/** * @param EasySCP_TemplateEngine $tpl */ function add_reseller($tpl) { global $reseller_ips; $cfg = EasySCP_Registry::get('Config'); $sql = EasySCP_Registry::get('Db'); if (isset($_POST['uaction']) && $_POST['uaction'] === 'add_reseller') { if (check_user_data()) { $upass = crypt_user_pass($_POST['pass']); $user_id = $_SESSION['user_id']; $username = clean_input($_POST['username']); $fname = clean_input($_POST['fname']); $lname = clean_input($_POST['lname']); $gender = clean_input($_POST['gender']); $firm = clean_input($_POST['firm']); $zip = clean_input($_POST['zip']); $city = clean_input($_POST['city']); $state = clean_input($_POST['state']); $country = clean_input($_POST['country']); $email = clean_input($_POST['email']); $phone = clean_input($_POST['phone']); $fax = clean_input($_POST['fax']); $street1 = clean_input($_POST['street1']); $street2 = clean_input($_POST['street2']); $query = "\n\t\t\t\tINSERT INTO `admin` (\n\t\t\t\t\t`admin_name`,\n\t\t\t\t\t`admin_pass`,\n\t\t\t\t\t`admin_type`,\n\t\t\t\t\t`domain_created`,\n\t\t\t\t\t`created_by`,\n\t\t\t\t\t`fname`,\n\t\t\t\t\t`lname`,\n\t\t\t\t\t`firm`,\n\t\t\t\t\t`zip`,\n\t\t\t\t\t`city`,\n\t\t\t\t\t`state`,\n\t\t\t\t\t`country`,\n\t\t\t\t\t`email`,\n\t\t\t\t\t`phone`,\n\t\t\t\t\t`fax`,\n\t\t\t\t\t`street1`,\n\t\t\t\t\t`street2`,\n\t\t\t\t\t`gender`\n\t\t\t\t) VALUES (\n\t\t\t\t\t?,\n\t\t\t\t\t?,\n\t\t\t\t\t'reseller',\n\t\t\t\t\tunix_timestamp(),\n\t\t\t\t\t?,\n\t\t\t\t\t?,\n\t\t\t\t\t?,\n\t\t\t\t\t?,\n\t\t\t\t\t?,\n\t\t\t\t\t?,\n\t\t\t\t\t?,\n\t\t\t\t\t?,\n\t\t\t\t\t?,\n\t\t\t\t\t?,\n\t\t\t\t\t?,\n\t\t\t\t\t?,\n\t\t\t\t\t?,\n\t\t\t\t\t?\n\t\t\t\t)\n\t\t\t"; exec_query($sql, $query, array($username, $upass, $user_id, $fname, $lname, $firm, $zip, $city, $state, $country, $email, $phone, $fax, $street1, $street2, $gender)); $new_admin_id = $sql->insertId(); $user_logged = $_SESSION['user_logged']; write_log("{$user_logged}: add reseller: {$username}"); // $user_def_lang = $cfg->USER_INITIAL_LANG; $user_def_lang = ''; // $user_theme_color = $cfg->USER_INITIAL_THEME; $user_theme_color = ''; $query = "\n\t\t\t\tINSERT INTO `user_gui_props`\n\t\t\t\t\t(\n\t\t\t\t\t`user_id`,\n\t\t\t\t\t`lang`,\n\t\t\t\t\t`layout`\n\t\t\t\t\t)\n\t\t\t\tVALUES\n\t\t\t\t\t(?, ?, ?)\n\t\t\t"; exec_query($sql, $query, array($new_admin_id, $user_def_lang, $user_theme_color)); /* * 'reseller_props' table entry; */ $nreseller_max_domain_cnt = clean_input($_POST['nreseller_max_domain_cnt']); $nreseller_max_subdomain_cnt = clean_input($_POST['nreseller_max_subdomain_cnt']); $nreseller_max_alias_cnt = clean_input($_POST['nreseller_max_alias_cnt']); $nreseller_max_mail_cnt = clean_input($_POST['nreseller_max_mail_cnt']); $nreseller_max_ftp_cnt = clean_input($_POST['nreseller_max_ftp_cnt']); $nreseller_max_sql_db_cnt = clean_input($_POST['nreseller_max_sql_db_cnt']); $nreseller_max_sql_user_cnt = clean_input($_POST['nreseller_max_sql_user_cnt']); $nreseller_max_traffic = clean_input($_POST['nreseller_max_traffic']); $nreseller_max_disk = clean_input($_POST['nreseller_max_disk']); $customer_id = clean_input($_POST['customer_id']); $support_system = clean_input($_POST['support_system']); $query = "\n\t\t\t\tINSERT INTO `reseller_props` (\n\t\t\t\t\t`reseller_id`, `reseller_ips`,\n\t\t\t\t\t`max_dmn_cnt`, `current_dmn_cnt`,\n\t\t\t\t\t`max_sub_cnt`, `current_sub_cnt`,\n\t\t\t\t\t`max_als_cnt`, `current_als_cnt`,\n\t\t\t\t\t`max_mail_cnt`, `current_mail_cnt`,\n\t\t\t\t\t`max_ftp_cnt`, `current_ftp_cnt`,\n\t\t\t\t\t`max_sql_db_cnt`, `current_sql_db_cnt`,\n\t\t\t\t\t`max_sql_user_cnt`, `current_sql_user_cnt`,\n\t\t\t\t\t`max_traff_amnt`, `current_traff_amnt`,\n\t\t\t\t\t`max_disk_amnt`, `current_disk_amnt`,\n\t\t\t\t\t`support_system`, `customer_id`\n\t\t\t\t) VALUES (\n\t\t\t\t\t?, ?,\n\t\t\t\t\t?, '0',\n\t\t\t\t\t?, '0',\n\t\t\t\t\t?, '0',\n\t\t\t\t\t?, '0',\n\t\t\t\t\t?, '0',\n\t\t\t\t\t?, '0',\n\t\t\t\t\t?, '0',\n\t\t\t\t\t?, '0',\n\t\t\t\t\t?, '0',\n\t\t\t\t\t?, ?\n\t\t\t\t)\n\t\t\t\t"; exec_query($sql, $query, array($new_admin_id, $reseller_ips, $nreseller_max_domain_cnt, $nreseller_max_subdomain_cnt, $nreseller_max_alias_cnt, $nreseller_max_mail_cnt, $nreseller_max_ftp_cnt, $nreseller_max_sql_db_cnt, $nreseller_max_sql_user_cnt, $nreseller_max_traffic, $nreseller_max_disk, $support_system, $customer_id)); send_add_user_auto_msg($user_id, clean_input($_POST['username']), $_POST['pass'], clean_input($_POST['email']), clean_input($_POST['fname']), clean_input($_POST['lname']), tr('Reseller'), $gender); $_SESSION['reseller_added'] = 1; user_goto('manage_users.php'); } else { $tpl->assign(array('EMAIL' => clean_input($_POST['email'], true), 'USERNAME' => clean_input($_POST['username'], true), 'FIRST_NAME' => clean_input($_POST['fname'], true), 'CUSTOMER_ID' => clean_input($_POST['customer_id'], true), 'LAST_NAME' => clean_input($_POST['lname'], true), 'FIRM' => clean_input($_POST['firm'], true), 'ZIP' => clean_input($_POST['zip'], true), 'CITY' => clean_input($_POST['city'], true), 'STATE' => clean_input($_POST['state'], true), 'COUNTRY' => clean_input($_POST['country'], true), 'STREET_1' => clean_input($_POST['street1'], true), 'STREET_2' => clean_input($_POST['street2'], true), 'PHONE' => clean_input($_POST['phone'], true), 'FAX' => clean_input($_POST['fax'], true), 'VL_MALE' => $_POST['gender'] == 'M' ? $cfg->HTML_SELECTED : '', 'VL_FEMALE' => $_POST['gender'] == 'F' ? $cfg->HTML_SELECTED : '', 'VL_UNKNOWN' => $_POST['gender'] == 'U' || empty($_POST['gender']) ? $cfg->HTML_SELECTED : '', 'MAX_DOMAIN_COUNT' => clean_input($_POST['nreseller_max_domain_cnt'], true), 'MAX_SUBDOMAIN_COUNT' => clean_input($_POST['nreseller_max_subdomain_cnt'], true), 'MAX_ALIASES_COUNT' => clean_input($_POST['nreseller_max_alias_cnt'], true), 'MAX_MAIL_USERS_COUNT' => clean_input($_POST['nreseller_max_mail_cnt'], true), 'MAX_FTP_USERS_COUNT' => clean_input($_POST['nreseller_max_ftp_cnt'], true), 'MAX_SQLDB_COUNT' => clean_input($_POST['nreseller_max_sql_db_cnt'], true), 'MAX_SQL_USERS_COUNT' => clean_input($_POST['nreseller_max_sql_user_cnt'], true), 'MAX_TRAFFIC_AMOUNT' => clean_input($_POST['nreseller_max_traffic'], true), 'MAX_DISK_AMOUNT' => clean_input($_POST['nreseller_max_disk'], true), 'SUPPORT_SYSTEM_YES' => $_POST['support_system'] == 'yes' ? $cfg->HTML_SELECTED : '', 'SUPPORT_SYSTEM_NO' => $_POST['support_system'] == 'no' ? $cfg->HTML_SELECTED : '', 'SUPPORT_SYSTEM' => clean_input($_POST['support_system'], true))); } } else { $tpl->assign(array('EMAIL' => '', 'USERNAME' => '', 'FIRST_NAME' => '', 'CUSTOMER_ID' => '', 'LAST_NAME' => '', 'FIRM' => '', 'ZIP' => '', 'CITY' => '', 'STATE' => '', 'COUNTRY' => '', 'STREET_1' => '', 'STREET_2' => '', 'PHONE' => '', 'FAX' => '', 'VL_MALE' => '', 'VL_FEMALE' => '', 'VL_UNKNOWN' => $cfg->HTML_SELECTED, 'MAX_DOMAIN_COUNT' => '', 'MAX_SUBDOMAIN_COUNT' => '', 'MAX_ALIASES_COUNT' => '', 'MAX_MAIL_USERS_COUNT' => '', 'MAX_FTP_USERS_COUNT' => '', 'MAX_SQLDB_COUNT' => '', 'MAX_SQL_USERS_COUNT' => '', 'MAX_TRAFFIC_AMOUNT' => '', 'MAX_DISK_AMOUNT' => '', 'SUPPORT_SYSTEM_YES' => $cfg->HTML_SELECTED, 'SUPPORT_SYSTEM_NO' => '')); } }
