diff --git a/api_keys.php b/api_keys.php
index 728b1c22..6ed15e54 100644
--- a/api_keys.php
+++ b/api_keys.php
@@ -61,7 +61,7 @@ if ($action == 'delete' && $id > 0) {
'section' => 'index',
'page' => $page
]);
-} elseif ($action == 'deletesure' && $id > 0) {
+} elseif (isset($_POST['send']) && $_POST['send'] == 'send' && $action == 'deletesure' && $id > 0) {
$chk = (AREA == 'admin' && $userinfo['customers_see_all'] == '1') ? true : false;
if (AREA == 'customer') {
$chk_stmt = Database::prepare("
diff --git a/dns_editor.php b/dns_editor.php
index 98b725ea..53dbf234 100644
--- a/dns_editor.php
+++ b/dns_editor.php
@@ -82,7 +82,7 @@ if ($action == 'add_record' && !empty($_POST)) {
'page' => $page,
'domain_id' => $domain_id
]);
-} elseif ($action == 'deletesure' && !empty($_POST)) {
+} elseif (isset($_POST['send']) && $_POST['send'] == 'send' && $action == 'deletesure' && !empty($_POST)) {
$entry_id = isset($_POST['id']) ? (int)$_POST['id'] : 0;
$domain_id = isset($_POST['domain_id']) ? (int)$_POST['domain_id'] : 0;
// remove entry
diff --git a/index.php b/index.php
index 3414df68..ec1c3430 100644
--- a/index.php
+++ b/index.php
@@ -435,159 +435,158 @@ if ($action == 'forgotpwd') {
}
}
- if ($result_stmt !== null) {
- $user = $result_stmt->fetch(PDO::FETCH_ASSOC);
-
- /* Check whether user is banned */
- if ($user['deactivated']) {
- Response::redirectTo('index.php', [
- 'showmessage' => '8'
- ]);
- exit();
- }
-
- if (($adminchecked && Settings::Get('panel.allow_preset_admin') == '1') || $adminchecked == false) {
- if ($user !== false) {
- // build a activation code
- $timestamp = time();
- $first = substr(md5($user['loginname'] . $timestamp . PhpHelper::randomStr(16)), 0, 15);
- $third = substr(md5($user['email'] . $timestamp . PhpHelper::randomStr(16)), -15);
- $activationcode = $first . $timestamp . $third . substr(md5($third . $timestamp), 0, 10);
-
- // Drop all existing activation codes for this user
- $stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_ACTIVATION . "`
- WHERE `userid` = :userid
- AND `admin` = :admin");
- $params = [
- "userid" => $adminchecked ? $user['adminid'] : $user['customerid'],
- "admin" => $adminchecked ? 1 : 0
- ];
- Database::pexecute($stmt, $params);
-
- // Add new activation code to database
- $stmt = Database::prepare("INSERT INTO `" . TABLE_PANEL_ACTIVATION . "`
- (userid, admin, creation, activationcode)
- VALUES (:userid, :admin, :creation, :activationcode)");
- $params = [
- "userid" => $adminchecked ? $user['adminid'] : $user['customerid'],
- "admin" => $adminchecked ? 1 : 0,
- "creation" => $timestamp,
- "activationcode" => $activationcode
- ];
- Database::pexecute($stmt, $params);
-
- $rstlog = FroxlorLogger::getInstanceOf([
- 'loginname' => 'password_reset'
- ]);
- $rstlog->logAction(FroxlorLogger::USR_ACTION, LOG_WARNING, "User '" . $user['loginname'] . "' requested a link for setting a new password.");
-
- // Set together our activation link
- $protocol = empty($_SERVER['HTTPS']) ? 'http' : 'https';
- // this can be a fixed value to avoid potential exploiting by modifying headers
- $host = Settings::Get('system.hostname'); // $_SERVER['HTTP_HOST'];
- $port = $_SERVER['SERVER_PORT'] != 80 ? ':' . $_SERVER['SERVER_PORT'] : '';
- // don't add :443 when https is used, as it is default (and just looks weird!)
