add security question when deleting api-key
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann
51
api_keys.php
51
api_keys.php
@@ -32,36 +32,43 @@ $success_message = "";
|
|||||||
$id = (int) Request::get('id');
|
$id = (int) Request::get('id');
|
||||||
|
|
||||||
// do the delete and then just show a success-message and the apikeys list again
|
// do the delete and then just show a success-message and the apikeys list again
|
||||||
if ($action == 'delete') {
|
if ($action == 'delete' && $id > 0) {
|
||||||
if ($id > 0) {
|
\Froxlor\UI\HTML::askYesNo('apikey_reallydelete', $filename, array(
|
||||||
$chk = (AREA == 'admin' && $userinfo['customers_see_all'] == '1') ? true : false;
|
'id' => $id,
|
||||||
if (AREA == 'customer') {
|
'page' => $page,
|
||||||
$chk_stmt = Database::prepare("
|
'action' => 'deletesure'
|
||||||
|
), '', [
|
||||||
|
'section' => 'index',
|
||||||
|
'page' => $page
|
||||||
|
]);
|
||||||
|
} elseif ($action == 'deletesure' && $id > 0) {
|
||||||
|
$chk = (AREA == 'admin' && $userinfo['customers_see_all'] == '1') ? true : false;
|
||||||
|
if (AREA == 'customer') {
|
||||||
|
$chk_stmt = Database::prepare("
|
||||||
SELECT c.customerid FROM `" . TABLE_PANEL_CUSTOMERS . "` c
|
SELECT c.customerid FROM `" . TABLE_PANEL_CUSTOMERS . "` c
|
||||||
LEFT JOIN `" . TABLE_API_KEYS . "` ak ON ak.customerid = c.customerid
|
LEFT JOIN `" . TABLE_API_KEYS . "` ak ON ak.customerid = c.customerid
|
||||||
WHERE ak.`id` = :id AND c.`customerid` = :cid
|
WHERE ak.`id` = :id AND c.`customerid` = :cid
|
||||||
");
|
");
|
||||||
$chk = Database::pexecute_first($chk_stmt, array(
|
$chk = Database::pexecute_first($chk_stmt, array(
|
||||||
'id' => $id,
|
'id' => $id,
|
||||||
'cid' => $userinfo['customerid']
|
'cid' => $userinfo['customerid']
|
||||||
));
|
));
|
||||||
} elseif (AREA == 'admin' && $userinfo['customers_see_all'] == '0') {
|
} elseif (AREA == 'admin' && $userinfo['customers_see_all'] == '0') {
|
||||||
$chk_stmt = Database::prepare("
|
$chk_stmt = Database::prepare("
|
||||||
SELECT a.adminid FROM `" . TABLE_PANEL_ADMINS . "` a
|
SELECT a.adminid FROM `" . TABLE_PANEL_ADMINS . "` a
|
||||||
LEFT JOIN `" . TABLE_API_KEYS . "` ak ON ak.adminid = a.adminid
|
LEFT JOIN `" . TABLE_API_KEYS . "` ak ON ak.adminid = a.adminid
|
||||||
WHERE ak.`id` = :id AND a.`adminid` = :aid
|
WHERE ak.`id` = :id AND a.`adminid` = :aid
|
||||||
");
|
");
|
||||||
$chk = Database::pexecute_first($chk_stmt, array(
|
$chk = Database::pexecute_first($chk_stmt, array(
|
||||||
'id' => $id,
|
'id' => $id,
|
||||||
'aid' => $userinfo['adminid']
|
'aid' => $userinfo['adminid']
|
||||||
));
|
));
|
||||||
}
|
}
|
||||||
if ($chk !== false) {
|
if ($chk !== false) {
|
||||||
Database::pexecute($del_stmt, array(
|
Database::pexecute($del_stmt, array(
|
||||||
'id' => $id
|
'id' => $id
|
||||||
));
|
));
|
||||||
$success_message = sprintf($lng['apikeys']['apikey_removed'], $id);
|
$success_message = sprintf($lng['apikeys']['apikey_removed'], $id);
|
||||||
}
|
|
||||||
}
|
}
|
||||||
} elseif ($action == 'add') {
|
} elseif ($action == 'add') {
|
||||||
$ins_stmt = Database::prepare("
|
$ins_stmt = Database::prepare("
|
||||||
|
|||||||
@@ -169,12 +169,13 @@ class HTML
|
|||||||
* Values which will be given to $yesfile. Format: array(variable1=>value1, variable2=>value2, variable3=>value3)
|
* Values which will be given to $yesfile. Format: array(variable1=>value1, variable2=>value2, variable3=>value3)
|
||||||
* @param string $replacer
|
* @param string $replacer
|
||||||
* value of a possible existing string-replacer in the question
|
* value of a possible existing string-replacer in the question
|
||||||
|
* @param array $back_link
|
||||||
*
|
*
|
||||||
