/**
* Returns reseller data
*
* @return array Reference to array of data
*/
function &admin_getData()
{
static $data = null;
if (null === $data) {
$stmt = exec_query('SELECT ip_id, ip_number FROM server_ips ORDER BY ip_number');
if ($stmt->rowCount()) {
$data['server_ips'] = $stmt->fetchAll();
} else {
set_page_message(tr('Unable to get the IP address list. Please fix this problem.'), 'error');
redirectTo('manage_users.php');
}
$phpini = iMSCP_PHPini::getInstance();
foreach (array('admin_name' => '', 'password' => '', 'password_confirmation' => '', 'fname' => '', 'lname' => '', 'gender' => 'U', 'firm' => '', 'zip' => '', 'city' => '', 'state' => '', 'country' => '', 'email' => '', 'phone' => '', 'fax' => '', 'street1' => '', 'street2' => '', 'max_dmn_cnt' => '0', 'max_sub_cnt' => '0', 'max_als_cnt' => '0', 'max_mail_cnt' => '0', 'max_ftp_cnt' => '0', 'max_sql_db_cnt' => '0', 'max_sql_user_cnt' => '0', 'max_traff_amnt' => '0', 'max_disk_amnt' => '0', 'software_allowed' => 'no', 'softwaredepot_allowed' => 'no', 'websoftwaredepot_allowed' => 'no', 'support_system' => 'yes', 'customer_id' => '', 'php_ini_system' => $phpini->getResellerPermission('phpiniSystem'), 'php_ini_al_allow_url_fopen' => $phpini->getResellerPermission('phpiniAllowUrlFopen'), 'php_ini_al_display_errors' => $phpini->getResellerPermission('phpiniDisplayErrors'), 'php_ini_al_disable_functions' => $phpini->getResellerPermission('phpiniDisableFunctions'), 'php_ini_al_mail_function' => $phpini->getResellerPermission('phpiniMailFunction'), 'post_max_size' => $phpini->getResellerPermission('phpiniPostMaxSize'), 'upload_max_filesize' => $phpini->getResellerPermission('phpiniUploadMaxFileSize'), 'max_execution_time' => $phpini->getResellerPermission('phpiniMaxExecutionTime'), 'max_input_time' => $phpini->getResellerPermission('phpiniMaxInputTime'), 'memory_limit' => $phpini->getResellerPermission('phpiniMemoryLimit')) as $key => $value) {
if (isset($_POST[$key])) {
$data[$key] = clean_input($_POST[$key]);
} else {
$data[$key] = $value;
}
}
if (isset($_POST['reseller_ips']) && is_array($_POST['reseller_ips'])) {
foreach ($_POST['reseller_ips'] as $key => $value) {
$_POST['reseller_ips'][$key] = clean_input($value);
}
$data['reseller_ips'] = $_POST['reseller_ips'];
} else {
// We are safe here
$data['reseller_ips'] = array();
}
}
return $data;
}
/**
* Adds Htaccess group.
*
* @param int $domainId Domain unique identifier
* @return
*/
function client_addHtaccessGroup($domainId)
{
if (isset($_POST['uaction']) && $_POST['uaction'] == 'add_group') {
// we have to add the group
if (isset($_POST['groupname'])) {
if (!validates_username($_POST['groupname'])) {
set_page_message(tr('Invalid group name!'), 'error');
return;
}
$groupname = $_POST['groupname'];
$query = "\n\t\t\t\tSELECT\n\t\t\t\t\t`id`\n\t\t\t\tFROM\n\t\t\t\t\t`htaccess_groups`\n\t\t\t\tWHERE\n\t\t\t\t\t`ugroup` = ?\n\t\t\t\tAND\n\t\t\t\t\t`dmn_id` = ?\n\t\t\t";
$rs = exec_query($query, array($groupname, $domainId));
if ($rs->rowCount() == 0) {
$change_status = 'toadd';
$query = "\n\t\t\t\t\tINSERT INTO `htaccess_groups` (\n\t\t\t\t\t `dmn_id`, `ugroup`, `status`\n\t\t\t\t\t) VALUES (\n\t\t\t\t\t ?, ?, ?\n\t\t\t\t\t)\n\t\t\t\t";
exec_query($query, array($domainId, $groupname, $change_status));
send_request();
set_page_message(tr('Htaccess group successfully scheduled for addition.'), 'success');
$admin_login = $_SESSION['user_logged'];
write_log("{$admin_login}: added htaccess group: {$groupname}", E_USER_NOTICE);
redirectTo('protected_user_manage.php');
} else {
set_page_message(tr('This htaccess group already exists.'), 'error');
return;
}
} else {
set_page_message(tr('Invalid htaccess group name.'), 'error');
return;
}
} else {
return;
}
}
function session_check($redirect = false, $showErrorMsg = false)
{
$valid = false;
if (defined("SITENAME")) {
if (isset($_SESSION['SESS_USER_ID']) && isset($_SESSION['SESS_PRIVILEGE_ID']) && isset($_SESSION['SESS_ACCESS_ID']) && isset($_SESSION['SESS_TOKEN']) && isset($_SESSION['SESS_SITEID']) && isset($_SESSION['SESS_LOGIN_SITE']) && isset($_SESSION['SESS_ACCESS_SITES']) && isset($_SESSION['SESS_SITEID']) && $_SESSION['SESS_SITEID'] == SiteID) {
if ($_SESSION['SESS_TOKEN'] == session_id() || $_SESSION['MAUTH_KEY'] == generateMAuthKey()) {
if (is_numeric($_SESSION['SESS_PRIVILEGE_ID']) && $_SESSION['SESS_PRIVILEGE_ID'] > 0) {
if ($_SESSION['SESS_LOGIN_SITE'] == $_REQUEST['site']) {
$valid = true;
} elseif (is_array($_SESSION['SESS_ACCESS_SITES']) && in_array(SITENAME, $_SESSION['SESS_ACCESS_SITES'])) {
$valid = true;
}
}
}
}
}
if ($valid) {
return true;
} else {
if ($redirect) {
$relink = SiteLocation . "login";
redirectTo($relink, "SESSION Expired. Going To Login Page");
session_destroy();
exit;
} else {
if ($showErrorMsg) {
trigger_logikserror("Accessing Forbidden Page", E_USER_ERROR, 401);
}
return false;
}
}
}
/**
* Updates htaccess user.
