* @ Release on : 2013-12-24 * @ Website : http://www.mtimer.cn * **/ define("ADMINAREA", true); require "../init.php"; $aInt = new WHMCS_Admin("Configure Administrators"); $aInt->title = $aInt->lang("administrators", "title"); $aInt->sidebar = "config"; $aInt->icon = "admins"; $aInt->helplink = "Administrators"; $validate = new WHMCS_Validate(); if ($action == "save") { check_token("WHMCS.admin.default"); $auth = new WHMCS_Auth(); $auth->getInfobyID(WHMCS_Session::get("adminid")); if (!$auth->comparePassword($whmcs->get_req_var("confirmpassword"))) { $_ADMINLANG['administrators']['confirmexistingpw'] = "You must confirm your existing administrator password"; $validate->addError(array("administrators", "confirmexistingpw")); } else { $validate->validate("required", "firstname", array("administrators", "namerequired")); if ($validate->validate("required", "email", array("administrators", "emailerror"))) { $validate->validate("email", "email", array("administrators", "emailinvalid")); } if ($validate->validate("required", "username", array("administrators", "usererror"))) { $existingid = get_query_val("tbladmins", "id", array("username" => $username)); if (!$id && $existingid || $id && $existingid && $id != $existingid) { $validate->addError("administrators", "userexists"); } } if (!$id) {
private function validate_admin_auth() { $auth = new WHMCS_Auth(); if ($auth->isLoggedIn()) { $auth->getInfobyID($_SESSION['adminid']); if ($auth->isSessionPWHashValid($this)) { return null; } $auth->destroySession(); return null; } if ($auth->isValidRememberMeCookie($this)) { $auth->setSessionVars($this); } }
public function __construct($reqpermission, $releaseSession = true) { global $CONFIG; global $licensing; global $_ADMINLANG; global $infobox; global $whmcs; $infobox = ""; $licensing->remoteCheck(); if ($licensing->getStatus() != "Active") { redir("licenseerror=" . $licensing->getStatus(), "licenseerror.php"); } if ($CONFIG['AdminForceSSL'] && $CONFIG['SystemSSLURL']) { if (!$_SERVER['HTTPS'] || $_SERVER['HTTPS'] == "off") { $requesturl = $_SERVER['PHP_SELF'] . "?"; foreach ($_REQUEST as $key => $value) { if (!is_array($value)) { $requesturl .= "" . $key . "=" . urlencode($value) . "&"; continue; } } $requesturl = substr($requesturl, 0, 0 - 1); $requesturl = substr($requesturl, strrpos($requesturl, "/")); header("Location: " . $CONFIG['SystemSSLURL'] . "/" . $whmcs->get_admin_folder_name() . $requesturl); exit; } } if ($reqpermission == "loginonly") { $this->loginRequired = true; } else { if ($reqpermission) { $this->requiredPermission = $reqpermission; } else { $this->loginRequired = false; } } require ROOTDIR . "/includes/smarty/Smarty.class.php"; if ($this->loginRequired) { $auth = new WHMCS_Auth(); if (!$auth->isLoggedIn()) { $_SESSION['admloginurlredirect'] = html_entity_decode($_SERVER['REQUEST_URI']); redir("", "login.php"); } $auth->getInfobyID($_SESSION['adminid']); if ($auth->isSessionPWHashValid()) { $auth->updateAdminLog(); $this->adminTemplate = $auth->getAdminTemplate(); if ($auth->getAdminLanguage()) { $this->language = $auth->getAdminLanguage(); } } else { $auth->destroySession(); redir("", "login.php"); } } if ($releaseSession) { releaseSession(); } if ($this->requiredPermission) { $permid = array_search($this->requiredPermission, getAdminPermsArray()); $result = select_query("tbladmins", "roleid", array("id" => $_SESSION['adminid'])); $data = mysql_fetch_array($result); $roleid = $data['roleid']; $result = select_query("tbladminperms", "COUNT(*)", array("roleid" => $roleid, "permid" => $permid)); $data = mysql_fetch_array($result); $match = $data[0]; if (!$match) { redir("permid=" . $permid, "accessdenied.php"); exit; } } $filename = $_SERVER['PHP_SELF']; $filename = substr($filename, strrpos($filename, "/")); $filename = str_replace(array("/", ".php"), "", $filename); if (isset($_SESSION['adminid'])) { $twofa = new WHMCS_2FA(); $twofa->setAdminID($_SESSION['adminid']); if ($filename != "myaccount" && $twofa->isForced() && !$twofa->isEnabled() && $twofa->isActiveAdmins()) { redir("2faenforce=1", "myaccount.php"); } } $this->filename = $filename; $this->rowLimit = $CONFIG['NumRecordstoDisplay']; if (isset($_SESSION['adminlang']) && $_SESSION['adminlang']) { $this->language = $_SESSION['adminlang']; } $this->language = $whmcs->validateLanguage($this->language, true); $whmcs->loadLanguage($this->language, true); }
$aInt->requiredFiles(array("ticketfunctions")); $action = $whmcs->get_req_var("action"); $errormessage = ""; $twofa = new WHMCS_2FA(); $twofa->setAdminID($_SESSION['adminid']); if ($whmcs->get_req_var("2fasetup")) { if (!$twofa->isActiveAdmins()) { exit("Access denied"); } ob_start(); if ($twofa->isEnabled()) { echo "<div class=\"content\"><div style=\"padding:15px;\">"; $disabled = $incorrect = false; if ($password = $whmcs->get_req_var("pwverify")) { $auth = new WHMCS_Auth(); $auth->getInfobyID($_SESSION['adminid']); if ($auth->comparePassword($password)) { $twofa->disableUser(); $disabled = true; } else { $incorrect = true; } } echo "<h2>" . $aInt->lang("twofa", "disable") . "</h2>"; if (!$disabled) { echo "<p>" . $aInt->lang("twofa", "disableintro") . "</p>"; if ($incorrect) { echo "<div class=\"errorbox\"><strong>Password Incorrect</strong><br />Please try again...</div>"; } echo "<form onsubmit=\"dialogSubmit();return false\"><input type=\"hidden\" name=\"2fasetup\" value=\"1\" /><p align=\"center\">" . $aInt->lang("fields", "password") . ": <input type=\"password\" name=\"pwverify\" value=\"\" size=\"20\" /><p><p align=\"center\"><input type=\"button\" value=\"" . $aInt->lang("global", "disable") . "\" class=\"btn\" onclick=\"dialogSubmit()\" /></p></form>"; } else {
$urlparts = explode("?", $loginurlredirect, 2); $filename = !empty($urlparts[0]) ? $urlparts[0] : ""; $qry_string = !empty($urlparts[1]) ? $urlparts[1] : ""; redir($qry_string, $filename); } else { redir("", "index.php"); } exit; } if ($whmcs->get_req_var("backupcode")) { $success = $twofa->verifyBackupCode($whmcs->get_req_var("code")); } else { $success = $twofa->moduleCall("verify"); } if ($success) { $adminfound = $auth->getInfobyID($_SESSION['2faadminid']); $auth->setSessionVars(); $auth->processLogin(); if ($_SESSION['2farememberme']) { $auth->setRememberMeCookie(); } else { $auth->unsetRememberMeCookie(); } if ($whmcs->get_req_var("backupcode")) { WHMCS_Session::set("2fabackupcodenew", true); redir("newbackupcode=1", "login.php"); } WHMCS_Session::delete("2faverify"); WHMCS_Session::delete("2faadminid"); WHMCS_Session::delete("2farememberme"); if (isset($_SESSION['admloginurlredirect'])) {