示例#1
0
    if ($commit_flag == "yes") {
        $soap_client = connectToVPSServer($vps_node);
        if ($soap_client === false) {
            echo "<font color=\"red\">" . _("Could not connect to VPS server!") . "</font>";
            return;
        }
        $r = $soap_client->call("fsckVPSpartition", array("vpsname" => "xen" . $vps_name), "", "", "");
    }
}
if (isset($_REQUEST["action"]) && $_REQUEST["action"] == "reinstall_os") {
    if (checkVPSAdmin($adm_login, $adm_pass, $vps_node, $vps_name) != true) {
        $submit_err = _("Access not granted line ") . __LINE__ . _(" file ") . __FILE__;
        $commit_flag = "no";
    }
    // Os name checking is now more relaxed as this is customizable by the dtc-xen server
    if (!isFtpLogin($_REQUEST["os_type"])) {
        $submit_err = "OS type is not corret " . __LINE__ . " file " . __FILE__;
        $commit_flag = "no";
    }
    if (!isDTCPassword($_REQUEST["root_password"])) {
        $submit_err = "Root password is not a valid password";
        $commit_flag = "no";
    }
    $q = "SELECT * FROM {$pro_mysql_vps_table} WHERE vps_xen_name='{$vps_name}' AND vps_server_hostname='{$vps_node}';";
    $r = mysql_query($q) or die("Cannot execute query \"{$q}\" ! line: " . __LINE__ . " file: " . __FILE__ . " sql said: " . mysql_error());
    $n = mysql_num_rows($r);
    if ($n != 1) {
        $commit_flag = "no";
        $submit_err = _("Cannot get VPS information line ") . __LINE__ . _(" file ") . __FILE__;
    }
    $ze_vps = mysql_fetch_array($r);
示例#2
0
function DTCdeleteAdmin($adm_to_del)
{
    global $pro_mysql_admin_table;
    global $pro_mysql_domain_table;
    global $pro_mysql_vps_table;
    global $pro_mysql_dedicated_table;
    global $pro_mysql_tik_queries_table;
    global $pro_mysql_cronjob_table;
    global $pro_mysql_ssl_ips_table;
    global $conf_demo_version;
    global $conf_mysql_db;
    if (!isFtpLogin($adm_to_del)) {
        echo "Admin to delete is not in correct format line " . __LINE__ . " file " . __FILE__;
        die;
    }
    $adm_query = "SELECT * FROM {$pro_mysql_admin_table} WHERE adm_login='******'";
    $result = mysql_query($adm_query) or die("Cannot execute query \"{$adm_query}\" !!!");
    $num_rows = mysql_num_rows($result);
    if ($num_rows != 1) {
        die("User not found for deletion of {$adm_to_del} !!!");
    }
    $row_virtual_admin = mysql_fetch_array($result);
    $the_admin_path = $row_virtual_admin["path"];
    // delete the user also mailboxs, ftp accounts, domains and subdomains in database
    $query = "SELECT * FROM {$pro_mysql_domain_table} WHERE owner='{$adm_to_del}';";
    $result = mysql_query($query) or die("Cannot execute query \"{$query}\" !!!");
    $num_rows = mysql_num_rows($result);
    for ($i = 0; $i < $num_rows; $i++) {
        $row = mysql_fetch_array($result);
        //echo "Deleting ".$_REQUEST["delete_admin_user"]." / ".$row_virtual_admin["adm_pass"].$row["name"];
        deleteUserDomain($_REQUEST["delete_admin_user"], $row_virtual_admin["adm_pass"], $row["name"]);
    }
    if ($conf_demo_version == "no") {
        system("rm -rf {$the_admin_path}");
    }
    // Make all SSL vhosts the user registered available again
    $q = "UPDATE {$pro_mysql_ssl_ips_table} SET available='yes' WHERE adm_login='******';";
    $r = mysql_query($q) or die("Cannot execute query {$q} line " . __LINE__ . " file " . __FILE__ . " sql said: " . mysql_error());
    deleteMysqlUserAndDB($adm_to_del);
    // Delete all VPS of the user, and set all its IPs as available
    $q = "SELECT * FROM {$pro_mysql_vps_table} WHERE owner='{$adm_to_del}';";
    $r = mysql_query($q) or die("Cannot execute query \"{$q}\" line " . __LINE__ . " file " . __FILE__ . " sql said: " . mysql_error());
    $n = mysql_num_rows($r);
    for ($i = 0; $i < $n; $i++) {
        $vps = mysql_fetch_array($r);
        $q2 = "UPDATE {$pro_mysql_vps_ip_table} SET available='yes' WHERE vps_server_hostname='" . $vps["vps_server_hostname"] . "' AND vps_xen_name='" . $vps["vps_xen_name"] . "';";
        $r2 = mysql_query($q2) or die("Cannot execute query \"{$q2}\" line " . __LINE__ . " file " . __FILE__ . " sql said: " . mysql_error());
        $q2 = "DELETE FROM {$pro_mysql_vps_stats_table} WHERE vps_server_hostname='" . $vps["vps_server_hostname"] . "' AND vps_xen_name='" . $vps["vps_xen_name"] . "';";
        $r2 = mysql_query($q2) or die("Cannot execute query \"{$q2}\" line " . __LINE__ . " file " . __FILE__ . " sql said: " . mysql_error());
        // Unload (eg: destroy) the VPS directly
        remoteVPSAction($vps["vps_server_hostname"], $vps["vps_xen_name"], "destroy_vps");
        VPS_Server_Subscribe_To_Lists($vps["vps_server_hostname"]);
    }
    $q = "DELETE FROM {$pro_mysql_vps_table} WHERE owner='{$adm_to_del}';";
    $r = mysql_query($q) or die("Cannot execute query \"{$q}\" line " . __LINE__ . " file " . __FILE__ . " sql said: " . mysql_error());
    // Delete all dedicated servers of the admin
    $q = "DELETE FROM {$pro_mysql_dedicated_table} WHERE owner='{$adm_to_del}';";
    $r = mysql_query($q) or die("Cannot execute query \"{$q}\" line " . __LINE__ . " file " . __FILE__ . " sql said: " . mysql_error());
    // Delete all support tickets of the admin
    $q = "DELETE FROM {$pro_mysql_tik_queries_table} WHERE adm_login='******';";
    $r = mysql_query($q) or die("Cannot execute query \"{$q}\" line " . __LINE__ . " file " . __FILE__ . " sql said: " . mysql_error());
    $adm_query = "DELETE FROM {$pro_mysql_admin_table} WHERE adm_login='******'";
    mysql_query($adm_query) or die("Cannot execute query \"{$adm_query}\" !!!");
    // Tell the cron job to activate the changes (in case there was some shared accounts. Todo: check if there is some...)
