Ejemplo n.º 1
0
/**
 * Adds Htaccess group.
 *
 * @param int $domainId Domain unique identifier
 * @return
 */
function client_addHtaccessGroup($domainId)
{
    if (isset($_POST['uaction']) && $_POST['uaction'] == 'add_group') {
        // we have to add the group
        if (isset($_POST['groupname'])) {
            if (!validates_username($_POST['groupname'])) {
                set_page_message(tr('Invalid group name!'), 'error');
                return;
            }
            $groupname = $_POST['groupname'];
            $query = "\n\t\t\t\tSELECT\n\t\t\t\t\t`id`\n\t\t\t\tFROM\n\t\t\t\t\t`htaccess_groups`\n\t\t\t\tWHERE\n\t\t\t\t\t`ugroup` = ?\n\t\t\t\tAND\n\t\t\t\t\t`dmn_id` = ?\n\t\t\t";
            $rs = exec_query($query, array($groupname, $domainId));
            if ($rs->rowCount() == 0) {
                $change_status = 'toadd';
                $query = "\n\t\t\t\t\tINSERT INTO `htaccess_groups` (\n\t\t\t\t\t    `dmn_id`, `ugroup`, `status`\n\t\t\t\t\t) VALUES (\n\t\t\t\t\t    ?, ?, ?\n\t\t\t\t\t)\n\t\t\t\t";
                exec_query($query, array($domainId, $groupname, $change_status));
                send_request();
                set_page_message(tr('Htaccess group successfully scheduled for addition.'), 'success');
                $admin_login = $_SESSION['user_logged'];
                write_log("{$admin_login}: added htaccess group: {$groupname}", E_USER_NOTICE);
                redirectTo('protected_user_manage.php');
            } else {
                set_page_message(tr('This htaccess group already exists.'), 'error');
                return;
            }
        } else {
            set_page_message(tr('Invalid htaccess group name.'), 'error');
            return;
        }
    } else {
        return;
    }
}
Ejemplo n.º 2
0
function padd_group($tpl, $sql, $dmn_id)
{
    $cfg = EasySCP_Registry::get('Config');
    if (isset($_POST['uaction']) && $_POST['uaction'] == 'add_group') {
        // we have to add the group
        if (isset($_POST['groupname'])) {
            if (!validates_username($_POST['groupname'])) {
                set_page_message(tr('Invalid group name!'), 'warning');
                return;
            }
            $groupname = $_POST['groupname'];
            $query = "\n\t\t\t\tSELECT\n\t\t\t\t\t`id`\n\t\t\t\tFROM\n\t\t\t\t\t`htaccess_groups`\n\t\t\t\tWHERE\n\t\t\t\t\t`ugroup` = ?\n\t\t\t\tAND\n\t\t\t\t\t`dmn_id` = ?\n\t\t\t";
            $rs = exec_query($sql, $query, array($groupname, $dmn_id));
            if ($rs->recordCount() == 0) {
                $change_status = $cfg->ITEM_ADD_STATUS;
                $query = "\n\t\t\t\t\tINSERT INTO `htaccess_groups`\n\t\t\t\t\t\t(`dmn_id`, `ugroup`, `status`)\n\t\t\t\t\tVALUES\n\t\t\t\t\t\t(?, ?, ?)\n\t\t\t\t";
                exec_query($sql, $query, array($dmn_id, $groupname, $change_status));
                send_request();
                $admin_login = $_SESSION['user_logged'];
                write_log("{$admin_login}: add group (protected areas): {$groupname}");
                user_goto('protected_user_manage.php');
            } else {
                set_page_message(tr('Group already exists!'), 'error');
                return;
            }
        } else {
            set_page_message(tr('Invalid group name!'), 'error');
            return;
        }
    } else {
        return;
    }
}
Ejemplo n.º 3
0
function padd_user($tpl, $sql, $dmn_id)
{
    $cfg = EasySCP_Registry::get('Config');
    if (isset($_POST['uaction']) && $_POST['uaction'] == 'add_user') {
        // we have to add the user
        if (isset($_POST['username']) && isset($_POST['pass']) && isset($_POST['pass_rep'])) {
            if (!validates_username($_POST['username'])) {
                set_page_message(tr('Wrong username!'), 'warning');
                return;
            }
            if (!chk_password($_POST['pass'])) {
                if ($cfg->PASSWD_STRONG) {
                    set_page_message(sprintf(tr('The password must be at least %s chars long and contain letters and numbers to be valid.'), $cfg->PASSWD_CHARS), 'warning');
                } else {
                    set_page_message(sprintf(tr('Password data is shorter than %s signs or includes not permitted signs!'), $cfg->PASSWD_CHARS), 'warning');
                }
                return;
            }
            if ($_POST['pass'] !== $_POST['pass_rep']) {
