🔒 N°1802 add auth to check-backup.php

2026-05-17 22:39:03 +02:00 · 2018-12-05 10:53:22 +01:00
parent 843c06b007
commit c6da1db72b
1 changed files with 40 additions and 1 deletions
--- a/datamodels/2.x/itop-backup/check-backup.php
+++ b/datamodels/2.x/itop-backup/check-backup.php
@@ -33,7 +33,7 @@ else
 	require_once __DIR__.'/../../../approot.inc.php';   // When in datamodels/x.x folder
 }
 require_once(APPROOT.'application/utils.inc.php');
-require_once(APPROOT.'core/config.class.inc.php');
+require_once(APPROOT.'application/startup.inc.php');


 /**
@@ -245,6 +245,45 @@ catch(Exception $e)
 }


+if (utils::IsModeCLI())
+{
+	echo date('Y-m-d H:i:s')." - running check-backup utility\n";
+	try
+	{
+		$sAuthUser = ReadMandatoryParam('auth_user');
+		$sAuthPwd = ReadMandatoryParam('auth_pwd');
+	}
+	catch (Exception $e)
+	{
+		$sMessage = $e->getMessage();
+		ToolsLog::Error($sMessage);
+		echo $sMessage;
+		exit;
+	}
+	$bDownloadBackup = false;
+	if (UserRights::CheckCredentials($sAuthUser, $sAuthPwd))
+	{
+		UserRights::Login($sAuthUser); // Login & set the user's language
+	}
+	else
+	{
+		ExitError($oP, "Access restricted or wrong credentials ('$sAuthUser')");
+	}
+}
+else
+{
+	require_once(APPROOT.'application/loginwebpage.class.inc.php');
+	LoginWebPage::DoLogin(); // Check user rights and prompt if needed
+	$bDownloadBackup = utils::ReadParam('download', false);
+}
+
+if (!UserRights::IsAdministrator())
+{
+	ExitError($oP, "Access restricted to administors");
+}
+
+
+
 // N°1802 : was moved from script param to config file (avoid direct call with untrusted param value)
 $sItopRootParam = utils::ReadParam('check_ticket_itop', null, true, 'raw_data');
 if (!empty($sItopRootParam))