/**
* @param EasySCP_TemplateEngine $tpl
*/
function add_reseller($tpl)
{
global $reseller_ips;
$cfg = EasySCP_Registry::get('Config');
$sql = EasySCP_Registry::get('Db');
if (isset($_POST['uaction']) && $_POST['uaction'] === 'add_reseller') {
if (check_user_data()) {
$upass = crypt_user_pass($_POST['pass']);
$user_id = $_SESSION['user_id'];
$username = clean_input($_POST['username']);
$fname = clean_input($_POST['fname']);
$lname = clean_input($_POST['lname']);
$gender = clean_input($_POST['gender']);
$firm = clean_input($_POST['firm']);
$zip = clean_input($_POST['zip']);
$city = clean_input($_POST['city']);
$state = clean_input($_POST['state']);
$country = clean_input($_POST['country']);
$email = clean_input($_POST['email']);
$phone = clean_input($_POST['phone']);
$fax = clean_input($_POST['fax']);
$street1 = clean_input($_POST['street1']);
$street2 = clean_input($_POST['street2']);
$query = "\n\t\t\t\tINSERT INTO `admin` (\n\t\t\t\t\t`admin_name`,\n\t\t\t\t\t`admin_pass`,\n\t\t\t\t\t`admin_type`,\n\t\t\t\t\t`domain_created`,\n\t\t\t\t\t`created_by`,\n\t\t\t\t\t`fname`,\n\t\t\t\t\t`lname`,\n\t\t\t\t\t`firm`,\n\t\t\t\t\t`zip`,\n\t\t\t\t\t`city`,\n\t\t\t\t\t`state`,\n\t\t\t\t\t`country`,\n\t\t\t\t\t`email`,\n\t\t\t\t\t`phone`,\n\t\t\t\t\t`fax`,\n\t\t\t\t\t`street1`,\n\t\t\t\t\t`street2`,\n\t\t\t\t\t`gender`\n\t\t\t\t) VALUES (\n\t\t\t\t\t?,\n\t\t\t\t\t?,\n\t\t\t\t\t'reseller',\n\t\t\t\t\tunix_timestamp(),\n\t\t\t\t\t?,\n\t\t\t\t\t?,\n\t\t\t\t\t?,\n\t\t\t\t\t?,\n\t\t\t\t\t?,\n\t\t\t\t\t?,\n\t\t\t\t\t?,\n\t\t\t\t\t?,\n\t\t\t\t\t?,\n\t\t\t\t\t?,\n\t\t\t\t\t?,\n\t\t\t\t\t?,\n\t\t\t\t\t?,\n\t\t\t\t\t?\n\t\t\t\t)\n\t\t\t";
exec_query($sql, $query, array($username, $upass, $user_id, $fname, $lname, $firm, $zip, $city, $state, $country, $email, $phone, $fax, $street1, $street2, $gender));
$new_admin_id = $sql->insertId();
$user_logged = $_SESSION['user_logged'];
write_log("{$user_logged}: add reseller: {$username}");
// $user_def_lang = $cfg->USER_INITIAL_LANG;
$user_def_lang = '';
// $user_theme_color = $cfg->USER_INITIAL_THEME;
$user_theme_color = '';
$query = "\n\t\t\t\tINSERT INTO `user_gui_props`\n\t\t\t\t\t(\n\t\t\t\t\t`user_id`,\n\t\t\t\t\t`lang`,\n\t\t\t\t\t`layout`\n\t\t\t\t\t)\n\t\t\t\tVALUES\n\t\t\t\t\t(?, ?, ?)\n\t\t\t";
exec_query($sql, $query, array($new_admin_id, $user_def_lang, $user_theme_color));
/*
* 'reseller_props' table entry;
*/
$nreseller_max_domain_cnt = clean_input($_POST['nreseller_max_domain_cnt']);
$nreseller_max_subdomain_cnt = clean_input($_POST['nreseller_max_subdomain_cnt']);
$nreseller_max_alias_cnt = clean_input($_POST['nreseller_max_alias_cnt']);
$nreseller_max_mail_cnt = clean_input($_POST['nreseller_max_mail_cnt']);
$nreseller_max_ftp_cnt = clean_input($_POST['nreseller_max_ftp_cnt']);
$nreseller_max_sql_db_cnt = clean_input($_POST['nreseller_max_sql_db_cnt']);
$nreseller_max_sql_user_cnt = clean_input($_POST['nreseller_max_sql_user_cnt']);
$nreseller_max_traffic = clean_input($_POST['nreseller_max_traffic']);
$nreseller_max_disk = clean_input($_POST['nreseller_max_disk']);
$customer_id = clean_input($_POST['customer_id']);
$support_system = clean_input($_POST['support_system']);
$query = "\n\t\t\t\tINSERT INTO `reseller_props` (\n\t\t\t\t\t`reseller_id`, `reseller_ips`,\n\t\t\t\t\t`max_dmn_cnt`, `current_dmn_cnt`,\n\t\t\t\t\t`max_sub_cnt`, `current_sub_cnt`,\n\t\t\t\t\t`max_als_cnt`, `current_als_cnt`,\n\t\t\t\t\t`max_mail_cnt`, `current_mail_cnt`,\n\t\t\t\t\t`max_ftp_cnt`, `current_ftp_cnt`,\n\t\t\t\t\t`max_sql_db_cnt`, `current_sql_db_cnt`,\n\t\t\t\t\t`max_sql_user_cnt`, `current_sql_user_cnt`,\n\t\t\t\t\t`max_traff_amnt`, `current_traff_amnt`,\n\t\t\t\t\t`max_disk_amnt`, `current_disk_amnt`,\n\t\t\t\t\t`support_system`, `customer_id`\n\t\t\t\t) VALUES (\n\t\t\t\t\t?, ?,\n\t\t\t\t\t?, '0',\n\t\t\t\t\t?, '0',\n\t\t\t\t\t?, '0',\n\t\t\t\t\t?, '0',\n\t\t\t\t\t?, '0',\n\t\t\t\t\t?, '0',\n\t\t\t\t\t?, '0',\n\t\t\t\t\t?, '0',\n\t\t\t\t\t?, '0',\n\t\t\t\t\t?, ?\n\t\t\t\t)\n\t\t\t\t";
exec_query($sql, $query, array($new_admin_id, $reseller_ips, $nreseller_max_domain_cnt, $nreseller_max_subdomain_cnt, $nreseller_max_alias_cnt, $nreseller_max_mail_cnt, $nreseller_max_ftp_cnt, $nreseller_max_sql_db_cnt, $nreseller_max_sql_user_cnt, $nreseller_max_traffic, $nreseller_max_disk, $support_system, $customer_id));
send_add_user_auto_msg($user_id, clean_input($_POST['username']), $_POST['pass'], clean_input($_POST['email']), clean_input($_POST['fname']), clean_input($_POST['lname']), tr('Reseller'), $gender);
$_SESSION['reseller_added'] = 1;
user_goto('manage_users.php');
} else {
$tpl->assign(array('EMAIL' => clean_input($_POST['email'], true), 'USERNAME' => clean_input($_POST['username'], true), 'FIRST_NAME' => clean_input($_POST['fname'], true), 'CUSTOMER_ID' => clean_input($_POST['customer_id'], true), 'LAST_NAME' => clean_input($_POST['lname'], true), 'FIRM' => clean_input($_POST['firm'], true), 'ZIP' => clean_input($_POST['zip'], true), 'CITY' => clean_input($_POST['city'], true), 'STATE' => clean_input($_POST['state'], true), 'COUNTRY' => clean_input($_POST['country'], true), 'STREET_1' => clean_input($_POST['street1'], true), 'STREET_2' => clean_input($_POST['street2'], true), 'PHONE' => clean_input($_POST['phone'], true), 'FAX' => clean_input($_POST['fax'], true), 'VL_MALE' => $_POST['gender'] == 'M' ? $cfg->HTML_SELECTED : '', 'VL_FEMALE' => $_POST['gender'] == 'F' ? $cfg->HTML_SELECTED : '', 'VL_UNKNOWN' => $_POST['gender'] == 'U' || empty($_POST['gender']) ? $cfg->HTML_SELECTED : '', 'MAX_DOMAIN_COUNT' => clean_input($_POST['nreseller_max_domain_cnt'], true), 'MAX_SUBDOMAIN_COUNT' => clean_input($_POST['nreseller_max_subdomain_cnt'], true), 'MAX_ALIASES_COUNT' => clean_input($_POST['nreseller_max_alias_cnt'], true), 'MAX_MAIL_USERS_COUNT' => clean_input($_POST['nreseller_max_mail_cnt'], true), 'MAX_FTP_USERS_COUNT' => clean_input($_POST['nreseller_max_ftp_cnt'], true), 'MAX_SQLDB_COUNT' => clean_input($_POST['nreseller_max_sql_db_cnt'], true), 'MAX_SQL_USERS_COUNT' => clean_input($_POST['nreseller_max_sql_user_cnt'], true), 'MAX_TRAFFIC_AMOUNT' => clean_input($_POST['nreseller_max_traffic'], true), 'MAX_DISK_AMOUNT' => clean_input($_POST['nreseller_max_disk'], true), 'SUPPORT_SYSTEM_YES' => $_POST['support_system'] == 'yes' ? $cfg->HTML_SELECTED : '', 'SUPPORT_SYSTEM_NO' => $_POST['support_system'] == 'no' ? $cfg->HTML_SELECTED : '', 'SUPPORT_SYSTEM' => clean_input($_POST['support_system'], true)));
}
} else {
$tpl->assign(array('EMAIL' => '', 'USERNAME' => '', 'FIRST_NAME' => '', 'CUSTOMER_ID' => '', 'LAST_NAME' => '', 'FIRM' => '', 'ZIP' => '', 'CITY' => '', 'STATE' => '', 'COUNTRY' => '', 'STREET_1' => '', 'STREET_2' => '', 'PHONE' => '', 'FAX' => '', 'VL_MALE' => '', 'VL_FEMALE' => '', 'VL_UNKNOWN' => $cfg->HTML_SELECTED, 'MAX_DOMAIN_COUNT' => '', 'MAX_SUBDOMAIN_COUNT' => '', 'MAX_ALIASES_COUNT' => '', 'MAX_MAIL_USERS_COUNT' => '', 'MAX_FTP_USERS_COUNT' => '', 'MAX_SQLDB_COUNT' => '', 'MAX_SQL_USERS_COUNT' => '', 'MAX_TRAFFIC_AMOUNT' => '', 'MAX_DISK_AMOUNT' => '', 'SUPPORT_SYSTEM_YES' => $cfg->HTML_SELECTED, 'SUPPORT_SYSTEM_NO' => ''));
