phpmyadmin autologin: access keys generation

2025-11-10 07:16:15 +01:00 · 2020-08-09 00:27:57 +05:00
parent bcd07163c4
commit 8c35727544
8 changed files with 116 additions and 87 deletions
--- a/baseTemplate/templates/baseTemplate/index.html
+++ b/baseTemplate/templates/baseTemplate/index.html
@@ -468,7 +468,7 @@
                                <li class="listDatabases"><a href="{% url 'listDBs' %}"
                                                             title="{% trans 'List Databases' %}"><span>{% trans "List Databases" %}</span></a>
                                </li>
-                                <li><a href="/phpmyadmin/index.php" title="{% trans 'PHPMYAdmin' %}"
+                                <li><a href="{% url 'phpMyAdmin' %}" title="{% trans 'PHPMYAdmin' %}"
                                       target="_blank"><span>{% trans "PHPMYAdmin" %}</span></a></li>
                                <!----<li><a href="{% url 'modifyPackage' %}" title="Change Password"><span>Change Password</span></a></li>--->
                            </ul>
--- a/databases/models.py
+++ b/databases/models.py
@@ -1,6 +1,5 @@
 # -*- coding: utf-8 -*-
 from django.db import models
 from websiteFunctions.models import Websites
@@ -15,3 +14,8 @@ class DBMeta(models.Model):
    database = models.ForeignKey(Databases, on_delete=models.CASCADE)
    key = models.CharField(max_length=200)
    value = models.TextField()
 class GlobalUserDB(models.Model):
    username = models.CharField(max_length=200)
    password = models.CharField(max_length=500)
    token = models.CharField(max_length=20)
--- a/databases/static/databases/databases.js
+++ b/databases/static/databases/databases.js
@@ -569,9 +569,9 @@ app.controller('listDBs', function ($scope, $http) {
 app.controller('phpMyAdmin', function ($scope, $http, $window) {
-    function setupPHPMYAdminSession() {
+    $scope.generateAccess = function() {
-        url = "/dataBases/setupPHPMYAdminSession";
+        url = "/dataBases/generateAccess";
        var data = {};
@@ -587,7 +587,6 @@ app.controller('phpMyAdmin', function ($scope, $http, $window) {
        function ListInitialDatas(response) {
            if (response.data.status === 1) {
                $window.location.href = '/phpmyadmin';
            }
@@ -598,6 +597,5 @@ app.controller('phpMyAdmin', function ($scope, $http, $window) {
        function cantLoadInitialDatas(response) {}
    }
    setupPHPMYAdminSession();
 });
--- a/databases/templates/databases/phpMyAdmin.html
+++ b/databases/templates/databases/phpMyAdmin.html
@@ -1,73 +1,36 @@
 {% extends "baseTemplate/index.html" %}
 {% load i18n %}
-{% block title %}{% trans "phpMyAdmin - CyberPanel" %}{% endblock %}
+{% block title %}{% trans "PHPMYAdmin - CyberPanel" %}{% endblock %}
 {% block content %}
-{% load static %}
+    {% load static %}
-{% get_current_language as LANGUAGE_CODE %}
+    {% get_current_language as LANGUAGE_CODE %}
-<!-- Current language: {{ LANGUAGE_CODE }} -->
+    <!-- Current language: {{ LANGUAGE_CODE }} -->
 <div class="container">
 <div id="page-title">
   <h2>{% trans "Create Database" %}</h2>
   <p>{% trans "Create a new database on this page." %}</p>
 </div>
 <div ng-controller="phpMyAdmin" class="panel">
    <div class="panel-body">
        <h3 class="content-box-header">
            {% trans "Create Database" %} <img ng-hide="createDatabaseLoading" src="{% static 'images/loading.gif' %}">
        </h3>
        <div  class="example-box-wrapper">
            <form  class="form-horizontal bordered-row panel-body">
                <div class="form-group">
                    <label class="col-sm-3 control-label">{% trans "Select Website" %}</label>
                    <div class="col-sm-6">
                        <select ng-change="showDetailsBoxes()" ng-model="databaseWebsite" class="form-control">
                            {% for items in websitesList %}
                                <option>{{ items }}</option>
                            {% endfor %}
                        </select>
                    </div>
                </div>
                <div class="form-group">
                    <label class="col-sm-3 control-label"></label>
                    <div class="col-sm-4">
                            <div ng-hide="databaseCreationFailed" class="alert alert-danger">
                                <p>{% trans "Cannot create database. Error message:" %} {$ errorMessage $}</p>
                            </div>
                            <div ng-hide="databaseCreated" class="alert alert-success">
                                <p>{% trans "Database created successfully." %}</p>
                            </div>
                            <div ng-hide="couldNotConnect" class="alert alert-danger">
                                <p>{% trans "Could not connect to server. Please refresh this page." %}</p>
                            </div>
                    </div>
                </div>
            </form>
    <div ng-controller="phpMyAdmin" class="container">
        <div id="page-title">
            <h2>{% trans "PHPMYAdmin" %}</h2>
            <p>{% trans "Access your databases via PHPMYAdmin" %}</p>
        </div>
        <div class="panel">
            <div class="panel-body">
                <h3 class="title-hero">
                    {% trans "PHPMYAdmin" %}
                </h3>
                <div class="example-box-wrapper">
                    <p>{% trans "Auto-login for PHPMYAdmin is now supported. Click the button below to generate auto-access for PHPMYAdmin" %}</p>
                    <br>
                    <a ng-click="generateAccess()" href="#">
                        <button class="btn btn-primary">Access Now
                        </button>
                    </a>
                </div>
            </div>
        </div>
    </div>
-</div>
+{% endblock %}
 </div>
 {% endblock %}
--- a/databases/urls.py
+++ b/databases/urls.py
@@ -17,5 +17,5 @@ urlpatterns = [
    url(r'^remoteAccess$', views.remoteAccess, name='remoteAccess'),
    url(r'^allowRemoteIP$', views.allowRemoteIP, name='allowRemoteIP'),
    url(r'^phpMyAdmin$', views.phpMyAdmin, name='phpMyAdmin'),
-    url(r'^setupPHPMYAdminSession$', views.setupPHPMYAdminSession, name='setupPHPMYAdminSession'),
+    url(r'^generateAccess$', views.generateAccess, name='generateAccess'),
 ]
