maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

get rid of session variable in URL

Browse Source 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann
2022-03-14 22:51:59 +01:00
parent 2972d95e8b
commit 164b46ece3
56 changed files with 447 additions and 698 deletions
Download Patch File Download Diff File Expand all files Collapse all files

91
lib/Froxlor/Ajax/Ajax.php
View File

@@ -27,7 +27,6 @@ use Froxlor\UI\Request;
*/
class Ajax
{
protected string $session;
protected string $action;
protected string $theme;
protected array $userinfo;
@@ -38,22 +37,11 @@ class Ajax
*/
public function __construct()
{
$this->session = $_GET['s'] ?? $_POST['s'] ?? null;
$this->action = $_GET['action'] ?? $_POST['action'] ?? null;
$this->theme = $_GET['theme'] ?? 'Froxlor';
UI::sendHeaders();
UI::sendSslHeaders();
ini_set("session.name", "s");
ini_set("url_rewriter.tags", "");
ini_set("session.use_cookies", false);
ini_set("session.cookie_httponly", true);
ini_set("session.cookie_secure", UI::$SSL_REQ);
session_id($this->session);
session_start();
$this->initLang();
}
/**
@@ -77,11 +65,11 @@ class Ajax
// ensure that we can display messages
$language = \Froxlor\Settings::Get('panel.standardlanguage');
if (isset($this->user_data['language']) && isset($langs[$this->user_data['language']])) {
if (isset($this->userinfo['language']) && isset($langs[$this->userinfo['language']])) {
// default: use language from session, #277
$language = $this->user_data['language'];
} elseif (isset($this->user_data['def_language'])) {
$language = $this->user_data['def_language'];
$language = $this->userinfo['language'];
} elseif (isset($this->userinfo['def_language'])) {
$language = $this->userinfo['def_language'];
}
// include every english language file we can get
@@ -112,6 +100,8 @@ class Ajax
{
$this->userinfo = $this->getValidatedSession();
$this->initLang();
switch ($this->action) {
case 'newsfeed':
return $this->getNewsfeed();
@@ -139,51 +129,10 @@ class Ajax
*/
private function getValidatedSession(): array
{
$remote_addr = $_SERVER['REMOTE_ADDR'];
if (empty($_SERVER['HTTP_USER_AGENT'])) {
$http_user_agent = 'unknown';
} else {
$http_user_agent = $_SERVER['HTTP_USER_AGENT'];
if (\Froxlor\CurrentUser::hasSession() == false) {
throw new Exception("No valid session");
}
$timediff = time() - \Froxlor\Settings::Get('session.sessiontimeout');
$sel_stmt = \Froxlor\Database\Database::prepare("
SELECT * FROM `" . TABLE_PANEL_SESSIONS . "`
WHERE `hash` = :hash AND `ipaddress` = :ipaddr AND `useragent` = :ua AND `lastactivity` > :timediff
");
$session = \Froxlor\Database\Database::pexecute_first($sel_stmt, [
'hash' => $this->session,
'ipaddr' => $remote_addr,
'ua' => $http_user_agent,
'timediff' => $timediff
]);
if (!$session) {
throw new Exception('Session is not defined!');
}
if ($session['adminsession'] == 1) {
// test for admin
$sel_stmt = \Froxlor\Database\Database::prepare("
SELECT * FROM `" . TABLE_PANEL_ADMINS . "`
WHERE `adminid` = :userid
");
} else {
// test for customer
$sel_stmt = \Froxlor\Database\Database::prepare("
SELECT * FROM `" . TABLE_PANEL_CUSTOMERS . "`
WHERE `customerid` = :userid
");
}
$user = \Froxlor\Database\Database::pexecute_first($sel_stmt, [
'userid' => $session['userid']
]);
if (!$user) {
throw new Exception('Session is not defined!');
}
$user['adminsession'] = $session['adminsession'];
return $user;
return \Froxlor\CurrentUser::getData();
}
/**
@@ -252,21 +201,17 @@ class Ajax
private function getUpdateCheck()
{
UI::initTwig();
UI::twig()->addGlobal('s', $this->session);
// TODO: set variables from current session
try {
$json_result = \Froxlor\Api\Commands\Froxlor::getLocal([
'adminid' => 1,
'adminsession' => 1,
'change_serversettings' => 1,
'loginname' => 'updatecheck'
])->checkUpdate();
$json_result = \Froxlor\Api\Commands\Froxlor::getLocal($this->userinfo)->checkUpdate();
$result = json_decode($json_result, true)['data'];
echo UI::twig()->render($this->theme . '/misc/version_top.html.twig', $result);
exit;
} catch (Exception $e) {
\Froxlor\UI\Response::dynamic_error($e->getMessage());
// don't display anything if just not allowed due to permissions
if ($e->getCode() != 403) {
\Froxlor\UI\Response::dynamic_error($e->getMessage());
}
}
}
@@ -310,7 +255,7 @@ class Ajax
}
$result['settings'][] = [
'title' => (is_array($sresult['label']) ? $sresult['label']['title'] : $sresult['label']),
'href' => 'admin_settings.php?page=overview&part=' . $pk[1] . '&em=' . $pk[3] . '&s=' . $this->session
'href' => 'admin_settings.php?page=overview&part=' . $pk[1] . '&em=' . $pk[3]
];
}
}
@@ -346,7 +291,7 @@ class Ajax
}
$result['customer'][] = [
'title' => User::getCorrectFullUserDetails($cresult),
'href' => 'admin_customers.php?page=customers&action=edit&id=' . $cresult['customerid'] . '&s=' . $this->session
'href' => 'admin_customers.php?page=customers&action=edit&id=' . $cresult['customerid']
];
}
}
@@ -374,7 +319,7 @@ class Ajax
}
$result['domains'][] = [
'title' => $cresult['domain_ace'],
'href' => 'admin_domains.php?page=domains&action=edit&id=' . $cresult['id'] . '&s=' . $this->session
'href' => 'admin_domains.php?page=domains&action=edit&id=' . $cresult['id']
];
}
}
@@ -403,7 +348,7 @@ class Ajax
}
$result['domains'][] = [
'title' => $cresult['domain_ace'],
'href' => 'customer_domains.php?page=domains&action=edit&id=' . $cresult['id'] . '&s=' . $this->session
'href' => 'customer_domains.php?page=domains&action=edit&id=' . $cresult['id']
];
}
}

