maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

Migrated customer_extras to new PDO database class

Browse Source
This commit is contained in:
BNoiZe
2013-11-03 21:48:57 +01:00
parent e549ab2cbb
commit 36d65bf7ac
1 changed files with 212 additions and 201 deletions
Download Patch File Download Diff File Expand all files Collapse all files

413
customer_extras.php
View File

@@ -25,34 +25,36 @@ define('AREA', 'customer');
require ("./lib/init.php"); require ("./lib/init.php");
if(isset($_POST['id'])) if(isset($_POST['id'])) {
{
$id = intval($_POST['id']); $id = intval($_POST['id']);
} } elseif(isset($_GET['id'])) {
elseif(isset($_GET['id']))
{
$id = intval($_GET['id']); $id = intval($_GET['id']);
} }
if($page == 'overview') if($page == 'overview') {
{
$log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_extras"); $log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_extras");
eval("echo \"" . getTemplate("extras/extras") . "\";"); eval("echo \"" . getTemplate("extras/extras") . "\";");
} } elseif($page == 'backup') {
elseif($page == 'backup')
{
$log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_extras_backup"); $log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_extras_backup");
$result = $db->query("SELECT `backup_enabled` FROM `" . TABLE_PANEL_CUSTOMERS . "` WHERE `customerid`='" . (int)$userinfo['customerid'] . "'"); $result_stmt = Database::prepare("SELECT `backup_enabled` FROM `" . TABLE_PANEL_CUSTOMERS . "`
$row = $db->fetch_array($result); WHERE `customerid`= :customerid"
);
Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid']));
$row = $result_stmt->fetch(PDO::FETCH_ASSOC);
$backup_enabled = makeyesno('backup_enabled', '1', '0', $row['backup_enabled']); $backup_enabled = makeyesno('backup_enabled', '1', '0', $row['backup_enabled']);
if(isset($_POST['send']) && $_POST['send'] == 'send'){ if(isset($_POST['send']) && $_POST['send'] == 'send') {
$backup_enabled = ($_POST['backup_enabled'] == '1' ? '1' : '0'); $backup_enabled = ($_POST['backup_enabled'] == '1' ? '1' : '0');
$db->query("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `backup_enabled`='" . $backup_enabled . "' WHERE `customerid`='" . (int)$userinfo['customerid'] . "'"); $stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "`
redirectTo($filename, Array('page' => $page, 's' => $s)); SET `backup_enabled`= :backupenabled
WHERE `customerid`= :customerid"
);
Database::pexecute($stmt, array("backupenabled" => $backup_enabled, "customerid" => $userinfo['customerid']));
redirectTo($filename, Array('page' => $page, 's' => $s));
} }
$backup_data = include_once dirname(__FILE__).'/lib/formfields/customer/extras/formfield.backup.php'; $backup_data = include_once dirname(__FILE__).'/lib/formfields/customer/extras/formfield.backup.php';
@@ -62,19 +64,19 @@ elseif($page == 'backup')
$image = $backup_data['backup']['image']; $image = $backup_data['backup']['image'];
eval("echo \"" . getTemplate("extras/backup") . "\";"); eval("echo \"" . getTemplate("extras/backup") . "\";");
} } elseif($page == 'htpasswds') {
elseif($page == 'htpasswds') if($action == '') {
{
if($action == '')
{
$log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_extras::htpasswds"); $log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_extras::htpasswds");
$fields = array( $fields = array(
'username' => $lng['login']['username'], 'username' => $lng['login']['username'],
'path' => $lng['panel']['path'] 'path' => $lng['panel']['path']
); );
$paging = new paging($userinfo, $db, TABLE_PANEL_HTPASSWDS, $fields, $settings['panel']['paging'], $settings['panel']['natsorting']); $paging = new paging($userinfo, $db, TABLE_PANEL_HTPASSWDS, $fields, $settings['panel']['paging'], $settings['panel']['natsorting']);
