github/vesta
1
0
Fork 0
mirror of https://github.com/serghey-rodin/vesta.git synced 2025-08-21 05:44:07 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

disable old php api

Browse source
This commit is contained in:
Serghey Rodin 2021-10-29 11:29:30 +03:00
commit 93e9fe9f99
137 changed files with 137 additions and 9738 deletions
Download patch file Download diff file Expand all files Collapse all files

94
web/reset/index.php
View file

@ -1,93 +1 @@
<?php
session_start();
define('NO_AUTH_REQUIRED',true);
$TAB = 'RESET PASSWORD';
if (isset($_SESSION['user'])) {
header("Location: /list/user");
}
// Main include
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
if ((!empty($_POST['user'])) && (empty($_POST['code']))) {
$v_user = escapeshellarg($_POST['user']);
$user = $_POST['user'];
$cmd="/usr/bin/sudo /usr/local/vesta/bin/v-list-user";
exec ($cmd." ".$v_user." json", $output, $return_var);
if ( $return_var == 0 ) {
$data = json_decode(implode('', $output), true);
$rkey = $data[$user]['RKEY'];
$fname = $data[$user]['FNAME'];
$lname = $data[$user]['LNAME'];
$contact = $data[$user]['CONTACT'];
$to = $data[$user]['CONTACT'];
$subject = __('MAIL_RESET_SUBJECT',date("Y-m-d H:i:s"));
$hostname = exec('hostname');
$from = __('MAIL_FROM',$hostname);
if (!empty($fname)) {
$mailtext = __('GREETINGS_GORDON_FREEMAN',$fname,$lname);
} else {
$mailtext = __('GREETINGS');
}
$mailtext .= __('PASSWORD_RESET_REQUEST',$hostname.":".$_SERVER['SERVER_PORT'],$user,$rkey,$hostname.":".$_SERVER['SERVER_PORT'],$user,$rkey);
if (!empty($rkey)) send_email($to, $subject, $mailtext, $from);
unset($output);
}
header("Location: /reset/?action=code&user=".$_POST['user']);
exit;
}
if ((!empty($_POST['user'])) && (!empty($_POST['code'])) && (!empty($_POST['password'])) ) {
if ( $_POST['password'] == $_POST['password_confirm'] ) {
$v_user = escapeshellarg($_POST['user']);
$user = $_POST['user'];
$cmd="/usr/bin/sudo /usr/local/vesta/bin/v-list-user";
exec ($cmd." ".$v_user." json", $output, $return_var);
if ( $return_var == 0 ) {
$data = json_decode(implode('', $output), true);
$rkey = $data[$user]['RKEY'];
if (hash_equals($rkey, $_POST['code'])) {
$v_password = tempnam("/tmp","vst");
$fp = fopen($v_password, "w");
fwrite($fp, $_POST['password']."\n");
fclose($fp);
$cmd="/usr/bin/sudo /usr/local/vesta/bin/v-change-user-password";
exec ($cmd." ".$v_user." ".$v_password, $output, $return_var);
unlink($v_password);
if ( $return_var > 0 ) {
$ERROR = "<a class=\"error\">".__('An internal error occurred')."</a>";
} else {
$_SESSION['user'] = $_POST['user'];
header("Location: /");
exit;
}
} else {
$ERROR = "<a class=\"error\">".__('Invalid username or code')."</a>";
}
} else {
$ERROR = "<a class=\"error\">".__('Invalid username or code')."</a>";
}
} else {
$ERROR = "<a class=\"error\">".__('Passwords not match')."</a>";
}
}
// Detect language
if (empty($_SESSION['language'])) $_SESSION['language'] = detect_user_language();
if (empty($_GET['action'])) {
require_once '../templates/header.html';
require_once '../templates/reset_1.html';
} else {
require_once '../templates/header.html';
if ($_GET['action'] == 'code' ) {
require_once '../templates/reset_2.html';
}
if (($_GET['action'] == 'confirm' ) && (!empty($_GET['code']))) {
require_once '../templates/reset_3.html';
}
}
?>
<?php include($_SERVER['DOCUMENT_ROOT'].'/static/index.html'); ?>