- if ($protocol == 'https' && $_SERVER['SERVER_PORT'] == '443') {
- $port = '';
- }
- // there can be only one script to handle this so we can use a fixed value here
- $script = "/index.php"; // $_SERVER['SCRIPT_NAME'];
- if (Settings::Get('system.froxlordirectlyviahostname') == 0) {
- $script = FileDir::makeCorrectFile("/" . basename(__DIR__) . "/" . $script);
- }
- $activationlink = $protocol . '://' . $host . $port . $script . '?action=resetpwd&resetcode=' . $activationcode;
-
- $replace_arr = [
- 'SALUTATION' => User::getCorrectUserSalutation($user),
- 'NAME' => $user['name'],
- 'FIRSTNAME' => $user['firstname'] ?? "",
- 'COMPANY' => $user['company'] ?? "",
- 'CUSTOMER_NO' => $user['customernumber'] ?? 0,
- 'USERNAME' => $loginname,
- 'LINK' => $activationlink
- ];
-
- $def_language = ($user['def_language'] != '') ? $user['def_language'] : Settings::Get('panel.standardlanguage');
- $result_stmt = Database::prepare('SELECT `value` FROM `' . TABLE_PANEL_TEMPLATES . '`
- WHERE `adminid`= :adminid
- AND `language`= :lang
- AND `templategroup`=\'mails\'
- AND `varname`=\'password_reset_subject\'');
- Database::pexecute($result_stmt, [
- "adminid" => $user['adminid'],
- "lang" => $def_language
- ]);
- $result = $result_stmt->fetch(PDO::FETCH_ASSOC);
- $mail_subject = html_entity_decode(PhpHelper::replaceVariables((($result['value'] != '') ? $result['value'] : lng('mails.password_reset.subject')), $replace_arr));
-
- $result_stmt = Database::prepare('SELECT `value` FROM `' . TABLE_PANEL_TEMPLATES . '`
- WHERE `adminid`= :adminid
- AND `language`= :lang
- AND `templategroup`=\'mails\'
- AND `varname`=\'password_reset_mailbody\'');
- Database::pexecute($result_stmt, [
- "adminid" => $user['adminid'],
- "lang" => $def_language
- ]);
- $result = $result_stmt->fetch(PDO::FETCH_ASSOC);
- $mail_body = html_entity_decode(PhpHelper::replaceVariables((($result['value'] != '') ? $result['value'] : lng('mails.password_reset.mailbody')), $replace_arr));
-
- $_mailerror = false;
- $mailerr_msg = "";
- try {
- $mail->Subject = $mail_subject;
- $mail->AltBody = $mail_body;
- $mail->MsgHTML(str_replace("\n", "
", $mail_body));
- $mail->AddAddress($user['email'], User::getCorrectUserSalutation($user));
- $mail->Send();
- } catch (\PHPMailer\PHPMailer\Exception $e) {
- $mailerr_msg = $e->errorMessage();
- $_mailerror = true;
- } catch (Exception $e) {
- $mailerr_msg = $e->getMessage();
- $_mailerror = true;
- }
-
- if ($_mailerror) {
- $rstlog = FroxlorLogger::getInstanceOf([
- 'loginname' => 'password_reset'
- ]);
- $rstlog->logAction(FroxlorLogger::ADM_ACTION, LOG_ERR, "Error sending mail: " . $mailerr_msg);
- Response::redirectTo('index.php', [
- 'showmessage' => '4',
- 'customermail' => $user['email']
- ]);
- exit();
- }
-
- $mail->ClearAddresses();
- Response::redirectTo('index.php', [
- 'showmessage' => '1'
- ]);
- exit();
- } else {
- $rstlog = FroxlorLogger::getInstanceOf([
