From abf3328ea9ec37f793553c31eee9fba4120b7891 Mon Sep 17 00:00:00 2001
From: Michael Kaufmann <d00p@froxlor.org>
Date: Fri, 2 Dec 2022 13:42:33 +0100
Subject: [PATCH] fix api-key creation

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
---
 api_keys.php   | 51 ++++++++++++++++++++++++++++++--------------------
 lng/de.lng.php |  1 +
 lng/en.lng.php |  1 +
 3 files changed, 33 insertions(+), 20 deletions(-)

diff --git a/api_keys.php b/api_keys.php
index b8b91d08..8e34658c 100644
--- a/api_keys.php
+++ b/api_keys.php
@@ -93,29 +93,40 @@ if ($action == 'delete' && $id > 0) {
 			'page' => $page
 		]);
 	}
-} elseif (isset($_POST['send']) && $_POST['send'] == 'send' && $action == 'add') {
-	$ins_stmt = Database::prepare("
-		INSERT INTO `" . TABLE_API_KEYS . "` SET
-		`apikey` = :key, `secret` = :secret, `adminid` = :aid, `customerid` = :cid, `valid_until` = '-1', `allowed_from` = ''
-	");
-	// customer generates for himself, admins will see a customer-select-box later
-	if (AREA == 'admin') {
-		$cid = 0;
-	} elseif (AREA == 'customer') {
-		$cid = $userinfo['customerid'];
+} elseif ($action == 'add') {
+	if (isset($_POST['send']) && $_POST['send'] == 'send') {
+		$ins_stmt = Database::prepare("
+			INSERT INTO `" . TABLE_API_KEYS . "` SET
+			`apikey` = :key, `secret` = :secret, `adminid` = :aid, `customerid` = :cid, `valid_until` = '-1', `allowed_from` = ''
+		");
+		// customer generates for himself, admins will see a customer-select-box later
+		if (AREA == 'admin') {
+			$cid = 0;
+		} elseif (AREA == 'customer') {
+			$cid = $userinfo['customerid'];
+		}
+		$key = hash('sha256', openssl_random_pseudo_bytes(64 * 64));
+		$secret = hash('sha512', openssl_random_pseudo_bytes(64 * 64 * 4));
+		Database::pexecute($ins_stmt, [
+			'key' => $key,
+			'secret' => $secret,
+			'aid' => $userinfo['adminid'],
+			'cid' => $cid
+		]);
+		Response::standardSuccess('apikeys.apikey_added', '', [
+			'filename' => $filename,
+			'page' => $page
+		]);
 	}
-	$key = hash('sha256', openssl_random_pseudo_bytes(64 * 64));
-	$secret = hash('sha512', openssl_random_pseudo_bytes(64 * 64 * 4));
-	Database::pexecute($ins_stmt, [
-		'key' => $key,
-		'secret' => $secret,
-		'aid' => $userinfo['adminid'],
-		'cid' => $cid
-	]);
-	Response::standardSuccess('apikeys.apikey_added', '', [
-		'filename' => $filename,
+	HTML::askYesNo('apikey_reallyadd', $filename, [
+		'id' => $id,
+		'page' => $page,
+		'action' => $action
+	], '', [
+		'section' => 'index',
 		'page' => $page
 	]);
+	exit;
 }
 
 $log->logAction(FroxlorLogger::USR_ACTION, LOG_NOTICE, "viewed api::api_keys");
diff --git a/lng/de.lng.php b/lng/de.lng.php
index 703928ec..c0ede0c8 100644
--- a/lng/de.lng.php
+++ b/lng/de.lng.php
@@ -1274,6 +1274,7 @@ Vielen Dank, Ihr Administrator',
 		'admin_integritycheck_reallyfix' => 'M&ouml;chten Sie wirklich versuchen s&auml;mtliche Datenbank-Integrit&auml;tsprobleme automatisch zu beheben?',
 		'plan_reallydelete' => 'Wollen Sie den Hostingplan %s wirklich löschen?',
 		'apikey_reallydelete' => 'Wollen Sie den Api-Key wirklich löschen?',
+		'apikey_reallyadd' => 'Einen neuen Api-Key erstellen?',
 		'dnsentry_reallydelete' => 'Wollen Sie den DNS-Eintrag wirklich löschen?',
 		'certificate_reallydelete' => 'Wollen Sie diese Zertifikat wirklich löschen?',
 	],
diff --git a/lng/en.lng.php b/lng/en.lng.php
index 991523bc..a7785577 100644
--- a/lng/en.lng.php
+++ b/lng/en.lng.php
@@ -1386,6 +1386,7 @@ Yours sincerely, your administrator',
 		'admin_integritycheck_reallyfix' => 'Do you really want to try fixing all database integrity problems automatically?',
 		'plan_reallydelete' => 'Do you really want to delete the hosting plan %s?',
 		'apikey_reallydelete' => 'Do you really want to delete this api-key?',
+		'apikey_reallyadd' => 'Do you really want to create a new api-key?',
 		'dnsentry_reallydelete' => 'Do you really want to delete this zone entry?',
 		'certificate_reallydelete' => 'Do you really want to delete this certificate?',
 	],