Ejemplo n.º 1
0
func (this *WHMCS) handleToken(w http.ResponseWriter, r *http.Request, session *lobster.Session) {
	if session.IsLoggedIn() {
		lobster.RedirectMessage(w, r, "/panel/dashboard", lobster.L.Info("already_logged_in"))
		return
	}

	r.ParseForm()
	token := r.Form.Get("token")
	if len(token) != TOKEN_LENGTH {
		http.Error(w, "bad token", 403)
	}
	db := lobster.GetDatabase()
	rows := db.Query("SELECT id, user_id FROM whmcs_tokens WHERE token = ? AND time > DATE_SUB(NOW(), INTERVAL 1 MINUTE)", token)
	if !rows.Next() {
		http.Error(w, "invalid token", 403)
	}
	var rowId, userId int
	rows.Scan(&rowId, &userId)
	rows.Close()
	db.Exec("DELETE FROM whmcs_tokens WHERE id = ?", rowId)
	session.UserId = userId // we do not grant admin privileges on the session for WHMCS login
	log.Printf("Authentication via WHMCS for user_id=%d (%s)", userId, r.RemoteAddr)
	lobster.LogAction(userId, lobster.ExtractIP(r.RemoteAddr), "Logged in via WHMCS", "")
	http.Redirect(w, r, "/panel/dashboard", 303)

}
Ejemplo n.º 2
0
func (this *WHMCS) handleConnector(w http.ResponseWriter, r *http.Request) {
	r.ParseForm()
	if lobster.ExtractIP(r.RemoteAddr) != this.ip || r.PostForm.Get("secret") != this.secret {
		w.WriteHeader(403)
		return
	}

	switch r.PostForm.Get("action") {
	case "register":
		email := r.PostForm.Get("email")
		userId, err := lobster.UserCreate(email, utils.Uid(16), email)
		if err != nil {
			log.Printf("Failed to register account via WHMCS: %s (email=%s)", err.Error(), email)
			http.Error(w, err.Error(), 400)
		} else {
			log.Printf("Registered account via WHMCS (email=%s)", email)
			w.Write([]byte(fmt.Sprintf("%d", userId)))
		}
	case "credit":
		userId, err := strconv.Atoi(r.PostForm.Get("user_id"))
		if err != nil {
			http.Error(w, err.Error(), 400)
			return
		}
		amount, err := strconv.ParseFloat(r.PostForm.Get("amount"), 64)
		if err != nil {
			http.Error(w, err.Error(), 400)
			return
		}
		userDetails := lobster.UserDetails(int(userId))
		if userDetails == nil {
			http.Error(w, "no such user", 400)
			return
		}
		lobster.UserApplyCredit(userId, int64(amount*lobster.BILLING_PRECISION), "Credit via WHMCS")
		w.Write([]byte("ok"))
	case "token":
		userId, err := strconv.Atoi(r.PostForm.Get("user_id"))
		if err != nil {
			http.Error(w, err.Error(), 400)
			return
		}

		token := utils.Uid(TOKEN_LENGTH)
		db := lobster.GetDatabase()
		db.Exec("DELETE FROM whmcs_tokens WHERE time < DATE_SUB(NOW(), INTERVAL 1 MINUTE)")
		db.Exec("INSERT INTO whmcs_tokens (user_id, token) VALUES (?, ?)", userId, token)
		w.Write([]byte(token))
	default:
		http.Error(w, "unknown action", 400)
	}
}
Ejemplo n.º 3
0
func Setup() {
	decoder = lobster.GetDecoder()
	L = lobster.L
	cfg = lobster.GetConfig()
	db = lobster.GetDatabase()

	lobster.RegisterPanelHandler("/panel/support", panelSupport, false)
	lobster.RegisterPanelHandler("/panel/support/open", panelSupportOpen, false)
	lobster.RegisterPanelHandler("/panel/support/{id:[0-9]+}", panelSupportTicket, false)
	lobster.RegisterPanelHandler("/panel/support/{id:[0-9]+}/reply", panelSupportTicketReply, true)
	lobster.RegisterPanelHandler("/panel/support/{id:[0-9]+}/close", panelSupportTicketClose, true)

	lobster.RegisterAdminHandler("/admin/support", adminSupport, false)
	lobster.RegisterAdminHandler("/admin/support/open/{id:[0-9]+}", adminSupportOpen, false)
	lobster.RegisterAdminHandler("/admin/support/{id:[0-9]+}", adminSupportTicket, false)
	lobster.RegisterAdminHandler("/admin/support/{id:[0-9]+}/reply", adminSupportTicketReply, true)
	lobster.RegisterAdminHandler("/admin/support/{id:[0-9]+}/close", adminSupportTicketClose, true)

	lobster.RegisterPanelWidget("Support", lobster.PanelWidgetFunc(func(session *lobster.Session) interface{} {
		return TicketListActive(session.UserId)
	}))
}