From 0438b47207e8e284cfaf5d10344455044ed338c7 Mon Sep 17 00:00:00 2001
From: Usman Nasir <usman@cyberpersons.com>
Date: Sun, 9 Aug 2020 12:45:18 +0500
Subject: [PATCH] complete phpmyadmin

---
 databases/static/databases/databases.js       | 10 ++-
 databases/templates/databases/phpMyAdmin.html |  3 +-
 databases/urls.py                             |  1 +
 databases/views.py                            | 69 ++++++++++++++-----
 install/install.py                            |  4 ++
 plogical/phpmyadminsignin.php                 | 40 +++++++++++
 plogical/test.py                              |  1 +
 plogical/upgrade.py                           | 16 +++++
 static/databases/databases.js                 | 16 +++--
 9 files changed, 131 insertions(+), 29 deletions(-)
 create mode 100644 plogical/phpmyadminsignin.php

diff --git a/databases/static/databases/databases.js b/databases/static/databases/databases.js
index b417175e0..510222fca 100755
--- a/databases/static/databases/databases.js
+++ b/databases/static/databases/databases.js
@@ -568,9 +568,12 @@ app.controller('listDBs', function ($scope, $http) {
 
 
 app.controller('phpMyAdmin', function ($scope, $http, $window) {
+    $scope.cyberPanelLoading = true;
 
     $scope.generateAccess = function() {
 
+        $scope.cyberPanelLoading = false;
+
         url = "/dataBases/generateAccess";
 
         var data = {};
@@ -586,15 +589,16 @@ app.controller('phpMyAdmin', function ($scope, $http, $window) {
 
 
         function ListInitialDatas(response) {
-
+            $scope.cyberPanelLoading = true;
             if (response.data.status === 1) {
-                $window.location.href = '/phpmyadmin';
+                var rUrl = '/phpmyadmin/signin.php?username=' + response.data.username + '&token=' + response.data.token;
+                $window.location.href = rUrl;
             }
             else {}
 
         }
 
-        function cantLoadInitialDatas(response) {}
+        function cantLoadInitialDatas(response) {$scope.cyberPanelLoading = true;}
 
     }
 
diff --git a/databases/templates/databases/phpMyAdmin.html b/databases/templates/databases/phpMyAdmin.html
index 431b87fc1..00a192ae6 100755
--- a/databases/templates/databases/phpMyAdmin.html
+++ b/databases/templates/databases/phpMyAdmin.html
@@ -24,8 +24,7 @@
                     <p>{% trans "Auto-login for PHPMYAdmin is now supported. Click the button below to generate auto-access for PHPMYAdmin" %}</p>
                     <br>
                     <a ng-click="generateAccess()" href="#">
-                        <button class="btn btn-primary">Access Now
-                        </button>
+                        <button class="btn btn-primary">Access Now <img ng-hide="cyberPanelLoading" src="{% static 'images/loading.gif' %}"></button>
                     </a>
 
                 </div>
diff --git a/databases/urls.py b/databases/urls.py
index 8ac471f8f..02a514f83 100755
--- a/databases/urls.py
+++ b/databases/urls.py
@@ -18,4 +18,5 @@ urlpatterns = [
     url(r'^allowRemoteIP$', views.allowRemoteIP, name='allowRemoteIP'),
     url(r'^phpMyAdmin$', views.phpMyAdmin, name='phpMyAdmin'),
     url(r'^generateAccess$', views.generateAccess, name='generateAccess'),
+    url(r'^fetchDetailsPHPMYAdmin$', views.fetchDetailsPHPMYAdmin, name='fetchDetailsPHPMYAdmin'),
 ]
\ No newline at end of file
diff --git a/databases/views.py b/databases/views.py
index a9bf018b7..f5edc01c2 100755
--- a/databases/views.py
+++ b/databases/views.py
@@ -162,9 +162,12 @@ def generateAccess(request):
         currentACL = ACLManager.loadedACL(userID)
 
         try:
-            GlobalUserDB.objects.get(username=admin.userName)
-        except:
+            gdb = GlobalUserDB.objects.get(username=admin.userName)
+            token = randomPassword.generate_pass()
+            gdb.token = token
+            gdb.save()
 