6
lib/Froxlor/Api/Commands/Customers.php
View File

@@ -1535,12 +1535,6 @@ class Customers extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resource
'id' => $id
), true, true);
// delete potential existing sessions
$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_SESSIONS . "` WHERE `userid` = :id AND `adminsession` = '0'");
Database::pexecute($stmt, array(
'id' => $id
), true, true);
// delete traffic information
$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_TRAFFIC . "` WHERE `customerid` = :id");
Database::pexecute($stmt, array(

106
lib/Froxlor/CurrentUser.php Normal file
View File

@@ -0,0 +1,106 @@
<?php
namespace Froxlor;
use Froxlor\Database\Database;
/**
* Class to manage the current user / session
*/
class CurrentUser
{
/**
* set the userinfo data to the session
*
* @param array $data
*/
public static function setData(array $data = []): void
{
$_SESSION['userinfo'] = $data;
}
/**
* returns whether there is an active session
*
* @return bool
*/
public static function hasSession(): bool
{
return !empty($_SESSION) && isset($_SESSION['userinfo']) && !empty($_SESSION['userinfo']);
}
/**
* returns whether user has an adminsession
*
* @return bool
*/
public static function isAdmin(): bool
{
return (self::getField('adminsession') == 1 && self::getField('adminid') > 0 && empty(self::getField('customerid')));
}
/**
* return content of a given field from userinfo-array
*
* @param string $index
*
* @return string|array
*/
public static function getField(string $index)
{
return isset($_SESSION['userinfo'][$index]) ? $_SESSION['userinfo'][$index] : "";
}
/**
* set userinfo field in session
*
* @param string $index
* @param mixed $data
*
* @return boolean
*/
public static function setField(string $index, $data): bool
{
$_SESSION['userinfo'][$index] = $data;
return true;
}
/**
* Return userinfo array
*
* @return array
*/
public static function getData(): array
{
return $_SESSION['userinfo'] ?? [];
}
/**
* re-read in the user data if a valid session exists
*
* @return boolean
*/
public static function reReadUserData()
{
$table = self::isAdmin() ? TABLE_PANEL_ADMINS : TABLE_PANEL_CUSTOMERS;
$userinfo_stmt = Database::prepare("
SELECT * FROM `" . $table . "` WHERE `loginname`= :loginname AND `deactivated` = '0'
");
$userinfo = Database::pexecute_first($userinfo_stmt, [
"loginname" => self::getField('loginname')
]);
if ($userinfo) {
// dont just set the data, we need to merge with current data
// array_merge is a right-reduction - value existing in getData() will be overwritten with $userinfo,
// other than the union-operator (+) which would keep the values already existing from getData()
$newuserinfo = array_merge(self::getData(), $userinfo);
self::setData($newuserinfo);
return true;
}
// unset / logout
unset($_SESSION['userinfo']);
self::setData([]);
return false;
}
}

