malhuda/developer
1
0
Fork 0
mirror of https://github.com/easy-wi/developer.git synced 2025-02-20 11:23:28 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Redirect when reseller and resellerid not >0

Browse Source
This commit is contained in:
Ulrich Block 2013-10-15 20:28:20 +02:00
parent 41148c9dee
commit b9da084b1c
4 changed files with 91 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
web/login.php
View File

@ -214,7 +214,7 @@ if ($ui->st('w', 'get') == 'lo') {
$salt = ''; $salt = '';
$query = $sql->prepare("SELECT `id`,`cname`,`active`,`security`,`resellerid`,`mail`,`salt`,`externalID` FROM `userdata` WHERE `cname`=? OR `mail`=? ORDER BY `lastlogin` DESC LIMIT 1"); $query = $sql->prepare("SELECT `id`,`accounttype`,`cname`,`active`,`security`,`resellerid`,`mail`,`salt`,`externalID` FROM `userdata` WHERE `cname`=? OR `mail`=? ORDER BY `lastlogin` DESC LIMIT 1");
$query->execute(array($ui->username('username', 255, 'post'),$ui->ismail('username', 'post'))); $query->execute(array($ui->username('username', 255, 'post'),$ui->ismail('username', 'post')));
foreach ($query->fetchAll(PDO::FETCH_ASSOC) as $row) { foreach ($query->fetchAll(PDO::FETCH_ASSOC) as $row) {
$username = $row['cname']; $username = $row['cname'];
@ -225,6 +225,7 @@ if ($ui->st('w', 'get') == 'lo') {
$externalID = $row['externalID']; $externalID = $row['externalID'];
$security = $row['security']; $security = $row['security'];
$resellerid = $row['resellerid']; $resellerid = $row['resellerid'];
$accounttype = $row['accounttype'];
$userpassNew = createHash($username, $password, $salt, $aeskey); $userpassNew = createHash($username, $password, $salt, $aeskey);
@ -353,6 +354,10 @@ if ($ui->st('w', 'get') == 'lo') {
$query->execute(array($logintime, $logdate, $id)); $query->execute(array($logintime, $logdate, $id));
} }
if (!isset($accounttype) or !isset($resellerid) or ($accounttype == 'r' and $resellerid < 1)) {
redirect('login.php');
}
$_SESSION['resellerid'] = $resellerid; $_SESSION['resellerid'] = $resellerid;
$query = $sql->prepare("DELETE FROM `badips` WHERE `badip`=?"); $query = $sql->prepare("DELETE FROM `badips` WHERE `badip`=?");

10
web/stuff/init_admin.php
View File

@ -114,6 +114,7 @@ foreach ($query->fetchAll(PDO::FETCH_ASSOC) as $row) {
if ($row['active'] == 'Y' and $row['type'] == 'A' and is_file(EASYWIDIR . '/stuff/' . $row['file'])) { if ($row['active'] == 'Y' and $row['type'] == 'A' and is_file(EASYWIDIR . '/stuff/' . $row['file'])) {
$query2->execute(array($row['id'], $user_language)); $query2->execute(array($row['id'], $user_language));
$name = $query2->fetchColumn(); $name = $query2->fetchColumn();
if (strlen($name) == 0) { if (strlen($name) == 0) {
$query2->execute(array($row['id'], $rSA['language'])); $query2->execute(array($row['id'], $rSA['language']));
$name = $query2->fetchColumn(); $name = $query2->fetchColumn();
@ -121,12 +122,15 @@ foreach ($query->fetchAll(PDO::FETCH_ASSOC) as $row) {
if (strlen($name) == 0) { if (strlen($name) == 0) {
$name = $row['file']; $name = $row['file'];
} }
$customModules[$row['sub']][$row['get']] = $name; $customModules[$row['sub']][$row['get']] = $name;
$what_to_be_included_array[$row['get']] = $row['file']; $what_to_be_included_array[$row['get']] = $row['file'];
} else if ($row['type'] == 'C' and $row['active'] == 'N') { } else if ($row['type'] == 'C' and $row['active'] == 'N') {
$easywiModules[$row['get']] = false; $easywiModules[$row['get']] = false;
} }
} }
if ($easywiModules['gs'] === true) { if ($easywiModules['gs'] === true) {
$what_to_be_included_array['ro'] = 'roots.php'; $what_to_be_included_array['ro'] = 'roots.php';
