function update_password()
{
$cfg = EasySCP_Registry::get('Config');
$sql = EasySCP_Registry::get('Db');
if (isset($_POST['uaction']) && $_POST['uaction'] === 'updt_pass') {
if (empty($_POST['pass']) || empty($_POST['pass_rep']) || empty($_POST['curr_pass'])) {
set_page_message(tr('Please fill up all data fields!'), 'warning');
} else {
if (!chk_password($_POST['pass'])) {
if ($cfg->PASSWD_STRONG) {
set_page_message(sprintf(tr('The password must be at least %s chars long and contain letters and numbers to be valid.'), $cfg->PASSWD_CHARS), 'warning');
} else {
set_page_message(sprintf(tr('Password data is shorter than %s signs or includes not permitted signs!'), $cfg->PASSWD_CHARS), 'warning');
}
} else {
if ($_POST['pass'] !== $_POST['pass_rep']) {
set_page_message(tr('Passwords do not match!'), 'warning');
} else {
if (check_udata($_SESSION['user_id'], $_POST['curr_pass']) === false) {
set_page_message(tr('The current password is wrong!'), 'warning');
} else {
$upass = crypt_user_pass($_POST['pass']);
$_SESSION['user_pass'] = $upass;
$user_id = $_SESSION['user_id'];
$query = "\n\t\t\t\tUPDATE\n\t\t\t\t\t`admin`\n\t\t\t\tSET\n\t\t\t\t\t`admin_pass` = ?\n\t\t\t\tWHERE\n\t\t\t\t\t`admin_id` = ?\n\t\t\t";
exec_query($sql, $query, array($upass, $user_id));
set_page_message(tr('User password updated successfully!'), 'success');
}
}
}
}
}
}
function pedit_user($tpl, $sql, &$dmn_id, &$uuser_id)
{
$cfg = EasySCP_Registry::get('Config');
if (isset($_POST['uaction']) && $_POST['uaction'] == 'modify_user') {
// we have to add the user
if (isset($_POST['pass']) && isset($_POST['pass_rep'])) {
if (!chk_password($_POST['pass'])) {
if ($cfg->PASSWD_STRONG) {
set_page_message(sprintf(tr('The password must be at least %s chars long and contain letters and numbers to be valid.'), $cfg->PASSWD_CHARS), 'warning');
} else {
set_page_message(sprintf(tr('Password data is shorter than %s signs or includes not permitted signs!'), $cfg->PASSWD_CHARS), 'warning');
}
return;
}
if ($_POST['pass'] !== $_POST['pass_rep']) {
set_page_message(tr('Passwords do not match!'), 'warning');
return;
}
$nadmin_password = crypt_user_pass_with_salt($_POST['pass']);
$change_status = $cfg->ITEM_CHANGE_STATUS;
$query = "\n\t\t\t\tUPDATE\n\t\t\t\t\t`htaccess_users`\n\t\t\t\tSET\n\t\t\t\t\t`upass` = ?,\n\t\t\t\t\t`status` = ?\n\t\t\t\tWHERE\n\t\t\t\t\t`dmn_id` = ?\n\t\t\t\tAND\n\t\t\t\t\t`id` = ?\n\t\t\t";
exec_query($sql, $query, array($nadmin_password, $change_status, $dmn_id, $uuser_id));
send_request();
$query = "\n\t\t\t\tSELECT\n\t\t\t\t\t`uname`\n\t\t\t\tFROM\n\t\t\t\t\t`htaccess_users`\n\t\t\t\tWHERE\n\t\t\t\t\t`dmn_id` = ?\n\t\t\t\tAND\n\t\t\t\t\t`id` = ?\n\t\t\t";
$rs = exec_query($sql, $query, array($dmn_id, $uuser_id));
$uname = $rs->fields['uname'];
$admin_login = $_SESSION['user_logged'];
write_log("{$admin_login}: modify user ID (protected areas): {$uname}");
user_goto('protected_user_manage.php');
}
} else {
return;
}
}
function padd_user(&$tpl, &$sql, &$dmn_id)
{
if (isset($_POST['uaction']) && $_POST['uaction'] == 'add_user') {
// we have user to add
if (isset($_POST['username']) && isset($_POST['pass']) && isset($_POST['pass_rep'])) {
if (chk_username($_POST['username']) > 0) {
set_page_message(tr('Wrong username!'));
return;
}
if (chk_password($_POST['pass']) > 0) {
set_page_message(tr('Incorrect password range or syntax!'));
return;
}
if ($_POST['pass'] !== $_POST['pass_rep']) {
set_page_message(tr('Passwords does not match!'));
return;
}
$uname = $_POST['username'];
$upass = crypt($_POST['pass']);
$query = <<<SQL_QUERY
select
\t\t\tid
from
htaccess_users
where
uname = ?
\t\t\t and
\t\t\t dmn_id = ?
SQL_QUERY;
$rs = exec_query($sql, $query, array($uname, $dmn_id));
if ($rs->RecordCount() == 0) {
$query = <<<SQL_QUERY
insert into htaccess_users
(dmn_id, uname, upass)
values
(?, ?, ?)
SQL_QUERY;
$rs = exec_query($sql, $query, array($dmn_id, $uname, $upass));
$admin_login = $_SESSION['user_logged'];
write_log("{$admin_login}: add user (protected areas) -> {$uname}");
header('Location: puser_manage.php');
die;
} else {
set_page_message(tr('User already exist !'));
return;
}
}
} else {
return;
}
}
function change_sql_user_pass($sql, $db_user_id, $db_user_name)
{
$cfg = EasySCP_Registry::get('Config');
if (!isset($_POST['uaction'])) {
return;
}
if ($_POST['pass'] === '' && $_POST['pass_rep'] === '') {
set_page_message(tr('Please specify user password!'), 'warning');
return;
}
if ($_POST['pass'] !== $_POST['pass_rep']) {
set_page_message(tr('Entered passwords do not match!'), 'warning');
return;
}
if (strlen($_POST['pass']) > $cfg->MAX_SQL_PASS_LENGTH) {
set_page_message(tr('User password too long!'), 'warning');
return;
}
if (isset($_POST['pass']) && !preg_match('/^[[:alnum:]:!\\*\\+\\#_.-]+$/', $_POST['pass'])) {
set_page_message(tr('Don\'t use special chars like "@, $, %..." in the password!'), 'warning');
return;
}
if (!chk_password($_POST['pass'])) {
if ($cfg->PASSWD_STRONG) {
set_page_message(sprintf(tr('The password must be at least %s chars long and contain letters and numbers to be valid.'), $cfg->PASSWD_CHARS), 'warning');
} else {
set_page_message(sprintf(tr('Password data is shorter than %s signs or includes not permitted signs!'), $cfg->PASSWD_CHARS), 'warning');
}
return;
}
$user_pass = $_POST['pass'];
// update user pass in the EasySCP sql_user table;
$query = "\n\t\tUPDATE\n\t\t\t`sql_user`\n\t\tSET\n\t\t\t`sqlu_pass` = ?\n\t\tWHERE\n\t\t\t`sqlu_name` = ?\n\t";
exec_query($sql, $query, array(encrypt_db_password($user_pass), $db_user_name));
// update user pass in the mysql system tables;
// TODO use prepared statement for $user_pass
$query = "SET PASSWORD FOR '{$db_user_name}'@'%' = PASSWORD('{$user_pass}')";
execute_query($sql, $query);
// TODO use prepared statement for $user_pass
$query = "SET PASSWORD FOR '{$db_user_name}'@localhost = PASSWORD('{$user_pass}')";
execute_query($sql, $query);
write_log($_SESSION['user_logged'] . ": update SQL user password: " . tohtml($db_user_name));
set_page_message(tr('SQL user password was successfully changed!'), 'warning');
user_goto('sql_manage.php');
}
function padd_user($tpl, $sql, $dmn_id)
{
$cfg = EasySCP_Registry::get('Config');
if (isset($_POST['uaction']) && $_POST['uaction'] == 'add_user') {
// we have to add the user
if (isset($_POST['username']) && isset($_POST['pass']) && isset($_POST['pass_rep'])) {
if (!validates_username($_POST['username'])) {
set_page_message(tr('Wrong username!'), 'warning');
return;
}
if (!chk_password($_POST['pass'])) {
if ($cfg->PASSWD_STRONG) {
set_page_message(sprintf(tr('The password must be at least %s chars long and contain letters and numbers to be valid.'), $cfg->PASSWD_CHARS), 'warning');
} else {
set_page_message(sprintf(tr('Password data is shorter than %s signs or includes not permitted signs!'), $cfg->PASSWD_CHARS), 'warning');
}
return;
}
if ($_POST['pass'] !== $_POST['pass_rep']) {
set_page_message(tr('Passwords do not match!'), 'warning');
return;
}
$status = $cfg->ITEM_ADD_STATUS;
$uname = clean_input($_POST['username']);
$upass = crypt_user_pass_with_salt($_POST['pass']);
$query = "\n\t\t\t\tSELECT\n\t\t\t\t\t`id`\n\t\t\t\tFROM\n\t\t\t\t\t`htaccess_users`\n\t\t\t\tWHERE\n\t\t\t\t\t`uname` = ?\n\t\t\t\tAND\n\t\t\t\t\t`dmn_id` = ?\n\t\t\t";
