Jump to content
Froxlor Forum
  • 0
Karthik

I got index.php page code when i access ipaddress/froxlor/

Question

I Installed froxlor in my New Droplet.  when I access ipaddress/froxlor/ Page.. Display Following codings...

 

How can resolve my Issue.

 

 

 

(2003-2009) * @author Froxlor team (2010-) * @license GPLv2 http://files.froxlor.org/misc/COPYING.txt * @package Panel * */ define('AREA', 'login'); require './lib/init.php'; if ($action == '') { $action = 'login'; } if ($action == 'login') { if (isset($_POST['send']) && $_POST['send'] == 'send') { $loginname = validate($_POST['loginname'], 'loginname'); $password = validate($_POST['password'], 'password'); $stmt = Database::prepare("SELECT `loginname` AS `customer` FROM `" . TABLE_PANEL_CUSTOMERS . "` WHERE `loginname`= :loginname" ); Database::pexecute($stmt, array("loginname" => $loginname)); $row = $stmt->fetch(PDO::FETCH_ASSOC); if ($row['customer'] == $loginname) { $table = "`" . TABLE_PANEL_CUSTOMERS . "`"; $uid = 'customerid'; $adminsession = '0'; $is_admin = false; } else { $is_admin = true; if ((int)Settings::Get('login.domain_login') == 1) { $domainname = $idna_convert->encode(preg_replace(array('/\ :(\d)+$/', '/^https?\:\/\//'), '', $loginname)); $stmt = Database::prepare("SELECT `customerid` FROM `" . TABLE_PANEL_DOMAINS . "` WHERE `domain` = :domain" ); Database::pexecute($stmt, array("domain" => $domainname)); $row2 = $stmt->fetch(PDO::FETCH_ASSOC); if (isset($row2['customerid']) && $row2['customerid'] > 0) { $loginname = getCustomerDetail($row2['customerid'], 'loginname'); if ($loginname !== false) { $stmt = Database::prepare("SELECT `loginname` AS `customer` FROM `" . TABLE_PANEL_CUSTOMERS . "` WHERE `loginname`= :loginname" ); Database::pexecute($stmt, array("loginname" => $loginname)); $row3 = $stmt->fetch(PDO::FETCH_ASSOC); if ($row3['customer'] == $loginname) { $table = "`" . TABLE_PANEL_CUSTOMERS . "`"; $uid = 'customerid'; $adminsession = '0'; $is_admin = false; } } } } } if ((hasUpdates($version) || hasDbUpdates($dbversion)) && $is_admin == false) { redirectTo('index.php'); exit; } if ($is_admin) { if (hasUpdates($version) || hasDbUpdates($dbversion)) { $stmt = Database::prepare("SELECT `loginname` AS `admin` FROM `" . TABLE_PANEL_ADMINS . "` WHERE `loginname`= :loginname AND `change_serversettings` = '1'" ); Database::pexecute($stmt, array("loginname" => $loginname)); $row = $stmt->fetch(PDO::FETCH_ASSOC); if (!isset($row['admin'])) { // not an admin who can see updates redirectTo('index.php'); exit; } } else { $stmt = Database::prepare("SELECT `loginname` AS `admin` FROM `" . TABLE_PANEL_ADMINS . "` WHERE `loginname`= :loginname" ); Database::pexecute($stmt, array("loginname" => $loginname)); $row = $stmt->fetch(PDO::FETCH_ASSOC); } if ($row['admin'] == $loginname) { $table = "`" . TABLE_PANEL_ADMINS . "`"; $uid = 'adminid'; $adminsession = '1'; } else { // Log failed login $rstlog = FroxlorLogger::getInstanceOf(array('loginname' => $_SERVER['REMOTE_ADDR'])); $rstlog->logAction(LOGIN_ACTION, LOG_WARNING, "Unknown user '" . $loginname . "' tried to login."); redirectTo('index.php', array('showmessage' => '2')); exit; } } $userinfo_stmt = Database::prepare("SELECT * FROM $table WHERE `loginname`= :loginname" ); Database::pexecute($userinfo_stmt, array("loginname" => $loginname)); $userinfo = $userinfo_stmt->fetch(PDO::FETCH_ASSOC); if ($userinfo['loginfail_count'] >= Settings::Get('login.maxloginattempts') && $userinfo['lastlogin_fail'] > (time() - Settings::Get('login.deactivatetime'))) { redirectTo('index.php', array('showmessage' => '3')); exit; } elseif (validatePasswordLogin($userinfo, $password, $table, $uid)) { // only show "you're banned" if the login was successful // because we don't want to publish that the user does exist if ($userinfo['deactivated']) { unset($userinfo); redirectTo('index.php', array('showmessage' => '5')); exit; } else { // login correct // reset loginfail_counter, set lastlogin_succ $stmt = Database::prepare("UPDATE $table SET `lastlogin_succ`= :lastlogin_succ, `loginfail_count`='0' WHERE `$uid`= :uid" ); Database::pexecute($stmt, array("lastlogin_succ" => time(), "uid" => $userinfo[$uid])); $userinfo['userid'] = $userinfo[$uid]; $userinfo['adminsession'] = $adminsession; } } else { // login incorrect $stmt = Database::prepare("UPDATE $table SET `lastlogin_fail`= :lastlogin_fail, `loginfail_count`=`loginfail_count`+1 WHERE `$uid`= :uid" ); Database::pexecute($stmt, array("lastlogin_fail" => time(), "uid" => $userinfo[$uid])); // Log failed login $rstlog = FroxlorLogger::getInstanceOf(array('loginname' => $_SERVER['REMOTE_ADDR'])); $rstlog->logAction(LOGIN_ACTION, LOG_WARNING, "User '" . $loginname . "' tried to login with wrong password."); unset($userinfo); redirectTo('index.php', array('showmessage' => '2')); exit; } if (isset($userinfo['userid']) && $userinfo['userid'] != '') { $s = md5(uniqid(microtime(), 1)); if (isset($_POST['language'])) { $language = validate($_POST['language'], 'language'); if ($language == 'profile') { $language = $userinfo['def_language']; } elseif (!isset($languages[$language])) { $language = Settings::Get('panel.standardlanguage'); } } else { $language = Settings::Get('panel.standardlanguage'); } if (isset($userinfo['theme']) && $userinfo['theme'] != '') { $theme = $userinfo['theme']; } else { $theme = Settings::Get('panel.default_theme'); } if (Settings::Get('session.allow_multiple_login') != '1') { $stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_SESSIONS . "` WHERE `userid` = :uid AND `adminsession` = :adminsession" ); Database::pexecute($stmt, array("uid" => $userinfo['userid'], "adminsession" => $userinfo['adminsession'])); } // check for field 'theme' in session-table, refs #607 // Changed with #1287 to new method $theme_field = false; $stmt = Database::query("SHOW COLUMNS FROM panel_sessions LIKE 'theme'"); while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) { if ($row['Field'] == "theme") { $has_theme = true; } } $params = array( "hash" => $s, "userid" => $userinfo['userid'], "ipaddress" => $remote_addr, "useragent" => $http_user_agent, "lastactivity" => time(), "language" => $language, "adminsession" => $userinfo['adminsession'] ); if ($has_theme) { $params["theme"] = $theme; $stmt = Database::prepare("INSERT INTO `" . TABLE_PANEL_SESSIONS . "` (`hash`, `userid`, `ipaddress`, `useragent`, `lastactivity`, `language`, `adminsession`, `theme`) VALUES (:hash, :userid, :ipaddress, :useragent, :lastactivity, :language, :adminsession, :theme)" ); } else { $stmt = Database::prepare("INSERT INTO `" . TABLE_PANEL_SESSIONS . "` (`hash`, `userid`, `ipaddress`, `useragent`, `lastactivity`, `language`, `adminsession`) VALUES (:hash, :userid, :ipaddress, :useragent, :lastactivity, :language, :adminsession)" ); } Database::pexecute($stmt, $params); $qryparams = array(); if (isset($_POST['qrystr']) && $_POST['qrystr'] != "") { parse_str(urldecode($_POST['qrystr']), $qryparams); } $qryparams['s'] = $s; if ($userinfo['adminsession'] == '1') { if (hasUpdates($version) || hasDbUpdates($dbversion)) { redirectTo('admin_updates.php', array('s' => $s)); } else { if (isset($_POST['script']) && $_POST['script'] != "") { if (preg_match("/customer\_/", $_POST['script']) === 1) { redirectTo('admin_customers.php', array("page" => "customers")); } else { redirectTo($_POST['script'], $qryparams); } } else { redirectTo('admin_index.php', $qryparams); } } } else { if (isset($_POST['script']) && $_POST['script'] != "") { redirectTo($_POST['script'], $qryparams); } else { redirectTo('customer_index.php', $qryparams); } } } else { redirectTo('index.php', array('showmessage' => '2')); } exit; } else { $language_options = ''; $language_options .= makeoption($lng['login']['profile_lng'], 'profile', 'profile', true, true); while (list($language_file, $language_name) = each($languages)) { $language_options .= makeoption($language_name, $language_file, 'profile', true); } $smessage = isset($_GET['showmessage']) ? (int)$_GET['showmessage'] : 0; $message = ''; $successmessage = ''; switch ($smessage) { case 1: $successmessage = $lng['pwdreminder']['success']; break; case 2: $message = $lng['error']['login']; break; case 3: $message = sprintf($lng['error']['login_blocked'], Settings::Get('login.deactivatetime')); break; case 4: $cmail = isset($_GET['customermail']) ? $_GET['customermail'] : 'unknown'; $message = str_replace('%s', $cmail, $lng['error']['errorsendingmail']); break; case 5: $message = $lng['error']['user_banned']; break; case 6: $successmessage = $lng['pwdreminder']['changed']; break; case 7: $message = $lng['pwdreminder']['wrongcode']; break; case 8: $message = $lng['pwdreminder']['notallowed']; break; } $update_in_progress = ''; if (hasUpdates($version) || hasDbUpdates($dbversion)) { $update_in_progress = $lng['update']['updateinprogress_onlyadmincanlogin']; } // Pass the last used page if needed $lastscript = ""; if (isset($_REQUEST['script']) && $_REQUEST['script'] != "") { $lastscript = $_REQUEST['script']; if (!file_exists(__DIR__."/".$lastscript)) { $lastscript = ""; } } $lastqrystr = ""; if (isset($_REQUEST['qrystr']) && $_REQUEST['qrystr'] != "") { $lastqrystr = strip_tags($_REQUEST['qrystr']); } eval("echo \"" . getTemplate('login') . "\";"); } } if ($action == 'forgotpwd') { $adminchecked = false; $message = ''; if (isset($_POST['send']) && $_POST['send'] == 'send') { $loginname = validate($_POST['loginname'], 'loginname'); $email = validateEmail($_POST['loginemail'], 'email'); $result_stmt = Database::prepare("SELECT `adminid`, `customerid`, `firstname`, `name`, `company`, `email`, `loginname`, `def_language`, `deactivated` FROM `" . TABLE_PANEL_CUSTOMERS . "` WHERE `loginname`= :loginname AND `email`= :email" ); Database::pexecute($result_stmt, array("loginname" => $loginname, "email" => $email)); if (Database::num_rows() == 0) { $result_stmt = Database::prepare("SELECT `adminid`, `name`, `email`, `loginname`, `def_language`, `deactivated` FROM `" . TABLE_PANEL_ADMINS . "` WHERE `loginname`= :loginname AND `email`= :email" ); Database::pexecute($result_stmt, array("loginname" => $loginname, "email" => $email)); if (Database::num_rows() > 0) { $adminchecked = true; } else { $result_stmt = null; } } if ($result_stmt !== null) { $user = $result_stmt->fetch(PDO::FETCH_ASSOC); /* Check whether user is banned */ if ($user['deactivated']) { redirectTo('index.php', array('showmessage' => '8')); exit; } if (($adminchecked && Settings::Get('panel.allow_preset_admin') == '1') || $adminchecked == false) { if ($user !