Gestion des clés SSH
$row["id"],
'apps' => json_decode($row["usage"]),
'public_key' => $row["key"],
'comment' => $row["comment"],
);
}
pg_close($pg);
return $keys;
}
function saveKeys($keys)
{
if (!isset($_SESSION["login"])) {
return false;
}
$pg = connectPg();
$existingIds = pg_fetch_all_columns(pg_query_params($pg, "SELECT id FROM ldap_users_ssh_keys WHERE realm = 'immae' AND login = $1", array($_SESSION["login"])));
foreach ($keys as $key) {
if (isset($key["id"])) {
unset($existingIds[array_search($key["id"],$existingIds)]);
pg_query_params($pg, "UPDATE ldap_users_ssh_keys SET key = $2, usage = ARRAY(SELECT * FROM json_array_elements_text($3))::ldap_users_ssh_key_usage[], comment = $4 WHERE id = $5 AND login = $1 AND realm = 'immae'", array($_SESSION["login"], $key["public_key"], json_encode($key["apps"]), $key["comment"], $key["id"]));
} else {
pg_query_params($pg, "INSERT INTO ldap_users_ssh_keys (login,realm,key,usage,comment) values ($1,'immae',$2,ARRAY(SELECT * FROM json_array_elements_text($3))::ldap_users_ssh_key_usage[],$4)", array($_SESSION["login"], $key["public_key"], json_encode($key["apps"]), $key["comment"]));
}
}
foreach ($existingIds as $removedKeyId) {
pg_query_params($pg, "DELETE FROM ldap_users_ssh_keys WHERE login = $1 AND realm = 'immae' AND id = $2", array($_SESSION["login"], $removedKeyId));
}
}
// Script
if (isset($_POST['deconnexion'])) {
$_SESSION = [];
}
if (isset($_POST['sauvegarder'])) {
$editedKeys = [];
$errors = false;
$keysToSave = [];
foreach($_POST['keys'] as $id => $key) {
$editedKeys[$id] = $key;
if (!checkSshKey($key['public_key'])) {
$editedKeys[$id]['error'] = true;
$errors = true;
}
if (!isset($key['apps'])) {
$editedKeys[$id]['apps'] = $key['apps'] = [];
}
foreach ($key['apps'] as $app) {
if (!in_array($app, apps)) {
die("integrity");
}
}
if (!isset($editedKeys[$id]['error']) || $editedKeys[$id]['error'] !== true) {
$keysToSave[] = $key;
}
}
if (!$errors) {
$successSave = saveKeys($keysToSave);
}
}
$loginErrors = "";
if (isset($_POST['login'])) {
if (empty($_POST['username']) || empty($_POST['password'])) {
$loginErrors = "Le nom d'utilisateur et le mot de passe sont requis.";
} elseif (!checkLogin($_POST['username'], $_POST['password'])) {
$loginErrors = "Identifiants incorrects.";
} else {
$_SESSION['login'] = $_POST['username'];
}
}
if (isUserLogged()) :
$keys = isset($editedKeys) ? $editedKeys : getKeys();
?>
Connecté en tant que
Clés enregistrées avec succès.