|
|
@@ -22,7 +22,6 @@ if (isset($_SESSION['user'])) {
|
|
|
header('Location: /login/');
|
|
|
exit();
|
|
|
}
|
|
|
-
|
|
|
if ($_SESSION['user'] == 'admin' && !empty($_GET['loginas'])) {
|
|
|
exec (VESTA_CMD . "v-list-user ".escapeshellarg($_GET['loginas'])." json", $output, $return_var);
|
|
|
if ( $return_var == 0 ) {
|
|
|
@@ -32,7 +31,7 @@ if (isset($_SESSION['user'])) {
|
|
|
$_SESSION['look_alert'] = 'yes';
|
|
|
}
|
|
|
}
|
|
|
- header("Location: /");
|
|
|
+ header("Location: /list/user/");
|
|
|
exit;
|
|
|
}
|
|
|
|
|
|
@@ -42,82 +41,88 @@ if (isset($_POST['user']) && isset($_POST['password'])) {
|
|
|
$v_user = escapeshellarg($_POST['user']);
|
|
|
$v_ip = escapeshellarg($_SERVER['REMOTE_ADDR']);
|
|
|
|
|
|
- // Get user's salt
|
|
|
- $output = '';
|
|
|
- exec (VESTA_CMD."v-get-user-salt ".$v_user." ".$v_ip." json" , $output, $return_var);
|
|
|
- $pam = json_decode(implode('', $output), true);
|
|
|
- if ( $return_var > 0 ) {
|
|
|
- $ERROR = "<a class=\"error\">".__('Invalid username or password')."</a>";
|
|
|
+ if($_POST['user'] == 'root'){
|
|
|
+ unset($_POST['password']);
|
|
|
+ unset($_POST['user']);
|
|
|
+ $ERROR = "<a class=\"error\">".__('Login with root has been disabled')."</a>";
|
|
|
} else {
|
|
|
- $user = $_POST['user'];
|
|
|
- $password = $_POST['password'];
|
|
|
- $salt = $pam[$user]['SALT'];
|
|
|
- $method = $pam[$user]['METHOD'];
|
|
|
-
|
|
|
- if ($method == 'md5' ) {
|
|
|
- $hash = crypt($password, '$1$'.$salt.'$');
|
|
|
- }
|
|
|
- if ($method == 'sha-512' ) {
|
|
|
- $hash = crypt($password, '$6$rounds=5000$'.$salt.'$');
|
|
|
- $hash = str_replace('$rounds=5000','',$hash);
|
|
|
- }
|
|
|
- if ($method == 'des' ) {
|
|
|
- $hash = crypt($password, $salt);
|
|
|
- }
|
|
|
-
|
|
|
- // Send hash via tmp file
|
|
|
- $v_hash = exec('mktemp -p /tmp');
|
|
|
- $fp = fopen($v_hash, "w");
|
|
|
- fwrite($fp, $hash."\n");
|
|
|
- fclose($fp);
|
|
|
-
|
|
|
- // Check user hash
|
|
|
- exec(VESTA_CMD ."v-check-user-hash ".$v_user." ".$v_hash." ".$v_ip, $output, $return_var);
|
|
|
- unset($output);
|
|
|
-
|
|
|
- // Remove tmp file
|
|
|
- unlink($v_hash);
|
|
|
-
|
|
|
- // Check API answer
|
|
|
+ // Get user's salt
|
|
|
+ $output = '';
|
|
|
+ exec (VESTA_CMD."v-get-user-salt ".$v_user." ".$v_ip." json" , $output, $return_var);
|
|
|
+ $pam = json_decode(implode('', $output), true);
|
|
|
if ( $return_var > 0 ) {
|
|
|
$ERROR = "<a class=\"error\">".__('Invalid username or password')."</a>";
|
|
|
} else {
|
|
|
+ $user = $_POST['user'];
|
|
|
+ $password = $_POST['password'];
|
|
|
+ $salt = $pam[$user]['SALT'];
|
|
|
+ $method = $pam[$user]['METHOD'];
|
|
|
|
|
|
- // Make root admin user
|
|
|
- if ($_POST['user'] == 'root') $v_user = 'admin';
|
|
|
+ if ($method == 'md5' ) {
|
|
|
+ $hash = crypt($password, '$1$'.$salt.'$');
|
|
|
+ }
|
|
|
+ if ($method == 'sha-512' ) {
|
|
|
+ $hash = crypt($password, '$6$rounds=5000$'.$salt.'$');
|
|
|
+ $hash = str_replace('$rounds=5000','',$hash);
|
|
|
+ }
