From b7c19a8e63dd156540059e2a6b6bd80ee2d2bb5e Mon Sep 17 00:00:00 2001
From: dpeca <peca@mycity.rs>
Date: Thu, 12 Apr 2018 01:08:35 +0200
Subject: [PATCH] Allow /reset/mail/ only from localhost

Block connection from outside, that could brute force password guessing
---
 web/reset/mail/index.php | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/web/reset/mail/index.php b/web/reset/mail/index.php
index 9315d041..5350f9b9 100644
--- a/web/reset/mail/index.php
+++ b/web/reset/mail/index.php
@@ -5,6 +5,23 @@ error_reporting(NULL);
 
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
+// Checking IP of incoming connection, checking is it NAT address
+$ok=0;
+$ip=$_SERVER['REMOTE_ADDR'];
+exec (VESTA_CMD."v-list-sys-ips json", $output, $return_var);
+$output=implode('', $output);
+$arr=json_decode($output, true);
+foreach ($arr as $arr_key => $arr_val) {
+    // search for NAT IPs and allow them
+	if ($ip==$arr_key || $ip==$arr_val['NAT']) {
+		$ok=1;
+		break;
+	}
+}
+if ($ip == $_SERVER['SERVER_ADDR']) $ok=1;
+if ($ip == '127.0.0.1') $ok=1;
+if ($ok==0) exit;
+
 //
 // sourceforge.net/projects/postfixadmin/
 // md5crypt