+        except:
             ## Key generation
 
             keySavePath = '/home/cyberpanel/phpmyadmin_%s' % (admin.userName)
@@ -183,8 +186,9 @@ def generateAccess(request):
             ##
 
             password = randomPassword.generate_pass()
+            token = randomPassword.generate_pass()
             f = Fernet(key)
-            GlobalUserDB(username=admin, password=f.encrypt(password.encode('utf-8'))).save()
+            GlobalUserDB(username=admin.userName, password=f.encrypt(password.encode('utf-8')).decode(), token=token).save()
 
             sites = ACLManager.findWebsiteObjects(currentACL, userID)
 
@@ -195,24 +199,55 @@ def generateAccess(request):
                     mysqlUtilities.addUserToDB(db.dbName, admin.userName, password, createUser)
                     createUser = 0
 
-        # execPath = "/usr/local/CyberCP/bin/python /usr/local/CyberCP/databases/databaseManager.py"
-        # execPath = execPath + " generatePHPMYAdminData --userID " + str(userID)
-        #
-        # output = ProcessUtilities.outputExecutioner(execPath)
-        #
-        # if output.find("1,") > -1:
-        #     request.session['PMA_single_signon_user'] = admin.userName
-        #     request.session['PMA_single_signon_password'] = output.split(',')[1]
-        #     data_ret = {'status': 1}
-        #     json_data = json.dumps(data_ret)
-        #     return HttpResponse(json_data)
-        # else:
-
-        data_ret = {'status': 1}
+        data_ret = {'status': 1, 'token': token, 'username': admin.userName}
         json_data = json.dumps(data_ret)
         return HttpResponse(json_data)
 
 
+    except BaseException as msg:
+        data_ret = {'status': 0, 'createDBStatus': 0, 'error_message': str(msg)}
+        json_data = json.dumps(data_ret)
+        return HttpResponse(json_data)
+
+def fetchDetailsPHPMYAdmin(request):
+    try:
+
+
+        userID = request.session['userID']
+        admin = Administrator.objects.get(id = userID)
+        currentACL = ACLManager.loadedACL(userID)
+
+        username = request.GET.get('username')
+        token = request.GET.get('token')
+
+        if username != admin.userName:
+            return redirect(loadLoginPage)
+
+        ## Key generation
+
+        gdb = GlobalUserDB.objects.get(username=admin.userName)
+
+        if gdb.token == token:
+            keySavePath = '/home/cyberpanel/phpmyadmin_%s' % (admin.userName)
+            key = ProcessUtilities.outputExecutioner('cat %s' % (keySavePath)).strip('\n').encode()
+            f = Fernet(key)
+            password = f.decrypt(gdb.password.encode('utf-8'))
+
+            sites = ACLManager.findWebsiteObjects(currentACL, userID)
+
+            createUser = 0
+
+            for site in sites:
+                for db in site.databases_set.all():
+                    mysqlUtilities.addUserToDB(db.dbName, admin.userName, password.decode(), createUser)
+                    createUser = 0
+
+            returnURL = '/phpmyadmin/signin.php?username=%s&password=%s' % (admin.userName, password.decode())
+            return redirect(returnURL)
+        else:
+            return redirect(loadLoginPage)
+
+
     except BaseException as msg:
         data_ret = {'status': 0, 'createDBStatus': 0, 'error_message': str(msg)}
         json_data = json.dumps(data_ret)
diff --git a/install/install.py b/install/install.py
index 9f284f16b..e5d9e2280 100755
--- a/install/install.py
+++ b/install/install.py
@@ -702,6 +702,10 @@ class preFlightsChecks:
                 command = "sed -i 's|'localhost'|'%s'|g' %s" % (self.mysqlhost, '/usr/local/CyberCP/public/phpmyadmin/config.inc.php')
                 preFlightsChecks.call(command, self.distro, command, command, 1, 0, os.EX_OSERR)
 