$result = $db->query("SELECT * FROM `" . TABLE_PANEL_HTPASSWDS . "` WHERE `customerid`='" . (int)$userinfo['customerid'] . "' " . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit()); $result_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_HTPASSWDS . "`
$paging->setEntries($db->num_rows($result)); WHERE `customerid`= :customerid " . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit()
);
Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid']));
$paging->setEntries(Database::num_rows());
$sortcode = $paging->getHtmlSortCode($lng); $sortcode = $paging->getHtmlSortCode($lng);
$arrowcode = $paging->getHtmlArrowCode($filename . '?page=' . $page . '&s=' . $s); $arrowcode = $paging->getHtmlArrowCode($filename . '?page=' . $page . '&s=' . $s);
$searchcode = $paging->getHtmlSearchCode($lng); $searchcode = $paging->getHtmlSearchCode($lng);
@@ -83,12 +85,9 @@ elseif($page == 'htpasswds')
$count = 0; $count = 0;
$htpasswds = ''; $htpasswds = '';
while($row = $db->fetch_array($result)) while($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
{ if($paging->checkDisplay($i)) {
if($paging->checkDisplay($i)) if(strpos($row['path'], $userinfo['documentroot']) === 0) {
{
if(strpos($row['path'], $userinfo['documentroot']) === 0)
{
$row['path'] = substr($row['path'], strlen($userinfo['documentroot'])); $row['path'] = substr($row['path'], strlen($userinfo['documentroot']));
} }
@@ -101,89 +100,92 @@ elseif($page == 'htpasswds')
} }
eval("echo \"" . getTemplate("extras/htpasswds") . "\";"); eval("echo \"" . getTemplate("extras/htpasswds") . "\";");
} } elseif($action == 'delete' && $id != 0) {
elseif($action == 'delete' $result_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_HTPASSWDS . "`
&& $id != 0) WHERE `customerid`= :customerid
{ AND `id`= :id"
$result = $db->query_first("SELECT * FROM `" . TABLE_PANEL_HTPASSWDS . "` WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `id`='" . (int)$id . "'"); );
Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid'], "id" => $id));
$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
if(isset($result['username']) if(isset($result['username']) && $result['username'] != '') {
&& $result['username'] != '') if(isset($_POST['send']) && $_POST['send'] == 'send') {
{ $stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_HTPASSWDS . "`
if(isset($_POST['send']) WHERE `customerid`= :customerid
&& $_POST['send'] == 'send') AND `id`= :id"
{ );
$db->query("DELETE FROM `" . TABLE_PANEL_HTPASSWDS . "` WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `id`='$id'"); Database::pexecute($stmt, array("customerid" => $userinfo['customerid'], "id" => $id));
$log->logAction(USR_ACTION, LOG_INFO, "deleted htpasswd for '" . $result['username'] . " (" . $result['path'] . ")'"); $log->logAction(USR_ACTION, LOG_INFO, "deleted htpasswd for '" . $result['username'] . " (" . $result['path'] . ")'");
inserttask('1'); inserttask('1');
redirectTo($filename, Array('page' => $page, 's' => $s)); redirectTo($filename, Array('page' => $page, 's' => $s));
} } else {
else if(strpos($result['path'], $userinfo['documentroot']) === 0) {
{
if(strpos($result['path'], $userinfo['documentroot']) === 0)
{
$result['path'] = substr($result['path'], strlen($userinfo['documentroot'])); $result['path'] = substr($result['path'], strlen($userinfo['documentroot']));
} }
ask_yesno('extras_reallydelete', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $result['username'] . ' (' . $result['path'] . ')'); ask_yesno('extras_reallydelete', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $result['username'] . ' (' . $result['path'] . ')');
