function padd_user($tpl, $sql, $dmn_id)
{
$cfg = EasySCP_Registry::get('Config');
if (isset($_POST['uaction']) && $_POST['uaction'] == 'add_user') {
// we have to add the user
if (isset($_POST['username']) && isset($_POST['pass']) && isset($_POST['pass_rep'])) {
if (!validates_username($_POST['username'])) {
set_page_message(tr('Wrong username!'), 'warning');
return;
}
if (!chk_password($_POST['pass'])) {
if ($cfg->PASSWD_STRONG) {
set_page_message(sprintf(tr('The password must be at least %s chars long and contain letters and numbers to be valid.'), $cfg->PASSWD_CHARS), 'warning');
} else {
set_page_message(sprintf(tr('Password data is shorter than %s signs or includes not permitted signs!'), $cfg->PASSWD_CHARS), 'warning');
}
return;
}
if ($_POST['pass'] !== $_POST['pass_rep']) {
set_page_message(tr('Passwords do not match!'), 'warning');
return;
}
$status = $cfg->ITEM_ADD_STATUS;
$uname = clean_input($_POST['username']);
$upass = crypt_user_pass_with_salt($_POST['pass']);
$query = "\n\t\t\t\tSELECT\n\t\t\t\t\t`id`\n\t\t\t\tFROM\n\t\t\t\t\t`htaccess_users`\n\t\t\t\tWHERE\n\t\t\t\t\t`uname` = ?\n\t\t\t\tAND\n\t\t\t\t\t`dmn_id` = ?\n\t\t\t";
$rs = exec_query($sql, $query, array($uname, $dmn_id));
if ($rs->recordCount() == 0) {
$query = "\n\t\t\t\t\tINSERT INTO `htaccess_users`\n\t\t\t\t\t\t(`dmn_id`, `uname`, `upass`, `status`)\n\t\t\t\t\tVALUES\n\t\t\t\t\t\t(?, ?, ?, ?)\n\t\t\t\t";
exec_query($sql, $query, array($dmn_id, $uname, $upass, $status));
send_request('110 DOMAIN htaccess ' . $dmn_id);
$admin_login = $_SESSION['user_logged'];
write_log("{$admin_login}: add user (protected areas): {$uname}");
user_goto('protected_user_manage.php');
} else {
set_page_message(tr('User already exist !'), 'error');
return;
}
}
} else {
return;
}
}
/**
* Create a temporary FTP user
*
* @return boolean Returns TRUE on success, FALSE on failure
*/
protected function _createTmpUser()
{
$cfg = EasySCP_Registry::get('Config');
// Get domain data
$query = "\n\t\t\tSELECT\n\t\t\t\t`domain_uid`,\n\t\t\t\t`domain_gid`\n\t\t\tFROM\n\t\t\t\t`domain`\n\t\t\tWHERE\n\t\t\t\t`domain_name` = ?\n\t\t\t;\n\t\t";
$rs = exec_query($this->_db, $query, $this->_domain);
if (!$rs) {
return false;
}
// Generate a random userid and password
$user = uniqid('tmp_') . '@' . $this->_domain;
$this->_passwd = uniqid('tmp_', true);
$passwd = crypt_user_pass_with_salt($this->_passwd);
// Create the temporary user
$query = "\n\t\t\tINSERT INTO\n\t\t\t\t`ftp_users` (\n\t\t\t\t\t`userid`, `passwd`, `uid`, `gid`, `shell`, `homedir`\n\t\t\t\t) VALUES (\n\t\t\t\t\t?, ?, ?, ?, ?, ?\n\t\t\t\t)\n\t\t\t;\n\t\t";
$rs = exec_query($this->_db, $query, array($user, $passwd, $rs->fields['domain_uid'], $rs->fields['domain_gid'], $cfg->CMD_SHELL, "{$cfg->FTP_HOMEDIR}/{$this->_domain}"));
if (!$rs) {
return false;
}
// All ok
$this->_user = $user;
return true;
}
function pedit_user($tpl, $sql, &$dmn_id, &$uuser_id)
{
$cfg = EasySCP_Registry::get('Config');
if (isset($_POST['uaction']) && $_POST['uaction'] == 'modify_user') {
