maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

get rid of session variable in URL

Browse Source 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann
2022-03-14 22:51:59 +01:00
parent 2972d95e8b
commit 164b46ece3
56 changed files with 447 additions and 698 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
admin_admins.php
View File

@@ -62,33 +62,14 @@ if ($page == 'admins' && $userinfo['change_serversettings'] == '1') {
$destination_admin = $result['loginname'];
if ($destination_admin != '' && $result['adminid'] != $userinfo['userid']) {
$result_stmt = Database::prepare("
SELECT * FROM `" . TABLE_PANEL_SESSIONS . "` WHERE `userid` = :userid
");
$result = Database::pexecute_first($result_stmt, array(
'userid' => $userinfo['userid']
));
$s = \Froxlor\Froxlor::genSessionId();
$ins_stmt = Database::prepare("
INSERT INTO `" . TABLE_PANEL_SESSIONS . "` SET
`hash` = :hash, `userid` = :userid, `ipaddress` = :ip,
`useragent` = :ua, `lastactivity` = :la,
`language` = :lang, `adminsession` = '1'
");
$ins_data = array(
'hash' => $s,
'userid' => $id,
'ip' => $result['ipaddress'],
'ua' => $result['useragent'],
'la' => time(),
'lang' => $result['language']
);
Database::pexecute($ins_stmt, $ins_data);
$result['switched_user'] = \Froxlor\CurrentUser::getData();
$result['adminsession'] = 1;
$result['userid'] = $result['adminid'];
\Froxlor\CurrentUser::setData($result);
$log->logAction(\Froxlor\FroxlorLogger::ADM_ACTION, LOG_INFO, "switched adminuser and is now '" . $destination_admin . "'");
\Froxlor\UI\Response::redirectTo('admin_index.php', array(
's' => $s
));
\Froxlor\UI\Response::redirectTo('admin_index.php');
} else {
\Froxlor\UI\Response::redirectTo('index.php', array(
'action' => 'login'
@@ -114,8 +95,7 @@ if ($page == 'admins' && $userinfo['change_serversettings'] == '1') {
'id' => $id
))->delete();
\Froxlor\UI\Response::redirectTo($filename, array(
'page' => $page,
's' => $s
'page' => $page
));
} else {
\Froxlor\UI\HTML::askYesNo('admin_admin_reallydelete', $filename, array(
@@ -134,8 +114,7 @@ if ($page == 'admins' && $userinfo['change_serversettings'] == '1') {
\Froxlor\UI\Response::dynamic_error($e->getMessage());
}
\Froxlor\UI\Response::redirectTo($filename, array(
'page' => $page,
's' => $s
'page' => $page
));
} else {
@@ -175,8 +154,7 @@ if ($page == 'admins' && $userinfo['change_serversettings'] == '1') {
\Froxlor\UI\Response::dynamic_error($e->getMessage());
}
\Froxlor\UI\Response::redirectTo($filename, array(
'page' => $page,
's' => $s
'page' => $page
));
} else {

27
admin_autoupdate.php
View File

@@ -29,9 +29,8 @@ define('RELEASE_URI', "https://autoupdate.froxlor.org/froxlor-{version}.zip");
define('CHECKSUM_URI', "https://autoupdate.froxlor.org/froxlor-{version}.zip.sha256");
// check for archive-stuff
if (! extension_loaded('zip')) {
if (!extension_loaded('zip')) {
\Froxlor\UI\Response::redirectTo($filename, array(
's' => $s,
'page' => 'error',
'errno' => 2
));
@@ -40,7 +39,6 @@ if (! extension_loaded('zip')) {
// 0.11.x requires 7.4 at least
if (version_compare("7.4.0", PHP_VERSION, ">=")) {
\Froxlor\UI\Response::redirectTo($filename, array(
's' => $s,
'page' => 'error',
'errno' => 10
));
@@ -72,15 +70,14 @@ if ($page == 'overview') {
$message_addinfo = $_message;
// not numeric -> error-message
if (! preg_match('/^((\d+\\.)(\d+\\.)(\d+\\.)?(\d+)?(\-(svn|dev|rc)(\d+))?)$/', $_version)) {
if (!preg_match('/^((\d+\\.)(\d+\\.)(\d+\\.)?(\d+)?(\-(svn|dev|rc)(\d+))?)$/', $_version)) {
// check for customized version to not output
// "There is a newer version of froxlor" besides the error-message
\Froxlor\UI\Response::redirectTo($filename, array(
's' => $s,
'page' => 'error',
'errno' => 3
));
} elseif (\Froxlor\Froxlor::versionCompare2($version, $_version) == - 1) {
} elseif (\Froxlor\Froxlor::versionCompare2($version, $_version) == -1) {
// there is a newer version - yay
$isnewerversion = 1;
} else {
@@ -117,7 +114,7 @@ elseif ($page == 'getdownload') {
$toCheck = str_replace('{version}', $newversion, CHECKSUM_URI);
// check for local destination folder
if (! is_dir(\Froxlor\Froxlor::getInstallDir() . '/updates/')) {
if (!is_dir(\Froxlor\Froxlor::getInstallDir() . '/updates/')) {
mkdir(\Froxlor\Froxlor::getInstallDir() . '/updates/');
}
@@ -136,7 +133,6 @@ elseif ($page == 'getdownload') {
HttpClient::fileGet($toLoad, $localArchive);
} catch (Exception $e) {
\Froxlor\UI\Response::redirectTo($filename, array(
's' => $s,
'page' => 'error',
'errno' => 4
));
@@ -144,7 +140,7 @@ elseif ($page == 'getdownload') {
// validate the integrity of the downloaded file
$_shouldsum = HttpClient::urlGet($toCheck);
if (! empty($_shouldsum)) {
if (!empty($_shouldsum)) {
$_t = explode(" ", $_shouldsum);
$shouldsum = $_t[0];
} else {
@@ -154,7 +150,6 @@ elseif ($page == 'getdownload') {
if ($filesum != $shouldsum) {
\Froxlor\UI\Response::redirectTo($filename, array(
's' => $s,
'page' => 'error',
'errno' => 9
));
@@ -162,13 +157,11 @@ elseif ($page == 'getdownload') {
// to the next step
\Froxlor\UI\Response::redirectTo($filename, array(
's' => $s,
'page' => 'extract',
'archive' => basename($localArchive)
));
}
\Froxlor\UI\Response::redirectTo($filename, array(
's' => $s,
'page' => 'error',
'errno' => 6
));
@@ -193,21 +186,17 @@ elseif ($page == 'extract') {
} else {
// error
\Froxlor\UI\Response::redirectTo($filename, array(
's' => $s,
'page' => 'error',
'errno' => 8
));
}
// redirect to update-page?
\Froxlor\UI\Response::redirectTo('admin_updates.php', array(
's' => $s
));
\Froxlor\UI\Response::redirectTo('admin_updates.php');
}
if (! file_exists($localArchive)) {
if (!file_exists($localArchive)) {
\Froxlor\UI\Response::redirectTo($filename, array(
's' => $s,
'page' => 'error',
'errno' => 7
));
@@ -231,6 +220,6 @@ elseif ($page == 'error') {
// 7 = local archive does not exist
// 8 = could not extract archive
// 9 = checksum mismatch
// 10 = <php-7.0
// 10 = <php-7.4
\Froxlor\UI\Response::standard_error('autoupdate_' . $errno);
}

8
admin_configfiles.php
View File

@@ -25,9 +25,7 @@ if ($userinfo['change_serversettings'] == '1') {
if ($action == 'setconfigured') {
Settings::Set('panel.is_configured', '1', true);
\Froxlor\UI\Response::redirectTo('admin_configfiles.php', array(
's' => $s
));
\Froxlor\UI\Response::redirectTo('admin_configfiles.php');
}
$customer_tmpdir = '/tmp/';
@@ -260,9 +258,7 @@ if ($userinfo['change_serversettings'] == '1') {
eval("echo \"" . \Froxlor\UI\Template::getTemplate("configfiles/wizard") . "\";");
}
} else {
\Froxlor\UI\Response::redirectTo('admin_index.php', array(
's' => $s
));
\Froxlor\UI\Response::redirectTo('admin_index.php');
}
// helper functions

3
admin_cronjobs.php
View File

@@ -64,8 +64,7 @@ if ($page == 'cronjobs' || $page == 'overview') {
\Froxlor\UI\Response::dynamic_error($e->getMessage());
}
\Froxlor\UI\Response::redirectTo($filename, array(
'page' => $page,
's' => $s
'page' => $page
));
} else {

53
admin_customers.php
View File

@@ -34,9 +34,11 @@ if ($page == 'customers' && $userinfo['customers'] != '0') {
try {
$customer_list_data = include_once dirname(__FILE__) . '/lib/tablelisting/admin/tablelisting.customers.php';
$collection = (new \Froxlor\UI\Collection(\Froxlor\Api\Commands\Customers::class, $userinfo, ['show_usages' => true]))
->has('admin', \Froxlor\Api\Commands\Admins::class, 'adminid', 'adminid')
$collection = (new \Froxlor\UI\Collection(\Froxlor\Api\Commands\Customers::class, $userinfo, ['show_usages' => true]))
->withPagination($customer_list_data['customer_list']['columns']);
if ($userinfo['change_serversettings']) {
$collection->has('admin', \Froxlor\Api\Commands\Admins::class, 'adminid', 'adminid');
}
} catch (Exception $e) {
\Froxlor\UI\Response::dynamic_error($e->getMessage());
}
@@ -71,33 +73,12 @@ if ($page == 'customers' && $userinfo['customers'] != '0') {
if ($result['deactivated'] == '1') {
\Froxlor\UI\Response::standard_error("usercurrentlydeactivated", $destination_user);
}
$result_stmt = Database::prepare("
SELECT * FROM `" . TABLE_PANEL_SESSIONS . "`
WHERE `userid` = :id
AND `hash` = :hash");
$result = Database::pexecute_first($result_stmt, array(
'id' => $userinfo['userid'],
'hash' => $s
));
$s = \Froxlor\Froxlor::genSessionId();
$insert = Database::prepare("
INSERT INTO `" . TABLE_PANEL_SESSIONS . "` SET
`hash` = :hash,
`userid` = :id,
`ipaddress` = :ip,
`useragent` = :ua,
`lastactivity` = :lastact,
`language` = :lang,
`adminsession` = '0'");
Database::pexecute($insert, array(
'hash' => $s,
'id' => $id,
'ip' => $result['ipaddress'],
'ua' => $result['useragent'],
'lastact' => time(),
'lang' => $result['language']
));
$result['switched_user'] = \Froxlor\CurrentUser::getData();
$result['adminsession'] = 0;
$result['userid'] = $result['customerid'];
\Froxlor\CurrentUser::setData($result);
$log->logAction(\Froxlor\FroxlorLogger::ADM_ACTION, LOG_INFO, "switched user and is now '" . $destination_user . "'");
$target = (isset($_GET['target']) ? $_GET['target'] : 'index');
@@ -105,9 +86,7 @@ if ($page == 'customers' && $userinfo['customers'] != '0') {
if (!file_exists(\Froxlor\Froxlor::getInstallDir() . "/" . $redirect)) {
$redirect = "customer_index.php";
}
\Froxlor\UI\Response::redirectTo($redirect, array(
's' => $s
), true);
\Froxlor\UI\Response::redirectTo($redirect, null, true);
} else {
\Froxlor\UI\Response::redirectTo('index.php', array(
'action' => 'login'
@@ -132,8 +111,7 @@ if ($page == 'customers' && $userinfo['customers'] != '0') {
\Froxlor\UI\Response::dynamic_error($e->getMessage());
}
\Froxlor\UI\Response::redirectTo($filename, array(
'page' => $page,
's' => $s
'page' => $page
));
} else {
\Froxlor\UI\HTML::askYesNo('customer_reallyunlock', $filename, array(
@@ -162,8 +140,7 @@ if ($page == 'customers' && $userinfo['customers'] != '0') {
\Froxlor\UI\Response::dynamic_error($e->getMessage());
}
\Froxlor\UI\Response::redirectTo($filename, array(
'page' => $page,
's' => $s
'page' => $page
));
} else {
\Froxlor\UI\HTML::askYesNoWithCheckbox('admin_customer_reallydelete', 'admin_customer_alsoremovefiles', $filename, array(
@@ -181,8 +158,7 @@ if ($page == 'customers' && $userinfo['customers'] != '0') {
\Froxlor\UI\Response::dynamic_error($e->getMessage());
}
\Froxlor\UI\Response::redirectTo($filename, array(
'page' => $page,
's' => $s
'page' => $page
));
} else {
@@ -248,8 +224,7 @@ if ($page == 'customers' && $userinfo['customers'] != '0') {
\Froxlor\UI\Response::dynamic_error($e->getMessage());
}
\Froxlor\UI\Response::redirectTo($filename, array(
'page' => $page,
's' => $s
'page' => $page
));
} else {

