2010-01-20 16:55:27 +00:00
< ? php
/**
2010-01-22 15:03:14 +00:00
* This file is part of the Froxlor project .
2010-01-20 16:55:27 +00:00
* Copyright ( c ) 2003 - 2009 the SysCP Team ( see authors ) .
2010-01-22 15:03:14 +00:00
* Copyright ( c ) 2010 the Froxlor Team ( see authors ) .
2010-01-20 16:55:27 +00:00
*
* For the full copyright and license information , please view the COPYING
* file that was distributed with this source code . You can also view the
2010-01-22 15:03:14 +00:00
* COPYING file online at http :// files . froxlor . org / misc / COPYING . txt
2010-01-20 16:55:27 +00:00
*
* @ copyright ( c ) the authors
2010-01-22 15:03:14 +00:00
* @ author Florian Lippert < flo @ syscp . org > ( 2003 - 2009 )
2010-01-25 10:06:34 +00:00
* @ author Froxlor team < team @ froxlor . org > ( 2010 - )
2010-01-22 15:03:14 +00:00
* @ license GPLv2 http :// files . froxlor . org / misc / COPYING . txt
2010-01-20 16:55:27 +00:00
* @ package Panel
2011-05-04 09:59:20 +00:00
*
2010-01-20 16:55:27 +00:00
*/
define ( 'AREA' , 'login' );
2013-11-18 12:02:59 +00:00
require './lib/init.php' ;
2010-01-20 16:55:27 +00:00
2018-12-19 15:57:03 +00:00
use Froxlor\Database\Database ;
use Froxlor\Settings ;
use Froxlor\FroxlorLogger ;
2018-12-18 12:45:05 +00:00
2013-04-27 07:06:19 +00:00
if ( $action == '' ) {
2010-01-20 16:55:27 +00:00
$action = 'login' ;
}
2018-12-08 11:46:17 +00:00
if ( session_status () == PHP_SESSION_NONE ) {
session_start ();
}
2018-11-30 12:45:17 +00:00
if ( $action == '2fa_entercode' ) {
// page for entering the 2FA code after successful login
if ( ! isset ( $_SESSION ) || ! isset ( $_SESSION [ 'secret_2fa' ])) {
// no session - redirect to index
2018-12-21 10:22:03 +00:00
\Froxlor\UI\Response :: redirectTo ( 'index.php' );
2018-11-30 12:45:17 +00:00
exit ();
}
// show template to enter code
2018-12-21 10:22:03 +00:00
eval ( " echo \" " . \Froxlor\UI\Template :: getTemplate ( '2fa/entercode' , true ) . " \" ; " );
2018-11-30 12:45:17 +00:00
} elseif ( $action == '2fa_verify' ) {
// verify code from 2fa code-enter form
if ( ! isset ( $_SESSION ) || ! isset ( $_SESSION [ 'secret_2fa' ])) {
// no session - redirect to index
2018-12-21 10:22:03 +00:00
\Froxlor\UI\Response :: redirectTo ( 'index.php' );
2018-11-30 12:45:17 +00:00
exit ();
}
$code = isset ( $_POST [ '2fa_code' ]) ? $_POST [ '2fa_code' ] : null ;
// verify entered code
2018-12-19 18:42:50 +00:00
$tfa = new \Froxlor\FroxlorTwoFactorAuth ( 'Froxlor' );
2018-11-30 12:45:17 +00:00
$result = ( $_SESSION [ 'secret_2fa' ] == 'email' ? true : $tfa -> verifyCode ( $_SESSION [ 'secret_2fa' ], $code , 3 ));
// either the code is valid when using authenticator-app, or we will select userdata by id and entered code
// which is temporarily stored for the customer when using email-2fa
if ( $result ) {
// get user-data
$table = $_SESSION [ 'uidtable_2fa' ];
$field = $_SESSION [ 'uidfield_2fa' ];
$uid = $_SESSION [ 'uid_2fa' ];
$isadmin = $_SESSION [ 'unfo_2fa' ];
$sel_param = array (
'uid' => $uid
);
if ( $_SESSION [ 'secret_2fa' ] == 'email' ) {
// verify code by selecting user by id and the temp. stored code,
// so only if it's the correct code, we get the user-data
$sel_stmt = Database :: prepare ( " SELECT * FROM $table WHERE ` " . $field . " ` = :uid AND `data_2fa` = :code " );
$sel_param [ 'code' ] = $code ;
} else {
// Authenticator-verification has already happened at this point, so just get the user-data
$sel_stmt = Database :: prepare ( " SELECT * FROM $table WHERE ` " . $field . " ` = :uid " );
}
2018-12-22 07:15:31 +00:00
$userinfo = Database :: pexecute_first ( $sel_stmt , $sel_param );
2018-11-30 12:45:17 +00:00
// whoops, no (valid) user? Start again
2018-12-22 07:15:31 +00:00
if ( empty ( $userinfo )) {
2018-12-21 10:22:03 +00:00
\Froxlor\UI\Response :: redirectTo ( 'index.php' , array (
2018-11-30 12:45:17 +00:00
'showmessage' => '2'
));
}
2018-12-22 07:15:31 +00:00
// set fields in $userinfo required for finishLogin()
$userinfo [ 'adminsession' ] = $isadmin ;
$userinfo [ 'userid' ] = $uid ;
2018-11-30 12:45:17 +00:00
// if not successful somehow - start again
2018-12-22 07:15:31 +00:00
if ( ! finishLogin ( $userinfo )) {
2018-12-21 10:22:03 +00:00
\Froxlor\UI\Response :: redirectTo ( 'index.php' , array (
2018-11-30 12:45:17 +00:00
'showmessage' => '2'
));
}
// when using email-2fa, remove the one-time-code
2018-12-22 07:15:31 +00:00
if ( $userinfo [ 'type_2fa' ] == '1' ) {
2018-11-30 12:45:17 +00:00
$del_stmt = Database :: prepare ( " UPDATE $table SET `data_2fa` = '' WHERE ` " . $field . " ` = :uid " );
2018-12-22 07:15:31 +00:00
$userinfo = Database :: pexecute_first ( $del_stmt , array (
2018-11-30 12:45:17 +00:00
'uid' => $uid
));
}
exit ();
}
