mirror of
https://github.com/usmannasir/cyberpanel.git
synced 2025-11-08 14:26:16 +01:00
generate token everytime phpmyadmin is requested
This commit is contained in:
Usman Nasir
@@ -161,42 +161,44 @@ def generateAccess(request):
|
|||||||
admin = Administrator.objects.get(id = userID)
|
admin = Administrator.objects.get(id = userID)
|
||||||
currentACL = ACLManager.loadedACL(userID)
|
currentACL = ACLManager.loadedACL(userID)
|
||||||
|
|
||||||
|
keySavePath = '/home/cyberpanel/phpmyadmin_%s' % (admin.userName)
|
||||||
try:
|
try:
|
||||||
gdb = GlobalUserDB.objects.get(username=admin.userName)
|
GlobalUserDB.objects.get(username=admin.userName).delete()
|
||||||
token = randomPassword.generate_pass()
|
|
||||||
gdb.token = token
|
|
||||||
gdb.save()
|
|
||||||
except:
|
except:
|
||||||
## Key generation
|
pass
|
||||||
|
|
||||||
keySavePath = '/home/cyberpanel/phpmyadmin_%s' % (admin.userName)
|
command = 'rm -f %s' % (keySavePath)
|
||||||
key = Fernet.generate_key()
|
ProcessUtilities.executioner(command)
|
||||||
|
|
||||||
writeToFile = open(keySavePath, 'w')
|
## Create and save new key
|
||||||
writeToFile.write(key.decode())
|
|
||||||
writeToFile.close()
|
|
||||||
|
|
||||||
command = 'chown root:root %s' % (keySavePath)
|
key = Fernet.generate_key()
|
||||||
ProcessUtilities.executioner(command)
|
|
||||||
|
|
||||||
command = 'chmod 600 %s' % (keySavePath)
|
writeToFile = open(keySavePath, 'w')
|
||||||
ProcessUtilities.executioner(command)
|
writeToFile.write(key.decode())
|
||||||
|
writeToFile.close()
|
||||||
|
|
||||||
##
|
command = 'chown root:root %s' % (keySavePath)
|
||||||
|
ProcessUtilities.executioner(command)
|
||||||
|
|
||||||
password = randomPassword.generate_pass()
|
command = 'chmod 600 %s' % (keySavePath)
|
||||||
token = randomPassword.generate_pass()
|
ProcessUtilities.executioner(command)
|
||||||
f = Fernet(key)
|
|
||||||
GlobalUserDB(username=admin.userName, password=f.encrypt(password.encode('utf-8')).decode(), token=token).save()
|
|
||||||
|
|
||||||
sites = ACLManager.findWebsiteObjects(currentACL, userID)
|
##
|
||||||
|
|
||||||
createUser = 1
|
password = randomPassword.generate_pass()
|
||||||
|
token = randomPassword.generate_pass()
|
||||||
|
f = Fernet(key)
|
||||||
|
GlobalUserDB(username=admin.userName, password=f.encrypt(password.encode('utf-8')).decode(),
|
||||||
|
token=token).save()
|
||||||
|
|
||||||
for site in sites:
|
sites = ACLManager.findWebsiteObjects(currentACL, userID)
|
||||||
for db in site.databases_set.all():
|
createUser = 1
|
||||||
mysqlUtilities.addUserToDB(db.dbName, admin.userName, password, createUser)
|
|
||||||
createUser = 0
|
for site in sites:
|
||||||
|
for db in site.databases_set.all():
|
||||||
|
mysqlUtilities.addUserToDB(db.dbName, admin.userName, password, createUser)
|
||||||
|
createUser = 0
|
||||||
|
|
||||||
data_ret = {'status': 1, 'token': token, 'username': admin.userName}
|
data_ret = {'status': 1, 'token': token, 'username': admin.userName}
|
||||||
json_data = json.dumps(data_ret)
|
json_data = json.dumps(data_ret)