                set_page_message(tr('Passwords do not match!'), 'warning');
                return;
            }
            $status = $cfg->ITEM_ADD_STATUS;
            $uname = clean_input($_POST['username']);
            $upass = crypt_user_pass_with_salt($_POST['pass']);
            $query = "\n\t\t\t\tSELECT\n\t\t\t\t\t`id`\n\t\t\t\tFROM\n\t\t\t\t\t`htaccess_users`\n\t\t\t\tWHERE\n\t\t\t\t\t`uname` = ?\n\t\t\t\tAND\n\t\t\t\t\t`dmn_id` = ?\n\t\t\t";
            $rs = exec_query($sql, $query, array($uname, $dmn_id));
            if ($rs->recordCount() == 0) {
                $query = "\n\t\t\t\t\tINSERT INTO `htaccess_users`\n\t\t\t\t\t\t(`dmn_id`, `uname`, `upass`, `status`)\n\t\t\t\t\tVALUES\n\t\t\t\t\t\t(?, ?, ?, ?)\n\t\t\t\t";
                exec_query($sql, $query, array($dmn_id, $uname, $upass, $status));
                send_request('110 DOMAIN htaccess ' . $dmn_id);
                $admin_login = $_SESSION['user_logged'];
                write_log("{$admin_login}: add user (protected areas): {$uname}");
                user_goto('protected_user_manage.php');
            } else {
                set_page_message(tr('User already exist !'), 'error');
                return;
            }
        }
    } else {
        return;
    }
}
Ejemplo n.º 4
0
/**
 * Add Htaccess user.
 *
 * @param int $domainId Domain unique identifier
 * @return
 */
function client_addHtaccessUser($domainId)
{
    if (isset($_POST['uaction']) && $_POST['uaction'] == 'add_user') {
        // we have to add the user
        if (isset($_POST['username']) && isset($_POST['pass']) && isset($_POST['pass_rep'])) {
            if (!validates_username($_POST['username'])) {
                set_page_message(tr('Wrong username.'), 'error');
                return;
            }
            if (!checkPasswordSyntax($_POST['pass'])) {
                return;
            }
            if ($_POST['pass'] !== $_POST['pass_rep']) {
                set_page_message(tr("Passwords do not match."), 'error');
                return;
            }
            $status = 'toadd';
            $uname = clean_input($_POST['username']);
            $upass = cryptPasswordWithSalt($_POST['pass'], generateRandomSalt(true));
            $query = "\n\t\t\t\tSELECT\n\t\t\t\t\t`id`\n\t\t\t\tFROM\n\t\t\t\t\t`htaccess_users`\n\t\t\t\tWHERE\n\t\t\t\t\t`uname` = ?\n\t\t\t\tAND\n\t\t\t\t\t`dmn_id` = ?\n\t\t\t";
            $rs = exec_query($query, array($uname, $domainId));
            if ($rs->rowCount() == 0) {
                $query = "\n\t\t\t\t\tINSERT INTO `htaccess_users` (\n\t\t\t\t\t    `dmn_id`, `uname`, `upass`, `status`\n\t\t\t\t\t) VALUES (\n\t\t\t\t\t    ?, ?, ?, ?\n\t\t\t\t\t)\n\t\t\t\t";
                exec_query($query, array($domainId, $uname, $upass, $status));
                send_request();
                set_page_message(tr('Htaccess user successfully scheduled for addition.'), 'success');
                $admin_login = $_SESSION['user_logged'];
                write_log("{$admin_login}: added new htaccess user: {$uname}", E_USER_NOTICE);
                redirectTo('protected_user_manage.php');
            } else {
                set_page_message(tr('This htaccess user already exist.'), 'error');
                return;
            }
        }
    } else {
        return;
    }
}
Ejemplo n.º 5
0
/**
 * @return bool
 */
function check_user_data()
{
    if (!validates_username($_POST['username'])) {
        set_page_message(tr('Incorrect username length or syntax.'), 'error');
        return false;
    }
    if ($_POST['password'] != $_POST['password_confirmation']) {
        set_page_message(tr("Passwords do not match."), 'error');
        return false;
    }
    if (!checkPasswordSyntax($_POST['password'])) {
        return false;
    }
    if (!chk_email($_POST['email'])) {
        set_page_message(tr("Incorrect email length or syntax."), 'error');
        return false;
    }
    $query = "SELECT `admin_id` FROM `admin` WHERE `admin_name` = ?";
    $username = clean_input($_POST['username']);
    $rs = exec_query($query, $username);
    if ($rs->recordCount() != 0) {
        set_page_message(tr('This user name already exist.'), 'warning');
        return false;
    }
    return true;
}
Ejemplo n.º 6
0
/**
 * Create reseller account
 *
 * @throws Exception
 * @throws iMSCP_Exception
