diff --git a/interface/web/client/templates/clients_list.htm b/interface/web/client/templates/clients_list.htm
index 8f33ace188e4e8a8d60a43d0bd3a19ed5a7ab047..820e27c86ef6e33eabf8c5eb447b1c219428630b 100644
--- a/interface/web/client/templates/clients_list.htm
+++ b/interface/web/client/templates/clients_list.htm
@@ -52,7 +52,9 @@
{tmpl_var name="country"} |
- {tmpl_var name='login_as_txt'}
+ {tmpl_var name='login_as_txt'}
+
+ {tmpl_var name='login_as_txt'}
{tmpl_var name='delete_txt'}
|
diff --git a/interface/web/client/templates/resellers_list.htm b/interface/web/client/templates/resellers_list.htm
index 66cb06af641bf4987c456f62cb27c42bf4f7bad7..507449726d22c3aaa950d7722759afe85a6ee208 100644
--- a/interface/web/client/templates/resellers_list.htm
+++ b/interface/web/client/templates/resellers_list.htm
@@ -51,7 +51,7 @@
{tmpl_var name="city"} |
{tmpl_var name="country"} |
- {tmpl_var name='login_as_txt'}
+ {tmpl_var name='login_as_txt'}
{tmpl_var name='delete_txt'}
|
diff --git a/interface/web/login/index.php b/interface/web/login/index.php
index 950c692956624a92c1de312000fe671991ba8dae..c9c412c1b308718796dc3da4e8bd2ec732987ec4 100644
--- a/interface/web/login/index.php
+++ b/interface/web/login/index.php
@@ -85,21 +85,59 @@ class login_index {
*/
if (isset($_SESSION['s']['user']) && $_SESSION['s']['user']['active'] == 1){
/*
- * only the admin can "login as" so if the user is NOT a admin, we
+ * only the admin or reseller can "login as" so if the user is NOT an admin or reseller, we
* open the startpage (after killing the old session), so the user
* is logout and has to start again!
*/
- if ($_SESSION['s']['user']['typ'] != 'admin') {
+ if ($_SESSION['s']['user']['typ'] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) {
/*
- * The actual user is NOT a admin, but maybe the admin
- * has logged in as "normal" user bevore...
+ * The actual user is NOT a admin or reseller, but maybe he
+ * has logged in as "normal" user before...
*/
- if (isset($_SESSION['s_old'])&& ($_SESSION['s_old']['user']['typ'] == 'admin')){
- /* The "old" user is admin, so everything is ok */
+
+ if (isset($_SESSION['s_old'])&& ($_SESSION['s_old']['user']['typ'] == 'admin' || $app->auth->has_clients($_SESSION['s_old']['user']['userid']))){
+ /* The "old" user is admin or reseller, so everything is ok
+ * if he is reseller, we need to check if he logs in to one of his clients
+ */
+ if($_SESSION['s_old']['user']['typ'] != 'admin') {
+
+ /* this is the one currently logged in (normal user) */
+ $old_client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
+ $old_client = $app->db->queryOneRecord("SELECT client.client_id, client.parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $old_client_group_id");
+
+ /* this is the reseller, that shall be re-logged in */
+ $sql = "SELECT * FROM sys_user WHERE USERNAME = '$username' and PASSWORT = '". $passwort. "'";
+ $tmp = $app->db->queryOneRecord($sql);
+ $client_group_id = $app->functions->intval($tmp['default_group']);
+ $tmp_client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+
+ if(!$tmp_client || $old_client["parent_client_id"] != $tmp_client["client_id"] || $tmp["default_group"] != $_SESSION["s_old"]["user"]["default_group"] ) {
+ die("You don't have the right to 'login as' this user!");
+ }
+ unset($old_client);
+ unset($tmp_client);
+ unset($tmp);
+ }
}
else {
die("You don't have the right to 'login as'!");
}
+ } elseif($_SESSION['s']['user']['typ'] != 'admin') {
+ /* a reseller wants to 'login as', we need to check if he is allowed to */
+ $res_client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
+ $res_client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $res_client_group_id");
+
+ /* this is the user the reseller wants to 'login as' */
+ $sql = "SELECT * FROM sys_user WHERE USERNAME = '$username' and PASSWORT = '". $passwort. "'";
+ $tmp = $app->db->queryOneRecord($sql);
+ $tmp_client = $app->db->queryOneRecord("SELECT client.client_id, client.parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = " . $app->functions->intval($tmp["default_group"]));
+
+ if(!$tmp || $tmp_client["parent_client_id"] != $res_client["client_id"]) {
+ die("You don't have the right to login as this user!");
+ }
+ unset($res_client);
+ unset($tmp);
+ unset($tmp_client);
}
$loginAs = true;
}
