/** * Requests that the web service method requires that the user must be authenticated wth the server. * @author Bobby Allen (ballen@bobbyallen.me) */ public function RequireUserAuth() { $ws_auth = new ctrl_auth(); $user = $ws_auth->Authenticate($this->wsdataarray['authuser'], $this->wsdataarray['authpass']); if ($user) { $this->authuserid = $user; return true; } else { $dataobject = new runtime_dataobject(); $dataobject->addItemValue('response', '1105'); $dataobject->addItemValue('content', 'User authentication failed'); die($this->SendResponse($dataobject->getDataObject())); } }
public static function Template() { $currentuser = ctrl_users::GetUserDetail(ctrl_auth::CurrentUserID()); if ($currentuser['lastlogon']) { return date(ctrl_options::GetSystemOption('sentora_df'), $currentuser['lastlogon']); } else { return "<: Never :>"; } }
/** * Returns an array of infomation for the account details, package, groups and quota limits for a given UID. * @author Bobby Allen (ballen@bobbyallen.me) * @global db_driver $zdbh The ZPX database handle. * @param int $uid The ZPanel user account ID. * @return array */ static function GetUserDetail($uid = "") { global $zdbh; $userdetail = new runtime_dataobject(); if ($uid == "") { $uid = ctrl_auth::CurrentUserID(); } $rows = $zdbh->prepare("\n SELECT * FROM x_accounts\n LEFT JOIN x_profiles ON (x_accounts.ac_id_pk=x_profiles.ud_user_fk)\n LEFT JOIN x_groups ON (x_accounts.ac_group_fk=x_groups.ug_id_pk)\n LEFT JOIN x_packages ON (x_accounts.ac_package_fk=x_packages.pk_id_pk)\n LEFT JOIN x_quotas ON (x_accounts.ac_package_fk=x_quotas.qt_package_fk)\n WHERE x_accounts.ac_id_pk= :uid\n "); $rows->bindParam(':uid', $uid); $rows->execute(); $dbvals = $rows->fetch(); $userdetail->addItemValue('username', $dbvals['ac_user_vc']); $userdetail->addItemValue('userid', $dbvals['ac_id_pk']); $userdetail->addItemValue('password', $dbvals['ac_pass_vc']); $userdetail->addItemValue('email', $dbvals['ac_email_vc']); $userdetail->addItemValue('resellerid', $dbvals['ac_reseller_fk']); $userdetail->addItemValue('packageid', $dbvals['ac_package_fk']); $userdetail->addItemValue('enabled', $dbvals['ac_enabled_in']); $userdetail->addItemValue('usertheme', $dbvals['ac_usertheme_vc']); $userdetail->addItemValue('usercss', $dbvals['ac_usercss_vc']); $userdetail->addItemValue('lastlogon', $dbvals['ac_lastlogon_ts']); $userdetail->addItemValue('fullname', $dbvals['ud_fullname_vc']); $userdetail->addItemValue('packagename', $dbvals['pk_name_vc']); $userdetail->addItemValue('usergroup', $dbvals['ug_name_vc']); $userdetail->addItemValue('usergroupid', $dbvals['ac_group_fk']); $userdetail->addItemValue('address', $dbvals['ud_address_tx']); $userdetail->addItemValue('postcode', $dbvals['ud_postcode_vc']); $userdetail->addItemValue('phone', $dbvals['ud_phone_vc']); $userdetail->addItemValue('language', $dbvals['ud_language_vc']); $userdetail->addItemValue('diskquota', $dbvals['qt_diskspace_bi']); $userdetail->addItemValue('bandwidthquota', $dbvals['qt_bandwidth_bi']); $userdetail->addItemValue('domainquota', $dbvals['qt_domains_in']); $userdetail->addItemValue('subdomainquota', $dbvals['qt_subdomains_in']); $userdetail->addItemValue('parkeddomainquota', $dbvals['qt_parkeddomains_in']); $userdetail->addItemValue('ftpaccountsquota', $dbvals['qt_ftpaccounts_in']); $userdetail->addItemValue('mysqlquota', $dbvals['qt_mysql_in']); $userdetail->addItemValue('mailboxquota', $dbvals['qt_mailboxes_in']); $userdetail->addItemValue('forwardersquota', $dbvals['qt_fowarders_in']); $userdetail->addItemValue('distlistsquota', $dbvals['qt_distlists_in']); $userdetail->addItemValue('catorder', $dbvals['ac_catorder_vc']); return $userdetail->getDataObject(); }