// we have to add the user
if (isset($_POST['pass']) && isset($_POST['pass_rep'])) {
if (!chk_password($_POST['pass'])) {
if ($cfg->PASSWD_STRONG) {
set_page_message(sprintf(tr('The password must be at least %s chars long and contain letters and numbers to be valid.'), $cfg->PASSWD_CHARS), 'warning');
} else {
set_page_message(sprintf(tr('Password data is shorter than %s signs or includes not permitted signs!'), $cfg->PASSWD_CHARS), 'warning');
}
return;
}
if ($_POST['pass'] !== $_POST['pass_rep']) {
set_page_message(tr('Passwords do not match!'), 'warning');
return;
}
$nadmin_password = crypt_user_pass_with_salt($_POST['pass']);
$change_status = $cfg->ITEM_CHANGE_STATUS;
$query = "\n\t\t\t\tUPDATE\n\t\t\t\t\t`htaccess_users`\n\t\t\t\tSET\n\t\t\t\t\t`upass` = ?,\n\t\t\t\t\t`status` = ?\n\t\t\t\tWHERE\n\t\t\t\t\t`dmn_id` = ?\n\t\t\t\tAND\n\t\t\t\t\t`id` = ?\n\t\t\t";
exec_query($sql, $query, array($nadmin_password, $change_status, $dmn_id, $uuser_id));
send_request();
$query = "\n\t\t\t\tSELECT\n\t\t\t\t\t`uname`\n\t\t\t\tFROM\n\t\t\t\t\t`htaccess_users`\n\t\t\t\tWHERE\n\t\t\t\t\t`dmn_id` = ?\n\t\t\t\tAND\n\t\t\t\t\t`id` = ?\n\t\t\t";
$rs = exec_query($sql, $query, array($dmn_id, $uuser_id));
$uname = $rs->fields['uname'];
$admin_login = $_SESSION['user_logged'];
write_log("{$admin_login}: modify user ID (protected areas): {$uname}");
user_goto('protected_user_manage.php');
}
} else {
return;
}
}
function add_ftp_user($sql, $dmn_name)
{
$cfg = EasySCP_Registry::get('Config');
$username = strtolower(clean_input($_POST['username']));
if (!validates_username($username)) {
set_page_message(tr("Incorrect username length or syntax!"), 'warning');
return;
}
// Set default values ($ftp_home may be overwritten if user
// has specified a mount point)
switch ($_POST['dmn_type']) {
// Default moint point for a domain
case 'dmn':
$ftp_user = $username . $cfg->FTP_USERNAME_SEPARATOR . $dmn_name;
$ftp_home = $cfg->FTP_HOMEDIR . "/{$dmn_name}";
break;
// Default mount point for an alias domain
// Default mount point for an alias domain
case 'als':
$ftp_user = $username . $cfg->FTP_USERNAME_SEPARATOR . $_POST['als_id'];
$alias_mount_point = get_alias_mount_point($sql, $_POST['als_id']);
$ftp_home = $cfg->FTP_HOMEDIR . "/{$dmn_name}" . $alias_mount_point;
break;
// Default mount point for a subdomain
// Default mount point for a subdomain
case 'sub':
$ftp_user = $username . $cfg->FTP_USERNAME_SEPARATOR . $_POST['sub_id'] . '.' . $dmn_name;
$ftp_home = $cfg->FTP_HOMEDIR . "/{$dmn_name}/" . clean_input($_POST['sub_id']);
break;
// Unknown domain type (?)
// Unknown domain type (?)
default:
set_page_message(tr('Unknown domain type'), 'error');
return;
break;
}
// User-specified mount point
if (isset($_POST['use_other_dir']) && $_POST['use_other_dir'] === 'on') {
$ftp_vhome = clean_input($_POST['other_dir'], false);
// Strip possible double-slashes
$ftp_vhome = str_replace('//', '/', $ftp_vhome);
// Check for updirs ".."