function update_password() { $cfg = EasySCP_Registry::get('Config'); $sql = EasySCP_Registry::get('Db'); if (isset($_POST['uaction']) && $_POST['uaction'] === 'updt_pass') { if (empty($_POST['pass']) || empty($_POST['pass_rep']) || empty($_POST['curr_pass'])) { set_page_message(tr('Please fill up all data fields!'), 'warning'); } else { if (!chk_password($_POST['pass'])) { if ($cfg->PASSWD_STRONG) { set_page_message(sprintf(tr('The password must be at least %s chars long and contain letters and numbers to be valid.'), $cfg->PASSWD_CHARS), 'warning'); } else { set_page_message(sprintf(tr('Password data is shorter than %s signs or includes not permitted signs!'), $cfg->PASSWD_CHARS), 'warning'); } } else { if ($_POST['pass'] !== $_POST['pass_rep']) { set_page_message(tr('Passwords do not match!'), 'warning'); } else { if (check_udata($_SESSION['user_id'], $_POST['curr_pass']) === false) { set_page_message(tr('The current password is wrong!'), 'warning'); } else { $upass = crypt_user_pass($_POST['pass']); $_SESSION['user_pass'] = $upass; $user_id = $_SESSION['user_id']; $query = "\n\t\t\t\tUPDATE\n\t\t\t\t\t`admin`\n\t\t\t\tSET\n\t\t\t\t\t`admin_pass` = ?\n\t\t\t\tWHERE\n\t\t\t\t\t`admin_id` = ?\n\t\t\t"; exec_query($sql, $query, array($upass, $user_id)); set_page_message(tr('User password updated successfully!'), 'success'); } } } } } }
function update_password() { global $sql; if (isset($_POST['uaction']) && $_POST['uaction'] === 'updt_pass') { if (!vhcs_password_check($_POST['pass'], 20)) { set_page_message(tr('Incorrect password range or syntax!')); } else { if ($_POST['pass'] === '' || $_POST['pass_rep'] === '') { set_page_message(tr('Please fill up both data fields!')); } else { if ($_POST['pass'] !== $_POST['pass_rep']) { set_page_message(tr('Passwords does not match!')); } else { $upass = crypt_user_pass($_POST['pass']); $user_id = $_SESSION['user_id']; $query = <<<SQL_QUERY update admin set admin_pass = ? where admin_id = ? SQL_QUERY; $rs = exec_query($sql, $query, array($upass, $user_id)); set_page_message(tr('User password updated successfully!')); } } } } }
/** * @param EasySCP_TemplateEngine $tpl */ function add_user($tpl) { $cfg = EasySCP_Registry::get('Config'); $sql = EasySCP_Registry::get('Db'); if (isset($_POST['uaction']) && $_POST['uaction'] === 'add_user') { if (check_user_data()) { $upass = crypt_user_pass($_POST['pass']); $user_id = $_SESSION['user_id']; $username = clean_input($_POST['username']); $fname = clean_input($_POST['fname']); $lname = clean_input($_POST['lname']); $gender = clean_input($_POST['gender']); $firm = clean_input($_POST['firm']); $zip = clean_input($_POST['zip']); $city = clean_input($_POST['city']); $state = clean_input($_POST['state']); $country = clean_input($_POST['country']); $email = clean_input($_POST['email']); $phone = clean_input($_POST['phone']); $fax = clean_input($_POST['fax']); $street1 = clean_input($_POST['street1']); $street2 = clean_input($_POST['street2']); if (get_gender_by_code($gender, true) === null) { $gender = ''; } $query = "\n\t\t\t\tINSERT INTO `admin`\n\t\t\t\t\t(\n\t\t\t\t\t\t`admin_name`,\n\t\t\t\t\t\t`admin_pass`,\n\t\t\t\t\t\t`admin_type`,\n\t\t\t\t\t\t`domain_created`,\n\t\t\t\t\t\t`created_by`,\n\t\t\t\t\t\t`fname`,\n\t\t\t\t\t\t`lname`,\n\t\t\t\t\t\t`firm`,\n\t\t\t\t\t\t`zip`,\n\t\t\t\t\t\t`city`,\n\t\t\t\t\t\t`state`,\n\t\t\t\t\t\t`country`,\n\t\t\t\t\t\t`email`,\n\t\t\t\t\t\t`phone`,\n\t\t\t\t\t\t`fax`,\n\t\t\t\t\t\t`street1`,\n\t\t\t\t\t\t`street2`,\n\t\t\t\t\t\t`gender`\n\t\t\t\t\t) VALUES (\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t'admin',\n\t\t\t\t\t\tunix_timestamp(),\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?\n\t\t\t\t\t)\n\t\t\t"; exec_query($sql, $query, array($username, $upass, $user_id, $fname, $lname, $firm, $zip, $city, $state, $country, $email, $phone, $fax, $street1, $street2, $gender)); $new_admin_id = $sql->insertId(); $user_logged = $_SESSION['user_logged']; write_log("{$user_logged}: add admin: {$username}"); $user_def_lang = $_SESSION['user_def_lang']; $user_theme_color = $_SESSION['user_theme']; $query = "\n\t\t\t\tINSERT INTO `user_gui_props` (\n\t\t\t\t\t`user_id`,\n\t\t\t\t\t`lang`,\n\t\t\t\t\t`layout`\n\t\t\t\t) VALUES (?,?,?)\n\t\t\t"; exec_query($sql, $query, array($new_admin_id, $user_def_lang, $user_theme_color)); send_add_user_auto_msg($user_id, clean_input($_POST['username']), clean_input($_POST['pass']), clean_input($_POST['email']), clean_input($_POST['fname']), clean_input($_POST['lname']), tr('Administrator'), $gender); $_SESSION['user_added'] = 1; user_goto('manage_users.php'); } else { // check user data $tpl->assign(array('EMAIL' => clean_input($_POST['email'], true), 'USERNAME' => clean_input($_POST['username'], true), 'FIRST_NAME' => clean_input($_POST['fname'], true), 'LAST_NAME' => clean_input($_POST['lname'], true), 'FIRM' => clean_input($_POST['firm'], true), 'ZIP' => clean_input($_POST['zip'], true), 'CITY' => clean_input($_POST['city'], true), 'STATE' => clean_input($_POST['state'], true), 'COUNTRY' => clean_input($_POST['country'], true), 'STREET_1' => clean_input($_POST['street1'], true), 'STREET_2' => clean_input($_POST['street2'], true), 'PHONE' => clean_input($_POST['phone'], true), 'FAX' => clean_input($_POST['fax'], true), 'VL_MALE' => $_POST['gender'] == 'M' ? $cfg->HTML_SELECTED : '', 'VL_FEMALE' => $_POST['gender'] == 'F' ? $cfg->HTML_SELECTED : '', 'VL_UNKNOWN' => $_POST['gender'] == 'U' || empty($_POST['gender']) ? $cfg->HTML_SELECTED : '')); } } else { $tpl->assign(array('EMAIL' => '', 'USERNAME' => '', 'FIRST_NAME' => '', 'LAST_NAME' => '', 'FIRM' => '', 'ZIP' => '', 'CITY' => '', 'STATE' => '', 'COUNTRY' => '', 'STREET_1' => '', 'STREET_2' => '', 'PHONE' => '', 'FAX' => '', 'VL_MALE' => '', 'VL_FEMALE' => '', 'VL_UNKNOWN' => $cfg->HTML_SELECTED)); } // end else }
function update_data(&$sql) { global $edit_id; if (isset($_POST['uaction']) && $_POST['uaction'] === 'edit_user') { if (check_user_data()) { $user_id = $_SESSION['user_id']; $fname = $_POST['fname']; $lname = $_POST['lname']; $firm = $_POST['firm']; $zip = $_POST['zip']; $city = $_POST['city']; $country = $_POST['country']; $email = $_POST['email']; $phone = $_POST['phone']; $fax = $_POST['fax']; $street1 = $_POST['street1']; $street2 = $_POST['street2']; if ($_POST['pass'] == '') { $query = <<<SQL_QUERY update admin set fname = ?, lname = ?, firm = ?, zip = ?, city = ?, country = ?, email = ?, phone = ?, fax = ?, street1 = ?, street2 = ? where admin_id= ? SQL_QUERY; $rs = exec_query($sql, $query, array($fname, $lname, $firm, $zip, $city, $country, $email, $phone, $fax, $street1, $street2, $edit_id)); } else { $edit_id = $_POST['edit_id']; if (chk_password($_POST['pass'])) { set_page_message(tr("Incorrect password range or syntax!")); header("Location: edit_user.php?edit_id={$edit_id}"); die; } if ($_POST['pass'] != $_POST['pass_rep']) { set_page_message(tr("Entered passwords does not match!")); header("Location: edit_user.php?edit_id={$edit_id}"); die; } $upass = crypt_user_pass($_POST['pass']); $query = <<<SQL_QUERY update admin set admin_pass = ?, fname = ?, lname = ?, firm = ?, zip = ?, city = ?, country = ?, email = ?, phone = ?, fax = ?, street1 = ?, street2 = ? where admin_id = ? SQL_QUERY; $rs = exec_query($sql, $query, array($upass, $fname, $lname, $firm, $zip, $city, $country, $email, $phone, $fax, $street1, $street2, $edit_id)); } $edit_username = $_POST['edit_username']; $user_logged = $_SESSION['user_logged']; write_log("{$user_logged}: change data/password for {$edit_username}!"); $_SESSION['user_updated'] = 1; header("Location: manage_users.php"); die; } } }
