Initial

2024-03-19 22:05:27 +03:00
commit 346a50856b
1572 changed files with 182163 additions and 0 deletions
--- a/web/reset2fa/index.php
+++ b/web/reset2fa/index.php
@@ -0,0 +1,66 @@
+<?php
+use function Hestiacp\quoteshellarg\quoteshellarg;
+
+define("NO_AUTH_REQUIRED", true);
+$TAB = "RESET PASSWORD";
+
+if (isset($_SESSION["user"])) {
+	header("Location: /list/user");
+}
+
+// Main include
+include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
+
+//Check values
+if (!empty($_POST["user"]) && !empty($_POST["twofa"])) {
+	// Check token
+	verify_csrf($_POST);
+	$error = true;
+	$v_user = quoteshellarg($_POST["user"]);
+	$user = $_POST["user"];
+	$twofa = $_POST["twofa"];
+	exec(HESTIA_CMD . "v-list-user " . $v_user . " json", $output, $return_var);
+	if ($return_var == 0) {
+		$data = json_decode(implode("", $output), true);
+		if ($data[$user]["TWOFA"] == $twofa) {
+			$success = true;
+			exec(HESTIA_CMD . "v-delete-user-2fa " . $v_user, $output, $return_var);
+			session_destroy();
+		} else {
+			exec(
+				HESTIA_CMD .
+					"v-log-user-login " .
+					$v_user .
+					" " .
+					$v_ip .
+					" failed " .
+					$v_session_id .
+					" " .
+					$v_user_agent .
+					' yes "Failed to enter correct 2FA reset key"',
+				$output,
+				$return_var,
+			);
+			sleep(5);
+		}
+	} else {
+		exec(
+			HESTIA_CMD .
+				"v-log-user-login " .
+				$v_user .
+				" " .
+				$v_ip .
+				" failed " .
+				$v_session_id .
+				" " .
+				$v_user_agent .
+				' yes "Failed to enter correct 2FA reset key"',
+			$output,
+			$return_var,
+		);
+		sleep(5);
+	}
+}
+
+require_once "../templates/header.php";
+require_once "../templates/pages/login/reset2fa.php";