$res = preg_match("/\\.\\./", $ftp_vhome);
if ($res !== 0) {
set_page_message(tr('Incorrect mount point length or syntax'), 'error');
return;
}
$ftp_home = $cfg->FTP_HOMEDIR . "/{$dmn_name}/" . $ftp_vhome;
// Strip possible double-slashes
$ftp_home = str_replace('//', '/', $ftp_home);
// Check for $ftp_vhome existence
// Create a virtual filesystem (it's important to use =&!)
$vfs = new EasySCP_VirtualFileSystem($dmn_name, $sql);
// Check for directory existence
$res = $vfs->exists($ftp_vhome);
if (!$res) {
set_page_message(tr('%s does not exist', $ftp_vhome), 'error');
return;
}
}
// End of user-specified mount-point
$ftp_gid = get_ftp_user_gid($sql, $dmn_name, $ftp_user);
$ftp_uid = get_ftp_user_uid($sql, $dmn_name, $ftp_user, $ftp_gid);
if ($ftp_uid == -1) {
return;
}
$ftp_shell = $cfg->CMD_SHELL;
$ftp_passwd = crypt_user_pass_with_salt($_POST['pass']);
$ftp_loginpasswd = encrypt_db_password($_POST['pass']);
$query = "\n\t\tINSERT INTO ftp_users\n\t\t\t(`userid`, `passwd`, `net2ftppasswd`, `uid`, `gid`, `shell`, `homedir`)\n\t\tVALUES\n\t\t\t(?, ?, ?, ?, ?, ?, ?)\n\t";
exec_query($sql, $query, array($ftp_user, $ftp_passwd, $ftp_loginpasswd, $ftp_uid, $ftp_gid, $ftp_shell, $ftp_home));
$domain_props = get_domain_default_props($_SESSION['user_id']);
update_reseller_c_props($domain_props['domain_created_id']);
write_log($_SESSION['user_logged'] . ": add new FTP account: {$ftp_user}");
set_page_message(tr('FTP account added!'), 'success');
user_goto('ftp_accounts.php');
}
/**
* Save data for new user in db
*/
function add_user_data($reseller_id)
{
global $hpid, $dmn_name, $dmn_expire, $dmn_user_name, $admin_login, $user_email, $customer_id, $first_name, $last_name, $gender, $firm, $zip, $city, $state, $country, $street_one, $street_two, $phone, $fax, $inpass, $domain_ip, $dns, $backup, $countbackup;
$sql = EasySCP_Registry::get('Db');
$cfg = EasySCP_Registry::get('Config');
// Let's get Desired Hosting Plan Data;
$err_msg = '';
if (!empty($err_msg)) {
set_page_message($err_msg, 'error');
return false;
}
if (isset($_SESSION["ch_hpprops"])) {
$props = $_SESSION["ch_hpprops"];
unset($_SESSION["ch_hpprops"]);
} else {
if (isset($cfg->HOSTING_PLANS_LEVEL) && $cfg->HOSTING_PLANS_LEVEL === 'admin') {
$query = 'SELECT `props` FROM `hosting_plans` WHERE `id` = ?';
$res = exec_query($sql, $query, $hpid);
} else {
$query = "SELECT `props` FROM `hosting_plans` WHERE `reseller_id` = ? AND `id` = ?";
$res = exec_query($sql, $query, array($reseller_id, $hpid));
}
$data = $res->fetchRow();
$props = unserialize($data['props']);
}
$php = $props['allow_php'];
$phpe = $props['allow_php_editor'];
$cgi = $props['allow_cgi'];
$sub = $props['subdomain_cnt'];
$als = $props['alias_cnt'];
$mail = $props['mail_cnt'];
$ftp = $props['ftp_cnt'];
$sql_db = $props['db_cnt'];
$sql_user = $props['sqluser_cnt'];
$traff = $props['traffic'];
$disk = $props['disk'];
$backup = $props['allow_backup'];
$countbackup = $props['disk_countbackup'];
$dns = $props['allow_dns'];
