/** * Generates directories list. * * @param iMSCP_pTemplate $tpl Template engine instance * @return void */ function client_generateDirectoriesList($tpl) { // Initialize variables $path = isset($_GET['cur_dir']) ? clean_input($_GET['cur_dir']) : ''; $domain = $_SESSION['user_logged']; // Create the virtual file system and open it so it can be used $vfs = new iMSCP_VirtualFileSystem($domain); // Get the directory listing $list = $vfs->ls($path); if (!$list) { set_page_message(tr('Unable to retrieve directories list for your domain. Please contact your reseller.'), 'error'); $tpl->assign('FTP_CHOOSER', ''); return; } // Show parent directory link $parent = explode('/', $path); array_pop($parent); $parent = implode('/', $parent); $tpl->assign(array('ACTION_LINK' => '', 'ACTION' => '', 'ICON' => 'parent', 'DIR_NAME' => tr('Parent directory'), 'LINK' => "ftp_choose_dir.php?cur_dir={$parent}")); $tpl->parse('DIR_ITEM', '.dir_item'); // Show directories only foreach ($list as $entry) { $directory = $path . '/' . $entry['file']; if ($entry['type'] != iMSCP_VirtualFileSystem::VFS_TYPE_DIR || ($entry['file'] == '.' || $entry['file'] == '..') || !isAllowedDir(get_user_domain_id($_SESSION['user_id']), $directory)) { continue; } // Create the directory link $tpl->assign(array('DIR_NAME' => tohtml($entry['file']), 'CHOOSE_IT' => $directory, 'LINK' => 'ftp_choose_dir.php?cur_dir=' . $directory)); $tpl->parse('ACTION_LINK', 'action_link'); $tpl->parse('DIR_ITEM', '.dir_item'); } }
function gen_db_list(&$tpl, &$sql, $user_id) { $dmn_id = get_user_domain_id($sql, $user_id); $query = <<<SQL_QUERY select sqld_id, sqld_name from sql_database where domain_id = ? order by sqld_name SQL_QUERY; $rs = exec_query($sql, $query, array($dmn_id)); if ($rs->RecordCount() == 0) { set_page_message(tr('Database list is empty!')); $tpl->assign('DB_LIST', ''); } else { while (!$rs->EOF) { $db_id = $rs->fields['sqld_id']; $db_name = $rs->fields['sqld_name']; gen_db_user_list($tpl, $sql, $db_id); $tpl->assign(array('DB_ID' => "{$db_id}", 'DB_NAME' => "{$db_name}")); $tpl->parse('DB_LIST', '.db_list'); $rs->MoveNext(); } } }
/** * onAfterAddDomainAlias listener * * @throws iMSCP_Exception * @throws iMSCP_Exception_Database * @param iMSCP_Events_Event $event * @throws Exception */ public function onAfterAddDomainAlias(iMSCP_Events_Event $event) { $userIdentity = iMSCP_Authentication::getInstance()->getIdentity(); if ($userIdentity->admin_type == 'user') { $disallowedDomains = (array) $this->getConfigParam('ignored_domains', array()); $domainAliasNameAscii = $event->getParam('domainAliasName'); # Only domain aliases which are not listed in the ignored_domains list are auto-approved if (!in_array(decode_idna($domainAliasNameAscii), $disallowedDomains)) { $username = decode_idna($userIdentity->admin_name); $approvalRule = $this->getConfigParam('approval_rule', true); $userAccounts = (array) $this->getConfigParam('user_accounts', array()); if ($approvalRule) { # Only domain aliases added by user accounts which are listed in the user_accounts list are # auto-approved if (!in_array($username, $userAccounts)) { $username = false; } } elseif (in_array($username, $userAccounts)) { # Only domain aliases added by user accounts which are not listed in the user_accounts list are # auto-approved $username = false; } if ($username !== false) { $db = iMSCP_Database::getInstance(); try { $db->beginTransaction(); $domainAliasId = $event->getParam('domainAliasId'); exec_query('UPDATE domain_aliasses SET alias_status = ? WHERE alias_id = ?', array('toadd', $domainAliasId)); if (iMSCP_Registry::get('config')->CREATE_DEFAULT_EMAIL_ADDRESSES) { if ($userIdentity->email) { client_mail_add_default_accounts(get_user_domain_id($userIdentity->admin_id), $userIdentity->email, $domainAliasNameAscii, 'alias', $domainAliasId); } } $db->commit(); send_request(); $domainAliasName = decode_idna($domainAliasNameAscii); $username = decode_idna($username); write_log(sprintf('DomainAutoApproval: The %s domain alias has been auto-approved', $domainAliasName), E_USER_NOTICE); write_log(sprintf('DomainAutoApproval: %s scheduled addition of domain alias: %s', $username, $domainAliasName), E_USER_NOTICE); set_page_message(tr('Domain alias successfully scheduled for addition.'), 'success'); redirectTo('domains_manage.php'); } catch (iMSCP_Exception $e) { $db->rollBack(); throw $e; } } } } }
/** * Generate statistics for the given period * * @param iMSCP_pTemplate $tpl Template engine instance * @return void */ function generatePage($tpl) { $domainId = get_user_domain_id($_SESSION['user_id']); if (isset($_POST['month']) && isset($_POST['year'])) { $year = intval($_POST['year']); $month = intval($_POST['month']); } else { if (isset($_GET['month']) && isset($_GET['year'])) { $month = intval($_GET['month']); $year = intval($_GET['year']); } else { $month = date('m'); $year = date('Y'); } } $stmt = exec_query('SELECT dtraff_time FROM domain_traffic WHERE domain_id = ? ORDER BY dtraff_time ASC LIMIT 1', $domainId); if ($stmt->rowCount()) { $row = $stmt->fetchRow(PDO::FETCH_ASSOC); $numberYears = date('y') - date('y', $row['dtraff_time']); $numberYears = $numberYears ? $numberYears + 1 : 1; } else { $numberYears = 1; } generateMonthsAndYearsHtmlList($tpl, $month, $year, $numberYears); $stmt = exec_query('SELECT domain_id FROM domain_traffic WHERE domain_id = ? AND dtraff_time >= ? AND dtraff_time <= ? LIMIT 1', array($domainId, getFirstDayOfMonth($month, $year), getLastDayOfMonth($month, $year))); if ($stmt->rowCount()) { $requestedPeriod = getLastDayOfMonth($month, $year); $toDay = $requestedPeriod < time() ? date('j', $requestedPeriod) : date('j'); $all = array_fill(0, 8, 0); $dateFormat = iMSCP_Registry::get('config')->DATE_FORMAT; for ($fromDay = 1; $fromDay <= $toDay; $fromDay++) { $beginTime = mktime(0, 0, 0, $month, $fromDay, $year); $endTime = mktime(23, 59, 59, $month, $fromDay, $year); list($webTraffic, $ftpTraffic, $smtpTraffic, $popTraffic) = _getUserTraffic($domainId, $beginTime, $endTime); $tpl->assign(array('DATE' => tohtml(date($dateFormat, strtotime($year . '-' . $month . '-' . $fromDay))), 'WEB_TRAFF' => tohtml(bytesHuman($webTraffic)), 'FTP_TRAFF' => tohtml(bytesHuman($ftpTraffic)), 'SMTP_TRAFF' => tohtml(bytesHuman($smtpTraffic)), 'POP_TRAFF' => tohtml(bytesHuman($popTraffic)), 'SUM_TRAFF' => tohtml(bytesHuman($webTraffic + $ftpTraffic + $smtpTraffic + $popTraffic)))); $all[0] += $webTraffic; $all[1] += $ftpTraffic; $all[2] += $smtpTraffic; $all[3] += $popTraffic; $tpl->parse('TRAFFIC_TABLE_ITEM', '.traffic_table_item'); } $tpl->assign(array('WEB_ALL' => tohtml(bytesHuman($all[0])), 'FTP_ALL' => tohtml(bytesHuman($all[1])), 'SMTP_ALL' => tohtml(bytesHuman($all[2])), 'POP_ALL' => tohtml(bytesHuman($all[3])), 'SUM_ALL' => tohtml(bytesHuman(array_sum($all))))); } else { set_page_message(tr('No statistics found for the given period. Try another period.'), 'static_info'); $tpl->assign('STATISTICS_BLOCK', ''); } }