*
* @param int $dmn_id Domain unique identifier
* @param int $uuser_id Htaccess user unique identifier
* @return
*/
function client_updateHtaccessUser(&$dmn_id, &$uuser_id)
{
if (isset($_POST['uaction']) && $_POST['uaction'] == 'modify_user') {
// we have to add the user
if (isset($_POST['pass']) && isset($_POST['pass_rep'])) {
if (!checkPasswordSyntax($_POST['pass'])) {
return;
}
if ($_POST['pass'] !== $_POST['pass_rep']) {
set_page_message(tr("Passwords do not match."), 'error');
return;
}
$nadmin_password = cryptPasswordWithSalt($_POST['pass'], generateRandomSalt(true));
$change_status = 'tochange';
$query = "\n\t\t\t\tUPDATE\n\t\t\t\t\t`htaccess_users`\n\t\t\t\tSET\n\t\t\t\t\t`upass` = ?, `status` = ?\n\t\t\t\tWHERE\n\t\t\t\t\t`dmn_id` = ?\n\t\t\t\tAND\n\t\t\t\t\t`id` = ?\n\t\t\t";
exec_query($query, array($nadmin_password, $change_status, $dmn_id, $uuser_id));
send_request();
$query = "\n\t\t\t\tSELECT\n\t\t\t\t\t`uname`\n\t\t\t\tFROM\n\t\t\t\t\t`htaccess_users`\n\t\t\t\tWHERE\n\t\t\t\t\t`dmn_id` = ?\n\t\t\t\tAND\n\t\t\t\t\t`id` = ?\n\t\t\t";
$rs = exec_query($query, array($dmn_id, $uuser_id));
$uname = $rs->fields['uname'];
$admin_login = $_SESSION['user_logged'];
write_log("{$admin_login}: updated htaccess user ID: {$uname}", E_USER_NOTICE);
redirectTo('protected_user_manage.php');
}
} else {
return;
}
}
/**
* Activate autoresponder of the given mail account with the given autoreponder message
*
* @param int $mailAccountId Mail account id
* @param string $autoresponderMessage Auto-responder message
* @return void
*/
function client_ActivateAutoresponder($mailAccountId, $autoresponderMessage)
{
$autoresponderMessage = clean_input($autoresponderMessage);
if ($autoresponderMessage == '') {
set_page_message(tr('Auto-responder message cannot be empty.'), 'error');
redirectTo("mail_autoresponder_enable.php?mail_account_id={$mailAccountId}");
} else {
$db = iMSCP_Database::getInstance();
try {
$db->beginTransaction();
$query = "SELECT `mail_addr` FROM `mail_users` WHERE `mail_id` = ?";
$stmt = exec_query($query, $mailAccountId);
$query = '
UPDATE
`mail_users`
SET
`status` = ?, `mail_auto_respond` = ?, `mail_auto_respond_text` = ?
WHERE
`mail_id` = ?
';
exec_query($query, array('tochange', 1, $autoresponderMessage, $mailAccountId));
// Purge autoreplies log entries
delete_autoreplies_log_entries();
$db->commit();
// Ask iMSCP daemon to trigger engine dispatcher
send_request();
write_log(sprintf("%s: activated auto-responder for the '%s' mail account", $_SESSION['user_logged'], $stmt->fields['mail_addr']), E_USER_NOTICE);
set_page_message(tr('Auto-responder successfully scheduled for activation.'), 'success');
} catch (iMSCP_Exception_Database $e) {
$db->rollBack();
throw $e;
}
}
}
function UpdateSession()
{
global $CONF, $db;
if (request_var('ajax', 0) == 1) {
return true;
}
$_SESSION['last'] = $this->GetSessionFromDB();
if (empty($_SESSION['last']) || !$this->CompareIPs($_SESSION['last']['user_ip'])) {
$this->DestroySession();
redirectTo('index.php?code=2');
}
$SelectPlanet = request_var('cp', 0);
if (!empty($SelectPlanet)) {
$IsPlanetMine = $db->uniquequery("SELECT `id` FROM " . PLANETS . " WHERE `id` = '" . $SelectPlanet . "' AND `id_owner` = '" . $_SESSION['id'] . "';");
}
$_SESSION['path'] = $this->GetPath();
$_SESSION['planet'] = !empty($IsPlanetMine['id']) ? $IsPlanetMine['id'] : $_SESSION['planet'];
$SQL = "UPDATE " . USERS . " as u, " . SESSION . " as s SET ";
$SQL .= "u.`onlinetime` = '" . TIMESTAMP . "', ";
$SQL .= "u.`user_lastip` = '" . $_SERVER['REMOTE_ADDR'] . "', ";
$SQL .= "s.`user_ip` = '" . $_SERVER['REMOTE_ADDR'] . "', ";
$SQL .= "s.`user_side` = '" . $db->sql_escape($_SESSION['path']) . "', ";
$SQL .= "s.`user_ua` = '" . $db->sql_escape($_SERVER['HTTP_USER_AGENT']) . "', ";
$SQL .= "s.`user_method` = '" . $_SERVER["REQUEST_METHOD"] . "', ";
$SQL .= "s.`user_lastactivity` = '" . TIMESTAMP . "' ";
$SQL .= "WHERE ";
$SQL .= "u.`id` = '" . $_SESSION['id'] . "' AND s.`sess_id` = '" . session_id() . "';";
$db->query($SQL);
return true;
}
public function validateUser($username, $password)
{
global $db;
if ($this->validateUsername($username) && $this->validatePassword($password)) {
// success
if ($db->hasRows($result = $db->userNameExists($this->username))) {
$result = $db->fetchArray($result);
//print_r($result);
if (password_verify($this->password, $result['user_password'])) {
$_SESSION['user_id'] = $result['user_id'];
$_SESSION['username'] = $result['user_name'];
$_SESSION['permission'] = $result['permission'];
// the following checks to see if the response is an Ajax response.
