maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

more work on Customer-ApiCommand

Browse Source 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann (d00p)
2018-02-16 13:27:31 +01:00
parent 2da2912c9c
commit 1e45da2410
5 changed files with 1018 additions and 889 deletions
Download Patch File Download Diff File Expand all files Collapse all files

834
admin_customers.php
View File

@@ -152,16 +152,14 @@ if ($page == 'customers'
} elseif($action == 'su' } elseif($action == 'su'
&& $id != 0 && $id != 0
) { ) {
$result_stmt = Database::prepare(" try {
SELECT * FROM `" . TABLE_PANEL_CUSTOMERS . "` $json_result = Customers::getLocal($userinfo, array(
WHERE `customerid` = :id" . 'id' => $id
($userinfo['customers_see_all'] ? '' : " AND `adminid` = :adminid") ))->get();
); } catch (Exception $e) {
$params = array('id' => $id); dynamic_error($e->getMessage());
if ($userinfo['customers_see_all'] == '0') {
$params['adminid'] = $userinfo['adminid'];
} }
$result = Database::pexecute_first($result_stmt, $params); $result = json_decode($json_result, true)['data'];
$destination_user = $result['loginname']; $destination_user = $result['loginname'];
@@ -212,827 +210,70 @@ if ($page == 'customers'
} elseif($action == 'unlock' } elseif($action == 'unlock'
&& $id != 0 && $id != 0
) { ) {
$result_stmt = Database::prepare(" try {
SELECT * FROM `" . TABLE_PANEL_CUSTOMERS . "` $json_result = Customers::getLocal($userinfo, array(
WHERE `customerid` = :id" . 'id' => $id
($userinfo['customers_see_all'] ? '' : " AND `adminid` = :adminid") ))->get();
); } catch (Exception $e) {
$result_data = array('id' => $id); dynamic_error($e->getMessage());
if ($userinfo['customers_see_all'] == '0') {
$result_data['adminid'] = $userinfo['adminid'];
} }
$result = Database::pexecute_first($result_stmt, $result_data); $result = json_decode($json_result, true)['data'];
if ($result['loginname'] != '') {
if (isset($_POST['send']) if (isset($_POST['send'])
&& $_POST['send'] == 'send' && $_POST['send'] == 'send'
) { ) {
$result_stmt = Database::prepare(" try {
UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET $json_result = Customers::getLocal($userinfo, array(
`loginfail_count` = '0' 'id' => $id
WHERE `customerid`= :id" ))->unlock();
); } catch (Exception $e) {
Database::pexecute($result_stmt, array('id' => $id)); dynamic_error($e->getMessage());
}
redirectTo($filename, array('page' => $page, 's' => $s)); redirectTo($filename, array('page' => $page, 's' => $s));
} else { } else {
ask_yesno('customer_reallyunlock', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $result['loginname']); ask_yesno('customer_reallyunlock', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $result['loginname']);
} }
}
} elseif ($action == 'delete' } elseif ($action == 'delete'
&& $id != 0 && $id != 0
) { ) {
$result_stmt = Database::prepare(" try {
SELECT * FROM `" . TABLE_PANEL_CUSTOMERS . "` $json_result = Customers::getLocal($userinfo, array(
WHERE `customerid` = :id" . 'id' => $id
($userinfo['customers_see_all'] ? '' : " AND `adminid` = :adminid") ))->get();
); } catch (Exception $e) {
$params = array('id' => $id); dynamic_error($e->getMessage());
if ($userinfo['customers_see_all'] == '0') {
$params['adminid'] = $userinfo['adminid'];
} }
$result = Database::pexecute_first($result_stmt, $params); $result = json_decode($json_result, true)['data'];
if ($result['loginname'] != '') {
if (isset($_POST['send']) if (isset($_POST['send'])
&& $_POST['send'] == 'send' && $_POST['send'] == 'send'
) { ) {
$databases_stmt = Database::prepare(" try {
SELECT * FROM `" . TABLE_PANEL_DATABASES . "` $json_result = Customers::getLocal($userinfo, array(
WHERE `customerid` = :id ORDER BY `dbserver`" 'id' => $id,
); 'delete_userfiles' => (isset($_POST['delete_userfiles']) ? (int)$_POST['delete_userfiles'] : 0)
Database::pexecute($databases_stmt, array('id' => $id)); ))->delete();
Database::needRoot(true); } catch (Exception $e) {
$last_dbserver = 0; dynamic_error($e->getMessage());
$dbm = new DbManager($log);
while ($row_database = $databases_stmt->fetch(PDO::FETCH_ASSOC)) {
if ($last_dbserver != $row_database['dbserver']) {
Database::needRoot(true, $row_database['dbserver']);
$dbm->getManager()->flushPrivileges();
$last_dbserver = $row_database['dbserver'];
}
$dbm->getManager()->deleteDatabase($row_database['databasename']);
}
$dbm->getManager()->flushPrivileges();
Database::needRoot(false);
$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_CUSTOMERS . "` WHERE `customerid` = :id");
Database::pexecute($stmt, array('id' => $id));
$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_DATABASES . "` WHERE `customerid` = :id");
Database::pexecute($stmt, array('id' => $id));
// first gather all domain-id's to clean up panel_domaintoip and dns-entries accordingly
$did_stmt = Database::prepare("SELECT `id` FROM `".TABLE_PANEL_DOMAINS."` WHERE `customerid` = :id");
Database::pexecute($did_stmt, array('id' => $id));
while ($row = $did_stmt->fetch(PDO::FETCH_ASSOC)) {
$stmt = Database::prepare("DELETE FROM `" . TABLE_DOMAINTOIP . "` WHERE `id_domain` = :did");
Database::pexecute($stmt, array('did' => $row['id']));
$stmt = Database::prepare("DELETE FROM `" . TABLE_DOMAIN_DNS . "` WHERE `domain_id` = :did");
Database::pexecute($stmt, array('did' => $row['id']));
}
$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_DOMAINS . "` WHERE `customerid` = :id");
Database::pexecute($stmt, array('id' => $id));
$domains_deleted = $stmt->rowCount();
$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_HTPASSWDS . "` WHERE `customerid` = :id");
Database::pexecute($stmt, array('id' => $id));
$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_HTACCESS . "` WHERE `customerid` = :id");
Database::pexecute($stmt, array('id' => $id));
$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_SESSIONS . "` WHERE `userid` = :id AND `adminsession` = '0'");
Database::pexecute($stmt, array('id' => $id));
$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_TRAFFIC . "` WHERE `customerid` = :id");
Database::pexecute($stmt, array('id' => $id));
$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_DISKSPACE . "` WHERE `customerid` = :id");
Database::pexecute($stmt, array('id' => $id));
$stmt = Database::prepare("DELETE FROM `" . TABLE_MAIL_USERS . "` WHERE `customerid` = :id");
Database::pexecute($stmt, array('id' => $id));
$stmt = Database::prepare("DELETE FROM `" . TABLE_MAIL_VIRTUAL . "` WHERE `customerid` = :id");
Database::pexecute($stmt, array('id' => $id));
$result2_stmt = Database::prepare("SELECT `username` FROM `" . TABLE_FTP_USERS . "` WHERE `customerid` = :id");
Database::pexecute($result2_stmt, array('id' => $id));
while ($row = $result2_stmt->fetch(PDO::FETCH_ASSOC)) {
$stmt = Database::prepare("DELETE FROM `" . TABLE_FTP_QUOTATALLIES . "` WHERE `name` = :name");
Database::pexecute($stmt, array('name' => $row['username']));
}
$stmt = Database::prepare("DELETE FROM `" . TABLE_FTP_GROUPS . "` WHERE `customerid` = :id");
Database::pexecute($stmt, array('id' => $id));
$stmt = Database::prepare("DELETE FROM `" . TABLE_FTP_USERS . "` WHERE `customerid` = :id");
Database::pexecute($stmt, array('id' => $id));
// Delete all waiting "create user" -tasks for this user, #276
// Note: the WHERE selects part of a serialized array, but it should be safe this way
$del_stmt = Database::prepare("
DELETE FROM `" . TABLE_PANEL_TASKS . "`
WHERE `type` = '2' AND `data` LIKE :loginname"
);
Database::pexecute($del_stmt, array('loginname' => "%:{$result['loginname']};%"));
$admin_update_query = "UPDATE `" . TABLE_PANEL_ADMINS . "` SET `customers_used` = `customers_used` - 1 ";
$admin_update_query.= ", `domains_used` = `domains_used` - 0" . (int)($domains_deleted - $result['subdomains_used']);
if ($result['mysqls'] != '-1') {
$admin_update_query.= ", `mysqls_used` = `mysqls_used` - 0" . (int)$result['mysqls'];
}
if ($result['emails'] != '-1') {
$admin_update_query.= ", `emails_used` = `emails_used` - 0" . (int)$result['emails'];
}
if ($result['email_accounts'] != '-1') {
$admin_update_query.= ", `email_accounts_used` = `email_accounts_used` - 0" . (int)$result['email_accounts'];
}
if ($result['email_forwarders'] != '-1') {
$admin_update_query.= ", `email_forwarders_used` = `email_forwarders_used` - 0" . (int)$result['email_forwarders'];
}
if ($result['email_quota'] != '-1') {
$admin_update_query.= ", `email_quota_used` = `email_quota_used` - 0" . (int)$result['email_quota'];
}
if ($result['subdomains'] != '-1') {
$admin_update_query.= ", `subdomains_used` = `subdomains_used` - 0" . (int)$result['subdomains'];
}
if ($result['ftps'] != '-1') {
$admin_update_query.= ", `ftps_used` = `ftps_used` - 0" . (int)$result['ftps'];
}
if ($result['tickets'] != '-1') {
