-
Notifications
You must be signed in to change notification settings - Fork 0
/
admin-actions.php
95 lines (83 loc) · 3.55 KB
/
admin-actions.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
<?php
use ENMLibrary\datasource\DataSourceModuleHelper;
use ENMLibrary\LoggingHandler;
use ENMLibrary\LoginHandler;
use ENMLibrary\RequestResponse;
include("includes/imports.php");
if(!isset($_POST["csrf_token"])){
die(RequestResponse::ErrorResponse(RequestResponse::ERROR_MISSING_ARGUMENTS)->getResponse());
}
//try logging in
$loginHandler = new LoginHandler();
$loginHandler->loginWithSession();
if(!$loginHandler->isLoggedIn() || !$loginHandler->isAdmin()){
http_response_code(403);
die();
}
if(!$loginHandler->checkCSRFToken($_POST["csrf_token"])){
LoggingHandler::getLogger()->warning("access with wrong CSRF token", [LoggingHandler::LOCATION => "admin-actions"]);
die(RequestResponse::ErrorResponse(RequestResponse::ERROR_CSRF_TOKEN)->getResponse());
}
try {
if(!isset($_POST["action"])){
die(RequestResponse::ErrorResponse(RequestResponse::ERROR_MISSING_ARGUMENTS, $loginHandler->getCSRFToken())->getResponse());
}
if (!ADMIN_ALLOW_ACTIONS) {
die(RequestResponse::ErrorResponse(RequestResponse::ERROR_FUNCTION_SPECIFIC, $loginHandler->getCSRFToken())->getResponse());
}
$targets = array();
if (isset($_POST['target'])) {
if (DataSourceModuleHelper::createModule()->findFilename($_POST['target']) !== null) {
$targets[] = $_POST['target'];
}
} else {
foreach (DataSourceModuleHelper::createModule()->getFilesInfos() as $file) {
$targets[] = $file['user'];
}
}
if (count($targets) == 0) {
die(RequestResponse::ErrorResponse(RequestResponse::ERROR_WRONG_ARGUMENTS, $loginHandler->getCSRFToken())->getResponse());
}
if ($_POST["action"] == "save-changes-all" || $_POST["action"] == "discard-changes-all" || $_POST["action"] == "save-changes" || $_POST["action"] == "discard-changes") {
/**
* save changes of
*/
$processedCount = 0;
foreach ($targets as $target) {
$file = $loginHandler->foreignTmpFileExists($target);
if ($file !== null) {
if ($loginHandler->closeForeignFile($target, $_POST["action"] == "save-changes")) {
$processedCount++;
}
}
}
if ($processedCount > 0) {
echo RequestResponse::SuccessfulResponse($loginHandler->getCSRFToken())->getResponse();
exit;
}
echo RequestResponse::ErrorResponse(RequestResponse::ERROR_FUNCTION_SPECIFIC, $loginHandler->getCSRFToken())->getResponse();
exit;
} else if($_POST["action"] == "download-all"){
/*
* create download token and return it (currently only downloading everything is supported)
*/
$token = $loginHandler->generateDownloadToken();
$response = RequestResponse::SuccessfulResponse($loginHandler->getCSRFToken());
$response->addData("download_token", $token);
echo $response->getResponse();
exit;
} else if($_POST["action"] == "delete-archives"){
/*
* delete archive and helper files
*/
// TODO
echo RequestResponse::ErrorResponse(RequestResponse::ERROR_FUNCTION_SPECIFIC, $loginHandler->getCSRFToken())->getResponse();
exit;
} else {
die(RequestResponse::ErrorResponse(RequestResponse::ERROR_WRONG_ARGUMENTS, $loginHandler->getCSRFToken())->getResponse());
}
} catch (Exception $e) {
$errorId = LoggingHandler::logTrackableException($e);
die(RequestResponse::ErrorResponse(RequestResponse::ERROR_UNKNOWN, $loginHandler->getCSRFToken(), $e, $errorId)->getResponse());
}
?>