Exemple #1
0
 static function ExecuteCreateClient($uid, $username, $packageid, $groupid, $fullname, $email, $address, $post, $phone, $password, $sendemail, $emailsubject, $emailbody)
 {
     global $zdbh;
     // Check for spaces and remove if found...
     $username = strtolower(str_replace(' ', '', $username));
     $reseller = ctrl_users::GetUserDetail($uid);
     // Check for errors before we continue...
     if (fs_director::CheckForEmptyValue(self::CheckCreateForErrors($username, $packageid, $groupid, $email, $password))) {
         return false;
     }
     runtime_hook::Execute('OnBeforeCreateClient');
     $crypto = new runtime_hash();
     $crypto->SetPassword($password);
     $randomsalt = $crypto->RandomSalt();
     $crypto->SetSalt($randomsalt);
     $secure_password = $crypto->CryptParts($crypto->Crypt())->Hash;
     // No errors found, so we can add the user to the database...
     $sql = $zdbh->prepare("INSERT INTO x_accounts (ac_user_vc, ac_pass_vc, ac_passsalt_vc, ac_email_vc, ac_package_fk, ac_group_fk, ac_usertheme_vc, ac_usercss_vc, ac_reseller_fk, ac_created_ts) VALUES (\n            :username, :password, :passsalt, :email, :packageid, :groupid, :resellertheme, :resellercss, :uid, :time)");
     $sql->bindParam(':uid', $uid);
     $time = time();
     $sql->bindParam(':time', $time);
     $sql->bindParam(':username', $username);
     $sql->bindParam(':password', $secure_password);
     $sql->bindParam(':passsalt', $randomsalt);
     $sql->bindParam(':email', $email);
     $sql->bindParam(':packageid', $packageid);
     $sql->bindParam(':groupid', $groupid);
     $sql->bindParam(':resellertheme', $reseller['usertheme']);
     $sql->bindParam(':resellercss', $reseller['usercss']);
     $sql->execute();
     // Now lets pull back the client ID so that we can add their personal address details etc...
     //$client = $zdbh->query("SELECT * FROM x_accounts WHERE ac_reseller_fk=" . $uid . " ORDER BY ac_id_pk DESC")->Fetch();
     $numrows = $zdbh->prepare("SELECT * FROM x_accounts WHERE ac_reseller_fk=:uid ORDER BY ac_id_pk DESC");
     $numrows->bindParam(':uid', $uid);
     $numrows->execute();
     $client = $numrows->fetch();
     $sql = $zdbh->prepare("INSERT INTO x_profiles (ud_user_fk, ud_fullname_vc, ud_group_fk, ud_package_fk, ud_address_tx, ud_postcode_vc, ud_phone_vc, ud_created_ts) VALUES (:userid, :fullname, :packageid, :groupid, :address, :postcode, :phone, :time)");
     $sql->bindParam(':userid', $client['ac_id_pk']);
     $sql->bindParam(':fullname', $fullname);
     $sql->bindParam(':packageid', $packageid);
     $sql->bindParam(':groupid', $groupid);
     $sql->bindParam(':address', $address);
     $sql->bindParam(':postcode', $post);
     $sql->bindParam(':phone', $phone);
     $time = time();
     $sql->bindParam(':time', $time);
     $sql->execute();
     // Now we add an entry into the bandwidth table, for the user for the upcoming month.
     $sql = $zdbh->prepare("INSERT INTO x_bandwidth (bd_acc_fk, bd_month_in, bd_transamount_bi, bd_diskamount_bi) VALUES (:ac_id_pk, :date, 0, 0)");
     $date = date("Ym", time());
     $sql->bindParam(':date', $date);
     $sql->bindParam(':ac_id_pk', $client['ac_id_pk']);
     $sql->execute();
     // Lets create the client diectories
     fs_director::CreateDirectory(ctrl_options::GetSystemOption('hosted_dir') . $username);
     fs_director::SetFileSystemPermissions(ctrl_options::GetSystemOption('hosted_dir') . $username, 0777);
     fs_director::CreateDirectory(ctrl_options::GetSystemOption('hosted_dir') . $username . "/public_html");
     fs_director::SetFileSystemPermissions(ctrl_options::GetSystemOption('hosted_dir') . $username . "/public_html", 0777);
     fs_director::CreateDirectory(ctrl_options::GetSystemOption('hosted_dir') . $username . "/backups");
     fs_director::SetFileSystemPermissions(ctrl_options::GetSystemOption('hosted_dir') . $username . "/backups", 0777);
     // Send the user account details via. email (if requested)...
