maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

add Admins.add()

Browse Source 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann (d00p)
2018-02-22 16:51:56 +01:00
parent b42a7b1b26
commit dfb5d33a56
4 changed files with 237 additions and 268 deletions
Download Patch File Download Diff File Expand all files Collapse all files

245
admin_admins.php
View File

@@ -201,247 +201,12 @@ if ($page == 'admins'
if (isset($_POST['send'])
&& $_POST['send'] == 'send'
) {
$name = validate($_POST['name'], 'name');
$email = $idna_convert->encode(validate($_POST['email'], 'email'));
$custom_notes = validate(str_replace("\r\n", "\n", $_POST['custom_notes']), 'custom_notes', '/^[^\0]*$/');
$custom_notes_show = 0;
if (isset($_POST['custom_notes_show'])) {
$custom_notes_show = intval_ressource($_POST['custom_notes_show']);
try {
Admins::getLocal($userinfo, $_POST)->add();
} catch (Exception $e) {
dynamic_error($e->getMessage());
}
$loginname = validate($_POST['loginname'], 'loginname');
$password = validate($_POST['admin_password'], 'password');
$password = validatePassword($password);
$def_language = validate($_POST['def_language'], 'default language');
$customers = intval_ressource($_POST['customers']);
if (isset($_POST['customers_ul'])) {
$customers = -1;
}
$domains = intval_ressource($_POST['domains']);
if (isset($_POST['domains_ul'])) {
$domains = -1;
}
$subdomains = intval_ressource($_POST['subdomains']);
if (isset($_POST['subdomains_ul'])) {
$subdomains = -1;
}
$emails = intval_ressource($_POST['emails']);
if (isset($_POST['emails_ul'])) {
$emails = -1;
}
$email_accounts = intval_ressource($_POST['email_accounts']);
if (isset($_POST['email_accounts_ul'])) {
$email_accounts = -1;
}
$email_forwarders = intval_ressource($_POST['email_forwarders']);
if (isset($_POST['email_forwarders_ul'])) {
$email_forwarders = -1;
}
if (Settings::Get('system.mail_quota_enabled') == '1') {
$email_quota = validate($_POST['email_quota'], 'email_quota', '/^\d+$/', 'vmailquotawrong', array('0', ''));
if (isset($_POST['email_quota_ul'])) {
$email_quota = -1;
}
} else {
$email_quota = -1;
}
$ftps = intval_ressource($_POST['ftps']);
if (isset($_POST['ftps_ul'])) {
$ftps = -1;
}
if (Settings::Get('ticket.enabled') == 1) {
$tickets = intval_ressource($_POST['tickets']);
if (isset($_POST['tickets_ul'])) {
$tickets = -1;
}
} else {
$tickets = 0;
}
$mysqls = intval_ressource($_POST['mysqls']);
if (isset($_POST['mysqls_ul'])) {
$mysqls = -1;
}
$customers_see_all = 0;
if (isset($_POST['customers_see_all'])) {
$customers_see_all = intval($_POST['customers_see_all']);
}
$domains_see_all = 0;
if (isset($_POST['domains_see_all'])) {
$domains_see_all = intval($_POST['domains_see_all']);
}
$caneditphpsettings = 0;
if (isset($_POST['caneditphpsettings'])) {
$caneditphpsettings = intval($_POST['caneditphpsettings']);
}
$change_serversettings = 0;
if (isset($_POST['change_serversettings'])) {
$change_serversettings = intval($_POST['change_serversettings']);
}
$diskspace = intval_ressource($_POST['diskspace']);
if (isset($_POST['diskspace_ul'])) {
$diskspace = -1;
}
$traffic = doubleval_ressource($_POST['traffic']);
if (isset($_POST['traffic_ul'])) {
$traffic = -1;
}
$tickets_see_all = 0;
if (isset($_POST['tickets_see_all'])) {
$tickets_see_all = intval($_POST['tickets_see_all']);
}
$diskspace = $diskspace * 1024;
$traffic = $traffic * 1024 * 1024;
$ipaddress = intval_ressource($_POST['ipaddress']);
// Check if the account already exists
$loginname_check_stmt = Database::prepare("
SELECT `loginname` FROM `" . TABLE_PANEL_CUSTOMERS . "` WHERE `loginname` = :login
