Nemcio/CyberPanel
1
0
Fork 0
mirror of https://github.com/usmannasir/cyberpanel.git synced 2025-11-09 14:56:10 +01:00
Code Issues Packages Projects Releases Wiki Activity

phpmyadmin autologin: access keys generation

Browse Source
This commit is contained in:
Usman Nasir
2020-08-09 00:27:57 +05:00
parent bcd07163c4
commit 8c35727544
8 changed files with 116 additions and 87 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
baseTemplate/templates/baseTemplate/index.html
View File

@@ -468,7 +468,7 @@
<li class="listDatabases"><a href="{% url 'listDBs' %}"
title="{% trans 'List Databases' %}"><span>{% trans "List Databases" %}</span></a>
</li>
<li><a href="/phpmyadmin/index.php" title="{% trans 'PHPMYAdmin' %}"
<li><a href="{% url 'phpMyAdmin' %}" title="{% trans 'PHPMYAdmin' %}"
target="_blank"><span>{% trans "PHPMYAdmin" %}</span></a></li>
<!----<li><a href="{% url 'modifyPackage' %}" title="Change Password"><span>Change Password</span></a></li>--->
</ul>

6
databases/models.py
View File

@@ -1,6 +1,5 @@
# -*- coding: utf-8 -*-
from django.db import models
from websiteFunctions.models import Websites
@@ -15,3 +14,8 @@ class DBMeta(models.Model):
database = models.ForeignKey(Databases, on_delete=models.CASCADE)
key = models.CharField(max_length=200)
value = models.TextField()
class GlobalUserDB(models.Model):
username = models.CharField(max_length=200)
password = models.CharField(max_length=500)
token = models.CharField(max_length=20)

6
databases/static/databases/databases.js
View File

@@ -569,9 +569,9 @@ app.controller('listDBs', function ($scope, $http) {
app.controller('phpMyAdmin', function ($scope, $http, $window) {
function setupPHPMYAdminSession() {
$scope.generateAccess = function() {
url = "/dataBases/setupPHPMYAdminSession";
url = "/dataBases/generateAccess";
var data = {};
@@ -587,7 +587,6 @@ app.controller('phpMyAdmin', function ($scope, $http, $window) {
function ListInitialDatas(response) {
if (response.data.status === 1) {
$window.location.href = '/phpmyadmin';
}
@@ -598,6 +597,5 @@ app.controller('phpMyAdmin', function ($scope, $http, $window) {
function cantLoadInitialDatas(response) {}
}
setupPHPMYAdminSession();
});

65
databases/templates/databases/phpMyAdmin.html
View File

@@ -1,73 +1,36 @@
{% extends "baseTemplate/index.html" %}
{% load i18n %}
{% block title %}{% trans "phpMyAdmin - CyberPanel" %}{% endblock %}
{% block title %}{% trans "PHPMYAdmin - CyberPanel" %}{% endblock %}
{% block content %}
{% load static %}
{% get_current_language as LANGUAGE_CODE %}
<!-- Current language: {{ LANGUAGE_CODE }} -->
<div class="container">
<div ng-controller="phpMyAdmin" class="container">
<div id="page-title">
<h2>{% trans "Create Database" %}</h2>
<p>{% trans "Create a new database on this page." %}</p>
<h2>{% trans "PHPMYAdmin" %}</h2>
<p>{% trans "Access your databases via PHPMYAdmin" %}</p>
</div>
<div ng-controller="phpMyAdmin" class="panel">
<div class="panel">
<div class="panel-body">
<h3 class="content-box-header">
{% trans "Create Database" %} <img ng-hide="createDatabaseLoading" src="{% static 'images/loading.gif' %}">
<h3 class="title-hero">
{% trans "PHPMYAdmin" %}
</h3>
<div class="example-box-wrapper">
<form class="form-horizontal bordered-row panel-body">
<div class="form-group">
<label class="col-sm-3 control-label">{% trans "Select Website" %}</label>
<div class="col-sm-6">
<select ng-change="showDetailsBoxes()" ng-model="databaseWebsite" class="form-control">
{% for items in websitesList %}
<option>{{ items }}</option>
{% endfor %}
</select>
</div>
</div>
<div class="form-group">
<label class="col-sm-3 control-label"></label>
<div class="col-sm-4">
<div ng-hide="databaseCreationFailed" class="alert alert-danger">
<p>{% trans "Cannot create database. Error message:" %} {$ errorMessage $}</p>
</div>
<div ng-hide="databaseCreated" class="alert alert-success">
<p>{% trans "Database created successfully." %}</p>
</div>
<div ng-hide="couldNotConnect" class="alert alert-danger">
<p>{% trans "Could not connect to server. Please refresh this page." %}</p>
</div>
</div>
</div>
</form>
<p>{% trans "Auto-login for PHPMYAdmin is now supported. Click the button below to generate auto-access for PHPMYAdmin" %}</p>
<br>
<a ng-click="generateAccess()" href="#">
<button class="btn btn-primary">Access Now
</button>
</a>
</div>
</div>
</div>
</div>
{% endblock %}

