Skip to content

Commit a8ec0a1

Browse files
mladenbmladenb
committed
Refactor process_login_request 5: Extract method is_login_as().
1 parent 32a8e56 commit a8ec0a1

File tree

1 file changed

+75
-64
lines changed

1 file changed

+75
-64
lines changed

interface/web/login/index.php

Lines changed: 75 additions & 64 deletions
Original file line numberDiff line numberDiff line change
@@ -83,70 +83,7 @@ function process_login_request(app $app, &$error, $conf, $module)
8383
return;
8484
}
8585

86-
/*
87-
* Check, if there is a "login as" instead of a "normal" login
88-
*/
89-
if (isset($_SESSION['s']['user']) && $_SESSION['s']['user']['active'] == 1) {
90-
/*
91-
* only the admin or reseller can "login as" so if the user is NOT an admin or reseller, we
92-
* open the startpage (after killing the old session), so the user
93-
* is logout and has to start again!
94-
*/
95-
if ($_SESSION['s']['user']['typ'] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) {
96-
/*
97-
* The actual user is NOT a admin or reseller, but maybe he
98-
* has logged in as "normal" user before...
99-
*/
100-
101-
if (isset($_SESSION['s_old']) && ($_SESSION['s_old']['user']['typ'] == 'admin' || $app->auth->has_clients($_SESSION['s_old']['user']['userid']))) {
102-
/* The "old" user is admin or reseller, so everything is ok
103-
* if he is reseller, we need to check if he logs in to one of his clients
104-
*/
105-
if ($_SESSION['s_old']['user']['typ'] != 'admin') {
106-
107-
/* this is the one currently logged in (normal user) */
108-
$old_client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
109-
$old_client = $app->db->queryOneRecord("SELECT client.client_id, client.parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $old_client_group_id);
110-
111-
/* this is the reseller, that shall be re-logged in */
112-
$sql = "SELECT * FROM sys_user WHERE USERNAME = ? and PASSWORT = ?";
113-
$tmp = $app->db->queryOneRecord($sql, (string)$username, (string)$password);
114-
$client_group_id = $app->functions->intval($tmp['default_group']);
115-
$tmp_client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
116-
117-
if (!$tmp_client || $old_client["parent_client_id"] != $tmp_client["client_id"] || $tmp["default_group"] != $_SESSION["s_old"]["user"]["default_group"]) {
118-
die("You don't have the right to 'login as' this user!");
119-
}
120-
unset($old_client);
121-
unset($tmp_client);
122-
unset($tmp);
123-
}
124-
} else {
125-
die("You don't have the right to 'login as'!");
126-
}
127-
} elseif ($_SESSION['s']['user']['typ'] != 'admin' && (!isset($_SESSION['s_old']['user']) || $_SESSION['s_old']['user']['typ'] != 'admin')) {
128-
/* a reseller wants to 'login as', we need to check if he is allowed to */
129-
$res_client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
130-
$res_client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $res_client_group_id);
131-
132-
/* this is the user the reseller wants to 'login as' */
133-
$sql = "SELECT * FROM sys_user WHERE USERNAME = ? and PASSWORT = ?";
134-
$tmp = $app->db->queryOneRecord($sql, (string)$username, (string)$password);
135-
$tmp_client = $app->db->queryOneRecord("SELECT client.client_id, client.parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $tmp["default_group"]);
136-
137-
if (!$tmp || $tmp_client["parent_client_id"] != $res_client["client_id"]) {
138-
die("You don't have the right to login as this user!");
139-
}
140-
unset($res_client);
141-
unset($tmp);
142-
unset($tmp_client);
143-
}
144-
$loginAs = true;
145-
146-
} else {
147-
/* normal login */
148-
$loginAs = false;
149-
}
86+
$loginAs = is_login_as($app, $username, $password);
15087

15188
//* Check if there are already wrong logins
15289
$sql = "SELECT * FROM `attempts_login` WHERE `ip`= ? AND `login_time` > (NOW() - INTERVAL 1 MINUTE) LIMIT 1";
@@ -312,6 +249,80 @@ function process_login_request(app $app, &$error, $conf, $module)
312249
}
313250
}
314251

252+
/**
253+
* Checks if there is a "login as" instead of a "normal" login
254+
* @param app $app
255+
* @param $username
256+
* @param $password
257+
* @return bool
258+
*/
259+
function is_login_as(app $app, $username, $password)
260+
{
261+
if (isset($_SESSION['s']['user']) && $_SESSION['s']['user']['active'] == 1) {
262+
/*
263+
* only the admin or reseller can "login as" so if the user is NOT an admin or reseller, we
264+
* open the startpage (after killing the old session), so the user
265+
* is logout and has to start again!
266+
*/
267+
if ($_SESSION['s']['user']['typ'] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) {
268+
/*
269+
* The actual user is NOT a admin or reseller, but maybe he
270+
* has logged in as "normal" user before...
271+
*/
272+
273+
if (isset($_SESSION['s_old']) && ($_SESSION['s_old']['user']['typ'] == 'admin' || $app->auth->has_clients($_SESSION['s_old']['user']['userid']))) {
274+
/* The "old" user is admin or reseller, so everything is ok
275+
* if he is reseller, we need to check if he logs in to one of his clients
276+
*/
277+
if ($_SESSION['s_old']['user']['typ'] != 'admin') {
278+
279+
/* this is the one currently logged in (normal user) */
280+
$old_client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
281+
$old_client = $app->db->queryOneRecord("SELECT client.client_id, client.parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $old_client_group_id);
282+
283+
/* this is the reseller, that shall be re-logged in */
284+
$sql = "SELECT * FROM sys_user WHERE USERNAME = ? and PASSWORT = ?";
285+
$tmp = $app->db->queryOneRecord($sql, (string)$username, (string)$password);
286+
$client_group_id = $app->functions->intval($tmp['default_group']);
287+
$tmp_client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
288+
289+
if (!$tmp_client || $old_client["parent_client_id"] != $tmp_client["client_id"] || $tmp["default_group"] != $_SESSION["s_old"]["user"]["default_group"]) {
290+
die("You don't have the right to 'login as' this user!");
291+
}
292+
unset($old_client);
293+
unset($tmp_client);
294+
unset($tmp);
295+
}
296+
} else {
297+
die("You don't have the right to 'login as'!");
298+
}
299+
} elseif ($_SESSION['s']['user']['typ'] != 'admin' && (!isset($_SESSION['s_old']['user']) || $_SESSION['s_old']['user']['typ'] != 'admin')) {
300+
/* a reseller wants to 'login as', we need to check if he is allowed to */
301+
$res_client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
302+
$res_client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $res_client_group_id);
303+
304+
/* this is the user the reseller wants to 'login as' */
305+
$sql = "SELECT * FROM sys_user WHERE USERNAME = ? and PASSWORT = ?";
306+
$tmp = $app->db->queryOneRecord($sql, (string)$username, (string)$password);
307+
$tmp_client = $app->db->queryOneRecord("SELECT client.client_id, client.parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $tmp["default_group"]);
308+
309+
if (!$tmp || $tmp_client["parent_client_id"] != $res_client["client_id"]) {
310+
die("You don't have the right to login as this user!");
311+
}
312+
unset($res_client);
313+
unset($tmp);
314+
unset($tmp_client);
315+
}
316+
$loginAs = true;
317+
318+
} else {
319+
/* normal login */
320+
$loginAs = false;
321+
}
322+
323+
return $loginAs;
324+
}
325+
315326
//* Login Form was sent
316327
if (count($_POST) > 0) {
317328
process_login_request($app, $error, $conf, $module);

0 commit comments

Comments
 (0)