static function doUpdateConfig() { global $zdbh; global $controller; runtime_csfr::Protect(); $sql = "SELECT * FROM x_settings WHERE so_module_vc=:name AND so_usereditable_en = 'true'"; //$numrows = $zdbh->query($sql); $name = ui_module::GetModuleName(); $numrows = $zdbh->prepare($sql); $numrows->bindParam(':name', $name); $numrows->execute(); if ($numrows->fetchColumn() != 0) { $sql = $zdbh->prepare($sql); $sql->bindParam(':name', $name); $sql->execute(); while ($row = $sql->fetch()) { if (!fs_director::CheckForEmptyValue($controller->GetControllerRequest('FORM', $row['so_name_vc']))) { $updatesql = $zdbh->prepare("UPDATE x_settings SET so_value_tx = :name2 WHERE so_name_vc = :so_name_vc"); $name2 = $controller->GetControllerRequest('FORM', $row['so_name_vc']); $updatesql->bindParam(':name2', $name2); $updatesql->bindParam(':so_name_vc', $row['so_name_vc']); $updatesql->execute(); } } } self::$ok = true; }
static function doUpdateMessage() { global $controller; runtime_csfr::Protect(); $currentuser = ctrl_users::GetUserDetail(); $formvars = $controller->GetAllControllerRequests('FORM'); self::ExectuteUpdateNotice($currentuser['userid'], $formvars['inNotice']); header("location: ./?module=" . $controller->GetCurrentModule() . "&saved=true"); exit; }
static function doShowStats() { global $controller; runtime_csfr::Protect(); $formvars = $controller->GetAllControllerRequests('FORM'); if (isset($formvars['inDomain'])) { header("location: ./?module=" . $controller->GetCurrentModule() . "&show=true&domain=" . $formvars['inDomain'] . ""); exit; } else { return false; } }
static function doUpdatePassword() { global $zdbh; global $controller; runtime_csfr::Protect(); $currentuser = ctrl_users::GetUserDetail(); $current_pass = $controller->GetControllerRequest('FORM', 'inCurPass'); $newpass = $controller->GetControllerRequest('FORM', 'inNewPass'); $conpass = $controller->GetControllerRequest('FORM', 'inConPass'); $crypto = new runtime_hash(); $crypto->SetPassword($newpass); $randomsalt = $crypto->RandomSalt(); $crypto->SetSalt($randomsalt); $new_secure_password = $crypto->CryptParts($crypto->Crypt())->Hash; $sql = $zdbh->prepare("SELECT ac_pass_vc, ac_passsalt_vc FROM x_accounts WHERE ac_id_pk= :uid"); $sql->bindParam(':uid', $currentuser['userid']); $sql->execute(); $result = $sql->fetch(); $userpasshash = new runtime_hash(); $userpasshash->SetPassword($current_pass); $userpasshash->SetSalt($result['ac_passsalt_vc']); $current_secure_password = $userpasshash->CryptParts($userpasshash->Crypt())->Hash; if (fs_director::CheckForEmptyValue($newpass)) { // Current password is blank! self::$error = "error"; } elseif ($current_secure_password != $result['ac_pass_vc']) { // Current password does not match! self::$error = "nomatch"; } else { if ($newpass == $conpass) { // Check for password length... if (strlen($newpass) < ctrl_options::GetSystemOption('password_minlength')) { self::$badpassword = true; return false; } // Check that the new password matches the confirmation box. $sql = $zdbh->prepare("UPDATE x_accounts SET ac_pass_vc=:new_secure_password, ac_passsalt_vc= :randomsalt WHERE ac_id_pk=:userid"); $sql->bindParam(':randomsalt', $randomsalt); $sql->bindParam(':new_secure_password', $new_secure_password); $sql->bindParam(':userid', $currentuser['userid']); $sql->execute(); self::$error = "ok"; } else { self::$error = "error"; } } }
