Startsida Utforska Hjälp
Logga in
yosoyhendrix
/
hestiacp
1
0
Fork 0
Filer Ärenden 0 Pull-förfrågningar 0 Wiki
Träd: 27e6dbedf9
Grenar Taggar
hestiacp
/
web
/
add
/
access-key
/
index.php

index.php 2.6 KB
Historik

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101 
  1. <?php
    2. 

  2. use function Hestiacp\quoteshellarg\quoteshellarg;
    3. 

  3. ob_start();
    4. 

  4. $TAB = "Access Key";
    5. 

  5. 

  6. // Main include
    7. 

  7. include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
    8. 

  8. 

  9. // Checks if API access is enabled
    10. 

  10. $api_status =
    11. 

  11. 	!empty($_SESSION["API_SYSTEM"]) && is_numeric($_SESSION["API_SYSTEM"])
    12. 

  12. 		? $_SESSION["API_SYSTEM"]
    13. 

  13. 		: 0;
    14. 

  14. if (($user_plain == "admin" && $api_status < 1) || ($user_plain != "admin" && $api_status < 2)) {
    15. 

  15. 	header("Location: /edit/user/");
    16. 

  16. 	exit();
    17. 

  17. }
    18. 

  18. 

  19. // APIs available
    20. 

  20. exec(HESTIA_CMD . "v-list-apis json", $output, $return_var);
    21. 

  21. $apis = json_decode(implode("", $output), true);
    22. 

  22. $apis = array_filter($apis, function ($api) use ($user_plain) {
    23. 

  23. 	return $user_plain == "admin" || $api["ROLE"] == "user";
    24. 

  24. });
    25. 

  25. ksort($apis);
    26. 

  26. unset($output);
    27. 

  27. 

  28. // Check POST request
    29. 

  29. if (!empty($_POST["ok"])) {
    30. 

  30. 	// Check token
    31. 

  31. 	verify_csrf($_POST);
    32. 

  32. 

  33. 	// Validate apis
    34. 

  34. 	$apis_selected = !empty($_POST["v_apis"]) && is_array($_POST["v_apis"]) ? $_POST["v_apis"] : [];
    35. 

  35. 	$check_invalid_apis = array_filter($apis_selected, function ($selected) use ($apis) {
    36. 

  36. 		return !array_key_exists($selected, $apis);
    37. 

  37. 	});
    38. 

  38. 

  39. 	if (empty($apis_selected)) {
    40. 

  40. 		$errors[] = _("Permissions");
    41. 

  41. 	} elseif (count($check_invalid_apis) > 0) {
    42. 

  42. 		//$errors[] = sprintf("%d apis not allowed", count($check_invalid_apis));
    43. 

  43. 		foreach ($check_invalid_apis as $api_name) {
    44. 

  44. 			$errors[] = sprintf("API %s not allowed", $api_name);
    45. 

  45. 		}
    46. 

  46. 	}
    47. 

  47. 

  48. 	if (!empty($errors[0])) {
    49. 

  49. 		foreach ($errors as $i => $error) {
    50. 

  50. 			if ($i == 0) {
    51. 

  51. 				$error_msg = $error;
    52. 

  52. 			} else {
    53. 

  53. 				$error_msg = $error_msg . ", " . $error;
    54. 

  54. 			}
    55. 

  55. 		}
    56. 

  56. 		$_SESSION["error_msg"] = sprintf(_('Field "%s" can not be blank.'), $error_msg);
    57. 

  57. 	}
    58. 

  58. 

  59. 	// Protect input
    60. 

  60. 	$v_apis = quoteshellarg(implode(",", $apis_selected));
    61. 

  61. 	$v_comment = quoteshellarg(trim($_POST["v_comment"] ?? ""));
    62. 

  62. 

  63. 	// Add access key
    64. 

  64. 	if (empty($_SESSION["error_msg"])) {
    65. 

  65. 		exec(
    66. 

  66. 			HESTIA_CMD . "v-add-access-key " . $user . " " . $v_apis . " " . $v_comment . " json",
    67. 

  67. 			$output,
    68. 

  68. 			$return_var,
    69. 

  69. 		);
    70. 

  70. 		$key_data = json_decode(implode("", $output), true);
    71. 

  71. 		check_return_code($return_var, $output);
    72. 

  72. 		unset($output);
    73. 

  73. 	}
    74. 

  74. 

  75. 	// Flush field values on success
    76. 

  76. 	if (empty($_SESSION["error_msg"])) {
    77. 

  77. 		$_SESSION["ok_msg"] = htmlify_trans(
    78. 

  78. 			sprintf(
    79. 

  79. 				_("Access key {%s} has been created successfully."),
    80. 

  80. 				htmlentities($key_data["ACCESS_KEY_ID"]),
    81. 

  81. 			),
    82. 

  82. 			"</b>",
    83. 

  83. 			"<b>",
    84. 

  84. 		);
    85. 

  85. 		unset($apis_selected);
    86. 

  86. 		unset($check_invalid_apis);
    87. 

  87. 		unset($v_apis);
    88. 

  88. 		unset($v_comment);
    89. 

  89. 	}
    90. 

  90. }
    91. 

  91. 

  92. // Render
    93. 

  93. if (empty($key_data)) {
    94. 

  94. 	render_page($user, $TAB, "add_access_key");
    95. 

  95. } else {
    96. 

  96. 	render_page($user, $TAB, "list_access_key");
    97. 

  97. }
    98. 

  98. 

  99. // Flush session messages
    100. 

  100. unset($_SESSION["error_msg"]);
    101. 

  101. unset($_SESSION["ok_msg"]);
    102.