diff --git a/actions/admin/settings/210.security.php b/actions/admin/settings/210.security.php index 7bba9999..dfc55981 100644 --- a/actions/admin/settings/210.security.php +++ b/actions/admin/settings/210.security.php @@ -45,7 +45,7 @@ return array( 'type' => 'option', 'default' => 0, 'option_mode' => 'one', - 'option_options_method' => 'getAvailablePasswordHashes', + 'option_options_method' => array('\\Froxlor\\System', 'getAvailablePasswordHashes'), 'save_method' => 'storeSettingField', ), 'system_allow_error_report_admin' => array( diff --git a/customer_index.php b/customer_index.php index 4b9b0533..8ad1b638 100644 --- a/customer_index.php +++ b/customer_index.php @@ -135,7 +135,7 @@ if ($page == 'overview') { // Update ftp password if (isset($_POST['change_main_ftp']) && $_POST['change_main_ftp'] == 'true') { - $cryptPassword = makeCryptPassword($new_password); + $cryptPassword = \Froxlor\System::makeCryptPassword($new_password); $stmt = Database::prepare("UPDATE `" . TABLE_FTP_USERS . "` SET `password` = :password WHERE `customerid` = :customerid diff --git a/index.php b/index.php index 1236550d..6e2220cb 100644 --- a/index.php +++ b/index.php @@ -624,7 +624,7 @@ if ($action == 'resetpwd') { WHERE `customerid` = :userid"); } Database::pexecute($stmt, array( - "newpassword" => makeCryptPassword($new_password), + "newpassword" => \Froxlor\System::makeCryptPassword($new_password), "userid" => $result['userid'] )); diff --git a/lib/Froxlor/Api/Commands/Admins.php b/lib/Froxlor/Api/Commands/Admins.php index 34718ceb..899a5e8c 100644 --- a/lib/Froxlor/Api/Commands/Admins.php +++ b/lib/Froxlor/Api/Commands/Admins.php @@ -260,14 +260,14 @@ class Admins extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt } if ($password == '') { - $password = generatePassword(); + $password = \Froxlor\System::generatePassword(); } $_theme = Settings::Get('panel.default_theme'); $ins_data = array( 'loginname' => $loginname, - 'password' => makeCryptPassword($password), + 'password' => \Froxlor\System::makeCryptPassword($password), 'name' => $name, 'email' => $email, 'lang' => $def_language, @@ -530,7 +530,7 @@ class Admins extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt if ($password != '') { $password = validatePassword($password, true); - $password = makeCryptPassword($password); + $password = \Froxlor\System::makeCryptPassword($password); } else { $password = $result['password']; } diff --git a/lib/Froxlor/Api/Commands/Customers.php b/lib/Froxlor/Api/Commands/Customers.php index ea2b72f0..09bb968c 100644 --- a/lib/Froxlor/Api/Commands/Customers.php +++ b/lib/Froxlor/Api/Commands/Customers.php @@ -378,7 +378,7 @@ class Customers extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resource } if ($password == '') { - $password = generatePassword(); + $password = \Froxlor\System::generatePassword(); } $_theme = Settings::Get('panel.default_theme'); @@ -386,7 +386,7 @@ class Customers extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resource $ins_data = array( 'adminid' => $this->getUserDetail('adminid'), 'loginname' => $loginname, - 'passwd' => makeCryptPassword($password), + 'passwd' => \Froxlor\System::makeCryptPassword($password), 'name' => $name, 'firstname' => $firstname, 'gender' => $gender, @@ -552,7 +552,7 @@ class Customers extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resource Database::pexecute($ins_stmt, $ins_data, true, true); inserttask('1'); - $cryptPassword = makeCryptPassword($password); + $cryptPassword = \Froxlor\System::makeCryptPassword($password); // add FTP-User // @fixme use Ftp-ApiCommand later $ins_stmt = Database::prepare(" @@ -941,7 +941,7 @@ class Customers extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resource if ($password != '') { $password = validatePassword($password, true); - $password = makeCryptPassword($password); + $password = \Froxlor\System::makeCryptPassword($password); } else { $password = $result['password']; } diff --git a/lib/Froxlor/Api/Commands/EmailAccounts.php b/lib/Froxlor/Api/Commands/EmailAccounts.php index 104741f3..b675c3e3 100644 --- a/lib/Froxlor/Api/Commands/EmailAccounts.php +++ b/lib/Froxlor/Api/Commands/EmailAccounts.php @@ -122,7 +122,7 @@ class EmailAccounts extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Reso } // encrypt the password - $cryptPassword = makeCryptPassword($password); + $cryptPassword = \Froxlor\System::makeCryptPassword($password); $email_user = substr($email_full, 0, strrpos($email_full, "@")); $email_domain = substr($email_full, strrpos($email_full, "@") + 1); @@ -347,7 +347,7 @@ class EmailAccounts extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Reso standard_error('passwordshouldnotbeusername', '', true); } $password = validatePassword($password, true); - $cryptPassword = makeCryptPassword($password); + $cryptPassword = \Froxlor\System::makeCryptPassword($password); $upd_query .