commit | author | age
|
bd06ba
|
1 |
<?php |
T |
2 |
/* |
|
3 |
Copyright (c) 2008, Till Brehm, projektfarm Gmbh and Oliver Vogel www.muv.com |
|
4 |
All rights reserved. |
|
5 |
|
|
6 |
Redistribution and use in source and binary forms, with or without modification, |
|
7 |
are permitted provided that the following conditions are met: |
|
8 |
|
|
9 |
* Redistributions of source code must retain the above copyright notice, |
|
10 |
this list of conditions and the following disclaimer. |
|
11 |
* Redistributions in binary form must reproduce the above copyright notice, |
|
12 |
this list of conditions and the following disclaimer in the documentation |
|
13 |
and/or other materials provided with the distribution. |
|
14 |
* Neither the name of ISPConfig nor the names of its contributors |
|
15 |
may be used to endorse or promote products derived from this software without |
|
16 |
specific prior written permission. |
|
17 |
|
|
18 |
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND |
|
19 |
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
|
20 |
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
|
21 |
IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, |
|
22 |
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, |
|
23 |
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
|
24 |
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY |
|
25 |
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING |
|
26 |
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, |
|
27 |
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
|
28 |
*/ |
|
29 |
|
|
30 |
|
7fe908
|
31 |
require_once '../../lib/config.inc.php'; |
MC |
32 |
require_once '../../lib/app.inc.php'; |
bd06ba
|
33 |
|
c6f36f
|
34 |
/* check if the user is logged in */ |
MC |
35 |
if(!isset($_SESSION['s']['user'])) { |
|
36 |
die ("You have to be logged in to login as other user!"); |
|
37 |
} |
bd06ba
|
38 |
|
c6f36f
|
39 |
/* for security reasons ONLY the admin or a reseller can login as other user */ |
MC |
40 |
if ($_SESSION["s"]["user"]["typ"] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) { |
bd06ba
|
41 |
die ("You don't have the right to login as other user!"); |
T |
42 |
} |
|
43 |
|
|
44 |
/* get the id of the user (must be int!) */ |
|
45 |
if (!isset($_GET['id']) && !isset($_GET['cid'])){ |
7fe908
|
46 |
die ("No user selected!"); |
bd06ba
|
47 |
} |
T |
48 |
|
|
49 |
if(isset($_GET['id'])) { |
c6f36f
|
50 |
if($_SESSION["s"]["user"]["typ"] != 'admin') { |
MC |
51 |
die ("You don't have the right to login as system user!"); |
|
52 |
} |
65ea2e
|
53 |
$userId = $app->functions->intval($_GET['id']); |
bd06ba
|
54 |
$backlink = 'admin/users_list.php'; |
T |
55 |
} else { |
65ea2e
|
56 |
$client_id = $app->functions->intval($_GET['cid']); |
cc7a82
|
57 |
$tmp_client = $app->db->queryOneRecord("SELECT username, parent_client_id FROM client WHERE client_id = ?", $client_id); |
MC |
58 |
$tmp_sys_user = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE username = ?", $tmp_client['username']); |
604c0c
|
59 |
$userId = $app->functions->intval($tmp_sys_user['userid']); |
c6f36f
|
60 |
/* check if this client belongs to reseller that tries to log in, if we are not admin */ |
MC |
61 |
if($_SESSION["s"]["user"]["typ"] != 'admin') { |
|
62 |
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]); |
cc7a82
|
63 |
$client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id); |
c6f36f
|
64 |
if(!$client || $tmp_client["parent_client_id"] != $client["client_id"]) { |
MC |
65 |
die("You don't have the right to login as this user!"); |
|
66 |
} |
|
67 |
unset($client); |
|
68 |
} |
|
69 |
|
bd06ba
|
70 |
unset($tmp_client); |
T |
71 |
unset($tmp_sys_user); |
|
72 |
$backlink = 'client/client_list.php'; |
|
73 |
} |
|
74 |
|
|
75 |
/* |
|
76 |
* Get the data to login as user x |
|
77 |
*/ |
|
78 |
$dbData = $app->db->queryOneRecord( |
cc7a82
|
79 |
"SELECT username, passwort FROM sys_user WHERE userid = ?", $userId); |
bd06ba
|
80 |
|
T |
81 |
/* |
|
82 |
* Now generate the login-Form |
9867ef
|
83 |
* TODO: move the login_as form to a template file -> themeability |
bd06ba
|
84 |
*/ |
7fe908
|
85 |
|
MC |
86 |
$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_login_as.lng'; |
|
87 |
include $lng_file; |
|
88 |
|
bd06ba
|
89 |
echo ' |
T |
90 |
<br /> <br /> <br /> <br /> |
72695f
|
91 |
'.$wb['login_1_txt'].' ' . $dbData['username'] . '?<br /> |
T |
92 |
'.$wb['login_2_txt'].'<br /> |
bd06ba
|
93 |
<div style="visibility:hidden"> |
T |
94 |
<input type="text" name="username" value="' . $dbData['username'] . '" /> |
b79c5b
|
95 |
<input type="password" name="password" value="' . $dbData['passwort'] .'" /> |
bd06ba
|
96 |
</div> |
b79c5b
|
97 |
<input type="hidden" name="s_mod" value="dashboard" /> |
TB |
98 |
<input type="hidden" name="s_pg" value="dashboard" /> |
|
99 |
<input type="hidden" name="login_as" value="1" /> |
bd06ba
|
100 |
<div class="wf_actions buttons"> |
dc4dd5
|
101 |
<button class="btn btn-default formbutton-success" type="button" value="'.$wb['btn_yes_txt'].'" data-submit-form="pageForm" data-form-action="/login/index.php"><span>'.$wb['btn_yes_txt'].'</span></button> |
TB |
102 |
<button class="btn btn-default formbutton-default" value="'.$wb['btn_back_txt'].'" data-load-content="'.$backlink.'"><span>'.$wb['btn_back_txt'].'</span></button> |
bd06ba
|
103 |
</div> |
T |
104 |
'; |
|
105 |
?> |