function gen_page_dynamic_data(&$tpl, &$sql, $mail_id) { global $cfg; if (isset($_POST['uaction']) && $_POST['uaction'] === 'enable_arsp') { if ($_POST['arsp_message'] === '') { $tpl->assign('ARSP_MESSAGE', ''); set_page_message(tr('Please type your mail autorespond message!')); return; } $arsp_message = $_POST['arsp_message']; $item_change_status = $cfg['ITEM_CHANGE_STATUS']; check_for_lock_file(); $query = <<<SQL_QUERY update mail_users set status = ?, mail_auto_respond = ? where mail_id = ? SQL_QUERY; $rs = exec_query($sql, $query, array($item_change_status, $arsp_message, $mail_id)); send_request(); write_log($_SESSION['user_logged'] . " : add mail autorsponder"); set_page_message(tr('Mail account scheduler for modification!')); header("Location: email_accounts.php"); exit(0); } else { $tpl->assign('ARSP_MESSAGE', ''); } }
function get_user_gui_props(&$sql, $user_id) { global $cfg; $query = <<<SQL_QUERY select lang, layout from user_gui_props where user_id = ? SQL_QUERY; $rs = exec_query($sql, $query, array($user_id)); if ($rs->RecordCount() == 0) { // values for user id // some default staff return array($cfg['USER_INITIAL_LANG'], $cfg['USER_INITIAL_THEME_COLOR']); } else { if ($rs->fields['lang'] === '' && $rs->fields['layout'] === '') { return array($cfg['USER_INITIAL_LANG'], $cfg['USER_INITIAL_THEME_COLOR']); } else { if ($rs->fields['lang'] === '') { return array($cfg['USER_INITIAL_LANG'], $rs->fields['layout']); } else { if ($rs->fields['layout'] === '') { return array($rs->fields['lang'], $cfg['USER_INITIAL_THEME_COLOR']); } else { if ($rs->fields['layout'] === 'blue' || $rs->fields['layout'] === 'green' || $rs->fields['layout'] === 'red' || $rs->fields['layout'] === 'yellow') { return array($rs->fields['lang'], $rs->fields['layout']); } } } } } return array($rs->fields['lang'], $cfg['USER_INITIAL_THEME_COLOR']); }
/** * @todo What's about the outcommented code? */ function update_server_settings() { $sql = EasySCP_Registry::get('Db'); if (!isset($_POST['uaction']) && !isset($_POST['uaction'])) { return; } /*global $data; $match = array(); preg_match("/^(-1|0|[1-9][0-9]*)$/D", $data, $match);*/ $max_traffic = clean_input($_POST['max_traffic']); $traffic_warning = $_POST['traffic_warning']; if (!is_numeric($max_traffic) || !is_numeric($traffic_warning)) { set_page_message(tr('Wrong data input!'), 'warning'); } if ($traffic_warning > $max_traffic) { set_page_message(tr('Warning traffic is bigger than max traffic!'), 'warning'); return; } if ($max_traffic < 0) { $max_traffic = 0; } if ($traffic_warning < 0) { $traffic_warning = 0; } $query = "\n\t\tUPDATE\n\t\t\t`straff_settings`\n\t\tSET\n\t\t\t`straff_max` = ?,\n\t\t\t`straff_warn` = ?\n\t"; exec_query($sql, $query, array($max_traffic, $traffic_warning)); set_page_message(tr('Server traffic settings updated successfully!'), 'success'); }
/** * Get mail data * * @throws iMSCP_Exception in case data are not found * @param string $domainName Domain name * @return array Array which contains mail data */ function cli_getMailData($domainName) { static $data = array(); if (!array_key_exists($domainName, $data)) { $stmt = exec_query('SELECT domain_id FROM domain WHERE domain_name = ?', $domainName); if ($stmt->rowCount()) { $row = $stmt->fetchRow(PDO::FETCH_ASSOC); $data[$domainName] = array('domain_id' => $row['domain_id'], 'sub_id' => '0', 'mail_type' => MT_NORMAL_MAIL); } else { $stmt = exec_query("\n\t\t\t\t\tSELECT\n\t\t\t\t\t\tdomain_id, subdomain_id\n\t\t\t\t\tFROM\n\t\t\t\t\t\tsubdomain\n\t\t\t\t\tINNER JOIN\n\t\t\t\t\t\tdomain USING(domain_id)\n\t\t\t\t\tWHERE\n\t\t\t\t\t\tCONCAT(subdomain_name, '.', domain_name) = ?