more phpdoc in DirOptions and DirProtections
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann
@@ -18,6 +18,30 @@
|
|||||||
class DirOptions extends ApiCommand implements ResourceEntity
|
class DirOptions extends ApiCommand implements ResourceEntity
|
||||||
{
|
{
|
||||||
|
|
||||||
|
/**
|
||||||
|
* add options for a given directory
|
||||||
|
*
|
||||||
|
* @param int $customerid
|
||||||
|
* optional, admin-only, the customer-id
|
||||||
|
* @param string $loginname
|
||||||
|
* optional, admin-only, the loginname
|
||||||
|
* @param string $path
|
||||||
|
* path relative to the customer's home-Directory
|
||||||
|
* @param bool $options_indexes
|
||||||
|
* optional, activate directory-listing for this path, default 0 (false)
|
||||||
|
* @param bool $options_cgi
|
||||||
|
* optional, allow Perl/CGI execution, default 0 (false)
|
||||||
|
* @param string $error404path
|
||||||
|
* optional, custom 404 error string/file
|
||||||
|
* @param string $error403path
|
||||||
|
* optional, custom 403 error string/file
|
||||||
|
* @param string $error500path
|
||||||
|
* optional, custom 500 error string/file
|
||||||
|
*
|
||||||
|
* @access admin, customer
|
||||||
|
* @throws Exception
|
||||||
|
* @return array
|
||||||
|
*/
|
||||||
public function add()
|
public function add()
|
||||||
{
|
{
|
||||||
if ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'extras')) {
|
if ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'extras')) {
|
||||||
@@ -26,49 +50,49 @@ class DirOptions extends ApiCommand implements ResourceEntity
|
|||||||
if ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'extras.pathoptions')) {
|
if ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'extras.pathoptions')) {
|
||||||
throw new Exception("You cannot access this resource", 405);
|
throw new Exception("You cannot access this resource", 405);
|
||||||
}
|
}
|
||||||
|
|
||||||
// get needed customer info to reduce the email-address-counter by one
|
// get needed customer info to reduce the email-address-counter by one
|
||||||
$customer = $this->getCustomerData();
|
$customer = $this->getCustomerData();
|
||||||
|
|
||||||
// required parameters
|
// required parameters
|
||||||
$path = $this->getParam('path');
|
$path = $this->getParam('path');
|
||||||
|
|
||||||
// parameters
|
// parameters
|
||||||
$options_indexes = $this->getParam('options_indexes', true, 0);
|
$options_indexes = $this->getParam('options_indexes', true, 0);
|
||||||
$options_cgi = $this->getParam('options_cgi', true, 0);
|
$options_cgi = $this->getParam('options_cgi', true, 0);
|
||||||
$error404path = $this->getParam('error404path', true, '');
|
$error404path = $this->getParam('error404path', true, '');
|
||||||
$error403path = $this->getParam('error403path', true, '');
|
$error403path = $this->getParam('error403path', true, '');
|
||||||
$error500path = $this->getParam('error500path', true, '');
|
$error500path = $this->getParam('error500path', true, '');
|
||||||
|
|
||||||
// validation
|
// validation
|
||||||
$path = makeCorrectDir(validate($path, 'path', '', '', array(), true));
|
$path = makeCorrectDir(validate($path, 'path', '', '', array(), true));
|
||||||
$userpath = $path;
|
$userpath = $path;
|
||||||
$path = makeCorrectDir($customer['documentroot'] . '/' . $path);
|
$path = makeCorrectDir($customer['documentroot'] . '/' . $path);
|
||||||
|
|
||||||
if ($options_indexes != 0) {
|
if ($options_indexes != 0) {
|
||||||
$options_indexes = '1';
|
$options_indexes = '1';
|
||||||
} else {
|
} else {
|
||||||
$options_indexes = '0';
|
$options_indexes = '0';
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($options_cgi != 0) {
|
if ($options_cgi != 0) {
|
||||||
$options_cgi = '1';
|
$options_cgi = '1';
|
||||||
} else {
|
} else {
|
||||||
$options_cgi = '0';
|
$options_cgi = '0';
|
||||||
}
|
}
|
||||||
|
|
||||||
if (! empty($error404path)) {
|
if (! empty($error404path)) {
|
||||||
$error404path = correctErrorDocument($error404path, true);
