more phpdoc in DirOptions and DirProtections
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann
@@ -18,6 +18,23 @@
|
||||
class DirProtections extends ApiCommand implements ResourceEntity
|
||||
{
|
||||
|
||||
/**
|
||||
* add htaccess protection to a given directory
|
||||
*
|
||||
* @param int $customerid
|
||||
* optional, admin-only, the customer-id
|
||||
* @param string $loginname
|
||||
* optional, admin-only, the loginname
|
||||
* @param string $path
|
||||
* @param string $username
|
||||
* @param string $directory_password
|
||||
* @param string $directory_authname
|
||||
* optional name/description for the protection
|
||||
*
|
||||
* @access admin, customer
|
||||
* @throws Exception
|
||||
* @return array
|
||||
*/
|
||||
public function add()
|
||||
{
|
||||
if ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'extras')) {
|
||||
@@ -26,25 +43,25 @@ class DirProtections extends ApiCommand implements ResourceEntity
|
||||
if ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'extras.directoryprotection')) {
|
||||
throw new Exception("You cannot access this resource", 405);
|
||||
}
|
||||
|
||||
|
||||
// get needed customer info to reduce the email-address-counter by one
|
||||
$customer = $this->getCustomerData();
|
||||
|
||||
|
||||
// required parameters
|
||||
$path = $this->getParam('path');
|
||||
$username = $this->getParam('username');
|
||||
$password = $this->getParam('directory_password');
|
||||
|
||||
|
||||
// parameters
|
||||
$authname = $this->getParam('directory_authname', true, '');
|
||||
|
||||
|
||||
// validation
|
||||
$path = makeCorrectDir(validate($path, 'path', '', '', array(), true));
|
||||
$path = makeCorrectDir($customer['documentroot'] . '/' . $path);
|
||||
$username = validate($username, 'username', '/^[a-zA-Z0-9][a-zA-Z0-9\-_]+\$?$/', '', array(), true);
|
||||
$authname = validate($authname, 'directory_authname', '/^[a-zA-Z0-9][a-zA-Z0-9\-_ ]+\$?$/', '', array(), true);
|
||||
validate($password, 'password', '', '', array(), true);
|
||||
|
||||
|
||||
// check for duplicate usernames for the path
|
||||
$username_path_check_stmt = Database::prepare("
|
||||
SELECT `id`, `username`, `path` FROM `" . TABLE_PANEL_HTPASSWDS . "`
|
||||
@@ -56,7 +73,7 @@ class DirProtections extends ApiCommand implements ResourceEntity
|
||||
"customerid" => $customer['customerid']
|
||||
);
|
||||
$username_path_check = Database::pexecute_first($username_path_check_stmt, $params, true, true);
|
||||
|
||||
|
||||
// check whether we can used salted passwords
|
||||
if (CRYPT_STD_DES == 1) {
|
||||
$saltfordescrypt = substr(md5(uniqid(microtime(), 1)), 4, 2);
|
||||
@@ -64,14 +81,14 @@ class DirProtections extends ApiCommand implements ResourceEntity
|
||||
} else {
|
||||
$password_enc = crypt($password);
|
||||
}
|
||||
|
||||
|
||||
// duplicate check
|
||||
if ($username_path_check['username'] == $username && $username_path_check['path'] == $path) {
|
||||
standard_error('userpathcombinationdupe', '', true);
|
||||
} elseif ($password == $username) {
|
||||
standard_error('passwordshouldnotbeusername', '', true);
|
||||
}
|
||||
|
||||
|
||||
// insert the entry
|
||||
$stmt = Database::prepare("
|
||||
INSERT INTO `" . TABLE_PANEL_HTPASSWDS . "` SET
|
||||
@@ -92,7 +109,7 @@ class DirProtections extends ApiCommand implements ResourceEntity
