Api auth bearer token working

pandora_console/include/auth/mysql.php

@@ -168,6 +168,9 @@ function process_user_login_local($login, $pass, $api=false, $passAlreadyEncrypt
 
     $row = db_get_row_sql($sql);
 
+    if ($passAlreadyEncrypted) {
+        $credentials_check = $pass === $row['password'];
+    } else {
          // Perform password check whether it is MD5-hashed (old hashing) or Bcrypt-hashed.
         if (strlen($row['password']) === 32) {
             // MD5.
@@ -176,6 +179,7 @@ function process_user_login_local($login, $pass, $api=false, $passAlreadyEncrypt
             // Bcrypt.
             $credentials_check = password_verify($pass, $row['password']);
         }
+    }
 
     if ($credentials_check === true) {
         // Login OK

pandora_console/operation/users/user_edit.php

@@ -269,6 +269,7 @@ $user_id = '<div class="label_select_simple"><p class="edit_user_labels">'.__('U
 $user_id .= '<span>'.$id.'</span></div>';
 
 $user_id .= '<div class="label_select_simple"><p class="edit_user_labels">'.__('API Token').'</p>';
+if (is_management_allowed()) {
     $user_id .= html_print_anchor(
         [
             'onClick' => sprintf(
@@ -289,6 +290,8 @@ $user_id .= html_print_anchor(
         ],
         true
     );
+}
+
 
 // Check php conf for header auth.
 $lines = file('/etc/httpd/conf.d/php.conf');