Skip to content
GitLab
Explore
Sign in
Register
Primary navigation
Search or go to…
Project
I
ISPConfig 3
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Model registry
Operate
Environments
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
ISPConfig
ISPConfig 3
Commits
c25dbd55
Commit
c25dbd55
authored
3 years ago
by
Mladen B.
Browse files
Options
Downloads
Patches
Plain Diff
Refactor process_login_request 7: Unwrap else.
parent
21e99c1e
No related branches found
No related tags found
1 merge request
!1544
Added admin IP whitelist feature
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
interface/web/login/index.php
+136
-136
136 additions, 136 deletions
interface/web/login/index.php
with
136 additions
and
136 deletions
interface/web/login/index.php
+
136
−
136
View file @
c25dbd55
...
@@ -93,160 +93,160 @@ function process_login_request(app $app, &$error, $conf, $module)
...
@@ -93,160 +93,160 @@ function process_login_request(app $app, &$error, $conf, $module)
if
(
$alreadyfailed
[
'times'
]
>
5
)
{
if
(
$alreadyfailed
[
'times'
]
>
5
)
{
$error
=
$app
->
lng
(
'error_user_too_many_logins'
);
$error
=
$app
->
lng
(
'error_user_too_many_logins'
);
return
;
return
;
}
if
(
$loginAs
)
{
$sql
=
"SELECT * FROM sys_user WHERE USERNAME = ? and PASSWORT = ?"
;
$user
=
$app
->
db
->
queryOneRecord
(
$sql
,
(
string
)
$username
,
(
string
)
$password
);
}
else
{
}
else
{
if
(
$loginAs
)
{
if
(
stristr
(
$username
,
'@'
))
{
$sql
=
"SELECT * FROM sys_user WHERE USERNAME = ? and PASSWORT = ?"
;
//* mailuser login
$user
=
$app
->
db
->
queryOneRecord
(
$sql
,
(
string
)
$username
,
(
string
)
$password
);
$sql
=
"SELECT * FROM mail_user WHERE login = ? or email = ?"
;
}
else
{
$mailuser
=
$app
->
db
->
queryOneRecord
(
$sql
,
(
string
)
$username
,
$app
->
functions
->
idn_encode
(
$username
));
if
(
stristr
(
$username
,
'@'
))
{
$user
=
false
;
//* mailuser login
if
(
$mailuser
)
{
$sql
=
"SELECT * FROM mail_user WHERE login = ? or email = ?"
;
$saved_password
=
stripslashes
(
$mailuser
[
'password'
]);
$mailuser
=
$app
->
db
->
queryOneRecord
(
$sql
,
(
string
)
$username
,
$app
->
functions
->
idn_encode
(
$username
));
//* Check if mailuser password is correct
$user
=
false
;
if
(
crypt
(
stripslashes
(
$password
),
$saved_password
)
==
$saved_password
)
{
if
(
$mailuser
)
{
//* Get the sys_user language of the client of the mailuser
$saved_password
=
stripslashes
(
$mailuser
[
'password'
]);
$sys_user_lang
=
$app
->
db
->
queryOneRecord
(
"SELECT language FROM sys_user WHERE default_group = ?"
,
$mailuser
[
'sys_groupid'
]);
//* Check if mailuser password is correct
if
(
crypt
(
stripslashes
(
$password
),
$saved_password
)
==
$saved_password
)
{
//* we build a fake user here which has access to the mailuser module only and userid 0
//* Get the sys_user language of the client of the mailuser
$user
=
array
();
$sys_user_lang
=
$app
->
db
->
queryOneRecord
(
"SELECT language FROM sys_user WHERE default_group = ?"