2018-12-21 10:22:03 +00:00
\Froxlor\UI\Response :: redirectTo ( 'index.php' , array (
2018-11-30 12:45:17 +00:00
'showmessage' => '2'
));
exit ();
} elseif ( $action == 'login' ) {
2013-11-04 14:23:52 +00:00
if ( isset ( $_POST [ 'send' ]) && $_POST [ 'send' ] == 'send' ) {
2018-12-21 15:32:44 +00:00
$loginname = \Froxlor\Validate\Validate :: validate ( $_POST [ 'loginname' ], 'loginname' );
$password = \Froxlor\Validate\Validate :: validate ( $_POST [ 'password' ], 'password' );
2013-11-18 12:02:59 +00:00
2013-11-04 14:23:52 +00:00
$stmt = Database :: prepare ( " SELECT `loginname` AS `customer` FROM ` " . TABLE_PANEL_CUSTOMERS . " `
2018-11-30 12:45:17 +00:00
WHERE `loginname` = : loginname " );
Database :: pexecute ( $stmt , array (
" loginname " => $loginname
));
2013-11-04 14:23:52 +00:00
$row = $stmt -> fetch ( PDO :: FETCH_ASSOC );
2013-11-18 12:02:59 +00:00
2021-02-16 11:38:01 +00:00
if ( $row && $row [ 'customer' ] == $loginname ) {
2010-01-26 09:45:57 +00:00
$table = " ` " . TABLE_PANEL_CUSTOMERS . " ` " ;
$uid = 'customerid' ;
$adminsession = '0' ;
$is_admin = false ;
2013-04-27 07:06:19 +00:00
} else {
$is_admin = true ;
2018-11-30 12:45:17 +00:00
if (( int ) Settings :: Get ( 'login.domain_login' ) == 1 ) {
$domainname = $idna_convert -> encode ( preg_replace ( array (
'/\:(\d)+$/' ,
'/^https?\:\/\//'
), '' , $loginname ));
2013-11-04 14:23:52 +00:00
$stmt = Database :: prepare ( " SELECT `customerid` FROM ` " . TABLE_PANEL_DOMAINS . " `
2018-11-30 12:45:17 +00:00
WHERE `domain` = : domain " );
Database :: pexecute ( $stmt , array (
" domain " => $domainname
));
2013-11-04 14:23:52 +00:00
$row2 = $stmt -> fetch ( PDO :: FETCH_ASSOC );
2013-11-18 12:02:59 +00:00
2013-04-27 07:06:19 +00:00
if ( isset ( $row2 [ 'customerid' ]) && $row2 [ 'customerid' ] > 0 ) {
2018-12-23 18:34:32 +00:00
$loginname = \Froxlor\Customer\Customer :: getCustomerDetail ( $row2 [ 'customerid' ], 'loginname' );
2013-04-27 07:06:19 +00:00
if ( $loginname !== false ) {
2013-11-04 14:23:52 +00:00
$stmt = Database :: prepare ( " SELECT `loginname` AS `customer` FROM ` " . TABLE_PANEL_CUSTOMERS . " `
2018-11-30 12:45:17 +00:00
WHERE `loginname` = : loginname " );
Database :: pexecute ( $stmt , array (
" loginname " => $loginname
));
2013-11-04 14:23:52 +00:00
$row3 = $stmt -> fetch ( PDO :: FETCH_ASSOC );
2021-02-16 11:38:01 +00:00
if ( $row3 && $row3 [ 'customer' ] == $loginname ) {
2010-10-15 11:48:05 +00:00
$table = " ` " . TABLE_PANEL_CUSTOMERS . " ` " ;
$uid = 'customerid' ;
$adminsession = '0' ;
$is_admin = false ;
}
}
}
}
2010-01-26 09:45:57 +00:00
}
2018-12-19 19:38:29 +00:00
if (( \Froxlor\Froxlor :: hasUpdates () || \Froxlor\Froxlor :: hasDbUpdates ()) && $is_admin == false ) {
2018-12-21 10:22:03 +00:00
\Froxlor\UI\Response :: redirectTo ( 'index.php' );
2018-11-30 12:45:17 +00:00
exit ();
2010-01-26 08:59:19 +00:00
}
2010-01-26 09:45:57 +00:00
2013-04-27 07:06:19 +00:00
if ( $is_admin ) {
2018-12-19 19:38:29 +00:00
if ( \Froxlor\Froxlor :: hasUpdates () || \Froxlor\Froxlor :: hasDbUpdates ()) {
2013-11-04 14:23:52 +00:00
$stmt = Database :: prepare ( " SELECT `loginname` AS `admin` FROM ` " . TABLE_PANEL_ADMINS . " `
WHERE `loginname` = : loginname
2018-11-30 12:45:17 +00:00
AND `change_serversettings` = '1' " );
Database :: pexecute ( $stmt , array (
" loginname " => $loginname
));
2013-11-04 14:23:52 +00:00
$row = $stmt -> fetch ( PDO :: FETCH_ASSOC );
2018-11-30 12:45:17 +00:00
if ( ! isset ( $row [ 'admin' ])) {
2013-11-04 14:23:52 +00:00
// not an admin who can see updates
2018-12-21 10:22:03 +00:00
\Froxlor\UI\Response :: redirectTo ( 'index.php' );
2018-11-30 12:45:17 +00:00
exit ();
2010-01-26 08:59:19 +00:00
}
2013-04-27 07:06:19 +00:00
} else {
2013-11-04 14:23:52 +00:00
$stmt = Database :: prepare ( " SELECT `loginname` AS `admin` FROM ` " . TABLE_PANEL_ADMINS . " `
2018-11-30 12:45:17 +00:00
WHERE `loginname` = : loginname " );
Database :: pexecute ( $stmt , array (
" loginname " => $loginname
));
2013-11-04 14:23:52 +00:00
$row = $stmt -> fetch ( PDO :: FETCH_ASSOC );
2010-01-26 08:59:19 +00:00
}
2010-01-26 09:45:57 +00:00
2021-02-16 11:38:01 +00:00
if ( $row && $row [ 'admin' ] == $loginname ) {
2010-01-20 16:55:27 +00:00
$table = " ` " . TABLE_PANEL_ADMINS . " ` " ;
$uid = 'adminid' ;
$adminsession = '1' ;
2013-04-27 07:06:19 +00:00
} else {
2013-12-14 09:28:33 +00:00
// Log failed login
2018-11-30 12:45:17 +00:00
$rstlog = FroxlorLogger :: getInstanceOf ( array (
'loginname' => $_SERVER [ 'REMOTE_ADDR' ]
));
2018-12-26 14:51:26 +00:00
$rstlog -> logAction ( \Froxlor\FroxlorLogger :: LOGIN_ACTION , LOG_WARNING , " Unknown user ' " . $loginname . " ' tried to login. " );
2013-12-14 09:28:33 +00:00
