updateUsingCron("gen_nagios='yes'");
}
}
if (isset($_REQUEST["action"]) && ($_REQUEST["action"] == "shutdown_vps" || $_REQUEST["action"] == "destroy_vps" || $_REQUEST["action"] == "start_vps")) {
if (checkVPSAdmin($adm_login, $adm_pass, $vps_node, $vps_name) == true) {
remoteVPSAction($vps_node, $vps_name, $_REQUEST["action"]);
} else {
$submit_err = _("Access not granted line ") . __LINE__ . _(" file ") . __FILE__;
}
}
if (isset($_REQUEST["action"]) && $_REQUEST["action"] == "set_ip_reverse_dns") {
if (checkVPSAdmin($adm_login, $adm_pass, $vps_node, $vps_name) == true) {
if (!isIP($_REQUEST["ip_addr"])) {
$submit_err = _("This is not a correct IP line ") . __LINE__ . _(" file ") . __FILE__;
} else {
if (!isHostnameOrIP($_REQUEST["rdns"])) {
$submit_err = _("This is not a correct hostname or IP line ") . __LINE__ . _(" file ") . __FILE__;
} else {
$q = "SELECT * FROM {$pro_mysql_vps_ip_table} WHERE ip_addr='" . $_REQUEST["ip_addr"] . "' AND vps_xen_name='{$vps_name}' AND vps_server_hostname='{$vps_node}';";
$r = mysql_query($q) or die("Cannot query {$q} line " . __LINE__ . " file " . __FILE__ . " sql said: " . mysql_error());
$n = mysql_num_rows($r);
if ($n != 1) {
$submit_err = _("Access not granted line ") . __LINE__ . _(" file ") . __FILE__;
} else {
$q = "UPDATE {$pro_mysql_vps_ip_table} SET rdns_addr='" . $_REQUEST["rdns"] . "',rdns_regen='yes' WHERE ip_addr='" . $_REQUEST["ip_addr"] . "';";
$r = mysql_query($q) or die("Cannot query {$q} line " . __LINE__ . " file " . __FILE__ . " sql said: " . mysql_error());
$q = "SELECT {$pro_mysql_ip_pool_table}.zone_type\n\t\t\t\t\tFROM {$pro_mysql_vps_ip_table},{$pro_mysql_ip_pool_table}\n\t\t\t\t\tWHERE {$pro_mysql_vps_ip_table}.ip_addr='" . $_REQUEST["ip_addr"] . "'\n\t\t\t\t\tAND {$pro_mysql_ip_pool_table}.id={$pro_mysql_vps_ip_table}.ip_pool_id;";
$r = mysql_query($q) or die("Cannot query {$q} line " . __LINE__ . " file " . __FILE__ . " sql said: " . mysql_error());
$n = mysql_num_rows($r);
if ($n != 1) {
$submit_err = _("Could not find the corresponding IP pool");
function register_user($adding_service = "no")
{
global $pro_mysql_admin_table;
global $pro_mysql_new_admin_table;
global $pro_mysql_product_table;
global $pro_mysql_vps_server_table;
global $conf_webmaster_email_addr;
global $conf_selling_conditions_url;
global $conf_message_subject_header;
global $secpayconf_currency_letters;
global $gettext_lang;
get_secpay_conf();
// Check if all fields are blank, in wich case don't display error
if ((!isset($_REQUEST["reqadm_login"]) || $_REQUEST["reqadm_login"] == "") && (!isset($_REQUEST["reqadm_pass"]) || $_REQUEST["reqadm_pass"] == "") && (!isset($_REQUEST["reqadm_pass2"]) || $_REQUEST["reqadm_pass2"] == "") && (!isset($_REQUEST["domain_name"]) || $_REQUEST["domain_name"] == "") && (!isset($_REQUEST["domain_tld"]) || $_REQUEST["domain_tld"] == "") && (!isset($_REQUEST["familyname"]) || $_REQUEST["familyname"] == "") && (!isset($_REQUEST["firstname"]) || $_REQUEST["firstname"] == "") && (!isset($_REQUEST["email"]) || $_REQUEST["email"] == "") && (!isset($_REQUEST["phone"]) || $_REQUEST["phone"] == "") && (!isset($_REQUEST["address1"]) || $_REQUEST["address1"] == "") && (!isset($_REQUEST["zipcode"]) || $_REQUEST["zipcode"] == "") && (!isset($_REQUEST["city"]) || $_REQUEST["city"] == "") && (!isset($_REQUEST["firstname"]) || $_REQUEST["firstname"] == "")) {
