<% local username = _POST["username"] or _GET["username"] or "" local password = _POST["password"] or _GET["password"] or "" local remember = _POST["remember"] or _GET["remember"] or "" username = string.sub(username, 1, 128) password = string.sub(password, 1, 128) local msg = {} if _SESSION["logined"] ~= nil then rawset(msg, "code", 0) print(json.encode(msg)) exit() end if _SESSION["admin"] ~= nil then local enableTwoFactor, twoFactorCode = c_GetAdminSecretCode(_SESSION["admin"]) if enableTwoFactor ~= nil and enableTwoFactor == true then rawset(_SESSION,"logintime",os.time()) if _SESSION["totp_randomkey"] == nil or _SESSION["totp_randomkey"] == "" then rawset(_SESSION,"totp_randomkey",c_TotpRandomKey(_REMOTE_IP)) end SessionModule.save(_SESSION_ID) if twoFactorCode ~= nil and twoFactorCode == "" then data = {} rawset(data, "key", _SESSION["totp_randomkey"]) rawset(data, "admin", _SESSION["admin"]) rawset(msg, "code", 1) rawset(msg, "data", data) print(json.encode(msg)) else data = {} rawset(data, "msg","input auth key") rawset(msg, "code", 2) rawset(msg, "data", data) print(json.encode(msg)) end else rawset(msg, "code", 0) print(json.encode(msg)) end exit() end if c_CheckAdmin(username,password) == false or c_CheckAdminIp(username,_REMOTE_IP) == false then c_AddAdminFailedIp(_REMOTE_IP) c_AddAdminLog("administrator '"..string.sub(username, 1, 64).."'(IP:".._REMOTE_IP..") login failed!",ADMIN_LOG_ERROR) data = {} rawset(data, "msg", "login failed") rawset(msg, "code", -1) rawset(msg, "data", data) print(json.encode(msg)) else if _COOKIE["UIDADMIN"] ~= nil then _SESSION_ID = _COOKIE["UIDADMIN"] local retval = SessionModule.load(_SESSION_ID) if retval == false then _SESSION_ID = SessionModule.new() if _UseSSL == true then _SETCOOKIE = _SETCOOKIE.."Set-Cookie: UIDADMIN=".._SESSION_ID.."; SameSite=Strict; HttpOnly; Secure\r\n" else _SETCOOKIE = _SETCOOKIE.."Set-Cookie: UIDADMIN=".._SESSION_ID.."; SameSite=Strict; HttpOnly\r\n" end rawset(_COOKIE,"UIDADMIN",_SESSION_ID) end else _SESSION_ID = SessionModule.new() if _UseSSL == true then _SETCOOKIE = _SETCOOKIE.."Set-Cookie: UIDADMIN=".._SESSION_ID.."; SameSite=Strict; HttpOnly; Secure\r\n" else _SETCOOKIE = _SETCOOKIE.."Set-Cookie: UIDADMIN=".._SESSION_ID.."; SameSite=Strict; HttpOnly\r\n" end rawset(_COOKIE,"UIDADMIN",_SESSION_ID) end rawset(_SESSION,"ipaddress",_REMOTE_IP) rawset(_SESSION,"admin",username) for _,domain in pairs(c_GetDomainList()) do local online = tostring(c_IsDomainOnline(domain)) rawset(_SESSION,"online_"..domain,online) end if c_GetAdminType(username) == true then rawset(_SESSION,"admin_readonly",1) else rawset(_SESSION,"admin_readonly",0) end local domainadmin,domainlist,basefolder = c_GetDomainAdminType(username) rawset(_SESSION,"admin_domainadmin",domainadmin) rawset(_SESSION,"admin_domainlist",domainlist) rawset(_SESSION,"admin_basefolder",basefolder) rawset(_SESSION,"admin_nowpath",basefolder) SessionModule.save(_SESSION_ID) if remember ~= "" then setcookie("admin_login_name",username,2101702507) end if _COOKIE["admin_lang"] == nil then _COOKIE["admin_lang"] = "english" end local enableTwoFactor, twoFactorCode = c_GetAdminSecretCode(username) if enableTwoFactor ~= nil and enableTwoFactor == true then c_AddAdminLog("administrator '"..username.."' passed password authentication, need TOTP authentication. (IP:".._REMOTE_IP..")",ADMIN_LOG_OK) rawset(_SESSION,"logintime",os.time()) if _SESSION["totp_randomkey"] == nil or _SESSION["totp_randomkey"] == "" then rawset(_SESSION,"totp_randomkey",c_TotpRandomKey(_REMOTE_IP)) end SessionModule.save(_SESSION_ID) if twoFactorCode ~= nil and twoFactorCode == "" then data = {} rawset(data, "key", _SESSION["totp_randomkey"]) rawset(data, "admin", _SESSION["admin"]) rawset(msg, "code", 1) rawset(msg, "data", data) print(json.encode(msg)) else data = {} rawset(data, "msg","input auth key") rawset(msg, "code", 2) rawset(msg, "data", data) print(json.encode(msg)) end else rawset(_SESSION,"logined","true") SessionModule.save(_SESSION_ID) c_ClearAdminSession() c_RemoveAdminFailedIp(_REMOTE_IP) c_AddAdminLog("administrator '"..username.."'(IP:".._REMOTE_IP..") logged in ok!",ADMIN_LOG_OK) data = {} rawset(data, "msg", "login success") rawset(msg, "code", 0) rawset(msg, "data", data) print(json.encode(msg)) end end %>