protected function composePhpOptions($domain, $ssl_vhost = false) { $php_options_text = ''; if ($domain['phpenabled'] == '1') { $php = new phpinterface($domain); $phpconfig = $php->getPhpConfig((int) $domain['phpsettingid']); if ((int) Settings::Get('phpfpm.enabled') == 1) { $srvName = 'fpm.external'; if ($domain['ssl'] == 1 && $ssl_vhost) { $srvName = 'ssl-fpm.external'; } // #1317 - perl is executed via apache and therefore, when using fpm, does not know the user // which perl is supposed to run as, hence the need for Suexec need if (customerHasPerlEnabled($domain['customerid'])) { $php_options_text .= ' SuexecUserGroup "' . $domain['loginname'] . '" "' . $domain['loginname'] . '"' . "\n"; } // mod_proxy stuff for apache-2.4 if (Settings::Get('system.apache24') == '1' && Settings::Get('phpfpm.use_mod_proxy') == '1') { $php_options_text .= ' <FilesMatch \\.php$>' . "\n"; $php_options_text .= ' SetHandler proxy:unix:' . $php->getInterface()->getSocketFile() . '|fcgi://localhost' . "\n"; $php_options_text .= ' </FilesMatch>' . "\n"; $mypath_dir = new frxDirectory($domain['documentroot']); // only create the require all granted if there is not active directory-protection // for this path, as this would be the first require and therefore grant all access if ($mypath_dir->isUserProtected() == false) { $php_options_text .= ' <Directory "' . makeCorrectDir($domain['documentroot']) . '">' . "\n"; $php_options_text .= ' Require all granted' . "\n"; $php_options_text .= ' </Directory>' . "\n"; } } else { $php_options_text .= ' FastCgiExternalServer ' . $php->getInterface()->getAliasConfigDir() . $srvName . ' -socket ' . $php->getInterface()->getSocketFile() . ' -idle-timeout ' . Settings::Get('phpfpm.idle_timeout') . "\n"; $php_options_text .= ' <Directory "' . makeCorrectDir($domain['documentroot']) . '">' . "\n"; $php_options_text .= ' <FilesMatch "\\.php$">' . "\n"; $php_options_text .= ' SetHandler php5-fastcgi' . "\n"; $php_options_text .= ' Action php5-fastcgi /fastcgiphp' . "\n"; $php_options_text .= ' Options +ExecCGI' . "\n"; $php_options_text .= ' </FilesMatch>' . "\n"; // >=apache-2.4 enabled? if (Settings::Get('system.apache24') == '1') { $mypath_dir = new frxDirectory($domain['documentroot']); // only create the require all granted if there is not active directory-protection // for this path, as this would be the first require and therefore grant all access if ($mypath_dir->isUserProtected() == false) { $php_options_text .= ' Require all granted' . "\n"; } } else { $php_options_text .= ' Order allow,deny' . "\n"; $php_options_text .= ' allow from all' . "\n"; } $php_options_text .= ' </Directory>' . "\n"; $php_options_text .= ' Alias /fastcgiphp ' . $php->getInterface()->getAliasConfigDir() . $srvName . "\n"; } } else { $php_options_text .= ' FcgidIdleTimeout ' . Settings::Get('system.mod_fcgid_idle_timeout') . "\n"; if ((int) Settings::Get('system.mod_fcgid_wrapper') == 0) { $php_options_text .= ' SuexecUserGroup "' . $domain['loginname'] . '" "' . $domain['loginname'] . '"' . "\n"; $php_options_text .= ' ScriptAlias /php/ ' . $php->getInterface()->getConfigDir() . "\n"; } else { $php_options_text .= ' SuexecUserGroup "' . $domain['loginname'] . '" "' . $domain['loginname'] . '"' . "\n"; $php_options_text .= ' <Directory "' . makeCorrectDir($domain['documentroot']) . '">' . "\n"; $file_extensions = explode(' ', $phpconfig['file_extensions']); $php_options_text .= ' <FilesMatch "\\.(' . implode('|', $file_extensions) . ')$">' . "\n"; $php_options_text .= ' SetHandler fcgid-script' . "\n"; foreach ($file_extensions as $file_extension) { $php_options_text .= ' FcgidWrapper ' . $php->getInterface()->getStarterFile() . ' .' . $file_extension . "\n"; } $php_options_text .= ' Options +ExecCGI' . "\n"; $php_options_text .= ' </FilesMatch>' . "\n"; // >=apache-2.4 enabled? if (Settings::Get('system.apache24') == '1') { $mypath_dir = new frxDirectory($domain['documentroot']); // only create the require all granted if there is not active directory-protection // for this path, as this would be the first require and therefore grant all access if ($mypath_dir->isUserProtected() == false) { $php_options_text .= ' Require all granted' . "\n"; } } else { $php_options_text .= ' Order allow,deny' . "\n"; $php_options_text .= ' allow from all' . "\n"; } $php_options_text .= ' </Directory>' . "\n"; } } // create starter-file | config-file $php->getInterface()->createConfig($phpconfig); // create php.ini (fpm does nothing here, as it // defines ini-settings in its pool config) $php->getInterface()->createIniFile($phpconfig); } else { $php_options_text .= ' # PHP is disabled for this vHost' . "\n"; } return $php_options_text; }