$rs = exec_query($sql, $query, array($uname, $dmn_id));
if ($rs->recordCount() == 0) {
$query = "\n\t\t\t\t\tINSERT INTO `htaccess_users`\n\t\t\t\t\t\t(`dmn_id`, `uname`, `upass`, `status`)\n\t\t\t\t\tVALUES\n\t\t\t\t\t\t(?, ?, ?, ?)\n\t\t\t\t";
exec_query($sql, $query, array($dmn_id, $uname, $upass, $status));
send_request('110 DOMAIN htaccess ' . $dmn_id);
$admin_login = $_SESSION['user_logged'];
write_log("{$admin_login}: add user (protected areas): {$uname}");
user_goto('protected_user_manage.php');
} else {
set_page_message(tr('User already exist !'), 'error');
return;
}
}
} else {
return;
}
}
function update_data(&$sql)
{
global $edit_id;
if (isset($_POST['uaction']) && $_POST['uaction'] === 'edit_user') {
if (check_user_data()) {
$user_id = $_SESSION['user_id'];
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$firm = $_POST['firm'];
$zip = $_POST['zip'];
$city = $_POST['city'];
$country = $_POST['country'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$fax = $_POST['fax'];
$street1 = $_POST['street1'];
$street2 = $_POST['street2'];
if ($_POST['pass'] == '') {
$query = <<<SQL_QUERY
update
admin
set
fname = ?,
lname = ?,
firm = ?,
zip = ?,
city = ?,
country = ?,
email = ?,
phone = ?,
fax = ?,
street1 = ?,
street2 = ?
where
admin_id= ?
SQL_QUERY;
$rs = exec_query($sql, $query, array($fname, $lname, $firm, $zip, $city, $country, $email, $phone, $fax, $street1, $street2, $edit_id));
} else {
$edit_id = $_POST['edit_id'];
if (chk_password($_POST['pass'])) {
set_page_message(tr("Incorrect password range or syntax!"));
header("Location: edit_user.php?edit_id={$edit_id}");
die;
}
if ($_POST['pass'] != $_POST['pass_rep']) {
set_page_message(tr("Entered passwords does not match!"));
header("Location: edit_user.php?edit_id={$edit_id}");
die;
}
$upass = crypt_user_pass($_POST['pass']);
$query = <<<SQL_QUERY
update
admin
set
admin_pass = ?,
fname = ?,
lname = ?,
firm = ?,
zip = ?,
city = ?,
country = ?,
email = ?,
phone = ?,
fax = ?,
street1 = ?,
street2 = ?
where
admin_id = ?
SQL_QUERY;
$rs = exec_query($sql, $query, array($upass, $fname, $lname, $firm, $zip, $city, $country, $email, $phone, $fax, $street1, $street2, $edit_id));
}
$edit_username = $_POST['edit_username'];
$user_logged = $_SESSION['user_logged'];
write_log("{$user_logged}: change data/password for {$edit_username}!");
$_SESSION['user_updated'] = 1;
header("Location: manage_users.php");
die;
}
}
}
function check_ftp_acc_data($tpl, $sql, $dmn_id, $dmn_name)
{
$cfg = EasySCP_Registry::get('Config');
if (!isset($_POST['username']) || $_POST['username'] === '') {
set_page_message(tr('Please enter FTP account username!'), 'warning');
return;
}
if (!isset($_POST['pass']) || empty($_POST['pass']) || !isset($_POST['pass_rep']) || $_POST['pass_rep'] === '') {
set_page_message(tr('Password is missing!'), 'warning');
return;
}
if ($_POST['pass'] !== $_POST['pass_rep']) {
set_page_message(tr('Entered passwords do not match!'), 'warning');
return;
}
if (!chk_password($_POST['pass'])) {
if ($cfg->PASSWD_STRONG) {
set_page_message(sprintf(tr('The password must be at least %s chars long and contain letters and numbers to be valid.'), $cfg->PASSWD_CHARS), 'warning');
} else {
set_page_message(sprintf(tr('Password data is shorter than %s signs or includes not permitted signs!'), $cfg->PASSWD_CHARS), 'warning');
}
return;
}
if ($_POST['dmn_type'] === 'sub' && $_POST['sub_id'] === 'n/a') {
set_page_message(tr('Subdomain list is empty! You cannot add FTP accounts there!'), 'warning');
return;
}
if ($_POST['dmn_type'] === 'als' && $_POST['als_id'] === 'n/a') {
set_page_message(tr('Alias list is empty! You cannot add FTP accounts there!'), 'warning');
return;
}
if (isset($_POST['use_other_dir']) && $_POST['use_other_dir'] === 'on' && empty($_POST['other_dir'])) {
set_page_message(tr('Please specify other FTP account dir!'), 'warning');
return;
}
add_ftp_user($sql, $dmn_name);
}
function check_user_data()
{
global $reseller_ips;
$cfg = EasySCP_Registry::get('Config');
$sql = EasySCP_Registry::get('Db');
$username = clean_input($_POST['username']);
$query = "\n\t\tSELECT\n\t\t\t`admin_id`\n\t\tFROM\n\t\t\t`admin`\n\t\tWHERE\n\t\t\t`admin_name` = ?\n\t;";
$rs = exec_query($sql, $query, $username);
if ($rs->recordCount() != 0) {
set_page_message(tr('This user name already exist!'), 'warning');
return false;
}
if (!validates_username(clean_input($_POST['username']))) {
set_page_message(tr("Incorrect username length or syntax!"), 'warning');
return false;
}
if (!chk_password($_POST['pass'])) {
if ($cfg->PASSWD_STRONG) {
set_page_message(sprintf(tr('The password must be at least %s long and contain letters and numbers to be valid.'), $cfg->PASSWD_CHARS), 'warning');
} else {
set_page_message(sprintf(tr('Password data is shorter than %s signs or includes not permitted signs!'), $cfg->PASSWD_CHARS), 'warning');
}
return false;
}
if ($_POST['pass'] != $_POST['pass_rep']) {
set_page_message(tr("Entered passwords do not match!"), 'warning');
return false;
}
if (!chk_email(clean_input($_POST['email']))) {
set_page_message(tr("Incorrect email syntax!"), 'warning');
return false;
}
if (!easyscp_limit_check($_POST['nreseller_max_domain_cnt'], null)) {
set_page_message(tr("Incorrect domains limit!"), 'warning');
return false;
}
if (!easyscp_limit_check($_POST['nreseller_max_subdomain_cnt'], -1)) {
set_page_message(tr("Incorrect subdomains limit!"), 'warning');
return false;
}
if (!easyscp_limit_check($_POST['nreseller_max_alias_cnt'], -1)) {
set_page_message(tr('Incorrect aliases limit!'), 'warning');
return false;
}
if (!easyscp_limit_check($_POST['nreseller_max_ftp_cnt'], -1)) {
set_page_message(tr('Incorrect FTP accounts limit!'), 'warning');
return false;
}
if (!easyscp_limit_check($_POST['nreseller_max_mail_cnt'], -1)) {
set_page_message(tr('Incorrect mail accounts limit!'), 'warning');
return false;
}
if (!easyscp_limit_check($_POST['nreseller_max_sql_db_cnt'], -1)) {
set_page_message(tr('Incorrect SQL databases limit!'), 'warning');
return false;
} else {
if ($_POST['nreseller_max_sql_db_cnt'] == -1 && $_POST['nreseller_max_sql_user_cnt'] != -1) {
set_page_message(tr('SQL databases limit is <em>disabled</em> but SQL users limit not!'), 'warning');
return false;
}
}
if (!easyscp_limit_check($_POST['nreseller_max_sql_user_cnt'], -1)) {
set_page_message(tr('Incorrect SQL users limit!'), 'warning');
return false;
} else {
if ($_POST['nreseller_max_sql_db_cnt'] != -1 && $_POST['nreseller_max_sql_user_cnt'] == -1) {
set_page_message(tr('SQL users limit is <em>disabled</em> but SQL databases limit not!'), 'warning');
return false;
}
}
if (!easyscp_limit_check($_POST['nreseller_max_traffic'], null)) {
set_page_message(tr('Incorrect traffic limit!'), 'warning');
return false;
}
if (!easyscp_limit_check($_POST['nreseller_max_disk'], null)) {
set_page_message(tr('Incorrect disk quota limit!'), 'warning');
return false;
}
if ($reseller_ips == '') {
set_page_message(tr('You must assign at least one IP number for a reseller!'), 'warning');
return false;
}
return true;
}
function check_user_data()
{
global $reseller_ips, $sql;
$username = $_POST['username'];
$query = <<<SQL_QUERY
select
admin_id
from
admin
where
admin_name=?
