forked from hestiacp/hestiacp
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathindex.php
More file actions
64 lines (52 loc) · 1.38 KB
/
index.php
File metadata and controls
64 lines (52 loc) · 1.38 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check token
verify_csrf($_POST);
if ($_SESSION["userContext"] === "admin" && !empty($_GET["user"])) {
$user = quoteshellarg($_GET["user"]);
$user_plain = $_GET["user"];
}
// Checks if API access is enabled
$api_status =
!empty($_SESSION["API_SYSTEM"]) && is_numeric($_SESSION["API_SYSTEM"])
? $_SESSION["API_SYSTEM"]
: 0;
if (
($user_plain == $_SESSION["ROOT_USER"] && $api_status < 1) ||
($user_plain != $_SESSION["ROOT_USER"] && $api_status < 2)
) {
header("Location: /edit/user/");
exit();
}
if (empty($_POST["key"])) {
header("Location: /list/access-key/");
exit();
}
if (empty($_POST["action"])) {
header("Location: /list/access-key/");
exit();
}
$key = $_POST["key"];
$action = $_POST["action"];
switch ($action) {
case "delete":
$cmd = "v-delete-access-key";
break;
default:
header("Location: /list/access-key/");
exit();
}
foreach ($key as $value) {
$v_key = quoteshellarg(trim($value));
// Key data
exec(HESTIA_CMD . "v-list-access-key " . $v_key . " json", $output, $return_var);
$key_data = json_decode(implode("", $output), true);
unset($output);
if (!empty($key_data) && $key_data["USER"] == $user_plain) {
exec(HESTIA_CMD . $cmd . " " . $v_key, $output, $return_var);
unset($output);
}
}
header("Location: /list/access-key/");