/** * Delete domain with all sub items (usage in admin and reseller) * @param integer $domain_id * @param string $goto users.php or manage_users.php * @param boolean $breseller double check by reseller=current user */ function delete_domain($domain_id, $goto, $breseller = false) { $cfg = EasySCP_Registry::get('Config'); $sql = EasySCP_Registry::get('Db'); // Get uid and gid of domain user $query = "\n\t\tSELECT\n\t\t\t`domain_uid`,\n\t\t\t`domain_gid`,\n\t\t\t`domain_admin_id`,\n\t\t\t`domain_name`,\n\t\t\t`domain_created_id`\n\t\tFROM\n\t\t\t`domain`\n\t\tWHERE\n\t\t\t`domain_id` = ?\n\t"; if ($breseller) { $reseller_id = $_SESSION['user_id']; $query .= " AND `domain_created_id` = ?"; $res = exec_query($sql, $query, array($domain_id, $reseller_id)); } else { $res = exec_query($sql, $query, $domain_id); } $data = $res->fetchRow(); if (empty($data['domain_uid']) || empty($data['domain_admin_id'])) { set_page_message(tr('Wrong domain ID!'), 'error'); user_goto($goto); } $domain_admin_id = $data['domain_admin_id']; $domain_name = $data['domain_name']; $domain_uid = $data['domain_uid']; $domain_gid = $data['domain_gid']; if (!$breseller) { $reseller_id = $data['domain_created_id']; } // Mail users: $query = "\n\t\tUPDATE\n\t\t\t`mail_users`\n\t\tSET\n\t\t\t`status` = ?\n\t\tWHERE\n\t\t\t`domain_id` = ?\n\t\t;\n\t"; exec_query($sql, $query, array($cfg->ITEM_DELETE_STATUS, $domain_id)); send_request('130 MAIL ' . $domain_id); // Delete all protected areas related data (areas, groups and users) $query = "\n\t\tDELETE\n\t\t\t`areas`,\n\t\t\t`users`,\n\t\t\t`groups`\n\t\tFROM\n\t\t\t`domain` AS `customer`\n\t\tLEFT JOIN\n\t\t\t`htaccess` AS `areas` ON `areas`.`dmn_id` = `customer`.`domain_id`\n\t\tLEFT JOIN\n\t\t\t`htaccess_users` AS `users` ON `users`.`dmn_id` = `customer`.`domain_id`\n\t\tLEFT JOIN\n\t\t\t`htaccess_groups` AS `groups` ON `groups`.`dmn_id` = `customer`.`domain_id`\n\t\tWHERE\n\t\t\t`customer`.`domain_id` = ?\n\t\t;\n\t"; exec_query($sql, $query, $domain_id); // Delete subdomain aliases: $alias_a = array(); $query = "\n\t\tSELECT\n\t\t\t`alias_id`\n\t\tFROM\n\t\t\t`domain_aliasses`\n\t\tWHERE\n\t\t\t`domain_id` = ?\n\t\t;\n\t"; $res = exec_query($sql, $query, $domain_id); while (!$res->EOF) { $alias_a[] = $res->fields['alias_id']; $res->moveNext(); } if (count($alias_a) > 0) { $query = "\n\t\t\tUPDATE\n\t\t\t\t`subdomain_alias`\n\t\t\tSET\n\t\t\t\t`status` = ?\n\t\t\tWHERE\n\t\t\t\t`alias_id` IN (\n\t\t"; $query .= implode(',', $alias_a); $query .= ")"; exec_query($sql, $query, $cfg->ITEM_DELETE_STATUS); } // Delete SQL databases and users $query = "\n\t\tSELECT\n\t\t\t`sqld_id`\n\t\tFROM\n\t\t\t`sql_database`\n\t\tWHERE\n\t\t\t`domain_id` = ?\n\t\t;\n\t"; $res = exec_query($sql, $query, $domain_id); while (!$res->EOF) { delete_sql_database($sql, $domain_id, $res->fields['sqld_id']); $res->moveNext(); } // Domain aliases: $query = "\n\t\tUPDATE\n\t\t\tdomain_aliasses\n\t\tSET\n\t\t\tstatus = ?\n\t\tWHERE\n\t\t\tdomain_id = ?\n\t\t;\n\t"; exec_query($sql, $query, array($cfg->ITEM_DELETE_STATUS, $domain_id)); // Remove domain traffic $query = "\n\t\tDELETE FROM\n\t\t\t`domain_traffic`\n\t\tWHERE\n\t\t\t`domain_id` = ?\n\t\t;\n\t"; exec_query($sql, $query, $domain_id); // Set domain deletion status $query = "\n\t\tUPDATE\n\t\t\t`domain`\n\t\tSET\n\t\t\t`status` = 'delete'\n\t\tWHERE\n\t\t`domain_id` = ?\n\t\t;\n\t"; exec_query($sql, $query, $domain_id); // Set domain subdomains deletion status $query = "\n\t\tUPDATE\n\t\t\t`subdomain`\n\t\tSET\n\t\t\t`status` = ?\n\t\tWHERE\n\t\t\t`domain_id` = ?\n\t\t;\n\t"; exec_query($sql, $query, array($cfg->ITEM_DELETE_STATUS, $domain_id)); // --- Activate daemon --- send_request('110 DOMAIN domain ' . $domain_id); // Delete FTP users: $query = "\n\t\tDELETE FROM\n\t\t\t`ftp_users`\n\t\tWHERE\n\t\t\t`uid` = ?\n\t\t;\n\t"; exec_query($sql, $query, $domain_uid); // Delete FTP groups: $query = "\n\t\tDELETE FROM\n\t\t\t`ftp_group`\n\t\tWHERE\n\t\t\t`gid` = ?\n\t\t;\n\t"; exec_query($sql, $query, $domain_gid); // Delete EasySCP login: $query = "\n\t\tDELETE FROM\n\t\t\t`admin`\n\t\tWHERE\n\t\t\t`admin_id` = ?\n\t\t;\n\t"; exec_query($sql, $query, $domain_admin_id); // Delete the quota section: $query = "\n\t\tDELETE FROM\n\t\t\t`quotalimits`\n\t\tWHERE\n\t\t\t`name` = ?\n\t\t;\n\t"; exec_query($sql, $query, $domain_name); // Delete the quota section: $query = "\n\t\tDELETE FROM\n\t\t\t`quotatallies`\n\t\tWHERE\n\t\t\t`name` = ?\n\t\t;\n\t"; exec_query($sql, $query, $domain_name); // Remove support tickets: $query = "\n\t\tDELETE FROM\n\t\t\t`tickets`\n\t\tWHERE\n\t\t\tticket_from = ?\n\t\tOR\n\t\t\tticket_to = ?\n\t\t;\n\t"; exec_query($sql, $query, array($domain_admin_id, $domain_admin_id)); // Delete user gui properties $query = "\n\t\tDELETE FROM\n\t\t\t`user_gui_props`\n\t\tWHERE\n\t\t\t`user_id` = ?\n\t\t;\n\t"; exec_query($sql, $query, $domain_admin_id); write_log($_SESSION['user_logged'] . ': deletes domain ' . $domain_name); update_reseller_c_props($reseller_id); $_SESSION['ddel'] = '_yes_'; user_goto($goto); }
$query = "SELECT COUNT(`mail_id`) AS cnt FROM `mail_users` WHERE (`mail_type` LIKE '" . MT_SUBDOM_MAIL . "%' OR `mail_type` = '" . MT_SUBDOM_FORWARD . "') AND `sub_id` = ?"; $rs = exec_query($sql, $query, $sub_id); if ($rs->fields['cnt'] > 0) { set_page_message(tr('The subdomain you are trying to remove has email accounts!<br />Rremove them first!'), 'warning'); user_goto('domains_manage.php'); } // check for existing aliassubdomains $sql_param = array(':subdomain_id' => $sub_id); $query = "\n\t\tSELECT \n\t\t\tCOUNT(subdomain_alias_id) AS cnt\n\t\tFROM\n\t\t\tsubdomain_alias\n\t\tWHERE\n\t\t\tsubdomain_id = :subdomain_id\n\t"; DB::prepare($query); $row = DB::execute($sql_param)->fetch(); if ($row['cnt'] > 0) { set_page_message(tr('The subdomain you are trying to remove has aliassubdomains assigned!<br />Rremove them first!'), 'warning'); user_goto('domains_manage.php'); } $query = "\n\t\tUPDATE\n\t\t\t`subdomain`\n\t\tSET\n\t\t\t`status` = 'delete'\n\t\tWHERE\n\t\t\t`subdomain_id` = ?\n\t"; $rs = exec_query($sql, $query, $sub_id); $query = "\n\t\tUPDATE\n\t\t\t`domain`\n\t\tSET\n\t\t\t`status` = 'change'\n\t\tWHERE\n\t\t\t`domain_id` = ?\n\t"; $rs = exec_query($sql, $query, $dmn_id); update_reseller_c_props(get_reseller_id($dmn_id)); if ($_POST['dmn_type'] == 'als') { send_request('110 DOMAIN alias ' . $dmn_id); } else { send_request('110 DOMAIN domain ' . $dmn_id); } write_log($_SESSION['user_logged'] . ": deletes subdomain: " . $sub_name); set_page_message(tr('Subdomain scheduled for deletion!'), 'info'); user_goto('domains_manage.php'); } else { user_goto('domains_manage.php'); }
$res_tmp = exec_query($sql, "SELECT `subdomain_name` FROM `subdomain` WHERE `subdomain_id` = ?", $data['sub_id']); $dat_tmp = $res_tmp->fetchRow(); $mail_name = $data['mail_acc'] . '@' . $dat_tmp['subdomain_name'] . '.' . $dmn_name; } else { if (preg_match("/" . MT_ALSSUB_MAIL . "/", $data['mail_type']) || preg_match("/" . MT_ALSSUB_FORWARD . "/", $data['mail_type'])) { // mail to subdomain $res_tmp = exec_query($sql, "SELECT `subdomain_alias_name`, `alias_name` FROM `subdomain_alias` AS t1, `domain_aliasses` AS t2 WHERE t1.`alias_id` = t2.`alias_id` AND `subdomain_alias_id` = ?", $data['sub_id']); $dat_tmp = $res_tmp->fetchRow(); $mail_name = $data['mail_acc'] . '@' . $dat_tmp['subdomain_alias_name'] . '.' . $dat_tmp['alias_name']; } } } } $query = "SELECT `mail_id` FROM `mail_users` WHERE `mail_acc` = ? OR `mail_acc` LIKE ? OR `mail_acc` LIKE ? OR `mail_acc` LIKE ?"; $res_tmp = exec_query($sql, $query, array($mail_name, "{$mail_name},%", "%,{$mail_name},%", "%,{$mail_name}")); $num = $res_tmp->rowCount(); if ($num > 0) { set_page_message(tr('First delete the CatchAll account for this email!'), 'warning'); $_SESSION['catchall_assigned'] = 1; user_goto('mail_accounts.php'); } $sql_param = array(':status' => $cfg->ITEM_DELETE_STATUS, ':mail_id' => $delete_id); $sql_query = "\n\tUPDATE\n\t\t`mail_users`\n\tSET\n\t\t`status` = :status\n\tWHERE\n\t\t`mail_id` = :mail_id\n"; DB::prepare($sql_query); DB::execute($sql_param); update_reseller_c_props(get_reseller_id($data['domain_id'])); send_request('130 MAIL ' . $data['domain_id']); $admin_login = decode_idna($_SESSION['user_logged']); write_log("{$admin_login}: deletes mail account: " . $mail_name); $_SESSION['maildel'] = 1; user_goto('mail_accounts.php');
