/**
* Requests that the web service method requires that the user must be authenticated wth the server.
* @author Bobby Allen (ballen@bobbyallen.me)
*/
public function RequireUserAuth()
{
$ws_auth = new ctrl_auth();
$user = $ws_auth->Authenticate($this->wsdataarray['authuser'], $this->wsdataarray['authpass']);
if ($user) {
$this->authuserid = $user;
return true;
} else {
$dataobject = new runtime_dataobject();
$dataobject->addItemValue('response', '1105');
$dataobject->addItemValue('content', 'User authentication failed');
die($this->SendResponse($dataobject->getDataObject()));
}
}
public static function Template()
{
$currentuser = ctrl_users::GetUserDetail(ctrl_auth::CurrentUserID());
if ($currentuser['lastlogon']) {
return date(ctrl_options::GetSystemOption('sentora_df'), $currentuser['lastlogon']);
} else {
return "<: Never :>";
}
}
/**
* Returns an array of infomation for the account details, package, groups and quota limits for a given UID.
* @author Bobby Allen (ballen@bobbyallen.me)
* @global db_driver $zdbh The ZPX database handle.
* @param int $uid The ZPanel user account ID.
* @return array
*/
static function GetUserDetail($uid = "")
{
global $zdbh;
$userdetail = new runtime_dataobject();
if ($uid == "") {
$uid = ctrl_auth::CurrentUserID();
}
$rows = $zdbh->prepare("\n SELECT * FROM x_accounts\n LEFT JOIN x_profiles ON (x_accounts.ac_id_pk=x_profiles.ud_user_fk)\n LEFT JOIN x_groups ON (x_accounts.ac_group_fk=x_groups.ug_id_pk)\n LEFT JOIN x_packages ON (x_accounts.ac_package_fk=x_packages.pk_id_pk)\n LEFT JOIN x_quotas ON (x_accounts.ac_package_fk=x_quotas.qt_package_fk)\n WHERE x_accounts.ac_id_pk= :uid\n ");
$rows->bindParam(':uid', $uid);
$rows->execute();
$dbvals = $rows->fetch();
$userdetail->addItemValue('username', $dbvals['ac_user_vc']);
$userdetail->addItemValue('userid', $dbvals['ac_id_pk']);
$userdetail->addItemValue('password', $dbvals['ac_pass_vc']);
$userdetail->addItemValue('email', $dbvals['ac_email_vc']);
$userdetail->addItemValue('resellerid', $dbvals['ac_reseller_fk']);
$userdetail->addItemValue('packageid', $dbvals['ac_package_fk']);
$userdetail->addItemValue('enabled', $dbvals['ac_enabled_in']);
$userdetail->addItemValue('usertheme', $dbvals['ac_usertheme_vc']);
$userdetail->addItemValue('usercss', $dbvals['ac_usercss_vc']);
$userdetail->addItemValue('lastlogon', $dbvals['ac_lastlogon_ts']);
$userdetail->addItemValue('fullname', $dbvals['ud_fullname_vc']);
$userdetail->addItemValue('packagename', $dbvals['pk_name_vc']);
$userdetail->addItemValue('usergroup', $dbvals['ug_name_vc']);
$userdetail->addItemValue('usergroupid', $dbvals['ac_group_fk']);
$userdetail->addItemValue('address', $dbvals['ud_address_tx']);
$userdetail->addItemValue('postcode', $dbvals['ud_postcode_vc']);
$userdetail->addItemValue('phone', $dbvals['ud_phone_vc']);
$userdetail->addItemValue('language', $dbvals['ud_language_vc']);
$userdetail->addItemValue('diskquota', $dbvals['qt_diskspace_bi']);
$userdetail->addItemValue('bandwidthquota', $dbvals['qt_bandwidth_bi']);
$userdetail->addItemValue('domainquota', $dbvals['qt_domains_in']);
$userdetail->addItemValue('subdomainquota', $dbvals['qt_subdomains_in']);
$userdetail->addItemValue('parkeddomainquota', $dbvals['qt_parkeddomains_in']);
$userdetail->addItemValue('ftpaccountsquota', $dbvals['qt_ftpaccounts_in']);
$userdetail->addItemValue('mysqlquota', $dbvals['qt_mysql_in']);
$userdetail->addItemValue('mailboxquota', $dbvals['qt_mailboxes_in']);
$userdetail->addItemValue('forwardersquota', $dbvals['qt_fowarders_in']);
$userdetail->addItemValue('distlistsquota', $dbvals['qt_distlists_in']);
$userdetail->addItemValue('catorder', $dbvals['ac_catorder_vc']);
return $userdetail->getDataObject();
}
/**
* Used to translate a text string into the language preference of the user.
