Ensure exact match in if statement

web/bulk/cron/index.php

@@ -15,7 +15,7 @@ if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
 $job = $_POST['job'];
 $action = $_POST['action'];
 
-if ($_SESSION['userContext'] == 'admin') {
+if ($_SESSION['userContext'] === "admin") {
     switch ($action) {
         case 'delete': $cmd='v-delete-cron-job';
             break;

web/bulk/db/index.php

@@ -15,7 +15,7 @@ if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
 $database = $_POST['database'];
 $action = $_POST['action'];
 
-if ($_SESSION['userContext'] == 'admin') {
+if ($_SESSION['userContext'] === "admin") {
     switch ($action) {
         case 'rebuild': $cmd='v-rebuild-database';
             break;

web/bulk/dns/index.php

@@ -16,7 +16,7 @@ $domain = $_POST['domain'];
 $record = $_POST['record'];
 $action = $_POST['action'];
 
-if ($_SESSION['userContext'] == 'admin') {
+if ($_SESSION['userContext'] === "admin") {
     if (empty($record)) {
         switch ($action) {
             case 'rebuild': $cmd='v-rebuild-dns-domain';

web/bulk/hestia/index.php

@@ -16,7 +16,7 @@ if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
 $pkg = $_POST['pkg'];
 $action = $_POST['action'];
 
-if ($_SESSION['userContext'] == 'admin') {
+if ($_SESSION['userContext'] === "admin") {
     switch ($action) {
         case 'update': $cmd='v-update-sys-hestia';
             break;

web/bulk/ip/index.php

@@ -15,7 +15,7 @@ if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
 $ip = $_POST['ip'];
 $action = $_POST['action'];
 
-if ($_SESSION['userContext'] == 'admin') {
+if ($_SESSION['userContext'] === "admin") {
     switch ($action) {
         case 'reread IP': exec(HESTIA_CMD."v-update-sys-ip", $output, $return_var);
                 header("Location: /list/ip/");

web/bulk/mail/index.php

@@ -16,7 +16,7 @@ $domain = $_POST['domain'];
 $account = $_POST['account'];
 $action = $_POST['action'];
 
-if ($_SESSION['userContext'] == 'admin') {
+if ($_SESSION['userContext'] === "admin") {
     if (empty($account)) {
         switch ($action) {
             case 'rebuild': $cmd='v-rebuild-mail-domain';

web/bulk/package/index.php

@@ -15,7 +15,7 @@ if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
 $package = $_POST['package'];
 $action = $_POST['action'];
 
-if ($_SESSION['userContext'] == 'admin') {
+if ($_SESSION['userContext'] === "admin") {
     switch ($action) {
         case 'delete': $cmd='v-delete-user-package';
             break;

web/bulk/service/index.php

@@ -15,7 +15,7 @@ if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
 $service = $_POST['service'];
 $action = $_POST['action'];
 
-if ($_SESSION['userContext'] == 'admin') {
+if ($_SESSION['userContext'] === "admin") {
     switch ($action) {
         case 'stop': $cmd='v-stop-service';
             break;

web/bulk/user/index.php

@@ -15,7 +15,7 @@ if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
 $user = $_POST['user'];
 $action = $_POST['action'];
 
-if ($_SESSION['userContext'] == 'admin') {
+if ($_SESSION['userContext'] === "admin") {
     switch ($action) {
         case 'delete': $cmd='v-delete-user'; $restart = 'no';
             break;

web/bulk/web/index.php

@@ -15,7 +15,7 @@ if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
 $domain = $_POST['domain'];
 $action = $_POST['action'];
 