SQL_QUERY;
$rs = exec_query($sql, $query, array($username));
if ($rs->RecordCount() != 0) {
set_page_message(tr('This user name already exist!'));
return false;
}
if (chk_username($_POST['username'])) {
set_page_message(tr("Incorrect username range or syntax!"));
return false;
}
if (chk_password($_POST['pass'])) {
set_page_message(tr("Incorrect password range or syntax!"));
return false;
}
if ($_POST['pass'] != $_POST['pass_rep']) {
set_page_message(tr("Entered passwords does not match!"));
return false;
}
if (chk_email($_POST['email'])) {
set_page_message(tr("Incorrect email range or syntax!"));
return false;
}
if (!vhcs_limit_check($_POST['nreseller_max_domain_cnt'], 999) || $_POST['nreseller_max_domain_cnt'] == -1) {
set_page_message(tr("Incorrect max domain count or syntax!"));
return false;
}
if (!vhcs_limit_check($_POST['nreseller_max_subdomain_cnt'], 999) || $_POST['nreseller_max_subdomain_cnt'] == -1) {
set_page_message(tr("Incorrect max subdomain count or syntax!"));
return false;
}
if (!vhcs_limit_check($_POST['nreseller_max_alias_cnt'], 999) || $_POST['nreseller_max_alias_cnt'] == -1) {
set_page_message(tr('Incorrect max alias count or syntax!'));
return false;
}
if (!vhcs_limit_check($_POST['nreseller_max_ftp_cnt'], 999) || $_POST['nreseller_max_ftp_cnt'] == -1) {
set_page_message(tr('Incorrect max FTP count or syntax!'));
return false;
}
if (!vhcs_limit_check($_POST['nreseller_max_mail_cnt'], 999) || $_POST['nreseller_max_mail_cnt'] == -1) {
set_page_message(tr('Incorrect max mail count or syntax!'));
return false;
} else {
if (!vhcs_limit_check($_POST['nreseller_max_sql_db_cnt'], 999) || $_POST['nreseller_max_sql_db_cnt'] == -1) {
set_page_message(tr('Incorrect max SQL databases count or syntax!'));
return false;
} else {
if (!vhcs_limit_check($_POST['nreseller_max_sql_user_cnt'], 999) || $_POST['nreseller_max_sql_user_cnt'] == -1) {
set_page_message(tr('Incorrect max SQL users count or syntax!'));
return false;
} else {
if (!vhcs_limit_check($_POST['nreseller_max_traffic'], 999999) || $_POST['nreseller_max_traffic'] == -1) {
set_page_message(tr('Incorrect max traffic amount or syntax!'));
return false;
} else {
if (!vhcs_limit_check($_POST['nreseller_max_disk'], 999999) || $_POST['nreseller_max_disk'] == -1) {
set_page_message(tr('Incorrect max disk amount or syntax!'));
return false;
} else {
if ($reseller_ips == '') {
set_page_message(tr('You must assign at least one IP number for a reseller!'));
return false;
}
}
}
}
}
}
return true;
}
function check_user_data()
{
global $sql;
$username = $_POST['username'];
$query = <<<SQL_QUERY
select
admin_id
from
admin
where
admin_name = ?
SQL_QUERY;
$rs = exec_query($sql, $query, array($username));
if ($rs->RecordCount() != 0) {
set_page_message(tr('This user name already exist!'));
return false;
}
if (chk_username($_POST['username'])) {
set_page_message(tr("Incorrect username range or syntax!"));
return false;
}
if (chk_password($_POST['pass'])) {
set_page_message(tr("Incorrect password range or syntax!"));
return false;
}
if ($_POST['pass'] != $_POST['pass_rep']) {
set_page_message(tr("Entered passwords does not match!"));
return false;
}
if (chk_email($_POST['email'])) {
set_page_message(tr("Incorrect email range or syntax!"));
return false;
}
return true;
}
* @link http://www.easyscp.net
* @author EasySCP Team
*/
require '../../include/easyscp-lib.php';
check_login(__FILE__);
$cfg = EasySCP_Registry::get('Config');
$tpl = EasySCP_TemplateEngine::getInstance();
$template = 'common/password_change.tpl';
if (isset($_POST['uaction']) && $_POST['uaction'] === 'updt_pass') {
if (empty($_POST['pass']) || empty($_POST['pass_rep']) || empty($_POST['curr_pass'])) {
set_page_message(tr('Please fill up all data fields!'), 'warning');
} else {
if ($_POST['pass'] !== $_POST['pass_rep']) {
set_page_message(tr('Passwords do not match!'), 'warning');
} else {
if (!chk_password($_POST['pass'])) {
if ($cfg->PASSWD_STRONG) {
set_page_message(sprintf(tr('The password must be at least %s chars long and contain letters and numbers to be valid.'), $cfg->PASSWD_CHARS), 'warning');
} else {
set_page_message(sprintf(tr('Password data is shorter than %s signs or includes not permitted signs!'), $cfg->PASSWD_CHARS), 'warning');
}
} else {
if (!EasyPass::check_udata($_SESSION['user_id'], $_POST['curr_pass'])) {
set_page_message(tr('The current password is wrong!'), 'warning');
} else {
$upass = crypt_user_pass($_POST['pass']);
$_SESSION['user_pass'] = $upass;
$user_id = $_SESSION['user_id'];
$query = "\n\t\t\tUPDATE\n\t\t\t\t`admin`\n\t\t\tSET\n\t\t\t\t`admin_pass` = ?\n\t\t\tWHERE\n\t\t\t\t`admin_id` = ?\n\t\t";
$rs = exec_query($sql, $query, array($upass, $user_id));
write_log($_SESSION['user_logged'] . ": update password!");
function check_user_data()
{
$cfg = EasySCP_Registry::get('Config');
$sql = EasySCP_Registry::get('Db');
if (!validates_username($_POST['username'])) {
set_page_message(tr("Incorrect username length or syntax!"), 'warning');
return false;
}
if (!chk_password($_POST['pass'])) {
if ($cfg->PASSWD_STRONG) {
set_page_message(sprintf(tr('The password must be at least %s chars long and contain letters and numbers to be valid.'), $cfg->PASSWD_CHARS), 'warning');
} else {
set_page_message(sprintf(tr('Password data is shorter than %s signs or includes not permitted signs!'), $cfg->PASSWD_CHARS), 'warning');
}
return false;
}
if ($_POST['pass'] != $_POST['pass_rep']) {
set_page_message(tr('Entered passwords do not match!'), 'warning');
return false;
}
if (!chk_email($_POST['email'])) {
set_page_message(tr('Incorrect email length or syntax!'), 'warning');
return false;
}
$query = "\n\t\tSELECT\n\t\t\t`admin_id`\n\t\tFROM\n\t\t\t`admin`\n\t\tWHERE\n\t\t\t`admin_name` = ?\n";
$username = clean_input($_POST['username']);
$rs = exec_query($sql, $query, $username);
if ($rs->recordCount() != 0) {
set_page_message(tr('This user name already exist!'), 'error');
return false;
}
return true;
}
function update_ftp_account($sql, $ftp_acc, $dmn_name)
{
global $other_dir;
$cfg = EasySCP_Registry::get('Config');
// Create a virtual filesystem (it's important to use =&!)
