Alternc  latest
Alternc logiel libre pour l'hébergement
adm_login.php
Go to the documentation of this file.
1 <?php
2 /*
3  ----------------------------------------------------------------------
4  LICENSE
5 
6  This program is free software; you can redistribute it and/or
7  modify it under the terms of the GNU General Public License (GPL)
8  as published by the Free Software Foundation; either version 2
9  of the License, or (at your option) any later version.
10 
11  This program is distributed in the hope that it will be useful,
12  but WITHOUT ANY WARRANTY; without even the implied warranty of
13  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14  GNU General Public License for more details.
15 
16  To read the license please visit http://www.gnu.org/copyleft/gpl.html
17  ----------------------------------------------------------------------
18 */
19 
20 /**
21  * Any ADMIN account can impersonate to any other account by using this page.
22  *
23  * @copyright AlternC-Team 2000-2017 https://alternc.com/
24  */
25 
26 require_once("../class/config.php");
27 
28 /*
29  We come into this page in two situations :
30  * with a user id to go to (we check the current account is admin and is allowed to connect to this account)
31  * with no parameter when the admin want to go back to his admin account.
32  */
33 
34 $fields = array (
35  "id" => array ("get", "integer", ""),
36 );
38 
39 // * with no parameter when the admin want to go back to his admin account.
40 if ( empty($id) && isset($_COOKIE["oldid"]) && !empty($_COOKIE["oldid"])) {
41  // We check the cookie's value :
42  list($newuid,$passcheck)=explode("/",$_COOKIE["oldid"]);
43  $newuid=intval($newuid);
44  if (!$newuid) {
45  $msg->raise("ERROR", "admin", _("Your authentication information are incorrect"));
46  include("index.php");
47  exit();
48  }
49  $admin->enabled=true;
50  $r=$admin->get($newuid);
51  if ($passcheck!=md5($r["pass"])) {
52  $msg->raise("INFO", "admin", _("Your authentication information are incorrect"));
53  include("index.php");
54  exit();
55  }
56 
57  // Ok, so we remove the cookie :
58  setcookie('oldid','',0,'/');
59  unset($_COOKIE['oldid']);
60 
61  // And we go back to the former administrator account :
62  if (!$mem->setid($newuid)) {
63  include("index.php");
64  exit();
65  }
66 
67  include_once("adm_list.php");
68  exit();
69 }
70 
71 
72 // * with a user id to go to (we check the current account is admin and is allowed to connect to this account)
73 if (!$admin->enabled) {
74  $msg->raise("ERROR", "admin", _("This page is restricted to authorized staff"));
75  echo $msg->msg_html_all();
76  exit();
77 }
78 
79 // Depending on subadmin_restriction, a subadmin can (or cannot) connect to account he didn't create
80 $subadmin=variable_get("subadmin_restriction");
81 if ($subadmin==0 && !$admin->checkcreator($id)) {
82  $msg->raise("ERROR", "admin", _("This page is restricted to authorized staff"));
83  echo $msg->msg_html_all();
84  exit();
85 }
86 
87 if ($r=$admin->get($id)) {
88  $oldid=$cuid."/".md5($mem->user["pass"]);
89  setcookie('oldid',$oldid,0,'/');
90  $_COOKIE['oldid']=$oldid;
91 
92  if (!$mem->setid($id)) {
93  include("index.php");
94  exit();
95  }
96  // Now we are the other user :)
97  include_once("main.php");
98  exit();
99 }
100 
101 // If there were an error, let's show it :
102 include_once("head.php");
103 
104 ?>
105 <h3><?php __("Member login"); ?></h3>
106 <?php
107 echo $msg->msg_html_all();
108 
109 include_once("foot.php");
110 ?>
exit
Definition: adm_doadd.php:70
if(empty($id) &&isset($_COOKIE["oldid"]) &&!empty($_COOKIE["oldid"])) if(! $admin->enabled) $subadmin
Definition: adm_login.php:80
$fields
Any ADMIN account can impersonate to any other account by using this page.
Definition: adm_login.php:34
$mem
Definition: bootstrap.php:71
$msg
Definition: bootstrap.php:75
$cuid
Definition: bootstrap.php:43
$r
Definition: aws_add.php:75
variable_get($name, $default=null, $createit_comment=null)
Return a persistent variable.
Definition: variables.php:85
if(count($_POST) &&!defined("NOCSRF")) if(!defined('NOCHECK')) for($i=0; $i< count($classes); $i++) $oldid
Definition: config.php:203
__($str)
Definition: functions.php:404
getFields($fields, $requestOnly=false)
Get the Fields of the posted form from $_REQUEST or POST or GET and check their type.
Definition: functions.php:688
if(!isset($is_include)) if(! $key &&! $crt) $id