} }
} }
} } elseif($action == 'add') {
elseif($action == 'add') if(isset($_POST['send']) && $_POST['send'] == 'send') {
{
if(isset($_POST['send'])
&& $_POST['send'] == 'send')
{
$path = makeCorrectDir(validate($_POST['path'], 'path')); $path = makeCorrectDir(validate($_POST['path'], 'path'));
$userpath = $path; $userpath = $path;
$path = makeCorrectDir($userinfo['documentroot'] . '/' . $path); $path = makeCorrectDir($userinfo['documentroot'] . '/' . $path);
$username = validate($_POST['username'], 'username', '/^[a-zA-Z0-9][a-zA-Z0-9\-_]+\$?$/'); $username = validate($_POST['username'], 'username', '/^[a-zA-Z0-9][a-zA-Z0-9\-_]+\$?$/');
$authname = validate($_POST['directory_authname'], 'directory_authname', '/^[a-zA-Z0-9][a-zA-Z0-9\-_ ]+\$?$/'); $authname = validate($_POST['directory_authname'], 'directory_authname', '/^[a-zA-Z0-9][a-zA-Z0-9\-_ ]+\$?$/');
validate($_POST['directory_password'], 'password'); validate($_POST['directory_password'], 'password');
$username_path_check = $db->query_first("SELECT `id`, `username`, `path` FROM `" . TABLE_PANEL_HTPASSWDS . "` WHERE `username`='" . $db->escape($username) . "' AND `path`='" . $db->escape($path) . "' AND `customerid`='" . (int)$userinfo['customerid'] . "'");
$username_path_check_stmt = Database::prepare("SELECT `id`, `username`, `path` FROM `" . TABLE_PANEL_HTPASSWDS . "`
WHERE `username`= :username
AND `path`= :path
AND `customerid`= :customerid"
);
$params = array(
"username" => $username,
"path" => $path,
"customerid" => $userinfo['customerid']
);
Database::pexecute($username_path_check_stmt, $params);
$username_path_check = $username_path_check_stmt->fetch(PDO::FETCH_ASSOC);
if(CRYPT_STD_DES == 1) if(CRYPT_STD_DES == 1) {
{
$saltfordescrypt = substr(md5(uniqid(microtime(), 1)), 4, 2); $saltfordescrypt = substr(md5(uniqid(microtime(), 1)), 4, 2);
$password = crypt($_POST['directory_password'], $saltfordescrypt); $password = crypt($_POST['directory_password'], $saltfordescrypt);
} } else {
else
{
$password = crypt($_POST['directory_password']); $password = crypt($_POST['directory_password']);
} }
if(!$_POST['path']) if(!$_POST['path']) {
{
standard_error('invalidpath'); standard_error('invalidpath');
} }
if($username == '') if($username == '') {
{
standard_error(array('stringisempty', 'myloginname')); standard_error(array('stringisempty', 'myloginname'));
} } elseif($username_path_check['username'] == $username && $username_path_check['path'] == $path) {
elseif($username_path_check['username'] == $username
&& $username_path_check['path'] == $path)
{
standard_error('userpathcombinationdupe'); standard_error('userpathcombinationdupe');
} } elseif($_POST['directory_password'] == '') {
elseif($_POST['directory_password'] == '')
{
standard_error(array('stringisempty', 'mypassword')); standard_error(array('stringisempty', 'mypassword'));
} } elseif($path == '') {
elseif($path == '')
{
standard_error('patherror'); standard_error('patherror');
} } else {
else $stmt = Database::prepare("INSERT INTO `" . TABLE_PANEL_HTPASSWDS . "`
{ (`customerid`, `username`, `password`, `path`, `authname`)
$db->query("INSERT INTO `" . TABLE_PANEL_HTPASSWDS . "` (`customerid`, `username`, `password`, `path`, `authname`) VALUES ('" . (int)$userinfo['customerid'] . "', '" . $db->escape($username) . "', '" . $db->escape($password) . "', '" . $db->escape($path) . "', '" . $db->escape($authname) . "')"); VALUES (:customerid, :username, :password, :path, :authname)"
);
$params = array(