function add_sql_database($sql, $user_id) { $cfg = EasySCP_Registry::get('Config'); if (!isset($_POST['uaction'])) { return; } // let's generate database name. if (empty($_POST['db_name'])) { set_page_message(tr('Please specify a database name!'), 'warning'); return; } $dmn_id = get_user_domain_id($user_id); if (isset($_POST['use_dmn_id']) && $_POST['use_dmn_id'] === 'on') { // we'll use domain_id in the name of the database; if (isset($_POST['id_pos']) && $_POST['id_pos'] === 'start') { $db_name = $dmn_id . "_" . clean_input($_POST['db_name']); } else { if (isset($_POST['id_pos']) && $_POST['id_pos'] === 'end') { $db_name = clean_input($_POST['db_name']) . "_" . $dmn_id; } } } else { $db_name = clean_input($_POST['db_name']); } if (strlen($db_name) > $cfg->MAX_SQL_DATABASE_LENGTH) { set_page_message(tr('Database name is too long!'), 'warning'); return; } // have we such database in the system!? if (check_db_name($sql, $db_name)) { set_page_message(tr('Specified database name already exists!'), 'warning'); return; } // are wildcards used? if (preg_match("/[%|\\?]+/", $db_name)) { set_page_message(tr('Wildcards such as %% and ? are not allowed!'), 'warning'); return; } DB::query('CREATE DATABASE IF NOT EXISTS `' . $db_name . '` DEFAULT CHARACTER SET ' . EasyConfig::$cfg->DATABASE_DEFAULT_CHARACTER_SET . ' COLLATE ' . EasyConfig::$cfg->DATABASE_DEFAULT_COLLATE . ';')->closeCursor(); $sql_param = array(':domain_id' => $dmn_id, ':sqld_name' => $db_name); $sql_query = "\n\t\tINSERT INTO\n\t\t\tsql_database (domain_id, sqld_name, status)\n\t\tVALUES\n\t\t\t(:domain_id, :sqld_name, 'ok');\n\t"; DB::prepare($sql_query); DB::execute($sql_param)->closeCursor(); update_reseller_c_props(get_reseller_id($dmn_id)); write_log($_SESSION['user_logged'] . ": adds new SQL database: " . tohtml($db_name)); set_page_message(tr('SQL database created successfully!'), 'info'); user_goto('sql_manage.php'); }
/** * Check and updates domain data * * @throws iMSCP_Exception_Database * @param int $domainId Domain unique identifier * @return bool TRUE on success, FALSE otherwise */ function reseller_checkAndUpdateData($domainId) { $db = iMSCP_Database::getInstance(); $errFieldsStack = array(); try { // Getting domain data $data =& reseller_getData($domainId, true); // Check for expires date if ($data['domain_never_expires'] == 'off') { if (!preg_match('%^\\d{2}/\\d{2}/\\d{4}$%', $data['domain_expires']) || ($timestamp = strtotime($data['domain_expires'])) === false) { $data['domain_expires_ok'] = false; set_page_message(tr('Wrong syntax for new expire date.'), 'error'); $errFieldsStack[] = 'domain_expires'; } elseif ($timestamp != 0 && $timestamp <= time()) { $data['domain_expires'] = $timestamp; set_page_message(tr('You cannot set expire date in past.'), 'error'); $errFieldsStack[] = 'domain_expires'; } else { $data['domain_expires'] = $timestamp; } } else { $data['domain_expires'] = 0; } // Check for the subdomains limit if ($data['fallback_domain_subd_limit'] != -1) { if (!imscp_limit_check($data['domain_subd_limit'])) { set_page_message(tr('Wrong syntax for the %s limit.', tr('subdomains')), 'error'); $errFieldsStack[] = 'domain_subd_limit'; } elseif (!_reseller_isValidServiceLimit($data['domain_subd_limit'], $data['nbSubdomains'], $data["fallback_domain_subd_limit"], $data['current_sub_cnt'], $data['max_sub_cnt'], $data['nbSubdomains'] > 1 ? tr('subdomains') : tr('subdomain'))) { $errFieldsStack[] = 'domain_subd_limit'; } } // Check for the domain aliases limit if ($data['fallback_domain_alias_limit'] != -1) { if (!imscp_limit_check($data['domain_alias_limit'])) { set_page_message(tr('Wrong syntax for the %s limit.', tr('domain aliases')), 'error'); $errFieldsStack[] = 'domain_alias_limit'; } elseif (!_reseller_isValidServiceLimit($data['domain_alias_limit'], $data['nbAliasses'], $data["fallback_domain_alias_limit"], $data['current_als_cnt'], $data['max_als_cnt'], $data['nbAliasses'] > 1 ? tr('domain aliases') : tr('domain alias'))) { $errFieldsStack[] = 'domain_alias_limit'; } } // Check for the mail accounts limit if ($data['fallback_domain_mailacc_limit'] != -1) { if (!imscp_limit_check($data['domain_mailacc_limit'])) { set_page_message(tr('Wrong syntax for the %s limit.', tr('email accounts')), 'error'); $errFieldsStack[] = 'domain_mailacc_limit'; } elseif (!_reseller_isValidServiceLimit($data['domain_mailacc_limit'], $data['nbMailAccounts'], $data["fallback_domain_mailacc_limit"], $data['current_mail_cnt'], $data['max_mail_cnt'], $data["nbMailAccounts"] > 1 ? tr('email accounts') : tr('email account'))) { $errFieldsStack[] = 'domain_mailacc_limit'; } } // Check for the Ftp accounts limit if ($data['fallback_domain_ftpacc_limit'] != -1) { if (!imscp_limit_check($data['domain_ftpacc_limit'])) { set_page_message(tr('Wrong syntax for the %s limit.', tr('Ftp accounts')), 'error'); $errFieldsStack[] = 'domain_ftpacc_limit'; } elseif (!_reseller_isValidServiceLimit($data['domain_ftpacc_limit'], $data['nbFtpAccounts'], $data["fallback_domain_ftpacc_limit"], $data['current_ftp_cnt'], $data['max_ftp_cnt'], $data['nbFtpAccounts'] > 1 ? tr('Ftp accounts') : tr('Ftp account'))) { $errFieldsStack[] = 'domain_ftpacc_limit'; } } // Check for the Sql databases limit if ($data['fallback_domain_sqld_limit'] != -1) { if (!imscp_limit_check($data['domain_sqld_limit'])) { set_page_message(tr('Wrong syntax for the %s limit.', tr('SQL databases')), 'error'); $errFieldsStack[] = 'domain_sqld_limit'; } elseif (!_reseller_isValidServiceLimit($data['domain_sqld_limit'], $data['nbSqlDatabases'], $data["fallback_domain_sqld_limit"], $data['current_sql_db_cnt'], $data['max_sql_db_cnt'], $data['nbSqlDatabases'] > 1 ? tr('SQL databases') : tr('SQL database'))) { $errFieldsStack[] = 'domain_sqld_limit'; } elseif ($data['domain_sqld_limit'] != -1 && $data['domain_sqlu_limit'] == -1) { set_page_message(tr('SQL user limit is disabled.'), 'error'); $errFieldsStack[] = 'domain_sqld_limit'; $errFieldsStack[] = 'domain_sqlu_limit'; } } // Check for the Sql users limit if ($data['fallback_domain_sqlu_limit'] != -1) { if (!imscp_limit_check($data['domain_sqlu_limit'])) { set_page_message(tr('Wrong syntax for the %s limit.', tr('SQL users')), 'error'); $errFieldsStack[] = 'domain_sqlu_limit'; } elseif (!_reseller_isValidServiceLimit($data['domain_sqlu_limit'], $data['nbSqlUsers'], $data["fallback_domain_sqlu_limit"], $data['current_sql_user_cnt'], $data['max_sql_user_cnt'], $data['nbSqlUsers'] > 1 ? tr('SQL users') : tr('SQL user'))) { $errFieldsStack[] = 'domain_sqlu_limit'; } elseif ($data['domain_sqlu_limit'] != -1 && $data['domain_sqld_limit'] == -1) { set_page_message(tr('SQL database limit is disabled.'), 'error'); $errFieldsStack[] = 'domain_sqlu_limit'; $errFieldsStack[] = 'domain_sqld_limit'; } } // Check for the monthly traffic limit if (!imscp_limit_check($data['domain_traffic_limit'], null)) { set_page_message(tr('Wrong syntax for the %s limit.', tr('traffic')), 'error'); $errFieldsStack[] = 'domain_traffic_limit'; } elseif (!_reseller_isValidServiceLimit($data['domain_traffic_limit'], $data['domainTraffic'] / 1048576, $data["fallback_domain_traffic_limit"], $data['current_traff_amnt'], $data['max_traff_amnt'], tr('traffic'))) { $errFieldsStack[] = 'domain_traffic_limit'; } // Check for the disk space limit if (!imscp_limit_check($data['domain_disk_limit'], null)) { set_page_message(tr('Wrong syntax for the %s limit.', tr('disk space')), 'error'); $errFieldsStack[] = 'domain_disk_limit'; } elseif (!_reseller_isValidServiceLimit($data['domain_disk_limit'], $data['domain_disk_usage'] / 1048576, $data["fallback_domain_disk_limit"], $data['current_disk_amnt'], $data['max_disk_amnt'], tr('disk space'))) { $errFieldsStack[] = 'domain_disk_limit'; } // Check for mail quota if ($data['fallback_domain_mailacc_limit'] != -1) { if (!imscp_limit_check($data['mail_quota'], null)) { set_page_message(tr('Wrong syntax for the mail quota value.'), 'error'); $errFieldsStack[] = 'mail_quota'; } elseif ($data['domain_disk_limit'] != 0 && $data['mail_quota'] > $data['domain_disk_limit']) { set_page_message(tr('Email quota cannot be bigger than disk space limit.'), 'error'); $errFieldsStack[] = 'mail_quota'; } elseif ($data['domain_disk_limit'] != 0 && $data['mail_quota'] == 0) { set_page_message(tr('Email quota cannot be unlimited. Max value is %d MiB.', $data['domain_disk_limit']), 'error'); $errFieldsStack[] = 'mail_quota'; } else { $mailData = reseller_getMailData($data['domain_id'], $data['fallback_mail_quota']); if ($data['mail_quota'] != 0 && $data['mail_quota'] < $mailData['nb_mailboxes']) { set_page_message(tr('Email quota cannot be lower than %d. Each mailbox should have a least 1 MiB quota.', $mailData['nb_mailboxes']), 'error'); $errFieldsStack[] = 'mail_quota'; } } } else { $data['mail_quota'] = 0; } // Check for PHP support $data['domain_php'] = in_array($data['domain_php'], array('no', 'yes')) ? $data['domain_php'] : $data['fallback_domain_php']; // PHP editor $phpini = iMSCP_PHPini::getInstance(); // Needed to track changes $phpiniClientPerms = $phpini->getClientPermission(); $phpiniDomainConf = $phpini->getDomainIni(); if (isset($_POST['php_ini_system']) && $data['domain_php'] == 'yes' && $phpini->resellerHasPermission('phpiniSystem')) { $phpini->setClientPermission('phpiniSystem', clean_input($_POST['php_ini_system'])); if ($phpini->clientHasPermission('phpiniSystem')) { if (isset($_POST['phpini_perm_allow_url_fopen'])) { $phpini->setClientPermission('phpiniAllowUrlFopen', clean_input($_POST['phpini_perm_allow_url_fopen'])); } if (isset($_POST['phpini_perm_display_errors'])) { $phpini->setClientPermission('phpiniDisplayErrors', clean_input($_POST['phpini_perm_display_errors'])); } if (isset($_POST['phpini_perm_disable_functions'])) { $phpini->setClientPermission('phpiniDisableFunctions', clean_input($_POST['phpini_perm_disable_functions'])); } if (isset($_POST['phpini_perm_mail_function'])) { $phpini->setClientPermission('phpiniMailFunction', clean_input($_POST['phpini_perm_mail_function'])); } if (isset($_POST['memory_limit'])) { // Must be set before phpiniPostMaxSize $phpini->setDomainIni('phpiniMemoryLimit', clean_input($_POST['memory_limit'])); } if (isset($_POST['post_max_size'])) { // Must be set before phpiniUploadMaxFileSize $phpini->setDomainIni('phpiniPostMaxSize', clean_input($_POST['post_max_size'])); } if (isset($_POST['upload_max_filezize'])) { $phpini->setDomainIni('phpiniUploadMaxFileSize', clean_input($_POST['upload_max_filezize'])); } if (isset($_POST['max_execution_time'])) { $phpini->setDomainIni('phpiniMaxExecutionTime', clean_input($_POST['max_execution_time'])); } if (isset($_POST['max_input_time'])) { $phpini->setDomainIni('phpiniMaxInputTime', clean_input($_POST['max_input_time'])); } } else { $phpini->loadClientPermissions(); // Reset client PHP permissions $phpini->loadDomainIni(); // Reset domain PHP configuration options } } else { $phpini->loadClientPermissions(); // Reset client PHP permissions $phpini->loadDomainIni(); // Reset domain PHP configuration options } // Check for CGI support $data['domain_cgi'] = in_array($data['domain_cgi'], array('no', 'yes')) ? $data['domain_cgi'] : $data['fallback_domain_cgi']; // Check for custom DNS records support $data['domain_dns'] = in_array($data['domain_dns'], array('no', 'yes')) ? $data['domain_dns'] : $data['fallback_domain_dns']; // Check for APS support $data['domain_software_allowed'] = in_array($data['domain_software_allowed'], array('no', 'yes')) ? $data['domain_software_allowed'] : $data['fallback_domain_software_allowed']; // Check for External mail server support $data['domain_external_mail'] = in_array($data['domain_external_mail'], array('no', 'yes')) ? $data['domain_external_mail'] : $data['fallback_domain_external_mail']; // Check for backup support $data['allowbackup'] = is_array($data['allowbackup']) ? array_intersect($data['allowbackup'], array('dmn', 'sql', 'mail')) : $data['fallback_allowbackup']; // Check for Web folder protection support $data['web_folder_protection'] = in_array($data['web_folder_protection'], array('no', 'yes')) ? $data['web_folder_protection'] : $data['fallback_web_folder_protection']; if (empty($errFieldsStack) && !Zend_Session::namespaceIsset('pageMessages')) { // Update process begin here $oldValues = array(); $newValues = array(); foreach ($data as $property => $value) { if (strpos($property, 'fallback_') !== false) { $property = substr($property, 9); $oldValues[$property] = $value; $newValues[$property] = $data[$property]; } } $needDaemonRequest = false; if ($newValues == $oldValues && $phpiniClientPerms == $phpini->getClientPermission() && $phpiniDomainConf == $phpini->getDomainIni()) { set_page_message(tr('Nothing has been changed.'), 'info'); return true; } iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onBeforeEditDomain, array('domainId' => $domainId)); $db->beginTransaction(); if ($phpiniClientPerms != $phpini->getClientPermission() || $phpiniDomainConf != $phpini->getDomainIni()) { $phpini->updateDomainConfigOptions($data['admin_id']); $needDaemonRequest = true; } // PHP or CGI was either enabled or disabled or PHP Settings were changed, web folder protection // properties have been updated, or domain IP was changed, so we must update the vhosts files // of all domain entities (dmn, sub, als, alssub) if ($needDaemonRequest || $data['domain_php'] != $data['fallback_domain_php'] || $data['domain_cgi'] != $data['fallback_domain_cgi'] || $data['web_folder_protection'] != $data['fallback_web_folder_protection'] || $data['domain_ip_id'] != $data['fallback_domain_ip_id']) { if ($data['domain_alias_limit'] != '-1') { exec_query('UPDATE domain_aliasses SET alias_status = ? WHERE domain_id = ? AND alias_status <> ?', array('tochange', $domainId, 'ordered')); } $needDaemonRequest = true; } if ($data['domain_dns'] != $data['fallback_domain_dns'] && $data['domain_dns'] == 'no') { // Support for custom DNS records is now disabled - We must delete all custom DNS entries // (except those that are protected), and update the DNS zone file exec_query('DELETE FROM domain_dns WHERE domain_id = ? AND owned_by = ?', array($domainId, 'custom_dns_feature')); $needDaemonRequest = true; } // Update domain properties exec_query(' UPDATE domain SET domain_expires = ?, domain_last_modified = ?, domain_mailacc_limit = ?, domain_ftpacc_limit = ?, domain_traffic_limit = ?, domain_sqld_limit = ?, domain_sqlu_limit = ?, domain_status = ?, domain_alias_limit = ?, domain_subd_limit = ?, domain_ip_id = ?, domain_disk_limit = ?, domain_php = ?, domain_cgi = ?, allowbackup = ?, domain_dns = ?, domain_software_allowed = ?, phpini_perm_system = ?, phpini_perm_allow_url_fopen = ?, phpini_perm_display_errors = ?, phpini_perm_disable_functions = ?, phpini_perm_mail_function = ?, domain_external_mail = ?, web_folder_protection = ?, mail_quota = ? WHERE domain_id = ? ', array($data['domain_expires'], time(), $data['domain_mailacc_limit'], $data['domain_ftpacc_limit'], $data['domain_traffic_limit'], $data['domain_sqld_limit'], $data['domain_sqlu_limit'], $needDaemonRequest ? 'tochange' : 'ok', $data['domain_alias_limit'], $data['domain_subd_limit'], $data['domain_ip_id'], $data['domain_disk_limit'], $data['domain_php'], $data['domain_cgi'], implode('|', $data['allowbackup']), $data['domain_dns'], $data['domain_software_allowed'], $phpini->getClientPermission('phpiniSystem'), $phpini->getClientPermission('phpiniAllowUrlFopen'), $phpini->getClientPermission('phpiniDisplayErrors'), $phpini->getClientPermission('phpiniDisableFunctions'), $phpini->getClientPermission('phpiniMailFunction'), $data['domain_external_mail'], $data['web_folder_protection'], $data['mail_quota'] * 1048576, $domainId)); //print 'ouch'; exit; // Sync mailboxes quota if needed if ($data['fallback_mail_quota'] != $data['mail_quota'] * 1048576) { sync_mailboxes_quota($domainId, $data['mail_quota'] * 1048576); } // Update domain alias IP if needed if ($data['domain_ip_id'] != $data['fallback_domain_ip_id']) { if ($data['domain_alias_limit'] != '-1') { exec_query('UPDATE domain_aliasses SET alias_ip_id = ? WHERE domain_id = ?', array($data['domain_ip_id'], $domainId)); } } // Update Ftp quota limit if needed if ($data['domain_disk_limit'] != $data['fallback_domain_disk_limit']) { exec_query(' REPLACE INTO quotalimits ( name, quota_type, per_session, limit_type, bytes_in_avail, bytes_out_avail, bytes_xfer_avail, files_in_avail, files_out_avail, files_xfer_avail ) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?, ? ) ', array($data['domain_name'], 'group', 'false', 'hard', $data['domain_disk_limit'] * 1048576, 0, 0, 0, 0, 0)); } // Update reseller properties update_reseller_c_props($data['reseller_id']); $db->commit(); iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onAfterEditDomain, array('domainId' => $domainId)); if ($needDaemonRequest) { send_request(); set_page_message(tr('Domain scheduled for update.'), 'success'); } else { set_page_message(tr('Domain successfully updated.'), 'success'); } $userLogged = isset($_SESSION['logged_from']) ? $_SESSION['logged_from'] : $_SESSION['user_logged']; write_log("Domain " . decode_idna($data['domain_name']) . " has been updated by {$userLogged}", E_USER_NOTICE); return true; } } catch (iMSCP_Exception_Database $e) { $db->rollBack(); throw $e; } if (!empty($errFieldsStack)) { iMSCP_Registry::set('errFieldsStack', $errFieldsStack); } return false; }
