function gen_htaccess_entries(&$tpl, &$sql, &$dmn_id) { $query = <<<SQL_QUERY select * from htaccess where dmn_id = ? SQL_QUERY; $rs = exec_query($sql, $query, array($dmn_id)); if ($rs->RecordCount() == 0) { $tpl->assign('PROTECTED_AREAS', ''); set_page_message(tr('You do not have protected areas')); } else { $counter = 0; while (!$rs->EOF) { if ($counter % 2 == 0) { $tpl->assign('CLASS', 'content'); } else { $tpl->assign('CLASS', 'content2'); } $id = $rs->fields['id']; $user_id = $rs->fields['user_id']; $group_id = $rs->fields['group_id']; $status = $rs->fields['status']; $path = $rs->fields['path']; $auth_name = $rs->fields['auth_name']; $tpl->assign(array('AREA_NAME' => $auth_name, 'AREA_PATH' => $path, 'PID' => $id, 'STATUS' => translate_dmn_status($status))); $tpl->parse('DIR_ITEM', '.dir_item'); $rs->MoveNext(); $counter++; } } }
/** * net2ftp authentication * * @author William Lightning <*****@*****.**> * @since 1.1.0 * @param int $userId ftp username * @return bool TRUE on success, FALSE otherwise */ function net2ftpAuth($userId) { $credentials = _getLoginCredentials($userId); if ($credentials) { $data = http_build_query(array('username' => $credentials[0], 'password' => stripcslashes($credentials[1]), 'ftpserver' => '127.0.0.1', 'ftpserverport' => '21', 'directory' => '', 'language' => 'en', 'ftpmode' => 'automatic', 'state' => 'browse', 'state2' => 'main')); } else { set_page_message(tr('Error: Unknown FTP user id!')); return false; } // Prepares net2ftp absolute URI to use if (isset($_SERVER['HTTPS']) && !empty($_SERVER['HTTPS'])) { $port = $_SERVER['SERVER_PORT'] != '443' ? ':' . $_SERVER['SERVER_PORT'] : ''; $net2ftpUri = "https://{$_SERVER['SERVER_NAME']}{$port}/ftp/"; } else { $port = $_SERVER['SERVER_PORT'] != '80' ? ':' . $_SERVER['SERVER_PORT'] : ''; $net2ftpUri = "http://{$_SERVER['SERVER_NAME']}{$port}/ftp/"; } // Set stream context (http) options stream_context_get_default(array('http' => array('method' => 'POST', 'header' => "Host: {$_SERVER['SERVER_NAME']}{$port}\r\n" . "Content-Type: application/x-www-form-urlencoded\r\n" . 'Content-Length: ' . strlen($data) . "\r\n" . "Connection: close\r\n\r\n", 'content' => $data, 'user_agent' => $_SERVER["HTTP_USER_AGENT"], 'max_redirects' => 1))); // Gets the headers from PhpMyAdmin $headers = get_headers($net2ftpUri, true); // Absolute minimum I could get a listing with. $url = $net2ftpUri . '?ftpserver=127.0.0.1&username='******'&state=browse&state2=main'; _net2ftpCreateCookies($headers['Set-Cookie']); header("Location: {$url}"); return true; }
/** * Update autoresponder of the given mail account * * @param int $mailAccountId Mail account id * @param string $autoresponderMessage Auto-responder message * @return void */ function client_updateAutoresponder($mailAccountId, $autoresponderMessage) { $autoresponderMessage = clean_input($autoresponderMessage); if ($autoresponderMessage == '') { set_page_message(tr('Auto-responder message cannot be empty.'), 'error'); redirectTo("mail_autoresponder_enable.php?mail_account_id={$mailAccountId}"); } else { $db = iMSCP_Database::getInstance(); try { $db->beginTransaction(); $query = "SELECT `mail_addr` FROM `mail_users` WHERE `mail_id` = ?"; $stmt = exec_query($query, $mailAccountId); $query = "UPDATE `mail_users` SET `status` = ?, `mail_auto_respond_text` = ? WHERE `mail_id` = ?"; exec_query($query, array('tochange', $autoresponderMessage, $mailAccountId)); // Purge autoreplies log entries delete_autoreplies_log_entries(); $db->commit(); // Ask iMSCP daemon to trigger engine dispatcher send_request(); write_log(sprintf("%s: Updated auto-responder for the '%s' mail account", $_SESSION['user_logged'], $stmt->fields['mail_addr']), E_USER_NOTICE); set_page_message(tr('Auto-responder successfully scheduled for update.'), 'success'); } catch (iMSCP_Exception_Database $e) { $db->rollBack(); throw $e; } } }
/** * Implements the onLoginScriptEnd listener method. * * @param iMSCP_Events_Event $event */ public function onLoginScriptEnd($event) { // Say Hello World on the login page set_page_message('i-MSCP HelloWorld plugin says: Hello World', 'info'); // Stop the propagation of this event to prevent execution of any other plugin that also listen on it. $event->stopPropagation(); }
