maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

implemented new Setting-class, refs #1325

Browse Source 
Signed-off-by: Roman Schmerold (BNoiZe) <bnoize@froxlor.org>
This commit is contained in:
Roman Schmerold (BNoiZe)
2013-12-15 12:24:32 +01:00
parent 276d6b30d1
commit eb33493c79
9 changed files with 445 additions and 451 deletions
Download Patch File Download Diff File Expand all files Collapse all files

214
customer_domains.php
View File

@@ -20,22 +20,22 @@
define('AREA', 'customer'); define('AREA', 'customer');
require './lib/init.php'; require './lib/init.php';
if(isset($_POST['id'])) { if (isset($_POST['id'])) {
$id = intval($_POST['id']); $id = intval($_POST['id']);
} elseif(isset($_GET['id'])) { } elseif (isset($_GET['id'])) {
$id = intval($_GET['id']); $id = intval($_GET['id']);
} }
if($page == 'overview') { if ($page == 'overview') {
$log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_domains"); $log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_domains");
eval("echo \"" . getTemplate("domains/domains") . "\";"); eval("echo \"" . getTemplate("domains/domains") . "\";");
} elseif($page == 'domains') { } elseif ($page == 'domains') {
if($action == '') { if ($action == '') {
$log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_domains::domains"); $log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_domains::domains");
$fields = array( $fields = array(
'd.domain' => $lng['domains']['domainname'] 'd.domain' => $lng['domains']['domainname']
); );
$paging = new paging($userinfo, TABLE_PANEL_DOMAINS, $fields, $settings['panel']['paging'], $settings['panel']['natsorting']); $paging = new paging($userinfo, TABLE_PANEL_DOMAINS, $fields);
$domains_stmt = Database::prepare("SELECT `d`.`id`, `d`.`customerid`, `d`.`domain`, `d`.`documentroot`, `d`.`isemaildomain`, `d`.`caneditdomain`, `d`.`iswildcarddomain`, `d`.`parentdomainid`, `ad`.`id` AS `aliasdomainid`, `ad`.`domain` AS `aliasdomain`, `da`.`id` AS `domainaliasid`, `da`.`domain` AS `domainalias` FROM `" . TABLE_PANEL_DOMAINS . "` `d` $domains_stmt = Database::prepare("SELECT `d`.`id`, `d`.`customerid`, `d`.`domain`, `d`.`documentroot`, `d`.`isemaildomain`, `d`.`caneditdomain`, `d`.`iswildcarddomain`, `d`.`parentdomainid`, `ad`.`id` AS `aliasdomainid`, `ad`.`domain` AS `aliasdomain`, `da`.`id` AS `domainaliasid`, `da`.`domain` AS `domainalias` FROM `" . TABLE_PANEL_DOMAINS . "` `d`
LEFT JOIN `" . TABLE_PANEL_DOMAINS . "` `ad` ON `d`.`aliasdomain`=`ad`.`id` LEFT JOIN `" . TABLE_PANEL_DOMAINS . "` `ad` ON `d`.`aliasdomain`=`ad`.`id`
LEFT JOIN `" . TABLE_PANEL_DOMAINS . "` `da` ON `da`.`aliasdomain`=`d`.`id` LEFT JOIN `" . TABLE_PANEL_DOMAINS . "` `da` ON `da`.`aliasdomain`=`d`.`id`
@@ -54,12 +54,12 @@ if($page == 'overview') {
$domains_count = 0; $domains_count = 0;
$domain_array = array(); $domain_array = array();
while($row = $domains_stmt->fetch(PDO::FETCH_ASSOC)) { while ($row = $domains_stmt->fetch(PDO::FETCH_ASSOC)) {
$row['domain'] = $idna_convert->decode($row['domain']); $row['domain'] = $idna_convert->decode($row['domain']);
$row['aliasdomain'] = $idna_convert->decode($row['aliasdomain']); $row['aliasdomain'] = $idna_convert->decode($row['aliasdomain']);
$row['domainalias'] = $idna_convert->decode($row['domainalias']); $row['domainalias'] = $idna_convert->decode($row['domainalias']);
if($row['parentdomainid'] == '0' && $row['caneditdomain'] == '1') { if ($row['parentdomainid'] == '0' && $row['caneditdomain'] == '1') {
$parentdomains_count++; $parentdomains_count++;
} }
@@ -93,13 +93,13 @@ if($page == 'overview') {
ksort($domain_array); ksort($domain_array);
$domain_id_array = array(); $domain_id_array = array();
foreach($domain_array as $sortkey => $row) { foreach ($domain_array as $sortkey => $row) {
$domain_id_array[$row['id']] = $sortkey; $domain_id_array[$row['id']] = $sortkey;
} }
$domain_sort_array = array(); $domain_sort_array = array();
foreach($domain_array as $sortkey => $row) { foreach ($domain_array as $sortkey => $row) {
if($row['parentdomainid'] == 0) { if ($row['parentdomainid'] == 0) {
$domain_sort_array[$sortkey][$sortkey] = $row; $domain_sort_array[$sortkey][$sortkey] = $row;
} else { } else {
$domain_sort_array[$domain_id_array[$row['parentdomainid']]][$sortkey] = $row; $domain_sort_array[$domain_id_array[$row['parentdomainid']]][$sortkey] = $row;
@@ -108,37 +108,37 @@ if($page == 'overview') {
$domain_array = array(); $domain_array = array();
if($paging->sortfield == 'd.domain' && $paging->sortorder == 'asc') { if ($paging->sortfield == 'd.domain' && $paging->sortorder == 'asc') {
ksort($domain_sort_array); ksort($domain_sort_array);
} elseif($paging->sortfield == 'd.domain' && $paging->sortorder == 'desc') { } elseif ($paging->sortfield == 'd.domain' && $paging->sortorder == 'desc') {
krsort($domain_sort_array); krsort($domain_sort_array);
} }
$i = 0; $i = 0;
foreach($domain_sort_array as $sortkey => $domain_array) { foreach ($domain_sort_array as $sortkey => $domain_array) {
if($paging->checkDisplay($i)) { if ($paging->checkDisplay($i)) {
$row = htmlentities_array($domain_array[$sortkey]); $row = htmlentities_array($domain_array[$sortkey]);
if($settings['system']['awstats_enabled'] == '1') { if (Settings::Get('system.awstats_enabled') == '1') {
$statsapp = 'awstats'; $statsapp = 'awstats';
} else { } else {
$statsapp = 'webalizer'; $statsapp = 'webalizer';
} }
eval("\$domains.=\"" . getTemplate("domains/domains_delimiter") . "\";"); eval("\$domains.=\"" . getTemplate("domains/domains_delimiter") . "\";");
if($paging->sortfield == 'd.domain' && $paging->sortorder == 'asc') { if ($paging->sortfield == 'd.domain' && $paging->sortorder == 'asc') {
ksort($domain_array); ksort($domain_array);
} elseif($paging->sortfield == 'd.domain' && $paging->sortorder == 'desc') { } elseif ($paging->sortfield == 'd.domain' && $paging->sortorder == 'desc') {
krsort($domain_array); krsort($domain_array);
} }
foreach($domain_array as $row) { foreach ($domain_array as $row) {
if(strpos($row['documentroot'], $userinfo['documentroot']) === 0) { if (strpos($row['documentroot'], $userinfo['documentroot']) === 0) {
$row['documentroot'] = makeCorrectDir(substr($row['documentroot'], strlen($userinfo['documentroot']))); $row['documentroot'] = makeCorrectDir(substr($row['documentroot'], strlen($userinfo['documentroot'])));
} }
// get ssl-ips if activated // get ssl-ips if activated
$show_ssledit = false; $show_ssledit = false;
if ($settings['system']['use_ssl'] == '1' && domainHasSslIpPort($row['id']) && $row['caneditdomain'] == '1') { if (Settings::Get('system.use_ssl') == '1' && domainHasSslIpPort($row['id']) && $row['caneditdomain'] == '1') {
$show_ssledit = true; $show_ssledit = true;
} }
$row = htmlentities_array($row); $row = htmlentities_array($row);
@@ -150,29 +150,29 @@ if($page == 'overview') {
} }
eval("echo \"" . getTemplate("domains/domainlist") . "\";"); eval("echo \"" . getTemplate("domains/domainlist") . "\";");
} elseif($action == 'delete' && $id != 0) { } elseif ($action == 'delete' && $id != 0) {
$stmt = Database::prepare("SELECT `id`, `customerid`, `domain`, `documentroot`, `isemaildomain`, `parentdomainid` FROM `" . TABLE_PANEL_DOMAINS . "` $stmt = Database::prepare("SELECT `id`, `customerid`, `domain`, `documentroot`, `isemaildomain`, `parentdomainid` FROM `" . TABLE_PANEL_DOMAINS . "`
WHERE `customerid` = :customerid WHERE `customerid` = :customerid
AND `id` = :id" AND `id` = :id"
); );
Database::pexecute($stmt, array("customerid" => $userinfo['customerid'], "id" => $id)); Database::pexecute($stmt, array("customerid" => $userinfo['customerid'], "id" => $id));
$result = $stmt->fetch(PDO::FETCH_ASSOC); $result = $stmt->fetch(PDO::FETCH_ASSOC);
$alias_stmt = Database::prepare("SELECT COUNT(`id`) AS `count` FROM `" . TABLE_PANEL_DOMAINS . "` WHERE `aliasdomain` = :aliasdomain"); $alias_stmt = Database::prepare("SELECT COUNT(`id`) AS `count` FROM `" . TABLE_PANEL_DOMAINS . "` WHERE `aliasdomain` = :aliasdomain");
Database::pexecute($alias_stmt, array("aliasdomain" => $id)); Database::pexecute($alias_stmt, array("aliasdomain" => $id));
$alias_check = $alias_stmt->fetch(PDO::FETCH_ASSOC); $alias_check = $alias_stmt->fetch(PDO::FETCH_ASSOC);
if(isset($result['parentdomainid']) && $result['parentdomainid'] != '0' && $alias_check['count'] == 0) { if (isset($result['parentdomainid']) && $result['parentdomainid'] != '0' && $alias_check['count'] == 0) {
if(isset($_POST['send']) && $_POST['send'] == 'send') { if (isset($_POST['send']) && $_POST['send'] == 'send') {
if($result['isemaildomain'] == '1') { if ($result['isemaildomain'] == '1') {
$emails_stmt = Database::prepare("SELECT COUNT(`id`) AS `count` FROM `" . TABLE_MAIL_VIRTUAL . "` $emails_stmt = Database::prepare("SELECT COUNT(`id`) AS `count` FROM `" . TABLE_MAIL_VIRTUAL . "`
WHERE `customerid` = :customerid WHERE `customerid` = :customerid
AND `domainid` = :domainid" AND `domainid` = :domainid"
); );
Database::pexecute($emails_stmt, array("customerid" => $userinfo['customerid'], "domainid" => $id)); Database::pexecute($emails_stmt, array("customerid" => $userinfo['customerid'], "domainid" => $id));
$emails = $emails_stmt->fetch(PDO::FETCH_ASSOC); $emails = $emails_stmt->fetch(PDO::FETCH_ASSOC);
if($emails['count'] != '0') { if ($emails['count'] != '0') {
standard_error('domains_cantdeletedomainwithemail'); standard_error('domains_cantdeletedomainwithemail');
} }
} }
@@ -183,29 +183,29 @@ if($page == 'overview') {
AND `id` = :id" AND `id` = :id"
); );
Database::pexecute($stmt, array("customerid" => $userinfo['customerid'], "id" => $id)); Database::pexecute($stmt, array("customerid" => $userinfo['customerid'], "id" => $id));
$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` $stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "`
SET `subdomains_used` = `subdomains_used` - 1 SET `subdomains_used` = `subdomains_used` - 1
WHERE `customerid` = :customerid" WHERE `customerid` = :customerid"
); );
Database::pexecute($stmt, array("customerid" => $userinfo['customerid'])); Database::pexecute($stmt, array("customerid" => $userinfo['customerid']));
inserttask('1'); inserttask('1');
// Using nameserver, insert a task which rebuilds the server config // Using nameserver, insert a task which rebuilds the server config
inserttask('4'); inserttask('4');
redirectTo($filename, Array('page' => $page, 's' => $s)); redirectTo($filename, array('page' => $page, 's' => $s));
} else { } else {
ask_yesno('domains_reallydelete', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $idna_convert->decode($result['domain'])); ask_yesno('domains_reallydelete', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $idna_convert->decode($result['domain']));
} }
} else { } else {
standard_error('domains_cantdeletemaindomain'); standard_error('domains_cantdeletemaindomain');
} }
} elseif($action == 'add') { } elseif ($action == 'add') {
if($userinfo['subdomains_used'] < $userinfo['subdomains'] || $userinfo['subdomains'] == '-1') { if ($userinfo['subdomains_used'] < $userinfo['subdomains'] || $userinfo['subdomains'] == '-1') {
if(isset($_POST['send']) && $_POST['send'] == 'send') { if (isset($_POST['send']) && $_POST['send'] == 'send') {
$subdomain = $idna_convert->encode(preg_replace(Array('/\:(\d)+$/', '/^https?\:\/\//'), '', validate($_POST['subdomain'], 'subdomain', '', 'subdomainiswrong'))); $subdomain = $idna_convert->encode(preg_replace(array('/\:(\d)+$/', '/^https?\:\/\//'), '', validate($_POST['subdomain'], 'subdomain', '', 'subdomainiswrong')));
$domain = $idna_convert->encode($_POST['domain']); $domain = $idna_convert->encode($_POST['domain']);
$domain_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_DOMAINS . "` $domain_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_DOMAINS . "`
WHERE `domain` = :domain WHERE `domain` = :domain
@@ -215,7 +215,7 @@ if($page == 'overview') {
AND `caneditdomain` = '1'" AND `caneditdomain` = '1'"
); );
$domain_check = Database::pexecute_first($domain_stmt, array("domain" => $domain, "customerid" => $userinfo['customerid'])); $domain_check = Database::pexecute_first($domain_stmt, array("domain" => $domain, "customerid" => $userinfo['customerid']));
$completedomain = $subdomain . '.' . $domain; $completedomain = $subdomain . '.' . $domain;
$completedomain_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_DOMAINS . "` $completedomain_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_DOMAINS . "`
WHERE `domain` = :domain WHERE `domain` = :domain
@@ -224,12 +224,12 @@ if($page == 'overview') {
AND `caneditdomain` = '1'" AND `caneditdomain` = '1'"
); );
$completedomain_check = Database::pexecute_first($completedomain_stmt, array("domain" => $completedomain, "customerid" => $userinfo['customerid'])); $completedomain_check = Database::pexecute_first($completedomain_stmt, array("domain" => $completedomain, "customerid" => $userinfo['customerid']));
$aliasdomain = intval($_POST['alias']); $aliasdomain = intval($_POST['alias']);
$aliasdomain_check = array('id' => 0); $aliasdomain_check = array('id' => 0);
$_doredirect = false; $_doredirect = false;
if($aliasdomain != 0) { if ($aliasdomain != 0) {
// also check ip/port combination to be the same, #176 // also check ip/port combination to be the same, #176
$aliasdomain_stmt = Database::prepare("SELECT `d`.`id` FROM `" . TABLE_PANEL_DOMAINS . "` `d` , `" . TABLE_PANEL_CUSTOMERS . "` `c` , `".TABLE_DOMAINTOIP."` `dip` $aliasdomain_stmt = Database::prepare("SELECT `d`.`id` FROM `" . TABLE_PANEL_DOMAINS . "` `d` , `" . TABLE_PANEL_CUSTOMERS . "` `c` , `".TABLE_DOMAINTOIP."` `dip`
WHERE `d`.`aliasdomain` IS NULL WHERE `d`.`aliasdomain` IS NULL
@@ -247,17 +247,17 @@ if($page == 'overview') {
$aliasdomain_check = Database::pexecute_first($aliasdomain_stmt, array("id" => $aliasdomain, "customerid" => $userinfo['customerid'])); $aliasdomain_check = Database::pexecute_first($aliasdomain_stmt, array("id" => $aliasdomain, "customerid" => $userinfo['customerid']));
} }
if(isset($_POST['url']) && $_POST['url'] != '' && validateUrl($idna_convert->encode($_POST['url']))) { if (isset($_POST['url']) && $_POST['url'] != '' && validateUrl($idna_convert->encode($_POST['url']))) {
$path = $_POST['url']; $path = $_POST['url'];
$_doredirect = true; $_doredirect = true;
} else { } else {
$path = validate($_POST['path'], 'path'); $path = validate($_POST['path'], 'path');
} }
if(!preg_match('/^https?\:\/\//', $path) || !validateUrl($idna_convert->encode($path))) { if (!preg_match('/^https?\:\/\//', $path) || !validateUrl($idna_convert->encode($path))) {
// If path is empty or '/' and 'Use domain name as default value for DocumentRoot path' is enabled in settings, // If path is empty or '/' and 'Use domain name as default value for DocumentRoot path' is enabled in settings,
// set default path to subdomain or domain name // set default path to subdomain or domain name
if((($path == '') || ($path == '/')) && $settings['system']['documentroot_use_default_value'] == 1) { if ((($path == '') || ($path == '/')) && Settings::Get('system.documentroot_use_default_value') == 1) {
$path = makeCorrectDir($userinfo['documentroot'] . '/' . $completedomain); $path = makeCorrectDir($userinfo['documentroot'] . '/' . $completedomain);
} else { } else {
$path = makeCorrectDir($userinfo['documentroot'] . '/' . $path); $path = makeCorrectDir($userinfo['documentroot'] . '/' . $path);
@@ -285,19 +285,19 @@ if($page == 'overview') {
} }
} }
if($path == '') { if ($path == '') {
standard_error('patherror'); standard_error('patherror');
} elseif($subdomain == '') { } elseif ($subdomain == '') {
standard_error(array('stringisempty', 'domainname')); standard_error(array('stringisempty', 'domainname'));
} elseif($subdomain == 'www' && $domain_check['wwwserveralias'] == '1') { } elseif ($subdomain == 'www' && $domain_check['wwwserveralias'] == '1') {
standard_error('wwwnotallowed'); standard_error('wwwnotallowed');
} elseif($domain == '') { } elseif ($domain == '') {
standard_error('domaincantbeempty'); standard_error('domaincantbeempty');
} elseif(strtolower($completedomain_check['domain']) == strtolower($completedomain)) { } elseif (strtolower($completedomain_check['domain']) == strtolower($completedomain)) {
standard_error('domainexistalready', $completedomain); standard_error('domainexistalready', $completedomain);
} elseif(strtolower($domain_check['domain']) != strtolower($domain)) { } elseif (strtolower($domain_check['domain']) != strtolower($domain)) {
standard_error('maindomainnonexist', $domain); standard_error('maindomainnonexist', $domain);
} elseif($aliasdomain_check['id'] != $aliasdomain) { } elseif ($aliasdomain_check['id'] != $aliasdomain) {
standard_error('domainisaliasorothercustomer'); standard_error('domainisaliasorothercustomer');
} else { } else {
// get the phpsettingid from parentdomain, #107 // get the phpsettingid from parentdomain, #107
@@ -306,24 +306,24 @@ if($page == 'overview') {
); );
Database::pexecute($phpsid_stmt, array("id" => $domain_check['id'])); Database::pexecute($phpsid_stmt, array("id" => $domain_check['id']));
$phpsid_result = $phpsid_stmt->fetch(PDO::FETCH_ASSOC); $phpsid_result = $phpsid_stmt->fetch(PDO::FETCH_ASSOC);
if(!isset($phpsid_result['phpsettingid']) || (int)$phpsid_result['phpsettingid'] <= 0) { if (!isset($phpsid_result['phpsettingid']) || (int)$phpsid_result['phpsettingid'] <= 0) {
// assign default config // assign default config
$phpsid_result['phpsettingid'] = 1; $phpsid_result['phpsettingid'] = 1;
} }
$stmt = Database::prepare("INSERT INTO `" . TABLE_PANEL_DOMAINS . "` SET $stmt = Database::prepare("INSERT INTO `" . TABLE_PANEL_DOMAINS . "` SET
`customerid` = :customerid, `customerid` = :customerid,
`domain` = :domain, `domain` = :domain,
`documentroot` = :documentroot, `documentroot` = :documentroot,
`aliasdomain` = :aliasdomain, `aliasdomain` = :aliasdomain,
`parentdomainid` = :parentdomainid, `parentdomainid` = :parentdomainid,
`isemaildomain` = :isemaildomain, `isemaildomain` = :isemaildomain,
`openbasedir` = :openbasedir, `openbasedir` = :openbasedir,
