github/myvesta
1
0
Fork 0
mirror of https://github.com/myvesta/vesta synced 2025-08-20 21:34:12 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Disabling login with 'root'

Browse source 
tnx @jaapmarcus and HestiaCP
This commit is contained in:
myvesta 2020-08-30 00:10:04 +02:00 committed by GitHub
commit d6eb5f0ba7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 73 additions and 67 deletions
Download patch file Download diff file Expand all files Collapse all files

8
web/login/index.php
View file

@ -35,6 +35,11 @@ if (isset($_POST['user']) && isset($_POST['password'])) {
$v_user = escapeshellarg($_POST['user']);
$v_ip = escapeshellarg($_SERVER['REMOTE_ADDR']);
if($_POST['user'] == 'root'){
unset($_POST['password']);
unset($_POST['user']);
$ERROR = "<a class=\"error\">".__('Login with <strong>root</strong> has been disabled')."</a>";
} else {
// Get user's salt
$output = '';
exec (VESTA_CMD."v-get-user-salt ".$v_user." ".$v_ip." json" , $output, $return_var);
@ -77,7 +82,7 @@ if (isset($_POST['user']) && isset($_POST['password'])) {
} else {
// Make root admin user
if ($_POST['user'] == 'root') $v_user = 'admin';
// if ($_POST['user'] == 'root') $v_user = 'admin';
// Get user speciefic parameters
exec (VESTA_CMD . "v-list-user ".$v_user." json", $output, $return_var);
@ -114,6 +119,7 @@ if (isset($_POST['user']) && isset($_POST['password'])) {
}
}
}
}
} else {
$ERROR = "<a class=\"error\">".__('Invalid or missing token')."</a>";
}