Fixes few merge issues + Updated /edit/server

Author: jaapmarcus

bin/v-list-user-auth-log

@@ -28,22 +28,20 @@ json_list() {
         DATE=$(echo "$str" |cut -f 6 -d \')
         TIME=$(echo "$str" |cut -f 8 -d \')
         ACTIVE=$(echo "$str" |cut -f 10 -d \')
-        CMD=${CMD//\"/\\\"}
-        echo -n '    {
-        "DATE": "'$DATE'",
-        "TIME": "'$TIME'",
-        "IP": "'$IP'",
-        "FINGERPRINT": "'$FINGERPRINT'",
-        "ACTIVE": "'$ACTIVE'",
-        
-    }'
+        echo -n '    "'$i'": {
+            "IP": "'$IP'",
+            "FINGERPRINT": "'$FINGERPRINT'",
+            "TIME": "'$TIME'",
+            "DATE": "'$DATE'",
+            "ACTIVE": "'$ACTIVE'"
+        }'
         if [ "$i" -lt "$objects" ]; then
             echo ','
         else
             echo
         fi
         ((i++))
-    done
+        done
     echo '}'
 }
 

web/edit/server/index.php

@@ -528,15 +528,26 @@
 
     // Change login style
     if (empty($_SESSION['error_msg'])) {
-        if ($_POST['v_login_style'] != $_SESSION['LOGIN_STYLE']) {
-            exec (HESTIA_CMD."v-change-sys-config-value LOGIN_STYLE ".escapeshellarg($_POST['v_login_style']), $output, $return_var);
+        if ($_POST['v_inactive_session_timeout'] != $_SESSION['INACTIVE_SESSION_TIMEOUT']) {
+            exec (HESTIA_CMD."v-change-sys-config-value INACTIVE_SESSION_TIMEOUT ".escapeshellarg($_POST['v_inactive_session_timeout']), $output, $return_var);
             check_return_code($return_var,$output);
             unset($output);
-            if (empty($_SESSION['error_msg'])) $v_login_style = $_POST['v_login_style'];
+            if (empty($_SESSION['error_msg'])) $v_login_style = $_POST['v_inactive_session_timeout'];
             $v_security_adv = 'yes';
         }
     }
 
+// Change login style
+if (empty($_SESSION['error_msg'])) {
+    if ($_POST['v_login_style'] != $_SESSION['LOGIN_STYLE']) {
+        exec (HESTIA_CMD."v-change-sys-config-value LOGIN_STYLE ".escapeshellarg($_POST['v_login_style']), $output, $return_var);
+        check_return_code($return_var,$output);
+        unset($output);
+        if (empty($_SESSION['error_msg'])) $v_login_style = $_POST['v_login_style'];
+        $v_security_adv = 'yes';
+    }
+}
+
     // Update SSL certificate
     if ((!empty($_POST['v_ssl_crt'])) && (empty($_SESSION['error_msg']))) {
         if (($v_ssl_crt != str_replace("\r\n", "\n",  $_POST['v_ssl_crt'])) || ($v_ssl_key != str_replace("\r\n", "\n",  $_POST['v_ssl_key']))) {

