diff --git a/customer_mysql.php b/customer_mysql.php index 774daf6b..9e1b0b8e 100644 --- a/customer_mysql.php +++ b/customer_mysql.php @@ -132,134 +132,12 @@ if ($page == 'overview') { } elseif ($action == 'add') { if ($userinfo['mysqls_used'] < $userinfo['mysqls'] || $userinfo['mysqls'] == '-1') { if (isset($_POST['send']) && $_POST['send'] == 'send') { - $password = validate($_POST['mysql_password'], 'password'); - $password = validatePassword($password); - - $sendinfomail = isset($_POST['sendinfomail']) ? 1 : 0; - if ($sendinfomail != 1) { - $sendinfomail = 0; - } - - if ($password == '') { - standard_error(array('stringisempty', 'mypassword')); - } else { - $dbserver = 0; - $dbservers_stmt = Database::query("SELECT COUNT(DISTINCT `dbserver`) as numservers FROM `".TABLE_PANEL_DATABASES."`"); - $_dbserver = $dbservers_stmt->fetch(PDO::FETCH_ASSOC); - $count_mysqlservers = $_dbserver['numservers']; - if ($count_mysqlservers > 1) { - $dbserver = validate($_POST['mysql_server'], html_entity_decode($lng['mysql']['mysql_server']), '', '', 0); - Database::needRoot(true, $dbserver); - Database::needSqlData(); - $sql_root = Database::getSqlData(); - Database::needRoot(false); - if (!isset($sql_root) || !is_array($sql_root)) { - $dbserver = 0; - } - } - - // validate description before actual adding the database, #1052 - $databasedescription = validate(trim($_POST['description']), 'description'); - - // create database, user, set permissions, etc.pp. - $dbm = new DbManager($log); - $username = $dbm->createDatabase( - $userinfo['loginname'], - $password, - $userinfo['mysql_lastaccountnumber'] - ); - - // we've checked against the password in dbm->createDatabase - if ($username == false) { - standard_error('passwordshouldnotbeusername'); - } - - // Statement modified for Database description -- PH 2004-11-29 - $stmt = Database::prepare('INSERT INTO `' . TABLE_PANEL_DATABASES . '` - (`customerid`, `databasename`, `description`, `dbserver`) - VALUES (:customerid, :databasename, :description, :dbserver)' - ); - $params = array( - "customerid" => $userinfo['customerid'], - "databasename" => $username, - "description" => $databasedescription, - "dbserver" => $dbserver - ); - Database::pexecute($stmt, $params); - - $stmt = Database::prepare('UPDATE `' . TABLE_PANEL_CUSTOMERS . '` - SET `mysqls_used` = `mysqls_used` + 1, `mysql_lastaccountnumber` = `mysql_lastaccountnumber` + 1 - WHERE `customerid` = :customerid' - ); - Database::pexecute($stmt, array("customerid" => $userinfo['customerid'])); - - if ($sendinfomail == 1) { - $pma = $lng['admin']['notgiven']; - if (Settings::Get('panel.phpmyadmin_url') != '') { - $pma = Settings::Get('panel.phpmyadmin_url'); - } - - Database::needRoot(true, $dbserver); - Database::needSqlData(); - $sql_root = Database::getSqlData(); - Database::needRoot(false); - - $replace_arr = array( - 'SALUTATION' => getCorrectUserSalutation($userinfo), - 'CUST_NAME' => getCorrectUserSalutation($userinfo), // < keep this for compatibility - 'DB_NAME' => $username, - 'DB_PASS' => $password, - 'DB_DESC' => $databasedescription, - 'DB_SRV' => $sql_root['host'], - 'PMA_URI' => $pma - ); - - $def_language = $userinfo['def_language']; - $result_stmt = Database::prepare("SELECT `value` FROM `" . TABLE_PANEL_TEMPLATES . "` - WHERE `adminid` = :adminid - AND `language` = :lang - AND `templategroup`='mails' - AND `varname`='new_database_by_customer_subject'" - ); - Database::pexecute($result_stmt, array("adminid" => $userinfo['adminid'], "lang" => $def_language)); - $result = $result_stmt->fetch(PDO::FETCH_ASSOC); - $mail_subject = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $lng['mails']['new_database_by_customer']['subject']), $replace_arr)); - - $result_stmt = Database::prepare("SELECT `value` FROM `" . TABLE_PANEL_TEMPLATES . "` - WHERE `adminid`= :adminid - AND `language`= :lang - AND `templategroup` = 'mails' - AND `varname` = 'new_database_by_customer_mailbody'" - ); - Database::pexecute($result_stmt, array("adminid" => $userinfo['adminid'], "lang" => $def_language)); - $result = $result_stmt->fetch(PDO::FETCH_ASSOC); - $mail_body = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $lng['mails']['new_database_by_customer']['mailbody']), $replace_arr)); - - $_mailerror = false; - try { - $mail->Subject = $mail_subject; - $mail->AltBody = $mail_body; - $mail->MsgHTML(str_replace("\n", "