/** * @todo What's about the outcommented code? */ function update_server_settings() { $sql = EasySCP_Registry::get('Db'); if (!isset($_POST['uaction']) && !isset($_POST['uaction'])) { return; } /*global $data; $match = array(); preg_match("/^(-1|0|[1-9][0-9]*)$/D", $data, $match);*/ $max_traffic = clean_input($_POST['max_traffic']); $traffic_warning = $_POST['traffic_warning']; if (!is_numeric($max_traffic) || !is_numeric($traffic_warning)) { set_page_message(tr('Wrong data input!'), 'warning'); } if ($traffic_warning > $max_traffic) { set_page_message(tr('Warning traffic is bigger than max traffic!'), 'warning'); return; } if ($max_traffic < 0) { $max_traffic = 0; } if ($traffic_warning < 0) { $traffic_warning = 0; } $query = "\n\t\tUPDATE\n\t\t\t`straff_settings`\n\t\tSET\n\t\t\t`straff_max` = ?,\n\t\t\t`straff_warn` = ?\n\t"; exec_query($sql, $query, array($max_traffic, $traffic_warning)); set_page_message(tr('Server traffic settings updated successfully!'), 'success'); }
function gen_page_dynamic_data(&$tpl, &$sql, $mail_id) { global $cfg; if (isset($_POST['uaction']) && $_POST['uaction'] === 'enable_arsp') { if ($_POST['arsp_message'] === '') { $tpl->assign('ARSP_MESSAGE', ''); set_page_message(tr('Please type your mail autorespond message!')); return; } $arsp_message = $_POST['arsp_message']; $item_change_status = $cfg['ITEM_CHANGE_STATUS']; check_for_lock_file(); $query = <<<SQL_QUERY update mail_users set status = ?, mail_auto_respond = ? where mail_id = ? SQL_QUERY; $rs = exec_query($sql, $query, array($item_change_status, $arsp_message, $mail_id)); send_request(); write_log($_SESSION['user_logged'] . " : add mail autorsponder"); set_page_message(tr('Mail account scheduler for modification!')); header("Location: email_accounts.php"); exit(0); } else { $tpl->assign('ARSP_MESSAGE', ''); } }
/** * Update server traffic settings. * * @param int $trafficLimit Monthly traffic limit * @param int $trafficWarning Traffic warning * @return bool TRUE on success FALSE otherwise */ function admin_updateServerTrafficSettings($trafficLimit, $trafficWarning) { $retVal = true; if (!is_numeric($trafficLimit)) { set_page_message(tr('Monthly traffic limit must be a number.'), 'error'); $retVal = false; } if (!is_numeric($trafficWarning)) { set_page_message(tr('Monthly traffic warning must be a number.'), 'error'); $retVal = false; } if ($retVal && $trafficWarning > $trafficLimit) { set_page_message(tr('Monthly traffic warning cannot be bigger than monthly traffic limit.'), 'error'); $retVal = false; } if ($retVal) { /** @var $db_cfg iMSCP_Config_Handler_Db */ $dbConfig = iMSCP_Registry::get('dbConfig'); $dbConfig->SERVER_TRAFFIC_LIMIT = $trafficLimit; $dbConfig->SERVER_TRAFFIC_WARN = $trafficWarning; // gets the number of queries that were been executed $updtCount = $dbConfig->countQueries('update'); $newCount = $dbConfig->countQueries('insert'); // An Update was been made in the database ? if ($updtCount || $newCount) { set_page_message(tr('Server traffic settings successfully updated.', $updtCount), 'success'); write_log("{$_SESSION['user_logged']} updated server traffic settings.", E_USER_NOTICE); } else { set_page_message(tr("Nothing has been changed."), 'info'); } } return $retVal; }
function update_password() { $cfg = EasySCP_Registry::get('Config'); $sql = EasySCP_Registry::get('Db'); if (isset($_POST['uaction']) && $_POST['uaction'] === 'updt_pass') { if (empty($_POST['pass']) || empty($_POST['pass_rep']) || empty($_POST['curr_pass'])) { set_page_message(tr('Please fill up all data fields!'), 'warning'); } else { if (!chk_password($_POST['pass'])) { if ($cfg->PASSWD_STRONG) { set_page_message(sprintf(tr('The password must be at least %s chars long and contain letters and numbers to be valid.'), $cfg->PASSWD_CHARS), 'warning'); } else { set_page_message(sprintf(tr('Password data is shorter than %s signs or includes not permitted signs!'), $cfg->PASSWD_CHARS), 'warning'); } } else { if ($_POST['pass'] !== $_POST['pass_rep']) { set_page_message(tr('Passwords do not match!'), 'warning'); } else { if (check_udata($_SESSION['user_id'], $_POST['curr_pass']) === false) { set_page_message(tr('The current password is wrong!'), 'warning'); } else { $upass = crypt_user_pass($_POST['pass']); $_SESSION['user_pass'] = $upass; $user_id = $_SESSION['user_id']; $query = "\n\t\t\t\tUPDATE\n\t\t\t\t\t`admin`\n\t\t\t\tSET\n\t\t\t\t\t`admin_pass` = ?\n\t\t\t\tWHERE\n\t\t\t\t\t`admin_id` = ?\n\t\t\t"; exec_query($sql, $query, array($upass, $user_id)); set_page_message(tr('User password updated successfully!'), 'success'); } } } } } }
