/** * @param $tpl iMSCP_pTemplate * @return void */ function add_user($tpl) { /** @var $cfg iMSCP_Config_Handler_File */ $cfg = iMSCP_Registry::get('config'); if (isset($_POST['uaction']) && $_POST['uaction'] === 'add_user') { iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onBeforeAddUser); if (check_user_data()) { $upass = cryptPasswordWithSalt(clean_input($_POST['password'])); $user_id = $_SESSION['user_id']; $username = clean_input($_POST['username']); $fname = clean_input($_POST['fname']); $lname = clean_input($_POST['lname']); $gender = clean_input($_POST['gender']); $firm = clean_input($_POST['firm']); $zip = clean_input($_POST['zip']); $city = clean_input($_POST['city']); $state = clean_input($_POST['state']); $country = clean_input($_POST['country']); $email = clean_input($_POST['email']); $phone = clean_input($_POST['phone']); $fax = clean_input($_POST['fax']); $street1 = clean_input($_POST['street1']); $street2 = clean_input($_POST['street2']); if (get_gender_by_code($gender, true) === null) { $gender = ''; } $query = "\n\t\t\t\tINSERT INTO `admin` (\n\t\t\t\t\t`admin_name`, `admin_pass`, `admin_type`, `domain_created`, `created_by`, `fname`, `lname`, `firm`,\n\t\t\t\t\t`zip`, `city`, `state`, `country`, `email`, `phone`, `fax`, `street1`, `street2`, `gender`\n\t\t\t\t) VALUES (\n\t\t\t\t\t?, ?, 'admin', unix_timestamp(), ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?\n\t\t\t\t)\n\t\t\t"; exec_query($query, array($username, $upass, $user_id, $fname, $lname, $firm, $zip, $city, $state, $country, $email, $phone, $fax, $street1, $street2, $gender)); /** @var $db iMSCP_Database */ $db = iMSCP_Registry::get('db'); $new_admin_id = $db->insertId(); $user_logged = $_SESSION['user_logged']; write_log("{$user_logged}: add admin: {$username}", E_USER_WARNING); $user_def_lang = $cfg->USER_INITIAL_LANG; $user_theme_color = $cfg->USER_INITIAL_THEME; $query = "\n\t\t\t\tREPLACE INTO `user_gui_props` (\n\t\t\t\t\t`user_id`, `lang`, `layout`\n\t\t\t\t) VALUES (\n\t\t\t\t\t?, ?, ?\n\t\t\t\t)\n\t\t\t"; exec_query($query, array($new_admin_id, $user_def_lang, $user_theme_color)); iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onAfterAddUser); send_add_user_auto_msg($user_id, clean_input($_POST['username']), clean_input($_POST['password']), clean_input($_POST['email']), clean_input($_POST['fname']), clean_input($_POST['lname']), tr('Administrator')); //$_SESSION['user_added'] = 1; set_page_message(tr('Admin account successfully created.'), 'success'); redirectTo('manage_users.php'); } else { // check user data $tpl->assign(array('EMAIL' => clean_input($_POST['email'], true), 'USERNAME' => clean_input($_POST['username'], true), 'FIRST_NAME' => clean_input($_POST['fname'], true), 'LAST_NAME' => clean_input($_POST['lname'], true), 'FIRM' => clean_input($_POST['firm'], true), 'ZIP' => clean_input($_POST['zip'], true), 'CITY' => clean_input($_POST['city'], true), 'STATE' => clean_input($_POST['state'], true), 'COUNTRY' => clean_input($_POST['country'], true), 'STREET_1' => clean_input($_POST['street1'], true), 'STREET_2' => clean_input($_POST['street2'], true), 'PHONE' => clean_input($_POST['phone'], true), 'FAX' => clean_input($_POST['fax'], true), 'VL_MALE' => $_POST['gender'] == 'M' ? $cfg->HTML_SELECTED : '', 'VL_FEMALE' => $_POST['gender'] == 'F' ? $cfg->HTML_SELECTED : '', 'VL_UNKNOWN' => $_POST['gender'] == 'U' || empty($_POST['gender']) ? $cfg->HTML_SELECTED : '')); } } else { $tpl->assign(array('EMAIL' => '', 'USERNAME' => '', 'FIRST_NAME' => '', 'LAST_NAME' => '', 'FIRM' => '', 'ZIP' => '', 'CITY' => '', 'STATE' => '', 'COUNTRY' => '', 'STREET_1' => '', 'STREET_2' => '', 'PHONE' => '', 'FAX' => '', 'VL_MALE' => '', 'VL_FEMALE' => '', 'VL_UNKNOWN' => $cfg->HTML_SELECTED)); } }
/** * @param EasySCP_TemplateEngine $tpl */ function add_user($tpl) { $cfg = EasySCP_Registry::get('Config'); $sql = EasySCP_Registry::get('Db'); if (isset($_POST['uaction']) && $_POST['uaction'] === 'add_user') { if (check_user_data()) { $upass = crypt_user_pass($_POST['pass']); $user_id = $_SESSION['user_id']; $username = clean_input($_POST['username']); $fname = clean_input($_POST['fname']); $lname = clean_input($_POST['lname']); $gender = clean_input($_POST['gender']); $firm = clean_input($_POST['firm']); $zip = clean_input($_POST['zip']); $city = clean_input($_POST['city']); $state = clean_input($_POST['state']); $country = clean_input($_POST['country']); $email = clean_input($_POST['email']); $phone = clean_input($_POST['phone']); $fax = clean_input($_POST['fax']); $street1 = clean_input($_POST['street1']); $street2 = clean_input($_POST['street2']); if (get_gender_by_code($gender, true) === null) { $gender = ''; } $query = "\n\t\t\t\tINSERT INTO `admin`\n\t\t\t\t\t(\n\t\t\t\t\t\t`admin_name`,\n\t\t\t\t\t\t`admin_pass`,\n\t\t\t\t\t\t`admin_type`,\n\t\t\t\t\t\t`domain_created`,\n\t\t\t\t\t\t`created_by`,\n\t\t\t\t\t\t`fname`,\n\t\t\t\t\t\t`lname`,\n\t\t\t\t\t\t`firm`,\n\t\t\t\t\t\t`zip`,\n\t\t\t\t\t\t`city`,\n\t\t\t\t\t\t`state`,\n\t\t\t\t\t\t`country`,\n\t\t\t\t\t\t`email`,\n\t\t\t\t\t\t`phone`,\n\t\t\t\t\t\t`fax`,\n\t\t\t\t\t\t`street1`,\n\t\t\t\t\t\t`street2`,\n\t\t\t\t\t\t`gender`\n\t\t\t\t\t) VALUES (\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t'admin',\n\t\t\t\t\t\tunix_timestamp(),\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?\n\t\t\t\t\t)\n\t\t\t"; exec_query($sql, $query, array($username, $upass, $user_id, $fname, $lname, $firm, $zip, $city, $state, $country, $email, $phone, $fax, $street1, $street2, $gender)); $new_admin_id = $sql->insertId(); $user_logged = $_SESSION['user_logged']; write_log("{$user_logged}: add admin: {$username}"); $user_def_lang = $_SESSION['user_def_lang']; $user_theme_color = $_SESSION['user_theme']; $query = "\n\t\t\t\tINSERT INTO `user_gui_props` (\n\t\t\t\t\t`user_id`,\n\t\t\t\t\t`lang`,\n\t\t\t\t\t`layout`\n\t\t\t\t) VALUES (?,?,?)\n\t\t\t"; exec_query($sql, $query, array($new_admin_id, $user_def_lang, $user_theme_color)); send_add_user_auto_msg($user_id, clean_input($_POST['username']), clean_input($_POST['pass']), clean_input($_POST['email']), clean_input($_POST['fname']), clean_input($_POST['lname']), tr('Administrator'), $gender); $_SESSION['user_added'] = 1; user_goto('manage_users.php'); } else { // check user data $tpl->assign(array('EMAIL' => clean_input($_POST['email'], true), 'USERNAME' => clean_input($_POST['username'], true), 'FIRST_NAME' => clean_input($_POST['fname'], true), 'LAST_NAME' => clean_input($_POST['lname'], true), 'FIRM' => clean_input($_POST['firm'], true), 'ZIP' => clean_input($_POST['zip'], true), 'CITY' => clean_input($_POST['city'], true), 'STATE' => clean_input($_POST['state'], true), 'COUNTRY' => clean_input($_POST['country'], true), 'STREET_1' => clean_input($_POST['street1'], true), 'STREET_2' => clean_input($_POST['street2'], true), 'PHONE' => clean_input($_POST['phone'], true), 'FAX' => clean_input($_POST['fax'], true), 'VL_MALE' => $_POST['gender'] == 'M' ? $cfg->HTML_SELECTED : '', 'VL_FEMALE' => $_POST['gender'] == 'F' ? $cfg->HTML_SELECTED : '', 'VL_UNKNOWN' => $_POST['gender'] == 'U' || empty($_POST['gender']) ? $cfg->HTML_SELECTED : '')); } } else { $tpl->assign(array('EMAIL' => '', 'USERNAME' => '', 'FIRST_NAME' => '', 'LAST_NAME' => '', 'FIRM' => '', 'ZIP' => '', 'CITY' => '', 'STATE' => '', 'COUNTRY' => '', 'STREET_1' => '', 'STREET_2' => '', 'PHONE' => '', 'FAX' => '', 'VL_MALE' => '', 'VL_FEMALE' => '', 'VL_UNKNOWN' => $cfg->HTML_SELECTED)); } // end else }
/** * Update user data * * @param int $userId Customer unique identifier * @return void */ function admin_updateUserData($userId) { iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onBeforeEditUser, array('userId' => $userId)); $fname = isset($_POST['fname']) ? clean_input($_POST['fname']) : ''; $lname = isset($_POST['lname']) ? clean_input($_POST['lname']) : ''; $firm = isset($_POST['firm']) ? clean_input($_POST['firm']) : ''; $gender = isset($_POST['gender']) ? clean_input($_POST['gender']) : ''; $zip = isset($_POST['zip']) ? clean_input($_POST['zip']) : ''; $city = isset($_POST['city']) ? clean_input($_POST['city']) : ''; $state = isset($_POST['state']) ? clean_input($_POST['state']) : ''; $country = isset($_POST['country']) ? clean_input($_POST['country']) : ''; $email = isset($_POST['email']) ? clean_input($_POST['email']) : ''; $phone = isset($_POST['phone']) ? clean_input($_POST['phone']) : ''; $fax = isset($_POST['fax']) ? clean_input($_POST['fax']) : ''; $street1 = isset($_POST['street1']) ? clean_input($_POST['street1']) : ''; $street2 = isset($_POST['street2']) ? clean_input($_POST['street2']) : ''; $userName = get_user_name($userId); if (empty($_POST['password'])) { $query = "\n\t\t\tUPDATE\n\t\t\t\t`admin`\n\t\t\tSET\n\t\t\t\t`fname` = ?, `lname` = ?, `firm` = ?, `zip` = ?, `city` = ?, `state` = ?, `country` = ?, `email` = ?,\n\t\t\t\t`phone` = ?, `fax` = ?, `street1` = ?, `street2` = ?, `gender` = ?\n\t\t\tWHERE\n\t\t\t\t`admin_id` = ?\n\t\t"; exec_query($query, array($fname, $lname, $firm, $zip, $city, $state, $country, $email, $phone, $fax, $street1, $street2, $gender, $userId)); } else { $query = "\n\t\t\tUPDATE\n\t\t\t\t`admin`\n\t\t\tSET\n\t\t\t\t`admin_pass` = ?, `fname` = ?, `lname` = ?, `firm` = ?, `zip` = ?, `city` = ?, `state` = ?,\n\t\t\t\t`country` = ?, `email` = ?, `phone` = ?, `fax` = ?, `street1` = ?, `street2` = ?, `gender` = ?\n\t\t\tWHERE\n\t\t\t\t`admin_id` = ?\n\t\t"; exec_query($query, array(cryptPasswordWithSalt($_POST['password']), $fname, $lname, $firm, $zip, $city, $state, $country, $email, $phone, $fax, $street1, $street2, $gender, $userId)); $query = "DELETE FROM `login` WHERE `user_name` = ?"; $stmt = exec_query($query, $userName); if ($stmt->rowCount()) { set_page_message(tr('User session successfully killed for password change.'), 'success'); } } iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onAfterEditUser, array('userId' => $userId)); if (isset($_POST['send_data']) && !empty($_POST['password'])) { $query = 'SELECT `admin_type` FROM `admin` WHERE `admin_id` = ?'; $stmt = exec_query($query, $userId); if ($stmt->fields['admin_type'] == 'admin') { $admin_type = tr('Administrator'); } elseif ($stmt->fields['admin_type'] == 'reseller') { $admin_type = tr('Reseller'); } else { $admin_type = tr('Customer'); } send_add_user_auto_msg($userId, $userName, $_POST['password'], $_POST['email'], $_POST['fname'], $_POST['lname'], $admin_type); set_page_message(tr('Login data successfully sent to %s.', $userName), 'success'); } }
