maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

convert validate/check functions

Browse Source 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann
2018-12-20 21:00:39 +01:00
parent 5888927239
commit b0df4e46d6
39 changed files with 952 additions and 1355 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
lib/functions/validate/function.appendOpenbasedirPath.php
View File

@@ -1,63 +0,0 @@
<?php
/**
* This file is part of the Froxlor project.
* Copyright (c) 2010 the Froxlor Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Froxlor team <team@froxlor.org> (2010-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Functions
*
*/
/**
* checks give path for security issues
* and returns a string that can be appended
* to a line for a open_basedir directive
*
* @param string $path
* the path to check and append
* @param boolean $first
* if true, no ':' will be prefixed to the path
*
* @return string
*/
function appendOpenBasedirPath($path = '', $first = false)
{
if ($path != '' && $path != '/' &&
(! preg_match("#^/dev#i", $path) || preg_match("#^/dev/urandom#i", $path))
&& ! preg_match("#^/proc#i", $path)
&& ! preg_match("#^/etc#i", $path)
&& ! preg_match("#^/sys#i", $path)
&& ! preg_match("#:#", $path)) {
if (preg_match("#^/dev/urandom#i", $path)) {
$path = \Froxlor\FileDir::makeCorrectFile($path);
} else {
$path = \Froxlor\FileDir::makeCorrectDir($path);
}
// check for php-version that requires the trailing
// slash to be removed as it does not allow the usage
// of the subfolders within the given folder, fixes #797
if ((PHP_MINOR_VERSION == 2 && PHP_VERSION_ID >= 50216) || PHP_VERSION_ID >= 50304) {
// check trailing slash
if (substr($path, - 1, 1) == '/') {
// remove it
$path = substr($path, 0, - 1);
}
}
if ($first) {
return $path;
}
return ':' . $path;
}
return '';
}

48
lib/functions/validate/function.checkDisallowedPaths.php
View File

@@ -1,48 +0,0 @@
<?php
/**
* This file is part of the Froxlor project.
* Copyright (c) 2013 the Froxlor Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Michael Kaufmann <mkaufmann@nutime.de>
* @author Froxlor team <team@froxlor.org> (2010-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Functions
*
* @since 0.9.30
*
*/
/**
* checks a directory against disallowed paths which could
* lead to a damaged system if you use them
*
* @param string $fieldname
* @param array $fielddata
* @param mixed $newfieldvalue
*
* @return boolean|array
*/
function checkDisallowedPaths($path = null) {
/*
* disallow base-directories and /
*/
$disallowed_values = array(
"/", "/bin/", "/boot/", "/dev/", "/etc/", "/home/", "/lib/", "/lib32/", "/lib64/",
"/opt/", "/proc/", "/root/", "/run/", "/sbin/", "/sys/", "/tmp/", "/usr/", "/var/"
);
$path = \Froxlor\FileDir::makeCorrectDir($path);
// check if it's a disallowed path
if (in_array($path, $disallowed_values)) {
return false;
}
return true;
}