$what_to_be_included_array['ma'] = 'masterserver.php'; $what_to_be_included_array['ma'] = 'masterserver.php';
@ -134,12 +138,15 @@ if ($easywiModules['gs'] === true) {
$what_to_be_included_array['ad'] = 'addons.php'; $what_to_be_included_array['ad'] = 'addons.php';
$what_to_be_included_array['im'] = 'images.php'; $what_to_be_included_array['im'] = 'images.php';
} }
if ($easywiModules['ea'] === true) { if ($easywiModules['ea'] === true) {
$what_to_be_included_array['ea'] = 'eac.php'; $what_to_be_included_array['ea'] = 'eac.php';
} }
if ($easywiModules['my'] === true) { if ($easywiModules['my'] === true) {
$what_to_be_included_array['my'] = 'mysql_server.php'; $what_to_be_included_array['my'] = 'mysql_server.php';
} }
if ($easywiModules['ro'] === true) { if ($easywiModules['ro'] === true) {
$what_to_be_included_array['rh'] = 'root_dedicated.php'; $what_to_be_included_array['rh'] = 'root_dedicated.php';
$what_to_be_included_array['rd'] = 'root_dhcp.php'; $what_to_be_included_array['rd'] = 'root_dhcp.php';
@ -149,13 +156,16 @@ if ($easywiModules['ro'] === true) {
$what_to_be_included_array['ot'] = 'roots_os_templates.php'; $what_to_be_included_array['ot'] = 'roots_os_templates.php';
$what_to_be_included_array['tf'] = 'traffic.php'; $what_to_be_included_array['tf'] = 'traffic.php';
} }
if ($easywiModules['ti'] === true) { if ($easywiModules['ti'] === true) {
$what_to_be_included_array['ti'] = 'tickets.php'; $what_to_be_included_array['ti'] = 'tickets.php';
$what_to_be_included_array['tr'] = 'tickets_reseller.php'; $what_to_be_included_array['tr'] = 'tickets_reseller.php';
} }
if ($easywiModules['le'] === true) { if ($easywiModules['le'] === true) {
$what_to_be_included_array['le'] = 'lendserver.php'; $what_to_be_included_array['le'] = 'lendserver.php';
} }
if ($easywiModules['vo'] === true) { if ($easywiModules['vo'] === true) {
$what_to_be_included_array['vu'] = 'voice_usage.php'; $what_to_be_included_array['vu'] = 'voice_usage.php';
$what_to_be_included_array['vo'] = 'voice.php'; $what_to_be_included_array['vo'] = 'voice.php';

41
web/stuff/settings.php
View File

@ -35,6 +35,7 @@
* Sie sollten eine Kopie der GNU General Public License zusammen mit diesem * Sie sollten eine Kopie der GNU General Public License zusammen mit diesem
* Programm erhalten haben. Wenn nicht, siehe <http://www.gnu.org/licenses/>. * Programm erhalten haben. Wenn nicht, siehe <http://www.gnu.org/licenses/>.
*/ */
if (isset($_SERVER['QUERY_STRING'])) { if (isset($_SERVER['QUERY_STRING'])) {
$queries = strtolower($_SERVER['QUERY_STRING']); $queries = strtolower($_SERVER['QUERY_STRING']);
$badcontent = array("http://", "ftp://", "https://", "ftps://", "delete ", "from ", "into ", "userdata ", "userdata(", "userdata`", "userpermissions ", "userpermissions(", "userpermissions`", "select ", "set ", "where ", "update ", "union ", "*", ".ssh", "~", "chmod ", "passwd", "fclose", "fopen", "fwrite", "getenv", "locate", "passthru", "phpinfo", "proc_close", "proc_get_status", "proc_nice", "proc_open", "proc_terminate", "shell_exec(", "system("); $badcontent = array("http://", "ftp://", "https://", "ftps://", "delete ", "from ", "into ", "userdata ", "userdata(", "userdata`", "userpermissions ", "userpermissions(", "userpermissions`", "select ", "set ", "where ", "update ", "union ", "*", ".ssh", "~", "chmod ", "passwd", "fclose", "fopen", "fwrite", "getenv", "locate", "passthru", "phpinfo", "proc_close", "proc_get_status", "proc_nice", "proc_open", "proc_terminate", "shell_exec(", "system(");
@ -43,16 +44,21 @@ if (isset($_SERVER['QUERY_STRING'])) {
die(); die();
} }
} }
include(EASYWIDIR . '/stuff/config.php');
