/**
* Load user data
*
* @param int $adminId Customer unique identifier
* @return void
*/
function reseller_loadUserData($adminId)
{
global $adminName, $email, $customerId, $firstName, $lastName, $firm, $zip, $gender, $city, $state, $country, $street1, $street2, $phone, $fax;
$stmt = exec_query('
SELECT
admin_name, created_by, fname, lname, firm, zip, city, state, country, email, phone, fax, street1,
street2, customer_id, gender
FROM
admin
WHERE
admin_id = ?
AND
created_by = ?
', array($adminId, $_SESSION['user_id']));
if ($stmt->rowCount()) {
$data = $stmt->fetchRow();
$adminName = $data['admin_name'];
$email = $data['email'];
$customerId = $data['customer_id'];
$firstName = $data['fname'];
$lastName = $data['lname'];
$gender = $data['gender'];
$firm = $data['firm'];
$zip = $data['zip'];
$city = $data['city'];
$state = $data['state'];
$country = $data['country'];
$street1 = $data['street1'];
$street2 = $data['street2'];
$phone = $data['phone'];
$fax = $data['fax'];
} else {
showBadRequestErrorPage();
}
}
/**
* Generate domain statistics for the given period
*
* @param iMSCP_pTemplate $tpl Template engine instance
* @param int $userId User unique identifier
* @return void
*/
function generatePage($tpl, $userId)
{
$stmt = exec_query('
SELECT
admin_name, domain_id
FROM
admin
INNER JOIN
domain ON(domain_admin_id = admin_id)
WHERE
admin_id = ?
AND
created_by = ?
', array($userId, $_SESSION['user_id']));
if (!$stmt->rowCount()) {
showBadRequestErrorPage();
}
$row = $stmt->fetchRow(PDO::FETCH_ASSOC);
$domainId = $row['domain_id'];
$adminName = decode_idna($row['admin_name']);
if (isset($_POST['month']) && isset($_POST['year'])) {
$year = intval($_POST['year']);
$month = intval($_POST['month']);
} else {
$month = date('m');
$year = date('Y');
}
$stmt = exec_query('SELECT dtraff_time FROM domain_traffic WHERE domain_id = ? ORDER BY dtraff_time ASC LIMIT 1', $domainId);
if ($stmt->rowCount()) {
$row = $stmt->fetchRow(PDO::FETCH_ASSOC);
$numberYears = date('y') - date('y', $row['dtraff_time']);
$numberYears = $numberYears ? $numberYears + 1 : 1;
} else {
$numberYears = 1;
}
generateMonthsAndYearsHtmlList($tpl, $month, $year, $numberYears);
$stmt = exec_query('SELECT domain_id FROM domain_traffic WHERE dtraff_time BETWEEN ? AND ? LIMIT 1', array(getFirstDayOfMonth($month, $year), getLastDayOfMonth($month, $year)));
if ($stmt->rowCount()) {
$requestedPeriod = getLastDayOfMonth($month, $year);
$toDay = $requestedPeriod < time() ? date('j', $requestedPeriod) : date('j');
$all = array_fill(0, 8, 0);
$dateFormat = iMSCP_Registry::get('config')->DATE_FORMAT;
for ($fromDay = 1; $fromDay <= $toDay; $fromDay++) {
$beginTime = mktime(0, 0, 0, $month, $fromDay, $year);
$endTime = mktime(23, 59, 59, $month, $fromDay, $year);
list($webTraffic, $ftpTraffic, $smtpTraffic, $popTraffic) = _getDomainTraffic($domainId, $beginTime, $endTime);
$tpl->assign(array('DATE' => date($dateFormat, strtotime($year . '-' . $month . '-' . $fromDay)), 'WEB_TRAFFIC' => bytesHuman($webTraffic), 'FTP_TRAFFIC' => bytesHuman($ftpTraffic), 'SMTP_TRAFFIC' => bytesHuman($smtpTraffic), 'POP3_TRAFFIC' => bytesHuman($popTraffic), 'ALL_TRAFFIC' => bytesHuman($webTraffic + $ftpTraffic + $smtpTraffic + $popTraffic)));
$all[0] += $webTraffic;
$all[1] += $ftpTraffic;
$all[2] += $smtpTraffic;
$all[3] += $popTraffic;
$tpl->parse('TRAFFIC_TABLE_ITEM', '.traffic_table_item');
}
$tpl->assign(array('USER_ID' => tohtml($userId), 'USERNAME' => tohtml($adminName), 'ALL_WEB_TRAFFIC' => tohtml(bytesHuman($all[0])), 'ALL_FTP_TRAFFIC' => tohtml(bytesHuman($all[1])), 'ALL_SMTP_TRAFFIC' => tohtml(bytesHuman($all[2])), 'ALL_POP3_TRAFFIC' => tohtml(bytesHuman($all[3])), 'ALL_ALL_TRAFFIC' => tohtml(bytesHuman(array_sum($all)))));
} else {
set_page_message(tr('No statistics found for the given period. Try another period.'), 'static_info');
$tpl->assign(array('USERNAME' => tohtml($adminName), 'USER_ID' => tohtml($userId), 'USER_STATISTICS_DETAILS_BLOCK' => ''));
}
}
/**
* Generates page
*
* @param iMSCP_pTemplate $tpl Template instance engine
* @param int $domainId Domain unique identifier
* @return void
*/
function reseller_generatePage($tpl, $domainId)
{
$stmt = exec_query('
SELECT
domain_admin_id
FROM
domain
INNER JOIN
admin ON(admin_id = domain_admin_id)
WHERE
domain_id = ?
AND
created_by = ?
', array($domainId, $_SESSION['user_id']));
if (!$stmt->rowCount()) {
showBadRequestErrorPage();
}
$domainAdminId = $stmt->fields['domain_admin_id'];
$domainProperties = get_domain_default_props($domainAdminId, $_SESSION['user_id']);
// Domain IP address info
$stmt = exec_query("SELECT ip_number FROM server_ips WHERE ip_id = ?", $domainProperties['domain_ip_id']);
if (!$stmt->rowCount()) {
$domainIpAddr = tr('Not found.');
} else {
$domainIpAddr = $stmt->fields['ip_number'];
}
$domainStatus = $domainProperties['domain_status'];
// Domain status
if ($domainStatus == 'ok' || $domainStatus == 'disabled' || $domainStatus == 'todelete' || $domainStatus == 'toadd' || $domainStatus == 'torestore' || $domainStatus == 'tochange' || $domainStatus == 'toenable' || $domainStatus == 'todisable') {
$domainStatus = '<span style="color:green">' . tohtml(translate_dmn_status($domainStatus)) . '</span>';
} else {
$domainStatus = '<b><font size="3" color="red">' . $domainStatus . "</font></b>";
}
// Get total domain traffic usage in bytes
$query = "\n SELECT\n IFNULL(SUM(dtraff_web), 0) AS dtraff_web, IFNULL(SUM(dtraff_ftp), 0) AS dtraff_ftp,\n IFNULL(SUM(dtraff_mail), 0) AS dtraff_mail, IFNULL(SUM(dtraff_pop), 0) AS dtraff_pop\n FROM\n domain_traffic\n WHERE\n domain_id = ?\n AND\n dtraff_time BETWEEN ? AND ?\n ";
$stmt = exec_query($query, array($domainProperties['domain_id'], getFirstDayOfMonth(), getLastDayOfMonth()));
if ($stmt->rowCount()) {
$trafficUsageBytes = $stmt->fields['dtraff_web'] + $stmt->fields['dtraff_ftp'] + $stmt->fields['dtraff_mail'] + $stmt->fields['dtraff_pop'];
} else {
$trafficUsageBytes = 0;
}
// Get limits in bytes
$trafficLimitBytes = $domainProperties['domain_traffic_limit'] * 1048576;
$diskspaceLimitBytes = $domainProperties['domain_disk_limit'] * 1048576;
// Get usages in percent
$trafficUsagePercent = make_usage_vals($trafficUsageBytes, $trafficLimitBytes);
$diskspaceUsagePercent = make_usage_vals($domainProperties['domain_disk_usage'], $diskspaceLimitBytes);
// Get Email quota info
list($quota, $quotaLimit) = reseller_gen_mail_quota_limit_mgs($domainAdminId);
# Features
$trEnabled = '<span style="color:green">' . tr('Enabled') . '</span>';
$trDisabled = '<span style="color:red">' . tr('Disabled') . '</span>';
$tpl->assign(array('DOMAIN_ID' => $domainId, 'VL_DOMAIN_NAME' => tohtml(decode_idna($domainProperties['domain_name'])), 'VL_DOMAIN_IP' => tohtml($domainIpAddr), 'VL_STATUS' => $domainStatus, 'VL_PHP_SUPP' => $domainProperties['domain_php'] == 'yes' ? $trEnabled : $trDisabled, 'VL_PHP_EDITOR_SUPP' => $domainProperties['phpini_perm_system'] == 'yes' ? $trEnabled : $trDisabled, 'VL_CGI_SUPP' => $domainProperties['domain_cgi'] == 'yes' ? $trEnabled : $trDisabled, 'VL_DNS_SUPP' => $domainProperties['domain_dns'] == 'yes' ? $trEnabled : $trDisabled, 'VL_EXT_MAIL_SUPP' => $domainProperties['domain_external_mail'] == 'yes' ? $trEnabled : $trDisabled, 'VL_SOFTWARE_SUPP' => $domainProperties['domain_software_allowed'] == 'yes' ? $trEnabled : $trDisabled, 'VL_BACKUP_SUP' => translate_limit_value($domainProperties['allowbackup']), 'VL_TRAFFIC_PERCENT' => $trafficUsagePercent, 'VL_TRAFFIC_USED' => bytesHuman($trafficUsageBytes), 'VL_TRAFFIC_LIMIT' => bytesHuman($trafficLimitBytes), 'VL_DISK_PERCENT' => $diskspaceUsagePercent, 'VL_DISK_USED' => bytesHuman($domainProperties['domain_disk_usage']), 'VL_DISK_LIMIT' => bytesHuman($diskspaceLimitBytes), 'VL_MAIL_ACCOUNTS_USED' => get_domain_running_mail_acc_cnt($domainId), 'VL_MAIL_ACCOUNTS_LIMIT' => translate_limit_value($domainProperties['domain_mailacc_limit']), 'VL_MAIL_QUOTA_USED' => $quota, 'VL_MAIL_QUOTA_LIMIT' => $domainProperties['domain_mailacc_limit'] != '-1' ? $quotaLimit : tr('Disabled'), 'VL_FTP_ACCOUNTS_USED' => get_customer_running_ftp_acc_cnt($domainAdminId), 'VL_FTP_ACCOUNTS_LIMIT' => translate_limit_value($domainProperties['domain_ftpacc_limit']), 'VL_SQL_DB_ACCOUNTS_USED' => get_domain_running_sqld_acc_cnt($domainId), 'VL_SQL_DB_ACCOUNTS_LIMIT' => translate_limit_value($domainProperties['domain_sqld_limit']), 'VL_SQL_USER_ACCOUNTS_USED' => get_domain_running_sqlu_acc_cnt($domainId), 'VL_SQL_USER_ACCOUNTS_LIMIT' => translate_limit_value($domainProperties['domain_sqlu_limit']), 'VL_SUBDOM_ACCOUNTS_USED' => get_domain_running_sub_cnt($domainId), 'VL_SUBDOM_ACCOUNTS_LIMIT' => translate_limit_value($domainProperties['domain_subd_limit']), 'VL_DOMALIAS_ACCOUNTS_USED' => get_domain_running_als_cnt($domainId), 'VL_DOMALIAS_ACCOUNTS_LIMIT' => translate_limit_value($domainProperties['domain_alias_limit'])));
}
/**
* Deactivate OpenDKIM for the given customer
*
* @param int $customerId Customer unique identifier
* @return void
*/
function opendkim_deactivate($customerId)
{
$stmt = exec_query('SELECT COUNT(admin_id) AS cnt FROM admin WHERE admin_id = ? AND created_by = ? AND admin_status = ?', array($customerId, $_SESSION['user_id'], 'ok'));
$row = $stmt->fetchRow(PDO::FETCH_ASSOC);
if ($row['cnt']) {
exec_query('UPDATE opendkim SET opendkim_status = ? WHERE admin_id = ?', array('todelete', $customerId));
send_request();
set_page_message(tr('OpenDKIM support scheduled for deactivation. This can take few seconds.'), 'success');
} else {
showBadRequestErrorPage();
}
}
/**
* Generate page and return software unique identifier.