/** * @param EasySCP_TemplateEngine $tpl * @param EasySCP_Database $sql * @param int $user_id */ function gen_db_list($tpl, $sql, $user_id) { $dmn_id = get_user_domain_id($user_id); $query = "\n\t\tSELECT\n\t\t\t`sqld_id`, `sqld_name`\n\t\tFROM\n\t\t\t`sql_database`\n\t\tWHERE\n\t\t\t`domain_id` = ?\n\t\tORDER BY\n\t\t\t`sqld_name`\n\t"; $rs = exec_query($sql, $query, $dmn_id); if ($rs->recordCount() == 0) { set_page_message(tr('Database list is empty!'), 'info'); $tpl->assign('DB_LIST', ''); } else { while (!$rs->EOF) { $db_id = $rs->fields['sqld_id']; $db_name = $rs->fields['sqld_name']; $num = gen_db_user_list($tpl, $sql, $db_id); $tpl->append(array('DB_ID' => $db_id, 'DB_NAME' => tohtml($db_name), 'DB_NAME_JS' => tojs($db_name), 'DB_MSG' => $num ? '' : tr('Database user list is empty!'))); $rs->moveNext(); } } }
/** * onAfterAddDomainAlias listener * * @throws iMSCP_Exception * @throws iMSCP_Exception_Database * @param iMSCP_Events_Event $event * @throws Exception * @return void */ public function onAfterAddDomainAlias(iMSCP_Events_Event $event) { $userIdentity = iMSCP_Authentication::getInstance()->getIdentity(); // 1. Do not act if the logged-in user is not the real client (due to changes in i-MSCP v1.2.12) // 2. Do not act if the event has been triggered from reseller interface if (isset($_SESSION['logged_from_type']) || $userIdentity->admin_type == 'reseller') { return; } $disallowedDomains = (array) $this->getConfigParam('ignored_domains', array()); $domainAliasNameAscii = $event->getParam('domainAliasName'); if (in_array(decode_idna($domainAliasNameAscii), $disallowedDomains)) { return; # Only domain aliases which are not listed in the ignored_domains list are auto-approved } $username = decode_idna($userIdentity->admin_name); $approvalRule = $this->getConfigParam('approval_rule', true); $userAccounts = (array) $this->getConfigParam('user_accounts', array()); # 1. Only domain aliases added by user which are listed in the 'user_accounts' list are auto-approved # 2. Only domain aliases added by user which are not listed in the 'user_accounts' list are auto-approved if ($approvalRule && !in_array($username, $userAccounts) || in_array($username, $userAccounts)) { return; } $db = iMSCP_Database::getInstance(); try { $db->beginTransaction(); $domainAliasId = $event->getParam('domainAliasId'); exec_query('UPDATE domain_aliasses SET alias_status = ? WHERE alias_id = ?', array('toadd', $domainAliasId)); $config = iMSCP_Registry::get('config'); if ($config['CREATE_DEFAULT_EMAIL_ADDRESSES'] && $userIdentity->email !== '') { client_mail_add_default_accounts(get_user_domain_id($userIdentity->admin_id), $userIdentity->email, $domainAliasNameAscii, 'alias', $domainAliasId); } $db->commit(); send_request(); write_log(sprintf('DomainAutoApproval plugin: The `%s` domain alias has been auto-approved', decode_idna($domainAliasNameAscii)), E_USER_NOTICE); set_page_message(tr('Domain alias auto-approved.'), 'success'); } catch (iMSCP_Exception $e) { $db->rollBack(); throw $e; } }
$rs = exec_query($sql, $query, array($dmn_id, $uname, $upass)); $admin_login = $_SESSION['user_logged']; write_log("{$admin_login}: add user (protected areas) -> {$uname}"); header('Location: puser_manage.php'); die; } else { set_page_message(tr('User already exist !')); return; } } } else { return; } } /* * * static page messages. * */ gen_client_menu($tpl); gen_logged_from($tpl); check_permissions($tpl); padd_user($tpl, $sql, get_user_domain_id($sql, $_SESSION['user_id'])); $tpl->assign(array('TR_HTACCESS' => tr('Protected areas'), 'TR_ACTION' => tr('Action'), 'TR_USER_MANAGE' => tr('Manage user'), 'TR_USERS' => tr('User'), 'TR_USERNAME' => tr('Username'), 'TR_ADD_USER' => tr('Add user'), 'TR_GROUPNAME' => tr('Group name'), 'TR_GROUP_MEMBERS' => tr('Group members'), 'TR_ADD_GROUP' => tr('Add group'), 'TR_EDIT' => tr('Edit'), 'TR_GROUP' => tr('Group'), 'TR_DELETE' => tr('Delete'), 'TR_GROUPS' => tr('Groups'), 'TR_PASSWORD' => tr('Password'), 'TR_PASSWORD_REPEAT' => tr('Password repeat'), 'TR_CANCEL' => tr('Cancel'))); gen_page_message($tpl); $tpl->parse('PAGE', 'page'); $tpl->prnt(); if (isset($cfg['DUMP_GUI_DEBUG'])) { dump_gui_debug(); } unset_messages();
function add_domain_alias(&$sql, &$err_al) { global $cr_user_id, $alias_name, $domain_ip, $forward, $mount_point; $cr_user_id = $domain_id = get_user_domain_id($sql, $_SESSION['user_id']); $alias_name = strtolower($_POST['ndomain_name']); $mount_point = strtolower($_POST['ndomain_mpoint']); $forward = $_POST['forward']; $query = <<<SQL_QUERY select domain_ip_id from domain where domain_id = ? SQL_QUERY; $rs = exec_query($sql, $query, array($cr_user_id)); $domain_ip = $rs->fields['domain_ip_id']; $alias_name = get_punny($alias_name); //$mount_point = "/".$mount_point; // Fisrt check is the data correct if (chk_dname($alias_name) > 0) { $err_al = tr("Incorrect domain name syntax"); } else { if (vhcs_domain_exists($alias_name, 0)) { $err_al = tr('Domain with that name already exists on the system!'); } else { if (chk_mountp($mount_point) > 0) { $err_al = tr("Incorrect mount point syntax"); } else { if ($forward != 'no') { if (chk_url($forward) > 0) { $err_al = tr("Incorrect forward syntax"); } } else { $query = "select domain_id from domain_aliasses where alias_name=?"; $res = exec_query($sql, $query, array($alias_name)); $query = "select domain_id from domain where domain_name=?"; $res2 = exec_query($sql, $query, array($alias_name)); if ($res->RowCount() > 0 or $res2->RowCount() > 0) { // we already have domain with this name $err_al = tr("Domain with this name already exist"); } // all seems ok - add it $query = "select count(alias_id) as cnt from domain_aliasses where domain_id=? and alias_mount=?"; $mres = exec_query($sql, $query, array($cr_user_id, $mount_point)); $mdata = $mres->FetchRow(); $query = "select count(subdomain_id) as cnt from subdomain where domain_id=? and subdomain_mount=?"; $subdomres = exec_query($sql, $query, array($cr_user_id, $mount_point)); $subdomdata = $subdomres->FetchRow(); if ($mdata['cnt'] > 0 || $subdomdata['cnt'] > 0) { // whe have alias with same mount point !!! ERROR $err_al = tr("There are alias with same mount point"); } } } } } if ('_off_' !== $err_al) { return; } // Begin add new alias domain $alias_name = htmlspecialchars($alias_name, ENT_QUOTES, "UTF-8"); check_for_lock_file(); global $cfg; $status = $cfg['ITEM_ADD_STATUS']; $query = "insert into domain_aliasses(domain_id, alias_name, alias_mount, alias_status, alias_ip_id, url_forward) values (?, ?, ?, ?, ?, ?)"; exec_query($sql, $query, array($cr_user_id, $alias_name, $mount_point, $status, $domain_ip, $forward)); send_request(); $admin_login = $_SESSION['user_logged']; write_log("{$admin_login}: add domain alias -> {$alias_name}"); set_page_message(tr('Alias scheduled for addition!')); header("Location: manage_domains.php"); die; }
