yosoyhendrix
/
hestiacp
зеркало из https://github.com/hestiacp/hestiacp


			
				
					
						
						
							12345678910111213141516171819202122232425262728293031323334353637383940414243444546
							<?php
use function Hestiacp\quoteshellarg\quoteshellarg;

ob_start();

include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");

// Check token
verify_csrf($_POST);

if (($_SESSION['userContext'] === 'admin') && (!empty($_GET['user']))) {
    $user = quoteshellarg($_GET['user']);
    $user_plain = $_GET['user'];
}

// Checks if API access is enabled
$api_status = (!empty($_SESSION['API_SYSTEM']) && is_numeric($_SESSION['API_SYSTEM'])) ? $_SESSION['API_SYSTEM'] : 0;
if (($user_plain == 'admin' && $api_status < 1) || ($user_plain != 'admin' && $api_status < 2)) {
    header("Location: /edit/user/");
    exit;
}

$key = $_POST['key'];
$action = $_POST['action'];

switch ($action) {
    case 'delete': $cmd='v-delete-access-key';
        break;
    default: header("Location: /list/access-key/"); exit;
}

foreach ($key as $value) {
    $v_key = quoteshellarg(trim($value));

    // Key data
    exec(HESTIA_CMD."v-list-access-key ".$v_key." json", $output, $return_var);
    $key_data = json_decode(implode('', $output), true);
    unset($output);

    if (!empty($key_data) && $key_data['USER'] == $user_plain) {
        exec(HESTIA_CMD.$cmd." ".$v_key, $output, $return_var);
        unset($output);
    }
}

header("Location: /list/access-key/");