From 17a3689a78c83a692a9d93506818168fec280a95 Mon Sep 17 00:00:00 2001 From: laf Date: Tue, 30 Sep 2014 00:17:55 +0100 Subject: [PATCH 1/6] Added the ability to create tokens --- html/index.php | 1 + html/js/custom.js | 22 ++++++ html/pages/api-access.inc.php | 140 ++++++++++++++++++++++++++++++++-- 3 files changed, 155 insertions(+), 8 deletions(-) create mode 100644 html/js/custom.js diff --git a/html/index.php b/html/index.php index 87f272de0f..d5de46c7a3 100755 --- a/html/index.php +++ b/html/index.php @@ -138,6 +138,7 @@ if ($config['page_refresh']) { echo(' + ' . "\n"); } ?> diff --git a/html/js/custom.js b/html/js/custom.js new file mode 100644 index 0000000000..c25311b721 --- /dev/null +++ b/html/js/custom.js @@ -0,0 +1,22 @@ +$.extend({ + password: function (length, special) { + var iteration = 0; + var password = ""; + var randomNumber; + if(special == undefined){ + var special = false; + } + while(iteration < length){ + randomNumber = (Math.floor((Math.random() * 100)) % 94) + 33; + if(!special){ + if ((randomNumber >=33) && (randomNumber <=47)) { continue; } + if ((randomNumber >=58) && (randomNumber <=64)) { continue; } + if ((randomNumber >=91) && (randomNumber <=96)) { continue; } + if ((randomNumber >=123) && (randomNumber <=126)) { continue; } + } + iteration++; + password += String.fromCharCode(randomNumber); + } + return password; + } +}); diff --git a/html/pages/api-access.inc.php b/html/pages/api-access.inc.php index 5f1ed58be7..c5d3504c81 100644 --- a/html/pages/api-access.inc.php +++ b/html/pages/api-access.inc.php @@ -16,24 +16,105 @@ if ($_SESSION['userlevel'] == '10') { ?> +'); + if($_SESSION['api_token'] === TRUE) + { + echo(" + "); + unset($_SESSION['api_token']); + } +echo(' +
+
+ +
+
+
+
+   +
+
@@ -57,12 +138,12 @@ if ($_SESSION['userlevel'] == '10') $api_disabled = ''; } echo(' - + - + '); } @@ -93,8 +174,51 @@ if ($_SESSION['userlevel'] == '10') }); }); $('#confirm-delete').on('show.bs.modal', function(e) { - $(this).find('.danger').attr('href', $(e.relatedTarget).data('href')); - $('.debug-url').html('Delete URL: ' + $(this).find('.danger').attr('href') + ''); + token_id = $(e.relatedTarget).data('token_id'); + $("#token_id").val(token_id); + event.preventDefault(); + }); + $('#token-removal').click('', function(e) { + event.preventDefault(); + token_id = $("#token_id").val(); + $.ajax({ + type: "POST", + url: "/ajax_form.php", + data: $('form.remove_token_form').serialize() , + success: function(msg){ + $("#thanks").html('
'+msg+'
'); + $("#confirm-delete").modal('hide'); + $("#"+token_id).remove(); + }, + error: function(){ + $("#thanks").html('
An error occurred removing the token.
'); + $("#confirm-delete").modal('hide'); + } + }); + }); + $('#token-create').click('', function(e) { + event.preventDefault(); + $.ajax({ + type: "POST", + url: "/ajax_form.php", + data: $('form.create_token_form').serialize(), + success: function(msg){ + $("#thanks").html('
'+msg+'
'); + $("#create-token").modal('hide'); + if(msg.indexOf("ERROR:") <= -1) { + location.reload(); + } + }, + error: function(){ + $("#thanks").html('
An error occurred removing the token.
