Esempio n. 1
0
/**
 * All in one function to check who owns what.
 *
 * @throws iMSCP_Exception
 * @param mixed $id FTP/mail/domain/alias/subdomain/etc id to check
 * @param string $type What kind of id $id is
 * @param boolean $forcefinal Ignore the resolver's is_final value (force as yes)
 * @return int The id of the admin who owns the id $id of $type type
 */
function who_owns_this($id, $type = 'dmn', $forcefinal = false)
{
    $who = null;
    // Fix $type according to type or by alias
    switch ($type) {
        case 'dmn_id':
            $type = 'domain_id';
            break;
        case 'sub_id':
            $type = 'subdomain_id';
            break;
        case 'als_id':
            $type = 'alias_id';
            break;
        case 'user':
            $type = 'client';
            break;
        case 'admin_sys_uid':
            $type = 'uid';
            break;
        case 'ticket':
            $type = 'ticket_id';
            break;
        case 'admin_sys_gid':
            $type = 'gid';
            break;
        case 'sqlu_id':
        case 'sqluser_id':
            $type = 'sql_user_id';
            break;
        case 'sqld_id':
        case 'sqldatabase_id':
            $type = 'sql_database_id';
            break;
        case 'ftpuser':
        case 'ftpuserid':
        case 'ftp_userid':
            $type = 'ftp_user';
            break;
        case 'sqluser':
        case 'sqlu':
        case 'sqlu_name':
            // Can't guess by type
            $type = 'sql_user';
            break;
        case 'sqldatabase':
        case 'sqld':
        case 'sqld_name':
            // Can't guess by type
            $type = 'sql_database';
            break;
        case 'dmn':
        case 'normal':
        case 'domain':
            if (!is_numeric($id)) {
                $type = 'domain';
            } else {
                $type = 'domain_id';
            }
            break;
        case 'als':
        case 'alias':
        case 'domain_alias':
            if (!is_numeric($id)) {
                $type = 'alias';
            } else {
                $type = 'alias_id';
            }
            break;
        case 'sub':
        case 'subdom':
        case 'subdomain':
            if (!is_numeric($id)) {
                $type = 'subdomain';
            } else {
                $type = 'subdomain_id';
            }
            break;
        case 'alssub':
            if (!is_numeric($id)) {
                $type = 'subdomain_alias';
            } else {
                $type = 'subdomain_alias_id';
            }
            break;
    }
    /**
     * $resolvers is a multi-dimensional array.
     * Its elements keys are the value that will be matched by $type.
     * Each element is an array, containing at least two elements:
     * 'query' and 'is_final'
     * The former is the SQL query that should only SELECT one item; or false in case a query isn't used.
     * The latter is a boolean which specifies whether the result of that 'resolver' is an admin id or not
     *
     * Other elements might be:
     * 'next', 'separator', 'pos'
     *
     * 'next' is the $type value for the next call to who_owns_this (only used when 'is_final' is false)
     * 'separator' is the separator to be used when exploding the $id (only used when 'query' is false)
     * 'post' is the position in the array/result of exploding $id (only used when 'query' is false)
     *
     * NOTE: 'query' MUST be formated like: 'SELECT something FROM...' in order to correctly detect the field being selected
     */
    $resolvers = array();
    $resolvers['domain_id'] = array();
    $resolvers['domain_id']['query'] = 'SELECT `domain_admin_id` FROM `domain` WHERE `domain_id` = ? LIMIT 1;';
    $resolvers['domain_id']['is_final'] = true;
    $resolvers['alias_id'] = array();
    $resolvers['alias_id']['query'] = 'SELECT `domain_id` FROM `domain_aliasses` WHERE `alias_id` = ? LIMIT 1;';
    $resolvers['alias_id']['is_final'] = false;
    $resolvers['alias_id']['next'] = 'dmn';
    $resolvers['alias'] = array();
    $resolvers['alias']['query'] = 'SELECT `domain_id` FROM `domain_aliasses` WHERE `alias_name` = ? LIMIT 1;';
    $resolvers['alias']['is_final'] = false;
    $resolvers['alias']['next'] = 'dmn';
    $resolvers['subdomain_id'] = array();
    $resolvers['subdomain_id']['query'] = 'SELECT `domain_id` FROM `subdomain` WHERE `subdomain_id` = ? LIMIT 1;';
    $resolvers['subdomain_id']['is_final'] = false;
    $resolvers['subdomain_id']['next'] = 'dmn';
    $resolvers['subdomain'] = array();
    $resolvers['subdomain']['query'] = false;
    $resolvers['subdomain']['separator'] = '.';
    $resolvers['subdomain']['pos'] = 1;
    $resolvers['subdomain']['is_final'] = false;
    $resolvers['subdomain']['next'] = 'dmn';
    $resolvers['subdomain_alias_id'] = array();
    $resolvers['subdomain_alias_id']['query'] = 'SELECT `alias_id` FROM `subdomain_alias` WHERE `subdomain_alias_id` = ? LIMIT 1;';
    $resolvers['subdomain_alias_id']['is_final'] = false;
    $resolvers['subdomain_alias_id']['next'] = 'alias';
    $resolvers['subdomain_alias'] = array();
    $resolvers['subdomain_alias']['query'] = false;
    $resolvers['subdomain_alias']['separator'] = '.';
    $resolvers['subdomain_alias']['pos'] = 1;
    $resolvers['subdomain_alias']['is_final'] = false;
    $resolvers['subdomain_alias']['next'] = 'alias';
    $resolvers['client'] = array();
    $resolvers['client']['query'] = 'SELECT `created_by` FROM `admin` WHERE `admin_id` = ? LIMIT 1;';
    $resolvers['client']['is_final'] = true;
    $resolvers['reseller'] = $resolvers['admin'] = $resolvers['client'];
