function TriggerLog($a = 0, $b = "No details.") { # DESCRIPTION: Logs an event, for debugging or audit purposes in the 'z_logs' table. # FUNCTION RELEASE: 5.0.0 # FUNCTION AUTHOR: Bobby Allen (ballen@zpanel.co.uk) $acc_key = $a; $log_details = Cleaner('i', $b); include 'conf/zcnf.php'; $sql = "INSERT INTO z_logs (lg_acc_fk, lg_when_ts, lg_ipaddress_vc, lg_details_tx) VALUES (" . $acc_key . ", '" . time() . "', '" . $_SERVER['REMOTE_ADDR'] . "', '" . $log_details . "')"; DataExchange("w", $z_db_name, $sql); return; }
<th><?php echo $lang['16']; ?> </th> <td><input name="inPostCode" type="text" id="inPostCode" size="20" maxlength="10" value="<?php echo Cleaner('o', $rowpersonal['ap_postcode_vc']); ?> " /></td> </tr> <tr> <th><?php echo $lang['17']; ?> </th> <td><input name="inPhone" type="text" id="inPhone" size="20" maxlength="50" value="<?php echo Cleaner('o', $rowpersonal['ap_phone_vc']); ?> " /></td> </tr> <tr> <th><?php echo $lang['183']; ?> :</th> <td><input name="inNewPassword" type="password" id="inNewPassword" size="20" maxlength="50" /> </td> </tr> <tr> <th colspan="2" align="right"><input type="hidden" name="inReturn" value="<?php echo GetFullURL(); ?>
* */ include 'inc/zAccountDetails.php'; include 'lang/' . GetPrefdLang($personalinfo['ap_language_vc']) . '.php'; echo $lang['2']; echo "<br><br>"; if (isset($_GET['r']) && $_GET['r'] == 'ok') { echo "<br><br><div class=\"zannouce\">" . $lang['61'] . "</div>"; echo "<br><br>"; } echo "<form id=\"frmPersonalDetails\" name=\"frmPersonalDetails\" method=\"post\" action=\"runner.php?load=obj_personal\">\r\n <table class=\"zform\">\r\n <tr>\r\n <th>" . $lang['13'] . "</th>\r\n <td><input name=\"inFullname\" type=\"text\" id=\"inFullname\" size=\"40\" value=\"" . Cleaner("o", $personalinfo['ap_fullname_vc']) . "\" /></td>\r\n </tr>\r\n <tr>\r\n <th>" . $lang['14'] . "</th>\r\n <td><input name=\"inEmail\" type=\"text\" id=\"inEmail\" size=\"40\" value=\"" . Cleaner("o", $personalinfo['ap_email_vc']) . "\" /></td>\r\n </tr>\r\n <tr>\r\n <th>" . $lang['17'] . "</th>\r\n <td><input name=\"inPhone\" type=\"text\" id=\"inPhone\" size=\"20\" value=\"" . Cleaner("o", $personalinfo['ap_phone_vc']) . "\" /></td>\r\n </tr>\r\n <tr>\r\n <th>Choose Language</th>\r\n <td>"; echo "<select name=\"inTranslation\" id=\"inTranslation\">"; $handle = @opendir(GetSystemOption('zpanel_root') . "lang"); $chkdir = GetSystemOption('zpanel_root') . "lang/"; if (!$handle) { # Log an error as the folder cannot be opened... TriggerLog($useraccount['ac_id_pk'], $b = "Was unable to read the Language packs in (" . $chkdir . "), please ensure this folder exists."); } else { while ($file = readdir($handle)) { if ($file != "." && $file != ".." && strstr($file, '.php') && !strstr($file, '_override')) { if (str_replace(".php", "", $file) == $personalinfo['ap_language_vc']) { echo "<option value=" . str_replace(".php", "", $file) . " selected=selected>" . str_replace(".php", "", $file) . "</option>\n"; } else { echo "<option value=" . str_replace(".php", "", $file) . ">" . str_replace(".php", "", $file) . "</option>\n"; } } } closedir($handle); } echo "</select>\r\n\t \r\n\t </td>\r\n </tr>\r\n <tr>\r\n <th>" . $lang['15'] . "</th>\r\n <td><textarea name=\"inAddress\" id=\"inAddress\" cols=\"45\" rows=\"5\">" . Cleaner("o", $personalinfo['ap_address_tx']) . "</textarea></td>\r\n </tr>\r\n <tr>\r\n <th>" . $lang['16'] . "</th>\r\n <td><input name=\"inPostalCode\" type=\"text\" id=\"inPostalCode\" size=\"15\" value=\"" . Cleaner("o", $personalinfo['ap_postcode_vc']) . "\" /></td>\r\n </tr>\r\n <tr>\r\n <th> </th>\r\n <td align=\"right\"><input type=\"hidden\" name=\"inReturnURL\" id=\"inReturnURL\" value=\"" . GetFullURL() . "\" /><input type=\"submit\" name=\"" . $lang['18'] . "\" id=\"" . $lang['18'] . "\" value=\"Submit\" /></td>\r\n </tr>\r\n </table>\r\n</form>";