diff --git a/interface/web/admin/lib/lang/ar_login_as.lng b/interface/web/login/lib/lang/ar_login_as.lng
similarity index 100%
rename from interface/web/admin/lib/lang/ar_login_as.lng
rename to interface/web/login/lib/lang/ar_login_as.lng
diff --git a/interface/web/admin/lib/lang/bg_login_as.lng b/interface/web/login/lib/lang/bg_login_as.lng
similarity index 100%
rename from interface/web/admin/lib/lang/bg_login_as.lng
rename to interface/web/login/lib/lang/bg_login_as.lng
diff --git a/interface/web/admin/lib/lang/br_login_as.lng b/interface/web/login/lib/lang/br_login_as.lng
similarity index 100%
rename from interface/web/admin/lib/lang/br_login_as.lng
rename to interface/web/login/lib/lang/br_login_as.lng
diff --git a/interface/web/admin/lib/lang/cz_login_as.lng b/interface/web/login/lib/lang/cz_login_as.lng
similarity index 100%
rename from interface/web/admin/lib/lang/cz_login_as.lng
rename to interface/web/login/lib/lang/cz_login_as.lng
diff --git a/interface/web/admin/lib/lang/de_login_as.lng b/interface/web/login/lib/lang/de_login_as.lng
similarity index 100%
rename from interface/web/admin/lib/lang/de_login_as.lng
rename to interface/web/login/lib/lang/de_login_as.lng
diff --git a/interface/web/admin/lib/lang/el_login_as.lng b/interface/web/login/lib/lang/el_login_as.lng
similarity index 100%
rename from interface/web/admin/lib/lang/el_login_as.lng
rename to interface/web/login/lib/lang/el_login_as.lng
diff --git a/interface/web/admin/lib/lang/en_login_as.lng b/interface/web/login/lib/lang/en_login_as.lng
similarity index 100%
rename from interface/web/admin/lib/lang/en_login_as.lng
rename to interface/web/login/lib/lang/en_login_as.lng
diff --git a/interface/web/admin/lib/lang/es_login_as.lng b/interface/web/login/lib/lang/es_login_as.lng
similarity index 100%
rename from interface/web/admin/lib/lang/es_login_as.lng
rename to interface/web/login/lib/lang/es_login_as.lng
diff --git a/interface/web/admin/lib/lang/fi_login_as.lng b/interface/web/login/lib/lang/fi_login_as.lng
similarity index 100%
rename from interface/web/admin/lib/lang/fi_login_as.lng
rename to interface/web/login/lib/lang/fi_login_as.lng
diff --git a/interface/web/admin/lib/lang/fr_login_as.lng b/interface/web/login/lib/lang/fr_login_as.lng
similarity index 100%
rename from interface/web/admin/lib/lang/fr_login_as.lng
rename to interface/web/login/lib/lang/fr_login_as.lng
diff --git a/interface/web/admin/lib/lang/hr_login_as.lng b/interface/web/login/lib/lang/hr_login_as.lng
similarity index 100%
rename from interface/web/admin/lib/lang/hr_login_as.lng
rename to interface/web/login/lib/lang/hr_login_as.lng
diff --git a/interface/web/admin/lib/lang/hu_login_as.lng b/interface/web/login/lib/lang/hu_login_as.lng
similarity index 100%
rename from interface/web/admin/lib/lang/hu_login_as.lng
rename to interface/web/login/lib/lang/hu_login_as.lng
diff --git a/interface/web/admin/lib/lang/id_login_as.lng b/interface/web/login/lib/lang/id_login_as.lng
similarity index 100%
rename from interface/web/admin/lib/lang/id_login_as.lng
rename to interface/web/login/lib/lang/id_login_as.lng
diff --git a/interface/web/admin/lib/lang/it_login_as.lng b/interface/web/login/lib/lang/it_login_as.lng
similarity index 100%
rename from interface/web/admin/lib/lang/it_login_as.lng
rename to interface/web/login/lib/lang/it_login_as.lng
diff --git a/interface/web/admin/lib/lang/ja_login_as.lng b/interface/web/login/lib/lang/ja_login_as.lng
similarity index 100%
rename from interface/web/admin/lib/lang/ja_login_as.lng
rename to interface/web/login/lib/lang/ja_login_as.lng
diff --git a/interface/web/admin/lib/lang/nl_login_as.lng b/interface/web/login/lib/lang/nl_login_as.lng
similarity index 100%
rename from interface/web/admin/lib/lang/nl_login_as.lng
rename to interface/web/login/lib/lang/nl_login_as.lng
diff --git a/interface/web/admin/lib/lang/pl_login_as.lng b/interface/web/login/lib/lang/pl_login_as.lng
similarity index 100%
rename from interface/web/admin/lib/lang/pl_login_as.lng
rename to interface/web/login/lib/lang/pl_login_as.lng
diff --git a/interface/web/admin/lib/lang/pt_login_as.lng b/interface/web/login/lib/lang/pt_login_as.lng
similarity index 100%
rename from interface/web/admin/lib/lang/pt_login_as.lng
rename to interface/web/login/lib/lang/pt_login_as.lng
diff --git a/interface/web/admin/lib/lang/ro_login_as.lng b/interface/web/login/lib/lang/ro_login_as.lng
