Hi,
On ispCP 1.0.7, there are one error on the "External login prevention":
The check_login function on /var/www/ispcp/gui/include/login-functions.php takes as arguments $fName = null, $preventExternalLogin = true:
Code:
function check_login($fName = null, $preventExternalLogin = false)
This would be correct if each call to this function pass both parameters, but we find the following (taken from a find):
Code:
./gui/reseller/hosting_plan_delete.php:check_login(__FILE__);
./gui/reseller/password_change.php:check_login(__FILE__);
./gui/reseller/user_edit.php:check_login(__FILE__);
./gui/reseller/hosting_plan.php:check_login(__FILE__);
./gui/reseller/order_settings.php:check_login(__FILE__);
./gui/reseller/orders.php:check_login(__FILE__);
./gui/reseller/ticket_view.php:check_login(__FILE__);
./gui/reseller/domain_edit.php:check_login(__FILE__);
./gui/reseller/orders_update.php:check_login(__FILE__);
./gui/reseller/ip_usage.php:check_login(__FILE__);
./gui/reseller/domain_delete.php:check_login(__FILE__);
./gui/reseller/domain_status_change.php:check_login(__FILE__);
./gui/reseller/user_add1.php:check_login(__FILE__);
./gui/reseller/settings_welcome_mail.php:check_login(__FILE__);
./gui/reseller/alias.php:check_login(__FILE__);
./gui/reseller/alias_delete.php:check_login(__FILE__);
./gui/reseller/orders_detailst.php:check_login(__FILE__);
./gui/reseller/orders_add.php:check_login(__FILE__);
./gui/reseller/ticket_delete.php:check_login(__FILE__);
./gui/reseller/index.php:check_login(__FILE__, $cfg->PREVENT_EXTERNAL_LOGIN_RESELLER);
./gui/reseller/user_add3.php:check_login(__FILE__);
./gui/reseller/settings_layout.php:check_login(__FILE__);
./gui/reseller/change_user_interface.php:check_login(__FILE__);
./gui/reseller/users.php:check_login(__FILE__);
./gui/reseller/hosting_plan_edit.php:check_login(__FILE__);
./gui/reseller/ticket_closed.php:check_login(__FILE__);
./gui/reseller/settings_lostpassword.php:check_login(__FILE__);
./gui/reseller/hosting_plan_add.php:check_login(__FILE__);
./gui/reseller/user_statistics.php:check_login(__FILE__);
./gui/reseller/order_email.php:check_login(__FILE__);
./gui/reseller/personal_change.php:check_login(__FILE__);
./gui/reseller/domain_details.php:check_login(__FILE__);
./gui/reseller/ticket_system.php:check_login(__FILE__);
./gui/reseller/alias_order.php:check_login(__FILE__);
./gui/reseller/circular.php:check_login(__FILE__);
./gui/reseller/language.php:check_login(__FILE__);
./gui/reseller/alias_edit.php:check_login(__FILE__);
./gui/reseller/user_add2.php:check_login(__FILE__);
./gui/reseller/user_add4.php:check_login(__FILE__);
./gui/reseller/domain_statistics.php:check_login(__FILE__);
./gui/reseller/alias_add.php:check_login(__FILE__);
./gui/reseller/ticket_create.php:check_login(__FILE__);
./gui/reseller/orders_delete.php:check_login(__FILE__);
./gui/admin/settings_maintenance_mode.php:check_login(__FILE__);
./gui/admin/hosting_plan_delete.php:check_login(__FILE__);
./gui/admin/password_change.php:check_login(__FILE__);
./gui/admin/ispcp_updates.php:check_login(__FILE__);
./gui/admin/sessions_manage.php:check_login(__FILE__);
./gui/admin/admin_add.php:check_login(__FILE__);
./gui/admin/reseller_edit.php:check_login(__FILE__);
./gui/admin/hosting_plan.php:check_login(__FILE__);
./gui/admin/server_statistic.php:check_login(__FILE__);
./gui/admin/ticket_view.php:check_login(__FILE__);
./gui/admin/admin_edit.php:check_login(__FILE__);
./gui/admin/domain_edit.php:check_login(__FILE__);
./gui/admin/reseller_user_statistics.php:check_login(__FILE__);
./gui/admin/server_statistic_day.php:check_login(__FILE__);
./gui/admin/ip_usage.php:check_login(__FILE__);
./gui/admin/system_info.php:check_login(__FILE__);
./gui/admin/settings_ports.php:check_login(__FILE__);
./gui/admin/domain_status_change.php:check_login(__FILE__);
./gui/admin/user_delete.php:check_login(__FILE__);
./gui/admin/manage_reseller_owners.php:check_login(__FILE__);
./gui/admin/settings_welcome_mail.php:check_login(__FILE__);
./gui/admin/reseller_add.php:check_login(__FILE__);
./gui/admin/rootkit_log.php:check_login(__FILE__);
./gui/admin/settings.php:check_login(__FILE__);
./gui/admin/reseller_statistics.php:check_login(__FILE__);
./gui/admin/ticket_delete.php:check_login(__FILE__);
./gui/admin/index.php:check_login(__FILE__, $cfg->PREVENT_EXTERNAL_LOGIN_ADMIN);
./gui/admin/settings_layout.php:check_login(__FILE__);
./gui/admin/change_user_interface.php:check_login(__FILE__);
./gui/admin/database_update.php:check_login(__FILE__);
./gui/admin/hosting_plan_edit.php:check_login(__FILE__);
./gui/admin/ticket_closed.php:check_login(__FILE__);
./gui/admin/settings_lostpassword.php:check_login(__FILE__);
./gui/admin/settings_server_traffic.php:check_login(__FILE__);
