#1922 Fix of multiple small bugs introduced in 1.4.3 and before (#1931)

* PHP error in list log and list log auth

* Replace with ngettetxt to fix issue with code

* Add error code v-delete-web-php

* Fix issue with Server IP address messing up login PMA

* Refresh hestia-sso if needed

* Add missing "back" buttons

Also Back  points to /login/?logout to force clearing out cookies set during login attempts.

* Show correct ip when behind a nat

* Use localip instead of ip

bin/v-delete-web-php

@@ -81,10 +81,11 @@ done
 # Do a blank echo to get the \n back
 echo
 
-# Check if installation was sucessfully
+# Check if installation was successfully
 if [ -f "$php_fpm" ]; then
     echo "ERROR: Uninstallation failed, please run the following command manually for debugging:"
     echo "apt-get purge $mph"
+    exit 1; 
 fi
 
 # Cleanup php folder

install/deb/phpmyadmin/hestia-sso.php

@@ -74,35 +74,39 @@ class Hestia_API {
 
     function get_user_ip(){
         // Saving user IPs to the session for preventing session hijacking
-        $user_combined_ip = $_SERVER['REMOTE_ADDR'];
+        $user_combined_ip = array(); 
+        if($_SERVER['REMOTE_ADDR'] != $_SERVER['SERVER_ADDR']){
+            $user_combined_ip[] = $_SERVER['REMOTE_ADDR'];
+        }
         if(isset($_SERVER['HTTP_CLIENT_IP'])){
             $user_combined_ip .=  '|'. $_SERVER['HTTP_CLIENT_IP'];
         }
         if(isset($_SERVER['HTTP_X_FORWARDED_FOR'])){
             if($_SERVER['REMOTE_ADDR'] != $_SERVER['HTTP_X_FORWARDED_FOR']){
-                $user_combined_ip .=  '|'. $_SERVER['HTTP_X_FORWARDED_FOR'];
+                $user_combined_ip[] = $_SERVER['HTTP_X_FORWARDED_FOR'];
             }
         }
         if(isset($_SERVER['HTTP_FORWARDED_FOR'])){
             if($_SERVER['REMOTE_ADDR'] != $_SERVER['HTTP_FORWARDED_FOR']){
-                $user_combined_ip .=  '|'. $_SERVER['HTTP_FORWARDED_FOR'];
+                $user_combined_ip[] = $_SERVER['HTTP_FORWARDED_FOR'];
             }
         }
         if(isset($_SERVER['HTTP_X_FORWARDED'])){
             if($_SERVER['REMOTE_ADDR'] != $_SERVER['HTTP_X_FORWARDED']){
-                $user_combined_ip .=  '|'. $_SERVER['HTTP_X_FORWARDED'];
+               $user_combined_ip[] = $_SERVER['HTTP_X_FORWARDED'];
             }
-        }        if(isset($_SERVER['HTTP_FORWARDED'])){
+        }        
+        if(isset($_SERVER['HTTP_FORWARDED'])){
             if($_SERVER['REMOTE_ADDR'] != $_SERVER['HTTP_FORWARDED']){
-                $user_combined_ip .=  '|'. $_SERVER['HTTP_FORWARDED'];
+                $user_combined_ip[] =  '|'. $_SERVER['HTTP_FORWARDED'];
             }
         }
         if(isset($_SERVER['HTTP_CF_CONNECTING_IP'])){
             if(!empty($_SERVER['HTTP_CF_CONNECTING_IP'])){
-              $user_combined_ip = $_SERVER['HTTP_CF_CONNECTING_IP'];
+              $user_combined_ip[] = $_SERVER['HTTP_CF_CONNECTING_IP'];
             }
         }
-        return $user_combined_ip;
+        return implode($user_combined_ip,'|');
     }
 }
 

install/hst-install-debian.sh

@@ -1756,8 +1756,8 @@ if [ ! -z "$pub_ip" ] && [ "$pub_ip" != "$ip" ]; then
 fi
 
 if [ "$exim" = 'yes' ]; then
-# Set HELO for IP as it didn't set during v-change-sys-hostname
-$HESTIA/bin/v-change-sys-ip-helo $ip $servername
+    # Set HELO for IP as it didn't set during v-change-sys-hostname
+    $HESTIA/bin/v-change-sys-ip-helo $local_ip $servername
 fi
 
