/** * Get ftp login credentials * * @author William Lightning <*****@*****.**> * @since 1.1.0 * @access private * @param string $userid FTP User * @return array Array that contains login credentials or FALSE on failure */ function _getLoginCredentials($userId) { /** * @var $db EasySCP_Database_ResultSet */ $db = EasySCP_Registry::get('Db'); // @todo Should be optimized $query = "\n\t\tSELECT\n\t\t\t`userid`, `net2ftppasswd`\n\t\tFROM\n\t\t\t`ftp_users`, `domain`\n\t\tWHERE\n\t\t\t\t`ftp_users`.`uid` = `domain`.`domain_uid`\n\t\t\tAND\n\t\t\t\t`ftp_users`.`userid` = ?\n\t\t\tAND\n\t\t\t\t`domain`.`domain_admin_id` = ?;\n\t"; $stmt = exec_query($db, $query, array($userId, $_SESSION['user_id'])); if ($stmt->rowCount() == 1) { return array($stmt->fields['userid'], decrypt_db_password($stmt->fields['net2ftppasswd'])); } else { return false; } }
function change_domain_status($domain_id, $domain_name, $action, $location) { $cfg = EasySCP_Registry::get('Config'); $sql = EasySCP_Registry::get('Db'); if ($action == 'disable') { $new_status = $cfg->ITEM_TODISABLED_STATUS; } else { if ($action == 'enable') { $new_status = $cfg->ITEM_TOENABLE_STATUS; } else { return; } } // TODO Prüfen wie man das mit den Mails behandeln soll == abschalten / nicht abschalten $query = "\n\t\tSELECT\n\t\t\t`mail_id`,\n\t\t\t`mail_pass`,\n\t\t\t`mail_type`\n\t\tFROM\n\t\t\t`mail_users`\n\t\tWHERE\n\t\t\t`domain_id` = ?\n\t\t;\n\t"; $rs = exec_query($sql, $query, $domain_id); while (!$rs->EOF) { $mail_id = $rs->fields['mail_id']; $mail_pass = $rs->fields['mail_pass']; $mail_type = $rs->fields['mail_type']; if ($cfg->HARD_MAIL_SUSPENSION) { $mail_status = $new_status; } else { if ($action == 'disable') { $timestamp = time(); $pass_prefix = substr(md5($timestamp), 0, 4); if (preg_match('/^' . MT_NORMAL_MAIL . '/', $mail_type) || preg_match('/^' . MT_ALIAS_MAIL . '/', $mail_type) || preg_match('/^' . MT_SUBDOM_MAIL . '/', $mail_type) || preg_match('/^' . MT_ALSSUB_MAIL . '/', $mail_type)) { $mail_pass = decrypt_db_password($mail_pass); $mail_pass = $pass_prefix . $mail_pass; $mail_pass = encrypt_db_password($mail_pass); } } else { if ($action == 'enable') { if (preg_match('/^' . MT_NORMAL_MAIL . '/', $mail_type) || preg_match('/^' . MT_ALIAS_MAIL . '/', $mail_type) || preg_match('/^' . MT_SUBDOM_MAIL . '/', $mail_type) || preg_match('/^' . MT_ALSSUB_MAIL . '/', $mail_type)) { $mail_pass = decrypt_db_password($mail_pass); $mail_pass = substr($mail_pass, 4, 50); $mail_pass = encrypt_db_password($mail_pass); } } else { return; } } $mail_status = $cfg->ITEM_CHANGE_STATUS; } $query = "\n\t\t\tUPDATE\n\t\t\t\t`mail_users`\n\t\t\tSET\n\t\t\t\t`mail_pass` = ?,\n\t\t\t\t`status` = ?\n\t\t\tWHERE\n\t\t\t\t`mail_id` = ?\n\t\t\t;\n\t\t"; // NXW: Unused result so.. // $rs2 = exec_query( // $sql, $query, array($mail_pass, $mail_status, $mail_id) //); exec_query($sql, $query, array($mail_pass, $mail_status, $mail_id)); $rs->moveNext(); } send_request('130 MAIL ' . $domain_id); $query = "\n\t\tUPDATE\n\t\t\tdomain\n\t\tSET\n\t\t\tstatus = ?\n\t\tWHERE\n\t\t\tdomain_id = ?\n\t\t;\n\t"; exec_query($sql, $query, array($new_status, $domain_id)); send_request('110 DOMAIN domain ' . $domain_id); $query = "\n\t\tUPDATE\n\t\t\tdomain_aliasses\n\t\tSET\n\t\t\tstatus = ?\n\t\tWHERE\n\t\t\tdomain_id = ?\n\t\t;\n\t"; exec_query($sql, $query, array($new_status, $domain_id)); send_request('110 DOMAIN alias ' . $domain_id); // let's get back to user overview after the system changes are finished $user_logged = $_SESSION['user_logged']; update_reseller_c_props(get_reseller_id($domain_id)); if ($action == 'disable') { write_log("{$user_logged}: suspended domain: {$domain_name}"); $_SESSION['user_disabled'] = 1; } else { if ($action == 'enable') { write_log("{$user_logged}: enabled domain: {$domain_name}"); $_SESSION['user_enabled'] = 1; } else { return; } } if ($location == 'admin') { header('Location: manage_users.php'); } else { if ($location == 'reseller') { header('Location: users.php?psi=last'); } } die; }
