<?php
use function Hestiacp\quoteshellarg\quoteshellarg;

ob_start();
$TAB = "FIREWALL";

// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";

// Check user
if ($_SESSION["userContext"] != "admin") {
	header("Location: /list/user");
	exit();
}

// Check POST request
if (!empty($_POST["ok"])) {
	// Check token
	verify_csrf($_POST);

	// Check empty fields
	if (empty($_POST["v_chain"])) {
		$errors[] = _("Banlist");
	}
	if (empty($_POST["v_ip"])) {
		$errors[] = _("IP Address");
	}
	if (!empty($errors[0])) {
		foreach ($errors as $i => $error) {
			if ($i == 0) {
				$error_msg = $error;
			} else {
				$error_msg = $error_msg . ", " . $error;
			}
		}
		$_SESSION["error_msg"] = sprintf(_('Field "%s" can not be blank.'), $error_msg);
	}

	// Protect input
	$v_chain = quoteshellarg($_POST["v_chain"]);
	$v_ip = quoteshellarg($_POST["v_ip"]);

	// Add firewall rule
	if (empty($_SESSION["error_msg"])) {
		exec(HESTIA_CMD . "v-add-firewall-ban " . $v_ip . " " . $v_chain, $output, $return_var);
		check_return_code($return_var, $output);
		unset($output);
	}

	// Flush field values on success
	if (empty($_SESSION["error_msg"])) {
		$_SESSION["ok_msg"] = _("IP address has been banned successfully.");
		unset($v_chain);
		unset($v_ip);
	}
}

if (empty($v_ip)) {
	$v_ip = "";
}
if (empty($v_chain)) {
	$v_chain = "";
}
// Render
render_page($user, $TAB, "add_firewall_banlist");

// Flush session messages
unset($_SESSION["error_msg"]);
unset($_SESSION["ok_msg"]);