 # Configuring libapache2-mod-remoteip

install/hst-install-ubuntu.sh

@@ -1788,8 +1788,8 @@ if [ ! -z "$pub_ip" ] && [ "$pub_ip" != "$ip" ]; then
 fi
 
 if [ "$exim" = 'yes' ]; then
-# Set HELO for IP as it didn't set during v-change-sys-hostname
-$HESTIA/bin/v-change-sys-ip-helo $ip $servername
+    # Set HELO for IP as it didn't set during v-change-sys-hostname
+    $HESTIA/bin/v-change-sys-ip-helo $local_ip $servername
 fi
 
 # Configuring libapache2-mod-remoteip

install/upgrade/versions/1.4.4.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+
+# Hestia Control Panel upgrade script for target version 1.4.4
+
+#######################################################################################
+#######                      Place additional commands below.                   #######
+#######################################################################################
+
+# Reset PMA SSO to fix bug with Nginx + Apache2 
+if [ "$PHPMYADMIN_KEY" != "" ]; then
+    echo "[ * ] Refressh hestia-sso for PMA..."
+    $BIN/v-delete-sys-pma-sso 
+    $BIN/v-add-sys-pma-sso 
+fi

web/inc/main.php

@@ -225,17 +225,15 @@ function humanize_time($usage) {
     if ( $usage > 60 ) {
         $usage = $usage / 60;
         if ( $usage > 24 ) {
-            $usage = $usage / 24;
-            $usage = number_format($usage);
-            $usage .= ' ' . _('day' . ($usage != 1) ?: 's');
+             $usage = $usage / 24;
+             $usage = number_format($usage);
+             return sprintf(ngettext('%d day', '%d days', $usage), $usage);
         } else {
-            $usage = number_format($usage);
-            $usage .= ' ' . _('hour' . ($usage != 1) ?: 's');
+            return sprintf(ngettext('%d hour', '%d hours', $usage), $usage);
         }
     } else {
-        $usage .= ' ' . _('minute' . ($usage != 1) ?: 's');
+        return sprintf(ngettext('%d minute', '%d minutes', $usage), $usage);
     }
-    return $usage;
 }
 
 function humanize_usage_size($usage) {
@@ -269,7 +267,7 @@ function humanize_usage_measure($usage) {
     } else {
         $measure = 'mb';
     }
-    return _($measure);
+    return $measure;
 }
 
 function get_percentage($used,$total) {

web/login/index.php

@@ -6,13 +6,13 @@ include($_SERVER['DOCUMENT_ROOT'] . '/inc/main.php');
 
 $TAB = 'login';
 
-/*
-// Logout
+
 if (isset($_GET['logout'])) {
-    setcookie('limit2fa','',time() - 3600,"/");
+    unset($_SESSION);
+    session_unset();
     session_destroy();
+    header('Location: /login/');
 }
-*/
 
