function update_ftp_account($sql, $ftp_acc) { global $cfg; global $other_dir; if (isset($_POST['uaction']) && $_POST['uaction'] === 'edit_user') { if ($_POST['pass'] !== '' || $_POST['pass_rep'] !== '') { if ($_POST['pass'] !== $_POST['pass_rep']) { set_page_message(tr('Entered passwords differ!')); return; } $pass = crypt_user_ftp_pass($_POST['pass']); if (isset($_POST['use_other_dir']) && $_POST['use_other_dir'] === 'on') { $other_dir = $cfg['FTP_HOMEDIR'] . "/" . $_SESSION['user_logged'] . $_POST['other_dir']; $res = preg_match("/\\.\\./", $_POST['other_dir'], $match); if (!is_dir($other_dir) || $res !== 0) { set_page_message($_POST['other_dir'] . tr(' do not exist')); return; } $query = <<<SQL_QUERY update ftp_users set passwd = ?, homedir = ? where userid = ? SQL_QUERY; $rs = exec_query($sql, $query, array($pass, $other_dir, $ftp_acc)); } else { $query = <<<SQL_QUERY update ftp_users set passwd = ? where userid = ? SQL_QUERY; $rs = exec_query($sql, $query, array($pass, $ftp_acc)); } write_log($_SESSION['user_logged'] . " : update FTP account data"); set_page_message(tr('FTP account data updated!')); user_goto('ftp_accounts.php'); } else { if (isset($_POST['use_other_dir']) && $_POST['use_other_dir'] === 'on') { $other_dir = $cfg['FTP_HOMEDIR'] . "/" . $_SESSION['user_logged'] . $_POST['other_dir']; $res = preg_match("/\\.\\./", $_POST['other_dir'], $match); if (!is_dir($other_dir) || $res !== 0) { set_page_message($_POST['other_dir'] . tr(' do not exist')); return; } } else { $other_dir = $cfg['FTP_HOMEDIR'] . "/" . $_SESSION['user_logged']; } $query = <<<SQL_QUERY update ftp_users set homedir = ? where userid = ? SQL_QUERY; $rs = exec_query($sql, $query, array($other_dir, $ftp_acc)); set_page_message(tr('FTP account data updated!')); user_goto('ftp_accounts.php'); } } }
function add_ftp_user(&$sql, $dmn_name) { global $cfg; $username = strtolower($_POST['username']); $res_uname = preg_match("/\\./", $username, $match); if ($res_uname == 1) { set_page_message(tr("Incorrect username range or syntax!")); return; } $res = preg_match("/\\.\\./", $_POST['other_dir'], $match); if (chk_username($username)) { set_page_message(tr("Incorrect username range or syntax!")); return; } if ($_POST['dmn_type'] === 'dmn') { $ftp_user = $username . $cfg['FTP_USERNAME_SEPARATOR'] . $dmn_name; if (isset($_POST['use_other_dir']) && $_POST['use_other_dir'] === 'on') { $ftp_home = $cfg['FTP_HOMEDIR'] . "/{$dmn_name}" . $_POST['other_dir']; if (!is_dir($ftp_home) || $res !== 0) { set_page_message($_POST['other_dir'] . tr(' do not exist')); return; } } else { $ftp_home = $cfg['FTP_HOMEDIR'] . "/{$dmn_name}"; } } else { if ($_POST['dmn_type'] === 'als') { $ftp_user = $username . $cfg['FTP_USERNAME_SEPARATOR'] . $_POST['als_id']; $alias_mount_point = get_alias_mount_point($sql, $_POST['als_id']); if (isset($_POST['use_other_dir']) && $_POST['use_other_dir'] === 'on') { $ftp_home = $cfg['FTP_HOMEDIR'] . "/{$dmn_name}" . $_POST['other_dir']; if (!is_dir($ftp_home) || $res !== 0) { set_page_message($_POST['other_dir'] . tr(' do not exist')); return; } } else { $ftp_home = $cfg['FTP_HOMEDIR'] . "/{$dmn_name}" . $alias_mount_point; } } else { if ($_POST['dmn_type'] === 'sub') { $ftp_user = $username . $cfg['FTP_USERNAME_SEPARATOR'] . $_POST['sub_id'] . '.' . $dmn_name; if (isset($_POST['use_other_dir']) && $_POST['use_other_dir'] === 'on') { $ftp_home = $cfg['FTP_HOMEDIR'] . "/{$dmn_name}" . $_POST['other_dir']; if (!is_dir($ftp_home) || $res !== 0) { set_page_message($_POST['other_dir'] . tr(' do not exist')); return; } } else { $ftp_home = $cfg['FTP_HOMEDIR'] . "/{$dmn_name}" . "/" . $_POST['sub_id']; } } } } $ftp_gid = get_ftp_user_gid($sql, $dmn_name, $ftp_user); $ftp_uid = get_ftp_user_uid($sql, $dmn_name, $ftp_user, $ftp_gid); if ($ftp_uid == -1) { return; } $ftp_shell = $cfg['FTP_SHELL']; $ftp_passwd = crypt_user_ftp_pass($_POST['pass']); $query = <<<SQL_QUERY insert into ftp_users (userid, passwd, uid, gid, shell, homedir) values (?, ?, ?, ?, ?, ?) SQL_QUERY; $rs = exec_query($sql, $query, array($ftp_user, $ftp_passwd, $ftp_uid, $ftp_gid, $ftp_shell, $ftp_home)); write_log($_SESSION['user_logged'] . " : add new FTP account -> {$ftp_user}"); set_page_message(tr('FTP account added!')); header('Location: ftp_accounts.php'); exit(0); }