2018-12-21 10:22:03 +00:00
\Froxlor\UI\Response :: redirectTo ( 'index.php' , array (
2018-11-30 12:45:17 +00:00
'showmessage' => '2'
));
exit ();
2010-01-20 16:55:27 +00:00
}
}
2018-12-22 07:15:31 +00:00
$userinfo_stmt = Database :: prepare ( " SELECT * FROM $table
2018-11-30 12:45:17 +00:00
WHERE `loginname` = : loginname " );
2018-12-22 07:15:31 +00:00
Database :: pexecute ( $userinfo_stmt , array (
2018-11-30 12:45:17 +00:00
" loginname " => $loginname
));
2018-12-22 07:15:31 +00:00
$userinfo = $userinfo_stmt -> fetch ( PDO :: FETCH_ASSOC );
2010-01-20 16:55:27 +00:00
2018-12-22 07:15:31 +00:00
if ( $userinfo [ 'loginfail_count' ] >= Settings :: Get ( 'login.maxloginattempts' ) && $userinfo [ 'lastlogin_fail' ] > ( time () - Settings :: Get ( 'login.deactivatetime' ))) {
2018-12-21 10:22:03 +00:00
\Froxlor\UI\Response :: redirectTo ( 'index.php' , array (
2018-11-30 12:45:17 +00:00
'showmessage' => '3'
));
exit ();
2018-12-22 07:15:31 +00:00
} elseif ( \Froxlor\System\Crypt :: validatePasswordLogin ( $userinfo , $password , $table , $uid )) {
2018-11-30 12:45:17 +00:00
// only show "you're banned" if the login was successful
// because we don't want to publish that the user does exist
2018-12-22 07:15:31 +00:00
if ( $userinfo [ 'deactivated' ]) {
unset ( $userinfo );
2018-12-21 10:22:03 +00:00
\Froxlor\UI\Response :: redirectTo ( 'index.php' , array (
2018-11-30 12:45:17 +00:00
'showmessage' => '5'
));
exit ();
} else {
// login correct
// reset loginfail_counter, set lastlogin_succ
$stmt = Database :: prepare ( " UPDATE $table
2015-02-08 15:07:24 +00:00
SET `lastlogin_succ` = : lastlogin_succ , `loginfail_count` = '0'
2018-11-30 12:45:17 +00:00
WHERE `$uid` = : uid " );
Database :: pexecute ( $stmt , array (
" lastlogin_succ " => time (),
2018-12-22 07:15:31 +00:00
" uid " => $userinfo [ $uid ]
2018-11-30 12:45:17 +00:00
));
2018-12-22 07:15:31 +00:00
$userinfo [ 'userid' ] = $userinfo [ $uid ];
$userinfo [ 'adminsession' ] = $adminsession ;
2018-11-30 12:45:17 +00:00
}
2013-04-27 07:06:19 +00:00
} else {
2010-01-20 16:55:27 +00:00
// login incorrect
2013-11-04 14:23:52 +00:00
$stmt = Database :: prepare ( " UPDATE $table
SET `lastlogin_fail` = : lastlogin_fail , `loginfail_count` = `loginfail_count` + 1
2018-11-30 12:45:17 +00:00
WHERE `$uid` = : uid " );
Database :: pexecute ( $stmt , array (
" lastlogin_fail " => time (),
2018-12-22 07:15:31 +00:00
" uid " => $userinfo [ $uid ]
2018-11-30 12:45:17 +00:00
));
2013-12-14 09:28:33 +00:00
// Log failed login
2018-11-30 12:45:17 +00:00
$rstlog = FroxlorLogger :: getInstanceOf ( array (
'loginname' => $_SERVER [ 'REMOTE_ADDR' ]
));
2018-12-26 14:51:26 +00:00
$rstlog -> logAction ( \Froxlor\FroxlorLogger :: LOGIN_ACTION , LOG_WARNING , " User ' " . $loginname . " ' tried to login with wrong password. " );
2013-12-14 09:28:33 +00:00
2018-12-22 07:15:31 +00:00
unset ( $userinfo );
2018-12-21 10:22:03 +00:00
\Froxlor\UI\Response :: redirectTo ( 'index.php' , array (
2018-11-30 12:45:17 +00:00
'showmessage' => '2'
));
exit ();
2010-01-20 16:55:27 +00:00
}
2018-11-30 12:45:17 +00:00
// 2FA activated
2018-12-22 07:15:31 +00:00
if ( Settings :: Get ( '2fa.enabled' ) == '1' && $userinfo [ 'type_2fa' ] > 0 ) {
2018-11-30 12:45:17 +00:00
// redirect to code-enter-page
2018-12-22 07:15:31 +00:00
$_SESSION [ 'secret_2fa' ] = ( $userinfo [ 'type_2fa' ] == 2 ? $userinfo [ 'data_2fa' ] : 'email' );
$_SESSION [ 'uid_2fa' ] = $userinfo [ $uid ];
2018-11-30 12:45:17 +00:00
$_SESSION [ 'uidfield_2fa' ] = $uid ;
$_SESSION [ 'uidtable_2fa' ] = $table ;
$_SESSION [ 'unfo_2fa' ] = $is_admin ;
// send mail if type_2fa = 1 (email)
2018-12-22 07:15:31 +00:00
if ( $userinfo [ 'type_2fa' ] == 1 ) {
2018-11-30 12:45:17 +00:00
// generate code
2018-12-19 18:42:50 +00:00
$tfa = new \Froxlor\FroxlorTwoFactorAuth ( 'Froxlor' );
2018-11-30 12:45:17 +00:00
$code = $tfa -> getCode ( $tfa -> createSecret ());
// set code for user
$stmt = Database :: prepare ( " UPDATE $table SET `data_2fa` = :d2fa WHERE ` $uid ` = :uid " );
Database :: pexecute ( $stmt , array (
" d2fa " => $code ,
2018-12-22 07:15:31 +00:00
" uid " => $userinfo [ $uid ]
2018-11-30 12:45:17 +00:00
));
// build up & send email
$_mailerror = false ;
$mailerr_msg = " " ;
$replace_arr = array (
'CODE' => $code
2013-11-04 14:23:52 +00:00
);
2018-12-24 12:50:45 +00:00
$mail_body = html_entity_decode ( \Froxlor\PhpHelper :: replaceVariables ( $lng [ 'mails' ][ '2fa' ][ 'mailbody' ], $replace_arr ));
2018-11-30 12:45:17 +00:00
try {
2018-12-22 07:15:31 +00:00
$mail -> Subject = $lng [ 'mails' ][ '2fa' ][ 'subject' ];
2018-11-30 12:45:17 +00:00
$mail -> AltBody = $mail_body ;
$mail -> MsgHTML ( str_replace ( " \n " , " <br /> " , $mail_body ));
2018-12-22 07:15:31 +00:00
$mail -> AddAddress ( $userinfo [ 'email' ], \Froxlor\User :: getCorrectUserSalutation ( $userinfo ));
2018-11-30 12:45:17 +00:00
$mail -> Send ();
2018-12-18 12:45:05 +00:00
} catch ( \PHPMailer\PHPMailer\Exception $e ) {
2018-11-30 12:45:17 +00:00
$mailerr_msg = $e -> errorMessage ();
$_mailerror = true ;
} catch ( Exception $e ) {
$mailerr_msg = $e -> getMessage ();
$_mailerror = true ;
2013-11-04 14:23:52 +00:00
}
2013-11-18 12:02:59 +00:00
2018-11-30 12:45:17 +00:00
if ( $_mailerror ) {
$rstlog = FroxlorLogger :: getInstanceOf ( array (
'loginname' => '2fa code-sending'
));
2018-12-26 14:51:26 +00:00
$rstlog -> logAction ( \Froxlor\FroxlorLogger :: ADM_ACTION , LOG_ERR , " Error sending mail: " . $mailerr_msg );
2018-12-21 10:22:03 +00:00
\Froxlor\UI\Response :: redirectTo ( 'index.php' , array (
2018-11-30 12:45:17 +00:00
'showmessage' => '4' ,
2018-12-22 07:15:31 +00:00
'customermail' => $userinfo [ 'email' ]
2018-11-30 12:45:17 +00:00
));
exit ();
}
2014-02-19 10:08:43 +00:00
2018-11-30 12:45:17 +00:00
$mail -> ClearAddresses ();
2014-01-05 21:35:26 +00:00
}
2018-12-21 10:22:03 +00:00
\Froxlor\UI\Response :: redirectTo ( 'index.php' , array (
2018-11-30 12:45:17 +00:00
'action' => '2fa_entercode'
));
exit ();
}
2014-02-19 10:08:43 +00:00
2018-12-22 07:15:31 +00:00
if ( ! finishLogin ( $userinfo )) {
2018-12-21 10:22:03 +00:00
\Froxlor\UI\Response :: redirectTo ( 'index.php' , array (
2018-11-30 12:45:17 +00:00
'showmessage' => '2'
));
2010-01-20 16:55:27 +00:00
}
2018-11-30 12:45:17 +00:00
exit ();
2013-04-27 07:06:19 +00:00
} else {
2010-01-20 16:55:27 +00:00
$language_options = '' ;
2018-12-22 07:15:31 +00:00
$language_options .= \Froxlor\UI\HTML :: makeoption ( $lng [ 'login' ][ 'profile_lng' ], 'profile' , 'profile' , true , true );
2010-01-20 16:55:27 +00:00
2017-10-31 12:03:06 +00:00
foreach ( $languages as $language_file => $language_name ) {
2018-12-21 17:31:06 +00:00
$language_options .= \Froxlor\UI\HTML :: makeoption ( $language_name , $language_file , 'profile' , true );
2010-01-20 16:55:27 +00:00
}
2018-11-30 12:45:17 +00:00
$smessage = isset ( $_GET [ 'showmessage' ]) ? ( int ) $_GET [ 'showmessage' ] : 0 ;
2010-01-20 16:55:27 +00:00
$message = '' ;
2011-02-08 11:53:24 +00:00
$successmessage = '' ;
2010-01-20 16:55:27 +00:00
2013-04-27 07:06:19 +00:00
switch ( $smessage ) {
2018-11-30 12:45:17 +00:00
case 1 :
2018-12-22 07:15:31 +00:00
$successmessage = $lng [ 'pwdreminder' ][ 'success' ];
2018-11-30 12:45:17 +00:00
break ;
case 2 :
2018-12-22 07:15:31 +00:00
$message = $lng [ 'error' ][ 'login' ];
2018-11-30 12:45:17 +00:00
break ;
case 3 :
2018-12-22 07:15:31 +00:00
$message = sprintf ( $lng [ 'error' ][ 'login_blocked' ], Settings :: Get ( 'login.deactivatetime' ));
2018-11-30 12:45:17 +00:00
break ;
case 4 :
$cmail = isset ( $_GET [ 'customermail' ]) ? $_GET [ 'customermail' ] : 'unknown' ;
2018-12-22 07:15:31 +00:00
$message = str_replace ( '%s' , $cmail , $lng [ 'error' ][ 'errorsendingmail' ]);
2018-11-30 12:45:17 +00:00
break ;
case 5 :
2018-12-22 07:15:31 +00:00
$message = $lng [ 'error' ][ 'user_banned' ];
2018-11-30 12:45:17 +00:00
break ;
case 6 :
2018-12-22 07:15:31 +00:00
$successmessage = $lng [ 'pwdreminder' ][ 'changed' ];
2018-11-30 12:45:17 +00:00
break ;
case 7 :
2018-12-22 07:15:31 +00:00
$message = $lng [ 'pwdreminder' ][ 'wrongcode' ];
2018-11-30 12:45:17 +00:00
break ;
case 8 :
2018-12-22 07:15:31 +00:00
$message = $lng [ 'pwdreminder' ][ 'notallowed' ];
2018-11-30 12:45:17 +00:00
break ;
2010-01-20 16:55:27 +00:00
}
2010-01-26 09:45:57 +00:00
2010-01-26 08:59:19 +00:00
$update_in_progress = '' ;
2018-12-19 19:38:29 +00:00
if ( \Froxlor\Froxlor :: hasUpdates () || \Froxlor\Froxlor :: hasDbUpdates ()) {
2018-12-22 07:15:31 +00:00
$update_in_progress = $lng [ 'update' ][ 'updateinprogress_onlyadmincanlogin' ];
2010-01-26 09:45:57 +00:00
}
2018-11-30 12:45:17 +00:00
2014-01-05 21:35:26 +00:00
// Pass the last used page if needed
$lastscript = " " ;
if ( isset ( $_REQUEST [ 'script' ]) && $_REQUEST [ 'script' ] != " " ) {
$lastscript = $_REQUEST [ 'script' ];
2014-11-04 12:01:42 +00:00
2018-11-30 12:45:17 +00:00
if ( ! file_exists ( __DIR__ . " / " . $lastscript )) {
2014-11-04 12:01:42 +00:00
$lastscript = " " ;
}
2014-01-05 21:35:26 +00:00
}
$lastqrystr = " " ;
if ( isset ( $_REQUEST [ 'qrystr' ]) && $_REQUEST [ 'qrystr' ] != " " ) {
2016-06-03 14:20:34 +00:00
$lastqrystr = htmlspecialchars ( $_REQUEST [ 'qrystr' ], ENT_QUOTES );
2014-01-05 21:35:26 +00:00
}
2010-01-20 16:55:27 +00:00
2018-12-21 10:22:03 +00:00
eval ( " echo \" " . \Froxlor\UI\Template :: getTemplate ( 'login' ) . " \" ; " );
2010-01-20 16:55:27 +00:00
}
}
2013-04-27 07:06:19 +00:00
