421 -
    422 - $_SESSION['user_def_lang'] = $user_language;
    423 -
    424 - $_SESSION['user_theme_color'] = $user_layout;
    425 -
    426 - $user_login_time = time();
    427 - $new_user_name = $to_udata['admin_name'];
    428 -
    429 - $query = <<<SQL_QUERY
    430 - insert into login
    431 - (session_id, lastaccess)
    432 - values
    433 - (?, ?)
    434 -SQL_QUERY;
    435 -
    436 - $rs = exec_query($sql, $query, array($new_user_name, $user_login_time));
    437 -
    438 - write_log($from_udata['admin_name']." change into interface from ".$to_udata['admin_name']);
    439 - return $header;
    440 - }
    441 -}
    442 -
    443 -function unset_user_login_data () {
    444 -
    445 - global $cfg, $sql;
    446 -
    447 - if (isset($_SESSION['user_logged'])) {
    448 - $admin_name = $_SESSION['user_logged'];
    449 -
    450 - $query = <<<SQL_QUERY
    451 - delete from
    452 - login
    453 - where
    454 - session_id = ?
    455 -SQL_QUERY;
    456 -
    457 - $rs = exec_query($sql, $query, array($admin_name));
    458 -
    459 - unset($_SESSION['user_logged']);
    460 - }
    461 -
    462 - if (isset($_SESSION['user_id']))
    463 -
    464 - unset($_SESSION['user_id']);
    465 -
    466 - if (isset($_SESSION['user_type']))
    467 -
    468 - unset($_SESSION['user_type']);
    469 -
    470 - if (isset($_SESSION['user_created_by']))
    471 -
    472 - unset($_SESSION['user_created_by']);
    473 -
    474 - if (isset($_SESSION['user_login_time']))
    475 -
    476 - unset($_SESSION['user_login_time']);
    477 -
    478 - if (isset($_SESSION['dmn_name']))
    479 -
    480 - unset($_SESSION['dmn_name']);
    481 -
    482 - if (isset($_SESSION['user_has_domain']))
    483 -
    484 - unset($_SESSION['user_has_domain']);
    485 -
    486 - if (isset($_SESSION['hpid']))
    487 -
    488 - unset($_SESSION['hpid']);
    489 -
    490 - if (isset($_SESSION['user_deleted']))
    491 -
    492 - unset($_SESSION['user_deleted']);
    493 -
    494 - if (isset($_SESSION['edit']))
    495 -
    496 - unset($_SESSION['edit']);
    497 -
    498 - if (isset($_SESSION['reseller_ips']))
    499 -
    500 - unset($_SESSION['reseller_ips']);
    501 -
    502 - if (isset($_SESSION['sql_support']))
    503 -
    504 - unset($_SESSION['sql_support']);
    505 -
    506 - if (isset($_SESSION['email_support']))
    507 -
    508 - unset($_SESSION['email_support']);
    509 -
    510 - if (isset($_SESSION['admin_id']))
    511 -
    512 - unset($_SESSION['admin_id']);
    513 -
    514 - if (isset($_SESSION['admin_login']))
    515 -
    516 - unset($_SESSION['admin_login']);
    517 -
    518 - if (isset($_SESSION['admin_type']))
    519 -
    520 - unset($_SESSION['admin_type']);
    521 -
    522 - if (isset($_SESSION['admin_email']))
    523 -
    524 - unset($_SESSION['admin_email']);
    525 -
    526 - if (isset($_SESSION['cur_lang']))
    527 -
    528 - unset($_SESSION['cur_lang']);
    529 -
    530 - if (isset($_SESSION['step_two_back_data']))
    531 -
    532 - unset($_SESSION['step_two_back_data']);
    533 -
    534 - if (isset($_SESSION['local_data']))
    535 -
    536 - unset($_SESSION['local_data']);
    537 -
    538 - if (isset($_SESSION['logged']))
    539 -
    540 - unset($_SESSION['logged']);
    541 -
    542 - if (isset($_SESSION['subdomain_support']))
    543 -
    544 - unset($_SESSION['subdomain_support']);
    545 -
    546 - if (isset($_SESSION['edit_ID']))
    547 -
    548 - unset($_SESSION['edit_ID']);
    549 -
    550 - if (isset($_SESSION['user_name']))
    551 -
    552 - unset($_SESSION['user_name']);
    553 -