 * @throws iMSCP_Exception_Database
 * @return bool
 */
function admin_checkAndCreateResellerAccount()
{
    iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onBeforeAddUser);
    $cfg = iMSCP_Registry::get('config');
    $errFieldsStack = array();
    $data =& admin_getData();
    /** @var $db iMSCP_Database */
    $db = iMSCP_Database::getInstance();
    try {
        $db->beginTransaction();
        // Check for reseller name
        $stmt = exec_query('SELECT COUNT(`admin_id`) `usernameExist` FROM `admin` WHERE `admin_name` = ? LIMIT 1', $data['admin_name']);
        $row = $stmt->fetchRow(PDO::FETCH_ASSOC);
        if ($row['usernameExist']) {
            set_page_message(tr("The username %s is not available.", '<b>' . $data['admin_name'] . '</b>'), 'error');
            $errFieldsStack[] = 'admin_name';
        } elseif (!validates_username($data['admin_name'])) {
            set_page_message(tr('Incorrect username length or syntax.'), 'error');
            $errFieldsStack[] = 'admin_name';
        }
        // check for password
        if (empty($data['password'])) {
            set_page_message(tr('You must provide a password.'), 'error');
            $errFieldsStack[] = 'password';
            $errFieldsStack[] = 'password_confirmation';
        } elseif ($data['password'] != $data['password_confirmation']) {
            set_page_message(tr("Passwords do not match."), 'error');
            $errFieldsStack[] = 'password';
            $errFieldsStack[] = 'password_confirmation';
        } elseif (!checkPasswordSyntax($data['password'])) {
            $errFieldsStack[] = 'password';
            $errFieldsStack[] = 'password_confirmation';
        }
        // Check for email address
        if (!chk_email($data['email'])) {
            set_page_message(tr('Incorrect syntax for email address.'), 'error');
            $errFieldsStack[] = 'email';
        }
        // Check for ip addresses - We are safe here
        $resellerIps = array();
        foreach ($data['server_ips'] as $serverIpData) {
            if (in_array($serverIpData['ip_id'], $data['reseller_ips'])) {
                $resellerIps[] = $serverIpData['ip_id'];
            }
        }
        sort($resellerIps);
        if (empty($resellerIps)) {
            set_page_message(tr('You must assign at least one IP to this reseller.'), 'error');
        }
        // Check for max domains limit
        if (!imscp_limit_check($data['max_dmn_cnt'], null)) {
            set_page_message(tr('Incorrect limit for %s.', tr('domain')), 'error');
            $errFieldsStack[] = 'max_dmn_cnt';
        }
        // Check for max subdomains limit
        if (!imscp_limit_check($data['max_sub_cnt'])) {
            set_page_message(tr('Incorrect limit for %s.', tr('subdomains')), 'error');
            $errFieldsStack[] = 'max_sub_cnt';
        }
        // check for max domain aliases limit
        if (!imscp_limit_check($data['max_als_cnt'])) {
            set_page_message(tr('Incorrect limit for %s.', tr('domain aliases')), 'error');
            $errFieldsStack[] = 'max_als_cnt';
        }
        // Check for max mail accounts limit
        if (!imscp_limit_check($data['max_mail_cnt'])) {
            set_page_message(tr('Incorrect limit for %s.', tr('email accounts')), 'error');
            $errFieldsStack[] = 'max_mail_cnt';
        }
        // Check for max ftp accounts limit
        if (!imscp_limit_check($data['max_ftp_cnt'])) {
            set_page_message(tr('Incorrect limit for %s.', tr('Ftp accounts')), 'error');
            $errFieldsStack[] = 'max_ftp_cnt';
        }
        // Check for max Sql databases limit
        if (!imscp_limit_check($data['max_sql_db_cnt'])) {
            set_page_message(tr('Incorrect limit for %s.', tr('SQL databases')), 'error');
            $errFieldsStack[] = 'max_sql_db_cnt';
        } elseif ($_POST['max_sql_db_cnt'] == -1 && $_POST['max_sql_user_cnt'] != -1) {
            set_page_message(tr('SQL database limit is disabled but SQL user limit is not.'), 'error');
            $errFieldsStack[] = 'max_sql_db_cnt';
        }
        // Check for max Sql users limit
        if (!imscp_limit_check($data['max_sql_user_cnt'])) {
            set_page_message(tr('Incorrect limit for %s.', tr('SQL users')), 'error');
            $errFieldsStack[] = 'max_sql_user_cnt';
