static function doUpdateConfig()
{
global $zdbh;
global $controller;
runtime_csfr::Protect();
$sql = "SELECT * FROM x_settings WHERE so_module_vc=:name AND so_usereditable_en = 'true'";
//$numrows = $zdbh->query($sql);
$name = ui_module::GetModuleName();
$numrows = $zdbh->prepare($sql);
$numrows->bindParam(':name', $name);
$numrows->execute();
if ($numrows->fetchColumn() != 0) {
$sql = $zdbh->prepare($sql);
$sql->bindParam(':name', $name);
$sql->execute();
while ($row = $sql->fetch()) {
if (!fs_director::CheckForEmptyValue($controller->GetControllerRequest('FORM', $row['so_name_vc']))) {
$updatesql = $zdbh->prepare("UPDATE x_settings SET so_value_tx = :name2 WHERE so_name_vc = :so_name_vc");
$name2 = $controller->GetControllerRequest('FORM', $row['so_name_vc']);
$updatesql->bindParam(':name2', $name2);
$updatesql->bindParam(':so_name_vc', $row['so_name_vc']);
$updatesql->execute();
}
}
}
self::$ok = true;
}
static function doUpdateMessage()
{
global $controller;
runtime_csfr::Protect();
$currentuser = ctrl_users::GetUserDetail();
$formvars = $controller->GetAllControllerRequests('FORM');
self::ExectuteUpdateNotice($currentuser['userid'], $formvars['inNotice']);
header("location: ./?module=" . $controller->GetCurrentModule() . "&saved=true");
exit;
}
static function doShowStats()
{
global $controller;
runtime_csfr::Protect();
$formvars = $controller->GetAllControllerRequests('FORM');
if (isset($formvars['inDomain'])) {
header("location: ./?module=" . $controller->GetCurrentModule() . "&show=true&domain=" . $formvars['inDomain'] . "");
exit;
} else {
return false;
}
}
static function doUpdatePassword()
{
global $zdbh;
global $controller;
runtime_csfr::Protect();
$currentuser = ctrl_users::GetUserDetail();
$current_pass = $controller->GetControllerRequest('FORM', 'inCurPass');
$newpass = $controller->GetControllerRequest('FORM', 'inNewPass');
$conpass = $controller->GetControllerRequest('FORM', 'inConPass');
$crypto = new runtime_hash();
$crypto->SetPassword($newpass);
$randomsalt = $crypto->RandomSalt();
$crypto->SetSalt($randomsalt);
$new_secure_password = $crypto->CryptParts($crypto->Crypt())->Hash;
$sql = $zdbh->prepare("SELECT ac_pass_vc, ac_passsalt_vc FROM x_accounts WHERE ac_id_pk= :uid");
$sql->bindParam(':uid', $currentuser['userid']);
$sql->execute();
$result = $sql->fetch();
$userpasshash = new runtime_hash();
$userpasshash->SetPassword($current_pass);
$userpasshash->SetSalt($result['ac_passsalt_vc']);
$current_secure_password = $userpasshash->CryptParts($userpasshash->Crypt())->Hash;
if (fs_director::CheckForEmptyValue($newpass)) {
// Current password is blank!
self::$error = "error";
} elseif ($current_secure_password != $result['ac_pass_vc']) {
// Current password does not match!
self::$error = "nomatch";
} else {
if ($newpass == $conpass) {
// Check for password length...
if (strlen($newpass) < ctrl_options::GetSystemOption('password_minlength')) {
self::$badpassword = true;
return false;
}
// Check that the new password matches the confirmation box.
