get rid of session variable in URL

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>

admin_admins.php

@@ -62,33 +62,14 @@ if ($page == 'admins' && $userinfo['change_serversettings'] == '1') {
 		$destination_admin = $result['loginname'];
 
 		if ($destination_admin != '' && $result['adminid'] != $userinfo['userid']) {
-			$result_stmt = Database::prepare("
-				SELECT * FROM `" . TABLE_PANEL_SESSIONS . "` WHERE `userid` = :userid
-			");
-			$result = Database::pexecute_first($result_stmt, array(
-				'userid' => $userinfo['userid']
-			));
 
-			$s = \Froxlor\Froxlor::genSessionId();
+			$result['switched_user'] = \Froxlor\CurrentUser::getData();
-			$ins_stmt = Database::prepare("
+			$result['adminsession'] = 1;
-				INSERT INTO `" . TABLE_PANEL_SESSIONS . "` SET
+			$result['userid'] = $result['adminid'];
-				`hash` = :hash, `userid` = :userid, `ipaddress` = :ip,
+			\Froxlor\CurrentUser::setData($result);
-				`useragent` = :ua, `lastactivity` = :la,
+
-				`language` = :lang, `adminsession` = '1'
-			");
-			$ins_data = array(
-				'hash' => $s,
-				'userid' => $id,
-				'ip' => $result['ipaddress'],
-				'ua' => $result['useragent'],
-				'la' => time(),
-				'lang' => $result['language']
-			);
-			Database::pexecute($ins_stmt, $ins_data);
 			$log->logAction(\Froxlor\FroxlorLogger::ADM_ACTION, LOG_INFO, "switched adminuser and is now '" . $destination_admin . "'");
-			\Froxlor\UI\Response::redirectTo('admin_index.php', array(
+			\Froxlor\UI\Response::redirectTo('admin_index.php');
-				's' => $s
-			));
 		} else {
 			\Froxlor\UI\Response::redirectTo('index.php', array(
 				'action' => 'login'
@@ -114,8 +95,7 @@ if ($page == 'admins' && $userinfo['change_serversettings'] == '1') {
 					'id' => $id
 				))->delete();
 				\Froxlor\UI\Response::redirectTo($filename, array(
-					'page' => $page,
+					'page' => $page
-					's' => $s
 				));
 			} else {
 				\Froxlor\UI\HTML::askYesNo('admin_admin_reallydelete', $filename, array(
@@ -134,8 +114,7 @@ if ($page == 'admins' && $userinfo['change_serversettings'] == '1') {
 				\Froxlor\UI\Response::dynamic_error($e->getMessage());
 			}
 			\Froxlor\UI\Response::redirectTo($filename, array(
-				'page' => $page,
+				'page' => $page
-				's' => $s
 			));
 		} else {
 
@@ -175,8 +154,7 @@ if ($page == 'admins' && $userinfo['change_serversettings'] == '1') {
 					\Froxlor\UI\Response::dynamic_error($e->getMessage());
 				}
 				\Froxlor\UI\Response::redirectTo($filename, array(
-					'page' => $page,
+					'page' => $page
-					's' => $s
 				));
 			} else {
 

admin_autoupdate.php

@@ -31,7 +31,6 @@ define('CHECKSUM_URI', "https://autoupdate.froxlor.org/froxlor-{version}.zip.sha
 // check for archive-stuff
 if (!extension_loaded('zip')) {
 	\Froxlor\UI\Response::redirectTo($filename, array(
-		's' => $s,
 		'page' => 'error',
 		'errno' => 2
 	));
@@ -40,7 +39,6 @@ if (! extension_loaded('zip')) {
 // 0.11.x requires 7.4 at least
 if (version_compare("7.4.0", PHP_VERSION, ">=")) {
 	\Froxlor\UI\Response::redirectTo($filename, array(
-		's' => $s,
 		'page' => 'error',
 		'errno' => 10
 	));
@@ -76,7 +74,6 @@ if ($page == 'overview') {
 			// check for customized version to not output
 			// "There is a newer version of froxlor" besides the error-message
 			\Froxlor\UI\Response::redirectTo($filename, array(
-				's' => $s,
 				'page' => 'error',
 				'errno' => 3
 			));
@@ -136,7 +133,6 @@ elseif ($page == 'getdownload') {
 			HttpClient::fileGet($toLoad, $localArchive);
 		} catch (Exception $e) {
 			\Froxlor\UI\Response::redirectTo($filename, array(
-				's' => $s,
 				'page' => 'error',
 				'errno' => 4
 			));
@@ -154,7 +150,6 @@ elseif ($page == 'getdownload') {
 
 		if ($filesum != $shouldsum) {
 			\Froxlor\UI\Response::redirectTo($filename, array(
-				's' => $s,
 				'page' => 'error',
 				'errno' => 9
 			));
@@ -162,13 +157,11 @@ elseif ($page == 'getdownload') {
 
 		// to the next step
 		\Froxlor\UI\Response::redirectTo($filename, array(
-			's' => $s,
 			'page' => 'extract',
 			'archive' => basename($localArchive)
 		));
 	}
 	\Froxlor\UI\Response::redirectTo($filename, array(
-		's' => $s,
 		'page' => 'error',
 		'errno' => 6
 	));
@@ -193,21 +186,17 @@ elseif ($page == 'extract') {
 		} else {
 			// error
 			\Froxlor\UI\Response::redirectTo($filename, array(
-				's' => $s,
 				'page' => 'error',
 				'errno' => 8
 			));
 		}
 
 		// redirect to update-page?
-		\Froxlor\UI\Response::redirectTo('admin_updates.php', array(
+		\Froxlor\UI\Response::redirectTo('admin_updates.php');
-			's' => $s
-		));
 	}
 
 	if (!file_exists($localArchive)) {
 		\Froxlor\UI\Response::redirectTo($filename, array(
-			's' => $s,
 			'page' => 'error',
 			'errno' => 7
 		));
@@ -231,6 +220,6 @@ elseif ($page == 'error') {
 	// 7 = local archive does not exist
 	// 8 = could not extract archive
 	// 9 = checksum mismatch
-	// 10 = <php-7.0
+	// 10 = <php-7.4
 	\Froxlor\UI\Response::standard_error('autoupdate_' . $errno);
 }

admin_configfiles.php

@@ -25,9 +25,7 @@ if ($userinfo['change_serversettings'] == '1') {
 
 	if ($action == 'setconfigured') {
 		Settings::Set('panel.is_configured', '1', true);
-		\Froxlor\UI\Response::redirectTo('admin_configfiles.php', array(
+		\Froxlor\UI\Response::redirectTo('admin_configfiles.php');
-			's' => $s
-		));
 	}
 
 	$customer_tmpdir = '/tmp/';
@@ -260,9 +258,7 @@ if ($userinfo['change_serversettings'] == '1') {
 		eval("echo \"" . \Froxlor\UI\Template::getTemplate("configfiles/wizard") . "\";");
 	}
 } else {
-	\Froxlor\UI\Response::redirectTo('admin_index.php', array(
+	\Froxlor\UI\Response::redirectTo('admin_index.php');
-		's' => $s
-	));
 }
 
 // helper functions

admin_cronjobs.php

@@ -64,8 +64,7 @@ if ($page == 'cronjobs' || $page == 'overview') {
 					\Froxlor\UI\Response::dynamic_error($e->getMessage());
 				}
 				\Froxlor\UI\Response::redirectTo($filename, array(
-					'page' => $page,
+					'page' => $page
-					's' => $s
 				));
 			} else {
 

admin_customers.php

@@ -35,8 +35,10 @@ if ($page == 'customers' && $userinfo['customers'] != '0') {
 		try {
 			$customer_list_data = include_once dirname(__FILE__) . '/lib/tablelisting/admin/tablelisting.customers.php';
 			$collection = (new \Froxlor\UI\Collection(\Froxlor\Api\Commands\Customers::class, $userinfo, ['show_usages' => true]))
-				->has('admin', \Froxlor\Api\Commands\Admins::class, 'adminid', 'adminid')
 				->withPagination($customer_list_data['customer_list']['columns']);
+			if ($userinfo['change_serversettings']) {
+				$collection->has('admin', \Froxlor\Api\Commands\Admins::class, 'adminid', 'adminid');
+			}
 		} catch (Exception $e) {
 			\Froxlor\UI\Response::dynamic_error($e->getMessage());
 		}
@@ -71,33 +73,12 @@ if ($page == 'customers' && $userinfo['customers'] != '0') {
 			if ($result['deactivated'] == '1') {
 				\Froxlor\UI\Response::standard_error("usercurrentlydeactivated", $destination_user);
 			}
-			$result_stmt = Database::prepare("
-				SELECT * FROM `" . TABLE_PANEL_SESSIONS . "`
-				WHERE `userid` = :id
-				AND `hash` = :hash");
-			$result = Database::pexecute_first($result_stmt, array(
-				'id' => $userinfo['userid'],
-				'hash' => $s
-			));
 
-			$s = \Froxlor\Froxlor::genSessionId();
+			$result['switched_user'] = \Froxlor\CurrentUser::getData();
-			$insert = Database::prepare("
+			$result['adminsession'] = 0;
-				INSERT INTO `" . TABLE_PANEL_SESSIONS . "` SET
+			$result['userid'] = $result['customerid'];
-					`hash` = :hash,
+			\Froxlor\CurrentUser::setData($result);
-					`userid` = :id,
+
-					`ipaddress` = :ip,
-					`useragent` = :ua,
-					`lastactivity` = :lastact,
-					`language` = :lang,
-					`adminsession` = '0'");
-			Database::pexecute($insert, array(
-				'hash' => $s,
-				'id' => $id,
-				'ip' => $result['ipaddress'],
-				'ua' => $result['useragent'],
-				'lastact' => time(),
-				'lang' => $result['language']
-			));
 			$log->logAction(\Froxlor\FroxlorLogger::ADM_ACTION, LOG_INFO, "switched user and is now '" . $destination_user . "'");
 
 			$target = (isset($_GET['target']) ? $_GET['target'] : 'index');
@@ -105,9 +86,7 @@ if ($page == 'customers' && $userinfo['customers'] != '0') {
 			if (!file_exists(\Froxlor\Froxlor::getInstallDir() . "/" . $redirect)) {
 				$redirect = "customer_index.php";
 			}
-			\Froxlor\UI\Response::redirectTo($redirect, array(
+			\Froxlor\UI\Response::redirectTo($redirect, null, true);
-				's' => $s
-			), true);
 		} else {
 			\Froxlor\UI\Response::redirectTo('index.php', array(
 				'action' => 'login'
@@ -132,8 +111,7 @@ if ($page == 'customers' && $userinfo['customers'] != '0') {
 				\Froxlor\UI\Response::dynamic_error($e->getMessage());
 			}
 			\Froxlor\UI\Response::redirectTo($filename, array(
-				'page' => $page,
+				'page' => $page
-				's' => $s
 			));
 		} else {
 			\Froxlor\UI\HTML::askYesNo('customer_reallyunlock', $filename, array(
@@ -162,8 +140,7 @@ if ($page == 'customers' && $userinfo['customers'] != '0') {
 				\Froxlor\UI\Response::dynamic_error($e->getMessage());
 			}
 			\Froxlor\UI\Response::redirectTo($filename, array(
-				'page' => $page,
+				'page' => $page
-				's' => $s
 			));
 		} else {
 			\Froxlor\UI\HTML::askYesNoWithCheckbox('admin_customer_reallydelete', 'admin_customer_alsoremovefiles', $filename, array(
@@ -181,8 +158,7 @@ if ($page == 'customers' && $userinfo['customers'] != '0') {
 				\Froxlor\UI\Response::dynamic_error($e->getMessage());
 			}
 			\Froxlor\UI\Response::redirectTo($filename, array(
-				'page' => $page,
+				'page' => $page
-				's' => $s
 			));
 		} else {
 
