| Current File : //root/panel/inc/init.inc.php |
<?php
//print_r($_SESSION);
//exit;
/**
* @copyright 2014-2015 Sentora Project (http://www.sentora.org/)
* Sentora is a GPL fork of the ZPanel Project whose original header follows:
*
* The web gui initiation script.
* @package zpanelx
* @subpackage core
* @author Bobby Allen (ballen@bobbyallen.me)
* @copyright ZPanel Project (http://www.zpanelcp.com/)
* @link http://www.zpanelcp.com/
* @license GPL (http://www.gnu.org/licenses/gpl.html)
*/
/*if(!isset($_SESSION['zpuid']))
{
header("location: ./");
exit;
} */
global $controller, $zdbh, $zlo;
$controller = new runtime_controller();
$zlo->method = ctrl_options::GetSystemOption('logmode');
if ($zlo->hasInfo()) {
$zlo->writeLog();
$zlo->reset();
}
if (isset($_GET['logout'])) {
$f_path ="/etc/sentora/panel/cnf/db.php";
if( file_exists($f_path) && is_readable($f_path) )
{
try
{
require_once($f_path);
$m_host = $host;
$m_user = $user;
$m_pass = $pass;
$m_db = $dbname;
$user_array = array();
$id_array = array();
if(isset($_SESSION['cgs_user']) && isset($_SESSION['cgs_pass']) && isset($_SESSION['cgs_id']) && array_key_exists("cgs_user",$_SESSION) && array_key_exists("cgs_id",$_SESSION) && array_key_exists("cgs_pass",$_SESSION))
{
array_push($user_array,$_SESSION['cgs_user']);
array_push($id_array,$_SESSION['cgs_id']);
}
$con = mysqli_connect($m_host,$m_user,$m_pass,$m_db);
if($con)
{
date_default_timezone_set("UTC");
$cur_time = date("Y-m-d H:i:s");
$str_time = strtotime($cur_time);
$exp_time = 1800;
$new_st_time =$str_time + $exp_time;
$sql= "select my_id_pk,my_acc_pk,my_user_vc from x_autouser where my_exp_ts < ".$str_time;
mysqli_select_db($con,$m_db);
$rslt = mysqli_query($con,$sql);
if(!$rslt) { }
else
{
$row_count3 = mysqli_num_rows($rslt);
if($row_count3 > 0 )
{
while($rows=mysqli_fetch_assoc($rslt))
{
array_push($user_array,$rows['my_user_vc']);
array_push($id_array,$rows['my_id_pk']);
}
}
$count_d = count($id_array);
if($count_d >0 )
{
$str_d =implode(",",$id_array);
$sql1 ="delete from x_autouser WHERE my_id_pk in (".$str_d.")";
$rslt1 = mysqli_query($con,$sql1);
if(!$rslt1) { }
$i = 0;
mysqli_select_db($con,"mysql");
for( ;$i < $count_d;$i++)
{
$u_name = $user_array[$i];
$sql2 = "DROP USER '".$u_name."'@'localhost' ";
$rslt2 = mysqli_query($con,$sql2);
$sql3 = mysqli_query($con,"FLUSH PRIVILEGES");
}
}
}
mysqli_close($con);
}
}
catch(Exception $e) { }
}
ctrl_auth::KillSession();
ctrl_auth::KillCookies();
session_destroy();
header("location: ./?loggedout");
exit;
}
if (isset($_GET['changepanel']) && $_GET['changepanel']=="whm" && isset($_SESSION['whmchklogin'])&&($_SESSION['whmchklogin']=="trueset") ) {
$_SESSION['zpuid']="1";
header("location:./?module=manage_clients&show=list");
exit;
}
if (isset($_GET['returnsession'])) {
if (isset($_SESSION['ruid'])) {
ctrl_auth::SetUserSession($_SESSION['ruid'], runtime_sessionsecurity::getSessionSecurityEnabled());
$_SESSION['ruid'] = null;
}
header("location: ./");
exit;
}
if (isset($_POST['inForgotPassword'])) {
runtime_csfr::Protect();
$randomkey = runtime_randomstring::randomHash();
$forgotPass = runtime_xss::xssClean($_POST['inForgotPassword']);
$forgotCaptcha = runtime_xss::xssClean($_POST['inForgotCaptcha']);
if(trim($forgotPass )!="" && trim($forgotCaptcha)!="" && trim($forgotCaptcha)==$_SESSION['user_captcha_code'])
{
$sth = $zdbh->prepare("SELECT ac_id_pk, ac_user_vc, ac_email_vc FROM x_accounts WHERE ac_user_vc = :forgotPass AND ac_deleted_ts IS NULL");
$sth->bindParam(':forgotPass', $forgotPass);
$sth->execute();
$rows = $sth->fetchAll();
if ($rows) {
$result = $rows['0'];
$zdbh->exec("UPDATE x_accounts SET ac_resethash_tx = '" . $randomkey . "' WHERE ac_id_pk=" . $result['ac_id_pk'] . "");
if (isset($_SERVER['HTTPS'])) {
$protocol = 'https://';
} else {
$protocol = 'http://';
}
$phpmailer = new sys_email();
$phpmailer->Subject = "Hosting Panel Password Reset";
$phpmailer->Body = "Hi " . $result['ac_user_vc'] . ",
You, or somebody pretending to be you, has requested a password reset link to be sent for your web hosting control panel login.
