function padd_user(&$tpl, &$sql, &$dmn_id) { if (isset($_POST['uaction']) && $_POST['uaction'] == 'add_user') { // we have user to add if (isset($_POST['username']) && isset($_POST['pass']) && isset($_POST['pass_rep'])) { if (chk_username($_POST['username']) > 0) { set_page_message(tr('Wrong username!')); return; } if (chk_password($_POST['pass']) > 0) { set_page_message(tr('Incorrect password range or syntax!')); return; } if ($_POST['pass'] !== $_POST['pass_rep']) { set_page_message(tr('Passwords does not match!')); return; } $uname = $_POST['username']; $upass = crypt($_POST['pass']); $query = <<<SQL_QUERY select \t\t\tid from htaccess_users where uname = ? \t\t\t and \t\t\t dmn_id = ? SQL_QUERY; $rs = exec_query($sql, $query, array($uname, $dmn_id)); if ($rs->RecordCount() == 0) { $query = <<<SQL_QUERY insert into htaccess_users (dmn_id, uname, upass) values (?, ?, ?) SQL_QUERY; $rs = exec_query($sql, $query, array($dmn_id, $uname, $upass)); $admin_login = $_SESSION['user_logged']; write_log("{$admin_login}: add user (protected areas) -> {$uname}"); header('Location: puser_manage.php'); die; } else { set_page_message(tr('User already exist !')); return; } } } else { return; } }
function padd_group(&$tpl, &$sql, &$dmn_id) { if (isset($_POST['uaction']) && $_POST['uaction'] == 'add_group') { // we have user to add if (isset($_POST['groupname'])) { if (chk_username($_POST['groupname']) > 0) { set_page_message(tr('Wrong username!')); return; } $groupname = $_POST['groupname']; $query = <<<SQL_QUERY select \t\t\tid from htaccess_groups where ugroup = ? \t\tand \t\t\t dmn_id = ? SQL_QUERY; $rs = exec_query($sql, $query, array($groupname, $dmn_id)); if ($rs->RecordCount() == 0) { $query = <<<SQL_QUERY insert into htaccess_groups (dmn_id, ugroup) values (?, ?) SQL_QUERY; $rs = exec_query($sql, $query, array($dmn_id, $groupname)); $admin_login = $_SESSION['user_logged']; write_log("{$admin_login}: add group (protected areas) -> {$groupname}"); $gadd = 1; header('Location: puser_manage.php'); die; } else { set_page_message(tr('Group already exist !')); return; } } } else { return; } }
function check_user_data() { global $reseller_ips, $sql; $username = $_POST['username']; $query = <<<SQL_QUERY select admin_id from admin where admin_name=? SQL_QUERY; $rs = exec_query($sql, $query, array($username)); if ($rs->RecordCount() != 0) { set_page_message(tr('This user name already exist!')); return false; } if (chk_username($_POST['username'])) { set_page_message(tr("Incorrect username range or syntax!")); return false; } if (chk_password($_POST['pass'])) { set_page_message(tr("Incorrect password range or syntax!")); return false; } if ($_POST['pass'] != $_POST['pass_rep']) { set_page_message(tr("Entered passwords does not match!")); return false; } if (chk_email($_POST['email'])) { set_page_message(tr("Incorrect email range or syntax!")); return false; } if (!vhcs_limit_check($_POST['nreseller_max_domain_cnt'], 999) || $_POST['nreseller_max_domain_cnt'] == -1) { set_page_message(tr("Incorrect max domain count or syntax!")); return false; } if (!vhcs_limit_check($_POST['nreseller_max_subdomain_cnt'], 999) || $_POST['nreseller_max_subdomain_cnt'] == -1) { set_page_message(tr("Incorrect max subdomain count or syntax!")); return false; } if (!vhcs_limit_check($_POST['nreseller_max_alias_cnt'], 999) || $_POST['nreseller_max_alias_cnt'] == -1) { set_page_message(tr('Incorrect max alias count or syntax!')); return false; } if (!vhcs_limit_check($_POST['nreseller_max_ftp_cnt'], 999) || $_POST['nreseller_max_ftp_cnt'] == -1) { set_page_message(tr('Incorrect max FTP count or syntax!')); return false; } if (!vhcs_limit_check($_POST['nreseller_max_mail_cnt'], 999) || $_POST['nreseller_max_mail_cnt'] == -1) { set_page_message(tr('Incorrect max mail count or syntax!')); return false; } else { if (!vhcs_limit_check($_POST['nreseller_max_sql_db_cnt'], 999) || $_POST['nreseller_max_sql_db_cnt'] == -1) { set_page_message(tr('Incorrect max SQL databases count or syntax!')); return false; } else { if (!vhcs_limit_check($_POST['nreseller_max_sql_user_cnt'], 999) || $_POST['nreseller_max_sql_user_cnt'] == -1) { set_page_message(tr('Incorrect max SQL users count or syntax!')); return false; } else { if (!vhcs_limit_check($_POST['nreseller_max_traffic'], 999999) || $_POST['nreseller_max_traffic'] == -1) { set_page_message(tr('Incorrect max traffic amount or syntax!')); return false; } else { if (!vhcs_limit_check($_POST['nreseller_max_disk'], 999999) || $_POST['nreseller_max_disk'] == -1) { set_page_message(tr('Incorrect max disk amount or syntax!')); return false; } else { if ($reseller_ips == '') { set_page_message(tr('You must assign at least one IP number for a reseller!')); return false; } } } } } } return true; }
function check_user_data() { global $sql; $username = $_POST['username']; $query = <<<SQL_QUERY select admin_id from admin where admin_name = ? SQL_QUERY; $rs = exec_query($sql, $query, array($username)); if ($rs->RecordCount() != 0) { set_page_message(tr('This user name already exist!')); return false; } if (chk_username($_POST['username'])) { set_page_message(tr("Incorrect username range or syntax!")); return false; } if (chk_password($_POST['pass'])) { set_page_message(tr("Incorrect password range or syntax!")); return false; } if ($_POST['pass'] != $_POST['pass_rep']) { set_page_message(tr("Entered passwords does not match!")); return false; } if (chk_email($_POST['email'])) { set_page_message(tr("Incorrect email range or syntax!")); return false; } return true; }
function add_ftp_user(&$sql, $dmn_name) { global $cfg; $username = strtolower($_POST['username']); $res_uname = preg_match("/\\./", $username, $match); if ($res_uname == 1) { set_page_message(tr("Incorrect username range or syntax!")); return; } $res = preg_match("/\\.\\./", $_POST['other_dir'], $match); if (chk_username($username)) { set_page_message(tr("Incorrect username range or syntax!")); return; } if ($_POST['dmn_type'] === 'dmn') { $ftp_user = $username . $cfg['FTP_USERNAME_SEPARATOR'] . $dmn_name; if (isset($_POST['use_other_dir']) && $_POST['use_other_dir'] === 'on') { $ftp_home = $cfg['FTP_HOMEDIR'] . "/{$dmn_name}" . $_POST['other_dir']; if (!is_dir($ftp_home) || $res !== 0) { set_page_message($_POST['other_dir'] . tr(' do not exist')); return; } } else { $ftp_home = $cfg['FTP_HOMEDIR'] . "/{$dmn_name}"; } } else { if ($_POST['dmn_type'] === 'als') { $ftp_user = $username . $cfg['FTP_USERNAME_SEPARATOR'] . $_POST['als_id']; $alias_mount_point = get_alias_mount_point($sql, $_POST['als_id']); if (isset($_POST['use_other_dir']) && $_POST['use_other_dir'] === 'on') { $ftp_home = $cfg['FTP_HOMEDIR'] . "/{$dmn_name}" . $_POST['other_dir']; if (!is_dir($ftp_home) || $res !== 0) { set_page_message($_POST['other_dir'] . tr(' do not exist')); return; } } else { $ftp_home = $cfg['FTP_HOMEDIR'] . "/{$dmn_name}" . $alias_mount_point; } } else { if ($_POST['dmn_type'] === 'sub') { $ftp_user = $username . $cfg['FTP_USERNAME_SEPARATOR'] . $_POST['sub_id'] . '.' . $dmn_name; if (isset($_POST['use_other_dir']) && $_POST['use_other_dir'] === 'on') { $ftp_home = $cfg['FTP_HOMEDIR'] . "/{$dmn_name}" . $_POST['other_dir']; if (!is_dir($ftp_home) || $res !== 0) { set_page_message($_POST['other_dir'] . tr(' do not exist')); return; } } else { $ftp_home = $cfg['FTP_HOMEDIR'] . "/{$dmn_name}" . "/" . $_POST['sub_id']; } } } } $ftp_gid = get_ftp_user_gid($sql, $dmn_name, $ftp_user); $ftp_uid = get_ftp_user_uid($sql, $dmn_name, $ftp_user, $ftp_gid); if ($ftp_uid == -1) { return; } $ftp_shell = $cfg['FTP_SHELL']; $ftp_passwd = crypt_user_ftp_pass($_POST['pass']); $query = <<<SQL_QUERY insert into ftp_users (userid, passwd, uid, gid, shell, homedir) values (?, ?, ?, ?, ?, ?) SQL_QUERY; $rs = exec_query($sql, $query, array($ftp_user, $ftp_passwd, $ftp_uid, $ftp_gid, $ftp_shell, $ftp_home)); write_log($_SESSION['user_logged'] . " : add new FTP account -> {$ftp_user}"); set_page_message(tr('FTP account added!')); header('Location: ftp_accounts.php'); exit(0); }