9
admin_domains.php
View File

@@ -92,8 +92,7 @@ if ($page == 'domains' || $page == 'overview') {
}
\Froxlor\UI\Response::redirectTo($filename, array(
'page' => $page,
's' => $s
'page' => $page
));
} elseif ($alias_check['count'] > 0) {
\Froxlor\UI\Response::standard_error('domains_cantdeletedomainwithaliases');
@@ -119,8 +118,7 @@ if ($page == 'domains' || $page == 'overview') {
\Froxlor\UI\Response::dynamic_error($e->getMessage());
}
\Froxlor\UI\Response::redirectTo($filename, array(
'page' => $page,
's' => $s
'page' => $page
));
} else {
@@ -376,8 +374,7 @@ if ($page == 'domains' || $page == 'overview') {
\Froxlor\UI\Response::dynamic_error($e->getMessage());
}
\Froxlor\UI\Response::redirectTo($filename, array(
'page' => $page,
's' => $s
'page' => $page
));
} else {

88
admin_index.php
View File

@@ -32,25 +32,25 @@ $id = (int) Request::get('id');
if ($action == 'logout') {
$log->logAction(\Froxlor\FroxlorLogger::ADM_ACTION, LOG_NOTICE, "logged out");
$params = array(
'adminid' => (int) $userinfo['adminid']
);
if (Settings::Get('session.allow_multiple_login') == '1') {
$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_SESSIONS . "`
WHERE `userid` = :adminid
AND `adminsession` = '1'
AND `hash` = :hash");
$params['hash'] = $s;
} else {
$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_SESSIONS . "`
WHERE `userid` = :adminid
AND `adminsession` = '1'");
}
Database::pexecute($stmt, $params);
unset($_SESSION['userinfo']);
\Froxlor\CurrentUser::setData();
session_destroy();
\Froxlor\UI\Response::redirectTo('index.php');
} elseif ($action == 'suback') {
if (is_array(\Froxlor\CurrentUser::getField('switched_user'))) {
$result = \Froxlor\CurrentUser::getData();
$result = $result['switched_user'];
\Froxlor\CurrentUser::setData($result);
$target = (isset($_GET['target']) ? $_GET['target'] : 'index');
$redirect = "admin_" . $target . ".php";
if (!file_exists(\Froxlor\Froxlor::getInstallDir() . "/" . $redirect)) {
$redirect = "admin_index.php";
}
\Froxlor\UI\Response::redirectTo($redirect, null, true);
} else {
\Froxlor\UI\Response::dynamic_error("Cannot change back - You've never switched to another user :-)");
}
}
if ($page == 'overview') {
@@ -88,7 +88,7 @@ if ($page == 'overview') {
$overview['diskspace_bytes'] = $overview['diskspace_assigned'] * 1024;
$overview['diskspace_bytes_used'] = $overview['diskspace_used'] * 1024;
$userinfo['traffic_bytes'] = ($userinfo['traffic'] > -1) ? $userinfo['traffic'] * 1024 : - 1;
$userinfo['traffic_bytes'] = ($userinfo['traffic'] > -1) ? $userinfo['traffic'] * 1024 : -1;
$overview['traffic_bytes'] = $overview['traffic_assigned'] * 1024;
$overview['traffic_bytes_used'] = $overview['traffic_used'] * 1024;
@@ -114,7 +114,7 @@ if ($page == 'overview') {
$isnewerversion = $result['isnewerversion'];
} else {
$lookfornewversion_lable = $lng['admin']['lookfornewversion']['clickhere'];
$lookfornewversion_link = htmlspecialchars($filename . '?s=' . urlencode($s) . '&page=' . urlencode($page) . '&lookfornewversion=yes');
$lookfornewversion_link = htmlspecialchars($filename . '?page=' . urlencode($page) . '&lookfornewversion=yes');
$lookfornewversion_message = '';
$lookfornewversion_addinfo = '';
$isnewerversion = 0;
@@ -126,7 +126,7 @@ if ($page == 'overview') {
// additional sys-infos
$meminfo = explode("\n", @file_get_contents("/proc/meminfo"));
$memory = "";
for ($i = 0; $i < count($meminfo); ++ $i) {
for ($i = 0; $i < count($meminfo); ++$i) {
if (substr($meminfo[$i], 0, 3) === "Mem") {
$memory .= $meminfo[$i] . PHP_EOL;
}
@@ -137,7 +137,7 @@ if ($page == 'overview') {
$load = number_format($loadArray[0], 2, '.', '') . " / " . number_format($loadArray[1], 2, '.', '') . " / " . number_format($loadArray[2], 2, '.', '');
} else {
$load = @file_get_contents('/proc/loadavg');
if (! $load) {
if (!$load) {
$load = $lng['admin']['noloadavailable'];
}
}
@@ -191,7 +191,7 @@ if ($page == 'overview') {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
$old_password = \Froxlor\Validate\Validate::validate($_POST['old_password'], 'old password');
if (! \Froxlor\System\Crypt::validatePasswordLogin($userinfo, $old_password, TABLE_PANEL_ADMINS, 'adminid')) {
if (!\Froxlor\System\Crypt::validatePasswordLogin($userinfo, $old_password, TABLE_PANEL_ADMINS, 'adminid')) {
\Froxlor\UI\Response::standard_error('oldpasswordnotcorrect');
}
@@ -229,9 +229,7 @@ if ($page == 'overview') {
\Froxlor\UI\Response::dynamic_error($e->getMessage());
}
$log->logAction(\Froxlor\FroxlorLogger::ADM_ACTION, LOG_NOTICE, 'changed password');
\Froxlor\UI\Response::redirectTo($filename, Array(
's' => $s
));
\Froxlor\UI\Response::redirectTo($filename);
}
} else {
UI::twigBuffer('user/change_password.html.twig');
@@ -251,21 +249,9 @@ if ($page == 'overview') {
} catch (Exception $e) {
\Froxlor\UI\Response::dynamic_error($e->getMessage());
}
// also update current session
$lng_stmt = Database::prepare("
UPDATE `" . TABLE_PANEL_SESSIONS . "`
SET `language`= :lng
WHERE `hash`= :hash");
Database::pexecute($lng_stmt, array(
'lng' => $def_language,
'hash' => $s
));
}
$log->logAction(\Froxlor\FroxlorLogger::ADM_ACTION, LOG_NOTICE, "changed his/her default language to '" . $def_language . "'");
\Froxlor\UI\Response::redirectTo($filename, array(
's' => $s
));
\Froxlor\UI\Response::redirectTo($filename);
} else {
$language_options = '';
@@ -294,20 +280,8 @@ if ($page == 'overview') {
\Froxlor\UI\Response::dynamic_error($e->getMessage());
}
// also update current session
$theme_stmt = Database::prepare("
UPDATE `" . TABLE_PANEL_SESSIONS . "`
SET `theme`= :theme
WHERE `hash`= :hash");
Database::pexecute($theme_stmt, array(
'theme' => $theme,
'hash' => $s
));
$log->logAction(\Froxlor\FroxlorLogger::ADM_ACTION, LOG_NOTICE, "changed his/her theme to '" . $theme . "'");
\Froxlor\UI\Response::redirectTo($filename, array(
's' => $s
));
\Froxlor\UI\Response::redirectTo($filename);
} else {
$theme_options = '';
@@ -386,22 +360,16 @@ if ($page == 'overview') {
// finally remove error from fs
@unlink($err_file);
\Froxlor\UI\Response::redirectTo($filename, array(
's' => $s
));
\Froxlor\UI\Response::redirectTo($filename);
}
// show a nice summary of the error-report
// before actually sending anything
eval("echo \"" . \Froxlor\UI\Template::getTemplate("index/send_error_report") . "\";");
} else {
\Froxlor\UI\Response::redirectTo($filename, array(
's' => $s
));
\Froxlor\UI\Response::redirectTo($filename);
}
} else {
\Froxlor\UI\Response::redirectTo($filename, array(
's' => $s
));
\Froxlor\UI\Response::redirectTo($filename);
}
} elseif ($page == 'apikeys' && Settings::Get('api.enabled') == 1) {
require_once __DIR__ . '/api_keys.php';

9
admin_ipsandports.php
View File

@@ -68,8 +68,7 @@ if ($page == 'ipsandports' || $page == 'overview') {
}
\Froxlor\UI\Response::redirectTo($filename, array(
'page' => $page,
's' => $s
'page' => $page
));
} else {
\Froxlor\UI\HTML::askYesNo('admin_ip_reallydelete', $filename, array(
@@ -87,8 +86,7 @@ if ($page == 'ipsandports' || $page == 'overview') {
\Froxlor\UI\Response::dynamic_error($e->getMessage());
}
\Froxlor\UI\Response::redirectTo($filename, array(
'page' => $page,
's' => $s
'page' => $page
));
} else {
@@ -119,8 +117,7 @@ if ($page == 'ipsandports' || $page == 'overview') {
\Froxlor\UI\Response::dynamic_error($e->getMessage());
}
\Froxlor\UI\Response::redirectTo($filename, array(
'page' => $page,
's' => $s
'page' => $page
));
} else {

3
admin_logger.php
View File

@@ -55,8 +55,7 @@ if ($page == 'log' && $userinfo['change_serversettings'] == '1') {
\Froxlor\UI\Response::dynamic_error($e->getMessage());
}
\Froxlor\UI\Response::redirectTo($filename, array(
'page' => $page,
's' => $s
'page' => $page
));
} else {
\Froxlor\UI\HTML::askYesNo('logger_reallytruncate', $filename, array(

1
admin_message.php
View File

@@ -87,7 +87,6 @@ if ($page == 'message') {
\Froxlor\UI\Response::redirectTo($filename, array(
'page' => $page,
's' => $s,
'action' => 'showsuccess',
'sentitems' => $mailcounter
));