$admin_update_query.= ", `tickets_used` = `tickets_used` - 0" . (int)$result['tickets'];
}
if (($result['diskspace'] / 1024) != '-1') {
$admin_update_query.= ", `diskspace_used` = `diskspace_used` - 0" . (int)$result['diskspace'];
}
$admin_update_query.= " WHERE `adminid` = '" . (int)$result['adminid'] . "'";
Database::query($admin_update_query);
$log->logAction(ADM_ACTION, LOG_INFO, "deleted user '" . $result['loginname'] . "'");
inserttask('1');
// Using nameserver, insert a task which rebuilds the server config
inserttask('4');
if (isset($_POST['delete_userfiles'])
&& (int)$_POST['delete_userfiles'] == 1
) {
inserttask('6', $result['loginname']);
}
// Using filesystem - quota, insert a task which cleans the filesystem - quota
inserttask('10');
/*
* move old tickets to archive
*/
$tickets = ticket::customerHasTickets($id);
if ($tickets !== false && isset($tickets[0])) {
foreach ($tickets as $ticket) {
$now = time();
$mainticket = ticket::getInstanceOf($userinfo, (int)$ticket);
$mainticket->Set('lastchange', $now, true, true);
$mainticket->Set('lastreplier', '1', true, true);
$mainticket->Set('status', '3', true, true);
$mainticket->Update();
$mainticket->Archive();
$log->logAction(ADM_ACTION, LOG_NOTICE, "archived ticket '" . $mainticket->Get('subject') . "'");
}
} }
redirectTo($filename, array('page' => $page, 's' => $s)); redirectTo($filename, array('page' => $page, 's' => $s));
} else { } else {
ask_yesno_withcheckbox('admin_customer_reallydelete', 'admin_customer_alsoremovefiles', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $result['loginname']); ask_yesno_withcheckbox('admin_customer_reallydelete', 'admin_customer_alsoremovefiles', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $result['loginname']);
} }
}
} elseif($action == 'add') { } elseif($action == 'add') {
if ($userinfo['customers_used'] < $userinfo['customers']
|| $userinfo['customers'] == '-1'
) {
if (isset($_POST['send']) if (isset($_POST['send'])
&& $_POST['send'] == 'send' && $_POST['send'] == 'send'
) { ) {
$name = validate($_POST['name'], 'name');
$firstname = validate($_POST['firstname'], 'first name');
$company = validate($_POST['company'], 'company');
$street = validate($_POST['street'], 'street');
$zipcode = validate($_POST['zipcode'], 'zipcode', '/^[0-9 \-A-Z]*$/');
$city = validate($_POST['city'], 'city');
$phone = validate($_POST['phone'], 'phone', '/^[0-9\- \+\(\)\/]*$/');
$fax = validate($_POST['fax'], 'fax', '/^[0-9\- \+\(\)\/]*$/');
$email = $idna_convert->encode(validate($_POST['email'], 'email'));
$customernumber = validate($_POST['customernumber'], 'customer number', '/^[A-Za-z0-9 \-]*$/Di');
$def_language = validate($_POST['def_language'], 'default language');
$gender = intval_ressource($_POST['gender']);
$custom_notes = validate(str_replace("\r\n", "\n", $_POST['custom_notes']), 'custom_notes', '/^[^\0]*$/');
$custom_notes_show = 0;
if (isset($_POST['custom_notes_show'])) {
$custom_notes_show = intval_ressource($_POST['custom_notes_show']);
}
$diskspace = intval_ressource($_POST['diskspace']);
if (isset($_POST['diskspace_ul'])) {
$diskspace = - 1;
}
$traffic = doubleval_ressource($_POST['traffic']);
if (isset($_POST['traffic_ul'])) {
$traffic = - 1;
}
$subdomains = intval_ressource($_POST['subdomains']);
if (isset($_POST['subdomains_ul'])) {
$subdomains = - 1;
}
$emails = intval_ressource($_POST['emails']);
if (isset($_POST['emails_ul'])) {
$emails = - 1;
}
$email_accounts = intval_ressource($_POST['email_accounts']);
if (isset($_POST['email_accounts_ul'])) {
$email_accounts = - 1;
}
$email_forwarders = intval_ressource($_POST['email_forwarders']);
if (isset($_POST['email_forwarders_ul'])) {
$email_forwarders = - 1;
}
if (Settings::Get('system.mail_quota_enabled') == '1') {
$email_quota = validate($_POST['email_quota'], 'email_quota', '/^\d+$/', 'vmailquotawrong', array('0', ''));
if (isset($_POST['email_quota_ul'])) {
$email_quota = - 1;
}
} else {
$email_quota = - 1;
}
$email_imap = 0;
if (isset($_POST['email_imap'])) {
$email_imap = intval_ressource($_POST['email_imap']);
}
$email_pop3 = 0;
if (isset($_POST['email_pop3'])) {
$email_pop3 = intval_ressource($_POST['email_pop3']);
}
$ftps = 0;
if (isset($_POST['ftps'])) {
$ftps = intval_ressource($_POST['ftps']);
}
if (isset($_POST['ftps_ul'])) {
$ftps = - 1;
}
$tickets = (Settings::Get('ticket.enabled') == 1 ? intval_ressource($_POST['tickets']) : 0);
if (isset($_POST['tickets_ul'])
&& Settings::Get('ticket.enabled') == '1'
) {
$tickets = - 1;
}
$mysqls = intval_ressource($_POST['mysqls']);
if (isset($_POST['mysqls_ul'])) {
$mysqls = - 1;
}
$createstdsubdomain = 0;
if(isset($_POST['createstdsubdomain'])) {
$createstdsubdomain = intval($_POST['createstdsubdomain']);
}
$password = validate($_POST['new_customer_password'], 'password');
// only check if not empty,
// cause empty == generate password automatically
if ($password != '') {
$password = validatePassword($password);
}
// gender out of range? [0,2]
if ($gender < 0 || $gender > 2) {
$gender = 0;
}
$sendpassword = 0;
if (isset($_POST['sendpassword'])) {
$sendpassword = intval($_POST['sendpassword']);
}
$phpenabled = 0;
if (isset($_POST['phpenabled'])) {
$phpenabled = intval($_POST['phpenabled']);
}
$allowed_phpconfigs = array();
if (isset($_POST['allowed_phpconfigs']) && is_array($_POST['allowed_phpconfigs'])) {
foreach ($_POST['allowed_phpconfigs'] as $allowed_phpconfig) {
$allowed_phpconfig = intval($allowed_phpconfig);
$allowed_phpconfigs[] = $allowed_phpconfig;
}
}
$perlenabled = 0;
if (isset($_POST['perlenabled'])) {
$perlenabled = intval($_POST['perlenabled']);
}
$dnsenabled = 0;
if (isset($_POST['dnsenabled'])) {
$dnsenabled = intval($_POST['dnsenabled']);
}
$store_defaultindex = 0;
if (isset($_POST['store_defaultindex'])) {
$store_defaultindex = intval($_POST['store_defaultindex']);
}
$diskspace = $diskspace * 1024;
$traffic = $traffic * 1024 * 1024;
if (((($userinfo['diskspace_used'] + $diskspace) > $userinfo['diskspace']) && ($userinfo['diskspace'] / 1024) != '-1')
|| ((($userinfo['mysqls_used'] + $mysqls) > $userinfo['mysqls']) && $userinfo['mysqls'] != '-1')
|| ((($userinfo['emails_used'] + $emails) > $userinfo['emails']) && $userinfo['emails'] != '-1')
|| ((($userinfo['email_accounts_used'] + $email_accounts) > $userinfo['email_accounts']) && $userinfo['email_accounts'] != '-1')
|| ((($userinfo['email_forwarders_used'] + $email_forwarders) > $userinfo['email_forwarders']) && $userinfo['email_forwarders'] != '-1')
|| ((($userinfo['email_quota_used'] + $email_quota) > $userinfo['email_quota']) && $userinfo['email_quota'] != '-1' && Settings::Get('system.mail_quota_enabled') == '1')
|| ((($userinfo['ftps_used'] + $ftps) > $userinfo['ftps']) && $userinfo['ftps'] != '-1')
|| ((($userinfo['tickets_used'] + $tickets) > $userinfo['tickets']) && $userinfo['tickets'] != '-1')
|| ((($userinfo['subdomains_used'] + $subdomains) > $userinfo['subdomains']) && $userinfo['subdomains'] != '-1')
|| (($diskspace / 1024) == '-1' && ($userinfo['diskspace'] / 1024) != '-1')
|| ($mysqls == '-1' && $userinfo['mysqls'] != '-1')
|| ($emails == '-1' && $userinfo['emails'] != '-1')
|| ($email_accounts == '-1' && $userinfo['email_accounts'] != '-1')
|| ($email_forwarders == '-1' && $userinfo['email_forwarders'] != '-1')
|| ($email_quota == '-1' && $userinfo['email_quota'] != '-1' && Settings::Get('system.mail_quota_enabled') == '1')
|| ($ftps == '-1' && $userinfo['ftps'] != '-1')
|| ($tickets == '-1' && $userinfo['tickets'] != '-1')
|| ($subdomains == '-1' && $userinfo['subdomains'] != '-1')
) {
standard_error('youcantallocatemorethanyouhave');
}
// Either $name and $firstname or the $company must be inserted
if ($name == '' && $company == '') {
standard_error(array('stringisempty', 'myname'));
} elseif($firstname == '' && $company == '') {
standard_error(array('stringisempty', 'myfirstname'));
} elseif($email == '') {
standard_error(array('stringisempty', 'emailadd'));
} elseif(!validateEmail($email)) {
standard_error('emailiswrong', $email);
} else {
if (isset($_POST['new_loginname'])
&& $_POST['new_loginname'] != ''
) {
$accountnumber = intval(Settings::Get('system.lastaccountnumber'));
$loginname = validate($_POST['new_loginname'], 'loginname', '/^[a-z][a-z0-9\-_]+$/i');
// Accounts which match systemaccounts are not allowed, filtering them
if (preg_match('/^' . preg_quote(Settings::Get('customer.accountprefix'), '/') . '([0-9]+)/', $loginname)) {
standard_error('loginnameissystemaccount', Settings::Get('customer.accountprefix'));
}
// Additional filtering for Bug #962
if (function_exists('posix_getpwnam')
&& !in_array("posix_getpwnam", explode(",", ini_get('disable_functions')))
&& posix_getpwnam($loginname)
) {
standard_error('loginnameissystemaccount', Settings::Get('customer.accountprefix'));