<td><input name="inDiskQuota" type="text" id="inDiskQuota" value="<?php echo Cleaner('o', $rowquotas['qt_diskspace_bi'] / 1024000); ?> " size="10" maxlength="10" /> <?php echo $lang['100']; ?> </td> </tr> <tr> <th><?php echo $lang['99']; ?> :</th> <td><input name="inBandQuota" type="text" id="inBandQuota" value="<?php echo Cleaner('o', $rowquotas['qt_bandwidth_bi'] / 1024000); ?> " size="10" maxlength="10" /> <?php echo $lang['100']; ?> </td> </tr> <tr> <th colspan="2" align="right"><input type="hidden" name="inReturn" value="<?php echo GetFullURL(); ?> " /><input type="hidden" name="inPackageID" value="<?php echo $rowpackage['pk_id_pk']; ?> " /><input type="hidden" name="inAction" value="edit" /><input type="submit" name="inSubmit" id="inSubmit" value="<?php
} if (isset($_GET['reset'])) { # There has been a password reset request... echo "<br><h2>" . $lang['194'] . "</h2>"; echo $lang['193']; echo "<br><br>"; ?> <form id="frmResetPassword" name="frmResetPassword" method="post" action="runner.php?load=obj_mail"> <table class="zform"> <tr> <th><?php echo $lang['14']; ?> </th> <td><?php echo Cleaner('o', $_GET['reset']); ?> </td> </tr> <tr> <th><?php echo $lang['116']; ?> :</th> <td><input name="inPassword" type="password" id="inPassword"/></td> </tr> <tr> <th colspan="2" align="right"><input type="hidden" name="inReturn" value="<?php echo GetFullURL(); ?> " />
<th><?php echo $lang['185']; ?> </th> <th></th> </tr> <?php do { ?> <tr> <td><?php echo Cleaner('o', $rowforwarders['fw_address_vc']); ?> </td> <td><?php echo Cleaner('o', $rowforwarders['fw_destination_vc']); ?> </td> <td><input type="submit" name="inDelete_<?php echo $rowforwarders['fw_id_pk']; ?> " id="inDelete_<?php echo $rowforwarders['fw_id_pk']; ?> " value="<?php echo $lang['84']; ?> " /><input type="hidden" name="ForwardMailbox" value="<?php echo $rowforwarders['fw_address_vc']; ?> " /><input type="hidden" name="fw_address_vc" value="<?php
* but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. * */ # Now we need to declare and cleanup some variables $acc_fk = $useraccount['ac_id_pk']; $returnurl = Cleaner('o', $_POST['inReturn']); # Now we turn the values that are avaliable to be saved... $sql = "SELECT * FROM z_settings WHERE st_editable_in=1"; $listoptions = DataExchange("r", $z_db_name, $sql); $rowoptions = mysql_fetch_assoc($listoptions); if (isset($_POST['inSaveSystem'])) { do { # Now we simply update the account details based on the current session. DataExchange("w", $z_db_name, "UPDATE z_settings SET st_value_tx='" . Cleaner('o', $_POST['' . $rowoptions['st_name_vc'] . '']) . "' WHERE st_name_vc = '" . $rowoptions['st_name_vc'] . "'"); } while ($rowoptions = mysql_fetch_assoc($listoptions)); } if (isset($_POST['inSaveTemplate'])) { DataExchange("w", $z_db_name, "UPDATE z_settings SET st_value_tx='" . Cleaner('o', $_POST['inTemplate']) . "' WHERE st_name_vc = 'zpanel_template'"); DataExchange("w", $z_db_name, "UPDATE z_settings SET st_value_tx='" . Cleaner('o', str_replace(".php", "", $_POST['inTranslation'])) . "' WHERE st_name_vc = 'zpanel_lang'"); } if (isset($_POST['inSaveWelcome'])) { DataExchange("w", $z_db_name, "UPDATE z_settings SET st_value_tx='" . htmlentities($_POST['inWelcome']) . "' WHERE st_name_vc = 'zpanel_welcome'"); } $returnurl = GetNormalModuleURL($returnurl) . "&r=ok"; header("location: " . $returnurl . ""); exit;
* * ZPanel - A Cross-Platform Open-Source Web Hosting Control panel. * * @package ZPanel * @version $Id$ * @author Bobby Allen - ballen@zpanelcp.com * @copyright (c) 2008-2011 ZPanel Group - http://www.zpanelcp.com/ * @license http://opensource.org/licenses/gpl-3.0.html GNU Public License v3 * * This program (ZPanel) is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. * */ # Now we need to declare and cleanup some variables $acc_fk = $useraccount['ac_id_pk']; $returnurl = $_POST['inReturn']; # Now we simply update the account details based on the current session. DataExchange("w", $z_db_name, "UPDATE z_resellers SET rc_company_vc='" . Cleaner('i', $_POST['inCompanyName']) . "' WHERE rc_acc_fk=" . $acc_fk . ""); $returnurl = GetNormalModuleURL($returnurl) . "&r=ok"; header("location: " . $returnurl . ""); exit;
