static function doUpdatePassword() { global $zdbh; global $controller; runtime_csfr::Protect(); $currentuser = ctrl_users::GetUserDetail(); $current_pass = $controller->GetControllerRequest('FORM', 'inCurPass'); $newpass = $controller->GetControllerRequest('FORM', 'inNewPass'); $conpass = $controller->GetControllerRequest('FORM', 'inConPass'); $crypto = new runtime_hash(); $crypto->SetPassword($newpass); $randomsalt = $crypto->RandomSalt(); $crypto->SetSalt($randomsalt); $new_secure_password = $crypto->CryptParts($crypto->Crypt())->Hash; $sql = $zdbh->prepare("SELECT ac_pass_vc, ac_passsalt_vc FROM x_accounts WHERE ac_id_pk= :uid"); $sql->bindParam(':uid', $currentuser['userid']); $sql->execute(); $result = $sql->fetch(); $userpasshash = new runtime_hash(); $userpasshash->SetPassword($current_pass); $userpasshash->SetSalt($result['ac_passsalt_vc']); $current_secure_password = $userpasshash->CryptParts($userpasshash->Crypt())->Hash; if (fs_director::CheckForEmptyValue($newpass)) { // Current password is blank! self::$error = "error"; } elseif ($current_secure_password != $result['ac_pass_vc']) { // Current password does not match! self::$error = "nomatch"; } else { if ($newpass == $conpass) { // Check for password length... if (strlen($newpass) < ctrl_options::GetSystemOption('password_minlength')) { self::$badpassword = true; return false; } // Check that the new password matches the confirmation box. $sql = $zdbh->prepare("UPDATE x_accounts SET ac_pass_vc=:new_secure_password, ac_passsalt_vc= :randomsalt WHERE ac_id_pk=:userid"); $sql->bindParam(':randomsalt', $randomsalt); $sql->bindParam(':new_secure_password', $new_secure_password); $sql->bindParam(':userid', $currentuser['userid']); $sql->execute(); self::$error = "ok"; } else { self::$error = "error"; } } }
static function doDeleteCron() { global $zdbh; global $controller; runtime_csfr::Protect(); $currentuser = ctrl_users::GetUserDetail(); $sql = "SELECT COUNT(*) FROM x_cronjobs WHERE ct_acc_fk=:userid AND ct_deleted_ts IS NULL"; $numrows = $zdbh->prepare($sql); $numrows->bindParam(':userid', $currentuser['userid']); if ($numrows->execute()) { if ($numrows->fetchColumn() != 0) { $sql = $zdbh->prepare("SELECT * FROM x_cronjobs WHERE ct_acc_fk=:userid AND ct_deleted_ts IS NULL"); $sql->bindParam(':userid', $currentuser['userid']); $sql->execute(); while ($rowcrons = $sql->fetch()) { if (!fs_director::CheckForEmptyValue($controller->GetControllerRequest('FORM', 'inDelete_' . $rowcrons['ct_id_pk'] . ''))) { $sql2 = $zdbh->prepare("UPDATE x_cronjobs SET ct_deleted_ts=:time WHERE ct_id_pk=:cronid"); $sql2->bindParam(':cronid', $rowcrons['ct_id_pk']); $sql2->bindParam(':time', time()); $sql2->execute(); (new Cronfile())->writeToFile(); self::$ok = TRUE; return; } } } } self::$error = TRUE; return; }
static function CheckCreateForErrors($domain) { global $zdbh; // Check for spaces and remove if found... $domain = strtolower(str_replace(' ', '', $domain)); // Check to make sure the domain is not blank before we go any further... if ($domain == '') { self::$blank = TRUE; return FALSE; } // Check for invalid characters in the domain... if (!self::IsValidDomainName($domain)) { self::$badname = TRUE; return FALSE; } // Check to make sure the domain is in the correct format before we go any further... if (strpos($domain, 'www.') === 0) { self::$error = TRUE; return FALSE; } // Check to see if the domain already exists in Sentora somewhere and redirect if it does.... $sql = "SELECT COUNT(*) FROM x_vhosts WHERE vh_name_vc=:domain AND vh_deleted_ts IS NULL"; $numrows = $zdbh->prepare($sql); $numrows->bindParam(':domain', $domain); if ($numrows->execute()) { if ($numrows->fetchColumn() > 0) { self::$alreadyexists = TRUE; return FALSE; } } // Check to make sure user not adding a subdomain and blocks stealing of subdomains.... // Get shared domain list $SharedDomains = array(); $a = explode(',', ctrl_options::GetSystemOption('shared_domains')); foreach ($a as $b) { $SharedDomains[] = $b; } if (substr_count($domain, ".") > 1) { $part = explode('.', $domain); foreach ($part as $check) { if (!in_array($check, $SharedDomains)) { if (strlen($check) > 13) { $sql = $zdbh->prepare("SELECT * FROM x_vhosts WHERE vh_name_vc LIKE :check AND vh_type_in !=2 AND vh_deleted_ts IS NULL"); $checkSql = '%' . $check . '%'; $sql->bindParam(':check', $checkSql); $sql->execute(); while ($rowcheckdomains = $sql->fetch()) { $subpart = explode('.', $rowcheckdomains['vh_name_vc']); foreach ($subpart as $subcheck) { if (strlen($subcheck) > 3) { if ($subcheck == $check) { if (substr($domain, -7) == substr($rowcheckdomains['vh_name_vc'], -7)) { self::$nosub = TRUE; return FALSE; } } } } } } } } } return TRUE; }