$ui = new ValidateUserinput($_GET, $_POST, $_SERVER, array(), $_ENV); $ui = new ValidateUserinput($_GET, $_POST, $_SERVER, array(), $_ENV);
unset($_GET, $_POST, $_SERVER, $_ENV); unset($_GET, $_POST, $_SERVER, $_ENV);
include(EASYWIDIR . '/stuff/config.php');
$ewCfg['captcha'] = $captcha; $ewCfg['captcha'] = $captcha;
$ewCfg['title'] = $title; $ewCfg['title'] = $title;
$dbConnect['type']=(!isset($type) or $type == '') ? 'mysql' : $type;
$dbConnect['type'] = (!isset($type) or $type == '') ? 'mysql' : $type;
$dbConnect['host'] = $host; $dbConnect['host'] = $host;
$dbConnect['user'] = $user; $dbConnect['user'] = $user;
$dbConnect['pwd'] = $pwd; $dbConnect['pwd'] = $pwd;
$dbConnect['db'] = $db; $dbConnect['db'] = $db;
if (isset($debug) and $debug==1) { if (isset($debug) and $debug==1) {
$dbConnect['debug'] = 1; $dbConnect['debug'] = 1;
ini_set('display_errors',1); ini_set('display_errors',1);
@ -109,6 +115,8 @@ if ($loguserip != 'localhost') {
if (isset($_SESSION['resellerid']) and is_numeric($_SESSION['resellerid'])) { if (isset($_SESSION['resellerid']) and is_numeric($_SESSION['resellerid'])) {
$reseller_id = $_SESSION['resellerid']; $reseller_id = $_SESSION['resellerid'];
} else if ((isset($_SESSION['userid']) or isset($_SESSION['adminid'])) and (!isset($_SESSION['resellerid']) or !is_numeric($_SESSION['resellerid']))) {
redirect('login.php');
} }
if (isset($_SESSION['HTTP_USER_AGENT']) and isset($_SESSION['REMOTE_ADDR'])){ if (isset($_SESSION['HTTP_USER_AGENT']) and isset($_SESSION['REMOTE_ADDR'])){
@ -116,12 +124,14 @@ if ($loguserip != 'localhost') {
if ($_SESSION['HTTP_USER_AGENT'] != md5($ui->escaped('HTTP_USER_AGENT', 'server')) or $_SESSION['REMOTE_ADDR'] != md5($ui->ip('REMOTE_ADDR', 'server'))){ if ($_SESSION['HTTP_USER_AGENT'] != md5($ui->escaped('HTTP_USER_AGENT', 'server')) or $_SESSION['REMOTE_ADDR'] != md5($ui->ip('REMOTE_ADDR', 'server'))){
session_unset(); session_unset();
session_destroy(); session_destroy();
if (isset($page_include)) { if (isset($page_include)) {
redirect('/'); redirect('/');
} else { } else {
redirect('login.php'); redirect('login.php');
} }
} }
} else { } else {
$_SESSION['REMOTE_ADDR'] = md5($ui->ip('REMOTE_ADDR', 'server')); $_SESSION['REMOTE_ADDR'] = md5($ui->ip('REMOTE_ADDR', 'server'));
$_SESSION['HTTP_USER_AGENT'] = md5($ui->escaped('HTTP_USER_AGENT', 'server')); $_SESSION['HTTP_USER_AGENT'] = md5($ui->escaped('HTTP_USER_AGENT', 'server'));
@ -148,8 +158,8 @@ if (isset($reseller_id)) {
$lookupid = $reseller_id; $lookupid = $reseller_id;
} else { } else {
$check_split = preg_split("/\//", $ui->escaped('SCRIPT_NAME', 'server'),-1,PREG_SPLIT_NO_EMPTY); $check_split = preg_split("/\//", $ui->escaped('SCRIPT_NAME', 'server'), -1, PREG_SPLIT_NO_EMPTY);
$which_file = $check_split[count($check_split)-1]; $which_file = $check_split[count($check_split) - 1];
if ($which_file == 'userpanel.php') { if ($which_file == 'userpanel.php') {
$lookupid = $reseller_id; $lookupid = $reseller_id;
@ -194,7 +204,6 @@ if ($loguserip!='localhost') {
$maxnews=(isid($row['maxnews'],11)) ? $row['maxnews'] : 10; $maxnews=(isid($row['maxnews'],11)) ? $row['maxnews'] : 10;
$page_default = $row['defaultpage']; $page_default = $row['defaultpage'];
$pageurl = $row['pageurl']; $pageurl = $row['pageurl'];
if (!isurl($pageurl) and !isdomain($pageurl)) $pageurl = $page_url;
$protectioncheck = $row['protectioncheck']; $protectioncheck = $row['protectioncheck'];
$maxnews_sidebar = $row['maxnews_sidebar']; $maxnews_sidebar = $row['maxnews_sidebar'];
$newssidebar_textlength = $row['newssidebar_textlength']; $newssidebar_textlength = $row['newssidebar_textlength'];
@ -206,6 +215,10 @@ if ($loguserip!='localhost') {
