| commit | author | age | ||
| bd06ba | 1 | <?php |
| T | 2 | /* |
| 3 | Copyright (c) 2008, Till Brehm, projektfarm Gmbh and Oliver Vogel www.muv.com | |
| 4 | All rights reserved. | |
| 5 | ||
| 6 | Redistribution and use in source and binary forms, with or without modification, | |
| 7 | are permitted provided that the following conditions are met: | |
| 8 | ||
| 9 | * Redistributions of source code must retain the above copyright notice, | |
| 10 | this list of conditions and the following disclaimer. | |
| 11 | * Redistributions in binary form must reproduce the above copyright notice, | |
| 12 | this list of conditions and the following disclaimer in the documentation | |
| 13 | and/or other materials provided with the distribution. | |
| 14 | * Neither the name of ISPConfig nor the names of its contributors | |
| 15 | may be used to endorse or promote products derived from this software without | |
| 16 | specific prior written permission. | |
| 17 | ||
| 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND | |
| 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | |
| 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | |
| 21 | IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, | |
| 22 | INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, | |
| 23 | BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
| 24 | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY | |
| 25 | OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | |
| 26 | NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, | |
| 27 | EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
| 28 | */ | |
| 29 | ||
| 30 | ||
| 7fe908 | 31 | require_once '../../lib/config.inc.php'; |
| MC | 32 | require_once '../../lib/app.inc.php'; |
| bd06ba | 33 | |
| c6f36f | 34 | /* check if the user is logged in */ |
| MC | 35 | if(!isset($_SESSION['s']['user'])) { |
| 36 | die ("You have to be logged in to login as other user!"); | |
| 37 | } | |
| bd06ba | 38 | |
| c6f36f | 39 | /* for security reasons ONLY the admin or a reseller can login as other user */ |
| MC | 40 | if ($_SESSION["s"]["user"]["typ"] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) { |
| bd06ba | 41 | die ("You don't have the right to login as other user!"); |
| T | 42 | } |
| 43 | ||
| 44 | /* get the id of the user (must be int!) */ | |
| 45 | if (!isset($_GET['id']) && !isset($_GET['cid'])){ | |
| 7fe908 | 46 | die ("No user selected!"); |
| bd06ba | 47 | } |
| T | 48 | |
| 49 | if(isset($_GET['id'])) { | |
| c6f36f | 50 | if($_SESSION["s"]["user"]["typ"] != 'admin') { |
| MC | 51 | die ("You don't have the right to login as system user!"); |
| 52 | } | |
| 65ea2e | 53 | $userId = $app->functions->intval($_GET['id']); |
| bd06ba | 54 | $backlink = 'admin/users_list.php'; |
| T | 55 | } else { |
| 65ea2e | 56 | $client_id = $app->functions->intval($_GET['cid']); |
| cc7a82 | 57 | $tmp_client = $app->db->queryOneRecord("SELECT username, parent_client_id FROM client WHERE client_id = ?", $client_id); |
| MC | 58 | $tmp_sys_user = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE username = ?", $tmp_client['username']); |
| 604c0c | 59 | $userId = $app->functions->intval($tmp_sys_user['userid']); |
| c6f36f | 60 | /* check if this client belongs to reseller that tries to log in, if we are not admin */ |
| MC | 61 | if($_SESSION["s"]["user"]["typ"] != 'admin') { |
| 62 | $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]); | |
| cc7a82 | 63 | $client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id); |
| c6f36f | 64 | if(!$client || $tmp_client["parent_client_id"] != $client["client_id"]) { |
| MC | 65 | die("You don't have the right to login as this user!"); |
| 66 | } | |
| 67 | unset($client); | |
| 68 | } | |
| 69 | ||
| bd06ba | 70 | unset($tmp_client); |
| T | 71 | unset($tmp_sys_user); |
| 72 | $backlink = 'client/client_list.php'; | |
| 73 | } | |
| 74 | ||
| 75 | /* | |
| 76 | * Get the data to login as user x | |
| 77 | */ | |
| 78 | $dbData = $app->db->queryOneRecord( | |
| cc7a82 | 79 | "SELECT username, passwort FROM sys_user WHERE userid = ?", $userId); |
| bd06ba | 80 | |
| T | 81 | /* |
| 82 | * Now generate the login-Form | |
| 9867ef | 83 | * TODO: move the login_as form to a template file -> themeability |
| bd06ba | 84 | */ |
| 7fe908 | 85 | |
| MC | 86 | $lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_login_as.lng'; |
| 87 | include $lng_file; | |
| 88 | ||
| bd06ba | 89 | echo ' |
| T | 90 | <br /> <br /> <br /> <br /> |
| 72695f | 91 | '.$wb['login_1_txt'].' ' . $dbData['username'] . '?<br /> |
| T | 92 | '.$wb['login_2_txt'].'<br /> |
| bd06ba | 93 | <div style="visibility:hidden"> |
| T | 94 | <input type="text" name="username" value="' . $dbData['username'] . '" /> |
| b79c5b | 95 | <input type="password" name="password" value="' . $dbData['passwort'] .'" /> |
| bd06ba | 96 | </div> |
| b79c5b | 97 | <input type="hidden" name="s_mod" value="dashboard" /> |
| TB | 98 | <input type="hidden" name="s_pg" value="dashboard" /> |
| 99 | <input type="hidden" name="login_as" value="1" /> | |
| bd06ba | 100 | <div class="wf_actions buttons"> |
| dc4dd5 | 101 | <button class="btn btn-default formbutton-success" type="button" value="'.$wb['btn_yes_txt'].'" data-submit-form="pageForm" data-form-action="/login/index.php"><span>'.$wb['btn_yes_txt'].'</span></button> |
| TB | 102 | <button class="btn btn-default formbutton-default" value="'.$wb['btn_back_txt'].'" data-load-content="'.$backlink.'"><span>'.$wb['btn_back_txt'].'</span></button> |
| bd06ba | 103 | </div> |
| T | 104 | '; |
| 105 | ?> | |