|
$error404path = correctErrorDocument($error404path, true);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (! empty($error403path)) {
|
if (! empty($error403path)) {
|
||||||
$error403path = correctErrorDocument($error403path, true);
|
$error403path = correctErrorDocument($error403path, true);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (! empty($error500path)) {
|
if (! empty($error500path)) {
|
||||||
$error500path = correctErrorDocument($error500path, true);
|
$error500path = correctErrorDocument($error500path, true);
|
||||||
}
|
}
|
||||||
|
|
||||||
// check for duplicate path
|
// check for duplicate path
|
||||||
$path_dupe_check_stmt = Database::prepare("
|
$path_dupe_check_stmt = Database::prepare("
|
||||||
SELECT `id`, `path` FROM `" . TABLE_PANEL_HTACCESS . "`
|
SELECT `id`, `path` FROM `" . TABLE_PANEL_HTACCESS . "`
|
||||||
@@ -78,12 +102,12 @@ class DirOptions extends ApiCommand implements ResourceEntity
|
|||||||
"path" => $path,
|
"path" => $path,
|
||||||
"customerid" => $customer['customerid']
|
"customerid" => $customer['customerid']
|
||||||
), true, true);
|
), true, true);
|
||||||
|
|
||||||
// duplicate check
|
// duplicate check
|
||||||
if ($path_dupe_check['path'] == $path) {
|
if ($path_dupe_check['path'] == $path) {
|
||||||
standard_error('errordocpathdupe', $userpath, true);
|
standard_error('errordocpathdupe', $userpath, true);
|
||||||
}
|
}
|
||||||
|
|
||||||
// insert the entry
|
// insert the entry
|
||||||
$stmt = Database::prepare('
|
$stmt = Database::prepare('
|
||||||
INSERT INTO `' . TABLE_PANEL_HTACCESS . '` SET
|
INSERT INTO `' . TABLE_PANEL_HTACCESS . '` SET
|
||||||
@@ -108,7 +132,7 @@ class DirOptions extends ApiCommand implements ResourceEntity
|
|||||||
$id = Database::lastInsertId();
|
$id = Database::lastInsertId();
|
||||||
$this->logger()->logAction($this->isAdmin() ? ADM_ACTION : USR_ACTION, LOG_INFO, "[API] added directory-option for '" . $userpath . "'");
|
$this->logger()->logAction($this->isAdmin() ? ADM_ACTION : USR_ACTION, LOG_INFO, "[API] added directory-option for '" . $userpath . "'");
|
||||||
inserttask('1');
|
inserttask('1');
|
||||||
|
|
||||||
$result = $this->apiCall('DirOptions.get', array(
|
$result = $this->apiCall('DirOptions.get', array(
|
||||||
'id' => $id
|
'id' => $id
|
||||||
));
|
));
|
||||||
@@ -116,12 +140,10 @@ class DirOptions extends ApiCommand implements ResourceEntity
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* return a directory-protection entry by either id or username
|
* return a directory-protection entry by id
|
||||||
*
|
*
|
||||||
* @param int $id
|
* @param int $id
|
||||||
* optional, the customer-id
|
* id of dir-protection entry
|
||||||
* @param string $username
|
|
||||||
* optional, the username
|
|
||||||
*
|
*
|
||||||
* @access admin, customer
|
* @access admin, customer
|
||||||
* @throws Exception
|
* @throws Exception
|
||||||
@@ -132,9 +154,9 @@ class DirOptions extends ApiCommand implements ResourceEntity
|
|||||||
if ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'extras')) {
|
if ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'extras')) {
|
||||||
throw new Exception("You cannot access this resource", 405);
|
throw new Exception("You cannot access this resource", 405);
|
||||||
}
|
}
|
||||||
|
|
||||||
$id = $this->getParam('id', true, 0);
|
$id = $this->getParam('id', true, 0);
|
||||||
|
|
||||||
$params = array();
|
$params = array();
|
||||||
if ($this->isAdmin()) {
|
if ($this->isAdmin()) {
|
||||||
if ($this->getUserDetail('customers_see_all') == false) {
|
if ($this->getUserDetail('customers_see_all') == false) {
|
||||||
@@ -148,7 +170,7 @@ class DirOptions extends ApiCommand implements ResourceEntity
|
|||||||
}
|
}
|
||||||
$result_stmt = Database::prepare("
|
$result_stmt = Database::prepare("
|
||||||
SELECT * FROM `" . TABLE_PANEL_HTACCESS . "`
|
SELECT * FROM `" . TABLE_PANEL_HTACCESS . "`
|
||||||
WHERE `customerid` IN (".implode(", ", $customer_ids).")