71
lib/functions/validate/function.checkFcgidPhpFpm.php
View File

@@ -1,71 +0,0 @@
<?php
/**
* This file is part of the Froxlor project.
* Copyright (c) 2010 the Froxlor Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Froxlor team <team@froxlor.org> (2010-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Functions
*
*/
function checkFcgidPhpFpm($fieldname, $fielddata, $newfieldvalue, $allnewfieldvalues)
{
$returnvalue = array(
FORMFIELDS_PLAUSIBILITY_CHECK_OK
);
$check_array = array(
'system_mod_fcgid_enabled' => array(
'other_post_field' => 'system_phpfpm_enabled',
'other_enabled' => 'phpfpm.enabled',
'other_enabled_lng' => 'phpfpmstillenabled',
'deactivate' => array('phpfpm.enabled_ownvhost' => 0)
),
'system_phpfpm_enabled' => array(
'other_post_field' => 'system_mod_fcgid_enabled',
'other_enabled' => 'system.mod_fcgid',
'other_enabled_lng' => 'fcgidstillenabled',
'deactivate' => array('system.mod_fcgid_ownvhost' => 0)
)
);
// interface is to be enabled
if ((int) $newfieldvalue == 1) {
// check for POST value of the other field == 1 (active)
if (isset($_POST[$check_array[$fieldname]['other_post_field']]) && (int) $_POST[$check_array[$fieldname]['other_post_field']] == 1) {
// the other interface is activated already and STAYS activated
if ((int) Settings::Get($check_array[$fieldname]['other_enabled']) == 1) {
$returnvalue = array(
FORMFIELDS_PLAUSIBILITY_CHECK_ERROR,
$check_array[$fieldname]['other_enabled_lng']
);
} else {
// fcgid is being validated before fpm -> "ask" fpm about its state
if ($fieldname == 'system_mod_fcgid_enabled') {
$returnvalue = checkFcgidPhpFpm('system_phpfpm_enabled', null, $check_array[$fieldname]['other_post_field'], null);
} else {
// not, bot are nogo
$returnvalue = $returnvalue = array(
FORMFIELDS_PLAUSIBILITY_CHECK_ERROR,
'fcgidandphpfpmnogoodtogether'
);
}
}
}
if (in_array(FORMFIELDS_PLAUSIBILITY_CHECK_OK, $returnvalue)) {
// be sure to deactivate the other one for the froxlor-vhost
// to avoid having a settings-deadlock
foreach ($check_array[$fieldname]['deactivate'] as $setting => $value) {
Settings::Set($setting, $value, true);
}
}
}
return $returnvalue;
}

27
lib/functions/validate/function.checkHostname.php
View File

@@ -1,27 +0,0 @@
<?php
/**
* This file is part of the Froxlor project.
* Copyright (c) 2010 the Froxlor Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Froxlor team <team@froxlor.org> (2010-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Functions
*
*/
function checkHostname($fieldname, $fielddata, $newfieldvalue, $allnewfieldvalues)
{
if (0 == strlen(trim($newfieldvalue))
|| validateDomain($newfieldvalue) === false
) {
return array(FORMFIELDS_PLAUSIBILITY_CHECK_ERROR, 'invalidhostname');
} else {
return array(FORMFIELDS_PLAUSIBILITY_CHECK_OK);
}
}

36
lib/functions/validate/function.checkMysqlAccessHost.php
View File

@@ -1,36 +0,0 @@
<?php
/**
* This file is part of the Froxlor project.
* Copyright (c) 2003-2009 the SysCP Team (see authors).
* Copyright (c) 2010 the Froxlor Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Florian Lippert <flo@syscp.org> (2003-2009)
* @author Froxlor team <team@froxlor.org> (2010-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Functions
*
*/
function checkMysqlAccessHost($fieldname, $fielddata, $newfieldvalue, $allnewfieldvalues) {
$mysql_access_host_array = array_map('trim', explode(',', $newfieldvalue));
foreach ($mysql_access_host_array as $host_entry) {
if (validate_ip2($host_entry, true, 'invalidip', true, true) == false
&& validateDomain($host_entry) == false
&& validateLocalHostname($host_entry) == false
&& $host_entry != '%'
) {
return array(FORMFIELDS_PLAUSIBILITY_CHECK_ERROR, 'invalidmysqlhost', $host_entry);
}
}
return array(FORMFIELDS_PLAUSIBILITY_CHECK_OK);
}

