if ($commit_flag == "yes") { $soap_client = connectToVPSServer($vps_node); if ($soap_client === false) { echo "<font color=\"red\">" . _("Could not connect to VPS server!") . "</font>"; return; } $r = $soap_client->call("fsckVPSpartition", array("vpsname" => "xen" . $vps_name), "", "", ""); } } if (isset($_REQUEST["action"]) && $_REQUEST["action"] == "reinstall_os") { if (checkVPSAdmin($adm_login, $adm_pass, $vps_node, $vps_name) != true) { $submit_err = _("Access not granted line ") . __LINE__ . _(" file ") . __FILE__; $commit_flag = "no"; } // Os name checking is now more relaxed as this is customizable by the dtc-xen server if (!isFtpLogin($_REQUEST["os_type"])) { $submit_err = "OS type is not corret " . __LINE__ . " file " . __FILE__; $commit_flag = "no"; } if (!isDTCPassword($_REQUEST["root_password"])) { $submit_err = "Root password is not a valid password"; $commit_flag = "no"; } $q = "SELECT * FROM {$pro_mysql_vps_table} WHERE vps_xen_name='{$vps_name}' AND vps_server_hostname='{$vps_node}';"; $r = mysql_query($q) or die("Cannot execute query \"{$q}\" ! line: " . __LINE__ . " file: " . __FILE__ . " sql said: " . mysql_error()); $n = mysql_num_rows($r); if ($n != 1) { $commit_flag = "no"; $submit_err = _("Cannot get VPS information line ") . __LINE__ . _(" file ") . __FILE__; } $ze_vps = mysql_fetch_array($r);
function DTCdeleteAdmin($adm_to_del) { global $pro_mysql_admin_table; global $pro_mysql_domain_table; global $pro_mysql_vps_table; global $pro_mysql_dedicated_table; global $pro_mysql_tik_queries_table; global $pro_mysql_cronjob_table; global $pro_mysql_ssl_ips_table; global $conf_demo_version; global $conf_mysql_db; if (!isFtpLogin($adm_to_del)) { echo "Admin to delete is not in correct format line " . __LINE__ . " file " . __FILE__; die; } $adm_query = "SELECT * FROM {$pro_mysql_admin_table} WHERE adm_login='******'"; $result = mysql_query($adm_query) or die("Cannot execute query \"{$adm_query}\" !!!"); $num_rows = mysql_num_rows($result); if ($num_rows != 1) { die("User not found for deletion of {$adm_to_del} !!!"); } $row_virtual_admin = mysql_fetch_array($result); $the_admin_path = $row_virtual_admin["path"]; // delete the user also mailboxs, ftp accounts, domains and subdomains in database $query = "SELECT * FROM {$pro_mysql_domain_table} WHERE owner='{$adm_to_del}';"; $result = mysql_query($query) or die("Cannot execute query \"{$query}\" !!!"); $num_rows = mysql_num_rows($result); for ($i = 0; $i < $num_rows; $i++) { $row = mysql_fetch_array($result); //echo "Deleting ".$_REQUEST["delete_admin_user"]." / ".$row_virtual_admin["adm_pass"].$row["name"]; deleteUserDomain($_REQUEST["delete_admin_user"], $row_virtual_admin["adm_pass"], $row["name"]); } if ($conf_demo_version == "no") { system("rm -rf {$the_admin_path}"); } // Make all SSL vhosts the user registered available again $q = "UPDATE {$pro_mysql_ssl_ips_table} SET available='yes' WHERE adm_login='******';"; $r = mysql_query($q) or die("Cannot execute query {$q} line " . __LINE__ . " file " . __FILE__ . " sql said: " . mysql_error()); deleteMysqlUserAndDB($adm_to_del); // Delete all VPS of the user, and set all its IPs as available $q = "SELECT * FROM {$pro_mysql_vps_table} WHERE owner='{$adm_to_del}';"; $r = mysql_query($q) or die("Cannot execute query \"{$q}\" line " . __LINE__ . " file " . __FILE__ . " sql said: " . mysql_error()); $n = mysql_num_rows($r); for ($i = 0; $i < $n; $i++) { $vps = mysql_fetch_array($r); $q2 = "UPDATE {$pro_mysql_vps_ip_table} SET available='yes' WHERE vps_server_hostname='" . $vps["vps_server_hostname"] . "' AND vps_xen_name='" . $vps["vps_xen_name"] . "';"; $r2 = mysql_query($q2) or die("Cannot execute query \"{$q2}\" line " . __LINE__ . " file " . __FILE__ . " sql said: " . mysql_error()); $q2 = "DELETE FROM {$pro_mysql_vps_stats_table} WHERE vps_server_hostname='" . $vps["vps_server_hostname"] . "' AND vps_xen_name='" . $vps["vps_xen_name"] . "';"; $r2 = mysql_query($q2) or die("Cannot execute query \"{$q2}\" line " . __LINE__ . " file " . __FILE__ . " sql said: " . mysql_error()); // Unload (eg: destroy) the VPS directly remoteVPSAction($vps["vps_server_hostname"], $vps["vps_xen_name"], "destroy_vps"); VPS_Server_Subscribe_To_Lists($vps["vps_server_hostname"]); } $q = "DELETE FROM {$pro_mysql_vps_table} WHERE owner='{$adm_to_del}';"; $r = mysql_query($q) or die("Cannot execute query \"{$q}\" line " . __LINE__ . " file " . __FILE__ . " sql said: " . mysql_error()); // Delete all dedicated servers of the admin $q = "DELETE FROM {$pro_mysql_dedicated_table} WHERE owner='{$adm_to_del}';"; $r = mysql_query($q) or die("Cannot execute query \"{$q}\" line " . __LINE__ . " file " . __FILE__ . " sql said: " . mysql_error()); // Delete all support tickets of the admin $q = "DELETE FROM {$pro_mysql_tik_queries_table} WHERE adm_login='******';"; $r = mysql_query($q) or die("Cannot execute query \"{$q}\" line " . __LINE__ . " file " . __FILE__ . " sql said: " . mysql_error()); $adm_query = "DELETE FROM {$pro_mysql_admin_table} WHERE adm_login='******'"; mysql_query($adm_query) or die("Cannot execute query \"{$adm_query}\" !!!"); // Tell the cron job to activate the changes (in case there was some shared accounts. Todo: check if there is some...) $adm_query = "UPDATE {$pro_mysql_cronjob_table} SET qmail_newu='yes',restart_qmail='yes',reload_named='yes',\n\trestart_apache='yes',gen_vhosts='yes',gen_named='yes',gen_qmail='yes',gen_webalizer='yes',gen_backup='yes',gen_ssh='yes',gen_fetchmail='yes' WHERE 1;"; mysql_query($adm_query); triggerDomainListUpdate(); }