\n\t\t\t\t", $domainName); if ($stmt->rowCount()) { $row = $stmt->fetchRow(PDO::FETCH_ASSOC); $data[$domainName] = array('domain_id' => $row['domain_id'], 'sub_id' => $row['subdomain_id'], 'mail_type' => MT_SUBDOM_MAIL); } else { $stmt = exec_query('SELECT domain_id FROM domain_aliasses WHERE alias_name = ?', $domainName); if ($stmt->rowCount()) { $row = $stmt->fetchRow(PDO::FETCH_ASSOC); $data[$domainName] = array('domain_id' => $row['domain_id'], 'sub_id' => '0', 'mail_type' => MT_ALIAS_MAIL); } else { $stmt = exec_query("\n\t\t\t\t\t\t\tSELECT\n\t\t\t\t\t\t\t\tdomain_id, subdomain_alias_id\n\t\t\t\t\t\t\tFROM\n\t\t\t\t\t\t\t\tsubdomain_alias\n\t\t\t\t\t\t\tINNER JOIN\n\t\t\t\t\t\t\t\tdomain_aliasses USING(alias_id)\n\t\t\t\t\t\t\tINNER JOIN\n\t\t\t\t\t\t\t\tdomain USING(domain_id)\n\t\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\t\tCONCAT(subdomain_alias_name, '.', alias_name) = ?\n\t\t\t\t\t\t", $domainName); if ($stmt->rowCount()) { $row = $stmt->fetchRow(PDO::FETCH_ASSOC); $data[$domainName] = array('domain_id' => $row['domain_id'], 'sub_id' => $row['subdomain_alias_id'], 'mail_type' => MT_ALSSUB_MAIL); } else { $data[$domainName] = null; } } } } } if ($data[$domainName] !== null) { return $data[$domainName]; } throw new iMSCP_Exception('This script can only add mail accounts for domains which are already managed by i-MSCP.'); }
function gen_db_list(&$tpl, &$sql, $user_id) { $dmn_id = get_user_domain_id($sql, $user_id); $query = <<<SQL_QUERY select sqld_id, sqld_name from sql_database where domain_id = ? order by sqld_name SQL_QUERY; $rs = exec_query($sql, $query, array($dmn_id)); if ($rs->RecordCount() == 0) { set_page_message(tr('Database list is empty!')); $tpl->assign('DB_LIST', ''); } else { while (!$rs->EOF) { $db_id = $rs->fields['sqld_id']; $db_name = $rs->fields['sqld_name']; gen_db_user_list($tpl, $sql, $db_id); $tpl->assign(array('DB_ID' => "{$db_id}", 'DB_NAME' => "{$db_name}")); $tpl->parse('DB_LIST', '.db_list'); $rs->MoveNext(); } } }
function construire_tableau($theme = 0, $pertinence = 0, $diff = 0, $nbQuestions) { $connexion = connect($host, $port, $user, $password, $database); //On récupère un recordset correspondant aux critères $query = "SELECT Q.noq, Q.question, Q.reponse " . "FROM questions Q"; /* ", sujets S, themes T, pertinences P, difficultes D ". "WHERE Q.noq = S.noq AND S.theme = T.theme AND ". "S.pertinence = P.pertinence AND S.difficulte = D.difficulte". "AND S.theme = ". $theme ." AND S.pertinence = ". $pertinence ." AND S.difficulte = ". $diff .";"; */ $result = exec_query($connexion, $query); $Nbr = numrows($result); echo "Nombre d'enregistrements : " . $Nbr . "<BR>"; //Organisation aléatoire des questions $ints = range(0, $Nbr - 1); srand(time()); shuffle($ints); if ($Nbr < $nbQuestions) { $nbQuestions = $Nbr; } // On construit le tableau permettant de trier aléatoirement for ($i = 0; $i < $nbQuestions && ($row = fetch_array($result, $ints[$i])); $i++) { echo "libelle Q : " . $row[1] . "<BR>"; $tabQ[$i][0] = $row[0]; // recuperation du numero, $tabQ[$i][1] = $row[1]; // du libelle, $tabQ[$i][2] = $row[2]; // de la reponse a la question } close($connexion); return $tabQ; }
function gen_htaccess_entries(&$tpl, &$sql, &$dmn_id) { $query = <<<SQL_QUERY select * from htaccess where dmn_id = ? SQL_QUERY; $rs = exec_query($sql, $query, array($dmn_id)); if ($rs->RecordCount() == 0) { $tpl->assign('PROTECTED_AREAS', ''); set_page_message(tr('You do not have protected areas')); } else { $counter = 0; while (!$rs->EOF) { if ($counter % 2 == 0) { $tpl->assign('CLASS', 'content'); } else { $tpl->assign('CLASS', 'content2'); } $id = $rs->fields['id']; $user_id = $rs->fields['user_id']; $group_id = $rs->fields['group_id']; $status = $rs->fields['status']; $path = $rs->fields['path']; $auth_name = $rs->fields['auth_name']; $tpl->assign(array('AREA_NAME' => $auth_name, 'AREA_PATH' => $path, 'PID' => $id, 'STATUS' => translate_dmn_status($status))); $tpl->parse('DIR_ITEM', '.dir_item'); $rs->MoveNext(); $counter++; } } }