    554 - if (isset($_SESSION['user_has_domain']))
    555 -
    556 - unset($_SESSION['user_has_domain']);
    557 -
    558 - if (isset($_SESSION['layout_id']))
    559 -
    560 - unset($_SESSION['layout_id']);
    561 -
    562 - if (isset($_SESSION['user_page_message']))
    563 -
    564 - unset($_SESSION['user_page_message']);
    565 -
    566 - if (isset($_SESSION['dmn_name']))
    567 -
    568 - unset($_SESSION['dmn_name']);
    569 -
    570 - if (isset($_SESSION['local_data']))
    571 -
    572 - unset($_SESSION['local_data']);
    573 -
    574 - if (isset($_SESSION['rau3_added']))
    575 -
    576 - unset($_SESSION['rau3_added']);
    577 -
    578 - if (isset($_SESSION['chtpl']))
    579 -
    580 - unset($_SESSION['chtpl']);
    581 -
    582 - if (isset($_SESSION['step_one']))
    583 -
    584 - unset($_SESSION['step_one']);
    585 -
    586 - if (isset($_SESSION['dmn_tpl']))
    587 -
    588 - unset($_SESSION['dmn_tpl']);
    589 -
    590 - if (isset($_SESSION['logged_from']))
    591 -
    592 - unset($_SESSION['logged_from']);
    593 -
    594 - if (isset($_SESSION['logged_from_id']))
    595 -
    596 - unset($_SESSION['logged_from_id']);
    597 -
    598 - if (isset($_SESSION['ddel']))
    599 -
    600 - unset($_SESSION['ddel']);
    601 -
    602 - if (isset($_SESSION['user_def_lang']))
    603 -
    604 - unset($_SESSION['user_def_lang']);
    605 -
    606 - if (isset($_SESSION['alias_support']))
    607 -
    608 - unset($_SESSION['alias_support']);
    609 -
    610 -
    611 -
    612 -// globals
    613 -
    614 - if (isset($GLOBALS['user_logged']))
    615 -
    616 - unset($GLOBALS['user_logged']);
    617 -
    618 - if (isset($GLOBALS['user_def_lang']))
    619 -
    620 - unset($GLOBALS['user_def_lang']);
    621 -
    622 - if (isset($GLOBALS['user_type']))
    623 -
    624 - unset($GLOBALS['user_type']);
    625 -
    626 - if (isset($GLOBALS['user_id']))
    627 -
    628 - unset($GLOBALS['user_id']);
    629 -
    630 - if (isset($GLOBALS['user_created_by']))
    631 -
    632 - unset($GLOBALS['user_created_by']);
    633 -
    634 - if (isset($GLOBALS['user_login_time']))
    635 -
    636 - unset($GLOBALS['user_login_time']);
    637 -
    638 - if (isset($GLOBALS['user_theme_color']))
    639 -
    640 - unset($GLOBALS['user_theme_color']);
    641 -
    642 - if (isset($GLOBALS['layout_id']))
    643 -
    644 - unset($GLOBALS['layout_id']);
    645 -
    646 - if (isset($GLOBALS['email_support']))
    647 -
    648 - unset($GLOBALS['email_support']);
    649 -
    650 - if (isset($GLOBALS['subdomain_support']))
    651 -
    652 - unset($GLOBALS['subdomain_support']);
    653 -
    654 - if (isset($GLOBALS['sql_support']))
    655 -
    656 - unset($GLOBALS['sql_support']);
    657 -
    658 - if (isset($GLOBALS['user_page_message']))
    659 -
    660 - unset($GLOBALS['user_page_message']);
    661 -
    662 - if (isset($GLOBALS['ch_hpprops']))
    663 -
    664 - unset($GLOBALS['ch_hpprops']);
    665 -
    666 - if (isset($_SESSION['ch_hpprops']))
    667 -
    668 - unset($_SESSION['ch_hpprops']);
    669 -
    670 - if (isset($GLOBALS['dmn_name']))
    671 -
    672 - unset($GLOBALS['dmn_name']);
    673 -
    674 - if (isset($GLOBALS['local_data']))
    675 -
    676 - unset($GLOBALS['local_data']);
    677 -
    678 - if (isset($GLOBALS['rau3_added']))
    679 -
    680 - unset($GLOBALS['rau3_added']);
    681 -
    682 - if (isset($GLOBALS['dmn_tpl']))
    683 -
    684 - unset($GLOBALS['dmn_tpl']);
    685 -
    686 - if (isset($GLOBALS['chtpl']))
    687 -
    688 - unset($GLOBALS['chtpl']);
    689 -
    690 - if (isset($GLOBALS['step_one']))