/** * Save data for new user in db */ function add_user_data($reseller_id) { global $hpid, $dmn_name, $dmn_expire, $dmn_user_name, $admin_login, $user_email, $customer_id, $first_name, $last_name, $gender, $firm, $zip, $city, $state, $country, $street_one, $street_two, $phone, $fax, $inpass, $domain_ip, $dns, $backup, $countbackup; $sql = EasySCP_Registry::get('Db'); $cfg = EasySCP_Registry::get('Config'); // Let's get Desired Hosting Plan Data; $err_msg = ''; if (!empty($err_msg)) { set_page_message($err_msg, 'error'); return false; } if (isset($_SESSION["ch_hpprops"])) { $props = $_SESSION["ch_hpprops"]; unset($_SESSION["ch_hpprops"]); } else { if (isset($cfg->HOSTING_PLANS_LEVEL) && $cfg->HOSTING_PLANS_LEVEL === 'admin') { $query = 'SELECT `props` FROM `hosting_plans` WHERE `id` = ?'; $res = exec_query($sql, $query, $hpid); } else { $query = "SELECT `props` FROM `hosting_plans` WHERE `reseller_id` = ? AND `id` = ?"; $res = exec_query($sql, $query, array($reseller_id, $hpid)); } $data = $res->fetchRow(); $props = unserialize($data['props']); } $php = $props['allow_php']; $phpe = $props['allow_php_editor']; $cgi = $props['allow_cgi']; $sub = $props['subdomain_cnt']; $als = $props['alias_cnt']; $mail = $props['mail_cnt']; $ftp = $props['ftp_cnt']; $sql_db = $props['db_cnt']; $sql_user = $props['sqluser_cnt']; $traff = $props['traffic']; $disk = $props['disk']; $backup = $props['allow_backup']; $countbackup = $props['disk_countbackup']; $dns = $props['allow_dns']; $ssl = $props['allow_ssl']; $php = preg_replace("/\\_/", "", $php); $phpe = preg_replace("/\\_/", "", $phpe); $cgi = preg_replace("/\\_/", "", $cgi); $ssl = preg_replace("/\\_/", "", $ssl); $backup = preg_replace("/\\_/", "", $backup); $countbackup = preg_replace("/\\_/", "", $countbackup); $dns = preg_replace("/\\_/", "", $dns); $pure_user_pass = $inpass; $inpass = crypt_user_pass($inpass); $first_name = clean_input($first_name); $last_name = clean_input($last_name); $firm = clean_input($firm); $zip = clean_input($zip); $city = clean_input($city); $state = clean_input($state); $country = clean_input($country); $phone = clean_input($phone); $fax = clean_input($fax); $street_one = clean_input($street_one); $street_two = clean_input($street_two); $customer_id = clean_input($customer_id); if (!validates_dname(decode_idna($dmn_user_name))) { return; } $query = "\n\t\tINSERT INTO `admin` (\n\t\t\t`admin_name`, `admin_pass`, `admin_type`, `domain_created`,\n\t\t\t`created_by`, `fname`, `lname`,\n\t\t\t`firm`, `zip`, `city`, `state`,\n\t\t\t`country`, `email`, `phone`,\n\t\t\t`fax`, `street1`, `street2`,\n\t\t\t`customer_id`, `gender`\n\t\t)\n\t\tVALUES (\n\t\t\t?, ?, 'user', unix_timestamp(),\n\t\t\t?, ?, ?,\n\t\t\t?, ?, ?, ?,\n\t\t\t?, ?, ?,\n\t\t\t?, ?, ?,\n\t\t\t?, ?\n\t\t)\n\t"; exec_query($sql, $query, array($dmn_user_name, $inpass, $reseller_id, $first_name, $last_name, $firm, $zip, $city, $state, $country, $user_email, $phone, $fax, $street_one, $street_two, $customer_id, $gender)); print $sql->errorMsg(); $record_id = $sql->insertId(); $query = "\n\t\tINSERT INTO `domain` (\n\t\t\t`domain_name`, `domain_admin_id`,\n\t\t\t`domain_created_id`, `domain_created`, `domain_expires`,\n\t\t\t`domain_mailacc_limit`, `domain_ftpacc_limit`,\n\t\t\t`domain_traffic_limit`, `domain_sqld_limit`,\n\t\t\t`domain_sqlu_limit`, `status`,\n\t\t\t`domain_subd_limit`, `domain_alias_limit`,\n\t\t\t`domain_ip_id`, `domain_disk_limit`,\n\t\t\t`domain_disk_usage`, `domain_php`, `domain_php_edit`, `domain_cgi`,\n\t\t\t`allowbackup`, `domain_dns`, `domain_ssl`, `domain_disk_countbackup`\n\t\t)\n\t\tVALUES (\n\t\t\t:domain_name, :domain_admin_id,\n\t\t\t:domain_created_id, unix_timestamp(), :domain_expires,\n\t\t\t:domain_mailacc_limit, :domain_ftpacc_limit,\n\t\t\t:domain_traffic_limit, :domain_sqld_limit,\n\t\t\t:domain_sqlu_limit, :status,\n\t\t\t:domain_subd_limit, :domain_alias_limit,\n\t\t\t:domain_ip_id, :domain_disk_limit,\n\t\t\t'0', :domain_php, :domain_php_edit, :domain_cgi,\n\t\t\t:allowbackup, :domain_dns, :domain_ssl, :domain_disk_countbackup\n\t\t)\n\t"; $param = array(':domain_name' => $dmn_name, ':domain_admin_id' => $record_id, ':domain_created_id' => $reseller_id, ':domain_expires' => $dmn_expire, ':domain_mailacc_limit' => $mail, ':domain_ftpacc_limit' => $ftp, ':domain_traffic_limit' => $traff, ':domain_sqld_limit' => $sql_db, ':domain_sqlu_limit' => $sql_user, ':status' => $cfg->ITEM_ADD_STATUS, ':domain_subd_limit' => $sub, ':domain_alias_limit' => $als, ':domain_ip_id' => $domain_ip, ':domain_disk_limit' => $disk, ':domain_php' => $php, ':domain_php_edit' => $phpe, ':domain_cgi' => $cgi, ':allowbackup' => $backup, ':domain_dns' => $dns, ':domain_ssl' => $ssl, ':domain_disk_countbackup' => $countbackup); DB::prepare($query); DB::execute($param); $dmn_id = DB::getInstance()->lastInsertId(); // AddDefaultDNSEntries($dmn_id, 0, $dmn_name, $domain_ip); // TODO: Check if max user and group id is reached // update domain and gid $domain_gid = $cfg->APACHE_SUEXEC_MIN_GID + $dmn_id; $domain_uid = $cfg->APACHE_SUEXEC_MIN_UID + $dmn_id; $query = "\n\t\tUPDATE `domain`\n\t\tSET `domain_gid`=?,\n\t\t\t`domain_uid`=?\n\t\tWHERE `domain_id`=?\n\t"; exec_query($sql, $query, array($domain_gid, $domain_uid, $dmn_id)); // Add statistics group $query = "\n\t\tINSERT INTO `htaccess_users`\n\t\t\t(`dmn_id`, `uname`, `upass`, `status`)\n\t\tVALUES\n\t\t\t(?, ?, ?, ?)\n\t"; exec_query($sql, $query, array($dmn_id, $dmn_name, crypt_user_pass_with_salt($pure_user_pass), $cfg->ITEM_ADD_STATUS)); $user_id = $sql->insertId(); $query = "\n\t\tINSERT INTO `htaccess_groups`\n\t\t\t(`dmn_id`, `ugroup`, `members`, `status`)\n\t\tVALUES\n\t\t\t(?, ?, ?, ?)\n\t"; exec_query($sql, $query, array($dmn_id, $cfg->AWSTATS_GROUP_AUTH, $user_id, $cfg->ITEM_ADD_STATUS)); // Create the 3 default addresses if wanted if ($cfg->CREATE_DEFAULT_EMAIL_ADDRESSES) { client_mail_add_default_accounts($dmn_id, $user_email, $dmn_name); // 'domain', 0 } // let's send mail to user send_add_user_auto_msg($reseller_id, $dmn_user_name, $pure_user_pass, $user_email, $first_name, $last_name, tr('Domain account')); // $user_def_lang = $cfg->USER_INITIAL_LANG; $user_def_lang = ''; // $user_theme_color = $cfg->USER_INITIAL_THEME; $user_theme_color = ''; $query = "\n\t\tINSERT INTO `user_gui_props`\n\t\t\t(`user_id`, `lang`, `layout`)\n\t\tVALUES\n\t\t\t(?, ?, ?)\n\t"; exec_query($sql, $query, array($record_id, $user_def_lang, $user_theme_color)); // send request to daemon // TODO Prüfen, da es hier zu einem Fehler kommt ("Domain data has been altered. Please enter again.") send_request('110 DOMAIN domain ' . $dmn_id); send_request('130 MAIL ' . $dmn_id); $admin_login = $_SESSION['user_logged']; write_log("{$admin_login}: add user: {$dmn_user_name} (for domain {$dmn_name})"); write_log("{$admin_login}: add domain: {$dmn_name}"); update_reseller_c_props($reseller_id); if (isset($_POST['add_alias']) && $_POST['add_alias'] === 'on') { // we have to add some aliases for this looser $_SESSION['dmn_id'] = $dmn_id; $_SESSION['dmn_ip'] = $domain_ip; $_SESSION['user_add3_add_alias'] = "_yes_"; user_goto('user_add4.php?accout=' . $dmn_id); } else { // we have not to add alias $_SESSION['user_add3_added'] = "_yes_"; user_goto('users.php?psi=last'); } }
function add_ftp_user($sql, $dmn_name) { $cfg = EasySCP_Registry::get('Config'); $username = strtolower(clean_input($_POST['username'])); if (!validates_username($username)) { set_page_message(tr("Incorrect username length or syntax!"), 'warning'); return; } // Set default values ($ftp_home may be overwritten if user // has specified a mount point) switch ($_POST['dmn_type']) { // Default moint point for a domain case 'dmn': $ftp_user = $username . $cfg->FTP_USERNAME_SEPARATOR . $dmn_name; $ftp_home = $cfg->FTP_HOMEDIR . "/{$dmn_name}"; break; // Default mount point for an alias domain // Default mount point for an alias domain case 'als': $ftp_user = $username . $cfg->FTP_USERNAME_SEPARATOR . $_POST['als_id']; $alias_mount_point = get_alias_mount_point($sql, $_POST['als_id']); $ftp_home = $cfg->FTP_HOMEDIR . "/{$dmn_name}" . $alias_mount_point; break; // Default mount point for a subdomain // Default mount point for a subdomain case 'sub': $ftp_user = $username . $cfg->FTP_USERNAME_SEPARATOR . $_POST['sub_id'] . '.' . $dmn_name; $ftp_home = $cfg->FTP_HOMEDIR . "/{$dmn_name}/" . clean_input($_POST['sub_id']); break; // Unknown domain type (?) // Unknown domain type (?) default: set_page_message(tr('Unknown domain type'), 'error'); return; break; } // User-specified mount point if (isset($_POST['use_other_dir']) && $_POST['use_other_dir'] === 'on') { $ftp_vhome = clean_input($_POST['other_dir'], false); // Strip possible double-slashes $ftp_vhome = str_replace('//', '/', $ftp_vhome); // Check for updirs ".." $res = preg_match("/\\.\\./", $ftp_vhome); if ($res !== 0) { set_page_message(tr('Incorrect mount point length or syntax'), 'error'); return; } $ftp_home = $cfg->FTP_HOMEDIR . "/{$dmn_name}/" . $ftp_vhome; // Strip possible double-slashes $ftp_home = str_replace('//', '/', $ftp_home); // Check for $ftp_vhome existence // Create a virtual filesystem (it's important to use =&!) $vfs = new EasySCP_VirtualFileSystem($dmn_name, $sql); // Check for directory existence $res = $vfs->exists($ftp_vhome); if (!$res) { set_page_message(tr('%s does not exist', $ftp_vhome), 'error'); return; } } // End of user-specified mount-point $ftp_gid = get_ftp_user_gid($sql, $dmn_name, $ftp_user); $ftp_uid = get_ftp_user_uid($sql, $dmn_name, $ftp_user, $ftp_gid); if ($ftp_uid == -1) { return; } $ftp_shell = $cfg->CMD_SHELL; $ftp_passwd = crypt_user_pass_with_salt($_POST['pass']); $ftp_loginpasswd = encrypt_db_password($_POST['pass']); $query = "\n\t\tINSERT INTO ftp_users\n\t\t\t(`userid`, `passwd`, `net2ftppasswd`, `uid`, `gid`, `shell`, `homedir`)\n\t\tVALUES\n\t\t\t(?, ?, ?, ?, ?, ?, ?)\n\t"; exec_query($sql, $query, array($ftp_user, $ftp_passwd, $ftp_loginpasswd, $ftp_uid, $ftp_gid, $ftp_shell, $ftp_home)); $domain_props = get_domain_default_props($_SESSION['user_id']); update_reseller_c_props($domain_props['domain_created_id']); write_log($_SESSION['user_logged'] . ": add new FTP account: {$ftp_user}"); set_page_message(tr('FTP account added!'), 'success'); user_goto('ftp_accounts.php'); }
