diff --git a/admin_admins.php b/admin_admins.php index 4e5a54d5..ce0f8488 100644 --- a/admin_admins.php +++ b/admin_admins.php @@ -201,247 +201,12 @@ if ($page == 'admins' if (isset($_POST['send']) && $_POST['send'] == 'send' ) { - - $name = validate($_POST['name'], 'name'); - $email = $idna_convert->encode(validate($_POST['email'], 'email')); - - $custom_notes = validate(str_replace("\r\n", "\n", $_POST['custom_notes']), 'custom_notes', '/^[^\0]*$/'); - $custom_notes_show = 0; - if (isset($_POST['custom_notes_show'])) { - $custom_notes_show = intval_ressource($_POST['custom_notes_show']); + try { + Admins::getLocal($userinfo, $_POST)->add(); + } catch (Exception $e) { + dynamic_error($e->getMessage()); } - - $loginname = validate($_POST['loginname'], 'loginname'); - $password = validate($_POST['admin_password'], 'password'); - $password = validatePassword($password); - $def_language = validate($_POST['def_language'], 'default language'); - - $customers = intval_ressource($_POST['customers']); - if (isset($_POST['customers_ul'])) { - $customers = -1; - } - - $domains = intval_ressource($_POST['domains']); - if (isset($_POST['domains_ul'])) { - $domains = -1; - } - - $subdomains = intval_ressource($_POST['subdomains']); - if (isset($_POST['subdomains_ul'])) { - $subdomains = -1; - } - - $emails = intval_ressource($_POST['emails']); - if (isset($_POST['emails_ul'])) { - $emails = -1; - } - - $email_accounts = intval_ressource($_POST['email_accounts']); - if (isset($_POST['email_accounts_ul'])) { - $email_accounts = -1; - } - - $email_forwarders = intval_ressource($_POST['email_forwarders']); - if (isset($_POST['email_forwarders_ul'])) { - $email_forwarders = -1; - } - - if (Settings::Get('system.mail_quota_enabled') == '1') { - - $email_quota = validate($_POST['email_quota'], 'email_quota', '/^\d+$/', 'vmailquotawrong', array('0', '')); - if (isset($_POST['email_quota_ul'])) { - $email_quota = -1; - } - } else { - $email_quota = -1; - } - - $ftps = intval_ressource($_POST['ftps']); - if (isset($_POST['ftps_ul'])) { - $ftps = -1; - } - - if (Settings::Get('ticket.enabled') == 1) { - - $tickets = intval_ressource($_POST['tickets']); - if (isset($_POST['tickets_ul'])) { - $tickets = -1; - } - } else { - $tickets = 0; - } - - $mysqls = intval_ressource($_POST['mysqls']); - if (isset($_POST['mysqls_ul'])) { - $mysqls = -1; - } - - $customers_see_all = 0; - if (isset($_POST['customers_see_all'])) { - $customers_see_all = intval($_POST['customers_see_all']); - } - - $domains_see_all = 0; - if (isset($_POST['domains_see_all'])) { - $domains_see_all = intval($_POST['domains_see_all']); - } - - $caneditphpsettings = 0; - if (isset($_POST['caneditphpsettings'])) { - $caneditphpsettings = intval($_POST['caneditphpsettings']); - } - - $change_serversettings = 0; - if (isset($_POST['change_serversettings'])) { - $change_serversettings = intval($_POST['change_serversettings']); - } - - $diskspace = intval_ressource($_POST['diskspace']); - if (isset($_POST['diskspace_ul'])) { - $diskspace = -1; - } - - $traffic = doubleval_ressource($_POST['traffic']); - if (isset($_POST['traffic_ul'])) { - $traffic = -1; - } - - $tickets_see_all = 0; - if (isset($_POST['tickets_see_all'])) { - $tickets_see_all = intval($_POST['tickets_see_all']); - } - - $diskspace = $diskspace * 1024; - $traffic = $traffic * 1024 * 1024; - $ipaddress = intval_ressource($_POST['ipaddress']); - - // Check if the account already exists - $loginname_check_stmt = Database::prepare(" - SELECT `loginname` FROM `" . TABLE_PANEL_CUSTOMERS . "` WHERE `loginname` = :login - "); - $loginname_check = Database::pexecute_first($loginname_check_stmt, array('login' => $loginname)); - - $loginname_check_admin_stmt = Database::prepare(" - SELECT `loginname` FROM `" . TABLE_PANEL_ADMINS . "` WHERE `loginname` = :login - "); - $loginname_check_admin = Database::pexecute_first($loginname_check_admin_stmt, array('login' => $loginname)); - - if ($loginname == '') { - standard_error(array('stringisempty', 'myloginname')); - } - elseif (strtolower($loginname_check['loginname']) == strtolower($loginname) - || strtolower($loginname_check_admin['loginname']) == strtolower($loginname) - ) { - standard_error('loginnameexists', $loginname); - } - // Accounts which match systemaccounts are not allowed, filtering them - elseif (preg_match('/^' . preg_quote(Settings::Get('customer.accountprefix'), '/') . '([0-9]+)/', $loginname)) { - standard_error('loginnameissystemaccount', Settings::Get('customer.accountprefix')); - } - elseif (!validateUsername($loginname)) { - standard_error('loginnameiswrong', $loginname); - } - elseif ($name == '') { - standard_error(array('stringisempty', 'myname')); - } - elseif ($email == '') { - standard_error(array('stringisempty', 'emailadd')); - } - elseif ($password == '') { - standard_error(array('stringisempty', 'mypassword')); - } - elseif (!validateEmail($email)) { - standard_error('emailiswrong', $email); - - } else { - - if ($customers_see_all != '1') { - $customers_see_all = '0'; - } - - if ($domains_see_all != '1') { - $domains_see_all = '0'; - } - - if ($caneditphpsettings != '1') { - $caneditphpsettings = '0'; - } - - if ($change_serversettings != '1') { - $change_serversettings = '0'; - } - - if ($tickets_see_all != '1') { - $tickets_see_all = '0'; - } - - $_theme = Settings::Get('panel.default_theme'); - - $ins_data = array( - 'loginname' => $loginname, - 'password' => makeCryptPassword($password), - 'name' => $name, - 'email' => $email, - 'lang' => $def_language, - 'change_serversettings' => $change_serversettings, - 'customers' => $customers, - 'customers_see_all' => $customers_see_all, - 'domains' => $domains, - 'domains_see_all' => $domains_see_all, - 'caneditphpsettings' => $caneditphpsettings, - 'diskspace' => $diskspace, - 'traffic' => $traffic, - 'subdomains' => $subdomains, - 'emails' => $emails, - 'accounts' => $email_accounts, - 'forwarders' => $email_forwarders, - 'quota' => $email_quota, - 'ftps' => $ftps, - 'tickets' => $tickets, - 'tickets_see_all' => $tickets_see_all, - 'mysqls' => $mysqls, - 'ip' => $ipaddress, - 'theme' => $_theme, - 'custom_notes' => $custom_notes, - 'custom_notes_show' => $custom_notes_show - ); - - $ins_stmt = Database::prepare(" - INSERT INTO `" . TABLE_PANEL_ADMINS . "` SET - `loginname` = :loginname, - `password` = :password, - `name` = :name, - `email` = :email, - `def_language` = :lang, - `change_serversettings` = :change_serversettings, - `customers` = :customers, - `customers_see_all` = :customers_see_all, - `domains` = :domains, - `domains_see_all` = :domains_see_all, - `caneditphpsettings` = :caneditphpsettings, - `diskspace` = :diskspace, - `traffic` = :traffic, - `subdomains` = :subdomains, - `emails` = :emails, - `email_accounts` = :accounts, - `email_forwarders` = :forwarders, - `email_quota` = :quota, - `ftps` = :ftps, - `tickets` = :tickets, - `tickets_see_all` = :tickets_see_all, - `mysqls` = :mysqls, - `ip` = :ip, - `theme` = :theme, - `custom_notes` = :custom_notes, - `custom_notes_show` = :custom_notes_show - "); - Database::pexecute($ins_stmt, $ins_data); - - $adminid = Database::lastInsertId(); - $log->logAction(ADM_ACTION, LOG_INFO, "added admin '" . $loginname . "'"); - redirectTo($filename, array('page' => $page, 's' => $s)); - } - + redirectTo($filename, array('page' => $page, 's' => $s)); } else { $language_options = ''; diff --git a/lib/classes/api/commands/class.Admins.php b/lib/classes/api/commands/class.Admins.php index 6a095e0e..68781b59 100644 --- a/lib/classes/api/commands/class.Admins.php +++ b/lib/classes/api/commands/class.Admins.php @@ -86,11 +86,212 @@ class Admins extends