* @author Froxlor team <team@froxlor.org> (2010-)
|
* @author Froxlor team <team@froxlor.org> (2010-)
|
||||||
*
|
*
|
||||||
* @return string
|
* @return string
|
||||||
*/
|
*/
|
||||||
public static function askYesNo(string $text, string $yesfile, array $params = [], string $replacer = '')
|
public static function askYesNo(string $text, string $yesfile, array $params = [], string $replacer = '', array $back_link = [])
|
||||||
{
|
{
|
||||||
global $lng;
|
global $lng;
|
||||||
|
|
||||||
@@ -189,7 +190,8 @@ class HTML
|
|||||||
Panel\UI::view('form/yesnoquestion.html.twig', [
|
Panel\UI::view('form/yesnoquestion.html.twig', [
|
||||||
'action' => $yesfile,
|
'action' => $yesfile,
|
||||||
'url_params' => $params,
|
'url_params' => $params,
|
||||||
'question' => $text
|
'question' => $text,
|
||||||
|
'back_link' => $back_link
|
||||||
]);
|
]);
|
||||||
exit();
|
exit();
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -33,7 +33,7 @@ return [
|
|||||||
'd.domain_ace' => [
|
'd.domain_ace' => [
|
||||||
'label' => $lng['domains']['domainname'],
|
'label' => $lng['domains']['domainname'],
|
||||||
'field' => 'domain_ace',
|
'field' => 'domain_ace',
|
||||||
'callback' => [Domain::class, 'domainExternalLink'],
|
'callback' => [Domain::class, 'domainExternalLinkInfo'],
|
||||||
],
|
],
|
||||||
'd.documentroot' => [
|
'd.documentroot' => [
|
||||||
'label' => $lng['panel']['path'],
|
'label' => $lng['panel']['path'],
|
||||||
|
|||||||
@@ -2169,3 +2169,4 @@ $lng['panel']['settingsmodetoggle'] = 'Click to toggle mode';
|
|||||||
$lng['panel']['modalclose'] = 'Close';
|
$lng['panel']['modalclose'] = 'Close';
|
||||||
$lng['panel']['managetablecolumnsmodal']['title'] = 'Manage table columns';
|
$lng['panel']['managetablecolumnsmodal']['title'] = 'Manage table columns';
|
||||||
$lng['panel']['managetablecolumnsmodal']['description'] = 'Here you can customize the visible columns';
|
$lng['panel']['managetablecolumnsmodal']['description'] = 'Here you can customize the visible columns';
|
||||||
|
$lng['question']['apikey_reallydelete'] = 'Do you really want to delete this api-key?';
|
||||||
|
|||||||
@@ -1807,3 +1807,4 @@ $lng['panel']['settingsmodetoggle'] = 'Modus umschalten';
|
|||||||
$lng['panel']['modalclose'] = 'Schließen';
|
$lng['panel']['modalclose'] = 'Schließen';
|
||||||
$lng['panel']['managetablecolumnsmodal']['title'] = 'Tabellenspalten verwalten';
|
$lng['panel']['managetablecolumnsmodal']['title'] = 'Tabellenspalten verwalten';
|
||||||
$lng['panel']['managetablecolumnsmodal']['description'] = 'Hier können die angezeigten Tabellenspalten angepasst werden';
|
$lng['panel']['managetablecolumnsmodal']['description'] = 'Hier können die angezeigten Tabellenspalten angepasst werden';
|
||||||
|
$lng['question']['plan_reallydelete'] = 'Wollen Sie den Api-Key wirklich löschen?';
|
||||||
|
|||||||
@@ -23,7 +23,11 @@
|
|||||||
<input type="hidden" name="{{ id }}" value="{{ field }}"/>
|
<input type="hidden" name="{{ id }}" value="{{ field }}"/>
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
<button class="btn btn-danger" type="submit" name="submitbutton">{{ lng('panel.yes') }}</button>
|
<button class="btn btn-danger" type="submit" name="submitbutton">{{ lng('panel.yes') }}</button>
|
||||||
<a href="javascript:history.back(-1)" class="btn btn-secondary">{{ lng('panel.no') }}</a>
|
{% if back_link is defined and back_link is iterable %}
|
||||||
|
<a href="{{ linker(back_link) }}" class="btn btn-secondary">{{ lng('panel.no') }}</a>
|
||||||
|
{% else %}
|
||||||
|
<a href="javascript:history.back(-1)" class="btn btn-secondary">{{ lng('panel.no') }}</a>
|
||||||
|
{% endif %}
|
||||||
</p>
|
</p>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user