}
}
function update_password()
{
$cfg = EasySCP_Registry::get('Config');
$sql = EasySCP_Registry::get('Db');
if (isset($_POST['uaction']) && $_POST['uaction'] === 'updt_pass') {
if (empty($_POST['pass']) || empty($_POST['pass_rep']) || empty($_POST['curr_pass'])) {
set_page_message(tr('Please fill up all data fields!'), 'warning');
} else {
if (!chk_password($_POST['pass'])) {
if ($cfg->PASSWD_STRONG) {
set_page_message(sprintf(tr('The password must be at least %s chars long and contain letters and numbers to be valid.'), $cfg->PASSWD_CHARS), 'warning');
} else {
set_page_message(sprintf(tr('Password data is shorter than %s signs or includes not permitted signs!'), $cfg->PASSWD_CHARS), 'warning');
}
} else {
if ($_POST['pass'] !== $_POST['pass_rep']) {
set_page_message(tr('Passwords do not match!'), 'warning');
} else {
if (check_udata($_SESSION['user_id'], $_POST['curr_pass']) === false) {
set_page_message(tr('The current password is wrong!'), 'warning');
} else {
$upass = crypt_user_pass($_POST['pass']);
$_SESSION['user_pass'] = $upass;
$user_id = $_SESSION['user_id'];
$query = "\n\t\t\t\tUPDATE\n\t\t\t\t\t`admin`\n\t\t\t\tSET\n\t\t\t\t\t`admin_pass` = ?\n\t\t\t\tWHERE\n\t\t\t\t\t`admin_id` = ?\n\t\t\t";
exec_query($sql, $query, array($upass, $user_id));
set_page_message(tr('User password updated successfully!'), 'success');
}
}
}
}
}
}
function update_password()
{
global $sql;
if (isset($_POST['uaction']) && $_POST['uaction'] === 'updt_pass') {
if (!vhcs_password_check($_POST['pass'], 20)) {
set_page_message(tr('Incorrect password range or syntax!'));
} else {
if ($_POST['pass'] === '' || $_POST['pass_rep'] === '') {
set_page_message(tr('Please fill up both data fields!'));
} else {
if ($_POST['pass'] !== $_POST['pass_rep']) {
set_page_message(tr('Passwords does not match!'));
} else {
$upass = crypt_user_pass($_POST['pass']);
$user_id = $_SESSION['user_id'];
$query = <<<SQL_QUERY
update
admin
set
admin_pass = ?
where
admin_id = ?
SQL_QUERY;
$rs = exec_query($sql, $query, array($upass, $user_id));
set_page_message(tr('User password updated successfully!'));
}
}
}
}
}
/**
* @param EasySCP_TemplateEngine $tpl
*/
function add_user($tpl)
{
$cfg = EasySCP_Registry::get('Config');
$sql = EasySCP_Registry::get('Db');
if (isset($_POST['uaction']) && $_POST['uaction'] === 'add_user') {
if (check_user_data()) {
$upass = crypt_user_pass($_POST['pass']);
$user_id = $_SESSION['user_id'];
$username = clean_input($_POST['username']);
$fname = clean_input($_POST['fname']);
$lname = clean_input($_POST['lname']);
$gender = clean_input($_POST['gender']);
$firm = clean_input($_POST['firm']);
$zip = clean_input($_POST['zip']);
$city = clean_input($_POST['city']);
$state = clean_input($_POST['state']);
$country = clean_input($_POST['country']);
$email = clean_input($_POST['email']);
$phone = clean_input($_POST['phone']);
$fax = clean_input($_POST['fax']);
$street1 = clean_input($_POST['street1']);
$street2 = clean_input($_POST['street2']);
if (get_gender_by_code($gender, true) === null) {
$gender = '';
}
$query = "\n\t\t\t\tINSERT INTO `admin`\n\t\t\t\t\t(\n\t\t\t\t\t\t`admin_name`,\n\t\t\t\t\t\t`admin_pass`,\n\t\t\t\t\t\t`admin_type`,\n\t\t\t\t\t\t`domain_created`,\n\t\t\t\t\t\t`created_by`,\n\t\t\t\t\t\t`fname`,\n\t\t\t\t\t\t`lname`,\n\t\t\t\t\t\t`firm`,\n\t\t\t\t\t\t`zip`,\n\t\t\t\t\t\t`city`,\n\t\t\t\t\t\t`state`,\n\t\t\t\t\t\t`country`,\n\t\t\t\t\t\t`email`,\n\t\t\t\t\t\t`phone`,\n\t\t\t\t\t\t`fax`,\n\t\t\t\t\t\t`street1`,\n\t\t\t\t\t\t`street2`,\n\t\t\t\t\t\t`gender`\n\t\t\t\t\t) VALUES (\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t'admin',\n\t\t\t\t\t\tunix_timestamp(),\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?\n\t\t\t\t\t)\n\t\t\t";
exec_query($sql, $query, array($username, $upass, $user_id, $fname, $lname, $firm, $zip, $city, $state, $country, $email, $phone, $fax, $street1, $street2, $gender));
$new_admin_id = $sql->insertId();
$user_logged = $_SESSION['user_logged'];
write_log("{$user_logged}: add admin: {$username}");
$user_def_lang = $_SESSION['user_def_lang'];
$user_theme_color = $_SESSION['user_theme'];
$query = "\n\t\t\t\tINSERT INTO `user_gui_props` (\n\t\t\t\t\t`user_id`,\n\t\t\t\t\t`lang`,\n\t\t\t\t\t`layout`\n\t\t\t\t) VALUES (?,?,?)\n\t\t\t";
exec_query($sql, $query, array($new_admin_id, $user_def_lang, $user_theme_color));
send_add_user_auto_msg($user_id, clean_input($_POST['username']), clean_input($_POST['pass']), clean_input($_POST['email']), clean_input($_POST['fname']), clean_input($_POST['lname']), tr('Administrator'), $gender);
$_SESSION['user_added'] = 1;
user_goto('manage_users.php');
} else {
// check user data
$tpl->assign(array('EMAIL' => clean_input($_POST['email'], true), 'USERNAME' => clean_input($_POST['username'], true), 'FIRST_NAME' => clean_input($_POST['fname'], true), 'LAST_NAME' => clean_input($_POST['lname'], true), 'FIRM' => clean_input($_POST['firm'], true), 'ZIP' => clean_input($_POST['zip'], true), 'CITY' => clean_input($_POST['city'], true), 'STATE' => clean_input($_POST['state'], true), 'COUNTRY' => clean_input($_POST['country'], true), 'STREET_1' => clean_input($_POST['street1'], true), 'STREET_2' => clean_input($_POST['street2'], true), 'PHONE' => clean_input($_POST['phone'], true), 'FAX' => clean_input($_POST['fax'], true), 'VL_MALE' => $_POST['gender'] == 'M' ? $cfg->HTML_SELECTED : '', 'VL_FEMALE' => $_POST['gender'] == 'F' ? $cfg->HTML_SELECTED : '', 'VL_UNKNOWN' => $_POST['gender'] == 'U' || empty($_POST['gender']) ? $cfg->HTML_SELECTED : ''));
}
} else {
$tpl->assign(array('EMAIL' => '', 'USERNAME' => '', 'FIRST_NAME' => '', 'LAST_NAME' => '', 'FIRM' => '', 'ZIP' => '', 'CITY' => '', 'STATE' => '', 'COUNTRY' => '', 'STREET_1' => '', 'STREET_2' => '', 'PHONE' => '', 'FAX' => '', 'VL_MALE' => '', 'VL_FEMALE' => '', 'VL_UNKNOWN' => $cfg->HTML_SELECTED));
}
// end else
}
function update_data(&$sql)
{
global $edit_id;
if (isset($_POST['uaction']) && $_POST['uaction'] === 'edit_user') {
if (check_user_data()) {
$user_id = $_SESSION['user_id'];
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$firm = $_POST['firm'];
$zip = $_POST['zip'];
$city = $_POST['city'];
$country = $_POST['country'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$fax = $_POST['fax'];
$street1 = $_POST['street1'];
$street2 = $_POST['street2'];
if ($_POST['pass'] == '') {
$query = <<<SQL_QUERY
update
admin
set
fname = ?,
lname = ?,
firm = ?,
zip = ?,
city = ?,
country = ?,
email = ?,
phone = ?,
fax = ?,
street1 = ?,
street2 = ?
where
admin_id= ?
