function drawPasswordChange() { global $adm_login; global $adm_pass; global $addrlink; global $pro_mysql_admin_table; $pass_submit_err = ""; if (isset($_REQUEST["action"]) && $_REQUEST["action"] == "change_adm_pass") { $commit_flag = "yes"; //Init the commit_flag if (!isDTCPassword($_REQUEST["new_pass1"]) || !isDTCPassword($_REQUEST["new_pass2"])) { $pass_submit_err .= _("This is not a valid password!") . "<br>\n"; $commit_flag = "no"; } if ($_REQUEST["new_pass1"] != $_REQUEST["new_pass2"]) { $pass_submit_err .= _("Password 1 does not match password 2!") . "<br>\n"; $commit_flag = "no"; } if ($commit_flag == "yes") { $q = "UPDATE {$pro_mysql_admin_table} SET adm_pass='******' WHERE adm_login='******';"; $r = mysql_query($q) or die("Cannot query {$q} line " . __LINE__ . " file " . __FILE__ . " sql said " . mysql_error()); $pass_submit_err .= _("Your administrator password has been changed!") . "<br>\n"; } } $out = "<h3>" . _("Change your password:"******"</h3><br>\n{$pass_submit_err}\n<form action=\"" . $_SERVER["PHP_SELF"] . "\" method=\"post\">\n" . dtcFormTableAttrs() . "\n<input type=\"hidden\" name=\"adm_login\" value=\"{$adm_login}\">\n<input type=\"hidden\" name=\"adm_pass\" value=\"{$adm_pass}\">\n<input type=\"hidden\" name=\"addrlink\" value=\"{$addrlink}\">\n<input type=\"hidden\" name=\"action\" value=\"change_adm_pass\">\n" . dtcFormLineDraw(_("New password:"******"<input type=\"password\" name=\"new_pass1\" value=\"\">") . dtcFormLineDraw(_("Retype new password:"******"<input type=\"password\" name=\"new_pass2\" value=\"\">", 1) . dtcFromOkDraw() . "</form></table>"; return $out; }
function pass_check_email() { global $pro_mysql_pop_table; global $user; global $host; if (!isValidEmail($_REQUEST["adm_email_login"])) { die("Check: Incorrect email format!"); } if (!isDTCPassword($_REQUEST["adm_email_pass"])) { die("Check: Incorrect password format!"); } $q = "SELECT * FROM {$pro_mysql_pop_table} WHERE "; $tbl = explode('@', $_REQUEST["adm_email_login"]); $user = $tbl[0]; $host = $tbl[1]; $q = "SELECT * FROM {$pro_mysql_pop_table} WHERE id='{$user}' AND mbox_host='{$host}' AND passwd='" . $_REQUEST["adm_email_pass"] . "';"; $res_mailbox = mysql_query($q) or die("Cannot execute query \"{$q}\" ! line: " . __LINE__ . " file: " . __FILE__ . " sql said: " . mysql_error()); $n = mysql_num_rows($res_mailbox); if ($n == 1) { return true; } else { return false; } }
function register_user($adding_service = "no") { global $pro_mysql_admin_table; global $pro_mysql_new_admin_table; global $pro_mysql_product_table; global $pro_mysql_vps_server_table; global $conf_webmaster_email_addr; global $conf_selling_conditions_url; global $conf_message_subject_header; global $secpayconf_currency_letters; global $gettext_lang; get_secpay_conf(); // Check if all fields are blank, in wich case don't display error if ((!isset($_REQUEST["reqadm_login"]) || $_REQUEST["reqadm_login"] == "") && (!isset($_REQUEST["reqadm_pass"]) || $_REQUEST["reqadm_pass"] == "") && (!isset($_REQUEST["reqadm_pass2"]) || $_REQUEST["reqadm_pass2"] == "") && (!isset($_REQUEST["domain_name"]) || $_REQUEST["domain_name"] == "") && (!isset($_REQUEST["domain_tld"]) || $_REQUEST["domain_tld"] == "") && (!isset($_REQUEST["familyname"]) || $_REQUEST["familyname"] == "") && (!isset($_REQUEST["firstname"]) || $_REQUEST["firstname"] == "") && (!isset($_REQUEST["email"]) || $_REQUEST["email"] == "") && (!isset($_REQUEST["phone"]) || $_REQUEST["phone"] == "") && (!isset($_REQUEST["address1"]) || $_REQUEST["address1"] == "") && (!isset($_REQUEST["zipcode"]) || $_REQUEST["zipcode"] == "") && (!isset($_REQUEST["city"]) || $_REQUEST["city"] == "") && (!isset($_REQUEST["firstname"]) || $_REQUEST["firstname"] == "")) { $ret["err"] = 1; $ret["mesg"] = _("Not registering"); return $ret; } if (isset($_REQUEST["product_id"])) { $esc_product_id = addslashes($_REQUEST["product_id"]); } if (!isRandomNum($esc_product_id)) { $ret["err"] = 2; $ret["mesg"] = _("Product ID not valid!"); return $ret; } $q = "SELECT * FROM {$pro_mysql_product_table} WHERE id='{$esc_product_id}';"; $r = mysql_query($q) or die("Cannot querry {$q} line " . __LINE__ . " file " . __FILE__ . " sql said " . mysql_error()); $n = mysql_num_rows($r); if ($n != 1) { $ret["err"] = 2; $ret["mesg"] = _("Product not found in database"); } else { $db_product = mysql_fetch_array($r); } // Do field format checking and escaping for all fields if (!preg_match("/^([a-zA-Z0-9]+)([._a-zA-Z0-9-]+)\$/", $_REQUEST["reqadm_login"])) { $ret["err"] = 2; $ret["mesg"] = _("User login format incorrect. Please use letters and numbers only and from 4 to 16 chars."); return $ret; } if ($_REQUEST["reqadm_login"] == "root" || $_REQUEST["reqadm_login"] == "debian-sys-maint") { $ret["err"] = 2; $ret["mesg"] = _("Username invalid: please choose something else other than root or debian-sys-maint"); return $ret; } if (!isDTCPassword($_REQUEST["reqadm_pass"])) { $ret["err"] = 2; $ret["mesg"] = _("Password format incorrect. Please use letters and numbers only and from 4 to 16 chars."); return $ret; } if ($_REQUEST["reqadm_pass"] != $_REQUEST["reqadm_pass2"]) { $ret["err"] = 2; $ret["mesg"] = _("Passwords 1 and 2 do not match!"); return $ret; } if ($_REQUEST["domain_name"] == "" || !isTLD($_REQUEST["domain_tld"])) { $domain_tld = ""; } else { $domain_tld = $_REQUEST["domain_tld"]; } // If shared or ssl hosting, we MUST do type checkings if ($db_product["heb_type"] == "shared" || $db_product["heb_type"] == "ssl" || $db_product["heb_type"] == "dedicated") { if (!isHostnameOrIP($_REQUEST["domain_name"] . $_REQUEST["domain_tld"])) { $ret["err"] = 2; $ret["mesg"] = _("Domain name seems to be incorrect."); return $ret; } // If not a shared, a dedicated or ssl account, it's a VPS: // we don't care if it's umpty, but we take care of mysql insertion anyway // so if there is a domain name, then we check it's consistency, but we don't // do much more if there's nothing... } else { if ($_REQUEST["domain_name"] . $domain_tld != "" && !isHostnameOrIP($_REQUEST["domain_name"] . $domain_tld)) { $ret["err"] = 2; $ret["mesg"] = _("Domain name seems to be incorrect."); return $ret; } } if ($db_product["heb_type"] == "vps") { if ($_REQUEST["vps_server_hostname"] == "-1") { $ret["err"] = 2; $ret["mesg"] = _("VPS location not selected!"); return $ret; } $q = "SELECT * FROM {$pro_mysql_vps_server_table} WHERE hostname='" . addslashes($_REQUEST["vps_server_hostname"]) . "';"; $r = mysql_query($q) or die("Cannot query {$q} " . __LINE__ . " file " . __FILE__ . " sql said: " . mysql_error()); $n = mysql_num_rows($r); if ($n != 1) { $ret["err"] = 2; $ret["mesg"] = _("Could not find the VPS server in database"); return $ret; } } if (!isValidEmail($_REQUEST["email"])) { $ret["err"] = 2; $ret["mesg"] = _("Email address seems to be incorrect format."); return $ret; } if (!isset($_REQUEST["familyname"]) || $_REQUEST["familyname"] == "") { $ret["err"] = 2; $ret["mesg"] = _("Required field family name missing."); return $ret; } else { if (!get_magic_quotes_gpc()) { $esc_familyname = addslashes($_REQUEST["familyname"]); } else { $esc_familyname = $_REQUEST["familyname"]; } } if (!isset($_REQUEST["firstname"]) || $_REQUEST["firstname"] == "") { $ret["err"] = 2; $ret["mesg"] = _("Required field first name missing."); return $ret; } else { if (!get_magic_quotes_gpc()) { $esc_firstname = addslashes($_REQUEST["firstname"]); } else { $esc_firstname = $_REQUEST["firstname"]; } } if (!isset($_REQUEST["phone"]) || $_REQUEST["phone"] == "") { $ret["err"] = 2; $ret["mesg"] = _("Required field phone missing."); return $ret; } else { if (!get_magic_quotes_gpc()) { $esc_phone = addslashes($_REQUEST["phone"]); } else { $esc_phone = $_REQUEST["phone"]; } } if (!get_magic_quotes_gpc()) { $esc_fax = addslashes($_REQUEST["fax"]); } else { $esc_fax = $_REQUEST["fax"]; } if (!get_magic_quotes_gpc()) { $esc_compname = addslashes($_REQUEST["compname"]); } else { $esc_compname = $_REQUEST["compname"]; } if (!get_magic_quotes_gpc()) { $esc_vat_num = addslashes($_REQUEST["vat_num"]); } else { $esc_vat_num = $_REQUEST["vat_num"]; } if (!isset($_REQUEST["address1"]) || $_REQUEST["address1"] == "") { $ret["err"] = 2; $ret["mesg"] = _("Required field address (line 1) missing."); return $ret; } else { if (!get_magic_quotes_gpc()) { $esc_address1 = addslashes($_REQUEST["address1"]); } else { $esc_address1 = $_REQUEST["address1"]; } } if (!get_magic_quotes_gpc()) { $esc_address2 = addslashes($_REQUEST["address2"]); } else { $esc_address2 = $_REQUEST["address2"]; } if (!get_magic_quotes_gpc()) { $esc_address3 = addslashes($_REQUEST["address3"]); } else { $esc_address3 = $_REQUEST["address3"]; } if (!isset($_REQUEST["zipcode"]) || $_REQUEST["zipcode"] == "") { $ret["err"] = 2; $ret["mesg"] = _("Required field zipcode missing."); return $ret; } else { if (!get_magic_quotes_gpc()) { $esc_zipcode = addslashes($_REQUEST["zipcode"]); } else { $esc_zipcode = $_REQUEST["zipcode"]; } } if (!isset($_REQUEST["city"]) || $_REQUEST["city"] == "") { $ret["err"] = 2; $ret["mesg"] = _("Required field city missing."); return $ret; } else { if (!get_magic_quotes_gpc()) { $esc_city = addslashes($_REQUEST["city"]); } else { $esc_city = $_REQUEST["city"]; } } if (!get_magic_quotes_gpc()) { $esc_state = addslashes($_REQUEST["state"]); } else { $esc_state = $_REQUEST["state"]; } if (!get_magic_quotes_gpc()) { $esc_custom_notes = addslashes($_REQUEST["custom_notes"]); } else { $esc_custom_notes = $_REQUEST["custom_notes"]; } if (!preg_match("/^([A-Z])([A-Z])\$/", $_REQUEST["country"])) { $ret["err"] = 2; $ret["mesg"] = _("Country code seems incorrect."); return $ret; } if ($_REQUEST["iscomp"] == "yes") { $esc_comp = "yes"; } else { if ($_REQUEST["iscomp"] == "no") { $esc_comp = "no"; } else { $ret["err"] = 2; $ret["mesg"] = _("Is company radio button is wrong!"); return $ret; } } if ($conf_selling_conditions_url != "none" && (!isset($_REQUEST["condition"]) || $_REQUEST["condition"] != "yes")) { $ret["err"] = 2; $ret["mesg"] = _("Selling conditions not accepted!"); return $ret; } $q = "SELECT adm_login FROM {$pro_mysql_admin_table} WHERE adm_login='******';"; $r = mysql_query($q) or die("Cannot query \"{$q}\" !!! Line: " . __LINE__ . " File: " . __FILE__ . " MySQL said: " . mysql_error()); $n = mysql_num_rows($r); if ($n > 0) { $ret["err"] = 3; $ret["mesg"] = _("Username already taken! Try again."); return $ret; } $q = "SELECT reqadm_login FROM {$pro_mysql_new_admin_table} WHERE reqadm_login='******';"; $r = mysql_query($q) or die("Cannot query \"{$q}\" !!! Line: " . __LINE__ . " File: " . __FILE__ . " MySQL said: " . mysql_error()); $n = mysql_num_rows($r); if ($n > 0) { $ret["err"] = 3; $ret["mesg"] = _("Username already taken! Try again."); return $ret; } $vps_add1 = ""; $vps_add2 = ""; $vps_mail_add1 = ""; if ($db_product["heb_type"] == "vps") { if (!get_magic_quotes_gpc()) { $esc_vps_os = addslashes($_REQUEST["vps_os"]); } else { $esc_vps_os = $_REQUEST["vps_os"]; } $vps_add1 = ",vps_location,vps_os"; $vps_add2 = ",'" . $_REQUEST["vps_server_hostname"] . "','{$esc_vps_os}'"; $vps_mail_add1 = "VPS hostname: " . $_REQUEST["vps_server_hostname"]; } // MaxMind: Rudd-O get_secpay_conf(); global $secpayconf_maxmind_license_key; global $secpayconf_use_maxmind; global $secpayconf_maxmind_threshold; $maxmind_score = 0; if ($secpayconf_use_maxmind == "yes") { // This has been done in dtc/shared/dtc_lib.php // but could be removed from there... As you like! require_once "../shared/maxmind/HTTPBase.php"; require_once "../shared/maxmind/CreditCardFraudDetection.php"; $hash = array(); $hash["i"] = $_SERVER["REMOTE_ADDR"]; $hash["city"] = $_REQUEST["city"]; $hash["postal"] = $_REQUEST["zipcode"]; $hash["country"] = $_REQUEST["country"]; $maildomain = split("@", $_REQUEST["email"], 2); $hash["domain"] = $maildomain[1]; $hash["custPhone"] = $_REQUEST["phone"]; $hash["license_key"] = $secpayconf_maxmind_license_key; if (isset($_SERVER["X_HTTP_FORWARDED_FOR"])) { $hash["forwardedIP"] = $_SERVER["X_HTTP_FORWARDED_FOR"]; } $hash["emailMD5"] = md5($_REQUEST["email"]); $hash["usernameMD5"] = md5($_REQUEST["reqadm_login"]); $hash["passwordMD5"] = md5($_REQUEST["reqadm_pass"]); // trigger_error("MaxMind input: ".serialize($hash),E_USER_NOTICE); $ccfs = new CreditCardFraudDetection(); $ccfs->isSecure = 1; $ccfs->input($hash); $ccfs->query(); $maxmind_output = $ccfs->output(); // trigger_error("MaxMind output: ".serialize($maxmind_output),E_USER_NOTICE); $maxmind_score = $maxmind_output["riskScore"]; } else { $maxmind_output = ""; } // end MaxMind $q = "INSERT INTO {$pro_mysql_new_admin_table}\n(reqadm_login,\nreqadm_pass,\ndomain_name,\nfamily_name,\nfirst_name,\ncomp_name,\nvat_num,\niscomp,\nemail,\nphone,\nfax,\naddr1,\naddr2,\naddr3,\nzipcode,\ncity,\nstate,\ncountry,\nproduct_id,\ncustom_notes,\nshopper_ip,\ndate,\ntime,\nlast_used_lang,\nmaxmind_output{$vps_add1}\n)\nVALUES('" . $_REQUEST["reqadm_login"] . "',\n'" . $_REQUEST["reqadm_pass"] . "',\n'" . $_REQUEST["domain_name"] . $domain_tld . "',\n'{$esc_familyname}',\n'{$esc_firstname}',\n'{$esc_compname}',\n'{$esc_vat_num}',\n'{$esc_comp}',\n'" . $_REQUEST["email"] . "',\n'{$esc_phone}',\n'{$esc_fax}',\n'{$esc_address1}',\n'{$esc_address2}',\n'{$esc_address3}',\n'{$esc_zipcode}',\n'{$esc_city}',\n'{$esc_state}',\n'" . $_REQUEST["country"] . "',\n'{$esc_product_id}',\n'{$esc_custom_notes}',\n'" . $_SERVER["REMOTE_ADDR"] . "',\n'" . date("Y-m-d") . "',\n'" . date("H:i:s") . "',\n'" . $gettext_lang . "',\n'" . mysql_real_escape_string(serialize($maxmind_output)) . "'{$vps_add2})"; $r = mysql_query($q) or die("Cannot query \"{$q}\" !!! Line: " . __LINE__ . " File: " . __FILE__ . " MySQL said: " . mysql_error()); $id = mysql_insert_id(); $ret["err"] = 0; $ret["mesg"] = "Query ok!"; $ret["id"] = $id; $q = "SELECT * FROM {$pro_mysql_product_table} WHERE id='{$esc_product_id}';"; $r = mysql_query($q) or die("Cannot querry {$q} line " . __LINE__ . " file " . __FILE__ . " sql said " . mysql_error()); $n = mysql_num_rows($r); if ($n != 1) { echo "<font color=\"red\">" . _("Cannot find product id!") . "</font>"; $the_prod = $esc_product_id . " (0 {$secpayconf_currency_letters})"; } else { $a = mysql_fetch_array($r); $the_prod = $a["name"] . " (" . $a["price_dollar"] . " {$secpayconf_currency_letters})"; } $mail_content = "\nSomebody tried to register an account. Here is the details of the new user:\n\nlogin: "******"reqadm_login"] . "\npass: "******"reqadm_pass"] . "\ndomain: " . $_REQUEST["domain_name"] . $domain_tld . "\nCompany name: " . $_REQUEST["compname"] . "\nFirst name: " . $_REQUEST["firstname"] . "\nFamily name: " . $_REQUEST["familyname"] . "\nEmail: " . $_REQUEST["email"] . "\nPhone: {$esc_phone}\nFax: {$esc_fax}\nAddr: " . $_REQUEST["address1"] . " " . $_REQUEST["address2"] . " " . $_REQUEST["address3"] . "\nZipcode: {$esc_zipcode}\nCity: " . $_REQUEST["city"] . "\nState: " . $_REQUEST["state"] . "\nCountry: " . $_REQUEST["country"] . "\nShopper ip: " . $_SERVER["REMOTE_ADDR"] . "\nProduct id: {$the_prod}\nCustomer note: " . $_REQUEST["custom_notes"] . "\n{$vps_mail_add1}\n"; if ($maxmind_score > 0) { $mail_content .