        } elseif ($_POST['max_sql_user_cnt'] == -1 && $_POST['max_sql_db_cnt'] != -1) {
            set_page_message(tr('SQL user limit is disabled but SQL database limit is not.'), 'error');
            $errFieldsStack[] = 'max_sql_user_cnt';
        }
        // Check for max monthly traffic limit
        if (!imscp_limit_check($data['max_traff_amnt'], null)) {
            set_page_message(tr('Incorrect limit for %s.', tr('traffic')), 'error');
            $errFieldsStack[] = 'max_traff_amnt';
        }
        // Check for max disk space limit
        if (!imscp_limit_check($data['max_disk_amnt'], null)) {
            set_page_message(tr('Incorrect limit for %s.', tr('Disk space')), 'error');
            $errFieldsStack[] = 'max_disk_amnt';
        }
        // Check for PHP settings
        $phpini = iMSCP_PHPini::getInstance();
        $phpini->setResellerPermission('phpiniSystem', $data['php_ini_system']);
        if ($phpini->resellerHasPermission('phpiniSystem')) {
            $phpini->setResellerPermission('phpiniAllowUrlFopen', $data['php_ini_al_allow_url_fopen']);
            $phpini->setResellerPermission('phpiniDisplayErrors', $data['php_ini_al_display_errors']);
            $phpini->setResellerPermission('phpiniDisableFunctions', $data['php_ini_al_disable_functions']);
            $phpini->setResellerPermission('phpiniMailFunction', $data['php_ini_al_mail_function']);
            $phpini->setResellerPermission('phpiniMemoryLimit', $data['memory_limit']);
            // Must be set before phpiniPostMaxSize
            $phpini->setResellerPermission('phpiniPostMaxSize', $data['post_max_size']);
            // Must be set before phpiniUploadMaxFileSize
            $phpini->setResellerPermission('phpiniUploadMaxFileSize', $data['upload_max_filesize']);
            $phpini->setResellerPermission('phpiniMaxExecutionTime', $data['max_execution_time']);
            $phpini->setResellerPermission('phpiniMaxInputTime', $data['max_input_time']);
        }
        if (empty($errFieldsStack) && !Zend_Session::namespaceIsset('pageMessages')) {
            // Update process begin here
            // Insert reseller personal data into database
            exec_query('
                    INSERT INTO admin (
                        admin_name, admin_pass, admin_type, domain_created, created_by, fname, lname, firm, zip, city,
                        state, country, email, phone, fax, street1, street2, gender
                    ) VALUES (
                        ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?
                    )
                ', array($data['admin_name'], cryptPasswordWithSalt($data['password']), 'reseller', time(), $_SESSION['user_id'], $data['fname'], $data['lname'], $data['firm'], $data['zip'], $data['city'], $data['state'], $data['country'], $data['email'], $data['phone'], $data['fax'], $data['street1'], $data['street2'], $data['gender']));
            // Get new reseller unique identifier
            $resellerId = $db->insertId();
            // Insert reseller GUI properties into database
            exec_query('INSERT INTO user_gui_props (user_id, lang, layout) VALUES (?, ?, ?)', array($resellerId, $cfg['USER_INITIAL_LANG'], $cfg['USER_INITIAL_THEME']));
            // Insert reseller properties into database
            exec_query('
                    INSERT INTO reseller_props (
                        reseller_id, reseller_ips, max_dmn_cnt, current_dmn_cnt, max_sub_cnt, current_sub_cnt,
                        max_als_cnt, current_als_cnt, max_mail_cnt, current_mail_cnt, max_ftp_cnt, current_ftp_cnt,
                        max_sql_db_cnt, current_sql_db_cnt, max_sql_user_cnt, current_sql_user_cnt, max_traff_amnt,
                        current_traff_amnt, max_disk_amnt, current_disk_amnt, support_system, customer_id,
                        software_allowed, softwaredepot_allowed, websoftwaredepot_allowed, php_ini_system,
                        php_ini_al_disable_functions, php_ini_al_mail_function, php_ini_al_allow_url_fopen,
                        php_ini_al_display_errors, php_ini_max_post_max_size, php_ini_max_upload_max_filesize,
                        php_ini_max_max_execution_time, php_ini_max_max_input_time, php_ini_max_memory_limit
                    ) VALUES (
                        ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?,
                        ?, ?, ?