18
admin_phpsettings.php
View File

@@ -61,8 +61,7 @@ if ($page == 'overview') {
\Froxlor\UI\Response::dynamic_error($e->getMessage());
}
\Froxlor\UI\Response::redirectTo($filename, array(
'page' => $page,
's' => $s
'page' => $page
));
} else {
@@ -119,8 +118,7 @@ if ($page == 'overview') {
\Froxlor\UI\Response::dynamic_error($e->getMessage());
}
\Froxlor\UI\Response::redirectTo($filename, array(
'page' => $page,
's' => $s
'page' => $page
));
} else {
\Froxlor\UI\HTML::askYesNo('phpsetting_reallydelete', $filename, array(
@@ -154,8 +152,7 @@ if ($page == 'overview') {
\Froxlor\UI\Response::dynamic_error($e->getMessage());
}
\Froxlor\UI\Response::redirectTo($filename, array(
'page' => $page,
's' => $s
'page' => $page
));
} else {
@@ -211,8 +208,7 @@ if ($page == 'overview') {
\Froxlor\UI\Response::dynamic_error($e->getMessage());
}
\Froxlor\UI\Response::redirectTo($filename, array(
'page' => $page,
's' => $s
'page' => $page
));
} else {
@@ -253,8 +249,7 @@ if ($page == 'overview') {
\Froxlor\UI\Response::dynamic_error($e->getMessage());
}
\Froxlor\UI\Response::redirectTo($filename, array(
'page' => $page,
's' => $s
'page' => $page
));
} else {
\Froxlor\UI\HTML::askYesNo('fpmsetting_reallydelete', $filename, array(
@@ -288,8 +283,7 @@ if ($page == 'overview') {
\Froxlor\UI\Response::dynamic_error($e->getMessage());
}
\Froxlor\UI\Response::redirectTo($filename, array(
'page' => $page,
's' => $s
'page' => $page
));
} else {

9
admin_plans.php
View File

@@ -71,8 +71,7 @@ if ($page == '' || $page == 'overview') {
}
\Froxlor\UI\Response::redirectTo($filename, array(
'page' => $page,
's' => $s
'page' => $page
));
} else {
\Froxlor\UI\HTML::askYesNo('plan_reallydelete', $filename, array(
@@ -93,8 +92,7 @@ if ($page == '' || $page == 'overview') {
\Froxlor\UI\Response::dynamic_error($e->getMessage());
}
\Froxlor\UI\Response::redirectTo($filename, array(
'page' => $page,
's' => $s
'page' => $page
));
} else {
@@ -164,8 +162,7 @@ if ($page == '' || $page == 'overview') {
\Froxlor\UI\Response::dynamic_error($e->getMessage());
}
\Froxlor\UI\Response::redirectTo($filename, array(
'page' => $page,
's' => $s
'page' => $page
));
} else {

12
admin_settings.php
View File

@@ -191,9 +191,7 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
$log->logAction(\Froxlor\FroxlorLogger::ADM_ACTION, LOG_WARNING, "wiped all cleartext mail passwords");
Database::query("UPDATE `" . TABLE_MAIL_USERS . "` SET `password` = '';");
Database::query("UPDATE `" . TABLE_PANEL_SETTINGS . "` SET `value` = '0' WHERE `settinggroup` = 'system' AND `varname` = 'mailpwcleartext'");
\Froxlor\UI\Response::redirectTo($filename, array(
's' => $s
));
\Froxlor\UI\Response::redirectTo($filename);
} else {
\Froxlor\UI\HTML::askYesNo('admin_cleartextmailpws_reallywipe', $filename, array(
'page' => $page
@@ -208,9 +206,7 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
// Set the quota to 0 which means unlimited
Database::query("UPDATE `" . TABLE_MAIL_USERS . "` SET `quota` = '0';");
Database::query("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `email_quota_used` = '0'");
\Froxlor\UI\Response::redirectTo($filename, array(
's' => $s
));
\Froxlor\UI\Response::redirectTo($filename);
} else {
\Froxlor\UI\HTML::askYesNo('admin_quotas_reallywipe', $filename, array(
'page' => $page
@@ -249,9 +245,7 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
// Update the Customer, if the used quota is bigger than the allowed quota
Database::query("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `email_quota` = `email_quota_used` WHERE `email_quota` < `email_quota_used`");
$log->logAction(\Froxlor\FroxlorLogger::ADM_ACTION, LOG_WARNING, 'enforcing mailquota to all customers: ' . Settings::Get('system.mail_quota') . ' MB');
\Froxlor\UI\Response::redirectTo($filename, array(
's' => $s
));
\Froxlor\UI\Response::redirectTo($filename);
} else {
\Froxlor\UI\HTML::askYesNo('admin_quotas_reallyenforce', $filename, array(
'page' => $page

18
admin_templates.php
View File

@@ -174,8 +174,7 @@ if ($action == '') {
));
$log->logAction(\Froxlor\FroxlorLogger::ADM_ACTION, LOG_INFO, "deleted template '" . $result['language'] . ' - ' . $lng['admin']['templates'][str_replace('_subject', '', $result['varname'])] . "'");
\Froxlor\UI\Response::redirectTo($filename, array(
'page' => $page,
's' => $s
'page' => $page
));
} else {
\Froxlor\UI\HTML::askYesNo('admin_template_reallydelete', $filename, array(
@@ -210,8 +209,7 @@ if ($action == '') {
));
$log->logAction(\Froxlor\FroxlorLogger::ADM_ACTION, LOG_INFO, "deleted template '" . $lng['admin']['templates'][$row['varname']] . "'");
\Froxlor\UI\Response::redirectTo($filename, array(
'page' => $page,
's' => $s
'page' => $page
));
} else {
\Froxlor\UI\HTML::askYesNo('admin_template_reallydelete', $filename, array(
@@ -319,8 +317,7 @@ if ($action == '') {
$log->logAction(\Froxlor\FroxlorLogger::ADM_ACTION, LOG_INFO, "added template '" . $language . ' - ' . $template . "'");
\Froxlor\UI\Response::redirectTo($filename, array(
'page' => $page,
's' => $s
'page' => $page
));
}
} elseif (isset($_POST['filesend']) && $_POST['filesend'] == 'filesend') {
@@ -345,8 +342,7 @@ if ($action == '') {
$log->logAction(\Froxlor\FroxlorLogger::ADM_ACTION, LOG_INFO, "added template '" . $template . "'");
\Froxlor\UI\Response::redirectTo($filename, array(
'page' => $page,
's' => $s
'page' => $page
));
} elseif (!isset($_GET['files'])) {
@@ -487,8 +483,7 @@ if ($action == '') {
$log->logAction(\Froxlor\FroxlorLogger::ADM_ACTION, LOG_INFO, "edited template '" . $result['varname'] . "'");
\Froxlor\UI\Response::redirectTo($filename, array(
'page' => $page,
's' => $s
'page' => $page
));
} else {
@@ -550,8 +545,7 @@ if ($action == '') {
$log->logAction(\Froxlor\FroxlorLogger::ADM_ACTION, LOG_INFO, "edited template '" . $row['varname'] . "'");
\Froxlor\UI\Response::redirectTo($filename, array(
'page' => $page,
's' => $s
'page' => $page
));
} else {
$row = \Froxlor\PhpHelper::htmlentitiesArray($row);

4
admin_updates.php
View File

@@ -62,7 +62,7 @@ if ($page == 'overview') {
include_once \Froxlor\Froxlor::getInstallDir() . 'install/updatesql.php';
$redirect_url = 'admin_index.php?s=' . $s;
$redirect_url = 'admin_index.php';
eval("echo \"" . \Froxlor\UI\Template::getTemplate('update/update_end') . "\";");
\Froxlor\User::updateCounters();
@@ -107,7 +107,7 @@ if ($page == 'overview') {
}
} else {
$success_message = $lng['update']['noupdatesavail'];
$redirect_url = 'admin_index.php?s=' . $s;
$redirect_url = 'admin_index.php';
eval("echo \"" . \Froxlor\UI\Template::getTemplate('update/noupdatesavail') . "\";");
}
}

12
customer_domains.php
View File

@@ -86,8 +86,7 @@ if ($page == 'overview' || $page == 'domains') {
\Froxlor\UI\Response::dynamic_error($e->getMessage());
}
\Froxlor\UI\Response::redirectTo($filename, array(
'page' => $page,
's' => $s
'page' => $page
));
} else {
\Froxlor\UI\HTML::askYesNo('domains_reallydelete', $filename, array(
@@ -108,8 +107,7 @@ if ($page == 'overview' || $page == 'domains') {
\Froxlor\UI\Response::dynamic_error($e->getMessage());
}
\Froxlor\UI\Response::redirectTo($filename, array(
'page' => $page,
's' => $s
'page' => $page
));
} else {
$stmt = Database::prepare("SELECT `id`, `domain`, `documentroot`, `ssl_redirect`,`isemaildomain`,`letsencrypt` FROM `" . TABLE_PANEL_DOMAINS . "`
@@ -217,8 +215,7 @@ if ($page == 'overview' || $page == 'domains') {
\Froxlor\UI\Response::dynamic_error($e->getMessage());
}
\Froxlor\UI\Response::redirectTo($filename, array(
'page' => $page,
's' => $s
'page' => $page
));
} else {
$result['domain'] = $idna_convert->decode($result['domain']);
@@ -385,8 +382,7 @@ if ($page == 'overview' || $page == 'domains') {
}
// back to domain overview
\Froxlor\UI\Response::redirectTo($filename, array(
'page' => 'domains',
's' => $s
'page' => 'domains'
));
}

27
customer_email.php
View File

@@ -91,8 +91,7 @@ if ($page == 'overview' || $page == 'emails') {
\Froxlor\UI\Response::dynamic_error($e->getMessage());
}
\Froxlor\UI\Response::redirectTo($filename, array(
'page' => $page,
's' => $s
'page' => $page
));
} else {
if ($result['popaccountid'] != '0') {
@@ -119,8 +118,7 @@ if ($page == 'overview' || $page == 'emails') {
\Froxlor\UI\Response::redirectTo($filename, array(
'page' => $page,
'action' => 'edit',
'id' => $result['id'],
's' => $s
'id' => $result['id']
));
} else {
$result_stmt = Database::prepare("SELECT `id`, `domain`, `customerid` FROM `" . TABLE_PANEL_DOMAINS . "`
@@ -225,8 +223,7 @@ if ($page == 'overview' || $page == 'emails') {
\Froxlor\UI\Response::redirectTo($filename, array(
'page' => $page,
'action' => 'edit',
'id' => $id,
's' => $s
'id' => $id
));
}
} elseif ($page == 'accounts') {
@@ -250,8 +247,7 @@ if ($page == 'overview' || $page == 'emails') {
\Froxlor\UI\Response::redirectTo($filename, array(
'page' => 'emails',
'action' => 'edit',
'id' => $id,
's' => $s
'id' => $id
));
} else {
@@ -299,8 +295,7 @@ if ($page == 'overview' || $page == 'emails') {
\Froxlor\UI\Response::redirectTo($filename, array(
'page' => 'emails',
'action' => 'edit',
'id' => $id,
's' => $s
'id' => $id
));
} else {
$result['email_full'] = $idna_convert->decode($result['email_full']);
@@ -335,8 +330,7 @@ if ($page == 'overview' || $page == 'emails') {
\Froxlor\UI\Response::redirectTo($filename, array(
'page' => 'emails',
'action' => 'edit',
'id' => $id,
's' => $s
'id' => $id
));
} else {
$result['email_full'] = $idna_convert->decode($result['email_full']);
@@ -371,8 +365,7 @@ if ($page == 'overview' || $page == 'emails') {
\Froxlor\UI\Response::redirectTo($filename, array(
'page' => 'emails',
'action' => 'edit',
'id' => $id,
's' => $s
'id' => $id
));
} else {
\Froxlor\UI\HTML::askYesNoWithCheckbox('email_reallydelete_account', 'admin_customer_alsoremovemail', $filename, array(
@@ -405,8 +398,7 @@ if ($page == 'overview' || $page == 'emails') {
\Froxlor\UI\Response::redirectTo($filename, array(
'page' => 'emails',
'action' => 'edit',
'id' => $id,
's' => $s
'id' => $id
));
} else {
$result['email_full'] = $idna_convert->decode($result['email_full']);
@@ -457,8 +449,7 @@ if ($page == 'overview' || $page == 'emails') {
\Froxlor\UI\Response::redirectTo($filename, array(
'page' => 'emails',
'action' => 'edit',
'id' => $id,
's' => $s
'id' => $id
));
} else {
\Froxlor\UI\HTML::askYesNo('email_reallydelete_forwarder', $filename, array(