/** * Establishes the connection to the database * * This methods establishes the default connection to the database by using * configuration parameters that come from the basis configuration object * and then, register the {@link EasySCP_Database} instance in the * {@link EasySCP_Registry} for shared access. * * A PDO instance is also registered in the registry for shared access. * * @throws EasySCP_Exception * * @return void * @todo Remove global variable */ protected function _initializeDatabase() { try { $connection = EasySCP_Database::connect($this->_config->DATABASE_USER, decrypt_db_password($this->_config->DATABASE_PASSWORD), $this->_config->DATABASE_TYPE, $this->_config->DATABASE_HOST, $this->_config->DATABASE_NAME); } catch (PDOException $e) { throw new EasySCP_Exception('Error: Unable to establish connection to the database! ' . 'SQL returned: ' . $e->getMessage()); } // Register both Database and PDO instances for shared access EasySCP_Registry::set('Db', $connection); EasySCP_Registry::set('Pdo', EasySCP_Database::getRawInstance()); // @todo remove the Global $GLOBALS['sql'] = EasySCP_Registry::get('Db'); }
include_once realpath($include_path . '/vhcs2-db-keys.php'); include_once realpath($include_path . '/vhcs-config.php'); $cfg_obj = new Config("/etc/vhcs2/vhcs2.conf"); if ($cfg_obj->status == "err") { /* cannot open vhcs.conf file - we must show warning */ print "<center><b><font color=red>Can not open the vhcs2.conf config file !<br><br>Pleas contact your system administrator</font></b></center>"; die; } $cfg = $cfg_obj->getValues(); $cfg['DB_TYPE'] = $cfg['DATABASE_TYPE']; $cfg['DB_HOST'] = $cfg['DATABASE_HOST']; $cfg['DB_USER'] = $cfg['DATABASE_USER']; $cfg['DB_PASS'] = ''; if ($cfg['DATABASE_PASSWORD'] != '') { /* decrypt database password */ $cfg['DB_PASS'] = decrypt_db_password($cfg['DATABASE_PASSWORD']); } $cfg['DB_NAME'] = $cfg['DATABASE_NAME']; $cfg['SESSION_TIMEOUT'] = 300 * 60; $cfg['ITEM_ADD_STATUS'] = 'toadd'; $cfg['ITEM_OK_STATUS'] = 'ok'; $cfg['ITEM_CHANGE_STATUS'] = 'change'; $cfg['ITEM_DELETE_STATUS'] = 'delete'; $cfg['ITEM_DISABLED_STATUS'] = 'disabled'; $cfg['ITEM_RESTORE_STATUS'] = 'restore'; $cfg['ITEM_TOENABLE_STATUS'] = 'toenable'; $cfg['ITEM_TODISABLED_STATUS'] = 'todisable'; $cfg['MAX_SQL_DATABASE_LENGTH'] = 64; $cfg['MAX_SQL_USER_LENGTH'] = 16; $cfg['MAX_SQL_PASS_LENGTH'] = 16; $cfg['ROOT_TEMPLATE_PATH'] = 'themes/';
/** * @todo * * Database user with same name can be added several times * * If creation of database user fails in MySQL-Table, database user is already * in loclal EasySCP table -> Error handling */ function add_sql_user($sql, $user_id, $db_id) { $cfg = EasySCP_Registry::get('Config'); if (!isset($_POST['uaction'])) { return; } // let's check user input if (empty($_POST['user_name']) && !isset($_POST['Add_Exist'])) { set_page_message(tr('Please type user name!'), 'warning'); return; } if (empty($_POST['pass']) && empty($_POST['pass_rep']) && !isset($_POST['Add_Exist'])) { set_page_message(tr('Please type user password!'), 'warning'); return; } if (isset($_POST['pass']) && isset($_POST['pass_rep']) && $_POST['pass'] !