= "Maxmind Score: {$maxmind_score}\n"; $mail_content .= "Maxmind Output: {$maxmind_output}\n"; } $headers = "From: DTC Robot <{$conf_webmaster_email_addr}>"; mail($conf_webmaster_email_addr, "{$conf_message_subject_header} Somebody tried to register an account", $mail_content, $headers); return $ret; }
if ($err) { $submit_err = _("Could not get installed ISO files!"); $commit_flag = "no"; } else { if (!in_array($_REQUEST["xenhvm_iso"], $r)) { $submit_err = _("The ISO file is not in the server!"); $commit_flag = "no"; } } } if ($_REQUEST["vnc_console_activate"] == "no" || !isDTCPassword($_REQUEST["vnc_console_pass"])) { $vnc_console_pass = "******"; } else { $vnc_console_pass = $_REQUEST["vnc_console_pass"]; } if (!isDTCPassword($_REQUEST["vnc_console_pass"]) && $_REQUEST["vnc_console_activate"] == "yes") { echo "<font color=\"yes\">" . _("Warning: password of wrong format, DTC will disable VNC console!"); } if ($commit_flag == "yes") { $q = "UPDATE {$pro_mysql_vps_table} SET vncpassword='******',howtoboot='" . mysql_real_escape_string($_REQUEST["xenhvm_iso"]) . "' WHERE vps_xen_name='{$vps_name}' AND vps_server_hostname='{$vps_node}';"; $r = mysql_query($q) or die("Cannot execute query \"{$q}\" ! line: " . __LINE__ . " file: " . __FILE__ . " sql said: " . mysql_error()); $q = "SELECT * FROM {$pro_mysql_vps_table} WHERE vps_xen_name='{$vps_name}' AND vps_server_hostname='{$vps_node}';"; $r = mysql_query($q) or die("Cannot execute query \"{$q}\" ! line: " . __LINE__ . " file: " . __FILE__ . " sql said: " . mysql_error()); $n = mysql_num_rows($r); if ($n != 1) { $commit_flag = "no"; $submit_err = _("Could not fetch the VPS data."); } else { $a = mysql_fetch_array($r); $q = "SELECT * FROM {$pro_mysql_vps_ip_table} WHERE vps_server_hostname='" . $a["vps_server_hostname"] . "' AND vps_xen_name='" . $a["vps_xen_name"] . "';"; $r = mysql_query($q) or die("Cannot execute query \"{$q}\" ! line: " . __LINE__ . " file: " . __FILE__ . " sql said: " . mysql_error());
if (isset($_REQUEST["updateuserinfo"]) && $_REQUEST["updateuserinfo"] == "Ok") { $adm_query = "UPDATE {$pro_mysql_admin_table} SET id_client='" . $_REQUEST["changed_id_client"] . "',\n\t\tadm_pass='******',path='" . $_REQUEST["changed_path"] . "',\n\t\tquota='" . $_REQUEST["adm_quota"] . "', bandwidth_per_month_mb='" . $_REQUEST["bandwidth_per_month"] . "',\n\t\texpire='" . $_REQUEST["expire"] . "',allow_add_domain='" . $_REQUEST["allow_add_domain"] . "',max_domain='" . $_REQUEST["max_domain"] . "',\n\t\tnbrdb='" . $_REQUEST["nbrdb"] . "',prod_id='" . $_REQUEST["heb_prod_id"] . "',\n\t\tresseller_flag='" . $_REQUEST["resseller_flag"] . "',\n\t\tssh_login_flag='" . $_REQUEST["ssh_login_flag"] . "',\n\t\tftp_login_flag='" . $_REQUEST["ftp_login_flag"] . "',\n\t\trestricted_ftp_path='" . $_REQUEST["restricted_ftp_path"] . "',\n\t\tallow_dns_and_mx_change='" . $_REQUEST["allow_dns_and_mx_change"] . "',\n\t\tallow_mailing_list_edit='" . $_REQUEST["allow_mailing_list_edit"] . "',\n\t\tallow_subdomain_edit='" . $_REQUEST["allow_subdomain_edit"] . "',\n\t\tpkg_install_flag='" . $_REQUEST["pkg_install_flag"] . "'\n\t\tWHERE adm_login='******';"; mysql_query($adm_query) or die("Cannot execute query \"{$adm_query}\" line " . __LINE__ . " file " . __FILE__ . " " . mysql_error()); // Tell the cron job to activate the changes (because the account might now be (not) expiring) $adm_query = "UPDATE {$pro_mysql_cronjob_table} SET gen_vhosts='yes',restart_apache='yes' WHERE 1;"; mysql_query($adm_query); } // $newadmin_login $newadmin_pass $newadmin_path $newadmin_maxemail $newadmin_maxftp $newadmin_quota if (isset($_REQUEST["newadminuser"]) && $_REQUEST["newadminuser"] == "Ok") { // Check for admin existance // Create admin directorys if (!isFtpLogin($_REQUEST["newadmin_login"])) { $submit_err .= _("Incorect admin login format: it should consist of only lowercase letters or numbers or the \"-\" sign, and should be between 4 and 16 chars long.<br>\n"); $commit_flag = "no"; } if (!isDTCPassword($_REQUEST["newadmin_pass"])) { $submit_err .= _("Password consist of only letters and numbers (a-zA-Z0-9) and should be between 6 and 16 chars long.<br>\n"); $commit_flag = "no"; } $newadmin_path = $_REQUEST["newadmin_path"] . "/" . $_REQUEST["newadmin_login"]; if ($conf_demo_version == "no") { $oldumask = umask(0); if (!file_exists($newadmin_path)) { mkdir("{$newadmin_path}", 0750, 1); $console .= "mkdir -p {$newadmin_path};<br>"; } umask($oldumask); } // Add user in database if ($commit_flag != "no") { $adm_query = "INSERT INTO {$pro_mysql_admin_table}\n(adm_login ,adm_pass ,path )VALUES\n('" . $_REQUEST["newadmin_login"] . "', '" . $_REQUEST["newadmin_pass"] . "','{$newadmin_path}') ";
mysql_close($newid) or die("Cannot disconnect to user database"); connect2base(); } updateUsingCron("gen_backup='yes'"); } if (isset($_REQUEST["action"]) && $_REQUEST["action"] == "modify_dbuser_pass") { checkLoginPass($adm_login, $adm_pass); if ($conf_user_mysql_type == "distant") { $newid = mysql_connect($conf_user_mysql_host, $conf_user_mysql_root_login, $conf_user_mysql_root_pass) or die("Cannot connect to user SQL host"); } // action=modify_dbuser_pass&dbuser=zigo&db_pass=bla if (!isFtpLogin($_REQUEST["dbuser"])) { $submit_err .= _("Incorrect MySQL db format: please enter another login and try again.") . "<br>\n"; $commit_flag = "no"; } if (!isDTCPassword($_REQUEST["db_pass"])) { $submit_err .= _("Incorrect MySQL password format: please enter another login and try again.") . "<br>\n"; $commit_flag = "no"; } if ($commit_flag == "yes") { $query = "SELECT * FROM mysql.user WHERE User='******' AND dtcowner='{$adm_login}';"; $result = mysql_query($query) or die("Cannot execute query \"{$query}\" line " . __LINE__ . " file " . __FILE__ . " sql said " . mysql_error()); $num_rows = mysql_num_rows($result); if ($num_rows < 1) { $submit_err .= _("A MySQL user by that name already exists. Please choose another one.") . "<br>\n"; $commit_flag = "no"; } } if ($commit_flag == "yes") { $q = "UPDATE mysql.user SET Password=PASSWORD('" . $_REQUEST["db_pass"] . "') WHERE User='******';"; $r = mysql_query($q) or die("Cannot execute query \"{$q}\" line " . __LINE__ . " file " . __FILE__ . " sql said " . mysql_error());