= (Settings::Get('system.mailpwcleartext') == '1' ? "`password` = :password, " : '') . "`password_enc`= :password_enc"; $upd_params['password_enc'] = $cryptPassword; if (Settings::Get('system.mailpwcleartext') == '1') { diff --git a/lib/Froxlor/Api/Commands/Ftps.php b/lib/Froxlor/Api/Commands/Ftps.php index 6ba325e5..1cdb1064 100644 --- a/lib/Froxlor/Api/Commands/Ftps.php +++ b/lib/Froxlor/Api/Commands/Ftps.php @@ -129,7 +129,7 @@ class Ftps extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEntit standard_error('passwordshouldnotbeusername', '', true); } else { $path = \Froxlor\FileDir::makeCorrectDir($customer['documentroot'] . '/' . $path); - $cryptPassword = makeCryptPassword($password); + $cryptPassword = \Froxlor\System::makeCryptPassword($password); $stmt = Database::prepare("INSERT INTO `" . TABLE_FTP_USERS . "` (`customerid`, `username`, `description`, `password`, `homedir`, `login_enabled`, `uid`, `gid`, `shell`) @@ -358,7 +358,7 @@ class Ftps extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEntit if ($password == $result['username']) { standard_error('passwordshouldnotbeusername', '', true); } - $cryptPassword = makeCryptPassword($password); + $cryptPassword = \Froxlor\System::makeCryptPassword($password); $stmt = Database::prepare("UPDATE `" . TABLE_FTP_USERS . "` SET `password` = :password diff --git a/lib/Froxlor/Http/Statistics.php b/lib/Froxlor/Http/Statistics.php new file mode 100644 index 00000000..cb9082f7 --- /dev/null +++ b/lib/Froxlor/Http/Statistics.php @@ -0,0 +1,128 @@ + 3 ? Settings::Get('panel.password_min_length') : 10; + + $pw = self::special_shuffle($alpha_lower); + $n = floor(($length) / 4); + + if (Settings::Get('panel.password_alpha_upper')) { + $pw .= mb_substr(self::special_shuffle($alpha_upper), 0, $n); + } + + if (Settings::Get('panel.password_numeric')) { + $pw .= mb_substr(self::special_shuffle($numeric), 0, $n); + } + + if (Settings::Get('panel.password_special_char_required') && ! $isSalt) { + $pw .= mb_substr(self::special_shuffle($special), 0, $n); + } + + $pw = mb_substr($pw, - $length); + + return self::special_shuffle($pw); + } + + /** + * multibyte-character safe shuffle function + * + * @param string $str + * + * @return string + */ + private static function special_shuffle($str = null) + { + $len = mb_strlen($str); + $sploded = array(); + while ($len -- > 0) { + $sploded[] = mb_substr($str, $len, 1); + } + shuffle($sploded); + return join('', $sploded); + } + + /** + * Make crypted password from clear text password + * + * @author Michal Wojcik + * @author Michael Kaufmann + * @author Froxlor team (2010-) + * + * 0 - default crypt (depenend on system configuration) + * 1 - MD5 $1$ + * 2 - BLOWFISH $2a$ | $2y$07$ (on php 5.3.7+) + * 3 - SHA-256 $5$ (default) + * 4 - SHA-512 $6$ + * + * @param string $password + * Password to be crypted + * + * @return string encrypted password + */ + public static function makeCryptPassword($password) + { + $type = Settings::Get('system.passwordcryptfunc') !== null ? (int) Settings::Get('system.passwordcryptfunc') : 3; + + switch ($type) { + case 0: + $cryptPassword = crypt($password); + break; + case 1: + $cryptPassword = crypt($password, '$1$' . self::generatePassword(true) . self::generatePassword(true)); + break; + case 2: + if (version_compare(phpversion(), '5.3.7', '<')) { + $cryptPassword = crypt($password, '$2a$' . self::generatePassword(true) . self::generatePassword(true)); + } else { + // Blowfish hashing with a salt as follows: "$2a$", "$2x$" or "$2y$", + // a two digit cost parameter, "$", and 22 characters from the alphabet "./0-9A-Za-z" + $cryptPassword = crypt($password, '$2y$07$' . substr(self::generatePassword(true) . self::generatePassword(true) . self::generatePassword(true), 