/** * The main authentication mechanism, checks username and password against the database and logs the user in on a successful authenitcation request. * @author Bobby Allen (ballen@bobbyallen.me) * @global db_driver $zdbh The ZPX database handle. * @param string $username The username to use to authenticate with. * @param string $password The password to use to authenticate with. * @param bool $rememberme Remember the password for 30 days? (true/false) * @param bool $checkingcookie The authentication request has come from a set cookie. * @return mixed Returns 'false' if the authentication fails otherwise will return the user ID. */ static function Authenticate($username, $password, $rememberme = false, $iscookie = false, $sessionSecuirty) { global $zdbh; $sqlString = "SELECT * FROM\n x_accounts WHERE\n ac_user_vc = :username AND\n ac_pass_vc = :password AND\n ac_enabled_in = 1 AND\n ac_deleted_ts IS NULL"; $bindArray = array(':username' => $username, ':password' => $password); $zdbh->bindQuery($sqlString, $bindArray); $row = $zdbh->returnRow(); if ($row) { //Disabled till zpanel 10.0.3 //runtime_sessionsecurity::sessionRegen(); ctrl_auth::SetUserSession($row['ac_id_pk'], $sessionSecuirty); $log_logon = $zdbh->prepare("UPDATE x_accounts SET ac_lastlogon_ts=" . time() . " WHERE ac_id_pk=" . $row['ac_id_pk'] . ""); $log_logon->execute(); if ($rememberme) { setcookie("zUser", $username, time() + 60 * 60 * 24 * 30, "/"); setcookie("zPass", $password, time() + 60 * 60 * 24 * 30, "/"); //setcookie("zSec", $sessionSecuirty, time() + 60 * 60 * 24 * 30, "/"); } runtime_hook::Execute('OnGoodUserLogin'); return $row['ac_id_pk']; } else { runtime_hook::Execute('OnBadUserLogin'); return false; } }
global $controller, $zdbh, $zlo; $controller = new runtime_controller(); $zlo->method = ctrl_options::GetSystemOption('logmode'); if ($zlo->hasInfo()) { $zlo->writeLog(); $zlo->reset(); } if (isset($_GET['logout'])) { ctrl_auth::KillSession(); ctrl_auth::KillCookies(); header("location: ./?loggedout"); exit; } if (isset($_GET['returnsession'])) { if (isset($_SESSION['ruid'])) { ctrl_auth::SetUserSession($_SESSION['ruid'], runtime_sessionsecurity::getSessionSecurityEnabled()); $_SESSION['ruid'] = null; } header("location: ./"); exit; } if (isset($_POST['inForgotPassword'])) { runtime_csfr::Protect(); $randomkey = runtime_randomstring::randomHash(); $forgotPass = runtime_xss::xssClean($_POST['inForgotPassword']); $sth = $zdbh->prepare("SELECT ac_id_pk, ac_user_vc, ac_email_vc FROM x_accounts WHERE ac_email_vc = :forgotPass"); $sth->bindParam(':forgotPass', $forgotPass); $sth->execute(); $rows = $sth->fetchAll(); if ($rows) { $result = $rows['0'];
static function doShadowUser() { global $zdbh; global $controller; runtime_csfr::Protect(); $currentuser = ctrl_users::GetUserDetail(); if ($currentuser['username'] == 'zadmin') { $sql = "SELECT * FROM x_accounts WHERE ac_deleted_ts IS NULL ORDER BY ac_user_vc"; $numrows = $zdbh->prepare($sql); } else { $sql = "SELECT * FROM x_accounts WHERE ac_reseller_fk = :userid AND ac_deleted_ts IS NULL"; $numrows = $zdbh->prepare($sql); $numrows->bindParam(':userid', $currentuser['userid']); } if ($numrows->execute()) { if ($numrows->fetchColumn() != 0) { $sql = $zdbh->prepare($sql); if ($currentuser['username'] == 'zadmin') { //no bind needed } else { //bind the username $sql->bindParam(':userid', $currentuser['userid']); } $sql->execute(); while ($rowclients = $sql->fetch()) { if (!fs_director::CheckForEmptyValue($controller->GetControllerRequest('FORM', 'inShadow_' . $rowclients['ac_id_pk']))) { ctrl_auth::KillCookies(); ctrl_auth::SetSession('ruid', $currentuser['userid']); ctrl_auth::SetUserSession($rowclients['ac_id_pk'], runtime_sessionsecurity::getSessionSecurityEnabled()); header("location: /"); exit; } } } } }