mysql_query($adm_query) or die("Cannot execute query \"{$adm_query}\""); updateUsingCron("gen_ssh='yes'"); } // $edssh_account $edit_domain $edssh_pass if (isset($_REQUEST["update_ssh_account"]) && $_REQUEST["update_ssh_account"] == "Ok") { checkLoginPassAndDomain($adm_login, $adm_pass, $edit_domain); $adm_path = getAdminPath($adm_login); if (!hasSSHLoginFlag($adm_login)) { $submit_err .= "You don't have the SSH login flag!"; $commit_flag = "no"; } if (0 != strncmp($adm_path, $_REQUEST["edssh_path"], strlen($adm_path) - 1) || strstr($_REQUEST["edssh_path"], '..') || strstr($_REQUEST["edssh_path"], "'") || strstr($_REQUEST["edssh_path"], "\\")) { $submit_err .= _("Your path is restricted to ") . ""{$adm_path}/{$edit_domain}/subdomains"<br>\n"; $commit_flag = "no"; } $new_path = $_REQUEST["edssh_path"]; if (!isFtpLogin($_REQUEST["edssh_account"])) { $submit_err .= _("Incorrect ssh login : this is not a good string for a ssh login, please enter a new one."); $commit_flag = "no"; } if (!isDTCPassword($_REQUEST["edssh_pass"])) { $submit_err .= _("Incorrect SSH password: from 6 to 16 chars, a-z A-Z 0-9"); $commit_flag = "no"; } $crypt_ssh_password = crypt($_REQUEST["edssh_pass"], dtc_makesalt()); if ($commit_flag == "yes") { $adm_query = "UPDATE {$pro_mysql_ssh_table} SET homedir='" . addslashes($new_path) . "', crypt='" . $crypt_ssh_password . "', password='******' WHERE login ='******' AND hostname='{$edit_domain}' LIMIT 1;"; mysql_query($adm_query) or die("Cannot execute query \"{$adm_query}\""); } updateUsingCron("gen_ssh='yes'"); }
<?php ///////////////////////////// // Ftp accounts management // ///////////////////////////// // new_adm_login=test&new_adm_pass=test if (isset($_REQUEST["action"]) && $_REQUEST["action"] == "add_child_account") { checkLoginPass($adm_login, $adm_pass); if (!isDTCPassword($_REQUEST["new_adm_pass"])) { $submit_err .= "Incorrect FTP password: from 6 to 16 chars, a-z A-Z 0-9<br>\n"; $commit_flag = "no"; } if (!isFtpLogin($_REQUEST["new_adm_login"])) { $submit_err .= "Incorrect DTC login: a-z A-Z 0-9<br>\n"; $commit_flag = "no"; } if ($commit_flag == "yes") { $q = "SELECT * FROM {$pro_mysql_admin_table} WHERE adm_login='******';"; $r = mysql_query($q) or die("Cannot query {$q} line " . __LINE__ . " file " . __FILE__ . " sql said " . mysql_error()); $n = mysql_num_rows($r); if ($n != 0) { $submit_err .= "There is already an admin with that name. Please pickup another name!<br>\n"; $commit_flag = "no"; } } checkLoginPass($adm_login, $adm_pass); $q = "SELECT * FROM {$pro_mysql_admin_table} WHERE adm_login='******';"; $r = mysql_query($q) or die("Cannot query {$q} line " . __LINE__ . " file " . __FILE__ . " sql said " . mysql_error()); $n = mysql_num_rows($r); if ($n != 1) { die("Cannot find user {$adm_login} line " . __LINE__ . " file " . __FILE__);
}else{ echo "Could not open file $filename !"; } } */ } //action=del_tats_login&stats_login=statslogin&stats_password=pass&stats_subdomains= if (isset($_REQUEST["action"]) && $_REQUEST["action"] == "del_stats_login") { checkLoginPassAndDomain($adm_login, $adm_pass, $edit_domain); if (isset($_REQUEST["stats_subdomain"])) { $stats_subdomain_flag = "yes"; } else { $stats_subdomain_flag = "no"; } $admin_path = getAdminPath($adm_login); if (!isDTCPassword($_REQUEST["stats_login"])) { $submit_err .= $txt_dbsql_password_are_made_only_with_standards_chars_and_numbers_and_size[$lang] . "<br>\n"; $commit_flag = "no"; } if ($commit_flag == "yes") { $q = "UPDATE {$pro_mysql_domain_table} SET stats_login='',stats_pass='',stats_subdomain='no' WHERE name='{$edit_domain}';"; $r = mysql_query($q) or die("Cannot query {$q} line " . __LINE__ . " file " . __FILE__ . " sql said: " . mysql_error()); if ($stats_subdomain_flag == "yes") { $q = "SELECT subdomain_name FROM subdomain where domain_name='" . $edit_domain . "';"; $r = mysql_query($q) or die("Cannot query {$q} line " . __LINE__ . " file " . __FILE__ . " sql said: " . mysql_error()); $num_rows = mysql_num_rows($r); for ($i = 0; $i < $num_rows; $i++) { $a = mysql_fetch_array($r); $filename = $admin_path . "/" . $edit_domain . "/subdomains/" . $a["subdomain_name"] . "/logs/.htaccess"; if (file_exists($filename)) { unlink($filename);
function dtcListItemsEdit($dsc) { global $adm_pass; $out = "<h3>" . $dsc["title"] . "</u></b></h3>"; // Calculate the forwards parameters for links and forms $nbr_forwards = sizeof($dsc["forward"]); $keys_fw = array_keys($dsc["forward"]); $fw = ""; $fw_link = $_SERVER["PHP_SELF"] . "?"; for ($i = 0; $i < $nbr_forwards; $i++) { if ($dsc["forward"][$i] == "adm_pass") { $fw .= "<input type=\"hidden\" name=\"" . $dsc["forward"][$i] . "\" value=\"" . $adm_pass . "\">"; } else { $fw .= "<input type=\"hidden\" name=\"" . $dsc["forward"][$i] . "\" value=\"" . $_REQUEST[$dsc["forward"][$i]] . "\">"; } if ($i != 0) { $fw_link .= "&"; } if ($dsc["forward"][$i] == "adm_pass") { $fw_link .= $dsc["forward"][$i] . "={$adm_pass}"; } else { $fw_link .= $dsc["forward"][$i] . "=" . $_REQUEST[$dsc["forward"][$i]]; } } // Condition to add to each queries $where = "WHERE 1"; if (isset($dsc["order_by"])) { $order_by = " ORDER BY " . $dsc["order_by"]; } else { $order_by = ""; } $added_insert_names = ""; $added_insert_values = ""; if (isset($dsc["where_list"])) { $nbr_where = sizeof($dsc["where_list"]); $where_keys = array_keys($dsc["where_list"]); for ($i = 0; $i < $nbr_where; $i++) { if ($i != 0) { $added_insert_names .= ","; $added_insert_values .= ","; } $added_insert_names .= $where_keys[$i]; $added_insert_values .= "'" . $dsc["where_list"][$where_keys[$i]] . "'"; $where .= " AND " . $where_keys[$i] . "='" . $dsc["where_list"][$where_keys[$i]] . "'"; } // As there will be other fields, we need that one $added_insert_names .= ","; $added_insert_values .= ","; } // Number of fields that we are about to manage here and theire names $nbr_fld = sizeof($dsc["cols"]); $keys = array_keys($dsc["cols"]); // We need the current number of items now to check against the max number for addition $q = "SELECT " . $dsc["id_fld"] . "," . $dsc["list_fld_show"] . " FROM " . $dsc["table_name"] . " {$where};"; $r_item_list = mysql_query($q) or die("Cannot query {$q} in " . __FILE__ . " line " . __LINE__ . " sql said: " . mysql_error()); $current_num_items = mysql_num_rows($r_item_list); // SQL submit stuffs if (isset($_REQUEST["action"]) && $_REQUEST["action"] == $dsc["action"] . "_new_item") { // Todo: do the fields checkings $commit_flag = "yes"; $commit_err = ""; for ($i = 0; $i < $nbr_fld; $i++) { switch ($dsc["cols"][$keys[$i]]["type"]) { case "popup": case "radio": $nbr_choices = sizeof($dsc["cols"][$keys[$i]]["values"]); $is_one_of_them = "no"; for ($j = 0; $j < $nbr_choices; $j++) { if ($dsc["cols"][$keys[$i]]["values"][$j] == $_REQUEST[$keys[$i]]) { $is_one_of_them = "yes"; } } if ($is_one_of_them == "no") { $commit_flag = "no"; $commit_err = "the variable " . $keys[$i] . " is not one of the allowed values<br>"; } break; default: break; } if (isset($dsc["cols"][$keys[$i]]["check"])) { switch ($dsc["cols"][$keys[$i]]["check"]) { case "subdomain": if (!checkSubdomainFormat($_REQUEST[$keys[$i]])) { if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") { $commit_flag = "no"; $commit_err .