,
$mailuser
[
'sys_groupid'
]);
$user
[
'userid'
]
=
0
;
$user
[
'active'
]
=
1
;
//* we build a fake user here which has access to the mailuser module only and userid 0
$user
[
'startmodule'
]
=
'mailuser'
;
$user
=
array
();
$user
[
'modules'
]
=
'mailuser'
;
$user
[
'userid'
]
=
0
;
$user
[
'typ'
]
=
'user'
;
$user
[
'active'
]
=
1
;
$user
[
'email'
]
=
$mailuser
[
'email'
];
$user
[
'startmodule'
]
=
'mailuser'
;
$user
[
'username'
]
=
$username
;
$user
[
'modules'
]
=
'mailuser'
;
if
(
is_array
(
$sys_user_lang
)
&&
$sys_user_lang
[
'language'
]
!=
''
)
{
$user
[
'typ'
]
=
'user'
;
$user
[
'language'
]
=
$sys_user_lang
[
'language'
];
$user
[
'email'
]
=
$mailuser
[
'email'
];
}
else
{
$user
[
'username'
]
=
$username
;
$user
[
'language'
]
=
$conf
[
'language'
];
if
(
is_array
(
$sys_user_lang
)
&&
$sys_user_lang
[
'language'
]
!=
''
)
{
$user
[
'language'
]
=
$sys_user_lang
[
'language'
];
}
else
{
$user
[
'language'
]
=
$conf
[
'language'
];
}
$user
[
'theme'
]
=
$conf
[
'theme'
];
$user
[
'app_theme'
]
=
$conf
[
'theme'
];
$user
[
'mailuser_id'
]
=
$mailuser
[
'mailuser_id'
];
$user
[
'default_group'
]
=
$mailuser
[
'sys_groupid'
];
}
}
$user
[
'theme'
]
=
$conf
[
'theme'
];
$user
[
'app_theme'
]
=
$conf
[
'theme'
];
$user
[
'mailuser_id'
]
=
$mailuser
[
'mailuser_id'
];
$user
[
'default_group'
]
=
$mailuser
[
'sys_groupid'
];
}
}
}
else
{
}
//* normal cp user login
}
else
{
$sql
=
"SELECT * FROM sys_user WHERE USERNAME = ?"
;
//* normal cp user login
$user
=
$app
->
db
->
queryOneRecord
(
$sql
,
(
string
)
$username
);
$sql
=
"SELECT * FROM sys_user WHERE USERNAME = ?"
;
if
(
$user
)
{
$user
=
$app
->
db
->
queryOneRecord
(
$sql
,
(
string
)
$username
);
$saved_password
=
stripslashes
(
$user
[
'passwort'
]);
if
(
$user
)
{
if
(
substr
(
$saved_password
,
0
,
1
)
==
'$'
)
{
$saved_password
=
stripslashes
(
$user
[
'passwort'
]);
//* The password is encrypted with crypt
if
(
substr
(
$saved_password
,
0
,
1
)
==
'$'
)
{
if
(
crypt
(
stripslashes
(
$password
),
$saved_password
)
!=
$saved_password
)
{
//* The password is encrypted with crypt
$user
=
false
;
if
(
crypt
(
stripslashes
(
$password
),
$saved_password
)
!=
$saved_password
)
{
}
$user
=
false
;
}
else
{
//* The password is md5 encrypted
if
(
md5
(
$password
)
!=
$saved_password
)
{
$user
=
false
;
}
else
{
// update password with secure algo
$sql
=
'UPDATE `sys_user` SET `passwort` = ? WHERE `username` = ?'
;
$app
->
db
->
query
(
$sql
,
$app
->
auth
->
crypt_password
(
$password
),
(
string
)
$username
);
}
}
}
}
else
{
}
else
{
$user
=
false
;
//* The password is md5 encrypted
if
(
md5
(
$password
)
!=
$saved_password
)
{
$user
=
false
;
}
else
{
// update password with secure algo
$sql
=
'UPDATE `sys_user` SET `passwort` = ? WHERE `username` = ?'
;
$app
->
db
->
query
(
$sql
,
$app
->
auth
->
crypt_password
(
$password
),
(
string
)
$username
);
}
}
}
}
else
{
$user
=
false
;
}
}
}
}
}
if
(
$user
)
{
if
(
$user
)
{
if
(
$user
[
'active'
]
==
1
)
{
if
(
$user
[
'active'
]
==
1
)
{
// Maintenance mode - allow logins only when maintenance mode is off or if the user is admin
// Maintenance mode - allow logins only when maintenance mode is off or if the user is admin
if
(
!