");
$loginname_check = Database::pexecute_first($loginname_check_stmt, array('login' => $loginname));
$loginname_check_admin_stmt = Database::prepare("
SELECT `loginname` FROM `" . TABLE_PANEL_ADMINS . "` WHERE `loginname` = :login
");
$loginname_check_admin = Database::pexecute_first($loginname_check_admin_stmt, array('login' => $loginname));
if ($loginname == '') {
standard_error(array('stringisempty', 'myloginname'));
}
elseif (strtolower($loginname_check['loginname']) == strtolower($loginname)
|| strtolower($loginname_check_admin['loginname']) == strtolower($loginname)
) {
standard_error('loginnameexists', $loginname);
}
// Accounts which match systemaccounts are not allowed, filtering them
elseif (preg_match('/^' . preg_quote(Settings::Get('customer.accountprefix'), '/') . '([0-9]+)/', $loginname)) {
standard_error('loginnameissystemaccount', Settings::Get('customer.accountprefix'));
}
elseif (!validateUsername($loginname)) {
standard_error('loginnameiswrong', $loginname);
}
elseif ($name == '') {
standard_error(array('stringisempty', 'myname'));
}
elseif ($email == '') {
standard_error(array('stringisempty', 'emailadd'));
}
elseif ($password == '') {
standard_error(array('stringisempty', 'mypassword'));
}
elseif (!validateEmail($email)) {
standard_error('emailiswrong', $email);
} else {
if ($customers_see_all != '1') {
$customers_see_all = '0';
}
if ($domains_see_all != '1') {
$domains_see_all = '0';
}
if ($caneditphpsettings != '1') {
$caneditphpsettings = '0';
}
if ($change_serversettings != '1') {
$change_serversettings = '0';
}
if ($tickets_see_all != '1') {
$tickets_see_all = '0';
}
$_theme = Settings::Get('panel.default_theme');
$ins_data = array(
'loginname' => $loginname,
'password' => makeCryptPassword($password),
'name' => $name,
'email' => $email,
'lang' => $def_language,
'change_serversettings' => $change_serversettings,
'customers' => $customers,
'customers_see_all' => $customers_see_all,
'domains' => $domains,
'domains_see_all' => $domains_see_all,
'caneditphpsettings' => $caneditphpsettings,
'diskspace' => $diskspace,
'traffic' => $traffic,
'subdomains' => $subdomains,
'emails' => $emails,
'accounts' => $email_accounts,
'forwarders' => $email_forwarders,
'quota' => $email_quota,
'ftps' => $ftps,
'tickets' => $tickets,
'tickets_see_all' => $tickets_see_all,
'mysqls' => $mysqls,
'ip' => $ipaddress,
'theme' => $_theme,
'custom_notes' => $custom_notes,
'custom_notes_show' => $custom_notes_show
);
$ins_stmt = Database::prepare("
INSERT INTO `" . TABLE_PANEL_ADMINS . "` SET
`loginname` = :loginname,
`password` = :password,
`name` = :name,
`email` = :email,
`def_language` = :lang,
`change_serversettings` = :change_serversettings,
`customers` = :customers,
`customers_see_all` = :customers_see_all,
`domains` = :domains,
`domains_see_all` = :domains_see_all,
`caneditphpsettings` = :caneditphpsettings,
`diskspace` = :diskspace,
`traffic` = :traffic,
`subdomains` = :subdomains,
`emails` = :emails,
`email_accounts` = :accounts,
`email_forwarders` = :forwarders,
`email_quota` = :quota,
`ftps` = :ftps,
`tickets` = :tickets,
`tickets_see_all` = :tickets_see_all,
`mysqls` = :mysqls,
`ip` = :ip,
`theme` = :theme,
`custom_notes` = :custom_notes,
`custom_notes_show` = :custom_notes_show
");
Database::pexecute($ins_stmt, $ins_data);
$adminid = Database::lastInsertId();
$log->logAction(ADM_ACTION, LOG_INFO, "added admin '" . $loginname . "'");
redirectTo($filename, array('page' => $page, 's' => $s));
}
redirectTo($filename, array('page' => $page, 's' => $s));
} else {
$language_options = '';

