Esempio n. 1
0
} else {
    $theme_color = $cfg->USER_INITIAL_THEME;
}
$tpl = EasySCP_TemplateEngine::getInstance();
$tpl->assign(array('TR_PAGE_TITLE' => tr('EasySCP - Virtual Hosting Control System'), 'TR_WEBMAIL_SSL_LINK' => 'webmail', 'TR_FTP_SSL_LINK' => 'ftp', 'TR_PMA_SSL_LINK' => 'pma'));
// Key request has been triggered
if (isset($_GET['key']) && !empty($_GET['key'])) {
    check_input($_GET['key']);
    $template = 'lostpassword_message.tpl';
    if (sendpassword($_GET['key'])) {
        $tpl->assign(array('TR_MESSAGE' => tr('Your new password has been sent.'), 'TR_LINK' => '<a href="index.php" class="button">' . tr('Login') . '</a>'));
    } else {
        $tpl->assign(array('TR_MESSAGE' => tr('New password could not be sent.'), 'TR_LINK' => '<a href="index.php" class="button">' . tr('Login') . '</a>'));
    }
} elseif (isset($_POST['uname'])) {
    check_ipaddr(getipaddr(), 'captcha');
    $template = 'lostpassword_message.tpl';
    if (!empty($_POST['uname']) && isset($_SESSION['image']) && isset($_POST['capcode'])) {
        check_input(trim($_POST['uname']));
        check_input($_POST['capcode']);
        if ($_SESSION['image'] == $_POST['capcode'] && requestpassword($_POST['uname'])) {
            $tpl->assign(array('TR_MESSAGE' => tr('Your password request has been initiated. You will receive an email with instructions to complete the process. This reset request will expire in %s minutes.', $cfg->LOSTPASSWORD_TIMEOUT), 'TR_LINK' => '<a href="index.php" class="button">' . tr('Back') . '</a>'));
        } else {
            $tpl->assign(array('TR_MESSAGE' => tr('User or security code was incorrect!'), 'TR_LINK' => '<a href="lostpassword.php" class="button">' . tr('Retry') . '</a>'));
        }
    } else {
        $tpl->assign(array('TR_MESSAGE' => tr('Please fill out all required fields!'), 'TR_LINK' => '<a href="lostpassword.php" class="button">' . tr('Retry') . '</a>'));
    }
} else {
    unblock($cfg->BRUTEFORCE_BLOCK_TIME, 'captcha');
    is_ipaddr_blocked(null, 'captcha', true);
Esempio n. 2
0
/**
 * Switch between user's interfaces
 *
 * This function allows to switch bettwen user's interfaces for admin and
 * reseller user accounts.
 *
 * @param  $from_id User's id that want switch to an other user's interface
 * @param  $to_id User identifier that represents the destination interface
 * @return void
 */
function change_user_interface($from_id, $to_id)
{
    $sql = EasySCP_Registry::get('Db');
    $index = null;
    while (1) {
        // used to easily exit
        $query = "\n\t\t\tSELECT\n\t\t\t\t`admin_id`,\n\t\t\t\t`admin_name`,\n\t\t\t\t`admin_pass`,\n\t\t\t\t`admin_type`,\n\t\t\t\t`email`,\n\t\t\t\t`created_by`\n\t\t\tFROM\n\t\t\t\t`admin`\n\t\t\tWHERE\n\t\t\t\tbinary `admin_id` = ?\n\t\t;";
        $rs_from = exec_query($sql, $query, $from_id);
        $rs_to = exec_query($sql, $query, $to_id);
        if ($rs_from->recordCount() != 1 || $rs_to->recordCount() != 1) {
            set_page_message(tr('User does not exist or you do not have permission to access this interface!'), 'warning');
            break;
        }
        $from_udata = $rs_from->fetchRow();
        $to_udata = $rs_to->fetchRow();
        if (!is_userdomain_ok($to_udata['admin_name'])) {
            set_page_message(tr("%s's account status is not ok!", decode_idna($to_udata['admin_name'])), 'warning');
            break;
        }
        $to_admin_type = strtolower($to_udata['admin_type']);
        $from_admin_type = strtolower($from_udata['admin_type']);
        $allowed_changes = array();
        $allowed_changes['admin']['admin'] = 'manage_users.php';
        $allowed_changes['admin']['BACK'] = 'manage_users.php';
        $allowed_changes['admin']['reseller'] = 'index.php';
        $allowed_changes['admin']['user'] = '******';