    691 -
    692 - unset($GLOBALS['step_one']);
    693 -
    694 - if (isset($GLOBALS['logged_from']))
    695 -
    696 - unset($GLOBALS['logged_from']);
    697 -
    698 - if (isset($GLOBALS['logged_from_id']))
    699 -
    700 - unset($GLOBALS['logged_from_id']);
    701 -
    702 - if (isset($GLOBALS['ddel']))
    703 -
    704 - unset($GLOBALS['ddel']);
    705 -
    706 - if (isset($GLOBALS['alias_support']))
    707 -
    708 - unset($GLOBALS['alias_support']);
    709 -
    710 -
    711 - $_SESSION['user_def_lang'] = $cfg['USER_INITIAL_LANG'];
    712 -}
    713 -
    714 -?>
    715 +<?php
    716 +// -------------------------------------------------------------------------------
    717 +// | VHCS(tm) - Virtual Hosting Control System |
    718 +// | Copyright (c) 2001-2004 be moleSoftware |
    719 +// | http://vhcs.net | http://www.molesoftware.com |
    720 +// | |
    721 +// | This program is free software; you can redistribute it and/or |
    722 +// | modify it under the terms of the MPL General Public License |
    723 +// | as published by the Free Software Foundation; either version 1.1 |
    724 +// | of the License, or (at your option) any later version. |
    725 +// | |
    726 +// | You should have received a copy of the MPL Mozilla Public License |
    727 +// | along with this program; if not, write to the Open Source Initiative (OSI) |
    728 +// | http://opensource.org | osi@opensource.org |
    729 +// | |
    730 +// -------------------------------------------------------------------------------
    731 +
    732 +
    733 +
    734 +function register_user($uname, $upass) {
    735 +
    736 + global $sql;
    737 +
    738 + global $cfg;
    739 +
    740 +
    741 + $timestamp = time();
    742 +
    743 +
    744 + if ($cfg['DB_TYPE'] === 'mysql') {
    745 + $query = "select admin_id, admin_pass, admin_type, created_by from admin where binary admin_name = ?";
    746 + }
    747 +
    748 + $rs = exec_query($sql, $query, array($uname));
    749 +
    750 + if (($rs -> RecordCount()) != 1) {
    751 +
    752 + write_log("Login error, <b><i>".htmlspecialchars($uname, ENT_QUOTES, "UTF-8")."</i></b> unknown username");
    753 +
    754 + return false;
    755 +
    756 + }
    757 +
    758 + $udata = $rs -> FetchRow();
    759 +
    760 + if (crypt($_POST['upass'], $udata[1]) === $udata[1] || md5($_POST['upass']) === $udata[1]) {
    761 +
    762 + if (isset($_SESSION['user_logged'])) {
    763 +
    764 + write_log($_SESSION['user_logged']." user already logged or session sharing problem! Aborting...");
    765 +
    766 + system_message(tr('User already logged or session sharing problem! Aborting...'));
    767 +
    768 + } else {
    769 +
    770 + if ($udata['admin_type'] == "user"){
    771 +
    772 + $domain_admin_id = $udata['admin_id'];
    773 +
    774 + $query = <<<SQL_QUERY
    775 + select
    776 + domain_status
    777 + from
    778 + domain
    779 + where
    780 + domain_admin_id = ?;
    781 +SQL_QUERY;
    782 +
    783 + $rs = exec_query($sql, $query, array($domain_admin_id));
    784 +
    785 + $user_dom_data = $rs -> FetchRow();
    786 +
    787 + if ($user_dom_data['domain_status'] != $cfg['ITEM_OK_STATUS']){
    788 +
    789 + write_log( htmlspecialchars($uname, ENT_QUOTES, "UTF-8")." Domain status is not OK - user can not login");
    790 +
    791 + return false;
    792 + }
    793 + }
    794 +
    795 + // all is OK let's login the user
    796 + $user_login_time = time();
    797 +
    798 + $query = <<<SQL_QUERY
    799 + insert into login
    800 + (session_id, lastaccess)
    801 + values
    802 + (?, ?)