$sql = $zdbh->prepare("UPDATE x_accounts SET ac_pass_vc=:new_secure_password, ac_passsalt_vc= :randomsalt WHERE ac_id_pk=:userid");
$sql->bindParam(':randomsalt', $randomsalt);
$sql->bindParam(':new_secure_password', $new_secure_password);
$sql->bindParam(':userid', $currentuser['userid']);
$sql->execute();
self::$error = "ok";
} else {
self::$error = "error";
}
}
}
static function doUpdateAccountSettings()
{
global $zdbh;
global $controller;
runtime_csfr::Protect();
$currentuser = ctrl_users::GetUserDetail();
$userid = $currentuser['userid'];
$email = $controller->GetControllerRequest('FORM', 'inEmail');
$fullname = $controller->GetControllerRequest('FORM', 'inFullname');
$language = $controller->GetControllerRequest('FORM', 'inLanguage');
$phone = $controller->GetControllerRequest('FORM', 'inPhone');
$address = $controller->GetControllerRequest('FORM', 'inAddress');
$postalCode = $controller->GetControllerRequest('FORM', 'inPostalCode');
if (!fs_director::CheckForEmptyValue(self::ExecuteUpdateAccountSettings($userid, $email, $fullname, $language, $phone, $address, $postalCode))) {
runtime_hook::Execute('OnAfterUpdateMyAccount');
self::$ok = true;
}
}
static function doShadowUser()
{
global $zdbh;
global $controller;
runtime_csfr::Protect();
$currentuser = ctrl_users::GetUserDetail();
if ($currentuser['username'] == 'zadmin') {
$sql = "SELECT * FROM x_accounts WHERE ac_deleted_ts IS NULL ORDER BY ac_user_vc";
$numrows = $zdbh->prepare($sql);
} else {
$sql = "SELECT * FROM x_accounts WHERE ac_reseller_fk = :userid AND ac_deleted_ts IS NULL";
$numrows = $zdbh->prepare($sql);
$numrows->bindParam(':userid', $currentuser['userid']);
}
if ($numrows->execute()) {
if ($numrows->fetchColumn() != 0) {
$sql = $zdbh->prepare($sql);
if ($currentuser['username'] == 'zadmin') {
//no bind needed
} else {
//bind the username
$sql->bindParam(':userid', $currentuser['userid']);
}
$sql->execute();
while ($rowclients = $sql->fetch()) {
if (!fs_director::CheckForEmptyValue($controller->GetControllerRequest('FORM', 'inShadow_' . $rowclients['ac_id_pk']))) {
ctrl_auth::KillCookies();
ctrl_auth::SetSession('ruid', $currentuser['userid']);
ctrl_auth::SetUserSession($rowclients['ac_id_pk'], runtime_sessionsecurity::getSessionSecurityEnabled());
header("location: /");
exit;
}
}
}
}
}
static function getCSFR_Tag()
{
return runtime_csfr::Token();
}
static function doSaveVhost()
{
global $zdbh;
global $controller;
runtime_csfr::Protect();
$port = $controller->GetControllerRequest('FORM', 'vh_custom_port_in');
if (empty($port)) {
$port = NULL;
} else {
$port = $controller->GetControllerRequest('FORM', 'vh_custom_port_in');
}
$ip = $controller->GetControllerRequest('FORM', 'vh_custom_ip_vc');
if (empty($ip)) {
$ip = NULL;
} else {
$ip = $controller->GetControllerRequest('FORM', 'vh_custom_ip_vc');
}
$sql = $zdbh->prepare("UPDATE x_vhosts SET\n\t\t\tvh_enabled_in = ?,\n\t\t\tvh_suhosin_in = ?,\n\t\t\tvh_obasedir_in = ?,\n\t\t\tvh_custom_port_in = ?,\n vh_portforward_in = ?,\n vh_custom_ip_vc = ?,\n\t\t\tvh_custom_tx = ?\n\t\t\tWHERE\n\t\t\tvh_id_pk = ?\n\t\t\tAND vh_deleted_ts IS NULL");
$sql->execute(array(fs_director::GetCheckboxValue($controller->GetControllerRequest('FORM', 'vh_enabled_in')), fs_director::GetCheckboxValue($controller->GetControllerRequest('FORM', 'vh_suhosin_in')), fs_director::GetCheckboxValue($controller->GetControllerRequest('FORM', 'vh_obasedir_in')), $port, fs_director::GetCheckboxValue($controller->GetControllerRequest('FORM', 'vh_portforward_in')), $ip, $controller->GetControllerRequest('FORM', 'vh_custom_tx'), $controller->GetControllerRequest('FORM', 'vh_id_pk')));
self::SetWriteApacheConfigTrue();