`openbasedir_path` = :openbasedir_path, `openbasedir_path` = :openbasedir_path,
`speciallogfile` = :speciallogfile, `speciallogfile` = :speciallogfile,
`specialsettings` = :specialsettings, `specialsettings` = :specialsettings,
`ssl_redirect` = :ssl_redirect, `ssl_redirect` = :ssl_redirect,
`phpsettingid` = :phpsettingid" `phpsettingid` = :phpsettingid"
); );
$params = array( $params = array(
@@ -342,12 +342,12 @@ if($page == 'overview') {
); );
Database::pexecute($stmt, $params); Database::pexecute($stmt, $params);
if($_doredirect) { if ($_doredirect) {
$did = Database::lastInsertId(); $did = Database::lastInsertId();
$redirect = isset($_POST['redirectcode']) ? (int)$_POST['redirectcode'] : $settings['customredirect']['default']; $redirect = isset($_POST['redirectcode']) ? (int)$_POST['redirectcode'] : Settings::Get('customredirect.default');
addRedirectToDomain($did, $redirect); addRedirectToDomain($did, $redirect);
} }
$stmt = Database::prepare("INSERT INTO `".TABLE_DOMAINTOIP."` $stmt = Database::prepare("INSERT INTO `".TABLE_DOMAINTOIP."`
(`id_domain`, `id_ipandports`) (`id_domain`, `id_ipandports`)
SELECT LAST_INSERT_ID(), `id_ipandports` SELECT LAST_INSERT_ID(), `id_ipandports`
@@ -361,7 +361,7 @@ if($page == 'overview') {
WHERE `customerid` = :customerid" WHERE `customerid` = :customerid"
); );
Database::pexecute($stmt, array("customerid" => $userinfo['customerid'])); Database::pexecute($stmt, array("customerid" => $userinfo['customerid']));
$log->logAction(USR_ACTION, LOG_INFO, "added subdomain '" . $completedomain . "'"); $log->logAction(USR_ACTION, LOG_INFO, "added subdomain '" . $completedomain . "'");
inserttask('1'); inserttask('1');
@@ -381,7 +381,7 @@ if($page == 'overview') {
Database::pexecute($stmt, array("customerid" => $userinfo['customerid'])); Database::pexecute($stmt, array("customerid" => $userinfo['customerid']));
$domains = ''; $domains = '';
while($row = $stmt->fetch(PDO::FETCH_ASSOC)) { while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
$domains .= makeoption($idna_convert->decode($row['domain']), $row['domain']); $domains .= makeoption($idna_convert->decode($row['domain']), $row['domain']);
} }
@@ -396,15 +396,15 @@ if($page == 'overview') {
); );
Database::pexecute($domains_stmt, array("customerid" => $userinfo['customerid'])); Database::pexecute($domains_stmt, array("customerid" => $userinfo['customerid']));
while($row_domain = $domains_stmt->fetch(PDO::FETCH_ASSOC)) { while ($row_domain = $domains_stmt->fetch(PDO::FETCH_ASSOC)) {
$aliasdomains .= makeoption($idna_convert->decode($row_domain['domain']), $row_domain['id']); $aliasdomains .= makeoption($idna_convert->decode($row_domain['domain']), $row_domain['id']);
} }
$redirectcode = ''; $redirectcode = '';
if($settings['customredirect']['enabled'] == '1') { if (Settings::Get('customredirect.enabled') == '1') {
$codes = getRedirectCodesArray(); $codes = getRedirectCodesArray();
foreach($codes as $rc) { foreach ($codes as $rc) {
$redirectcode .= makeoption($rc['code']. ' ('.$lng['redirect_desc'][$rc['desc']].')', $rc['id'], $settings['customredirect']['default']); $redirectcode .= makeoption($rc['code']. ' ('.$lng['redirect_desc'][$rc['desc']].')', $rc['id']);
} }
} }
@@ -418,7 +418,7 @@ if($page == 'overview') {
} }
$openbasedir = makeoption($lng['domain']['docroot'], 0, NULL, true) . makeoption($lng['domain']['homedir'], 1, NULL, true); $openbasedir = makeoption($lng['domain']['docroot'], 0, NULL, true) . makeoption($lng['domain']['homedir'], 1, NULL, true);
$pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid'], $settings['panel']['pathedit']); $pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid']);
$subdomain_add_data = include_once dirname(__FILE__).'/lib/formfields/customer/domains/formfield.domains_add.php'; $subdomain_add_data = include_once dirname(__FILE__).'/lib/formfields/customer/domains/formfield.domains_add.php';
$subdomain_add_form = htmlform::genHTMLForm($subdomain_add_data); $subdomain_add_form = htmlform::genHTMLForm($subdomain_add_data);
@@ -429,38 +429,38 @@ if($page == 'overview') {
eval("echo \"" . getTemplate("domains/domains_add") . "\";"); eval("echo \"" . getTemplate("domains/domains_add") . "\";");
} }
} }
} elseif($action == 'edit' && $id != 0) { } elseif ($action == 'edit' && $id != 0) {
$stmt = Database::prepare("SELECT `d`.`id`, `d`.`customerid`, `d`.`domain`, `d`.`documentroot`, `d`.`isemaildomain`, `d`.`wwwserveralias`, `d`.`iswildcarddomain`, $stmt = Database::prepare("SELECT `d`.`id`, `d`.`customerid`, `d`.`domain`, `d`.`documentroot`, `d`.`isemaildomain`, `d`.`wwwserveralias`, `d`.`iswildcarddomain`,
`d`.`parentdomainid`, `d`.`ssl_redirect`, `d`.`aliasdomain`, `d`.`openbasedir`, `d`.`openbasedir_path`, `pd`.`subcanemaildomain` `d`.`parentdomainid`, `d`.`ssl_redirect`, `d`.`aliasdomain`, `d`.`openbasedir`, `d`.`openbasedir_path`, `pd`.`subcanemaildomain`
FROM `" . TABLE_PANEL_DOMAINS . "` `d`, `" . TABLE_PANEL_DOMAINS . "` `pd` FROM `" . TABLE_PANEL_DOMAINS . "` `d`, `" . TABLE_PANEL_DOMAINS . "` `pd`
WHERE `d`.`customerid` = :customerid WHERE `d`.`customerid` = :customerid
AND `d`.`id` = :id AND `d`.`id` = :id
AND ((`d`.`parentdomainid`!='0' AND ((`d`.`parentdomainid`!='0'
AND `pd`.`id` = `d`.`parentdomainid`) AND `pd`.`id` = `d`.`parentdomainid`)
OR (`d`.`parentdomainid`='0' OR (`d`.`parentdomainid`='0'
AND `pd`.`id` = `d`.`id`)) AND `pd`.`id` = `d`.`id`))
AND `d`.`caneditdomain`='1'"); AND `d`.`caneditdomain`='1'");
$result = Database::pexecute_first($stmt, array("customerid" => $userinfo['customerid'], "id" => $id)); $result = Database::pexecute_first($stmt, array("customerid" => $userinfo['customerid'], "id" => $id));
$alias_stmt = Database::prepare("SELECT COUNT(`id`) AS count FROM `" . TABLE_PANEL_DOMAINS . "` WHERE `aliasdomain`= :aliasdomain"); $alias_stmt = Database::prepare("SELECT COUNT(`id`) AS count FROM `" . TABLE_PANEL_DOMAINS . "` WHERE `aliasdomain`= :aliasdomain");
$alias_check = Database::pexecute_first($alias_stmt, array("aliasdomain" => $result['id'])); $alias_check = Database::pexecute_first($alias_stmt, array("aliasdomain" => $result['id']));
$alias_check = $alias_check['count']; $alias_check = $alias_check['count'];
$_doredirect = false; $_doredirect = false;
if(isset($result['customerid']) && $result['customerid'] == $userinfo['customerid']) { if (isset($result['customerid']) && $result['customerid'] == $userinfo['customerid']) {
if(isset($_POST['send']) && $_POST['send'] == 'send') { if (isset($_POST['send']) && $_POST['send'] == 'send') {
if(isset($_POST['url']) && $_POST['url'] != '' && validateUrl($idna_convert->encode($_POST['url']))) { if (isset($_POST['url']) && $_POST['url'] != '' && validateUrl($idna_convert->encode($_POST['url']))) {
$path = $_POST['url']; $path = $_POST['url'];
$_doredirect = true; $_doredirect = true;
} else { } else {
$path = validate($_POST['path'], 'path'); $path = validate($_POST['path'], 'path');
} }
if(!preg_match('/^https?\:\/\//', $path) || !validateUrl($idna_convert->encode($path))) { if (!preg_match('/^https?\:\/\//', $path) || !validateUrl($idna_convert->encode($path))) {
// If path is empty or '/' and 'Use domain name as default value for DocumentRoot path' is enabled in settings, // If path is empty or '/' and 'Use domain name as default value for DocumentRoot path' is enabled in settings,
// set default path to subdomain or domain name // set default path to subdomain or domain name
if((($path == '') || ($path == '/')) && $settings['system']['documentroot_use_default_value'] == 1) { if ((($path == '') || ($path == '/')) && Settings::Get('system.documentroot_use_default_value') == 1) {
$path = makeCorrectDir($userinfo['documentroot'] . '/' . $result['domain']); $path = makeCorrectDir($userinfo['documentroot'] . '/' . $result['domain']);
} else { } else {
$path = makeCorrectDir($userinfo['documentroot'] . '/' . $path); $path = makeCorrectDir($userinfo['documentroot'] . '/' . $path);
@@ -474,7 +474,7 @@ if($page == 'overview') {
$aliasdomain = intval($_POST['alias']); $aliasdomain = intval($_POST['alias']);
if(isset($_POST['selectserveralias']) && $result['parentdomainid'] == '0' ) { if (isset($_POST['selectserveralias']) && $result['parentdomainid'] == '0' ) {
$iswildcarddomain = ($_POST['selectserveralias'] == '0') ? '1' : '0'; $iswildcarddomain = ($_POST['selectserveralias'] == '0') ? '1' : '0';
$wwwserveralias = ($_POST['selectserveralias'] == '1') ? '1' : '0'; $wwwserveralias = ($_POST['selectserveralias'] == '1') ? '1' : '0';
} else { } else {
@@ -482,7 +482,7 @@ if($page == 'overview') {
$wwwserveralias = '0'; $wwwserveralias = '0';
} }
if($result['parentdomainid'] != '0' && ($result['subcanemaildomain'] == '1' || $result['subcanemaildomain'] == '2') && isset($_POST['isemaildomain'])) { if ($result['parentdomainid'] != '0' && ($result['subcanemaildomain'] == '1' || $result['subcanemaildomain'] == '2') && isset($_POST['isemaildomain'])) {
$isemaildomain = intval($_POST['isemaildomain']); $isemaildomain = intval($_POST['isemaildomain']);
} else { } else {
$isemaildomain = $result['isemaildomain']; $isemaildomain = $result['isemaildomain'];
@@ -490,7 +490,7 @@ if($page == 'overview') {
$aliasdomain_check = array('id' => 0); $aliasdomain_check = array('id' => 0);
if($aliasdomain != 0) { if ($aliasdomain != 0) {
$aliasdomain_stmt = Database::prepare("SELECT `id` FROM `" . TABLE_PANEL_DOMAINS . "` `d`,`" . TABLE_PANEL_CUSTOMERS . "` `c` $aliasdomain_stmt = Database::prepare("SELECT `id` FROM `" . TABLE_PANEL_DOMAINS . "` `d`,`" . TABLE_PANEL_CUSTOMERS . "` `c`
WHERE `d`.`customerid`= :customerid WHERE `d`.`customerid`= :customerid
AND `d`.`aliasdomain` IS NULL AND `d`.`aliasdomain` IS NULL
@@ -501,11 +501,11 @@ if($page == 'overview') {
$aliasdomain_check = Database::pexecute_first($aliasdomain_stmt, array("customerid" => $result['customerid'], "id" => $aliasdomain)); $aliasdomain_check = Database::pexecute_first($aliasdomain_stmt, array("customerid" => $result['customerid'], "id" => $aliasdomain));
} }
if($aliasdomain_check['id'] != $aliasdomain) { if ($aliasdomain_check['id'] != $aliasdomain) {
standard_error('domainisaliasorothercustomer'); standard_error('domainisaliasorothercustomer');
} }
if(isset($_POST['openbasedir_path']) && $_POST['openbasedir_path'] == '1') { if (isset($_POST['openbasedir_path']) && $_POST['openbasedir_path'] == '1') {
$openbasedir_path = '1'; $openbasedir_path = '1';
} else { } else {
$openbasedir_path = '0'; $openbasedir_path = '0';
@@ -523,10 +523,10 @@ if($page == 'overview') {
$ssl_redirect = '0'; $ssl_redirect = '0';
} }
if($path == '') { if ($path == '') {
standard_error('patherror'); standard_error('patherror');
} else { } else {
if(($result['isemaildomain'] == '1') && ($isemaildomain == '0')) { if (($result['isemaildomain'] == '1') && ($isemaildomain == '0')) {
$params = array("customerid" => $userinfo['customerid'], "domainid" => $id); $params = array("customerid" => $userinfo['customerid'], "domainid" => $id);
$stmt = Database::prepare("DELETE FROM `" . TABLE_MAIL_USERS . "` WHERE `customerid`= :customerid AND `domainid`= :domainid"); $stmt = Database::prepare("DELETE FROM `" . TABLE_MAIL_USERS . "` WHERE `customerid`= :customerid AND `domainid`= :domainid");
Database::pexecute($stmt, $params); Database::pexecute($stmt, $params);
@@ -535,20 +535,20 @@ if($page == 'overview') {
$log->logAction(USR_ACTION, LOG_NOTICE, "automatically deleted mail-table entries for '" . $idna_convert->decode($result['domain']) . "'"); $log->logAction(USR_ACTION, LOG_NOTICE, "automatically deleted mail-table entries for '" . $idna_convert->decode($result['domain']) . "'");
} }
if($_doredirect) { if ($_doredirect) {
$redirect = isset($_POST['redirectcode']) ? (int)$_POST['redirectcode'] : false; $redirect = isset($_POST['redirectcode']) ? (int)$_POST['redirectcode'] : false;
updateRedirectOfDomain($id, $redirect); updateRedirectOfDomain($id, $redirect);
} }
if($path != $result['documentroot'] if ($path != $result['documentroot']
|| $isemaildomain != $result['isemaildomain'] || $isemaildomain != $result['isemaildomain']
|| $wwwserveralias != $result['wwwserveralias'] || $wwwserveralias != $result['wwwserveralias']
|| $iswildcarddomain != $result['iswildcarddomain'] || $iswildcarddomain != $result['iswildcarddomain']
|| $aliasdomain != $result['aliasdomain'] || $aliasdomain != $result['aliasdomain']
|| $openbasedir_path != $result['openbasedir_path'] || $openbasedir_path != $result['openbasedir_path']
|| $ssl_redirect != $result['ssl_redirect']) { || $ssl_redirect != $result['ssl_redirect']) {
$log->logAction(USR_ACTION, LOG_INFO, "edited domain '" . $idna_convert->decode($result['domain']) . "'"); $log->logAction(USR_ACTION, LOG_INFO, "edited domain '" . $idna_convert->decode($result['domain']) . "'");
$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_DOMAINS . "` SET $stmt = Database::prepare("UPDATE `" . TABLE_PANEL_DOMAINS . "` SET
`documentroot`= :documentroot, `documentroot`= :documentroot,
`isemaildomain`= :isemaildomain, `isemaildomain`= :isemaildomain,
@@ -579,11 +579,11 @@ if($page == 'overview') {
} }
redirectTo($filename, Array('page' => $page, 's' => $s)); redirectTo($filename, array('page' => $page, 's' => $s));
} }
} else { } else {
$result['domain'] = $idna_convert->decode($result['domain']); $result['domain'] = $idna_convert->decode($result['domain']);
$domains = makeoption($lng['domains']['noaliasdomain'], 0, $result['aliasdomain'], true); $domains = makeoption($lng['domains']['noaliasdomain'], 0, $result['aliasdomain'], true);
// also check ip/port combination to be the same, #176 // also check ip/port combination to be the same, #176
$domains_stmt = Database::prepare("SELECT `d`.`id`, `d`.`domain` FROM `" . TABLE_PANEL_DOMAINS . "` `d` , `" . TABLE_PANEL_CUSTOMERS . "` `c` , `".TABLE_DOMAINTOIP."` `dip` $domains_stmt = Database::prepare("SELECT `d`.`id`, `d`.`domain` FROM `" . TABLE_PANEL_DOMAINS . "` `d` , `" . TABLE_PANEL_CUSTOMERS . "` `c` , `".TABLE_DOMAINTOIP."` `dip`
@@ -601,28 +601,28 @@ if($page == 'overview') {
); );
Database::pexecute($domains_stmt, array("id" => $result['id'], "customerid" => $userinfo['customerid'])); Database::pexecute($domains_stmt, array("id" => $result['id'], "customerid" => $userinfo['customerid']));
while($row_domain = $domains_stmt->fetch(PDO::FETCH_ASSOC)) { while ($row_domain = $domains_stmt->fetch(PDO::FETCH_ASSOC)) {
$domains .= makeoption($idna_convert->decode($row_domain['domain']), $row_domain['id'], $result['aliasdomain']); $domains .= makeoption($idna_convert->decode($row_domain['domain']), $row_domain['id'], $result['aliasdomain']);
} }
if(preg_match('/^https?\:\/\//', $result['documentroot']) && validateUrl($idna_convert->encode($result['documentroot']))) { if (preg_match('/^https?\:\/\//', $result['documentroot']) && validateUrl($idna_convert->encode($result['documentroot']))) {
if($settings['panel']['pathedit'] == 'Dropdown') { if (Settings::Get('panel.pathedit') == 'Dropdown') {
$urlvalue = $result['documentroot']; $urlvalue = $result['documentroot'];
$pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid'], $settings['panel']['pathedit']); $pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid']);
} else { } else {
$urlvalue = ''; $urlvalue = '';
$pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid'], $settings['panel']['pathedit'], $result['documentroot'], true); $pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid'], $result['documentroot'], true);
} }
} else { } else {
$urlvalue = ''; $urlvalue = '';
$pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid'], $settings['panel']['pathedit'], $result['documentroot']); $pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid'], $result['documentroot']);
} }
$redirectcode = ''; $redirectcode = '';
if($settings['customredirect']['enabled'] == '1') { if (Settings::Get('customredirect.enabled') == '1') {
$def_code = getDomainRedirectId($id); $def_code = getDomainRedirectId($id);
$codes = getRedirectCodesArray(); $codes = getRedirectCodesArray();
foreach($codes as $rc) { foreach ($codes as $rc) {
$redirectcode .= makeoption($rc['code']. ' ('.$lng['redirect_desc'][$rc['desc']].')', $rc['id'], $def_code); $redirectcode .= makeoption($rc['code']. ' ('.$lng['redirect_desc'][$rc['desc']].')', $rc['id'], $def_code);
} }
} }
@@ -649,7 +649,7 @@ if($page == 'overview') {
$serveraliasoptions .= makeoption($lng['domains']['serveraliasoption_wildcard'], '0', $_value, true, true); $serveraliasoptions .= makeoption($lng['domains']['serveraliasoption_wildcard'], '0', $_value, true, true);
$serveraliasoptions .= makeoption($lng['domains']['serveraliasoption_www'], '1', $_value, true, true); $serveraliasoptions .= makeoption($lng['domains']['serveraliasoption_www'], '1', $_value, true, true);
$serveraliasoptions .= makeoption($lng['domains']['serveraliasoption_none'], '2', $_value, true, true); $serveraliasoptions .= makeoption($lng['domains']['serveraliasoption_none'], '2', $_value, true, true);
$ips_stmt = Database::prepare("SELECT `p`.`ip` AS `ip` FROM `".TABLE_PANEL_IPSANDPORTS."` `p` $ips_stmt = Database::prepare("SELECT `p`.`ip` AS `ip` FROM `".TABLE_PANEL_IPSANDPORTS."` `p`
LEFT JOIN `".TABLE_DOMAINTOIP."` `dip` LEFT JOIN `".TABLE_DOMAINTOIP."` `dip`
ON ( `dip`.`id_ipandports` = `p`.`id` ) ON ( `dip`.`id_ipandports` = `p`.`id` )
@@ -705,7 +705,7 @@ if($page == 'overview') {
// verify certificate content // verify certificate content
if ($do_verify) { if ($do_verify) {
// array openssl_x509_parse ( mixed $x509cert [, bool $shortnames = true ] ) // array openssl_x509_parse ( mixed $x509cert [, bool $shortnames = true ] )
// openssl_x509_parse() returns information about the supplied x509cert, including fields such as // openssl_x509_parse() returns information about the supplied x509cert, including fields such as
// subject name, issuer name, purposes, valid from and valid to dates etc. // subject name, issuer name, purposes, valid from and valid to dates etc.
$cert_content = openssl_x509_parse($ssl_cert_file); $cert_content = openssl_x509_parse($ssl_cert_file);

