function change_user_interface($form_id, $to_id)
{
global $sql;
global $cfg;
$timestamp = time();
if ($cfg['DB_TYPE'] === 'mysql') {
$query_from = "select admin_id, admin_name, admin_pass, admin_type, created_by from admin where binary admin_id = ?";
$query_to = "select admin_id, admin_name, admin_pass, admin_type, created_by from admin where binary admin_id = ?";
}
$rs_from = exec_query($sql, $query_from, array($form_id));
$rs_to = exec_query($sql, $query_to, array($to_id));
if ($rs_from->RecordCount() != 1 || $rs_to->RecordCount() != 1) {
write_log("Change interface error => unknown from or to username");
return false;
}
$from_udata = $rs_from->FetchRow();
$to_udata = $rs_to->FetchRow();
// let's check if TO_DOMAIN Status OK
// if domain satus not OK -> don't add mail accounts or subdomains .. or something else
if ($to_udata['admin_type'] == "user") {
$domain_admin_id = $to_udata['admin_id'];
$query = <<<SQL_QUERY
select
domain_status
from
domain
where
domain_admin_id = ?
SQL_QUERY;
$rs = exec_query($sql, $query, array($domain_admin_id));
$user_dom_data = $rs->FetchRow();
if ($user_dom_data['domain_status'] != $cfg['ITEM_OK_STATUS']) {
write_log("Domain ID: " . $to_udata['admin_id'] . " - domain status PROBLEM -");
return false;
}
}
//end of Domain User Status check
if ($from_udata['admin_type'] === 'admin' && $to_udata['admin_type'] === 'reseller') {
$header = "../reseller/index.php";
} else {
if ($from_udata['admin_type'] === 'admin' && ($to_udata['admin_type'] != 'admin' || $to_udata['admin_type'] != 'reseller')) {
$header = "../client/index.php";
} else {
if ($from_udata['admin_type'] === 'reseller' && ($to_udata['admin_type'] != 'admin' || $to_udata['admin_type'] != 'reseller')) {
$header = "../client/index.php";
} else {
if (isset($_SESSION['logged_from'])) {
// ther is SESSION 'logged from' -> we can go from Buttom to TOP
if ($from_udata['admin_type'] === 'reseller' && $to_udata['admin_type'] == 'admin') {
$header = "../admin/manage_users.php";
} else {
if (($from_udata['admin_type'] != 'admin' || $from_udata['admin_type'] != 'reseller') && $to_udata['admin_type'] === 'admin') {
$header = "../admin/manage_users.php";
} else {
if (($from_udata['admin_type'] != 'admin' || $from_udata['admin_type'] != 'reseller') && $to_udata['admin_type'] === 'reseller') {
$header = "../reseller/users.php";
} else {
write_log("change interface error from: " . $from_udata['admin_name'] . " to: " . $to_udata['admin_name']);
return false;
}
}
}
} else {
write_log("change interface error from: " . $from_udata['admin_name'] . " to: " . $to_udata['admin_name']);
return false;
}
}
}
}
// lets save layout and language from admin/reseler - they don't wannt to read user interface on china or arabic language
$user_language = $_SESSION['user_def_lang'];
$user_layout = $_SESSION['user_theme_color'];
// delete all sessions and globals data and set new one with SESSION logged_from
unset_user_login_data();
if ($to_udata['admin_type'] != 'admin') {
$_SESSION['logged_from'] = $from_udata['admin_name'];
$_SESSION['logged_from_id'] = $from_udata['admin_id'];
}
// we gonna kill all sessions and globals if user get back to admin level
if (isset($_SESSION['admin_name'])) {
unset($_SESSION['admin_name']);
}
if (isset($_SESSION['admin_id'])) {
unset($_SESSION['admin_id']);
}
if (isset($GLOBALS['admin_name'])) {
unset($GLOBALS['admin_name']);
}
if (isset($GLOBALS['admin_id'])) {
unset($GLOBALS['admin_id']);
}
// no more sessions and globals to kill - they were always killed - rest in peace
$_SESSION['user_logged'] = $to_udata['admin_name'];
$_SESSION['user_type'] = $to_udata['admin_type'];
$_SESSION['user_id'] = $to_udata['admin_id'];
$_SESSION['user_created_by'] = $to_udata['created_by'];
$_SESSION['user_login_time'] = time();
$_SESSION['user_def_lang'] = $user_language;
$_SESSION['user_theme_color'] = $user_layout;
$user_login_time = time();
$new_user_name = $to_udata['admin_name'];
$query = <<<SQL_QUERY
insert into login
(session_id, lastaccess)
values
(?, ?)
