= ~PHP_INT_MAX);
}
$maxfails = 3;
$cooldown = 15*60;
$remote_addr = $_SERVER['REMOTE_ADDR'] ?? "unknown";
$failfile = "/var/log/pwfail/{$remote_addr}";
if (!empty($_POST['username']) && !empty($_POST['password'])) {
@mkdir("/var/log/pwfail/", 0755);
$failtext = fileRead($failfile);
$fails = explode("\n", trim($failtext));
$time = time();
// remove entries older than $cooldown minutes, and entries that are not timestamps
$updatefails = false;
foreach ((array) $fails as $key => $value) {
if ( !isValidTimeStamp($value) || ($time - $value > $cooldown) || ($value > $time) ) {
unset ($fails[$key]);
$updatefails = true;
}
}
if ($updatefails) {
$failtext = implode("\n", $fails)."\n";
fileWrite($failfile, $failtext);
}
if (count($fails) >= $maxfails) {
$error = _('Too many invalid login attempts');
if (count($fails) == $maxfails)
exec("logger -t webGUI ".escapeshellarg("Ignoring login attempts for {$_POST['username']} from {$remote_addr}"));
} else {
// User Login attempt, validate credentials
if (($_POST['username'] == "root")) {
// more: integrate with PAM to avoid direct access to /etc/shadow and validate other user names (future)
$output = exec("/usr/bin/grep root /etc/shadow");
if ($output !== false) {
$strCredentials = explode(":", $output);
if (password_verify($_POST['password'], $strCredentials[1])) {
// Successful login, start session
@unlink($failfile);
session_start();
$_SESSION['unraid_login'] = time();
$_SESSION['unraid_user'] = $_POST['username'];
session_regenerate_id(true);
session_write_close();
exec("logger -t webGUI ".escapeshellarg("Successful login user {$_POST['username']} from {$remote_addr}"));
header("Location: /".$var['START_PAGE']);
exit;
}
}
}
// Invalid login
$error = _('Invalid Username or Password');
exec("logger -t webGUI ".escapeshellarg("Unsuccessful login user {$_POST['username']} from {$remote_addr}"));
}
fileAppend($failfile, $time."\n");
}
$boot = "/boot/config/plugins/dynamix";
$myfile = "case-model.cfg";
$mycase = file_exists("$boot/$myfile") ? file_get_contents("$boot/$myfile") : false;
extract(parse_plugin_cfg('dynamix',true));
$theme_dark = in_array($display['theme'],['black','gray']);
?>
<?=$var['NAME']?>/Login
">
![](<?=autov("/webGui/images/$mycase")?>)