protected function create_pathOptions($domain) { $result_stmt = Database::prepare("\n\t\t\tSELECT * FROM " . TABLE_PANEL_HTACCESS . "\n\t\t\tWHERE `path` LIKE :docroot\n\t\t"); Database::pexecute($result_stmt, array('docroot' => $domain['documentroot'] . '%')); $path_options = ''; $error_string = ''; while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) { if (!empty($row['error404path'])) { $defhandler = $row['error404path']; if (!validateUrl($defhandler)) { $defhandler = makeCorrectFile($domain['documentroot'] . '/' . $defhandler); } $error_string .= ' server.error-handler-404 = "' . $defhandler . '"' . "\n\n"; } if ($row['options_indexes'] != '0') { if (!empty($error_string)) { $path_options .= $error_string; // reset $error_string here to prevent duplicate entries $error_string = ''; } $path = makeCorrectDir(substr($row['path'], strlen($domain['documentroot']) - 1)); mkDirWithCorrectOwnership($domain['documentroot'], $row['path'], $domain['guid'], $domain['guid']); // We need to remove the last slash, otherwise the regex wouldn't work if ($row['path'] != $domain['documentroot']) { $path = substr($path, 0, -1); } $path_options .= ' $HTTP["url"] =~ "^' . $path . '($|/)" {' . "\n"; $path_options .= "\t" . 'dir-listing.activate = "enable"' . "\n"; $path_options .= ' }' . "\n\n"; } else { $path_options = $error_string; } if (customerHasPerlEnabled($domain['customerid']) && $row['options_cgi'] != '0') { $path = makeCorrectDir(substr($row['path'], strlen($domain['documentroot']) - 1)); mkDirWithCorrectOwnership($domain['documentroot'], $row['path'], $domain['guid'], $domain['guid']); // We need to remove the last slash, otherwise the regex wouldn't work if ($row['path'] != $domain['documentroot']) { $path = substr($path, 0, -1); } $path_options .= ' $HTTP["url"] =~ "^' . $path . '($|/)" {' . "\n"; $path_options .= "\t" . 'cgi.assign = (' . "\n"; $path_options .= "\t\t" . '".pl" => "' . makeCorrectFile(Settings::Get('system.perl_path')) . '",' . "\n"; $path_options .= "\t\t" . '".cgi" => "' . makeCorrectFile(Settings::Get('system.perl_path')) . '"' . "\n"; $path_options .= "\t" . ')' . "\n"; $path_options .= ' }' . "\n\n"; } } return $path_options; }
/** * We compose the diroption entries for the paths */ public function createFileDirOptions() { $result_stmt = Database::query("\n\t\t\tSELECT `htac`.*, `c`.`guid`, `c`.`documentroot` AS `customerroot`\n\t\t\tFROM `" . TABLE_PANEL_HTACCESS . "` `htac`\n\t\t\tLEFT JOIN `" . TABLE_PANEL_CUSTOMERS . "` `c` USING (`customerid`)\n\t\t\tORDER BY `htac`.`path`\n\t\t"); $diroptions = array(); while ($row_diroptions = $result_stmt->fetch(PDO::FETCH_ASSOC)) { if ($row_diroptions['customerid'] != 0 && isset($row_diroptions['customerroot']) && $row_diroptions['customerroot'] != '') { $diroptions[$row_diroptions['path']] = $row_diroptions; $diroptions[$row_diroptions['path']]['htpasswds'] = array(); } } $result_stmt = Database::query("\n\t\t\tSELECT `htpw`.*, `c`.`guid`, `c`.`documentroot` AS `customerroot`\n\t\t\tFROM `" . TABLE_PANEL_HTPASSWDS . "` `htpw`\n\t\t\tLEFT JOIN `" . TABLE_PANEL_CUSTOMERS . "` `c` USING (`customerid`)\n\t\t\tORDER BY `htpw`.`path`, `htpw`.