/** * Updates htaccess user. * * @param int $dmn_id Domain unique identifier * @param int $uuser_id Htaccess user unique identifier * @return */ function client_updateHtaccessUser(&$dmn_id, &$uuser_id) { if (isset($_POST['uaction']) && $_POST['uaction'] == 'modify_user') { // we have to add the user if (isset($_POST['pass']) && isset($_POST['pass_rep'])) { if (!checkPasswordSyntax($_POST['pass'])) { return; } if ($_POST['pass'] !== $_POST['pass_rep']) { set_page_message(tr("Passwords do not match."), 'error'); return; } $nadmin_password = cryptPasswordWithSalt($_POST['pass'], generateRandomSalt(true)); $change_status = 'tochange'; $query = "\n\t\t\t\tUPDATE\n\t\t\t\t\t`htaccess_users`\n\t\t\t\tSET\n\t\t\t\t\t`upass` = ?, `status` = ?\n\t\t\t\tWHERE\n\t\t\t\t\t`dmn_id` = ?\n\t\t\t\tAND\n\t\t\t\t\t`id` = ?\n\t\t\t"; exec_query($query, array($nadmin_password, $change_status, $dmn_id, $uuser_id)); send_request(); $query = "\n\t\t\t\tSELECT\n\t\t\t\t\t`uname`\n\t\t\t\tFROM\n\t\t\t\t\t`htaccess_users`\n\t\t\t\tWHERE\n\t\t\t\t\t`dmn_id` = ?\n\t\t\t\tAND\n\t\t\t\t\t`id` = ?\n\t\t\t"; $rs = exec_query($query, array($dmn_id, $uuser_id)); $uname = $rs->fields['uname']; $admin_login = $_SESSION['user_logged']; write_log("{$admin_login}: updated htaccess user ID: {$uname}", E_USER_NOTICE); redirectTo('protected_user_manage.php'); } } else { return; } }
function padd_group($tpl, $sql, $dmn_id) { $cfg = EasySCP_Registry::get('Config'); if (isset($_POST['uaction']) && $_POST['uaction'] == 'add_group') { // we have to add the group if (isset($_POST['groupname'])) { if (!validates_username($_POST['groupname'])) { set_page_message(tr('Invalid group name!'), 'warning'); return; } $groupname = $_POST['groupname']; $query = "\n\t\t\t\tSELECT\n\t\t\t\t\t`id`\n\t\t\t\tFROM\n\t\t\t\t\t`htaccess_groups`\n\t\t\t\tWHERE\n\t\t\t\t\t`ugroup` = ?\n\t\t\t\tAND\n\t\t\t\t\t`dmn_id` = ?\n\t\t\t"; $rs = exec_query($sql, $query, array($groupname, $dmn_id)); if ($rs->recordCount() == 0) { $change_status = $cfg->ITEM_ADD_STATUS; $query = "\n\t\t\t\t\tINSERT INTO `htaccess_groups`\n\t\t\t\t\t\t(`dmn_id`, `ugroup`, `status`)\n\t\t\t\t\tVALUES\n\t\t\t\t\t\t(?, ?, ?)\n\t\t\t\t"; exec_query($sql, $query, array($dmn_id, $groupname, $change_status)); send_request(); $admin_login = $_SESSION['user_logged']; write_log("{$admin_login}: add group (protected areas): {$groupname}"); user_goto('protected_user_manage.php'); } else { set_page_message(tr('Group already exists!'), 'error'); return; } } else { set_page_message(tr('Invalid group name!'), 'error'); return; } } else { return; } }
function update_password() { global $sql; if (isset($_POST['uaction']) && $_POST['uaction'] === 'updt_pass') { if (!vhcs_password_check($_POST['pass'], 20)) { set_page_message(tr('Incorrect password range or syntax!')); } else { if ($_POST['pass'] === '' || $_POST['pass_rep'] === '') { set_page_message(tr('Please fill up both data fields!')); } else { if ($_POST['pass'] !== $_POST['pass_rep']) { set_page_message(tr('Passwords does not match!')); } else { $upass = crypt_user_pass($_POST['pass']); $user_id = $_SESSION['user_id']; $query = <<<SQL_QUERY update admin set admin_pass = ? where admin_id = ? SQL_QUERY; $rs = exec_query($sql, $query, array($upass, $user_id)); set_page_message(tr('User password updated successfully!')); } } } } }
function gen_user_sessions(&$tpl, &$sql) { $query = <<<SQL_QUERY select * from login SQL_QUERY; $rs = exec_query($sql, $query, array()); $row = 1; while (!$rs->EOF) { if ($row++ % 2 == 0) { $tpl->assign(array('ADMIN_CLASS' => 'content2')); } else { $tpl->assign(array('ADMIN_CLASS' => 'content')); } $tpl->assign(array('ADMIN_USERNAME' => $rs->fields['session_id'], 'LOGIN_TIME' => date("G:i:s", $rs->fields['lastaccess']))); if ($_SESSION['user_logged'] === $rs->fields['session_id']) { $tpl->assign('KILL_LINK', 'manage_sessions.php'); } else { $tpl->assign('KILL_LINK', 'manage_sessions.php?kill=' . $rs->fields['session_id']); } $tpl->parse('USER_SESSION', '.user_session'); $rs->MoveNext(); } }