"customerid" => $userinfo['customerid'],
"username" => $username,
"password" => $password,
"path" => $path,
"autname" => $authname
);
Database::pexecute($stmt, $params);
$log->logAction(USR_ACTION, LOG_INFO, "added htpasswd for '" . $username . " (" . $path . ")'"); $log->logAction(USR_ACTION, LOG_INFO, "added htpasswd for '" . $username . " (" . $path . ")'");
inserttask('1'); inserttask('1');
redirectTo($filename, Array('page' => $page, 's' => $s)); redirectTo($filename, Array('page' => $page, 's' => $s));
} }
} } else {
else
{
$pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid'], $settings['panel']['pathedit']); $pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid'], $settings['panel']['pathedit']);
$htpasswd_add_data = include_once dirname(__FILE__).'/lib/formfields/customer/extras/formfield.htpasswd_add.php'; $htpasswd_add_data = include_once dirname(__FILE__).'/lib/formfields/customer/extras/formfield.htpasswd_add.php';
@@ -194,59 +196,60 @@ elseif($page == 'htpasswds')
eval("echo \"" . getTemplate("extras/htpasswds_add") . "\";"); eval("echo \"" . getTemplate("extras/htpasswds_add") . "\";");
} }
} } elseif($action == 'edit' && $id != 0) {
elseif($action == 'edit' $result_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_HTPASSWDS . "`
&& $id != 0) WHERE `customerid`= :customerid
{ AND `id`= :id"
$result = $db->query_first("SELECT * FROM `" . TABLE_PANEL_HTPASSWDS . "` WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `id`='" . (int)$id . "'"); );
Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid'], "id" => $id));
$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
if(isset($result['username']) if(isset($result['username']) && $result['username'] != '') {
&& $result['username'] != '') if(isset($_POST['send']) && $_POST['send'] == 'send') {
{
if(isset($_POST['send'])
&& $_POST['send'] == 'send')
{
validate($_POST['directory_password'], 'password'); validate($_POST['directory_password'], 'password');
$authname = validate($_POST['directory_authname'], 'directory_authname', '/^[a-zA-Z0-9][a-zA-Z0-9\-_ ]+\$?$/'); $authname = validate($_POST['directory_authname'], 'directory_authname', '/^[a-zA-Z0-9][a-zA-Z0-9\-_ ]+\$?$/');
if(CRYPT_STD_DES == 1) if(CRYPT_STD_DES == 1) {
{
$saltfordescrypt = substr(md5(uniqid(microtime(), 1)), 4, 2); $saltfordescrypt = substr(md5(uniqid(microtime(), 1)), 4, 2);
$password = crypt($_POST['directory_password'], $saltfordescrypt); $password = crypt($_POST['directory_password'], $saltfordescrypt);
} } else {
else
{
$password = crypt($_POST['directory_password']); $password = crypt($_POST['directory_password']);
} }
$params = array(
"customerid" => $userinfo['customerid'],
"id" => $id
);
$pwd_sql = ''; $pwd_sql = '';
if($_POST['directory_password'] != '') if($_POST['directory_password'] != '') {
{ $pwd_sql = "`password`= :password ";
$pwd_sql = "`password`='" . $db->escape($password) . "' "; $params["password"] = $password;
} }
$auth_sql = ''; $auth_sql = '';
if($authname != $result['authname']) if($authname != $result['authname']) {
{ $auth_sql = "`authname`= :authname ";
$auth_sql = "`authname`='" . $db->escape($authname) . "' "; $params["authname"] = $authname;
} }
if($pwd_sql != '' || $auth_sql != '') if($pwd_sql != '' || $auth_sql != '') {
{
if($pwd_sql !='' && $auth_sql != '') { if($pwd_sql !='' && $auth_sql != '') {
$pwd_sql.= ', '; $pwd_sql.= ', ';
} }
$db->query("UPDATE `" . TABLE_PANEL_HTPASSWDS . "` SET ".$pwd_sql.$auth_sql." WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `id`='" . (int)$id . "'"); $stmt = Database::prepare("UPDATE `" . TABLE_PANEL_HTPASSWDS . "`
SET ".$pwd_sql.$auth_sql."
