AlternC/bureau/admin/adm_login.php

111 lines
3.1 KiB
PHP

<?php
/*
----------------------------------------------------------------------
LICENSE
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License (GPL)
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
To read the license please visit http://www.gnu.org/copyleft/gpl.html
----------------------------------------------------------------------
*/
/**
* Any ADMIN account can impersonate to any other account by using this page.
*
* @copyright AlternC-Team 2000-2017 https://alternc.com/
*/
require_once("../class/config.php");
/*
We come into this page in two situations :
* with a user id to go to (we check the current account is admin and is allowed to connect to this account)
* with no parameter when the admin want to go back to his admin account.
*/
$fields = array (
"id" => array ("get", "integer", ""),
);
getFields($fields);
// * with no parameter when the admin want to go back to his admin account.
if ( empty($id) && isset($_COOKIE["oldid"]) && !empty($_COOKIE["oldid"])) {
// We check the cookie's value :
list($newuid,$passcheck)=explode("/",$_COOKIE["oldid"]);
$newuid=intval($newuid);
if (!$newuid) {
$msg->raise("ERROR", "admin", _("Your authentication information are incorrect"));
include("index.php");
exit();
}
$admin->enabled=true;
$r=$admin->get($newuid);
if ($passcheck!=md5($r["pass"])) {
$msg->raise("INFO", "admin", _("Your authentication information are incorrect"));
include("index.php");
exit();
}
// Ok, so we remove the cookie :
setcookie('oldid','',0,'/');
unset($_COOKIE['oldid']);
// And we go back to the former administrator account :
if (!$mem->setid($newuid)) {
include("index.php");
exit();
}
include_once("adm_list.php");
exit();
}
// * with a user id to go to (we check the current account is admin and is allowed to connect to this account)
if (!$admin->enabled) {
$msg->raise("ERROR", "admin", _("This page is restricted to authorized staff"));
echo $msg->msg_html_all();
exit();
}
// Depending on subadmin_restriction, a subadmin can (or cannot) connect to account he didn't create
$subadmin=variable_get("subadmin_restriction");
if ($subadmin==0 && !$admin->checkcreator($id)) {
$msg->raise("ERROR", "admin", _("This page is restricted to authorized staff"));
echo $msg->msg_html_all();
exit();
}
if ($r=$admin->get($id)) {
$oldid=$cuid."/".md5($mem->user["pass"]);
setcookie('oldid',$oldid,0,'/');
$_COOKIE['oldid']=$oldid;
if (!$mem->setid($id)) {
include("index.php");
exit();
}
// Now we are the other user :)
include_once("main.php");
exit();
}
// If there were an error, let's show it :
include_once("head.php");
?>
<h3><?php __("Member login"); ?></h3>
<?php
echo $msg->msg_html_all();
include_once("foot.php");
?>