/** * client_generatePageLists. * * @param iMSCP_pTemplate $tpl Template engine instance * @return void */ function client_generatePageLists($tpl) { $domainProperties = get_domain_default_props($_SESSION['user_id']); $stmt = exec_query('SELECT created_by FROM admin WHERE admin_id = ?', $_SESSION['user_id']); $software_poss = gen_software_list($tpl, $domainProperties['domain_id'], $stmt->fields['created_by']); $tpl->assign('TOTAL_SOFTWARE_AVAILABLE', $software_poss); }
function getListOfBuyClicks($dt) { global $mycatid; $str = ""; $lnk = dbConnect('localhost', 'root', 'lyntik'); $query = "SELECT b.fdate as fdate,b.ip as cip,b.goodid as gid,b.name as sname,b.source as src,b.price as price FROM buylog b WHERE b.date='{$dt}' AND b.mycat_id={$mycatid} ORDER BY b.ip,b.fdate"; $res = exec_query($query); $ip = "0.0.0.0"; $i = 0; $str .= "<div class=\"all_clicks\">"; $str .= "<div class=\"click_row_title\">\n <div class=\"left click_date title\">Дата</div>\n <div class=\"left click_id title\">ID товара</div>\n <div class=\"left click_name title\">Наименование</div>\n <div class=\"left click_id title\">Цена</div>\n <div class=\"left click_name title\">Источник</div>\n " . closeFloat() . "\n </div>"; if (mysql_num_rows($res) == 0) { $str .= "<div>За выбранную дату нажатий не было</div>"; } else { while ($rows = fetch_array($res)) { if ($ip != $rows['cip']) { $ip = $rows['cip']; if ($i != 0) { $str .= "</div>"; } $str .= "<div class=\"ipclicks\">"; $str .= "<div class=\"client_ip\">Клики с адреса:<b>" . $rows['cip'] . "</b></div>"; } $str .= "<div class=\"click_row\">\n <div class=\"left click_date\">" . $rows['fdate'] . "</div>\n <div class=\"left click_id\">" . $rows['gid'] . "</div>\n <div class=\"left click_name\">" . $rows['sname'] . "</div>\n <div class=\"left click_id\">" . $rows['price'] . "</div>\n <div class=\"left click_name\">" . $rows['src'] . "</div>\n " . closeFloat() . "\n </div>"; } $str .= "</div>"; } $str .= "</div></div>"; mysql_free_result($res); dbDisconnect($lnk); return $str; }
/** * Schedule backup restoration. * * @param int $userId Customer unique identifier * @return void */ function scheduleBackupRestoration($userId) { exec_query("UPDATE `domain` SET `domain_status` = ? WHERE `domain_admin_id` = ?", array('torestore', $userId)); send_request(); write_log($_SESSION['user_logged'] . ": scheduled backup restoration.", E_USER_NOTICE); set_page_message(tr('Backup has been successfully scheduled for restoration.'), 'success'); }
function send_user_message(&$sql, $user_id, $reseller_id) { if (!isset($_POST['uaction'])) { return; } if ($_POST['subj'] === '') { set_page_message(tr('Please specify message subject!')); return; } if ($_POST['user_message'] === '') { set_page_message(tr('Please type your message!')); return; } $ticket_date = time(); $urgency = $_POST['urgency']; $subj = $_POST['subj']; $user_message = preg_replace("/\n/", "<br>", $_POST["user_message"]); $ticket_status = 1; $ticket_reply = 0; $ticket_level = 1; $query = <<<SQL_QUERY insert into tickets (ticket_level, ticket_from, ticket_to, ticket_status, ticket_reply, ticket_urgency, ticket_date, ticket_subject, ticket_message) values (?, ?, ?, ?, ?, ?, ?, ?, ?) SQL_QUERY; $rs = exec_query($sql, $query, array($ticket_level, $user_id, $reseller_id, $ticket_status, $ticket_reply, $urgency, $ticket_date, htmlspecialchars($subj, ENT_QUOTES, "UTF-8"), htmlspecialchars($user_message, ENT_QUOTES, "UTF-8"))); send_tickets_msg($reseller_id, $user_id, $subj); set_page_message(tr('Your message was sent!')); header("Location: support_system.php"); exit(0); }