function renew_form() { global $pro_mysql_admin_table; global $pro_mysql_new_admin_table; global $pro_mysql_product_table; global $pro_mysql_pending_renewal_table; global $pro_mysql_client_table; global $pro_mysql_companies_table; global $pro_mysql_vps_table; global $pro_mysql_dedicated_table; global $pro_mysql_vps_server_table; global $conf_webmaster_email_addr; global $conf_message_subject_header; global $conf_this_server_country_code; global $secpayconf_currency_letters; global $cc_europe; get_secpay_conf(); // Do field format checking and escaping for all fields if (!isFtpLogin($_REQUEST["adm_login"])) { $ret["err"] = 2; $ret["mesg"] = "User login format incorrect. Please use letters and numbers only and from 4 to 16 chars."; return $ret; } $q = "SELECT adm_login,id_client FROM {$pro_mysql_admin_table} WHERE adm_login='******';"; $r = mysql_query($q) or die("Cannot query \"{$q}\" !!! Line: " . __LINE__ . " File: " . __FILE__ . " MySQL said: " . mysql_error()); $n = mysql_num_rows($r); if ($n != 1) { $ret["err"] = 3; $ret["mesg"] = "Username not found in database! Try again."; return $ret; } else { $admin = mysql_fetch_array($r); } if (isset($_REQUEST["renew_type"]) && ($_REQUEST["renew_type"] == "ssl" || $_REQUEST["renew_type"] == "ssl_renew")) { $q = "SELECT * FROM {$pro_mysql_product_table} WHERE heb_type ='ssl';"; } else { $q = "SELECT * FROM {$pro_mysql_product_table} WHERE id='" . addslashes($_REQUEST["product_id"]) . "';"; } $r = mysql_query($q) or die("Cannot querry {$q} line " . __LINE__ . " file " . __FILE__ . " sql said " . mysql_error()); $n = mysql_num_rows($r); if ($n != 1) { $ret["err"] = 3; $ret["mesg"] = "<font color=\"red\">Cannot find product id!</font>"; return $ret; } $a = mysql_fetch_array($r); $product = $a; $the_prod = $a["name"] . " (" . $a["price_dollar"] . " {$secpayconf_currency_letters})"; $prod_id = $a["id"]; $form = "<b><u>" . _("Renewal for login:"******"</u></b> " . $_REQUEST["adm_login"] . "<br>"; $form .= "<b><u>" . _("Product to renew:") . "</u></b> " . $a["name"] . " (" . number_format($a["price_dollar"], 2) . " {$secpayconf_currency_letters})<br><br>"; switch ($_REQUEST["renew_type"]) { case "vps": if (!isRandomNum($_REQUEST["vps_id"])) { $ret["err"] = 3; $ret["mesg"] = "<font color=\"red\">VPS id is not a valid number!</font>"; return $ret; } $client_id = $_REQUEST["vps_id"]; $q = "SELECT country_code FROM {$pro_mysql_vps_table},{$pro_mysql_vps_server_table}\n\t\tWHERE {$pro_mysql_vps_table}.id='" . $_REQUEST["vps_id"] . "' AND {$pro_mysql_vps_server_table}.hostname = {$pro_mysql_vps_table}.vps_server_hostname"; $r = mysql_query($q) or die("Cannot query {$q} line " . __LINE__ . " file " . __FILE__ . " mysql said: " . mysql_error()); $n = mysql_num_rows($r); if ($n != 1) { $ret["err"] = 3; $ret["mesg"] = "<font color=\"red\">Cannot find vps server country</font>"; return $ret; } $ax = mysql_fetch_array($r); $country = $ax["country_code"]; break; case "shared": case "ssl": if (!isRandomNum($_REQUEST["client_id"])) { $ret["err"] = 3; $ret["mesg"] = "<font color=\"red\">Client id is not a valid number!</font>"; return $ret; } $client_id = $_REQUEST["client_id"]; $country = $conf_this_server_country_code; break; case "ssl_renew": if (!isRandomNum($_REQUEST["ssl_ip_id"])) { $ret["err"] = 3; $ret["mesg"] = "<font color=\"red\">ssl_ip_id is not a valid number!</font>"; return $ret; } $client_id = $_REQUEST["ssl_ip_id"]; $country = $conf_this_server_country_code; break; case "server": if (!isRandomNum($_REQUEST["server_id"])) { $ret["err"] = 3; $ret["mesg"] = "<font color=\"red\">Server id is not a valid number!</font>"; return $ret; } $client_id = $_REQUEST["server_id"]; $q = "SELECT country_code FROM {$pro_mysql_dedicated_table} WHERE id='" . $_REQUEST["server_id"] . "';"; $r = mysql_query($q) or die("Cannot query {$q} line " . __LINE__ . " file " . __FILE__ . " mysql said: " . mysql_error()); $n = mysql_num_rows($r); if ($n != 1) { $ret["err"] = 3; $ret["mesg"] = "<font color=\"red\">Cannot find dedicated server country</font>"; return $ret; } $ax = mysql_fetch_array($r); $country = $ax["country_code"]; break; default: die("Renew type unknown line " . __LINE__ . " file " . __FILE__); // To be implemented for other means! break; } $mail_content = "\nSomebody tried to renew a contract. Here is the details of the renewal:\n\nlogin: "******"adm_login"] . "\nProduct name: {$the_prod}\nRenew product type: " . $_REQUEST["renew_type"] . "\nService country: {$country}\n"; if ($admin["id_client"] == 0) { $ret["err"] = 3; $ret["mesg"] = "Admin does not link to a client."; return $ret; } // Get the client ID so we can get the country $q = "SELECT * FROM {$pro_mysql_client_table} WHERE id='" . $admin["id_client"] . "'"; $r = mysql_query($q) or die("Cannot query \"{$q}\" !!! Line: " . __LINE__ . " File: " . __FILE__ . " MySQL said: " . mysql_error()); $n = mysql_num_rows($r); if ($n != 1) { $ret["err"] = 3; $ret["mesg"] = "Client not found in database! Try again."; return $ret; } else { $client = mysql_fetch_array($r); } // Get the VAT from the invoicing company $company_invoicing_id = findInvoicingCompany($country, $client["country"]); $q = "SELECT * FROM {$pro_mysql_companies_table} WHERE id='{$company_invoicing_id}';"; $r = mysql_query($q) or die("Cannot query \"{$q}\" ! line: " . __LINE__ . " file: " . __FILE__ . " sql said: " . mysql_error()); if ($n != 1) { $ret["err"] = 3; $ret["mesg"] = "Cannot find company for invoicing."; return $ret; } $company_invoicing = mysql_fetch_array($r); // If VAT is set, use it. if ($company_invoicing["vat_rate"] == 0 || $company_invoicing["vat_number"] == "") { $vat_rate = 0; $use_vat = "no"; } else { // Both companies are in europe, in different countries, and customer as a VAT number, // then there is no VAT and the customer shall pay the VAT in it's own country // These are the VAT rules in the European Union... if ($client["is_company"] == "yes" && $client["vat_num"] != "" && isset($cc_europe[$client["country"]]) && isset($cc_europe[$company_invoicing["country"]]) && $client["country"] != $company_invoicing["country"]) { $vat_rate = 0; $use_vat = "no"; } else { $use_vat = "yes"; $vat_rate = $company_invoicing["vat_rate"]; } } $headers = "From: DTC Robot <{$conf_webmaster_email_addr}>"; $subject = $admin["adm_login"] . " tried to renew {$the_prod}"; mail($conf_webmaster_email_addr, "{$conf_message_subject_header} {$subject}", $mail_content, $headers); // Save the values in SQL and process the paynow buttons $q = "INSERT INTO {$pro_mysql_pending_renewal_table} (id,adm_login,renew_date,renew_time,product_id,renew_id,heb_type,country_code)\n\tVALUES ('','" . $_REQUEST["adm_login"] . "',now(),now(),'" . $prod_id . "','" . $client_id . "','" . $_REQUEST["renew_type"] . "','{$country}');"; $r = mysql_query($q) or die("Cannot querry {$q} line " . __LINE__ . " file " . __FILE__ . " sql said " . mysql_error()); $renew_id = mysql_insert_id(); $payid = createCreditCardPaiementID($a["price_dollar"], $renew_id, $a["name"] . " (login: "******"adm_login"] . ")", "no", $prod_id, $vat_rate); $q = "UPDATE {$pro_mysql_pending_renewal_table} SET pay_id='{$payid}' WHERE id='{$renew_id}';"; $r = mysql_query($q) or die("Cannot querry {$q} line " . __LINE__ . " file " . __FILE__ . " sql said " . mysql_error()); $return_url = $_SERVER["PHP_SELF"] . "?action=return_from_pay®id={$payid}"; $paybutton = paynowButton($payid, $a["price_dollar"], $a["name"] . " (login: "******"adm_login"] . ")", $return_url, $vat_rate); $form .= _("Please click on the button below to send money in your account:") . "<br><br>" . $paybutton; $ret["err"] = 0; $ret["mesg"] = $form; return $ret; }