110
customer_email.php
View File

@@ -37,7 +37,7 @@ if ($page == 'overview') {
'm.email_full' => $lng['emails']['emailaddress'], 'm.email_full' => $lng['emails']['emailaddress'],
'm.destination' => $lng['emails']['forwarders'] 'm.destination' => $lng['emails']['forwarders']
); );
$paging = new paging($userinfo, TABLE_MAIL_VIRTUAL, $fields, $settings['panel']['paging'], $settings['panel']['natsorting']); $paging = new paging($userinfo, TABLE_MAIL_VIRTUAL, $fields);
$result_stmt = Database::prepare('SELECT `m`.`id`, `m`.`domainid`, `m`.`email`, `m`.`email_full`, `m`.`iscatchall`, `u`.`quota`, `m`.`destination`, `m`.`popaccountid`, `d`.`domain`, `u`.`mboxsize` FROM `' . TABLE_MAIL_VIRTUAL . '` `m` $result_stmt = Database::prepare('SELECT `m`.`id`, `m`.`domainid`, `m`.`email`, `m`.`email_full`, `m`.`iscatchall`, `u`.`quota`, `m`.`destination`, `m`.`popaccountid`, `d`.`domain`, `u`.`mboxsize` FROM `' . TABLE_MAIL_VIRTUAL . '` `m`
LEFT JOIN `' . TABLE_PANEL_DOMAINS . '` `d` ON (`m`.`domainid` = `d`.`id`) LEFT JOIN `' . TABLE_PANEL_DOMAINS . '` `d` ON (`m`.`domainid` = `d`.`id`)
LEFT JOIN `' . TABLE_MAIL_USERS . '` `u` ON (`m`.`popaccountid` = `u`.`id`) LEFT JOIN `' . TABLE_MAIL_USERS . '` `u` ON (`m`.`popaccountid` = `u`.`id`)
@@ -56,7 +56,7 @@ if ($page == 'overview') {
if (!isset($emails[$row['domain']]) || !is_array($emails[$row['domain']])) { if (!isset($emails[$row['domain']]) || !is_array($emails[$row['domain']])) {
$emails[$row['domain']] = array(); $emails[$row['domain']] = array();
} }
$emails[$row['domain']][$row['email_full']] = $row; $emails[$row['domain']][$row['email_full']] = $row;
} }
@@ -105,8 +105,8 @@ if ($page == 'overview') {
if (strlen($row['destination']) > 35) { if (strlen($row['destination']) > 35) {
$row['destination'] = substr($row['destination'], 0, 32) . '... (' . $destinations_count . ')'; $row['destination'] = substr($row['destination'], 0, 32) . '... (' . $destinations_count . ')';
} }
$row['mboxsize'] = size_readable($row['mboxsize'], 'GiB', 'bi', '%01.'.(int)$settings['panel']['decimal_places'].'f %s'); $row['mboxsize'] = size_readable($row['mboxsize'], 'GiB', 'bi', '%01.' . (int)Settings::Get('panel.decimal_places') . 'f %s');
$row = htmlentities_array($row); $row = htmlentities_array($row);
eval("\$accounts.=\"" . getTemplate("email/emails_email") . "\";"); eval("\$accounts.=\"" . getTemplate("email/emails_email") . "\";");
@@ -132,7 +132,7 @@ if ($page == 'overview') {
AND `id`= :id" AND `id`= :id"
); );
$result = Database::pexecute_first($stmt, array("customerid" => $userinfo['customerid'], "id" => $id)); $result = Database::pexecute_first($stmt, array("customerid" => $userinfo['customerid'], "id" => $id));
if (isset($result['email']) && $result['email'] != '') { if (isset($result['email']) && $result['email'] != '') {
if (isset($_POST['send']) && $_POST['send'] == 'send') { if (isset($_POST['send']) && $_POST['send'] == 'send') {
$update_users_query_addon = ''; $update_users_query_addon = '';
@@ -143,7 +143,7 @@ if ($page == 'overview') {
if ($result['popaccountid'] != 0) { if ($result['popaccountid'] != 0) {
// Free the Quota used by the email account // Free the Quota used by the email account
if ($settings['system']['mail_quota_enabled'] == 1) { if (Settings::Get('system.mail_quota_enabled') == 1) {
$stmt = Database::prepare("SELECT `quota` FROM `" . TABLE_MAIL_USERS . "` $stmt = Database::prepare("SELECT `quota` FROM `" . TABLE_MAIL_USERS . "`
WHERE `customerid`= :customerid WHERE `customerid`= :customerid
AND `id`= :id" AND `id`= :id"
@@ -176,7 +176,7 @@ if ($page == 'overview') {
AND `id`= :id" AND `id`= :id"
); );
Database::pexecute($stmt, array("customerid" => $userinfo['customerid'], "id" => $id)); Database::pexecute($stmt, array("customerid" => $userinfo['customerid'], "id" => $id));
$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` $stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "`
SET `emails_used`=`emails_used` - 1 , SET `emails_used`=`emails_used` - 1 ,
`email_forwarders_used` = `email_forwarders_used` - :nforwarders `email_forwarders_used` = `email_forwarders_used` - :nforwarders
@@ -184,7 +184,7 @@ if ($page == 'overview') {
WHERE `customerid`= :customerid" WHERE `customerid`= :customerid"
); );
Database::pexecute($stmt, array("nforwarders" => $number_forwarders, "customerid" => $userinfo['customerid'])); Database::pexecute($stmt, array("nforwarders" => $number_forwarders, "customerid" => $userinfo['customerid']));
$log->logAction(USR_ACTION, LOG_INFO, "deleted email address '" . $result['email'] . "'"); $log->logAction(USR_ACTION, LOG_INFO, "deleted email address '" . $result['email'] . "'");
redirectTo($filename, array('page' => $page, 's' => $s)); redirectTo($filename, array('page' => $page, 's' => $s));
} else { } else {
@@ -207,7 +207,7 @@ if ($page == 'overview') {
AND `isemaildomain`='1' " AND `isemaildomain`='1' "
); );
$domain_check = Database::pexecute_first($stmt, array("domain" => $domain, "customerid" => $userinfo['customerid'])); $domain_check = Database::pexecute_first($stmt, array("domain" => $domain, "customerid" => $userinfo['customerid']));
if (isset($_POST['iscatchall']) && $_POST['iscatchall'] == '1') { if (isset($_POST['iscatchall']) && $_POST['iscatchall'] == '1') {
$iscatchall = '1'; $iscatchall = '1';
$email = '@' . $domain; $email = '@' . $domain;
@@ -233,7 +233,7 @@ if ($page == 'overview') {
"cid" => $userinfo['customerid'] "cid" => $userinfo['customerid']
); );
$email_check = Database::pexecute_first($stmt, $params); $email_check = Database::pexecute_first($stmt, $params);
if ($email == '' || $email_full == '' || $email_part == '') { if ($email == '' || $email_full == '' || $email_part == '') {
standard_error(array('stringisempty', 'emailadd')); standard_error(array('stringisempty', 'emailadd'));
} elseif ($domain == '') { } elseif ($domain == '') {
@@ -258,14 +258,14 @@ if ($page == 'overview') {
"domainid" => $domain_check['id'] "domainid" => $domain_check['id']
); );
Database::pexecute($stmt, $params); Database::pexecute($stmt, $params);
$address_id = Database::lastInsertId(); $address_id = Database::lastInsertId();
$stmt = Database::prepare("UPDATE " . TABLE_PANEL_CUSTOMERS . " $stmt = Database::prepare("UPDATE " . TABLE_PANEL_CUSTOMERS . "
SET `emails_used` = `emails_used` + 1 SET `emails_used` = `emails_used` + 1
WHERE `customerid`= :cid" WHERE `customerid`= :cid"
); );
Database::pexecute($stmt, array("cid" => $userinfo['customerid'])); Database::pexecute($stmt, array("cid" => $userinfo['customerid']));
$log->logAction(USR_ACTION, LOG_INFO, "added email address '" . $email_full . "'"); $log->logAction(USR_ACTION, LOG_INFO, "added email address '" . $email_full . "'");
redirectTo($filename, array('page' => $page, 'action' => 'edit', 'id' => $address_id, 's' => $s)); redirectTo($filename, array('page' => $page, 'action' => 'edit', 'id' => $address_id, 's' => $s));
} }
@@ -286,7 +286,7 @@ if ($page == 'overview') {
$email_add_data = include_once dirname(__FILE__).'/lib/formfields/customer/email/formfield.emails_add.php'; $email_add_data = include_once dirname(__FILE__).'/lib/formfields/customer/email/formfield.emails_add.php';
if ($settings['catchall']['catchall_enabled'] != '1') { if (Settings::Get('catchall.catchall_enabled') != '1') {
unset($email_add_data['emails_add']['sections']['section_a']['fields']['iscatchall']); unset($email_add_data['emails_add']['sections']['section_a']['fields']['iscatchall']);
} }
@@ -302,14 +302,14 @@ if ($page == 'overview') {
} }
} elseif ($action == 'edit' && $id != 0) { } elseif ($action == 'edit' && $id != 0) {
$stmt = Database::prepare("SELECT `v`.`id`, `v`.`email`, `v`.`email_full`, `v`.`iscatchall`, `v`.`destination`, `v`.`customerid`, `v`.`popaccountid`, `u`.`quota` $stmt = Database::prepare("SELECT `v`.`id`, `v`.`email`, `v`.`email_full`, `v`.`iscatchall`, `v`.`destination`, `v`.`customerid`, `v`.`popaccountid`, `u`.`quota`
FROM `" . TABLE_MAIL_VIRTUAL . "` `v` FROM `" . TABLE_MAIL_VIRTUAL . "` `v`
LEFT JOIN `" . TABLE_MAIL_USERS . "` `u` LEFT JOIN `" . TABLE_MAIL_USERS . "` `u`
ON(`v`.`popaccountid` = `u`.`id`) ON(`v`.`popaccountid` = `u`.`id`)
WHERE `v`.`customerid`= :cid WHERE `v`.`customerid`= :cid
AND `v`.`id`= :id" AND `v`.`id`= :id"
); );
$result = Database::pexecute_first($stmt, array("cid" => $userinfo['customerid'], "id" => $id)); $result = Database::pexecute_first($stmt, array("cid" => $userinfo['customerid'], "id" => $id));
if (isset($result['email']) && $result['email'] != '') { if (isset($result['email']) && $result['email'] != '') {
$result['email'] = $idna_convert->decode($result['email']); $result['email'] = $idna_convert->decode($result['email']);
$result['email_full'] = $idna_convert->decode($result['email_full']); $result['email_full'] = $idna_convert->decode($result['email_full']);
@@ -334,7 +334,7 @@ if ($page == 'overview') {
$email_edit_data = include_once dirname(__FILE__).'/lib/formfields/customer/email/formfield.emails_edit.php'; $email_edit_data = include_once dirname(__FILE__).'/lib/formfields/customer/email/formfield.emails_edit.php';
if ( $settings['catchall']['catchall_enabled'] != '1' ) { if (Settings::Get('catchall.catchall_enabled') != '1') {
unset($email_edit_data['emails_edit']['sections']['section_a']['fields']['mail_catchall']); unset($email_edit_data['emails_edit']['sections']['section_a']['fields']['mail_catchall']);
} }
@@ -346,13 +346,13 @@ if ($page == 'overview') {
eval("echo \"" . getTemplate("email/emails_edit") . "\";"); eval("echo \"" . getTemplate("email/emails_edit") . "\";");
} }
} elseif ($action == 'togglecatchall' && $id != 0) { } elseif ($action == 'togglecatchall' && $id != 0) {
if ( $settings['catchall']['catchall_enabled'] == '1' ) { if (Settings::Get('catchall.catchall_enabled') == '1') {
$stmt = Database::prepare("SELECT `id`, `email`, `email_full`, `iscatchall`, `destination`, `customerid`, `popaccountid` FROM `" . TABLE_MAIL_VIRTUAL . "` $stmt = Database::prepare("SELECT `id`, `email`, `email_full`, `iscatchall`, `destination`, `customerid`, `popaccountid` FROM `" . TABLE_MAIL_VIRTUAL . "`
WHERE `customerid`= :cid WHERE `customerid`= :cid
AND `id`= :id" AND `id`= :id"
); );
$result = Database::pexecute_first($stmt, array("cid" => $userinfo['customerid'], "id" => $id)); $result = Database::pexecute_first($stmt, array("cid" => $userinfo['customerid'], "id" => $id));
if (isset($result['email']) && $result['email'] != '') { if (isset($result['email']) && $result['email'] != '') {
if ($result['iscatchall'] == '1') { if ($result['iscatchall'] == '1') {
$stmt = Database::prepare("UPDATE `" . TABLE_MAIL_VIRTUAL . "` $stmt = Database::prepare("UPDATE `" . TABLE_MAIL_VIRTUAL . "`
@@ -374,7 +374,7 @@ if ($page == 'overview') {
AND `customerid`= :cid" AND `customerid`= :cid"
); );
$email_check = Database::pexecute_first($stmt, array("email" => $email, "cid" => $userinfo['customerid'])); $email_check = Database::pexecute_first($stmt, array("email" => $email, "cid" => $userinfo['customerid']));
if ($email_check['email'] == $email) { if ($email_check['email'] == $email) {
standard_error('youhavealreadyacatchallforthisdomain'); standard_error('youhavealreadyacatchallforthisdomain');
exit; exit;
@@ -419,7 +419,7 @@ if ($page == 'overview') {
AND `id`= :id" AND `id`= :id"
); );
$result = Database::pexecute_first($stmt, array("cid" => $userinfo['customerid'], "id" => $id)); $result = Database::pexecute_first($stmt, array("cid" => $userinfo['customerid'], "id" => $id));
if (isset($result['email']) && $result['email'] != '' && $result['popaccountid'] == '0') { if (isset($result['email']) && $result['email'] != '' && $result['popaccountid'] == '0') {
if (isset($_POST['send']) && $_POST['send'] == 'send') { if (isset($_POST['send']) && $_POST['send'] == 'send') {
$email_full = $result['email_full']; $email_full = $result['email_full'];
@@ -427,13 +427,13 @@ if ($page == 'overview') {
$password = validate($_POST['email_password'], 'password'); $password = validate($_POST['email_password'], 'password');
$password = validatePassword($password); $password = validatePassword($password);
if ($settings['panel']['sendalternativemail'] == 1) { if (Settings::Get('panel.sendalternativemail') == 1) {
$alternative_email = $idna_convert->encode(validate($_POST['alternative_email'], 'alternative_email')); $alternative_email = $idna_convert->encode(validate($_POST['alternative_email'], 'alternative_email'));
} else { } else {
$alternative_email = ''; $alternative_email = '';
} }
if ($settings['system']['mail_quota_enabled'] == 1) { if (Settings::Get('system.mail_quota_enabled') == 1) {
if ($userinfo['email_quota'] != '-1' && ($quota == 0 || ($quota + $userinfo['email_quota_used']) > $userinfo['email_quota'])) { if ($userinfo['email_quota'] != '-1' && ($quota == 0 || ($quota + $userinfo['email_quota_used']) > $userinfo['email_quota'])) {
standard_error('allocatetoomuchquota', $quota); standard_error('allocatetoomuchquota', $quota);
} }
@@ -444,7 +444,7 @@ if ($page == 'overview') {
if ($email_full == '') { if ($email_full == '') {
standard_error(array('stringisempty', 'emailadd')); standard_error(array('stringisempty', 'emailadd'));
} }
elseif ($password == '' && !($settings['panel']['sendalternativemail'] == 1 && validateEmail($alternative_email))) { elseif ($password == '' && !(Settings::Get('panel.sendalternativemail') == 1 && validateEmail($alternative_email))) {
standard_error(array('stringisempty', 'mypassword')); standard_error(array('stringisempty', 'mypassword'));
} else { } else {
if ($password == '') { if ($password == '') {
@@ -455,30 +455,30 @@ if ($page == 'overview') {
$email_user=substr($email_full,0,strrpos($email_full,"@")); $email_user=substr($email_full,0,strrpos($email_full,"@"));
$email_domain=substr($email_full,strrpos($email_full,"@")+1); $email_domain=substr($email_full,strrpos($email_full,"@")+1);
$maildirname=trim($settings['system']['vmail_maildirname']); $maildirname=trim(Settings::Get('system.vmail_maildirname'));
// Add trailing slash to Maildir if needed // Add trailing slash to Maildir if needed
$maildirpath=$maildirname; $maildirpath=$maildirname;
if (!empty($maildirname) and substr($maildirname,-1) != "/") $maildirpath.="/"; if (!empty($maildirname) and substr($maildirname,-1) != "/") $maildirpath.="/";
$stmt = Database::prepare("INSERT INTO `" . TABLE_MAIL_USERS . "` $stmt = Database::prepare("INSERT INTO `" . TABLE_MAIL_USERS . "`
(`customerid`, `email`, `username`, " . ($settings['system']['mailpwcleartext'] == '1' ? '`password`, ' : '') . " `password_enc`, `homedir`, `maildir`, `uid`, `gid`, `domainid`, `postfix`, `quota`, `imap`, `pop3`) ". (`customerid`, `email`, `username`, " . (Settings::Get('system.mailpwcleartext') == '1' ? '`password`, ' : '') . " `password_enc`, `homedir`, `maildir`, `uid`, `gid`, `domainid`, `postfix`, `quota`, `imap`, `pop3`) ".
"VALUES (:cid, :email, :username, " . ($settings['system']['mailpwcleartext'] == '1' ? ":password, " : '') . ":password_enc, :homedir, :maildir, :uid, :gid, :domainid, 'y', :quota, :imap, :pop3)" "VALUES (:cid, :email, :username, " . (Settings::Get('system.mailpwcleartext') == '1' ? ":password, " : '') . ":password_enc, :homedir, :maildir, :uid, :gid, :domainid, 'y', :quota, :imap, :pop3)"
); );
$params = array( $params = array(
"cid" => $userinfo['customerid'], "cid" => $userinfo['customerid'],
"email" => $email_full, "email" => $email_full,
"username" => $username, "username" => $username,
"password_enc" => $cryptPassword, "password_enc" => $cryptPassword,
"homedir" => $settings['system']['vmail_homedir'], "homedir" => Settings::Get('system.vmail_homedir'),
"maildir" => $userinfo['loginname'] . '/' . $email_domain . "/" . $email_user . "/" . $maildirpath, "maildir" => $userinfo['loginname'] . '/' . $email_domain . "/" . $email_user . "/" . $maildirpath,
"uid" => $settings['system']['vmail_uid'], "uid" => Settings::Get('system.vmail_uid'),
"gid" => $settings['system']['vmail_gid'], "gid" => Settings::Get('system.vmail_gid'),
"domainid" => $result['domainid'], "domainid" => $result['domainid'],
"quota" => $quota, "quota" => $quota,
"imap" => $userinfo['imap'], "imap" => $userinfo['imap'],
"pop3" => $userinfo['pop3'] "pop3" => $userinfo['pop3']
); );
if ($settings['system']['mailpwcleartext'] == '1') { $params["password"] = $password; } if (Settings::Get('system.mailpwcleartext') == '1') { $params["password"] = $password; }
Database::pexecute($stmt, $params); Database::pexecute($stmt, $params);
$popaccountid = Database::lastInsertId(); $popaccountid = Database::lastInsertId();
@@ -496,24 +496,24 @@ if ($page == 'overview') {
"id" => $id "id" => $id
); );
Database::pexecute($stmt, $params); Database::pexecute($stmt, $params);
$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` $stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "`
SET `email_accounts_used`=`email_accounts_used`+1, SET `email_accounts_used`=`email_accounts_used`+1,
`email_quota_used`=`email_quota_used`+ :quota `email_quota_used`=`email_quota_used`+ :quota
WHERE `customerid`= :cid" WHERE `customerid`= :cid"
); );
Database::pexecute($stmt, array("quota" => $quota, "cid" => $userinfo['customerid'])); Database::pexecute($stmt, array("quota" => $quota, "cid" => $userinfo['customerid']));
$log->logAction(USR_ACTION, LOG_INFO, "added email account for '" . $email_full . "'"); $log->logAction(USR_ACTION, LOG_INFO, "added email account for '" . $email_full . "'");
$replace_arr = array( $replace_arr = array(
'EMAIL' => $email_full, 'EMAIL' => $email_full,
'USERNAME' => $username, 'USERNAME' => $username,
'PASSWORD' => $password 'PASSWORD' => $password
); );
$stmt = Database::prepare("SELECT `name`, `email` FROM `" . TABLE_PANEL_ADMINS . "` WHERE `adminid`= :adminid"); $stmt = Database::prepare("SELECT `name`, `email` FROM `" . TABLE_PANEL_ADMINS . "` WHERE `adminid`= :adminid");
$admin = Database::pexecute_first($stmt, array("adminid" => $userinfo['adminid'])); $admin = Database::pexecute_first($stmt, array("adminid" => $userinfo['adminid']));
$stmt = Database::prepare("SELECT `value` FROM `" . TABLE_PANEL_TEMPLATES . "` $stmt = Database::prepare("SELECT `value` FROM `" . TABLE_PANEL_TEMPLATES . "`
WHERE `adminid`= :adminid WHERE `adminid`= :adminid
AND `language`= :lang AND `language`= :lang
@@ -522,7 +522,7 @@ if ($page == 'overview') {
); );
$result = Database::pexecute_first($stmt, array("adminid" => $userinfo['adminid'], "lang" => $userinfo['def_language'])); $result = Database::pexecute_first($stmt, array("adminid" => $userinfo['adminid'], "lang" => $userinfo['def_language']));
$mail_subject = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $lng['mails']['pop_success']['subject']), $replace_arr)); $mail_subject = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $lng['mails']['pop_success']['subject']), $replace_arr));
$stmt = Database::prepare("SELECT `value` FROM `" . TABLE_PANEL_TEMPLATES . "` $stmt = Database::prepare("SELECT `value` FROM `" . TABLE_PANEL_TEMPLATES . "`
WHERE `adminid`= :adminid WHERE `adminid`= :adminid
AND `language`= :lang AND `language`= :lang
@@ -555,7 +555,7 @@ if ($page == 'overview') {
$mail->ClearAddresses(); $mail->ClearAddresses();
if (validateEmail($alternative_email) && $settings['panel']['sendalternativemail'] == 1) { if (validateEmail($alternative_email) && Settings::Get('panel.sendalternativemail') == 1) {
$stmt = Database::prepare("SELECT `value` FROM `" . TABLE_PANEL_TEMPLATES . "` $stmt = Database::prepare("SELECT `value` FROM `" . TABLE_PANEL_TEMPLATES . "`
WHERE `adminid`= :adminid WHERE `adminid`= :adminid
AND `language`= :lang AND `language`= :lang
@@ -564,7 +564,7 @@ if ($page == 'overview') {
); );
$result = Database::pexecute_first($stmt, array("adminid" => $userinfo['adminid'], "lang" => $userinfo['def_language'])); $result = Database::pexecute_first($stmt, array("adminid" => $userinfo['adminid'], "lang" => $userinfo['def_language']));
$mail_subject = replace_variables((($result['value'] != '') ? $result['value'] : $lng['mails']['pop_success_alternative']['subject']), $replace_arr); $mail_subject = replace_variables((($result['value'] != '') ? $result['value'] : $lng['mails']['pop_success_alternative']['subject']), $replace_arr);
$stmt = Database::prepare("SELECT `value` FROM `" . TABLE_PANEL_TEMPLATES . "` $stmt = Database::prepare("SELECT `value` FROM `" . TABLE_PANEL_TEMPLATES . "`
WHERE `adminid`= :adminid WHERE `adminid`= :adminid
AND `language`= :lang AND `language`= :lang
@@ -603,9 +603,9 @@ if ($page == 'overview') {
} else { } else {
$result['email_full'] = $idna_convert->decode($result['email_full']); $result['email_full'] = $idna_convert->decode($result['email_full']);
$result = htmlentities_array($result); $result = htmlentities_array($result);
$quota = $settings['system']['mail_quota']; $quota = Settings::Get('system.mail_quota');
$account_add_data = include_once dirname(__FILE__).'/lib/formfields/customer/email/formfield.emails_addaccount.php'; $account_add_data = include_once dirname(__FILE__) . '/lib/formfields/customer/email/formfield.emails_addaccount.php';
$account_add_form = htmlform::genHTMLForm($account_add_data); $account_add_form = htmlform::genHTMLForm($account_add_data);
$title = $account_add_data['emails_addaccount']['title']; $title = $account_add_data['emails_addaccount']['title'];
@@ -623,7 +623,7 @@ if ($page == 'overview') {
AND `id`= :id" AND `id`= :id"
); );
$result = Database::pexecute_first($stmt, array("cid" => $userinfo['customerid'], "id" => $id)); $result = Database::pexecute_first($stmt, array("cid" => $userinfo['customerid'], "id" => $id));
if (isset($result['popaccountid']) && $result['popaccountid'] != '') { if (isset($result['popaccountid']) && $result['popaccountid'] != '') {
if (isset($_POST['send']) && $_POST['send'] == 'send') { if (isset($_POST['send']) && $_POST['send'] == 'send') {
$password = validate($_POST['email_password'], 'password'); $password = validate($_POST['email_password'], 'password');
@@ -638,7 +638,7 @@ if ($page == 'overview') {
$log->logAction(USR_ACTION, LOG_NOTICE, "changed email password for '" . $result['email_full'] . "'"); $log->logAction(USR_ACTION, LOG_NOTICE, "changed email password for '" . $result['email_full'] . "'");
$cryptPassword = makeCryptPassword($password); $cryptPassword = makeCryptPassword($password);
$stmt = Database::prepare("UPDATE `" . TABLE_MAIL_USERS . "` $stmt = Database::prepare("UPDATE `" . TABLE_MAIL_USERS . "`
SET " . ($settings['system']['mailpwcleartext'] == '1' ? "`password` = :password, " : '') . " SET " . (Settings::Get('system.mailpwcleartext') == '1' ? "`password` = :password, " : '') . "
`password_enc`= :password_enc `password_enc`= :password_enc
WHERE `customerid`= :cid WHERE `customerid`= :cid
AND `id`= :id" AND `id`= :id"
@@ -648,9 +648,9 @@ if ($page == 'overview') {
"cid" => $userinfo['customerid'], "cid" => $userinfo['customerid'],
"id" => $result['popaccountid'] "id" => $result['popaccountid']
); );
if ($settings['system']['mailpwcleartext'] == '1') { $params["password"] = $password; } if (Settings::Get('system.mailpwcleartext') == '1') { $params["password"] = $password; }
Database::pexecute($stmt, $params); Database::pexecute($stmt, $params);
redirectTo($filename, array('page' => 'emails', 'action' => 'edit', 'id' => $id, 's' => $s)); redirectTo($filename, array('page' => 'emails', 'action' => 'edit', 'id' => $id, 's' => $s));
} else { } else {
$result['email_full'] = $idna_convert->decode($result['email_full']); $result['email_full'] = $idna_convert->decode($result['email_full']);
@@ -665,7 +665,7 @@ if ($page == 'overview') {
eval("echo \"" . getTemplate("email/account_changepw") . "\";"); eval("echo \"" . getTemplate("email/account_changepw") . "\";");
} }
} }
} elseif ($action == 'changequota' && $settings['system']['mail_quota_enabled'] == '1' && $id != 0) { } elseif ($action == 'changequota' && Settings::Get('system.mail_quota_enabled') == '1' && $id != 0) {
$stmt = Database::prepare("SELECT `v`.`id`, `v`.`email`, `v`.`email_full`, `v`.`iscatchall`, `v`.`destination`, `v`.`customerid`, `v`.`popaccountid`, `u`.`quota` $stmt = Database::prepare("SELECT `v`.`id`, `v`.`email`, `v`.`email_full`, `v`.`iscatchall`, `v`.`destination`, `v`.`customerid`, `v`.`popaccountid`, `u`.`quota`
FROM `" . TABLE_MAIL_VIRTUAL . "` `v` FROM `" . TABLE_MAIL_VIRTUAL . "` `v`
LEFT JOIN `" . TABLE_MAIL_USERS . "` `u` LEFT JOIN `" . TABLE_MAIL_USERS . "` `u`
@@ -674,7 +674,7 @@ if ($page == 'overview') {
AND `v`.`id`= :id" AND `v`.`id`= :id"
); );
$result = Database::pexecute_first($stmt, array("cid" => $userinfo['customerid'], "id" => $id)); $result = Database::pexecute_first($stmt, array("cid" => $userinfo['customerid'], "id" => $id));
if (isset($result['popaccountid']) && $result['popaccountid'] != '') { if (isset($result['popaccountid']) && $result['popaccountid'] != '') {
if (isset($_POST['send']) && $_POST['send'] == 'send') { if (isset($_POST['send']) && $_POST['send'] == 'send') {
$quota = (int)validate($_POST['email_quota'], 'email_quota', '/^\d+$/', 'vmailquotawrong'); $quota = (int)validate($_POST['email_quota'], 'email_quota', '/^\d+$/', 'vmailquotawrong');
@@ -728,7 +728,7 @@ if ($page == 'overview') {
AND `v`.`id`='" . (int)$id . "'" AND `v`.`id`='" . (int)$id . "'"
); );
$result = Database::pexecute_first($stmt, array("cid" => $userinfo['customerid'], "id" => $id)); $result = Database::pexecute_first($stmt, array("cid" => $userinfo['customerid'], "id" => $id));
if (isset($result['popaccountid']) && $result['popaccountid'] != '') { if (isset($result['popaccountid']) && $result['popaccountid'] != '') {
if (isset($_POST['send']) && $_POST['send'] == 'send') { if (isset($_POST['send']) && $_POST['send'] == 'send') {
$stmt = Database::prepare("DELETE FROM `" . TABLE_MAIL_USERS . "` $stmt = Database::prepare("DELETE FROM `" . TABLE_MAIL_USERS . "`
@@ -737,7 +737,7 @@ if ($page == 'overview') {
); );
Database::pexecute($stmt, array("cid" => $userinfo['customerid'], "id" => $result['popaccountid'])); Database::pexecute($stmt, array("cid" => $userinfo['customerid'], "id" => $result['popaccountid']));
$result['destination'] = str_replace($result['email_full'], '', $result['destination']); $result['destination'] = str_replace($result['email_full'], '', $result['destination']);
$stmt = Database::prepare("UPDATE `" . TABLE_MAIL_VIRTUAL . "` $stmt = Database::prepare("UPDATE `" . TABLE_MAIL_VIRTUAL . "`
SET `destination` = :dest, SET `destination` = :dest,
`popaccountid` = '0' `popaccountid` = '0'
@@ -751,7 +751,7 @@ if ($page == 'overview') {
); );
Database::pexecute($stmt, $params); Database::pexecute($stmt, $params);
if ($settings['system']['mail_quota_enabled'] == '1' && $userinfo['email_quota'] != '-1') { if (Settings::Get('system.mail_quota_enabled') == '1' && $userinfo['email_quota'] != '-1') {
$quota = (int)$result['quota']; $quota = (int)$result['quota'];
} else { } else {
$quota = 0; $quota = 0;
@@ -767,7 +767,7 @@ if ($page == 'overview') {
WHERE `customerid`= :cid" WHERE `customerid`= :cid"
); );
Database::pexecute($stmt, array("quota" => $quota, "cid" => $userinfo['customerid'])); Database::pexecute($stmt, array("quota" => $quota, "cid" => $userinfo['customerid']));
$log->logAction(USR_ACTION, LOG_INFO, "deleted email account for '" . $result['email_full'] . "'"); $log->logAction(USR_ACTION, LOG_INFO, "deleted email account for '" . $result['email_full'] . "'");
redirectTo($filename, array('page' => 'emails', 'action' => 'edit', 'id' => $id, 's' => $s)); redirectTo($filename, array('page' => 'emails', 'action' => 'edit', 'id' => $id, 's' => $s));
} else { } else {
@@ -783,7 +783,7 @@ if ($page == 'overview') {
AND `id`= :id" AND `id`= :id"
); );
$result = Database::pexecute_first($stmt, array("cid" => $userinfo['customerid'], "id" => $id)); $result = Database::pexecute_first($stmt, array("cid" => $userinfo['customerid'], "id" => $id));
if (isset($result['email']) && $result['email'] != '') { if (isset($result['email']) && $result['email'] != '') {
if (isset($_POST['send']) && $_POST['send'] == 'send') { if (isset($_POST['send']) && $_POST['send'] == 'send') {
$destination = $idna_convert->encode($_POST['destination']); $destination = $idna_convert->encode($_POST['destination']);
@@ -810,13 +810,13 @@ if ($page == 'overview') {
"id" => $id "id" => $id
); );
Database::pexecute($stmt, $params); Database::pexecute($stmt, $params);
$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` $stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "`
SET `email_forwarders_used` = `email_forwarders_used` + 1 SET `email_forwarders_used` = `email_forwarders_used` + 1
WHERE `customerid`= :cid" WHERE `customerid`= :cid"
); );
Database::pexecute($stmt, array("cid" => $userinfo['customerid'])); Database::pexecute($stmt, array("cid" => $userinfo['customerid']));
$log->logAction(USR_ACTION, LOG_NOTICE, "added email forwarder for '" . $result['email_full'] . "'"); $log->logAction(USR_ACTION, LOG_NOTICE, "added email forwarder for '" . $result['email_full'] . "'");
redirectTo($filename, array('page' => 'emails', 'action' => 'edit', 'id' => $id, 's' => $s)); redirectTo($filename, array('page' => 'emails', 'action' => 'edit', 'id' => $id, 's' => $s));
} }
@@ -842,7 +842,7 @@ if ($page == 'overview') {
AND `id`='" . (int)$id . "'" AND `id`='" . (int)$id . "'"
); );
$result = Database::pexecute_first($stmt, array("cid" => $userinfo['customerid'])); $result = Database::pexecute_first($stmt, array("cid" => $userinfo['customerid']));
if (isset($result['destination']) && $result['destination'] != '') { if (isset($result['destination']) && $result['destination'] != '') {
if (isset($_POST['forwarderid'])) { if (isset($_POST['forwarderid'])) {
$forwarderid = intval($_POST['forwarderid']); $forwarderid = intval($_POST['forwarderid']);
@@ -871,13 +871,13 @@ if ($page == 'overview') {
"id" => $id "id" => $id
); );
Database::pexecute($stmt, $params); Database::pexecute($stmt, $params);
$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` $stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "`
SET `email_forwarders_used` = `email_forwarders_used` - 1 SET `email_forwarders_used` = `email_forwarders_used` - 1
WHERE `customerid`= :cid" WHERE `customerid`= :cid"
); );
Database::pexecute($stmt, array("cid" => $userinfo['customerid'])); Database::pexecute($stmt, array("cid" => $userinfo['customerid']));
$log->logAction(USR_ACTION, LOG_NOTICE, "deleted email forwarder for '" . $result['email_full'] . "'"); $log->logAction(USR_ACTION, LOG_NOTICE, "deleted email forwarder for '" . $result['email_full'] . "'");
redirectTo($filename, array('page' => 'emails', 'action' => 'edit', 'id' => $id, 's' => $s)); redirectTo($filename, array('page' => 'emails', 'action' => 'edit', 'id' => $id, 's' => $s));
} else { } else {