$vfs = new EasySCP_VirtualFileSystem($dmn_name, $sql);
if (isset($_POST['uaction']) && $_POST['uaction'] === 'edit_user') {
if (!empty($_POST['pass']) || !empty($_POST['pass_rep'])) {
if ($_POST['pass'] !== $_POST['pass_rep']) {
set_page_message(tr('Entered passwords do not match!'), 'warning');
return;
}
if (!chk_password($_POST['pass'])) {
if ($cfg->PASSWD_STRONG) {
set_page_message(sprintf(tr('The password must be at least %s chars long and contain letters and numbers to be valid.'), $cfg->PASSWD_CHARS), 'warning');
} else {
set_page_message(sprintf(tr('Password data is shorter than %s signs or includes not permitted signs!'), $cfg->PASSWD_CHARS), 'warning');
}
return;
}
$pass = crypt_user_pass_with_salt($_POST['pass']);
$loginpass = encrypt_db_password($_POST['pass']);
if (isset($_POST['use_other_dir']) && $_POST['use_other_dir'] === 'on') {
$other_dir = clean_input($_POST['other_dir']);
$rs = $vfs->exists($other_dir);
if (!$rs) {
set_page_message(tr('%s does not exist', clean_input($_POST['other_dir'])), 'warning');
return;
}
// domain_id
// append the full path (vfs is always checking per ftp so it's logged
// in in the root of the user (no absolute paths are allowed here!)
$other_dir = $cfg->FTP_HOMEDIR . "/" . $_SESSION['user_logged'] . clean_input($_POST['other_dir']);
$query = "\n\t\t\t\t\tUPDATE\n\t\t\t\t\t\t`ftp_users`\n\t\t\t\t\tSET\n\t\t\t\t\t\t`passwd` = ?,\n\t\t\t\t\t\t`net2ftppasswd` = ?,\n\t\t\t\t\t\t`homedir` = ?\n\t\t\t\t\tWHERE\n\t\t\t\t\t\t`userid` = ?\n\t\t\t\t";
$param = array($pass, $loginpass, $other_dir, $ftp_acc);
} else {
$query = "\n\t\t\t\t\tUPDATE\n\t\t\t\t\t\t`ftp_users`\n\t\t\t\t\tSET\n\t\t\t\t\t\t`passwd` = ?,\n\t\t\t\t\t\t`net2ftppasswd` = ?\n\t\t\t\t\tWHERE\n\t\t\t\t\t\t`userid` = ?\n\t\t\t\t";
$param = array($pass, $loginpass, $ftp_acc);
}
exec_query($sql, $query, $param);
write_log($_SESSION['user_logged'] . ": updated FTP " . $ftp_acc . " account data");
set_page_message(tr('FTP account data updated!'), 'success');
user_goto('ftp_accounts.php');
} else {
if (isset($_POST['use_other_dir']) && $_POST['use_other_dir'] === 'on') {
$other_dir = clean_input($_POST['other_dir']);
// Strip possible double-slashes
$other_dir = str_replace('//', '/', $other_dir);
// Check for updirs ".."
$res = preg_match("/\\.\\./", $other_dir);
if ($res !== 0) {
set_page_message(tr('Incorrect mount point length or syntax'), 'warning');
return;
}
// Check for $other_dir existence
// Create a virtual filesystem (it's important to use =&!)
$vfs = new EasySCP_VirtualFileSystem($dmn_name, $sql);
// Check for directory existence
$res = $vfs->exists($other_dir);
if (!$res) {
set_page_message(tr('%s does not exist', $other_dir), 'error');
return;
}
$other_dir = $cfg->FTP_HOMEDIR . "/" . $_SESSION['user_logged'] . $other_dir;
} else {
// End of user-specified mount-point
$other_dir = $cfg->FTP_HOMEDIR . "/" . $_SESSION['user_logged'];
}
$query = "\n\t\t\t\tUPDATE\n\t\t\t\t\t`ftp_users`\n\t\t\t\tSET\n\t\t\t\t\t`homedir` = ?\n\t\t\t\tWHERE\n\t\t\t\t\t`userid` = ?\n\t\t\t";
exec_query($sql, $query, array($other_dir, $ftp_acc));
set_page_message(tr('FTP account data updated!'), 'success');
user_goto('ftp_accounts.php');
}
}
}
/**
* Check validity of input data
*
* @todo check if we can remove out commented code block
*/
function check_ruser_data($tpl, $noPass)
{
global $dmn_name, $hpid, $dmn_user_name;
global $user_email, $customer_id, $first_name;
global $last_name, $firm, $zip, $gender;
global $city, $state, $country, $street_one;
global $street_two, $phone;
global $fax, $inpass, $domain_ip;
$cfg = EasySCP_Registry::get('Config');
$user_add_error = '_off_';
$inpass_re = '';
// Get data for fields from previous page
if (isset($_POST['userpassword'])) {
$inpass = $_POST['userpassword'];
}
if (isset($_POST['userpassword_repeat'])) {
$inpass_re = $_POST['userpassword_repeat'];
}
if (isset($_POST['domain_ip'])) {
$domain_ip = $_POST['domain_ip'];
}
if (isset($_POST['useremail'])) {
$user_email = $_POST['useremail'];
}
if (isset($_POST['useruid'])) {
$customer_id = $_POST['useruid'];
}
if (isset($_POST['userfname'])) {
$first_name = $_POST['userfname'];
}
if (isset($_POST['userlname'])) {
$last_name = $_POST['userlname'];
}
if (isset($_POST['userfirm'])) {
$firm = $_POST['userfirm'];
}
if (isset($_POST['userzip'])) {
$zip = $_POST['userzip'];
}
if (isset($_POST['usercity'])) {
$city = $_POST['usercity'];
}
if (isset($_POST['userstate'])) {
$state = $_POST['userstate'];
}
if (isset($_POST['usercountry'])) {
$country = $_POST['usercountry'];
}
if (isset($_POST['userstreet1'])) {
$street_one = $_POST['userstreet1'];
}
if (isset($_POST['userstreet2'])) {
$street_two = $_POST['userstreet2'];
}
if (isset($_POST['userphone'])) {
$phone = $_POST['userphone'];
}
if (isset($_POST['userfax'])) {
$fax = $_POST['userfax'];
}
if (isset($_POST['gender']) && !is_null(get_gender_by_code($_POST['gender'], true))) {
$gender = $_POST['gender'];
} else {
$gender = '';
}
//if (isset($_SESSION['local_data']))
// list($dmn_name, $hpid, $dmn_user_name) = explode(";", $_SESSION['local_data']);
// Begin checking...
