/**
* @param $user_id
* @param $eid
* @return bool
*/
function write_error_page($user_id, $eid)
{
$error = $_POST['error'];
$file = '/errors/' . $eid . '.html';
$vfs = new iMSCP_VirtualFileSystem($_SESSION['user_logged']);
return $vfs->put($file, $error);
}
/**
* Generates directories list.
*
* @param iMSCP_pTemplate $tpl Template engine instance
* @return void
*/
function client_generateDirectoriesList($tpl)
{
// Initialize variables
$path = isset($_GET['cur_dir']) ? clean_input($_GET['cur_dir']) : '';
$domain = $_SESSION['user_logged'];
// Create the virtual file system and open it so it can be used
$vfs = new iMSCP_VirtualFileSystem($domain);
// Get the directory listing
$list = $vfs->ls($path);
if (!$list) {
set_page_message(tr('Unable to retrieve directories list for your domain. Please contact your reseller.'), 'error');
$tpl->assign('FTP_CHOOSER', '');
return;
}
// Show parent directory link
$parent = explode('/', $path);
array_pop($parent);
$parent = implode('/', $parent);
$tpl->assign(array('ACTION_LINK' => '', 'ACTION' => '', 'ICON' => 'parent', 'DIR_NAME' => tr('Parent directory'), 'LINK' => "ftp_choose_dir.php?cur_dir={$parent}"));
$tpl->parse('DIR_ITEM', '.dir_item');
// Show directories only
foreach ($list as $entry) {
$directory = $path . '/' . $entry['file'];
if ($entry['type'] != iMSCP_VirtualFileSystem::VFS_TYPE_DIR || ($entry['file'] == '.' || $entry['file'] == '..') || !isAllowedDir(get_user_domain_id($_SESSION['user_id']), $directory)) {
continue;
}
// Create the directory link
$tpl->assign(array('DIR_NAME' => tohtml($entry['file']), 'CHOOSE_IT' => $directory, 'LINK' => 'ftp_choose_dir.php?cur_dir=' . $directory));
$tpl->parse('ACTION_LINK', 'action_link');
$tpl->parse('DIR_ITEM', '.dir_item');
}
}
/**
* Update Ftp account
*
* @param string $userid Ftp userid
* @param string $mainDomainName Main domain name
* @return bool TRUE on success, FALSE on failure
*/
function updateFtpAccount($userid, $mainDomainName)
{
$ret = true;
if (!empty($_POST['password'])) {
if (empty($_POST['password_repeat']) || $_POST['password'] !== $_POST['password_repeat']) {
set_page_message(tr("Passwords do not match."), 'error');
$ret = false;
}
if (!checkPasswordSyntax($_POST['password'])) {
$ret = false;
}
$rawPassword = $_POST['password'];
$password = cryptPasswordWithSalt($rawPassword);
}
if (isset($_POST['home_dir'])) {
$homeDir = clean_input($_POST['home_dir']);
if ($homeDir != '/' && $homeDir != '') {
// Strip possible double-slashes
$homeDir = str_replace('//', '/', $homeDir);
// Check for updirs '..'