self::$ok = true;
return true;
}
static function doUpdateClient()
{
global $controller;
runtime_csfr::Protect();
$currentuser = ctrl_users::GetUserDetail();
$formvars = $controller->GetAllControllerRequests('FORM');
if (self::ExecuteUpdateClient($formvars['inClientID'], $formvars['inPackage'], $formvars['inEnabled'], $formvars['inGroup'], $formvars['inFullName'], $formvars['inEmailAddress'], $formvars['inAddress'], $formvars['inPostCode'], $formvars['inPhone'], $formvars['inNewPassword'])) {
return true;
}
return false;
}
static function doDeleteCron()
{
global $zdbh;
global $controller;
runtime_csfr::Protect();
$currentuser = ctrl_users::GetUserDetail();
$sql = "SELECT COUNT(*) FROM x_cronjobs WHERE ct_acc_fk=:userid AND ct_deleted_ts IS NULL";
$numrows = $zdbh->prepare($sql);
$numrows->bindParam(':userid', $currentuser['userid']);
if ($numrows->execute()) {
if ($numrows->fetchColumn() != 0) {
$sql = $zdbh->prepare("SELECT * FROM x_cronjobs WHERE ct_acc_fk=:userid AND ct_deleted_ts IS NULL");
$sql->bindParam(':userid', $currentuser['userid']);
$sql->execute();
while ($rowcrons = $sql->fetch()) {
if (!fs_director::CheckForEmptyValue($controller->GetControllerRequest('FORM', 'inDelete_' . $rowcrons['ct_id_pk'] . ''))) {
$sql2 = $zdbh->prepare("UPDATE x_cronjobs SET ct_deleted_ts=:time WHERE ct_id_pk=:cronid");
$sql2->bindParam(':cronid', $rowcrons['ct_id_pk']);
$sql2->bindParam(':time', time());
$sql2->execute();
(new Cronfile())->writeToFile();
self::$ok = TRUE;
return;
}
}
}
}
self::$error = TRUE;
return;
}
/**
* Accepts Admin settings form
* @return null
*/
static function doUpdateSettings()
{
global $controller;
runtime_csfr::Protect();
$form = $controller->GetAllControllerRequests('FORM');
if (!isset($form['inAdminSettings'])) {
return false;
}
ctrl_options::SetSystemOption('whmcs_sendemail_bo', $form['SendEmail']);
ctrl_options::SetSystemOption('whmcs_link', $form['Link']);
self::$Results[] = ui_sysmessage::shout('Settings updated!', 'alert-success');
}
static function doUpdateGroup()
{
global $controller;
runtime_csfr::Protect();
$formvars = $controller->GetAllControllerRequests('FORM');
if (self::ExectuteUpdateGroup($formvars['inGroupID'], $formvars['inGroupName'], $formvars['inDesc'])) {
return true;
}
return false;
}
static function doAddFaq()
{
global $controller;
runtime_csfr::Protect();
$currentuser = ctrl_users::GetUserDetail();
if (!fs_director::CheckForEmptyValue($controller->GetControllerRequest('FORM', 'inAdd'))) {
$question = $controller->GetControllerRequest('FORM', 'question');
$answer = $controller->GetControllerRequest('FORM', 'answer');
$userid = $currentuser['userid'];
if ($currentuser['usergroup'] == "Administrators") {
$global = 1;
} else {
$global = 0;
}
self::ExecuteAddFaq($question, $answer, $userid, $global);
}
}
static function doDeletePackage()
{
global $controller;
runtime_csfr::Protect();
$formvars = $controller->GetAllControllerRequests('FORM');
if (self::ExecuteDeletePackage($formvars['inPackageID'], $formvars['inMovePackage'])) {
return true;
}
return false;
}
static function doDeleteUser()
{
global $controller;
runtime_csfr::Protect();
$id = self::getId();
$userId = self::getUserId();
$file = self::fetchFile($id);
if (!self::hasFlashErrors()) {
self::deleteUser($userId);
}
if (!self::hasFlashErrors()) {
self::deleteMapper($id, $userId);
}
if (!self::hasFlashErrors()) {
self::writePasswdUsers($file);
}
if (!self::hasFlashErrors()) {
header("location: ./?module=" . $controller->GetCurrentModule() . "&control=EditProtection&id=" . $id);
}
}
static function doAddDistList()
{
global $controller;
runtime_csfr::Protect();