    $adm_query = "UPDATE {$pro_mysql_cronjob_table} SET qmail_newu='yes',restart_qmail='yes',reload_named='yes',\n\trestart_apache='yes',gen_vhosts='yes',gen_named='yes',gen_qmail='yes',gen_webalizer='yes',gen_backup='yes',gen_ssh='yes',gen_fetchmail='yes' WHERE 1;";
    mysql_query($adm_query);
    triggerDomainListUpdate();
}
function renew_form()
{
    global $pro_mysql_admin_table;
    global $pro_mysql_new_admin_table;
    global $pro_mysql_product_table;
    global $pro_mysql_pending_renewal_table;
    global $pro_mysql_client_table;
    global $pro_mysql_companies_table;
    global $pro_mysql_vps_table;
    global $pro_mysql_dedicated_table;
    global $pro_mysql_vps_server_table;
    global $conf_webmaster_email_addr;
    global $conf_message_subject_header;
    global $conf_this_server_country_code;
    global $secpayconf_currency_letters;
    global $cc_europe;
    get_secpay_conf();
    // Do field format checking and escaping for all fields
    if (!isFtpLogin($_REQUEST["adm_login"])) {
        $ret["err"] = 2;
        $ret["mesg"] = "User login format incorrect. Please use letters and numbers only and from 4 to 16 chars.";
        return $ret;
    }
    $q = "SELECT adm_login,id_client FROM {$pro_mysql_admin_table} WHERE adm_login='******';";
    $r = mysql_query($q) or die("Cannot query  \"{$q}\" !!! Line: " . __LINE__ . " File: " . __FILE__ . " MySQL said: " . mysql_error());
    $n = mysql_num_rows($r);
    if ($n != 1) {
        $ret["err"] = 3;
        $ret["mesg"] = "Username not found in database! Try again.";
        return $ret;
    } else {
        $admin = mysql_fetch_array($r);
    }
    if (isset($_REQUEST["renew_type"]) && ($_REQUEST["renew_type"] == "ssl" || $_REQUEST["renew_type"] == "ssl_renew")) {
        $q = "SELECT * FROM {$pro_mysql_product_table} WHERE heb_type ='ssl';";
    } else {
        $q = "SELECT * FROM {$pro_mysql_product_table} WHERE id='" . addslashes($_REQUEST["product_id"]) . "';";
    }
    $r = mysql_query($q) or die("Cannot querry {$q} line " . __LINE__ . " file " . __FILE__ . " sql said " . mysql_error());
    $n = mysql_num_rows($r);
    if ($n != 1) {
        $ret["err"] = 3;
        $ret["mesg"] = "<font color=\"red\">Cannot find product id!</font>";
        return $ret;
    }
    $a = mysql_fetch_array($r);
    $product = $a;
    $the_prod = $a["name"] . " (" . $a["price_dollar"] . " {$secpayconf_currency_letters})";
    $prod_id = $a["id"];
    $form = "<b><u>" . _("Renewal for login:"******"</u></b> " . $_REQUEST["adm_login"] . "<br>";
    $form .= "<b><u>" . _("Product to renew:") . "</u></b> " . $a["name"] . " (" . number_format($a["price_dollar"], 2) . " {$secpayconf_currency_letters})<br><br>";
    switch ($_REQUEST["renew_type"]) {
        case "vps":
            if (!isRandomNum($_REQUEST["vps_id"])) {
                $ret["err"] = 3;
                $ret["mesg"] = "<font color=\"red\">VPS id is not a valid number!</font>";
                return $ret;
            }
            $client_id = $_REQUEST["vps_id"];
            $q = "SELECT country_code  FROM {$pro_mysql_vps_table},{$pro_mysql_vps_server_table}\n\t\tWHERE {$pro_mysql_vps_table}.id='" . $_REQUEST["vps_id"] . "' AND {$pro_mysql_vps_server_table}.hostname = {$pro_mysql_vps_table}.vps_server_hostname";
            $r = mysql_query($q) or die("Cannot query {$q} line " . __LINE__ . " file " . __FILE__ . " mysql said: " . mysql_error());
            $n = mysql_num_rows($r);
            if ($n != 1) {
                $ret["err"] = 3;
                $ret["mesg"] = "<font color=\"red\">Cannot find vps server country</font>";
                return $ret;
            }
            $ax = mysql_fetch_array($r);
            $country = $ax["country_code"];
            break;
        case "shared":
        case "ssl":
            if (!isRandomNum($_REQUEST["client_id"])) {
                $ret["err"] = 3;
                $ret["mesg"] = "<font color=\"red\">Client id is not a valid number!</font>";
                return $ret;
            }
            $client_id = $_REQUEST["client_id"];
            $country = $conf_this_server_country_code;
            break;
        case "ssl_renew":
            if (!isRandomNum($_REQUEST["ssl_ip_id"])) {
                $ret["err"] = 3;
                $ret["mesg"] = "<font color=\"red\">ssl_ip_id is not a valid number!</font>";
                return $ret;
            }
            $client_id = $_REQUEST["ssl_ip_id"];
            $country = $conf_this_server_country_code;
            break;
        case "server":
            if (!isRandomNum($_REQUEST["server_id"])) {
                $ret["err"] = 3;
                $ret["mesg"] = "<font color=\"red\">Server id is not a valid number!</font>";
                return $ret;
            }
            $client_id = $_REQUEST["server_id"];
            $q = "SELECT country_code FROM {$pro_mysql_dedicated_table} WHERE id='" . $_REQUEST["server_id"] . "';";
            $r = mysql_query($q) or die("Cannot query {$q} line " . __LINE__ . " file " . __FILE__ . " mysql said: " . mysql_error());
            $n = mysql_num_rows($r);
            if ($n != 1) {
                $ret["err"] = 3;
                $ret["mesg"] = "<font color=\"red\">Cannot find dedicated server country</font>";
                return $ret;
            }
            $ax = mysql_fetch_array($r);
            $country = $ax["country_code"];
            break;
        default:
            die("Renew type unknown line " . __LINE__ . " file " . __FILE__);
            // To be implemented for other means!
            break;
    }
    $mail_content = "\nSomebody tried to renew a contract. Here is the details of the renewal:\n\nlogin: "******"adm_login"] . "\nProduct name: {$the_prod}\nRenew product type: " . $_REQUEST["renew_type"] . "\nService country: {$country}\n";
    if ($admin["id_client"] == 0) {
        $ret["err"] = 3;
        $ret["mesg"] = "Admin does not link to a client.";
        return $ret;
    }
    // Get the client ID so we can get the country
    $q = "SELECT * FROM {$pro_mysql_client_table} WHERE id='" . $admin["id_client"] . "'";
    $r = mysql_query($q) or die("Cannot query  \"{$q}\" !!! Line: " . __LINE__ . " File: " . __FILE__ . " MySQL said: " . mysql_error());
    $n = mysql_num_rows($r);
    if ($n != 1) {
        $ret["err"] = 3;
        $ret["mesg"] = "Client not found in database! Try again.";
        return $ret;
    } else {
        $client = mysql_fetch_array($r);
    }
    // Get the VAT from the invoicing company
    $company_invoicing_id = findInvoicingCompany($country, $client["country"]);
    $q = "SELECT * FROM {$pro_mysql_companies_table} WHERE id='{$company_invoicing_id}';";
    $r = mysql_query($q) or die("Cannot query \"{$q}\" ! line: " . __LINE__ . " file: " . __FILE__ . " sql said: " . mysql_error());
    if ($n != 1) {
        $ret["err"] = 3;
        $ret["mesg"] = "Cannot find company for invoicing.";
        return $ret;
    }
    $company_invoicing = mysql_fetch_array($r);
    // If VAT is set, use it.
    if ($company_invoicing["vat_rate"] == 0 || $company_invoicing["vat_number"] == "") {
        $vat_rate = 0;
        $use_vat = "no";
    } else {
        // Both companies are in europe, in different countries, and customer as a VAT number,
        // then there is no VAT and the customer shall pay the VAT in it's own country
        // These are the VAT rules in the European Union...
        if ($client["is_company"] == "yes" && $client["vat_num"] != "" && isset($cc_europe[$client["country"]]) && isset($cc_europe[$company_invoicing["country"]]) && $client["country"] != $company_invoicing["country"]) {
            $vat_rate = 0;
            $use_vat = "no";
        } else {
            $use_vat = "yes";
            $vat_rate = $company_invoicing["vat_rate"];
        }
    }
    $headers = "From: DTC Robot <{$conf_webmaster_email_addr}>";
    $subject = $admin["adm_login"] . " tried to renew {$the_prod}";
    mail($conf_webmaster_email_addr, "{$conf_message_subject_header} {$subject}", $mail_content, $headers);
    // Save the values in SQL and process the paynow buttons
    $q = "INSERT INTO {$pro_mysql_pending_renewal_table} (id,adm_login,renew_date,renew_time,product_id,renew_id,heb_type,country_code)\n\tVALUES ('','" . $_REQUEST["adm_login"] . "',now(),now(),'" . $prod_id . "','" . $client_id . "','" . $_REQUEST["renew_type"] . "','{$country}');";
    $r = mysql_query($q) or die("Cannot querry {$q} line " . __LINE__ . " file " . __FILE__ . " sql said " . mysql_error());
    $renew_id = mysql_insert_id();
    $payid = createCreditCardPaiementID($a["price_dollar"], $renew_id, $a["name"] . " (login: "******"adm_login"] . ")", "no", $prod_id, $vat_rate);
    $q = "UPDATE {$pro_mysql_pending_renewal_table} SET pay_id='{$payid}' WHERE id='{$renew_id}';";
    $r = mysql_query($q) or die("Cannot querry {$q} line " . __LINE__ . " file " . __FILE__ . " sql said " . mysql_error());
    $return_url = $_SERVER["PHP_SELF"] . "?action=return_from_pay&regid={$payid}";
    $paybutton = paynowButton($payid, $a["price_dollar"], $a["name"] . " (login: "******"adm_login"] . ")", $return_url, $vat_rate);
    $form .= _("Please click on the button below to send money in your account:") . "<br><br>" . $paybutton;
    $ret["err"] = 0;
    $ret["mesg"] = $form;
    return $ret;
}
}
////////////////////////////////////////////////
// Management of new users (eg virtual admins //
////////////////////////////////////////////////
if (isset($_REQUEST["updateuserinfo"]) && $_REQUEST["updateuserinfo"] == "Ok") {
