function add_ftp_user($sql, $dmn_name) { $cfg = EasySCP_Registry::get('Config'); $username = strtolower(clean_input($_POST['username'])); if (!validates_username($username)) { set_page_message(tr("Incorrect username length or syntax!"), 'warning'); return; } // Set default values ($ftp_home may be overwritten if user // has specified a mount point) switch ($_POST['dmn_type']) { // Default moint point for a domain case 'dmn': $ftp_user = $username . $cfg->FTP_USERNAME_SEPARATOR . $dmn_name; $ftp_home = $cfg->FTP_HOMEDIR . "/{$dmn_name}"; break; // Default mount point for an alias domain // Default mount point for an alias domain case 'als': $ftp_user = $username . $cfg->FTP_USERNAME_SEPARATOR . $_POST['als_id']; $alias_mount_point = get_alias_mount_point($sql, $_POST['als_id']); $ftp_home = $cfg->FTP_HOMEDIR . "/{$dmn_name}" . $alias_mount_point; break; // Default mount point for a subdomain // Default mount point for a subdomain case 'sub': $ftp_user = $username . $cfg->FTP_USERNAME_SEPARATOR . $_POST['sub_id'] . '.' . $dmn_name; $ftp_home = $cfg->FTP_HOMEDIR . "/{$dmn_name}/" . clean_input($_POST['sub_id']); break; // Unknown domain type (?) // Unknown domain type (?) default: set_page_message(tr('Unknown domain type'), 'error'); return; break; } // User-specified mount point if (isset($_POST['use_other_dir']) && $_POST['use_other_dir'] === 'on') { $ftp_vhome = clean_input($_POST['other_dir'], false); // Strip possible double-slashes $ftp_vhome = str_replace('//', '/', $ftp_vhome); // Check for updirs ".." $res = preg_match("/\\.\\./", $ftp_vhome); if ($res !== 0) { set_page_message(tr('Incorrect mount point length or syntax'), 'error'); return; } $ftp_home = $cfg->FTP_HOMEDIR . "/{$dmn_name}/" . $ftp_vhome; // Strip possible double-slashes $ftp_home = str_replace('//', '/', $ftp_home); // Check for $ftp_vhome existence // Create a virtual filesystem (it's important to use =&!) $vfs = new EasySCP_VirtualFileSystem($dmn_name, $sql); // Check for directory existence $res = $vfs->exists($ftp_vhome); if (!$res) { set_page_message(tr('%s does not exist', $ftp_vhome), 'error'); return; } } // End of user-specified mount-point $ftp_gid = get_ftp_user_gid($sql, $dmn_name, $ftp_user); $ftp_uid = get_ftp_user_uid($sql, $dmn_name, $ftp_user, $ftp_gid); if ($ftp_uid == -1) { return; } $ftp_shell = $cfg->CMD_SHELL; $ftp_passwd = crypt_user_pass_with_salt($_POST['pass']); $ftp_loginpasswd = encrypt_db_password($_POST['pass']); $query = "\n\t\tINSERT INTO ftp_users\n\t\t\t(`userid`, `passwd`, `net2ftppasswd`, `uid`, `gid`, `shell`, `homedir`)\n\t\tVALUES\n\t\t\t(?, ?, ?, ?, ?, ?, ?)\n\t"; exec_query($sql, $query, array($ftp_user, $ftp_passwd, $ftp_loginpasswd, $ftp_uid, $ftp_gid, $ftp_shell, $ftp_home)); $domain_props = get_domain_default_props($_SESSION['user_id']); update_reseller_c_props($domain_props['domain_created_id']); write_log($_SESSION['user_logged'] . ": add new FTP account: {$ftp_user}"); set_page_message(tr('FTP account added!'), 'success'); user_goto('ftp_accounts.php'); }
function add_ftp_user(&$sql, $dmn_name) { global $cfg; $username = strtolower($_POST['username']); $res_uname = preg_match("/\\./", $username, $match); if ($res_uname == 1) { set_page_message(tr("Incorrect username range or syntax!")); return; } $res = preg_match("/\\.\\./", $_POST['other_dir'], $match); if (chk_username($username)) { set_page_message(tr("Incorrect username range or syntax!")); return; } if ($_POST['dmn_type'] === 'dmn') { $ftp_user = $username . $cfg['FTP_USERNAME_SEPARATOR'] . $dmn_name; if (isset($_POST['use_other_dir']) && $_POST['use_other_dir'] === 'on') { $ftp_home = $cfg['FTP_HOMEDIR'] . "/{$dmn_name}" . $_POST['other_dir']; if (!is_dir($ftp_home) || $res !== 0) { set_page_message($_POST['other_dir'] . tr(' do not exist')); return; } } else { $ftp_home = $cfg['FTP_HOMEDIR'] . "/{$dmn_name}"; } } else { if ($_POST['dmn_type'] === 'als') { $ftp_user = $username . $cfg['FTP_USERNAME_SEPARATOR'] . $_POST['als_id']; $alias_mount_point = get_alias_mount_point($sql, $_POST['als_id']); if (isset($_POST['use_other_dir']) && $_POST['use_other_dir'] === 'on') { $ftp_home = $cfg['FTP_HOMEDIR'] . "/{$dmn_name}" . $_POST['other_dir']; if (!is_dir($ftp_home) || $res !== 0) { set_page_message($_POST['other_dir'] . tr(' do not exist')); return; } } else { $ftp_home = $cfg['FTP_HOMEDIR'] . "/{$dmn_name}" . $alias_mount_point; } } else { if ($_POST['dmn_type'] === 'sub') { $ftp_user = $username . $cfg['FTP_USERNAME_SEPARATOR'] . $_POST['sub_id'] . '.' . $dmn_name; if (isset($_POST['use_other_dir']) && $_POST['use_other_dir'] === 'on') { $ftp_home = $cfg['FTP_HOMEDIR'] . "/{$dmn_name}" . $_POST['other_dir']; if (!is_dir($ftp_home) || $res !== 0) { set_page_message($_POST['other_dir'] . tr(' do not exist')); return; } } else { $ftp_home = $cfg['FTP_HOMEDIR'] . "/{$dmn_name}" . "/" . $_POST['sub_id']; } } } } $ftp_gid = get_ftp_user_gid($sql, $dmn_name, $ftp_user); $ftp_uid = get_ftp_user_uid($sql, $dmn_name, $ftp_user, $ftp_gid); if ($ftp_uid == -1) { return; } $ftp_shell = $cfg['FTP_SHELL']; $ftp_passwd = crypt_user_ftp_pass($_POST['pass']); $query = <<<SQL_QUERY insert into ftp_users (userid, passwd, uid, gid, shell, homedir) values (?, ?, ?, ?, ?, ?) SQL_QUERY; $rs = exec_query($sql, $query, array($ftp_user, $ftp_passwd, $ftp_uid, $ftp_gid, $ftp_shell, $ftp_home)); write_log($_SESSION['user_logged'] . " : add new FTP account -> {$ftp_user}"); set_page_message(tr('FTP account added!')); header('Location: ftp_accounts.php'); exit(0); }