function add_reseller(&$tpl, &$sql) { global $reseller_ips; if (isset($_POST['uaction']) && $_POST['uaction'] === 'add_reseller') { if (check_user_data()) { $upass = crypt_user_pass($_POST['pass']); $user_id = $_SESSION['user_id']; $username = $_POST['username']; $fname = htmlspecialchars($_POST['fname'], ENT_QUOTES, "UTF-8"); $lname = htmlspecialchars($_POST['lname'], ENT_QUOTES, "UTF-8"); $firm = htmlspecialchars($_POST['firm'], ENT_QUOTES, "UTF-8"); $zip = htmlspecialchars($_POST['zip'], ENT_QUOTES, "UTF-8"); $city = htmlspecialchars($_POST['city'], ENT_QUOTES, "UTF-8"); $country = htmlspecialchars($_POST['country'], ENT_QUOTES, "UTF-8"); $email = htmlspecialchars($_POST['email'], ENT_QUOTES, "UTF-8"); $phone = htmlspecialchars($_POST['phone'], ENT_QUOTES, "UTF-8"); $fax = htmlspecialchars($_POST['fax'], ENT_QUOTES, "UTF-8"); $street1 = htmlspecialchars($_POST['street1'], ENT_QUOTES, "UTF-8"); $street2 = htmlspecialchars($_POST['street2'], ENT_QUOTES, "UTF-8"); $query = <<<SQL_QUERY insert into admin ( admin_name, admin_pass, admin_type, domain_created, created_by, fname, lname, firm, zip, city, country, email, phone, fax, street1, street2 ) values ( ?, ?, 'reseller', unix_timestamp(), ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ? ) SQL_QUERY; $rs = exec_query($sql, $query, array($username, $upass, $user_id, $fname, $lname, $firm, $zip, $city, $country, $email, $phone, $fax, $street1, $street2)); $new_admin_id = $sql->Insert_ID(); insert_email_tpl($sql, $new_admin_id); $user_logged = $_SESSION['user_logged']; write_log("{$user_logged} : add reseller -> {$username}"); $user_def_lang = $_SESSION['user_def_lang']; $user_theme_color = $_SESSION['user_theme_color']; $user_logo = 0; $query = <<<SQL_QUERY insert into user_gui_props ( user_id, lang, layout, logo ) values ( ?, ?, ?, ? ) SQL_QUERY; $rs = exec_query($sql, $query, array($new_admin_id, $user_def_lang, $user_theme_color, $user_logo)); /* * 'reseller_props' table entry; */ $nreseller_max_domain_cnt = $_POST['nreseller_max_domain_cnt']; $nreseller_max_subdomain_cnt = $_POST['nreseller_max_subdomain_cnt']; $nreseller_max_alias_cnt = $_POST['nreseller_max_alias_cnt']; $nreseller_max_mail_cnt = $_POST['nreseller_max_mail_cnt']; $nreseller_max_ftp_cnt = $_POST['nreseller_max_ftp_cnt']; $nreseller_max_sql_db_cnt = $_POST['nreseller_max_sql_db_cnt']; $nreseller_max_sql_user_cnt = $_POST['nreseller_max_sql_user_cnt']; $nreseller_max_traffic = $_POST['nreseller_max_traffic']; $nreseller_max_disk = $_POST['nreseller_max_disk']; $customer_id = $_POST['customer_id']; $query = <<<SQL_QUERY insert into reseller_props ( reseller_id, reseller_ips, max_dmn_cnt, current_dmn_cnt, max_sub_cnt, current_sub_cnt, max_als_cnt, current_als_cnt, max_mail_cnt, current_mail_cnt, max_ftp_cnt, current_ftp_cnt, max_sql_db_cnt, current_sql_db_cnt, max_sql_user_cnt, current_sql_user_cnt, max_traff_amnt, current_traff_amnt, max_disk_amnt, current_disk_amnt, customer_id ) values ( ?, ?, ?, '0', ?, '0', ?, '0', ?, '0', ?, '0', ?, '0', ?, '0', ?, '0', ?, '0', ? ) SQL_QUERY; $rs = exec_query($sql, $query, array($new_admin_id, $reseller_ips, $nreseller_max_domain_cnt, $nreseller_max_subdomain_cnt, $nreseller_max_alias_cnt, $nreseller_max_mail_cnt, $nreseller_max_ftp_cnt, $nreseller_max_sql_db_cnt, $nreseller_max_sql_user_cnt, $nreseller_max_traffic, $nreseller_max_disk, $customer_id)); send_add_user_auto_msg($user_id, $_POST['username'], $_POST['pass'], $_POST['email'], htmlspecialchars($_POST['fname'], ENT_QUOTES, "UTF-8"), htmlspecialchars($_POST['lname'], ENT_QUOTES, "UTF-8"), tr('Reseller')); $_SESSION['reseller_added'] = 1; header("Location: manage_users.php"); die; } else { $tpl->assign(array('EMAIL' => $_POST['email'], 'USERNAME' => $_POST['username'], 'FIRST_NAME' => $_POST['fname'], 'CUSTOMER_ID' => $_POST['customer_id'], 'LAST_NAME' => $_POST['lname'], 'FIRM' => $_POST['firm'], 'ZIP' => $_POST['zip'], 'CITY' => $_POST['city'], 'COUNTRY' => $_POST['country'], 'STREET_1' => $_POST['street1'], 'STREET_2' => $_POST['street2'], 'PHONE' => $_POST['phone'], 'FAX' => $_POST['fax'], 'MAX_DOMAIN_COUNT' => $_POST['nreseller_max_domain_cnt'], 'MAX_SUBDOMAIN_COUNT' => $_POST['nreseller_max_subdomain_cnt'], 'MAX_ALIASES_COUNT' => $_POST['nreseller_max_alias_cnt'], 'MAX_MAIL_USERS_COUNT' => $_POST['nreseller_max_mail_cnt'], 'MAX_FTP_USERS_COUNT' => $_POST['nreseller_max_ftp_cnt'], 'MAX_SQLDB_COUNT' => $_POST['nreseller_max_sql_db_cnt'], 'MAX_SQL_USERS_COUNT' => $_POST['nreseller_max_sql_user_cnt'], 'MAX_TRAFFIC_AMOUNT' => $_POST['nreseller_max_traffic'], 'MAX_DISK_AMOUNT' => $_POST['nreseller_max_disk'])); } } else { $tpl->assign(array('EMAIL' => '', 'USERNAME' => '', 'FIRST_NAME' => '', 'CUSTOMER_ID' => '', 'LAST_NAME' => '', 'FIRM' => '', 'ZIP' => '', 'CITY' => '', 'COUNTRY' => '', 'STREET_1' => '', 'STREET_2' => '', 'PHONE' => '', 'FAX' => '', 'MAX_DOMAIN_COUNT' => '', 'MAX_SUBDOMAIN_COUNT' => '', 'MAX_ALIASES_COUNT' => '', 'MAX_MAIL_USERS_COUNT' => '', 'MAX_FTP_USERS_COUNT' => '', 'MAX_SQLDB_COUNT' => '', 'MAX_SQL_USERS_COUNT' => '', 'MAX_TRAFFIC_AMOUNT' => '', 'MAX_DISK_AMOUNT' => '')); } }
function add_user(&$tpl, &$sql) { if (isset($_POST['uaction']) && $_POST['uaction'] === 'add_user') { if (check_user_data()) { $upass = crypt_user_pass($_POST['pass']); $user_id = $_SESSION['user_id']; $username = $_POST['username']; $fname = htmlspecialchars($_POST['fname'], ENT_QUOTES, "UTF-8"); $lname = htmlspecialchars($_POST['lname'], ENT_QUOTES, "UTF-8"); $firm = htmlspecialchars($_POST['firm'], ENT_QUOTES, "UTF-8"); $zip = htmlspecialchars($_POST['zip'], ENT_QUOTES, "UTF-8"); $city = htmlspecialchars($_POST['city'], ENT_QUOTES, "UTF-8"); $country = htmlspecialchars($_POST['country'], ENT_QUOTES, "UTF-8"); $email = htmlspecialchars($_POST['email'], ENT_QUOTES, "UTF-8"); $phone = htmlspecialchars($_POST['phone'], ENT_QUOTES, "UTF-8"); $fax = htmlspecialchars($_POST['fax'], ENT_QUOTES, "UTF-8"); $street1 = htmlspecialchars($_POST['street1'], ENT_QUOTES, "UTF-8"); $street2 = htmlspecialchars($_POST['street2'], ENT_QUOTES, "UTF-8"); $query = <<<SQL_QUERY insert into admin ( admin_name, admin_pass, admin_type, domain_created, created_by, fname, lname, firm, zip, city, country, email, phone, fax, street1, street2 ) values ( ?, ?, 'admin', unix_timestamp(), ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ? ) SQL_QUERY; $rs = exec_query($sql, $query, array($username, $upass, $user_id, $fname, $lname, $firm, $zip, $city, $country, $email, $phone, $fax, $street1, $street2)); $new_admin_id = $sql->Insert_ID(); $user_logged = $_SESSION['user_logged']; write_log("{$user_logged} : add admin -> {$username}"); insert_email_tpl($sql, $new_admin_id); $user_def_lang = $_SESSION['user_def_lang']; $user_theme_color = $_SESSION['user_theme_color']; $user_logo = 0; $query = <<<SQL_QUERY insert into user_gui_props ( user_id, lang, layout, logo ) values ( ?,?,?,? ) SQL_QUERY; $rs = exec_query($sql, $query, array($new_admin_id, $user_def_lang, $user_theme_color, $user_logo)); send_add_user_auto_msg($user_id, $_POST['username'], $_POST['pass'], $_POST['email'], $_POST['fname'], $_POST['lname'], tr('Administrator')); $_SESSION['user_added'] = 1; header("Location: manage_users.php"); die; } else { $tpl->assign(array('EMAIL' => $_POST['email'], 'USERNAME' => $_POST['username'], 'FIRST_NAME' => $_POST['fname'], 'LAST_NAME' => $_POST['lname'], 'FIRM' => $_POST['firm'], 'ZIP' => $_POST['zip'], 'CITY' => $_POST['city'], 'COUNTRY' => $_POST['country'], 'STREET_1' => $_POST['street1'], 'STREET_2' => $_POST['street2'], 'PHONE' => $_POST['phone'], 'FAX' => $_POST['fax'])); } } else { $tpl->assign(array('EMAIL' => '', 'USERNAME' => '', 'FIRST_NAME' => '', 'LAST_NAME' => '', 'FIRM' => '', 'ZIP' => '', 'CITY' => '', 'COUNTRY' => '', 'STREET_1' => '', 'STREET_2' => '', 'PHONE' => '', 'FAX' => '')); } // else }