/** * Generates directories list. * * @param iMSCP_pTemplate $tpl Template engine instance * @return void */ function client_generateDirectoriesList($tpl) { // Initialize variables $path = isset($_GET['cur_dir']) ? clean_input($_GET['cur_dir']) : ''; $domain = $_SESSION['user_logged']; // Create the virtual file system and open it so it can be used $vfs = new iMSCP_VirtualFileSystem($domain); // Get the directory listing $list = $vfs->ls($path); if (!$list) { set_page_message(tr('Unable to retrieve directories list for your domain. Please contact your reseller.'), 'error'); $tpl->assign('FTP_CHOOSER', ''); return; } // Show parent directory link $parent = explode('/', $path); array_pop($parent); $parent = implode('/', $parent); $tpl->assign(array('ACTION_LINK' => '', 'ACTION' => '', 'ICON' => 'parent', 'DIR_NAME' => tr('Parent directory'), 'LINK' => "ftp_choose_dir.php?cur_dir={$parent}")); $tpl->parse('DIR_ITEM', '.dir_item'); // Show directories only foreach ($list as $entry) { $directory = $path . '/' . $entry['file']; if ($entry['type'] != iMSCP_VirtualFileSystem::VFS_TYPE_DIR || ($entry['file'] == '.' || $entry['file'] == '..') || !isAllowedDir(get_user_domain_id($_SESSION['user_id']), $directory)) { continue; } // Create the directory link $tpl->assign(array('DIR_NAME' => tohtml($entry['file']), 'CHOOSE_IT' => $directory, 'LINK' => 'ftp_choose_dir.php?cur_dir=' . $directory)); $tpl->parse('ACTION_LINK', 'action_link'); $tpl->parse('DIR_ITEM', '.dir_item'); } }
function update_password() { global $sql; if (isset($_POST['uaction']) && $_POST['uaction'] === 'updt_pass') { if (!vhcs_password_check($_POST['pass'], 20)) { set_page_message(tr('Incorrect password range or syntax!')); } else { if ($_POST['pass'] === '' || $_POST['pass_rep'] === '') { set_page_message(tr('Please fill up both data fields!')); } else { if ($_POST['pass'] !== $_POST['pass_rep']) { set_page_message(tr('Passwords does not match!')); } else { $upass = crypt_user_pass($_POST['pass']); $user_id = $_SESSION['user_id']; $query = <<<SQL_QUERY update admin set admin_pass = ? where admin_id = ? SQL_QUERY; $rs = exec_query($sql, $query, array($upass, $user_id)); set_page_message(tr('User password updated successfully!')); } } } } }
/** * Updates htaccess user. * * @param int $dmn_id Domain unique identifier * @param int $uuser_id Htaccess user unique identifier * @return */ function client_updateHtaccessUser(&$dmn_id, &$uuser_id) { if (isset($_POST['uaction']) && $_POST['uaction'] == 'modify_user') { // we have to add the user if (isset($_POST['pass']) && isset($_POST['pass_rep'])) { if (!checkPasswordSyntax($_POST['pass'])) { return; } if ($_POST['pass'] !== $_POST['pass_rep']) { set_page_message(tr("Passwords do not match."), 'error'); return; } $nadmin_password = cryptPasswordWithSalt($_POST['pass'], generateRandomSalt(true)); $change_status = 'tochange'; $query = "\n\t\t\t\tUPDATE\n\t\t\t\t\t`htaccess_users`\n\t\t\t\tSET\n\t\t\t\t\t`upass` = ?, `status` = ?\n\t\t\t\tWHERE\n\t\t\t\t\t`dmn_id` = ?\n\t\t\t\tAND\n\t\t\t\t\t`id` = ?\n\t\t\t"; exec_query($query, array($nadmin_password, $change_status, $dmn_id, $uuser_id)); send_request(); $query = "\n\t\t\t\tSELECT\n\t\t\t\t\t`uname`\n\t\t\t\tFROM\n\t\t\t\t\t`htaccess_users`\n\t\t\t\tWHERE\n\t\t\t\t\t`dmn_id` = ?\n\t\t\t\tAND\n\t\t\t\t\t`id` = ?\n\t\t\t"; $rs = exec_query($query, array($dmn_id, $uuser_id)); $uname = $rs->fields['uname']; $admin_login = $_SESSION['user_logged']; write_log("{$admin_login}: updated htaccess user ID: {$uname}", E_USER_NOTICE); redirectTo('protected_user_manage.php'); } } else { return; } }