120
customer_extras.php
View File

@@ -20,23 +20,23 @@
define('AREA', 'customer'); define('AREA', 'customer');
require './lib/init.php'; require './lib/init.php';
if(isset($_POST['id'])) { if (isset($_POST['id'])) {
$id = intval($_POST['id']); $id = intval($_POST['id']);
} elseif(isset($_GET['id'])) { } elseif (isset($_GET['id'])) {
$id = intval($_GET['id']); $id = intval($_GET['id']);
} }
if($page == 'overview') { if ($page == 'overview') {
$log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_extras"); $log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_extras");
eval("echo \"" . getTemplate("extras/extras") . "\";"); eval("echo \"" . getTemplate("extras/extras") . "\";");
} elseif($page == 'htpasswds') { } elseif ($page == 'htpasswds') {
if($action == '') { if ($action == '') {
$log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_extras::htpasswds"); $log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_extras::htpasswds");
$fields = array( $fields = array(
'username' => $lng['login']['username'], 'username' => $lng['login']['username'],
'path' => $lng['panel']['path'] 'path' => $lng['panel']['path']
); );
$paging = new paging($userinfo, TABLE_PANEL_HTPASSWDS, $fields, $settings['panel']['paging'], $settings['panel']['natsorting']); $paging = new paging($userinfo, TABLE_PANEL_HTPASSWDS, $fields);
$result_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_HTPASSWDS . "` $result_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_HTPASSWDS . "`
WHERE `customerid`= :customerid " . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit() WHERE `customerid`= :customerid " . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit()
); );
@@ -50,9 +50,9 @@ if($page == 'overview') {
$count = 0; $count = 0;
$htpasswds = ''; $htpasswds = '';
while($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) { while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
if($paging->checkDisplay($i)) { if ($paging->checkDisplay($i)) {
if(strpos($row['path'], $userinfo['documentroot']) === 0) { if (strpos($row['path'], $userinfo['documentroot']) === 0) {
$row['path'] = substr($row['path'], strlen($userinfo['documentroot'])); $row['path'] = substr($row['path'], strlen($userinfo['documentroot']));
} }
@@ -65,7 +65,7 @@ if($page == 'overview') {
} }
eval("echo \"" . getTemplate("extras/htpasswds") . "\";"); eval("echo \"" . getTemplate("extras/htpasswds") . "\";");
} elseif($action == 'delete' && $id != 0) { } elseif ($action == 'delete' && $id != 0) {
$result_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_HTPASSWDS . "` $result_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_HTPASSWDS . "`
WHERE `customerid`= :customerid WHERE `customerid`= :customerid
AND `id`= :id" AND `id`= :id"
@@ -73,8 +73,8 @@ if($page == 'overview') {
Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid'], "id" => $id)); Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid'], "id" => $id));
$result = $result_stmt->fetch(PDO::FETCH_ASSOC); $result = $result_stmt->fetch(PDO::FETCH_ASSOC);
if(isset($result['username']) && $result['username'] != '') { if (isset($result['username']) && $result['username'] != '') {
if(isset($_POST['send']) && $_POST['send'] == 'send') { if (isset($_POST['send']) && $_POST['send'] == 'send') {
$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_HTPASSWDS . "` $stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_HTPASSWDS . "`
WHERE `customerid`= :customerid WHERE `customerid`= :customerid
AND `id`= :id" AND `id`= :id"
@@ -83,17 +83,17 @@ if($page == 'overview') {
$log->logAction(USR_ACTION, LOG_INFO, "deleted htpasswd for '" . $result['username'] . " (" . $result['path'] . ")'"); $log->logAction(USR_ACTION, LOG_INFO, "deleted htpasswd for '" . $result['username'] . " (" . $result['path'] . ")'");
inserttask('1'); inserttask('1');
redirectTo($filename, Array('page' => $page, 's' => $s)); redirectTo($filename, array('page' => $page, 's' => $s));
} else { } else {
if(strpos($result['path'], $userinfo['documentroot']) === 0) { if (strpos($result['path'], $userinfo['documentroot']) === 0) {
$result['path'] = substr($result['path'], strlen($userinfo['documentroot'])); $result['path'] = substr($result['path'], strlen($userinfo['documentroot']));
} }
ask_yesno('extras_reallydelete', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $result['username'] . ' (' . $result['path'] . ')'); ask_yesno('extras_reallydelete', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $result['username'] . ' (' . $result['path'] . ')');
} }
} }
} elseif($action == 'add') { } elseif ($action == 'add') {
if(isset($_POST['send']) && $_POST['send'] == 'send') { if (isset($_POST['send']) && $_POST['send'] == 'send') {
$path = makeCorrectDir(validate($_POST['path'], 'path')); $path = makeCorrectDir(validate($_POST['path'], 'path'));
$userpath = $path; $userpath = $path;
$path = makeCorrectDir($userinfo['documentroot'] . '/' . $path); $path = makeCorrectDir($userinfo['documentroot'] . '/' . $path);
@@ -114,24 +114,24 @@ if($page == 'overview') {
Database::pexecute($username_path_check_stmt, $params); Database::pexecute($username_path_check_stmt, $params);
$username_path_check = $username_path_check_stmt->fetch(PDO::FETCH_ASSOC); $username_path_check = $username_path_check_stmt->fetch(PDO::FETCH_ASSOC);
if(CRYPT_STD_DES == 1) { if (CRYPT_STD_DES == 1) {
$saltfordescrypt = substr(md5(uniqid(microtime(), 1)), 4, 2); $saltfordescrypt = substr(md5(uniqid(microtime(), 1)), 4, 2);
$password = crypt($_POST['directory_password'], $saltfordescrypt); $password = crypt($_POST['directory_password'], $saltfordescrypt);
} else { } else {
$password = crypt($_POST['directory_password']); $password = crypt($_POST['directory_password']);
} }
if(!$_POST['path']) { if (!$_POST['path']) {
standard_error('invalidpath'); standard_error('invalidpath');
} }
if($username == '') { if ($username == '') {
standard_error(array('stringisempty', 'myloginname')); standard_error(array('stringisempty', 'myloginname'));
} elseif($username_path_check['username'] == $username && $username_path_check['path'] == $path) { } elseif ($username_path_check['username'] == $username && $username_path_check['path'] == $path) {
standard_error('userpathcombinationdupe'); standard_error('userpathcombinationdupe');
} elseif($_POST['directory_password'] == '') { } elseif ($_POST['directory_password'] == '') {
standard_error(array('stringisempty', 'mypassword')); standard_error(array('stringisempty', 'mypassword'));
} elseif($path == '') { } elseif ($path == '') {
standard_error('patherror'); standard_error('patherror');
} else { } else {
$stmt = Database::prepare("INSERT INTO `" . TABLE_PANEL_HTPASSWDS . "` SET $stmt = Database::prepare("INSERT INTO `" . TABLE_PANEL_HTPASSWDS . "` SET
@@ -151,10 +151,10 @@ if($page == 'overview') {
Database::pexecute($stmt, $params); Database::pexecute($stmt, $params);
$log->logAction(USR_ACTION, LOG_INFO, "added htpasswd for '" . $username . " (" . $path . ")'"); $log->logAction(USR_ACTION, LOG_INFO, "added htpasswd for '" . $username . " (" . $path . ")'");
inserttask('1'); inserttask('1');
redirectTo($filename, Array('page' => $page, 's' => $s)); redirectTo($filename, array('page' => $page, 's' => $s));
} }
} else { } else {
$pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid'], $settings['panel']['pathedit']); $pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid']);
$htpasswd_add_data = include_once dirname(__FILE__).'/lib/formfields/customer/extras/formfield.htpasswd_add.php'; $htpasswd_add_data = include_once dirname(__FILE__).'/lib/formfields/customer/extras/formfield.htpasswd_add.php';
$htpasswd_add_form = htmlform::genHTMLForm($htpasswd_add_data); $htpasswd_add_form = htmlform::genHTMLForm($htpasswd_add_data);
@@ -164,7 +164,7 @@ if($page == 'overview') {
eval("echo \"" . getTemplate("extras/htpasswds_add") . "\";"); eval("echo \"" . getTemplate("extras/htpasswds_add") . "\";");
} }
} elseif($action == 'edit' && $id != 0) { } elseif ($action == 'edit' && $id != 0) {
$result_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_HTPASSWDS . "` $result_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_HTPASSWDS . "`
WHERE `customerid`= :customerid WHERE `customerid`= :customerid
AND `id`= :id" AND `id`= :id"
@@ -172,12 +172,12 @@ if($page == 'overview') {
Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid'], "id" => $id)); Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid'], "id" => $id));
$result = $result_stmt->fetch(PDO::FETCH_ASSOC); $result = $result_stmt->fetch(PDO::FETCH_ASSOC);
if(isset($result['username']) && $result['username'] != '') { if (isset($result['username']) && $result['username'] != '') {
if(isset($_POST['send']) && $_POST['send'] == 'send') { if (isset($_POST['send']) && $_POST['send'] == 'send') {
validate($_POST['directory_password'], 'password'); validate($_POST['directory_password'], 'password');
$authname = validate($_POST['directory_authname'], 'directory_authname', '/^[a-zA-Z0-9][a-zA-Z0-9\-_ ]+\$?$/'); $authname = validate($_POST['directory_authname'], 'directory_authname', '/^[a-zA-Z0-9][a-zA-Z0-9\-_ ]+\$?$/');
if(CRYPT_STD_DES == 1) { if (CRYPT_STD_DES == 1) {
$saltfordescrypt = substr(md5(uniqid(microtime(), 1)), 4, 2); $saltfordescrypt = substr(md5(uniqid(microtime(), 1)), 4, 2);
$password = crypt($_POST['directory_password'], $saltfordescrypt); $password = crypt($_POST['directory_password'], $saltfordescrypt);
} else { } else {
@@ -190,19 +190,19 @@ if($page == 'overview') {
); );
$pwd_sql = ''; $pwd_sql = '';
if($_POST['directory_password'] != '') { if ($_POST['directory_password'] != '') {
$pwd_sql = "`password`= :password "; $pwd_sql = "`password`= :password ";
$params["password"] = $password; $params["password"] = $password;
} }
$auth_sql = ''; $auth_sql = '';
if($authname != $result['authname']) { if ($authname != $result['authname']) {
$auth_sql = "`authname`= :authname "; $auth_sql = "`authname`= :authname ";
$params["authname"] = $authname; $params["authname"] = $authname;
} }
if($pwd_sql != '' || $auth_sql != '') { if ($pwd_sql != '' || $auth_sql != '') {
if($pwd_sql !='' && $auth_sql != '') { if ($pwd_sql !='' && $auth_sql != '') {
$pwd_sql.= ', '; $pwd_sql.= ', ';
} }
@@ -214,10 +214,10 @@ if($page == 'overview') {
Database::pexecute($stmt, $params); Database::pexecute($stmt, $params);
$log->logAction(USR_ACTION, LOG_INFO, "edited htpasswd for '" . $result['username'] . " (" . $result['path'] . ")'"); $log->logAction(USR_ACTION, LOG_INFO, "edited htpasswd for '" . $result['username'] . " (" . $result['path'] . ")'");
inserttask('1'); inserttask('1');
redirectTo($filename, Array('page' => $page, 's' => $s)); redirectTo($filename, array('page' => $page, 's' => $s));
} }
} else { } else {
if(strpos($result['path'], $userinfo['documentroot']) === 0) { if (strpos($result['path'], $userinfo['documentroot']) === 0) {
$result['path'] = substr($result['path'], strlen($userinfo['documentroot'])); $result['path'] = substr($result['path'], strlen($userinfo['documentroot']));
} }
@@ -233,8 +233,8 @@ if($page == 'overview') {
} }
} }
} }
} elseif($page == 'htaccess') { } elseif ($page == 'htaccess') {
if($action == '') { if ($action == '') {
$log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_extras::htaccess"); $log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_extras::htaccess");
$fields = array( $fields = array(
'path' => $lng['panel']['path'], 'path' => $lng['panel']['path'],
@@ -244,7 +244,7 @@ if($page == 'overview') {
'error500path' => $lng['extras']['error500path'], 'error500path' => $lng['extras']['error500path'],
'options_cgi' => $lng['extras']['execute_perl'] 'options_cgi' => $lng['extras']['execute_perl']
); );
$paging = new paging($userinfo, TABLE_PANEL_HTACCESS, $fields, $settings['panel']['paging'], $settings['panel']['natsorting']); $paging = new paging($userinfo, TABLE_PANEL_HTACCESS, $fields);
$result_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_HTACCESS . "` $result_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_HTACCESS . "`
WHERE `customerid`= :customerid " . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit() WHERE `customerid`= :customerid " . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit()
); );
@@ -260,9 +260,9 @@ if($page == 'overview') {
$cperlenabled = customerHasPerlEnabled($userinfo['customerid']); $cperlenabled = customerHasPerlEnabled($userinfo['customerid']);
while($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) { while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
if($paging->checkDisplay($i)) { if ($paging->checkDisplay($i)) {
if(strpos($row['path'], $userinfo['documentroot']) === 0) { if (strpos($row['path'], $userinfo['documentroot']) === 0) {
$row['path'] = substr($row['path'], strlen($userinfo['documentroot'])); $row['path'] = substr($row['path'], strlen($userinfo['documentroot']));
// don't show nothing wehn it's the docroot, show slash // don't show nothing wehn it's the docroot, show slash
if ($row['path'] == '') { $row['path'] = '/'; } if ($row['path'] == '') { $row['path'] = '/'; }
@@ -281,7 +281,7 @@ if($page == 'overview') {
} }
eval("echo \"" . getTemplate("extras/htaccess") . "\";"); eval("echo \"" . getTemplate("extras/htaccess") . "\";");
} elseif($action == 'delete' && $id != 0) { } elseif ($action == 'delete' && $id != 0) {
$result_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_HTACCESS . "` $result_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_HTACCESS . "`
WHERE `customerid` = :customerid WHERE `customerid` = :customerid
AND `id` = :id" AND `id` = :id"
@@ -289,8 +289,8 @@ if($page == 'overview') {
Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid'], "id" => $id)); Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid'], "id" => $id));
$result = $result_stmt->fetch(PDO::FETCH_ASSOC); $result = $result_stmt->fetch(PDO::FETCH_ASSOC);
if(isset($result['customerid']) && $result['customerid'] != '' && $result['customerid'] == $userinfo['customerid']) { if (isset($result['customerid']) && $result['customerid'] != '' && $result['customerid'] == $userinfo['customerid']) {
if(isset($_POST['send']) && $_POST['send'] == 'send') { if (isset($_POST['send']) && $_POST['send'] == 'send') {
$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_HTACCESS . "` $stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_HTACCESS . "`
WHERE `customerid`= :customerid WHERE `customerid`= :customerid
AND `id`= :id" AND `id`= :id"
@@ -298,13 +298,13 @@ if($page == 'overview') {
Database::pexecute($stmt, array("customerid" => $userinfo['customerid'], "id" => $id)); Database::pexecute($stmt, array("customerid" => $userinfo['customerid'], "id" => $id));
$log->logAction(USR_ACTION, LOG_INFO, "deleted htaccess for '" . str_replace($userinfo['documentroot'], '', $result['path']) . "'"); $log->logAction(USR_ACTION, LOG_INFO, "deleted htaccess for '" . str_replace($userinfo['documentroot'], '', $result['path']) . "'");
inserttask('1'); inserttask('1');
redirectTo($filename, Array('page' => $page, 's' => $s)); redirectTo($filename, array('page' => $page, 's' => $s));
} else { } else {
ask_yesno('extras_reallydelete_pathoptions', $filename, array('id' => $id, 'page' => $page, 'action' => $action), str_replace($userinfo['documentroot'], '', $result['path'])); ask_yesno('extras_reallydelete_pathoptions', $filename, array('id' => $id, 'page' => $page, 'action' => $action), str_replace($userinfo['documentroot'], '', $result['path']));
} }
} }
} elseif($action == 'add') { } elseif ($action == 'add') {
if(isset($_POST['send']) && $_POST['send'] == 'send') { if (isset($_POST['send']) && $_POST['send'] == 'send') {
$path = makeCorrectDir(validate($_POST['path'], 'path')); $path = makeCorrectDir(validate($_POST['path'], 'path'));
$userpath = $path; $userpath = $path;
$path = makeCorrectDir($userinfo['documentroot'] . '/' . $path); $path = makeCorrectDir($userinfo['documentroot'] . '/' . $path);
@@ -315,11 +315,11 @@ if($page == 'overview') {
Database::pexecute($path_dupe_check_stmt, array("path" => $path, "customerid" => $userinfo['customerid'])); Database::pexecute($path_dupe_check_stmt, array("path" => $path, "customerid" => $userinfo['customerid']));
$path_dupe_check = $path_dupe_check_stmt->fetch(PDO::FETCH_ASSOC); $path_dupe_check = $path_dupe_check_stmt->fetch(PDO::FETCH_ASSOC);
if(!$_POST['path']) { if (!$_POST['path']) {
standard_error('invalidpath'); standard_error('invalidpath');
} }
if(isset($_POST['options_cgi']) && (int)$_POST['options_cgi'] != 0) { if (isset($_POST['options_cgi']) && (int)$_POST['options_cgi'] != 0) {
$options_cgi = '1'; $options_cgi = '1';
} else { } else {
$options_cgi = '0'; $options_cgi = '0';
@@ -340,9 +340,9 @@ if($page == 'overview') {
$error500path = correctErrorDocument($_POST['error500path']); $error500path = correctErrorDocument($_POST['error500path']);
} }
if($path_dupe_check['path'] == $path) { if ($path_dupe_check['path'] == $path) {
standard_error('errordocpathdupe', $userpath); standard_error('errordocpathdupe', $userpath);
} elseif($path == '') { } elseif ($path == '') {
standard_error('patherror'); standard_error('patherror');
} else { } else {
$stmt = Database::prepare('INSERT INTO `' . TABLE_PANEL_HTACCESS . '` SET $stmt = Database::prepare('INSERT INTO `' . TABLE_PANEL_HTACCESS . '` SET
@@ -367,10 +367,10 @@ if($page == 'overview') {
$log->logAction(USR_ACTION, LOG_INFO, "added htaccess for '" . $path . "'"); $log->logAction(USR_ACTION, LOG_INFO, "added htaccess for '" . $path . "'");
inserttask('1'); inserttask('1');
redirectTo($filename, Array('page' => $page, 's' => $s)); redirectTo($filename, array('page' => $page, 's' => $s));
} }
} else { } else {
$pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid'], $settings['panel']['pathedit']); $pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid']);
$cperlenabled = customerHasPerlEnabled($userinfo['customerid']); $cperlenabled = customerHasPerlEnabled($userinfo['customerid']);
$htaccess_add_data = include_once dirname(__FILE__).'/lib/formfields/customer/extras/formfield.htaccess_add.php'; $htaccess_add_data = include_once dirname(__FILE__).'/lib/formfields/customer/extras/formfield.htaccess_add.php';
@@ -381,7 +381,7 @@ if($page == 'overview') {
eval("echo \"" . getTemplate("extras/htaccess_add") . "\";"); eval("echo \"" . getTemplate("extras/htaccess_add") . "\";");
} }
} elseif(($action == 'edit') && ($id != 0)) { } elseif (($action == 'edit') && ($id != 0)) {
$result_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_HTACCESS . "` $result_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_HTACCESS . "`
WHERE `customerid` = :customerid WHERE `customerid` = :customerid
AND `id` = :id" AND `id` = :id"
@@ -389,16 +389,16 @@ if($page == 'overview') {
Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid'], "id" => $id)); Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid'], "id" => $id));
$result = $result_stmt->fetch(PDO::FETCH_ASSOC); $result = $result_stmt->fetch(PDO::FETCH_ASSOC);
if((isset($result['customerid'])) && ($result['customerid'] != '') && ($result['customerid'] == $userinfo['customerid'])) { if ((isset($result['customerid'])) && ($result['customerid'] != '') && ($result['customerid'] == $userinfo['customerid'])) {
if(isset($_POST['send']) && $_POST['send'] == 'send') { if (isset($_POST['send']) && $_POST['send'] == 'send') {
$option_indexes = intval($_POST['options_indexes']); $option_indexes = intval($_POST['options_indexes']);
$options_cgi = isset($_POST['options_cgi']) ? intval($_POST['options_cgi']) : 0; $options_cgi = isset($_POST['options_cgi']) ? intval($_POST['options_cgi']) : 0;
if($option_indexes != '1') { if ($option_indexes != '1') {
$option_indexes = '0'; $option_indexes = '0';
} }
if($options_cgi != '1') { if ($options_cgi != '1') {
$options_cgi = '0'; $options_cgi = '0';
} }
@@ -406,7 +406,7 @@ if($page == 'overview') {
$error403path = correctErrorDocument($_POST['error403path']); $error403path = correctErrorDocument($_POST['error403path']);
$error500path = correctErrorDocument($_POST['error500path']); $error500path = correctErrorDocument($_POST['error500path']);
if(($option_indexes != $result['options_indexes']) if (($option_indexes != $result['options_indexes'])
|| ($error404path != $result['error404path']) || ($error404path != $result['error404path'])
|| ($error403path != $result['error403path']) || ($error403path != $result['error403path'])
|| ($error500path != $result['error500path']) || ($error500path != $result['error500path'])
@@ -436,9 +436,9 @@ if($page == 'overview') {
$log->logAction(USR_ACTION, LOG_INFO, "edited htaccess for '" . str_replace($userinfo['documentroot'], '', $result['path']) . "'"); $log->logAction(USR_ACTION, LOG_INFO, "edited htaccess for '" . str_replace($userinfo['documentroot'], '', $result['path']) . "'");
} }
redirectTo($filename, Array('page' => $page, 's' => $s)); redirectTo($filename, array('page' => $page, 's' => $s));
} else { } else {
if(strpos($result['path'], $userinfo['documentroot']) === 0) { if (strpos($result['path'], $userinfo['documentroot']) === 0) {
$result['path'] = substr($result['path'], strlen($userinfo['documentroot'])); $result['path'] = substr($result['path'], strlen($userinfo['documentroot']));
// don't show nothing wehn it's the docroot, show slash // don't show nothing wehn it's the docroot, show slash
if ($result['path'] == '') { $result['path'] = '/'; } if ($result['path'] == '') { $result['path'] = '/'; }

