| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960 |
- <?php
- use function Hestiacp\quoteshellarg\quoteshellarg;
- include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
- // Check token
- verify_csrf($_GET);
- // Check if administrator is viewing system log (currently 'admin' user)
- if ($_SESSION["userContext"] === "admin" && isset($_GET["user"])) {
- $user = quoteshellarg($_GET["user"]);
- $token = $_SESSION["token"];
- }
- // Clear log
- exec(HESTIA_CMD . "v-delete-user-auth-log " . $user, $output, $return_var);
- check_return_code($return_var, $output);
- unset($output);
- $ip = $_SERVER["REMOTE_ADDR"];
- if (isset($_SERVER["HTTP_CF_CONNECTING_IP"])) {
- if (!empty($_SERVER["HTTP_CF_CONNECTING_IP"])) {
- $ip = $_SERVER["HTTP_CF_CONNECTING_IP"];
- }
- }
- $v_ip = quoteshellarg($ip);
- $user_agent = $_SERVER["HTTP_USER_AGENT"];
- $v_user_agent = quoteshellarg($user_agent);
- $v_session_id = quoteshellarg($_SESSION["token"]);
- // Add current user session back to log unless impersonating another user
- if (!isset($_SESSION["look"])) {
- exec(
- HESTIA_CMD .
- "v-log-user-login " .
- $user .
- " " .
- $v_ip .
- " success " .
- $v_session_id .
- " " .
- $v_user_agent,
- $output,
- $return_var,
- );
- }
- // Flush session messages
- unset($_SESSION["error_msg"]);
- unset($_SESSION["ok_msg"]);
- // Set correct page reload target
- if ($_SESSION["userContext"] === "admin" && !empty($_GET["user"])) {
- header("Location: /list/log/auth/?user=" . $_GET["user"] . "&token=$token");
- } else {
- header("Location: /list/log/auth/");
- }
- exit();
|
