public function content() { global $dbh, $postvar, $getvar, $instance; if ($_POST) { check::empty_fields(); if (!main::errors()) { $user = $dbh->staff($_SESSION['user']); if (!$user['password']) { main::errors("Wrong username!?"); } else { if (crypto::passhash($postvar['old'], $user['salt']) == $user['password']) { if ($postvar['new'] != $postvar['confirm']) { main::errors("Your passwords don't match!"); } else { $salt = crypto::salt(); $newpass = crypto::passhash($postvar['new'], $salt); $update_staff = array("password" => $newpass, "salt" => $salt); $dbh->update("staff", $update_staff, array("id", "=", $_SESSION['user'])); main::errors("Password changed!"); } } else { main::errors("Your old password was wrong!"); } } } } echo style::replaceVar("tpl/admin/change-admin-password.tpl"); }
public function import() { global $dbh, $postvar, $getvar, $instance; if (!$_POST) { $servers_query = $dbh->select("servers", array("type", "=", "zpanel"), 0, 0, 1); while ($servers_data = $dbh->fetch_array($servers_query)) { $values[] = array($servers_data['name'], $servers_data['id']); } $zpanel_array['DROPDOWN'] = main::dropdown("server", $values); echo style::replaceVar("tpl/admin/import/zpanel.tpl", $zpanel_array); } elseif ($_POST) { $postvar['server'] = $postvar['server']; //Hack to make sure we post the 'server' field as it doesn't post if it's empty. check::empty_fields(); if (main::errors()) { echo "<ERRORS>"; } else { $n = 0; include INC . "/servers/zpanel.php"; $zpanel = new zpanel($postvar['server']); $zpanel_accounts = $zpanel->listaccs($postvar['server']); foreach ($zpanel_accounts as $zpanel_data) { $packages_data = $dbh->select("packages", array("backend", "=", $zpanel_data['package'])); $users_data = $dbh->select("users", array("user", "=", $zpanel_data['user'])); if (!$packages_data['id']) { $packages_insert = array("name" => $zpanel_data['package'], "backend" => $zpanel_data['package'], "description" => "Imported from ZPanel: " . $zpanel_data['package'], "type" => "free", "server" => $postvar['server'], "admin" => "1"); $dbh->insert("packages", $packages_insert); } $new_packages_data = $dbh->select("packages", array("backend", "=", $zpanel_data['package'])); if (!$users_data['id']) { $salt = crypto::salt(); $newpass = crypto::passhash(rand(), $salt); $users_insert = array("user" => $zpanel_data['user'], "zpanel_uid" => $zpanel_data['user'], "email" => $zpanel_data['user'], "password" => $zpanel_data['user'], "salt" => $zpanel_data['user'], "signup" => $zpanel_data['user'], "status" => $zpanel_data['user'], "domain" => $zpanel_data['user'], "pid" => $zpanel_data['user']); $dbh->insert("users", $users_insert); $dbh->insert("users_bak", $users_insert); $n++; } } echo $n . " Accounts have been imported"; } } }
public function content() { global $dbh, $postvar, $getvar, $instance; switch ($getvar['sub']) { default: if ($_POST) { check::empty_fields(); foreach ($postvar as $key => $value) { $broke = explode("_", $key); if ($broke[0] == "pages") { $postvar['perms'][$broke[1]] = $value; } } if (!main::errors()) { $staff_query = $dbh->select("staff", array("user", "=", $postvar['user']), 0, "1", 1); if (!check::email($postvar['email'])) { main::errors("Your email is the wrong format or is already in use by another staff member or client."); } elseif ($postvar['pass'] != $postvar['conpass']) { main::errors("Passwords don't match!"); } elseif ($dbh->num_rows($staff_query) >= 1) { main::errors("That account already exists!"); } else { if ($postvar['perms']) { foreach ($postvar['perms'] as $key => $value) { if ($n) { $perms .= ","; } if ($value == "1") { $perms .= $key; } $n++; } } $salt = crypto::salt(); $password = crypto::passhash($postvar['pass'], $salt); $staff_insert = array("user" => $postvar['user'], "name" => $postvar['name'], "email" => $postvar['email'], "password" => $password, "salt" => $salt, "perms" => $perms, "tzadjust" => $postvar['tzones']); $dbh->insert("staff", $staff_insert); main::errors("Account added!"); } } } $acpnav_query = $dbh->select("acpnav", array("link", "!