76
customer_ftp.php
View File

@@ -23,7 +23,7 @@ require './lib/init.php';
$id = 0; $id = 0;
if (isset($_POST['id'])) { if (isset($_POST['id'])) {
$id = intval($_POST['id']); $id = intval($_POST['id']);
} elseif(isset($_GET['id'])) { } elseif (isset($_GET['id'])) {
$id = intval($_GET['id']); $id = intval($_GET['id']);
} }
@@ -37,8 +37,8 @@ if ($page == 'overview') {
'username' => $lng['login']['username'], 'username' => $lng['login']['username'],
'homedir' => $lng['panel']['path'] 'homedir' => $lng['panel']['path']
); );
$paging = new paging($userinfo, TABLE_FTP_USERS, $fields, $settings['panel']['paging'], $settings['panel']['natsorting']); $paging = new paging($userinfo, TABLE_FTP_USERS, $fields);
$result_stmt = Database::prepare("SELECT `id`, `username`, `homedir` FROM `" . TABLE_FTP_USERS . "` $result_stmt = Database::prepare("SELECT `id`, `username`, `homedir` FROM `" . TABLE_FTP_USERS . "`
WHERE `customerid`= :customerid " . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit() WHERE `customerid`= :customerid " . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit()
); );
@@ -62,7 +62,7 @@ if ($page == 'overview') {
} }
$row['documentroot'] = makeCorrectDir($row['documentroot']); $row['documentroot'] = makeCorrectDir($row['documentroot']);
$row = htmlentities_array($row); $row = htmlentities_array($row);
eval("\$accounts.=\"" . getTemplate('ftp/accounts_account') . "\";"); eval("\$accounts.=\"" . getTemplate('ftp/accounts_account') . "\";");
$count++; $count++;
@@ -79,7 +79,7 @@ if ($page == 'overview') {
); );
Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid'], "id" => $id)); Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid'], "id" => $id));
$result = $result_stmt->fetch(PDO::FETCH_ASSOC); $result = $result_stmt->fetch(PDO::FETCH_ASSOC);
if (isset($result['username']) && $result['username'] != $userinfo['loginname']) { if (isset($result['username']) && $result['username'] != $userinfo['loginname']) {
if (isset($_POST['send']) && $_POST['send'] == 'send') { if (isset($_POST['send']) && $_POST['send'] == 'send') {
$stmt = Database::prepare("UPDATE `" . TABLE_FTP_USERS . "` $stmt = Database::prepare("UPDATE `" . TABLE_FTP_USERS . "`
@@ -97,23 +97,23 @@ if ($page == 'overview') {
"username" => $userinfo['loginname'] "username" => $userinfo['loginname']
); );
Database::pexecute($stmt, $params); Database::pexecute($stmt, $params);
$result_stmt = Database::prepare("SELECT `username`, `homedir` FROM `" . TABLE_FTP_USERS . "` $result_stmt = Database::prepare("SELECT `username`, `homedir` FROM `" . TABLE_FTP_USERS . "`
WHERE `customerid` = :customerid WHERE `customerid` = :customerid
AND `id` = :id" AND `id` = :id"
); );
Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid'], "id" => $id)); Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid'], "id" => $id));
$result = $result_stmt->fetch(PDO::FETCH_ASSOC); $result = $result_stmt->fetch(PDO::FETCH_ASSOC);
$stmt = Database::prepare("DELETE FROM `" . TABLE_FTP_QUOTATALLIES . "` WHERE `name` = :name"); $stmt = Database::prepare("DELETE FROM `" . TABLE_FTP_QUOTATALLIES . "` WHERE `name` = :name");
Database::pexecute($stmt, array("name" => $result['username'])); Database::pexecute($stmt, array("name" => $result['username']));
$stmt = Database::prepare("DELETE FROM `" . TABLE_FTP_USERS . "` $stmt = Database::prepare("DELETE FROM `" . TABLE_FTP_USERS . "`
WHERE `customerid` = :customerid WHERE `customerid` = :customerid
AND `id` = :id" AND `id` = :id"
); );
Database::pexecute($stmt, array("customerid" => $userinfo['customerid'], "id" => $id)); Database::pexecute($stmt, array("customerid" => $userinfo['customerid'], "id" => $id));
$stmt = Database::prepare(" $stmt = Database::prepare("
UPDATE `" . TABLE_FTP_GROUPS . "` SET UPDATE `" . TABLE_FTP_GROUPS . "` SET
`members` = REPLACE(`members`, :username,'') `members` = REPLACE(`members`, :username,'')
@@ -129,13 +129,13 @@ if ($page == 'overview') {
if (isset($_POST['delete_userfiles']) && (int)$_POST['delete_userfiles'] == 1) { if (isset($_POST['delete_userfiles']) && (int)$_POST['delete_userfiles'] == 1) {
inserttask('8', $userinfo['loginname'], $result['homedir']); inserttask('8', $userinfo['loginname'], $result['homedir']);
} }
$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` $stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "`
SET `ftps_used` = `ftps_used` - 1 $resetaccnumber SET `ftps_used` = `ftps_used` - 1 $resetaccnumber
WHERE `customerid` = :customerid" WHERE `customerid` = :customerid"
); );
Database::pexecute($stmt, array("customerid" => $userinfo['customerid'])); Database::pexecute($stmt, array("customerid" => $userinfo['customerid']));
redirectTo($filename, array('page' => $page, 's' => $s)); redirectTo($filename, array('page' => $page, 's' => $s));
} else { } else {
ask_yesno_withcheckbox('ftp_reallydelete', 'admin_customer_alsoremoveftphomedir', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $result['username']); ask_yesno_withcheckbox('ftp_reallydelete', 'admin_customer_alsoremoveftphomedir', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $result['username']);
@@ -146,7 +146,7 @@ if ($page == 'overview') {
} elseif ($action == 'add') { } elseif ($action == 'add') {
if ($userinfo['ftps_used'] < $userinfo['ftps'] || $userinfo['ftps'] == '-1') { if ($userinfo['ftps_used'] < $userinfo['ftps'] || $userinfo['ftps'] == '-1') {
if (isset($_POST['send']) if (isset($_POST['send'])
&& $_POST['send'] == 'send') { && $_POST['send'] == 'send') {
// @FIXME use a good path-validating regex here (refs #1231) // @FIXME use a good path-validating regex here (refs #1231)
$path = validate($_POST['path'], 'path'); $path = validate($_POST['path'], 'path');
$password = validate($_POST['ftp_password'], 'password'); $password = validate($_POST['ftp_password'], 'password');
@@ -157,7 +157,7 @@ if ($page == 'overview') {
$sendinfomail = 0; $sendinfomail = 0;
} }
if ($settings['customer']['ftpatdomain'] == '1') { if (Settings::Get('customer.ftpatdomain') == '1') {
$ftpusername = validate($_POST['ftp_username'], 'username', '/^[a-zA-Z0-9][a-zA-Z0-9\-_]+\$?$/'); $ftpusername = validate($_POST['ftp_username'], 'username', '/^[a-zA-Z0-9][a-zA-Z0-9\-_]+\$?$/');
if ($ftpusername == '') { if ($ftpusername == '') {
standard_error(array('stringisempty', 'username')); standard_error(array('stringisempty', 'username'));
@@ -169,21 +169,21 @@ if ($page == 'overview') {
); );
Database::pexecute($ftpdomain_check_stmt, array("domain" => $ftpdomain, "customerid" => $userinfo['customerid'])); Database::pexecute($ftpdomain_check_stmt, array("domain" => $ftpdomain, "customerid" => $userinfo['customerid']));
$ftpdomain_check = $ftpdomain_check_stmt->fetch(PDO::FETCH_ASSOC); $ftpdomain_check = $ftpdomain_check_stmt->fetch(PDO::FETCH_ASSOC);
if ($ftpdomain_check['domain'] != $ftpdomain) { if ($ftpdomain_check['domain'] != $ftpdomain) {
standard_error('maindomainnonexist', $domain); standard_error('maindomainnonexist', $domain);
} }
$username = $ftpusername . "@" . $ftpdomain; $username = $ftpusername . "@" . $ftpdomain;
} else { } else {
$username = $userinfo['loginname'] . $settings['customer']['ftpprefix'] . (intval($userinfo['ftp_lastaccountnumber']) + 1); $username = $userinfo['loginname'] . Settings::Get('customer.ftpprefix') . (intval($userinfo['ftp_lastaccountnumber']) + 1);
} }
$username_check_stmt = Database::prepare("SELECT * FROM `" . TABLE_FTP_USERS . "` $username_check_stmt = Database::prepare("SELECT * FROM `" . TABLE_FTP_USERS . "`
WHERE `username` = :username" WHERE `username` = :username"
); );
Database::pexecute($username_check_stmt, array("username" => $username)); Database::pexecute($username_check_stmt, array("username" => $username));
$username_check = $username_check_stmt->fetch(PDO::FETCH_ASSOC); $username_check = $username_check_stmt->fetch(PDO::FETCH_ASSOC);
if (!empty($username_check) && $username_check['username'] = $username) { if (!empty($username_check) && $username_check['username'] = $username) {
standard_error('usernamealreadyexists', $username); standard_error('usernamealreadyexists', $username);
} elseif ($password == '') { } elseif ($password == '') {
@@ -194,7 +194,7 @@ if ($page == 'overview') {
$path = makeCorrectDir($userinfo['documentroot'] . '/' . $path); $path = makeCorrectDir($userinfo['documentroot'] . '/' . $path);
$cryptPassword = makeCryptPassword($password); $cryptPassword = makeCryptPassword($password);
$stmt = Database::prepare("INSERT INTO `" . TABLE_FTP_USERS . "` $stmt = Database::prepare("INSERT INTO `" . TABLE_FTP_USERS . "`
(`customerid`, `username`, `password`, `homedir`, `login_enabled`, `uid`, `gid`) (`customerid`, `username`, `password`, `homedir`, `login_enabled`, `uid`, `gid`)
VALUES (:customerid, :username, :password, :homedir, 'y', :guid, :guid)" VALUES (:customerid, :username, :password, :homedir, 'y', :guid, :guid)"
@@ -207,20 +207,20 @@ if ($page == 'overview') {
"guid" => $userinfo['guid'] "guid" => $userinfo['guid']
); );
Database::pexecute($stmt, $params); Database::pexecute($stmt, $params);
$result_stmt = Database::prepare("SELECT `bytes_in_used` FROM `" . TABLE_FTP_QUOTATALLIES . "` $result_stmt = Database::prepare("SELECT `bytes_in_used` FROM `" . TABLE_FTP_QUOTATALLIES . "`
WHERE `name` = :name" WHERE `name` = :name"
); );
Database::pexecute($result_stmt, array("name" => $userinfo['loginname'])); Database::pexecute($result_stmt, array("name" => $userinfo['loginname']));
while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) { while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
$stmt = Database::prepare("INSERT INTO `" . TABLE_FTP_QUOTATALLIES . "` $stmt = Database::prepare("INSERT INTO `" . TABLE_FTP_QUOTATALLIES . "`
(`name`, `quota_type`, `bytes_in_used`, `bytes_out_used`, `bytes_xfer_used`, `files_in_used`, `files_out_used`, `files_xfer_used`) (`name`, `quota_type`, `bytes_in_used`, `bytes_out_used`, `bytes_xfer_used`, `files_in_used`, `files_out_used`, `files_xfer_used`)
VALUES (:name, 'user', :bytes_in_used, '0', '0', '0', '0', '0')" VALUES (:name, 'user', :bytes_in_used, '0', '0', '0', '0', '0')"
); );
Database::pexecute($stmt, array("name" => $username, "bytes_in_used" => $row['bytes_in_used'])); Database::pexecute($stmt, array("name" => $username, "bytes_in_used" => $row['bytes_in_used']));
} }
$stmt = Database::prepare("UPDATE `" . TABLE_FTP_GROUPS . "` $stmt = Database::prepare("UPDATE `" . TABLE_FTP_GROUPS . "`
SET `members` = CONCAT_WS(',',`members`, :username) SET `members` = CONCAT_WS(',',`members`, :username)
WHERE `customerid`= :customerid WHERE `customerid`= :customerid
@@ -232,7 +232,7 @@ if ($page == 'overview') {
"guid" => $userinfo['guid'] "guid" => $userinfo['guid']
); );
Database::pexecute($stmt, $params); Database::pexecute($stmt, $params);
$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` $stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "`
SET `ftps_used` = `ftps_used` + 1, SET `ftps_used` = `ftps_used` + 1,
`ftp_lastaccountnumber` = `ftp_lastaccountnumber` + 1 `ftp_lastaccountnumber` = `ftp_lastaccountnumber` + 1
@@ -251,7 +251,7 @@ if ($page == 'overview') {
'USR_PASS' => $password, 'USR_PASS' => $password,
'USR_PATH' => makeCorrectDir(substr($path, strlen($userinfo['documentroot']))) 'USR_PATH' => makeCorrectDir(substr($path, strlen($userinfo['documentroot'])))
); );
$def_language = $userinfo['def_language']; $def_language = $userinfo['def_language'];
$result_stmt = Database::prepare("SELECT `value` FROM `" . TABLE_PANEL_TEMPLATES . "` $result_stmt = Database::prepare("SELECT `value` FROM `" . TABLE_PANEL_TEMPLATES . "`
WHERE `adminid` = :adminid WHERE `adminid` = :adminid
@@ -262,7 +262,7 @@ if ($page == 'overview') {
Database::pexecute($result_stmt, array("adminid" => $userinfo['adminid'], "lang" => $def_language)); Database::pexecute($result_stmt, array("adminid" => $userinfo['adminid'], "lang" => $def_language));
$result = $result_stmt->fetch(PDO::FETCH_ASSOC); $result = $result_stmt->fetch(PDO::FETCH_ASSOC);
$mail_subject = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $lng['customer']['ftp_add']['infomail_subject']), $replace_arr)); $mail_subject = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $lng['customer']['ftp_add']['infomail_subject']), $replace_arr));
$def_language = $userinfo['def_language']; $def_language = $userinfo['def_language'];
$result_stmt = Database::prepare("SELECT `value` FROM `" . TABLE_PANEL_TEMPLATES . "` $result_stmt = Database::prepare("SELECT `value` FROM `" . TABLE_PANEL_TEMPLATES . "`
WHERE `adminid` = :adminid WHERE `adminid` = :adminid
@@ -273,7 +273,7 @@ if ($page == 'overview') {
Database::pexecute($result_stmt, array("adminid" => $userinfo['adminid'], "lang" => $def_language)); Database::pexecute($result_stmt, array("adminid" => $userinfo['adminid'], "lang" => $def_language));
$result = $result_stmt->fetch(PDO::FETCH_ASSOC); $result = $result_stmt->fetch(PDO::FETCH_ASSOC);
$mail_body = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $lng['customer']['ftp_add']['infomail_body']['main']), $replace_arr)); $mail_body = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $lng['customer']['ftp_add']['infomail_body']['main']), $replace_arr));
$_mailerror = false; $_mailerror = false;
try { try {
$mail->Subject = $mail_subject; $mail->Subject = $mail_subject;
@@ -297,12 +297,12 @@ if ($page == 'overview') {
$mail->ClearAddresses(); $mail->ClearAddresses();
} }
redirectTo($filename, Array('page' => $page, 's' => $s)); redirectTo($filename, array('page' => $page, 's' => $s));
} }
} else { } else {
$pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid'], $settings['panel']['pathedit'], '/'); $pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid'], '/');
if ($settings['customer']['ftpatdomain'] == '1') { if (Settings::Get('customer.ftpatdomain') == '1') {
$domainlist = array(); $domainlist = array();
$domains = ''; $domains = '';
@@ -347,7 +347,7 @@ if ($page == 'overview') {
if (isset($_POST['send']) && $_POST['send'] == 'send') { if (isset($_POST['send']) && $_POST['send'] == 'send') {
// @FIXME use a good path-validating regex here (refs #1231) // @FIXME use a good path-validating regex here (refs #1231)
$path = validate($_POST['path'], 'path'); $path = validate($_POST['path'], 'path');
$_setnewpass = false; $_setnewpass = false;
if (isset($_POST['ftp_password']) && $_POST['ftp_password'] != '') { if (isset($_POST['ftp_password']) && $_POST['ftp_password'] != '') {
$password = validate($_POST['ftp_password'], 'password'); $password = validate($_POST['ftp_password'], 'password');
@@ -362,7 +362,7 @@ if ($page == 'overview') {
} }
$log->logAction(USR_ACTION, LOG_INFO, "updated ftp-account password for '" . $result['username'] . "'"); $log->logAction(USR_ACTION, LOG_INFO, "updated ftp-account password for '" . $result['username'] . "'");
$cryptPassword = makeCryptPassword($password); $cryptPassword = makeCryptPassword($password);
$stmt = Database::prepare("UPDATE `" . TABLE_FTP_USERS . "` $stmt = Database::prepare("UPDATE `" . TABLE_FTP_USERS . "`
SET `password` = :password SET `password` = :password
WHERE `customerid` = :customerid WHERE `customerid` = :customerid
@@ -370,19 +370,19 @@ if ($page == 'overview') {
); );
Database::pexecute($stmt, array("customerid" => $userinfo['customerid'], "id" => $id, "password" => $cryptPassword)); Database::pexecute($stmt, array("customerid" => $userinfo['customerid'], "id" => $id, "password" => $cryptPassword));
} }
if ($path != '') { if ($path != '') {
$path = makeCorrectDir($userinfo['documentroot'] . '/' . $path); $path = makeCorrectDir($userinfo['documentroot'] . '/' . $path);
if ($path != $result['homedir']) { if ($path != $result['homedir']) {
if (!file_exists($path)) { if (!file_exists($path)) {
// it's the task for "new ftp" but that will // it's the task for "new ftp" but that will
// create all directories and correct their permissions // create all directories and correct their permissions
inserttask(5); inserttask(5);
} }
$log->logAction(USR_ACTION, LOG_INFO, "updated ftp-account homdir for '" . $result['username'] . "'"); $log->logAction(USR_ACTION, LOG_INFO, "updated ftp-account homdir for '" . $result['username'] . "'");
$stmt = Database::prepare("UPDATE `" . TABLE_FTP_USERS . "` $stmt = Database::prepare("UPDATE `" . TABLE_FTP_USERS . "`
SET `homedir` = :homedir SET `homedir` = :homedir
WHERE `customerid` = :customerid WHERE `customerid` = :customerid
@@ -393,11 +393,11 @@ if ($page == 'overview') {
"customerid" => $userinfo['customerid'], "customerid" => $userinfo['customerid'],
"id" => $id "id" => $id
); );
Database::pexecute($stmt, $params); Database::pexecute($stmt, $params);
} }
} }
redirectTo($filename, Array('page' => $page, 's' => $s)); redirectTo($filename, array('page' => $page, 's' => $s));
} else { } else {
if (strpos($result['homedir'], $userinfo['documentroot']) === 0) { if (strpos($result['homedir'], $userinfo['documentroot']) === 0) {
$homedir = substr($result['homedir'], strlen($userinfo['documentroot'])); $homedir = substr($result['homedir'], strlen($userinfo['documentroot']));
@@ -406,9 +406,9 @@ if ($page == 'overview') {
} }
$homedir = makeCorrectDir($homedir); $homedir = makeCorrectDir($homedir);
$pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid'], $settings['panel']['pathedit'], $homedir); $pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid'], $homedir);
if ($settings['customer']['ftpatdomain'] == '1') { if (Settings::Get('customer.ftpatdomain') == '1') {
$domains = ''; $domains = '';
$result_domains_stmt = Database::prepare("SELECT `domain` FROM `" . TABLE_PANEL_DOMAINS . "` $result_domains_stmt = Database::prepare("SELECT `domain` FROM `" . TABLE_PANEL_DOMAINS . "`