                    )
                ', array($resellerId, implode(';', $resellerIps) . ';', $data['max_dmn_cnt'], '0', $data['max_sub_cnt'], '0', $data['max_als_cnt'], '0', $data['max_mail_cnt'], '0', $data['max_ftp_cnt'], '0', $data['max_sql_db_cnt'], '0', $data['max_sql_user_cnt'], '0', $data['max_traff_amnt'], '0', $data['max_disk_amnt'], '0', $data['support_system'], $data['customer_id'], $data['software_allowed'], $data['softwaredepot_allowed'], $data['websoftwaredepot_allowed'], $phpini->getResellerPermission('phpiniSystem'), $phpini->getResellerPermission('phpiniDisableFunctions'), $phpini->getResellerPermission('phpiniMailFunction'), $phpini->getResellerPermission('phpiniAllowUrlFopen'), $phpini->getResellerPermission('phpiniDisplayErrors'), $phpini->getResellerPermission('phpiniPostMaxSize'), $phpini->getResellerPermission('phpiniUploadMaxFileSize'), $phpini->getResellerPermission('phpiniMaxExecutionTime'), $phpini->getResellerPermission('phpiniMaxInputTime'), $phpini->getResellerPermission('phpiniMemoryLimit')));
            $db->commit();
            // Creating Software repository for reseller if needed
            if ($data['software_allowed'] == 'yes' && !@mkdir($cfg['GUI_APS_DIR'] . '/' . $resellerId, 0750, true)) {
                write_log(sprintf('System was unable to create the %s directory for reseller software repository', "{$cfg['GUI_APS_DIR']}/{$resellerId}"), E_USER_ERROR);
            }
            iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onAfterAddUser);
            send_add_user_auto_msg($_SESSION['user_id'], $data['admin_name'], $data['password'], $data['email'], $data['fname'], $data['lname'], tr('Reseller'));
            write_log(sprintf('A new reseller account (%s) has been created by %s', $data['admin_name'], $_SESSION['user_logged']), E_USER_NOTICE);
            set_page_message(tr('Reseller account successfully created.'), 'success');
            return true;
        }
    } catch (iMSCP_Exception_Database $e) {
        $db->rollBack();
        throw $e;
    }
    if (!empty($errFieldsStack)) {
        iMSCP_Registry::set('errFieldsStack', $errFieldsStack);
    }
    return false;
}
Ejemplo n.º 7
0
function add_ftp_user($sql, $dmn_name)
{
    $cfg = EasySCP_Registry::get('Config');
    $username = strtolower(clean_input($_POST['username']));
    if (!validates_username($username)) {
        set_page_message(tr("Incorrect username length or syntax!"), 'warning');
        return;
    }
    // Set default values ($ftp_home may be overwritten if user
    // has specified a mount point)
    switch ($_POST['dmn_type']) {
        // Default moint point for a domain
        case 'dmn':
            $ftp_user = $username . $cfg->FTP_USERNAME_SEPARATOR . $dmn_name;
            $ftp_home = $cfg->FTP_HOMEDIR . "/{$dmn_name}";
            break;
            // Default mount point for an alias domain
        // Default mount point for an alias domain
        case 'als':
            $ftp_user = $username . $cfg->FTP_USERNAME_SEPARATOR . $_POST['als_id'];
            $alias_mount_point = get_alias_mount_point($sql, $_POST['als_id']);
            $ftp_home = $cfg->FTP_HOMEDIR . "/{$dmn_name}" . $alias_mount_point;
            break;
            // Default mount point for a subdomain
        // Default mount point for a subdomain
        case 'sub':
            $ftp_user = $username . $cfg->FTP_USERNAME_SEPARATOR . $_POST['sub_id'] . '.' . $dmn_name;
            $ftp_home = $cfg->FTP_HOMEDIR . "/{$dmn_name}/" . clean_input($_POST['sub_id']);
            break;
            // Unknown domain type (?)
        // Unknown domain type (?)
        default:
            set_page_message(tr('Unknown domain type'), 'error');
            return;
            break;
    }
    // User-specified mount point
    if (isset($_POST['use_other_dir']) && $_POST['use_other_dir'] === 'on') {
        $ftp_vhome = clean_input($_POST['other_dir'], false);
        // Strip possible double-slashes
        $ftp_vhome = str_replace('//', '/', $ftp_vhome);
        // Check for updirs ".."
        $res = preg_match("/\\.\\./", $ftp_vhome);
        if ($res !== 0) {
            set_page_message(tr('Incorrect mount point length or syntax'), 'error');
            return;
        }
        $ftp_home = $cfg->FTP_HOMEDIR . "/{$dmn_name}/" . $ftp_vhome;
        // Strip possible double-slashes
        $ftp_home = str_replace('//', '/', $ftp_home);
        // Check for $ftp_vhome existence
        // Create a virtual filesystem (it's important to use =&!)