|
WHERE `customerid` IN (" . implode(", ", $customer_ids) . ")
|
||||||
AND `id` = :id
|
AND `id` = :id
|
||||||
");
|
");
|
||||||
} else {
|
} else {
|
||||||
@@ -178,49 +200,73 @@ class DirOptions extends ApiCommand implements ResourceEntity
|
|||||||
throw new Exception("Directory option with " . $key . " could not be found", 404);
|
throw new Exception("Directory option with " . $key . " could not be found", 404);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* update options for a given directory by id
|
||||||
|
*
|
||||||
|
* @param int $id
|
||||||
|
* id of dir-protection entry
|
||||||
|
* @param int $customerid
|
||||||
|
* optional, admin-only, the customer-id
|
||||||
|
* @param string $loginname
|
||||||
|
* optional, admin-only, the loginname
|
||||||
|
* @param bool $options_indexes
|
||||||
|
* optional, activate directory-listing for this path, default 0 (false)
|
||||||
|
* @param bool $options_cgi
|
||||||
|
* optional, allow Perl/CGI execution, default 0 (false)
|
||||||
|
* @param string $error404path
|
||||||
|
* optional, custom 404 error string/file
|
||||||
|
* @param string $error403path
|
||||||
|
* optional, custom 403 error string/file
|
||||||
|
* @param string $error500path
|
||||||
|
* optional, custom 500 error string/file
|
||||||
|
*
|
||||||
|
* @access admin, customer
|
||||||
|
* @throws Exception
|
||||||
|
* @return array
|
||||||
|
*/
|
||||||
public function update()
|
public function update()
|
||||||
{
|
{
|
||||||
$id = $this->getParam('id', true, 0);
|
$id = $this->getParam('id', true, 0);
|
||||||
|
|
||||||
// validation
|
// validation
|
||||||
$result = $this->apiCall('DirOptions.get', array(
|
$result = $this->apiCall('DirOptions.get', array(
|
||||||
'id' => $id
|
'id' => $id
|
||||||
));
|
));
|
||||||
|
|
||||||
// get needed customer info to reduce the email-address-counter by one
|
// get needed customer info to reduce the email-address-counter by one
|
||||||
$customer = $this->getCustomerData();
|
$customer = $this->getCustomerData();
|
||||||
|
|
||||||
// parameters
|
// parameters
|
||||||
$options_indexes = $this->getParam('options_indexes', true, $result['options_indexes']);
|
$options_indexes = $this->getParam('options_indexes', true, $result['options_indexes']);
|
||||||
$options_cgi = $this->getParam('options_cgi', true, $result['options_cgi']);
|
$options_cgi = $this->getParam('options_cgi', true, $result['options_cgi']);
|
||||||
$error404path = $this->getParam('error404path', true, $result['error404path']);
|
$error404path = $this->getParam('error404path', true, $result['error404path']);
|
||||||
$error403path = $this->getParam('error403path', true, $result['error403path']);
|
$error403path = $this->getParam('error403path', true, $result['error403path']);
|
||||||
$error500path = $this->getParam('error500path', true, $result['error500path']);
|
$error500path = $this->getParam('error500path', true, $result['error500path']);
|
||||||
|
|
||||||
if ($options_indexes != 0) {
|
if ($options_indexes != 0) {
|
||||||
$options_indexes = '1';
|
$options_indexes = '1';
|
||||||
} else {
|
} else {
|
||||||
$options_indexes = '0';
|
$options_indexes = '0';
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($options_cgi != 0) {
|
if ($options_cgi != 0) {
|
||||||
$options_cgi = '1';
|
$options_cgi = '1';
|
||||||
} else {
|
} else {
|
||||||
$options_cgi = '0';
|
$options_cgi = '0';
|
||||||
}
|
}
|
||||||
|
|
||||||
if (! empty($error404path)) {
|
if (! empty($error404path)) {
|
||||||
$error404path = correctErrorDocument($error404path, true);
|
$error404path = correctErrorDocument($error404path, true);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (! empty($error403path)) {
|
if (! empty($error403path)) {
|
||||||
$error403path = correctErrorDocument($error403path, true);
|
$error403path = correctErrorDocument($error403path, true);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (! empty($error500path)) {
|
if (! empty($error500path)) {
|
||||||
$error500path = correctErrorDocument($error500path, true);
|