/** * Used to translate a text string into the language preference of the user. * @author Pascal Peyremorte (p.peyremorte@wanadoo.fr) * @global db_driver $zdbh The ZPX database handle. * @param $message The string to translate. * @return string The transalated string. */ static function translate($message) { global $zdbh; if (empty(self::$LangCol)) { $uid = ctrl_auth::CurrentUserID(); $sql = $zdbh->prepare('SELECT ud_language_vc FROM x_profiles WHERE ud_user_fk=' . $uid); $sql->execute(); $lang = $sql->fetch(); self::$LangCol = 'tr_' . $lang['ud_language_vc'] . '_tx'; } if (self::$LangCol == 'tr_en_tx') { return $message; } //no translation required, english used $SlashedMessage = addslashes($message); //protect special chars $sql = $zdbh->prepare('SELECT ' . self::$LangCol . ' FROM x_translations WHERE tr_en_tx =:message'); $sql->bindParam(':message', $SlashedMessage); $sql->execute(); $result = $sql->fetch(); if ($result) { if (!fs_director::CheckForEmptyValue($result[self::$LangCol])) { return $result[self::$LangCol]; } else { return $message; } //translated message empty } else { //message not found in the table //add unfound message to the table with empties translations $sql = $zdbh->prepare('INSERT INTO x_translations SET tr_en_tx=:message'); $sql->bindParam(':message', $SlashedMessage); $sql->execute(); return $message; } }
$sql = $zdbh->prepare("SELECT ac_passsalt_vc FROM x_accounts WHERE ac_user_vc = :username AND ac_deleted_ts IS NULL"); $sql->bindParam(':username', $_POST['inUsername']); $sql->execute(); $result = $sql->fetch(); $crypto = new runtime_hash(); $crypto->SetPassword($_POST['inPassword']); $crypto->SetSalt($result['ac_passsalt_vc']); $secure_password = $crypto->CryptParts($crypto->Crypt())->Hash; if (!ctrl_auth::Authenticate($_POST['inUsername'], $secure_password, $rememberdetails, false, $inSessionSecuirty)) { header("location: ./?invalidlogin"); exit; } } if (isset($_COOKIE['zUser'])) { if (isset($_COOKIE['zSec'])) { if ($_COOKIE['zSec'] == false) { $secure = false; } else { $secure = true; } } else { $secure = true; } ctrl_auth::Authenticate($_COOKIE['zUser'], $_COOKIE['zPass'], false, true, $secure); } if (!isset($_SESSION['zpuid'])) { ctrl_auth::RequireUser(); } runtime_hook::Execute('OnBeforeControllerInit'); $controller->Init(); ui_templateparser::Generate("etc/styles/" . ui_template::GetUserTemplate());
/** * The main authentication mechanism, checks username and password against the database and logs the user in on a successful authenitcation request. * @author Bobby Allen (ballen@bobbyallen.me) * @global db_driver $zdbh The ZPX database handle. * @param string $username The username to use to authenticate with. * @param string $password The password to use to authenticate with. * @param bool $rememberme Remember the password for 30 days? (true/false) * @param bool $checkingcookie The authentication request has come from a set cookie. * @return mixed Returns 'false' if the authentication fails otherwise will return the user ID. */ static function Authenticate($username, $password, $rememberme = false, $iscookie = false, $sessionSecuirty) { global $zdbh; $sqlString = "SELECT * FROM\n x_accounts WHERE\n ac_user_vc = :username AND\n ac_pass_vc = :password AND\n ac_enabled_in = 1 