function padd_user($tpl, $sql, $dmn_id) { $cfg = EasySCP_Registry::get('Config'); if (isset($_POST['uaction']) && $_POST['uaction'] == 'add_user') { // we have to add the user if (isset($_POST['username']) && isset($_POST['pass']) && isset($_POST['pass_rep'])) { if (!validates_username($_POST['username'])) { set_page_message(tr('Wrong username!'), 'warning'); return; } if (!chk_password($_POST['pass'])) { if ($cfg->PASSWD_STRONG) { set_page_message(sprintf(tr('The password must be at least %s chars long and contain letters and numbers to be valid.'), $cfg->PASSWD_CHARS), 'warning'); } else { set_page_message(sprintf(tr('Password data is shorter than %s signs or includes not permitted signs!'), $cfg->PASSWD_CHARS), 'warning'); } return; } if ($_POST['pass'] !== $_POST['pass_rep']) { set_page_message(tr('Passwords do not match!'), 'warning'); return; } $status = $cfg->ITEM_ADD_STATUS; $uname = clean_input($_POST['username']); $upass = crypt_user_pass_with_salt($_POST['pass']); $query = "\n\t\t\t\tSELECT\n\t\t\t\t\t`id`\n\t\t\t\tFROM\n\t\t\t\t\t`htaccess_users`\n\t\t\t\tWHERE\n\t\t\t\t\t`uname` = ?\n\t\t\t\tAND\n\t\t\t\t\t`dmn_id` = ?\n\t\t\t"; $rs = exec_query($sql, $query, array($uname, $dmn_id)); if ($rs->recordCount() == 0) { $query = "\n\t\t\t\t\tINSERT INTO `htaccess_users`\n\t\t\t\t\t\t(`dmn_id`, `uname`, `upass`, `status`)\n\t\t\t\t\tVALUES\n\t\t\t\t\t\t(?, ?, ?, ?)\n\t\t\t\t"; exec_query($sql, $query, array($dmn_id, $uname, $upass, $status)); send_request('110 DOMAIN htaccess ' . $dmn_id); $admin_login = $_SESSION['user_logged']; write_log("{$admin_login}: add user (protected areas): {$uname}"); user_goto('protected_user_manage.php'); } else { set_page_message(tr('User already exist !'), 'error'); return; } } } else { return; } }
/** * Create a temporary FTP user * * @return boolean Returns TRUE on success, FALSE on failure */ protected function _createTmpUser() { $cfg = EasySCP_Registry::get('Config'); // Get domain data $query = "\n\t\t\tSELECT\n\t\t\t\t`domain_uid`,\n\t\t\t\t`domain_gid`\n\t\t\tFROM\n\t\t\t\t`domain`\n\t\t\tWHERE\n\t\t\t\t`domain_name` = ?\n\t\t\t;\n\t\t"; $rs = exec_query($this->_db, $query, $this->_domain); if (!$rs) { return false; } // Generate a random userid and password $user = uniqid('tmp_') . '@' . $this->_domain; $this->_passwd = uniqid('tmp_', true); $passwd = crypt_user_pass_with_salt($this->_passwd); // Create the temporary user $query = "\n\t\t\tINSERT INTO\n\t\t\t\t`ftp_users` (\n\t\t\t\t\t`userid`, `passwd`, `uid`, `gid`, `shell`, `homedir`\n\t\t\t\t) VALUES (\n\t\t\t\t\t?, ?, ?, ?, ?, ?\n\t\t\t\t)\n\t\t\t;\n\t\t"; $rs = exec_query($this->_db, $query, array($user, $passwd, $rs->fields['domain_uid'], $rs->fields['domain_gid'], $cfg->CMD_SHELL, "{$cfg->FTP_HOMEDIR}/{$this->_domain}")); if (!$rs) { return false; } // All ok $this->_user = $user; return true; }
