-
Notifications
You must be signed in to change notification settings - Fork 2
/
ActionPage.php
50 lines (49 loc) · 1.43 KB
/
ActionPage.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
<?php
session_start();
if (isset($_POST['uname']) and isset($_POST['psw'])) {
$user=$_POST['uname'];
$pass=$_POST['psw'];
if (preg_match('/^[a-z0-9]*$/',$user) && preg_match('/^[a-zA-Z0-9*!@#^_]*$/',$pass)) {
// Check if the post request comes from the login page
if (isset($_POST['auth2']) and hash_equals($_POST['auth2'],hash_hmac('sha256', '/ActionPage.php', $_SESSION['auth_token']))) {
$siausr = trim(shell_exec('source /boot/parameters.txt; echo $SIAUSR'));
exec("sudo bin/checker $user $pass", $output, $exitcode);
if ( $exitcode === 0 and strcmp($siausr,$user) === 0 ) {
session_regenerate_id(true);
$_SESSION['uname'] = $user;
$_SESSION['timeout'] = time();
$_SESSION['authenticator']=bin2hex(random_bytes(32));
$hash=$_SESSION['authenticator'];
exec("sudo bin/writehash $hash");
unset($hash);
header('Location: home.html');
exit();
} else {
session_unset();
session_destroy();
header('Location: index.html?status=invalid');
exit();
}
} else {
session_unset();
session_destroy();
header('Location: index.html?status=invalid');
exit();
}
} else {
session_unset();
session_destroy();
header('Location: index.html?status=invalid');
exit();
}
}
if (isset($_POST['logout'])) {
session_unset();
session_destroy();
$hash="loggout";
exec("sudo bin/writehash $hash");
unset($hash);
header('Location: index.html?status=loggedout');
exit();
}
?>