@@ -248,8 +224,7 @@ if ($page == 'customers' && $userinfo['customers'] != '0') {
 					\Froxlor\UI\Response::dynamic_error($e->getMessage());
 				}
 				\Froxlor\UI\Response::redirectTo($filename, array(
-					'page' => $page,
+					'page' => $page
-					's' => $s
 				));
 			} else {
 

admin_domains.php

@@ -92,8 +92,7 @@ if ($page == 'domains' || $page == 'overview') {
 				}
 
 				\Froxlor\UI\Response::redirectTo($filename, array(
-					'page' => $page,
+					'page' => $page
-					's' => $s
 				));
 			} elseif ($alias_check['count'] > 0) {
 				\Froxlor\UI\Response::standard_error('domains_cantdeletedomainwithaliases');
@@ -119,8 +118,7 @@ if ($page == 'domains' || $page == 'overview') {
 				\Froxlor\UI\Response::dynamic_error($e->getMessage());
 			}
 			\Froxlor\UI\Response::redirectTo($filename, array(
-				'page' => $page,
+				'page' => $page
-				's' => $s
 			));
 		} else {
 
@@ -376,8 +374,7 @@ if ($page == 'domains' || $page == 'overview') {
 					\Froxlor\UI\Response::dynamic_error($e->getMessage());
 				}
 				\Froxlor\UI\Response::redirectTo($filename, array(
-					'page' => $page,
+					'page' => $page
-					's' => $s
 				));
 			} else {
 

admin_index.php

@@ -32,25 +32,25 @@ $id = (int) Request::get('id');
 if ($action == 'logout') {
 
 	$log->logAction(\Froxlor\FroxlorLogger::ADM_ACTION, LOG_NOTICE, "logged out");
-
+	unset($_SESSION['userinfo']);
-	$params = array(
+	\Froxlor\CurrentUser::setData();
-		'adminid' => (int) $userinfo['adminid']
+	session_destroy();
-	);
-
-	if (Settings::Get('session.allow_multiple_login') == '1') {
-		$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_SESSIONS . "`
-			WHERE `userid` = :adminid
-			AND `adminsession` = '1'
-			AND `hash` = :hash");
-		$params['hash'] = $s;
-	} else {
-		$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_SESSIONS . "`
-			WHERE `userid` = :adminid
-			AND `adminsession` = '1'");
-	}
-	Database::pexecute($stmt, $params);
 
 	\Froxlor\UI\Response::redirectTo('index.php');
+} elseif ($action == 'suback') {
+	if (is_array(\Froxlor\CurrentUser::getField('switched_user'))) {
+		$result = \Froxlor\CurrentUser::getData();
+		$result = $result['switched_user'];
+		\Froxlor\CurrentUser::setData($result);
+		$target = (isset($_GET['target']) ? $_GET['target'] : 'index');
+		$redirect = "admin_" . $target . ".php";
+		if (!file_exists(\Froxlor\Froxlor::getInstallDir() . "/" . $redirect)) {
+			$redirect = "admin_index.php";
+		}
+		\Froxlor\UI\Response::redirectTo($redirect, null, true);
+	} else {
+		\Froxlor\UI\Response::dynamic_error("Cannot change back - You've never switched to another user :-)");
+	}
 }
 
 if ($page == 'overview') {
@@ -114,7 +114,7 @@ if ($page == 'overview') {
 		$isnewerversion = $result['isnewerversion'];
 	} else {
 		$lookfornewversion_lable = $lng['admin']['lookfornewversion']['clickhere'];
-		$lookfornewversion_link = htmlspecialchars($filename . '?s=' . urlencode($s) . '&page=' . urlencode($page) . '&lookfornewversion=yes');
+		$lookfornewversion_link = htmlspecialchars($filename . '?page=' . urlencode($page) . '&lookfornewversion=yes');
 		$lookfornewversion_message = '';
 		$lookfornewversion_addinfo = '';
 		$isnewerversion = 0;
@@ -229,9 +229,7 @@ if ($page == 'overview') {
 				\Froxlor\UI\Response::dynamic_error($e->getMessage());
 			}
 			$log->logAction(\Froxlor\FroxlorLogger::ADM_ACTION, LOG_NOTICE, 'changed password');
-			\Froxlor\UI\Response::redirectTo($filename, Array(
+			\Froxlor\UI\Response::redirectTo($filename);
-				's' => $s
-			));
 		}
 	} else {
 		UI::twigBuffer('user/change_password.html.twig');
@@ -251,21 +249,9 @@ if ($page == 'overview') {
 			} catch (Exception $e) {
 				\Froxlor\UI\Response::dynamic_error($e->getMessage());
 			}
-
-			// also update current session
-			$lng_stmt = Database::prepare("
-				UPDATE `" . TABLE_PANEL_SESSIONS . "`
-				SET `language`= :lng
-				WHERE `hash`= :hash");
-			Database::pexecute($lng_stmt, array(
-				'lng' => $def_language,
-				'hash' => $s
-			));
 		}
 		$log->logAction(\Froxlor\FroxlorLogger::ADM_ACTION, LOG_NOTICE, "changed his/her default language to '" . $def_language . "'");
-		\Froxlor\UI\Response::redirectTo($filename, array(
+		\Froxlor\UI\Response::redirectTo($filename);
-			's' => $s
-		));
 	} else {
 
 		$language_options = '';
@@ -294,20 +280,8 @@ if ($page == 'overview') {
 			\Froxlor\UI\Response::dynamic_error($e->getMessage());
 		}
 
-		// also update current session
-		$theme_stmt = Database::prepare("
-				UPDATE `" . TABLE_PANEL_SESSIONS . "`
-				SET `theme`= :theme
-				WHERE `hash`= :hash");
-		Database::pexecute($theme_stmt, array(
-			'theme' => $theme,
-			'hash' => $s
-		));
-
 		$log->logAction(\Froxlor\FroxlorLogger::ADM_ACTION, LOG_NOTICE, "changed his/her theme to '" . $theme . "'");
-		\Froxlor\UI\Response::redirectTo($filename, array(
+		\Froxlor\UI\Response::redirectTo($filename);
-			's' => $s
-		));
 	} else {
 
 		$theme_options = '';
@@ -386,22 +360,16 @@ if ($page == 'overview') {
 
 				// finally remove error from fs
 				@unlink($err_file);
-				\Froxlor\UI\Response::redirectTo($filename, array(
+				\Froxlor\UI\Response::redirectTo($filename);
-					's' => $s
-				));
 			}
 			// show a nice summary of the error-report
 			// before actually sending anything
 			eval("echo \"" . \Froxlor\UI\Template::getTemplate("index/send_error_report") . "\";");
 		} else {
-			\Froxlor\UI\Response::redirectTo($filename, array(
+			\Froxlor\UI\Response::redirectTo($filename);
-				's' => $s
-			));
 		}
 	} else {
-		\Froxlor\UI\Response::redirectTo($filename, array(
+		\Froxlor\UI\Response::redirectTo($filename);
-			's' => $s
-		));
 	}
 } elseif ($page == 'apikeys' && Settings::Get('api.enabled') == 1) {
 	require_once __DIR__ . '/api_keys.php';

admin_ipsandports.php

@@ -68,8 +68,7 @@ if ($page == 'ipsandports' || $page == 'overview') {
 				}
 
 				\Froxlor\UI\Response::redirectTo($filename, array(
-					'page' => $page,
+					'page' => $page
-					's' => $s
 				));
 			} else {
 				\Froxlor\UI\HTML::askYesNo('admin_ip_reallydelete', $filename, array(
@@ -87,8 +86,7 @@ if ($page == 'ipsandports' || $page == 'overview') {
 				\Froxlor\UI\Response::dynamic_error($e->getMessage());
 			}
 			\Froxlor\UI\Response::redirectTo($filename, array(
-				'page' => $page,
+				'page' => $page
-				's' => $s
 			));
 		} else {
 
@@ -119,8 +117,7 @@ if ($page == 'ipsandports' || $page == 'overview') {
 					\Froxlor\UI\Response::dynamic_error($e->getMessage());
 				}
 				\Froxlor\UI\Response::redirectTo($filename, array(
-					'page' => $page,
+					'page' => $page
-					's' => $s
 				));
 			} else {
 

admin_logger.php

@@ -55,8 +55,7 @@ if ($page == 'log' && $userinfo['change_serversettings'] == '1') {
 				\Froxlor\UI\Response::dynamic_error($e->getMessage());
 			}
 			\Froxlor\UI\Response::redirectTo($filename, array(
-				'page' => $page,
+				'page' => $page
-				's' => $s
 			));
 		} else {
 			\Froxlor\UI\HTML::askYesNo('logger_reallytruncate', $filename, array(

admin_message.php

@@ -87,7 +87,6 @@ if ($page == 'message') {
 
 				\Froxlor\UI\Response::redirectTo($filename, array(
 					'page' => $page,
-					's' => $s,
 					'action' => 'showsuccess',
 					'sentitems' => $mailcounter
 				));

admin_phpsettings.php

@@ -61,8 +61,7 @@ if ($page == 'overview') {
 					\Froxlor\UI\Response::dynamic_error($e->getMessage());
 				}
 				\Froxlor\UI\Response::redirectTo($filename, array(
-					'page' => $page,
+					'page' => $page
-					's' => $s
 				));
 			} else {
 
@@ -119,8 +118,7 @@ if ($page == 'overview') {
 					\Froxlor\UI\Response::dynamic_error($e->getMessage());
 				}
 				\Froxlor\UI\Response::redirectTo($filename, array(
-					'page' => $page,
+					'page' => $page
-					's' => $s
 				));
 			} else {
 				\Froxlor\UI\HTML::askYesNo('phpsetting_reallydelete', $filename, array(
@@ -154,8 +152,7 @@ if ($page == 'overview') {
 					\Froxlor\UI\Response::dynamic_error($e->getMessage());
 				}
 				\Froxlor\UI\Response::redirectTo($filename, array(
-					'page' => $page,
+					'page' => $page
-					's' => $s
 				));
 			} else {
 
@@ -211,8 +208,7 @@ if ($page == 'overview') {
 					\Froxlor\UI\Response::dynamic_error($e->getMessage());
 				}
 				\Froxlor\UI\Response::redirectTo($filename, array(
-					'page' => $page,
+					'page' => $page
-					's' => $s
 				));
 			} else {
 
@@ -253,8 +249,7 @@ if ($page == 'overview') {
 					\Froxlor\UI\Response::dynamic_error($e->getMessage());
 				}
 				\Froxlor\UI\Response::redirectTo($filename, array(
-					'page' => $page,
+					'page' => $page
-					's' => $s
 				));
 			} else {
 				\Froxlor\UI\HTML::askYesNo('fpmsetting_reallydelete', $filename, array(
@@ -288,8 +283,7 @@ if ($page == 'overview') {
 					\Froxlor\UI\Response::dynamic_error($e->getMessage());
 				}
 				\Froxlor\UI\Response::redirectTo($filename, array(
-					'page' => $page,
+					'page' => $page
-					's' => $s
 				));
 			} else {
 

admin_plans.php

@@ -71,8 +71,7 @@ if ($page == '' || $page == 'overview') {
 				}
 
 				\Froxlor\UI\Response::redirectTo($filename, array(
-					'page' => $page,
+					'page' => $page
-					's' => $s
 				));
 			} else {
 				\Froxlor\UI\HTML::askYesNo('plan_reallydelete', $filename, array(
@@ -93,8 +92,7 @@ if ($page == '' || $page == 'overview') {
 				\Froxlor\UI\Response::dynamic_error($e->getMessage());
 			}
 			\Froxlor\UI\Response::redirectTo($filename, array(
-				'page' => $page,
+				'page' => $page
-				's' => $s
 			));
 		} else {
 
