From fb2cdf6fe162a9acfdf51d28db572b36d89ee38e Mon Sep 17 00:00:00 2001
From: dpeca <peca@mycity.rs>
Date: Wed, 11 Apr 2018 21:30:55 +0200
Subject: [PATCH] Allow /reset/mail/ only from localhost

---
 web/reset/mail/index.php | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/web/reset/mail/index.php b/web/reset/mail/index.php
index 2f3bd9e3..cc6077e8 100644
--- a/web/reset/mail/index.php
+++ b/web/reset/mail/index.php
@@ -6,6 +6,24 @@ error_reporting(NULL);
 
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
+//echo '<pre>'; print_r($_SERVER); exit;
+$ok=0;
+$ip=$_SERVER['REMOTE_ADDR'];
+exec (VESTA_CMD."v-list-sys-ips json", $output, $return_var);
+$output=implode('', $output);
+$arr=json_decode($output, true);
+foreach ($arr as $arr_key => $arr_val) {
+	if ($ip==$arr_key || $ip==$arr_val['NAT']) {
+		$ok=1;
+		break;
+	}
+}
+//echo '<pre>ip='.$ip."\n".$return_var." = "; print_r($arr); exit;
+if ($ip == $_SERVER['SERVER_ADDR']) $ok=1;
+if ($ip == '127.0.0.1') $ok=1;
+//echo 'ok='.$ok."\n";
+if ($ok==0) exit;
+
 //
 // sourceforge.net/projects/postfixadmin/
 // md5crypt