if ( $action == 'forgotpwd' ) {
2010-04-14 10:09:31 +00:00
$adminchecked = false ;
2010-04-14 10:27:28 +00:00
$message = '' ;
2013-11-04 14:23:52 +00:00
if ( isset ( $_POST [ 'send' ]) && $_POST [ 'send' ] == 'send' ) {
2018-12-21 15:32:44 +00:00
$loginname = \Froxlor\Validate\Validate :: validate ( $_POST [ 'loginname' ], 'loginname' );
2018-12-21 18:16:49 +00:00
$email = \Froxlor\Validate\Validate :: validateEmail ( $_POST [ 'loginemail' ], 'email' );
2020-02-29 07:16:55 +00:00
$result_stmt = Database :: prepare ( " SELECT `adminid`, `customerid`, `customernumber`, `firstname`, `name`, `company`, `email`, `loginname`, `def_language`, `deactivated` FROM ` " . TABLE_PANEL_CUSTOMERS . " `
2013-11-04 14:23:52 +00:00
WHERE `loginname` = : loginname
2018-11-30 12:45:17 +00:00
AND `email` = : email " );
Database :: pexecute ( $result_stmt , array (
" loginname " => $loginname ,
" email " => $email
));
2013-11-04 14:23:52 +00:00
if ( Database :: num_rows () == 0 ) {
2013-11-30 20:30:24 +00:00
$result_stmt = Database :: prepare ( " SELECT `adminid`, `name`, `email`, `loginname`, `def_language`, `deactivated` FROM ` " . TABLE_PANEL_ADMINS . " `
2013-11-04 14:23:52 +00:00
WHERE `loginname` = : loginname
2018-11-30 12:45:17 +00:00
AND `email` = : email " );
Database :: pexecute ( $result_stmt , array (
" loginname " => $loginname ,
" email " => $email
));
2013-11-18 12:02:59 +00:00
2013-11-04 14:23:52 +00:00
if ( Database :: num_rows () > 0 ) {
2010-04-14 10:27:28 +00:00
$adminchecked = true ;
2013-04-27 07:06:19 +00:00
} else {
2013-11-04 14:23:52 +00:00
$result_stmt = null ;
2010-04-14 10:27:28 +00:00
}
2010-01-20 16:55:27 +00:00
}
2013-11-04 14:23:52 +00:00
if ( $result_stmt !== null ) {
$user = $result_stmt -> fetch ( PDO :: FETCH_ASSOC );
2013-11-18 12:02:59 +00:00
2011-04-16 11:32:11 +00:00
/* Check whether user is banned */
2013-04-27 07:06:19 +00:00
if ( $user [ 'deactivated' ]) {
2018-12-21 10:22:03 +00:00
\Froxlor\UI\Response :: redirectTo ( 'index.php' , array (
2018-11-30 12:45:17 +00:00
'showmessage' => '8'
));
exit ();
2011-04-16 11:32:11 +00:00
}
2010-04-14 10:27:28 +00:00
2013-12-15 11:24:32 +00:00
if (( $adminchecked && Settings :: Get ( 'panel.allow_preset_admin' ) == '1' ) || $adminchecked == false ) {
2013-04-27 07:06:19 +00:00
if ( $user !== false ) {
2013-11-30 20:30:24 +00:00
// build a activation code
$timestamp = time ();
2018-12-20 11:38:18 +00:00
$first = substr ( md5 ( $user [ 'loginname' ] . $timestamp . \Froxlor\PhpHelper :: randomStr ( 16 )), 0 , 15 );
$third = substr ( md5 ( $user [ 'email' ] . $timestamp . \Froxlor\PhpHelper :: randomStr ( 16 )), - 15 );
2013-11-30 20:30:24 +00:00
$activationcode = $first . $timestamp . $third . substr ( md5 ( $third . $timestamp ), 0 , 10 );
2013-12-15 11:24:32 +00:00
2013-11-30 20:30:24 +00:00
// Drop all existing activation codes for this user
$stmt = Database :: prepare ( " DELETE FROM ` " . TABLE_PANEL_ACTIVATION . " `
WHERE `userid` = : userid
2018-11-30 12:45:17 +00:00
AND `admin` = : admin " );
2013-11-30 20:30:24 +00:00
$params = array (
" userid " => $adminchecked ? $user [ 'adminid' ] : $user [ 'customerid' ],
" admin " => $adminchecked ? 1 : 0
);
Database :: pexecute ( $stmt , $params );
2013-12-15 11:24:32 +00:00
2013-11-30 20:30:24 +00:00
// Add new activation code to database
$stmt = Database :: prepare ( " INSERT INTO ` " . TABLE_PANEL_ACTIVATION . " `
( userid , admin , creation , activationcode )
2018-11-30 12:45:17 +00:00
VALUES ( : userid , : admin , : creation , : activationcode ) " );
2013-11-30 20:30:24 +00:00
$params = array (
" userid " => $adminchecked ? $user [ 'adminid' ] : $user [ 'customerid' ],
" admin " => $adminchecked ? 1 : 0 ,
" creation " => $timestamp ,
" activationcode " => $activationcode
);
Database :: pexecute ( $stmt , $params );
2010-01-20 16:55:27 +00:00
2018-11-30 12:45:17 +00:00
$rstlog = FroxlorLogger :: getInstanceOf ( array (
'loginname' => 'password_reset'
));
2018-12-26 14:51:26 +00:00
$rstlog -> logAction ( \Froxlor\FroxlorLogger :: USR_ACTION , LOG_WARNING , " User ' " . $user [ 'loginname' ] . " ' requested a link for setting a new password. " );
2013-12-15 11:24:32 +00:00
2013-11-30 20:30:24 +00:00
// Set together our activation link
2018-11-30 12:45:17 +00:00
$protocol = empty ( $_SERVER [ 'HTTPS' ]) ? 'http' : 'https' ;
2014-06-29 09:25:31 +00:00
// this can be a fixed value to avoid potential exploiting by modifying headers
$host = Settings :: Get ( 'system.hostname' ); // $_SERVER['HTTP_HOST'];
2013-11-30 20:30:24 +00:00
$port = $_SERVER [ 'SERVER_PORT' ] != 80 ? ':' . $_SERVER [ 'SERVER_PORT' ] : '' ;
2014-12-19 13:11:17 +00:00
// don't add :443 when https is used, as it is default (and just looks weird!)