`username`\n\t\t"); while ($row_htpasswds = $result_stmt->fetch(PDO::FETCH_ASSOC)) { if ($row_htpasswds['customerid'] != 0 && isset($row_htpasswds['customerroot']) && $row_htpasswds['customerroot'] != '') { if (!isset($diroptions[$row_htpasswds['path']]) || !is_array($diroptions[$row_htpasswds['path']])) { $diroptions[$row_htpasswds['path']] = array(); } $diroptions[$row_htpasswds['path']]['path'] = $row_htpasswds['path']; $diroptions[$row_htpasswds['path']]['guid'] = $row_htpasswds['guid']; $diroptions[$row_htpasswds['path']]['customerroot'] = $row_htpasswds['customerroot']; $diroptions[$row_htpasswds['path']]['customerid'] = $row_htpasswds['customerid']; $diroptions[$row_htpasswds['path']]['htpasswds'][] = $row_htpasswds; } } foreach ($diroptions as $row_diroptions) { $row_diroptions['path'] = makeCorrectDir($row_diroptions['path']); mkDirWithCorrectOwnership($row_diroptions['customerroot'], $row_diroptions['path'], $row_diroptions['guid'], $row_diroptions['guid']); $diroptions_filename = makeCorrectFile(Settings::Get('system.apacheconf_diroptions') . '/40_froxlor_diroption_' . md5($row_diroptions['path']) . '.conf'); if (!isset($this->diroptions_data[$diroptions_filename])) { $this->diroptions_data[$diroptions_filename] = ''; } if (is_dir($row_diroptions['path'])) { $cperlenabled = customerHasPerlEnabled($row_diroptions['customerid']); $this->diroptions_data[$diroptions_filename] .= '<Directory "' . $row_diroptions['path'] . '">' . "\n"; if (isset($row_diroptions['options_indexes']) && $row_diroptions['options_indexes'] == '1') { $this->diroptions_data[$diroptions_filename] .= ' Options +Indexes'; // add perl options if enabled if ($cperlenabled && isset($row_diroptions['options_cgi']) && $row_diroptions['options_cgi'] == '1') { $this->diroptions_data[$diroptions_filename] .= ' +ExecCGI -MultiViews +SymLinksIfOwnerMatch +FollowSymLinks' . "\n"; } else { $this->diroptions_data[$diroptions_filename] .= "\n"; } fwrite($this->debugHandler, ' cron_tasks: Task3 - Setting Options +Indexes' . "\n"); } if (isset($row_diroptions['options_indexes']) && $row_diroptions['options_indexes'] == '0') { $this->diroptions_data[$diroptions_filename] .= ' Options -Indexes'; // add perl options if enabled if ($cperlenabled && isset($row_diroptions['options_cgi']) && $row_diroptions['options_cgi'] == '1') { $this->diroptions_data[$diroptions_filename] .= ' +ExecCGI -MultiViews +SymLinksIfOwnerMatch +FollowSymLinks' . "\n"; } else { $this->diroptions_data[$diroptions_filename] .= "\n"; } fwrite($this->debugHandler, ' cron_tasks: Task3 - Setting Options -Indexes' . "\n"); } $statusCodes = array('404', '403', '500'); foreach ($statusCodes as $statusCode) { if (isset($row_diroptions['error' . $statusCode . 'path']) && $row_diroptions['error' . $statusCode . 'path'] != '') { $defhandler = $row_diroptions['error' . $statusCode . 'path']; if (!validateUrl($defhandler)) { if (substr($defhandler, 0, 1) != '"' && substr($defhandler, -1, 1) != '"') { $defhandler = '"' . makeCorrectFile($defhandler) . '"'; } } $this->diroptions_data[$diroptions_filename] .= ' ErrorDocument ' . $statusCode . ' ' . $defhandler . "\n"; } } if ($cperlenabled && isset($row_diroptions['options_cgi']) && $row_diroptions['options_cgi'] == '1') { $this->diroptions_data[$diroptions_filename] .= ' AllowOverride None' . "\n"; $this->diroptions_data[$diroptions_filename] .= ' AddHandler cgi-script .cgi .pl' . "\n"; // >=apache-2.4 enabled? if (Settings::Get('system.apache24') == '1') { $mypath_dir = new frxDirectory($row_diroptions['path']); // only create the require all granted if there is not active directory-protection // for this path, as this would be the first require and therefore grant all access if ($mypath_dir->isUserProtected() == false) { $this->diroptions_data[$diroptions_filename] .= ' Require all granted' . "\n"; } } else { $this->diroptions_data[$diroptions_filename] .= ' Order allow,deny' . "\n"; $this->diroptions_data[$diroptions_filename] .= ' Allow from all' . "\n"; } fwrite($this->debugHandler, ' cron_tasks: Task3 - Enabling perl execution' . "\n"); // check for suexec-workaround, #319 if ((int) Settings::Get('perl.suexecworkaround') == 1) { // symlink this directory to suexec-safe-path $loginname = getCustomerDetail($row_diroptions['customerid'], 'loginname'); $suexecpath = makeCorrectDir(Settings::Get('perl.suexecpath') . '/' . $loginname . '/' . md5($row_diroptions['path']) . '/'); if (!file_exists($suexecpath)) { safe_exec('mkdir -p ' . escapeshellarg($suexecpath)); safe_exec('chown -R ' . escapeshellarg($row_diroptions['guid']) . ':' . escapeshellarg($row_diroptions['guid']) . ' ' . escapeshellarg($suexecpath)); } // symlink to {$givenpath}/cgi-bin // NOTE: symlinks are FILES, so do not append a / here $perlsymlink = makeCorrectFile($row_diroptions['path'] . '/cgi-bin'); if (!file_exists($perlsymlink)) { safe_exec('ln -s ' . escapeshellarg($suexecpath) . ' ' . escapeshellarg($perlsymlink)); } safe_exec('chown ' . escapeshellarg($row_diroptions['guid']) . ':' . escapeshellarg($row_diroptions['guid']) . ' ' . escapeshellarg($perlsymlink)); } } else { // if no perl-execution is enabled but the workaround is, // we have to remove the symlink and folder in suexecpath if ((int) Settings::Get('perl.suexecworkaround') == 1) { $loginname = getCustomerDetail($row_diroptions['customerid'], 'loginname'); $suexecpath = makeCorrectDir(Settings::Get('perl.suexecpath') . '/' . $loginname . '/' . md5($row_diroptions['path']) . '/'); $perlsymlink = makeCorrectFile($row_diroptions['path'] . '/cgi-bin'); // remove symlink if (file_exists($perlsymlink)) { safe_exec('rm -f ' . escapeshellarg($perlsymlink)); } // remove folder in suexec-path if (file_exists($suexecpath)) { safe_exec('rm -rf ' . escapeshellarg($suexecpath)); } } } if (count($row_diroptions['htpasswds']) > 0) { $htpasswd_filename = makeCorrectFile(Settings::Get('system.apacheconf_htpasswddir') . '/' . $row_diroptions['customerid'] . '-' . md5($row_diroptions['path']) . '.htpasswd'); if (!isset($this->htpasswds_data[$htpasswd_filename])) { $this->htpasswds_data[$htpasswd_filename] = ''; } foreach ($row_diroptions['htpasswds'] as $row_htpasswd) { $this->htpasswds_data[$htpasswd_filename] .= $row_htpasswd['username'] . ':' . $row_htpasswd['password'] . "\n"; } $this->diroptions_data[$diroptions_filename] .= ' AuthType Basic' . "\n"; $this->diroptions_data[$diroptions_filename] .= ' AuthName "' . $row_htpasswd['authname'] . '"' . "\n"; $this->diroptions_data[$diroptions_filename] .= ' AuthUserFile ' . $htpasswd_filename . "\n"; $this->diroptions_data[$diroptions_filename] .= ' require valid-user' . "\n"; } $this->diroptions_data[$diroptions_filename] .= '</Directory>' . "\n"; } } }
protected function create_pathOptions($domain) { $has_location = false; $result_stmt = Database::prepare("\n\t\t\tSELECT * FROM " . TABLE_PANEL_HTACCESS . "\n\t\t\tWHERE `path` LIKE :docroot\n\t\t"); Database::pexecute($result_stmt, array('docroot' => $domain['documentroot'] . '%')); $path_options = ''; $htpasswds = $this->getHtpasswds($domain); // for each entry in the htaccess table while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) { if (!empty($row['error404path'])) { $defhandler = $row['error404path']; if (!validateUrl($defhandler)) { $defhandler = makeCorrectFile($defhandler); } $path_options .= "\t" . 'error_page 404 ' . $defhandler . ';' . "\n"; } if (!empty($row['error403path'])) { $defhandler = $row['error403path']; if (!validateUrl($defhandler)) { $defhandler = makeCorrectFile($defhandler); } $path_options .= "\t" . 'error_page 403 ' . $defhandler . ';' . "\n"; } if (!empty($row['error500path'])) { $defhandler = $row['error500path']; if (!validateUrl($defhandler)) { $defhandler = makeCorrectFile($defhandler); } $path_options .= "\t" . 'error_page 500 502 503 504 ' . $defhandler . ';' . "\n"; } // if ($row['options_indexes'] != '0') { $path = makeCorrectDir(substr($row['path'], strlen($domain['documentroot']) - 1)); mkDirWithCorrectOwnership($domain['documentroot'], $row['path'], $domain['guid'], $domain['guid']); $path_options .= "\t" . '# ' . $path . "\n"; if ($path == '/') { if ($row['options_indexes'] != '0') { $this->vhost_root_autoindex = true; } $path_options .= "\t" . 'location ' . $path . ' {' . "\n"; if ($this->vhost_root_autoindex) { $path_options .= "\t\t" . 'autoindex on;' . "\n"; $this->vhost_root_autoindex = false; } else { $path_options .= "\t\t" . 'index index.php index.html index.htm;' . "\n"; } // $path_options.= "\t\t" . 'try_files $uri $uri/ @rewrites;'."\n"; // check if we have a htpasswd for this path // (damn nginx does not like more than one // 'location'-part with the same path) if (count($htpasswds) > 0) { foreach ($htpasswds as $idx => $single) { switch ($single['path']) { case '/awstats/': case '/webalizer/': // no stats-alias in "location /"-context break; default: if ($single['path'] == '/') { $path_options .= "\t\t" . 'auth_basic "' . $single['authname'] . '";' . "\n"; $path_options .= "\t\t" . 