From d7550ae58a434562bde13d3f98155d498653e817 Mon Sep 17 00:00:00 2001 From: Michael Kaufmann Date: Fri, 6 Mar 2020 22:10:01 +0100 Subject: [PATCH] fix deactivated check in api Signed-off-by: Michael Kaufmann --- lib/Froxlor/Api/FroxlorRPC.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/Froxlor/Api/FroxlorRPC.php b/lib/Froxlor/Api/FroxlorRPC.php index f5af0cf2..3a21f330 100644 --- a/lib/Froxlor/Api/FroxlorRPC.php +++ b/lib/Froxlor/Api/FroxlorRPC.php @@ -56,18 +56,18 @@ class FroxlorRPC private static function validateAuth($key, $secret) { $sel_stmt = \Froxlor\Database\Database::prepare(" - SELECT ak.*, a.api_allowed as admin_api_allowed, c.api_allowed as cust_api_allowed + SELECT ak.*, a.api_allowed as admin_api_allowed, c.api_allowed as cust_api_allowed, c.deactivated FROM `api_keys` ak LEFT JOIN `panel_admins` a ON a.adminid = ak.adminid LEFT JOIN `panel_customers` c ON c.customerid = ak.customerid - WHERE `apikey` = :ak AND `secret` = :as AND c.deactivated = 0 + WHERE `apikey` = :ak AND `secret` = :as "); $result = \Froxlor\Database\Database::pexecute_first($sel_stmt, array( 'ak' => $key, 'as' => $secret ), true, true); if ($result) { - if ($result['apikey'] == $key && $result['secret'] == $secret && ($result['valid_until'] == - 1 || $result['valid_until'] >= time()) && (($result['customerid'] == 0 && $result['admin_api_allowed'] == 1) || ($result['customerid'] > 0 && $result['cust_api_allowed'] == 1))) { + if ($result['apikey'] == $key && $result['secret'] == $secret && ($result['valid_until'] == - 1 || $result['valid_until'] >= time()) && (($result['customerid'] == 0 && $result['admin_api_allowed'] == 1) || ($result['customerid'] > 0 && $result['cust_api_allowed'] == 1 && $result['deactivated'] == 0))) { // get user to check whether api call is allowed if (! empty($result['allowed_from'])) { // @todo allow specification and validating of whole subnets later