 /* ACTIONS FOR CURRENT USER SESSION */
 if (isset($_SESSION['user'])) {

web/templates/pages/list_log.html

@@ -7,14 +7,14 @@
 			<?php } else if (($_SESSION['userContext'] === 'admin') && (htmlentities($_GET['user']) === 'system')) { ?>
 				<a href="/list/server/" id="btn-back" class="ui-button cancel" dir="ltr"><i class="fas fa-arrow-left status-icon blue"></i><?=_('Back');?></a>
 			<?php } else { ?>
-				<?php if (($_SESSION['userContext'] === 'admin') && (isset(htmlentities($_GET['user']))) && (htmlentities($_GET['user']) !== 'admin')) { ?>
+				<?php if (($_SESSION['userContext'] === 'admin') && (isset($_GET['user'])) && ($_GET['user'] !== 'admin')) { ?>
 					<a href="/edit/user/?user=<?=htmlentities($_GET['user']); ?>&token=<?=$_SESSION['token']?>" id="btn-back" class="ui-button cancel" dir="ltr"><i class="fas fa-arrow-left status-icon blue"></i><?=_('Back');?></a>
 				<?php } else { ?>
 					<a href="/edit/user/?user=<?=$user;?>&token=<?=$_SESSION['token']?>" id="btn-back" class="ui-button cancel" dir="ltr"><i class="fas fa-arrow-left status-icon blue"></i><?=_('Back');?></a>
 				<?php } ?>
 			<?php } ?>
 			<?php if (($_SESSION['userContext'] === 'admin') && (htmlentities($_GET['user']) !== 'admin')) { ?>
-				<?php if (($_SESSION['userContext'] === 'admin') && (isset(htmlentities($_GET['user']))) && (htmlentities($_GET['user']) !== 'admin')) { ?>
+				<?php if (($_SESSION['userContext'] === 'admin') && (isset($_GET['user'])) && (htmlentities($_GET['user']) !== 'admin')) { ?>
 					<?php if (htmlentities($_GET['user']) !== 'system') {?>
 						<a href="/list/log/auth/?user=<?=htmlentities($_GET['user']); ?>&token=<?=$_SESSION['token']?>" id="btn-back" class="ui-button cancel" dir="ltr" title="<?=_('Login history');?>"><i class="fas fa-binoculars status-icon green"></i><?=_('Login history');?></a>
 					<?php } ?>
@@ -35,7 +35,7 @@
 					<div class="actions-panel display-inline-block" key-action="js">
 						<a class="data-controls do_delete ui-button danger cancel">
 							<i class="do_delete fas fa-times-circle status-icon red"></i><?=_('Delete');?>
-							<?php if (($_SESSION['userContext'] === 'admin') && (isset(htmlentities($_GET['user'])))) {?>
+							<?php if (($_SESSION['userContext'] === 'admin') && (isset($_GET['user']))) {?>
 								<input type="hidden" name="delete_url" value="/delete/log/?user=<?=htmlentities($_GET['user']);?>&token=<?=$_SESSION['token']?>" />
 							<?php } else { ?>
 								<input type="hidden" name="delete_url" value="/delete/log/?token=<?=$_SESSION['token']?>" />

web/templates/pages/list_log_auth.html

@@ -2,7 +2,7 @@
 <div class="l-center">
 	<div class="l-sort clearfix noselect">
 		<div class="l-unit-toolbar__buttonstrip">
-			<?php if (($_SESSION['userContext'] === 'admin') && (isset(htmlentities($_GET['user']))) && (htmlentities($_GET['user']) !== 'admin')) { ?>
+			<?php if (($_SESSION['userContext'] === 'admin') && (isset($_GET['user'])) && (htmlentities($_GET['user']) !== 'admin')) { ?>
 				<a href="/list/log/?user=<?=htmlentities($_GET['user']); ?>&token=<?=$_SESSION['token']?>" id="btn-back" class="ui-button cancel" dir="ltr"><i class="fas fa-arrow-left status-icon blue"></i><?=_('Back');?></a>
 			<?php } else { ?>
 				<a href="/list/log/" id="btn-back" class="ui-button cancel" dir="ltr"><i class="fas fa-arrow-left status-icon blue"></i><?=_('Back');?></a>
@@ -17,7 +17,7 @@
 					<div class="actions-panel display-inline-block" key-action="js">
 						<a class="data-controls do_delete ui-button danger cancel">
 							<i class="do_delete fas fa-times-circle status-icon red"></i><?=_('Delete');?>
-							<?php if (($_SESSION['userContext'] === 'admin') && (isset(htmlentities($_GET['user'])))) {?>
+							<?php if (($_SESSION['userContext'] === 'admin') && (isset($_GET['user']))) {?>
 								<input type="hidden" name="delete_url" value="/delete/log/auth/?user=<?=htmlentities($_GET['user']);?>&token=<?=$_SESSION['token']?>" />
 							<?php } else { ?>
 								<input type="hidden" name="delete_url" value="/delete/log/auth/?token=<?=$_SESSION['token']?>" />

