release 1.3.9

webinterface/changepassword.php

@@ -1,82 +1,6 @@
 <?PHP
-ini_set('session.cookie_httponly', 1);
-ini_set('session.use_strict_mode', 1);
-if(in_array('sha512', hash_algos())) {
-	ini_set('session.hash_function', 'sha512');
-}
-if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") {
-	ini_set('session.cookie_secure', 1);
-	if(!headers_sent()) {
-		header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;");
-	}
-}
-session_start();
-
-require_once('../other/config.php');
-require_once('../other/phpcommand.php');
-
-function enter_logfile($cfg,$loglevel,$logtext,$norotate = false) {
-	if($loglevel > $cfg['logs_debug_level']) return;
-	$file = $cfg['logs_path'].'ranksystem.log';
-	if ($loglevel == 1) {
-		$loglevel = "  CRITICAL  ";
-	} elseif ($loglevel == 2) {
-		$loglevel = "  ERROR     ";
-	} elseif ($loglevel == 3) {
-		$loglevel = "  WARNING   ";
-	} elseif ($loglevel == 4) {
-		$loglevel = "  NOTICE    ";
-	} elseif ($loglevel == 5) {
-		$loglevel = "  INFO      ";
-	} elseif ($loglevel == 6) {
-		$loglevel = "  DEBUG     ";
-	}
-	$loghandle = fopen($file, 'a');
-	fwrite($loghandle, DateTime::createFromFormat('U.u', number_format(microtime(true), 6, '.', ''))->setTimeZone(new DateTimeZone($cfg['logs_timezone']))->format("Y-m-d H:i:s.u ").$loglevel.$logtext."\n");
-	fclose($loghandle);
-	if($norotate == false && filesize($file) > ($cfg['logs_rotation_size'] * 1048576)) {
-		$loghandle = fopen($file, 'a');
-		fwrite($loghandle, DateTime::createFromFormat('U.u', number_format(microtime(true), 6, '.', ''))->setTimeZone(new DateTimeZone($cfg['logs_timezone']))->format("Y-m-d H:i:s.u ")."  NOTICE    Logfile filesie of 5 MiB reached.. Rotate logfile.\n");
-		fclose($loghandle);
-		$file2 = "$file.old";
-		if(file_exists($file2)) unlink($file2);
-		rename($file, $file2);
-		$loghandle = fopen($file, 'a');
-		fwrite($loghandle, DateTime::createFromFormat('U.u', number_format(microtime(true), 6, '.', ''))->setTimeZone(new DateTimeZone($cfg['logs_timezone']))->format("Y-m-d H:i:s.u ")."  NOTICE    Rotated logfile...\n");
-		fclose($loghandle);
-	}
-}
-
-function getclientip() {
-	if (!empty($_SERVER['HTTP_CLIENT_IP']))
-		return $_SERVER['HTTP_CLIENT_IP'];
-	elseif(!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
-		return $_SERVER['HTTP_X_FORWARDED_FOR'];
-	elseif(!empty($_SERVER['HTTP_X_FORWARDED']))
-		return $_SERVER['HTTP_X_FORWARDED'];
-	elseif(!empty($_SERVER['HTTP_FORWARDED_FOR']))
-		return $_SERVER['HTTP_FORWARDED_FOR'];
-	elseif(!empty($_SERVER['HTTP_FORWARDED']))
-		return $_SERVER['HTTP_FORWARDED'];
-	elseif(!empty($_SERVER['REMOTE_ADDR']))
-		return $_SERVER['REMOTE_ADDR'];
-	else
-		return false;
-}
-
-if (isset($_POST['logout'])) {
-    rem_session_ts3($rspathhex);
-	header("Location: //".$_SERVER['HTTP_HOST'].rtrim(dirname($_SERVER['PHP_SELF']), '/\\'));
-	exit;
-}
-
-if (!isset($_SESSION[$rspathhex.'username']) || $_SESSION[$rspathhex.'username'] != $cfg['webinterface_user'] || $_SESSION[$rspathhex.'password'] != $cfg['webinterface_pass'] || $_SESSION[$rspathhex.'clientip'] != getclientip()) {
-	header("Location: //".$_SERVER['HTTP_HOST'].rtrim(dirname($_SERVER['PHP_SELF']), '/\\'));
-	exit;
-}
-
-require_once('nav.php');
-$csrf_token = bin2hex(openssl_random_pseudo_bytes(32));
+require_once('_preload.php');
+require_once('_nav.php');
 
 if ($mysqlcon->exec("INSERT INTO `$dbname`.`csrf_token` (`token`,`timestamp`,`sessionid`) VALUES ('$csrf_token','".time()."','".session_id()."')") === false) {
 	$err_msg = print_r($mysqlcon->errorInfo(), true);