    $resolvers['domain'] = array();
    $resolvers['domain']['query'] = 'SELECT `domain_admin_id` FROM `domain` WHERE `domain` = ? LIMIT 1;';
    $resolvers['domain']['is_final'] = true;
    $resolvers['ticket_id'] = array();
    $resolvers['ticket_id']['query'] = 'SELECT `ticket_from` FROM `ticket` WHERE `ticket_id` = ? LIMIT 1;';
    $resolvers['ticket_id']['is_final'] = true;
    $resolvers['uid'] = array();
    $resolvers['uid']['query'] = 'SELECT `admin_id` FROM `admin` WHERE `admin_sys_uid` = ? LIMIT 1;';
    $resolvers['uid']['is_final'] = true;
    $resolvers['gid'] = array();
    $resolvers['gid']['query'] = 'SELECT `admin_id` FROM `admin` WHERE `admin_sys_gid` = ? LIMIT 1;';
    $resolvers['gid']['is_final'] = true;
    $resolvers['ftp_user'] = array();
    $resolvers['ftp_user']['query'] = 'SELECT `admin_id` FROM `ftp_users` WHERE `userid` = ? LIMIT 1;';
    $resolvers['ftp_user']['is_final'] = true;
    $resolvers['sql_user_id'] = array();
    $resolvers['sql_user_id']['query'] = 'SELECT `sqld_id` FROM `sql_user` WHERE `sqlu_id` = ? LIMIT 1;';
    $resolvers['sql_user_id']['is_final'] = false;
    $resolvers['sql_user_id']['next'] = 'sqld_id';
    $resolvers['sql_database_id'] = array();
    $resolvers['sql_database_id']['query'] = 'SELECT `domain_id` FROM `sql_database` WHERE `sqld_id` = ? LIMIT 1;';
    $resolvers['sql_database_id']['is_final'] = false;
    $resolvers['sql_database_id']['next'] = 'dmn';
    $resolvers['sql_user'] = array();
    $resolvers['sql_user']['query'] = 'SELECT sqld_id FROM sql_user WHERE sqlu_name = ? LIMIT 1;';
    $resolvers['sql_user']['is_final'] = false;
    $resolvers['sql_user']['next'] = 'sqld_id';
    $resolvers['sql_database'] = array();
    $resolvers['sql_database']['query'] = 'SELECT `domain_id` FROM `sql_database` WHERE `sqld_name` = ? LIMIT 1;';
    $resolvers['sql_database']['is_final'] = false;
    $resolvers['sql_database']['next'] = 'dmn';
    $resolvers['mail_id'] = array();
    $resolvers['mail_id']['query'] = 'SELECT `domain_id` FROM `mail_users` WHERE `mail_id` = ? LIMIT 1;';
    $resolvers['mail_id']['is_final'] = false;
    $resolvers['mail_id']['next'] = 'dmn';
    $resolvers['mail'] = array();
    $resolvers['mail']['query'] = false;
    $resolvers['mail']['separator'] = '@';
    $resolvers['mail']['post'] = 1;
    $resolvers['mail']['is_final'] = false;
    $resolvers['mail']['next'] = 'dmn';
    $resolvers['htaccess_id'] = array();
    $resolvers['htaccess_id']['query'] = 'SELECT `dmn_id` FROM `htaccess` WHERE `id` = ? LIMIT 1;';
    $resolvers['htaccess_id']['is_final'] = false;
    $resolvers['htaccess_id']['next'] = 'dmn';
    $resolvers['htaccess_group_id'] = array();
    $resolvers['htaccess_group_id']['query'] = 'SELECT `dmn_id` FROM `htaccess_groups` WHERE `id` = ? LIMIT 1;';
    $resolvers['htaccess_group_id']['is_final'] = false;
    $resolvers['htaccess_group_id']['next'] = 'dmn';
    $resolvers['htaccess_user_id'] = array();
    $resolvers['htaccess_user_id']['query'] = 'SELECT `dmn_id` FROM `htaccess_users` WHERE `id` = ? LIMIT 1;';
    $resolvers['htaccess_user_id']['is_final'] = false;
    $resolvers['htaccess_user_id']['next'] = 'dmn';
    $resolvers['hosting_plan_id'] = array();
    $resolvers['hosting_plan_id']['query'] = 'SELECT `reseller_id` FROM `hosting_plans` WHERE `id` = ? LIMIT 1;';
    $resolvers['hosting_plan_id']['is_final'] = true;
    if (isset($resolvers[$type])) {
        $r = $resolvers[$type];
        if ($r['query']) {
            $matches = array();
            if (!preg_match('/SELECT[ \\t]+`([\\w]+)`[ \\t]+FROM/i', $r['query'], $matches)) {
                throw new iMSCP_Exception(tr('Malformed resolver SQL query'));
            }
            $select = $matches[1];
            $stmt = exec_query($r['query'], $id);
            if ($stmt->rowCount()) {
                if ($r['is_final'] || $forcefinal) {
                    $who = $stmt->fields[$select];
                } else {
                    $who = who_owns_this($stmt->fields[$select], $r['next']);
                }
            }
        } else {
            $ex = explode($r['separator'], $id);
            if (!$r['is_final'] && !$forcefinal) {
                $who = who_owns_this($r['pos'], $r['next']);
            } else {
                $who = $ex[$r['pos']];
            }
        }
    }
    if ($type != 'admin' && (empty($who) || $who <= 0)) {
        $who = null;
    }
    return $who;
}
Esempio n. 2
0
function create_catchall_mail_account($sql, $id)
{
    $cfg = EasySCP_Registry::get('Config');
    list($realId, $type) = explode(';', $id);
    // Check if user is owner of the domain
    if (!preg_match('(normal|alias|subdom|alssub)', $type) || who_owns_this($realId, $type) != $_SESSION['user_id']) {
        set_page_message(tr('User does not exist or you do not have permission to access this interface!'), 'error');
        user_goto('mail_catchall.php');
    }
    $match = array();
    if (isset($_POST['uaction']) && $_POST['uaction'] === 'create_catchall' && $_POST['mail_type'] === 'normal') {
        if (preg_match("/(\\d+);(normal|alias|subdom|alssub)/", $id, $match) == 1) {
            $item_type = $match[2];
            $post_mail_id = $_POST['mail_id'];
            if (preg_match("/(\\d+);([^;]+);/", $post_mail_id, $match) == 1) {
                $mail_id = $match[1];
                $mail_acc = $match[2];
                if ($item_type === 'normal') {
                    $mail_type = 'normal_catchall';
                } elseif ($item_type === 'alias') {
                    $mail_type = 'alias_catchall';
                } elseif ($item_type === 'subdom') {