function update_reseller_personal_data(&$sql, $user_id) { $fname = htmlspecialchars($_POST['fname'], ENT_QUOTES, "UTF-8"); $lname = htmlspecialchars($_POST['lname'], ENT_QUOTES, "UTF-8"); $firm = htmlspecialchars($_POST['firm'], ENT_QUOTES, "UTF-8"); $zip = htmlspecialchars($_POST['zip'], ENT_QUOTES, "UTF-8"); $city = htmlspecialchars($_POST['city'], ENT_QUOTES, "UTF-8"); $country = htmlspecialchars($_POST['country'], ENT_QUOTES, "UTF-8"); $street1 = htmlspecialchars($_POST['street1'], ENT_QUOTES, "UTF-8"); $street2 = htmlspecialchars($_POST['street2'], ENT_QUOTES, "UTF-8"); $email = htmlspecialchars($_POST['email'], ENT_QUOTES, "UTF-8"); $phone = htmlspecialchars($_POST['phone'], ENT_QUOTES, "UTF-8"); $fax = htmlspecialchars($_POST['fax'], ENT_QUOTES, "UTF-8"); $query = <<<SQL_QUERY update admin set fname = ?, lname = ?, firm = ?, zip = ?, city = ?, country = ?, email = ?, phone = ?, fax = ?, street1 = ?, street2 = ? where admin_id = ? SQL_QUERY; $rs = exec_query($sql, $query, array($fname, $lname, $firm, $zip, $city, $country, $email, $phone, $fax, $street1, $street2, $user_id)); set_page_message(tr('Personal data updated successfully!')); }
/** * Adds Htaccess group. * * @param int $domainId Domain unique identifier * @return */ function client_addHtaccessGroup($domainId) { if (isset($_POST['uaction']) && $_POST['uaction'] == 'add_group') { // we have to add the group if (isset($_POST['groupname'])) { if (!validates_username($_POST['groupname'])) { set_page_message(tr('Invalid group name!'), 'error'); return; } $groupname = $_POST['groupname']; $query = "\n\t\t\t\tSELECT\n\t\t\t\t\t`id`\n\t\t\t\tFROM\n\t\t\t\t\t`htaccess_groups`\n\t\t\t\tWHERE\n\t\t\t\t\t`ugroup` = ?\n\t\t\t\tAND\n\t\t\t\t\t`dmn_id` = ?\n\t\t\t"; $rs = exec_query($query, array($groupname, $domainId)); if ($rs->rowCount() == 0) { $change_status = 'toadd'; $query = "\n\t\t\t\t\tINSERT INTO `htaccess_groups` (\n\t\t\t\t\t `dmn_id`, `ugroup`, `status`\n\t\t\t\t\t) VALUES (\n\t\t\t\t\t ?, ?, ?\n\t\t\t\t\t)\n\t\t\t\t"; exec_query($query, array($domainId, $groupname, $change_status)); send_request(); set_page_message(tr('Htaccess group successfully scheduled for addition.'), 'success'); $admin_login = $_SESSION['user_logged']; write_log("{$admin_login}: added htaccess group: {$groupname}", E_USER_NOTICE); redirectTo('protected_user_manage.php'); } else { set_page_message(tr('This htaccess group already exists.'), 'error'); return; } } else { set_page_message(tr('Invalid htaccess group name.'), 'error'); return; } } else { return; } }
function gen_page_ftp_list(&$tpl, &$sql, $dmn_id, $dmn_name) { $query = <<<SQL_QUERY select gid, members from ftp_group where groupname = ? SQL_QUERY; $rs = exec_query($sql, $query, array($dmn_name)); if ($rs->RecordCount() == 0) { $tpl->assign(array('FTP_MSG' => tr('FTP list is empty!'), 'FTP_ITEM' => '', 'FTPS_TOTAL' => '')); $tpl->parse('FTP_MESSAGE', 'ftp_message'); } else { $tpl->assign('FTP_MESSAGE', ''); $ftp_accs = split(',', $rs->fields['members']); for ($i = 0; $i < count($ftp_accs); $i++) { if ($i % 2 == 0) { $tpl->assign('ITEM_CLASS', 'content'); } else { $tpl->assign('ITEM_CLASS', 'content2'); } $ftp_accs_encode[$i] = decode_idna($ftp_accs[$i]); $tpl->assign(array('FTP_ACCOUNT' => $ftp_accs_encode[$i], 'UID' => $ftp_accs[$i])); $tpl->parse('FTP_ITEM', '.ftp_item'); } $tpl->assign('TOTAL_FTP_ACCOUNTS', count($ftp_accs)); } }