* isp Control Panel. All Rights Reserved. * * Portions created by the i-MSCP Team are Copyright (C) 2010-2016 by * i-MSCP - internet Multi Server Control Panel. All Rights Reserved. */ /*********************************************************************************************************************** * Main */ require_once 'imscp-lib.php'; iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onClientScriptStart); check_login('user'); if (!customerHasFeature('domain_aliases') || !isset($_GET['id'])) { showBadRequestErrorPage(); } $id = clean_input($_GET['id']); $stmt = exec_query("\n SELECT\n t1.subdomain_alias_id, CONCAT(t1.subdomain_alias_name, '.', t2.alias_name) AS subdomain_alias_name\n FROM\n subdomain_alias AS t1\n INNER JOIN\n domain_aliasses AS t2 ON (t2.alias_id = t1.alias_id)\n WHERE\n t2.domain_id = ?\n AND\n t1.subdomain_alias_id = ?\n ", array(get_user_domain_id($_SESSION['user_id']), $id)); if (!$stmt->rowCount()) { showBadRequestErrorPage(); } $row = $stmt->fetchRow(PDO::FETCH_ASSOC); $name = $row['subdomain_alias_name']; $stmt = exec_query('SELECT mail_id FROM mail_users WHERE (mail_type LIKE ? OR mail_type = ?) AND sub_id = ? LIMIT 1', array(MT_ALSSUB_MAIL . '%', MT_ALSSUB_FORWARD, $id)); if ($stmt->rowCount()) { set_page_message(tr('Subdomain you are trying to remove has email accounts. Please remove them first.'), 'error'); redirectTo('domains_manage.php'); } $stmt = exec_query('SELECT userid FROM ftp_users WHERE userid LIKE ? LIMIT 1', "%@{$name}"); if ($stmt->rowCount()) { set_page_message(tr('Subdomain alias you are trying to remove has Ftp accounts. Please remove them first.'), 'error'); redirectTo('domains_manage.php'); }
function add_sql_user(&$sql, $user_id, $db_id) { global $cfg; if (!isset($_POST['uaction'])) { return; } // // let's check user input; // if ($_POST['user_name'] === '' && !isset($_POST['Add_Exist'])) { set_page_message(tr('Please type user name!')); return; } if ($_POST['pass'] === '' && $_POST['pass_rep'] === '' && !isset($_POST['Add_Exist'])) { set_page_message(tr('Please type user password!')); return; } if ($_POST['pass'] !== $_POST['pass_rep'] && !isset($_POST['Add_Exist'])) { set_page_message(tr('Entered passwords does not match!')); return; } if (strlen($_POST['pass']) > $cfg['MAX_SQL_PASS_LENGTH'] && !isset($_POST['Add_Exist'])) { set_page_message(tr('Too user long password!')); return; } if (isset($_POST['Add_Exist'])) { $query = "SELECT sqlu_pass FROM sql_user WHERE sqlu_id = ?"; $rs = exec_query($sql, $query, array($_POST['sqluser_id'])); if ($rs->RecordCount() == 0) { set_page_message(tr('SQL-user not found! Maybe it was deleted by another user!')); return; } $user_pass = $rs->fields['sqlu_pass']; } else { $user_pass = $_POST['pass']; } $dmn_id = get_user_domain_id($sql, $user_id); if (!isset($_POST['Add_Exist'])) { // // we'll use domain_id in the name of the database; // if (isset($_POST['use_dmn_id']) && $_POST['use_dmn_id'] === 'on' && isset($_POST['id_pos']) && $_POST['id_pos'] === 'start') { $db_user = $dmn_id . "_" . $_POST['user_name']; } else { if (isset($_POST['use_dmn_id']) && $_POST['use_dmn_id'] === 'on' && isset($_POST['id_pos']) && $_POST['id_pos'] === 'end') { $db_user = $_POST['user_name'] . "_" . $dmn_id; } else { $db_user = $_POST['user_name']; } } } else { if (isset($_POST['Add_Exist'])) { $query = "SELECT sqlu_name FROM sql_user WHERE sqlu_id = ?"; $rs = exec_query($sql, $query, array($_POST['sqluser_id'])); $db_user = $rs->fields['sqlu_name']; } } if (strlen($db_user) > $cfg['MAX_SQL_USER_LENGTH']) { set_page_message(tr('User name too long!')); return; } // are wildcards used? // if (ereg("\\%|\\?", $db_user)) { set_page_message(tr('Wildcards as % and ? are not allowed!')); return; } // // have we such sql user in the system?! // if (check_db_user($sql, $db_user) && !isset($_POST['Add_Exist'])) { set_page_message(tr('Specified SQL username name already exists!')); return; } // // add user in the vhcs table; // $query = <<<SQL_QUERY insert into sql_user (sqld_id, sqlu_name, sqlu_pass) values (?, ?, ?) SQL_QUERY; $rs = exec_query($sql, $query, array($db_id, $db_user, $user_pass)); $query = <<<SQL_QUERY select sqld_name as db_name from sql_database where sqld_id = ? and domain_id = ? SQL_QUERY; $rs = exec_query($sql, $query, array($db_id, $dmn_id)); $db_name = $rs->fields['db_name']; // // add user in the mysql system tables; // $new_db_name = ereg_replace("_", "\\_", $db_name); $query = 'grant all on ' . quoteIdentifier($new_db_name) . '.* to ?@\'localhost\' identified by ?'; $rs = exec_query($sql, $query, array($db_user, $user_pass)); $query = 'grant all on ' . quoteIdentifier($new_db_name) . '.* to ?@\'%\' identified by ?'; $rs = exec_query($sql, $query, array($db_user, $user_pass)); write_log($_SESSION['user_logged'] . " : add SQL user" . $db_name); set_page_message(tr('SQL user successfully added!')); user_goto('manage_sql.php'); }
function execute_sql_query(&$tpl, &$sql, $user_id, $db_user_id) { // add_sql_user($sql, $_SESSION['user_id'], $db_id); // $query = "insert into log (log_time, log_message) values ('2', 'def')"; // $query = "select * from mail_users;"; // $rs = execute_query($sql, $query); // $query_tbl_result = sql_rs2html($rs); global $cfg; if (!isset($_POST['uaction'])) { return; } // // let's check user input; // if ($_POST['sql_query'] === '') { set_page_message(tr('Please enter SQL query!')); $tpl->assign('SQL_RESULT', ''); return; } $dmn_id = get_user_domain_id($sql, $user_id); $query = <<<SQL_QUERY select t1.*, t2.sqld_name from sql_user as t1, sql_database as t2 where t1.sqld_id = t2.sqld_id and t1.sqlu_id = ? and t2.domain_id = ? \t\t ORDER BY \t\t t2.sqld_name asc, \t\t t1.sqlu_name asc SQL_QUERY; $rs = exec_query($sql, $query, array($db_user_id, $dmn_id)); $db_user_name = $rs->fields['sqlu_name']; $db_user_pass = $rs->fields['sqlu_pass']; $db_name = $rs->fields['sqld_name']; $sql_user =& ADONewConnection('mysql'); if (!@$sql_user->Connect($cfg['DB_HOST'], $db_user_name, $db_user_pass, $db_name)) { set_page_message(tr('Cannot connect as MySQL administrator!')); $tpl->assign('SQL_RESULT', ''); return; } $query = $_POST['sql_query']; $query = stripslashes($query); $rs = $sql_user->Execute($query); if (!$rs) { $tpl->assign(array('QUERY_STATUS' => tr('SQL query has error'), 'QUERY_RESULT' => $sql_user->ErrorMsg())); } else { write_log($_SESSION['user_logged'] . " : execute SQL query"); $tpl->assign(array('QUERY_STATUS' => tr('SQL query is ok'), 'QUERY_RESULT' => sql_rs2html($rs))); } }