if ( $protocol == 'https' && $_SERVER [ 'SERVER_PORT' ] == '443' ) {
$port = '' ;
}
2014-06-29 09:25:31 +00:00
// there can be only one script to handle this so we can use a fixed value here
$script = " /index.php " ; // $_SERVER['SCRIPT_NAME'];
if ( Settings :: Get ( 'system.froxlordirectlyviahostname' ) == 0 ) {
2018-12-19 15:57:03 +00:00
$script = \Froxlor\FileDir :: makeCorrectFile ( " / " . basename ( __DIR__ ) . " / " . $script );
2014-06-29 09:25:31 +00:00
}
2013-11-30 20:30:24 +00:00
$activationlink = $protocol . '://' . $host . $port . $script . '?action=resetpwd&resetcode=' . $activationcode ;
2013-12-15 11:24:32 +00:00
2010-08-17 06:19:57 +00:00
$replace_arr = array (
2018-12-21 16:41:22 +00:00
'SALUTATION' => \Froxlor\User :: getCorrectUserSalutation ( $user ),
2020-02-29 07:16:55 +00:00
'NAME' => $user [ 'name' ],
'FIRSTNAME' => $user [ 'firstname' ] ? ? " " ,
'COMPANY' => $user [ 'company' ] ? ? " " ,
'CUSTOMER_NO' => $user [ 'customernumber' ] ? ? 0 ,
2014-12-19 13:11:17 +00:00
'USERNAME' => $loginname ,
2013-11-30 20:30:24 +00:00
'LINK' => $activationlink
2010-08-17 06:19:57 +00:00
);
2013-12-15 11:24:32 +00:00
$def_language = ( $user [ 'def_language' ] != '' ) ? $user [ 'def_language' ] : Settings :: Get ( 'panel.standardlanguage' );
2013-11-04 14:23:52 +00:00
$result_stmt = Database :: prepare ( 'SELECT `value` FROM `' . TABLE_PANEL_TEMPLATES . ' `
WHERE `adminid` = : adminid
AND `language` = : lang
2013-11-18 12:02:59 +00:00
AND `templategroup` = \ ' mails\ '
2018-11-30 12:45:17 +00:00
AND `varname` = \ 'password_reset_subject\'' );
Database :: pexecute ( $result_stmt , array (
" adminid " => $user [ 'adminid' ],
" lang " => $def_language
));
2013-11-04 14:23:52 +00:00
$result = $result_stmt -> fetch ( PDO :: FETCH_ASSOC );
2018-12-24 12:50:45 +00:00
$mail_subject = html_entity_decode ( \Froxlor\PhpHelper :: replaceVariables ((( $result [ 'value' ] != '' ) ? $result [ 'value' ] : $lng [ 'mails' ][ 'password_reset' ][ 'subject' ]), $replace_arr ));
2013-11-18 12:02:59 +00:00
2013-11-04 14:23:52 +00:00
$result_stmt = Database :: prepare ( 'SELECT `value` FROM `' . TABLE_PANEL_TEMPLATES . ' `
WHERE `adminid` = : adminid
AND `language` = : lang
AND `templategroup` = \ ' mails\ '
2018-11-30 12:45:17 +00:00
AND `varname` = \ 'password_reset_mailbody\'' );
Database :: pexecute ( $result_stmt , array (
" adminid " => $user [ 'adminid' ],
" lang " => $def_language
));
2013-11-04 14:23:52 +00:00
$result = $result_stmt -> fetch ( PDO :: FETCH_ASSOC );
2018-12-24 12:50:45 +00:00
$mail_body = html_entity_decode ( \Froxlor\PhpHelper :: replaceVariables ((( $result [ 'value' ] != '' ) ? $result [ 'value' ] : $lng [ 'mails' ][ 'password_reset' ][ 'mailbody' ]), $replace_arr ));
2013-12-01 10:06:33 +00:00
2010-04-14 10:27:28 +00:00
$_mailerror = false ;
2018-11-30 12:45:17 +00:00
$mailerr_msg = " " ;
2010-04-14 10:27:28 +00:00
try {
2010-08-17 06:19:57 +00:00
$mail -> Subject = $mail_subject ;
$mail -> AltBody = $mail_body ;
2010-12-05 17:15:24 +00:00
$mail -> MsgHTML ( str_replace ( " \n " , " <br /> " , $mail_body ));
2018-12-21 16:41:22 +00:00
$mail -> AddAddress ( $user [ 'email' ], \Froxlor\User :: getCorrectUserSalutation ( $user ));
2010-04-14 10:27:28 +00:00
$mail -> Send ();
2018-12-18 12:45:05 +00:00
} catch ( \PHPMailer\PHPMailer\Exception $e ) {
2010-04-14 10:27:28 +00:00
$mailerr_msg = $e -> errorMessage ();
$_mailerror = true ;
} catch ( Exception $e ) {
$mailerr_msg = $e -> getMessage ();
$_mailerror = true ;
}
if ( $_mailerror ) {
2018-11-30 12:45:17 +00:00
$rstlog = FroxlorLogger :: getInstanceOf ( array (
'loginname' => 'password_reset'
));
2018-12-26 14:51:26 +00:00
$rstlog -> logAction ( \Froxlor\FroxlorLogger :: ADM_ACTION , LOG_ERR , " Error sending mail: " . $mailerr_msg );
2018-12-21 10:22:03 +00:00
\Froxlor\UI\Response :: redirectTo ( 'index.php' , array (
2018-11-30 12:45:17 +00:00
'showmessage' => '4' ,
'customermail' => $user [ 'email' ]
));
exit ();
2010-04-14 10:27:28 +00:00
}
$mail -> ClearAddresses ();
2018-12-21 10:22:03 +00:00
\Froxlor\UI\Response :: redirectTo ( 'index.php' , array (
2018-11-30 12:45:17 +00:00
'showmessage' => '1'
));
exit ();
2013-04-27 07:06:19 +00:00
} else {
2018-11-30 12:45:17 +00:00
$rstlog = FroxlorLogger :: getInstanceOf ( array (
'loginname' => 'password_reset'
));
2018-12-26 14:51:26 +00:00
$rstlog -> logAction ( \Froxlor\FroxlorLogger :: USR_ACTION , LOG_WARNING , " User ' " . $loginname . " ' requested to set a new password, but was not found in database! " );
2018-12-22 07:15:31 +00:00
$message = $lng [ 'login' ][ 'combination_not_found' ];
2010-01-20 16:55:27 +00:00