SQL_QUERY;
$rs = exec_query($sql, $query, array($fname, $lname, $firm, $zip, $city, $country, $email, $phone, $fax, $street1, $street2, $edit_id));
} else {
$edit_id = $_POST['edit_id'];
if (chk_password($_POST['pass'])) {
set_page_message(tr("Incorrect password range or syntax!"));
header("Location: edit_user.php?edit_id={$edit_id}");
die;
}
if ($_POST['pass'] != $_POST['pass_rep']) {
set_page_message(tr("Entered passwords does not match!"));
header("Location: edit_user.php?edit_id={$edit_id}");
die;
}
$upass = crypt_user_pass($_POST['pass']);
$query = <<<SQL_QUERY
update
admin
set
admin_pass = ?,
fname = ?,
lname = ?,
firm = ?,
zip = ?,
city = ?,
country = ?,
email = ?,
phone = ?,
fax = ?,
street1 = ?,
street2 = ?
where
admin_id = ?
SQL_QUERY;
$rs = exec_query($sql, $query, array($upass, $fname, $lname, $firm, $zip, $city, $country, $email, $phone, $fax, $street1, $street2, $edit_id));
}
$edit_username = $_POST['edit_username'];
$user_logged = $_SESSION['user_logged'];
write_log("{$user_logged}: change data/password for {$edit_username}!");
$_SESSION['user_updated'] = 1;
header("Location: manage_users.php");
die;
}
}
}
/**
* Save data for new user in db
*/
function add_user_data($reseller_id)
{
global $hpid, $dmn_name, $dmn_expire, $dmn_user_name, $admin_login, $user_email, $customer_id, $first_name, $last_name, $gender, $firm, $zip, $city, $state, $country, $street_one, $street_two, $phone, $fax, $inpass, $domain_ip, $dns, $backup, $countbackup;
$sql = EasySCP_Registry::get('Db');
$cfg = EasySCP_Registry::get('Config');
// Let's get Desired Hosting Plan Data;
$err_msg = '';
if (!empty($err_msg)) {
set_page_message($err_msg, 'error');
return false;
}
if (isset($_SESSION["ch_hpprops"])) {
$props = $_SESSION["ch_hpprops"];
unset($_SESSION["ch_hpprops"]);
} else {
if (isset($cfg->HOSTING_PLANS_LEVEL) && $cfg->HOSTING_PLANS_LEVEL === 'admin') {
$query = 'SELECT `props` FROM `hosting_plans` WHERE `id` = ?';
$res = exec_query($sql, $query, $hpid);
} else {
$query = "SELECT `props` FROM `hosting_plans` WHERE `reseller_id` = ? AND `id` = ?";
$res = exec_query($sql, $query, array($reseller_id, $hpid));
}
$data = $res->fetchRow();
$props = unserialize($data['props']);
}
$php = $props['allow_php'];
$phpe = $props['allow_php_editor'];
$cgi = $props['allow_cgi'];
$sub = $props['subdomain_cnt'];
$als = $props['alias_cnt'];
$mail = $props['mail_cnt'];
$ftp = $props['ftp_cnt'];
$sql_db = $props['db_cnt'];
$sql_user = $props['sqluser_cnt'];
$traff = $props['traffic'];
$disk = $props['disk'];
$backup = $props['allow_backup'];
$countbackup = $props['disk_countbackup'];
$dns = $props['allow_dns'];
$ssl = $props['allow_ssl'];
$php = preg_replace("/\\_/", "", $php);
$phpe = preg_replace("/\\_/", "", $phpe);
$cgi = preg_replace("/\\_/", "", $cgi);
$ssl = preg_replace("/\\_/", "", $ssl);
$backup = preg_replace("/\\_/", "", $backup);
$countbackup = preg_replace("/\\_/", "", $countbackup);
$dns = preg_replace("/\\_/", "", $dns);
$pure_user_pass = $inpass;
$inpass = crypt_user_pass($inpass);
$first_name = clean_input($first_name);
$last_name = clean_input($last_name);
$firm = clean_input($firm);
$zip = clean_input($zip);
$city = clean_input($city);
$state = clean_input($state);
$country = clean_input($country);
$phone = clean_input($phone);
$fax = clean_input($fax);
$street_one = clean_input($street_one);
$street_two = clean_input($street_two);
$customer_id = clean_input($customer_id);
if (!validates_dname(decode_idna($dmn_user_name))) {
return;
}
$query = "\n\t\tINSERT INTO `admin` (\n\t\t\t`admin_name`, `admin_pass`, `admin_type`, `domain_created`,\n\t\t\t`created_by`, `fname`, `lname`,\n\t\t\t`firm`, `zip`, `city`, `state`,\n\t\t\t`country`, `email`, `phone`,\n\t\t\t`fax`, `street1`, `street2`,\n\t\t\t`customer_id`, `gender`\n\t\t)\n\t\tVALUES (\n\t\t\t?, ?, 'user', unix_timestamp(),\n\t\t\t?, ?, ?,\n\t\t\t?, ?, ?, ?,\n\t\t\t?, ?, ?,\n\t\t\t?, ?, ?,\n\t\t\t?, ?\n\t\t)\n\t";
exec_query($sql, $query, array($dmn_user_name, $inpass, $reseller_id, $first_name, $last_name, $firm, $zip, $city, $state, $country, $user_email, $phone, $fax, $street_one, $street_two, $customer_id, $gender));
print $sql->errorMsg();
$record_id = $sql->insertId();
$query = "\n\t\tINSERT INTO `domain` (\n\t\t\t`domain_name`, `domain_admin_id`,\n\t\t\t`domain_created_id`, `domain_created`, `domain_expires`,\n\t\t\t`domain_mailacc_limit`, `domain_ftpacc_limit`,\n\t\t\t`domain_traffic_limit`, `domain_sqld_limit`,\n\t\t\t`domain_sqlu_limit`, `status`,\n\t\t\t`domain_subd_limit`, `domain_alias_limit`,\n\t\t\t`domain_ip_id`, `domain_disk_limit`,\n\t\t\t`domain_disk_usage`, `domain_php`, `domain_php_edit`, `domain_cgi`,\n\t\t\t`allowbackup`, `domain_dns`, `domain_ssl`, `domain_disk_countbackup`\n\t\t)\n\t\tVALUES (\n\t\t\t:domain_name, :domain_admin_id,\n\t\t\t:domain_created_id, unix_timestamp(), :domain_expires,\n\t\t\t:domain_mailacc_limit, :domain_ftpacc_limit,\n\t\t\t:domain_traffic_limit, :domain_sqld_limit,\n\t\t\t:domain_sqlu_limit, :status,\n\t\t\t:domain_subd_limit, :domain_alias_limit,\n\t\t\t:domain_ip_id, :domain_disk_limit,\n\t\t\t'0', :domain_php, :domain_php_edit, :domain_cgi,\n\t\t\t:allowbackup, :domain_dns, :domain_ssl, :domain_disk_countbackup\n\t\t)\n\t";
$param = array(':domain_name' => $dmn_name, ':domain_admin_id' => $record_id, ':domain_created_id' => $reseller_id, ':domain_expires' => $dmn_expire, ':domain_mailacc_limit' => $mail, ':domain_ftpacc_limit' => $ftp, ':domain_traffic_limit' => $traff, ':domain_sqld_limit' => $sql_db, ':domain_sqlu_limit' => $sql_user, ':status' => $cfg->ITEM_ADD_STATUS, ':domain_subd_limit' => $sub, ':domain_alias_limit' => $als, ':domain_ip_id' => $domain_ip, ':domain_disk_limit' => $disk, ':domain_php' => $php, ':domain_php_edit' => $phpe, ':domain_cgi' => $cgi, ':allowbackup' => $backup, ':domain_dns' => $dns, ':domain_ssl' => $ssl, ':domain_disk_countbackup' => $countbackup);
DB::prepare($query);
DB::execute($param);
$dmn_id = DB::getInstance()->lastInsertId();
// AddDefaultDNSEntries($dmn_id, 0, $dmn_name, $domain_ip);
// TODO: Check if max user and group id is reached
// update domain and gid
$domain_gid = $cfg->APACHE_SUEXEC_MIN_GID + $dmn_id;
$domain_uid = $cfg->APACHE_SUEXEC_MIN_UID + $dmn_id;
$query = "\n\t\tUPDATE `domain`\n\t\tSET `domain_gid`=?,\n\t\t\t`domain_uid`=?\n\t\tWHERE `domain_id`=?\n\t";
exec_query($sql, $query, array($domain_gid, $domain_uid, $dmn_id));
// Add statistics group
$query = "\n\t\tINSERT INTO `htaccess_users`\n\t\t\t(`dmn_id`, `uname`, `upass`, `status`)\n\t\tVALUES\n\t\t\t(?, ?, ?, ?)\n\t";
exec_query($sql, $query, array($dmn_id, $dmn_name, crypt_user_pass_with_salt($pure_user_pass), $cfg->ITEM_ADD_STATUS));
$user_id = $sql->insertId();
$query = "\n\t\tINSERT INTO `htaccess_groups`\n\t\t\t(`dmn_id`, `ugroup`, `members`, `status`)\n\t\tVALUES\n\t\t\t(?, ?, ?, ?)\n\t";
exec_query($sql, $query, array($dmn_id, $cfg->AWSTATS_GROUP_AUTH, $user_id, $cfg->ITEM_ADD_STATUS));
// Create the 3 default addresses if wanted
if ($cfg->CREATE_DEFAULT_EMAIL_ADDRESSES) {
client_mail_add_default_accounts($dmn_id, $user_email, $dmn_name);
// 'domain', 0
}
// let's send mail to user
send_add_user_auto_msg($reseller_id, $dmn_user_name, $pure_user_pass, $user_email, $first_name, $last_name, tr('Domain account'));
// $user_def_lang = $cfg->USER_INITIAL_LANG;
$user_def_lang = '';
// $user_theme_color = $cfg->USER_INITIAL_THEME;
$user_theme_color = '';
$query = "\n\t\tINSERT INTO `user_gui_props`\n\t\t\t(`user_id`, `lang`, `layout`)\n\t\tVALUES\n\t\t\t(?, ?, ?)\n\t";
exec_query($sql, $query, array($record_id, $user_def_lang, $user_theme_color));
// send request to daemon
// TODO Prüfen, da es hier zu einem Fehler kommt ("Domain data has been altered. Please enter again.")