= $keys[$i] . ": not a subdomain<br>"; } } break; case "subdomain_or_ip": if (!checkSubdomainFormat($_REQUEST[$keys[$i]]) && !isIP($_REQUEST[$keys[$i]])) { if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") { $commit_flag = "no"; $commit_err .= $keys[$i] . ": not a subdomain or IP addresse<br>"; } } break; case "ip6": if (!isIP6($_REQUEST[$keys[$i]])) { if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") { if (!isset($dsc["cols"][$keys[$i]]["empty_makes_default"]) || $dsc["cols"][$keys[$i]]["empty_makes_default"] != "yes" || $_REQUEST[$keys[$i]] != "default") { $commit_flag = "no"; $commit_err .= $keys[$i] . ": not an IPv6 address<br>"; } } } break; case "ip_addr": if (!isIP($_REQUEST[$keys[$i]])) { if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") { $commit_flag = "no"; $commit_err .= $keys[$i] . ": not an IP address<br>"; } } break; case "domain_or_ip": if (!isIP($_REQUEST[$keys[$i]]) && !isHostname($_REQUEST[$keys[$i]])) { if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") { $commit_flag = "no"; $commit_err .= $keys[$i] . ": not a domain or IP addresse<br>"; } } break; case "dtc_login": if (!isFtpLogin($_REQUEST[$keys[$i]])) { if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") { $commit_flag = "no"; $commit_err .= $keys[$i] . ": not a correct login format.<br>"; } } break; case "dtc_login_or_email": if (!isFtpLogin($_REQUEST[$keys[$i]]) && !isValidEmail($_REQUEST[$keys[$i]])) { if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") { $commit_flag = "no"; $commit_err .= $keys[$i] . ": not a correct login format.<br>"; } } break; case "mail_alias_group": $mail_alias_group_raw = trim($_REQUEST[$keys[$i]], "\r\n"); $mail_alias_nocr = str_replace("\r", "", $mail_alias_group_raw); $mail_alias_array = split("\n", $mail_alias_nocr); for ($x = 0; $x < count($mail_alias_array); $x++) { if (!isValidEmail($mail_alias_array[$x])) { $commit_flag = "no"; $commit_err .= $mail_alias_array[$x] . ": not a valid email format.<br>"; } } break; case "dtc_pass": if (!isDTCPassword($_REQUEST[$keys[$i]])) { if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") { $commit_flag = "no"; $commit_err .= $keys[$i] . ": not a correct password format<br>"; } } break; case "email": if (!isValidEmail($_REQUEST[$keys[$i]])) { if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") { $commit_flag = "no"; $commit_err .= $keys[$i] . ": not a correct email format<br>"; } } break; case "number": if (!isRandomNum($_REQUEST[$keys[$i]])) { if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") { $commit_flag = "no"; $commit_err .= $keys[$i] . ": not a correct number format<br>"; } } break; case "max_value_2096": if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") { if (!isRandomNum($_REQUEST[$keys[$i]])) { $commit_flag = "no"; $commit_err .= $keys[$i] . ": not a correct number format<br>"; } if ($_REQUEST[$keys[$i]] >= 2096) { $commit_flag = "no"; $commit_err .= $keys[$i] . ": is greater or equal than the max value 2096<br>"; } } break; default: $commit_flag = "no"; $commit_err .= $keys[$i] . ": unknown field checking type (" . $dsc["cols"][$keys[$i]]["check"] . ").<br>"; break; } } } if (isset($dsc["max_item"]) && $current_num_items >= $dsc["max_item"]) { $commit_flag = "no"; $commit_err = "Max number of items reached!"; } if (isset($dsc["check_unique"])) { $nbr_unique_check = sizeof($dsc["check_unique"]); $where_clause = ""; for ($i = 0; $i < $nbr_unique_check; $i++) { if ($i != 0) { $where_clause .= " AND "; } if (isset($dsc["cols"][$dsc["check_unique"][$i]]["happen_domain"])) { $where_clause .= $dsc["check_unique"][$i] . "='" . $_REQUEST[$dsc["check_unique"][$i]] . $dsc["cols"][$dsc["check_unique"][$i]]["happen_domain"] . "' "; } else { $where_clause .= $dsc["check_unique"][$i] . "='" . $_REQUEST[$dsc["check_unique"][$i]] . "' "; } } if (!isset($dsc["check_unique_use_where_list"]) || $dsc["check_unique_use_where_list"] == "yes") { $nbr_where_list_fld = sizeof($dsc["where_list"]); $where_list_keys_fld = array_keys($dsc["where_list"]); for ($i = 0; $i < $nbr_where_list_fld; $i++) { $where_clause .= " AND " . $where_list_keys_fld[$i] . "='" . $dsc["where_list"][$where_list_keys_fld[$i]] . "'"; } } $q = "SELECT * FROM " . $dsc["table_name"] . " WHERE {$where_clause} "; $r = mysql_query($q) or die("Cannot query \"{$q}\" line " . __LINE__ . " file " . __FILE__ . " sql said: " . mysql_error()); $n = mysql_num_rows($r); if ($n > 0) { $commit_flag = "no"; $commit_err = $dsc["check_unique_msg"]; } } // Build the request $fld_names = ""; $values = ""; $added_one = "no"; for ($i = 0; $i < $nbr_fld; $i++) { switch ($dsc["cols"][$keys[$i]]["type"]) { case "password": if ($added_one == "yes") { $fld_names .= ","; $values .= ","; } $fld_names .= $keys[$i]; if (isset($dsc["cols"][$keys[$i]]["empty_makes_sql_null"]) && $dsc["cols"][$keys[$i]]["empty_makes_sql_null"] == "yes" && $_REQUEST[$keys[$i]] == "") { $values .= "NULL"; } else { if (isset($dsc["cols"][$keys[$i]]["empty_makes_default"]) && $dsc["cols"][$keys[$i]]["empty_makes_default"] == "yes" && $_REQUEST[$keys[$i]] == "") { $values .= "'default'"; } else { if (isset($dsc["cols"][$keys[$i]]["happen_domain"])) { $values .= "'" . addslashes($_REQUEST[$keys[$i]]) . $dsc["cols"][$keys[$i]]["happen_domain"] . "'"; } else { $values .= "'" . addslashes($_REQUEST[$keys[$i]]) . "'"; } // if the crypt field is set, then we use this as the SQL field to populate the crypted password into if (isset($dsc["cols"][$keys[$i]]["cryptfield"])) { if ($added_one == "yes") { $fld_names .= ","; $values .= ","; } $fld_names .= $dsc["cols"][$keys[$i]]["cryptfield"]; $values .= "'" . crypt($_REQUEST[$keys[$i]], dtc_makesalt()) . "'"; } } } $added_one = "yes"; break; case "text": case "textarea": if ($added_one == "yes") { $fld_names .= ","; $values .= ","; } $fld_names .= $keys[$i]; if (isset($dsc["cols"][$keys[$i]]["empty_makes_sql_null"]) && $dsc["cols"][$keys[$i]]["empty_makes_sql_null"] == "yes" && $_REQUEST[$keys[$i]] == "") { $values .= "NULL"; } else { if (isset($dsc["cols"][$keys[$i]]["empty_makes_default"]) && $dsc["cols"][$keys[$i]]["empty_makes_default"] == "yes" && $_REQUEST[$keys[$i]] == "") { $values .= "'default'"; } else { if (isset($dsc["cols"][$keys[$i]]["happen_domain"])) { $values .= "'" . addslashes($_REQUEST[$keys[$i]]) . $dsc["cols"][$keys[$i]]["happen_domain"] . "'"; } else { $values .= "'" . addslashes($_REQUEST[$keys[$i]]) . "'"; } } } $added_one = "yes"; break; case "checkbox": if ($added_one == "yes") { $fld_names .= ","; $values .= ","; } $added_one = "yes"; $fld_names .= $keys[$i]; if (isset($_REQUEST[$keys[$i]])) { $values .= "'" . $dsc["cols"][$keys[$i]]["values"][0] . "'"; } else { $values .