if (strpos($homeDir, '..') !== false) {
set_page_message(tr('Invalid home directory.'), 'error');
$ret = false;
}
if ($ret) {
$vfs = new iMSCP_VirtualFileSystem($mainDomainName);
// Check for directory existence
if (!$vfs->exists($homeDir)) {
set_page_message(tr("Home directory '%s' doesn't exist", $homeDir), 'error');
$ret = false;
}
}
}
} else {
showBadRequestErrorPage();
exit;
}
if ($ret) {
iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onBeforeEditFtp, array('ftpUserId' => $userid));
/** @var $cfg iMSCP_Config_Handler_File */
$cfg = iMSCP_Registry::get('config');
$homeDir = rtrim(str_replace('//', '/', $cfg->USER_WEB_DIR . '/' . $mainDomainName . '/' . $homeDir), '/');
if (isset($rawPassword) && isset($password) && isset($homeDir)) {
$query = "UPDATE `ftp_users` SET `passwd` = ?, `rawpasswd` = ?, `homedir` = ? WHERE `userid` = ?";
exec_query($query, array($password, $rawPassword, $homeDir, $userid));
} else {
$query = "UPDATE `ftp_users` SET `homedir` = ? WHERE `userid` = ?";
exec_query($query, array($homeDir, $userid));
}
iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onAfterEditFtp, array('ftpUserId' => $userid));
write_log(sprintf("%s updated Ftp account: %s", $_SESSION['user_logged'], $userid), E_USER_NOTICE);
set_page_message(tr('FTP account successfully updated.'), 'success');
}
return $ret;
}
/**
*
* @param int $domainId Domain unique identifier
* @return mixed
*/
function protect_area($domainId)
{
if (!isset($_POST['uaction']) || $_POST['uaction'] != 'protect_it') {
return;
}
if (!isset($_POST['users']) && !isset($_POST['groups'])) {
set_page_message(tr('Please choose htaccess user or htaccess group.'), 'error');
return;
}
if (empty($_POST['paname'])) {
set_page_message(tr('Please enter a name for the protected area.'), 'error');
return;
}
if (empty($_POST['other_dir'])) {
set_page_message(tr('Please enter protected area path'), 'error');
return;
}
$path = clean_input($_POST['other_dir'], false);
// Cleanup path:
// Adds a slash as a first char of the path if it doesn't exist
// Removes the double slashes
// Remove the trailing slash if it exists
if ($path != '/') {
$clean_path = array();
foreach (explode(DIRECTORY_SEPARATOR, $path) as $dir) {
if ($dir != '') {
$clean_path[] = $dir;
}
}
$path = '/' . implode(DIRECTORY_SEPARATOR, $clean_path);
}
$domain = $_SESSION['user_logged'];
// Check for existing directory
// We need to use the virtual file system
$vfs = new iMSCP_VirtualFileSystem($domain);
$res = $vfs->exists($path);
if (!$res) {
set_page_message(tr("%s doesn't exist", $path), 'error');
return;
}
$ptype = $_POST['ptype'];
if (isset($_POST['users'])) {
$users = $_POST['users'];
}
if (isset($_POST['groups'])) {
$groups = $_POST['groups'];
}
$area_name = $_POST['paname'];
$user_id = '';
$group_id = '';
if ($ptype == 'user') {
for ($i = 0, $cnt_users = count($users); $i < $cnt_users; $i++) {
if ($cnt_users == 1 || $cnt_users == $i + 1) {
$user_id .= $users[$i];
if ($user_id == '-1' || $user_id == '') {
set_page_message(tr('You cannot protect an area without selected htaccess user(s).'), 'error');
return;
}
} else {
$user_id .= $users[$i] . ',';
}
}
$group_id = 0;
} else {
for ($i = 0, $cnt_groups = count($groups); $i < $cnt_groups; $i++) {
if ($cnt_groups == 1 || $cnt_groups == $i + 1) {
$group_id .= $groups[$i];
if ($group_id == '-1' || $group_id == '') {
set_page_message(tr('You cannot protect an area without selected htaccess group(s).'), 'error');
return;
}
} else {
$group_id .= $groups[$i] . ',';
}
}
$user_id = 0;
}
// let's check if we have to update or to make new enrie
$alt_path = $path . "/";
$query = "\n\t\tSELECT\n\t\t\t`id`\n\t\tFROM\n\t\t\t`htaccess`\n\t\tWHERE\n\t\t\t`dmn_id` = ?\n\t\tAND\n\t\t\t(`path` = ? OR `path` = ?)\n\t";
$rs = exec_query($query, array($domainId, $path, $alt_path));
$toadd_status = 'toadd';
$tochange_status = 'tochange';
if ($rs->rowCount() !== 0) {
$update_id = $rs->fields['id'];
