static function ExecuteCreateClient($uid, $username, $packageid, $groupid, $fullname, $email, $address, $post, $phone, $password, $sendemail, $emailsubject, $emailbody) { global $zdbh; // Check for spaces and remove if found... $username = strtolower(str_replace(' ', '', $username)); $reseller = ctrl_users::GetUserDetail($uid); // Check for errors before we continue... if (fs_director::CheckForEmptyValue(self::CheckCreateForErrors($username, $packageid, $groupid, $email, $password))) { return false; } runtime_hook::Execute('OnBeforeCreateClient'); $crypto = new runtime_hash(); $crypto->SetPassword($password); $randomsalt = $crypto->RandomSalt(); $crypto->SetSalt($randomsalt); $secure_password = $crypto->CryptParts($crypto->Crypt())->Hash; // No errors found, so we can add the user to the database... $sql = $zdbh->prepare("INSERT INTO x_accounts (ac_user_vc, ac_pass_vc, ac_passsalt_vc, ac_email_vc, ac_package_fk, ac_group_fk, ac_usertheme_vc, ac_usercss_vc, ac_reseller_fk, ac_created_ts) VALUES (\n :username, :password, :passsalt, :email, :packageid, :groupid, :resellertheme, :resellercss, :uid, :time)"); $sql->bindParam(':uid', $uid); $time = time(); $sql->bindParam(':time', $time); $sql->bindParam(':username', $username); $sql->bindParam(':password', $secure_password); $sql->bindParam(':passsalt', $randomsalt); $sql->bindParam(':email', $email); $sql->bindParam(':packageid', $packageid); $sql->bindParam(':groupid', $groupid); $sql->bindParam(':resellertheme', $reseller['usertheme']); $sql->bindParam(':resellercss', $reseller['usercss']); $sql->execute(); // Now lets pull back the client ID so that we can add their personal address details etc... //$client = $zdbh->query("SELECT * FROM x_accounts WHERE ac_reseller_fk=" . $uid . " ORDER BY ac_id_pk DESC")->Fetch(); $numrows = $zdbh->prepare("SELECT * FROM x_accounts WHERE ac_reseller_fk=:uid ORDER BY ac_id_pk DESC"); $numrows->bindParam(':uid', $uid); $numrows->execute(); $client = $numrows->fetch(); $sql = $zdbh->prepare("INSERT INTO x_profiles (ud_user_fk, ud_fullname_vc, ud_group_fk, ud_package_fk, ud_address_tx, ud_postcode_vc, ud_phone_vc, ud_created_ts) VALUES (:userid, :fullname, :packageid, :groupid, :address, :postcode, :phone, :time)"); $sql->bindParam(':userid', $client['ac_id_pk']); $sql->bindParam(':fullname', $fullname); $sql->bindParam(':packageid', $packageid); $sql->bindParam(':groupid', $groupid); $sql->bindParam(':address', $address); $sql->bindParam(':postcode', $post); $sql->bindParam(':phone', $phone); $time = time(); $sql->bindParam(':time', $time); $sql->execute(); // Now we add an entry into the bandwidth table, for the user for the upcoming month. $sql = $zdbh->prepare("INSERT INTO x_bandwidth (bd_acc_fk, bd_month_in, bd_transamount_bi, bd_diskamount_bi) VALUES (:ac_id_pk, :date, 0, 0)"); $date = date("Ym", time()); $sql->bindParam(':date', $date); $sql->bindParam(':ac_id_pk', $client['ac_id_pk']); $sql->execute(); // Lets create the client diectories fs_director::CreateDirectory(ctrl_options::GetSystemOption('hosted_dir') . $username); fs_director::SetFileSystemPermissions(ctrl_options::GetSystemOption('hosted_dir') . $username, 0777); fs_director::CreateDirectory(ctrl_options::GetSystemOption('hosted_dir') . $username . "/public_html"); fs_director::SetFileSystemPermissions(ctrl_options::GetSystemOption('hosted_dir') . $username . "/public_html", 0777); fs_director::CreateDirectory(ctrl_options::GetSystemOption('hosted_dir') . $username . "/backups"); fs_director::SetFileSystemPermissions(ctrl_options::GetSystemOption('hosted_dir') . $username . "/backups", 0777); // Send the user account details via. email (if requested)... if ($sendemail != 0) { if (isset($_SERVER['HTTPS'])) { $protocol = 'https://'; } else { $protocol = 'http://'; } $emailsubject = str_replace("{{username}}", $username, $emailsubject); $emailsubject = str_replace("{{password}}", $password, $emailsubject); $emailsubject = str_replace("{{fullname}}", $fullname, $emailsubject); $emailbody = str_replace("{{username}}", $username, $emailbody); $emailbody = str_replace("{{password}}", $password, $emailbody); $emailbody = str_replace("{{fullname}}", $fullname, $emailbody); $emailbody = str_replace('{{controlpanelurl}}', $protocol . ctrl_options::GetSystemOption('MADmin_domain'), $emailbody); $phpmailer = new sys_email(); $phpmailer->Subject = $emailsubject; $phpmailer->Body = $emailbody; $phpmailer->AddAddress($email); $phpmailer->SendEmail(); } runtime_hook::Execute('OnAfterCreateClient'); self::$resetform = true; self::$ok = true; return true; }