$ssl = $props['allow_ssl'];
$php = preg_replace("/\\_/", "", $php);
$phpe = preg_replace("/\\_/", "", $phpe);
$cgi = preg_replace("/\\_/", "", $cgi);
$ssl = preg_replace("/\\_/", "", $ssl);
$backup = preg_replace("/\\_/", "", $backup);
$countbackup = preg_replace("/\\_/", "", $countbackup);
$dns = preg_replace("/\\_/", "", $dns);
$pure_user_pass = $inpass;
$inpass = crypt_user_pass($inpass);
$first_name = clean_input($first_name);
$last_name = clean_input($last_name);
$firm = clean_input($firm);
$zip = clean_input($zip);
$city = clean_input($city);
$state = clean_input($state);
$country = clean_input($country);
$phone = clean_input($phone);
$fax = clean_input($fax);
$street_one = clean_input($street_one);
$street_two = clean_input($street_two);
$customer_id = clean_input($customer_id);
if (!validates_dname(decode_idna($dmn_user_name))) {
return;
}
$query = "\n\t\tINSERT INTO `admin` (\n\t\t\t`admin_name`, `admin_pass`, `admin_type`, `domain_created`,\n\t\t\t`created_by`, `fname`, `lname`,\n\t\t\t`firm`, `zip`, `city`, `state`,\n\t\t\t`country`, `email`, `phone`,\n\t\t\t`fax`, `street1`, `street2`,\n\t\t\t`customer_id`, `gender`\n\t\t)\n\t\tVALUES (\n\t\t\t?, ?, 'user', unix_timestamp(),\n\t\t\t?, ?, ?,\n\t\t\t?, ?, ?, ?,\n\t\t\t?, ?, ?,\n\t\t\t?, ?, ?,\n\t\t\t?, ?\n\t\t)\n\t";
exec_query($sql, $query, array($dmn_user_name, $inpass, $reseller_id, $first_name, $last_name, $firm, $zip, $city, $state, $country, $user_email, $phone, $fax, $street_one, $street_two, $customer_id, $gender));
print $sql->errorMsg();
$record_id = $sql->insertId();
$query = "\n\t\tINSERT INTO `domain` (\n\t\t\t`domain_name`, `domain_admin_id`,\n\t\t\t`domain_created_id`, `domain_created`, `domain_expires`,\n\t\t\t`domain_mailacc_limit`, `domain_ftpacc_limit`,\n\t\t\t`domain_traffic_limit`, `domain_sqld_limit`,\n\t\t\t`domain_sqlu_limit`, `status`,\n\t\t\t`domain_subd_limit`, `domain_alias_limit`,\n\t\t\t`domain_ip_id`, `domain_disk_limit`,\n\t\t\t`domain_disk_usage`, `domain_php`, `domain_php_edit`, `domain_cgi`,\n\t\t\t`allowbackup`, `domain_dns`, `domain_ssl`, `domain_disk_countbackup`\n\t\t)\n\t\tVALUES (\n\t\t\t:domain_name, :domain_admin_id,\n\t\t\t:domain_created_id, unix_timestamp(), :domain_expires,\n\t\t\t:domain_mailacc_limit, :domain_ftpacc_limit,\n\t\t\t:domain_traffic_limit, :domain_sqld_limit,\n\t\t\t:domain_sqlu_limit, :status,\n\t\t\t:domain_subd_limit, :domain_alias_limit,\n\t\t\t:domain_ip_id, :domain_disk_limit,\n\t\t\t'0', :domain_php, :domain_php_edit, :domain_cgi,\n\t\t\t:allowbackup, :domain_dns, :domain_ssl, :domain_disk_countbackup\n\t\t)\n\t";
$param = array(':domain_name' => $dmn_name, ':domain_admin_id' => $record_id, ':domain_created_id' => $reseller_id, ':domain_expires' => $dmn_expire, ':domain_mailacc_limit' => $mail, ':domain_ftpacc_limit' => $ftp, ':domain_traffic_limit' => $traff, ':domain_sqld_limit' => $sql_db, ':domain_sqlu_limit' => $sql_user, ':status' => $cfg->ITEM_ADD_STATUS, ':domain_subd_limit' => $sub, ':domain_alias_limit' => $als, ':domain_ip_id' => $domain_ip, ':domain_disk_limit' => $disk, ':domain_php' => $php, ':domain_php_edit' => $phpe, ':domain_cgi' => $cgi, ':allowbackup' => $backup, ':domain_dns' => $dns, ':domain_ssl' => $ssl, ':domain_disk_countbackup' => $countbackup);