|
||||||
@@ -219,52 +221,6 @@ def fetchDetailsPHPMYAdmin(request):
|
|||||||
token = request.GET.get('token')
|
token = request.GET.get('token')
|
||||||
username = request.GET.get('username')
|
username = request.GET.get('username')
|
||||||
|
|
||||||
if token == 'FailedLogin':
|
|
||||||
|
|
||||||
## Remove old key and db entry
|
|
||||||
|
|
||||||
keySavePath = '/home/cyberpanel/phpmyadmin_%s' % (admin.userName)
|
|
||||||
try:
|
|
||||||
GlobalUserDB.objects.get(username=admin.userName).delete()
|
|
||||||
except:
|
|
||||||
pass
|
|
||||||
|
|
||||||
command = 'rm -f %s' % (keySavePath)
|
|
||||||
ProcessUtilities.executioner(command)
|
|
||||||
|
|
||||||
## Create and save new key
|
|
||||||
|
|
||||||
key = Fernet.generate_key()
|
|
||||||
|
|
||||||
writeToFile = open(keySavePath, 'w')
|
|
||||||
writeToFile.write(key.decode())
|
|
||||||
writeToFile.close()
|
|
||||||
|
|
||||||
command = 'chown root:root %s' % (keySavePath)
|
|
||||||
ProcessUtilities.executioner(command)
|
|
||||||
|
|
||||||
command = 'chmod 600 %s' % (keySavePath)
|
|
||||||
ProcessUtilities.executioner(command)
|
|
||||||
|
|
||||||
##
|
|
||||||
|
|
||||||
password = randomPassword.generate_pass()
|
|
||||||
token = randomPassword.generate_pass()
|
|
||||||
f = Fernet(key)
|
|
||||||
GlobalUserDB(username=admin.userName, password=f.encrypt(password.encode('utf-8')).decode(),
|
|
||||||
token=token).save()
|
|
||||||
|
|
||||||
sites = ACLManager.findWebsiteObjects(currentACL, userID)
|
|
||||||
createUser = 1
|
|
||||||
|
|
||||||
for site in sites:
|
|
||||||
for db in site.databases_set.all():
|
|
||||||
mysqlUtilities.addUserToDB(db.dbName, admin.userName, password, createUser)
|
|
||||||
createUser = 0
|
|
||||||
|
|
||||||
returnURL = '/phpmyadmin/phpmyadminsignin.php?username=%s&password=%s' % (admin.userName, password)
|
|
||||||
return redirect(returnURL)
|
|
||||||
|
|
||||||
|
|
||||||
if username != admin.userName:
|
if username != admin.userName:
|
||||||
return redirect(loadLoginPage)
|
return redirect(loadLoginPage)
|
||||||
|
|||||||
@@ -46,7 +46,15 @@ else if(isset($_GET['password'])){
|
|||||||
}
|
}
|
||||||
}catch (Exception $e) {
|
}catch (Exception $e) {
|
||||||
echo 'Caught exception: ', $e->getMessage(), "\n";
|
echo 'Caught exception: ', $e->getMessage(), "\n";
|
||||||
|
$params = session_get_cookie_params();
|
||||||
|
setcookie(session_name(), '', time() - 86400, $params["path"], $params["domain"], $params["secure"], $params["httponly"] );
|
||||||
|
session_destroy();
|
||||||
|
header('Location: /dataBases/phpMyAdmin');
|
||||||
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
#$url = "/dataBases/fetchDetailsPHPMYAdmin?token=FailedLogin";
|
$params = session_get_cookie_params();
|
||||||
#header('Location: ' . $url);
|
setcookie(session_name(), '', time() - 86400, $params["path"], $params["domain"], $params["secure"], $params["httponly"] );
|
||||||
|
session_destroy();
|
||||||
|
header('Location: /dataBases/phpMyAdmin');
|
||||||
|
return;
|
||||||
Reference in New Issue
Block a user