}
} else {
$accountnumber = intval(Settings::Get('system.lastaccountnumber')) + 1;
$loginname = Settings::Get('customer.accountprefix') . $accountnumber;
}
// Check if the account already exists
$loginname_check_stmt = Database::prepare("
SELECT `loginname` FROM `" . TABLE_PANEL_CUSTOMERS . "` WHERE `loginname` = :loginname"
);
$loginname_check = Database::pexecute_first($loginname_check_stmt, array('loginname' => $loginname));
$loginname_check_admin_stmt = Database::prepare("
SELECT `loginname` FROM `" . TABLE_PANEL_ADMINS . "` WHERE `loginname` = :loginname"
);
$loginname_check_admin = Database::pexecute_first($loginname_check_admin_stmt, array('loginname' => $loginname));
if (strtolower($loginname_check['loginname']) == strtolower($loginname)
|| strtolower($loginname_check_admin['loginname']) == strtolower($loginname)
) {
standard_error('loginnameexists', $loginname);
} elseif (!validateUsername($loginname, Settings::Get('panel.unix_names'), 14 - strlen(Settings::Get('customer.mysqlprefix')))) {
if (strlen($loginname) > 14 - strlen(Settings::Get('customer.mysqlprefix'))) {
standard_error('loginnameiswrong2', 14 - strlen(Settings::Get('customer.mysqlprefix')));
} else {
standard_error('loginnameiswrong', $loginname);
}
}
$guid = intval(Settings::Get('system.lastguid')) + 1;
$documentroot = makeCorrectDir(Settings::Get('system.documentroot_prefix') . '/' . $loginname);
if (file_exists($documentroot)) {
standard_error('documentrootexists', $documentroot);
}
if ($createstdsubdomain != '1') {
$createstdsubdomain = '0';
}
if ($phpenabled != '0') {
$phpenabled = '1';
}
if ($perlenabled != '0') {
$perlenabled = '1';
}
if ($dnsenabled != '0') {
$dnsenabled = '1';
}
if ($password == '') {
$password = generatePassword();
}
$_theme = Settings::Get('panel.default_theme');
$ins_data = array(
'adminid' => $userinfo['adminid'],
'loginname' => $loginname,
'passwd' => makeCryptPassword($password),
'name' => $name,
'firstname' => $firstname,
'gender' => $gender,
'company' => $company,
'street' => $street,
'zipcode' => $zipcode,
'city' => $city,
'phone' => $phone,
'fax' => $fax,
'email' => $email,
'customerno' => $customernumber,
'lang' => $def_language,
'docroot' => $documentroot,
'guid' => $guid,
'diskspace' => $diskspace,
'traffic' => $traffic,
'subdomains' => $subdomains,
'emails' => $emails,
'email_accounts' => $email_accounts,
'email_forwarders' => $email_forwarders,
'email_quota' => $email_quota,
'ftps' => $ftps,
'tickets' => $tickets,
'mysqls' => $mysqls,
'phpenabled' => $phpenabled,
'allowed_phpconfigs' => empty($allowed_phpconfigs) ? "" : json_encode($allowed_phpconfigs),
'imap' => $email_imap,
'pop3' => $email_pop3,
'perlenabled' => $perlenabled,
'dnsenabled' => $dnsenabled,
'theme' => $_theme,
'custom_notes' => $custom_notes,
'custom_notes_show' => $custom_notes_show
);
$ins_stmt = Database::prepare("
INSERT INTO `" . TABLE_PANEL_CUSTOMERS . "` SET
`adminid` = :adminid,
`loginname` = :loginname,
`password` = :passwd,
`name` = :name,
`firstname` = :firstname,
`gender` = :gender,
`company` = :company,
`street` = :street,
`zipcode` = :zipcode,
`city` = :city,
`phone` = :phone,
`fax` = :fax,
`email` = :email,
`customernumber` = :customerno,
`def_language` = :lang,
`documentroot` = :docroot,
`guid` = :guid,
`diskspace` = :diskspace,
`traffic` = :traffic,
`subdomains` = :subdomains,
`emails` = :emails,
`email_accounts` = :email_accounts,
`email_forwarders` = :email_forwarders,
`email_quota` = :email_quota,
`ftps` = :ftps,
`tickets` = :tickets,
`mysqls` = :mysqls,
`standardsubdomain` = '0',
`phpenabled` = :phpenabled,
`allowed_phpconfigs` = :allowed_phpconfigs,
`imap` = :imap,
`pop3` = :pop3,
`perlenabled` = :perlenabled,
`dnsenabled` = :dnsenabled,
`theme` = :theme,
`custom_notes` = :custom_notes,
`custom_notes_show` = :custom_notes_show"
);
Database::pexecute($ins_stmt, $ins_data);
$customerid = Database::lastInsertId();
$admin_update_query = "UPDATE `" . TABLE_PANEL_ADMINS . "` SET `customers_used` = `customers_used` + 1";
if ($mysqls != '-1') {
$admin_update_query.= ", `mysqls_used` = `mysqls_used` + 0" . (int)$mysqls;
}
if ($emails != '-1') {
$admin_update_query.= ", `emails_used` = `emails_used` + 0" . (int)$emails;
}
if ($email_accounts != '-1') {
$admin_update_query.= ", `email_accounts_used` = `email_accounts_used` + 0" . (int)$email_accounts;
}
if ($email_forwarders != '-1') {
$admin_update_query.= ", `email_forwarders_used` = `email_forwarders_used` + 0" . (int)$email_forwarders;
}
if ($email_quota != '-1') {
$admin_update_query.= ", `email_quota_used` = `email_quota_used` + 0" . (int)$email_quota;
}
if ($subdomains != '-1') {
$admin_update_query.= ", `subdomains_used` = `subdomains_used` + 0" . (int)$subdomains;
}
if ($ftps != '-1') {
$admin_update_query.= ", `ftps_used` = `ftps_used` + 0" . (int)$ftps;
}
if ($tickets != '-1'
&& Settings::Get('ticket.enabled') == 1
) {
$admin_update_query.= ", `tickets_used` = `tickets_used` + 0" . (int)$tickets;
}
if (($diskspace / 1024) != '-1') {
$admin_update_query.= ", `diskspace_used` = `diskspace_used` + 0" . (int)$diskspace;
}
$admin_update_query.= " WHERE `adminid` = '" . (int)$userinfo['adminid'] . "'";
Database::query($admin_update_query);
$upd_stmt = Database::prepare("
UPDATE `" . TABLE_PANEL_SETTINGS . "` SET
`value` = :guid
WHERE `settinggroup` = 'system' AND `varname` = 'lastguid'"
);
Database::pexecute($upd_stmt, array('guid' => $guid));
if ($accountnumber != intval(Settings::Get('system.lastaccountnumber'))) {
$upd_stmt = Database::prepare("
UPDATE `" . TABLE_PANEL_SETTINGS . "` SET
`value` = :accno
WHERE `settinggroup` = 'system' AND `varname` = 'lastaccountnumber'"
);
Database::pexecute($upd_stmt, array('accno' => $accountnumber));
}
$log->logAction(ADM_ACTION, LOG_INFO, "added user '" . $loginname . "'");
inserttask('2', $loginname, $guid, $guid, $store_defaultindex);
// Using filesystem - quota, insert a task which cleans the filesystem - quota
inserttask('10');
// Add htpasswd for the webalizer stats
if (CRYPT_STD_DES == 1) {
$saltfordescrypt = substr(md5(uniqid(microtime(), 1)), 4, 2);
$htpasswdPassword = crypt($password, $saltfordescrypt);
} else {
$htpasswdPassword = crypt($password);
}
$ins_stmt = Database::prepare("
INSERT INTO `" . TABLE_PANEL_HTPASSWDS . "` SET
`customerid` = :customerid,
`username` = :username,
`password` = :passwd,
`path` = :path"
);
$ins_data = array(
'customerid' => $customerid,
'username' => $loginname,
'passwd' => $htpasswdPassword
);
if (Settings::Get('system.awstats_enabled') == '1') {
$ins_data['path'] = makeCorrectDir($documentroot . '/awstats/');
$log->logAction(ADM_ACTION, LOG_NOTICE, "automatically added awstats htpasswd for user '" . $loginname . "'");
} else {
$ins_data['path'] = makeCorrectDir($documentroot . '/webalizer/');
$log->logAction(ADM_ACTION, LOG_NOTICE, "automatically added webalizer htpasswd for user '" . $loginname . "'");
}
Database::pexecute($ins_stmt, $ins_data);
inserttask('1');
$cryptPassword = makeCryptPassword($password);
// FTP-User
$ins_stmt = Database::prepare("
INSERT INTO `" . TABLE_FTP_USERS . "` SET `customerid` = :customerid, `username` = :username, `description` = :desc,
`password` = :passwd, `homedir` = :homedir, `login_enabled` = 'y', `uid` = :guid, `gid` = :guid"
);
$ins_data = array(
'customerid' => $customerid,
'username' => $loginname,
'passwd' => $cryptPassword,
'homedir' => $documentroot,
'guid' => $guid,
'desc' => "Default"
);
Database::pexecute($ins_stmt, $ins_data);
// FTP-Group
$ins_stmt = Database::prepare("
INSERT INTO `" . TABLE_FTP_GROUPS . "` SET `customerid` = :customerid, `groupname` = :groupname, `gid` = :guid, `members` = :members"
);
$ins_data = array(
'customerid' => $customerid,
'groupname' => $loginname,
'guid' => $guid,
'members' => $loginname.','.Settings::Get('system.httpuser')
);
// also, add froxlor-local user to ftp-group (if exists!) to
// allow access to customer-directories from within the panel, which
// is necessary when pathedit = Dropdown
if ((int)Settings::Get('system.mod_fcgid_ownvhost') == 1 || (int)Settings::Get('phpfpm.enabled_ownvhost') == 1) {
if ((int)Settings::Get('system.mod_fcgid') == 1) {
$local_user = Settings::Get('system.mod_fcgid_httpuser');
} else {
$local_user = Settings::Get('phpfpm.vhost_httpuser');
}
// check froxlor-local user membership in ftp-group
// without this check addition may duplicate user in list if httpuser == local_user
if (strpos($ins_data['members'], $local_user) == false) {
$ins_data['members'] .= ','.$local_user;
}
}
Database::pexecute($ins_stmt, $ins_data);
// FTP-Quotatallies
$ins_stmt = Database::prepare("
INSERT INTO `" . TABLE_FTP_QUOTATALLIES . "` SET `name` = :name, `quota_type` = 'user', `bytes_in_used` = '0',