SQL_QUERY;
$rs = exec_query($sql, $query, array($new_user_name, $user_login_time));
write_log($from_udata['admin_name'] . " change into interface from " . $to_udata['admin_name']);
return $header;
}
// | http://vhcs.net | http://www.molesoftware.com |
// | |
// | This program is free software; you can redistribute it and/or |
// | modify it under the terms of the MPL General Public License |
// | as published by the Free Software Foundation; either version 1.1 |
// | of the License, or (at your option) any later version. |
// | |
// | You should have received a copy of the MPL Mozilla Public License |
// | along with this program; if not, write to the Open Source Initiative (OSI) |
// | http://opensource.org | osi@opensource.org |
// | |
// -------------------------------------------------------------------------------
// Written by: Mark Henning (tirex) for Lostpw Mod
include 'include/vhcs-lib.php';
include 'include/lostpw.php';
unset_user_login_data();
if (isset($_SESSION['user_theme_color'])) {
global $cfg;
$theme_color = $cfg['USER_INITIAL_THEME'];
} else {
$theme_color = $cfg['USER_INITIAL_THEME_COLOR'];
}
if (isset($_GET['i'])) {
if ($_GET['i'] != "") {
$tpl = new pTemplate();
$tpl->define('page', $cfg['LOGIN_TEMPLATE_PATH'] . '/lostpw_message.tpl');
$tpl->assign(array('TR_MAIN_INDEX_PAGE_TITLE' => tr('VHCS - Virtual Hosting Control System'), 'THEME_COLOR_PATH' => "themes/{$theme_color}", 'THEME_CHARSET' => tr('encoding'), 'TC_BLUE_SELECTED' => $theme_color === 'blue' ? 'selected' : '', 'TC_GREEN_SELECTED' => $theme_color === 'green' ? 'selected' : '', 'TC_YELLOW_SELECTED' => $theme_color === 'yellow' ? 'selected' : '', 'TC_RED_SELECTED' => $theme_color === 'red' ? 'selected' : '', 'TR_THEME_COLOR' => tr('Theme color'), 'TR_BLUE' => tr('Blue'), 'TR_GREEN' => tr('Green'), 'TR_YELLOW' => tr('Yellow'), 'TR_RED' => tr('Red'), 'TR_TIME' => date("g:i a"), 'TR_DATE' => date("l dS of F Y"), 'TR_VHCS_LICENSE' => $cfg['VHCS_LICENSE']));
if (sendpw($_GET['i'])) {
$tpl->assign(array('TR_MESSAGE' => tr('Password send'), 'TR_LINK' => "<A CLASS=\"submenu\" href=\"index.php\">" . tr('Login') . "</A>"));
} else {
$tpl->assign(array('TR_MESSAGE' => tr('ERROR: Password not send'), 'TR_LINK' => "<A CLASS=\"submenu\" href=\"index.php\">" . tr('Login') . "</A>"));
/**
* Switch between user's interfaces
*
* This function allows to switch bettwen user's interfaces for admin and
* reseller user accounts.