*
* @param iMSCP_pTemplate $tpl Template engine instance
* @return int software unique identifier
*/
function client_generatePage($tpl)
{
if (!isset($_GET['id']) || $_GET['id'] === '' || !is_numeric($_GET['id'])) {
showBadRequestErrorPage();
exit;
// Useless but avoid IDE warning about possible undefined variable
} else {
$softwareId = intval($_GET['id']);
}
$domainProperties = get_domain_default_props($_SESSION['user_id']);
$stmt = exec_query('SELECT created_by FROM admin WHERE admin_id = ?', $_SESSION['user_id']);
get_software_props($tpl, $domainProperties['domain_id'], $softwareId, $stmt->fields['created_by'], $domainProperties['domain_sqld_limit']);
return $softwareId;
}
/**
* Add SQL database
*
* @param int $userId
* @return void
*/
function client_addSqlDb($userId)
{
if (!isset($_POST['uaction'])) {
return;
}
if (!isset($_POST['db_name'])) {
showBadRequestErrorPage();
}
$dbName = clean_input($_POST['db_name']);
if ($_POST['db_name'] === '') {
set_page_message(tr('Please type database name.'), 'error');
return;
}
$mainDmnId = get_user_domain_id($userId);
if (isset($_POST['use_dmn_id']) && $_POST['use_dmn_id'] === 'on') {
if (isset($_POST['id_pos']) && $_POST['id_pos'] === 'start') {
$dbName = $mainDmnId . '_' . $dbName;
} elseif (isset($_POST['id_pos']) && $_POST['id_pos'] === 'end') {
$dbName = $dbName . '_' . $mainDmnId;
}
}
if (strlen($dbName) > 64) {
set_page_message(tr('Database name is too long.'), 'error');
return;
}
if ($dbName === 'test' || client_isDatabase($dbName)) {
set_page_message(tr('Database name is unavailable.'), 'error');
return;
}
if (preg_match('/[%|\\?]+/', $dbName)) {
set_page_message(tr("Wildcards such as 's%' and 's%' are not allowed.", '%', '?'), 'error');
return;
}
$responses = iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onBeforeAddSqlDb, array('dbName' => $dbName));
if (!$responses->isStopped()) {
execute_query(sprintf('CREATE DATABASE IF NOT EXISTS %s', quoteIdentifier($dbName)));
exec_query('INSERT INTO sql_database (domain_id, sqld_name) VALUES (?, ?)', array($mainDmnId, $dbName));
set_page_message(tr('SQL database successfully created.'), 'success');
write_log(sprintf('%s added new SQL database: %s', decode_idna($_SESSION['user_logged']), $dbName), E_USER_NOTICE);
iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onAfterAddSqlDb, array('dbName' => $dbName));
}
redirectTo('sql_manage.php');
}
/**
* Update SQL user password
*
* @param int $id Sql user id
* @param string $user Sql user name
* @param string $host SQL user host
* @çeturn void
*/
function client_updateSqlUserPassword($id, $user, $host)
{
if (!isset($_POST['uaction'])) {
return;
}
if (!isset($_POST['password']) || !isset($_POST['password_confirmation'])) {
showBadRequestErrorPage();
}
$password = clean_input($_POST['password']);
$passwordConf = clean_input($_POST['password_confirmation']);
if ($password === '') {
set_page_message(tr('Password cannot be empty.'), 'error');
return;
}
if ($passwordConf === '') {
set_page_message(tr('Please confirm the password.'), 'error');
return;
}
if ($password !== $passwordConf) {
set_page_message(tr('Passwords do not match.'), 'error');
return;
}
if (!checkPasswordSyntax($password)) {
return;
}
$config = iMSCP_Registry::get('config');
$mysqlConfig = new iMSCP_Config_Handler_File($config['CONF_DIR'] . '/mysql/mysql.data');
iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onBeforeEditSqlUser, array('sqlUserId' => $id));
// Here we cannot use transaction due to statements that cause an implicit commit. Thus we execute
// those statements first to let the i-MSCP database in clean state if one of them fails.
// See https://dev.mysql.com/doc/refman/5.7/en/implicit-commit.html for more details
// Update SQL user password in the mysql system tables;
if (strpos('mariadb', $config['SQL_SERVER']) !== false || version_compare($mysqlConfig['SQLD_VERSION'], '5.7.6', '<')) {
exec_query('SET PASSWORD FOR ?@? = PASSWORD(?)', array($user, $host, $password));
} else {
exec_query('ALTER USER ?@? IDENTIFIED BY ? PASSWORD EXPIRE NEVER', array($user, $host, $password));
}
exec_query('UPDATE sql_user SET sqlu_pass = ? WHERE sqlu_name = ? AND sqlu_host = ?', array($password, $user, $host));
set_page_message(tr('SQL user password successfully updated.'), 'success');
write_log(sprintf('%s updated %s@%s SQL user password.', decode_idna($_SESSION['user_logged']), $user, $host), E_USER_NOTICE);
iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onAfterEditSqlUser, array('sqlUserId' => $id));
redirectTo('sql_manage.php');
}
/**
* Generates customer account deletion validation page.
*
* @param int $userId Customer account unique identifier
* @return iMSCP_pTemplate
*/
function admin_generateCustomerAcountDeletionValidationPage($userId)
{
/** @var $cfg iMSCP_Config_Handler_File */
$cfg = iMSCP_Registry::get('config');
$stmt = exec_query('SELECT admin_name FROM admin WHERE admin_id = ?', $userId);
if (!$stmt->rowCount()) {
showBadRequestErrorPage();
}
$adminName = decode_idna($stmt->fields['admin_name']);
$tpl = new iMSCP_pTemplate();
$tpl->define_dynamic(array('layout' => 'shared/layouts/ui.tpl', 'page' => 'admin/user_delete.tpl', 'page_message' => 'layout', 'mail_list' => 'page', 'mail_item' => 'mail_list', 'ftp_list' => 'page', 'ftp_item' => 'ftp_list', 'dmn_list' => 'page', 'dmn_item' => 'dmn_list', 'als_list' => 'page', 'als_item' => 'als_list', 'sub_list' => 'page', 'sub_item' => 'sub_list', 'db_list' => 'page', 'db_item' => 'db_list'));
$tpl->assign(array('TR_PAGE_TITLE' => tr('Admin / Users / Overview / Delete Customer'), 'TR_ACCOUNT_SUMMARY' => tr('Customer account summary'), 'TR_EMAILS' => tr('Emails'), 'TR_FTP_ACCOUNTS' => tr('Ftp accounts'), 'TR_DOMAINS' => tr('Domains'), 'TR_DOMAIN_ALIASES' => tr('Domain aliases'), 'TR_SUBDOMAINS' => tr('Subdomains'), 'TR_DATABASES' => tr('SQL databases'), 'TR_REALLY_WANT_TO_DELETE_CUSTOMER_ACCOUNT' => tr("Do you really want to delete the entire %s customer account? This operation cannot be undone.", "<strong>{$adminName}</strong>"), 'USER_ID' => $userId, 'TR_YES_DELETE_ACCOUNT' => tr('Yes, delete this account.'), 'TR_DELETE' => tr('Delete'), 'TR_CANCEL' => tr('Cancel')));
generateNavigation($tpl);
// Checks for mail accounts
$stmt = exec_query('
SELECT
mail_type, mail_addr
FROM
mail_users
WHERE
domain_id IN (SELECT domain_id FROM domain WHERE domain_admin_id = ?)