'auth_basic_user_file ' . makeCorrectFile($single['usrf']) . ';' . "\n"; // remove already used entries so we do not have doubles unset($htpasswds[$idx]); } } } } $path_options .= "\t" . '}' . "\n"; $this->vhost_root_autoindex = false; } else { $path_options .= "\t" . 'location ' . $path . ' {' . "\n"; if ($this->vhost_root_autoindex || $row['options_indexes'] != '0') { $path_options .= "\t\t" . 'autoindex on;' . "\n"; $this->vhost_root_autoindex = false; } else { $path_options .= "\t\t" . 'index index.php index.html index.htm;' . "\n"; } $path_options .= "\t" . '} ' . "\n"; } // } /** * Perl support * required the fastCGI wrapper to be running to receive the CGI requests. */ if (customerHasPerlEnabled($domain['customerid']) && $row['options_cgi'] != '0') { $path = makeCorrectDir(substr($row['path'], strlen($domain['documentroot']) - 1)); mkDirWithCorrectOwnership($domain['documentroot'], $row['path'], $domain['guid'], $domain['guid']); // We need to remove the last slash, otherwise the regex wouldn't work if ($row['path'] != $domain['documentroot']) { $path = substr($path, 0, -1); } $path_options .= "\t" . 'location ~ \\(.pl|.cgi)$ {' . "\n"; $path_options .= "\t\t" . 'gzip off; #gzip makes scripts feel slower since they have to complete before getting gzipped' . "\n"; $path_options .= "\t\t" . 'fastcgi_pass ' . Settings::Get('system.perl_server') . ';' . "\n"; $path_options .= "\t\t" . 'fastcgi_index index.cgi;' . "\n"; $path_options .= "\t\t" . 'include ' . Settings::Get('nginx.fastcgiparams') . ';' . "\n"; $path_options .= "\t" . '}' . "\n"; } } // now the rest of the htpasswds if (count($htpasswds) > 0) { foreach ($htpasswds as $idx => $single) { //if ($single['path'] != '/') { switch ($single['path']) { case '/awstats/': case '/webalizer/': $path_options .= $this->getStats($domain, $single); unset($htpasswds[$idx]); break; default: $path_options .= "\t" . 'location ' . makeCorrectDir($single['path']) . ' {' . "\n"; $path_options .= "\t\t" . 'auth_basic "' . $single['authname'] . '";' . "\n"; $path_options .= "\t\t" . 'auth_basic_user_file ' . makeCorrectFile($single['usrf']) . ';' . "\n"; $path_options .= "\t" . '}' . "\n"; } //} unset($htpasswds[$idx]); } } return $path_options; }
$params = array("customerid" => $userinfo['customerid'], "options_indexes" => $_POST['options_indexes'] == '1' ? '1' : '0', "error403path" => $error403path, "error404path" => $error404path, "error500path" => $error500path, "options_cgi" => $options_cgi, "id" => $id); Database::pexecute($stmt, $params); $log->logAction(USR_ACTION, LOG_INFO, "edited htaccess for '" . str_replace($userinfo['documentroot'], '', $result['path']) . "'"); } redirectTo($filename, array('page' => $page, 's' => $s)); } else { if (strpos($result['path'], $userinfo['documentroot']) === 0) { $result['path'] = substr($result['path'], strlen($userinfo['documentroot'])); // don't show nothing when it's the docroot, show slash if ($result['path'] == '') { $result['path'] = '/'; } } $result['error404path'] = $result['error404path']; $result['error403path'] = $result['error403path']; $result['error500path'] = $result['error500path']; $cperlenabled = customerHasPerlEnabled($userinfo['customerid']); /* $options_indexes = makeyesno('options_indexes', '1', '0', $result['options_indexes']); $options_cgi = makeyesno('options_cgi', '1', '0', $result['options_cgi']); */ $result = htmlentities_array($result); $htaccess_edit_data = (include_once dirname(__FILE__) . '/lib/formfields/customer/extras/formfield.htaccess_edit.php'); $htaccess_edit_form = htmlform::genHTMLForm($htaccess_edit_data); $title = $htaccess_edit_data['htaccess_edit']['title']; $image = $htaccess_edit_data['htaccess_edit']['image']; eval("echo \"" . getTemplate("extras/htaccess_edit") . "\";"); } } } }
