<?php use function Hestiacp\quoteshellarg\quoteshellarg; ob_start(); $TAB = "Access Key"; // Main include include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php"; // Checks if API access is enabled $api_status = !empty($_SESSION["API_SYSTEM"]) && is_numeric($_SESSION["API_SYSTEM"]) ? $_SESSION["API_SYSTEM"] : 0; if (($user_plain == "admin" && $api_status < 1) || ($user_plain != "admin" && $api_status < 2)) { header("Location: /edit/user/"); exit(); } // APIs available exec(HESTIA_CMD . "v-list-apis json", $output, $return_var); $apis = json_decode(implode("", $output), true); $apis = array_filter($apis, function ($api) use ($user_plain) { return $user_plain == "admin" || $api["ROLE"] == "user"; }); ksort($apis); unset($output); // Check POST request if (!empty($_POST["ok"])) { // Check token verify_csrf($_POST); // Validate apis $apis_selected = !empty($_POST["v_apis"]) && is_array($_POST["v_apis"]) ? $_POST["v_apis"] : []; $check_invalid_apis = array_filter($apis_selected, function ($selected) use ($apis) { return !array_key_exists($selected, $apis); }); if (empty($apis_selected)) { $errors[] = _("Permissions"); } elseif (count($check_invalid_apis) > 0) { //$errors[] = sprintf("%d apis not allowed", count($check_invalid_apis)); foreach ($check_invalid_apis as $api_name) { $errors[] = sprintf("API %s not allowed", $api_name); } } if (!empty($errors[0])) { foreach ($errors as $i => $error) { if ($i == 0) { $error_msg = $error; } else { $error_msg = $error_msg . ", " . $error; } } $_SESSION["error_msg"] = sprintf(_('Field "%s" can not be blank.'), $error_msg); } // Protect input $v_apis = quoteshellarg(implode(",", $apis_selected)); $v_comment = quoteshellarg(trim($_POST["v_comment"] ?? "")); // Add access key if (empty($_SESSION["error_msg"])) { exec( HESTIA_CMD . "v-add-access-key " . $user . " " . $v_apis . " " . $v_comment . " json", $output, $return_var, ); $key_data = json_decode(implode("", $output), true); check_return_code($return_var, $output); unset($output); } // Flush field values on success if (empty($_SESSION["error_msg"])) { $_SESSION["ok_msg"] = htmlify_trans( sprintf( _("Access key {%s} has been created successfully."), htmlentities($key_data["ACCESS_KEY_ID"]), ), "</code>", "<code>", ); unset($apis_selected); unset($check_invalid_apis); unset($v_apis); unset($v_comment); } } // Render if (empty($key_data)) { render_page($user, $TAB, "add_access_key"); } else { render_page($user, $TAB, "list_access_key"); } // Flush session messages unset($_SESSION["error_msg"]); unset($_SESSION["ok_msg"]);