218
lib/classes/api/commands/class.Admins.php
View File

@@ -86,11 +86,212 @@ class Admins extends ApiCommand implements ResourceEntity
public function add()
{
if ($this->isAdmin()) {
// required parameters
$name = $this->getParam('name');
$email = $this->getParam('email');
// parameters
$def_language = $this->getParam('def_language', true, '');
$custom_notes = $this->getParam('custom_notes', true, '');
$custom_notes_show = $this->getParam('custom_notes_show', true, 0);
$password = $this->getParam('admin_password', true, '');
$sendpassword = $this->getParam('sendpassword', true, 0);
$loginname = $this->getParam('new_loginname', true, '');
$diskspace = $this->getUlParam('diskspace', 'diskspace_ul', true, 0);
$traffic = $this->getUlParam('traffic', 'traffic_ul', true, 0);
$customers = $this->getUlParam('customers', 'customers_ul', true, 0);
$domains = $this->getUlParam('domains', 'domains_ul', true, 0);
$subdomains = $this->getUlParam('subdomains', 'subdomains_ul', true, 0);
$emails = $this->getUlParam('emails', 'emails_ul', true, 0);
$email_accounts = $this->getUlParam('email_accounts', 'email_accounts_ul', true, 0);
$email_forwarders = $this->getUlParam('email_forwarders', 'email_forwarders_ul', true, 0);
$email_quota = $this->getUlParam('email_quota', 'email_quota_ul', true, 0);
$ftps = $this->getUlParam('ftps', 'ftps_ul', true, 0);
$tickets = $this->getUlParam('tickets', 'tickets_ul', true, 0);
$mysqls = $this->getUlParam('mysqls', 'mysqls_ul', true, 0);
$customers_see_all = $this->getParam('customers_see_all', true, 0);
$domains_see_all = $this->getParam('domains_see_all', true, 0);
$tickets_see_all = $this->getParam('tickets_see_all', true, 0);
$caneditphpsettings = $this->getParam('caneditphpsettings', true, 0);
$change_serversettings = $this->getParam('change_serversettings', true, 0);
$ipaddress = intval_ressource($this->getParam('ipaddress', true, -1));
// validation
$name = validate($name, 'name', '', '', array(), true);
$idna_convert = new idna_convert_wrapper();
$email = $idna_convert->encode(validate($email, 'email', '', '', array(), true));
$def_language = validate($def_language, 'default language', '', '', array(), true);
$custom_notes = validate(str_replace("\r\n", "\n", $custom_notes), 'custom_notes', '/^[^\0]*$/', '', array(), true);
if (Settings::Get('system.mail_quota_enabled') != '1') {
$email_quota = - 1;
}
if (Settings::Get('ticket.enabled') != '1') {
$tickets = - 1;
}
$password = validate($password, 'password', '', '', array(), true);
// only check if not empty,
// cause empty == generate password automatically
if ($password != '') {
$password = validatePassword($password, true);
}
$diskspace = $diskspace * 1024;
$traffic = $traffic * 1024 * 1024;
// Check if the account already exists
try {
$dup_check_result = Customers::getLocal($this->getUserData(), array(
'loginname' => $loginname
))->get();
$loginname_check = json_decode($dup_check_result, true)['data'];
} catch (Exception $e) {
$loginname_check = array(
'loginname' => ''
);
}
// Check if an admin with the loginname already exists
try {
$dup_check_result = Admins::getLocal($this->getUserData(), array(
'loginname' => $loginname
))->get();
$loginname_check_admin = json_decode($dup_check_result, true)['data'];
} catch (Exception $e) {
$loginname_check_admin = array(
'loginname' => ''
);
}
if ($loginname == '') {
standard_error(array(
'stringisempty',
'myloginname'
), '', true);
} elseif (strtolower($loginname_check['loginname']) == strtolower($loginname) || strtolower($loginname_check_admin['loginname']) == strtolower($loginname)) {
standard_error('loginnameexists', $loginname, true);
} // Accounts which match systemaccounts are not allowed, filtering them
elseif (preg_match('/^' . preg_quote(Settings::Get('customer.accountprefix'), '/') . '([0-9]+)/', $loginname)) {
standard_error('loginnameissystemaccount', Settings::Get('customer.accountprefix'), true);
} elseif (! validateUsername($loginname)) {
standard_error('loginnameiswrong', $loginname, true);
