Beispiel #1
0
function change_domain_status($domain_id, $domain_name, $action, $location)
{
    $cfg = EasySCP_Registry::get('Config');
    $sql = EasySCP_Registry::get('Db');
    if ($action == 'disable') {
        $new_status = $cfg->ITEM_TODISABLED_STATUS;
    } else {
        if ($action == 'enable') {
            $new_status = $cfg->ITEM_TOENABLE_STATUS;
        } else {
            return;
        }
    }
    // TODO Prüfen wie man das mit den Mails behandeln soll == abschalten / nicht abschalten
    $query = "\n\t\tSELECT\n\t\t\t`mail_id`,\n\t\t\t`mail_pass`,\n\t\t\t`mail_type`\n\t\tFROM\n\t\t\t`mail_users`\n\t\tWHERE\n\t\t\t`domain_id` = ?\n\t\t;\n\t";
    $rs = exec_query($sql, $query, $domain_id);
    while (!$rs->EOF) {
        $mail_id = $rs->fields['mail_id'];
        $mail_pass = $rs->fields['mail_pass'];
        $mail_type = $rs->fields['mail_type'];
        if ($cfg->HARD_MAIL_SUSPENSION) {
            $mail_status = $new_status;
        } else {
            if ($action == 'disable') {
                $timestamp = time();
                $pass_prefix = substr(md5($timestamp), 0, 4);
                if (preg_match('/^' . MT_NORMAL_MAIL . '/', $mail_type) || preg_match('/^' . MT_ALIAS_MAIL . '/', $mail_type) || preg_match('/^' . MT_SUBDOM_MAIL . '/', $mail_type) || preg_match('/^' . MT_ALSSUB_MAIL . '/', $mail_type)) {
                    $mail_pass = decrypt_db_password($mail_pass);
                    $mail_pass = $pass_prefix . $mail_pass;
                    $mail_pass = encrypt_db_password($mail_pass);
                }
            } else {
                if ($action == 'enable') {
                    if (preg_match('/^' . MT_NORMAL_MAIL . '/', $mail_type) || preg_match('/^' . MT_ALIAS_MAIL . '/', $mail_type) || preg_match('/^' . MT_SUBDOM_MAIL . '/', $mail_type) || preg_match('/^' . MT_ALSSUB_MAIL . '/', $mail_type)) {
                        $mail_pass = decrypt_db_password($mail_pass);
                        $mail_pass = substr($mail_pass, 4, 50);
                        $mail_pass = encrypt_db_password($mail_pass);
                    }
                } else {
                    return;
                }
            }
            $mail_status = $cfg->ITEM_CHANGE_STATUS;
        }
        $query = "\n\t\t\tUPDATE\n\t\t\t\t`mail_users`\n\t\t\tSET\n\t\t\t\t`mail_pass` = ?,\n\t\t\t\t`status` = ?\n\t\t\tWHERE\n\t\t\t\t`mail_id` = ?\n\t\t\t;\n\t\t";
        // NXW: Unused result so..