* @author Pascal Peyremorte (p.peyremorte@wanadoo.fr)
* @global db_driver $zdbh The ZPX database handle.
* @param $message The string to translate.
* @return string The transalated string.
*/
static function translate($message)
{
global $zdbh;
if (empty(self::$LangCol)) {
$uid = ctrl_auth::CurrentUserID();
$sql = $zdbh->prepare('SELECT ud_language_vc FROM x_profiles WHERE ud_user_fk=' . $uid);
$sql->execute();
$lang = $sql->fetch();
self::$LangCol = 'tr_' . $lang['ud_language_vc'] . '_tx';
}
if (self::$LangCol == 'tr_en_tx') {
return $message;
}
//no translation required, english used
$SlashedMessage = addslashes($message);
//protect special chars
$sql = $zdbh->prepare('SELECT ' . self::$LangCol . ' FROM x_translations WHERE tr_en_tx =:message');
$sql->bindParam(':message', $SlashedMessage);
$sql->execute();
$result = $sql->fetch();
if ($result) {
if (!fs_director::CheckForEmptyValue($result[self::$LangCol])) {
return $result[self::$LangCol];
} else {
return $message;
}
//translated message empty
} else {
//message not found in the table
//add unfound message to the table with empties translations
$sql = $zdbh->prepare('INSERT INTO x_translations SET tr_en_tx=:message');
$sql->bindParam(':message', $SlashedMessage);
$sql->execute();
return $message;
}
}
$sql = $zdbh->prepare("SELECT ac_passsalt_vc FROM x_accounts WHERE ac_user_vc = :username AND ac_deleted_ts IS NULL");
$sql->bindParam(':username', $_POST['inUsername']);
$sql->execute();
$result = $sql->fetch();
$crypto = new runtime_hash();
$crypto->SetPassword($_POST['inPassword']);
$crypto->SetSalt($result['ac_passsalt_vc']);
$secure_password = $crypto->CryptParts($crypto->Crypt())->Hash;
if (!ctrl_auth::Authenticate($_POST['inUsername'], $secure_password, $rememberdetails, false, $inSessionSecuirty)) {
header("location: ./?invalidlogin");
exit;
}
}
if (isset($_COOKIE['zUser'])) {
if (isset($_COOKIE['zSec'])) {
if ($_COOKIE['zSec'] == false) {
$secure = false;
} else {
$secure = true;
}
} else {
$secure = true;
}
ctrl_auth::Authenticate($_COOKIE['zUser'], $_COOKIE['zPass'], false, true, $secure);
}
if (!isset($_SESSION['zpuid'])) {
ctrl_auth::RequireUser();
}
runtime_hook::Execute('OnBeforeControllerInit');
$controller->Init();
ui_templateparser::Generate("etc/styles/" . ui_template::GetUserTemplate());
/**
* The main authentication mechanism, checks username and password against the database and logs the user in on a successful authenitcation request.
* @author Bobby Allen (ballen@bobbyallen.me)
* @global db_driver $zdbh The ZPX database handle.
* @param string $username The username to use to authenticate with.
* @param string $password The password to use to authenticate with.
* @param bool $rememberme Remember the password for 30 days? (true/false)
* @param bool $checkingcookie The authentication request has come from a set cookie.
* @return mixed Returns 'false' if the authentication fails otherwise will return the user ID.
