kienan
/
AlternC
mirror of https://github.com/kienanstewart/AlternC.git
1
0
Fork 0
Code Issues Releases Wiki Activity

reecriture complete ET SECURISEE ... de adm_login.php pour pouvoir aller et venir entre compte admin et pas admin

This commit is contained in:
Benjamin Sonntag 2011-03-27 18:57:09 +00:00
parent bcd8212d5a
commit b9de132a88
1 changed files with 40 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
bureau/admin/adm_login.php
View File

@ -29,29 +29,47 @@
*/ */
require_once("../class/config.php"); require_once("../class/config.php");
// If we just want to return to our previous session /*
$oldid=intval($_COOKIE['oldid']); We come into this page in two situations :
if ($oldid) { * with a user id to go to (we check the current account is admin and is allowed to connect to this account)
* with no parameter when the admin want to go back to his admin account.
*/
// * with no parameter when the admin want to go back to his admin account.
if (!$_REQUEST["id"] && $_COOKIE["oldid"]) {
// We check the cookie's value :
list($newuid,$passcheck)=explode("/",$_COOKIE["oldid"]);
$newuid=intval($newuid);
if (!$newuid) {
$error=_("Your authentication information are incorrect");
include("index.php");
exit();
}
$admin->enabled=true;
$r=$admin->get($newuid);
if ($passcheck!=md5($r["pass"])) {
$error=_("Your authentication information are incorrect");
include("index.php");
exit();
}
// Ok, so we remove the cookie :
setcookie('oldid','',0,'/'); setcookie('oldid','',0,'/');
unset($_COOKIE['oldid']); unset($_COOKIE['oldid']);
$db->query("select lastip from membres where uid='$oldid';"); // And we go back to the former administrator account :
$db->next_record(); if (!$mem->setid($newuid)) {
if ($db->f("lastip") != getenv("REMOTE_ADDR") ) {
die('Error : bad IP address');
}
if (!$mem->setid($oldid)) {
$oldid=null;
$error=$err->errstr(); $error=$err->errstr();
include("index.php"); include("index.php");
exit(); exit();
} }
$oldid=null;
include_once("adm_list.php"); include_once("adm_list.php");
exit(); exit();
} }
// * with a user id to go to (we check the current account is admin and is allowed to connect to this account)
if (!$admin->enabled) { if (!$admin->enabled) {
__("This page is restricted to authorized staff"); __("This page is restricted to authorized staff");
exit(); exit();
@ -62,8 +80,8 @@ $fields = array (
); );
getFields($fields); getFields($fields);
// Depending on subadmin_restriction, a subadmin can (or cannot) connect to account he didn't create
$subadmin=variable_get("subadmin_restriction"); $subadmin=variable_get("subadmin_restriction");
if ($subadmin==0 && !$admin->checkcreator($id)) { if ($subadmin==0 && !$admin->checkcreator($id)) {
__("This page is restricted to authorized staff"); __("This page is restricted to authorized staff");
exit(); exit();
@ -72,19 +90,21 @@ if ($subadmin==0 && !$admin->checkcreator($id)) {
if (!$r=$admin->get($id)) { if (!$r=$admin->get($id)) {
$error=$err->errstr(); $error=$err->errstr();
} else { } else {
setcookie('oldid',$cuid,0,'/'); $oldid=$cuid."/".md5($mem->user["pass"]);
$_COOKIE['oldid']=$cuid; setcookie('oldid',$oldid,0,'/');
$_COOKIE['oldid']=$oldid;
if (!$mem->setid($id)) { if (!$mem->setid($id)) {
$error=$err->errstr(); $error=$err->errstr();
include("index.php"); include("index.php");
exit(); exit();
} }
// Now we are the other user :)
include_once("main.php"); include_once("main.php");
exit(); exit();
} }
// If there were an error, let's show it :
include_once("head.php"); include_once("head.php");
?> ?>
@ -96,5 +116,7 @@ if ($error) {
include_once("foot.php"); include_once("foot.php");
exit(); exit();
} }
?>
<?php include_once("foot.php"); ?> include_once("foot.php");
?>