                    $mail_type = 'subdom_catchall';
                } elseif ($item_type === 'alssub') {
                    $mail_type = 'alssub_catchall';
                }
                $query = "\n\t\t\t\t\tSELECT\n\t\t\t\t\t\t`domain_id`, `sub_id`\n\t\t\t\t\tFROM\n\t\t\t\t\t\t`mail_users`\n\t\t\t\t\tWHERE\n\t\t\t\t\t\t`mail_id` = ?\n\t\t\t\t";
                $rs = exec_query($sql, $query, $mail_id);
                $domain_id = $rs->fields['domain_id'];
                $sub_id = $rs->fields['sub_id'];
                $status = $cfg->ITEM_ADD_STATUS;
                // find the mail_addr (catchall -> "@(sub/alias)domain.tld", should be domain part of mail_acc
                $match = explode('@', $mail_acc);
                $mail_addr = '@' . $match[1];
                $query = "\n\t\t\t\t\tINSERT INTO `mail_users`\n\t\t\t\t\t\t(`mail_acc`,\n\t\t\t\t\t\t`mail_pass`,\n\t\t\t\t\t\t`mail_forward`,\n\t\t\t\t\t\t`domain_id`,\n\t\t\t\t\t\t`mail_type`,\n\t\t\t\t\t\t`sub_id`,\n\t\t\t\t\t\t`status`,\n\t\t\t\t\t\t`quota`,\n\t\t\t\t\t\t`mail_addr`)\n\t\t\t\t\tVALUES\n\t\t\t\t\t\t(?, ?, ?, ?, ?, ?, ?, ?, ?)\n\t\t\t\t";
                exec_query($sql, $query, array($mail_acc, '_no_', '_no_', $domain_id, $mail_type, $sub_id, $status, NULL, $mail_addr));
                send_request('130 MAIL ' . $domain_id);
                write_log($_SESSION['user_logged'] . ": adds new email catch all");
                set_page_message(tr('Catch all account scheduled for creation!'), 'success');
                user_goto('mail_catchall.php');
            } else {
                user_goto('mail_catchall.php');
            }
        }
    } else {
        if (isset($_POST['uaction']) && $_POST['uaction'] === 'create_catchall' && $_POST['mail_type'] === 'forward' && isset($_POST['forward_list'])) {
            if (preg_match("/(\\d+);(normal|alias|subdom|alssub)/", $id, $match) == 1) {
                $item_id = $match[1];
                $item_type = $match[2];
                if ($item_type === 'normal') {
                    $mail_type = 'normal_catchall';
                    $sub_id = '0';
                    $domain_id = $item_id;
                    $query = "SELECT `domain_name` FROM `domain` WHERE `domain_id` = ?";
                    $rs = exec_query($sql, $query, $domain_id);
                    $mail_addr = '@' . $rs->fields['domain_name'];
                } elseif ($item_type === 'alias') {
                    $mail_type = 'alias_catchall';
                    $sub_id = $item_id;
                    $query = "SELECT `domain_aliasses`.`domain_id`, `alias_name` FROM `domain_aliasses` WHERE `alias_id` = ?";
                    $rs = exec_query($sql, $query, $item_id);
                    $domain_id = $rs->fields['domain_id'];
                    $mail_addr = '@' . $rs->fields['alias_name'];
                } elseif ($item_type === 'subdom') {
                    $mail_type = 'subdom_catchall';
                    $sub_id = $item_id;
                    $query = "SELECT `subdomain`.`domain_id`, `subdomain_name`, `domain_name` FROM `subdomain`, `domain`\n\t\t\t\t\tWHERE `subdomain_id` = ? AND `domain`.`domain_id` = `subdomain`.`domain_id`";
                    $rs = exec_query($sql, $query, $item_id);
                    $domain_id = $rs->fields['domain_id'];
                    $mail_addr = '@' . $rs->fields['subdomain_name'] . '.' . $rs->fields['domain_name'];
                } elseif ($item_type === 'alssub') {
                    $mail_type = 'alssub_catchall';
                    $sub_id = $item_id;
                    $query = "\n\t\t\t\t\tSELECT\n\t\t\t\t\t\tt1.`subdomain_alias_name`,\n\t\t\t\t\t\tt2.`alias_name`,\n\t\t\t\t\t\tt2.`domain_id`\n\t\t\t\t\tFROM\n\t\t\t\t\t\t`subdomain_alias` AS t1,\n\t\t\t\t\t\t`domain_aliasses` AS t2\n\t\t\t\t\tWHERE\n\t\t\t\t\t\tt1.`subdomain_alias_id` = ?\n\t\t\t\t\tAND\n\t\t\t\t\t\tt1.`alias_id` = t2.`alias_id`\n\t\t\t\t\t";
                    $rs = exec_query($sql, $query, $item_id);
                    $domain_id = $rs->fields['domain_id'];
                    $mail_addr = '@' . $rs->fields['subdomain_alias_name'] . '.' . $rs->fields['alias_name'];
                }
                $mail_forward = clean_input($_POST['forward_list']);
                $mail_acc = array();
                $faray = preg_split("/[\n,]+/", $mail_forward);
                foreach ($faray as $value) {
                    $value = trim($value);
                    if (!chk_email($value) && $value !== '' || $value === '') {
                        // @todo ERROR .. strange :) not email in this line - warning
                        set_page_message(tr("Mail forward list error!"), 'error');
                        return;
                    }
                    $mail_acc[] = $value;
                }
                $status = $cfg->ITEM_ADD_STATUS;
                $query = "\n\t\t\t\tINSERT INTO `mail_users`\n\t\t\t\t\t(`mail_acc`,\n\t\t\t\t\t`mail_pass`,\n\t\t\t\t\t`mail_forward`,\n\t\t\t\t\t`domain_id`,\n\t\t\t\t\t`mail_type`,\n\t\t\t\t\t`sub_id`,\n\t\t\t\t\t`status`,\n\t\t\t\t\t`quota`,\n\t\t\t\t\t`mail_addr`)\n\t\t\t\tVALUES\n\t\t\t\t\t(?, ?, ?, ?, ?, ?, ?, ?, ?)\n\t\t\t";
                exec_query($sql, $query, array(implode(',', $mail_acc), '_no_', '_no_', $domain_id, $mail_type, $sub_id, $status, NULL, $mail_addr));
                send_request('130 MAIL ' . $domain_id);
                write_log($_SESSION['user_logged'] . ": adds new email catch all ");
                set_page_message(tr('Catch all account scheduled for creation!'), 'success');
                user_goto('mail_catchall.php');