function pedit_user($tpl, $sql, &$dmn_id, &$uuser_id) { $cfg = EasySCP_Registry::get('Config'); if (isset($_POST['uaction']) && $_POST['uaction'] == 'modify_user') { // we have to add the user if (isset($_POST['pass']) && isset($_POST['pass_rep'])) { if (!chk_password($_POST['pass'])) { if ($cfg->PASSWD_STRONG) { set_page_message(sprintf(tr('The password must be at least %s chars long and contain letters and numbers to be valid.'), $cfg->PASSWD_CHARS), 'warning'); } else { set_page_message(sprintf(tr('Password data is shorter than %s signs or includes not permitted signs!'), $cfg->PASSWD_CHARS), 'warning'); } return; } if ($_POST['pass'] !== $_POST['pass_rep']) { set_page_message(tr('Passwords do not match!'), 'warning'); return; } $nadmin_password = crypt_user_pass_with_salt($_POST['pass']); $change_status = $cfg->ITEM_CHANGE_STATUS; $query = "\n\t\t\t\tUPDATE\n\t\t\t\t\t`htaccess_users`\n\t\t\t\tSET\n\t\t\t\t\t`upass` = ?,\n\t\t\t\t\t`status` = ?\n\t\t\t\tWHERE\n\t\t\t\t\t`dmn_id` = ?\n\t\t\t\tAND\n\t\t\t\t\t`id` = ?\n\t\t\t"; exec_query($sql, $query, array($nadmin_password, $change_status, $dmn_id, $uuser_id)); send_request(); $query = "\n\t\t\t\tSELECT\n\t\t\t\t\t`uname`\n\t\t\t\tFROM\n\t\t\t\t\t`htaccess_users`\n\t\t\t\tWHERE\n\t\t\t\t\t`dmn_id` = ?\n\t\t\t\tAND\n\t\t\t\t\t`id` = ?\n\t\t\t"; $rs = exec_query($sql, $query, array($dmn_id, $uuser_id)); $uname = $rs->fields['uname']; $admin_login = $_SESSION['user_logged']; write_log("{$admin_login}: modify user ID (protected areas): {$uname}"); user_goto('protected_user_manage.php'); } } else { return; } }
function add_ftp_user($sql, $dmn_name) { $cfg = EasySCP_Registry::get('Config'); $username = strtolower(clean_input($_POST['username'])); if (!validates_username($username)) { set_page_message(tr("Incorrect username length or syntax!"), 'warning'); return; } // Set default values ($ftp_home may be overwritten if user // has specified a mount point) switch ($_POST['dmn_type']) { // Default moint point for a domain case 'dmn': $ftp_user = $username . $cfg->FTP_USERNAME_SEPARATOR . $dmn_name; $ftp_home = $cfg->FTP_HOMEDIR . "/{$dmn_name}"; break; // Default mount point for an alias domain // Default mount point for an alias domain case 'als': $ftp_user = $username . $cfg->FTP_USERNAME_SEPARATOR . $_POST['als_id']; $alias_mount_point = get_alias_mount_point($sql, $_POST['als_id']); $ftp_home = $cfg->FTP_HOMEDIR . "/{$dmn_name}" . $alias_mount_point; break; // Default mount point for a subdomain // Default mount point for a subdomain case 'sub': $ftp_user = $username . $cfg->FTP_USERNAME_SEPARATOR . $_POST['sub_id'] . '.' . $dmn_name; $ftp_home = $cfg->FTP_HOMEDIR . "/{$dmn_name}/" . clean_input($_POST['sub_id']); break; // Unknown domain type (?) // Unknown domain type (?) default: set_page_message(tr('Unknown domain type'), 'error'); return; break; } // User-specified mount point if (isset($_POST['use_other_dir']) && $_POST['use_other_dir'] === 'on') { $ftp_vhome = clean_input($_POST['other_dir'], false); // Strip possible double-slashes $ftp_vhome = str_replace('//', '/', $ftp_vhome); // Check for updirs ".." $res = preg_match("/\\.\\./", $ftp_vhome); if ($res !