*/
static function Authenticate($username, $password, $rememberme = false, $iscookie = false, $sessionSecuirty)
{
global $zdbh;
$sqlString = "SELECT * FROM\n x_accounts WHERE\n ac_user_vc = :username AND\n ac_pass_vc = :password AND\n ac_enabled_in = 1 AND\n ac_deleted_ts IS NULL";
$bindArray = array(':username' => $username, ':password' => $password);
$zdbh->bindQuery($sqlString, $bindArray);
$row = $zdbh->returnRow();
if ($row) {
//Disabled till zpanel 10.0.3
//runtime_sessionsecurity::sessionRegen();
ctrl_auth::SetUserSession($row['ac_id_pk'], $sessionSecuirty);
$log_logon = $zdbh->prepare("UPDATE x_accounts SET ac_lastlogon_ts=" . time() . " WHERE ac_id_pk=" . $row['ac_id_pk'] . "");
$log_logon->execute();
if ($rememberme) {
setcookie("zUser", $username, time() + 60 * 60 * 24 * 30, "/");
setcookie("zPass", $password, time() + 60 * 60 * 24 * 30, "/");
//setcookie("zSec", $sessionSecuirty, time() + 60 * 60 * 24 * 30, "/");
}
runtime_hook::Execute('OnGoodUserLogin');
return $row['ac_id_pk'];
} else {
runtime_hook::Execute('OnBadUserLogin');
return false;
}
}
static function getMailboxList($uid = null)
{
global $zdbh;
global $controller;
if ($uid == '' || empty($uid) || $uid == null) {
$uid = ctrl_auth::CurrentUserID();
}
$currentuser = ctrl_users::GetUserDetail($uid);
$sql = "SELECT * FROM x_mailboxes WHERE mb_acc_fk=:userid AND mb_deleted_ts IS NULL ORDER BY mb_address_vc ASC";
$numrows = $zdbh->prepare($sql);
$numrows->bindParam(':userid', $currentuser['userid']);
$numrows->execute();
if ($numrows->fetchColumn() != 0) {
$sqlRun = $zdbh->prepare($sql);
$sqlRun->bindParam(':userid', $currentuser['userid']);
$res = array();
$sqlRun->execute();
while ($rowmailboxes = $sqlRun->fetch()) {
array_push($res, array('address' => $rowmailboxes['mb_address_vc'], 'id' => $rowmailboxes['mb_id_pk']));
}
return $res;
} else {
return false;
}
}
static function doShadowUser()
{
global $zdbh;
global $controller;
runtime_csfr::Protect();
$currentuser = ctrl_users::GetUserDetail();
if ($currentuser['username'] == 'zadmin') {
$sql = "SELECT * FROM x_accounts WHERE ac_deleted_ts IS NULL ORDER BY ac_user_vc";
$numrows = $zdbh->prepare($sql);
} else {
$sql = "SELECT * FROM x_accounts WHERE ac_reseller_fk = :userid AND ac_deleted_ts IS NULL";
$numrows = $zdbh->prepare($sql);
$numrows->bindParam(':userid', $currentuser['userid']);
}
if ($numrows->execute()) {
if ($numrows->fetchColumn() != 0) {
$sql = $zdbh->prepare($sql);
if ($currentuser['username'] == 'zadmin') {
//no bind needed
} else {
//bind the username
$sql->bindParam(':userid', $currentuser['userid']);
}
$sql->execute();
while ($rowclients = $sql->fetch()) {
if (!fs_director::CheckForEmptyValue($controller->GetControllerRequest('FORM', 'inShadow_' . $rowclients['ac_id_pk']))) {
ctrl_auth::KillCookies();
ctrl_auth::SetSession('ruid', $currentuser['userid']);
ctrl_auth::SetUserSession($rowclients['ac_id_pk'], runtime_sessionsecurity::getSessionSecurityEnabled());
header("location: /");
exit;
}
}
}
}
}
static function getDomainList($uid = null)
{
global $zdbh;
global $controller;
if ($uid == '' || empty($uid) || $uid == null) {
$uid = ctrl_auth::CurrentUserID();
}
$currentuser = ctrl_users::GetUserDetail($uid);
$sql = "SELECT * FROM x_vhosts WHERE vh_acc_fk=:userid AND vh_enabled_in=1 AND vh_deleted_ts IS NULL ORDER BY vh_name_vc ASC";
$numrows = $zdbh->prepare($sql);
$numrows->bindParam(':userid', $currentuser['userid']);
$numrows->execute();
if ($numrows->fetchColumn() != 0) {
$sqlRun = $zdbh->prepare($sql);
$sqlRun->bindParam(':userid', $currentuser['userid']);
$res = array();
$sqlRun->execute();
while ($rowdomains = $sqlRun->fetch()) {
array_push($res, array('domain' => $rowdomains['vh_name_vc']));
}
return $res;
} else {
return false;
}
}