21
customer_extras.php
View File

@@ -81,8 +81,7 @@ if ($page == 'overview' || $page == 'htpasswds') {
\Froxlor\UI\Response::dynamic_error($e->getMessage());
}
\Froxlor\UI\Response::redirectTo($filename, array(
'page' => $page,
's' => $s
'page' => $page
));
} else {
if (strpos($result['path'], $userinfo['documentroot']) === 0) {
@@ -104,8 +103,7 @@ if ($page == 'overview' || $page == 'htpasswds') {
\Froxlor\UI\Response::dynamic_error($e->getMessage());
}
\Froxlor\UI\Response::redirectTo($filename, array(
'page' => $page,
's' => $s
'page' => $page
));
} else {
$pathSelect = \Froxlor\FileDir::makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid']);
@@ -136,8 +134,7 @@ if ($page == 'overview' || $page == 'htpasswds') {
\Froxlor\UI\Response::dynamic_error($e->getMessage());
}
\Froxlor\UI\Response::redirectTo($filename, array(
'page' => $page,
's' => $s
'page' => $page
));
} else {
if (strpos($result['path'], $userinfo['documentroot']) === 0) {
@@ -203,8 +200,7 @@ if ($page == 'overview' || $page == 'htpasswds') {
\Froxlor\UI\Response::dynamic_error($e->getMessage());
}
\Froxlor\UI\Response::redirectTo($filename, array(
'page' => $page,
's' => $s
'page' => $page
));
} else {
\Froxlor\UI\HTML::askYesNo('extras_reallydelete_pathoptions', $filename, array(
@@ -222,8 +218,7 @@ if ($page == 'overview' || $page == 'htpasswds') {
\Froxlor\UI\Response::dynamic_error($e->getMessage());
}
\Froxlor\UI\Response::redirectTo($filename, array(
'page' => $page,
's' => $s
'page' => $page
));
} else {
$pathSelect = \Froxlor\FileDir::makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid']);
@@ -255,8 +250,7 @@ if ($page == 'overview' || $page == 'htpasswds') {
\Froxlor\UI\Response::dynamic_error($e->getMessage());
}
\Froxlor\UI\Response::redirectTo($filename, array(
'page' => $page,
's' => $s
'page' => $page
));
} else {
if (strpos($result['path'], $userinfo['documentroot']) === 0) {
@@ -295,8 +289,7 @@ if ($page == 'overview' || $page == 'htpasswds') {
\Froxlor\UI\Response::standard_success('backupaborted');
\Froxlor\UI\Response::redirectTo($filename, array(
'page' => $page,
'action' => '',
's' => $s
'action' => ''
));
}
if ($action == '') {

9
customer_ftp.php
View File

@@ -75,8 +75,7 @@ if ($page == 'overview' || $page == 'accounts') {
\Froxlor\UI\Response::dynamic_error($e->getMessage());
}
\Froxlor\UI\Response::redirectTo($filename, array(
'page' => $page,
's' => $s
'page' => $page
));
} else {
\Froxlor\UI\HTML::askYesNoWithCheckbox('ftp_reallydelete', 'admin_customer_alsoremoveftphomedir', $filename, array(
@@ -97,8 +96,7 @@ if ($page == 'overview' || $page == 'accounts') {
\Froxlor\UI\Response::dynamic_error($e->getMessage());
}
\Froxlor\UI\Response::redirectTo($filename, array(
'page' => $page,
's' => $s
'page' => $page
));
} else {
$pathSelect = \Froxlor\FileDir::makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid'], '/');
@@ -153,8 +151,7 @@ if ($page == 'overview' || $page == 'accounts') {
\Froxlor\UI\Response::dynamic_error($e->getMessage());
}
\Froxlor\UI\Response::redirectTo($filename, array(
'page' => $page,
's' => $s
'page' => $page
));
} else {
if (strpos($result['homedir'], $userinfo['documentroot']) === 0) {

78
customer_index.php
View File

@@ -27,23 +27,25 @@ use Froxlor\UI\Panel\UI;
if ($action == 'logout') {
$log->logAction(\Froxlor\FroxlorLogger::USR_ACTION, LOG_NOTICE, 'logged out');
$params = array(
"customerid" => $userinfo['customerid']
);
if (Settings::Get('session.allow_multiple_login') == '1') {
$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_SESSIONS . "`
WHERE `userid` = :customerid
AND `adminsession` = '0'
AND `hash` = :hash");
$params["hash"] = $s;
} else {
$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_SESSIONS . "`
WHERE `userid` = :customerid
AND `adminsession` = '0'");
}
Database::pexecute($stmt, $params);
unset($_SESSION['userinfo']);
\Froxlor\CurrentUser::setData();
session_destroy();
\Froxlor\UI\Response::redirectTo('index.php');
} elseif ($action == 'suback') {
if (is_array(\Froxlor\CurrentUser::getField('switched_user'))) {
$result = \Froxlor\CurrentUser::getData();
$result = $result['switched_user'];
\Froxlor\CurrentUser::setData($result);
$target = (isset($_GET['target']) ? $_GET['target'] : 'index');
$redirect = "admin_" . $target . ".php";
if (!file_exists(\Froxlor\Froxlor::getInstallDir() . "/" . $redirect)) {
$redirect = "admin_index.php";
}
\Froxlor\UI\Response::redirectTo($redirect, null, true);
} else {
\Froxlor\UI\Response::dynamic_error("Cannot change back - You've never switched to another user :-)");
}
}
if ($page == 'overview') {
@@ -92,7 +94,7 @@ if ($page == 'overview') {
// get everything in bytes for the percentage calculation on the dashboard
$userinfo['diskspace_bytes'] = ($userinfo['diskspace'] > -1) ? $userinfo['diskspace'] * 1024 : -1;
$userinfo['traffic_bytes'] = ($userinfo['traffic'] > -1) ? $userinfo['traffic'] * 1024 : - 1;
$userinfo['traffic_bytes'] = ($userinfo['traffic'] > -1) ? $userinfo['traffic'] * 1024 : -1;
$userinfo['traffic_bytes_used'] = $userinfo['traffic_used'] * 1024;
if ($usages) {
@@ -109,13 +111,12 @@ if ($page == 'overview') {
'stdsubdomain' => $stdsubdomain
]);
UI::twigOutputBuffer();
} elseif ($page == 'change_password') {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
$old_password = \Froxlor\Validate\Validate::validate($_POST['old_password'], 'old password');
if (! \Froxlor\System\Crypt::validatePasswordLogin($userinfo, $old_password, TABLE_PANEL_CUSTOMERS, 'customerid')) {
if (!\Froxlor\System\Crypt::validatePasswordLogin($userinfo, $old_password, TABLE_PANEL_CUSTOMERS, 'customerid')) {
\Froxlor\UI\Response::standard_error('oldpasswordnotcorrect');
}
@@ -187,9 +188,7 @@ if ($page == 'overview') {
Database::pexecute($stmt, $params);
}
\Froxlor\UI\Response::redirectTo($filename, array(
's' => $s
));
\Froxlor\UI\Response::redirectTo($filename);
}
} else {
eval("echo \"" . \Froxlor\UI\Template::getTemplate('index/change_password') . "\";");
@@ -207,19 +206,9 @@ if ($page == 'overview') {
\Froxlor\UI\Response::dynamic_error($e->getMessage());
}
// also update current session
$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_SESSIONS . "`
SET `language` = :lang
WHERE `hash` = :hash");
Database::pexecute($stmt, array(
"lang" => $def_language,
"hash" => $s
));
}
$log->logAction(\Froxlor\FroxlorLogger::USR_ACTION, LOG_NOTICE, "changed default language to '" . $def_language . "'");
\Froxlor\UI\Response::redirectTo($filename, array(
's' => $s
));
\Froxlor\UI\Response::redirectTo($filename);
} else {
$default_lang = Settings::Get('panel.standardlanguage');
if ($userinfo['def_language'] != '') {
@@ -245,19 +234,8 @@ if ($page == 'overview') {
\Froxlor\UI\Response::dynamic_error($e->getMessage());
}
// also update current session
$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_SESSIONS . "`
SET `theme` = :theme
WHERE `hash` = :hash");
Database::pexecute($stmt, array(
"theme" => $theme,
"hash" => $s
));
$log->logAction(\Froxlor\FroxlorLogger::USR_ACTION, LOG_NOTICE, "changed default theme to '" . $theme . "'");
\Froxlor\UI\Response::redirectTo($filename, array(
's' => $s
));
\Froxlor\UI\Response::redirectTo($filename);
} else {
$default_theme = Settings::Get('panel.default_theme');
if ($userinfo['theme'] != '') {
@@ -333,22 +311,16 @@ if ($page == 'overview') {
// finally remove error from fs
@unlink($err_file);
\Froxlor\UI\Response::redirectTo($filename, array(
's' => $s
));
\Froxlor\UI\Response::redirectTo($filename);
}
// show a nice summary of the error-report
// before actually sending anything
eval("echo \"" . \Froxlor\UI\Template::getTemplate("index/send_error_report") . "\";");
} else {
\Froxlor\UI\Response::redirectTo($filename, array(
's' => $s
));
\Froxlor\UI\Response::redirectTo($filename);
}
} else {
\Froxlor\UI\Response::redirectTo($filename, array(
's' => $s
));
\Froxlor\UI\Response::redirectTo($filename);
}
} elseif ($page == 'apikeys' && Settings::Get('api.enabled') == 1) {
require_once __DIR__ . '/api_keys.php';

9
customer_mysql.php
View File

@@ -101,8 +101,7 @@ if ($page == 'overview' || $page == 'mysqls') {
\Froxlor\UI\Response::dynamic_error($e->getMessage());
}
\Froxlor\UI\Response::redirectTo($filename, array(
'page' => $page,
's' => $s
'page' => $page
));
} else {
$dbnamedesc = $result['databasename'];
@@ -125,8 +124,7 @@ if ($page == 'overview' || $page == 'mysqls') {
\Froxlor\UI\Response::dynamic_error($e->getMessage());
}
\Froxlor\UI\Response::redirectTo($filename, array(
'page' => $page,
's' => $s
'page' => $page
));
} else {
@@ -167,8 +165,7 @@ if ($page == 'overview' || $page == 'mysqls') {
\Froxlor\UI\Response::dynamic_error($e->getMessage());
}
\Froxlor\UI\Response::redirectTo($filename, array(
'page' => $page,
's' => $s
'page' => $page
));
} else {