38
customer_index.php
View File

@@ -23,8 +23,8 @@ require './lib/init.php';
if ($action == 'logout') { if ($action == 'logout') {
$log->logAction(USR_ACTION, LOG_NOTICE, 'logged out'); $log->logAction(USR_ACTION, LOG_NOTICE, 'logged out');
$params = array("customerid" => $userinfo['customerid']); $params = array("customerid" => $userinfo['customerid']);
if ($settings['session']['allow_multiple_login'] == '1') { if (Settings::Get('session.allow_multiple_login') == '1') {
$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_SESSIONS . "` $stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_SESSIONS . "`
WHERE `userid` = :customerid WHERE `userid` = :customerid
AND `adminsession` = '0' AND `adminsession` = '0'
@@ -79,10 +79,10 @@ if ($page == 'overview') {
$yesterday = time() - (60 * 60 * 24); $yesterday = time() - (60 * 60 * 24);
$month = date('M Y', $yesterday); $month = date('M Y', $yesterday);
$userinfo['diskspace'] = round($userinfo['diskspace'] / 1024, $settings['panel']['decimal_places']); $userinfo['diskspace'] = round($userinfo['diskspace'] / 1024, Settings::Get('panel.decimal_places'));
$userinfo['diskspace_used'] = round($userinfo['diskspace_used'] / 1024, $settings['panel']['decimal_places']); $userinfo['diskspace_used'] = round($userinfo['diskspace_used'] / 1024, Settings::Get('panel.decimal_places'));
$userinfo['traffic'] = round($userinfo['traffic'] / (1024 * 1024), $settings['panel']['decimal_places']); $userinfo['traffic'] = round($userinfo['traffic'] / (1024 * 1024), Settings::Get('panel.decimal_places'));
$userinfo['traffic_used'] = round($userinfo['traffic_used'] / (1024 * 1024), $settings['panel']['decimal_places']); $userinfo['traffic_used'] = round($userinfo['traffic_used'] / (1024 * 1024), Settings::Get('panel.decimal_places'));
$userinfo = str_replace_array('-1', $lng['customer']['unlimited'], $userinfo, 'diskspace traffic mysqls emails email_accounts email_forwarders email_quota ftps tickets subdomains'); $userinfo = str_replace_array('-1', $lng['customer']['unlimited'], $userinfo, 'diskspace traffic mysqls emails email_accounts email_forwarders email_quota ftps tickets subdomains');
$services_enabled = ""; $services_enabled = "";
@@ -107,11 +107,11 @@ if ($page == 'overview') {
if ($old_password == '') { if ($old_password == '') {
standard_error(array('stringisempty', 'oldpassword')); standard_error(array('stringisempty', 'oldpassword'));
} elseif($new_password == '') { } elseif ($new_password == '') {
standard_error(array('stringisempty', 'newpassword')); standard_error(array('stringisempty', 'newpassword'));
} elseif($new_password_confirm == '') { } elseif ($new_password_confirm == '') {
standard_error(array('stringisempty', 'newpasswordconfirm')); standard_error(array('stringisempty', 'newpasswordconfirm'));
} elseif($new_password != $new_password_confirm) { } elseif ($new_password != $new_password_confirm) {
standard_error('newpasswordconfirmerror'); standard_error('newpasswordconfirmerror');
} else { } else {
// Update user password // Update user password
@@ -167,7 +167,7 @@ if ($page == 'overview') {
Database::pexecute($stmt, $params); Database::pexecute($stmt, $params);
} }
redirectTo($filename, Array('s' => $s)); redirectTo($filename, array('s' => $s));
} }
} else { } else {
eval("echo \"" . getTemplate('index/change_password') . "\";"); eval("echo \"" . getTemplate('index/change_password') . "\";");
@@ -191,9 +191,9 @@ if ($page == 'overview') {
$log->logAction(USR_ACTION, LOG_NOTICE, "changed default language to '" . $def_language . "'"); $log->logAction(USR_ACTION, LOG_NOTICE, "changed default language to '" . $def_language . "'");
} }
redirectTo($filename, Array('s' => $s)); redirectTo($filename, array('s' => $s));
} else { } else {
$default_lang = $settings['panel']['standardlanguage']; $default_lang = Settings::Get('panel.standardlanguage');
if ($userinfo['def_language'] != '') { if ($userinfo['def_language'] != '') {
$default_lang = $userinfo['def_language']; $default_lang = $userinfo['def_language'];
} }
@@ -222,9 +222,9 @@ if ($page == 'overview') {
Database::pexecute($stmt, array("theme" => $theme, "hash" => $s)); Database::pexecute($stmt, array("theme" => $theme, "hash" => $s));
$log->logAction(USR_ACTION, LOG_NOTICE, "changed default theme to '" . $theme . "'"); $log->logAction(USR_ACTION, LOG_NOTICE, "changed default theme to '" . $theme . "'");
redirectTo($filename, Array('s' => $s)); redirectTo($filename, array('s' => $s));
} else { } else {
$default_theme = $settings['panel']['default_theme']; $default_theme = Settings::Get('panel.default_theme');
if ($userinfo['theme'] != '') { if ($userinfo['theme'] != '') {
$default_theme = $userinfo['theme']; $default_theme = $userinfo['theme'];
} }
@@ -238,14 +238,10 @@ if ($page == 'overview') {
eval("echo \"" . getTemplate('index/change_theme') . "\";"); eval("echo \"" . getTemplate('index/change_theme') . "\";");
} }
} elseif ($page == 'send_error_report' } elseif ($page == 'send_error_report' && Settings::Get('system.allow_error_report_customer') == '1') {
&& $settings['system']['allow_error_report_customer'] == '1'
) {
// only show this if we really have an exception to report // only show this if we really have an exception to report
if (isset($_GET['errorid']) if (isset($_GET['errorid']) && $_GET['errorid'] != '') {
&& $_GET['errorid'] != ''
) {
$errid = $_GET['errorid']; $errid = $_GET['errorid'];
// read error file // read error file
@@ -279,7 +275,7 @@ if ($page == 'overview') {
// send actual report to dev-team // send actual report to dev-team
if (isset($_POST['send']) if (isset($_POST['send'])
&& $_POST['send'] == 'send' && $_POST['send'] == 'send'
) { ) {
// send mail and say thanks // send mail and say thanks
$_mailerror = false; $_mailerror = false;

24
customer_mysql.php
View File

@@ -28,7 +28,7 @@ Database::needRoot(false);
if (isset($_POST['id'])) { if (isset($_POST['id'])) {
$id = intval($_POST['id']); $id = intval($_POST['id']);
} elseif(isset($_GET['id'])) { } elseif (isset($_GET['id'])) {
$id = intval($_GET['id']); $id = intval($_GET['id']);
} }
@@ -38,14 +38,14 @@ if ($page == 'overview') {
$sql = Database::getSqlData(); $sql = Database::getSqlData();
$lng['mysql']['description'] = str_replace('<SQL_HOST>', $sql['host'], $lng['mysql']['description']); $lng['mysql']['description'] = str_replace('<SQL_HOST>', $sql['host'], $lng['mysql']['description']);
eval("echo \"" . getTemplate('mysql/mysql') . "\";"); eval("echo \"" . getTemplate('mysql/mysql') . "\";");
} elseif($page == 'mysqls') { } elseif ($page == 'mysqls') {
if ($action == '') { if ($action == '') {
$log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_mysql::mysqls"); $log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_mysql::mysqls");
$fields = array( $fields = array(
'databasename' => $lng['mysql']['databasename'], 'databasename' => $lng['mysql']['databasename'],
'description' => $lng['mysql']['databasedescription'] 'description' => $lng['mysql']['databasedescription']
); );
$paging = new paging($userinfo, TABLE_PANEL_DATABASES, $fields, $settings['panel']['paging'], $settings['panel']['natsorting']); $paging = new paging($userinfo, TABLE_PANEL_DATABASES, $fields);
$result_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_DATABASES . "` $result_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_DATABASES . "`
WHERE `customerid`= :customerid " . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit() WHERE `customerid`= :customerid " . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit()
); );
@@ -76,7 +76,7 @@ if ($page == 'overview') {
); );
Database::pexecute($mbdata_stmt, array("table_schema" => $row['databasename'])); Database::pexecute($mbdata_stmt, array("table_schema" => $row['databasename']));
$mbdata = $mbdata_stmt->fetch(PDO::FETCH_ASSOC); $mbdata = $mbdata_stmt->fetch(PDO::FETCH_ASSOC);
$row['size'] = size_readable($mbdata['MB'], 'GiB', 'bi', '%01.'.(int)$settings['panel']['decimal_places'].'f %s'); $row['size'] = size_readable($mbdata['MB'], 'GiB', 'bi', '%01.' . (int)Settings::Get('panel.decimal_places') . 'f %s');
eval("\$mysqls.=\"" . getTemplate('mysql/mysqls_database') . "\";"); eval("\$mysqls.=\"" . getTemplate('mysql/mysqls_database') . "\";");
$count++; $count++;
} }
@@ -87,7 +87,7 @@ if ($page == 'overview') {
eval("echo \"" . getTemplate('mysql/mysqls') . "\";"); eval("echo \"" . getTemplate('mysql/mysqls') . "\";");
} elseif($action == 'delete' && $id != 0) { } elseif ($action == 'delete' && $id != 0) {
$result_stmt = Database::prepare('SELECT `id`, `databasename`, `description`, `dbserver` FROM `' . TABLE_PANEL_DATABASES . '` $result_stmt = Database::prepare('SELECT `id`, `databasename`, `description`, `dbserver` FROM `' . TABLE_PANEL_DATABASES . '`
WHERE `customerid`="' . (int)$userinfo['customerid'] . '" WHERE `customerid`="' . (int)$userinfo['customerid'] . '"
AND `id`="' . (int)$id . '"' AND `id`="' . (int)$id . '"'
@@ -109,7 +109,7 @@ if ($page == 'overview') {
if (isset($_POST['send']) && $_POST['send'] == 'send') { if (isset($_POST['send']) && $_POST['send'] == 'send') {
// Begin root-session // Begin root-session
Database::needRoot(true, $result['dbserver']); Database::needRoot(true, $result['dbserver']);
$dbm = new DbManager($settings, $log); $dbm = new DbManager($log);
$dbm->getManager()->deleteDatabase($result['databasename']); $dbm->getManager()->deleteDatabase($result['databasename']);
$log->logAction(USR_ACTION, LOG_INFO, "deleted database '" . $result['databasename'] . "'"); $log->logAction(USR_ACTION, LOG_INFO, "deleted database '" . $result['databasename'] . "'");
Database::needRoot(false); Database::needRoot(false);
@@ -171,7 +171,7 @@ if ($page == 'overview') {
$databasedescription = validate(trim($_POST['description']), 'description'); $databasedescription = validate(trim($_POST['description']), 'description');
// create database, user, set permissions, etc.pp. // create database, user, set permissions, etc.pp.
$dbm = new DbManager($settings, $log); $dbm = new DbManager($log);
$username = $dbm->createDatabase( $username = $dbm->createDatabase(
$userinfo['loginname'], $userinfo['loginname'],
$password, $password,
@@ -199,8 +199,8 @@ if ($page == 'overview') {
if ($sendinfomail == 1) { if ($sendinfomail == 1) {
$pma = $lng['admin']['notgiven']; $pma = $lng['admin']['notgiven'];
if ($settings['panel']['phpmyadmin_url'] != '') { if (Settings::Get('panel.phpmyadmin_url') != '') {
$pma = $settings['panel']['phpmyadmin_url']; $pma = Settings::Get('panel.phpmyadmin_url');
} }
Database::needRoot(true, $dbserver); Database::needRoot(true, $dbserver);
@@ -262,7 +262,7 @@ if ($page == 'overview') {
$mail->ClearAddresses(); $mail->ClearAddresses();
} }
redirectTo($filename, Array('page' => $page, 's' => $s)); redirectTo($filename, array('page' => $page, 's' => $s));
} }
} else { } else {
@@ -309,7 +309,7 @@ if ($page == 'overview') {
// Begin root-session // Begin root-session
Database::needRoot(true); Database::needRoot(true);
foreach (array_map('trim', explode(',', $settings['system']['mysql_access_host'])) as $mysql_access_host) { foreach (array_map('trim', explode(',', Settings::Get('system.mysql_access_host'))) as $mysql_access_host) {
$stmt = Database::prepare("SET PASSWORD FOR :dbname@:host = PASSWORD(:password)"); $stmt = Database::prepare("SET PASSWORD FOR :dbname@:host = PASSWORD(:password)");
$params = array( $params = array(
"dbname" => $result['databasename'], "dbname" => $result['databasename'],
@@ -334,7 +334,7 @@ if ($page == 'overview') {
AND `id` = :id" AND `id` = :id"
); );
Database::pexecute($stmt, array("desc" => $databasedescription, "customerid" => $userinfo['customerid'], "id" => $id)); Database::pexecute($stmt, array("desc" => $databasedescription, "customerid" => $userinfo['customerid'], "id" => $id));
redirectTo($filename, Array('page' => $page, 's' => $s)); redirectTo($filename, array('page' => $page, 's' => $s));
} else { } else {
$dbservers_stmt = Database::query("SELECT COUNT(DISTINCT `dbserver`) as numservers FROM `".TABLE_PANEL_DATABASES."`"); $dbservers_stmt = Database::query("SELECT COUNT(DISTINCT `dbserver`) as numservers FROM `".TABLE_PANEL_DATABASES."`");