WHERE `customerid`= :customerid
AND `id`= :id"
);
Database::pexecute($stmt, $params);
$log->logAction(USR_ACTION, LOG_INFO, "edited htpasswd for '" . $result['username'] . " (" . $result['path'] . ")'"); $log->logAction(USR_ACTION, LOG_INFO, "edited htpasswd for '" . $result['username'] . " (" . $result['path'] . ")'");
inserttask('1'); inserttask('1');
redirectTo($filename, Array('page' => $page, 's' => $s)); redirectTo($filename, Array('page' => $page, 's' => $s));
} }
} } else {
else if(strpos($result['path'], $userinfo['documentroot']) === 0) {
{
if(strpos($result['path'], $userinfo['documentroot']) === 0)
{
$result['path'] = substr($result['path'], strlen($userinfo['documentroot'])); $result['path'] = substr($result['path'], strlen($userinfo['documentroot']));
} }
@@ -262,11 +265,8 @@ elseif($page == 'htpasswds')
} }
} }
} }
} } elseif($page == 'htaccess') {
elseif($page == 'htaccess') if($action == '') {
{
if($action == '')
{
$log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_extras::htaccess"); $log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_extras::htaccess");
$fields = array( $fields = array(
'path' => $lng['panel']['path'], 'path' => $lng['panel']['path'],
@@ -277,8 +277,11 @@ elseif($page == 'htaccess')
'options_cgi' => $lng['extras']['execute_perl'] 'options_cgi' => $lng['extras']['execute_perl']
); );
$paging = new paging($userinfo, $db, TABLE_PANEL_HTACCESS, $fields, $settings['panel']['paging'], $settings['panel']['natsorting']); $paging = new paging($userinfo, $db, TABLE_PANEL_HTACCESS, $fields, $settings['panel']['paging'], $settings['panel']['natsorting']);
$result = $db->query("SELECT * FROM `" . TABLE_PANEL_HTACCESS . "` WHERE `customerid`='" . (int)$userinfo['customerid'] . "' " . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit()); $result_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_HTACCESS . "`
$paging->setEntries($db->num_rows($result)); WHERE `customerid`= :customerid " . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit()
);
Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid']));
$paging->setEntries(Database::num_rows());
$sortcode = $paging->getHtmlSortCode($lng); $sortcode = $paging->getHtmlSortCode($lng);
$arrowcode = $paging->getHtmlArrowCode($filename . '?page=' . $page . '&s=' . $s); $arrowcode = $paging->getHtmlArrowCode($filename . '?page=' . $page . '&s=' . $s);
$searchcode = $paging->getHtmlSearchCode($lng); $searchcode = $paging->getHtmlSearchCode($lng);
@@ -289,12 +292,9 @@ elseif($page == 'htaccess')
$cperlenabled = customerHasPerlEnabled($userinfo['customerid']); $cperlenabled = customerHasPerlEnabled($userinfo['customerid']);
while($row = $db->fetch_array($result)) while($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
{ if($paging->checkDisplay($i)) {
if($paging->checkDisplay($i)) if(strpos($row['path'], $userinfo['documentroot']) === 0) {
{
if(strpos($row['path'], $userinfo['documentroot']) === 0)
{
$row['path'] = substr($row['path'], strlen($userinfo['documentroot'])); $row['path'] = substr($row['path'], strlen($userinfo['documentroot']));
// don't show nothing wehn it's the docroot, show slash // don't show nothing wehn it's the docroot, show slash
if ($row['path'] == '') { $row['path'] = '/'; } if ($row['path'] == '') { $row['path'] = '/'; }
@@ -313,52 +313,47 @@ elseif($page == 'htaccess')
} }
