Example #1
0
function add_ftp_user($sql, $dmn_name)
{
    $cfg = EasySCP_Registry::get('Config');
    $username = strtolower(clean_input($_POST['username']));
    if (!validates_username($username)) {
        set_page_message(tr("Incorrect username length or syntax!"), 'warning');
        return;
    }
    // Set default values ($ftp_home may be overwritten if user
    // has specified a mount point)
    switch ($_POST['dmn_type']) {
        // Default moint point for a domain
        case 'dmn':
            $ftp_user = $username . $cfg->FTP_USERNAME_SEPARATOR . $dmn_name;
            $ftp_home = $cfg->FTP_HOMEDIR . "/{$dmn_name}";
            break;
            // Default mount point for an alias domain
        // Default mount point for an alias domain
        case 'als':
            $ftp_user = $username . $cfg->FTP_USERNAME_SEPARATOR . $_POST['als_id'];
            $alias_mount_point = get_alias_mount_point($sql, $_POST['als_id']);
            $ftp_home = $cfg->FTP_HOMEDIR . "/{$dmn_name}" . $alias_mount_point;
            break;
            // Default mount point for a subdomain
        // Default mount point for a subdomain
        case 'sub':
            $ftp_user = $username . $cfg->FTP_USERNAME_SEPARATOR . $_POST['sub_id'] . '.' . $dmn_name;
            $ftp_home = $cfg->FTP_HOMEDIR . "/{$dmn_name}/" . clean_input($_POST['sub_id']);
            break;
            // Unknown domain type (?)
        // Unknown domain type (?)
        default:
            set_page_message(tr('Unknown domain type'), 'error');
            return;
            break;
    }
    // User-specified mount point
    if (isset($_POST['use_other_dir']) && $_POST['use_other_dir'] === 'on') {
        $ftp_vhome = clean_input($_POST['other_dir'], false);
        // Strip possible double-slashes
        $ftp_vhome = str_replace('//', '/', $ftp_vhome);
        // Check for updirs ".."
        $res = preg_match("/\\.\\./", $ftp_vhome);
        if ($res !== 0) {
            set_page_message(tr('Incorrect mount point length or syntax'), 'error');
            return;
        }
        $ftp_home = $cfg->FTP_HOMEDIR . "/{$dmn_name}/" . $ftp_vhome;
        // Strip possible double-slashes
        $ftp_home = str_replace('//', '/', $ftp_home);
        // Check for $ftp_vhome existence
        // Create a virtual filesystem (it's important to use =&!)
        $vfs = new EasySCP_VirtualFileSystem($dmn_name, $sql);
        // Check for directory existence
        $res = $vfs->exists($ftp_vhome);
        if (!$res) {
            set_page_message(tr('%s does not exist', $ftp_vhome), 'error');
            return;
        }
    }
    // End of user-specified mount-point
    $ftp_gid = get_ftp_user_gid($sql, $dmn_name, $ftp_user);
    $ftp_uid = get_ftp_user_uid($sql, $dmn_name, $ftp_user, $ftp_gid);
    if ($ftp_uid == -1) {
        return;
    }
    $ftp_shell = $cfg->CMD_SHELL;
    $ftp_passwd = crypt_user_pass_with_salt($_POST['pass']);
    $ftp_loginpasswd = encrypt_db_password($_POST['pass']);
    $query = "\n\t\tINSERT INTO ftp_users\n\t\t\t(`userid`, `passwd`, `net2ftppasswd`, `uid`, `gid`, `shell`, `homedir`)\n\t\tVALUES\n\t\t\t(?, ?, ?, ?, ?, ?, ?)\n\t";
    exec_query($sql, $query, array($ftp_user, $ftp_passwd, $ftp_loginpasswd, $ftp_uid, $ftp_gid, $ftp_shell, $ftp_home));
    $domain_props = get_domain_default_props($_SESSION['user_id']);