        $allowed_changes['reseller']['user'] = '******';
        $allowed_changes['reseller']['BACK'] = 'users.php?psi=last';
        if (!isset($allowed_changes[$from_admin_type][$to_admin_type]) || $to_admin_type == $from_admin_type && $from_admin_type != 'admin') {
            if (isset($_SESSION['logged_from_id']) && $_SESSION['logged_from_id'] == $to_id) {
                $index = $allowed_changes[$to_admin_type]['BACK'];
            } else {
                set_page_message(tr('You do not have permission to access this interface!'), 'warning');
                break;
            }
        }
        $index = $index ? $index : $allowed_changes[$from_admin_type][$to_admin_type];
        unset_user_login_data();
        if ($to_admin_type != 'admin' && (isset($_SESSION['logged_from_id']) && $_SESSION['logged_from_id'] != $to_id || !isset($_SESSION['logged_from_id'])) || $from_admin_type == 'admin' && $to_admin_type == 'admin') {
            $_SESSION['logged_from'] = $from_udata['admin_name'];
            $_SESSION['logged_from_id'] = $from_udata['admin_id'];
        }
        // Ticket 830 - remove the 'logged_from' if back from user
        if ($from_admin_type == 'user') {
            // maybe integrated in the construction above...
            unset($_SESSION['logged_from']);
            unset($_SESSION['logged_from_id']);
        }
        // we gonna kill all sessions and globals if user get back to admin level
        unset($_SESSION['admin_name']);
        unset($_SESSION['admin_id']);
        unset($GLOBALS['admin_name']);
        unset($GLOBALS['admin_id']);
        // no more sessions and globals to kill - they were always killed -
        // rest in peace
        $_SESSION['user_logged'] = $to_udata['admin_name'];
        $_SESSION['user_pass'] = $to_udata['admin_pass'];
        $_SESSION['user_type'] = $to_udata['admin_type'];
        $_SESSION['user_id'] = $to_udata['admin_id'];
        $_SESSION['user_email'] = $to_udata['email'];
        $_SESSION['user_created_by'] = $to_udata['created_by'];
        $_SESSION['user_login_time'] = time();
        $query = "\n\t\t\tINSERT INTO login\n\t\t\t\t(`session_id`, `ipaddr`, `user_name`, `lastaccess`)\n\t\t\tVALUES\n\t\t\t\t(?, ?, ?, ?)\n\t\t\tON DUPLICATE KEY UPDATE\n\t\t\t\t`lastaccess` = ?\n\t\t;";
        exec_query($sql, $query, array(session_id(), getipaddr(), $to_udata['admin_name'], $_SESSION['user_login_time'], $_SESSION['user_login_time']));
        write_log(sprintf("%s changes into %s's interface", decode_idna($from_udata['admin_name']), decode_idna($to_udata['admin_name'])));
        break;
    }
    redirect_to_level_page($index);
}
Esempio n. 3
0
 /**
  * Returns true if and only if an identity is available from storage
  *
  * @return boolean
  */
 public function hasIdentity()
 {
     if (isset($_SESSION['user_id'])) {
         $stmt = exec_query('SELECT COUNT(session_id) AS cnt FROM login WHERE session_id = ? AND ipaddr = ?', array(session_id(), getipaddr()));
         $row = $stmt->fetchRow(PDO::FETCH_ASSOC);
         return (bool) $row['cnt'];
     }
     return false;
 }
<?php

include "/htdocs/phplib/xnode.php";
function getipaddr($inf_uid)
{
    $p = XNODE_getpathbytarget("/runtime", "inf", "uid", $inf_uid, 0);
    $t = query($p . "/inet/addrtype");
    if (query($p . "/inet/" . $t . "/valid") == 1) {
        if ($t == "ppp4") {
            return query($p . "/inet/" . $t . "/local");
        } else {
            return query($p . "/inet/" . $t . "/ipaddr");
        }
    }
    return "";
}
if ($WID == "") {
    $WID = "1";
}
if (query("/runtime/device/layout") == "router") {
    $ipaddr = getipaddr("WAN-" . $WID);
} else {
    $ipaddr = getipaddr("LAN-1");
}
?>
<NewExternalIPAddress><?php 
echo $ipaddr;
?>
</NewExternalIPAddress>