', $userId);
if ($stmt->rowCount()) {
while ($row = $stmt->fetchRow(PDO::FETCH_ASSOC)) {
$mailTypes = explode(',', $row['mail_type']);
$mailTypesdisplayArray = array();
foreach ($mailTypes as $mtype) {
$mailTypesdisplayArray[] = user_trans_mail_type($mtype);
}
$mailTypesdisplayTxt = implode(', ', $mailTypesdisplayArray);
$addr = explode('@', $row['mail_addr']);
$tpl->assign(array('MAIL_ADDR' => tohtml($addr[0] . '@' . decode_idna($addr[1])), 'MAIL_TYPE' => $mailTypesdisplayTxt));
$tpl->parse('MAIL_ITEM', '.mail_item');
}
} else {
$tpl->assign('MAIL_LIST', '');
}
// Checks for FTP accounts
$stmt = exec_query('SELECT userid, homedir FROM ftp_users WHERE admin_id = ?', $userId);
if ($stmt->rowCount()) {
while ($row = $stmt->fetchRow(PDO::FETCH_ASSOC)) {
$username = explode('@', $row['userid']);
$tpl->assign(array('FTP_USER' => tohtml($username[0] . '@' . decode_idna($username[1])), 'FTP_HOME' => tohtml(substr($row['homedir'], strlen($cfg->USER_WEB_DIR)))));
$tpl->parse('FTP_ITEM', '.ftp_item');
}
} else {
$tpl->assign('FTP_LIST', '');
}
// Check for domains
// NOTE: Currently, each customer has only one domain but that will change in near future
$stmt = exec_query('SELECT domain_id, domain_name FROM domain WHERE domain_admin_id = ?', $userId);
$domainId = $stmt->fields['domain_id'];
$domainName = tohtml(decode_idna($stmt->fields['domain_name']));
$tpl->assign('DOMAIN_NAME', $domainName);
$tpl->parse('DMN_ITEM', '.dmn_item');
// Checks for domain's aliases
$aliasIds = array();
$stmt = exec_query('SELECT alias_id, alias_name, alias_mount FROM domain_aliasses WHERE domain_id = ?', $domainId);
if ($stmt->rowCount()) {
while ($data = $stmt->fetchRow(PDO::FETCH_ASSOC)) {
$aliasIds[] = $data['alias_id'];
$tpl->assign(array('ALS_NAME' => tohtml(decode_idna($data['alias_name'])), 'ALS_MNT' => tohtml($data['alias_mount'])));
$tpl->parse('ALS_ITEM', '.als_item');
}
} else {
$tpl->assign('ALS_LIST', '');
}
// Checks for subdomains
$stmt = exec_query('SELECT subdomain_name, subdomain_mount FROM subdomain WHERE domain_id = ?', $domainId);
if ($stmt->rowCount()) {
while ($data = $stmt->fetchRow(PDO::FETCH_ASSOC)) {
$tpl->assign(array('SUB_NAME' => tohtml(decode_idna($data['subdomain_name'])), 'SUB_MNT' => tohtml($data['subdomain_mount'])));
$tpl->parse('SUB_ITEM', '.sub_item');
}
} else {
$tpl->assign('SUB_LIST', '');
}
// Checks subdomain_alias
if (count($aliasIds)) {
$aliasIds = implode(',', $aliasIds);
$stmt = execute_query("SELECT subdomain_alias_name, subdomain_alias_mount FROM subdomain_alias WHERE alias_id IN ({$aliasIds})");
if ($stmt->rowCount()) {
while ($row = $stmt->fetchRow(PDO::FETCH_ASSOC)) {
$tpl->assign(array('SUB_NAME' => tohtml(decode_idna($row['subdomain_alias_name'])), 'SUB_MNT' => tohtml($row['subdomain_alias_mount'])));
$tpl->parse('SUB_ITEM', '.sub_item');
}
}
}
// Checks for databases and SQL users
$stmt = exec_query('SELECT sqld_id, sqld_name FROM sql_database WHERE domain_id = ?', $domainId);
if ($stmt->rowCount()) {
while ($row = $stmt->fetchRow(PDO::FETCH_ASSOC)) {
$stmt2 = exec_query('SELECT sqlu_name FROM sql_user WHERE sqld_id = ?', $row['sqld_id']);
$sqlUsersList = array();
if ($stmt2->rowCount()) {
while ($row2 = $stmt2->fetchRow(PDO::FETCH_ASSOC)) {
$sqlUsersList[] = $row2['sqlu_name'];
}
}
$tpl->assign(array('DB_NAME' => tohtml($row['sqld_name']), 'DB_USERS' => tohtml(implode(', ', $sqlUsersList))));
$tpl->parse('DB_ITEM', '.db_item');
}
} else {
$tpl->assign('DB_LIST', '');
}
return $tpl;
}
/**
* Send circular
*
* @return bool TRUE on success, FALSE otherwise
*/
function reseller_sendCircular()
{
if (isset($_POST['sender_name']) && isset($_POST['sender_email']) && isset($_POST['subject']) && isset($_POST['body'])) {
$senderName = clean_input($_POST['sender_name']);
$senderEmail = clean_input($_POST['sender_email']);
$subject = clean_input($_POST['subject'], false);
$body = clean_input($_POST['body'], false);
if (reseller_isValidCircular($senderName, $senderEmail, $subject, $body)) {
$responses = iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onBeforeSendCircular, array('sender_name' => $senderName, 'sender_email' => $senderEmail, 'rcpt_to' => 'customers', 'subject' => $subject, 'body' => $body));
if (!$responses->isStopped()) {
reseller_sendToCustomers($senderName, $senderEmail, $subject, $body);
iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onAfterSendCircular, array('sender_name' => $senderName, 'sender_email' => $senderEmail, 'rcpt_to' => 'customers', 'subject' => $subject, 'body' => $body));
set_page_message(tr('Circular successfully sent.'), 'success');
write_log('A circular has been sent by reseller: ' . tohtml("{$senderName} <{$senderEmail}>"), E_USER_NOTICE);
}
} else {
return false;
}
} else {
showBadRequestErrorPage();
}
return true;
}
/**
* Do bulk action (activate|deactivate|protect)
*
* @param PluginManager $pluginManager
* @return void
*/
function doBulkAction($pluginManager)
{
$action = clean_input($_POST['bulk_actions']);
if (!in_array($action, array('install', 'uninstall', 'enable', 'disable', 'delete', 'protect'))) {
showBadRequestErrorPage();
} elseif (isset($_POST['checked']) && is_array($_POST['checked']) && !empty($_POST['checked'])) {
foreach ($_POST['checked'] as $pluginName) {
doAction($pluginManager, clean_input($pluginName), $action);
}
} else {
set_page_message(tr('You must select at least one plugin.'), 'error');
}
}
*
* The Initial Developer of the Original Code is moleSoftware GmbH.
* Portions created by Initial Developer are Copyright (C) 2001-2006
* by moleSoftware GmbH. All Rights Reserved.
*
* Portions created by the ispCP Team are Copyright (C) 2006-2010 by
* isp Control Panel. All Rights Reserved.
*
* Portions created by the i-MSCP Team are Copyright (C) 2010-2015 by
* i-MSCP - internet Multi Server Control Panel. All Rights Reserved.
*/
// Include core library
require 'imscp-lib.php';
iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onAdminScriptStart);
check_login('admin');
systemHasAntiRootkits() or showBadRequestErrorPage();
$config = iMSCP_Registry::get('config');
$tpl = new iMSCP_pTemplate();
$tpl->define_dynamic(array('layout' => 'shared/layouts/ui.tpl', 'page' => 'admin/rootkit_log.tpl', 'page_message' => 'layout', 'antirootkits_log' => 'page'));
$tpl->assign('TR_PAGE_TITLE', tr('Admin / System Tools / Anti-Rootkits Logs'));
$antiRootkits = array();
if (isset($config['ANTI_ROOTKITS_PACKAGES'])) {
$antiRootkits = explode(',', $config['ANTI_ROOTKITS_PACKAGES']);
}
$antiRootkits[] = 'Other';
$antiRootkitLogFiles = array('Chkrootkit' => 'CHKROOTKIT_LOG', 'Rkhunter' => 'RKHUNTER_LOG', 'Other' => 'OTHER_ROOTKIT_LOG');
foreach ($antiRootkitLogFiles as $antiRootkit => $logVar) {
if (!in_array($antiRootkit, $antiRootkits) || !isset($config[$logVar]) || $config[$logVar] == '') {
unset($antiRootkitLogFiles[$antiRootkit]);
}
}
/**
* Update external mail server entries
*
* Note: In case all entries are marked as to be deleted, the external mail server is deactivated
*
* @throws iMSCP_Exception_Database
* @param array $item Item data (item id and item type)
* @return void
*/
function client_editExternalMailServerEntries($item)
{
$verifiedData = _client_getVerifiedData($item[0], $item[1]);
if (!empty($_POST)) {
// Preparing entries stack
$data['to_update'] = isset($_POST['to_update']) ? $_POST['to_update'] : array();
$data['to_delete'] = isset($_POST['to_delete']) ? $_POST['to_delete'] : array();
$data['type'] = isset($_POST['type']) ? $_POST['type'] : array();
$data['priority'] = isset($_POST['priority']) ? $_POST['priority'] : array();
$data['host'] = isset($_POST['host']) ? $_POST['host'] : array();
$responses = iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onBeforeAddExternalMailServer, array('externalMailServerEntries' => $data));
if (!$responses->isStopped()) {
$entriesCount = count($data['type']);
$error = false;
// Validate all entries
for ($index = 0; $index < $entriesCount; $index++) {
if (isset($data['type'][$index]) && isset($data['priority'][$index]) && isset($data['host'][$index])) {
$data['host'][$index] = strtolower(rtrim($data['host'][$index], '.'));
if (empty($data['to_delete'][$index]) && !_client_validateDnsMxRecord($data['type'][$index], $data['priority'][$index], $data['host'][$index], $verifiedData)) {
$error = true;
}
} else {
// Not all expected data were received
showBadRequestErrorPage();
}
}
// Add entries into database
if (!$error) {
/** @var $db iMSCP_Database */
$db = iMSCP_Database::getInstance();
try {
$db->beginTransaction();
$dnsEntriesIds = '';
# Spam Filter ( filter ) MX type has highter precedence
$spamFilterMX = false;
$wildcardMxOnly = true;
for ($index = 0; $index < $entriesCount; $index++) {
if (!empty($data['to_delete'][$index]) && in_array($data['to_delete'][$index], $verifiedData['external_mail_dns_ids'])) {
// Entry to delete
if (empty($data['to_update']) && empty($data['type'])) {
exec_query('UPDATE domain_dns SET domain_dns_status = ? WHERE domain_dns_id = ?', array('todelete', $data['to_delete'][$index]));
} else {
exec_query('DELETE FROM domain_dns WHERE domain_dns_id = ?', $data['to_delete'][$index]);
}
} elseif (!empty($data['to_update'][$index]) && in_array($data['to_update'][$index], $verifiedData['external_mail_dns_ids'])) {
// Entry to update
if ($data['type'][$index] == 'filter') {
$spamFilterMX = true;
$wildcardMxOnly = false;
} elseif ($data['type'][$index] == 'domain') {
$wildcardMxOnly = false;
}
exec_query('
UPDATE
domain_dns SET domain_dns = ?, domain_text = ?, domain_dns_status = ?
WHERE
domain_dns_id = ?
', array($data['type'][$index] != 'wildcard' ? $verifiedData['item_name'] . '.' : '*.' . $verifiedData['item_name'] . '.', $data['priority'][$index] . "\t" . encode_idna($data['host'][$index]) . '.', 'tochange', $data['to_update'][$index]));
$dnsEntriesIds .= ',' . $data['to_update'][$index];
} else {
// Entry to add
if ($data['type'][$index] == 'filter') {
$spamFilterMX = true;
$wildcardMxOnly = false;
} elseif ($data['type'][$index] == 'domain') {
$wildcardMxOnly = false;
}
exec_query('
INSERT INTO domain_dns (
domain_id, alias_id, domain_dns, domain_class, domain_type, domain_text,
owned_by, domain_dns_status
) VALUES (
?, ?, ?, ?, ?, ?, ?, ?
)
', array($verifiedData['domain_id'], $verifiedData['item_type'] == 'alias' ? $verifiedData['item_id'] : 0, $data['type'][$index] != 'wildcard' ? $verifiedData['item_name'] . '.' : '*.' . $verifiedData['item_name'] . '.', 'IN', 'MX', "{$data['priority'][$index]}\t" . encode_idna($data['host'][$index]) . '.', 'ext_mail_feature', 'toadd'));
$dnsEntriesIds .= ',' . $db->insertId();
}
}
$externalMailServer = $dnsEntriesIds !== '' ? $spamFilterMX ? 'filter' : ($wildcardMxOnly ? 'wildcard' : 'domain') : 'off';
if ($verifiedData['item_type'] == 'normal') {
exec_query('
UPDATE
domain SET external_mail = ?, domain_status = ?, external_mail_dns_ids = ?
WHERE
domain_id = ?
', array($externalMailServer, 'tochange', ltrim($dnsEntriesIds, ','), $verifiedData['item_id']));
} else {
exec_query('
UPDATE
domain_aliasses SET external_mail = ?, alias_status = ?, external_mail_dns_ids = ?
WHERE
alias_id = ?
', array($externalMailServer, 'tochange', ltrim($dnsEntriesIds, ','), $verifiedData['item_id']));
}
$db->commit();
iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onAfterAddExternalMailServer, array('externalMailServerEntries' => $data));
send_request();
if ($externalMailServer !== 'off') {
set_page_message(tr('External mail server successfully scheduled for update.'), 'success');
} else {
set_page_message(tr('External mail server successfully scheduled for deactivation.'), 'success');
}
redirectTo('mail_external.php');
} catch (iMSCP_Exception_Database $e) {
$db->rollBack();
if ($e->getCode() === 23000) {
set_page_message(tr('An entry is defined twice.'), 'error');
} else {
throw $e;
}
}
}
} else {
redirectTo('mail_external.php');
}
} else {
if (!empty($verifiedData['external_mail_dns_ids'])) {
$stmt = execute_query('
SELECT
*
FROM
domain_dns
WHERE
domain_dns_id IN(' . implode(',', $verifiedData['external_mail_dns_ids']) . ')
');
if ($stmt->rowCount()) {
$data = array();
while ($row = $stmt->fetchRow(PDO::FETCH_ASSOC)) {
$data['to_update'][] = $row['domain_dns_id'];
$data['type'][] = strpos($row['domain_dns'], '*') === false ? $verifiedData['external_mail_type'] == 'domain' ? 'domain' : 'filter' : 'wildcard';
list($priority, $host) = explode("\t", $row['domain_text'], 2);
$data['priority'][] = trim($priority);
$data['host'][] = rtrim($host, '.');
}
} else {
// DNS entries pointed by domain or domain alias were not found ( should never occurs )
if ($verifiedData['item_type'] == 'normal') {
$query = '
UPDATE
domain
SET
domain_status = ?, external_mail = ?, external_mail_dns_ids = ?
