func (this *WHMCS) handleToken(w http.ResponseWriter, r *http.Request, db *lobster.Database, session *lobster.Session) {
if session.IsLoggedIn() {
lobster.RedirectMessage(w, r, "/panel/dashboard", lobster.L.Info("already_logged_in"))
return
}
r.ParseForm()
token := r.Form.Get("token")
if len(token) != TOKEN_LENGTH {
http.Error(w, "bad token", 403)
}
rows := db.Query("SELECT id, user_id FROM whmcs_tokens WHERE token = ? AND time > DATE_SUB(NOW(), INTERVAL 1 MINUTE)", token)
if !rows.Next() {
http.Error(w, "invalid token", 403)
}
var rowId, userId int
rows.Scan(&rowId, &userId)
rows.Close()
db.Exec("DELETE FROM whmcs_tokens WHERE id = ?", rowId)
session.UserId = userId // we do not grant admin privileges on the session for WHMCS login
log.Printf("Authentication via WHMCS for user_id=%d (%s)", userId, r.RemoteAddr)
lobster.LogAction(db, userId, lobster.ExtractIP(r.RemoteAddr), "Logged in via WHMCS", "")
http.Redirect(w, r, "/panel/dashboard", 303)
}
func panelSupportOpen(w http.ResponseWriter, r *http.Request, session *lobster.Session, frameParams lobster.FrameParams) {
if r.Method == "POST" {
form := new(SupportOpenForm)
err := decoder.Decode(form, r.PostForm)
if err != nil {
http.Redirect(w, r, "/panel/support/open", 303)
return
}
ticketId, err := ticketOpen(session.UserId, form.Name, form.Message, false)
if err != nil {
lobster.RedirectMessage(w, r, "/panel/support/open", L.FormatError(err))
} else {
lobster.LogAction(session.UserId, lobster.ExtractIP(r.RemoteAddr), "Open ticket", fmt.Sprintf("Subject: %s; Ticket ID: %d", form.Name, ticketId))
http.Redirect(w, r, fmt.Sprintf("/panel/support/%d", ticketId), 303)
}
return
}
lobster.RenderTemplate(
w,
"panel",
"support_open",
lobster.PanelFormParams{Frame: frameParams, Token: lobster.CSRFGenerate(session)},
)
}
func adminSupportTicketClose(w http.ResponseWriter, r *http.Request, session *lobster.Session, frameParams lobster.FrameParams) {
ticketId, err := strconv.Atoi(mux.Vars(r)["id"])
if err != nil {
lobster.RedirectMessage(w, r, "/admin/support", L.FormattedError("invalid_ticket"))
return
}
ticketClose(session.UserId, ticketId)
lobster.LogAction(session.UserId, lobster.ExtractIP(r.RemoteAddr), "Close ticket", fmt.Sprintf("Ticket ID: %d", ticketId))
lobster.RedirectMessage(w, r, fmt.Sprintf("/admin/support/%d", ticketId), L.Success("ticket_closed"))
}
func panelSupportTicketReply(w http.ResponseWriter, r *http.Request, session *lobster.Session, frameParams lobster.FrameParams) {
ticketId, err := strconv.Atoi(mux.Vars(r)["id"])
if err != nil {
lobster.RedirectMessage(w, r, "/panel/support", L.FormattedError("invalid_ticket"))
return
}
form := new(SupportTicketReplyForm)
err = decoder.Decode(form, r.PostForm)
if err != nil {
http.Redirect(w, r, fmt.Sprintf("/panel/support/%d", ticketId), 303)
return
}
err = ticketReply(session.UserId, ticketId, form.Message, false)
if err != nil {
lobster.RedirectMessage(w, r, fmt.Sprintf("/panel/support/%d", ticketId), L.FormatError(err))
} else {
lobster.LogAction(session.UserId, lobster.ExtractIP(r.RemoteAddr), "Ticket reply", fmt.Sprintf("Ticket ID: %d", ticketId))
http.Redirect(w, r, fmt.Sprintf("/panel/support/%d", ticketId), 303)
}
}