`bytes_out_used` = '0', `bytes_xfer_used` = '0', `files_in_used` = '0', `files_out_used` = '0', `files_xfer_used` = '0'"
);
Database::pexecute($ins_stmt, array('name' => $loginname));
$log->logAction(ADM_ACTION, LOG_NOTICE, "automatically added ftp-account for user '" . $loginname . "'");
$_stdsubdomain = '';
if ($createstdsubdomain == '1') {
if (Settings::Get('system.stdsubdomain') !== null
&& Settings::Get('system.stdsubdomain') != ''
) {
$_stdsubdomain = $loginname . '.' . Settings::Get('system.stdsubdomain');
} else {
$_stdsubdomain = $loginname . '.' . Settings::Get('system.hostname');
}
$ins_data = array(
'domain' => $_stdsubdomain,
'customerid' => $customerid,
'adminid' => $userinfo['adminid'],
'docroot' => $documentroot,
'adddate' => time(),
'phpenabled' => $phpenabled
);
$ins_stmt = Database::prepare("
INSERT INTO `" . TABLE_PANEL_DOMAINS . "` SET
`domain` = :domain,
`customerid` = :customerid,
`adminid` = :adminid,
`parentdomainid` = '0',
`documentroot` = :docroot,
`zonefile` = '',
`isemaildomain` = '0',
`caneditdomain` = '0',
`openbasedir` = '1',
`speciallogfile` = '0',
`specialsettings` = '',
`dkim_id` = '0',
`dkim_privkey` = '',
`dkim_pubkey` = '',
`phpenabled` = :phpenabled,
`add_date` = :adddate"
);
Database::pexecute($ins_stmt, $ins_data);
$domainid = Database::lastInsertId();
// set ip <-> domain connection
$defaultips = explode(',', Settings::Get('system.defaultip'));
$ins_stmt = Database::prepare("
INSERT INTO `" . TABLE_DOMAINTOIP . "` SET `id_domain` = :domainid, `id_ipandports` = :ipid"
);
foreach ($defaultips as $defaultip) {
Database::pexecute($ins_stmt, array('domainid' => $domainid, 'ipid' => $defaultip));
}
$upd_stmt = Database::prepare("
UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `standardsubdomain` = :domainid WHERE `customerid` = :customerid"
);
Database::pexecute($upd_stmt, array('domainid' => $domainid, 'customerid' => $customerid));
$log->logAction(ADM_ACTION, LOG_NOTICE, "automatically added standardsubdomain for user '" . $loginname . "'");
inserttask('1');
}
if ($sendpassword == '1') {
$srv_hostname = Settings::Get('system.hostname');
if (Settings::Get('system.froxlordirectlyviahostname') == '0') {
$srv_hostname .= '/froxlor';
}
$srv_ip_stmt = Database::prepare("
SELECT ip, port FROM `".TABLE_PANEL_IPSANDPORTS."`
WHERE `id` = :defaultip
");
$default_ips = Settings::Get('system.defaultip');
$default_ips = explode(',', $default_ips);
$srv_ip = Database::pexecute_first($srv_ip_stmt, array('defaultip' => reset($default_ips)));
$replace_arr = array(
'FIRSTNAME' => $firstname,
'NAME' => $name,
'COMPANY' => $company,
'SALUTATION' => getCorrectUserSalutation(array('firstname' => $firstname, 'name' => $name, 'company' => $company)),
'USERNAME' => $loginname,
'PASSWORD' => $password,
'SERVER_HOSTNAME' => $srv_hostname,
'SERVER_IP' => isset($srv_ip['ip']) ? $srv_ip['ip'] : '',
'SERVER_PORT' => isset($srv_ip['port']) ? $srv_ip['port'] : '',
'DOMAINNAME' => $_stdsubdomain
);
// Get mail templates from database; the ones from 'admin' are fetched for fallback
$result_stmt = Database::prepare("
SELECT `value` FROM `" . TABLE_PANEL_TEMPLATES . "`
WHERE `adminid` = :adminid AND `language` = :deflang AND `templategroup` = 'mails' AND `varname` = 'createcustomer_subject'"
);
$result = Database::pexecute_first($result_stmt, array('adminid' => $userinfo['adminid'], 'deflang' => $def_language));
$mail_subject = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $lng['mails']['createcustomer']['subject']), $replace_arr));
$result_stmt = Database::prepare("
SELECT `value` FROM `" . TABLE_PANEL_TEMPLATES . "`
WHERE `adminid` = :adminid AND `language` = :deflang AND `templategroup` = 'mails' AND `varname` = 'createcustomer_mailbody'"
);
$result = Database::pexecute_first($result_stmt, array('adminid' => $userinfo['adminid'], 'deflang' => $def_language));
$mail_body = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $lng['mails']['createcustomer']['mailbody']), $replace_arr));
$_mailerror = false;
try { try {
$mail->Subject = $mail_subject; Customers::getLocal($userinfo, $_POST)->add();
$mail->AltBody = $mail_body;
$mail->MsgHTML(str_replace("\n", "<br />", $mail_body));
$mail->AddAddress($email, getCorrectUserSalutation(array('firstname' => $firstname, 'name' => $name, 'company' => $company)));
$mail->Send();
} catch(phpmailerException $e) {
$mailerr_msg = $e->errorMessage();
$_mailerror = true;
} catch (Exception $e) { } catch (Exception $e) {
$mailerr_msg = $e->getMessage(); dynamic_error($e->getMessage());
$_mailerror = true;
}
if ($_mailerror) {
$log->logAction(ADM_ACTION, LOG_ERR, "Error sending mail: " . $mailerr_msg);
standard_error('errorsendingmail', $email);
}
$mail->ClearAddresses();
$log->logAction(ADM_ACTION, LOG_NOTICE, "automatically sent password to user '" . $loginname . "'");
} }
redirectTo($filename, array('page' => $page, 's' => $s)); redirectTo($filename, array('page' => $page, 's' => $s));
}
} else { } else {
$language_options = ''; $language_options = '';
@@ -1097,7 +338,6 @@ if ($page == 'customers'
eval("echo \"" . getTemplate("customers/customers_add") . "\";"); eval("echo \"" . getTemplate("customers/customers_add") . "\";");
} }
}
} elseif($action == 'edit' } elseif($action == 'edit'
&& $id != 0 && $id != 0

54
lib/classes/api/abstract.ApiCommand.php
View File

@@ -9,6 +9,8 @@ abstract class ApiCommand
private $logger = null; private $logger = null;
private $mail = null;
private $cmd_params = null; private $cmd_params = null;
public function __construct($header = null, $params = null, $userinfo = null) public function __construct($header = null, $params = null, $userinfo = null)
@@ -20,12 +22,18 @@ abstract class ApiCommand
$this->readUserData($header); $this->readUserData($header);
} elseif (! empty($userinfo)) { } elseif (! empty($userinfo)) {
$this->user_data = $userinfo; $this->user_data = $userinfo;
$this->is_admin = ($userinfo['adminsession'] == 1 && $userinfo['adminid'] > 0) ? true : false; $this->is_admin = (isset($userinfo['adminsession']) && $userinfo['adminsession'] == 1 && $userinfo['adminid'] > 0) ? true : false;
} else { } else {
throw new Exception("Invalid user data", 500); throw new Exception("Invalid user data", 500);
} }
$this->logger = FroxlorLogger::getInstanceOf($this->user_data); $this->logger = FroxlorLogger::getInstanceOf($this->user_data);
$this->initLang();
$this->initMail();
}
private function initLang()
{
// query the whole table // query the whole table
$result_stmt = Database::query("SELECT * FROM `" . TABLE_PANEL_LANGUAGE . "`"); $result_stmt = Database::query("SELECT * FROM `" . TABLE_PANEL_LANGUAGE . "`");
@@ -62,6 +70,37 @@ abstract class ApiCommand
include_once makeSecurePath(FROXLOR_INSTALL_DIR . '/lng/lng_references.php'); include_once makeSecurePath(FROXLOR_INSTALL_DIR . '/lng/lng_references.php');
} }
private function initMail()
{
/**
* Initialize the mailingsystem
*/
$this->mail = new PHPMailer(true);
$this->mail->CharSet = "UTF-8";
if (Settings::Get('system.mail_use_smtp')) {
$this->mail->isSMTP();
$this->mail->Host = Settings::Get('system.mail_smtp_host');
$this->mail->SMTPAuth = Settings::Get('system.mail_smtp_auth') == '1' ? true : false;
$this->mail->Username = Settings::Get('system.mail_smtp_user');
$this->mail->Password = Settings::Get('system.mail_smtp_passwd');
if (Settings::Get('system.mail_smtp_usetls')) {
$this->mail->SMTPSecure = 'tls';
} else {
$this->mail->SMTPAutoTLS = false;
}
$this->mail->Port = Settings::Get('system.mail_smtp_port');
}
if (PHPMailer::ValidateAddress(Settings::Get('panel.adminmail')) !== false) {
// set return-to address and custom sender-name, see #76
$this->mail->SetFrom(Settings::Get('panel.adminmail'), Settings::Get('panel.adminmail_defname'));
if (Settings::Get('panel.adminmail_return') != '') {
$this->mail->AddReplyTo(Settings::Get('panel.adminmail_return'), Settings::Get('panel.adminmail_defname'));
}
}
}
public static function getLocal($userinfo = null, $params = null) public static function getLocal($userinfo = null, $params = null)
{ {
return new static(null, $params, $userinfo); return new static(null, $params, $userinfo);
@@ -145,6 +184,16 @@ abstract class ApiCommand
return $this->logger; return $this->logger;
} }
/**
* return mailer instance
*
* @return PHPMailer
*/
protected function mailer()
{
return $this->mail;
}
protected function response($status, $status_message, $data = null) protected function response($status, $status_message, $data = null)
{ {
header("HTTP/1.1 " . $status); header("HTTP/1.1 " . $status);
@@ -189,6 +238,9 @@ abstract class ApiCommand
$this->user_data = Database::pexecute_first($sel_stmt, array( $this->user_data = Database::pexecute_first($sel_stmt, array(
'id' => ($this->is_admin ? $result['adminid'] : $result['customerid']) 'id' => ($this->is_admin ? $result['adminid'] : $result['customerid'])