web/templates/pages/list_mail_dns.html

@@ -38,7 +38,7 @@
 			<div class="clearfix l-unit__stat-col--left text-center step-top-small"><b>A</b></div>
 			<div class="clearfix l-unit__stat-col--left text-center step-top-small"><b>0</b></div>
 			<div class="clearfix l-unit__stat-col--left text-center step-top-small"><b>14400</b></div>
-			<div class="clearfix l-unit__stat-col--left wide-3"><b><input type="text" class="vst-input" value="<?=array_key_first($ips);?>" /></b></div>
+			<div class="clearfix l-unit__stat-col--left wide-3"><b><input type="text" class="vst-input" value="<?=(empty($ips[array_key_first($ips)]['NAT'])) ?  array_key_first($ips) : $ips[array_key_first($ips)]['NAT'];?>" /></b></div>
 		</div>
 	</div>
     <div class="l-unit animated fadeIn">
@@ -57,7 +57,7 @@
 				<div class="clearfix l-unit__stat-col--left text-center step-top-small"><b>A</b></div>
 				<div class="clearfix l-unit__stat-col--left text-center step-top-small"><b>&nbsp;</b></div>
 				<div class="clearfix l-unit__stat-col--left text-center step-top-small"><b>14400</b></div>
-				<div class="clearfix l-unit__stat-col--left wide-3"><b><input type="text" class="vst-input" value="<?=array_key_first($ips);?>" /></b></div>
+				<div class="clearfix l-unit__stat-col--left wide-3"><b><input type="text" class="vst-input" value="<?=(empty($ips[array_key_first($ips)]['NAT'])) ?  array_key_first($ips) : $ips[array_key_first($ips)]['NAT'];?>" /></b></div>
 			</div>
 		</div>
 	<?php } ?>
@@ -67,7 +67,8 @@
 			<div class="clearfix l-unit__stat-col--left text-center step-top-small"><b>TXT</b></div>
 			<div class="clearfix l-unit__stat-col--left text-center step-top-small"><b>&nbsp;</b></div>
 			<div class="clearfix l-unit__stat-col--left text-center step-top-small"><b>14400</b></div>
-			<div class="clearfix l-unit__stat-col--left  wide-3 "><b><input type="text" class="vst-input" value="<?=htmlspecialchars('v=spf1 a mx ip4:'.array_key_first($ips).'; -all');?>" /></b></div>
+            <?php $ip = (empty($ips[array_key_first($ips)]['NAT'])) ?  array_key_first($ips) : $ips[array_key_first($ips)]['NAT'];?>
+			<div class="clearfix l-unit__stat-col--left  wide-3 "><b><input type="text" class="vst-input" value="<?=htmlspecialchars('v=spf1 a mx ip4:'.$ip.'; -all');?>" /></b></div>
 		</div>
 	</div>
     <div class="l-unit animated fadeIn">

web/templates/pages/login/login_1.html

@@ -41,7 +41,7 @@
 									<tr>
 										<td style="padding: 0 0 5px 0;">
 											<button tabindex="3" type="submit" class="button"><?=_('Login');?>&nbsp;&nbsp;&nbsp;<i class="fas fa-sign-in-alt"></i></button>&nbsp;&nbsp;
-											<input type="button" class="button cancel" value="<?=_('Back');?>" onclick="location.href='/login/'">
+											<input type="button" class="button cancel" value="<?=_('Back');?>" onclick="location.href='/login/?logout=true'">
 										</td>
 									</tr>
 								</table>

web/templates/pages/login/login_2.html

@@ -38,7 +38,8 @@
 									</tr>
 									<tr>
 										<td style="padding: 0 0 5px 0;">
-											<button tabindex="3" type="submit" class="button"><?=_('Login');?>&nbsp;&nbsp;&nbsp;<i class="fas fa-sign-in-alt"></i></button>
+											<button tabindex="3" type="submit" class="button"><?=_('Login');?>&nbsp;&nbsp;&nbsp;<i class="fas fa-sign-in-alt"></i></button>&nbsp;&nbsp;
+                                            <input type="button" class="button cancel" value="<?=_('Back');?>" onclick="location.href='/login/?logout'">
 										</td>
 									</tr>
 								</table>

web/templates/pages/login/reset2fa.html

@@ -52,7 +52,7 @@
 										<tr>
 											<td style="padding: 20px 0 12px 0;">
 												<input tabindex="2" type="submit" value="<?=_('Submit');?>" class="button">&nbsp;&nbsp;
-												<input type="button" class="button cancel" value="<?=_('Back');?>" onclick="location.href='/login/'">
+												<input type="button" class="button cancel" value="<?=_('Back');?>" onclick="location.href='/login/?logout'">
 											</td>
 										</tr>
 									</table>

web/templates/pages/login/reset_1.html

@@ -38,7 +38,7 @@
 									<tr>
 										<td style="padding: 20px 0 12px 0;">
 											<input tabindex="2" type="submit" value="<?=_('Submit');?>" class="button">&nbsp;&nbsp;
-											<input type="button" class="button cancel" value="<?=_('Back');?>" onclick="location.href='/login/'">
+											<input type="button" class="button cancel" value="<?=_('Back');?>" onclick="location.href='/login/?logout'">
 										</td>
 									</tr>
 								</table>