/**
* Sets a user session ID.
* @author Bobby Allen (ballen@bobbyallen.me)
* @param int $zpuid The ZPanel user account ID to set the session as.
* @return bool
*/
static function SetUserSession($zpuid = 0, $sessionSecuirty = true)
{
$sessionSecuirty = runtime_sessionsecurity::getSessionSecurityEnabled();
if (isset($zpuid)) {
$_SESSION['zpuid'] = $zpuid;
if ($sessionSecuirty) {
//Implamentation of session security
runtime_sessionsecurity::setCookie();
runtime_sessionsecurity::setUserIP();
runtime_sessionsecurity::setUserAgent();
runtime_sessionsecurity::setSessionSecurityEnabled(true);
} else {
//Implamentation of session security but set it as off
runtime_sessionsecurity::setCookie();
runtime_sessionsecurity::setUserIP();
runtime_sessionsecurity::setUserAgent();
runtime_sessionsecurity::setSessionSecurityEnabled(false);
}
return true;
} else {
return false;
}
}
<?php
/**
* @copyright 2014-2015 Sentora Project (http://www.sentora.org/)
* Sentora is a GPL fork of the ZPanel Project whose original header follows:
*
* The ZPanelX loader and default handler file.
* @package zpanelx
* @subpackage core
* @author Bobby Allen (ballen@bobbyallen.me)
* @copyright Sentora Project (http://www.sentora.org/)
* @link http://www.sentora.org/
* @license GPL (http://www.gnu.org/licenses/gpl.html)
*/
session_start();
require_once 'dryden/loader.inc.php';
require_once 'cnf/db.php';
debug_phperrors::SetMode('dev');
require_once 'inc/dbc.inc.php';
debug_phperrors::SetMode(ctrl_options::GetSystemOption('debug_mode'));
require_once 'inc/init.inc.php';
//This is where we check the session for hi-jacking
if (!runtime_sessionsecurity::antiSessionHijacking()) {
echo "Session issue!";
exit(header("location: ./?sessionIssue"));
}
global $controller, $zdbh, $zlo;
$controller = new runtime_controller();
$zlo->method = ctrl_options::GetSystemOption('logmode');
if ($zlo->hasInfo()) {
$zlo->writeLog();
$zlo->reset();
}
if (isset($_GET['logout'])) {
ctrl_auth::KillSession();
ctrl_auth::KillCookies();
header("location: ./?loggedout");
exit;
}
if (isset($_GET['returnsession'])) {
if (isset($_SESSION['ruid'])) {
ctrl_auth::SetUserSession($_SESSION['ruid'], runtime_sessionsecurity::getSessionSecurityEnabled());
$_SESSION['ruid'] = null;
}
header("location: ./");
exit;
}
if (isset($_POST['inForgotPassword'])) {
runtime_csfr::Protect();
$randomkey = runtime_randomstring::randomHash();
$forgotPass = runtime_xss::xssClean($_POST['inForgotPassword']);
$sth = $zdbh->prepare("SELECT ac_id_pk, ac_user_vc, ac_email_vc FROM x_accounts WHERE ac_email_vc = :forgotPass");
$sth->bindParam(':forgotPass', $forgotPass);
$sth->execute();
$rows = $sth->fetchAll();
if ($rows) {
$result = $rows['0'];
static function doShadowUser()
{
global $zdbh;
global $controller;
runtime_csfr::Protect();
$currentuser = ctrl_users::GetUserDetail();
if ($currentuser['username'] == 'zadmin') {
$sql = "SELECT * FROM x_accounts WHERE ac_deleted_ts IS NULL ORDER BY ac_user_vc";
$numrows = $zdbh->prepare($sql);
} else {
$sql = "SELECT * FROM x_accounts WHERE ac_reseller_fk = :userid AND ac_deleted_ts IS NULL";
$numrows = $zdbh->prepare($sql);
$numrows->bindParam(':userid', $currentuser['userid']);
}
if ($numrows->execute()) {
if ($numrows->fetchColumn() != 0) {
$sql = $zdbh->prepare($sql);
if ($currentuser['username'] == 'zadmin') {
//no bind needed
} else {
//bind the username
$sql->bindParam(':userid', $currentuser['userid']);
}
$sql->execute();
while ($rowclients = $sql->fetch()) {
if (!fs_director::CheckForEmptyValue($controller->GetControllerRequest('FORM', 'inShadow_' . $rowclients['ac_id_pk']))) {
ctrl_auth::KillCookies();
ctrl_auth::SetSession('ruid', $currentuser['userid']);
ctrl_auth::SetUserSession($rowclients['ac_id_pk'], runtime_sessionsecurity::getSessionSecurityEnabled());
header("location: /");
exit;
}
}
}
}
}
