|
|
@@ -29,7 +29,15 @@ namespace Api {
|
|
|
if (curl_errno($ch)) {
|
|
|
$this->createError(curl_error($ch));
|
|
|
} else if ($statusCode != 200) {
|
|
|
- $this->createError("HackTheBox returned status code: " . $statusCode);
|
|
|
+ $this->createError("HackTheBox returned status code: $statusCode. The Administrator is already informed");
|
|
|
+ error_log("PHP Warning: HTB API returned $statusCode, update your bearer token probably!");
|
|
|
+ if ($statusCode == 302) {
|
|
|
+ (new \Api\Notifications\Create($this->user))->execute(array(
|
|
|
+ "groupId" => USER_GROUP_ADMIN,
|
|
|
+ "title" => "HackTheBox API",
|
|
|
+ "message" => "HTB API returned 302, update your bearer token probably!"
|
|
|
+ ));
|
|
|
+ }
|
|
|
} else {
|
|
|
$this->success = true;
|
|
|
$data = empty($data) ? array() : @json_decode($data, true);
|
|
|
@@ -95,7 +103,7 @@ namespace Api {
|
|
|
"confirmed" => $sql->parseBool($row["confirmed"]),
|
|
|
"uid" => $row["userId"],
|
|
|
"token" => $row["token"],
|
|
|
- "machinesOwned" => array()
|
|
|
+ "machineOwns" => array()
|
|
|
);
|
|
|
|
|
|
foreach ($res as $row) {
|
|
|
@@ -103,8 +111,8 @@ namespace Api {
|
|
|
$machineName = $row["machineName"];
|
|
|
$ownType = $row["ownType"];
|
|
|
if (!is_null($machineId) && !is_null($machineName) && !is_null($ownType)) {
|
|
|
- if (!isset($htbUser["machinesOwned"][$machineId])) {
|
|
|
- $htbUser["machinesOwned"][$machineId] = array(
|
|
|
+ if (!isset($htbUser["machineOwns"][$machineId])) {
|
|
|
+ $htbUser["machineOwns"][$machineId] = array(
|
|
|
"name" => $machineName,
|
|
|
"user" => false,
|
|
|
"root" => false
|
|
|
@@ -112,9 +120,9 @@ namespace Api {
|
|
|
}
|
|
|
|
|
|
if ($ownType === "user") {
|
|
|
- $htbUser["machinesOwned"][$machineId]["user"] = true;
|
|
|
+ $htbUser["machineOwns"][$machineId]["user"] = true;
|
|
|
} else if ($ownType === "root") {
|
|
|
- $htbUser["machinesOwned"][$machineId]["root"] = true;
|
|
|
+ $htbUser["machineOwns"][$machineId]["root"] = true;
|
|
|
}
|
|
|
}
|
|
|
}
|
|
|
@@ -157,6 +165,7 @@ namespace Api\Htb {
|
|
|
use Api\Parameter\Parameter;
|
|
|
use Api\Parameter\StringType;
|
|
|
use Api\VerifyCaptcha;
|
|
|
+ use DateTime;
|
|
|
use Driver\SQL\Column\Column;
|
|
|
use Driver\SQL\Condition\Compare;
|
|
|
use Driver\SQL\Strategy\UpdateStrategy;
|
|
|
@@ -227,7 +236,7 @@ namespace Api\Htb {
|
|
|
return false;
|
|
|
}
|
|
|
|
|
|
- if ($machine && ($machine["retired"] || datetimeDiff($machine["retired"], new \DateTime()) < self::VALID_DURATION)) {
|
|
|
+ if ($machine && ($machine["retired"] || datetimeDiff($machine["retired"], new DateTime()) < self::VALID_DURATION)) {
|
|
|
$this->result["cached"] = true;
|
|
|
$this->result["machine"] = $machine;
|
|
|
return true;
|
|
|
@@ -240,7 +249,7 @@ namespace Api\Htb {
|
|
|
if ($this->success) {
|
|
|
$this->result["cached"] = false;
|
|
|
$this->result["machine"] = $machine;
|
|
|
- $lastChecked = (new \DateTime());
|
|
|
+ $lastChecked = (new DateTime());
|
|
|
$this->insertMachine($machine, $lastChecked);
|
|
|
}
|
|
|
}
|
|
|
@@ -556,6 +565,7 @@ namespace Api\Htb {
|
|
|
|
|
|
$userId = $htbUser["uid"];
|
|
|
$this->result["user"] = array("name" => $htbUser["name"], "uid" => $userId);
|
|
|
+
|
|
|
if (isset($htbUser["machineOwns"][$machineId])) {
|
|
|
$userAccess = $htbUser["machineOwns"][$machineId]["user"];
|
|
|
$rootAccess = $htbUser["machineOwns"][$machineId]["root"];
|
|
|
@@ -652,11 +662,16 @@ namespace Api\Htb {
|
|
|
|
|
|
$this->success = ($res !== false);
|
|
|
$this->lastError = $sql->getLastError();
|
|
|
+ $isAdmin = $this->user->hasGroup(USER_GROUP_ADMIN);
|
|
|
|
|
|
if ($this->success) {
|
|
|
foreach ($res as $i => $row) {
|
|
|
$res[$i]["userUnlocked"] = $sql->parseBool($row["userUnlocked"]);
|
|
|
$res[$i]["rootUnlocked"] = $sql->parseBool($row["rootUnlocked"]);
|
|
|
+
|
|
|
+ if (!$isAdmin) {
|
|
|
+ $res[$i]["ipAddress"] = "";
|
|
|
+ }
|
|
|
}
|
|
|
return $res;
|
|
|
}
|
Roman Hergenreder