public function createFileDirOptions() { $result = $this->db->query('SELECT `htac`.*, `c`.`guid`, `c`.`documentroot` AS `customerroot` FROM `' . TABLE_PANEL_HTACCESS . '` `htac` LEFT JOIN `' . TABLE_PANEL_CUSTOMERS . '` `c` USING (`customerid`) ORDER BY `htac`.`path`'); $diroptions = array(); while ($row_diroptions = $this->db->fetch_array($result)) { if ($row_diroptions['customerid'] != 0 && isset($row_diroptions['customerroot']) && $row_diroptions['customerroot'] != '') { $diroptions[$row_diroptions['path']] = $row_diroptions; $diroptions[$row_diroptions['path']]['htpasswds'] = array(); } } $result = $this->db->query('SELECT `htpw`.*, `c`.`guid`, `c`.`documentroot` AS `customerroot` FROM `' . TABLE_PANEL_HTPASSWDS . '` `htpw` LEFT JOIN `' . TABLE_PANEL_CUSTOMERS . '` `c` USING (`customerid`) ORDER BY `htpw`.`path`, `htpw`.`username`'); while ($row_htpasswds = $this->db->fetch_array($result)) { if ($row_htpasswds['customerid'] != 0 && isset($row_htpasswds['customerroot']) && $row_htpasswds['customerroot'] != '') { if (!isset($diroptions[$row_htpasswds['path']]) || !is_array($diroptions[$row_htpasswds['path']])) { $diroptions[$row_htpasswds['path']] = array(); } $diroptions[$row_htpasswds['path']]['path'] = $row_htpasswds['path']; $diroptions[$row_htpasswds['path']]['guid'] = $row_htpasswds['guid']; $diroptions[$row_htpasswds['path']]['customerroot'] = $row_htpasswds['customerroot']; $diroptions[$row_htpasswds['path']]['customerid'] = $row_htpasswds['customerid']; $diroptions[$row_htpasswds['path']]['htpasswds'][] = $row_htpasswds; } } foreach ($diroptions as $row_diroptions) { $row_diroptions['path'] = makeCorrectDir($row_diroptions['path']); mkDirWithCorrectOwnership($row_diroptions['customerroot'], $row_diroptions['path'], $row_diroptions['guid'], $row_diroptions['guid']); $diroptions_filename = makeCorrectFile($this->settings['system']['apacheconf_diroptions'] . '/40_froxlor_diroption_' . md5($row_diroptions['path']) . '.conf'); if (!isset($this->diroptions_data[$diroptions_filename])) { $this->diroptions_data[$diroptions_filename] = ''; } if (is_dir($row_diroptions['path'])) { $cperlenabled = customerHasPerlEnabled($row_diroptions['customerid']); $this->diroptions_data[$diroptions_filename] .= '<Directory "' . $row_diroptions['path'] . '">' . "\n"; if (isset($row_diroptions['options_indexes']) && $row_diroptions['options_indexes'] == '1') { $this->diroptions_data[$diroptions_filename] .= ' Options +Indexes'; // add perl options if enabled if ($cperlenabled && isset($row_diroptions['options_cgi']) && $row_diroptions['options_cgi'] == '1') { $this->diroptions_data[$diroptions_filename] .= ' ExecCGI -MultiViews +SymLinksIfOwnerMatch +FollowSymLinks' . "\n"; } else { $this->diroptions_data[$diroptions_filename] .= "\n"; } fwrite($this->debugHandler, ' cron_tasks: Task3 - Setting Options +Indexes' . "\n"); } if (isset($row_diroptions['options_indexes']) && $row_diroptions['options_indexes'] == '0') { $this->diroptions_data[$diroptions_filename] .= ' Options -Indexes'; // add perl options if enabled if ($cperlenabled && isset($row_diroptions['options_cgi']) && $row_diroptions['options_cgi'] == '1') { $this->diroptions_data[$diroptions_filename] .= ' ExecCGI -MultiViews +SymLinksIfOwnerMatch +FollowSymLinks' . "\n"; } else { $this->diroptions_data[$diroptions_filename] .= "\n"; } fwrite($this->debugHandler, ' cron_tasks: Task3 - Setting Options -Indexes' . "\n"); } if (isset($row_diroptions['error404path']) && $row_diroptions['error404path'] != '') { $this->diroptions_data[$diroptions_filename] .= ' ErrorDocument 404 "' . $this->escapeConfigParameter($row_diroptions['error404path']) . '"' . "\n"; } if (isset($row_diroptions['error403path']) && $row_diroptions['error403path'] != '') { $this->diroptions_data[$diroptions_filename] .= ' ErrorDocument 403 "' . $this->escapeConfigParameter($row_diroptions['error403path']) . '"' . "\n"; } if (isset($row_diroptions['error500path']) && $row_diroptions['error500path'] != '') { $this->diroptions_data[$diroptions_filename] .= ' ErrorDocument 500 "' . $this->escapeConfigParameter($row_diroptions['error500path']) . '"' . "\n"; } if ($cperlenabled && isset($row_diroptions['options_cgi']) && $row_diroptions['options_cgi'] == '1') { $this->diroptions_data[$diroptions_filename] .= ' AllowOverride None' . "\n"; $this->diroptions_data[$diroptions_filename] .= ' AddHandler cgi-script .cgi .pl' . "\n"; $this->diroptions_data[$diroptions_filename] .= ' Order allow,deny' . "\n"; $this->diroptions_data[$diroptions_filename] .