Home Explore Help
Sign In
yosoyhendrix
/
hestiacp
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 9e37a5128a
Branches Tags
hestiacp
/
web
/
reset2fa
/
index.php

index.php 1.4 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041 
  1. <?php
    2. 

  2. 

  3. session_start();
    4. 

  4. define('NO_AUTH_REQUIRED', true);
    5. 

  5. $TAB = 'RESET PASSWORD';
    6. 

  6. 

  7. if (isset($_SESSION['user'])) {
    8. 

  8.     header("Location: /list/user");
    9. 

  9. }
    10. 

  10. 

  11. // Main include
    12. 

  12. include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
    13. 

  13. 

  14. //Check values
    15. 

  15. if (!empty($_POST['user']) && !empty($_POST['twofa'])) {
    16. 

  16.     if ($_POST['token'] != $_SESSION['token']) {
    17. 

  17.         header('Location: /');
    18. 

  18.     }
    19. 

  19.     $error = true;
    20. 

  20.     $v_user = escapeshellarg($_POST['user']);
    21. 

  21.     $user = $_POST['user'];
    22. 

  22.     $twofa = $_POST['twofa'];
    23. 

  23.     exec(HESTIA_CMD . "v-list-user ".$v_user .' json', $output, $return_var);
    24. 

  24.     if ($return_var == 0) {
    25. 

  25.         $data = json_decode(implode('', $output), true);
    26. 

  26.         if ($data[$user]['TWOFA'] == $twofa) {
    27. 

  27.             $success = true;
    28. 

  28.             exec(HESTIA_CMD . "v-delete-user-2fa ".$v_user, $output, $return_var);
    29. 

  29.             session_destroy();
    30. 

  30.         } else {
    31. 

  31.             exec(HESTIA_CMD . 'v-log-user-login ' . $v_user . ' ' . $v_ip . ' failed ' . $v_session_id . ' ' . $v_user_agent .' yes "Failed to enter correct 2FA reset key"', $output, $return_var);
    32. 

  32.             sleep(5);
    33. 

  33.         }
    34. 

  34.     } else {
    35. 

  35.         exec(HESTIA_CMD . 'v-log-user-login ' . $v_user . ' ' . $v_ip . ' failed ' . $v_session_id . ' ' . $v_user_agent .' yes "Failed to enter correct 2FA reset key"', $output, $return_var);
    36. 

  36.         sleep(5);
    37. 

  37.     }
    38. 

  38. }
    39. 

  39. 

  40. require_once '../templates/header.html';
    41. 

  41. require_once '../templates/pages/login/reset2fa.html';
    42.