/** * Update domain statuses and send request to i-MSCP daemon * * @throws iMSCP_Exception * @throws iMSCP_Exception_Database * @param string $configLevel PHP configuration level (per_user|per_domain|per_site) * @param int $adminId Owner uique identifier * @param int $domainId Domain unique identifier * @param string $domainType Domain type (dmn|als|sub|subals) */ public function updateDomainStatuses($configLevel, $adminId, $domainId, $domainType) { if ($configLevel == 'per_user') { $domainId = get_user_domain_id($adminId); exec_query("UPDATE domain SET domain_status = ? WHERE domain_id = ? AND domain_status NOT IN('disabled', 'todelete')", array('tochange', $domainId)); exec_query("\n UPDATE domain_aliasses SET alias_status = ?\n WHERE domain_id = ? AND alias_status NOT IN ('disabled', 'todelete')\n ", array('tochange', $domainId)); } else { switch ($domainType) { case 'dmn': $query = "\n UPDATE domain SET domain_status = 'tochange'\n WHERE domain_admin_id = ? AND domain_id = ? AND domain_status NOT IN ('disabled', 'todelete')\n "; break; case 'sub': $query = "\n UPDATE subdomain INNER JOIN domain USING(domain_id) SET subdomain_status = 'tochange'\n WHERE domain_admin_id = ? AND subdomain_id = ?\n AND subdomain_status NOT IN ('disabled','todelete')\n "; break; case 'als': $query = "\n UPDATE domain_aliasses INNER JOIN domain USING(domain_id) SET alias_status = 'tochange'\n WHERE domain_admin_id = ? AND alias_id = ? AND alias_status NOT IN ('disabled','todelete')\n "; break; case 'subals': $query = "\n UPDATE subdomain_alias INNER JOIN domain_aliasses USING(alias_id) INNER JOIN domain USING(domain_id)\n SET subdomain_alias_status = 'tochange'\n WHERE domain_admin_id = ? AND subdomain_alias_id = ? AND subdomain_alias_status NOT IN ('disabled','todelete')\n "; break; default: throw new iMSCP_Exception('Unknown domain type'); } exec_query($query, array($adminId, $domainId)); } }
\t\t\tid = ? \t\tand \t\t\tuser_id = ? \t\tand \t\t\tstatus = 'update' SQL_QUERY; $rs = exec_query($sql, $query, array($order_id, $reseller_id)); } if ($rs->RecordCount() == 0) { set_page_message(tr('Permission deny!')); header('Location: orders.php'); die; } $hpid = $rs->fields['plan_id']; $customer_id = $rs->fields['customer_id']; $dmn_id = get_user_domain_id($sql, $customer_id); //lets check the reseller limits $err_msg = '_off_'; if (isset($cfg['HOSTING_PLANS_LEVEL']) && $cfg['HOSTING_PLANS_LEVEL'] === 'admin') { $query = "select props from hosting_plans where id = ?"; $res = exec_query($sql, $query, array($hpid)); } else { $query = "select props from hosting_plans where reseller_id = ? and id = ?"; $res = exec_query($sql, $query, array($reseller_id, $hpid)); } $data = $res->FetchRow(); $props = $data['props']; $_SESSION["ch_hpprops"] = $props; reseller_limits_check($sql, $err_msg, $reseller_id, $hpid); if ($err_msg != '_off_') { set_page_message($err_msg);
/** * Add SQL user for the given database * * @throws Exception * @throws iMSCP_Exception_Database * @param int $customerId Customer unique identifier * @param int $dbId * @return void */ function client_addSqlUser($customerId, $dbId) { if (empty($_POST)) { return; } if (!isset($_POST['uaction'])) { showBadRequestErrorPage(); } $dmnId = get_user_domain_id($customerId); if (!isset($_POST['Add_Exist'])) { $needUserCreate = true; if (!isset($_POST['user_name']) || !isset($_POST['user_host']) || !isset($_POST['pass']) || !isset($_POST['pass_rep'])) { showBadRequestErrorPage(); } $user = clean_input($_POST['user_name']); $host = clean_input($_POST['user_host']); $password = clean_input($_POST['pass']); $passwordConf = clean_input($_POST['pass_rep']); if ($user === '') { set_page_message(tr('Please enter an username.'), 'error'); return; } if (preg_match('/[%|\\?]+/', $user)) { set_page_message(tr("Wildcards such as '%s' and '%s' are not allowed in username.", '%', '?'), 'error'); return; } if ($host === '') { set_page_message(tr('Please enter an SQL user host.'), 'error'); return; } $host = encode_idna(clean_input($_POST['user_host'])); if ($host !== '%' && $host !== 'localhost' && !iMSCP_Validate::getInstance()->hostname($host, array('allow' => Zend_Validate_Hostname::ALLOW_DNS | Zend_Validate_Hostname::ALLOW_IP))) { set_page_message(tr('Invalid SQL user host: %s', iMSCP_Validate::getInstance()->getLastValidationMessages()), 'error'); return; } if ($password === '') { set_page_message(tr('Please enter a password.'), 'error'); return; } if ($password !== $passwordConf) { set_page_message(tr("Passwords do not match."), 'error'); return; } if (strlen($password) > 32) { set_page_message(tr('Password is too long.'), 'error'); return; } if (!checkPasswordSyntax($password)) { set_page_message(tr('Only printable characters from the ASCII table (not extended), excepted the space, are allowed.'), 'error'); return; } if (isset($_POST['use_dmn_id']) && $_POST['use_dmn_id'] == 'on' && isset($_POST['id_pos']) && $_POST['id_pos'] == 'start') { $user = $dmnId . '_' . clean_input($_POST['user_name']); } elseif (isset($_POST['use_dmn_id']) && $_POST['use_dmn_id'] == 'on' && isset($_POST['id_pos']) && $_POST['id_pos'] == 'end') { $user = clean_input($_POST['user_name']) . '_' . $dmnId; } else { $user = clean_input($_POST['user_name']); } if (strlen($user) > 16) { set_page_message(tr('Username is too long.'), 'error'); return; } if (client_isSqlUser($user, $host)) { set_page_message(tr('SQL user %s already exits.', $user . '@' . decode_idna($host)), 'error'); return; } } elseif (isset($_POST['sqluser_id'])) { // Using existing SQL user as specified in input data $needUserCreate = false; $userId = intval($_POST['sqluser_id']); $stmt = exec_query('SELECT sqlu_name, sqlu_host, sqlu_pass FROM sql_user WHERE sqlu_id = ?', $userId); if (!$stmt->rowCount()) { showBadRequestErrorPage(); } $row = $stmt->fetchRow(PDO::FETCH_ASSOC); $user = $row['sqlu_name']; $host = $row['sqlu_host']; $password = $row['sqlu_pass']; } else { showBadRequestErrorPage(); return; } # Retrieve database to which SQL user should be assigned $stmt = exec_query('SELECT sqld_name FROM sql_database WHERE sqld_id = ? AND domain_id = ?', array($dbId, $dmnId)); if (!$stmt->rowCount()) { showBadRequestErrorPage(); } $row = $stmt->fetchRow(PDO::FETCH_ASSOC); $dbName = $row['sqld_name']; $dbName = preg_replace('/([_%\\?\\*])/', '\\\\$1', $dbName); $config = iMSCP_Registry::get('config'); $mysqlConfig = new iMSCP_Config_Handler_File($config['CONF_DIR'] . '/mysql/mysql.data'); iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onBeforeAddSqlUser); // Here we cannot use transaction due to statements that cause an implicit commit. Thus we execute // those statements first to let the i-MSCP database in clean state if one of them fails. // See https://dev.mysql.com/doc/refman/5.7/en/implicit-commit.html for more details if ($needUserCreate) { if (strpos('mariadb', $config['SQL_SERVER']) !== false || version_compare($mysqlConfig['SQLD_VERSION'], '5.7.6', '<')) { exec_query('CREATE USER ?@? IDENTIFIED BY ?', array($user, $host, $password)); } else { exec_query('CREATE USER ?@? IDENTIFIED BY ? PASSWORD EXPIRE NEVER', array($user, $host, $password)); } } execute_query(sprintf('GRANT ALL PRIVILEGES ON %s.* to %s@%s', quoteIdentifier($dbName), quoteValue($user), quoteValue($host))); exec_query('INSERT INTO sql_user (sqld_id, sqlu_name, sqlu_host, sqlu_pass) VALUES (?, ?, ?, ?)', array($dbId, $user, $host, $password)); iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onAfterAddSqlUser); set_page_message(tr('SQL user successfully added.'), 'success'); write_log(sprintf("%s added new SQL user: %s", $_SESSION['user_logged'], tohtml($user)), E_USER_NOTICE); redirectTo('sql_manage.php'); }
