2018-03-04 11:40:47 +00:00
|
|
|
<?php
|
2022-03-03 18:19:18 +00:00
|
|
|
if (!defined('AREA')) {
|
2018-03-04 11:40:47 +00:00
|
|
|
header("Location: index.php");
|
|
|
|
exit();
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* This file is part of the Froxlor project.
|
|
|
|
* Copyright (c) 2018 the Froxlor Team (see authors).
|
|
|
|
*
|
|
|
|
* For the full copyright and license information, please view the COPYING
|
|
|
|
* file that was distributed with this source code. You can also view the
|
|
|
|
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
|
|
|
|
*
|
|
|
|
* @copyright (c) the authors
|
|
|
|
* @author Froxlor team <team@froxlor.org> (2018-)
|
|
|
|
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
|
|
|
|
* @package Panel
|
|
|
|
* @since 0.10.0
|
2018-12-21 11:24:07 +00:00
|
|
|
*
|
2018-03-04 11:40:47 +00:00
|
|
|
*/
|
|
|
|
|
2018-12-21 18:16:49 +00:00
|
|
|
use Froxlor\Database\Database;
|
2022-03-03 18:19:18 +00:00
|
|
|
use Froxlor\UI\Panel\UI;
|
2022-02-20 17:00:44 +00:00
|
|
|
use Froxlor\UI\Request;
|
2018-12-18 12:45:05 +00:00
|
|
|
|
2018-03-04 11:40:47 +00:00
|
|
|
// This file is being included in admin_index and customer_index
|
|
|
|
// and therefore does not need to require lib/init.php
|
|
|
|
|
2018-03-06 11:26:41 +00:00
|
|
|
$del_stmt = Database::prepare("DELETE FROM `" . TABLE_API_KEYS . "` WHERE id = :id");
|
|
|
|
$success_message = "";
|
2022-02-20 17:00:44 +00:00
|
|
|
$id = (int) Request::get('id');
|
2018-06-23 07:27:56 +00:00
|
|
|
$area = AREA;
|
2018-03-06 11:26:41 +00:00
|
|
|
|
2018-06-21 06:21:27 +00:00
|
|
|
// do the delete and then just show a success-message and the apikeys list again
|
2018-03-06 11:26:41 +00:00
|
|
|
if ($action == 'delete') {
|
|
|
|
if ($id > 0) {
|
2018-12-22 07:15:31 +00:00
|
|
|
$chk = (AREA == 'admin' && $userinfo['customers_see_all'] == '1') ? true : false;
|
2018-03-06 11:26:41 +00:00
|
|
|
if (AREA == 'customer') {
|
|
|
|
$chk_stmt = Database::prepare("
|
|
|
|
SELECT c.customerid FROM `" . TABLE_PANEL_CUSTOMERS . "` c
|
|
|
|
LEFT JOIN `" . TABLE_API_KEYS . "` ak ON ak.customerid = c.customerid
|
|
|
|
WHERE ak.`id` = :id AND c.`customerid` = :cid
|
|
|
|
");
|
|
|
|
$chk = Database::pexecute_first($chk_stmt, array(
|
|
|
|
'id' => $id,
|
2018-12-22 07:15:31 +00:00
|
|
|
'cid' => $userinfo['customerid']
|
2018-03-06 11:26:41 +00:00
|
|
|
));
|
2018-12-22 07:15:31 +00:00
|
|
|
} elseif (AREA == 'admin' && $userinfo['customers_see_all'] == '0') {
|
2018-03-06 11:26:41 +00:00
|
|
|
$chk_stmt = Database::prepare("
|
|
|
|
SELECT a.adminid FROM `" . TABLE_PANEL_ADMINS . "` a
|
|
|
|
LEFT JOIN `" . TABLE_API_KEYS . "` ak ON ak.adminid = a.adminid
|
|
|
|
WHERE ak.`id` = :id AND a.`adminid` = :aid
|
|
|
|
");
|
|
|
|
$chk = Database::pexecute_first($chk_stmt, array(
|
|
|
|
'id' => $id,
|
2018-12-22 07:15:31 +00:00
|
|
|
'aid' => $userinfo['adminid']
|
2018-03-06 11:26:41 +00:00
|
|
|
));
|
|
|
|
}
|
|
|
|
if ($chk !== false) {
|
|
|
|
Database::pexecute($del_stmt, array(
|
|
|
|
'id' => $id
|
|
|
|
));
|
2018-12-22 07:15:31 +00:00
|
|
|
$success_message = sprintf($lng['apikeys']['apikey_removed'], $id);
|
2018-03-06 11:26:41 +00:00