if ('_no_' == $noPass) {
if ('' === $inpass_re || '' === $inpass) {
$user_add_error = tr('Please fill up both data fields for password!');
} else {
if ($inpass_re !== $inpass) {
$user_add_error = tr("Passwords don't match!");
} else {
if (!chk_password($inpass)) {
if ($cfg->PASSWD_STRONG) {
$user_add_error = sprintf(tr('The password must be at least %s long and contain letters and numbers to be valid.'), $cfg->PASSWD_CHARS);
} else {
$user_add_error = sprintf(tr('Password data is shorter than %s signs or includes not permitted signs!'), $cfg->PASSWD_CHARS);
}
}
}
}
}
if (is_null($user_email)) {
$user_add_error = tr('Incorrect email length or syntax!');
}
if ($user_add_error == '_off_') {
// send data through session
$_SESSION['Message'] = NULL;
return true;
} else {
$_SESSION['Message'] = $user_add_error;
return false;
}
}
function update_data($sql)
{
global $edit_id;
$cfg = EasySCP_Registry::get('Config');
if (isset($_POST['Submit']) && isset($_POST['uaction']) && $_POST['uaction'] === 'edit_user') {
if (check_user_data()) {
$user_id = $_SESSION['user_id'];
$fname = clean_input($_POST['fname']);
$lname = clean_input($_POST['lname']);
$firm = clean_input($_POST['firm']);
$gender = clean_input($_POST['gender']);
$zip = clean_input($_POST['zip']);
$city = clean_input($_POST['city']);
$state = clean_input($_POST['state']);
$country = clean_input($_POST['country']);
$email = clean_input($_POST['email']);
$phone = clean_input($_POST['phone']);
$fax = clean_input($_POST['fax']);
$street1 = clean_input($_POST['street1']);
$street2 = clean_input($_POST['street2']);
if (empty($_POST['pass'])) {
$query = "\n\t\t\t\t\tUPDATE\n\t\t\t\t\t\t`admin`\n\t\t\t\t\tSET\n\t\t\t\t\t\t`fname` = ?,\n\t\t\t\t\t\t`lname` = ?,\n\t\t\t\t\t\t`firm` = ?,\n\t\t\t\t\t\t`zip` = ?,\n\t\t\t\t\t\t`city` = ?,\n\t\t\t\t\t\t`state` = ?,\n\t\t\t\t\t\t`country` = ?,\n\t\t\t\t\t\t`email` = ?,\n\t\t\t\t\t\t`phone` = ?,\n\t\t\t\t\t\t`fax` = ?,\n\t\t\t\t\t\t`street1` = ?,\n\t\t\t\t\t\t`street2` = ?,\n\t\t\t\t\t\t`gender` = ?\n\t\t\t\t\tWHERE\n\t\t\t\t\t\t`admin_id` = ?\n\t\t\t\t";
exec_query($sql, $query, array($fname, $lname, $firm, $zip, $city, $state, $country, $email, $phone, $fax, $street1, $street2, $gender, $edit_id));
} else {
$edit_id = $_POST['edit_id'];
if ($_POST['pass'] != $_POST['pass_rep']) {
set_page_message(tr("Entered passwords do not match!"), 'warning');
user_goto('admin_edit.php?edit_id=' . $edit_id);
}
if (!chk_password($_POST['pass'])) {
if ($cfg->PASSWD_STRONG) {
set_page_message(sprintf(tr('The password must be at least %s chars long and contain letters and numbers to be valid.'), $cfg->PASSWD_CHARS), 'warning');
} else {
set_page_message(sprintf(tr('Password data is shorter than %s signs or includes not permitted signs!'), $cfg->PASSWD_CHARS), 'warning');
}
user_goto('admin_edit.php?edit_id=' . $edit_id);
}
$upass = crypt_user_pass($_POST['pass']);
$query = "\n\t\t\t\t\tUPDATE\n\t\t\t\t\t\t`admin`\n\t\t\t\t\tSET\n\t\t\t\t\t\t`admin_pass` = ?,\n\t\t\t\t\t\t`fname` = ?,\n\t\t\t\t\t\t`lname` = ?,\n\t\t\t\t\t\t`firm` = ?,\n\t\t\t\t\t\t`zip` = ?,\n\t\t\t\t\t\t`city` = ?,\n\t\t\t\t\t\t`state` = ?,\n\t\t\t\t\t\t`country` = ?,\n\t\t\t\t\t\t`email` = ?,\n\t\t\t\t\t\t`phone` = ?,\n\t\t\t\t\t\t`fax` = ?,\n\t\t\t\t\t\t`street1` = ?,\n\t\t\t\t\t\t`street2` = ?,\n\t\t\t\t\t\t`gender` = ?\n\t\t\t\t\tWHERE\n\t\t\t\t\t\t`admin_id` = ?\n\t\t\t\t";
exec_query($sql, $query, array($upass, $fname, $lname, $firm, $zip, $city, $state, $country, $email, $phone, $fax, $street1, $street2, $gender, $edit_id));
// Kill any existing session of the edited user
$admin_name = get_user_name($edit_id);
$query = "\n\t\t\t\t\tDELETE FROM\n\t\t\t\t\t\t`login`\n\t\t\t\t\tWHERE\n\t\t\t\t\t\t`user_name` = ?\n\t\t\t\t";
$rs = exec_query($sql, $query, $admin_name);
if ($rs->recordCount() != 0) {
set_page_message(tr('User session was killed!'), 'info');
write_log($_SESSION['user_logged'] . " killed " . $admin_name . "'s session because of password change");
}
}
$edit_username = clean_input($_POST['edit_username']);
$user_logged = $_SESSION['user_logged'];
write_log("{$user_logged}: changes data/password for {$edit_username}!");
if (isset($_POST['send_data']) && !empty($_POST['pass'])) {
$query = "SELECT admin_type FROM admin WHERE admin_id='" . addslashes(htmlspecialchars($edit_id)) . "'";
$res = exec_query($sql, $query);
if ($res->fields['admin_type'] == 'admin') {
$admin_type = tr('Administrator');
} else {
if ($res->fields['admin_type'] == 'reseller') {
$admin_type = tr('Reseller');
} else {
$admin_type = tr('Domain account');
}
}
send_add_user_auto_msg($user_id, $edit_username, clean_input($_POST['pass']), clean_input($_POST['email']), clean_input($_POST['fname']), clean_input($_POST['lname']), tr($admin_type), $gender);
}
$_SESSION['user_updated'] = 1;
user_goto('manage_users.php');
}
}
}
}
$da_crc = md5(CRC_SALT_0013 . $user_id . $_POST["from_mail"] . $_POST["ct"] . $_POST["complaint_text"] . cl_ip());
$da_users_id = $user_id;
switch ($_POST["ct"]) {
case 1:
if (!preg_match(NON_BOGUS, trim($_POST["login"]))) {
echo $back_lnk;
echo "<big>bogus username</big>.";
die("</td></tr></table></body></html>");
}
if (!ip_check(trim($_POST["login"]), 1)) {
echo $back_lnk;
echo "<big>too many failed attempts for username / password pair, try again later.</big>";
die("</td></tr></table></body></html>");
}
$da_users_id = chk_password($_POST["login"], $_POST["passwd"]);
if ($da_users_id == 0) {
echo $back_lnk;
echo "<big>username or password is invalid</big>.";
die("</td></tr></table></body></html>");
}
$rf = pg_safe_exec("SELECT flags FROM users WHERE id='" . (int) $da_users_id . "'");
$of = pg_fetch_object($rf);
if (!((int) $of->flags & 1)) {
// not suspended
echo $back_lnk;
echo "<big>your username is NOT suspended currently</big>.";
die("</td></tr></table></body></html>");
}
$da_channel1_id = 0;
$da_channel1_name = "";
/**
* Function to update changes into db
*/
function update_data_in_db($hpid)
{
global $dmn_user_name, $user_email, $customer_id, $first_name, $last_name, $firm, $zip, $gender, $city, $state, $country, $street_one, $street_two, $phone, $fax, $inpass, $admin_login;
$sql = EasySCP_Registry::get('Db');
$cfg = EasySCP_Registry::get('Config');
$reseller_id = $_SESSION['user_id'];
$first_name = clean_input($first_name);
$last_name = clean_input($last_name);
$firm = clean_input($firm);
$gender = clean_input($gender);
