From c6da1db72beda9d50c7a587519348b5d3976d239 Mon Sep 17 00:00:00 2001
From: Pierre Goiffon <pierre.goiffon@combodo.com>
Date: Wed, 5 Dec 2018 10:53:22 +0100
Subject: [PATCH] =?UTF-8?q?:lock:=20N=C2=B01802=20add=20auth=20to=20check-?=
 =?UTF-8?q?backup.php?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 datamodels/2.x/itop-backup/check-backup.php | 41 ++++++++++++++++++++-
 1 file changed, 40 insertions(+), 1 deletion(-)

diff --git a/datamodels/2.x/itop-backup/check-backup.php b/datamodels/2.x/itop-backup/check-backup.php
index e573f847d8..7b37a585c3 100644
--- a/datamodels/2.x/itop-backup/check-backup.php
+++ b/datamodels/2.x/itop-backup/check-backup.php
@@ -33,7 +33,7 @@ else
 	require_once __DIR__.'/../../../approot.inc.php';   // When in datamodels/x.x folder
 }
 require_once(APPROOT.'application/utils.inc.php');
-require_once(APPROOT.'core/config.class.inc.php');
+require_once(APPROOT.'application/startup.inc.php');
 
 
 /**
@@ -245,6 +245,45 @@ catch(Exception $e)
 }
 
 
+if (utils::IsModeCLI())
+{
+	echo date('Y-m-d H:i:s')." - running check-backup utility\n";
+	try
+	{
+		$sAuthUser = ReadMandatoryParam('auth_user');
+		$sAuthPwd = ReadMandatoryParam('auth_pwd');
+	}
+	catch (Exception $e)
+	{
+		$sMessage = $e->getMessage();
+		ToolsLog::Error($sMessage);
+		echo $sMessage;
+		exit;
+	}
+	$bDownloadBackup = false;
+	if (UserRights::CheckCredentials($sAuthUser, $sAuthPwd))
+	{
+		UserRights::Login($sAuthUser); // Login & set the user's language
+	}
+	else
+	{
+		ExitError($oP, "Access restricted or wrong credentials ('$sAuthUser')");
+	}
+}
+else
+{
+	require_once(APPROOT.'application/loginwebpage.class.inc.php');
+	LoginWebPage::DoLogin(); // Check user rights and prompt if needed
+	$bDownloadBackup = utils::ReadParam('download', false);
+}
+
+if (!UserRights::IsAdministrator())
+{
+	ExitError($oP, "Access restricted to administors");
+}
+
+
+
 // N°1802 : was moved from script param to config file (avoid direct call with untrusted param value)
 $sItopRootParam = utils::ReadParam('check_ticket_itop', null, true, 'raw_data');
 if (!empty($sItopRootParam))