interface/web/client/templates/clients_list.htm
@@ -52,7 +52,9 @@ <td class="tbl_col_country"><a href="#" onclick="loadContent('client/client_edit.php?id={tmpl_var name='id'}');"><div class="country-{tmpl_var name="countryiso"}" style="float:left"></div>{tmpl_var name="country"}</a></td> <td class="tbl_col_buttons"> <tmpl_if name="is_admin"> <a class="button icons16 icoLoginAs" href="javascript: loadContent('admin/login_as.php?cid={tmpl_var name='id'}');"><span>{tmpl_var name='login_as_txt'}</span></a> <a class="button icons16 icoLoginAs" href="javascript: loadContent('login/login_as.php?cid={tmpl_var name='id'}');"><span>{tmpl_var name='login_as_txt'}</span></a> <tmpl_elseif name="is_reseller"> <a class="button icons16 icoLoginAs" href="javascript: loadContent('login/login_as.php?cid={tmpl_var name='id'}');"><span>{tmpl_var name='login_as_txt'}</span></a> </tmpl_if> <a class="button icons16 icoDelete" href="javascript: del_record('client/client_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span>{tmpl_var name='delete_txt'}</span></a> </td> interface/web/client/templates/resellers_list.htm
@@ -51,7 +51,7 @@ <td class="tbl_col_city"><a href="#" onclick="loadContent('client/reseller_edit.php?id={tmpl_var name='id'}');">{tmpl_var name="city"}</a></td> <td class="tbl_col_country"><a href="#" onclick="loadContent('client/reseller_edit.php?id={tmpl_var name='id'}');"><div class="country-{tmpl_var name="countryiso"}" style="float:left"></div>{tmpl_var name="country"}</a></td> <td class="tbl_col_buttons"> <a class="button icons16 icoLoginAs" href="javascript: loadContent('admin/login_as.php?cid={tmpl_var name='id'}');"><span>{tmpl_var name='login_as_txt'}</span></a> <a class="button icons16 icoLoginAs" href="javascript: loadContent('login/login_as.php?cid={tmpl_var name='id'}');"><span>{tmpl_var name='login_as_txt'}</span></a> <a class="button icons16 icoDelete" href="javascript: del_record('client/reseller_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span>{tmpl_var name='delete_txt'}</span></a> </td> </tr> interface/web/login/index.php
@@ -85,21 +85,59 @@ */ if (isset($_SESSION['s']['user']) && $_SESSION['s']['user']['active'] == 1){ /* * only the admin can "login as" so if the user is NOT a admin, we * only the admin or reseller can "login as" so if the user is NOT an admin or reseller, we * open the startpage (after killing the old session), so the user * is logout and has to start again! */ if ($_SESSION['s']['user']['typ'] != 'admin') { if ($_SESSION['s']['user']['typ'] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) { /* * The actual user is NOT a admin, but maybe the admin * has logged in as "normal" user bevore... * The actual user is NOT a admin or reseller, but maybe he * has logged in as "normal" user before... */ if (isset($_SESSION['s_old'])&& ($_SESSION['s_old']['user']['typ'] == 'admin')){ /* The "old" user is admin, so everything is ok */ if (isset($_SESSION['s_old'])&& ($_SESSION['s_old']['user']['typ'] == 'admin' || $app->auth->has_clients($_SESSION['s_old']['user']['userid']))){ /* The "old" user is admin or reseller, so everything is ok * if he is reseller, we need to check if he logs in to one of his clients */ if($_SESSION['s_old']['user']['typ'] != 'admin') { /* this is the one currently logged in (normal user) */ $old_client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]); $old_client = $app->db->queryOneRecord("SELECT client.client_id, client.parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $old_client_group_id"); /* this is the reseller, that shall be re-logged in */ $sql = "SELECT * FROM sys_user WHERE USERNAME = '$username' and PASSWORT = '". $passwort. "'"; $tmp = $app->db->queryOneRecord($sql); $client_group_id = $app->functions->intval($tmp['default_group']); $tmp_client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id"); if(!$tmp_client || $old_client["parent_client_id"] != $tmp_client["client_id"] || $tmp["default_group"] != $_SESSION["s_old"]["user"]["default_group"] ) { die("You don't have the right to 'login as' this user!"); } unset($old_client); unset($tmp_client); unset($tmp); } } else { die("You don't have the right to 'login as'!"); } } elseif($_SESSION['s']['user']['typ'] != 'admin') { /* a reseller wants to 'login as', we need to check if he is allowed to */ $res_client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]); $res_client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $res_client_group_id"); /* this is the user the reseller wants to 'login as' */ $sql = "SELECT * FROM sys_user WHERE USERNAME = '$username' and PASSWORT = '". $passwort. "'"; $tmp = $app->db->queryOneRecord($sql); $tmp_client = $app->db->queryOneRecord("SELECT client.client_id, client.parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = " . $app->functions->intval($tmp["default_group"])); if(!$tmp || $tmp_client["parent_client_id"] != $res_client["client_id"]) { die("You don't have the right to login as this user!"); } unset($res_client); unset($tmp); unset($tmp_client); } $loginAs = true; } interface/web/login/lib/lang/ar_login_as.lng