$zip = clean_input($zip);
$city = clean_input($city);
$state = clean_input($state);
$country = clean_input($country);
$phone = clean_input($phone);
$fax = clean_input($fax);
$street_one = clean_input($street_one);
$street_two = clean_input($street_two);
if (empty($inpass)) {
// Save without password
$query = "\n\t\t\tUPDATE\n\t\t\t\t`admin`\n\t\t\tSET\n\t\t\t\t`fname` = ?,\n\t\t\t\t`lname` = ?,\n\t\t\t\t`firm` = ?,\n\t\t\t\t`zip` = ?,\n\t\t\t\t`city` = ?,\n\t\t\t\t`state` = ?,\n\t\t\t\t`country` = ?,\n\t\t\t\t`email` = ?,\n\t\t\t\t`phone` = ?,\n\t\t\t\t`fax` = ?,\n\t\t\t\t`street1` = ?,\n\t\t\t\t`street2` = ?,\n\t\t\t\t`gender` = ?,\n\t\t\t\t`customer_id` = ?\n\t\t\tWHERE\n\t\t\t\t`admin_id` = ?\n\t\t\tAND\n\t\t\t\t`created_by` = ?\n\t\t";
exec_query($sql, $query, array($first_name, $last_name, $firm, $zip, $city, $state, $country, $user_email, $phone, $fax, $street_one, $street_two, $gender, $customer_id, $hpid, $reseller_id));
} else {
// Change password
if (!chk_password($_POST['userpassword'])) {
if (isset($cfg->PASSWD_STRONG)) {
set_page_message(sprintf(tr('The password must be at least %s chars long and contain letters and numbers to be valid.'), $cfg->PASSWD_CHARS), 'warning');
} else {
set_page_message(sprintf(tr('Password data is shorter than %s signs or includes not permitted signs!'), $cfg->PASSWD_CHARS), 'warning');
}
user_goto('user_edit.php?edit_id=' . $hpid);
}
if ($_POST['userpassword'] != $_POST['userpassword_repeat']) {
set_page_message(tr('Entered passwords do not match!'), 'warning');
user_goto('user_edit.php?edit_id=' . $hpid);
}
$pure_user_pass = $inpass;
$inpass = crypt_user_pass($inpass);
$query = "\n\t\t\tUPDATE\n\t\t\t\t`admin`\n\t\t\tSET\n\t\t\t\t`admin_pass` = ?,\n\t\t\t\t`fname` = ?,\n\t\t\t\t`lname` = ?,\n\t\t\t\t`firm` = ?,\n\t\t\t\t`zip` = ?,\n\t\t\t\t`city` = ?,\n\t\t\t\t`state` = ?,\n\t\t\t\t`country` = ?,\n\t\t\t\t`email` = ?,\n\t\t\t\t`phone` = ?,\n\t\t\t\t`fax` = ?,\n\t\t\t\t`street1` = ?,\n\t\t\t\t`street2` = ?,\n\t\t\t\t`gender` = ?,\n\t\t\t\t`customer_id` = ?\n\t\t\tWHERE\n\t\t\t\t`admin_id` = ?\n\t\t\tAND\n\t\t\t\t`created_by` = ?\n\t\t";
exec_query($sql, $query, array($inpass, $first_name, $last_name, $firm, $zip, $city, $state, $country, $user_email, $phone, $fax, $street_one, $street_two, $gender, $customer_id, $hpid, $reseller_id));
// Kill any existing session of the edited user
$admin_name = get_user_name($hpid);
$query = "\n\t\t\tDELETE FROM\n\t\t\t\t`login`\n\t\t\tWHERE\n\t\t\t\t`user_name` = ?\n\t\t";
$rs = exec_query($sql, $query, $admin_name);
if ($rs->recordCount() != 0) {
set_page_message(tr('User session was killed!'), 'info');
write_log($_SESSION['user_logged'] . " killed " . $admin_name . "'s session because of password change");
}
}
$admin_login = $_SESSION['user_logged'];
write_log("{$admin_login} changes data/password for {$dmn_user_name}!");
if (isset($_POST['send_data']) && !empty($inpass)) {
send_add_user_auto_msg($reseller_id, $dmn_user_name, $pure_user_pass, $user_email, $first_name, $last_name, tr('Domain account'));
}
unset($_SESSION['edit_ID']);
unset($_SESSION['user_name']);
$_SESSION['edit'] = "_yes_";
user_goto('users.php?psi=last');
}
/**
* Check reseller data
*
* @param array &$errFields rerefence to the error indicators of input fields
* @return boolean TRUE if all data are valid, FALSE otherwise
*/
function check_data(&$errFields)
{
$cfg = EasySCP_Registry::get('Config');
// Get needed data
$rdata =& get_data();
/**
* Check for new password
*/
if (!empty($_POST['pass0']) || !empty($_POST['pass1'])) {
if (!chk_password($_POST['pass0'])) {
if ($cfg->PASSWD_STRONG) {
set_page_message(sprintf(tr('The password must be at least %s chars long and contain letters and numbers to be valid.'), $cfg->PASSWD_CHARS), 'warning');
} else {
set_page_message(sprintf(tr('Password data is shorter than %s signs or includes not permitted signs!'), $cfg->PASSWD_CHARS), 'warning');
}
$errFields[] = 'PWD_ERR';
}
if ($_POST['pass0'] != $_POST['pass1']) {
set_page_message(tr('Entered passwords do not match!'), 'warning');
$errFields[] = 'PWD_ERR';
$errFields[] = 'PWDR_ERR';
}
}
/**
* Check for mail address
*/
if (!chk_email($rdata['email'])) {
set_page_message(tr('Incorrect email syntax!'), 'warning');
$errFields[] = 'EMAIL_ERR';
}
list($udmn_current, , $udmn_uf, $usub_current, , $usub_uf, $uals_current, , $uals_uf, $umail_current, , $umail_uf, $uftp_current, , $uftp_uf, $usql_db_current, , $usql_db_uf, $usql_user_current, , $usql_user_uf, $utraff_current, , $utraff_uf, $udisk_current, , $udisk_uf) = generate_reseller_users_props($rdata['edit_id']);
list($rdmn_current, , $rsub_current, , $rals_current, , $rmail_current, , $rftp_current, , $rsql_db_current, , $rsql_user_current, , $rtraff_current, , $rdisk_current, ) = generate_reseller_props($rdata['edit_id']);
/**
* Check for new domains limit
*/
if (easyscp_limit_check($rdata['max_dmn_cnt'], null)) {
$rs = _check_new_limit($rdata['max_dmn_cnt'], $rdmn_current, $udmn_current, $udmn_uf, tr('Domains'));
} else {
set_page_message(tr('Incorrect domains limit!'), 'warning');
$rs = false;
}
if (!$rs) {
$errFields[] = 'DMN_ERR';
}
/**
* Check for new subdomains limit
*/
if (easyscp_limit_check($rdata['max_sub_cnt'])) {
$rs = _check_new_limit($rdata['max_sub_cnt'], $rsub_current, $usub_current, $usub_uf, tr('Subdomains'));
} else {
set_page_message(tr('Incorrect subdomains limit!'), 'warning');
$rs = false;
}
if (!$rs) {
$errFields[] = 'SUB_ERR';
}
/**
* Check for new domain alias limit
*/
if (easyscp_limit_check($rdata['max_als_cnt'])) {
$rs = _check_new_limit($rdata['max_als_cnt'], $rals_current, $uals_current, $uals_uf, tr('Aliases'));
} else {
set_page_message(tr('Incorrect aliases limit!'), 'warning');
$rs = false;
}
if (!$rs) {
$errFields[] = 'ALS_ERR';
}
/**
* Check for new mail accounts limit
*/
if (easyscp_limit_check($rdata['max_mail_cnt'])) {
$rs = _check_new_limit($rdata['max_mail_cnt'], $rmail_current, $umail_current, $umail_uf, tr('Mail'));
} else {
set_page_message(tr('Incorrect mail accounts limit!'), 'warning');
$rs = false;
}
if (!$rs) {
$errFields[] = 'MAIL_ERR';
}
/**
* Check for new Ftp accounts limit
*/
if (easyscp_limit_check($rdata['max_ftp_cnt'])) {
$rs = _check_new_limit($rdata['max_ftp_cnt'], $rftp_current, $uftp_current, $uftp_uf, tr('FTP'));
} else {
set_page_message(tr('Incorrect FTP accounts limit!'), 'warning');