/** * Function to update changes into db * * @param int $adminId Customer unique identifier * @return void */ function reseller_updateUserData($adminId) { iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onBeforeEditUser, array('userId' => $adminId)); global $adminName, $email, $customerId, $firstName, $lastName, $firm, $zip, $gender, $city, $state, $country, $street1, $street2, $phone, $fax, $password, $passwordRepeat; $resellerId = intval($_SESSION['user_id']); if ($password === '' && $passwordRepeat === '') { // Save without password exec_query(' UPDATE admin SET fname = ?, lname = ?, firm = ?, zip = ?, city = ?, state = ?, country = ?, email = ?, phone = ?, fax = ?, street1 = ?, street2 = ?, gender = ?, customer_id = ? WHERE admin_id = ? AND created_by = ? ', array($firstName, $lastName, $firm, $zip, $city, $state, $country, $email, $phone, $fax, $street1, $street2, $gender, $customerId, $adminId, $resellerId)); } else { // Change password if ($password != $passwordRepeat) { set_page_message(tr("Passwords do not match."), 'error'); redirectTo('user_edit.php?edit_id=' . $adminId); } if (!checkPasswordSyntax($password)) { redirectTo('user_edit.php?edit_id=' . $adminId); } $encryptedPassword = cryptPasswordWithSalt($password); exec_query(' UPDATE admin SET admin_pass = ?, fname = ?, lname = ?, firm = ?, zip = ?, city = ?, state = ?, country = ?, email = ?, phone = ?, fax = ?, street1 = ?, street2 = ?, gender = ?, customer_id = ? WHERE admin_id = ? AND created_by = ? ', array($encryptedPassword, $firstName, $lastName, $firm, $zip, $city, $state, $country, $email, $phone, $fax, $street1, $street2, $gender, $customerId, $adminId, $resellerId)); $adminName = get_user_name($adminId); exec_query('DELETE FROM login WHERE user_name = ?', $adminName); } iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onAfterEditUser, array('userId' => $adminId)); set_page_message(tr('User data successfully updated'), 'success'); write_log("{$_SESSION['user_logged']} updated data for {$adminName}.", E_USER_NOTICE); if (isset($_POST['send_data']) && $password !== '') { send_add_user_auto_msg($resellerId, $adminName, $password, $email, $firstName, $lastName, tr('Customer')); } redirectTo('users.php'); }
/** * Function to update changes into db */ function update_data_in_db($hpid) { global $dmn_user_name, $user_email, $customer_id, $first_name, $last_name, $firm, $zip, $gender, $city, $state, $country, $street_one, $street_two, $phone, $fax, $inpass, $admin_login; $sql = EasySCP_Registry::get('Db'); $cfg = EasySCP_Registry::get('Config'); $reseller_id = $_SESSION['user_id']; $first_name = clean_input($first_name); $last_name = clean_input($last_name); $firm = clean_input($firm); $gender = clean_input($gender); $zip = clean_input($zip); $city = clean_input($city); $state = clean_input($state); $country = clean_input($country); $phone = clean_input($phone); $fax = clean_input($fax); $street_one = clean_input($street_one); $street_two = clean_input($street_two); if (empty($inpass)) { // Save without password $query = "\n\t\t\tUPDATE\n\t\t\t\t`admin`\n\t\t\tSET\n\t\t\t\t`fname` = ?,\n\t\t\t\t`lname` = ?,\n\t\t\t\t`firm` = ?,\n\t\t\t\t`zip` = ?,\n\t\t\t\t`city` = ?,\n\t\t\t\t`state` = ?,\n\t\t\t\t`country` = ?,\n\t\t\t\t`email` = ?,\n\t\t\t\t`phone` = ?,\n\t\t\t\t`fax` = ?,\n\t\t\t\t`street1` = ?,\n\t\t\t\t`street2` = ?,\n\t\t\t\t`gender` = ?,\n\t\t\t\t`customer_id` = ?\n\t\t\tWHERE\n\t\t\t\t`admin_id` = ?\n\t\t\tAND\n\t\t\t\t`created_by` = ?\n\t\t"; exec_query($sql, $query, array($first_name, $last_name, $firm, $zip, $city, $state, $country, $user_email, $phone, $fax, $street_one, $street_two, $gender, $customer_id, $hpid, $reseller_id)); } else { // Change password if (!chk_password($_POST['userpassword'])) { if (isset($cfg->PASSWD_STRONG)) { set_page_message(sprintf(tr('The password must be at least %s chars long and contain letters and numbers to be valid.'), $cfg->PASSWD_CHARS), 'warning'); } else { set_page_message(sprintf(tr('Password data is shorter than %s signs or includes not permitted signs!'), $cfg->PASSWD_CHARS), 'warning'); } user_goto('user_edit.php?edit_id=' . $hpid); } if ($_POST['userpassword'] != $_POST['userpassword_repeat']) { set_page_message(tr('Entered passwords do not match!'), 'warning'); user_goto('user_edit.php?edit_id=' . $hpid); } $pure_user_pass = $inpass; $inpass = crypt_user_pass($inpass); $query = "\n\t\t\tUPDATE\n\t\t\t\t`admin`\n\t\t\tSET\n\t\t\t\t`admin_pass` = ?,\n\t\t\t\t`fname` = ?,\n\t\t\t\t`lname` = ?,\n\t\t\t\t`firm` = ?,\n\t\t\t\t`zip` = ?,\n\t\t\t\t`city` = ?,\n\t\t\t\t`state` = ?,\n\t\t\t\t`country` = ?,\n\t\t\t\t`email` = ?,\n\t\t\t\t`phone` = ?,\n\t\t\t\t`fax` = ?,\n\t\t\t\t`street1` = ?,\n\t\t\t\t`street2` = ?,\n\t\t\t\t`gender` = ?,\n\t\t\t\t`customer_id` = ?\n\t\t\tWHERE\n\t\t\t\t`admin_id` = ?\n\t\t\tAND\n\t\t\t\t`created_by` = ?\n\t\t"; exec_query($sql, $query, array($inpass, $first_name, $last_name, $firm, $zip, $city, $state, $country, $user_email, $phone, $fax, $street_one, $street_two, $gender, $customer_id, $hpid, $reseller_id)); // Kill any existing session of the edited user $admin_name = get_user_name($hpid); $query = "\n\t\t\tDELETE FROM\n\t\t\t\t`login`\n\t\t\tWHERE\n\t\t\t\t`user_name` = ?\n\t\t"; $rs = exec_query($sql, $query, $admin_name); if ($rs->recordCount() != 0) { set_page_message(tr('User session was killed!'), 'info'); write_log($_SESSION['user_logged'] . " killed " . $admin_name . "'s session because of password change"); } } $admin_login = $_SESSION['user_logged']; write_log("{$admin_login} changes data/password for {$dmn_user_name}!"); if (isset($_POST['send_data']) && !empty($inpass)) { send_add_user_auto_msg($reseller_id, $dmn_user_name, $pure_user_pass, $user_email, $first_name, $last_name, tr('Domain account')); } unset($_SESSION['edit_ID']); unset($_SESSION['user_name']); $_SESSION['edit'] = "_yes_"; user_goto('users.php?psi=last'); }
function add_user_data($reseller_id) { global $sql, $cfg; global $dmn_name, $hpid, $dmn_user_name; global $user_email, $customer_id, $first_name; global $last_name, $firm, $zip; global $city, $country, $street_one; global $street_two, $mail, $phone; global $fax, $inpass, $domain_ip; global $admin_login; // Let's get Desired Hosting Plan Data; // $err_msg = '_off_'; reseller_limits_check($sql, $err_msg, $reseller_id, $hpid); if ($err_msg != '_off_') { set_page_message($err_msg); return; } if (isset($_SESSION["ch_hpprops"])) { $props = $_SESSION["ch_hpprops"]; unset($_SESSION["ch_hpprops"]); } else { $query = "select props from hosting_plans where reseller_id = ? and id = ?"; $res = exec_query($sql, $query, array($reseller_id, $hpid)); $data = $res->FetchRow(); $props = $data['props']; } list($php, $cgi, $sub, $als, $mail, $ftp, $sql_db, $sql_user, $traff, $disk) = explode(";", $props); $php = preg_replace("/\\_/", "", $php); $cgi = preg_replace("/\\_/", "", $cgi); $pure_user_pass = $inpass; $inpass = crypt_user_pass($inpass); // $first_name = escape_user_data($first_name); // $last_name = escape_user_data($last_name); // $firm = escape_user_data($firm); // $zip = escape_user_data($zip); // $city = escape_user_data($city); // $country = escape_user_data($country); // $phone = escape_user_data($phone); // $fax = escape_user_data($fax); // $street_one = escape_user_data($street_one); // $street_two = escape_user_data($street_two); // $customer_id = escape_user_data($customer_id); if (!vhcs_domain_check($dmn_user_name)) { //set_page_message = tr("Wrong domain name syntax!"); return; } check_for_lock_file(); $query = <<<VHCS_SQL_QUERY insert into admin ( admin_name, admin_pass, admin_type, domain_created, created_by, fname, lname, firm, zip, city, country, email, phone, fax, street1, street2, customer_id ) values ( ?, ?, 'user', unix_timestamp(), ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ? ) VHCS_SQL_QUERY; $res = exec_query($sql, $query, array($dmn_user_name, $inpass, $reseller_id, $first_name, $last_name, $firm, $zip, $city, $country, $user_email, $phone, $fax, $street_one, $street_two, $customer_id)); print $sql->ErrorMsg(); $record_id = $sql->Insert_ID(); $query = <<<VHCS_SQL_QUERY insert into domain ( domain_name, domain_admin_id, domain_created_id, domain_created, domain_mailacc_limit, domain_ftpacc_limit, domain_traffic_limit, domain_sqld_limit, domain_sqlu_limit, domain_status, domain_subd_limit, domain_alias_limit, domain_ip_id, domain_disk_limit, domain_disk_usage, domain_php, domain_cgi ) values ( ?, ?, ?, unix_timestamp(), ?, ?, ?, ?, ?, 'toadd', ?, ?, ?, ?, '0', ?, ? ) VHCS_SQL_QUERY; $res = exec_query($sql, $query, array($dmn_name, $record_id, $reseller_id, $mail, $ftp, $traff, $sql_db, $sql_user, $sub, $als, $domain_ip, $disk, $php, $cgi)); $dmn_id = $sql->Insert_ID(); // vhcs 2.5 feature //add_domain_extras($dmn_id, $record_id, $sql); // lets send mail to user send_add_user_auto_msg($reseller_id, $dmn_user_name, $pure_user_pass, $user_email, $first_name, $last_name, tr('Domain account')); // send query to the vhcs2 daemon // add user into user_gui_props => domain looser needs language and skin too :-) $user_def_lang = $_SESSION['user_def_lang']; $user_theme_color = $_SESSION['user_theme_color']; $query = <<<SQL_QUERY insert into user_gui_props (user_id, lang, layout) values (?, ?, ?) SQL_QUERY; $res = exec_query($sql, $query, array($record_id, $user_def_lang, $user_theme_color)); send_request(); $admin_login = $_SESSION['user_logged']; write_log("{$admin_login}: add user -> {$dmn_user_name} (for domain {$dmn_name})"); write_log("{$admin_login}: add domain -> {$dmn_name}"); au_update_reseller_props($reseller_id, $props); if (isset($_POST['add_alias']) && $_POST['add_alias'] === 'on') { //we have to add some aliases for this looser $_SESSION['dmn_id'] = $dmn_id; $_SESSION['dmn_ip'] = $domain_ip; header("Location: rau4.php?accout={$dmn_id}"); die; } else { //we have not to add alias $_SESSION['rau3_added'] = "_yes_"; header("Location: users.php"); die; } }