WHERE
domain_id = ?
';
} else {
$query = '
UPDATE
domain_aliasses
SET
alias_status = ?, external_mail = ?, external_mail_dns_ids = ?
WHERE
alias_id = ?
';
}
exec_query($query, array('tochange', 'off', null, $verifiedData['item_id']));
send_request();
set_page_message(tr('Entries associated to your external mail servers were not found. A Resynchronization has been scheduled.'), 'warning');
redirectTo('mail_external.php');
exit;
// Only to make some IDE happy
}
} else {
set_page_message('An unexpected error occurred.', 'error');
redirectTo('mail_external.php');
// No domain or domain alias data found ( should never occurs )
exit;
// Only to make some IDE happy
}
}
client_generateView($verifiedData, $data);
}
/**
* Generate page
*
* @throws iMSCP_Exception
* @throws iMSCP_Exception_Database
* @param iMSCP_pTemplate $tpl Template engine instance
* @param int $domainId Domain entity unique identifier
* @param string $domainType Domain entity type
* @return void
*/
function client_generatePage($tpl, $domainId, $domainType)
{
$domainName = _client_getDomainName($domainId, $domainType);
if ($domainName === false) {
showBadRequestErrorPage();
}
$stmt = exec_query('SELECT * FROM ssl_certs WHERE domain_id = ? AND domain_type = ?', array($domainId, $domainType));
if ($stmt->rowCount()) {
$row = $stmt->fetchRow(PDO::FETCH_ASSOC);
$dynTitle = customerHasFeature('ssl') && $row['status'] == 'ok' ? tr('Edit SSL certificate') : tr('Show SSL certificate');
$certId = $row['cert_id'];
$privateKey = tohtml($row['private_key']);
$certificate = tohtml($row['certificate']);
$caBundle = tohtml($row['ca_bundle']);
$trAction = tr('Update');
$status = $row['status'];
$tpl->assign('STATUS', translate_dmn_status($status));
} else {
if (customerHasFeature('ssl')) {
$dynTitle = tr('Add SSL certificate');
$trAction = tr('Add');
$certId = '0';
$privateKey = '';
$certificate = '';
$caBundle = '';
$tpl->assign('SSL_CERTIFICATE_STATUS', '');
} else {
set_page_message('SSL feature is currently disabled.', 'static_warning');
redirectTo('domains_manage.php');
return;
}
}
if (customerHasFeature('ssl') && isset($_POST['cert_id']) && isset($_POST['private_key']) && isset($_POST['certificate']) && isset($_POST['ca_bundle'])) {
$certId = $_POST['cert_id'];
$privateKey = $_POST['private_key'];
$certificate = $_POST['certificate'];
$caBundle = $_POST['ca_bundle'];
}
$tpl->assign(array('TR_DYNAMIC_TITLE' => $dynTitle, 'DOMAIN_NAME' => tohtml(encode_idna($domainName)), 'KEY_CERT' => tohtml(trim($privateKey)), 'CERTIFICATE' => tohtml(trim($certificate)), 'CA_BUNDLE' => tohtml(trim($caBundle)), 'CERT_ID' => tohtml(trim($certId)), 'TR_ACTION' => $trAction));
if (!customerHasFeature('ssl') || isset($status) && in_array($status, array('toadd', 'tochange', 'todelete'))) {
$tpl->assign('SSL_CERTIFICATE_ACTIONS', '');
if (!customerHasFeature('ssl')) {
set_page_message(tr('SSL feature is not available. You can only view your certificate.'), 'static_warning');
}
}
}
/**
* Update Ftp account
*
* @param string $userid Ftp userid
* @param string $mainDomainName Main domain name
* @return bool TRUE on success, FALSE on failure
*/
function updateFtpAccount($userid, $mainDomainName)
{
$ret = true;
if (!empty($_POST['password'])) {
if (empty($_POST['password_repeat']) || $_POST['password'] !== $_POST['password_repeat']) {
set_page_message(tr("Passwords do not match."), 'error');
$ret = false;
}
if (!checkPasswordSyntax($_POST['password'])) {
$ret = false;
}
$rawPassword = $_POST['password'];
$password = cryptPasswordWithSalt($rawPassword);
}
if (isset($_POST['home_dir'])) {
$homeDir = clean_input($_POST['home_dir']);
if ($homeDir != '/' && $homeDir != '') {
// Strip possible double-slashes
$homeDir = str_replace('//', '/', $homeDir);
// Check for updirs '..'
if (strpos($homeDir, '..') !== false) {
set_page_message(tr('Invalid home directory.'), 'error');
$ret = false;
}
if ($ret) {
$vfs = new iMSCP_VirtualFileSystem($mainDomainName);
// Check for directory existence
if (!$vfs->exists($homeDir)) {
set_page_message(tr("Home directory '%s' doesn't exist", $homeDir), 'error');
$ret = false;
}
}
}
} else {
showBadRequestErrorPage();
exit;
}
if ($ret) {
iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onBeforeEditFtp, array('ftpUserId' => $userid));
/** @var $cfg iMSCP_Config_Handler_File */
$cfg = iMSCP_Registry::get('config');
$homeDir = rtrim(str_replace('//', '/', $cfg->USER_WEB_DIR . '/' . $mainDomainName . '/' . $homeDir), '/');
if (isset($rawPassword) && isset($password) && isset($homeDir)) {
$query = "UPDATE `ftp_users` SET `passwd` = ?, `rawpasswd` = ?, `homedir` = ? WHERE `userid` = ?";
exec_query($query, array($password, $rawPassword, $homeDir, $userid));
} else {
$query = "UPDATE `ftp_users` SET `homedir` = ? WHERE `userid` = ?";
exec_query($query, array($homeDir, $userid));
}
iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onAfterEditFtp, array('ftpUserId' => $userid));
write_log(sprintf("%s updated Ftp account: %s", $_SESSION['user_logged'], $userid), E_USER_NOTICE);
set_page_message(tr('FTP account successfully updated.'), 'success');
}
return $ret;
}
/**
* Edit mail account
*
* @throws iMSCP_Exception
* @return bool TRUE on success, FALSE otherwise
*/
function client_editMailAccount()
{
if (isset($_POST['password']) && isset($_POST['password_rep']) && isset($_POST['quota']) && isset($_POST['forward_list'])) {
$mailData = client_getEmailAccountData(clean_input($_GET['id']));
$mainDmnProps = get_domain_default_props($_SESSION['user_id']);
$password = $forwardList = '_no_';
$mailType = '';
$quota = null;
if (preg_match('/^(.*?)_(?:mail|forward)/', $mailData['mail_type'], $match)) {
$domainType = $match[1];
} else {
throw new iMSCP_Exception('Unable to determine mail type');
}
$mailTypeNormal = isset($_POST['account_type']) && in_array($_POST['account_type'], array('1', '3'));
$mailTypeForward = isset($_POST['account_type']) && in_array($_POST['account_type'], array('2', '3'));
if (!$mailTypeNormal && !$mailTypeForward) {
showBadRequestErrorPage();
}
$mailAddr = $mailData['mail_addr'];
if ($mailTypeNormal) {
// Check for pasword
$password = clean_input($_POST['password']);
$password_rep = clean_input($_POST['password_rep']);
if ($mailData['mail_pass'] == '_no_' || $password != '' || $password_rep != '') {
if ($password == '') {
set_page_message(tr('Password is missing.'), 'error');
return false;
} elseif ($password_rep == '') {
set_page_message(tr('You must confirm your password.'), 'error');
return false;
} elseif ($password !== $password_rep) {
set_page_message(tr("Passwords do not match."), 'error');
return false;
} elseif (!checkPasswordSyntax($password)) {
return false;
}
} else {
$password = $mailData['mail_pass'];
}
// Check for quota
$quota = clean_input($_POST['quota']);
if (is_number($quota)) {
$quota *= 1048576;
// MiB to Bytes
if ($mainDmnProps['mail_quota'] != '0') {
if ($quota == '0') {
set_page_message(tr('Incorrect Email quota.'), 'error');
return false;
}
$stmt = exec_query('SELECT SUM(`quota`) AS `quota` FROM `mail_users` WHERE `domain_id` = ? AND `quota` IS NOT NULL', $mainDmnProps['domain_id']);
$quotaLimit = floor($mainDmnProps['mail_quota'] - ($stmt->fields['quota'] - $mailData['quota']));
if ($quota > $quotaLimit) {
set_page_message(tr('Email quota cannot be bigger than %s', bytesHuman($quotaLimit, 'MiB')), 'error');
return false;
}
}
} else {
set_page_message(tr('Email quota must be a number.'), 'error');
return false;
}
switch ($domainType) {
case 'normal':
$mailType = MT_NORMAL_MAIL;
break;
case 'subdom':
$mailType = MT_SUBDOM_MAIL;
break;
case 'alias':
$mailType = MT_ALIAS_MAIL;
break;
case 'alssub':
$mailType = MT_ALSSUB_MAIL;
}
}
if ($mailTypeForward) {
// Check forward list
$forwardList = clean_input($_POST['forward_list']);
if ($forwardList == '') {
set_page_message(tr('Forward list is empty.'), 'error');
return false;
}
$forwardList = preg_split("/[\n,]+/", $forwardList);
foreach ($forwardList as $key => &$forwardEmailAddr) {
$forwardEmailAddr = encode_idna(trim($forwardEmailAddr));
if ($forwardEmailAddr == '') {
unset($forwardList[$key]);
} elseif (!chk_email($forwardEmailAddr)) {
set_page_message(tr('Wrong mail syntax in forward list.'), 'error');
return false;
} elseif ($forwardEmailAddr == $mailAddr) {
set_page_message(tr('You cannot forward %s on itself.', $mailAddr), 'error');
return false;
}
}
$forwardList = implode(',', array_unique($forwardList));
switch ($domainType) {
case 'normal':
$mailType .= ($mailType != '' ? ',' : '') . MT_NORMAL_FORWARD;
break;
case 'subdom':
$mailType .= ($mailType != '' ? ',' : '') . MT_SUBDOM_FORWARD;
break;
case 'alias':
$mailType .= ($mailType != '' ? ',' : '') . MT_ALIAS_FORWARD;
break;
case 'alssub':
$mailType .= ($mailType != '' ? ',' : '') . MT_ALSSUB_FORWARD;
}
}
// Update mail account into database
iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onBeforeEditMail, array('mailId' => $mailData['mail_id']));
$query = '
UPDATE
`mail_users`
SET
`mail_pass` = ?, `mail_forward` = ?, `mail_type` = ?, `status` = ?, `quota` = ?
WHERE
`mail_id` = ?
