You can not select more than 25 topics
			Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
		
		
		
		
		
			
		
			
				
					62 lines
				
				1.3 KiB
			
		
		
			
		
	
	
					62 lines
				
				1.3 KiB
			| 
											2 years ago
										 | <?php | ||
|  | use function Hestiacp\quoteshellarg\quoteshellarg; | ||
|  | 
 | ||
|  | ob_start(); | ||
|  | 
 | ||
|  | include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php"; | ||
|  | 
 | ||
|  | // Check token | ||
|  | verify_csrf($_POST); | ||
|  | 
 | ||
|  | if ($_SESSION["userContext"] === "admin" && !empty($_GET["user"])) { | ||
|  | 	$user = quoteshellarg($_GET["user"]); | ||
|  | 	$user_plain = $_GET["user"]; | ||
|  | } | ||
|  | 
 | ||
|  | // Checks if API access is enabled | ||
|  | $api_status = | ||
|  | 	!empty($_SESSION["API_SYSTEM"]) && is_numeric($_SESSION["API_SYSTEM"]) | ||
|  | 		? $_SESSION["API_SYSTEM"] | ||
|  | 		: 0; | ||
|  | if (($user_plain == "admin" && $api_status < 1) || ($user_plain != "admin" && $api_status < 2)) { | ||
|  | 	header("Location: /edit/user/"); | ||
|  | 	exit(); | ||
|  | } | ||
|  | 
 | ||
|  | if (empty($_POST["key"])) { | ||
|  | 	header("Location: /list/access-key/"); | ||
|  | 	exit(); | ||
|  | } | ||
|  | if (empty($_POST["action"])) { | ||
|  | 	header("Location: /list/access-key/"); | ||
|  | 	exit(); | ||
|  | } | ||
|  | 
 | ||
|  | $key = $_POST["key"]; | ||
|  | $action = $_POST["action"]; | ||
|  | 
 | ||
|  | switch ($action) { | ||
|  | 	case "delete": | ||
|  | 		$cmd = "v-delete-access-key"; | ||
|  | 		break; | ||
|  | 	default: | ||
|  | 		header("Location: /list/access-key/"); | ||
|  | 		exit(); | ||
|  | } | ||
|  | 
 | ||
|  | foreach ($key as $value) { | ||
|  | 	$v_key = quoteshellarg(trim($value)); | ||
|  | 
 | ||
|  | 	// Key data | ||
|  | 	exec(HESTIA_CMD . "v-list-access-key " . $v_key . " json", $output, $return_var); | ||
|  | 	$key_data = json_decode(implode("", $output), true); | ||
|  | 	unset($output); | ||
|  | 
 | ||
|  | 	if (!empty($key_data) && $key_data["USER"] == $user_plain) { | ||
|  | 		exec(HESTIA_CMD . $cmd . " " . $v_key, $output, $return_var); | ||
|  | 		unset($output); | ||
|  | 	} | ||
|  | } | ||
|  | 
 | ||
|  | header("Location: /list/access-key/"); |