Location: PHPKode > projects > web-cp - Web Hosting Control Panel > webcp/web/passwd.init.inc.phps
<?	/*
	// File:	init.inc.php
	// Purpose:	Authentication, Init sequence.
	// Creation:	2001-10-29
	// Author:	Felix <hide@address.com>
	*/

//
// Make sure that required PHP (php.ini) settings are on
if ($cfg['httpd_mode'] == 'apache') {
	if (!get_magic_quotes_gpc())
		echo "<b>magic_quotes_gpc</b> must be set to <b>On</b>.<br>";
	if (!ini_get("register_globals"))
		echo "<b>register_globals</b> must be set to <b>On</b>.<br>";
}

// Set magic quotes runtime off (dont quote MySQL data)
set_magic_quotes_runtime(0);

// Ignore user abort, 60 seconds max allowed to a web interface script.
if ($cfg['httpd_mode'] == 'apache')
	ignore_user_abort();


//
// Setup Database Connection
if ($cfg['httpd_mode'] == 'apache') {
	mysql_connect($cfg['dbhost'], $cfg['dbuser'], $cfg['dbpass']);
	mysql_select_db($cfg['dbname']);
}

//
// web://cp keeps track of users by setting a cookie
$webcp_tag = $HTTP_COOKIE_VARS["webcp_tag"];


//
// Get currently used server name (name|ip) to generate cute(compatible) looking redirect header Location:
if ($cfg['ssl'])
	$web_name = "https://";
else
	$web_name = "http://";

if ($HTTP_HOST AND !$cfg['cookiesec']) {
	$tmp = parse_url($web_name.$HTTP_HOST);
	$web_name .= $tmp['host'];
}
else
	$web_name .= $cfg['sysname'];

if ($cfg['port'])
	$web_name .= ":".$cfg['port'];

//
// if web://cp cookie isn't set or it is a logout, die on login screen
if (!$webcp_tag OR $failed == "logout" OR $failed == "su") {
	include("passwd.login.inc.phps");
	return false;
}


//
// if it exists, check its validity, check if the IP match records, check for Timeout & check for user suspension
else {

	// Check for the validity of the unique ID sent by cookie against the database
	unset($tmpdata);
	$dbp = mysql_query("SELECT * FROM users WHERE webcp_tag='".$webcp_tag."'");
	$tmpdata = mysql_fetch_array($dbp);
	mysql_free_result($dbp);
	
	// fail if the tag is not recognized
	if (!$tmpdata) {
		$failed = "invalidtag";
		include("passwd.login.inc.phps");
		return false;
	}

	// fail if the ID expired (Automated Unique ID timeout for security)
	if (time() > $tmpdata['timeout'] AND $tmpdata['type'] != "demo") {
		$failed = "timeout";
		include("passwd.login.inc.phps");
		return false;
	}

	// fail if Remote user's IP is different than the IP recorded in DB (and not a demo user)
	if ($tmpdata['remote_addr'] != $REMOTE_ADDR AND $tmpdata['type'] != "demo") {
		$failed = "remote_addr";
		include("passwd.login.inc.phps");
		return false;
	}
	
	// fail if user is suspended
	if ($tmpdata['suspend'] == "true") { 
		$failed = "suspended";
		include("passwd.login.inc.phps");
		return false;
	}
	
	// fail if Remote user's IP is different than ip restriction (if on)
	if ($tmpdata['ip_restrict'] AND !ereg("^".$tmpdata['ip_restrict'],$REMOTE_ADDR)) {
		$failed = "ip_restrict";
		include("passwd.login.inc.phps");
		return false;
	}
}

// Set Environment var: $userdata (contains info about the current user)
$userdata = fetchdata("*","user",$tmpdata['username']);
unset($tmpdata);

if (!is_array($userdata)) return('init.inc.phps :: ERROR! no $userdata');

// if no $skin (layout), set user's preference:
$skin = str_replace("/","",$skin);
if (!trim($skin) OR !file_exists("skin/".$skin)) {
	if (file_exists("skin/".$userdata['skin']))
		$skin = $userdata['skin'];
	else
		$skin = $cfg['defaultskin'];
}
	

// if no $lang (language), set user's preference:
$lang = str_replace("/","",$lang);
if (!trim($lang) OR !file_exists("lang/".$lang.".phps")) {
	$lang = $userdata['lang'];
	if (!trim($lang) OR !file_exists("lang/".$lang.".phps"))
		$lang = $cfg['defaultlang'];
}

// Get favorite panel page and go there if needed.
$tmp = explode(":",$userdata['favorites']);
if (!trim($cp) AND trim($userdata['favorites'])) {
	$cp = $tmp[0];
	$url = $tmp[1];
	$number = $tmp[2];
	$user =  $tmp[3];
}

