Changeset 2910


Ignore:
Timestamp:
03/27/11 20:57:09 (2 years ago)
Author:
benjamin
Message:

reecriture complete ET SECURISEE ... de adm_login.php pour pouvoir aller et venir entre compte admin et pas admin

File:
1 edited

Legend:

Unmodified
Added
Removed

  • alternc/trunk/bureau/admin/adm_login.php

    r2900 r2910  
    3030require_once("../class/config.php"); 
    3131 
    32 // If we just want to return to our previous session 
    33 $oldid=intval($_COOKIE['oldid']); 
    34 if ($oldid) { 
     32/* 
     33 We come into this page in two situations :  
     34 * with a user id to go to (we check the current account is admin and is allowed to connect to this account) 
     35 * with no parameter when the admin want to go back to his admin account. 
     36 */ 
     37 
     38 
     39// * with no parameter when the admin want to go back to his admin account.   
     40if (!$_REQUEST["id"] && $_COOKIE["oldid"]) { 
     41  // We check the cookie's value :  
     42  list($newuid,$passcheck)=explode("/",$_COOKIE["oldid"]); 
     43  $newuid=intval($newuid);  
     44  if (!$newuid) { 
     45    $error=_("Your authentication information are incorrect"); 
     46    include("index.php"); 
     47    exit(); 
     48  } 
     49  $admin->enabled=true; 
     50  $r=$admin->get($newuid); 
     51  if ($passcheck!=md5($r["pass"])) { 
     52    $error=_("Your authentication information are incorrect"); 
     53    include("index.php"); 
     54    exit(); 
     55  } 
     56 
     57  // Ok, so we remove the cookie :  
    3558  setcookie('oldid','',0,'/'); 
    3659  unset($_COOKIE['oldid']); 
    3760 
    38   $db->query("select lastip from membres where uid='$oldid';"); 
    39   $db->next_record(); 
    40   if ($db->f("lastip") != getenv("REMOTE_ADDR") ) { 
    41     die('Error : bad IP address'); 
    42   } 
    43  
    44   if (!$mem->setid($oldid)) { 
    45     $oldid=null; 
     61  // And we go back to the former administrator account :  
     62  if (!$mem->setid($newuid)) { 
    4663    $error=$err->errstr(); 
    4764    include("index.php"); 
    4865    exit(); 
    4966  } 
    50   $oldid=null; 
    5167  include_once("adm_list.php"); 
    5268  exit(); 
    5369} 
    5470 
     71 
     72//  * with a user id to go to (we check the current account is admin and is allowed to connect to this account)  
    5573if (!$admin->enabled) { 
    5674  __("This page is restricted to authorized staff"); 
     
    6381getFields($fields); 
    6482 
     83// Depending on subadmin_restriction, a subadmin can (or cannot) connect to account he didn't create 
    6584$subadmin=variable_get("subadmin_restriction"); 
    66  
    6785if ($subadmin==0 && !$admin->checkcreator($id)) { 
    6886  __("This page is restricted to authorized staff"); 
     
    7391  $error=$err->errstr(); 
    7492} else { 
    75   setcookie('oldid',$cuid,0,'/'); 
    76   $_COOKIE['oldid']=$cuid; 
     93  $oldid=$cuid."/".md5($mem->user["pass"]); 
     94  setcookie('oldid',$oldid,0,'/'); 
     95  $_COOKIE['oldid']=$oldid; 
    7796 
    7897  if (!$mem->setid($id)) { 
     
    81100    exit(); 
    82101  } 
    83    
     102  // Now we are the other user :)  
    84103  include_once("main.php"); 
    85104  exit(); 
    86105} 
    87106 
     107// If there were an error, let's show it : 
    88108include_once("head.php"); 
    89109 
     
    97117  exit(); 
    98118} 
     119 
     120 include_once("foot.php");  
     121 
    99122?> 
    100 <?php include_once("foot.php"); ?> 
Note: See TracChangeset for help on using the changeset viewer.