46
lib/functions/validate/function.checkPathConflicts.php
View File

@@ -1,46 +0,0 @@
<?php
/**
* This file is part of the Froxlor project.
* Copyright (c) 2010 the Froxlor Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Froxlor team <team@froxlor.org> (2010-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Functions
*
*/
function checkPathConflicts($fieldname, $fielddata, $newfieldvalue, $allnewfieldvalues) {
if((int)Settings::Get('system.mod_fcgid') == 1) {
// fcgid-configdir has changed -> check against customer-doc-prefix
if ($fieldname == "system_mod_fcgid_configdir") {
$newdir = \Froxlor\FileDir::makeCorrectDir($newfieldvalue);
$cdir = \Froxlor\FileDir::makeCorrectDir(Settings::Get('system.documentroot_prefix'));
}
// customer-doc-prefix has changed -> check against fcgid-configdir
elseif ($fieldname == "system_documentroot_prefix") {
$newdir = \Froxlor\FileDir::makeCorrectDir($newfieldvalue);
$cdir = \Froxlor\FileDir::makeCorrectDir(Settings::Get('system.mod_fcgid_configdir'));
}
// neither dir can be within the other nor can they be equal
if (substr($newdir, 0, strlen($cdir)) == $cdir
|| substr($cdir, 0, strlen($newdir)) == $newdir
|| $newdir == $cdir
) {
$returnvalue = array(FORMFIELDS_PLAUSIBILITY_CHECK_ERROR, 'fcgidpathcannotbeincustomerdoc');
} else {
$returnvalue = array(FORMFIELDS_PLAUSIBILITY_CHECK_OK);
}
} else {
$returnvalue = array(FORMFIELDS_PLAUSIBILITY_CHECK_OK);
}
return $returnvalue;
}

31
lib/functions/validate/function.checkPhpInterfaceSetting.php
View File

@@ -1,31 +0,0 @@
<?php
/**
* This file is part of the Froxlor project.
* Copyright (c) 2013 the Froxlor Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Michael Kaufmann <d00p@froxlor.org>
* @author Froxlor team <team@froxlor.org> (2010-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package AJAX
*
*/
function checkPhpInterfaceSetting($fieldname, $fielddata, $newfieldvalue, $allnewfieldvalues) {
$returnvalue = array(FORMFIELDS_PLAUSIBILITY_CHECK_OK);
if ((int)Settings::Get('system.mod_fcgid') == 1) {
// fcgid only works for apache and lighttpd
if (strtolower($newfieldvalue) != 'apache2' && strtolower($newfieldvalue) != 'lighttpd') {
$returnvalue = array(FORMFIELDS_PLAUSIBILITY_CHECK_ERROR, 'fcgidstillenableddeadlock');
}
}
return $returnvalue;
}

41
lib/functions/validate/function.checkUsername.php
View File

@@ -1,41 +0,0 @@
<?php
/**
* This file is part of the Froxlor project.
* Copyright (c) 2003-2009 the SysCP Team (see authors).
* Copyright (c) 2010 the Froxlor Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Florian Lippert <flo@syscp.org> (2003-2009)
* @author Froxlor team <team@froxlor.org> (2010-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Functions
*
*/
function checkUsername($fieldname, $fielddata, $newfieldvalue, $allnewfieldvalues) {
if (!isset($allnewfieldvalues['customer_mysqlprefix'])) {
$allnewfieldvalues['customer_mysqlprefix'] = Settings::Get('customer.mysqlprefix');
}
$returnvalue = array();
if (validateUsername(
$newfieldvalue,
Settings::Get('panel.unix_names'),
14 - strlen($allnewfieldvalues['customer_mysqlprefix'])) === true
) {
$returnvalue = array(FORMFIELDS_PLAUSIBILITY_CHECK_OK);
} else {
$errmsg = 'accountprefixiswrong';
if ($fieldname == 'customer_mysqlprefix') {
$errmsg = 'mysqlprefixiswrong';
}
$returnvalue = array(FORMFIELDS_PLAUSIBILITY_CHECK_ERROR, $errmsg);
}
return $returnvalue;
}

32
lib/functions/validate/function.checkValidRegEx.php
View File

@@ -1,32 +0,0 @@
<?php
/**
* This file is part of the Froxlor project.
* Copyright (c) 2010 the Froxlor Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Froxlor team <team@froxlor.org> (2010-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Functions
*
*/
/**
* validates a given regex
*
* @param string $regex regex to validate
*
* @return boolean
*/
function checkValidRegEx($regex = null)
{
if($regex == null || $regex == '') {
return true;
}
}