static function UpdatePassword($uid, $password) { global $zdbh; $crypto = new runtime_hash(); $crypto->SetPassword($password); $randomsalt = $crypto->RandomSalt(); $crypto->SetSalt($randomsalt); $secure_password = $crypto->CryptParts($crypto->Crypt())->Hash; $sql = $zdbh->prepare("UPDATE x_accounts SET ac_pass_vc=:secure_password, ac_passsalt_vc= :randomsalt WHERE ac_id_pk=:userid"); $sql->bindParam(':randomsalt', $randomsalt); $sql->bindParam(':secure_password', $secure_password); $sql->bindParam(':userid', $uid); $sql->execute(); return true; }
header("location: ./?passwordreset"); exit; } if (isset($_POST['inUsername'])) { if (ctrl_options::GetSystemOption('login_csfr') == 'false') { runtime_csfr::Protect(); } $rememberdetails = isset($_POST['inRemember']); $inSessionSecuirty = isset($_POST['inSessionSecuirty']); $sql = $zdbh->prepare("SELECT ac_passsalt_vc FROM x_accounts WHERE ac_user_vc = :username AND ac_deleted_ts IS NULL"); $sql->bindParam(':username', $_POST['inUsername']); $sql->execute(); $result = $sql->fetch(); $crypto = new runtime_hash(); $crypto->SetPassword($_POST['inPassword']); $crypto->SetSalt($result['ac_passsalt_vc']); $secure_password = $crypto->CryptParts($crypto->Crypt())->Hash; if (!ctrl_auth::Authenticate($_POST['inUsername'], $secure_password, $rememberdetails, false, $inSessionSecuirty)) { header("location: ./?invalidlogin"); exit; } } if (isset($_COOKIE['zUser'])) { if (isset($_COOKIE['zSec'])) { if ($_COOKIE['zSec'] == false) { $secure = false; } else { $secure = true; } } else { $secure = true;
static function ExecuteUpdateClient($clientid, $package, $enabled, $group, $fullname, $email, $address, $post, $phone, $newpass) { global $zdbh; runtime_hook::Execute('OnBeforeUpdateClient'); //convert package to numerical id if needed if (!is_numeric($package)) { $package = self::getPackageIdFix($package); } if ($enabled == 0) { runtime_hook::Execute('OnBeforeDisableClient'); } if ($enabled == 1) { runtime_hook::Execute('OnBeforeEnableClient'); } if ($newpass != "") { // Check for password length... if (strlen($newpass) < ctrl_options::GetSystemOption('password_minlength')) { self::$badpassword = true; return false; } $crypto = new runtime_hash(); $crypto->SetPassword($newpass); $randomsalt = $crypto->RandomSalt(); $crypto->SetSalt($randomsalt); $secure_password = $crypto->CryptParts($crypto->Crypt())->Hash; $sql = $zdbh->prepare("UPDATE x_accounts SET ac_pass_vc= :newpass, ac_passsalt_vc= :passsalt WHERE ac_id_pk= :clientid"); $sql->bindParam(':clientid', $clientid); $sql->bindParam(':newpass', $secure_password); $sql->bindParam(':passsalt', $randomsalt); $sql->execute(); } $sql = $zdbh->prepare("UPDATE x_accounts SET ac_email_vc= :email, ac_package_fk= :package, ac_enabled_in= :isenabled, ac_group_fk= :group WHERE ac_id_pk = :clientid"); $sql->bindParam(':email', $email); $sql->bindParam(':package', $package); $sql->bindParam(':isenabled', $enabled); $sql->bindParam(':group', $group); $sql->bindParam(':clientid', $clientid); //$sql->bindParam(':accountid', $clientid); $sql->execute(); $sql = $zdbh->prepare("UPDATE x_profiles SET ud_fullname_vc= :fullname, ud_group_fk= :group, ud_package_fk= :package, ud_address_tx= :address,ud_postcode_vc= :postcode, ud_phone_vc= :phone WHERE ud_user_fk=:accountid"); $sql->bindParam(':fullname', $fullname); $sql->bindParam(':group', $group); $sql->bindParam(':package', $package); $sql->bindParam(':address', $address); $sql->bindParam(':postcode', $post); $sql->bindParam(':phone', $phone); $sql->bindParam(':accountid', $clientid); $sql->execute(); if ($enabled == 0) { runtime_hook::Execute('OnAfterDisableClient'); } if ($enabled == 1) { runtime_hook::Execute('OnAfterEnableClient'); } runtime_hook::Execute('OnAfterUpdateClient'); self::$ok = true; return true; }