            } else {
                user_goto('mail_catchall.php');
            }
        }
    }
}
Esempio n. 3
0
/**
 * Checks if an user has permissions on a specific SQL user
 *
 * @param  int $sqlUserId SQL user unique identifier
 * @return bool TRUE if the logged in user has permission on SQL user, FALSE otherwise
 */
function check_user_sql_perms($sqlUserId)
{
    return who_owns_this($sqlUserId, 'sqlu_id') == $_SESSION['user_id'];
}
Esempio n. 4
0
 if (isset($_GET['action']) && $_GET['action'] === "activate") {
     if (isset($_GET['act_id']) && !empty($_GET['act_id'])) {
         $act_id = $_GET['act_id'];
     } else {
         $_SESSION['orderalact'] = '_no_';
         user_goto('alias.php');
     }
     $query = "SELECT `alias_name` FROM `domain_aliasses` WHERE `alias_id` = ?";
     $rs = exec_query($sql, $query, $act_id);
     if ($rs->recordCount() == 0) {
         user_goto('alias.php');
     }
     $alias_name = $rs->fields['alias_name'];
     $query = "UPDATE `domain_aliasses` SET `status` = '{$cfg->ITEM_ADD_STATUS}' WHERE `alias_id` = ?";
     $rs = exec_query($sql, $query, $act_id);
     $domain_id = who_owns_this($act_id, 'als_id', true);
     $query = 'SELECT `email` FROM `admin`, `domain` WHERE `admin`.`admin_id` = `domain`.`domain_admin_id` AND `domain`.`domain_id` = ?';
     $rs = exec_query($sql, $query, $domain_id);
     if ($rs->recordCount() == 0) {
         user_goto('alias.php');
     }
     $user_email = $rs->fields['email'];
     // Create the 3 default addresses if wanted
     if ($cfg->CREATE_DEFAULT_EMAIL_ADDRESSES) {
         client_mail_add_default_accounts($domain_id, $user_email, $alias_name, 'alias', $act_id);
     }
     // enable "ordered"/pending email accounts
     // ??? are there pending mail_addresses ???, joximu
     $query = "UPDATE `mail_users` SET `status` = ? WHERE `sub_id` = ? AND `domain_id` = ? AND `status` = ? AND `mail_type` LIKE 'alias%'";
     $rs = exec_query($sql, $query, array($cfg->ITEM_ADD_STATUS, $act_id, $domain_id, $cfg->ITEM_ORDERED_STATUS));
     send_request('110 DOMAIN alias ' . $act_id);
Esempio n. 5
0
 */
require '../../include/easyscp-lib.php';
check_login(__FILE__);
// let's back to admin interface - am I admin or what ? :-)
if (isset($_SESSION['logged_from']) && isset($_SESSION['logged_from_id']) && isset($_GET['action']) && $_GET['action'] == "go_back") {
    change_user_interface($_SESSION['user_id'], $_SESSION['logged_from_id']);
} else {
    if (isset($_SESSION['user_id']) && isset($_GET['to_id'])) {
        $to_id = $_GET['to_id'];
        // admin logged as reseller:
        if (isset($_SESSION['logged_from']) && isset($_SESSION['logged_from_id'])) {
            $from_id = $_SESSION['logged_from_id'];
        } else {
            // reseller:
            $from_id = $_SESSION['user_id'];
            if (who_owns_this($to_id, 'client') != $from_id) {
                set_page_message(tr('User does not exist or you do not have permission to access this interface!'), 'error');
                user_goto('users.php?psi=last');
            }
        }
        // Remember some data
        if (isset($_SESSION['search_for'])) {
            $_SESSION['uistack'] = array('search_for' => $_SESSION['search_for']);
            if (isset($_SESSION['search_status'])) {
                $_SESSION['uistack']['search_status'] = $_SESSION['search_status'];
            }
            if (isset($_SESSION['search_common'])) {
                $_SESSION['uistack']['search_common'] = $_SESSION['search_common'];
            }
            if (isset($_SESSION['search_page'])) {
                $_SESSION['uistack']['search_page'] = $_SESSION['search_page'];
Esempio n. 6
0
        }
        iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onAfterEditFtp, array('ftpUserId' => $userid));
        write_log(sprintf("%s updated Ftp account: %s", $_SESSION['user_logged'], $userid), E_USER_NOTICE);
        set_page_message(tr('FTP account successfully updated.'), 'success');
    }
    return $ret;
}
/***********************************************************************************************************************
 * Main
 */
iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onClientScriptStart);
check_login('user');
customerHasFeature('ftp') or showBadRequestErrorPage();
if (isset($_GET['id'])) {
    $userid = clean_input($_GET['id']);
    if (who_owns_this($userid, 'ftpuser') != $_SESSION['user_id']) {
        showBadRequestErrorPage();
    }
    $stmt = exec_query("SELECT `domain_name` FROM `domain` WHERE`domain_admin_id` = ?", $_SESSION['user_id']);
    $mainDomainName = $stmt->fields['domain_name'];
    if (!empty($_POST)) {
        if (updateFtpAccount($userid, $mainDomainName)) {
            redirectTo('ftp_accounts.php');
        }
    }
    $tpl = new iMSCP_pTemplate();
    $tpl->define_dynamic(array('layout' => 'shared/layouts/ui.tpl', 'page' => 'client/ftp_edit.tpl', 'page_message' => 'layout'));
    $tpl->assign(array('TR_PAGE_TITLE' => tr('Client / FTP / Overview / Edit FTP Account'), 'TR_FTP_DIRECTORIES' => tojs('Ftp directories'), 'TR_CLOSE' => tojs(tr('Close')), 'TR_FTP_USER_DATA' => tr('Ftp account data'), 'TR_USERNAME' => tr('Username'), 'TR_PASSWORD' => tr('Password'), 'TR_PASSWORD_REPEAT' => tr('Repeat password'), 'TR_HOME_DIR' => tr('Home directory'), 'CHOOSE_DIR' => tr('Choose dir'), 'TR_CHANGE' => tr('Update'), 'TR_CANCEL' => tr('Cancel')));
    generatePageData($tpl, $userid, $mainDomainName);
    generateNavigation($tpl);
    generatePageMessage($tpl);
 * Portions created by the ispCP Team are Copyright (C) 2006-2010 by
 * isp Control Panel. All Rights Reserved.