} //////////////////////////////////////////////// // Management of new users (eg virtual admins // //////////////////////////////////////////////// if (isset($_REQUEST["updateuserinfo"]) && $_REQUEST["updateuserinfo"] == "Ok") { $adm_query = "UPDATE {$pro_mysql_admin_table} SET id_client='" . $_REQUEST["changed_id_client"] . "',\n\t\tadm_pass='******',path='" . $_REQUEST["changed_path"] . "',\n\t\tquota='" . $_REQUEST["adm_quota"] . "', bandwidth_per_month_mb='" . $_REQUEST["bandwidth_per_month"] . "',\n\t\texpire='" . $_REQUEST["expire"] . "',allow_add_domain='" . $_REQUEST["allow_add_domain"] . "',max_domain='" . $_REQUEST["max_domain"] . "',\n\t\tnbrdb='" . $_REQUEST["nbrdb"] . "',prod_id='" . $_REQUEST["heb_prod_id"] . "',\n\t\tresseller_flag='" . $_REQUEST["resseller_flag"] . "',\n\t\tssh_login_flag='" . $_REQUEST["ssh_login_flag"] . "',\n\t\tftp_login_flag='" . $_REQUEST["ftp_login_flag"] . "',\n\t\trestricted_ftp_path='" . $_REQUEST["restricted_ftp_path"] . "',\n\t\tallow_dns_and_mx_change='" . $_REQUEST["allow_dns_and_mx_change"] . "',\n\t\tallow_mailing_list_edit='" . $_REQUEST["allow_mailing_list_edit"] . "',\n\t\tallow_subdomain_edit='" . $_REQUEST["allow_subdomain_edit"] . "',\n\t\tpkg_install_flag='" . $_REQUEST["pkg_install_flag"] . "'\n\t\tWHERE adm_login='******';"; mysql_query($adm_query) or die("Cannot execute query \"{$adm_query}\" line " . __LINE__ . " file " . __FILE__ . " " . mysql_error()); // Tell the cron job to activate the changes (because the account might now be (not) expiring) $adm_query = "UPDATE {$pro_mysql_cronjob_table} SET gen_vhosts='yes',restart_apache='yes' WHERE 1;"; mysql_query($adm_query); } // $newadmin_login $newadmin_pass $newadmin_path $newadmin_maxemail $newadmin_maxftp $newadmin_quota if (isset($_REQUEST["newadminuser"]) && $_REQUEST["newadminuser"] == "Ok") { // Check for admin existance // Create admin directorys if (!isFtpLogin($_REQUEST["newadmin_login"])) { $submit_err .= _("Incorect admin login format: it should consist of only lowercase letters or numbers or the \"-\" sign, and should be between 4 and 16 chars long.<br>\n"); $commit_flag = "no"; } if (!isDTCPassword($_REQUEST["newadmin_pass"])) { $submit_err .= _("Password consist of only letters and numbers (a-zA-Z0-9) and should be between 6 and 16 chars long.<br>\n"); $commit_flag = "no"; } $newadmin_path = $_REQUEST["newadmin_path"] . "/" . $_REQUEST["newadmin_login"]; if ($conf_demo_version == "no") { $oldumask = umask(0); if (!file_exists($newadmin_path)) { mkdir("{$newadmin_path}", 0750, 1); $console .= "mkdir -p {$newadmin_path};<br>"; } umask($oldumask);
$q = "FLUSH PRIVILEGES;"; $r = mysql_query($q) or die("Cannot execute query \"{$q}\" line " . __LINE__ . " file " . __FILE__ . " sql said " . mysql_error()); } if ($conf_user_mysql_type == "distant") { mysql_close($newid) or die("Cannot disconnect to user database"); connect2base(); } updateUsingCron("gen_backup='yes'"); } if (isset($_REQUEST["action"]) && $_REQUEST["action"] == "change_db_owner") { checkLoginPass($adm_login, $adm_pass); if ($conf_user_mysql_type == "distant") { $newid = mysql_connect($conf_user_mysql_host, $conf_user_mysql_root_login, $conf_user_mysql_root_pass) or die("Cannot connect to user SQL host"); } // action=change_db_owner&dbname=clem&dbuser=zigo if (!isFtpLogin($_REQUEST["dbuser"])) { $submit_err .= _("Incorrect MySQL login format: please enter another login and try again.") . "<br>\n"; $commit_flag = "no"; } if (!isDatabase($_REQUEST["dbname"])) { $submit_err .= _("Incorrect MySQL db name format: please enter another and try again.") . "<br>\n"; $commit_flag = "no"; } else { $q = "SELECT User FROM mysql.db WHERE Db='" . $_REQUEST["dbname"] . "';"; $r = mysql_query($q) or die("Cannot execute query \"{$q}\" line " . __LINE__ . " file " . __FILE__ . " sql said " . mysql_error()); $n = mysql_num_rows($r); if ($n < 1) { $submit_err .= "Cannot reselect MySQL db name: please enter another and try again.<br>\n"; $commit_flag = "no"; } else { $a = mysql_fetch_array($r);
mysql_query($adm_query) or die("Cannot execute query \"{$adm_query}\""); updateUsingCron("gen_ssh='yes'"); } // $edssh_account $edit_domain $edssh_pass if (isset($_REQUEST["update_ssh_account"]) && $_REQUEST["update_ssh_account"] == "Ok") { checkLoginPassAndDomain($adm_login, $adm_pass, $edit_domain); $adm_path = getAdminPath($adm_login); if (!hasSSHLoginFlag($adm_login)) { $submit_err .= "You don't have the SSH login flag!"; $commit_flag = "no"; } if (0 != strncmp($adm_path, $_REQUEST["edssh_path"], strlen($adm_path) - 1) || strstr($_REQUEST["edssh_path"], '..') || strstr($_REQUEST["edssh_path"], "'") || strstr($_REQUEST["edssh_path"], "\\")) { $submit_err .= _("Your path is restricted to ") . ""{$adm_path}/{$edit_domain}/subdomains"<br>\n"; $commit_flag = "no"; } $new_path = $_REQUEST["edssh_path"]; if (!isFtpLogin($_REQUEST["edssh_account"])) { $submit_err .= _("Incorrect ssh login : this is not a good string for a ssh login, please enter a new one."); $commit_flag = "no"; } if (!isDTCPassword($_REQUEST["edssh_pass"])) { $submit_err .= _("Incorrect SSH password: from 6 to 16 chars, a-z A-Z 0-9"); $commit_flag = "no"; } $crypt_ssh_password = crypt($_REQUEST["edssh_pass"], dtc_makesalt()); if ($commit_flag == "yes") { $adm_query = "UPDATE {$pro_mysql_ssh_table} SET homedir='" . addslashes($new_path) . "', crypt='" . $crypt_ssh_password . "', password='******' WHERE login ='******' AND hostname='{$edit_domain}' LIMIT 1;"; mysql_query($adm_query) or die("Cannot execute query \"{$adm_query}\""); } updateUsingCron("gen_ssh='yes'"); }
die("Object should have ob_next line " . __LINE__ . " file " . __FILE__); } $q2 = "SELECT * FROM {$pro_mysql_admin_table} WHERE adm_login='******'"; $r2 = mysql_query($q2) or die("Cannot query {$q} line " . __LINE__ . " file " . __FILE__ . " sql said " . mysql_error()); $n2 = mysql_num_rows($r2); if ($n2 != 1) { die("Cannot found admin line " . __LINE__ . " file " . __FILE__); } $last_adm_login = $cur["adm_login"]; $cur = mysql_fetch_array($r2); $max_loop--; } while ($cur["ob_tail"] != $last_adm_login && $max_loop != 0); if ($max_loop == 0) { die("Max loop reached line " . __LINE__ . " file " . __FILE__); } $adm_login_father = $cur["adm_login"]; deleteAdminFromFather($adm_login, $adm_login_father); } else { recursiveDeleteAdmin($adm_login); } } // adm_login=zigo&addrlink=resseller&adm_pass=513411410&action=delete_child_account&account_name=bbbb if (isset($_REQUEST["action"]) && $_REQUEST["action"] == "delete_child_account") { checkLoginPass($adm_login, $adm_pass); if (!isFtpLogin($_REQUEST["account_name"])) { $submit_err .= "Incorrect DTC login: a-z A-Z 0-9<br>\n"; $commit_flag = "no"; } else { deleteAdminFromFather($_REQUEST["account_name"], $adm_login); } }
