mirror of
https://github.com/myvesta/vesta
synced 2025-08-19 21:04:07 -07:00
Merge pull request #1106 from serghey-rodin/madeITBelgium-csrf
Fix CSRF in login
This commit is contained in:
naumov-socolov
GitHub
commit
f5ef047df7
2 changed files with 59 additions and 51 deletions
|
|
@ -34,64 +34,68 @@ if (isset($_SESSION['user'])) {
|
||||||
|
|
||||||
// Basic auth
|
// Basic auth
|
||||||
if (isset($_POST['user']) && isset($_POST['password'])) {
|
if (isset($_POST['user']) && isset($_POST['password'])) {
|
||||||
$v_user = escapeshellarg($_POST['user']);
|
if(isset($_SESSION['token']) && isset($_POST['token']) && $_POST['token'] == $_SESSION['token']) {
|
||||||
|
$v_user = escapeshellarg($_POST['user']);
|
||||||
|
|
||||||
// Send password via tmp file
|
// Send password via tmp file
|
||||||
$v_password = exec('mktemp -p /tmp');
|
$v_password = exec('mktemp -p /tmp');
|
||||||
$fp = fopen($v_password, "w");
|
$fp = fopen($v_password, "w");
|
||||||
fwrite($fp, $_POST['password']."\n");
|
fwrite($fp, $_POST['password']."\n");
|
||||||
fclose($fp);
|
fclose($fp);
|
||||||
|
|
||||||
// Check user & password
|
// Check user & password
|
||||||
exec(VESTA_CMD ."v-check-user-password ".$v_user." ".$v_password." ".escapeshellarg($_SERVER['REMOTE_ADDR']), $output, $return_var);
|
exec(VESTA_CMD ."v-check-user-password ".$v_user." ".$v_password." ".escapeshellarg($_SERVER['REMOTE_ADDR']), $output, $return_var);
|
||||||
unset($output);
|
unset($output);
|
||||||
|
|
||||||
// Remove tmp file
|
// Remove tmp file
|
||||||
unlink($v_password);
|
unlink($v_password);
|
||||||
|
|
||||||
// Check API answer
|
// Check API answer
|
||||||
if ( $return_var > 0 ) {
|
if ( $return_var > 0 ) {
|
||||||
$ERROR = "<a class=\"error\">".__('Invalid username or password')."</a>";
|
$ERROR = "<a class=\"error\">".__('Invalid username or password')."</a>";
|
||||||
|
|
||||||
} else {
|
|
||||||
|
|
||||||
// Make root admin user
|
|
||||||
if ($_POST['user'] == 'root') $v_user = 'admin';
|
|
||||||
|
|
||||||
// Get user speciefic parameters
|
|
||||||
exec (VESTA_CMD . "v-list-user ".$v_user." json", $output, $return_var);
|
|
||||||
$data = json_decode(implode('', $output), true);
|
|
||||||
|
|
||||||
// Define session user
|
|
||||||
$_SESSION['user'] = key($data);
|
|
||||||
$v_user = $_SESSION['user'];
|
|
||||||
|
|
||||||
// Get user favorites
|
|
||||||
get_favourites();
|
|
||||||
|
|
||||||
// Define language
|
|
||||||
$output = '';
|
|
||||||
exec (VESTA_CMD."v-list-sys-languages json", $output, $return_var);
|
|
||||||
$languages = json_decode(implode('', $output), true);
|
|
||||||
if(in_array($data[$v_user]['LANGUAGE'], $languages)){
|
|
||||||
$_SESSION['language'] = $data[$v_user]['LANGUAGE'];
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
$_SESSION['language'] = 'en';
|
|
||||||
}
|
|
||||||
|
|
||||||
// Regenerate session id to prevent session fixation
|
|
||||||
session_regenerate_id();
|
|
||||||
|
|
||||||
// Redirect request to control panel interface
|
|
||||||
if (!empty($_SESSION['request_uri'])) {
|
|
||||||
header("Location: ".$_SESSION['request_uri']);
|
|
||||||
unset($_SESSION['request_uri']);
|
|
||||||
exit;
|
|
||||||
} else {
|
} else {
|
||||||
header("Location: /");
|
|
||||||
exit;
|
// Make root admin user
|
||||||
|
if ($_POST['user'] == 'root') $v_user = 'admin';
|
||||||
|
|
||||||
|
// Get user speciefic parameters
|
||||||
|
exec (VESTA_CMD . "v-list-user ".$v_user." json", $output, $return_var);
|
||||||
|
$data = json_decode(implode('', $output), true);
|
||||||
|
|
||||||
|
// Define session user
|
||||||
|
$_SESSION['user'] = key($data);
|
||||||
|
$v_user = $_SESSION['user'];
|
||||||
|
|
||||||
|
// Get user favorites
|
||||||
|
get_favourites();
|
||||||
|
|
||||||
|
// Define language
|
||||||
|
$output = '';
|
||||||
|
exec (VESTA_CMD."v-list-sys-languages json", $output, $return_var);
|
||||||
|
$languages = json_decode(implode('', $output), true);
|
||||||
|
if(in_array($data[$v_user]['LANGUAGE'], $languages)){
|
||||||
|
$_SESSION['language'] = $data[$v_user]['LANGUAGE'];
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$_SESSION['language'] = 'en';
|
||||||
|
}
|
||||||
|
|
||||||
|
// Regenerate session id to prevent session fixation
|
||||||
|
session_regenerate_id();
|
||||||
|
|
||||||
|
// Redirect request to control panel interface
|
||||||
|
if (!empty($_SESSION['request_uri'])) {
|
||||||
|
header("Location: ".$_SESSION['request_uri']);
|
||||||
|
unset($_SESSION['request_uri']);
|
||||||
|
exit;
|
||||||
|
} else {
|
||||||
|
header("Location: /");
|
||||||
|
exit;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
$ERROR = "<a class=\"error\">".__('Invalid or missing token')."</a>";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -121,6 +125,9 @@ if (empty($_SESSION['language'])) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Generate CSRF token
|
||||||
|
$_SESSION['token'] = md5(uniqid(mt_rand(), true));
|
||||||
|
|
||||||
require_once($_SERVER['DOCUMENT_ROOT'].'/inc/i18n/'.$_SESSION['language'].'.php');
|
require_once($_SERVER['DOCUMENT_ROOT'].'/inc/i18n/'.$_SESSION['language'].'.php');
|
||||||
require_once('../templates/header.html');
|
require_once('../templates/header.html');
|
||||||
require_once('../templates/login.html');
|
require_once('../templates/login.html');
|
||||||
|
|
|
||||||
|
|
@ -9,6 +9,7 @@
|
||||||
</td>
|
</td>
|
||||||
<td style="padding: 20px 0 0 0;">
|
<td style="padding: 20px 0 0 0;">
|
||||||
<form method="post" action="/login/" >
|
<form method="post" action="/login/" >
|
||||||
|
<input type="hidden" name="token" value="<?php echo $_SESSION['token']; ?>">
|
||||||
<table class="login-box">
|
<table class="login-box">
|
||||||
<tr>
|
<tr>
|
||||||
<td syle="padding: 12px 0 0 2px;">
|
<td syle="padding: 12px 0 0 2px;">
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue