$cfg = EasySCP_Registry::get('Config'); if (isset($_GET['logout'])) { unset_user_login_data(); } do_session_timeout(); init_login(); if (isset($_POST['uname']) && !empty($_POST['uname']) && isset($_POST['upass']) && !empty($_POST['upass'])) { check_input(trim($_POST['uname'])); check_input(trim($_POST['upass'])); $uname = encode_idna($_POST['uname']); if (register_user($uname, $_POST['upass'])) { redirect_to_level_page(); } user_goto('index.php'); } if (check_user_login() && !redirect_to_level_page()) { unset_user_login_data(); } shall_user_wait(); $theme_color = isset($_SESSION['user_theme']) ? $_SESSION['user_theme'] : $cfg->USER_INITIAL_THEME; $tpl = EasySCP_TemplateEngine::getInstance(); if (($cfg->MAINTENANCEMODE || EasySCP_Update_Database::getInstance()->checkUpdateExists()) && !isset($_POST['admin'])) { $template = 'maintenancemode.tpl'; $tpl->assign(array('TR_PAGE_TITLE' => tr('EasySCP a Virtual Hosting Control System'), 'TR_MESSAGE' => nl2br(tohtml($cfg->MAINTENANCEMODE_MESSAGE)), 'TR_ADMINLOGIN' => tr('Administrator login'), 'TR_SSL_LINK' => isset($_SERVER['HTTPS']) ? 'http://' . htmlentities($_SERVER['HTTP_HOST']) : 'https://' . htmlentities($_SERVER['HTTP_HOST']), 'TR_WEBMAIL_SSL_LINK' => "webmail", 'TR_FTP_SSL_LINK' => "ftp", 'TR_PMA_SSL_LINK' => "pma", 'TR_SSL_IMAGE' => isset($_SERVER['HTTPS']) ? 'lock.png' : 'unlock.png', 'TR_SSL_DESCRIPTION' => !isset($_SERVER['HTTPS']) ? tr('Secure Connection') : tr('Normal Connection'))); } else { $template = 'index.tpl'; $tpl->assign(array('TR_PAGE_TITLE' => tr('EasySCP a Virtual Hosting Control System'), 'TR_LOGIN' => tr('Login'), 'TR_USERNAME' => tr('Username'), 'TR_PASSWORD' => tr('Password'), 'TR_LOGIN_INFO' => tr('Please enter your login information'), 'TR_SSL_LINK' => isset($_SERVER['HTTPS']) ? 'http://' . htmlentities($_SERVER['HTTP_HOST']) : 'https://' . htmlentities($_SERVER['HTTP_HOST']), 'TR_WEBMAIL_SSL_LINK' => "webmail", 'TR_FTP_SSL_LINK' => "ftp", 'TR_PMA_SSL_LINK' => "pma", 'TR_SSL_IMAGE' => isset($_SERVER['HTTPS']) ? 'lock.png' : 'unlock.png', 'TR_SSL_DESCRIPTION' => !isset($_SERVER['HTTPS']) ? tr('Secure Connection') : tr('Normal Connection'))); } if ($cfg->LOSTPASSWORD) { $tpl->assign('TR_LOSTPW', tr('Lost password')); } else {
/** * Switch between user's interfaces * * This function allows to switch bettwen user's interfaces for admin and * reseller user accounts. * * @param $from_id User's id that want switch to an other user's interface * @param $to_id User identifier that represents the destination interface * @return void */ function change_user_interface($from_id, $to_id) { $sql = EasySCP_Registry::get('Db'); $index = null; while (1) { // used to easily exit $query = "\n\t\t\tSELECT\n\t\t\t\t`admin_id`,\n\t\t\t\t`admin_name`,\n\t\t\t\t`admin_pass`,\n\t\t\t\t`admin_type`,\n\t\t\t\t`email`,\n\t\t\t\t`created_by`\n\t\t\tFROM\n\t\t\t\t`admin`\n\t\t\tWHERE\n\t\t\t\tbinary `admin_id` = ?\n\t\t;"; $rs_from = exec_query($sql, $query, $from_id); $rs_to = exec_query($sql, $query, $to_id); if ($rs_from->recordCount() != 1 || $rs_to->recordCount() != 1) { set_page_message(tr('User does not exist or you do not have permission to access this interface!'), 'warning'); break; } $from_udata = $rs_from->fetchRow(); $to_udata = $rs_to->fetchRow(); if (!is_userdomain_ok($to_udata['admin_name'])) { set_page_message(tr("%s's account status is not ok!", decode_idna($to_udata['admin_name'])), 'warning'); break; } $to_admin_type = strtolower($to_udata['admin_type']); $from_admin_type = strtolower($from_udata['admin_type']); $allowed_changes = array(); $allowed_changes['admin']['admin'] = 'manage_users.php'; $allowed_changes['admin']['BACK'] = 'manage_users.php'; $allowed_changes['admin']['reseller'] = 'index.php'; $allowed_changes['admin']['user'] = '******'; $allowed_changes['reseller']['user'] = '******'; $allowed_changes['reseller']['BACK'] = 'users.php?psi=last'; if (!isset($allowed_changes[$from_admin_type][$to_admin_type]) || $to_admin_type == $from_admin_type && $from_admin_type != 'admin') { if (isset($_SESSION['logged_from_id']) && $_SESSION['logged_from_id'] == $to_id) { $index = $allowed_changes[$to_admin_type]['BACK']; } else { set_page_message(tr('You do not have permission to access this interface!'), 'warning'); break; } } $index = $index ? $index : $allowed_changes[$from_admin_type][$to_admin_type]; unset_user_login_data(); if ($to_admin_type != 'admin' && (isset($_SESSION['logged_from_id']) && $_SESSION['logged_from_id'] != $to_id || !isset($_SESSION['logged_from_id'])) || $from_admin_type == 'admin' && $to_admin_type == 'admin') { $_SESSION['logged_from'] = $from_udata['admin_name']; $_SESSION['logged_from_id'] = $from_udata['admin_id']; } // Ticket 830 - remove the 'logged_from' if back from user if ($from_admin_type == 'user') { // maybe integrated in the construction above... unset($_SESSION['logged_from']); unset($_SESSION['logged_from_id']); } // we gonna kill all sessions and globals if user get back to admin level unset($_SESSION['admin_name']); unset($_SESSION['admin_id']); unset($GLOBALS['admin_name']); unset($GLOBALS['admin_id']); // no more sessions and globals to kill - they were always killed - // rest in peace $_SESSION['user_logged'] = $to_udata['admin_name']; $_SESSION['user_pass'] = $to_udata['admin_pass']; $_SESSION['user_type'] = $to_udata['admin_type']; $_SESSION['user_id'] = $to_udata['admin_id']; $_SESSION['user_email'] = $to_udata['email']; $_SESSION['user_created_by'] = $to_udata['created_by']; $_SESSION['user_login_time'] = time(); $query = "\n\t\t\tINSERT INTO login\n\t\t\t\t(`session_id`, `ipaddr`, `user_name`, `lastaccess`)\n\t\t\tVALUES\n\t\t\t\t(?, ?, ?, ?)\n\t\t\tON DUPLICATE KEY UPDATE\n\t\t\t\t`lastaccess` = ?\n\t\t;"; exec_query($sql, $query, array(session_id(), getipaddr(), $to_udata['admin_name'], $_SESSION['user_login_time'], $_SESSION['user_login_time'])); write_log(sprintf("%s changes into %s's interface", decode_idna($from_udata['admin_name']), decode_idna($to_udata['admin_name']))); break; } redirect_to_level_page($index); }