Exemple #1
0
 /**
  * Sets a user session ID.
  * @author Bobby Allen (ballen@bobbyallen.me)
  * @param int $zpuid The ZPanel user account ID to set the session as.
  * @return bool
  */
 static function SetUserSession($zpuid = 0, $sessionSecuirty = true)
 {
     $sessionSecuirty = runtime_sessionsecurity::getSessionSecurityEnabled();
     if (isset($zpuid)) {
         $_SESSION['zpuid'] = $zpuid;
         if ($sessionSecuirty) {
             //Implamentation of session security
             runtime_sessionsecurity::setCookie();
             runtime_sessionsecurity::setUserIP();
             runtime_sessionsecurity::setUserAgent();
             runtime_sessionsecurity::setSessionSecurityEnabled(true);
         } else {
             //Implamentation of session security but set it as off
             runtime_sessionsecurity::setCookie();
             runtime_sessionsecurity::setUserIP();
             runtime_sessionsecurity::setUserAgent();
             runtime_sessionsecurity::setSessionSecurityEnabled(false);
         }
         return true;
     } else {
         return false;
     }
 }
Exemple #2
0
global $controller, $zdbh, $zlo;
$controller = new runtime_controller();
$zlo->method = ctrl_options::GetSystemOption('logmode');
if ($zlo->hasInfo()) {
    $zlo->writeLog();
    $zlo->reset();
}
if (isset($_GET['logout'])) {
    ctrl_auth::KillSession();
    ctrl_auth::KillCookies();
    header("location: ./?loggedout");
    exit;
}
if (isset($_GET['returnsession'])) {
    if (isset($_SESSION['ruid'])) {
        ctrl_auth::SetUserSession($_SESSION['ruid'], runtime_sessionsecurity::getSessionSecurityEnabled());
        $_SESSION['ruid'] = null;
    }
    header("location: ./");
    exit;
}
if (isset($_POST['inForgotPassword'])) {
    runtime_csfr::Protect();
    $randomkey = runtime_randomstring::randomHash();
    $forgotPass = runtime_xss::xssClean($_POST['inForgotPassword']);
    $sth = $zdbh->prepare("SELECT ac_id_pk, ac_user_vc, ac_email_vc  FROM x_accounts WHERE ac_email_vc = :forgotPass");
    $sth->bindParam(':forgotPass', $forgotPass);
    $sth->execute();
    $rows = $sth->fetchAll();
    if ($rows) {
        $result = $rows['0'];
Exemple #3
0
 static function doShadowUser()
 {
     global $zdbh;
     global $controller;
     runtime_csfr::Protect();
     $currentuser = ctrl_users::GetUserDetail();
     if ($currentuser['username'] == 'zadmin') {
         $sql = "SELECT * FROM x_accounts WHERE ac_deleted_ts IS NULL ORDER BY ac_user_vc";
         $numrows = $zdbh->prepare($sql);
     } else {
         $sql = "SELECT * FROM x_accounts WHERE ac_reseller_fk = :userid AND ac_deleted_ts IS NULL";
         $numrows = $zdbh->prepare($sql);
         $numrows->bindParam(':userid', $currentuser['userid']);
     }
     if ($numrows->execute()) {
         if ($numrows->fetchColumn() != 0) {
             $sql = $zdbh->prepare($sql);
             if ($currentuser['username'] == 'zadmin') {
                 //no bind needed
             } else {
                 //bind the username
                 $sql->bindParam(':userid', $currentuser['userid']);
             }
             $sql->execute();
             while ($rowclients = $sql->fetch()) {
                 if (!fs_director::CheckForEmptyValue($controller->GetControllerRequest('FORM', 'inShadow_' . $rowclients['ac_id_pk']))) {
                     ctrl_auth::KillCookies();
                     ctrl_auth::SetSession('ruid', $currentuser['userid']);
                     ctrl_auth::SetUserSession($rowclients['ac_id_pk'], runtime_sessionsecurity::getSessionSecurityEnabled());
                     header("location: /");
                     exit;
                 }
             }
         }
     }
 }