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && !empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') {
// ajax message
echo false;
} else {
redirectTo('../public/workshop.php');
}
} else {
echo $this->errors[] = "Incorrect password";
}
} else {
$this->password = "";
echo $this->errors[] = "No such username exists";
}
}
}
/**
* Pydio authentication
*
* @param int $userId ftp username
* @return bool FALSE on failure
*/
function client_pydioAuth($userId)
{
if (file_exists(GUI_ROOT_DIR . '/data/tmp/failedAJXP.log')) {
@unlink(GUI_ROOT_DIR . '/data/tmp/failedAJXP.log');
}
$credentials = _client_pydioGetLoginCredentials($userId);
if (!$credentials) {
set_page_message(tr('Unknown FTP user.'), 'error');
return false;
}
$contextOptions = array();
// Prepares Pydio absolute Uri to use
if (isSecureRequest()) {
$contextOptions = array('ssl' => array('verify_peer' => false, 'allow_self_signed' => true));
}
$pydioBaseUrl = getBaseUrl() . '/ftp/';
$port = getUriPort();
// Pydio authentication
$context = stream_context_create(array_merge($contextOptions, array('http' => array('method' => 'GET', 'protocol_version' => '1.1', 'header' => array('Host: ' . $_SERVER['SERVER_NAME'] . ($port ? ':' . $port : ''), 'User-Agent: i-MSCP', 'Connection: close')))));
# Getting secure token
$secureToken = file_get_contents("{$pydioBaseUrl}/index.php?action=get_secure_token", false, $context);
$postData = http_build_query(array('get_action' => 'login', 'userid' => $credentials[0], 'login_seed' => '-1', "remember_me" => 'false', 'password' => stripcslashes($credentials[1]), '_method' => 'put'));
$contextOptions = array_merge($contextOptions, array('http' => array('method' => 'POST', 'protocol_version' => '1.1', 'header' => array('Host: ' . $_SERVER['SERVER_NAME'] . ($port ? ':' . $port : ''), 'Content-Type: application/x-www-form-urlencoded', 'X-Requested-With: XMLHttpRequest', 'Content-Length: ' . strlen($postData), 'User-Agent: i-MSCP', 'Connection: close'), 'content' => $postData)));
stream_context_set_default($contextOptions);
# TODO Parse the full response and display error message on authentication failure
$headers = get_headers("{$pydioBaseUrl}?secure_token={$secureToken}", true);
_client_pydioCreateCookies($headers['Set-Cookie']);
redirectTo($pydioBaseUrl);
exit;
}
public function logout()
{
$_SESSION["logged"] = false;
$_SESSION["id"] = null;
session_destroy();
$this->logged = false;
redirectTo("home");
}
public function __construct($title = '')
{
parent::__construct($title);
if (!isset($_SESSION['buy'])) {
redirectTo('/');
}
unset($_SESSION['buy']);
}
function log_in()
{
if ($this->logged_in) {
redirectTo("index.php");
} else {
redirectTo("login.php");
}
}
protected function create()
{
$params = arrayKeysSnakeToCamel($_POST['user']);
$user = new User();
$user->fromArray($params);
$user->save();
$this->addFlash("success", "registered");
redirectTo("/");
}
/**
* Generates page.
*
* @param iMSCP_pTemplate $tpl Template engine instance
* @param int $dmn_id Domain unique identifier
* @return void
*/
function client_generatePage($tpl, &$dmn_id)
{
if (isset($_GET['uname']) && $_GET['uname'] !== '' && is_numeric($_GET['uname'])) {
$uuser_id = $_GET['uname'];
$tpl->assign('UNAME', tohtml(client_getHtaccessUsername($uuser_id, $dmn_id)));
$tpl->assign('UID', $uuser_id);
} else {
if (isset($_POST['nadmin_name']) && !empty($_POST['nadmin_name']) && is_numeric($_POST['nadmin_name'])) {
$uuser_id = $_POST['nadmin_name'];
$tpl->assign('UNAME', tohtml(client_getHtaccessUsername($uuser_id, $dmn_id)));
$tpl->assign('UID', $uuser_id);
} else {
redirectTo('protected_user_manage.php');
exit;
// Useless but avoid stupid IDE warning about possibled undefined variable
}
}
// get groups
$query = "SELECT * FROM `htaccess_groups` WHERE `dmn_id` = ?";
$stmt = exec_query($query, $dmn_id);
if ($stmt->rowCount() == 0) {
set_page_message(tr('You have no groups.'), 'error');
redirectTo('protected_user_manage.php');
} else {
$added_in = 0;
$not_added_in = 0;
while (!$stmt->EOF) {
$group_id = $stmt->fields['id'];
$group_name = $stmt->fields['ugroup'];
$members = $stmt->fields['members'];
$members = explode(",", $members);
$grp_in = 0;
// let's generete all groups wher the user is assigned
for ($i = 0, $cnt_members = count($members); $i < $cnt_members; $i++) {