79
lib/functions/validate/function.validate.php
View File

@@ -1,79 +0,0 @@
<?php
/**
* This file is part of the Froxlor project.
* Copyright (c) 2003-2009 the SysCP Team (see authors).
* Copyright (c) 2010 the Froxlor Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Florian Lippert <flo@syscp.org> (2003-2009)
* @author Froxlor team <team@froxlor.org> (2010-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Functions
*
*/
/**
* Validates the given string by matching against the pattern, prints an error on failure and exits
*
* @param string $str the string to be tested (user input)
* @param string the $fieldname to be used in error messages
* @param string $pattern the regular expression to be used for testing
* @param string language id for the error
* @return string the clean string
*
* If the default pattern is used and the string does not match, we try to replace the
* 'bad' values and log the action.
*
*/
function validate($str, $fieldname, $pattern = '', $lng = '', $emptydefault = array(), $throw_exception = false) {
global $log, $theme;
if (!is_array($emptydefault)) {
$emptydefault_array = array(
$emptydefault
);
unset($emptydefault);
$emptydefault = $emptydefault_array;
unset($emptydefault_array);
}
// Check if the $str is one of the values which represent the default for an 'empty' value
if (is_array($emptydefault)
&& !empty($emptydefault)
&& in_array($str, $emptydefault)
&& isset($emptydefault[0])
) {
return $emptydefault[0];
}
if ($pattern == '') {
$pattern = '/^[^\r\n\t\f\0]*$/D';
if (!preg_match($pattern, $str)) {
// Allows letters a-z, digits, space (\\040), hyphen (\\-), underscore (\\_) and backslash (\\\\),
// everything else is removed from the string.
$allowed = "/[^a-z0-9\\040\\.\\-\\_\\\\]/i";
$str = preg_replace($allowed, "", $str);
$log->logAction(USR_ACTION, LOG_WARNING, "cleaned bad formatted string (" . $str . ")");
}
}
if (preg_match($pattern, $str)) {
return $str;
}
if ($lng == '') {
$lng = 'stringformaterror';
}
standard_error($lng, $fieldname, $throw_exception);
exit;
}

60
lib/functions/validate/function.validateDomain.php
View File

@@ -1,60 +0,0 @@
<?php
/**
* This file is part of the Froxlor project.
* Copyright (c) 2010 the Froxlor Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Froxlor team <team@froxlor.org> (2010-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Functions
*
*/
/**
* Check if the submitted string is a valid domainname
*
* @param string $domainname
* The domainname which should be checked.
* @param bool $allow_underscore
* optional if true, allowes the underscore character in a domain label (DKIM etc.)
*
* @return string|boolean the domain-name if the domain is valid, false otherwise
*/
function validateDomain($domainname, $allow_underscore = false)
{
if (is_string($domainname)) {
$char_validation = '([a-z\d](-*[a-z\d])*)(\.?([a-z\d](-*[a-z\d])*))*\.([a-z\d])+';
if ($allow_underscore) {
$char_validation = '([a-z\d\_](-*[a-z\d\_])*)(\.([a-z\d\_](-*[a-z\d])*))*(\.?([a-z\d](-*[a-z\d])*))+\.([a-z\d])+';
}
if (preg_match("/^" . $char_validation . "$/i", $domainname) && // valid chars check
preg_match("/^.{1,253}$/", $domainname) && // overall length check
preg_match("/^[^\.]{1,63}(\.[^\.]{1,63})*$/", $domainname)) // length of each label
{
return $domainname;
}
}
return false;
}
/**
* validate a local-hostname by regex
*
* @param string $hostname
*
* @return string|boolean hostname on success, else false
*/
function validateLocalHostname($hostname)
{
$pattern = '/^([a-zA-Z0-9\-])+$/i';
if (preg_match($pattern, $hostname)) {
return $hostname;
}
return false;
}