eval("echo \"" . getTemplate("extras/htaccess") . "\";"); eval("echo \"" . getTemplate("extras/htaccess") . "\";");
} } elseif($action == 'delete' && $id != 0) {
elseif($action == 'delete' $result_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_HTACCESS . "`
&& $id != 0) WHERE `customerid` = :customerid
{ AND `id` = :id"
$result = $db->query_first("SELECT * FROM `" . TABLE_PANEL_HTACCESS . "` WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `id`='" . (int)$id . "'"); );
Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid'], "id" => $id));
$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
if(isset($result['customerid']) if(isset($result['customerid']) && $result['customerid'] != '' && $result['customerid'] == $userinfo['customerid']) {
&& $result['customerid'] != '' if(isset($_POST['send']) && $_POST['send'] == 'send') {
&& $result['customerid'] == $userinfo['customerid']) $stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_HTACCESS . "`
{ WHERE `customerid`= :customerid
if(isset($_POST['send']) AND `id`= :id"
&& $_POST['send'] == 'send') );
{ Database::pexecute($stmt, array("customerid" => $userinfo['customerid'], "id" => $id));
$db->query("DELETE FROM `" . TABLE_PANEL_HTACCESS . "` WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `id`='" . (int)$id . "'");
$log->logAction(USR_ACTION, LOG_INFO, "deleted htaccess for '" . str_replace($userinfo['documentroot'], '', $result['path']) . "'"); $log->logAction(USR_ACTION, LOG_INFO, "deleted htaccess for '" . str_replace($userinfo['documentroot'], '', $result['path']) . "'");
inserttask('1'); inserttask('1');
redirectTo($filename, Array('page' => $page, 's' => $s)); redirectTo($filename, Array('page' => $page, 's' => $s));
} } else {
else
{
ask_yesno('extras_reallydelete_pathoptions', $filename, array('id' => $id, 'page' => $page, 'action' => $action), str_replace($userinfo['documentroot'], '', $result['path'])); ask_yesno('extras_reallydelete_pathoptions', $filename, array('id' => $id, 'page' => $page, 'action' => $action), str_replace($userinfo['documentroot'], '', $result['path']));
} }
} }
} } elseif($action == 'add') {
elseif($action == 'add') if(isset($_POST['send']) && $_POST['send'] == 'send') {
{
if(isset($_POST['send'])
&& $_POST['send'] == 'send')
{
$path = makeCorrectDir(validate($_POST['path'], 'path')); $path = makeCorrectDir(validate($_POST['path'], 'path'));
$userpath = $path; $userpath = $path;
$path = makeCorrectDir($userinfo['documentroot'] . '/' . $path); $path = makeCorrectDir($userinfo['documentroot'] . '/' . $path);
$path_dupe_check = $db->query_first("SELECT `id`, `path` FROM `" . TABLE_PANEL_HTACCESS . "` WHERE `path`='" . $db->escape($path) . "' AND `customerid`='" . (int)$userinfo['customerid'] . "'"); $path_dupe_check_stmt = Database::prepare("SELECT `id`, `path` FROM `" . TABLE_PANEL_HTACCESS . "`
WHERE `path`= :path
if(!$_POST['path']) AND `customerid`= :customerid"
{ );
Database::pexecute($path_dupe_check_stmt, array("path" => $path, "customerid" => $userinfo['customerid']));
$path_dupe_check = $path_dupe_check_stmt->fetch(PDO::FETCH_ASSOC);
if(!$_POST['path']) {
standard_error('invalidpath'); standard_error('invalidpath');
} }
if(isset($_POST['options_cgi']) if(isset($_POST['options_cgi']) && (int)$_POST['options_cgi'] != 0) {
&& (int)$_POST['options_cgi'] != 0
) {
$options_cgi = '1'; $options_cgi = '1';
} } else {
else
{
$options_cgi = '0'; $options_cgi = '0';
} }
@@ -366,41 +361,47 @@ elseif($page == 'htaccess')
