UI update

2025-08-14 10:37:42 -07:00 · 2015-06-03 02:31:03 +03:00 · 2015-06-03 02:31:03 +03:00 · 527e4a9a62
commit 527e4a9a62
parent 0f7110b0e7
139 changed files with 2046 additions and 124 deletions
--- a/web/delete/backup/index.php
+++ b/web/delete/backup/index.php
@ -9,6 +9,12 @@ if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
    $user=$_GET['user'];
 }

+// Check token
+if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
+    header('location: /login/');
+    exit();
+}
+
 if (!empty($_GET['backup'])) {
    $v_username = escapeshellarg($user);
    $v_backup = escapeshellarg($_GET['backup']);
--- a/web/delete/cron/index.php
+++ b/web/delete/cron/index.php
@ -9,6 +9,12 @@ if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
    $user=$_GET['user'];
 }

+// Check token
+if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
+    header('location: /login/');
+    exit();
+}
+
 if (!empty($_GET['job'])) {
    $v_username = escapeshellarg($user);
    $v_job = escapeshellarg($_GET['job']);
--- a/web/delete/db/index.php
+++ b/web/delete/db/index.php
@ -9,6 +9,12 @@ if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
    $user=$_GET['user'];
 }

+// Check token
+if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
+    header('location: /login/');
+    exit();
+}
+
 if (!empty($_GET['database'])) {
    $v_username = escapeshellarg($user);
    $v_database = escapeshellarg($_GET['database']);
--- a/web/delete/dns/index.php
+++ b/web/delete/dns/index.php
@ -10,6 +10,12 @@ if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
    $user=$_GET['user'];
 }

+// Check token
+if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
+    header('location: /login/');
+    exit();
+}
+
 // DNS domain
 if ((!empty($_GET['domain'])) && (empty($_GET['record_id'])))  {
    $v_username = escapeshellarg($user);
--- a/web/delete/firewall/banlist/index.php
+++ b/web/delete/firewall/banlist/index.php
@ -13,6 +13,12 @@ if ($_SESSION['user'] != 'admin') {
    exit;
 }

+// Check token
+if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
+    header('location: /login/');
+    exit();
+}
+
 if ((!empty($_GET['ip'])) && (!empty($_GET['chain']))) {
    $v_ip = escapeshellarg($_GET['ip']);
    $v_chain = escapeshellarg($_GET['chain']);
--- a/web/delete/firewall/index.php
+++ b/web/delete/firewall/index.php
@ -13,6 +13,12 @@ if ($_SESSION['user'] != 'admin') {
    exit;
 }

+// Check token
+if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
+    header('location: /login/');
+    exit();
+}
+
 if (!empty($_GET['rule'])) {
    $v_rule = escapeshellarg($_GET['rule']);
    exec (VESTA_CMD."v-delete-firewall-rule ".$v_rule, $output, $return_var);
--- a/web/delete/ip/index.php
+++ b/web/delete/ip/index.php
@ -5,6 +5,12 @@ ob_start();
 session_start();
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");

+// Check token
+if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
+    header('location: /login/');
+    exit();
+}
+
 if ($_SESSION['user'] == 'admin') {
    if (!empty($_GET['ip'])) {
        $v_ip = escapeshellarg($_GET['ip']);
--- a/web/delete/mail/index.php
+++ b/web/delete/mail/index.php
@ -10,6 +10,12 @@ if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
    $user=$_GET['user'];
 }

+// Check token
+if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
+    header('location: /login/');
+    exit();
+}
+
 // Mail domain
 if ((!empty($_GET['domain'])) && (empty($_GET['account'])))  {
    $v_username = escapeshellarg($user);
--- a/web/delete/package/index.php
+++ b/web/delete/package/index.php
@ -5,6 +5,12 @@ ob_start();
 session_start();
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");

+// Check token
+if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
+    header('location: /login/');
+    exit();
+}
+
 if ($_SESSION['user'] == 'admin') {
    if (!empty($_GET['package'])) {
        $v_package = escapeshellarg($_GET['package']);
--- a/web/delete/user/index.php
+++ b/web/delete/user/index.php
@ -5,6 +5,12 @@ ob_start();
 session_start();
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");

+// Check token
+if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
+    header('location: /login/');
+    exit();
+}
+
 if ($_SESSION['user'] == 'admin') {
    if (!empty($_GET['user'])) {
        $v_username = escapeshellarg($_GET['user']);
--- a/web/delete/web/index.php
+++ b/web/delete/web/index.php
@ -5,6 +5,12 @@ ob_start();
 session_start();
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");

+// Check token
+if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
+    header('location: /login/');
+    exit();
+}
+
 // Delete as someone else?
 if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
    $user=$_GET['user'];