/** * Save data for new user in db */ function add_user_data($reseller_id) { global $hpid, $dmn_name, $dmn_expire, $dmn_user_name, $admin_login, $user_email, $customer_id, $first_name, $last_name, $gender, $firm, $zip, $city, $state, $country, $street_one, $street_two, $phone, $fax, $inpass, $domain_ip, $dns, $backup, $countbackup; $sql = EasySCP_Registry::get('Db'); $cfg = EasySCP_Registry::get('Config'); // Let's get Desired Hosting Plan Data; $err_msg = ''; if (!empty($err_msg)) { set_page_message($err_msg, 'error'); return false; } if (isset($_SESSION["ch_hpprops"])) { $props = $_SESSION["ch_hpprops"]; unset($_SESSION["ch_hpprops"]); } else { if (isset($cfg->HOSTING_PLANS_LEVEL) && $cfg->HOSTING_PLANS_LEVEL === 'admin') { $query = 'SELECT `props` FROM `hosting_plans` WHERE `id` = ?'; $res = exec_query($sql, $query, $hpid); } else { $query = "SELECT `props` FROM `hosting_plans` WHERE `reseller_id` = ? AND `id` = ?"; $res = exec_query($sql, $query, array($reseller_id, $hpid)); } $data = $res->fetchRow(); $props = unserialize($data['props']); } $php = $props['allow_php']; $phpe = $props['allow_php_editor']; $cgi = $props['allow_cgi']; $sub = $props['subdomain_cnt']; $als = $props['alias_cnt']; $mail = $props['mail_cnt']; $ftp = $props['ftp_cnt']; $sql_db = $props['db_cnt']; $sql_user = $props['sqluser_cnt']; $traff = $props['traffic']; $disk = $props['disk']; $backup = $props['allow_backup']; $countbackup = $props['disk_countbackup']; $dns = $props['allow_dns']; $ssl = $props['allow_ssl']; $php = preg_replace("/\\_/", "", $php); $phpe = preg_replace("/\\_/", "", $phpe); $cgi = preg_replace("/\\_/", "", $cgi); $ssl = preg_replace("/\\_/", "", $ssl); $backup = preg_replace("/\\_/", "", $backup); $countbackup = preg_replace("/\\_/", "", $countbackup); $dns = preg_replace("/\\_/", "", $dns); $pure_user_pass = $inpass; $inpass = crypt_user_pass($inpass); $first_name = clean_input($first_name); $last_name = clean_input($last_name); $firm = clean_input($firm); $zip = clean_input($zip); $city = clean_input($city); $state = clean_input($state); $country = clean_input($country); $phone = clean_input($phone); $fax = clean_input($fax); $street_one = clean_input($street_one); $street_two = clean_input($street_two); $customer_id = clean_input($customer_id); if (!validates_dname(decode_idna($dmn_user_name))) { return; } $query = "\n\t\tINSERT INTO `admin` (\n\t\t\t`admin_name`, `admin_pass`, `admin_type`, `domain_created`,\n\t\t\t`created_by`, `fname`, `lname`,\n\t\t\t`firm`, `zip`, `city`, `state`,\n\t\t\t`country`, `email`, `phone`,\n\t\t\t`fax`, `street1`, `street2`,\n\t\t\t`customer_id`, `gender`\n\t\t)\n\t\tVALUES (\n\t\t\t?, ?, 'user', unix_timestamp(),\n\t\t\t?, ?, ?,\n\t\t\t?, ?, ?, ?,\n\t\t\t?, ?, ?,\n\t\t\t?, ?, ?,\n\t\t\t?, ?\n\t\t)\n\t"; exec_query($sql, $query, array($dmn_user_name, $inpass, $reseller_id, $first_name, $last_name, $firm, $zip, $city, $state, $country, $user_email, $phone, $fax, $street_one, $street_two, $customer_id, $gender)); print $sql->errorMsg(); $record_id = $sql->insertId(); $query = "\n\t\tINSERT INTO `domain` (\n\t\t\t`domain_name`, `domain_admin_id`,\n\t\t\t`domain_created_id`, `domain_created`, `domain_expires`,\n\t\t\t`domain_mailacc_limit`, `domain_ftpacc_limit`,\n\t\t\t`domain_traffic_limit`, `domain_sqld_limit`,\n\t\t\t`domain_sqlu_limit`, `status`,\n\t\t\t`domain_subd_limit`, `domain_alias_limit`,\n\t\t\t`domain_ip_id`, `domain_disk_limit`,\n\t\t\t`domain_disk_usage`, `domain_php`, `domain_php_edit`, `domain_cgi`,\n\t\t\t`allowbackup`, `domain_dns`, `domain_ssl`, `domain_disk_countbackup`\n\t\t)\n\t\tVALUES (\n\t\t\t:domain_name, :domain_admin_id,\n\t\t\t:domain_created_id, unix_timestamp(), :domain_expires,\n\t\t\t:domain_mailacc_limit, :domain_ftpacc_limit,\n\t\t\t:domain_traffic_limit, :domain_sqld_limit,\n\t\t\t:domain_sqlu_limit, :status,\n\t\t\t:domain_subd_limit, :domain_alias_limit,\n\t\t\t:domain_ip_id, :domain_disk_limit,\n\t\t\t'0', :domain_php, :domain_php_edit, :domain_cgi,\n\t\t\t:allowbackup, :domain_dns, :domain_ssl, :domain_disk_countbackup\n\t\t)\n\t"; $param = array(':domain_name' => $dmn_name, ':domain_admin_id' => $record_id, ':domain_created_id' => $reseller_id, ':domain_expires' => $dmn_expire, ':domain_mailacc_limit' => $mail, ':domain_ftpacc_limit' => $ftp, ':domain_traffic_limit' => $traff, ':domain_sqld_limit' => $sql_db, ':domain_sqlu_limit' => $sql_user, ':status' => $cfg->ITEM_ADD_STATUS, ':domain_subd_limit' => $sub, ':domain_alias_limit' => $als, ':domain_ip_id' => $domain_ip, ':domain_disk_limit' => $disk, ':domain_php' => $php, ':domain_php_edit' => $phpe, ':domain_cgi' => $cgi, ':allowbackup' => $backup, ':domain_dns' => $dns, ':domain_ssl' => $ssl, ':domain_disk_countbackup' => $countbackup); DB::prepare($query); DB::execute($param); $dmn_id = DB::getInstance()->lastInsertId(); // AddDefaultDNSEntries($dmn_id, 0, $dmn_name, $domain_ip); // TODO: Check if max user and group id is reached // update domain and gid $domain_gid = $cfg->APACHE_SUEXEC_MIN_GID + $dmn_id; $domain_uid = $cfg->APACHE_SUEXEC_MIN_UID + $dmn_id; $query = "\n\t\tUPDATE `domain`\n\t\tSET `domain_gid`=?,\n\t\t\t`domain_uid`=?\n\t\tWHERE `domain_id`=?\n\t"; exec_query($sql, $query, array($domain_gid, $domain_uid, $dmn_id)); // Add statistics group $query = "\n\t\tINSERT INTO `htaccess_users`\n\t\t\t(`dmn_id`, `uname`, `upass`, `status`)\n\t\tVALUES\n\t\t\t(?, ?, ?, ?)\n\t"; exec_query($sql, $query, array($dmn_id, $dmn_name, crypt_user_pass_with_salt($pure_user_pass), $cfg->ITEM_ADD_STATUS)); $user_id = $sql->insertId(); $query = "\n\t\tINSERT INTO `htaccess_groups`\n\t\t\t(`dmn_id`, `ugroup`, `members`, `status`)\n\t\tVALUES\n\t\t\t(?, ?, ?, ?)\n\t"; exec_query($sql, $query, array($dmn_id, $cfg->AWSTATS_GROUP_AUTH, $user_id, $cfg->ITEM_ADD_STATUS)); // Create the 3 default addresses if wanted if ($cfg->CREATE_DEFAULT_EMAIL_ADDRESSES) { client_mail_add_default_accounts($dmn_id, $user_email, $dmn_name); // 'domain', 0 } // let's send mail to user send_add_user_auto_msg($reseller_id, $dmn_user_name, $pure_user_pass, $user_email, $first_name, $last_name, tr('Domain account')); // $user_def_lang = $cfg->USER_INITIAL_LANG; $user_def_lang = ''; // $user_theme_color = $cfg->USER_INITIAL_THEME; $user_theme_color = ''; $query = "\n\t\tINSERT INTO `user_gui_props`\n\t\t\t(`user_id`, `lang`, `layout`)\n\t\tVALUES\n\t\t\t(?, ?, ?)\n\t"; exec_query($sql, $query, array($record_id, $user_def_lang, $user_theme_color)); // send request to daemon // TODO Prüfen, da es hier zu einem Fehler kommt ("Domain data has been altered. Please enter again.") send_request('110 DOMAIN domain ' . $dmn_id); send_request('130 MAIL ' . $dmn_id); $admin_login = $_SESSION['user_logged']; write_log("{$admin_login}: add user: {$dmn_user_name} (for domain {$dmn_name})"); write_log("{$admin_login}: add domain: {$dmn_name}"); update_reseller_c_props($reseller_id); if (isset($_POST['add_alias']) && $_POST['add_alias'] === 'on') { // we have to add some aliases for this looser $_SESSION['dmn_id'] = $dmn_id; $_SESSION['dmn_ip'] = $domain_ip; $_SESSION['user_add3_add_alias'] = "_yes_"; user_goto('user_add4.php?accout=' . $dmn_id); } else { // we have not to add alias $_SESSION['user_add3_added'] = "_yes_"; user_goto('users.php?psi=last'); } }