$ret["err"] = 1;
$ret["mesg"] = _("Not registering");
return $ret;
}
if (isset($_REQUEST["product_id"])) {
$esc_product_id = addslashes($_REQUEST["product_id"]);
}
if (!isRandomNum($esc_product_id)) {
$ret["err"] = 2;
$ret["mesg"] = _("Product ID not valid!");
return $ret;
}
$q = "SELECT * FROM {$pro_mysql_product_table} WHERE id='{$esc_product_id}';";
$r = mysql_query($q) or die("Cannot querry {$q} line " . __LINE__ . " file " . __FILE__ . " sql said " . mysql_error());
$n = mysql_num_rows($r);
if ($n != 1) {
$ret["err"] = 2;
$ret["mesg"] = _("Product not found in database");
} else {
$db_product = mysql_fetch_array($r);
}
// Do field format checking and escaping for all fields
if (!preg_match("/^([a-zA-Z0-9]+)([._a-zA-Z0-9-]+)\$/", $_REQUEST["reqadm_login"])) {
$ret["err"] = 2;
$ret["mesg"] = _("User login format incorrect. Please use letters and numbers only and from 4 to 16 chars.");
return $ret;
}
if ($_REQUEST["reqadm_login"] == "root" || $_REQUEST["reqadm_login"] == "debian-sys-maint") {
$ret["err"] = 2;
$ret["mesg"] = _("Username invalid: please choose something else other than root or debian-sys-maint");
return $ret;
}
if (!isDTCPassword($_REQUEST["reqadm_pass"])) {
$ret["err"] = 2;
$ret["mesg"] = _("Password format incorrect. Please use letters and numbers only and from 4 to 16 chars.");
return $ret;
}
if ($_REQUEST["reqadm_pass"] != $_REQUEST["reqadm_pass2"]) {
$ret["err"] = 2;
$ret["mesg"] = _("Passwords 1 and 2 do not match!");
return $ret;
}
if ($_REQUEST["domain_name"] == "" || !isTLD($_REQUEST["domain_tld"])) {
$domain_tld = "";
} else {
$domain_tld = $_REQUEST["domain_tld"];
}
// If shared or ssl hosting, we MUST do type checkings
if ($db_product["heb_type"] == "shared" || $db_product["heb_type"] == "ssl" || $db_product["heb_type"] == "dedicated") {
if (!isHostnameOrIP($_REQUEST["domain_name"] . $_REQUEST["domain_tld"])) {
$ret["err"] = 2;
$ret["mesg"] = _("Domain name seems to be incorrect.");
return $ret;
}
// If not a shared, a dedicated or ssl account, it's a VPS:
// we don't care if it's umpty, but we take care of mysql insertion anyway
// so if there is a domain name, then we check it's consistency, but we don't
// do much more if there's nothing...
} else {
if ($_REQUEST["domain_name"] . $domain_tld != "" && !isHostnameOrIP($_REQUEST["domain_name"] . $domain_tld)) {
$ret["err"] = 2;
$ret["mesg"] = _("Domain name seems to be incorrect.");
return $ret;
}
}
if ($db_product["heb_type"] == "vps") {
if ($_REQUEST["vps_server_hostname"] == "-1") {
$ret["err"] = 2;
$ret["mesg"] = _("VPS location not selected!");
return $ret;
}
$q = "SELECT * FROM {$pro_mysql_vps_server_table} WHERE hostname='" . addslashes($_REQUEST["vps_server_hostname"]) . "';";
$r = mysql_query($q) or die("Cannot query {$q} " . __LINE__ . " file " . __FILE__ . " sql said: " . mysql_error());
$n = mysql_num_rows($r);
if ($n != 1) {
$ret["err"] = 2;
$ret["mesg"] = _("Could not find the VPS server in database");
return $ret;
}
}
if (!isValidEmail($_REQUEST["email"])) {
$ret["err"] = 2;
$ret["mesg"] = _("Email address seems to be incorrect format.");
return $ret;
}