    update_reseller_c_props($domain_props['domain_created_id']);
    write_log($_SESSION['user_logged'] . ": add new FTP account: {$ftp_user}");
    set_page_message(tr('FTP account added!'), 'success');
    user_goto('ftp_accounts.php');
}
function add_ftp_user(&$sql, $dmn_name)
{
    global $cfg;
    $username = strtolower($_POST['username']);
    $res_uname = preg_match("/\\./", $username, $match);
    if ($res_uname == 1) {
        set_page_message(tr("Incorrect username range or syntax!"));
        return;
    }
    $res = preg_match("/\\.\\./", $_POST['other_dir'], $match);
    if (chk_username($username)) {
        set_page_message(tr("Incorrect username range or syntax!"));
        return;
    }
    if ($_POST['dmn_type'] === 'dmn') {
        $ftp_user = $username . $cfg['FTP_USERNAME_SEPARATOR'] . $dmn_name;
        if (isset($_POST['use_other_dir']) && $_POST['use_other_dir'] === 'on') {
            $ftp_home = $cfg['FTP_HOMEDIR'] . "/{$dmn_name}" . $_POST['other_dir'];
            if (!is_dir($ftp_home) || $res !== 0) {
                set_page_message($_POST['other_dir'] . tr(' do not exist'));
                return;
            }
        } else {
            $ftp_home = $cfg['FTP_HOMEDIR'] . "/{$dmn_name}";
        }
    } else {
        if ($_POST['dmn_type'] === 'als') {
            $ftp_user = $username . $cfg['FTP_USERNAME_SEPARATOR'] . $_POST['als_id'];
            $alias_mount_point = get_alias_mount_point($sql, $_POST['als_id']);
            if (isset($_POST['use_other_dir']) && $_POST['use_other_dir'] === 'on') {
                $ftp_home = $cfg['FTP_HOMEDIR'] . "/{$dmn_name}" . $_POST['other_dir'];
                if (!is_dir($ftp_home) || $res !== 0) {
                    set_page_message($_POST['other_dir'] . tr(' do not exist'));
                    return;
                }
            } else {
                $ftp_home = $cfg['FTP_HOMEDIR'] . "/{$dmn_name}" . $alias_mount_point;
            }
        } else {
            if ($_POST['dmn_type'] === 'sub') {
                $ftp_user = $username . $cfg['FTP_USERNAME_SEPARATOR'] . $_POST['sub_id'] . '.' . $dmn_name;
                if (isset($_POST['use_other_dir']) && $_POST['use_other_dir'] === 'on') {
                    $ftp_home = $cfg['FTP_HOMEDIR'] . "/{$dmn_name}" . $_POST['other_dir'];
                    if (!is_dir($ftp_home) || $res !== 0) {
                        set_page_message($_POST['other_dir'] . tr(' do not exist'));
                        return;
                    }
                } else {
                    $ftp_home = $cfg['FTP_HOMEDIR'] . "/{$dmn_name}" . "/" . $_POST['sub_id'];
                }
            }
        }
    }
    $ftp_gid = get_ftp_user_gid($sql, $dmn_name, $ftp_user);
    $ftp_uid = get_ftp_user_uid($sql, $dmn_name, $ftp_user, $ftp_gid);
    if ($ftp_uid == -1) {
        return;
    }
    $ftp_shell = $cfg['FTP_SHELL'];
    $ftp_passwd = crypt_user_ftp_pass($_POST['pass']);
    $query = <<<SQL_QUERY
        insert into ftp_users
            (userid, passwd, uid, gid, shell, homedir)
        values
            (?, ?, ?, ?, ?, ?)
SQL_QUERY;
    $rs = exec_query($sql, $query, array($ftp_user, $ftp_passwd, $ftp_uid, $ftp_gid, $ftp_shell, $ftp_home));
    write_log($_SESSION['user_logged'] . " : add new FTP account  -> {$ftp_user}");
    set_page_message(tr('FTP account added!'));
    header('Location: ftp_accounts.php');
    exit(0);
}