@@ -164,8 +162,7 @@ if ($page == '' || $page == 'overview') {
 					\Froxlor\UI\Response::dynamic_error($e->getMessage());
 				}
 				\Froxlor\UI\Response::redirectTo($filename, array(
-					'page' => $page,
+					'page' => $page
-					's' => $s
 				));
 			} else {
 

admin_settings.php

@@ -191,9 +191,7 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
 		$log->logAction(\Froxlor\FroxlorLogger::ADM_ACTION, LOG_WARNING, "wiped all cleartext mail passwords");
 		Database::query("UPDATE `" . TABLE_MAIL_USERS . "` SET `password` = '';");
 		Database::query("UPDATE `" . TABLE_PANEL_SETTINGS . "` SET `value` = '0' WHERE `settinggroup` = 'system' AND `varname` = 'mailpwcleartext'");
-		\Froxlor\UI\Response::redirectTo($filename, array(
+		\Froxlor\UI\Response::redirectTo($filename);
-			's' => $s
-		));
 	} else {
 		\Froxlor\UI\HTML::askYesNo('admin_cleartextmailpws_reallywipe', $filename, array(
 			'page' => $page
@@ -208,9 +206,7 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
 		// Set the quota to 0 which means unlimited
 		Database::query("UPDATE `" . TABLE_MAIL_USERS . "` SET `quota` = '0';");
 		Database::query("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `email_quota_used` = '0'");
-		\Froxlor\UI\Response::redirectTo($filename, array(
+		\Froxlor\UI\Response::redirectTo($filename);
-			's' => $s
-		));
 	} else {
 		\Froxlor\UI\HTML::askYesNo('admin_quotas_reallywipe', $filename, array(
 			'page' => $page
@@ -249,9 +245,7 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
 		// Update the Customer, if the used quota is bigger than the allowed quota
 		Database::query("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `email_quota` = `email_quota_used` WHERE `email_quota` < `email_quota_used`");
 		$log->logAction(\Froxlor\FroxlorLogger::ADM_ACTION, LOG_WARNING, 'enforcing mailquota to all customers: ' . Settings::Get('system.mail_quota') . ' MB');
-		\Froxlor\UI\Response::redirectTo($filename, array(
+		\Froxlor\UI\Response::redirectTo($filename);
-			's' => $s
-		));
 	} else {
 		\Froxlor\UI\HTML::askYesNo('admin_quotas_reallyenforce', $filename, array(
 			'page' => $page

admin_templates.php

@@ -174,8 +174,7 @@ if ($action == '') {
 			));
 			$log->logAction(\Froxlor\FroxlorLogger::ADM_ACTION, LOG_INFO, "deleted template '" . $result['language'] . ' - ' . $lng['admin']['templates'][str_replace('_subject', '', $result['varname'])] . "'");
 			\Froxlor\UI\Response::redirectTo($filename, array(
-				'page' => $page,
+				'page' => $page
-				's' => $s
 			));
 		} else {
 			\Froxlor\UI\HTML::askYesNo('admin_template_reallydelete', $filename, array(
@@ -210,8 +209,7 @@ if ($action == '') {
 			));
 			$log->logAction(\Froxlor\FroxlorLogger::ADM_ACTION, LOG_INFO, "deleted template '" . $lng['admin']['templates'][$row['varname']] . "'");
 			\Froxlor\UI\Response::redirectTo($filename, array(
-				'page' => $page,
+				'page' => $page
-				's' => $s
 			));
 		} else {
 			\Froxlor\UI\HTML::askYesNo('admin_template_reallydelete', $filename, array(
@@ -319,8 +317,7 @@ if ($action == '') {
 
 			$log->logAction(\Froxlor\FroxlorLogger::ADM_ACTION, LOG_INFO, "added template '" . $language . ' - ' . $template . "'");
 			\Froxlor\UI\Response::redirectTo($filename, array(
-				'page' => $page,
+				'page' => $page
-				's' => $s
 			));
 		}
 	} elseif (isset($_POST['filesend']) && $_POST['filesend'] == 'filesend') {
@@ -345,8 +342,7 @@ if ($action == '') {
 
 		$log->logAction(\Froxlor\FroxlorLogger::ADM_ACTION, LOG_INFO, "added template '" . $template . "'");
 		\Froxlor\UI\Response::redirectTo($filename, array(
-			'page' => $page,
+			'page' => $page
-			's' => $s
 		));
 	} elseif (!isset($_GET['files'])) {
 
@@ -487,8 +483,7 @@ if ($action == '') {
 
 			$log->logAction(\Froxlor\FroxlorLogger::ADM_ACTION, LOG_INFO, "edited template '" . $result['varname'] . "'");
 			\Froxlor\UI\Response::redirectTo($filename, array(
-				'page' => $page,
+				'page' => $page
-				's' => $s
 			));
 		} else {
 
@@ -550,8 +545,7 @@ if ($action == '') {
 
 			$log->logAction(\Froxlor\FroxlorLogger::ADM_ACTION, LOG_INFO, "edited template '" . $row['varname'] . "'");
 			\Froxlor\UI\Response::redirectTo($filename, array(
-				'page' => $page,
+				'page' => $page
-				's' => $s
 			));
 		} else {
 			$row = \Froxlor\PhpHelper::htmlentitiesArray($row);

admin_updates.php

@@ -62,7 +62,7 @@ if ($page == 'overview') {
 
 				include_once \Froxlor\Froxlor::getInstallDir() . 'install/updatesql.php';
 
-				$redirect_url = 'admin_index.php?s=' . $s;
+				$redirect_url = 'admin_index.php';
 				eval("echo \"" . \Froxlor\UI\Template::getTemplate('update/update_end') . "\";");
 
 				\Froxlor\User::updateCounters();
@@ -107,7 +107,7 @@ if ($page == 'overview') {
 		}
 	} else {
 		$success_message = $lng['update']['noupdatesavail'];
-		$redirect_url = 'admin_index.php?s=' . $s;
+		$redirect_url = 'admin_index.php';
 		eval("echo \"" . \Froxlor\UI\Template::getTemplate('update/noupdatesavail') . "\";");
 	}
 }

customer_domains.php

@@ -86,8 +86,7 @@ if ($page == 'overview' || $page == 'domains') {
 					\Froxlor\UI\Response::dynamic_error($e->getMessage());
 				}
 				\Froxlor\UI\Response::redirectTo($filename, array(
-					'page' => $page,
+					'page' => $page
-					's' => $s
 				));
 			} else {
 				\Froxlor\UI\HTML::askYesNo('domains_reallydelete', $filename, array(
@@ -108,8 +107,7 @@ if ($page == 'overview' || $page == 'domains') {
 					\Froxlor\UI\Response::dynamic_error($e->getMessage());
 				}
 				\Froxlor\UI\Response::redirectTo($filename, array(
-					'page' => $page,
+					'page' => $page
-					's' => $s
 				));
 			} else {
 				$stmt = Database::prepare("SELECT `id`, `domain`, `documentroot`, `ssl_redirect`,`isemaildomain`,`letsencrypt` FROM `" . TABLE_PANEL_DOMAINS . "`
@@ -217,8 +215,7 @@ if ($page == 'overview' || $page == 'domains') {
 					\Froxlor\UI\Response::dynamic_error($e->getMessage());
 				}
 				\Froxlor\UI\Response::redirectTo($filename, array(
-					'page' => $page,
+					'page' => $page
-					's' => $s
 				));
 			} else {
 				$result['domain'] = $idna_convert->decode($result['domain']);
@@ -385,8 +382,7 @@ if ($page == 'overview' || $page == 'domains') {
 			}
 			// back to domain overview
 			\Froxlor\UI\Response::redirectTo($filename, array(
-				'page' => 'domains',
+				'page' => 'domains'
-				's' => $s
 			));
 		}
 

customer_email.php

@@ -91,8 +91,7 @@ if ($page == 'overview' || $page == 'emails') {
 					\Froxlor\UI\Response::dynamic_error($e->getMessage());
 				}
 				\Froxlor\UI\Response::redirectTo($filename, array(
-					'page' => $page,
+					'page' => $page
-					's' => $s
 				));
 			} else {
 				if ($result['popaccountid'] != '0') {
@@ -119,8 +118,7 @@ if ($page == 'overview' || $page == 'emails') {
 				\Froxlor\UI\Response::redirectTo($filename, array(
 					'page' => $page,
 					'action' => 'edit',
-					'id' => $result['id'],
+					'id' => $result['id']
-					's' => $s
 				));
 			} else {
 				$result_stmt = Database::prepare("SELECT `id`, `domain`, `customerid` FROM `" . TABLE_PANEL_DOMAINS . "`
@@ -225,8 +223,7 @@ if ($page == 'overview' || $page == 'emails') {
 		\Froxlor\UI\Response::redirectTo($filename, array(
 			'page' => $page,
 			'action' => 'edit',
-			'id' => $id,
+			'id' => $id
-			's' => $s
 		));
 	}
 } elseif ($page == 'accounts') {
@@ -250,8 +247,7 @@ if ($page == 'overview' || $page == 'emails') {
 				\Froxlor\UI\Response::redirectTo($filename, array(
 					'page' => 'emails',
 					'action' => 'edit',
-					'id' => $id,
+					'id' => $id
-					's' => $s
 				));
 			} else {
 
@@ -299,8 +295,7 @@ if ($page == 'overview' || $page == 'emails') {
 				\Froxlor\UI\Response::redirectTo($filename, array(
 					'page' => 'emails',
 					'action' => 'edit',
-					'id' => $id,
+					'id' => $id
-					's' => $s
 				));
 			} else {
 				$result['email_full'] = $idna_convert->decode($result['email_full']);
@@ -335,8 +330,7 @@ if ($page == 'overview' || $page == 'emails') {
 				\Froxlor\UI\Response::redirectTo($filename, array(
 					'page' => 'emails',
 					'action' => 'edit',
-					'id' => $id,
+					'id' => $id
-					's' => $s
 				));
 			} else {
 				$result['email_full'] = $idna_convert->decode($result['email_full']);
@@ -371,8 +365,7 @@ if ($page == 'overview' || $page == 'emails') {
 				\Froxlor\UI\Response::redirectTo($filename, array(
 					'page' => 'emails',
 					'action' => 'edit',
-					'id' => $id,
+					'id' => $id
-					's' => $s
 				));
 			} else {
 				\Froxlor\UI\HTML::askYesNoWithCheckbox('email_reallydelete_account', 'admin_customer_alsoremovemail', $filename, array(
@@ -405,8 +398,7 @@ if ($page == 'overview' || $page == 'emails') {
 					\Froxlor\UI\Response::redirectTo($filename, array(
 						'page' => 'emails',
 						'action' => 'edit',
-						'id' => $id,
+						'id' => $id
-						's' => $s
 					));
 				} else {
 					$result['email_full'] = $idna_convert->decode($result['email_full']);
@@ -457,8 +449,7 @@ if ($page == 'overview' || $page == 'emails') {
 					\Froxlor\UI\Response::redirectTo($filename, array(
 						'page' => 'emails',
 						'action' => 'edit',
-						'id' => $id,
+						'id' => $id
-						's' => $s
 					));
 				} else {
 					\Froxlor\UI\HTML::askYesNo('email_reallydelete_forwarder', $filename, array(