     if ($sendemail != 0) {
         if (isset($_SERVER['HTTPS'])) {
             $protocol = 'https://';
         } else {
             $protocol = 'http://';
         }
         $emailsubject = str_replace("{{username}}", $username, $emailsubject);
         $emailsubject = str_replace("{{password}}", $password, $emailsubject);
         $emailsubject = str_replace("{{fullname}}", $fullname, $emailsubject);
         $emailbody = str_replace("{{username}}", $username, $emailbody);
         $emailbody = str_replace("{{password}}", $password, $emailbody);
         $emailbody = str_replace("{{fullname}}", $fullname, $emailbody);
         $emailbody = str_replace('{{controlpanelurl}}', $protocol . ctrl_options::GetSystemOption('MADmin_domain'), $emailbody);
         $phpmailer = new sys_email();
         $phpmailer->Subject = $emailsubject;
         $phpmailer->Body = $emailbody;
         $phpmailer->AddAddress($email);
         $phpmailer->SendEmail();
     }
     runtime_hook::Execute('OnAfterCreateClient');
     self::$resetform = true;
     self::$ok = true;
     return true;
 }
Exemple #2
0
 static function UpdatePassword($uid, $password)
 {
     global $zdbh;
     $crypto = new runtime_hash();
     $crypto->SetPassword($password);
     $randomsalt = $crypto->RandomSalt();
     $crypto->SetSalt($randomsalt);
     $secure_password = $crypto->CryptParts($crypto->Crypt())->Hash;
     $sql = $zdbh->prepare("UPDATE x_accounts SET ac_pass_vc=:secure_password, ac_passsalt_vc= :randomsalt WHERE ac_id_pk=:userid");
     $sql->bindParam(':randomsalt', $randomsalt);
     $sql->bindParam(':secure_password', $secure_password);
     $sql->bindParam(':userid', $uid);
     $sql->execute();
     return true;
 }
Exemple #3
0
    header("location: ./?passwordreset");
    exit;
}
if (isset($_POST['inUsername'])) {
    if (ctrl_options::GetSystemOption('login_csfr') == 'false') {
        runtime_csfr::Protect();
    }
    $rememberdetails = isset($_POST['inRemember']);
    $inSessionSecuirty = isset($_POST['inSessionSecuirty']);
    $sql = $zdbh->prepare("SELECT ac_passsalt_vc FROM x_accounts WHERE ac_user_vc = :username AND ac_deleted_ts IS NULL");
    $sql->bindParam(':username', $_POST['inUsername']);
    $sql->execute();
    $result = $sql->fetch();
    $crypto = new runtime_hash();
    $crypto->SetPassword($_POST['inPassword']);
    $crypto->SetSalt($result['ac_passsalt_vc']);
    $secure_password = $crypto->CryptParts($crypto->Crypt())->Hash;
    if (!ctrl_auth::Authenticate($_POST['inUsername'], $secure_password, $rememberdetails, false, $inSessionSecuirty)) {
        header("location: ./?invalidlogin");
        exit;
    }
}
if (isset($_COOKIE['zUser'])) {
    if (isset($_COOKIE['zSec'])) {
        if ($_COOKIE['zSec'] == false) {
            $secure = false;
        } else {
            $secure = true;
        }
    } else {
        $secure = true;
 static function ExecuteUpdateClient($clientid, $package, $enabled, $group, $fullname, $email, $address, $post, $phone, $newpass)
 {
     global $zdbh;
     runtime_hook::Execute('OnBeforeUpdateClient');
     //convert package to numerical id if needed
     if (!is_numeric($package)) {
         $package = self::getPackageIdFix($package);
     }
     if ($enabled == 0) {
         runtime_hook::Execute('OnBeforeDisableClient');
     }
     if ($enabled == 1) {
         runtime_hook::Execute('OnBeforeEnableClient');
     }
     if ($newpass != "") {
         // Check for password length...
         if (strlen($newpass) < ctrl_options::GetSystemOption('password_minlength')) {
             self::$badpassword = true;
             return false;
         }
         $crypto = new runtime_hash();
         $crypto->SetPassword($newpass);
         $randomsalt = $crypto->RandomSalt();
         $crypto->SetSalt($randomsalt);
         $secure_password = $crypto->CryptParts($crypto->Crypt())->Hash;
         $sql = $zdbh->prepare("UPDATE x_accounts SET ac_pass_vc= :newpass, ac_passsalt_vc= :passsalt WHERE ac_id_pk= :clientid");
         $sql->bindParam(':clientid', $clientid);
         $sql->bindParam(':newpass', $secure_password);
         $sql->bindParam(':passsalt', $randomsalt);
         $sql->execute();
     }
     $sql = $zdbh->prepare("UPDATE x_accounts SET ac_email_vc= :email, ac_package_fk= :package, ac_enabled_in= :isenabled, ac_group_fk= :group WHERE ac_id_pk = :clientid");
     $sql->bindParam(':email', $email);
     $sql->bindParam(':package', $package);
     $sql->bindParam(':isenabled', $enabled);
     $sql->bindParam(':group', $group);
     $sql->bindParam(':clientid', $clientid);
     //$sql->bindParam(':accountid', $clientid);
     $sql->execute();
     $sql = $zdbh->prepare("UPDATE x_profiles SET ud_fullname_vc= :fullname, ud_group_fk= :group, ud_package_fk= :package, ud_address_tx= :address,ud_postcode_vc= :postcode, ud_phone_vc= :phone WHERE ud_user_fk=:accountid");
     $sql->bindParam(':fullname', $fullname);
     $sql->bindParam(':group', $group);
     $sql->bindParam(':package', $package);
     $sql->bindParam(':address', $address);
     $sql->bindParam(':postcode', $post);
     $sql->bindParam(':phone', $phone);
     $sql->bindParam(':accountid', $clientid);
     $sql->execute();
     if ($enabled == 0) {
         runtime_hook::Execute('OnAfterDisableClient');
     }
     if ($enabled == 1) {
         runtime_hook::Execute('OnAfterEnableClient');
     }
     runtime_hook::Execute('OnAfterUpdateClient');
     self::$ok = true;
     return true;
 }