--- a/databases/views.py
+++ b/databases/views.py
@@ -8,7 +8,11 @@ from .pluginManager import pluginManager
 import json
 from plogical.processUtilities import ProcessUtilities
 from loginSystem.models import Administrator
-import CyberCP.settings as settings
+from plogical.acl import ACLManager
 from databases.models import GlobalUserDB
 from plogical import randomPassword
 from cryptography.fernet import Fernet
 from plogical.mysqlUtilities import mysqlUtilities
 # Create your views here.
 def loadDatabaseHome(request):
@@ -150,27 +154,63 @@ def phpMyAdmin(request):
    except KeyError:
        return redirect(loadLoginPage)
-def setupPHPMYAdminSession(request):
+def generateAccess(request):
    try:
        userID = request.session['userID']
        admin = Administrator.objects.get(id = userID)
        currentACL = ACLManager.loadedACL(userID)
-        execPath = "/usr/local/CyberCP/bin/python /usr/local/CyberCP/databases/databaseManager.py"
+        try:
-        execPath = execPath + " generatePHPMYAdminData --userID " + str(userID)
+            GlobalUserDB.objects.get(username=admin.userName)
        except:
-        output = ProcessUtilities.outputExecutioner(execPath)
+            ## Key generation
-        if output.find("1,") > -1:
+            keySavePath = '/home/cyberpanel/phpmyadmin_%s' % (admin.userName)
-            request.session['PMA_single_signon_user'] = admin.userName
+            key = Fernet.generate_key()
-            request.session['PMA_single_signon_password'] = output.split(',')[1]
+
-            data_ret = {'status': 1}
+            writeToFile = open(keySavePath, 'w')
-            json_data = json.dumps(data_ret)
+            writeToFile.write(key.decode())
-            return HttpResponse(json_data)
+            writeToFile.close()
-        else:
+
-            data_ret = {'status': 1}
+            command = 'chown root:root %s' % (keySavePath)
-            json_data = json.dumps(data_ret)
+            ProcessUtilities.executioner(command)
-            return HttpResponse(json_data)
+
            command = 'chmod 600 %s' % (keySavePath)
            ProcessUtilities.executioner(command)
            ##
            password = randomPassword.generate_pass()
            f = Fernet(key)
            GlobalUserDB(username=admin, password=f.encrypt(password.encode('utf-8'))).save()
            sites = ACLManager.findWebsiteObjects(currentACL, userID)
            createUser = 1
            for site in sites:
                for db in site.databases_set.all():
                    mysqlUtilities.addUserToDB(db.dbName, admin.userName, password, createUser)
                    createUser = 0
        # execPath = "/usr/local/CyberCP/bin/python /usr/local/CyberCP/databases/databaseManager.py"
        # execPath = execPath + " generatePHPMYAdminData --userID " + str(userID)
        #
        # output = ProcessUtilities.outputExecutioner(execPath)
        #
        # if output.find("1,") > -1:
        #     request.session['PMA_single_signon_user'] = admin.userName
        #     request.session['PMA_single_signon_password'] = output.split(',')[1]
        #     data_ret = {'status': 1}
        #     json_data = json.dumps(data_ret)
        #     return HttpResponse(json_data)
        # else:
        data_ret = {'status': 1}
        json_data = json.dumps(data_ret)
        return HttpResponse(json_data)
    except BaseException as msg:
--- a/plogical/acl.py
+++ b/plogical/acl.py
@@ -445,6 +445,7 @@ class ACLManager:
    @staticmethod
    def searchWebsiteObjects(currentACL, userID, searchTerm):
        if currentACL['admin'] == 1:
            return Websites.objects.filter(domain__istartswith=searchTerm)
        else:
--- a/plogical/mysqlUtilities.py
+++ b/plogical/mysqlUtilities.py
@@ -902,6 +902,29 @@ skip-name-resolve
            print('0,%s "[mysqlUtilities.enableRemoteMYSQL]' % (str(msg)))
            return 0
    @staticmethod
    def addUserToDB(database, user, password, createUser = 0):
        try:
            connection, cursor = mysqlUtilities.setupConnection()
            if connection == 0:
                return 0
            if createUser:
                cursor.execute(
                    "CREATE USER '" + user + "'@'%s' IDENTIFIED BY '" % (mysqlUtilities.LOCALHOST) + password + "'")
            cursor.execute(
                "GRANT ALL PRIVILEGES ON " + database + ".* TO '" + user + "'@'%s'" % (mysqlUtilities.LOCALHOST))
            connection.close()
            return 1
        except BaseException as msg:
            logging.CyberCPLogFileWriter.writeToFile(str(msg) + "[addUserToDB]")
            return 0
 def main():
    parser = argparse.ArgumentParser(description='CyberPanel')
    parser.add_argument('function', help='Specific a function to call!')