root/alternc/tags/0.9.7/bureau/admin/adm_login.php

Revision 994, 2.4 kB (checked in by joe, 3 years ago)

Correction d'un bogue de sécurité majeur. Permet aux admins de se connecter seulement aux membres qu'ils ont crées.

Line 
1 <?php
2 /*
3  $Id: adm_login.php,v 1.4 2005/04/01 17:13:10 benjamin Exp $
4  ----------------------------------------------------------------------
5  AlternC - Web Hosting System
6  Copyright (C) 2002 by the AlternC Development Team.
7  http://alternc.org/
8  ----------------------------------------------------------------------
9  Based on:
10  Valentin Lacambre's web hosting softwares: http://altern.org/
11  ----------------------------------------------------------------------
12  LICENSE
13
14  This program is free software; you can redistribute it and/or
15  modify it under the terms of the GNU General Public License (GPL)
16  as published by the Free Software Foundation; either version 2
17  of the License, or (at your option) any later version.
18
19  This program is distributed in the hope that it will be useful,
20  but WITHOUT ANY WARRANTY; without even the implied warranty of
21  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
22  GNU General Public License for more details.
23
24  To read the license please visit http://www.gnu.org/copyleft/gpl.html
25  ----------------------------------------------------------------------
26  Original Author of file: Benjamin Sonntag
27  Purpose of file: Connect a super-user to another account
28  ----------------------------------------------------------------------
29 */
30 require_once("../class/config.php");
31
32 if (!$admin->enabled) {
33     __("This page is restricted to authorized staff");
34     exit();
35 }
36
37 $id = $_GET['id'];
38
39 if (!$admin->checkcreator($id)) {
40   __("This page is restricted to authorized staff");
41   exit();
42 }
43
44 if (!$r=$admin->get($id)) {
45     $error=$err->errstr();
46 } else {
47
48 if (!$mem->setid($id)) {
49         $error=$err->errstr();
50     include("index.php");
51     exit();
52 }
53
54 ?>
55 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Frameset//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-frameset.dtd">
56 <html>
57 <head>
58 <title><?php __("AlternC Desktop"); ?></title>
59 <link rel="stylesheet" href="styles/style.css" type="text/css" />
60 <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
61 </head>
62 <frameset cols="225px,*">
63     <frame src="menu.php" name="left" />
64     <frame src="main.php" name="right" />
65 <noframes>
66 <body>
67 <p>
68     Votre navigateur doit supporter les cadres.<br />
69     Your browser must support frames
70 </p>
71 </body>
72 </noframes>
73 </frameset>
74 </html>
75 <?php
76                       exit();
77 }
78 include("head.php");
79 ?>
80 </head>
81 <body>
82 <h3><?php __("Member login"); ?></h3>
83 <?php
84     if ($error) {
85         echo "<p class=\"error\">$error</p></body></html>";
86         exit();
87     }
88 ?>
89 </body>
90 </html>
91
92
93
Note: See TracBrowser for help on using the browser.