/** * Create reseller account * * @throws Exception * @throws iMSCP_Exception * @throws iMSCP_Exception_Database * @return bool */ function admin_checkAndCreateResellerAccount() { iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onBeforeAddUser); $cfg = iMSCP_Registry::get('config'); $errFieldsStack = array(); $data =& admin_getData(); /** @var $db iMSCP_Database */ $db = iMSCP_Database::getInstance(); try { $db->beginTransaction(); // Check for reseller name $stmt = exec_query('SELECT COUNT(`admin_id`) `usernameExist` FROM `admin` WHERE `admin_name` = ? LIMIT 1', $data['admin_name']); $row = $stmt->fetchRow(PDO::FETCH_ASSOC); if ($row['usernameExist']) { set_page_message(tr("The username %s is not available.", '<b>' . $data['admin_name'] . '</b>'), 'error'); $errFieldsStack[] = 'admin_name'; } elseif (!validates_username($data['admin_name'])) { set_page_message(tr('Incorrect username length or syntax.'), 'error'); $errFieldsStack[] = 'admin_name'; } // check for password if (empty($data['password'])) { set_page_message(tr('You must provide a password.'), 'error'); $errFieldsStack[] = 'password'; $errFieldsStack[] = 'password_confirmation'; } elseif ($data['password'] != $data['password_confirmation']) { set_page_message(tr("Passwords do not match."), 'error'); $errFieldsStack[] = 'password'; $errFieldsStack[] = 'password_confirmation'; } elseif (!checkPasswordSyntax($data['password'])) { $errFieldsStack[] = 'password'; $errFieldsStack[] = 'password_confirmation'; } // Check for email address if (!chk_email($data['email'])) { set_page_message(tr('Incorrect syntax for email address.'), 'error'); $errFieldsStack[] = 'email'; } // Check for ip addresses - We are safe here $resellerIps = array(); foreach ($data['server_ips'] as $serverIpData) { if (in_array($serverIpData['ip_id'], $data['reseller_ips'])) { $resellerIps[] = $serverIpData['ip_id']; } } sort($resellerIps); if (empty($resellerIps)) { set_page_message(tr('You must assign at least one IP to this reseller.'), 'error'); } // Check for max domains limit if (!imscp_limit_check($data['max_dmn_cnt'], null)) { set_page_message(tr('Incorrect limit for %s.', tr('domain')), 'error'); $errFieldsStack[] = 'max_dmn_cnt'; } // Check for max subdomains limit if (!imscp_limit_check($data['max_sub_cnt'])) { set_page_message(tr('Incorrect limit for %s.', tr('subdomains')), 'error'); $errFieldsStack[] = 'max_sub_cnt'; } // check for max domain aliases limit if (!imscp_limit_check($data['max_als_cnt'])) { set_page_message(tr('Incorrect limit for %s.', tr('domain aliases')), 'error'); $errFieldsStack[] = 'max_als_cnt'; } // Check for max mail accounts limit if (!imscp_limit_check($data['max_mail_cnt'])) { set_page_message(tr('Incorrect limit for %s.', tr('email accounts')), 'error'); $errFieldsStack[] = 'max_mail_cnt'; } // Check for max ftp accounts limit if (!imscp_limit_check($data['max_ftp_cnt'])) { set_page_message(tr('Incorrect limit for %s.', tr('Ftp accounts')), 'error'); $errFieldsStack[] = 'max_ftp_cnt'; } // Check for max Sql databases limit if (!imscp_limit_check($data['max_sql_db_cnt'])) { set_page_message(tr('Incorrect limit for %s.', tr('SQL databases')), 'error'); $errFieldsStack[] = 'max_sql_db_cnt'; } elseif ($_POST['max_sql_db_cnt'] == -1 && $_POST['max_sql_user_cnt'] != -1) { set_page_message(tr('SQL database limit is disabled but SQL user limit is not.'), 'error'); $errFieldsStack[] = 'max_sql_db_cnt'; } // Check for max Sql users limit if (!imscp_limit_check($data['max_sql_user_cnt'])) { set_page_message(tr('Incorrect limit for %s.', tr('SQL users')), 'error'); $errFieldsStack[] = 'max_sql_user_cnt'; } elseif ($_POST['max_sql_user_cnt'] == -1 && $_POST['max_sql_db_cnt'] != -1) { set_page_message(tr('SQL user limit is disabled but SQL database limit is not.'), 'error'); $errFieldsStack[] = 'max_sql_user_cnt'; } // Check for max monthly traffic limit if (!imscp_limit_check($data['max_traff_amnt'], null)) { set_page_message(tr('Incorrect limit for %s.', tr('traffic')), 'error'); $errFieldsStack[] = 'max_traff_amnt'; } // Check for max disk space limit if (!imscp_limit_check($data['max_disk_amnt'], null)) { set_page_message(tr('Incorrect limit for %s.', tr('Disk space')), 'error'); $errFieldsStack[] = 'max_disk_amnt'; } // Check for PHP settings $phpini = iMSCP_PHPini::getInstance(); $phpini->setResellerPermission('phpiniSystem', $data['php_ini_system']); if ($phpini->resellerHasPermission('phpiniSystem')) { $phpini->setResellerPermission('phpiniAllowUrlFopen', $data['php_ini_al_allow_url_fopen']); $phpini->setResellerPermission('phpiniDisplayErrors', $data['php_ini_al_display_errors']); $phpini->setResellerPermission('phpiniDisableFunctions', $data['php_ini_al_disable_functions']); $phpini->setResellerPermission('phpiniMailFunction', $data['php_ini_al_mail_function']); $phpini->setResellerPermission('phpiniMemoryLimit', $data['memory_limit']); // Must be set before phpiniPostMaxSize $phpini->setResellerPermission('phpiniPostMaxSize', $data['post_max_size']); // Must be set before phpiniUploadMaxFileSize $phpini->setResellerPermission('phpiniUploadMaxFileSize', $data['upload_max_filesize']); $phpini->setResellerPermission('phpiniMaxExecutionTime', $data['max_execution_time']); $phpini->setResellerPermission('phpiniMaxInputTime', $data['max_input_time']); } if (empty($errFieldsStack) && !Zend_Session::namespaceIsset('pageMessages')) { // Update process begin here // Insert reseller personal data into database exec_query(' INSERT INTO admin ( admin_name, admin_pass, admin_type, domain_created, created_by, fname, lname, firm, zip, city, state, country, email, phone, fax, street1, street2, gender ) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ? ) ', array($data['admin_name'], cryptPasswordWithSalt($data['password']), 'reseller', time(), $_SESSION['user_id'], $data['fname'], $data['lname'], $data['firm'], $data['zip'], $data['city'], $data['state'], $data['country'], $data['email'], $data['phone'], $data['fax'], $data['street1'], $data['street2'], $data['gender'])); // Get new reseller unique identifier $resellerId = $db->insertId(); // Insert reseller GUI properties into database exec_query('INSERT INTO user_gui_props (user_id, lang, layout) VALUES (?, ?, ?)', array($resellerId, $cfg['USER_INITIAL_LANG'], $cfg['USER_INITIAL_THEME'])); // Insert reseller properties into database exec_query(' INSERT INTO reseller_props ( reseller_id, reseller_ips, max_dmn_cnt, current_dmn_cnt, max_sub_cnt, current_sub_cnt, max_als_cnt, current_als_cnt, max_mail_cnt, current_mail_cnt, max_ftp_cnt, current_ftp_cnt, max_sql_db_cnt, current_sql_db_cnt, max_sql_user_cnt, current_sql_user_cnt, max_traff_amnt, current_traff_amnt, max_disk_amnt, current_disk_amnt, support_system, customer_id, software_allowed, softwaredepot_allowed, websoftwaredepot_allowed, php_ini_system, php_ini_al_disable_functions, php_ini_al_mail_function, php_ini_al_allow_url_fopen, php_ini_al_display_errors, php_ini_max_post_max_size, php_ini_max_upload_max_filesize, php_ini_max_max_execution_time, php_ini_max_max_input_time, php_ini_max_memory_limit ) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ? ) ', array($resellerId, implode(';', $resellerIps) . ';', $data['max_dmn_cnt'], '0', $data['max_sub_cnt'], '0', $data['max_als_cnt'], '0', $data['max_mail_cnt'], '0', $data['max_ftp_cnt'], '0', $data['max_sql_db_cnt'], '0', $data['max_sql_user_cnt'], '0', $data['max_traff_amnt'], '0', $data['max_disk_amnt'], '0', $data['support_system'], $data['customer_id'], $data['software_allowed'], $data['softwaredepot_allowed'], $data['websoftwaredepot_allowed'], $phpini->getResellerPermission('phpiniSystem'), $phpini->getResellerPermission('phpiniDisableFunctions'), $phpini->getResellerPermission('phpiniMailFunction'), $phpini->getResellerPermission('phpiniAllowUrlFopen'), $phpini->getResellerPermission('phpiniDisplayErrors'), $phpini->getResellerPermission('phpiniPostMaxSize'), $phpini->getResellerPermission('phpiniUploadMaxFileSize'), $phpini->getResellerPermission('phpiniMaxExecutionTime'), $phpini->getResellerPermission('phpiniMaxInputTime'), $phpini->getResellerPermission('phpiniMemoryLimit'))); $db->commit(); // Creating Software repository for reseller if needed if ($data['software_allowed'] == 'yes' && !@mkdir($cfg['GUI_APS_DIR'] . '/' . $resellerId, 0750, true)) { write_log(sprintf('System was unable to create the %s directory for reseller software repository', "{$cfg['GUI_APS_DIR']}/{$resellerId}"), E_USER_ERROR); } iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onAfterAddUser); send_add_user_auto_msg($_SESSION['user_id'], $data['admin_name'], $data['password'], $data['email'], $data['fname'], $data['lname'], tr('Reseller')); write_log(sprintf('A new reseller account (%s) has been created by %s', $data['admin_name'], $_SESSION['user_logged']), E_USER_NOTICE); set_page_message(tr('Reseller account successfully created.'), 'success'); return true; } } catch (iMSCP_Exception_Database $e) { $db->rollBack(); throw $e; } if (!empty($errFieldsStack)) { iMSCP_Registry::set('errFieldsStack', $errFieldsStack); } return false; }
