Esempio n. 1
0
<?php

/**
 *
 * @ WHMCS FULL DECODED & NULLED
 *
 * @ Version  : 5.2.15
 * @ Author   : MTIMER
 * @ Release on : 2013-12-24
 * @ Website  : http://www.mtimer.cn
 *
 **/
define("ADMINAREA", true);
require "../init.php";
$auth = new WHMCS_Auth();
if ($auth->logout()) {
    redir("logout=1", "login.php");
}
redir("", "login.php");
Esempio n. 2
0
 * @ Author   : MTIMER
 * @ Release on : 2013-12-24
 * @ Website  : http://www.mtimer.cn
 *
 **/
define("ADMINAREA", true);
require "../init.php";
$aInt = new WHMCS_Admin("Configure Administrators");
$aInt->title = $aInt->lang("administrators", "title");
$aInt->sidebar = "config";
$aInt->icon = "admins";
$aInt->helplink = "Administrators";
$validate = new WHMCS_Validate();
if ($action == "save") {
    check_token("WHMCS.admin.default");
    $auth = new WHMCS_Auth();
    $auth->getInfobyID(WHMCS_Session::get("adminid"));
    if (!$auth->comparePassword($whmcs->get_req_var("confirmpassword"))) {
        $_ADMINLANG['administrators']['confirmexistingpw'] = "You must confirm your existing administrator password";
        $validate->addError(array("administrators", "confirmexistingpw"));
    } else {
        $validate->validate("required", "firstname", array("administrators", "namerequired"));
        if ($validate->validate("required", "email", array("administrators", "emailerror"))) {
            $validate->validate("email", "email", array("administrators", "emailinvalid"));
        }
        if ($validate->validate("required", "username", array("administrators", "usererror"))) {
            $existingid = get_query_val("tbladmins", "id", array("username" => $username));
            if (!$id && $existingid || $id && $existingid && $id != $existingid) {
                $validate->addError("administrators", "userexists");
            }
        }
Esempio n. 3
0
 private function validate_admin_auth()
 {
     $auth = new WHMCS_Auth();
     if ($auth->isLoggedIn()) {
         $auth->getInfobyID($_SESSION['adminid']);
         if ($auth->isSessionPWHashValid($this)) {
             return null;
         }
         $auth->destroySession();
         return null;
     }
     if ($auth->isValidRememberMeCookie($this)) {
         $auth->setSessionVars($this);
     }
 }
Esempio n. 4
0
$aInt->icon = "home";
$aInt->requiredFiles(array("ticketfunctions"));
$action = $whmcs->get_req_var("action");
$errormessage = "";
$twofa = new WHMCS_2FA();
$twofa->setAdminID($_SESSION['adminid']);
if ($whmcs->get_req_var("2fasetup")) {
    if (!$twofa->isActiveAdmins()) {
        exit("Access denied");
    }
    ob_start();
    if ($twofa->isEnabled()) {
        echo "<div class=\"content\"><div style=\"padding:15px;\">";
        $disabled = $incorrect = false;
        if ($password = $whmcs->get_req_var("pwverify")) {
            $auth = new WHMCS_Auth();
            $auth->getInfobyID($_SESSION['adminid']);
            if ($auth->comparePassword($password)) {
                $twofa->disableUser();
                $disabled = true;
            } else {
                $incorrect = true;
            }
        }
        echo "<h2>" . $aInt->lang("twofa", "disable") . "</h2>";
        if (!$disabled) {
            echo "<p>" . $aInt->lang("twofa", "disableintro") . "</p>";
            if ($incorrect) {
                echo "<div class=\"errorbox\"><strong>Password Incorrect</strong><br />Please try again...</div>";
            }
            echo "<form onsubmit=\"dialogSubmit();return false\"><input type=\"hidden\" name=\"2fasetup\" value=\"1\" /><p align=\"center\">" . $aInt->lang("fields", "password") . ": <input type=\"password\" name=\"pwverify\" value=\"\" size=\"20\" /><p><p align=\"center\"><input type=\"button\" value=\"" . $aInt->lang("global", "disable") . "\" class=\"btn\" onclick=\"dialogSubmit()\" /></p></form>";
Esempio n. 5
0
 public function __construct($reqpermission, $releaseSession = true)
 {
     global $CONFIG;
     global $licensing;
     global $_ADMINLANG;
     global $infobox;
     global $whmcs;
     $infobox = "";
     $licensing->remoteCheck();
     if ($licensing->getStatus() != "Active") {
         redir("licenseerror=" . $licensing->getStatus(), "licenseerror.php");
     }
     if ($CONFIG['AdminForceSSL'] && $CONFIG['SystemSSLURL']) {
