<?php $modulePermissions_Encoded = file_get_contents("conf/module_permissions.json"); $symlinks_Encoded = file_get_contents("conf/symlinks.json"); $modulePermissions = json_decode($modulePermissions_Encoded, true); $symlinksList = json_decode($symlinks_Encoded, true); include "Framework/framework.php"; $potentialSymlink_Unclean = $_GET["a"]; $potentialSymlink = strtolower(atlasui_string_clean($potentialSymlink_Unclean, 1, true)); if ($potentialSymlink !== "") { if (empty($symlinksList[$potentialSymlink]) == false) { $symlinkTitle = $symlinksList[$potentialSymlink]["name"]; $moduleFileLocation = $symlinksList[$potentialSymlink]["location"]; $modulePermission = $modulePermissions[$potentialSymlink]["permissions"]; if ($modulePermission <= $scadaUserPermission_GroupID) { print "<title>{$symlinkTitle}</title>"; include "modules/" . $moduleFileLocation; } else { include "modules/error-detection/invalid-permissions.php"; } } else { include "modules/error-detection/http_errors/404.php"; } } else { include "modules/error-detection/http_errors/404.php"; }
print "</form>"; print "</body>"; print "</html>"; } if (strlen($_POST["username"]) > 4) { include "Framework/framework.php"; $configJSON_Encoded = file_get_contents("conf/config.json"); $configJSON_Decoded = json_decode($configJSON_Encoded, true); $passwordHash = $configJSON_Decoded["preferences"]["password_hash"]; $uncleanUsername = $_POST["username"]; $uncleanPassword = $_POST["password"]; $uncleanBotProtection = $_POST["botProtection"]; $botProtectionActual = $_POST["botProtectionActual"]; $unhashedUsername = atlasui_string_clean($uncleanUsername, 1, true); $unhashedPassword = atlasui_string_clean($uncleanPassword, 1, true); $inputBotProtection = atlasui_string_clean($uncleanBotProtection, 1, true); if ($inputBotProtection == $botProtectionActual) { $userFile_Hash = substr(atlasui_encrypt($unhashedUsername, "strong", "100000", $passwordHash), 0, 16); $hashedUsername = atlasui_encrypt($unhashedUsername, "strong", "100000", $passwordHash); $hashedPassword = atlasui_encrypt($unhashedPassword, "strong", "100000", $passwordHash); if (file_exists("users/{$userFile_Hash}.json")) { $userInfo_Encoded = file_get_contents("users/{$userFile_Hash}.json"); $userInfo_Decoded = json_decode($userInfo_Encoded, true); if ($userInfo_Decoded["general"]["username"] == $hashedUsername && $userInfo_Decoded["general"]["password"] == $hashedPassword) { $setCookie_Address = $_SERVER['SERVER_NAME']; setcookie("openweb-scada", $hashedUsername, time() + 3600 * 24 * 14, __DIR__, $setCookie_Address, false, true); atlasui_redirect("index", 0.5); } else { loginForm(); } } else {