/** * @todo check if it's useful to have the table admin two times in the same query * @param EasySCP_TemplateEngine $tpl */ function gen_reseller_table($tpl) { $cfg = EasySCP_Registry::get('Config'); $sql = EasySCP_Registry::get('Db'); $query = "\n\t\tSELECT\n\t\t\tt1.`admin_id`, t1.`admin_name`, t2.`admin_name` AS created_by\n\t\tFROM\n\t\t\t`admin` AS t1,\n\t\t\t`admin` AS t2\n\t\tWHERE\n\t\t\tt1.`admin_type` = 'reseller'\n\t\tAND\n\t\t\tt1.`created_by` = t2.`admin_id`\n\t\tORDER BY\n\t\t\t`created_by`,\n\t\t\t`admin_id`\n\t"; $rs = exec_query($sql, $query); $i = 0; if ($rs->recordCount() == 0) { set_page_message(tr('Reseller list is empty!'), 'info'); } else { while (!$rs->EOF) { $admin_id = $rs->fields['admin_id']; $admin_id_var_name = "admin_id_" . $admin_id; $tpl->append(array('NUMBER' => $i + 1, 'RESELLER_NAME' => tohtml($rs->fields['admin_name']), 'OWNER' => tohtml($rs->fields['created_by']), 'CKB_NAME' => $admin_id_var_name)); $rs->moveNext(); $i++; } $tpl->assign('PAGE_MESSAGE', ''); } $query = "\n\t\tSELECT\n\t\t\t`admin_id`, `admin_name`\n\t\tFROM\n\t\t\t`admin`\n\t\tWHERE\n\t\t\t`admin_type` = 'admin'\n\t\tORDER BY\n\t\t\t`admin_name`\n\t"; $rs = exec_query($sql, $query); while (!$rs->EOF) { if (isset($_POST['uaction']) && $_POST['uaction'] === 'reseller_owner' && (isset($_POST['dest_admin']) && $_POST['dest_admin'] == $rs->fields['admin_id'])) { $selected = $cfg->HTML_SELECTED; } else { $selected = ''; } $tpl->append(array('OPTION' => tohtml($rs->fields['admin_name']), 'VALUE' => $rs->fields['admin_id'], 'SELECTED' => $selected)); $rs->moveNext(); } $tpl->assign('PAGE_MESSAGE', ''); }
function send_user_message(&$sql, $user_id, $reseller_id) { if (!isset($_POST['uaction'])) { return; } if ($_POST['subj'] === '') { set_page_message(tr('Please specify message subject!')); return; } if ($_POST['user_message'] === '') { set_page_message(tr('Please type your message!')); return; } $ticket_date = time(); $urgency = $_POST['urgency']; $subj = $_POST['subj']; $user_message = preg_replace("/\n/", "<br>", $_POST["user_message"]); $ticket_status = 1; $ticket_reply = 0; $ticket_level = 1; $query = <<<SQL_QUERY insert into tickets (ticket_level, ticket_from, ticket_to, ticket_status, ticket_reply, ticket_urgency, ticket_date, ticket_subject, ticket_message) values (?, ?, ?, ?, ?, ?, ?, ?, ?) SQL_QUERY; $rs = exec_query($sql, $query, array($ticket_level, $user_id, $reseller_id, $ticket_status, $ticket_reply, $urgency, $ticket_date, htmlspecialchars($subj, ENT_QUOTES, "UTF-8"), htmlspecialchars($user_message, ENT_QUOTES, "UTF-8"))); send_tickets_msg($reseller_id, $user_id, $subj); set_page_message(tr('Your message was sent!')); header("Location: support_system.php"); exit(0); }
function update_logo() { global $cfg; if (isset($_POST['uaction']) && $_POST['uaction'] === 'upload_logo') { $file_type = $_FILES['logo_file']['type']; if (empty($_FILES['logo_file']['name'])) { set_page_message(tr('Upload file error!')); return; } if (!($file_type === "image/gif" || $file_type === "image/jpeg" || $file_type === "image/pjpeg")) { set_page_message(tr('You can upload only images!')); return; } else { $fname = $_FILES['logo_file']['name']; $fsize = $_FILES['logo_file']['size']; $user_id = $_SESSION['user_id']; $path1 = substr($_SERVER['SCRIPT_FILENAME'], 0, strpos($_SERVER['SCRIPT_FILENAME'], '/admin/layout.php') + 1); $path2 = substr($cfg['ROOT_TEMPLATE_PATH'], 0, strpos($cfg['ROOT_TEMPLATE_PATH'], '/tpl') + 1); // move_uploaded_file($_FILES['logo_file']['tmp_name'], $path1 . "/themes/user_logos/" . get_user_name($user_id) . ".jpg"); update_user_gui_props(get_user_name($user_id) . ".jpg", $user_id); set_page_message(tr('Your logo was successful uploaded!')); } } }
function padd_group($tpl, $sql, $dmn_id) { $cfg = EasySCP_Registry::get('Config'); if (isset($_POST['uaction']) && $_POST['uaction'] == 'add_group') { // we have to add the group if (isset($_POST['groupname'])) { if (!validates_username($_POST['groupname'])) { set_page_message(tr('Invalid group name!'), 'warning'); return; } $groupname = $_POST['groupname']; $query = "\n\t\t\t\tSELECT\n\t\t\t\t\t`id`\n\t\t\t\tFROM\n\t\t\t\t\t`htaccess_groups`\n\t\t\t\tWHERE\n\t\t\t\t\t`ugroup` = ?\n\t\t\t\tAND\n\t\t\t\t\t`dmn_id` = ?\n\t\t\t"; $rs = exec_query($sql, $query, array($groupname, $dmn_id)); if ($rs->recordCount() == 0) { $change_status = $cfg->ITEM_ADD_STATUS; $query = "\n\t\t\t\t\tINSERT INTO `htaccess_groups`\n\t\t\t\t\t\t(`dmn_id`, `ugroup`, `status`)\n\t\t\t\t\tVALUES\n\t\t\t\t\t\t(?, ?, ?)\n\t\t\t\t"; exec_query($sql, $query, array($dmn_id, $groupname, $change_status)); send_request(); $admin_login = $_SESSION['user_logged']; write_log("{$admin_login}: add group (protected areas): {$groupname}"); user_goto('protected_user_manage.php'); } else { set_page_message(tr('Group already exists!'), 'error'); return; } } else { set_page_message(tr('Invalid group name!'), 'error'); return; } } else { return; } }