if (!isset($_REQUEST["familyname"]) || $_REQUEST["familyname"] == "") {
$ret["err"] = 2;
$ret["mesg"] = _("Required field family name missing.");
return $ret;
} else {
if (!get_magic_quotes_gpc()) {
$esc_familyname = addslashes($_REQUEST["familyname"]);
} else {
$esc_familyname = $_REQUEST["familyname"];
}
}
if (!isset($_REQUEST["firstname"]) || $_REQUEST["firstname"] == "") {
$ret["err"] = 2;
$ret["mesg"] = _("Required field first name missing.");
return $ret;
} else {
if (!get_magic_quotes_gpc()) {
$esc_firstname = addslashes($_REQUEST["firstname"]);
} else {
$esc_firstname = $_REQUEST["firstname"];
}
}
if (!isset($_REQUEST["phone"]) || $_REQUEST["phone"] == "") {
$ret["err"] = 2;
$ret["mesg"] = _("Required field phone missing.");
return $ret;
} else {
if (!get_magic_quotes_gpc()) {
$esc_phone = addslashes($_REQUEST["phone"]);
} else {
$esc_phone = $_REQUEST["phone"];
}
}
if (!get_magic_quotes_gpc()) {
$esc_fax = addslashes($_REQUEST["fax"]);
} else {
$esc_fax = $_REQUEST["fax"];
}
if (!get_magic_quotes_gpc()) {
$esc_compname = addslashes($_REQUEST["compname"]);
} else {
$esc_compname = $_REQUEST["compname"];
}
if (!get_magic_quotes_gpc()) {
$esc_vat_num = addslashes($_REQUEST["vat_num"]);
} else {
$esc_vat_num = $_REQUEST["vat_num"];
}
if (!isset($_REQUEST["address1"]) || $_REQUEST["address1"] == "") {
$ret["err"] = 2;
$ret["mesg"] = _("Required field address (line 1) missing.");
return $ret;
} else {
if (!get_magic_quotes_gpc()) {
$esc_address1 = addslashes($_REQUEST["address1"]);
} else {
$esc_address1 = $_REQUEST["address1"];
}
}
if (!get_magic_quotes_gpc()) {
$esc_address2 = addslashes($_REQUEST["address2"]);
} else {
$esc_address2 = $_REQUEST["address2"];
}
if (!get_magic_quotes_gpc()) {
$esc_address3 = addslashes($_REQUEST["address3"]);
} else {
$esc_address3 = $_REQUEST["address3"];
}
if (!isset($_REQUEST["zipcode"]) || $_REQUEST["zipcode"] == "") {
$ret["err"] = 2;
$ret["mesg"] = _("Required field zipcode missing.");
return $ret;
} else {
if (!get_magic_quotes_gpc()) {
$esc_zipcode = addslashes($_REQUEST["zipcode"]);
} else {
$esc_zipcode = $_REQUEST["zipcode"];
}
}
if (!isset($_REQUEST["city"]) || $_REQUEST["city"] == "") {
$ret["err"] = 2;
$ret["mesg"] = _("Required field city missing.");
return $ret;
} else {
if (!get_magic_quotes_gpc()) {
$esc_city = addslashes($_REQUEST["city"]);
} else {
$esc_city = $_REQUEST["city"];
}
}
if (!get_magic_quotes_gpc()) {
$esc_state = addslashes($_REQUEST["state"]);
} else {
$esc_state = $_REQUEST["state"];
}
if (!get_magic_quotes_gpc()) {
$esc_custom_notes = addslashes($_REQUEST["custom_notes"]);
} else {
$esc_custom_notes = $_REQUEST["custom_notes"];
}
if (!preg_match("/^([A-Z])([A-Z])\$/", $_REQUEST["country"])) {
$ret["err"] = 2;
$ret["mesg"] = _("Country code seems incorrect.");
return $ret;
}
if ($_REQUEST["iscomp"] == "yes") {
$esc_comp = "yes";
} else {
if ($_REQUEST["iscomp"] == "no") {
$esc_comp = "no";
} else {
$ret["err"] = 2;
$ret["mesg"] = _("Is company radio button is wrong!");
return $ret;
}
}
if ($conf_selling_conditions_url != "none" && (!isset($_REQUEST["condition"]) || $_REQUEST["condition"] != "yes")) {
$ret["err"] = 2;
$ret["mesg"] = _("Selling conditions not accepted!");
return $ret;
}