ApiCommand implements ResourceEntity public function add() { + if ($this->isAdmin()) { + + // required parameters + $name = $this->getParam('name'); + $email = $this->getParam('email'); + + // parameters + $def_language = $this->getParam('def_language', true, ''); + $custom_notes = $this->getParam('custom_notes', true, ''); + $custom_notes_show = $this->getParam('custom_notes_show', true, 0); + $password = $this->getParam('admin_password', true, ''); + $sendpassword = $this->getParam('sendpassword', true, 0); + $loginname = $this->getParam('new_loginname', true, ''); + + $diskspace = $this->getUlParam('diskspace', 'diskspace_ul', true, 0); + $traffic = $this->getUlParam('traffic', 'traffic_ul', true, 0); + $customers = $this->getUlParam('customers', 'customers_ul', true, 0); + $domains = $this->getUlParam('domains', 'domains_ul', true, 0); + $subdomains = $this->getUlParam('subdomains', 'subdomains_ul', true, 0); + $emails = $this->getUlParam('emails', 'emails_ul', true, 0); + $email_accounts = $this->getUlParam('email_accounts', 'email_accounts_ul', true, 0); + $email_forwarders = $this->getUlParam('email_forwarders', 'email_forwarders_ul', true, 0); + $email_quota = $this->getUlParam('email_quota', 'email_quota_ul', true, 0); + $ftps = $this->getUlParam('ftps', 'ftps_ul', true, 0); + $tickets = $this->getUlParam('tickets', 'tickets_ul', true, 0); + $mysqls = $this->getUlParam('mysqls', 'mysqls_ul', true, 0); + + $customers_see_all = $this->getParam('customers_see_all', true, 0); + $domains_see_all = $this->getParam('domains_see_all', true, 0); + $tickets_see_all = $this->getParam('tickets_see_all', true, 0); + $caneditphpsettings = $this->getParam('caneditphpsettings', true, 0); + $change_serversettings = $this->getParam('change_serversettings', true, 0); + $ipaddress = intval_ressource($this->getParam('ipaddress', true, -1)); + + // validation + $name = validate($name, 'name', '', '', array(), true); + $idna_convert = new idna_convert_wrapper(); + $email = $idna_convert->encode(validate($email, 'email', '', '', array(), true)); + $def_language = validate($def_language, 'default language', '', '', array(), true); + $custom_notes = validate(str_replace("\r\n", "\n", $custom_notes), 'custom_notes', '/^[^\0]*$/', '', array(), true); + + if (Settings::Get('system.mail_quota_enabled') != '1') { + $email_quota = - 1; + } + + if (Settings::Get('ticket.enabled') != '1') { + $tickets = - 1; + } + + $password = validate($password, 'password', '', '', array(), true); + // only check if not empty, + // cause empty == generate password automatically + if ($password != '') { + $password = validatePassword($password, true); + } + + $diskspace = $diskspace * 1024; + $traffic = $traffic * 1024 * 1024; + + // Check if the account already exists + try { + $dup_check_result = Customers::getLocal($this->getUserData(), array( + 'loginname' => $loginname + ))->get(); + $loginname_check = json_decode($dup_check_result, true)['data']; + } catch (Exception $e) { + $loginname_check = array( + 'loginname' => '' + ); + } + + // Check if an admin with the loginname already exists + try { + $dup_check_result = Admins::getLocal($this->getUserData(), array( + 'loginname' => $loginname + ))->get(); + $loginname_check_admin = json_decode($dup_check_result, true)['data']; + } catch (Exception $e) { + $loginname_check_admin = array( + 'loginname' => '' + ); + } + + if ($loginname == '') { + standard_error(array( + 'stringisempty', + 'myloginname' + ), '', true); + } elseif (strtolower($loginname_check['loginname']) == strtolower($loginname) || strtolower($loginname_check_admin['loginname']) == strtolower($loginname)) { + standard_error('loginnameexists', $loginname, true); + } // Accounts which match systemaccounts are not allowed, filtering them + elseif (preg_match('/^' . preg_quote(Settings::Get('customer.accountprefix'), '/') . '([0-9]+)/', $loginname)) { + standard_error('loginnameissystemaccount', Settings::Get('customer.accountprefix'), true); + } elseif (! validateUsername($loginname)) { + standard_error('loginnameiswrong', $loginname, true); + } elseif ($name == '') { + standard_error(array( + 'stringisempty', + 'myname' + ), '', true); + } elseif ($email == '') { + standard_error(array( + 'stringisempty', + 'emailadd' + ), '', true); + } elseif (! validateEmail($email)) { + standard_error('emailiswrong', $email, true); + } else { + + if ($customers_see_all != '1') { + $customers_see_all = '0'; + } + + if ($domains_see_all != '1') { + $domains_see_all = '0'; + } + + if ($caneditphpsettings != '1') { + $caneditphpsettings = '0'; + } + + if ($change_serversettings != '1') { + $change_serversettings = '0'; + } + + if ($tickets_see_all != '1') { + $tickets_see_all = '0'; + } + + if ($password == '') { + $password = generatePassword(); + } + + $_theme = Settings::Get('panel.default_theme'); + + $ins_data = array( + 'loginname' => $loginname, + 'password' => makeCryptPassword($password), + 'name' => $name, + 'email' => $email, + 'lang' => $def_language, + 'change_serversettings' => $change_serversettings, + 'customers' => $customers, + 'customers_see_all' => $customers_see_all, + 'domains' => $domains, + 'domains_see_all' => $domains_see_all, + 'caneditphpsettings' => $caneditphpsettings, + 'diskspace' => $diskspace, + 'traffic' => $traffic, + 'subdomains' => $subdomains, + 'emails' => $emails, + 'accounts' => $email_accounts, + 'forwarders' => $email_forwarders, + 'quota' => $email_quota, + 'ftps' => $ftps, + 'tickets' => $tickets, + 'tickets_see_all' => $tickets_see_all, + 'mysqls' => $mysqls, + 'ip' => $ipaddress, + 'theme' => $_theme, + 'custom_notes' => $custom_notes, + 'custom_notes_show' => $custom_notes_show + ); + + $ins_stmt = Database::prepare(" + INSERT INTO `" . TABLE_PANEL_ADMINS . "` SET + `loginname` = :loginname, + `password` = :password, + `name` = :name, + `email` = :email, + `def_language` = :lang, + `change_serversettings` = :change_serversettings, + `customers` = :customers, + `customers_see_all` = :customers_see_all, + `domains` = :domains, + `domains_see_all` = :domains_see_all, + `caneditphpsettings` = :caneditphpsettings, + `diskspace` = :diskspace, + `traffic` = :traffic, + `subdomains` = :subdomains, + `emails` = :emails, + `email_accounts` = :accounts, + `email_forwarders` = :forwarders, + `email_quota` = :quota, + `ftps` = :ftps, + `tickets` = :tickets, + `tickets_see_all` = :tickets_see_all, + `mysqls` = :mysqls, + `ip` = :ip, + `theme` = :theme, + `custom_notes` = :custom_notes, + `custom_notes_show` = :custom_notes_show + "); + Database::pexecute($ins_stmt, $ins_data, true, true); + + $adminid = Database::lastInsertId(); + $ins_data['adminid'] = $adminid; + $this->logger()->logAction(ADM_ACTION, LOG_WARNING, "[API] added admin '" . $loginname . "'"); + return $this->response(200, "successfull", $admin_ins_data); + } + } + throw new Exception("Not allowed to execute given command.", 403); } public function update() - { - } + {} /** * delete a admin entry by either id or loginname @@ -106,8 +307,7 @@ class Admins extends ApiCommand implements ResourceEntity * @return array */ public function delete() - { - } + {} /** * unlock a locked admin by either id or loginname @@ -116,7 +316,7 @@ class Admins extends ApiCommand implements ResourceEntity * optional, the admin-id * @param string $loginname * optional, the loginname - * + * * @throws Exception * @return array */ @@ -126,18 +326,18 @@ class Admins extends ApiCommand implements ResourceEntity $id = $this->getParam('id', true, 0); $ln_optional = ($id <= 0 ? false : true); $loginname = $this->getParam('loginname', $ln_optional, ''); - + if ($id <= 0 && empty($loginname)) { throw