13
lib/Froxlor/UI/Linker.php
View File

@@ -1,4 +1,5 @@
<?php
namespace Froxlor\UI;
/**
@@ -33,7 +34,7 @@ class Linker
private $args = array();
public function __construct($file = 'index.php', $sessionid = '', $hostname = '', $protocol = '', $port = '', $username = '', $password = '')
public function __construct($file = 'index.php', $hostname = '', $protocol = '', $port = '', $username = '', $password = '')
{
// Set the basic parts of our URL
$this->protocol = $protocol;
@@ -42,8 +43,6 @@ class Linker
$this->hostname = $hostname;
$this->port = $port;
$this->filename = $file;
// @TODO: Remove this
$this->args['s'] = $sessionid;
}
public function __set($key, $value)
@@ -90,11 +89,7 @@ class Linker
public function delAll()
{
// Just resetting the array
// Until the sessionid can be removed: save it
// @TODO: Remove this
$this->args = array(
's' => $this->args['s']
);
$this->args = [];
}
public function getLink()
@@ -158,7 +153,7 @@ class Linker
// Loop through arguments and add them to the link
foreach ($this->args as $key => $value) {
// For all but the first argument, prepend "&amp;"
if (substr($link, - 1) != "?") {
if (substr($link, -1) != "?") {
$link .= "&";
}

17
lib/Froxlor/UI/Paging.php
View File

@@ -210,23 +210,6 @@ class Paging
}
$this->userinfo['lastpaging']['pageno'] = $this->pageno;
$upd_stmt = \Froxlor\Database\Database::prepare("
UPDATE `" . TABLE_PANEL_SESSIONS . "` SET
`lastpaging` = :lastpaging
WHERE `hash` = :hash AND `userid` = :userid
AND `ipaddress` = :ipaddr AND `useragent` = :ua
AND `adminsession` = :adminsession
");
$upd_data = array(
'lastpaging' => json_encode($this->userinfo['lastpaging']),
'hash' => $userinfo['hash'],
'userid' => $userinfo['userid'],
'ipaddr' => $userinfo['ipaddress'],
'ua' => $userinfo['useragent'],
'adminsession' => $userinfo['adminsession']
);
\Froxlor\Database\Database::pexecute($upd_stmt, $upd_data);
$this->limit = $limit;
}