    $adm_query = "UPDATE {$pro_mysql_admin_table} SET id_client='" . $_REQUEST["changed_id_client"] . "',\n\t\tadm_pass='******',path='" . $_REQUEST["changed_path"] . "',\n\t\tquota='" . $_REQUEST["adm_quota"] . "', bandwidth_per_month_mb='" . $_REQUEST["bandwidth_per_month"] . "',\n\t\texpire='" . $_REQUEST["expire"] . "',allow_add_domain='" . $_REQUEST["allow_add_domain"] . "',max_domain='" . $_REQUEST["max_domain"] . "',\n\t\tnbrdb='" . $_REQUEST["nbrdb"] . "',prod_id='" . $_REQUEST["heb_prod_id"] . "',\n\t\tresseller_flag='" . $_REQUEST["resseller_flag"] . "',\n\t\tssh_login_flag='" . $_REQUEST["ssh_login_flag"] . "',\n\t\tftp_login_flag='" . $_REQUEST["ftp_login_flag"] . "',\n\t\trestricted_ftp_path='" . $_REQUEST["restricted_ftp_path"] . "',\n\t\tallow_dns_and_mx_change='" . $_REQUEST["allow_dns_and_mx_change"] . "',\n\t\tallow_mailing_list_edit='" . $_REQUEST["allow_mailing_list_edit"] . "',\n\t\tallow_subdomain_edit='" . $_REQUEST["allow_subdomain_edit"] . "',\n\t\tpkg_install_flag='" . $_REQUEST["pkg_install_flag"] . "'\n\t\tWHERE adm_login='******';";
    mysql_query($adm_query) or die("Cannot execute query \"{$adm_query}\" line " . __LINE__ . " file " . __FILE__ . " " . mysql_error());
    // Tell the cron job to activate the changes (because the account might now be (not) expiring)
    $adm_query = "UPDATE {$pro_mysql_cronjob_table} SET gen_vhosts='yes',restart_apache='yes' WHERE 1;";
    mysql_query($adm_query);
}
// $newadmin_login $newadmin_pass $newadmin_path $newadmin_maxemail $newadmin_maxftp $newadmin_quota
if (isset($_REQUEST["newadminuser"]) && $_REQUEST["newadminuser"] == "Ok") {
    // Check for admin existance
    // Create admin directorys
    if (!isFtpLogin($_REQUEST["newadmin_login"])) {
        $submit_err .= _("Incorect admin login format: it should consist of only lowercase letters or numbers or the \"-\" sign, and should be between 4 and 16 chars long.<br>\n");
        $commit_flag = "no";
    }
    if (!isDTCPassword($_REQUEST["newadmin_pass"])) {
        $submit_err .= _("Password consist of only letters and numbers (a-zA-Z0-9) and should be between 6 and 16 chars long.<br>\n");
        $commit_flag = "no";
    }
    $newadmin_path = $_REQUEST["newadmin_path"] . "/" . $_REQUEST["newadmin_login"];
    if ($conf_demo_version == "no") {
        $oldumask = umask(0);
        if (!file_exists($newadmin_path)) {
            mkdir("{$newadmin_path}", 0750, 1);
            $console .= "mkdir -p {$newadmin_path};<br>";
        }
        umask($oldumask);
示例#5
0
        $q = "FLUSH PRIVILEGES;";
        $r = mysql_query($q) or die("Cannot execute query \"{$q}\" line " . __LINE__ . " file " . __FILE__ . " sql said " . mysql_error());
    }
    if ($conf_user_mysql_type == "distant") {
        mysql_close($newid) or die("Cannot disconnect to user database");
        connect2base();
    }
    updateUsingCron("gen_backup='yes'");
}
if (isset($_REQUEST["action"]) && $_REQUEST["action"] == "change_db_owner") {
    checkLoginPass($adm_login, $adm_pass);
    if ($conf_user_mysql_type == "distant") {
        $newid = mysql_connect($conf_user_mysql_host, $conf_user_mysql_root_login, $conf_user_mysql_root_pass) or die("Cannot connect to user SQL host");
    }
    // action=change_db_owner&dbname=clem&dbuser=zigo
    if (!isFtpLogin($_REQUEST["dbuser"])) {
        $submit_err .= _("Incorrect MySQL login format: please enter another login and try again.") . "<br>\n";
        $commit_flag = "no";
    }
    if (!isDatabase($_REQUEST["dbname"])) {
        $submit_err .= _("Incorrect MySQL db name format: please enter another and try again.") . "<br>\n";
        $commit_flag = "no";
    } else {
        $q = "SELECT User FROM mysql.db WHERE Db='" . $_REQUEST["dbname"] . "';";
        $r = mysql_query($q) or die("Cannot execute query \"{$q}\" line " . __LINE__ . " file " . __FILE__ . " sql said " . mysql_error());
        $n = mysql_num_rows($r);
        if ($n < 1) {
            $submit_err .= "Cannot reselect MySQL db name: please enter another and try again.<br>\n";
            $commit_flag = "no";
        } else {
            $a = mysql_fetch_array($r);
示例#6
0
    mysql_query($adm_query) or die("Cannot execute query \"{$adm_query}\"");
    updateUsingCron("gen_ssh='yes'");
}
// $edssh_account $edit_domain $edssh_pass
if (isset($_REQUEST["update_ssh_account"]) && $_REQUEST["update_ssh_account"] == "Ok") {
    checkLoginPassAndDomain($adm_login, $adm_pass, $edit_domain);
    $adm_path = getAdminPath($adm_login);
    if (!hasSSHLoginFlag($adm_login)) {
        $submit_err .= "You don't have the SSH login flag!";
        $commit_flag = "no";
    }
    if (0 != strncmp($adm_path, $_REQUEST["edssh_path"], strlen($adm_path) - 1) || strstr($_REQUEST["edssh_path"], '..') || strstr($_REQUEST["edssh_path"], "'") || strstr($_REQUEST["edssh_path"], "\\")) {
        $submit_err .= _("Your path is restricted to ") . "&quot;{$adm_path}/{$edit_domain}/subdomains&quot;<br>\n";
        $commit_flag = "no";
    }
    $new_path = $_REQUEST["edssh_path"];
    if (!isFtpLogin($_REQUEST["edssh_account"])) {
        $submit_err .= _("Incorrect ssh login : this is not a good string for a ssh login, please enter a new one.");
        $commit_flag = "no";
    }
    if (!isDTCPassword($_REQUEST["edssh_pass"])) {
        $submit_err .= _("Incorrect SSH password: from 6 to 16 chars, a-z A-Z 0-9");
        $commit_flag = "no";
    }
    $crypt_ssh_password = crypt($_REQUEST["edssh_pass"], dtc_makesalt());
    if ($commit_flag == "yes") {
        $adm_query = "UPDATE {$pro_mysql_ssh_table} SET homedir='" . addslashes($new_path) . "', crypt='" . $crypt_ssh_password . "', password='******' WHERE login ='******' AND hostname='{$edit_domain}' LIMIT 1;";
        mysql_query($adm_query) or die("Cannot execute query \"{$adm_query}\"");
    }
    updateUsingCron("gen_ssh='yes'");
}
示例#7
0
                die("Object should have ob_next line " . __LINE__ . " file " . __FILE__);
            }
            $q2 = "SELECT * FROM {$pro_mysql_admin_table} WHERE adm_login='******'";
            $r2 = mysql_query($q2) or die("Cannot query {$q} line " . __LINE__ . " file " . __FILE__ . " sql said " . mysql_error());
            $n2 = mysql_num_rows($r2);
            if ($n2 != 1) {
                die("Cannot found admin line " . __LINE__ . " file " . __FILE__);
            }
            $last_adm_login = $cur["adm_login"];
            $cur = mysql_fetch_array($r2);
            $max_loop--;
        } while ($cur["ob_tail"] != $last_adm_login && $max_loop != 0);
        if ($max_loop == 0) {
            die("Max loop reached line " . __LINE__ . " file " . __FILE__);
        }
        $adm_login_father = $cur["adm_login"];
        deleteAdminFromFather($adm_login, $adm_login_father);
    } else {
        recursiveDeleteAdmin($adm_login);
    }
}
// adm_login=zigo&addrlink=resseller&adm_pass=513411410&action=delete_child_account&account_name=bbbb
if (isset($_REQUEST["action"]) && $_REQUEST["action"] == "delete_child_account") {
    checkLoginPass($adm_login, $adm_pass);
    if (!isFtpLogin($_REQUEST["account_name"])) {
        $submit_err .= "Incorrect DTC login: a-z A-Z 0-9<br>\n";
        $commit_flag = "no";
    } else {
        deleteAdminFromFather($_REQUEST["account_name"], $adm_login);
    }
}
示例#8
0
$panel_type = "none";
require_once "../shared/autoSQLconfig.php";
require_once "{$dtcshared_path}/dtc_lib.php";
session_name("wallid");
header("Content-type: image/png");
// Date in the past
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
// always modified
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
// HTTP/1.1
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
// HTTP/1.0
header("Pragma: no-cache");
if (isFtpLogin($_REQUEST["adm_login"])) {
    $adm_login = $_REQUEST["adm_login"];
} else {
    die("No login in query");
}
$width = 120;
$height = 48;
$im = ImageCreate($width, $height) or die("Cannot Initialize new GD image stream");
$lightblue_color = ImageColorAllocate($im, 190, 190, 212);
$black = ImageColorAllocate($im, 0, 0, 0);
$white = ImageColorAllocate($im, 255, 255, 255);
$red = ImageColorAllocate($im, 255, 0, 0);
for ($m = 0; $m < 12; $m++) {
    $tr_tbl[$m] = 0;
}
/*
示例#9
0
function dtcListItemsEdit($dsc)
{
    global $adm_pass;
    $out = "<h3>" . $dsc["title"] . "</u></b></h3>";
    // Calculate the forwards parameters for links and forms
    $nbr_forwards = sizeof($dsc["forward"]);
    $keys_fw = array_keys($dsc["forward"]);
    $fw = "";
    $fw_link = $_SERVER["PHP_SELF"] . "?";
    for ($i = 0; $i < $nbr_forwards; $i++) {
        if ($dsc["forward"][$i] == "adm_pass") {
            $fw .= "<input type=\"hidden\" name=\"" . $dsc["forward"][$i] . "\" value=\"" . $adm_pass . "\">";
        } else {
            $fw .= "<input type=\"hidden\" name=\"" . $dsc["forward"][$i] . "\" value=\"" . $_REQUEST[$dsc["forward"][$i]] . "\">";
        }
        if ($i != 0) {
            $fw_link .= "&";
        }
        if ($dsc["forward"][$i] == "adm_pass") {
            $fw_link .= $dsc["forward"][$i] . "={$adm_pass}";
        } else {
            $fw_link .= $dsc["forward"][$i] . "=" . $_REQUEST[$dsc["forward"][$i]];
        }
    }
    // Condition to add to each queries
    $where = "WHERE 1";
    if (isset($dsc["order_by"])) {
        $order_by = " ORDER BY " . $dsc["order_by"];
    } else {
        $order_by = "";
    }
    $added_insert_names = "";
    $added_insert_values = "";
    if (isset($dsc["where_list"])) {
        $nbr_where = sizeof($dsc["where_list"]);
        $where_keys = array_keys($dsc["where_list"]);
        for ($i = 0; $i < $nbr_where; $i++) {
            if ($i != 0) {
                $added_insert_names .= ",";
                $added_insert_values .= ",";
            }
            $added_insert_names .= $where_keys[$i];