$commentMinLength = $row['commentMinLength']; $commentMinLength = $row['commentMinLength'];
$commentsModerated = $row['commentsModerated']; $commentsModerated = $row['commentsModerated'];
$honeyPotKey = $row['honeyPotKey']; $honeyPotKey = $row['honeyPotKey'];
if (!isurl($pageurl) and !isdomain($pageurl)) {
$pageurl = $page_url;
}
} }
$ewInstallPath = EASYWIDIR; $ewInstallPath = EASYWIDIR;
@ -237,17 +250,20 @@ if ($loguserip!='localhost') {
$page_count = strtolower($elements[3]); $page_count = strtolower($elements[3]);
} }
} }
if (!isset($user_language) and isset($user_id) and isset($admin_id)) { if (!isset($user_language) and isset($user_id) and isset($admin_id)) {
$user_language=language($admin_id); $user_language = language($admin_id);
} else if (!isset($user_language) and isset($user_id) and !isset($admin_id)) { } else if (!isset($user_language) and isset($user_id) and !isset($admin_id)) {
$user_language=language($user_id); $user_language = language($user_id);
} else if (!isset($user_language) and isset($admin_id)) { } else if (!isset($user_language) and isset($admin_id)) {
$user_language=language($admin_id); $user_language = language($admin_id);
} }
if (isset($page_detect_language) and preg_match('/^[a-z]{2}+$/', $page_detect_language) and ((isset($_SESSION['language']) and $page_detect_language != $_SESSION['language']) or !isset($_SESSION['language']))){ if (isset($page_detect_language) and preg_match('/^[a-z]{2}+$/', $page_detect_language) and ((isset($_SESSION['language']) and $page_detect_language != $_SESSION['language']) or !isset($_SESSION['language']))){
$language_changed = true; $language_changed = true;
$user_language = $page_detect_language; $user_language = $page_detect_language;
} }
if ($ui->st('l', 'get') or isset($language_changed)) { if ($ui->st('l', 'get') or isset($language_changed)) {
if ($ui->st('l', 'get')) $user_language = $ui->st('l', 'get'); if ($ui->st('l', 'get')) $user_language = $ui->st('l', 'get');
@ -264,13 +280,18 @@ if ($loguserip!='localhost') {
} }
} }
$default_language=(!empty($user_language)) ? $user_language : $rSA['language']; $default_language=(!empty($user_language)) ? $user_language : $rSA['language'];
if (!isset($user_language) or empty($user_language)) { if (!isset($user_language) or empty($user_language)) {
$user_language = $default_language; $user_language = $default_language;
} }
$_SESSION['language'] = $user_language; $_SESSION['language'] = $user_language;
$gsprache=(isset($reseller_id)) ? getlanguagefile('general', $user_language, $reseller_id) : getlanguagefile('general', $user_language, 0);
$spracheResponse=(isset($reseller_id)) ? getlanguagefile('response', $user_language, $reseller_id) : getlanguagefile('response', $user_language, 0); $gsprache = (isset($reseller_id)) ? getlanguagefile('general', $user_language, $reseller_id) : getlanguagefile('general', $user_language, 0);
$spracheResponse = (isset($reseller_id)) ? getlanguagefile('response', $user_language, $reseller_id) : getlanguagefile('response', $user_language, 0);
} }
if (isset($logininclude) and $logininclude == true) { if (isset($logininclude) and $logininclude == true) {
$query = $sql->prepare("DELETE FROM `badips` WHERE `bantime` <= ?"); $query = $sql->prepare("DELETE FROM `badips` WHERE `bantime` <= ?");
$query->execute(array($logdate)); $query->execute(array($logdate));

86
web/switch.php
View File

@ -41,64 +41,66 @@ include(EASYWIDIR . '/stuff/functions.php');
include(EASYWIDIR . '/stuff/class_validator.php'); include(EASYWIDIR . '/stuff/class_validator.php');
include(EASYWIDIR . '/stuff/vorlage.php'); include(EASYWIDIR . '/stuff/vorlage.php');