34
lib/functions/validate/function.validateEmail.php
View File

@@ -1,34 +0,0 @@
<?php
/**
* This file is part of the Froxlor project.
* Copyright (c) 2003-2009 the SysCP Team (see authors).
* Copyright (c) 2010 the Froxlor Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Florian Lippert <flo@syscp.org> (2003-2009)
* @author Froxlor team <team@froxlor.org> (2010-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Functions
*
*/
/**
* Returns if an emailaddress is in correct format or not
*
* @param string The email address to check
* @return bool Correct or not
* @author Florian Lippert <flo@syscp.org>
*
* @changes Backported regex from SysCP 1.3 (lib/classes/Syscp/Handler/Validation.class.php)
*/
function validateEmail($email)
{
$email = strtolower($email);
return filter_var($email, FILTER_VALIDATE_EMAIL);
}

95
lib/functions/validate/function.validatePassword.php
View File

@@ -1,95 +0,0 @@
<?php
/**
* This file is part of the Froxlor project.
* Copyright (c) 2010 the Froxlor Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Froxlor team <team@froxlor.org> (2010-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Functions
*
*/
/**
* Function validatePassword
*
* if password-min-length is set in settings
* we check against the length, if not matched
* an error message will be output and 'exit' is called
*
* @param string $password the password to validate
*
* @return string either the password or an errormessage+exit
*/
function validatePassword($password = null, $json_response = false) {
if (Settings::Get('panel.password_min_length') > 0) {
$password = validate(
$password,
Settings::Get('panel.password_min_length'),
'/^.{'.(int)Settings::Get('panel.password_min_length').',}$/D',
'notrequiredpasswordlength',
array(),
$json_response
);
}
if (Settings::Get('panel.password_regex') != '') {
$password = validate(
$password,
Settings::Get('panel.password_regex'),
Settings::Get('panel.password_regex'),
'notrequiredpasswordcomplexity',
array(),
$json_response
);
} else {
if (Settings::Get('panel.password_alpha_lower')) {
$password = validate(
$password,
'/.*[a-z]+.*/',
'/.*[a-z]+.*/',
'notrequiredpasswordcomplexity',
array(),
$json_response
);
}
if (Settings::Get('panel.password_alpha_upper')) {
$password = validate(
$password,
'/.*[A-Z]+.*/',
'/.*[A-Z]+.*/',
'notrequiredpasswordcomplexity',
array(),
$json_response
);
}
if (Settings::Get('panel.password_numeric')) {
$password = validate(
$password,
'/.*[0-9]+.*/',
'/.*[0-9]+.*/',
'notrequiredpasswordcomplexity',
array(),
$json_response
);
}
if (Settings::Get('panel.password_special_char_required')) {
$password = validate(
$password,
'/.*[' . preg_quote(Settings::Get('panel.password_special_char')) . ']+.*/',
'/.*[' . preg_quote(Settings::Get('panel.password_special_char')) . ']+.*/',
'notrequiredpasswordcomplexity',
array(),
$json_response
);
}
}
return $password;
}