            $added_insert_values .= "'" . $dsc["where_list"][$where_keys[$i]] . "'";
            $where .= " AND " . $where_keys[$i] . "='" . $dsc["where_list"][$where_keys[$i]] . "'";
        }
        // As there will be other fields, we need that one
        $added_insert_names .= ",";
        $added_insert_values .= ",";
    }
    // Number of fields that we are about to manage here and theire names
    $nbr_fld = sizeof($dsc["cols"]);
    $keys = array_keys($dsc["cols"]);
    // We need the current number of items now to check against the max number for addition
    $q = "SELECT " . $dsc["id_fld"] . "," . $dsc["list_fld_show"] . " FROM " . $dsc["table_name"] . " {$where};";
    $r_item_list = mysql_query($q) or die("Cannot query {$q} in " . __FILE__ . " line " . __LINE__ . " sql said: " . mysql_error());
    $current_num_items = mysql_num_rows($r_item_list);
    // SQL submit stuffs
    if (isset($_REQUEST["action"]) && $_REQUEST["action"] == $dsc["action"] . "_new_item") {
        // Todo: do the fields checkings
        $commit_flag = "yes";
        $commit_err = "";
        for ($i = 0; $i < $nbr_fld; $i++) {
            switch ($dsc["cols"][$keys[$i]]["type"]) {
                case "popup":
                case "radio":
                    $nbr_choices = sizeof($dsc["cols"][$keys[$i]]["values"]);
                    $is_one_of_them = "no";
                    for ($j = 0; $j < $nbr_choices; $j++) {
                        if ($dsc["cols"][$keys[$i]]["values"][$j] == $_REQUEST[$keys[$i]]) {
                            $is_one_of_them = "yes";
                        }
                    }
                    if ($is_one_of_them == "no") {
                        $commit_flag = "no";
                        $commit_err = "the variable " . $keys[$i] . " is not one of the allowed values<br>";
                    }
                    break;
                default:
                    break;
            }
            if (isset($dsc["cols"][$keys[$i]]["check"])) {
                switch ($dsc["cols"][$keys[$i]]["check"]) {
                    case "subdomain":
                        if (!checkSubdomainFormat($_REQUEST[$keys[$i]])) {
                            if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") {
                                $commit_flag = "no";
                                $commit_err .= $keys[$i] . ": not a subdomain<br>";
                            }
                        }
                        break;
                    case "subdomain_or_ip":
                        if (!checkSubdomainFormat($_REQUEST[$keys[$i]]) && !isIP($_REQUEST[$keys[$i]])) {
                            if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") {
                                $commit_flag = "no";
                                $commit_err .= $keys[$i] . ": not a subdomain or IP addresse<br>";
                            }
                        }
                        break;
                    case "ip6":
                        if (!isIP6($_REQUEST[$keys[$i]])) {
                            if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") {
                                if (!isset($dsc["cols"][$keys[$i]]["empty_makes_default"]) || $dsc["cols"][$keys[$i]]["empty_makes_default"] != "yes" || $_REQUEST[$keys[$i]] != "default") {
                                    $commit_flag = "no";
                                    $commit_err .= $keys[$i] . ": not an IPv6 address<br>";
                                }
                            }
                        }
                        break;
                    case "ip_addr":
                        if (!isIP($_REQUEST[$keys[$i]])) {
                            if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") {
                                $commit_flag = "no";
                                $commit_err .= $keys[$i] . ": not an IP address<br>";
                            }
                        }
                        break;
                    case "domain_or_ip":
                        if (!isIP($_REQUEST[$keys[$i]]) && !isHostname($_REQUEST[$keys[$i]])) {
                            if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") {
                                $commit_flag = "no";
                                $commit_err .= $keys[$i] . ": not a domain or IP addresse<br>";
                            }
                        }
                        break;
                    case "dtc_login":
                        if (!isFtpLogin($_REQUEST[$keys[$i]])) {
                            if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") {
                                $commit_flag = "no";
                                $commit_err .= $keys[$i] . ": not a correct login format.<br>";
                            }
                        }
                        break;
                    case "dtc_login_or_email":
                        if (!isFtpLogin($_REQUEST[$keys[$i]]) && !isValidEmail($_REQUEST[$keys[$i]])) {
                            if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") {
                                $commit_flag = "no";
                                $commit_err .= $keys[$i] . ": not a correct login format.<br>";
                            }
                        }
                        break;
                    case "mail_alias_group":
                        $mail_alias_group_raw = trim($_REQUEST[$keys[$i]], "\r\n");
                        $mail_alias_nocr = str_replace("\r", "", $mail_alias_group_raw);
                        $mail_alias_array = split("\n", $mail_alias_nocr);
                        for ($x = 0; $x < count($mail_alias_array); $x++) {
                            if (!isValidEmail($mail_alias_array[$x])) {
                                $commit_flag = "no";
                                $commit_err .= $mail_alias_array[$x] . ": not a valid email format.<br>";
                            }
                        }
                        break;
                    case "dtc_pass":
                        if (!isDTCPassword($_REQUEST[$keys[$i]])) {
                            if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") {
                                $commit_flag = "no";
                                $commit_err .= $keys[$i] . ": not a correct password format<br>";
                            }
                        }
                        break;
                    case "email":
                        if (!isValidEmail($_REQUEST[$keys[$i]])) {
                            if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") {
                                $commit_flag = "no";
                                $commit_err .= $keys[$i] . ": not a correct email format<br>";
                            }
                        }
                        break;
                    case "number":
                        if (!isRandomNum($_REQUEST[$keys[$i]])) {
                            if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") {
                                $commit_flag = "no";
                                $commit_err .= $keys[$i] . ": not a correct number format<br>";
                            }
                        }
                        break;
                    case "max_value_2096":
                        if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") {
                            if (!isRandomNum($_REQUEST[$keys[$i]])) {
                                $commit_flag = "no";
                                $commit_err .= $keys[$i] . ": not a correct number format<br>";
                            }
                            if ($_REQUEST[$keys[$i]] >= 2096) {
                                $commit_flag = "no";
                                $commit_err .= $keys[$i] . ": is greater or equal than the max value 2096<br>";
                            }
                        }
                        break;
                    default:
                        $commit_flag = "no";
                        $commit_err .= $keys[$i] . ": unknown field checking type (" . $dsc["cols"][$keys[$i]]["check"] . ").<br>";
                        break;
                }
            }
        }
        if (isset($dsc["max_item"]) && $current_num_items >= $dsc["max_item"]) {
            $commit_flag = "no";
            $commit_err = "Max number of items reached!";
        }
        if (isset($dsc["check_unique"])) {
            $nbr_unique_check = sizeof($dsc["check_unique"]);
            $where_clause = "";
            for ($i = 0; $i < $nbr_unique_check; $i++) {
                if ($i != 0) {
                    $where_clause .= " AND ";
                }
                if (isset($dsc["cols"][$dsc["check_unique"][$i]]["happen_domain"])) {
                    $where_clause .= $dsc["check_unique"][$i] . "='" . $_REQUEST[$dsc["check_unique"][$i]] . $dsc["cols"][$dsc["check_unique"][$i]]["happen_domain"] . "' ";
                } else {
                    $where_clause .= $dsc["check_unique"][$i] . "='" . $_REQUEST[$dsc["check_unique"][$i]] . "' ";
                }
            }
            if (!isset($dsc["check_unique_use_where_list"]) || $dsc["check_unique_use_where_list"] == "yes") {
                $nbr_where_list_fld = sizeof($dsc["where_list"]);
                $where_list_keys_fld = array_keys($dsc["where_list"]);
                for ($i = 0; $i < $nbr_where_list_fld; $i++) {
                    $where_clause .= " AND " . $where_list_keys_fld[$i] . "='" . $dsc["where_list"][$where_list_keys_fld[$i]] . "'";
                }
            }
