fix api-key creation

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>

api_keys.php

@@ -70,26 +70,34 @@ if ($action == 'delete') {
 			), $id);
 		}
 	}
-} elseif ($action == 'add' && isset($_POST['send']) && $_POST['send'] == 'send') {
-	$ins_stmt = Database::prepare("
-		INSERT INTO `" . TABLE_API_KEYS . "` SET
-		`apikey` = :key, `secret` = :secret, `adminid` = :aid, `customerid` = :cid, `valid_until` = '-1', `allowed_from` = ''
-	");
-	// customer generates for himself, admins will see a customer-select-box later
-	if (AREA == 'admin') {
-		$cid = 0;
-	} elseif (AREA == 'customer') {
-		$cid = $userinfo['customerid'];
+} elseif ($action == 'add') {
+
+	if (isset($_POST['send']) && $_POST['send'] == 'send') {
+		$ins_stmt = Database::prepare("
+			INSERT INTO `" . TABLE_API_KEYS . "` SET
+			`apikey` = :key, `secret` = :secret, `adminid` = :aid, `customerid` = :cid, `valid_until` = '-1', `allowed_from` = ''
+		");
+		// customer generates for himself, admins will see a customer-select-box later
+		if (AREA == 'admin') {
+			$cid = 0;
+		} elseif (AREA == 'customer') {
+			$cid = $userinfo['customerid'];
+		}
+		$key = hash('sha256', openssl_random_pseudo_bytes(64 * 64));
+		$secret = hash('sha512', openssl_random_pseudo_bytes(64 * 64 * 4));
+		Database::pexecute($ins_stmt, array(
+			'key' => $key,
+			'secret' => $secret,
+			'aid' => $userinfo['adminid'],
+			'cid' => $cid
+		));
+		$success_message = $lng['apikeys']['apikey_added'];
+	} else {
+		\Froxlor\UI\HTML::askYesNo('api_reallyadd', $filename, array(
+			'page' => $page,
+			'action' => $action
+		), $id);
 	}
-	$key = hash('sha256', openssl_random_pseudo_bytes(64 * 64));
-	$secret = hash('sha512', openssl_random_pseudo_bytes(64 * 64 * 4));
-	Database::pexecute($ins_stmt, array(
-		'key' => $key,
-		'secret' => $secret,
-		'aid' => $userinfo['adminid'],
-		'cid' => $cid
-	));
-	$success_message = $lng['apikeys']['apikey_added'];
 } elseif ($action == 'jqEditApiKey') {
 	$keyid = isset($_POST['id']) ? (int) $_POST['id'] : 0;
 	if (empty($keyid)) {

lng/english.lng.php

@@ -2140,6 +2140,7 @@ $lng['error']['pathmustberelative'] = 'The user does not have the permission to
 $lng['serversettings']['acmeshpath']['title'] = 'Path to acme.sh';
 $lng['serversettings']['acmeshpath']['description'] = 'Set this to where acme.sh is installed to, including the acme.sh script<br>Default is <b>/root/.acme.sh/acme.sh</b>';
 
-$lng['question']['api_reallydelete'] = 'Do you really want to delete the api-key #%d?';
-$lng['question']['dnsentry_reallydelete'] = 'Do you really want to delete the dns entry #%d?';
-$lng['question']['certificate_reallydelete'] = 'Do you really want to delete the certificate #%d?';
+$lng['question']['api_reallydelete'] = 'Do you really want to delete the api-key?';
+$lng['question']['api_reallyadd'] = 'Do you really want to create a new api-key?';
+$lng['question']['dnsentry_reallydelete'] = 'Do you really want to delete the dns entry?';
+$lng['question']['certificate_reallydelete'] = 'Do you really want to delete the certificate?';

lng/german.lng.php

@@ -1786,6 +1786,7 @@ $lng['error']['pathmustberelative'] = 'Der Benutzer hat nicht die benötigten Be
 $lng['serversettings']['acmeshpath']['title'] = 'Pfad zu acme.sh';
 $lng['serversettings']['acmeshpath']['description'] = 'Installationspfad zu acme.sh, inklusive acme.sh Script<br>Standard ist <b>/root/.acme.sh/acme.sh</b>';
 
-$lng['question']['api_reallydelete'] = 'Api-Key #%d wirklich löschen?';
-$lng['question']['dnsentry_reallydelete'] = 'Zonen-Eintrag #%d wirklich löschen?';
-$lng['question']['certificate_reallydelete'] = 'Zertifikat #%d wirklich löschen?';
+$lng['question']['api_reallydelete'] = 'Api-Key wirklich löschen?';
+$lng['question']['api_reallyadd'] = 'Einen neuen Api-Key erstellen?';
+$lng['question']['dnsentry_reallydelete'] = 'Zonen-Eintrag wirklich löschen?';
+$lng['question']['certificate_reallydelete'] = 'Zertifikat wirklich löschen?';