/**
* check whether a maildir exists on the filesystem
*
* @param array $result all mail-info of customer
*
* @return boolean
*/
function maildirExists($result = null)
{
global $settings;
if (is_array($result)) {
$loginname = getCustomerDetail($result['customerid'], 'loginname');
if ($loginname !== false) {
$maildir = makeCorrectDir($settings['system']['vmail_homedir'] . '/' . $loginname . '/' . $result['email_full']);
if (@file_exists($maildir)) {
return true;
}
}
}
return false;
}
/**
* We compose the diroption entries for the paths
*/
public function createFileDirOptions()
{
$result_stmt = Database::query("\n\t\t\tSELECT `htac`.*, `c`.`guid`, `c`.`documentroot` AS `customerroot`\n\t\t\tFROM `" . TABLE_PANEL_HTACCESS . "` `htac`\n\t\t\tLEFT JOIN `" . TABLE_PANEL_CUSTOMERS . "` `c` USING (`customerid`)\n\t\t\tORDER BY `htac`.`path`\n\t\t");
$diroptions = array();
while ($row_diroptions = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
if ($row_diroptions['customerid'] != 0 && isset($row_diroptions['customerroot']) && $row_diroptions['customerroot'] != '') {
$diroptions[$row_diroptions['path']] = $row_diroptions;
$diroptions[$row_diroptions['path']]['htpasswds'] = array();
}
}
$result_stmt = Database::query("\n\t\t\tSELECT `htpw`.*, `c`.`guid`, `c`.`documentroot` AS `customerroot`\n\t\t\tFROM `" . TABLE_PANEL_HTPASSWDS . "` `htpw`\n\t\t\tLEFT JOIN `" . TABLE_PANEL_CUSTOMERS . "` `c` USING (`customerid`)\n\t\t\tORDER BY `htpw`.`path`, `htpw`.`username`\n\t\t");
while ($row_htpasswds = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
if ($row_htpasswds['customerid'] != 0 && isset($row_htpasswds['customerroot']) && $row_htpasswds['customerroot'] != '') {
if (!isset($diroptions[$row_htpasswds['path']]) || !is_array($diroptions[$row_htpasswds['path']])) {
$diroptions[$row_htpasswds['path']] = array();
}
$diroptions[$row_htpasswds['path']]['path'] = $row_htpasswds['path'];
$diroptions[$row_htpasswds['path']]['guid'] = $row_htpasswds['guid'];
$diroptions[$row_htpasswds['path']]['customerroot'] = $row_htpasswds['customerroot'];
$diroptions[$row_htpasswds['path']]['customerid'] = $row_htpasswds['customerid'];
$diroptions[$row_htpasswds['path']]['htpasswds'][] = $row_htpasswds;
}
}
foreach ($diroptions as $row_diroptions) {
$row_diroptions['path'] = makeCorrectDir($row_diroptions['path']);
mkDirWithCorrectOwnership($row_diroptions['customerroot'], $row_diroptions['path'], $row_diroptions['guid'], $row_diroptions['guid']);
$diroptions_filename = makeCorrectFile(Settings::Get('system.apacheconf_diroptions') . '/40_froxlor_diroption_' . md5($row_diroptions['path']) . '.conf');
if (!isset($this->diroptions_data[$diroptions_filename])) {
$this->diroptions_data[$diroptions_filename] = '';
}
if (is_dir($row_diroptions['path'])) {
$cperlenabled = customerHasPerlEnabled($row_diroptions['customerid']);
$this->diroptions_data[$diroptions_filename] .= '<Directory "' . $row_diroptions['path'] . '">' . "\n";
if (isset($row_diroptions['options_indexes']) && $row_diroptions['options_indexes'] == '1') {
$this->diroptions_data[$diroptions_filename] .= ' Options +Indexes';
// add perl options if enabled
if ($cperlenabled && isset($row_diroptions['options_cgi']) && $row_diroptions['options_cgi'] == '1') {
$this->diroptions_data[$diroptions_filename] .= ' +ExecCGI -MultiViews +SymLinksIfOwnerMatch +FollowSymLinks' . "\n";
} else {