} elseif ($name == '') {
standard_error(array(
'stringisempty',
'myname'
), '', true);
} elseif ($email == '') {
standard_error(array(
'stringisempty',
'emailadd'
), '', true);
} elseif (! validateEmail($email)) {
standard_error('emailiswrong', $email, true);
} else {
if ($customers_see_all != '1') {
$customers_see_all = '0';
}
if ($domains_see_all != '1') {
$domains_see_all = '0';
}
if ($caneditphpsettings != '1') {
$caneditphpsettings = '0';
}
if ($change_serversettings != '1') {
$change_serversettings = '0';
}
if ($tickets_see_all != '1') {
$tickets_see_all = '0';
}
if ($password == '') {
$password = generatePassword();
}
$_theme = Settings::Get('panel.default_theme');
$ins_data = array(
'loginname' => $loginname,
'password' => makeCryptPassword($password),
'name' => $name,
'email' => $email,
'lang' => $def_language,
'change_serversettings' => $change_serversettings,
'customers' => $customers,
'customers_see_all' => $customers_see_all,
'domains' => $domains,
'domains_see_all' => $domains_see_all,
'caneditphpsettings' => $caneditphpsettings,
'diskspace' => $diskspace,
'traffic' => $traffic,
'subdomains' => $subdomains,
'emails' => $emails,
'accounts' => $email_accounts,
'forwarders' => $email_forwarders,
'quota' => $email_quota,
'ftps' => $ftps,
'tickets' => $tickets,
'tickets_see_all' => $tickets_see_all,
'mysqls' => $mysqls,
'ip' => $ipaddress,
'theme' => $_theme,
'custom_notes' => $custom_notes,
'custom_notes_show' => $custom_notes_show
);
$ins_stmt = Database::prepare("
INSERT INTO `" . TABLE_PANEL_ADMINS . "` SET
`loginname` = :loginname,
`password` = :password,
`name` = :name,
`email` = :email,
`def_language` = :lang,
`change_serversettings` = :change_serversettings,
`customers` = :customers,
`customers_see_all` = :customers_see_all,
`domains` = :domains,
`domains_see_all` = :domains_see_all,
`caneditphpsettings` = :caneditphpsettings,
`diskspace` = :diskspace,
`traffic` = :traffic,
`subdomains` = :subdomains,
`emails` = :emails,
`email_accounts` = :accounts,
`email_forwarders` = :forwarders,
`email_quota` = :quota,
`ftps` = :ftps,
`tickets` = :tickets,
`tickets_see_all` = :tickets_see_all,
`mysqls` = :mysqls,
`ip` = :ip,
`theme` = :theme,
`custom_notes` = :custom_notes,
`custom_notes_show` = :custom_notes_show
");
Database::pexecute($ins_stmt, $ins_data, true, true);
$adminid = Database::lastInsertId();
$ins_data['adminid'] = $adminid;
$this->logger()->logAction(ADM_ACTION, LOG_WARNING, "[API] added admin '" . $loginname . "'");
return $this->response(200, "successfull", $admin_ins_data);
}
}
throw new Exception("Not allowed to execute given command.", 403);
}
public function update()
{
}
{}
/**
* delete a admin entry by either id or loginname
@@ -106,8 +307,7 @@ class Admins extends ApiCommand implements ResourceEntity
* @return array
*/
public function delete()
{
}
{}
/**
* unlock a locked admin by either id or loginname
@@ -116,7 +316,7 @@ class Admins extends ApiCommand implements ResourceEntity
* optional, the admin-id
* @param string $loginname
* optional, the loginname
*
*
* @throws Exception
* @return array
*/
@@ -126,18 +326,18 @@ class Admins extends ApiCommand implements ResourceEntity
$id = $this->getParam('id', true, 0);
$ln_optional = ($id <= 0 ? false : true);
$loginname = $this->getParam('loginname', $ln_optional, '');
if ($id <= 0 && empty($loginname)) {
throw new Exception("Either 'id' or 'loginname' parameter must be given", 406);
}
$json_result = Admins::getLocal($this->getUserData(), array(
'id' => $id,
'loginname' => $loginname
))->get();
$result = json_decode($json_result, true)['data'];
$id = $result['adminid'];
$result_stmt = Database::prepare("
UPDATE `" . TABLE_PANEL_ADMINS . "` SET
`loginfail_count` = '0'
@@ -146,7 +346,7 @@ class Admins extends ApiCommand implements ResourceEntity
Database::pexecute($result_stmt, array(
'id' => $id
), true, true);
$this->logger()->logAction(ADM_ACTION, LOG_WARNING, "[API] unlocked admin '" . $result['loginname'] . "'");
return $this->response(200, "successfull", $result);
}