static function doUpdateAccountSettings() { global $zdbh; global $controller; runtime_csfr::Protect(); $currentuser = ctrl_users::GetUserDetail(); $userid = $currentuser['userid']; $email = $controller->GetControllerRequest('FORM', 'inEmail'); $fullname = $controller->GetControllerRequest('FORM', 'inFullname'); $language = $controller->GetControllerRequest('FORM', 'inLanguage'); $phone = $controller->GetControllerRequest('FORM', 'inPhone'); $address = $controller->GetControllerRequest('FORM', 'inAddress'); $postalCode = $controller->GetControllerRequest('FORM', 'inPostalCode'); if (!fs_director::CheckForEmptyValue(self::ExecuteUpdateAccountSettings($userid, $email, $fullname, $language, $phone, $address, $postalCode))) { runtime_hook::Execute('OnAfterUpdateMyAccount'); self::$ok = true; } }
static function doShadowUser() { global $zdbh; global $controller; runtime_csfr::Protect(); $currentuser = ctrl_users::GetUserDetail(); if ($currentuser['username'] == 'zadmin') { $sql = "SELECT * FROM x_accounts WHERE ac_deleted_ts IS NULL ORDER BY ac_user_vc"; $numrows = $zdbh->prepare($sql); } else { $sql = "SELECT * FROM x_accounts WHERE ac_reseller_fk = :userid AND ac_deleted_ts IS NULL"; $numrows = $zdbh->prepare($sql); $numrows->bindParam(':userid', $currentuser['userid']); } if ($numrows->execute()) { if ($numrows->fetchColumn() != 0) { $sql = $zdbh->prepare($sql); if ($currentuser['username'] == 'zadmin') { //no bind needed } else { //bind the username $sql->bindParam(':userid', $currentuser['userid']); } $sql->execute(); while ($rowclients = $sql->fetch()) { if (!fs_director::CheckForEmptyValue($controller->GetControllerRequest('FORM', 'inShadow_' . $rowclients['ac_id_pk']))) { ctrl_auth::KillCookies(); ctrl_auth::SetSession('ruid', $currentuser['userid']); ctrl_auth::SetUserSession($rowclients['ac_id_pk'], runtime_sessionsecurity::getSessionSecurityEnabled()); header("location: /"); exit; } } } } }
static function getCSFR_Tag() { return runtime_csfr::Token(); }
static function doSaveVhost() { global $zdbh; global $controller; runtime_csfr::Protect(); $port = $controller->GetControllerRequest('FORM', 'vh_custom_port_in'); if (empty($port)) { $port = NULL; } else { $port = $controller->GetControllerRequest('FORM', 'vh_custom_port_in'); } $ip = $controller->GetControllerRequest('FORM', 'vh_custom_ip_vc'); if (empty($ip)) { $ip = NULL; } else { $ip = $controller->GetControllerRequest('FORM', 'vh_custom_ip_vc'); } $sql = $zdbh->prepare("UPDATE x_vhosts SET\n\t\t\tvh_enabled_in = ?,\n\t\t\tvh_suhosin_in = ?,\n\t\t\tvh_obasedir_in = ?,\n\t\t\tvh_custom_port_in = ?,\n vh_portforward_in = ?,\n vh_custom_ip_vc = ?,\n\t\t\tvh_custom_tx = ?\n\t\t\tWHERE\n\t\t\tvh_id_pk = ?\n\t\t\tAND vh_deleted_ts IS NULL"); $sql->execute(array(fs_director::GetCheckboxValue($controller->GetControllerRequest('FORM', 'vh_enabled_in')), fs_director::GetCheckboxValue($controller->GetControllerRequest('FORM', 'vh_suhosin_in')), fs_director::GetCheckboxValue($controller->GetControllerRequest('FORM', 'vh_obasedir_in')), $port, fs_director::GetCheckboxValue($controller->GetControllerRequest('FORM', 'vh_portforward_in')), $ip, $controller->GetControllerRequest('FORM', 'vh_custom_tx'), $controller->GetControllerRequest('FORM', 'vh_id_pk'))); self::SetWriteApacheConfigTrue(); self::$ok = true; return true; }
static function doUpdateClient() { global $controller; runtime_csfr::Protect(); $currentuser = ctrl_users::GetUserDetail(); $formvars = $controller->GetAllControllerRequests('FORM'); if (self::ExecuteUpdateClient($formvars['inClientID'], $formvars['inPackage'], $formvars['inEnabled'], $formvars['inGroup'], $formvars['inFullName'], $formvars['inEmailAddress'], $formvars['inAddress'], $formvars['inPostCode'], $formvars['inPhone'], $formvars['inNewPassword'])) { return true; } return false; }