$this->diroptions_data[$diroptions_filename] .= "\n";
}
fwrite($this->debugHandler, ' cron_tasks: Task3 - Setting Options +Indexes' . "\n");
}
if (isset($row_diroptions['options_indexes']) && $row_diroptions['options_indexes'] == '0') {
$this->diroptions_data[$diroptions_filename] .= ' Options -Indexes';
// add perl options if enabled
if ($cperlenabled && isset($row_diroptions['options_cgi']) && $row_diroptions['options_cgi'] == '1') {
$this->diroptions_data[$diroptions_filename] .= ' +ExecCGI -MultiViews +SymLinksIfOwnerMatch +FollowSymLinks' . "\n";
} else {
$this->diroptions_data[$diroptions_filename] .= "\n";
}
fwrite($this->debugHandler, ' cron_tasks: Task3 - Setting Options -Indexes' . "\n");
}
$statusCodes = array('404', '403', '500');
foreach ($statusCodes as $statusCode) {
if (isset($row_diroptions['error' . $statusCode . 'path']) && $row_diroptions['error' . $statusCode . 'path'] != '') {
$defhandler = $row_diroptions['error' . $statusCode . 'path'];
if (!validateUrl($defhandler)) {
if (substr($defhandler, 0, 1) != '"' && substr($defhandler, -1, 1) != '"') {
$defhandler = '"' . makeCorrectFile($defhandler) . '"';
}
}
$this->diroptions_data[$diroptions_filename] .= ' ErrorDocument ' . $statusCode . ' ' . $defhandler . "\n";
}
}
if ($cperlenabled && isset($row_diroptions['options_cgi']) && $row_diroptions['options_cgi'] == '1') {
$this->diroptions_data[$diroptions_filename] .= ' AllowOverride None' . "\n";
$this->diroptions_data[$diroptions_filename] .= ' AddHandler cgi-script .cgi .pl' . "\n";
// >=apache-2.4 enabled?
if (Settings::Get('system.apache24') == '1') {
$mypath_dir = new frxDirectory($row_diroptions['path']);
// only create the require all granted if there is not active directory-protection
// for this path, as this would be the first require and therefore grant all access
if ($mypath_dir->isUserProtected() == false) {
$this->diroptions_data[$diroptions_filename] .= ' Require all granted' . "\n";
}
} else {
$this->diroptions_data[$diroptions_filename] .= ' Order allow,deny' . "\n";
$this->diroptions_data[$diroptions_filename] .= ' Allow from all' . "\n";
}
fwrite($this->debugHandler, ' cron_tasks: Task3 - Enabling perl execution' . "\n");
// check for suexec-workaround, #319
if ((int) Settings::Get('perl.suexecworkaround') == 1) {
// symlink this directory to suexec-safe-path
$loginname = getCustomerDetail($row_diroptions['customerid'], 'loginname');
$suexecpath = makeCorrectDir(Settings::Get('perl.suexecpath') . '/' . $loginname . '/' . md5($row_diroptions['path']) . '/');
if (!file_exists($suexecpath)) {
safe_exec('mkdir -p ' . escapeshellarg($suexecpath));
safe_exec('chown -R ' . escapeshellarg($row_diroptions['guid']) . ':' . escapeshellarg($row_diroptions['guid']) . ' ' . escapeshellarg($suexecpath));
}
// symlink to {$givenpath}/cgi-bin
// NOTE: symlinks are FILES, so do not append a / here
$perlsymlink = makeCorrectFile($row_diroptions['path'] . '/cgi-bin');
if (!file_exists($perlsymlink)) {
safe_exec('ln -s ' . escapeshellarg($suexecpath) . ' ' . escapeshellarg($perlsymlink));
}
safe_exec('chown ' . escapeshellarg($row_diroptions['guid']) . ':' . escapeshellarg($row_diroptions['guid']) . ' ' . escapeshellarg($perlsymlink));
}
} else {
// if no perl-execution is enabled but the workaround is,
// we have to remove the symlink and folder in suexecpath
if ((int) Settings::Get('perl.suexecworkaround') == 1) {
