/** * Sets a user session ID. * @author Bobby Allen (ballen@bobbyallen.me) * @param int $zpuid The ZPanel user account ID to set the session as. * @return bool */ static function SetUserSession($zpuid = 0, $sessionSecuirty = true) { $sessionSecuirty = runtime_sessionsecurity::getSessionSecurityEnabled(); if (isset($zpuid)) { $_SESSION['zpuid'] = $zpuid; if ($sessionSecuirty) { //Implamentation of session security runtime_sessionsecurity::setCookie(); runtime_sessionsecurity::setUserIP(); runtime_sessionsecurity::setUserAgent(); runtime_sessionsecurity::setSessionSecurityEnabled(true); } else { //Implamentation of session security but set it as off runtime_sessionsecurity::setCookie(); runtime_sessionsecurity::setUserIP(); runtime_sessionsecurity::setUserAgent(); runtime_sessionsecurity::setSessionSecurityEnabled(false); } return true; } else { return false; } }
global $controller, $zdbh, $zlo; $controller = new runtime_controller(); $zlo->method = ctrl_options::GetSystemOption('logmode'); if ($zlo->hasInfo()) { $zlo->writeLog(); $zlo->reset(); } if (isset($_GET['logout'])) { ctrl_auth::KillSession(); ctrl_auth::KillCookies(); header("location: ./?loggedout"); exit; } if (isset($_GET['returnsession'])) { if (isset($_SESSION['ruid'])) { ctrl_auth::SetUserSession($_SESSION['ruid'], runtime_sessionsecurity::getSessionSecurityEnabled()); $_SESSION['ruid'] = null; } header("location: ./"); exit; } if (isset($_POST['inForgotPassword'])) { runtime_csfr::Protect(); $randomkey = runtime_randomstring::randomHash(); $forgotPass = runtime_xss::xssClean($_POST['inForgotPassword']); $sth = $zdbh->prepare("SELECT ac_id_pk, ac_user_vc, ac_email_vc FROM x_accounts WHERE ac_email_vc = :forgotPass"); $sth->bindParam(':forgotPass', $forgotPass); $sth->execute(); $rows = $sth->fetchAll(); if ($rows) { $result = $rows['0'];
static function doShadowUser() { global $zdbh; global $controller; runtime_csfr::Protect(); $currentuser = ctrl_users::GetUserDetail(); if ($currentuser['username'] == 'zadmin') { $sql = "SELECT * FROM x_accounts WHERE ac_deleted_ts IS NULL ORDER BY ac_user_vc"; $numrows = $zdbh->prepare($sql); } else { $sql = "SELECT * FROM x_accounts WHERE ac_reseller_fk = :userid AND ac_deleted_ts IS NULL"; $numrows = $zdbh->prepare($sql); $numrows->bindParam(':userid', $currentuser['userid']); } if ($numrows->execute()) { if ($numrows->fetchColumn() != 0) { $sql = $zdbh->prepare($sql); if ($currentuser['username'] == 'zadmin') { //no bind needed } else { //bind the username $sql->bindParam(':userid', $currentuser['userid']); } $sql->execute(); while ($rowclients = $sql->fetch()) { if (!fs_director::CheckForEmptyValue($controller->GetControllerRequest('FORM', 'inShadow_' . $rowclients['ac_id_pk']))) { ctrl_auth::KillCookies(); ctrl_auth::SetSession('ruid', $currentuser['userid']); ctrl_auth::SetUserSession($rowclients['ac_id_pk'], runtime_sessionsecurity::getSessionSecurityEnabled()); header("location: /"); exit; } } } } }