    803 +SQL_QUERY;
    804 +
    805 + $rs = exec_query($sql, $query, array($uname, $user_login_time));
    806 +
    807 +
    808 + $_SESSION['user_logged'] = $uname;
    809 +
    810 + $_SESSION['user_type'] = $udata['admin_type'];
    811 +
    812 + $_SESSION['user_id'] = $udata['admin_id'];
    813 +
    814 + $_SESSION['user_created_by'] = $udata['created_by'];
    815 +
    816 + $_SESSION['user_login_time'] = $user_login_time;
    817 +
    818 + write_log( htmlspecialchars($uname, ENT_QUOTES, "UTF-8")." user logged in.");
    819 +
    820 + return true;
    821 +
    822 + }
    823 +
    824 + } else {
    825 +
    826 + write_log( htmlspecialchars($uname, ENT_QUOTES, "UTF-8")." bad password login data.");
    827 +
    828 + return false;
    829 +
    830 + }
    831 +
    832 +}
    833 +
    834 +function check_user_login($uname, $utype, $uid) {
    835 +
    836 + global $cfg, $sql;
    837 +
    838 + $timestamp = time();
    839 + //lets kill all time out sessions
    840 + global $cfg;
    841 + $timeout_sessions = $timestamp - $cfg['SESSION_TIMEOUT'];
    842 + $query = <<<SQL_QUERY
    843 + delete from
    844 + login
    845 + where
    846 + lastaccess < ?
    847 +SQL_QUERY;
    848 +
    849 + $rs = exec_query($sql, $query, array($timeout_sessions));
    850 +
    851 +
    852 + if (isset($_SESSION['user_logged'])) {
    853 +
    854 + $user_id = $_SESSION['user_logged'];
    855 +
    856 + $query = <<<SQL_QUERY
    857 + select
    858 + session_id
    859 + from
    860 + login
    861 + where
    862 + session_id = ?
    863 +SQL_QUERY;
    864 +
    865 + $rs = exec_query($sql, $query, array($user_id));
    866 +
    867 + if ($rs -> RecordCount() == 0) {
    868 +
    869 + write_log($_SESSION['user_logged']." user session do not exist or killed");
    870 +
    871 + return false;
    872 +
    873 + }
    874 +
    875 +
    876 + if ($timestamp - $_SESSION['user_login_time'] <= $cfg['SESSION_TIMEOUT']) {
    877 +
    878 + $_SESSION['user_login_time'] = $timestamp;
    879 +
    880 +$query = <<<SQL_QUERY
    881 + update
    882 + login
    883 + set
    884 + lastaccess = ?
    885 + where
    886 + session_id = ?
    887 +SQL_QUERY;
    888 + $rs = exec_query($sql, $query, array($timestamp, $user_id));
    889 +
    890 + goto_user_location();
    891 +
    892 + return true;
    893 +
    894 + } else {
    895 +
    896 + $query = <<<SQL_QUERY
    897 + delete from
    898 + login
    899 + where
    900 + session_id = ?
    901 +SQL_QUERY;
    902 +
    903 + $rs = exec_query($sql, $query, array($user_id));
    904 + write_log(htmlspecialchars($uname, ENT_QUOTES, "UTF-8")." user session timed out");
    905 +
    906 + return false;
    907 +
    908 + }
    909 +
    910 + } else {
    911 +
    912 +
    913 + write_log(htmlspecialchars($uname, ENT_QUOTES, "UTF-8")." bad session data.");
    914 +
    915 + return false;
    916 +
    917 + }
    918 +
    919 +}
    920 +
    921 +
    922 +function goto_user_location()
    923 +{
    924 + $path = explode("/", $_SERVER['SCRIPT_NAME']);
    925 +
    926 + $found = false;
    927 +
    928 + for($i=0; $i< count($path);$i++){
    929 +
    930 + if($path[$i] == $_SESSION['user_type']){
    931 +
    932 + $found= true;
    933 +
    934 + } else if ($_SESSION['user_type'] == 'user' && $path[$i] == 'client') {
    935 +
    936 + $found= true;
    937 +
    938 + }
    939 + }
    940 + if(!$found)
    941 + {
    942 +
    943 + if ($_SESSION['user_type'] == 'admin') {
    944 +
    945 + header("Location: ../admin/manage_users.php");
    946 +
    947 + die();
    948 +