0, 22)); + } + break; + case 3: + $cryptPassword = crypt($password, '$5$' . self::generatePassword(true) . self::generatePassword(true)); + break; + case 4: + $cryptPassword = crypt($password, '$6$' . self::generatePassword(true) . self::generatePassword(true)); + break; + default: + $cryptPassword = crypt($password); + break; + } + return $cryptPassword; + } + + /** + * return an array of available hashes for the crypt() function + * + * @return array + */ + public static function getAvailablePasswordHashes() + { + global $lng; + + // get available pwd-hases + $available_pwdhashes = array( + 0 => $lng['serversettings']['systemdefault'] + ); + if (defined('CRYPT_MD5') && CRYPT_MD5 == 1) { + $available_pwdhashes[1] = 'MD5'; + } + if (defined('CRYPT_BLOWFISH') && CRYPT_BLOWFISH == 1) { + $available_pwdhashes[2] = 'BLOWFISH'; + } + if (defined('CRYPT_SHA256') && CRYPT_SHA256 == 1) { + $available_pwdhashes[3] = 'SHA-256'; + } + if (defined('CRYPT_SHA512') && CRYPT_SHA512 == 1) { + $available_pwdhashes[4] = 'SHA-512'; + } + + return $available_pwdhashes; + } + + /** + * Cronjob function to end a cronjob in a critical condition + * but not without sending a notification mail to the admin + * + * @param string $message + * @param string $subject + * + * @return void + */ + public static function dieWithMail($message, $subject = "[froxlor] Cronjob error") + { + if (Settings::Get('system.send_cron_errors') == '1') { + + $_mail = new \PHPMailer\PHPMailer\PHPMailer(true); + $_mail->CharSet = "UTF-8"; + + if (Settings::Get('system.mail_use_smtp')) { + $_mail->isSMTP(); + $_mail->Host = Settings::Get('system.mail_smtp_host'); + $_mail->SMTPAuth = Settings::Get('system.mail_smtp_auth') == '1' ? true : false; + $_mail->Username = Settings::Get('system.mail_smtp_user'); + $_mail->Password = Settings::Get('system.mail_smtp_passwd'); + if (Settings::Get('system.mail_smtp_usetls')) { + $_mail->SMTPSecure = 'tls'; + } else { + $_mail->SMTPAutoTLS = false; + } + $_mail->Port = Settings::Get('system.mail_smtp_port'); + } + + if (\PHPMailer\PHPMailer\PHPMailer::ValidateAddress(Settings::Get('panel.adminmail')) !== false) { + // set return-to address and custom sender-name, see #76 + $_mail->SetFrom(Settings::Get('panel.adminmail'), Settings::Get('panel.adminmail_defname')); + if (Settings::Get('panel.adminmail_return') != '') { + $_mail->AddReplyTo(Settings::Get('panel.adminmail_return'), Settings::Get('panel.adminmail_defname')); + } + } + + $_mailerror = false; + $mailerr_msg = ""; + try { + $_mail->Subject = $subject; + $_mail->AltBody = $message; + $_mail->MsgHTML(nl2br($message)); + $_mail->AddAddress(Settings::Get('panel.adminmail'), Settings::Get('panel.adminmail_defname')); + $_mail->Send(); + } catch (\PHPMailer\PHPMailer\Exception $e) { + $mailerr_msg = $e->errorMessage(); + $_mailerror = true; + } catch (\Exception $e) { + $mailerr_msg = $e->getMessage(); + $_mailerror = true; + } + + $_mail->ClearAddresses(); + + if ($_mailerror) { + echo 'Error sending mail: ' . $mailerr_msg . "\n"; + } + } + + die($message); + } +} \ No newline at end of file diff --git a/lib/formfields/admin/admin/formfield.admin_add.php b/lib/formfields/admin/admin/formfield.admin_add.php index 0d1782e6..7cad9872 100644 --- a/lib/formfields/admin/admin/formfield.admin_add.php +++ b/lib/formfields/admin/admin/formfield.admin_add.php @@ -39,7 +39,7 @@ return array( 'label' => $lng['customer']['generated_pwd'], 'type' => 'text', 'visible' => (\Froxlor\Settings::Get('panel.password_regex') == ''), - 'value' => generatePassword(), + 'value' => \Froxlor\System::generatePassword(), ), 'def_language' => array( 'label' => $lng['login']['language'], diff --git a/lib/formfields/admin/admin/formfield.admin_edit.php b/lib/formfields/admin/admin/formfield.admin_edit.php index 5f57307b..d14e3699 100644 --- a/lib/formfields/admin/admin/formfield.admin_edit.php +++ b/lib/formfields/admin/admin/formfield.admin_edit.php @@ -48,7 +48,7 @@ return array( 'label' => $lng['customer']['generated_pwd'], 'type' => 'text', 'visible' => (\Froxlor\Settings::Get('panel.password_regex') == ''), - 'value' => generatePassword(), + 'value' => \Froxlor\System::generatePassword(), 'visible' => ($result['adminid'] == $userinfo['userid'] ? false : true) ), 'def_language' => array( diff --git