22
lib/Froxlor/UI/Panel/UI.php
View File

@@ -51,13 +51,27 @@ class UI
private static $install_mode = false;
public static $SSL_REQ = false;
/**
* send various security related headers
*/
public static function sendHeaders()
{
$isHttps =
$_SERVER['HTTPS']
?? $_SERVER['REQUEST_SCHEME']
?? $_SERVER['HTTP_X_FORWARDED_PROTO']
?? null;
$isHttps =
$isHttps && (strcasecmp('on', $isHttps) == 0
|| strcasecmp('https', $isHttps) == 0
);
ini_set("url_rewriter.tags", "");
ini_set("session.cookie_httponly", true);
ini_set("session.cookie_secure", $isHttps);
session_start();
header("Content-Type: text/html; charset=UTF-8");
// prevent Froxlor pages from being cached
@@ -96,7 +110,6 @@ class UI
* If Froxlor was called via HTTPS -> enforce it for the next time by settings HSTS header according to settings
*/
if (isset($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS']) != 'off')) {
self::$SSL_REQ = true;
$maxage = \Froxlor\Settings::Get('system.hsts_maxage');
if (empty($maxage)) {
$maxage = 0;
@@ -161,15 +174,14 @@ class UI
if (!self::$install_mode) {
// system default
if (\Froxlor\Froxlor::DBVERSION <= 202299999) {
// @fixme set this to the last 0.10.x DBVERSION to fallback to the new theme
\Froxlor\Settings::Set('panel.default_theme', 'Froxlor');
}
$theme = (\Froxlor\Settings::Get('panel.default_theme') !== null) ? \Froxlor\Settings::Get('panel.default_theme') : $theme;
// customer theme
/*
if (\Froxlor\CurrentUser::hasSession() && \Froxlor\CurrentUser::getField('theme') != $theme) {
$theme = \Froxlor\CurrentUser::getField('theme');
}
*/
}
if (!file_exists(\Froxlor\Froxlor::getInstallDir() . '/templates/' . $theme)) {
\Froxlor\PhpHelper::phpErrHandler(E_USER_WARNING, "Theme '" . $theme . "' could not be found.", __FILE__, __LINE__, null);

16
lib/Froxlor/UI/Response.php
View File

@@ -20,14 +20,8 @@ class Response
*/
public static function redirectTo($destination, $get_variables = null, $isRelative = true)
{
global $s;
if (is_array($get_variables)) {
if (isset($get_variables['s'])) {
$linker = new Linker($destination, $get_variables['s']);
} else {
$linker = new Linker($destination, $s);
}
$linker = new Linker($destination);
foreach ($get_variables as $key => $value) {
$linker->add($key, $value);
@@ -165,7 +159,7 @@ class Response
*/
public static function standard_success($success_message = '', $replacer = '', $params = array(), $throw_exception = false)
{
global $s, $lng;
global $lng;
if (isset($lng['success'][$success_message])) {
$success_message = strtr($lng['success'][$success_message], array(
@@ -178,12 +172,14 @@ class Response
}
if (is_array($params) && isset($params['filename'])) {
$redirect_url = $params['filename'] . '?s=' . $s;
$redirect_url = $params['filename'];
unset($params['filename']);
$first = true;
foreach ($params as $varname => $value) {
if ($value != '') {
$redirect_url .= '&amp;' . $varname . '=' . $value;
$redirect_url .= ($first ? '?' : '&amp;') . $varname . '=' . $value;
if ($first) $first = false;
}
}
} else {

