Mods-for-HESK-Netsyms/internal-api/admin/api-authentication/index.php

<?php
define('IN_SCRIPT', 1);
define('HESK_PATH', '../../../');
define('INTERNAL_API_PATH', '../../');
require_once(HESK_PATH . 'hesk_settings.inc.php');
require_once(HESK_PATH . 'inc/common.inc.php');
require_once(HESK_PATH . 'inc/admin_functions.inc.php');
require_once(INTERNAL_API_PATH . 'core/output.php');
require_once(INTERNAL_API_PATH . 'dao/api_authentication_dao.php');
require_once(INTERNAL_API_PATH . 'core/cors.php');

hesk_session_start();
hesk_load_internal_api_database_functions();
hesk_dbConnect();

// Routing
$request_method = $_SERVER['REQUEST_METHOD'];
if ($request_method == 'POST') {

    if (!isset($_SESSION['heskprivileges']) || !hesk_checkPermission('can_man_settings', 0)) {
        print_error('Access Denied', 'Access Denied!');
        return http_response_code(401);
    }

    $user_id = $_POST['userId'];
    $action = $_POST['action'];

    if ($user_id == NULL || $action == NULL) {
        return http_response_code(400);
    }

    if ($action == 'generate') {
        $token = '';
        $letter_array = ['0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f'];
        // Pick 32 random characters. That will be the hash
        for ($i = 0; $i < 32; $i++) {
            $letter = $letter_array[rand(0, 15)];
            $token .= $letter;
        }
        $hash = hash("sha512", $token);
        store_token($user_id, $hash, $hesk_settings);

        output($token);
        return http_response_code(200);
    } elseif ($action == 'reset') {
        reset_tokens($user_id, $hesk_settings);
        return http_response_code(204);
    } else {
        return http_response_code(400);
    }
}

return http_response_code(405);
Start working on token services 2015-11-17 22:14:34 -05:00			`<?php`
			`define('IN_SCRIPT', 1);`
			`define('HESK_PATH', '../../../');`
			`define('INTERNAL_API_PATH', '../../');`
			`require_once(HESK_PATH . 'hesk_settings.inc.php');`
			`require_once(HESK_PATH . 'inc/common.inc.php');`
Secure the internal API 2016-05-02 17:14:18 -04:00			`require_once(HESK_PATH . 'inc/admin_functions.inc.php');`
Start working on token services 2015-11-17 22:14:34 -05:00			`require_once(INTERNAL_API_PATH . 'core/output.php');`
			`require_once(INTERNAL_API_PATH . 'dao/api_authentication_dao.php');`
Add universal CORS restriction 2016-06-11 22:11:05 -04:00			`require_once(INTERNAL_API_PATH . 'core/cors.php');`
Start working on token services 2015-11-17 22:14:34 -05:00
Secure the internal API 2016-05-02 17:14:18 -04:00			`hesk_session_start();`
Start working on token services 2015-11-17 22:14:34 -05:00			`hesk_load_internal_api_database_functions();`
			`hesk_dbConnect();`

			`// Routing`
			`$request_method = $_SERVER['REQUEST_METHOD'];`
			`if ($request_method == 'POST') {`
Secure the internal API 2016-05-02 17:14:18 -04:00
			`if (!isset($_SESSION['heskprivileges']) \|\| !hesk_checkPermission('can_man_settings', 0)) {`
			`print_error('Access Denied', 'Access Denied!');`
			`return http_response_code(401);`
			`}`

Start working on token services 2015-11-17 22:14:34 -05:00			`$user_id = $_POST['userId'];`
			`$action = $_POST['action'];`

			`if ($user_id == NULL \|\| $action == NULL) {`
			`return http_response_code(400);`
			`}`

			`if ($action == 'generate') {`
Tokens can now be generated 2015-11-19 20:37:49 -05:00			`$token = '';`
			`$letter_array = ['0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f'];`
			`// Pick 32 random characters. That will be the hash`
			`for ($i = 0; $i < 32; $i++) {`
			`$letter = $letter_array[rand(0, 15)];`
			`$token .= $letter;`
			`}`
			`$hash = hash("sha512", $token);`
Start working on token services 2015-11-17 22:14:34 -05:00			`store_token($user_id, $hash, $hesk_settings);`

Tokens can now be generated 2015-11-19 20:37:49 -05:00			`output($token);`
Start working on token services 2015-11-17 22:14:34 -05:00			`return http_response_code(200);`
			`} elseif ($action == 'reset') {`
Tokens can now be reset 2015-11-19 21:14:15 -05:00			`reset_tokens($user_id, $hesk_settings);`
			`return http_response_code(204);`
Start working on token services 2015-11-17 22:14:34 -05:00			`} else {`
			`return http_response_code(400);`
			`}`
			`}`

			`return http_response_code(405);`