maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

fixes in Admins and Customers ApiCommand

Browse Source 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann (d00p)
2018-02-25 16:49:24 +01:00
parent a222114d0a
commit 0958d07f23
3 changed files with 33 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
lib/classes/api/abstract.ApiCommand.php
View File

@@ -166,9 +166,15 @@ abstract class ApiCommand
// now include the selected language if its not english // now include the selected language if its not english
if ($language != 'English') { if ($language != 'English') {
if (isset($langs[$language])) {
foreach ($langs[$language] as $key => $value) { foreach ($langs[$language] as $key => $value) {
include_once makeSecurePath(FROXLOR_INSTALL_DIR . '/' . $value['file']); include_once makeSecurePath(FROXLOR_INSTALL_DIR . '/' . $value['file']);
} }
} else {
if ($this->debug) {
$this->logger()->logAction(LOG_ERROR, LOG_DEBUG, "[API] unable to include user-language '" . $language . "'. Not found in database.", 404);
}
}
} }
// last but not least include language references file // last but not least include language references file

34
lib/classes/api/commands/class.Admins.php
View File

@@ -99,7 +99,7 @@ class Admins extends ApiCommand implements ResourceEntity
$email = $this->getParam('email'); $email = $this->getParam('email');
// parameters // parameters
$def_language = $this->getParam('def_language', true, ''); $def_language = $this->getParam('def_language', true, Settings::Get('panel.standardlanguage'));
$custom_notes = $this->getParam('custom_notes', true, ''); $custom_notes = $this->getParam('custom_notes', true, '');
$custom_notes_show = $this->getParam('custom_notes_show', true, 0); $custom_notes_show = $this->getParam('custom_notes_show', true, 0);
$password = $this->getParam('admin_password', true, ''); $password = $this->getParam('admin_password', true, '');
@@ -152,28 +152,18 @@ class Admins extends ApiCommand implements ResourceEntity
$traffic = $traffic * 1024 * 1024; $traffic = $traffic * 1024 * 1024;
// Check if the account already exists // Check if the account already exists
try { // do not check via api as we skip any permission checks for this task
$dup_check_result = Customers::getLocal($this->getUserData(), array( $loginname_check_stmt = Database::prepare("
'loginname' => $loginname SELECT `loginname` FROM `" . TABLE_PANEL_CUSTOMERS . "` WHERE `loginname` = :login
))->get(); ");
$loginname_check = json_decode($dup_check_result, true)['data']; $loginname_check = Database::pexecute_first($loginname_check_stmt, array('login' => $loginname), true, true);
} catch (Exception $e) {
$loginname_check = array(
'loginname' => ''
);
}
// Check if an admin with the loginname already exists // Check if an admin with the loginname already exists
try { // do not check via api as we skip any permission checks for this task
$dup_check_result = Admins::getLocal($this->getUserData(), array( $loginname_check_admin_stmt = Database::prepare("
'loginname' => $loginname SELECT `loginname` FROM `" . TABLE_PANEL_ADMINS . "` WHERE `loginname` = :login
))->get(); ");
$loginname_check_admin = json_decode($dup_check_result, true)['data']; $loginname_check_admin = Database::pexecute_first($loginname_check_admin_stmt, array('login' => $loginname), true, true);
} catch (Exception $e) {
$loginname_check_admin = array(
'loginname' => ''
);
}
if ($loginname == '') { if ($loginname == '') {
standard_error(array( standard_error(array(
@@ -290,7 +280,7 @@ class Admins extends ApiCommand implements ResourceEntity
$adminid = Database::lastInsertId(); $adminid = Database::lastInsertId();
$ins_data['adminid'] = $adminid; $ins_data['adminid'] = $adminid;
$this->logger()->logAction(ADM_ACTION, LOG_WARNING, "[API] added admin '" . $loginname . "'"); $this->logger()->logAction(ADM_ACTION, LOG_WARNING, "[API] added admin '" . $loginname . "'");
return $this->response(200, "successfull", $admin_ins_data); return $this->response(200, "successfull", $ins_data);
} }
} }
throw new Exception("Not allowed to execute given command.", 403); throw new Exception("Not allowed to execute given command.", 403);

30
lib/classes/api/commands/class.Customers.php
View File

@@ -243,28 +243,18 @@ class Customers extends ApiCommand implements ResourceEntity
} }
// Check if the account already exists // Check if the account already exists
try { // do not check via api as we skip any permission checks for this task
$dup_check_result = Customers::getLocal($this->getUserData(), array( $loginname_check_stmt = Database::prepare("
'loginname' => $loginname SELECT `loginname` FROM `" . TABLE_PANEL_CUSTOMERS . "` WHERE `loginname` = :login
))->get(); ");
$loginname_check = json_decode($dup_check_result, true)['data']; $loginname_check = Database::pexecute_first($loginname_check_stmt, array('login' => $loginname), true, true);
} catch (Exception $e) {
$loginname_check = array(
'loginname' => ''
);
}
// Check if an admin with the loginname already exists // Check if an admin with the loginname already exists
try { // do not check via api as we skip any permission checks for this task
$dup_check_result = Admins::getLocal($this->getUserData(), array( $loginname_check_admin_stmt = Database::prepare("
'loginname' => $loginname SELECT `loginname` FROM `" . TABLE_PANEL_ADMINS . "` WHERE `loginname` = :login
))->get(); ");
$loginname_check_admin = json_decode($dup_check_result, true)['data']; $loginname_check_admin = Database::pexecute_first($loginname_check_admin_stmt, array('login' => $loginname), true, true);
} catch (Exception $e) {
$loginname_check_admin = array(
'loginname' => ''
);
}
if (strtolower($loginname_check['loginname']) == strtolower($loginname) || strtolower($loginname_check_admin['loginname']) == strtolower($loginname)) { if (strtolower($loginname_check['loginname']) == strtolower($loginname) || strtolower($loginname_check_admin['loginname']) == strtolower($loginname)) {
standard_error('loginnameexists', $loginname, true); standard_error('loginnameexists', $loginname, true);