DB::prepare($query);
DB::execute($param);
$dmn_id = DB::getInstance()->lastInsertId();
// AddDefaultDNSEntries($dmn_id, 0, $dmn_name, $domain_ip);
// TODO: Check if max user and group id is reached
// update domain and gid
$domain_gid = $cfg->APACHE_SUEXEC_MIN_GID + $dmn_id;
$domain_uid = $cfg->APACHE_SUEXEC_MIN_UID + $dmn_id;
$query = "\n\t\tUPDATE `domain`\n\t\tSET `domain_gid`=?,\n\t\t\t`domain_uid`=?\n\t\tWHERE `domain_id`=?\n\t";
exec_query($sql, $query, array($domain_gid, $domain_uid, $dmn_id));
// Add statistics group
$query = "\n\t\tINSERT INTO `htaccess_users`\n\t\t\t(`dmn_id`, `uname`, `upass`, `status`)\n\t\tVALUES\n\t\t\t(?, ?, ?, ?)\n\t";
exec_query($sql, $query, array($dmn_id, $dmn_name, crypt_user_pass_with_salt($pure_user_pass), $cfg->ITEM_ADD_STATUS));
$user_id = $sql->insertId();
$query = "\n\t\tINSERT INTO `htaccess_groups`\n\t\t\t(`dmn_id`, `ugroup`, `members`, `status`)\n\t\tVALUES\n\t\t\t(?, ?, ?, ?)\n\t";
exec_query($sql, $query, array($dmn_id, $cfg->AWSTATS_GROUP_AUTH, $user_id, $cfg->ITEM_ADD_STATUS));
// Create the 3 default addresses if wanted
if ($cfg->CREATE_DEFAULT_EMAIL_ADDRESSES) {
client_mail_add_default_accounts($dmn_id, $user_email, $dmn_name);
// 'domain', 0
}
// let's send mail to user
send_add_user_auto_msg($reseller_id, $dmn_user_name, $pure_user_pass, $user_email, $first_name, $last_name, tr('Domain account'));
// $user_def_lang = $cfg->USER_INITIAL_LANG;
$user_def_lang = '';
// $user_theme_color = $cfg->USER_INITIAL_THEME;
$user_theme_color = '';
$query = "\n\t\tINSERT INTO `user_gui_props`\n\t\t\t(`user_id`, `lang`, `layout`)\n\t\tVALUES\n\t\t\t(?, ?, ?)\n\t";
exec_query($sql, $query, array($record_id, $user_def_lang, $user_theme_color));
// send request to daemon
// TODO Prüfen, da es hier zu einem Fehler kommt ("Domain data has been altered. Please enter again.")
send_request('110 DOMAIN domain ' . $dmn_id);
send_request('130 MAIL ' . $dmn_id);
$admin_login = $_SESSION['user_logged'];
write_log("{$admin_login}: add user: {$dmn_user_name} (for domain {$dmn_name})");
write_log("{$admin_login}: add domain: {$dmn_name}");
update_reseller_c_props($reseller_id);
if (isset($_POST['add_alias']) && $_POST['add_alias'] === 'on') {
// we have to add some aliases for this looser
$_SESSION['dmn_id'] = $dmn_id;
$_SESSION['dmn_ip'] = $domain_ip;
$_SESSION['user_add3_add_alias'] = "_yes_";
user_goto('user_add4.php?accout=' . $dmn_id);
} else {
// we have not to add alias
$_SESSION['user_add3_added'] = "_yes_";
user_goto('users.php?psi=last');
}
}
function update_ftp_account($sql, $ftp_acc, $dmn_name)
{
global $other_dir;
$cfg = EasySCP_Registry::get('Config');
// Create a virtual filesystem (it's important to use =&!)