# If the login process has been initiated then lets check the login! if (isset($_SESSION['zUserID'])) { if (isset($_GET['logout'])) { # Lets log the user out! $_SESSION['zUsername'] = NULL; $_SESSION['zUserID'] = NULL; unset($_SESSION['zUsername']); unset($_SESSION['zUserID']); } else { header("location: ./"); exit; } } else { if (isset($_POST['inUsername'])) { $username = Cleaner('i', $_POST['inUsername']); $password = Cleaner('i', $_POST['inPassword']); $sql = "SELECT ac_id_pk, ac_user_vc FROM z_accounts WHERE ac_user_vc='" . $username . "' AND ac_pass_vc='" . md5($password) . "' AND ac_deleted_ts IS NULL"; $checklogin = DataExchange("l", $z_db_name, $sql); $accountexists = DataExchange("t", $z_db_name, $sql); $_SESSION['zUsername'] = $checklogin['ac_user_vc']; $_SESSION['zUserID'] = $checklogin['ac_id_pk']; include 'inc/zAccountDetails.php'; $is_admin = $permissionset['pr_admin_in']; if ($accountexists > 0) { if ($lockdown_option == 1) { if ($is_admin == 1) { TriggerLog($checklogin['ac_id_pk'], "User has logged into ZPanel."); $sql = "UPDATE z_settings SET st_value_tx='http://" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'] . "' WHERE st_name_vc='login_url';"; DataExchange("w", $z_db_name, $sql); header("location: ./index.php"); exit;
if (ShowServerPlatform() == 'Windows') { $api_resault = zapi_cronjob_add(GetSystemOption('cron_file'), $cronid['ct_id_pk'], $_POST['inTiming'], ChangeSafeSlashesToWin(GetSystemOption('php_exer')), RemoveDoubleSlash(ChangeSafeSlashesToWin(GetSystemOption('hosted_dir') . $useraccount['ac_user_vc'] . '/' . $_POST['inScript']))); } else { $api_resault = zapi_cronjob_add(GetSystemOption('cron_file'), $cronid['ct_id_pk'], $_POST['inTiming'], GetSystemOption('php_exer'), RemoveDoubleSlash(GetSystemOption('hosted_dir') . $useraccount['ac_user_vc'] . '/' . $_POST['inScript'])); } if ($api_resault == false) { # The cronjob was not added for some reason! # We will remove the cron id from the database so it will not show as active. $sql = "UPDATE z_cronjobs SET ct_deleted_ts=" . time() . " WHERE ct_id_pk=" . $cronid['ct_id_pk'] . ""; DataExchange("w", $z_db_name, $sql); TriggerLog($useraccount['ac_id_pk'], $b = "Was unable to write to the crontab file (" . GetSystemOption('cron_file') . "), check that the file is not read-only and that the file path in the ZPanel settings is correct."); header("location: " . GetNormalModuleURL($returnurl) . "&r=error"); exit; } # Now we add some infomation to the system log. TriggerLog($useraccount['ac_id_pk'], $b = "New cron job has been added by user (" . Cleaner('i', $_POST['inScript']) . ")\rDescription:-\r" . Cleaner('i', $_POST['inDescription']) . ""); header("location: " . GetNormalModuleURL($returnurl) . "&r=ok"); exit; } if ($_POST['inAction'] == 'delete') { # User has choosen to delete the task... do { if (isset($_POST['inDelete_' . $rowtasks['ct_id_pk']])) { # Call the API function! $api_resault = zapi_cronjob_remove(GetSystemOption('cron_file'), $rowtasks['ct_id_pk']); if ($api_resault == false) { # The cronjob was not deleted for some reason! TriggerLog($useraccount['ac_id_pk'], $b = "Was unable to write to the crontab file (" . GetSystemOption('cron_file') . "), check that the file is not read-only and that the file path in the ZPanel settings is correct."); header("location: " . GetNormalModuleURL($returnurl) . "&r=error"); exit; }
DataExchange("w", $z_db_name, $sql); $sql = "INSERT INTO z_permissions (pr_package_fk) VALUES (" . $packageid['pk_id_pk'] . ");"; DataExchange("w", $z_db_name, $sql); # Insert default mod_bw quota limits for package $sql = "SELECT * FROM z_throttle WHERE tr_id_pk=1"; $throttledefaults = DataExchange("l", $z_db_name, $sql); $sql = "UPDATE z_quotas SET qt_bwenabled_in = '" . $throttledefaults['tr_bwenabled_in'] . "',\r\n\t\t\t\t\t\t\t\tqt_dlenabled_in = '" . $throttledefaults['tr_dlenabled_in'] . "',\r\n\t\t\t\t\t\t\t\tqt_totalbw_fk = '" . $throttledefaults['tr_totalbw_fk'] . "',\r\n\t\t\t\t\t\t\t\tqt_minbw_fk = '" . $throttledefaults['tr_minbw_fk'] . "',\r\n\t\t\t\t\t\t\t\tqt_maxcon_fk = '" . $throttledefaults['tr_maxcon_fk'] . "',\r\n\t\t\t\t\t\t\t\tqt_filesize_fk = '" . $throttledefaults['tr_filespeed_fk'] . "',\r\n\t\t\t\t\t\t\t\tqt_filespeed_fk = '" . $throttledefaults['tr_filespeed_fk'] . "',\r\n\t\t\t\t\t\t\t\tqt_filetype_vc = '" . $throttledefaults['tr_filetype_vc'] . "',\r\n\t\t\t\t\t\t\t\tqt_modified_in = '1'\r\n\t\t\t\t\t\t\t\tWHERE qt_package_fk = '" . $packageid['pk_id_pk'] . "'"; DataExchange("w", $z_db_name, $sql); header("location: " . $returnurl . "&r=ok"); exit; } if ($_POST['inAction'] == 'edit') { # User has choosen to edit a package... $sql = "UPDATE z_packages SET pk_name_vc='" . Cleaner('i', $_POST['inPackageName']) . "',\r\n\t\t\t\t\t\t\t\tpk_enablephp_in=" . GetCheckboxValue($_POST['inEnablePHP']) . ",\r\n\t\t\t\t\t\t\t\tpk_enablecgi_in=" . GetCheckboxValue($_POST['inEnableCGI']) . " WHERE pk_id_pk=" . $_POST['inPackageID'] . ""; DataExchange("w", $z_db_name, $sql); $sql = "UPDATE z_quotas SET qt_domains_in=" . Cleaner('i', $_POST['inNoDomains']) . ",\r\n\t\t\t\t\t\t\t\t\tqt_subdomains_in=" . Cleaner('i', $_POST['inNoSubDomains']) . ",\r\n\t\t\t\t\t\t\t\t\tqt_parkeddomains_in=" . Cleaner('i', $_POST['inNoParkedDomains']) . ",\r\n\t\t\t\t\t\t\t\t\tqt_mailboxes_in=" . Cleaner('i', $_POST['inNoMailboxes']) . ",\r\n\t\t\t\t\t\t\t\t\tqt_fowarders_in=" . Cleaner('i', $_POST['inNoFowarders']) . ",\r\n\t\t\t\t\t\t\t\t\tqt_distlists_in=" . Cleaner('i', $_POST['inNoDistLists']) . ",\r\n\t\t\t\t\t\t\t\t\tqt_ftpaccounts_in=" . Cleaner('i', $_POST['inNoFTPAccounts']) . ",\r\n\t\t\t\t\t\t\t\t\tqt_mysql_in=" . Cleaner('i', $_POST['inNoMySQL']) . ",\r\n\t\t\t\t\t\t\t\t\tqt_diskspace_bi=" . Cleaner('i', $_POST['inDiskQuota'] * 1024000) . ",\r\n\t\t\t\t\t\t\t\t\tqt_bandwidth_bi=" . Cleaner('i', $_POST['inBandQuota'] * 1024000) . " WHERE qt_package_fk=" . $_POST['inPackageID'] . ""; DataExchange("w", $z_db_name, $sql); $returnurl = GetNormalModuleURL($returnurl) . "&r=ok"; header("location: " . $returnurl . ""); exit; } if ($_POST['inAction'] == 'delete') { # User has choosen to delete a package... do { if (isset($_POST['inEdit_' . $rowpackages['pk_id_pk']])) { header("location: " . $returnurl . "&edit=" . $rowpackages['pk_id_pk'] . ""); exit; } if (isset($_POST['inDelete_' . $rowpackages['pk_id_pk']])) { $sql = "UPDATE z_packages SET pk_deleted_ts=" . time() . " WHERE pk_id_pk=" . $rowpackages['pk_id_pk'] . ""; $packageid = DataExchange("w", $z_db_name, $sql);
$alias = "ServerAlias " . $domain . " www." . $domain . ""; # Check to see if version IS Windows (If so use the default hMailServer and create domain) - Otherwise we skip it! if (ShowServerPlatform() == 'Windows') { if (GetSystemOption('disable_hostsen') == 'false') { # Lets add the hostname to the HOSTS file so that the server can view the domain immediately... @exec("C:/ZPanel/bin/zpanel/tools/setroute.exe " . $domain . ""); @exec("C:/ZPanel/bin/zpanel/tools/setroute.exe www." . $domain . ""); } } # Call the API! zapi_vhparked_add(GetSystemOption('apache_vhost'), $domain, GetSystemOption('parking_path')); # If all has gone well we need to now create the domain in the database... $sql = "INSERT INTO z_vhosts (vh_acc_fk,\r\n\t\t\t\t\t\t\t\t\tvh_name_vc,\r\n\t\t\t\t\t\t\t\t\tvh_directory_vc,\r\n\t\t\t\t\t\t\t\t\tvh_type_in,\r\n\t\t\t\t\t\t\t\t\tvh_created_ts) VALUES (\r\n\t\t\t\t\t\t\t\t\t" . $acc_fk . ",\r\n\t\t\t\t\t\t\t\t\t'" . Cleaner('i', $domain) . "',\r\n\t\t\t\t\t\t\t\t\t'" . Cleaner('i', $homedirectoy_to_use) . "',\r\n\t\t\t\t\t\t\t\t\t3,\r\n\t\t\t\t\t\t\t\t\t" . time() . ")"; DataExchange("w", $z_db_name, $sql); # Now we add some infomation to the system log. TriggerLog($useraccount['ac_id_pk'], $b = "New parked domain has been added by the user (" . Cleaner('i', $_POST['inDomain']) . ")."); header("location: " . GetNormalModuleURL($returnurl) . "&r=ok"); exit; } if ($_POST['inAction'] == 'delete') { # User has choosen to delete the task... do { if (isset($_POST['inDelete_' . $rowdomains['vh_id_pk']])) { # Log the action in the database... TriggerLog($useraccount['ac_id_pk'], $b = "User domain vhost ID: " . $rowdomains['ct_id_pk'] . " was deleted."); # Call the API zapi_vhost_remove(GetSystemOption('apache_vhost'), $rowdomains['vh_name_vc']); # Check to see if version IS Windows (If so use the default hMailServer and create domain) - Otherwise we skip it! if (ShowServerPlatform() == 'Windows') { # Lets now go and try removing the domain from hMailServer (if configured in the ZPanel system settings:- $hmaildatabase = GetSystemOption('hmailserver_db');