221
lib/init.php
View File

@@ -20,43 +20,39 @@
// define default theme for configurehint, etc.
$_deftheme = 'Froxlor';
function view($template, $attributes) {
$view = file_get_contents(dirname(__DIR__) . '/templates/' . $template);
function view($template, $attributes)
{
$view = file_get_contents(dirname(__DIR__) . '/templates/' . $template);
return str_replace(array_keys($attributes), array_values($attributes), $view);
return str_replace(array_keys($attributes), array_values($attributes), $view);
}
// validate correct php version
if (version_compare("7.4.0", PHP_VERSION, ">=")) {
die(
view($_deftheme . '/misc/phprequirementfailed.html.twig', [
'{{ basehref }}' => '',
'{{ froxlor_min_version }}' => '7.4.0',
'{{ current_version }}' => PHP_VERSION,
'{{ current_year }}' => date('Y', time()),
])
);
die(view($_deftheme . '/misc/phprequirementfailed.html.twig', [
'{{ basehref }}' => '',
'{{ froxlor_min_version }}' => '7.4.0',
'{{ current_version }}' => PHP_VERSION,
'{{ current_year }}' => date('Y', time()),
]));
}
// validate vendor autoloader
if (!file_exists(dirname(__DIR__) . '/vendor/autoload.php')) {
die(
view($_deftheme . '/misc/vendormissinghint.html.twig', [
'{{ basehref }}' => '',
'{{ froxlor_install_dir }}' => dirname(__DIR__),
'{{ current_year }}' => date('Y', time()),
])
);
die(view($_deftheme . '/misc/vendormissinghint.html.twig', [
'{{ basehref }}' => '',
'{{ froxlor_install_dir }}' => dirname(__DIR__),
'{{ current_year }}' => date('Y', time()),
]));
}
require dirname(__DIR__) . '/vendor/autoload.php';
use Froxlor\Database\Database;
use Froxlor\PhpHelper;
use Froxlor\Settings;
use Froxlor\UI\Panel\UI;
use Froxlor\UI\Request;
use voku\helper\AntiXSS;
use Froxlor\CurrentUser;
// include MySQL-tabledefinitions
require \Froxlor\Froxlor::getInstallDir() . '/lib/tables.inc.php';
@@ -64,7 +60,6 @@ require \Froxlor\Froxlor::getInstallDir() . '/lib/tables.inc.php';
UI::sendHeaders();
UI::initTwig();
/**
* Register Globals Security Fix
*/
@@ -120,97 +115,12 @@ UI::sendSslHeaders();
// create a new idna converter
$idna_convert = new \Froxlor\Idna\IdnaWrapper();
// SESSION MANAGEMENT
$remote_addr = $_SERVER['REMOTE_ADDR'];
if (empty($_SERVER['HTTP_USER_AGENT'])) {
$http_user_agent = 'unknown';
} else {
$http_user_agent = $_SERVER['HTTP_USER_AGENT'];
}
unset($userinfo);
unset($userid);
unset($customerid);
unset($adminid);
unset($s);
if (isset($_POST['s'])) {
$s = $_POST['s'];
$nosession = 0;
} elseif (isset($_GET['s'])) {
$s = $_GET['s'];
$nosession = 0;
} else {
$s = '';
$nosession = 1;
// re-read user data if logged in
if (CurrentUser::hasSession()) {
CurrentUser::reReadUserData();
}
$timediff = time() - Settings::Get('session.sessiontimeout');
$del_stmt = Database::prepare("
DELETE FROM `" . TABLE_PANEL_SESSIONS . "` WHERE `lastactivity` < :timediff
");
Database::pexecute($del_stmt, array(
'timediff' => $timediff
));
$userinfo = array();
if (isset($s) && $s != "" && $nosession != 1) {
ini_set("session.name", "s");
ini_set("url_rewriter.tags", "");
ini_set("session.use_cookies", false);
ini_set("session.cookie_httponly", true);
ini_set("session.cookie_secure", UI::$SSL_REQ);
session_id($s);
session_start();
$query = "SELECT `s`.*, `u`.* FROM `" . TABLE_PANEL_SESSIONS . "` `s` LEFT JOIN `";
if (AREA == 'admin') {
$query .= TABLE_PANEL_ADMINS . "` `u` ON (`s`.`userid` = `u`.`adminid`)";
$adminsession = '1';
} else {
$query .= TABLE_PANEL_CUSTOMERS . "` `u` ON (`s`.`userid` = `u`.`customerid`)";
$adminsession = '0';
}
$query .= " WHERE `s`.`hash` = :hash AND `s`.`ipaddress` = :ipaddr
AND `s`.`useragent` = :ua AND `s`.`lastactivity` > :timediff
AND `s`.`adminsession` = :adminsession
";
$userinfo_data = array(
'hash' => $s,
'ipaddr' => $remote_addr,
'ua' => $http_user_agent,
'timediff' => $timediff,
'adminsession' => $adminsession
);
$userinfo_stmt = Database::prepare($query);
$userinfo = Database::pexecute_first($userinfo_stmt, $userinfo_data);
if ($userinfo && (($userinfo['adminsession'] == '1' && AREA == 'admin' && isset($userinfo['adminid'])) || ($userinfo['adminsession'] == '0' && (AREA == 'customer' || AREA == 'login') && isset($userinfo['customerid']))) && (!isset($userinfo['deactivated']) || $userinfo['deactivated'] != '1')) {
$upd_stmt = Database::prepare("
UPDATE `" . TABLE_PANEL_SESSIONS . "` SET
`lastactivity` = :lastactive
WHERE `hash` = :hash AND `adminsession` = :adminsession
");
$upd_data = array(
'lastactive' => time(),
'hash' => $s,
'adminsession' => $adminsession
);
Database::pexecute($upd_stmt, $upd_data);
$nosession = 0;
} else {
$nosession = 1;
}
} else {
$nosession = 1;
}
/**
* Language Management
*/
// Language Management
$langs = array();
$languages = array();
$iso = array();
@@ -239,36 +149,31 @@ foreach ($langs as $key => $value) {
// ensure that we can display messages
$language = Settings::Get('panel.standardlanguage');
if (isset($userinfo['language']) && isset($languages[$userinfo['language']])) {
if (CurrentUser::hasSession() && !empty(CurrentUser::getField('language')) && isset($languages[CurrentUser::getField('language')])) {
// default: use language from session, #277
$language = $userinfo['language'];
$language = CurrentUser::getField('language');
} else {
if (!isset($userinfo['def_language']) || !isset($languages[$userinfo['def_language']])) // this will always evaluat true, since it is the above statement inverted. @todo remove