/** * * @global <type> $cr_user_id * @global <type> $alias_name * @global <type> $domain_ip * @global <type> $forward * @global <type> $forward_prefix * @global <type> $mount_point * @global <type> $validation_err_msg * @param <type> $err_al * @return <type> */ function add_domain_alias(&$err_al) { global $cr_user_id, $alias_name, $domain_ip, $forward, $forward_prefix, $mount_point, $validation_err_msg; $cfg = EasySCP_Registry::get('Config'); $sql = EasySCP_Registry::get('Db'); $cr_user_id = $dmn_id = $_SESSION['dmn_id']; $alias_name = strtolower(clean_input($_POST['ndomain_name'])); $domain_ip = $_SESSION['dmn_ip']; $mount_point = array_encode_idna(strtolower($_POST['ndomain_mpoint']), true); if ($_POST['status'] == 1) { $forward = encode_idna(strtolower(clean_input($_POST['forward']))); $forward_prefix = clean_input($_POST['forward_prefix']); } else { $forward = 'no'; $forward_prefix = ''; } // Check if input string is a valid domain names if (!validates_dname($alias_name)) { set_page_message($validation_err_msg, 'warning'); return; } // Should be perfomed after domain names syntax validation now $alias_name = encode_idna($alias_name); if (easyscp_domain_exists($alias_name, $_SESSION['user_id'])) { $err_al = tr('Domain with that name already exists on the system!'); } else { if (!validates_mpoint($mount_point) && $mount_point != '/') { $err_al = tr("Incorrect mount point syntax"); } else { if ($_POST['status'] == 1) { $aurl = @parse_url($forward_prefix . decode_idna($forward)); if ($aurl === false) { $err_al = tr("Wrong address in forward URL!"); } else { $domain = $aurl['host']; if (substr_count($domain, '.') <= 2) { $ret = validates_dname($domain); } else { $ret = validates_dname($domain, true); } if (!$ret) { $err_al = tr("Wrong domain part in forward URL!"); } else { $domain = encode_idna($aurl['host']); $forward = $aurl['scheme'] . '://'; if (isset($aurl['user'])) { $forward .= $aurl['user'] . (isset($aurl['pass']) ? ':' . $aurl['pass'] : '') . '@'; } $forward .= $domain; if (isset($aurl['port'])) { $forward .= ':' . $aurl['port']; } if (isset($aurl['path'])) { $forward .= $aurl['path']; } else { $forward .= '/'; } if (isset($aurl['query'])) { $forward .= '?' . $aurl['query']; } if (isset($aurl['fragment'])) { $forward .= '#' . $aurl['fragment']; } } } } else { $query = "\n\t\t\tSELECT\n\t\t\t\t`domain_id`\n\t\t\tFROM\n\t\t\t\t`domain_aliasses`\n\t\t\tWHERE\n\t\t\t\t`alias_name` = ?\n\t\t;"; $res = exec_query($sql, $query, $alias_name); $query = "\n\t\t\tSELECT\n\t\t\t\t`domain_id`\n\t\t\tFROM\n\t\t\t\t`domain`\n\t\t\tWHERE\n\t\t\t\t`domain_name` = ?\n\t\t;"; $res2 = exec_query($sql, $query, $alias_name); if ($res->rowCount() > 0 || $res2->rowCount() > 0) { // we already have a domain with this name $err_al = tr("Domain with this name already exist"); } if (mount_point_exists($dmn_id, $mount_point)) { $err_al = tr('Mount point already in use!'); } } } } if ('_off_' !== $err_al) { set_page_message($err_al, 'error'); return; } // Begin add new alias domain $query = "\n\t\tINSERT INTO\n\t\t\t`domain_aliasses` (\n\t\t\t\t`domain_id`, `alias_name`, `alias_mount`, `status`,\n\t\t\t\t`alias_ip_id`, `url_forward`\n\t\t\t)\n\t\tVALUES\n\t\t\t(?, ?, ?, ?, ?, ?)\n\t;"; exec_query($sql, $query, array($cr_user_id, $alias_name, $mount_point, $cfg->ITEM_ADD_STATUS, $domain_ip, $forward)); $alias_id = $sql->insertId(); update_reseller_c_props(get_reseller_id($cr_user_id)); send_request('110 DOMAIN alias ' . $alias_id); $admin_login = $_SESSION['user_logged']; write_log("{$admin_login}: add domain alias: {$alias_name}"); $_SESSION['alias_added_succesfully'] = 1; user_goto('user_add4.php?accout=' . $cr_user_id); }
/** * Add customer * * @throws iMSCP_Exception_Database * @return void */ function addCustomer() { global $hpId, $dmnName, $dmnExpire, $domainIp, $adminName, $email, $password, $customerId, $firstName, $lastName, $gender, $firm, $zip, $city, $state, $country, $phone, $fax, $street1, $street2; $cfg = iMSCP_Registry::get('config'); if (isset($_SESSION['ch_hpprops'])) { $props = $_SESSION['ch_hpprops']; unset($_SESSION['ch_hpprops']); } else { $stmt = exec_query('SELECT props FROM hosting_plans WHERE reseller_id = ? AND id = ?', array($_SESSION['user_id'], $hpId)); $data = $stmt->fetchRow(); $props = $data['props']; } list($php, $cgi, $sub, $als, $mail, $ftp, $sql_db, $sql_user, $traff, $disk, $backup, $dns, $aps, $phpEditor, $phpiniAllowUrlFopen, $phpiniDisplayErrors, $phpiniDisableFunctions, $phpMailFunction, $phpiniPostMaxSize, $phpiniUploadMaxFileSize, $phpiniMaxExecutionTime, $phpiniMaxInputTime, $phpiniMemoryLimit, $extMailServer, $webFolderProtection, $mailQuota) = explode(';', $props); $php = str_replace('_', '', $php); $cgi = str_replace('_', '', $cgi); $backup = str_replace('_', '', $backup); $dns = str_replace('_', '', $dns); $aps = str_replace('_', '', $aps); $extMailServer = str_replace('_', '', $extMailServer); $webFolderProtection = str_replace('_', '', $webFolderProtection); $encryptedPassword = cryptPasswordWithSalt($password); $db = iMSCP_Database::getInstance(); try { iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onBeforeAddDomain, array('domainName' => $dmnName, 'createdBy' => $_SESSION['user_id'], 'customerId' => $customerId, 'customerEmail' => $email)); $db->beginTransaction(); exec_query(' INSERT INTO admin ( admin_name, admin_pass, admin_type, domain_created, created_by, fname, lname, firm, zip, city, state, country, email, phone, fax, street1, street2, customer_id, gender, admin_status ) VALUES ( ?, ?, ?, unix_timestamp(), ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ? ) ', array($adminName, $encryptedPassword, 'user', $_SESSION['user_id'], $firstName, $lastName, $firm, $zip, $city, $state, $country, $email, $phone, $fax, $street1, $street2, $customerId, $gender, 'toadd')); $adminId = $db->insertId(); exec_query(' INSERT INTO domain ( domain_name, domain_admin_id, domain_created, domain_expires, domain_mailacc_limit, domain_ftpacc_limit, domain_traffic_limit, domain_sqld_limit, domain_sqlu_limit, domain_status, domain_alias_limit, domain_subd_limit, domain_ip_id, domain_disk_limit, domain_disk_usage, domain_php, domain_cgi, allowbackup, domain_dns, domain_software_allowed, phpini_perm_system, phpini_perm_allow_url_fopen, phpini_perm_display_errors, phpini_perm_disable_functions, phpini_perm_mail_function, domain_external_mail, web_folder_protection, mail_quota ) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ? ) ', array($dmnName, $adminId, time(), $dmnExpire, $mail, $ftp, $traff, $sql_db, $sql_user, 'toadd', $als, $sub, $domainIp, $disk, 0, $php, $cgi, $backup, $dns, $aps, $phpEditor, $phpiniAllowUrlFopen, $phpiniDisplayErrors, $phpiniDisableFunctions, $phpMailFunction, $extMailServer, $webFolderProtection, $mailQuota)); $dmnId = $db->insertId(); if ($phpEditor == 'yes') { $phpini = iMSCP_PHPini::getInstance(); $phpini->setDomainIni('phpiniMemoryLimit', $phpiniMemoryLimit); // Must be set before phpiniPostMaxSize $phpini->setDomainIni('phpiniPostMaxSize', $phpiniPostMaxSize); // Must be set before phpiniUploadMaxFileSize $phpini->setDomainIni('phpiniUploadMaxFileSize', $phpiniUploadMaxFileSize); $phpini->setDomainIni('phpiniMaxExecutionTime', $phpiniMaxExecutionTime); $phpini->setDomainIni('phpiniMaxInputTime', $phpiniMaxInputTime); $phpini->saveDomainIni($adminId, $dmnId, 'dmn'); } exec_query('INSERT INTO htaccess_users (dmn_id, uname, upass, status) VALUES (?, ?, ?, ?)', array($dmnId, $dmnName, $encryptedPassword, 'toadd')); exec_query('INSERT INTO htaccess_groups (dmn_id, ugroup, members, status) VALUES (?, ?, ?, ?)', array($dmnId, 'statistics', $db->insertId(), 'toadd')); if ($cfg['CREATE_DEFAULT_EMAIL_ADDRESSES']) { client_mail_add_default_accounts($dmnId, $email, $dmnName); } send_add_user_auto_msg($_SESSION['user_id'], $adminName, $password, $email, $firstName, $lastName, tr('Customer')); exec_query('INSERT INTO user_gui_props (user_id, lang, layout) VALUES (?, ?, ?)', array($adminId, $cfg['USER_INITIAL_LANG'], $cfg['USER_INITIAL_THEME'])); update_reseller_c_props($_SESSION['user_id']); $db->commit(); iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onAfterAddDomain, array('domainName' => $dmnName, 'createdBy' => $_SESSION['user_id'], 'customerId' => $adminId, 'customerEmail' => $email, 'domainId' => $dmnId)); send_request(); write_log("{$_SESSION['user_logged']} added new customer: {$adminName}", E_USER_NOTICE); set_page_message(tr('Customer account successfully scheduled for creation.'), 'success'); redirectTo('users.php'); } catch (iMSCP_Exception_Database $e) { $db->rollBack(); throw $e; } }