if ($uuser_id == $members[$i]) {
$tpl->assign(array('GRP_IN' => tohtml($group_name), 'GRP_IN_ID' => $group_id));
$tpl->parse('ALREADY_IN', '.already_in');
$grp_in = $group_id;
$added_in++;
}
}
if ($grp_in !== $group_id) {
$tpl->assign(array('GRP_NAME' => tohtml($group_name), 'GRP_ID' => $group_id));
$tpl->parse('GRP_AVLB', '.grp_avlb');
$not_added_in++;
}
$stmt->moveNext();
}
// generate add/remove buttons
if ($added_in < 1) {
$tpl->assign('IN_GROUP', '');
}
if ($not_added_in < 1) {
$tpl->assign('NOT_IN_GROUP', '');
}
}
}
function ShowFleetShortcuts()
{
global $USER, $LNG, $db;
$a = request_var('a', '');
$mode = request_var('mode', '');
$template = new template();
$template->page_header();
$template->page_footer();
if ($mode == "add") {
if ($_POST) {
$name = request_var('n', $LNG['fl_anonymous']);
$gala = request_var('g', 0);
$sys = request_var('s', 0);
$plan = request_var('p', 0);
$type = request_var('t', 0);
$USER['fleet_shortcut'] .= $name . ',' . $gala . ',' . $sys . ',' . $plan . ',' . $type . "\r\n";
$db->query("UPDATE " . USERS . " SET `fleet_shortcut` = '" . $USER['fleet_shortcut'] . "' WHERE `id` = '" . $USER['id'] . "';");
redirectTo("game." . PHP_EXT . "?page=shortcuts");
}
$template->assign_vars(array('fl_shortcut_add_title' => $LNG['fl_shortcut_add_title'], 'fl_clean' => $LNG['fl_clean'], 'fl_register_shorcut' => $LNG['fl_register_shorcut'], 'fl_back' => $LNG['fl_back'], 'typeselector' => array(1 => $LNG['fl_planet'], 2 => $LNG['fl_debris'], 3 => $LNG['fl_moon'])));
$template->show("fleet_shortcuts_add.tpl");
} elseif (is_numeric($a)) {
$scarray = explode("\r\n", $USER['fleet_shortcut']);
$r = explode(",", $scarray[$a]);
if ($_POST) {
if ($_POST['delete']) {
unset($scarray[$a]);
} else {
$r[0] = request_var('n', '');
$r[1] = request_var('g', 0);
$r[2] = request_var('s', 0);
$r[3] = request_var('p', 0);
$r[4] = request_var('t', 0);
$scarray[$a] = implode(",", $r);
}
$USER['fleet_shortcut'] = implode("\r\n", $scarray);
$db->query("UPDATE " . USERS . " SET fleet_shortcut='" . $USER['fleet_shortcut'] . "' WHERE id=" . $USER['id'] . ";");
exit(redirectTo("game." . PHP_EXT . "?page=shortcuts"));
}
if (empty($USER['fleet_shortcut'])) {
redirectTo("game." . PHP_EXT . "?page=shortcuts");
}
$template->assign_vars(array('fl_back' => $LNG['fl_back'], 'fl_shortcut_edition' => $LNG['fl_shortcut_edition'], 'fl_reset_shortcut' => $LNG['fl_reset_shortcut'], 'fl_register_shorcut' => $LNG['fl_register_shorcut'], 'fl_dlte_shortcut' => $LNG['fl_dlte_shortcut'], 'typeselector' => array(1 => $LNG['fl_planet'], 2 => $LNG['fl_debris'], 3 => $LNG['fl_moon']), 'name' => $r[0], 'galaxy' => $r[1], 'system' => $r[2], 'planet' => $r[3], 'type' => $r[4], 'id' => $a));
$template->show("fleet_shortcuts_edit.tpl");
} else {
$scarray = explode("\r\n", $USER['fleet_shortcut']);
foreach ($scarray as $b) {
if (empty($b)) {
continue;
}
$c = explode(',', $b);
$ShortCuts[] = array('name' => $c[0], 'galaxy' => $c[1], 'system' => $c[2], 'planet' => $c[3], 'type' => $c[4]);
}
$template->assign_vars(array('ShortCuts' => $ShortCuts, 'fl_back' => $LNG['fl_back'], 'fl_planet_shortcut' => $LNG['fl_planet_shortcut'], 'fl_moon_shortcut' => $LNG['fl_moon_shortcut'], 'fl_debris_shortcut' => $LNG['fl_debris_shortcut'], 'fl_no_shortcuts' => $LNG['fl_no_shortcuts'], 'fl_shortcuts' => $LNG['fl_shortcuts'], 'fl_shortcut_add' => $LNG['fl_shortcut_add']));
$template->show("fleet_shortcuts.tpl");
}
}
function sessionInit()
{
session_start();
if (!isset($_SESSION['loggedin'])) {
// User is not logged in and did not get here via the login page.
redirectTo("login.php");
die;
}
}
public function single($id)
{
$gallery = GalleryQuery::create()->findPk($id);
$images = $gallery->getImages();
if (!$gallery) {
$this->addPopup('danger', 'Galerie se specifikovaným identifikačním číslem neexistuje.');
redirectTo('/galerie');
}
$this->view('Gallery/single', 'base_template', ['active' => 'gallery', 'title' => 'Galerie', 'recent' => ArticleQuery::recent(), 'gallery' => $gallery, 'images' => $images, 'js' => 'plugins/fotorama/fotorama', 'css' => 'plugins/fotorama/fotorama']);
}
/**
_ \_/ |\ | /¯¯\ \ / /\ |¯¯) |_¯ \ / /¯¯\ | | |´¯|¯` | /¯¯\ |\ |5
¯ /¯\ | \| \__/ \/ /--\ |¯¯\ |__ \/ \__/ |__ \_/ | | \__/ | \|Core.