2
databases/urls.py
View File

@@ -17,5 +17,5 @@ urlpatterns = [
url(r'^remoteAccess$', views.remoteAccess, name='remoteAccess'),
url(r'^allowRemoteIP$', views.allowRemoteIP, name='allowRemoteIP'),
url(r'^phpMyAdmin$', views.phpMyAdmin, name='phpMyAdmin'),
url(r'^setupPHPMYAdminSession$', views.setupPHPMYAdminSession, name='setupPHPMYAdminSession'),
url(r'^generateAccess$', views.generateAccess, name='generateAccess'),
]

64
databases/views.py
View File

@@ -8,7 +8,11 @@ from .pluginManager import pluginManager
import json
from plogical.processUtilities import ProcessUtilities
from loginSystem.models import Administrator
import CyberCP.settings as settings
from plogical.acl import ACLManager
from databases.models import GlobalUserDB
from plogical import randomPassword
from cryptography.fernet import Fernet
from plogical.mysqlUtilities import mysqlUtilities
# Create your views here.
def loadDatabaseHome(request):
@@ -150,24 +154,60 @@ def phpMyAdmin(request):
except KeyError:
return redirect(loadLoginPage)
def setupPHPMYAdminSession(request):
def generateAccess(request):
try:
userID = request.session['userID']
admin = Administrator.objects.get(id = userID)
currentACL = ACLManager.loadedACL(userID)
execPath = "/usr/local/CyberCP/bin/python /usr/local/CyberCP/databases/databaseManager.py"
execPath = execPath + " generatePHPMYAdminData --userID " + str(userID)
try:
GlobalUserDB.objects.get(username=admin.userName)
except:
output = ProcessUtilities.outputExecutioner(execPath)
## Key generation
keySavePath = '/home/cyberpanel/phpmyadmin_%s' % (admin.userName)
key = Fernet.generate_key()
writeToFile = open(keySavePath, 'w')
writeToFile.write(key.decode())
writeToFile.close()
command = 'chown root:root %s' % (keySavePath)
ProcessUtilities.executioner(command)
command = 'chmod 600 %s' % (keySavePath)
ProcessUtilities.executioner(command)
##
password = randomPassword.generate_pass()
f = Fernet(key)
GlobalUserDB(username=admin, password=f.encrypt(password.encode('utf-8'))).save()
sites = ACLManager.findWebsiteObjects(currentACL, userID)
createUser = 1
for site in sites:
for db in site.databases_set.all():
mysqlUtilities.addUserToDB(db.dbName, admin.userName, password, createUser)
createUser = 0
# execPath = "/usr/local/CyberCP/bin/python /usr/local/CyberCP/databases/databaseManager.py"
# execPath = execPath + " generatePHPMYAdminData --userID " + str(userID)
#
# output = ProcessUtilities.outputExecutioner(execPath)
#
# if output.find("1,") > -1:
# request.session['PMA_single_signon_user'] = admin.userName
# request.session['PMA_single_signon_password'] = output.split(',')[1]
# data_ret = {'status': 1}
# json_data = json.dumps(data_ret)
# return HttpResponse(json_data)
# else:
if output.find("1,") > -1:
request.session['PMA_single_signon_user'] = admin.userName
request.session['PMA_single_signon_password'] = output.split(',')[1]
data_ret = {'status': 1}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
else:
data_ret = {'status': 1}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)

1
plogical/acl.py
View File

@@ -445,6 +445,7 @@ class ACLManager:
@staticmethod
def searchWebsiteObjects(currentACL, userID, searchTerm):
if currentACL['admin'] == 1:
return Websites.objects.filter(domain__istartswith=searchTerm)
else:

23
plogical/mysqlUtilities.py
View File

@@ -902,6 +902,29 @@ skip-name-resolve
print('0,%s "[mysqlUtilities.enableRemoteMYSQL]' % (str(msg)))
return 0
@staticmethod
def addUserToDB(database, user, password, createUser = 0):
try:
connection, cursor = mysqlUtilities.setupConnection()
if connection == 0:
return 0
if createUser:
cursor.execute(
"CREATE USER '" + user + "'@'%s' IDENTIFIED BY '" % (mysqlUtilities.LOCALHOST) + password + "'")
cursor.execute(
"GRANT ALL PRIVILEGES ON " + database + ".* TO '" + user + "'@'%s'" % (mysqlUtilities.LOCALHOST))
connection.close()
return 1
except BaseException as msg:
logging.CyberCPLogFileWriter.writeToFile(str(msg) + "[addUserToDB]")
return 0
def main():
parser = argparse.ArgumentParser(description='CyberPanel')
parser.add_argument('function', help='Specific a function to call!')