Add third-party script to ISPConfig WebGUI with it's login protection?

Discussion in 'Developers' Forum' started by C_Duv, Aug 11, 2021.

  1. C_Duv

    C_Duv New Member

    Hello,
    I would like to add a third party PHP script on my server (for example Adminer, but could also want to add other, self-made PHP tools), accessible via the ISPConfig web GUI (https://server.example.com:8080).
    I know I can add an location to Nginx (file `/etc/nginx/sites-enabled/000-ispconfig.vhost`) that points to the PHP script but that makes the script available without any authentication.
    Is there a simple way to add a script to the ISPConfig web interface?
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    You must load the ISPConfig libraries inside your script and call the auth checks, e.g.:

    Code:
    <?php
    require_once '/usr/local/ispconfig/interface/lib/config.inc.php';
    require_once '/usr/local/ispconfig/interface/lib/app.inc.php';
    
    //* Check permissions for client module
    $app->auth->check_module_permissions('client');
    I've moved your post to the dev forum.
     
    ahrasis likes this.
  3. C_Duv

    C_Duv New Member

    Thanks, it works great!
    Here are my shell commands to download Adminer and add it to ISPConfig (auth + answer to `/phpmyadmin`):

    Code:
    # Download Adminer:
    mkdir "/opt/adminer"
    version="$(curl --silent "https://api.github.com/repos/vrana/adminer/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")')"
    curl -L "https://github.com/vrana/adminer/releases/download/${version}/adminer-${version#v}-mysql.php" -o "/opt/adminer/adminer.php" -s
    
    # Create ISPConfig-compatible copy:
    cat > "/usr/local/ispconfig/interface/web/adminer.php" < \
        <( \
            cat \
                <(echo '<?php
    // Add ISPConfig auth to Adminer.
    // Source: https://www.howtoforge.com/community/threads/add-third-party-script-to-ispconfig-webgui-with-its-login-protection.87420/
    require_once "/usr/local/ispconfig/interface/lib/config.inc.php";
    require_once "/usr/local/ispconfig/interface/lib/app.inc.php";
    //* Check permissions for client module
    $app->auth->check_module_permissions("client");?>') \
               "/opt/adminer/adminer.php" \
        )
    
    # Serve Adminer for /phpmyadmin (for Nginx):
    sed \
        -i \
       '/^# location \/phpmyadmin {$/i\ # Serve Adminer when phpMyAdmin is requested\n location \/phpmyadmin {\n return 301 \/adminer.php;\n }' \
        "/etc/nginx/sites-available/ispconfig.vhost"
    
     
    ahrasis likes this.
  4. C_Duv

    C_Duv New Member

    Oups, I posted too fast: Adminer interface does show up, but I can't use it: when I try to SQL-connect I get redirected to "/index.php" and then to "/login/" (the ISPConfig login page).

    I guess it's a conflict/behavior in Adminer... I'll dig into it to see if I can fix something...
     
    ahrasis likes this.
  5. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    The way I see it you are doing it the hard way. You don't need to add any of the ISPConfig APi inside it. Just run adminer like you run PMA.
     
  6. C_Duv

    C_Duv New Member

    I want to "protect" it's access using ISPConfig authentication, without re-typing credentials (even if it would be the same credentials).
    * If user is logged to ISPConfig: Adminer can be accessed.
    * Otherwise: Adminer can not be accessed (display an "access denied" message or redirect).
     
  7. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    Yes. That the hard way of doing it.

    But since you really want to do it, then in my mind you can try to manipulate the munin or the monit settings to add that in either one place.

    The advanced one that you want is to open the link inside ISPConfig GUI when you click on its link which is preferably at website database page but the idea is the same as displaying munit or monit page except you have to add that page to ISPConfig GUI. You will have to do a lot of coding to achieve this.
     
  8. mhofer

    mhofer New Member

    If you are still trying to achieve this, I got it working by making sure adminer has a different session than ISPConfig.
    Here's the example code:
    Code:
    <?php
    require_once '/usr/local/ispconfig/interface/lib/config.inc.php';
    require_once '/usr/local/ispconfig/interface/lib/app.inc.php';
    //* Check permissions for client module
    $app->auth->check_module_permissions('client');
    
    //* close ISPConfig session
    session_write_close();
    //* reset session handler to default
    session_set_save_handler(new SessionHandler(), true);
    
    
    //* Create new sssion for adminer with its original settings
    session_name("adminer_sid");
    if (isset($_COOKIE['adminer_sid'])) {
        session_id($_COOKIE['adminer_sid']);
    } else {
        session_id(session_create_id());
    }
    $HTTPS = ($_SERVER["HTTPS"] && strcasecmp($_SERVER["HTTPS"], "off")) || (preg_match('~^(on|true|yes)$~i', ini_get("session.cookie_secure")) || (int) $val);
    session_cache_limiter(""); // to allow restarting session
    $params = array(0, preg_replace('~\?.*~', '', $_SERVER["REQUEST_URI"]), "", $HTTPS);
    if (version_compare(PHP_VERSION, '5.2.0') >= 0) {
        $params[] = true; // HttpOnly
    }
    call_user_func_array('session_set_cookie_params', $params);
    session_start();
    
    //* launch adminer according to the docs
    function adminer_object() {
    
        class AdminerSoftware extends Adminer {
        }
    
      return new AdminerSoftware;
    }
    
    include '/usr/local/ispconfig/interface/tools/adminer-mysql.php';
    
    ?>
    
     
    till and ahrasis like this.

Share This Page