* @author: Copyright (C) 2011 by Brayan Narvaez (Prinick) developer of xNova Revolution
* @link: http://www.xnovarevolution.con.ar
* @package 2Moons
* @author Slaver <*****@*****.**>
* @copyright 2009 Lucky <*****@*****.**> (XGProyecto)
* @copyright 2011 Slaver <*****@*****.**> (Fork/2Moons)
* @license http://www.gnu.org/licenses/gpl.html GNU GPLv3 License
* @version 1.3 (2011-01-21)
* @link http://code.google.com/p/2moons/
* Please do not remove the credits
*/
function ShowLoginPage()
{
global $USER, $LNG;
if (isset($_REQUEST['admin_pw']) && md5($_REQUEST['admin_pw']) == $USER['password']) {
$_SESSION['admin_login'] = md5($_REQUEST['admin_pw']);
redirectTo('admin.php');
}
$template = new template();
$template->assign_vars(array('adm_login' => $LNG['adm_login'], 'adm_password' => $LNG['adm_password'], 'adm_absenden' => $LNG['adm_absenden']));
$template->show('adm/LoginPage.tpl');
}
/**
* Check input data
*
* @return void
*/
function reseller_checkData()
{
$cfg = iMSCP_Registry::get('config');
if (!isset($_POST['dmn_name']) || $_POST['dmn_name'] === '') {
set_page_message(tr('Domain name cannot be empty.'), 'error');
return;
}
$dmnName = clean_input($_POST['dmn_name']);
global $dmnNameValidationErrMsg;
if (!isValidDomainName($dmnName)) {
set_page_message($dmnNameValidationErrMsg, 'error');
return;
}
// www is considered as an alias of the domain
while (strpos($dmnName, 'www.') !== false) {
$dmnName = substr($dmnName, 4);
}
$asciiDmnName = encode_idna($dmnName);
if (imscp_domain_exists($asciiDmnName, $_SESSION['user_id']) || $asciiDmnName == $cfg['BASE_SERVER_VHOST']) {
set_page_message(tr('Domain %s is unavailable.', "<strong>{$dmnName}</strong>"), 'error');
return;
}
if ((!isset($_POST['datepicker']) || $_POST['datepicker'] === '') && !isset($_POST['never_expire'])) {
set_page_message(tr('Domain expiration date must be filled.'), 'error');
return;
}
$dmnExpire = isset($_POST['datepicker']) ? @strtotime(clean_input($_POST['datepicker'])) : 0;
if ($dmnExpire === false) {
set_page_message('Invalid expiration date.', 'error');
return;
}
$hpId = isset($_POST['dmn_tpl']) ? clean_input($_POST['dmn_tpl']) : 0;
$customizeHp = $hpId > 0 && isset($_POST['chtpl']) ? $_POST['chtpl'] : '_no_';
if ($hpId == 0 || $customizeHp == '_yes_') {
$_SESSION['dmn_name'] = $asciiDmnName;
$_SESSION['dmn_expire'] = $dmnExpire;
$_SESSION['dmn_tpl'] = $hpId;
$_SESSION['chtpl'] = '_yes_';
$_SESSION['step_one'] = '_yes_';
redirectTo('user_add2.php');
}
if (reseller_limits_check($_SESSION['user_id'], $hpId)) {
$_SESSION['dmn_name'] = $asciiDmnName;
$_SESSION['dmn_expire'] = $dmnExpire;
$_SESSION['dmn_tpl'] = $hpId;
$_SESSION['chtpl'] = $customizeHp;
$_SESSION['step_one'] = '_yes_';
redirectTo('user_add3.php');
}
set_page_message(tr('Hosting plan limits exceed reseller limits.'), 'error');
}
/**
* @param $tpl iMSCP_pTemplate
* @return void
*/
function add_user($tpl)
{
/** @var $cfg iMSCP_Config_Handler_File */
$cfg = iMSCP_Registry::get('config');
if (isset($_POST['uaction']) && $_POST['uaction'] === 'add_user') {
iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onBeforeAddUser);
if (check_user_data()) {
$upass = cryptPasswordWithSalt(clean_input($_POST['password']));
$user_id = $_SESSION['user_id'];
$username = clean_input($_POST['username']);
$fname = clean_input($_POST['fname']);
$lname = clean_input($_POST['lname']);
$gender = clean_input($_POST['gender']);
$firm = clean_input($_POST['firm']);
$zip = clean_input($_POST['zip']);
$city = clean_input($_POST['city']);
$state = clean_input($_POST['state']);
$country = clean_input($_POST['country']);
$email = clean_input($_POST['email']);
$phone = clean_input($_POST['phone']);
$fax = clean_input($_POST['fax']);
$street1 = clean_input($_POST['street1']);
$street2 = clean_input($_POST['street2']);
if (get_gender_by_code($gender, true) === null) {
$gender = '';
}
$query = "\n\t\t\t\tINSERT INTO `admin` (\n\t\t\t\t\t`admin_name`, `admin_pass`, `admin_type`, `domain_created`, `created_by`, `fname`, `lname`, `firm`,\n\t\t\t\t\t`zip`, `city`, `state`, `country`, `email`, `phone`, `fax`, `street1`, `street2`, `gender`\n\t\t\t\t) VALUES (\n\t\t\t\t\t?, ?, 'admin', unix_timestamp(), ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?\n\t\t\t\t)\n\t\t\t";
exec_query($query, array($username, $upass, $user_id, $fname, $lname, $firm, $zip, $city, $state, $country, $email, $phone, $fax, $street1, $street2, $gender));
/** @var $db iMSCP_Database */
$db = iMSCP_Registry::get('db');
$new_admin_id = $db->insertId();
$user_logged = $_SESSION['user_logged'];
write_log("{$user_logged}: add admin: {$username}", E_USER_WARNING);
$user_def_lang = $cfg->USER_INITIAL_LANG;
$user_theme_color = $cfg->USER_INITIAL_THEME;
$query = "\n\t\t\t\tREPLACE INTO `user_gui_props` (\n\t\t\t\t\t`user_id`, `lang`, `layout`\n\t\t\t\t) VALUES (\n\t\t\t\t\t?, ?, ?\n\t\t\t\t)\n\t\t\t";
exec_query($query, array($new_admin_id, $user_def_lang, $user_theme_color));
iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onAfterAddUser);
send_add_user_auto_msg($user_id, clean_input($_POST['username']), clean_input($_POST['password']), clean_input($_POST['email']), clean_input($_POST['fname']), clean_input($_POST['lname']), tr('Administrator'));
//$_SESSION['user_added'] = 1;