';
exec_query($query, array($password, $forwardList, $mailType, 'tochange', $quota, $mailData['mail_id']));
iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onAfterEditMail, array('mailId' => $mailData['mail_id']));
// Schedule mail account addition
send_request();
write_log("{$_SESSION['user_logged']}: Updated Email account: {$mailAddr}", E_USER_NOTICE);
set_page_message(tr('Email account successfully scheduled for update.'), 'success');
} else {
showBadRequestErrorPage();
}
return true;
}
if (!$stmt->rowCount()) {
set_page_message(tr('You do not have databases.'), 'static_info');
$tpl->assign('SQL_DATABASES_USERS_LIST', '');
} else {
while ($row = $stmt->fetchRow(PDO::FETCH_ASSOC)) {
$tpl->assign(array('DB_ID' => $row['sqld_id'], 'DB_NAME' => tohtml($row['sqld_name']), 'DB_NAME_JS' => tojs($row['sqld_name'])));
_client_generateDatabaseSqlUserList($tpl, $row['sqld_id']);
$tpl->parse('SQL_DATABASES_LIST', '.sql_databases_list');
}
}
}
/***********************************************************************************************************************
* Main
*/
require_once 'imscp-lib.php';
iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onClientScriptStart);
check_login('user');
customerHasFeature('sql') or showBadRequestErrorPage();
$domainProperties = get_domain_default_props($_SESSION['user_id']);
/** @var $cfg iMSCP_Config_Handler_File */
$cfg = iMSCP_Registry::get('config');
$tpl = new iMSCP_pTemplate();
$tpl->define_dynamic(array('layout' => 'shared/layouts/ui.tpl', 'page' => 'client/sql_manage.tpl', 'page_message' => 'layout', 'sql_databases_users_list' => 'page', 'sql_databases_list' => 'sql_databases_users_list', 'sql_users_list' => 'sql_databases_list'));
$tpl->assign(array('TR_PAGE_TITLE' => tr('Client / Databases / Overview'), 'TR_MANAGE_SQL' => tr('Manage SQL'), 'TR_DELETE' => tr('Delete'), 'TR_DATABASE' => tr('Database Name and Users'), 'TR_CHANGE_PASSWORD' => tr('Update password'), 'TR_ACTIONS' => tr('Actions'), 'TR_PHPMYADMIN' => tr('phpMyAdmin'), 'TR_DATABASE_USERS' => tr('Database users'), 'TR_ADD_USER' => tr('Add SQL user'), 'TR_LOGIN_PMA' => tr('Login into phpMyAdmin'), 'TR_DATABASE_MESSAGE_DELETE' => tr("This database will be permanently deleted. This process cannot be recovered. All users linked to this database will also be deleted if not linked to another database. Are you sure you want to delete the '%s' database?", '%s'), 'TR_USER_MESSAGE_DELETE' => tr("Are you sure you want delete the %s SQL user?", '%s')));
generateNavigation($tpl);
client_databasesList($tpl, $domainProperties['domain_id']);
generatePageMessage($tpl);
$tpl->parse('LAYOUT_CONTENT', 'page');
iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onClientScriptEnd, array('templateEngine' => $tpl));
$tpl->prnt();
unsetMessages();
/**
* Edit domain alias
*
* @return bool TRUE on success, FALSE on failure
*/
function client_editDomainAlias()
{
if (isset($_GET['id'])) {
$domainAliasId = clean_input($_GET['id']);
if ($domainAliasData = _client_getAliasData($domainAliasId)) {
// Check for URL forwarding option
$forwardUrl = 'no';
if (isset($_POST['url_forwarding']) && $_POST['url_forwarding'] == 'yes') {
// We are safe here
if (isset($_POST['forward_url_scheme']) && isset($_POST['forward_url'])) {
$forwardUrl = clean_input($_POST['forward_url_scheme']) . clean_input($_POST['forward_url']);
try {
try {
$uri = iMSCP_Uri_Redirect::fromString($forwardUrl);
} catch (Zend_Uri_Exception $e) {
throw new iMSCP_Exception(tr('Forward URL %s is not valid.', "<strong>{$forwardUrl}</strong>"));
}
$uri->setHost(encode_idna($uri->getHost()));
if ($uri->getHost() == $domainAliasData['alias_name'] && $uri->getPath() == '/') {
throw new iMSCP_Exception(tr('Forward URL %s is not valid.', "<strong>{$forwardUrl}</strong>") . ' ' . tr('Domain alias %s cannot be forwarded on itself.', "<strong>{$domainAliasData['alias_name_utf8']}</strong>"));
}
$forwardUrl = $uri->getUri();
} catch (Exception $e) {
set_page_message($e->getMessage(), 'error');
return false;
}
} else {
showBadRequestErrorPage();
}
}
iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onBeforeEditDomainAlias, array('domainAliasId' => $domainAliasId));
exec_query('UPDATE `domain_aliasses` SET `url_forward` = ?, `alias_status` = ? WHERE `alias_id` = ?', array($forwardUrl, 'tochange', $domainAliasId));
iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onAfterEditDomainALias, array('domainAliasId' => $domainAliasId));
send_request();
write_log("{$_SESSION['user_logged']}: scheduled update of domain alias: {$domainAliasData['alias_name_utf8']}.", E_USER_NOTICE);
} else {
showBadRequestErrorPage();
}
} else {
showBadRequestErrorPage();
}
return true;
}
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
// Include core library
require 'imscp-lib.php';
iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onResellerScriptStart);
check_login('reseller');
resellerHasFeature('aps') or showBadRequestErrorPage();
/** @var $cfg iMSCP_Config_Handler_File */
$cfg = iMSCP_Registry::get('config');
if (isset($_GET['id']) and is_numeric($_GET['id'])) {
$query = "\n\t\tSELECT\n\t\t\t`software_id`,\n\t\t\t`software_archive`,\n\t\t\t`software_depot`\n\t\tFROM\n\t\t\t`web_software`\n\t\tWHERE\n\t\t\t`software_id` = ?\n\t\tAND\n\t\t\t`reseller_id` = ?\n\t";
$rs = exec_query($query, array($_GET['id'], $_SESSION['user_id']));
if ($rs->recordCount() != 1) {
set_page_message(tr('Wrong software id.'), 'error');
redirectTo('software_upload.php');
} else {
if ($rs->fields['software_depot'] == "no") {
$del_path = $cfg->GUI_APS_DIR . "/" . $_SESSION['user_id'] . "/" . $rs->fields['software_archive'] . "-" . $rs->fields['software_id'] . ".tar.gz";
@unlink($del_path);
}
$update = "\n\t\t\tUPDATE\n\t\t\t\t`web_software_inst`\n\t\t\tSET\n\t\t\t\t`software_res_del` = 1\n\t\t\tWHERE\n\t\t\t\t`software_id` = ?\n\t\t";
$res = exec_query($update, $rs->fields['software_id']);
/**
* Generate reseller domain search form
*
* @param iMSCP_pTemplate $tpl
* @param string $searchFor
* @param string $searchCommon
* @param string $searchStatus
* @return void
*/
function gen_manage_domain_search_options($tpl, $searchFor, $searchCommon, $searchStatus)
{
$cfg = iMSCP_Registry::get('config');
$htmlSelected = $cfg['HTML_SELECTED'];
if ($searchFor === 'n/a' && $searchCommon === 'n/a' && $searchStatus === 'n/a') {
// we have no search and let's genarate search fields empty
$domainSelected = $htmlSelected;
$customerIdSelected = '';
$lastnameSelected = '';
$companySelected = '';
$citySelected = '';
$stateSelected = '';
$countrySelected = '';
$allSelected = $htmlSelected;
$okSelected = '';
$suspendedSelected = '';
} else {
if ($searchCommon === 'domain_name') {
$domainSelected = $htmlSelected;
$customerIdSelected = '';
$lastnameSelected = '';
$companySelected = '';
$citySelected = '';
$stateSelected = '';
$countrySelected = '';
} elseif ($searchCommon === 'customer_id') {
$domainSelected = '';
$customerIdSelected = $htmlSelected;
$lastnameSelected = '';
$companySelected = '';
$citySelected = '';
$stateSelected = '';
$countrySelected = '';
} elseif ($searchCommon === 'lname') {
$domainSelected = '';
$customerIdSelected = '';
$lastnameSelected = $htmlSelected;
$companySelected = '';
$citySelected = '';
$stateSelected = '';
$countrySelected = '';
} elseif ($searchCommon === 'firm') {
$domainSelected = '';
$customerIdSelected = '';
$lastnameSelected = '';
$companySelected = $htmlSelected;
$citySelected = '';
$stateSelected = '';
$countrySelected = '';
} elseif ($searchCommon === 'city') {
$domainSelected = '';
$customerIdSelected = '';
$lastnameSelected = '';
$companySelected = '';
$citySelected = $htmlSelected;
$stateSelected = '';
$countrySelected = '';
} elseif ($searchCommon === 'state') {
$domainSelected = '';
$customerIdSelected = '';
$lastnameSelected = '';
$companySelected = '';
$citySelected = '';
$stateSelected = $htmlSelected;
$countrySelected = '';
} elseif ($searchCommon === 'country') {
$domainSelected = '';
$customerIdSelected = '';
$lastnameSelected = '';
$companySelected = '';
$citySelected = '';
$stateSelected = '';
$countrySelected = $htmlSelected;
} else {
showBadRequestErrorPage();
exit;
}
if ($searchStatus === 'all') {
$allSelected = $htmlSelected;
$okSelected = '';
$suspendedSelected = '';
} else {
if ($searchStatus === 'ok') {
$allSelected = '';
$okSelected = $htmlSelected;
$suspendedSelected = '';
} else {
if ($searchStatus === 'disabled') {
$allSelected = '';
$okSelected = '';
$suspendedSelected = $htmlSelected;
} else {
showBadRequestErrorPage();
exit;
}
}
}
}
if ($searchFor === 'n/a' || $searchFor === '') {
$tpl->assign('SEARCH_FOR', '');
} else {
$tpl->assign('SEARCH_FOR', tohtml($searchFor));
}
$tpl->assign(array('M_DOMAIN_NAME' => tr('Domain name'), 'M_CUSTOMER_ID' => tr('Customer ID'), 'M_LAST_NAME' => tr('Last name'), 'M_COMPANY' => tr('Company'), 'M_CITY' => tr('City'), 'M_STATE' => tr('State/Province'), 'M_COUNTRY' => tr('Country'), 'M_ALL' => tr('All'), 'M_OK' => tr('OK'), 'M_SUSPENDED' => tr('Suspended'), 'M_ERROR' => tr('Error'), 'M_DOMAIN_NAME_SELECTED' => $domainSelected, 'M_CUSTOMER_ID_SELECTED' => $customerIdSelected, 'M_LAST_NAME_SELECTED' => $lastnameSelected, 'M_COMPANY_SELECTED' => $companySelected, 'M_CITY_SELECTED' => $citySelected, 'M_STATE_SELECTED' => $stateSelected, 'M_COUNTRY_SELECTED' => $countrySelected, 'M_ALL_SELECTED' => $allSelected, 'M_OK_SELECTED' => $okSelected, 'M_SUSPENDED_SELECTED' => $suspendedSelected));
}
/**
* Returns reseller data
*
* @param int $resellerId Domain unique identifier
* @param bool $forUpdate Tell whether or not data are fetched for update
* @return array Reference to array of data
*/
function &admin_getData($resellerId, $forUpdate = false)
{
static $data = null;
if (null !== $data) {
return $data;
}
$stmt = exec_query('
SELECT t1.*, t2.* FROM admin AS t1 INNER JOIN reseller_props AS t2 ON(t2.reseller_id = t1.admin_id)
WHERE t1.admin_id = ?