/** * @param int $user_id * @param int $domain_id * @param <type> $sub_name * @param <type> $sub_mnt_pt * @param <type> $forward */ function subdomain_schedule($user_id, $domain_id, $sub_name, $sub_mnt_pt, $forward, $sub_id = null) { $cfg = EasySCP_Registry::get('Config'); $sql = EasySCP_Registry::get('Db'); $status_add = $cfg->ITEM_ADD_STATUS; if ($_POST['dmn_type'] == 'als') { $query = "\n\t\t\tINSERT INTO\n\t\t\t\tsubdomain_alias\n\t\t\t\t\t(alias_id,\n\t\t\t\t\tsubdomain_alias_name,\n\t\t\t\t\tsubdomain_alias_mount,\n\t\t\t\t\tsubdomain_alias_url_forward,\n\t\t\t\t\tstatus,subdomain_id)\n\t\t\tVALUES\n\t\t\t\t(?, ?, ?, ?, ?, ?)\n\t\t;"; exec_query($sql, $query, array($domain_id, $sub_name, $sub_mnt_pt, $forward, $status_add, $sub_id)); } else { $query = "\n\t\t\tINSERT INTO\n\t\t\t\t`subdomain`\n\t\t\t\t\t(`domain_id`,\n\t\t\t\t\t`subdomain_name`,\n\t\t\t\t\t`subdomain_mount`,\n\t\t\t\t\t`subdomain_url_forward`,\n\t\t\t\t\t`status`)\n\t\t\tVALUES\n\t\t\t\t(?, ?, ?, ?, ?)\n\t\t;"; exec_query($sql, $query, array($domain_id, $sub_name, $sub_mnt_pt, $forward, $status_add)); } update_reseller_c_props(get_reseller_id($domain_id)); // $subdomain_id = $sql->insertId(); // We do not need to create the default mail addresses, subdomains are // related to their domains. write_log($_SESSION['user_logged'] . ": adds new subdomain: " . $sub_name); if ($_POST['dmn_type'] == 'als') { send_request('110 DOMAIN alias ' . $domain_id); } else { send_request('110 DOMAIN domain ' . $domain_id); } }
/** * Deletes the given customer * * @throws iMSCP_Exception * @param integer $customerId Customer unique identifier * @param boolean $checkCreatedBy Tell whether or not customer must have been created by logged-in user * @return bool TRUE on success, FALSE otherwise */ function deleteCustomer($customerId, $checkCreatedBy = false) { iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onBeforeDeleteCustomer, array('customerId' => $customerId)); // Get username, uid and gid of domain user $query = ' SELECT admin_name, created_by, domain_id FROM admin INNER JOIN domain ON(domain_admin_id = admin_id) WHERE admin_id = ? '; if ($checkCreatedBy) { $query .= 'AND created_by = ?'; $stmt = exec_query($query, array($customerId, $_SESSION['user_id'])); } else { $stmt = exec_query($query, $customerId); } if (!$stmt->rowCount()) { return false; } $customerName = $stmt->fields['admin_name']; $mainDomainId = $stmt->fields['domain_id']; $resellerId = $stmt->fields['created_by']; $deleteStatus = 'todelete'; $db = iMSCP_Database::getInstance(); try { // First, we remove customer sessions to prevent any problems exec_query('DELETE FROM login WHERE user_name = ?', $customerName); // Remove customer's databases and Sql users $stmt = exec_query('SELECT sqld_id FROM sql_database WHERE domain_id = ?', $mainDomainId); while ($row = $stmt->fetchRow(PDO::FETCH_ASSOC)) { delete_sql_database($mainDomainId, $row['sqld_id']); } $db->beginTransaction(); // Deletes all protected areas data (areas, groups and users) exec_query(' DELETE t2, t3, t4 FROM domain AS t1 LEFT JOIN htaccess AS t2 ON (t2.dmn_id = t1.domain_id) LEFT JOIN htaccess_users AS t3 ON (t3.dmn_id = t1.domain_id) LEFT JOIN htaccess_groups AS t4 ON (t4.dmn_id = t1.domain_id) WHERE t1.domain_id = ? ', $mainDomainId); // Deletes domain traffic entries exec_query('DELETE FROM domain_traffic WHERE domain_id = ?', $mainDomainId); // Deletes custom DNS records exec_query('DELETE FROM domain_dns WHERE domain_id = ?', $mainDomainId); // Deletes FTP accounts (users and groups) exec_query('DELETE FROM ftp_users WHERE admin_id = ?', $customerId); exec_query('DELETE FROM ftp_group WHERE groupname = ?', $customerName); // Deletes quota entries exec_query('DELETE FROM quotalimits WHERE name = ?', $customerName); exec_query('DELETE FROM quotatallies WHERE name = ?', $customerName); // Deletes support tickets exec_query('DELETE FROM tickets WHERE ticket_from = ? OR ticket_to = ?', array($customerId, $customerId)); // Deletes user gui properties exec_query('DELETE FROM user_gui_props WHERE user_id = ?', $customerId); // Deletes php.ini entries exec_query('DELETE FROM php_ini WHERE admin_id = ?', $customerId); // // Delegated tasks - begin // // Schedule mail accounts deletion exec_query('UPDATE mail_users SET status = ? WHERE domain_id = ?', array($deleteStatus, $mainDomainId)); // Schedule subdomain's aliasses deletion exec_query(' UPDATE subdomain_alias AS t1 JOIN domain_aliasses AS t2 ON(t2.domain_id = ?) SET t1.subdomain_alias_status = ? WHERE t1.alias_id = t2.alias_id ', array($mainDomainId, $deleteStatus)); // Schedule domain aliases deletion exec_query('UPDATE domain_aliasses SET alias_status = ? WHERE domain_id = ?', array($deleteStatus, $mainDomainId)); // Schedule domain's subdomains deletion exec_query('UPDATE subdomain SET subdomain_status = ? WHERE domain_id = ?', array($deleteStatus, $mainDomainId)); // Schedule domain deletion exec_query('UPDATE domain SET domain_status = ? WHERE domain_id = ?', array($deleteStatus, $mainDomainId)); // Schedule user deletion exec_query('UPDATE admin SET admin_status = ? WHERE admin_id = ?', array($deleteStatus, $customerId)); // Schedule SSL certificates deletion exec_query("UPDATE ssl_certs SET status = ? WHERE domain_type = 'dmn' AND domain_id = ?", array($deleteStatus, $mainDomainId)); exec_query("\n\t\t\t\tUPDATE\n\t\t\t\t\tssl_certs\n\t\t\t\tSET\n\t\t\t\t\tstatus = ?\n\t\t\t\tWHERE\n\t\t\t\t\tdomain_id IN (SELECT alias_id FROM domain_aliasses WHERE domain_id = ?)\n\t\t\t\tAND\n\t\t\t\t\tdomain_type = ?\n\t\t\t", array($deleteStatus, $mainDomainId, 'als')); exec_query("\n\t\t\t\tUPDATE\n\t\t\t\t\tssl_certs SET status = ?\n\t\t\t\tWHERE\n\t\t\t\t\tdomain_id IN (SELECT subdomain_id FROM subdomain WHERE domain_id = ?)\n\t\t\t\tAND\n\t\t\t\t\tdomain_type = ?\n\t\t\t", array($deleteStatus, $mainDomainId, 'sub')); exec_query("\n\t\t\t\tUPDATE\n\t\t\t\t\tssl_certs SET status = ?\n\t\t\t\tWHERE\n\t\t\t\t\tdomain_id IN (\n\t\t\t\t\t\tSELECT\n\t\t\t\t\t\t\tsubdomain_alias_id\n\t\t\t\t\t\tFROM\n\t\t\t\t\t\t\tsubdomain_alias\n\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\talias_id IN (SELECT alias_id FROM domain_aliasses WHERE domain_id = ?)\n\t\t\t\t\t)\n\t\t\t\tAND\n\t\t\t\t\tdomain_type = ?\n\t\t\t", array($deleteStatus, $mainDomainId, 'alssub')); // // Delegated tasks - end // // Updates resellers properties update_reseller_c_props($resellerId); // Commit all changes to database server $db->commit(); iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onAfterDeleteCustomer, array('customerId' => $customerId)); } catch (iMSCP_Exception $e) { $db->rollBack(); throw new iMSCP_Exception($e->getMessage(), $e->getCode(), $e); } // We are now ready to send a request to the daemon for delegated tasks. // Note: We are safe here. If the daemon doesn't answer, some entities will not be removed. In such case the // sysadmin will have to fix the problem causing deletion break and send a request to the daemon manually via the // panel, or run the imscp-rqst-mngr script manually. send_request(); return true; }