web/login/index.php

@@ -34,7 +34,7 @@
 function authenticate_user($user, $password, $twofa = ''){
     if(isset($_SESSION['token']) && isset($_POST['token']) && $_POST['token'] == $_SESSION['token']) {
     $v_user = escapeshellarg($user);
-    $v_ip = escapeshellarg($_SERVER['REMOTE_ADDR']);
+    $ip = $_SERVER['REMOTE_ADDR'];
     if(isset($_SERVER['HTTP_CF_CONNECTING_IP'])){
         if(!empty($_SERVER['HTTP_CF_CONNECTING_IP'])){
             $ip = $_SERVER['HTTP_CF_CONNECTING_IP'];
@@ -88,10 +88,6 @@ function authenticate_user($user, $password, $twofa = ''){
                 exec (HESTIA_CMD . "v-list-user ".$v_user." json", $output, $return_var);
                 $data = json_decode(implode('', $output), true);
                 if ($data[$user]['TWOFA'] != '') {
-                    if(password_verify($data[$user]['TWOFA'].$ip.$_POST['murmur'],$_COOKIE['limit2fa'])){
-
-                    }else{
-                       setcookie('limit2fa','',time() - 3600,"/");
                         if(empty($_POST['twofa'])){
                             return false;
                         }else{
@@ -107,8 +103,6 @@ function authenticate_user($user, $password, $twofa = ''){
                                 unset($_POST['twofa']);
                             }
                         }
-
-                    }
                 }
 
                 if ($data[$user]['ROLE'] == 'admin'){
@@ -123,10 +117,6 @@ function authenticate_user($user, $password, $twofa = ''){
                 $v_murmur = escapeshellarg($_POST['murmur']);
                 exec(HESTIA_CMD."v-log-user-login ".$v_user." ".$v_ip." ".$v_murmur, $output, $return_var);
 
-                //rename $_SESSION['TWOFA_VALID_LENGTH'] still to be done!
-                if(empty($_COOKIE['limit2fa'] && $_SESSION['TWOFA_VALID_LENGTH'] == 1 && $data[$user]['TWOFA'] != "")){
-                    setcookie('limit2fa',password_hash($data[$user]['TWOFA'].$ip.$_POST['murmur'],PASSWORD_BCRYPT),time()+60*60*24,"/");
-                };
                 $_SESSION['LAST_ACTIVITY'] = time();
                 $_SESSION['MURMUR'] = $_POST['murmur'];
 

web/templates/admin/edit_server.html

@@ -866,6 +866,17 @@
                                                 <br><br>
                                             </td>
                                         </tr>
+                                        <tr>
+                                            <td class="vst-text input-label">
+                                                <?php print _('Inactive session length');?> (<?php print _('Minutes');?>)
+                                            </td>
+                                        </tr>
+                                        <tr>
+                                            <td>
+                                                <input type="text" size="20" class="vst-input" name="v_inactive_session_timeout" value="<?=trim($_SESSION['INACTIVE_SESSION_TIMEOUT'], "'")?>">
+                                                <br><br>
+                                            </td>
+                                        </tr>
                                     </table>
                                 </td>
                             </tr>

web/templates/admin/edit_user.html

@@ -2,7 +2,7 @@
         <div class="l-sort clearfix">
           <div class="l-unit-toolbar__buttonstrip">
             <a class="ui-button cancel" id="btn-back" href="/list/user/"><i class="fas fa-arrow-left status-icon blue"></i> <?=_('Back')?></a>
-            <a href="/list/key/" id="btn-create" class="ui-button cancel" title="<?=__('Manage SSH keys');?>"><i class="fas fa-key status-icon orange"></i><?=_('Manage SSH keys')?></a>
+            <a href="/list/key/" id="btn-create" class="ui-button cancel" title="<?=_('Manage SSH keys');?>"><i class="fas fa-key status-icon orange"></i><?=_('Manage SSH keys')?></a>
             <a href="/edit/user/log/?user=<?php echo $_SESSION['user'];?>" id="btn-list" class="ui-button cancel" title="<?=_('Login history');?>"><i class="fas fa-key status-icon orange"></i><?=_('Login history')?></a>
           </div>
           <div class="l-unit-toolbar__buttonstrip float-right">