", $mail_body)); - $mail->AddAddress($userinfo['email'], getCorrectUserSalutation($userinfo)); - $mail->Send(); - } catch(phpmailerException $e) { - $mailerr_msg = $e->errorMessage(); - $_mailerror = true; - } catch (Exception $e) { - $mailerr_msg = $e->getMessage(); - $_mailerror = true; - } - - if ($_mailerror) { - $log->logAction(USR_ACTION, LOG_ERR, "Error sending mail: " . $mailerr_msg); - standard_error('errorsendingmail', $userinfo['email']); - } - - $mail->ClearAddresses(); - } - - redirectTo($filename, array('page' => $page, 's' => $s)); + try { + Mysqls::getLocal($userinfo, $_POST)->add(); + } catch (Exception $e) { + dynamic_error($e->getMessage()); } + redirectTo($filename, array('page' => $page, 's' => $s)); } else { $dbservers_stmt = Database::query("SELECT DISTINCT `dbserver` FROM `".TABLE_PANEL_DATABASES."`"); @@ -284,12 +162,14 @@ if ($page == 'overview') { } } } elseif ($action == 'edit' && $id != 0) { - $result_stmt = Database::prepare("SELECT `id`, `databasename`, `description`, `dbserver` FROM `" . TABLE_PANEL_DATABASES . "` - WHERE `customerid` = :customerid - AND `id` = :id" - ); - Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid'], "id" => $id)); - $result = $result_stmt->fetch(PDO::FETCH_ASSOC); + try { + $json_result = Mysqls::getLocal($userinfo, array( + 'id' => $id + ))->get(); + } catch (Exception $e) { + dynamic_error($e->getMessage()); + } + $result = json_decode($json_result, true)['data']; if (isset($result['databasename']) && $result['databasename'] != '') { if (!isset($sql_root[$result['dbserver']]) || !is_array($sql_root[$result['dbserver']])) { diff --git a/lib/classes/api/commands/class.Customers.php b/lib/classes/api/commands/class.Customers.php index 424bdf92..4bea264a 100644 --- a/lib/classes/api/commands/class.Customers.php +++ b/lib/classes/api/commands/class.Customers.php @@ -71,11 +71,11 @@ class Customers extends ApiCommand implements ResourceEntity $id = $this->getParam('id', true, 0); $ln_optional = ($id <= 0 ? false : true); $loginname = $this->getParam('loginname', $ln_optional, ''); - + if ($id <= 0 && empty($loginname)) { throw new Exception("Either 'id' or 'loginname' parameter must be given", 406); } - + if ($this->isAdmin()) { $result_stmt = Database::prepare(" SELECT * FROM `" . TABLE_PANEL_CUSTOMERS . "` @@ -257,7 +257,7 @@ class Customers extends ApiCommand implements ResourceEntity 'loginname' => '' ); } - + // Check if an admin with the loginname already exists try { $dup_check_result = Admins::getLocal($this->getUserData(), array( @@ -269,7 +269,7 @@ class Customers extends ApiCommand implements ResourceEntity 'loginname' => '' ); } - + if (strtolower($loginname_check['loginname']) == strtolower($loginname) || strtolower($loginname_check_admin['loginname']) == strtolower($loginname)) { standard_error('loginnameexists', $loginname, true); } elseif (! validateUsername($loginname, Settings::Get('panel.unix_names'), 14 - strlen(Settings::Get('customer.mysqlprefix')))) { @@ -674,7 +674,7 @@ class Customers extends ApiCommand implements ResourceEntity * optional, the customer-id * @param string $loginname * optional, the loginname - * + * * @access admin, customer * @throws Exception * @return array @@ -697,47 +697,94 @@ class Customers extends ApiCommand implements ResourceEntity $result = json_decode($json_result, true)['data']; $id = $result['customerid']; - // parameters - $move_to_admin = intval_ressource($this->getParam('move_to_admin', true, 0)); - - $idna_convert = new idna_convert_wrapper(); - $email = $this->getParam('email', true, $idna_convert->decode($result['email'])); - $name = $this->getParam('name', true, $result['name']); - $firstname = $this->getParam('firstname', true, $result['firstname']); - $company = $this->getParam('company', true, $result['company']); - $street = $this->getParam('street', true, $result['street']); - $zipcode = $this->getParam('zipcode', true, $result['zipcode']); - $city = $this->getParam('city', true, $result['city']); - $phone = $this->getParam('phone', true, $result['phone']); - $fax = $this->getParam('fax', true, $result['fax']); - $customernumber = $this->getParam('customernumber', true, $result['customernumber']); - $def_language = $this->getParam('def_language', true, $result['def_language']); - $gender = intval_ressource($this->getParam('gender', true, $result['gender'])); - $custom_notes = $this->getParam('custom_notes', true, $result['custom_notes']); - $custom_notes_show = $this->getParam('custom_notes_show', true, $result['custom_notes_show']); - - $dec_places = Settings::Get('panel.decimal_places'); - $diskspace = $this->getUlParam('diskspace', 'diskspace_ul', true, round($result['diskspace'] / 1024, $dec_places)); - $traffic = $this->getUlParam('traffic', 'traffic_ul', true, round($result['traffic'] / (1024 * 1024), $dec_places)); - $subdomains = $this->getUlParam('subdomains', 'subdomains_ul', true, $result['subdomains']); - $emails = $this->getUlParam('emails', 'emails_ul', true, $result['emails']); - $email_accounts = $this->getUlParam('email_accounts', 