$query = "\n\t\t\tUPDATE\n\t\t\t\t`htaccess`\n\t\t\tSET\n\t\t\t\t`user_id` = ?, `group_id` = ?, `auth_name` = ?, `path` = ?,\n\t\t\t\t`status` = ?\n\t\t\tWHERE\n\t\t\t\t`id` = ?;\n ";
exec_query($query, array($user_id, $group_id, $area_name, $path, $tochange_status, $update_id));
send_request();
set_page_message(tr('Protected area successfully scheduled for update.'), 'success');
} else {
$query = "\n\t\t\tINSERT INTO `htaccess` (\n\t\t\t `dmn_id`, `user_id`, `group_id`, `auth_type`, `auth_name`, `path`,\n\t\t\t `status`\n ) VALUES (\n\t\t\t ?, ?, ?, ?, ?, ?, ?\n\t\t\t)\n\t\t";
exec_query($query, array($domainId, $user_id, $group_id, 'Basic', $area_name, $path, $toadd_status));
send_request();
set_page_message(tr('Protected area successfully scheduled for addition.'), 'success');
}
redirectTo('protected_areas.php');
}
if ($stmt->rowCount()) {
$row = $stmt->fetchRow(PDO::FETCH_ASSOC);
$targetBasePath = $row['mpoint'];
} else {
showBadRequestErrorPage();
exit;
}
} else {
$targetBasePath = '';
}
$targetPathReg = '%^' . quotemeta($targetBasePath . '/htdocs') . '(?:/.*)?$%';
if (!preg_match($targetPathReg, $otherDir)) {
set_page_message(tr("You can't install the software outside the htdocs directory of the selected domain."), 'error');
$error = true;
} else {
$vfs = new iMSCP_VirtualFileSystem($domainProps['domain_name']);
if (!$vfs->exists($otherDir, 'd')) {
set_page_message(tr("The directory %s doesn't exists. Please create that directory using your file manager.", $otherDir), 'error');
$error = true;
} else {
$stmt = exec_query('
SELECT
software_name, software_version
FROM
web_software_inst
WHERE
domain_id = ?
AND
path = ?
', array($domainId, $otherDir));
if ($stmt->rowCount()) {
/**
* Add Ftp account
*
* @throws iMSCP_Exception_Database
* @param string $mainDmnName Customer main domain
* @return bool TRUE on success, FALSE otherwise
*/
function ftp_addAccount($mainDmnName)
{
$ret = true;
if (isset($_POST['domain_type']) && isset($_POST['username']) && isset($_POST['domain_name']) && isset($_POST['password']) && isset($_POST['password_repeat']) && isset($_POST['home_dir'])) {
$username = clean_input($_POST['username']);
$dmnName = clean_input($_POST['domain_name']);
$passwd = clean_input($_POST['password']);
$passwdRepeat = clean_input($_POST['password_repeat']);
$homeDir = clean_input($_POST['home_dir']);
if (!validates_username($username)) {
set_page_message(tr("Incorrect username length or syntax."), 'error');
$ret = false;
}
if ($passwd !== $passwdRepeat) {
set_page_message(tr("Passwords do not match"), 'error');
$ret = false;
} elseif (!checkPasswordSyntax($passwd)) {
$ret = false;
}
// Check for home directory existence
if ($homeDir != '/' && $homeDir != '') {
// Strip possible double-slashes
$homeDir = str_replace('//', '/', $homeDir);
// Check for updirs '..'
if (strpos($homeDir, '..') !== false) {
set_page_message(tr('Invalid home directory.'), 'error');
$ret = false;
}
if ($ret) {
$vfs = new iMSCP_VirtualFileSystem($mainDmnName);
if (!$vfs->exists($homeDir)) {
set_page_message(tr("Home directory '%s' doesn't exist", $homeDir), 'error');
$ret = false;
}
}
}
if ($ret) {
// Check that the customer is the owner of the domain for which the ftp Account is added
if (!customerHasDomain($dmnName, $_SESSION['user_id'])) {
showBadRequestErrorPage();
}
/** @var $cfg iMSCP_Config_Handler_File */
$cfg = iMSCP_Registry::get('config');
$userid = $username . '@' . decode_idna($dmnName);
$encryptedPassword = cryptPasswordWithSalt($passwd);
$shell = '/bin/sh';
$homeDir = rtrim(str_replace('//', '/', $cfg->USER_WEB_DIR . '/' . $mainDmnName . '/' . $homeDir), '/');
// Retrieve customer uid/gid
$query = '
SELECT
`t1`.`admin_name`, `t1`.`admin_sys_uid`, `t1`.`admin_sys_gid`, `t2`.`domain_disk_limit`,
count(`t3`.`name`) AS `quota_entry`
FROM
`admin` AS `t1`
LEFT JOIN
`domain` AS `t2` ON (`t2`.`domain_admin_id` = `t1`.`admin_id` )
LEFT JOIN
`quotalimits` AS `t3` ON (`t3`.`name` = `t1`.`admin_name` )
WHERE
`t1`.`admin_id` = ?
