Home Explore Help
Sign In
yosoyhendrix
/
hestiacp
mirror of https://github.com/hestiacp/hestiacp
1
0
Fork 0
Files Issues 0 Wiki
Tree: 558b69fe6c
Branches Tags
hestiacp
/
web
/
reset2fa
/
index.php

index.php 1.4 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940 
  1. <?php
    2. 

  2. use function Hestiacp\quoteshellarg\quoteshellarg;
    3. 

  3. 

  4. define('NO_AUTH_REQUIRED', true);
    5. 

  5. $TAB = 'RESET PASSWORD';
    6. 

  6. 

  7. if (isset($_SESSION['user'])) {
    8. 

  8.     header("Location: /list/user");
    9. 

  9. }
    10. 

  10. 

  11. // Main include
    12. 

  12. include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
    13. 

  13. 

  14. //Check values
    15. 

  15. if (!empty($_POST['user']) && !empty($_POST['twofa'])) {
    16. 

  16.     // Check token
    17. 

  17.     verify_csrf($_POST);
    18. 

  18.     $error = true;
    19. 

  19.     $v_user = quoteshellarg($_POST['user']);
    20. 

  20.     $user = $_POST['user'];
    21. 

  21.     $twofa = $_POST['twofa'];
    22. 

  22.     exec(HESTIA_CMD . "v-list-user ".$v_user .' json', $output, $return_var);
    23. 

  23.     if ($return_var == 0) {
    24. 

  24.         $data = json_decode(implode('', $output), true);
    25. 

  25.         if ($data[$user]['TWOFA'] == $twofa) {
    26. 

  26.             $success = true;
    27. 

  27.             exec(HESTIA_CMD . "v-delete-user-2fa ".$v_user, $output, $return_var);
    28. 

  28.             session_destroy();
    29. 

  29.         } else {
    30. 

  30.             exec(HESTIA_CMD . 'v-log-user-login ' . $v_user . ' ' . $v_ip . ' failed ' . $v_session_id . ' ' . $v_user_agent .' yes "Failed to enter correct 2FA reset key"', $output, $return_var);
    31. 

  31.             sleep(5);
    32. 

  32.         }
    33. 

  33.     } else {
    34. 

  34.         exec(HESTIA_CMD . 'v-log-user-login ' . $v_user . ' ' . $v_ip . ' failed ' . $v_session_id . ' ' . $v_user_agent .' yes "Failed to enter correct 2FA reset key"', $output, $return_var);
    35. 

  35.         sleep(5);
    36. 

  36.     }
    37. 

  37. }
    38. 

  38. 

  39. require_once '../templates/header.html';
    40. 

  40. require_once '../templates/pages/login/reset2fa.html';
    41.