Skip to content

Commit 6ac2ece

Browse files
author
Kristan Kenney
committed
Block login if flag is set
1 parent bc1c349 commit 6ac2ece

File tree

1 file changed

+19
-1
lines changed

1 file changed

+19
-1
lines changed

web/login/index.php

Lines changed: 19 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -142,14 +142,32 @@ function authenticate_user($user, $password, $twofa = ''){
142142
$error = "<a class=\"error\">"._('Invalid username or password')."</a>";
143143
$v_session_id = escapeshellarg($_POST['token']);
144144
exec(HESTIA_CMD."v-log-user-login ".$v_user." ".$v_ip." failed ".$v_session_id." ".$v_user_agent, $output, $return_var);
145-
146145
return $error;
147146
} else {
148147

149148
// Get user specific parameters
150149
exec (HESTIA_CMD . "v-list-user ".$v_user." json", $output, $return_var);
151150
$data = json_decode(implode('', $output), true);
152151
unset($output);
152+
if ($data[$user]['LOGIN_DISABLED'] === 'yes') {
153+
sleep(2);
154+
$error = "<a class=\"error\">"._('Invalid username or password')."</a>";
155+
$v_session_id = escapeshellarg($_POST['token']);
156+
exec(HESTIA_CMD."v-log-user-login ".$v_user." ".$v_ip." failed ".$v_session_id." ".$v_user_agent, $output, $return_var);
157+
return $error;
158+
}
159+
160+
if ($data[$user]['LOGIN_USE_IPLIST'] === 'yes') {
161+
$v_login_user_allowed_ips = explode(',',$data[$user]['LOGIN_ALLOW_IPS']);
162+
if (!in_array($ip,$v_login_user_allowed_ips)) {
163+
sleep(2);
164+
$error = "<a class=\"error\">"._('Invalid username or password')."</a>";
165+
$v_session_id = escapeshellarg($_POST['token']);
166+
exec(HESTIA_CMD."v-log-user-login ".$v_user." ".$v_ip." failed ".$v_session_id." ".$v_user_agent, $output, $return_var);
167+
return $error;
168+
}
169+
}
170+
153171
if ($data[$user]['TWOFA'] != '') {
154172
if(empty($twofa)){
155173
$_SESSION['login']['username'] = $user;

0 commit comments

Comments
 (0)