{
if (isset($_GET['language']) && isset($languages[$_GET['language']])) {
$language = $_GET['language'];
} else {
if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
$accept_langs = explode(',', $_SERVER['HTTP_ACCEPT_LANGUAGE']);
for ($i = 0; $i < count($accept_langs); $i++) {
// this only works for most common languages. some (uncommon) languages have a 3 letter iso-code.
// to be able to use these also, we would have to depend on the intl extension for php (using Locale::lookup or similar)
// as long as froxlor does not support any of these languages, we can leave it like that.
if (isset($iso[substr($accept_langs[$i], 0, 2)])) {
$language = $iso[substr($accept_langs[$i], 0, 2)];
break;
}
if (!CurrentUser::hasSession()) {
if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
$accept_langs = explode(',', $_SERVER['HTTP_ACCEPT_LANGUAGE']);
for ($i = 0; $i < count($accept_langs); $i++) {
// this only works for most common languages. some (uncommon) languages have a 3 letter iso-code.
// to be able to use these also, we would have to depend on the intl extension for php (using Locale::lookup or similar)
// as long as froxlor does not support any of these languages, we can leave it like that.
if (isset($iso[substr($accept_langs[$i], 0, 2)])) {
$language = $iso[substr($accept_langs[$i], 0, 2)];
break;
}
unset($iso);
}
unset($iso);
// if HTTP_ACCEPT_LANGUAGES has no valid langs, use default (very unlikely)
if (!strlen($language) > 0) {
$language = Settings::Get('panel.standardlanguage');
}
// if HTTP_ACCEPT_LANGUAGES has no valid langs, use default (very unlikely)
if (!strlen($language) > 0) {
$language = Settings::Get('panel.standardlanguage');
}
}
} else {
$language = $userinfo['def_language'];
$language = CurrentUser::getField('def_language');
}
}
@@ -290,7 +195,7 @@ include_once \Froxlor\FileDir::makeSecurePath('lng/lng_references.php');
UI::setLng($lng);
// Initialize our link - class
$linker = new \Froxlor\UI\Linker('index.php', $s);
$linker = new \Froxlor\UI\Linker('index.php');
UI::setLinker($linker);
/**
@@ -301,8 +206,8 @@ $theme = (Settings::Get('panel.default_theme') !== null) ? Settings::Get('panel.
/**
* overwrite with customer/admin theme if defined
*/
if (isset($userinfo['theme']) && $userinfo['theme'] != $theme) {
$theme = $userinfo['theme'];
if (CurrentUser::hasSession() && CurrentUser::getField('theme') != $theme) {
$theme = CurrentUser::getField('theme');
}
// Check if a different variant of the theme is used
@@ -351,8 +256,10 @@ UI::twig()->addGlobal('header_logo', $header_logo);
/**
* Redirects to index.php (login page) if no session exists
*/
if ($nosession == 1 && AREA != 'login') {
unset($userinfo);
if (!CurrentUser::hasSession() && AREA != 'login') {
unset($_SESSION['userinfo']);
CurrentUser::setData();
session_destroy();
$params = array(
"script" => basename($_SERVER["SCRIPT_NAME"]),
"qrystr" => $_SERVER["QUERY_STRING"]
@@ -361,16 +268,18 @@ if ($nosession == 1 && AREA != 'login') {
exit();
}
$userinfo = CurrentUser::getData();
UI::twig()->addGlobal('userinfo', ($userinfo ?? []));
UI::setCurrentUser($userinfo);
/**
* Logic moved out of lng-file
*/
if (isset($userinfo['loginname']) && $userinfo['loginname'] != '') {
$lng['menue']['main']['username'] .= $userinfo['loginname'];
// Initialize logger
if (CurrentUser::hasSession()) {
// Initialize logging
$log = \Froxlor\FroxlorLogger::getInstanceOf($userinfo);
if ((CurrentUser::isAdmin() && AREA != 'admin') || (!CurrentUser::isAdmin() && AREA != 'customer')) {
// user tries to access an area not meant for him -> redirect to corresponding index
\Froxlor\UI\Response::redirectTo((CurrentUser::isAdmin() ? 'admin' : 'customer') . '_index.php', $params);
exit();
}
}
/**
@@ -412,10 +321,10 @@ if (AREA == 'admin' || AREA == 'customer') {
)
)
);
$navigation = \Froxlor\UI\HTML::buildNavigation($navigation_data['admin'], $userinfo);
$navigation = \Froxlor\UI\HTML::buildNavigation($navigation_data['admin'], CurrentUser::getData());
} else {
$navigation_data = \Froxlor\PhpHelper::loadConfigArrayDir('lib/navigation/');
$navigation = \Froxlor\UI\HTML::buildNavigation($navigation_data[AREA], $userinfo);
$navigation = \Froxlor\UI\HTML::buildNavigation($navigation_data[AREA], CurrentUser::getData());
}
}
UI::twig()->addGlobal('nav_entries', $navigation);
@@ -444,34 +353,16 @@ UI::twig()->addGlobal('theme_css', $css);
unset($js);
unset($css);
/**
* @TODO
*
$panel_imprint_url = Settings::Get('panel.imprint_url');
if (!empty($panel_imprint_url) && strtolower(substr($panel_imprint_url, 0, 4)) != 'http') {
$panel_imprint_url = 'https://' . $panel_imprint_url;
}
$panel_terms_url = Settings::Get('panel.terms_url');
if (!empty($panel_terms_url) && strtolower(substr($panel_terms_url, 0, 4)) != 'http') {
$panel_terms_url = 'https://' . $panel_terms_url;
}
$panel_privacy_url = Settings::Get('panel.privacy_url');
if (!empty($panel_privacy_url) && strtolower(substr($panel_privacy_url, 0, 4)) != 'http') {
$panel_privacy_url = 'https://' . $panel_privacy_url;
}
*/
$action = Request::get('action');
$page = Request::get('page', 'overview');
// clear request data
if (!$action && isset($_SESSION)) {
unset($_SESSION['requestData']);
unset($_SESSION['requestData']);
}
UI::twig()->addGlobal('action', $action);
UI::twig()->addGlobal('page', $page);
UI::twig()->addGlobal('s', $s);
/**
* Initialize the mailingsystem