63
index.php
View File

@@ -28,16 +28,6 @@ if ($action == '') {
$action = 'login';
}
if (session_status() == PHP_SESSION_NONE) {
ini_set("session.name", "s");
ini_set("url_rewriter.tags", "");
ini_set("session.use_cookies", false);
ini_set("session.cookie_httponly", true);
ini_set("session.cookie_secure", UI::$SSL_REQ);
session_id('login');
session_start();
}
if ($action == '2fa_entercode') {
// page for entering the 2FA code after successful login
if (!isset($_SESSION) || !isset($_SESSION['secret_2fa'])) {
@@ -683,10 +673,11 @@ if ($action == 'resetpwd') {
function finishLogin($userinfo)
{
global $version, $dbversion, $remote_addr, $http_user_agent, $languages;
global $languages;
if (isset($userinfo['userid']) && $userinfo['userid'] != '') {
$s = \Froxlor\Froxlor::genSessionId();
\Froxlor\CurrentUser::setData($userinfo);
if (isset($_POST['language'])) {
$language = \Froxlor\Validate\Validate::validate($_POST['language'], 'language');
@@ -698,65 +689,23 @@ function finishLogin($userinfo)
} else {
$language = Settings::Get('panel.standardlanguage');
}
\Froxlor\CurrentUser::setField('language', $language);
if (isset($userinfo['theme']) && $userinfo['theme'] != '') {
$theme = $userinfo['theme'];
} else {
$theme = Settings::Get('panel.default_theme');
\Froxlor\CurrentUser::setField('theme', $theme);
}
if (Settings::Get('session.allow_multiple_login') != '1') {
$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_SESSIONS . "`
WHERE `userid` = :uid
AND `adminsession` = :adminsession");
Database::pexecute($stmt, array(
"uid" => $userinfo['userid'],
"adminsession" => $userinfo['adminsession']
));
}
// check for field 'theme' in session-table, refs #607
// Changed with #1287 to new method
$stmt = Database::query("SHOW COLUMNS FROM panel_sessions LIKE 'theme'");
while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
if ($row['Field'] == "theme") {
$has_theme = true;
}
}
$params = array(
"hash" => $s,
"userid" => $userinfo['userid'],
"ipaddress" => $remote_addr,
"useragent" => $http_user_agent,
"lastactivity" => time(),
"language" => $language,
"adminsession" => $userinfo['adminsession']
);
if ($has_theme) {
$params["theme"] = $theme;
$stmt = Database::prepare("INSERT INTO `" . TABLE_PANEL_SESSIONS . "`
(`hash`, `userid`, `ipaddress`, `useragent`, `lastactivity`, `language`, `adminsession`, `theme`)
VALUES (:hash, :userid, :ipaddress, :useragent, :lastactivity, :language, :adminsession, :theme)");
} else {
$stmt = Database::prepare("INSERT INTO `" . TABLE_PANEL_SESSIONS . "`
(`hash`, `userid`, `ipaddress`, `useragent`, `lastactivity`, `language`, `adminsession`)
VALUES (:hash, :userid, :ipaddress, :useragent, :lastactivity, :language, :adminsession)");
}
Database::pexecute($stmt, $params);
$qryparams = array();
if (isset($_POST['qrystr']) && $_POST['qrystr'] != "") {
parse_str(urldecode($_POST['qrystr']), $qryparams);
}
$qryparams['s'] = $s;
if ($userinfo['adminsession'] == '1') {
if (\Froxlor\Froxlor::hasUpdates() || \Froxlor\Froxlor::hasDbUpdates()) {
\Froxlor\UI\Response::redirectTo('admin_updates.php', array(
's' => $s
));
\Froxlor\UI\Response::redirectTo('admin_updates.php');
} else {
if (isset($_POST['script']) && $_POST['script'] != "") {
if (preg_match("/customer\_/", $_POST['script']) === 1) {

69
install/updates/froxlor/0.11/update_0.11.inc.php Normal file
View File

@@ -0,0 +1,69 @@
<?php
use Froxlor\Database\Database;
use Froxlor\Settings;
/**
* This file is part of the Froxlor project.
* Copyright (c) 2010 the Froxlor Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Froxlor team <team@froxlor.org> (2010-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Install
*
*/
if (!defined('_CRON_UPDATE')) {
if (!defined('AREA') || (defined('AREA') && AREA != 'admin') || !isset($userinfo['loginname']) || (isset($userinfo['loginname']) && $userinfo['loginname'] == '')) {
header('Location: ../../../../index.php');
exit();
}
}
// last 0.10.x release
if (\Froxlor\Froxlor::isFroxlorVersion('0.10.99')) {
showUpdateStep("Updating from 0.10.99 to 0.11.0-rc1", false);
showUpdateStep("Removing unused table");
Database::query("DROP TABLE IF EXISTS `panel_sessions`;");
lastStepStatus(0);
showUpdateStep("Updating froxlor - theme");
Database::query("UPDATE `" . TABLE_PANEL_ADMINS . "` SET `theme` = 'Froxlor' WHERE `theme` <> 'Froxlor';");
Database::query("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `theme` = 'Froxlor' WHERE `theme` <> 'Froxlor';");
Settings::Set('panel.default_theme', 'Froxlor');
lastStepStatus(0);
showUpdateStep("Cleaning up old files");
$to_clean = array(
"templates/Sparkle",
);
$disabled = explode(',', ini_get('disable_functions'));
$exec_allowed = ! in_array('exec', $disabled);
$del_list = "";
foreach ($to_clean as $filedir) {
$complete_filedir = \Froxlor\Froxlor::getInstallDir() . $filedir;
if (file_exists($complete_filedir)) {
if ($exec_allowed) {
Froxlor\FileDir::safe_exec("rm -rf " . escapeshellarg($complete_filedir));
} else {
$del_list .= "rm -rf " . escapeshellarg($complete_filedir) . PHP_EOL;
}
}
}
if ($exec_allowed) {
lastStepStatus(0);
} else {
if (empty($del_list)) {
// none of the files existed
lastStepStatus(0);
} else {
lastStepStatus(1, 'manual commands needed');
echo '<span class="update-step update-step-err">Please run the following commands manually:</span><br><pre>' . $del_list . '</pre><br>';
}
}
}

1
install/updates/froxlor/0.9/update_0.9.inc.php
View File

@@ -23,6 +23,7 @@ if (! defined('_CRON_UPDATE')) {
}
}
define('TABLE_PANEL_SESSIONS', 'panel_sessions');
if (\Froxlor\Froxlor::isFroxlorVersion('0.9-r0')) {
showUpdateStep("Updating from 0.9-r0 to 0.9-r1", false);

91
lib/Froxlor/Ajax/Ajax.php
View File

@@ -27,7 +27,6 @@ use Froxlor\UI\Request;
*/
class Ajax
{
protected string $session;
protected string $action;
protected string $theme;
protected array $userinfo;
@@ -38,22 +37,11 @@ class Ajax
*/
public function __construct()
{
$this->session = $_GET['s'] ?? $_POST['s'] ?? null;
$this->action = $_GET['action'] ?? $_POST['action'] ?? null;
$this->theme = $_GET['theme'] ?? 'Froxlor';
UI::sendHeaders();
UI::sendSslHeaders();
ini_set("session.name", "s");
ini_set("url_rewriter.tags", "");
ini_set("session.use_cookies", false);
ini_set("session.cookie_httponly", true);
ini_set("session.cookie_secure", UI::$SSL_REQ);
session_id($this->session);
session_start();
$this->initLang();
}
/**
@@ -77,11 +65,11 @@ class Ajax
// ensure that we can display messages
$language = \Froxlor\Settings::Get('panel.standardlanguage');
if (isset($this->user_data['language']) && isset($langs[$this->user_data['language']])) {
if (isset($this->userinfo['language']) && isset($langs[$this->userinfo['language']])) {
// default: use language from session, #277
$language = $this->user_data['language'];
} elseif (isset($this->user_data['def_language'])) {
$language = $this->user_data['def_language'];
$language = $this->userinfo['language'];
} elseif (isset($this->userinfo['def_language'])) {
$language = $this->userinfo['def_language'];
}
// include every english language file we can get
@@ -112,6 +100,8 @@ class Ajax
{
$this->userinfo = $this->getValidatedSession();
$this->initLang();
switch ($this->action) {
case 'newsfeed':
return $this->getNewsfeed();
@@ -139,51 +129,10 @@ class Ajax
*/
private function getValidatedSession(): array
{
$remote_addr = $_SERVER['REMOTE_ADDR'];
if (empty($_SERVER['HTTP_USER_AGENT'])) {
$http_user_agent = 'unknown';
} else {
$http_user_agent = $_SERVER['HTTP_USER_AGENT'];
if (\Froxlor\CurrentUser::hasSession() == false) {
throw new Exception("No valid session");
}
$timediff = time() - \Froxlor\Settings::Get('session.sessiontimeout');
$sel_stmt = \Froxlor\Database\Database::prepare("
SELECT * FROM `" . TABLE_PANEL_SESSIONS . "`
WHERE `hash` = :hash AND `ipaddress` = :ipaddr AND `useragent` = :ua AND `lastactivity` > :timediff
");
$session = \Froxlor\Database\Database::pexecute_first($sel_stmt, [
'hash' => $this->session,
'ipaddr' => $remote_addr,
'ua' => $http_user_agent,
'timediff' => $timediff
]);
if (!$session) {
throw new Exception('Session is not defined!');
}
if ($session['adminsession'] == 1) {
// test for admin
$sel_stmt = \Froxlor\Database\Database::prepare("
SELECT * FROM `" . TABLE_PANEL_ADMINS . "`
WHERE `adminid` = :userid
");
} else {
// test for customer
$sel_stmt = \Froxlor\Database\Database::prepare("
SELECT * FROM `" . TABLE_PANEL_CUSTOMERS . "`
WHERE `customerid` = :userid
");
}
$user = \Froxlor\Database\Database::pexecute_first($sel_stmt, [
'userid' => $session['userid']
]);
if (!$user) {
throw new Exception('Session is not defined!');
}
$user['adminsession'] = $session['adminsession'];
return $user;
return \Froxlor\CurrentUser::getData();
}
/**
@@ -252,21 +201,17 @@ class Ajax
private function getUpdateCheck()
{
UI::initTwig();
UI::twig()->addGlobal('s', $this->session);
// TODO: set variables from current session
try {
$json_result = \Froxlor\Api\Commands\Froxlor::getLocal([
'adminid' => 1,
'adminsession' => 1,
'change_serversettings' => 1,
'loginname' => 'updatecheck'
])->checkUpdate();
$json_result = \Froxlor\Api\Commands\Froxlor::getLocal($this->userinfo)->checkUpdate();
$result = json_decode($json_result, true)['data'];
echo UI::twig()->render($this->theme . '/misc/version_top.html.twig', $result);
exit;
} catch (Exception $e) {
\Froxlor\UI\Response::dynamic_error($e->getMessage());
// don't display anything if just not allowed due to permissions
if ($e->getCode() != 403) {
\Froxlor\UI\Response::dynamic_error($e->getMessage());
}
}
}
@@ -310,7 +255,7 @@ class Ajax
}
$result['settings'][] = [
'title' => (is_array($sresult['label']) ? $sresult['label']['title'] : $sresult['label']),
'href' => 'admin_settings.php?page=overview&part=' . $pk[1] . '&em=' . $pk[3] . '&s=' . $this->session
'href' => 'admin_settings.php?page=overview&part=' . $pk[1] . '&em=' . $pk[3]
];
}
}
@@ -346,7 +291,7 @@ class Ajax
}
$result['customer'][] = [
'title' => User::getCorrectFullUserDetails($cresult),
'href' => 'admin_customers.php?page=customers&action=edit&id=' . $cresult['customerid'] . '&s=' . $this->session
'href' => 'admin_customers.php?page=customers&action=edit&id=' . $cresult['customerid']
];
}
}
@@ -374,7 +319,7 @@ class Ajax
}
$result['domains'][] = [
'title' => $cresult['domain_ace'],
'href' => 'admin_domains.php?page=domains&action=edit&id=' . $cresult['id'] . '&s=' . $this->session
'href' => 'admin_domains.php?page=domains&action=edit&id=' . $cresult['id']
];
}
}
@@ -403,7 +348,7 @@ class Ajax
}
$result['domains'][] = [
'title' => $cresult['domain_ace'],
'href' => 'customer_domains.php?page=domains&action=edit&id=' . $cresult['id'] . '&s=' . $this->session
'href' => 'customer_domains.php?page=domains&action=edit&id=' . $cresult['id']
];
}
}

6
lib/Froxlor/Api/Commands/Customers.php
View File

@@ -1535,12 +1535,6 @@ class Customers extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resource
'id' => $id
), true, true);
// delete potential existing sessions
$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_SESSIONS . "` WHERE `userid` = :id AND `adminsession` = '0'");
Database::pexecute($stmt, array(
'id' => $id
), true, true);
// delete traffic information
$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_TRAFFIC . "` WHERE `customerid` = :id");
Database::pexecute($stmt, array(