         if (!$_SERVER['HTTPS'] || $_SERVER['HTTPS'] == "off") {
             $requesturl = $_SERVER['PHP_SELF'] . "?";
             foreach ($_REQUEST as $key => $value) {
                 if (!is_array($value)) {
                     $requesturl .= "" . $key . "=" . urlencode($value) . "&";
                     continue;
                 }
             }
             $requesturl = substr($requesturl, 0, 0 - 1);
             $requesturl = substr($requesturl, strrpos($requesturl, "/"));
             header("Location: " . $CONFIG['SystemSSLURL'] . "/" . $whmcs->get_admin_folder_name() . $requesturl);
             exit;
         }
     }
     if ($reqpermission == "loginonly") {
         $this->loginRequired = true;
     } else {
         if ($reqpermission) {
             $this->requiredPermission = $reqpermission;
         } else {
             $this->loginRequired = false;
         }
     }
     require ROOTDIR . "/includes/smarty/Smarty.class.php";
     if ($this->loginRequired) {
         $auth = new WHMCS_Auth();
         if (!$auth->isLoggedIn()) {
             $_SESSION['admloginurlredirect'] = html_entity_decode($_SERVER['REQUEST_URI']);
             redir("", "login.php");
         }
         $auth->getInfobyID($_SESSION['adminid']);
         if ($auth->isSessionPWHashValid()) {
             $auth->updateAdminLog();
             $this->adminTemplate = $auth->getAdminTemplate();
             if ($auth->getAdminLanguage()) {
                 $this->language = $auth->getAdminLanguage();
             }
         } else {
             $auth->destroySession();
             redir("", "login.php");
         }
     }
     if ($releaseSession) {
         releaseSession();
     }
     if ($this->requiredPermission) {
         $permid = array_search($this->requiredPermission, getAdminPermsArray());
         $result = select_query("tbladmins", "roleid", array("id" => $_SESSION['adminid']));
         $data = mysql_fetch_array($result);
         $roleid = $data['roleid'];
         $result = select_query("tbladminperms", "COUNT(*)", array("roleid" => $roleid, "permid" => $permid));
         $data = mysql_fetch_array($result);
         $match = $data[0];
         if (!$match) {
             redir("permid=" . $permid, "accessdenied.php");
             exit;
         }
     }
     $filename = $_SERVER['PHP_SELF'];
     $filename = substr($filename, strrpos($filename, "/"));
     $filename = str_replace(array("/", ".php"), "", $filename);
     if (isset($_SESSION['adminid'])) {
         $twofa = new WHMCS_2FA();
         $twofa->setAdminID($_SESSION['adminid']);
         if ($filename != "myaccount" && $twofa->isForced() && !$twofa->isEnabled() && $twofa->isActiveAdmins()) {
             redir("2faenforce=1", "myaccount.php");
         }
     }
     $this->filename = $filename;
     $this->rowLimit = $CONFIG['NumRecordstoDisplay'];
     if (isset($_SESSION['adminlang']) && $_SESSION['adminlang']) {
         $this->language = $_SESSION['adminlang'];
     }
     $this->language = $whmcs->validateLanguage($this->language, true);
     $whmcs->loadLanguage($this->language, true);
 }
Esempio n. 6
0
/**
 *
 * @ WHMCS FULL DECODED & NULLED
 *
 * @ Version  : 5.2.15
 * @ Author   : MTIMER
 * @ Release on : 2013-12-24
 * @ Website  : http://www.mtimer.cn
 *
 **/
define("ADMINAREA", true);
require "../init.php";
session_regenerate_id();
$username = $whmcs->get_req_var("username");
$password = $whmcs->get_req_var("password");
$auth = new WHMCS_Auth();
$twofa = new WHMCS_2FA();
if ($twofa->isActiveAdmins() && isset($_SESSION['2faverify'])) {
    $twofa->setAdminID($_SESSION['2faadminid']);
    if (WHMCS_Session::get("2fabackupcodenew")) {
        WHMCS_Session::delete("2fabackupcodenew");
        WHMCS_Session::delete("2faverify");
        WHMCS_Session::delete("2faadminid");
        WHMCS_Session::delete("2farememberme");
        if (isset($_SESSION['admloginurlredirect'])) {
            $loginurlredirect = $_SESSION['admloginurlredirect'];
            unset($_SESSION['admloginurlredirect']);
            $urlparts = explode("?", $loginurlredirect, 2);
            $filename = !empty($urlparts[0]) ? $urlparts[0] : "";
            $qry_string = !empty($urlparts[1]) ? $urlparts[1] : "";
            redir($qry_string, $filename);