If you wish to proceed with the password reset on your account, please use the link below to be taken to the password reset page.
" . $protocol . ctrl_options::GetSystemOption('server_ip') . ":".$_SERVER['SERVER_PORT']."/?resetkey=" . $randomkey . "
";
$phpmailer->AddAddress($result['ac_email_vc']);
$phpmailer->SendEmail();
runtime_hook::Execute('OnRequestForgotPassword');
header("location:./?fmsg=forgetpass");
exit;
}else
{
header("location:./?fmsg=forgetfailuser");
}
}else
{
header("location:./?fmsg=forgetfail");
exit;
}
}
if(isset($_GET['module']))
{
if(!isset($_SESSION['zpuid']))
{
header("location: ./");
exit;
}
$user_id=$_SESSION[zpuid];
$sql = $zdbh->prepare("SELECT * FROM x_frequently_access WHERE ac_id_pk = :ac_id_pk AND mo_folder_vc = :mo_folder_vc ");
$sql->bindParam(':ac_id_pk', $user_id);
$sql->bindParam(':mo_folder_vc', $_GET['module']);
$sql->execute();
$result = $sql->fetch();
if ($result) {
$cnt=$result['access_count']+1;
$sql = $zdbh->prepare("UPDATE x_frequently_access SET access_count=:access_count WHERE ac_id_pk = :ac_id_pk AND mo_folder_vc = :mo_folder_vc ");
$sql->bindParam(':access_count', $cnt);
$sql->bindParam(':ac_id_pk', $user_id);
$sql->bindParam(':mo_folder_vc', $_GET['module']);
$sql->execute();
}else
{
$cnt=1;
$sql = $zdbh->prepare("INSERT INTO x_frequently_access(access_count,ac_id_pk,mo_folder_vc) VALUES(:access_count,:ac_id_pk,:mo_folder_vc)");
$sql->bindParam(':access_count', $cnt);
$sql->bindParam(':ac_id_pk', $user_id);
$sql->bindParam(':mo_folder_vc', $_GET['module']);
$sql->execute();
}
// $currentuser = ctrl_users::GetUserDetail();
// $uid = $currentuser['userid'];
//echo $uid;
//exit;
//echo this->GetModuleID();
//exit;
}
if (isset($_POST['inConfEmail'])) {
runtime_csfr::Protect();
$sql = $zdbh->prepare("SELECT ac_id_pk FROM x_accounts WHERE ac_user_vc = :email AND ac_resethash_tx = :resetkey AND ac_resethash_tx IS NOT NULL AND ac_deleted_ts IS NULL");
$sql->bindParam(':email', $_POST['inConfEmail']);
$sql->bindParam(':resetkey', $_GET['resetkey']);
$sql->execute();
$result = $sql->fetch();
$crypto = new runtime_hash;
$crypto->SetPassword($_POST['inNewPass']);
$randomsalt = $crypto->RandomSalt();
$crypto->SetSalt($randomsalt);
$secure_password = $crypto->CryptParts($crypto->Crypt())->Hash;
if ($result) {
$sql = $zdbh->prepare("UPDATE x_accounts SET ac_resethash_tx = '', ac_pass_vc = :password, ac_passsalt_vc = :salt WHERE ac_id_pk = :uid");
$sql->bindParam(':password', $secure_password);
$sql->bindParam(':salt', $randomsalt);
$sql->bindParam(':uid', $result['ac_id_pk']);
$sql->execute();
runtime_hook::Execute('OnSuccessfulPasswordReset');
} else {
runtime_hook::Execute('OnFailedPasswordReset');
}
header("location: ./?passwordreset");
exit();
}
if (isset($_POST['inUsername'])) {
if (ctrl_options::GetSystemOption('login_csfr') == 'false')
runtime_csfr::Protect();
// whm login only admin cpanel and empty paramater all other user and
// if(isset($_POST['inhideaccess']) && in_array($access_type))
$sql_for_login="";
/* if(isset($_POST['inhideaccess']))
{
if($_POST['inhideaccess']=="whm")
{
$sql_for_login="SELECT ac_passsalt_vc FROM x_accounts WHERE ac_user_vc = :username AND ac_id_pk='1' AND ac_deleted_ts IS NULL";
}
else
{
$sql_for_login="SELECT ac_passsalt_vc FROM x_accounts WHERE ac_user_vc = :username AND ac_id_pk<>'1' AND ac_deleted_ts IS NULL";
}
}else
{
$sql_for_login="SELECT ac_passsalt_vc FROM x_accounts WHERE ac_user_vc = :username AND ac_id_pk<>'1' AND ac_deleted_ts IS NULL";
}
*/
if($_SERVER['SERVER_PORT']=="2086")
{
$sql_for_login="SELECT ac_passsalt_vc FROM x_accounts WHERE ac_user_vc = :username AND ac_id_pk='1' AND ac_deleted_ts IS NULL";