), true, true); ), true, true);
if ($this->is_admin) {
$this->user_data['adminsession'] = 1;
}
return true; return true;
} }
throw new Exception("Invalid API credentials", 400); throw new Exception("Invalid API credentials", 400);

823
lib/classes/api/commands/class.Customers.php
View File

@@ -57,9 +57,596 @@ class Customers extends ApiCommand
public function add() public function add()
{ {
global $lng;
if ($this->isAdmin()) { if ($this->isAdmin()) {
if ($this->getUserDetail('customers_used') < $this->getUserDetail('customers') || $this->getUserDetail('customers') == '-1') {
$idna_convert = new idna_convert_wrapper();
$name = validate($this->getParam('name'), 'name', '', '', array(), true);
$firstname = validate($this->getParam('firstname'), 'first name', '', '', array(), true);
$company = validate($this->getParam('company'), 'company', '', '', array(), true);
$street = validate($this->getParam('street'), 'street', '', '', array(), true);
$zipcode = validate($this->getParam('zipcode'), 'zipcode', '/^[0-9 \-A-Z]*$/', '', array(), true);
$city = validate($this->getParam('city'), 'city', '', '', array(), true);
$phone = validate($this->getParam('phone'), 'phone', '/^[0-9\- \+\(\)\/]*$/', '', array(), true);
$fax = validate($this->getParam('fax'), 'fax', '/^[0-9\- \+\(\)\/]*$/', '', array(), true);
$email = $idna_convert->encode(validate($this->getParam('email'), 'email', '', '', array(), true));
$customernumber = validate($this->getParam('customernumber'), 'customer number', '/^[A-Za-z0-9 \-]*$/Di', '', array(), true);
$def_language = validate($this->getParam('def_language'), 'default language', '', '', array(), true);
$gender = intval_ressource($this->getParam('gender', 0));
$custom_notes = validate(str_replace("\r\n", "\n", $this->getParam('custom_notes', '')), 'custom_notes', '/^[^\0]*$/', '', array(), true);
$custom_notes_show = $this->getParam('custom_notes_show', 0);
$diskspace = intval_ressource($this->getParam('diskspace', 0));
if ($this->getParam('diskspace_ul', 0) == 1) {
$diskspace = - 1;
}
$traffic = doubleval_ressource($this->getParam('traffic', 0));
if ($this->getParam('traffic_ul', 0) == 1) {
$traffic = - 1;
}
$subdomains = intval_ressource($this->getParam('subdomains', 0));
if ($this->getParam('subdomains_ul', 0) == 1) {
$subdomains = - 1;
}
$emails = intval_ressource($this->getParam('emails', 0));
if ($this->getParam('emails_ul', 0) == 1) {
$emails = - 1;
}
$email_accounts = intval_ressource($this->getParam('email_accounts', 0));
if ($this->getParam('email_accounts_ul', 0) == 1) {
$email_accounts = - 1;
}
$email_forwarders = intval_ressource($this->getParam('email_forwarders', 0));
if ($this->getParam('email_forwarders_ul', 0) == 1) {
$email_forwarders = - 1;
}
if (Settings::Get('system.mail_quota_enabled') == '1') {
$email_quota = validate($this->getParam('email_quota', 0), 'email_quota', '/^\d+$/', 'vmailquotawrong', array(
'0',
''
), true);
if ($this->getParam('email_quota_ul', 0) == 1) {
$email_quota = - 1;
}
} else {
$email_quota = - 1;
}
$email_imap = $this->getParam('email_imap', 0);
$email_pop3 = $this->getParam('email_pop3', 0);
$ftps = intval_ressource($this->getParam('ftps', 0));
if ($this->getParam('ftps_ul', 0) == 1) {
$ftps = - 1;
}
if (Settings::Get('ticket.enabled') == '1') {
$tickets = intval_ressource($this->getParam('tickets', 0));
if ($this->getParam('tickets_ul', 0) == 1) {
$tickets = - 1;
}
} else {
$tickets = - 1;
}
$mysqls = intval_ressource($this->getParam('mysqls', 0));
if ($this->getParam('mysqls_ul', 0) == 1) {
$mysqls = - 1;
}
$createstdsubdomain = $this->getParam('createstdsubdomain', 0);
$password = validate($this->getParam('new_customer_password', ''), 'password', '', '', array(), true);
// only check if not empty,
// cause empty == generate password automatically
if ($password != '') {
$password = validatePassword($password, true);
}
// gender out of range? [0,2]
if ($gender < 0 || $gender > 2) {
$gender = 0;
}
$sendpassword = $this->getParam('sendpassword', 0);
$phpenabled = $this->getParam('phpenabled', 0);
$allowed_phpconfigs = array();
if (! empty($this->getParam('allowed_phpconfigs', array())) && is_array($this->getParam('allowed_phpconfigs'))) {
foreach ($this->getParam('allowed_phpconfigs') as $allowed_phpconfig) {
$allowed_phpconfig = intval($allowed_phpconfig);
$allowed_phpconfigs[] = $allowed_phpconfig;
}
}
$perlenabled = $this->getParam('perlenabled', 0);
$dnsenabled = $this->getParam('dnsenabled', 0);
$store_defaultindex = $this->getParam('store_defaultindex', 0);
$diskspace = $diskspace * 1024;
$traffic = $traffic * 1024 * 1024;
if (((($this->getUserDetail('diskspace_used') + $diskspace) > $this->getUserDetail('diskspace')) && ($this->getUserDetail('diskspace') / 1024) != '-1') || ((($this->getUserDetail('mysqls_used') + $mysqls) > $this->getUserDetail('mysqls')) && $this->getUserDetail('mysqls') != '-1') || ((($this->getUserDetail('emails_used') + $emails) > $this->getUserDetail('emails')) && $this->getUserDetail('emails') != '-1') || ((($this->getUserDetail('email_accounts_used') + $email_accounts) > $this->getUserDetail('email_accounts')) && $this->getUserDetail('email_accounts') != '-1') || ((($this->getUserDetail('email_forwarders_used') + $email_forwarders) > $this->getUserDetail('email_forwarders')) && $this->getUserDetail('email_forwarders') != '-1') || ((($this->getUserDetail('email_quota_used') + $email_quota) > $this->getUserDetail('email_quota')) && $this->getUserDetail('email_quota') != '-1' && Settings::Get('system.mail_quota_enabled') == '1') || ((($this->getUserDetail('ftps_used') + $ftps) > $this->getUserDetail('ftps')) && $this->getUserDetail('ftps') != '-1') || ((($this->getUserDetail('tickets_used') + $tickets) > $this->getUserDetail('tickets')) && $this->getUserDetail('tickets') != '-1') || ((($this->getUserDetail('subdomains_used') + $subdomains) > $this->getUserDetail('subdomains')) && $this->getUserDetail('subdomains') != '-1') || (($diskspace / 1024) == '-1' && ($this->getUserDetail('diskspace') / 1024) != '-1') || ($mysqls == '-1' && $this->getUserDetail('mysqls') != '-1') || ($emails == '-1' && $this->getUserDetail('emails') != '-1') || ($email_accounts == '-1' && $this->getUserDetail('email_accounts') != '-1') || ($email_forwarders == '-1' && $this->getUserDetail('email_forwarders') != '-1') || ($email_quota == '-1' && $this->getUserDetail('email_quota') != '-1' && Settings::Get('system.mail_quota_enabled') == '1') || ($ftps == '-1' && $this->getUserDetail('ftps') != '-1') || ($tickets == '-1' && $this->getUserDetail('tickets') != '-1') || ($subdomains == '-1' && $this->getUserDetail('subdomains') != '-1')) {
standard_error('youcantallocatemorethanyouhave', '', true);
}
// Either $name and $firstname or the $company must be inserted
if ($name == '' && $company == '') {
standard_error(array(
'stringisempty',
'myname'
));
} elseif ($firstname == '' && $company == '') {
standard_error(array(
'stringisempty',
'myfirstname'
), '', true);
} elseif ($email == '') {
standard_error(array(
'stringisempty',
'emailadd'
), '', true);
} elseif (! validateEmail($email)) {
standard_error('emailiswrong', $email, true);
} else {
if ($this->getParam('new_loginname', '') != '') {
$accountnumber = intval(Settings::Get('system.lastaccountnumber'));
$loginname = validate($this->getParam('new_loginname'), 'loginname', '/^[a-z][a-z0-9\-_]+$/i', '', array(), true);
// Accounts which match systemaccounts are not allowed, filtering them
if (preg_match('/^' . preg_quote(Settings::Get('customer.accountprefix'), '/') . '([0-9]+)/', $loginname)) {
standard_error('loginnameissystemaccount', Settings::Get('customer.accountprefix'), true);
}
// Additional filtering for Bug #962
if (function_exists('posix_getpwnam') && ! in_array("posix_getpwnam", explode(",", ini_get('disable_functions'))) && posix_getpwnam($loginname)) {
standard_error('loginnameissystemaccount', Settings::Get('customer.accountprefix'), true);
}
} else {
$accountnumber = intval(Settings::Get('system.lastaccountnumber')) + 1;
$loginname = Settings::Get('customer.accountprefix') . $accountnumber;
}
// Check if the account already exists
$loginname_check_stmt = Database::prepare("
SELECT `loginname` FROM `" . TABLE_PANEL_CUSTOMERS . "` WHERE `loginname` = :loginname
");
$loginname_check = Database::pexecute_first($loginname_check_stmt, array(
'loginname' => $loginname
), true, true);
$loginname_check_admin_stmt = Database::prepare("
SELECT `loginname` FROM `" . TABLE_PANEL_ADMINS . "` WHERE `loginname` = :loginname
");
$loginname_check_admin = Database::pexecute_first($loginname_check_admin_stmt, array(
'loginname' => $loginname
), true, true);
