Nemcio/CyberPanel
1
0
Fork 0
mirror of https://github.com/usmannasir/cyberpanel.git synced 2025-11-12 00:06:09 +01:00
Code Issues Packages Projects Releases Wiki Activity

regenerate credentials upon failed login

Browse Source
This commit is contained in:
Usman Nasir
2020-09-04 10:08:03 +05:00
parent 55e225ec3b
commit 783af80a1e
3 changed files with 50 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
databases/views.py
View File

@@ -216,9 +216,50 @@ def fetchDetailsPHPMYAdmin(request):
admin = Administrator.objects.get(id = userID) admin = Administrator.objects.get(id = userID)
currentACL = ACLManager.loadedACL(userID) currentACL = ACLManager.loadedACL(userID)
username = request.GET.get('username')
token = request.GET.get('token') token = request.GET.get('token')
if token == 'FailedLogin':
keySavePath = '/home/cyberpanel/phpmyadmin_%s' % (admin.userName)
GlobalUserDB.objects.get(username=admin.userName).delete()
command = 'rm -f %s' % (keySavePath)
ProcessUtilities.executioner(command)
key = Fernet.generate_key()
writeToFile = open(keySavePath, 'w')
writeToFile.write(key.decode())
writeToFile.close()
command = 'chown root:root %s' % (keySavePath)
ProcessUtilities.executioner(command)
command = 'chmod 600 %s' % (keySavePath)
ProcessUtilities.executioner(command)
##
password = randomPassword.generate_pass()
token = randomPassword.generate_pass()
f = Fernet(key)
GlobalUserDB(username=admin.userName, password=f.encrypt(password.encode('utf-8')).decode(),
token=token).save()
sites = ACLManager.findWebsiteObjects(currentACL, userID)
createUser = 1
for site in sites:
for db in site.databases_set.all():
mysqlUtilities.addUserToDB(db.dbName, admin.userName, password, createUser)
createUser = 0
returnURL = '/phpmyadmin/phpmyadminsignin.php?username=%s&password=%s' % (admin.userName, password)
return redirect(returnURL)
username = request.GET.get('username')
if username != admin.userName: if username != admin.userName:
return redirect(loadLoginPage) return redirect(loadLoginPage)

9
plogical/mysqlUtilities.py
View File

@@ -930,8 +930,13 @@ skip-name-resolve
return 0 return 0
if createUser: if createUser:
cursor.execute( try:
"CREATE USER '" + user + "'@'%s' IDENTIFIED BY '" % (mysqlUtilities.LOCALHOST) + password + "'") cursor.execute(
"CREATE USER '" + user + "'@'%s' IDENTIFIED BY '" % (mysqlUtilities.LOCALHOST) + password + "'")
except:
cursor.execute("DROP USER '%s'@'%s'" % (user, mysqlUtilities.LOCALHOST))
cursor.execute(
"CREATE USER '" + user + "'@'%s' IDENTIFIED BY '" % (mysqlUtilities.LOCALHOST) + password + "'")
if mysqlUtilities.RDS == 0: if mysqlUtilities.RDS == 0:
cursor.execute( cursor.execute(

2
plogical/phpmyadminsignin.php
View File

@@ -44,4 +44,4 @@ else if(isset($_GET['password'])){
header('Location: /phpmyadmin/index.php?server=' . PMA_SIGNON_INDEX); header('Location: /phpmyadmin/index.php?server=' . PMA_SIGNON_INDEX);
} }
echo 'Failed login'; $url = "/dataBases/fetchDetailsPHPMYAdmin?token=FailedLogin";