From f7ec00b2f8ba3efc5bdeacef9c813f8a826ae3be Mon Sep 17 00:00:00 2001
From: Patrick Anders <p.anders@timmehosting.de>
Date: Wed, 10 Dec 2014 08:44:26 -0500
Subject: [PATCH] add Spdy option - http://en.wikipedia.org/wiki/SPDY
---
interface/web/login/index.php | 73 ++++++++++++++++++++++++++++++++----
1 files changed, 65 insertions(+), 8 deletions(-)
diff --git a/interface/web/login/index.php b/interface/web/login/index.php
index 950c692..80c4d17 100644
--- a/interface/web/login/index.php
+++ b/interface/web/login/index.php
@@ -85,21 +85,59 @@
*/
if (isset($_SESSION['s']['user']) && $_SESSION['s']['user']['active'] == 1){
/*
- * only the admin can "login as" so if the user is NOT a admin, we
+ * only the admin or reseller can "login as" so if the user is NOT an admin or reseller, we
* open the startpage (after killing the old session), so the user
* is logout and has to start again!
*/
- if ($_SESSION['s']['user']['typ'] != 'admin') {
+ if ($_SESSION['s']['user']['typ'] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) {
/*
- * The actual user is NOT a admin, but maybe the admin
- * has logged in as "normal" user bevore...
+ * The actual user is NOT a admin or reseller, but maybe he
+ * has logged in as "normal" user before...
*/
- if (isset($_SESSION['s_old'])&& ($_SESSION['s_old']['user']['typ'] == 'admin')){
- /* The "old" user is admin, so everything is ok */
+
+ if (isset($_SESSION['s_old'])&& ($_SESSION['s_old']['user']['typ'] == 'admin' || $app->auth->has_clients($_SESSION['s_old']['user']['userid']))){
+ /* The "old" user is admin or reseller, so everything is ok
+ * if he is reseller, we need to check if he logs in to one of his clients
+ */
+ if($_SESSION['s_old']['user']['typ'] != 'admin') {
+
+ /* this is the one currently logged in (normal user) */
+ $old_client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
+ $old_client = $app->db->queryOneRecord("SELECT client.client_id, client.parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $old_client_group_id");
+
+ /* this is the reseller, that shall be re-logged in */
+ $sql = "SELECT * FROM sys_user WHERE USERNAME = '$username' and PASSWORT = '". $passwort. "'";
+ $tmp = $app->db->queryOneRecord($sql);
+ $client_group_id = $app->functions->intval($tmp['default_group']);
+ $tmp_client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+
+ if(!$tmp_client || $old_client["parent_client_id"] != $tmp_client["client_id"] || $tmp["default_group"] != $_SESSION["s_old"]["user"]["default_group"] ) {
+ die("You don't have the right to 'login as' this user!");
+ }
+ unset($old_client);
+ unset($tmp_client);
+ unset($tmp);
+ }
}
else {
die("You don't have the right to 'login as'!");
}
+ } elseif($_SESSION['s']['user']['typ'] != 'admin' && (!isset($_SESSION['s_old']['user']) || $_SESSION['s_old']['user']['typ'] != 'admin')) {
+ /* a reseller wants to 'login as', we need to check if he is allowed to */
+ $res_client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
+ $res_client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $res_client_group_id");
+
+ /* this is the user the reseller wants to 'login as' */
+ $sql = "SELECT * FROM sys_user WHERE USERNAME = '$username' and PASSWORT = '". $passwort. "'";
+ $tmp = $app->db->queryOneRecord($sql);
+ $tmp_client = $app->db->queryOneRecord("SELECT client.client_id, client.parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = " . $app->functions->intval($tmp["default_group"]));
+
+ if(!$tmp || $tmp_client["parent_client_id"] != $res_client["client_id"]) {
+ die("You don't have the right to login as this user!");
+ }
+ unset($res_client);
+ unset($tmp);
+ unset($tmp_client);
}
$loginAs = true;
}
@@ -122,7 +160,7 @@
} else {
if(stristr($username, '@')) {
//* mailuser login
- $sql = "SELECT * FROM mail_user WHERE login = '$username'";
+ $sql = "SELECT * FROM mail_user WHERE login = '$username' or email = '$username'";
$mailuser = $app->db->queryOneRecord($sql);
$user = false;
if($mailuser) {
@@ -162,6 +200,13 @@
if(crypt(stripslashes($passwort), $salt) != $saved_password) {
$user = false;
}
+ } elseif(substr($saved_password, 0, 3) == '$5$') {
+ //* The password is crypt-sha256 encrypted
+ $salt = '$5$'.substr($saved_password, 3, 16).'$';
+
+ if(crypt(stripslashes($passwort), $salt) != $saved_password) {
+ $user = false;
+ }
} else {
//* The password is md5 encrypted
@@ -192,7 +237,7 @@
$_SESSION['s']['user']['theme'] = isset($user['app_theme']) ? $user['app_theme'] : 'default';
$_SESSION['s']['language'] = $user['language'];
$_SESSION["s"]['theme'] = $_SESSION['s']['user']['theme'];
-
+
if(is_file($_SESSION['s']['user']['startmodule'].'/lib/module.conf.php')) {
include_once $_SESSION['s']['user']['startmodule'].'/lib/module.conf.php';
$menu_dir = ISPC_WEB_PATH.'/' . $_SESSION['s']['user']['startmodule'] . '/lib/menu.d';
@@ -279,12 +324,24 @@
if($error != ''){
$error = '<div class="box box_error"><h1>Error</h1>'.$error.'</div>';
}
+
+ $app->load('getconf');
+ $security_config = $app->getconf->get_security_config('permissions');
+ if($security_config['password_reset_allowed'] == 'yes') {
+ $app->tpl->setVar('pw_lost_show', 1);
+ } else {
+ $app->tpl->setVar('pw_lost_show', 0);
+ }
+
$app->tpl->setVar('error', $error);
$app->tpl->setVar('pw_lost_txt', $app->lng('pw_lost_txt'));
$app->tpl->setVar('username_txt', $app->lng('username_txt'));
$app->tpl->setVar('password_txt', $app->lng('password_txt'));
+ $app->tpl->setVar('stay_logged_in_txt', $app->lng('stay_logged_in_txt'));
$app->tpl->setVar('login_button_txt', $app->lng('login_button_txt'));
+ $app->tpl->setVar('session_timeout', $server_config_array['session_timeout']);
+ $app->tpl->setVar('session_allow_endless', $server_config_array['session_allow_endless']);
$app->tpl->setInclude('content_tpl', 'login/templates/index.htm');
$app->tpl_defaults();
--
Gitblit v1.9.1