}
2010-04-14 10:27:28 +00:00
unset ( $user );
2010-01-20 16:55:27 +00:00
}
2013-04-27 07:06:19 +00:00
} else {
2018-12-22 07:15:31 +00:00
$message = $lng [ 'login' ][ 'usernotfound' ];
2011-02-08 11:53:24 +00:00
}
2010-01-20 16:55:27 +00:00
}
2010-04-14 10:27:28 +00:00
2013-04-27 07:06:19 +00:00
if ( $adminchecked ) {
2013-12-15 11:24:32 +00:00
if ( Settings :: Get ( 'panel.allow_preset_admin' ) != '1' ) {
2018-12-22 07:15:31 +00:00
$message = $lng [ 'pwdreminder' ][ 'notallowed' ];
2018-11-30 12:45:17 +00:00
unset ( $adminchecked );
2010-02-25 19:06:02 +00:00
}
2013-04-27 07:06:19 +00:00
} else {
2013-12-15 11:24:32 +00:00
if ( Settings :: Get ( 'panel.allow_preset' ) != '1' ) {
2018-12-22 07:15:31 +00:00
$message = $lng [ 'pwdreminder' ][ 'notallowed' ];
2010-03-01 07:42:07 +00:00
}
2010-01-20 16:55:27 +00:00
}
2018-12-21 10:22:03 +00:00
eval ( " echo \" " . \Froxlor\UI\Template :: getTemplate ( 'fpwd' ) . " \" ; " );
2010-01-20 16:55:27 +00:00
}
2013-11-30 20:30:24 +00:00
if ( $action == 'resetpwd' ) {
$message = '' ;
2013-12-15 11:24:32 +00:00
2013-12-01 09:34:31 +00:00
// Remove old activation codes
$stmt = Database :: prepare ( " DELETE FROM ` " . TABLE_PANEL_ACTIVATION . " `
2018-11-30 12:45:17 +00:00
WHERE creation < : oldest " );
Database :: pexecute ( $stmt , array (
" oldest " => time () - 86400
));
2013-12-15 11:24:32 +00:00
2013-11-30 20:30:24 +00:00
if ( isset ( $_GET [ 'resetcode' ]) && strlen ( $_GET [ 'resetcode' ]) == 50 ) {
// Check if activation code is valid
$activationcode = $_GET [ 'resetcode' ];
$timestamp = substr ( $activationcode , 15 , 10 );
$third = substr ( $activationcode , 25 , 15 );
$check = substr ( $activationcode , 40 , 10 );
2013-12-15 11:24:32 +00:00
2013-11-30 20:30:24 +00:00
if ( substr ( md5 ( $third . $timestamp ), 0 , 10 ) == $check && $timestamp >= time () - 86400 ) {
if ( isset ( $_POST [ 'send' ]) && $_POST [ 'send' ] == 'send' ) {
$stmt = Database :: prepare ( " SELECT `userid`, `admin` FROM ` " . TABLE_PANEL_ACTIVATION . " `
2018-11-30 12:45:17 +00:00
WHERE `activationcode` = : activationcode " );
$result = Database :: pexecute_first ( $stmt , array (
" activationcode " => $activationcode
));
2013-12-15 11:24:32 +00:00
2013-11-30 20:30:24 +00:00
if ( $result !== false ) {
2020-02-08 09:03:41 +00:00
try {
$new_password = \Froxlor\System\Crypt :: validatePassword ( $_POST [ 'new_password' ], true );
$new_password_confirm = \Froxlor\System\Crypt :: validatePassword ( $_POST [ 'new_password_confirm' ], true );
} catch ( Exception $e ) {
$message = $e -> getMessage ();
}
if ( empty ( $message ) && ( empty ( $new_password ) || $new_password != $new_password_confirm )) {
$message = $lng [ 'error' ][ 'newpasswordconfirmerror' ];
2013-11-30 20:30:24 +00:00
}
2013-12-15 11:24:32 +00:00
2020-02-08 09:03:41 +00:00
if ( empty ( $message )) {
2013-11-30 20:30:24 +00:00
// Update user password
if ( $result [ 'admin' ] == 1 ) {
$stmt = Database :: prepare ( " UPDATE ` " . TABLE_PANEL_ADMINS . " `
SET `password` = : newpassword
2018-11-30 12:45:17 +00:00
WHERE `adminid` = : userid " );
2013-11-30 20:30:24 +00:00
} else {
$stmt = Database :: prepare ( " UPDATE ` " . TABLE_PANEL_CUSTOMERS . " `
SET `password` = : newpassword
2018-11-30 12:45:17 +00:00
WHERE `customerid` = : userid " );
2013-11-30 20:30:24 +00:00
}
2018-11-30 12:45:17 +00:00
Database :: pexecute ( $stmt , array (
2018-12-20 07:33:32 +00:00
" newpassword " => \Froxlor\System\Crypt :: makeCryptPassword ( $new_password ),
2018-11-30 12:45:17 +00:00
" userid " => $result [ 'userid' ]
));
$rstlog = FroxlorLogger :: getInstanceOf ( array (
'loginname' => 'password_reset'
));
2018-12-26 14:51:26 +00:00
$rstlog -> logAction ( \Froxlor\FroxlorLogger :: USR_ACTION , LOG_NOTICE , " changed password using password reset. " );
2013-12-15 11:24:32 +00:00
2013-11-30 20:30:24 +00:00
// Remove activation code from DB
$stmt = Database :: prepare ( " DELETE FROM ` " . TABLE_PANEL_ACTIVATION . " `
WHERE `activationcode` = : activationcode
2018-11-30 12:45:17 +00:00
AND `userid` = : userid " );
Database :: pexecute ( $stmt , array (
" activationcode " => $activationcode ,
" userid " => $result [ 'userid' ]
));
2018-12-21 10:22:03 +00:00
\Froxlor\UI\Response :: redirectTo ( 'index.php' , array (
2018-11-30 12:45:17 +00:00
" showmessage " => '6'
));
2013-11-30 20:30:24 +00:00
}
} else {
2018-12-21 10:22:03 +00:00
\Froxlor\UI\Response :: redirectTo ( 'index.php' , array (
2018-11-30 12:45:17 +00:00
" showmessage " => '7'
));
2013-11-30 20:30:24 +00:00
}
}
2013-12-15 11:24:32 +00:00
2018-12-21 10:22:03 +00:00
eval ( " echo \" " . \Froxlor\UI\Template :: getTemplate ( 'rpwd' ) . " \" ; " );