== 0) { set_page_message(tr('Incorrect mount point length or syntax'), 'error'); return; } $ftp_home = $cfg->FTP_HOMEDIR . "/{$dmn_name}/" . $ftp_vhome; // Strip possible double-slashes $ftp_home = str_replace('//', '/', $ftp_home); // Check for $ftp_vhome existence // Create a virtual filesystem (it's important to use =&!) $vfs = new EasySCP_VirtualFileSystem($dmn_name, $sql); // Check for directory existence $res = $vfs->exists($ftp_vhome); if (!$res) { set_page_message(tr('%s does not exist', $ftp_vhome), 'error'); return; } } // End of user-specified mount-point $ftp_gid = get_ftp_user_gid($sql, $dmn_name, $ftp_user); $ftp_uid = get_ftp_user_uid($sql, $dmn_name, $ftp_user, $ftp_gid); if ($ftp_uid == -1) { return; } $ftp_shell = $cfg->CMD_SHELL; $ftp_passwd = crypt_user_pass_with_salt($_POST['pass']); $ftp_loginpasswd = encrypt_db_password($_POST['pass']); $query = "\n\t\tINSERT INTO ftp_users\n\t\t\t(`userid`, `passwd`, `net2ftppasswd`, `uid`, `gid`, `shell`, `homedir`)\n\t\tVALUES\n\t\t\t(?, ?, ?, ?, ?, ?, ?)\n\t"; exec_query($sql, $query, array($ftp_user, $ftp_passwd, $ftp_loginpasswd, $ftp_uid, $ftp_gid, $ftp_shell, $ftp_home)); $domain_props = get_domain_default_props($_SESSION['user_id']); update_reseller_c_props($domain_props['domain_created_id']); write_log($_SESSION['user_logged'] . ": add new FTP account: {$ftp_user}"); set_page_message(tr('FTP account added!'), 'success'); user_goto('ftp_accounts.php'); }
/** * Save data for new user in db */ function add_user_data($reseller_id) { global $hpid, $dmn_name, $dmn_expire, $dmn_user_name, $admin_login, $user_email, $customer_id, $first_name, $last_name, $gender, $firm, $zip, $city, $state, $country, $street_one, $street_two, $phone, $fax, $inpass, $domain_ip, $dns, $backup, $countbackup; $sql = EasySCP_Registry::get('Db'); $cfg = EasySCP_Registry::get('Config'); // Let's get Desired Hosting Plan Data; $err_msg = ''; if (!empty($err_msg)) { set_page_message($err_msg, 'error'); return false; } if (isset($_SESSION["ch_hpprops"])) { $props = $_SESSION["ch_hpprops"]; unset($_SESSION["ch_hpprops"]); } else { if (isset($cfg->HOSTING_PLANS_LEVEL) && $cfg->HOSTING_PLANS_LEVEL === 'admin') { $query = 'SELECT `props` FROM `hosting_plans` WHERE `id` = ?'; $res = exec_query($sql, $query, $hpid); } else { $query = "SELECT `props` FROM `hosting_plans` WHERE `reseller_id` = ? AND `id` = ?"; $res = exec_query($sql, $query, array($reseller_id, $hpid)); } $data = $res->fetchRow(); $props = unserialize($data['props']); } $php = $props['allow_php']; $phpe = $props['allow_php_editor']; $cgi = $props['allow_cgi']; $sub = $props['subdomain_cnt']; $als = $props['alias_cnt']; $mail = $props['mail_cnt']; $ftp = $props['ftp_cnt']; $sql_db = $props['db_cnt']; $sql_user = $props['sqluser_cnt']; $traff = $props['traffic']; $disk = $props['disk']; $backup = $props['allow_backup']; $countbackup = $props['disk_countbackup']; $dns = $props['allow_dns']; $ssl = $props['allow_ssl']; $php = preg_replace("/\\_/", "", $php); $phpe = preg_replace("/\\_/", "", $phpe); $cgi = preg_replace("/\\_/", "", $cgi); $ssl = preg_replace("/\\_/", "", $ssl); $backup = preg_replace("/\\_/", "", $backup); $countbackup = preg_replace("/\\_/", "", $countbackup); $dns = preg_replace("/\\_/", "", $dns); $pure_user_pass = $inpass; $inpass = crypt_user_pass($inpass); $first_name = clean_input($first_name); $last_name = clean_input($last_name); $firm = clean_input($firm); $zip = clean_input($zip); $city = clean_input($city); $state = clean_input($state); $country = clean_input($country); $phone = clean_input($phone); $fax = clean_input($fax); $street_one = clean_input($street_one); $street_two = clean_input($street_two); $customer_id = clean_input($customer_id); if (!validates_dname(decode_idna($dmn_user_name))) { return; } $query = "\n\t\tINSERT INTO `admin` (\n\t\t\t`admin_name`, `admin_pass`, `admin_type`, `domain_created`,\n\t\t\t`created_by`, `fname`, `lname`,\n\t\t\t`firm`, `zip`, `city`, `state`,\n\t\t\t`country`, `email`, `phone`,\n\t\t\t`fax`, `street1`, `street2`,\n\t\t\t`customer_id`, `gender`\n\t\t)\n\t\tVALUES (\n\t\t\t?, ?, 'user', unix_timestamp(),\n\t\t\t?, ?, ?,\n\t\t\t?, ?, ?, ?,\n\t\t\t?, ?, ?,\n\t\t\t?, ?, ?,\n\t\t\t?, ?\n\t\t)\n\t"; exec_query($sql, $query, array($dmn_user_name, $inpass, $reseller_id, $first_name, $last_name, $firm, $zip, $city, $state, $country, $user_email, $phone, $fax, $street_one, $street_two, $customer_id, $gender)); print $sql->errorMsg(); $record_id = $sql->insertId(); $query = "\n\t\tINSERT INTO `domain` (\n\t\t\t`domain_name`, `domain_admin_id`,\n\t\t\t`domain_created_id`, `domain_created`, `domain_expires`,\n\t\t\t`domain_mailacc_limit`, `domain_ftpacc_limit`,\n\t\t\t`domain_traffic_limit`, `domain_sqld_limit`,\n\t\t\t`domain_sqlu_limit`, `status`,\n\t\t\t`domain_subd_limit`, `domain_alias_limit`,\n\t\t\t`domain_ip_id`, `domain_disk_limit`,\n\t\t\t`domain_disk_usage`, `domain_php`, `domain_php_edit`, `domain_cgi`,\n\t\t\t`allowbackup`, `domain_dns`, `domain_ssl`, `domain_disk_countbackup`\n\t\t)\n\t\tVALUES (\n\t\t\t:domain_name, :domain_admin_id,\n\t\t\t:domain_created_id, unix_timestamp(), :domain_expires,\n\t\t\t:domain_mailacc_limit, :domain_ftpacc_limit,\n\t\t\t:domain_traffic_limit, :domain_sqld_limit,\n\t\t\t:domain_sqlu_limit, :status,\n\t\t\t:domain_subd_limit, :domain_alias_limit,\n\t\t\t:domain_ip_id, :domain_disk_limit,\n\t\t\t'0', :domain_php, :domain_php_edit, :domain_cgi,\n\t\t\t:allowbackup, :domain_dns, :domain_ssl, :domain_disk_countbackup\n\t\t)\n\t"; $param = array(':domain_name' => $dmn_name, ':domain_admin_id' => $record_id, ':domain_created_id' => $reseller_id, ':domain_expires' => $dmn_expire, ':domain_mailacc_limit' => $mail, ':domain_ftpacc_limit' => $ftp, ':domain_traffic_limit' => $traff, ':domain_sqld_limit' => $sql_db, ':domain_sqlu_limit' => $sql_user, ':status' => $cfg->ITEM_ADD_STATUS, ':domain_subd_limit' => $sub, ':domain_alias_limit' => $als, ':domain_ip_id' => $domain_ip, ':domain_disk_limit' => $disk, ':domain_php' => $php, ':domain_php_edit' => $phpe, ':domain_cgi' => $cgi, ':allowbackup' => $backup, ':domain_dns' => $dns, ':domain_ssl' => $ssl, ':domain_disk_countbackup' => $countbackup); DB::prepare($query); DB::execute($param); $dmn_id = DB::getInstance()->lastInsertId(); // AddDefaultDNSEntries($dmn_id, 0, $dmn_name, $domain_ip); // TODO: Check if max user and group id is reached // update domain and gid $domain_gid = $cfg->APACHE_SUEXEC_MIN_GID + $dmn_id; $domain_uid = $cfg->APACHE_SUEXEC_MIN_UID + $dmn_id; $query = "\n\t\tUPDATE `domain`\n\t\tSET `domain_gid`=?,\n\t\t\t`domain_uid`=?\n\t\tWHERE `domain_id`=?\n\t"; exec_query($sql, $query, array($domain_gid, $domain_uid, $dmn_id)); // Add statistics group $query = "\n\t\tINSERT INTO `htaccess_users`\n\t\t\t(`dmn_id`, `uname`, `upass`, `status`)\n\t\tVALUES\n\t\t\t(?, ?, ?, ?)\n\t"; exec_query($sql, $query, array($dmn_id, $dmn_name, crypt_user_pass_with_salt($pure_user_pass), $cfg->ITEM_ADD_STATUS)); $user_id = $sql->insertId(); $query = "\n\t\tINSERT INTO `htaccess_groups`\n\t\t\t(`dmn_id`, `ugroup`, `members`, `status`)\n\t\tVALUES\n\t\t\t(?, ?, ?, ?)\n\t"; exec_query($sql, $query, array($dmn_id, $cfg->AWSTATS_GROUP_AUTH, $user_id, $cfg->ITEM_ADD_STATUS)); // Create the 3 default addresses if wanted if ($cfg->CREATE_DEFAULT_EMAIL_ADDRESSES) { client_mail_add_default_accounts($dmn_id, $user_email, $dmn_name); // 'domain', 0 } // let's send mail to user send_add_user_auto_msg($reseller_id, $dmn_user_name, $pure_user_pass, $user_email, $first_name, $last_name, tr('Domain account')); // $user_def_lang = $cfg->USER_INITIAL_LANG; $user_def_lang = ''; // $user_theme_color = $cfg->USER_INITIAL_THEME; $user_theme_color = ''; $query = "\n\t\tINSERT INTO `user_gui_props`\n\t\t\t(`user_id`, `lang`, `layout`)\n\t\tVALUES\n\t\t\t(?, ?, ?)\n\t"; exec_query($sql, $query, array($record_id, $user_def_lang, $user_theme_color)); // send request to daemon // TODO Prüfen, da es hier zu einem Fehler kommt ("Domain data has been altered. Please enter again.") send_request('110 DOMAIN domain ' . $dmn_id); send_request('130 MAIL ' . $dmn_id); $admin_login = $_SESSION['user_logged']; write_log("{$admin_login}: add user: {$dmn_user_name} (for domain {$dmn_name})"); write_log("{$admin_login}: add domain: {$dmn_name}"); update_reseller_c_props($reseller_id); if (isset($_POST['add_alias']) && $_POST['add_alias'] === 'on') { // we have to add some aliases for this looser $_SESSION['dmn_id'] = $dmn_id; $_SESSION['dmn_ip'] = $domain_ip; $_SESSION['user_add3_add_alias'] = "_yes_"; user_goto('user_add4.php?accout=' . $dmn_id); } else { // we have not to add alias $_SESSION['user_add3_added'] = "_yes_"; user_goto('users.php?psi=last'); } }