customer_extras.php

@@ -81,8 +81,7 @@ if ($page == 'overview' || $page == 'htpasswds') {
 					\Froxlor\UI\Response::dynamic_error($e->getMessage());
 				}
 				\Froxlor\UI\Response::redirectTo($filename, array(
-					'page' => $page,
+					'page' => $page
-					's' => $s
 				));
 			} else {
 				if (strpos($result['path'], $userinfo['documentroot']) === 0) {
@@ -104,8 +103,7 @@ if ($page == 'overview' || $page == 'htpasswds') {
 				\Froxlor\UI\Response::dynamic_error($e->getMessage());
 			}
 			\Froxlor\UI\Response::redirectTo($filename, array(
-				'page' => $page,
+				'page' => $page
-				's' => $s
 			));
 		} else {
 			$pathSelect = \Froxlor\FileDir::makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid']);
@@ -136,8 +134,7 @@ if ($page == 'overview' || $page == 'htpasswds') {
 					\Froxlor\UI\Response::dynamic_error($e->getMessage());
 				}
 				\Froxlor\UI\Response::redirectTo($filename, array(
-					'page' => $page,
+					'page' => $page
-					's' => $s
 				));
 			} else {
 				if (strpos($result['path'], $userinfo['documentroot']) === 0) {
@@ -203,8 +200,7 @@ if ($page == 'overview' || $page == 'htpasswds') {
 					\Froxlor\UI\Response::dynamic_error($e->getMessage());
 				}
 				\Froxlor\UI\Response::redirectTo($filename, array(
-					'page' => $page,
+					'page' => $page
-					's' => $s
 				));
 			} else {
 				\Froxlor\UI\HTML::askYesNo('extras_reallydelete_pathoptions', $filename, array(
@@ -222,8 +218,7 @@ if ($page == 'overview' || $page == 'htpasswds') {
 				\Froxlor\UI\Response::dynamic_error($e->getMessage());
 			}
 			\Froxlor\UI\Response::redirectTo($filename, array(
-				'page' => $page,
+				'page' => $page
-				's' => $s
 			));
 		} else {
 			$pathSelect = \Froxlor\FileDir::makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid']);
@@ -255,8 +250,7 @@ if ($page == 'overview' || $page == 'htpasswds') {
 					\Froxlor\UI\Response::dynamic_error($e->getMessage());
 				}
 				\Froxlor\UI\Response::redirectTo($filename, array(
-					'page' => $page,
+					'page' => $page
-					's' => $s
 				));
 			} else {
 				if (strpos($result['path'], $userinfo['documentroot']) === 0) {
@@ -295,8 +289,7 @@ if ($page == 'overview' || $page == 'htpasswds') {
 			\Froxlor\UI\Response::standard_success('backupaborted');
 			\Froxlor\UI\Response::redirectTo($filename, array(
 				'page' => $page,
-				'action' => '',
+				'action' => ''
-				's' => $s
 			));
 		}
 		if ($action == '') {

customer_ftp.php

@@ -75,8 +75,7 @@ if ($page == 'overview' || $page == 'accounts') {
 					\Froxlor\UI\Response::dynamic_error($e->getMessage());
 				}
 				\Froxlor\UI\Response::redirectTo($filename, array(
-					'page' => $page,
+					'page' => $page
-					's' => $s
 				));
 			} else {
 				\Froxlor\UI\HTML::askYesNoWithCheckbox('ftp_reallydelete', 'admin_customer_alsoremoveftphomedir', $filename, array(
@@ -97,8 +96,7 @@ if ($page == 'overview' || $page == 'accounts') {
 					\Froxlor\UI\Response::dynamic_error($e->getMessage());
 				}
 				\Froxlor\UI\Response::redirectTo($filename, array(
-					'page' => $page,
+					'page' => $page
-					's' => $s
 				));
 			} else {
 				$pathSelect = \Froxlor\FileDir::makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid'], '/');
@@ -153,8 +151,7 @@ if ($page == 'overview' || $page == 'accounts') {
 					\Froxlor\UI\Response::dynamic_error($e->getMessage());
 				}
 				\Froxlor\UI\Response::redirectTo($filename, array(
-					'page' => $page,
+					'page' => $page
-					's' => $s
 				));
 			} else {
 				if (strpos($result['homedir'], $userinfo['documentroot']) === 0) {

customer_index.php

@@ -27,23 +27,25 @@ use Froxlor\UI\Panel\UI;
 if ($action == 'logout') {
 	$log->logAction(\Froxlor\FroxlorLogger::USR_ACTION, LOG_NOTICE, 'logged out');
 
-	$params = array(
+	unset($_SESSION['userinfo']);
-		"customerid" => $userinfo['customerid']
+	\Froxlor\CurrentUser::setData();
-	);
+	session_destroy();
-	if (Settings::Get('session.allow_multiple_login') == '1') {
-		$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_SESSIONS . "`
-			WHERE `userid` = :customerid
-			AND `adminsession` = '0'
-			AND `hash` = :hash");
-		$params["hash"] = $s;
-	} else {
-		$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_SESSIONS . "`
-			WHERE `userid` = :customerid
-			AND `adminsession` = '0'");
-	}
-	Database::pexecute($stmt, $params);
 
 	\Froxlor\UI\Response::redirectTo('index.php');
+} elseif ($action == 'suback') {
+	if (is_array(\Froxlor\CurrentUser::getField('switched_user'))) {
+		$result = \Froxlor\CurrentUser::getData();
+		$result = $result['switched_user'];
+		\Froxlor\CurrentUser::setData($result);
+		$target = (isset($_GET['target']) ? $_GET['target'] : 'index');
+		$redirect = "admin_" . $target . ".php";
+		if (!file_exists(\Froxlor\Froxlor::getInstallDir() . "/" . $redirect)) {
+			$redirect = "admin_index.php";
+		}
+		\Froxlor\UI\Response::redirectTo($redirect, null, true);
+	} else {
+		\Froxlor\UI\Response::dynamic_error("Cannot change back - You've never switched to another user :-)");
+	}
 }
 
 if ($page == 'overview') {
@@ -109,7 +111,6 @@ if ($page == 'overview') {
 		'stdsubdomain' => $stdsubdomain
 	]);
 	UI::twigOutputBuffer();
-
 } elseif ($page == 'change_password') {
 
 	if (isset($_POST['send']) && $_POST['send'] == 'send') {
@@ -187,9 +188,7 @@ if ($page == 'overview') {
 				Database::pexecute($stmt, $params);
 			}
 
-			\Froxlor\UI\Response::redirectTo($filename, array(
+			\Froxlor\UI\Response::redirectTo($filename);
-				's' => $s
-			));
 		}
 	} else {
 		eval("echo \"" . \Froxlor\UI\Template::getTemplate('index/change_password') . "\";");
@@ -207,19 +206,9 @@ if ($page == 'overview') {
 				\Froxlor\UI\Response::dynamic_error($e->getMessage());
 			}
 
-			// also update current session
-			$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_SESSIONS . "`
-				SET `language` = :lang
-				WHERE `hash` = :hash");
-			Database::pexecute($stmt, array(
-				"lang" => $def_language,
-				"hash" => $s
-			));
 		}
 		$log->logAction(\Froxlor\FroxlorLogger::USR_ACTION, LOG_NOTICE, "changed default language to '" . $def_language . "'");
-		\Froxlor\UI\Response::redirectTo($filename, array(
+		\Froxlor\UI\Response::redirectTo($filename);
-			's' => $s
-		));
 	} else {
 		$default_lang = Settings::Get('panel.standardlanguage');
 		if ($userinfo['def_language'] != '') {
@@ -245,19 +234,8 @@ if ($page == 'overview') {
 			\Froxlor\UI\Response::dynamic_error($e->getMessage());
 		}
 
-		// also update current session
-		$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_SESSIONS . "`
-			SET `theme` = :theme
-			WHERE `hash` = :hash");
-		Database::pexecute($stmt, array(
-			"theme" => $theme,
-			"hash" => $s
-		));
-
 		$log->logAction(\Froxlor\FroxlorLogger::USR_ACTION, LOG_NOTICE, "changed default theme to '" . $theme . "'");
-		\Froxlor\UI\Response::redirectTo($filename, array(
+		\Froxlor\UI\Response::redirectTo($filename);
-			's' => $s
-		));
 	} else {
 		$default_theme = Settings::Get('panel.default_theme');
 		if ($userinfo['theme'] != '') {
@@ -333,22 +311,16 @@ if ($page == 'overview') {
 
 				// finally remove error from fs
 				@unlink($err_file);
-				\Froxlor\UI\Response::redirectTo($filename, array(
+				\Froxlor\UI\Response::redirectTo($filename);
-					's' => $s
-				));
 			}
 			// show a nice summary of the error-report
 			// before actually sending anything
 			eval("echo \"" . \Froxlor\UI\Template::getTemplate("index/send_error_report") . "\";");
 		} else {
-			\Froxlor\UI\Response::redirectTo($filename, array(
+			\Froxlor\UI\Response::redirectTo($filename);
-				's' => $s
-			));
 		}
 	} else {
-		\Froxlor\UI\Response::redirectTo($filename, array(
+		\Froxlor\UI\Response::redirectTo($filename);
-			's' => $s
-		));
 	}
 } elseif ($page == 'apikeys' && Settings::Get('api.enabled') == 1) {
 	require_once __DIR__ . '/api_keys.php';

customer_mysql.php

@@ -101,8 +101,7 @@ if ($page == 'overview' || $page == 'mysqls') {
 					\Froxlor\UI\Response::dynamic_error($e->getMessage());
 				}
 				\Froxlor\UI\Response::redirectTo($filename, array(
-					'page' => $page,
+					'page' => $page
-					's' => $s
 				));
 			} else {
 				$dbnamedesc = $result['databasename'];
@@ -125,8 +124,7 @@ if ($page == 'overview' || $page == 'mysqls') {
 					\Froxlor\UI\Response::dynamic_error($e->getMessage());
 				}
 				\Froxlor\UI\Response::redirectTo($filename, array(
-					'page' => $page,
+					'page' => $page
-					's' => $s
 				));
 			} else {
 
@@ -167,8 +165,7 @@ if ($page == 'overview' || $page == 'mysqls') {
 					\Froxlor\UI\Response::dynamic_error($e->getMessage());
 				}
 				\Froxlor\UI\Response::redirectTo($filename, array(
-					'page' => $page,
+					'page' => $page
-					's' => $s
 				));
 			} else {
 

index.php

@@ -28,16 +28,6 @@ if ($action == '') {
 	$action = 'login';
 }
 
-if (session_status() == PHP_SESSION_NONE) {
-	ini_set("session.name", "s");
-	ini_set("url_rewriter.tags", "");
-	ini_set("session.use_cookies", false);
-	ini_set("session.cookie_httponly", true);
-	ini_set("session.cookie_secure", UI::$SSL_REQ);
-	session_id('login');
-	session_start();
-}
-
 if ($action == '2fa_entercode') {
 	// page for entering the 2FA code after successful login
 	if (!isset($_SESSION) || !isset($_SESSION['secret_2fa'])) {
@@ -683,10 +673,11 @@ if ($action == 'resetpwd') {
 
 function finishLogin($userinfo)
 {
-	global $version, $dbversion, $remote_addr, $http_user_agent, $languages;
+	global $languages;
 
 	if (isset($userinfo['userid']) && $userinfo['userid'] != '') {
-		$s = \Froxlor\Froxlor::genSessionId();
+
+		\Froxlor\CurrentUser::setData($userinfo);
 
 		if (isset($_POST['language'])) {
 			$language = \Froxlor\Validate\Validate::validate($_POST['language'], 'language');
@@ -698,65 +689,23 @@ function finishLogin($userinfo)
 		} else {
 			$language = Settings::Get('panel.standardlanguage');
 		}
+		\Froxlor\CurrentUser::setField('language', $language);
 
 		if (isset($userinfo['theme']) && $userinfo['theme'] != '') {
 			$theme = $userinfo['theme'];
 		} else {
 			$theme = Settings::Get('panel.default_theme');
+			\Froxlor\CurrentUser::setField('theme', $theme);
 		}
 