=", "home"), array("id", "ASC"), 0, 1); $add_staff_member_array['PAGES'] = '<table width="100%" border="0" cellspacing="0" cellpadding="1">'; while ($acpnav_data = $dbh->fetch_array($acpnav_query)) { $add_staff_member_array['PAGES'] .= '<tr><td width="30%" align="left">' . $acpnav_data['visual'] . ':</td><td><input name="pages_' . $acpnav_data['id'] . '" id="pages_' . $acpnav_data['id'] . '" type="checkbox" value="1" /></td></tr>'; } $add_staff_member_array['PAGES'] .= '<tr><td width="30%" align="left">Paid Configuration:</td><td><input name="pages_paid" id="pages_paid" type="checkbox" value="1" /></td></tr>'; $add_staff_member_array['PAGES'] .= '<tr><td width="30%" align="left">P2H Forums:</td><td><input name="pages_p2h" id="pages_p2h" type="checkbox" value="1" /></td></tr>'; $add_staff_member_array['PAGES'] .= "</table>"; $add_staff_member_array['TZADJUST'] = main::tzlist(); echo style::replaceVar("tpl/admin/staff/add-staff-member.tpl", $add_staff_member_array); break; case "edit": if (isset($getvar['do'])) { $staff_data = $dbh->select("staff", array("id", "=", $getvar['do'])); if (!$staff_data["user"]) { echo "That account doesn't exist!"; } else { if ($_POST) { check::empty_fields(); foreach ($postvar as $key => $value) { $broke = explode("_", $key); if ($broke[0] == "pages") { $postvar['perms'][$broke[1]] = $value; } } if (!main::errors()) { if (!check::email($postvar['email'], $getvar['do'], "staff")) { main::errors("Your email is the wrong format or is already in use by another staff member or client."); } else { if ($postvar['perms']) { foreach ($postvar['perms'] as $key => $value) { if ($n) { $perms .= ","; } if ($value == "1") { $perms .= $key; } $n++; } } $staff_update = array("email" => $postvar['email'], "name" => $postvar['name'], "perms" => $perms, "tzadjust" => $postvar['tzones'], "user" => $postvar['user']); $dbh->update("staff", $staff_update, array("id", "=", $getvar['do'])); //Staff account edit complete main::done(); } } } $edit_staff_member_array['USER'] = $staff_data['user']; $edit_staff_member_array['EMAIL'] = $staff_data['email']; $edit_staff_member_array['NAME'] = $staff_data['name']; $edit_staff_member_array['TZADJUST'] = main::tzlist($staff_data['tzadjust']); $acpnav_query = $dbh->select("acpnav", array("link", "!=", "home"), array("id", "ASC"), 0, 1); $edit_staff_member_array['PAGES'] = '<table width="100%" border="0" cellspacing="0" cellpadding="1">'; while ($acpnav_data = $dbh->fetch_array($acpnav_query)) { if (!main::checkPerms($acpnav_data['id'], $staff_data['id'])) { $checked = 'checked="checked"'; } $edit_staff_member_array['PAGES'] .= '<tr><td width="30%" align="left">' . $acpnav_data['visual'] . ':</td><td><input name="pages_' . $acpnav_data['id'] . '" id="pages_' . $acpnav_data['id'] . '" type="checkbox" value="1" ' . $checked . '/></td></tr>' . "\n"; $checked = NULL; } if (substr_count($staff_data['perms'], "paid") == '1') { $paid_check = 'checked="checked"'; } if (substr_count($staff_data['perms'], "p2h") == '1') { $p2h_check = 'checked="checked"'; } $edit_staff_member_array['PAGES'] .= '<tr><td width="30%" align="left">Paid Configuration:</td><td><input name="pages_paid" id="pages_paid" type="checkbox" value="1" ' . $paid_check . '/></td></tr>' . "\n"; $edit_staff_member_array['PAGES'] .= '<tr><td width="30%" align="left">P2H Forums:</td><td><input name="pages_p2h" id="pages_p2h" type="checkbox" value="1" ' . $p2h_check . '/></td></tr>' . "\n"; $edit_staff_member_array['PAGES'] .= "</table>"; echo style::replaceVar("tpl/admin/staff/edit-staff-member.tpl", $edit_staff_member_array); } } else { $staff_query = $dbh->select("staff"); if ($dbh->num_rows($staff_query) == 0) { echo "There are no staff accounts to edit!"; } else { echo "<ERRORS>"; while ($staff_data = $dbh->fetch_array($staff_query)) { echo main::sub("<strong>" . $staff_data['user'] . "</strong>", '<a href="?page=staff&sub=edit&do=' . $staff_data['id'] . '"><img src="' . URL . 