$loginname = getCustomerDetail($row_diroptions['customerid'], 'loginname');
$suexecpath = makeCorrectDir(Settings::Get('perl.suexecpath') . '/' . $loginname . '/' . md5($row_diroptions['path']) . '/');
$perlsymlink = makeCorrectFile($row_diroptions['path'] . '/cgi-bin');
// remove symlink
if (file_exists($perlsymlink)) {
safe_exec('rm -f ' . escapeshellarg($perlsymlink));
}
// remove folder in suexec-path
if (file_exists($suexecpath)) {
safe_exec('rm -rf ' . escapeshellarg($suexecpath));
}
}
}
if (count($row_diroptions['htpasswds']) > 0) {
$htpasswd_filename = makeCorrectFile(Settings::Get('system.apacheconf_htpasswddir') . '/' . $row_diroptions['customerid'] . '-' . md5($row_diroptions['path']) . '.htpasswd');
if (!isset($this->htpasswds_data[$htpasswd_filename])) {
$this->htpasswds_data[$htpasswd_filename] = '';
}
foreach ($row_diroptions['htpasswds'] as $row_htpasswd) {
$this->htpasswds_data[$htpasswd_filename] .= $row_htpasswd['username'] . ':' . $row_htpasswd['password'] . "\n";
}
$this->diroptions_data[$diroptions_filename] .= ' AuthType Basic' . "\n";
$this->diroptions_data[$diroptions_filename] .= ' AuthName "' . $row_htpasswd['authname'] . '"' . "\n";
$this->diroptions_data[$diroptions_filename] .= ' AuthUserFile ' . $htpasswd_filename . "\n";
$this->diroptions_data[$diroptions_filename] .= ' require valid-user' . "\n";
}
$this->diroptions_data[$diroptions_filename] .= '</Directory>' . "\n";
}
}
}
$password = validate($_POST['password'], 'password');
$row = $db->query_first("SELECT `loginname` AS `customer` FROM `" . TABLE_PANEL_CUSTOMERS . "` WHERE `loginname`='" . $db->escape($loginname) . "'");
if ($row['customer'] == $loginname) {
$table = "`" . TABLE_PANEL_CUSTOMERS . "`";
$uid = 'customerid';
$adminsession = '0';
$is_admin = false;
} else {
if ((int) $settings['login']['domain_login'] == 1) {
/**
* check if the customer tries to login with a domain, #374
*/
$domainname = $idna_convert->encode(preg_replace(array('/\\:(\\d)+$/', '/^https?\\:\\/\\//'), '', $loginname));
$row2 = $db->query_first("SELECT `customerid` FROM `" . TABLE_PANEL_DOMAINS . "` WHERE `domain` = '" . $db->escape($domainname) . "'");
if (isset($row2['customerid']) && $row2['customerid'] > 0) {
$loginname = getCustomerDetail($row2['customerid'], 'loginname');
if ($loginname !== false) {
$row3 = $db->query_first("SELECT `loginname` AS `customer` FROM `" . TABLE_PANEL_CUSTOMERS . "` WHERE `loginname`='" . $db->escape($loginname) . "'");
if ($row3['customer'] == $loginname) {
$table = "`" . TABLE_PANEL_CUSTOMERS . "`";
$uid = 'customerid';
$adminsession = '0';
$is_admin = false;
}
} else {
$is_admin = true;
}
} else {
$is_admin = true;
}
} else {
$row = htmlentities_array($row);
eval("\$htaccess.=\"" . getTemplate("extras/htaccess_htaccess") . "\";");
$count++;
}
$i++;
}
eval("echo \"" . getTemplate("extras/htaccess") . "\";");
} elseif ($action == 'delete' && $id != 0) {
$result_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_HTACCESS . "`\n\t\t\tWHERE `customerid` = :customerid\n\t\t\tAND `id` = :id");
Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid'], "id" => $id));
$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
if (isset($result['customerid']) && $result['customerid'] != '' && $result['customerid'] == $userinfo['customerid']) {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
// do we have to remove the symlink and folder in suexecpath?