= "'" . $dsc["cols"][$keys[$i]]["values"][1] . "'"; } break; case "popup": case "radio": if ($added_one == "yes") { $fld_names .= ","; $values .= ","; } $fld_names .= $keys[$i]; $values .= "'" . addslashes($_REQUEST[$keys[$i]]) . "'"; $added_one = "yes"; break; } } if ($commit_flag == "yes") { $q = "INSERT INTO " . $dsc["table_name"] . " ({$added_insert_names} {$fld_names}) VALUES ({$added_insert_values} {$values});"; $success = "yes"; $r = mysql_query($q) or $success = "no"; if ($success == "yes") { $insert_id = mysql_insert_id(); if (isset($dsc["create_item_callback"])) { $out .= $dsc["create_item_callback"]($insert_id); } } else { $out .= "<font color=\"red\">Cannot query {$q} in " . __FILE__ . " line " . __LINE__ . " sql said: " . mysql_error() . "</font>"; } } else { $out .= "<font color=\"red\">Could not commit the changes because of an error in field format: <br>{$commit_err}</font><br>"; } } else { if (isset($_REQUEST["action"]) && $_REQUEST["action"] == $dsc["action"] . "_save_item") { // Todo: do the fields checkings $commit_flag = "yes"; $commit_err = ""; for ($i = 0; $i < $nbr_fld; $i++) { switch ($dsc["cols"][$keys[$i]]["type"]) { case "checkbox": break; case "popup": case "radio": case "checkbox": $nbr_choices = sizeof($dsc["cols"][$keys[$i]]["values"]); $is_one_of_them = "no"; for ($j = 0; $j < $nbr_choices; $j++) { if ($dsc["cols"][$keys[$i]]["values"][$j] == $_REQUEST[$keys[$i]]) { $is_one_of_them = "yes"; } } if ($is_one_of_them == "no") { $commit_flag = "no"; $commit_err = "the variable " . $keys[$i] . " is not one of the allowed values<br>"; } break; default: break; } if (isset($dsc["cols"][$keys[$i]]["check"]) && (!isset($dsc["cols"][$keys[$i]]["disable_edit"]) || $dsc["cols"][$keys[$i]]["disable_edit"] != "yes")) { switch ($dsc["cols"][$keys[$i]]["check"]) { case "subdomain": if (!checkSubdomainFormat($_REQUEST[$keys[$i]])) { if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") { $commit_flag = "no"; $commit_err .= $keys[$i] . ": not a subdomain<br>"; } } break; case "subdomain_or_ip": if (!checkSubdomainFormat($_REQUEST[$keys[$i]]) && !isIP($_REQUEST[$keys[$i]])) { if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") { $commit_flag = "no"; $commit_err .= $keys[$i] . ": not a subdomain or IP addresse<br>"; } } break; case "ip6": if (!isIP6($_REQUEST[$keys[$i]])) { if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") { if (!isset($dsc["cols"][$keys[$i]]["empty_makes_default"]) || $dsc["cols"][$keys[$i]]["empty_makes_default"] != "yes" || $_REQUEST[$keys[$i]] != "default") { $commit_flag = "no"; $commit_err .= $keys[$i] . ": not an IPv6 address<br>"; } } } break; case "ip_addr": if (!isIP($_REQUEST[$keys[$i]])) { if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") { $commit_flag = "no"; $commit_err .= $keys[$i] . ": not an IP address<br>"; } } break; case "domain_or_ip": if (!isIP($_REQUEST[$keys[$i]]) && !isHostname($_REQUEST[$keys[$i]])) { if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") { $commit_flag = "no"; $commit_err .= $keys[$i] . ": not a domain or IP addresse<br>"; } } break; case "dtc_login": if (!isFtpLogin($_REQUEST[$keys[$i]])) { if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") { $commit_flag = "no"; $commit_err .= $keys[$i] . ": not a correct login format.<br>"; } } break; case "dtc_login_or_email": if (!isFtpLogin($_REQUEST[$keys[$i]]) && !isValidEmail($_REQUEST[$keys[$i]])) { if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") { $commit_flag = "no"; $commit_err .= $keys[$i] . ": not a correct login format.<br>"; } } break; case "mail_alias_group": $mail_alias_group_raw = trim($_REQUEST[$keys[$i]], "\r\n"); $mail_alias_nocr = str_replace("\r", "", $mail_alias_group_raw); $mail_alias_array = split("\n", $mail_alias_nocr); for ($x = 0; $x < count($mail_alias_array); $x++) { if (!isValidEmail($mail_alias_array[$x])) { $commit_flag = "no"; $commit_err .= $mail_alias_array[$x] . ": not a valid email format.<br>"; } } break; case "dtc_pass": if (!isDTCPassword($_REQUEST[$keys[$i]])) { if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") { $commit_flag = "no"; $commit_err .= $keys[$i] . ": not a correct password format<br>"; } } break; case "email": if (!isValidEmail($_REQUEST[$keys[$i]])) { if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") { $commit_flag = "no"; $commit_err .= $keys[$i] . ": not a correct email format<br>"; } } break; case "number": if (!isRandomNum($_REQUEST[$keys[$i]])) { if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") { $commit_flag = "no"; $commit_err .= $keys[$i] . ": not a correct number format<br>"; } } break; case "max_value_2096": if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") { if (!isRandomNum($_REQUEST[$keys[$i]])) { $commit_flag = "no"; $commit_err .= $keys[$i] . ": not a correct number format<br>"; } if ($_REQUEST[$keys[$i]] >= 2096) { $commit_flag = "no"; $commit_err .= $keys[$i] . ": is greater or equal than the max value 2096<br>"; } } break; default: $commit_flag = "no"; $commit_err .= $keys[$i] . ": unknown field checking type (" . $dsc["cols"][$keys[$i]]["check"] . ").<br>"; break; } } } // Build the request $added_one = "no"; $reqs = ""; for ($i = 0; $i < $nbr_fld; $i++) { switch ($dsc["cols"][$keys[$i]]["type"]) { case "id": $id_fldname = $keys[$i]; $id_fld_value = addslashes($_REQUEST[$keys[$i]]); break; case "readonly": break; case "text": case "textarea": case "password": if (!isset($dsc["cols"][$keys[$i]]["disable_edit"]) || $dsc["cols"][$keys[$i]]["disable_edit"] != "yes") { if ($added_one == "yes") { $reqs .= ","; } if (isset($dsc["cols"][$keys[$i]]["happen_domain"])) { $happen = $dsc["cols"][$keys[$i]]["happen_domain"]; } else { $happen = ""; } if (isset($dsc["cols"][$keys[$i]]["empty_makes_sql_null"]) && $dsc["cols"][$keys[$i]]["empty_makes_sql_null"] == "yes" && $_REQUEST[$keys[$i]] == "") { $reqs .= $keys[$i] . "=NULL"; } else { if (isset($dsc["cols"][$keys[$i]]["empty_makes_default"]) && $dsc["cols"][$keys[$i]]["empty_makes_default"] == "yes" && $_REQUEST[$keys[$i]] == "") { $reqs .= $keys[$i] . "='default'"; } else { $reqs .= $keys[$i] . "='" . addslashes($_REQUEST[$keys[$i]]) . $happen . "'"; // if the crypt field is set, then we use this as the SQL field to populate the crypted password into if (isset($dsc["cols"][$keys[$i]]["cryptfield"])) { if ($added_one == "yes") { $reqs .= ", "; } $reqs .= " " . $dsc["cols"][$keys[$i]]["cryptfield"] . "='" . crypt($_REQUEST[$keys[$i]], dtc_makesalt()) . "' "; } } } $added_one = "yes"; } break; case "popup": case "radio": if ($added_one == "yes") { $reqs .= ","; } $reqs .= $keys[$i] . "='" . addslashes($_REQUEST[$keys[$i]]) . "'"; $added_one = "yes"; break; case "checkbox": if ($added_one == "yes") { $reqs .= ","; } if (isset($_REQUEST[$keys[$i]])) { $reqs .= $keys[$i] . "='" . $dsc["cols"][$keys[$i]]["values"][0] . "'"; } else { $reqs .= $keys[$i] . "='" . $dsc["cols"][$keys[$i]]["values"][1] . "'"; } break; default: die($dsc["cols"][$keys[$i]]["type"] . ": Not implemented yet line " . __LINE__ . " file " . __FILE__); break; } } if ($commit_flag != "yes") { $out .