', $resellerId);
if (!$stmt->rowCount()) {
showBadRequestErrorPage();
}
$data = $stmt->fetchRow();
// Getting total number of consumed items for the given reseller.
list($data['nbDomains'], , , $data['nbSubdomains'], , $data['unlimitedSubdomains'], $data['nbDomainAliases'], , $data['unlimitedDomainAliases'], $data['nbMailAccounts'], , $data['unlimitedMailAccounts'], $data['nbFtpAccounts'], , $data['unlimitedFtpAccounts'], $data['nbSqlDatabases'], , $data['unlimitedSqlDatabases'], $data['nbSqlUsers'], , $data['unlimitedSqlUsers'], $data['totalTraffic'], , $data['unlimitedTraffic'], $data['totalDiskspace'], , $data['unlimitedDiskspace']) = generate_reseller_users_props($resellerId);
$data['password'] = '';
$data['password_confirmation'] = '';
// Ip data begin
// Fetch server ip list
$stmt = exec_query('SELECT ip_id, ip_number FROM server_ips ORDER BY ip_number');
if (!$stmt->rowCount()) {
set_page_message(tr('Unable to get the IP address list. Please fix this problem.'), 'error');
redirectTo('manage_users.php');
}
$data['server_ips'] = $stmt->fetchAll();
// Convert reseller ip list to array
$data['reseller_ips'] = explode(';', trim($data['reseller_ips'], ';'));
// Fetch all ip id used by reseller's customers
$stmt = exec_query('SELECT DISTINCT domain_ip_id FROM domain INNER JOIN admin ON(admin_id = domain_admin_id) WHERE created_by = ?', $resellerId);
if ($stmt->rowCount()) {
$data['used_ips'] = $stmt->fetchAll(PDO::FETCH_COLUMN);
} else {
$data['used_ips'] = array();
}
$fallbackData = array();
foreach ($data as $key => $value) {
$fallbackData["fallback_{$key}"] = $value;
}
$data = array_merge($data, $fallbackData);
$phpini = iMSCP_PHPini::getInstance();
$data['php_ini_system'] = $phpini->getResellerPermission('phpiniSystem');
$data['php_ini_al_disable_functions'] = $phpini->getResellerPermission('phpiniDisableFunctions');
$data['php_ini_al_mail_function'] = $phpini->getResellerPermission('phpiniMailFunction');
$data['php_ini_al_allow_url_fopen'] = $phpini->getResellerPermission('phpiniAllowUrlFopen');
$data['php_ini_al_display_errors'] = $phpini->getResellerPermission('phpiniDisplayErrors');
$data['post_max_size'] = $phpini->getResellerPermission('phpiniPostMaxSize');
$data['upload_max_filesize'] = $phpini->getResellerPermission('phpiniUploadMaxFileSize');
$data['max_execution_time'] = $phpini->getResellerPermission('phpiniMaxExecutionTime');
$data['max_input_time'] = $phpini->getResellerPermission('phpiniMaxInputTime');
$data['memory_limit'] = $phpini->getResellerPermission('phpiniMemoryLimit');
if (!$forUpdate) {
return $data;
}
foreach (array('password', 'password_confirmation', 'fname', 'lname', 'gender', 'firm', 'zip', 'city', 'state', 'country', 'email', 'phone', 'fax', 'street1', 'street2', 'max_dmn_cnt', 'max_sub_cnt', 'max_als_cnt', 'max_mail_cnt', 'max_ftp_cnt', 'max_sql_db_cnt', 'max_sql_user_cnt', 'max_traff_amnt', 'max_disk_amnt', 'software_allowed', 'softwaredepot_allowed', 'websoftwaredepot_allowed', 'support_system', 'customer_id') as $key) {
if (isset($_POST[$key])) {
$data[$key] = clean_input($_POST[$key]);
}
}
if (isset($_POST['reseller_ips']) && is_array($data['reseller_ips'])) {
foreach ($_POST['reseller_ips'] as $key => $value) {
$_POST['reseller_ips'][$key] = clean_input($value);
}
$data['reseller_ips'] = $_POST['reseller_ips'];
} else {
// We are safe here
$data['reseller_ips'] = array();
}
if (isset($_POST['php_ini_system'])) {
$data['php_ini_system'] = clean_input($_POST['php_ini_system']);
}
if (isset($_POST['php_ini_al_disable_functions'])) {
$data['php_ini_al_disable_functions'] = clean_input($_POST['php_ini_al_disable_functions']);
}
if (isset($_POST['php_ini_al_mail_function'])) {
$data['php_ini_al_mail_function'] = clean_input($_POST['php_ini_al_mail_function']);
}
if (isset($_POST['php_ini_al_allow_url_fopen'])) {
$data['php_ini_al_allow_url_fopen'] = clean_input($_POST['php_ini_al_allow_url_fopen']);
}
if (isset($_POST['php_ini_al_display_errors'])) {
$data['php_ini_al_display_errors'] = clean_input($_POST['php_ini_al_display_errors']);
}
if (isset($_POST['post_max_size'])) {
$data['post_max_size'] = clean_input($_POST['post_max_size']);
}
if (isset($_POST['upload_max_filesize'])) {
$data['upload_max_filesize'] = clean_input($_POST['upload_max_filesize']);
}
if (isset($_POST['max_execution_time'])) {
$data['max_execution_time'] = clean_input($_POST['max_execution_time']);
}
if (isset($_POST['max_input_time'])) {
$data['max_input_time'] = clean_input($_POST['max_input_time']);
}
if (isset($_POST['memory_limit'])) {
$data['memory_limit'] = clean_input($_POST['memory_limit']);
}
return $data;
}
*/
function scheduleBackupRestoration($userId)
{
exec_query("UPDATE `domain` SET `domain_status` = ? WHERE `domain_admin_id` = ?", array('torestore', $userId));
send_request();
write_log($_SESSION['user_logged'] . ": scheduled backup restoration.", E_USER_NOTICE);
set_page_message(tr('Backup has been successfully scheduled for restoration.'), 'success');
}
/***********************************************************************************************************************
* Main
*/
// Include core library
require_once 'imscp-lib.php';
iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onClientScriptStart);
check_login('user');
customerHasFeature('backup') or showBadRequestErrorPage();
if (isset($_POST['uaction']) && $_POST['uaction'] == 'bk_restore') {
scheduleBackupRestoration($_SESSION['user_id']);
}
/** @var $cfg iMSCP_Config_Handler_File */
$cfg = iMSCP_Registry::get('config');
$tpl = new iMSCP_pTemplate();
$tpl->define_dynamic(array('layout' => 'shared/layouts/ui.tpl', 'page' => 'client/backup.tpl', 'page_message' => 'layout'));
if ($cfg->ZIP == 'gzip') {
$name = '.*-backup-%Y.%m.%d-%H-%M.tar..tar.gz';
} else {
if ($cfg->ZIP == 'bzip2' || $cfg->ZIP == 'pbzip2') {
$name = '.*-backup-%Y.%m.%d-%H-%M.tar.tar.bz2';
} else {
$name = '.*-backup-%Y.%m.%d-%H-%M.tar.lzma';
}
/**
* Validates a service port and sets an appropriate message on error.
*
* @param string $name Service name
* @param string $ip Ip address
* @param int $port Port
* @param string $protocol Protocle
* @param bool $show Tell whether or not service must be show on status page
* @param string $index Item index on update, empty value otherwise
* @return bool TRUE if valid, FALSE otherwise
*/
function admin_validatesService($name, $ip, $port, $protocol, $show, $index = '')
{
/** @var $dbConfig iMSCP_Config_Handler_Db */
$dbConfig = iMSCP_Registry::get('dbConfig');
// Get a reference to the array that contain all error fields ids
$errorFieldsIds =& iMSCP_Registry::get('errorFieldsIds');
$dbServiceName = "PORT_{$name}";
$ip = $ip == 'localhost' ? '127.0.0.1' : $ip;
// Check for service name syntax
if (!is_basicString($name)) {
set_page_message(tr("Error with '{$name}': Only letters, numbers, dash and underscore are allowed for services names."), 'error');
$errorFieldsIds[] = "name{$index}";
}
// Check for IP syntax
if (filter_var($ip, FILTER_VALIDATE_IP) === false) {
set_page_message(tr(' Wrong IP address.'), 'error');
$errorFieldsIds[] = "ip{$index}";
}
// Check for port syntax
if (!is_number($port) || $port < 1 || $port > 65535) {
set_page_message(tr('Only numbers in range from 0 to 65535 are allowed.'), 'error');
$errorFieldsIds[] = "port{$index}";
}
// Check for service port existences
if (!is_int($index) && isset($dbConfig[$dbServiceName])) {
set_page_message(tr('Service name already exists.'), 'error');
$errorFieldsIds[] = "name{$index}";
}
// Check for protocol and show option
if ($protocol != 'tcp' && $protocol != 'udp' || $show != '0' && $show != '1') {
showBadRequestErrorPage();
}
return Zend_Session::namespaceIsset('pageMessages') ? false : true;
}
/**
* Check if menu is valid.
*
* @param string $menuName Menu name
* @param string $menuLink Menu link
* @param string $menuTarget Menu target
* @param string $menuLevel Menu level
* @param int $menuOrder Menu order
* @return bool TRUE if menu data are valid, FALSE otherwise
*/
function admin_isValidMenu($menuName, $menuLink, $menuTarget, $menuLevel, $menuOrder)
{
$errorFieldsStack = array();
if (empty($menuName)) {
set_page_message(tr('Invalid name.'), 'error');
$errorFieldsStack[] = 'menu_name';
}
if (empty($menuLink) || !filter_var($menuLink, FILTER_VALIDATE_URL, FILTER_FLAG_SCHEME_REQUIRED | FILTER_FLAG_HOST_REQUIRED)) {
set_page_message(tr('Invalid URL.'), 'error');
$errorFieldsStack[] = 'menu_link';
}
if (!empty($menuTarget) && !in_array($menuTarget, array('_blank', '_parent', '_self', '_top'))) {
set_page_message(tr('Invalid target.'), 'error');
$errorFieldsStack[] = 'menu_target';
}
if (!in_array($menuLevel, array('A', 'R', 'C', 'AR', 'AC', 'RC', 'ARC'))) {
showBadRequestErrorPage();
}
if (!empty($menuOrder) && !is_numeric($menuOrder)) {
set_page_message(tr('Invalid menu order.'), 'error');
$errorFieldsStack[] = 'menu_order';
}
if (Zend_Session::namespaceIsset('pageMessages')) {
iMSCP_Registry::set('errorFieldsStack', $errorFieldsStack);
return false;
}
return true;
}
* Portions created by the i-MSCP Team are Copyright (C) 2010-2016 by
* i-MSCP - internet Multi Server Control Panel. All Rights Reserved.