34
lib/classes/api/commands/class.Customers.php
View File

@@ -144,7 +144,6 @@ class Customers extends ApiCommand implements ResourceEntity
$loginname = $this->getParam('new_loginname', true, '');
// validation
$idna_convert = new idna_convert_wrapper();
$name = validate($name, 'name', '', '', array(), true);
$firstname = validate($firstname, 'first name', '', '', array(), true);
$company = validate($company, 'company', '', '', array(), true);
@@ -233,20 +232,25 @@ class Customers extends ApiCommand implements ResourceEntity
}
// Check if the account already exists
$loginname_check_stmt = Database::prepare("
SELECT `loginname` FROM `" . TABLE_PANEL_CUSTOMERS . "` WHERE `loginname` = :loginname
");
$loginname_check = Database::pexecute_first($loginname_check_stmt, array(
'loginname' => $loginname
), true, true);
$loginname_check_admin_stmt = Database::prepare("
SELECT `loginname` FROM `" . TABLE_PANEL_ADMINS . "` WHERE `loginname` = :loginname
");
$loginname_check_admin = Database::pexecute_first($loginname_check_admin_stmt, array(
'loginname' => $loginname
), true, true);
try {
$dup_check_result = Customers::getLocal($this->getUserData(), array(
'loginname' => $loginname
))->get();
$loginname_check = json_decode($dup_check_result, true)['data'];
} catch (Exception $e) {
$loginname_check = array('loginname' => '');
}
// Check if an admin with the loginname already exists
try {
$dup_check_result = Admins::getLocal($this->getUserData(), array(
'loginname' => $loginname
))->get();
$loginname_check_admin = json_decode($dup_check_result, true)['data'];
} catch (Exception $e) {
$loginname_check_admin = array('loginname' => '');
}
if (strtolower($loginname_check['loginname']) == strtolower($loginname) || strtolower($loginname_check_admin['loginname']) == strtolower($loginname)) {
standard_error('loginnameexists', $loginname, true);
} elseif (! validateUsername($loginname, Settings::Get('panel.unix_names'), 14 - strlen(Settings::Get('customer.mysqlprefix')))) {

8
lib/classes/api/commands/class.PhpSettings.php
View File

@@ -19,7 +19,7 @@ class PhpSettings extends ApiCommand implements ResourceEntity
{
/**
* lists all php-config entries
* lists all php-setting entries
*
* @return array count|list
*/
@@ -102,7 +102,7 @@ class PhpSettings extends ApiCommand implements ResourceEntity
}
/**
* return a php-config entry by id
* return a php-setting entry by id
*
* @param int $id php-settings-id
*
@@ -329,9 +329,9 @@ class PhpSettings extends ApiCommand implements ResourceEntity
}
/**
* delete a php-config entry by id
* delete a php-setting entry by id
*
* @param int $id php-config-id
* @param int $id php-settings-id
*
* @throws Exception
* @return array