|
|
@@ -1,16 +1,16 @@
|
|
|
<?php
|
|
|
define('HESTIA_CMD', '/usr/bin/sudo /usr/local/hestia/bin/');
|
|
|
|
|
|
-if (isset($_POST['user']) || isset($_POST['hash'])) {
|
|
|
-
|
|
|
+function api($hst_hash, $hst_user, $hst_password, $hst_returncode, $hst_cmd, $hst_arg1, $hst_arg2, $hst_arg3, $hst_arg4, $hst_arg5, $hst_arg6, $hst_arg7, $hst_arg8, $hst_arg9){
|
|
|
+ //This exists, so native JSON can be used without the repeating the code twice, so future code changes are easier and dont need to be replicated twice
|
|
|
// Authentication
|
|
|
- if (empty($_POST['hash'])) {
|
|
|
- if ($_POST['user'] != 'admin') {
|
|
|
+ if (empty($hst_hash)) {
|
|
|
+ if ($hst_user != 'admin') {
|
|
|
echo 'Error: authentication failed';
|
|
|
exit;
|
|
|
}
|
|
|
|
|
|
- $password = $_POST['password'];
|
|
|
+ $password = $hst_password;
|
|
|
if (!isset($password)){
|
|
|
echo 'Error: missing authentication';
|
|
|
exit;
|
|
|
@@ -52,7 +52,7 @@ if (isset($_POST['user']) || isset($_POST['hash'])) {
|
|
|
exit;
|
|
|
}
|
|
|
} else {
|
|
|
- $key = '/usr/local/hestia/data/keys/' . basename($_POST['hash']);
|
|
|
+ $key = '/usr/local/hestia/data/keys/' . basename($hst_hash);
|
|
|
if (file_exists($key) && is_file($key)) {
|
|
|
exec(HESTIA_CMD ."v-check-api-key ".escapeshellarg($key)." ".$v_ip, $output, $return_var);
|
|
|
unset($output);
|
|
|
@@ -69,17 +69,16 @@ if (isset($_POST['user']) || isset($_POST['hash'])) {
|
|
|
}
|
|
|
|
|
|
// Prepare arguments
|
|
|
- if (isset($_POST['cmd'])) $cmd = escapeshellarg($_POST['cmd']);
|
|
|
- if (isset($_POST['arg1'])) $arg1 = escapeshellarg($_POST['arg1']);
|
|
|
- if (isset($_POST['arg2'])) $arg2 = escapeshellarg($_POST['arg2']);
|
|
|
- if (isset($_POST['arg3'])) $arg3 = escapeshellarg($_POST['arg3']);
|
|
|
- if (isset($_POST['arg4'])) $arg4 = escapeshellarg($_POST['arg4']);
|
|
|
- if (isset($_POST['arg5'])) $arg5 = escapeshellarg($_POST['arg5']);
|
|
|
- if (isset($_POST['arg6'])) $arg6 = escapeshellarg($_POST['arg6']);
|
|
|
- if (isset($_POST['arg7'])) $arg7 = escapeshellarg($_POST['arg7']);
|
|
|
- if (isset($_POST['arg8'])) $arg8 = escapeshellarg($_POST['arg8']);
|
|
|
- if (isset($_POST['arg9'])) $arg9 = escapeshellarg($_POST['arg9']);
|
|
|
-
|
|
|
+ if (isset($hst_cmd)) $cmd = escapeshellarg($hst_cmd);
|
|
|
+ if (isset($hst_arg1)) $arg1 = escapeshellarg($hst_arg1);
|
|
|
+ if (isset($hst_arg2)) $arg2 = escapeshellarg($hst_arg2);
|
|
|
+ if (isset($hst_arg3)) $arg3 = escapeshellarg($hst_arg3);
|
|
|
+ if (isset($hst_arg4)) $arg4 = escapeshellarg($hst_arg4);
|
|
|
+ if (isset($hst_arg5)) $arg5 = escapeshellarg($hst_arg5);
|
|
|
+ if (isset($hst_arg6)) $arg6 = escapeshellarg($hst_arg6);
|
|
|
+ if (isset($hst_arg7)) $arg7 = escapeshellarg($hst_arg7);
|
|
|
+ if (isset($hst_arg8)) $arg8 = escapeshellarg($hst_arg8);
|
|
|
+ if (isset($hst_arg9)) $arg9 = escapeshellarg($hst_arg9);
|
|
|
// Build query
|
|
|
$cmdquery = HESTIA_CMD.$cmd." ";
|
|
|
if(!empty($arg1)){
|
|
|
@@ -104,8 +103,8 @@ if (isset($_POST['user']) || isset($_POST['hash'])) {
|
|
|
// Check command
|
|
|
if ($cmd == "'v-make-tmp-file'") {
|
|
|
// Used in DNS Cluster
|
|
|
- $fp = fopen($_POST['arg2'], 'w');
|
|
|
- fwrite($fp, $_POST['arg1']."\n");
|
|
|
+ $fp = fopen($hst_arg2, 'w');
|
|
|
+ fwrite($fp, $hst_arg1."\n");
|
|
|
fclose($fp);
|
|
|
$return_var = 0;
|
|
|
} else {
|
|
|
@@ -113,7 +112,7 @@ if (isset($_POST['user']) || isset($_POST['hash'])) {
|
|
|
exec ($cmdquery, $output, $return_var);
|
|
|
}
|
|
|
|
|
|
- if ((!empty($_POST['returncode'])) && ($_POST['returncode'] == 'yes')) {
|
|
|
+ if ((!empty($hst_returncode)) && ($hst_returncode == 'yes')) {
|
|
|
echo $return_var;
|
|
|
} else {
|
|
|
if (($return_var == 0) && (empty($output))) {
|
|
|
@@ -122,7 +121,19 @@ if (isset($_POST['user']) || isset($_POST['hash'])) {
|
|
|
echo implode("\n",$output)."\n";
|
|
|
}
|
|
|
}
|
|
|
+}
|
|
|
+
|
|
|
+if (isset($_POST['user']) || isset($_POST['hash'])) {
|
|
|
+
|
|
|
+ api($_POST['hash'], $_POST['user'], $_POST['password'], $_POST['returncode'], $_POST['cmd'], $_POST['arg1'], $_POST['arg2'], $_POST['arg3'], $_POST['arg4'], $_POST['arg5'], $_POST['arg6'], $_POST['arg7'], $_POST['arg8'], $_POST['arg9']);
|
|
|
+
|
|
|
+} else if (json_decode(file_get_contents("php://input"), true) != NULL){ //JSON POST support
|
|
|
+ $json_data = json_decode(file_get_contents("php://input"), true);
|
|
|
+ api($json_data['hash'], $json_data['user'], $json_data['password'], $json_data['returncode'], $json_data['cmd'], $json_data['arg1'], $json_data['arg2'], $json_data['arg3'], $json_data['arg4'], $json_data['arg5'], $json_data['arg6'], $json_data['arg7'], $json_data['arg8'], $json_data['arg9']);
|
|
|
+
|
|
|
} else {
|
|
|
echo "Error: data received is null or invalid, check https://docs.hestiacp.com/admin_docs/rest_api.html";
|
|
|
exit;
|
|
|
}
|
|
|
+
|
|
|
+?>
|
Daniel Aléxis