        $vfs = new EasySCP_VirtualFileSystem($dmn_name, $sql);
        // Check for directory existence
        $res = $vfs->exists($ftp_vhome);
        if (!$res) {
            set_page_message(tr('%s does not exist', $ftp_vhome), 'error');
            return;
        }
    }
    // End of user-specified mount-point
    $ftp_gid = get_ftp_user_gid($sql, $dmn_name, $ftp_user);
    $ftp_uid = get_ftp_user_uid($sql, $dmn_name, $ftp_user, $ftp_gid);
    if ($ftp_uid == -1) {
        return;
    }
    $ftp_shell = $cfg->CMD_SHELL;
    $ftp_passwd = crypt_user_pass_with_salt($_POST['pass']);
    $ftp_loginpasswd = encrypt_db_password($_POST['pass']);
    $query = "\n\t\tINSERT INTO ftp_users\n\t\t\t(`userid`, `passwd`, `net2ftppasswd`, `uid`, `gid`, `shell`, `homedir`)\n\t\tVALUES\n\t\t\t(?, ?, ?, ?, ?, ?, ?)\n\t";
    exec_query($sql, $query, array($ftp_user, $ftp_passwd, $ftp_loginpasswd, $ftp_uid, $ftp_gid, $ftp_shell, $ftp_home));
    $domain_props = get_domain_default_props($_SESSION['user_id']);
    update_reseller_c_props($domain_props['domain_created_id']);
    write_log($_SESSION['user_logged'] . ": add new FTP account: {$ftp_user}");
    set_page_message(tr('FTP account added!'), 'success');
    user_goto('ftp_accounts.php');
}
Ejemplo n.º 8
0
											web_software_inst
										WHERE
											domain_id = ?
										AND
											path = ?
									', array($domainId, $otherDir));
                                if ($stmt->rowCount()) {
                                    $row = $stmt->fetchRow(PDO::FETCH_ASSOC);
                                    set_page_message(tr('Please select another directory. %s (%s) is installed there.', $row['software_name'], $row['software_version']), 'error');
                                    $error = true;
                                }
                            }
                        }
                        # Note: Comma is not allowed in input data because it is used as data delimiter by the backend.
                        # Check application username
                        if (!validates_username($appLoginName)) {
                            set_page_message(tr('Invalid username.'), 'error');
                            $error = true;
                        }
                        # Check application password
                        if (!checkPasswordSyntax($appPassword)) {
                            $error = true;
                        } elseif (strpos($appPassword, ',') !== false) {
                            set_page_message(tr('Password with comma(s) are not accepted.'), 'error');
                            $error = true;
                        }
                        # Check application email
                        if (!chk_email($appEmail)) {
                            set_page_message(tr('Invalid email address.'), 'error');
                            $error = true;
                        } elseif (strpos($appLoginName, ',') !== false) {
Ejemplo n.º 9
0
function check_user_data()
{
    $cfg = EasySCP_Registry::get('Config');
    $sql = EasySCP_Registry::get('Db');
    if (!validates_username($_POST['username'])) {
        set_page_message(tr("Incorrect username length or syntax!"), 'warning');
        return false;
    }
    if (!chk_password($_POST['pass'])) {
        if ($cfg->PASSWD_STRONG) {
            set_page_message(sprintf(tr('The password must be at least %s chars long and contain letters and numbers to be valid.'), $cfg->PASSWD_CHARS), 'warning');
        } else {
            set_page_message(sprintf(tr('Password data is shorter than %s signs or includes not permitted signs!'), $cfg->PASSWD_CHARS), 'warning');
        }
        return false;
    }
    if ($_POST['pass'] != $_POST['pass_rep']) {
        set_page_message(tr('Entered passwords do not match!'), 'warning');
        return false;
    }
    if (!chk_email($_POST['email'])) {
        set_page_message(tr('Incorrect email length or syntax!'), 'warning');
        return false;
    }
    $query = "\n\t\tSELECT\n\t\t\t`admin_id`\n\t\tFROM\n\t\t\t`admin`\n\t\tWHERE\n\t\t\t`admin_name` = ?\n";
    $username = clean_input($_POST['username']);
    $rs = exec_query($sql, $query, $username);
    if ($rs->recordCount() != 0) {
        set_page_message(tr('This user name already exist!'), 'error');
        return false;
    }
    return true;
}
Ejemplo n.º 10
0
/**
 * Add Ftp account
 *
 * @throws iMSCP_Exception_Database
 * @param string $mainDmnName Customer main domain
 * @return bool TRUE on success, FALSE otherwise
 */
function ftp_addAccount($mainDmnName)
{
    $ret = true;
    if (isset($_POST['domain_type']) && isset($_POST['username']) && isset($_POST['domain_name']) && isset($_POST['password']) && isset($_POST['password_repeat']) && isset($_POST['home_dir'])) {
        $username = clean_input($_POST['username']);
        $dmnName = clean_input($_POST['domain_name']);
        $passwd = clean_input($_POST['password']);
        $passwdRepeat = clean_input($_POST['password_repeat']);
        $homeDir = clean_input($_POST['home_dir']);
        if (!validates_username($username)) {
            set_page_message(tr("Incorrect username length or syntax."), 'error');
            $ret = false;
        }
        if ($passwd !== $passwdRepeat) {
            set_page_message(tr("Passwords do not match"), 'error');
            $ret = false;
        } elseif (!checkPasswordSyntax($passwd)) {
            $ret = false;
        }
        // Check for home directory existence
        if ($homeDir != '/' && $homeDir != '') {
            // Strip possible double-slashes
            $homeDir = str_replace('//', '/', $homeDir);
            // Check for updirs '..'
