Nemcio/CyberPanel
1
0
Fork 0
mirror of https://github.com/usmannasir/cyberpanel.git synced 2025-11-08 14:26:16 +01:00
Code Issues Packages Projects Releases Wiki Activity

generate token everytime phpmyadmin is requested

Browse Source
This commit is contained in:
Usman Nasir
2020-09-06 01:51:58 +05:00
parent b9a31ab334
commit 5bc6dcef92
2 changed files with 37 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

84
databases/views.py
View File

@@ -161,68 +161,6 @@ def generateAccess(request):
admin = Administrator.objects.get(id = userID) admin = Administrator.objects.get(id = userID)
currentACL = ACLManager.loadedACL(userID) currentACL = ACLManager.loadedACL(userID)
try:
gdb = GlobalUserDB.objects.get(username=admin.userName)
token = randomPassword.generate_pass()
gdb.token = token
gdb.save()
except:
## Key generation
keySavePath = '/home/cyberpanel/phpmyadmin_%s' % (admin.userName)
key = Fernet.generate_key()
writeToFile = open(keySavePath, 'w')
writeToFile.write(key.decode())
writeToFile.close()
command = 'chown root:root %s' % (keySavePath)
ProcessUtilities.executioner(command)
command = 'chmod 600 %s' % (keySavePath)
ProcessUtilities.executioner(command)
##
password = randomPassword.generate_pass()
token = randomPassword.generate_pass()
f = Fernet(key)
GlobalUserDB(username=admin.userName, password=f.encrypt(password.encode('utf-8')).decode(), token=token).save()
sites = ACLManager.findWebsiteObjects(currentACL, userID)
createUser = 1
for site in sites:
for db in site.databases_set.all():
mysqlUtilities.addUserToDB(db.dbName, admin.userName, password, createUser)
createUser = 0
data_ret = {'status': 1, 'token': token, 'username': admin.userName}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
except BaseException as msg:
data_ret = {'status': 0, 'createDBStatus': 0, 'error_message': str(msg)}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
def fetchDetailsPHPMYAdmin(request):
try:
userID = request.session['userID']
admin = Administrator.objects.get(id = userID)
currentACL = ACLManager.loadedACL(userID)
token = request.GET.get('token')
username = request.GET.get('username')
if token == 'FailedLogin':
## Remove old key and db entry
keySavePath = '/home/cyberpanel/phpmyadmin_%s' % (admin.userName) keySavePath = '/home/cyberpanel/phpmyadmin_%s' % (admin.userName)
try: try:
GlobalUserDB.objects.get(username=admin.userName).delete() GlobalUserDB.objects.get(username=admin.userName).delete()
@@ -262,8 +200,26 @@ def fetchDetailsPHPMYAdmin(request):
mysqlUtilities.addUserToDB(db.dbName, admin.userName, password, createUser) mysqlUtilities.addUserToDB(db.dbName, admin.userName, password, createUser)
createUser = 0 createUser = 0
returnURL = '/phpmyadmin/phpmyadminsignin.php?username=%s&password=%s' % (admin.userName, password) data_ret = {'status': 1, 'token': token, 'username': admin.userName}
return redirect(returnURL) json_data = json.dumps(data_ret)
return HttpResponse(json_data)
except BaseException as msg:
data_ret = {'status': 0, 'createDBStatus': 0, 'error_message': str(msg)}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
def fetchDetailsPHPMYAdmin(request):
try:
userID = request.session['userID']
admin = Administrator.objects.get(id = userID)
currentACL = ACLManager.loadedACL(userID)
token = request.GET.get('token')
username = request.GET.get('username')
if username != admin.userName: if username != admin.userName:

12
plogical/phpmyadminsignin.php
View File

@@ -46,7 +46,15 @@ else if(isset($_GET['password'])){
} }
}catch (Exception $e) { }catch (Exception $e) {
echo 'Caught exception: ', $e->getMessage(), "\n"; echo 'Caught exception: ', $e->getMessage(), "\n";
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 86400, $params["path"], $params["domain"], $params["secure"], $params["httponly"] );
session_destroy();
header('Location: /dataBases/phpMyAdmin');
return;
} }
#$url = "/dataBases/fetchDetailsPHPMYAdmin?token=FailedLogin"; $params = session_get_cookie_params();
#header('Location: ' . $url); setcookie(session_name(), '', time() - 86400, $params["path"], $params["domain"], $params["secure"], $params["httponly"] );
session_destroy();
header('Location: /dataBases/phpMyAdmin');
return;