    949 + } else if ($_SESSION['user_type'] == 'reseller') {
    950 +
    951 + header("Location: ../reseller/index.php");
    952 +
    953 + die();
    954 +
    955 + } else if ($_SESSION['user_type'] == 'user') {
    956 +
    957 + header("Location: ../client/index.php");
    958 +
    959 + die();
    960 +
    961 + }
    962 + }
    963 +
    964 +}
    965 +
    966 +function check_login () {
    967 +
    968 + if (isset($_SESSION['user_logged'])) {
    969 +
    970 + if (!check_user_login($_SESSION['user_logged'], $_SESSION['user_type'], $_SESSION['user_id'])) {
    971 +
    972 + header("Location: ../index.php");
    973 + die();
    974 +
    975 + }
    976 +
    977 + } else {
    978 +
    979 + header("Location: ../index.php");
    980 + die();
    981 + }
    982 +}
    983 +
    984 +function change_user_interface($form_id, $to_id) {
    985 +
    986 + global $sql;
    987 +
    988 + global $cfg;
    989 +
    990 +
    991 + $timestamp = time();
    992 +
    993 + if ($cfg['DB_TYPE'] === 'mysql') {
    994 + $query_from = "select admin_id, admin_name, admin_pass, admin_type, created_by from admin where binary admin_id = ?";
    995 + $query_to = "select admin_id, admin_name, admin_pass, admin_type, created_by from admin where binary admin_id = ?";
    996 + }
    997 +
    998 + $rs_from = exec_query($sql, $query_from, array($form_id));
    999 + $rs_to = exec_query($sql, $query_to, array($to_id));
    1000 +
    1001 + if (($rs_from -> RecordCount()) != 1 || ($rs_to -> RecordCount()) != 1) {
    1002 + write_log("Change interface error => unknown from or to username");
    1003 + return false;
    1004 + }
    1005 +
    1006 +
    1007 + $from_udata = $rs_from -> FetchRow();
    1008 +
    1009 + $to_udata = $rs_to -> FetchRow();
    1010 +
    1011 +
    1012 + // let's check if TO_DOMAIN Status OK
    1013 + // if domain satus not OK -> don't add mail accounts or subdomains .. or something else
    1014 +
    1015 + if ($to_udata['admin_type'] == "user"){
    1016 +
    1017 + $domain_admin_id = $to_udata['admin_id'];
    1018 +
    1019 + $query = <<<SQL_QUERY
    1020 + select
    1021 + domain_status
    1022 + from
    1023 + domain
    1024 + where
    1025 + domain_admin_id = ?
    1026 +SQL_QUERY;
    1027 +
    1028 + $rs = exec_query($sql, $query, array($domain_admin_id));
    1029 +
    1030 + $user_dom_data = $rs -> FetchRow();
    1031 +
    1032 + if ($user_dom_data['domain_status'] != $cfg['ITEM_OK_STATUS']){
    1033 +
    1034 + write_log("Domain ID: ".$to_udata['admin_id']." - domain status PROBLEM -");
    1035 +
    1036 + return false;
    1037 + }
    1038 + }
    1039 + //end of Domain User Status check
    1040 +
    1041 +
    1042 +
    1043 + if ($from_udata['admin_type'] === 'admin' && $to_udata['admin_type'] === 'reseller') {
    1044 +
    1045 + $header = "../reseller/index.php";
    1046 +
    1047 + } else if ($from_udata['admin_type'] === 'admin' && ($to_udata['admin_type'] != 'admin' || $to_udata['admin_type'] != 'reseller')) {
    1048 +
    1049 + $header = "../client/index.php";
    1050 +
    1051 + } else if ($from_udata['admin_type'] === 'reseller' && ($to_udata['admin_type'] != 'admin' || $to_udata['admin_type'] != 'reseller')) {
    1052 +
    1053 + $header = "../client/index.php";
    1054 +
    1055 + }
    1056 +
    1057 + // lets check and go from bottom to top User -> Reseller -> Admin
    1058 +
    1059 + else if (isset($_SESSION['logged_from'])) { // ther is SESSION 'logged from' -> we can go from Buttom to TOP
    1060 +
    1061 + if ($from_udata['admin_type'] === 'reseller' && $to_udata['admin_type'] == 'admin') {