static function doInstallModule() { self::$error_message = ""; self::$error = false; if ($_FILES['modulefile']['error'] > 0) { self::$error_message = "Couldn't upload the file, " . $_FILES['modulefile']['error'] . ""; } else { $archive_ext = fs_director::GetFileExtension($_FILES['modulefile']['name']); $module_folder = fs_director::GetFileNameNoExtentsion($_FILES['modulefile']['name']); $module_dir = ctrl_options::GetSystemOption('sentora_root') . 'modules/' . $module_folder; if (!fs_director::CheckFolderExists($module_dir)) { if ($archive_ext != 'zpp') { self::$error_message = "Package type was not detected as a .zpp (Sentora Package) archive."; } else { if (fs_director::CreateDirectory($module_dir)) { if (sys_archive::Unzip($_FILES['modulefile']['tmp_name'], $module_dir . '/')) { if (!fs_director::CheckFileExists($module_dir . '/module.xml')) { self::$error_message = "No module.xml file found in the unzipped archive."; } else { ui_module::ModuleInfoToDB($module_folder); $extra_config = $module_dir . "/deploy/install.run"; if (fs_director::CheckFileExists($extra_config)) { exec(ctrl_options::GetSystemOption('php_exer') . " " . $extra_config . ""); } self::$ok = true; } } else { self::$error_message = "Couldn't unzip the archive (" . $_FILES['modulefile']['tmp_name'] . ") to " . $module_dir . '/'; } } else { self::$error_message = "Couldn't create module folder in " . $module_dir; } } } else { self::$error_message = "The module " . $module_folder . " is already installed on this server!"; } } return; }
static function CheckCreateForErrors($subdomain, $domain) { global $zdbh; // Check for spaces and remove if found... $subdomain = strtolower(str_replace(' ', '', $subdomain)); // Check to make sure the domain is not blank before we go any further... if ($subdomain == '') { self::$blank = TRUE; return FALSE; } // Check for invalid characters in the domain... if (!self::IsValidDomainName($subdomain)) { self::$badname = TRUE; return FALSE; } // Check for input manipulation domains that aren't ours if (!self::IsValidDomain($domain)) { self::$badname = TRUE; return FALSE; } // Check to make sure the domain is in the correct format before we go any further... if (strpos($domain, 'www.') === 0) { self::$error = TRUE; return FALSE; } // Check to see if the domain already exists in MADmin somewhere and redirect if it does.... $sql = "SELECT COUNT(*) FROM x_vhosts WHERE vh_name_vc=:domain AND vh_deleted_ts IS NULL"; $numrows = $zdbh->prepare($sql); $numrows->bindParam(':domain', $subdomain); if ($numrows->execute()) { if ($numrows->fetchColumn() > 0) { self::$alreadyexists = TRUE; return FALSE; } } return TRUE; }
static function ExecuteAddFaq($question, $answer, $userid, $global) { global $zdbh; if ($question != "" && $answer != "") { $sql = "INSERT INTO x_faqs (fq_acc_fk, fq_question_tx, fq_answer_tx, fq_global_in, fq_created_ts) VALUES (:userid, :question, :answer, :global, :time)"; $sql = $zdbh->prepare($sql); $sql->bindParam(':userid', $userid); $sql->bindParam(':question', $question); $sql->bindParam(':answer', $answer); $sql->bindParam(':global', $global); $time = time(); $sql->bindParam(':time', $time); $sql->execute(); self::$ok = true; return true; } else { self::$error = true; return false; } }
static function CheckNumeric($EnablePHP, $Domains, $SubDomains, $ParkedDomains, $Mailboxes, $Fowarders, $DistLists, $FTPAccounts, $MySQL, $DiskQuota, $BandQuota) { if (!is_numeric($EnablePHP) || !is_numeric($Domains) || !is_numeric($SubDomains) || !is_numeric($ParkedDomains) || !is_numeric($Mailboxes) || !is_numeric($Fowarders) || !is_numeric($DistLists) || !is_numeric($FTPAccounts) || !is_numeric($MySQL) || !is_numeric($DiskQuota) || !is_numeric($BandQuota)) { self::$error = true; return false; } else { return true; } }