        // $rs2 = exec_query(
        //	$sql, $query, array($mail_pass, $mail_status, $mail_id)
        //);
        exec_query($sql, $query, array($mail_pass, $mail_status, $mail_id));
        $rs->moveNext();
    }
    send_request('130 MAIL ' . $domain_id);
    $query = "\n\t\tUPDATE\n\t\t\tdomain\n\t\tSET\n\t\t\tstatus = ?\n\t\tWHERE\n\t\t\tdomain_id = ?\n\t\t;\n\t";
    exec_query($sql, $query, array($new_status, $domain_id));
    send_request('110 DOMAIN domain ' . $domain_id);
    $query = "\n\t\tUPDATE\n\t\t\tdomain_aliasses\n\t\tSET\n\t\t\tstatus = ?\n\t\tWHERE\n\t\t\tdomain_id = ?\n\t\t;\n\t";
    exec_query($sql, $query, array($new_status, $domain_id));
    send_request('110 DOMAIN alias ' . $domain_id);
    // let's get back to user overview after the system changes are finished
    $user_logged = $_SESSION['user_logged'];
    update_reseller_c_props(get_reseller_id($domain_id));
    if ($action == 'disable') {
        write_log("{$user_logged}: suspended domain: {$domain_name}");
        $_SESSION['user_disabled'] = 1;
    } else {
        if ($action == 'enable') {
            write_log("{$user_logged}: enabled domain: {$domain_name}");
            $_SESSION['user_enabled'] = 1;
        } else {
            return;
        }
    }
    if ($location == 'admin') {
        header('Location: manage_users.php');
    } else {
        if ($location == 'reseller') {
            header('Location: users.php?psi=last');
        }
    }
    die;
}
Beispiel #2
0
function add_ftp_user($sql, $dmn_name)
{
    $cfg = EasySCP_Registry::get('Config');
    $username = strtolower(clean_input($_POST['username']));
    if (!validates_username($username)) {
        set_page_message(tr("Incorrect username length or syntax!"), 'warning');
        return;
    }
    // Set default values ($ftp_home may be overwritten if user
    // has specified a mount point)
    switch ($_POST['dmn_type']) {
        // Default moint point for a domain
        case 'dmn':
            $ftp_user = $username . $cfg->FTP_USERNAME_SEPARATOR . $dmn_name;
            $ftp_home = $cfg->FTP_HOMEDIR . "/{$dmn_name}";
            break;
            // Default mount point for an alias domain
        // Default mount point for an alias domain
        case 'als':
            $ftp_user = $username . $cfg->FTP_USERNAME_SEPARATOR . $_POST['als_id'];
            $alias_mount_point = get_alias_mount_point($sql, $_POST['als_id']);
            $ftp_home = $cfg->FTP_HOMEDIR . "/{$dmn_name}" . $alias_mount_point;
            break;
            // Default mount point for a subdomain
        // Default mount point for a subdomain
        case 'sub':
            $ftp_user = $username . $cfg->FTP_USERNAME_SEPARATOR . $_POST['sub_id'] . '.' . $dmn_name;
            $ftp_home = $cfg->FTP_HOMEDIR . "/{$dmn_name}/" . clean_input($_POST['sub_id']);
            break;
            // Unknown domain type (?)
        // Unknown domain type (?)
        default:
            set_page_message(tr('Unknown domain type'), 'error');
            return;
            break;
    }
    // User-specified mount point
    if (isset($_POST['use_other_dir']) && $_POST['use_other_dir'] === 'on') {
        $ftp_vhome = clean_input($_POST['other_dir'], false);
        // Strip possible double-slashes
        $ftp_vhome = str_replace('//', '/', $ftp_vhome);
        // Check for updirs ".."
        $res = preg_match("/\\.\\./", $ftp_vhome);
        if ($res !== 0) {
            set_page_message(tr('Incorrect mount point length or syntax'), 'error');
            return;
        }
        $ftp_home = $cfg->FTP_HOMEDIR . "/{$dmn_name}/" . $ftp_vhome;
        // Strip possible double-slashes
        $ftp_home = str_replace('//', '/', $ftp_home);
        // Check for $ftp_vhome existence
        // Create a virtual filesystem (it's important to use =&!)