$panel_type = "none"; require_once "../shared/autoSQLconfig.php"; require_once "{$dtcshared_path}/dtc_lib.php"; session_name("wallid"); header("Content-type: image/png"); // Date in the past header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // always modified header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // HTTP/1.1 header("Cache-Control: no-store, no-cache, must-revalidate"); header("Cache-Control: post-check=0, pre-check=0", false); // HTTP/1.0 header("Pragma: no-cache"); if (isFtpLogin($_REQUEST["adm_login"])) { $adm_login = $_REQUEST["adm_login"]; } else { die("No login in query"); } $width = 120; $height = 48; $im = ImageCreate($width, $height) or die("Cannot Initialize new GD image stream"); $lightblue_color = ImageColorAllocate($im, 190, 190, 212); $black = ImageColorAllocate($im, 0, 0, 0); $white = ImageColorAllocate($im, 255, 255, 255); $red = ImageColorAllocate($im, 255, 0, 0); for ($m = 0; $m < 12; $m++) { $tr_tbl[$m] = 0; } /*
function dtcListItemsEdit($dsc) { global $adm_pass; $out = "<h3>" . $dsc["title"] . "</u></b></h3>"; // Calculate the forwards parameters for links and forms $nbr_forwards = sizeof($dsc["forward"]); $keys_fw = array_keys($dsc["forward"]); $fw = ""; $fw_link = $_SERVER["PHP_SELF"] . "?"; for ($i = 0; $i < $nbr_forwards; $i++) { if ($dsc["forward"][$i] == "adm_pass") { $fw .= "<input type=\"hidden\" name=\"" . $dsc["forward"][$i] . "\" value=\"" . $adm_pass . "\">"; } else { $fw .= "<input type=\"hidden\" name=\"" . $dsc["forward"][$i] . "\" value=\"" . $_REQUEST[$dsc["forward"][$i]] . "\">"; } if ($i != 0) { $fw_link .= "&"; } if ($dsc["forward"][$i] == "adm_pass") { $fw_link .= $dsc["forward"][$i] . "={$adm_pass}"; } else { $fw_link .= $dsc["forward"][$i] . "=" . $_REQUEST[$dsc["forward"][$i]]; } } // Condition to add to each queries $where = "WHERE 1"; if (isset($dsc["order_by"])) { $order_by = " ORDER BY " . $dsc["order_by"]; } else { $order_by = ""; } $added_insert_names = ""; $added_insert_values = ""; if (isset($dsc["where_list"])) { $nbr_where = sizeof($dsc["where_list"]); $where_keys = array_keys($dsc["where_list"]); for ($i = 0; $i < $nbr_where; $i++) { if ($i != 0) { $added_insert_names .= ","; $added_insert_values .= ","; } $added_insert_names .= $where_keys[$i]; $added_insert_values .= "'" . $dsc["where_list"][$where_keys[$i]] . "'"; $where .= " AND " . $where_keys[$i] . "='" . $dsc["where_list"][$where_keys[$i]] . "'"; } // As there will be other fields, we need that one $added_insert_names .= ","; $added_insert_values .= ","; } // Number of fields that we are about to manage here and theire names $nbr_fld = sizeof($dsc["cols"]); $keys = array_keys($dsc["cols"]); // We need the current number of items now to check against the max number for addition $q = "SELECT " . $dsc["id_fld"] . "," . $dsc["list_fld_show"] . " FROM " . $dsc["table_name"] . " {$where};"; $r_item_list = mysql_query($q) or die("Cannot query {$q} in " . __FILE__ . " line " . __LINE__ . " sql said: " . mysql_error()); $current_num_items = mysql_num_rows($r_item_list); // SQL submit stuffs if (isset($_REQUEST["action"]) && $_REQUEST["action"] == $dsc["action"] . "_new_item") { // Todo: do the fields checkings $commit_flag = "yes"; $commit_err = ""; for ($i = 0; $i < $nbr_fld; $i++) { switch ($dsc["cols"][$keys[$i]]["type"]) { case "popup": case "radio": $nbr_choices = sizeof($dsc["cols"][$keys[$i]]["values"]); $is_one_of_them = "no"; for ($j = 0; $j < $nbr_choices; $j++) { if ($dsc["cols"][$keys[$i]]["values"][$j] == $_REQUEST[$keys[$i]]) { $is_one_of_them = "yes"; } } if ($is_one_of_them == "no") { $commit_flag = "no"; $commit_err = "the variable " . $keys[$i] . " is not one of the allowed values<br>"; } break; default: break; } if (isset($dsc["cols"][$keys[$i]]["check"])) { switch ($dsc["cols"][$keys[$i]]["check"]) { case "subdomain": if (!checkSubdomainFormat($_REQUEST[$keys[$i]])) { if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") { $commit_flag = "no"; $commit_err .= $keys[$i] . ": not a subdomain<br>"; } } break; case "subdomain_or_ip": if (!checkSubdomainFormat($_REQUEST[$keys[$i]]) && !isIP($_REQUEST[$keys[$i]])) { if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") { $commit_flag = "no"; $commit_err .= $keys[$i] . ": not a subdomain or IP addresse<br>"; } } break; case "ip6": if (!isIP6($_REQUEST[$keys[$i]])) { if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") { if (!isset($dsc["cols"][$keys[$i]]["empty_makes_default"]) || $dsc["cols"][$keys[$i]]["empty_makes_default"] != "yes" || $_REQUEST[$keys[$i]] != "default") { $commit_flag = "no"; $commit_err .= $keys[$i] . ": not an IPv6 address<br>"; } } } break; case "ip_addr": if (!isIP($_REQUEST[$keys[$i]])) { if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") { $commit_flag = "no"; $commit_err .= $keys[$i] . ": not an IP address<br>"; } } break; case "domain_or_ip": if (!isIP($_REQUEST[$keys[$i]]) && !isHostname($_REQUEST[$keys[$i]])) { if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") { $commit_flag = "no"; $commit_err .= $keys[$i] . ": not a domain or IP addresse<br>"; } } break; case "dtc_login": if (!isFtpLogin($_REQUEST[$keys[$i]])) { if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") { $commit_flag = "no"; $commit_err .= $keys[$i] . ": not a correct login format.<br>"; } } break; case "dtc_login_or_email": if (!isFtpLogin($_REQUEST[$keys[$i]]) && !isValidEmail($_REQUEST[$keys[$i]])) { if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") { $commit_flag = "no"; $commit_err .= $keys[$i] . ": not a correct login format.<br>"; } } break; case "mail_alias_group": $mail_alias_group_raw = trim($_REQUEST[$keys[$i]], "\r\n"); $mail_alias_nocr = str_replace("\r", "", $mail_alias_group_raw); $mail_alias_array = split("\n", $mail_alias_nocr); for ($x = 0; $x < count($mail_alias_array); $x++) { if (!isValidEmail($mail_alias_array[$x])) { $commit_flag = "no"; $commit_err .= $mail_alias_array[$x] . ": not a valid email format.