|
|
|
}
|
|
|
|
}
|
2018-03-06 11:43:24 +00:00
|
|
|
} elseif ($action == 'add') {
|
|
|
|
$ins_stmt = Database::prepare("
|
|
|
|
INSERT INTO `" . TABLE_API_KEYS . "` SET
|
|
|
|
`apikey` = :key, `secret` = :secret, `adminid` = :aid, `customerid` = :cid, `valid_until` = '-1', `allowed_from` = ''
|
|
|
|
");
|
2018-11-13 07:30:41 +00:00
|
|
|
// customer generates for himself, admins will see a customer-select-box later
|
2018-06-21 06:21:27 +00:00
|
|
|
if (AREA == 'admin') {
|
|
|
|
$cid = 0;
|
2018-12-21 11:24:07 +00:00
|
|
|
} elseif (AREA == 'customer') {
|
2018-12-22 07:15:31 +00:00
|
|
|
$cid = $userinfo['customerid'];
|
2018-06-21 06:21:27 +00:00
|
|
|
}
|
|
|
|
$key = hash('sha256', openssl_random_pseudo_bytes(64 * 64));
|
|
|
|
$secret = hash('sha512', openssl_random_pseudo_bytes(64 * 64 * 4));
|
|
|
|
Database::pexecute($ins_stmt, array(
|
|
|
|
'key' => $key,
|
|
|
|
'secret' => $secret,
|
2018-12-22 07:15:31 +00:00
|
|
|
'aid' => $userinfo['adminid'],
|
2018-06-21 06:21:27 +00:00
|
|
|
'cid' => $cid
|
|
|
|
));
|
2018-12-22 07:15:31 +00:00
|
|
|
$success_message = $lng['apikeys']['apikey_added'];
|
2018-06-22 08:05:04 +00:00
|
|
|
} elseif ($action == 'jqEditApiKey') {
|
2018-12-21 11:24:07 +00:00
|
|
|
$keyid = isset($_POST['id']) ? (int) $_POST['id'] : 0;
|
2018-06-22 08:05:04 +00:00
|
|
|
$allowed_from = isset($_POST['allowed_from']) ? $_POST['allowed_from'] : "";
|
2022-03-03 18:19:18 +00:00
|
|
|
$valid_until = isset($_POST['valid_until']) ? (int) $_POST['valid_until'] : -1;
|
2018-06-22 08:05:04 +00:00
|
|
|
|
2018-06-23 07:27:56 +00:00
|
|
|
// validate allowed_from
|
2022-03-03 18:19:18 +00:00
|
|
|
if (!empty($allowed_from)) {
|
2019-06-04 13:14:51 +00:00
|
|
|
$ip_list = array_map('trim', explode(",", $allowed_from));
|
|
|
|
$_check_list = $ip_list;
|
|
|
|
foreach ($_check_list as $idx => $ip) {
|
|
|
|
if (\Froxlor\Validate\Validate::validate_ip2($ip, true, 'invalidip', true, true) == false) {
|
|
|
|
unset($ip_list[$idx]);
|
|
|
|
}
|
2018-06-23 07:27:56 +00:00
|
|
|
}
|
2019-06-04 13:14:51 +00:00
|
|
|
$ip_list = array_map('inet_ntop', array_map('inet_pton', $ip_list));
|
|
|
|
$allowed_from = implode(",", array_unique($ip_list));
|
2018-06-23 07:27:56 +00:00
|
|
|
}
|
2018-06-22 08:05:04 +00:00
|
|
|
|
2022-03-03 18:19:18 +00:00
|
|
|
if ($valid_until <= 0 || !is_numeric($valid_until)) {
|
|
|
|
$valid_until = -1;
|
2018-06-22 08:05:04 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
$upd_stmt = Database::prepare("
|
|
|
|
UPDATE `" . TABLE_API_KEYS . "` SET
|
|
|
|
`valid_until` = :vu, `allowed_from` = :af
|
|
|
|
WHERE `id` = :keyid AND `adminid` = :aid AND `customerid` = :cid
|
|
|
|
");
|
|
|
|
if (AREA == 'admin') {
|
|
|
|
$cid = 0;
|
2018-12-21 11:24:07 +00:00
|
|
|
} elseif (AREA == 'customer') {
|
2018-12-22 07:15:31 +00:00
|
|
|
$cid = $userinfo['customerid'];
|
2018-06-22 08:05:04 +00:00
|
|
|
}
|
|
|
|
Database::pexecute($upd_stmt, array(
|
|
|
|
'keyid' => $keyid,
|
|
|
|
'af' => $allowed_from,
|
|
|
|
'vu' => $valid_until,
|
2018-12-22 07:15:31 +00:00
|
|
|
'aid' => $userinfo['adminid'],
|
2018-06-22 08:05:04 +00:00
|
|
|
'cid' => $cid
|
|
|
|
));
|
|
