wcp/web/add/firewall/index.php at 0c1926630decdaaf7da42dcdf48da0a359e93adb · ghzhost/wcp · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
<?php
error_reporting(NULL);
ob_start();
$TAB = 'FIREWALL';

// Main include
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");

// Check user
if ($_SESSION['userContext'] != 'admin')  {
    header("Location: /list/user");
    exit;
}

// Get ipset lists
exec (HESTIA_CMD."v-list-firewall-ipset 'json'", $output, $return_var);
check_return_code($return_var,$output);
$data = json_decode(implode('', $output), true);

$ipset_lists=[];
foreach($data as $key => $value) {
    if(isset($value['SUSPENDED']) && $value['SUSPENDED'] === 'yes') {
        continue;
    }
    if(isset($value['IP_VERSION']) && $value['IP_VERSION'] !== 'v4') {
        continue;
    }
    array_push($ipset_lists, ['name'=>$key]);
}
$ipset_lists_json=json_encode($ipset_lists);

// Check POST request
if (!empty($_POST['ok'])) {    // Check token
    if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
        header('location: /login/');
        exit();
    }

    // Check empty fields
    if (empty($_POST['v_action'])) $errors[] = _('action');
    if (empty($_POST['v_protocol'])) $errors[] = _('protocol');
    if (empty($_POST['v_port']) && strlen($_POST['v_port']) == 0) $errors[] = _('port');
    if (empty($_POST['v_ip'])) $errors[] = _('ip address');
    if (!empty($errors[0])) {
        foreach ($errors as $i => $error) {
            if ( $i == 0 ) {
                $error_msg = $error;
            } else {
                $error_msg = $error_msg.", ".$error;
            }
        }
        $_SESSION['error_msg'] = sprintf(_('Field "%s" can not be blank.'),$error_msg);
    }

    // Protect input
    $v_action = escapeshellarg($_POST['v_action']);
    $v_protocol = escapeshellarg($_POST['v_protocol']);
    $v_port = str_replace(" ",",", $_POST['v_port']);
    $v_port = preg_replace('/\,+/', ',', $v_port);
    $v_port = trim($v_port, ",");
    $v_port = escapeshellarg($v_port);
    $v_ip = escapeshellarg($_POST['v_ip']);
    $v_comment = escapeshellarg($_POST['v_comment']);

    // Add firewall rule
    if (empty($_SESSION['error_msg'])) {
        exec (HESTIA_CMD."v-add-firewall-rule ".$v_action." ".$v_ip." ".$v_port." ".$v_protocol." ".$v_comment, $output, $return_var);
        check_return_code($return_var,$output);
        unset($output);
    }

    // Flush field values on success
    if (empty($_SESSION['error_msg'])) {
        $_SESSION['ok_msg'] = _('RULE_CREATED_OK');
        unset($v_port);
        unset($v_ip);
        unset($v_comment);
    }
}

// Render
render_page($user, $TAB, 'add_firewall');

// Flush session messages
unset($_SESSION['error_msg']);
unset($_SESSION['ok_msg']);