fix editing api-keys as customer
Signed-off-by: Michael Kaufmann <michael.kaufmann@aixit.com>
This commit is contained in:
Michael Kaufmann
12
api_keys.php
12
api_keys.php
@@ -26,6 +26,7 @@ if (! defined('AREA')) {
|
|||||||
$del_stmt = Database::prepare("DELETE FROM `" . TABLE_API_KEYS . "` WHERE id = :id");
|
$del_stmt = Database::prepare("DELETE FROM `" . TABLE_API_KEYS . "` WHERE id = :id");
|
||||||
$success_message = "";
|
$success_message = "";
|
||||||
$id = isset($_GET['id']) ? (int) $_GET['id'] : 0;
|
$id = isset($_GET['id']) ? (int) $_GET['id'] : 0;
|
||||||
|
$area = AREA;
|
||||||
|
|
||||||
// do the delete and then just show a success-message and the apikeys list again
|
// do the delete and then just show a success-message and the apikeys list again
|
||||||
if ($action == 'delete') {
|
if ($action == 'delete') {
|
||||||
@@ -85,7 +86,16 @@ if ($action == 'delete') {
|
|||||||
$allowed_from = isset($_POST['allowed_from']) ? $_POST['allowed_from'] : "";
|
$allowed_from = isset($_POST['allowed_from']) ? $_POST['allowed_from'] : "";
|
||||||
$valid_until = isset($_POST['valid_until']) ? (int)$_POST['valid_until'] : -1;
|
$valid_until = isset($_POST['valid_until']) ? (int)$_POST['valid_until'] : -1;
|
||||||
|
|
||||||
// @todo validate allowed_from
|
// validate allowed_from
|
||||||
|
$ip_list = explode(",", $allowed_from);
|
||||||
|
$_check_list = $ip_list;
|
||||||
|
foreach ($_check_list as $idx => $ip) {
|
||||||
|
if (validate_ip2($ip, true, 'invalidip', true, true) == false) {
|
||||||
|
unset ($ip_list[$idx]);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
$ip_list = array_map('inet_pton', $ip_list);
|
||||||
|
$allowed_from = implode(",", array_unique($ip_list));
|
||||||
|
|
||||||
if ($valid_until <= 0 || !is_numeric($valid_until)) {
|
if ($valid_until <= 0 || !is_numeric($valid_until)) {
|
||||||
$valid_until = -1;
|
$valid_until = -1;
|
||||||
|
|||||||
@@ -23,10 +23,7 @@ if (! defined('_CRON_UPDATE')) {
|
|||||||
|
|
||||||
if (isFroxlorVersion('0.9.39.5')) {
|
if (isFroxlorVersion('0.9.39.5')) {
|
||||||
showUpdateStep("Updating from 0.9.39.5 to 0.10.0", false);
|
showUpdateStep("Updating from 0.9.39.5 to 0.10.0", false);
|
||||||
updateToVersion('0.10.0');
|
|
||||||
}
|
|
||||||
|
|
||||||
if (isFroxlorVersion('0.10.0')) {
|
|
||||||
showUpdateStep("Adding new api keys table");
|
showUpdateStep("Adding new api keys table");
|
||||||
Database::query("DROP TABLE IF EXISTS `api_keys`;");
|
Database::query("DROP TABLE IF EXISTS `api_keys`;");
|
||||||
$sql = "CREATE TABLE `api_keys` (
|
$sql = "CREATE TABLE `api_keys` (
|
||||||
@@ -43,15 +40,15 @@ if (isFroxlorVersion('0.10.0')) {
|
|||||||
) ENGINE=MyISAM CHARSET=utf8 COLLATE=utf8_general_ci;";
|
) ENGINE=MyISAM CHARSET=utf8 COLLATE=utf8_general_ci;";
|
||||||
Database::query($sql);
|
Database::query($sql);
|
||||||
lastStepStatus(0);
|
lastStepStatus(0);
|
||||||
|
|
||||||
showUpdateStep("Adding new api settings");
|
showUpdateStep("Adding new api settings");
|
||||||
Settings::AddNew('api.enabled', 0);
|
Settings::AddNew('api.enabled', 0);
|
||||||
lastStepStatus(0);
|
lastStepStatus(0);
|
||||||
|
|
||||||
showUpdateStep("Adding new default-ssl-ip setting");
|
showUpdateStep("Adding new default-ssl-ip setting");
|
||||||
Settings::AddNew('system.defaultsslip', '');
|
Settings::AddNew('system.defaultsslip', '');
|
||||||
lastStepStatus(0);
|
lastStepStatus(0);
|
||||||
|
|
||||||
showUpdateStep("Altering admin ip's field to allow multiple ip addresses");
|
showUpdateStep("Altering admin ip's field to allow multiple ip addresses");
|
||||||
// get all admins for updating the new field
|
// get all admins for updating the new field
|
||||||
$sel_stmt = Database::prepare("SELECT adminid, ip FROM `panel_admins`");
|
$sel_stmt = Database::prepare("SELECT adminid, ip FROM `panel_admins`");
|
||||||
@@ -60,9 +57,14 @@ if (isFroxlorVersion('0.10.0')) {
|
|||||||