- 'loginname' => 'password_reset'
- ]);
- $rstlog->logAction(FroxlorLogger::USR_ACTION, LOG_WARNING, "User '" . $loginname . "' requested to set a new password, but was not found in database!");
- $message = lng('login.combination_not_found');
- }
-
- unset($user);
+ if ($adminchecked) {
+ if (Settings::Get('panel.allow_preset_admin') != '1') {
+ $message = lng('pwdreminder.notallowed');
+ unset($adminchecked);
}
} else {
- $message = lng('login.usernotfound');
+ if (Settings::Get('panel.allow_preset') != '1') {
+ $message = lng('pwdreminder.notallowed');
+ }
}
- }
- if ($adminchecked) {
- if (Settings::Get('panel.allow_preset_admin') != '1') {
- $message = lng('pwdreminder.notallowed');
- unset($adminchecked);
- }
- } else {
- if (Settings::Get('panel.allow_preset') != '1') {
- $message = lng('pwdreminder.notallowed');
+ if (empty($message)) {
+ if ($result_stmt !== null) {
+ $user = $result_stmt->fetch(PDO::FETCH_ASSOC);
+
+ /* Check whether user is banned */
+ if ($user['deactivated']) {
+ $message = lng('pwdreminder.notallowed');
+ } else {
+ if (($adminchecked && Settings::Get('panel.allow_preset_admin') == '1') || $adminchecked == false) {
+ if ($user !== false) {
+ // build a activation code
+ $timestamp = time();
+ $first = substr(md5($user['loginname'] . $timestamp . PhpHelper::randomStr(16)), 0, 15);
+ $third = substr(md5($user['email'] . $timestamp . PhpHelper::randomStr(16)), -15);
+ $activationcode = $first . $timestamp . $third . substr(md5($third . $timestamp), 0, 10);
+
+ // Drop all existing activation codes for this user
+ $stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_ACTIVATION . "`
+ WHERE `userid` = :userid
+ AND `admin` = :admin");
+ $params = [
+ "userid" => $adminchecked ? $user['adminid'] : $user['customerid'],
+ "admin" => $adminchecked ? 1 : 0
+ ];
+ Database::pexecute($stmt, $params);
+
+ // Add new activation code to database
+ $stmt = Database::prepare("INSERT INTO `" . TABLE_PANEL_ACTIVATION . "`
+ (userid, admin, creation, activationcode)
+ VALUES (:userid, :admin, :creation, :activationcode)");
+ $params = [
+ "userid" => $adminchecked ? $user['adminid'] : $user['customerid'],
+ "admin" => $adminchecked ? 1 : 0,
+ "creation" => $timestamp,
+ "activationcode" => $activationcode
+ ];
+ Database::pexecute($stmt, $params);
+
+ $rstlog = FroxlorLogger::getInstanceOf([
+ 'loginname' => 'password_reset'
+ ]);
+ $rstlog->logAction(FroxlorLogger::USR_ACTION, LOG_WARNING, "User '" . $user['loginname'] . "' requested a link for setting a new password.");
+
+ // Set together our activation link
+ $protocol = empty($_SERVER['HTTPS']) ? 'http' : 'https';
+ // this can be a fixed value to avoid potential exploiting by modifying headers
+ $host = Settings::Get('system.hostname'); // $_SERVER['HTTP_HOST'];
+ $port = $_SERVER['SERVER_PORT'] != 80 ? ':' . $_SERVER['SERVER_PORT'] : '';
+ // don't add :443 when https is used, as it is default (and just looks weird!)