== false) { // build a activation code $timestamp = time(); $first = substr(md5($user['loginname'] . $timestamp . randomStr(16)), 0, 15); $third = substr(md5($user['email'] . $timestamp . randomStr(16)), -15); $activationcode = $first . $timestamp . $third . substr(md5($third . $timestamp), 0, 10); // Drop all existing activation codes for this user $stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_ACTIVATION . "` WHERE `userid` = :userid AND `admin` = :admin" ); $params = array( "userid" => $adminchecked ? $user['adminid'] : $user['customerid'], "admin" => $adminchecked ? 1 : 0 ); Database::pexecute($stmt, $params); // Add new activation code to database $stmt = Database::prepare("INSERT INTO `" . TABLE_PANEL_ACTIVATION . "` (userid, admin, creation, activationcode) VALUES (:userid, :admin, :creation, :activationcode)" ); $params = array( "userid" => $adminchecked ? $user['adminid'] : $user['customerid'], "admin" => $adminchecked ? 1 : 0, "creation" => $timestamp, "activationcode" => $activationcode ); Database::pexecute($stmt, $params); $rstlog = FroxlorLogger::getInstanceOf(array('loginname' => 'password_reset')); $rstlog->logAction(USR_ACTION, LOG_WARNING, "User '" . $user['loginname'] . "' requested a link for setting a new password."); // Set together our activation link $protocol = empty( $_SERVER['HTTPS'] ) ? 'http' : 'https'; // this can be a fixed value to avoid potential exploiting by modifying headers $host = Settings::Get('system.hostname'); // $_SERVER['HTTP_HOST']; $port = $_SERVER['SERVER_PORT'] != 80 ? ':' . $_SERVER['SERVER_PORT'] : ''; // don't add :443 when https is used, as it is default (and just looks weird!) if ($protocol == 'https' && $_SERVER['SERVER_PORT'] == '443') { $port = ''; } // there can be only one script to handle this so we can use a fixed value here $script = "/index.php"; // $_SERVER['SCRIPT_NAME']; if (Settings::Get('system.froxlordirectlyviahostname') == 0) { $script = makeCorrectFile("/".basename(__DIR__)."/".$script); } $activationlink = $protocol . '://' . $host . $port . $script . '?action=resetpwd&resetcode=' . $activationcode; $replace_arr = array( 'SALUTATION' => getCorrectUserSalutation($user), 'USERNAME' => $loginname, 'LINK' => $activationlink ); $def_language = ($user['def_language'] != '') ? $user['def_language'] : Settings::Get('panel.standardlanguage'); $result_stmt = Database::prepare('SELECT `value` FROM `' . TABLE_PANEL_TEMPLATES . '` WHERE `adminid`= :adminid AND `language`= :lang AND `templategroup`=\'mails\' AND `varname`=\'password_reset_subject\'' ); Database::pexecute($result_stmt, array("adminid" => $user['adminid'], "lang" => $def_language)); $result = $result_stmt->fetch(PDO::FETCH_ASSOC); $mail_subject = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $lng['mails']['password_reset']['subject']), $replace_arr)); $result_stmt = Database::prepare('SELECT `value` FROM `' . TABLE_PANEL_TEMPLATES . '` WHERE `adminid`= :adminid AND `language`= :lang AND `templategroup`=\'mails\' AND `varname`=\'password_reset_mailbody\'' ); Database::pexecute($result_stmt, array("adminid" => $user['adminid'], "lang" => $def_language)); $result = $result_stmt->fetch(PDO::FETCH_ASSOC); $mail_body = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $lng['mails']['password_reset']['mailbody']), $replace_arr)); $_mailerror = false; try { $mail->Subject = $mail_subject; $mail->AltBody = $mail_body; $mail->MsgHTML(str_replace("\n", "