= "<font color=\"red\">Could not commit the changes because of an error in field format: [todo: error desc]<br>{$commit_err}</font>"; } else { if (!isset($id_fldname) || !isset($id_fld_value)) { $out .= "<font color=\"red\">Could not commit the changes because the id is not set!</font>"; } else { $q = "UPDATE " . $dsc["table_name"] . " SET {$reqs} {$where} AND {$id_fldname}='{$id_fld_value}';"; $r = mysql_query($q) or $out .= "<font color=\"red\">Cannot query {$q} in " . __FILE__ . " line " . __LINE__ . " sql said: " . mysql_error() . "</font>"; if (isset($dsc["edit_item_callback"])) { $dsc["edit_item_callback"]($id_fld_value); } } } } else { if (isset($_REQUEST["action"]) && $_REQUEST["action"] == $dsc["action"] . "_delete_item") { for ($i = 0; $i < $nbr_fld; $i++) { if ($dsc["cols"][$keys[$i]]["type"] == "id") { $id_fldname = $keys[$i]; $id_fld_value = addslashes($_REQUEST[$keys[$i]]); } } if (isset($id_fldname) && isset($id_fld_value)) { if (isset($dsc["delete_item_callback"])) { $dsc["delete_item_callback"]($id_fld_value); } $q = "DELETE FROM " . $dsc["table_name"] . " {$where} AND {$id_fldname}='" . $id_fld_value . "';"; $r = mysql_query($q) or $out .= "<font color=\"red\">Cannot query {$q} in " . __FILE__ . " line " . __LINE__ . " sql said: " . mysql_error() . "</font>"; } else { $out .= "<font color=\"red\">Could not commit the deletion because the id field could not be found.</font>"; } } } } // We have to query it again, in case an insert or a delete has occured! $q = "SELECT " . $dsc["id_fld"] . "," . $dsc["list_fld_show"] . " FROM " . $dsc["table_name"] . " {$where} {$order_by};"; $r_item_list = mysql_query($q) or die("Cannot query {$q} in " . __FILE__ . " line " . __LINE__ . " sql said: " . mysql_error()); $current_num_items = mysql_num_rows($r_item_list); if (isset($dsc["max_item"])) { if ($current_num_items >= $dsc["max_item"]) { $out .= "<font color=\"red\">"; } $out .= $dsc["num_item_txt"] . $current_num_items . "/" . $dsc["max_item"]; if ($current_num_items >= $dsc["max_item"]) { $out .= "</font>"; } $out .= "<br><br>"; } // First display a list of items for ($i = 0; $i < $current_num_items; $i++) { $a = mysql_fetch_array($r_item_list); if ($i != 0) { $out .= " - "; } if (isset($_REQUEST["subaction"]) && $_REQUEST["subaction"] == $dsc["action"] . "_edit_item" && $_REQUEST["item"] == $a[$dsc["id_fld"]]) { $out .= $a[$dsc["list_fld_show"]]; } else { $out .= "<a href=\"{$fw_link}&subaction=" . $dsc["action"] . "_edit_item&item=" . $a[$dsc["id_fld"]] . "\">" . $a[$dsc["list_fld_show"]] . "</a>"; } } $out .= "<br><br>"; // Creation of new items if (!isset($_REQUEST["subaction"]) || $_REQUEST["subaction"] != $dsc["action"] . "_edit_item") { $out .= $dsc["new_item_link"] . "<br><br>"; $out .= "<h3>" . $dsc["new_item_title"] . "</h3><br>"; if (isset($dsc["max_item"]) && $current_num_items >= $dsc["max_item"]) { $out .= "<font color=\"red\">" . _("Maximum number reached") . "!</font><br>"; } else { $out .= "<form name=\"" . $dsc["action"] . "_new_item_frm\" action=\"" . $_SERVER["PHP_SELF"] . "\">{$fw}\n\t\t\t\t<input type=\"hidden\" name=\"action\" value=\"" . $dsc["action"] . "_new_item\">" . dtcFormTableAttrs(); for ($i = 0; $i < $nbr_fld; $i++) { if (isset($dsc["cols"][$keys[$i]]["help"])) { $help = $dsc["cols"][$keys[$i]]["help"]; } else { $help = ""; } switch ($dsc["cols"][$keys[$i]]["type"]) { case "id": $out .= "<input type=\"hidden\" name=\"" . $keys[$i] . "\" value=\"\">"; break; case "password": $genpass = autoGeneratePassButton($dsc["action"] . "_new_item_frm", $keys[$i]); $ctrl = "<input type=\"password\" name=\"" . $keys[$i] . "\" value=\"\">{$genpass}"; $out .= dtcFormLineDraw($dsc["cols"][$keys[$i]]["legend"], $ctrl, $i % 2, $help); break; case "text": case "readonly": if (isset($dsc["cols"][$keys[$i]]["hide_create"]) && $dsc["cols"][$keys[$i]]["hide_create"] == "yes") { break; } if (isset($dsc["cols"][$keys[$i]]["happen_domain"])) { $happen = $dsc["cols"][$keys[$i]]["happen_domain"]; } else { $happen = ""; } if (isset($dsc["cols"][$keys[$i]]["happen"])) { $happen .= $dsc["cols"][$keys[$i]]["happen"]; } if (isset($dsc["cols"][$keys[$i]]["default"])) { $ctrl_value = $dsc["cols"][$keys[$i]]["default"]; } else { $ctrl_value = ""; } if ($dsc["cols"][$keys[$i]]["type"] == "readonly") { $ctrl = "<input type=\"text\" name=\"" . $keys[$i] . "\" value=\"{$ctrl_value}\" READONLY>{$happen}"; } else { $ctrl = "<input type=\"text\" name=\"" . $keys[$i] . "\" value=\"{$ctrl_value}\">{$happen}"; } $out .= dtcFormLineDraw($dsc["cols"][$keys[$i]]["legend"], $ctrl, $i % 2, $help); break; case "textarea": if (isset($dsc["cols"][$keys[$i]]["cols"])) { $ctrl_cols = " cols=\"" . $dsc["cols"][$keys[$i]]["cols"] . "\" "; } else { $ctrl_cols = ""; } if (isset($dsc["cols"][$keys[$i]]["rows"])) { $ctrl_rows = " rows=\"" . $dsc["cols"][$keys[$i]]["rows"] . "\" "; } else { $ctrl_rows = ""; } $ctrl = "<textarea {$ctrl_cols} {$ctrl_rows} name=\"" . $keys[$i] . "\"></textarea>"; $out .= dtcFormLineDraw($dsc["cols"][$keys[$i]]["legend"], $ctrl, $i % 2, $help); break; case "radio": $nbr_choices = sizeof($dsc["cols"][$keys[$i]]["values"]); $ctrl = ""; for ($x = 0; $x < $nbr_choices; $x++) { if (isset($dsc["cols"][$keys[$i]]["default"])) { if ($dsc["cols"][$keys[$i]]["values"][$x] == $dsc["cols"][$keys[$i]]["default"]) { $selected = " checked "; } else { $selected = ""; } } else { if ($x == 0) { $selected = " checked "; } else { $selected = ""; } } if (isset($dsc["cols"][$keys[$i]]["display_replace"][$x])) { $display_val = $dsc["cols"][$keys[$i]]["display_replace"][$x]; } else { $display_val = $dsc["cols"][$keys[$i]]["values"][$x]; } $ctrl .= "<input type=\"radio\" name=\"" . $keys[$i] . "\" value=\"" . $dsc["cols"][$keys[$i]]["values"][$x] . "\" {$selected}> "; $ctrl .= $display_val; } $out .= dtcFormLineDraw($dsc["cols"][$keys[$i]]["legend"], $ctrl, $i % 2, $help); break; case "checkbox": if (!isset($dsc["cols"][$keys[$i]]["default"])) { $checked = " checked "; } else { $checked = " "; } $ctrl = "<input type=\"checkbox\" name=\"" . $keys[$i] . "\" value=\"yes\" {$checked}>"; $out .= dtcFormLineDraw($dsc["cols"][$keys[$i]]["legend"], $ctrl, $i % 2, $help); break; case "popup": $nbr_choices = sizeof($dsc["cols"][$keys[$i]]["values"]); $ctrl = "<select name=\"" . $keys[$i] . "\">"; for ($x = 0; $x < $nbr_choices; $x++) { $selected = ""; if (isset($dsc["cols"][$keys[$i]]["default"])) { if ($dsc["cols"][$keys[$i]]["values"][$x] == $dsc["cols"][$keys[$i]]["default"]) { $selected = " selected "; } else { $selected = ""; } } if (isset($dsc["cols"][$keys[$i]]["display_replace"][$x])) { $display_val = $dsc["cols"][$keys[$i]]["display_replace"][$x]; } else { $display_val = $dsc["cols"][$keys[$i]]["values"][$x]; } $ctrl .= " <option value=\"" . $dsc["cols"][$keys[$i]]["values"][$x] . "\" {$selected}>{$display_val}</option>"; } $out .= dtcFormLineDraw($dsc["cols"][$keys[$i]]["legend"], $ctrl, $i % 2, $help); break; default: $ctrl = "Not implemented yet!!!"; $out .= dtcFormLineDraw($dsc["cols"][$keys[$i]]["legend"], $ctrl, $i % 2, $help); break; } } $out .