function update_reseller(&$sql) { global $edit_id, $reseller_ips; if (isset($_POST['uaction']) && $_POST['uaction'] === 'update_reseller') { $user_id = $_SESSION['user_id']; if (check_user_data()) { $fname = $_POST['fname']; $lname = $_POST['lname']; $firm = $_POST['firm']; $zip = $_POST['zip']; $city = $_POST['city']; $country = $_POST['country']; $email = $_POST['email']; $phone = $_POST['phone']; $fax = $_POST['fax']; $street1 = $_POST['street1']; $street2 = $_POST['street2']; if ($_POST['pass'] == '') { $query = <<<SQL_QUERY update admin set fname = ?, lname = ?, firm = ?, zip = ?, city = ?, country = ?, email = ?, phone = ?, fax = ?, street1 = ?, street2 = ? where admin_id = ? SQL_QUERY; $rs = exec_query($sql, $query, array($fname, $lname, $firm, $zip, $city, $country, $email, $phone, $fax, $street1, $street2, $edit_id)); } else { $upass = crypt_user_pass($_POST['pass']); $query = <<<SQL_QUERY update admin set admin_pass = ?, fname = ?, lname = ?, firm = ?, zip = ?, city = ?, country = ?, email = ?, phone = ?, fax = ?, street1 = ?, street2 = ? where admin_id = ? SQL_QUERY; $rs = exec_query($sql, $query, array($upass, $fname, $lname, $firm, $zip, $city, $country, $email, $phone, $fax, $street1, $street2, $edit_id)); } $nreseller_max_domain_cnt = $_POST['nreseller_max_domain_cnt']; $nreseller_max_subdomain_cnt = $_POST['nreseller_max_subdomain_cnt']; $nreseller_max_alias_cnt = $_POST['nreseller_max_alias_cnt']; $nreseller_max_mail_cnt = $_POST['nreseller_max_mail_cnt']; $nreseller_max_ftp_cnt = $_POST['nreseller_max_ftp_cnt']; $nreseller_max_sql_db_cnt = $_POST['nreseller_max_sql_db_cnt']; $nreseller_max_sql_user_cnt = $_POST['nreseller_max_sql_user_cnt']; $nreseller_max_traffic = $_POST['nreseller_max_traffic']; $nreseller_max_disk = $_POST['nreseller_max_disk']; $customer_id = $_POST['customer_id']; $query = <<<SQL_QUERY update reseller_props set reseller_ips = ?, max_dmn_cnt = ?, max_sub_cnt = ?, max_als_cnt = ?, max_mail_cnt = ?, max_ftp_cnt = ?, max_sql_db_cnt = ?, max_sql_user_cnt = ?, max_traff_amnt = ?, max_disk_amnt = ?, customer_id = ? where reseller_id = ? SQL_QUERY; $rs = exec_query($sql, $query, array($reseller_ips, $nreseller_max_domain_cnt, $nreseller_max_subdomain_cnt, $nreseller_max_alias_cnt, $nreseller_max_mail_cnt, $nreseller_max_ftp_cnt, $nreseller_max_sql_db_cnt, $nreseller_max_sql_user_cnt, $nreseller_max_traffic, $nreseller_max_disk, $customer_id, $edit_id)); $edit_username = $_POST['edit_username']; $user_logged = $_SESSION['user_logged']; write_log("{$user_logged}: change data/password for reseller -> {$edit_username}!"); $_SESSION['user_updated'] = 1; $_SESSION['reseller_ips'] = $reseller_ips; header("Location: manage_users.php"); die; } else { } } }
function add_reseller(&$tpl, &$sql) { global $reseller_ips; if (isset($_POST['uaction']) && $_POST['uaction'] === 'add_reseller') { if (check_user_data()) { $upass = crypt_user_pass($_POST['pass']); $user_id = $_SESSION['user_id']; $username = $_POST['username']; $fname = htmlspecialchars($_POST['fname'], ENT_QUOTES, "UTF-8"); $lname = htmlspecialchars($_POST['lname'], ENT_QUOTES, "UTF-8"); $firm = htmlspecialchars($_POST['firm'], ENT_QUOTES, "UTF-8"); $zip = htmlspecialchars($_POST['zip'], ENT_QUOTES, "UTF-8"); $city = htmlspecialchars($_POST['city'], ENT_QUOTES, "UTF-8"); $country = htmlspecialchars($_POST['country'], ENT_QUOTES, "UTF-8"); $email = htmlspecialchars($_POST['email'], ENT_QUOTES, "UTF-8"); $phone = htmlspecialchars($_POST['phone'], ENT_QUOTES, "UTF-8"); $fax = htmlspecialchars($_POST['fax'], ENT_QUOTES, "UTF-8"); $street1 = htmlspecialchars($_POST['street1'], ENT_QUOTES, "UTF-8"); $street2 = htmlspecialchars($_POST['street2'], ENT_QUOTES, "UTF-8"); $query = <<<SQL_QUERY insert into admin ( admin_name, admin_pass, admin_type, domain_created, created_by, fname, lname, firm, zip, city, country, email, phone, fax, street1, street2 ) values ( ?, ?, 'reseller', unix_timestamp(), ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ? ) SQL_QUERY; $rs = exec_query($sql, $query, array($username, $upass, $user_id, $fname, $lname, $firm, $zip, $city, $country, $email, $phone, $fax, $street1, $street2)); $new_admin_id = $sql->Insert_ID(); insert_email_tpl($sql, $new_admin_id); $user_logged = $_SESSION['user_logged']; write_log("{$user_logged} : add reseller -> {$username}"); $user_def_lang = $_SESSION['user_def_lang']; $user_theme_color = $_SESSION['user_theme_color']; $user_logo = 0; $query = <<<SQL_QUERY insert into user_gui_props ( user_id, lang, layout, logo ) values ( ?, ?, ?, ? ) SQL_QUERY; $rs = exec_query($sql, $query, array($new_admin_id, $user_def_lang, $user_theme_color, $user_logo)); /* * 'reseller_props' table entry; */ $nreseller_max_domain_cnt = $_POST['nreseller_max_domain_cnt']; $nreseller_max_subdomain_cnt = $_POST['nreseller_max_subdomain_cnt']; $nreseller_max_alias_cnt = $_POST['nreseller_max_alias_cnt']; $nreseller_max_mail_cnt = $_POST['nreseller_max_mail_cnt']; $nreseller_max_ftp_cnt = $_POST['nreseller_max_ftp_cnt']; $nreseller_max_sql_db_cnt = $_POST['nreseller_max_sql_db_cnt']; $nreseller_max_sql_user_cnt = $_POST['nreseller_max_sql_user_cnt']; $nreseller_max_traffic = $_POST['nreseller_max_traffic']; $nreseller_max_disk = $_POST['nreseller_max_disk']; $customer_id = $_POST['customer_id']; $query = <<<SQL_QUERY insert into reseller_props ( reseller_id, reseller_ips, max_dmn_cnt, current_dmn_cnt, max_sub_cnt, current_sub_cnt, max_als_cnt, current_als_cnt, max_mail_cnt, current_mail_cnt, max_ftp_cnt, current_ftp_cnt, max_sql_db_cnt, current_sql_db_cnt, max_sql_user_cnt, current_sql_user_cnt, max_traff_amnt, current_traff_amnt, max_disk_amnt, current_disk_amnt, customer_id ) values ( ?, ?, ?, '0', ?, '0', ?, '0', ?, '0', ?, '0', ?, '0', ?, '0', ?, '0', ?, '0', ? ) SQL_QUERY; $rs = exec_query($sql, $query, array($new_admin_id, $reseller_ips, $nreseller_max_domain_cnt, $nreseller_max_subdomain_cnt, $nreseller_max_alias_cnt, $nreseller_max_mail_cnt, $nreseller_max_ftp_cnt, $nreseller_max_sql_db_cnt, $nreseller_max_sql_user_cnt, $nreseller_max_traffic, $nreseller_max_disk, $customer_id)); send_add_user_auto_msg($user_id, $_POST['username'], $_POST['pass'], $_POST['email'], htmlspecialchars($_POST['fname'], ENT_QUOTES, "UTF-8"), htmlspecialchars($_POST['lname'], ENT_QUOTES, "UTF-8"), tr('Reseller')); $_SESSION['reseller_added'] = 1; header("Location: manage_users.php"); die; } else { $tpl->assign(array('EMAIL' => $_POST['email'], 'USERNAME' => $_POST['username'], 'FIRST_NAME' => $_POST['fname'], 'CUSTOMER_ID' => $_POST['customer_id'], 'LAST_NAME' => $_POST['lname'], 'FIRM' => $_POST['firm'], 'ZIP' => $_POST['zip'], 'CITY' => $_POST['city'], 'COUNTRY' => $_POST['country'], 'STREET_1' => $_POST['street1'], 'STREET_2' => $_POST['street2'], 'PHONE' => $_POST['phone'], 'FAX' => $_POST['fax'], 'MAX_DOMAIN_COUNT' => $_POST['nreseller_max_domain_cnt'], 'MAX_SUBDOMAIN_COUNT' => $_POST['nreseller_max_subdomain_cnt'], 'MAX_ALIASES_COUNT' => $_POST['nreseller_max_alias_cnt'], 'MAX_MAIL_USERS_COUNT' => $_POST['nreseller_max_mail_cnt'], 'MAX_FTP_USERS_COUNT' => $_POST['nreseller_max_ftp_cnt'], 'MAX_SQLDB_COUNT' => $_POST['nreseller_max_sql_db_cnt'], 'MAX_SQL_USERS_COUNT' => $_POST['nreseller_max_sql_user_cnt'], 'MAX_TRAFFIC_AMOUNT' => $_POST['nreseller_max_traffic'], 'MAX_DISK_AMOUNT' => $_POST['nreseller_max_disk'])); } } else { $tpl->assign(array('EMAIL' => '', 'USERNAME' => '', 'FIRST_NAME' => '', 'CUSTOMER_ID' => '', 'LAST_NAME' => '', 'FIRM' => '', 'ZIP' => '', 'CITY' => '', 'COUNTRY' => '', 'STREET_1' => '', 'STREET_2' => '', 'PHONE' => '', 'FAX' => '', 'MAX_DOMAIN_COUNT' => '', 'MAX_SUBDOMAIN_COUNT' => '', 'MAX_ALIASES_COUNT' => '', 'MAX_MAIL_USERS_COUNT' => '', 'MAX_FTP_USERS_COUNT' => '', 'MAX_SQLDB_COUNT' => '', 'MAX_SQL_USERS_COUNT' => '', 'MAX_TRAFFIC_AMOUNT' => '', 'MAX_DISK_AMOUNT' => '')); } }
