major refactoring of almost all files
This commit is contained in:
envoyr
103
api_keys.php
103
api_keys.php
@@ -1,26 +1,37 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* This file is part of the Froxlor project.
|
||||
* Copyright (c) 2010 the Froxlor Team (see authors).
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU General Public License
|
||||
* as published by the Free Software Foundation; either version 2
|
||||
* of the License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, you can also view it online at
|
||||
* https://files.froxlor.org/misc/COPYING.txt
|
||||
*
|
||||
* @copyright the authors
|
||||
* @author Froxlor team <team@froxlor.org>
|
||||
* @license https://files.froxlor.org/misc/COPYING.txt GPLv2
|
||||
*/
|
||||
|
||||
if (!defined('AREA')) {
|
||||
header("Location: index.php");
|
||||
exit();
|
||||
}
|
||||
|
||||
/**
|
||||
* This file is part of the Froxlor project.
|
||||
* Copyright (c) 2018 the Froxlor Team (see authors).
|
||||
*
|
||||
* For the full copyright and license information, please view the COPYING
|
||||
* file that was distributed with this source code. You can also view the
|
||||
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
|
||||
*
|
||||
* @copyright (c) the authors
|
||||
* @author Froxlor team <team@froxlor.org> (2018-)
|
||||
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
|
||||
* @package Panel
|
||||
* @since 0.10.0
|
||||
*
|
||||
*/
|
||||
|
||||
use Froxlor\Database\Database;
|
||||
use Froxlor\FroxlorLogger;
|
||||
use Froxlor\UI\HTML;
|
||||
use Froxlor\UI\Listing;
|
||||
use Froxlor\UI\Panel\UI;
|
||||
use Froxlor\UI\Request;
|
||||
|
||||
@@ -29,15 +40,15 @@ use Froxlor\UI\Request;
|
||||
|
||||
$del_stmt = Database::prepare("DELETE FROM `" . TABLE_API_KEYS . "` WHERE id = :id");
|
||||
$success_message = "";
|
||||
$id = (int) Request::get('id');
|
||||
$id = (int)Request::get('id');
|
||||
|
||||
// do the delete and then just show a success-message and the apikeys list again
|
||||
if ($action == 'delete' && $id > 0) {
|
||||
\Froxlor\UI\HTML::askYesNo('apikey_reallydelete', $filename, array(
|
||||
HTML::askYesNo('apikey_reallydelete', $filename, [
|
||||
'id' => $id,
|
||||
'page' => $page,
|
||||
'action' => 'deletesure'
|
||||
), '', [
|
||||
], '', [
|
||||
'section' => 'index',
|
||||
'page' => $page
|
||||
]);
|
||||
@@ -49,26 +60,26 @@ if ($action == 'delete' && $id > 0) {
|
||||
LEFT JOIN `" . TABLE_API_KEYS . "` ak ON ak.customerid = c.customerid
|
||||
WHERE ak.`id` = :id AND c.`customerid` = :cid
|
||||
");
|
||||
$chk = Database::pexecute_first($chk_stmt, array(
|
||||
$chk = Database::pexecute_first($chk_stmt, [
|
||||
'id' => $id,
|
||||
'cid' => $userinfo['customerid']
|
||||
));
|
||||
]);
|
||||
} elseif (AREA == 'admin' && $userinfo['customers_see_all'] == '0') {
|
||||
$chk_stmt = Database::prepare("
|
||||
SELECT a.adminid FROM `" . TABLE_PANEL_ADMINS . "` a
|
||||
LEFT JOIN `" . TABLE_API_KEYS . "` ak ON ak.adminid = a.adminid
|
||||
WHERE ak.`id` = :id AND a.`adminid` = :aid
|
||||
");
|
||||
$chk = Database::pexecute_first($chk_stmt, array(
|
||||
$chk = Database::pexecute_first($chk_stmt, [
|
||||
'id' => $id,
|
||||
'aid' => $userinfo['adminid']
|
||||
));
|
||||
]);
|
||||
}
|
||||
if ($chk !== false) {
|
||||
Database::pexecute($del_stmt, array(
|
||||
Database::pexecute($del_stmt, [
|
||||
