<?php

header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past
header("Content-Type: text/html; charset=UTF-8");
if((@$_GET['act'] == 'backups' || @$_GET['act'] == 'import_export') && !empty($_GET['download']) && substr_count($_GET['download'], './') == 0){
	header('Content-Disposition: attachment; filename="'.$_GET['download'].'"');
}

if(!function_exists('shell_exec')){
	die('shell_exec function is required for Softaculous to work.');
}

if(empty($_COOKIE['PHPSESSID']) && empty($_COOKIE['ISPCSESS'])){
	die('You are not logged into ISPConfig');
}

// Load the Panel
if(function_exists('random_bytes')){
	$sess = md5(bin2hex(random_bytes(32)));
}else{
	$sess = str_shuffle(md5(uniqid(microtime())));
}

$file = "/var/softtmp/".$sess;
	
// Touch the file
touch($file);
chmod($file, 0600);

$fp = fopen($file, "a");

if(empty($fp)){
	die('Could not write SESSION DATA.');
}
$array = array();
$array['SERVER'] = $_SERVER;
$array['POST'] = $_POST;
$array['GET'] = $_GET;
$array['REQUEST'] = $_REQUEST;
$array['COOKIE'] = $_COOKIE;
$array['FILES'] = $_FILES;

fwrite($fp, json_encode($array));
fclose($fp);
chmod($file, 0600);

//echo '/usr/local/softaculous/bin/soft sess '.$sess;
echo shell_exec('/usr/local/softaculous/bin/soft sess '.$sess);
@unlink($file); // load.php will also try to delete it!

// Just to ensure that there should not be any files as a security measures.
$d = date('i');
if($d % 2 == 0){
	
	if ($dh = opendir('/var/softtmp/')) {
		
		while (($dfile = readdir($dh)) !== false) {
			if($dfile == '.' || $dfile == '..') continue;
			
			clearstatcache();
			$stime = filemtime('/var/softtmp/'.$dfile);

			// Delete the file if its there for more than 10 seconds
			if($stime < (time() - 10)){
				@unlink('/var/softtmp/'.$dfile);
			}
		}
		
		closedir($dh);
	}
}

?>