function add_user(&$tpl, &$sql) { if (isset($_POST['uaction']) && $_POST['uaction'] === 'add_user') { if (check_user_data()) { $upass = crypt_user_pass($_POST['pass']); $user_id = $_SESSION['user_id']; $username = $_POST['username']; $fname = htmlspecialchars($_POST['fname'], ENT_QUOTES, "UTF-8"); $lname = htmlspecialchars($_POST['lname'], ENT_QUOTES, "UTF-8"); $firm = htmlspecialchars($_POST['firm'], ENT_QUOTES, "UTF-8"); $zip = htmlspecialchars($_POST['zip'], ENT_QUOTES, "UTF-8"); $city = htmlspecialchars($_POST['city'], ENT_QUOTES, "UTF-8"); $country = htmlspecialchars($_POST['country'], ENT_QUOTES, "UTF-8"); $email = htmlspecialchars($_POST['email'], ENT_QUOTES, "UTF-8"); $phone = htmlspecialchars($_POST['phone'], ENT_QUOTES, "UTF-8"); $fax = htmlspecialchars($_POST['fax'], ENT_QUOTES, "UTF-8"); $street1 = htmlspecialchars($_POST['street1'], ENT_QUOTES, "UTF-8"); $street2 = htmlspecialchars($_POST['street2'], ENT_QUOTES, "UTF-8"); $query = <<<SQL_QUERY insert into admin ( admin_name, admin_pass, admin_type, domain_created, created_by, fname, lname, firm, zip, city, country, email, phone, fax, street1, street2 ) values ( ?, ?, 'admin', unix_timestamp(), ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ? ) SQL_QUERY; $rs = exec_query($sql, $query, array($username, $upass, $user_id, $fname, $lname, $firm, $zip, $city, $country, $email, $phone, $fax, $street1, $street2)); $new_admin_id = $sql->Insert_ID(); $user_logged = $_SESSION['user_logged']; write_log("{$user_logged} : add admin -> {$username}"); insert_email_tpl($sql, $new_admin_id); $user_def_lang = $_SESSION['user_def_lang']; $user_theme_color = $_SESSION['user_theme_color']; $user_logo = 0; $query = <<<SQL_QUERY insert into user_gui_props ( user_id, lang, layout, logo ) values ( ?,?,?,? ) SQL_QUERY; $rs = exec_query($sql, $query, array($new_admin_id, $user_def_lang, $user_theme_color, $user_logo)); send_add_user_auto_msg($user_id, $_POST['username'], $_POST['pass'], $_POST['email'], $_POST['fname'], $_POST['lname'], tr('Administrator')); $_SESSION['user_added'] = 1; header("Location: manage_users.php"); die; } else { $tpl->assign(array('EMAIL' => $_POST['email'], 'USERNAME' => $_POST['username'], 'FIRST_NAME' => $_POST['fname'], 'LAST_NAME' => $_POST['lname'], 'FIRM' => $_POST['firm'], 'ZIP' => $_POST['zip'], 'CITY' => $_POST['city'], 'COUNTRY' => $_POST['country'], 'STREET_1' => $_POST['street1'], 'STREET_2' => $_POST['street2'], 'PHONE' => $_POST['phone'], 'FAX' => $_POST['fax'])); } } else { $tpl->assign(array('EMAIL' => '', 'USERNAME' => '', 'FIRST_NAME' => '', 'LAST_NAME' => '', 'FIRM' => '', 'ZIP' => '', 'CITY' => '', 'COUNTRY' => '', 'STREET_1' => '', 'STREET_2' => '', 'PHONE' => '', 'FAX' => '')); } // else }
/** * Function to update changes into db */ function update_data_in_db($hpid) { global $dmn_user_name, $user_email, $customer_id, $first_name, $last_name, $firm, $zip, $gender, $city, $state, $country, $street_one, $street_two, $phone, $fax, $inpass, $admin_login; $sql = EasySCP_Registry::get('Db'); $cfg = EasySCP_Registry::get('Config'); $reseller_id = $_SESSION['user_id']; $first_name = clean_input($first_name); $last_name = clean_input($last_name); $firm = clean_input($firm); $gender = clean_input($gender); $zip = clean_input($zip); $city = clean_input($city); $state = clean_input($state); $country = clean_input($country); $phone = clean_input($phone); $fax = clean_input($fax); $street_one = clean_input($street_one); $street_two = clean_input($street_two); if (empty($inpass)) { // Save without password $query = "\n\t\t\tUPDATE\n\t\t\t\t`admin`\n\t\t\tSET\n\t\t\t\t`fname` = ?,\n\t\t\t\t`lname` = ?,\n\t\t\t\t`firm` = ?,\n\t\t\t\t`zip` = ?,\n\t\t\t\t`city` = ?,\n\t\t\t\t`state` = ?,\n\t\t\t\t`country` = ?,\n\t\t\t\t`email` = ?,\n\t\t\t\t`phone` = ?,\n\t\t\t\t`fax` = ?,\n\t\t\t\t`street1` = ?,\n\t\t\t\t`street2` = ?,\n\t\t\t\t`gender` = ?,\n\t\t\t\t`customer_id` = ?\n\t\t\tWHERE\n\t\t\t\t`admin_id` = ?\n\t\t\tAND\n\t\t\t\t`created_by` = ?\n\t\t"; exec_query($sql, $query, array($first_name, $last_name, $firm, $zip, $city, $state, $country, $user_email, $phone, $fax, $street_one, $street_two, $gender, $customer_id, $hpid, $reseller_id)); } else { // Change password if (!chk_password($_POST['userpassword'])) { if (isset($cfg->PASSWD_STRONG)) { set_page_message(sprintf(tr('The password must be at least %s chars long and contain letters and numbers to be valid.'), $cfg->PASSWD_CHARS), 'warning'); } else { set_page_message(sprintf(tr('Password data is shorter than %s signs or includes not permitted signs!'), $cfg->PASSWD_CHARS), 'warning'); } user_goto('user_edit.php?edit_id=' . $hpid); } if ($_POST['userpassword'] != $_POST['userpassword_repeat']) { set_page_message(tr('Entered passwords do not match!'), 'warning'); user_goto('user_edit.php?edit_id=' . $hpid); } $pure_user_pass = $inpass; $inpass = crypt_user_pass($inpass); $query = "\n\t\t\tUPDATE\n\t\t\t\t`admin`\n\t\t\tSET\n\t\t\t\t`admin_pass` = ?,\n\t\t\t\t`fname` = ?,\n\t\t\t\t`lname` = ?,\n\t\t\t\t`firm` = ?,\n\t\t\t\t`zip` = ?,\n\t\t\t\t`city` = ?,\n\t\t\t\t`state` = ?,\n\t\t\t\t`country` = ?,\n\t\t\t\t`email` = ?,\n\t\t\t\t`phone` = ?,\n\t\t\t\t`fax` = ?,\n\t\t\t\t`street1` = ?,\n\t\t\t\t`street2` = ?,\n\t\t\t\t`gender` = ?,\n\t\t\t\t`customer_id` = ?\n\t\t\tWHERE\n\t\t\t\t`admin_id` = ?\n\t\t\tAND\n\t\t\t\t`created_by` = ?\n\t\t"; exec_query($sql, $query, array($inpass, $first_name, $last_name, $firm, $zip, $city, $state, $country, $user_email, $phone, $fax, $street_one, $street_two, $gender, $customer_id, $hpid, $reseller_id)); // Kill any existing session of the edited user $admin_name = get_user_name($hpid); $query = "\n\t\t\tDELETE FROM\n\t\t\t\t`login`\n\t\t\tWHERE\n\t\t\t\t`user_name` = ?\n\t\t"; $rs = exec_query($sql, $query, $admin_name); if ($rs->recordCount() != 0) { set_page_message(tr('User session was killed!'), 'info'); write_log($_SESSION['user_logged'] . " killed " . $admin_name . "'s session because of password change"); } } $admin_login = $_SESSION['user_logged']; write_log("{$admin_login} changes data/password for {$dmn_user_name}!"); if (isset($_POST['send_data']) && !empty($inpass)) { send_add_user_auto_msg($reseller_id, $dmn_user_name, $pure_user_pass, $user_email, $first_name, $last_name, tr('Domain account')); } unset($_SESSION['edit_ID']); unset($_SESSION['user_name']); $_SESSION['edit'] = "_yes_"; user_goto('users.php?psi=last'); }
