wcp/web/edit/firewall/index.php at def286aba2815d4b5963b2d4acc00a0868d4f0be · ghzhost/wcp · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
<?php
error_reporting(NULL);
ob_start();
$TAB = 'FIREWALL';

// Main include
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");

// Check user
if ($_SESSION['userContext'] != 'admin')  {
    header("Location: /list/user");
    exit;
}

// Check ip argument
if (empty($_GET['rule'])) {
    header("Location: /list/firewall/");
    exit;
}

// List rule
$v_rule = escapeshellarg($_GET['rule']);
exec (HESTIA_CMD."v-list-firewall-rule ".$v_rule." 'json'", $output, $return_var);
check_return_code($return_var,$output);
$data = json_decode(implode('', $output), true);
unset($output);

// Parse rule
$v_rule = $_GET['rule'];
$v_action = $data[$v_rule]['ACTION'];
$v_protocol = $data[$v_rule]['PROTOCOL'];
$v_port = $data[$v_rule]['PORT'];
$v_ip = $data[$v_rule]['IP'];
$v_comment = $data[$v_rule]['COMMENT'];
$v_date = $data[$v_rule]['DATE'];
$v_time = $data[$v_rule]['TIME'];
$v_suspended = $data[$v_rule]['SUSPENDED'];
if ( $v_suspended == 'yes' ) {
    $v_status =  'suspended';
} else {
    $v_status =  'active';
}

// Get ipset lists
exec (HESTIA_CMD."v-list-firewall-ipset 'json'", $output, $return_var);
check_return_code($return_var,$output);
$data = json_decode(implode('', $output), true);

$ipset_lists=[];
foreach($data as $key => $value) {
    if(isset($value['SUSPENDED']) && $value['SUSPENDED'] === 'yes') {
        continue;
    }
    if(isset($value['IP_VERSION']) && $value['IP_VERSION'] !== 'v4') {
        continue;
    }
    array_push($ipset_lists, ['name'=>$key]);
}
$ipset_lists_json=json_encode($ipset_lists);

// Check POST request
if (!empty($_POST['save'])) {

    // Check token
    if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
        header('location: /login/');
        exit();
    }
    // Check empty fields
    if (empty($_POST['v_action'])) $errors[] = _('action');
    if (empty($_POST['v_protocol'])) $errors[] = _('protocol');
    if (empty($_POST['v_port']) && strlen($_POST['v_port']) == 0) $errors[] = _('port');
    if (empty($_POST['v_ip'])) $errors[] = _('ip address');
    if (!empty($errors[0])) {
        foreach ($errors as $i => $error) {
            if ( $i == 0 ) {
                $error_msg = $error;
            } else {
                $error_msg = $error_msg.", ".$error;
            }
        }
        $_SESSION['error_msg'] = sprintf(_('Field "%s" can not be blank.'),$error_msg);
    }
    if (!empty($_SESSION['error_msg'])) {
        $v_rule = escapeshellarg($_GET['rule']);
        $v_action = escapeshellarg($_POST['v_action']);
        $v_protocol = escapeshellarg($_POST['v_protocol']);
        $v_port = str_replace(" ",",", $_POST['v_port']);
        $v_port = preg_replace('/\,+/', ',', $v_port);
        $v_port = trim($v_port, ",");
        $v_port = escapeshellarg($v_port);
        $v_ip = escapeshellarg($_POST['v_ip']);
        $v_comment = escapeshellarg($_POST['v_comment']);

        // Change Status
        exec (HESTIA_CMD."v-change-firewall-rule ".$v_rule." ".$v_action." ".$v_ip."  ".$v_port." ".$v_protocol." ".$v_comment, $output, $return_var);
        check_return_code($return_var,$output);
        unset($output);

        $v_rule = $_GET['v_rule'];
        $v_action = $_POST['v_action'];
        $v_protocol = $_POST['v_protocol'];
        $v_port = str_replace(" ",",", $_POST['v_port']);
        $v_port = preg_replace('/\,+/', ',', $v_port);
        $v_port = trim($v_port, ",");
        $v_ip = $_POST['v_ip'];
        $v_comment = $_POST['v_comment'];

        // Set success message
        if (empty($_SESSION['error_msg'])) {
            $_SESSION['ok_msg'] = _('Changes has been saved.');
        }
    }else{
        $v_rule = $_GET['v_rule'];
        $v_action = $_POST['v_action'];
        $v_protocol = $_POST['v_protocol'];
        $v_port = str_replace(" ",",", $_POST['v_port']);
        $v_port = preg_replace('/\,+/', ',', $v_port);
        $v_port = trim($v_port, ",");
        $v_ip = $_POST['v_ip'];
        $v_comment = $_POST['v_comment'];
    }
}

// Render page
render_page($user, $TAB, 'edit_firewall');

// Flush session messages
unset($_SESSION['error_msg']);
unset($_SESSION['ok_msg']);