<br>"; } } break; case "dtc_pass": if (!isDTCPassword($_REQUEST[$keys[$i]])) { if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") { $commit_flag = "no"; $commit_err .= $keys[$i] . ": not a correct password format<br>"; } } break; case "email": if (!isValidEmail($_REQUEST[$keys[$i]])) { if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") { $commit_flag = "no"; $commit_err .= $keys[$i] . ": not a correct email format<br>"; } } break; case "number": if (!isRandomNum($_REQUEST[$keys[$i]])) { if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") { $commit_flag = "no"; $commit_err .= $keys[$i] . ": not a correct number format<br>"; } } break; case "max_value_2096": if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") { if (!isRandomNum($_REQUEST[$keys[$i]])) { $commit_flag = "no"; $commit_err .= $keys[$i] . ": not a correct number format<br>"; } if ($_REQUEST[$keys[$i]] >= 2096) { $commit_flag = "no"; $commit_err .= $keys[$i] . ": is greater or equal than the max value 2096<br>"; } } break; default: $commit_flag = "no"; $commit_err .= $keys[$i] . ": unknown field checking type (" . $dsc["cols"][$keys[$i]]["check"] . ").<br>"; break; } } } if (isset($dsc["max_item"]) && $current_num_items >= $dsc["max_item"]) { $commit_flag = "no"; $commit_err = "Max number of items reached!"; } if (isset($dsc["check_unique"])) { $nbr_unique_check = sizeof($dsc["check_unique"]); $where_clause = ""; for ($i = 0; $i < $nbr_unique_check; $i++) { if ($i != 0) { $where_clause .= " AND "; } if (isset($dsc["cols"][$dsc["check_unique"][$i]]["happen_domain"])) { $where_clause .= $dsc["check_unique"][$i] . "='" . $_REQUEST[$dsc["check_unique"][$i]] . $dsc["cols"][$dsc["check_unique"][$i]]["happen_domain"] . "' "; } else { $where_clause .= $dsc["check_unique"][$i] . "='" . $_REQUEST[$dsc["check_unique"][$i]] . "' "; } } if (!isset($dsc["check_unique_use_where_list"]) || $dsc["check_unique_use_where_list"] == "yes") { $nbr_where_list_fld = sizeof($dsc["where_list"]); $where_list_keys_fld = array_keys($dsc["where_list"]); for ($i = 0; $i < $nbr_where_list_fld; $i++) { $where_clause .= " AND " . $where_list_keys_fld[$i] . "='" . $dsc["where_list"][$where_list_keys_fld[$i]] . "'"; } } $q = "SELECT * FROM " . $dsc["table_name"] . " WHERE {$where_clause} "; $r = mysql_query($q) or die("Cannot query \"{$q}\" line " . __LINE__ . " file " . __FILE__ . " sql said: " . mysql_error()); $n = mysql_num_rows($r); if ($n > 0) { $commit_flag = "no"; $commit_err = $dsc["check_unique_msg"]; } } // Build the request $fld_names = ""; $values = ""; $added_one = "no"; for ($i = 0; $i < $nbr_fld; $i++) { switch ($dsc["cols"][$keys[$i]]["type"]) { case "password": if ($added_one == "yes") { $fld_names .= ","; $values .= ","; } $fld_names .= $keys[$i]; if (isset($dsc["cols"][$keys[$i]]["empty_makes_sql_null"]) && $dsc["cols"][$keys[$i]]["empty_makes_sql_null"] == "yes" && $_REQUEST[$keys[$i]] == "") { $values .= "NULL"; } else { if (isset($dsc["cols"][$keys[$i]]["empty_makes_default"]) && $dsc["cols"][$keys[$i]]["empty_makes_default"] == "yes" && $_REQUEST[$keys[$i]] == "") { $values .= "'default'"; } else { if (isset($dsc["cols"][$keys[$i]]["happen_domain"])) { $values .= "'" . addslashes($_REQUEST[$keys[$i]]) . $dsc["cols"][$keys[$i]]["happen_domain"] . "'"; } else { $values .= "'" . addslashes($_REQUEST[$keys[$i]]) . "'"; } // if the crypt field is set, then we use this as the SQL field to populate the crypted password into if (isset($dsc["cols"][$keys[$i]]["cryptfield"])) { if ($added_one == "yes") { $fld_names .= ","; $values .= ","; } $fld_names .= $dsc["cols"][$keys[$i]]["cryptfield"]; $values .= "'" . crypt($_REQUEST[$keys[$i]], dtc_makesalt()) . "'"; } } } $added_one = "yes"; break; case "text": case "textarea": if ($added_one == "yes") { $fld_names .= ","; $values .= ","; } $fld_names .= $keys[$i]; if (isset($dsc["cols"][$keys[$i]]["empty_makes_sql_null"]) && $dsc["cols"][$keys[$i]]["empty_makes_sql_null"] == "yes" && $_REQUEST[$keys[$i]] == "") { $values .= "NULL"; } else { if (isset($dsc["cols"][$keys[$i]]["empty_makes_default"]) && $dsc["cols"][$keys[$i]]["empty_makes_default"] == "yes" && $_REQUEST[$keys[$i]] == "") { $values .= "'default'"; } else { if (isset($dsc["cols"][$keys[$i]]["happen_domain"])) { $values .= "'" . addslashes($_REQUEST[$keys[$i]]) . $dsc["cols"][$keys[$i]]["happen_domain"] . "'"; } else { $values .= "'" . addslashes($_REQUEST[$keys[$i]]) . "'"; } } } $added_one = "yes"; break; case "checkbox": if ($added_one == "yes") { $fld_names .= ","; $values .= ","; } $added_one = "yes"; $fld_names .= $keys[$i]; if (isset($_REQUEST[$keys[$i]])) { $values .= "'" . $dsc["cols"][$keys[$i]]["values"][0] . "'"; } else { $values .= "'" . $dsc["cols"][$keys[$i]]["values"][1] . "'"; } break; case "popup": case "radio": if ($added_one == "yes") { $fld_names .= ","; $values .= ","; } $fld_names .= $keys[$i]; $values .= "'" . addslashes($_REQUEST[$keys[$i]]) . "'"; $added_one = "yes"; break; } } if ($commit_flag == "yes") { $q = "INSERT INTO " . $dsc["table_name"] . " ({$added_insert_names} {$fld_names}) VALUES ({$added_insert_values} {$values});"; $success = "yes"; $r = mysql_query($q) or $success = "no"; if ($success == "yes") { $insert_id = mysql_insert_id(); if (isset($dsc["create_item_callback"])) { $out .= $dsc["create_item_callback"]($insert_id); } } else { $out .= "<font color=\"red\">Cannot query {$q} in " . __FILE__ . " line " . __LINE__ . " sql said: " . mysql_error() . "</font>"; } } else { $out .= "<font color=\"red\">Could not commit the changes because of an error in field format: <br>{$commit_err}</font><br>"; } } else { if (isset($_REQUEST["action"]) && $_REQUEST["action"] == $dsc["action"] . "_save_item") { // Todo: do the fields checkings $commit_flag = "yes"; $commit_err = ""; for ($i = 0; $i < $nbr_fld; $i++) { switch ($dsc["cols"][$keys[$i]]["type"]) { case "checkbox": break; case "popup": case "radio": case "checkbox": $nbr_choices = sizeof($dsc["cols"][$keys[$i]]["values"]); $is_one_of_them = "no"; for ($j = 0; $j < $nbr_choices; $j++) { if ($dsc["cols"][$keys[$i]]["values"][$j] == $_REQUEST[$keys[$i]]) { $is_one_of_them = "yes"; } } if ($is_one_of_them == "no") { $commit_flag = "no"; $commit_err = "the variable " . $keys[$i] . " is not one of the allowed values<br>"; } break; default: break; } if (isset($dsc["cols"][$keys[$i]]["check"]) && (!isset($dsc["cols"][$keys[$i]]["disable_edit"]) || $dsc["cols"][$keys[$i]]["disable_edit"] != "yes")) { switch ($dsc["cols"][$keys[$i]]["check"]) { case "subdomain": if (!checkSubdomainFormat($_REQUEST[$keys[$i]])) { if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") { $commit_flag = "no"; $commit_err .