            $q = "SELECT * FROM " . $dsc["table_name"] . " WHERE {$where_clause} ";
            $r = mysql_query($q) or die("Cannot query \"{$q}\" line " . __LINE__ . " file " . __FILE__ . " sql said: " . mysql_error());
            $n = mysql_num_rows($r);
            if ($n > 0) {
                $commit_flag = "no";
                $commit_err = $dsc["check_unique_msg"];
            }
        }
        // Build the request
        $fld_names = "";
        $values = "";
        $added_one = "no";
        for ($i = 0; $i < $nbr_fld; $i++) {
            switch ($dsc["cols"][$keys[$i]]["type"]) {
                case "password":
                    if ($added_one == "yes") {
                        $fld_names .= ",";
                        $values .= ",";
                    }
                    $fld_names .= $keys[$i];
                    if (isset($dsc["cols"][$keys[$i]]["empty_makes_sql_null"]) && $dsc["cols"][$keys[$i]]["empty_makes_sql_null"] == "yes" && $_REQUEST[$keys[$i]] == "") {
                        $values .= "NULL";
                    } else {
                        if (isset($dsc["cols"][$keys[$i]]["empty_makes_default"]) && $dsc["cols"][$keys[$i]]["empty_makes_default"] == "yes" && $_REQUEST[$keys[$i]] == "") {
                            $values .= "'default'";
                        } else {
                            if (isset($dsc["cols"][$keys[$i]]["happen_domain"])) {
                                $values .= "'" . addslashes($_REQUEST[$keys[$i]]) . $dsc["cols"][$keys[$i]]["happen_domain"] . "'";
                            } else {
                                $values .= "'" . addslashes($_REQUEST[$keys[$i]]) . "'";
                            }
                            // if the crypt field is set, then we use this as the SQL field to populate the crypted password into
                            if (isset($dsc["cols"][$keys[$i]]["cryptfield"])) {
                                if ($added_one == "yes") {
                                    $fld_names .= ",";
                                    $values .= ",";
                                }
                                $fld_names .= $dsc["cols"][$keys[$i]]["cryptfield"];
                                $values .= "'" . crypt($_REQUEST[$keys[$i]], dtc_makesalt()) . "'";
                            }
                        }
                    }
                    $added_one = "yes";
                    break;
                case "text":
                case "textarea":
                    if ($added_one == "yes") {
                        $fld_names .= ",";
                        $values .= ",";
                    }
                    $fld_names .= $keys[$i];
                    if (isset($dsc["cols"][$keys[$i]]["empty_makes_sql_null"]) && $dsc["cols"][$keys[$i]]["empty_makes_sql_null"] == "yes" && $_REQUEST[$keys[$i]] == "") {
                        $values .= "NULL";
                    } else {
                        if (isset($dsc["cols"][$keys[$i]]["empty_makes_default"]) && $dsc["cols"][$keys[$i]]["empty_makes_default"] == "yes" && $_REQUEST[$keys[$i]] == "") {
                            $values .= "'default'";
                        } else {
                            if (isset($dsc["cols"][$keys[$i]]["happen_domain"])) {
                                $values .= "'" . addslashes($_REQUEST[$keys[$i]]) . $dsc["cols"][$keys[$i]]["happen_domain"] . "'";
                            } else {
                                $values .= "'" . addslashes($_REQUEST[$keys[$i]]) . "'";
                            }
                        }
                    }
                    $added_one = "yes";
                    break;
                case "checkbox":
                    if ($added_one == "yes") {
                        $fld_names .= ",";
                        $values .= ",";
                    }
                    $added_one = "yes";
                    $fld_names .= $keys[$i];
                    if (isset($_REQUEST[$keys[$i]])) {
                        $values .= "'" . $dsc["cols"][$keys[$i]]["values"][0] . "'";
                    } else {
                        $values .= "'" . $dsc["cols"][$keys[$i]]["values"][1] . "'";
                    }
                    break;
                case "popup":
                case "radio":
                    if ($added_one == "yes") {
                        $fld_names .= ",";
                        $values .= ",";
                    }
                    $fld_names .= $keys[$i];
                    $values .= "'" . addslashes($_REQUEST[$keys[$i]]) . "'";
                    $added_one = "yes";
                    break;
            }
        }
        if ($commit_flag == "yes") {
            $q = "INSERT INTO " . $dsc["table_name"] . " ({$added_insert_names} {$fld_names}) VALUES ({$added_insert_values} {$values});";
            $success = "yes";
            $r = mysql_query($q) or $success = "no";
            if ($success == "yes") {
                $insert_id = mysql_insert_id();
                if (isset($dsc["create_item_callback"])) {
                    $out .= $dsc["create_item_callback"]($insert_id);
                }
            } else {
                $out .= "<font color=\"red\">Cannot query {$q} in " . __FILE__ . " line " . __LINE__ . " sql said: " . mysql_error() . "</font>";
            }
        } else {
            $out .= "<font color=\"red\">Could not commit the changes because of an error in field format: <br>{$commit_err}</font><br>";
        }
    } else {
        if (isset($_REQUEST["action"]) && $_REQUEST["action"] == $dsc["action"] . "_save_item") {
            // Todo: do the fields checkings
            $commit_flag = "yes";
            $commit_err = "";
            for ($i = 0; $i < $nbr_fld; $i++) {
                switch ($dsc["cols"][$keys[$i]]["type"]) {
                    case "checkbox":
                        break;
                    case "popup":
                    case "radio":
                    case "checkbox":
                        $nbr_choices = sizeof($dsc["cols"][$keys[$i]]["values"]);
                        $is_one_of_them = "no";
                        for ($j = 0; $j < $nbr_choices; $j++) {
                            if ($dsc["cols"][$keys[$i]]["values"][$j] == $_REQUEST[$keys[$i]]) {
                                $is_one_of_them = "yes";
                            }
                        }
                        if ($is_one_of_them == "no") {
                            $commit_flag = "no";
                            $commit_err = "the variable " . $keys[$i] . " is not one of the allowed values<br>";
                        }
                        break;
                    default:
                        break;
                }
                if (isset($dsc["cols"][$keys[$i]]["check"]) && (!isset($dsc["cols"][$keys[$i]]["disable_edit"]) || $dsc["cols"][$keys[$i]]["disable_edit"] != "yes")) {
                    switch ($dsc["cols"][$keys[$i]]["check"]) {
                        case "subdomain":
                            if (!checkSubdomainFormat($_REQUEST[$keys[$i]])) {
                                if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") {
                                    $commit_flag = "no";
                                    $commit_err .= $keys[$i] . ": not a subdomain<br>";
                                }
                            }
                            break;
                        case "subdomain_or_ip":
                            if (!checkSubdomainFormat($_REQUEST[$keys[$i]]) && !isIP($_REQUEST[$keys[$i]])) {
                                if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") {
                                    $commit_flag = "no";
                                    $commit_err .= $keys[$i] . ": not a subdomain or IP addresse<br>";
                                }
                            }
                            break;
                        case "ip6":
                            if (!isIP6($_REQUEST[$keys[$i]])) {
                                if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") {
                                    if (!isset($dsc["cols"][$keys[$i]]["empty_makes_default"]) || $dsc["cols"][$keys[$i]]["empty_makes_default"] != "yes" || $_REQUEST[$keys[$i]] != "default") {
                                        $commit_flag = "no";
                                        $commit_err .= $keys[$i] . ": not an IPv6 address<br>";
                                    }
                                }
                            }
                            break;
                        case "ip_addr":
                            if (!isIP($_REQUEST[$keys[$i]])) {
                                if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") {
                                    $commit_flag = "no";
                                    $commit_err .= $keys[$i] . ": not an IP address<br>";
                                }
                            }
                            break;
                        case "domain_or_ip":
                            if (!isIP($_REQUEST[$keys[$i]]) && !isHostname($_REQUEST[$keys[$i]])) {
                                if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") {
                                    $commit_flag = "no";
                                    $commit_err .= $keys[$i] . ": not a domain or IP addresse<br>";
                                }
                            }
                            break;
                        case "dtc_login":
                            if (!isFtpLogin($_REQUEST[$keys[$i]])) {