= ' Allow from all' . "\n"; fwrite($this->debugHandler, ' cron_tasks: Task3 - Enabling perl execution' . "\n"); // check for suexec-workaround, #319 if ((int) $this->settings['perl']['suexecworkaround'] == 1) { // symlink this directory to suexec-safe-path $loginname = getCustomerDetail($row_diroptions['customerid'], 'loginname'); $suexecpath = makeCorrectDir($this->settings['perl']['suexecpath'] . '/' . $loginname . '/' . md5($row_diroptions['path']) . '/'); if (!file_exists($suexecpath)) { safe_exec('mkdir -p ' . escapeshellarg($suexecpath)); safe_exec('chown -R ' . escapeshellarg($row_diroptions['guid']) . ':' . escapeshellarg($row_diroptions['guid']) . ' ' . escapeshellarg($suexecpath)); } // symlink to {$givenpath}/cgi-bin // NOTE: symlinks are FILES, so do not append a / here $perlsymlink = makeCorrectFile($row_diroptions['path'] . '/cgi-bin'); if (!file_exists($perlsymlink)) { safe_exec('ln -s ' . escapeshellarg($suexecpath) . ' ' . escapeshellarg($perlsymlink)); } safe_exec('chown ' . escapeshellarg($row_diroptions['guid']) . ':' . escapeshellarg($row_diroptions['guid']) . ' ' . escapeshellarg($perlsymlink)); } } else { // if no perl-execution is enabled but the workaround is, // we have to remove the symlink and folder in suexecpath if ((int) $this->settings['perl']['suexecworkaround'] == 1) { $loginname = getCustomerDetail($row_diroptions['customerid'], 'loginname'); $suexecpath = makeCorrectDir($this->settings['perl']['suexecpath'] . '/' . $loginname . '/' . md5($row_diroptions['path']) . '/'); $perlsymlink = makeCorrectFile($row_diroptions['path'] . '/cgi-bin'); // remove symlink if (file_exists($perlsymlink)) { safe_exec('rm -f ' . escapeshellarg($perlsymlink)); } // remove folder in suexec-path if (file_exists($suexecpath)) { safe_exec('rm -rf ' . escapeshellarg($suexecpath)); } } } if (count($row_diroptions['htpasswds']) > 0) { $htpasswd_filename = makeCorrectFile($this->settings['system']['apacheconf_htpasswddir'] . '/' . $row_diroptions['customerid'] . '-' . md5($row_diroptions['path']) . '.htpasswd'); if (!isset($this->htpasswds_data[$htpasswd_filename])) { $this->htpasswds_data[$htpasswd_filename] = ''; } foreach ($row_diroptions['htpasswds'] as $row_htpasswd) { $this->htpasswds_data[$htpasswd_filename] .= $row_htpasswd['username'] . ':' . $row_htpasswd['password'] . "\n"; } $this->diroptions_data[$diroptions_filename] .= ' AuthType Basic' . "\n"; $this->diroptions_data[$diroptions_filename] .= ' AuthName "' . $row_htpasswd['authname'] . '"' . "\n"; $this->diroptions_data[$diroptions_filename] .= ' AuthUserFile ' . $htpasswd_filename . "\n"; $this->diroptions_data[$diroptions_filename] .= ' require valid-user' . "\n"; } $this->diroptions_data[$diroptions_filename] .= '</Directory>' . "\n"; } } }
protected function create_pathOptions($domain) { $has_location = false; $query = "SELECT * FROM " . TABLE_PANEL_HTACCESS . " WHERE `path` LIKE '" . $domain['documentroot'] . "%'"; $result = $this->db->query($query); $path_options = ''; $htpasswds = $this->getHtpasswds($domain); while ($row = $this->db->fetch_array($result)) { if (!empty($row['error404path'])) { $path_options .= "\t" . 'error_page 404 ' . $row['error404path'] . ';' . "\n"; } if (!empty($row['error403path'])) { $path_options .= "\t" . 'error_page 403 ' . $row['error403path'] . ';' . "\n"; } if (!empty($row['error500path'])) { $path_options .= "\t" . 'error_page 502 503 504 ' . $row['error500path'] . ';' . "\n"; } // if($row['options_indexes'] != '0') // { $path = makeCorrectDir(substr($row['path'], strlen($domain['documentroot']) - 1)); mkDirWithCorrectOwnership($domain['documentroot'], $row['path'], $domain['guid'], $domain['guid']); $path_options .= "\t" . '# ' . $path . "\n"; if ($path == '/') { $this->vhost_root_autoindex = true; $path_options .= "\t" . 'location ' . $path . ' {' . "\n"; if ($this->vhost_root_autoindex) { $path_options .= "\t\t" . 'autoindex on;' . "\n"; $this->vhost_root_autoindex = false; } $path_options .= "\t\t" . 'index index.php index.html index.htm;' . "\n"; // $path_options.= "\t\t" . 'try_files $uri $uri/ @rewrites;'."\n"; // check if we have a htpasswd for this path // (damn nginx does not like more than one // 'location'-part with the same path) if (count($htpasswds) > 0) { foreach ($htpasswds as $idx => $single) { switch ($single['path']) { case '/awstats/': case '/webalizer/': break; default: if ($single['path'] == '/') { $path_options .