== $_POST['pass_rep'] && !isset($_POST['Add_Exist'])) { set_page_message(tr('Entered passwords do not match!'), 'warning'); return; } if (isset($_POST['pass']) && strlen($_POST['pass']) > $cfg->MAX_SQL_PASS_LENGTH && !isset($_POST['Add_Exist'])) { set_page_message(tr('Too long user password!'), 'warning'); return; } if (isset($_POST['pass']) && !preg_match('/^[[:alnum:]:!*+#_.-]+$/', $_POST['pass']) && !isset($_POST['Add_Exist'])) { set_page_message(tr('Don\'t use special chars like "@, $, %..." in the password!'), 'warning'); return; } if (isset($_POST['pass']) && !chk_password($_POST['pass']) && !isset($_POST['Add_Exist'])) { if ($cfg->PASSWD_STRONG) { set_page_message(sprintf(tr('The password must be at least %s chars long and contain letters and numbers to be valid.'), $cfg->PASSWD_CHARS), 'warning'); } else { set_page_message(sprintf(tr('Password data is shorter than %s signs or includes not permitted signs!'), $cfg->PASSWD_CHARS), 'warning'); } return; } if (isset($_POST['Add_Exist'])) { $query = "SELECT `sqlu_pass` FROM `sql_user` WHERE `sqlu_id` = ?"; $rs = exec_query($sql, $query, $_POST['sqluser_id']); if ($rs->recordCount() == 0) { set_page_message(tr('SQL-user not found! It might has been deleted by another user.'), 'warning'); return; } $user_pass = decrypt_db_password($rs->fields['sqlu_pass']); } else { $user_pass = $_POST['pass']; } $dmn_id = get_user_domain_id($user_id); if (!isset($_POST['Add_Exist'])) { // we'll use domain_id in the name of the database; if (isset($_POST['use_dmn_id']) && $_POST['use_dmn_id'] === 'on' && isset($_POST['id_pos']) && $_POST['id_pos'] === 'start') { $db_user = $dmn_id . "_" . clean_input($_POST['user_name']); } else { if (isset($_POST['use_dmn_id']) && $_POST['use_dmn_id'] === 'on' && isset($_POST['id_pos']) && $_POST['id_pos'] === 'end') { $db_user = clean_input($_POST['user_name']) . "_" . $dmn_id; } else { $db_user = clean_input($_POST['user_name']); } } } else { $query = "SELECT `sqlu_name` FROM `sql_user` WHERE `sqlu_id` = ?"; $rs = exec_query($sql, $query, $_POST['sqluser_id']); $db_user = $rs->fields['sqlu_name']; } if (strlen($db_user) > $cfg->MAX_SQL_USER_LENGTH) { set_page_message(tr('User name too long!'), 'warning'); return; } // are wildcards used? if (preg_match("/[%|\\?]+/", $db_user)) { set_page_message(tr('Wildcards such as %% and ? are not allowed!'), 'warning'); return; } // have we such sql user in the system?! if (check_db_user($sql, $db_user) && !isset($_POST['Add_Exist'])) { set_page_message(tr('Specified SQL username name already exists!'), 'warning'); return; } // add user in the EasySCP table; $query = "\n\t\tINSERT INTO `sql_user`\n\t\t\t(`sqld_id`, `sqlu_name`, `sqlu_pass`)\n\t\tVALUES\n\t\t\t(?, ?, ?)\n\t"; exec_query($sql, $query, array($db_id, $db_user, encrypt_db_password($user_pass))); update_reseller_c_props(get_reseller_id($dmn_id)); $query = "\n\t\tSELECT\n\t\t\t`sqld_name` AS `db_name`\n\t\tFROM\n\t\t\t`sql_database`\n\t\tWHERE\n\t\t\t`sqld_id` = ?\n\t\tAND\n\t\t\t`domain_id` = ?\n\t"; $rs = exec_query($sql, $query, array($db_id, $dmn_id)); $db_name = $rs->fields['db_name']; $db_name = preg_replace("/([_%\\?\\*])/", '\\\\$1', $db_name); // add user in the mysql system tables $query = "GRANT ALL PRIVILEGES ON " . quoteIdentifier($db_name) . ".* TO ?@? IDENTIFIED BY ?"; exec_query($sql, $query, array($db_user, "localhost", $user_pass)); exec_query($sql, $query, array($db_user, "%", $user_pass)); write_log($_SESSION['user_logged'] . ": add SQL user: " . tohtml($db_user)); set_page_message(tr('SQL user successfully added!'), 'info'); user_goto('sql_manage.php'); }