send_request('110 DOMAIN domain ' . $dmn_id);
send_request('130 MAIL ' . $dmn_id);
$admin_login = $_SESSION['user_logged'];
write_log("{$admin_login}: add user: {$dmn_user_name} (for domain {$dmn_name})");
write_log("{$admin_login}: add domain: {$dmn_name}");
update_reseller_c_props($reseller_id);
if (isset($_POST['add_alias']) && $_POST['add_alias'] === 'on') {
// we have to add some aliases for this looser
$_SESSION['dmn_id'] = $dmn_id;
$_SESSION['dmn_ip'] = $domain_ip;
$_SESSION['user_add3_add_alias'] = "_yes_";
user_goto('user_add4.php?accout=' . $dmn_id);
} else {
// we have not to add alias
$_SESSION['user_add3_added'] = "_yes_";
user_goto('users.php?psi=last');
}
}
function update_reseller(&$sql)
{
global $edit_id, $reseller_ips;
if (isset($_POST['uaction']) && $_POST['uaction'] === 'update_reseller') {
$user_id = $_SESSION['user_id'];
if (check_user_data()) {
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$firm = $_POST['firm'];
$zip = $_POST['zip'];
$city = $_POST['city'];
$country = $_POST['country'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$fax = $_POST['fax'];
$street1 = $_POST['street1'];
$street2 = $_POST['street2'];
if ($_POST['pass'] == '') {
$query = <<<SQL_QUERY
update
admin
set
fname = ?,
lname = ?,
firm = ?,
zip = ?,
city = ?,
country = ?,
email = ?,
phone = ?,
fax = ?,
street1 = ?,
street2 = ?
where
admin_id = ?
SQL_QUERY;
$rs = exec_query($sql, $query, array($fname, $lname, $firm, $zip, $city, $country, $email, $phone, $fax, $street1, $street2, $edit_id));
} else {
$upass = crypt_user_pass($_POST['pass']);
$query = <<<SQL_QUERY
update
admin
set
admin_pass = ?,
fname = ?,
lname = ?,
firm = ?,
zip = ?,
city = ?,
country = ?,
email = ?,
phone = ?,
fax = ?,
street1 = ?,
street2 = ?
where
admin_id = ?
SQL_QUERY;
$rs = exec_query($sql, $query, array($upass, $fname, $lname, $firm, $zip, $city, $country, $email, $phone, $fax, $street1, $street2, $edit_id));
}
$nreseller_max_domain_cnt = $_POST['nreseller_max_domain_cnt'];
$nreseller_max_subdomain_cnt = $_POST['nreseller_max_subdomain_cnt'];
$nreseller_max_alias_cnt = $_POST['nreseller_max_alias_cnt'];
$nreseller_max_mail_cnt = $_POST['nreseller_max_mail_cnt'];
$nreseller_max_ftp_cnt = $_POST['nreseller_max_ftp_cnt'];
$nreseller_max_sql_db_cnt = $_POST['nreseller_max_sql_db_cnt'];
$nreseller_max_sql_user_cnt = $_POST['nreseller_max_sql_user_cnt'];
$nreseller_max_traffic = $_POST['nreseller_max_traffic'];
$nreseller_max_disk = $_POST['nreseller_max_disk'];
$customer_id = $_POST['customer_id'];
$query = <<<SQL_QUERY
update reseller_props
set
reseller_ips = ?,
max_dmn_cnt = ?,
max_sub_cnt = ?,
max_als_cnt = ?,
max_mail_cnt = ?,
max_ftp_cnt = ?,
max_sql_db_cnt = ?,
max_sql_user_cnt = ?,
max_traff_amnt = ?,
max_disk_amnt = ?,
customer_id = ?
where
reseller_id = ?
SQL_QUERY;
$rs = exec_query($sql, $query, array($reseller_ips, $nreseller_max_domain_cnt, $nreseller_max_subdomain_cnt, $nreseller_max_alias_cnt, $nreseller_max_mail_cnt, $nreseller_max_ftp_cnt, $nreseller_max_sql_db_cnt, $nreseller_max_sql_user_cnt, $nreseller_max_traffic, $nreseller_max_disk, $customer_id, $edit_id));
$edit_username = $_POST['edit_username'];
$user_logged = $_SESSION['user_logged'];
write_log("{$user_logged}: change data/password for reseller -> {$edit_username}!");
$_SESSION['user_updated'] = 1;
$_SESSION['reseller_ips'] = $reseller_ips;
header("Location: manage_users.php");
die;
} else {
}
}
}
function add_reseller(&$tpl, &$sql)
{
global $reseller_ips;
if (isset($_POST['uaction']) && $_POST['uaction'] === 'add_reseller') {
if (check_user_data()) {
$upass = crypt_user_pass($_POST['pass']);
$user_id = $_SESSION['user_id'];
$username = $_POST['username'];
$fname = htmlspecialchars($_POST['fname'], ENT_QUOTES, "UTF-8");
$lname = htmlspecialchars($_POST['lname'], ENT_QUOTES, "UTF-8");
$firm = htmlspecialchars($_POST['firm'], ENT_QUOTES, "UTF-8");
$zip = htmlspecialchars($_POST['zip'], ENT_QUOTES, "UTF-8");
$city = htmlspecialchars($_POST['city'], ENT_QUOTES, "UTF-8");
$country = htmlspecialchars($_POST['country'], ENT_QUOTES, "UTF-8");
$email = htmlspecialchars($_POST['email'], ENT_QUOTES, "UTF-8");
$phone = htmlspecialchars($_POST['phone'], ENT_QUOTES, "UTF-8");
$fax = htmlspecialchars($_POST['fax'], ENT_QUOTES, "UTF-8");
$street1 = htmlspecialchars($_POST['street1'], ENT_QUOTES, "UTF-8");
$street2 = htmlspecialchars($_POST['street2'], ENT_QUOTES, "UTF-8");
$query = <<<SQL_QUERY
insert into admin
(
admin_name,
admin_pass,
admin_type,
domain_created,
created_by,
fname,
lname,
firm,
zip,
city,
country,
email,
phone,
fax,
street1,
street2
)
values
(
?,
?,
'reseller',
unix_timestamp(),
?,
?,
?,
?,
?,
?,
?,
?,
?,
?,
?,
?
)
SQL_QUERY;
$rs = exec_query($sql, $query, array($username, $upass, $user_id, $fname, $lname, $firm, $zip, $city, $country, $email, $phone, $fax, $street1, $street2));
$new_admin_id = $sql->Insert_ID();
insert_email_tpl($sql, $new_admin_id);
$user_logged = $_SESSION['user_logged'];
write_log("{$user_logged} : add reseller -> {$username}");
$user_def_lang = $_SESSION['user_def_lang'];
$user_theme_color = $_SESSION['user_theme_color'];
$user_logo = 0;
$query = <<<SQL_QUERY
insert into user_gui_props
(
user_id,
lang,
layout,
logo
)
values
(
?, ?, ?, ?
)
SQL_QUERY;
$rs = exec_query($sql, $query, array($new_admin_id, $user_def_lang, $user_theme_color, $user_logo));
/*
* 'reseller_props' table entry;
*/
$nreseller_max_domain_cnt = $_POST['nreseller_max_domain_cnt'];
$nreseller_max_subdomain_cnt = $_POST['nreseller_max_subdomain_cnt'];
$nreseller_max_alias_cnt = $_POST['nreseller_max_alias_cnt'];
$nreseller_max_mail_cnt = $_POST['nreseller_max_mail_cnt'];
$nreseller_max_ftp_cnt = $_POST['nreseller_max_ftp_cnt'];
$nreseller_max_sql_db_cnt = $_POST['nreseller_max_sql_db_cnt'];
$nreseller_max_sql_user_cnt = $_POST['nreseller_max_sql_user_cnt'];
$nreseller_max_traffic = $_POST['nreseller_max_traffic'];
$nreseller_max_disk = $_POST['nreseller_max_disk'];
$customer_id = $_POST['customer_id'];
$query = <<<SQL_QUERY
insert into reseller_props
(
reseller_id, reseller_ips,
max_dmn_cnt, current_dmn_cnt,
max_sub_cnt, current_sub_cnt,
max_als_cnt, current_als_cnt,
max_mail_cnt, current_mail_cnt,
max_ftp_cnt, current_ftp_cnt,
max_sql_db_cnt, current_sql_db_cnt,
max_sql_user_cnt, current_sql_user_cnt,
max_traff_amnt, current_traff_amnt,
max_disk_amnt, current_disk_amnt,
customer_id
)
values
(
?, ?,
?, '0',
?, '0',
?, '0',
?, '0',
?, '0',
?, '0',
?, '0',
?, '0',
?, '0',
?
