malhuda/developer
1
0
Fork 0
mirror of https://github.com/easy-wi/developer.git synced 2025-02-20 11:23:28 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Redirect when reseller and resellerid not >0

Browse Source
This commit is contained in:
Ulrich Block 2013-10-15 20:28:20 +02:00
parent 41148c9dee
commit b9da084b1c
4 changed files with 91 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
web/login.php
View File

@ -214,7 +214,7 @@ if ($ui->st('w', 'get') == 'lo') {
$salt = '';
$query = $sql->prepare("SELECT `id`,`cname`,`active`,`security`,`resellerid`,`mail`,`salt`,`externalID` FROM `userdata` WHERE `cname`=? OR `mail`=? ORDER BY `lastlogin` DESC LIMIT 1");
$query = $sql->prepare("SELECT `id`,`accounttype`,`cname`,`active`,`security`,`resellerid`,`mail`,`salt`,`externalID` FROM `userdata` WHERE `cname`=? OR `mail`=? ORDER BY `lastlogin` DESC LIMIT 1");
$query->execute(array($ui->username('username', 255, 'post'),$ui->ismail('username', 'post')));
foreach ($query->fetchAll(PDO::FETCH_ASSOC) as $row) {
$username = $row['cname'];
@ -225,6 +225,7 @@ if ($ui->st('w', 'get') == 'lo') {
$externalID = $row['externalID'];
$security = $row['security'];
$resellerid = $row['resellerid'];
$accounttype = $row['accounttype'];
$userpassNew = createHash($username, $password, $salt, $aeskey);
@ -353,6 +354,10 @@ if ($ui->st('w', 'get') == 'lo') {
$query->execute(array($logintime, $logdate, $id));
}
if (!isset($accounttype) or !isset($resellerid) or ($accounttype == 'r' and $resellerid < 1)) {
redirect('login.php');
}
$_SESSION['resellerid'] = $resellerid;
$query = $sql->prepare("DELETE FROM `badips` WHERE `badip`=?");

10
web/stuff/init_admin.php
View File

@ -114,6 +114,7 @@ foreach ($query->fetchAll(PDO::FETCH_ASSOC) as $row) {
if ($row['active'] == 'Y' and $row['type'] == 'A' and is_file(EASYWIDIR . '/stuff/' . $row['file'])) {
$query2->execute(array($row['id'], $user_language));
$name = $query2->fetchColumn();
if (strlen($name) == 0) {
$query2->execute(array($row['id'], $rSA['language']));
$name = $query2->fetchColumn();
@ -121,12 +122,15 @@ foreach ($query->fetchAll(PDO::FETCH_ASSOC) as $row) {
if (strlen($name) == 0) {
$name = $row['file'];
}
$customModules[$row['sub']][$row['get']] = $name;
$what_to_be_included_array[$row['get']] = $row['file'];
} else if ($row['type'] == 'C' and $row['active'] == 'N') {
$easywiModules[$row['get']] = false;
}
}
if ($easywiModules['gs'] === true) {
$what_to_be_included_array['ro'] = 'roots.php';
$what_to_be_included_array['ma'] = 'masterserver.php';
@ -134,12 +138,15 @@ if ($easywiModules['gs'] === true) {
$what_to_be_included_array['ad'] = 'addons.php';
$what_to_be_included_array['im'] = 'images.php';
}
if ($easywiModules['ea'] === true) {
$what_to_be_included_array['ea'] = 'eac.php';
}
if ($easywiModules['my'] === true) {
$what_to_be_included_array['my'] = 'mysql_server.php';
}
if ($easywiModules['ro'] === true) {
$what_to_be_included_array['rh'] = 'root_dedicated.php';
$what_to_be_included_array['rd'] = 'root_dhcp.php';
@ -149,13 +156,16 @@ if ($easywiModules['ro'] === true) {
$what_to_be_included_array['ot'] = 'roots_os_templates.php';
$what_to_be_included_array['tf'] = 'traffic.php';
}
if ($easywiModules['ti'] === true) {
$what_to_be_included_array['ti'] = 'tickets.php';
$what_to_be_included_array['tr'] = 'tickets_reseller.php';
}
if ($easywiModules['le'] === true) {
$what_to_be_included_array['le'] = 'lendserver.php';
}
if ($easywiModules['vo'] === true) {
$what_to_be_included_array['vu'] = 'voice_usage.php';
$what_to_be_included_array['vo'] = 'voice.php';