/** * Generate page * * @param iMSCP_pTemplate $tpl * @return void */ function admin_generatePage($tpl) { /** @var $cfg iMSCP_Config_Handler_File */ $cfg = iMSCP_Registry::get('config'); if (!isset($cfg['CHECK_FOR_UPDATES']) || !$cfg['CHECK_FOR_UPDATES']) { set_page_message(tr('i-MSCP version update checking is disabled'), 'static_warning'); } else { /** @var iMSCP_Update_Version $updateVersion */ $updateVersion = iMSCP_Update_Version::getInstance(); if ($updateVersion->isAvailableUpdate()) { if ($updateInfo = $updateVersion->getUpdateInfo()) { $date = new DateTime($updateInfo['published_at']); $tpl->assign(array('TR_UPDATE_INFO' => tr('Update info'), 'TR_RELEASE_VERSION' => tr('Release version'), 'RELEASE_VERSION' => tohtml($updateInfo['tag_name']), 'TR_RELEASE_DATE' => tr('Release date'), 'RELEASE_DATE' => tohtml($date->format($cfg['DATE_FORMAT'])), 'TR_RELEASE_DESCRIPTION' => tr('Release description'), 'RELEASE_DESCRIPTION' => tohtml($updateInfo['body']), 'TR_DOWNLOAD_LINKS' => tr('Download links'), 'TR_DOWNLOAD_ZIP' => tr('Download ZIP'), 'TR_DOWNLOAD_TAR' => tr('Download TAR'), 'TARBALL_URL' => tohtml($updateInfo['tarball_url']), 'ZIPBALL_URL' => tohtml($updateInfo['zipball_url']))); return; } else { set_page_message($updateVersion->getError(), 'error'); } } elseif ($updateVersion->getError()) { set_page_message($updateVersion, 'error'); } else { set_page_message(tr('No update available'), 'static_info'); } } $tpl->assign('UPDATE_INFO', ''); }
function update_reseller_personal_data(&$sql, $user_id) { $fname = htmlspecialchars($_POST['fname'], ENT_QUOTES, "UTF-8"); $lname = htmlspecialchars($_POST['lname'], ENT_QUOTES, "UTF-8"); $firm = htmlspecialchars($_POST['firm'], ENT_QUOTES, "UTF-8"); $zip = htmlspecialchars($_POST['zip'], ENT_QUOTES, "UTF-8"); $city = htmlspecialchars($_POST['city'], ENT_QUOTES, "UTF-8"); $country = htmlspecialchars($_POST['country'], ENT_QUOTES, "UTF-8"); $street1 = htmlspecialchars($_POST['street1'], ENT_QUOTES, "UTF-8"); $street2 = htmlspecialchars($_POST['street2'], ENT_QUOTES, "UTF-8"); $email = htmlspecialchars($_POST['email'], ENT_QUOTES, "UTF-8"); $phone = htmlspecialchars($_POST['phone'], ENT_QUOTES, "UTF-8"); $fax = htmlspecialchars($_POST['fax'], ENT_QUOTES, "UTF-8"); $query = <<<SQL_QUERY update admin set fname = ?, lname = ?, firm = ?, zip = ?, city = ?, country = ?, email = ?, phone = ?, fax = ?, street1 = ?, street2 = ? where admin_id = ? SQL_QUERY; $rs = exec_query($sql, $query, array($fname, $lname, $firm, $zip, $city, $country, $email, $phone, $fax, $street1, $street2, $user_id)); set_page_message(tr('Personal data updated successfully!')); }
/** * Schedule backup restoration. * * @param int $userId Customer unique identifier * @return void */ function scheduleBackupRestoration($userId) { exec_query("UPDATE `domain` SET `domain_status` = ? WHERE `domain_admin_id` = ?", array('torestore', $userId)); send_request(); write_log($_SESSION['user_logged'] . ": scheduled backup restoration.", E_USER_NOTICE); set_page_message(tr('Backup has been successfully scheduled for restoration.'), 'success'); }
/** * Adds Htaccess group. * * @param int $domainId Domain unique identifier * @return */ function client_addHtaccessGroup($domainId) { if (isset($_POST['uaction']) && $_POST['uaction'] == 'add_group') { // we have to add the group if (isset($_POST['groupname'])) { if (!validates_username($_POST['groupname'])) { set_page_message(tr('Invalid group name!'), 'error'); return; } $groupname = $_POST['groupname']; $query = "\n\t\t\t\tSELECT\n\t\t\t\t\t`id`\n\t\t\t\tFROM\n\t\t\t\t\t`htaccess_groups`\n\t\t\t\tWHERE\n\t\t\t\t\t`ugroup` = ?\n\t\t\t\tAND\n\t\t\t\t\t`dmn_id` = ?\n\t\t\t"; $rs = exec_query($query, array($groupname, $domainId)); if ($rs->rowCount() == 0) { $change_status = 'toadd'; $query = "\n\t\t\t\t\tINSERT INTO `htaccess_groups` (\n\t\t\t\t\t `dmn_id`, `ugroup`, `status`\n\t\t\t\t\t) VALUES (\n\t\t\t\t\t ?, ?, ?\n\t\t\t\t\t)\n\t\t\t\t"; exec_query($query, array($domainId, $groupname, $change_status)); send_request(); set_page_message(tr('Htaccess group successfully scheduled for addition.'), 'success'); $admin_login = $_SESSION['user_logged']; write_log("{$admin_login}: added htaccess group: {$groupname}", E_USER_NOTICE); redirectTo('protected_user_manage.php'); } else { set_page_message(tr('This htaccess group already exists.'), 'error'); return; } } else { set_page_message(tr('Invalid htaccess group name.'), 'error'); return; } } else { return; } }