interface/web/login/lib/lang/bg_login_as.lng
interface/web/login/lib/lang/br_login_as.lng
interface/web/login/lib/lang/cz_login_as.lng
interface/web/login/lib/lang/de_login_as.lng
interface/web/login/lib/lang/el_login_as.lng
interface/web/login/lib/lang/en_login_as.lng
interface/web/login/lib/lang/es_login_as.lng
interface/web/login/lib/lang/fi_login_as.lng
interface/web/login/lib/lang/fr_login_as.lng
interface/web/login/lib/lang/hr_login_as.lng
interface/web/login/lib/lang/hu_login_as.lng
interface/web/login/lib/lang/id_login_as.lng
interface/web/login/lib/lang/it_login_as.lng
interface/web/login/lib/lang/ja_login_as.lng
interface/web/login/lib/lang/nl_login_as.lng
interface/web/login/lib/lang/pl_login_as.lng
interface/web/login/lib/lang/pt_login_as.lng
interface/web/login/lib/lang/ro_login_as.lng
interface/web/login/lib/lang/ru_login_as.lng
interface/web/login/lib/lang/se_login_as.lng
interface/web/login/lib/lang/sk_login_as.lng
interface/web/login/lib/lang/tr_login_as.lng
interface/web/login/login_as.php
File was renamed from interface/web/admin/login_as.php @@ -31,11 +31,13 @@ require_once '../../lib/config.inc.php'; require_once '../../lib/app.inc.php'; /* Check permissions for module */ $app->auth->check_module_permissions('admin'); /* check if the user is logged in */ if(!isset($_SESSION['s']['user'])) { die ("You have to be logged in to login as other user!"); } /* for security reasons ONLY the admin can login as other user */ if ($_SESSION["s"]["user"]["typ"] != 'admin') { /* for security reasons ONLY the admin or a reseller can login as other user */ if ($_SESSION["s"]["user"]["typ"] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) { die ("You don't have the right to login as other user!"); } @@ -45,13 +47,26 @@ } if(isset($_GET['id'])) { if($_SESSION["s"]["user"]["typ"] != 'admin') { die ("You don't have the right to login as system user!"); } $userId = $app->functions->intval($_GET['id']); $backlink = 'admin/users_list.php'; } else { $client_id = $app->functions->intval($_GET['cid']); $tmp_client = $app->db->queryOneRecord("SELECT username FROM client WHERE client_id = $client_id"); $tmp_client = $app->db->queryOneRecord("SELECT username, parent_client_id FROM client WHERE client_id = $client_id"); $tmp_sys_user = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE username = '".$app->db->quote($tmp_client['username'])."'"); $userId = $app->functions->intval($tmp_sys_user['userid']); /* check if this client belongs to reseller that tries to log in, if we are not admin */ if($_SESSION["s"]["user"]["typ"] != 'admin') { $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]); $client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id"); if(!$client || $tmp_client["parent_client_id"] != $client["client_id"]) { die("You don't have the right to login as this user!"); } unset($client); } unset($tmp_client); unset($tmp_sys_user); $backlink = 'client/client_list.php'; interface/web/login/logout.php
@@ -40,11 +40,12 @@ * if the admin is logged in as client, then ask, if the admin want't to * "re-login" as admin again */ if ((isset($_SESSION['s_old']) && ($_SESSION['s_old']['user']['typ'] == 'admin')) && if ((isset($_SESSION['s_old']) && ($_SESSION['s_old']['user']['typ'] == 'admin' || $app->auth->has_clients($_SESSION['s_old']['user']['userid']))) && (!$forceLogout)){ $utype = ($_SESSION['s_old']['user']['typ'] == 'admin' ? 'admin' : 'reseller'); echo ' <br /> <br /> <br /> <br /> Do you want to re-login as admin or log out?<br /> Do you want to re-login as ' . $utype . ' or log out?<br /> <div style="visibility:hidden"> <input type="text" name="username" value="' . $_SESSION['s_old']['user']['username'] . '" /> <input type="password" name="passwort" value="' . $_SESSION['s_old']['user']['passwort'] .'" /> @@ -52,7 +53,7 @@ <input type="hidden" name="s_mod" value="login" /> <input type="hidden" name="s_pg" value="index" /> <div class="wf_actions buttons"> <button class="positive iconstxt icoPositive" type="button" value="Yes, re-login as Admin" onclick="submitLoginForm(' . "'pageForm'" . ');"><span>Yes, re-login as Admin</span></button> <button class="positive iconstxt icoPositive" type="button" value="Yes, re-login as ' . $utype . '" onclick="submitLoginForm(' . "'pageForm'" . ');"><span>Yes, re-login as ' . $utype . '</span></button> <button class="negative iconstxt icoNegative" type="button" value="No, logout" onclick="loadContent('. "'login/logout.php?l=1'" . ');"><span>No, logout</span></button> </div> ';