-if ($_SESSION['userContext'] == 'admin') {
+if ($_SESSION['userContext'] === "admin") {
     switch ($action) {
         case 'delete': $cmd='v-delete-web-domain';
             break;

web/copy/package/index.php

@@ -23,7 +23,7 @@ if (empty($_GET['package'])) {
     exit;
 }
 
-if ($_SESSION['userContext'] == 'admin') {
+if ($_SESSION['userContext'] === "admin") {
     if (!empty($_GET['package'])) {
         $v_package = escapeshellarg($_GET['package']);
         exec (HESTIA_CMD."v-copy-user-package ".$v_package." ".$v_package."-copy", $output, $return_var);

web/delete/backup/exclusion/index.php

@@ -5,7 +5,7 @@ ob_start();
 session_start();
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
-if (($_SESSION['userContext'] == 'admin') && (!empty($_GET['user']))) {
+if (($_SESSION['userContext'] === "admin") && (!empty($_GET['user']))) {
     $user=$_GET['user'];
 }
 

web/delete/backup/index.php

@@ -5,7 +5,7 @@ ob_start();
 session_start();
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
-if (($_SESSION['userContext'] == 'admin') && (!empty($_GET['user']))) {
+if (($_SESSION['userContext'] === "admin") && (!empty($_GET['user']))) {
     $user=$_GET['user'];
 }
 

web/delete/cron/autoupdate/index.php

@@ -11,7 +11,7 @@ if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
     exit();
 }
 
-if ($_SESSION['userContext'] == 'admin') {
+if ($_SESSION['userContext'] === "admin") {
     exec (HESTIA_CMD."v-delete-cron-hestia-autoupdate", $output, $return_var);
     unset($output);
 }

web/delete/cron/index.php

@@ -5,7 +5,7 @@ ob_start();
 session_start();
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
-if (($_SESSION['userContext'] == 'admin') && (!empty($_GET['user']))) {
+if (($_SESSION['userContext'] === "admin") && (!empty($_GET['user']))) {
     $user=$_GET['user'];
 }
 

web/delete/db/index.php

@@ -5,7 +5,7 @@ ob_start();
 session_start();
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
-if (($_SESSION['userContext'] == 'admin') && (!empty($_GET['user']))) {
+if (($_SESSION['userContext'] === "admin") && (!empty($_GET['user']))) {
     $user=$_GET['user'];
 }
 

web/delete/dns/index.php

@@ -6,7 +6,7 @@ session_start();
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
 // Delete as someone else?
-if (($_SESSION['userContext'] == 'admin') && (!empty($_GET['user']))) {
+if (($_SESSION['userContext'] === "admin") && (!empty($_GET['user']))) {
     $user=$_GET['user'];
 }
 

web/delete/ip/index.php

@@ -11,7 +11,7 @@ if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
     exit();
 }
 
-if ($_SESSION['userContext'] == 'admin') {
+if ($_SESSION['userContext'] === "admin") {
     if (!empty($_GET['ip'])) {
         $v_ip = escapeshellarg($_GET['ip']);
         exec (HESTIA_CMD."v-delete-sys-ip ".$v_ip, $output, $return_var);

web/delete/key/index.php

@@ -5,7 +5,7 @@ ob_start();
 session_start();
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
-if (($_SESSION['userContext'] == 'admin') && (!empty($_GET['user']))) {
+if (($_SESSION['userContext'] === "admin") && (!empty($_GET['user']))) {
     $user=$_GET['user'];
 }
 

web/delete/mail/index.php

@@ -6,7 +6,7 @@ session_start();
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
 // Delete as someone else?
-if (($_SESSION['userContext'] == 'admin') && (!empty($_GET['user']))) {
+if (($_SESSION['userContext'] === "admin") && (!empty($_GET['user']))) {
     $user=$_GET['user'];
 }
 

web/delete/package/index.php

@@ -11,7 +11,7 @@ if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
     exit();
 }
 
-if ($_SESSION['userContext'] == 'admin') {
+if ($_SESSION['userContext'] === "admin") {
     if (!empty($_GET['package'])) {
         $v_package = escapeshellarg($_GET['package']);
         exec (HESTIA_CMD."v-delete-user-package ".$v_package, $output, $return_var);

web/delete/user/index.php

@@ -11,7 +11,7 @@ if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
     exit();
 }
 