static function doDeleteCron() { global $zdbh; global $controller; runtime_csfr::Protect(); $currentuser = ctrl_users::GetUserDetail(); $sql = "SELECT COUNT(*) FROM x_cronjobs WHERE ct_acc_fk=:userid AND ct_deleted_ts IS NULL"; $numrows = $zdbh->prepare($sql); $numrows->bindParam(':userid', $currentuser['userid']); if ($numrows->execute()) { if ($numrows->fetchColumn() != 0) { $sql = $zdbh->prepare("SELECT * FROM x_cronjobs WHERE ct_acc_fk=:userid AND ct_deleted_ts IS NULL"); $sql->bindParam(':userid', $currentuser['userid']); $sql->execute(); while ($rowcrons = $sql->fetch()) { if (!fs_director::CheckForEmptyValue($controller->GetControllerRequest('FORM', 'inDelete_' . $rowcrons['ct_id_pk'] . ''))) { $sql2 = $zdbh->prepare("UPDATE x_cronjobs SET ct_deleted_ts=:time WHERE ct_id_pk=:cronid"); $sql2->bindParam(':cronid', $rowcrons['ct_id_pk']); $sql2->bindParam(':time', time()); $sql2->execute(); (new Cronfile())->writeToFile(); self::$ok = TRUE; return; } } } } self::$error = TRUE; return; }
/** * Accepts Admin settings form * @return null */ static function doUpdateSettings() { global $controller; runtime_csfr::Protect(); $form = $controller->GetAllControllerRequests('FORM'); if (!isset($form['inAdminSettings'])) { return false; } ctrl_options::SetSystemOption('whmcs_sendemail_bo', $form['SendEmail']); ctrl_options::SetSystemOption('whmcs_link', $form['Link']); self::$Results[] = ui_sysmessage::shout('Settings updated!', 'alert-success'); }
static function doUpdateGroup() { global $controller; runtime_csfr::Protect(); $formvars = $controller->GetAllControllerRequests('FORM'); if (self::ExectuteUpdateGroup($formvars['inGroupID'], $formvars['inGroupName'], $formvars['inDesc'])) { return true; } return false; }
static function doAddFaq() { global $controller; runtime_csfr::Protect(); $currentuser = ctrl_users::GetUserDetail(); if (!fs_director::CheckForEmptyValue($controller->GetControllerRequest('FORM', 'inAdd'))) { $question = $controller->GetControllerRequest('FORM', 'question'); $answer = $controller->GetControllerRequest('FORM', 'answer'); $userid = $currentuser['userid']; if ($currentuser['usergroup'] == "Administrators") { $global = 1; } else { $global = 0; } self::ExecuteAddFaq($question, $answer, $userid, $global); } }
static function doDeletePackage() { global $controller; runtime_csfr::Protect(); $formvars = $controller->GetAllControllerRequests('FORM'); if (self::ExecuteDeletePackage($formvars['inPackageID'], $formvars['inMovePackage'])) { return true; } return false; }
static function doDeleteUser() { global $controller; runtime_csfr::Protect(); $id = self::getId(); $userId = self::getUserId(); $file = self::fetchFile($id); if (!self::hasFlashErrors()) { self::deleteUser($userId); } if (!self::hasFlashErrors()) { self::deleteMapper($id, $userId); } if (!self::hasFlashErrors()) { self::writePasswdUsers($file); } if (!self::hasFlashErrors()) { header("location: ./?module=" . $controller->GetCurrentModule() . "&control=EditProtection&id=" . $id); } }
static function doAddDistList() { global $controller; runtime_csfr::Protect(); $currentuser = ctrl_users::GetUserDetail(); $formvars = $controller->GetAllControllerRequests('FORM'); return self::ExecuteAddDistList($currentuser['userid'], $formvars['inAddress'], $formvars['inDomain']); }