$rs = false;
}
if (!$rs) {
$errFields[] = 'FTP_ERR';
}
/**
* Check for new Sql databases limit
*/
if (!($rs = easyscp_limit_check($rdata['max_sql_db_cnt']))) {
set_page_message(tr('Incorrect SQL databases limit!'), 'warning');
} else {
if ($rdata['max_sql_db_cnt'] == -1 && $rdata['max_sql_user_cnt'] != -1) {
set_page_message(tr('SQL databases limit is <em>disabled</em> but SQL users limit not!'), 'warning');
$rs = false;
} else {
$rs = _check_new_limit($rdata['max_sql_db_cnt'], $rsql_db_current, $usql_db_current, $usql_db_uf, tr('SQL Databases'));
}
}
if (!$rs) {
$errFields[] = 'SQLD_ERR';
}
/**
* Check for new Sql users limit
*/
if (!($rs = easyscp_limit_check($rdata['max_sql_user_cnt']))) {
set_page_message(tr('Incorrect SQL users limit!'), 'warning');
} else {
if ($rdata['max_sql_db_cnt'] != -1 && $rdata['max_sql_user_cnt'] == -1) {
set_page_message(tr('SQL users limit is <em>disabled</em> but SQL databases limit not!'), 'warning');
$rs = false;
} else {
$rs = _check_new_limit($rdata['max_sql_user_cnt'], $rsql_user_current, $usql_user_current, $usql_user_uf, tr('SQL Users'));
}
}
if (!$rs) {
$errFields[] = 'SQLU_ERR';
}
/**
* Check for new traffic limit
*/
if (easyscp_limit_check($rdata['max_traff_amnt'], null)) {
$rs = _check_new_limit($rdata['max_traff_amnt'], $rtraff_current, $utraff_current / 1024 / 1024, $utraff_uf, tr('Web Traffic'));
} else {
set_page_message(tr('Incorrect traffic limit!'), 'warning');
$rs = false;
}
if (!$rs) {
$errFields[] = 'TRF_ERR';
}
/**
* Check for new diskspace limit
*/
if (easyscp_limit_check($rdata['max_disk_amnt'], null)) {
$rs = _check_new_limit($rdata['max_disk_amnt'], $rdisk_current, $udisk_current / 1024 / 1024, $udisk_uf, tr('Disk storage'));
} else {
set_page_message(tr('Incorrect disk quota limit!'), 'warning');
$rs = false;
}
if (!$rs) {
$errFields[] = 'DISK_ERR';
}
/**
* Check for IP adresses
*/
if ($rdata['reseller_ips'] == '') {
set_page_message(tr('You must assign at least one IP number for a reseller!'), 'warning');
}
check_user_ip_data($rdata['edit_id'], $rdata['rip_lst'], $rdata['reseller_ips']);
}
echo "</html>\n\n";
die;
}
std_connect();
if ($username != "" && !preg_match(NON_BOGUS, $username)) {
echo "<META HTTP-EQUIV=\"Pragma\" CONTENT=\"no-cache\">\n";
echo "<html><head><title>ERROR</title>";
std_theme_styles();
echo "</head>";
std_theme_body();
echo "<center>\n";
echo "<h2>";
echo "Bogus username</h2><br><a href=\"login.php\">Try again</a></center></body></html>\n\n";
die;
}
$user_id = chk_password($username, $password, -1);
if ($user_id > 0) {
$res = pg_safe_exec("select users.id,users.flags,levels.access from users,levels where users.id=" . (int) $user_id . " and users.id=levels.user_id and levels.channel_id=1 and levels.access>0");
if (pg_numrows($res) == 0) {
if (ADMINONLY_MIRROR) {
echo "<META HTTP-EQUIV=\"Pragma\" CONTENT=\"no-cache\">\n";
echo "<html><head><title>This mirror is reserved for CService officials</title>";
std_theme_styles();
echo "</head>";
std_theme_body();
echo "<center>\n";
echo "<h2>";
echo "Sorry, You can't login on that website.";
echo "</h2>";
echo "<h3>It's currently reserved for CService officials only,<br>";
echo "You can access a client mirror at : <a href=\"" . CLIENT_MIRROR_URL . "\" target=_top>" . CLIENT_MIRROR_URL . "</a>, thanks.</h3>\n";
if ($mode == "write" && $crc == md5($SECURE_ID . CRC_SALT_0011)) {
$da_error = -1;
if ($pass1 == $pass2 && ($pass1 != "" && $pass2 != "")) {
if ($admin > 0 && BOFH_PASS_ADMIN && !pw_check($pass1) || BOFH_PASS_USER && !pw_check($pass1) || strlen($pass1) < PW_MIN_CHARS) {
$da_error = 2;
} else {
if (strtolower($dauser->user_name) == strtolower($pass1)) {
$da_error = 3;
} else {
if (strtolower($dauser->verificationdata) == strtolower($pass1)) {
$da_error = 4;
} else {
if (strtolower($dauser->email) == strtolower($pass1)) {
$da_error = 5;
} else {
if (chk_password($dauser->user_name, $pass0, -1) <= 0) {
$da_error = 6;
// possible bruteforce attack (but rare, user must be already logged in), will add security later...
} else {
// change password
$valid = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
$password = "";
srand((double) microtime() * 1000000);
for ($i = 0; $i < 8; $i++) {
$salt = $salt . $valid[rand(0, strlen($valid) - 1)];
}
$crypt = $salt . md5($salt . $pass1);
$query = "UPDATE users SET last_updated=now()::abstime::int4,last_updated_by='** Password Change **',password='******' WHERE id=" . ($user_id + 0);
pg_safe_exec($query);
// send email
$mailm = "";
/**
* Generates random password matching the chk_password criteria
*
* @see _passgen()
* @return String password
*/
function passgen()
{
$pw = null;
while (is_null($pw) || !chk_password($pw, 50, "/[<>]/")) {
$pw = _passgen();
}
return $pw;
}
function check_user_data()
{
global $reseller_ips, $sql;
if ($_POST['pass'] != '' || $_POST['pass_rep'] != '') {
if (chk_password($_POST['pass'])) {
set_page_message(tr("Incorrect password range or syntax!"));
return false;
}
if ($_POST['pass'] != $_POST['pass_rep']) {
set_page_message(tr("Entered passwords does not match!"));
return false;
}
}
if (chk_email($_POST['email'])) {
set_page_message(tr("Incorrect email range or syntax!"));
return false;
}
if (!vhcs_limit_check($_POST['nreseller_max_domain_cnt'], 999) || $_POST['nreseller_max_domain_cnt'] == -1) {
set_page_message(tr("Incorrect max domain count or syntax!"));
return false;
}
if (!vhcs_limit_check($_POST['nreseller_max_subdomain_cnt'], 999) || $_POST['nreseller_max_subdomain_cnt'] == -1) {
set_page_message(tr("Incorrect max subdomain count or syntax!"));
return false;
}
if (!vhcs_limit_check($_POST['nreseller_max_alias_cnt'], 999) || $_POST['nreseller_max_alias_cnt'] == -1) {
set_page_message(tr('Incorrect max alias count or syntax!'));
return false;
}
if (!vhcs_limit_check($_POST['nreseller_max_ftp_cnt'], 999) || $_POST['nreseller_max_ftp_cnt'] == -1) {
set_page_message(tr('Incorrect max FTP count or syntax!'));
return false;
}
if (!vhcs_limit_check($_POST['nreseller_max_mail_cnt'], 999) || $_POST['nreseller_max_mail_cnt'] == -1) {
set_page_message(tr('Incorrect max mail count or syntax!'));
return false;
} else {
if (!vhcs_limit_check($_POST['nreseller_max_sql_db_cnt'], 999) || $_POST['nreseller_max_sql_db_cnt'] == -1) {
set_page_message(tr('Incorrect max SQL databases count or syntax!'));
return false;
} else {
