complete phpmyadmin

2025-11-07 13:56:01 +01:00 · 2020-08-09 12:45:18 +05:00
parent f8219f6f37
commit 0438b47207
9 changed files with 131 additions and 29 deletions
--- a/databases/static/databases/databases.js
+++ b/databases/static/databases/databases.js
@@ -568,9 +568,12 @@ app.controller('listDBs', function ($scope, $http) {


 app.controller('phpMyAdmin', function ($scope, $http, $window) {
+    $scope.cyberPanelLoading = true;

    $scope.generateAccess = function() {

+        $scope.cyberPanelLoading = false;
+
        url = "/dataBases/generateAccess";

        var data = {};
@@ -586,15 +589,16 @@ app.controller('phpMyAdmin', function ($scope, $http, $window) {


        function ListInitialDatas(response) {
-
+            $scope.cyberPanelLoading = true;
            if (response.data.status === 1) {
-                $window.location.href = '/phpmyadmin';
+                var rUrl = '/phpmyadmin/signin.php?username=' + response.data.username + '&token=' + response.data.token;
+                $window.location.href = rUrl;
            }
            else {}

        }

-        function cantLoadInitialDatas(response) {}
+        function cantLoadInitialDatas(response) {$scope.cyberPanelLoading = true;}

    }

--- a/databases/templates/databases/phpMyAdmin.html
+++ b/databases/templates/databases/phpMyAdmin.html
@@ -24,8 +24,7 @@
                    <p>{% trans "Auto-login for PHPMYAdmin is now supported. Click the button below to generate auto-access for PHPMYAdmin" %}</p>
                    <br>
                    <a ng-click="generateAccess()" href="#">
-                        <button class="btn btn-primary">Access Now
-                        </button>
+                        <button class="btn btn-primary">Access Now <img ng-hide="cyberPanelLoading" src="{% static 'images/loading.gif' %}"></button>
                    </a>

                </div>
--- a/databases/urls.py
+++ b/databases/urls.py
@@ -18,4 +18,5 @@ urlpatterns = [
    url(r'^allowRemoteIP$', views.allowRemoteIP, name='allowRemoteIP'),
    url(r'^phpMyAdmin$', views.phpMyAdmin, name='phpMyAdmin'),
    url(r'^generateAccess$', views.generateAccess, name='generateAccess'),
+    url(r'^fetchDetailsPHPMYAdmin$', views.fetchDetailsPHPMYAdmin, name='fetchDetailsPHPMYAdmin'),
 ]
--- a/databases/views.py
+++ b/databases/views.py
@@ -162,9 +162,12 @@ def generateAccess(request):
        currentACL = ACLManager.loadedACL(userID)

        try:
-            GlobalUserDB.objects.get(username=admin.userName)
-        except:
+            gdb = GlobalUserDB.objects.get(username=admin.userName)
+            token = randomPassword.generate_pass()
+            gdb.token = token
+            gdb.save()

+        except:
            ## Key generation

            keySavePath = '/home/cyberpanel/phpmyadmin_%s' % (admin.userName)
@@ -183,8 +186,9 @@ def generateAccess(request):
            ##

            password = randomPassword.generate_pass()
+            token = randomPassword.generate_pass()
            f = Fernet(key)
-            GlobalUserDB(username=admin, password=f.encrypt(password.encode('utf-8'))).save()
+            GlobalUserDB(username=admin.userName, password=f.encrypt(password.encode('utf-8')).decode(), token=token).save()

            sites = ACLManager.findWebsiteObjects(currentACL, userID)

@@ -195,24 +199,55 @@ def generateAccess(request):
                    mysqlUtilities.addUserToDB(db.dbName, admin.userName, password, createUser)
                    createUser = 0

-        # execPath = "/usr/local/CyberCP/bin/python /usr/local/CyberCP/databases/databaseManager.py"
-        # execPath = execPath + " generatePHPMYAdminData --userID " + str(userID)
-        #
-        # output = ProcessUtilities.outputExecutioner(execPath)
-        #
-        # if output.find("1,") > -1:
-        #     request.session['PMA_single_signon_user'] = admin.userName
-        #     request.session['PMA_single_signon_password'] = output.split(',')[1]
-        #     data_ret = {'status': 1}
-        #     json_data = json.dumps(data_ret)
-        #     return HttpResponse(json_data)
-        # else:
-
-        data_ret = {'status': 1}
+        data_ret = {'status': 1, 'token': token, 'username': admin.userName}
        json_data = json.dumps(data_ret)
        return HttpResponse(json_data)


