From 4663fbf574d408adbcf47162c11ba288b4e275ad Mon Sep 17 00:00:00 2001
From: dpeca <peca@mycity.rs>
Date: Tue, 10 Apr 2018 00:45:59 +0200
Subject: [PATCH 01/18] disable api

---
 web/api/index.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/api/index.php b/web/api/index.php
index 3cf0ec2d..c4f59e2f 100644
--- a/web/api/index.php
+++ b/web/api/index.php
@@ -1,6 +1,6 @@
 <?php
 define('VESTA_CMD', '/usr/bin/sudo /usr/local/vesta/bin/');
-
+exit;
 if (isset($_POST['user']) || isset($_POST['hash'])) {
 
     // Authentication

From 302f38c92a0deccb9f37a6add65efb2f108a7d16 Mon Sep 17 00:00:00 2001
From: dpeca <peca@mycity.rs>
Date: Tue, 10 Apr 2018 02:21:49 +0200
Subject: [PATCH 02/18] secure_login.php

---
 web/inc/secure_login.php | 8 ++++++++
 1 file changed, 8 insertions(+)
 create mode 100644 web/inc/secure_login.php

diff --git a/web/inc/secure_login.php b/web/inc/secure_login.php
new file mode 100644
index 00000000..5e33232f
--- /dev/null
+++ b/web/inc/secure_login.php
@@ -0,0 +1,8 @@
+<?php
+require_once('/usr/local/vesta/web/login_url.php');
+if (isset($_GET[$login_url])) {
+    setcookie($login_url, '1', time() + 31536000, '/', $_SERVER['HTTP_HOST'], true);
+    header ("Location: /");
+    exit;
+}
+if (!isset($_COOKIE[$login_url])) exit;

From ac4ec9b1a0a83f5956e90101606a9b7cea2846c8 Mon Sep 17 00:00:00 2001
From: dpeca <peca@mycity.rs>
Date: Tue, 10 Apr 2018 02:24:04 +0200
Subject: [PATCH 03/18] include secure_login.php from main.php

---
 web/inc/main.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/inc/main.php b/web/inc/main.php
index dfa482a1..49d70fda 100644
--- a/web/inc/main.php
+++ b/web/inc/main.php
@@ -1,5 +1,5 @@
 <?php
-
+require_once('/usr/local/vesta/web/inc/secure_login.php');
 session_start();
 
 define('VESTA_CMD', '/usr/bin/sudo /usr/local/vesta/bin/');

From 318f9daddef19a85764d3855bc1f288039de493d Mon Sep 17 00:00:00 2001
From: dpeca <peca@mycity.rs>
Date: Tue, 10 Apr 2018 02:25:45 +0200
Subject: [PATCH 04/18] filepath change to secure_login.php

---
 web/inc/secure_login.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/inc/secure_login.php b/web/inc/secure_login.php
index 5e33232f..641a7ce7 100644
--- a/web/inc/secure_login.php
+++ b/web/inc/secure_login.php
@@ -1,5 +1,5 @@
 <?php
-require_once('/usr/local/vesta/web/login_url.php');
+require_once('/usr/local/vesta/web/inc/login_url.php');
 if (isset($_GET[$login_url])) {
     setcookie($login_url, '1', time() + 31536000, '/', $_SERVER['HTTP_HOST'], true);
     header ("Location: /");

From a260e0c6b7705ca6c63a472aef78e6b5dd91ec2c Mon Sep 17 00:00:00 2001
From: dpeca <peca@mycity.rs>
Date: Tue, 10 Apr 2018 02:42:34 +0200
Subject: [PATCH 05/18] Changing redirect location

---
 web/inc/secure_login.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/inc/secure_login.php b/web/inc/secure_login.php
index 641a7ce7..c1b84509 100644
--- a/web/inc/secure_login.php
+++ b/web/inc/secure_login.php
@@ -2,7 +2,7 @@
 require_once('/usr/local/vesta/web/inc/login_url.php');
 if (isset($_GET[$login_url])) {
     setcookie($login_url, '1', time() + 31536000, '/', $_SERVER['HTTP_HOST'], true);
-    header ("Location: /");
+    header ("Location: /login/");
     exit;
 }
 if (!isset($_COOKIE[$login_url])) exit;

From 84adfcc4edceada0779b72197ecc5a8ab4a1f029 Mon Sep 17 00:00:00 2001
From: dpeca <peca@mycity.rs>
Date: Tue, 10 Apr 2018 02:44:02 +0200
Subject: [PATCH 06/18] Check pre-auth before redirecting to login