+ if ($protocol == 'https' && $_SERVER['SERVER_PORT'] == '443') {
+ $port = '';
+ }
+ // there can be only one script to handle this so we can use a fixed value here
+ $script = "/index.php"; // $_SERVER['SCRIPT_NAME'];
+ if (Settings::Get('system.froxlordirectlyviahostname') == 0) {
+ $script = FileDir::makeCorrectFile("/" . basename(__DIR__) . "/" . $script);
+ }
+ $activationlink = $protocol . '://' . $host . $port . $script . '?action=resetpwd&resetcode=' . $activationcode;
+
+ $replace_arr = [
+ 'SALUTATION' => User::getCorrectUserSalutation($user),
+ 'NAME' => $user['name'],
+ 'FIRSTNAME' => $user['firstname'] ?? "",
+ 'COMPANY' => $user['company'] ?? "",
+ 'CUSTOMER_NO' => $user['customernumber'] ?? 0,
+ 'USERNAME' => $loginname,
+ 'LINK' => $activationlink
+ ];
+
+ $def_language = ($user['def_language'] != '') ? $user['def_language'] : Settings::Get('panel.standardlanguage');
+ $result_stmt = Database::prepare('SELECT `value` FROM `' . TABLE_PANEL_TEMPLATES . '`
+ WHERE `adminid`= :adminid
+ AND `language`= :lang
+ AND `templategroup`=\'mails\'
+ AND `varname`=\'password_reset_subject\'');
+ Database::pexecute($result_stmt, [
+ "adminid" => $user['adminid'],
+ "lang" => $def_language
+ ]);
+ $result = $result_stmt->fetch(PDO::FETCH_ASSOC);
+ $mail_subject = html_entity_decode(PhpHelper::replaceVariables((($result['value'] != '') ? $result['value'] : lng('mails.password_reset.subject')), $replace_arr));
+
+ $result_stmt = Database::prepare('SELECT `value` FROM `' . TABLE_PANEL_TEMPLATES . '`
+ WHERE `adminid`= :adminid
+ AND `language`= :lang
+ AND `templategroup`=\'mails\'
+ AND `varname`=\'password_reset_mailbody\'');
+ Database::pexecute($result_stmt, [
+ "adminid" => $user['adminid'],
+ "lang" => $def_language
+ ]);
+ $result = $result_stmt->fetch(PDO::FETCH_ASSOC);
+ $mail_body = html_entity_decode(PhpHelper::replaceVariables((($result['value'] != '') ? $result['value'] : lng('mails.password_reset.mailbody')), $replace_arr));
+
+ $_mailerror = false;
+ $mailerr_msg = "";
+ try {
+ $mail->Subject = $mail_subject;
+ $mail->AltBody = $mail_body;
+ $mail->MsgHTML(str_replace("\n", "
", $mail_body));
+ $mail->AddAddress($user['email'], User::getCorrectUserSalutation($user));
+ $mail->Send();
+ } catch (\PHPMailer\PHPMailer\Exception $e) {
+ $mailerr_msg = $e->errorMessage();
+ $_mailerror = true;
+ } catch (Exception $e) {
+ $mailerr_msg = $e->getMessage();
+ $_mailerror = true;
+ }
+
+ if ($_mailerror) {
+ $rstlog = FroxlorLogger::getInstanceOf([
+ 'loginname' => 'password_reset'
+ ]);
+ $rstlog->logAction(FroxlorLogger::ADM_ACTION, LOG_ERR, "Error sending mail: " . $mailerr_msg);
+ Response::redirectTo('index.php', [
+ 'showmessage' => '4',
+ 'customermail' => $user['email']
+ ]);
+ exit();
+ }
+
+ $mail->ClearAddresses();
+ Response::redirectTo('index.php', [
+ 'showmessage' => '1'
+ ]);
+ exit();
+ } else {
+ $rstlog = FroxlorLogger::getInstanceOf([
+ 'loginname' => 'password_reset'
+ ]);
+ $rstlog->logAction(FroxlorLogger::USR_ACTION, LOG_WARNING, "User '" . $loginname . "' requested to set a new password, but was not found in database!");
+ $message = lng('login.usernotfound');
+ }
+
+ unset($user);
+ }
+ }
+ } else {
+ $message = lng('login.usernotfound');
+ }
}
}
diff --git a/lib/Froxlor/Cron/Traffic/TrafficCron.php b/lib/Froxlor/Cron/Traffic/TrafficCron.php
index 8b040b5b..20059cdb 100644