    1062 +
    1063 + $header = "../admin/manage_users.php";
    1064 +
    1065 + }
    1066 + // user to admin
    1067 + else if (($from_udata['admin_type'] != 'admin' || $from_udata['admin_type'] != 'reseller') && $to_udata['admin_type'] === 'admin') {
    1068 +
    1069 + $header = "../admin/manage_users.php";
    1070 +
    1071 + }
    1072 + // user reseller
    1073 + else if (($from_udata['admin_type'] != 'admin' || $from_udata['admin_type'] != 'reseller') && $to_udata['admin_type'] === 'reseller') {
    1074 +
    1075 + $header = "../reseller/users.php";
    1076 +
    1077 + }
    1078 +
    1079 + else{
    1080 +
    1081 + write_log("change interface error from: ".$from_udata['admin_name']." to: ".$to_udata['admin_name']);
    1082 +
    1083 + return false;
    1084 + }
    1085 +
    1086 +
    1087 +
    1088 + } else {
    1089 +
    1090 + write_log("change interface error from: ".$from_udata['admin_name']." to: ".$to_udata['admin_name']);
    1091 +
    1092 + return false;
    1093 + }
    1094 +
    1095 + // lets save layout and language from admin/reseler - they don't wannt to read user interface on china or arabic language
    1096 + $user_language = $_SESSION['user_def_lang'];
    1097 +
    1098 + $user_layout = $_SESSION['user_theme_color'];
    1099 +
    1100 +
    1101 + // delete all sessions and globals data and set new one with SESSION logged_from
    1102 + unset_user_login_data();
    1103 +
    1104 + if ($to_udata['admin_type'] != 'admin'){
    1105 +
    1106 + $_SESSION['logged_from'] = $from_udata['admin_name'];
    1107 +
    1108 + $_SESSION['logged_from_id'] = $from_udata['admin_id'];
    1109 +
    1110 + }
    1111 +
    1112 + // we gonna kill all sessions and globals if user get back to admin level
    1113 + if (isset($_SESSION['admin_name']))
    1114 +
    1115 + unset($_SESSION['admin_name']);
    1116 +
    1117 + if (isset($_SESSION['admin_id']))
    1118 +
    1119 + unset($_SESSION['admin_id']);
    1120 +
    1121 + if (isset($GLOBALS['admin_name']))
    1122 +
    1123 + unset($GLOBALS['admin_name']);
    1124 +
    1125 + if (isset($GLOBALS['admin_id']))
    1126 +
    1127 + unset($GLOBALS['admin_id']);
    1128 + // no more sessions and globals to kill - they were always killed - rest in peace
    1129 +
    1130 + $_SESSION['user_logged'] = $to_udata['admin_name'];
    1131 +
    1132 + $_SESSION['user_type'] = $to_udata['admin_type'];
    1133 +
    1134 + $_SESSION['user_id'] = $to_udata['admin_id'];
    1135 +
    1136 + $_SESSION['user_created_by'] = $to_udata['created_by'];
    1137 +
    1138 + $_SESSION['user_login_time'] = time();
    1139 +
    1140 + $_SESSION['user_def_lang'] = $user_language;
    1141 +
    1142 + $_SESSION['user_theme_color'] = $user_layout;
    1143 +
    1144 + $user_login_time = time();
    1145 + $new_user_name = $to_udata['admin_name'];
    1146 +
    1147 + $query = <<<SQL_QUERY
    1148 + insert into login
    1149 + (session_id, lastaccess)
    1150 + values
    1151 + (?, ?)
    1152 +SQL_QUERY;
    1153 +
    1154 + $rs = exec_query($sql, $query, array($new_user_name, $user_login_time));
    1155 +
    1156 + write_log($from_udata['admin_name']." change into interface from ".$to_udata['admin_name']);
    1157 + return $header;
    1158 +
    1159 +}
    1160 +
    1161 +function unset_user_login_data () {
    1162 +
    1163 + global $cfg, $sql;
    1164 +
    1165 + if (isset($_SESSION['user_logged'])) {
    1166 + $admin_name = $_SESSION['user_logged'];
    1167 +
    1168 + $query = <<<SQL_QUERY
    1169 + delete from
    1170 + login
    1171 + where
    1172 + session_id = ?