/** * Save data for new user in db */ function add_user_data($reseller_id) { global $hpid, $dmn_name, $dmn_expire, $dmn_user_name, $admin_login, $user_email, $customer_id, $first_name, $last_name, $gender, $firm, $zip, $city, $state, $country, $street_one, $street_two, $phone, $fax, $inpass, $domain_ip, $dns, $backup, $countbackup; $sql = EasySCP_Registry::get('Db'); $cfg = EasySCP_Registry::get('Config'); // Let's get Desired Hosting Plan Data; $err_msg = ''; if (!empty($err_msg)) { set_page_message($err_msg, 'error'); return false; } if (isset($_SESSION["ch_hpprops"])) { $props = $_SESSION["ch_hpprops"]; unset($_SESSION["ch_hpprops"]); } else { if (isset($cfg->HOSTING_PLANS_LEVEL) && $cfg->HOSTING_PLANS_LEVEL === 'admin') { $query = 'SELECT `props` FROM `hosting_plans` WHERE `id` = ?'; $res = exec_query($sql, $query, $hpid); } else { $query = "SELECT `props` FROM `hosting_plans` WHERE `reseller_id` = ? AND `id` = ?"; $res = exec_query($sql, $query, array($reseller_id, $hpid)); } $data = $res->fetchRow(); $props = unserialize($data['props']); } $php = $props['allow_php']; $phpe = $props['allow_php_editor']; $cgi = $props['allow_cgi']; $sub = $props['subdomain_cnt']; $als = $props['alias_cnt']; $mail = $props['mail_cnt']; $ftp = $props['ftp_cnt']; $sql_db = $props['db_cnt']; $sql_user = $props['sqluser_cnt']; $traff = $props['traffic']; $disk = $props['disk']; $backup = $props['allow_backup']; $countbackup = $props['disk_countbackup']; $dns = $props['allow_dns']; $ssl = $props['allow_ssl']; $php = preg_replace("/\\_/", "", $php); $phpe = preg_replace("/\\_/", "", $phpe); $cgi = preg_replace("/\\_/", "", $cgi); $ssl = preg_replace("/\\_/", "", $ssl); $backup = preg_replace("/\\_/", "", $backup); $countbackup = preg_replace("/\\_/", "", $countbackup); $dns = preg_replace("/\\_/", "", $dns); $pure_user_pass = $inpass; $inpass = crypt_user_pass($inpass); $first_name = clean_input($first_name); $last_name = clean_input($last_name); $firm = clean_input($firm); $zip = clean_input($zip); $city = clean_input($city); $state = clean_input($state); $country = clean_input($country); $phone = clean_input($phone); $fax = clean_input($fax); $street_one = clean_input($street_one); $street_two = clean_input($street_two); $customer_id = clean_input($customer_id); if (!validates_dname(decode_idna($dmn_user_name))) { return; } $query = "\n\t\tINSERT INTO `admin` (\n\t\t\t`admin_name`, `admin_pass`, `admin_type`, `domain_created`,\n\t\t\t`created_by`, `fname`, `lname`,\n\t\t\t`firm`, `zip`, `city`, `state`,\n\t\t\t`country`, `email`, `phone`,\n\t\t\t`fax`, `street1`, `street2`,\n\t\t\t`customer_id`, `gender`\n\t\t)\n\t\tVALUES (\n\t\t\t?, ?, 'user', unix_timestamp(),\n\t\t\t?, ?, ?,\n\t\t\t?, ?, ?, ?,\n\t\t\t?, ?, ?,\n\t\t\t?, ?, ?,\n\t\t\t?, ?\n\t\t)\n\t"; exec_query($sql, $query, array($dmn_user_name, $inpass, $reseller_id, $first_name, $last_name, $firm, $zip, $city, $state, $country, $user_email, $phone, $fax, $street_one, $street_two, $customer_id, $gender)); print $sql->errorMsg(); $record_id = $sql->insertId(); $query = "\n\t\tINSERT INTO `domain` (\n\t\t\t`domain_name`, `domain_admin_id`,\n\t\t\t`domain_created_id`, `domain_created`, `domain_expires`,\n\t\t\t`domain_mailacc_limit`, `domain_ftpacc_limit`,\n\t\t\t`domain_traffic_limit`, `domain_sqld_limit`,\n\t\t\t`domain_sqlu_limit`, `status`,\n\t\t\t`domain_subd_limit`, `domain_alias_limit`,\n\t\t\t`domain_ip_id`, `domain_disk_limit`,\n\t\t\t`domain_disk_usage`, `domain_php`, `domain_php_edit`, `domain_cgi`,\n\t\t\t`allowbackup`, `domain_dns`, `domain_ssl`, `domain_disk_countbackup`\n\t\t)\n\t\tVALUES (\n\t\t\t:domain_name, :domain_admin_id,\n\t\t\t:domain_created_id, unix_timestamp(), :domain_expires,\n\t\t\t:domain_mailacc_limit, :domain_ftpacc_limit,\n\t\t\t:domain_traffic_limit, :domain_sqld_limit,\n\t\t\t:domain_sqlu_limit, :status,\n\t\t\t:domain_subd_limit, :domain_alias_limit,\n\t\t\t:domain_ip_id, :domain_disk_limit,\n\t\t\t'0', :domain_php, :domain_php_edit, :domain_cgi,\n\t\t\t:allowbackup, :domain_dns, :domain_ssl, :domain_disk_countbackup\n\t\t)\n\t"; $param = array(':domain_name' => $dmn_name, ':domain_admin_id' => $record_id, ':domain_created_id' => $reseller_id, ':domain_expires' => $dmn_expire, ':domain_mailacc_limit' => $mail, ':domain_ftpacc_limit' => $ftp, ':domain_traffic_limit' => $traff, ':domain_sqld_limit' => $sql_db, ':domain_sqlu_limit' => $sql_user, ':status' => $cfg->ITEM_ADD_STATUS, ':domain_subd_limit' => $sub, ':domain_alias_limit' => $als, ':domain_ip_id' => $domain_ip, ':domain_disk_limit' => $disk, ':domain_php' => $php, ':domain_php_edit' => $phpe, ':domain_cgi' => $cgi, ':allowbackup' => $backup, ':domain_dns' => $dns, ':domain_ssl' => $ssl, ':domain_disk_countbackup' => $countbackup); DB::prepare($query); DB::execute($param); $dmn_id = DB::getInstance()->lastInsertId(); // AddDefaultDNSEntries($dmn_id, 0, $dmn_name, $domain_ip); // TODO: Check if max user and group id is reached // update domain and gid $domain_gid = $cfg->APACHE_SUEXEC_MIN_GID + $dmn_id; $domain_uid = $cfg->APACHE_SUEXEC_MIN_UID + $dmn_id; $query = "\n\t\tUPDATE `domain`\n\t\tSET `domain_gid`=?,\n\t\t\t`domain_uid`=?\n\t\tWHERE `domain_id`=?\n\t"; exec_query($sql, $query, array($domain_gid, $domain_uid, $dmn_id)); // Add statistics group $query = "\n\t\tINSERT INTO `htaccess_users`\n\t\t\t(`dmn_id`, `uname`, `upass`, `status`)\n\t\tVALUES\n\t\t\t(?, ?, ?, ?)\n\t"; exec_query($sql, $query, array($dmn_id, $dmn_name, crypt_user_pass_with_salt($pure_user_pass), $cfg->ITEM_ADD_STATUS)); $user_id = $sql->insertId(); $query = "\n\t\tINSERT INTO `htaccess_groups`\n\t\t\t(`dmn_id`, `ugroup`, `members`, `status`)\n\t\tVALUES\n\t\t\t(?, ?, ?, ?)\n\t"; exec_query($sql, $query, array($dmn_id, $cfg->AWSTATS_GROUP_AUTH, $user_id, $cfg->ITEM_ADD_STATUS)); // Create the 3 default addresses if wanted if ($cfg->CREATE_DEFAULT_EMAIL_ADDRESSES) { client_mail_add_default_accounts($dmn_id, $user_email, $dmn_name); // 'domain', 0 } // let's send mail to user send_add_user_auto_msg($reseller_id, $dmn_user_name, $pure_user_pass, $user_email, $first_name, $last_name, tr('Domain account')); // $user_def_lang = $cfg->USER_INITIAL_LANG; $user_def_lang = ''; // $user_theme_color = $cfg->USER_INITIAL_THEME; $user_theme_color = ''; $query = "\n\t\tINSERT INTO `user_gui_props`\n\t\t\t(`user_id`, `lang`, `layout`)\n\t\tVALUES\n\t\t\t(?, ?, ?)\n\t"; exec_query($sql, $query, array($record_id, $user_def_lang, $user_theme_color)); // send request to daemon // TODO Prüfen, da es hier zu einem Fehler kommt ("Domain data has been altered. Please enter again.") send_request('110 DOMAIN domain ' . $dmn_id); send_request('130 MAIL ' . $dmn_id); $admin_login = $_SESSION['user_logged']; write_log("{$admin_login}: add user: {$dmn_user_name} (for domain {$dmn_name})"); write_log("{$admin_login}: add domain: {$dmn_name}"); update_reseller_c_props($reseller_id); if (isset($_POST['add_alias']) && $_POST['add_alias'] === 'on') { // we have to add some aliases for this looser $_SESSION['dmn_id'] = $dmn_id; $_SESSION['dmn_ip'] = $domain_ip; $_SESSION['user_add3_add_alias'] = "_yes_"; user_goto('user_add4.php?accout=' . $dmn_id); } else { // we have not to add alias $_SESSION['user_add3_added'] = "_yes_"; user_goto('users.php?psi=last'); } }
/** * Check and updates reseller data * * @throws iMSCP_Exception_Database * @param int $resellerId Reseller unique identifier * @return bool TRUE on success, FALSE otherwise */ function admin_checkAndUpdateData($resellerId) { iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onBeforeEditUser, array('userId' => $resellerId)); $errFieldsStack = array(); $data =& admin_getData($resellerId, true); $db = iMSCP_Database::getInstance(); try { $db->beginTransaction(); // check for password (if needed) if ($data['password'] !== '' && $data['pasword_confirmation'] !== '') { if ($data['password'] !== $data['password_confirmation']) { set_page_message(tr('Passwords do not match.'), 'error'); } checkPasswordSyntax($data['password']); if (Zend_Session::namespaceIsset('pageMessages')) { $errFieldsStack[] = 'password'; $errFieldsStack[] = 'password_confirmation'; } } // Check for email address if (!chk_email($data['email'])) { set_page_message(tr('Incorrect syntax for email address.'), 'error'); $errFieldsStack[] = 'email'; } // Check for ip addresses $resellerIps = array(); foreach ($data['server_ips'] as $serverIpData) { if (in_array($serverIpData['ip_id'], $data['reseller_ips'], true)) { $resellerIps[] = $serverIpData['ip_id']; } } $resellerIps = array_unique(array_merge($resellerIps, $data['used_ips'])); sort($resellerIps); if (empty($resellerIps)) { set_page_message(tr('You must assign at least one IP to this reseller.'), 'error'); } // Check for max domains limit if (imscp_limit_check($data['max_dmn_cnt'], null)) { $rs = admin_checkResellerLimit($data['max_dmn_cnt'], $data['current_dmn_cnt'], $data['nbDomains'], '0', tr('domains')); } else { set_page_message(tr('Incorrect limit for %s.', tr('domain')), 'error'); $rs = false; } if (!