chown -R www-data:www-data '.$cfg['logs_path'].'
', '

chmod 640 '.$cfg['logs_path'].'ranksystem.log

', '

'.$cfg['logs_path'].'ranksystem.log

'); $err_lvl = 3; $dis_login = 1; } if(!is_writable($cfg['logs_path'])) { $err_msg = sprintf($lang['chkfileperm'], '

chown -R www-data:www-data '.$cfg['logs_path'].'

', '

chmod 740 '.$cfg['logs_path'].'

', '

'.$cfg['logs_path'].'

'); $err_lvl = 3; $dis_login = 1; } if(!function_exists('exec')) { unset($err_msg); $err_msg = sprintf($lang['insterr3'],'exec','//php.net/manual/en/book.exec.php'); $err_lvl = 3; $dis_login = 1; } else { exec("$phpcommand -v", $phpversioncheck); $output = ''; foreach($phpversioncheck as $line) $output .= print_r($line, true).'
'; if(empty($phpversioncheck) || strtoupper(substr($phpversioncheck[0], 0, 3)) != "PHP") { $err_msg = sprintf($lang['chkphpcmd'], "\"other/phpcommand.php\"", "\"other/phpcommand.php\"", '

'.$phpcommand.'

', '

'.$output.'

', '

php -v

'); $err_lvl = 3; $dis_login = 1; } else { $exploded = explode(' ',$phpversioncheck[0]); if($exploded[1] != phpversion()) { $err_msg = sprintf($lang['chkphpmulti'], phpversion(), "\"other/phpcommand.php\"", $exploded[1], "\"other/phpcommand.php\"", "\"other/phpcommand.php\"", '

'.$phpcommand.'

'); if(getenv('PATH')!='') { $err_msg .= "

".sprintf($lang['chkphpmulti2'], '
'.getenv('PATH')); } $err_lvl = 2; } } } function enter_logfile($cfg,$loglevel,$logtext,$norotate = false) { if($loglevel > $cfg['logs_debug_level']) return; $file = $cfg['logs_path'].'ranksystem.log'; if ($loglevel == 1) { $loglevel = " CRITICAL "; } elseif ($loglevel == 2) { $loglevel = " ERROR "; } elseif ($loglevel == 3) { $loglevel = " WARNING "; } elseif ($loglevel == 4) { $loglevel = " NOTICE "; } elseif ($loglevel == 5) { $loglevel = " INFO "; } elseif ($loglevel == 6) { $loglevel = " DEBUG "; } $loghandle = fopen($file, 'a'); fwrite($loghandle, DateTime::createFromFormat('U.u', number_format(microtime(true), 6, '.', ''))->setTimeZone(new DateTimeZone($cfg['logs_timezone']))->format("Y-m-d H:i:s.u ").$loglevel.$logtext."\n"); fclose($loghandle); if($norotate == false && filesize($file) > ($cfg['logs_rotation_size'] * 1048576)) { $loghandle = fopen($file, 'a'); fwrite($loghandle, DateTime::createFromFormat('U.u', number_format(microtime(true), 6, '.', ''))->setTimeZone(new DateTimeZone($cfg['logs_timezone']))->format("Y-m-d H:i:s.u ")." NOTICE Logfile filesie of 5 MiB reached.. Rotate logfile.\n"); fclose($loghandle); $file2 = "$file.old"; if(file_exists($file2)) unlink($file2); rename($file, $file2); $loghandle = fopen($file, 'a'); fwrite($loghandle, DateTime::createFromFormat('U.u', number_format(microtime(true), 6, '.', ''))->setTimeZone(new DateTimeZone($cfg['logs_timezone']))->format("Y-m-d H:i:s.u ")." NOTICE Rotated logfile...\n"); fclose($loghandle); } } function getclientip() { if (!empty($_SERVER['HTTP_CLIENT_IP'])) return $_SERVER['HTTP_CLIENT_IP']; elseif(!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) return $_SERVER['HTTP_X_FORWARDED_FOR']; elseif(!empty($_SERVER['HTTP_X_FORWARDED'])) return $_SERVER['HTTP_X_FORWARDED']; elseif(!empty($_SERVER['HTTP_FORWARDED_FOR'])) return $_SERVER['HTTP_FORWARDED_FOR']; elseif(!empty($_SERVER['HTTP_FORWARDED'])) return $_SERVER['HTTP_FORWARDED']; elseif(!empty($_SERVER['REMOTE_ADDR'])) return $_SERVER['REMOTE_ADDR']; else return false; } if(($cfg['webinterface_access_last'] + 1) >= time()) { $waittime = $cfg['webinterface_access_last'] + 2 - time(); $err_msg = sprintf($lang['errlogin2'],$waittime); $err_lvl = 3; } elseif ($cfg['webinterface_access_count'] >= 10) { enter_logfile($cfg,3,sprintf($lang['brute'], getclientip())); $err_msg = $lang['errlogin3']; $err_lvl = 3; $bantime = time() + 299; if($mysqlcon->exec("INSERT INTO `$dbname`.`cfg_params` (`param`,`value`) VALUES ('webinterface_access_last','{$bantime}'),('webinterface_access_count','0') ON DUPLICATE KEY UPDATE `value`=VALUES(`value`)") === false) { } } elseif (isset($_POST['username']) && $_POST['username'] == $cfg['webinterface_user'] && password_verify($_POST['password'], $cfg['webinterface_pass'])) { $_SESSION[$rspathhex.'username'] = $cfg['webinterface_user']; $_SESSION[$rspathhex.'password'] = $cfg['webinterface_pass']; $_SESSION[$rspathhex.'clientip'] = getclientip(); $_SESSION[$rspathhex.'newversion'] = $cfg['version_latest_available']; enter_logfile($cfg,6,sprintf($lang['brute2'], getclientip())); if($mysqlcon->exec("INSERT INTO `$dbname`.`cfg_params` (`param`,`value`) VALUES ('webinterface_access_count','0') ON DUPLICATE KEY UPDATE `value`=VALUES(`value`)") === false) { } header("Location: //".$_SERVER['HTTP_HOST'].rtrim(dirname($_SERVER['PHP_SELF']), '/\\')."/bot.php"); exit; } elseif(isset($_POST['username'])) { $nowtime = time(); enter_logfile($cfg,5,sprintf($lang['brute1'], getclientip(), $_POST['username'])); $cfg['webinterface_access_count']++; if($mysqlcon->exec("INSERT INTO `$dbname`.`cfg_params` (`param`,`value`) VALUES ('webinterface_access_last','{$nowtime}'),('webinterface_access_count','{$cfg['webinterface_access_count']}') ON DUPLICATE KEY UPDATE `value`=VALUES(`value`)") === false) { } $err_msg = $lang['errlogin']; $err_lvl = 3; } if(isset($_SESSION[$rspathhex.'username']) && $_SESSION[$rspathhex.'username'] == $cfg['webinterface_user'] && $_SESSION[$rspathhex.'password'] == $cfg['webinterface_pass']) { header("Location: //".$_SERVER['HTTP_HOST'].rtrim(dirname($_SERVER['PHP_SELF']), '/\\')."/bot.php"); exit; } require_once('nav.php'); ?>