'); + $("#create-token").modal('hide'); + } + }); + }); + $('#pass-gen').click('', function(e) { + event.preventDefault(); + token = $.password(32,false); + $('#token').val(token); }); From af5e4e6483386f382cff78be01362edcbfc7bdcc Mon Sep 17 00:00:00 2001 From: laf Date: Tue, 30 Sep 2014 00:33:28 +0100 Subject: [PATCH 2/6] Updated password generator function from scrutinizer report --- html/js/custom.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/html/js/custom.js b/html/js/custom.js index c25311b721..15abe0b549 100644 --- a/html/js/custom.js +++ b/html/js/custom.js @@ -3,8 +3,8 @@ $.extend({ var iteration = 0; var password = ""; var randomNumber; - if(special == undefined){ - var special = false; + if(special === undefined){ + special = false; } while(iteration < length){ randomNumber = (Math.floor((Math.random() * 100)) % 94) + 33; From dbab1c12ca8bac06c662ac1e4ddaa4dd2ebb4511 Mon Sep 17 00:00:00 2001 From: laf Date: Tue, 30 Sep 2014 01:26:37 +0100 Subject: [PATCH 3/6] Added urldecode/urlencode to ifname variables --- html/includes/api_functions.inc.php | 4 ++-- html/pages/api-docs.inc.php | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/html/includes/api_functions.inc.php b/html/includes/api_functions.inc.php index c728a6dd51..ada409a053 100644 --- a/html/includes/api_functions.inc.php +++ b/html/includes/api_functions.inc.php @@ -191,7 +191,7 @@ function get_graph_by_port_hostname() $router = $app->router()->getCurrentRoute()->getParams(); $hostname = $router['hostname']; $vars = array(); - $vars['port'] = $router['ifname']; + $vars['port'] = urldecode($router['ifname']); $vars['type'] = $router['type'] ?: 'port_bits'; if(!empty($_GET['from'])) { @@ -215,7 +215,7 @@ function get_port_stats_by_port_hostname() global $config; $app = \Slim\Slim::getInstance(); $router = $app->router()->getCurrentRoute()->getParams(); - $ifName = $router['ifname']; + $ifName = urldecode($router['ifname']); $stats = dbFetchRow("SELECT * FROM `ports` WHERE `ifName`=?", array($ifName)); $output = array("status" => "ok", "port" => $stats); $app->response->headers->set('Content-Type', 'application/json'); diff --git a/html/pages/api-docs.inc.php b/html/pages/api-docs.inc.php index 96888b1ce8..a5ff9bab38 100644 --- a/html/pages/api-docs.inc.php +++ b/html/pages/api-docs.inc.php @@ -72,7 +72,7 @@ if ($_SESSION['userlevel'] == '10')
'.$api['username'].' '.$api['token_hash'].' '.$api['description'].' Delete
  • $hostname = the hostname of the device you want the graph for
    • -
  • $ifName = The ifName of the interface you want a graph for
    • +
  • urlencode($ifName) = The ifName of the interface you want a graph for
  • $type = the type of graph for the port (port_bits,port_upkts)
  • $width = the width of the graph to be returned
  • $height = the height of the graph to be returned
    • @@ -147,7 +147,7 @@ if ($_SESSION['userlevel'] == '10')
  • $hostname = the hostname of the device
    • -
  • $ifName = the ifName of the port
    • +
  • urlencode($ifName) = the ifName of the port
 From 22f2f9e0457b92221db6b70f00656a2eeaeb34eb Mon Sep 17 00:00:00 2001 From: laf Date: Tue, 30 Sep 2014 21:28:48 +0100 Subject: [PATCH 4/6] Removing urlencode/decode to put in a separate pr --- html/includes/api_functions.inc.php | 4 ++-- html/pages/api-docs.inc.php | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/html/includes/api_functions.inc.php b/html/includes/api_functions.inc.php index ada409a053..c728a6dd51 100644 --- a/html/includes/api_functions.inc.php +++ b/html/includes/api_functions.inc.php @@ -191,7 +191,7 @@ function get_graph_by_port_hostname() $router = $app->router()->getCurrentRoute()->getParams(); $hostname = $router['hostname']; $vars = array(); - $vars['port'] = urldecode($router['ifname']); + $vars['port'] = $router['ifname']; $vars['type'] = $router['type'] ?: 'port_bits'; if(!empty($_GET['from'])) { @@ -215,7 +215,7 @@ function get_port_stats_by_port_hostname() global $config; $app = \Slim\Slim::getInstance(); $router = $app->router()->getCurrentRoute()->getParams(); - $ifName = urldecode($router['ifname']); + $ifName = $router['ifname']; $stats = dbFetchRow("SELECT * FROM `ports` WHERE `ifName`=?", array($ifName)); $output = array("status" => "ok", "port" => $stats); $app->response->headers->set('Content-Type', 'application/json'); diff --git a/html/pages/api-docs.inc.php b/html/pages/api-docs.inc.php index a5ff9bab38..96888b1ce8 100644 --- a/html/pages/api-docs.inc.php +++ b/html/pages/api-docs.inc.php @@ -72,7 +72,7 @@ if ($_SESSION['userlevel'] == '10')