$app
->
is_under_maintenance
()
||
$user
[
'typ'
]
==
'admin'
)
{
if
(
!
$app
->
is_under_maintenance
()
||
$user
[
'typ'
]
==
'admin'
)
{
// User login right, so attempts can be deleted
// User login right, so attempts can be deleted
$sql
=
"DELETE FROM `attempts_login` WHERE `ip`=?"
;
$sql
=
"DELETE FROM `attempts_login` WHERE `ip`=?"
;
$app
->
db
->
query
(
$sql
,
$ip
);
$app
->
db
->
query
(
$sql
,
$ip
);
$user
=
$app
->
db
->
toLower
(
$user
);
$user
=
$app
->
db
->
toLower
(
$user
);
if
(
$loginAs
)
$oldSession
=
$_SESSION
[
's'
];
if
(
$loginAs
)
$oldSession
=
$_SESSION
[
's'
];
// Session regenerate causes login problems on some systems, see Issue #3827
// Session regenerate causes login problems on some systems, see Issue #3827
// Set session_regenerate_id to no in security settings, it you encounter
// Set session_regenerate_id to no in security settings, it you encounter
// this problem.
// this problem.
$app
->
uses
(
'getconf'
);
$app
->
uses
(
'getconf'
);
$security_config
=
$app
->
getconf
->
get_security_config
(
'permissions'
);
$security_config
=
$app
->
getconf
->
get_security_config
(
'permissions'
);
if
(
isset
(
$security_config
[
'session_regenerate_id'
])
&&
$security_config
[
'session_regenerate_id'
]
==
'yes'
)
{
if
(
isset
(
$security_config
[
'session_regenerate_id'
])
&&
$security_config
[
'session_regenerate_id'
]
==
'yes'
)
{
if
(
!
$loginAs
)
session_regenerate_id
(
true
);
if
(
!
$loginAs
)
session_regenerate_id
(
true
);
}
}
$_SESSION
=
array
();
$_SESSION
=
array
();
if
(
$loginAs
)
$_SESSION
[
's_old'
]
=
$oldSession
;
// keep the way back!
if
(
$loginAs
)
$_SESSION
[
's_old'
]
=
$oldSession
;
// keep the way back!
$_SESSION
[
's'
][
'user'
]
=
$user
;
$_SESSION
[
's'
][
'user'
]
=
$user
;
$_SESSION
[
's'
][
'user'
][
'theme'
]
=
isset
(
$user
[
'app_theme'
])
?
$user
[
'app_theme'
]
:
'default'
;
$_SESSION
[
's'
][
'user'
][
'theme'
]
=
isset
(
$user
[
'app_theme'
])
?
$user
[
'app_theme'
]
:
'default'
;
$_SESSION
[
's'
][
'language'
]
=
$app
->
functions
->
check_language
(
$user
[
'language'
]);
$_SESSION
[
's'
][
'language'
]
=
$app
->
functions
->
check_language
(
$user
[
'language'
]);
$_SESSION
[
"s"
][
'theme'
]
=
$_SESSION
[
's'
][
'user'
][
'theme'
];
$_SESSION
[
"s"
][
'theme'
]
=
$_SESSION
[
's'
][
'user'
][
'theme'
];
if
(
$loginAs
)
$_SESSION
[
's'
][
'plugin_cache'
]
=
$_SESSION
[
's_old'
][
'plugin_cache'
];
if
(
$loginAs
)
$_SESSION
[
's'
][
'plugin_cache'
]
=
$_SESSION
[
's_old'
][
'plugin_cache'
];
if
(
is_file
(
ISPC_WEB_PATH
.
'/'
.
$_SESSION
[
's'
][
'user'
][
'startmodule'
]
.
'/lib/module.conf.php'
))
{
if
(
is_file
(
ISPC_WEB_PATH
.
'/'
.
$_SESSION
[
's'
][
'user'
][
'startmodule'
]
.
'/lib/module.conf.php'
))
{
include_once
$app
->
functions
->
check_include_path
(
ISPC_WEB_PATH
.