        $vfs = new EasySCP_VirtualFileSystem($dmn_name, $sql);
        // Check for directory existence
        $res = $vfs->exists($ftp_vhome);
        if (!$res) {
            set_page_message(tr('%s does not exist', $ftp_vhome), 'error');
            return;
        }
    }
    // End of user-specified mount-point
    $ftp_gid = get_ftp_user_gid($sql, $dmn_name, $ftp_user);
    $ftp_uid = get_ftp_user_uid($sql, $dmn_name, $ftp_user, $ftp_gid);
    if ($ftp_uid == -1) {
        return;
    }
    $ftp_shell = $cfg->CMD_SHELL;
    $ftp_passwd = crypt_user_pass_with_salt($_POST['pass']);
    $ftp_loginpasswd = encrypt_db_password($_POST['pass']);
    $query = "\n\t\tINSERT INTO ftp_users\n\t\t\t(`userid`, `passwd`, `net2ftppasswd`, `uid`, `gid`, `shell`, `homedir`)\n\t\tVALUES\n\t\t\t(?, ?, ?, ?, ?, ?, ?)\n\t";
    exec_query($sql, $query, array($ftp_user, $ftp_passwd, $ftp_loginpasswd, $ftp_uid, $ftp_gid, $ftp_shell, $ftp_home));
    $domain_props = get_domain_default_props($_SESSION['user_id']);
    update_reseller_c_props($domain_props['domain_created_id']);
    write_log($_SESSION['user_logged'] . ": add new FTP account: {$ftp_user}");
    set_page_message(tr('FTP account added!'), 'success');
    user_goto('ftp_accounts.php');
}
Beispiel #3
0
/**
 *
 */
function convertOldData()
{
    $cfg = EasySCP_Registry::get('Config');
    $sql = EasySCP_Registry::get('Db');
    $ispcp_db_pass_key = '';
    $ispcp_db_pass_iv = '';
    switch ($_POST['migration_version']) {
        case '1.0.7 OMEGA':
            $oldDBKeysFile = '/var/www/ispcp/gui/include/ispcp-db-keys.php';
            require_once $oldDBKeysFile;
            break;
        default:
            $oldDBKeysFile = '/etc/ispcp/ispcp-keys.conf';
            $lines = file($oldDBKeysFile);
            foreach ($lines as $line) {
                $pos = strpos($line, '=');
                if ($pos > 0) {
                    $key = trim(substr($line, 0, $pos));
                    $value = trim(substr($line, $pos + 1));
                    if ($key == 'DB_PASS_KEY') {
                        $ispcp_db_pass_key = $value;
                    } elseif ($key == 'DB_PASS_IV') {
                        $ispcp_db_pass_iv = $value;
                    }
                }
            }
    }
    $td = @mcrypt_module_open(MCRYPT_BLOWFISH, '', MCRYPT_MODE_CBC, '');
    $key = $ispcp_db_pass_key;
    $iv = $ispcp_db_pass_iv;
    $data = array();
    $temp = '';
    $query = "\n\t\tuse easyscp;\n\t";
    exec_query($sql, $query);
    $query = "\n\t\tSELECT mail_id, mail_pass FROM `mail_users`;\n\t";
    $rs = exec_query($sql, $query);
    while (!$rs->EOF) {
        if ($rs->fields['mail_pass'] != '_no_') {
            // Initialize encryption
            @mcrypt_generic_init($td, $key, $iv);
            $text = @base64_decode($rs->fields['mail_pass'] . "\n");
            // Decrypt encrypted string
            $temp = $rs->fields['mail_id'];
            $data[$temp] = trim(@mdecrypt_generic($td, $text));
            @mcrypt_generic_deinit($td);
        }
        $rs->moveNext();
    }
    // Close encryption
    @mcrypt_module_close($td);
    foreach ($data as $mail_id => $mail_pass) {
        $pass = encrypt_db_password(trim($mail_pass));
        $status = $cfg->ITEM_CHANGE_STATUS;
        $query = "UPDATE `mail_users` SET `mail_pass` = ?, `status` = ? WHERE `mail_id` = ?";
        exec_query($sql, $query, array($pass, $status, $mail_id));
    }
}
Beispiel #4
0
function change_sql_user_pass($sql, $db_user_id, $db_user_name)
{
    $cfg = EasySCP_Registry::get('Config');
    if (!isset($_POST['uaction'])) {
        return;
    }
    if ($_POST['pass'] === '' && $_POST['pass_rep'] === '') {
