hestiacp/web/delete/log/auth/index.php

<?php
use function Hestiacp\quoteshellarg\quoteshellarg;

include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";

// Check token
verify_csrf($_GET);

// Check if administrator is viewing system log (currently 'admin' user)
if ($_SESSION["userContext"] === "admin" && isset($_GET["user"])) {
	$user = quoteshellarg($_GET["user"]);
	$token = $_SESSION["token"];
}

// Clear log
exec(HESTIA_CMD . "v-delete-user-auth-log " . $user, $output, $return_var);
check_return_code($return_var, $output);
unset($output);

$ip = $_SERVER["REMOTE_ADDR"];
if (isset($_SERVER["HTTP_CF_CONNECTING_IP"])) {
	if (!empty($_SERVER["HTTP_CF_CONNECTING_IP"])) {
		$ip = $_SERVER["HTTP_CF_CONNECTING_IP"];
	}
}
$v_ip = quoteshellarg($ip);
$user_agent = $_SERVER["HTTP_USER_AGENT"];
$v_user_agent = quoteshellarg($user_agent);

$v_session_id = quoteshellarg($_SESSION["token"]);

// Add current user session back to log unless impersonating another user
if (!isset($_SESSION["look"])) {
	exec(
		HESTIA_CMD .
			"v-log-user-login " .
			$user .
			" " .
			$v_ip .
			" success " .
			$v_session_id .
			" " .
			$v_user_agent,
		$output,
		$return_var,
	);
}

// Flush session messages
unset($_SESSION["error_msg"]);
unset($_SESSION["ok_msg"]);

// Set correct page reload target
if ($_SESSION["userContext"] === "admin" && !empty($_GET["user"])) {
	header("Location: /list/log/auth/?user=" . $_GET["user"] . "&token=$token");
} else {
	header("Location: /list/log/auth/");
}

exit();
Initial 1 year ago			`<?php`
			`use function Hestiacp\quoteshellarg\quoteshellarg;`

			`include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";`

			`// Check token`
			`verify_csrf($_GET);`

			`// Check if administrator is viewing system log (currently 'admin' user)`
			`if ($_SESSION["userContext"] === "admin" && isset($_GET["user"])) {`
			`$user = quoteshellarg($_GET["user"]);`
			`$token = $_SESSION["token"];`
			`}`

			`// Clear log`
			`exec(HESTIA_CMD . "v-delete-user-auth-log " . $user, $output, $return_var);`
			`check_return_code($return_var, $output);`
			`unset($output);`

			`$ip = $_SERVER["REMOTE_ADDR"];`
			`if (isset($_SERVER["HTTP_CF_CONNECTING_IP"])) {`
			`if (!empty($_SERVER["HTTP_CF_CONNECTING_IP"])) {`
			`$ip = $_SERVER["HTTP_CF_CONNECTING_IP"];`
			`}`
			`}`
			`$v_ip = quoteshellarg($ip);`
			`$user_agent = $_SERVER["HTTP_USER_AGENT"];`
			`$v_user_agent = quoteshellarg($user_agent);`

			`$v_session_id = quoteshellarg($_SESSION["token"]);`

			`// Add current user session back to log unless impersonating another user`
			`if (!isset($_SESSION["look"])) {`
			`exec(`
			`HESTIA_CMD .`
			`"v-log-user-login " .`
			`$user .`
			`" " .`
			`$v_ip .`
			`" success " .`
			`$v_session_id .`
			`" " .`
			`$v_user_agent,`
			`$output,`
			`$return_var,`
			`);`
			`}`

			`// Flush session messages`
			`unset($_SESSION["error_msg"]);`
			`unset($_SESSION["ok_msg"]);`

			`// Set correct page reload target`
			`if ($_SESSION["userContext"] === "admin" && !empty($_GET["user"])) {`
			`header("Location: /list/log/auth/?user=" . $_GET["user"] . "&token=$token");`
			`} else {`
			`header("Location: /list/log/auth/");`
			`}`

			`exit();`