Home Explore Help
Sign In
yosoyhendrix
/
hestiacp
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Notifiy user when suspended (#2345)

* Notifiy user when suspended

Add error message when user tries to login

* Force users to use hostname instead any domain

Possible method for gaining access via clientdomain.com and changing DNS
Jaap Marcus 4 years ago
parent
ba044ff021
commit
0661bfd8d3
3 changed files with 10 additions and 2 deletions
Split View Show Diff Stats
  1. 4 0
      bin/v-get-user-salt
  2. 5 1
      web/login/index.php
  3. 1 1
      web/reset/index.php

+ 4 - 0
bin/v-get-user-salt
View File 

@@ -93,6 +93,10 @@ then
 
         echo "$date $time $user $ip failed to login" >> $HESTIA/log/auth.log
 
         exit 9
 
     fi
 
+elif [[ "$shadow" =~ ! ]]; then 
+    echo "Error: Account has been suspended"
 
+    echo "$date $time $user $ip has been suspended" >> $HESTIA/log/auth.log
 
+    exit 5
 
 else
 
     salt=${shadow:0:2}
 
     method='des'

+ 5 - 1
web/login/index.php
View File 

@@ -105,7 +105,11 @@ function authenticate_user($user, $password, $twofa = '')
 
         $pam = json_decode(implode('', $output), true);
 
         if ($return_var > 0) {
 
             sleep(2);
 
-            $error = '<a class="error">' . _('Invalid username or password') . '</a>';
 
+            if($return_var == 5){
 
+                $error = '<a class="error">' . _('Account has been suspended') . '</a>';   
+            }else{
 
+                $error = '<a class="error">' . _('Invalid username or password') . '</a>';    
+            }
 
             return $error;
 
         } else {
 
             $salt = $pam[$user]['SALT'];

+ 1 - 1
web/reset/index.php
View File 

@@ -52,7 +52,7 @@ if ((!empty($_POST['user'])) && (empty($_POST['code']))) {
 
                 } else {
 
                     $mailtext = _('GREETINGS');
 
                 }
 
-                if (in_array(str_replace(':'.$_SERVER['SERVER_PORT'], '.conf', $_SERVER['HTTP_HOST']), array_merge(scandir('/etc/nginx/conf.d'), scandir('/etc/nginx/conf.d/domains'), scandir('/etc/apache2/conf.d/domains'), scandir('/etc/apache2/conf.d')))) {
 
+                if ($hostname.":".$_SERVER['SERVER_PORT'] == $_SERVER['HTTP_HOST']) {
 
                     $mailtext .= sprintf(_('PASSWORD_RESET_REQUEST'), $_SERVER['HTTP_HOST'], $user, $rkey, $_SERVER['HTTP_HOST'], $user, $rkey);
 
                     if (!empty($rkey)) {
 
                         send_email($to, $subject, $mailtext, $from, $from_name, $data[$user]['NAME']);