<input type="hidden" name="inAction" value="NewDistList" /> <input type="submit" name="inSubmit" id="inSubmit" value="<?php echo $lang['128']; ?> " /></th> </tr> </table> </form><?php } else { echo $lang['234']; } } # Check the see if the user wants to edit the dist list in queston... if (isset($_GET['edit'])) { # Get a list of the dist list users.... $sql = "SELECT * FROM z_distlists WHERE dl_acc_fk=" . $useraccount['ac_id_pk'] . " AND dl_address_vc='" . Cleaner('i', $_GET['edit']) . "' AND dl_deleted_ts IS NULL"; $listdistlist = DataExchange("r", $z_db_name, $sql); $rowdistlist = mysql_fetch_assoc($listdistlist); $totaldistlist = DataExchange("t", $z_db_name, $sql); $sql = "SELECT * FROM z_distlistusers WHERE du_distlist_fk=" . $rowdistlist['dl_id_pk'] . " AND du_deleted_ts IS NULL"; $listdistlistusers = DataExchange("r", $z_db_name, $sql); $rowdistlistusers = mysql_fetch_assoc($listdistlistusers); $totaldistlistusers = DataExchange("t", $z_db_name, $sql); echo "<br><h2>Edit distrubution list</h2>"; echo "<form id=\"frmNewDistListUser\" name=\"frmNewDistListUser\" method=\"post\" action=\"runner.php?load=obj_mail\">\r\n\t<table class=\"zform\">\r\n\t<tr>\r\n <th colspan=\"3\">" . $rowdistlist['dl_address_vc'] . "</th>\r\n \t</tr>\r\n\t <tr>\r\n <th> </th>\r\n <td> </td>\r\n\t<td> </td>\r\n </tr>"; if ($rowdistlistusers > 0) { do { echo "<tr>\r\n <th>Email Address:</th><td>" . $rowdistlistusers['du_address_vc'] . "</td>\r\n <td><input type=\"submit\" name=\"inDelete_" . $rowdistlistusers['du_id_pk'] . "\" id=\"inDelete_" . $rowforwarders['du_id_pk'] . "\" value=\"" . $lang['84'] . "\" /></td>\r\n </tr>"; } while ($rowdistlistusers = mysql_fetch_assoc($listdistlistusers)); } echo "\r\n <tr>\r\n <th> </th>\r\n <td> </td>\r\n\t<td> </td>\r\n </tr>\r\n <tr>\r\n <th>Add new address:</th>\r\n <td><input type=\"text\" name=\"inDistListAddress\" id=\"inDistListAddress\" /></td><td> </td>\r\n </tr>\r\n <tr>\r\n <th colspan=\"3\" align=\"right\"><input type=\"hidden\" name=\"inReturn\" value=\"" . GetFullURL() . "\" />\r\n <input type=\"hidden\" name=\"inAction\" value=\"edit_distlists\" />\r\n\t\t <input type=\"hidden\" name=\"inDLID\" value=\"" . $rowdistlist['dl_id_pk'] . "\" />\r\n <input type=\"submit\" name=\"inSubmit\" id=\"inSubmit\" value=\"" . $lang['128'] . "\" /></th>\r\n </tr>\r\n</table>";
# Fist lets make sure it doesnt exist before we create the database and continue... $sql = "SELECT * FROM z_mysql WHERE my_name_vc='" . Cleaner('i', $useraccount['ac_user_vc'] . "_" . $_POST['inDatabase']) . "' AND my_deleted_ts IS NULL"; $doesexist = DataExchange("t", $z_db_name, $sql); if ($doesexist < 1) { # Ok so the database doesnt exist, so lets create the database... $api_resault = zapi_mysqldb_add($useraccount['ac_user_vc'], $_POST['inDatabase'], "utf8", "utf8_general_ci", $zdb); if ($api_resault == false) { # The cronjob was not added for some reason! TriggerLog($useraccount['ac_id_pk'], $b = "Unable to create mysql database (" . $_POST['inDatabase'] . ")."); } # If the user submitted a 'new' request then we will simply add the cron task to the database... $sql = "INSERT INTO z_mysql (my_acc_fk,\r\n\t\t\t\t\t\t\t\t\t\tmy_name_vc,\r\n\t\t\t\t\t\t\t\t\t\tmy_created_ts) VALUES (\r\n\t\t\t\t\t\t\t\t\t\t" . $acc_fk . ",\r\n\t\t\t\t\t\t\t\t\t\t'" . Cleaner('i', $useraccount['ac_user_vc'] . "_" . $_POST['inDatabase']) . "',\r\n\t\t\t\t\t\t\t\t\t\t" . time() . ")"; DataExchange("w", $z_db_name, $sql); # Now we have to add the entry to the cron file. # Now we add some infomation to the system log. TriggerLog($useraccount['ac_id_pk'], $b = "New MySQL database added by user (" . Cleaner('i', $_POST['inDatabase']) . ")."); header("location: " . GetNormalModuleURL($returnurl) . "&r=ok"); } else { header("location: " . GetNormalModuleURL($returnurl) . "&r=exists"); } exit; } if ($_POST['inAction'] == 'delete') { # User has choosen to delete the task... do { if (isset($_POST['inDelete_' . $rowmysql['my_id_pk']])) { # Ok so lets drop the MySQL database... $api_resault = zapi_mysqldb_remove($rowmysql['my_name_vc'], $zdb); if ($api_resault == false) { # The cronjob was not added for some reason! TriggerLog($useraccount['ac_id_pk'], $b = "Unable to remove mysql database (" . $rowmysql['my_name_vc'] . ").");
} //--> </script> <blockquote> <table> <?php do { ?> <tr> <td><img src="modules/advanced/faqs/item.png" width="16" height="16"></td> <td><a href="#" onclick="toggle_visibility('<?php echo $rowfaqs['fq_id_pk']; ?> ');"><strong><?php echo Cleaner('o', $rowfaqs['fq_queston_tx']); ?> </strong></a> <div id="<?php echo $rowfaqs['fq_id_pk']; ?> " style="display:none;"><?php echo Cleaner('o', $rowfaqs['fq_answer_tx']); ?> <br><br></div></td> </tr> <?php } while ($rowfaqs = mysql_fetch_assoc($listfaqs)); ?> </table> </blockquote>