  • $hostname = the hostname of the device you want the graph for
    • -
  • urlencode($ifName) = The ifName of the interface you want a graph for
    • +
  • $ifName = The ifName of the interface you want a graph for
  • $type = the type of graph for the port (port_bits,port_upkts)
  • $width = the width of the graph to be returned
  • $height = the height of the graph to be returned
    • @@ -147,7 +147,7 @@ if ($_SESSION['userlevel'] == '10')
  • $hostname = the hostname of the device
    • -
  • urlencode($ifName) = the ifName of the port
    • +
  • $ifName = the ifName of the port
 From 794c33e57b92e8f639e6927e86744da4bb6f8dcb Mon Sep 17 00:00:00 2001 From: laf Date: Mon, 6 Oct 2014 17:19:04 +0100 Subject: [PATCH 5/6] Updated create token to auto-generate token --- html/forms/token-item-create.inc.php | 44 ++++++++++++++++++++++++++++ html/forms/token-item-remove.inc.php | 36 +++++++++++++++++++++++ html/pages/api-access.inc.php | 6 ++-- 3 files changed, 84 insertions(+), 2 deletions(-) create mode 100644 html/forms/token-item-create.inc.php create mode 100644 html/forms/token-item-remove.inc.php diff --git a/html/forms/token-item-create.inc.php b/html/forms/token-item-create.inc.php new file mode 100644 index 0000000000..dc6da67c38 --- /dev/null +++ b/html/forms/token-item-create.inc.php @@ -0,0 +1,44 @@ + + * + * This program is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation, either version 3 of the License, or (at your + * option) any later version. Please see LICENSE.txt at the top level of + * the source code distribution for details. + */ + +if(!is_numeric($_POST['user_id']) || !isset($_POST['token'])) +{ + echo('ERROR: error with data, please ensure a valid user and token have been specified.'); + exit; +} +elseif(strlen($_POST['token']) > 32) +{ + echo('ERROR: The token is more than 32 characters'); + exit; +} +elseif(strlen($_POST['token']) < 16) +{ + echo('ERROR: The token is less than 16 characters'); + exit; +} +else +{ + $create = dbInsert(array('user_id' => $_POST['user_id'], 'token_hash' => $_POST['token'], 'description' => $_POST['description']), 'api_tokens'); + if($create > '0') + { + echo('API token has been created'); + $_SESSION['api_token'] = TRUE; + exit; + } + else + { + echo('ERROR: An error occurred creating the API token'); + exit; + } +} diff --git a/html/forms/token-item-remove.inc.php b/html/forms/token-item-remove.inc.php new file mode 100644 index 0000000000..1b4522f39d --- /dev/null +++ b/html/forms/token-item-remove.inc.php @@ -0,0 +1,36 @@ + + * + * This program is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation, either version 3 of the License, or (at your + * option) any later version. Please see LICENSE.txt at the top level of + * the source code distribution for details. + */ + +if(!is_numeric($_POST['token_id'])) +{ + echo('error with data'); + exit; +} +else +{ + if($_POST['confirm'] == 'yes') + { + $delete = dbDelete('api_tokens', '`id` = ?', array($_POST['token_id'])); + if($delete > '0') + { + echo('API token has been removed'); + exit; + } + else + { + echo('An error occurred removing the API token'); + exit; + } + } +} diff --git a/html/pages/api-access.inc.php b/html/pages/api-access.inc.php index c5d3504c81..adfb69e3b2 100644 --- a/html/pages/api-access.inc.php +++ b/html/pages/api-access.inc.php @@ -14,6 +14,9 @@ if ($_SESSION['userlevel'] == '10') { +if(empty($_POST['token'])) { + $_POST['token'] = bin2hex(openssl_random_pseudo_bytes(16)); +} ?>