// Set default cp if it is not set already
$cp = str_replace("/","",$cp);
if (!@is_dir($cp))
	$cp = "personal";

// if no $url (current page), set default:
$url = str_replace("/","",$url);
if (!trim($url) OR !file_exists($cp."/".$url.".phps")) {
	if ($cp == "personal")
		$url = "userinfo";
	elseif ($cp == "domain")
		$url = "domaininfo";
	elseif ($cp == "reseller")
		$url = "siteadmin";
	elseif ($cp == "server")
		$url = "reselleradmin";
	else
		$url = "index";
}
	
// Check $number validity and reset it if it's not okay.
if (!ereg($rx['num'],$number) OR ($number < 1000000000 AND $cp == 'domain'))
	$number = $userdata['id'];
if ($number AND $cp == 'domain') {
	$tmp = fetchdata("id","domain",$number);
	if (!$tmp)
		$number = $userdata['id'];
}

// Check $user validity and reset it if it's not ok.
if (!ereg($rx['user'],$user))
	$user = $userdata['username'];
	
// Verify user access level and Set $cp Environment var: $personaldata, $domaindata, $resellerdata
// (contains info about the current panel viewed)

switch($cp) {
	case "tools":
		break;
		
	case "server":
		if ($userdata['level'] < 2) {
			break;
		}
		else
			$failed = "access";
		
	case "reseller":
		if ($userdata['level'] < 3) {
			$resellerdata = fetchdata("*","reseller",$number);
			if (substr($userdata['id'], 0, 5) != $resellerdata['id'] AND $userdata['level'] == '2') {
				$failed = "access";
				break;
			}
			if (!trim($userdata))
				return 'init.inc.phps :: ERROR! no $userdata';
			break;
		}
		else
			$failed = "access";
		
	case "domain":
		if ($userdata['level'] < 4) {
			// fetch domain data and reseller name
			$domaindata = fetchdata("*","domain",$number);
			if ($domaindata['type'] != 'domain') {
				// redirect to sub/pointer management page
				$domid = $number;
				$url = 'subpointer';
				$number = $domaindata['owner'];
				
				// reload parent domain's data
				$domaindata = fetchdata("*","domain",$domaindata['owner']);
			}
			
			$resellerdata = fetchdata("name","reseller",$domaindata['id']);
			
			if (!is_array($domaindata))
				return 'init.inc.phps :: ERROR! no $domaindata';
			if (!is_array($resellerdata))
				return 'init.inc.phps :: ERROR! no $resellerdata';
			if ($domaindata['type'] != 'domain')
				return'init.inc.phps :: ERROR! type "domain" only';
			
			// Verify user access validity.
			if ($userdata['level'] == 3) {
				if ($userdata['id'] != $domaindata['id'])
					$failed = "access";
			}
			elseif ($userdata['level'] == 2) {
				if (substr($userdata['id'], 0, 5) != $domaindata['owner'])
					$failed = "access";
			}
			elseif ($userdata['level'] > 2) {
				if ($domaindata['ip_restrict'] AND !ereg("^".$domaindata['ip_restrict'],$REMOTE_ADDR))
					$failed = "ip_restrict";
			}
			break;
		}
		else
			$failed = "access";
		
	case "personal":
		if ($userdata['level'] < 5) {
			
			// fetch user data and reseller name
			$personaldata = fetchdata("*","user",$user);
			$domaindata = fetchdata("host,domain","domain",$personaldata['id']);
			$resellerdata = fetchdata("name","reseller",$personaldata['id']);
			if (!is_array($personaldata)) 
				return 'init.inc.phps :: ERROR! no $personaldata';
			if (!is_array($resellerdata))
				return 'init.inc.phps :: ERROR! no $resellerdata';
			
			// Verify user access validity in cases of domain and reseller administrators.
			if ($userdata['level'] == 4) {
				if($user != $userdata['username'])
					$failed = "access";
			}
			elseif ($userdata['level'] == 3) {
				if ($userdata['id'] != $personaldata['id'])
					$failed = "access";
			}
			elseif ($userdata['level'] == 2) {
				if (substr($userdata['id'], 0, 5) != substr($personaldata['id'], 0, 5))
					$failed = "access";
			}
			$number = $personaldata['id'];
			break;
		}
		else
			$failed = "access";
		
	default:
		$failed = "access";
		break;
}

// If any error happen, die displaying the login screen.
if (isset($failed)) {
	$rcode = include("passwd.login.inc.phps");
	if ($rcode != 1)
		return $rcode;
	else
		return false;
}

// Construct valid url for self contained FORMS
$current_url = "./?cp=$cp&url=$url&number=$number";
if ($user) $current_url .= "&user=$user";
if ($framed) $current_url .= "&framed=$framed&framename=$framename";
?>
Return current item: web-cp - Web Hosting Control Panel