)
SQL_QUERY;
$rs = exec_query($sql, $query, array($new_admin_id, $reseller_ips, $nreseller_max_domain_cnt, $nreseller_max_subdomain_cnt, $nreseller_max_alias_cnt, $nreseller_max_mail_cnt, $nreseller_max_ftp_cnt, $nreseller_max_sql_db_cnt, $nreseller_max_sql_user_cnt, $nreseller_max_traffic, $nreseller_max_disk, $customer_id));
send_add_user_auto_msg($user_id, $_POST['username'], $_POST['pass'], $_POST['email'], htmlspecialchars($_POST['fname'], ENT_QUOTES, "UTF-8"), htmlspecialchars($_POST['lname'], ENT_QUOTES, "UTF-8"), tr('Reseller'));
$_SESSION['reseller_added'] = 1;
header("Location: manage_users.php");
die;
} else {
$tpl->assign(array('EMAIL' => $_POST['email'], 'USERNAME' => $_POST['username'], 'FIRST_NAME' => $_POST['fname'], 'CUSTOMER_ID' => $_POST['customer_id'], 'LAST_NAME' => $_POST['lname'], 'FIRM' => $_POST['firm'], 'ZIP' => $_POST['zip'], 'CITY' => $_POST['city'], 'COUNTRY' => $_POST['country'], 'STREET_1' => $_POST['street1'], 'STREET_2' => $_POST['street2'], 'PHONE' => $_POST['phone'], 'FAX' => $_POST['fax'], 'MAX_DOMAIN_COUNT' => $_POST['nreseller_max_domain_cnt'], 'MAX_SUBDOMAIN_COUNT' => $_POST['nreseller_max_subdomain_cnt'], 'MAX_ALIASES_COUNT' => $_POST['nreseller_max_alias_cnt'], 'MAX_MAIL_USERS_COUNT' => $_POST['nreseller_max_mail_cnt'], 'MAX_FTP_USERS_COUNT' => $_POST['nreseller_max_ftp_cnt'], 'MAX_SQLDB_COUNT' => $_POST['nreseller_max_sql_db_cnt'], 'MAX_SQL_USERS_COUNT' => $_POST['nreseller_max_sql_user_cnt'], 'MAX_TRAFFIC_AMOUNT' => $_POST['nreseller_max_traffic'], 'MAX_DISK_AMOUNT' => $_POST['nreseller_max_disk']));
}
} else {
$tpl->assign(array('EMAIL' => '', 'USERNAME' => '', 'FIRST_NAME' => '', 'CUSTOMER_ID' => '', 'LAST_NAME' => '', 'FIRM' => '', 'ZIP' => '', 'CITY' => '', 'COUNTRY' => '', 'STREET_1' => '', 'STREET_2' => '', 'PHONE' => '', 'FAX' => '', 'MAX_DOMAIN_COUNT' => '', 'MAX_SUBDOMAIN_COUNT' => '', 'MAX_ALIASES_COUNT' => '', 'MAX_MAIL_USERS_COUNT' => '', 'MAX_FTP_USERS_COUNT' => '', 'MAX_SQLDB_COUNT' => '', 'MAX_SQL_USERS_COUNT' => '', 'MAX_TRAFFIC_AMOUNT' => '', 'MAX_DISK_AMOUNT' => ''));
}
}
function add_user(&$tpl, &$sql)
{
if (isset($_POST['uaction']) && $_POST['uaction'] === 'add_user') {
if (check_user_data()) {
$upass = crypt_user_pass($_POST['pass']);
$user_id = $_SESSION['user_id'];
$username = $_POST['username'];
$fname = htmlspecialchars($_POST['fname'], ENT_QUOTES, "UTF-8");
$lname = htmlspecialchars($_POST['lname'], ENT_QUOTES, "UTF-8");
$firm = htmlspecialchars($_POST['firm'], ENT_QUOTES, "UTF-8");
$zip = htmlspecialchars($_POST['zip'], ENT_QUOTES, "UTF-8");
$city = htmlspecialchars($_POST['city'], ENT_QUOTES, "UTF-8");
$country = htmlspecialchars($_POST['country'], ENT_QUOTES, "UTF-8");
$email = htmlspecialchars($_POST['email'], ENT_QUOTES, "UTF-8");
$phone = htmlspecialchars($_POST['phone'], ENT_QUOTES, "UTF-8");
$fax = htmlspecialchars($_POST['fax'], ENT_QUOTES, "UTF-8");
$street1 = htmlspecialchars($_POST['street1'], ENT_QUOTES, "UTF-8");
$street2 = htmlspecialchars($_POST['street2'], ENT_QUOTES, "UTF-8");
$query = <<<SQL_QUERY
insert into
admin
(
admin_name,
admin_pass,
admin_type,
domain_created,
created_by,
fname,
lname,
firm,
zip,
city,
country,
email,
phone,
fax,
street1,
street2
)
values
(
?,
?,
'admin',
unix_timestamp(),
?,
?,
?,
?,
?,
?,
?,
?,
?,
?,
?,
?
)
SQL_QUERY;
$rs = exec_query($sql, $query, array($username, $upass, $user_id, $fname, $lname, $firm, $zip, $city, $country, $email, $phone, $fax, $street1, $street2));
$new_admin_id = $sql->Insert_ID();
$user_logged = $_SESSION['user_logged'];
write_log("{$user_logged} : add admin -> {$username}");
insert_email_tpl($sql, $new_admin_id);
$user_def_lang = $_SESSION['user_def_lang'];
$user_theme_color = $_SESSION['user_theme_color'];
$user_logo = 0;
$query = <<<SQL_QUERY
insert into
user_gui_props
(
user_id,
lang,
layout,
logo
)
values
(
?,?,?,?
)
SQL_QUERY;
$rs = exec_query($sql, $query, array($new_admin_id, $user_def_lang, $user_theme_color, $user_logo));
send_add_user_auto_msg($user_id, $_POST['username'], $_POST['pass'], $_POST['email'], $_POST['fname'], $_POST['lname'], tr('Administrator'));
$_SESSION['user_added'] = 1;
header("Location: manage_users.php");
die;
} else {
$tpl->assign(array('EMAIL' => $_POST['email'], 'USERNAME' => $_POST['username'], 'FIRST_NAME' => $_POST['fname'], 'LAST_NAME' => $_POST['lname'], 'FIRM' => $_POST['firm'], 'ZIP' => $_POST['zip'], 'CITY' => $_POST['city'], 'COUNTRY' => $_POST['country'], 'STREET_1' => $_POST['street1'], 'STREET_2' => $_POST['street2'], 'PHONE' => $_POST['phone'], 'FAX' => $_POST['fax']));
}
} else {
$tpl->assign(array('EMAIL' => '', 'USERNAME' => '', 'FIRST_NAME' => '', 'LAST_NAME' => '', 'FIRM' => '', 'ZIP' => '', 'CITY' => '', 'COUNTRY' => '', 'STREET_1' => '', 'STREET_2' => '', 'PHONE' => '', 'FAX' => ''));
}
// else
}
/**
* Function to update changes into db
*/
function update_data_in_db($hpid)
{
global $dmn_user_name, $user_email, $customer_id, $first_name, $last_name, $firm, $zip, $gender, $city, $state, $country, $street_one, $street_two, $phone, $fax, $inpass, $admin_login;
$sql = EasySCP_Registry::get('Db');
$cfg = EasySCP_Registry::get('Config');
$reseller_id = $_SESSION['user_id'];
$first_name = clean_input($first_name);
$last_name = clean_input($last_name);
$firm = clean_input($firm);
$gender = clean_input($gender);
$zip = clean_input($zip);
$city = clean_input($city);
$state = clean_input($state);
$country = clean_input($country);
$phone = clean_input($phone);
$fax = clean_input($fax);
$street_one = clean_input($street_one);
$street_two = clean_input($street_two);
if (empty($inpass)) {
// Save without password
$query = "\n\t\t\tUPDATE\n\t\t\t\t`admin`\n\t\t\tSET\n\t\t\t\t`fname` = ?,\n\t\t\t\t`lname` = ?,\n\t\t\t\t`firm` = ?,\n\t\t\t\t`zip` = ?,\n\t\t\t\t`city` = ?,\n\t\t\t\t`state` = ?,\n\t\t\t\t`country` = ?,\n\t\t\t\t`email` = ?,\n\t\t\t\t`phone` = ?,\n\t\t\t\t`fax` = ?,\n\t\t\t\t`street1` = ?,\n\t\t\t\t`street2` = ?,\n\t\t\t\t`gender` = ?,\n\t\t\t\t`customer_id` = ?\n\t\t\tWHERE\n\t\t\t\t`admin_id` = ?\n\t\t\tAND\n\t\t\t\t`created_by` = ?\n\t\t";
exec_query($sql, $query, array($first_name, $last_name, $firm, $zip, $city, $state, $country, $user_email, $phone, $fax, $street_one, $street_two, $gender, $customer_id, $hpid, $reseller_id));
} else {
// Change password
if (!chk_password($_POST['userpassword'])) {
if (isset($cfg->PASSWD_STRONG)) {
set_page_message(sprintf(tr('The password must be at least %s chars long and contain letters and numbers to be valid.'), $cfg->PASSWD_CHARS), 'warning');
} else {
set_page_message(sprintf(tr('Password data is shorter than %s signs or includes not permitted signs!'), $cfg->PASSWD_CHARS), 'warning');
}
user_goto('user_edit.php?edit_id=' . $hpid);
}
if ($_POST['userpassword'] != $_POST['userpassword_repeat']) {
set_page_message(tr('Entered passwords do not match!'), 'warning');
user_goto('user_edit.php?edit_id=' . $hpid);
}
$pure_user_pass = $inpass;
$inpass = crypt_user_pass($inpass);
$query = "\n\t\t\tUPDATE\n\t\t\t\t`admin`\n\t\t\tSET\n\t\t\t\t`admin_pass` = ?,\n\t\t\t\t`fname` = ?,\n\t\t\t\t`lname` = ?,\n\t\t\t\t`firm` = ?,\n\t\t\t\t`zip` = ?,\n\t\t\t\t`city` = ?,\n\t\t\t\t`state` = ?,\n\t\t\t\t`country` = ?,\n\t\t\t\t`email` = ?,\n\t\t\t\t`phone` = ?,\n\t\t\t\t`fax` = ?,\n\t\t\t\t`street1` = ?,\n\t\t\t\t`street2` = ?,\n\t\t\t\t`gender` = ?,\n\t\t\t\t`customer_id` = ?\n\t\t\tWHERE\n\t\t\t\t`admin_id` = ?\n\t\t\tAND\n\t\t\t\t`created_by` = ?\n\t\t";
exec_query($sql, $query, array($inpass, $first_name, $last_name, $firm, $zip, $city, $state, $country, $user_email, $phone, $fax, $street_one, $street_two, $gender, $customer_id, $hpid, $reseller_id));