$rs) { $errFieldsStack[] = 'max_dmn_cnt'; } // Check for max subdomains limit if (imscp_limit_check($data['max_sub_cnt'])) { $rs = admin_checkResellerLimit($data['max_sub_cnt'], $data['current_sub_cnt'], $data['nbSubdomains'], $data['unlimitedSubdomains'], tr('subdomains')); } else { set_page_message(tr('Incorrect limit for %s.', tr('subdomains')), 'error'); $rs = false; } if (!$rs) { $errFieldsStack[] = 'max_sub_cnt'; } // check for max domain aliases limit if (imscp_limit_check($data['max_als_cnt'])) { $rs = admin_checkResellerLimit($data['max_als_cnt'], $data['current_als_cnt'], $data['nbDomainAliases'], $data['unlimitedDomainAliases'], tr('domain aliases')); } else { set_page_message(tr('Incorrect limit for %s.', tr('domain aliases')), 'error'); $rs = false; } if (!$rs) { $errFieldsStack[] = 'max_als_cnt'; } // Check for max mail accounts limit if (imscp_limit_check($data['max_mail_cnt'])) { $rs = admin_checkResellerLimit($data['max_mail_cnt'], $data['current_mail_cnt'], $data['nbMailAccounts'], $data['unlimitedMailAccounts'], tr('mail')); } else { set_page_message(tr('Incorrect limit for %s.', tr('email accounts')), 'error'); $rs = false; } if (!$rs) { $errFieldsStack[] = 'max_mail_cnt'; } // Check for max ftp accounts limit if (imscp_limit_check($data['max_ftp_cnt'])) { $rs = admin_checkResellerLimit($data['max_ftp_cnt'], $data['current_ftp_cnt'], $data['nbFtpAccounts'], $data['unlimitedFtpAccounts'], tr('Ftp')); } else { set_page_message(tr('Incorrect limit for %s.', tr('Ftp accounts')), 'error'); $rs = false; } if (!$rs) { $errFieldsStack[] = 'max_ftp_cnt'; } // Check for max Sql databases limit if (!($rs = imscp_limit_check($data['max_sql_db_cnt']))) { set_page_message(tr('Incorrect limit for %s.', tr('SQL databases')), 'error'); } elseif ($data['max_sql_db_cnt'] == -1 && $data['max_sql_user_cnt'] != -1) { set_page_message(tr('SQL database limit is disabled but SQL user limit is not.'), 'error'); $rs = false; } else { $rs = admin_checkResellerLimit($data['max_sql_db_cnt'], $data['current_sql_db_cnt'], $data['nbSqlDatabases'], $data['unlimitedSqlDatabases'], tr('SQL databases')); } if (!$rs) { $errFieldsStack[] = 'max_sql_db_cnt'; } // Check for max Sql users limit if (!($rs = imscp_limit_check($data['max_sql_user_cnt']))) { set_page_message(tr('Incorrect limit for %s.', tr('SQL users')), 'error'); } elseif ($data['max_sql_db_cnt'] != -1 && $data['max_sql_user_cnt'] == -1) { set_page_message(tr('SQL user limit is disabled but SQL database limit is not.'), 'error'); $rs = false; } else { $rs = admin_checkResellerLimit($data['max_sql_user_cnt'], $data['current_sql_user_cnt'], $data['nbSqlUsers'], $data['unlimitedSqlUsers'], tr('SQL users')); } if (!$rs) { $errFieldsStack[] = 'max_sql_user_cnt'; } // Check for max monthly traffic limit if (imscp_limit_check($data['max_traff_amnt'], null)) { $rs = admin_checkResellerLimit($data['max_traff_amnt'], $data['current_traff_amnt'], $data['totalTraffic'] / 1048576, $data['unlimitedTraffic'], tr('traffic')); } else { set_page_message(tr('Incorrect limit for %s.', tr('traffic')), 'error'); $rs = false; } if (!$rs) { $errFieldsStack[] = 'max_traff_amnt'; } // Check for max disk space limit if (imscp_limit_check($data['max_disk_amnt'], null)) { $rs = admin_checkResellerLimit($data['max_disk_amnt'], $data['current_disk_amnt'], $data['totalDiskspace'] / 1048576, $data['unlimitedDiskspace'], tr('disk space')); } else { set_page_message(tr('Incorrect limit for %s.', tr('disk space')), 'error'); $rs = false; } if (!$rs) { $errFieldsStack[] = 'max_disk_amnt'; } $needDaemonRequest = false; // Check for PHP settings $phpini = iMSCP_PHPini::getInstance(); $resellerPhpPermissions = $phpini->getResellerPermission(); $phpini->setResellerPermission('phpiniSystem', $data['php_ini_system']); if ($phpini->resellerHasPermission('phpiniSystem')) { // We are safe here; If a value is not valid, previous value is used $phpini->setResellerPermission('phpiniDisableFunctions', $data['php_ini_al_disable_functions']); $phpini->setResellerPermission('phpiniMailFunction', $data['php_ini_al_mail_function']); $phpini->setResellerPermission('phpiniAllowUrlFopen', $data['php_ini_al_allow_url_fopen']); $phpini->setResellerPermission('phpiniDisplayErrors', $data['php_ini_al_display_errors']); $phpini->setResellerPermission('phpiniMemoryLimit', $data['memory_limit']); // Must be set before phpiniPostMaxSize $phpini->setResellerPermission('phpiniPostMaxSize', $data['post_max_size']); // Must be set before phpiniUploadMaxFileSize $phpini->setResellerPermission('phpiniUploadMaxFileSize', $data['upload_max_filesize']); $phpini->setResellerPermission('phpiniMaxExecutionTime', $data['max_execution_time']); $phpini->setResellerPermission('phpiniMaxInputTime', $data['max_input_time']); } else { $phpini->loadResellerPermissions(); // Reset reseller PHP permissions to default values } if (array_diff_assoc($resellerPhpPermissions, $phpini->getResellerPermission())) { // A least one reseller permission has changed. We must synchronize customers permissions $phpini->syncClientPermissionsWithResellerPermissions($resellerId); $needDaemonRequest = true; } unset($resellerPhpPermissions); if (empty($errFieldsStack) && !Zend_Session::namespaceIsset('pageMessages')) { // Update process begin here $oldValues = $newValues = array(); foreach ($data as $property => $value) { if (strpos($property, 'fallback_') !== false) { $property = substr($property, 9); $oldValues[$property] = $value; $newValues[$property] = $data[$property]; } } // Nothing has been changed ? if ($newValues == $oldValues) { set_page_message(tr('Nothing has been changed.'), 'info'); return true; } // Update reseller personal data (including password if needed) $bindParams = array($data['fname'], $data['lname'], $data['gender'], $data['firm'], $data['zip'], $data['city'], $data['state'], $data['country'], $data['email'], $data['phone'], $data['fax'], $data['street1'], $data['street2'], $resellerId); if ($data['password'] != '') { $setPassword = '******'; array_unshift($bindParams, cryptPasswordWithSalt($data['password'])); } else { $setPassword = ''; } exec_query("\n UPDATE admin SET {$setPassword} fname = ?, lname = ?, gender = ?, firm = ?, zip = ?, city = ?,\n state = ?, country = ?, email = ?, phone = ?, fax = ?, street1 = ?, street2 = ?\n WHERE admin_id = ?\n ", $bindParams); // Update reseller properties exec_query(' UPDATE reseller_props SET max_dmn_cnt = ?, max_sub_cnt = ?, max_als_cnt = ?, max_mail_cnt = ?, max_ftp_cnt = ?, max_sql_db_cnt = ?, max_sql_user_cnt = ?, max_traff_amnt = ?, max_disk_amnt = ?, reseller_ips = ?, customer_id = ?, software_allowed = ?, softwaredepot_allowed = ?, websoftwaredepot_allowed = ?, support_system = ?, php_ini_system = ?, php_ini_al_disable_functions = ?, php_ini_al_mail_function = ?, php_ini_al_allow_url_fopen = ?, php_ini_al_display_errors = ?, php_ini_max_post_max_size = ?, php_ini_max_upload_max_filesize = ?, php_ini_max_max_execution_time = ?, php_ini_max_max_input_time = ?, php_ini_max_memory_limit = ? WHERE reseller_id = ? ', array($data['max_dmn_cnt'], $data['max_sub_cnt'], $data['max_als_cnt'], $data['max_mail_cnt'], $data['max_ftp_cnt'], $data['max_sql_db_cnt'], $data['max_sql_user_cnt'], $data['max_traff_amnt'], $data['max_disk_amnt'], implode(';', $resellerIps) . ';', $data['customer_id'], $data['software_allowed'], $data['softwaredepot_allowed'], $data['websoftwaredepot_allowed'], $data['support_system'], $phpini->getResellerPermission('phpiniSystem'), $phpini->getResellerPermission('phpiniDisableFunctions'), $phpini->getResellerPermission('phpiniMailFunction'), $phpini->getResellerPermission('phpiniAllowUrlFopen'), $phpini->getResellerPermission('phpiniDisplayErrors'), $phpini->getResellerPermission('phpiniPostMaxSize'), $phpini->getResellerPermission('phpiniUploadMaxFileSize'), $phpini->getResellerPermission('phpiniMaxExecutionTime'), $phpini->getResellerPermission('phpiniMaxInputTime'), $phpini->getResellerPermission('phpiniMemoryLimit'), $resellerId)); // Updating software installer properties if ($data['software_allowed'] == 'no') { exec_query(' UPDATE domain INNER JOIN admin ON(admin_id = domain_admin_id) SET domain_software_allowed = ? WHERE created_by = ? ', array($data['softwaredepot_allowed'], $resellerId)); } if ($data['websoftwaredepot_allowed'] == 'no') { $stmt = exec_query('SELECT software_id FROM web_software WHERE software_depot = ? AND reseller_id = ?', array('yes', $resellerId)); if ($stmt->rowCount()) { while ($row = $stmt->fetchRow(PDO::FETCH_ASSOC)) { exec_query('UPDATE web_software_inst SET software_res_del = ? WHERE software_id = ?', array('1', $row['software_id'])); } exec_query('DELETE FROM web_software WHERE software_depot = ? AND reseller_id = ?', array('yes', $resellerId)); } } $db->commit(); iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onAfterEditUser, array('userId' => $resellerId)); // Send mail to reseller for new password if ($data['password'] != '') { send_add_user_auto_msg($_SESSION['user_id'], $data['admin_name'], $data['password'], $data['email'], $data['fname'], $data['lname'], tr('Reseller')); } if ($needDaemonRequest) { send_request(); } write_log(sprintf('The %s reseller account has been updated by %s', $data['admin_name'], $_SESSION['user_logged']), E_USER_NOTICE); set_page_message(tr('Reseller account successfully updated.'), 'success'); return true; } } catch (iMSCP_Exception_Database $e) { $db->rollBack(); throw $e; } if (!empty($errFieldsStack)) { iMSCP_Registry::set('errFieldsStack', $errFieldsStack); } return false; }