 

 

Edited by d00p
put code into spoiler-tag as it's very long

Share this post


Link to post
Share on other sites

2 answers to this question

Recommended Posts

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

  • Similar Content

    • By lprod
      Hei zusammen, 
      ich hab jetzt einen neuen Server und hab aber im Prinzip noch keine Ahnung -irgendwie muss man ja anfangen. 
      Hab von froxlor viel positives gehört und wollte das ausprobieren. 
      Bei der Installation habe ich -- siehe Anhang -- zwei Problempunkte. Trotz vieler Befehle, die ich mir aus dem Internet zusammen gesucht habe, bin ich dafür zu blöd.
      Was muss ich hier wie machen? 
      Danke! 😄

    • By Randall Newman
      I have been in the process of installing Froxlor in a Google Cloud Instance. All the errors I have encountered I was able to fix them by searching on the web, but this one I couldn't find a solution for the past two hours. Simply I need help solving this error.😓

    • By n8v8r
      CentOS 7.4 _x64 / PHP7.2.1 / Apache 2.4 / Froxlor 0.9.38.8
      Installation success, wanting to login the installation page keeps on returning, dejavu all over
      the browser console shows
       
       
    • By Boergi
      Hallo zusammen,
      ich bin leider ein wenig am verzweifel. 
      Ich habe froxlor über apt auf Debian Jessie installiert. 
      (Verwendete Anleitung: https://www.secretisland.de/froxlor-installation-debian/ )
      Froxlor lässt sich über
      http://[Server]/froxlor/
      einwandfrei erreichen.
      Dann nach
      http://www.servermom.org/how-to-install-froxlor-on-debian-or-ubuntu-vps/
      http://www.servermom.org/basic-setup-for-froxlor-control-panel/2757/
      konfiguriert. 
      Es hat alles ohne Fehler geklappt.
      Leider wird nach dem Erstellen von Kunden, domains etc keine Verzeichnisse erstellt.
      Es gibt nicht einmal  das customers Verzeichnis ( var/customers/ ) !!!
      Was mich allerdings Wundert ... 
      Im Admin Panel => System => Konfiguration  
      (ich weis nicht wozu das überhaupt ist - GLAUBE aber, das ist nur für das ÄNDERN des Servers. )
      Kann ich
      Distribution =>     Debian Jessie
      Service =>            Webserver
      Daemon =>            Apache 2.4
      auswählen. 
      Wenn ich aber das angegebene Komando
      chmod u+x example-script.sh
      ./example-script.sh
      ausführen möchte.. 
      root@testserver-deb8:/home/boergi# chmod u+x example-script.sh
      chmod: Zugriff auf „example-script.sh“ nicht möglich: Datei oder Verzeichnis nicht gefunden
      root@testserver-deb8:/home/boergi# ./example-script.sh
      bash: ./example-script.sh: Datei oder Verzeichnis nicht gefunden
      root@testserver-deb8:/home/boergi#
      wird das example-script.sh nicht gefunden.
      Obwohl ich ja nicht verstehe, wofür diese Konfiguration notwendig ist.... habe ich nach "example-script.sh" im Formum
      gesucht... Leider ohne relevanten erfolg.

      Weis jemand Rat - oder Info-Seiten, die mir bei meinem Problem (Verzeichnisse werden nicht erstellt)  helfen können.
      Vielen Dank für eure Hilfe
      Boergi
    • By nisamudeen97
      Hi,
      Is Ubuntu16 compatible with froxlor.  I have tried the same.  FCGI getting failed.  I am unable to find documentation for the same in "Configuration"  inside froxlor. 




×
×
  • Create New...