106
lib/Froxlor/CurrentUser.php Normal file
View File

@@ -0,0 +1,106 @@
<?php
namespace Froxlor;
use Froxlor\Database\Database;
/**
* Class to manage the current user / session
*/
class CurrentUser
{
/**
* set the userinfo data to the session
*
* @param array $data
*/
public static function setData(array $data = []): void
{
$_SESSION['userinfo'] = $data;
}
/**
* returns whether there is an active session
*
* @return bool
*/
public static function hasSession(): bool
{
return !empty($_SESSION) && isset($_SESSION['userinfo']) && !empty($_SESSION['userinfo']);
}
/**
* returns whether user has an adminsession
*
* @return bool
*/
public static function isAdmin(): bool
{
return (self::getField('adminsession') == 1 && self::getField('adminid') > 0 && empty(self::getField('customerid')));
}
/**
* return content of a given field from userinfo-array
*
* @param string $index
*
* @return string|array
*/
public static function getField(string $index)
{
return isset($_SESSION['userinfo'][$index]) ? $_SESSION['userinfo'][$index] : "";
}
/**
* set userinfo field in session
*
* @param string $index
* @param mixed $data
*
* @return boolean
*/
public static function setField(string $index, $data): bool
{
$_SESSION['userinfo'][$index] = $data;
return true;
}
/**
* Return userinfo array
*
* @return array
*/
public static function getData(): array
{
return $_SESSION['userinfo'] ?? [];
}
/**
* re-read in the user data if a valid session exists
*
* @return boolean
*/
public static function reReadUserData()
{
$table = self::isAdmin() ? TABLE_PANEL_ADMINS : TABLE_PANEL_CUSTOMERS;
$userinfo_stmt = Database::prepare("
SELECT * FROM `" . $table . "` WHERE `loginname`= :loginname AND `deactivated` = '0'
");
$userinfo = Database::pexecute_first($userinfo_stmt, [
"loginname" => self::getField('loginname')
]);
if ($userinfo) {
// dont just set the data, we need to merge with current data
// array_merge is a right-reduction - value existing in getData() will be overwritten with $userinfo,
// other than the union-operator (+) which would keep the values already existing from getData()
$newuserinfo = array_merge(self::getData(), $userinfo);
self::setData($newuserinfo);
return true;
}
// unset / logout
unset($_SESSION['userinfo']);
self::setData([]);
return false;
}
}

13
lib/Froxlor/UI/Linker.php
View File

@@ -1,4 +1,5 @@
<?php
namespace Froxlor\UI;
/**
@@ -33,7 +34,7 @@ class Linker
private $args = array();
public function __construct($file = 'index.php', $sessionid = '', $hostname = '', $protocol = '', $port = '', $username = '', $password = '')
public function __construct($file = 'index.php', $hostname = '', $protocol = '', $port = '', $username = '', $password = '')
{
// Set the basic parts of our URL
$this->protocol = $protocol;
@@ -42,8 +43,6 @@ class Linker
$this->hostname = $hostname;
$this->port = $port;
$this->filename = $file;
// @TODO: Remove this
$this->args['s'] = $sessionid;
}
public function __set($key, $value)
@@ -90,11 +89,7 @@ class Linker
public function delAll()
{
// Just resetting the array
// Until the sessionid can be removed: save it
// @TODO: Remove this
$this->args = array(
's' => $this->args['s']
);
$this->args = [];
}
public function getLink()
@@ -158,7 +153,7 @@ class Linker
// Loop through arguments and add them to the link
foreach ($this->args as $key => $value) {
// For all but the first argument, prepend "&amp;"
if (substr($link, - 1) != "?") {
if (substr($link, -1) != "?") {
$link .= "&";
}

17
lib/Froxlor/UI/Paging.php
View File

@@ -210,23 +210,6 @@ class Paging
}
$this->userinfo['lastpaging']['pageno'] = $this->pageno;
$upd_stmt = \Froxlor\Database\Database::prepare("
UPDATE `" . TABLE_PANEL_SESSIONS . "` SET
`lastpaging` = :lastpaging
WHERE `hash` = :hash AND `userid` = :userid
AND `ipaddress` = :ipaddr AND `useragent` = :ua
AND `adminsession` = :adminsession
");
$upd_data = array(
'lastpaging' => json_encode($this->userinfo['lastpaging']),
'hash' => $userinfo['hash'],
'userid' => $userinfo['userid'],
'ipaddr' => $userinfo['ipaddress'],
'ua' => $userinfo['useragent'],
'adminsession' => $userinfo['adminsession']
);
\Froxlor\Database\Database::pexecute($upd_stmt, $upd_data);
$this->limit = $limit;
}

22
lib/Froxlor/UI/Panel/UI.php
View File

@@ -51,13 +51,27 @@ class UI
private static $install_mode = false;
public static $SSL_REQ = false;
/**
* send various security related headers
*/
public static function sendHeaders()
{
$isHttps =
$_SERVER['HTTPS']
?? $_SERVER['REQUEST_SCHEME']
?? $_SERVER['HTTP_X_FORWARDED_PROTO']
?? null;
$isHttps =
$isHttps && (strcasecmp('on', $isHttps) == 0
|| strcasecmp('https', $isHttps) == 0
);
ini_set("url_rewriter.tags", "");
ini_set("session.cookie_httponly", true);
ini_set("session.cookie_secure", $isHttps);
session_start();
header("Content-Type: text/html; charset=UTF-8");
// prevent Froxlor pages from being cached
@@ -96,7 +110,6 @@ class UI
* If Froxlor was called via HTTPS -> enforce it for the next time by settings HSTS header according to settings
*/
if (isset($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS']) != 'off')) {
self::$SSL_REQ = true;
$maxage = \Froxlor\Settings::Get('system.hsts_maxage');
if (empty($maxage)) {
$maxage = 0;
@@ -161,15 +174,14 @@ class UI
if (!self::$install_mode) {
// system default
if (\Froxlor\Froxlor::DBVERSION <= 202299999) {
// @fixme set this to the last 0.10.x DBVERSION to fallback to the new theme
\Froxlor\Settings::Set('panel.default_theme', 'Froxlor');
}
$theme = (\Froxlor\Settings::Get('panel.default_theme') !== null) ? \Froxlor\Settings::Get('panel.default_theme') : $theme;
// customer theme
/*
if (\Froxlor\CurrentUser::hasSession() && \Froxlor\CurrentUser::getField('theme') != $theme) {
$theme = \Froxlor\CurrentUser::getField('theme');
}
*/
}
if (!file_exists(\Froxlor\Froxlor::getInstallDir() . '/templates/' . $theme)) {
\Froxlor\PhpHelper::phpErrHandler(E_USER_WARNING, "Theme '" . $theme . "' could not be found.", __FILE__, __LINE__, null);

16
lib/Froxlor/UI/Response.php
View File

@@ -20,14 +20,8 @@ class Response
*/
public static function redirectTo($destination, $get_variables = null, $isRelative = true)
{
global $s;
if (is_array($get_variables)) {
if (isset($get_variables['s'])) {
$linker = new Linker($destination, $get_variables['s']);
} else {
$linker = new Linker($destination, $s);
}
$linker = new Linker($destination);
foreach ($get_variables as $key => $value) {
$linker->add($key, $value);
@@ -165,7 +159,7 @@ class Response
*/
public static function standard_success($success_message = '', $replacer = '', $params = array(), $throw_exception = false)
{
global $s, $lng;
global $lng;
if (isset($lng['success'][$success_message])) {
$success_message = strtr($lng['success'][$success_message], array(
@@ -178,12 +172,14 @@ class Response
}
if (is_array($params) && isset($params['filename'])) {
$redirect_url = $params['filename'] . '?s=' . $s;
$redirect_url = $params['filename'];
unset($params['filename']);
$first = true;
foreach ($params as $varname => $value) {
if ($value != '') {
$redirect_url .= '&amp;' . $varname . '=' . $value;
$redirect_url .= ($first ? '?' : '&amp;') . $varname . '=' . $value;
if ($first) $first = false;
}
}
} else {