set_page_message(tr('Admin account successfully created.'), 'success');
redirectTo('manage_users.php');
} else {
// check user data
$tpl->assign(array('EMAIL' => clean_input($_POST['email'], true), 'USERNAME' => clean_input($_POST['username'], true), 'FIRST_NAME' => clean_input($_POST['fname'], true), 'LAST_NAME' => clean_input($_POST['lname'], true), 'FIRM' => clean_input($_POST['firm'], true), 'ZIP' => clean_input($_POST['zip'], true), 'CITY' => clean_input($_POST['city'], true), 'STATE' => clean_input($_POST['state'], true), 'COUNTRY' => clean_input($_POST['country'], true), 'STREET_1' => clean_input($_POST['street1'], true), 'STREET_2' => clean_input($_POST['street2'], true), 'PHONE' => clean_input($_POST['phone'], true), 'FAX' => clean_input($_POST['fax'], true), 'VL_MALE' => $_POST['gender'] == 'M' ? $cfg->HTML_SELECTED : '', 'VL_FEMALE' => $_POST['gender'] == 'F' ? $cfg->HTML_SELECTED : '', 'VL_UNKNOWN' => $_POST['gender'] == 'U' || empty($_POST['gender']) ? $cfg->HTML_SELECTED : ''));
}
} else {
$tpl->assign(array('EMAIL' => '', 'USERNAME' => '', 'FIRST_NAME' => '', 'LAST_NAME' => '', 'FIRM' => '', 'ZIP' => '', 'CITY' => '', 'STATE' => '', 'COUNTRY' => '', 'STREET_1' => '', 'STREET_2' => '', 'PHONE' => '', 'FAX' => '', 'VL_MALE' => '', 'VL_FEMALE' => '', 'VL_UNKNOWN' => $cfg->HTML_SELECTED));
}
}
private function ShowNotes()
{
global $LNG, $db, $USER;
$NotesID = request_var('id', 0);
$Note = $db->uniquequery("SELECT * FROM " . NOTES . " WHERE id = '" . $NotesID . "' AND owner = '" . $USER['id'] . "';");
if (!$Note) {
redirectTo("game.php?page=notes");
}
$template = new template();
$template->isPopup(true);
$template->execscript("\$('#cntChars').text(\$('#text').val().length);");
$template->assign_vars(array('nt_edit_note' => $LNG['nt_edit_note'], 'nt_priority' => $LNG['nt_priority'], 'nt_important' => $LNG['nt_important'], 'nt_normal' => $LNG['nt_normal'], 'nt_unimportant' => $LNG['nt_unimportant'], 'nt_subject_note' => $LNG['nt_subject_note'], 'nt_reset' => $LNG['nt_reset'], 'nt_save' => $LNG['nt_save'], 'nt_note' => $LNG['nt_note'], 'nt_characters' => $LNG['nt_characters'], 'nt_back' => $LNG['nt_back'], 'PriorityList' => array(2 => $LNG['nt_important'], 1 => $LNG['nt_normal'], 0 => $LNG['nt_unimportant']), 'priority' => $Note['priority'], 'id' => $Note['id'], 'ntitle' => $Note['title'], 'ntext' => $Note['text']));
$template->show('notes_edit_form.tpl');
}
/**
* onAfterAddDomainAlias listener
*
* @throws iMSCP_Exception
* @throws iMSCP_Exception_Database
* @param iMSCP_Events_Event $event
* @throws Exception
*/
public function onAfterAddDomainAlias(iMSCP_Events_Event $event)
{
$userIdentity = iMSCP_Authentication::getInstance()->getIdentity();
if ($userIdentity->admin_type == 'user') {
$disallowedDomains = (array) $this->getConfigParam('ignored_domains', array());
$domainAliasNameAscii = $event->getParam('domainAliasName');
# Only domain aliases which are not listed in the ignored_domains list are auto-approved
if (!in_array(decode_idna($domainAliasNameAscii), $disallowedDomains)) {
$username = decode_idna($userIdentity->admin_name);
$approvalRule = $this->getConfigParam('approval_rule', true);
$userAccounts = (array) $this->getConfigParam('user_accounts', array());
if ($approvalRule) {
# Only domain aliases added by user accounts which are listed in the user_accounts list are
# auto-approved
if (!in_array($username, $userAccounts)) {
$username = false;
}
} elseif (in_array($username, $userAccounts)) {
# Only domain aliases added by user accounts which are not listed in the user_accounts list are
# auto-approved
$username = false;
}
if ($username !== false) {
$db = iMSCP_Database::getInstance();
try {
$db->beginTransaction();
$domainAliasId = $event->getParam('domainAliasId');
exec_query('UPDATE domain_aliasses SET alias_status = ? WHERE alias_id = ?', array('toadd', $domainAliasId));
if (iMSCP_Registry::get('config')->CREATE_DEFAULT_EMAIL_ADDRESSES) {
if ($userIdentity->email) {
client_mail_add_default_accounts(get_user_domain_id($userIdentity->admin_id), $userIdentity->email, $domainAliasNameAscii, 'alias', $domainAliasId);
}
}
$db->commit();
send_request();
$domainAliasName = decode_idna($domainAliasNameAscii);
$username = decode_idna($username);
write_log(sprintf('DomainAutoApproval: The %s domain alias has been auto-approved', $domainAliasName), E_USER_NOTICE);
write_log(sprintf('DomainAutoApproval: %s scheduled addition of domain alias: %s', $username, $domainAliasName), E_USER_NOTICE);
set_page_message(tr('Domain alias successfully scheduled for addition.'), 'success');
redirectTo('domains_manage.php');
} catch (iMSCP_Exception $e) {
$db->rollBack();
throw $e;
}
}
}
}
}
function checkAndRedirectNotAuthorizedUsers($session, $expectedRole)
{
if (!empty($session)) {
$role = $session['role'];
if (sizeof($expectedRole) > 1) {
if (!in_array($role, $expectedRole)) {
redirectTo("accessDenied.php");
}
} else {
if ($role != $expectedRole) {
redirectTo("accessDenied.php");
}
}
} else {
redirectTo("accessDenied.php");
}
}
function loginAndRedirect($username, $password)
{
if (isset($username) && isset($password)) {
$queryStudent = query("SELECT * FROM student WHERE studentUsername = '******' AND studentPassword = ('{$password}')");