+    except BaseException as msg:
+        data_ret = {'status': 0, 'createDBStatus': 0, 'error_message': str(msg)}
+        json_data = json.dumps(data_ret)
+        return HttpResponse(json_data)
+
+def fetchDetailsPHPMYAdmin(request):
+    try:
+
+
+        userID = request.session['userID']
+        admin = Administrator.objects.get(id = userID)
+        currentACL = ACLManager.loadedACL(userID)
+
+        username = request.GET.get('username')
+        token = request.GET.get('token')
+
+        if username != admin.userName:
+            return redirect(loadLoginPage)
+
+        ## Key generation
+
+        gdb = GlobalUserDB.objects.get(username=admin.userName)
+
+        if gdb.token == token:
+            keySavePath = '/home/cyberpanel/phpmyadmin_%s' % (admin.userName)
+            key = ProcessUtilities.outputExecutioner('cat %s' % (keySavePath)).strip('\n').encode()
+            f = Fernet(key)
+            password = f.decrypt(gdb.password.encode('utf-8'))
+
+            sites = ACLManager.findWebsiteObjects(currentACL, userID)
+
+            createUser = 0
+
+            for site in sites:
+                for db in site.databases_set.all():
+                    mysqlUtilities.addUserToDB(db.dbName, admin.userName, password.decode(), createUser)
+                    createUser = 0
+
+            returnURL = '/phpmyadmin/signin.php?username=%s&password=%s' % (admin.userName, password.decode())
+            return redirect(returnURL)
+        else:
+            return redirect(loadLoginPage)
+
+
    except BaseException as msg:
        data_ret = {'status': 0, 'createDBStatus': 0, 'error_message': str(msg)}
        json_data = json.dumps(data_ret)
--- a/install/install.py
+++ b/install/install.py
@@ -702,6 +702,10 @@ class preFlightsChecks:
                command = "sed -i 's|'localhost'|'%s'|g' %s" % (self.mysqlhost, '/usr/local/CyberCP/public/phpmyadmin/config.inc.php')
                preFlightsChecks.call(command, self.distro, command, command, 1, 0, os.EX_OSERR)

+
+            command = 'cp /usr/local/CyberCP/plogical/phpmyadminsignin.php /usr/local/CyberCP/public/phpmyadmin/phpmyadminsignin.php'
+            preFlightsChecks.call(command, self.distro, command, command, 1, 0, os.EX_OSERR)
+
        except BaseException as msg:
            logging.InstallLog.writeToFile('[ERROR] ' + str(msg) + " [download_install_phpmyadmin]")
            return 0
--- a/plogical/phpmyadminsignin.php
+++ b/plogical/phpmyadminsignin.php
@@ -0,0 +1,40 @@
+<?php
+
+
+define("PMA_SIGNON_INDEX", 1);
+
+
+define('PMA_SIGNON_SESSIONNAME', 'SignonSession');
+define('PMA_DISABLE_SSL_PEER_VALIDATION', TRUE);
+
+if(isset($_GET['token'])){
+
+    ### Get credentials using the token
+
+    $token = $_GET['token'];
+    $username = $_GET['username'];
+
+    $url = "/dataBases/fetchDetailsPHPMYAdmin?token=" . $token . '&username=' . $username;
+
+    header('Location: ' . $url);
+
+}
+else if(isset($_GET['password'])){
+
+    session_name(PMA_SIGNON_SESSIONNAME);
+    @session_start();
+
+    $username = $_GET['username'];
+    $password = $_GET['password'];
+
+    $_SESSION['PMA_single_signon_user'] = $username;
+    $_SESSION['PMA_single_signon_password'] = $password;
+    $_SESSION['PMA_single_signon_host'] = 'localhost';
+
+
+    @session_write_close();
+
+    header('Location: /phpmyadmin/index.php?server=' . PMA_SIGNON_INDEX);
+}
+
+echo 'Failed login';
--- a/plogical/test.py
+++ b/plogical/test.py
@@ -0,0 +1 @@
+
--- a/plogical/upgrade.py
+++ b/plogical/upgrade.py
@@ -241,6 +241,9 @@ class Upgrade:

            os.mkdir('/usr/local/CyberCP/public/phpmyadmin/tmp')

+            command = 'cp /usr/local/CyberCP/plogical/phpmyadminsignin.php /usr/local/CyberCP/public/phpmyadmin/phpmyadminsignin.php'
+            Upgrade.executioner(command, 0)
+
            os.chdir(cwd)

        except BaseException as msg:
@@ -1202,6 +1205,19 @@ class Upgrade:
  CONSTRAINT `filemanager_trash_website_id_e2762f3c_fk_websiteFu` FOREIGN KEY (`website_id`) REFERENCES `websiteFunctions_websites` (`id`)
 )"""

+            try:
+                cursor.execute(query)
+            except:
+                pass
+
+            query = """CREATE TABLE `databases_globaluserdb` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `username` varchar(200) NOT NULL,
+  `password` varchar(500) NOT NULL,
+  `token` varchar(20) NOT NULL,
+  PRIMARY KEY (`id`)
+)"""
+
            try:
                cursor.execute(query)
            except:
--- a/static/databases/databases.js
+++ b/static/databases/databases.js
@@ -568,10 +568,13 @@ app.controller('listDBs', function ($scope, $http) {


 app.controller('phpMyAdmin', function ($scope, $http, $window) {
+    $scope.cyberPanelLoading = true;

-    function setupPHPMYAdminSession() {
+    $scope.generateAccess = function() {

-        url = "/dataBases/setupPHPMYAdminSession";
+        $scope.cyberPanelLoading = false;
+
+        url = "/dataBases/generateAccess";

        var data = {};

@@ -586,18 +589,17 @@ app.controller('phpMyAdmin', function ($scope, $http, $window) {


        function ListInitialDatas(response) {
-
-
+            $scope.cyberPanelLoading = true;
            if (response.data.status === 1) {
-                $window.location.href = '/phpmyadmin';
+                var rUrl = '/phpmyadmin/signin.php?username=' + response.data.username + '&token=' + response.data.token;
+                $window.location.href = rUrl;
            }
            else {}

        }

-        function cantLoadInitialDatas(response) {}
+        function cantLoadInitialDatas(response) {$scope.cyberPanelLoading = true;}

    }
-    setupPHPMYAdminSession();

 });