if ((int) Settings::Get('perl.suexecworkaround') == 1) {
$loginname = getCustomerDetail($result['customerid'], 'loginname');
$suexecpath = makeCorrectDir(Settings::Get('perl.suexecpath') . '/' . $loginname . '/' . md5($result['path']) . '/');
$perlsymlink = makeCorrectFile($result['path'] . '/cgi-bin');
// remove symlink
if (file_exists($perlsymlink)) {
safe_exec('rm -f ' . escapeshellarg($perlsymlink));
$log->logAction(USR_ACTION, LOG_DEBUG, "deleted suexecworkaround symlink '" . $perlsymlink . "'");
}
// remove folder in suexec-path
if (file_exists($suexecpath)) {
safe_exec('rm -rf ' . escapeshellarg($suexecpath));
$log->logAction(USR_ACTION, LOG_DEBUG, "deleted suexecworkaround path '" . $suexecpath . "'");
}
}
$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_HTACCESS . "`\n\t\t\t\t\tWHERE `customerid`= :customerid\n\t\t\t\t\tAND `id`= :id");
Database::pexecute($stmt, array("customerid" => $userinfo['customerid'], "id" => $id));
public function createFileDirOptions()
{
$result = $this->db->query('SELECT `htac`.*, `c`.`guid`, `c`.`documentroot` AS `customerroot` FROM `' . TABLE_PANEL_HTACCESS . '` `htac` LEFT JOIN `' . TABLE_PANEL_CUSTOMERS . '` `c` USING (`customerid`) ORDER BY `htac`.`path`');
$diroptions = array();
while ($row_diroptions = $this->db->fetch_array($result)) {
if ($row_diroptions['customerid'] != 0 && isset($row_diroptions['customerroot']) && $row_diroptions['customerroot'] != '') {
$diroptions[$row_diroptions['path']] = $row_diroptions;
$diroptions[$row_diroptions['path']]['htpasswds'] = array();
}
}
$result = $this->db->query('SELECT `htpw`.*, `c`.`guid`, `c`.`documentroot` AS `customerroot` FROM `' . TABLE_PANEL_HTPASSWDS . '` `htpw` LEFT JOIN `' . TABLE_PANEL_CUSTOMERS . '` `c` USING (`customerid`) ORDER BY `htpw`.`path`, `htpw`.`username`');
while ($row_htpasswds = $this->db->fetch_array($result)) {
if ($row_htpasswds['customerid'] != 0 && isset($row_htpasswds['customerroot']) && $row_htpasswds['customerroot'] != '') {
if (!isset($diroptions[$row_htpasswds['path']]) || !is_array($diroptions[$row_htpasswds['path']])) {
$diroptions[$row_htpasswds['path']] = array();
}
$diroptions[$row_htpasswds['path']]['path'] = $row_htpasswds['path'];
$diroptions[$row_htpasswds['path']]['guid'] = $row_htpasswds['guid'];
$diroptions[$row_htpasswds['path']]['customerroot'] = $row_htpasswds['customerroot'];
$diroptions[$row_htpasswds['path']]['customerid'] = $row_htpasswds['customerid'];
$diroptions[$row_htpasswds['path']]['htpasswds'][] = $row_htpasswds;
}
}
foreach ($diroptions as $row_diroptions) {
$row_diroptions['path'] = makeCorrectDir($row_diroptions['path']);
mkDirWithCorrectOwnership($row_diroptions['customerroot'], $row_diroptions['path'], $row_diroptions['guid'], $row_diroptions['guid']);
$diroptions_filename = makeCorrectFile($this->settings['system']['apacheconf_diroptions'] . '/40_froxlor_diroption_' . md5($row_diroptions['path']) . '.conf');
if (!isset($this->diroptions_data[$diroptions_filename])) {
$this->diroptions_data[$diroptions_filename] = '';
}
if (is_dir($row_diroptions['path'])) {
$cperlenabled = customerHasPerlEnabled($row_diroptions['customerid']);
$this->diroptions_data[$diroptions_filename] .= '<Directory "' . $row_diroptions['path'] . '">' . "\n";
if (isset($row_diroptions['options_indexes']) && $row_diroptions['options_indexes'] == '1') {
$this->diroptions_data[$diroptions_filename] .= ' Options +Indexes';
// add perl options if enabled
if ($cperlenabled && isset($row_diroptions['options_cgi']) && $row_diroptions['options_cgi'] == '1') {
$this->diroptions_data[$diroptions_filename] .= ' ExecCGI -MultiViews +SymLinksIfOwnerMatch +FollowSymLinks' . "\n";
} else {
$this->diroptions_data[$diroptions_filename] .= "\n";
}
fwrite($this->debugHandler, ' cron_tasks: Task3 - Setting Options +Indexes' . "\n");
}
if (isset($row_diroptions['options_indexes']) && $row_diroptions['options_indexes'] == '0') {
$this->diroptions_data[$diroptions_filename] .= ' Options -Indexes';
// add perl options if enabled
if ($cperlenabled && isset($row_diroptions['options_cgi']) && $row_diroptions['options_cgi'] == '1') {