$error500path = correctErrorDocument($error500path, true);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (($options_indexes != $result['options_indexes']) || ($error404path != $result['error404path']) || ($error403path != $result['error403path']) || ($error500path != $result['error500path']) || ($options_cgi != $result['options_cgi'])) {
|
if (($options_indexes != $result['options_indexes']) || ($error404path != $result['error404path']) || ($error403path != $result['error403path']) || ($error500path != $result['error500path']) || ($options_cgi != $result['options_cgi'])) {
|
||||||
inserttask('1');
|
inserttask('1');
|
||||||
$stmt = Database::prepare("
|
$stmt = Database::prepare("
|
||||||
@@ -245,7 +291,7 @@ class DirOptions extends ApiCommand implements ResourceEntity
|
|||||||
Database::pexecute($stmt, $params, true, true);
|
Database::pexecute($stmt, $params, true, true);
|
||||||
$this->logger()->logAction($this->isAdmin() ? ADM_ACTION : USR_ACTION, LOG_INFO, "[API] edited directory options for '" . str_replace($customer['documentroot'], '/', $result['path']) . "'");
|
$this->logger()->logAction($this->isAdmin() ? ADM_ACTION : USR_ACTION, LOG_INFO, "[API] edited directory options for '" . str_replace($customer['documentroot'], '/', $result['path']) . "'");
|
||||||
}
|
}
|
||||||
|
|
||||||
$result = $this->apiCall('DirOptions.get', array(
|
$result = $this->apiCall('DirOptions.get', array(
|
||||||
'id' => $id
|
'id' => $id
|
||||||
));
|
));
|
||||||
@@ -270,11 +316,11 @@ class DirOptions extends ApiCommand implements ResourceEntity
|
|||||||
throw new Exception("You cannot access this resource", 405);
|
throw new Exception("You cannot access this resource", 405);
|
||||||
}
|
}
|
||||||
$customer_ids = $this->getAllowedCustomerIds('extras.pathoptions');
|
$customer_ids = $this->getAllowedCustomerIds('extras.pathoptions');
|
||||||
|
|
||||||
$result = array();
|
$result = array();
|
||||||
$result_stmt = Database::prepare("
|
$result_stmt = Database::prepare("
|
||||||
SELECT * FROM `" . TABLE_PANEL_HTACCESS . "`
|
SELECT * FROM `" . TABLE_PANEL_HTACCESS . "`
|
||||||
WHERE `customerid` IN (".implode(', ', $customer_ids).")
|
WHERE `customerid` IN (" . implode(', ', $customer_ids) . ")
|
||||||
");
|
");
|
||||||
Database::pexecute($result_stmt, null, true, true);
|
Database::pexecute($result_stmt, null, true, true);
|
||||||
while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
|
while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
|
||||||
@@ -302,18 +348,18 @@ class DirOptions extends ApiCommand implements ResourceEntity
|
|||||||
if ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'extras')) {
|
if ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'extras')) {
|
||||||
throw new Exception("You cannot access this resource", 405);
|
throw new Exception("You cannot access this resource", 405);
|
||||||
}
|
}
|
||||||
|
|
||||||
$id = $this->getParam('id');
|
$id = $this->getParam('id');
|
||||||
|
|
||||||
if ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'extras.pathoptions')) {
|
if ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'extras.pathoptions')) {
|
||||||
throw new Exception("You cannot access this resource", 405);
|
throw new Exception("You cannot access this resource", 405);
|
||||||
}
|
}
|
||||||
|
|
||||||
// get directory-option
|
// get directory-option
|
||||||
$result = $this->apiCall('DirOptions.get', array(
|
$result = $this->apiCall('DirOptions.get', array(
|
||||||
'id' => $id
|
'id' => $id
|
||||||
));
|
));
|
||||||
|
|
||||||
if ($this->isAdmin()) {
|
if ($this->isAdmin()) {
|
||||||
// get customer-data
|
// get customer-data
|
||||||
$customer_data = $this->apiCall('Customers.get', array(
|
$customer_data = $this->apiCall('Customers.get', array(
|
||||||
@@ -322,7 +368,7 @@ class DirOptions extends ApiCommand implements ResourceEntity
|
|||||||
} else {
|
} else {
|
||||||
$customer_data = $this->getUserData();
|
$customer_data = $this->getUserData();
|
||||||
}
|
}
|
||||||
|
|
||||||
// do we have to remove the symlink and folder in suexecpath?
|
// do we have to remove the symlink and folder in suexecpath?