    1173 +SQL_QUERY;
    1174 +
    1175 + $rs = exec_query($sql, $query, array($admin_name));
    1176 +
    1177 + unset($_SESSION['user_logged']);
    1178 + }
    1179 +
    1180 + if (isset($_SESSION['user_id']))
    1181 +
    1182 + unset($_SESSION['user_id']);
    1183 +
    1184 + if (isset($_SESSION['user_type']))
    1185 +
    1186 + unset($_SESSION['user_type']);
    1187 +
    1188 + if (isset($_SESSION['user_created_by']))
    1189 +
    1190 + unset($_SESSION['user_created_by']);
    1191 +
    1192 + if (isset($_SESSION['user_login_time']))
    1193 +
    1194 + unset($_SESSION['user_login_time']);
    1195 +
    1196 + if (isset($_SESSION['dmn_name']))
    1197 +
    1198 + unset($_SESSION['dmn_name']);
    1199 +
    1200 + if (isset($_SESSION['user_has_domain']))
    1201 +
    1202 + unset($_SESSION['user_has_domain']);
    1203 +
    1204 + if (isset($_SESSION['hpid']))
    1205 +
    1206 + unset($_SESSION['hpid']);
    1207 +
    1208 + if (isset($_SESSION['user_deleted']))
    1209 +
    1210 + unset($_SESSION['user_deleted']);
    1211 +
    1212 + if (isset($_SESSION['edit']))
    1213 +
    1214 + unset($_SESSION['edit']);
    1215 +
    1216 + if (isset($_SESSION['reseller_ips']))
    1217 +
    1218 + unset($_SESSION['reseller_ips']);
    1219 +
    1220 + if (isset($_SESSION['sql_support']))
    1221 +
    1222 + unset($_SESSION['sql_support']);
    1223 +
    1224 + if (isset($_SESSION['email_support']))
    1225 +
    1226 + unset($_SESSION['email_support']);
    1227 +
    1228 + if (isset($_SESSION['admin_id']))
    1229 +
    1230 + unset($_SESSION['admin_id']);
    1231 +
    1232 + if (isset($_SESSION['admin_login']))
    1233 +
    1234 + unset($_SESSION['admin_login']);
    1235 +
    1236 + if (isset($_SESSION['admin_type']))
    1237 +
    1238 + unset($_SESSION['admin_type']);
    1239 +
    1240 + if (isset($_SESSION['admin_email']))
    1241 +
    1242 + unset($_SESSION['admin_email']);
    1243 +
    1244 + if (isset($_SESSION['cur_lang']))
    1245 +
    1246 + unset($_SESSION['cur_lang']);
    1247 +
    1248 + if (isset($_SESSION['step_two_back_data']))
    1249 +
    1250 + unset($_SESSION['step_two_back_data']);
    1251 +
    1252 + if (isset($_SESSION['local_data']))
    1253 +
    1254 + unset($_SESSION['local_data']);
    1255 +
    1256 + if (isset($_SESSION['logged']))
    1257 +
    1258 + unset($_SESSION['logged']);
    1259 +
    1260 + if (isset($_SESSION['subdomain_support']))
    1261 +
    1262 + unset($_SESSION['subdomain_support']);
    1263 +
    1264 + if (isset($_SESSION['edit_ID']))
    1265 +
    1266 + unset($_SESSION['edit_ID']);
    1267 +
    1268 + if (isset($_SESSION['user_name']))
    1269 +
    1270 + unset($_SESSION['user_name']);
    1271 +
    1272 + if (isset($_SESSION['user_has_domain']))
    1273 +
    1274 + unset($_SESSION['user_has_domain']);
    1275 +
    1276 + if (isset($_SESSION['layout_id']))
    1277 +
    1278 + unset($_SESSION['layout_id']);
    1279 +
    1280 + if (isset($_SESSION['user_page_message']))
    1281 +
    1282 + unset($_SESSION['user_page_message']);
    1283 +
    1284 + if (isset($_SESSION['dmn_name']))
    1285 +
    1286 + unset($_SESSION['dmn_name']);
    1287 +
    1288 + if (isset($_SESSION['local_data']))
    1289 +
    1290 + unset($_SESSION['local_data']);
    1291 +
    1292 + if (isset($_SESSION['rau3_added']))
    1293 +
    1294 + unset($_SESSION['rau3_added']);
    1295 +
    1296 + if (isset($_SESSION['chtpl']))
    1297 +
    1298 + unset($_SESSION['chtpl']);
    1299 +
    1300 + if (isset($_SESSION['step_one']))