-if ($_SESSION['userContext'] == 'admin') {
+if ($_SESSION['userContext'] === "admin") {
     if (!empty($_GET['user'])) {
         $v_username = escapeshellarg($_GET['user']);
         exec (HESTIA_CMD."v-delete-user ".$v_username, $output, $return_var);

web/delete/web/cache/index.php

@@ -12,7 +12,7 @@ if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
 }
 
 // Delete as someone else?
-if (($_SESSION['userContext'] == 'admin') && (!empty($_GET['user']))) {
+if (($_SESSION['userContext'] === "admin") && (!empty($_GET['user']))) {
     $user=$_GET['user'];
 }
 

web/delete/web/index.php

@@ -12,7 +12,7 @@ if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
 }
 
 // Delete as someone else?
-if (($_SESSION['userContext'] == 'admin') && (!empty($_GET['user']))) {
+if (($_SESSION['userContext'] === "admin") && (!empty($_GET['user']))) {
     $user=$_GET['user'];
 }
 

web/download/backup/index.php

@@ -29,7 +29,7 @@ if(!file_exists('/backup/'.$backup)){
     exit;
 
 }else{
-    if ($_SESSION['userContext'] == 'admin') {
+    if ($_SESSION['userContext'] === "admin") {
         header('Content-type: application/gzip');
         header("Content-Disposition: attachment; filename=\"".$backup."\";" ); 
         header("X-Accel-Redirect: /backup/" . $backup);

web/edit/backup/exclusions/index.php

@@ -7,7 +7,7 @@ $TAB = 'BACKUP';
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
 // Edit as someone else?
-if (($_SESSION['userContext'] == 'admin') && (!empty($_GET['user']))) {
+if (($_SESSION['userContext'] === "admin") && (!empty($_GET['user']))) {
     $user=escapeshellarg($_GET['user']);
 }
 

web/edit/cron/index.php

@@ -8,7 +8,7 @@ $TAB = 'CRON';
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
 // Edit as someone else?
-if (($_SESSION['userContext'] == 'admin') && (!empty($_GET['user']))) {
+if (($_SESSION['userContext'] === "admin") && (!empty($_GET['user']))) {
     $user=escapeshellarg($_GET['user']);
 }
 

web/edit/db/index.php

@@ -14,7 +14,7 @@ if (empty($_GET['database'])) {
 }
 
 // Edit as someone else?
-if (($_SESSION['userContext'] == 'admin') && (!empty($_GET['user']))) {
+if (($_SESSION['userContext'] === "admin") && (!empty($_GET['user']))) {
     $user=escapeshellarg($_GET['user']);
 }
 

web/edit/dns/index.php

@@ -13,7 +13,7 @@ if (empty($_GET['domain'])) {
 }
 
 // Edit as someone else?
-if (($_SESSION['userContext'] == 'admin') && (!empty($_GET['user']))) {
+if (($_SESSION['userContext'] === "admin") && (!empty($_GET['user']))) {
     $user=escapeshellarg($_GET['user']);
 }
 

web/edit/file/index.php

@@ -4,7 +4,7 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 $user = $_SESSION['user'];
 
 // Check login_as feature
-if (($_SESSION['userContext'] == 'admin') && (!empty($_SESSION['look']))) {
+if (($_SESSION['userContext'] === "admin") && (!empty($_SESSION['look']))) {
     $user=$_SESSION['look'];
 }
 

web/edit/mail/index.php

@@ -13,7 +13,7 @@ if (empty($_GET['domain'])) {
 }
 
 // Edit as someone else?
-if (($_SESSION['userContext'] == 'admin') && (!empty($_GET['user']))) {
+if (($_SESSION['userContext'] === "admin") && (!empty($_GET['user']))) {
     $user=escapeshellarg($_GET['user']);
 }
 $v_username = $user;

web/edit/user/index.php

@@ -14,7 +14,7 @@ if (empty($_GET['user'])) {
 }
 
 // Edit as someone else?
-if (($_SESSION['userContext'] == 'admin') && (!empty($_GET['user']))) {
+if (($_SESSION['userContext'] === "admin") && (!empty($_GET['user']))) {
     $user=$_GET['user'];
     $v_username=$_GET['user'];
 } else {
@@ -23,7 +23,7 @@ if (($_SESSION['userContext'] == 'admin') && (!empty($_GET['user']))) {
 }
 