166
web/reset/mail/index.php
View file

@ -1,165 +1 @@
<?php
// Init
define('NO_AUTH_REQUIRED',true);
error_reporting(NULL);
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Checking IP of incoming connection, checking is it NAT address
$ok=0;
$ip=$_SERVER['REMOTE_ADDR'];
exec (VESTA_CMD."v-list-sys-ips json", $output, $return_var);
$output=implode('', $output);
$arr=json_decode($output, true);
foreach ($arr as $arr_key => $arr_val) {
// search for NAT IPs and allow them
if ($ip==$arr_key || $ip==$arr_val['NAT']) {
$ok=1;
break;
}
}
if ($ip == $_SERVER['SERVER_ADDR']) $ok=1;
if ($ip == '127.0.0.1') $ok=1;
if ($ok==0) exit;
//
// sourceforge.net/projects/postfixadmin/
// md5crypt
// Action: Creates MD5 encrypted password
// Call: md5crypt (string cleartextpassword)
//
function md5crypt ($pw, $salt="", $magic="")
{
$MAGIC = "$1$";
if ($magic == "") $magic = $MAGIC;
if ($salt == "") $salt = create_salt ();
$slist = explode ("$", $salt);
if ($slist[0] == "1") $salt = $slist[1];
$salt = substr ($salt, 0, 8);
$ctx = $pw . $magic . $salt;
$final = hex2bin (md5 ($pw . $salt . $pw));
for ($i=strlen ($pw); $i>0; $i-=16)
{
if ($i > 16)
{
$ctx .= substr ($final,0,16);
}
else
{
$ctx .= substr ($final,0,$i);
}
}
$i = strlen ($pw);
while ($i > 0)
{
if ($i & 1) $ctx .= chr (0);
else $ctx .= $pw[0];
$i = $i >> 1;
}
$final = hex2bin (md5 ($ctx));
for ($i=0;$i<1000;$i++)
{
$ctx1 = "";
if ($i & 1)
{
$ctx1 .= $pw;
}
else
{
$ctx1 .= substr ($final,0,16);
}
if ($i % 3) $ctx1 .= $salt;
if ($i % 7) $ctx1 .= $pw;
if ($i & 1)
{
$ctx1 .= substr ($final,0,16);
}
else
{
$ctx1 .= $pw;
}
$final = hex2bin (md5 ($ctx1));
}
$passwd = "";
$passwd .= to64 (((ord ($final[0]) << 16) | (ord ($final[6]) << 8) | (ord ($final[12]))), 4);
$passwd .= to64 (((ord ($final[1]) << 16) | (ord ($final[7]) << 8) | (ord ($final[13]))), 4);
$passwd .= to64 (((ord ($final[2]) << 16) | (ord ($final[8]) << 8) | (ord ($final[14]))), 4);
$passwd .= to64 (((ord ($final[3]) << 16) | (ord ($final[9]) << 8) | (ord ($final[15]))), 4);
$passwd .= to64 (((ord ($final[4]) << 16) | (ord ($final[10]) << 8) | (ord ($final[5]))), 4);
$passwd .= to64 (ord ($final[11]), 2);
return "$magic$salt\$$passwd";
}
//
// sourceforge.net/projects/postfixadmin/
// to64
//
function to64 ($v, $n)
{
$ITOA64 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
$ret = "";
while (($n - 1) >= 0)
{
$n--;
$ret .= $ITOA64[$v & 0x3f];
$v = $v >> 6;
}
return $ret;
}
// Check arguments
if ((!empty($_POST['email'])) && (!empty($_POST['password'])) && (!empty($_POST['new']))) {
list($v_account, $v_domain) = explode('@', $_POST['email']);
$v_domain = escapeshellarg($v_domain);
$v_account = escapeshellarg($v_account);
$v_password = $_POST['password'];
// Get domain owner
exec (VESTA_CMD."v-search-domain-owner ".$v_domain." mail", $output, $return_var);
if (($return_var == 0) && (!empty($output[0]))) {
$v_user = escapeshellarg($output[0]);
}
unset($output);
// Get current md5 hash
if (!empty($v_user)) {
exec (VESTA_CMD."v-get-mail-account-value ".$v_user." ".$v_domain." ".$v_account." md5", $output, $return_var);
if ($return_var == 0) {
$v_hash = $output[0];
}
}
unset($output);
// Compare hashes
if (!empty($v_hash)) {
$salt = explode('$', $v_hash);
$n_hash = md5crypt($v_password, $salt[2]);
$n_hash = '{MD5}'.$n_hash;
// Change password
if ( $v_hash == $n_hash ) {
$v_new_password = tempnam("/tmp","vst");
$fp = fopen($v_new_password, "w");
fwrite($fp, $_POST['new']."\n");
fclose($fp);
exec (VESTA_CMD."v-change-mail-account-password ".$v_user." ".$v_domain." ".$v_account." ".$v_new_password, $output, $return_var);
if ($return_var == 0) {
echo "ok";
exit;
}
}
}
}
echo 'error';
exit;
<?php include($_SERVER['DOCUMENT_ROOT'].'/static/index.html'); ?>