|
||||||
if ((int) Settings::Get('perl.suexecworkaround') == 1) {
|
if ((int) Settings::Get('perl.suexecworkaround') == 1) {
|
||||||
$loginname = $customer_data['loginname'];
|
$loginname = $customer_data['loginname'];
|
||||||
|
|||||||
@@ -18,6 +18,23 @@
|
|||||||
class DirProtections extends ApiCommand implements ResourceEntity
|
class DirProtections extends ApiCommand implements ResourceEntity
|
||||||
{
|
{
|
||||||
|
|
||||||
|
/**
|
||||||
|
* add htaccess protection to a given directory
|
||||||
|
*
|
||||||
|
* @param int $customerid
|
||||||
|
* optional, admin-only, the customer-id
|
||||||
|
* @param string $loginname
|
||||||
|
* optional, admin-only, the loginname
|
||||||
|
* @param string $path
|
||||||
|
* @param string $username
|
||||||
|
* @param string $directory_password
|
||||||
|
* @param string $directory_authname
|
||||||
|
* optional name/description for the protection
|
||||||
|
*
|
||||||
|
* @access admin, customer
|
||||||
|
* @throws Exception
|
||||||
|
* @return array
|
||||||
|
*/
|
||||||
public function add()
|
public function add()
|
||||||
{
|
{
|
||||||
if ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'extras')) {
|
if ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'extras')) {
|
||||||
@@ -26,25 +43,25 @@ class DirProtections extends ApiCommand implements ResourceEntity
|
|||||||
if ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'extras.directoryprotection')) {
|
if ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'extras.directoryprotection')) {
|
||||||
throw new Exception("You cannot access this resource", 405);
|
throw new Exception("You cannot access this resource", 405);
|
||||||
}
|
}
|
||||||
|
|
||||||
// get needed customer info to reduce the email-address-counter by one
|
// get needed customer info to reduce the email-address-counter by one
|
||||||
$customer = $this->getCustomerData();
|
$customer = $this->getCustomerData();
|
||||||
|
|
||||||
// required parameters
|
// required parameters
|
||||||
$path = $this->getParam('path');
|
$path = $this->getParam('path');
|
||||||
$username = $this->getParam('username');
|
$username = $this->getParam('username');
|
||||||
$password = $this->getParam('directory_password');
|
$password = $this->getParam('directory_password');
|
||||||
|
|
||||||
// parameters
|
// parameters
|
||||||
$authname = $this->getParam('directory_authname', true, '');
|
$authname = $this->getParam('directory_authname', true, '');
|
||||||
|
|
||||||
// validation
|
// validation
|
||||||
$path = makeCorrectDir(validate($path, 'path', '', '', array(), true));
|
$path = makeCorrectDir(validate($path, 'path', '', '', array(), true));
|
||||||
$path = makeCorrectDir($customer['documentroot'] . '/' . $path);
|
$path = makeCorrectDir($customer['documentroot'] . '/' . $path);
|
||||||
$username = validate($username, 'username', '/^[a-zA-Z0-9][a-zA-Z0-9\-_]+\$?$/', '', array(), true);
|
$username = validate($username, 'username', '/^[a-zA-Z0-9][a-zA-Z0-9\-_]+\$?$/', '', array(), true);
|
||||||
$authname = validate($authname, 'directory_authname', '/^[a-zA-Z0-9][a-zA-Z0-9\-_ ]+\$?$/', '', array(), true);
|
$authname = validate($authname, 'directory_authname', '/^[a-zA-Z0-9][a-zA-Z0-9\-_ ]+\$?$/', '', array(), true);
|
||||||
validate($password, 'password', '', '', array(), true);
|
validate($password, 'password', '', '', array(), true);
|
||||||
|
|
||||||
// check for duplicate usernames for the path
|
// check for duplicate usernames for the path
|
||||||
$username_path_check_stmt = Database::prepare("
|
$username_path_check_stmt = Database::prepare("
|
||||||
SELECT `id`, `username`, `path` FROM `" . TABLE_PANEL_HTPASSWDS . "`
|
SELECT `id`, `username`, `path` FROM `" . TABLE_PANEL_HTPASSWDS . "`
|
||||||
@@ -56,7 +73,7 @@ class DirProtections extends ApiCommand implements ResourceEntity
|
|||||||
"customerid" => $customer['customerid']
|
"customerid" => $customer['customerid']
|
||||||
);
|
);
|
||||||
$username_path_check = Database::pexecute_first($username_path_check_stmt, $params, true, true);