a/lib/formfields/admin/customer/formfield.customer_add.php b/lib/formfields/admin/customer/formfield.customer_add.php index 8ae64b3b..7533d82a 100644 --- a/lib/formfields/admin/customer/formfield.customer_add.php +++ b/lib/formfields/admin/customer/formfield.customer_add.php @@ -62,7 +62,7 @@ return array( 'label' => $lng['customer']['generated_pwd'], 'type' => 'text', 'visible' => (\Froxlor\Settings::Get('panel.password_regex') == ''), - 'value' => generatePassword() + 'value' => \Froxlor\System::generatePassword() ), 'sendpassword' => array( 'label' => $lng['admin']['sendpassword'], diff --git a/lib/formfields/admin/customer/formfield.customer_edit.php b/lib/formfields/admin/customer/formfield.customer_edit.php index 5ea64268..0a9a7d11 100644 --- a/lib/formfields/admin/customer/formfield.customer_edit.php +++ b/lib/formfields/admin/customer/formfield.customer_edit.php @@ -59,7 +59,7 @@ return array( 'label' => $lng['customer']['generated_pwd'], 'type' => 'text', 'visible' => (\Froxlor\Settings::Get('panel.password_regex') == ''), - 'value' => generatePassword(), + 'value' => \Froxlor\System::generatePassword(), ), 'def_language' => array( 'label' => $lng['login']['language'], diff --git a/lib/formfields/customer/email/formfield.emails_accountchangepasswd.php b/lib/formfields/customer/email/formfield.emails_accountchangepasswd.php index 03c6bae2..ae0f3176 100644 --- a/lib/formfields/customer/email/formfield.emails_accountchangepasswd.php +++ b/lib/formfields/customer/email/formfield.emails_accountchangepasswd.php @@ -38,7 +38,7 @@ return array( 'label' => $lng['customer']['generated_pwd'], 'type' => 'text', 'visible' => (Settings::Get('panel.password_regex') == ''), - 'value' => generatePassword(), + 'value' => \Froxlor\System::generatePassword(), ) ) ) diff --git a/lib/formfields/customer/email/formfield.emails_addaccount.php b/lib/formfields/customer/email/formfield.emails_addaccount.php index c7614ffd..ed40dd93 100644 --- a/lib/formfields/customer/email/formfield.emails_addaccount.php +++ b/lib/formfields/customer/email/formfield.emails_addaccount.php @@ -38,7 +38,7 @@ return array( 'label' => $lng['customer']['generated_pwd'], 'type' => 'text', 'visible' => (Settings::Get('panel.password_regex') == ''), - 'value' => generatePassword(), + 'value' => \Froxlor\System::generatePassword(), ), 'email_quota' => array( 'visible' => (Settings::Get('system.mail_quota_enabled') == '1' ? true : false), diff --git a/lib/formfields/customer/extras/formfield.htpasswd_add.php b/lib/formfields/customer/extras/formfield.htpasswd_add.php index d918601d..53236ac6 100644 --- a/lib/formfields/customer/extras/formfield.htpasswd_add.php +++ b/lib/formfields/customer/extras/formfield.htpasswd_add.php @@ -44,7 +44,7 @@ return array( 'label' => $lng['customer']['generated_pwd'], 'type' => 'text', 'visible' => (Settings::Get('panel.password_regex') == ''), - 'value' => generatePassword(), + 'value' => \Froxlor\System::generatePassword(), ), 'directory_authname' => array( 'label' => $lng['extras']['htpasswdauthname'], diff --git a/lib/formfields/customer/extras/formfield.htpasswd_edit.php b/lib/formfields/customer/extras/formfield.htpasswd_edit.php index 31572541..924bc8e4 100644 --- a/lib/formfields/customer/extras/formfield.htpasswd_edit.php +++ b/lib/formfields/customer/extras/formfield.htpasswd_edit.php @@ -43,7 +43,7 @@ return array( 'label' => $lng['customer']['generated_pwd'], 'type' => 'text', 'visible' => (Settings::Get('panel.password_regex') == ''), - 'value' => generatePassword(), + 'value' => \Froxlor\System::generatePassword(), ), 'directory_authname' => array( 'label' => $lng['extras']['htpasswdauthname'], diff --git a/lib/formfields/customer/ftp/formfield.ftp_add.php b/lib/formfields/customer/ftp/formfield.ftp_add.php index 17012537..9b554dcb 100644 --- a/lib/formfields/customer/ftp/formfield.ftp_add.php +++ b/lib/formfields/customer/ftp/formfield.ftp_add.php @@ -54,7 +54,7 @@ return array( 'label' => $lng['customer']['generated_pwd'], 'type' => 'text', 'visible' => (Settings::Get('panel.password_regex') == ''), - 'value' => generatePassword(), + 'value' => \Froxlor\System::generatePassword(), ), 'sendinfomail' => array( 'label' => $lng['customer']['sendinfomail'], diff --git a/lib/formfields/customer/ftp/formfield.ftp_edit.php