maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

minor changes in ApiCommand; added Ftps.get ApiCommand

Browse Source 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann (d00p)
2018-02-24 20:52:21 +01:00
parent ca07621de7
commit 2f30d85d32
4 changed files with 121 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
api.php
View File

@@ -56,7 +56,7 @@ function json_response($status, $status_message = '', $data = null)
{ {
$resheader = $_SERVER["SERVER_PROTOCOL"] . " " . $status; $resheader = $_SERVER["SERVER_PROTOCOL"] . " " . $status;
if (! empty($status_message)) { if (! empty($status_message)) {
$resheader .= ' ' . $status_message; $resheader .= ' ' . str_replace("\n", " ", $status_message);
} }
header($resheader); header($resheader);

28
customer_ftp.php
View File

@@ -79,12 +79,14 @@ if ($page == 'overview') {
eval("echo \"" . getTemplate('ftp/accounts') . "\";"); eval("echo \"" . getTemplate('ftp/accounts') . "\";");
} elseif ($action == 'delete' && $id != 0) { } elseif ($action == 'delete' && $id != 0) {
$result_stmt = Database::prepare("SELECT `id`, `username`, `homedir`, `up_count`, `up_bytes`, `down_count`, `down_bytes` FROM `" . TABLE_FTP_USERS . "` try {
WHERE `customerid` = :customerid $json_result = Ftps::getLocal($userinfo, array(
AND `id` = :id" 'id' => $id
); ))->get();
Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid'], "id" => $id)); } catch (Exception $e) {
$result = $result_stmt->fetch(PDO::FETCH_ASSOC); dynamic_error($e->getMessage());
}
$result = json_decode($json_result, true)['data'];
if (isset($result['username']) && $result['username'] != $userinfo['loginname']) { if (isset($result['username']) && $result['username'] != $userinfo['loginname']) {
if (isset($_POST['send']) && $_POST['send'] == 'send') { if (isset($_POST['send']) && $_POST['send'] == 'send') {
@@ -369,12 +371,14 @@ if ($page == 'overview') {
} }
} }
} elseif ($action == 'edit' && $id != 0) { } elseif ($action == 'edit' && $id != 0) {
$result_stmt = Database::prepare("SELECT `id`, `username`, `description`, `homedir`, `uid`, `gid`, `shell` FROM `" . TABLE_FTP_USERS . "` try {
WHERE `customerid` = :customerid $json_result = Ftps::getLocal($userinfo, array(
AND `id` = :id" 'id' => $id
); ))->get();
Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid'], "id" => $id)); } catch (Exception $e) {
$result = $result_stmt->fetch(PDO::FETCH_ASSOC); dynamic_error($e->getMessage());
}
$result = json_decode($json_result, true)['data'];
if (isset($result['username']) && $result['username'] != '') { if (isset($result['username']) && $result['username'] != '') {
if (isset($_POST['send']) && $_POST['send'] == 'send') { if (isset($_POST['send']) && $_POST['send'] == 'send') {

9
lib/classes/api/abstract.ApiCommand.php
View File

@@ -402,7 +402,7 @@ abstract class ApiCommand
{ {
$resheader = $_SERVER["SERVER_PROTOCOL"] . " " . $status; $resheader = $_SERVER["SERVER_PROTOCOL"] . " " . $status;
if (! empty($status_message)) { if (! empty($status_message)) {
$resheader .= ' ' . $status_message; $resheader .= ' ' . str_replace("\n", " ", $status_message);
} }
header($resheader); header($resheader);
@@ -432,14 +432,17 @@ abstract class ApiCommand
), true, true); ), true, true);
if ($result) { if ($result) {
// admin or customer? // admin or customer?
if ($result['customerid'] == 0) { if ($result['customerid'] == 0 && $result['adminid'] > 0) {
$this->is_admin = true; $this->is_admin = true;
$table = 'panel_admins'; $table = 'panel_admins';
$key = "adminid"; $key = "adminid";
} else { } elseif ($result['customerid'] > 0 && $result['adminid'] > 0) {
$this->is_admin = false; $this->is_admin = false;
$table = 'panel_customers'; $table = 'panel_customers';
$key = "customerid"; $key = "customerid";
} else {
// neither adminid is > 0 nor customerid is > 0 - sorry man, no way
throw new Exception("Invalid API credentials", 400);
} }
$sel_stmt = Database::prepare("SELECT * FROM `" . $table . "` WHERE `" . $key . "` = :id"); $sel_stmt = Database::prepare("SELECT * FROM `" . $table . "` WHERE `" . $key . "` = :id");
$this->user_data = Database::pexecute_first($sel_stmt, array( $this->user_data = Database::pexecute_first($sel_stmt, array(

98
lib/classes/api/commands/class.Ftps.php Normal file
View File

@@ -0,0 +1,98 @@
<?php
/**
* This file is part of the Froxlor project.
* Copyright (c) 2010 the Froxlor Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Froxlor team <team@froxlor.org> (2010-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package API
* @since 0.10.0
*
*/
class Ftps extends ApiCommand implements ResourceEntity
{
public function add()
{}
/**
* return a ftp-user entry by either id or username
*
* @param int $id
* optional, the customer-id
* @param string $username
* optional, the username
*
* @access admin, customer
* @throws Exception
* @return array
*/
public function get()
{
$id = $this->getParam('id', true, 0);
$un_optional = ($id <= 0 ? false : true);
$username = $this->getParam('username', $un_optional, '');
if ($id <= 0 && empty($username)) {
throw new Exception("Either 'id' or 'username' parameter must be given", 406);
}
$params = array();
if ($this->isAdmin()) {
if ($this->getUserDetail('customers_see_all') != 1) {
// if it's a reseller or an admin who cannot see all customers, we need to check
// whether the database belongs to one of his customers
$json_result = Customers::getLocal($this->getUserData())->list();
$custom_list_result = json_decode($json_result, true)['data']['list'];
$customer_ids = array();
foreach ($custom_list_result as $customer) {
$customer_ids[] = $customer['customerid'];
}
$result_stmt = Database::prepare("
SELECT * FROM `" . TABLE_FTP_USERS . "`
WHERE `customerid` IN (:customerid)
AND (`id` = :idun OR `username` = :idun)
");
$params['customerid'] = implode(", ", $customer_ids);
} else {
$result_stmt = Database::prepare("
SELECT * FROM `" . TABLE_FTP_USERS . "`
WHERE (`id` = :idun OR `username` = :idun)
");
}
} else {
if (Settings::IsInList('panel.customer_hide_options', 'ftp')) {
throw new Exception("You cannot access this resource", 405);
}
$result_stmt = Database::prepare("
SELECT * FROM `" . TABLE_FTP_USERS . "`
WHERE `customerid` = :customerid
AND (`id` = :idun OR `username` = :idun)
");
$params['customerid'] = $this->getUserDetail('customerid');
}
$params['idun'] = ($id <= 0 ? $username : $id);
$result = Database::pexecute_first($result_stmt, $params, true, true);
if ($result) {
$this->logger()->logAction($this->isAdmin() ? ADM_ACTION : USR_ACTION, LOG_NOTICE, "[API] get ftp-user '" . $result['username'] . "'");
return $this->response(200, "successfull", $result);
}
$key = ($id > 0 ? "id #" . $id : "username '" . $username . "'");
throw new Exception("FTP user with " . $key . " could not be found", 404);
}
public function update()
{}
public function list()
{}
public function delete()
{}
}