/** * Implements singleton design pattern. * * @static * @return iMSCP_Validate */ public static function getInstance() { if (self::$_instance === null) { self::$_instance = new self(); } return self::$_instance; }
/** * Validate the given DNS MX record * * @access private * @param string $type MX type * @param int $priority MX preference * @param string $host Mail host * @param $verifiedData * @return bool TRUE if the given MX DNS record is valid, FALSE otherwise */ function _client_validateDnsMxRecord($type, $priority, $host, $verifiedData) { $validator = iMSCP_Validate::getInstance(); $mxTypes = array('domain', 'wildcard'); if (customerHasFeature('mail')) { $mxTypes[] = 'filter'; } // Should never occurs since we are using options stack in HTML form if (!$validator->assertContains($type, $mxTypes, true, tr('Invalid MX type.'))) { if ($type == 'filter') { showBadRequestErrorPage(); } else { set_page_message($validator->getLastValidationMessages(), 'error'); return false; } } // Should never occurs since we are using options stack in HTML form if (!$validator->assertContains($priority, range(5, 50, 5), false, tr('Invalid MX priority.'))) { set_page_message($validator->getLastValidationMessages(), 'error'); return false; } // Mail host must not be equal to the domain for which it's added if (!$validator->assertNotEquals($verifiedData['item_name'], encode_idna($host), tr('Mailhost must not be equal to the domain name for which you add it.'))) { set_page_message($validator->getLastValidationMessages(), 'error'); return false; } if ($host == '') { set_page_message(tr('Mailhost cannot be empty.'), 'error'); return false; } elseif (!isValidDomainName($host)) { set_page_message(tr("Mailhost %s is not valid.", "<strong>{$host}</strong>"), 'error'); return false; } return true; }
/** * Check syntax of the given email * * @param string $email Email addresse to check * @param bool $localPartOnly If true, check only the local part * @return bool */ function chk_email($email, $localPartOnly = false) { $options = array(); if ($localPartOnly) { $options['onlyLocalPart'] = true; } return iMSCP_Validate::getInstance()->email($email, $options); }
/** * Add SQL user for the given database * * @throws Exception * @throws iMSCP_Exception_Database * @param int $customerId Customer unique identifier * @param int $dbId * @return void */ function client_addSqlUser($customerId, $dbId) { if (empty($_POST)) { return; } if (!isset($_POST['uaction'])) { showBadRequestErrorPage(); } $dmnId = get_user_domain_id($customerId); if (!isset($_POST['Add_Exist'])) { $needUserCreate = true; if (!isset($_POST['user_name']) || !isset($_POST['user_host']) || !isset($_POST['pass']) || !isset($_POST['pass_rep'])) { showBadRequestErrorPage(); } $user = clean_input($_POST['user_name']); $host = clean_input($_POST['user_host']); $password = clean_input($_POST['pass']); $passwordConf = clean_input($_POST['pass_rep']); if ($user === '') { set_page_message(tr('Please enter an username.'), 'error'); return; } if (preg_match('/[%|\\?]+/', $user)) { set_page_message(tr("Wildcards such as '%s' and '%s' are not allowed in username.", '%', '?'), 'error'); return; } if ($host === '') { set_page_message(tr('Please enter an SQL user host.'), 'error'); return; } $host = encode_idna(clean_input($_POST['user_host'])); if ($host !== '%' && $host !== 'localhost' && !iMSCP_Validate::getInstance()->hostname($host, array('allow' => Zend_Validate_Hostname::ALLOW_DNS | Zend_Validate_Hostname::ALLOW_IP))) { set_page_message(tr('Invalid SQL user host: %s', iMSCP_Validate::getInstance()->getLastValidationMessages()), 'error'); return; } if ($password === '') { set_page_message(tr('Please enter a password.'), 'error'); return; } if ($password !== $passwordConf) { set_page_message(tr("Passwords do not match."), 'error'); return; } if (strlen($password) > 32) { set_page_message(tr('Password is too long.'), 'error'); return; } if (!checkPasswordSyntax($password)) { set_page_message(tr('Only printable characters from the ASCII table (not extended), excepted the space, are allowed.'), 'error'); return; } if (isset($_POST['use_dmn_id']) && $_POST['use_dmn_id'] == 'on' && isset($_POST['id_pos']) && $_POST['id_pos'] == 'start') { $user = $dmnId . '_' . clean_input($_POST['user_name']); } elseif (isset($_POST['use_dmn_id']) && $_POST['use_dmn_id'] == 'on' && isset($_POST['id_pos']) && $_POST['id_pos'] == 'end') { $user = clean_input($_POST['user_name']) . '_' . $dmnId; } else { $user = clean_input($_POST['user_name']); } if (strlen($user) > 16) { set_page_message(tr('Username is too long.'), 'error'); return; } if (client_isSqlUser($user, $host)) { set_page_message(tr('SQL user %s already exits.', $user . '@' . decode_idna($host)), 'error'); return; } } elseif (isset($_POST['sqluser_id'])) { // Using existing SQL user as specified in input data $needUserCreate = false; $userId = intval($_POST['sqluser_id']); $stmt = exec_query('SELECT sqlu_name, sqlu_host, sqlu_pass FROM sql_user WHERE sqlu_id = ?', $userId); if (!$stmt->rowCount()) { showBadRequestErrorPage(); } $row = $stmt->fetchRow(PDO::FETCH_ASSOC); $user = $row['sqlu_name']; $host = $row['sqlu_host']; $password = $row['sqlu_pass']; } else { showBadRequestErrorPage(); return; } # Retrieve database to which SQL user should be assigned $stmt = exec_query('SELECT sqld_name FROM sql_database WHERE sqld_id = ? AND domain_id = ?', array($dbId, $dmnId)); if (!$stmt->rowCount()) { showBadRequestErrorPage(); } $row = $stmt->fetchRow(PDO::FETCH_ASSOC); $dbName = $row['sqld_name']; $dbName = preg_replace('/([_%\\?\\*])/', '\\\\$1', $dbName); $config = iMSCP_Registry::get('config'); $mysqlConfig = new iMSCP_Config_Handler_File($config['CONF_DIR'] . '/mysql/mysql.data'); iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onBeforeAddSqlUser); // Here we cannot use transaction due to statements that cause an implicit commit. Thus we execute // those statements first to let the i-MSCP database in clean state if one of them fails. // See https://dev.mysql.com/doc/refman/5.7/en/implicit-commit.html for more details if ($needUserCreate) { if (strpos('mariadb', $config['SQL_SERVER']) !== false || version_compare($mysqlConfig['SQLD_VERSION'], '5.7.6', '<')) { exec_query('CREATE USER ?@? IDENTIFIED BY ?', array($user, $host, $password)); } else { exec_query('CREATE USER ?@? IDENTIFIED BY ? PASSWORD EXPIRE NEVER', array($user, $host, $password)); } } execute_query(sprintf('GRANT ALL PRIVILEGES ON %s.* to %s@%s', quoteIdentifier($dbName), quoteValue($user), quoteValue($host))); exec_query('INSERT INTO sql_user (sqld_id, sqlu_name, sqlu_host, sqlu_pass) VALUES (?, ?, ?, ?)', array($dbId, $user, $host, $password)); iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onAfterAddSqlUser); set_page_message(tr('SQL user successfully added.'), 'success'); write_log(sprintf("%s added new SQL user: %s", $_SESSION['user_logged'], tohtml($user)), E_USER_NOTICE); redirectTo('sql_manage.php'); }