b/lib/formfields/customer/ftp/formfield.ftp_edit.php index 20a2280d..837e4aba 100644 --- a/lib/formfields/customer/ftp/formfield.ftp_edit.php +++ b/lib/formfields/customer/ftp/formfield.ftp_edit.php @@ -50,7 +50,7 @@ return array( 'label' => $lng['customer']['generated_pwd'], 'type' => 'text', 'visible' => (Settings::Get('panel.password_regex') == ''), - 'value' => generatePassword(), + 'value' => \Froxlor\System::generatePassword(), ), 'shell' => array( 'visible' => (Settings::Get('system.allow_customer_shell') == '1' ? true : false), diff --git a/lib/formfields/customer/mysql/formfield.mysql_add.php b/lib/formfields/customer/mysql/formfield.mysql_add.php index b0dba786..440b1b2b 100644 --- a/lib/formfields/customer/mysql/formfield.mysql_add.php +++ b/lib/formfields/customer/mysql/formfield.mysql_add.php @@ -41,7 +41,7 @@ return array( 'label' => $lng['customer']['generated_pwd'], 'type' => 'text', 'visible' => (Settings::Get('panel.password_regex') == ''), - 'value' => generatePassword() + 'value' => \Froxlor\System::generatePassword() ), 'sendinfomail' => array( 'label' => $lng['customer']['sendinfomail'], diff --git a/lib/formfields/customer/mysql/formfield.mysql_edit.php b/lib/formfields/customer/mysql/formfield.mysql_edit.php index 5be87ed4..6fcca062 100644 --- a/lib/formfields/customer/mysql/formfield.mysql_edit.php +++ b/lib/formfields/customer/mysql/formfield.mysql_edit.php @@ -47,7 +47,7 @@ return array( 'label' => $lng['customer']['generated_pwd'], 'type' => 'text', 'visible' => (Settings::Get('panel.password_regex') == ''), - 'value' => generatePassword() + 'value' => \Froxlor\System::generatePassword() ) ) ) diff --git a/lib/functions/filedir/function.makeChownWithNewStats.php b/lib/functions/filedir/function.makeChownWithNewStats.php deleted file mode 100644 index 62b6cc31..00000000 --- a/lib/functions/filedir/function.makeChownWithNewStats.php +++ /dev/null @@ -1,54 +0,0 @@ - (2010-) - * @license GPLv2 http://files.froxlor.org/misc/COPYING.txt - * @package Functions - * - */ - -/** - * chowns either awstats or webalizer folder, - * either with webserver-user or - if fcgid - * is used - the customers name, #258 - * - * @param array $row array if panel_customers - * - * @return void - */ -function makeChownWithNewStats($row) { - - // get correct user - if ((Settings::Get('system.mod_fcgid') == '1' || Settings::Get('phpfpm.enabled') == '1') - && isset($row['deactivated']) - && $row['deactivated'] == '0' - ) { - $user = $row['loginname']; - $group = $row['loginname']; - } else { - $user = $row['guid']; - $group = $row['guid']; - } - - // get correct directory - $dir = $row['documentroot']; - if (Settings::Get('system.awstats_enabled') == '1') { - $dir .= '/awstats/'; - } else { - $dir .= '/webalizer/'; - } - - // only run chown if directory exists - if (file_exists($dir)) { - // run chown - \Froxlor\FileDir::safe_exec('chown -R '.escapeshellarg($user).':'.escapeshellarg($group).' '.escapeshellarg(\Froxlor\FileDir::makeCorrectDir($dir))); - } -} diff --git a/lib/functions/froxlor/function.createAWStatsConf.php b/lib/functions/froxlor/function.createAWStatsConf.php deleted file mode 100644 index 72c45164..00000000 --- a/lib/functions/froxlor/function.createAWStatsConf.php +++ /dev/null @@ -1,100 +0,0 @@ - (2003-2009) - * @author Froxlor team (2010-) - * @license GPLv2 http://files.froxlor.org/misc/COPYING.txt - * @package Functions - * - */ - -/** - * Create or modify the AWStats configuration file for the given domain. - * Modified by Berend Dekens to allow custom configurations. - * - * @param logFile - * @param siteDomain - * @param hostAliases - * @return null - */ -function createAWStatsConf($logFile, $siteDomain, $hostAliases, $customerDocroot, $awstats_params = array()) { - - // Generation header - $header = "## GENERATED BY FROXLOR\n"; - $header2 = "## Do not remove the line above! This tells Froxlor to update this configuration\n## If you wish to manually change this configuration file, remove the first line to make sure Froxlor won't rebuild this file\n## Generated for domain {SITE_DOMAIN} on " . date('l dS \of F Y h:i:s A') . "\n"; - - $awstats_dir = \Froxlor\FileDir::makeCorrectDir($customerDocroot.'/awstats/'.$siteDomain.'