/** * Add SQL database * * @param int $userId * @return void */ function client_addSqlDb($userId) { if (!isset($_POST['uaction'])) { return; } if (!isset($_POST['db_name'])) { showBadRequestErrorPage(); } $dbName = clean_input($_POST['db_name']); if ($_POST['db_name'] === '') { set_page_message(tr('Please type database name.'), 'error'); return; } $mainDmnId = get_user_domain_id($userId); if (isset($_POST['use_dmn_id']) && $_POST['use_dmn_id'] === 'on') { if (isset($_POST['id_pos']) && $_POST['id_pos'] === 'start') { $dbName = $mainDmnId . '_' . $dbName; } elseif (isset($_POST['id_pos']) && $_POST['id_pos'] === 'end') { $dbName = $dbName . '_' . $mainDmnId; } } if (strlen($dbName) > 64) { set_page_message(tr('Database name is too long.'), 'error'); return; } if ($dbName === 'test' || client_isDatabase($dbName)) { set_page_message(tr('Database name is unavailable.'), 'error'); return; } if (preg_match('/[%|\\?]+/', $dbName)) { set_page_message(tr("Wildcards such as 's%' and 's%' are not allowed.", '%', '?'), 'error'); return; } $responses = iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onBeforeAddSqlDb, array('dbName' => $dbName)); if (!$responses->isStopped()) { execute_query(sprintf('CREATE DATABASE IF NOT EXISTS %s', quoteIdentifier($dbName))); exec_query('INSERT INTO sql_database (domain_id, sqld_name) VALUES (?, ?)', array($mainDmnId, $dbName)); set_page_message(tr('SQL database successfully created.'), 'success'); write_log(sprintf('%s added new SQL database: %s', decode_idna($_SESSION['user_logged']), $dbName), E_USER_NOTICE); iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onAfterAddSqlDb, array('dbName' => $dbName)); } redirectTo('sql_manage.php'); }
/** * @param EasySCP_TemplateEngine $tpl * @param int $user_id */ function gen_user_als_list($tpl, $user_id) { $sql = EasySCP_Registry::get('Db'); $domain_id = get_user_domain_id($user_id); $query = "\n\t\tSELECT\n\t\t\t`alias_id`,\n\t\t\t`alias_name`,\n\t\t\t`status`,\n\t\t\t`alias_mount`,\n\t\t\t`alias_ip_id`,\n\t\t\t`url_forward`\n\t\tFROM\n\t\t\t`domain_aliasses`\n\t\tWHERE\n\t\t\t`domain_id` = ?\n\t\tORDER BY\n\t\t\t`alias_mount`,\n\t\t\t`alias_name`\n\t;"; $rs = exec_query($sql, $query, $domain_id); if ($rs->recordCount() == 0) { $tpl->assign(array('ALS_MSG' => tr('Alias list is empty!'), 'ALS_MSG_TYPE' => 'info', 'ALS_LIST' => '')); } else { while (!$rs->EOF) { list($als_action, $als_action_script) = gen_user_als_action($rs->fields['alias_id'], $rs->fields['status']); list($als_forward, $alias_edit_link, $als_edit) = gen_user_als_forward($rs->fields['alias_id'], $rs->fields['status'], $rs->fields['url_forward']); $alias_name = decode_idna($rs->fields['alias_name']); $als_forward = decode_idna($als_forward); $tpl->append(array('ALS_NAME' => tohtml($alias_name), 'ALS_MOUNT' => tohtml($rs->fields['alias_mount']), 'ALS_STATUS' => translate_dmn_status($rs->fields['status']), 'ALS_FORWARD' => tohtml($als_forward), 'ALS_EDIT_LINK' => $alias_edit_link, 'ALS_EDIT' => $als_edit, 'ALS_ACTION' => $als_action, 'ALS_ACTION_SCRIPT' => $als_action_script)); $rs->moveNext(); } $tpl->assign('ALS_MESSAGE', ''); } }
function add_sql_database(&$sql, $user_id) { global $cfg; if (!isset($_POST['uaction'])) { return; } $root_sql =& ADONewConnection('mysql'); if (!@$root_sql->Connect($cfg['DB_HOST'], $cfg['DB_USER'], $cfg['DB_PASS'])) { set_page_message(tr('Can not connect as MySQL administrator!')); return; } // // let's generate database name. // if ($_POST['db_name'] === '') { set_page_message(tr('Please type database name!')); return; } $dmn_id = get_user_domain_id($sql, $user_id); if (isset($_POST['use_dmn_id']) && $_POST['use_dmn_id'] === 'on') { // // we'll use domain_id in the name of the database; // if (isset($_POST['id_pos']) && $_POST['id_pos'] === 'start') { $db_name = $dmn_id . "_" . $_POST['db_name']; } else { if (isset($_POST['id_pos']) && $_POST['id_pos'] === 'end') { $db_name = $_POST['db_name'] . "_" . $dmn_id; } } } else { $db_name = $_POST['db_name']; } if (strlen($db_name) > $cfg['MAX_SQL_DATABASE_LENGTH']) { set_page_message(tr('Too long database name!')); return; } // // have we such database in the system!? // if (check_db_name($root_sql, $db_name)) { set_page_message(tr('Specified database name already exists!')); return; } // are wildcards used? // if (ereg("\\%|\\?", $db_name)) { set_page_message(tr('Wildcards as % and ? are not allowed!')); return; } $query = 'create database ' . quoteIdentifier($db_name); $rs = exec_query($root_sql, $query, array()); $query = <<<SQL_QUERY insert into sql_database (domain_id, sqld_name) values (?, ?) SQL_QUERY; $rs = exec_query($sql, $query, array($dmn_id, $db_name)); write_log($_SESSION['user_logged'] . " : add new SQL database -> " . $db_name); set_page_message(tr('SQL database created successfully!')); user_goto('manage_sql.php'); }
/** * Generate page * * @param iMSCP_pTemplate $tpl Template engine * @param iMSCP_PHPini $phpini PHP editor instance * @param iMSCP_Config_Handler_File $config Configuration handler * @param string $configLevel PHP configuration level * @return void */ function generatePage($tpl, $phpini, $config, $configLevel) { $mainDmnId = get_user_domain_id($_SESSION['user_id']); if (isset($_GET['domain_id']) && isset($_GET['domain_type'])) { $dmnId = intval($_GET['domain_id']); $dmnType = clean_input($_GET['domain_type']); } else { $dmnId = $mainDmnId; $dmnType = 'dmn'; } if ($configLevel == 'per_user' && $dmnType != 'dmn' || $configLevel == 'per_domain' && !in_array($dmnType, array('dmn', 'als'))) { showBadRequestErrorPage(); } $dmnsData = getDomainData($configLevel); $knowDomain = false; foreach ($dmnsData as $dmnData) { if ($dmnData['domain_id'] == $dmnId && $dmnData['domain_type'] == $dmnType) { $knowDomain = true; } } if (!$knowDomain) { showBadRequestErrorPage(); } $phpini->loadDomainIni($_SESSION['user_id'], $dmnId, $dmnType); if ($configLevel != 'per_user') { foreach ($dmnsData as $dmnData) { $tpl->assign(array('DOMAIN_ID' => tohtml($dmnData['domain_id'], 'htmlAttr'), 'DOMAIN_TYPE' => tohtml($dmnData['domain_type'], 'htmlAttr'), 'DOMAIN_NAME_UNICODE' => tohtml(decode_idna($dmnData['domain_name'])), 'SELECTED' => $dmnData['domain_id'] == $dmnId && $dmnData['domain_type'] == $dmnType ? ' selected' : '')); $tpl->parse('DOMAIN_NAME_BLOCK', '.domain_name_block'); } $tpl->assign('DOMAIN_TYPE', $dmnType); } else { $tpl->assign('DOMAIN_LIST_BLOCK', ''); } if (!