 *
 * Portions created by the i-MSCP Team are Copyright (C) 2010-2015 by
 * i-MSCP - internet Multi Server Control Panel. All Rights Reserved.
 */
// Include needed libraries
require 'imscp-lib.php';
iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onResellerScriptStart);
// Check for login
check_login('reseller');
// Switch back to admin
if (isset($_SESSION['logged_from']) && isset($_SESSION['logged_from_id']) && isset($_GET['action']) && $_GET['action'] == 'go_back') {
    change_user_interface($_SESSION['user_id'], $_SESSION['logged_from_id']);
} elseif (isset($_SESSION['user_id']) && isset($_GET['to_id'])) {
    // Switch to customer
    $toUserId = intval($_GET['to_id']);
    // Admin logged as reseller:
    if (isset($_SESSION['logged_from']) && isset($_SESSION['logged_from_id'])) {
        $fromUserId = $_SESSION['logged_from_id'];
    } else {
        // reseller to customer
        $fromUserId = $_SESSION['user_id'];
        if (who_owns_this($toUserId, 'client') != $fromUserId) {
            showBadRequestErrorPage();
        }
    }
    change_user_interface($fromUserId, $toUserId);
} else {
    showBadRequestErrorPage();
}
Esempio n. 8
0
/**
 * Send alias order email
 *
 * @param  string $aliasName
 * @return void
 */
function send_alias_order_email($aliasName)
{
    /** @var $cfg iMSCP_Config_Handler_File */
    $cfg = iMSCP_Registry::get('config');
    $userId = $_SESSION['user_id'];
    $resellerId = who_owns_this($userId, 'user');
    $stmt = exec_query('SELECT fname, lname FROM admin WHERE admin_id = ?', $userId);
    $userFirstname = $stmt->fields['fname'];
    $userLastname = $stmt->fields['lname'];
    $userEmail = $_SESSION['user_email'];
    $data = get_alias_order_email($resellerId);
    $toName = $data['sender_name'];
    $toEmail = $data['sender_email'];
    $subject = $data['subject'];
    $message = $data['message'];
    $to = $toName ? encode_mime_header($toName) . " <{$toEmail}>" : $toEmail;
    if ($userFirstname && $userLastname) {
        $fromName = "{$userFirstname} {$userLastname}";
        $from = encode_mime_header($fromName) . " <{$userEmail}>";
    } else {
        if ($userFirstname) {
            $fromName = $userFirstname;
        } else {
            if ($userLastname) {
                $fromName = $userLastname;
            } else {
                $fromName = $userEmail;
            }
        }
        $from = $userEmail;
    }
    $baseServerVhostPrefix = $cfg['BASE_SERVER_VHOST_PREFIX'];
    $port = $baseServerVhostPrefix == 'http://' ? $cfg['BASE_SERVER_VHOST_HTTP_PORT'] == '80' ? '' : ':' . $cfg['BASE_SERVER_VHOST_HTTP_PORT'] : ($cfg['BASE_SERVER_VHOST_HTTPS_PORT'] == '443' ? '' : ':' . $cfg['BASE_SERVER_VHOST_HTTPS_PORT']);
    $search = array();
    $replace = array();
    $search[] = '{RESELLER}';
    $replace[] = $toName;
    $search[] = '{CUSTOMER}';
    $replace[] = $fromName;
    $search[] = '{ALIAS}';
    $replace[] = $aliasName;
    $search[] = '{BASE_SERVER_VHOST_PREFIX}';
    $replace[] = $baseServerVhostPrefix;
    $search[] = '{BASE_SERVER_VHOST}';
    $replace[] = $cfg->BASE_SERVER_VHOST;
    $search[] = '{BASE_SERVER_VHOST_PORT}';
    $replace[] = $port;
    $subject = str_replace($search, $replace, $subject);
    $message = str_replace($search, $replace, $message);
    $subject = encode_mime_header($subject);
    $headers = "From: {$from}\r\n";
    $headers .= "MIME-Version: 1.0\r\n";
    $headers .= "Content-Type: text/plain; charset=utf-8\r\n";
    $headers .= "Content-Transfer-Encoding: 8bit\r\n";
    $headers .= "X-Mailer: i-MSCP Mailer";
    mail($to, $subject, $message, $headers, "-f {$userEmail}");
}
Esempio n. 9
0
/**
 * Add catchall
 *
 * @param string $itemId
 * @return void
 */
function client_addCatchall($itemId)
{
    list($realId, $type) = explode(';', $itemId);
    // Check if user is owner of the domain
    if (!preg_match('(normal|alias|subdom|alssub)', $type) || who_owns_this($realId, $type) != $_SESSION['user_id']) {
        set_page_message(tr('User do not exist or you do not have permission to access this interface'), 'error');
        redirectTo('mail_catchall.php');
    }
    $match = array();
    $mailType = $dmnId = $subId = $mailAddr = '';
    if (isset($_POST['mail_type'])) {
        if ($_POST['mail_type'] === 'normal' && isset($_POST['mail_id'])) {
            if (preg_match('/^\\d+;(normal|alias|subdom|alssub)$/', $itemId, $match)) {
                $itemType = $match[1];
                $postMailId = clean_input($_POST['mail_id']);
                if (preg_match('/(\\d+);([^;]+);/', $postMailId, $match)) {
                    $mailId = $match[1];
                    $mailAccount = $match[2];
                    if ($itemType === 'normal') {
                        $mailType = MT_NORMAL_CATCHALL;
                    } elseif ($itemType === 'alias') {
                        $mailType = MT_ALIAS_CATCHALL;
                    } elseif ($itemType === 'subdom') {
                        $mailType = MT_SUBDOM_CATCHALL;
                    } elseif ($itemType === 'alssub') {
                        $mailType = MT_ALSSUB_CATCHALL;
                    } else {
                        showBadRequestErrorPage();
                    }
                    $stmt = exec_query('SELECT domain_id, sub_id FROM mail_users WHERE mail_id = ?', $mailId);
                    if ($stmt->rowCount()) {
                        $row = $stmt->fetchRow(PDO::FETCH_ASSOC);
                        $dmnId = $row['domain_id'];
                        $subId = $row['sub_id'];
                        // Find the mail_addr (catchall -> "@(sub/alias)domain.tld", should be domain part of mail_acc
                        $match = explode('@', $mailAccount);
                        $mailAddr = '@' . $match[1];
                        iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onBeforeAddMailCatchall, array('mailCatchall' => $mailAddr, 'mailForwardList' => array($mailAccount)));