$currentuser = ctrl_users::GetUserDetail();
$formvars = $controller->GetAllControllerRequests('FORM');
return self::ExecuteAddDistList($currentuser['userid'], $formvars['inAddress'], $formvars['inDomain']);
}
static function doConfirmDeleteDomain()
{
global $controller;
runtime_csfr::Protect();
$currentuser = ctrl_users::GetUserDetail();
$formvars = $controller->GetAllControllerRequests('FORM');
foreach (self::ListDomains($currentuser['userid']) as $row) {
if (isset($formvars['inDelete_' . $row['id'] . ''])) {
header("location: ./?module=" . $controller->GetCurrentModule() . "&show=Delete&id=" . $row['id'] . "&domain=" . $row['name'] . "");
exit;
}
}
return false;
}
static function doDeleteBackup()
{
global $zdbh;
global $controller;
runtime_csfr::Protect();
$currentuser = ctrl_users::GetUserDetail();
$userid = $currentuser['userid'];
$username = $currentuser['username'];
$files = self::ListBackUps($userid);
//print_r($_POST);
foreach ($files as $file) {
if (!fs_director::CheckForEmptyValue($controller->GetControllerRequest('FORM', 'inDelete_' . $file['backupfile'] . '')) || !fs_director::CheckForEmptyValue($controller->GetControllerRequest('FORM', 'inDelete_' . $file['backupfile'] . '_x')) || !fs_director::CheckForEmptyValue($controller->GetControllerRequest('FORM', 'inDelete_' . $file['backupfile'] . '_y'))) {
self::ExecuteDeleteBackup($username, $file['backupfile']);
self::$deleteok = true;
}
}
}
static function doConfirmDeleteForwarder()
{
global $controller;
runtime_csfr::Protect();
$formvars = $controller->GetAllControllerRequests('FORM');
return self::ExecuteDeleteForwarder($formvars['inDelete']);
}
static function doForceDaemon()
{
global $zdbh;
global $controller;
runtime_csfr::Protect();
$formvars = $controller->GetAllControllerRequests('FORM');
if (isset($formvars['inForceFull'])) {
$sql = $zdbh->prepare("UPDATE x_settings set so_value_tx = '0' WHERE so_name_vc = 'daemon_lastrun'");
$sql->execute();
$sql = $zdbh->prepare("UPDATE x_settings set so_value_tx = '0' WHERE so_name_vc = 'daemon_dayrun'");
$sql->execute();
$sql = $zdbh->prepare("UPDATE x_settings set so_value_tx = '0' WHERE so_name_vc = 'daemon_weekrun'");
$sql->execute();
$sql = $zdbh->prepare("UPDATE x_settings set so_value_tx = '0' WHERE so_name_vc = 'daemon_monthrun'");
$sql->execute();
}
self::$ok = true;
}
static function doEditFTP()
{
global $controller;
runtime_csfr::Protect();
$currentuser = ctrl_users::GetUserDetail();
$formvars = $controller->GetAllControllerRequests('FORM');
foreach (self::ListClients($currentuser['userid']) as $row) {
if (isset($formvars['inDelete_' . $row['id'] . ''])) {
header("location: ./?module=" . $controller->GetCurrentModule() . "&show=Delete&other=" . $row['id']);
exit;
}
if (isset($formvars['inReset_' . $row['id'] . ''])) {
header("location: ./?module=" . $controller->GetCurrentModule() . "&show=Edit&other=" . $row['id']);
exit;
}
}
return;
}
static function doResetPW()
{
global $controller;
runtime_csfr::Protect();
$formvars = $controller->GetAllControllerRequests('FORM');
if (self::ExecuteResetPassword($formvars['inUser'], $formvars['inResetPW'])) {
return true;
}
return false;
}
if ($result) {
$sql = $zdbh->prepare("UPDATE x_accounts SET ac_resethash_tx = '', ac_pass_vc = :password, ac_passsalt_vc = :salt WHERE ac_id_pk = :uid");
$sql->bindParam(':password', $secure_password);
$sql->bindParam(':salt', $randomsalt);
$sql->bindParam(':uid', $result['ac_id_pk']);
$sql->execute();
runtime_hook::Execute('OnSuccessfulPasswordReset');
} else {
runtime_hook::Execute('OnFailedPasswordReset');
}
header("location: ./?passwordreset");
exit;
}
if (isset($_POST['inUsername'])) {