$q = "SELECT adm_login FROM {$pro_mysql_admin_table} WHERE adm_login='******';";
$r = mysql_query($q) or die("Cannot query \"{$q}\" !!! Line: " . __LINE__ . " File: " . __FILE__ . " MySQL said: " . mysql_error());
$n = mysql_num_rows($r);
if ($n > 0) {
$ret["err"] = 3;
$ret["mesg"] = _("Username already taken! Try again.");
return $ret;
}
$q = "SELECT reqadm_login FROM {$pro_mysql_new_admin_table} WHERE reqadm_login='******';";
$r = mysql_query($q) or die("Cannot query \"{$q}\" !!! Line: " . __LINE__ . " File: " . __FILE__ . " MySQL said: " . mysql_error());
$n = mysql_num_rows($r);
if ($n > 0) {
$ret["err"] = 3;
$ret["mesg"] = _("Username already taken! Try again.");
return $ret;
}
$vps_add1 = "";
$vps_add2 = "";
$vps_mail_add1 = "";
if ($db_product["heb_type"] == "vps") {
if (!get_magic_quotes_gpc()) {
$esc_vps_os = addslashes($_REQUEST["vps_os"]);
} else {
$esc_vps_os = $_REQUEST["vps_os"];
}
$vps_add1 = ",vps_location,vps_os";
$vps_add2 = ",'" . $_REQUEST["vps_server_hostname"] . "','{$esc_vps_os}'";
$vps_mail_add1 = "VPS hostname: " . $_REQUEST["vps_server_hostname"];
}
// MaxMind: Rudd-O
get_secpay_conf();
global $secpayconf_maxmind_license_key;
global $secpayconf_use_maxmind;
global $secpayconf_maxmind_threshold;
$maxmind_score = 0;
if ($secpayconf_use_maxmind == "yes") {
// This has been done in dtc/shared/dtc_lib.php
// but could be removed from there... As you like!
require_once "../shared/maxmind/HTTPBase.php";
require_once "../shared/maxmind/CreditCardFraudDetection.php";
$hash = array();
$hash["i"] = $_SERVER["REMOTE_ADDR"];
$hash["city"] = $_REQUEST["city"];
$hash["postal"] = $_REQUEST["zipcode"];
$hash["country"] = $_REQUEST["country"];
$maildomain = split("@", $_REQUEST["email"], 2);
$hash["domain"] = $maildomain[1];
$hash["custPhone"] = $_REQUEST["phone"];
$hash["license_key"] = $secpayconf_maxmind_license_key;
if (isset($_SERVER["X_HTTP_FORWARDED_FOR"])) {
$hash["forwardedIP"] = $_SERVER["X_HTTP_FORWARDED_FOR"];
}
$hash["emailMD5"] = md5($_REQUEST["email"]);
$hash["usernameMD5"] = md5($_REQUEST["reqadm_login"]);
$hash["passwordMD5"] = md5($_REQUEST["reqadm_pass"]);
// trigger_error("MaxMind input: ".serialize($hash),E_USER_NOTICE);
$ccfs = new CreditCardFraudDetection();
$ccfs->isSecure = 1;
$ccfs->input($hash);
$ccfs->query();
$maxmind_output = $ccfs->output();
// trigger_error("MaxMind output: ".serialize($maxmind_output),E_USER_NOTICE);
$maxmind_score = $maxmind_output["riskScore"];
} else {
$maxmind_output = "";
}
// end MaxMind
$q = "INSERT INTO {$pro_mysql_new_admin_table}\n(reqadm_login,\nreqadm_pass,\ndomain_name,\nfamily_name,\nfirst_name,\ncomp_name,\nvat_num,\niscomp,\nemail,\nphone,\nfax,\naddr1,\naddr2,\naddr3,\nzipcode,\ncity,\nstate,\ncountry,\nproduct_id,\ncustom_notes,\nshopper_ip,\ndate,\ntime,\nlast_used_lang,\nmaxmind_output{$vps_add1}\n)\nVALUES('" . $_REQUEST["reqadm_login"] . "',\n'" . $_REQUEST["reqadm_pass"] . "',\n'" . $_REQUEST["domain_name"] . $domain_tld . "',\n'{$esc_familyname}',\n'{$esc_firstname}',\n'{$esc_compname}',\n'{$esc_vat_num}',\n'{$esc_comp}',\n'" . $_REQUEST["email"] . "',\n'{$esc_phone}',\n'{$esc_fax}',\n'{$esc_address1}',\n'{$esc_address2}',\n'{$esc_address3}',\n'{$esc_zipcode}',\n'{$esc_city}',\n'{$esc_state}',\n'" . $_REQUEST["country"] . "',\n'{$esc_product_id}',\n'{$esc_custom_notes}',\n'" . $_SERVER["REMOTE_ADDR"] . "',\n'" . date("Y-m-d") . "',\n'" . date("H:i:s") . "',\n'" . $gettext_lang . "',\n'" . mysql_real_escape_string(serialize($maxmind_output)) . "'{$vps_add2})";