= "\t\t" . 'auth_basic "Restricted Area";' . "\n"; $path_options .= "\t\t" . 'auth_basic_user_file ' . $single['usrf'] . ';' . "\n"; // remove already used entries so we do not have doubles unset($htpasswds[$idx]); } } } } $path_options .= "\t" . '}' . "\n"; $this->vhost_root_autoindex = false; } else { $path_options .= "\t" . 'location ' . $path . ' {' . "\n"; if ($this->vhost_root_autoindex) { $path_options .= "\t\t" . 'autoindex on;' . "\n"; $this->vhost_root_autoindex = false; } $path_options .= "\t\t" . 'index index.php index.html index.htm;' . "\n"; $path_options .= "\t" . '} ' . "\n"; } // } /** * Perl support * required the fastCGI wrapper to be running to receive the CGI requests. */ if (customerHasPerlEnabled($domain['customerid']) && $row['options_cgi'] != '0') { $path = makeCorrectDir(substr($row['path'], strlen($domain['documentroot']) - 1)); mkDirWithCorrectOwnership($domain['documentroot'], $row['path'], $domain['guid'], $domain['guid']); // We need to remove the last slash, otherwise the regex wouldn't work if ($row['path'] != $domain['documentroot']) { $path = substr($path, 0, -1); } $path_options .= "\t" . 'location ~ \\(.pl|.cgi)$ {' . "\n"; $path_options .= "\t\t" . 'gzip off; #gzip makes scripts feel slower since they have to complete before getting gzipped' . "\n"; $path_options .= "\t\t" . 'fastcgi_pass ' . $this->settings['system']['perl_server'] . ';' . "\n"; $path_options .= "\t\t" . 'fastcgi_index index.cgi;' . "\n"; $path_options .= "\t\t" . 'include /etc/nginx/fastcgi_params;' . "\n"; $path_options .= "\t" . '}' . "\n"; } } /* * now the rest of the htpasswds */ if (count($htpasswds) > 0) { foreach ($htpasswds as $idx => $single) { //if($single['path'] != "/") //{ switch ($single['path']) { case '/awstats/': case '/webalizer/': $path_options .= $this->getStats($domain, $single); unset($htpasswds[$idx]); break; default: $path_options .= "\t" . 'location ' . $single['path'] . ' {' . "\n"; $path_options .= "\t\t" . 'auth_basic "Restricted Area";' . "\n"; $path_options .= "\t\t" . 'auth_basic_user_file ' . $single['usrf'] . ';' . "\n"; $path_options .= "\t" . '}' . "\n"; } //} unset($htpasswds[$idx]); } } return $path_options; }
protected function create_pathOptions($domain) { $query = "SELECT * FROM " . TABLE_PANEL_HTACCESS . " WHERE `path` LIKE '" . $domain['documentroot'] . "%'"; $result = $this->db->query($query); $path_options = ''; $error_string = ''; while ($row = $this->db->fetch_array($result)) { if (!empty($row['error404path'])) { $error_string .= ' server.error-handler-404 = "' . makeCorrectFile($domain['documentroot'] . '/' . $row['error404path']) . '"' . "\n\n"; } if ($row['options_indexes'] != '0') { if (!empty($error_string)) { $path_options .= $error_string; // reset $error_string here to prevent duplicate entries $error_string = ''; } $path = makeCorrectDir(substr($row['path'], strlen($domain['documentroot']) - 1)); mkDirWithCorrectOwnership($domain['documentroot'], $row['path'], $domain['guid'], $domain['guid']); // We need to remove the last slash, otherwise the regex wouldn't work if ($row['path'] != $domain['documentroot']) { $path = substr($path, 0, -1); } $path_options .= ' $HTTP["url"] =~ "^' . $path . '($|/)" {' . "\n"; $path_options .= "\t" . 'dir-listing.activate = "enable"' . "\n"; $path_options .= ' }' . "\n\n"; } else { $path_options = $error_string; } if (customerHasPerlEnabled($domain['customerid']) && $row['options_cgi'] != '0') { $path = makeCorrectDir(substr($row['path'], strlen($domain['documentroot']) - 1)); mkDirWithCorrectOwnership($domain['documentroot'], $row['path'], $domain['guid'], $domain['guid']); // We need to remove the last slash, otherwise the regex wouldn't work if ($row['path'] != $domain['documentroot']) { $path = substr($path, 0, -1); } $path_options .= ' $HTTP["url"] =~ "^' . $path . '($|/)" {' . "\n"; $path_options .= "\t" . 'cgi.assign = (' . "\n"; $path_options .= "\t\t" . '".pl" => "' . makeCorrectFile($this->settings['system']['perl_path']) . '",' . "\n"; $path_options .= "\t\t" . '".cgi" => "' . makeCorrectFile($this->settings['system']['perl_path']) . '"' . "\n"; $path_options .= "\t" . ')' . "\n"; $path_options .= ' }' . "\n\n"; } } return $path_options; }