|
$username_path_check = Database::pexecute_first($username_path_check_stmt, $params, true, true);
|
||||||
|
|
||||||
// check whether we can used salted passwords
|
// check whether we can used salted passwords
|
||||||
if (CRYPT_STD_DES == 1) {
|
if (CRYPT_STD_DES == 1) {
|
||||||
$saltfordescrypt = substr(md5(uniqid(microtime(), 1)), 4, 2);
|
$saltfordescrypt = substr(md5(uniqid(microtime(), 1)), 4, 2);
|
||||||
@@ -64,14 +81,14 @@ class DirProtections extends ApiCommand implements ResourceEntity
|
|||||||
} else {
|
} else {
|
||||||
$password_enc = crypt($password);
|
$password_enc = crypt($password);
|
||||||
}
|
}
|
||||||
|
|
||||||
// duplicate check
|
// duplicate check
|
||||||
if ($username_path_check['username'] == $username && $username_path_check['path'] == $path) {
|
if ($username_path_check['username'] == $username && $username_path_check['path'] == $path) {
|
||||||
standard_error('userpathcombinationdupe', '', true);
|
standard_error('userpathcombinationdupe', '', true);
|
||||||
} elseif ($password == $username) {
|
} elseif ($password == $username) {
|
||||||
standard_error('passwordshouldnotbeusername', '', true);
|
standard_error('passwordshouldnotbeusername', '', true);
|
||||||
}
|
}
|
||||||
|
|
||||||
// insert the entry
|
// insert the entry
|
||||||
$stmt = Database::prepare("
|
$stmt = Database::prepare("
|
||||||
INSERT INTO `" . TABLE_PANEL_HTPASSWDS . "` SET
|
INSERT INTO `" . TABLE_PANEL_HTPASSWDS . "` SET
|
||||||
@@ -92,7 +109,7 @@ class DirProtections extends ApiCommand implements ResourceEntity
|
|||||||
$id = Database::lastInsertId();
|
$id = Database::lastInsertId();
|
||||||
$this->logger()->logAction($this->isAdmin() ? ADM_ACTION : USR_ACTION, LOG_INFO, "[API] added directory-protection for '" . $username . " (" . $path . ")'");
|
$this->logger()->logAction($this->isAdmin() ? ADM_ACTION : USR_ACTION, LOG_INFO, "[API] added directory-protection for '" . $username . " (" . $path . ")'");
|
||||||
inserttask('1');
|
inserttask('1');
|
||||||
|
|
||||||
$result = $this->apiCall('DirProtections.get', array(
|
$result = $this->apiCall('DirProtections.get', array(
|
||||||
'id' => $id
|
'id' => $id
|
||||||
));
|
));
|
||||||
@@ -103,7 +120,7 @@ class DirProtections extends ApiCommand implements ResourceEntity
|
|||||||
* return a directory-protection entry by either id or username
|
* return a directory-protection entry by either id or username
|
||||||
*
|
*
|
||||||
* @param int $id
|
* @param int $id
|
||||||
* optional, the customer-id
|
* optional, the entry-id
|
||||||
* @param string $username
|
* @param string $username
|
||||||
* optional, the username
|
* optional, the username
|
||||||
*
|
*
|
||||||
@@ -116,11 +133,11 @@ class DirProtections extends ApiCommand implements ResourceEntity
|
|||||||
if ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'extras')) {
|
if ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'extras')) {
|
||||||
throw new Exception("You cannot access this resource", 405);
|
throw new Exception("You cannot access this resource", 405);
|
||||||
}
|
}
|
||||||
|
|
||||||
$id = $this->getParam('id', true, 0);
|
$id = $this->getParam('id', true, 0);
|
||||||
$un_optional = ($id <= 0 ? false : true);
|
$un_optional = ($id <= 0 ? false : true);
|
||||||
$username = $this->getParam('username', $un_optional, '');
|
$username = $this->getParam('username', $un_optional, '');
|
||||||
|
|
||||||
$params = array();
|
$params = array();
|
||||||
if ($this->isAdmin()) {
|
if ($this->isAdmin()) {
|
||||||
if ($this->getUserDetail('customers_see_all') == false) {
|
if ($this->getUserDetail('customers_see_all') == false) {
|
||||||
@@ -134,7 +151,7 @@ class DirProtections extends ApiCommand implements ResourceEntity
|
|||||||
}
|
}
|
||||||
$result_stmt = Database::prepare("
|
$result_stmt = Database::prepare("
|
||||||
SELECT * FROM `" . TABLE_PANEL_HTPASSWDS . "`
|
SELECT * FROM `" . TABLE_PANEL_HTPASSWDS . "`
|
||||||
WHERE `customerid` IN (".implode(", ", $customer_ids).")