/** * Update the reseller additional data and properties * * @return void */ function update_reseller() { // Get needed data $rdata =& get_data(); // Get database instance $sql = EasySCP_Registry::get('Db'); /** * Update reseller additional data */ $query = "\n\t\tUPDATE\n\t\t\t`admin`\n\t\tSET\n\t\t\t`fname` = ?, `lname` = ?, `firm` = ?, `zip` = ?,\n\t\t\t`city` = ?, `state` = ?, `country` = ?, `email` = ?,\n\t\t\t`phone` = ?, `fax` = ?, `street1` = ?, `street2` = ?,\n\t\t\t`gender` = ?\n\t\tWHERE\n\t\t\t`admin_id` = ?\n\t\t"; $qparams = array($rdata['fname'], $rdata['lname'], $rdata['firm'], $rdata['zip'], $rdata['city'], $rdata['state'], $rdata['country'], $rdata['email'], $rdata['phone'], $rdata['fax'], $rdata['street1'], $rdata['street2'], $rdata['gender'], $rdata['edit_id']); if (!empty($_POST['pass0'])) { $query = str_replace('`fname`', '`admin_pass` = ?, `fname`', $query); array_unshift($qparams, crypt_user_pass($_POST['pass0'])); } exec_query($sql, $query, $qparams); /** * Update reseller properties */ $query = "\n\t\tUPDATE\n\t\t\t`reseller_props`\n\t\tSET\n\t\t\t`reseller_ips` = ?, `max_dmn_cnt` = ?, `max_sub_cnt` = ?,\n\t\t\t`max_als_cnt` = ?, `max_mail_cnt` = ?, `max_ftp_cnt` = ?,\n\t\t\t`max_sql_db_cnt` = ?, `max_sql_user_cnt` = ?, `max_traff_amnt` = ?,\n\t\t\t`max_disk_amnt` = ?, `support_system` = ?, `customer_id` = ?\n\t\tWHERE\n\t\t\t`reseller_id` = ?\n\t"; exec_query($sql, $query, array($rdata['reseller_ips'], $rdata['max_dmn_cnt'], $rdata['max_sub_cnt'], $rdata['max_als_cnt'], $rdata['max_mail_cnt'], $rdata['max_ftp_cnt'], $rdata['max_sql_db_cnt'], $rdata['max_sql_user_cnt'], $rdata['max_traff_amnt'], $rdata['max_disk_amnt'], $rdata['support_system'], $rdata['customer_id'], $rdata['edit_id'])); }
/* verify email */ if (!checkEmail($modData['email'])) { $error = _('Email not valid!'); } /* verify password if changed (not empty) */ if (strlen($modData['password1']) != 0) { if (strlen($_POST['password1']) < 8 && !empty($_POST['password1'])) { $error = _('Password must be at least 8 characters long!'); } else { if ($modData['password1'] != $modData['password2']) { $error = _('Passwords do not match!'); } } /* Crypt passwords */ $modData['password1'] = crypt_user_pass($modData['password1']); $modData['password2'] = crypt_user_pass($modData['password2']); } /* Print errors if present and die, else update */ if ($error) { die('<div class="alert alert-danger alert-absolute">' . _('Please fix the following error') . ': <strong>' . $error . '<strong></div>'); } else { if (!selfUpdateUser($modData)) { die('<div class="alert alert-danger alert-absolute">' . _('Error updating') . '!</div>'); } else { print '<div class="alert alert-success alert-absolute">' . _('Account updated successfully') . '!</div>'; } # check if language has changed if ($user_old['lang'] != $modData['lang']) { print '<div class="alert alert-info alert-absolute" style="margin-top:50px;">' . _("To apply language change please log in again") . '!</div>'; } }
$props = $data['props']; $_SESSION["ch_hpprops"] = $props; reseller_limits_check($sql, $err_msg, $reseller_id, $hpid); if ($err_msg != '_off_') { set_page_message($err_msg); unset($_SESSION['domain_ip']); header('Location: orders.php'); die; } unset($_SESSION["ch_hpprops"]); list($php, $cgi, $sub, $als, $mail, $ftp, $sql_db, $sql_user, $traff, $disk) = explode(";", $props); $php = preg_replace("/\\_/", "", $php); $cgi = preg_replace("/\\_/", "", $cgi); $timestamp = time(); $pure_user_pass = substr($timestamp, 0, 6); $inpass = crypt_user_pass($pure_user_pass); if (!vhcs_domain_check($dmn_user_name)) { set_page_message(tr('Wrong domain name syntax!')); unset($_SESSION['domain_ip']); header('Location: orders.php'); die; } if (vhcs_domain_exists($dmn_name, $_SESSION['user_id'])) { set_page_message(tr('Domain with that name already exists on the system!')); unset($_SESSION['domain_ip']); header('Location: orders.php'); die; } check_for_lock_file(); $query = <<<VHCS_SQL_QUERY insert into admin
function update_data($sql) { global $edit_id; $cfg = EasySCP_Registry::get('Config'); if (isset($_POST['Submit']) && isset($_POST['uaction']) && $_POST['uaction'] === 'edit_user') { if (check_user_data()) { $user_id = $_SESSION['user_id']; $fname = clean_input($_POST['fname']); $lname = clean_input($_POST['lname']); $firm = clean_input($_POST['firm']); $gender = clean_input($_POST['gender']); $zip = clean_input($_POST['zip']); $city = clean_input($_POST['city']); $state = clean_input($_POST['state']); $country = clean_input($_POST['country']); $email = clean_input($_POST['email']); $phone = clean_input($_POST['phone']); $fax = clean_input($_POST['fax']); $street1 = clean_input($_POST['street1']); $street2 = clean_input($_POST['street2']); if (empty($_POST['pass'])) { $query = "\n\t\t\t\t\tUPDATE\n\t\t\t\t\t\t`admin`\n\t\t\t\t\tSET\n\t\t\t\t\t\t`fname` = ?,\n\t\t\t\t\t\t`lname` = ?,\n\t\t\t\t\t\t`firm` = ?,\n\t\t\t\t\t\t`zip` = ?,\n\t\t\t\t\t\t`city` = ?,\n\t\t\t\t\t\t`state` = ?,\n\t\t\t\t\t\t`country` = ?,\n\t\t\t\t\t\t`email` = ?,\n\t\t\t\t\t\t`phone` = ?,\n\t\t\t\t\t\t`fax` = ?,\n\t\t\t\t\t\t`street1` = ?,\n\t\t\t\t\t\t`street2` = ?,\n\t\t\t\t\t\t`gender` = ?\n\t\t\t\t\tWHERE\n\t\t\t\t\t\t`admin_id` = ?\n\t\t\t\t"; exec_query($sql, $query, array($fname, $lname, $firm, $zip, $city, $state, $country, $email, $phone, $fax, $street1, $street2, $gender, $edit_id)); } else { $edit_id = $_POST['edit_id']; if ($_POST['pass'] != $_POST['pass_rep']) { set_page_message(tr("Entered passwords do not match!"), 'warning'); user_goto('admin_edit.php?edit_id=' . $edit_id); } if (!chk_password($_POST['pass'])) { if ($cfg->PASSWD_STRONG) { set_page_message(sprintf(tr('The password must be at least %s chars long and contain letters and numbers to be valid.'), $cfg->PASSWD_CHARS), 'warning'); } else { set_page_message(sprintf(tr('Password data is shorter than %s signs or includes not permitted signs!'), $cfg->PASSWD_CHARS), 'warning'); } user_goto('admin_edit.php?edit_id=' . $edit_id); } $upass = crypt_user_pass($_POST['pass']); $query = "\n\t\t\t\t\tUPDATE\n\t\t\t\t\t\t`admin`\n\t\t\t\t\tSET\n\t\t\t\t\t\t`admin_pass` = ?,\n\t\t\t\t\t\t`fname` = ?,\n\t\t\t\t\t\t`lname` = ?,\n\t\t\t\t\t\t`firm` = ?,\n\t\t\t\t\t\t`zip` = ?,\n\t\t\t\t\t\t`city` = ?,\n\t\t\t\t\t\t`state` = ?,\n\t\t\t\t\t\t`country` = ?,\n\t\t\t\t\t\t`email` = ?,\n\t\t\t\t\t\t`phone` = ?,\n\t\t\t\t\t\t`fax` = ?,\n\t\t\t\t\t\t`street1` = ?,\n\t\t\t\t\t\t`street2` = ?,\n\t\t\t\t\t\t`gender` = ?\n\t\t\t\t\tWHERE\n\t\t\t\t\t\t`admin_id` = ?\n\t\t\t\t"; exec_query($sql, $query, array($upass, $fname, $lname, $firm, $zip, $city, $state, $country, $email, $phone, $fax, $street1, $street2, $gender, $edit_id)); // Kill any existing session of the edited user $admin_name = get_user_name($edit_id); $query = "\n\t\t\t\t\tDELETE FROM\n\t\t\t\t\t\t`login`\n\t\t\t\t\tWHERE\n\t\t\t\t\t\t`user_name` = ?\n\t\t\t\t"; $rs = exec_query($sql, $query, $admin_name); if ($rs->recordCount() != 0) { set_page_message(tr('User session was killed!'), 'info'); write_log($_SESSION['user_logged'] . " killed " . $admin_name . "'s session because of password change"); } } $edit_username = clean_input($_POST['edit_username']); $user_logged = $_SESSION['user_logged']; write_log("{$user_logged}: changes data/password for {$edit_username}!"); if (isset($_POST['send_data']) && !empty($_POST['pass'])) { $query = "SELECT admin_type FROM admin WHERE admin_id='" . addslashes(htmlspecialchars($edit_id)) . "'"; $res = exec_query($sql, $query); if ($res->fields['admin_type'] == 'admin') { $admin_type = tr('Administrator'); } else { if ($res->fields['admin_type'] == 'reseller') { $admin_type = tr('Reseller'); } else { $admin_type = tr('Domain account'); } } send_add_user_auto_msg($user_id, $edit_username, clean_input($_POST['pass']), clean_input($_POST['email']), clean_input($_POST['fname']), clean_input($_POST['lname']), tr($admin_type), $gender); } $_SESSION['user_updated'] = 1; user_goto('manage_users.php'); } } }
