Initial

web/delete/log/auth/index.php

@@ -0,0 +1,60 @@
+<?php
+use function Hestiacp\quoteshellarg\quoteshellarg;
+
+include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
+
+// Check token
+verify_csrf($_GET);
+
+// Check if administrator is viewing system log (currently 'admin' user)
+if ($_SESSION["userContext"] === "admin" && isset($_GET["user"])) {
+	$user = quoteshellarg($_GET["user"]);
+	$token = $_SESSION["token"];
+}
+
+// Clear log
+exec(HESTIA_CMD . "v-delete-user-auth-log " . $user, $output, $return_var);
+check_return_code($return_var, $output);
+unset($output);
+
+$ip = $_SERVER["REMOTE_ADDR"];
+if (isset($_SERVER["HTTP_CF_CONNECTING_IP"])) {
+	if (!empty($_SERVER["HTTP_CF_CONNECTING_IP"])) {
+		$ip = $_SERVER["HTTP_CF_CONNECTING_IP"];
+	}
+}
+$v_ip = quoteshellarg($ip);
+$user_agent = $_SERVER["HTTP_USER_AGENT"];
+$v_user_agent = quoteshellarg($user_agent);
+
+$v_session_id = quoteshellarg($_SESSION["token"]);
+
+// Add current user session back to log unless impersonating another user
+if (!isset($_SESSION["look"])) {
+	exec(
+		HESTIA_CMD .
+			"v-log-user-login " .
+			$user .
+			" " .
+			$v_ip .
+			" success " .
+			$v_session_id .
+			" " .
+			$v_user_agent,
+		$output,
+		$return_var,
+	);
+}
+
+// Flush session messages
+unset($_SESSION["error_msg"]);
+unset($_SESSION["ok_msg"]);
+
+// Set correct page reload target
+if ($_SESSION["userContext"] === "admin" && !empty($_GET["user"])) {
+	header("Location: /list/log/auth/?user=" . $_GET["user"] . "&token=$token");
+} else {
+	header("Location: /list/log/auth/");
+}
+
+exit();