* @copyright (c) 2008-2011 ZPanel Group - http://www.zpanelcp.com/ * @license http://opensource.org/licenses/gpl-3.0.html GNU Public License v3 * * This program (ZPanel) is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. * */ # Now we need to declare and cleanup some variables $acc_fk = $useraccount['ac_id_pk']; $fullname = Cleaner("i", $_POST['inFullname']); $email_address = Cleaner("i", $_POST['inEmail']); $postal_address = Cleaner("i", $_POST['inAddress']); $postal_code = Cleaner("i", $_POST['inPostalCode']); $phone = Cleaner("i", $_POST['inPhone']); $returnurl = $_POST['inReturnURL']; $language = $_POST['inTranslation']; # Now we simply update the account details based on the current session. DataExchange("w", $z_db_name, "UPDATE z_personal SET ap_fullname_vc='" . $fullname . "', ap_email_vc='" . $email_address . "', ap_address_tx='" . $postal_address . "', ap_postcode_vc='" . $postal_code . "', ap_phone_vc='" . $phone . "', ap_language_vc='" . $language . "' WHERE ap_acc_fk=" . $acc_fk . ""); $returnurl = GetNormalModuleURL($returnurl) . "&r=ok"; header("location: " . $returnurl . ""); exit;
<th><?php echo $lang['163']; ?> </th> <th></th> </tr> <?php do { ?> <tr> <td><?php echo Cleaner('o', $rowdomains['vh_name_vc']); ?> </td> <td><?php echo Cleaner('o', $rowdomains['vh_directory_vc']); ?> </td> <td><?php if ($rowdomains['vh_active_in'] == 1) { echo "<font color=\"green\">Live</font>"; } else { echo "<font color=\"orange\">Pending</font>"; } ?> </td> <td><input type="submit" name="inDelete_<?php echo $rowdomains['vh_id_pk']; ?> " id="inDelete_<?php echo $rowdomains['vh_id_pk'];
* * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. * */ # Now we need to declare and cleanup some variables $acc_fk = $useraccount['ac_id_pk']; $current_pass = Cleaner("i", $_POST['inCurPass']); $newpass = Cleaner("i", $_POST['inNewPass']); $conpass = Cleaner("i", $_POST['inConPass']); $doresetmysql = Cleaner("i", $_POST['inResMySQL']); $returnurl = $_POST['inReturnURL']; if (md5($current_pass) != $useraccount['ac_pass_vc'] || empty($newpass)) { # Current password does not match! $endonerror = "&r=error"; } else { if ($newpass == $conpass) { # Check that the new password matches the confirmation box. if ($doresetmysql != '1') { # User has selected to update ZPanel account password only! $sql = "UPDATE z_accounts SET ac_pass_vc='" . md5($newpass) . "' WHERE ac_id_pk=" . $acc_fk . ""; DataExchange("w", $z_db_name, $sql); TriggerLog($acc_fk, "User has updated their ZPanel account password."); $endonerror = "&r=ok"; } else { # User has selected to change both passwords.
$obFA->Name = $ExMessageAccount; $obFA->MinutesBetweenFetch = $ExMessagecheck; $obFA->Port = $ExMessagePort; $obFA->ProcessMIMERecipients = $ExMessageMIME; $obFA->ProcessMIMEDate = '1'; $obFA->ServerAddress = $ExMessageAddress; $obFA->ServerType = '1'; $obFA->Username = $ExMessageUser; $obFA->UseAntiVirus = '0'; $obFA->UseAntiSpam = '0'; $obFA->EnableRouteRecipients = '0'; $obFA->DaysToKeepMessages = $ExMessageOption; $obFA->UseSSL = $ExMessageSSL; $Password = $ExMessagePass; if (strlen($Password) > 0) { $obFA->Password = $Password; } $obFA->Save(); $faid = $obFA->ID; # Log the action in the database... TriggerLog($useraccount['ac_id_pk'], $b = "Added external email acount " . $ExMessageUser . " for mailbox: " . $Usermailbox . ""); #Life is good, lets inform the user all is ok... header("location: " . GetNormalModuleURL($returnurl) . "&r=ok"); exit; } if ($_POST['inAction'] == 'filter_mailbox') { # Filter the mailbox listing $filter = Cleaner('i', $_POST['inFilter']); header("location: " . $returnurl . "&r=off&rfilter=" . $filter . ""); exit; }