|
WHERE `customerid` IN (" . implode(", ", $customer_ids) . ")
|
||||||
AND (`id` = :idun OR `username` = :idun)
|
AND (`id` = :idun OR `username` = :idun)
|
||||||
");
|
");
|
||||||
} else {
|
} else {
|
||||||
@@ -164,30 +181,50 @@ class DirProtections extends ApiCommand implements ResourceEntity
|
|||||||
throw new Exception("Directory protection with " . $key . " could not be found", 404);
|
throw new Exception("Directory protection with " . $key . " could not be found", 404);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* update htaccess protection of a given directory
|
||||||
|
*
|
||||||
|
* @param int $id
|
||||||
|
* optional, the entry-id
|
||||||
|
* @param string $username
|
||||||
|
* optional, the username
|
||||||
|
* @param int $customerid
|
||||||
|
* optional, admin-only, the customer-id
|
||||||
|
* @param string $loginname
|
||||||
|
* optional, admin-only, the loginname
|
||||||
|
* @param string $directory_password
|
||||||
|
* optional, leave empty for no change
|
||||||
|
* @param string $directory_authname
|
||||||
|
* optional name/description for the protection
|
||||||
|
*
|
||||||
|
* @access admin, customer
|
||||||
|
* @throws Exception
|
||||||
|
* @return array
|
||||||
|
*/
|
||||||
public function update()
|
public function update()
|
||||||
{
|
{
|
||||||
$id = $this->getParam('id', true, 0);
|
$id = $this->getParam('id', true, 0);
|
||||||
$un_optional = ($id <= 0 ? false : true);
|
$un_optional = ($id <= 0 ? false : true);
|
||||||
$username = $this->getParam('username', $un_optional, '');
|
$username = $this->getParam('username', $un_optional, '');
|
||||||
|
|
||||||
// validation
|
// validation
|
||||||
$result = $this->apiCall('DirProtections.get', array(
|
$result = $this->apiCall('DirProtections.get', array(
|
||||||
'id' => $id,
|
'id' => $id,
|
||||||
'username' => $username
|
'username' => $username
|
||||||
));
|
));
|
||||||
$id = $result['id'];
|
$id = $result['id'];
|
||||||
|
|
||||||
// parameters
|
// parameters
|
||||||
$password = $this->getParam('directory_password', true, '');
|
$password = $this->getParam('directory_password', true, '');
|
||||||
$authname = $this->getParam('directory_authname', true, $result['authname']);
|
$authname = $this->getParam('directory_authname', true, $result['authname']);
|
||||||
|
|
||||||
// get needed customer info
|
// get needed customer info
|
||||||
$customer = $this->getCustomerData();
|
$customer = $this->getCustomerData();
|
||||||
|
|
||||||
// validation
|
// validation
|
||||||
$authname = validate($authname, 'directory_authname', '/^[a-zA-Z0-9][a-zA-Z0-9\-_ ]+\$?$/', '', array(), true);
|
$authname = validate($authname, 'directory_authname', '/^[a-zA-Z0-9][a-zA-Z0-9\-_ ]+\$?$/', '', array(), true);
|
||||||
validate($password, 'password', '', '', array(), true);
|
validate($password, 'password', '', '', array(), true);
|
||||||
|
|
||||||
$upd_query = "";
|
$upd_query = "";
|
||||||
$upd_params = array(
|
$upd_params = array(
|
||||||
"id" => $result['id'],
|
"id" => $result['id'],
|
||||||
@@ -213,7 +250,7 @@ class DirProtections extends ApiCommand implements ResourceEntity
|
|||||||
$upd_query .= "`authname` = :authname";
|
$upd_query .= "`authname` = :authname";
|
||||||
$upd_params['authname'] = $authname;
|
$upd_params['authname'] = $authname;
|
||||||
}
|
}
|
||||||
|
|
||||||
// build update query
|
// build update query
|
||||||
if (! empty($upd_query)) {
|
if (! empty($upd_query)) {
|
||||||
$upd_stmt = Database::prepare("
|
$upd_stmt = Database::prepare("
|
||||||
@@ -222,7 +259,7 @@ class DirProtections extends ApiCommand implements ResourceEntity
|
|||||||
Database::pexecute($upd_stmt, $upd_params, true, true);
|
Database::pexecute($upd_stmt, $upd_params, true, true);
|
||||||
inserttask('1');
|
inserttask('1');
|
||||||
}
|
}
|
||||||
|
|
||||||
$this->logger()->logAction($this->isAdmin() ? ADM_ACTION : USR_ACTION, LOG_INFO, "[API] updated directory-protection '" . $result['username'] . " (" . $result['path'] . ")'");
|
$this->logger()->logAction($this->isAdmin() ? ADM_ACTION : USR_ACTION, LOG_INFO, "[API] updated directory-protection '" . $result['username'] . " (" . $result['path'] . ")'");
|
||||||
$result = $this->apiCall('DirProtections.get', array(
|
$result = $this->apiCall('DirProtections.get', array(
|
||||||
'id' => $result['id']
|
'id' => $result['id']
|
||||||
@@ -248,11 +285,11 @@ class DirProtections extends ApiCommand implements ResourceEntity
|
|||||||
throw new Exception("You cannot access this resource", 405);
|
throw new Exception("You cannot access this resource", 405);
|
||||||
}
|
}
|
||||||
$customer_ids = $this->getAllowedCustomerIds('extras.directoryprotection');
|
$customer_ids = $this->getAllowedCustomerIds('extras.directoryprotection');
|
||||||
|
|
||||||
$result = array();
|
$result = array();
|
||||||
$result_stmt = Database::prepare("
|
$result_stmt = Database::prepare("
|
||||||
SELECT * FROM `" . TABLE_PANEL_HTPASSWDS . "`
|
SELECT * FROM `" . TABLE_PANEL_HTPASSWDS . "`
|
||||||
WHERE `customerid` IN (".implode(', ', $customer_ids).")