$vfs = new EasySCP_VirtualFileSystem($dmn_name, $sql);
if (isset($_POST['uaction']) && $_POST['uaction'] === 'edit_user') {
if (!empty($_POST['pass']) || !empty($_POST['pass_rep'])) {
if ($_POST['pass'] !== $_POST['pass_rep']) {
set_page_message(tr('Entered passwords do not match!'), 'warning');
return;
}
if (!chk_password($_POST['pass'])) {
if ($cfg->PASSWD_STRONG) {
set_page_message(sprintf(tr('The password must be at least %s chars long and contain letters and numbers to be valid.'), $cfg->PASSWD_CHARS), 'warning');
} else {
set_page_message(sprintf(tr('Password data is shorter than %s signs or includes not permitted signs!'), $cfg->PASSWD_CHARS), 'warning');
}
return;
}
$pass = crypt_user_pass_with_salt($_POST['pass']);
$loginpass = encrypt_db_password($_POST['pass']);
if (isset($_POST['use_other_dir']) && $_POST['use_other_dir'] === 'on') {
$other_dir = clean_input($_POST['other_dir']);
$rs = $vfs->exists($other_dir);
if (!$rs) {
set_page_message(tr('%s does not exist', clean_input($_POST['other_dir'])), 'warning');
return;
}
// domain_id
// append the full path (vfs is always checking per ftp so it's logged
// in in the root of the user (no absolute paths are allowed here!)
$other_dir = $cfg->FTP_HOMEDIR . "/" . $_SESSION['user_logged'] . clean_input($_POST['other_dir']);
$query = "\n\t\t\t\t\tUPDATE\n\t\t\t\t\t\t`ftp_users`\n\t\t\t\t\tSET\n\t\t\t\t\t\t`passwd` = ?,\n\t\t\t\t\t\t`net2ftppasswd` = ?,\n\t\t\t\t\t\t`homedir` = ?\n\t\t\t\t\tWHERE\n\t\t\t\t\t\t`userid` = ?\n\t\t\t\t";
$param = array($pass, $loginpass, $other_dir, $ftp_acc);
} else {
$query = "\n\t\t\t\t\tUPDATE\n\t\t\t\t\t\t`ftp_users`\n\t\t\t\t\tSET\n\t\t\t\t\t\t`passwd` = ?,\n\t\t\t\t\t\t`net2ftppasswd` = ?\n\t\t\t\t\tWHERE\n\t\t\t\t\t\t`userid` = ?\n\t\t\t\t";
$param = array($pass, $loginpass, $ftp_acc);
}
exec_query($sql, $query, $param);
write_log($_SESSION['user_logged'] . ": updated FTP " . $ftp_acc . " account data");
set_page_message(tr('FTP account data updated!'), 'success');
user_goto('ftp_accounts.php');
} else {
if (isset($_POST['use_other_dir']) && $_POST['use_other_dir'] === 'on') {
$other_dir = clean_input($_POST['other_dir']);
// Strip possible double-slashes
$other_dir = str_replace('//', '/', $other_dir);
// Check for updirs ".."
$res = preg_match("/\\.\\./", $other_dir);
if ($res !== 0) {
set_page_message(tr('Incorrect mount point length or syntax'), 'warning');
return;
}
// Check for $other_dir existence
// Create a virtual filesystem (it's important to use =&!)
$vfs = new EasySCP_VirtualFileSystem($dmn_name, $sql);
// Check for directory existence
$res = $vfs->exists($other_dir);
if (!$res) {
set_page_message(tr('%s does not exist', $other_dir), 'error');
return;
}
$other_dir = $cfg->FTP_HOMEDIR . "/" . $_SESSION['user_logged'] . $other_dir;
} else {
// End of user-specified mount-point
$other_dir = $cfg->FTP_HOMEDIR . "/" . $_SESSION['user_logged'];
}
$query = "\n\t\t\t\tUPDATE\n\t\t\t\t\t`ftp_users`\n\t\t\t\tSET\n\t\t\t\t\t`homedir` = ?\n\t\t\t\tWHERE\n\t\t\t\t\t`userid` = ?\n\t\t\t";
exec_query($sql, $query, array($other_dir, $ftp_acc));
set_page_message(tr('FTP account data updated!'), 'success');
user_goto('ftp_accounts.php');
}
}
}
