Moved forms folder to includes and added some safety checks for non-admin users

2024-10-07 16:52:45 +00:00 · 2015-08-10 15:13:27 +00:00
parent 15a338061d
commit 261cd020f3
39 changed files with 87 additions and 2 deletions
--- a/html/includes/forms/token-item-remove.inc.php
+++ b/html/includes/forms/token-item-remove.inc.php
@@ -0,0 +1,35 @@
+<?php
+
+/*
+ * LibreNMS
+ *
+ * Copyright (c) 2014 Neil Lathwood <https://github.com/laf/ http://www.lathwood.co.uk/fa>
+ *
+ * This program is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation, either version 3 of the License, or (at your
+ * option) any later version.  Please see LICENSE.txt at the top level of
+ * the source code distribution for details.
+ */
+
+if(is_admin() === false) {
+    die('ERROR: You need to be admin');
+}
+
+if (!is_numeric($_POST['token_id'])) {
+    echo 'error with data';
+    exit;
+}
+else {
+    if ($_POST['confirm'] == 'yes') {
+        $delete = dbDelete('api_tokens', '`id` = ?', array($_POST['token_id']));
+        if ($delete > '0') {
+            echo 'API token has been removed';
+            exit;
+        }
+        else {
+            echo 'An error occurred removing the API token';
+            exit;
+        }
+    }
+}//end if