= dtcFromOkDraw(); $out .= "</table></form>"; } // Edition of existing items } else { $out .= "<a href=\"{$fw_link}&subaction=" . $dsc["action"] . "_new_item\">" . $dsc["new_item_link"] . "</a><br><br>"; $out .= "<h3>" . $dsc["edit_item_title"] . "</h3><br>"; $q = "SELECT * FROM " . $dsc["table_name"] . " {$where} AND " . $dsc["id_fld"] . "='" . addslashes($_REQUEST["item"]) . "';"; $r = mysql_query($q) or die("Cannot query {$q} in " . __FILE__ . " line " . __LINE__ . " sql said: " . mysql_error()); $n = mysql_num_rows($r); if ($n == 1) { $a = mysql_fetch_array($r); $out .= "<form name=\"" . $dsc["action"] . "_save_item_frm\" action=\"" . $_SERVER["PHP_SELF"] . "\">{$fw}"; $out .= "<input type=\"hidden\" name=\"action\" value=\"" . $dsc["action"] . "_save_item\">"; $out .= "<input type=\"hidden\" name=\"subaction\" value=\"" . $dsc["action"] . "_edit_item\">"; $out .= "<input type=\"hidden\" name=\"item\" value=\"" . $a[$dsc["id_fld"]] . "\">"; $out .= dtcFormTableAttrs(); for ($j = 0; $j < $nbr_fld; $j++) { $the_fld = $dsc["cols"][$keys[$j]]; if (isset($dsc["cols"][$keys[$j]]["help"])) { $help = $dsc["cols"][$keys[$j]]["help"]; } else { $help = ""; } switch ($the_fld["type"]) { case "id": $out .= "<input type=\"hidden\" name=\"" . $keys[$j] . "\" value=\"" . $a[$keys[$j]] . "\">"; $id_fldname = $keys[$j]; $id_fld_value = $a[$keys[$j]]; break; case "textarea": if (isset($dsc["cols"][$keys[$j]]["cols"])) { $ctrl_cols = " cols=\"" . $dsc["cols"][$keys[$j]]["cols"] . "\" "; } else { $ctrl_cols = ""; } if (isset($dsc["cols"][$keys[$j]]["rows"])) { $ctrl_rows = " rows=\"" . $dsc["cols"][$keys[$j]]["rows"] . "\" "; } else { $ctrl_rows = ""; } $ctrl = "<textarea {$ctrl_cols} {$ctrl_rows} name=\"" . $keys[$j] . "\">" . stripslashes($a[$keys[$j]]) . "</textarea>"; $out .= dtcFormLineDraw($dsc["cols"][$keys[$j]]["legend"], $ctrl, $j % 2, $help); break; case "password": case "text": case "readonly": if (isset($dsc["cols"][$keys[$j]]["disable_edit"]) && $dsc["cols"][$keys[$j]]["disable_edit"] == "yes") { $disabled = " disabled "; } else { $disabled = " "; } if (isset($dsc["cols"][$keys[$j]]["size"])) { $size = " size=\"" . $dsc["cols"][$keys[$j]]["size"] . "\" "; } else { $size = ""; } if (isset($dsc["cols"][$keys[$j]]["happen_domain"]) && preg_match("/" . $dsc["cols"][$keys[$j]]["happen_domain"] . "\$/", $a[$keys[$j]])) { $input_disp_value = substr($a[$keys[$j]], 0, strlen($a[$keys[$j]]) - strlen($dsc["cols"][$keys[$j]]["happen_domain"])); $happen = $dsc["cols"][$keys[$j]]["happen_domain"]; } else { if ($dsc["cols"][$keys[$j]]["type"] != "readonly") { $input_disp_value = $a[$keys[$j]]; } $happen = ""; } if (isset($dsc["cols"][$keys[$j]]["happen"])) { $happen .= $dsc["cols"][$keys[$j]]["happen"]; } if ($the_fld["type"] == "password") { $genpass = autoGeneratePassButton($dsc["action"] . "_save_item_frm", $keys[$j]); $input_disp_type = "password"; } else { $genpass = ""; $input_disp_type = "text"; } // Do this only for readonly if ($dsc["cols"][$keys[$j]]["type"] == "readonly") { $disabled = " READONLY"; isset($dsc["cols"][$keys[$j]]["default"]) ? $input_disp_value = $dsc["cols"][$keys[$j]]["default"] : ($input_disp_value = ''); isset($dsc["cols"][$keys[$j]]["happen"]) ? $happen = $dsc["cols"][$keys[$j]]["happen"] : ($happen = ''); } if (isset($dsc["cols"][$keys[$j]]["callback"])) { $retArray = $dsc["cols"][$keys[$j]]["callback"]($id_fld_value); $input_disp_value = $retArray["value"]; $happen = $retArray["happen"]; } $ctrl = "<input type=\"{$input_disp_type}\" {$size} name=\"" . $keys[$j] . "\" value=\"" . stripslashes($input_disp_value) . "\" {$disabled}>{$genpass}{$happen}"; $out .= dtcFormLineDraw($dsc["cols"][$keys[$j]]["legend"], $ctrl, $j % 2, $help); break; case "radio": $nbr_choices = sizeof($dsc["cols"][$keys[$j]]["values"]); $ctrl = ""; for ($x = 0; $x < $nbr_choices; $x++) { if ($dsc["cols"][$keys[$j]]["values"][$x] == $a[$keys[$j]]) { $selected = " checked "; } else { $selected = ""; } $ctrl .= " <input type=\"radio\" name=\"" . $keys[$j] . "\" value=\"" . $dsc["cols"][$keys[$j]]["values"][$x] . "\" {$selected}> "; $ctrl .= $dsc["cols"][$keys[$j]]["values"][$x]; } $out .= dtcFormLineDraw($dsc["cols"][$keys[$j]]["legend"], $ctrl, $j % 2, $help); break; case "checkbox": if ($dsc["cols"][$keys[$j]]["values"][0] == $a[$keys[$j]]) { $selected = " checked "; } else { $selected = " "; } $ctrl = "<input type=\"checkbox\" name=\"" . $keys[$j] . "\" value=\"yes\" " . $selected . ">"; $out .= dtcFormLineDraw($dsc["cols"][$keys[$j]]["legend"], $ctrl, $j % 2, $help); break; case "popup": $nbr_choices = sizeof($dsc["cols"][$keys[$j]]["values"]); $ctrl = "<select name=\"" . $keys[$j] . "\">"; for ($x = 0; $x < $nbr_choices; $x++) { if ($dsc["cols"][$keys[$j]]["values"][$x] == $a[$keys[$j]]) { $selected = " selected "; } else { $selected = ""; } if (isset($dsc["cols"][$keys[$j]]["display_replace"][$x])) { $display_val = $dsc["cols"][$keys[$j]]["display_replace"][$x]; } else { $display_val = $dsc["cols"][$keys[$j]]["values"][$x]; } $ctrl .= " <option value=\"" . $dsc["cols"][$keys[$j]]["values"][$x] . "\" {$selected}>{$display_val}</option>"; } $out .= dtcFormLineDraw($dsc["cols"][$keys[$j]]["legend"], $ctrl, $j % 2, $help); break; default: $ctrl = "Not implemented yet!!!"; $out .= dtcFormLineDraw($dsc["cols"][$keys[$j]]["legend"], $ctrl, $j % 2, $help); break; } } $delete_button = "<form action=\"" . $_SERVER["PHP_SELF"] . "\">{$fw}\n\t\t\t<input type=\"hidden\" name=\"action\" value=\"" . $dsc["action"] . "_delete_item" . "\">\n\t\t\t<input type=\"hidden\" name=\"{$id_fldname}\" value=\"{$id_fld_value}\">\n\t\t\t" . dtcDeleteButton() . "</form>"; $out .= "<tr><td> </td><td><table cellspacing=\"0\" cellpadding=\"0\" border=\"0\">\n\t\t\t<tr><td>" . dtcApplyButton() . "</form></td><td>{$delete_button}</td></tr></table></td></tr>"; $out .= "</table>"; } else { $out .= "No item by this number!"; } } return $out; }
// $pro_mysql_domain_table // $pro_mysql_subdomain_table // $pro_mysql_cronjob_table $login = $_REQUEST["login"]; $pass = $_REQUEST["pass"]; if (isset($_REQUEST["ip"])) { $ip = $_REQUEST["ip"]; } $domain = $_REQUEST["domain"]; if (!isset($login) || $login == "" || !isset($pass) || $pass == "") { die("Incorrect params"); } if (!isFtpLogin($login)) { die("Requested login does not look like to be correct. It should be made only with letters, numbers, \".\" or \"-\" sign."); } if (!isDTCPassword($pass)) { die("Requested pass does not look like to be correct. It should be made only with letters, numbers, \".\" or \"-\" sign."); } if (!isHostname($domain)) { die("Requested domain name does not looklike to be correct. Please check !"); } $query = "SELECT * FROM {$pro_mysql_subdomain_table} WHERE login='******' AND pass='******' AND domain_name='{$domain}';"; $result = mysql_query($query) or die("Cannot query: \"{$query}\" !!!" . mysql_error()); $num_rows = mysql_num_rows($result); if ($num_rows != 1) { die("Incorrect login, pass or domain name !"); } else { if (!isset($ip) || $ip == "") { $ip = $_SERVER["REMOTE_ADDR"]; } else { if (!isIP($ip)) {