/** * @param EasySCP_TemplateEngine $tpl * @param EasySCP_Database $sql * @param int $dmn_id */ function gen_pgroups($tpl, $sql, &$dmn_id) { $cfg = EasySCP_Registry::get('Config'); $query = "\n\t\tSELECT\n\t\t\t*\n\t\tFROM\n\t\t\t`htaccess_groups`\n\t\tWHERE\n\t\t\t`dmn_id` = ?\n\t\tORDER BY\n\t\t\t`dmn_id` DESC\n\t"; $rs = exec_query($sql, $query, $dmn_id); if ($rs->recordCount() == 0) { $tpl->assign('GROUP_MESSAGE', tr('You have no groups!')); } else { while (!$rs->EOF) { $tpl->append(array('GNAME' => tohtml($rs->fields['ugroup']), 'GSTATUS' => translate_dmn_status($rs->fields['status']), 'GROUP_ID' => $rs->fields['id'], 'GROUP_DELETE' => tr('Delete'), 'GROUP_DELETE_SCRIPT' => $rs->fields['status'] === $cfg->ITEM_OK_STATUS && $rs->fields['ugroup'] != $cfg->AWSTATS_GROUP_AUTH ? "action_delete('protected_group_delete.php?gname=" . $rs->fields['id'] . "', '" . $rs->fields['ugroup'] . "')" : tr('N/A'))); if ($rs->fields['members'] != '') { $group_members = ''; $members = explode(',', $rs->fields['members']); $cnt_members = count($members); for ($i = 0; $i < $cnt_members; $i++) { $query = "\n\t\t\t\t\t\tSELECT\n\t\t\t\t\t\t\t`uname`\n\t\t\t\t\t\tFROM\n\t\t\t\t\t\t\t`htaccess_users`\n\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\t`id` = ?\n\t\t\t\t\t"; $rs_members = exec_query($sql, $query, $members[$i]); if ($cnt_members == 1 || $cnt_members == $i + 1) { $group_members .= tohtml($rs_members->fields['uname']); } else { $group_members .= tohtml($rs_members->fields['uname']) . ', '; } } $tpl->append('MEMBER', $group_members); } else { $tpl->append('MEMBER', ''); } $rs->moveNext(); } } }
public static function check_udata($id, $pass) { $sql = EasySCP_Registry::get('Db'); $query = "\n\t\t\tSELECT\n\t\t\t\t`admin_id`, `admin_pass`\n\t\t\tFROM\n\t\t\t\t`admin`\n\t\t\tWHERE\n\t\t\t\t`admin_id` = ?\n\t\t\tAND\n\t\t\t\t`admin_pass` = ?\n\t\t"; $rs = exec_query($sql, $query, array($id, md5($pass))); return $rs->recordCount() != 1 ? false : true; }
/** * Generate page * * @param iMSCP_pTemplate $tpl Template engine * @return void */ function generatePage($tpl) { $stmt = exec_query('SELECT admin_id FROM admin WHERE created_by = ?', intval($_SESSION['user_id'])); while ($row = $stmt->fetchRow(PDO::FETCH_ASSOC)) { _generateUserStatistics($tpl, $row['admin_id']); $tpl->parse('USER_STATISTICS_ENTRY_BLOCK', '.user_statistics_entry_block'); } }
/** * Generates page. * * @param iMSCP_pTemplate $tpl Template engine instance */ function reseller_generatePage($tpl) { /** @var $cfg iMSCP_Config_Handler_File */ $cfg = iMSCP_Registry::get('config'); $query = "SELECT domain_created from admin where admin_id = ?"; $stmt = exec_query($query, (int) $_SESSION['user_id']); $tpl->assign(array('TR_ACCOUNT_SUMMARY' => tr('Account summary'), 'TR_USERNAME' => tr('Username'), 'USERNAME' => tohtml($_SESSION['user_logged']), 'TR_ACCOUNT_TYPE' => tr('Account type'), 'ACCOUNT_TYPE' => $_SESSION['user_type'], 'TR_REGISTRATION_DATE' => tr('Registration date'), 'REGISTRATION_DATE' => $stmt->fields['domain_created'] != 0 ? date($cfg->DATE_FORMAT, $stmt->fields['domain_created']) : tr('Unknown'))); }
function padd_user(&$tpl, &$sql, &$dmn_id) { if (isset($_POST['uaction']) && $_POST['uaction'] == 'add_user') { // we have user to add if (isset($_POST['username']) && isset($_POST['pass']) && isset($_POST['pass_rep'])) { if (chk_username($_POST['username']) > 0) { set_page_message(tr('Wrong username!')); return; } if (chk_password($_POST['pass']) > 0) { set_page_message(tr('Incorrect password range or syntax!')); return; } if ($_POST['pass'] !== $_POST['pass_rep']) { set_page_message(tr('Passwords does not match!')); return; } $uname = $_POST['username']; $upass = crypt($_POST['pass']); $query = <<<SQL_QUERY select \t\t\tid from htaccess_users where uname = ? \t\t\t and \t\t\t dmn_id = ? SQL_QUERY; $rs = exec_query($sql, $query, array($uname, $dmn_id)); if ($rs->RecordCount() == 0) { $query = <<<SQL_QUERY insert into htaccess_users (dmn_id, uname, upass) values (?, ?, ?) SQL_QUERY; $rs = exec_query($sql, $query, array($dmn_id, $uname, $upass)); $admin_login = $_SESSION['user_logged']; write_log("{$admin_login}: add user (protected areas) -> {$uname}"); header('Location: puser_manage.php'); die; } else { set_page_message(tr('User already exist !')); return; } } } else { return; } }