$r = mysql_query($q) or die("Cannot query \"{$q}\" !!! Line: " . __LINE__ . " File: " . __FILE__ . " MySQL said: " . mysql_error());
$id = mysql_insert_id();
$ret["err"] = 0;
$ret["mesg"] = "Query ok!";
$ret["id"] = $id;
$q = "SELECT * FROM {$pro_mysql_product_table} WHERE id='{$esc_product_id}';";
$r = mysql_query($q) or die("Cannot querry {$q} line " . __LINE__ . " file " . __FILE__ . " sql said " . mysql_error());
$n = mysql_num_rows($r);
if ($n != 1) {
echo "<font color=\"red\">" . _("Cannot find product id!") . "</font>";
$the_prod = $esc_product_id . " (0 {$secpayconf_currency_letters})";
} else {
$a = mysql_fetch_array($r);
$the_prod = $a["name"] . " (" . $a["price_dollar"] . " {$secpayconf_currency_letters})";
}
$mail_content = "\nSomebody tried to register an account. Here is the details of the new user:\n\nlogin: "******"reqadm_login"] . "\npass: "******"reqadm_pass"] . "\ndomain: " . $_REQUEST["domain_name"] . $domain_tld . "\nCompany name: " . $_REQUEST["compname"] . "\nFirst name: " . $_REQUEST["firstname"] . "\nFamily name: " . $_REQUEST["familyname"] . "\nEmail: " . $_REQUEST["email"] . "\nPhone: {$esc_phone}\nFax: {$esc_fax}\nAddr: " . $_REQUEST["address1"] . " " . $_REQUEST["address2"] . " " . $_REQUEST["address3"] . "\nZipcode: {$esc_zipcode}\nCity: " . $_REQUEST["city"] . "\nState: " . $_REQUEST["state"] . "\nCountry: " . $_REQUEST["country"] . "\nShopper ip: " . $_SERVER["REMOTE_ADDR"] . "\nProduct id: {$the_prod}\nCustomer note: " . $_REQUEST["custom_notes"] . "\n{$vps_mail_add1}\n";
if ($maxmind_score > 0) {
$mail_content .= "Maxmind Score: {$maxmind_score}\n";
$mail_content .= "Maxmind Output: {$maxmind_output}\n";
}
$headers = "From: DTC Robot <{$conf_webmaster_email_addr}>";
mail($conf_webmaster_email_addr, "{$conf_message_subject_header} Somebody tried to register an account", $mail_content, $headers);
return $ret;
}
<?php
$panel_type = "none";
require_once "../shared/autoSQLconfig.php";
require_once "{$dtcshared_path}/dtc_lib.php";
if (!isHostnameOrIP($_REQUEST["vps_server_hostname"])) {
die("VPS node name has wrong format: dying.");
}
if (isset($_REQUEST["vps_name"])) {
if (!checkSubdomainFormat($_REQUEST["vps_name"])) {
die("VPS name has wrong format: dying.");
}
}
if ($_SERVER["SCRIPT_NAME"] != "/dtc/vm-io-all.php") {
require_once "authme.php";
} else {
checkLoginPass($adm_login, $adm_pass);
$q = "SELECT * FROM {$pro_mysql_vps_table} WHERE owner='{$adm_login}' AND vps_server_hostname='" . $_REQUEST["vps_server_hostname"] . "' AND vps_xen_name='" . $_REQUEST["vps_name"] . "'";
$r = mysql_query($q) or die;
$n = mysql_num_rows($r);
if ($n != 1) {
die(_("Access not granted line ") . __LINE__ . _(" file ") . __FILE__);
}
}
// Date in the past
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
// always modified
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
// HTTP/1.1
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
if (isset($_REQUEST["new_mx_3"]) && isHostnameOrIP(strtolower($_REQUEST["new_mx_3"]))) {