'themes/icons/pencil.png"></a>'); } } } break; case "delete": $staff_query = $dbh->select("staff"); if ($getvar['do'] && $dbh->num_rows($staff_query) > 1) { $dbh->delete("staff", array("id", "=", $getvar['do'])); main::errors("Staff Account Deleted!"); } elseif ($getvar['do']) { main::errors("Theres only one staff account!"); } if ($dbh->num_rows($staff_query) == 0) { echo "There are no staff accounts to edit!"; } else { $staff_query = $dbh->select("staff"); //This pulls the current staff list after deletion. echo "<ERRORS>"; while ($staff_data = $dbh->fetch_array($staff_query)) { echo main::sub("<strong>" . $staff_data['user'] . "</strong>", '<a href="?page=staff&sub=delete&do=' . $staff_data['id'] . '"><img src="' . URL . 'themes/icons/delete.png"></a>'); } } break; } }
function changeClientPassword($clientid, $newpass) { global $dbh, $postvar, $getvar, $instance; $users_data = $dbh->select("users", array("id", "=", $clientid)); if (!$users_data['id']) { return "That client does not exist."; } $command = server::changePwd($clientid, $newpass); if ($command !== true) { return $command; } $salt = crypto::salt(); $password = crypto::passhash($newpass, $salt); $users_update = array("password" => $password, "salt" => $salt); $dbh->update("users", $users_update, array("id", "=", $clientid)); return true; }
echo style::get("header.tpl"); if ($_POST) { check::empty_fields(); if (!main::errors()) { $user = $postvar['user']; $user_email = $postvar['email']; unset($where); $where[] = array("user", "=", $user, "AND"); $where[] = array("email", "=", $user_email); $find_staff_query = $dbh->select("staff", $where, 0, 0, 1); if ($dbh->num_rows($find_staff_query) == 0) { main::errors("That account doesn't exist!"); } else { $curstaff = $dbh->fetch_array($find_staff_query); $password = rand(0, 999999); $salt = crypto::salt(); $newpass = crypto::passhash($password, $salt); $update_staff = array("password" => $newpass, "salt" => $salt); $dbh->update("staff", $update_staff, array("id", "=", $curstaff['id'])); main::errors("Password reset!"); $forgotpass_email_array['PASS'] = $password; $forgotpass_email_array['LINK'] = $dbh->config("url") . ADMINDIR; $emaildata = email::emailTemplate("admin-password-reset"); email::send($user_email, $emaildata['subject'], $emaildata['content'], $forgotpass_email_array); } } } echo '<div align="center">' . main::table("Admin Area - Reset Password", style::replaceVar("tpl/admin/login/admin-password-reset.tpl"), "300px") . '</div>'; echo style::get("footer.tpl"); } else { define("SUB", "Login");
public function signup($data) { global $dbh, $postvar, $getvar, $instance; $domain = $data['domain']; $username = $data['username']; $password = $data['password']; $user_email = $data['user_email']; $firstname = $data['firstname']; $lastname = $data['lastname']; $address = $data['address']; $city = $data['city']; $state = $data['state']; $zip = $data['zip']; $country = $data['country']; $phone = $data['phone']; $tzones = $data['tzones']; $coupon = $data['coupon']; $package = $data['package']; $domsub = $data['domsub']; $additional = $data['additional']; $subdomain = empty($data['subdomain']) ? 0 : $data['subdomain']; //Let's make sure we're actually receiving an integer as a string. if (!is_numeric($package) || strpos($package, ".") !== false) { return "The package specified is invalid."; } //Check to see if we have a valid domain type. if ($domsub != "dom" && $domsub != "sub") { return "The domain/subdomain type is unspecified in the URL."; } if ($domsub == "dom") { $cdom = $domain; } else { $csub2 = $domain; $csub = $subdomain; } unset($where); $where[] = array("id", "=", $package, "AND"); $where[] = array("is_disabled", "=", "0"); $packages_data = $dbh->select("packages", $where); if (!