'email_accounts_ul', true, $result['email_accounts']); - $email_forwarders = $this->getUlParam('email_forwarders', 'email_forwarders_ul', true, $result['email_forwarders']); - $email_quota = $this->getUlParam('email_quota', 'email_quota_ul', true, $result['email_quota']); - $email_imap = $this->getParam('email_imap', true, $result['imap']); - $email_pop3 = $this->getParam('email_pop3', true, $result['pop3']); - $ftps = $this->getUlParam('ftps', 'ftps_ul', true, $result['ftps']); - $tickets = $this->getUlParam('tickets', 'tickets_ul', true, $result['tickets']); - $mysqls = $this->getUlParam('mysqls', 'mysqls_ul', true, $result['mysqls']); - $createstdsubdomain = $this->getParam('createstdsubdomain', true, 0); - $password = $this->getParam('new_customer_password', true, ''); - $sendpassword = $this->getParam('sendpassword', true, 0); - $phpenabled = $this->getParam('phpenabled', true, $result['phpenabled']); - $allowed_phpconfigs = $this->getParam('allowed_phpconfigs', true, json_decode($result['allowed_phpconfigs'], true)); - $perlenabled = $this->getParam('perlenabled', true, $result['perlenabled']); - $dnsenabled = $this->getParam('dnsenabled', true, $result['dnsenabled']); - $deactivated = $this->getParam('deactivated', true, $result['deactivated']); - $theme = $this->getParam('theme', true, $result['theme']); + if ($this->isAdmin()) { + // parameters + $move_to_admin = intval_ressource($this->getParam('move_to_admin', true, 0)); + + $idna_convert = new idna_convert_wrapper(); + $email = $this->getParam('email', true, $idna_convert->decode($result['email'])); + $name = $this->getParam('name', true, $result['name']); + $firstname = $this->getParam('firstname', true, $result['firstname']); + $company = $this->getParam('company', true, $result['company']); + $street = $this->getParam('street', true, $result['street']); + $zipcode = $this->getParam('zipcode', true, $result['zipcode']); + $city = $this->getParam('city', true, $result['city']); + $phone = $this->getParam('phone', true, $result['phone']); + $fax = $this->getParam('fax', true, $result['fax']); + $customernumber = $this->getParam('customernumber', true, $result['customernumber']); + $def_language = $this->getParam('def_language', true, $result['def_language']); + $gender = intval_ressource($this->getParam('gender', true, $result['gender'])); + $custom_notes = $this->getParam('custom_notes', true, $result['custom_notes']); + $custom_notes_show = $this->getParam('custom_notes_show', true, $result['custom_notes_show']); + + $dec_places = Settings::Get('panel.decimal_places'); + $diskspace = $this->getUlParam('diskspace', 'diskspace_ul', true, round($result['diskspace'] / 1024, $dec_places)); + $traffic = $this->getUlParam('traffic', 'traffic_ul', true, round($result['traffic'] / (1024 * 1024), $dec_places)); + $subdomains = $this->getUlParam('subdomains', 'subdomains_ul', true, $result['subdomains']); + $emails = $this->getUlParam('emails', 'emails_ul', true, $result['emails']); + $email_accounts = $this->getUlParam('email_accounts', 'email_accounts_ul', true, $result['email_accounts']); + $email_forwarders = $this->getUlParam('email_forwarders', 'email_forwarders_ul', true, $result['email_forwarders']); + $email_quota = $this->getUlParam('email_quota', 'email_quota_ul', true, $result['email_quota']); + $email_imap = $this->getParam('email_imap', true, $result['imap']); + $email_pop3 = $this->getParam('email_pop3', true, $result['pop3']); + $ftps = $this->getUlParam('ftps', 'ftps_ul', true, $result['ftps']); + $tickets = $this->getUlParam('tickets', 'tickets_ul', true, $result['tickets']); + $mysqls = $this->getUlParam('mysqls', 'mysqls_ul', true, $result['mysqls']); + $createstdsubdomain = $this->getParam('createstdsubdomain', true, 0); + $password = $this->getParam('new_customer_password', true, ''); + $sendpassword = $this->getParam('sendpassword', true, 0); + $phpenabled = $this->getParam('phpenabled', true, $result['phpenabled']); + $allowed_phpconfigs = $this->getParam('allowed_phpconfigs', true, json_decode($result['allowed_phpconfigs'], true)); + $perlenabled = $this->getParam('perlenabled', true, $result['perlenabled']); + $dnsenabled = $this->getParam('dnsenabled', true, $result['dnsenabled']); + $deactivated = $this->getParam('deactivated', true, $result['deactivated']); + $theme = $this->getParam('theme', true, $result['theme']); + } else { + // allowed parameters + $def_language = $this->getParam('def_language', true, $result['def_language']); + $password = $this->getParam('new_customer_password', true, ''); + $theme = $this->getParam('theme', true, $result['theme']); + + // unchangeable parameters for customers + $move_to_admin = 0; + $idna_convert = new idna_convert_wrapper(); + $email = $idna_convert->decode($result['email']); + $name = $result['name']; + $firstname = $result['firstname']; + $company = $result['company']; + $street = $result['street']; + $zipcode = $result['zipcode']; + $city = $result['city']; + $phone = $result['phone']; + $fax = $result['fax']; + $customernumber = $result['customernumber']; + $gender = $result['gender']; + $custom_notes = $result['custom_notes']; + $custom_notes_show = $result['custom_notes_show']; + + $dec_places = Settings::Get('panel.decimal_places'); + $diskspace = round($result['diskspace'] / 1024, $dec_places); + $traffic = round($result['traffic'] / (1024 * 1024), $dec_places); + $subdomains = $result['subdomains']; + $emails = $result['emails']; + $email_accounts = $result['email_accounts']; + $email_forwarders = $result['email_forwarders']; + $email_quota = $result['email_quota']; + $email_imap = $result['imap']; + $email_pop3 = $result['pop3']; + $ftps = $result['ftps']; + $tickets = $result['tickets']; + $mysqls = $result['mysqls']; + // if we got one, it's true so none will be generated (it exists already) + // if not, none will be generated + $createstdsubdomain = ($result['standardsubdomain'] > 0 ? 1 : 0); + $sendpassword = 0; + $phpenabled = $result['phpenabled']; + $allowed_phpconfigs = json_decode($result['allowed_phpconfigs'], true); + $perlenabled = $result['perlenabled']; + $dnsenabled = $result['dnsenabled']; + $deactivated = $result['deactivated']; + } // validation $idna_convert = new idna_convert_wrapper(); @@ -770,277 +817,282 @@ class Customers extends ApiCommand implements ResourceEntity $diskspace = $diskspace * 1024; $traffic = $traffic * 1024 * 1024; - if (((($this->getUserDetail('diskspace_used') + $diskspace - $result['diskspace']) > $this->getUserDetail('diskspace')) && ($this->getUserDetail('diskspace') / 1024) != '-1') || ((($this->getUserDetail('mysqls_used') + $mysqls - $result['mysqls']) > $this->getUserDetail('mysqls')) && $this->getUserDetail('mysqls') != '-1') || ((($this->getUserDetail('emails_used') + $emails - $result['emails']) > $this->getUserDetail('emails')) && $this->getUserDetail('emails') != '-1') || ((($this->getUserDetail('email_accounts_used') + $email_accounts - $result['email_accounts']) > $this->getUserDetail('email_accounts')) && $this->getUserDetail('email_accounts') != '-1') || ((($this->getUserDetail('email_forwarders_used') + $email_forwarders - $result['email_forwarders']) > $this->getUserDetail('email_forwarders')) && $this->getUserDetail('email_forwarders') != '-1') || ((($this->getUserDetail('email_quota_used') + $email_quota - $result['email_quota']) > $this->getUserDetail('email_quota')) && $this->getUserDetail('email_quota') != '-1' && Settings::Get('system.mail_quota_enabled') == '1') || ((($this->getUserDetail('ftps_used') + $ftps - $result['ftps']) > $this->getUserDetail('ftps')) && $this->getUserDetail('ftps') != '-1') || ((($this->getUserDetail('tickets_used') + $tickets - $result['tickets']) > $this->getUserDetail('tickets')) && $this->getUserDetail('tickets') != '-1') || ((($this->getUserDetail('subdomains_used') + $subdomains - $result['subdomains']) > $this->getUserDetail('subdomains')) && $this->getUserDetail('subdomains') != '-1') || (($diskspace / 1024) == '-1' && ($this->getUserDetail('diskspace') / 1024) != '-1') || ($mysqls == '-1' && $this->getUserDetail('mysqls') != '-1') || ($emails == '-1' && $this->getUserDetail('emails') != '-1') || ($email_accounts == '-1' && $this->getUserDetail('email_accounts') != '-1') || ($email_forwarders == '-1' && $this->getUserDetail('email_forwarders') != '-1') || ($email_quota == '-1' && $this->getUserDetail('email_quota') != '-1' && Settings::Get('system.mail_quota_enabled') == '1') || ($ftps == '-1' && $this->getUserDetail('ftps') != '-1') || ($tickets == '-1' && $this->getUserDetail('tickets') != '-1') || ($subdomains == '-1' && $this->getUserDetail('subdomains') != '-1')) { - standard_error('youcantallocatemorethanyouhave', '', true); + if ($this->isAdmin()) { + if (((($this->getUserDetail('diskspace_used') + $diskspace - $result['diskspace']) > $this->getUserDetail('diskspace')) && ($this->getUserDetail('diskspace') / 1024) != '-1') || ((($this->getUserDetail('mysqls_used') + $mysqls - $result['mysqls']) > $this->getUserDetail('mysqls')) && $this->getUserDetail('mysqls') != '-1') || ((($this->getUserDetail('emails_used') + $emails - $result['emails']) > $this->getUserDetail('emails')) && $this->getUserDetail('emails') != '-1') || ((($this->getUserDetail('email_accounts_used') + $email_accounts - $result['email_accounts']) > $this->getUserDetail('email_accounts')) && $this->getUserDetail('email_accounts') != '-1') || ((($this->getUserDetail('email_forwarders_used') + $email_forwarders - $result['email_forwarders']) > $this->getUserDetail('email_forwarders')) && $this->getUserDetail('email_forwarders') != '-1') || ((($this->getUserDetail('email_quota_used') + $email_quota - $result['email_quota']) > $this->getUserDetail('email_quota')) && $this->getUserDetail('email_quota') != '-1' && Settings::Get('system.mail_quota_enabled') == '1') || ((($this->getUserDetail('ftps_used') + $ftps - $result['ftps']) > $this->getUserDetail('ftps')) && $this->getUserDetail('ftps') != '-1') || ((($this->getUserDetail('tickets_used') + $tickets - $result['tickets']) > $this->getUserDetail('tickets')) && $this->getUserDetail('tickets') != '-1') || ((($this->getUserDetail('subdomains_used') + $subdomains - $result['subdomains']) > $this->getUserDetail('subdomains')) && $this->getUserDetail('subdomains') != '-1') || (($diskspace / 1024) == '-1' && ($this->getUserDetail('diskspace') / 1024) != '-1') || ($mysqls == '-1' && $this->getUserDetail('mysqls') != '-1') || ($emails == '-1' && $this->getUserDetail('emails') != '-1') || ($email_accounts == '-1' && $this->getUserDetail('email_accounts') != '-1') || ($email_forwarders == '-1' && $this->getUserDetail('email_forwarders') != '-1') || ($email_quota == '-1' && $this->getUserDetail('email_quota') != '-1' && Settings::Get('system.mail_quota_enabled') == '1') || ($ftps == '-1' && $this->getUserDetail('ftps') != '-1') || ($tickets == '-1' && $this->getUserDetail('tickets') != '-1') || ($subdomains == '-1' && $this->getUserDetail('subdomains') != '-1')) { + standard_error('youcantallocatemorethanyouhave', '', true); + } + + // Either $name and $firstname or the $company must be inserted + if ($name == '' && $company == '') { + standard_error(array( + 'stringisempty', + 'myname' + ), '', true); + } elseif ($firstname == '' && $company == '') { + standard_error(array( + 'stringisempty', + 'myfirstname' + ), '', true); + } elseif ($email == '') { + standard_error(array( + 'stringisempty', + 'emailadd' + ), '', true); + } elseif (! validateEmail($email)) { + standard_error('emailiswrong', $email, true); + } } - // Either $name and $firstname or the $company must be inserted - if ($name == '' && $company == '') { - standard_error(array( - 'stringisempty', - 'myname' - ), '', true); - } elseif ($firstname == '' && $company == '') { - standard_error(array( - 'stringisempty', - 'myfirstname' - ), '', true); - } elseif ($email == '') { - standard_error(array( - 'stringisempty', - 'emailadd' - ), '', true); - } elseif (! validateEmail($email)) { - standard_error('emailiswrong', $email, true); + if ($password != '') { + $password = validatePassword($password, true); + $password = makeCryptPassword($password); } else { + $password = $result['password']; + } + + if ($createstdsubdomain != '1') { + $createstdsubdomain = '0'; + } + + if ($createstdsubdomain == '1' && $result['standardsubdomain'] == '0') { - if ($password != '') { - $password = validatePassword($password, true); - $password = makeCryptPassword($password); + if (Settings::Get('system.stdsubdomain') !== null && Settings::Get('system.stdsubdomain') != '') { + $_stdsubdomain = $result['loginname'] . '.' . Settings::Get('system.stdsubdomain'); } else { - $password = $result['password']; + $_stdsubdomain = $result['loginname'] . '.' . Settings::Get('system.hostname'); } - if ($createstdsubdomain != '1') { - $createstdsubdomain = '0'; + $ins_data = array( + 'domain' => $_stdsubdomain, + 'customerid' => $result['customerid'], + 'adminid' => $this->getUserDetail('adminid'), + 'docroot' => $result['documentroot'], + 'phpenabled' => $phpenabled, + 'openbasedir' => '1' + ); + $domainid = - 1; + try { + $std_domain = Domains::getLocal($this->getUserData(), $ins_data)->add(); + $domainid = json_decode($std_domain, true)['data']['id']; + } catch (Exception $e) { + $this->logger()->logAction(ADM_ACTION, LOG_ERR, "[API] Unable to add standard-subdomain: " . $e->getMessage()); } - if ($createstdsubdomain == '1' && $result['standardsubdomain'] == '0') { - - if (Settings::Get('system.stdsubdomain') !