/** * Add customer * * @throws iMSCP_Exception_Database * @return void */ function addCustomer() { global $hpId, $dmnName, $dmnExpire, $domainIp, $adminName, $email, $password, $customerId, $firstName, $lastName, $gender, $firm, $zip, $city, $state, $country, $phone, $fax, $street1, $street2; $cfg = iMSCP_Registry::get('config'); if (isset($_SESSION['ch_hpprops'])) { $props = $_SESSION['ch_hpprops']; unset($_SESSION['ch_hpprops']); } else { $stmt = exec_query('SELECT props FROM hosting_plans WHERE reseller_id = ? AND id = ?', array($_SESSION['user_id'], $hpId)); $data = $stmt->fetchRow(); $props = $data['props']; } list($php, $cgi, $sub, $als, $mail, $ftp, $sql_db, $sql_user, $traff, $disk, $backup, $dns, $aps, $phpEditor, $phpiniAllowUrlFopen, $phpiniDisplayErrors, $phpiniDisableFunctions, $phpMailFunction, $phpiniPostMaxSize, $phpiniUploadMaxFileSize, $phpiniMaxExecutionTime, $phpiniMaxInputTime, $phpiniMemoryLimit, $extMailServer, $webFolderProtection, $mailQuota) = explode(';', $props); $php = str_replace('_', '', $php); $cgi = str_replace('_', '', $cgi); $backup = str_replace('_', '', $backup); $dns = str_replace('_', '', $dns); $aps = str_replace('_', '', $aps); $extMailServer = str_replace('_', '', $extMailServer); $webFolderProtection = str_replace('_', '', $webFolderProtection); $encryptedPassword = cryptPasswordWithSalt($password); $db = iMSCP_Database::getInstance(); try { iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onBeforeAddDomain, array('domainName' => $dmnName, 'createdBy' => $_SESSION['user_id'], 'customerId' => $customerId, 'customerEmail' => $email)); $db->beginTransaction(); exec_query(' INSERT INTO admin ( admin_name, admin_pass, admin_type, domain_created, created_by, fname, lname, firm, zip, city, state, country, email, phone, fax, street1, street2, customer_id, gender, admin_status ) VALUES ( ?, ?, ?, unix_timestamp(), ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ? ) ', array($adminName, $encryptedPassword, 'user', $_SESSION['user_id'], $firstName, $lastName, $firm, $zip, $city, $state, $country, $email, $phone, $fax, $street1, $street2, $customerId, $gender, 'toadd')); $adminId = $db->insertId(); exec_query(' INSERT INTO domain ( domain_name, domain_admin_id, domain_created, domain_expires, domain_mailacc_limit, domain_ftpacc_limit, domain_traffic_limit, domain_sqld_limit, domain_sqlu_limit, domain_status, domain_alias_limit, domain_subd_limit, domain_ip_id, domain_disk_limit, domain_disk_usage, domain_php, domain_cgi, allowbackup, domain_dns, domain_software_allowed, phpini_perm_system, phpini_perm_allow_url_fopen, phpini_perm_display_errors, phpini_perm_disable_functions, phpini_perm_mail_function, domain_external_mail, web_folder_protection, mail_quota ) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ? ) ', array($dmnName, $adminId, time(), $dmnExpire, $mail, $ftp, $traff, $sql_db, $sql_user, 'toadd', $als, $sub, $domainIp, $disk, 0, $php, $cgi, $backup, $dns, $aps, $phpEditor, $phpiniAllowUrlFopen, $phpiniDisplayErrors, $phpiniDisableFunctions, $phpMailFunction, $extMailServer, $webFolderProtection, $mailQuota)); $dmnId = $db->insertId(); if ($phpEditor == 'yes') { $phpini = iMSCP_PHPini::getInstance(); $phpini->setDomainIni('phpiniMemoryLimit', $phpiniMemoryLimit); // Must be set before phpiniPostMaxSize $phpini->setDomainIni('phpiniPostMaxSize', $phpiniPostMaxSize); // Must be set before phpiniUploadMaxFileSize $phpini->setDomainIni('phpiniUploadMaxFileSize', $phpiniUploadMaxFileSize); $phpini->setDomainIni('phpiniMaxExecutionTime', $phpiniMaxExecutionTime); $phpini->setDomainIni('phpiniMaxInputTime', $phpiniMaxInputTime); $phpini->saveDomainIni($adminId, $dmnId, 'dmn'); } exec_query('INSERT INTO htaccess_users (dmn_id, uname, upass, status) VALUES (?, ?, ?, ?)', array($dmnId, $dmnName, $encryptedPassword, 'toadd')); exec_query('INSERT INTO htaccess_groups (dmn_id, ugroup, members, status) VALUES (?, ?, ?, ?)', array($dmnId, 'statistics', $db->insertId(), 'toadd')); if ($cfg['CREATE_DEFAULT_EMAIL_ADDRESSES']) { client_mail_add_default_accounts($dmnId, $email, $dmnName); } send_add_user_auto_msg($_SESSION['user_id'], $adminName, $password, $email, $firstName, $lastName, tr('Customer')); exec_query('INSERT INTO user_gui_props (user_id, lang, layout) VALUES (?, ?, ?)', array($adminId, $cfg['USER_INITIAL_LANG'], $cfg['USER_INITIAL_THEME'])); update_reseller_c_props($_SESSION['user_id']); $db->commit(); iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onAfterAddDomain, array('domainName' => $dmnName, 'createdBy' => $_SESSION['user_id'], 'customerId' => $adminId, 'customerEmail' => $email, 'domainId' => $dmnId)); send_request(); write_log("{$_SESSION['user_logged']} added new customer: {$adminName}", E_USER_NOTICE); set_page_message(tr('Customer account successfully scheduled for creation.'), 'success'); redirectTo('users.php'); } catch (iMSCP_Exception_Database $e) { $db->rollBack(); throw $e; } }
gen_admin_menu($tpl, 'admin/menu_users_manage.tpl', true); // First, we get needed data $rdata =& get_data($tpl); // Update action if (isset($_POST['uaction']) && $_POST['uaction'] == 'update_reseller') { // Checking for the submitted data check_data($errFields); // If no error was occured during data checking, we can continue if (!isset($_SESSION['user_page_message'])) { // Update reseller properties and additional data update_reseller(); // Adds admin log entry write_log("{$_SESSION['user_logged']}: changes data/password for reseller: " . "{$rdata['edit_username']}!"); // Send new authentication data to reseller if needed if (isset($_POST['send_data']) && !empty($_POST['pass0'])) { send_add_user_auto_msg($_SESSION['user_id'], $rdata['edit_username'], $rdata['pass'], $rdata['email'], $rdata['fname'], $rdata['lname'], tr('Reseller'), $rdata['gender']); } // Status indicator for the front page message after update request $_SESSION['user_updated'] = 1; // FIXME: Legacy from old code - Check if realy needed $_SESSION['reseller_ips'] = $rdata['reseller_ips']; // Back to the parent page after a successfull updates user_goto('manage_users.php'); } else { // An error was occured during data checking set_page_message('<br />' . tr('One or more errors was found! Please, correct them and try again!'), 'error'); } } else { // Default action // Pre-check - possible inconsistency data check_data($errFields);
?, ?, ?, unix_timestamp(), ?, ?, ?, ?, ?, 'toadd', ?, ?, ?, ?, '0', ?, ? ) VHCS_SQL_QUERY; $res = exec_query($sql, $query, array($dmn_user_name, $record_id, $reseller_id, $mail, $ftp, $traff, $sql_db, $sql_user, $sub, $als, $domain_ip, $disk, $php, $cgi)); $dmn_id = $sql->Insert_ID(); // vhcs 2.5 feature //add_domain_extras($dmn_id, $record_id, $sql); // lets send mail to user send_add_user_auto_msg($reseller_id, $dmn_user_name, $pure_user_pass, $user_email, $first_name, $last_name, tr('Domain account')); // send query to the vhcs2 daemon // add user into user_gui_props => domain looser needs language and skin too :-) $user_def_lang = $_SESSION['user_def_lang']; $user_theme_color = $_SESSION['user_theme_color']; $query = <<<SQL_QUERY insert into user_gui_props (user_id, lang, layout) values (?, ?, ?) SQL_QUERY; $res = exec_query($sql, $query, array($record_id, $user_def_lang, $user_theme_color)); send_request(); $admin_login = $_SESSION['user_logged']; write_log("{$admin_login}: add user -> {$dmn_user_name} (for domain {$dmn_name})");
function update_data($sql) { global $edit_id; $cfg = EasySCP_Registry::get('Config'); if (isset($_POST['Submit']) && isset($_POST['uaction']) && $_POST['uaction'] === 'edit_user') { if (check_user_data()) { $user_id = $_SESSION['user_id']; $fname = clean_input($_POST['fname']); $lname = clean_input($_POST['lname']); $firm = clean_input($_POST['firm']); $gender = clean_input($_POST['gender']); $zip = clean_input($_POST['zip']); $city = clean_input($_POST['city']); $state = clean_input($_POST['state']); $country = clean_input($_POST['country']); $email = clean_input($_POST['email']); $phone = clean_input($_POST['phone']); $fax = clean_input($_POST['fax']); $street1 = clean_input($_POST['street1']); $street2 = clean_input($_POST['street2']); if (empty($_POST['pass'])) { $query = "\n\t\t\t\t\tUPDATE\n\t\t\t\t\t\t`admin`\n\t\t\t\t\tSET\n\t\t\t\t\t\t`fname` = ?,\n\t\t\t\t\t\t`lname` = ?,\n\t\t\t\t\t\t`firm` = ?,\n\t\t\t\t\t\t`zip` = ?,\n\t\t\t\t\t\t`city` = ?,\n\t\t\t\t\t\t`state` = ?,\n\t\t\t\t\t\t`country` = ?,\n\t\t\t\t\t\t`email` = ?,\n\t\t\t\t\t\t`phone` = ?,\n\t\t\t\t\t\t`fax` = ?,\n\t\t\t\t\t\t`street1` = ?,\n\t\t\t\t\t\t`street2` = ?,\n\t\t\t\t\t\t`gender` = ?\n\t\t\t\t\tWHERE\n\t\t\t\t\t\t`admin_id` = ?