/** * update users pass from md5 to crypt */ function update_user_pass_to_crypt($username, $rawpassword) { global $db; $database = new database($db['host'], $db['user'], $db['pass'], $db['name']); # crypt pass $password = crypt_user_pass($rawpassword); $password = $database->real_escape_string($password); # set check query and get result $query = "update `users` set `password`='{$password}' where `username` = '{$username}';"; # execute try { $database->executeQuery($query); } catch (Exception $e) { print "<div class='alert alert-danger'>" . $e->getMessage() . "</div>"; return false; } return true; }
function add_user_data($reseller_id) { global $sql, $cfg; global $dmn_name, $hpid, $dmn_user_name; global $user_email, $customer_id, $first_name; global $last_name, $firm, $zip; global $city, $country, $street_one; global $street_two, $mail, $phone; global $fax, $inpass, $domain_ip; global $admin_login; // Let's get Desired Hosting Plan Data; // $err_msg = '_off_'; reseller_limits_check($sql, $err_msg, $reseller_id, $hpid); if ($err_msg != '_off_') { set_page_message($err_msg); return; } if (isset($_SESSION["ch_hpprops"])) { $props = $_SESSION["ch_hpprops"]; unset($_SESSION["ch_hpprops"]); } else { $query = "select props from hosting_plans where reseller_id = ? and id = ?"; $res = exec_query($sql, $query, array($reseller_id, $hpid)); $data = $res->FetchRow(); $props = $data['props']; } list($php, $cgi, $sub, $als, $mail, $ftp, $sql_db, $sql_user, $traff, $disk) = explode(";", $props); $php = preg_replace("/\\_/", "", $php); $cgi = preg_replace("/\\_/", "", $cgi); $pure_user_pass = $inpass; $inpass = crypt_user_pass($inpass); // $first_name = escape_user_data($first_name); // $last_name = escape_user_data($last_name); // $firm = escape_user_data($firm); // $zip = escape_user_data($zip); // $city = escape_user_data($city); // $country = escape_user_data($country); // $phone = escape_user_data($phone); // $fax = escape_user_data($fax); // $street_one = escape_user_data($street_one); // $street_two = escape_user_data($street_two); // $customer_id = escape_user_data($customer_id); if (!vhcs_domain_check($dmn_user_name)) { //set_page_message = tr("Wrong domain name syntax!"); return; } check_for_lock_file(); $query = <<<VHCS_SQL_QUERY insert into admin ( admin_name, admin_pass, admin_type, domain_created, created_by, fname, lname, firm, zip, city, country, email, phone, fax, street1, street2, customer_id ) values ( ?, ?, 'user', unix_timestamp(), ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ? ) VHCS_SQL_QUERY; $res = exec_query($sql, $query, array($dmn_user_name, $inpass, $reseller_id, $first_name, $last_name, $firm, $zip, $city, $country, $user_email, $phone, $fax, $street_one, $street_two, $customer_id)); print $sql->ErrorMsg(); $record_id = $sql->Insert_ID(); $query = <<<VHCS_SQL_QUERY insert into domain ( domain_name, domain_admin_id, domain_created_id, domain_created, domain_mailacc_limit, domain_ftpacc_limit, domain_traffic_limit, domain_sqld_limit, domain_sqlu_limit, domain_status, domain_subd_limit, domain_alias_limit, domain_ip_id, domain_disk_limit, domain_disk_usage, domain_php, domain_cgi ) values ( ?, ?, ?, unix_timestamp(), ?, ?, ?, ?, ?, 'toadd', ?, ?, ?, ?, '0', ?, ? ) VHCS_SQL_QUERY; $res = exec_query($sql, $query, array($dmn_name, $record_id, $reseller_id, $mail, $ftp, $traff, $sql_db, $sql_user, $sub, $als, $domain_ip, $disk, $php, $cgi)); $dmn_id = $sql->Insert_ID(); // vhcs 2.5 feature //add_domain_extras($dmn_id, $record_id, $sql); // lets send mail to user send_add_user_auto_msg($reseller_id, $dmn_user_name, $pure_user_pass, $user_email, $first_name, $last_name, tr('Domain account')); // send query to the vhcs2 daemon // add user into user_gui_props => domain looser needs language and skin too :-) $user_def_lang = $_SESSION['user_def_lang']; $user_theme_color = $_SESSION['user_theme_color']; $query = <<<SQL_QUERY insert into user_gui_props (user_id, lang, layout) values (?, ?, ?) SQL_QUERY; $res = exec_query($sql, $query, array($record_id, $user_def_lang, $user_theme_color)); send_request(); $admin_login = $_SESSION['user_logged']; write_log("{$admin_login}: add user -> {$dmn_user_name} (for domain {$dmn_name})"); write_log("{$admin_login}: add domain -> {$dmn_name}"); au_update_reseller_props($reseller_id, $props); if (isset($_POST['add_alias']) && $_POST['add_alias'] === 'on') { //we have to add some aliases for this looser $_SESSION['dmn_id'] = $dmn_id; $_SESSION['dmn_ip'] = $domain_ip; header("Location: rau4.php?accout={$dmn_id}"); die; } else { //we have not to add alias $_SESSION['rau3_added'] = "_yes_"; header("Location: users.php"); die; } }
function sendpw($uniqkey) { global $sql; $query = <<<SQL_QUERY select admin_name, created_by, fname, lname, email from admin where uniqkey = ? SQL_QUERY; $res = exec_query($sql, $query, array($uniqkey)); if ($res->RecordCount() == 1) { $admin_name = $res->fields['admin_name']; $created_by = $res->fields['created_by']; $admin_fname = $res->fields['fname']; $admin_lname = $res->fields['lname']; $to = $res->fields['email']; $upass = passgen(); $query = <<<SQL_QUERY update admin set admin_pass = ? where uniqkey = ? SQL_QUERY; $rs = exec_query($sql, $query, array(crypt_user_pass($upass), $uniqkey)); write_log("Lostpassword: "******" : password updated"); $query = <<<SQL_QUERY update admin set uniqkey = ? where uniqkey = ? SQL_QUERY; $rs = exec_query($sql, $query, array('', $uniqkey)); $query = <<<SQL_QUERY \t select \t admin_id, fname, lname, email \t from \t admin \twhere \t admin_id = ? SQL_QUERY; if ($created_by == 0) { $created_by = 1; } $res = exec_query($sql, $query, array($created_by)); $admin_id = $res->fields['admin_id']; $from_fname = $res->fields['fname']; $from_lname = $res->fields['lname']; $from_email = $res->fields['email']; if ($from_fname && $from_lname) { $from = "{$from_fname} {$from_lname} <{$from_email}>"; } else { $from = $from_email; } $query = <<<SQL_QUERY select subject, message from email_tpls where owner_id = ? and name = 'lostpw-msg-2' SQL_QUERY; $res = exec_query($sql, $query, array($admin_id)); $subject = $res->fields['subject']; $message = $res->fields['message']; if ($res->RecordCount() == 0) { $subject = "Auto message allert for lostpw ! {USERNAME}"; $message = <<<MSG Hello {NAME} ! Your VHCS login is: {USERNAME} Your VHCS password is: {PASSWORD} Good Luck with VHCS Pro System Hosting Provider Team MSG; } $subject = preg_replace("/\\{USERNAME\\}/", $admin_name, $subject); $message = preg_replace("/\\{USERNAME\\}/", $admin_name, $message); $message = preg_replace("/\\{NAME\\}/", $admin_fname . " " . $admin_lname, $message); $message = preg_replace("/\\{PASSWORD\\}/", $upass, $message); $message = str_replace(chr(10), "", $message); $headers = "From: {$from}\r\n"; $headers .= "Content-Type: text/plain\nContent-Transfer-Encoding: 7bit\n"; $headers .= "X-Mailer: VHCS Pro lostpassword mailer"; $mail_result = mail($to, $subject, $message, $headers); $mail_status = $mail_result ? 'OK' : 'NOT OK'; $log_message = "Lostpassword aktivated: To: |{$to}|, From: |{$from}|, Status: |{$mail_status}| !"; write_log($log_message); return true; } return false; }
