From c6f36f01c83cf435bbc338443a357f81c49cbbca Mon Sep 17 00:00:00 2001 From: Marius Cramer Date: Wed, 20 Nov 2013 15:21:47 +0100 Subject: [PATCH] Implemented FS#2531 - switch from a reseller to a client --- .../web/client/templates/clients_list.htm | 4 +- .../web/client/templates/resellers_list.htm | 2 +- interface/web/login/index.php | 50 ++++++++++++++++--- .../{admin => login}/lib/lang/ar_login_as.lng | 0 .../{admin => login}/lib/lang/bg_login_as.lng | 0 .../{admin => login}/lib/lang/br_login_as.lng | 0 .../{admin => login}/lib/lang/cz_login_as.lng | 0 .../{admin => login}/lib/lang/de_login_as.lng | 0 .../{admin => login}/lib/lang/el_login_as.lng | 0 .../{admin => login}/lib/lang/en_login_as.lng | 0 .../{admin => login}/lib/lang/es_login_as.lng | 0 .../{admin => login}/lib/lang/fi_login_as.lng | 0 .../{admin => login}/lib/lang/fr_login_as.lng | 0 .../{admin => login}/lib/lang/hr_login_as.lng | 0 .../{admin => login}/lib/lang/hu_login_as.lng | 0 .../{admin => login}/lib/lang/id_login_as.lng | 0 .../{admin => login}/lib/lang/it_login_as.lng | 0 .../{admin => login}/lib/lang/ja_login_as.lng | 0 .../{admin => login}/lib/lang/nl_login_as.lng | 0 .../{admin => login}/lib/lang/pl_login_as.lng | 0 .../{admin => login}/lib/lang/pt_login_as.lng | 0 .../{admin => login}/lib/lang/ro_login_as.lng | 0 .../{admin => login}/lib/lang/ru_login_as.lng | 0 .../{admin => login}/lib/lang/se_login_as.lng | 0 .../{admin => login}/lib/lang/sk_login_as.lng | 0 .../{admin => login}/lib/lang/tr_login_as.lng | 0 interface/web/{admin => login}/login_as.php | 25 ++++++++-- interface/web/login/logout.php | 7 +-- 28 files changed, 72 insertions(+), 16 deletions(-) rename interface/web/{admin => login}/lib/lang/ar_login_as.lng (100%) rename interface/web/{admin => login}/lib/lang/bg_login_as.lng (100%) rename interface/web/{admin => login}/lib/lang/br_login_as.lng (100%) rename interface/web/{admin => login}/lib/lang/cz_login_as.lng (100%) rename interface/web/{admin => login}/lib/lang/de_login_as.lng (100%) rename interface/web/{admin => login}/lib/lang/el_login_as.lng (100%) rename interface/web/{admin => login}/lib/lang/en_login_as.lng (100%) rename interface/web/{admin => login}/lib/lang/es_login_as.lng (100%) rename interface/web/{admin => login}/lib/lang/fi_login_as.lng (100%) rename interface/web/{admin => login}/lib/lang/fr_login_as.lng (100%) rename interface/web/{admin => login}/lib/lang/hr_login_as.lng (100%) rename interface/web/{admin => login}/lib/lang/hu_login_as.lng (100%) rename interface/web/{admin => login}/lib/lang/id_login_as.lng (100%) rename interface/web/{admin => login}/lib/lang/it_login_as.lng (100%) rename interface/web/{admin => login}/lib/lang/ja_login_as.lng (100%) rename interface/web/{admin => login}/lib/lang/nl_login_as.lng (100%) rename interface/web/{admin => login}/lib/lang/pl_login_as.lng (100%) rename interface/web/{admin => login}/lib/lang/pt_login_as.lng (100%) rename interface/web/{admin => login}/lib/lang/ro_login_as.lng (100%) rename interface/web/{admin => login}/lib/lang/ru_login_as.lng (100%) rename interface/web/{admin => login}/lib/lang/se_login_as.lng (100%) rename interface/web/{admin => login}/lib/lang/sk_login_as.lng (100%) rename interface/web/{admin => login}/lib/lang/tr_login_as.lng (100%) rename interface/web/{admin => login}/login_as.php (75%) diff --git a/interface/web/client/templates/clients_list.htm b/interface/web/client/templates/clients_list.htm index 8f33ace18..820e27c86 100644 --- a/interface/web/client/templates/clients_list.htm +++ b/interface/web/client/templates/clients_list.htm @@ -52,7 +52,9 @@
{tmpl_var name="country"} - {tmpl_var name='login_as_txt'} + {tmpl_var name='login_as_txt'} + + {tmpl_var name='login_as_txt'} {tmpl_var name='delete_txt'} diff --git a/interface/web/client/templates/resellers_list.htm b/interface/web/client/templates/resellers_list.htm index 66cb06af6..507449726 100644 --- a/interface/web/client/templates/resellers_list.htm +++ b/interface/web/client/templates/resellers_list.htm @@ -51,7 +51,7 @@ {tmpl_var name="city"}