$phpini->clientHasPermission('phpiniAllowUrlFopen')) { $tpl->assign('ALLOW_URL_FOPEN_BLOCK', ''); } else { $tpl->assign(array('TR_ALLOW_URL_FOPEN' => tr('Allow URL fopen'), 'ALLOW_URL_FOPEN_ON' => $phpini->getDomainIni('phpiniAllowUrlFopen') == 'on' ? ' checked' : '', 'ALLOW_URL_FOPEN_OFF' => $phpini->getDomainIni('phpiniAllowUrlFopen') == 'off' ? ' checked' : '')); } if (!$phpini->clientHasPermission('phpiniDisplayErrors')) { $tpl->assign('DISPLAY_ERRORS_BLOCK', ''); } else { $tpl->assign(array('TR_DISPLAY_ERRORS' => tr('Display errors'), 'DISPLAY_ERRORS_ON' => $phpini->getDomainIni('phpiniDisplayErrors') == 'on' ? ' checked' : '', 'DISPLAY_ERRORS_OFF' => $phpini->getDomainIni('phpiniDisplayErrors') == 'off' ? ' checked' : '')); } if (!$phpini->clientHasPermission('phpiniDisplayErrors') || $config['HTTPD_SERVER'] == 'apache_itk') { $tpl->assign('ERROR_REPORTING_BLOCK', ''); } else { $errorReporting = $phpini->getDomainIni('phpiniErrorReporting'); $tpl->assign(array('TR_ERROR_REPORTING' => tohtml(tr('Error reporting')), 'TR_ERROR_REPORTING_DEFAULT' => tohtml(tr('All errors, except E_NOTICES, E_STRICT AND E_DEPRECATED (Default)'), 'htmlAttr'), 'TR_ERROR_REPORTING_DEVELOPEMENT' => tohtml(tr('All errors (Development)'), 'htmlAttr'), 'TR_ERROR_REPORTING_PRODUCTION' => tohtml(tr('All errors, except E_DEPRECATED and E_STRICT (Production)'), 'htmlAttr'), 'ERROR_REPORTING_0' => $errorReporting == 'E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED' ? ' selected' : '', 'ERROR_REPORTING_1' => $errorReporting == 'E_ALL & ~E_DEPRECATED & ~E_STRICT' ? ' selected' : '', 'ERROR_REPORTING_2' => $errorReporting == '-1' ? ' selected' : '')); } if ($config['HTTPD_SERVER'] == 'apache_itk' || !$phpini->clientHasPermission('phpiniDisableFunctions')) { $tpl->assign(array('DISABLE_FUNCTIONS_BLOCK' => '', 'DISABLE_EXEC_BLOCK' => '')); } elseif ($phpini->getClientPermission('phpiniDisableFunctions') == 'exec') { $disableFunctions = explode(',', $phpini->getDomainIni('phpiniDisableFunctions')); $execYes = in_array('exec', $disableFunctions) ? false : true; $tpl->assign(array('TR_DISABLE_FUNCTIONS_EXEC' => tohtml(tr('PHP exec() function')), 'TR_EXEC_HELP' => tohtml(tr("When set to 'yes', your PHP scripts can call the PHP exec() function."), 'htmlAttr'), 'EXEC_YES' => $execYes ? ' checked' : '', 'EXEC_NO' => $execYes ? '' : ' checked', 'DISABLE_FUNCTIONS_BLOCK' => '')); } else { $disableableFunctions = array('EXEC', 'PASSTHRU', 'PHPINFO', 'POPEN', 'PROC_OPEN', 'SHOW_SOURCE', 'SYSTEM', 'SHELL', 'SHELL_EXEC', 'SYMLINK'); if ($phpini->clientHasPermission('phpiniMailFunction')) { $disableableFunctions[] = 'MAIL'; } else { $tpl->assign('MAIL_FUNCTION_BLOCK', ''); } $disabledFunctions = explode(',', $phpini->getDomainIni('phpiniDisableFunctions')); foreach ($disableableFunctions as $function) { $tpl->assign($function, in_array(strtolower($function), $disabledFunctions, true) ? ' checked' : ''); } $tpl->assign(array('TR_DISABLE_FUNCTIONS' => tohtml(tr('Disabled functions')), 'DISABLE_EXEC_BLOCK' => '')); } $tpl->assign(array('TR_PHP_SETTINGS' => tohtml(tr('PHP Settings')), 'TR_YES' => tohtml(tr('Yes')), 'TR_NO' => tohtml(tr('No')))); }
* by moleSoftware GmbH. All Rights Reserved. * * Portions created by the ispCP Team are Copyright (C) 2006-2010 by * isp Control Panel. All Rights Reserved. * * Portions created by the i-MSCP Team are Copyright (C) 2010-2015 by * i-MSCP - internet Multi Server Control Panel. All Rights Reserved. */ /*********************************************************************************************************************** * Main */ // Include core library require_once 'imscp-lib.php'; iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onClientScriptStart); check_login('user'); customerHasFeature('mail') or showBadRequestErrorPage(); if (isset($_GET['id'])) { $catchallId = intval($_GET['id']); $stmt = exec_query('SELECT mail_id FROM mail_users WHERE domain_id = ? AND mail_id = ?', array(get_user_domain_id($_SESSION['user_id']), $catchallId)); if (!$stmt->rowCount()) { showBadRequestErrorPage(); } iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onBeforeDeleteMailCatchall, array('mailCatchallId' => $catchallId)); exec_query('UPDATE mail_users SET status = ? WHERE mail_id = ?', array('todelete', $catchallId)); iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onafterDeleteMailCatchall, array('mailCatchallId' => $catchallId)); send_request(); write_log($_SESSION['user_logged'] . ': deletes email catch all!', E_USER_NOTICE); set_page_message(tr('Catch all successfully scheduled for deletion.'), 'success'); redirectTo('mail_catchall.php'); } showBadRequestErrorPage();
write_log("{$admin_login}: added new htaccess user: {$uname}", E_USER_NOTICE); redirectTo('protected_user_manage.php'); } else { set_page_message(tr('This htaccess user already exist.'), 'error'); return; } } } else { return; } } /****************************************************************************** * Main script */ // Include core library require_once 'imscp-lib.php'; iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onClientScriptStart); check_login('user'); customerHasFeature('protected_areas') or showBadRequestErrorPage(); /** @var $cfg iMSCP_Config_Handler_File */ $cfg = iMSCP_Registry::get('config'); $tpl = new iMSCP_pTemplate(); $tpl->define_dynamic(array('layout' => 'shared/layouts/ui.tpl', 'page' => 'client/puser_uadd.tpl', 'page_message' => 'layout', 'usr_msg' => 'page', 'grp_msg' => 'page', 'pusres' => 'page', 'pgroups' => 'page')); $tpl->assign(array('TR_PAGE_TITLE' => tr('Client / Webtools / Protected Areas / Manage Users and Groups / Add User'), 'TR_HTACCESS_USER' => tr('Htaccess user'), 'TR_USERS' => tr('User'), 'TR_USERNAME' => tr('Username'), 'TR_PASSWORD' => tr('Password'), 'TR_PASSWORD_REPEAT' => tr('Repeat password'), 'TR_ADD_USER' => tr('Add'), 'TR_CANCEL' => tr('Cancel'))); generateNavigation($tpl); client_addHtaccessUser(get_user_domain_id($_SESSION['user_id'])); generatePageMessage($tpl); $tpl->parse('LAYOUT_CONTENT', 'page'); iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onClientScriptEnd, array('templateEngine' => $tpl)); $tpl->prnt(); unsetMessages();