/** * Post-installation submit */ require '../../functions/functions.php'; /* sanitize */ $_POST = filter_user_input($_POST, true, true, false); /* only permit if Admin user has default pass !!! */ $admin = getUserDetailsByName("Admin"); if ($admin['password'] != '$6$rounds=3000$JQEE6dL9NpvjeFs4$RK5X3oa28.Uzt/h5VAfdrsvlVe.7HgQUYKMXTJUsud8dmWfPzZQPbRbk8xJn1Kyyt4.dWm4nJIYhAV2mbOZ3g.') { die("<div class='alert alert-danger'>Not allowed !</div>"); } else { /* check lenghts */ if (strlen($_POST['password1']) < 8) { die("<div class='alert alert-danger'>" . _("Invalid password") . "</div>"); } if (strlen($_POST['password2']) < 8) { die("<div class='alert alert-danger'>" . _("Invalid password") . "</div>"); } /* check match */ if ($_POST['password1'] != $_POST['password2']) { die("<div class='alert alert-danger'>" . _("Passwords do not match") . "</div>"); } /* Crypt password */ $_POST['password1'] = crypt_user_pass($_POST['password1']); /* all good, update password! */ if (!postauth_update($_POST['password1'], $_POST['siteTitle'], $_POST['siteURL'])) { } else { print "<div class='alert alert-success'>Settings updated, installation complete!<hr><a class='btn btn-sm btn-default' href='" . create_link("login") . "'>Proceed to login</a>"; } }
if ($_POST['action'] == "edit" || $_POST['action'] == "delete") { if (!is_numeric($_POST['userId'])) { die('<div class="alert alert-danger">' . _("Invalid ID") . '</div>'); } } /** * First get posted variables */ $userModDetails = $_POST; $userModDetails['plainpass'] = $userModDetails['password1']; /** * Hash passwords if changed */ if (strlen($userModDetails['password1']) != 0) { $userModDetails['password1'] = crypt_user_pass($userModDetails['password1']); $userModDetails['password2'] = crypt_user_pass($userModDetails['password2']); # for length check $userModDetails['password1orig'] = $_POST['password1']; $userModDetails['password2orig'] = $_POST['password2']; } /** * Based on action verify the input */ if ($userModDetails['action'] == "add") { $errors = verifyUserModInput($userModDetails); } else { if ($userModDetails['action'] == "edit") { $errors = verifyUserModInput($userModDetails); } else { if ($userModDetails['action'] == "delete") { //cannot delete admin user
function update_data_in_db($hpid) { global $sql; global $dmn_user_name; global $user_email, $customer_id, $first_name; global $last_name, $firm, $zip; global $city, $country, $street_one; global $street_two, $mail, $phone; global $fax, $inpass, $domain_ip; global $admin_login; /* $first_name = escape_user_data($first_name); $last_name = escape_user_data($last_name); $firm = escape_user_data($firm); $zip = escape_user_data($zip); $city = escape_user_data($city); $country = escape_user_data($country); $phone = escape_user_data($phone); $fax = escape_user_data($fax); $street_one = escape_user_data($street_one); $street_two = escape_user_data($street_two); */ if ($inpass === '') { // Save with out password $query = <<<SQL_QUERY update admin set fname=?, lname=?, firm=?, zip=?, city=?, country=?, email=?, phone=?, fax=?, street1=?, street2=?, customer_id=? where admin_id=? SQL_QUERY; exec_query($sql, $query, array($first_name, $last_name, $firm, $zip, $city, $country, $mail, $phone, $fax, $street_one, $street_two, $customer_id, $hpid)); } else { // Change password $inpass = crypt_user_pass($inpass); $query = <<<SQL_QUERY update admin set admin_pass=?, fname=?, lname=?, firm=?, zip=?, city=?, country=?, email=?, phone=?, fax=?, street1=?, street2=?, customer_id=? where admin_id=? SQL_QUERY; exec_query($sql, $query, array($inpass, $first_name, $last_name, $firm, $zip, $city, $country, $mail, $phone, $fax, $street_one, $street_two, $customer_id, $hpid)); } $admin_login = $_SESSION['user_logged']; write_log("{$admin_login} change data/password for {$dmn_user_name}!"); unset($_SESSION['edit_ID']); unset($_SESSION['user_name']); $_SESSION['edit'] = "_yes_"; Header("Location: users.php"); die; }
function setPassword($uniqkey, $upass) { $sql = EasySCP_Registry::get('Db'); if ($uniqkey == '') { die; } $query = "\n\t\tUPDATE\n\t\t\t`admin`\n\t\tSET\n\t\t\t`admin_pass` = ?\n\t\tWHERE\n\t\t\t`uniqkey` = ?\n\t"; exec_query($sql, $query, array(crypt_user_pass($upass), $uniqkey)); }
$tpl->define_dynamic('custom_buttons', 'page'); global $cfg; $theme_color = $cfg['USER_INITIAL_THEME']; $tpl->assign(array('TR_CLIENT_CHANGE_PASSWORD_PAGE_TITLE' => tr('VHCS - Reseller/Change Password'), 'THEME_COLOR_PATH' => "../themes/{$theme_color}", 'THEME_CHARSET' => tr('encoding'), 'VHCS_LICENSE' => $cfg['VHCS_LICENSE'], 'ISP_LOGO' => get_logo($_SESSION['user_id']))); if (isset($_POST['uaction']) && $_POST['uaction'] === 'updt_pass') { if ($_POST['pass'] === '' || $_POST['pass_rep'] === '') { set_page_message(tr('Please fill up both data fields!')); } else { if ($_POST['pass'] !== $_POST['pass_rep']) { set_page_message(tr('Passwords does not match!')); } else { if (chk_password($_POST['pass']) > 0) { set_page_message(tr('Incorrect password range or syntax!')); } else { // Correct input password $upass = crypt_user_pass($_POST['pass']); $user_id = $_SESSION['user_id']; // Begin update admin-db $query = <<<SQL_QUERY update \tadmin set \tadmin_pass = ? where \tadmin_id = ? SQL_QUERY; $rs = exec_query($sql, $query, array($upass, $user_id)); set_page_message(tr('User password updated successfully!')); } } }
} else { if ($_POST['pass'] !== $_POST['pass_rep']) { set_page_message(tr('Passwords do not match!'), 'warning'); } else { if (!chk_password($_POST['pass'])) { if ($cfg->PASSWD_STRONG) { set_page_message(sprintf(tr('The password must be at least %s chars long and contain letters and numbers to be valid.'), $cfg->PASSWD_CHARS), 'warning'); } else { set_page_message(sprintf(tr('Password data is shorter than %s signs or includes not permitted signs!'), $cfg->PASSWD_CHARS), 'warning'); } } else { if (EasyPass::check_udata($_SESSION['user_id'], $_POST['curr_pass']) === false) { set_page_message(tr('The current password is wrong!'), 'error'); } else { // Correct input password $upass = crypt_user_pass(htmlentities($_POST['pass'])); $_SESSION['user_pass'] = $upass; $user_id = $_SESSION['user_id']; // Begin update admin-db $query = "\n\t\t\tUPDATE\n\t\t\t\t`admin`\n\t\t\tSET\n\t\t\t\t`admin_pass` = ?\n\t\t\tWHERE\n\t\t\t\t`admin_id` = ?\n\t\t"; $rs = exec_query($sql, $query, array($upass, $user_id)); write_log($_SESSION['user_logged'] . ": update password!"); set_page_message(tr('User password updated successfully!'), 'success'); } } } } } // static page messages gen_logged_from($tpl); $tpl->assign(array('TR_PAGE_TITLE' => tr('EasySCP - Reseller/Change Password'), 'TR_CHANGE_PASSWORD' => tr('Change password'), 'TR_PASSWORD_DATA' => tr('Password data'), 'TR_PASSWORD' => tr('Password'), 'TR_PASSWORD_REPEAT' => tr('Repeat password'), 'TR_UPDATE_PASSWORD' => tr('Update password'), 'TR_CURR_PASSWORD' => tr('Current password'), 'PASSWORD_DISABLED' => tr('Password change is deactivated!'), 'DEMO_VERSION' => tr('Demo Version!')));