}else
{
$sql_for_login="SELECT ac_passsalt_vc FROM x_accounts WHERE ac_user_vc = :username AND ac_id_pk<>'1' AND ac_deleted_ts IS NULL";
}
$rememberdetails = isset($_POST['inRemember']);
$inSessionSecuirty = isset($_POST['inSessionSecuirty']);
$sql = $zdbh->prepare($sql_for_login);
$sql->bindParam(':username', $_POST['inUsername']);
$sql->execute();
$result = $sql->fetch();
$crypto = new runtime_hash;
$crypto->SetPassword($_POST['inPassword']);
$crypto->SetSalt($result['ac_passsalt_vc']);
$secure_password = $crypto->CryptParts($crypto->Crypt())->Hash;
if (!ctrl_auth::Authenticate($_POST['inUsername'], $secure_password, $rememberdetails, false, $inSessionSecuirty) && $_REQUEST['urlaccess'] == 'whm') {
$remote_ip = $_SERVER['REMOTE_ADDR'];
date_default_timezone_set('Asia/Kolkata');
$ctime = date("Y-m-d H:i:s");
$log = 0;
$check_remoteip = "SELECT * from x_logAttempts WHERE remote_address = '$remote_ip'";
$check_row = $zdbh->prepare($check_remoteip);
$check_row->execute();
$check_result = $check_row->fetch();
$address = $check_result['remote_address'];
$log_time = $check_result['log_time'];
if(empty($check_result['remote_address']))
{
$log = 1;
$log_fail_query = "INSERT INTO x_logAttempts (`remote_address`,`log_fail`,`log_time`)VALUES('$remote_ip','$log','$ctime')";
$log_row = $zdbh->prepare($log_fail_query);
$log_row->execute();
}
if($check_result['remote_address'] != '')
{
$log = $check_result['log_fail']+1;
$log_fail_query = "UPDATE x_logAttempts SET remote_address='$remote_ip',log_fail='$log',log_time='$ctime' WHERE remote_address = '$address'";
$log_row = $zdbh->prepare($log_fail_query);
$log_row->execute();
}
header("location: ./?access=whm&error=yes");
exit();
}
else
if (!ctrl_auth::Authenticate($_POST['inUsername'], $secure_password, $rememberdetails, false, $inSessionSecuirty) && $_REQUEST['urlaccess'] != 'whm') {
$remote_ip = $_SERVER['REMOTE_ADDR'];
date_default_timezone_set('Asia/Kolkata');
$ctime = date("Y-m-d H:i:s");
$log = 0;
$check_remoteip = "SELECT * from x_logAttempts WHERE remote_address = '$remote_ip'";
$check_row = $zdbh->prepare($check_remoteip);
$check_row->execute();
$check_result = $check_row->fetch();
$address = $check_result['remote_address'];
$log_time = $check_result['log_time'];
if(empty($check_result['remote_address']))
{
$log = 1;
$log_fail_query = "INSERT INTO x_logAttempts (`remote_address`,`log_fail`,`log_time`)VALUES('$remote_ip','$log','$ctime')";
$log_row = $zdbh->prepare($log_fail_query);
$log_row->execute();
}
if($check_result['remote_address'] != '')
{
$log = $check_result['log_fail']+1;
$log_fail_query = "UPDATE x_logAttempts SET remote_address='$remote_ip',log_fail='$log',log_time='$ctime' WHERE remote_address = '$address'";
$log_row = $zdbh->prepare($log_fail_query);
$log_row->execute();
}
header("location: ./?access=cpanel&error=yes");
exit();
}
else
{
if($_POST['inhideaccess']=="whm")
{
$remote_ip = $_SERVER['REMOTE_ADDR'];
$log_del_query = "DELETE FROM x_logAttempts where `remote_address`='$remote_ip'";
$log_drow = $zdbh->prepare($log_del_query);
$log_drow->execute();
$_SESSION['whmchklogin']="trueset";
}else
{
unset($_SESSION['whmchklogin']);
}
header("location: ./");
exit();
}
}
if (isset($_COOKIE['zUser'])) {
if (isset($_COOKIE['zSec'])) {
if ($_COOKIE['zSec'] == false) {
$secure = false;
} else {
$secure = true;
}
} else {
$secure = true;
}
ctrl_auth::Authenticate($_COOKIE['zUser'], $_COOKIE['zPass'], false, true, $secure);
}
if (!isset($_SESSION['zpuid'])) {
ctrl_auth::RequireUser();
}
runtime_hook::Execute('OnBeforeControllerInit');
$controller->Init();
ui_templateparser::Generate("etc/styles/" . ui_template::GetUserTemplate());
?>