$queryProfessor = query("SELECT * FROM professor WHERE professorUsername = '******' AND professorPassword = ('{$password}')");
$querySecretary = query("SELECT * FROM secretary WHERE secretaryUsername = '******' AND secretaryPassword = ('{$password}')");
$queryAdmin = query("SELECT * FROM admin WHERE adminUsername = '******' AND adminPassword = ('{$password}')");
$rowStudent = mysqli_fetch_assoc($queryStudent);
$rowProfessor = mysqli_fetch_assoc($queryProfessor);
$rowSecretary = mysqli_fetch_assoc($querySecretary);
$rowAdmin = mysqli_fetch_assoc($queryAdmin);
if (isset($rowStudent['studentUsername']) && isset($rowStudent['studentPassword'])) {
$_SESSION["user"] = $rowStudent['studentUsername'];
$_SESSION["id"] = $rowStudent['studentId'];
$_SESSION["departmentId"] = $rowStudent['department_departmentId'];
$_SESSION["role"] = "STUDENT";
redirectTo("student.php");
} else {
if (isset($rowProfessor['professorUsername']) && isset($rowProfessor['professorPassword'])) {
$_SESSION["user"] = $rowProfessor['professorUsername'];
$_SESSION["id"] = $rowProfessor['professorId'];
$_SESSION["departmentId"] = $rowProfessor['department_departmentId'];
$_SESSION["role"] = "PROFESSOR";
redirectTo("professor.php");
} else {
if (isset($rowSecretary['secretaryUsername']) && isset($rowSecretary["secretaryPassword"])) {
$_SESSION["user"] = $rowSecretary['secretaryUsername'];
$_SESSION["id"] = $rowSecretary['secretaryId'];
$_SESSION["departmentId"] = $rowSecretary['department_departmentId'];
$_SESSION["role"] = "SECRETARY";
redirectTo("secretary.php");
} else {
if (isset($rowAdmin['adminUsername']) && isset($rowAdmin['adminPassword'])) {
$_SESSION["user"] = $rowAdmin['adminUsername'];
$_SESSION["role"] = "ADMIN";
redirectTo("administrator.php");
} else {
$_SESSION["user"] = null;
$_SESSION["role"] = "GUEST";
redirectTo("login.php?login=failed");
}
}
}
}
}
}
function loadLogiksApp($appName = SITENAME)
{
if (defined("BASEPATH")) {
trigger_logikserror("App <b>'" . $appName . "'</b> has already been activated", E_ERROR);
}
define("BASEPATH", APPS_FOLDER . $appName . "/");
define("APPROOT", ROOT . BASEPATH);
define("WEBAPPROOT", SiteLocation . BASEPATH);
if (!file_exists(APPROOT)) {
trigger_logikserror("Site Not Found <b>'" . $appName . "'</b>", E_ERROR);
}
$apps_cfg = APPROOT . "apps.cfg";
if (!file_exists($apps_cfg)) {
trigger_logikserror("Site <b>'" . $appName . "'</b> Has Not Yet Been Activated (missing apps.cfg).", E_ERROR);
}
loadConfigs($apps_cfg, true);
if (defined("RELINK") && strlen(RELINK) > 0) {
if (substr(RELINK, 0, 7) == "http://" || substr(RELINK, 0, 8) == "https://") {
redirectTo(RELINK);
} else {
$relink = SiteLocation . "?site=" . RELINK;
redirectTo($relink);
}
}
if (defined("APPS_TYPE") && strtolower(APPS_TYPE) == "3rdparty") {
$relink = WEBAPPROOT;
redirectTo($relink);
}
loadConfigDir(APPROOT . "config/");
if (!defined("APPS_CONFIG_FOLDER")) {
loadConfigs(ROOT . "config/masters/folders.cfg");
}
if (defined("LINGUALIZER_DICTIONARIES")) {
Lingulizer::getInstance()->loadLocaleFile(LINGUALIZER_DICTIONARIES);
}
if (!defined("APPS_THEME")) {
define("APPS_THEME", getConfig("APPS_THEME"));
}
if (!defined("APPS_TEMPLATEENGINE")) {
define("APPS_TEMPLATEENGINE", getConfig("APPS_TEMPLATEENGINE"));
}
if (!defined("APPNAME")) {
define("APPNAME", SITENAME);
}
return true;
}
function loginForm()
{
global $process, $session;
$user = new User();
//$uid = $user::findRow("Id=1");
// Proccessing forms
if ($process->submitForm()) {
// Form validation and processing
if ($session->isLoggedIn()) {
$msg = "* {$_POST["username"]} is already logged in";
}
//if no errors are found
$username = $process->post("username");
$password = $process->post("password");
$password = md5($password);
if (!$user::userExists("Username={$username}")) {
$msg = "Username does not exist, register it now!";
}
$authuser = $user::authenticate($username, $password);
if ($authuser) {
$session->LogIn($authuser);
redirectTo("../admin/");
//echo "you are now logged in";
} else {
$msg = "Username and Password combination is not correct";
}
} else {
$email = "";
$password = "";
}
//login form
$form = new Form("login", filter_var($_SERVER['PHP_SELF']), "post", "enctype=\"application/x-www-form-urlencoded\"\n");
$form->startForm();
$form->setFormField("", $form->addFormInfo("<p style=\"text-align:center;\">Enter your username and password to access admin dashboard<br>\n<img src=\"../" . TEMPLATE_DIR . SITE_TEMPLATE . "/_images/login_icon.png\" /></p>"));
if (isset($msg) && strlen($msg) > 0) {
$form->setFormField("", $form->addFormInfo("<p class=\"error\">{$msg}</p>"));
}
//Username
$form->setFormField($form->inputLabel("username", "Username"), $form->inputField("text", "username", "", 'autocomplete="on"'));
$form->setFormField($form->inputLabel("username", "Password"), $form->inputField("password", "password", ""));
$form->setFormField("", $form->inputField("submit", "login", "Login") . " or " . GenerateUrl::buildLink("../auth", "register.php", "Register"));
return $form->DisplayFields($GLOBALS["form_labling"]);
$form->endForm();
}
public function __construct($title = '')
{
parent::__construct($title);
if (empty($this->SPage)) {
redirectTo('/');
}
if (!Db_Product::urlIsValid($this->SPage)) {
redirectTo('/');
}