-		if (Settings::Get('session.allow_multiple_login') != '1') {
-			$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_SESSIONS . "`
-					WHERE `userid` = :uid
-					AND `adminsession` = :adminsession");
-			Database::pexecute($stmt, array(
-				"uid" => $userinfo['userid'],
-				"adminsession" => $userinfo['adminsession']
-			));
-		}
-
-		// check for field 'theme' in session-table, refs #607
-		// Changed with #1287 to new method
-		$stmt = Database::query("SHOW COLUMNS FROM panel_sessions LIKE 'theme'");
-		while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
-			if ($row['Field'] == "theme") {
-				$has_theme = true;
-			}
-		}
-
-		$params = array(
-			"hash" => $s,
-			"userid" => $userinfo['userid'],
-			"ipaddress" => $remote_addr,
-			"useragent" => $http_user_agent,
-			"lastactivity" => time(),
-			"language" => $language,
-			"adminsession" => $userinfo['adminsession']
-		);
-
-		if ($has_theme) {
-			$params["theme"] = $theme;
-			$stmt = Database::prepare("INSERT INTO `" . TABLE_PANEL_SESSIONS . "`
-					(`hash`, `userid`, `ipaddress`, `useragent`, `lastactivity`, `language`, `adminsession`, `theme`)
-					VALUES (:hash, :userid, :ipaddress, :useragent, :lastactivity, :language, :adminsession, :theme)");
-		} else {
-			$stmt = Database::prepare("INSERT INTO `" . TABLE_PANEL_SESSIONS . "`
-					(`hash`, `userid`, `ipaddress`, `useragent`, `lastactivity`, `language`, `adminsession`)
-					VALUES (:hash, :userid, :ipaddress, :useragent, :lastactivity, :language, :adminsession)");
-		}
-		Database::pexecute($stmt, $params);
-
 		$qryparams = array();
 		if (isset($_POST['qrystr']) && $_POST['qrystr'] != "") {
 			parse_str(urldecode($_POST['qrystr']), $qryparams);
 		}
-		$qryparams['s'] = $s;
 
 		if ($userinfo['adminsession'] == '1') {
 			if (\Froxlor\Froxlor::hasUpdates() || \Froxlor\Froxlor::hasDbUpdates()) {
-				\Froxlor\UI\Response::redirectTo('admin_updates.php', array(
+				\Froxlor\UI\Response::redirectTo('admin_updates.php');
-					's' => $s
-				));
 			} else {
 				if (isset($_POST['script']) && $_POST['script'] != "") {
 					if (preg_match("/customer\_/", $_POST['script']) === 1) {

install/updates/froxlor/0.11/update_0.11.inc.php

@@ -0,0 +1,69 @@
+<?php
+
+use Froxlor\Database\Database;
+use Froxlor\Settings;
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2010 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright (c) the authors
+ * @author Froxlor team <team@froxlor.org> (2010-)
+ * @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package Install
+ *
+ */
+if (!defined('_CRON_UPDATE')) {
+	if (!defined('AREA') || (defined('AREA') && AREA != 'admin') || !isset($userinfo['loginname']) || (isset($userinfo['loginname']) && $userinfo['loginname'] == '')) {
+		header('Location: ../../../../index.php');
+		exit();
+	}
+}
+
+// last 0.10.x release
+if (\Froxlor\Froxlor::isFroxlorVersion('0.10.99')) {
+	showUpdateStep("Updating from 0.10.99 to 0.11.0-rc1", false);
+
+	showUpdateStep("Removing unused table");
+	Database::query("DROP TABLE IF EXISTS `panel_sessions`;");
+	lastStepStatus(0);
+
+	showUpdateStep("Updating froxlor - theme");
+	Database::query("UPDATE `" . TABLE_PANEL_ADMINS . "` SET `theme` = 'Froxlor' WHERE `theme` <> 'Froxlor';");
+	Database::query("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `theme` = 'Froxlor' WHERE `theme` <> 'Froxlor';");
+	Settings::Set('panel.default_theme', 'Froxlor');
+	lastStepStatus(0);
+
+	showUpdateStep("Cleaning up old files");
+	$to_clean = array(
+		"templates/Sparkle",
+	);
+	$disabled = explode(',', ini_get('disable_functions'));
+	$exec_allowed = ! in_array('exec', $disabled);
+	$del_list = "";
+	foreach ($to_clean as $filedir) {
+		$complete_filedir = \Froxlor\Froxlor::getInstallDir() . $filedir;
+		if (file_exists($complete_filedir)) {
+			if ($exec_allowed) {
+				Froxlor\FileDir::safe_exec("rm -rf " . escapeshellarg($complete_filedir));
+			} else {
+				$del_list .= "rm -rf " . escapeshellarg($complete_filedir) . PHP_EOL;
+			}
+		}
+	}
+	if ($exec_allowed) {
+		lastStepStatus(0);
+	} else {
+		if (empty($del_list)) {
+			// none of the files existed
+			lastStepStatus(0);
+		} else {
+			lastStepStatus(1, 'manual commands needed');
+			echo '<span class="update-step update-step-err">Please run the following commands manually:</span><br><pre>' . $del_list . '</pre><br>';
+		}
+	}
+}

install/updates/froxlor/0.9/update_0.9.inc.php

@@ -23,6 +23,7 @@ if (! defined('_CRON_UPDATE')) {
 	}
 }
 
+define('TABLE_PANEL_SESSIONS', 'panel_sessions');
 if (\Froxlor\Froxlor::isFroxlorVersion('0.9-r0')) {
 
 	showUpdateStep("Updating from 0.9-r0 to 0.9-r1", false);

lib/Froxlor/Ajax/Ajax.php

@@ -27,7 +27,6 @@ use Froxlor\UI\Request;
  */
 class Ajax
 {
-	protected string $session;
 	protected string $action;
 	protected string $theme;
 	protected array $userinfo;
@@ -38,22 +37,11 @@ class Ajax
 	 */
 	public function __construct()
 	{
-		$this->session = $_GET['s'] ?? $_POST['s'] ?? null;
 		$this->action = $_GET['action'] ?? $_POST['action'] ?? null;
 		$this->theme = $_GET['theme'] ?? 'Froxlor';
 
 		UI::sendHeaders();
 		UI::sendSslHeaders();
-
-		ini_set("session.name", "s");
-		ini_set("url_rewriter.tags", "");
-		ini_set("session.use_cookies", false);
-		ini_set("session.cookie_httponly", true);
-		ini_set("session.cookie_secure", UI::$SSL_REQ);
-		session_id($this->session);
-		session_start();
-
-		$this->initLang();
 	}
 
 	/**
@@ -77,11 +65,11 @@ class Ajax
 		// ensure that we can display messages
 		$language = \Froxlor\Settings::Get('panel.standardlanguage');
 
-		if (isset($this->user_data['language']) && isset($langs[$this->user_data['language']])) {
+		if (isset($this->userinfo['language']) && isset($langs[$this->userinfo['language']])) {
 			// default: use language from session, #277
-			$language = $this->user_data['language'];
+			$language = $this->userinfo['language'];
-		} elseif (isset($this->user_data['def_language'])) {
+		} elseif (isset($this->userinfo['def_language'])) {
-			$language = $this->user_data['def_language'];
+			$language = $this->userinfo['def_language'];
 		}
 
 		// include every english language file we can get
@@ -112,6 +100,8 @@ class Ajax
 	{
 		$this->userinfo = $this->getValidatedSession();
 
+		$this->initLang();
+
 		switch ($this->action) {
 			case 'newsfeed':
 				return $this->getNewsfeed();
@@ -139,51 +129,10 @@ class Ajax
 	 */
 	private function getValidatedSession(): array
 	{
-		$remote_addr = $_SERVER['REMOTE_ADDR'];
+		if (\Froxlor\CurrentUser::hasSession() == false) {
-		if (empty($_SERVER['HTTP_USER_AGENT'])) {
+			throw new Exception("No valid session");
-			$http_user_agent = 'unknown';
-		} else {
-			$http_user_agent = $_SERVER['HTTP_USER_AGENT'];
 		}
-
+		return \Froxlor\CurrentUser::getData();
-		$timediff = time() - \Froxlor\Settings::Get('session.sessiontimeout');
-		$sel_stmt = \Froxlor\Database\Database::prepare("
-			SELECT * FROM `" . TABLE_PANEL_SESSIONS . "`
-			WHERE `hash` = :hash AND `ipaddress` = :ipaddr AND `useragent` = :ua AND `lastactivity` > :timediff
-		");
-
-		$session = \Froxlor\Database\Database::pexecute_first($sel_stmt, [
-			'hash' => $this->session,
-			'ipaddr' => $remote_addr,
-			'ua' => $http_user_agent,
-			'timediff' => $timediff
-		]);
-
-		if (!$session) {
-			throw new Exception('Session is not defined!');
-		}
-
-		if ($session['adminsession'] == 1) {
-			// test for admin
-			$sel_stmt = \Froxlor\Database\Database::prepare("
-				SELECT * FROM `" . TABLE_PANEL_ADMINS . "`
-				WHERE `adminid` = :userid
-			");
-		} else {
-			// test for customer
-			$sel_stmt = \Froxlor\Database\Database::prepare("
-				SELECT * FROM `" . TABLE_PANEL_CUSTOMERS . "`
-				WHERE `customerid` = :userid
-			");
-		}
-		$user = \Froxlor\Database\Database::pexecute_first($sel_stmt, [
-			'userid' => $session['userid']
-		]);
-		if (!$user) {
-			throw new Exception('Session is not defined!');
-		}
-		$user['adminsession'] = $session['adminsession'];
-		return $user;
 	}
 
 	/**
@@ -252,23 +201,19 @@ class Ajax
 	private function getUpdateCheck()
 	{
 		UI::initTwig();
-		UI::twig()->addGlobal('s', $this->session);
 
-		// TODO: set variables from current session
 		try {
-			$json_result = \Froxlor\Api\Commands\Froxlor::getLocal([
+			$json_result = \Froxlor\Api\Commands\Froxlor::getLocal($this->userinfo)->checkUpdate();
-				'adminid' => 1,
-				'adminsession' => 1,
-				'change_serversettings' => 1,
-				'loginname' => 'updatecheck'
-			])->checkUpdate();
 			$result = json_decode($json_result, true)['data'];
 			echo UI::twig()->render($this->theme . '/misc/version_top.html.twig', $result);
 			exit;
 		} catch (Exception $e) {
+			// don't display anything if just not allowed due to permissions
+			if ($e->getCode() != 403) {
 				\Froxlor\UI\Response::dynamic_error($e->getMessage());
 			}
 		}
+	}
 
 	/**
 	 * @todo $userinfo
@@ -310,7 +255,7 @@ class Ajax
 										}
 										$result['settings'][] = [
 											'title' => (is_array($sresult['label']) ? $sresult['label']['title'] : $sresult['label']),
-											'href' => 'admin_settings.php?page=overview&part=' . $pk[1] . '&em=' . $pk[3] . '&s=' . $this->session
+											'href' => 'admin_settings.php?page=overview&part=' . $pk[1] . '&em=' . $pk[3]
 										];
 									}
 								}
@@ -346,7 +291,7 @@ class Ajax
 								}
 								$result['customer'][] = [
 									'title' => User::getCorrectFullUserDetails($cresult),
-									'href' => 'admin_customers.php?page=customers&action=edit&id=' . $cresult['customerid'] . '&s=' . $this->session
+									'href' => 'admin_customers.php?page=customers&action=edit&id=' . $cresult['customerid']
 								];
 							}
 						}
@@ -374,7 +319,7 @@ class Ajax
 								}
 								$result['domains'][] = [
 									'title' => $cresult['domain_ace'],
-									'href' => 'admin_domains.php?page=domains&action=edit&id=' . $cresult['id'] . '&s=' . $this->session
+									'href' => 'admin_domains.php?page=domains&action=edit&id=' . $cresult['id']
 								];
 							}
 						}
@@ -403,7 +348,7 @@ class Ajax
 								}
 								$result['domains'][] = [
 									'title' => $cresult['domain_ace'],
-									'href' => 'customer_domains.php?page=domains&action=edit&id=' . $cresult['id'] . '&s=' . $this->session
+									'href' => 'customer_domains.php?page=domains&action=edit&id=' . $cresult['id']
 								];
 							}
 						}

lib/Froxlor/Api/Commands/Customers.php

@@ -1535,12 +1535,6 @@ class Customers extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resource
 				'id' => $id
 			), true, true);
 
