fix api-key creation

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>

api_keys.php

@@ -93,29 +93,40 @@ if ($action == 'delete' && $id > 0) {
 			'page' => $page
 		]);
 	}
-} elseif (isset($_POST['send']) && $_POST['send'] == 'send' && $action == 'add') {
+} elseif ($action == 'add') {
-	$ins_stmt = Database::prepare("
+	if (isset($_POST['send']) && $_POST['send'] == 'send') {
-		INSERT INTO `" . TABLE_API_KEYS . "` SET
+		$ins_stmt = Database::prepare("
-		`apikey` = :key, `secret` = :secret, `adminid` = :aid, `customerid` = :cid, `valid_until` = '-1', `allowed_from` = ''
+			INSERT INTO `" . TABLE_API_KEYS . "` SET
-	");
+			`apikey` = :key, `secret` = :secret, `adminid` = :aid, `customerid` = :cid, `valid_until` = '-1', `allowed_from` = ''
-	// customer generates for himself, admins will see a customer-select-box later
+		");
-	if (AREA == 'admin') {
+		// customer generates for himself, admins will see a customer-select-box later
-		$cid = 0;
+		if (AREA == 'admin') {
-	} elseif (AREA == 'customer') {
+			$cid = 0;
-		$cid = $userinfo['customerid'];
+		} elseif (AREA == 'customer') {
+			$cid = $userinfo['customerid'];
+		}
+		$key = hash('sha256', openssl_random_pseudo_bytes(64 * 64));
+		$secret = hash('sha512', openssl_random_pseudo_bytes(64 * 64 * 4));
+		Database::pexecute($ins_stmt, [
+			'key' => $key,
+			'secret' => $secret,
+			'aid' => $userinfo['adminid'],
+			'cid' => $cid
+		]);
+		Response::standardSuccess('apikeys.apikey_added', '', [
+			'filename' => $filename,
+			'page' => $page
+		]);
 	}
-	$key = hash('sha256', openssl_random_pseudo_bytes(64 * 64));
+	HTML::askYesNo('apikey_reallyadd', $filename, [
-	$secret = hash('sha512', openssl_random_pseudo_bytes(64 * 64 * 4));
+		'id' => $id,
-	Database::pexecute($ins_stmt, [
+		'page' => $page,
-		'key' => $key,
+		'action' => $action
-		'secret' => $secret,
+	], '', [
-		'aid' => $userinfo['adminid'],
+		'section' => 'index',
-		'cid' => $cid
-	]);
-	Response::standardSuccess('apikeys.apikey_added', '', [
-		'filename' => $filename,
 		'page' => $page
 	]);
+	exit;
 }
 
 $log->logAction(FroxlorLogger::USR_ACTION, LOG_NOTICE, "viewed api::api_keys");

lng/de.lng.php

@@ -1274,6 +1274,7 @@ Vielen Dank, Ihr Administrator',
 		'admin_integritycheck_reallyfix' => 'Möchten Sie wirklich versuchen sämtliche Datenbank-Integritätsprobleme automatisch zu beheben?',
 		'plan_reallydelete' => 'Wollen Sie den Hostingplan %s wirklich löschen?',
 		'apikey_reallydelete' => 'Wollen Sie den Api-Key wirklich löschen?',
+		'apikey_reallyadd' => 'Einen neuen Api-Key erstellen?',
 		'dnsentry_reallydelete' => 'Wollen Sie den DNS-Eintrag wirklich löschen?',
 		'certificate_reallydelete' => 'Wollen Sie diese Zertifikat wirklich löschen?',
 	],

lng/en.lng.php

@@ -1386,6 +1386,7 @@ Yours sincerely, your administrator',
 		'admin_integritycheck_reallyfix' => 'Do you really want to try fixing all database integrity problems automatically?',
 		'plan_reallydelete' => 'Do you really want to delete the hosting plan %s?',
 		'apikey_reallydelete' => 'Do you really want to delete this api-key?',
+		'apikey_reallyadd' => 'Do you really want to create a new api-key?',
 		'dnsentry_reallydelete' => 'Do you really want to delete this zone entry?',
 		'certificate_reallydelete' => 'Do you really want to delete this certificate?',
 	],