84
lib/functions/validate/function.validatePasswordLogin.php
View File

@@ -1,84 +0,0 @@
<?php
/**
* This file is part of the Froxlor project.
* Copyright (c) 2010 the Froxlor Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Froxlor team <team@froxlor.org> (2010-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Functions
*
*/
/**
* Function validatePasswordLogin
*
* compare user password-hash with given user-password
* and check if they are the same
* additionally it updates the hash if the system settings changed
* or if the very old md5() sum is used
*
* @param array $userinfo user-data from table
* @param string $password the password to validate
* @param string $table either panel_customers or panel_admins
* @param string $uid user-id-field in $table
*
* @return boolean
*/
function validatePasswordLogin($userinfo = null, $password = null, $table = 'panel_customers', $uid = 'customerid') {
global $version;
$systype = 3; // SHA256
if (Settings::Get('system.passwordcryptfunc') !== null) {
$systype = (int)Settings::Get('system.passwordcryptfunc');
}
$pwd_hash = $userinfo['password'];
$update_hash = false;
// check for good'ole md5
if (strlen($pwd_hash) == 32 && ctype_xdigit($pwd_hash)) {
$pwd_check = md5($password);
$update_hash = true;
} else {
// cut out the salt from the hash
$pwd_salt = str_replace(substr(strrchr($pwd_hash, "$"), 1), "", $pwd_hash);
// create same hash to compare
$pwd_check = crypt($password, $pwd_salt);
// check whether the hash needs to be updated
$hash_type_chk = substr($pwd_hash, 0, 3);
if (($systype == 1 && $hash_type_chk != '$1$') || // MD5
($systype == 2 && $hash_type_chk != '$2$') || // BLOWFISH
($systype == 3 && $hash_type_chk != '$5$') || // SHA256
($systype == 4 && $hash_type_chk != '$6$') // SHA512
) {
$update_hash = true;
}
}
if ($pwd_hash == $pwd_check) {
// check for update of hash (only if our database is ready to handle the bigger string)
$is_ready = (version_compare2("0.9.33", $version) <= 0 ? true : false);
if ($update_hash && $is_ready) {
$upd_stmt = Database::prepare("
UPDATE " . $table . " SET `password` = :newpasswd WHERE `" . $uid . "` = :uid
");
$params = array (
'newpasswd' => \Froxlor\System\Crypt::makeCryptPassword($password),
'uid' => $userinfo[$uid]
);
Database::pexecute($upd_stmt, $params);
}
return true;
}
return false;
}

55
lib/functions/validate/function.validateSqlInterval.php
View File

@@ -1,55 +0,0 @@
<?php
/**
* This file is part of the Froxlor project.
* Copyright (c) 2010 the Froxlor Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Froxlor team <team@froxlor.org> (2010-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Functions
*
*/
function validateSqlInterval($interval = null)
{
if(!$interval === null || $interval != '')
{
if(strstr($interval, ' ') !== false)
{
/*
* [0] = ([0-9]+)
* [1] = valid SQL-Interval expression
*/
$valid_expr = array(
'SECOND',
'MINUTE',
'HOUR',
'DAY',
'WEEK',
'MONTH',
'YEAR'
);
$interval_parts = explode(' ', $interval);
if(is_array($interval_parts)
&& isset($interval_parts[0])
&& isset($interval_parts[1]))
{
if(preg_match('/([0-9]+)/i', $interval_parts[0]))
{
if(in_array(strtoupper($interval_parts[1]), $valid_expr))
{
return true;
}
}
}
}
}
return false;
}

74
lib/functions/validate/function.validateUrl.php
View File

@@ -1,74 +0,0 @@
<?php
/**
* This file is part of the Froxlor project.
* Copyright (c) 2003-2009 the SysCP Team (see authors).
* Copyright (c) 2010 the Froxlor Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Florian Lippert <flo@syscp.org> (2003-2009)
* @author Froxlor team <team@froxlor.org> (2010-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Functions
*
*/
/**
* Returns whether a URL is in a correct format or not
*
* @param
* string URL to be tested
* @return bool
* @author Christian Hoffmann
* @author Froxlor team <team@froxlor.org> (2010-)
*
*/
function validateUrl($url)
{
if (strtolower(substr($url, 0, 7)) != "http://" && strtolower(substr($url, 0, 8)) != "https://") {
$url = 'http://' . $url;
}
// needs converting
try {
$idna_convert = new idna_convert_wrapper();
$url = $idna_convert->encode($url);
} catch (Exception $e) {
return false;
}
$pattern = "/^https?:\/\/[a-zA-Z0-9\-\.]+\.[a-zA-Z]{2,4}(\:[0-9]+)?\/?(.+)?$/i";
if (preg_match($pattern, $url)) {
return true;
}
// not an fqdn
if (strtolower(substr($url, 0, 7)) == "http://" || strtolower(substr($url, 0, 8)) == "https://") {
if (strtolower(substr($url, 0, 7)) == "http://") {
$ip = strtolower(substr($url, 7));
}
if (strtolower(substr($url, 0, 8)) == "https://") {
$ip = strtolower(substr($url, 8));
}
$ip = substr($ip, 0, strpos($ip, '/'));
// possible : in IP (when a port is given), #1173
// but only if there actually IS ONE
if (strpos($ip, ':') !== false) {
$ip = substr($ip, 0, strpos($ip, ':'));
}
if (validate_ip($ip, true) !== false) {
return true;
} else {
return false;
}
} else {
return false;
}
}

