PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC] ); } return $pdo; } function getSuperlogPanelDB() { static $pdo = null; if ($pdo === null) { $pdo = new PDO( 'mysql:host=localhost;dbname=u752449863_rrpanel;charset=utf8mb4', 'u752449863_rrpaneladmin', 'S@n@h2016', [PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC] ); } return $pdo; } $error = ''; $success = ''; $step = 'blocked'; // blocked, select, error // ─── Step 1: Validate token on GET ─── if (isset($_GET['token']) && !isset($_SESSION['superlog_validated'])) { $token = trim($_GET['token']); if (empty($token) || strlen($token) !== 128) { $error = 'Invalid token format.'; $step = 'error'; } else { try { $pdo = getSuperlogShopDB(); $stmt = $pdo->prepare(" SELECT * FROM superlog_tokens WHERE token = ? AND used = 0 AND expires_at > NOW() "); $stmt->execute([$token]); $tokenData = $stmt->fetch(); if ($tokenData) { // Mark token as used immediately (one-time use) $pdo->prepare("UPDATE superlog_tokens SET used = 1, used_at = NOW() WHERE id = ?") ->execute([$tokenData['id']]); // Store validated admin info in session $_SESSION['superlog_validated'] = true; $_SESSION['superlog_admin_id'] = $tokenData['admin_id']; $_SESSION['superlog_admin_username'] = $tokenData['admin_username']; $_SESSION['superlog_admin_name'] = $tokenData['admin_name']; $_SESSION['superlog_token_time'] = time(); $_SESSION['superlog_ip'] = $_SERVER['REMOTE_ADDR'] ?? ''; $step = 'select'; } else { $error = 'Invalid, expired, or already-used token. Please go back to the Admin Portal and click Super Log again.'; $step = 'error'; } } catch (Exception $e) { error_log("Superlog token validation error: " . $e->getMessage()); $error = 'System error during token validation.'; $step = 'error'; } } } elseif (isset($_SESSION['superlog_validated']) && $_SESSION['superlog_validated'] === true) { // Already validated — check freshness (30 min max session) if (time() - ($_SESSION['superlog_token_time'] ?? 0) > 1800) { // Session expired unset($_SESSION['superlog_validated'], $_SESSION['superlog_admin_id'], $_SESSION['superlog_admin_username'], $_SESSION['superlog_admin_name'], $_SESSION['superlog_token_time']); $error = 'Super Log session expired (30 min limit). Please start again from Admin Portal.'; $step = 'error'; } else { $step = 'select'; } } else { $error = 'Access denied. Super Log can only be accessed via the Admin Portal.'; $step = 'blocked'; } // ─── Step 2: Handle Portal Login (POST) ─── if ($_SERVER['REQUEST_METHOD'] === 'POST' && $step === 'select') { $portalType = $_POST['portal_type'] ?? ''; $email = trim(strtolower($_POST['email'] ?? '')); if (empty($portalType) || !in_array($portalType, ['member', 'affiliate', 'client'])) { $error = 'Invalid portal type selected.'; } elseif (empty($email)) { $error = 'Please enter an email address.'; } elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) { $error = 'Please enter a valid email address.'; } else { try { $adminName = $_SESSION['superlog_admin_name'] ?? 'Admin'; $adminId = $_SESSION['superlog_admin_id'] ?? 0; switch ($portalType) { // ─── MEMBER PORTAL ─── case 'member': $panelPdo = getSuperlogPanelDB(); $stmt = $panelPdo->prepare("SELECT id, email, status, email_verified FROM users WHERE LOWER(email) = ?"); $stmt->execute([$email]); $user = $stmt->fetch(); if (!