AND\n ac_deleted_ts IS NULL"; $bindArray = array(':username' => $username, ':password' => $password); $zdbh->bindQuery($sqlString, $bindArray); $row = $zdbh->returnRow(); if ($row) { //Disabled till zpanel 10.0.3 //runtime_sessionsecurity::sessionRegen(); ctrl_auth::SetUserSession($row['ac_id_pk'], $sessionSecuirty); $log_logon = $zdbh->prepare("UPDATE x_accounts SET ac_lastlogon_ts=" . time() . " WHERE ac_id_pk=" . $row['ac_id_pk'] . ""); $log_logon->execute(); if ($rememberme) { setcookie("zUser", $username, time() + 60 * 60 * 24 * 30, "/"); setcookie("zPass", $password, time() + 60 * 60 * 24 * 30, "/"); //setcookie("zSec", $sessionSecuirty, time() + 60 * 60 * 24 * 30, "/"); } runtime_hook::Execute('OnGoodUserLogin'); return $row['ac_id_pk']; } else { runtime_hook::Execute('OnBadUserLogin'); return false; } }
static function getMailboxList($uid = null) { global $zdbh; global $controller; if ($uid == '' || empty($uid) || $uid == null) { $uid = ctrl_auth::CurrentUserID(); } $currentuser = ctrl_users::GetUserDetail($uid); $sql = "SELECT * FROM x_mailboxes WHERE mb_acc_fk=:userid AND mb_deleted_ts IS NULL ORDER BY mb_address_vc ASC"; $numrows = $zdbh->prepare($sql); $numrows->bindParam(':userid', $currentuser['userid']); $numrows->execute(); if ($numrows->fetchColumn() != 0) { $sqlRun = $zdbh->prepare($sql); $sqlRun->bindParam(':userid', $currentuser['userid']); $res = array(); $sqlRun->execute(); while ($rowmailboxes = $sqlRun->fetch()) { array_push($res, array('address' => $rowmailboxes['mb_address_vc'], 'id' => $rowmailboxes['mb_id_pk'])); } return $res; } else { return false; } }
static function doShadowUser() { global $zdbh; global $controller; runtime_csfr::Protect(); $currentuser = ctrl_users::GetUserDetail(); if ($currentuser['username'] == 'zadmin') { $sql = "SELECT * FROM x_accounts WHERE ac_deleted_ts IS NULL ORDER BY ac_user_vc"; $numrows = $zdbh->prepare($sql); } else { $sql = "SELECT * FROM x_accounts WHERE ac_reseller_fk = :userid AND ac_deleted_ts IS NULL"; $numrows = $zdbh->prepare($sql); $numrows->bindParam(':userid', $currentuser['userid']); } if ($numrows->execute()) { if ($numrows->fetchColumn() != 0) { $sql = $zdbh->prepare($sql); if ($currentuser['username'] == 'zadmin') { //no bind needed } else { //bind the username $sql->bindParam(':userid', $currentuser['userid']); } $sql->execute(); while ($rowclients = $sql->fetch()) { if (!fs_director::CheckForEmptyValue($controller->GetControllerRequest('FORM', 'inShadow_' . $rowclients['ac_id_pk']))) { ctrl_auth::KillCookies(); ctrl_auth::SetSession('ruid', $currentuser['userid']); ctrl_auth::SetUserSession($rowclients['ac_id_pk'], runtime_sessionsecurity::getSessionSecurityEnabled()); header("location: /"); exit; } } } } }
static function getDomainList($uid = null) { global $zdbh; global $controller; if ($uid == '' || empty($uid) || $uid == null) { $uid = ctrl_auth::CurrentUserID(); } $currentuser = ctrl_users::GetUserDetail($uid); $sql = "SELECT * FROM x_vhosts WHERE vh_acc_fk=:userid AND vh_enabled_in=1 AND vh_deleted_ts IS NULL ORDER BY vh_name_vc ASC"; $numrows = $zdbh->prepare($sql); $numrows->bindParam(':userid', $currentuser['userid']); $numrows->execute(); if ($numrows->fetchColumn() != 0) { $sqlRun = $zdbh->prepare($sql); $sqlRun->bindParam(':userid', $currentuser['userid']); $res = array(); $sqlRun->execute(); while ($rowdomains = $sqlRun->fetch()) { array_push($res, array('domain' => $rowdomains['vh_name_vc'])); } return $res; } else { return false; } }