--- a/lib/Froxlor/Cron/Traffic/TrafficCron.php
+++ b/lib/Froxlor/Cron/Traffic/TrafficCron.php
@@ -645,10 +645,20 @@ class TrafficCron extends FroxlorCron
@unlink($outputdir . '.tmp.json');
}
+ // goaccess <1.4
+ $keep_params = '--keep-db-files --load-from-disk';
+ $res = FileDir::safe_exec('goaccess --version');
+ $ver_str = array_shift($res);
+ $cGoVer = substr($ver_str, strrpos($ver_str, " ") + 1, -1);
+ if (version_compare($cGoVer, '1.4', '>=')) {
+ // at least 1.4
+ $keep_params = '--persist --restore';
+ }
+
$format = Settings::Get('system.logfiles_type') == '2' ? 'VCOMBINED' : 'COMBINED';
$monthyear = $monthyear_arr['month'] . '/' . $monthyear_arr['year'];
$return_value = false;
- FileDir::safe_exec("grep '" . $monthyear . "' " . escapeshellarg($logfile) . " | goaccess -o " . escapeshellarg($outputdir . '.tmp.json') . " -o " . escapeshellarg($outputdir . 'index.html') . " --html-report-title=" . escapeshellarg($caption) . " --log-format=" . $format . " - ", $return_value, ['|']);
+ FileDir::safe_exec("grep '" . $monthyear . "' " . escapeshellarg($logfile) . " | goaccess " . $keep_params . " --db-path=" . escapeshellarg($outputdir) . " -o " . escapeshellarg($outputdir . '.tmp.json') . " -o " . escapeshellarg($outputdir . 'index.html') . " --html-report-title=" . escapeshellarg($caption) . " --log-format=" . $format . " - ", $return_value, ['|']);
if (file_exists($outputdir . '.tmp.json')) {
// need jq here because of potentially LARGE json files
diff --git a/lng/de.lng.php b/lng/de.lng.php
index 2dcdf48b..ef4d8a43 100644
--- a/lng/de.lng.php
+++ b/lng/de.lng.php
@@ -1267,6 +1267,7 @@ Vielen Dank, Ihr Administrator',
'plan_reallydelete' => 'Wollen Sie den Hostingplan %s wirklich löschen?',
'apikey_reallydelete' => 'Wollen Sie den Api-Key wirklich löschen?',
'dnsentry_reallydelete' => 'Wollen Sie den DNS-Eintrag wirklich löschen?',
+ 'certificate_reallydelete' => 'Wollen Sie diese Zertifikat wirklich löschen?',
],
'serversettings' => [
'session_timeout' => [
diff --git a/lng/en.lng.php b/lng/en.lng.php
index 49a51920..6cdf5a28 100644
--- a/lng/en.lng.php
+++ b/lng/en.lng.php
@@ -1377,6 +1377,7 @@ Yours sincerely, your administrator',
'plan_reallydelete' => 'Do you really want to delete the hosting plan %s?',
'apikey_reallydelete' => 'Do you really want to delete this api-key?',
'dnsentry_reallydelete' => 'Do you really want to delete this zone entry?',
+ 'certificate_reallydelete' => 'Do you really want to delete this certificate?',
],
'redirect_desc' => [
'rc_default' => 'default',
diff --git a/ssl_certificates.php b/ssl_certificates.php
index 495a29b3..ccbba8a5 100644
--- a/ssl_certificates.php
+++ b/ssl_certificates.php
@@ -41,10 +41,19 @@ use Froxlor\UI\Response;
// and therefore does not need to require lib/init.php
$success_message = "";
+$id = (int)Request::get('id');
// do the delete and then just show a success-message and the certificates list again
if ($action == 'delete') {
- $id = isset($_GET['id']) ? (int)$_GET['id'] : 0;
+ HTML::askYesNo('certificate_reallydelete', $filename, [
+ 'id' => $id,
+ 'page' => $page,
+ 'action' => 'deletesure'
+ ], '', [
+ 'section' => 'index',
+ 'page' => $page
+ ]);
+} elseif (isset($_POST['send']) && $_POST['send'] == 'send' && $action == 'deletesure' && $id > 0) {
if ($id > 0) {
try {
$json_result = Certificates::getLocal($userinfo, [