/** * * @global <type> $cr_user_id * @global <type> $alias_name * @global <type> $domain_ip * @global <type> $forward * @global <type> $forward_prefix * @global <type> $mount_point * @global <type> $validation_err_msg * @param <type> $err_al * @return <type> */ function add_domain_alias(&$err_al) { global $cr_user_id, $alias_name, $domain_ip, $forward, $forward_prefix, $mount_point, $validation_err_msg; $cfg = EasySCP_Registry::get('Config'); $sql = EasySCP_Registry::get('Db'); $cr_user_id = $_POST['usraccounts']; $alias_name = strtolower($_POST['ndomain_name']); $mount_point = array_encode_idna(strtolower($_POST['ndomain_mpoint']), true); if ($_POST['status'] == 1) { $forward = encode_idna(strtolower(clean_input($_POST['forward']))); $forward_prefix = clean_input($_POST['forward_prefix']); } else { $forward = 'no'; $forward_prefix = ''; } $query = "\n\t\tSELECT\n\t\t\t`domain_ip_id`\n\t\tFROM\n\t\t\t`domain`\n\t\tWHERE\n\t\t\t`domain_id` = ?\n\t;"; $rs = exec_query($sql, $query, $cr_user_id); $domain_ip = $rs->fields['domain_ip_id']; // First check if input string is a valid domain names if (!validates_dname($alias_name)) { $err_al = $validation_err_msg; return; } // Should be perfomed after domain names syntax validation now $alias_name = encode_idna($alias_name); if (easyscp_domain_exists($alias_name, $_SESSION['user_id'])) { $err_al = tr('Domain with that name already exists on the system!'); // } else if (!validates_mpoint($mount_point) && $mount_point != '/') { // $err_al = tr("Incorrect mount point syntax"); } else { if ($alias_name == $cfg->BASE_SERVER_VHOST) { $err_al = tr('Master domain cannot be used!'); } else { if ($_POST['status'] == 1) { $aurl = @parse_url($forward_prefix . decode_idna($forward)); if ($aurl === false) { $err_al = tr("Wrong address in forward URL!"); } else { $domain = $aurl['host']; if (substr_count($domain, '.') <= 2) { $ret = validates_dname($domain); } else { $ret = validates_dname($domain, true); } if (!$ret) { $err_al = tr("Wrong domain part in forward URL!"); } else { $domain = encode_idna($aurl['host']); $forward = $aurl['scheme'] . '://'; if (isset($aurl['user'])) { $forward .= $aurl['user'] . (isset($aurl['pass']) ? ':' . $aurl['pass'] : '') . '@'; } $forward .= $domain; if (isset($aurl['port'])) { $forward .= ':' . $aurl['port']; } if (isset($aurl['path'])) { $forward .= $aurl['path']; } else { $forward .= '/'; } if (isset($aurl['query'])) { $forward .= '?' . $aurl['query']; } if (isset($aurl['fragment'])) { $forward .= '#' . $aurl['fragment']; } } } } else { $query = "\n\t\t\tSELECT\n\t\t\t\t`domain_id`\n\t\t\tFROM\n\t\t\t\t`domain_aliasses`\n\t\t\tWHERE\n\t\t\t\t`alias_name` = ?\n\t\t;"; $res = exec_query($sql, $query, $alias_name); $query = "\n\t\t\tSELECT\n\t\t\t\t`domain_id`\n\t\t\tFROM\n\t\t\t\t`domain`\n\t\t\tWHERE\n\t\t\t\t`domain_name` = ?\n\t\t;"; $res2 = exec_query($sql, $query, $alias_name); if ($res->rowCount() > 0 || $res2->rowCount() > 0) { // we already have domain with this name $err_al = tr("Domain with this name already exist"); } $query = "\n\t\t\tSELECT\n\t\t\t\tCOUNT(`subdomain_id`) AS cnt\n\t\t\tFROM\n\t\t\t\t`subdomain`\n\t\t\tWHERE\n\t\t\t\t\t`domain_id` = ?\n\t\t\t\tAND `subdomain_mount` = ?\n\t\t\t;"; $subdomres = exec_query($sql, $query, array($cr_user_id, $mount_point)); $subdomdata = $subdomres->fetchRow(); $query = "\n\t\t\tSELECT\n\t\t\t\tCOUNT(`subdomain_alias_id`) AS alscnt\n\t\t\tFROM\n\t\t\t\t`subdomain_alias`\n\t\t\tWHERE\n\t\t\t\t\t`alias_id`\n\t\t\t\tIN (\n\t\t\t\t\tSELECT\n\t\t\t\t\t\t`alias_id`\n\t\t\t\t\tFROM\n\t\t\t\t\t\t`domain_aliasses`\n\t\t\t\t\tWHERE\n\t\t\t\t\t\t`domain_id` = ?\n\t\t\t\t\t)\n\t\t\t\tAND\n\t\t\t\t\t`subdomain_alias_mount` = ?\n\t\t;"; $alssubdomres = exec_query($sql, $query, array($cr_user_id, $mount_point)); $alssubdomdata = $alssubdomres->fetchRow(); if ($subdomdata['cnt'] > 0 || $alssubdomdata['alscnt'] > 0) { $err_al = tr("There is a subdomain with the same mount point!"); } } } } if ('_off_' !== $err_al) { return; } // Begin add new alias domain $alias_name = htmlspecialchars($alias_name, ENT_QUOTES, "UTF-8"); $query = "\n\t\tINSERT INTO\n\t\t\t`domain_aliasses` (\n\t\t\t\t`domain_id`, `alias_name`, `alias_mount`, `status`,\n\t\t\t\t`alias_ip_id`, `url_forward`\n\t\t\t)\n\t\tVALUES\n\t\t\t(?, ?, ?, ?, ?, ?)\n\t;"; exec_query($sql, $query, array($cr_user_id, $alias_name, $mount_point, $cfg->ITEM_ADD_STATUS, $domain_ip, $forward)); $als_id = $sql->insertId(); update_reseller_c_props(get_reseller_id($cr_user_id)); $query = "\n\t\tSELECT\n\t\t\t`email`\n\t\tFROM\n\t\t\t`admin`\n\t\tWHERE\n\t\t\t`admin_id` = ?\n\t\tLIMIT 1\n\t;"; $rs = exec_query($sql, $query, who_owns_this($cr_user_id, 'dmn_id')); $user_email = $rs->fields['email']; // Create the three default addresses if required if ($cfg->CREATE_DEFAULT_EMAIL_ADDRESSES) { client_mail_add_default_accounts($cr_user_id, $user_email, $alias_name, 'alias', $als_id); } send_request('110 DOMAIN alias ' . $als_id); $admin_login = $_SESSION['user_logged']; write_log("{$admin_login}: add domain alias: {$alias_name}"); $_SESSION["aladd"] = '_yes_'; user_goto('alias.php'); }
/** * * @global <type> $cr_user_id * @global <type> $alias_name * @global <type> $domain_ip * @global <type> $forward * @global <type> $forward_prefix * @global <type> $mount_point * @global <type> $validation_err_msg * @param <type> $err_al * @return <type> */ function add_domain_alias(&$err_al) { global $cr_user_id, $alias_name, $domain_ip, $forward, $forward_prefix, $mount_point, $validation_err_msg; $cfg = EasySCP_Registry::get('Config'); $sql = EasySCP_Registry::get('Db'); $cr_user_id = get_user_domain_id($_SESSION['user_id']); $alias_name = strtolower($_POST['ndomain_name']); // $mount_point = array_encode_idna(strtolower($_POST['ndomain_mpoint']), true); if ($_POST['status'] == 1) { $forward = encode_idna(strtolower(clean_input($_POST['forward']))); $forward_prefix = clean_input($_POST['forward_prefix']); } else { $forward = 'no'; $forward_prefix = ''; } $query = "\n\t\tSELECT\n\t\t\t`domain_ip_id`\n\t\tFROM\n\t\t\t`domain`\n\t\tWHERE\n\t\t\t`domain_id` = ?\n\t"; $rs = exec_query($sql, $query, $cr_user_id); $domain_ip = $rs->fields['domain_ip_id']; // First check if input string is a valid domain names if (!validates_dname($alias_name)) { $err_al = $validation_err_msg; return; } // Should be perfomed after domain names syntax validation now $alias_name = encode_idna($alias_name); if (easyscp_domain_exists($alias_name, 0)) { $err_al = tr('Domain with that name already exists on the system!'); // } else if (!validates_mpoint($mount_point) && $mount_point != '/') { // $err_al = tr("Incorrect mount point syntax"); } else { if ($alias_name == $cfg->BASE_SERVER_VHOST) { $err_al = tr('Master domain cannot be used!'); } else { if ($_POST['status'] == 1) { $aurl = @parse_url($forward_prefix . decode_idna($forward)); if ($aurl === false) { $err_al = tr("Wrong address in forward URL!"); } else { $domain = $aurl['host']; if (substr_count($domain, '.') <= 2) { $ret = validates_dname($domain); } else { $ret = validates_dname($domain, true); } if (!$ret) { $err_al = tr("Wrong domain part in forward URL!"); } else { $domain = encode_idna($aurl['host']); $forward = $aurl['scheme'] . '://'; if (isset($aurl['user'])) { $forward .= $aurl['user'] . (isset($aurl['pass']) ? ':' . $aurl['pass'] : '') . '@'; } $forward .= $domain; if (isset($aurl['port'])) { $forward .= ':' . $aurl['port']; } if (isset($aurl['path'])) { $forward .= $aurl['path']; } else { $forward .= '/'; } if (isset($aurl['query'])) { $forward .= '?' . $aurl['query']; } if (isset($aurl['fragment'])) { $forward .= '#' . $aurl['fragment']; } } } } else { $query = "\n\t\t\tSELECT\n\t\t\t\t`domain_id`\n\t\t\tFROM\n\t\t\t\t`domain_aliasses`\n\t\t\tWHERE\n\t\t\t\t`alias_name` = ?\n\t\t;"; $res = exec_query($sql, $query, $alias_name); $query = "\n\t\t\tSELECT\n\t\t\t\t`domain_id`\n\t\t\tFROM\n\t\t\t\t`domain`\n\t\t\tWHERE\n\t\t\t\t`domain_name` = ?\n\t\t;"; $res2 = exec_query($sql, $query, $alias_name); if ($res->rowCount() > 0 || $res2->rowCount() > 0) { // we already have domain with this name $err_al = tr("Domain with this name already exist"); } // $query = " // SELECT // COUNT(`subdomain_id`) AS cnt // FROM // `subdomain` // WHERE // `domain_id` = ? // AND // `subdomain_mount` = ? // ;"; // $subdomres = exec_query($sql, $query, array($cr_user_id, $mount_point)); // $subdomdata = $subdomres->fetchRow(); // // $query = " // SELECT // COUNT(`subdomain_alias_id`) AS alscnt // FROM // `subdomain_alias` // WHERE // `alias_id` // IN ( // SELECT // `alias_id` // FROM // `domain_aliasses` // WHERE // `domain_id` = ? // ) // AND // `subdomain_alias_mount` = ? // ;"; // $alssubdomres = exec_query($sql, $query, array($cr_user_id, $mount_point)); // $alssubdomdata = $alssubdomres->fetchRow(); // // if ($subdomdata['cnt'] > 0 || $alssubdomdata['alscnt'] > 0) { // $err_al = tr("There is a subdomain with the same mount point!"); // } } } } if ('_off_' !== $err_al) { return; } // Begin add new alias domain $status = $cfg->ITEM_ORDERED_STATUS; $query = "\n\t\tINSERT INTO\n\t\t\t`domain_aliasses` (\n\t\t\t\t`domain_id`, `alias_name`, `alias_mount`, `status`,\n\t\t\t\t`alias_ip_id`, `url_forward`\n\t\t\t)\n\t\tVALUES\n\t\t\t(?, ?, ?, ?, ?, ?)\n\t;"; exec_query($sql, $query, array($cr_user_id, $alias_name, $mount_point, $status, $domain_ip, $forward)); $dmn_id = $sql->insertId(); AddDefaultDNSEntries(0, $dmn_id, $alias_name, $domain_ip); update_reseller_c_props(get_reseller_id($cr_user_id)); $admin_login = $_SESSION['user_logged']; if ($status == $cfg->ITEM_ORDERED_STATUS) { // notify the reseller: send_alias_order_email($alias_name); write_log("{$admin_login}: add domain alias for activation: {$alias_name}."); set_page_message(tr('Alias scheduled for activation!'), 'success'); } else { // TODO: Check // send_request('110 DOMAIN alias '.$dmn_id); write_log("{$admin_login}: domain alias scheduled for addition: {$alias_name}."); set_page_message(tr('Alias scheduled for addition!'), 'success'); } user_goto('domains_manage.php'); }