if (isset($_POST['error404path'])) { if (isset($_POST['error404path'])) {
$error404path = correctErrorDocument($_POST['error404path']); $error404path = correctErrorDocument($_POST['error404path']);
} }
$error403path = ''; $error403path = '';
if (isset($_POST['error403path'])) { if (isset($_POST['error403path'])) {
$error403path = correctErrorDocument($_POST['error403path']); $error403path = correctErrorDocument($_POST['error403path']);
} }
$error500path = ''; $error500path = '';
if (isset($_POST['error500path'])) { if (isset($_POST['error500path'])) {
$error500path = correctErrorDocument($_POST['error500path']); $error500path = correctErrorDocument($_POST['error500path']);
} }
if($path_dupe_check['path'] == $path) if($path_dupe_check['path'] == $path) {
{
standard_error('errordocpathdupe', $userpath); standard_error('errordocpathdupe', $userpath);
} } elseif($path == '') {
elseif($path == '')
{
standard_error('patherror'); standard_error('patherror');
} } else {
else $stmt = Database::prepare('INSERT INTO `' . TABLE_PANEL_HTACCESS . '` SET
{ `customerid` = :customerid,
$db->query('INSERT INTO `' . TABLE_PANEL_HTACCESS . '` SET `path` = :path,
`customerid` = "'.(int)$userinfo['customerid'].'", `options_indexes` = :options_indexes,
`path` = "'.$db->escape($path).'", `error404path` = :error404path,
`options_indexes` = "'.$db->escape($_POST['options_indexes'] == '1' ? '1' : '0').'", `error403path` = :error403path,
`error404path` = "'.$db->escape($error404path).'", `error500path` = :error500path,
`error403path` = "'.$db->escape($error403path).'", `options_cgi` = :options_cgi'
`error500path` = "'.$db->escape($error500path).'", );
`options_cgi` = "'.$db->escape($options_cgi).'"'); $params = array(
"customerid" => $userinfo['customerid'],
"path" => $path,
"options_indexes" => $_POST['options_indexes'] == '1' ? '1' : '0',
"error403path" => $error403path,
"error404path" => $error404path,
"error500path" => $error500path,
"options_cgi" => $options_cgi
);
Database::pexecute($stmt, $params);
$log->logAction(USR_ACTION, LOG_INFO, "added htaccess for '" . $path . "'"); $log->logAction(USR_ACTION, LOG_INFO, "added htaccess for '" . $path . "'");
inserttask('1'); inserttask('1');
redirectTo($filename, Array('page' => $page, 's' => $s)); redirectTo($filename, Array('page' => $page, 's' => $s));
} }
} } else {
else
{
$pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid'], $settings['panel']['pathedit']); $pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid'], $settings['panel']['pathedit']);
$cperlenabled = customerHasPerlEnabled($userinfo['customerid']); $cperlenabled = customerHasPerlEnabled($userinfo['customerid']);
/* /*
@@ -416,29 +417,24 @@ elseif($page == 'htaccess')
eval("echo \"" . getTemplate("extras/htaccess_add") . "\";"); eval("echo \"" . getTemplate("extras/htaccess_add") . "\";");
} }
} } elseif(($action == 'edit') && ($id != 0)) {
elseif(($action == 'edit') $result_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_HTACCESS . "`
&& ($id != 0)) WHERE `customerid` = :customerid
{ AND `id` = :id"
$result = $db->query_first('SELECT * FROM `' . TABLE_PANEL_HTACCESS . '` WHERE `customerid` = "' . (int)$userinfo['customerid'] . '" AND `id` = "' . (int)$id . '"'); );
Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid'], "id" => $id));
$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
