0 ) { sleep(2); $error = ""._('Invalid username or password').""; return $error; } else { $salt = $pam[$user]['SALT']; $method = $pam[$user]['METHOD']; if ($method == 'md5' ) { $hash = crypt($password, '$1$'.$salt.'$'); } if ($method == 'sha-512' ) { $hash = crypt($password, '$6$rounds=5000$'.$salt.'$'); $hash = str_replace('$rounds=5000','',$hash); } if ($method == 'des' ) { $hash = crypt($password, $salt); } // Send hash via tmp file $v_hash = exec('mktemp -p /tmp'); $fp = fopen($v_hash, "w"); fwrite($fp, $hash."\n"); fclose($fp); // Check user hash exec(HESTIA_CMD ."v-check-user-hash ".$v_user." ".$v_hash." ".$v_ip, $output, $return_var); unset($output); // Remove tmp file unlink($v_hash); // Check API answer if ( $return_var > 0 ) { sleep(2); $error = ""._('Invalid username or password').""; return $error; } else { // Get user speciefic parameters exec (HESTIA_CMD . "v-list-user ".$v_user." json", $output, $return_var); $data = json_decode(implode('', $output), true); unset($output); if ($data[$user]['TWOFA'] != '') { if(empty($_POST['twofa'])){ return false; }else{ $v_twofa = $_POST['twofa']; exec(HESTIA_CMD ."v-check-user-2fa ".$v_user." ".$v_twofa, $output, $return_var); unset($output); if ( $return_var > 0 ) { sleep(2); $error = ""._('Invalid or missing 2FA token').""; $_SESSION['login']['username'] = $user; $_SESSION['login']['password'] = $password; return $error; unset($_POST['twofa']); } } } if ($data[$user]['ROLE'] == 'admin'){ exec (HESTIA_CMD . "v-list-user admin json", $output, $return_var); $data = json_decode(implode('', $output), true); unset($output); } // Define session user $_SESSION['user'] = key($data); $v_user = $_SESSION['user']; //log successfull login attempt $v_murmur = escapeshellarg($_POST['murmur']); exec(HESTIA_CMD."v-log-user-login ".$v_user." ".$v_ip." ".$v_murmur, $output, $return_var); $_SESSION['LAST_ACTIVITY'] = time(); $_SESSION['MURMUR'] = $_POST['murmur']; // Define language $output = ''; exec (HESTIA_CMD."v-list-sys-languages json", $output, $return_var); $languages = json_decode(implode('', $output), true); if (in_array($data[$v_user]['LANGUAGE'], $languages)){ $_SESSION['language'] = $data[$user]['LANGUAGE']; } else { $_SESSION['language'] = 'en'; } // Regenerate session id to prevent session fixation session_regenerate_id(); // Redirect request to control panel interface if (!empty($_SESSION['request_uri'])) { header("Location: ".$_SESSION['request_uri']); unset($_SESSION['request_uri']); exit; } else { if ($user == 'admin') { header("Location: /list/user/"); } else { header("Location: /list/web/"); } exit; } } } } else { unset($_POST); unset($_GET); unset($_SESSION); session_destroy(); session_start(); return false; } } if (!empty($_SESSION['login']['username']) && !empty($_SESSION['login']['password']) && !empty($_POST['twofa'])){ $error = authenticate_user($_SESSION['login']['username'], $_SESSION['login']['password'], $_POST['twofa']); unset($_POST); } else if (!empty($_POST['user']) && !empty($_POST['password'])) { $error = authenticate_user($_POST['user'], $_POST['password']); unset($_POST); }else{ unset($_SESSION['login']); } // Check system configuration load_hestia_config(); // Detect language if (empty($_SESSION['language'])) { $output = ''; exec (HESTIA_CMD."v-list-sys-config json", $output, $return_var); $config = json_decode(implode('', $output), true); $lang = $config['config']['LANGUAGE']; $output = ''; exec (HESTIA_CMD."v-list-sys-languages json", $output, $return_var); $languages = json_decode(implode('', $output), true); if(in_array($lang, $languages)){ $_SESSION['language'] = $lang; } else { $_SESSION['language'] = 'en'; } } // Generate CSRF token $_SESSION['token'] = md5(uniqid(mt_rand(), true)); require_once('../templates/header.html'); if(!empty($_SESSION['login'])){ require_once('../templates/login_2.html'); }else if (empty($_POST['user'])) { if($_SESSION['LOGIN_STYLE'] == 'old'){ require_once('../templates/login_a.html'); }else{ require_once('../templates/login.html'); } }else if (empty($_POST['password'])) { require_once('../templates/login_1.html'); }else{ if($_SESSION['LOGIN_STYLE'] == 'old'){ require_once('../templates/login_a.html'); }else{ require_once('../templates/login.html'); } } ?>