106
customer_tickets.php
View File

@@ -32,15 +32,15 @@ if (isset($_POST['id'])) {
// no rights to see the requested ticket // no rights to see the requested ticket
standard_error(array('ticketnotaccessible')); standard_error(array('ticketnotaccessible'));
} }
} elseif(isset($_GET['id'])) { } elseif (isset($_GET['id'])) {
$id = intval($_GET['id']); $id = intval($_GET['id']);
} }
if($page == 'overview') { if ($page == 'overview') {
$log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_tickets"); $log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_tickets");
eval("echo \"" . getTemplate("tickets/ticket") . "\";"); eval("echo \"" . getTemplate("tickets/ticket") . "\";");
} elseif($page == 'tickets') { } elseif ($page == 'tickets') {
if($action == '') { if ($action == '') {
$log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_tickets::tickets"); $log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_tickets::tickets");
$fields = array( $fields = array(
'status' => $lng['ticket']['status'], 'status' => $lng['ticket']['status'],
@@ -48,7 +48,7 @@ if($page == 'overview') {
'subject' => $lng['ticket']['subject'], 'subject' => $lng['ticket']['subject'],
'lastreplier' => $lng['ticket']['lastreplier'] 'lastreplier' => $lng['ticket']['lastreplier']
); );
$paging = new paging($userinfo, TABLE_PANEL_TICKETS, $fields, $settings['panel']['paging'], $settings['panel']['natsorting']); $paging = new paging($userinfo, TABLE_PANEL_TICKETS, $fields);
$stmt = Database::prepare('SELECT `main`.`id`, (SELECT COUNT(`sub`.`id`) FROM `' . TABLE_PANEL_TICKETS . '` `sub` $stmt = Database::prepare('SELECT `main`.`id`, (SELECT COUNT(`sub`.`id`) FROM `' . TABLE_PANEL_TICKETS . '` `sub`
WHERE `sub`.`answerto` = `main`.`id`) AS `ticket_answers`, `main`.`lastchange`, `main`.`subject`, `main`.`status`, `main`.`lastreplier`, `main`.`priority` WHERE `sub`.`answerto` = `main`.`id`) AS `ticket_answers`, `main`.`lastchange`, `main`.`subject`, `main`.`status`, `main`.`lastreplier`, `main`.`priority`
FROM `' . TABLE_PANEL_TICKETS . '` as `main` FROM `' . TABLE_PANEL_TICKETS . '` as `main`
@@ -68,13 +68,13 @@ if($page == 'overview') {
$tickets = ''; $tickets = '';
$tickets_count = 0; $tickets_count = 0;
while($row = $stmt->fetch(PDO::FETCH_ASSOC)) { while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
if($paging->checkDisplay($i)) { if ($paging->checkDisplay($i)) {
$tickets_count++; $tickets_count++;
$row = htmlentities_array($row); $row = htmlentities_array($row);
$row['lastchange'] = date("d.m.y H:i", $row['lastchange']); $row['lastchange'] = date("d.m.y H:i", $row['lastchange']);
if($row['status'] >= 0 && $row['status'] <= 2) { if ($row['status'] >= 0 && $row['status'] <= 2) {
$reopen = 0; $reopen = 0;
} else { } else {
$reopen = 1; $reopen = 1;
@@ -83,7 +83,7 @@ if($page == 'overview') {
$row['status'] = ticket::getStatusText($lng, $row['status']); $row['status'] = ticket::getStatusText($lng, $row['status']);
$row['priority'] = ticket::getPriorityText($lng, $row['priority']); $row['priority'] = ticket::getPriorityText($lng, $row['priority']);
if($row['lastreplier'] == '1') { if ($row['lastreplier'] == '1') {
$row['lastreplier'] = $lng['ticket']['staff']; $row['lastreplier'] = $lng['ticket']['staff'];
$cananswer = 1; $cananswer = 1;
} else { } else {
@@ -92,7 +92,7 @@ if($page == 'overview') {
} }
$row['subject'] = html_entity_decode($row['subject']); $row['subject'] = html_entity_decode($row['subject']);
if(strlen($row['subject']) > 20) { if (strlen($row['subject']) > 20) {
$row['subject'] = substr($row['subject'], 0, 17) . '...'; $row['subject'] = substr($row['subject'], 0, 17) . '...';
} }
@@ -106,22 +106,22 @@ if($page == 'overview') {
$supportavailable = 0; $supportavailable = 0;
$time = date("Hi", time()); $time = date("Hi", time());
$day = date("w", time()); $day = date("w", time());
$start = substr($settings['ticket']['worktime_begin'], 0, 2) . substr($settings['ticket']['worktime_begin'], 3, 2); $start = substr(Settings::Get('ticket.worktime_begin'), 0, 2) . substr(Settings::Get('ticket.worktime_begin'), 3, 2);
$end = substr($settings['ticket']['worktime_end'], 0, 2) . substr($settings['ticket']['worktime_end'], 3, 2); $end = substr(Settings::Get('ticket.worktime_end'), 0, 2) . substr(Settings::Get('ticket.worktime_end'), 3, 2);
if($time >= $start && $time <= $end) { if ($time >= $start && $time <= $end) {
$supportavailable = 1; $supportavailable = 1;
} }
if($settings['ticket']['worktime_sat'] == "0" && $day == "6") { if (Settings::Get('ticket.worktime_sat') == "0" && $day == "6") {
$supportavailable = 0; $supportavailable = 0;
} }
if($settings['ticket']['worktime_sun'] == "0" && $day == "0") { if (Settings::Get('ticket.worktime_sun') == "0" && $day == "0") {
$supportavailable = 0; $supportavailable = 0;
} }
if($settings['ticket']['worktime_all'] == "1") { if (Settings::Get('ticket.worktime_all') == "1") {
$supportavailable = 1; $supportavailable = 1;
} }
@@ -133,8 +133,8 @@ if($page == 'overview') {
); );
$opentickets = Database::pexecute_first($stmt, array("customerid" => $userinfo['customerid'])); $opentickets = Database::pexecute_first($stmt, array("customerid" => $userinfo['customerid']));
if($settings['ticket']['concurrently_open'] != - 1 && $settings['ticket']['concurrently_open'] != '') { if (Settings::Get('ticket.concurrently_open') != - 1 && Settings::Get('ticket.concurrently_open') != '') {
$notmorethanxopentickets = strtr($lng['ticket']['notmorethanxopentickets'], array('%s' => $settings['ticket']['concurrently_open'])); $notmorethanxopentickets = strtr($lng['ticket']['notmorethanxopentickets'], array('%s' => Settings::Get('ticket.concurrently_open')));
} else { } else {
$notmorethanxopentickets = ''; $notmorethanxopentickets = '';
} }
@@ -142,10 +142,10 @@ if($page == 'overview') {
$ticketsopen = (int)$opentickets['count']; $ticketsopen = (int)$opentickets['count'];
eval("echo \"" . getTemplate("tickets/tickets") . "\";"); eval("echo \"" . getTemplate("tickets/tickets") . "\";");
} elseif($action == 'new') { } elseif ($action == 'new') {
if($userinfo['tickets_used'] < $userinfo['tickets'] || $userinfo['tickets'] == '-1') { if ($userinfo['tickets_used'] < $userinfo['tickets'] || $userinfo['tickets'] == '-1') {
if(isset($_POST['send']) && $_POST['send'] == 'send') { if (isset($_POST['send']) && $_POST['send'] == 'send') {
$newticket = ticket::getInstanceOf($userinfo, $settings, -1); $newticket = ticket::getInstanceOf($userinfo, -1);
$newticket->Set('subject', validate($_POST['subject'], 'subject'), true, false); $newticket->Set('subject', validate($_POST['subject'], 'subject'), true, false);
$newticket->Set('priority', validate($_POST['priority'], 'priority'), true, false); $newticket->Set('priority', validate($_POST['priority'], 'priority'), true, false);
$newticket->Set('category', validate($_POST['category'], 'category'), true, false); $newticket->Set('category', validate($_POST['category'], 'category'), true, false);
@@ -153,9 +153,9 @@ if($page == 'overview') {
$newticket->Set('admin', (int)$userinfo['adminid'], true, false); $newticket->Set('admin', (int)$userinfo['adminid'], true, false);
$newticket->Set('message', validate(str_replace("\r\n", "\n", $_POST['message']), 'message', '/^[^\0]*$/'), true, false); $newticket->Set('message', validate(str_replace("\r\n", "\n", $_POST['message']), 'message', '/^[^\0]*$/'), true, false);
if($newticket->Get('subject') == null) { if ($newticket->Get('subject') == null) {
standard_error(array('stringisempty', 'mysubject')); standard_error(array('stringisempty', 'mysubject'));
} elseif($newticket->Get('message') == null) { } elseif ($newticket->Get('message') == null) {
standard_error(array('stringisempty', 'mymessage')); standard_error(array('stringisempty', 'mymessage'));
} else { } else {
$now = time(); $now = time();
@@ -196,16 +196,16 @@ if($page == 'overview') {
); );
Database::pexecute($result2_stmt, array("adminid" => $userinfo['adminid'])); Database::pexecute($result2_stmt, array("adminid" => $userinfo['adminid']));
while($row = $result2_stmt->fetch(PDO::FETCH_ASSOC)) { while ($row = $result2_stmt->fetch(PDO::FETCH_ASSOC)) {
$categories.= makeoption($row['name'], $row['id']); $categories.= makeoption($row['name'], $row['id']);
} }
} else { } else {
$categories = makeoption($lng['ticket']['no_cat'], '0'); $categories = makeoption($lng['ticket']['no_cat'], '0');
} }
$priorities = makeoption($lng['ticket']['high'], '1', $settings['ticket']['default_priority']); $priorities = makeoption($lng['ticket']['high'], '1');
$priorities.= makeoption($lng['ticket']['normal'], '2', $settings['ticket']['default_priority']); $priorities.= makeoption($lng['ticket']['normal'], '2');
$priorities.= makeoption($lng['ticket']['low'], '3', $settings['ticket']['default_priority']); $priorities.= makeoption($lng['ticket']['low'], '3');
$ticketsopen = 0; $ticketsopen = 0;
$opentickets_stmt = Database::prepare('SELECT COUNT(`id`) as `count` FROM `' . TABLE_PANEL_TICKETS . '` $opentickets_stmt = Database::prepare('SELECT COUNT(`id`) as `count` FROM `' . TABLE_PANEL_TICKETS . '`
WHERE `customerid` = :customerid WHERE `customerid` = :customerid
@@ -214,10 +214,8 @@ if($page == 'overview') {
); );
$opentickets = Database::pexecute_first($opentickets_stmt, array("customerid" => $userinfo['customerid'])); $opentickets = Database::pexecute_first($opentickets_stmt, array("customerid" => $userinfo['customerid']));
if ($settings['ticket']['concurrently_open'] != - 1 if (Settings::Get('ticket.concurrently_open') != -1 && Settings::Get('ticket.concurrently_open') != '') {
&& $settings['ticket']['concurrently_open'] != '' $notmorethanxopentickets = strtr($lng['ticket']['notmorethanxopentickets'], array('%s' => Settings::Get('ticket.concurrently_open')));
) {
$notmorethanxopentickets = strtr($lng['ticket']['notmorethanxopentickets'], array('%s' => $settings['ticket']['concurrently_open']));
} else { } else {
$notmorethanxopentickets = ''; $notmorethanxopentickets = '';
} }
@@ -235,14 +233,14 @@ if($page == 'overview') {
} else { } else {
standard_error('nomoreticketsavailable'); standard_error('nomoreticketsavailable');
} }
} elseif($action == 'answer' && $id != 0) { } elseif ($action == 'answer' && $id != 0) {
if(isset($_POST['send']) && $_POST['send'] == 'send') { if (isset($_POST['send']) && $_POST['send'] == 'send') {
$replyticket = ticket::getInstanceOf($userinfo, $settings, -1); $replyticket = ticket::getInstanceOf($userinfo, -1);
$replyticket->Set('subject', validate($_POST['subject'], 'subject'), true, false); $replyticket->Set('subject', validate($_POST['subject'], 'subject'), true, false);
$replyticket->Set('priority', validate($_POST['priority'], 'priority'), true, false); $replyticket->Set('priority', validate($_POST['priority'], 'priority'), true, false);
$replyticket->Set('message', validate(str_replace("\r\n", "\n", $_POST['message']), 'message', '/^[^\0]*$/'), true, false); $replyticket->Set('message', validate(str_replace("\r\n", "\n", $_POST['message']), 'message', '/^[^\0]*$/'), true, false);
if($replyticket->Get('message') == null) { if ($replyticket->Get('message') == null) {
standard_error(array('stringisempty', 'mymessage')); standard_error(array('stringisempty', 'mymessage'));
} else { } else {
$now = time(); $now = time();
@@ -255,9 +253,9 @@ if($page == 'overview') {
$replyticket->Insert(); $replyticket->Insert();
// Update priority if changed // Update priority if changed
$mainticket = ticket::getInstanceOf($userinfo, $settings, (int)$id); $mainticket = ticket::getInstanceOf($userinfo, (int)$id);
if($replyticket->Get('priority') != $mainticket->Get('priority')) { if ($replyticket->Get('priority') != $mainticket->Get('priority')) {
$mainticket->Set('priority', $replyticket->Get('priority'), true); $mainticket->Set('priority', $replyticket->Get('priority'), true);
} }
@@ -267,21 +265,21 @@ if($page == 'overview') {
$mainticket->Update(); $mainticket->Update();
$log->logAction(USR_ACTION, LOG_NOTICE, "answered support-ticket '" . $mainticket->Get('subject') . "'"); $log->logAction(USR_ACTION, LOG_NOTICE, "answered support-ticket '" . $mainticket->Get('subject') . "'");
$mainticket->sendMail(-1, 'new_reply_ticket_by_customer_subject', $lng['mails']['new_reply_ticket_by_customer']['subject'], 'new_reply_ticket_by_customer_mailbody', $lng['mails']['new_reply_ticket_by_customer']['mailbody']); $mainticket->sendMail(-1, 'new_reply_ticket_by_customer_subject', $lng['mails']['new_reply_ticket_by_customer']['subject'], 'new_reply_ticket_by_customer_mailbody', $lng['mails']['new_reply_ticket_by_customer']['mailbody']);
redirectTo($filename, Array('page' => $page, 's' => $s)); redirectTo($filename, array('page' => $page, 's' => $s));
} }
} else { } else {
$ticket_replies = ''; $ticket_replies = '';
$mainticket = ticket::getInstanceOf($userinfo, $settings, (int)$id); $mainticket = ticket::getInstanceOf($userinfo, (int)$id);
$dt = date("d.m.Y H:i\h", $mainticket->Get('dt')); $dt = date("d.m.Y H:i\h", $mainticket->Get('dt'));
$status = ticket::getStatusText($lng, $mainticket->Get('status')); $status = ticket::getStatusText($lng, $mainticket->Get('status'));
if($mainticket->Get('status') >= 0 && $mainticket->Get('status') <= 2) { if ($mainticket->Get('status') >= 0 && $mainticket->Get('status') <= 2) {
$isclosed = 0; $isclosed = 0;
} else { } else {
$isclosed = 1; $isclosed = 1;
} }
if($mainticket->Get('by') == '1') { if ($mainticket->Get('by') == '1') {
$by = $lng['ticket']['staff']; $by = $lng['ticket']['staff'];
} else { } else {
$cid = $mainticket->Get('customer'); $cid = $mainticket->Get('customer');
@@ -308,11 +306,11 @@ if($page == 'overview') {
Database::pexecute($andere_stmt, array("answerto" => $id)); Database::pexecute($andere_stmt, array("answerto" => $id));
$numrows_andere = Database::num_rows(); $numrows_andere = Database::num_rows();
while($row2 = $andere_stmt->fetch(PDO::FETCH_ASSOC)) { while ($row2 = $andere_stmt->fetch(PDO::FETCH_ASSOC)) {
$subticket = ticket::getInstanceOf($userinfo, $settings, (int)$row2['id']); $subticket = ticket::getInstanceOf($userinfo, (int)$row2['id']);
$lastchange = date("d.m.Y H:i\h", $subticket->Get('lastchange')); $lastchange = date("d.m.Y H:i\h", $subticket->Get('lastchange'));
if($subticket->Get('by') == '1') { if ($subticket->Get('by') == '1') {
$by = $lng['ticket']['staff']; $by = $lng['ticket']['staff'];
} else { } else {
$by = getCorrectFullUserDetails($usr); $by = getCorrectFullUserDetails($usr);
@@ -338,21 +336,21 @@ if($page == 'overview') {
eval("echo \"" . getTemplate("tickets/tickets_reply") . "\";"); eval("echo \"" . getTemplate("tickets/tickets_reply") . "\";");
} }
} elseif($action == 'close' && $id != 0) { } elseif ($action == 'close' && $id != 0) {
if(isset($_POST['send']) && $_POST['send'] == 'send') { if (isset($_POST['send']) && $_POST['send'] == 'send') {
$now = time(); $now = time();
$mainticket = ticket::getInstanceOf($userinfo, $settings, (int)$id); $mainticket = ticket::getInstanceOf($userinfo, (int)$id);
$mainticket->Set('lastchange', $now, true, true); $mainticket->Set('lastchange', $now, true, true);
$mainticket->Set('lastreplier', '0', true, true); $mainticket->Set('lastreplier', '0', true, true);
$mainticket->Set('status', '3', true, true); $mainticket->Set('status', '3', true, true);
$mainticket->Update(); $mainticket->Update();
$log->logAction(USR_ACTION, LOG_NOTICE, "closed support-ticket '" . $mainticket->Get('subject') . "'"); $log->logAction(USR_ACTION, LOG_NOTICE, "closed support-ticket '" . $mainticket->Get('subject') . "'");
redirectTo($filename, Array('page' => $page, 's' => $s)); redirectTo($filename, array('page' => $page, 's' => $s));
} else { } else {
$mainticket = ticket::getInstanceOf($userinfo, $settings, (int)$id); $mainticket = ticket::getInstanceOf($userinfo, (int)$id);
ask_yesno('ticket_reallyclose', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $mainticket->Get('subject')); ask_yesno('ticket_reallyclose', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $mainticket->Get('subject'));
} }
} elseif($action == 'reopen' && $id != 0) { } elseif ($action == 'reopen' && $id != 0) {
$ticketsopen = 0; $ticketsopen = 0;
$opentickets_stmt = Database::prepare('SELECT COUNT(`id`) as `count` FROM `' . TABLE_PANEL_TICKETS . '` $opentickets_stmt = Database::prepare('SELECT COUNT(`id`) as `count` FROM `' . TABLE_PANEL_TICKETS . '`
WHERE `customerid` = :customerid WHERE `customerid` = :customerid
@@ -362,12 +360,12 @@ if($page == 'overview') {
$opentickets = Database::pexecute_first($opentickets_stmt, array("customerid" => $userinfo['customerid'])); $opentickets = Database::pexecute_first($opentickets_stmt, array("customerid" => $userinfo['customerid']));
$ticketsopen = (int)$opentickets['count']; $ticketsopen = (int)$opentickets['count'];
if($ticketsopen > $settings['ticket']['concurrently_open'] && $settings['ticket']['concurrently_open'] != - 1 && $settings['ticket']['concurrently_open'] != '') { if ($ticketsopen > Settings::Get('ticket.concurrently_open') && Settings::Get('ticket.concurrently_open') != - 1 && Settings::Get('ticket.concurrently_open') != '') {
standard_error('notmorethanxopentickets', $settings['ticket']['concurrently_open']); standard_error('notmorethanxopentickets', Settings::Get('ticket.concurrently_open'));
} }
$now = time(); $now = time();
$mainticket = ticket::getInstanceOf($userinfo, $settings, (int)$id); $mainticket = ticket::getInstanceOf($userinfo, (int)$id);
$mainticket->Set('lastchange', $now, true, true); $mainticket->Set('lastchange', $now, true, true);
$mainticket->Set('lastreplier', '0', true, true); $mainticket->Set('lastreplier', '0', true, true);
$mainticket->Set('status', '0', true, true); $mainticket->Set('status', '0', true, true);