if (strtolower($loginname_check['loginname']) == strtolower($loginname) || strtolower($loginname_check_admin['loginname']) == strtolower($loginname)) {
standard_error('loginnameexists', $loginname, true);
} elseif (! validateUsername($loginname, Settings::Get('panel.unix_names'), 14 - strlen(Settings::Get('customer.mysqlprefix')))) {
if (strlen($loginname) > 14 - strlen(Settings::Get('customer.mysqlprefix'))) {
standard_error('loginnameiswrong2', 14 - strlen(Settings::Get('customer.mysqlprefix')), true);
} else {
standard_error('loginnameiswrong', $loginname, true);
}
}
$guid = intval(Settings::Get('system.lastguid')) + 1;
$documentroot = makeCorrectDir(Settings::Get('system.documentroot_prefix') . '/' . $loginname);
if (file_exists($documentroot)) {
standard_error('documentrootexists', $documentroot, true);
}
if ($createstdsubdomain != '1') {
$createstdsubdomain = '0';
}
if ($phpenabled != '0') {
$phpenabled = '1';
}
if ($perlenabled != '0') {
$perlenabled = '1';
}
if ($dnsenabled != '0') {
$dnsenabled = '1';
}
if ($password == '') {
$password = generatePassword();
}
$_theme = Settings::Get('panel.default_theme');
$ins_data = array(
'adminid' => $this->getUserDetail('adminid'),
'loginname' => $loginname,
'passwd' => makeCryptPassword($password),
'name' => $name,
'firstname' => $firstname,
'gender' => $gender,
'company' => $company,
'street' => $street,
'zipcode' => $zipcode,
'city' => $city,
'phone' => $phone,
'fax' => $fax,
'email' => $email,
'customerno' => $customernumber,
'lang' => $def_language,
'docroot' => $documentroot,
'guid' => $guid,
'diskspace' => $diskspace,
'traffic' => $traffic,
'subdomains' => $subdomains,
'emails' => $emails,
'email_accounts' => $email_accounts,
'email_forwarders' => $email_forwarders,
'email_quota' => $email_quota,
'ftps' => $ftps,
'tickets' => $tickets,
'mysqls' => $mysqls,
'phpenabled' => $phpenabled,
'allowed_phpconfigs' => empty($allowed_phpconfigs) ? "" : json_encode($allowed_phpconfigs),
'imap' => $email_imap,
'pop3' => $email_pop3,
'perlenabled' => $perlenabled,
'dnsenabled' => $dnsenabled,
'theme' => $_theme,
'custom_notes' => $custom_notes,
'custom_notes_show' => $custom_notes_show
);
$ins_stmt = Database::prepare("
INSERT INTO `" . TABLE_PANEL_CUSTOMERS . "` SET
`adminid` = :adminid,
`loginname` = :loginname,
`password` = :passwd,
`name` = :name,
`firstname` = :firstname,
`gender` = :gender,
`company` = :company,
`street` = :street,
`zipcode` = :zipcode,
`city` = :city,
`phone` = :phone,
`fax` = :fax,
`email` = :email,
`customernumber` = :customerno,
`def_language` = :lang,
`documentroot` = :docroot,
`guid` = :guid,
`diskspace` = :diskspace,
`traffic` = :traffic,
`subdomains` = :subdomains,
`emails` = :emails,
`email_accounts` = :email_accounts,
`email_forwarders` = :email_forwarders,
`email_quota` = :email_quota,
`ftps` = :ftps,
`tickets` = :tickets,
`mysqls` = :mysqls,
`standardsubdomain` = '0',
`phpenabled` = :phpenabled,
`allowed_phpconfigs` = :allowed_phpconfigs,
`imap` = :imap,
`pop3` = :pop3,
`perlenabled` = :perlenabled,
`dnsenabled` = :dnsenabled,
`theme` = :theme,
`custom_notes` = :custom_notes,
`custom_notes_show` = :custom_notes_show
");
Database::pexecute($ins_stmt, $ins_data, true, true);
$customerid = Database::lastInsertId();
$ins_data['customerid'] = $customerid;
// update admin resource-usage
$admin_update_query = "UPDATE `" . TABLE_PANEL_ADMINS . "` SET `customers_used` = `customers_used` + 1";
if ($mysqls != '-1') {
$admin_update_query .= ", `mysqls_used` = `mysqls_used` + 0" . (int) $mysqls;
}
if ($emails != '-1') {
$admin_update_query .= ", `emails_used` = `emails_used` + 0" . (int) $emails;
}
if ($email_accounts != '-1') {
$admin_update_query .= ", `email_accounts_used` = `email_accounts_used` + 0" . (int) $email_accounts;
}
if ($email_forwarders != '-1') {
$admin_update_query .= ", `email_forwarders_used` = `email_forwarders_used` + 0" . (int) $email_forwarders;
}
if ($email_quota != '-1') {
$admin_update_query .= ", `email_quota_used` = `email_quota_used` + 0" . (int) $email_quota;
}
if ($subdomains != '-1') {
$admin_update_query .= ", `subdomains_used` = `subdomains_used` + 0" . (int) $subdomains;
}
if ($ftps != '-1') {
$admin_update_query .= ", `ftps_used` = `ftps_used` + 0" . (int) $ftps;
}
if ($tickets != '-1' && Settings::Get('ticket.enabled') == 1) {
$admin_update_query .= ", `tickets_used` = `tickets_used` + 0" . (int) $tickets;
}
if (($diskspace / 1024) != '-1') {
$admin_update_query .= ", `diskspace_used` = `diskspace_used` + 0" . (int) $diskspace;
}
$admin_update_query .= " WHERE `adminid` = '" . (int) $this->getUserDetail('adminid') . "'";
Database::query($admin_update_query);
// update last guid
Settings::Set('system.lastguid', $guid, true);
if ($accountnumber != intval(Settings::Get('system.lastaccountnumber'))) {
// update last account number
Settings::Set('system.lastaccountnumber', $accountnumber, true);
}
$this->logger()->logAction(ADM_ACTION, LOG_INFO, "[API] added customer '" . $loginname . "'");
$customer_ins_data = $ins_data;
unset($ins_data);
// insert task to create homedir etc.
inserttask('2', $loginname, $guid, $guid, $store_defaultindex);
// Using filesystem - quota, insert a task which cleans the filesystem - quota
inserttask('10');
// Add htpasswd for the webalizer stats
if (CRYPT_STD_DES == 1) {
$saltfordescrypt = substr(md5(uniqid(microtime(), 1)), 4, 2);
$htpasswdPassword = crypt($password, $saltfordescrypt);
} else {
$htpasswdPassword = crypt($password);
}
$ins_stmt = Database::prepare("
INSERT INTO `" . TABLE_PANEL_HTPASSWDS . "` SET
`customerid` = :customerid,
`username` = :username,
`password` = :passwd,
`path` = :path
");
$ins_data = array(
'customerid' => $customerid,
'username' => $loginname,
'passwd' => $htpasswdPassword
);
if (Settings::Get('system.awstats_enabled') == '1') {
$ins_data['path'] = makeCorrectDir($documentroot . '/awstats/');
$this->logger()->logAction(ADM_ACTION, LOG_NOTICE, "[API] automatically added awstats htpasswd for user '" . $loginname . "'");
} else {
$ins_data['path'] = makeCorrectDir($documentroot . '/webalizer/');
$this->logger()->logAction(ADM_ACTION, LOG_NOTICE, "[API] automatically added webalizer htpasswd for user '" . $loginname . "'");
}
Database::pexecute($ins_stmt, $ins_data, true, true);
inserttask('1');
$cryptPassword = makeCryptPassword($password);
// add FTP-User
// @fixme use Ftp-ApiCommand later
$ins_stmt = Database::prepare("
INSERT INTO `" . TABLE_FTP_USERS . "` SET `customerid` = :customerid, `username` = :username, `description` = :desc,
`password` = :passwd, `homedir` = :homedir, `login_enabled` = 'y', `uid` = :guid, `gid` = :guid
");
$ins_data = array(
'customerid' => $customerid,
'username' => $loginname,
'passwd' => $cryptPassword,
'homedir' => $documentroot,
'guid' => $guid,
'desc' => "Default"
);
Database::pexecute($ins_stmt, $ins_data, true, true);
// add FTP-Group
// @fixme use Ftp-ApiCommand later
$ins_stmt = Database::prepare("
INSERT INTO `" . TABLE_FTP_GROUPS . "` SET `customerid` = :customerid, `groupname` = :groupname, `gid` = :guid, `members` = :members
");
$ins_data = array(
'customerid' => $customerid,
'groupname' => $loginname,
'guid' => $guid,
'members' => $loginname . ',' . Settings::Get('system.httpuser')
);
// also, add froxlor-local user to ftp-group (if exists!) to
// allow access to customer-directories from within the panel, which
// is necessary when pathedit = Dropdown
if ((int) Settings::Get('system.mod_fcgid_ownvhost') == 1 || (int) Settings::Get('phpfpm.enabled_ownvhost') == 1) {
if ((int) Settings::Get('system.mod_fcgid') == 1) {
$local_user = Settings::Get('system.mod_fcgid_httpuser');
} else {
$local_user = Settings::Get('phpfpm.vhost_httpuser');
}
// check froxlor-local user membership in ftp-group
// without this check addition may duplicate user in list if httpuser == local_user
if (strpos($ins_data['members'], $local_user) == false) {
$ins_data['members'] .= ',' . $local_user;
}
}
Database::pexecute($ins_stmt, $ins_data, true, true);
// FTP-Quotatallies
// @fixme use Ftp-ApiCommand later
$ins_stmt = Database::prepare("
INSERT INTO `" . TABLE_FTP_QUOTATALLIES . "` SET `name` = :name, `quota_type` = 'user', `bytes_in_used` = '0',
`bytes_out_used` = '0', `bytes_xfer_used` = '0', `files_in_used` = '0', `files_out_used` = '0', `files_xfer_used` = '0'
");
Database::pexecute($ins_stmt, array(
'name' => $loginname
), true, true);
$this->logger()->logAction(ADM_ACTION, LOG_NOTICE, "[API] automatically added ftp-account for user '" . $loginname . "'");
$_stdsubdomain = '';
if ($createstdsubdomain == '1') {
if (Settings::Get('system.stdsubdomain') !== null && Settings::Get('system.stdsubdomain') != '') {
$_stdsubdomain = $loginname . '.' . Settings::Get('system.stdsubdomain');
} else {
$_stdsubdomain = $loginname . '.' . Settings::Get('system.hostname');