$Product = Db_Product::getFullDetails($this->SPage);
$this->TPL->assign('Product', $Product);
$categories = Db_Category::getAllObjectsWithTrans();
$this->TPL->assign('categories', $categories);
$colors = Db_Color::getAllWithTrans();
$this->TPL->assign('colors', $colors);
$related = Db_Product::getRandomProducts();
$this->TPL->assign('related', $related);
$featured = Db_Product::getRandomProducts(12);
$this->TPL->assign('featured', $featured);
}
function route($get = false, $post = false)
{
if (isset($get['c']) && isset($get['a'])) {
// Get request
// First check if the controller exists
$controller = $get['c'];
if (file_exists(BASE_URI . 'app/controller/' . ucfirst($controller) . '.php')) {
$action = $get['a'];
$instance = new $controller();
// Check if method exists
if (method_exists($instance, $action)) {
// Load the method
call_user_func(array($instance, $action));
} else {
redirectTo('404.html');
}
} else {
redirectTo('404.html');
}
} elseif (isset($post['c']) && isset($post['a'])) {
// Post request
// First check if the controller exists
$controller = $post['c'];
if (file_exists(BASE_URI . 'app/controller/' . ucfirst($controller) . '.php')) {
$action = $post['a'];
$instance = new $controller();
// Check if method exists
if (method_exists($instance, $action)) {
// Load the method
call_user_func(array($instance, $action));
} else {
redirectTo('404.html');
}
} else {
redirectTo('404.html');
}
} else {
// First visit
$this->viewIndex();
}
}
/**
* @param $user_id
*/
function update_reseller_personal_data($user_id)
{
iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onBeforeEditUser, array('userId' => $user_id));
$fname = clean_input($_POST['fname']);
$lname = clean_input($_POST['lname']);
$gender = $_POST['gender'];
$firm = clean_input($_POST['firm']);
$zip = clean_input($_POST['zip']);
$city = clean_input($_POST['city']);
$state = clean_input($_POST['state']);
$country = clean_input($_POST['country']);
$street1 = clean_input($_POST['street1']);
$street2 = clean_input($_POST['street2']);
$email = clean_input($_POST['email']);
$phone = clean_input($_POST['phone']);
$fax = clean_input($_POST['fax']);
$query = "\n\t\tUPDATE\n\t\t\t`admin`\n\t\tSET\n\t\t\t`fname` = ?,\n\t\t\t`lname` = ?,\n\t\t\t`firm` = ?,\n\t\t\t`zip` = ?,\n\t\t\t`city` = ?,\n\t\t\t`state` = ?,\n\t\t\t`country` = ?,\n\t\t\t`email` = ?,\n\t\t\t`phone` = ?,\n\t\t\t`fax` = ?,\n\t\t\t`street1` = ?,\n\t\t\t`street2` = ?,\n\t\t\t`gender` = ?\n\t\tWHERE\n\t\t\t`admin_id` = ?\n\t";
exec_query($query, array($fname, $lname, $firm, $zip, $city, $state, $country, $email, $phone, $fax, $street1, $street2, $gender, $user_id));
iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onAfterEditUser, array('userId' => $user_id));
set_page_message(tr('Personal data successfully updated.'), 'success');
redirectTo('profile.php');
}
/**
* Add Htaccess user.
*
* @param int $domainId Domain unique identifier
* @return
*/
function client_addHtaccessUser($domainId)
{
if (isset($_POST['uaction']) && $_POST['uaction'] == 'add_user') {
// we have to add the user
if (isset($_POST['username']) && isset($_POST['pass']) && isset($_POST['pass_rep'])) {
if (!validates_username($_POST['username'])) {
set_page_message(tr('Wrong username.'), 'error');
return;
}
if (!checkPasswordSyntax($_POST['pass'])) {
return;
}
if ($_POST['pass'] !== $_POST['pass_rep']) {
set_page_message(tr("Passwords do not match."), 'error');
return;
}
$status = 'toadd';
$uname = clean_input($_POST['username']);
$upass = cryptPasswordWithSalt($_POST['pass'], generateRandomSalt(true));
$query = "\n\t\t\t\tSELECT\n\t\t\t\t\t`id`\n\t\t\t\tFROM\n\t\t\t\t\t`htaccess_users`\n\t\t\t\tWHERE\n\t\t\t\t\t`uname` = ?\n\t\t\t\tAND\n\t\t\t\t\t`dmn_id` = ?\n\t\t\t";
$rs = exec_query($query, array($uname, $domainId));
if ($rs->rowCount() == 0) {
$query = "\n\t\t\t\t\tINSERT INTO `htaccess_users` (\n\t\t\t\t\t `dmn_id`, `uname`, `upass`, `status`\n\t\t\t\t\t) VALUES (\n\t\t\t\t\t ?, ?, ?, ?\n\t\t\t\t\t)\n\t\t\t\t";
exec_query($query, array($domainId, $uname, $upass, $status));
send_request();
set_page_message(tr('Htaccess user successfully scheduled for addition.'), 'success');
$admin_login = $_SESSION['user_logged'];
write_log("{$admin_login}: added new htaccess user: {$uname}", E_USER_NOTICE);
redirectTo('protected_user_manage.php');
} else {
set_page_message(tr('This htaccess user already exist.'), 'error');
return;
}
}
} else {
return;
}
}
function importDatabase()
{
$_SESSION['db_import_started'] = 1;
// Name of the file
$filename = DOC_ROOT . '/c_install/ccms.sql';
// Connect to MySQL server
$conn = MySQL::open_conn();
// Temporary variable, used to store current query
$templine = '';
try {
// Read in entire file
$lines = file($filename);
// Loop through each line
foreach ($lines as $line) {
// Skip it if it's a comment
if (substr($line, 0, 2) == '--' || $line == '') {
continue;
}
// Add this line to the current segment
$templine .= $line;
// If it has a semicolon at the end, it's the end of the query
if (substr(trim($line), -1, 1) == ';') {
// Perform the query
if (!$conn->query($templine)) {
return false;
}
// Reset temp variable to empty
$templine = '';
}
}
} catch (Exception $ex) {
$_SESSION['db_import_done'] = 1;
ob_end_clean();
redirectTo('index.php?switch=1');
}
}