= $keys[$i] . ": not a subdomain<br>"; } } break; case "subdomain_or_ip": if (!checkSubdomainFormat($_REQUEST[$keys[$i]]) && !isIP($_REQUEST[$keys[$i]])) { if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") { $commit_flag = "no"; $commit_err .= $keys[$i] . ": not a subdomain or IP addresse<br>"; } } break; case "ip6": if (!isIP6($_REQUEST[$keys[$i]])) { if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") { if (!isset($dsc["cols"][$keys[$i]]["empty_makes_default"]) || $dsc["cols"][$keys[$i]]["empty_makes_default"] != "yes" || $_REQUEST[$keys[$i]] != "default") { $commit_flag = "no"; $commit_err .= $keys[$i] . ": not an IPv6 address<br>"; } } } break; case "ip_addr": if (!isIP($_REQUEST[$keys[$i]])) { if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") { $commit_flag = "no"; $commit_err .= $keys[$i] . ": not an IP address<br>"; } } break; case "domain_or_ip": if (!isIP($_REQUEST[$keys[$i]]) && !isHostname($_REQUEST[$keys[$i]])) { if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") { $commit_flag = "no"; $commit_err .= $keys[$i] . ": not a domain or IP addresse<br>"; } } break; case "dtc_login": if (!isFtpLogin($_REQUEST[$keys[$i]])) { if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") { $commit_flag = "no"; $commit_err .= $keys[$i] . ": not a correct login format.<br>"; } } break; case "dtc_login_or_email": if (!isFtpLogin($_REQUEST[$keys[$i]]) && !isValidEmail($_REQUEST[$keys[$i]])) { if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") { $commit_flag = "no"; $commit_err .= $keys[$i] . ": not a correct login format.<br>"; } } break; case "mail_alias_group": $mail_alias_group_raw = trim($_REQUEST[$keys[$i]], "\r\n"); $mail_alias_nocr = str_replace("\r", "", $mail_alias_group_raw); $mail_alias_array = split("\n", $mail_alias_nocr); for ($x = 0; $x < count($mail_alias_array); $x++) { if (!isValidEmail($mail_alias_array[$x])) { $commit_flag = "no"; $commit_err .= $mail_alias_array[$x] . ": not a valid email format.<br>"; } } break; case "dtc_pass": if (!isDTCPassword($_REQUEST[$keys[$i]])) { if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") { $commit_flag = "no"; $commit_err .= $keys[$i] . ": not a correct password format<br>"; } } break; case "email": if (!isValidEmail($_REQUEST[$keys[$i]])) { if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") { $commit_flag = "no"; $commit_err .= $keys[$i] . ": not a correct email format<br>"; } } break; case "number": if (!isRandomNum($_REQUEST[$keys[$i]])) { if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") { $commit_flag = "no"; $commit_err .= $keys[$i] . ": not a correct number format<br>"; } } break; case "max_value_2096": if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") { if (!isRandomNum($_REQUEST[$keys[$i]])) { $commit_flag = "no"; $commit_err .= $keys[$i] . ": not a correct number format<br>"; } if ($_REQUEST[$keys[$i]] >= 2096) { $commit_flag = "no"; $commit_err .= $keys[$i] . ": is greater or equal than the max value 2096<br>"; } } break; default: $commit_flag = "no"; $commit_err .= $keys[$i] . ": unknown field checking type (" . $dsc["cols"][$keys[$i]]["check"] . ").<br>"; break; } } } // Build the request $added_one = "no"; $reqs = ""; for ($i = 0; $i < $nbr_fld; $i++) { switch ($dsc["cols"][$keys[$i]]["type"]) { case "id": $id_fldname = $keys[$i]; $id_fld_value = addslashes($_REQUEST[$keys[$i]]); break; case "readonly": break; case "text": case "textarea": case "password": if (!isset($dsc["cols"][$keys[$i]]["disable_edit"]) || $dsc["cols"][$keys[$i]]["disable_edit"] != "yes") { if ($added_one == "yes") { $reqs .= ","; } if (isset($dsc["cols"][$keys[$i]]["happen_domain"])) { $happen = $dsc["cols"][$keys[$i]]["happen_domain"]; } else { $happen = ""; } if (isset($dsc["cols"][$keys[$i]]["empty_makes_sql_null"]) && $dsc["cols"][$keys[$i]]["empty_makes_sql_null"] == "yes" && $_REQUEST[$keys[$i]] == "") { $reqs .= $keys[$i] . "=NULL"; } else { if (isset($dsc["cols"][$keys[$i]]["empty_makes_default"]) && $dsc["cols"][$keys[$i]]["empty_makes_default"] == "yes" && $_REQUEST[$keys[$i]] == "") { $reqs .= $keys[$i] . "='default'"; } else { $reqs .= $keys[$i] . "='" . addslashes($_REQUEST[$keys[$i]]) . $happen . "'"; // if the crypt field is set, then we use this as the SQL field to populate the crypted password into if (isset($dsc["cols"][$keys[$i]]["cryptfield"])) { if ($added_one == "yes") { $reqs .= ", "; } $reqs .= " " . $dsc["cols"][$keys[$i]]["cryptfield"] . "='" . crypt($_REQUEST[$keys[$i]], dtc_makesalt()) . "' "; } } } $added_one = "yes"; } break; case "popup": case "radio": if ($added_one == "yes") { $reqs .= ","; } $reqs .= $keys[$i] . "='" . addslashes($_REQUEST[$keys[$i]]) . "'"; $added_one = "yes"; break; case "checkbox": if ($added_one == "yes") { $reqs .= ","; } if (isset($_REQUEST[$keys[$i]])) { $reqs .= $keys[$i] . "='" . $dsc["cols"][$keys[$i]]["values"][0] . "'"; } else { $reqs .= $keys[$i] . "='" . $dsc["cols"][$keys[$i]]["values"][1] . "'"; } break; default: die($dsc["cols"][$keys[$i]]["type"] . ": Not implemented yet line " . __LINE__ . " file " . __FILE__); break; } } if ($commit_flag != "yes") { $out .= "<font color=\"red\">Could not commit the changes because of an error in field format: [todo: error desc]<br>{$commit_err}</font>"; } else { if (!isset($id_fldname) || !isset($id_fld_value)) { $out .= "<font color=\"red\">Could not commit the changes because the id is not set!</font>"; } else { $q = "UPDATE " . $dsc["table_name"] . " SET {$reqs} {$where} AND {$id_fldname}='{$id_fld_value}';"; $r = mysql_query($q) or $out .= "<font color=\"red\">Cannot query {$q} in " . __FILE__ . " line " . __LINE__ . " sql said: " . mysql_error() . "</font>"; if (isset($dsc["edit_item_callback"])) { $dsc["edit_item_callback"]($id_fld_value); } } } } else { if (isset($_REQUEST["action"]) && $_REQUEST["action"] == $dsc["action"] . "_delete_item") { for ($i = 0; $i < $nbr_fld; $i++) { if ($dsc["cols"][$keys[$i]]["type"] == "id") { $id_fldname = $keys[$i]; $id_fld_value = addslashes($_REQUEST[$keys[$i]]); } } if (isset($id_fldname) && isset($id_fld_value)) { if (isset($dsc["delete_item_callback"])) { $dsc["delete_item_callback"]($id_fld_value); } $q = "DELETE FROM " . $dsc["table_name"] . " {$where} AND {$id_fldname}='" . $id_fld_value . "';"; $r = mysql_query($q) or $out .