|
|
echo json_encode(true);
|
2018-12-21 11:24:07 +00:00
|
|
|
exit();
|
2018-03-06 11:26:41 +00:00
|
|
|
}
|
|
|
|
|
2018-12-26 14:51:26 +00:00
|
|
|
$log->logAction(\Froxlor\FroxlorLogger::USR_ACTION, LOG_NOTICE, "viewed api::api_keys");
|
2018-03-04 11:40:47 +00:00
|
|
|
|
2022-03-03 18:19:18 +00:00
|
|
|
// select all my (accessible) api-keys
|
2018-03-04 11:40:47 +00:00
|
|
|
$keys_stmt_query = "SELECT ak.*, c.loginname, a.loginname as adminname
|
|
|
|
FROM `" . TABLE_API_KEYS . "` ak
|
|
|
|
LEFT JOIN `" . TABLE_PANEL_CUSTOMERS . "` c ON `c`.`customerid` = `ak`.`customerid`
|
|
|
|
LEFT JOIN `" . TABLE_PANEL_ADMINS . "` a ON `a`.`adminid` = `ak`.`adminid`
|
|
|
|
WHERE ";
|
|
|
|
|
|
|
|
$qry_params = array();
|
2018-12-22 07:15:31 +00:00
|
|
|
if (AREA == 'admin' && $userinfo['customers_see_all'] == '0') {
|
2018-03-04 11:40:47 +00:00
|
|
|
// admin with only customer-specific permissions
|
|
|
|
$keys_stmt_query .= "ak.adminid = :adminid ";
|
2018-12-22 07:15:31 +00:00
|
|
|
$qry_params['adminid'] = $userinfo['adminid'];
|
2018-03-04 11:40:47 +00:00
|
|
|
$fields = array(
|
2018-12-22 07:15:31 +00:00
|
|
|
'a.loginname' => $lng['login']['username']
|
2018-03-04 11:40:47 +00:00
|
|
|
);
|
|
|
|
} elseif (AREA == 'customer') {
|
|
|
|
// customer-area
|
|
|
|
$keys_stmt_query .= "ak.customerid = :cid ";
|
2018-12-22 07:15:31 +00:00
|
|
|
$qry_params['cid'] = $userinfo['customerid'];
|
2018-03-04 11:40:47 +00:00
|
|
|
$fields = array(
|
2018-12-22 07:15:31 +00:00
|
|
|
'c.loginname' => $lng['login']['username']
|
2018-03-04 11:40:47 +00:00
|
|
|
);
|
|
|
|
} else {
|
|
|
|
// admin who can see all customers / reseller / admins
|
|
|
|
$keys_stmt_query .= "1 ";
|
|
|
|
$fields = array(
|
2018-12-22 07:15:31 +00:00
|
|
|
'a.loginname' => $lng['login']['username']
|
2018-03-04 11:40:47 +00:00
|
|
|
);
|
|
|
|
}
|
|
|
|
|
2022-03-03 18:19:18 +00:00
|
|
|
//$keys_stmt_query .= $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit();
|
2018-03-04 11:40:47 +00:00
|
|
|
|
|
|
|
$keys_stmt = Database::prepare($keys_stmt_query);
|
|
|
|
Database::pexecute($keys_stmt, $qry_params);
|
|
|
|
$all_keys = $keys_stmt->fetchAll(PDO::FETCH_ASSOC);
|
|
|
|
|
2022-03-03 18:19:18 +00:00
|
|
|
$apikeys_list_data = include_once dirname(__FILE__) . '/lib/tablelisting/tablelisting.apikeys.php';
|
|
|
|
$collection = [
|
|
|
|
'data' => $all_keys,
|
|
|
|
'pagination' => []
|
|
|
|
];
|
|
|
|
|
2022-03-14 11:36:53 +00:00
|
|
|
$tpl = 'user/table.html.twig';
|
|
|
|
if (!empty($success_message)) {
|
|
|
|
$tpl = 'user/table-note.html.twig';
|
|
|
|
}
|
|
|
|
|
|
|
|
UI::twigBuffer($tpl, [
|
2022-03-03 18:19:18 +00:00
|
|
|
'listing' => \Froxlor\UI\Listing::formatFromArray($collection, $apikeys_list_data['apikeys_list']),
|
|
|
|
'actions_links' => (int)$userinfo['api_allowed'] == 1 ? [[
|
|
|
|
'href' => $linker->getLink(['section' => 'index', 'page' => $page, 'action' => 'add']),
|
|
|
|
'label' => $lng['apikeys']['key_add']
|
2022-03-14 11:36:53 +00:00
|
|
|
]] : null,
|
|
|
|
// alert-box
|
|
|
|
'type' => 'success',
|
|
|
|
'alert_msg' => $success_message
|
2022-03-03 18:19:18 +00:00
|
|
|
]);
|
|
|
|
UI::twigOutputBuffer();
|