web/templates/admin/list_auth.html

@@ -1,14 +1,14 @@
 <div class="l-center">
   <div class="l-sort clearfix noselect">
-    <div class="l-unit-toolbar__buttonstrip">
-      <a href="javascript:location.reload();" class="ui-button cancel" title="<?=__('Refresh')?>"><i class="fas fa-redo status-icon green"></i> <?=__('Refresh')?></a>
+    <div class="l-unit-toolbar_buttonstrip">
+      <a href="javascript:location.reload();" class="ui-button cancel" title="<?=_('Refresh')?>"><i class="fas fa-redo status-icon green"></i> <?=_('Refresh')?></a>
       <div class="actions-panel display-inline-block" key-action="js">
-        <a class="data-controls do_delete ui-button danger cancel" title="<?=__('Delete')?>">
+        <a class="data-controls do_delete ui-button danger cancel" title="<?=_('Delete')?>">
           <i class="do_delete fas fa-times-circle status-icon red"></i>
-          <?=__('Delete')?>
+          <?=_('Delete')?>
           <input type="hidden" name="delete_url" value="/delete/user/log/?token=<?=$_SESSION['token']?>" />
-            <div class="confirmation-text-delete hidden" title="<?=__('Confirmation')?>">
-              <p class="confirmation"><?=__('Delete authentication logs?')?></p>
+            <div class="confirmation-text-delete hidden" title="<?=_('Confirmation')?>">
+              <p class="confirmation"><?=_('Delete authentication logs?')?></p>
             </div>
         </a>
       </div>
@@ -23,15 +23,15 @@
 <div class="l-center units animated fadeIn">
 
   <div class="header table-header">     
-    <div class="l-unit__col l-unit__col--right">
-      <div class="clearfix l-unit__stat-col--left super-compact">
+    <div class="l-unit_col l-unit_col--right">
+      <div class="clearfix l-unit_stat-col--left super-compact">
         &nbsp;
       </div>       
-      <div class="clearfix l-unit__stat-col--left"><b><?php print __('Date');?></b></div>
-      <div class="clearfix l-unit__stat-col--left"><b><?php print __('Time');?></b></div>
-      <div class="clearfix l-unit__stat-col--left "><b><?php print __('Ip adress');?></b></div>
-      <div class="clearfix l-unit__stat-col--left "><b><?php print __('Active');?></b></div>
-      <div class="clearfix l-unit__stat-col--left "><b><?php print __('Browser Fingerprint');?></b></div>
+      <div class="clearfix l-unit_stat-col--left"><b><?php print _('Date');?></b></div>
+      <div class="clearfix l-unit_stat-col--left"><b><?php print _('Time');?></b></div>
+      <div class="clearfix l-unit_stat-col--left"><b><?php print _('Ip adress');?></b></div>
+      <div class="clearfix l-unit_stat-col--left"><b><?php print _('Active');?></b></div>
+      <div class="clearfix l-unit_stat-col--left"><b><?php print _('Browser Fingerprint');?></b></div>
     </div>
   </div>
 
@@ -40,15 +40,15 @@
         ++$i;
       ?>
       <div class="l-unit header">
-        <div class="l-unit__col l-unit__col--right">
-          <div class="clearfix l-unit__stat-col--left super-compact">
+        <div class="l-unit_col l-unit_col--right">
+          <div class="clearfix l-unit_stat-col--left super-compact">
             <i class="fas fa-info-circle status-icon dim"></i>
           </div>
-          <div class="clearfix l-unit__stat-col--left "><b><?=translate_date($data[$key]['DATE'])?></b></div>
-          <div class="clearfix l-unit__stat-col--left "><b><?=$data[$key]['TIME']?></b></div>
-          <div class="clearfix l-unit__stat-col--left "><?=$data[$key]['IP']?></div>
-          <div class="clearfix l-unit__stat-col--left small"><?=$data[$key]['ACTIVE']?></div>
-          <div class="clearfix l-unit__stat-col--left "><?=$data[$key]['FINGERPRINT']?></div>
+          <div class="clearfix l-unit_stat-col--left "><b><?=translate_date($data[$key]['DATE'])?></b></div>
+          <div class="clearfix l-unit_stat-col--left "><b><?=$data[$key]['TIME']?></b></div>
+          <div class="clearfix l-unit_stat-col--left "><?=$data[$key]['IP']?></div>
+          <div class="clearfix l-unit_stat-col--left small"><?=$data[$key]['ACTIVE']?></div>
+          <div class="clearfix l-unit_stat-col--left "><?=$data[$key]['FINGERPRINT']?></div>
         </div>
       </div>
   <?}?>
@@ -59,12 +59,12 @@
   <div class="l-center">
     <div class="l-unit-ft">
       <table class='data'></table>
-      <div class="data-count l-unit__col l-unit__col--right clearfix">
+      <div class="data-count l-unit_col l-unit_col--right clearfix">
         <?
           if ( $i == 1) {
-            echo __('1 log record');
+            echo _('1 log record');
           } else {
-            echo __('%s log records',$i);
+            echo _('%s log records',$i);
           }
         ?>
       </div>