{tmpl_var name="country"} - {tmpl_var name='login_as_txt'} + {tmpl_var name='login_as_txt'} {tmpl_var name='delete_txt'} diff --git a/interface/web/login/index.php b/interface/web/login/index.php index 950c69295..c9c412c1b 100644 --- a/interface/web/login/index.php +++ b/interface/web/login/index.php @@ -85,21 +85,59 @@ class login_index { */ if (isset($_SESSION['s']['user']) && $_SESSION['s']['user']['active'] == 1){ /* - * only the admin can "login as" so if the user is NOT a admin, we + * only the admin or reseller can "login as" so if the user is NOT an admin or reseller, we * open the startpage (after killing the old session), so the user * is logout and has to start again! */ - if ($_SESSION['s']['user']['typ'] != 'admin') { + if ($_SESSION['s']['user']['typ'] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) { /* - * The actual user is NOT a admin, but maybe the admin - * has logged in as "normal" user bevore... + * The actual user is NOT a admin or reseller, but maybe he + * has logged in as "normal" user before... */ - if (isset($_SESSION['s_old'])&& ($_SESSION['s_old']['user']['typ'] == 'admin')){ - /* The "old" user is admin, so everything is ok */ + + if (isset($_SESSION['s_old'])&& ($_SESSION['s_old']['user']['typ'] == 'admin' || $app->auth->has_clients($_SESSION['s_old']['user']['userid']))){ + /* The "old" user is admin or reseller, so everything is ok + * if he is reseller, we need to check if he logs in to one of his clients + */ + if($_SESSION['s_old']['user']['typ'] != 'admin') { + + /* this is the one currently logged in (normal user) */ + $old_client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]); + $old_client = $app->db->queryOneRecord("SELECT client.client_id, client.parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $old_client_group_id"); + + /* this is the reseller, that shall be re-logged in */ + $sql = "SELECT * FROM sys_user WHERE USERNAME = '$username' and PASSWORT = '". $passwort. "'"; + $tmp = $app->db->queryOneRecord($sql); + $client_group_id = $app->functions->intval($tmp['default_group']); + $tmp_client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id"); + + if(!$tmp_client || $old_client["parent_client_id"] != $tmp_client["client_id"] || $tmp["default_group"] != $_SESSION["s_old"]["user"]["default_group"] ) { + die("You don't have the right to 'login as' this user!"); + } + unset($old_client); + unset($tmp_client); + unset($tmp); + } } else { die("You don't have the right to 'login as'!"); } + } elseif($_SESSION['s']['user']['typ'] != 'admin') { + /* a reseller wants to 'login as', we need to check if he is allowed to */ + $res_client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]); + $res_client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $res_client_group_id"); + + /* this is the user the reseller wants to 'login as' */ + $sql = "SELECT * FROM sys_user WHERE USERNAME = '$username' and PASSWORT = '". $passwort. "'"; + $tmp = $app->db->queryOneRecord($sql); + $tmp_client = $app->db->queryOneRecord("SELECT client.client_id, client.parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = " . $app->functions->intval($tmp["default_group"])); + + if(!$tmp || $tmp_client["parent_client_id"] != $res_client["client_id"]) { + die("You don't have the right to login as this user!"); + } + unset($res_client); + unset($tmp); + unset($tmp_client); } $loginAs = true; } diff --git a/interface/web/admin/lib/lang/ar_login_as.lng b/interface/web/login/lib/lang/ar_login_as.lng similarity index 100% rename from interface/web/admin/lib/lang/ar_login_as.lng rename to interface/web/login/lib/lang/ar_login_as.lng diff --git a/interface/web/admin/lib/lang/bg_login_as.lng b/interface/web/login/lib/lang/bg_login_as.lng similarity index 100% rename from interface/web/admin/lib/lang/bg_login_as.lng rename to interface/web/login/lib/lang/bg_login_as.lng diff --git a/interface/web/admin/lib/lang/br_login_as.lng b/interface/web/login/lib/lang/br_login_as.lng similarity index 100% rename from interface/web/admin/lib/lang/br_login_as.lng