+
+            command = 'cp /usr/local/CyberCP/plogical/phpmyadminsignin.php /usr/local/CyberCP/public/phpmyadmin/phpmyadminsignin.php'
+            preFlightsChecks.call(command, self.distro, command, command, 1, 0, os.EX_OSERR)
+
         except BaseException as msg:
             logging.InstallLog.writeToFile('[ERROR] ' + str(msg) + " [download_install_phpmyadmin]")
             return 0
diff --git a/plogical/phpmyadminsignin.php b/plogical/phpmyadminsignin.php
new file mode 100644
index 000000000..880ca075d
--- /dev/null
+++ b/plogical/phpmyadminsignin.php
@@ -0,0 +1,40 @@
+<?php
+
+
+define("PMA_SIGNON_INDEX", 1);
+
+
+define('PMA_SIGNON_SESSIONNAME', 'SignonSession');
+define('PMA_DISABLE_SSL_PEER_VALIDATION', TRUE);
+
+if(isset($_GET['token'])){
+
+    ### Get credentials using the token
+
+    $token = $_GET['token'];
+    $username = $_GET['username'];
+
+    $url = "/dataBases/fetchDetailsPHPMYAdmin?token=" . $token . '&username=' . $username;
+
+    header('Location: ' . $url);
+
+}
+else if(isset($_GET['password'])){
+
+    session_name(PMA_SIGNON_SESSIONNAME);
+    @session_start();
+
+    $username = $_GET['username'];
+    $password = $_GET['password'];
+
+    $_SESSION['PMA_single_signon_user'] = $username;
+    $_SESSION['PMA_single_signon_password'] = $password;
+    $_SESSION['PMA_single_signon_host'] = 'localhost';
+
+
+    @session_write_close();
+
+    header('Location: /phpmyadmin/index.php?server=' . PMA_SIGNON_INDEX);
+}
+
+echo 'Failed login';
\ No newline at end of file
diff --git a/plogical/test.py b/plogical/test.py
index e69de29bb..8b1378917 100755
--- a/plogical/test.py
+++ b/plogical/test.py
@@ -0,0 +1 @@
+
diff --git a/plogical/upgrade.py b/plogical/upgrade.py
index a1a9fb925..a2909bf38 100755
--- a/plogical/upgrade.py
+++ b/plogical/upgrade.py
@@ -241,6 +241,9 @@ class Upgrade:
 
             os.mkdir('/usr/local/CyberCP/public/phpmyadmin/tmp')
 
+            command = 'cp /usr/local/CyberCP/plogical/phpmyadminsignin.php /usr/local/CyberCP/public/phpmyadmin/phpmyadminsignin.php'
+            Upgrade.executioner(command, 0)
+
             os.chdir(cwd)
 
         except BaseException as msg:
@@ -1202,6 +1205,19 @@ class Upgrade:
   CONSTRAINT `filemanager_trash_website_id_e2762f3c_fk_websiteFu` FOREIGN KEY (`website_id`) REFERENCES `websiteFunctions_websites` (`id`)
 )"""
 
+            try:
+                cursor.execute(query)
+            except:
+                pass
+
+            query = """CREATE TABLE `databases_globaluserdb` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `username` varchar(200) NOT NULL,
+  `password` varchar(500) NOT NULL,
+  `token` varchar(20) NOT NULL,
+  PRIMARY KEY (`id`)
+)"""
+
             try:
                 cursor.execute(query)
             except:
diff --git a/static/databases/databases.js b/static/databases/databases.js
index be32a6b45..510222fca 100644
--- a/static/databases/databases.js
+++ b/static/databases/databases.js
@@ -568,10 +568,13 @@ app.controller('listDBs', function ($scope, $http) {
 
 
 app.controller('phpMyAdmin', function ($scope, $http, $window) {
+    $scope.cyberPanelLoading = true;
 
-    function setupPHPMYAdminSession() {
+    $scope.generateAccess = function() {
 
-        url = "/dataBases/setupPHPMYAdminSession";
+        $scope.cyberPanelLoading = false;
+
+        url = "/dataBases/generateAccess";
 
         var data = {};
 
@@ -586,18 +589,17 @@ app.controller('phpMyAdmin', function ($scope, $http, $window) {
 
 
         function ListInitialDatas(response) {
-
-
+            $scope.cyberPanelLoading = true;
             if (response.data.status === 1) {
-                $window.location.href = '/phpmyadmin';
+                var rUrl = '/phpmyadmin/signin.php?username=' + response.data.username + '&token=' + response.data.token;
+                $window.location.href = rUrl;
             }
             else {}
 
         }
 
-        function cantLoadInitialDatas(response) {}
+        function cantLoadInitialDatas(response) {$scope.cyberPanelLoading = true;}
 
     }
-    setupPHPMYAdminSession();
 
 });