== null && Settings::Get('system.stdsubdomain') != '') { - $_stdsubdomain = $result['loginname'] . '.' . Settings::Get('system.stdsubdomain'); - } else { - $_stdsubdomain = $result['loginname'] . '.' . Settings::Get('system.hostname'); - } - - $ins_data = array( - 'domain' => $_stdsubdomain, - 'customerid' => $result['customerid'], - 'adminid' => $this->getUserDetail('adminid'), - 'docroot' => $result['documentroot'], - 'phpenabled' => $phpenabled, - 'openbasedir' => '1' - ); - $domainid = - 1; - try { - $std_domain = Domains::getLocal($this->getUserData(), $ins_data)->add(); - $domainid = json_decode($std_domain, true)['data']['id']; - } catch (Exception $e) { - $this->logger()->logAction(ADM_ACTION, LOG_ERR, "[API] Unable to add standard-subdomain: " . $e->getMessage()); - } - - if ($domainid > 0) { - $upd_stmt = Database::prepare(" + if ($domainid > 0) { + $upd_stmt = Database::prepare(" UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `standardsubdomain` = :domainid WHERE `customerid` = :customerid "); - Database::pexecute($upd_stmt, array( - 'domainid' => $domainid, - 'customerid' => $result['customerid'] - ), true, true); - $this->logger()->logAction(ADM_ACTION, LOG_NOTICE, "[API] automatically added standardsubdomain for user '" . $result['loginname'] . "'"); - inserttask('1'); - } - } - - if ($createstdsubdomain == '0' && $result['standardsubdomain'] != '0') { - - try { - $std_domain = Domains::getLocal($this->getUserData(), array( - 'id' => $result['standardsubdomain'], - 'is_stdsubdomain' => 1 - ))->delete(); - } catch (Exception $e) { - $this->logger()->logAction(ADM_ACTION, LOG_ERR, "[API] Unable to delete standard-subdomain: " . $e->getMessage()); - } - $this->logger()->logAction(ADM_ACTION, LOG_NOTICE, "[API] automatically deleted standardsubdomain for user '" . $result['loginname'] . "'"); + Database::pexecute($upd_stmt, array( + 'domainid' => $domainid, + 'customerid' => $result['customerid'] + ), true, true); + $this->logger()->logAction(ADM_ACTION, LOG_NOTICE, "[API] automatically added standardsubdomain for user '" . $result['loginname'] . "'"); inserttask('1'); } + } + + if ($createstdsubdomain == '0' && $result['standardsubdomain'] != '0') { - if ($deactivated != '1') { - $deactivated = '0'; + try { + $std_domain = Domains::getLocal($this->getUserData(), array( + 'id' => $result['standardsubdomain'], + 'is_stdsubdomain' => 1 + ))->delete(); + } catch (Exception $e) { + $this->logger()->logAction(ADM_ACTION, LOG_ERR, "[API] Unable to delete standard-subdomain: " . $e->getMessage()); } + $this->logger()->logAction(ADM_ACTION, LOG_NOTICE, "[API] automatically deleted standardsubdomain for user '" . $result['loginname'] . "'"); + inserttask('1'); + } + + if ($deactivated != '1') { + $deactivated = '0'; + } + + if ($phpenabled != '0') { + $phpenabled = '1'; + } + + if ($perlenabled != '0') { + $perlenabled = '1'; + } + + if ($dnsenabled != '0') { + $dnsenabled = '1'; + } + + if ($phpenabled != $result['phpenabled'] || $perlenabled != $result['perlenabled']) { + inserttask('1'); + } + + // activate/deactivate customer services + if ($deactivated != $result['deactivated']) { - if ($phpenabled != '0') { - $phpenabled = '1'; - } + $yesno = (($deactivated) ? 'N' : 'Y'); + $pop3 = (($deactivated) ? '0' : (int) $result['pop3']); + $imap = (($deactivated) ? '0' : (int) $result['imap']); - if ($perlenabled != '0') { - $perlenabled = '1'; - } - - if ($dnsenabled != '0') { - $dnsenabled = '1'; - } - - if ($phpenabled != $result['phpenabled'] || $perlenabled != $result['perlenabled']) { - inserttask('1'); - } - - // activate/deactivate customer services - if ($deactivated != $result['deactivated']) { - - $yesno = (($deactivated) ? 'N' : 'Y'); - $pop3 = (($deactivated) ? '0' : (int) $result['pop3']); - $imap = (($deactivated) ? '0' : (int) $result['imap']); - - $upd_stmt = Database::prepare(" - UPDATE `" . TABLE_MAIL_USERS . "` SET `postfix`= :yesno, `pop3` = :pop3, `imap` = :imap WHERE `customerid` = :customerid"); - Database::pexecute($upd_stmt, array( - 'yesno' => $yesno, - 'pop3' => $pop3, - 'imap' => $imap, - 'customerid' => $id - )); - - $upd_stmt = Database::prepare(" - UPDATE `" . TABLE_FTP_USERS . "` SET `login_enabled` = :yesno WHERE `customerid` = :customerid"); - Database::pexecute($upd_stmt, array( - 'yesno' => $yesno, - 'customerid' => $id - )); - - $upd_stmt = Database::prepare(" - UPDATE `" . TABLE_PANEL_DOMAINS . "` SET `deactivated`= :deactivated WHERE `customerid` = :customerid"); - Database::pexecute($upd_stmt, array( - 'deactivated' => $deactivated, - 'customerid' => $id - )); - - // Retrieve customer's databases - $databases_stmt = Database::prepare("SELECT * FROM " . TABLE_PANEL_DATABASES . " WHERE customerid = :customerid ORDER BY `dbserver`"); - Database::pexecute($databases_stmt, array( - 'customerid' => $id - )); - - Database::needRoot(true); - $last_dbserver = 0; - - $dbm = new DbManager($this->logger()); - - // For each of them - while ($row_database = $databases_stmt->fetch(PDO::FETCH_ASSOC)) { - - if ($last_dbserver != $row_database['dbserver']) { - $dbm->getManager()->flushPrivileges(); - Database::needRoot(true, $row_database['dbserver']); - $last_dbserver = $row_database['dbserver']; - } - - foreach (array_unique(explode(',', Settings::Get('system.mysql_access_host'))) as $mysql_access_host) { - $mysql_access_host = trim($mysql_access_host); - - // Prevent access, if