$new_mx_3 = strtolower($_REQUEST["new_mx_3"]);
} else {
$new_mx_3 = "";
}
if (isset($_REQUEST["new_mx_4"]) && isHostnameOrIP(strtolower($_REQUEST["new_mx_4"]))) {
$new_mx_4 = strtolower($_REQUEST["new_mx_4"]);
} else {
$new_mx_4 = "";
}
if (isset($_REQUEST["new_mx_5"]) && isHostnameOrIP(strtolower($_REQUEST["new_mx_5"]))) {
$new_mx_5 = strtolower($_REQUEST["new_mx_5"]);
} else {
$new_mx_5 = "";
}
if (isset($_REQUEST["new_mx_6"]) && isHostnameOrIP(strtolower($_REQUEST["new_mx_6"]))) {
$new_mx_6 = strtolower($_REQUEST["new_mx_6"]);
} else {
$new_mx_6 = "";
}
// Trims the eventual last . of the string for MX, as this is a common mistake
if (substr($new_mx_1, strlen($new_mx_1) - 1) == ".") {
$new_mx_1 = substr($new_mx_1, 0, strlen($new_mx_1) - 1);
}
if (substr($new_mx_2, strlen($new_mx_2) - 1) == ".") {
$new_mx_2 = substr($new_mx_2, 0, strlen($new_mx_2) - 1);
}
if (substr($new_mx_3, strlen($new_mx_3) - 1) == ".") {
$new_mx_3 = substr($new_mx_3, 0, strlen($new_mx_3) - 1);
}
if (substr($new_mx_4, strlen($new_mx_4) - 1) == ".") {
$q = "INSERT INTO {$pro_mysql_whitelist_table} (id,pop_user,mbox_host,mail_from_user,mail_from_domain,mail_to) VALUES('','{$user}','{$host}',\n\t\t\t'" . $_REQUEST["mail_from_user"] . "','" . $_REQUEST["mail_from_domain"] . "','" . $_REQUEST["mail_to"] . "');";
$r = mysql_query($q) or die("Cannot execute query \"{$q}\" ! line: " . __LINE__ . " file: " . __FILE__ . " sql said: " . mysql_error());
} else {
echo "<font color=\"red\">This is not a valid rule!</font>";
}
break;
// ruleid=1&action=delete_whitelist_rule
// ruleid=1&action=delete_whitelist_rule
case "delete_whitelist_rule":
$q = "DELETE FROM {$pro_mysql_whitelist_table} WHERE id='" . $_REQUEST["ruleid"] . "' AND pop_user='******' AND mbox_host='{$host}'";
$r = mysql_query($q) or die("Cannot execute query \"{$q}\" ! line: " . __LINE__ . " file: " . __FILE__ . " sql said: " . mysql_error());
break;
// action=edit_whitelist_rule&ruleid=1&mail_from_user=toto&mail_from_domain=toto.com&mail_to=
// action=edit_whitelist_rule&ruleid=1&mail_from_user=toto&mail_from_domain=toto.com&mail_to=
case "edit_whitelist_rule":
if (isValidEmail($_REQUEST["mail_from_user"] . '@' . $_REQUEST["mail_from_domain"]) && $_REQUEST["mail_to"] == "" || isHostnameOrIP($_REQUEST["mail_from_domain"]) && $_REQUEST["mail_from_user"] == "" && $_REQUEST["mail_to"] == "" || isHostnameOrIP($_REQUEST["mail_to"]) && $_REQUEST["mail_from_user"] == "" && $_REQUEST["mail_from_domain"] == "") {
$q = "UPDATE {$pro_mysql_whitelist_table}\n\t\t\tSET mail_from_user='******',\n\t\t\tmail_from_domain='" . $_REQUEST["mail_from_domain"] . "',mail_to='" . $_REQUEST["mail_to"] . "'\n\t\t\tWHERE id='" . $_REQUEST["ruleid"] . "' AND pop_user='******' AND mbox_host='{$host}';";
$r = mysql_query($q) or die("Cannot execute query \"{$q}\" ! line: " . __LINE__ . " file: " . __FILE__ . " sql said: " . mysql_error());
} else {
echo "<font color=\"red\">This is not a valid rule!</font>";
}
break;
case "edit_bounce_msg":