*/
/***********************************************************************************************************************
* Main
*/
require_once 'imscp-lib.php';
iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onClientScriptStart);
check_login('user');
if (!customerHasFeature('domain_aliases') || !isset($_GET['id'])) {
showBadRequestErrorPage();
}
$id = clean_input($_GET['id']);
$stmt = exec_query("\n SELECT\n t1.subdomain_alias_id, CONCAT(t1.subdomain_alias_name, '.', t2.alias_name) AS subdomain_alias_name\n FROM\n subdomain_alias AS t1\n INNER JOIN\n domain_aliasses AS t2 ON (t2.alias_id = t1.alias_id)\n WHERE\n t2.domain_id = ?\n AND\n t1.subdomain_alias_id = ?\n ", array(get_user_domain_id($_SESSION['user_id']), $id));
if (!$stmt->rowCount()) {
showBadRequestErrorPage();
}
$row = $stmt->fetchRow(PDO::FETCH_ASSOC);
$name = $row['subdomain_alias_name'];
$stmt = exec_query('SELECT mail_id FROM mail_users WHERE (mail_type LIKE ? OR mail_type = ?) AND sub_id = ? LIMIT 1', array(MT_ALSSUB_MAIL . '%', MT_ALSSUB_FORWARD, $id));
if ($stmt->rowCount()) {
set_page_message(tr('Subdomain you are trying to remove has email accounts. Please remove them first.'), 'error');
redirectTo('domains_manage.php');
}
$stmt = exec_query('SELECT userid FROM ftp_users WHERE userid LIKE ? LIMIT 1', "%@{$name}");
if ($stmt->rowCount()) {
set_page_message(tr('Subdomain alias you are trying to remove has Ftp accounts. Please remove them first.'), 'error');
redirectTo('domains_manage.php');
}
iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onBeforeDeleteSubdomain, array('subdomainId' => $id, 'subdomainName' => $name, 'type' => 'alssub'));
$db = iMSCP_Database::getInstance();
write_log("{$admin_login}: added new htaccess user: {$uname}", E_USER_NOTICE);
redirectTo('protected_user_manage.php');
} else {
set_page_message(tr('This htaccess user already exist.'), 'error');
return;
}
}
} else {
return;
}
}
/******************************************************************************
* Main script
*/
// Include core library
require_once 'imscp-lib.php';
iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onClientScriptStart);
check_login('user');
customerHasFeature('protected_areas') or showBadRequestErrorPage();
/** @var $cfg iMSCP_Config_Handler_File */
$cfg = iMSCP_Registry::get('config');
$tpl = new iMSCP_pTemplate();
$tpl->define_dynamic(array('layout' => 'shared/layouts/ui.tpl', 'page' => 'client/puser_uadd.tpl', 'page_message' => 'layout', 'usr_msg' => 'page', 'grp_msg' => 'page', 'pusres' => 'page', 'pgroups' => 'page'));
$tpl->assign(array('TR_PAGE_TITLE' => tr('Client / Webtools / Protected Areas / Manage Users and Groups / Add User'), 'TR_HTACCESS_USER' => tr('Htaccess user'), 'TR_USERS' => tr('User'), 'TR_USERNAME' => tr('Username'), 'TR_PASSWORD' => tr('Password'), 'TR_PASSWORD_REPEAT' => tr('Repeat password'), 'TR_ADD_USER' => tr('Add'), 'TR_CANCEL' => tr('Cancel')));
generateNavigation($tpl);
client_addHtaccessUser(get_user_domain_id($_SESSION['user_id']));
generatePageMessage($tpl);
$tpl->parse('LAYOUT_CONTENT', 'page');
iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onClientScriptEnd, array('templateEngine' => $tpl));
$tpl->prnt();
unsetMessages();
/**
* Generate page
*
* @param iMSCP_pTemplate $tpl Template engine
* @param iMSCP_PHPini $phpini PHP editor instance
* @param iMSCP_Config_Handler_File $config Configuration handler
* @param string $configLevel PHP configuration level
* @return void
*/
function generatePage($tpl, $phpini, $config, $configLevel)
{
$mainDmnId = get_user_domain_id($_SESSION['user_id']);
if (isset($_GET['domain_id']) && isset($_GET['domain_type'])) {
$dmnId = intval($_GET['domain_id']);
$dmnType = clean_input($_GET['domain_type']);
} else {
$dmnId = $mainDmnId;
$dmnType = 'dmn';
}
if ($configLevel == 'per_user' && $dmnType != 'dmn' || $configLevel == 'per_domain' && !in_array($dmnType, array('dmn', 'als'))) {
showBadRequestErrorPage();
}
$dmnsData = getDomainData($configLevel);
$knowDomain = false;
foreach ($dmnsData as $dmnData) {
if ($dmnData['domain_id'] == $dmnId && $dmnData['domain_type'] == $dmnType) {
$knowDomain = true;
}
}
if (!$knowDomain) {
showBadRequestErrorPage();
}
$phpini->loadDomainIni($_SESSION['user_id'], $dmnId, $dmnType);
if ($configLevel != 'per_user') {
foreach ($dmnsData as $dmnData) {
$tpl->assign(array('DOMAIN_ID' => tohtml($dmnData['domain_id'], 'htmlAttr'), 'DOMAIN_TYPE' => tohtml($dmnData['domain_type'], 'htmlAttr'), 'DOMAIN_NAME_UNICODE' => tohtml(decode_idna($dmnData['domain_name'])), 'SELECTED' => $dmnData['domain_id'] == $dmnId && $dmnData['domain_type'] == $dmnType ? ' selected' : ''));
$tpl->parse('DOMAIN_NAME_BLOCK', '.domain_name_block');
}
$tpl->assign('DOMAIN_TYPE', $dmnType);
} else {
$tpl->assign('DOMAIN_LIST_BLOCK', '');
}
if (!$phpini->clientHasPermission('phpiniAllowUrlFopen')) {
$tpl->assign('ALLOW_URL_FOPEN_BLOCK', '');
} else {
$tpl->assign(array('TR_ALLOW_URL_FOPEN' => tr('Allow URL fopen'), 'ALLOW_URL_FOPEN_ON' => $phpini->getDomainIni('phpiniAllowUrlFopen') == 'on' ? ' checked' : '', 'ALLOW_URL_FOPEN_OFF' => $phpini->getDomainIni('phpiniAllowUrlFopen') == 'off' ? ' checked' : ''));
}
if (!$phpini->clientHasPermission('phpiniDisplayErrors')) {
$tpl->assign('DISPLAY_ERRORS_BLOCK', '');
} else {
$tpl->assign(array('TR_DISPLAY_ERRORS' => tr('Display errors'), 'DISPLAY_ERRORS_ON' => $phpini->getDomainIni('phpiniDisplayErrors') == 'on' ? ' checked' : '', 'DISPLAY_ERRORS_OFF' => $phpini->getDomainIni('phpiniDisplayErrors') == 'off' ? ' checked' : ''));
}
if (!$phpini->clientHasPermission('phpiniDisplayErrors') || $config['HTTPD_SERVER'] == 'apache_itk') {
$tpl->assign('ERROR_REPORTING_BLOCK', '');
} else {
$errorReporting = $phpini->getDomainIni('phpiniErrorReporting');
$tpl->assign(array('TR_ERROR_REPORTING' => tohtml(tr('Error reporting')), 'TR_ERROR_REPORTING_DEFAULT' => tohtml(tr('All errors, except E_NOTICES, E_STRICT AND E_DEPRECATED (Default)'), 'htmlAttr'), 'TR_ERROR_REPORTING_DEVELOPEMENT' => tohtml(tr('All errors (Development)'), 'htmlAttr'), 'TR_ERROR_REPORTING_PRODUCTION' => tohtml(tr('All errors, except E_DEPRECATED and E_STRICT (Production)'), 'htmlAttr'), 'ERROR_REPORTING_0' => $errorReporting == 'E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED' ? ' selected' : '', 'ERROR_REPORTING_1' => $errorReporting == 'E_ALL & ~E_DEPRECATED & ~E_STRICT' ? ' selected' : '', 'ERROR_REPORTING_2' => $errorReporting == '-1' ? ' selected' : ''));
}
if ($config['HTTPD_SERVER'] == 'apache_itk' || !$phpini->clientHasPermission('phpiniDisableFunctions')) {
$tpl->assign(array('DISABLE_FUNCTIONS_BLOCK' => '', 'DISABLE_EXEC_BLOCK' => ''));
} elseif ($phpini->getClientPermission('phpiniDisableFunctions') == 'exec') {
$disableFunctions = explode(',', $phpini->getDomainIni('phpiniDisableFunctions'));
$execYes = in_array('exec', $disableFunctions) ? false : true;
$tpl->assign(array('TR_DISABLE_FUNCTIONS_EXEC' => tohtml(tr('PHP exec() function')), 'TR_EXEC_HELP' => tohtml(tr("When set to 'yes', your PHP scripts can call the PHP exec() function."), 'htmlAttr'), 'EXEC_YES' => $execYes ? ' checked' : '', 'EXEC_NO' => $execYes ? '' : ' checked', 'DISABLE_FUNCTIONS_BLOCK' => ''));
} else {
$disableableFunctions = array('EXEC', 'PASSTHRU', 'PHPINFO', 'POPEN', 'PROC_OPEN', 'SHOW_SOURCE', 'SYSTEM', 'SHELL', 'SHELL_EXEC', 'SYMLINK');
if ($phpini->clientHasPermission('phpiniMailFunction')) {
$disableableFunctions[] = 'MAIL';
} else {
$tpl->assign('MAIL_FUNCTION_BLOCK', '');
}
$disabledFunctions = explode(',', $phpini->getDomainIni('phpiniDisableFunctions'));
foreach ($disableableFunctions as $function) {
$tpl->assign($function, in_array(strtolower($function), $disabledFunctions, true) ? ' checked' : '');
}
$tpl->assign(array('TR_DISABLE_FUNCTIONS' => tohtml(tr('Disabled functions')), 'DISABLE_EXEC_BLOCK' => ''));
}
$tpl->assign(array('TR_PHP_SETTINGS' => tohtml(tr('PHP Settings')), 'TR_YES' => tohtml(tr('Yes')), 'TR_NO' => tohtml(tr('No'))));
}
*
* Portions created by the ispCP Team are Copyright (C) 2006-2010 by
* isp Control Panel. All Rights Reserved.
*
* Portions created by the i-MSCP Team are Copyright (C) 2010-2015 by
* i-MSCP - internet Multi Server Control Panel. All Rights Reserved.