/** * Check if a database with same name already exists * * @param EasySCP_Database $sql EasySCP_Database instance * @param string $db_name database name to be checked * @return boolean TRUE if database exists, false otherwise */ function check_db_name($sql, $db_name) { $rs = exec_query($sql, 'SHOW DATABASES'); while (!$rs->EOF) { if ($db_name == $rs->fields['Database']) { return true; } $rs->moveNext(); } return false; }
/** * Check admin current password. * * @access private * @param string $password Admin current password * @return bool TRUE if current password is valid, FALSE otherwise */ function _reseller_checkCurrentPassword($password) { $stmt = exec_query('SELECT `admin_pass` FROM `admin` WHERE `admin_id` = ?', $_SESSION['user_id']); if (!$stmt->rowCount()) { set_page_message(tr('Unable to retrieve your password from the database.'), 'error'); return false; } elseif (cryptPasswordWithSalt($password, $stmt->fields['admin_pass']) !== $stmt->fields['admin_pass']) { return false; } return true; }
/** * Generates statistics page for the given period * * @param iMSCP_pTemplate $tpl template engine instance * @return void */ function generatePage($tpl) { if (isset($_GET['month']) && isset($_GET['year'])) { $year = intval($_GET['year']); $month = intval($_GET['month']); } else { if (isset($_POST['month']) && isset($_POST['year'])) { $year = intval($_POST['year']); $month = intval($_POST['month']); } else { $month = date('m'); $year = date('y'); } } $stmt = exec_query('SELECT traff_time FROM server_traffic ORDER BY traff_time ASC LIMIT 1'); if ($stmt->rowCount()) { $row = $stmt->fetchRow(PDO::FETCH_ASSOC); $numberYears = date('y') - date('y', $row['traff_time']); $numberYears = $numberYears ? $numberYears + 1 : 1; } else { $numberYears = 1; } generateMonthsAndYearsHtmlList($tpl, $month, $year, $numberYears); $stmt = exec_query('SELECT bytes_in FROM server_traffic WHERE traff_time BETWEEN ? AND ? LIMIT 1', array(getFirstDayOfMonth($month, $year), getLastDayOfMonth($month, $year))); if ($stmt->rowCount()) { if ($month == date('m') && $year == date('y')) { $curday = date('j'); } else { $curday = date('j', getLastDayOfMonth($month, $year)); } $all = array_fill(0, 8, 0); for ($day = 1; $day <= $curday; $day++) { $beginDate = mktime(0, 0, 0, $month, $day, $year); $endDate = mktime(23, 59, 59, $month, $day, $year); list($webIn, $webOut, $smtpIn, $smtpOut, $popIn, $popOut, $otherIn, $otherOut, $allIn, $allOut) = _getServerTraffic($beginDate, $endDate); $tpl->assign(array('DAY' => tohtml($day), 'YEAR' => tohtml($year), 'MONTH' => tohtml($month), 'WEB_IN' => tohtml(bytesHuman($webIn)), 'WEB_OUT' => tohtml(bytesHuman($webOut)), 'SMTP_IN' => tohtml(bytesHuman($smtpIn)), 'SMTP_OUT' => tohtml(bytesHuman($smtpOut)), 'POP_IN' => tohtml(bytesHuman($popIn)), 'POP_OUT' => tohtml(bytesHuman($popOut)), 'OTHER_IN' => tohtml(bytesHuman($otherIn)), 'OTHER_OUT' => tohtml(bytesHuman($otherOut)), 'ALL_IN' => tohtml(bytesHuman($allIn)), 'ALL_OUT' => tohtml(bytesHuman($allOut)), 'ALL' => tohtml(bytesHuman($allIn + $allOut)), 'DAY_STATS_QSTRING' => tohtml("year={$year}&month={$month}&day={$day}", 'htmlAttr'))); $all[0] += $webIn; $all[1] += $webOut; $all[2] += $smtpIn; $all[3] += $smtpOut; $all[4] += $popIn; $all[5] += $popOut; $all[6] += $allIn; $all[7] += $allOut; $tpl->parse('DAY_SERVER_STATISTICS_BLOCK', '.day_server_statistics_block'); } $allOtherIn = $all[6] - ($all[0] + $all[2] + $all[4]); $allOtherOut = $all[7] - ($all[1] + $all[3] + $all[5]); $tpl->assign(array('WEB_IN_ALL' => tohtml(bytesHuman($all[0])), 