T.ME/BIBIL_0DAY
CasperSecurity


Server : Apache/2
System : Linux server-15-235-50-60 5.15.0-164-generic #174-Ubuntu SMP Fri Nov 14 20:25:16 UTC 2025 x86_64
User : gositeme ( 1004)
PHP Version : 8.2.29
Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname
Directory :  /home/gositeme/domains/soundstudiopro.com/private_html/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : /home/gositeme/domains/soundstudiopro.com/private_html/fix_impersonation.php
<?php
session_start();

/**
 * Simple helper that silently restores the original admin session when
 * an administrator clicks "Return to Admin".
 * 
 * SECURITY: This file is admin-only. Access is verified before allowing return.
 */

require_once 'includes/security.php';

function redirectTo(string $path = '/dashboard.php'): void {
    header('Location: ' . $path);
    exit;
}

// Returning to the original admin account
if (isset($_GET['return'])) {
    // SECURITY: Verify that the original admin ID is actually an admin
    // This prevents non-admins from using this endpoint even if they somehow have session data
    if (!empty($_SESSION['is_impersonating']) && isset($_SESSION['original_admin_id'])) {
        // Verify the original admin ID is actually an admin in the database
        try {
            require_once 'config/database.php';
            $pdo = getDBConnection();
            $stmt = $pdo->prepare("SELECT is_admin FROM users WHERE id = ?");
            $stmt->execute([$_SESSION['original_admin_id']]);
            $admin_user = $stmt->fetch(PDO::FETCH_ASSOC);
            
            if (!$admin_user || !$admin_user['is_admin']) {
                // Original admin ID is not actually an admin - security violation
                error_log("SECURITY: Unauthorized impersonation return attempt. Original admin ID: " . ($_SESSION['original_admin_id'] ?? 'none') . " from IP: " . ($_SERVER['REMOTE_ADDR'] ?? 'unknown'));
                // Clear all session data
                session_destroy();
                header('Location: /auth/login.php');
                exit;
            }
        } catch (Exception $e) {
            error_log("Database error in fix_impersonation.php: " . $e->getMessage());
            header('Location: /auth/login.php');
            exit;
        }
        $_SESSION['user_id'] = $_SESSION['original_admin_id'];
        $_SESSION['user_name'] = $_SESSION['original_admin_name'];
        $_SESSION['user_email'] = $_SESSION['original_admin_email'];
        $_SESSION['plan'] = $_SESSION['original_admin_plan'] ?? $_SESSION['plan'] ?? 'pro';
        $_SESSION['credits'] = $_SESSION['original_admin_credits'] ?? $_SESSION['credits'] ?? 0;
        $_SESSION['is_admin'] = $_SESSION['original_admin_is_admin'] ?? 1;

        unset($_SESSION['original_admin_id'], $_SESSION['original_admin_name'], $_SESSION['original_admin_email']);
        unset($_SESSION['original_admin_plan'], $_SESSION['original_admin_credits'], $_SESSION['original_admin_is_admin']);
        unset($_SESSION['is_impersonating']);

        $_SESSION['impersonation_notice'] = 'You have returned to the admin session.';
    }

    redirectTo('/admin.php');
}

// Legacy "fix" action is disabled for safety.
if (isset($_GET['fix'])) {
    redirectTo('/admin.php');
}

// Default fallback
redirectTo();

CasperSecurity Mini