صفحهٔ اصلی گشت‌و‌گذار راهنما
ورود
yosoyhendrix
/
hestiacp
1
0
انشعاب 0
پرونده‌ها مشکلات 0 درخواست واکشی 0 ویکی
درخت: bb302ebb3c
شاخه‌ها تگ‌ها
hestiacp
/
web
/
bulk
/
access-key
/
index.php

index.php 1.3 KB
تاريخچه خام

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061 
  1. <?php
    2. 

  2. use function Hestiacp\quoteshellarg\quoteshellarg;
    3. 

  3. 

  4. ob_start();
    5. 

  5. 

  6. include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
    7. 

  7. 

  8. // Check token
    9. 

  9. verify_csrf($_POST);
    10. 

  10. 

  11. if ($_SESSION["userContext"] === "admin" && !empty($_GET["user"])) {
    12. 

  12. 	$user = quoteshellarg($_GET["user"]);
    13. 

  13. 	$user_plain = $_GET["user"];
    14. 

  14. }
    15. 

  15. 

  16. // Checks if API access is enabled
    17. 

  17. $api_status =
    18. 

  18. 	!empty($_SESSION["API_SYSTEM"]) && is_numeric($_SESSION["API_SYSTEM"])
    19. 

  19. 		? $_SESSION["API_SYSTEM"]
    20. 

  20. 		: 0;
    21. 

  21. if (($user_plain == "admin" && $api_status < 1) || ($user_plain != "admin" && $api_status < 2)) {
    22. 

  22. 	header("Location: /edit/user/");
    23. 

  23. 	exit();
    24. 

  24. }
    25. 

  25. 

  26. if (empty($_POST["key"])) {
    27. 

  27. 	header("Location: /list/access-key/");
    28. 

  28. 	exit();
    29. 

  29. }
    30. 

  30. if (empty($_POST["action"])) {
    31. 

  31. 	header("Location: /list/access-key/");
    32. 

  32. 	exit();
    33. 

  33. }
    34. 

  34. 

  35. $key = $_POST["key"];
    36. 

  36. $action = $_POST["action"];
    37. 

  37. 

  38. switch ($action) {
    39. 

  39. 	case "delete":
    40. 

  40. 		$cmd = "v-delete-access-key";
    41. 

  41. 		break;
    42. 

  42. 	default:
    43. 

  43. 		header("Location: /list/access-key/");
    44. 

  44. 		exit();
    45. 

  45. }
    46. 

  46. 

  47. foreach ($key as $value) {
    48. 

  48. 	$v_key = quoteshellarg(trim($value));
    49. 

  49. 

  50. 	// Key data
    51. 

  51. 	exec(HESTIA_CMD . "v-list-access-key " . $v_key . " json", $output, $return_var);
    52. 

  52. 	$key_data = json_decode(implode("", $output), true);
    53. 

  53. 	unset($output);
    54. 

  54. 

  55. 	if (!empty($key_data) && $key_data["USER"] == $user_plain) {
    56. 

  56. 		exec(HESTIA_CMD . $cmd . " " . $v_key, $output, $return_var);
    57. 

  57. 		unset($output);
    58. 

  58. 	}
    59. 

  59. }
    60. 

  60. 

  61. header("Location: /list/access-key/");
    62.