forked from hestiacp/hestiacp
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathindex.php
More file actions
39 lines (34 loc) · 1.34 KB
/
index.php
File metadata and controls
39 lines (34 loc) · 1.34 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
<?php
define('NO_AUTH_REQUIRED', true);
$TAB = 'RESET PASSWORD';
if (isset($_SESSION['user'])) {
header("Location: /list/user");
}
// Main include
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
//Check values
if (!empty($_POST['user']) && !empty($_POST['twofa'])) {
// Check token
verify_csrf($_POST);
$error = true;
$v_user = escapeshellarg($_POST['user']);
$user = $_POST['user'];
$twofa = $_POST['twofa'];
exec(HESTIA_CMD . "v-list-user ".$v_user .' json', $output, $return_var);
if ($return_var == 0) {
$data = json_decode(implode('', $output), true);
if ($data[$user]['TWOFA'] == $twofa) {
$success = true;
exec(HESTIA_CMD . "v-delete-user-2fa ".$v_user, $output, $return_var);
session_destroy();
} else {
exec(HESTIA_CMD . 'v-log-user-login ' . $v_user . ' ' . $v_ip . ' failed ' . $v_session_id . ' ' . $v_user_agent .' yes "Failed to enter correct 2FA reset key"', $output, $return_var);
sleep(5);
}
} else {
exec(HESTIA_CMD . 'v-log-user-login ' . $v_user . ' ' . $v_ip . ' failed ' . $v_session_id . ' ' . $v_user_agent .' yes "Failed to enter correct 2FA reset key"', $output, $return_var);
sleep(5);
}
}
require_once '../templates/header.html';
require_once '../templates/pages/login/reset2fa.html';