\n\t\t\t\t"; exec_query($sql, $query, array($fname, $lname, $firm, $zip, $city, $state, $country, $email, $phone, $fax, $street1, $street2, $gender, $edit_id)); } else { $edit_id = $_POST['edit_id']; if ($_POST['pass'] != $_POST['pass_rep']) { set_page_message(tr("Entered passwords do not match!"), 'warning'); user_goto('admin_edit.php?edit_id=' . $edit_id); } if (!chk_password($_POST['pass'])) { if ($cfg->PASSWD_STRONG) { set_page_message(sprintf(tr('The password must be at least %s chars long and contain letters and numbers to be valid.'), $cfg->PASSWD_CHARS), 'warning'); } else { set_page_message(sprintf(tr('Password data is shorter than %s signs or includes not permitted signs!'), $cfg->PASSWD_CHARS), 'warning'); } user_goto('admin_edit.php?edit_id=' . $edit_id); } $upass = crypt_user_pass($_POST['pass']); $query = "\n\t\t\t\t\tUPDATE\n\t\t\t\t\t\t`admin`\n\t\t\t\t\tSET\n\t\t\t\t\t\t`admin_pass` = ?,\n\t\t\t\t\t\t`fname` = ?,\n\t\t\t\t\t\t`lname` = ?,\n\t\t\t\t\t\t`firm` = ?,\n\t\t\t\t\t\t`zip` = ?,\n\t\t\t\t\t\t`city` = ?,\n\t\t\t\t\t\t`state` = ?,\n\t\t\t\t\t\t`country` = ?,\n\t\t\t\t\t\t`email` = ?,\n\t\t\t\t\t\t`phone` = ?,\n\t\t\t\t\t\t`fax` = ?,\n\t\t\t\t\t\t`street1` = ?,\n\t\t\t\t\t\t`street2` = ?,\n\t\t\t\t\t\t`gender` = ?\n\t\t\t\t\tWHERE\n\t\t\t\t\t\t`admin_id` = ?\n\t\t\t\t"; exec_query($sql, $query, array($upass, $fname, $lname, $firm, $zip, $city, $state, $country, $email, $phone, $fax, $street1, $street2, $gender, $edit_id)); // Kill any existing session of the edited user $admin_name = get_user_name($edit_id); $query = "\n\t\t\t\t\tDELETE FROM\n\t\t\t\t\t\t`login`\n\t\t\t\t\tWHERE\n\t\t\t\t\t\t`user_name` = ?\n\t\t\t\t"; $rs = exec_query($sql, $query, $admin_name); if ($rs->recordCount() != 0) { set_page_message(tr('User session was killed!'), 'info'); write_log($_SESSION['user_logged'] . " killed " . $admin_name . "'s session because of password change"); } } $edit_username = clean_input($_POST['edit_username']); $user_logged = $_SESSION['user_logged']; write_log("{$user_logged}: changes data/password for {$edit_username}!"); if (isset($_POST['send_data']) && !empty($_POST['pass'])) { $query = "SELECT admin_type FROM admin WHERE admin_id='" . addslashes(htmlspecialchars($edit_id)) . "'"; $res = exec_query($sql, $query); if ($res->fields['admin_type'] == 'admin') { $admin_type = tr('Administrator'); } else { if ($res->fields['admin_type'] == 'reseller') { $admin_type = tr('Reseller'); } else { $admin_type = tr('Domain account'); } } send_add_user_auto_msg($user_id, $edit_username, clean_input($_POST['pass']), clean_input($_POST['email']), clean_input($_POST['fname']), clean_input($_POST['lname']), tr($admin_type), $gender); } $_SESSION['user_updated'] = 1; user_goto('manage_users.php'); } } }
/** * @param EasySCP_TemplateEngine $tpl */ function add_reseller($tpl) { global $reseller_ips; $cfg = EasySCP_Registry::get('Config'); $sql = EasySCP_Registry::get('Db'); if (isset($_POST['uaction']) && $_POST['uaction'] === 'add_reseller') { if (check_user_data()) { $upass = crypt_user_pass($_POST['pass']); $user_id = $_SESSION['user_id']; $username = clean_input($_POST['username']); $fname = clean_input($_POST['fname']); $lname = clean_input($_POST['lname']); $gender = clean_input($_POST['gender']); $firm = clean_input($_POST['firm']); $zip = clean_input($_POST['zip']); $city = clean_input($_POST['city']); $state = clean_input($_POST['state']); $country = clean_input($_POST['country']); $email = clean_input($_POST['email']); $phone = clean_input($_POST['phone']); $fax = clean_input($_POST['fax']); $street1 = clean_input($_POST['street1']); $street2 = clean_input($_POST['street2']); $query = "\n\t\t\t\tINSERT INTO `admin` (\n\t\t\t\t\t`admin_name`,\n\t\t\t\t\t`admin_pass`,\n\t\t\t\t\t`admin_type`,\n\t\t\t\t\t`domain_created`,\n\t\t\t\t\t`created_by`,\n\t\t\t\t\t`fname`,\n\t\t\t\t\t`lname`,\n\t\t\t\t\t`firm`,\n\t\t\t\t\t`zip`,\n\t\t\t\t\t`city`,\n\t\t\t\t\t`state`,\n\t\t\t\t\t`country`,\n\t\t\t\t\t`email`,\n\t\t\t\t\t`phone`,\n\t\t\t\t\t`fax`,\n\t\t\t\t\t`street1`,\n\t\t\t\t\t`street2`,\n\t\t\t\t\t`gender`\n\t\t\t\t) VALUES (\n\t\t\t\t\t?,\n\t\t\t\t\t?,\n\t\t\t\t\t'reseller',\n\t\t\t\t\tunix_timestamp(),\n\t\t\t\t\t?,\n\t\t\t\t\t?,\n\t\t\t\t\t?,\n\t\t\t\t\t?,\n\t\t\t\t\t?,\n\t\t\t\t\t?,\n\t\t\t\t\t?,\n\t\t\t\t\t?,\n\t\t\t\t\t?,\n\t\t\t\t\t?,\n\t\t\t\t\t?,\n\t\t\t\t\t?,\n\t\t\t\t\t?,\n\t\t\t\t\t?\n\t\t\t\t)\n\t\t\t"; exec_query($sql, $query, array($username, $upass, $user_id, $fname, $lname, $firm, $zip, $city, $state, $country, $email, $phone, $fax, $street1, $street2, $gender)); $new_admin_id = $sql->insertId(); $user_logged = $_SESSION['user_logged']; write_log("{$user_logged}: add reseller: {$username}"); // $user_def_lang = $cfg->USER_INITIAL_LANG; $user_def_lang = ''; // $user_theme_color = $cfg->USER_INITIAL_THEME; $user_theme_color = ''; $query = "\n\t\t\t\tINSERT INTO `user_gui_props`\n\t\t\t\t\t(\n\t\t\t\t\t`user_id`,\n\t\t\t\t\t`lang`,\n\t\t\t\t\t`layout`\n\t\t\t\t\t)\n\t\t\t\tVALUES\n\t\t\t\t\t(?, ?, ?)\n\t\t\t"; exec_query($sql, $query, array($new_admin_id, $user_def_lang, $user_theme_color)); /* * 'reseller_props' table entry; */ $nreseller_max_domain_cnt = clean_input($_POST['nreseller_max_domain_cnt']); $nreseller_max_subdomain_cnt = clean_input($_POST['nreseller_max_subdomain_cnt']); $nreseller_max_alias_cnt = clean_input($_POST['nreseller_max_alias_cnt']); $nreseller_max_mail_cnt = clean_input($_POST['nreseller_max_mail_cnt']); $nreseller_max_ftp_cnt = clean_input($_POST['nreseller_max_ftp_cnt']); $nreseller_max_sql_db_cnt = clean_input($_POST['nreseller_max_sql_db_cnt']); $nreseller_max_sql_user_cnt = clean_input($_POST['nreseller_max_sql_user_cnt']); $nreseller_max_traffic = clean_input($_POST['nreseller_max_traffic']); $nreseller_max_disk = clean_input($_POST['nreseller_max_disk']); $customer_id = clean_input($_POST['customer_id']); $support_system = clean_input($_POST['support_system']); $query = "\n\t\t\t\tINSERT INTO `reseller_props` (\n\t\t\t\t\t`reseller_id`, `reseller_ips`,\n\t\t\t\t\t`max_dmn_cnt`, `current_dmn_cnt`,\n\t\t\t\t\t`max_sub_cnt`, `current_sub_cnt`,\n\t\t\t\t\t`max_als_cnt`, `current_als_cnt`,\n\t\t\t\t\t`max_mail_cnt`, `current_mail_cnt`,\n\t\t\t\t\t`max_ftp_cnt`, `current_ftp_cnt`,\n\t\t\t\t\t`max_sql_db_cnt`, `current_sql_db_cnt`,\n\t\t\t\t\t`max_sql_user_cnt`, `current_sql_user_cnt`,\n\t\t\t\t\t`max_traff_amnt`, `current_traff_amnt`,\n\t\t\t\t\t`max_disk_amnt`, `current_disk_amnt`,\n\t\t\t\t\t`support_system`, `customer_id`\n\t\t\t\t) VALUES (\n\t\t\t\t\t?, ?,\n\t\t\t\t\t?, '0',\n\t\t\t\t\t?, '0',\n\t\t\t\t\t?, '0',\n\t\t\t\t\t?, '0',\n\t\t\t\t\t?, '0',\n\t\t\t\t\t?, '0',\n\t\t\t\t\t?, '0',\n\t\t\t\t\t?, '0',\n\t\t\t\t\t?, '0',\n\t\t\t\t\t?, ?\n\t\t\t\t)\n\t\t\t\t"; exec_query($sql, $query, array($new_admin_id, $reseller_ips, $nreseller_max_domain_cnt, $nreseller_max_subdomain_cnt, $nreseller_max_alias_cnt, $nreseller_max_mail_cnt, $nreseller_max_ftp_cnt, $nreseller_max_sql_db_cnt, $nreseller_max_sql_user_cnt, $nreseller_max_traffic, $nreseller_max_disk, $support_system, $customer_id)); send_add_user_auto_msg($user_id, clean_input($_POST['username']), $_POST['pass'], clean_input($_POST['email']), clean_input($_POST['fname']), clean_input($_POST['lname']), tr('Reseller'), $gender); $_SESSION['reseller_added'] = 1; user_goto('manage_users.php'); } else { $tpl->assign(array('EMAIL' => clean_input($_POST['email'], true), 'USERNAME' => clean_input($_POST['username'], true), 'FIRST_NAME' => clean_input($_POST['fname'], true), 'CUSTOMER_ID' => clean_input($_POST['customer_id'], true), 'LAST_NAME' => clean_input($_POST['lname'], true), 'FIRM' => clean_input($_POST['firm'], true), 'ZIP' => clean_input($_POST['zip'], true), 'CITY' => clean_input($_POST['city'], true), 'STATE' => clean_input($_POST['state'], true), 'COUNTRY' => clean_input($_POST['country'], true), 'STREET_1' => clean_input($_POST['street1'], true), 'STREET_2' => clean_input($_POST['street2'], true), 'PHONE' => clean_input($_POST['phone'], true), 'FAX' => clean_input($_POST['fax'], true), 'VL_MALE' => $_POST['gender'] == 'M' ? $cfg->HTML_SELECTED : '', 'VL_FEMALE' => $_POST['gender'] == 'F' ? $cfg->HTML_SELECTED : '', 'VL_UNKNOWN' => $_POST['gender'] == 'U' || empty($_POST['gender']) ? $cfg->HTML_SELECTED : '', 'MAX_DOMAIN_COUNT' => clean_input($_POST['nreseller_max_domain_cnt'], true), 'MAX_SUBDOMAIN_COUNT' => clean_input($_POST['nreseller_max_subdomain_cnt'], true), 'MAX_ALIASES_COUNT' => clean_input($_POST['nreseller_max_alias_cnt'], true), 'MAX_MAIL_USERS_COUNT' => clean_input($_POST['nreseller_max_mail_cnt'], true), 'MAX_FTP_USERS_COUNT' => clean_input($_POST['nreseller_max_ftp_cnt'], true), 'MAX_SQLDB_COUNT' => clean_input($_POST['nreseller_max_sql_db_cnt'], true), 'MAX_SQL_USERS_COUNT' => clean_input($_POST['nreseller_max_sql_user_cnt'], true), 'MAX_TRAFFIC_AMOUNT' => clean_input($_POST['nreseller_max_traffic'], true), 'MAX_DISK_AMOUNT' => clean_input($_POST['nreseller_max_disk'], true), 'SUPPORT_SYSTEM_YES' => $_POST['support_system'] == 'yes' ? $cfg->HTML_SELECTED : '', 'SUPPORT_SYSTEM_NO' => $_POST['support_system'] == 'no' ? $cfg->HTML_SELECTED : '', 'SUPPORT_SYSTEM' => clean_input($_POST['support_system'], true))); } } else { $tpl->assign(array('EMAIL' => '', 'USERNAME' => '', 'FIRST_NAME' => '', 'CUSTOMER_ID' => '', 'LAST_NAME' => '', 'FIRM' => '', 'ZIP' => '', 'CITY' => '', 'STATE' => '', 'COUNTRY' => '', 'STREET_1' => '', 'STREET_2' => '', 'PHONE' => '', 'FAX' => '', 'VL_MALE' => '', 'VL_FEMALE' => '', 'VL_UNKNOWN' => $cfg->HTML_SELECTED, 'MAX_DOMAIN_COUNT' => '', 'MAX_SUBDOMAIN_COUNT' => '', 'MAX_ALIASES_COUNT' => '', 'MAX_MAIL_USERS_COUNT' => '', 'MAX_FTP_USERS_COUNT' => '', 'MAX_SQLDB_COUNT' => '', 'MAX_SQL_USERS_COUNT' => '', 'MAX_TRAFFIC_AMOUNT' => '', 'MAX_DISK_AMOUNT' => '', 'SUPPORT_SYSTEM_YES' => $cfg->HTML_SELECTED, 'SUPPORT_SYSTEM_NO' => '')); } }