---
 web/index.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/web/index.php b/web/index.php
index 2f070747..27ce0fcf 100644
--- a/web/index.php
+++ b/web/index.php
@@ -1,4 +1,5 @@
 <?php
+require_once('/usr/local/vesta/web/inc/secure_login.php');
 session_start();
 if (isset($_SESSION['user'])) {
     header("Location: /list/user/");

From 24042941855de11ad748bf77c5f2cfe44214578c Mon Sep 17 00:00:00 2001
From: dpeca <peca@mycity.rs>
Date: Tue, 10 Apr 2018 03:36:52 +0200
Subject: [PATCH 07/18] Redirect to webmail by default

---
 web/index.php | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/web/index.php b/web/index.php
index 27ce0fcf..8910659b 100644
--- a/web/index.php
+++ b/web/index.php
@@ -1,8 +1,9 @@
 <?php
-require_once('/usr/local/vesta/web/inc/secure_login.php');
-session_start();
-if (isset($_SESSION['user'])) {
-    header("Location: /list/user/");
-} else {
-    header("Location: /login/");
-}
+//require_once('/usr/local/vesta/web/inc/secure_login.php');
+//session_start();
+//if (isset($_SESSION['user'])) {
+//    header("Location: /list/user/");
+//} else {
+//    header("Location: /login/");
+//}
+header("Location: /webmail/");

From 82dcba51a0b8416af256dd9df1031f4ba26bb712 Mon Sep 17 00:00:00 2001
From: dpeca <peca@mycity.rs>
Date: Tue, 10 Apr 2018 03:43:50 +0200
Subject: [PATCH 08/18] Check secure login on index

---
 web/index.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/web/index.php b/web/index.php
index 8910659b..58238128 100644
--- a/web/index.php
+++ b/web/index.php
@@ -6,4 +6,10 @@
 //} else {
 //    header("Location: /login/");
 //}
+
+require_once('/usr/local/vesta/web/inc/login_url.php');
+if (isset($_GET[$login_url])) {
+  require_once('/usr/local/vesta/web/inc/secure_login.php');
+}
+
 header("Location: /webmail/");

From 1a61ea102bc085d1645d0564d11a318bcad212d8 Mon Sep 17 00:00:00 2001
From: dpeca <peca@mycity.rs>
Date: Tue, 10 Apr 2018 03:58:19 +0200
Subject: [PATCH 09/18] Redirect to /list/user/ after login

---
 web/login/index.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/web/login/index.php b/web/login/index.php
index 08074b3e..b2e7c714 100644
--- a/web/login/index.php
+++ b/web/login/index.php
@@ -25,7 +25,7 @@ if (isset($_SESSION['user'])) {
             $_SESSION['look_alert'] = 'yes';
         }
     }
-    header("Location: /");
+    header("Location: /list/user/");
     exit;
 }
 
@@ -109,7 +109,7 @@ if (isset($_POST['user']) && isset($_POST['password'])) {
                     unset($_SESSION['request_uri']);
                     exit;
                 } else {
-                    header("Location: /");
+                    header("Location: /list/user/");
                     exit;
                 }
             }

From 25516949ffbe6dd36e6d0d68282d4eecab0c1e69 Mon Sep 17 00:00:00 2001
From: dpeca <peca@mycity.rs>
Date: Tue, 10 Apr 2018 04:01:12 +0200
Subject: [PATCH 10/18] Logout to redirect to login

---
 web/logout/index.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/logout/index.php b/web/logout/index.php
index 51c89198..795eb65f 100644
--- a/web/logout/index.php
+++ b/web/logout/index.php
@@ -8,6 +8,6 @@ if (!empty($_SESSION['look'])) {
     session_destroy();
 }
 
-header("Location: /");
+header("Location: /login/");
 exit;
 ?>

From 58f1613759a46462ca17bb25cf8251ad3a7a01e2 Mon Sep 17 00:00:00 2001
From: dpeca <peca@mycity.rs>
Date: Tue, 10 Apr 2018 04:05:58 +0200
Subject: [PATCH 11/18] Logo to link /list/user/