rename to interface/web/login/lib/lang/br_login_as.lng diff --git a/interface/web/admin/lib/lang/cz_login_as.lng b/interface/web/login/lib/lang/cz_login_as.lng similarity index 100% rename from interface/web/admin/lib/lang/cz_login_as.lng rename to interface/web/login/lib/lang/cz_login_as.lng diff --git a/interface/web/admin/lib/lang/de_login_as.lng b/interface/web/login/lib/lang/de_login_as.lng similarity index 100% rename from interface/web/admin/lib/lang/de_login_as.lng rename to interface/web/login/lib/lang/de_login_as.lng diff --git a/interface/web/admin/lib/lang/el_login_as.lng b/interface/web/login/lib/lang/el_login_as.lng similarity index 100% rename from interface/web/admin/lib/lang/el_login_as.lng rename to interface/web/login/lib/lang/el_login_as.lng diff --git a/interface/web/admin/lib/lang/en_login_as.lng b/interface/web/login/lib/lang/en_login_as.lng similarity index 100% rename from interface/web/admin/lib/lang/en_login_as.lng rename to interface/web/login/lib/lang/en_login_as.lng diff --git a/interface/web/admin/lib/lang/es_login_as.lng b/interface/web/login/lib/lang/es_login_as.lng similarity index 100% rename from interface/web/admin/lib/lang/es_login_as.lng rename to interface/web/login/lib/lang/es_login_as.lng diff --git a/interface/web/admin/lib/lang/fi_login_as.lng b/interface/web/login/lib/lang/fi_login_as.lng similarity index 100% rename from interface/web/admin/lib/lang/fi_login_as.lng rename to interface/web/login/lib/lang/fi_login_as.lng diff --git a/interface/web/admin/lib/lang/fr_login_as.lng b/interface/web/login/lib/lang/fr_login_as.lng similarity index 100% rename from interface/web/admin/lib/lang/fr_login_as.lng rename to interface/web/login/lib/lang/fr_login_as.lng diff --git a/interface/web/admin/lib/lang/hr_login_as.lng b/interface/web/login/lib/lang/hr_login_as.lng similarity index 100% rename from interface/web/admin/lib/lang/hr_login_as.lng rename to interface/web/login/lib/lang/hr_login_as.lng diff --git a/interface/web/admin/lib/lang/hu_login_as.lng b/interface/web/login/lib/lang/hu_login_as.lng similarity index 100% rename from interface/web/admin/lib/lang/hu_login_as.lng rename to interface/web/login/lib/lang/hu_login_as.lng diff --git a/interface/web/admin/lib/lang/id_login_as.lng b/interface/web/login/lib/lang/id_login_as.lng similarity index 100% rename from interface/web/admin/lib/lang/id_login_as.lng rename to interface/web/login/lib/lang/id_login_as.lng diff --git a/interface/web/admin/lib/lang/it_login_as.lng b/interface/web/login/lib/lang/it_login_as.lng similarity index 100% rename from interface/web/admin/lib/lang/it_login_as.lng rename to interface/web/login/lib/lang/it_login_as.lng diff --git a/interface/web/admin/lib/lang/ja_login_as.lng b/interface/web/login/lib/lang/ja_login_as.lng similarity index 100% rename from interface/web/admin/lib/lang/ja_login_as.lng rename to interface/web/login/lib/lang/ja_login_as.lng diff --git a/interface/web/admin/lib/lang/nl_login_as.lng b/interface/web/login/lib/lang/nl_login_as.lng similarity index 100% rename from interface/web/admin/lib/lang/nl_login_as.lng rename to interface/web/login/lib/lang/nl_login_as.lng diff --git a/interface/web/admin/lib/lang/pl_login_as.lng b/interface/web/login/lib/lang/pl_login_as.lng similarity index 100% rename from interface/web/admin/lib/lang/pl_login_as.lng rename to interface/web/login/lib/lang/pl_login_as.lng diff --git a/interface/web/admin/lib/lang/pt_login_as.lng b/interface/web/login/lib/lang/pt_login_as.lng similarity index 100% rename from interface/web/admin/lib/lang/pt_login_as.lng rename to interface/web/login/lib/lang/pt_login_as.lng diff --git a/interface/web/admin/lib/lang/ro_login_as.lng b/interface/web/login/lib/lang/ro_login_as.lng similarity index 100% rename from interface/web/admin/lib/lang/ro_login_as.lng rename to interface/web/login/lib/lang/ro_login_as.lng diff --git a/interface/web/admin/lib/lang/ru_login_as.lng b/interface/web/login/lib/lang/ru_login_as.lng similarity index 100% rename from