*/
/************************************************************************************
* Main script
*/
// Include core library
require_once 'imscp-lib.php';
require_once LIBRARY_PATH . '/Functions/Tickets.php';
iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onResellerScriptStart);
check_login('reseller');
resellerHasFeature('support') or showBadRequestErrorPage();
/** @var $cfg iMSCP_Config_Handler_File */
$cfg = iMSCP_Registry::get('config');
$userId = $_SESSION['user_id'];
// Checks if support ticket system is activated and if the reseller can access to it
if (!hasTicketSystem($userId)) {
redirectTo('index.php');
} elseif (isset($_GET['ticket_id']) && !empty($_GET['ticket_id'])) {
reopenTicket((int) $_GET['ticket_id']);
}
if (isset($_GET['psi'])) {
$start = $_GET['psi'];
} else {
$start = 0;
}
$tpl = new iMSCP_pTemplate();
default:
$actions = tr('n\\a');
}
$row['actions'] = $actions;
$output['aaData'][] = $row;
}
return $output;
}
/***********************************************************************************************************************
* Main
*/
// Include core library
require 'imscp-lib.php';
iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onResellerScriptStart);
check_login('reseller');
resellerHasFeature('domain_aliases') or showBadRequestErrorPage();
if (is_xhr()) {
header('Cache-Control: no-cache, must-revalidate');
header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
header('Content-type: application/json');
header('Status: 200 OK');
echo json_encode(reseller_getDatatable());
exit;
}
/** @var $tpl iMSCP_pTemplate */
$tpl = new iMSCP_pTemplate();
$tpl->define_dynamic(array('layout' => 'shared/layouts/ui.tpl', 'page' => 'reseller/alias.tpl', 'page_message' => 'layout', 'als_add_button' => 'page'));
$tpl->assign(array('TR_PAGE_TITLE' => tr('Reseller / Customers / Domain Aliases'), 'TR_ALIAS_NAME' => tr('Domain alias name'), 'TR_MOUNT_POINT' => tr('Mount point'), 'TR_FORWARD_URL' => tr('Forward URL'), 'TR_STATUS' => tr('Status'), 'TR_CUSTOMER' => tr('Customer'), 'TR_ACTIONS' => tr('Actions'), 'TR_ADD_DOMAIN_ALIAS' => tr('Add domain alias'), 'TR_MESSAGE_DELETE_ALIAS' => tr('Are you sure you want to delete the %s domain alias?', '%s'), 'TR_MESSAGE_DELETE_ALIAS_ORDER' => tr('Are you sure you want to delete the %s domain alias order?', '%s'), 'TR_PROCESSING_DATA' => tr('Processing...')));
iMSCP_Events_Aggregator::getInstance()->registerListener('onGetJsTranslations', function ($e) {
/** @var $e \iMSCP_Events_Event */
$e->getParam('translations')->core['dataTable'] = getDataTablesPluginTranslations(false);
/**
* Add new domain alias
*
* @return bool TRUE on success, FALSE on failure
*/
function addDomainAlias()
{
global $mainDmnProps;
// Basic check
if (empty($_POST['domain_alias_name'])) {
set_page_message(tr('You must enter a domain alias name.'), 'error');
return false;
}
$domainAliasName = clean_input(strtolower($_POST['domain_alias_name']));
// Check for domain alias name syntax
global $dmnNameValidationErrMsg;
if (!isValidDomainName($domainAliasName)) {
set_page_message($dmnNameValidationErrMsg, 'error');
return false;
}
// www is considered as an alias of the domain alias
while (strpos($domainAliasName, 'www.') !== false) {
$domainAliasName = substr($domainAliasName, 4);
}
// Check for domain alias existence
if (imscp_domain_exists($domainAliasName, $_SESSION['user_created_by'])) {
set_page_message(tr('Domain %s is unavailable.', "<strong>{$domainAliasName}</strong>"), 'error');
return false;
}
$domainAliasNameAscii = encode_idna($domainAliasName);
// Set default mount point
$mountPoint = "/{$domainAliasNameAscii}";
// Check for shared mount point option
if (isset($_POST['shared_mount_point']) && $_POST['shared_mount_point'] == 'yes') {
// We are safe here
if (!isset($_POST['shared_mount_point_domain'])) {
showBadRequestErrorPage();
}
$sharedMountPointDomain = clean_input($_POST['shared_mount_point_domain']);
$domainList = _client_getDomainsList();
// Get shared mount point
foreach ($domainList as $domain) {
if ($domain['name'] == $sharedMountPointDomain) {
$mountPoint = $domain['mount_point'];
}
}
}
// Check for URL forwarding option
$forwardUrl = 'no';
if (isset($_POST['url_forwarding']) && $_POST['url_forwarding'] == 'yes') {
if (!isset($_POST['forward_url_scheme']) || isset($_POST['forward_url'])) {
showBadRequestErrorPage();
}
$forwardUrl = clean_input($_POST['forward_url_scheme']) . clean_input($_POST['forward_url']);
try {
try {
$uri = iMSCP_Uri_Redirect::fromString($forwardUrl);
} catch (Zend_Uri_Exception $e) {
throw new iMSCP_Exception(tr('Forward URL %s is not valid.', "<strong>{$forwardUrl}</strong>"));
}
$uri->setHost(encode_idna($uri->getHost()));
if ($uri->getHost() == $domainAliasNameAscii && $uri->getPath() == '/') {
throw new iMSCP_Exception(tr('Forward URL %s is not valid.', "<strong>{$forwardUrl}</strong>") . ' ' . tr('Domain alias %s cannot be forwarded on itself.', "<strong>{$domainAliasName}</strong>"));
}
$forwardUrl = $uri->getUri();
} catch (Exception $e) {
set_page_message($e->getMessage(), 'error');
return false;
}
}
$isSuUser = isset($_SESSION['logged_from_type']);
# See http://youtrack.i-mscp.net/issue/IP-1486
$userEmail = isset($_SESSION['user_email']) ? $_SESSION['user_email'] : '';
$db = iMSCP_Database::getInstance();
try {
$db->beginTransaction();
iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onBeforeAddDomainAlias, array('domainId' => $mainDmnProps['domain_id'], 'domainAliasName' => $domainAliasNameAscii));
exec_query('
INSERT INTO domain_aliasses (
domain_id, alias_name, alias_mount, alias_status, alias_ip_id, url_forward
) VALUES (
?, ?, ?, ?, ?, ?
)
', array($mainDmnProps['domain_id'], $domainAliasNameAscii, $mountPoint, $isSuUser ? 'toadd' : 'ordered', $mainDmnProps['domain_ip_id'], $forwardUrl));
$id = $db->insertId();
// Create the phpini entry for that domain alias
$phpini = iMSCP_PHPini::getInstance();
$phpini->loadResellerPermissions($_SESSION['user_created_by']);
// Load reseller PHP permissions
$phpini->loadClientPermissions($_SESSION['user_id']);
// Load client PHP permissions
$phpini->loadDomainIni($_SESSION['user_id'], $mainDmnProps['domain_id'], 'dmn');
// Load main domain PHP configuration options
$phpini->saveDomainIni($_SESSION['user_id'], $id, 'als');
if ($isSuUser) {
$cfg = iMSCP_Registry::get('config');
if ($cfg['CREATE_DEFAULT_EMAIL_ADDRESSES'] && $userEmail !== '') {
client_mail_add_default_accounts($mainDmnProps['domain_id'], $userEmail, $domainAliasNameAscii, 'alias', $id);
}
}
$db->commit();
iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onAfterAddDomainAlias, array('domainId' => $mainDmnProps['domain_id'], 'domainAliasName' => $domainAliasNameAscii, 'domainAliasId' => $id));
if ($isSuUser) {
send_request();
write_log(sprintf('A new `%s` domain alias has been created by: %s', $domainAliasName, $_SESSION['user_logged']), E_USER_NOTICE);
set_page_message(tr('Domain alias successfully created.'), 'success');
} else {
send_alias_order_email($domainAliasName);
write_log(sprintf('A new `%s` domain alias has been ordered by: %s', $domainAliasName, decode_idna($_SESSION['user_logged'])), E_USER_NOTICE);
set_page_message(tr('Domain alias successfully ordered.'), 'success');
}
} catch (iMSCP_Exception_Database $e) {
$db->rollBack();
write_log(sprintf('System was unable to create the `%s` domain alias: %s', $domainAliasName, $e->getMessage()), E_USER_ERROR);
set_page_message(tr('Could not create domain alias. An unexpected error occurred.'), 'error');
return false;
}
return true;
}
/**
* Add SQL user for the given database
*
* @throws Exception
* @throws iMSCP_Exception_Database
* @param int $customerId Customer unique identifier
* @param int $dbId
* @return void
*/
function client_addSqlUser($customerId, $dbId)
{
if (empty($_POST)) {
return;
}
if (!isset($_POST['uaction'])) {
showBadRequestErrorPage();
}
$dmnId = get_user_domain_id($customerId);
if (!isset($_POST['Add_Exist'])) {
$needUserCreate = true;
if (!isset($_POST['user_name']) || !isset($_POST['user_host']) || !isset($_POST['pass']) || !isset($_POST['pass_rep'])) {
showBadRequestErrorPage();
}
$user = clean_input($_POST['user_name']);
$host = clean_input($_POST['user_host']);
$password = clean_input($_POST['pass']);
$passwordConf = clean_input($_POST['pass_rep']);
if ($user === '') {
set_page_message(tr('Please enter an username.'), 'error');
return;
}
if (preg_match('/[%|\\?]+/', $user)) {
set_page_message(tr("Wildcards such as '%s' and '%s' are not allowed in username.", '%', '?'), 'error');
return;
}
if ($host === '') {
set_page_message(tr('Please enter an SQL user host.'), 'error');
return;
}
$host = encode_idna(clean_input($_POST['user_host']));
if ($host !== '%' && $host !== 'localhost' && !iMSCP_Validate::getInstance()->hostname($host, array('allow' => Zend_Validate_Hostname::ALLOW_DNS | Zend_Validate_Hostname::ALLOW_IP))) {
set_page_message(tr('Invalid SQL user host: %s', iMSCP_Validate::getInstance()->getLastValidationMessages()), 'error');
return;
}
if ($password === '') {
set_page_message(tr('Please enter a password.'), 'error');
return;
}
if ($password !== $passwordConf) {
set_page_message(tr("Passwords do not match."), 'error');
return;
}
if (strlen($password) > 32) {
set_page_message(tr('Password is too long.'), 'error');
return;
}
if (!checkPasswordSyntax($password)) {
set_page_message(tr('Only printable characters from the ASCII table (not extended), excepted the space, are allowed.'), 'error');
return;
}
if (isset($_POST['use_dmn_id']) && $_POST['use_dmn_id'] == 'on' && isset($_POST['id_pos']) && $_POST['id_pos'] == 'start') {
$user = $dmnId . '_' . clean_input($_POST['user_name']);
} elseif (isset($_POST['use_dmn_id']) && $_POST['use_dmn_id'] == 'on' && isset($_POST['id_pos']) && $_POST['id_pos'] == 'end') {
$user = clean_input($_POST['user_name']) . '_' . $dmnId;
} else {
$user = clean_input($_POST['user_name']);
}
if (strlen($user) > 16) {
set_page_message(tr('Username is too long.'), 'error');
return;
}
if (client_isSqlUser($user, $host)) {
set_page_message(tr('SQL user %s already exits.', $user . '@' . decode_idna($host)), 'error');
return;
}
} elseif (isset($_POST['sqluser_id'])) {
// Using existing SQL user as specified in input data
$needUserCreate = false;
$userId = intval($_POST['sqluser_id']);
$stmt = exec_query('SELECT sqlu_name, sqlu_host, sqlu_pass FROM sql_user WHERE sqlu_id = ?', $userId);
if (!$stmt->rowCount()) {
showBadRequestErrorPage();
}
$row = $stmt->fetchRow(PDO::FETCH_ASSOC);
$user = $row['sqlu_name'];
$host = $row['sqlu_host'];
$password = $row['sqlu_pass'];
} else {
showBadRequestErrorPage();
return;
}
# Retrieve database to which SQL user should be assigned
$stmt = exec_query('SELECT sqld_name FROM sql_database WHERE sqld_id = ? AND domain_id = ?', array($dbId, $dmnId));
if (!$stmt->rowCount()) {
showBadRequestErrorPage();
}
$row = $stmt->fetchRow(PDO::FETCH_ASSOC);
$dbName = $row['sqld_name'];
$dbName = preg_replace('/([_%\\?\\*])/', '\\\\$1', $dbName);
$config = iMSCP_Registry::get('config');
$mysqlConfig = new iMSCP_Config_Handler_File($config['CONF_DIR'] . '/mysql/mysql.data');
iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onBeforeAddSqlUser);
// Here we cannot use transaction due to statements that cause an implicit commit. Thus we execute
// those statements first to let the i-MSCP database in clean state if one of them fails.
// See https://dev.mysql.com/doc/refman/5.7/en/implicit-commit.html for more details
if ($needUserCreate) {
if (strpos('mariadb', $config['SQL_SERVER']) !== false || version_compare($mysqlConfig['SQLD_VERSION'], '5.7.6', '<')) {
exec_query('CREATE USER ?@? IDENTIFIED BY ?', array($user, $host, $password));
} else {
exec_query('CREATE USER ?@? IDENTIFIED BY ? PASSWORD EXPIRE NEVER', array($user, $host, $password));
}
}
execute_query(sprintf('GRANT ALL PRIVILEGES ON %s.* to %s@%s', quoteIdentifier($dbName), quoteValue($user), quoteValue($host)));
exec_query('INSERT INTO sql_user (sqld_id, sqlu_name, sqlu_host, sqlu_pass) VALUES (?, ?, ?, ?)', array($dbId, $user, $host, $password));
iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onAfterAddSqlUser);
set_page_message(tr('SQL user successfully added.'), 'success');
write_log(sprintf("%s added new SQL user: %s", $_SESSION['user_logged'], tohtml($user)), E_USER_NOTICE);
redirectTo('sql_manage.php');
}
