github/myvesta
1
0
Fork 0
mirror of https://github.com/myvesta/vesta synced 2025-07-06 04:51:54 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update secure_login.php

Browse source
This commit is contained in:
dpeca 2019-08-21 01:33:39 +02:00 committed by GitHub
parent e13fb65424
commit 2c242d152d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 15 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

28
web/inc/secure_login.php
View file

@ -1,28 +1,30 @@
<?php <?php
$login_url_skip=0; $skip_login_url_check=0;
if ($_SERVER['SCRIPT_FILENAME']=='/usr/local/vesta/web/reset/mail/index.php') $login_url_skip=1; if ($_SERVER['SCRIPT_FILENAME']=='/usr/local/vesta/web/reset/mail/index.php') $skip_login_url_check=1; // it's accessible only from localhost
if ($_SERVER['SCRIPT_FILENAME']=='/usr/local/vesta/web//reset/mail/index.php') $login_url_skip=1; if ($_SERVER['SCRIPT_FILENAME']=='/usr/local/vesta/web//reset/mail/index.php') $skip_login_url_check=1;
if ($_SERVER['SCRIPT_FILENAME']=='/usr/local/vesta/web/reset/mail/set-ar.php') $login_url_skip=1;
if ($_SERVER['SCRIPT_FILENAME']=='/usr/local/vesta/web//reset/mail/set-ar.php') $login_url_skip=1;
if ($_SERVER['SCRIPT_FILENAME']=='/usr/local/vesta/web/reset/mail/get-ar.php') $login_url_skip=1;
if ($_SERVER['SCRIPT_FILENAME']=='/usr/local/vesta/web//reset/mail/get-ar.php') $login_url_skip=1;
if (substr($_SERVER['SCRIPT_FILENAME'], 0, 21)=='/usr/local/vesta/bin/') $login_url_skip=1;
if ($login_url_skip==0) { if ($_SERVER['SCRIPT_FILENAME']=='/usr/local/vesta/web/reset/mail/set-ar.php') $skip_login_url_check=1; // commercial addon for changing auto-reply from Roundcube, not included in this fork, also accessible only from localhost
if ($_SERVER['SCRIPT_FILENAME']=='/usr/local/vesta/web//reset/mail/set-ar.php') $skip_login_url_check=1;
if ($_SERVER['SCRIPT_FILENAME']=='/usr/local/vesta/web/reset/mail/get-ar.php') $skip_login_url_check=1;
if ($_SERVER['SCRIPT_FILENAME']=='/usr/local/vesta/web//reset/mail/get-ar.php') $skip_login_url_check=1;
if (substr($_SERVER['SCRIPT_FILENAME'], 0, 21)=='/usr/local/vesta/bin/') $skip_login_url_check=1; // allow executing PHP scripts from v-* bash scripts
if ($skip_login_url_check==0) {
if (!isset($login_url_loaded)) { if (!isset($login_url_loaded)) {
$login_url_loaded=1; $login_url_loaded=1;
if (file_exists('/usr/local/vesta/web/inc/login_url.php')) { if (file_exists('/usr/local/vesta/web/inc/login_url.php')) {
require_once('/usr/local/vesta/web/inc/login_url.php'); require_once('/usr/local/vesta/web/inc/login_url.php'); // get secret url
if (isset($_GET[$login_url])) { if (isset($_GET[$login_url])) { // check if user opened secret url
$Domain=$_SERVER['HTTP_HOST']; $Domain=$_SERVER['HTTP_HOST'];
$Port = strpos($Domain, ':'); $Port = strpos($Domain, ':');
if ($Port !== false) $Domain = substr($Domain, 0, $Port); if ($Port !== false) $Domain = substr($Domain, 0, $Port);
setcookie($login_url, '1', time() + 31536000, '/', $Domain, true); setcookie($login_url, '1', time() + 31536000, '/', $Domain, true); // set secret cookie
header ("Location: /login/"); header ("Location: /login/");
exit; exit;
} }
if (!isset($_COOKIE[$login_url])) exit; if (!isset($_COOKIE[$login_url])) exit; // die if secret cookie is not set
} }
} }
} }