221
lib/init.php
View File

@@ -20,43 +20,39 @@
// define default theme for configurehint, etc.
$_deftheme = 'Froxlor';
function view($template, $attributes) {
$view = file_get_contents(dirname(__DIR__) . '/templates/' . $template);
function view($template, $attributes)
{
$view = file_get_contents(dirname(__DIR__) . '/templates/' . $template);
return str_replace(array_keys($attributes), array_values($attributes), $view);
return str_replace(array_keys($attributes), array_values($attributes), $view);
}
// validate correct php version
if (version_compare("7.4.0", PHP_VERSION, ">=")) {
die(
view($_deftheme . '/misc/phprequirementfailed.html.twig', [
'{{ basehref }}' => '',
'{{ froxlor_min_version }}' => '7.4.0',
'{{ current_version }}' => PHP_VERSION,
'{{ current_year }}' => date('Y', time()),
])
);
die(view($_deftheme . '/misc/phprequirementfailed.html.twig', [
'{{ basehref }}' => '',
'{{ froxlor_min_version }}' => '7.4.0',
'{{ current_version }}' => PHP_VERSION,
'{{ current_year }}' => date('Y', time()),
]));
}
// validate vendor autoloader
if (!file_exists(dirname(__DIR__) . '/vendor/autoload.php')) {
die(
view($_deftheme . '/misc/vendormissinghint.html.twig', [
'{{ basehref }}' => '',
'{{ froxlor_install_dir }}' => dirname(__DIR__),
'{{ current_year }}' => date('Y', time()),
])
);
die(view($_deftheme . '/misc/vendormissinghint.html.twig', [
'{{ basehref }}' => '',
'{{ froxlor_install_dir }}' => dirname(__DIR__),
'{{ current_year }}' => date('Y', time()),
]));
}
require dirname(__DIR__) . '/vendor/autoload.php';
use Froxlor\Database\Database;
use Froxlor\PhpHelper;
use Froxlor\Settings;
use Froxlor\UI\Panel\UI;
use Froxlor\UI\Request;
use voku\helper\AntiXSS;
use Froxlor\CurrentUser;
// include MySQL-tabledefinitions
require \Froxlor\Froxlor::getInstallDir() . '/lib/tables.inc.php';
@@ -64,7 +60,6 @@ require \Froxlor\Froxlor::getInstallDir() . '/lib/tables.inc.php';
UI::sendHeaders();
UI::initTwig();
/**
* Register Globals Security Fix
*/
@@ -120,97 +115,12 @@ UI::sendSslHeaders();
// create a new idna converter
$idna_convert = new \Froxlor\Idna\IdnaWrapper();
// SESSION MANAGEMENT
$remote_addr = $_SERVER['REMOTE_ADDR'];
if (empty($_SERVER['HTTP_USER_AGENT'])) {
$http_user_agent = 'unknown';
} else {
$http_user_agent = $_SERVER['HTTP_USER_AGENT'];
}
unset($userinfo);
unset($userid);
unset($customerid);
unset($adminid);
unset($s);
if (isset($_POST['s'])) {
$s = $_POST['s'];
$nosession = 0;
} elseif (isset($_GET['s'])) {
$s = $_GET['s'];
$nosession = 0;
} else {
$s = '';
$nosession = 1;
// re-read user data if logged in
if (CurrentUser::hasSession()) {
CurrentUser::reReadUserData();
}
$timediff = time() - Settings::Get('session.sessiontimeout');
$del_stmt = Database::prepare("
DELETE FROM `" . TABLE_PANEL_SESSIONS . "` WHERE `lastactivity` < :timediff
");
Database::pexecute($del_stmt, array(
'timediff' => $timediff
));
$userinfo = array();
if (isset($s) && $s != "" && $nosession != 1) {
ini_set("session.name", "s");
ini_set("url_rewriter.tags", "");
ini_set("session.use_cookies", false);
ini_set("session.cookie_httponly", true);
ini_set("session.cookie_secure", UI::$SSL_REQ);
session_id($s);
session_start();
$query = "SELECT `s`.*, `u`.* FROM `" . TABLE_PANEL_SESSIONS . "` `s` LEFT JOIN `";
if (AREA == 'admin') {
$query .= TABLE_PANEL_ADMINS . "` `u` ON (`s`.`userid` = `u`.`adminid`)";
$adminsession = '1';
} else {
$query .= TABLE_PANEL_CUSTOMERS . "` `u` ON (`s`.`userid` = `u`.`customerid`)";
$adminsession = '0';
}
$query .= " WHERE `s`.`hash` = :hash AND `s`.`ipaddress` = :ipaddr
AND `s`.`useragent` = :ua AND `s`.`lastactivity` > :timediff
AND `s`.`adminsession` = :adminsession
";
$userinfo_data = array(
'hash' => $s,
'ipaddr' => $remote_addr,
'ua' => $http_user_agent,
'timediff' => $timediff,
'adminsession' => $adminsession
);
$userinfo_stmt = Database::prepare($query);
$userinfo = Database::pexecute_first($userinfo_stmt, $userinfo_data);
if ($userinfo && (($userinfo['adminsession'] == '1' && AREA == 'admin' && isset($userinfo['adminid'])) || ($userinfo['adminsession'] == '0' && (AREA == 'customer' || AREA == 'login') && isset($userinfo['customerid']))) && (!isset($userinfo['deactivated']) || $userinfo['deactivated'] != '1')) {
$upd_stmt = Database::prepare("
UPDATE `" . TABLE_PANEL_SESSIONS . "` SET
`lastactivity` = :lastactive
WHERE `hash` = :hash AND `adminsession` = :adminsession
");
$upd_data = array(
'lastactive' => time(),
'hash' => $s,
'adminsession' => $adminsession
);
Database::pexecute($upd_stmt, $upd_data);
$nosession = 0;
} else {
$nosession = 1;
}
} else {
$nosession = 1;
}
/**
* Language Management
*/
// Language Management
$langs = array();
$languages = array();
$iso = array();
@@ -239,36 +149,31 @@ foreach ($langs as $key => $value) {
// ensure that we can display messages
$language = Settings::Get('panel.standardlanguage');
if (isset($userinfo['language']) && isset($languages[$userinfo['language']])) {
if (CurrentUser::hasSession() && !empty(CurrentUser::getField('language')) && isset($languages[CurrentUser::getField('language')])) {
// default: use language from session, #277
$language = $userinfo['language'];
$language = CurrentUser::getField('language');
} else {
if (!isset($userinfo['def_language']) || !isset($languages[$userinfo['def_language']])) // this will always evaluat true, since it is the above statement inverted. @todo remove
{
if (isset($_GET['language']) && isset($languages[$_GET['language']])) {
$language = $_GET['language'];
} else {
if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
$accept_langs = explode(',', $_SERVER['HTTP_ACCEPT_LANGUAGE']);
for ($i = 0; $i < count($accept_langs); $i++) {
// this only works for most common languages. some (uncommon) languages have a 3 letter iso-code.
// to be able to use these also, we would have to depend on the intl extension for php (using Locale::lookup or similar)
// as long as froxlor does not support any of these languages, we can leave it like that.
if (isset($iso[substr($accept_langs[$i], 0, 2)])) {
$language = $iso[substr($accept_langs[$i], 0, 2)];
break;
}
if (!CurrentUser::hasSession()) {
if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
$accept_langs = explode(',', $_SERVER['HTTP_ACCEPT_LANGUAGE']);
for ($i = 0; $i < count($accept_langs); $i++) {
// this only works for most common languages. some (uncommon) languages have a 3 letter iso-code.
// to be able to use these also, we would have to depend on the intl extension for php (using Locale::lookup or similar)
// as long as froxlor does not support any of these languages, we can leave it like that.
if (isset($iso[substr($accept_langs[$i], 0, 2)])) {
$language = $iso[substr($accept_langs[$i], 0, 2)];
break;
}
unset($iso);
}
unset($iso);
// if HTTP_ACCEPT_LANGUAGES has no valid langs, use default (very unlikely)
if (!strlen($language) > 0) {
$language = Settings::Get('panel.standardlanguage');
}
// if HTTP_ACCEPT_LANGUAGES has no valid langs, use default (very unlikely)
if (!strlen($language) > 0) {
$language = Settings::Get('panel.standardlanguage');
}
}
} else {
$language = $userinfo['def_language'];
$language = CurrentUser::getField('def_language');
}
}
@@ -290,7 +195,7 @@ include_once \Froxlor\FileDir::makeSecurePath('lng/lng_references.php');
UI::setLng($lng);
// Initialize our link - class
$linker = new \Froxlor\UI\Linker('index.php', $s);
$linker = new \Froxlor\UI\Linker('index.php');
UI::setLinker($linker);
/**
@@ -301,8 +206,8 @@ $theme = (Settings::Get('panel.default_theme') !== null) ? Settings::Get('panel.
/**
* overwrite with customer/admin theme if defined
*/
if (isset($userinfo['theme']) && $userinfo['theme'] != $theme) {
$theme = $userinfo['theme'];
if (CurrentUser::hasSession() && CurrentUser::getField('theme') != $theme) {
$theme = CurrentUser::getField('theme');
}
// Check if a different variant of the theme is used
@@ -351,8 +256,10 @@ UI::twig()->addGlobal('header_logo', $header_logo);
/**
* Redirects to index.php (login page) if no session exists
*/
if ($nosession == 1 && AREA != 'login') {
unset($userinfo);
if (!CurrentUser::hasSession() && AREA != 'login') {
unset($_SESSION['userinfo']);
CurrentUser::setData();
session_destroy();
$params = array(
"script" => basename($_SERVER["SCRIPT_NAME"]),
"qrystr" => $_SERVER["QUERY_STRING"]
@@ -361,16 +268,18 @@ if ($nosession == 1 && AREA != 'login') {
exit();
}
$userinfo = CurrentUser::getData();
UI::twig()->addGlobal('userinfo', ($userinfo ?? []));
UI::setCurrentUser($userinfo);
/**
* Logic moved out of lng-file
*/
if (isset($userinfo['loginname']) && $userinfo['loginname'] != '') {
$lng['menue']['main']['username'] .= $userinfo['loginname'];
// Initialize logger
if (CurrentUser::hasSession()) {
// Initialize logging
$log = \Froxlor\FroxlorLogger::getInstanceOf($userinfo);
if ((CurrentUser::isAdmin() && AREA != 'admin') || (!CurrentUser::isAdmin() && AREA != 'customer')) {
// user tries to access an area not meant for him -> redirect to corresponding index
\Froxlor\UI\Response::redirectTo((CurrentUser::isAdmin() ? 'admin' : 'customer') . '_index.php', $params);
exit();
}
}
/**
@@ -412,10 +321,10 @@ if (AREA == 'admin' || AREA == 'customer') {
)
)
);
$navigation = \Froxlor\UI\HTML::buildNavigation($navigation_data['admin'], $userinfo);
$navigation = \Froxlor\UI\HTML::buildNavigation($navigation_data['admin'], CurrentUser::getData());
} else {
$navigation_data = \Froxlor\PhpHelper::loadConfigArrayDir('lib/navigation/');
$navigation = \Froxlor\UI\HTML::buildNavigation($navigation_data[AREA], $userinfo);
$navigation = \Froxlor\UI\HTML::buildNavigation($navigation_data[AREA], CurrentUser::getData());
}
}
UI::twig()->addGlobal('nav_entries', $navigation);
@@ -444,34 +353,16 @@ UI::twig()->addGlobal('theme_css', $css);
unset($js);
unset($css);
/**
* @TODO
*
$panel_imprint_url = Settings::Get('panel.imprint_url');
if (!empty($panel_imprint_url) && strtolower(substr($panel_imprint_url, 0, 4)) != 'http') {
$panel_imprint_url = 'https://' . $panel_imprint_url;
}
$panel_terms_url = Settings::Get('panel.terms_url');
if (!empty($panel_terms_url) && strtolower(substr($panel_terms_url, 0, 4)) != 'http') {
$panel_terms_url = 'https://' . $panel_terms_url;
}
$panel_privacy_url = Settings::Get('panel.privacy_url');
if (!empty($panel_privacy_url) && strtolower(substr($panel_privacy_url, 0, 4)) != 'http') {
$panel_privacy_url = 'https://' . $panel_privacy_url;
}
*/
$action = Request::get('action');
$page = Request::get('page', 'overview');
// clear request data
if (!$action && isset($_SESSION)) {
unset($_SESSION['requestData']);
unset($_SESSION['requestData']);
}
UI::twig()->addGlobal('action', $action);
UI::twig()->addGlobal('page', $page);
UI::twig()->addGlobal('s', $s);
/**
* Initialize the mailingsystem

2
lib/tablelisting/admin/tablelisting.admins.php
View File

@@ -19,6 +19,7 @@
use Froxlor\UI\Callbacks\ProgressBar;
use Froxlor\UI\Callbacks\Style;
use Froxlor\UI\Callbacks\Text;
use Froxlor\UI\Callbacks\Impersonate;
use Froxlor\UI\Listing;
return [
@@ -34,6 +35,7 @@ return [
'loginname' => [
'label' => $lng['login']['username'],
'field' => 'loginname',
'callback' => [Impersonate::class, 'admin'],
'sortable' => true,
],
'name' => [

2
lib/tablelisting/admin/tablelisting.customers.php
View File

@@ -40,7 +40,7 @@ return [
],
'a.loginname' => [
'label' => $lng['admin']['admin'],
'field' => 'admin.loginname',
'field' => 'adminname',
'callback' => [Impersonate::class, 'admin'],
],
'c.email' => [

1
lib/tables.inc.php
View File

@@ -31,7 +31,6 @@ const TABLE_PANEL_DATABASES = 'panel_databases';
const TABLE_PANEL_DOMAINS = 'panel_domains';
const TABLE_PANEL_HTACCESS = 'panel_htaccess';
const TABLE_PANEL_HTPASSWDS = 'panel_htpasswds';
const TABLE_PANEL_SESSIONS = 'panel_sessions';
const TABLE_PANEL_SETTINGS = 'panel_settings';
const TABLE_PANEL_TASKS = 'panel_tasks';
const TABLE_PANEL_TEMPLATES = 'panel_templates';

1
lng/english.lng.php
View File

@@ -1554,7 +1554,6 @@ $lng['serversettings']['phpfpm_settings']['idle_timeout']['description'] = 'Time
// ADDED IN 0.9.27-svn2
$lng['panel']['cancel'] = 'Cancel';
$lng['admin']['delete_statistics'] = 'Delete Statistics';
$lng['admin']['speciallogwarning'] = '<div id="speciallogfilenote" class="invalid-feedback">WARNING: By changing this setting you will lose all your old statistics for this domain.</div>';
// ADDED IN 0.9.28-svn2

3
logfiles_viewer.php
View File

@@ -34,8 +34,7 @@ $last_n = (int) Request::get('number_of_lines', 100);
if (AREA != 'admin' && $userinfo['logviewenabled'] != '1') {
// back to domain overview
\Froxlor\UI\Response::redirectTo($filename, array(
'page' => 'domains',
's' => $s
'page' => 'domains'
));
}

2
templates/Froxlor/assets/js/main.js
View File

File diff suppressed because one or more lines are too long

3
templates/Froxlor/base.html.twig
View File

@@ -7,9 +7,6 @@
<meta name="robots" content="noindex, nofollow, noarchive"/>
<meta name="googlebot" content="nosnippet"/>
<!-- Session -->
<meta name="froxlor-session" content="{{ s }}">
<!-- CSS -->
{% if theme_css is empty %}
<link href="{{ basehref|default('') }}templates/Froxlor/assets/css/main.css" rel="stylesheet" type="text/css" />