// Kill any existing session of the edited user
$admin_name = get_user_name($hpid);
$query = "\n\t\t\tDELETE FROM\n\t\t\t\t`login`\n\t\t\tWHERE\n\t\t\t\t`user_name` = ?\n\t\t";
$rs = exec_query($sql, $query, $admin_name);
if ($rs->recordCount() != 0) {
set_page_message(tr('User session was killed!'), 'info');
write_log($_SESSION['user_logged'] . " killed " . $admin_name . "'s session because of password change");
}
}
$admin_login = $_SESSION['user_logged'];
write_log("{$admin_login} changes data/password for {$dmn_user_name}!");
if (isset($_POST['send_data']) && !empty($inpass)) {
send_add_user_auto_msg($reseller_id, $dmn_user_name, $pure_user_pass, $user_email, $first_name, $last_name, tr('Domain account'));
}
unset($_SESSION['edit_ID']);
unset($_SESSION['user_name']);
$_SESSION['edit'] = "_yes_";
user_goto('users.php?psi=last');
}
/**
* Update the reseller additional data and properties
*
* @return void
*/
function update_reseller()
{
// Get needed data
$rdata =& get_data();
// Get database instance
$sql = EasySCP_Registry::get('Db');
/**
* Update reseller additional data
*/
$query = "\n\t\tUPDATE\n\t\t\t`admin`\n\t\tSET\n\t\t\t`fname` = ?, `lname` = ?, `firm` = ?, `zip` = ?,\n\t\t\t`city` = ?, `state` = ?, `country` = ?, `email` = ?,\n\t\t\t`phone` = ?, `fax` = ?, `street1` = ?, `street2` = ?,\n\t\t\t`gender` = ?\n\t\tWHERE\n\t\t\t`admin_id` = ?\n\t\t";
$qparams = array($rdata['fname'], $rdata['lname'], $rdata['firm'], $rdata['zip'], $rdata['city'], $rdata['state'], $rdata['country'], $rdata['email'], $rdata['phone'], $rdata['fax'], $rdata['street1'], $rdata['street2'], $rdata['gender'], $rdata['edit_id']);
if (!empty($_POST['pass0'])) {
$query = str_replace('`fname`', '`admin_pass` = ?, `fname`', $query);
array_unshift($qparams, crypt_user_pass($_POST['pass0']));
}
exec_query($sql, $query, $qparams);
/**
* Update reseller properties
*/
$query = "\n\t\tUPDATE\n\t\t\t`reseller_props`\n\t\tSET\n\t\t\t`reseller_ips` = ?, `max_dmn_cnt` = ?, `max_sub_cnt` = ?,\n\t\t\t`max_als_cnt` = ?, `max_mail_cnt` = ?, `max_ftp_cnt` = ?,\n\t\t\t`max_sql_db_cnt` = ?, `max_sql_user_cnt` = ?, `max_traff_amnt` = ?,\n\t\t\t`max_disk_amnt` = ?, `support_system` = ?, `customer_id` = ?\n\t\tWHERE\n\t\t\t`reseller_id` = ?\n\t";
exec_query($sql, $query, array($rdata['reseller_ips'], $rdata['max_dmn_cnt'], $rdata['max_sub_cnt'], $rdata['max_als_cnt'], $rdata['max_mail_cnt'], $rdata['max_ftp_cnt'], $rdata['max_sql_db_cnt'], $rdata['max_sql_user_cnt'], $rdata['max_traff_amnt'], $rdata['max_disk_amnt'], $rdata['support_system'], $rdata['customer_id'], $rdata['edit_id']));
}
/* verify email */
if (!checkEmail($modData['email'])) {
$error = _('Email not valid!');
}
/* verify password if changed (not empty) */
if (strlen($modData['password1']) != 0) {
if (strlen($_POST['password1']) < 8 && !empty($_POST['password1'])) {
$error = _('Password must be at least 8 characters long!');
} else {
if ($modData['password1'] != $modData['password2']) {
$error = _('Passwords do not match!');
}
}
/* Crypt passwords */
$modData['password1'] = crypt_user_pass($modData['password1']);
$modData['password2'] = crypt_user_pass($modData['password2']);
}
/* Print errors if present and die, else update */
if ($error) {
die('<div class="alert alert-danger alert-absolute">' . _('Please fix the following error') . ': <strong>' . $error . '<strong></div>');
} else {
if (!selfUpdateUser($modData)) {
die('<div class="alert alert-danger alert-absolute">' . _('Error updating') . '!</div>');
} else {
print '<div class="alert alert-success alert-absolute">' . _('Account updated successfully') . '!</div>';
}
# check if language has changed
if ($user_old['lang'] != $modData['lang']) {
print '<div class="alert alert-info alert-absolute" style="margin-top:50px;">' . _("To apply language change please log in again") . '!</div>';
}
}
$props = $data['props'];
$_SESSION["ch_hpprops"] = $props;
reseller_limits_check($sql, $err_msg, $reseller_id, $hpid);
if ($err_msg != '_off_') {
set_page_message($err_msg);
unset($_SESSION['domain_ip']);
header('Location: orders.php');
die;
}
unset($_SESSION["ch_hpprops"]);
list($php, $cgi, $sub, $als, $mail, $ftp, $sql_db, $sql_user, $traff, $disk) = explode(";", $props);
$php = preg_replace("/\\_/", "", $php);
$cgi = preg_replace("/\\_/", "", $cgi);
$timestamp = time();
$pure_user_pass = substr($timestamp, 0, 6);
$inpass = crypt_user_pass($pure_user_pass);
if (!vhcs_domain_check($dmn_user_name)) {
set_page_message(tr('Wrong domain name syntax!'));
unset($_SESSION['domain_ip']);
header('Location: orders.php');
die;
}
if (vhcs_domain_exists($dmn_name, $_SESSION['user_id'])) {
set_page_message(tr('Domain with that name already exists on the system!'));
unset($_SESSION['domain_ip']);
header('Location: orders.php');
die;
}
check_for_lock_file();
$query = <<<VHCS_SQL_QUERY
insert into admin
function update_data($sql)
{
global $edit_id;
$cfg = EasySCP_Registry::get('Config');
if (isset($_POST['Submit']) && isset($_POST['uaction']) && $_POST['uaction'] === 'edit_user') {
if (check_user_data()) {
$user_id = $_SESSION['user_id'];
$fname = clean_input($_POST['fname']);
$lname = clean_input($_POST['lname']);
$firm = clean_input($_POST['firm']);
$gender = clean_input($_POST['gender']);
$zip = clean_input($_POST['zip']);
$city = clean_input($_POST['city']);
$state = clean_input($_POST['state']);
$country = clean_input($_POST['country']);
$email = clean_input($_POST['email']);
$phone = clean_input($_POST['phone']);
$fax = clean_input($_POST['fax']);
$street1 = clean_input($_POST['street1']);
$street2 = clean_input($_POST['street2']);
if (empty($_POST['pass'])) {
$query = "\n\t\t\t\t\tUPDATE\n\t\t\t\t\t\t`admin`\n\t\t\t\t\tSET\n\t\t\t\t\t\t`fname` = ?,\n\t\t\t\t\t\t`lname` = ?,\n\t\t\t\t\t\t`firm` = ?,\n\t\t\t\t\t\t`zip` = ?,\n\t\t\t\t\t\t`city` = ?,\n\t\t\t\t\t\t`state` = ?,\n\t\t\t\t\t\t`country` = ?,\n\t\t\t\t\t\t`email` = ?,\n\t\t\t\t\t\t`phone` = ?,\n\t\t\t\t\t\t`fax` = ?,\n\t\t\t\t\t\t`street1` = ?,\n\t\t\t\t\t\t`street2` = ?,\n\t\t\t\t\t\t`gender` = ?\n\t\t\t\t\tWHERE\n\t\t\t\t\t\t`admin_id` = ?\n\t\t\t\t";
exec_query($sql, $query, array($fname, $lname, $firm, $zip, $city, $state, $country, $email, $phone, $fax, $street1, $street2, $gender, $edit_id));
} else {
$edit_id = $_POST['edit_id'];
if ($_POST['pass'] != $_POST['pass_rep']) {
set_page_message(tr("Entered passwords do not match!"), 'warning');
user_goto('admin_edit.php?edit_id=' . $edit_id);
}
if (!chk_password($_POST['pass'])) {
if ($cfg->PASSWD_STRONG) {
set_page_message(sprintf(tr('The password must be at least %s chars long and contain letters and numbers to be valid.'), $cfg->PASSWD_CHARS), 'warning');
} else {
set_page_message(sprintf(tr('Password data is shorter than %s signs or includes not permitted signs!'), $cfg->PASSWD_CHARS), 'warning');
}
user_goto('admin_edit.php?edit_id=' . $edit_id);
}
$upass = crypt_user_pass($_POST['pass']);
$query = "\n\t\t\t\t\tUPDATE\n\t\t\t\t\t\t`admin`\n\t\t\t\t\tSET\n\t\t\t\t\t\t`admin_pass` = ?,\n\t\t\t\t\t\t`fname` = ?,\n\t\t\t\t\t\t`lname` = ?,\n\t\t\t\t\t\t`firm` = ?,\n\t\t\t\t\t\t`zip` = ?,\n\t\t\t\t\t\t`city` = ?,\n\t\t\t\t\t\t`state` = ?,\n\t\t\t\t\t\t`country` = ?,\n\t\t\t\t\t\t`email` = ?,\n\t\t\t\t\t\t`phone` = ?,\n\t\t\t\t\t\t`fax` = ?,\n\t\t\t\t\t\t`street1` = ?,\n\t\t\t\t\t\t`street2` = ?,\n\t\t\t\t\t\t`gender` = ?\n\t\t\t\t\tWHERE\n\t\t\t\t\t\t`admin_id` = ?\n\t\t\t\t";
exec_query($sql, $query, array($upass, $fname, $lname, $firm, $zip, $city, $state, $country, $email, $phone, $fax, $street1, $street2, $gender, $edit_id));