/** * Kill user session. * * @return void */ function kill_session() { if (isset($_GET['kill']) && $_GET['kill'] !== '' && isset($_GET['username'])) { $username = clean_input($_GET['username']); $sessionId = clean_input($_GET['kill']); // Getting current session id $currentSessionId = session_id(); // Closing current session session_write_close(); // Switch to session to handle session_id($sessionId); session_start(); if (isset($_GET['logout_only'])) { iMSCP_Authentication::getInstance()->unsetIdentity(); session_write_close(); $message = tr('User successfully disconnected.'); } else { iMSCP_Authentication::getInstance()->unsetIdentity(); session_destroy(); $message = tr('User session successfully destroyed.'); } // Restore session session_id($currentSessionId); session_start(); set_page_message($message, 'success'); write_log($_SESSION['user_logged'] . ": has disconnected {$username} or destroyed its session", E_USER_NOTICE); } elseif (isset($_GET['own'])) { set_page_message(tr("You are not allowed to act on your own session."), 'warning'); } }
function update_server_settings(&$sql) { if (!isset($_POST['uaction']) && !isset($_POST['uaction'])) { return; } else { global $data; preg_match("/^(-1|0|[1-9][0-9]*)\$/", $data, $match); $max_traffic = $_POST['max_traffic']; $traffic_warning = $_POST['traffic_warning']; if (!is_numeric($max_traffic) || !is_numeric($traffic_warning)) { set_page_message(tr('Wrong data input!')); } if ($traffic_warning > $max_traffic) { set_page_message(tr('Warning traffic is bigger then max traffic!')); return; } if ($max_traffic < 0) { $max_traffic = 0; } if ($traffic_warning < 0) { $traffic_warning = 0; } $query = <<<SQL_QUERY update straff_settings set straff_max = ?, straff_warn = ? SQL_QUERY; $rs = exec_query($sql, $query, array($max_traffic, $traffic_warning)); set_page_message(tr('Server traffic settings updated successfully!')); } }
/** * Pydio authentication * * @param int $userId ftp username * @return bool FALSE on failure */ function client_pydioAuth($userId) { if (file_exists(GUI_ROOT_DIR . '/data/tmp/failedAJXP.log')) { @unlink(GUI_ROOT_DIR . '/data/tmp/failedAJXP.log'); } $credentials = _client_pydioGetLoginCredentials($userId); if (!$credentials) { set_page_message(tr('Unknown FTP user.'), 'error'); return false; } $contextOptions = array(); // Prepares Pydio absolute Uri to use if (isSecureRequest()) { $contextOptions = array('ssl' => array('verify_peer' => false, 'allow_self_signed' => true)); } $pydioBaseUrl = getBaseUrl() . '/ftp/'; $port = getUriPort(); // Pydio authentication $context = stream_context_create(array_merge($contextOptions, array('http' => array('method' => 'GET', 'protocol_version' => '1.1', 'header' => array('Host: ' . $_SERVER['SERVER_NAME'] . ($port ? ':' . $port : ''), 'User-Agent: i-MSCP', 'Connection: close'))))); # Getting secure token $secureToken = file_get_contents("{$pydioBaseUrl}/index.php?action=get_secure_token", false, $context); $postData = http_build_query(array('get_action' => 'login', 'userid' => $credentials[0], 'login_seed' => '-1', "remember_me" => 'false', 'password' => stripcslashes($credentials[1]), '_method' => 'put')); $contextOptions = array_merge($contextOptions, array('http' => array('method' => 'POST', 'protocol_version' => '1.1', 'header' => array('Host: ' . $_SERVER['SERVER_NAME'] . ($port ? ':' . $port : ''), 'Content-Type: application/x-www-form-urlencoded', 'X-Requested-With: XMLHttpRequest', 'Content-Length: ' . strlen($postData), 'User-Agent: i-MSCP', 'Connection: close'), 'content' => $postData))); stream_context_set_default($contextOptions); # TODO Parse the full response and display error message on authentication failure $headers = get_headers("{$pydioBaseUrl}?secure_token={$secureToken}", true); _client_pydioCreateCookies($headers['Set-Cookie']); redirectTo($pydioBaseUrl); exit; }
