github/vesta
1
0
Fork 0
mirror of https://github.com/serghey-rodin/vesta.git synced 2025-08-14 02:28:03 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

If you use an api key you wont have to set a user name, if you don't use a key you will have to login as admin.

Browse source
This commit is contained in:
Stuart H Jimenez 2014-12-09 13:45:34 -06:00
commit 608b9d740a
1 changed files with 6 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

13
web/api/index.php
View file

@ -6,6 +6,12 @@ if (isset($_POST['user']) || isset($_POST['hash'])) {
// Authentication
$auth_code = 1;
if (empty($_POST['hash'])) {
// Check user permission to use API
if ($_POST['user'] != 'admin') {
echo 'Error: only admin is allowed to use API';
exit;
}
$v_user = escapeshellarg($_POST['user']);
$v_password = escapeshellarg($_POST['password']);
exec(VESTA_CMD ."v-check-user-password ".$v_user." ".$v_password." '".$_SERVER["REMOTE_ADDR"]."'", $output, $auth_code);
@ -20,13 +26,6 @@ if (isset($_POST['user']) || isset($_POST['hash'])) {
echo 'Error: authentication failed';
exit;
}
// Check user permission to use API
if ($_POST['user'] != 'admin') {
echo 'Error: only admin is allowed to use API';
exit;
}
// Prepare arguments
if (isset($_POST['cmd'])) $cmd = escapeshellarg($_POST['cmd']);