phpmyadmin autologin: access keys generation

2025-11-09 06:46:10 +01:00 · 2020-08-09 00:27:57 +05:00
parent bcd07163c4
commit 8c35727544
8 changed files with 116 additions and 87 deletions
--- a/baseTemplate/templates/baseTemplate/index.html
+++ b/baseTemplate/templates/baseTemplate/index.html
@@ -468,7 +468,7 @@
                                <li class="listDatabases"><a href="{% url 'listDBs' %}"
                                                             title="{% trans 'List Databases' %}"><span>{% trans "List Databases" %}</span></a>
                                </li>
-                                <li><a href="/phpmyadmin/index.php" title="{% trans 'PHPMYAdmin' %}"
+                                <li><a href="{% url 'phpMyAdmin' %}" title="{% trans 'PHPMYAdmin' %}"
                                       target="_blank"><span>{% trans "PHPMYAdmin" %}</span></a></li>
                                <!----<li><a href="{% url 'modifyPackage' %}" title="Change Password"><span>Change Password</span></a></li>--->
                            </ul>
--- a/databases/models.py
+++ b/databases/models.py
@@ -1,6 +1,5 @@
 # -*- coding: utf-8 -*-

-
 from django.db import models
 from websiteFunctions.models import Websites

@@ -15,3 +14,8 @@ class DBMeta(models.Model):
    database = models.ForeignKey(Databases, on_delete=models.CASCADE)
    key = models.CharField(max_length=200)
    value = models.TextField()
+
+class GlobalUserDB(models.Model):
+    username = models.CharField(max_length=200)
+    password = models.CharField(max_length=500)
+    token = models.CharField(max_length=20)
--- a/databases/static/databases/databases.js
+++ b/databases/static/databases/databases.js
@@ -569,9 +569,9 @@ app.controller('listDBs', function ($scope, $http) {

 app.controller('phpMyAdmin', function ($scope, $http, $window) {

-    function setupPHPMYAdminSession() {
+    $scope.generateAccess = function() {

-        url = "/dataBases/setupPHPMYAdminSession";
+        url = "/dataBases/generateAccess";

        var data = {};

@@ -587,7 +587,6 @@ app.controller('phpMyAdmin', function ($scope, $http, $window) {

        function ListInitialDatas(response) {

-
            if (response.data.status === 1) {
                $window.location.href = '/phpmyadmin';
            }
@@ -598,6 +597,5 @@ app.controller('phpMyAdmin', function ($scope, $http, $window) {
        function cantLoadInitialDatas(response) {}

    }
-    setupPHPMYAdminSession();

 });
--- a/databases/templates/databases/phpMyAdmin.html
+++ b/databases/templates/databases/phpMyAdmin.html
@@ -1,73 +1,36 @@
 {% extends "baseTemplate/index.html" %}
 {% load i18n %}
-{% block title %}{% trans "phpMyAdmin - CyberPanel" %}{% endblock %}
+{% block title %}{% trans "PHPMYAdmin - CyberPanel" %}{% endblock %}
 {% block content %}

-{% load static %}
-{% get_current_language as LANGUAGE_CODE %}
-<!-- Current language: {{ LANGUAGE_CODE }} -->
+    {% load static %}
+    {% get_current_language as LANGUAGE_CODE %}
+    <!-- Current language: {{ LANGUAGE_CODE }} -->

-<div class="container">
-<div id="page-title">
-   <h2>{% trans "Create Database" %}</h2>
-   <p>{% trans "Create a new database on this page." %}</p>
-</div>

-<div ng-controller="phpMyAdmin" class="panel">
+    <div ng-controller="phpMyAdmin" class="container">
+        <div id="page-title">
+            <h2>{% trans "PHPMYAdmin" %}</h2>
+            <p>{% trans "Access your databases via PHPMYAdmin" %}</p>
+        </div>
+
+        <div class="panel">
            <div class="panel-body">
-        <h3 class="content-box-header">
-            {% trans "Create Database" %} <img ng-hide="createDatabaseLoading" src="{% static 'images/loading.gif' %}">
+                <h3 class="title-hero">
+                    {% trans "PHPMYAdmin" %}
                </h3>
                <div class="example-box-wrapper">

-            <form  class="form-horizontal bordered-row panel-body">
-
-                <div class="form-group">
-                    <label class="col-sm-3 control-label">{% trans "Select Website" %}</label>
-                    <div class="col-sm-6">
-                        <select ng-change="showDetailsBoxes()" ng-model="databaseWebsite" class="form-control">
-                            {% for items in websitesList %}
-                                <option>{{ items }}</option>
-                            {% endfor %}
-                        </select>
-                    </div>
-                </div>
-
-
-                <div class="form-group">
-                    <label class="col-sm-3 control-label"></label>
-                    <div class="col-sm-4">
-                            <div ng-hide="databaseCreationFailed" class="alert alert-danger">
-                                <p>{% trans "Cannot create database. Error message:" %} {$ errorMessage $}</p>
-                            </div>
-
-                            <div ng-hide="databaseCreated" class="alert alert-success">
-                                <p>{% trans "Database created successfully." %}</p>
-                            </div>
-
-
-                            <div ng-hide="couldNotConnect" class="alert alert-danger">
-                                <p>{% trans "Could not connect to server. Please refresh this page." %}</p>
-                            </div>
-                    </div>
-
-
-
-                </div>
-
-
-            </form>
-
-
-
+                    <p>{% trans "Auto-login for PHPMYAdmin is now supported. Click the button below to generate auto-access for PHPMYAdmin" %}</p>
+                    <br>
+                    <a ng-click="generateAccess()" href="#">
+                        <button class="btn btn-primary">Access Now
+                        </button>
+                    </a>