                                if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") {
                                    $commit_flag = "no";
                                    $commit_err .= $keys[$i] . ": not a correct login format.<br>";
                                }
                            }
                            break;
                        case "dtc_login_or_email":
                            if (!isFtpLogin($_REQUEST[$keys[$i]]) && !isValidEmail($_REQUEST[$keys[$i]])) {
                                if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") {
                                    $commit_flag = "no";
                                    $commit_err .= $keys[$i] . ": not a correct login format.<br>";
                                }
                            }
                            break;
                        case "mail_alias_group":
                            $mail_alias_group_raw = trim($_REQUEST[$keys[$i]], "\r\n");
                            $mail_alias_nocr = str_replace("\r", "", $mail_alias_group_raw);
                            $mail_alias_array = split("\n", $mail_alias_nocr);
                            for ($x = 0; $x < count($mail_alias_array); $x++) {
                                if (!isValidEmail($mail_alias_array[$x])) {
                                    $commit_flag = "no";
                                    $commit_err .= $mail_alias_array[$x] . ": not a valid email format.<br>";
                                }
                            }
                            break;
                        case "dtc_pass":
                            if (!isDTCPassword($_REQUEST[$keys[$i]])) {
                                if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") {
                                    $commit_flag = "no";
                                    $commit_err .= $keys[$i] . ": not a correct password format<br>";
                                }
                            }
                            break;
                        case "email":
                            if (!isValidEmail($_REQUEST[$keys[$i]])) {
                                if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") {
                                    $commit_flag = "no";
                                    $commit_err .= $keys[$i] . ": not a correct email format<br>";
                                }
                            }
                            break;
                        case "number":
                            if (!isRandomNum($_REQUEST[$keys[$i]])) {
                                if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") {
                                    $commit_flag = "no";
                                    $commit_err .= $keys[$i] . ": not a correct number format<br>";
                                }
                            }
                            break;
                        case "max_value_2096":
                            if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") {
                                if (!isRandomNum($_REQUEST[$keys[$i]])) {
                                    $commit_flag = "no";
                                    $commit_err .= $keys[$i] . ": not a correct number format<br>";
                                }
                                if ($_REQUEST[$keys[$i]] >= 2096) {
                                    $commit_flag = "no";
                                    $commit_err .= $keys[$i] . ": is greater or equal than the max value 2096<br>";
                                }
                            }
                            break;
                        default:
                            $commit_flag = "no";
                            $commit_err .= $keys[$i] . ": unknown field checking type (" . $dsc["cols"][$keys[$i]]["check"] . ").<br>";
                            break;
                    }
                }
            }
            // Build the request
            $added_one = "no";
            $reqs = "";
            for ($i = 0; $i < $nbr_fld; $i++) {
                switch ($dsc["cols"][$keys[$i]]["type"]) {
                    case "id":
                        $id_fldname = $keys[$i];
                        $id_fld_value = addslashes($_REQUEST[$keys[$i]]);
                        break;
                    case "readonly":
                        break;
                    case "text":
                    case "textarea":
                    case "password":
                        if (!isset($dsc["cols"][$keys[$i]]["disable_edit"]) || $dsc["cols"][$keys[$i]]["disable_edit"] != "yes") {
                            if ($added_one == "yes") {
                                $reqs .= ",";
                            }
                            if (isset($dsc["cols"][$keys[$i]]["happen_domain"])) {
                                $happen = $dsc["cols"][$keys[$i]]["happen_domain"];
                            } else {
                                $happen = "";
                            }
                            if (isset($dsc["cols"][$keys[$i]]["empty_makes_sql_null"]) && $dsc["cols"][$keys[$i]]["empty_makes_sql_null"] == "yes" && $_REQUEST[$keys[$i]] == "") {
                                $reqs .= $keys[$i] . "=NULL";
                            } else {
                                if (isset($dsc["cols"][$keys[$i]]["empty_makes_default"]) && $dsc["cols"][$keys[$i]]["empty_makes_default"] == "yes" && $_REQUEST[$keys[$i]] == "") {
                                    $reqs .= $keys[$i] . "='default'";
                                } else {
                                    $reqs .= $keys[$i] . "='" . addslashes($_REQUEST[$keys[$i]]) . $happen . "'";
                                    // if the crypt field is set, then we use this as the SQL field to populate the crypted password into
                                    if (isset($dsc["cols"][$keys[$i]]["cryptfield"])) {
                                        if ($added_one == "yes") {
                                            $reqs .= ", ";
                                        }
                                        $reqs .= " " . $dsc["cols"][$keys[$i]]["cryptfield"] . "='" . crypt($_REQUEST[$keys[$i]], dtc_makesalt()) . "' ";
                                    }
                                }
                            }
                            $added_one = "yes";
                        }
                        break;
                    case "popup":
                    case "radio":
                        if ($added_one == "yes") {
                            $reqs .= ",";
                        }
                        $reqs .= $keys[$i] . "='" . addslashes($_REQUEST[$keys[$i]]) . "'";
                        $added_one = "yes";
                        break;
                    case "checkbox":
                        if ($added_one == "yes") {
                            $reqs .= ",";
                        }
                        if (isset($_REQUEST[$keys[$i]])) {
                            $reqs .= $keys[$i] . "='" . $dsc["cols"][$keys[$i]]["values"][0] . "'";
                        } else {
                            $reqs .= $keys[$i] . "='" . $dsc["cols"][$keys[$i]]["values"][1] . "'";
                        }
                        break;
                    default:
                        die($dsc["cols"][$keys[$i]]["type"] . ": Not implemented yet line " . __LINE__ . " file " . __FILE__);
                        break;
                }
            }
            if ($commit_flag != "yes") {
                $out .= "<font color=\"red\">Could not commit the changes because of an error in field format: [todo: error desc]<br>{$commit_err}</font>";
            } else {
                if (!isset($id_fldname) || !isset($id_fld_value)) {
                    $out .= "<font color=\"red\">Could not commit the changes because the id is not set!</font>";
                } else {
                    $q = "UPDATE " . $dsc["table_name"] . " SET {$reqs} {$where} AND {$id_fldname}='{$id_fld_value}';";
                    $r = mysql_query($q) or $out .= "<font color=\"red\">Cannot query {$q} in " . __FILE__ . " line " . __LINE__ . " sql said: " . mysql_error() . "</font>";
                    if (isset($dsc["edit_item_callback"])) {
                        $dsc["edit_item_callback"]($id_fld_value);
                    }
                }
            }
        } else {
            if (isset($_REQUEST["action"]) && $_REQUEST["action"] == $dsc["action"] . "_delete_item") {
                for ($i = 0; $i < $nbr_fld; $i++) {
                    if ($dsc["cols"][$keys[$i]]["type"] == "id") {
                        $id_fldname = $keys[$i];
                        $id_fld_value = addslashes($_REQUEST[$keys[$i]]);
                    }
                }
                if (isset($id_fldname) && isset($id_fld_value)) {
                    if (isset($dsc["delete_item_callback"])) {
                        $dsc["delete_item_callback"]($id_fld_value);
                    }
                    $q = "DELETE FROM " . $dsc["table_name"] . " {$where} AND {$id_fldname}='" . $id_fld_value . "';";
                    $r = mysql_query($q) or $out .= "<font color=\"red\">Cannot query {$q} in " . __FILE__ . " line " . __LINE__ . " sql said: " . mysql_error() . "</font>";
                } else {
                    $out .= "<font color=\"red\">Could not commit the deletion because the id field could not be found.</font>";
                }
            }
        }
    }
    // We have to query it again, in case an insert or a delete has occured!