similarity index 100%
rename from interface/web/admin/lib/lang/ro_login_as.lng
rename to interface/web/login/lib/lang/ro_login_as.lng
diff --git a/interface/web/admin/lib/lang/ru_login_as.lng b/interface/web/login/lib/lang/ru_login_as.lng
similarity index 100%
rename from interface/web/admin/lib/lang/ru_login_as.lng
rename to interface/web/login/lib/lang/ru_login_as.lng
diff --git a/interface/web/admin/lib/lang/se_login_as.lng b/interface/web/login/lib/lang/se_login_as.lng
similarity index 100%
rename from interface/web/admin/lib/lang/se_login_as.lng
rename to interface/web/login/lib/lang/se_login_as.lng
diff --git a/interface/web/admin/lib/lang/sk_login_as.lng b/interface/web/login/lib/lang/sk_login_as.lng
similarity index 100%
rename from interface/web/admin/lib/lang/sk_login_as.lng
rename to interface/web/login/lib/lang/sk_login_as.lng
diff --git a/interface/web/admin/lib/lang/tr_login_as.lng b/interface/web/login/lib/lang/tr_login_as.lng
similarity index 100%
rename from interface/web/admin/lib/lang/tr_login_as.lng
rename to interface/web/login/lib/lang/tr_login_as.lng
diff --git a/interface/web/admin/login_as.php b/interface/web/login/login_as.php
similarity index 75%
rename from interface/web/admin/login_as.php
rename to interface/web/login/login_as.php
index 3d0fbf865c3595238b5575a8fb809fd2e0969a7c..ed2dc9e9d9bd20f705abf8b5ebeb70061285193a 100644
--- a/interface/web/admin/login_as.php
+++ b/interface/web/login/login_as.php
@@ -31,11 +31,13 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
require_once '../../lib/config.inc.php';
require_once '../../lib/app.inc.php';
-/* Check permissions for module */
-$app->auth->check_module_permissions('admin');
+/* check if the user is logged in */
+if(!isset($_SESSION['s']['user'])) {
+ die ("You have to be logged in to login as other user!");
+}
-/* for security reasons ONLY the admin can login as other user */
-if ($_SESSION["s"]["user"]["typ"] != 'admin') {
+/* for security reasons ONLY the admin or a reseller can login as other user */
+if ($_SESSION["s"]["user"]["typ"] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) {
die ("You don't have the right to login as other user!");
}
@@ -45,13 +47,26 @@ if (!isset($_GET['id']) && !isset($_GET['cid'])){
}
if(isset($_GET['id'])) {
+ if($_SESSION["s"]["user"]["typ"] != 'admin') {
+ die ("You don't have the right to login as system user!");
+ }
$userId = $app->functions->intval($_GET['id']);
$backlink = 'admin/users_list.php';
} else {
$client_id = $app->functions->intval($_GET['cid']);
- $tmp_client = $app->db->queryOneRecord("SELECT username FROM client WHERE client_id = $client_id");
+ $tmp_client = $app->db->queryOneRecord("SELECT username, parent_client_id FROM client WHERE client_id = $client_id");
$tmp_sys_user = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE username = '".$app->db->quote($tmp_client['username'])."'");
$userId = $app->functions->intval($tmp_sys_user['userid']);
+ /* check if this client belongs to reseller that tries to log in, if we are not admin */
+ if($_SESSION["s"]["user"]["typ"] != 'admin') {
+ $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
+ $client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ if(!$client || $tmp_client["parent_client_id"] != $client["client_id"]) {
+ die("You don't have the right to login as this user!");
+ }
+ unset($client);
+ }
+
unset($tmp_client);
unset($tmp_sys_user);
$backlink = 'client/client_list.php';
diff --git a/interface/web/login/logout.php b/interface/web/login/logout.php
index b2b1ac248ddd8c31f8b994f404900d9d2f0791ab..5e796290f3bd71ef8ceef35ee3d2a3bde69fab53 100644
--- a/interface/web/login/logout.php
+++ b/interface/web/login/logout.php
@@ -40,11 +40,12 @@ if (isset($_GET['l']) && ($_GET['l']== 1)) $forceLogout = true;
* if the admin is logged in as client, then ask, if the admin want't to
* "re-login" as admin again
*/
-if ((isset($_SESSION['s_old']) && ($_SESSION['s_old']['user']['typ'] == 'admin')) &&
+if ((isset($_SESSION['s_old']) && ($_SESSION['s_old']['user']['typ'] == 'admin' || $app->auth->has_clients($_SESSION['s_old']['user']['userid']))) &&
(!$forceLogout)){
+ $utype = ($_SESSION['s_old']['user']['typ'] == 'admin' ? 'admin' : 'reseller');
echo '
- Do you want to re-login as admin or log out?
+ Do you want to re-login as ' . $utype . ' or log out?