$value) {
if ($value && $time - $value > $cooldown) {
unset ($fails[$key]);
$updatefails = true;
}
}
if ($updatefails) {
$failtext = implode("\n", $fails);
fileWrite($failfile, $failtext);
}
if (count($fails) >= $maxfails) {
$error = _('Too many invalid login attempts');
if (count($fails) == $maxfails)
exec("logger -t webGUI ".escapeshellarg("Ignoring login attempts for {$_POST['username']} from {$remote_addr}"));
} else {
// User Login attempt, validate credentials
if (($_POST['username'] == "root")) {
// more: integrate with PAM to avoid direct access to /etc/shadow and validate other user names (future)
$output = exec("/usr/bin/grep root /etc/shadow");
if ($output !== false) {
$strCredentials = explode(":", $output);
if (password_verify($_POST['password'], $strCredentials[1])) {
// Successful login, start session
@unlink($failfile);
session_start();
$_SESSION['unraid_login'] = time();
$_SESSION['unraid_user'] = $_POST['username'];
session_regenerate_id(true);
session_write_close();
exec("logger -t webGUI ".escapeshellarg("Successful login user {$_POST['username']} from {$remote_addr}"));
header("Location: /".$var['START_PAGE']);
exit;
}
}
}
// Invalid login
$error = _('Invalid Username or Password');
exec("logger -t webGUI ".escapeshellarg("Unsuccessful login user {$_POST['username']} from {$remote_addr}"));
}
fileAppend($failfile, $time."\n");
}
$boot = "/boot/config/plugins/dynamix";
$myfile = "case-model.cfg";
$mycase = file_exists("$boot/$myfile") ? file_get_contents("$boot/$myfile") : false;
extract(parse_plugin_cfg('dynamix',true));
$theme_dark = in_array($display['theme'],['black','gray']);
?>
<?=$var['NAME']?>/Login
">
![](<?=autov("/webGui/images/$mycase")?>)