41
web/stuff/settings.php
View File

@ -35,6 +35,7 @@
* Sie sollten eine Kopie der GNU General Public License zusammen mit diesem
* Programm erhalten haben. Wenn nicht, siehe <http://www.gnu.org/licenses/>.
*/
if (isset($_SERVER['QUERY_STRING'])) {
$queries = strtolower($_SERVER['QUERY_STRING']);
$badcontent = array("http://", "ftp://", "https://", "ftps://", "delete ", "from ", "into ", "userdata ", "userdata(", "userdata`", "userpermissions ", "userpermissions(", "userpermissions`", "select ", "set ", "where ", "update ", "union ", "*", ".ssh", "~", "chmod ", "passwd", "fclose", "fopen", "fwrite", "getenv", "locate", "passthru", "phpinfo", "proc_close", "proc_get_status", "proc_nice", "proc_open", "proc_terminate", "shell_exec(", "system(");
@ -43,16 +44,21 @@ if (isset($_SERVER['QUERY_STRING'])) {
die();
}
}
include(EASYWIDIR . '/stuff/config.php');
$ui = new ValidateUserinput($_GET, $_POST, $_SERVER, array(), $_ENV);
unset($_GET, $_POST, $_SERVER, $_ENV);
include(EASYWIDIR . '/stuff/config.php');
$ewCfg['captcha'] = $captcha;
$ewCfg['title'] = $title;
$dbConnect['type']=(!isset($type) or $type == '') ? 'mysql' : $type;
$dbConnect['type'] = (!isset($type) or $type == '') ? 'mysql' : $type;
$dbConnect['host'] = $host;
$dbConnect['user'] = $user;
$dbConnect['pwd'] = $pwd;
$dbConnect['db'] = $db;
if (isset($debug) and $debug==1) {
$dbConnect['debug'] = 1;
ini_set('display_errors',1);
@ -109,6 +115,8 @@ if ($loguserip != 'localhost') {
if (isset($_SESSION['resellerid']) and is_numeric($_SESSION['resellerid'])) {
$reseller_id = $_SESSION['resellerid'];
} else if ((isset($_SESSION['userid']) or isset($_SESSION['adminid'])) and (!isset($_SESSION['resellerid']) or !is_numeric($_SESSION['resellerid']))) {
redirect('login.php');
}
if (isset($_SESSION['HTTP_USER_AGENT']) and isset($_SESSION['REMOTE_ADDR'])){
@ -116,12 +124,14 @@ if ($loguserip != 'localhost') {
if ($_SESSION['HTTP_USER_AGENT'] != md5($ui->escaped('HTTP_USER_AGENT', 'server')) or $_SESSION['REMOTE_ADDR'] != md5($ui->ip('REMOTE_ADDR', 'server'))){
session_unset();
session_destroy();
if (isset($page_include)) {
redirect('/');
} else {
redirect('login.php');
}
}
} else {
$_SESSION['REMOTE_ADDR'] = md5($ui->ip('REMOTE_ADDR', 'server'));
$_SESSION['HTTP_USER_AGENT'] = md5($ui->escaped('HTTP_USER_AGENT', 'server'));
@ -148,8 +158,8 @@ if (isset($reseller_id)) {
$lookupid = $reseller_id;
} else {
$check_split = preg_split("/\//", $ui->escaped('SCRIPT_NAME', 'server'),-1,PREG_SPLIT_NO_EMPTY);
$which_file = $check_split[count($check_split)-1];
$check_split = preg_split("/\//", $ui->escaped('SCRIPT_NAME', 'server'), -1, PREG_SPLIT_NO_EMPTY);
$which_file = $check_split[count($check_split) - 1];
if ($which_file == 'userpanel.php') {
$lookupid = $reseller_id;
@ -194,7 +204,6 @@ if ($loguserip!='localhost') {
$maxnews=(isid($row['maxnews'],11)) ? $row['maxnews'] : 10;
$page_default = $row['defaultpage'];
$pageurl = $row['pageurl'];
if (!isurl($pageurl) and !isdomain($pageurl)) $pageurl = $page_url;
$protectioncheck = $row['protectioncheck'];
$maxnews_sidebar = $row['maxnews_sidebar'];
$newssidebar_textlength = $row['newssidebar_textlength'];
@ -206,6 +215,10 @@ if ($loguserip!='localhost') {
$commentMinLength = $row['commentMinLength'];
$commentsModerated = $row['commentsModerated'];
$honeyPotKey = $row['honeyPotKey'];
if (!isurl($pageurl) and !isdomain($pageurl)) {
$pageurl = $page_url;
}
}
$ewInstallPath = EASYWIDIR;
@ -237,17 +250,20 @@ if ($loguserip!='localhost') {
$page_count = strtolower($elements[3]);
}
}
if (!isset($user_language) and isset($user_id) and isset($admin_id)) {
$user_language=language($admin_id);
$user_language = language($admin_id);
} else if (!isset($user_language) and isset($user_id) and !isset($admin_id)) {
$user_language=language($user_id);
$user_language = language($user_id);
} else if (!isset($user_language) and isset($admin_id)) {
$user_language=language($admin_id);
$user_language = language($admin_id);
}
if (isset($page_detect_language) and preg_match('/^[a-z]{2}+$/', $page_detect_language) and ((isset($_SESSION['language']) and $page_detect_language != $_SESSION['language']) or !isset($_SESSION['language']))){
$language_changed = true;
$user_language = $page_detect_language;
}
if ($ui->st('l', 'get') or isset($language_changed)) {
if ($ui->st('l', 'get')) $user_language = $ui->st('l', 'get');
@ -264,13 +280,18 @@ if ($loguserip!='localhost') {
}
}
$default_language=(!empty($user_language)) ? $user_language : $rSA['language'];
if (!isset($user_language) or empty($user_language)) {
$user_language = $default_language;
}
$_SESSION['language'] = $user_language;
$gsprache=(isset($reseller_id)) ? getlanguagefile('general', $user_language, $reseller_id) : getlanguagefile('general', $user_language, 0);
$spracheResponse=(isset($reseller_id)) ? getlanguagefile('response', $user_language, $reseller_id) : getlanguagefile('response', $user_language, 0);
$gsprache = (isset($reseller_id)) ? getlanguagefile('general', $user_language, $reseller_id) : getlanguagefile('general', $user_language, 0);
$spracheResponse = (isset($reseller_id)) ? getlanguagefile('response', $user_language, $reseller_id) : getlanguagefile('response', $user_language, 0);
}
if (isset($logininclude) and $logininclude == true) {
$query = $sql->prepare("DELETE FROM `badips` WHERE `bantime` <= ?");
$query->execute(array($logdate));