deactivated - if ($deactivated) { - // failsafe if user has been deleted manually (requires MySQL 4.1.2+) - $dbm->getManager()->disableUser($row_database['databasename'], $mysql_access_host); - } else { - // Otherwise grant access - $dbm->getManager()->enableUser($row_database['databasename'], $mysql_access_host); - } - } - } - - // At last flush the new privileges - $dbm->getManager()->flushPrivileges(); - Database::needRoot(false); - - $this->logger()->logAction(ADM_ACTION, LOG_INFO, "[API] deactivated user '" . $result['loginname'] . "'"); - inserttask('1'); - } - - // Disable or enable POP3 Login for customers Mail Accounts - if ($email_pop3 != $result['pop3']) { - $upd_stmt = Database::prepare("UPDATE `" . TABLE_MAIL_USERS . "` SET `pop3` = :pop3 WHERE `customerid` = :customerid"); - Database::pexecute($upd_stmt, array( - 'pop3' => $email_pop3, - 'customerid' => $id - )); - } - - // Disable or enable IMAP Login for customers Mail Accounts - if ($email_imap != $result['imap']) { - $upd_stmt = Database::prepare("UPDATE `" . TABLE_MAIL_USERS . "` SET `imap` = :imap WHERE `customerid` = :customerid"); - Database::pexecute($upd_stmt, array( - 'imap' => $email_imap, - 'customerid' => $id - )); - } - - $upd_data = array( - 'customerid' => $id, - 'passwd' => $password, - 'name' => $name, - 'firstname' => $firstname, - 'gender' => $gender, - 'company' => $company, - 'street' => $street, - 'zipcode' => $zipcode, - 'city' => $city, - 'phone' => $phone, - 'fax' => $fax, - 'email' => $email, - 'customerno' => $customernumber, - 'lang' => $def_language, - 'diskspace' => $diskspace, - 'traffic' => $traffic, - 'subdomains' => $subdomains, - 'emails' => $emails, - 'email_accounts' => $email_accounts, - 'email_forwarders' => $email_forwarders, - 'email_quota' => $email_quota, - 'ftps' => $ftps, - 'tickets' => $tickets, - 'mysqls' => $mysqls, - 'deactivated' => $deactivated, - 'phpenabled' => $phpenabled, - 'allowed_phpconfigs' => empty($allowed_phpconfigs) ? "" : json_encode($allowed_phpconfigs), - 'imap' => $email_imap, - 'pop3' => $email_pop3, - 'perlenabled' => $perlenabled, - 'dnsenabled' => $dnsenabled, - 'custom_notes' => $custom_notes, - 'custom_notes_show' => $custom_notes_show, - 'theme' => $theme - ); $upd_stmt = Database::prepare(" - UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET - `name` = :name, - `firstname` = :firstname, - `gender` = :gender, - `company` = :company, - `street` = :street, - `zipcode` = :zipcode, - `city` = :city, - `phone` = :phone, - `fax` = :fax, - `email` = :email, - `customernumber` = :customerno, - `def_language` = :lang, - `password` = :passwd, - `diskspace` = :diskspace, - `traffic` = :traffic, - `subdomains` = :subdomains, - `emails` = :emails, - `email_accounts` = :email_accounts, - `email_forwarders` = :email_forwarders, - `ftps` = :ftps, - `tickets` = :tickets, - `mysqls` = :mysqls, - `deactivated` = :deactivated, - `phpenabled` = :phpenabled, - `allowed_phpconfigs` = :allowed_phpconfigs, - `email_quota` = :email_quota, - `imap` = :imap, - `pop3` = :pop3, - `perlenabled` = :perlenabled, - `dnsenabled` = :dnsenabled, - `custom_notes` = :custom_notes, - `custom_notes_show` = :custom_notes_show, - `theme` = :theme - WHERE `customerid` = :customerid + UPDATE `" . TABLE_MAIL_USERS . "` SET `postfix`= :yesno, `pop3` = :pop3, `imap` = :imap WHERE `customerid` = :customerid "); - Database::pexecute($upd_stmt, $upd_data); + Database::pexecute($upd_stmt, array( + 'yesno' => $yesno, + 'pop3' => $pop3, + 'imap' => $imap, + 'customerid' => $id + )); + $upd_stmt = Database::prepare(" + UPDATE `" . TABLE_FTP_USERS . "` SET `login_enabled` = :yesno WHERE `customerid` = :customerid + "); + Database::pexecute($upd_stmt, array( + 'yesno' => $yesno, + 'customerid' => $id + )); + + $upd_stmt = Database::prepare(" + UPDATE `" . TABLE_PANEL_DOMAINS . "` SET `deactivated`= :deactivated WHERE `customerid` = :customerid"); + Database::pexecute($upd_stmt, array( + 'deactivated' => $deactivated, + 'customerid' => $id + )); + + // Retrieve customer's databases + $databases_stmt = Database::prepare("SELECT * FROM " . TABLE_PANEL_DATABASES . " WHERE customerid = :customerid ORDER BY `dbserver`"); + Database::pexecute($databases_stmt, array( + 'customerid' => $id + )); + + Database::needRoot(true); + $last_dbserver = 0; + + $dbm = new DbManager($this->logger()); + + // For each of them + while ($row_database = $databases_stmt->fetch(PDO::FETCH_ASSOC)) { + + if ($last_dbserver != $row_database['dbserver']) { + $dbm->getManager()->flushPrivileges(); + Database::needRoot(true, $row_database['dbserver']); + $last_dbserver = $row_database['dbserver']; + } + + foreach (array_unique(explode(',', Settings::Get('system.mysql_access_host'))) as $mysql_access_host) { + $mysql_access_host = trim($mysql_access_host); + + // Prevent access, if deactivated + if ($deactivated) { + // failsafe if user has been deleted manually (requires MySQL 4.1.2+) + $dbm->getManager()->disableUser($row_database['databasename'], $mysql_access_host); + } else { + // Otherwise grant access + $dbm->getManager()->enableUser($row_database['databasename'], $mysql_access_host); + } + } + } + + // At last flush the new privileges + $dbm->getManager()->flushPrivileges(); + Database::needRoot(false); + + $this->logger()->logAction(ADM_ACTION, LOG_INFO, "[API] deactivated user '" . $result['loginname'] . "'"); + inserttask('1'); + } + + // Disable or enable POP3 Login for customers Mail Accounts + if ($email_pop3 != $result['pop3']) { + $upd_stmt = Database::prepare("UPDATE `" . TABLE_MAIL_USERS . "` SET `pop3` = :pop3 WHERE `customerid` = :customerid"); + Database::pexecute($upd_stmt, array( + 'pop3' => $email_pop3, + 'customerid' => $id + )); + } + + // Disable or enable IMAP Login for customers Mail Accounts + if ($email_imap != $result['imap']) { + $upd_stmt = Database::prepare("UPDATE `" . TABLE_MAIL_USERS . "` SET `imap` = :imap WHERE `customerid` = :customerid"); + Database::pexecute($upd_stmt, array( + 'imap' => $email_imap, + 'customerid' => $id + )); + } + + $upd_data = array( + 'customerid' => $id, + 'passwd' => $password, + 'name' => $name, + 'firstname' => $firstname, + 'gender' => $gender, + 'company' => $company, + 'street' => $street, + 'zipcode' => $zipcode, + 'city' => $city, + 'phone' => $phone, + 'fax' => $fax, + 'email' => $email, + 'customerno' => $customernumber, + 'lang' => $def_language, + 'diskspace' => $diskspace, + 'traffic' => $traffic, + 'subdomains' => $subdomains, + 'emails' => $emails, + 'email_accounts' => $email_accounts, + 'email_forwarders' => $email_forwarders, + 'email_quota' => $email_quota, + 'ftps' => $ftps, + 'tickets' => $tickets, + 'mysqls' => $mysqls, + 'deactivated' => $deactivated, + 'phpenabled' => $phpenabled, + 'allowed_phpconfigs' => empty($allowed_phpconfigs) ? "" : json_encode($allowed_phpconfigs), + 'imap' => $email_imap, + 'pop3' => $email_pop3, + 'perlenabled' => $perlenabled, + 'dnsenabled' => $dnsenabled, + 'custom_notes' => $custom_notes, + 'custom_notes_show' => $custom_notes_show, + 'theme' => $theme + ); + $upd_stmt = Database::prepare(" + UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET + `name` = :name, + `firstname` = :firstname, + `gender` = :gender, + `company` = :company, + `street` = :street, + `zipcode` = :zipcode, + `city` = :city, + `phone` = :phone, + `fax` = :fax, + `email` = :email, + `customernumber` = :customerno, + `def_language` = :lang, + `password` = :passwd, + `diskspace` = :diskspace, + `traffic` = :traffic, + `subdomains` = :subdomains, + `emails` = :emails, + `email_accounts` = :email_accounts, + `email_forwarders` = :email_forwarders, + `ftps` = :ftps, + `tickets` = :tickets, + `mysqls` = :mysqls, + `deactivated` = :deactivated, + `phpenabled` = :phpenabled, + `allowed_phpconfigs` = :allowed_phpconfigs, + `email_quota` = :email_quota, + `imap` = :imap, + `pop3` = :pop3, + `perlenabled` = :perlenabled, + `dnsenabled` = :dnsenabled, + `custom_notes` = :custom_notes, + `custom_notes_show` = :custom_notes_show, + `theme` = :theme + WHERE `customerid` = :customerid + "); + Database::pexecute($upd_stmt, $upd_data); + + if ($this->isAdmin()) { // Using filesystem - quota, insert a task which cleans the filesystem - quota inserttask('10'); @@ -1147,20 +1199,21 @@ class Customers extends ApiCommand implements ResourceEntity $admin_update_query .= " WHERE `adminid` = '" . (int) $result['adminid'] . "'"; Database::query($admin_update_query); - $this->logger()->logAction(ADM_ACTION, LOG_INFO, "[API] edited user '" . $result['loginname'] . "'"); - - /* - * move customer to another admin/reseller; #1166 - */ - if ($move_to_admin > 0 && $move_to_admin != $result['adminid']) { - $move_result = moveCustomerToAdmin($id, $move_to_admin); - if ($move_result != true) { - standard_error('moveofcustomerfailed', $move_result, true); - } - } - - return $this->response(200, "successfull", $upd_data); } + + $this->logger()->logAction($this->isAdmin() ? ADM_ACTION : USR_ACTION, LOG_INFO, "[API] edited user '" . $result['loginname'] . "'"); + + /* + * move customer to another admin/reseller; #1166 + */ + if ($move_to_admin > 0 && $move_to_admin != $result['adminid']) { + $move_result = moveCustomerToAdmin($id, $move_to_admin); + if ($move_result != true) { + standard_error('moveofcustomerfailed', $move_result, true); + } + } + + return $this->response(200, "successfull", $upd_data); } throw new Exception("Not allowed to execute given command.", 403); }