'id' => $id
|
||||
));
|
||||
$success_message = sprintf($lng['apikeys']['apikey_removed'], $id);
|
||||
]);
|
||||
$success_message = lng('apikeys.apikey_removed', [$id]);
|
||||
}
|
||||
} elseif ($action == 'add') {
|
||||
$ins_stmt = Database::prepare("
|
||||
@@ -83,16 +94,16 @@ if ($action == 'delete' && $id > 0) {
|
||||
}
|
||||
$key = hash('sha256', openssl_random_pseudo_bytes(64 * 64));
|
||||
$secret = hash('sha512', openssl_random_pseudo_bytes(64 * 64 * 4));
|
||||
Database::pexecute($ins_stmt, array(
|
||||
Database::pexecute($ins_stmt, [
|
||||
'key' => $key,
|
||||
'secret' => $secret,
|
||||
'aid' => $userinfo['adminid'],
|
||||
'cid' => $cid
|
||||
));
|
||||
$success_message = $lng['apikeys']['apikey_added'];
|
||||
]);
|
||||
$success_message = lng('apikeys.apikey_added');
|
||||
}
|
||||
|
||||
$log->logAction(\Froxlor\FroxlorLogger::USR_ACTION, LOG_NOTICE, "viewed api::api_keys");
|
||||
$log->logAction(FroxlorLogger::USR_ACTION, LOG_NOTICE, "viewed api::api_keys");
|
||||
|
||||
// select all my (accessible) api-keys
|
||||
$keys_stmt_query = "SELECT ak.*, c.loginname, a.loginname as adminname
|
||||
@@ -101,27 +112,27 @@ $keys_stmt_query = "SELECT ak.*, c.loginname, a.loginname as adminname
|
||||
LEFT JOIN `" . TABLE_PANEL_ADMINS . "` a ON `a`.`adminid` = `ak`.`adminid`
|
||||
WHERE ";
|
||||
|
||||
$qry_params = array();
|
||||
$qry_params = [];
|
||||
if (AREA == 'admin' && $userinfo['customers_see_all'] == '0') {
|
||||
// admin with only customer-specific permissions
|
||||
$keys_stmt_query .= "ak.adminid = :adminid ";
|
||||
$qry_params['adminid'] = $userinfo['adminid'];
|
||||
$fields = array(
|
||||
'a.loginname' => $lng['login']['username']
|
||||
);
|
||||
$fields = [
|
||||
'a.loginname' => lng('login.username')
|
||||
];
|
||||
} elseif (AREA == 'customer') {
|
||||
// customer-area
|
||||
$keys_stmt_query .= "ak.customerid = :cid ";
|
||||
$qry_params['cid'] = $userinfo['customerid'];
|
||||
$fields = array(
|
||||
'c.loginname' => $lng['login']['username']
|
||||
);
|
||||
$fields = [
|
||||
'c.loginname' => lng('login.username')
|
||||
];
|
||||
} else {
|
||||
// admin who can see all customers / reseller / admins
|
||||
$keys_stmt_query .= "1 ";
|
||||
$fields = array(
|
||||
'a.loginname' => $lng['login']['username']
|
||||
);
|
||||
$fields = [
|
||||
'a.loginname' => lng('login.username')
|
||||
];
|
||||
}
|
||||
|
||||
//$keys_stmt_query .= $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit();
|
||||
@@ -142,11 +153,13 @@ if (!empty($success_message)) {
|
||||
}
|
||||
|
||||
UI::view($tpl, [
|
||||
'listing' => \Froxlor\UI\Listing::formatFromArray($collection, $apikeys_list_data['apikeys_list']),
|
||||
'actions_links' => (int)$userinfo['api_allowed'] == 1 ? [[
|
||||
'href' => $linker->getLink(['section' => 'index', 'page' => $page, 'action' => 'add']),
|
||||
'label' => $lng['apikeys']['key_add']
|
||||
]] : null,
|
||||
'listing' => Listing::formatFromArray($collection, $apikeys_list_data['apikeys_list']),
|
||||
'actions_links' => (int)$userinfo['api_allowed'] == 1 ? [
|
||||
[
|
||||
'href' => $linker->getLink(['section' => 'index', 'page' => $page, 'action' => 'add']),
|
||||
'label' => lng('apikeys.key_add')
|
||||
]
|
||||
] : null,
|
||||
// alert-box
|
||||
'type' => 'success',
|
||||
'alert_msg' => $success_message
|
||||
|
||||
Reference in New Issue
Block a user