= "<font color=\"red\">Cannot query {$q} in " . __FILE__ . " line " . __LINE__ . " sql said: " . mysql_error() . "</font>"; } else { $out .= "<font color=\"red\">Could not commit the deletion because the id field could not be found.</font>"; } } } } // We have to query it again, in case an insert or a delete has occured! $q = "SELECT " . $dsc["id_fld"] . "," . $dsc["list_fld_show"] . " FROM " . $dsc["table_name"] . " {$where} {$order_by};"; $r_item_list = mysql_query($q) or die("Cannot query {$q} in " . __FILE__ . " line " . __LINE__ . " sql said: " . mysql_error()); $current_num_items = mysql_num_rows($r_item_list); if (isset($dsc["max_item"])) { if ($current_num_items >= $dsc["max_item"]) { $out .= "<font color=\"red\">"; } $out .= $dsc["num_item_txt"] . $current_num_items . "/" . $dsc["max_item"]; if ($current_num_items >= $dsc["max_item"]) { $out .= "</font>"; } $out .= "<br><br>"; } // First display a list of items for ($i = 0; $i < $current_num_items; $i++) { $a = mysql_fetch_array($r_item_list); if ($i != 0) { $out .= " - "; } if (isset($_REQUEST["subaction"]) && $_REQUEST["subaction"] == $dsc["action"] . "_edit_item" && $_REQUEST["item"] == $a[$dsc["id_fld"]]) { $out .= $a[$dsc["list_fld_show"]]; } else { $out .= "<a href=\"{$fw_link}&subaction=" . $dsc["action"] . "_edit_item&item=" . $a[$dsc["id_fld"]] . "\">" . $a[$dsc["list_fld_show"]] . "</a>"; } } $out .= "<br><br>"; // Creation of new items if (!isset($_REQUEST["subaction"]) || $_REQUEST["subaction"] != $dsc["action"] . "_edit_item") { $out .= $dsc["new_item_link"] . "<br><br>"; $out .= "<h3>" . $dsc["new_item_title"] . "</h3><br>"; if (isset($dsc["max_item"]) && $current_num_items >= $dsc["max_item"]) { $out .= "<font color=\"red\">" . _("Maximum number reached") . "!</font><br>"; } else { $out .= "<form name=\"" . $dsc["action"] . "_new_item_frm\" action=\"" . $_SERVER["PHP_SELF"] . "\">{$fw}\n\t\t\t\t<input type=\"hidden\" name=\"action\" value=\"" . $dsc["action"] . "_new_item\">" . dtcFormTableAttrs(); for ($i = 0; $i < $nbr_fld; $i++) { if (isset($dsc["cols"][$keys[$i]]["help"])) { $help = $dsc["cols"][$keys[$i]]["help"]; } else { $help = ""; } switch ($dsc["cols"][$keys[$i]]["type"]) { case "id": $out .= "<input type=\"hidden\" name=\"" . $keys[$i] . "\" value=\"\">"; break; case "password": $genpass = autoGeneratePassButton($dsc["action"] . "_new_item_frm", $keys[$i]); $ctrl = "<input type=\"password\" name=\"" . $keys[$i] . "\" value=\"\">{$genpass}"; $out .= dtcFormLineDraw($dsc["cols"][$keys[$i]]["legend"], $ctrl, $i % 2, $help); break; case "text": case "readonly": if (isset($dsc["cols"][$keys[$i]]["hide_create"]) && $dsc["cols"][$keys[$i]]["hide_create"] == "yes") { break; } if (isset($dsc["cols"][$keys[$i]]["happen_domain"])) { $happen = $dsc["cols"][$keys[$i]]["happen_domain"]; } else { $happen = ""; } if (isset($dsc["cols"][$keys[$i]]["happen"])) { $happen .= $dsc["cols"][$keys[$i]]["happen"]; } if (isset($dsc["cols"][$keys[$i]]["default"])) { $ctrl_value = $dsc["cols"][$keys[$i]]["default"]; } else { $ctrl_value = ""; } if ($dsc["cols"][$keys[$i]]["type"] == "readonly") { $ctrl = "<input type=\"text\" name=\"" . $keys[$i] . "\" value=\"{$ctrl_value}\" READONLY>{$happen}"; } else { $ctrl = "<input type=\"text\" name=\"" . $keys[$i] . "\" value=\"{$ctrl_value}\">{$happen}"; } $out .= dtcFormLineDraw($dsc["cols"][$keys[$i]]["legend"], $ctrl, $i % 2, $help); break; case "textarea": if (isset($dsc["cols"][$keys[$i]]["cols"])) { $ctrl_cols = " cols=\"" . $dsc["cols"][$keys[$i]]["cols"] . "\" "; } else { $ctrl_cols = ""; } if (isset($dsc["cols"][$keys[$i]]["rows"])) { $ctrl_rows = " rows=\"" . $dsc["cols"][$keys[$i]]["rows"] . "\" "; } else { $ctrl_rows = ""; } $ctrl = "<textarea {$ctrl_cols} {$ctrl_rows} name=\"" . $keys[$i] . "\"></textarea>"; $out .= dtcFormLineDraw($dsc["cols"][$keys[$i]]["legend"], $ctrl, $i % 2, $help); break; case "radio": $nbr_choices = sizeof($dsc["cols"][$keys[$i]]["values"]); $ctrl = ""; for ($x = 0; $x < $nbr_choices; $x++) { if (isset($dsc["cols"][$keys[$i]]["default"])) { if ($dsc["cols"][$keys[$i]]["values"][$x] == $dsc["cols"][$keys[$i]]["default"]) { $selected = " checked "; } else { $selected = ""; } } else { if ($x == 0) { $selected = " checked "; } else { $selected = ""; } } if (isset($dsc["cols"][$keys[$i]]["display_replace"][$x])) { $display_val = $dsc["cols"][$keys[$i]]["display_replace"][$x]; } else { $display_val = $dsc["cols"][$keys[$i]]["values"][$x]; } $ctrl .= "<input type=\"radio\" name=\"" . $keys[$i] . "\" value=\"" . $dsc["cols"][$keys[$i]]["values"][$x] . "\" {$selected}> "; $ctrl .= $display_val; } $out .= dtcFormLineDraw($dsc["cols"][$keys[$i]]["legend"], $ctrl, $i % 2, $help); break; case "checkbox": if (!isset($dsc["cols"][$keys[$i]]["default"])) { $checked = " checked "; } else { $checked = " "; } $ctrl = "<input type=\"checkbox\" name=\"" . $keys[$i] . "\" value=\"yes\" {$checked}>"; $out .= dtcFormLineDraw($dsc["cols"][$keys[$i]]["legend"], $ctrl, $i % 2, $help); break; case "popup": $nbr_choices = sizeof($dsc["cols"][$keys[$i]]["values"]); $ctrl = "<select name=\"" . $keys[$i] . "\">"; for ($x = 0; $x < $nbr_choices; $x++) { $selected = ""; if (isset($dsc["cols"][$keys[$i]]["default"])) { if ($dsc["cols"][$keys[$i]]["values"][$x] == $dsc["cols"][$keys[$i]]["default"]) { $selected = " selected "; } else { $selected = ""; } } if (isset($dsc["cols"][$keys[$i]]["display_replace"][$x])) { $display_val = $dsc["cols"][$keys[$i]]["display_replace"][$x]; } else { $display_val = $dsc["cols"][$keys[$i]]["values"][$x]; } $ctrl .= " <option value=\"" . $dsc["cols"][$keys[$i]]["values"][$x] . "\" {$selected}>{$display_val}</option>"; } $out .= dtcFormLineDraw($dsc["cols"][$keys[$i]]["legend"], $ctrl, $i % 2, $help); break; default: $ctrl = "Not implemented yet!!!"; $out .= dtcFormLineDraw($dsc["cols"][$keys[$i]]["legend"], $ctrl, $i % 2, $help); break; } } $out .= dtcFromOkDraw(); $out .= "</table></form>"; } // Edition of existing items } else { $out .= "<a href=\"{$fw_link}&subaction=" . $dsc["action"] . "_new_item\">" . $dsc["new_item_link"] . "</a><br><br>"; $out .= "<h3>" . $dsc["edit_item_title"] . "</h3><br>"; $q = "SELECT * FROM " . $dsc["table_name"] . " {$where} AND " . $dsc["id_fld"] . "='" . addslashes($_REQUEST["item"]) . "';"; $r = mysql_query($q) or die("Cannot query {$q} in " . __FILE__ . " line " . __LINE__ . " sql said: " . mysql_error()); $n = mysql_num_rows($r); if ($n == 1) { $a = mysql_fetch_array($r); $out .= "<form name=\"" . $dsc["action"] . "_save_item_frm\" action=\"" . $_SERVER["PHP_SELF"] . "\">{$fw}"; $out .