AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-02-28 02:44:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1002 from itflow-org/api-logins

Browse Source 
Allow decrypting logins/credentials via the API
This commit is contained in:
Johnny
2024-08-25 15:18:34 -04:00
committed by GitHub
parent 2202f31a61 24ff6f5c84
commit 21a31a1fe1
11 changed files with 386 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
post/api.php
View File

@@ -11,12 +11,16 @@ if (isset($_POST['add_api_key'])) {
// CSRF Check
validateCSRFToken($_POST['csrf_token']);
$secret = sanitizeInput($_POST['key']);
$name = sanitizeInput($_POST['name']);
$expire = sanitizeInput($_POST['expire']);
$client = intval($_POST['client']);
$secret = sanitizeInput($_POST['key']); // API Key
mysqli_query($mysqli,"INSERT INTO api_keys SET api_key_name = '$name', api_key_secret = '$secret', api_key_expire = '$expire', api_key_client_id = $client");
// Credential decryption password
$password = password_hash(trim($_POST['password']), PASSWORD_DEFAULT);
$apikey_specific_encryption_ciphertext = encryptUserSpecificKey(trim($_POST['password']));
mysqli_query($mysqli,"INSERT INTO api_keys SET api_key_name = '$name', api_key_secret = '$secret', api_key_decrypt_hash = '$apikey_specific_encryption_ciphertext', api_key_expire = '$expire', api_key_client_id = $client");
$api_key_id = mysqli_insert_id($mysqli);