|
||||
$id = Database::lastInsertId();
|
||||
$this->logger()->logAction($this->isAdmin() ? ADM_ACTION : USR_ACTION, LOG_INFO, "[API] added directory-protection for '" . $username . " (" . $path . ")'");
|
||||
inserttask('1');
|
||||
|
||||
|
||||
$result = $this->apiCall('DirProtections.get', array(
|
||||
'id' => $id
|
||||
));
|
||||
@@ -103,7 +120,7 @@ class DirProtections extends ApiCommand implements ResourceEntity
|
||||
* return a directory-protection entry by either id or username
|
||||
*
|
||||
* @param int $id
|
||||
* optional, the customer-id
|
||||
* optional, the entry-id
|
||||
* @param string $username
|
||||
* optional, the username
|
||||
*
|
||||
@@ -116,11 +133,11 @@ class DirProtections extends ApiCommand implements ResourceEntity
|
||||
if ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'extras')) {
|
||||
throw new Exception("You cannot access this resource", 405);
|
||||
}
|
||||
|
||||
|
||||
$id = $this->getParam('id', true, 0);
|
||||
$un_optional = ($id <= 0 ? false : true);
|
||||
$username = $this->getParam('username', $un_optional, '');
|
||||
|
||||
|
||||
$params = array();
|
||||
if ($this->isAdmin()) {
|
||||
if ($this->getUserDetail('customers_see_all') == false) {
|
||||
@@ -134,7 +151,7 @@ class DirProtections extends ApiCommand implements ResourceEntity
|
||||
}
|
||||
$result_stmt = Database::prepare("
|
||||
SELECT * FROM `" . TABLE_PANEL_HTPASSWDS . "`
|
||||
WHERE `customerid` IN (".implode(", ", $customer_ids).")
|
||||
WHERE `customerid` IN (" . implode(", ", $customer_ids) . ")
|
||||
AND (`id` = :idun OR `username` = :idun)
|
||||
");
|
||||
} else {
|
||||
@@ -164,30 +181,50 @@ class DirProtections extends ApiCommand implements ResourceEntity
|
||||
throw new Exception("Directory protection with " . $key . " could not be found", 404);
|
||||
}
|
||||
|
||||
/**
|
||||
* update htaccess protection of a given directory
|
||||
*
|
||||
* @param int $id
|
||||
* optional, the entry-id
|
||||
* @param string $username
|
||||
* optional, the username
|
||||
* @param int $customerid
|
||||
* optional, admin-only, the customer-id
|
||||
* @param string $loginname
|
||||
* optional, admin-only, the loginname
|
||||
* @param string $directory_password
|
||||
* optional, leave empty for no change
|
||||
* @param string $directory_authname
|
||||
* optional name/description for the protection
|
||||
*
|
||||
* @access admin, customer
|
||||
* @throws Exception
|
||||
* @return array
|
||||
*/
|
||||
public function update()
|
||||
{
|
||||
$id = $this->getParam('id', true, 0);
|
||||
$un_optional = ($id <= 0 ? false : true);
|
||||
$username = $this->getParam('username', $un_optional, '');
|
||||
|
||||
|
||||
// validation
|
||||
$result = $this->apiCall('DirProtections.get', array(
|
||||
'id' => $id,
|
||||
'username' => $username
|
||||
));
|
||||
$id = $result['id'];
|
||||
|
||||
|
||||
// parameters
|
||||
$password = $this->getParam('directory_password', true, '');
|
||||
$authname = $this->getParam('directory_authname', true, $result['authname']);
|
||||
|
||||
|
||||
// get needed customer info
|
||||
$customer = $this->getCustomerData();
|
||||
|
||||
|
||||
// validation
|
||||
$authname = validate($authname, 'directory_authname', '/^[a-zA-Z0-9][a-zA-Z0-9\-_ ]+\$?$/', '', array(), true);
|
||||