 // Prevent other users with admin privileges from editing properties of default 'admin' user
-if (($_SESSION['userContext'] == 'admin') && (isset($_SESSION['look'])) && ($user == 'admin') || ($_SESSION['userContext'] == 'admin') && (!isset($_SESSION['look'])) && ($user == 'admin') && ($_SESSION['user'] != 'admin')) {
+if (($_SESSION['userContext'] === "admin") && (isset($_SESSION['look'])) && ($user == 'admin') || ($_SESSION['userContext'] === "admin") && (!isset($_SESSION['look'])) && ($user == 'admin') && ($_SESSION['user'] != 'admin')) {
     header("Location: /list/user/");
     exit;
 }
@@ -160,7 +160,7 @@ if (!empty($_POST['save'])) {
     }
 
     // Change package (admin only)
-    if (($v_package != $_POST['v_package']) && ($_SESSION['userContext'] == 'admin') && (empty($_SESSION['error_msg']))) {
+    if (($v_package != $_POST['v_package']) && ($_SESSION['userContext'] === "admin") && (empty($_SESSION['error_msg']))) {
         $v_package = escapeshellarg($_POST['v_package']);
         exec (HESTIA_CMD."v-change-user-package ".escapeshellarg($v_username)." ".$v_package, $output, $return_var);
         check_return_code($return_var,$output);
@@ -168,14 +168,14 @@ if (!empty($_POST['save'])) {
     }
 
     // Change phpcli (admin only)
-    if (($v_phpcli != $_POST['v_phpcli']) && ($_SESSION['userContext'] == 'admin') && (empty($_SESSION['error_msg']))) {
+    if (($v_phpcli != $_POST['v_phpcli']) && ($_SESSION['userContext'] === "admin") && (empty($_SESSION['error_msg']))) {
         $v_phpcli = escapeshellarg($_POST['v_phpcli']);
         exec (HESTIA_CMD."v-change-user-php-cli ".escapeshellarg($v_username)." ".$v_phpcli, $output, $return_var);
         check_return_code($return_var,$output);
         unset($output);
     }
     // Change Role (admin only)
-    if (($v_role != $_POST['$v_role']) && ($_SESSION['userContext'] == 'admin') && $v_username != "admin" && (empty($_SESSION['error_msg']))) {
+    if (($v_role != $_POST['$v_role']) && ($_SESSION['userContext'] === "admin") && $v_username != "admin" && (empty($_SESSION['error_msg']))) {
         $v_role = escapeshellarg($_POST['v_role']);
         exec (HESTIA_CMD."v-change-user-role ".escapeshellarg($v_username)." ".$v_role, $output, $return_var);
         check_return_code($return_var,$output);
@@ -194,7 +194,7 @@ if (!empty($_POST['save'])) {
     }
 
     // Change shell (admin only)
-    if (($v_shell != $_POST['v_shell']) && ($_SESSION['userContext'] == 'admin') && (empty($_SESSION['error_msg']))) {
+    if (($v_shell != $_POST['v_shell']) && ($_SESSION['userContext'] === "admin") && (empty($_SESSION['error_msg']))) {
         $v_shell = escapeshellarg($_POST['v_shell']);
         exec (HESTIA_CMD."v-change-user-shell ".escapeshellarg($v_username)." ".$v_shell, $output, $return_var);
         check_return_code($return_var,$output);

web/edit/user/log/index.php

@@ -14,7 +14,7 @@ if (empty($_GET['user'])) {
 }
 
 // Edit as someone else?
-if (($_SESSION['userContext'] == 'admin') && (!empty($_GET['user']))) {
+if (($_SESSION['userContext'] === "admin") && (!empty($_GET['user']))) {
     $user=$_GET['user'];
     $v_username=$_GET['user'];
 } else {

web/edit/web/index.php

@@ -14,7 +14,7 @@ if (empty($_GET['domain'])) {
 }
 
 // Edit as someone else?
-if (($_SESSION['userContext'] == 'admin') && (!empty($_GET['user']))) {
+if (($_SESSION['userContext'] === "admin") && (!empty($_GET['user']))) {
     $user=escapeshellarg($_GET['user']);
 }
 

web/inc/main.php

@@ -93,7 +93,7 @@ if (isset($_SESSION['user'])) {
     $user = $_SESSION['user'];
 }
 