function schedule_mail_account(&$sql, $dmn_id, $dmn_name) { global $cfg; $domain_id = $dmn_id; // standard whithoz encoding //$mail_acc = $_POST['username']; // lets encode the mail $mail_acc_tmp = strtolower($_POST['username']); $mail_acc = get_punny($mail_acc_tmp); //encoded $status = $cfg['ITEM_ADD_STATUS']; $mail_auto_respond = '_no_'; if ($_POST['mail_type'] === 'normal') { if ($_POST['dmn_type'] === 'dmn') { $mail_pass = $_POST['pass']; $mail_forward = '_no_'; $mail_type = 'normal_mail'; $sub_id = '0'; } else { if ($_POST['dmn_type'] === 'sub') { $mail_pass = $_POST['pass']; $mail_forward = '_no_'; $mail_type = 'subdom_mail'; $sub_id = $_POST['sub_id']; } else { if ($_POST['dmn_type'] === 'als') { $mail_pass = $_POST['pass']; $mail_forward = '_no_'; $mail_type = 'alias_mail'; $sub_id = $_POST['als_id']; } } } $check_acc_query = <<<SQL_QUERY select count(mail_id) as cnt from mail_users where mail_acc = ? and domain_id = ? and mail_type = ? and sub_id = ? SQL_QUERY; $rs = exec_query($sql, $check_acc_query, array($mail_acc, $domain_id, $mail_type, $sub_id)); } else { if ($_POST['mail_type'] === 'forward') { if ($_POST['dmn_type'] === 'dmn') { $mail_pass = '******'; $mail_forward = $_POST['forward_list']; $faray = preg_split("/[\n]+/", $mail_forward); foreach ($faray as $value) { $value = trim($value); if (chk_email($value) > 0 && $value !== '') { /* ERR .. strange :) not email in this line - warrning */ set_page_message(tr("Mail forward list error!")); return; } else { if ($value === '') { set_page_message(tr("Mail forward list error!")); return; } } } $mail_type = 'normal_forward'; $sub_id = '0'; } else { if ($_POST['dmn_type'] === 'sub') { $mail_pass = '******'; $mail_forward = $_POST['forward_list']; $faray = preg_split("/[\n]+/", $mail_forward); foreach ($faray as $value) { $value = trim($value); if (chk_email($value) > 0 && $value !== '') { /* ERR .. strange :) not email in this line - warrning */ set_page_message(tr("Mail forward list error!")); return; } } $mail_type = 'subdom_forward'; $sub_id = $_POST['sub_id']; } else { if ($_POST['dmn_type'] === 'als') { $mail_pass = '******'; $mail_forward = $_POST['forward_list']; $faray = preg_split("/[\n]+/", $mail_forward); foreach ($faray as $value) { $value = trim($value); if (chk_email($value) > 0 && $value !== '') { /* ERR .. strange :) not email in this line - warrning */ set_page_message(tr("Mail forward list error!")); return; } } $mail_type = 'alias_forward'; $sub_id = $_POST['als_id']; } } } $check_acc_query = <<<SQL_QUERY select count(mail_id) as cnt from mail_users where mail_acc = ? and domain_id = ? and sub_id = ? SQL_QUERY; $rs = exec_query($sql, $check_acc_query, array($mail_acc, $domain_id, $sub_id)); } } if ($rs->fields['cnt'] > 0) { set_page_message(tr('Mail account already exists!')); return; } if (chk_username($mail_acc)) { set_page_message(tr("Incorrect username range or syntax!")); return; } check_for_lock_file(); $query = <<<SQL_QUERY insert into mail_users (mail_acc, mail_pass, mail_forward, domain_id, mail_type, sub_id, status, mail_auto_respond) values (?, ?, ?, ?, ?, ?, ?, ?) SQL_QUERY; $rs = exec_query($sql, $query, array($mail_acc, $mail_pass, $mail_forward, $domain_id, $mail_type, $sub_id, $status, $mail_auto_respond)); write_log($_SESSION['user_logged'] . " : add new mail account -> " . $mail_acc . "@" . $dmn_name); set_page_message(tr('Mail account scheduled for addition!')); send_request(); header("Location: email_accounts.php"); exit(0); }