./gui/admin/hosting_plan_add.php:check_login(__FILE__);
./gui/admin/personal_change.php:check_login(__FILE__);
./gui/admin/language_delete.php:check_login(__FILE__);
./gui/admin/domain_details.php:check_login(__FILE__);
./gui/admin/ticket_system.php:check_login(__FILE__);
./gui/admin/circular.php:check_login(__FILE__);
./gui/admin/server_status.php:check_login(__FILE__);
./gui/admin/ispcp_debugger.php:check_login(__FILE__);
./gui/admin/multilanguage.php:check_login(__FILE__);
./gui/admin/language.php:check_login(__FILE__);
./gui/admin/ip_delete.php:check_login(__FILE__);
./gui/admin/manage_reseller_users.php:check_login(__FILE__);
./gui/admin/status_change.php:check_login(__FILE__);
./gui/admin/ip_manage.php:check_login(__FILE__);
./gui/admin/manage_users.php:check_login(__FILE__);
./gui/admin/custom_menus.php:check_login(__FILE__);
./gui/admin/domain_statistics.php:check_login(__FILE__);
./gui/admin/multilanguage_export.php:check_login(__FILE__);
./gui/admin/admin_log.php:check_login(__FILE__);
./gui/admin/migration.php:check_login(__FILE__);
./gui/client/cronjobs_add.php:check_login(__FILE__);
./gui/client/mail_delete.php:check_login(__FILE__);
./gui/client/password_change.php:check_login(__FILE__);
./gui/client/protected_group_add.php:check_login(__FILE__);
./gui/client/mail_catchall_delete.php:check_login(__FILE__);
./gui/client/mail_add.php:check_login(__FILE__);
./gui/client/backup.php:check_login(__FILE__);
./gui/client/webtools.php:check_login(__FILE__);
./gui/client/sql_delete_user.php:check_login(__FILE__);
./gui/client/domains_manage.php:check_login(__FILE__);
./gui/client/mail_edit.php:check_login(__FILE__);
./gui/client/ticket_view.php:check_login(__FILE__);
./gui/client/sql_change_password.php:check_login(__FILE__);
./gui/client/pma_auth.php:check_login(__FILE__);
./gui/client/protected_areas.php:check_login(__FILE__);
./gui/client/protected_user_assign.php:check_login(__FILE__);
./gui/client/ftp_edit.php:check_login(__FILE__);
./gui/client/error_pages.php:check_login(__FILE__);
./gui/client/mail_catchall.php:check_login(__FILE__);
./gui/client/subdomain_edit.php:check_login(__FILE__);
./gui/client/alias_delete.php:check_login(__FILE__);
./gui/client/ftp_accounts.php:check_login(__FILE__);
./gui/client/mail_catchall_add.php:check_login(__FILE__);
./gui/client/ftp_delete.php:check_login(__FILE__);
./gui/client/dns_delete.php:check_login(__FILE__);
./gui/client/ticket_delete.php:check_login(__FILE__);
./gui/client/index.php:check_login(__FILE__, $cfg->PREVENT_EXTERNAL_LOGIN_CLIENT);
./gui/client/cronjobs_edit.php:check_login(__FILE__);
./gui/client/ftp_choose_dir.php:check_login(__FILE__);
./gui/client/change_user_interface.php:check_login(__FILE__);
./gui/client/hosting_plan_update.php:check_login(__FILE__);
./gui/client/protected_areas_remove.php:check_login(__FILE__);
./gui/client/alias_order_delete.php:check_login(__FILE__);
./gui/client/alssub_delete.php:check_login(__FILE__);
./gui/client/mail_autoresponder_edit.php:check_login(__FILE__);
./gui/client/ticket_closed.php:check_login(__FILE__);
./gui/client/subdomain_add.php:check_login(__FILE__);
./gui/client/cronjobs_overview.php:check_login(__FILE__);
./gui/client/protected_user_manage.php:check_login(__FILE__);
./gui/client/ftp_add.php:check_login(__FILE__);
./gui/client/protected_areas_add.php:check_login(__FILE__);
./gui/client/mail_accounts.php:check_login(__FILE__);
./gui/client/mail_autoresponder_enable.php:check_login(__FILE__);
./gui/client/sql_database_delete.php:check_login(__FILE__);
./gui/client/protected_group_delete.php:check_login(__FILE__);
./gui/client/dns_edit.php:check_login(__FILE__);
./gui/client/personal_change.php:check_login(__FILE__);
./gui/client/protected_user_delete.php:check_login(__FILE__);
./gui/client/mail_autoresponder_disable.php:check_login(__FILE__);
./gui/client/sql_user_add.php:check_login(__FILE__);
./gui/client/ticket_system.php:check_login(__FILE__);
./gui/client/error_edit.php:check_login(__FILE__);
./gui/client/protected_user_edit.php:check_login(__FILE__);
./gui/client/sql_manage.php:check_login(__FILE__);
./gui/client/language.php:check_login(__FILE__);
./gui/client/alias_edit.php:check_login(__FILE__);
./gui/client/protected_user_add.php:check_login(__FILE__);
./gui/client/sql_database_add.php:check_login(__FILE__);
./gui/client/protected_areas_delete.php:check_login(__FILE__);
./gui/client/subdomain_delete.php:check_login(__FILE__);
./gui/client/domain_statistics.php:check_login(__FILE__);
./gui/client/alias_add.php:check_login(__FILE__);
./gui/client/ticket_create.php:check_login(__FILE__);
All calls to the function without the second parameter gets to run this function taking into account the $preventExternalLogin true, having no effect in this setting is active or not.
Regards.