                        exec_query('
								INSERT INTO mail_users (
									mail_acc, mail_pass, mail_forward, domain_id, mail_type, sub_id, status,
									mail_auto_respond, quota, mail_addr
								) VALUES (
									?, ?, ?, ?, ?, ?, ?, ?, ?, ?
								)
							', array($mailAccount, '_no_', '_no_', $dmnId, $mailType, $subId, 'toadd', '_no_', NULL, $mailAddr));
                        iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onAfterAddMailCatchall, array('mailCatchallId' => iMSCP_Database::getInstance()->insertId(), 'mailCatchall' => $mailAddr, 'mailForwardList' => array($mailAccount)));
                        send_request();
                        write_log("{$_SESSION['user_logged']} added new catch all", E_USER_NOTICE);
                        set_page_message(tr('Catch all successfully scheduled for addition.'), 'success');
                        redirectTo('mail_catchall.php');
                    } else {
                        showBadRequestErrorPage();
                    }
                } else {
                    redirectTo('mail_catchall.php');
                }
            }
        } else {
            if ($_POST['mail_type'] === 'forward' && isset($_POST['forward_list'])) {
                if (preg_match('/^(\\d+);(normal|alias|subdom|alssub)$/', $itemId, $match) == 1) {
                    $itemId = $match[1];
                    $itemType = $match[2];
                    if ($itemType === 'normal') {
                        $mailType = MT_NORMAL_CATCHALL;
                        $subId = '0';
                        $dmnId = $itemId;
                        $stmt = exec_query('SELECT domain_name FROM domain WHERE domain_id = ?', $dmnId);
                        if ($stmt->rowCount()) {
                            $row = $stmt->fetchRow(PDO::FETCH_ASSOC);
                            $mailAddr = '@' . $row['domain_name'];
                        } else {
                            showBadRequestErrorPage();
                        }
                    } elseif ($itemType == 'alias') {
                        $mailType = MT_ALIAS_CATCHALL;
                        $subId = $itemId;
                        $stmt = exec_query('SELECT domain_id, alias_name FROM domain_aliasses WHERE alias_id = ?', $itemId);
                        if ($stmt->rowCount()) {
                            $row = $stmt->fetchRow(PDO::FETCH_ASSOC);
                            $dmnId = $row['domain_id'];
                            $mailAddr = '@' . $row['alias_name'];
                        } else {
                            showBadRequestErrorPage();
                        }
                    } elseif ($itemType === 'subdom') {
                        $mailType = MT_SUBDOM_CATCHALL;
                        $subId = $itemId;
                        $stmt = exec_query("\n\t\t\t\t\t\t\tSELECT\n\t\t\t\t\t\t\t\tdomain_id, CONCAT(subdomain_name, '.', domain_name) AS subdomain_name\n\t\t\t\t\t\t\tFROM\n\t\t\t\t\t\t\t\tsubdomain\n\t\t\t\t\t\t\tINNER JOIN\n\t\t\t\t\t\t\t\tdomain USING(domain_id)\n\t\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\t\tsubdomain_id = ?\n\t\t\t\t\t\t", $itemId);
                        if ($stmt->rowCount()) {
                            $row = $stmt->fetchRow(PDO::FETCH_ASSOC);
                            $dmnId = $row['domain_id'];
                            $mailAddr = '@' . $row['subdomain_name'];
                        } else {
                            showBadRequestErrorPage();
                        }
                    } elseif ($itemType === 'alssub') {
                        $mailType = MT_ALSSUB_CATCHALL;
                        $subId = $itemId;
                        $stmt = exec_query("\n\t\t\t\t\t\t\tSELECT\n\t\t\t\t\t\t\t\tdomain_id, CONCAT(subdomain_alias_name, '.', alias_name) AS subdomain_alias_name\n\t\t\t\t\t\t\tFROM\n\t\t\t\t\t\t\t\tsubdomain_alias\n\t\t\t\t\t\t\tINNER JOIN\n\t\t\t\t\t\t\t\tdomain_aliasses USING(alias_id)\n\t\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\t\tsubdomain_alias_id = ?\n\t\t\t\t\t\t", $itemId);
                        if ($stmt->rowCount()) {
                            $row = $stmt->fetchRow(PDO::FETCH_ASSOC);
                            $dmnId = $row['domain_id'];
                            $mailAddr = '@' . $row['subdomain_alias_name'];
                        } else {
                            showBadRequestErrorPage();
                        }
                    } else {
                        showBadRequestErrorPage();
                    }
                    $mailForward = clean_input($_POST['forward_list']);
                    $mailAccount = array();
                    $faray = preg_split("/[\n,]+/", $mailForward);
                    foreach ($faray as $value) {
                        $value = trim($value);
                        if (!chk_email($value) && $value != '') {
                            set_page_message(tr('An email addresse is not valid in mail forward list.'), 'error');
                            return;
                        } else {
                            if ($value == '') {
                                set_page_message(tr('Syntax error found in mail forward list.'), 'error');
                                return;
                            }
                        }
                        $mailAccount[] = $value;
                    }
                    iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onBeforeAddMailCatchall, array('mailCatchall' => $mailAddr, 'mailForwardList' => $mailAccount));
                    exec_query('
						INSERT INTO mail_users (
							mail_acc, mail_pass, mail_forward, domain_id, mail_type, sub_id, status,
							mail_auto_respond, quota, mail_addr
						) VALUES (
							?, ?, ?, ?, ?, ?, ?, ?, ?, ?
