login.php

#/user/local/vesta/web/login/index.php
`<?php

define('NO_AUTH_REQUIRED',true);

// Main include
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");

//echo $_SESSION['request_uri'];

$TAB = 'LOGIN';

// Logout
if (isset($_GET['logout'])) {
session_destroy();
}

// Login as someone else
if (isset($_SESSION['user'])) {
if ($_SESSION['user'] == 'admin' && !empty($_GET['loginas'])) {
exec (VESTA_CMD . "v-list-user ".escapeshellarg($_GET['loginas'])." json", $output, $return_var);
if ( $return_var == 0 ) {
$data = json_decode(implode('', $output), true);
reset($data);
$_SESSION['look'] = key($data);
$_SESSION['look_alert'] = 'yes';
}
}
header("Location: /");
exit;
}

/************************************/
$sec_key=false;
if ( isset($_POST['security_code'])) {
if ( $_SESSION['security_code']!=$_POST['security_code'] ) {
$ERROR = "Invalid code";
$sec_key=false;
} else {
$sec_key=true;
}
}
/**********************************/

// Basic auth
if (isset($_POST['user']) && isset($_POST['password'])) {
$v_user = escapeshellarg($_POST['user']);

// Send password via tmp file
$v_password = exec('mktemp -p /tmp');
$fp = fopen($v_password, "w");
fwrite($fp, $_POST['password']."\n");
fclose($fp);

// Check user & password
exec(VESTA_CMD ."v-check-user-password ".$v_user." ".$v_password." ".escapeshellarg($_SERVER['REMOTE_ADDR']),  $output, $return_var);
unset($output);

// Remove tmp file
unlink($v_password);

// Check API answer
if ( $return_var > 0 ) {
    $ERROR = "<a class=\"error\">".__('Invalid username or password')."</a>";

} else {
    if ( $sec_key ) {//captcha control
    // Make root admin user
    if ($_POST['user'] == 'root') $v_user = 'admin';

    // Get user speciefic parameters
    exec (VESTA_CMD . "v-list-user ".$v_user." json", $output, $return_var);
    $data = json_decode(implode('', $output), true);

    // Define session user
    $_SESSION['user'] = key($data);
    $v_user = $_SESSION['user'];

    // Get user favorites
    get_favourites();

    // Define language
    if (!empty($data[$v_user]['LANGUAGE'])) $_SESSION['language'] = $data[$v_user]['LANGUAGE'];

    // Redirect request to control panel interface
    if (!empty($_SESSION['request_uri'])) {
        header("Location: ".$_SESSION['request_uri']);
        unset($_SESSION['request_uri']);
        exit;
    } else {
        header("Location: /");
        exit;
        }
    }//sec_key
}
}

// Check system configuration
exec (VESTA_CMD . "v-list-sys-config json", $output, $return_var);
$data = json_decode(implode('', $output), true);
$sys_arr = $data['config'];
foreach ($sys_arr as $key => $value) {
$_SESSION[$key] = $value;
}

// Detect language
if (empty($_SESSION['language'])) {
$output = '';
exec (VESTA_CMD."v-list-sys-config json", $output, $return_var);
$config = json_decode(implode('', $output), true);
$lang = $config['config']['LANGUAGE'];

$output = '';
exec (VESTA_CMD."v-list-sys-languages json", $output, $return_var);
$languages = json_decode(implode('', $output), true);
if(in_array($lang, $languages)){
    $_SESSION['language'] = $lang;
}
}

require_once($_SERVER['DOCUMENT_ROOT'].'/inc/i18n/'.$_SESSION['language'].'.php');
require_once('../templates/header.html');
require_once('../templates/login.html');
`