    1301 +
    1302 + unset($_SESSION['step_one']);
    1303 +
    1304 + if (isset($_SESSION['dmn_tpl']))
    1305 +
    1306 + unset($_SESSION['dmn_tpl']);
    1307 +
    1308 + if (isset($_SESSION['logged_from']))
    1309 +
    1310 + unset($_SESSION['logged_from']);
    1311 +
    1312 + if (isset($_SESSION['logged_from_id']))
    1313 +
    1314 + unset($_SESSION['logged_from_id']);
    1315 +
    1316 + if (isset($_SESSION['ddel']))
    1317 +
    1318 + unset($_SESSION['ddel']);
    1319 +
    1320 + if (isset($_SESSION['user_def_lang']))
    1321 +
    1322 + unset($_SESSION['user_def_lang']);
    1323 +
    1324 + if (isset($_SESSION['alias_support']))
    1325 +
    1326 + unset($_SESSION['alias_support']);
    1327 +
    1328 +
    1329 +
    1330 +// globals
    1331 +
    1332 + if (isset($GLOBALS['user_logged']))
    1333 +
    1334 + unset($GLOBALS['user_logged']);
    1335 +
    1336 + if (isset($GLOBALS['user_def_lang']))
    1337 +
    1338 + unset($GLOBALS['user_def_lang']);
    1339 +
    1340 + if (isset($GLOBALS['user_type']))
    1341 +
    1342 + unset($GLOBALS['user_type']);
    1343 +
    1344 + if (isset($GLOBALS['user_id']))
    1345 +
    1346 + unset($GLOBALS['user_id']);
    1347 +
    1348 + if (isset($GLOBALS['user_created_by']))
    1349 +
    1350 + unset($GLOBALS['user_created_by']);
    1351 +
    1352 + if (isset($GLOBALS['user_login_time']))
    1353 +
    1354 + unset($GLOBALS['user_login_time']);
    1355 +
    1356 + if (isset($GLOBALS['user_theme_color']))
    1357 +
    1358 + unset($GLOBALS['user_theme_color']);
    1359 +
    1360 + if (isset($GLOBALS['layout_id']))
    1361 +
    1362 + unset($GLOBALS['layout_id']);
    1363 +
    1364 + if (isset($GLOBALS['email_support']))
    1365 +
    1366 + unset($GLOBALS['email_support']);
    1367 +
    1368 + if (isset($GLOBALS['subdomain_support']))
    1369 +
    1370 + unset($GLOBALS['subdomain_support']);
    1371 +
    1372 + if (isset($GLOBALS['sql_support']))
    1373 +
    1374 + unset($GLOBALS['sql_support']);
    1375 +
    1376 + if (isset($GLOBALS['user_page_message']))
    1377 +
    1378 + unset($GLOBALS['user_page_message']);
    1379 +
    1380 + if (isset($GLOBALS['ch_hpprops']))
    1381 +
    1382 + unset($GLOBALS['ch_hpprops']);
    1383 +
    1384 + if (isset($_SESSION['ch_hpprops']))
    1385 +
    1386 + unset($_SESSION['ch_hpprops']);
    1387 +
    1388 + if (isset($GLOBALS['dmn_name']))
    1389 +
    1390 + unset($GLOBALS['dmn_name']);
    1391 +
    1392 + if (isset($GLOBALS['local_data']))
    1393 +
    1394 + unset($GLOBALS['local_data']);
    1395 +
    1396 + if (isset($GLOBALS['rau3_added']))
    1397 +
    1398 + unset($GLOBALS['rau3_added']);
    1399 +
    1400 + if (isset($GLOBALS['dmn_tpl']))
    1401 +
    1402 + unset($GLOBALS['dmn_tpl']);
    1403 +
    1404 + if (isset($GLOBALS['chtpl']))
    1405 +
    1406 + unset($GLOBALS['chtpl']);
    1407 +
    1408 + if (isset($GLOBALS['step_one']))
    1409 +
    1410 + unset($GLOBALS['step_one']);
    1411 +
    1412 + if (isset($GLOBALS['logged_from']))
    1413 +
    1414 + unset($GLOBALS['logged_from']);
    1415 +
    1416 + if (isset($GLOBALS['logged_from_id']))
    1417 +
    1418 + unset($GLOBALS['logged_from_id']);
    1419 +
    1420 + if (isset($GLOBALS['ddel']))
    1421 +
    1422 + unset($GLOBALS['ddel']);
    1423 +
    1424 + if (isset($GLOBALS['alias_support']))
    1425 +
    1426 + unset($GLOBALS['alias_support']);
    1427 +
    1428 +
    1429 + $_SESSION['user_def_lang'] = $cfg['USER_INITIAL_LANG'];
    1430 +}
    1431 +
    1432 +?>