From a7687659ccf7244e9e02cdccc0a9c882e85c8fed Mon Sep 17 00:00:00 2001 From: Axel Guckelsberger Date: Sat, 27 Apr 2013 10:15:36 +0300 Subject: [PATCH] Update customer_ftp.php --- customer_ftp.php | 226 ++++++++++++++++------------------------------- 1 file changed, 78 insertions(+), 148 deletions(-) diff --git a/customer_ftp.php b/customer_ftp.php index 5cc532d4..b892860f 100644 --- a/customer_ftp.php +++ b/customer_ftp.php @@ -22,27 +22,20 @@ define('AREA', 'customer'); /** * Include our init.php, which manages Sessions, Language etc. */ +require('./lib/init.php'); -require ("./lib/init.php"); - -if(isset($_POST['id'])) -{ +$id = 0; +if (isset($_POST['id'])) { $id = intval($_POST['id']); -} -elseif(isset($_GET['id'])) -{ +} elseif(isset($_GET['id'])) { $id = intval($_GET['id']); } -if($page == 'overview') -{ +if ($page == 'overview') { $log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_ftp"); - eval("echo \"" . getTemplate("ftp/ftp") . "\";"); -} -elseif($page == 'accounts') -{ - if($action == '') - { + eval("echo \"" . getTemplate('ftp/ftp') . "\";"); +} elseif ($page == 'accounts') { + if ($action == '') { $log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_ftp::accounts"); $fields = array( 'username' => $lng['login']['username'], @@ -59,23 +52,18 @@ elseif($page == 'accounts') $count = 0; $accounts = ''; - while($row = $db->fetch_array($result)) - { - if($paging->checkDisplay($i)) - { - if(strpos($row['homedir'], $userinfo['documentroot']) === 0) - { + while ($row = $db->fetch_array($result)) { + if ($paging->checkDisplay($i)) { + if (strpos($row['homedir'], $userinfo['documentroot']) === 0) { $row['documentroot'] = substr($row['homedir'], strlen($userinfo['documentroot'])); - } - else - { + } else { $row['documentroot'] = $row['homedir']; } $row['documentroot'] = makeCorrectDir($row['documentroot']); $row = htmlentities_array($row); - eval("\$accounts.=\"" . getTemplate("ftp/accounts_account") . "\";"); + eval("\$accounts.=\"" . getTemplate('ftp/accounts_account') . "\";"); $count++; } @@ -83,19 +71,16 @@ elseif($page == 'accounts') } $ftps_count = $db->num_rows($result); - eval("echo \"" . getTemplate("ftp/accounts") . "\";"); - } - elseif($action == 'delete' - && $id != 0) - { + eval("echo \"" . getTemplate('ftp/accounts') . "\";"); + } elseif ($action == 'delete' && $id != 0) { $result = $db->query_first("SELECT `id`, `username`, `homedir`, `up_count`, `up_bytes`, `down_count`, `down_bytes` FROM `" . TABLE_FTP_USERS . "` WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `id`='" . (int)$id . "'"); - if(isset($result['username']) - && $result['username'] != $userinfo['loginname']) - { - if(isset($_POST['send']) - && $_POST['send'] == 'send') - { + if (isset($result['username']) + && $result['username'] != $userinfo['loginname'] + ) { + if (isset($_POST['send']) + && $_POST['send'] == 'send' + ) { $db->query("UPDATE `" . TABLE_FTP_USERS . "` SET `up_count`=`up_count`+'" . (int)$result['up_count'] . "', `up_bytes`=`up_bytes`+'" . (int)$result['up_bytes'] . "', `down_count`=`down_count`+'" . (int)$result['down_count'] . "', `down_bytes`=`down_bytes`+'" . (int)$result['down_bytes'] . "' WHERE `username`='" . $db->escape($userinfo['loginname']) . "'"); $result = $db->query_first("SELECT `username`, `homedir` FROM `" . TABLE_FTP_USERS . "` WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `id`='" . (int)$id . "'"); $db->query("DELETE FROM `" . TABLE_FTP_QUOTATALLIES . "` WHERE `name` = '" . $db->escape($result['username']) . "'"); @@ -103,96 +88,69 @@ elseif($page == 'accounts') $log->logAction(USR_ACTION, LOG_INFO, "deleted ftp-account '" . $result['username'] . "'"); $db->query("UPDATE `" . TABLE_FTP_GROUPS . "` SET `members`=REPLACE(`members`,'," . $db->escape($result['username']) . "','') WHERE `customerid`='" . (int)$userinfo['customerid'] . "'"); - if($userinfo['ftps_used'] == '1') - { - $resetaccnumber = " , `ftp_lastaccountnumber`='0'"; - } - else - { - $resetaccnumber = ''; - } + $resetaccnumber = ($userinfo['ftps_used'] == '1') ? " , `ftp_lastaccountnumber`='0'" : ''; // refs #293 - if(isset($_POST['delete_userfiles']) - && (int)$_POST['delete_userfiles'] == 1) - { + if (isset($_POST['delete_userfiles']) + && (int)$_POST['delete_userfiles'] == 1 + ) { inserttask('8', $userinfo['loginname'], $result['homedir']); } $result = $db->query("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `ftps_used`=`ftps_used`-1 $resetaccnumber WHERE `customerid`='" . (int)$userinfo['customerid'] . "'"); redirectTo($filename, Array('page' => $page, 's' => $s)); - } - else - { + } else { ask_yesno_withcheckbox('ftp_reallydelete', 'admin_customer_alsoremoveftphomedir', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $result['username']); } - } - else - { + } else { standard_error('ftp_cantdeletemainaccount'); } - } - elseif($action == 'add') - { - if($userinfo['ftps_used'] < $userinfo['ftps'] - || $userinfo['ftps'] == '-1') - { - if(isset($_POST['send']) - && $_POST['send'] == 'send') - { + } elseif ($action == 'add') { + if ($userinfo['ftps_used'] < $userinfo['ftps'] + || $userinfo['ftps'] == '-1' + ) { + if (isset($_POST['send']) + && $_POST['send'] == 'send' + ) { $path = validate($_POST['path'], 'path'); $password = validate($_POST['ftp_password'], 'password'); $password = validatePassword($password); $sendinfomail = isset($_POST['sendinfomail']) ? 1 : 0; - if($sendinfomail != 1) - { + if ($sendinfomail != 1) { $sendinfomail = 0; } - if($settings['customer']['ftpatdomain'] == '1') - { + if ($settings['customer']['ftpatdomain'] == '1') { $ftpusername = validate($_POST['ftp_username'], 'username', '/^[a-zA-Z0-9][a-zA-Z0-9\-_]+\$?$/'); - if($ftpusername == '') - { + if ($ftpusername == '') { standard_error(array('stringisempty', 'username')); } $ftpdomain = $idna_convert->encode(validate($_POST['ftp_domain'], 'domain')); $ftpdomain_check = $db->query_first("SELECT `id`, `domain`, `customerid` FROM `" . TABLE_PANEL_DOMAINS . "` WHERE `domain`='" . $db->escape($ftpdomain) . "' AND `customerid`='" . (int)$userinfo['customerid'] . "'"); - if($ftpdomain_check['domain'] != $ftpdomain) - { + if ($ftpdomain_check['domain'] != $ftpdomain) { standard_error('maindomainnonexist', $domain); } $username = $ftpusername . "@" . $ftpdomain; - } - else - { + } else { $username = $userinfo['loginname'] . $settings['customer']['ftpprefix'] . (intval($userinfo['ftp_lastaccountnumber']) + 1); } $username_check = $db->query_first('SELECT * FROM `' . TABLE_FTP_USERS .'` WHERE `username` = \'' . $db->escape($username) . '\''); - if(!empty($username_check) && $username_check['username'] = $username) - { + if (!empty($username_check) && $username_check['username'] = $username) { standard_error('usernamealreadyexists', $username); - } - elseif($password == '') - { + } elseif ($password == '') { standard_error(array('stringisempty', 'mypassword')); - } - elseif($path == '') - { + } elseif ($path == '') { standard_error('patherror'); - } - else - { + } else { $path = makeCorrectDir($userinfo['documentroot'] . '/' . $path); $cryptPassword = makeCryptPassword($password); $db->query("INSERT INTO `" . TABLE_FTP_USERS . "` (`customerid`, `username`, `password`, `homedir`, `login_enabled`, `uid`, `gid`) VALUES ('" . (int)$userinfo['customerid'] . "', '" . $db->escape($username) . "', '" . $db->escape($cryptPassword) . "', '" . $db->escape($path) . "', 'y', '" . (int)$userinfo['guid'] . "', '" . (int)$userinfo['guid'] . "')"); $result = $db->query("SELECT `bytes_in_used` FROM `" . TABLE_FTP_QUOTATALLIES . "` WHERE `name` = '" . $userinfo['loginname'] . "'"); - while($row = $db->fetch_array($result)) - { + while ($row = $db->fetch_array($result)) { $db->query("INSERT INTO `" . TABLE_FTP_QUOTATALLIES . "` (`name`, `quota_type`, `bytes_in_used`, `bytes_out_used`, `bytes_xfer_used`, `files_in_used`, `files_out_used`, `files_xfer_used`) VALUES ('" . $db->escape($username) . "', 'user', '" . $db->escape($row['bytes_in_used']) . "', '0', '0', '0', '0', '0')"); } $db->query("UPDATE `" . TABLE_FTP_GROUPS . "` SET `members`=CONCAT_WS(',',`members`,'" . $db->escape($username) . "') WHERE `customerid`='" . $userinfo['customerid'] . "' AND `gid`='" . (int)$userinfo['guid'] . "'"); @@ -201,8 +159,7 @@ elseif($page == 'accounts') $log->logAction(USR_ACTION, LOG_INFO, "added ftp-account '" . $username . " (" . $path . ")'"); inserttask(5); - if($sendinfomail == 1) - { + if ($sendinfomail == 1) { $replace_arr = array( 'SALUTATION' => getCorrectUserSalutation($userinfo), 'CUST_NAME' => getCorrectUserSalutation($userinfo), // < keep this for compatibility @@ -242,29 +199,23 @@ elseif($page == 'accounts') redirectTo($filename, Array('page' => $page, 's' => $s)); } - } - else - { + } else { $pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid'], $settings['panel']['pathedit'], '/'); - if($settings['customer']['ftpatdomain'] == '1') - { + if ($settings['customer']['ftpatdomain'] == '1') { $domainlist = array(); $domains = ''; $result_domains = $db->query("SELECT `domain` FROM `" . TABLE_PANEL_DOMAINS . "` WHERE `customerid`='" . (int)$userinfo['customerid'] . "'"); - while($row_domain = $db->fetch_array($result_domains)) - { + while ($row_domain = $db->fetch_array($result_domains)) { $domainlist[] = $row_domain['domain']; } sort($domainlist); - if(isset($domainlist[0]) && $domainlist[0] != '') - { - foreach($domainlist as $dom) - { + if (isset($domainlist[0]) && $domainlist[0] != '') { + foreach ($domainlist as $dom) { $domains .= makeoption($idna_convert->decode($dom), $dom); } } @@ -278,59 +229,47 @@ elseif($page == 'accounts') $title = $ftp_add_data['ftp_add']['title']; $image = $ftp_add_data['ftp_add']['image']; - eval("echo \"" . getTemplate("ftp/accounts_add") . "\";"); + eval("echo \"" . getTemplate('ftp/accounts_add') . "\";"); } } - } - elseif($action == 'edit' - && $id != 0) - { + } elseif ($action == 'edit' && $id != 0) { $result = $db->query_first("SELECT `id`, `username`, `homedir`, `uid`, `gid` FROM `" . TABLE_FTP_USERS . "` WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `id`='" . (int)$id . "'"); - if(isset($result['username']) - && $result['username'] != '') - { - if(isset($_POST['send']) - && $_POST['send'] == 'send') - { + if (isset($result['username']) + && $result['username'] != '' + ) { + if (isset($_POST['send']) + && $_POST['send'] == 'send' + ) { $path = validate($_POST['path'], 'path'); $_setnewpass = false; - if(isset($_POST['ftp_password']) && $_POST['ftp_password'] != '') - { + if (isset($_POST['ftp_password']) && $_POST['ftp_password'] != '') { $password = validate($_POST['ftp_password'], 'password'); $password = validatePassword($password); $_setnewpass = true; } - if($_setnewpass) - { - if($password == '') - { + if ($_setnewpass) { + if ($password == '') { standard_error(array('stringisempty', 'mypassword')); exit; } - else - { - $log->logAction(USR_ACTION, LOG_INFO, "updated ftp-account password for '" . $result['username'] . "'"); - $cryptPassword = makeCryptPassword($password); - $db->query("UPDATE `" . TABLE_FTP_USERS . "` SET `password`='" . $db->escape($cryptPassword) . "' WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `id`='" . (int)$id . "'"); + $log->logAction(USR_ACTION, LOG_INFO, "updated ftp-account password for '" . $result['username'] . "'"); + $cryptPassword = makeCryptPassword($password); + $db->query("UPDATE `" . TABLE_FTP_USERS . "` SET `password`='" . $db->escape($cryptPassword) . "' WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `id`='" . (int)$id . "'"); - // also update customers backup user password if password of main ftp user is changed - if(!preg_match('/' . $settings['customer']['ftpprefix'] . '/', $result['username'])){ - $db->query("UPDATE `" . TABLE_FTP_USERS . "` SET `password`='" . $db->escape($cryptPassword) . "' WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `username`='" . $result['username'] . "_backup'"); - } + // also update customers backup user password if password of main ftp user is changed + if(!preg_match('/' . $settings['customer']['ftpprefix'] . '/', $result['username'])){ + $db->query("UPDATE `" . TABLE_FTP_USERS . "` SET `password`='" . $db->escape($cryptPassword) . "' WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `username`='" . $result['username'] . "_backup'"); } } - if($path != '') - { + if ($path != '') { $path = makeCorrectDir($userinfo['documentroot'] . '/' . $path); - - if($path != $result['homedir']) - { - if(!file_exists($path)) - { + + if ($path != $result['homedir']) { + if (!file_exists($path)) { mkDirWithCorrectOwnership($userinfo['documentroot'], $path, $result['uid'], $result['gid']); inserttask(5); /* Let the cronjob do the rest */ } @@ -341,30 +280,23 @@ elseif($page == 'accounts') } redirectTo($filename, Array('page' => $page, 's' => $s)); - } - else - { - if(strpos($result['homedir'], $userinfo['documentroot']) === 0) - { + } else { + if (strpos($result['homedir'], $userinfo['documentroot']) === 0) { $homedir = substr($result['homedir'], strlen($userinfo['documentroot'])); - } - else - { + } else { $homedir = $result['homedir']; } $homedir = makeCorrectDir($homedir); $pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid'], $settings['panel']['pathedit'], $homedir); - if($settings['customer']['ftpatdomain'] == '1') - { + if ($settings['customer']['ftpatdomain'] == '1') { $domains = ''; $result_domains = $db->query("SELECT `domain` FROM `" . TABLE_PANEL_DOMAINS . "` WHERE `customerid`='" . (int)$userinfo['customerid'] . "'"); - while($row_domain = $db->fetch_array($result_domains)) - { - $domains.= makeoption($idna_convert->decode($row_domain['domain']), $row_domain['domain']); + while ($row_domain = $db->fetch_array($result_domains)) { + $domains .= makeoption($idna_convert->decode($row_domain['domain']), $row_domain['domain']); } } @@ -374,10 +306,8 @@ elseif($page == 'accounts') $title = $ftp_edit_data['ftp_edit']['title']; $image = $ftp_edit_data['ftp_edit']['image']; - eval("echo \"" . getTemplate("ftp/accounts_edit") . "\";"); + eval("echo \"" . getTemplate('ftp/accounts_edit') . "\";"); } } } } - -?>