/'); - if (!is_dir($awstats_dir)) { - \Froxlor\FileDir::safe_exec('mkdir -p '.escapeshellarg($awstats_dir)); - } - // chown created folder, #258 - makeChownWithNewStats($awstats_params); - - // weird but could happen... - if (!is_dir(Settings::Get('system.awstats_conf'))) { - \Froxlor\FileDir::safe_exec('mkdir -p '.escapeshellarg(Settings::Get('system.awstats_conf'))); - } - - // These are the variables we will replace - $regex = array( - '/\{LOG_FILE\}/', - '/\{SITE_DOMAIN\}/', - '/\{HOST_ALIASES\}/', - '/\{CUSTOMER_DOCROOT\}/', - '/\{AWSTATS_CONF\}/' - ); - $replace = array( - \Froxlor\FileDir::makeCorrectFile($logFile), - $siteDomain, - $hostAliases, - $awstats_dir, - \Froxlor\FileDir::makeCorrectDir(Settings::Get('system.awstats_conf')) - ); - - // File names - $domain_file = \Froxlor\FileDir::makeCorrectFile(Settings::Get('system.awstats_conf').'/awstats.' . $siteDomain . '.conf'); - $model_file = \Froxlor\Froxlor::getInstallDir().'/templates/misc/awstats/awstats.froxlor.model.conf'; - $model_file = \Froxlor\FileDir::makeCorrectFile($model_file); - - // Test if the file exists - if (file_exists($domain_file)) { - // Check for the generated header - if this is a manual modification we won't update - $awstats_domain_conf = fopen($domain_file, 'r'); - - if (fgets($awstats_domain_conf, strlen($header)) != $header) { - fclose($awstats_domain_conf); - return; - } - - // Close the file - fclose($awstats_domain_conf); - } - - $awstats_domain_conf = fopen($domain_file, 'w'); - $awstats_model_conf = fopen($model_file, 'r'); - - // Write the header - fwrite($awstats_domain_conf, $header); - fwrite($awstats_domain_conf, preg_replace($regex, $replace, $header2)); - - // Write the configuration file - while (($line = fgets($awstats_model_conf, 4096)) !== false) { - if (!preg_match('/^#/', $line) - && trim($line) != '' - ) { - fwrite($awstats_domain_conf, preg_replace($regex, $replace, $line)); - } - } - - fclose($awstats_domain_conf); - fclose($awstats_model_conf); -} diff --git a/lib/functions/froxlor/function.generatePassword.php b/lib/functions/froxlor/function.generatePassword.php deleted file mode 100644 index ff15dca1..00000000 --- a/lib/functions/froxlor/function.generatePassword.php +++ /dev/null @@ -1,68 +0,0 @@ - (2011-) - * @license GPLv2 http://files.froxlor.org/misc/COPYING.txt - * @package Functions - * - */ - -/** - * Generates a random password - * - * @param boolean $isSalt - * optional, create a hash for a salt used in makeCryptPassword because crypt() does not like some special characters in its salts, default is false - */ -function generatePassword($isSalt = false) -{ - $alpha_lower = 'abcdefghijklmnopqrstuvwxyz'; - $alpha_upper = strtoupper($alpha_lower); - $numeric = '0123456789'; - $special = Settings::Get('panel.password_special_char'); - $length = Settings::Get('panel.password_min_length') > 3 ? Settings::Get('panel.password_min_length') : 10; - - $pw = special_shuffle($alpha_lower); - $n = floor(($length) / 4); - - if (Settings::Get('panel.password_alpha_upper')) { - $pw .= mb_substr(special_shuffle($alpha_upper), 0, $n); - } - - if (Settings::Get('panel.password_numeric')) { - $pw .= mb_substr(special_shuffle($numeric), 0, $n); - } - - if (Settings::Get('panel.password_special_char_required') && !$isSalt) { - $pw .= mb_substr(special_shuffle($special), 0, $n); - } - - $pw = mb_substr($pw, - $length); - - return special_shuffle($pw); -} - -/** - * multibyte-character safe shuffle function - * - * @param string $str - * - * @return string - */ -function special_shuffle($str = null) -{ - $len = mb_strlen($str); - $sploded = array(); - while ($len -- > 0) { - $sploded[] = mb_substr($str, $len, 1); - } - shuffle($sploded); - return join('', $sploded); -} diff --git a/lib/functions/output/function.dieWithMail.php b/lib/functions/output/function.dieWithMail.php deleted file mode 100644 index 76396142..00000000 --- a/lib/functions/output/function.dieWithMail.php +++ /dev/null @@ -1,83 +0,0 @@ - - * @author Froxlor team (2010-) - * @license GPLv2 http://files.froxlor.org/misc/COPYING.txt - * @package Cron - * - * @since 0.9.33 - * - */ -use Froxlor\Settings; - -/** - * Cronjob function to end a cronjob in a critical condition - * but not without sending a notification mail to the admin - * - * @param string $message - * @param string $subject - * - * @return void - */ -function dieWithMail($message, $subject = "[froxlor] Cronjob error") -{ - if (Settings::Get('system.send_cron_errors') == '1') { - - $_mail = new \PHPMailer\PHPMailer\PHPMailer(true); - $_mail->CharSet = "UTF-8"; - - if (Settings::Get('system.mail_use_smtp')) { - $_mail->isSMTP(); - $_mail->Host = Settings::Get('system.mail_smtp_host'); - $_mail->SMTPAuth = Settings::Get('system.mail_smtp_auth') == '1' ? true : false; - $_mail->Username = Settings::Get('system.mail_smtp_user'); - $_mail->Password = Settings::Get('system.mail_smtp_passwd'); - if (Settings::Get('system.mail_smtp_usetls')) { - $_mail->SMTPSecure = 'tls'; - } else { - $mail->SMTPAutoTLS = false; - } - $_mail->Port = Settings::Get('system.mail_smtp_port'); - } - - if (\PHPMailer\PHPMailer\PHPMailer::ValidateAddress(Settings::Get('panel.adminmail')) !== false) { - // set return-to address and custom sender-name, see #76 - $_mail->SetFrom(Settings::Get('panel.adminmail'), Settings::Get('panel.adminmail_defname')); - if (Settings::Get('panel.adminmail_return') != '') { - $_mail->AddReplyTo(Settings::Get('panel.adminmail_return'), Settings::Get('panel.adminmail_defname')); - } - } - - $_mailerror = false; - try { - $_mail->Subject = $subject; - $_mail->AltBody = $message; - $_mail->MsgHTML(nl2br($message)); - $_mail->AddAddress(Settings::Get('panel.adminmail'), Settings::Get('panel.adminmail_defname')); - $_mail->Send(); - } catch (\PHPMailer\PHPMailer\Exception $e) { - $mailerr_msg = $e->errorMessage(); - $_mailerror = true; - } catch (Exception $e) { - $mailerr_msg = $e->getMessage(); - $_mailerror = true; - } - - $_mail->ClearAddresses(); - - if ($_mailerror) { - echo 'Error sending mail: ' . $mailerr_msg . "\n"; - } - } - - die($message); -} diff --git a/lib/functions/system/function.getAvailablePasswordHashes.php b/lib/functions/system/function.getAvailablePasswordHashes.php deleted file mode 100644 index 63fc1360..00000000 --- a/lib/functions/system/function.getAvailablePasswordHashes.php +++ /dev/null @@ -1,46 +0,0 @@ - (2014-) - * @license GPLv2 http://files.froxlor.org/misc/COPYING.txt - * @package Functions - * - * @since 0.9.33.1 - */ - -/** - * return an array of available hashes for the crypt() function - * - * @return array - */ -function getAvailablePasswordHashes() -{ - global $lng; - - // get available pwd-hases - $available_pwdhashes = array( - 0 => $lng['serversettings']['systemdefault'] - ); - if (defined('CRYPT_MD5') && CRYPT_MD5 == 1) { - $available_pwdhashes[1] = 'MD5'; - } - if (defined('CRYPT_BLOWFISH') && CRYPT_BLOWFISH == 1) { - $available_pwdhashes[2] = 'BLOWFISH'; - } - if (defined('CRYPT_SHA256') && CRYPT_SHA256 == 1) { - $available_pwdhashes[3] = 'SHA-256'; - } - if (defined('CRYPT_SHA512') && CRYPT_SHA512 == 1) { - $available_pwdhashes[4] = 'SHA-512'; - } - - return $available_pwdhashes; -} diff --git a/lib/functions/system/function.makeCryptPassword.php b/lib/functions/system/function.makeCryptPassword.php deleted file mode 100644 index 7e8cd640..00000000 --- a/lib/functions/system/function.makeCryptPassword.php +++ /dev/null @@ -1,71 +0,0 @@ - - * @author Michael Kaufmann - * @author Froxlor team (2010-) - * @license GPLv2 http://files.froxlor.org/misc/COPYING.txt - * @package Functions - * - */ - -/** - * Make crypted password from clear text password - * - * @author Michal Wojcik - * @author Michael Kaufmann - * @author Froxlor team (2010-) - * - * 0 - default crypt (depenend on system configuration) - * 1 - MD5 $1$ - * 2 - BLOWFISH $2a$ | $2y$07$ (on php 5.3.7+) - * 3 - SHA-256 $5$ (default) - * 4 - SHA-512 $6$ - * - * @param string $password Password to be crypted - * - * @return string encrypted password - */ -function makeCryptPassword ($password) { - - $type = Settings::Get('system.passwordcryptfunc') !