            if (strpos($homeDir, '..') !== false) {
                set_page_message(tr('Invalid home directory.'), 'error');
                $ret = false;
            }
            if ($ret) {
                $vfs = new iMSCP_VirtualFileSystem($mainDmnName);
                if (!$vfs->exists($homeDir)) {
                    set_page_message(tr("Home directory '%s' doesn't exist", $homeDir), 'error');
                    $ret = false;
                }
            }
        }
        if ($ret) {
            // Check that the customer is the owner of the domain for which the ftp Account is added
            if (!customerHasDomain($dmnName, $_SESSION['user_id'])) {
                showBadRequestErrorPage();
            }
            /** @var $cfg iMSCP_Config_Handler_File */
            $cfg = iMSCP_Registry::get('config');
            $userid = $username . '@' . decode_idna($dmnName);
            $encryptedPassword = cryptPasswordWithSalt($passwd);
            $shell = '/bin/sh';
            $homeDir = rtrim(str_replace('//', '/', $cfg->USER_WEB_DIR . '/' . $mainDmnName . '/' . $homeDir), '/');
            // Retrieve customer uid/gid
            $query = '
				SELECT
					`t1`.`admin_name`, `t1`.`admin_sys_uid`, `t1`.`admin_sys_gid`, `t2`.`domain_disk_limit`,
					count(`t3`.`name`) AS `quota_entry`
				FROM
					`admin` AS `t1`
				LEFT JOIN
					`domain` AS `t2` ON (`t2`.`domain_admin_id` = `t1`.`admin_id` )
				LEFT JOIN
					`quotalimits` AS `t3` ON (`t3`.`name` = `t1`.`admin_name` )
				WHERE
					`t1`.`admin_id` = ?
			';
            $stmt = exec_query($query, $_SESSION['user_id']);
            $groupName = $stmt->fields['admin_name'];
            $uid = $stmt->fields['admin_sys_uid'];
            $gid = $stmt->fields['admin_sys_gid'];
            $diskspaceLimit = $stmt->fields['domain_disk_limit'];
            $quotaEntriesExist = $stmt->fields['quota_entry'] ? true : false;
            iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onBeforeAddFtp, array('ftpUserId' => $userid, 'ftpPassword' => $encryptedPassword, 'ftpRawPassword' => $passwd, 'ftpUserUid' => $uid, 'ftpUserGid' => $gid, 'ftpUserShell' => $shell, 'ftpUserHome' => $homeDir));
            /** @var $db iMSCP_Database */
            $db = iMSCP_Database::getInstance();
            try {
                $db->beginTransaction();
                // Add ftp user
                $query = "\n\t\t\t\t\tINSERT INTO `ftp_users` (\n\t\t\t\t\t\t`userid`, `admin_id`, `passwd`, `rawpasswd`, `uid`, `gid`, `shell`, `homedir`\n\t\t\t\t\t) VALUES (\n\t\t\t\t\t\t?, ?, ?, ?, ?, ?, ?, ?\n\t\t\t\t\t)\n\t\t\t\t";
                exec_query($query, array($userid, $_SESSION['user_id'], $encryptedPassword, $passwd, $uid, $gid, $shell, $homeDir));
                $query = "SELECT `members` FROM `ftp_group` WHERE `groupname` = ? LIMIT 1";
                $stmt = exec_query($query, $groupName);
                // Ftp group
                if (!$stmt->rowCount()) {
                    $query = "INSERT INTO `ftp_group` (`groupname`, `gid`, `members`) VALUES (?, ?, ?)";
                    exec_query($query, array($groupName, $gid, $userid));
                } else {
                    $query = "UPDATE `ftp_group` SET `members` = ? WHERE `groupname` = ?";
                    exec_query($query, array("{$stmt->fields['members']},{$userid}", $groupName));
                }
                // Quota limit
                if (!$quotaEntriesExist) {
                    $query = "\n\t\t\t\t\t\tINSERT INTO `quotalimits` (\n\t\t\t\t\t\t\t`name`, `quota_type`, `per_session`, `limit_type`, `bytes_in_avail`, `bytes_out_avail`,\n\t\t\t\t\t\t\t`bytes_xfer_avail`, `files_in_avail`, `files_out_avail`, `files_xfer_avail`\n\t\t\t\t\t\t) VALUES (\n\t\t\t\t\t\t\t?, ?, ?, ?, ?, ?, ?, ?, ?, ?\n\t\t\t\t\t\t)\n\t\t\t\t\t";
                    exec_query($query, array($groupName, 'group', 'false', 'hard', $diskspaceLimit * 1024 * 1024, 0, 0, 0, 0, 0));
                }
                $db->commit();
            } catch (iMSCP_Exception_Database $e) {
                $db->rollBack();
                if ($e->getCode() == 23000) {
                    set_page_message(tr('Ftp account with same username already exists.'), 'error');
                    $ret = false;
                } else {
                    throw $e;