$query = "\n\t\tSELECT\n\t\t\t`t1`.`userid`, `t1`.`uid`, `t2`.`domain_uid`\n\t\tFROM\n\t\t\t`ftp_users` AS `t1`, `domain` AS `t2`\n\t\tWHERE\n\t\t\t`t1`.`userid` = ?\n\t\tAND\n\t\t\t`t1`.`uid` = t2.`domain_uid`\n\t\tAND\n\t\t\t`t2`.`domain_name` = ?\n\t\t;\n\t"; $rs = exec_query($sql, $query, array($ftp_id, $dmn_name)); $ftp_name = $rs->fields['userid']; if ($rs->recordCount() == 0) { user_goto('ftp_accounts.php'); } $query = "\n\t\tSELECT\n\t\t\t`t1`.`gid`, t2.`members`\n\t\tFROM\n\t\t\t`ftp_users` AS `t1`, `ftp_group` AS `t2`\n\t\tWHERE\n\t\t\t`t1`.`gid` = `t2`.`gid`\n\t\tAND\n\t\t\t`t1`.`userid` = ?\n\t\t;\n\t"; $rs = exec_query($sql, $query, $ftp_id); $ftp_gid = $rs->fields['gid']; $ftp_members = $rs->fields['members']; $members = preg_replace("/{$ftp_id}/", "", "{$ftp_members}"); $members = preg_replace("/,,/", ",", "{$members}"); $members = preg_replace("/^,/", "", "{$members}"); $members = preg_replace("/,\$/", "", "{$members}"); if (strlen($members) == 0) { $query = "\n\t\t\tDELETE FROM\n\t\t\t\t`ftp_group`\n\t\t\tWHERE\n\t\t\t\t`gid` = ?\n\t\t\t;\n\t\t"; $rs = exec_query($sql, $query, $ftp_gid); } else { $query = "\n\t\t\tUPDATE\n\t\t\t\t`ftp_group`\n\t\t\tSET\n\t\t\t\t`members` = ?\n\t\t\tWHERE\n\t\t\t\t`gid` = ?\n\t\t\t;\n\t\t"; $rs = exec_query($sql, $query, array($members, $ftp_gid)); } $query = "\n\t\tDELETE FROM\n\t\t\t`ftp_users`\n\t\tWHERE\n\t\t\t`userid` = ?\n\t\t;\n\t"; $rs = exec_query($sql, $query, $ftp_id); $domain_props = get_domain_default_props($_SESSION['user_id']); update_reseller_c_props($domain_props['domain_created_id']); write_log($_SESSION['user_logged'] . ": deletes FTP account: " . $ftp_name); set_page_message(tr('FTP account deleted successfully!'), 'success'); user_goto('ftp_accounts.php'); } else { user_goto('ftp_accounts.php'); }
/** * @todo * * Database user with same name can be added several times * * If creation of database user fails in MySQL-Table, database user is already * in loclal EasySCP table -> Error handling */ function add_sql_user($sql, $user_id, $db_id) { $cfg = EasySCP_Registry::get('Config'); if (!isset($_POST['uaction'])) { return; } // let's check user input if (empty($_POST['user_name']) && !isset($_POST['Add_Exist'])) { set_page_message(tr('Please type user name!'), 'warning'); return; } if (empty($_POST['pass']) && empty($_POST['pass_rep']) && !isset($_POST['Add_Exist'])) { set_page_message(tr('Please type user password!'), 'warning'); return; } if (isset($_POST['pass']) && isset($_POST['pass_rep']) && $_POST['pass'] !== $_POST['pass_rep'] && !isset($_POST['Add_Exist'])) { set_page_message(tr('Entered passwords do not match!'), 'warning'); return; } if (isset($_POST['pass']) && strlen($_POST['pass']) > $cfg->MAX_SQL_PASS_LENGTH && !isset($_POST['Add_Exist'])) { set_page_message(tr('Too long user password!'), 'warning'); return; } if (isset($_POST['pass']) && !preg_match('/^[[:alnum:]:!*+#_.-]+$/', $_POST['pass']) && !isset($_POST['Add_Exist'])) { set_page_message(tr('Don\'t use special chars like "@, $, %..." in the password!'), 'warning'); return; } if (isset($_POST['pass']) && !chk_password($_POST['pass']) && !isset($_POST['Add_Exist'])) { if ($cfg->PASSWD_STRONG) { set_page_message(sprintf(tr('The password must be at least %s chars long and contain letters and numbers to be valid.'), $cfg->PASSWD_CHARS), 'warning'); } else { set_page_message(sprintf(tr('Password data is shorter than %s signs or includes not permitted signs!'), $cfg->PASSWD_CHARS), 'warning'); } return; } if (isset($_POST['Add_Exist'])) { $query = "SELECT `sqlu_pass` FROM `sql_user` WHERE `sqlu_id` = ?"; $rs = exec_query($sql, $query, $_POST['sqluser_id']); if ($rs->recordCount() == 0) { set_page_message(tr('SQL-user not found! It might has been deleted by another user.'), 'warning'); return; } $user_pass = decrypt_db_password($rs->fields['sqlu_pass']); } else { $user_pass = $_POST['pass']; } $dmn_id = get_user_domain_id($user_id); if (!isset($_POST['Add_Exist'])) { // we'll use domain_id in the name of the database; if (isset($_POST['use_dmn_id']) && $_POST['use_dmn_id'] === 'on' && isset($_POST['id_pos']) && $_POST['id_pos'] === 'start') { $db_user = $dmn_id . "_" . clean_input($_POST['user_name']); } else { if (isset($_POST['use_dmn_id']) && $_POST['use_dmn_id'] === 'on' && isset($_POST['id_pos']) && $_POST['id_pos'] === 'end') { $db_user = clean_input($_POST['user_name']) . "_" . $dmn_id; } else { $db_user = clean_input($_POST['user_name']); } } } else { $query = "SELECT `sqlu_name` FROM `sql_user` WHERE `sqlu_id` = ?"; $rs = exec_query($sql, $query, $_POST['sqluser_id']); $db_user = $rs->fields['sqlu_name']; } if (strlen($db_user) > $cfg->MAX_SQL_USER_LENGTH) { set_page_message(tr('User name too long!'), 'warning'); return; } // are wildcards used? if (preg_match("/[%|\\?]+/", $db_user)) { set_page_message(tr('Wildcards such as %% and ? are not allowed!'), 'warning'); return; } // have we such sql user in the system?! if (check_db_user($sql, $db_user) && !isset($_POST['Add_Exist'])) { set_page_message(tr('Specified SQL username name already exists!'), 'warning'); return; } // add user in the EasySCP table; $query = "\n\t\tINSERT INTO `sql_user`\n\t\t\t(`sqld_id`, `sqlu_name`, `sqlu_pass`)\n\t\tVALUES\n\t\t\t(?, ?, ?)\n\t"; exec_query($sql, $query, array($db_id, $db_user, encrypt_db_password($user_pass))); update_reseller_c_props(get_reseller_id($dmn_id)); $query = "\n\t\tSELECT\n\t\t\t`sqld_name` AS `db_name`\n\t\tFROM\n\t\t\t`sql_database`\n\t\tWHERE\n\t\t\t`sqld_id` = ?\n\t\tAND\n\t\t\t`domain_id` = ?\n\t"; $rs = exec_query($sql, $query, array($db_id, $dmn_id)); $db_name = $rs->fields['db_name']; $db_name = preg_replace("/([_%\\?\\*])/", '\\\\$1', $db_name); // add user in the mysql system tables $query = "GRANT ALL PRIVILEGES ON " . quoteIdentifier($db_name) . ".* TO ?@? IDENTIFIED BY ?"; exec_query($sql, $query, array($db_user, "localhost", $user_pass)); exec_query($sql, $query, array($db_user, "%", $user_pass)); write_log($_SESSION['user_logged'] . ": add SQL user: " . tohtml($db_user)); set_page_message(tr('SQL user successfully added!'), 'info'); user_goto('sql_manage.php'); }
require '../../include/easyscp-lib.php'; check_login(__FILE__); $cfg = EasySCP_Registry::get('Config'); if (isset($_GET['del_id'])) { $del_id = $_GET['del_id']; } else { $_SESSION['aldel'] = '_no_'; user_goto('alias.php'); } $reseller_id = $_SESSION['user_id']; $query = "\n\tSELECT\n\t\tt1.`domain_id`, t1.`alias_id`, t1.`alias_name`,\n\t\tt2.`domain_id`, t2.`domain_created_id`\n\tFROM\n\t\t`domain_aliasses` AS t1,\n\t\t`domain` AS t2\n\tWHERE\n\t\tt1.`alias_id` = ?\n\tAND\n\t\tt1.`domain_id` = t2.`domain_id`\n\tAND\n\t\tt2.`domain_created_id` = ?\n"; $rs = exec_query($sql, $query, array($del_id, $reseller_id)); if ($rs->recordCount() == 0) { user_goto('alias.php'); } $alias_name = $rs->fields['alias_name']; // check for mail acc in ALIAS domain (ALIAS MAIL) and delete them $query = "\n\tUPDATE\n\t\t`mail_users`\n\tSET\n\t\t`status` = ?\n\tWHERE\n\t\t(`sub_id` = ?\n\t\tAND\n\t\t`mail_type` LIKE '%alias_%')\n\tOR\n\t\t(`sub_id` IN (SELECT `subdomain_alias_id` FROM `subdomain_alias` WHERE `alias_id` = ?)\n\t\tAND\n\t\t`mail_type` LIKE '%alssub_%')\n"; exec_query($sql, $query, array($cfg->ITEM_DELETE_STATUS, $del_id, $del_id)); $res = exec_query($sql, "SELECT `alias_name` FROM `domain_aliasses` WHERE `alias_id` = ?", $del_id); $dat = $res->fetchRow(); // TODO Use prepared statements exec_query($sql, "UPDATE `subdomain_alias` SET `status` = '" . $cfg->ITEM_DELETE_STATUS . "' WHERE `alias_id` = ?", $del_id); // TODO Use prepared statements exec_query($sql, "UPDATE `domain_aliasses` SET `status` = '" . $cfg->ITEM_DELETE_STATUS . "' WHERE `alias_id` = ?", $del_id); update_reseller_c_props($reseller_id); send_request('110 DOMAIN alias ' . $del_id); $admin_login = $_SESSION['user_logged']; write_log("{$admin_login}: deletes domain alias: " . $dat['alias_name']); $_SESSION['aldel'] = '_yes_'; user_goto('alias.php');