						)
					', array(implode(',', $mailAccount), '_no_', '_no_', $dmnId, $mailType, $subId, 'toadd', '_no_', NULL, $mailAddr));
                    iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onAfterAddMailCatchall, array('mailCatchallId' => iMSCP_Database::getInstance()->insertId(), 'mailCatchall' => $mailAddr, 'mailForwardList' => $mailAccount));
                    send_request();
                    write_log("{$_SESSION['user_logged']} added new catch all", E_USER_NOTICE);
                    set_page_message(tr('Catch all successfully scheduled for addition.'), 'success');
                    redirectTo('mail_catchall.php');
                } else {
                    redirectTo('mail_catchall.php');
                }
            } else {
                showBadRequestErrorPage();
            }
        }
    } else {
        showBadRequestErrorPage();
    }
}
Esempio n. 10
0
function send_alias_order_email($alias_name)
{
    $cfg = EasySCP_Registry::get('Config');
    $sql = EasySCP_Registry::get('Db');
    $user_id = $_SESSION['user_id'];
    $reseller_id = who_owns_this($user_id, 'user');
    $query = 'SELECT `fname`, `lname` FROM `admin` WHERE `admin_id` = ?';
    $rs = exec_query($sql, $query, $user_id);
    $ufname = $rs->fields['fname'];
    $ulname = $rs->fields['lname'];
    $uemail = $_SESSION['user_email'];
    $data = get_alias_order_email($reseller_id);
    $to_name = $data['sender_name'];
    $to_email = $data['sender_email'];
    $subject = $data['subject'];
    $message = $data['message'];
    // to
    $to = $to_name ? '"' . mb_encode_mimeheader($to_name, 'UTF-8') . "\" <" . $to_email . ">" : $to_email;
    // from
    if ($ufname && $ulname) {
        $from_name = "{$ufname} {$ulname}";
        $from = '"' . mb_encode_mimeheader($from_name, 'UTF-8') . "\" <" . $uemail . ">";
    } else {
        if ($ufname) {
            $from_name = $ufname;
        } else {
            if ($ulname) {
                $from_name = $ulname;
            } else {
                $from_name = $uemail;
            }
        }
        $from = $uemail;
    }
    $search = array();
    $replace = array();
    $search[] = '{RESELLER}';
    $replace[] = $to_name;
    $search[] = '{CUSTOMER}';
    $replace[] = $from_name;
    $search[] = '{ALIAS}';
    $replace[] = $alias_name;
    $search[] = '{BASE_SERVER_VHOST}';
    $replace[] = $cfg->BASE_SERVER_VHOST;
    $search[] = '{BASE_SERVER_VHOST_PREFIX}';
    $replace[] = $cfg->BASE_SERVER_VHOST_PREFIX;
    $subject = str_replace($search, $replace, $subject);
    $message = str_replace($search, $replace, $message);
    $subject = mb_encode_mimeheader($subject, 'UTF-8');
    $headers = "From: " . $from . "\n";
    $headers .= "MIME-Version: 1.0\n";
    $headers .= "Content-Type: text/plain; charset=utf-8\n";
    $headers .= "Content-Transfer-Encoding: 8bit\n";
    $headers .= "X-Mailer: EasySCP {$cfg->Version} Service Mailer";
    mail($to, $subject, $message, $headers);
}
Esempio n. 11
0
/**
 *
 * @global <type> $cr_user_id
 * @global <type> $alias_name
 * @global <type> $domain_ip
 * @global <type> $forward
 * @global <type> $forward_prefix
 * @global <type> $mount_point
 * @global <type> $validation_err_msg
 * @param <type> $err_al
 * @return <type>
 */
function add_domain_alias(&$err_al)
{
    global $cr_user_id, $alias_name, $domain_ip, $forward, $forward_prefix, $mount_point, $validation_err_msg;
    $cfg = EasySCP_Registry::get('Config');
    $sql = EasySCP_Registry::get('Db');
    $cr_user_id = $_POST['usraccounts'];
    $alias_name = strtolower($_POST['ndomain_name']);
    $mount_point = array_encode_idna(strtolower($_POST['ndomain_mpoint']), true);
    if ($_POST['status'] == 1) {
        $forward = encode_idna(strtolower(clean_input($_POST['forward'])));
        $forward_prefix = clean_input($_POST['forward_prefix']);
    } else {
        $forward = 'no';
        $forward_prefix = '';
    }
    $query = "\n\t\tSELECT\n\t\t\t`domain_ip_id`\n\t\tFROM\n\t\t\t`domain`\n\t\tWHERE\n\t\t\t`domain_id` = ?\n\t;";
    $rs = exec_query($sql, $query, $cr_user_id);
    $domain_ip = $rs->fields['domain_ip_id'];
    // First check if input string is a valid domain names
    if (!validates_dname($alias_name)) {
        $err_al = $validation_err_msg;
        return;
    }
    // Should be perfomed after domain names syntax validation now
    $alias_name = encode_idna($alias_name);
    if (easyscp_domain_exists($alias_name, $_SESSION['user_id'])) {
        $err_al = tr('Domain with that name already exists on the system!');
        //	} else if (!validates_mpoint($mount_point) && $mount_point != '/') {
        //		$err_al = tr("Incorrect mount point syntax");
    } else {
        if ($alias_name == $cfg->BASE_SERVER_VHOST) {
