maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

fixes in Admins and Customers ApiCommand

Browse Source 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann (d00p)
2018-02-25 16:49:24 +01:00
parent a222114d0a
commit 0958d07f23
3 changed files with 33 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
lib/classes/api/abstract.ApiCommand.php
View File

@@ -102,7 +102,7 @@ abstract class ApiCommand
public function __construct($header = null, $params = null, $userinfo = null)
{
global $lng, $version, $dbversion, $branding;
$this->version = $version;
$this->dbversion = $dbversion;
$this->branding = $branding;
@@ -116,13 +116,13 @@ abstract class ApiCommand
throw new Exception("Invalid user data", 500);
}
$this->logger = FroxlorLogger::getInstanceOf($this->user_data);
// check whether the user is deactivated
if ($this->getUserDetail('deactivated') == 1) {
$this->logger()->logAction(LOG_ERROR, LOG_INFO, "[API] User '" . $this->getUserDetail('loginnname') . "' tried to use API but is deactivated");
throw new Exception("Account suspended", 406);
}
$this->initLang();
$this->lng = $lng;
$this->initMail();
@@ -166,8 +166,14 @@ abstract class ApiCommand
// now include the selected language if its not english
if ($language != 'English') {
foreach ($langs[$language] as $key => $value) {
include_once makeSecurePath(FROXLOR_INSTALL_DIR . '/' . $value['file']);
if (isset($langs[$language])) {
foreach ($langs[$language] as $key => $value) {
include_once makeSecurePath(FROXLOR_INSTALL_DIR . '/' . $value['file']);
}
} else {
if ($this->debug) {
$this->logger()->logAction(LOG_ERROR, LOG_DEBUG, "[API] unable to include user-language '" . $language . "'. Not found in database.", 404);
}
}
}

34
lib/classes/api/commands/class.Admins.php
View File

@@ -99,7 +99,7 @@ class Admins extends ApiCommand implements ResourceEntity
$email = $this->getParam('email');
// parameters
$def_language = $this->getParam('def_language', true, '');
$def_language = $this->getParam('def_language', true, Settings::Get('panel.standardlanguage'));
$custom_notes = $this->getParam('custom_notes', true, '');
$custom_notes_show = $this->getParam('custom_notes_show', true, 0);
$password = $this->getParam('admin_password', true, '');
@@ -152,28 +152,18 @@ class Admins extends ApiCommand implements ResourceEntity
$traffic = $traffic * 1024 * 1024;
// Check if the account already exists
try {
$dup_check_result = Customers::getLocal($this->getUserData(), array(
'loginname' => $loginname
))->get();
$loginname_check = json_decode($dup_check_result, true)['data'];
} catch (Exception $e) {
$loginname_check = array(
'loginname' => ''
);
}
// do not check via api as we skip any permission checks for this task
$loginname_check_stmt = Database::prepare("
SELECT `loginname` FROM `" . TABLE_PANEL_CUSTOMERS . "` WHERE `loginname` = :login
");
$loginname_check = Database::pexecute_first($loginname_check_stmt, array('login' => $loginname), true, true);
// Check if an admin with the loginname already exists
try {
$dup_check_result = Admins::getLocal($this->getUserData(), array(
'loginname' => $loginname
))->get();
$loginname_check_admin = json_decode($dup_check_result, true)['data'];
} catch (Exception $e) {
$loginname_check_admin = array(
'loginname' => ''
);
}
// do not check via api as we skip any permission checks for this task
$loginname_check_admin_stmt = Database::prepare("
SELECT `loginname` FROM `" . TABLE_PANEL_ADMINS . "` WHERE `loginname` = :login
");
$loginname_check_admin = Database::pexecute_first($loginname_check_admin_stmt, array('login' => $loginname), true, true);
if ($loginname == '') {
standard_error(array(
@@ -290,7 +280,7 @@ class Admins extends ApiCommand implements ResourceEntity
$adminid = Database::lastInsertId();
$ins_data['adminid'] = $adminid;
$this->logger()->logAction(ADM_ACTION, LOG_WARNING, "[API] added admin '" . $loginname . "'");
return $this->response(200, "successfull", $admin_ins_data);
return $this->response(200, "successfull", $ins_data);
}
}
throw new Exception("Not allowed to execute given command.", 403);

30
lib/classes/api/commands/class.Customers.php
View File

@@ -243,28 +243,18 @@ class Customers extends ApiCommand implements ResourceEntity
}
// Check if the account already exists
try {
$dup_check_result = Customers::getLocal($this->getUserData(), array(
'loginname' => $loginname
))->get();
$loginname_check = json_decode($dup_check_result, true)['data'];
} catch (Exception $e) {
$loginname_check = array(
'loginname' => ''
);
}
// do not check via api as we skip any permission checks for this task
$loginname_check_stmt = Database::prepare("
SELECT `loginname` FROM `" . TABLE_PANEL_CUSTOMERS . "` WHERE `loginname` = :login
");
$loginname_check = Database::pexecute_first($loginname_check_stmt, array('login' => $loginname), true, true);
// Check if an admin with the loginname already exists
try {
$dup_check_result = Admins::getLocal($this->getUserData(), array(
'loginname' => $loginname
))->get();
$loginname_check_admin = json_decode($dup_check_result, true)['data'];
} catch (Exception $e) {
$loginname_check_admin = array(
'loginname' => ''
);
}
// do not check via api as we skip any permission checks for this task
$loginname_check_admin_stmt = Database::prepare("
SELECT `loginname` FROM `" . TABLE_PANEL_ADMINS . "` WHERE `loginname` = :login
");
$loginname_check_admin = Database::pexecute_first($loginname_check_admin_stmt, array('login' => $loginname), true, true);
if (strtolower($loginname_check['loginname']) == strtolower($loginname) || strtolower($loginname_check_admin['loginname']) == strtolower($loginname)) {
standard_error('loginnameexists', $loginname, true);