---
 web/templates/user/panel.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/templates/user/panel.html b/web/templates/user/panel.html
index 452105ee..dfb544c9 100644
--- a/web/templates/user/panel.html
+++ b/web/templates/user/panel.html
@@ -7,7 +7,7 @@
   </a>
   <div class="l-header">
     <div class="l-center">
-      <a href="/" class="l-logo"></a>
+      <a href="/list/user/" class="l-logo"></a>
       <!-- /.l-logo -->
       <div class="l-menu clearfix">
         <div class="l-menu__item <?php if($TAB == 'STATS' ) echo 'l-menu__item--active' ?>"><a href="/list/stats/"><?=__('Statistics')?></a></div>

From 80b76fc6edba21e1a482829f922e76b96b80903a Mon Sep 17 00:00:00 2001
From: dpeca <peca@mycity.rs>
Date: Tue, 10 Apr 2018 04:06:53 +0200
Subject: [PATCH 12/18] Logo to link /list/user/

---
 web/templates/admin/panel.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/templates/admin/panel.html b/web/templates/admin/panel.html
index 57f377db..80bfdaf1 100644
--- a/web/templates/admin/panel.html
+++ b/web/templates/admin/panel.html
@@ -8,7 +8,7 @@
 
   <div class="l-header">
     <div class="l-center">
-      <a href="/" class="l-logo"></a>
+      <a href="/list/user/" class="l-logo"></a>
       <!-- /.l-logo -->
       <div class="l-menu clearfix noselect">
         <div class="l-menu__item <?php if($TAB == 'PACKAGE' ) echo 'l-menu__item--active' ?>"><a href="/list/package/"><?=__('Packages')?></a></div>

From e6b01fbd7ed0a169e6b61a87a01157f19938e5b9 Mon Sep 17 00:00:00 2001
From: dpeca <peca@mycity.rs>
Date: Wed, 11 Apr 2018 01:01:44 +0200
Subject: [PATCH 13/18] reload nginx instead restart

---
 bin/v-restart-proxy | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bin/v-restart-proxy b/bin/v-restart-proxy
index 25ab20bf..9fbd8fef 100755
--- a/bin/v-restart-proxy
+++ b/bin/v-restart-proxy
@@ -50,7 +50,7 @@ if [ -z "$PROXY_SYSTEM" ] || [ "$PROXY_SYSTEM" = 'remote' ]; then
 fi
 
 # Restart system
-service $PROXY_SYSTEM restart >/dev/null 2>&1
+service $PROXY_SYSTEM reload >/dev/null 2>&1
 if [ $? -ne 0 ]; then
     send_email_report
     check_result $E_RESTART "$PROXY_SYSTEM restart failed"

From 334e54bf932f4c182576544607135f12e58e74f8 Mon Sep 17 00:00:00 2001
From: dpeca <peca@mycity.rs>
Date: Wed, 11 Apr 2018 12:54:27 +0200
Subject: [PATCH 14/18] define NO_AUTH_REQUIRED2 in reset email

---
 web/reset/mail/index.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/web/reset/mail/index.php b/web/reset/mail/index.php
index 9315d041..2f3bd9e3 100644
--- a/web/reset/mail/index.php
+++ b/web/reset/mail/index.php
@@ -1,6 +1,7 @@
 <?php
 // Init
 define('NO_AUTH_REQUIRED',true);
+define('NO_AUTH_REQUIRED2',true);
 error_reporting(NULL);
 
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
@@ -136,7 +137,7 @@ if ((!empty($_POST['email'])) && (!empty($_POST['password'])) && (!empty($_POST[
             fclose($fp);
             exec (VESTA_CMD."v-change-mail-account-password '".$v_user."' ".$v_domain." ".$v_account." ".$v_new_password, $output, $return_var);
             if ($return_var == 0) {
-                echo "ok";
+                echo "==ok==";
                 exit;
             }
         }

From 3e7a59a8ec3d27ce41168cd93895fcdcb5629ac7 Mon Sep 17 00:00:00 2001
From: dpeca <peca@mycity.rs>
Date: Wed, 11 Apr 2018 12:59:11 +0200
Subject: [PATCH 15/18] Avoid NO_AUTH_REQUIRED2 in secure_login.php