$this->diroptions_data[$diroptions_filename] .= ' ExecCGI -MultiViews +SymLinksIfOwnerMatch +FollowSymLinks' . "\n";
} else {
$this->diroptions_data[$diroptions_filename] .= "\n";
}
fwrite($this->debugHandler, ' cron_tasks: Task3 - Setting Options -Indexes' . "\n");
}
if (isset($row_diroptions['error404path']) && $row_diroptions['error404path'] != '') {
$this->diroptions_data[$diroptions_filename] .= ' ErrorDocument 404 "' . $this->escapeConfigParameter($row_diroptions['error404path']) . '"' . "\n";
}
if (isset($row_diroptions['error403path']) && $row_diroptions['error403path'] != '') {
$this->diroptions_data[$diroptions_filename] .= ' ErrorDocument 403 "' . $this->escapeConfigParameter($row_diroptions['error403path']) . '"' . "\n";
}
if (isset($row_diroptions['error500path']) && $row_diroptions['error500path'] != '') {
$this->diroptions_data[$diroptions_filename] .= ' ErrorDocument 500 "' . $this->escapeConfigParameter($row_diroptions['error500path']) . '"' . "\n";
}
if ($cperlenabled && isset($row_diroptions['options_cgi']) && $row_diroptions['options_cgi'] == '1') {
$this->diroptions_data[$diroptions_filename] .= ' AllowOverride None' . "\n";
$this->diroptions_data[$diroptions_filename] .= ' AddHandler cgi-script .cgi .pl' . "\n";
$this->diroptions_data[$diroptions_filename] .= ' Order allow,deny' . "\n";
$this->diroptions_data[$diroptions_filename] .= ' Allow from all' . "\n";
fwrite($this->debugHandler, ' cron_tasks: Task3 - Enabling perl execution' . "\n");
// check for suexec-workaround, #319
if ((int) $this->settings['perl']['suexecworkaround'] == 1) {
// symlink this directory to suexec-safe-path
$loginname = getCustomerDetail($row_diroptions['customerid'], 'loginname');
$suexecpath = makeCorrectDir($this->settings['perl']['suexecpath'] . '/' . $loginname . '/' . md5($row_diroptions['path']) . '/');
if (!file_exists($suexecpath)) {
safe_exec('mkdir -p ' . escapeshellarg($suexecpath));
safe_exec('chown -R ' . escapeshellarg($row_diroptions['guid']) . ':' . escapeshellarg($row_diroptions['guid']) . ' ' . escapeshellarg($suexecpath));
}
// symlink to {$givenpath}/cgi-bin
// NOTE: symlinks are FILES, so do not append a / here
$perlsymlink = makeCorrectFile($row_diroptions['path'] . '/cgi-bin');
if (!file_exists($perlsymlink)) {
safe_exec('ln -s ' . escapeshellarg($suexecpath) . ' ' . escapeshellarg($perlsymlink));
}
safe_exec('chown ' . escapeshellarg($row_diroptions['guid']) . ':' . escapeshellarg($row_diroptions['guid']) . ' ' . escapeshellarg($perlsymlink));
}
} else {
// if no perl-execution is enabled but the workaround is,
// we have to remove the symlink and folder in suexecpath
if ((int) $this->settings['perl']['suexecworkaround'] == 1) {
$loginname = getCustomerDetail($row_diroptions['customerid'], 'loginname');
$suexecpath = makeCorrectDir($this->settings['perl']['suexecpath'] . '/' . $loginname . '/' . md5($row_diroptions['path']) . '/');
$perlsymlink = makeCorrectFile($row_diroptions['path'] . '/cgi-bin');
// remove symlink
if (file_exists($perlsymlink)) {
safe_exec('rm -f ' . escapeshellarg($perlsymlink));
}
// remove folder in suexec-path
if (file_exists($suexecpath)) {
safe_exec('rm -rf ' . escapeshellarg($suexecpath));
}
}
}
if (count($row_diroptions['htpasswds']) > 0) {
$htpasswd_filename = makeCorrectFile($this->settings['system']['apacheconf_htpasswddir'] . '/' . $row_diroptions['customerid'] . '-' . md5($row_diroptions['path']) . '.htpasswd');
if (!isset($this->htpasswds_data[$htpasswd_filename])) {
$this->htpasswds_data[$htpasswd_filename] = '';
}
foreach ($row_diroptions['htpasswds'] as $row_htpasswd) {
$this->htpasswds_data[$htpasswd_filename] .= $row_htpasswd['username'] . ':' . $row_htpasswd['password'] . "\n";
}
$this->diroptions_data[$diroptions_filename] .= ' AuthType Basic' . "\n";
$this->diroptions_data[$diroptions_filename] .= ' AuthName "' . $row_htpasswd['authname'] . '"' . "\n";
$this->diroptions_data[$diroptions_filename] .= ' AuthUserFile ' . $htpasswd_filename . "\n";
$this->diroptions_data[$diroptions_filename] .= ' require valid-user' . "\n";
}
$this->diroptions_data[$diroptions_filename] .= '</Directory>' . "\n";
}
}
}