*
* @param $from_id User's id that want switch to an other user's interface
* @param $to_id User identifier that represents the destination interface
* @return void
*/
function change_user_interface($from_id, $to_id)
{
$sql = EasySCP_Registry::get('Db');
$index = null;
while (1) {
// used to easily exit
$query = "\n\t\t\tSELECT\n\t\t\t\t`admin_id`,\n\t\t\t\t`admin_name`,\n\t\t\t\t`admin_pass`,\n\t\t\t\t`admin_type`,\n\t\t\t\t`email`,\n\t\t\t\t`created_by`\n\t\t\tFROM\n\t\t\t\t`admin`\n\t\t\tWHERE\n\t\t\t\tbinary `admin_id` = ?\n\t\t;";
$rs_from = exec_query($sql, $query, $from_id);
$rs_to = exec_query($sql, $query, $to_id);
if ($rs_from->recordCount() != 1 || $rs_to->recordCount() != 1) {
set_page_message(tr('User does not exist or you do not have permission to access this interface!'), 'warning');
break;
}
$from_udata = $rs_from->fetchRow();
$to_udata = $rs_to->fetchRow();
if (!is_userdomain_ok($to_udata['admin_name'])) {
set_page_message(tr("%s's account status is not ok!", decode_idna($to_udata['admin_name'])), 'warning');
break;
}
$to_admin_type = strtolower($to_udata['admin_type']);
$from_admin_type = strtolower($from_udata['admin_type']);
$allowed_changes = array();
$allowed_changes['admin']['admin'] = 'manage_users.php';
$allowed_changes['admin']['BACK'] = 'manage_users.php';
$allowed_changes['admin']['reseller'] = 'index.php';
$allowed_changes['admin']['user'] = '******';
$allowed_changes['reseller']['user'] = '******';
$allowed_changes['reseller']['BACK'] = 'users.php?psi=last';
if (!isset($allowed_changes[$from_admin_type][$to_admin_type]) || $to_admin_type == $from_admin_type && $from_admin_type != 'admin') {
if (isset($_SESSION['logged_from_id']) && $_SESSION['logged_from_id'] == $to_id) {
$index = $allowed_changes[$to_admin_type]['BACK'];
} else {
set_page_message(tr('You do not have permission to access this interface!'), 'warning');
break;
}
}
$index = $index ? $index : $allowed_changes[$from_admin_type][$to_admin_type];
unset_user_login_data();
if ($to_admin_type != 'admin' && (isset($_SESSION['logged_from_id']) && $_SESSION['logged_from_id'] != $to_id || !isset($_SESSION['logged_from_id'])) || $from_admin_type == 'admin' && $to_admin_type == 'admin') {
$_SESSION['logged_from'] = $from_udata['admin_name'];
$_SESSION['logged_from_id'] = $from_udata['admin_id'];
}
// Ticket 830 - remove the 'logged_from' if back from user
if ($from_admin_type == 'user') {
// maybe integrated in the construction above...
unset($_SESSION['logged_from']);
unset($_SESSION['logged_from_id']);
}
// we gonna kill all sessions and globals if user get back to admin level
unset($_SESSION['admin_name']);
unset($_SESSION['admin_id']);
unset($GLOBALS['admin_name']);
unset($GLOBALS['admin_id']);
// no more sessions and globals to kill - they were always killed -
// rest in peace
$_SESSION['user_logged'] = $to_udata['admin_name'];
$_SESSION['user_pass'] = $to_udata['admin_pass'];
$_SESSION['user_type'] = $to_udata['admin_type'];
$_SESSION['user_id'] = $to_udata['admin_id'];
$_SESSION['user_email'] = $to_udata['email'];
$_SESSION['user_created_by'] = $to_udata['created_by'];
$_SESSION['user_login_time'] = time();
$query = "\n\t\t\tINSERT INTO login\n\t\t\t\t(`session_id`, `ipaddr`, `user_name`, `lastaccess`)\n\t\t\tVALUES\n\t\t\t\t(?, ?, ?, ?)\n\t\t\tON DUPLICATE KEY UPDATE\n\t\t\t\t`lastaccess` = ?\n\t\t;";
exec_query($sql, $query, array(session_id(), getipaddr(), $to_udata['admin_name'], $_SESSION['user_login_time'], $_SESSION['user_login_time']));
write_log(sprintf("%s changes into %s's interface", decode_idna($from_udata['admin_name']), decode_idna($to_udata['admin_name'])));
break;
}
redirect_to_level_page($index);
}