if((isset($result['customerid'])) if((isset($result['customerid'])) && ($result['customerid'] != '') && ($result['customerid'] == $userinfo['customerid'])) {
&& ($result['customerid'] != '') if(isset($_POST['send']) && $_POST['send'] == 'send') {
&& ($result['customerid'] == $userinfo['customerid']))
{
if(isset($_POST['send'])
&& $_POST['send'] == 'send')
{
$option_indexes = intval($_POST['options_indexes']); $option_indexes = intval($_POST['options_indexes']);
$options_cgi = isset($_POST['options_cgi']) ? intval($_POST['options_cgi']) : 0; $options_cgi = isset($_POST['options_cgi']) ? intval($_POST['options_cgi']) : 0;
if($option_indexes != '1') if($option_indexes != '1') {
{
$option_indexes = '0'; $option_indexes = '0';
} }
if($options_cgi != '1') if($options_cgi != '1') {
{
$options_cgi = '0'; $options_cgi = '0';
} }
@@ -447,22 +443,37 @@ elseif($page == 'htaccess')
$error500path = correctErrorDocument($_POST['error500path']); $error500path = correctErrorDocument($_POST['error500path']);
if(($option_indexes != $result['options_indexes']) if(($option_indexes != $result['options_indexes'])
|| ($error404path != $result['error404path']) || ($error404path != $result['error404path'])
|| ($error403path != $result['error403path']) || ($error403path != $result['error403path'])
|| ($error500path != $result['error500path']) || ($error500path != $result['error500path'])
|| ($options_cgi != $result['options_cgi'])) || ($options_cgi != $result['options_cgi'])) {
{
inserttask('1'); inserttask('1');
$db->query('UPDATE `' . TABLE_PANEL_HTACCESS . '` SET `options_indexes` = "' . $db->escape($option_indexes) . '", `error404path` = "' . $db->escape($error404path) . '", `error403path` = "' . $db->escape($error403path) . '", `error500path` = "' . $db->escape($error500path) . '", `options_cgi` = "' . $db->escape($options_cgi) . '" WHERE `customerid` = "' . (int)$userinfo['customerid'] . '" AND `id` = "' . (int)$id . '"'); $stmt = Database::prepare("UPDATE `" . TABLE_PANEL_HTACCESS . "`
SET `options_indexes` = :options_indexes,
`error404path` = :error404path,
`error403path` = :error403path,
`error500path` = :error500path,
`options_cgi` = :options_cgi
WHERE `customerid` = :customerid
AND `id` = :id"
);
$params = array(
"customerid" => $userinfo['customerid'],
"options_indexes" => $_POST['options_indexes'] == '1' ? '1' : '0',
"error403path" => $error403path,
"error404path" => $error404path,
"error500path" => $error500path,
"options_cgi" => $options_cgi,
"id" => $id
);
Database::pexecute($stmt, $params);
$log->logAction(USR_ACTION, LOG_INFO, "edited htaccess for '" . str_replace($userinfo['documentroot'], '', $result['path']) . "'"); $log->logAction(USR_ACTION, LOG_INFO, "edited htaccess for '" . str_replace($userinfo['documentroot'], '', $result['path']) . "'");
} }
redirectTo($filename, Array('page' => $page, 's' => $s)); redirectTo($filename, Array('page' => $page, 's' => $s));
} } else {
else if(strpos($result['path'], $userinfo['documentroot']) === 0) {
{
if(strpos($result['path'], $userinfo['documentroot']) === 0)
{
$result['path'] = substr($result['path'], strlen($userinfo['documentroot'])); $result['path'] = substr($result['path'], strlen($userinfo['documentroot']));
// don't show nothing wehn it's the docroot, show slash // don't show nothing wehn it's the docroot, show slash
if ($result['path'] == '') { $result['path'] = '/'; } if ($result['path'] == '') { $result['path'] = '/'; }