'WEB_OUT_ALL' => tohtml(bytesHuman($all[1])), 'SMTP_IN_ALL' => tohtml(bytesHuman($all[2])), 'SMTP_OUT_ALL' => tohtml(bytesHuman($all[3])), 'POP_IN_ALL' => tohtml(bytesHuman($all[4])), 'POP_OUT_ALL' => tohtml(bytesHuman($all[5])), 'OTHER_IN_ALL' => tohtml(bytesHuman($allOtherIn)), 'OTHER_OUT_ALL' => tohtml(bytesHuman($allOtherOut)), 'ALL_IN_ALL' => tohtml(bytesHuman($all[6])), 'ALL_OUT_ALL' => tohtml(bytesHuman($all[7])), 'ALL_ALL' => tohtml(bytesHuman($all[6] + $all[7])))); } else { set_page_message(tr('No statistics found for the given period. Try another period.'), 'static_info'); $tpl->assign('SERVER_STATISTICS_BLOCK', ''); } }
function gen_packages_list(&$tpl, &$sql, $user_id) { global $cfg; if (isset($cfg['HOSTING_PLANS_LEVEL']) && $cfg['HOSTING_PLANS_LEVEL'] === 'admin') { $query = <<<SQL_QUERY \t\t\tselect \t\t\t\tt1.*, \t\t\t\tt2.admin_id, t2.admin_type \t\t\tfrom \t\t\t\thosting_plans as t1, \t\t\t\tadmin as t2 \t\t\twhere \t\t\t\tt2.admin_type=? \t\t\tand \t\t\t\tt1.reseller_id = t2.admin_id \t\t\tand \t\t\t\tt1.status=1 \t\t\torder by \t\t\t\tt1.id SQL_QUERY; $rs = exec_query($sql, $query, array('admin')); } else { $query = <<<SQL_QUERY \t\t\t\tselect \t\t\t\t\t* \t\t\t\tfrom \t\t\t\t\thosting_plans \t\t\t\twhere \t\t\t\t\treseller_id = ? \t\t\t\t and \t\t\t\t\tstatus = '1' SQL_QUERY; $rs = exec_query($sql, $query, array($user_id)); } if ($rs->RecordCount() == 0) { system_message(tr('No available hosting packages')); } else { while (!$rs->EOF) { $description = $rs->fields['description']; if ($description == '') { $description = ''; } $price = $rs->fields['price']; if ($price == 0 || $price == '') { $price = "/ " . tr('free of charge'); } else { $price = "/ " . $price . " " . $rs->fields['value'] . " " . $rs->fields['payment']; } $tpl->assign(array('PACK_NAME' => $rs->fields['name'], 'PACK_ID' => $rs->fields['id'], 'USER_ID' => $user_id, 'PURCHASE' => tr('Purchase'), 'PACK_INFO' => $description, 'PRICE' => $price)); $tpl->parse('PURCHASE_LIST', '.purchase_list'); $rs->MoveNext(); } } }
function set_email_tpl_data($admin_id, $tpl_name, $data) { $sql = EasySCP_Registry::get('Db'); $query = "\n\t\tSELECT\n\t\t\t`subject`, `message`\n\t\tFROM\n\t\t\t`email_tpls`\n\t\tWHERE\n\t\t\t`owner_id` = ?\n\t\tAND\n\t\t\t`name` = ?\n\t"; $rs = exec_query($sql, $query, array($admin_id, $tpl_name)); if ($rs->rowCount() == 0) { $query = "\n\t\t\tINSERT INTO `email_tpls`\n\t\t\t\t(`subject`, `message`, `owner_id`, `name`)\n\t\t\tVALUES\n\t\t\t\t(?, ?, ?, ?)\n\t\t"; } else { $query = "\n\t\t\tUPDATE\n\t\t\t\t`email_tpls`\n\t\t\tSET\n\t\t\t\t`subject` = ?,\n\t\t\t\t`message` = ?\n\t\t\tWHERE\n\t\t\t\t`owner_id` = ?\n\t\t\tAND\n\t\t\t\t`name` = ?\n\t\t"; } exec_query($sql, $query, array($data['subject'], $data['message'], $admin_id, $tpl_name)); }
/** * Generates page * * @param iMSCP_pTemplate $tpl Template engine instance * @param int $resellerId Reseller unique identifier * @return void */ function generatePage($tpl, $resellerId) { $stmt = exec_query('SELECT admin_id FROM admin WHERE created_by = ?', $resellerId); if ($stmt->rowCount()) { while ($row = $stmt->fetchRow(PDO::FETCH_ASSOC)) { _generateUserStatistics($tpl, $row['admin_id']); $tpl->parse('RESELLER_USER_STATISTICS_BLOCK', '.reseller_user_statistics_block'); } } else { $tpl->assign('RESELLER_USER_STATISTICS_BLOCK', ''); } }
function send_backup_restore_request($sql, $user_id) { if (isset($_POST['uaction']) && $_POST['uaction'] === 'bk_restore') { $query = "\n\t\t\tUPDATE\n\t\t\t\t`domain`\n\t\t\tSET\n\t\t\t\t`status` = 'restore'\n\t\t\tWHERE\n\t\t\t\t`domain_admin_id` = ?\n\t\t"; exec_query($sql, $query, $user_id); send_request(); write_log($_SESSION['user_logged'] . ": restore backup files."); set_page_message(tr('Backup archive scheduled for restoring!'), 'success'); } }