🔒 N°1802 add auth to check-backup.php

datamodels/2.x/itop-backup/check-backup.php

@@ -33,7 +33,7 @@ else
 	require_once __DIR__.'/../../../approot.inc.php';   // When in datamodels/x.x folder
 }
 require_once(APPROOT.'application/utils.inc.php');
-require_once(APPROOT.'core/config.class.inc.php');
+require_once(APPROOT.'application/startup.inc.php');
 
 
 /**
@@ -245,6 +245,45 @@ catch(Exception $e)
 }
 
 
+if (utils::IsModeCLI())
+{
+	echo date('Y-m-d H:i:s')." - running check-backup utility\n";
+	try
+	{
+		$sAuthUser = ReadMandatoryParam('auth_user');
+		$sAuthPwd = ReadMandatoryParam('auth_pwd');
+	}
+	catch (Exception $e)
+	{
+		$sMessage = $e->getMessage();
+		ToolsLog::Error($sMessage);
+		echo $sMessage;
+		exit;
+	}
+	$bDownloadBackup = false;
+	if (UserRights::CheckCredentials($sAuthUser, $sAuthPwd))
+	{
+		UserRights::Login($sAuthUser); // Login & set the user's language
+	}
+	else
+	{
+		ExitError($oP, "Access restricted or wrong credentials ('$sAuthUser')");
+	}
+}
+else
+{
+	require_once(APPROOT.'application/loginwebpage.class.inc.php');
+	LoginWebPage::DoLogin(); // Check user rights and prompt if needed
+	$bDownloadBackup = utils::ReadParam('download', false);
+}
+
+if (!UserRights::IsAdministrator())
+{
+	ExitError($oP, "Access restricted to administors");
+}
+
+
+
 // N°1802 : was moved from script param to config file (avoid direct call with untrusted param value)
 $sItopRootParam = utils::ReadParam('check_ticket_itop', null, true, 'raw_data');
 if (!empty($sItopRootParam))