---
 web/inc/secure_login.php | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/web/inc/secure_login.php b/web/inc/secure_login.php
index c1b84509..0cd712da 100644
--- a/web/inc/secure_login.php
+++ b/web/inc/secure_login.php
@@ -1,8 +1,11 @@
 <?php
-require_once('/usr/local/vesta/web/inc/login_url.php');
-if (isset($_GET[$login_url])) {
-    setcookie($login_url, '1', time() + 31536000, '/', $_SERVER['HTTP_HOST'], true);
-    header ("Location: /login/");
-    exit;
+if (!defined('NO_AUTH_REQUIRED2')) {
+    if (file_exists('/usr/local/vesta/web/inc/login_url.php')) {
+        require_once('/usr/local/vesta/web/inc/login_url.php');
+        if (isset($_GET[$login_url])) {
+            setcookie($login_url, '1', time() + 31536000, '/', $_SERVER['HTTP_HOST'], true);
+            header ("Location: /login/");
+            exit;
+        }
+        if (!isset($_COOKIE[$login_url])) exit;
 }
-if (!isset($_COOKIE[$login_url])) exit;

From c739e5fc485ed627457648b491157efb6647809c Mon Sep 17 00:00:00 2001
From: dpeca <peca@mycity.rs>
Date: Wed, 11 Apr 2018 13:04:07 +0200
Subject: [PATCH 16/18] Avoid pre-auth if login_url.php is not created

---
 web/index.php | 25 +++++++++++++------------
 1 file changed, 13 insertions(+), 12 deletions(-)

diff --git a/web/index.php b/web/index.php
index 58238128..1763870d 100644
--- a/web/index.php
+++ b/web/index.php
@@ -1,15 +1,16 @@
 <?php
-//require_once('/usr/local/vesta/web/inc/secure_login.php');
-//session_start();
-//if (isset($_SESSION['user'])) {
-//    header("Location: /list/user/");
-//} else {
-//    header("Location: /login/");
-//}
 
-require_once('/usr/local/vesta/web/inc/login_url.php');
-if (isset($_GET[$login_url])) {
-  require_once('/usr/local/vesta/web/inc/secure_login.php');
+if (!file_exists('/usr/local/vesta/web/inc/login_url.php')) {
+    session_start();
+    if (isset($_SESSION['user'])) {
+        header("Location: /list/user/");
+    } else {
+        header("Location: /login/");
+    }
+} else {
+    require_once('/usr/local/vesta/web/inc/login_url.php');
+    if (isset($_GET[$login_url])) {
+      require_once('/usr/local/vesta/web/inc/secure_login.php');
+    }
+    header("Location: /webmail/");
 }
-
-header("Location: /webmail/");

From f16de5905ab2fa09bfb6708cf85e1019fa323d6e Mon Sep 17 00:00:00 2001
From: dpeca <peca@mycity.rs>
Date: Wed, 11 Apr 2018 13:11:58 +0200
Subject: [PATCH 17/18] Missing curly brace

---
 web/inc/secure_login.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/web/inc/secure_login.php b/web/inc/secure_login.php
index 0cd712da..9860912b 100644
--- a/web/inc/secure_login.php
+++ b/web/inc/secure_login.php
@@ -8,4 +8,5 @@ if (!defined('NO_AUTH_REQUIRED2')) {
             exit;
         }
         if (!isset($_COOKIE[$login_url])) exit;
+    }
 }

From fb2cdf6fe162a9acfdf51d28db572b36d89ee38e Mon Sep 17 00:00:00 2001
From: dpeca <peca@mycity.rs>
Date: Wed, 11 Apr 2018 21:30:55 +0200
Subject: [PATCH 18/18] Allow /reset/mail/ only from localhost

---
 web/reset/mail/index.php | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/web/reset/mail/index.php b/web/reset/mail/index.php
index 2f3bd9e3..cc6077e8 100644
--- a/web/reset/mail/index.php
+++ b/web/reset/mail/index.php
@@ -6,6 +6,24 @@ error_reporting(NULL);
 
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
+//echo '<pre>'; print_r($_SERVER); exit;
+$ok=0;
+$ip=$_SERVER['REMOTE_ADDR'];
+exec (VESTA_CMD."v-list-sys-ips json", $output, $return_var);
+$output=implode('', $output);
+$arr=json_decode($output, true);
+foreach ($arr as $arr_key => $arr_val) {
+	if ($ip==$arr_key || $ip==$arr_val['NAT']) {
+		$ok=1;
+		break;
+	}
+}
+//echo '<pre>ip='.$ip."\n".$return_var." = "; print_r($arr); exit;
+if ($ip == $_SERVER['SERVER_ADDR']) $ok=1;
+if ($ip == '127.0.0.1') $ok=1;
+//echo 'ok='.$ok."\n";
+if ($ok==0) exit;
+
 //
 // sourceforge.net/projects/postfixadmin/
 // md5crypt