';
$stmt = exec_query($query, $_SESSION['user_id']);
$groupName = $stmt->fields['admin_name'];
$uid = $stmt->fields['admin_sys_uid'];
$gid = $stmt->fields['admin_sys_gid'];
$diskspaceLimit = $stmt->fields['domain_disk_limit'];
$quotaEntriesExist = $stmt->fields['quota_entry'] ? true : false;
iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onBeforeAddFtp, array('ftpUserId' => $userid, 'ftpPassword' => $encryptedPassword, 'ftpRawPassword' => $passwd, 'ftpUserUid' => $uid, 'ftpUserGid' => $gid, 'ftpUserShell' => $shell, 'ftpUserHome' => $homeDir));
/** @var $db iMSCP_Database */
$db = iMSCP_Database::getInstance();
try {
$db->beginTransaction();
// Add ftp user
$query = "\n\t\t\t\t\tINSERT INTO `ftp_users` (\n\t\t\t\t\t\t`userid`, `admin_id`, `passwd`, `rawpasswd`, `uid`, `gid`, `shell`, `homedir`\n\t\t\t\t\t) VALUES (\n\t\t\t\t\t\t?, ?, ?, ?, ?, ?, ?, ?\n\t\t\t\t\t)\n\t\t\t\t";
exec_query($query, array($userid, $_SESSION['user_id'], $encryptedPassword, $passwd, $uid, $gid, $shell, $homeDir));
$query = "SELECT `members` FROM `ftp_group` WHERE `groupname` = ? LIMIT 1";
$stmt = exec_query($query, $groupName);
// Ftp group
if (!$stmt->rowCount()) {
$query = "INSERT INTO `ftp_group` (`groupname`, `gid`, `members`) VALUES (?, ?, ?)";
exec_query($query, array($groupName, $gid, $userid));
} else {
$query = "UPDATE `ftp_group` SET `members` = ? WHERE `groupname` = ?";
exec_query($query, array("{$stmt->fields['members']},{$userid}", $groupName));
}
// Quota limit
if (!$quotaEntriesExist) {
$query = "\n\t\t\t\t\t\tINSERT INTO `quotalimits` (\n\t\t\t\t\t\t\t`name`, `quota_type`, `per_session`, `limit_type`, `bytes_in_avail`, `bytes_out_avail`,\n\t\t\t\t\t\t\t`bytes_xfer_avail`, `files_in_avail`, `files_out_avail`, `files_xfer_avail`\n\t\t\t\t\t\t) VALUES (\n\t\t\t\t\t\t\t?, ?, ?, ?, ?, ?, ?, ?, ?, ?\n\t\t\t\t\t\t)\n\t\t\t\t\t";
exec_query($query, array($groupName, 'group', 'false', 'hard', $diskspaceLimit * 1024 * 1024, 0, 0, 0, 0, 0));
}
$db->commit();
} catch (iMSCP_Exception_Database $e) {
$db->rollBack();
if ($e->getCode() == 23000) {
set_page_message(tr('Ftp account with same username already exists.'), 'error');
$ret = false;
} else {
throw $e;
}
}
if ($ret) {
iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onAfterAddFtp, array('ftpUserId' => $userid, 'ftpPassword' => $encryptedPassword, 'ftpRawPassword' => $passwd, 'ftpUserUid' => $uid, 'ftpUserGid' => $gid, 'ftpUserShell' => $shell, 'ftpUserHome' => $homeDir));
write_log(sprintf("%s added Ftp account: %s", $_SESSION['user_logged'], $userid), E_USER_NOTICE);
set_page_message(tr('FTP account successfully added.'), 'success');
}
}
} else {
showBadRequestErrorPage();
}
return $ret;
}