function gen_db_list(&$tpl, &$sql, $user_id) { $dmn_id = get_user_domain_id($sql, $user_id); $query = <<<SQL_QUERY select sqld_id, sqld_name from sql_database where domain_id = ? order by sqld_name SQL_QUERY; $rs = exec_query($sql, $query, array($dmn_id)); if ($rs->RecordCount() == 0) { set_page_message(tr('Database list is empty!')); $tpl->assign('DB_LIST', ''); } else { while (!$rs->EOF) { $db_id = $rs->fields['sqld_id']; $db_name = $rs->fields['sqld_name']; gen_db_user_list($tpl, $sql, $db_id); $tpl->assign(array('DB_ID' => "{$db_id}", 'DB_NAME' => "{$db_name}")); $tpl->parse('DB_LIST', '.db_list'); $rs->MoveNext(); } } }
function padd_user(&$tpl, &$sql, &$dmn_id) { if (isset($_POST['uaction']) && $_POST['uaction'] == 'add_user') { // we have user to add if (isset($_POST['username']) && isset($_POST['pass']) && isset($_POST['pass_rep'])) { if (chk_username($_POST['username']) > 0) { set_page_message(tr('Wrong username!')); return; } if (chk_password($_POST['pass']) > 0) { set_page_message(tr('Incorrect password range or syntax!')); return; } if ($_POST['pass'] !== $_POST['pass_rep']) { set_page_message(tr('Passwords does not match!')); return; } $uname = $_POST['username']; $upass = crypt($_POST['pass']); $query = <<<SQL_QUERY select \t\t\tid from htaccess_users where uname = ? \t\t\t and \t\t\t dmn_id = ? SQL_QUERY; $rs = exec_query($sql, $query, array($uname, $dmn_id)); if ($rs->RecordCount() == 0) { $query = <<<SQL_QUERY insert into htaccess_users (dmn_id, uname, upass) values (?, ?, ?) SQL_QUERY; $rs = exec_query($sql, $query, array($dmn_id, $uname, $upass)); $admin_login = $_SESSION['user_logged']; write_log("{$admin_login}: add user (protected areas) -> {$uname}"); header('Location: puser_manage.php'); die; } else { set_page_message(tr('User already exist !')); return; } } } else { return; } }
/** * Check admin current password. * * @access private * @param string $password Admin current password * @return bool TRUE if current password is valid, FALSE otherwise */ function _reseller_checkCurrentPassword($password) { $stmt = exec_query('SELECT `admin_pass` FROM `admin` WHERE `admin_id` = ?', $_SESSION['user_id']); if (!$stmt->rowCount()) { set_page_message(tr('Unable to retrieve your password from the database.'), 'error'); return false; } elseif (cryptPasswordWithSalt($password, $stmt->fields['admin_pass']) !== $stmt->fields['admin_pass']) { return false; } return true; }
function kill_session() { $sql = EasySCP_Registry::get('Db'); if (isset($_GET['kill']) && $_GET['kill'] !== '' && $_GET['kill'] !== $_SESSION['user_logged']) { $admin_name = $_GET['kill']; $query = "\n\t\t\tDELETE FROM\n\t\t\t\t`login`\n\t\t\tWHERE\n\t\t\t\t`session_id` = ?\n\t\t"; exec_query($sql, $query, $admin_name); set_page_message(tr('User session was killed!'), 'info'); write_log($_SESSION['user_logged'] . ": killed user session: {$admin_name}!"); } }
function update_error_page($sql) { if (isset($_POST['uaction']) && $_POST['uaction'] === 'updt_error') { $eid = intval($_POST['eid']); if (in_array($eid, array(401, 402, 403, 404, 500, 503)) && write_error_page($sql, $eid)) { set_page_message(tr('Custom error page was updated!'), 'success'); } else { set_page_message(tr('System error - custom error page was NOT updated!'), 'error'); } } }
/** * Generate page * * @param $tpl iMSCP_pTemplate * @param iMSCP_Plugin_Manager $pluginManager * @param int $resellerId * @param int $customerAdminId * @return void */ function ownddnsSettings($tpl, $pluginManager) { /** @var $cfg iMSCP_Config_Handler_File */ $cfg = iMSCP_Registry::get('config'); $htmlChecked = $cfg->HTML_CHECKED; if (($plugin = $pluginManager->loadPlugin('OwnDDNS', false, false)) !== null) { $pluginConfig = $plugin->getConfig(); } else { set_page_message(tr("Can't load plugin configuration!"), 'error'); redirectTo('index.php'); } if (isset($_REQUEST['action'])) { $action = clean_input($_REQUEST['action']); if ($action === 'change') { $error = false; $max_allowed_accounts = clean_input($_POST['max_allowed_accounts']); $max_accounts_lenght = clean_input($_POST['max_accounts_lenght']); $update_repeat_time = clean_input($_POST['update_repeat_time']); $update_ttl_time = clean_input($_POST['update_ttl_time']); $current_update_ttl_time = clean_input($_POST['current_update_ttl_time']); $debugOwnddns = clean_input($_POST['debug']); $use_base64_encoding = clean_input($_POST['use_base64_encoding']); $account_name_blacklist = explode(';', clean_input($_POST['account_name_blacklist'])); $debugOwnddns = $debugOwnddns == 'yes' ? TRUE : FALSE; $use_base64_encoding = $use_base64_encoding == 'yes' ? TRUE : FALSE; if (!is_numeric($max_allowed_accounts) || !is_numeric($max_accounts_lenght) || !is_numeric($update_repeat_time) || !is_numeric($update_ttl_time)) { set_page_message(tr("Wrong values in your config."), 'error'); $error = true; } if ($update_ttl_time < 60) { set_page_message(tr("Value for dns TTL update time to small (min. 60)."), 'error'); $error = true; } if (!