}
$ins_data = array(
'domain' => $_stdsubdomain,
'customerid' => $customerid,
'adminid' => $this->getUserDetail('adminid'),
'parentdomainid' => '0',
'docroot' => $documentroot,
'adddate' => time(),
'phpenabled' => $phpenabled,
'zonefile' => '',
'isemaildomain' => '0',
'caneditdomain' => '0',
'openbasedir' => '1',
'speciallogfile' => '0',
'dkim_id' => '0',
'dkim_privkey' => '',
'dkim_pubkey' => '',
'ipandport' => explode(',', Settings::Get('system.defaultip'))
);
$domainid = - 1;
try {
$std_domain = Domains::getLocal($this->getUserData(), $ins_data)->add();
$domainid = json_decode($std_domain, true)['data']['id'];
} catch (Exception $e) {
$this->logger()->logAction(ADM_ACTION, LOG_ERR, "[API] Unable to add standard-subdomain: " . $e->getMessage());
}
if ($domainid > 0) {
// set ip <-> domain connection
$defaultips = explode(',', Settings::Get('system.defaultip'));
$ins_stmt = Database::prepare("
INSERT INTO `" . TABLE_DOMAINTOIP . "` SET `id_domain` = :domainid, `id_ipandports` = :ipid
");
foreach ($defaultips as $defaultip) {
Database::pexecute($ins_stmt, array(
'domainid' => $domainid,
'ipid' => $defaultip
), true, true);
}
$upd_stmt = Database::prepare("
UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `standardsubdomain` = :domainid WHERE `customerid` = :customerid
");
Database::pexecute($upd_stmt, array(
'domainid' => $domainid,
'customerid' => $customerid
), true, true);
$this->logger()->logAction(ADM_ACTION, LOG_NOTICE, "[API] automatically added standardsubdomain for user '" . $loginname . "'");
inserttask('1');
}
}
if ($sendpassword == '1') {
$srv_hostname = Settings::Get('system.hostname');
if (Settings::Get('system.froxlordirectlyviahostname') == '0') {
$srv_hostname .= '/froxlor';
}
$srv_ip_stmt = Database::prepare("
SELECT ip, port FROM `" . TABLE_PANEL_IPSANDPORTS . "`
WHERE `id` = :defaultip
");
$default_ips = Settings::Get('system.defaultip');
$default_ips = explode(',', $default_ips);
$srv_ip = Database::pexecute_first($srv_ip_stmt, array(
'defaultip' => reset($default_ips)
), true, true);
$replace_arr = array(
'FIRSTNAME' => $firstname,
'NAME' => $name,
'COMPANY' => $company,
'SALUTATION' => getCorrectUserSalutation(array(
'firstname' => $firstname,
'name' => $name,
'company' => $company
)),
'USERNAME' => $loginname,
'PASSWORD' => $password,
'SERVER_HOSTNAME' => $srv_hostname,
'SERVER_IP' => isset($srv_ip['ip']) ? $srv_ip['ip'] : '',
'SERVER_PORT' => isset($srv_ip['port']) ? $srv_ip['port'] : '',
'DOMAINNAME' => $_stdsubdomain
);
// Get mail templates from database; the ones from 'admin' are fetched for fallback
$result_stmt = Database::prepare("
SELECT `value` FROM `" . TABLE_PANEL_TEMPLATES . "`
WHERE `adminid` = :adminid AND `language` = :deflang AND `templategroup` = 'mails' AND `varname` = 'createcustomer_subject'");
$result = Database::pexecute_first($result_stmt, array(
'adminid' => $this->getUserDetail('adminid'),
'deflang' => $def_language
), true, true);
$mail_subject = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $lng['mails']['createcustomer']['subject']), $replace_arr));
$result_stmt = Database::prepare("
SELECT `value` FROM `" . TABLE_PANEL_TEMPLATES . "`
WHERE `adminid` = :adminid AND `language` = :deflang AND `templategroup` = 'mails' AND `varname` = 'createcustomer_mailbody'");
$result = Database::pexecute_first($result_stmt, array(
'adminid' => $this->getUserDetail('adminid'),
'deflang' => $def_language
), true, true);
$mail_body = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $lng['mails']['createcustomer']['mailbody']), $replace_arr));
$_mailerror = false;
try {
$this->mailer()->Subject = $mail_subject;
$this->mailer()->AltBody = $mail_body;
$this->mailer()->MsgHTML(str_replace("\n", "<br />", $mail_body));
$this->mailer()->AddAddress($email, getCorrectUserSalutation(array(
'firstname' => $firstname,
'name' => $name,
'company' => $company
)));
$this->mailer()->Send();
} catch (phpmailerException $e) {
$mailerr_msg = $e->errorMessage();
$_mailerror = true;
} catch (Exception $e) {
$mailerr_msg = $e->getMessage();
$_mailerror = true;
}
if ($_mailerror) {
$this->logger()->logAction(ADM_ACTION, LOG_ERR, "[API] Error sending mail: " . $mailerr_msg);
standard_error('errorsendingmail', $email, true);
}
$this->mailer()->ClearAddresses();
$this->logger()->logAction(ADM_ACTION, LOG_NOTICE, "[API] automatically sent password to user '" . $loginname . "'");
}
}
$this->logger()->logAction(ADM_ACTION, LOG_WARNING, "[API] added customer '" . $loginname . "'"); $this->logger()->logAction(ADM_ACTION, LOG_WARNING, "[API] added customer '" . $loginname . "'");
return $this->response(200, "successfull", $ins_data); return $this->response(200, "successfull", $customer_ins_data);
}
throw new Exception("No more resources available", 406);
} }
throw new Exception("Not allowed to execute given command.", 403); throw new Exception("Not allowed to execute given command.", 403);
} }
@@ -90,9 +677,243 @@ class Customers extends ApiCommand
))->get(); ))->get();
$result = json_decode($json_result, true)['data']; $result = json_decode($json_result, true)['data'];
// @fixme use Databases-ApiCommand later
$databases_stmt = Database::prepare("
SELECT * FROM `" . TABLE_PANEL_DATABASES . "`
WHERE `customerid` = :id ORDER BY `dbserver`
");
Database::pexecute($databases_stmt, array(
'id' => $id
));
Database::needRoot(true);
$last_dbserver = 0;
$dbm = new DbManager($log);
while ($row_database = $databases_stmt->fetch(PDO::FETCH_ASSOC)) {
if ($last_dbserver != $row_database['dbserver']) {
Database::needRoot(true, $row_database['dbserver']);
$dbm->getManager()->flushPrivileges();
$last_dbserver = $row_database['dbserver'];
}
$dbm->getManager()->deleteDatabase($row_database['databasename']);
}
$dbm->getManager()->flushPrivileges();
Database::needRoot(false);
// delete customer itself
$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_CUSTOMERS . "` WHERE `customerid` = :id");
Database::pexecute($stmt, array(
'id' => $id
), true, true);
// delete customer databases
$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_DATABASES . "` WHERE `customerid` = :id");
Database::pexecute($stmt, array(
'id' => $id
), true, true);
// first gather all domain-id's to clean up panel_domaintoip and dns-entries accordingly
$did_stmt = Database::prepare("SELECT `id` FROM `" . TABLE_PANEL_DOMAINS . "` WHERE `customerid` = :id");
Database::pexecute($did_stmt, array(
'id' => $id
), true, true);
while ($row = $did_stmt->fetch(PDO::FETCH_ASSOC)) {
// remove domain->ip connection
$stmt = Database::prepare("DELETE FROM `" . TABLE_DOMAINTOIP . "` WHERE `id_domain` = :did");
Database::pexecute($stmt, array(
'did' => $row['id']
), true, true);
// remove domain->dns entries
$stmt = Database::prepare("DELETE FROM `" . TABLE_DOMAIN_DNS . "` WHERE `domain_id` = :did");
Database::pexecute($stmt, array(
'did' => $row['id']
), true, true);
}
// remove customer domains
$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_DOMAINS . "` WHERE `customerid` = :id");
Database::pexecute($stmt, array(
'id' => $id
), true, true);
$domains_deleted = $stmt->rowCount();
// delete htpasswds
$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_HTPASSWDS . "` WHERE `customerid` = :id");
Database::pexecute($stmt, array(
'id' => $id
), true, true);
// delete htaccess options
$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_HTACCESS . "` WHERE `customerid` = :id");
Database::pexecute($stmt, array(
'id' => $id
), true, true);
// delete potential existing sessions
$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_SESSIONS . "` WHERE `userid` = :id AND `adminsession` = '0'");
Database::pexecute($stmt, array(
'id' => $id
), true, true);
// delete traffic information
$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_TRAFFIC . "` WHERE `customerid` = :id");
Database::pexecute($stmt, array(
'id' => $id
), true, true);
// remove diskspace analysis
$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_DISKSPACE . "` WHERE `customerid` = :id");
Database::pexecute($stmt, array(
'id' => $id
), true, true);
// delete mail-accounts
$stmt = Database::prepare("DELETE FROM `" . TABLE_MAIL_USERS . "` WHERE `customerid` = :id");
Database::pexecute($stmt, array(
'id' => $id
), true, true);
// delete mail-addresses
$stmt = Database::prepare("DELETE FROM `" . TABLE_MAIL_VIRTUAL . "` WHERE `customerid` = :id");
Database::pexecute($stmt, array(
'id' => $id
), true, true);
// gather ftp-user names
$result2_stmt = Database::prepare("SELECT `username` FROM `" . TABLE_FTP_USERS . "` WHERE `customerid` = :id");
Database::pexecute($result2_stmt, array(
'id' => $id
), true, true);
while ($row = $result2_stmt->fetch(PDO::FETCH_ASSOC)) {
// delete ftp-quotatallies by username