= "<input type=\"hidden\" name=\"action\" value=\"" . $dsc["action"] . "_save_item\">"; $out .= "<input type=\"hidden\" name=\"subaction\" value=\"" . $dsc["action"] . "_edit_item\">"; $out .= "<input type=\"hidden\" name=\"item\" value=\"" . $a[$dsc["id_fld"]] . "\">"; $out .= dtcFormTableAttrs(); for ($j = 0; $j < $nbr_fld; $j++) { $the_fld = $dsc["cols"][$keys[$j]]; if (isset($dsc["cols"][$keys[$j]]["help"])) { $help = $dsc["cols"][$keys[$j]]["help"]; } else { $help = ""; } switch ($the_fld["type"]) { case "id": $out .= "<input type=\"hidden\" name=\"" . $keys[$j] . "\" value=\"" . $a[$keys[$j]] . "\">"; $id_fldname = $keys[$j]; $id_fld_value = $a[$keys[$j]]; break; case "textarea": if (isset($dsc["cols"][$keys[$j]]["cols"])) { $ctrl_cols = " cols=\"" . $dsc["cols"][$keys[$j]]["cols"] . "\" "; } else { $ctrl_cols = ""; } if (isset($dsc["cols"][$keys[$j]]["rows"])) { $ctrl_rows = " rows=\"" . $dsc["cols"][$keys[$j]]["rows"] . "\" "; } else { $ctrl_rows = ""; } $ctrl = "<textarea {$ctrl_cols} {$ctrl_rows} name=\"" . $keys[$j] . "\">" . stripslashes($a[$keys[$j]]) . "</textarea>"; $out .= dtcFormLineDraw($dsc["cols"][$keys[$j]]["legend"], $ctrl, $j % 2, $help); break; case "password": case "text": case "readonly": if (isset($dsc["cols"][$keys[$j]]["disable_edit"]) && $dsc["cols"][$keys[$j]]["disable_edit"] == "yes") { $disabled = " disabled "; } else { $disabled = " "; } if (isset($dsc["cols"][$keys[$j]]["size"])) { $size = " size=\"" . $dsc["cols"][$keys[$j]]["size"] . "\" "; } else { $size = ""; } if (isset($dsc["cols"][$keys[$j]]["happen_domain"]) && preg_match("/" . $dsc["cols"][$keys[$j]]["happen_domain"] . "\$/", $a[$keys[$j]])) { $input_disp_value = substr($a[$keys[$j]], 0, strlen($a[$keys[$j]]) - strlen($dsc["cols"][$keys[$j]]["happen_domain"])); $happen = $dsc["cols"][$keys[$j]]["happen_domain"]; } else { if ($dsc["cols"][$keys[$j]]["type"] != "readonly") { $input_disp_value = $a[$keys[$j]]; } $happen = ""; } if (isset($dsc["cols"][$keys[$j]]["happen"])) { $happen .= $dsc["cols"][$keys[$j]]["happen"]; } if ($the_fld["type"] == "password") { $genpass = autoGeneratePassButton($dsc["action"] . "_save_item_frm", $keys[$j]); $input_disp_type = "password"; } else { $genpass = ""; $input_disp_type = "text"; } // Do this only for readonly if ($dsc["cols"][$keys[$j]]["type"] == "readonly") { $disabled = " READONLY"; isset($dsc["cols"][$keys[$j]]["default"]) ? $input_disp_value = $dsc["cols"][$keys[$j]]["default"] : ($input_disp_value = ''); isset($dsc["cols"][$keys[$j]]["happen"]) ? $happen = $dsc["cols"][$keys[$j]]["happen"] : ($happen = ''); } if (isset($dsc["cols"][$keys[$j]]["callback"])) { $retArray = $dsc["cols"][$keys[$j]]["callback"]($id_fld_value); $input_disp_value = $retArray["value"]; $happen = $retArray["happen"]; } $ctrl = "<input type=\"{$input_disp_type}\" {$size} name=\"" . $keys[$j] . "\" value=\"" . stripslashes($input_disp_value) . "\" {$disabled}>{$genpass}{$happen}"; $out .= dtcFormLineDraw($dsc["cols"][$keys[$j]]["legend"], $ctrl, $j % 2, $help); break; case "radio": $nbr_choices = sizeof($dsc["cols"][$keys[$j]]["values"]); $ctrl = ""; for ($x = 0; $x < $nbr_choices; $x++) { if ($dsc["cols"][$keys[$j]]["values"][$x] == $a[$keys[$j]]) { $selected = " checked "; } else { $selected = ""; } $ctrl .= " <input type=\"radio\" name=\"" . $keys[$j] . "\" value=\"" . $dsc["cols"][$keys[$j]]["values"][$x] . "\" {$selected}> "; $ctrl .= $dsc["cols"][$keys[$j]]["values"][$x]; } $out .= dtcFormLineDraw($dsc["cols"][$keys[$j]]["legend"], $ctrl, $j % 2, $help); break; case "checkbox": if ($dsc["cols"][$keys[$j]]["values"][0] == $a[$keys[$j]]) { $selected = " checked "; } else { $selected = " "; } $ctrl = "<input type=\"checkbox\" name=\"" . $keys[$j] . "\" value=\"yes\" " . $selected . ">"; $out .= dtcFormLineDraw($dsc["cols"][$keys[$j]]["legend"], $ctrl, $j % 2, $help); break; case "popup": $nbr_choices = sizeof($dsc["cols"][$keys[$j]]["values"]); $ctrl = "<select name=\"" . $keys[$j] . "\">"; for ($x = 0; $x < $nbr_choices; $x++) { if ($dsc["cols"][$keys[$j]]["values"][$x] == $a[$keys[$j]]) { $selected = " selected "; } else { $selected = ""; } if (isset($dsc["cols"][$keys[$j]]["display_replace"][$x])) { $display_val = $dsc["cols"][$keys[$j]]["display_replace"][$x]; } else { $display_val = $dsc["cols"][$keys[$j]]["values"][$x]; } $ctrl .= " <option value=\"" . $dsc["cols"][$keys[$j]]["values"][$x] . "\" {$selected}>{$display_val}</option>"; } $out .= dtcFormLineDraw($dsc["cols"][$keys[$j]]["legend"], $ctrl, $j % 2, $help); break; default: $ctrl = "Not implemented yet!!!"; $out .= dtcFormLineDraw($dsc["cols"][$keys[$j]]["legend"], $ctrl, $j % 2, $help); break; } } $delete_button = "<form action=\"" . $_SERVER["PHP_SELF"] . "\">{$fw}\n\t\t\t<input type=\"hidden\" name=\"action\" value=\"" . $dsc["action"] . "_delete_item" . "\">\n\t\t\t<input type=\"hidden\" name=\"{$id_fldname}\" value=\"{$id_fld_value}\">\n\t\t\t" . dtcDeleteButton() . "</form>"; $out .= "<tr><td> </td><td><table cellspacing=\"0\" cellpadding=\"0\" border=\"0\">\n\t\t\t<tr><td>" . dtcApplyButton() . "</form></td><td>{$delete_button}</td></tr></table></td></tr>"; $out .= "</table>"; } else { $out .= "No item by this number!"; } } return $out; }
require "../shared/autoSQLconfig.php"; require "{$dtcshared_path}/vars/table_names.php"; require "{$dtcshared_path}/drawlib/dtc_functions.php"; // $pro_mysql_domain_table // $pro_mysql_subdomain_table // $pro_mysql_cronjob_table $login = $_REQUEST["login"]; $pass = $_REQUEST["pass"]; if (isset($_REQUEST["ip"])) { $ip = $_REQUEST["ip"]; } $domain = $_REQUEST["domain"]; if (!isset($login) || $login == "" || !isset($pass) || $pass == "") { die("Incorrect params"); } if (!isFtpLogin($login)) { die("Requested login does not look like to be correct. It should be made only with letters, numbers, \".\" or \"-\" sign."); } if (!isDTCPassword($pass)) { die("Requested pass does not look like to be correct. It should be made only with letters, numbers, \".\" or \"-\" sign."); } if (!isHostname($domain)) { die("Requested domain name does not looklike to be correct. Please check !"); } $query = "SELECT * FROM {$pro_mysql_subdomain_table} WHERE login='******' AND pass='******' AND domain_name='{$domain}';"; $result = mysql_query($query) or die("Cannot query: \"{$query}\" !!!" . mysql_error()); $num_rows = mysql_num_rows($result); if ($num_rows != 1) { die("Incorrect login, pass or domain name !"); } else { if (!isset($ip) || $ip == "") {