* * The Original Code is "VHCS - Virtual Hosting Control System". * * The Initial Developer of the Original Code is moleSoftware GmbH. * Portions created by Initial Developer are Copyright (C) 2001-2006 * by moleSoftware GmbH. All Rights Reserved. * * Portions created by the ispCP Team are Copyright (C) 2006-2010 by * isp Control Panel. All Rights Reserved. * * Portions created by the i-MSCP Team are Copyright (C) 2010-2016 by * i-MSCP - internet Multi Server Control Panel. All Rights Reserved. */ /*********************************************************************************************************************** * Main */ require_once 'imscp-lib.php'; iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onClientScriptStart); check_login('user'); if (!customerHasFeature('sql') || !isset($_GET['id'])) { showBadRequestErrorPage(); } $userId = intval($_GET['id']); if (!sql_delete_user(get_user_domain_id($_SESSION['user_id']), $userId)) { write_log(sprintf('Could not delete SQL user with ID %d. An unexpected error occurred.', $userId), E_USER_ERROR); set_page_message(tr('Could not delete SQL user. An unexpected error occurred.'), 'error'); redirectTo('sql_manage.php'); } set_page_message(tr('SQL user successfully deleted.'), 'success'); write_log(sprintf('%s deleted SQL user with ID %d', decode_idna($_SESSION['user_logged']), $userId), E_USER_NOTICE); redirectTo('sql_manage.php');
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * * @link http://www.easyscp.net * @author EasySCP Team */ require '../../include/easyscp-lib.php'; check_login(__FILE__); $cfg = EasySCP_Registry::get('Config'); $tpl = EasySCP_TemplateEngine::getInstance(); $template = 'client/protected_group_add.tpl'; padd_group($tpl, $sql, get_user_domain_id($_SESSION['user_id'])); // static page messages gen_logged_from($tpl); check_permissions($tpl); $tpl->assign(array('TR_PAGE_TITLE' => tr('EasySCP - Client/Webtools'), 'TR_HTACCESS' => tr('Protected areas'), 'TR_ACTION' => tr('Action'), 'TR_USER_MANAGE' => tr('Manage user'), 'TR_USERS' => tr('User'), 'TR_USERNAME' => tr('Username'), 'TR_ADD_USER' => tr('Add user'), 'TR_GROUPNAME' => tr('Group name'), 'TR_GROUP_MEMBERS' => tr('Group members'), 'TR_ADD_GROUP' => tr('Add group'), 'TR_EDIT' => tr('Edit'), 'TR_GROUP' => tr('Group'), 'TR_DELETE' => tr('Delete'), 'TR_GROUPS' => tr('Groups'), 'TR_PASSWORD' => tr('Password'), 'TR_PASSWORD_REPEAT' => tr('Repeat password'), 'TR_CANCEL' => tr('Cancel'))); gen_client_mainmenu($tpl, 'client/main_menu_webtools.tpl'); gen_client_menu($tpl, 'client/menu_webtools.tpl'); gen_page_message($tpl); if ($cfg->DUMP_GUI_DEBUG) { dump_gui_debug($tpl); } $tpl->display($template); unset_messages(); function padd_group($tpl, $sql, $dmn_id) { $cfg = EasySCP_Registry::get('Config');
function check_subdomain_data(&$tpl, &$sql, $user_id) { $domain_id = get_user_domain_id($sql, $user_id); if (isset($_POST['uaction']) && $_POST['uaction'] === 'add_subd') { if ($_POST['subdomain_name'] === '') { set_page_message(tr('Please specify subdomain name!')); return; } $sub_name = strtolower($_POST['subdomain_name']); $sub_name = get_punny($sub_name); if (isset($_POST['subdomain_mnt_pt']) && $_POST['subdomain_mnt_pt'] !== '') { $sub_mnt_pt = strtolower($_POST['subdomain_mnt_pt']); $sub_mnt_pt = decode_idna($sub_mnt_pt); } if (subdmn_exists($sql, $user_id, $domain_id, $sub_name) > 0) { set_page_message(tr('Subdomain already exists!')); } else { if (chk_subdname($sub_name . "." . $_SESSION['user_logged']) > 0) { set_page_message(tr('Wrong subdomain syntax!')); } else { if (subdmn_mnt_pt_exists($sql, $user_id, $domain_id, $sub_name, $sub_mnt_pt)) { set_page_message(tr('Subdomain mount point already exists!')); } else { if (chk_mountp($sub_mnt_pt) > 0) { set_page_message(tr('Incorrect mount point syntax')); } else { subdomain_schedule($sql, $user_id, $domain_id, $sub_name, $sub_mnt_pt); set_page_message(tr('Subdomain scheduled for addition!')); header('Location:manage_domains.php'); exit(0); } } } } } }
$grp_selected = ''; } } $tpl->assign(array('GROUP_VALUE' => $rs->fields['id'], 'GROUP_LABEL' => tohtml($rs->fields['ugroup']), 'GROUP_SELECTED' => $grp_selected)); $tpl->parse('GROUP_ITEM', '.group_item'); $rs->moveNext(); } } } /************************************************************************* * Main script */ // Include core library require_once 'imscp-lib.php'; iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onClientScriptStart); check_login('user'); customerHasFeature('protected_areas') or showBadRequestErrorPage(); /** @var $cfg iMSCP_Config_Handler_File */ $cfg = iMSCP_Registry::get('config'); $tpl = new iMSCP_pTemplate(); $tpl->define_dynamic(array('layout' => 'shared/layouts/ui.tpl', 'page' => 'client/protect_it.tpl', 'page_message' => 'layout', 'group_item' => 'page', 'user_item' => 'page', 'unprotect_it' => 'page')); $tpl->assign(array('TR_PAGE_TITLE' => tr('Client / Webtools / Protected Areas / {TR_DYNAMIC_TITLE}'), 'TR_FTP_DIRECTORIES' => tojs('Ftp directories'), 'TR_CLOSE' => tojs(tr('Close')), 'TR_DYNAMIC_TITLE' => isset($_GET['id']) ? tr('Edit protected area') : tr('Add protected area'), 'TR_PROTECTED_AREA' => tr('Protected areas'), 'TR_AREA_NAME' => tr('Area name'), 'TR_PATH' => tr('Path'), 'CHOOSE_DIR' => tr('Choose dir'), 'TR_USER' => tr('Users'), 'TR_GROUPS' => tr('Groups'), 'TR_USER_AUTH' => tr('User auth'), 'TR_GROUP_AUTH' => tr('Group auth'), 'TR_PROTECT_IT' => tr('Protect it'), 'TR_UNPROTECT_IT' => tr('Unprotect it'), 'TR_CANCEL' => tr('Cancel'), 'TR_MANAGE_USERS_AND_GROUPS' => tr('Users and groups'))); generateNavigation($tpl); $domainId = get_user_domain_id($_SESSION['user_id']); protect_area($domainId); gen_protect_it($tpl, get_user_domain_id($domainId)); generatePageMessage($tpl); $tpl->parse('LAYOUT_CONTENT', 'page'); iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onClientScriptEnd, array('templateEngine' => $tpl)); $tpl->prnt(); unsetMessages();
* Copyright (C) 2010-2016 by Easy Server Control Panel - http://www.easyscp.net * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * * @link http://www.easyscp.net * @author EasySCP Team */ require '../../include/easyscp-lib.php'; check_login(__FILE__); if (isset($_GET['del_id']) && !empty($_GET['del_id'])) { $del_id = $_GET['del_id']; } else { $_SESSION['orderaldel'] = '_no_'; user_goto('domains_manage.php'); } $domainId = get_user_domain_id($_SESSION['user_id']); $query = "\n\tDELETE FROM\n\t\t`domain_aliasses`\n\tWHERE\n\t\t`alias_id` = ?\n\tAND\n\t\t`domain_id` = ?\n\tAND\n\t\t`status` = ?\n\t"; $rs = exec_query($sql, $query, array($domainAliasId, $domainId, $cfg->ITEM_ORDERED_STATUS)); user_goto('domains_manage.php');