-if (isset($_SESSION['look']) && ($_SESSION['userContext'] == 'admin')) {
+if (isset($_SESSION['look']) && ($_SESSION['userContext'] === "admin")) {
     $user = $_SESSION['look'];
 }
 
@@ -158,7 +158,7 @@ function top_panel($user, $TAB) {
     $panel = json_decode(implode('', $output), true);
     unset($output);
 
-    if (($_SESSION['userContext'] == 'admin')) {
+    if (($_SESSION['userContext'] === "admin")) {
         include(dirname(__FILE__).'/../templates/admin/panel.html');
     } else {
         include(dirname(__FILE__).'/../templates/user/panel.html');

web/list/directory/index.php

@@ -4,7 +4,7 @@ error_reporting(NULL);
 include($_SERVER['DOCUMENT_ROOT'] . "/inc/main.php");
 
 // Check login_as feature
-if (($_SESSION['userContext'] == 'admin') && (!empty($_SESSION['look']))) {
+if (($_SESSION['userContext'] === "admin") && (!empty($_SESSION['look']))) {
     $user=$_SESSION['look'];
 }
 

web/list/stats/index.php

@@ -6,7 +6,7 @@ $TAB = 'STATS';
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
 // Data
-if ($_SESSION['userContext'] == 'admin') {
+if ($_SESSION['userContext'] === "admin") {
     if (empty($_GET['user'])) {
         exec (HESTIA_CMD."v-list-users-stats json", $output, $return_var);
         $data = json_decode(implode('', $output), true);

web/list/user/index.php

@@ -6,7 +6,7 @@ $TAB = 'USER';
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
 // Data
-if ($_SESSION['userContext'] == 'admin') {
+if ($_SESSION['userContext'] === "admin") {
     exec (HESTIA_CMD . "v-list-users json", $output, $return_var);
 } else {
     exec (HESTIA_CMD . "v-list-user ".$user." json", $output, $return_var);

web/login/index.php

@@ -150,7 +150,7 @@ function authenticate_user($user, $password, $twofa = ''){
                     unset($_SESSION['request_uri']);
                     exit;
                 } else {
-                    if ($_SESSION['userContext'] == 'admin') {
+                    if ($_SESSION['userContext'] === "admin") {
                         header("Location: /list/user/");
                     } else {
                         header("Location: /list/web/");

web/restart/service/index.php

@@ -11,7 +11,7 @@ if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
     exit();
 }
 
-if ($_SESSION['userContext'] == "admin") {
+if ($_SESSION['userContext'] === "admin") {
     if (!empty($_GET['srv'])) {
         if ($_GET['srv'] == 'iptables') {
             exec (HESTIA_CMD."v-update-firewall", $output, $return_var);

web/restart/system/index.php

@@ -24,7 +24,7 @@ if (isset($_GET['system_reset_token']) && is_numeric($_GET['system_reset_token']
         header('location: /list/server/');
         exit();
     }
-    if ($_SESSION['userContext'] == 'admin') {
+    if ($_SESSION['userContext'] === "admin") {
         if (!empty($_GET['hostname'])) {
             touch($reset_token_file);
             $_SESSION['error_msg'] = _('The system is going down for reboot NOW!');

web/start/service/index.php

@@ -11,7 +11,7 @@ if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
     exit();
 }
 
-if ($_SESSION['userContext'] == "admin") {
+if ($_SESSION['userContext'] === "admin") {
     if (!empty($_GET['srv'])) {
         if ($_GET['srv'] == 'iptables') {
             exec (HESTIA_CMD."v-update-firewall", $output, $return_var);

web/stop/service/index.php

@@ -11,7 +11,7 @@ if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
     exit();
 }
 