|
WHERE `customerid` IN (" . implode(', ', $customer_ids) . ")
|
||||||
");
|
");
|
||||||
Database::pexecute($result_stmt, null, true, true);
|
Database::pexecute($result_stmt, null, true, true);
|
||||||
while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
|
while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
|
||||||
@@ -282,22 +319,22 @@ class DirProtections extends ApiCommand implements ResourceEntity
|
|||||||
if ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'extras')) {
|
if ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'extras')) {
|
||||||
throw new Exception("You cannot access this resource", 405);
|
throw new Exception("You cannot access this resource", 405);
|
||||||
}
|
}
|
||||||
|
|
||||||
$id = $this->getParam('id', true, 0);
|
$id = $this->getParam('id', true, 0);
|
||||||
$un_optional = ($id <= 0 ? false : true);
|
$un_optional = ($id <= 0 ? false : true);
|
||||||
$username = $this->getParam('username', $un_optional, '');
|
$username = $this->getParam('username', $un_optional, '');
|
||||||
|
|
||||||
if ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'extras.directoryprotection')) {
|
if ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'extras.directoryprotection')) {
|
||||||
throw new Exception("You cannot access this resource", 405);
|
throw new Exception("You cannot access this resource", 405);
|
||||||
}
|
}
|
||||||
|
|
||||||
// get directory protection
|
// get directory protection
|
||||||
$result = $this->apiCall('DirProtections.get', array(
|
$result = $this->apiCall('DirProtections.get', array(
|
||||||
'id' => $id,
|
'id' => $id,
|
||||||
'username' => $username
|
'username' => $username
|
||||||
));
|
));
|
||||||
$id = $result['id'];
|
$id = $result['id'];
|
||||||
|
|
||||||
if ($this->isAdmin()) {
|
if ($this->isAdmin()) {
|
||||||
// get customer-data
|
// get customer-data
|
||||||
$customer_data = $this->apiCall('Customers.get', array(
|
$customer_data = $this->apiCall('Customers.get', array(
|
||||||
@@ -306,7 +343,7 @@ class DirProtections extends ApiCommand implements ResourceEntity
|
|||||||
} else {
|
} else {
|
||||||
$customer_data = $this->getUserData();
|
$customer_data = $this->getUserData();
|
||||||
}
|
}
|
||||||
|
|
||||||
$stmt = Database::prepare("
|
$stmt = Database::prepare("
|
||||||
DELETE FROM `" . TABLE_PANEL_HTPASSWDS . "` WHERE `customerid`= :customerid AND `id`= :id
|
DELETE FROM `" . TABLE_PANEL_HTPASSWDS . "` WHERE `customerid`= :customerid AND `id`= :id
|
||||||
");
|
");
|
||||||
@@ -314,7 +351,7 @@ class DirProtections extends ApiCommand implements ResourceEntity
|
|||||||
"customerid" => $customer_data['customerid'],
|
"customerid" => $customer_data['customerid'],
|
||||||
"id" => $id
|
"id" => $id
|
||||||
));
|
));
|
||||||
|
|
||||||
$this->logger()->logAction($this->isAdmin() ? ADM_ACTION : USR_ACTION, LOG_INFO, "[API] deleted htpasswd for '" . $result['username'] . " (" . $result['path'] . ")'");
|
$this->logger()->logAction($this->isAdmin() ? ADM_ACTION : USR_ACTION, LOG_INFO, "[API] deleted htpasswd for '" . $result['username'] . " (" . $result['path'] . ")'");
|
||||||
inserttask('1');
|
inserttask('1');
|
||||||
return $this->response(200, "successfull", $result);
|
return $this->response(200, "successfull", $result);
|
||||||
|
|||||||
Reference in New Issue
Block a user