include(EASYWIDIR . '/stuff/settings.php'); include(EASYWIDIR . '/stuff/settings.php');
if (!isset($admin_id) or !isset($reseller_id)) { if (!isset($admin_id) or !isset($reseller_id)) {
die('No access'); redirect('login.php');
} }
$pa = User_Permissions($admin_id); $pa = User_Permissions($admin_id);
if (!$pa['user'] and !$pa['gserver'] and !$pa['root']) { if (!$pa['user'] and !$pa['gserver'] and !$pa['root']) {
die('No access'); die('No access');
} }
if ($reseller_id != 0 and isset($admin_id) and $admin_id != $reseller_id) { if ($reseller_id != 0 and isset($admin_id) and $admin_id != $reseller_id) {
$reseller_id = $admin_id; $reseller_id = $admin_id;
} }
if ($ui->id('id', 19, 'get')) { if ($ui->id('id', 19, 'get')) {
$referrer = explode('/', str_replace(array('http://','https://'), '', strtolower($ui->escaped('HTTP_REFERER', 'server')))); $referrer = explode('/', str_replace(array('http://','https://'), '', strtolower($ui->escaped('HTTP_REFERER', 'server'))));
$refstring = explode('?',$referrer[1]); $refstring = explode('?', $referrer[1]);
if (isset($refstring[1])) { if (isset($refstring[1])) {
$from = explode('&',$refstring[1]); $from = explode('&', $refstring[1]);
} }
$query = $sql->prepare("SELECT `resellerid`,`accounttype` FROM `userdata` WHERE `id`=? LIMIT 1"); $query = $sql->prepare("SELECT `resellerid`,`accounttype` FROM `userdata` WHERE `id`=? LIMIT 1");
$query->execute(array($ui->id('id', 19, 'get'))); $query->execute(array($ui->id('id', 19, 'get')));
foreach ($query->fetchAll(PDO::FETCH_ASSOC) as $row) { foreach ($query->fetchAll(PDO::FETCH_ASSOC) as $row) {
$resellerid = $row['resellerid'];
$accounttype = $row['accounttype']; $sql = null;
}
$sql = null; if ($row['accounttype'] == 'u') {
if (!isset($resellerid) or ($reseller_id != 0 and $resellerid != $reseller_id)) {
header('Location: login.php'); $_SESSION['userid'] = $ui->id('id', 19, 'get');
die('Please allow redirection');
} if (isset($from) and $from[0] == "w=gs") {
if (isset($accounttype) and $accounttype == 'u') { redirect('userpanel.php?w=gs');
$_SESSION['userid'] = $ui->id('id', 19, 'get'); } else if (isset($from) and $from[0] == "w=vo") {
if (isset($from) and $from[0] == "w=gs") { redirect('userpanel.php?w=vo');
header('Location: userpanel.php?w=gs'); } else if (isset($from) and $from[0] == "w=my") {
die('Please allow redirection'); redirect('userpanel.php?w=my');
} else if (isset($from) and $from[0] == "w=vo") { } else {
header('Location: userpanel.php?w=vo'); redirect('userpanel.php');
die('Please allow redirection'); }
} else if (isset($from) and $from[0] == "w=my") {
header('Location: userpanel.php?w=my'); } else if ($row['accounttype'] == 'r' and $row['resellerid'] > 0) {
die('Please allow redirection'); $_SESSION['oldid'] = $admin_id;
$_SESSION['oldresellerid'] = $reseller_id;
$_SESSION['adminid'] = $ui->id('id', 19, 'get');
$_SESSION['resellerid'] = $row['resellerid'];
if ($reseller_id == 0) {
$_SESSION['oldadminid'] = $admin_id;
}
redirect('admin.php');
} else { } else {
header('Location: userpanel.php'); redirect('login.php');
die('Please allow redirection');
} }
} else if (isset($accounttype) and $accounttype == 'r' and isset($resellerid)) {
$_SESSION['oldid'] = $admin_id;
$_SESSION['oldresellerid'] = $reseller_id;
$_SESSION['adminid'] = $ui->id('id', 19, 'get');
$_SESSION['resellerid'] = $resellerid;
if ($reseller_id == 0) {
$_SESSION['oldadminid'] = $admin_id;
}
header('Location: admin.php');
die('Please allow redirection');
} else {
header('Location: login.php');
die('Please allow redirection');
} }
} else { }
$sql = null; $sql = null;
header('Location: login.php'); redirect('login.php');
die('Please allow redirection');
}