    $q = "SELECT " . $dsc["id_fld"] . "," . $dsc["list_fld_show"] . " FROM " . $dsc["table_name"] . " {$where} {$order_by};";
    $r_item_list = mysql_query($q) or die("Cannot query {$q} in " . __FILE__ . " line " . __LINE__ . " sql said: " . mysql_error());
    $current_num_items = mysql_num_rows($r_item_list);
    if (isset($dsc["max_item"])) {
        if ($current_num_items >= $dsc["max_item"]) {
            $out .= "<font color=\"red\">";
        }
        $out .= $dsc["num_item_txt"] . $current_num_items . "/" . $dsc["max_item"];
        if ($current_num_items >= $dsc["max_item"]) {
            $out .= "</font>";
        }
        $out .= "<br><br>";
    }
    // First display a list of items
    for ($i = 0; $i < $current_num_items; $i++) {
        $a = mysql_fetch_array($r_item_list);
        if ($i != 0) {
            $out .= " - ";
        }
        if (isset($_REQUEST["subaction"]) && $_REQUEST["subaction"] == $dsc["action"] . "_edit_item" && $_REQUEST["item"] == $a[$dsc["id_fld"]]) {
            $out .= $a[$dsc["list_fld_show"]];
        } else {
            $out .= "<a href=\"{$fw_link}&subaction=" . $dsc["action"] . "_edit_item&item=" . $a[$dsc["id_fld"]] . "\">" . $a[$dsc["list_fld_show"]] . "</a>";
        }
    }
    $out .= "<br><br>";
    // Creation of new items
    if (!isset($_REQUEST["subaction"]) || $_REQUEST["subaction"] != $dsc["action"] . "_edit_item") {
        $out .= $dsc["new_item_link"] . "<br><br>";
        $out .= "<h3>" . $dsc["new_item_title"] . "</h3><br>";
        if (isset($dsc["max_item"]) && $current_num_items >= $dsc["max_item"]) {
            $out .= "<font color=\"red\">" . _("Maximum number reached") . "!</font><br>";
        } else {
            $out .= "<form name=\"" . $dsc["action"] . "_new_item_frm\" action=\"" . $_SERVER["PHP_SELF"] . "\">{$fw}\n\t\t\t\t<input type=\"hidden\" name=\"action\" value=\"" . $dsc["action"] . "_new_item\">" . dtcFormTableAttrs();
            for ($i = 0; $i < $nbr_fld; $i++) {
                if (isset($dsc["cols"][$keys[$i]]["help"])) {
                    $help = $dsc["cols"][$keys[$i]]["help"];
                } else {
                    $help = "";
                }
                switch ($dsc["cols"][$keys[$i]]["type"]) {
                    case "id":
                        $out .= "<input type=\"hidden\" name=\"" . $keys[$i] . "\" value=\"\">";
                        break;
                    case "password":
                        $genpass = autoGeneratePassButton($dsc["action"] . "_new_item_frm", $keys[$i]);
                        $ctrl = "<input type=\"password\" name=\"" . $keys[$i] . "\" value=\"\">{$genpass}";
                        $out .= dtcFormLineDraw($dsc["cols"][$keys[$i]]["legend"], $ctrl, $i % 2, $help);
                        break;
                    case "text":
                    case "readonly":
                        if (isset($dsc["cols"][$keys[$i]]["hide_create"]) && $dsc["cols"][$keys[$i]]["hide_create"] == "yes") {
                            break;
                        }
                        if (isset($dsc["cols"][$keys[$i]]["happen_domain"])) {
                            $happen = $dsc["cols"][$keys[$i]]["happen_domain"];
                        } else {
                            $happen = "";
                        }
                        if (isset($dsc["cols"][$keys[$i]]["happen"])) {
                            $happen .= $dsc["cols"][$keys[$i]]["happen"];
                        }
                        if (isset($dsc["cols"][$keys[$i]]["default"])) {
                            $ctrl_value = $dsc["cols"][$keys[$i]]["default"];
                        } else {
                            $ctrl_value = "";
                        }
                        if ($dsc["cols"][$keys[$i]]["type"] == "readonly") {
                            $ctrl = "<input type=\"text\" name=\"" . $keys[$i] . "\" value=\"{$ctrl_value}\" READONLY>{$happen}";
                        } else {
                            $ctrl = "<input type=\"text\" name=\"" . $keys[$i] . "\" value=\"{$ctrl_value}\">{$happen}";
                        }
                        $out .= dtcFormLineDraw($dsc["cols"][$keys[$i]]["legend"], $ctrl, $i % 2, $help);
                        break;
                    case "textarea":
                        if (isset($dsc["cols"][$keys[$i]]["cols"])) {
                            $ctrl_cols = " cols=\"" . $dsc["cols"][$keys[$i]]["cols"] . "\" ";
                        } else {
                            $ctrl_cols = "";
                        }
                        if (isset($dsc["cols"][$keys[$i]]["rows"])) {
                            $ctrl_rows = " rows=\"" . $dsc["cols"][$keys[$i]]["rows"] . "\" ";
                        } else {
                            $ctrl_rows = "";
                        }
                        $ctrl = "<textarea {$ctrl_cols} {$ctrl_rows} name=\"" . $keys[$i] . "\"></textarea>";
                        $out .= dtcFormLineDraw($dsc["cols"][$keys[$i]]["legend"], $ctrl, $i % 2, $help);
                        break;
                    case "radio":
                        $nbr_choices = sizeof($dsc["cols"][$keys[$i]]["values"]);
                        $ctrl = "";
                        for ($x = 0; $x < $nbr_choices; $x++) {
                            if (isset($dsc["cols"][$keys[$i]]["default"])) {
                                if ($dsc["cols"][$keys[$i]]["values"][$x] == $dsc["cols"][$keys[$i]]["default"]) {
                                    $selected = " checked ";
                                } else {
                                    $selected = "";
                                }
                            } else {
                                if ($x == 0) {
                                    $selected = " checked ";
                                } else {
                                    $selected = "";
                                }
                            }
                            if (isset($dsc["cols"][$keys[$i]]["display_replace"][$x])) {
                                $display_val = $dsc["cols"][$keys[$i]]["display_replace"][$x];
                            } else {
                                $display_val = $dsc["cols"][$keys[$i]]["values"][$x];
                            }
                            $ctrl .= "<input type=\"radio\" name=\"" . $keys[$i] . "\" value=\"" . $dsc["cols"][$keys[$i]]["values"][$x] . "\" {$selected}> ";
                            $ctrl .= $display_val;
                        }
                        $out .= dtcFormLineDraw($dsc["cols"][$keys[$i]]["legend"], $ctrl, $i % 2, $help);
                        break;
                    case "checkbox":
                        if (!isset($dsc["cols"][$keys[$i]]["default"])) {
                            $checked = " checked ";
                        } else {
                            $checked = " ";
                        }
                        $ctrl = "<input type=\"checkbox\" name=\"" . $keys[$i] . "\" value=\"yes\" {$checked}>";
                        $out .= dtcFormLineDraw($dsc["cols"][$keys[$i]]["legend"], $ctrl, $i % 2, $help);
                        break;
                    case "popup":
                        $nbr_choices = sizeof($dsc["cols"][$keys[$i]]["values"]);
                        $ctrl = "<select name=\"" . $keys[$i] . "\">";
                        for ($x = 0; $x < $nbr_choices; $x++) {
                            $selected = "";
                            if (isset($dsc["cols"][$keys[$i]]["default"])) {
                                if ($dsc["cols"][$keys[$i]]["values"][$x] == $dsc["cols"][$keys[$i]]["default"]) {
                                    $selected = " selected ";
                                } else {
                                    $selected = "";
                                }
                            }
                            if (isset($dsc["cols"][$keys[$i]]["display_replace"][$x])) {
                                $display_val = $dsc["cols"][$keys[$i]]["display_replace"][$x];
                            } else {
                                $display_val = $dsc["cols"][$keys[$i]]["values"][$x];
                            }
                            $ctrl .= " <option value=\"" . $dsc["cols"][$keys[$i]]["values"][$x] . "\" {$selected}>{$display_val}</option>";
                        }
                        $out .= dtcFormLineDraw($dsc["cols"][$keys[$i]]["legend"], $ctrl, $i % 2, $help);
                        break;
                    default:
                        $ctrl = "Not implemented yet!!!";
                        $out .= dtcFormLineDraw($dsc["cols"][$keys[$i]]["legend"], $ctrl, $i % 2, $help);
                        break;
                }
            }
            $out .= dtcFromOkDraw();
            $out .= "</table></form>";
        }
        // Edition of existing items
    } else {
        $out .= "<a href=\"{$fw_link}&subaction=" . $dsc["action"] . "_new_item\">" . $dsc["new_item_link"] . "</a><br><br>";
        $out .= "<h3>" . $dsc["edit_item_title"] . "</h3><br>";
        $q = "SELECT * FROM " . $dsc["table_name"] . " {$where} AND " . $dsc["id_fld"] . "='" . addslashes($_REQUEST["item"]) . "';";
        $r = mysql_query($q) or die("Cannot query {$q} in " . __FILE__ . " line " . __LINE__ . " sql said: " . mysql_error());
        $n = mysql_num_rows($r);
        if ($n == 1) {
            $a = mysql_fetch_array($r);
            $out .= "<form name=\"" . $dsc["action"] . "_save_item_frm\" action=\"" . $_SERVER["PHP_SELF"] . "\">{$fw}";
