| | |
|---|
| | | if(!preg_match("/^.{1,64}$/i", $_POST['passwort'])) $error = $app->lng('pw_error_length'); |
|---|
| | | |
|---|
| | | //** iporting variables |
|---|
| | | $ip = $app->db->quote(ip2long($_SERVER['REMOTE_ADDR'])); |
|---|
| | | $username = $app->db->quote($_POST['username']); |
|---|
| | | $passwort = $app->db->quote($_POST['passwort']); |
|---|
| | | $ip = ip2long($_SERVER['REMOTE_ADDR']); |
|---|
| | | $username = $_POST['username']; |
|---|
| | | $passwort = $_POST['passwort']; |
|---|
| | | $loginAs = false; |
|---|
| | | $time = time(); |
|---|
| | | |
|---|
| | |
|---|
| | | $sql = "SELECT * FROM sys_user WHERE USERNAME = ? and PASSWORT = ?"; |
|---|
| | | $tmp = $app->db->queryOneRecord($sql, $username, $passwort); |
|---|
| | | $client_group_id = $app->functions->intval($tmp['default_group']); |
|---|
| | | $tmp_client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ", $client_group_id); |
|---|
| | | $tmp_client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id); |
|---|
| | | |
|---|
| | | if(!$tmp_client || $old_client["parent_client_id"] != $tmp_client["client_id"] || $tmp["default_group"] != $_SESSION["s_old"]["user"]["default_group"] ) { |
|---|
| | | die("You don't have the right to 'login as' this user!"); |
|---|
| | |
|---|
| | | } elseif($_SESSION['s']['user']['typ'] != 'admin' && (!isset($_SESSION['s_old']['user']) || $_SESSION['s_old']['user']['typ'] != 'admin')) { |
|---|
| | | /* a reseller wants to 'login as', we need to check if he is allowed to */ |
|---|
| | | $res_client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]); |
|---|
| | | $res_client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ", $res_client_group_id); |
|---|
| | | $res_client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $res_client_group_id); |
|---|
| | | |
|---|
| | | /* this is the user the reseller wants to 'login as' */ |
|---|
| | | $sql = "SELECT * FROM sys_user WHERE USERNAME = ? and PASSWORT = ?"; |
|---|
| | |
|---|
| | | // Maintenance mode - show message when people try to log in and also when people are forcedly logged off |
|---|
| | | if($maintenance_mode_error != '') $error = '<strong>'.$maintenance_mode_error.'</strong><br><br>'.$error; |
|---|
| | | if($error != ''){ |
|---|
| | | $error = '<div class="box box_error"><h1>Error</h1>'.$error.'</div>'; |
|---|
| | | $error = '<div class="box box_error">'.$error.'</div>'; |
|---|
| | | } |
|---|
| | | |
|---|
| | | $app->load('getconf'); |
|---|
| | |
|---|
| | | } |
|---|
| | | |
|---|
| | | $app->tpl->setVar('error', $error); |
|---|
| | | $app->tpl->setVar('error_txt', $app->lng('error_txt')); |
|---|
| | | $app->tpl->setVar('login_txt', $app->lng('login_txt')); |
|---|
| | | $app->tpl->setVar('pw_lost_txt', $app->lng('pw_lost_txt')); |
|---|
| | | $app->tpl->setVar('username_txt', $app->lng('username_txt')); |
|---|
| | | $app->tpl->setVar('password_txt', $app->lng('password_txt')); |
|---|