'/'
.
$_SESSION
[
's'
][
'user'
][
'startmodule'
]
.
'/lib/module.conf.php'
);
include_once
$app
->
functions
->
check_include_path
(
ISPC_WEB_PATH
.
'/'
.
$_SESSION
[
's'
][
'user'
][
'startmodule'
]
.
'/lib/module.conf.php'
);
$menu_dir
=
ISPC_WEB_PATH
.
'/'
.
$_SESSION
[
's'
][
'user'
][
'startmodule'
]
.
'/lib/menu.d'
;
$menu_dir
=
ISPC_WEB_PATH
.
'/'
.
$_SESSION
[
's'
][
'user'
][
'startmodule'
]
.
'/lib/menu.d'
;
include_menu_dir_files
(
$menu_dir
);
include_menu_dir_files
(
$menu_dir
);
$_SESSION
[
's'
][
'module'
]
=
$module
;
$_SESSION
[
's'
][
'module'
]
=
$module
;
}
}
// check if the user theme is valid
// check if the user theme is valid
if
(
$_SESSION
[
's'
][
'user'
][
'theme'
]
!=
'default'
)
{
if
(
$_SESSION
[
's'
][
'user'
][
'theme'
]
!=
'default'
)
{
$tmp_path
=
ISPC_THEMES_PATH
.
"/"
.
$_SESSION
[
's'
][
'user'
][
'theme'
];
$tmp_path
=
ISPC_THEMES_PATH
.
"/"
.
$_SESSION
[
's'
][
'user'
][
'theme'
];
if
(
!@
is_dir
(
$tmp_path
)
||
!@
file_exists
(
$tmp_path
.
"/ispconfig_version"
)
||
trim
(
file_get_contents
(
$tmp_path
.
"/ispconfig_version"
))
!=
ISPC_APP_VERSION
)
{
if
(
!@
is_dir
(
$tmp_path
)
||
!@
file_exists
(
$tmp_path
.
"/ispconfig_version"
)
||
trim
(
file_get_contents
(
$tmp_path
.
"/ispconfig_version"
))
!=
ISPC_APP_VERSION
)
{
// fall back to default theme if this one is not compatible with current ispc version
// fall back to default theme if this one is not compatible with current ispc version
$_SESSION
[
's'
][
'user'
][
'theme'
]
=
'default'
;
$_SESSION
[
's'
][
'user'
][
'theme'
]
=
'default'
;
$_SESSION
[
's'
][
'theme'
]
=
'default'
;
$_SESSION
[
's'
][
'theme'
]
=
'default'
;
$_SESSION
[
'show_error_msg'
]
=
$app
->
lng
(
'theme_not_compatible'
);
$_SESSION
[
'show_error_msg'
]
=
$app
->
lng
(
'theme_not_compatible'
);
}
}
}
}
$app
->
plugin
->
raiseEvent
(
'login'
,
$username
);
$app
->
plugin
->
raiseEvent
(
'login'
,
$username
);
//* Save successful login message to var
//* Save successful login message to var
$authlog
=
'Successful login for user \''
.
$username
.
'\' from '
.
$_SERVER
[
'REMOTE_ADDR'
]
.
' at '
.
date
(
'Y-m-d H:i:s'
)
.
' with session ID '
.
session_id
();
$authlog
=
'Successful login for user \''
.
$username
.
'\' from '
.
$_SERVER
[
'REMOTE_ADDR'
]
.
' at '
.
date
(
'Y-m-d H:i:s'
)
.
' with session ID '
.
session_id
();
$authlog_handle
=
fopen
(
$conf
[
'ispconfig_log_dir'
]
.
'/auth.log'
,
'a'
);
$authlog_handle
=
fopen
(
$conf
[
'ispconfig_log_dir'
]
.
'/auth.log'
,
'a'
);
fwrite
(
$authlog_handle
,
$authlog
.
"
\n
"
);
fwrite
(
$authlog_handle
,
$authlog
.
