release 1.3.9

webinterface/_preload.php

@@ -0,0 +1,89 @@
+<?PHP
+ini_set('session.cookie_httponly', 1);
+ini_set('session.use_strict_mode', 1);
+if(in_array('sha512', hash_algos())) {
+	ini_set('session.hash_function', 'sha512');
+}
+if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") {
+	$prot = 'https';
+	ini_set('session.cookie_secure', 1);
+	if(!headers_sent()) {
+		header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;");
+	}
+} else {
+	$prot = 'http';
+}
+session_start();
+
+require_once('../other/config.php');
+require_once('../other/phpcommand.php');
+
+function enter_logfile($cfg,$loglevel,$logtext,$norotate = false) {
+	if($loglevel > $cfg['logs_debug_level']) return;
+	$file = $cfg['logs_path'].'ranksystem.log';
+	switch ($loglevel) {
+		case 1: $loglevel = "  CRITICAL  "; break;
+		case 2: $loglevel = "  ERROR     "; break;
+		case 3: $loglevel = "  WARNING   "; break;
+		case 4: $loglevel = "  NOTICE    "; break;
+		case 5: $loglevel = "  INFO      "; break;
+		case 6: $loglevel = "  DEBUG     "; break;
+		default:$loglevel = "  NONE      ";
+	}
+	$loghandle = fopen($file, 'a');
+	fwrite($loghandle, DateTime::createFromFormat('U.u', number_format(microtime(true), 6, '.', ''))->setTimeZone(new DateTimeZone($cfg['logs_timezone']))->format("Y-m-d H:i:s.u ").$loglevel.$logtext."\n");
+	fclose($loghandle);
+	if($norotate == false && filesize($file) > ($cfg['logs_rotation_size'] * 1048576)) {
+		$loghandle = fopen($file, 'a');
+		fwrite($loghandle, DateTime::createFromFormat('U.u', number_format(microtime(true), 6, '.', ''))->setTimeZone(new DateTimeZone($cfg['logs_timezone']))->format("Y-m-d H:i:s.u ")."  NOTICE    Logfile filesie of 5 MiB reached.. Rotate logfile.\n");
+		fclose($loghandle);
+		$file2 = "$file.old";
+		if(file_exists($file2)) unlink($file2);
+		rename($file, $file2);
+		$loghandle = fopen($file, 'a');
+		fwrite($loghandle, DateTime::createFromFormat('U.u', number_format(microtime(true), 6, '.', ''))->setTimeZone(new DateTimeZone($cfg['logs_timezone']))->format("Y-m-d H:i:s.u ")."  NOTICE    Rotated logfile...\n");
+		fclose($loghandle);
+	}
+}
+
+function getclientip() {
+	if (!empty($_SERVER['HTTP_CLIENT_IP']))
+		return $_SERVER['HTTP_CLIENT_IP'];
+	elseif(!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
+		return $_SERVER['HTTP_X_FORWARDED_FOR'];
+	elseif(!empty($_SERVER['HTTP_X_FORWARDED']))
+		return $_SERVER['HTTP_X_FORWARDED'];
+	elseif(!empty($_SERVER['HTTP_FORWARDED_FOR']))
+		return $_SERVER['HTTP_FORWARDED_FOR'];
+	elseif(!empty($_SERVER['HTTP_FORWARDED']))
+		return $_SERVER['HTTP_FORWARDED'];
+	elseif(!empty($_SERVER['REMOTE_ADDR']))
+		return $_SERVER['REMOTE_ADDR'];
+	else
+		return false;
+}
+
+function error_handling($msg,$type = NULL) {
+	switch ($type) {
+		case NULL: echo '<div class="alert alert-success alert-dismissible">'; break;
+		case 1: echo '<div class="alert alert-info alert-dismissible">'; break;
+		case 2: echo '<div class="alert alert-warning alert-dismissible">'; break;
+		case 3: echo '<div class="alert alert-danger alert-dismissible">'; break;
+	}
+	echo '<button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">&times;</span></button>',$msg,'</div>';
+}
+
+if (isset($_POST['logout'])) {
+	echo "logout";
+	rem_session_ts3($rspathhex);
+	header("Location: $prot://".$_SERVER['HTTP_HOST'].rtrim(dirname($_SERVER['PHP_SELF']), '/\\'));
+	exit;
+}
+
+if (basename($_SERVER['SCRIPT_NAME']) != "index.php" && basename($_SERVER['SCRIPT_NAME']) != "resetpassword.php" && (!isset($_SESSION[$rspathhex.'username']) || $_SESSION[$rspathhex.'username'] != $cfg['webinterface_user'] || $_SESSION[$rspathhex.'password'] != $cfg['webinterface_pass'] || $_SESSION[$rspathhex.'clientip'] != getclientip())) {
+	header("Location: $prot://".$_SERVER['HTTP_HOST'].rtrim(dirname($_SERVER['PHP_SELF']), '/\\'));
+	exit;
+}
+
+$csrf_token = bin2hex(openssl_random_pseudo_bytes(32));
+?>