-			// delete potential existing sessions
-			$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_SESSIONS . "` WHERE `userid` = :id AND `adminsession` = '0'");
-			Database::pexecute($stmt, array(
-				'id' => $id
-			), true, true);
-
 			// delete traffic information
 			$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_TRAFFIC . "` WHERE `customerid` = :id");
 			Database::pexecute($stmt, array(

lib/Froxlor/CurrentUser.php

@@ -0,0 +1,106 @@
+<?php
+
+namespace Froxlor;
+
+use Froxlor\Database\Database;
+
+/**
+ * Class to manage the current user / session
+ */
+class CurrentUser
+{
+
+	/**
+	 * set the userinfo data to the session
+	 * 
+	 * @param array $data
+	 */
+	public static function setData(array $data = []): void
+	{
+		$_SESSION['userinfo'] = $data;
+	}
+
+	/**
+	 * returns whether there is an active session
+	 * 
+	 * @return bool
+	 */
+	public static function hasSession(): bool
+	{
+		return !empty($_SESSION) && isset($_SESSION['userinfo']) && !empty($_SESSION['userinfo']);
+	}
+
+	/**
+	 * returns whether user has an adminsession
+	 *
+	 * @return bool
+	 */
+	public static function isAdmin(): bool
+	{
+		return (self::getField('adminsession') == 1 && self::getField('adminid') > 0 && empty(self::getField('customerid')));
+	}
+
+	/**
+	 * return content of a given field from userinfo-array
+	 * 
+	 * @param string $index
+	 *
+	 * @return string|array
+	 */
+	public static function getField(string $index)
+	{
+		return isset($_SESSION['userinfo'][$index]) ? $_SESSION['userinfo'][$index] : "";
+	}
+
+	/**
+	 * set userinfo field in session
+	 *
+	 * @param string $index
+	 * @param mixed $data
+	 *
+	 * @return boolean
+	 */
+	public static function setField(string $index, $data): bool
+	{
+		$_SESSION['userinfo'][$index] = $data;
+		return true;
+	}
+
+	/**
+	 * Return userinfo array
+	 * 
+	 * @return array
+	 */
+	public static function getData(): array
+	{
+		return $_SESSION['userinfo'] ?? [];
+	}
+
+	/**
+	 * re-read in the user data if a valid session exists
+	 *
+	 * @return boolean
+	 */
+	public static function reReadUserData()
+	{
+		$table = self::isAdmin() ? TABLE_PANEL_ADMINS : TABLE_PANEL_CUSTOMERS;
+		$userinfo_stmt = Database::prepare("
+			SELECT * FROM `" . $table . "` WHERE `loginname`= :loginname AND `deactivated` = '0'
+		");
+		$userinfo = Database::pexecute_first($userinfo_stmt, [
+			"loginname" => self::getField('loginname')
+		]);
+		if ($userinfo) {
+			// dont just set the data, we need to merge with current data
+			// array_merge is a right-reduction - value existing in getData() will be overwritten with $userinfo,
+			// other than the union-operator (+) which would keep the values already existing from getData()
+			$newuserinfo = array_merge(self::getData(), $userinfo);
+			self::setData($newuserinfo);
+			return true;
+		}
+		// unset / logout
+		unset($_SESSION['userinfo']);
+		self::setData([]);
+		return false;
+	}
+}

lib/Froxlor/UI/Linker.php

@@ -1,4 +1,5 @@
 <?php
+
 namespace Froxlor\UI;
 
 /**
@@ -33,7 +34,7 @@ class Linker
 
 	private $args = array();
 
-	public function __construct($file = 'index.php', $sessionid = '', $hostname = '', $protocol = '', $port = '', $username = '', $password = '')
+	public function __construct($file = 'index.php', $hostname = '', $protocol = '', $port = '', $username = '', $password = '')
 	{
 		// Set the basic parts of our URL
 		$this->protocol = $protocol;
@@ -42,8 +43,6 @@ class Linker
 		$this->hostname = $hostname;
 		$this->port = $port;
 		$this->filename = $file;
-		// @TODO: Remove this
-		$this->args['s'] = $sessionid;
 	}
 
 	public function __set($key, $value)
@@ -90,11 +89,7 @@ class Linker
 	public function delAll()
 	{
 		// Just resetting the array
-		// Until the sessionid can be removed: save it
+		$this->args = [];
-		// @TODO: Remove this
-		$this->args = array(
-			's' => $this->args['s']
-		);
 	}
 
 	public function getLink()

lib/Froxlor/UI/Paging.php

@@ -210,23 +210,6 @@ class Paging
 		}
 
 		$this->userinfo['lastpaging']['pageno'] = $this->pageno;
-		$upd_stmt = \Froxlor\Database\Database::prepare("
-			UPDATE `" . TABLE_PANEL_SESSIONS . "` SET
-			`lastpaging` = :lastpaging
-			WHERE `hash` = :hash  AND `userid` = :userid
-			AND `ipaddress` = :ipaddr AND `useragent` = :ua
-			AND `adminsession` = :adminsession
-		");
-		$upd_data = array(
-			'lastpaging' => json_encode($this->userinfo['lastpaging']),
-			'hash' => $userinfo['hash'],
-			'userid' => $userinfo['userid'],
-			'ipaddr' => $userinfo['ipaddress'],
-			'ua' => $userinfo['useragent'],
-			'adminsession' => $userinfo['adminsession']
-		);
-		\Froxlor\Database\Database::pexecute($upd_stmt, $upd_data);
-
 		$this->limit = $limit;
 	}
 

lib/Froxlor/UI/Panel/UI.php

@@ -51,13 +51,27 @@ class UI
 
 	private static $install_mode = false;
 
-	public static $SSL_REQ = false;
-
 	/**
 	 * send various security related headers
 	 */
 	public static function sendHeaders()
 	{
+		$isHttps =
+			$_SERVER['HTTPS']
+			?? $_SERVER['REQUEST_SCHEME']
+			?? $_SERVER['HTTP_X_FORWARDED_PROTO']
+			?? null;
+
+		$isHttps =
+			$isHttps && (strcasecmp('on', $isHttps) == 0
+				|| strcasecmp('https', $isHttps) == 0
+			);
+
+		ini_set("url_rewriter.tags", "");
+		ini_set("session.cookie_httponly", true);
+		ini_set("session.cookie_secure", $isHttps);
+		session_start();
+
 		header("Content-Type: text/html; charset=UTF-8");
 
 		// prevent Froxlor pages from being cached
@@ -96,7 +110,6 @@ class UI
 		 * If Froxlor was called via HTTPS -> enforce it for the next time by settings HSTS header according to settings
 		 */
 		if (isset($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS']) != 'off')) {
-			self::$SSL_REQ = true;
 			$maxage = \Froxlor\Settings::Get('system.hsts_maxage');
 			if (empty($maxage)) {
 				$maxage = 0;
@@ -161,15 +174,14 @@ class UI
 		if (!self::$install_mode) {
 			// system default
 			if (\Froxlor\Froxlor::DBVERSION <= 202299999) {
+				// @fixme set this to the last 0.10.x DBVERSION to fallback to the new theme
 				\Froxlor\Settings::Set('panel.default_theme', 'Froxlor');
 			}
 			$theme = (\Froxlor\Settings::Get('panel.default_theme') !== null) ? \Froxlor\Settings::Get('panel.default_theme') : $theme;
 			// customer theme
-			/*
 			if (\Froxlor\CurrentUser::hasSession() && \Froxlor\CurrentUser::getField('theme') != $theme) {
 				$theme = \Froxlor\CurrentUser::getField('theme');
 			}
-			*/
 		}
 		if (!file_exists(\Froxlor\Froxlor::getInstallDir() . '/templates/' . $theme)) {
 			\Froxlor\PhpHelper::phpErrHandler(E_USER_WARNING, "Theme '" . $theme . "' could not be found.", __FILE__, __LINE__, null);

lib/Froxlor/UI/Response.php

@@ -20,14 +20,8 @@ class Response
 	 */
 	public static function redirectTo($destination, $get_variables = null, $isRelative = true)
 	{
-		global $s;
-
 		if (is_array($get_variables)) {
-			if (isset($get_variables['s'])) {
+			$linker = new Linker($destination);
-				$linker = new Linker($destination, $get_variables['s']);
-			} else {
-				$linker = new Linker($destination, $s);
-			}
 
 			foreach ($get_variables as $key => $value) {
 				$linker->add($key, $value);
@@ -165,7 +159,7 @@ class Response
 	 */
 	public static function standard_success($success_message = '', $replacer = '', $params = array(), $throw_exception = false)
 	{
-		global $s, $lng;
+		global $lng;
 
 		if (isset($lng['success'][$success_message])) {
 			$success_message = strtr($lng['success'][$success_message], array(
@@ -178,12 +172,14 @@ class Response
 		}
 
 		if (is_array($params) && isset($params['filename'])) {
-			$redirect_url = $params['filename'] . '?s=' . $s;
+			$redirect_url = $params['filename'];
 			unset($params['filename']);
 
+			$first = true;
 			foreach ($params as $varname => $value) {
 				if ($value != '') {
-					$redirect_url .= '&' . $varname . '=' . $value;
+					$redirect_url .= ($first ? '?' : '&') . $varname . '=' . $value;
+					if ($first) $first = false;
 				}
 			}
 		} else {

lib/init.php

@@ -20,7 +20,8 @@
 // define default theme for configurehint, etc.
 $_deftheme = 'Froxlor';
 
-function view($template, $attributes) {
+function view($template, $attributes)
+{
 	$view = file_get_contents(dirname(__DIR__) . '/templates/' . $template);
 
 	return str_replace(array_keys($attributes), array_values($attributes), $view);
@@ -28,35 +29,30 @@ function view($template, $attributes) {
 
 // validate correct php version
 if (version_compare("7.4.0", PHP_VERSION, ">=")) {
-    die(
+	die(view($_deftheme . '/misc/phprequirementfailed.html.twig', [
-        view($_deftheme . '/misc/phprequirementfailed.html.twig', [
 		'{{ basehref }}' => '',
 		'{{ froxlor_min_version }}' => '7.4.0',
 		'{{ current_version }}' => PHP_VERSION,
 		'{{ current_year }}' => date('Y', time()),
-        ])
+	]));
-    );
 }
 
 // validate vendor autoloader
 if (!file_exists(dirname(__DIR__) . '/vendor/autoload.php')) {
-    die(
+	die(view($_deftheme . '/misc/vendormissinghint.html.twig', [
-        view($_deftheme . '/misc/vendormissinghint.html.twig', [
 		'{{ basehref }}' => '',
 		'{{ froxlor_install_dir }}' => dirname(__DIR__),
 		'{{ current_year }}' => date('Y', time()),
-        ])
+	]));
-    );
 }
 
 require dirname(__DIR__) . '/vendor/autoload.php';
 
 use Froxlor\Database\Database;
-use Froxlor\PhpHelper;
 use Froxlor\Settings;
 use Froxlor\UI\Panel\UI;
 use Froxlor\UI\Request;
-use voku\helper\AntiXSS;
+use Froxlor\CurrentUser;
 
 // include MySQL-tabledefinitions
 require \Froxlor\Froxlor::getInstallDir() . '/lib/tables.inc.php';
@@ -64,7 +60,6 @@ require \Froxlor\Froxlor::getInstallDir() . '/lib/tables.inc.php';
 UI::sendHeaders();
 UI::initTwig();
 
-
 /**
  * Register Globals Security Fix
  */
@@ -120,97 +115,12 @@ UI::sendSslHeaders();
 // create a new idna converter
 $idna_convert = new \Froxlor\Idna\IdnaWrapper();
 
-// SESSION MANAGEMENT
+// re-read user data if logged in
-$remote_addr = $_SERVER['REMOTE_ADDR'];
+if (CurrentUser::hasSession()) {
-
+	CurrentUser::reReadUserData();
-if (empty($_SERVER['HTTP_USER_AGENT'])) {
-	$http_user_agent = 'unknown';
-} else {
-	$http_user_agent = $_SERVER['HTTP_USER_AGENT'];
-}
-unset($userinfo);
-unset($userid);
-unset($customerid);
-unset($adminid);
-unset($s);
-
-if (isset($_POST['s'])) {
-	$s = $_POST['s'];
-	$nosession = 0;
-} elseif (isset($_GET['s'])) {
-	$s = $_GET['s'];
-	$nosession = 0;
-} else {
-	$s = '';
-	$nosession = 1;
 }
 