web/templates/header.html

@@ -3,14 +3,12 @@
 <head>
   <meta charset="utf-8">
   <link rel="icon" href="/images/favicon.ico" type="image/x-icon">
-  <title><?php echo $_SERVER['HTTP_HOST']; ?> - <?=__($TAB)?> - <?=_('Hestia Control Panel');?></title>
+  <title><?php echo $_SERVER['HTTP_HOST']; ?> - <?=_($TAB)?> - <?=_('Hestia Control Panel');?></title>
   <link type="text/css" rel="stylesheet" href="/css/styles.min.css?<?=JS_LATEST_UPDATE?>" />
   <link type="text/css" rel="stylesheet" href="/css/active-theme.css?<?php echo rand(); ?>" />
   <link type="text/css" href="/css/animate.min.css?<?=JS_LATEST_UPDATE?>" rel="stylesheet" />
   <link type="text/css" href="/css/jquery-custom-dialogs.css?<?=JS_LATEST_UPDATE?>" rel="stylesheet" />
   <link type="text/css" href="/css/all.min.css?<?=JS_LATEST_UPDATE?>" rel="stylesheet" />
-  <script src="/inc/jquery/jquery-3.4.1.min.js"></script>
-  <script type="text/javascript" src="/js/fingerprint2.min.js?<?=JS_LATEST_UPDATE?>"></script>
   <script>
     //
     //  GLOBAL SETTINGS

web/templates/login.html

@@ -51,6 +51,7 @@
                 </tr>
             </table>
         </center>
-
+        <script src="/inc/jquery/jquery-3.5.1.min.js"></script>
+        <script type="text/javascript" src="/js/fingerprint2.min.js?<?=JS_LATEST_UPDATE?>"></script>
     </body>
 </html>

web/templates/login_1.html

@@ -58,5 +58,7 @@
                 </tr>
             </table>
         </center>
+        <script src="/inc/jquery/jquery-3.5.1.min.js"></script>
+        <script type="text/javascript" src="/js/fingerprint2.min.js?<?=JS_LATEST_UPDATE?>"></script>
     </body>
 </html>

web/templates/login_2.html

@@ -10,8 +10,6 @@
                                 <td style="padding: 40px 60px 0 0;" class="animated fadeIn">
                                     <form method="post" action="/login/" id="form_login">
                                     <input type="hidden" name="token" value="<?php echo $_SESSION['token']; ?>">
-                                    <input type="hidden" name="user" value="<?php echo $_POST['user']; ?>">
-                                    <input type="hidden" name="password" value="<?php echo $_POST['password']; ?>">
                                     <input type="hidden" name="murmur" value="" id="murmur">
                                     <table class="login-box">
                                         <tr>
@@ -58,5 +56,7 @@
                 </tr>
             </table>
         </center>
+        <script src="/inc/jquery/jquery-3.5.1.min.js"></script>
+        <script type="text/javascript" src="/js/fingerprint2.min.js?<?=JS_LATEST_UPDATE?>"></script>
     </body>
 </html>