            $out .= "<input type=\"hidden\" name=\"action\" value=\"" . $dsc["action"] . "_save_item\">";
            $out .= "<input type=\"hidden\" name=\"subaction\" value=\"" . $dsc["action"] . "_edit_item\">";
            $out .= "<input type=\"hidden\" name=\"item\" value=\"" . $a[$dsc["id_fld"]] . "\">";
            $out .= dtcFormTableAttrs();
            for ($j = 0; $j < $nbr_fld; $j++) {
                $the_fld = $dsc["cols"][$keys[$j]];
                if (isset($dsc["cols"][$keys[$j]]["help"])) {
                    $help = $dsc["cols"][$keys[$j]]["help"];
                } else {
                    $help = "";
                }
                switch ($the_fld["type"]) {
                    case "id":
                        $out .= "<input type=\"hidden\" name=\"" . $keys[$j] . "\" value=\"" . $a[$keys[$j]] . "\">";
                        $id_fldname = $keys[$j];
                        $id_fld_value = $a[$keys[$j]];
                        break;
                    case "textarea":
                        if (isset($dsc["cols"][$keys[$j]]["cols"])) {
                            $ctrl_cols = " cols=\"" . $dsc["cols"][$keys[$j]]["cols"] . "\" ";
                        } else {
                            $ctrl_cols = "";
                        }
                        if (isset($dsc["cols"][$keys[$j]]["rows"])) {
                            $ctrl_rows = " rows=\"" . $dsc["cols"][$keys[$j]]["rows"] . "\" ";
                        } else {
                            $ctrl_rows = "";
                        }
                        $ctrl = "<textarea {$ctrl_cols} {$ctrl_rows} name=\"" . $keys[$j] . "\">" . stripslashes($a[$keys[$j]]) . "</textarea>";
                        $out .= dtcFormLineDraw($dsc["cols"][$keys[$j]]["legend"], $ctrl, $j % 2, $help);
                        break;
                    case "password":
                    case "text":
                    case "readonly":
                        if (isset($dsc["cols"][$keys[$j]]["disable_edit"]) && $dsc["cols"][$keys[$j]]["disable_edit"] == "yes") {
                            $disabled = " disabled ";
                        } else {
                            $disabled = " ";
                        }
                        if (isset($dsc["cols"][$keys[$j]]["size"])) {
                            $size = " size=\"" . $dsc["cols"][$keys[$j]]["size"] . "\" ";
                        } else {
                            $size = "";
                        }
                        if (isset($dsc["cols"][$keys[$j]]["happen_domain"]) && preg_match("/" . $dsc["cols"][$keys[$j]]["happen_domain"] . "\$/", $a[$keys[$j]])) {
                            $input_disp_value = substr($a[$keys[$j]], 0, strlen($a[$keys[$j]]) - strlen($dsc["cols"][$keys[$j]]["happen_domain"]));
                            $happen = $dsc["cols"][$keys[$j]]["happen_domain"];
                        } else {
                            if ($dsc["cols"][$keys[$j]]["type"] != "readonly") {
                                $input_disp_value = $a[$keys[$j]];
                            }
                            $happen = "";
                        }
                        if (isset($dsc["cols"][$keys[$j]]["happen"])) {
                            $happen .= $dsc["cols"][$keys[$j]]["happen"];
                        }
                        if ($the_fld["type"] == "password") {
                            $genpass = autoGeneratePassButton($dsc["action"] . "_save_item_frm", $keys[$j]);
                            $input_disp_type = "password";
                        } else {
                            $genpass = "";
                            $input_disp_type = "text";
                        }
                        // Do this only for readonly
                        if ($dsc["cols"][$keys[$j]]["type"] == "readonly") {
                            $disabled = " READONLY";
                            isset($dsc["cols"][$keys[$j]]["default"]) ? $input_disp_value = $dsc["cols"][$keys[$j]]["default"] : ($input_disp_value = '');
                            isset($dsc["cols"][$keys[$j]]["happen"]) ? $happen = $dsc["cols"][$keys[$j]]["happen"] : ($happen = '');
                        }
                        if (isset($dsc["cols"][$keys[$j]]["callback"])) {
                            $retArray = $dsc["cols"][$keys[$j]]["callback"]($id_fld_value);
                            $input_disp_value = $retArray["value"];
                            $happen = $retArray["happen"];
                        }
                        $ctrl = "<input type=\"{$input_disp_type}\" {$size} name=\"" . $keys[$j] . "\" value=\"" . stripslashes($input_disp_value) . "\" {$disabled}>{$genpass}{$happen}";
                        $out .= dtcFormLineDraw($dsc["cols"][$keys[$j]]["legend"], $ctrl, $j % 2, $help);
                        break;
                    case "radio":
                        $nbr_choices = sizeof($dsc["cols"][$keys[$j]]["values"]);
                        $ctrl = "";
                        for ($x = 0; $x < $nbr_choices; $x++) {
                            if ($dsc["cols"][$keys[$j]]["values"][$x] == $a[$keys[$j]]) {
                                $selected = " checked ";
                            } else {
                                $selected = "";
                            }
                            $ctrl .= " <input type=\"radio\" name=\"" . $keys[$j] . "\" value=\"" . $dsc["cols"][$keys[$j]]["values"][$x] . "\" {$selected}> ";
                            $ctrl .= $dsc["cols"][$keys[$j]]["values"][$x];
                        }
                        $out .= dtcFormLineDraw($dsc["cols"][$keys[$j]]["legend"], $ctrl, $j % 2, $help);
                        break;
                    case "checkbox":
                        if ($dsc["cols"][$keys[$j]]["values"][0] == $a[$keys[$j]]) {
                            $selected = " checked ";
                        } else {
                            $selected = " ";
                        }
                        $ctrl = "<input type=\"checkbox\" name=\"" . $keys[$j] . "\" value=\"yes\" " . $selected . ">";
                        $out .= dtcFormLineDraw($dsc["cols"][$keys[$j]]["legend"], $ctrl, $j % 2, $help);
                        break;
                    case "popup":
                        $nbr_choices = sizeof($dsc["cols"][$keys[$j]]["values"]);
                        $ctrl = "<select name=\"" . $keys[$j] . "\">";
                        for ($x = 0; $x < $nbr_choices; $x++) {
                            if ($dsc["cols"][$keys[$j]]["values"][$x] == $a[$keys[$j]]) {
                                $selected = " selected ";
                            } else {
                                $selected = "";
                            }
                            if (isset($dsc["cols"][$keys[$j]]["display_replace"][$x])) {
                                $display_val = $dsc["cols"][$keys[$j]]["display_replace"][$x];
                            } else {
                                $display_val = $dsc["cols"][$keys[$j]]["values"][$x];
                            }
                            $ctrl .= " <option value=\"" . $dsc["cols"][$keys[$j]]["values"][$x] . "\" {$selected}>{$display_val}</option>";
                        }
                        $out .= dtcFormLineDraw($dsc["cols"][$keys[$j]]["legend"], $ctrl, $j % 2, $help);
                        break;
                    default:
                        $ctrl = "Not implemented yet!!!";
                        $out .= dtcFormLineDraw($dsc["cols"][$keys[$j]]["legend"], $ctrl, $j % 2, $help);
                        break;
                }
            }
            $delete_button = "<form action=\"" . $_SERVER["PHP_SELF"] . "\">{$fw}\n\t\t\t<input type=\"hidden\" name=\"action\" value=\"" . $dsc["action"] . "_delete_item" . "\">\n\t\t\t<input type=\"hidden\" name=\"{$id_fldname}\" value=\"{$id_fld_value}\">\n\t\t\t" . dtcDeleteButton() . "</form>";
            $out .= "<tr><td>&nbsp;</td><td><table cellspacing=\"0\" cellpadding=\"0\" border=\"0\">\n\t\t\t<tr><td>" . dtcApplyButton() . "</form></td><td>{$delete_button}</td></tr></table></td></tr>";
            $out .= "</table>";
        } else {
            $out .= "No item by this number!";
        }
    }
    return $out;
}
示例#10
0
require "../shared/autoSQLconfig.php";
require "{$dtcshared_path}/vars/table_names.php";
require "{$dtcshared_path}/drawlib/dtc_functions.php";
// $pro_mysql_domain_table
// $pro_mysql_subdomain_table
// $pro_mysql_cronjob_table
$login = $_REQUEST["login"];
$pass = $_REQUEST["pass"];
if (isset($_REQUEST["ip"])) {
    $ip = $_REQUEST["ip"];
}
$domain = $_REQUEST["domain"];
if (!isset($login) || $login == "" || !isset($pass) || $pass == "") {
    die("Incorrect params");
}
if (!isFtpLogin($login)) {
    die("Requested login does not look like to be correct. It should be made only with letters, numbers, \".\" or \"-\" sign.");
}
if (!isDTCPassword($pass)) {
    die("Requested pass does not look like to be correct. It should be made only with letters, numbers, \".\" or \"-\" sign.");
}
if (!isHostname($domain)) {
    die("Requested domain name does not looklike to be correct. Please check !");
}
$query = "SELECT * FROM {$pro_mysql_subdomain_table} WHERE login='******' AND pass='******' AND domain_name='{$domain}';";
$result = mysql_query($query) or die("Cannot query: \"{$query}\" !!!" . mysql_error());
$num_rows = mysql_num_rows($result);
if ($num_rows != 1) {
    die("Incorrect login, pass or domain name !");
} else {
    if (!isset($ip) || $ip == "") {