$stmt = Database::prepare("DELETE FROM `" . TABLE_FTP_QUOTATALLIES . "` WHERE `name` = :name");
Database::pexecute($stmt, array(
'name' => $row['username']
), true, true);
}
// remove ftp-group
$stmt = Database::prepare("DELETE FROM `" . TABLE_FTP_GROUPS . "` WHERE `customerid` = :id");
Database::pexecute($stmt, array(
'id' => $id
), true, true);
// remove ftp-users
$stmt = Database::prepare("DELETE FROM `" . TABLE_FTP_USERS . "` WHERE `customerid` = :id");
Database::pexecute($stmt, array(
'id' => $id
), true, true);
// Delete all waiting "create user" -tasks for this user, #276
// Note: the WHERE selects part of a serialized array, but it should be safe this way
$del_stmt = Database::prepare("
DELETE FROM `" . TABLE_PANEL_TASKS . "`
WHERE `type` = '2' AND `data` LIKE :loginname
");
Database::pexecute($del_stmt, array(
'loginname' => "%:{$result['loginname']};%"
), true, true);
// update admin-resource-usage
$admin_update_query = "UPDATE `" . TABLE_PANEL_ADMINS . "` SET `customers_used` = `customers_used` - 1 ";
$admin_update_query .= ", `domains_used` = `domains_used` - 0" . (int) ($domains_deleted - $result['subdomains_used']);
if ($result['mysqls'] != '-1') {
$admin_update_query .= ", `mysqls_used` = `mysqls_used` - 0" . (int) $result['mysqls'];
}
if ($result['emails'] != '-1') {
$admin_update_query .= ", `emails_used` = `emails_used` - 0" . (int) $result['emails'];
}
if ($result['email_accounts'] != '-1') {
$admin_update_query .= ", `email_accounts_used` = `email_accounts_used` - 0" . (int) $result['email_accounts'];
}
if ($result['email_forwarders'] != '-1') {
$admin_update_query .= ", `email_forwarders_used` = `email_forwarders_used` - 0" . (int) $result['email_forwarders'];
}
if ($result['email_quota'] != '-1') {
$admin_update_query .= ", `email_quota_used` = `email_quota_used` - 0" . (int) $result['email_quota'];
}
if ($result['subdomains'] != '-1') {
$admin_update_query .= ", `subdomains_used` = `subdomains_used` - 0" . (int) $result['subdomains'];
}
if ($result['ftps'] != '-1') {
$admin_update_query .= ", `ftps_used` = `ftps_used` - 0" . (int) $result['ftps'];
}
if ($result['tickets'] != '-1') {
$admin_update_query .= ", `tickets_used` = `tickets_used` - 0" . (int) $result['tickets'];
}
if (($result['diskspace'] / 1024) != '-1') {
$admin_update_query .= ", `diskspace_used` = `diskspace_used` - 0" . (int) $result['diskspace'];
}
$admin_update_query .= " WHERE `adminid` = '" . (int) $result['adminid'] . "'";
Database::query($admin_update_query);
// rebuild configs
inserttask('1');
// Using nameserver, insert a task which rebuilds the server config
inserttask('4');
if ($this->getParam('delete_userfiles', 0) == 1) {
// insert task to remove the customers files from the filesystem
inserttask('6', $result['loginname']);
}
// Using filesystem - quota, insert a task which cleans the filesystem - quota
inserttask('10');
// move old tickets to archive
$tickets = ticket::customerHasTickets($id);
if ($tickets !== false && isset($tickets[0])) {
foreach ($tickets as $ticket) {
$now = time();
$mainticket = ticket::getInstanceOf($userinfo, (int) $ticket);
$mainticket->Set('lastchange', $now, true, true);
$mainticket->Set('lastreplier', '1', true, true);
$mainticket->Set('status', '3', true, true);
$mainticket->Update();
$mainticket->Archive();
$this->logger()->logAction(ADM_ACTION, LOG_NOTICE, "[API] archived ticket '" . $mainticket->Get('subject') . "'");
}
}
$this->logger()->logAction(ADM_ACTION, LOG_WARNING, "[API] deleted customer '" . $result['loginname'] . "'"); $this->logger()->logAction(ADM_ACTION, LOG_WARNING, "[API] deleted customer '" . $result['loginname'] . "'");
return $this->response(200, "successfull", $result); return $this->response(200, "successfull", $result);
} }
throw new Exception("Not allowed to execute given command.", 403); throw new Exception("Not allowed to execute given command.", 403);
} }
public function unlock()
{
if ($this->isAdmin()) {
$id = $this->getParam('id');
$json_result = Customers::getLocal($this->getUserData(), array(
'id' => $id
))->get();
$result = json_decode($json_result, true)['data'];
$result_stmt = Database::prepare("
UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET
`loginfail_count` = '0'
WHERE `customerid`= :id
");
Database::pexecute($result_stmt, array(
'id' => $id
), true, true);
$this->logger()->logAction(ADM_ACTION, LOG_WARNING, "[API] unlocked customer '" . $result['loginname'] . "'");
return $this->response(200, "successfull", $result);
}
throw new Exception("Not allowed to execute given command.", 403);
}
} }

6
lib/classes/api/commands/class.Domains.php
View File

@@ -492,6 +492,7 @@ class Domains extends ApiCommand
$issubof = '0'; $issubof = '0';
} }
$idna_convert = new idna_convert_wrapper();
if ($domain == '') { if ($domain == '') {
standard_error(array( standard_error(array(
'stringisempty', 'stringisempty',
@@ -649,6 +650,9 @@ class Domains extends ApiCommand
"); ");
Database::pexecute($ins_stmt, $ins_data, true, true); Database::pexecute($ins_stmt, $ins_data, true, true);
$domainid = Database::lastInsertId(); $domainid = Database::lastInsertId();
$ins_data['id'] = $domainid;
$domain_ins_data = $ins_data;
unset($ins_data);
$upd_stmt = Database::prepare(" $upd_stmt = Database::prepare("
UPDATE `" . TABLE_PANEL_ADMINS . "` SET `domains_used` = `domains_used` + 1 UPDATE `" . TABLE_PANEL_ADMINS . "` SET `domains_used` = `domains_used` + 1
@@ -688,7 +692,7 @@ class Domains extends ApiCommand
inserttask('4'); inserttask('4');
$this->logger()->logAction(ADM_ACTION, LOG_WARNING, "[API] added domain '" . $domain . "'"); $this->logger()->logAction(ADM_ACTION, LOG_WARNING, "[API] added domain '" . $domain . "'");
return $this->response(200, "successfull", $ins_data); return $this->response(200, "successfull", $domain_ins_data);
} }
} }
throw new Exception("No more resources available", 406); throw new Exception("No more resources available", 406);

26
lib/functions/validate/function.validatePassword.php
View File

@@ -26,14 +26,16 @@
* *
* @return string either the password or an errormessage+exit * @return string either the password or an errormessage+exit
*/ */
function validatePassword($password = null) { function validatePassword($password = null, $json_response = false) {
if (Settings::Get('panel.password_min_length') > 0) { if (Settings::Get('panel.password_min_length') > 0) {
$password = validate( $password = validate(
$password, $password,
Settings::Get('panel.password_min_length'), Settings::Get('panel.password_min_length'),
'/^.{'.(int)Settings::Get('panel.password_min_length').',}$/D', '/^.{'.(int)Settings::Get('panel.password_min_length').',}$/D',
'notrequiredpasswordlength' 'notrequiredpasswordlength',
array(),
$json_response
); );
} }
@@ -42,7 +44,9 @@ function validatePassword($password = null) {
$password, $password,
Settings::Get('panel.password_regex'), Settings::Get('panel.password_regex'),
Settings::Get('panel.password_regex'), Settings::Get('panel.password_regex'),
'notrequiredpasswordcomplexity' 'notrequiredpasswordcomplexity',
array(),
$json_response
); );
} else { } else {
if (Settings::Get('panel.password_alpha_lower')) { if (Settings::Get('panel.password_alpha_lower')) {
@@ -50,7 +54,9 @@ function validatePassword($password = null) {
$password, $password,
'/.*[a-z]+.*/', '/.*[a-z]+.*/',
'/.*[a-z]+.*/', '/.*[a-z]+.*/',
'notrequiredpasswordcomplexity' 'notrequiredpasswordcomplexity',
array(),
$json_response
); );
} }
if (Settings::Get('panel.password_alpha_upper')) { if (Settings::Get('panel.password_alpha_upper')) {
@@ -58,7 +64,9 @@ function validatePassword($password = null) {
$password, $password,
'/.*[A-Z]+.*/', '/.*[A-Z]+.*/',
'/.*[A-Z]+.*/', '/.*[A-Z]+.*/',
'notrequiredpasswordcomplexity' 'notrequiredpasswordcomplexity',
array(),
$json_response
); );
} }
if (Settings::Get('panel.password_numeric')) { if (Settings::Get('panel.password_numeric')) {
@@ -66,7 +74,9 @@ function validatePassword($password = null) {
$password, $password,
'/.*[0-9]+.*/', '/.*[0-9]+.*/',
'/.*[0-9]+.*/', '/.*[0-9]+.*/',
'notrequiredpasswordcomplexity' 'notrequiredpasswordcomplexity',
array(),
$json_response
); );
} }
if (Settings::Get('panel.password_special_char_required')) { if (Settings::Get('panel.password_special_char_required')) {
@@ -74,7 +84,9 @@ function validatePassword($password = null) {
$password, $password,
'/.*[' . preg_quote(Settings::Get('panel.password_special_char')) . ']+.*/', '/.*[' . preg_quote(Settings::Get('panel.password_special_char')) . ']+.*/',
'/.*[' . preg_quote(Settings::Get('panel.password_special_char')) . ']+.*/', '/.*[' . preg_quote(Settings::Get('panel.password_special_char')) . ']+.*/',
'notrequiredpasswordcomplexity' 'notrequiredpasswordcomplexity',
array(),
$json_response
); );
} }
} }