$error) { $configOwnddns = array('debug' => $debugOwnddns, 'use_base64_encoding' => $use_base64_encoding, 'max_allowed_accounts' => $max_allowed_accounts, 'max_accounts_lenght' => $max_accounts_lenght, 'update_repeat_time' => $update_repeat_time, 'update_ttl_time' => $update_ttl_time, 'account_name_blacklist' => $account_name_blacklist); exec_query(' UPDATE `plugin` SET `plugin_config` = ? WHERE `plugin_name` = ? ', array(json_encode($configOwnddns), 'OwnDDNS')); if ($update_ttl_time != $current_update_ttl_time) { removeOwnDDNSDnsEntries(); revokeOwnDDNSDnsEntries($update_ttl_time); } set_page_message(tr('The OwnDDNS settings updated successfully.'), 'success'); } redirectTo('ownddns.php'); } } $tpl->assign(array('OWNDDNS_DEBUG_YES' => $pluginConfig['debug'] === TRUE ? $htmlChecked : '', 'OWNDDNS_DEBUG_NO' => $pluginConfig['debug'] === FALSE ? $htmlChecked : '', 'OWNDDNS_BASE64_YES' => $pluginConfig['use_base64_encoding'] === TRUE ? $htmlChecked : '', 'OWNDDNS_BASE64_NO' => $pluginConfig['use_base64_encoding'] === FALSE ? $htmlChecked : '', 'MAX_ALLOWED_ACCOUNTS' => $pluginConfig['max_allowed_accounts'], 'MAX_ACCOUNTS_LENGHT' => $pluginConfig['max_accounts_lenght'], 'MAX_UPDATE_REPEAT_TIME' => $pluginConfig['update_repeat_time'], 'MAX_UPDATE_TTL_TIME' => $pluginConfig['update_ttl_time'], 'ACCOUNT_NAME_BLACKLIST' => implode(';', $pluginConfig['account_name_blacklist']))); }
/** * Check input data * * @return void */ function reseller_checkData() { $cfg = iMSCP_Registry::get('config'); if (!isset($_POST['dmn_name']) || $_POST['dmn_name'] === '') { set_page_message(tr('Domain name cannot be empty.'), 'error'); return; } $dmnName = clean_input($_POST['dmn_name']); global $dmnNameValidationErrMsg; if (!isValidDomainName($dmnName)) { set_page_message($dmnNameValidationErrMsg, 'error'); return; } // www is considered as an alias of the domain while (strpos($dmnName, 'www.') !== false) { $dmnName = substr($dmnName, 4); } $asciiDmnName = encode_idna($dmnName); if (imscp_domain_exists($asciiDmnName, $_SESSION['user_id']) || $asciiDmnName == $cfg['BASE_SERVER_VHOST']) { set_page_message(tr('Domain %s is unavailable.', "<strong>{$dmnName}</strong>"), 'error'); return; } if ((!isset($_POST['datepicker']) || $_POST['datepicker'] === '') && !isset($_POST['never_expire'])) { set_page_message(tr('Domain expiration date must be filled.'), 'error'); return; } $dmnExpire = isset($_POST['datepicker']) ? @strtotime(clean_input($_POST['datepicker'])) : 0; if ($dmnExpire === false) { set_page_message('Invalid expiration date.', 'error'); return; } $hpId = isset($_POST['dmn_tpl']) ? clean_input($_POST['dmn_tpl']) : 0; $customizeHp = $hpId > 0 && isset($_POST['chtpl']) ? $_POST['chtpl'] : '_no_'; if ($hpId == 0 || $customizeHp == '_yes_') { $_SESSION['dmn_name'] = $asciiDmnName; $_SESSION['dmn_expire'] = $dmnExpire; $_SESSION['dmn_tpl'] = $hpId; $_SESSION['chtpl'] = '_yes_'; $_SESSION['step_one'] = '_yes_'; redirectTo('user_add2.php'); } if (reseller_limits_check($_SESSION['user_id'], $hpId)) { $_SESSION['dmn_name'] = $asciiDmnName; $_SESSION['dmn_expire'] = $dmnExpire; $_SESSION['dmn_tpl'] = $hpId; $_SESSION['chtpl'] = $customizeHp; $_SESSION['step_one'] = '_yes_'; redirectTo('user_add3.php'); } set_page_message(tr('Hosting plan limits exceed reseller limits.'), 'error'); }
function send_backup_restore_request($sql, $user_id) { if (isset($_POST['uaction']) && $_POST['uaction'] === 'bk_restore') { $query = "\n\t\t\tUPDATE\n\t\t\t\t`domain`\n\t\t\tSET\n\t\t\t\t`status` = 'restore'\n\t\t\tWHERE\n\t\t\t\t`domain_admin_id` = ?\n\t\t"; exec_query($sql, $query, $user_id); send_request(); write_log($_SESSION['user_logged'] . ": restore backup files."); set_page_message(tr('Backup archive scheduled for restoring!'), 'success'); } }