$user) { $error = 'No member found with email: ' . htmlspecialchars($email); } else { // Create member session WITHOUT updating last_login or logging $_SESSION['user_id'] = $user['id']; $_SESSION['user_email'] = $user['email']; $_SESSION['logged_in'] = true; $_SESSION['login_time'] = time(); // Superlog flags $_SESSION['is_superlog'] = true; $_SESSION['superlog_target_email'] = $user['email']; $_SESSION['superlog_target_type'] = 'member'; $_SESSION['superlog_admin_name'] = $adminName; $_SESSION['superlog_admin_id'] = $adminId; // Log in admin activity (on shop DB, not member DB) $shopPdo = getSuperlogShopDB(); $shopPdo->prepare("INSERT INTO admin_activity_log (admin_id, action, description, created_at) VALUES (?, 'superlog_login', ?, NOW())") ->execute([$adminId, "Superlog: entered Member portal as {$user['email']} (ID:{$user['id']}, Status:{$user['status']})"]); header('Location: /dashboard.php'); exit; } break; // ─── AFFILIATE / PARTNER PORTAL ─── case 'affiliate': $shopPdo = getSuperlogShopDB(); $stmt = $shopPdo->prepare("SELECT id, email, company_name, status FROM affiliates WHERE LOWER(email) = ?"); $stmt->execute([$email]); $partner = $stmt->fetch(); if (!$partner) { $error = 'No affiliate found with email: ' . htmlspecialchars($email); } else { // Create partner session WITHOUT updating last_login or login_count $_SESSION['partner_logged_in'] = true; $_SESSION['partner_id'] = $partner['id']; $_SESSION['partner_email'] = $partner['email']; $_SESSION['partner_company'] = $partner['company_name']; $_SESSION['partner_login_time'] = time(); // Superlog flags $_SESSION['is_superlog'] = true; $_SESSION['superlog_target_email'] = $partner['email']; $_SESSION['superlog_target_type'] = 'affiliate'; $_SESSION['superlog_admin_name'] = $adminName; $_SESSION['superlog_admin_id'] = $adminId; // Log in admin activity $shopPdo->prepare("INSERT INTO admin_activity_log (admin_id, action, description, created_at) VALUES (?, 'superlog_login', ?, NOW())") ->execute([$adminId, "Superlog: entered Partner portal as {$partner['email']} (ID:{$partner['id']}, Company:{$partner['company_name']})"]); header('Location: /partners/partner-dashboard.php'); exit; } break; // ─── CLIENT PORTAL ─── case 'client': $shopPdo = getSuperlogShopDB(); $stmt = $shopPdo->prepare("SELECT id, client_code, company_name, contact_person, email FROM clients WHERE LOWER(email) = ?"); $stmt->execute([$email]); $client = $stmt->fetch(); if (!$client) { $error = 'No client found with email: ' . htmlspecialchars($email); } else { // Create client session WITHOUT logging $_SESSION['client_id'] = $client['id']; $_SESSION['client_code'] = $client['client_code']; $_SESSION['client_email'] = $client['email']; $_SESSION['client_name'] = $client['company_name']; $_SESSION['contact_person'] = $client['contact_person']; // Superlog flags $_SESSION['is_superlog'] = true; $_SESSION['superlog_target_email'] = $client['email']; $_SESSION['superlog_target_type'] = 'client'; $_SESSION['superlog_admin_name'] = $adminName; $_SESSION['superlog_admin_id'] = $adminId; // Log in admin activity $shopPdo->prepare("INSERT INTO admin_activity_log (admin_id, action, description, created_at) VALUES (?, 'superlog_login', ?, NOW())") ->execute([$adminId, "Superlog: entered Client portal as {$client['email']} (ID:{$client['id']}, Company:{$client['company_name']})"]); header('Location: /clients/client-dashboard.php'); exit; } break; } } catch (Exception $e) { error_log("Superlog login error: " . $e->getMessage()); $error = 'Database error. Please try again.'; } } } $adminName = htmlspecialchars($_SESSION['superlog_admin_name'] ?? ''); ?> Super Log - Relevant Reflex Admin

⚡ SUPER LOG

Admin Impersonation Console

🔑
🔒

Access Denied

← Back to Admin Portal
⚠️
Impersonation mode. You will enter the selected portal as the specified user. No login or activity logs will be recorded on their account. All actions are logged in the admin activity log.

Select a portal to enter:

👤
MEMBER
Panel Member Portal
🤝
AFFILIATE
Partner Portal
🏢
CLIENT
Client Portal
← Back to Admin Portal  ·  Session expires in 30:00