-$timediff = time() - Settings::Get('session.sessiontimeout');
+// Language Management
-$del_stmt = Database::prepare("
-	DELETE FROM `" . TABLE_PANEL_SESSIONS . "` WHERE `lastactivity` < :timediff
-");
-Database::pexecute($del_stmt, array(
-	'timediff' => $timediff
-));
-
-$userinfo = array();
-
-if (isset($s) && $s != "" && $nosession != 1) {
-	ini_set("session.name", "s");
-	ini_set("url_rewriter.tags", "");
-	ini_set("session.use_cookies", false);
-	ini_set("session.cookie_httponly", true);
-	ini_set("session.cookie_secure", UI::$SSL_REQ);
-	session_id($s);
-	session_start();
-	$query = "SELECT `s`.*, `u`.* FROM `" . TABLE_PANEL_SESSIONS . "` `s` LEFT JOIN `";
-
-	if (AREA == 'admin') {
-		$query .= TABLE_PANEL_ADMINS . "` `u` ON (`s`.`userid` = `u`.`adminid`)";
-		$adminsession = '1';
-	} else {
-		$query .= TABLE_PANEL_CUSTOMERS . "` `u` ON (`s`.`userid` = `u`.`customerid`)";
-		$adminsession = '0';
-	}
-
-	$query .= " WHERE `s`.`hash` = :hash AND `s`.`ipaddress` = :ipaddr
-		AND `s`.`useragent` = :ua AND `s`.`lastactivity` > :timediff
-		AND `s`.`adminsession` = :adminsession
-	";
-
-	$userinfo_data = array(
-		'hash' => $s,
-		'ipaddr' => $remote_addr,
-		'ua' => $http_user_agent,
-		'timediff' => $timediff,
-		'adminsession' => $adminsession
-	);
-	$userinfo_stmt = Database::prepare($query);
-	$userinfo = Database::pexecute_first($userinfo_stmt, $userinfo_data);
-
-	if ($userinfo && (($userinfo['adminsession'] == '1' && AREA == 'admin' && isset($userinfo['adminid'])) || ($userinfo['adminsession'] == '0' && (AREA == 'customer' || AREA == 'login') && isset($userinfo['customerid']))) && (!isset($userinfo['deactivated']) || $userinfo['deactivated'] != '1')) {
-		$upd_stmt = Database::prepare("
-			UPDATE `" . TABLE_PANEL_SESSIONS . "` SET
-			`lastactivity` = :lastactive
-			WHERE `hash` = :hash AND `adminsession` = :adminsession
-		");
-		$upd_data = array(
-			'lastactive' => time(),
-			'hash' => $s,
-			'adminsession' => $adminsession
-		);
-		Database::pexecute($upd_stmt, $upd_data);
-		$nosession = 0;
-	} else {
-		$nosession = 1;
-	}
-} else {
-	$nosession = 1;
-}
-
-/**
- * Language Management
- */
 $langs = array();
 $languages = array();
 $iso = array();
@@ -239,15 +149,11 @@ foreach ($langs as $key => $value) {
 // ensure that we can display messages
 $language = Settings::Get('panel.standardlanguage');
 
-if (isset($userinfo['language']) && isset($languages[$userinfo['language']])) {
+if (CurrentUser::hasSession() && !empty(CurrentUser::getField('language')) && isset($languages[CurrentUser::getField('language')])) {
 	// default: use language from session, #277
-	$language = $userinfo['language'];
+	$language = CurrentUser::getField('language');
-} else {
-	if (!isset($userinfo['def_language']) || !isset($languages[$userinfo['def_language']])) // this will always evaluat true, since it is the above statement inverted. @todo remove
-	{
-		if (isset($_GET['language']) && isset($languages[$_GET['language']])) {
-			$language = $_GET['language'];
 } else {
+	if (!CurrentUser::hasSession()) {
 		if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
 			$accept_langs = explode(',', $_SERVER['HTTP_ACCEPT_LANGUAGE']);
 			for ($i = 0; $i < count($accept_langs); $i++) {
@@ -266,9 +172,8 @@ if (isset($userinfo['language']) && isset($languages[$userinfo['language']])) {
 				$language = Settings::Get('panel.standardlanguage');
 			}
 		}
-		}
 	} else {
-		$language = $userinfo['def_language'];
+		$language = CurrentUser::getField('def_language');
 	}
 }
 
@@ -290,7 +195,7 @@ include_once \Froxlor\FileDir::makeSecurePath('lng/lng_references.php');
 UI::setLng($lng);
 
 // Initialize our link - class
-$linker = new \Froxlor\UI\Linker('index.php', $s);
+$linker = new \Froxlor\UI\Linker('index.php');
 UI::setLinker($linker);
 
 /**
@@ -301,8 +206,8 @@ $theme = (Settings::Get('panel.default_theme') !== null) ? Settings::Get('panel.
 /**
  * overwrite with customer/admin theme if defined
  */
-if (isset($userinfo['theme']) && $userinfo['theme'] != $theme) {
+if (CurrentUser::hasSession() && CurrentUser::getField('theme') != $theme) {
-	$theme = $userinfo['theme'];
+	$theme = CurrentUser::getField('theme');
 }
 
 // Check if a different variant of the theme is used
@@ -351,8 +256,10 @@ UI::twig()->addGlobal('header_logo', $header_logo);
 /**
  * Redirects to index.php (login page) if no session exists
  */
-if ($nosession == 1 && AREA != 'login') {
+if (!CurrentUser::hasSession() && AREA != 'login') {
-	unset($userinfo);
+	unset($_SESSION['userinfo']);
+	CurrentUser::setData();
+	session_destroy();
 	$params = array(
 		"script" => basename($_SERVER["SCRIPT_NAME"]),
 		"qrystr" => $_SERVER["QUERY_STRING"]
@@ -361,16 +268,18 @@ if ($nosession == 1 && AREA != 'login') {
 	exit();
 }
 
+$userinfo = CurrentUser::getData();
 UI::twig()->addGlobal('userinfo', ($userinfo ?? []));
 UI::setCurrentUser($userinfo);
-
+// Initialize logger
-/**
+if (CurrentUser::hasSession()) {
- * Logic moved out of lng-file
- */
-if (isset($userinfo['loginname']) && $userinfo['loginname'] != '') {
-	$lng['menue']['main']['username'] .= $userinfo['loginname'];
 	// Initialize logging
 	$log = \Froxlor\FroxlorLogger::getInstanceOf($userinfo);
+	if ((CurrentUser::isAdmin() && AREA != 'admin') || (!CurrentUser::isAdmin() && AREA != 'customer')) {
+		// user tries to access an area not meant for him -> redirect to corresponding index
+		\Froxlor\UI\Response::redirectTo((CurrentUser::isAdmin() ? 'admin' : 'customer') . '_index.php', $params);
+		exit();
+	}
 }
 
 /**
@@ -412,10 +321,10 @@ if (AREA == 'admin' || AREA == 'customer') {
 				)
 			)
 		);
-		$navigation = \Froxlor\UI\HTML::buildNavigation($navigation_data['admin'], $userinfo);
+		$navigation = \Froxlor\UI\HTML::buildNavigation($navigation_data['admin'], CurrentUser::getData());
 	} else {
 		$navigation_data = \Froxlor\PhpHelper::loadConfigArrayDir('lib/navigation/');
-		$navigation = \Froxlor\UI\HTML::buildNavigation($navigation_data[AREA], $userinfo);
+		$navigation = \Froxlor\UI\HTML::buildNavigation($navigation_data[AREA], CurrentUser::getData());
 	}
 }
 UI::twig()->addGlobal('nav_entries', $navigation);
@@ -444,23 +353,6 @@ UI::twig()->addGlobal('theme_css', $css);
 unset($js);
 unset($css);
 
-/**
- * @TODO
- *
-$panel_imprint_url = Settings::Get('panel.imprint_url');
-if (!empty($panel_imprint_url) && strtolower(substr($panel_imprint_url, 0, 4)) != 'http') {
-	$panel_imprint_url = 'https://' . $panel_imprint_url;
-}
-$panel_terms_url = Settings::Get('panel.terms_url');
-if (!empty($panel_terms_url) && strtolower(substr($panel_terms_url, 0, 4)) != 'http') {
-	$panel_terms_url = 'https://' . $panel_terms_url;
-}
-$panel_privacy_url = Settings::Get('panel.privacy_url');
-if (!empty($panel_privacy_url) && strtolower(substr($panel_privacy_url, 0, 4)) != 'http') {
-	$panel_privacy_url = 'https://' . $panel_privacy_url;
-}
-*/
-
 $action = Request::get('action');
 $page = Request::get('page', 'overview');
 
@@ -471,7 +363,6 @@ if (!$action && isset($_SESSION)) {
 
 UI::twig()->addGlobal('action', $action);
 UI::twig()->addGlobal('page', $page);
-UI::twig()->addGlobal('s', $s);
 
 /**
  * Initialize the mailingsystem

lib/tablelisting/admin/tablelisting.admins.php

@@ -19,6 +19,7 @@
 use Froxlor\UI\Callbacks\ProgressBar;
 use Froxlor\UI\Callbacks\Style;
 use Froxlor\UI\Callbacks\Text;
+use Froxlor\UI\Callbacks\Impersonate;
 use Froxlor\UI\Listing;
 
 return [
@@ -34,6 +35,7 @@ return [
 			'loginname' => [
 				'label' => $lng['login']['username'],
 				'field' => 'loginname',
+				'callback' => [Impersonate::class, 'admin'],
 				'sortable' => true,
 			],
 			'name' => [

lib/tablelisting/admin/tablelisting.customers.php

@@ -40,7 +40,7 @@ return [
 			],
 			'a.loginname' => [
 				'label' => $lng['admin']['admin'],
-				'field' => 'admin.loginname',
+				'field' => 'adminname',
 				'callback' => [Impersonate::class, 'admin'],
 			],
 			'c.email' => [

lib/tables.inc.php

@@ -31,7 +31,6 @@ const TABLE_PANEL_DATABASES = 'panel_databases';
 const TABLE_PANEL_DOMAINS = 'panel_domains';
 const TABLE_PANEL_HTACCESS = 'panel_htaccess';
 const TABLE_PANEL_HTPASSWDS = 'panel_htpasswds';
-const TABLE_PANEL_SESSIONS = 'panel_sessions';
 const TABLE_PANEL_SETTINGS = 'panel_settings';
 const TABLE_PANEL_TASKS = 'panel_tasks';
 const TABLE_PANEL_TEMPLATES = 'panel_templates';

lng/english.lng.php

@@ -1554,7 +1554,6 @@ $lng['serversettings']['phpfpm_settings']['idle_timeout']['description'] = 'Time
 
 // ADDED IN 0.9.27-svn2
 $lng['panel']['cancel'] = 'Cancel';
-$lng['admin']['delete_statistics'] = 'Delete Statistics';
 $lng['admin']['speciallogwarning'] = '<div id="speciallogfilenote" class="invalid-feedback">WARNING: By changing this setting you will lose all your old statistics for this domain.</div>';
 
 // ADDED IN 0.9.28-svn2

logfiles_viewer.php

@@ -34,8 +34,7 @@ $last_n = (int) Request::get('number_of_lines', 100);
 if (AREA != 'admin' && $userinfo['logviewenabled'] != '1') {
 	// back to domain overview
 	\Froxlor\UI\Response::redirectTo($filename, array(
-		'page' => 'domains',
+		'page' => 'domains'
-		's' => $s
 	));
 }
 

templates/Froxlor/base.html.twig

@@ -7,9 +7,6 @@
 	<meta name="robots" content="noindex, nofollow, noarchive"/>
 	<meta name="googlebot" content="nosnippet"/>
 