function zapi_mysqldb_add($username, $databasename, $charset, $collate, $zdb) { $sql = "CREATE DATABASE `" . Cleaner('i', $username . "_" . $databasename) . "` DEFAULT CHARACTER SET " . $charset . " COLLATE " . $collate . ";"; mysql_query($sql, $zdb); $sql = "GRANT ALL PRIVILEGES ON `" . $username . "\\_" . $databasename . "`.* TO '" . $username . "'@'%'"; $result = mysql_query($sql, $zdb) or die(TriggerLog(1, "Error whilst granting priviledges to MySQL user, MySQL error was: " . mysql_error())); return true; }
<th><?php echo $lang['166']; ?> </th> <th><?php echo $lang['163']; ?> </th> <th></th> </tr> <?php do { ?> <tr> <td><?php echo Cleaner('o', $rowdomains['vh_name_vc']); ?> </td> <td><?php echo date(GetSystemOption('zpanel_df'), $rowdomains['vh_created_ts']); ?> </td> <td><?php if ($rowdomains['vh_active_in'] == 1) { echo "<font color=\"green\">Live</font>"; } else { echo "<font color=\"orange\">Pending</font>"; } ?> </td> <td><input type="submit" name="inDelete_<?php
$sql = "SELECT * FROM z_ftpaccounts WHERE ft_user_vc='" . $_POST['inAccount'] . "' AND ft_acc_fk=" . $acc_fk . " AND ft_deleted_ts IS NULL"; $listisowner = DataExchange("r", $z_db_name, $sql); $rowisowner = mysql_fetch_assoc($listisowner); $totalisowner = DataExchange("t", $z_db_name, $sql); if ($totalisowner > 0) { # Call the API! $api_resault = zapi_ftpaccount_edit(GetSystemOption('filezilla_root'), $_POST['inAccount'], $_POST['inPassword']); if ($api_resault == false) { # The cronjob was not added for some reason! TriggerLog($useraccount['ac_id_pk'], $b = "FTP password for user (" . Cleaner('i', $_POST['inAccount']) . ") could not be reset."); } else { TriggerLog($useraccount['ac_id_pk'], $b = "FTP password for user (" . Cleaner('i', $_POST['inAccount']) . ") has been reset."); $reboot = system($filezilla_reload); } } else { TriggerLog($useraccount['ac_id_pk'], $b = "FTP password for user (" . Cleaner('i', $_POST['inAccount']) . ") not been reset as you are not the owner."); } header("location: " . GetNormalModuleURL($returnurl) . "&r=ok"); exit; } if ($_POST['inAction'] == 'delete') { # User has choosen to delete the task... do { #Check to make sure this isnt a password reset... if (isset($_POST['inReset_' . $rowftpaccounts['ft_id_pk']])) { header("location: " . GetNormalModuleURL($returnurl) . "&reset=" . $rowftpaccounts['ft_user_vc'] . ""); exit; } # Ok so lets just go and delete the FTP account now... if (isset($_POST['inDelete_' . $rowftpaccounts['ft_id_pk']])) { # Call the API!
<th><?php echo $lang['131']; ?> </th> <th></th> </tr> <?php do { ?> <tr> <td><?php echo Cleaner('o', $rowmysql['my_name_vc']); ?> </td> <td><?php echo Cleaner('o', FormatFileSize($rowmysql['my_usedspace_bi'])); ?> </td> <td><input type="submit" name="inDelete_<?php echo $rowmysql['my_id_pk']; ?> " id="inDelete_<?php echo $rowmysql['my_id_pk']; ?> " value="<?php echo $lang['84']; ?> " /></td> </tr> <?php } while ($rowmysql = mysql_fetch_assoc($listmysql));
</th> <th><?php echo $lang['112']; ?> </th> <th> </th> </tr> <?php do { # Get package infomation for the user... $sql = "SELECT pk_name_vc FROM z_packages WHERE pk_id_pk=" . $rowclients['ac_package_fk'] . ""; $package = DataExchange("l", $z_db_name, $sql); ?> <tr> <td><?php echo Cleaner('o', $rowclients['ac_user_vc']); ?> </td> <td><?php echo $package['pk_name_vc']; ?> </td> <td><?php echo FormatFileSize(GetQuotaUsages('diskspace', $rowclients['ac_id_pk'])); ?> </td> <td><?php echo FormatFileSize(GetQuotaUsages('bandwidth', $rowclients['ac_id_pk'])); ?> </td> <td><input type="submit" name="inShadow_<?php
* it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. * */ # Now we need to declare and cleanup some variables $acc_fk = $useraccount['ac_id_pk']; $returnurl = Cleaner('o', $_POST['inReturn']); # Lets grab and archive the user's web data.... $homedir = GetSystemOption('hosted_dir') . $useraccount['ac_user_vc']; $backupname = $useraccount['ac_user_vc'] . "_" . date("dmy_Gi", time()); $dbstamp = date("dmy_Gi", time()); # We now see what the OS is before we work out what compression command to use.. if (ShowServerPlatform() == "Windows") { $resault = exec(ChangeSafeSlashesToWin(GetSystemOption('7z_exe') . " a -tzip -y-r " . GetSystemOption('temp_dir') . $backupname . ".zip " . $homedir . "")); } else { $resault = exec(GetSystemOption('7z_exe') . " -r9 " . GetSystemOption('temp_dir') . $backupname . " " . $homedir . "/*"); @chmod(GetSystemOption('temp_dir') . $backupname . ".zip", 0777); } # Now lets backup all MySQL datbases for the user and add them to the archive... $sql = "SELECT * FROM z_mysql WHERE my_acc_fk=" . $useraccount['ac_id_pk'] . " AND my_deleted_ts IS NULL"; $mysql = DataExchange("r", $z_db_name, $sql); $row_mysql = mysql_fetch_assoc($mysql);