                </div>
            </div>
-</div>
-
-
-
-</div>
-
+        </div>

+    </div>
 {% endblock %}
--- a/databases/urls.py
+++ b/databases/urls.py
@@ -17,5 +17,5 @@ urlpatterns = [
    url(r'^remoteAccess$', views.remoteAccess, name='remoteAccess'),
    url(r'^allowRemoteIP$', views.allowRemoteIP, name='allowRemoteIP'),
    url(r'^phpMyAdmin$', views.phpMyAdmin, name='phpMyAdmin'),
-    url(r'^setupPHPMYAdminSession$', views.setupPHPMYAdminSession, name='setupPHPMYAdminSession'),
+    url(r'^generateAccess$', views.generateAccess, name='generateAccess'),
 ]
--- a/databases/views.py
+++ b/databases/views.py
@@ -8,7 +8,11 @@ from .pluginManager import pluginManager
 import json
 from plogical.processUtilities import ProcessUtilities
 from loginSystem.models import Administrator
-import CyberCP.settings as settings
+from plogical.acl import ACLManager
+from databases.models import GlobalUserDB
+from plogical import randomPassword
+from cryptography.fernet import Fernet
+from plogical.mysqlUtilities import mysqlUtilities
 # Create your views here.

 def loadDatabaseHome(request):
@@ -150,24 +154,60 @@ def phpMyAdmin(request):
    except KeyError:
        return redirect(loadLoginPage)

-def setupPHPMYAdminSession(request):
+def generateAccess(request):
    try:

        userID = request.session['userID']
        admin = Administrator.objects.get(id = userID)
+        currentACL = ACLManager.loadedACL(userID)

-        execPath = "/usr/local/CyberCP/bin/python /usr/local/CyberCP/databases/databaseManager.py"
-        execPath = execPath + " generatePHPMYAdminData --userID " + str(userID)
+        try:
+            GlobalUserDB.objects.get(username=admin.userName)
+        except:

-        output = ProcessUtilities.outputExecutioner(execPath)
+            ## Key generation
+
+            keySavePath = '/home/cyberpanel/phpmyadmin_%s' % (admin.userName)
+            key = Fernet.generate_key()
+
+            writeToFile = open(keySavePath, 'w')
+            writeToFile.write(key.decode())
+            writeToFile.close()
+
+            command = 'chown root:root %s' % (keySavePath)
+            ProcessUtilities.executioner(command)
+
+            command = 'chmod 600 %s' % (keySavePath)
+            ProcessUtilities.executioner(command)
+
+            ##
+
+            password = randomPassword.generate_pass()
+            f = Fernet(key)
+            GlobalUserDB(username=admin, password=f.encrypt(password.encode('utf-8'))).save()
+
+            sites = ACLManager.findWebsiteObjects(currentACL, userID)
+
+            createUser = 1
+
+            for site in sites:
+                for db in site.databases_set.all():
+                    mysqlUtilities.addUserToDB(db.dbName, admin.userName, password, createUser)
+                    createUser = 0
+
+        # execPath = "/usr/local/CyberCP/bin/python /usr/local/CyberCP/databases/databaseManager.py"
+        # execPath = execPath + " generatePHPMYAdminData --userID " + str(userID)
+        #
+        # output = ProcessUtilities.outputExecutioner(execPath)
+        #
+        # if output.find("1,") > -1:
+        #     request.session['PMA_single_signon_user'] = admin.userName
+        #     request.session['PMA_single_signon_password'] = output.split(',')[1]
+        #     data_ret = {'status': 1}
+        #     json_data = json.dumps(data_ret)
+        #     return HttpResponse(json_data)
+        # else:

-        if output.find("1,") > -1:
-            request.session['PMA_single_signon_user'] = admin.userName
-            request.session['PMA_single_signon_password'] = output.split(',')[1]
-            data_ret = {'status': 1}
-            json_data = json.dumps(data_ret)
-            return HttpResponse(json_data)
-        else:
        data_ret = {'status': 1}
        json_data = json.dumps(data_ret)
        return HttpResponse(json_data)
--- a/plogical/acl.py
+++ b/plogical/acl.py
@@ -445,6 +445,7 @@ class ACLManager:

    @staticmethod
    def searchWebsiteObjects(currentACL, userID, searchTerm):
+
        if currentACL['admin'] == 1:
            return Websites.objects.filter(domain__istartswith=searchTerm)
        else:
--- a/plogical/mysqlUtilities.py
+++ b/plogical/mysqlUtilities.py
@@ -902,6 +902,29 @@ skip-name-resolve
            print('0,%s "[mysqlUtilities.enableRemoteMYSQL]' % (str(msg)))
            return 0

+    @staticmethod
+    def addUserToDB(database, user, password, createUser = 0):
+        try:
+
+            connection, cursor = mysqlUtilities.setupConnection()
+
+            if connection == 0:
+                return 0
+
+            if createUser:
+                cursor.execute(
+                    "CREATE USER '" + user + "'@'%s' IDENTIFIED BY '" % (mysqlUtilities.LOCALHOST) + password + "'")
+
+            cursor.execute(
+                "GRANT ALL PRIVILEGES ON " + database + ".* TO '" + user + "'@'%s'" % (mysqlUtilities.LOCALHOST))
+            connection.close()
+
+            return 1
+
+        except BaseException as msg:
+            logging.CyberCPLogFileWriter.writeToFile(str(msg) + "[addUserToDB]")
+            return 0
+
 def main():
    parser = argparse.ArgumentParser(description='CyberPanel')
    parser.add_argument('function', help='Specific a function to call!')