Add third-party script to ISPConfig WebGUI with it's login protection?

Discussion in 'Developers' Forum' started by C_Duv, Aug 11, 2021.

  1. C_Duv

    C_Duv New Member

    Hello,
    I would like to add a third party PHP script on my server (for example Adminer, but could also want to add other, self-made PHP tools), accessible via the ISPConfig web GUI (https://server.example.com:8080).
    I know I can add an location to Nginx (file `/etc/nginx/sites-enabled/000-ispconfig.vhost`) that points to the PHP script but that makes the script available without any authentication.
    Is there a simple way to add a script to the ISPConfig web interface?
     
    C_Duv, Aug 11, 2021
    #1
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    You must load the ISPConfig libraries inside your script and call the auth checks, e.g.:

    Code:
    <?php
require_once '/usr/local/ispconfig/interface/lib/config.inc.php';
require_once '/usr/local/ispconfig/interface/lib/app.inc.php';

//* Check permissions for client module
$app->auth->check_module_permissions('client');
    I've moved your post to the dev forum.
     
    till, Aug 11, 2021
    #2
    ahrasis likes this.
  3. C_Duv

    C_Duv New Member

    Thanks, it works great!
    Here are my shell commands to download Adminer and add it to ISPConfig (auth + answer to `/phpmyadmin`):

    Code:
    # Download Adminer:
mkdir "/opt/adminer"
version="$(curl --silent "https://api.github.com/repos/vrana/adminer/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")')"
curl -L "https://github.com/vrana/adminer/releases/download/${version}/adminer-${version#v}-mysql.php" -o "/opt/adminer/adminer.php" -s

# Create ISPConfig-compatible copy:
cat > "/usr/local/ispconfig/interface/web/adminer.php" < \
    <( \
        cat \
            <(echo '<?php
// Add ISPConfig auth to Adminer.
// Source: https://www.howtoforge.com/community/threads/add-third-party-script-to-ispconfig-webgui-with-its-login-protection.87420/
require_once "/usr/local/ispconfig/interface/lib/config.inc.php";
require_once "/usr/local/ispconfig/interface/lib/app.inc.php";
//* Check permissions for client module
$app->auth->check_module_permissions("client");?>') \
           "/opt/adminer/adminer.php" \
    )

# Serve Adminer for /phpmyadmin (for Nginx):
sed \
    -i \
   '/^# location \/phpmyadmin {$/i\ # Serve Adminer when phpMyAdmin is requested\n location \/phpmyadmin {\n return 301 \/adminer.php;\n }' \
    "/etc/nginx/sites-available/ispconfig.vhost"
     
    C_Duv, Aug 11, 2021
    #3
    ahrasis likes this.
  4. C_Duv

    C_Duv New Member

    Oups, I posted too fast: Adminer interface does show up, but I can't use it: when I try to SQL-connect I get redirected to "/index.php" and then to "/login/" (the ISPConfig login page).

    I guess it's a conflict/behavior in Adminer... I'll dig into it to see if I can fix something...
     
    C_Duv, Aug 11, 2021
    #4
    ahrasis likes this.
  5. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    The way I see it you are doing it the hard way. You don't need to add any of the ISPConfig APi inside it. Just run adminer like you run PMA.
     
    ahrasis, Aug 12, 2021
    #5
  6. C_Duv

    C_Duv New Member

    I want to "protect" it's access using ISPConfig authentication, without re-typing credentials (even if it would be the same credentials).
    * If user is logged to ISPConfig: Adminer can be accessed.
    * Otherwise: Adminer can not be accessed (display an "access denied" message or redirect).
     
    C_Duv, Aug 12, 2021
    #6
  7. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    Yes. That the hard way of doing it.

    But since you really want to do it, then in my mind you can try to manipulate the munin or the monit settings to add that in either one place.

    The advanced one that you want is to open the link inside ISPConfig GUI when you click on its link which is preferably at website database page but the idea is the same as displaying munit or monit page except you have to add that page to ISPConfig GUI. You will have to do a lot of coding to achieve this.
     
    ahrasis, Aug 12, 2021
    #7
  8. mhofer

    mhofer New Member

    If you are still trying to achieve this, I got it working by making sure adminer has a different session than ISPConfig.
    Here's the example code:
    Code:
    <?php
require_once '/usr/local/ispconfig/interface/lib/config.inc.php';
require_once '/usr/local/ispconfig/interface/lib/app.inc.php';
//* Check permissions for client module
$app->auth->check_module_permissions('client');

//* close ISPConfig session
session_write_close();
//* reset session handler to default
session_set_save_handler(new SessionHandler(), true);


//* Create new sssion for adminer with its original settings
session_name("adminer_sid");
if (isset($_COOKIE['adminer_sid'])) {
    session_id($_COOKIE['adminer_sid']);
} else {
    session_id(session_create_id());
}
$HTTPS = ($_SERVER["HTTPS"] && strcasecmp($_SERVER["HTTPS"], "off")) || (preg_match('~^(on|true|yes)$~i', ini_get("session.cookie_secure")) || (int) $val);
session_cache_limiter(""); // to allow restarting session
$params = array(0, preg_replace('~\?.*~', '', $_SERVER["REQUEST_URI"]), "", $HTTPS);
if (version_compare(PHP_VERSION, '5.2.0') >= 0) {
    $params[] = true; // HttpOnly
}
call_user_func_array('session_set_cookie_params', $params);
session_start();

//* launch adminer according to the docs
function adminer_object() {

    class AdminerSoftware extends Adminer {
    }

  return new AdminerSoftware;
}

include '/usr/local/ispconfig/interface/tools/adminer-mysql.php';

?>
     
    mhofer, Oct 14, 2021
    #8
    till and ahrasis like this.

Share This Page