function add_sql_database($sql, $user_id) { $cfg = EasySCP_Registry::get('Config'); if (!isset($_POST['uaction'])) { return; } // let's generate database name. if (empty($_POST['db_name'])) { set_page_message(tr('Please specify a database name!'), 'warning'); return; } $dmn_id = get_user_domain_id($user_id); if (isset($_POST['use_dmn_id']) && $_POST['use_dmn_id'] === 'on') { // we'll use domain_id in the name of the database; if (isset($_POST['id_pos']) && $_POST['id_pos'] === 'start') { $db_name = $dmn_id . "_" . clean_input($_POST['db_name']); } else { if (isset($_POST['id_pos']) && $_POST['id_pos'] === 'end') { $db_name = clean_input($_POST['db_name']) . "_" . $dmn_id; } } } else { $db_name = clean_input($_POST['db_name']); } if (strlen($db_name) > $cfg->MAX_SQL_DATABASE_LENGTH) { set_page_message(tr('Database name is too long!'), 'warning'); return; } // have we such database in the system!? if (check_db_name($sql, $db_name)) { set_page_message(tr('Specified database name already exists!'), 'warning'); return; } // are wildcards used? if (preg_match("/[%|\\?]+/", $db_name)) { set_page_message(tr('Wildcards such as %% and ? are not allowed!'), 'warning'); return; } DB::query('CREATE DATABASE IF NOT EXISTS `' . $db_name . '` DEFAULT CHARACTER SET ' . EasyConfig::$cfg->DATABASE_DEFAULT_CHARACTER_SET . ' COLLATE ' . EasyConfig::$cfg->DATABASE_DEFAULT_COLLATE . ';')->closeCursor(); $sql_param = array(':domain_id' => $dmn_id, ':sqld_name' => $db_name); $sql_query = "\n\t\tINSERT INTO\n\t\t\tsql_database (domain_id, sqld_name, status)\n\t\tVALUES\n\t\t\t(:domain_id, :sqld_name, 'ok');\n\t"; DB::prepare($sql_query); DB::execute($sql_param)->closeCursor(); update_reseller_c_props(get_reseller_id($dmn_id)); write_log($_SESSION['user_logged'] . ": adds new SQL database: " . tohtml($db_name)); set_page_message(tr('SQL database created successfully!'), 'info'); user_goto('sql_manage.php'); }
\t\t\t\tset \t\t\t\t\tstatus = ? \t\t\t\twhere \t\t\t\t\tgroup_id rlike ? \t\t\t\t\tand \t\t\t\t\tdmn_id = ? SQL_QUERY; check_for_lock_file(); $rs_update_htaccess = exec_query($sql, $query, array($change_status, $group_id, $dmn_id)); send_request(); set_page_message(tr('User was deleted from group ') . "- " . $rs->fields['ugroup']); } else { return; } } // ** end of funcfions gen_client_menu($tpl); gen_logged_from($tpl); check_permissions($tpl); $dmn_id = get_user_domain_id($sql, $_SESSION['user_id']); add_user_to_group($tpl, $sql, $dmn_id); delete_user_from_group($tpl, $sql, $dmn_id); gen_user_assign($tpl, $sql, $dmn_id); $tpl->assign(array('TR_HTACCESS' => tr('Protected areas'), 'TR_DELETE' => tr('Delete'), 'TR_USER_ASSIGN' => tr('User assign'), 'TR_ALLREADY' => tr('Already in:'), 'TR_MEMBER_OF_GROUP' => tr('Member of group:'), 'TR_BACK' => tr('Back'), 'TR_REMOVE' => tr('Remove'), 'TR_ADD' => tr('Add'), 'TR_SELECT_GROUP' => tr('Select group:'))); gen_page_message($tpl); $tpl->parse('PAGE', 'page'); $tpl->prnt(); if (isset($cfg['DUMP_GUI_DEBUG'])) { dump_gui_debug(); } unset_messages();
* You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * * @link http://www.easyscp.net * @author EasySCP Team */ require '../../include/easyscp-lib.php'; check_login(__FILE__); $cfg = EasySCP_Registry::get('Config'); $tpl = EasySCP_TemplateEngine::getInstance(); $template = 'client/dns_overview.tpl'; // static page messages. gen_logged_from($tpl); check_permissions($tpl); $dmn_default_id = get_user_domain_id($_SESSION['user_id']); $dmn_alias = 0; $dmn_id = $dmn_default_id; $tpl->assign(array('TR_PAGE_TITLE' => tr('EasySCP - Client/Manage DNS'), 'TR_DNS' => tr("DNS zone's records"), 'TR_DNS_NAME' => tr('Name'), 'TR_DNS_CLASS' => tr('Class'), 'TR_DNS_TYPE' => tr('Type'), 'TR_DNS_ACTION' => tr('Actions'), 'TR_DNS_DATA' => tr('Record data'), 'TR_DNS_STATUS' => tr('Status'), 'TR_DOMAIN_NAME' => tr('Domain'), 'TR_SELECT' => tr('Select'), 'TR_DNS_ADD' => tr('Add DNS record'), 'D_USER_DOMAINS' => get_user_domains($_SESSION['user_id']), 'TR_MESSAGE_DELETE' => tr('Are you sure you want to delete %s?'))); if (isset($_GET['select_domain']) && $_GET['select_domain']) { $dmn_data = explode('-', $_GET['domain_id']); $dmn_alias = $dmn_data[0]; $dmn_id = $dmn_data[1]; } $dmn_zone_data = get_dns_zone($dmn_alias, $dmn_id); $tpl->assign(array('D_USER_DOMAIN_SELECTED' => $dmn_alias . '-' . $dmn_id, 'D_DNS_ZONE' => $dmn_zone_data)); gen_client_mainmenu($tpl, 'client/main_menu_manage_domains.tpl'); gen_client_menu($tpl, 'client/menu_manage_domains.tpl'); gen_page_message($tpl); if ($cfg->DUMP_GUI_DEBUG) { dump_gui_debug($tpl);
function gen_user_als_list(&$tpl, &$sql, $user_id) { $domain_id = get_user_domain_id($sql, $user_id); $query = <<<SQL_QUERY select alias_id, alias_name, alias_status, alias_mount, alias_ip_id, url_forward from domain_aliasses where domain_id = ? order by alias_name SQL_QUERY; $rs = exec_query($sql, $query, array($domain_id)); if ($rs->RecordCount() == 0) { $tpl->assign(array('ALS_MSG' => tr('Alias list is empty!'), 'ALS_LIST' => '')); $tpl->parse('ALS_MESSAGE', 'als_message'); } else { $counter = 0; while (!$rs->EOF) { if ($counter % 2 == 0) { $tpl->assign('ITEM_CLASS', 'content'); } else { $tpl->assign('ITEM_CLASS', 'content2'); } list($als_action, $als_action_script) = gen_user_als_action($rs->fields['alias_id'], $rs->fields['alias_status']); list($als_forward, $als_forward_script) = gen_user_als_forward($rs->fields['alias_id'], $rs->fields['alias_status'], $rs->fields['url_forward']); $IDN = new idna_convert(); $alias_name = $IDN->decode($rs->fields['alias_name']); $alias_name = utf8_decode($alias_name); $tpl->assign(array('ALS_NAME' => $alias_name, 'ALS_MOUNT' => $rs->fields['alias_mount'], 'ALS_STATUS' => translate_dmn_status($rs->fields['alias_status']), 'ALS_FORWARD' => $als_forward, 'ALS_FWD_SCRIPT' => $als_forward_script, 'ALS_ACTION' => $als_action, 'ALS_ACTION_SCRIPT' => $als_action_script)); $tpl->parse('ALS_ITEM', '.als_item'); $rs->MoveNext(); $counter++; } $tpl->parse('ALS_LIST', 'als_list'); $tpl->assign('ALS_MESSAGE', ''); } }
* * The Original Code is "VHCS - Virtual Hosting Control System". * * The Initial Developer of the Original Code is moleSoftware GmbH. * Portions created by Initial Developer are Copyright (C) 2001-2006 * by moleSoftware GmbH. All Rights Reserved. * * Portions created by the ispCP Team are Copyright (C) 2006-2010 by * isp Control Panel. All Rights Reserved. * * Portions created by the i-MSCP Team are Copyright (C) 2010-2016 by * i-MSCP - internet Multi Server Control Panel. All Rights Reserved. */ /*********************************************************************************************************************** * Main */ require_once 'imscp-lib.php'; iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onClientScriptStart); check_login('user'); if (!customerHasFeature('sql') || !isset($_GET['id'])) { showBadRequestErrorPage(); } $dbId = intval($_GET['id']); if (!delete_sql_database(get_user_domain_id($_SESSION['user_id']), $dbId)) { write_log(sprintf('Could not delete SQL database with ID %s. An unexpected error occurred.', $dbId), E_USER_NOTICE); set_page_message(tr('Could not delete SQL database. An unexpected error occurred.'), 'error'); redirectTo('sql_manage.php'); } set_page_message(tr('SQL database successfully deleted.'), 'success'); write_log(sprintf('%s deleted SQL database with ID %s', decode_idna($_SESSION['user_logged']), $dbId), E_USER_NOTICE); redirectTo('sql_manage.php');