if (!vhcs_limit_check($_POST['nreseller_max_sql_user_cnt'], 999) || $_POST['nreseller_max_sql_user_cnt'] == -1) {
set_page_message(tr('Incorrect max SQL users count or syntax!'));
return false;
} else {
if (!vhcs_limit_check($_POST['nreseller_max_traffic'], 999999) || $_POST['nreseller_max_traffic'] == -1) {
set_page_message(tr('Incorrect max traffic amount or syntax!'));
return false;
} else {
if (!vhcs_limit_check($_POST['nreseller_max_disk'], 999999) || $_POST['nreseller_max_disk'] == -1) {
set_page_message(tr('Incorrect max disk amount or syntax!'));
return false;
} else {
if ($reseller_ips == '') {
set_page_message(tr('You must assign at least one IP number for a reseller!'));
return false;
}
}
}
}
}
}
global $edit_id, $rip_lst;
return check_reseller_data($edit_id, $rip_lst, $reseller_ips);
}
$tpl = new pTemplate();
$tpl->define_dynamic('page', $cfg['RESELLER_TEMPLATE_PATH'] . '/chpsswd.tpl');
$tpl->define_dynamic('page_message', 'page');
$tpl->define_dynamic('logged_from', 'page');
$tpl->define_dynamic('custom_buttons', 'page');
global $cfg;
$theme_color = $cfg['USER_INITIAL_THEME'];
$tpl->assign(array('TR_CLIENT_CHANGE_PASSWORD_PAGE_TITLE' => tr('VHCS - Reseller/Change Password'), 'THEME_COLOR_PATH' => "../themes/{$theme_color}", 'THEME_CHARSET' => tr('encoding'), 'VHCS_LICENSE' => $cfg['VHCS_LICENSE'], 'ISP_LOGO' => get_logo($_SESSION['user_id'])));
if (isset($_POST['uaction']) && $_POST['uaction'] === 'updt_pass') {
if ($_POST['pass'] === '' || $_POST['pass_rep'] === '') {
set_page_message(tr('Please fill up both data fields!'));
} else {
if ($_POST['pass'] !== $_POST['pass_rep']) {
set_page_message(tr('Passwords does not match!'));
} else {
if (chk_password($_POST['pass']) > 0) {
set_page_message(tr('Incorrect password range or syntax!'));
} else {
// Correct input password
$upass = crypt_user_pass($_POST['pass']);
$user_id = $_SESSION['user_id'];
// Begin update admin-db
$query = <<<SQL_QUERY
update
\tadmin
set
\tadmin_pass = ?
where
\tadmin_id = ?
SQL_QUERY;
$rs = exec_query($sql, $query, array($upass, $user_id));
/**
* @todo
* * Database user with same name can be added several times
* * If creation of database user fails in MySQL-Table, database user is already
* in loclal EasySCP table -> Error handling
*/
function add_sql_user($sql, $user_id, $db_id)
{
$cfg = EasySCP_Registry::get('Config');
if (!isset($_POST['uaction'])) {
return;
}
// let's check user input
if (empty($_POST['user_name']) && !isset($_POST['Add_Exist'])) {
set_page_message(tr('Please type user name!'), 'warning');
return;
}
if (empty($_POST['pass']) && empty($_POST['pass_rep']) && !isset($_POST['Add_Exist'])) {
set_page_message(tr('Please type user password!'), 'warning');
return;
}
if (isset($_POST['pass']) && isset($_POST['pass_rep']) && $_POST['pass'] !== $_POST['pass_rep'] && !isset($_POST['Add_Exist'])) {
set_page_message(tr('Entered passwords do not match!'), 'warning');
return;
}
if (isset($_POST['pass']) && strlen($_POST['pass']) > $cfg->MAX_SQL_PASS_LENGTH && !isset($_POST['Add_Exist'])) {
set_page_message(tr('Too long user password!'), 'warning');
return;
}
if (isset($_POST['pass']) && !preg_match('/^[[:alnum:]:!*+#_.-]+$/', $_POST['pass']) && !isset($_POST['Add_Exist'])) {
set_page_message(tr('Don\'t use special chars like "@, $, %..." in the password!'), 'warning');
return;
}
if (isset($_POST['pass']) && !chk_password($_POST['pass']) && !isset($_POST['Add_Exist'])) {
if ($cfg->PASSWD_STRONG) {
set_page_message(sprintf(tr('The password must be at least %s chars long and contain letters and numbers to be valid.'), $cfg->PASSWD_CHARS), 'warning');
} else {
set_page_message(sprintf(tr('Password data is shorter than %s signs or includes not permitted signs!'), $cfg->PASSWD_CHARS), 'warning');
}
return;
}
if (isset($_POST['Add_Exist'])) {
$query = "SELECT `sqlu_pass` FROM `sql_user` WHERE `sqlu_id` = ?";
$rs = exec_query($sql, $query, $_POST['sqluser_id']);
if ($rs->recordCount() == 0) {
set_page_message(tr('SQL-user not found! It might has been deleted by another user.'), 'warning');
return;
}
$user_pass = decrypt_db_password($rs->fields['sqlu_pass']);
} else {
$user_pass = $_POST['pass'];
}
$dmn_id = get_user_domain_id($user_id);
if (!isset($_POST['Add_Exist'])) {
// we'll use domain_id in the name of the database;
if (isset($_POST['use_dmn_id']) && $_POST['use_dmn_id'] === 'on' && isset($_POST['id_pos']) && $_POST['id_pos'] === 'start') {
$db_user = $dmn_id . "_" . clean_input($_POST['user_name']);
} else {
if (isset($_POST['use_dmn_id']) && $_POST['use_dmn_id'] === 'on' && isset($_POST['id_pos']) && $_POST['id_pos'] === 'end') {
$db_user = clean_input($_POST['user_name']) . "_" . $dmn_id;
} else {
$db_user = clean_input($_POST['user_name']);
}
}
} else {
$query = "SELECT `sqlu_name` FROM `sql_user` WHERE `sqlu_id` = ?";
$rs = exec_query($sql, $query, $_POST['sqluser_id']);
$db_user = $rs->fields['sqlu_name'];
}
if (strlen($db_user) > $cfg->MAX_SQL_USER_LENGTH) {
set_page_message(tr('User name too long!'), 'warning');
return;
}
// are wildcards used?
if (preg_match("/[%|\\?]+/", $db_user)) {
set_page_message(tr('Wildcards such as %% and ? are not allowed!'), 'warning');
return;
}
// have we such sql user in the system?!
if (check_db_user($sql, $db_user) && !isset($_POST['Add_Exist'])) {
set_page_message(tr('Specified SQL username name already exists!'), 'warning');
return;
}
// add user in the EasySCP table;
$query = "\n\t\tINSERT INTO `sql_user`\n\t\t\t(`sqld_id`, `sqlu_name`, `sqlu_pass`)\n\t\tVALUES\n\t\t\t(?, ?, ?)\n\t";
exec_query($sql, $query, array($db_id, $db_user, encrypt_db_password($user_pass)));
update_reseller_c_props(get_reseller_id($dmn_id));
$query = "\n\t\tSELECT\n\t\t\t`sqld_name` AS `db_name`\n\t\tFROM\n\t\t\t`sql_database`\n\t\tWHERE\n\t\t\t`sqld_id` = ?\n\t\tAND\n\t\t\t`domain_id` = ?\n\t";
$rs = exec_query($sql, $query, array($db_id, $dmn_id));
$db_name = $rs->fields['db_name'];
$db_name = preg_replace("/([_%\\?\\*])/", '\\\\$1', $db_name);
// add user in the mysql system tables
$query = "GRANT ALL PRIVILEGES ON " . quoteIdentifier($db_name) . ".* TO ?@? IDENTIFIED BY ?";
exec_query($sql, $query, array($db_user, "localhost", $user_pass));
exec_query($sql, $query, array($db_user, "%", $user_pass));
write_log($_SESSION['user_logged'] . ": add SQL user: " . tohtml($db_user));
set_page_message(tr('SQL user successfully added!'), 'info');
user_goto('sql_manage.php');
}
