tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Api asign admin status to server api calls instead assignin user admin

This commit is contained in:
Calvo 2023-10-09 18:08:30 +02:00
parent 116702e2b3
commit 44fa1c5cdc
1 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
pandora_console/include/api.php
View File

@ -124,18 +124,22 @@ if (empty($apiPassword) === true
) {
// Allow internal direct node -> metaconsole connection
// or node -> own console connection.
$server_uid = get_parameter(('server_auth'));
$config['__internal_call'] = true;
$config['id_usuario'] = 'admin';
$config['id_usuario'] = $server_uid;
// Compat.
$config['id_user'] = 'admin';
$config['id_user'] = $server_uid;
$correctLogin = true;
$config['is_admin'][$server_uid] = true;
// Bypass credentials if server-auth and api-pass are correct.
} else if (($config['server_unique_identifier'] === get_parameter('server_auth'))
&& ($api_password === $apiPassword)
&& ((bool) isInACL($ipOrigin) === true)
) {
$config['id_usuario'] = 'admin';
$config['id_user'] = 'admin';
$server_uid = get_parameter(('server_auth'));
$config['id_usuario'] = $server_uid;
$config['id_user'] = $server_uid;
$config['is_admin'][$server_uid] = true;
$correctLogin = true;
} else if ((bool) isInACL($ipOrigin) === true) {
// External access.