首頁 探索 說明
登入
yosoyhendrix
/
hestiacp
1
0
複刻 0
檔案 問題管理 0 合併請求 0 Wiki
目錄樹: 6e31b09647
分支列表 標籤列表
hestiacp
/
web
/
add
/
key
/
index.php

index.php 2.2 KB
文件歷史 原始文件

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283 
  1. <?php
    2. 

  2. use function Hestiacp\quoteshellarg\quoteshellarg;
    3. 

  3. 

  4. ob_start();
    5. 

  5. $TAB = "USER";
    6. 

  6. 

  7. // Main include
    8. 

  8. include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
    9. 

  9. 

  10. // Check POST request
    11. 

  11. if (!empty($_POST["ok"])) {
    12. 

  12. 	// Check token
    13. 

  13. 	verify_csrf($_POST);
    14. 

  14. 

  15. 	// Check empty fields
    16. 

  16. 	if (empty($_POST["v_key"])) {
    17. 

  17. 		$errors[] = _("SSH Key");
    18. 

  18. 	}
    19. 

  19. 	if (!empty($errors[0])) {
    20. 

  20. 		foreach ($errors as $i => $error) {
    21. 

  21. 			if ($i == 0) {
    22. 

  22. 				$error_msg = $error;
    23. 

  23. 			} else {
    24. 

  24. 				$error_msg = $error_msg . ", " . $error;
    25. 

  25. 			}
    26. 

  26. 		}
    27. 

  27. 		$_SESSION["error_msg"] = sprintf(_('Field "%s" can not be blank.'), $error_msg);
    28. 

  28. 	}
    29. 

  29. 

  30. 	if ($_SESSION["userContext"] === "admin" && !empty($_GET["user"])) {
    31. 

  31. 		$user = quoteshellarg($_GET["user"]);
    32. 

  32. 	}
    33. 

  33. 

  34. 	if (empty($_SESSION["error_msg"])) {
    35. 

  35. 		if ($_POST) {
    36. 

  36. 			//key if key already exists
    37. 

  37. 			exec(HESTIA_CMD . "v-list-user-ssh-key " . $user . " json", $output, $return_var);
    38. 

  38. 			$data = json_decode(implode("", $output), true);
    39. 

  39. 			unset($output);
    40. 

  40. 			$keylist = [];
    41. 

  41. 			$idlist = [];
    42. 

  42. 			foreach ($data as $key => $value) {
    43. 

  43. 				$idlist[] = trim($data[$key]["ID"]);
    44. 

  44. 				$keylist[] = trim($data[$key]["KEY"]);
    45. 

  45. 			}
    46. 

  46. 

  47. 			$v_key_parts = explode(" ", $_POST["v_key"]);
    48. 

  48. 			$key_id = trim($v_key_parts[2]);
    49. 

  49. 			if ($v_key_parts[2] == "") {
    50. 

  50. 				$v_key_parts[2] = md5(time());
    51. 

  51. 				$_POST["v_key"] .= " " . $v_key_parts[2];
    52. 

  52. 			}
    53. 

  53. 

  54. 			//for deleting / revoking key the last part user@domain is used therefore needs to be unique
    55. 

  55. 			//maybe consider adding random generated message or even an human read able string set by user?
    56. 

  56. 			if (in_array($v_key_parts[2], $idlist)) {
    57. 

  57. 				$_SESSION["error_msg"] = _("SSH Key already exists.");
    58. 

  58. 			}
    59. 

  59. 			if (in_array($v_key_parts[1], $keylist)) {
    60. 

  60. 				$_SESSION["error_msg"] = _("SSH Key already exists.");
    61. 

  61. 			}
    62. 

  62. 			$v_key = quoteshellarg(trim($_POST["v_key"]));
    63. 

  63. 		}
    64. 

  64. 	}
    65. 

  65. 

  66. 	if (empty($_SESSION["error_msg"])) {
    67. 

  67. 		exec(HESTIA_CMD . "v-add-user-ssh-key " . $user . " " . $v_key, $output, $return_var);
    68. 

  68. 		check_return_code($return_var, $output);
    69. 

  69. 	}
    70. 

  70. 	unset($output);
    71. 

  71. 	// Flush field values on success
    72. 

  72. 	if (empty($_SESSION["error_msg"])) {
    73. 

  73. 		$_SESSION["ok_msg"] = _("SSH Key has been created successfully.");
    74. 

  74. 	}
    75. 

  75. }
    76. 

  76. if (empty($v_key)) {
    77. 

  77. 	$v_key = "";
    78. 

  78. }
    79. 

  79. render_page($user, $TAB, "add_key");
    80. 

  80. 

  81. // Flush session messages
    82. 

  82. unset($_SESSION["error_msg"]);
    83. 

  83. unset($_SESSION["ok_msg"]);
    84.