== null ? (int)Settings::Get('system.passwordcryptfunc') : 3; - - switch ($type) { - case 0: - $cryptPassword = crypt($password); - break; - case 1: - $cryptPassword = crypt($password, '$1$' . generatePassword(true). generatePassword(true)); - break; - case 2: - if (version_compare(phpversion(), '5.3.7', '<')) { - $cryptPassword = crypt($password, '$2a$' . generatePassword(true). generatePassword(true)); - } else { - // Blowfish hashing with a salt as follows: "$2a$", "$2x$" or "$2y$", - // a two digit cost parameter, "$", and 22 characters from the alphabet "./0-9A-Za-z" - $cryptPassword = crypt( - $password, - '$2y$07$' . substr(generatePassword(true).generatePassword(true).generatePassword(true), 0, 22) - ); - } - break; - case 3: - $cryptPassword = crypt($password, '$5$' . generatePassword(true). generatePassword(true)); - break; - case 4: - $cryptPassword = crypt($password, '$6$' . generatePassword(true). generatePassword(true)); - break; - default: - $cryptPassword = crypt($password); - break; - } - return $cryptPassword; -} diff --git a/lib/functions/validate/function.validatePasswordLogin.php b/lib/functions/validate/function.validatePasswordLogin.php index 275d2bfb..e42a5753 100644 --- a/lib/functions/validate/function.validatePasswordLogin.php +++ b/lib/functions/validate/function.validatePasswordLogin.php @@ -71,7 +71,7 @@ function validatePasswordLogin($userinfo = null, $password = null, $table = 'pan UPDATE " . $table . " SET `password` = :newpasswd WHERE `" . $uid . "` = :uid "); $params = array ( - 'newpasswd' => makeCryptPassword($password), + 'newpasswd' => \Froxlor\System::makeCryptPassword($password), 'uid' => $userinfo[$uid] ); Database::pexecute($upd_stmt, $params); diff --git a/tests/Emails/EmailsTest.php b/tests/Emails/EmailsTest.php index d04bc8f8..8c840ba0 100644 --- a/tests/Emails/EmailsTest.php +++ b/tests/Emails/EmailsTest.php @@ -377,7 +377,7 @@ class MailsTest extends TestCase $data = [ 'emailaddr' => 'info@test2.local', - 'email_password' => generatePassword(), + 'email_password' => \Froxlor\System::generatePassword(), 'alternative_email' => 'noone@example.com', 'email_quota' => 1337, 'sendinfomail' => TRAVIS_CI == 1 ? 0 : 1 @@ -399,7 +399,7 @@ class MailsTest extends TestCase $data = [ 'emailaddr' => 'info@test2.local', - 'email_password' => generatePassword(), + 'email_password' => \Froxlor\System::generatePassword(), 'alternative_email' => 'noone@example.com', 'email_quota' => 1338 ]; @@ -459,7 +459,7 @@ class MailsTest extends TestCase // add account $data = [ 'emailaddr' => 'info@test2.local', - 'email_password' => generatePassword(), + 'email_password' => \Froxlor\System::generatePassword(), 'alternative_email' => 'noone@example.com', 'sendinfomail' => TRAVIS_CI == 1 ? 0 : 1 ]; diff --git a/tests/Extras/DirProtectionsTest.php b/tests/Extras/DirProtectionsTest.php index c5d22508..06d3810f 100644 --- a/tests/Extras/DirProtectionsTest.php +++ b/tests/Extras/DirProtectionsTest.php @@ -27,7 +27,7 @@ class DirProtectionsTest extends TestCase $data = [ 'path' => '/test', 'username' => 'testing', - 'directory_password' => generatePassword(), + 'directory_password' => \Froxlor\System::generatePassword(), 'directory_authname' => 'test1' ]; $json_result = DirProtections::getLocal($customer_userdata, $data)->add(); @@ -49,7 +49,7 @@ class DirProtectionsTest extends TestCase $data = [ 'path' => '/test', 'username' => 'testing', - 'directory_password' => generatePassword(), + 'directory_password' => \Froxlor\System::generatePassword(), 'directory_authname' => 'test2' ]; $this->expectExceptionMessage("Combination of username and path already exists"); @@ -65,7 +65,7 @@ class DirProtectionsTest extends TestCase 'loginname' => 'test1' ))->get(); $customer_userdata = json_decode($json_result, true)['data']; - $up = generatePassword(); + $up = \Froxlor\System::generatePassword(); $data = [ 'path' => '/test', 'username' => $up, @@ -146,7 +146,7 @@ class DirProtectionsTest extends TestCase $data = [ 'id' => 1, - 'directory_password' => generatePassword(), + 'directory_password' => \Froxlor\System::generatePassword(), 'directory_authname' => 'test1337' ]; $json_result = DirProtections::getLocal($customer_userdata, $data)->update(); diff --git a/tests/Mysqls/MysqlsTest.php b/tests/Mysqls/MysqlsTest.php index 9b57c418..ad5e387a 100644 --- a/tests/Mysqls/MysqlsTest.php +++ b/tests/Mysqls/MysqlsTest.php @@ -27,7 +27,7 @@ class MysqlsTest extends TestCase $customer_userdata = json_decode($json_result, true)['data']; $data = [ - 'mysql_password' => generatePassword(), + 'mysql_password' => \Froxlor\System::generatePassword(), 'description' => 'testdb', 'sendinfomail' => TRAVIS_CI == 1 ? 0 : 1 ]; @@ -103,7 +103,7 @@ class MysqlsTest extends TestCase $data = [ 'dbname' => 'test1sql1', - 'mysql_password' => generatePassword(), + 'mysql_password' => \Froxlor\System::generatePassword(), 'description' => 'testdb-upd', 'loginname' => 'test1' ];