        set_page_message(tr('Please specify user password!'), 'warning');
        return;
    }
    if ($_POST['pass'] !== $_POST['pass_rep']) {
        set_page_message(tr('Entered passwords do not match!'), 'warning');
        return;
    }
    if (strlen($_POST['pass']) > $cfg->MAX_SQL_PASS_LENGTH) {
        set_page_message(tr('User password too long!'), 'warning');
        return;
    }
    if (isset($_POST['pass']) && !preg_match('/^[[:alnum:]:!\\*\\+\\#_.-]+$/', $_POST['pass'])) {
        set_page_message(tr('Don\'t use special chars like "@, $, %..." in the password!'), 'warning');
        return;
    }
    if (!chk_password($_POST['pass'])) {
        if ($cfg->PASSWD_STRONG) {
            set_page_message(sprintf(tr('The password must be at least %s chars long and contain letters and numbers to be valid.'), $cfg->PASSWD_CHARS), 'warning');
        } else {
            set_page_message(sprintf(tr('Password data is shorter than %s signs or includes not permitted signs!'), $cfg->PASSWD_CHARS), 'warning');
        }
        return;
    }
    $user_pass = $_POST['pass'];
    // update user pass in the EasySCP sql_user table;
    $query = "\n\t\tUPDATE\n\t\t\t`sql_user`\n\t\tSET\n\t\t\t`sqlu_pass` = ?\n\t\tWHERE\n\t\t\t`sqlu_name` = ?\n\t";
    exec_query($sql, $query, array(encrypt_db_password($user_pass), $db_user_name));
    // update user pass in the mysql system tables;
    // TODO use prepared statement for $user_pass
    $query = "SET PASSWORD FOR '{$db_user_name}'@'%' = PASSWORD('{$user_pass}')";
    execute_query($sql, $query);
    // TODO use prepared statement for $user_pass
    $query = "SET PASSWORD FOR '{$db_user_name}'@localhost = PASSWORD('{$user_pass}')";
    execute_query($sql, $query);
    write_log($_SESSION['user_logged'] . ": update SQL user password: " . tohtml($db_user_name));
    set_page_message(tr('SQL user password was successfully changed!'), 'warning');
    user_goto('sql_manage.php');
}
Beispiel #5
0
function update_ftp_account($sql, $ftp_acc, $dmn_name)
{
    global $other_dir;
    $cfg = EasySCP_Registry::get('Config');
    // Create a virtual filesystem (it's important to use =&!)
    $vfs = new EasySCP_VirtualFileSystem($dmn_name, $sql);
    if (isset($_POST['uaction']) && $_POST['uaction'] === 'edit_user') {
        if (!empty($_POST['pass']) || !empty($_POST['pass_rep'])) {
            if ($_POST['pass'] !== $_POST['pass_rep']) {
                set_page_message(tr('Entered passwords do not match!'), 'warning');
                return;
            }
            if (!chk_password($_POST['pass'])) {
                if ($cfg->PASSWD_STRONG) {
                    set_page_message(sprintf(tr('The password must be at least %s chars long and contain letters and numbers to be valid.'), $cfg->PASSWD_CHARS), 'warning');
                } else {
                    set_page_message(sprintf(tr('Password data is shorter than %s signs or includes not permitted signs!'), $cfg->PASSWD_CHARS), 'warning');
                }
                return;
            }
            $pass = crypt_user_pass_with_salt($_POST['pass']);
            $loginpass = encrypt_db_password($_POST['pass']);
            if (isset($_POST['use_other_dir']) && $_POST['use_other_dir'] === 'on') {
                $other_dir = clean_input($_POST['other_dir']);
                $rs = $vfs->exists($other_dir);
                if (!$rs) {
                    set_page_message(tr('%s does not exist', clean_input($_POST['other_dir'])), 'warning');
                    return;
                }
                // domain_id
                // append the full path (vfs is always checking per ftp so it's logged
                // in in the root of the user (no absolute paths are allowed here!)