84
web/switch.php
View File

@ -41,64 +41,66 @@ include(EASYWIDIR . '/stuff/functions.php');
include(EASYWIDIR . '/stuff/class_validator.php');
include(EASYWIDIR . '/stuff/vorlage.php');
include(EASYWIDIR . '/stuff/settings.php');
if (!isset($admin_id) or !isset($reseller_id)) {
die('No access');
redirect('login.php');
}
$pa = User_Permissions($admin_id);
if (!$pa['user'] and !$pa['gserver'] and !$pa['root']) {
die('No access');
}
if ($reseller_id != 0 and isset($admin_id) and $admin_id != $reseller_id) {
$reseller_id = $admin_id;
}
if ($ui->id('id', 19, 'get')) {
$referrer = explode('/', str_replace(array('http://','https://'), '', strtolower($ui->escaped('HTTP_REFERER', 'server'))));
$refstring = explode('?',$referrer[1]);
$refstring = explode('?', $referrer[1]);
if (isset($refstring[1])) {
$from = explode('&',$refstring[1]);
$from = explode('&', $refstring[1]);
}
$query = $sql->prepare("SELECT `resellerid`,`accounttype` FROM `userdata` WHERE `id`=? LIMIT 1");
$query->execute(array($ui->id('id', 19, 'get')));
foreach ($query->fetchAll(PDO::FETCH_ASSOC) as $row) {
$resellerid = $row['resellerid'];
$accounttype = $row['accounttype'];
}
$sql = null;
if (!isset($resellerid) or ($reseller_id != 0 and $resellerid != $reseller_id)) {
header('Location: login.php');
die('Please allow redirection');
}
if (isset($accounttype) and $accounttype == 'u') {
$_SESSION['userid'] = $ui->id('id', 19, 'get');
if (isset($from) and $from[0] == "w=gs") {
header('Location: userpanel.php?w=gs');
die('Please allow redirection');
} else if (isset($from) and $from[0] == "w=vo") {
header('Location: userpanel.php?w=vo');
die('Please allow redirection');
} else if (isset($from) and $from[0] == "w=my") {
header('Location: userpanel.php?w=my');
die('Please allow redirection');
$sql = null;
if ($row['accounttype'] == 'u') {
$_SESSION['userid'] = $ui->id('id', 19, 'get');
if (isset($from) and $from[0] == "w=gs") {
redirect('userpanel.php?w=gs');
} else if (isset($from) and $from[0] == "w=vo") {
redirect('userpanel.php?w=vo');
} else if (isset($from) and $from[0] == "w=my") {
redirect('userpanel.php?w=my');
} else {
redirect('userpanel.php');
}
} else if ($row['accounttype'] == 'r' and $row['resellerid'] > 0) {
$_SESSION['oldid'] = $admin_id;
$_SESSION['oldresellerid'] = $reseller_id;
$_SESSION['adminid'] = $ui->id('id', 19, 'get');
$_SESSION['resellerid'] = $row['resellerid'];
if ($reseller_id == 0) {
$_SESSION['oldadminid'] = $admin_id;
}
redirect('admin.php');
} else {
header('Location: userpanel.php');
die('Please allow redirection');
redirect('login.php');
}
} else if (isset($accounttype) and $accounttype == 'r' and isset($resellerid)) {
$_SESSION['oldid'] = $admin_id;
$_SESSION['oldresellerid'] = $reseller_id;
$_SESSION['adminid'] = $ui->id('id', 19, 'get');
$_SESSION['resellerid'] = $resellerid;
if ($reseller_id == 0) {
$_SESSION['oldadminid'] = $admin_id;
}
header('Location: admin.php');
die('Please allow redirection');
} else {
header('Location: login.php');
die('Please allow redirection');
}
} else {
$sql = null;
header('Location: login.php');
die('Please allow redirection');
}
$sql = null;
redirect('login.php');