$packages_data['id']) { return "This package is disabled or doesn't exist."; } $package_server = $packages_data['server']; if ($domsub == "dom") { $use_dom = $cdom; } if ($domsub == "sub") { unset($where); $where[] = array("server", "=", $package_server, "AND"); $where[] = array("domain", "=", $csub2); $subdomains_data = $dbh->select("subdomains", $where, 0, "1"); if (!$subdomains_data['id']) { return "The chosen domain for your subdomain is not in the allowed list of domains."; } $use_dom = $csub . "." . $csub2; } if ($coupon && $packages_data['type'] != 'free') { $coupon_response = coupons::validate_coupon($coupon, "orders", $username, $package); if (!$coupon_response) { return "Please enter a valid coupon."; } else { $coupon_info = coupons::coupon_data($coupon); } } $packtype_instance = $instance->packtypes[$packages_data['type']]; if (method_exists($packtype_instance, "signup")) { $packtype_signup = $packtype_instance->signup(); //If this gives any response, it means it failed to validate the signup. if ($packtype_signup) { return $packtype_signup; } } $server_package_name = type::packageBackend($package); $serverfile = self::createServer($package); $packages_data = $dbh->select("packages", array("id", "=", $package)); $extra['firstname'] = $firstname; $extra['lastname'] = $lastname; $extra['address'] = $address; $extra['city'] = $city; $extra['state'] = $state; $extra['zip'] = $zip; $extra['country'] = strtoupper($country); $extra['phone'] = $phone; $server_response = $serverfile->signup(type::packageserver($package), $packages_data['reseller'], $username, $user_email, $password, $use_dom, $server_package_name, $extra, $use_dom); if ($server_response !== true) { return $server_response; } else { $time = time(); $ip = $_SERVER['REMOTE_ADDR']; $salt = crypto::salt(); $password_hash = crypto::passhash($password, $salt); if ($packages_data['admin'] == "1") { $status = "3"; } else { if ($packages_data['type'] == "paid") { $status = "4"; } else { $status = "1"; } } $users_insert = array("user" => $username, "email" => $user_email, "password" => $password_hash, "salt" => $salt, "signup" => $time, "ip" => $ip, "firstname" => $firstname, "lastname" => $lastname, "address" => $address, "city" => $city, "state" => $state, "zip" => $zip, "country" => $country, "phone" => $phone, "status" => $status, "tzadjust" => $tzones, "domain" => $use_dom, "pid" => $package, "additional" => $additional); $dbh->insert("users", $users_insert); $users_data = $dbh->select("users", array("user", "=", $username), 0, "1"); $users_bak_insert = array("uid" => $users_data['id'], "user" => $username, "email" => $user_email, "password" => $password_hash, "salt" => $salt, "signup" => $time, "ip" => $ip, "firstname" => $firstname, "lastname" => $lastname, "address" => $address, "city" => $city, "state" => $state, "zip" => $zip, "country" => $country, "phone" => $phone, "status" => $status, "tzadjust" => $tzones, "domain" => $use_dom, "pid" => $package, "additional" => $additional); $dbh->insert("users_bak", $users_bak_insert); main::thtlog("Client Registered", 'Registered.', $users_data['id']); if (!$users_data['id']) { $return = "Your account could not be created. Please contact your system administrator."; } else { if (!empty($coupon_info)) { main::thtlog("Coupon Used", "Coupon used (" . $coupon_info['coupcode'] . ")", $users_data['id']); $package_info = type::additional($package); $packmonthly = $package_info['monthly']; if ($packages_data['type'] == "paid") { $coupon_info['p2hmonthlydisc'] = "0"; $coupon_info['paiddisc'] = coupons::percent_to_value("paid", $coupon_info['paidtype'], $coupon_info['paiddisc'], $packmonthly); } else { $coupon_info['paiddisc'] = "0"; $coupon_info['p2hmonthlydisc'] = coupons::percent_to_value("p2h", $coupon_info['p2hmonthlytype'], $coupon_info['p2hmonthlydisc'], $packmonthly); } $insert_array = array("user" => $users_data['id'], "coupcode" => $coupon_info['coupcode'], "timeapplied" => time(), "packages" => $package, "goodfor" => $coupon_info['goodfor'], "monthsgoodfor" => $coupon_info['monthsgoodfor'], "paiddisc" => $coupon_info['paiddisc'], "p2hmonthlydisc" => $coupon_info['p2hmonthlydisc']); $dbh->insert("coupons_used", $insert_array); } $servers_data = $dbh->select("servers", array("id", "=", $package_server), 0, "1"); $server_host = $servers_data['host']; $server_ip = $servers_data['ip']; $server_nameservers = $servers_data['nameservers']; $server_port = $servers_data['port']; $server_resellerport = $servers_data['resellerport']; $url = $dbh->config("url"); $new_acc_email_array['CPPORT'] = $server_port; $new_acc_email_array['RESELLERPORT'] = $server_resellerport; $new_acc_email_array['SERVERIP'] = $server_ip; $new_acc_email_array['NAMESERVERS'] = nl2br($server_nameservers); $new_acc_email_array['USER'] = $username; $new_acc_email_array['PASS'] = $password; $new_acc_email_array['EMAIL'] = $user_email; $new_acc_email_array['FNAME'] = $firstname; $new_acc_email_array['LNAME'] = $lastname; $new_acc_email_array['DOMAIN'] = $use_dom; $new_acc_email_array['CONFIRM'] = $url . "client/confirm.php?u=" . $username . "&c=" . $time; $new_acc_email_array['PACKAGE'] = $packages_data['name']; if ($packages_data['admin'] == 0) { if ($packages_data['reseller'] == "1") { $new_acc_email = email::emailTemplate("new-reseller-account"); } else { $new_acc_email = email::emailTemplate("new-account"); } $return = "<strong>Your account has been created!</strong><br />You may now <a href = '../client'>login</a> to see your client area or proceed to your <a href = 'http://" . $server_host . ":" . $server_port . "'>control panel</a>. An email has been dispatched to the address on file."; if (type::packagetype($package) == "paid") { //Set the user up for when they finish their payment. $_SESSION['clogged'] = 1; $_SESSION['cuser'] = $users_data['id']; } $donecorrectly = true; } else { if ($serverfile->suspend($username, type::packageserver($package), 1) == false) { $return = "We could not suspend your account! Please contact the admin to suspend it until they validate it. lol"; } else { $dbh->update("users", array("status" => "3"), array("id", "=", $users_data['id'])); if ($packages_data['reseller'] == "1") { $new_acc_email = email::emailTemplate("new-reseller-account-adminval"); } else { $new_acc_email = email::emailTemplate("new-account-adminval"); } $admin_val_email = email::emailTemplate("admin-validation-requested"); $valarray['LINK'] = $dbh->config("url") . ADMINDIR . "/?page=users&sub=search&do=" . $users_data['id']; email::staff($admin_val_email['subject'], $admin_val_email['content'], $valarray); $return = "<strong>Your account is awaiting admin validation!</strong><br />An email has been dispatched to the address on file. You will recieve another email when the admin has looked over your account."; $donecorrectly = true; } } email::send($new_acc_email_array['EMAIL'], $new_acc_email['subject'], $new_acc_email['content'], $new_acc_email_array); } if ($donecorrectly && type::packagetype($package) == "paid") { $amountinfo = type::additional($package); $amount = $amountinfo['monthly']; $due = time() + 2592000; $notes = "Your hosting package invoice for this billing cycle. Package: " . $packages_data['name']; if (!empty($coupon_info)) { $amount = max(0, $amount - $coupon_info['paiddisc']); } invoice::create($users_data['id'], $amount, $due, $notes); $serverfile->suspend($username, type::packageserver($package), 0, 1); $dbh->update("users", array("status" => $status), array("id", "=", $users_data['id'])); if ($packages_data['admin'] != "1") { $return = '<div class="errors"><b>You are being redirected to payment! It will load in a couple of seconds.</b></div>'; return true; } } return $return; } }