github/vesta
1
0
Fork 0
mirror of https://github.com/serghey-rodin/vesta.git synced 2025-08-19 13:01:51 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Disabling login with 'root'

Browse source
This commit is contained in:
Anton Reutov 2021-07-28 14:19:12 +03:00 committed by GitHub
commit d97adaeb6a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 74 additions and 69 deletions
Download patch file Download diff file Expand all files Collapse all files

13
web/login/index.php
View file

@ -22,7 +22,6 @@ if (isset($_SESSION['user'])) {
header('Location: /login/');
exit();
}
if ($_SESSION['user'] == 'admin' && !empty($_GET['loginas'])) {
exec (VESTA_CMD . "v-list-user ".escapeshellarg($_GET['loginas'])." json", $output, $return_var);
if ( $return_var == 0 ) {
@ -32,7 +31,7 @@ if (isset($_SESSION['user'])) {
$_SESSION['look_alert'] = 'yes';
}
}
header("Location: /");
header("Location: /list/user/");
exit;
}
@ -42,6 +41,11 @@ if (isset($_POST['user']) && isset($_POST['password'])) {
$v_user = escapeshellarg($_POST['user']);
$v_ip = escapeshellarg($_SERVER['REMOTE_ADDR']);
if($_POST['user'] == 'root'){
unset($_POST['password']);
unset($_POST['user']);
$ERROR = "<a class=\"error\">".__('Login with root has been disabled')."</a>";
} else {
// Get user's salt
$output = '';
exec (VESTA_CMD."v-get-user-salt ".$v_user." ".$v_ip." json" , $output, $return_var);
@ -84,7 +88,7 @@ if (isset($_POST['user']) && isset($_POST['password'])) {
} else {
// Make root admin user
if ($_POST['user'] == 'root') $v_user = 'admin';
// if ($_POST['user'] == 'root') $v_user = 'admin';
// Get user speciefic parameters
exec (VESTA_CMD . "v-list-user ".$v_user." json", $output, $return_var);
@ -116,11 +120,12 @@ if (isset($_POST['user']) && isset($_POST['password'])) {
unset($_SESSION['request_uri']);
exit;
} else {
header("Location: /");
header("Location: /list/user/");
exit;
}
}
}
}
} else {
$ERROR = "<a class=\"error\">".__('Invalid or missing token')."</a>";
}