We use cookies to ensure you get the best experience on our website
Home Explore Help
Register Sign In
0ct0pu5
/
Spikster-hosting-panel
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Security fix

Andrea Pollastri 5 years ago
parent
dca4fa30e6
commit
eadd33cf02
3 changed files with 18 additions and 15 deletions
Split View Show Diff Stats
  1. 9 10
      app/Http/Controllers/ApplicationsController.php
  2. 4 5
      app/Http/Controllers/ServersController.php
  3. 5 0
      resources/views/layouts/app.blade.php

+ 9 - 10
app/Http/Controllers/ApplicationsController.php
View File 

@@ -42,16 +42,15 @@ class ApplicationsController extends Controller {
 
         if(!$server) {
 
             return abort(403);
 
         }
 
-        $chars  = str_shuffle('+?!-_#^abcdefghjklmnopqrstuvwxyz+?!-_#^ABCDEFGHJKLMNOPQRSTUVWXYZ+?!-_#^1234567890+?!-_#^');
 
-        $code   = hash('crc32', $request->domain).uniqid();
 
-        $pass   = substr($chars, 0, 24);
 
-        $dbpass = substr($chars, 0, 16);
 
-        $appcode= sha1(uniqid().microtime().$request->domain);
 
+        $user   = sha1($request->ip.uniqid().$request->server_id.microtime().$request->domain);
 
+        $pass   = sha1(uniqid().microtime().$request->domain);
 
+        $dbpass = sha1(microtime().uniqid().$request->ip);
 
+        $appcode= sha1(uniqid().$request->domain.microtime().$request->server_id);
 
         $base   = $request->basepath;
 
         Application::create([
 
             'domain'        => $request->domain,
 
             'server_id'     => $request->server_id,
 
-            'username'      => $code,
 
+            'username'      => $user,
 
             'password'      => $pass,
 
             'dbpass'        => $dbpass,
 
             'basepath'      => $base,
 
@@ -64,7 +63,7 @@ class ApplicationsController extends Controller {
 
             return redirect('/applications');
 
         }
 
         $ssh->setTimeout(360);
 
-        $response = $ssh->exec('echo '.$server->password.' | sudo -S sudo sh /cipi/host-add.sh -d '.$request->domain.' -u '.$code.' -p '.$pass.' -dbp '.$dbpass.' -b '.$base.' -a '.$appcode);
 
+        $response = $ssh->exec('echo '.$server->password.' | sudo -S sudo sh /cipi/host-add.sh -d '.$request->domain.' -u '.$user.' -p '.$pass.' -dbp '.$dbpass.' -b '.$base.' -a '.$appcode);
 
         if(strpos($response, '###CIPI###') === false) {
 
             $request->session()->flash('alert-error', 'There was a problem with server connection.');
 
             return redirect('/applications');
 
@@ -75,10 +74,10 @@ class ApplicationsController extends Controller {
 
             return redirect('/applications');
 
         }
 
         $app = [
 
-            'user'          => $code,
 
+            'user'          => $user,
 
             'pass'          => $pass,
 
-            'dbname'        => $code,
 
-            'dbuser'        => $code,
 
+            'dbname'        => $user,
 
+            'dbuser'        => $user,
 
             'dbpass'        => $dbpass,
 
             'path'          => $base,
 
             'php'           => $request->php,

+ 4 - 5
app/Http/Controllers/ServersController.php
View File 

@@ -38,17 +38,16 @@ class ServersController extends Controller
 
             $request->session()->flash('alert-error', 'You can\'t install a client server into the same Cipi Server!');
 
             return redirect('/servers');
 
         }
 
-        $chars = str_shuffle('+?!-_#^abcdefghjklmnopqrstuvwxyz+?!-_#^ABCDEFGHJKLMNOPQRSTUVWXYZ+?!-_#^1234567890+?!-_#^');
 
         Server::create([
 
             'name'      => $request->name,
 
             'provider'  => $request->provider,
 
             'location'  => $request->location,
 
             'ip'        => $request->ip,
 
             'port'      => 22,
 
-            'username'  => sha1(substr($chars, 0, 256).$request->ip.uniqid()),
 
-            'password'  => substr($chars, 0, 32),
 
-            'dbroot'    => substr($chars, 0, 24),
 
-            'servercode'=> md5(uniqid().microtime().$request->name),
 
+            'username'  => 'cipi',
 
+            'password'  => sha1(uniqid().microtime().$request->ip),
 
+            'dbroot'    => sha1(microtime().uniqid().$request->name),
 
+            'servercode'=> sha1(uniqid().$request->name.microtime().$request->ip)
 
         ]);
 
         $request->session()->flash('alert-success', 'Server '.$request->name.' has been created!');
 
         return redirect('/servers');

+ 5 - 0
resources/views/layouts/app.blade.php
View File 

@@ -51,6 +51,11 @@
 
                     <span>Users</span>
 
                 </a>
 
             </li>
 
+            <li class="nav-item {{ request()->is('databases') ? 'active' : '' }}">
 
+                <a class="nav-link" href="{{ route('databases') }}">
 
+                    <i class="fas fa-database fa-fw"></i>
 
+                    <span>Databases</span></a>
 
+            </li>
 
             <li class="nav-item {{ request()->is('settings') ? 'active' : '' }}">
 
                 <a class="nav-link" href="/settings">
 
                     <i class="fas fa-fw fa-cog"></i>

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5