// Kill any existing session of the edited user
$admin_name = get_user_name($edit_id);
$query = "\n\t\t\t\t\tDELETE FROM\n\t\t\t\t\t\t`login`\n\t\t\t\t\tWHERE\n\t\t\t\t\t\t`user_name` = ?\n\t\t\t\t";
$rs = exec_query($sql, $query, $admin_name);
if ($rs->recordCount() != 0) {
set_page_message(tr('User session was killed!'), 'info');
write_log($_SESSION['user_logged'] . " killed " . $admin_name . "'s session because of password change");
}
}
$edit_username = clean_input($_POST['edit_username']);
$user_logged = $_SESSION['user_logged'];
write_log("{$user_logged}: changes data/password for {$edit_username}!");
if (isset($_POST['send_data']) && !empty($_POST['pass'])) {
$query = "SELECT admin_type FROM admin WHERE admin_id='" . addslashes(htmlspecialchars($edit_id)) . "'";
$res = exec_query($sql, $query);
if ($res->fields['admin_type'] == 'admin') {
$admin_type = tr('Administrator');
} else {
if ($res->fields['admin_type'] == 'reseller') {
$admin_type = tr('Reseller');
} else {
$admin_type = tr('Domain account');
}
}
send_add_user_auto_msg($user_id, $edit_username, clean_input($_POST['pass']), clean_input($_POST['email']), clean_input($_POST['fname']), clean_input($_POST['lname']), tr($admin_type), $gender);
}
$_SESSION['user_updated'] = 1;
user_goto('manage_users.php');
}
}
}
/**
* update users pass from md5 to crypt
*/
function update_user_pass_to_crypt($username, $rawpassword)
{
global $db;
$database = new database($db['host'], $db['user'], $db['pass'], $db['name']);
# crypt pass
$password = crypt_user_pass($rawpassword);
$password = $database->real_escape_string($password);
# set check query and get result
$query = "update `users` set `password`='{$password}' where `username` = '{$username}';";
# execute
try {
$database->executeQuery($query);
} catch (Exception $e) {
print "<div class='alert alert-danger'>" . $e->getMessage() . "</div>";
return false;
}
return true;
}
function add_user_data($reseller_id)
{
global $sql, $cfg;
global $dmn_name, $hpid, $dmn_user_name;
global $user_email, $customer_id, $first_name;
global $last_name, $firm, $zip;
global $city, $country, $street_one;
global $street_two, $mail, $phone;
global $fax, $inpass, $domain_ip;
global $admin_login;
// Let's get Desired Hosting Plan Data;
//
$err_msg = '_off_';
reseller_limits_check($sql, $err_msg, $reseller_id, $hpid);
if ($err_msg != '_off_') {
set_page_message($err_msg);
return;
}
if (isset($_SESSION["ch_hpprops"])) {
$props = $_SESSION["ch_hpprops"];
unset($_SESSION["ch_hpprops"]);
} else {
$query = "select props from hosting_plans where reseller_id = ? and id = ?";
$res = exec_query($sql, $query, array($reseller_id, $hpid));
$data = $res->FetchRow();
$props = $data['props'];
}
list($php, $cgi, $sub, $als, $mail, $ftp, $sql_db, $sql_user, $traff, $disk) = explode(";", $props);
$php = preg_replace("/\\_/", "", $php);
$cgi = preg_replace("/\\_/", "", $cgi);
$pure_user_pass = $inpass;
$inpass = crypt_user_pass($inpass);
// $first_name = escape_user_data($first_name);
// $last_name = escape_user_data($last_name);
// $firm = escape_user_data($firm);
// $zip = escape_user_data($zip);
// $city = escape_user_data($city);
// $country = escape_user_data($country);
// $phone = escape_user_data($phone);
// $fax = escape_user_data($fax);
// $street_one = escape_user_data($street_one);
// $street_two = escape_user_data($street_two);
// $customer_id = escape_user_data($customer_id);
if (!vhcs_domain_check($dmn_user_name)) {
//set_page_message = tr("Wrong domain name syntax!");
return;
}
check_for_lock_file();
$query = <<<VHCS_SQL_QUERY
insert into admin
(
admin_name, admin_pass, admin_type, domain_created,
created_by, fname, lname,
firm, zip, city,
country, email, phone,
fax, street1, street2, customer_id
)
values
(
?, ?, 'user', unix_timestamp(),
?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?
)
VHCS_SQL_QUERY;
$res = exec_query($sql, $query, array($dmn_user_name, $inpass, $reseller_id, $first_name, $last_name, $firm, $zip, $city, $country, $user_email, $phone, $fax, $street_one, $street_two, $customer_id));
print $sql->ErrorMsg();
$record_id = $sql->Insert_ID();
$query = <<<VHCS_SQL_QUERY
insert into domain (
domain_name, domain_admin_id,
domain_created_id, domain_created,
domain_mailacc_limit, domain_ftpacc_limit,
domain_traffic_limit, domain_sqld_limit,
domain_sqlu_limit, domain_status,
domain_subd_limit, domain_alias_limit,
domain_ip_id, domain_disk_limit,
domain_disk_usage, domain_php, domain_cgi
)
values (
?, ?,
?, unix_timestamp(),
?, ?,
?, ?,
?, 'toadd',
?, ?,
?, ?, '0',
?, ?
)
VHCS_SQL_QUERY;
$res = exec_query($sql, $query, array($dmn_name, $record_id, $reseller_id, $mail, $ftp, $traff, $sql_db, $sql_user, $sub, $als, $domain_ip, $disk, $php, $cgi));
$dmn_id = $sql->Insert_ID();
// vhcs 2.5 feature
//add_domain_extras($dmn_id, $record_id, $sql);
// lets send mail to user
send_add_user_auto_msg($reseller_id, $dmn_user_name, $pure_user_pass, $user_email, $first_name, $last_name, tr('Domain account'));
// send query to the vhcs2 daemon
// add user into user_gui_props => domain looser needs language and skin too :-)
$user_def_lang = $_SESSION['user_def_lang'];
$user_theme_color = $_SESSION['user_theme_color'];
$query = <<<SQL_QUERY
insert into
user_gui_props
(user_id, lang, layout)
values
(?, ?, ?)
SQL_QUERY;
$res = exec_query($sql, $query, array($record_id, $user_def_lang, $user_theme_color));
send_request();
$admin_login = $_SESSION['user_logged'];
write_log("{$admin_login}: add user -> {$dmn_user_name} (for domain {$dmn_name})");
write_log("{$admin_login}: add domain -> {$dmn_name}");
au_update_reseller_props($reseller_id, $props);
if (isset($_POST['add_alias']) && $_POST['add_alias'] === 'on') {
//we have to add some aliases for this looser
$_SESSION['dmn_id'] = $dmn_id;
$_SESSION['dmn_ip'] = $domain_ip;
header("Location: rau4.php?accout={$dmn_id}");
die;
} else {
//we have not to add alias
$_SESSION['rau3_added'] = "_yes_";
header("Location: users.php");
die;
}
}
function sendpw($uniqkey)
{
global $sql;
$query = <<<SQL_QUERY
select
admin_name, created_by, fname, lname, email
from
admin
where
uniqkey = ?
SQL_QUERY;
$res = exec_query($sql, $query, array($uniqkey));
if ($res->RecordCount() == 1) {
$admin_name = $res->fields['admin_name'];
$created_by = $res->fields['created_by'];
$admin_fname = $res->fields['fname'];
$admin_lname = $res->fields['lname'];
$to = $res->fields['email'];
$upass = passgen();
$query = <<<SQL_QUERY
update
admin
set
admin_pass = ?
where
uniqkey = ?
SQL_QUERY;
$rs = exec_query($sql, $query, array(crypt_user_pass($upass), $uniqkey));
write_log("Lostpassword: "******" : password updated");
$query = <<<SQL_QUERY
update
admin
set
uniqkey = ?
where
uniqkey = ?
SQL_QUERY;
$rs = exec_query($sql, $query, array('', $uniqkey));
$query = <<<SQL_QUERY
\t select
\t admin_id, fname, lname, email
\t from
\t admin
\twhere
\t admin_id = ?
SQL_QUERY;
if ($created_by == 0) {
$created_by = 1;
}
$res = exec_query($sql, $query, array($created_by));
$admin_id = $res->fields['admin_id'];
$from_fname = $res->fields['fname'];
$from_lname = $res->fields['lname'];
$from_email = $res->fields['email'];
if ($from_fname && $from_lname) {
$from = "{$from_fname} {$from_lname} <{$from_email}>";
} else {
$from = $from_email;
}
$query = <<<SQL_QUERY
select
subject, message
from
email_tpls
where
owner_id = ?
and
name = 'lostpw-msg-2'
SQL_QUERY;
$res = exec_query($sql, $query, array($admin_id));
$subject = $res->fields['subject'];
$message = $res->fields['message'];
if ($res->RecordCount() == 0) {
$subject = "Auto message allert for lostpw ! {USERNAME}";
$message = <<<MSG
Hello {NAME} !