//&action=edit_bounce_msg&bounce_msg=Hello%2C%0D%0AYou+have+tried+to+write+an+email+to+me%2C+and+because+of+the+big+amount%0D%0Aof+spam+I+recieved%2C+I+use+an+antispam+software+that+require+a+message%0D%0Aconfirmation.+This+is+very+easy%2C+and+you+will+have+to+do+it+only+once.%0D%0AJust+click+on+the+following+link%2C+copy+the+number+you+see+on+the%0D%0Ascreen+and+I+will+recieve+the+message+you+sent+me.+If+you+do+not%0D%0Aclick%2C+then+your+message+will+be+considered+as+advertising+and+I+will%0D%0ANOT+recieve+it.%0D%0A%0D%0A***URL***%0D%0A%0D%0AThank+you+for+your+understanding.%0D%0A
if (strstr($_REQUEST["bounce_msg"], "***URL***")) {
$q = "UPDATE {$pro_mysql_pop_table} SET bounce_msg='" . addslashes($_REQUEST["bounce_msg"]) . "' WHERE id='{$user}' AND mbox_host='{$host}' AND passwd='" . $_REQUEST["adm_email_pass"] . "';";
$r = mysql_query($q) or die("Cannot execute query \"{$q}\" ! line: " . __LINE__ . " file: " . __FILE__ . " sql said: " . mysql_error());
} else {
echo "Bounce message MUST contain ***URL***";
}
break;
<?php
if (function_exists("date_default_timezone_set") and function_exists("date_default_timezone_get")) {
@date_default_timezone_set(@date_default_timezone_get());
}
// vps_stats_network.php?adm_login=$adm_login&adm_pass=$adm_pass&vps_node=$vps_node&vps_name=$vps_node
$panel_type = "none";
require_once "../shared/autoSQLconfig.php";
require_once "{$dtcshared_path}/dtc_lib.php";
if ($_SERVER["REQUEST_URI"] != "/dtc/vps_stats_hdd.php" && $_SERVER["SCRIPT_NAME"] != "/dtc/vps_stats_hdd.php") {
require_once "authme.php";
}
if (!isHostnameOrIP($_REQUEST["vps_node"])) {
die("VPS node name has wrong format: dying.");
}
if (!checkSubdomainFormat($_REQUEST["vps_name"])) {
die("VPS name has wrong format: dying.");
}
session_name("wallid");
header("Content-type: image/png");
// Date in the past
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
// always modified
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
// HTTP/1.1
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
// HTTP/1.0
header("Pragma: no-cache");
$width = 120;
$height = 48;
case "enets-failed":
// The transaction have failed (currently only eNETS)
$form .= "<h3><font color=\"red\">" . _("PAYMENT FAILED") . "<!-- PAYMENT FAILED --></font></h3>" . _("The payment gateway have reported that your payment has failed. Contact us, we also accept checks and wire transfers.");
break;
// The customer wants to add: a shared account if he doesn't have one, a new dedicated or vps
// The customer wants to add: a shared account if he doesn't have one, a new dedicated or vps
case "add_new_service":
if (!isRandomNum($_REQUEST["product_id"])) {
$form = _("The product ID is not a valid integer number.");
break;
}
if (!isFtpLogin($_REQUEST["adm_login"])) {
$form = _("The requested login is not a valid login.");
break;
}
if (!isHostnameOrIP($_REQUEST["vps_location"])) {
$form = _("Location is not a valid hostname.");
break;
}
if (!isset($_REQUEST["vps_os"]) || $_REQUEST["vps_os"] != "debian" && $_REQUEST["vps_os"] != "centos" && $_REQUEST["vps_os"] != "gentoo" && $_REQUEST["vps_os"] != "netbsd") {
$form = _("VPS operating system not recognized");
break;
}
// Product
$q = "SELECT * FROM {$pro_mysql_product_table} WHERE id='" . $_REQUEST["product_id"] . "';";
$r = mysql_query($q) or die("Cannot query \"{$q}\" ! line: " . __LINE__ . " file: " . __FILE__ . " sql said: " . mysql_error());
$n = mysql_num_rows($r);
if ($n != 1) {
$form = _("Cannot reselect product: registration failed!");
break;
}