interface/web/admin/lib/lang/ru_login_as.lng rename to interface/web/login/lib/lang/ru_login_as.lng diff --git a/interface/web/admin/lib/lang/se_login_as.lng b/interface/web/login/lib/lang/se_login_as.lng similarity index 100% rename from interface/web/admin/lib/lang/se_login_as.lng rename to interface/web/login/lib/lang/se_login_as.lng diff --git a/interface/web/admin/lib/lang/sk_login_as.lng b/interface/web/login/lib/lang/sk_login_as.lng similarity index 100% rename from interface/web/admin/lib/lang/sk_login_as.lng rename to interface/web/login/lib/lang/sk_login_as.lng diff --git a/interface/web/admin/lib/lang/tr_login_as.lng b/interface/web/login/lib/lang/tr_login_as.lng similarity index 100% rename from interface/web/admin/lib/lang/tr_login_as.lng rename to interface/web/login/lib/lang/tr_login_as.lng diff --git a/interface/web/admin/login_as.php b/interface/web/login/login_as.php similarity index 75% rename from interface/web/admin/login_as.php rename to interface/web/login/login_as.php index 3d0fbf865..ed2dc9e9d 100644 --- a/interface/web/admin/login_as.php +++ b/interface/web/login/login_as.php @@ -31,11 +31,13 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. require_once '../../lib/config.inc.php'; require_once '../../lib/app.inc.php'; -/* Check permissions for module */ -$app->auth->check_module_permissions('admin'); +/* check if the user is logged in */ +if(!isset($_SESSION['s']['user'])) { + die ("You have to be logged in to login as other user!"); +} -/* for security reasons ONLY the admin can login as other user */ -if ($_SESSION["s"]["user"]["typ"] != 'admin') { +/* for security reasons ONLY the admin or a reseller can login as other user */ +if ($_SESSION["s"]["user"]["typ"] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) { die ("You don't have the right to login as other user!"); } @@ -45,13 +47,26 @@ if (!isset($_GET['id']) && !isset($_GET['cid'])){ } if(isset($_GET['id'])) { + if($_SESSION["s"]["user"]["typ"] != 'admin') { + die ("You don't have the right to login as system user!"); + } $userId = $app->functions->intval($_GET['id']); $backlink = 'admin/users_list.php'; } else { $client_id = $app->functions->intval($_GET['cid']); - $tmp_client = $app->db->queryOneRecord("SELECT username FROM client WHERE client_id = $client_id"); + $tmp_client = $app->db->queryOneRecord("SELECT username, parent_client_id FROM client WHERE client_id = $client_id"); $tmp_sys_user = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE username = '".$app->db->quote($tmp_client['username'])."'"); $userId = $app->functions->intval($tmp_sys_user['userid']); + /* check if this client belongs to reseller that tries to log in, if we are not admin */ + if($_SESSION["s"]["user"]["typ"] != 'admin') { + $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]); + $client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id"); + if(!$client || $tmp_client["parent_client_id"] != $client["client_id"]) { + die("You don't have the right to login as this user!"); + } + unset($client); + } + unset($tmp_client); unset($tmp_sys_user); $backlink = 'client/client_list.php'; diff --git a/interface/web/login/logout.php b/interface/web/login/logout.php index b2b1ac248..5e796290f 100644 --- a/interface/web/login/logout.php +++ b/interface/web/login/logout.php @@ -40,11 +40,12 @@ if (isset($_GET['l']) && ($_GET['l']== 1)) $forceLogout = true; * if the admin is logged in as client, then ask, if the admin want't to * "re-login" as admin again */ -if ((isset($_SESSION['s_old']) && ($_SESSION['s_old']['user']['typ'] == 'admin')) && +if ((isset($_SESSION['s_old']) && ($_SESSION['s_old']['user']['typ'] == 'admin' || $app->auth->has_clients($_SESSION['s_old']['user']['userid']))) && (!$forceLogout)){ + $utype = ($_SESSION['s_old']['user']['typ'] == 'admin' ? 'admin' : 'reseller'); echo '



- Do you want to re-login as admin or log out?
+ Do you want to re-login as ' . $utype . ' or log out?
@@ -52,7 +53,7 @@ if ((isset($_SESSION['s_old']) && ($_SESSION['s_old']['user']['typ'] == 'admin')
- +
'; -- GitLab