From e38f3be21b3c6f068546bee047de0d7677a73dd0 Mon Sep 17 00:00:00 2001
From: ice123123123 <34623954+ice123123123@users.noreply.github.com>
Date: Tue, 19 Dec 2017 20:09:12 +0100
Subject: [PATCH] security fix for reseller Accounts

---
 switch.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/switch.php b/switch.php
index b9305613..273b4d8c 100644
--- a/switch.php
+++ b/switch.php
@@ -70,7 +70,7 @@ if ($ui->id('id', 19, 'get')) {
 
         $sql = null;
 
-        if ($row['accounttype'] == 'u') {
+	if ($row['accounttype'] == 'u' && $row['resellerid'] == $reseller_id) {
 
             $_SESSION['userid'] = $ui->id('id', 19, 'get');
 
@@ -103,4 +103,4 @@ if ($ui->id('id', 19, 'get')) {
     }
 }
 $sql = null;
-redirect('login.php');
\ No newline at end of file
+redirect('login.php');