Skip to content

Commit c6f36f0

Browse files
author
Marius Cramer
committed
Implemented FS#2531 - switch from a reseller to a client
1 parent e6e9e77 commit c6f36f0

28 files changed

+72
-16
lines changed

interface/web/client/templates/clients_list.htm

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -52,7 +52,9 @@ <h2><tmpl_var name="list_head_txt"></h2>
5252
<td class="tbl_col_country"><a href="#" onclick="loadContent('client/client_edit.php?id={tmpl_var name='id'}');"><div class="country-{tmpl_var name="countryiso"}" style="float:left"></div>{tmpl_var name="country"}</a></td>
5353
<td class="tbl_col_buttons">
5454
<tmpl_if name="is_admin">
55-
<a class="button icons16 icoLoginAs" href="javascript: loadContent('admin/login_as.php?cid={tmpl_var name='id'}');"><span>{tmpl_var name='login_as_txt'}</span></a>
55+
<a class="button icons16 icoLoginAs" href="javascript: loadContent('login/login_as.php?cid={tmpl_var name='id'}');"><span>{tmpl_var name='login_as_txt'}</span></a>
56+
<tmpl_elseif name="is_reseller">
57+
<a class="button icons16 icoLoginAs" href="javascript: loadContent('login/login_as.php?cid={tmpl_var name='id'}');"><span>{tmpl_var name='login_as_txt'}</span></a>
5658
</tmpl_if>
5759
<a class="button icons16 icoDelete" href="javascript: del_record('client/client_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span>{tmpl_var name='delete_txt'}</span></a>
5860
</td>

interface/web/client/templates/resellers_list.htm

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -51,7 +51,7 @@ <h2><tmpl_var name="list_head_txt"></h2>
5151
<td class="tbl_col_city"><a href="#" onclick="loadContent('client/reseller_edit.php?id={tmpl_var name='id'}');">{tmpl_var name="city"}</a></td>
5252
<td class="tbl_col_country"><a href="#" onclick="loadContent('client/reseller_edit.php?id={tmpl_var name='id'}');"><div class="country-{tmpl_var name="countryiso"}" style="float:left"></div>{tmpl_var name="country"}</a></td>
5353
<td class="tbl_col_buttons">
54-
<a class="button icons16 icoLoginAs" href="javascript: loadContent('admin/login_as.php?cid={tmpl_var name='id'}');"><span>{tmpl_var name='login_as_txt'}</span></a>
54+
<a class="button icons16 icoLoginAs" href="javascript: loadContent('login/login_as.php?cid={tmpl_var name='id'}');"><span>{tmpl_var name='login_as_txt'}</span></a>
5555
<a class="button icons16 icoDelete" href="javascript: del_record('client/reseller_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span>{tmpl_var name='delete_txt'}</span></a>
5656
</td>
5757
</tr>

interface/web/login/index.php

Lines changed: 44 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -85,21 +85,59 @@ public function render() {
8585
*/
8686
if (isset($_SESSION['s']['user']) && $_SESSION['s']['user']['active'] == 1){
8787
/*
88-
* only the admin can "login as" so if the user is NOT a admin, we
88+
* only the admin or reseller can "login as" so if the user is NOT an admin or reseller, we
8989
* open the startpage (after killing the old session), so the user
9090
* is logout and has to start again!
9191
*/
92-
if ($_SESSION['s']['user']['typ'] != 'admin') {
92+
if ($_SESSION['s']['user']['typ'] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) {
9393
/*
94-
* The actual user is NOT a admin, but maybe the admin
95-
* has logged in as "normal" user bevore...
94+
* The actual user is NOT a admin or reseller, but maybe he
95+
* has logged in as "normal" user before...
9696
*/
97-
if (isset($_SESSION['s_old'])&& ($_SESSION['s_old']['user']['typ'] == 'admin')){
98-
/* The "old" user is admin, so everything is ok */
97+
98+
if (isset($_SESSION['s_old'])&& ($_SESSION['s_old']['user']['typ'] == 'admin' || $app->auth->has_clients($_SESSION['s_old']['user']['userid']))){
99+
/* The "old" user is admin or reseller, so everything is ok
100+
* if he is reseller, we need to check if he logs in to one of his clients
101+
*/
102+
if($_SESSION['s_old']['user']['typ'] != 'admin') {
103+
104+
/* this is the one currently logged in (normal user) */
105+
$old_client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
106+
$old_client = $app->db->queryOneRecord("SELECT client.client_id, client.parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $old_client_group_id");
107+
108+
/* this is the reseller, that shall be re-logged in */
109+
$sql = "SELECT * FROM sys_user WHERE USERNAME = '$username' and PASSWORT = '". $passwort. "'";
110+
$tmp = $app->db->queryOneRecord($sql);
111+
$client_group_id = $app->functions->intval($tmp['default_group']);
112+
$tmp_client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
113+
114+
if(!$tmp_client || $old_client["parent_client_id"] != $tmp_client["client_id"] || $tmp["default_group"] != $_SESSION["s_old"]["user"]["default_group"] ) {
115+
die("You don't have the right to 'login as' this user!");
116+
}
117+
unset($old_client);
118+
unset($tmp_client);
119+
unset($tmp);
120+
}
99121
}
100122
else {
101123
die("You don't have the right to 'login as'!");
102124
}
125+
} elseif($_SESSION['s']['user']['typ'] != 'admin') {
126+
/* a reseller wants to 'login as', we need to check if he is allowed to */
127+
$res_client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
128+
$res_client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $res_client_group_id");
129+
130+
/* this is the user the reseller wants to 'login as' */
131+
$sql = "SELECT * FROM sys_user WHERE USERNAME = '$username' and PASSWORT = '". $passwort. "'";
132+
$tmp = $app->db->queryOneRecord($sql);
133+
$tmp_client = $app->db->queryOneRecord("SELECT client.client_id, client.parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = " . $app->functions->intval($tmp["default_group"]));
134+
135+
if(!$tmp || $tmp_client["parent_client_id"] != $res_client["client_id"]) {
136+
die("You don't have the right to login as this user!");
137+
}
138+
unset($res_client);
139+
unset($tmp);
140+
unset($tmp_client);
103141
}
104142
$loginAs = true;
105143
}

interface/web/admin/lib/lang/ar_login_as.lng renamed to interface/web/login/lib/lang/ar_login_as.lng

File renamed without changes.

interface/web/admin/lib/lang/bg_login_as.lng renamed to interface/web/login/lib/lang/bg_login_as.lng

File renamed without changes.

interface/web/admin/lib/lang/br_login_as.lng renamed to interface/web/login/lib/lang/br_login_as.lng

File renamed without changes.

interface/web/admin/lib/lang/cz_login_as.lng renamed to interface/web/login/lib/lang/cz_login_as.lng

File renamed without changes.

interface/web/admin/lib/lang/de_login_as.lng renamed to interface/web/login/lib/lang/de_login_as.lng

File renamed without changes.

interface/web/admin/lib/lang/el_login_as.lng renamed to interface/web/login/lib/lang/el_login_as.lng

File renamed without changes.

interface/web/admin/lib/lang/en_login_as.lng renamed to interface/web/login/lib/lang/en_login_as.lng

File renamed without changes.

0 commit comments

Comments
 (0)