0

Use API to Generate One Time View Link

askmike1 12 months ago 0

In our use of teampass, we have a case where we would like to use the API to generate a one-time-view link. We have implemented via the following

In api/functions.php within `restGet` function above `} elseif ($GLOBALS['request'][0] == "add") {` (line 874)


```
// ******************************************************
// START MANUALLY MODIFIED
// ******************************************************
} elseif ($GLOBALS['request'][0] == "generate") {
if($GLOBALS['request'][1] == "otv") {
/* EDITED */
$item = $GLOBALS['request'][2];

global $server, $user, $pass, $database, $pre, $db, $port, $encoding;
include_once '../includes/config/tp.config.php';
require_once $SETTINGS['cpassman_dir'].'/includes/config/settings.php';
require_once $SETTINGS['cpassman_dir'].'/includes/config/include.php';
require_once $SETTINGS['cpassman_dir'].'/sources/SplClassLoader.php';
require_once $SETTINGS['cpassman_dir'].'/sources/main.functions.php';

require_once $SETTINGS['cpassman_dir'].'/includes/libraries/Database/Meekrodb/db.class.php';
$pass = defuse_return_decrypted($pass);
DB::$host = $server;
DB::$user = $user;
DB::$password = $pass;
DB::$dbName = $database;
DB::$port = $port;
DB::$encoding = $encoding;
DB::$error_handler = true;
$link = mysqli_connect($server, $user, $pass, $database, $port);
$link->set_charset($encoding);

// delete all existing old otv codes
$rows = DB::query("SELECT id FROM ".prefix_table("otv")." WHERE timestamp < ".(time() - $SETTINGS['otv_expiration_period'] * 86400));
foreach ($rows as $record) {
DB::delete(prefix_table('otv'), "id=%i", $record['id']);
}

// generate session
$otv_code = GenerateCryptKey(32, false, true, true, false);
DB::insert(
prefix_table("otv"),
array(
'id' => null,
'item_id' => $item,
'timestamp' => time(),
'originator' => intval($_SESSION['user_id']),
'code' => $otv_code
)
);
$newID = DB::insertId();

$otv_session = array(
"code" => $otv_code,
"stamp" => time()
);

if (!isset($SETTINGS['otv_expiration_period'])) {
$SETTINGS['otv_expiration_period'] = 7;
}
$url = $SETTINGS['cpassman_url']."/index.php?otv=true&".http_build_query($otv_session);
$exp_date = date($SETTINGS['date_format']." ".$SETTINGS['time_format'], time() + (intval($SETTINGS['otv_expiration_period']) * 86400));
$element_id = "clipboard-button-".mt_rand(0, 1000);

$json['url'] = $url;
$json['expiration'] = $exp_date;
if (isset($json) && $json) {
echo json_encode($json);
} else {
rest_error ('EMPTY');
}

}
// ******************************************************
// END MANUALLY MODIFIED
// ******************************************************
```