/** * Sets a user session ID. * @author Bobby Allen (ballen@bobbyallen.me) * @param int $zpuid The ZPanel user account ID to set the session as. * @return bool */ static function SetUserSession($zpuid = 0, $sessionSecuirty = true) { $sessionSecuirty = runtime_sessionsecurity::getSessionSecurityEnabled(); if (isset($zpuid)) { $_SESSION['zpuid'] = $zpuid; if ($sessionSecuirty) { //Implamentation of session security runtime_sessionsecurity::setCookie(); runtime_sessionsecurity::setUserIP(); runtime_sessionsecurity::setUserAgent(); runtime_sessionsecurity::setSessionSecurityEnabled(true); } else { //Implamentation of session security but set it as off runtime_sessionsecurity::setCookie(); runtime_sessionsecurity::setUserIP(); runtime_sessionsecurity::setUserAgent(); runtime_sessionsecurity::setSessionSecurityEnabled(false); } return true; } else { return false; } }
<?php /** * @copyright 2014-2015 Sentora Project (http://www.sentora.org/) * Sentora is a GPL fork of the ZPanel Project whose original header follows: * * The ZPanelX loader and default handler file. * @package zpanelx * @subpackage core * @author Bobby Allen (ballen@bobbyallen.me) * @copyright Sentora Project (http://www.sentora.org/) * @link http://www.sentora.org/ * @license GPL (http://www.gnu.org/licenses/gpl.html) */ session_start(); require_once 'dryden/loader.inc.php'; require_once 'cnf/db.php'; debug_phperrors::SetMode('dev'); require_once 'inc/dbc.inc.php'; debug_phperrors::SetMode(ctrl_options::GetSystemOption('debug_mode')); require_once 'inc/init.inc.php'; //This is where we check the session for hi-jacking if (!runtime_sessionsecurity::antiSessionHijacking()) { echo "Session issue!"; exit(header("location: ./?sessionIssue")); }
global $controller, $zdbh, $zlo; $controller = new runtime_controller(); $zlo->method = ctrl_options::GetSystemOption('logmode'); if ($zlo->hasInfo()) { $zlo->writeLog(); $zlo->reset(); } if (isset($_GET['logout'])) { ctrl_auth::KillSession(); ctrl_auth::KillCookies(); header("location: ./?loggedout"); exit; } if (isset($_GET['returnsession'])) { if (isset($_SESSION['ruid'])) { ctrl_auth::SetUserSession($_SESSION['ruid'], runtime_sessionsecurity::getSessionSecurityEnabled()); $_SESSION['ruid'] = null; } header("location: ./"); exit; } if (isset($_POST['inForgotPassword'])) { runtime_csfr::Protect(); $randomkey = runtime_randomstring::randomHash(); $forgotPass = runtime_xss::xssClean($_POST['inForgotPassword']); $sth = $zdbh->prepare("SELECT ac_id_pk, ac_user_vc, ac_email_vc FROM x_accounts WHERE ac_email_vc = :forgotPass"); $sth->bindParam(':forgotPass', $forgotPass); $sth->execute(); $rows = $sth->fetchAll(); if ($rows) { $result = $rows['0'];
static function doShadowUser() { global $zdbh; global $controller; runtime_csfr::Protect(); $currentuser = ctrl_users::GetUserDetail(); if ($currentuser['username'] == 'zadmin') { $sql = "SELECT * FROM x_accounts WHERE ac_deleted_ts IS NULL ORDER BY ac_user_vc"; $numrows = $zdbh->prepare($sql); } else { $sql = "SELECT * FROM x_accounts WHERE ac_reseller_fk = :userid AND ac_deleted_ts IS NULL"; $numrows = $zdbh->prepare($sql); $numrows->bindParam(':userid', $currentuser['userid']); } if ($numrows->execute()) { if ($numrows->fetchColumn() != 0) { $sql = $zdbh->prepare($sql); if ($currentuser['username'] == 'zadmin') { //no bind needed } else { //bind the username $sql->bindParam(':userid', $currentuser['userid']); } $sql->execute(); while ($rowclients = $sql->fetch()) { if (!fs_director::CheckForEmptyValue($controller->GetControllerRequest('FORM', 'inShadow_' . $rowclients['ac_id_pk']))) { ctrl_auth::KillCookies(); ctrl_auth::SetSession('ruid', $currentuser['userid']); ctrl_auth::SetUserSession($rowclients['ac_id_pk'], runtime_sessionsecurity::getSessionSecurityEnabled()); header("location: /"); exit; } } } } }