2
lib/tablelisting/admin/tablelisting.admins.php
View File

@@ -19,6 +19,7 @@
use Froxlor\UI\Callbacks\ProgressBar;
use Froxlor\UI\Callbacks\Style;
use Froxlor\UI\Callbacks\Text;
use Froxlor\UI\Callbacks\Impersonate;
use Froxlor\UI\Listing;
return [
@@ -34,6 +35,7 @@ return [
'loginname' => [
'label' => $lng['login']['username'],
'field' => 'loginname',
'callback' => [Impersonate::class, 'admin'],
'sortable' => true,
],
'name' => [

2
lib/tablelisting/admin/tablelisting.customers.php
View File

@@ -40,7 +40,7 @@ return [
],
'a.loginname' => [
'label' => $lng['admin']['admin'],
'field' => 'admin.loginname',
'field' => 'adminname',
'callback' => [Impersonate::class, 'admin'],
],
'c.email' => [

1
lib/tables.inc.php
View File

@@ -31,7 +31,6 @@ const TABLE_PANEL_DATABASES = 'panel_databases';
const TABLE_PANEL_DOMAINS = 'panel_domains';
const TABLE_PANEL_HTACCESS = 'panel_htaccess';
const TABLE_PANEL_HTPASSWDS = 'panel_htpasswds';
const TABLE_PANEL_SESSIONS = 'panel_sessions';
const TABLE_PANEL_SETTINGS = 'panel_settings';
const TABLE_PANEL_TASKS = 'panel_tasks';
const TABLE_PANEL_TEMPLATES = 'panel_templates';