Nemcio/CyberPanel
1
0
Fork 0
mirror of https://github.com/usmannasir/cyberpanel.git synced 2025-11-11 15:56:11 +01:00
Code Issues Packages Projects Releases Wiki Activity

phpmyadmin: login admin users as root

Browse Source
This commit is contained in:
Usman Nasir
2020-10-12 20:12:23 +05:00
parent 4610d6ce3a
commit ebda00235f
1 changed files with 46 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
databases/views.py
View File

@@ -163,15 +163,33 @@ def generateAccess(request):
admin = Administrator.objects.get(id = userID) admin = Administrator.objects.get(id = userID)
currentACL = ACLManager.loadedACL(userID) currentACL = ACLManager.loadedACL(userID)
## if user ACL is admin login as root
command = 'chmod 640 /usr/local/lscp/cyberpanel/logs/access.log'
ProcessUtilities.executioner(command)
if currentACL['admin'] == 1:
try:
GlobalUserDB.objects.get(username=admin.userName).delete()
except:
pass
password = randomPassword.generate_pass()
token = randomPassword.generate_pass()
GlobalUserDB(username=admin.userName, password=password,token=token).save()
data_ret = {'status': 1, 'token': token, 'username': admin.userName}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
keySavePath = '/home/cyberpanel/phpmyadmin_%s' % (admin.userName) keySavePath = '/home/cyberpanel/phpmyadmin_%s' % (admin.userName)
try: try:
GlobalUserDB.objects.get(username=admin.userName).delete() GlobalUserDB.objects.get(username=admin.userName).delete()
except: except:
pass pass
command = 'chmod 640 /usr/local/lscp/cyberpanel/logs/access.log'
ProcessUtilities.executioner(command)
command = 'rm -f %s' % (keySavePath) command = 'rm -f %s' % (keySavePath)
ProcessUtilities.executioner(command) ProcessUtilities.executioner(command)
@@ -235,6 +253,31 @@ def fetchDetailsPHPMYAdmin(request):
gdb = GlobalUserDB.objects.get(username=admin.userName) gdb = GlobalUserDB.objects.get(username=admin.userName)
if gdb.token == token: if gdb.token == token:
if currentACL['admin'] == 1:
passFile = "/etc/cyberpanel/mysqlPassword"
try:
jsonData = json.loads(open(passFile, 'r').read())
mysqluser = jsonData['mysqluser']
password = jsonData['mysqlpassword']
returnURL = '/phpmyadmin/phpmyadminsignin.php?username=%s&password=%s' % (
mysqluser, password)
return redirect(returnURL)
except BaseException:
f = open(passFile)
data = f.read()
password = data.split('\n', 1)[0]
password = password.strip('\n').strip('\r')
returnURL = '/phpmyadmin/phpmyadminsignin.php?username=%s&password=%s' % (
'root', password)
return redirect(returnURL)
keySavePath = '/home/cyberpanel/phpmyadmin_%s' % (admin.userName) keySavePath = '/home/cyberpanel/phpmyadmin_%s' % (admin.userName)
key = ProcessUtilities.outputExecutioner('cat %s' % (keySavePath)).strip('\n').encode() key = ProcessUtilities.outputExecutioner('cat %s' % (keySavePath)).strip('\n').encode()
f = Fernet(key) f = Fernet(key)