if (isset($_POST['inNewPassword']) && $_POST['inNewPassword'] != "") { # Get account username... $sql = "SELECT * FROM z_accounts WHERE ac_id_pk=" . $_POST['inClientID'] . " AND ac_deleted_ts IS NULL"; $listclientid = DataExchange("r", $z_db_name, $sql); $rowclientid = mysql_fetch_assoc($listclientid); $resetforuser = $rowclientid['ac_user_vc']; $sql = "UPDATE z_accounts SET ac_pass_vc='" . md5(Cleaner("i", $_POST['inNewPassword'])) . "' WHERE ac_id_pk=" . $_POST['inClientID'] . ""; DataExchange("w", $z_db_name, $sql); $sql = "UPDATE z_accounts SET ac_pass_vc='" . md5(Cleaner("i", $_POST['inNewPassword'])) . "' WHERE ac_id_pk=" . $_POST['inClientID'] . ""; DataExchange("w", $z_db_name, $sql); zapi_mysqluser_setpass($resetforuser, Cleaner("i", $_POST['inNewPassword']), $zdb); TriggerLog($useraccount['ac_id_pk'], "Account password for (" . $resetforuser . ") has been reset by the account admin."); } # Log the package as modified so the daemon will make changes to vhosts if the client was moved to a different package. if ($rowoldpackage['ac_package_fk'] != Cleaner('i', $_POST['inPackage'])) { $sql = "UPDATE z_quotas SET qt_modified_in = 1 WHERE qt_package_fk = " . Cleaner('i', $_POST['inPackage']) . ""; DataExchange("w", $z_db_name, $sql); } $returnurl = GetNormalModuleURL($returnurl) . "&r=ok"; TriggerLog($useraccount['ac_id_pk'], $b = "User account ID: " . $_POST['inClientID'] . " was updated."); header("location: " . $returnurl . ""); exit; } if ($_POST['inAction'] == 'delete') { # User has choosen to delete a package... do { if (isset($_POST['inEdit_' . $rowclients['ac_id_pk']])) { header("location: " . $returnurl . "&edit=" . $rowclients['ac_id_pk'] . ""); exit; } if (isset($_POST['inDelete_' . $rowclients['ac_id_pk']])) {
<th><?php echo $lang['124']; ?> </th> <th></th> </tr> <?php do { ?> <tr> <td><?php echo Cleaner('o', $rowtasks['ct_script_vc']); ?> </td> <td><?php echo Cleaner('o', $rowtasks['ct_description_tx']); ?> </td> <td><input type="submit" name="inDelete_<?php echo $rowtasks['ct_id_pk']; ?> " id="inDelete_<?php echo $rowtasks['ct_id_pk']; ?> " value="<?php echo $lang['84']; ?> " /></td> </tr> <?php } while ($rowtasks = mysql_fetch_assoc($listtasks));
if (isset($_POST['inPackage'])) { header("location: " . $returnurl . "&r=0&package=" . $inPackage . ""); exit; } } # Update package bandwidth quotas if ($_POST['inAction'] == 'EditPackage') { $inUseBT = Cleaner('o', $_POST['inUseBT']); $inMaxBW = Cleaner('o', $_POST['inMaxBW']); $inMinBW = Cleaner('o', $_POST['inMinBW']); $inMaxCon = Cleaner('o', $_POST['inMaxCon']); $inUseFT = Cleaner('o', $_POST['inUseFT']); $inDLsize = Cleaner('o', $_POST['inDLsize']); $inDLspeed = Cleaner('o', $_POST['inDLspeed']); $inQuotaID = Cleaner('o', $_POST['inQuotaID']); $inPackage = Cleaner('o', $_POST['inPackage']); #$inDLtype = Cleaner('o',$_POST['inDLtype']); # Update quota table with new settings. $sql = "UPDATE z_quotas SET qt_bwenabled_in = '" . $inUseBT . "',\r\n\t\t\t\t\t\t\t\tqt_dlenabled_in = '" . $inUseFT . "',\r\n\t\t\t\t\t\t\t\tqt_totalbw_fk = '" . $inMaxBW . "',\r\n\t\t\t\t\t\t\t\tqt_minbw_fk = '" . $inMinBW . "',\r\n\t\t\t\t\t\t\t\tqt_maxcon_fk = '" . $inMaxCon . "',\r\n\t\t\t\t\t\t\t\tqt_filesize_fk = '" . $inDLsize . "',\r\n\t\t\t\t\t\t\t\tqt_filespeed_fk = '" . $inDLspeed . "',\r\n\t\t\t\t\t\t\t\tqt_filetype_vc = '" . $inDLtype . "',\r\n\t\t\t\t\t\t\t\tqt_modified_in = '1'\r\n\t\t\t\t\t\t\t\tWHERE qt_id_pk = '" . $inQuotaID . "'"; DataExchange("w", $z_db_name, $sql); $sql = "SELECT * FROM z_packages WHERE pk_id_pk ='" . $inPackage . "'"; $listpackages = DataExchange("r", $z_db_name, $sql); $rowpackages = mysql_fetch_assoc($listpackages); # Write the package mod_bw .conf if ($inUseBT == 1) { $inUseBT = "On"; } else { $inUseBT = "Off"; } if ($inUseFT == 1) { $inUseFT = "On";