-	<!-- Session -->
-	<meta name="froxlor-session" content="{{ s }}">
-
 	<!-- CSS -->
 	{% if theme_css is empty %}
 		<link href="{{ basehref|default('') }}templates/Froxlor/assets/css/main.css" rel="stylesheet" type="text/css" />

templates/Froxlor/form/form.html.twig

@@ -26,7 +26,6 @@
 			{% if hiddenid is not empty %}
 				<input type="hidden" name="id" value="{{ hiddenid }}"/>
 			{% endif %}
-			<input type="hidden" name="s" value="{{ s }}"/>
 			<input type="hidden" name="page" value="{{ page }}"/>
 			<input type="hidden" name="action" value="{{ action }}"/>
 			<input type="hidden" name="send" value="send"/>

templates/Froxlor/form/yesnoquestion.html.twig

@@ -19,7 +19,6 @@
 			{% endif %}
 			<hr>
 			<p class="mb-0">
-				<input type="hidden" name="s" value="{{ s }}"/>
 				<input type="hidden" name="send" value="send"/>
 				{% for id,field in url_params %}
 					<input type="hidden" name="{{ id }}" value="{{ field }}"/>

templates/Froxlor/misc/version_top.html.twig

@@ -1,4 +1,4 @@
-<a class="nav-link {% if isnewerversion == 0 %}text-success{% else %}text-warning{% endif %}" {% if isnewerversion == 0 %} href="#" {% else %} href="admin_autoupdate.php?page=overview&s={{ s }}" {% endif %} title="{% if isnewerversion == 0 %}{{ additional_info }}{% else %}{{ message }}{% endif %}">
+<a class="nav-link {% if isnewerversion == 0 %}text-success{% else %}text-warning{% endif %}" {% if isnewerversion == 0 %} href="#" {% else %} href="admin_autoupdate.php?page=overview" {% endif %} title="{% if isnewerversion == 0 %}{{ additional_info }}{% else %}{{ message }}{% endif %}">
 	{% if isnewerversion == 0 %}
 		<i class="fa-solid fa-circle-check me-1"></i>
 	{% else %}

templates/Froxlor/settings/detailpart.html.twig

@@ -16,7 +16,6 @@
 	</div>
 
 	<div>
-		<input type="hidden" name="s" value="{{ s }}"/>
 		<input type="hidden" name="page" value="{{ page }}"/>
 		<input type="hidden" name="action" value="{{ action }}"/>
 		<input type="hidden" name="send" value="send"/>

templates/Froxlor/src/js/components/customer.js

@@ -25,7 +25,7 @@ $(document).ready(function () {
 		var pid = $(this).val();
 		if (pid > 0) {
 			$.ajax({
-				url: "admin_plans.php?s=" + window.$session + "&page=overview&action=jqGetPlanValues",
+				url: "admin_plans.php?page=overview&action=jqGetPlanValues",
 				type: "POST",
 				data: {
 					planid: pid

templates/Froxlor/src/js/components/domains.js

@@ -4,7 +4,7 @@ $(document).ready(function () {
 	$('#customerid').change(function () {
 		var cid = $(this).val();
 		$.ajax({
-			url: "admin_domains.php?s=" + window.$session + "&page=domains&action=jqGetCustomerPHPConfigs",
+			url: "admin_domains.php?page=domains&action=jqGetCustomerPHPConfigs",
 			type: "POST",
 			data: {
 				customerid: cid
@@ -36,7 +36,7 @@ $(document).ready(function () {
 			$('#speciallogfile').removeClass('is-invalid');
 			$('#speciallogverified').val(0);
 			$.ajax({
-				url: "admin_domains.php?s=" + window.$session + "&page=overview&action=jqSpeciallogfileNote",
+				url: "admin_domains.php?page=overview&action=jqSpeciallogfileNote",
 				type: "POST",
 				data: {
 					id: $('input[name=id]').val(), newval: +$('#speciallogfile').is(':checked')

templates/Froxlor/src/js/components/ipsandports.js

@@ -7,7 +7,7 @@ $(document).ready(function () {
 			$('#ipnote').remove();
 			$('#ip').removeClass('is-invalid');
 			$.ajax({
-				url: "admin_ipsandports.php?s=" + window.$session + "&page=overview&action=jqCheckIP",
+				url: "admin_ipsandports.php?page=overview&action=jqCheckIP",
 				type: "POST",
 				data: {
 					ip: ipval

templates/Froxlor/src/js/components/newsfeed.js

@@ -10,7 +10,7 @@ $(document).ready(function () {
 		}
 
 		$.ajax({
-			url: "lib/ajax.php?action=newsfeed" + role + "&theme=" + window.$theme + "&s=" + window.$session,
+			url: "lib/ajax.php?action=newsfeed" + role + "&theme=" + window.$theme,
 			type: "GET",
 			success: function (data) {
 				$("#newsfeeditems").html(data);

templates/Froxlor/src/js/components/search.js

@@ -20,7 +20,7 @@ $(document).ready(function () {
 		}
 		// Search
 		$.ajax({
-			url: "lib/ajax.php?action=searchglobal&theme=" + window.$theme + "&s=" + window.$session,
+			url: "lib/ajax.php?action=searchglobal&theme=" + window.$theme,
 			type: "POST",
 			data: {
 				searchtext: query

templates/Froxlor/src/js/components/updatecheck.js

@@ -4,7 +4,7 @@ $(document).ready(function () {
 	 */
 	if (document.getElementById('updatecheck')) {
 		$.ajax({
-			url: "lib/ajax.php?action=updatecheck&theme=" + window.$theme + "&s=" + window.$session,
+			url: "lib/ajax.php?action=updatecheck&theme=" + window.$theme,
 			type: "GET",
 			success: function (data) {
 				$("#updatecheck").html(data);

templates/Froxlor/src/js/main.js

@@ -6,7 +6,6 @@ global.$ = require('jquery');
 
 $(document).ready(function () {
 	window.$theme = 'Froxlor';
-	window.$session = $('meta[name="froxlor-session"]').attr('content');
 });
 
 // Load components

templates/Froxlor/table/pagination.html.twig

@@ -16,24 +16,24 @@
 						</li>
 					{% elseif pagination.current_page > 1 %}
 						<li class="page-item">
-							<a class="page-link" href="?s={{ s }}&page={{ page }}&action={{ action }}&pageno=1" tabindex="-1">
+							<a class="page-link" href="?page={{ page }}&action={{ action }}&pageno=1" tabindex="-1">
 								<i class="fa-solid fa-angles-left"></i>
 							</a>
 						</li>
 						<li class="page-item">
-							<a class="page-link" href="?s={{ s }}&page={{ page }}&action={{ action }}&pageno={{ pagination.current_page - 1 }}" tabindex="-1">
+							<a class="page-link" href="?page={{ page }}&action={{ action }}&pageno={{ pagination.current_page - 1 }}" tabindex="-1">
 								<i class="fa-solid fa-chevron-left"></i>
 							</a>
 						</li>
 					{% endif %}
 					{% if pagination.current_page < pagination.last_page %}
 						<li class="page-item">
-							<a class="page-link" href="?s={{ s }}&page={{ page }}&action={{ action }}&pageno={{ pagination.current_page + 1 }}" tabindex="-1">
+							<a class="page-link" href="?page={{ page }}&action={{ action }}&pageno={{ pagination.current_page + 1 }}" tabindex="-1">
 								<i class="fa-solid fa-chevron-right"></i>
 							</a>
 						</li>
 						<li class="page-item">
-							<a class="page-link" href="?s={{ s }}&page={{ page }}&action={{ action }}&pageno={{ pagination.last_page }}" tabindex="-1">
+							<a class="page-link" href="?page={{ page }}&action={{ action }}&pageno={{ pagination.last_page }}" tabindex="-1">
 								<i class="fa-solid fa-angles-right"></i>
 							</a>
 						</li>
@@ -59,8 +59,8 @@
 	{% if pagination is defined and key in pagination.sortfields %}
 		<th class="p-3 {{ th.class }}">
 			{{ th.text }}
-			<a href="?s={{ s }}&page={{ page }}&action={{ action }}&pageno={{ pagination.current_page }}&sortfield={{ key }}&sortorder=desc">&darr;</a>
+			<a href="?page={{ page }}&action={{ action }}&pageno={{ pagination.current_page }}&sortfield={{ key }}&sortorder=desc">&darr;</a>
-			<a href="?s={{ s }}&page={{ page }}&action={{ action }}&pageno={{ pagination.current_page }}&sortfield={{ key }}&sortorder=asc">&uarr;</a>
+			<a href="?page={{ page }}&action={{ action }}&pageno={{ pagination.current_page }}&sortfield={{ key }}&sortorder=asc">&uarr;</a>
 		</th>
 	{% else %}
 		<th class="p-3 {{ th.class }}">{{ th.text }}</th>

templates/Froxlor/user/change_language.html.twig

@@ -20,7 +20,6 @@
 					</div>
 
 					<div class="card-body d-grid gap-2">
-						<input type="hidden" name="s" value="{{ s }}"/>
 						<input type="hidden" name="page" value="{{ page }}"/>
 						<input type="hidden" name="send" value="send"/>
 						<button class="btn btn-primary rounded-top-0" type="submit" name="dosave">

templates/Froxlor/user/change_password.html.twig

@@ -23,7 +23,6 @@
 					</div>
 
 					<div class="card-body d-grid gap-2">
-						<input type="hidden" name="s" value="{{ s }}"/>
 						<input type="hidden" name="page" value="{{ page }}"/>
 						<input type="hidden" name="send" value="send"/>
 						<button class="btn btn-primary rounded-top-0" type="submit" name="dosave">

templates/Froxlor/user/change_theme.html.twig

@@ -19,7 +19,6 @@
 					</div>
 
 					<div class="card-body d-grid gap-2">
-						<input type="hidden" name="s" value="{{ s }}"/>
 						<input type="hidden" name="page" value="{{ page }}"/>
 						<input type="hidden" name="send" value="send"/>
 						<button class="btn btn-primary rounded-top-0" type="submit" name="dosave">

templates/Froxlor/userarea.html.twig

@@ -38,6 +38,11 @@
 					<ul id="search-dropdown" class="bg-white border list-group list-group-flush position-absolute" style="top: 2.5rem; display:none; z-index: 50; max-height: 300px; overflow-y: scroll"></ul>
 				</form>
 				<ul class="navbar-nav ms-auto">
+					{% if call_static('\\Froxlor\\CurrentUser', 'getField', ['switched_user']) is not empty and call_static('\\Froxlor\\CurrentUser', 'getField', ['switched_user']) is iterable %}
+						<a class="nav-link text-success" href="{{ linker({'section': 'index', 'action': 'suback'}) }}">
+							<i class="fa-solid fa-reply me-1"></i> {{ userinfo.switched_user.loginname }}
+						</a>
+					{% endif %}
 					{% if userinfo.adminsession == 1 %}
 						<li class="nav-item" id="updatecheck"></li>
 					{% endif %}
@@ -82,13 +87,6 @@
 							{% endif %}
 						</ul>
 					</li>
-					<!-- if switched-user
-					<li class="nav-item text-nowrap d-block me-2">
-						<a class="btn btn-info btn-sm d-block" href="#view=suBack">
-							<i class="fas fa-undo"></i>
-							Switch back</a>
-					</li>
-					endif -->
 					<li class="nav-item">
 						<a class="btn btn-link pe-0" title="{{ lng('login.logout') }}" href="{{ linker({'section': 'index', 'action': 'logout'}) }}">
 							<i class="fas fa-power-off"></i>

tests/bootstrap.php

@@ -77,7 +77,6 @@ Database::query("TRUNCATE TABLE `" . TABLE_PANEL_DISKSPACE . "`;");
 Database::query("TRUNCATE TABLE `" . TABLE_PANEL_TRAFFIC . "`;");
 Database::query("TRUNCATE TABLE `" . TABLE_PANEL_TRAFFIC_ADMINS . "`;");
 Database::query("TRUNCATE TABLE `" . TABLE_PANEL_TASKS . "`;");
-Database::query("TRUNCATE TABLE `" . TABLE_PANEL_SESSIONS . "`;");
 Database::query("TRUNCATE TABLE `" . TABLE_PANEL_LOG . "`;");
 Database::query("TRUNCATE TABLE `" . TABLE_PANEL_HTPASSWDS . "`;");
 Database::query("TRUNCATE TABLE `" . TABLE_PANEL_HTACCESS . "`;");