Alternc  3.2
Alternc logiel libre pour l'h├ębergement
 All Data Structures Namespaces Files Functions Variables Pages
adm_login.php
Go to the documentation of this file.
1 <?php
2 /*
3  $Id: adm_login.php,v 1.4 2005/04/01 17:13:10 benjamin Exp $
4  ----------------------------------------------------------------------
5  AlternC - Web Hosting System
6  Copyright (C) 2002 by the AlternC Development Team.
7  http://alternc.org/
8  ----------------------------------------------------------------------
9  Based on:
10  Valentin Lacambre's web hosting softwares: http://altern.org/
11  ----------------------------------------------------------------------
12  LICENSE
13 
14  This program is free software; you can redistribute it and/or
15  modify it under the terms of the GNU General Public License (GPL)
16  as published by the Free Software Foundation; either version 2
17  of the License, or (at your option) any later version.
18 
19  This program is distributed in the hope that it will be useful,
20  but WITHOUT ANY WARRANTY; without even the implied warranty of
21  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22  GNU General Public License for more details.
23 
24  To read the license please visit http://www.gnu.org/copyleft/gpl.html
25  ----------------------------------------------------------------------
26  Original Author of file: Benjamin Sonntag
27  Purpose of file: Connect a super-user to another account
28  ----------------------------------------------------------------------
29 */
30 require_once("../class/config.php");
31 
32 /*
33  We come into this page in two situations :
34  * with a user id to go to (we check the current account is admin and is allowed to connect to this account)
35  * with no parameter when the admin want to go back to his admin account.
36  */
37 
38 $fields = array (
39  "id" => array ("request", "integer", ""),
40 );
42 
43 // * with no parameter when the admin want to go back to his admin account.
44 if ( empty($id) && isset($_COOKIE["oldid"]) && !empty($_COOKIE["oldid"])) {
45  // We check the cookie's value :
46  list($newuid,$passcheck)=explode("/",$_COOKIE["oldid"]);
47  $newuid=intval($newuid);
48  if (!$newuid) {
49  $error=_("Your authentication information are incorrect");
50  include("index.php");
51  exit();
52  }
53  $admin->enabled=true;
54  $r=$admin->get($newuid);
55  if ($passcheck!=md5($r["pass"])) {
56  $error=_("Your authentication information are incorrect");
57  include("index.php");
58  exit();
59  }
60 
61  if ($r['lastip'] != get_remote_ip() ) {
62  $error=_("Your IP is incorrect.");
63  include("index.php");
64  exit();
65  }
66  // FIXME we should add a peremption date on the cookie
67 
68  // Ok, so we remove the cookie :
69  setcookie('oldid','',0,'/');
70  unset($_COOKIE['oldid']);
71 
72  // And we go back to the former administrator account :
73  if (!$mem->setid($newuid)) {
74  $error=$err->errstr();
75  include("index.php");
76  exit();
77  }
78 
79  include_once("adm_list.php");
80  exit();
81 }
82 
83 
84 // * with a user id to go to (we check the current account is admin and is allowed to connect to this account)
85 if (!$admin->enabled) {
86  __("This page is restricted to authorized staff");
87  exit();
88 }
89 
90 // Depending on subadmin_restriction, a subadmin can (or cannot) connect to account he didn't create
91 $subadmin=variable_get("subadmin_restriction");
92 if ($subadmin==0 && !$admin->checkcreator($id)) {
93  __("This page is restricted to authorized staff");
94  exit();
95 }
96 
97 if (!$r=$admin->get($id)) {
98  $error=$err->errstr();
99 } else {
100  $oldid=$cuid."/".md5($mem->user["pass"]);
101  setcookie('oldid',$oldid,0,'/');
102  $_COOKIE['oldid']=$oldid;
103 
104  if (!$mem->setid($id)) {
105  $error=$err->errstr();
106  include("index.php");
107  exit();
108  }
109  // Now we are the other user :)
110  include_once("main.php");
111  exit();
112 }
113 
114 // If there were an error, let's show it :
115 include_once("head.php");
116 
117 ?>
118 <h3><?php __("Member login"); ?></h3>
119 <?php
120 
121 if (isset($error) && $error) {
122  echo "<p class=\"alert alert-danger\">$error</p>";
123 }
124 include_once("foot.php");
125 ?>