new Exception("Either 'id' or 'loginname' parameter must be given", 406); } - + $json_result = Admins::getLocal($this->getUserData(), array( 'id' => $id, 'loginname' => $loginname ))->get(); $result = json_decode($json_result, true)['data']; $id = $result['adminid']; - + $result_stmt = Database::prepare(" UPDATE `" . TABLE_PANEL_ADMINS . "` SET `loginfail_count` = '0' @@ -146,7 +346,7 @@ class Admins extends ApiCommand implements ResourceEntity Database::pexecute($result_stmt, array( 'id' => $id ), true, true); - + $this->logger()->logAction(ADM_ACTION, LOG_WARNING, "[API] unlocked admin '" . $result['loginname'] . "'"); return $this->response(200, "successfull", $result); } diff --git a/lib/classes/api/commands/class.Customers.php b/lib/classes/api/commands/class.Customers.php index bfad0ba9..d707c7f8 100644 --- a/lib/classes/api/commands/class.Customers.php +++ b/lib/classes/api/commands/class.Customers.php @@ -144,7 +144,6 @@ class Customers extends ApiCommand implements ResourceEntity $loginname = $this->getParam('new_loginname', true, ''); // validation - $idna_convert = new idna_convert_wrapper(); $name = validate($name, 'name', '', '', array(), true); $firstname = validate($firstname, 'first name', '', '', array(), true); $company = validate($company, 'company', '', '', array(), true); @@ -233,20 +232,25 @@ class Customers extends ApiCommand implements ResourceEntity } // Check if the account already exists - $loginname_check_stmt = Database::prepare(" - SELECT `loginname` FROM `" . TABLE_PANEL_CUSTOMERS . "` WHERE `loginname` = :loginname - "); - $loginname_check = Database::pexecute_first($loginname_check_stmt, array( - 'loginname' => $loginname - ), true, true); - - $loginname_check_admin_stmt = Database::prepare(" - SELECT `loginname` FROM `" . TABLE_PANEL_ADMINS . "` WHERE `loginname` = :loginname - "); - $loginname_check_admin = Database::pexecute_first($loginname_check_admin_stmt, array( - 'loginname' => $loginname - ), true, true); - + try { + $dup_check_result = Customers::getLocal($this->getUserData(), array( + 'loginname' => $loginname + ))->get(); + $loginname_check = json_decode($dup_check_result, true)['data']; + } catch (Exception $e) { + $loginname_check = array('loginname' => ''); + } + + // Check if an admin with the loginname already exists + try { + $dup_check_result = Admins::getLocal($this->getUserData(), array( + 'loginname' => $loginname + ))->get(); + $loginname_check_admin = json_decode($dup_check_result, true)['data']; + } catch (Exception $e) { + $loginname_check_admin = array('loginname' => ''); + } + if (strtolower($loginname_check['loginname']) == strtolower($loginname) || strtolower($loginname_check_admin['loginname']) == strtolower($loginname)) { standard_error('loginnameexists', $loginname, true); } elseif (! validateUsername($loginname, Settings::Get('panel.unix_names'), 14 - strlen(Settings::Get('customer.mysqlprefix')))) { diff --git a/lib/classes/api/commands/class.PhpSettings.php b/lib/classes/api/commands/class.PhpSettings.php index 5507e454..8d0a5dd8 100644 --- a/lib/classes/api/commands/class.PhpSettings.php +++ b/lib/classes/api/commands/class.PhpSettings.php @@ -19,7 +19,7 @@ class PhpSettings extends ApiCommand implements ResourceEntity { /** - * lists all php-config entries + * lists all php-setting entries * * @return array count|list */ @@ -102,7 +102,7 @@ class PhpSettings extends ApiCommand implements ResourceEntity } /** - * return a php-config entry by id + * return a php-setting entry by id * * @param int $id php-settings-id * @@ -329,9 +329,9 @@ class PhpSettings extends ApiCommand implements ResourceEntity } /** - * delete a php-config entry by id + * delete a php-setting entry by id * - * @param int $id php-config-id + * @param int $id php-settings-id * * @throws Exception * @return array