chown -R www-data:www-data '.$GLOBALS['logpath'].'
', '

chmod 0740 '.$GLOBALS['logfile'].'

', '

'.$GLOBALS['logfile'].'

'); $err_lvl = 3; $dis_login = 0; } if(!is_writable($GLOBALS['logpath'])) { $err_msg = sprintf($lang['chkfileperm'], '

chown -R www-data:www-data '.$GLOBALS['logpath'].'

', '

chmod 0740 '.$GLOBALS['logpath'].'

', '

'.$GLOBALS['logpath'].'

'); $err_lvl = 3; $dis_login = 0; } if(!function_exists('exec')) { unset($err_msg); $err_msg = sprintf($lang['insterr3'],'exec','//php.net/manual/en/book.exec.php',get_cfg_var('cfg_file_path')); $err_lvl = 3; $dis_login = 1; } else { exec("$phpcommand -v", $phpversioncheck); $output = ''; foreach($phpversioncheck as $line) $output .= print_r($line, true).'
'; if(empty($phpversioncheck) || strtoupper(substr($phpversioncheck[0], 0, 3)) != "PHP") { $err_msg = sprintf($lang['chkphpcmd'], "\"other/phpcommand.php\"", "\"other/phpcommand.php\"", '

'.$phpcommand.'

', '

'.$output.'

', '

php -v

'); $err_lvl = 3; $dis_login = 1; } else { $exploded = explode(' ',$phpversioncheck[0]); if($exploded[1] != phpversion()) { $err_msg = sprintf($lang['chkphpmulti'], phpversion(), "\"other/phpcommand.php\"", $exploded[1], "\"other/phpcommand.php\"", "\"other/phpcommand.php\"", '

'.$phpcommand.'

'); if(getenv('PATH')!='') { $err_msg .= "

".sprintf($lang['chkphpmulti2'], '
'.getenv('PATH')); } $err_lvl = 2; } } } if(!isset($err_msg) && version_compare(PHP_VERSION, '7.2.0', '<')) { $err_msg = "Your PHP Version: (".PHP_VERSION.") is outdated and no longer supported. Please update it!"; $err_lvl = 2; } if(!isset($cfg['webinterface_access_count']) || $cfg['webinterface_access_count'] != NULL) $cfg['webinterface_access_count'] = 0; if(!isset($cfg['webinterface_access_last']) || $cfg['webinterface_access_last'] != NULL) $cfg['webinterface_access_last'] = 0; if(($cfg['webinterface_access_last'] + 1) >= time()) { $waittime = $cfg['webinterface_access_last'] + 2 - time(); $err_msg = sprintf($lang['errlogin2'],$waittime); $err_lvl = 3; } elseif ($cfg['webinterface_access_count'] >= 10) { enter_logfile(3,sprintf($lang['brute'], getclientip())); $err_msg = $lang['errlogin3']; $err_lvl = 3; $bantime = time() + 299; if($mysqlcon->exec("INSERT INTO `$dbname`.`cfg_params` (`param`,`value`) VALUES ('webinterface_access_last','{$bantime}'),('webinterface_access_count','0') ON DUPLICATE KEY UPDATE `value`=VALUES(`value`)") === false) { } } elseif (isset($_POST['username']) && hash_equals($_POST['username'], $cfg['webinterface_user']) && password_verify($_POST['password'], $cfg['webinterface_pass'])) { $_SESSION[$rspathhex.'username'] = $cfg['webinterface_user']; $_SESSION[$rspathhex.'password'] = $cfg['webinterface_pass']; $_SESSION[$rspathhex.'clientip'] = getclientip(); $_SESSION[$rspathhex.'newversion'] = $cfg['version_latest_available']; if(isset($cfg['stats_news_html'])) $_SESSION[$rspathhex.'stats_news_html'] = $cfg['stats_news_html']; enter_logfile(6,sprintf($lang['brute2'], getclientip())); if($mysqlcon->exec("INSERT INTO `$dbname`.`cfg_params` (`param`,`value`) VALUES ('webinterface_access_count','0') ON DUPLICATE KEY UPDATE `value`=VALUES(`value`)") === false) { } header("Location: $prot://".$_SERVER['HTTP_HOST'].rtrim(dirname($_SERVER['PHP_SELF']), '/\\')."/bot.php"); exit; } elseif(isset($_POST['username'])) { $nowtime = time(); enter_logfile(5,sprintf($lang['brute1'], getclientip(), htmlspecialchars($_POST['username']))); $cfg['webinterface_access_count']++; if($mysqlcon->exec("INSERT INTO `$dbname`.`cfg_params` (`param`,`value`) VALUES ('webinterface_access_last','{$nowtime}'),('webinterface_access_count','{$cfg['webinterface_access_count']}') ON DUPLICATE KEY UPDATE `value`=VALUES(`value`)") === false) { } $err_msg = $lang['errlogin']; $err_lvl = 3; } if(isset($_SESSION[$rspathhex.'username']) && hash_equals($_SESSION[$rspathhex.'username'], $cfg['webinterface_user']) && hash_equals($_SESSION[$rspathhex.'password'], $cfg['webinterface_pass'])) { header("Location: $prot://".$_SERVER['HTTP_HOST'].rtrim(dirname($_SERVER['PHP_SELF']), '/\\')."/bot.php"); exit; } require_once('_nav.php'); ?>