1
templates/Froxlor/form/form.html.twig
View File

@@ -26,7 +26,6 @@
{% if hiddenid is not empty %}
<input type="hidden" name="id" value="{{ hiddenid }}"/>
{% endif %}
<input type="hidden" name="s" value="{{ s }}"/>
<input type="hidden" name="page" value="{{ page }}"/>
<input type="hidden" name="action" value="{{ action }}"/>
<input type="hidden" name="send" value="send"/>

1
templates/Froxlor/form/yesnoquestion.html.twig
View File

@@ -19,7 +19,6 @@
{% endif %}
<hr>
<p class="mb-0">
<input type="hidden" name="s" value="{{ s }}"/>
<input type="hidden" name="send" value="send"/>
{% for id,field in url_params %}
<input type="hidden" name="{{ id }}" value="{{ field }}"/>

2
templates/Froxlor/misc/version_top.html.twig
View File

@@ -1,4 +1,4 @@
<a class="nav-link {% if isnewerversion == 0 %}text-success{% else %}text-warning{% endif %}" {% if isnewerversion == 0 %} href="#" {% else %} href="admin_autoupdate.php?page=overview&s={{ s }}" {% endif %} title="{% if isnewerversion == 0 %}{{ additional_info }}{% else %}{{ message }}{% endif %}">
<a class="nav-link {% if isnewerversion == 0 %}text-success{% else %}text-warning{% endif %}" {% if isnewerversion == 0 %} href="#" {% else %} href="admin_autoupdate.php?page=overview" {% endif %} title="{% if isnewerversion == 0 %}{{ additional_info }}{% else %}{{ message }}{% endif %}">
{% if isnewerversion == 0 %}
<i class="fa-solid fa-circle-check me-1"></i>
{% else %}

1
templates/Froxlor/settings/detailpart.html.twig
View File

@@ -16,7 +16,6 @@
</div>
<div>
<input type="hidden" name="s" value="{{ s }}"/>
<input type="hidden" name="page" value="{{ page }}"/>
<input type="hidden" name="action" value="{{ action }}"/>
<input type="hidden" name="send" value="send"/>

2
templates/Froxlor/src/js/components/customer.js
View File

@@ -25,7 +25,7 @@ $(document).ready(function () {
var pid = $(this).val();
if (pid > 0) {
$.ajax({
url: "admin_plans.php?s=" + window.$session + "&page=overview&action=jqGetPlanValues",
url: "admin_plans.php?page=overview&action=jqGetPlanValues",
type: "POST",
data: {
planid: pid

4
templates/Froxlor/src/js/components/domains.js
View File

@@ -4,7 +4,7 @@ $(document).ready(function () {
$('#customerid').change(function () {
var cid = $(this).val();
$.ajax({
url: "admin_domains.php?s=" + window.$session + "&page=domains&action=jqGetCustomerPHPConfigs",
url: "admin_domains.php?page=domains&action=jqGetCustomerPHPConfigs",
type: "POST",
data: {
customerid: cid
@@ -36,7 +36,7 @@ $(document).ready(function () {
$('#speciallogfile').removeClass('is-invalid');
$('#speciallogverified').val(0);
$.ajax({
url: "admin_domains.php?s=" + window.$session + "&page=overview&action=jqSpeciallogfileNote",
url: "admin_domains.php?page=overview&action=jqSpeciallogfileNote",
type: "POST",
data: {
id: $('input[name=id]').val(), newval: +$('#speciallogfile').is(':checked')

2
templates/Froxlor/src/js/components/ipsandports.js
View File

@@ -7,7 +7,7 @@ $(document).ready(function () {
$('#ipnote').remove();
$('#ip').removeClass('is-invalid');
$.ajax({
url: "admin_ipsandports.php?s=" + window.$session + "&page=overview&action=jqCheckIP",
url: "admin_ipsandports.php?page=overview&action=jqCheckIP",
type: "POST",
data: {
ip: ipval

2
templates/Froxlor/src/js/components/newsfeed.js
View File

@@ -10,7 +10,7 @@ $(document).ready(function () {
}
$.ajax({
url: "lib/ajax.php?action=newsfeed" + role + "&theme=" + window.$theme + "&s=" + window.$session,
url: "lib/ajax.php?action=newsfeed" + role + "&theme=" + window.$theme,
type: "GET",
success: function (data) {
$("#newsfeeditems").html(data);

2
templates/Froxlor/src/js/components/search.js
View File

@@ -20,7 +20,7 @@ $(document).ready(function () {
}
// Search
$.ajax({
url: "lib/ajax.php?action=searchglobal&theme=" + window.$theme + "&s=" + window.$session,
url: "lib/ajax.php?action=searchglobal&theme=" + window.$theme,
type: "POST",
data: {
searchtext: query

2
templates/Froxlor/src/js/components/updatecheck.js
View File

@@ -4,7 +4,7 @@ $(document).ready(function () {
*/
if (document.getElementById('updatecheck')) {
$.ajax({
url: "lib/ajax.php?action=updatecheck&theme=" + window.$theme + "&s=" + window.$session,
url: "lib/ajax.php?action=updatecheck&theme=" + window.$theme,
type: "GET",
success: function (data) {
$("#updatecheck").html(data);

1
templates/Froxlor/src/js/main.js
View File

@@ -6,7 +6,6 @@ global.$ = require('jquery');
$(document).ready(function () {
window.$theme = 'Froxlor';
window.$session = $('meta[name="froxlor-session"]').attr('content');
});
// Load components

12
templates/Froxlor/table/pagination.html.twig
View File

@@ -16,24 +16,24 @@
</li>
{% elseif pagination.current_page > 1 %}
<li class="page-item">
<a class="page-link" href="?s={{ s }}&page={{ page }}&action={{ action }}&pageno=1" tabindex="-1">
<a class="page-link" href="?page={{ page }}&action={{ action }}&pageno=1" tabindex="-1">
<i class="fa-solid fa-angles-left"></i>
</a>
</li>
<li class="page-item">
<a class="page-link" href="?s={{ s }}&page={{ page }}&action={{ action }}&pageno={{ pagination.current_page - 1 }}" tabindex="-1">
<a class="page-link" href="?page={{ page }}&action={{ action }}&pageno={{ pagination.current_page - 1 }}" tabindex="-1">
<i class="fa-solid fa-chevron-left"></i>
</a>
</li>
{% endif %}
{% if pagination.current_page < pagination.last_page %}
<li class="page-item">
<a class="page-link" href="?s={{ s }}&page={{ page }}&action={{ action }}&pageno={{ pagination.current_page + 1 }}" tabindex="-1">
<a class="page-link" href="?page={{ page }}&action={{ action }}&pageno={{ pagination.current_page + 1 }}" tabindex="-1">
<i class="fa-solid fa-chevron-right"></i>
</a>
</li>
<li class="page-item">
<a class="page-link" href="?s={{ s }}&page={{ page }}&action={{ action }}&pageno={{ pagination.last_page }}" tabindex="-1">
<a class="page-link" href="?page={{ page }}&action={{ action }}&pageno={{ pagination.last_page }}" tabindex="-1">
<i class="fa-solid fa-angles-right"></i>
</a>
</li>
@@ -59,8 +59,8 @@
{% if pagination is defined and key in pagination.sortfields %}
<th class="p-3 {{ th.class }}">
{{ th.text }}
<a href="?s={{ s }}&page={{ page }}&action={{ action }}&pageno={{ pagination.current_page }}&sortfield={{ key }}&sortorder=desc">&darr;</a>
<a href="?s={{ s }}&page={{ page }}&action={{ action }}&pageno={{ pagination.current_page }}&sortfield={{ key }}&sortorder=asc">&uarr;</a>
<a href="?page={{ page }}&action={{ action }}&pageno={{ pagination.current_page }}&sortfield={{ key }}&sortorder=desc">&darr;</a>
<a href="?page={{ page }}&action={{ action }}&pageno={{ pagination.current_page }}&sortfield={{ key }}&sortorder=asc">&uarr;</a>
</th>
{% else %}
<th class="p-3 {{ th.class }}">{{ th.text }}</th>

1
templates/Froxlor/user/change_language.html.twig
View File

@@ -20,7 +20,6 @@
</div>
<div class="card-body d-grid gap-2">
<input type="hidden" name="s" value="{{ s }}"/>
<input type="hidden" name="page" value="{{ page }}"/>
<input type="hidden" name="send" value="send"/>
<button class="btn btn-primary rounded-top-0" type="submit" name="dosave">

1
templates/Froxlor/user/change_password.html.twig
View File

@@ -23,7 +23,6 @@
</div>
<div class="card-body d-grid gap-2">
<input type="hidden" name="s" value="{{ s }}"/>
<input type="hidden" name="page" value="{{ page }}"/>
<input type="hidden" name="send" value="send"/>
<button class="btn btn-primary rounded-top-0" type="submit" name="dosave">

1
templates/Froxlor/user/change_theme.html.twig
View File

@@ -19,7 +19,6 @@
</div>
<div class="card-body d-grid gap-2">
<input type="hidden" name="s" value="{{ s }}"/>
<input type="hidden" name="page" value="{{ page }}"/>
<input type="hidden" name="send" value="send"/>
<button class="btn btn-primary rounded-top-0" type="submit" name="dosave">

12
templates/Froxlor/userarea.html.twig
View File

@@ -38,6 +38,11 @@
<ul id="search-dropdown" class="bg-white border list-group list-group-flush position-absolute" style="top: 2.5rem; display:none; z-index: 50; max-height: 300px; overflow-y: scroll"></ul>
</form>
<ul class="navbar-nav ms-auto">
{% if call_static('\\Froxlor\\CurrentUser', 'getField', ['switched_user']) is not empty and call_static('\\Froxlor\\CurrentUser', 'getField', ['switched_user']) is iterable %}
<a class="nav-link text-success" href="{{ linker({'section': 'index', 'action': 'suback'}) }}">
<i class="fa-solid fa-reply me-1"></i> {{ userinfo.switched_user.loginname }}
</a>
{% endif %}
{% if userinfo.adminsession == 1 %}
<li class="nav-item" id="updatecheck"></li>
{% endif %}
@@ -82,13 +87,6 @@
{% endif %}
</ul>
</li>
<!-- if switched-user
<li class="nav-item text-nowrap d-block me-2">
<a class="btn btn-info btn-sm d-block" href="#view=suBack">
<i class="fas fa-undo"></i>
Switch back</a>
</li>
endif -->
<li class="nav-item">
<a class="btn btn-link pe-0" title="{{ lng('login.logout') }}" href="{{ linker({'section': 'index', 'action': 'logout'}) }}">
<i class="fas fa-power-off"></i>

1
tests/bootstrap.php
View File

@@ -77,7 +77,6 @@ Database::query("TRUNCATE TABLE `" . TABLE_PANEL_DISKSPACE . "`;");
Database::query("TRUNCATE TABLE `" . TABLE_PANEL_TRAFFIC . "`;");
Database::query("TRUNCATE TABLE `" . TABLE_PANEL_TRAFFIC_ADMINS . "`;");
Database::query("TRUNCATE TABLE `" . TABLE_PANEL_TASKS . "`;");
Database::query("TRUNCATE TABLE `" . TABLE_PANEL_SESSIONS . "`;");
Database::query("TRUNCATE TABLE `" . TABLE_PANEL_LOG . "`;");
Database::query("TRUNCATE TABLE `" . TABLE_PANEL_HTPASSWDS . "`;");
Database::query("TRUNCATE TABLE `" . TABLE_PANEL_HTACCESS . "`;");