if (ctrl_options::GetSystemOption('login_csfr') == 'false') {
runtime_csfr::Protect();
}
$rememberdetails = isset($_POST['inRemember']);
$inSessionSecuirty = isset($_POST['inSessionSecuirty']);
$sql = $zdbh->prepare("SELECT ac_passsalt_vc FROM x_accounts WHERE ac_user_vc = :username AND ac_deleted_ts IS NULL");
$sql->bindParam(':username', $_POST['inUsername']);
$sql->execute();
$result = $sql->fetch();
$crypto = new runtime_hash();
$crypto->SetPassword($_POST['inPassword']);
$crypto->SetSalt($result['ac_passsalt_vc']);
$secure_password = $crypto->CryptParts($crypto->Crypt())->Hash;
if (!ctrl_auth::Authenticate($_POST['inUsername'], $secure_password, $rememberdetails, false, $inSessionSecuirty)) {
header("location: ./?invalidlogin");
exit;
}
static function doConfirmDeleteAlias()
{
global $controller;
runtime_csfr::Protect();
$formvars = $controller->GetAllControllerRequests('FORM');
if (self::ExecuteDeleteAlias($formvars['inDelete'])) {
return true;
}
return false;
}
static function doCreateDefaultRecords()
{
global $zdbh;
global $controller;
runtime_csfr::Protect();
$domainID = $controller->GetControllerRequest('FORM', 'inDomain');
$numrows = $zdbh->prepare('SELECT * FROM x_vhosts WHERE vh_id_pk=:domainID AND vh_type_in !=2 AND vh_deleted_ts IS NULL');
$numrows->bindParam(':domainID', $domainID);
$numrows->execute();
$domainName = $numrows->fetch();
$domainName = $domainName['vh_name_vc'];
$userID = $controller->GetControllerRequest('FORM', 'inUserID');
if (!fs_director::CheckForEmptyValue(ctrl_options::GetSystemOption('server_ip'))) {
$targetIP = ctrl_options::GetSystemOption('server_ip');
} else {
$targetIP = $_SERVER["SERVER_ADDR"];
//This needs checking on windows 7 we may need to use LOCAL_ADDR :- Sam Mottley
}
//Get list of DNS rows to create
$RowCount = $zdbh->prepare('SELECT count(*) FROM x_dns_create WHERE dc_acc_fk=:userId');
$RowCount->bindparam(':userId', $userID);
$RowCount->execute();
if ($RowCount->fetchColumn() > 0) {
//The current user have specifics entries, use them only
$CreateList = $zdbh->prepare('SELECT * FROM x_dns_create WHERE dc_acc_fk=:userId');
$CreateList->bindparam(':userId', $userID);
$CreateList->execute();
} else {
//no entry specific to this user is present, use default entries (user number = 0)
$CreateList = $zdbh->query('SELECT * FROM x_dns_create WHERE dc_acc_fk=0');
}
while ($CreateItem = $CreateList->fetch()) {
$Target = str_replace(':IP:', $targetIP, $CreateItem['dc_target_vc']);
$Target = str_replace(':DOMAIN:', $domainName, $Target);
$Row = array('uid' => $userID, 'domainName' => $domainName, 'domainID' => $domainID, 'type' => $CreateItem['dc_type_vc'], 'hostName' => $CreateItem['dc_host_vc'], 'ttl' => $CreateItem['dc_ttl_in'], 'target' => $Target);
if (!empty($CreateItem['dc_priority_in'])) {
$Row['priority'] = $CreateItem['dc_priority_in'];
}
if (!empty($CreateItem['dc_weight_in'])) {
$Row['weight'] = $CreateItem['dc_weight_in'];
}
if (!empty($CreateItem['dc_port_in'])) {
$Row['port'] = $CreateItem['dc_port_in'];
}
self::createDNSRecord($Row);
}
self::$editdomain = $domainID;
return;
}
static function doUpdateSettings()
{
global $controller;
runtime_csfr::Protect();
$form = $controller->GetAllControllerRequests('FORM');
if (!isset($form['inAdminSettings'])) {
return false;
}
if (!self::getIsAdmin()) {
return false;
}
ctrl_options::SetSystemOption('whmcs_sendemail_bo', $form['SendEmail']);
ctrl_options::SetSystemOption('whmcs_reseller_view_api', $form['ResellerViewAPI']);
ctrl_options::SetSystemOption('whmcs_link', $form['Link']);
self::$Results[] = ui_sysmessage::shout(ui_language::translate("Changes to your settings have been saved successfully!"));
}