40
lib/functions/validate/function.validateUsername.php
View File

@@ -1,40 +0,0 @@
<?php
/**
* This file is part of the Froxlor project.
* Copyright (c) 2003-2009 the SysCP Team (see authors).
* Copyright (c) 2010 the Froxlor Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Florian Lippert <flo@syscp.org> (2003-2009)
* @author Froxlor team <team@froxlor.org> (2010-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Functions
*
*/
/**
* Returns if an username is in correct format or not.
*
* @param string The username to check
* @return bool Correct or not
* @author Michael Duergner <michael@duergner.com>
*
*/
function validateUsername($username, $unix_names = 1, $mysql_max = '') {
if ($unix_names == 0) {
if (strpos($username, '--') === false) {
return (preg_match('/^[a-z][a-z0-9\-_]{0,' . (int)($mysql_max - 1) . '}[a-z0-9]{1}$/Di', $username) != false);
} else {
return false;
}
} else {
return (preg_match('/^[a-z][a-z0-9]{0,' . $mysql_max . '}$/Di', $username) != false);
}
}

97
lib/functions/validate/function.validate_ip.php
View File

@@ -1,97 +0,0 @@
<?php
/**
* This file is part of the Froxlor project.
* Copyright (c) 2003-2009 the SysCP Team (see authors).
* Copyright (c) 2010 the Froxlor Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Florian Lippert <flo@syscp.org> (2003-2009)
* @author Froxlor team <team@froxlor.org> (2010-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Functions
*
*/
/**
* Checks whether it is a valid ip
*
* @return mixed ip address on success, standard_error on failure
* @deprecated use validate_ip2
*/
function validate_ip($ip, $return_bool = false, $lng = 'invalidip', $throw_exception = false) {
if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) === false
&& filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) === false
&& filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_RES_RANGE) === false
) {
if ($return_bool) {
return false;
} else {
standard_error($lng, $ip, $throw_exception);
exit();
}
} else {
return $ip;
}
}
/**
* Checks whether it is a valid ip
*
* @param string $ip ip-address to check
* @param bool $return_bool whether to return bool or call standard_error()
* @param string $lng index for error-message (if $return_bool is false)
* @param bool $allow_localhost whether to allow 127.0.0.1
* @param bool $allow_priv whether to allow private network addresses
* @param bool $allow_cidr whether to allow CIDR values e.g. 10.10.10.10/16
*
* @return string|bool ip address on success, false on failure
*/
function validate_ip2($ip, $return_bool = false, $lng = 'invalidip', $allow_localhost = false, $allow_priv = false, $allow_cidr = false, $throw_exception = false) {
$cidr = "";
if ($allow_cidr) {
$org_ip = $ip;
$ip_cidr = explode("/", $ip);
if (count($ip_cidr) == 2) {
$ip = $ip_cidr[0];
$cidr = "/".$ip_cidr[1];
} else {
$ip = $org_ip;
}
} elseif (strpos($ip, "/") !== false) {
if ($return_bool) {
return false;
} else {
standard_error($lng, $ip, $throw_exception);
exit();
}
}
$filter_lan = $allow_priv ? FILTER_FLAG_NO_RES_RANGE : (FILTER_FLAG_NO_RES_RANGE | FILTER_FLAG_NO_PRIV_RANGE);
if ((filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)
|| filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4))
&& filter_var($ip, FILTER_VALIDATE_IP, $filter_lan)
) {
return $ip.$cidr;
}
// special case where localhost ip is allowed (mysql-access-hosts for example)
if ($allow_localhost && $ip == '127.0.0.1') {
return $ip.$cidr;
}
if ($return_bool) {
return false;
} else {
standard_error($lng, $ip, $throw_exception);
exit();
}
}