                $other_dir = $cfg->FTP_HOMEDIR . "/" . $_SESSION['user_logged'] . clean_input($_POST['other_dir']);
                $query = "\n\t\t\t\t\tUPDATE\n\t\t\t\t\t\t`ftp_users`\n\t\t\t\t\tSET\n\t\t\t\t\t\t`passwd` = ?,\n\t\t\t\t\t\t`net2ftppasswd` = ?,\n\t\t\t\t\t\t`homedir` = ?\n\t\t\t\t\tWHERE\n\t\t\t\t\t\t`userid` = ?\n\t\t\t\t";
                $param = array($pass, $loginpass, $other_dir, $ftp_acc);
            } else {
                $query = "\n\t\t\t\t\tUPDATE\n\t\t\t\t\t\t`ftp_users`\n\t\t\t\t\tSET\n\t\t\t\t\t\t`passwd` = ?,\n\t\t\t\t\t\t`net2ftppasswd` = ?\n\t\t\t\t\tWHERE\n\t\t\t\t\t\t`userid` = ?\n\t\t\t\t";
                $param = array($pass, $loginpass, $ftp_acc);
            }
            exec_query($sql, $query, $param);
            write_log($_SESSION['user_logged'] . ": updated FTP " . $ftp_acc . " account data");
            set_page_message(tr('FTP account data updated!'), 'success');
            user_goto('ftp_accounts.php');
        } else {
            if (isset($_POST['use_other_dir']) && $_POST['use_other_dir'] === 'on') {
                $other_dir = clean_input($_POST['other_dir']);
                // Strip possible double-slashes
                $other_dir = str_replace('//', '/', $other_dir);
                // Check for updirs ".."
                $res = preg_match("/\\.\\./", $other_dir);
                if ($res !== 0) {
                    set_page_message(tr('Incorrect mount point length or syntax'), 'warning');
                    return;
                }
                // Check for $other_dir existence
                // Create a virtual filesystem (it's important to use =&!)
                $vfs = new EasySCP_VirtualFileSystem($dmn_name, $sql);
                // Check for directory existence
                $res = $vfs->exists($other_dir);
                if (!$res) {
                    set_page_message(tr('%s does not exist', $other_dir), 'error');
                    return;
                }
                $other_dir = $cfg->FTP_HOMEDIR . "/" . $_SESSION['user_logged'] . $other_dir;
            } else {
                // End of user-specified mount-point
                $other_dir = $cfg->FTP_HOMEDIR . "/" . $_SESSION['user_logged'];
            }
            $query = "\n\t\t\t\tUPDATE\n\t\t\t\t\t`ftp_users`\n\t\t\t\tSET\n\t\t\t\t\t`homedir` = ?\n\t\t\t\tWHERE\n\t\t\t\t\t`userid` = ?\n\t\t\t";
            exec_query($sql, $query, array($other_dir, $ftp_acc));
            set_page_message(tr('FTP account data updated!'), 'success');
            user_goto('ftp_accounts.php');
        }
    }
}
Beispiel #6
0
/**
 * @todo
 * 	* Database user with same name can be added several times
 *  * If creation of database user fails in MySQL-Table, database user is already
 * 		in loclal EasySCP table -> Error handling
 */
function add_sql_user($sql, $user_id, $db_id)
{
    $cfg = EasySCP_Registry::get('Config');
    if (!isset($_POST['uaction'])) {
        return;
    }
    // let's check user input
    if (empty($_POST['user_name']) && !isset($_POST['Add_Exist'])) {
        set_page_message(tr('Please type user name!'), 'warning');
        return;
    }
    if (empty($_POST['pass']) && empty($_POST['pass_rep']) && !isset($_POST['Add_Exist'])) {
        set_page_message(tr('Please type user password!'), 'warning');
        return;
    }
    if (isset($_POST['pass']) && isset($_POST['pass_rep']) && $_POST['pass'] !== $_POST['pass_rep'] && !isset($_POST['Add_Exist'])) {
        set_page_message(tr('Entered passwords do not match!'), 'warning');
        return;
    }
    if (isset($_POST['pass']) && strlen($_POST['pass']) > $cfg->MAX_SQL_PASS_LENGTH && !isset($_POST['Add_Exist'])) {
        set_page_message(tr('Too long user password!'), 'warning');
        return;
