diff --git a/admin_autoupdate.php b/admin_autoupdate.php index 701e8011..ec3242fe 100644 --- a/admin_autoupdate.php +++ b/admin_autoupdate.php @@ -21,7 +21,7 @@ define('AREA', 'admin'); require './lib/init.php'; // define update-uri -define('UPDATE_URI', "https://version.froxlor.org/Froxlor/legacy/" . $version); +define('UPDATE_URI', "https://version.froxlor.org/Froxlor/api/" . $version); define('RELEASE_URI', "https://autoupdate.froxlor.org/froxlor-{version}.zip"); define('CHECKSUM_URI', "https://autoupdate.froxlor.org/froxlor-{version}.zip.sha256"); diff --git a/admin_index.php b/admin_index.php index 4650a24e..174f65a0 100644 --- a/admin_index.php +++ b/admin_index.php @@ -85,7 +85,7 @@ if ($page == 'overview') { if ((isset($_GET['lookfornewversion']) && $_GET['lookfornewversion'] == 'yes') || (isset($lookfornewversion) && $lookfornewversion == 'yes') ) { - $update_check_uri = 'http://version.froxlor.org/Froxlor/legacy/' . $version; + $update_check_uri = 'http://version.froxlor.org/Froxlor/api/' . $version; $latestversion = HttpClient::urlGet($update_check_uri); $latestversion = explode('|', $latestversion); diff --git a/install/updates/froxlor/0.9/update_0.10.inc.php b/install/updates/froxlor/0.10/update_0.10.inc.php similarity index 100% rename from install/updates/froxlor/0.9/update_0.10.inc.php rename to install/updates/froxlor/0.10/update_0.10.inc.php diff --git a/lib/classes/api/commands/class.Customers.php b/lib/classes/api/commands/class.Customers.php new file mode 100644 index 00000000..2d30d2e7 --- /dev/null +++ b/lib/classes/api/commands/class.Customers.php @@ -0,0 +1,98 @@ +isAdmin()) { + $this->logger()->logAction(ADM_ACTION, LOG_NOTICE, "[API] list customers"); + $result_stmt = Database::prepare(" + SELECT `c`.*, `a`.`loginname` AS `adminname` + FROM `" . TABLE_PANEL_CUSTOMERS . "` `c`, `" . TABLE_PANEL_ADMINS . "` `a` + WHERE " . ($this->getUserDetail('customers_see_all') ? '' : " `c`.`adminid` = :adminid AND ") . " + `c`.`adminid` = `a`.`adminid` + "); + $params = array(); + if ($this->getUserDetail('customers_see_all') == '0') { + $params = array( + 'adminid' => $this->getUserDetail('adminid') + ); + } + Database::pexecute($result_stmt, $params, true, true); + $result = array(); + while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) { + $result[] = $row; + } + return $this->response(200, "successfull", array( + 'count' => count($result), + 'list' => $result + )); + } + throw new Exception("Not allowed to execute given command.", 403); + } + + public function get() + { + if ($this->isAdmin()) { + $id = $this->getParam('id'); + $this->logger()->logAction(ADM_ACTION, LOG_NOTICE, "[API] get customer #" . $id); + $result_stmt = Database::prepare(" + SELECT * FROM `" . TABLE_PANEL_CUSTOMERS . "` + WHERE `customerid` = :id" . ($this->getUserDetail('customers_see_all') ? '' : " AND `adminid` = :adminid")); + $params = array( + 'id' => $id + ); + if ($this->getUserDetail('customers_see_all') == '0') { + $params['adminid'] = $this->getUserDetail('adminid'); + } + $result = Database::pexecute_first($result_stmt, $params, true, true); + if ($result) { + return $this->response(200, "successfull", $result); + } + throw new Exception("Customer with id #" . $id . " could not be found"); + } + throw new Exception("Not allowed to execute given command.", 403); + } + + public function add() + { + if ($this->isAdmin()) { + $this->logger()->logAction(ADM_ACTION, LOG_WARNING, "[API] added customer '" . $loginname . "'"); + return $this->response(200, "successfull", $ins_data); + } + throw new Exception("Not allowed to execute given command.", 403); + } + + public function update() + { + if ($this->isAdmin()) { + $id = $this->getParam('id'); + + $json_result = Customers::getLocal($this->getUserData(), array( + 'id' => $id + ))->get(); + $result = json_decode($json_result, true)['data']; + + $this->logger()->logAction(ADM_ACTION, LOG_WARNING, "[API] changed customer '" . $result['loginname'] . "'"); + return $this->response(200, "successfull", $upd_data); + } + throw new Exception("Not allowed to execute given command.", 403); + } + + public function delete() + { + if ($this->isAdmin()) { + $id = $this->getParam('id'); + + $json_result = Customers::getLocal($this->getUserData(), array( + 'id' => $id + ))->get(); + $result = json_decode($json_result, true)['data']; + + $this->logger()->logAction(ADM_ACTION, LOG_WARNING, "[API] deleted customer '" . $result['loginname'] . "'"); + return $this->response(200, "successfull", $result); + } + throw new Exception("Not allowed to execute given command.", 403); + } +} diff --git a/lib/classes/api/commands/class.IpsAndPorts.php b/lib/classes/api/commands/class.IpsAndPorts.php index 309f15b2..94d27115 100644 --- a/lib/classes/api/commands/class.IpsAndPorts.php +++ b/lib/classes/api/commands/class.IpsAndPorts.php @@ -10,7 +10,7 @@ class IpsAndPorts extends ApiCommand $result_stmt = Database::prepare(" SELECT * FROM `" . TABLE_PANEL_IPSANDPORTS . "` ORDER BY `ip` ASC, `port` ASC "); - Database::pexecute($result_stmt); + Database::pexecute($result_stmt, null, true, true); $result = array(); while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) { $result[] = $row; @@ -174,12 +174,10 @@ class IpsAndPorts extends ApiCommand if ($this->isAdmin() && $this->getUserDetail('change_serversettings')) { $id = $this->getParam('id'); - $result_stmt = Database::prepare(" - SELECT * FROM `" . TABLE_PANEL_IPSANDPORTS . "` WHERE `id` = :id - "); - $result = Database::pexecute_first($result_stmt, array( + $json_result = IpsAndPorts::getLocal($this->getUserData(), array( 'id' => $id - ), true, true); + ))->get(); + $result = json_decode($json_result, true)['data']; $ip = validate_ip2($this->getParam('ip', $result['ip']), false, 'invalidip', false, false, false, true); $port = validate($this->getParam('port', $result['port']), 'port', '/^(([1-9])|([1-9][0-9])|([1-9][0-9][0-9])|([1-9][0-9][0-9][0-9])|([1-5][0-9][0-9][0-9][0-9])|(6[0-4][0-9][0-9][0-9])|(65[0-4][0-9][0-9])|(655[0-2][0-9])|(6553[0-5]))$/Di', array(