2013-11-30 20:30:24 +00:00
} else {
2018-12-21 10:22:03 +00:00
\Froxlor\UI\Response :: redirectTo ( 'index.php' , array (
2018-11-30 12:45:17 +00:00
" showmessage " => '7'
));
2013-11-30 20:30:24 +00:00
}
} else {
2018-12-21 10:22:03 +00:00
\Froxlor\UI\Response :: redirectTo ( 'index.php' );
2013-11-30 20:30:24 +00:00
}
}
2018-11-30 12:45:17 +00:00
2018-12-22 07:15:31 +00:00
function finishLogin ( $userinfo )
2018-11-30 12:45:17 +00:00
{
global $version , $dbversion , $remote_addr , $http_user_agent , $languages ;
2018-12-22 07:15:31 +00:00
if ( isset ( $userinfo [ 'userid' ]) && $userinfo [ 'userid' ] != '' ) {
2018-11-30 12:45:17 +00:00
$s = md5 ( uniqid ( microtime (), 1 ));
if ( isset ( $_POST [ 'language' ])) {
2018-12-21 15:32:44 +00:00
$language = \Froxlor\Validate\Validate :: validate ( $_POST [ 'language' ], 'language' );
2018-11-30 12:45:17 +00:00
if ( $language == 'profile' ) {
2018-12-22 07:15:31 +00:00
$language = $userinfo [ 'def_language' ];
2018-11-30 12:45:17 +00:00
} elseif ( ! isset ( $languages [ $language ])) {
$language = Settings :: Get ( 'panel.standardlanguage' );
}
} else {
$language = Settings :: Get ( 'panel.standardlanguage' );
}
2018-12-22 07:15:31 +00:00
if ( isset ( $userinfo [ 'theme' ]) && $userinfo [ 'theme' ] != '' ) {
$theme = $userinfo [ 'theme' ];
2018-11-30 12:45:17 +00:00
} else {
$theme = Settings :: Get ( 'panel.default_theme' );
}
if ( Settings :: Get ( 'session.allow_multiple_login' ) != '1' ) {
$stmt = Database :: prepare ( " DELETE FROM ` " . TABLE_PANEL_SESSIONS . " `
WHERE `userid` = : uid
AND `adminsession` = : adminsession " );
Database :: pexecute ( $stmt , array (
2018-12-22 07:15:31 +00:00
" uid " => $userinfo [ 'userid' ],
" adminsession " => $userinfo [ 'adminsession' ]
2018-11-30 12:45:17 +00:00
));
}
// check for field 'theme' in session-table, refs #607
// Changed with #1287 to new method
$stmt = Database :: query ( " SHOW COLUMNS FROM panel_sessions LIKE 'theme' " );
while ( $row = $stmt -> fetch ( PDO :: FETCH_ASSOC )) {
if ( $row [ 'Field' ] == " theme " ) {
$has_theme = true ;
}
}
$params = array (
" hash " => $s ,
2018-12-22 07:15:31 +00:00
" userid " => $userinfo [ 'userid' ],
2018-11-30 12:45:17 +00:00
" ipaddress " => $remote_addr ,
" useragent " => $http_user_agent ,
" lastactivity " => time (),
" language " => $language ,
2018-12-22 07:15:31 +00:00
" adminsession " => $userinfo [ 'adminsession' ]
2018-11-30 12:45:17 +00:00
);
if ( $has_theme ) {
$params [ " theme " ] = $theme ;
$stmt = Database :: prepare ( " INSERT INTO ` " . TABLE_PANEL_SESSIONS . " `
( `hash` , `userid` , `ipaddress` , `useragent` , `lastactivity` , `language` , `adminsession` , `theme` )
VALUES ( : hash , : userid , : ipaddress , : useragent , : lastactivity , : language , : adminsession , : theme ) " );
} else {
$stmt = Database :: prepare ( " INSERT INTO ` " . TABLE_PANEL_SESSIONS . " `
( `hash` , `userid` , `ipaddress` , `useragent` , `lastactivity` , `language` , `adminsession` )
VALUES ( : hash , : userid , : ipaddress , : useragent , : lastactivity , : language , : adminsession ) " );
}
Database :: pexecute ( $stmt , $params );
$qryparams = array ();
if ( isset ( $_POST [ 'qrystr' ]) && $_POST [ 'qrystr' ] != " " ) {
parse_str ( urldecode ( $_POST [ 'qrystr' ]), $qryparams );
}
$qryparams [ 's' ] = $s ;
2018-12-22 07:15:31 +00:00
if ( $userinfo [ 'adminsession' ] == '1' ) {
2018-12-21 18:16:49 +00:00
if ( \Froxlor\Froxlor :: hasUpdates () || \Froxlor\Froxlor :: hasDbUpdates ()) {
2018-12-21 10:22:03 +00:00
\Froxlor\UI\Response :: redirectTo ( 'admin_updates.php' , array (
2018-11-30 12:45:17 +00:00
's' => $s
));
} else {
if ( isset ( $_POST [ 'script' ]) && $_POST [ 'script' ] != " " ) {
if ( preg_match ( " /customer \ _/ " , $_POST [ 'script' ]) === 1 ) {
2018-12-21 10:22:03 +00:00
\Froxlor\UI\Response :: redirectTo ( 'admin_customers.php' , array (
2018-11-30 12:45:17 +00:00
" page " => " customers "
));
} else {
2018-12-21 10:22:03 +00:00
\Froxlor\UI\Response :: redirectTo ( $_POST [ 'script' ], $qryparams );
2018-11-30 12:45:17 +00:00
}
} else {
2018-12-21 10:22:03 +00:00
\Froxlor\UI\Response :: redirectTo ( 'admin_index.php' , $qryparams );
2018-11-30 12:45:17 +00:00
}
}
} else {
if ( isset ( $_POST [ 'script' ]) && $_POST [ 'script' ] != " " ) {
2018-12-21 10:22:03 +00:00
\Froxlor\UI\Response :: redirectTo ( $_POST [ 'script' ], $qryparams );
2018-11-30 12:45:17 +00:00
} else {
2018-12-21 10:22:03 +00:00
\Froxlor\UI\Response :: redirectTo ( 'customer_index.php' , $qryparams );
2018-11-30 12:45:17 +00:00
}
}
}
return false ;
2018-12-20 11:38:18 +00:00
}