"
\n
"
);
fclose
(
$authlog_handle
);
fclose
(
$authlog_handle
);
/*
/*
* We need LOGIN_REDIRECT instead of HEADER_REDIRECT to load the
* We need LOGIN_REDIRECT instead of HEADER_REDIRECT to load the
* new theme, if the logged-in user has another
* new theme, if the logged-in user has another
*/
*/
if
(
$loginAs
)
{
if
(
$loginAs
)
{
echo
'LOGIN_REDIRECT:'
.
$_SESSION
[
's'
][
'module'
][
'startpage'
];
echo
'LOGIN_REDIRECT:'
.
$_SESSION
[
's'
][
'module'
][
'startpage'
];
exit
;
exit
;
}
else
{
}
else
{
header
(
'Location: ../index.php'
);
header
(
'Location: ../index.php'
);
die
();
die
();
}
}
}
}
else
{
$error
=
$app
->
lng
(
'error_user_blocked'
);
}
}
}
else
{
}
else
{
if
(
!
$alreadyfailed
[
'times'
])
{
$error
=
$app
->
lng
(
'error_user_blocked'
);
//* user login the first time wrong
}
$sql
=
"INSERT INTO `attempts_login` (`ip`, `times`, `login_time`) VALUES (?, 1, NOW())"
;
}
else
{
$app
->
db
->
query
(
$sql
,
$ip
);
if
(
!
$alreadyfailed
[
'times'
])
{
}
elseif
(
$alreadyfailed
[
'times'
]
>=
1
)
{
//* user login the first time wrong
//* update times wrong
$sql
=
"INSERT INTO `attempts_login` (`ip`, `times`, `login_time`) VALUES (?, 1, NOW())"
;
$sql
=
"UPDATE `attempts_login` SET `times`=`times`+1, `login_time`=NOW() WHERE `ip` = ? AND `login_time` < NOW() ORDER BY `login_time` DESC LIMIT 1"
;
$app
->
db
->
query
(
$sql
,
$ip
);
$app
->
db
->
query
(
$sql
,
$ip
);
}
elseif
(
$alreadyfailed
[
'times'
]
>=
1
)
{
}
//* update times wrong
//* Incorrect login - Username and password incorrect
$sql
=
"UPDATE `attempts_login` SET `times`=`times`+1, `login_time`=NOW() WHERE `ip` = ? AND `login_time` < NOW() ORDER BY `login_time` DESC LIMIT 1"
;
$error
=
$app
->
lng
(
'error_user_password_incorrect'
);
$app
->
db
->
query
(
$sql
,
$ip
);
if
(
$app
->
db
->
errorMessage
!=
''
)
$error
.
=
'<br />'
.
$app
->
db
->
errorMessage
!=
''
;
$app
->
plugin
->
raiseEvent
(
'login_failed'
,
$username
);
//* Save failed login message to var
$authlog
=
'Failed login for user \''
.
$username
.
'\' from '
.
$_SERVER
[
'REMOTE_ADDR'
]
.
' at '
.
date
(
'Y-m-d H:i:s'
);
$authlog_handle
=
fopen
(
$conf
[
'ispconfig_log_dir'
]
.
'/auth.log'
,
'a'
);
fwrite
(
$authlog_handle
,
$authlog
.
"
\n
"
);
fclose
(
$authlog_handle
);
}
}
//* Incorrect login - Username and password incorrect
$error
=
$app
->
lng
(
'error_user_password_incorrect'
);
if
(
$app
->
db
->
errorMessage
!=
''
)
$error
.
=
'<br />'
.
$app
->
db
->
errorMessage
!=
''
;
$app
->
plugin
->
raiseEvent
(
'login_failed'
,
$username
);
//* Save failed login message to var
$authlog
=
'Failed login for user \''
.
$username
.
'\' from '
.
$_SERVER
[
'REMOTE_ADDR'
]
.
' at '
.
date
(
'Y-m-d H:i:s'
);
$authlog_handle
=
fopen
(
$conf
[
'ispconfig_log_dir'
]
.
'/auth.log'
,
'a'
);
fwrite
(
$authlog_handle
,
$authlog
.
"
\n
"
);
fclose
(
$authlog_handle
);
}
}
}
}
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