    }
    if (isset($_POST['pass']) && !preg_match('/^[[:alnum:]:!*+#_.-]+$/', $_POST['pass']) && !isset($_POST['Add_Exist'])) {
        set_page_message(tr('Don\'t use special chars like "@, $, %..." in the password!'), 'warning');
        return;
    }
    if (isset($_POST['pass']) && !chk_password($_POST['pass']) && !isset($_POST['Add_Exist'])) {
        if ($cfg->PASSWD_STRONG) {
            set_page_message(sprintf(tr('The password must be at least %s chars long and contain letters and numbers to be valid.'), $cfg->PASSWD_CHARS), 'warning');
        } else {
            set_page_message(sprintf(tr('Password data is shorter than %s signs or includes not permitted signs!'), $cfg->PASSWD_CHARS), 'warning');
        }
        return;
    }
    if (isset($_POST['Add_Exist'])) {
        $query = "SELECT `sqlu_pass` FROM `sql_user` WHERE `sqlu_id` = ?";
        $rs = exec_query($sql, $query, $_POST['sqluser_id']);
        if ($rs->recordCount() == 0) {
            set_page_message(tr('SQL-user not found! It might has been deleted by another user.'), 'warning');
            return;
        }
        $user_pass = decrypt_db_password($rs->fields['sqlu_pass']);
    } else {
        $user_pass = $_POST['pass'];
    }
    $dmn_id = get_user_domain_id($user_id);
    if (!isset($_POST['Add_Exist'])) {
        // we'll use domain_id in the name of the database;
        if (isset($_POST['use_dmn_id']) && $_POST['use_dmn_id'] === 'on' && isset($_POST['id_pos']) && $_POST['id_pos'] === 'start') {
            $db_user = $dmn_id . "_" . clean_input($_POST['user_name']);
        } else {
            if (isset($_POST['use_dmn_id']) && $_POST['use_dmn_id'] === 'on' && isset($_POST['id_pos']) && $_POST['id_pos'] === 'end') {
                $db_user = clean_input($_POST['user_name']) . "_" . $dmn_id;
            } else {
                $db_user = clean_input($_POST['user_name']);
            }
        }
    } else {
        $query = "SELECT `sqlu_name` FROM `sql_user` WHERE `sqlu_id` = ?";
        $rs = exec_query($sql, $query, $_POST['sqluser_id']);
        $db_user = $rs->fields['sqlu_name'];
    }
    if (strlen($db_user) > $cfg->MAX_SQL_USER_LENGTH) {
        set_page_message(tr('User name too long!'), 'warning');
        return;
    }
    // are wildcards used?
    if (preg_match("/[%|\\?]+/", $db_user)) {
        set_page_message(tr('Wildcards such as %% and ? are not allowed!'), 'warning');
        return;
    }
    // have we such sql user in the system?!
    if (check_db_user($sql, $db_user) && !isset($_POST['Add_Exist'])) {
        set_page_message(tr('Specified SQL username name already exists!'), 'warning');
        return;
    }
    // add user in the EasySCP table;
    $query = "\n\t\tINSERT INTO `sql_user`\n\t\t\t(`sqld_id`, `sqlu_name`, `sqlu_pass`)\n\t\tVALUES\n\t\t\t(?, ?, ?)\n\t";
    exec_query($sql, $query, array($db_id, $db_user, encrypt_db_password($user_pass)));
    update_reseller_c_props(get_reseller_id($dmn_id));
    $query = "\n\t\tSELECT\n\t\t\t`sqld_name` AS `db_name`\n\t\tFROM\n\t\t\t`sql_database`\n\t\tWHERE\n\t\t\t`sqld_id` = ?\n\t\tAND\n\t\t\t`domain_id` = ?\n\t";
    $rs = exec_query($sql, $query, array($db_id, $dmn_id));
    $db_name = $rs->fields['db_name'];
    $db_name = preg_replace("/([_%\\?\\*])/", '\\\\$1', $db_name);
    // add user in the mysql system tables
    $query = "GRANT ALL PRIVILEGES ON " . quoteIdentifier($db_name) . ".* TO ?@? IDENTIFIED BY ?";
    exec_query($sql, $query, array($db_user, "localhost", $user_pass));
    exec_query($sql, $query, array($db_user, "%", $user_pass));
    write_log($_SESSION['user_logged'] . ": add SQL user: " . tohtml($db_user));
    set_page_message(tr('SQL user successfully added!'), 'info');
    user_goto('sql_manage.php');
}