Update so you can assign user to "Admin" privilegees when logging in

Author: jaapmarcus

bin/v-change-user-package

@@ -104,6 +104,7 @@ RKEY='$RKEY'
 TWOFA='$TWOFA'
 QRCODE='$QRCODE'
 PHPCLI='$PHPCLI'
+ROLE='$ROLE'
 SUSPENDED='$SUSPENDED'
 SUSPENDED_USERS='$SUSPENDED_USERS'
 SUSPENDED_WEB='$SUSPENDED_WEB'

bin/v-change-user-role

@@ -0,0 +1,42 @@
+#!/bin/bash
+# info: updates user role
+# options: USER ROLE
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Argument definition
+user=$1
+role=$2
+
+
+# Includes
+source $HESTIA/func/main.sh
+source $HESTIA/conf/hestia.conf
+
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+# Reading user values
+source $USER_DATA/user.conf
+
+is_format_valid 'user' 'role'
+is_object_valid 'user' 'USER' "$user"
+
+is_object_unsuspended 'user' 'USER' "$user"
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+update_user_value "$user" '$ROLE' "$role"
+
+
+#----------------------------------------------------------#
+#                       Hestia                             #
+#----------------------------------------------------------#
+
+exit

bin/v-get-user-salt

@@ -61,7 +61,7 @@ check_args '1' "$#" 'USER [IP] [SALT]'
 is_format_valid 'user'
 
 # Checking user
-if [ ! -d "$HESTIA/data/users/$user" ] && [ "$user" != 'root' ]; then
+if [ ! -d "$HESTIA/data/users/$user" ]; then
     echo "Error: password missmatch"
     echo "$date $time $user $ip failed to login" >> $HESTIA/log/auth.log
     exit 9

bin/v-list-user

@@ -45,6 +45,7 @@ json_list() {
         "RKEY": "'$RKEY'",
         "TWOFA": "'$TWOFA'",
         "QRCODE": "'$QRCODE'",
+        "ROLE": "'$ROLE'",
         "SUSPENDED": "'$SUSPENDED'",
         "SUSPENDED_USERS": "'$SUSPENDED_USERS'",
         "SUSPENDED_WEB": "'$SUSPENDED_WEB'",

func/main.sh

@@ -890,6 +890,13 @@ is_object_format_valid() {
     fi
 }
 
+# Role validator 
+is_role_valid (){
+    if ! [[ "$1" =~ ^admin|user$ ]]; then
+        check_result $E_INVALID "invalid $2 format :: $1"
+    fi
+}
+
 # Password validator
 is_password_format_valid() {
     if [ "${#1}" -lt '6' ]; then
@@ -979,6 +986,7 @@ is_format_valid() {
                 quota)          is_int_format_valid "$arg" 'quota' ;;
                 record)         is_common_format_valid "$arg" 'record';;
                 restart)        is_boolean_format_valid "$arg" 'restart' ;;
+                role)           is_role_valid "$arg" 'role' ;;
                 rtype)          is_dns_type_format_valid "$arg" ;;
                 rule)           is_int_format_valid "$arg" "rule id" ;;
                 service)        is_service_format_valid "$arg" "$arg_name" ;;

func/rebuild.sh

@@ -31,6 +31,9 @@ rebuild_user_conf() {
     if [ -z "${PHPCLI+x}" ]; then 
         sed -i "/QRCODE/a PHPCLI=''" $USER_DATA/user.conf 
     fi
+    if [ -z "${ROLE+x}" ]; then 
+        sed -i "/PHPCLI/a ROLE='user'" $USER_DATA/user.conf 
+    fi
     # Run template trigger
     if [ -x "$HESTIA/data/packages/$PACKAGE.sh" ]; then
         $HESTIA/data/packages/$PACKAGE.sh "$user" "$CONTACT" "$NAME"

web/add/user/index.php

@@ -77,6 +77,14 @@
         unset($output);
     }
 
+    // Set Role
+    if (empty($_SESSION['error_msg'])) {
+        $v_role = escapeshellarg($_POST['v_role']);
+        exec (HESTIA_CMD."v-change-user-role ".$v_username." ".$v_role, $output, $return_var);
+        check_return_code($return_var,$output);
+        unset($output);
+    }
+
     // Send email to the new user
     if ((empty($_SESSION['error_msg'])) && (!empty($v_notify))) {
         $to = $_POST['v_notify'];

web/edit/user/index.php

@@ -38,6 +38,7 @@
 $v_twofa = $data[$v_username]['TWOFA'];
 $v_qrcode = $data[$v_username]['QRCODE'];
 $v_phpcli = $data[$v_username]['PHPCLI'];
+$v_role = $data[$v_username]['ROLE'];
 $v_ns = $data[$v_username]['NS'];
 $nameservers = explode(",", $v_ns);
 $v_ns1 = $nameservers[0];
@@ -157,7 +158,14 @@
         check_return_code($return_var,$output);
         unset($output);
     }
-
+    // Change Role (admin only)
+    if (($v_role != $_POST['$v_role']) && ($_SESSION['user'] == 'admin') && (empty($_SESSION['error_msg']))) {
+        $v_role = escapeshellarg($_POST['v_role']);
+        exec (HESTIA_CMD."v-change-user-role ".escapeshellarg($v_username)." ".$v_role, $output, $return_var);
+        check_return_code($return_var,$output);
+        unset($output);
+        $v_role = $_POST['v_role'];
+    }
     // Change language
     if (($v_language != $_POST['v_language']) && (empty($_SESSION['error_msg']))) {
         $v_language = escapeshellarg($_POST['v_language']);

web/inc/i18n/en.php

@@ -228,7 +228,7 @@
     'STARTTLS'  => 'STARTTLS',
     'Normal password'  => 'Normal Password',
     'database'  => 'Database',
-    'User'  => 'Username',
+    'User'  => 'User',
     'Host'  => 'Hostname',
     'Charset'  => 'Charset',
     'Min'  => 'Minute',

web/login/index.php

@@ -41,16 +41,9 @@ function authenticate_user(){
         if(!empty($_SERVER['HTTP_CF_CONNECTING_IP'])){
             $v_ip = escapeshellarg($_SERVER['HTTP_CF_CONNECTING_IP']);
         }
-    }
-    if($_POST['user'] == 'root'){
-        unset($_POST['password']);
-        unset($_POST['user']);
-        $error = "<a class=\"error\">".__('Login with <strong>root</strong> account has been disabled')."</a>";
-        return $error;                  
     }    
 
-     
-     // Get user's salt
+    // Get user's salt
     $output = '';
     exec (HESTIA_CMD."v-get-user-salt ".$v_user." ".$v_ip." json" , $output, $return_var);
     $pam = json_decode(implode('', $output), true);
@@ -100,7 +93,7 @@ function authenticate_user(){
                 // Get user speciefic parameters
                 exec (HESTIA_CMD . "v-list-user ".$v_user." json", $output, $return_var);
                 $data = json_decode(implode('', $output), true);
-
+                unset($output);
                 // Check if 2FA is active
                 if ($data[$_POST['user']]['TWOFA'] != '') {
                    if (empty($_POST['twofa'])){
@@ -117,6 +110,12 @@ function authenticate_user(){
                         }
                    }
                 }
+                
+                if ($data[$_POST['user']]['ROLE'] == 'admin'){
+                    exec (HESTIA_CMD . "v-list-user admin json", $output, $return_var);
+                    $data = json_decode(implode('', $output), true);
+                    unset($output);
+                }
                 // Define session user
                 $_SESSION['user'] = key($data);
                 $v_user = $_SESSION['user'];