static function doConfirmDeleteDomain() { global $controller; runtime_csfr::Protect(); $currentuser = ctrl_users::GetUserDetail(); $formvars = $controller->GetAllControllerRequests('FORM'); foreach (self::ListDomains($currentuser['userid']) as $row) { if (isset($formvars['inDelete_' . $row['id'] . ''])) { header("location: ./?module=" . $controller->GetCurrentModule() . "&show=Delete&id=" . $row['id'] . "&domain=" . $row['name'] . ""); exit; } } return false; }
static function doDeleteBackup() { global $zdbh; global $controller; runtime_csfr::Protect(); $currentuser = ctrl_users::GetUserDetail(); $userid = $currentuser['userid']; $username = $currentuser['username']; $files = self::ListBackUps($userid); //print_r($_POST); foreach ($files as $file) { if (!fs_director::CheckForEmptyValue($controller->GetControllerRequest('FORM', 'inDelete_' . $file['backupfile'] . '')) || !fs_director::CheckForEmptyValue($controller->GetControllerRequest('FORM', 'inDelete_' . $file['backupfile'] . '_x')) || !fs_director::CheckForEmptyValue($controller->GetControllerRequest('FORM', 'inDelete_' . $file['backupfile'] . '_y'))) { self::ExecuteDeleteBackup($username, $file['backupfile']); self::$deleteok = true; } } }
static function doConfirmDeleteForwarder() { global $controller; runtime_csfr::Protect(); $formvars = $controller->GetAllControllerRequests('FORM'); return self::ExecuteDeleteForwarder($formvars['inDelete']); }
static function doForceDaemon() { global $zdbh; global $controller; runtime_csfr::Protect(); $formvars = $controller->GetAllControllerRequests('FORM'); if (isset($formvars['inForceFull'])) { $sql = $zdbh->prepare("UPDATE x_settings set so_value_tx = '0' WHERE so_name_vc = 'daemon_lastrun'"); $sql->execute(); $sql = $zdbh->prepare("UPDATE x_settings set so_value_tx = '0' WHERE so_name_vc = 'daemon_dayrun'"); $sql->execute(); $sql = $zdbh->prepare("UPDATE x_settings set so_value_tx = '0' WHERE so_name_vc = 'daemon_weekrun'"); $sql->execute(); $sql = $zdbh->prepare("UPDATE x_settings set so_value_tx = '0' WHERE so_name_vc = 'daemon_monthrun'"); $sql->execute(); } self::$ok = true; }
static function doEditFTP() { global $controller; runtime_csfr::Protect(); $currentuser = ctrl_users::GetUserDetail(); $formvars = $controller->GetAllControllerRequests('FORM'); foreach (self::ListClients($currentuser['userid']) as $row) { if (isset($formvars['inDelete_' . $row['id'] . ''])) { header("location: ./?module=" . $controller->GetCurrentModule() . "&show=Delete&other=" . $row['id']); exit; } if (isset($formvars['inReset_' . $row['id'] . ''])) { header("location: ./?module=" . $controller->GetCurrentModule() . "&show=Edit&other=" . $row['id']); exit; } } return; }
static function doResetPW() { global $controller; runtime_csfr::Protect(); $formvars = $controller->GetAllControllerRequests('FORM'); if (self::ExecuteResetPassword($formvars['inUser'], $formvars['inResetPW'])) { return true; } return false; }
if ($result) { $sql = $zdbh->prepare("UPDATE x_accounts SET ac_resethash_tx = '', ac_pass_vc = :password, ac_passsalt_vc = :salt WHERE ac_id_pk = :uid"); $sql->bindParam(':password', $secure_password); $sql->bindParam(':salt', $randomsalt); $sql->bindParam(':uid', $result['ac_id_pk']); $sql->execute(); runtime_hook::Execute('OnSuccessfulPasswordReset'); } else { runtime_hook::Execute('OnFailedPasswordReset'); } header("location: ./?passwordreset"); exit; } if (isset($_POST['inUsername'])) { if (ctrl_options::GetSystemOption('login_csfr') == 'false') { runtime_csfr::Protect(); } $rememberdetails = isset($_POST['inRemember']); $inSessionSecuirty = isset($_POST['inSessionSecuirty']); $sql = $zdbh->prepare("SELECT ac_passsalt_vc FROM x_accounts WHERE ac_user_vc = :username AND ac_deleted_ts IS NULL"); $sql->bindParam(':username', $_POST['inUsername']); $sql->execute(); $result = $sql->fetch(); $crypto = new runtime_hash(); $crypto->SetPassword($_POST['inPassword']); $crypto->SetSalt($result['ac_passsalt_vc']); $secure_password = $crypto->CryptParts($crypto->Crypt())->Hash; if (!ctrl_auth::Authenticate($_POST['inUsername'], $secure_password, $rememberdetails, false, $inSessionSecuirty)) { header("location: ./?invalidlogin"); exit; }
static function doConfirmDeleteAlias() { global $controller; runtime_csfr::Protect(); $formvars = $controller->GetAllControllerRequests('FORM'); if (self::ExecuteDeleteAlias($formvars['inDelete'])) { return true; } return false; }
static function doCreateDefaultRecords() { global $zdbh; global $controller; runtime_csfr::Protect(); $domainID = $controller->GetControllerRequest('FORM', 'inDomain'); $numrows = $zdbh->prepare('SELECT * FROM x_vhosts WHERE vh_id_pk=:domainID AND vh_type_in !=2 AND vh_deleted_ts IS NULL'); $numrows->bindParam(':domainID', $domainID); $numrows->execute(); $domainName = $numrows->fetch(); $domainName = $domainName['vh_name_vc']; $userID = $controller->GetControllerRequest('FORM', 'inUserID'); if (!fs_director::CheckForEmptyValue(ctrl_options::GetSystemOption('server_ip'))) { $targetIP = ctrl_options::GetSystemOption('server_ip'); } else { $targetIP = $_SERVER["SERVER_ADDR"]; //This needs checking on windows 7 we may need to use LOCAL_ADDR :- Sam Mottley } //Get list of DNS rows to create $RowCount = $zdbh->prepare('SELECT count(*) FROM x_dns_create WHERE dc_acc_fk=:userId'); $RowCount->bindparam(':userId', $userID); $RowCount->execute(); if ($RowCount->fetchColumn() > 0) { //The current user have specifics entries, use them only $CreateList = $zdbh->prepare('SELECT * FROM x_dns_create WHERE dc_acc_fk=:userId'); $CreateList->bindparam(':userId', $userID); $CreateList->execute(); } else { //no entry specific to this user is present, use default entries (user number = 0) $CreateList = $zdbh->query('SELECT * FROM x_dns_create WHERE dc_acc_fk=0'); } while ($CreateItem = $CreateList->fetch()) { $Target = str_replace(':IP:', $targetIP, $CreateItem['dc_target_vc']); $Target = str_replace(':DOMAIN:', $domainName, $Target); $Row = array('uid' => $userID, 'domainName' => $domainName, 'domainID' => $domainID, 'type' => $CreateItem['dc_type_vc'], 'hostName' => $CreateItem['dc_host_vc'], 'ttl' => $CreateItem['dc_ttl_in'], 'target' => $Target); if (!empty($CreateItem['dc_priority_in'])) { $Row['priority'] = $CreateItem['dc_priority_in']; } if (!empty($CreateItem['dc_weight_in'])) { $Row['weight'] = $CreateItem['dc_weight_in']; } if (!empty($CreateItem['dc_port_in'])) { $Row['port'] = $CreateItem['dc_port_in']; } self::createDNSRecord($Row); } self::$editdomain = $domainID; return; }
static function doUpdateSettings() { global $controller; runtime_csfr::Protect(); $form = $controller->GetAllControllerRequests('FORM'); if (!isset($form['inAdminSettings'])) { return false; } if (!self::getIsAdmin()) { return false; } ctrl_options::SetSystemOption('whmcs_sendemail_bo', $form['SendEmail']); ctrl_options::SetSystemOption('whmcs_reseller_view_api', $form['ResellerViewAPI']); ctrl_options::SetSystemOption('whmcs_link', $form['Link']); self::$Results[] = ui_sysmessage::shout(ui_language::translate("Changes to your settings have been saved successfully!")); }