-if ($_SESSION['userContext'] == "admin") {
+if ($_SESSION['userContext'] === "admin") {
     if (!empty($_GET['srv'])) {
         if ($_GET['srv'] == 'iptables') {
             exec (HESTIA_CMD."v-stop-firewall", $output, $return_var);

web/templates/admin/list_user.html

@@ -2,7 +2,7 @@
       <div class="l-sort clearfix noselect">
         <div class="l-unit-toolbar__buttonstrip">
         <?php
-          if ($_SESSION['userContext'] == "admin") {
+          if ($_SESSION['userContext'] === "admin") {
             echo '<a href="/add/user/" id="btn-create" class="ui-button cancel"><i class="fas fa-plus-circle status-icon green"></i> '._('Add User').'</a>&nbsp;';
             echo '<a href="/list/package/" class="ui-button cancel"><i class="fas fa-box-open status-icon orange"></i> '._('Packages').'</a>&nbsp;';
           } else {
@@ -118,7 +118,7 @@ sort-bandwidth="<?=$data[$key]['U_BANDWIDTH']?>" sort-disk="<?=$data[$key]['U_DI
                             <? } else { ?>
                               <a href="/login/?loginas=<?=$key?>&token=<?=$_SESSION['token']?>" title="<?=_('login as')?> <?=$key?>"><i class="fas fa-sign-in-alt status-icon green status-icon dim icon-large"></i></a>
                             <? } ?>
-                            <? if (($_SESSION['userContext'] == 'admin') && ($key == 'admin') && ($_SESSION['user'] != 'admin')) { ?>
+                            <? if (($_SESSION['userContext'] === "admin") && ($key == 'admin') && ($_SESSION['user'] != 'admin')) { ?>
                               <!-- Hide edit button from admin user when logged in with another admin user -->
                               &nbsp;
                             <? } else {?>

web/templates/admin/panel.html

@@ -38,7 +38,7 @@
 				<div class="l-menu__item <?php if($TAB == 'SERVER' ) echo 'l-menu__item--active' ?> <?php if($TAB == 'UPDATES' ) echo 'l-menu__item--active' ?> <?php if($TAB == 'IP' ) echo 'l-menu__item--active' ?> <?php if($TAB == 'RRD' ) echo 'l-menu__item--active' ?> <?php if($TAB == 'FIREWALL' ) echo 'l-menu__item--active' ?>"><a href="/list/server/" class="l-profile__serversettings" title="<?=_('Server')?>"><i class="fas fa-cog"></i></a></div>
 			<?php } ?>
 
-			<? if (($_SESSION['userContext'] == 'admin') && (isset($_SESSION['look']) && ($user == 'admin'))) {?>
+			<? if (($_SESSION['userContext'] === "admin") && (isset($_SESSION['look']) && ($user == 'admin'))) {?>
 				<!-- Hide 'edit user' entry point from other administrators for default 'admin' account-->
 			<? } else { ?>
 				<div class="l-menu__item"><a href="/edit/user/?user=<?php echo $user; ?>&token=<?=$_SESSION['token']?>" title="<?=htmlspecialchars($user)?> (<?=htmlspecialchars($panel[$user]['NAME'])?>)" class="l-profile__username"><i class="fas fa-user-edit"></i></a></div>

web/templates/user/list_user.html

@@ -2,7 +2,7 @@
       <div class="l-sort clearfix noselect">
         <div class="l-unit-toolbar__buttonstrip">
         <?php
-          if ($_SESSION['userContext'] == 'admin') {
+          if ($_SESSION['userContext'] === "admin") {
             echo '<a href="/add/user/" id="btn-create" class="ui-button cancel"><i class="fas fa-plus-circle status-icon green"></i>'._('Add User').'</a>&nbsp;';
             echo '<a href="/list/package/" class="ui-button cancel"><i class="fas fa-box-open status-icon orange"></i>'._('Packages').'</a>&nbsp;';
           } else {

web/update/hestia/index.php

@@ -11,7 +11,7 @@ if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
     exit();
 }
 
-if ($_SESSION['userContext'] == "admin") {
+if ($_SESSION['userContext'] === "admin") {
     if (!empty($_GET['pkg'])) {
         $v_pkg = escapeshellarg($_GET['pkg']);
         exec (HESTIA_CMD."v-update-sys-hestia ".$v_pkg, $output, $return_var);