            $err_al = tr('Master domain cannot be used!');
        } else {
            if ($_POST['status'] == 1) {
                $aurl = @parse_url($forward_prefix . decode_idna($forward));
                if ($aurl === false) {
                    $err_al = tr("Wrong address in forward URL!");
                } else {
                    $domain = $aurl['host'];
                    if (substr_count($domain, '.') <= 2) {
                        $ret = validates_dname($domain);
                    } else {
                        $ret = validates_dname($domain, true);
                    }
                    if (!$ret) {
                        $err_al = tr("Wrong domain part in forward URL!");
                    } else {
                        $domain = encode_idna($aurl['host']);
                        $forward = $aurl['scheme'] . '://';
                        if (isset($aurl['user'])) {
                            $forward .= $aurl['user'] . (isset($aurl['pass']) ? ':' . $aurl['pass'] : '') . '@';
                        }
                        $forward .= $domain;
                        if (isset($aurl['port'])) {
                            $forward .= ':' . $aurl['port'];
                        }
                        if (isset($aurl['path'])) {
                            $forward .= $aurl['path'];
                        } else {
                            $forward .= '/';
                        }
                        if (isset($aurl['query'])) {
                            $forward .= '?' . $aurl['query'];
                        }
                        if (isset($aurl['fragment'])) {
                            $forward .= '#' . $aurl['fragment'];
                        }
                    }
                }
            } else {
                $query = "\n\t\t\tSELECT\n\t\t\t\t`domain_id`\n\t\t\tFROM\n\t\t\t\t`domain_aliasses`\n\t\t\tWHERE\n\t\t\t\t`alias_name` = ?\n\t\t;";
                $res = exec_query($sql, $query, $alias_name);
                $query = "\n\t\t\tSELECT\n\t\t\t\t`domain_id`\n\t\t\tFROM\n\t\t\t\t`domain`\n\t\t\tWHERE\n\t\t\t\t`domain_name` = ?\n\t\t;";
                $res2 = exec_query($sql, $query, $alias_name);
                if ($res->rowCount() > 0 || $res2->rowCount() > 0) {
                    // we already have domain with this name
                    $err_al = tr("Domain with this name already exist");
                }
                $query = "\n\t\t\tSELECT\n\t\t\t\tCOUNT(`subdomain_id`) AS cnt\n\t\t\tFROM\n\t\t\t\t`subdomain`\n\t\t\tWHERE\n\t\t\t\t\t`domain_id` = ?\n\t\t\t\tAND `subdomain_mount` = ?\n\t\t\t;";
                $subdomres = exec_query($sql, $query, array($cr_user_id, $mount_point));
                $subdomdata = $subdomres->fetchRow();
                $query = "\n\t\t\tSELECT\n\t\t\t\tCOUNT(`subdomain_alias_id`) AS alscnt\n\t\t\tFROM\n\t\t\t\t`subdomain_alias`\n\t\t\tWHERE\n\t\t\t\t\t`alias_id`\n\t\t\t\tIN (\n\t\t\t\t\tSELECT\n\t\t\t\t\t\t`alias_id`\n\t\t\t\t\tFROM\n\t\t\t\t\t\t`domain_aliasses`\n\t\t\t\t\tWHERE\n\t\t\t\t\t\t`domain_id` = ?\n\t\t\t\t\t)\n\t\t\t\tAND\n\t\t\t\t\t`subdomain_alias_mount` = ?\n\t\t;";
                $alssubdomres = exec_query($sql, $query, array($cr_user_id, $mount_point));
                $alssubdomdata = $alssubdomres->fetchRow();
                if ($subdomdata['cnt'] > 0 || $alssubdomdata['alscnt'] > 0) {
                    $err_al = tr("There is a subdomain with the same mount point!");
                }
            }
        }
    }
    if ('_off_' !== $err_al) {
        return;
    }
    // Begin add new alias domain
    $alias_name = htmlspecialchars($alias_name, ENT_QUOTES, "UTF-8");
    $query = "\n\t\tINSERT INTO\n\t\t\t`domain_aliasses` (\n\t\t\t\t`domain_id`, `alias_name`, `alias_mount`,  `status`,\n\t\t\t\t`alias_ip_id`, `url_forward`\n\t\t\t)\n\t\tVALUES\n\t\t\t(?, ?, ?, ?, ?, ?)\n\t;";
    exec_query($sql, $query, array($cr_user_id, $alias_name, $mount_point, $cfg->ITEM_ADD_STATUS, $domain_ip, $forward));
    $als_id = $sql->insertId();
    update_reseller_c_props(get_reseller_id($cr_user_id));
    $query = "\n\t\tSELECT\n\t\t\t`email`\n\t\tFROM\n\t\t\t`admin`\n\t\tWHERE\n\t\t\t`admin_id` = ?\n\t\tLIMIT 1\n\t;";
    $rs = exec_query($sql, $query, who_owns_this($cr_user_id, 'dmn_id'));
    $user_email = $rs->fields['email'];
    // Create the three default addresses if required
    if ($cfg->CREATE_DEFAULT_EMAIL_ADDRESSES) {
        client_mail_add_default_accounts($cr_user_id, $user_email, $alias_name, 'alias', $als_id);
    }
    send_request('110 DOMAIN alias ' . $als_id);
    $admin_login = $_SESSION['user_logged'];
    write_log("{$admin_login}: add domain alias: {$alias_name}");
    $_SESSION["aladd"] = '_yes_';
    user_goto('alias.php');
}