forked from hestiacp/hestiacp
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathindex.php
More file actions
48 lines (37 loc) · 1.34 KB
/
index.php
File metadata and controls
48 lines (37 loc) · 1.34 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
<?php
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check token
verify_csrf($_GET);
// Check if administrator is viewing system log (currently 'admin' user)
if (($_SESSION['userContext'] === "admin") && (isset($_GET['user']))) {
$user=escapeshellarg($_GET['user']);
$token=$_SESSION['token'];
}
// Clear log
exec(HESTIA_CMD."v-delete-user-auth-log ".$user, $output, $return_var);
check_return_code($return_var, $output);
unset($output);
$ip = $_SERVER['REMOTE_ADDR'];
if (isset($_SERVER['HTTP_CF_CONNECTING_IP'])) {
if (!empty($_SERVER['HTTP_CF_CONNECTING_IP'])) {
$ip = $_SERVER['HTTP_CF_CONNECTING_IP'];
}
}
$v_ip = escapeshellarg($ip);
$user_agent = $_SERVER['HTTP_USER_AGENT'];
$v_user_agent = escapeshellarg($user_agent);
$v_session_id = escapeshellarg($_SESSION['token']);
// Add current user session back to log unless impersonating another user
if (!isset($_SESSION['look'])) {
exec(HESTIA_CMD."v-log-user-login ".$user." ".$v_ip." success ".$v_session_id." ".$v_user_agent, $output, $return_var);
}
// Flush session messages
unset($_SESSION['error_msg']);
unset($_SESSION['ok_msg']);
// Set correct page reload target
if (($_SESSION['userContext'] === "admin") && (!empty($_GET['user']))) {
header("Location: /list/log/auth/?user=$user&token=$token");
} else {
header("Location: /list/log/auth/");
}
exit;