Your VHCS login is: {USERNAME}
Your VHCS password is: {PASSWORD}
Good Luck with VHCS Pro System
Hosting Provider Team
MSG;
}
$subject = preg_replace("/\\{USERNAME\\}/", $admin_name, $subject);
$message = preg_replace("/\\{USERNAME\\}/", $admin_name, $message);
$message = preg_replace("/\\{NAME\\}/", $admin_fname . " " . $admin_lname, $message);
$message = preg_replace("/\\{PASSWORD\\}/", $upass, $message);
$message = str_replace(chr(10), "", $message);
$headers = "From: {$from}\r\n";
$headers .= "Content-Type: text/plain\nContent-Transfer-Encoding: 7bit\n";
$headers .= "X-Mailer: VHCS Pro lostpassword mailer";
$mail_result = mail($to, $subject, $message, $headers);
$mail_status = $mail_result ? 'OK' : 'NOT OK';
$log_message = "Lostpassword aktivated: To: |{$to}|, From: |{$from}|, Status: |{$mail_status}| !";
write_log($log_message);
return true;
}
return false;
}
/**
* Post-installation submit
*/
require '../../functions/functions.php';
/* sanitize */
$_POST = filter_user_input($_POST, true, true, false);
/* only permit if Admin user has default pass !!! */
$admin = getUserDetailsByName("Admin");
if ($admin['password'] != '$6$rounds=3000$JQEE6dL9NpvjeFs4$RK5X3oa28.Uzt/h5VAfdrsvlVe.7HgQUYKMXTJUsud8dmWfPzZQPbRbk8xJn1Kyyt4.dWm4nJIYhAV2mbOZ3g.') {
die("<div class='alert alert-danger'>Not allowed !</div>");
} else {
/* check lenghts */
if (strlen($_POST['password1']) < 8) {
die("<div class='alert alert-danger'>" . _("Invalid password") . "</div>");
}
if (strlen($_POST['password2']) < 8) {
die("<div class='alert alert-danger'>" . _("Invalid password") . "</div>");
}
/* check match */
if ($_POST['password1'] != $_POST['password2']) {
die("<div class='alert alert-danger'>" . _("Passwords do not match") . "</div>");
}
/* Crypt password */
$_POST['password1'] = crypt_user_pass($_POST['password1']);
/* all good, update password! */
if (!postauth_update($_POST['password1'], $_POST['siteTitle'], $_POST['siteURL'])) {
} else {
print "<div class='alert alert-success'>Settings updated, installation complete!<hr><a class='btn btn-sm btn-default' href='" . create_link("login") . "'>Proceed to login</a>";
}
}
if ($_POST['action'] == "edit" || $_POST['action'] == "delete") {
if (!is_numeric($_POST['userId'])) {
die('<div class="alert alert-danger">' . _("Invalid ID") . '</div>');
}
}
/**
* First get posted variables
*/
$userModDetails = $_POST;
$userModDetails['plainpass'] = $userModDetails['password1'];
/**
* Hash passwords if changed
*/
if (strlen($userModDetails['password1']) != 0) {
$userModDetails['password1'] = crypt_user_pass($userModDetails['password1']);
$userModDetails['password2'] = crypt_user_pass($userModDetails['password2']);
# for length check
$userModDetails['password1orig'] = $_POST['password1'];
$userModDetails['password2orig'] = $_POST['password2'];
}
/**
* Based on action verify the input
*/
if ($userModDetails['action'] == "add") {
$errors = verifyUserModInput($userModDetails);
} else {
if ($userModDetails['action'] == "edit") {
$errors = verifyUserModInput($userModDetails);
} else {
if ($userModDetails['action'] == "delete") {
//cannot delete admin user
function update_data_in_db($hpid)
{
global $sql;
global $dmn_user_name;
global $user_email, $customer_id, $first_name;
global $last_name, $firm, $zip;
global $city, $country, $street_one;
global $street_two, $mail, $phone;
global $fax, $inpass, $domain_ip;
global $admin_login;
/*
$first_name = escape_user_data($first_name);
$last_name = escape_user_data($last_name);
$firm = escape_user_data($firm);
$zip = escape_user_data($zip);
$city = escape_user_data($city);
$country = escape_user_data($country);
$phone = escape_user_data($phone);
$fax = escape_user_data($fax);
$street_one = escape_user_data($street_one);
$street_two = escape_user_data($street_two);
*/
if ($inpass === '') {
// Save with out password
$query = <<<SQL_QUERY
update
admin
set
fname=?,
lname=?,
firm=?,
zip=?,
city=?,
country=?,
email=?,
phone=?,
fax=?,
street1=?,
street2=?,
customer_id=?
where
admin_id=?
SQL_QUERY;
exec_query($sql, $query, array($first_name, $last_name, $firm, $zip, $city, $country, $mail, $phone, $fax, $street_one, $street_two, $customer_id, $hpid));
} else {
// Change password
$inpass = crypt_user_pass($inpass);
$query = <<<SQL_QUERY
update
admin
set
admin_pass=?,
fname=?,
lname=?,
firm=?,
zip=?,
city=?,
country=?,
email=?,
phone=?,
fax=?,
street1=?,
street2=?,
customer_id=?
where
admin_id=?
SQL_QUERY;
exec_query($sql, $query, array($inpass, $first_name, $last_name, $firm, $zip, $city, $country, $mail, $phone, $fax, $street_one, $street_two, $customer_id, $hpid));
}
$admin_login = $_SESSION['user_logged'];
write_log("{$admin_login} change data/password for {$dmn_user_name}!");
unset($_SESSION['edit_ID']);
unset($_SESSION['user_name']);
$_SESSION['edit'] = "_yes_";
Header("Location: users.php");
die;
}
function setPassword($uniqkey, $upass)
{
$sql = EasySCP_Registry::get('Db');
if ($uniqkey == '') {
die;
}
$query = "\n\t\tUPDATE\n\t\t\t`admin`\n\t\tSET\n\t\t\t`admin_pass` = ?\n\t\tWHERE\n\t\t\t`uniqkey` = ?\n\t";
exec_query($sql, $query, array(crypt_user_pass($upass), $uniqkey));
}
$tpl->define_dynamic('custom_buttons', 'page');
global $cfg;
$theme_color = $cfg['USER_INITIAL_THEME'];
$tpl->assign(array('TR_CLIENT_CHANGE_PASSWORD_PAGE_TITLE' => tr('VHCS - Reseller/Change Password'), 'THEME_COLOR_PATH' => "../themes/{$theme_color}", 'THEME_CHARSET' => tr('encoding'), 'VHCS_LICENSE' => $cfg['VHCS_LICENSE'], 'ISP_LOGO' => get_logo($_SESSION['user_id'])));
if (isset($_POST['uaction']) && $_POST['uaction'] === 'updt_pass') {
if ($_POST['pass'] === '' || $_POST['pass_rep'] === '') {
set_page_message(tr('Please fill up both data fields!'));
} else {
if ($_POST['pass'] !== $_POST['pass_rep']) {
set_page_message(tr('Passwords does not match!'));
} else {
if (chk_password($_POST['pass']) > 0) {
set_page_message(tr('Incorrect password range or syntax!'));
} else {
// Correct input password
$upass = crypt_user_pass($_POST['pass']);
$user_id = $_SESSION['user_id'];
// Begin update admin-db
$query = <<<SQL_QUERY
update
\tadmin
set
\tadmin_pass = ?
where
\tadmin_id = ?
SQL_QUERY;
$rs = exec_query($sql, $query, array($upass, $user_id));
set_page_message(tr('User password updated successfully!'));
}
}
}
} else {
if ($_POST['pass'] !== $_POST['pass_rep']) {
set_page_message(tr('Passwords do not match!'), 'warning');
} else {
if (!chk_password($_POST['pass'])) {
if ($cfg->PASSWD_STRONG) {
set_page_message(sprintf(tr('The password must be at least %s chars long and contain letters and numbers to be valid.'), $cfg->PASSWD_CHARS), 'warning');
} else {
set_page_message(sprintf(tr('Password data is shorter than %s signs or includes not permitted signs!'), $cfg->PASSWD_CHARS), 'warning');
}
} else {
if (EasyPass::check_udata($_SESSION['user_id'], $_POST['curr_pass']) === false) {
set_page_message(tr('The current password is wrong!'), 'error');
} else {
// Correct input password
$upass = crypt_user_pass(htmlentities($_POST['pass']));
$_SESSION['user_pass'] = $upass;
$user_id = $_SESSION['user_id'];
// Begin update admin-db
$query = "\n\t\t\tUPDATE\n\t\t\t\t`admin`\n\t\t\tSET\n\t\t\t\t`admin_pass` = ?\n\t\t\tWHERE\n\t\t\t\t`admin_id` = ?\n\t\t";
$rs = exec_query($sql, $query, array($upass, $user_id));
write_log($_SESSION['user_logged'] . ": update password!");
set_page_message(tr('User password updated successfully!'), 'success');
}
}
}
}
}
// static page messages
gen_logged_from($tpl);
$tpl->assign(array('TR_PAGE_TITLE' => tr('EasySCP - Reseller/Change Password'), 'TR_CHANGE_PASSWORD' => tr('Change password'), 'TR_PASSWORD_DATA' => tr('Password data'), 'TR_PASSWORD' => tr('Password'), 'TR_PASSWORD_REPEAT' => tr('Repeat password'), 'TR_UPDATE_PASSWORD' => tr('Update password'), 'TR_CURR_PASSWORD' => tr('Current password'), 'PASSWORD_DISABLED' => tr('Password change is deactivated!'), 'DEMO_VERSION' => tr('Demo Version!')));