function update_ftp_account($sql, $ftp_acc, $dmn_name) { global $other_dir; $cfg = EasySCP_Registry::get('Config'); // Create a virtual filesystem (it's important to use =&!) $vfs = new EasySCP_VirtualFileSystem($dmn_name, $sql); if (isset($_POST['uaction']) && $_POST['uaction'] === 'edit_user') { if (!empty($_POST['pass']) || !empty($_POST['pass_rep'])) { if ($_POST['pass'] !== $_POST['pass_rep']) { set_page_message(tr('Entered passwords do not match!'), 'warning'); return; } if (!chk_password($_POST['pass'])) { if ($cfg->PASSWD_STRONG) { set_page_message(sprintf(tr('The password must be at least %s chars long and contain letters and numbers to be valid.'), $cfg->PASSWD_CHARS), 'warning'); } else { set_page_message(sprintf(tr('Password data is shorter than %s signs or includes not permitted signs!'), $cfg->PASSWD_CHARS), 'warning'); } return; } $pass = crypt_user_pass_with_salt($_POST['pass']); $loginpass = encrypt_db_password($_POST['pass']); if (isset($_POST['use_other_dir']) && $_POST['use_other_dir'] === 'on') { $other_dir = clean_input($_POST['other_dir']); $rs = $vfs->exists($other_dir); if (!$rs) { set_page_message(tr('%s does not exist', clean_input($_POST['other_dir'])), 'warning'); return; } // domain_id // append the full path (vfs is always checking per ftp so it's logged // in in the root of the user (no absolute paths are allowed here!) $other_dir = $cfg->FTP_HOMEDIR . "/" . $_SESSION['user_logged'] . clean_input($_POST['other_dir']); $query = "\n\t\t\t\t\tUPDATE\n\t\t\t\t\t\t`ftp_users`\n\t\t\t\t\tSET\n\t\t\t\t\t\t`passwd` = ?,\n\t\t\t\t\t\t`net2ftppasswd` = ?,\n\t\t\t\t\t\t`homedir` = ?\n\t\t\t\t\tWHERE\n\t\t\t\t\t\t`userid` = ?\n\t\t\t\t"; $param = array($pass, $loginpass, $other_dir, $ftp_acc); } else { $query = "\n\t\t\t\t\tUPDATE\n\t\t\t\t\t\t`ftp_users`\n\t\t\t\t\tSET\n\t\t\t\t\t\t`passwd` = ?,\n\t\t\t\t\t\t`net2ftppasswd` = ?\n\t\t\t\t\tWHERE\n\t\t\t\t\t\t`userid` = ?\n\t\t\t\t"; $param = array($pass, $loginpass, $ftp_acc); } exec_query($sql, $query, $param); write_log($_SESSION['user_logged'] . ": updated FTP " . $ftp_acc . " account data"); set_page_message(tr('FTP account data updated!'), 'success'); user_goto('ftp_accounts.php'); } else { if (isset($_POST['use_other_dir']) && $_POST['use_other_dir'] === 'on') { $other_dir = clean_input($_POST['other_dir']); // Strip possible double-slashes $other_dir = str_replace('//', '/', $other_dir); // Check for updirs ".." $res = preg_match("/\\.\\./", $other_dir); if ($res !== 0) { set_page_message(tr('Incorrect mount point length or syntax'), 'warning'); return; } // Check for $other_dir existence // Create a virtual filesystem (it's important to use =&!) $vfs = new EasySCP_VirtualFileSystem($dmn_name, $sql); // Check for directory existence $res = $vfs->exists($other_dir); if (!$res) { set_page_message(tr('%s does not exist', $other_dir), 'error'); return; } $other_dir = $cfg->FTP_HOMEDIR . "/" . $_SESSION['user_logged'] . $other_dir; } else { // End of user-specified mount-point $other_dir = $cfg->FTP_HOMEDIR . "/" . $_SESSION['user_logged']; } $query = "\n\t\t\t\tUPDATE\n\t\t\t\t\t`ftp_users`\n\t\t\t\tSET\n\t\t\t\t\t`homedir` = ?\n\t\t\t\tWHERE\n\t\t\t\t\t`userid` = ?\n\t\t\t"; exec_query($sql, $query, array($other_dir, $ftp_acc)); set_page_message(tr('FTP account data updated!'), 'success'); user_goto('ftp_accounts.php'); } } }