|
|
|
+ if ($method == 'des' ) {
|
|
|
+ $hash = crypt($password, $salt);
|
|
|
+ }
|
|
|
|
|
|
- // Get user speciefic parameters
|
|
|
- exec (VESTA_CMD . "v-list-user ".$v_user." json", $output, $return_var);
|
|
|
- $data = json_decode(implode('', $output), true);
|
|
|
+ // Send hash via tmp file
|
|
|
+ $v_hash = exec('mktemp -p /tmp');
|
|
|
+ $fp = fopen($v_hash, "w");
|
|
|
+ fwrite($fp, $hash."\n");
|
|
|
+ fclose($fp);
|
|
|
|
|
|
- // Define session user
|
|
|
- $_SESSION['user'] = key($data);
|
|
|
- $v_user = $_SESSION['user'];
|
|
|
+ // Check user hash
|
|
|
+ exec(VESTA_CMD ."v-check-user-hash ".$v_user." ".$v_hash." ".$v_ip, $output, $return_var);
|
|
|
+ unset($output);
|
|
|
|
|
|
- // Get user favorites
|
|
|
- get_favourites();
|
|
|
+ // Remove tmp file
|
|
|
+ unlink($v_hash);
|
|
|
|
|
|
- // Define language
|
|
|
- $output = '';
|
|
|
- exec (VESTA_CMD."v-list-sys-languages json", $output, $return_var);
|
|
|
- $languages = json_decode(implode('', $output), true);
|
|
|
- if (in_array($data[$v_user]['LANGUAGE'], $languages)){
|
|
|
- $_SESSION['language'] = $data[$v_user]['LANGUAGE'];
|
|
|
+ // Check API answer
|
|
|
+ if ( $return_var > 0 ) {
|
|
|
+ $ERROR = "<a class=\"error\">".__('Invalid username or password')."</a>";
|
|
|
} else {
|
|
|
- $_SESSION['language'] = 'en';
|
|
|
- }
|
|
|
-
|
|
|
- // Regenerate session id to prevent session fixation
|
|
|
- session_regenerate_id();
|
|
|
|
|
|
- // Redirect request to control panel interface
|
|
|
- if (!empty($_SESSION['request_uri'])) {
|
|
|
- header("Location: ".$_SESSION['request_uri']);
|
|
|
- unset($_SESSION['request_uri']);
|
|
|
- exit;
|
|
|
- } else {
|
|
|
- header("Location: /");
|
|
|
- exit;
|
|
|
+ // Make root admin user
|
|
|
+ // if ($_POST['user'] == 'root') $v_user = 'admin';
|
|
|
+
|
|
|
+ // Get user speciefic parameters
|
|
|
+ exec (VESTA_CMD . "v-list-user ".$v_user." json", $output, $return_var);
|
|
|
+ $data = json_decode(implode('', $output), true);
|
|
|
+
|
|
|
+ // Define session user
|
|
|
+ $_SESSION['user'] = key($data);
|
|
|
+ $v_user = $_SESSION['user'];
|
|
|
+
|
|
|
+ // Get user favorites
|
|
|
+ get_favourites();
|
|
|
+
|
|
|
+ // Define language
|
|
|
+ $output = '';
|
|
|
+ exec (VESTA_CMD."v-list-sys-languages json", $output, $return_var);
|
|
|
+ $languages = json_decode(implode('', $output), true);
|
|
|
+ if (in_array($data[$v_user]['LANGUAGE'], $languages)){
|
|
|
+ $_SESSION['language'] = $data[$v_user]['LANGUAGE'];
|
|
|
+ } else {
|
|
|
+ $_SESSION['language'] = 'en';
|
|
|
+ }
|
|
|
+
|
|
|
+ // Regenerate session id to prevent session fixation
|
|
|
+ session_regenerate_id();
|
|
|
+
|
|
|
+ // Redirect request to control panel interface
|
|
|
+ if (!empty($_SESSION['request_uri'])) {
|
|
|
+ header("Location: ".$_SESSION['request_uri']);
|
|
|
+ unset($_SESSION['request_uri']);
|
|
|
+ exit;
|
|
|
+ } else {
|
|
|
+ header("Location: /list/user/");
|
|
|
+ exit;
|
|
|
+ }
|
|
|
}
|
|
|
}
|
|
|
}
|
Anton Reutov