From 83ff0f5b006468b705d0b9a82073d357363fa507 Mon Sep 17 00:00:00 2001 From: Michael Kaufmann Date: Fri, 2 Dec 2022 13:42:26 +0100 Subject: [PATCH] fix api-key creation Signed-off-by: Michael Kaufmann --- api_keys.php | 46 ++++++++++++++++++++++++++------------------- lng/english.lng.php | 7 ++++--- lng/german.lng.php | 7 ++++--- 3 files changed, 35 insertions(+), 25 deletions(-) diff --git a/api_keys.php b/api_keys.php index f29e97d6..f1bec666 100644 --- a/api_keys.php +++ b/api_keys.php @@ -70,26 +70,34 @@ if ($action == 'delete') { ), $id); } } -} elseif ($action == 'add' && isset($_POST['send']) && $_POST['send'] == 'send') { - $ins_stmt = Database::prepare(" - INSERT INTO `" . TABLE_API_KEYS . "` SET - `apikey` = :key, `secret` = :secret, `adminid` = :aid, `customerid` = :cid, `valid_until` = '-1', `allowed_from` = '' - "); - // customer generates for himself, admins will see a customer-select-box later - if (AREA == 'admin') { - $cid = 0; - } elseif (AREA == 'customer') { - $cid = $userinfo['customerid']; +} elseif ($action == 'add') { + + if (isset($_POST['send']) && $_POST['send'] == 'send') { + $ins_stmt = Database::prepare(" + INSERT INTO `" . TABLE_API_KEYS . "` SET + `apikey` = :key, `secret` = :secret, `adminid` = :aid, `customerid` = :cid, `valid_until` = '-1', `allowed_from` = '' + "); + // customer generates for himself, admins will see a customer-select-box later + if (AREA == 'admin') { + $cid = 0; + } elseif (AREA == 'customer') { + $cid = $userinfo['customerid']; + } + $key = hash('sha256', openssl_random_pseudo_bytes(64 * 64)); + $secret = hash('sha512', openssl_random_pseudo_bytes(64 * 64 * 4)); + Database::pexecute($ins_stmt, array( + 'key' => $key, + 'secret' => $secret, + 'aid' => $userinfo['adminid'], + 'cid' => $cid + )); + $success_message = $lng['apikeys']['apikey_added']; + } else { + \Froxlor\UI\HTML::askYesNo('api_reallyadd', $filename, array( + 'page' => $page, + 'action' => $action + ), $id); } - $key = hash('sha256', openssl_random_pseudo_bytes(64 * 64)); - $secret = hash('sha512', openssl_random_pseudo_bytes(64 * 64 * 4)); - Database::pexecute($ins_stmt, array( - 'key' => $key, - 'secret' => $secret, - 'aid' => $userinfo['adminid'], - 'cid' => $cid - )); - $success_message = $lng['apikeys']['apikey_added']; } elseif ($action == 'jqEditApiKey') { $keyid = isset($_POST['id']) ? (int) $_POST['id'] : 0; if (empty($keyid)) { diff --git a/lng/english.lng.php b/lng/english.lng.php index 6db57e54..89c990b5 100644 --- a/lng/english.lng.php +++ b/lng/english.lng.php @@ -2140,6 +2140,7 @@ $lng['error']['pathmustberelative'] = 'The user does not have the permission to $lng['serversettings']['acmeshpath']['title'] = 'Path to acme.sh'; $lng['serversettings']['acmeshpath']['description'] = 'Set this to where acme.sh is installed to, including the acme.sh script
Default is /root/.acme.sh/acme.sh'; -$lng['question']['api_reallydelete'] = 'Do you really want to delete the api-key #%d?'; -$lng['question']['dnsentry_reallydelete'] = 'Do you really want to delete the dns entry #%d?'; -$lng['question']['certificate_reallydelete'] = 'Do you really want to delete the certificate #%d?'; +$lng['question']['api_reallydelete'] = 'Do you really want to delete the api-key?'; +$lng['question']['api_reallyadd'] = 'Do you really want to create a new api-key?'; +$lng['question']['dnsentry_reallydelete'] = 'Do you really want to delete the dns entry?'; +$lng['question']['certificate_reallydelete'] = 'Do you really want to delete the certificate?'; diff --git a/lng/german.lng.php b/lng/german.lng.php index ff2a6628..ee318b63 100644 --- a/lng/german.lng.php +++ b/lng/german.lng.php @@ -1786,6 +1786,7 @@ $lng['error']['pathmustberelative'] = 'Der Benutzer hat nicht die benötigten Be $lng['serversettings']['acmeshpath']['title'] = 'Pfad zu acme.sh'; $lng['serversettings']['acmeshpath']['description'] = 'Installationspfad zu acme.sh, inklusive acme.sh Script
Standard ist /root/.acme.sh/acme.sh'; -$lng['question']['api_reallydelete'] = 'Api-Key #%d wirklich löschen?'; -$lng['question']['dnsentry_reallydelete'] = 'Zonen-Eintrag #%d wirklich löschen?'; -$lng['question']['certificate_reallydelete'] = 'Zertifikat #%d wirklich löschen?'; +$lng['question']['api_reallydelete'] = 'Api-Key wirklich löschen?'; +$lng['question']['api_reallyadd'] = 'Einen neuen Api-Key erstellen?'; +$lng['question']['dnsentry_reallydelete'] = 'Zonen-Eintrag wirklich löschen?'; +$lng['question']['certificate_reallydelete'] = 'Zertifikat wirklich löschen?';