89 lines
3.8 KiB
PHP
89 lines
3.8 KiB
PHP
<?PHP
|
|
ini_set('session.cookie_httponly', 1);
|
|
ini_set('session.use_strict_mode', 1);
|
|
if(in_array('sha512', hash_algos())) {
|
|
ini_set('session.hash_function', 'sha512');
|
|
}
|
|
if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") {
|
|
$prot = 'https';
|
|
ini_set('session.cookie_secure', 1);
|
|
if(!headers_sent()) {
|
|
header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;");
|
|
}
|
|
} else {
|
|
$prot = 'http';
|
|
}
|
|
session_start();
|
|
|
|
require_once('../other/config.php');
|
|
require_once('../other/phpcommand.php');
|
|
|
|
function enter_logfile($cfg,$loglevel,$logtext,$norotate = false) {
|
|
if($loglevel > $cfg['logs_debug_level']) return;
|
|
$file = $cfg['logs_path'].'ranksystem.log';
|
|
switch ($loglevel) {
|
|
case 1: $loglevel = " CRITICAL "; break;
|
|
case 2: $loglevel = " ERROR "; break;
|
|
case 3: $loglevel = " WARNING "; break;
|
|
case 4: $loglevel = " NOTICE "; break;
|
|
case 5: $loglevel = " INFO "; break;
|
|
case 6: $loglevel = " DEBUG "; break;
|
|
default:$loglevel = " NONE ";
|
|
}
|
|
$loghandle = fopen($file, 'a');
|
|
fwrite($loghandle, DateTime::createFromFormat('U.u', number_format(microtime(true), 6, '.', ''))->setTimeZone(new DateTimeZone($cfg['logs_timezone']))->format("Y-m-d H:i:s.u ").$loglevel.$logtext."\n");
|
|
fclose($loghandle);
|
|
if($norotate == false && filesize($file) > ($cfg['logs_rotation_size'] * 1048576)) {
|
|
$loghandle = fopen($file, 'a');
|
|
fwrite($loghandle, DateTime::createFromFormat('U.u', number_format(microtime(true), 6, '.', ''))->setTimeZone(new DateTimeZone($cfg['logs_timezone']))->format("Y-m-d H:i:s.u ")." NOTICE Logfile filesie of 5 MiB reached.. Rotate logfile.\n");
|
|
fclose($loghandle);
|
|
$file2 = "$file.old";
|
|
if(file_exists($file2)) unlink($file2);
|
|
rename($file, $file2);
|
|
$loghandle = fopen($file, 'a');
|
|
fwrite($loghandle, DateTime::createFromFormat('U.u', number_format(microtime(true), 6, '.', ''))->setTimeZone(new DateTimeZone($cfg['logs_timezone']))->format("Y-m-d H:i:s.u ")." NOTICE Rotated logfile...\n");
|
|
fclose($loghandle);
|
|
}
|
|
}
|
|
|
|
function getclientip() {
|
|
if (!empty($_SERVER['HTTP_CLIENT_IP']))
|
|
return $_SERVER['HTTP_CLIENT_IP'];
|
|
elseif(!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
|
|
return $_SERVER['HTTP_X_FORWARDED_FOR'];
|
|
elseif(!empty($_SERVER['HTTP_X_FORWARDED']))
|
|
return $_SERVER['HTTP_X_FORWARDED'];
|
|
elseif(!empty($_SERVER['HTTP_FORWARDED_FOR']))
|
|
return $_SERVER['HTTP_FORWARDED_FOR'];
|
|
elseif(!empty($_SERVER['HTTP_FORWARDED']))
|
|
return $_SERVER['HTTP_FORWARDED'];
|
|
elseif(!empty($_SERVER['REMOTE_ADDR']))
|
|
return $_SERVER['REMOTE_ADDR'];
|
|
else
|
|
return false;
|
|
}
|
|
|
|
function error_handling($msg,$type = NULL) {
|
|
switch ($type) {
|
|
case NULL: echo '<div class="alert alert-success alert-dismissible">'; break;
|
|
case 1: echo '<div class="alert alert-info alert-dismissible">'; break;
|
|
case 2: echo '<div class="alert alert-warning alert-dismissible">'; break;
|
|
case 3: echo '<div class="alert alert-danger alert-dismissible">'; break;
|
|
}
|
|
echo '<button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">×</span></button>',$msg,'</div>';
|
|
}
|
|
|
|
if (isset($_POST['logout'])) {
|
|
echo "logout";
|
|
rem_session_ts3($rspathhex);
|
|
header("Location: $prot://".$_SERVER['HTTP_HOST'].rtrim(dirname($_SERVER['PHP_SELF']), '/\\'));
|
|
exit;
|
|
}
|
|
|
|
if (basename($_SERVER['SCRIPT_NAME']) != "index.php" && basename($_SERVER['SCRIPT_NAME']) != "resetpassword.php" && (!isset($_SESSION[$rspathhex.'username']) || $_SESSION[$rspathhex.'username'] != $cfg['webinterface_user'] || $_SESSION[$rspathhex.'password'] != $cfg['webinterface_pass'] || $_SESSION[$rspathhex.'clientip'] != getclientip())) {
|
|
header("Location: $prot://".$_SERVER['HTTP_HOST'].rtrim(dirname($_SERVER['PHP_SELF']), '/\\'));
|
|
exit;
|
|
}
|
|
|
|
$csrf_token = bin2hex(openssl_random_pseudo_bytes(32));
|
|
?>
|