Database::query("ALTER TABLE `panel_admins` MODIFY `ip` varchar(500) NOT NULL default '-1';");
|
Database::query("ALTER TABLE `panel_admins` MODIFY `ip` varchar(500) NOT NULL default '-1';");
|
||||||
$upd_stmt = Database::prepare("UPDATE `panel_admins` SET `ip` = :ip WHERE `adminid` = :adminid");
|
$upd_stmt = Database::prepare("UPDATE `panel_admins` SET `ip` = :ip WHERE `adminid` = :adminid");
|
||||||
foreach ($all_admins as $adm) {
|
foreach ($all_admins as $adm) {
|
||||||
if ($admin['ip'] != '-1') {
|
if ($adm['ip'] != '-1') {
|
||||||
Database::pexecute($upd_stmt, array('ip' => json_encode($adm['ip']), 'adminid' => $adm['adminid']));
|
Database::pexecute($upd_stmt, array(
|
||||||
|
'ip' => json_encode($adm['ip']),
|
||||||
|
'adminid' => $adm['adminid']
|
||||||
|
));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
lastStepStatus(0);
|
lastStepStatus(0);
|
||||||
|
|
||||||
|
updateToVersion('0.10.0');
|
||||||
}
|
}
|
||||||
|
|||||||
3
templates/Sparkle/api_keys/keys_key.tpl
vendored
3
templates/Sparkle/api_keys/keys_key.tpl
vendored
@@ -23,6 +23,7 @@
|
|||||||
<div id="dialog-{$row['id']}" title="API-key / Secret" class="hidden api-dialog">
|
<div id="dialog-{$row['id']}" title="API-key / Secret" class="hidden api-dialog">
|
||||||
<form action="{$linker->getLink(array('section' => 'apikeys'))}" method="post" enctype="application/x-www-form-urlencoded">
|
<form action="{$linker->getLink(array('section' => 'apikeys'))}" method="post" enctype="application/x-www-form-urlencoded">
|
||||||
<input type="hidden" name="id" value="{$row['id']}"/>
|
<input type="hidden" name="id" value="{$row['id']}"/>
|
||||||
|
<input type="hidden" name="area" value="{$area}"/>
|
||||||
<table class="full hl">
|
<table class="full hl">
|
||||||
<tr>
|
<tr>
|
||||||
<th>API-key</th><td><input type="text" value="{$row['apikey']}" readonly/></td>
|
<th>API-key</th><td><input type="text" value="{$row['apikey']}" readonly/></td>
|
||||||
@@ -40,4 +41,4 @@
|
|||||||
</form>
|
</form>
|
||||||
</div>
|
</div>
|
||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
|
|||||||
5
templates/Sparkle/assets/js/apikey.js
vendored
5
templates/Sparkle/assets/js/apikey.js
vendored
@@ -22,6 +22,7 @@ $(document).ready(function() {
|
|||||||
var sid = getUrlParameter('s');
|
var sid = getUrlParameter('s');
|
||||||
var page = getUrlParameter('page');
|
var page = getUrlParameter('page');
|
||||||
|
|
||||||
|
var area = $('#dialog-' + id + ' input[name="area"]').val();
|
||||||
var apikey_id = $('#dialog-' + id + ' input[name="id"]').val();
|
var apikey_id = $('#dialog-' + id + ' input[name="id"]').val();
|
||||||
var allowed_from = $('#dialog-' + id + ' input[name="allowed_from"]').val();
|
var allowed_from = $('#dialog-' + id + ' input[name="allowed_from"]').val();
|
||||||
var valid_until = $('#dialog-' + id + ' input[name="valid_until"]').val();
|
var valid_until = $('#dialog-' + id + ' input[name="valid_until"]').val();
|
||||||
@@ -33,7 +34,7 @@ $(document).ready(function() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
$.ajax({
|
$.ajax({
|
||||||
url: "admin_index.php?s="+sid+"&page="+page+"&action=jqEditApiKey",
|
url: area + "_index.php?s="+sid+"&page="+page+"&action=jqEditApiKey",
|
||||||
type: "POST",
|
type: "POST",
|
||||||
data: {
|
data: {
|
||||||
id: apikey_id, allowed_from: allowed_from, valid_until: s
|
id: apikey_id, allowed_from: allowed_from, valid_until: s
|
||||||
@@ -41,7 +42,7 @@ $(document).ready(function() {
|
|||||||
dataType: "json",
|
dataType: "json",
|
||||||
success: function(json) {
|
success: function(json) {
|
||||||
$('#dialog-' + id).dialog("close");
|
$('#dialog-' + id).dialog("close");
|
||||||
location.href = "admin_index.php?s="+sid+"&page="+page;
|
location.href = area + "_index.php?s="+sid+"&page="+page;
|
||||||
},
|
},
|
||||||
error: function(a, b) {
|
error: function(a, b) {
|
||||||
console.log(a, b);
|
console.log(a, b);
|
||||||
|
|||||||
Reference in New Issue
Block a user