                }
            }
            if ($ret) {
                iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onAfterAddFtp, array('ftpUserId' => $userid, 'ftpPassword' => $encryptedPassword, 'ftpRawPassword' => $passwd, 'ftpUserUid' => $uid, 'ftpUserGid' => $gid, 'ftpUserShell' => $shell, 'ftpUserHome' => $homeDir));
                write_log(sprintf("%s added Ftp account: %s", $_SESSION['user_logged'], $userid), E_USER_NOTICE);
                set_page_message(tr('FTP account successfully added.'), 'success');
            }
        }
    } else {
        showBadRequestErrorPage();
    }
    return $ret;
}
Ejemplo n.º 11
0
function check_user_data()
{
    global $reseller_ips;
    $cfg = EasySCP_Registry::get('Config');
    $sql = EasySCP_Registry::get('Db');
    $username = clean_input($_POST['username']);
    $query = "\n\t\tSELECT\n\t\t\t`admin_id`\n\t\tFROM\n\t\t\t`admin`\n\t\tWHERE\n\t\t\t`admin_name` = ?\n\t;";
    $rs = exec_query($sql, $query, $username);
    if ($rs->recordCount() != 0) {
        set_page_message(tr('This user name already exist!'), 'warning');
        return false;
    }
    if (!validates_username(clean_input($_POST['username']))) {
        set_page_message(tr("Incorrect username length or syntax!"), 'warning');
        return false;
    }
    if (!chk_password($_POST['pass'])) {
        if ($cfg->PASSWD_STRONG) {
            set_page_message(sprintf(tr('The password must be at least %s long and contain letters and numbers to be valid.'), $cfg->PASSWD_CHARS), 'warning');
        } else {
            set_page_message(sprintf(tr('Password data is shorter than %s signs or includes not permitted signs!'), $cfg->PASSWD_CHARS), 'warning');
        }
        return false;
    }
    if ($_POST['pass'] != $_POST['pass_rep']) {
        set_page_message(tr("Entered passwords do not match!"), 'warning');
        return false;
    }
    if (!chk_email(clean_input($_POST['email']))) {
        set_page_message(tr("Incorrect email syntax!"), 'warning');
        return false;
    }
    if (!easyscp_limit_check($_POST['nreseller_max_domain_cnt'], null)) {
        set_page_message(tr("Incorrect domains limit!"), 'warning');
        return false;
    }
    if (!easyscp_limit_check($_POST['nreseller_max_subdomain_cnt'], -1)) {
        set_page_message(tr("Incorrect subdomains limit!"), 'warning');
        return false;
    }
    if (!easyscp_limit_check($_POST['nreseller_max_alias_cnt'], -1)) {
        set_page_message(tr('Incorrect aliases limit!'), 'warning');
        return false;
    }
    if (!easyscp_limit_check($_POST['nreseller_max_ftp_cnt'], -1)) {
        set_page_message(tr('Incorrect FTP accounts limit!'), 'warning');
        return false;
    }
    if (!easyscp_limit_check($_POST['nreseller_max_mail_cnt'], -1)) {
        set_page_message(tr('Incorrect mail accounts limit!'), 'warning');
        return false;
    }
    if (!easyscp_limit_check($_POST['nreseller_max_sql_db_cnt'], -1)) {
        set_page_message(tr('Incorrect SQL databases limit!'), 'warning');
        return false;
    } else {
        if ($_POST['nreseller_max_sql_db_cnt'] == -1 && $_POST['nreseller_max_sql_user_cnt'] != -1) {
            set_page_message(tr('SQL databases limit is <em>disabled</em> but SQL users limit not!'), 'warning');
            return false;
        }
    }
    if (!easyscp_limit_check($_POST['nreseller_max_sql_user_cnt'], -1)) {
        set_page_message(tr('Incorrect SQL users limit!'), 'warning');
        return false;
    } else {
        if ($_POST['nreseller_max_sql_db_cnt'] != -1 && $_POST['nreseller_max_sql_user_cnt'] == -1) {
            set_page_message(tr('SQL users limit is <em>disabled</em> but SQL databases limit not!'), 'warning');
            return false;
        }
    }
    if (!easyscp_limit_check($_POST['nreseller_max_traffic'], null)) {
        set_page_message(tr('Incorrect traffic limit!'), 'warning');
        return false;
    }
    if (!easyscp_limit_check($_POST['nreseller_max_disk'], null)) {
        set_page_message(tr('Incorrect disk quota limit!'), 'warning');
        return false;
    }
    if ($reseller_ips == '') {
        set_page_message(tr('You must assign at least one IP number for a reseller!'), 'warning');
        return false;
    }
    return true;
}