validate($password, 'password', '', '', array(), true);
|
||||
|
||||
|
||||
$upd_query = "";
|
||||
$upd_params = array(
|
||||
"id" => $result['id'],
|
||||
@@ -213,7 +250,7 @@ class DirProtections extends ApiCommand implements ResourceEntity
|
||||
$upd_query .= "`authname` = :authname";
|
||||
$upd_params['authname'] = $authname;
|
||||
}
|
||||
|
||||
|
||||
// build update query
|
||||
if (! empty($upd_query)) {
|
||||
$upd_stmt = Database::prepare("
|
||||
@@ -222,7 +259,7 @@ class DirProtections extends ApiCommand implements ResourceEntity
|
||||
Database::pexecute($upd_stmt, $upd_params, true, true);
|
||||
inserttask('1');
|
||||
}
|
||||
|
||||
|
||||
$this->logger()->logAction($this->isAdmin() ? ADM_ACTION : USR_ACTION, LOG_INFO, "[API] updated directory-protection '" . $result['username'] . " (" . $result['path'] . ")'");
|
||||
$result = $this->apiCall('DirProtections.get', array(
|
||||
'id' => $result['id']
|
||||
@@ -248,11 +285,11 @@ class DirProtections extends ApiCommand implements ResourceEntity
|
||||
throw new Exception("You cannot access this resource", 405);
|
||||
}
|
||||
$customer_ids = $this->getAllowedCustomerIds('extras.directoryprotection');
|
||||
|
||||
|
||||
$result = array();
|
||||
$result_stmt = Database::prepare("
|
||||
SELECT * FROM `" . TABLE_PANEL_HTPASSWDS . "`
|
||||
WHERE `customerid` IN (".implode(', ', $customer_ids).")
|
||||
WHERE `customerid` IN (" . implode(', ', $customer_ids) . ")
|
||||
");
|
||||
Database::pexecute($result_stmt, null, true, true);
|
||||
while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
|
||||
@@ -282,22 +319,22 @@ class DirProtections extends ApiCommand implements ResourceEntity
|
||||
if ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'extras')) {
|
||||
throw new Exception("You cannot access this resource", 405);
|
||||
}
|
||||
|
||||
|
||||
$id = $this->getParam('id', true, 0);
|
||||
$un_optional = ($id <= 0 ? false : true);
|
||||
$username = $this->getParam('username', $un_optional, '');
|
||||
|
||||
|
||||
if ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'extras.directoryprotection')) {
|
||||
throw new Exception("You cannot access this resource", 405);
|
||||
}
|
||||
|
||||
|
||||
// get directory protection
|
||||
$result = $this->apiCall('DirProtections.get', array(
|
||||
'id' => $id,
|
||||
'username' => $username
|
||||
));
|
||||
$id = $result['id'];
|
||||
|
||||
|
||||
if ($this->isAdmin()) {
|
||||
// get customer-data
|
||||
$customer_data = $this->apiCall('Customers.get', array(
|
||||
@@ -306,7 +343,7 @@ class DirProtections extends ApiCommand implements ResourceEntity
|
||||
} else {
|
||||
$customer_data = $this->getUserData();
|
||||
}
|
||||
|
||||
|
||||
$stmt = Database::prepare("
|
||||
DELETE FROM `" . TABLE_PANEL_HTPASSWDS . "` WHERE `customerid`= :customerid AND `id`= :id
|
||||
");
|
||||
@@ -314,7 +351,7 @@ class DirProtections extends ApiCommand implements ResourceEntity
|
||||
"customerid" => $customer_data['customerid'],
|
||||
"id" => $id
|
||||
));
|
||||
|
||||
|
||||
$this->logger()->logAction($this->isAdmin() ? ADM_ACTION : USR_ACTION, LOG_INFO, "[API] deleted htpasswd for '" . $result['username'] . " (" . $result['path'] . ")'");
|
||||
inserttask('1');
|
||||
return $this->response(200, "successfull", $result);
|
||||
|
||||
Reference in New Issue
Block a user