70
customer_traffic.php
View File

@@ -79,30 +79,30 @@ if (!is_null($month) && !is_null($year)) {
$traf['day'] = $row['day'] . '.'; $traf['day'] = $row['day'] . '.';
if (extension_loaded('bcmath')) { if (extension_loaded('bcmath')) {
$traf['ftptext'] = bcdiv($row['ftp_up'], 1024, $settings['panel']['decimal_places']) . " MiB up/ " . bcdiv($row['ftp_down'], 1024, $settings['panel']['decimal_places']) . " MiB down (FTP)"; $traf['ftptext'] = bcdiv($row['ftp_up'], 1024, Settings::Get('panel.decimal_places')) . " MiB up/ " . bcdiv($row['ftp_down'], 1024, Settings::Get('panel.decimal_places')) . " MiB down (FTP)";
$traf['httptext'] = bcdiv($http, 1024, $settings['panel']['decimal_places']) . " MiB (HTTP)"; $traf['httptext'] = bcdiv($http, 1024, Settings::Get('panel.decimal_places')) . " MiB (HTTP)";
$traf['mailtext'] = bcdiv($mail, 1024, $settings['panel']['decimal_places']) . " MiB (Mail)"; $traf['mailtext'] = bcdiv($mail, 1024, Settings::Get('panel.decimal_places')) . " MiB (Mail)";
$traf['ftp'] = bcdiv($ftp, 1024, $settings['panel']['decimal_places']); $traf['ftp'] = bcdiv($ftp, 1024, Settings::Get('panel.decimal_places'));
$traf['http'] = bcdiv($http, 1024, $settings['panel']['decimal_places']); $traf['http'] = bcdiv($http, 1024, Settings::Get('panel.decimal_places'));
$traf['mail'] = bcdiv($mail, 1024, $settings['panel']['decimal_places']); $traf['mail'] = bcdiv($mail, 1024, Settings::Get('panel.decimal_places'));
$traf['byte'] = bcdiv($traf['byte'], 1024, $settings['panel']['decimal_places']); $traf['byte'] = bcdiv($traf['byte'], 1024, Settings::Get('panel.decimal_places'));
} else { } else {
$traf['ftptext'] = round($row['ftp_up'] / 1024, $settings['panel']['decimal_places']) . " MiB up/ " . round($row['ftp_down'] / 1024, $settings['panel']['decimal_places']) . " MiB down (FTP)"; $traf['ftptext'] = round($row['ftp_up'] / 1024, Settings::Get('panel.decimal_places')) . " MiB up/ " . round($row['ftp_down'] / 1024, Settings::Get('panel.decimal_places')) . " MiB down (FTP)";
$traf['httptext'] = round($http / 1024, $settings['panel']['decimal_places']) . " MiB (HTTP)"; $traf['httptext'] = round($http / 1024, Settings::Get('panel.decimal_places')) . " MiB (HTTP)";
$traf['mailtext'] = round($mail / 1024, $settings['panel']['decimal_places']) . " MiB (Mail)"; $traf['mailtext'] = round($mail / 1024, Settings::Get('panel.decimal_places')) . " MiB (Mail)";
$traf['http'] = round($http, $settings['panel']['decimal_places']); $traf['http'] = round($http, Settings::Get('panel.decimal_places'));
$traf['ftp'] = round($ftp, $settings['panel']['decimal_places']); $traf['ftp'] = round($ftp, Settings::Get('panel.decimal_places'));
$traf['mail'] = round($mail, $settings['panel']['decimal_places']); $traf['mail'] = round($mail, Settings::Get('panel.decimal_places'));
$traf['byte'] = round($traf['byte'] / 1024, $settings['panel']['decimal_places']); $traf['byte'] = round($traf['byte'] / 1024, Settings::Get('panel.decimal_places'));
} }
eval("\$traffic.=\"" . getTemplate('traffic/traffic_month') . "\";"); eval("\$traffic.=\"" . getTemplate('traffic/traffic_month') . "\";");
$show = $lng['traffic']['months'][intval($row['month'])] . ' ' . $row['year']; $show = $lng['traffic']['months'][intval($row['month'])] . ' ' . $row['year'];
} }
$traffic_complete['http'] = size_readable($traffic_complete['http'] * 1024, 'GiB', 'bi', '%01.'.(int)$settings['panel']['decimal_places'].'f %s'); $traffic_complete['http'] = size_readable($traffic_complete['http'] * 1024, 'GiB', 'bi', '%01.'.(int)Settings::Get('panel.decimal_places').'f %s');
$traffic_complete['ftp'] = size_readable($traffic_complete['ftp'] * 1024, 'GiB', 'bi', '%01.'.(int)$settings['panel']['decimal_places'].'f %s'); $traffic_complete['ftp'] = size_readable($traffic_complete['ftp'] * 1024, 'GiB', 'bi', '%01.'.(int)Settings::Get('panel.decimal_places').'f %s');
$traffic_complete['mail'] = size_readable($traffic_complete['mail'] * 1024, 'GiB', 'bi', '%01.'.(int)$settings['panel']['decimal_places'].'f %s'); $traffic_complete['mail'] = size_readable($traffic_complete['mail'] * 1024, 'GiB', 'bi', '%01.'.(int)Settings::Get('panel.decimal_places').'f %s');
eval("echo \"" . getTemplate('traffic/traffic_details') . "\";"); eval("echo \"" . getTemplate('traffic/traffic_details') . "\";");
} else { } else {
@@ -132,29 +132,29 @@ if (!is_null($month) && !is_null($year)) {
$traf['byte'] = $http + $ftp_up + $ftp_down + $mail; $traf['byte'] = $http + $ftp_up + $ftp_down + $mail;
if (extension_loaded('bcmath')) { if (extension_loaded('bcmath')) {
$traf['ftptext'] = bcdiv($ftp_up, 1024, $settings['panel']['decimal_places']) . " MiB up/ " . bcdiv($ftp_down, 1024, $settings['panel']['decimal_places']) . " MiB down (FTP)"; $traf['ftptext'] = bcdiv($ftp_up, 1024, Settings::Get('panel.decimal_places')) . " MiB up/ " . bcdiv($ftp_down, 1024, Settings::Get('panel.decimal_places')) . " MiB down (FTP)";
$traf['httptext'] = bcdiv($http, 1024, $settings['panel']['decimal_places']) . " MiB (HTTP)"; $traf['httptext'] = bcdiv($http, 1024, Settings::Get('panel.decimal_places')) . " MiB (HTTP)";
$traf['mailtext'] = bcdiv($mail, 1024, $settings['panel']['decimal_places']) . " MiB (Mail)"; $traf['mailtext'] = bcdiv($mail, 1024, Settings::Get('panel.decimal_places')) . " MiB (Mail)";
$traf['ftp'] = bcdiv(($ftp_up + $ftp_down), 1024, $settings['panel']['decimal_places']); $traf['ftp'] = bcdiv(($ftp_up + $ftp_down), 1024, Settings::Get('panel.decimal_places'));
$traf['http'] = bcdiv($http, 1024, $settings['panel']['decimal_places']); $traf['http'] = bcdiv($http, 1024, Settings::Get('panel.decimal_places'));
$traf['mail'] = bcdiv($mail, 1024, $settings['panel']['decimal_places']); $traf['mail'] = bcdiv($mail, 1024, Settings::Get('panel.decimal_places'));
$traf['byte'] = bcdiv($traf['byte'], 1024 * 1024, $settings['panel']['decimal_places']); $traf['byte'] = bcdiv($traf['byte'], 1024 * 1024, Settings::Get('panel.decimal_places'));
} else { } else {
$traf['ftptext'] = round($ftp_up / 1024, $settings['panel']['decimal_places']) . " MiB up/ " . round($ftp_down / 1024, $settings['panel']['decimal_places']) . " MiB down (FTP)"; $traf['ftptext'] = round($ftp_up / 1024, Settings::Get('panel.decimal_places')) . " MiB up/ " . round($ftp_down / 1024, Settings::Get('panel.decimal_places')) . " MiB down (FTP)";
$traf['httptext'] = round($http / 1024, $settings['panel']['decimal_places']) . " MiB (HTTP)"; $traf['httptext'] = round($http / 1024, Settings::Get('panel.decimal_places')) . " MiB (HTTP)";
$traf['mailtext'] = round($mail / 1024, $settings['panel']['decimal_places']) . " MiB (Mail)"; $traf['mailtext'] = round($mail / 1024, Settings::Get('panel.decimal_places')) . " MiB (Mail)";
$traf['ftp'] = round(($ftp_up + $ftp_down) / 1024, $settings['panel']['decimal_places']); $traf['ftp'] = round(($ftp_up + $ftp_down) / 1024, Settings::Get('panel.decimal_places'));
$traf['http'] = round($http / 1024, $settings['panel']['decimal_places']); $traf['http'] = round($http / 1024, Settings::Get('panel.decimal_places'));
$traf['mail'] = round($mail / 1024, $settings['panel']['decimal_places']); $traf['mail'] = round($mail / 1024, Settings::Get('panel.decimal_places'));
$traf['byte'] = round($traf['byte'] / (1024 * 1024), $settings['panel']['decimal_places']); $traf['byte'] = round($traf['byte'] / (1024 * 1024), Settings::Get('panel.decimal_places'));
} }
eval("\$traffic.=\"" . getTemplate('traffic/traffic_traffic') . "\";"); eval("\$traffic.=\"" . getTemplate('traffic/traffic_traffic') . "\";");
} }
$traffic_complete['http'] = size_readable($traffic_complete['http'] * 1024, 'GiB', 'bi', '%01.'.(int)$settings['panel']['decimal_places'].'f %s'); $traffic_complete['http'] = size_readable($traffic_complete['http'] * 1024, 'GiB', 'bi', '%01.'.(int)Settings::Get('panel.decimal_places').'f %s');
$traffic_complete['ftp'] = size_readable($traffic_complete['ftp'] * 1024, 'GiB', 'bi', '%01.'.(int)$settings['panel']['decimal_places'].'f %s'); $traffic_complete['ftp'] = size_readable($traffic_complete['ftp'] * 1024, 'GiB', 'bi', '%01.'.(int)Settings::Get('panel.decimal_places').'f %s');
$traffic_complete['mail'] = size_readable($traffic_complete['mail'] * 1024, 'GiB', 'bi', '%01.'.(int)$settings['panel']['decimal_places'].'f %s'); $traffic_complete['mail'] = size_readable($traffic_complete['mail'] * 1024, 'GiB', 'bi', '%01.'.(int)Settings::Get('panel.decimal_places').'f %s');
eval("echo \"" . getTemplate('traffic/traffic') . "\";"); eval("echo \"" . getTemplate('traffic/traffic') . "\";");
} }

138
index.php
View File

@@ -42,8 +42,8 @@ if ($action == 'login') {
$is_admin = false; $is_admin = false;
} else { } else {
$is_admin = true; $is_admin = true;
if ((int)$settings['login']['domain_login'] == 1) { if ((int)Settings::Get('login.domain_login') == 1) {
$domainname = $idna_convert->encode(preg_replace(Array('/\:(\d)+$/', '/^https?\:\/\//'), '', $loginname)); $domainname = $idna_convert->encode(preg_replace(array('/\:(\d)+$/', '/^https?\:\/\//'), '', $loginname));
$stmt = Database::prepare("SELECT `customerid` FROM `" . TABLE_PANEL_DOMAINS . "` $stmt = Database::prepare("SELECT `customerid` FROM `" . TABLE_PANEL_DOMAINS . "`
WHERE `domain` = :domain" WHERE `domain` = :domain"
); );
@@ -101,10 +101,10 @@ if ($action == 'login') {
$adminsession = '1'; $adminsession = '1';
} else { } else {
// Log failed login // Log failed login
$rstlog = FroxlorLogger::getInstanceOf(array('loginname' => $_SERVER['REMOTE_ADDR']), $settings); $rstlog = FroxlorLogger::getInstanceOf(array('loginname' => $_SERVER['REMOTE_ADDR']));
$rstlog->logAction(LOGIN_ACTION, LOG_WARNING, "Unknown user '" . $loginname . "' tried to login."); $rstlog->logAction(LOGIN_ACTION, LOG_WARNING, "Unknown user '" . $loginname . "' tried to login.");
redirectTo('index.php', Array('showmessage' => '2'), true); redirectTo('index.php', array('showmessage' => '2'), true);
exit; exit;
} }
} }
@@ -115,10 +115,10 @@ if ($action == 'login') {
Database::pexecute($userinfo_stmt, array("loginname" => $loginname)); Database::pexecute($userinfo_stmt, array("loginname" => $loginname));
$userinfo = $userinfo_stmt->fetch(PDO::FETCH_ASSOC); $userinfo = $userinfo_stmt->fetch(PDO::FETCH_ASSOC);
if ($userinfo['loginfail_count'] >= $settings['login']['maxloginattempts'] && $userinfo['lastlogin_fail'] > (time() - $settings['login']['deactivatetime'])) { if ($userinfo['loginfail_count'] >= Settings::Get('login.maxloginattempts') && $userinfo['lastlogin_fail'] > (time() - Settings::Get('login.deactivatetime'))) {
redirectTo('index.php', Array('showmessage' => '3'), true); redirectTo('index.php', array('showmessage' => '3'), true);
exit; exit;
} elseif($userinfo['password'] == md5($password)) { } elseif ($userinfo['password'] == md5($password)) {
// login correct // login correct
// reset loginfail_counter, set lastlogin_succ // reset loginfail_counter, set lastlogin_succ
$stmt = Database::prepare("UPDATE $table $stmt = Database::prepare("UPDATE $table
@@ -137,11 +137,11 @@ if ($action == 'login') {
Database::pexecute($stmt, array("lastlogin_fail" => time(), "uid" => $userinfo[$uid])); Database::pexecute($stmt, array("lastlogin_fail" => time(), "uid" => $userinfo[$uid]));
// Log failed login // Log failed login
$rstlog = FroxlorLogger::getInstanceOf(array('loginname' => $_SERVER['REMOTE_ADDR']), $settings); $rstlog = FroxlorLogger::getInstanceOf(array('loginname' => $_SERVER['REMOTE_ADDR']));
$rstlog->logAction(LOGIN_ACTION, LOG_WARNING, "User '" . $loginname . "' tried to login with wrong password."); $rstlog->logAction(LOGIN_ACTION, LOG_WARNING, "User '" . $loginname . "' tried to login with wrong password.");
unset($userinfo); unset($userinfo);
redirectTo('index.php', Array('showmessage' => '2'), true); redirectTo('index.php', array('showmessage' => '2'), true);
exit; exit;
} }
@@ -152,20 +152,20 @@ if ($action == 'login') {
$language = validate($_POST['language'], 'language'); $language = validate($_POST['language'], 'language');
if ($language == 'profile') { if ($language == 'profile') {
$language = $userinfo['def_language']; $language = $userinfo['def_language'];
} elseif(!isset($languages[$language])) { } elseif (!isset($languages[$language])) {
$language = $settings['panel']['standardlanguage']; $language = Settings::Get('panel.standardlanguage');
} }
} else { } else {
$language = $settings['panel']['standardlanguage']; $language = Settings::Get('panel.standardlanguage');
} }
if (isset($userinfo['theme']) && $userinfo['theme'] != '') { if (isset($userinfo['theme']) && $userinfo['theme'] != '') {
$theme = $userinfo['theme']; $theme = $userinfo['theme'];
} else { } else {
$theme = $settings['panel']['default_theme']; $theme = Settings::Get('panel.default_theme');
} }
if ($settings['session']['allow_multiple_login'] != '1') { if (Settings::Get('session.allow_multiple_login') != '1') {
$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_SESSIONS . "` $stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_SESSIONS . "`
WHERE `userid` = :uid WHERE `userid` = :uid
AND `adminsession` = :adminsession" AND `adminsession` = :adminsession"
@@ -199,25 +199,25 @@ if ($action == 'login') {
(`hash`, `userid`, `ipaddress`, `useragent`, `lastactivity`, `language`, `adminsession`, `theme`) (`hash`, `userid`, `ipaddress`, `useragent`, `lastactivity`, `language`, `adminsession`, `theme`)
VALUES (:hash, :userid, :ipaddress, :useragent, :lastactivity, :language, :adminsession, :theme)" VALUES (:hash, :userid, :ipaddress, :useragent, :lastactivity, :language, :adminsession, :theme)"
); );
} else { } else {
$stmt = Database::prepare("INSERT INTO `" . TABLE_PANEL_SESSIONS . "` $stmt = Database::prepare("INSERT INTO `" . TABLE_PANEL_SESSIONS . "`
(`hash`, `userid`, `ipaddress`, `useragent`, `lastactivity`, `language`, `adminsession`) (`hash`, `userid`, `ipaddress`, `useragent`, `lastactivity`, `language`, `adminsession`)
VALUES (:hash, :userid, :ipaddress, :useragent, :lastactivity, :language, :adminsession)" VALUES (:hash, :userid, :ipaddress, :useragent, :lastactivity, :language, :adminsession)"
); );
} }
Database::pexecute($stmt, $params); Database::pexecute($stmt, $params);
if ($userinfo['adminsession'] == '1') { if ($userinfo['adminsession'] == '1') {
if (hasUpdates($version)) { if (hasUpdates($version)) {
redirectTo('admin_updates.php', Array('s' => $s), true); redirectTo('admin_updates.php', array('s' => $s), true);
} else { } else {
redirectTo('admin_index.php', Array('s' => $s), true); redirectTo('admin_index.php', array('s' => $s), true);
} }
} else { } else {
redirectTo('customer_index.php', Array('s' => $s), true); redirectTo('customer_index.php', array('s' => $s), true);
} }
} else { } else {
redirectTo('index.php', Array('showmessage' => '2'), true); redirectTo('index.php', array('showmessage' => '2'), true);
} }
exit; exit;
} else { } else {
@@ -233,28 +233,28 @@ if ($action == 'login') {
$successmessage = ''; $successmessage = '';
switch ($smessage) { switch ($smessage) {
case 1: case 1:
$successmessage = $lng['pwdreminder']['success']; $successmessage = $lng['pwdreminder']['success'];
break; break;
case 2: case 2:
$message = $lng['error']['login']; $message = $lng['error']['login'];
break; break;
case 3: case 3:
$message = sprintf($lng['error']['login_blocked'],$settings['login']['deactivatetime']); $message = sprintf($lng['error']['login_blocked'], Settings::Get('login.deactivatetime'));
break; break;
case 4: case 4:
$cmail = isset($_GET['customermail']) ? $_GET['customermail'] : 'unknown'; $cmail = isset($_GET['customermail']) ? $_GET['customermail'] : 'unknown';
$message = str_replace('%s', $cmail, $lng['error']['errorsendingmail']); $message = str_replace('%s', $cmail, $lng['error']['errorsendingmail']);
break; break;
case 5: case 5:
$message = $lng['error']['user_banned']; $message = $lng['error']['user_banned'];
break; break;
case 6: case 6:
$successmessage = $lng['pwdreminder']['changed']; $successmessage = $lng['pwdreminder']['changed'];
break; break;
case 7: case 7:
$message = $lng['pwdreminder']['wrongcode']; $message = $lng['pwdreminder']['wrongcode'];
break; break;
} }
$update_in_progress = ''; $update_in_progress = '';
@@ -299,17 +299,17 @@ if ($action == 'forgotpwd') {
/* Check whether user is banned */ /* Check whether user is banned */
if ($user['deactivated']) { if ($user['deactivated']) {
$message = $lng['pwdreminder']['notallowed']; $message = $lng['pwdreminder']['notallowed'];
redirectTo('index.php', Array('showmessage' => '5'), true); redirectTo('index.php', array('showmessage' => '5'), true);
} }
if (($adminchecked && $settings['panel']['allow_preset_admin'] == '1') || $adminchecked == false) { if (($adminchecked && Settings::Get('panel.allow_preset_admin') == '1') || $adminchecked == false) {
if ($user !== false) { if ($user !== false) {
// build a activation code // build a activation code
$timestamp = time(); $timestamp = time();
$first = substr(md5($user['loginname'] . $timestamp . rand(0, $timestamp)), 0, 15); $first = substr(md5($user['loginname'] . $timestamp . rand(0, $timestamp)), 0, 15);
$third = substr(md5($user['email'] . $timestamp . rand(0, $timestamp)), -15); $third = substr(md5($user['email'] . $timestamp . rand(0, $timestamp)), -15);
$activationcode = $first . $timestamp . $third . substr(md5($third . $timestamp), 0, 10); $activationcode = $first . $timestamp . $third . substr(md5($third . $timestamp), 0, 10);
// Drop all existing activation codes for this user // Drop all existing activation codes for this user
$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_ACTIVATION . "` $stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_ACTIVATION . "`
WHERE `userid` = :userid WHERE `userid` = :userid
@@ -320,7 +320,7 @@ if ($action == 'forgotpwd') {
"admin" => $adminchecked ? 1 : 0 "admin" => $adminchecked ? 1 : 0
); );
Database::pexecute($stmt, $params); Database::pexecute($stmt, $params);
// Add new activation code to database // Add new activation code to database
$stmt = Database::prepare("INSERT INTO `" . TABLE_PANEL_ACTIVATION . "` $stmt = Database::prepare("INSERT INTO `" . TABLE_PANEL_ACTIVATION . "`
(userid, admin, creation, activationcode) (userid, admin, creation, activationcode)
@@ -334,16 +334,16 @@ if ($action == 'forgotpwd') {
); );
Database::pexecute($stmt, $params); Database::pexecute($stmt, $params);
$rstlog = FroxlorLogger::getInstanceOf(array('loginname' => 'password_reset'), $settings); $rstlog = FroxlorLogger::getInstanceOf(array('loginname' => 'password_reset'));
$rstlog->logAction(USR_ACTION, LOG_WARNING, "User '" . $user['loginname'] . "' requested a link for setting a new password."); $rstlog->logAction(USR_ACTION, LOG_WARNING, "User '" . $user['loginname'] . "' requested a link for setting a new password.");
// Set together our activation link // Set together our activation link
$protocol = strpos(strtolower($_SERVER['SERVER_PROTOCOL']),'https') === FALSE ? 'http' : 'https'; $protocol = strpos(strtolower($_SERVER['SERVER_PROTOCOL']),'https') === FALSE ? 'http' : 'https';
$host = $_SERVER['HTTP_HOST']; $host = $_SERVER['HTTP_HOST'];
$port = $_SERVER['SERVER_PORT'] != 80 ? ':' . $_SERVER['SERVER_PORT'] : ''; $port = $_SERVER['SERVER_PORT'] != 80 ? ':' . $_SERVER['SERVER_PORT'] : '';
$script = $_SERVER['SCRIPT_NAME']; $script = $_SERVER['SCRIPT_NAME'];
$activationlink = $protocol . '://' . $host . $port . $script . '?action=resetpwd&resetcode=' . $activationcode; $activationlink = $protocol . '://' . $host . $port . $script . '?action=resetpwd&resetcode=' . $activationcode;
$replace_arr = array( $replace_arr = array(
'SALUTATION' => getCorrectUserSalutation($user), 'SALUTATION' => getCorrectUserSalutation($user),
'USERNAME' => $user['loginname'], 'USERNAME' => $user['loginname'],
@@ -352,7 +352,7 @@ if ($action == 'forgotpwd') {
$body = strtr($lng['pwdreminder']['body'], array('%s' => $user['firstname'] . ' ' . $user['name'], '%a' => $activationlink)); $body = strtr($lng['pwdreminder']['body'], array('%s' => $user['firstname'] . ' ' . $user['name'], '%a' => $activationlink));
$def_language = ($user['def_language'] != '') ? $user['def_language'] : $settings['panel']['standardlanguage']; $def_language = ($user['def_language'] != '') ? $user['def_language'] : Settings::Get('panel.standardlanguage');
$result_stmt = Database::prepare('SELECT `value` FROM `' . TABLE_PANEL_TEMPLATES . '` $result_stmt = Database::prepare('SELECT `value` FROM `' . TABLE_PANEL_TEMPLATES . '`
WHERE `adminid`= :adminid WHERE `adminid`= :adminid
AND `language`= :lang AND `language`= :lang
@@ -389,7 +389,7 @@ if ($action == 'forgotpwd') {
} }
if ($_mailerror) { if ($_mailerror) {
$rstlog = FroxlorLogger::getInstanceOf(array('loginname' => 'password_reset'), $settings); $rstlog = FroxlorLogger::getInstanceOf(array('loginname' => 'password_reset'));
$rstlog->logAction(ADM_ACTION, LOG_ERR, "Error sending mail: " . $mailerr_msg); $rstlog->logAction(ADM_ACTION, LOG_ERR, "Error sending mail: " . $mailerr_msg);
redirectTo('index.php', array('showmessage' => '4', 'customermail' => $user['email']), true); redirectTo('index.php', array('showmessage' => '4', 'customermail' => $user['email']), true);
exit; exit;
@@ -399,7 +399,7 @@ if ($action == 'forgotpwd') {
redirectTo('index.php', array('showmessage' => '1'), true); redirectTo('index.php', array('showmessage' => '1'), true);
exit; exit;
} else { } else {
$rstlog = FroxlorLogger::getInstanceOf(array('loginname' => 'password_reset'), $settings); $rstlog = FroxlorLogger::getInstanceOf(array('loginname' => 'password_reset'));
$rstlog->logAction(USR_ACTION, LOG_WARNING, "User '" . $loginname . "' requested to set a new password, but was not found in database!"); $rstlog->logAction(USR_ACTION, LOG_WARNING, "User '" . $loginname . "' requested to set a new password, but was not found in database!");
$message = $lng['login']['combination_not_found']; $message = $lng['login']['combination_not_found'];
} }
@@ -412,12 +412,12 @@ if ($action == 'forgotpwd') {
} }
if ($adminchecked) { if ($adminchecked) {
if ($settings['panel']['allow_preset_admin'] != '1') { if (Settings::Get('panel.allow_preset_admin') != '1') {
$message = $lng['pwdreminder']['notallowed']; $message = $lng['pwdreminder']['notallowed'];
unset ($adminchecked); unset ($adminchecked);
} }
} else { } else {
if ($settings['panel']['allow_preset'] != '1') { if (Settings::Get('panel.allow_preset') != '1') {
$message = $lng['pwdreminder']['notallowed']; $message = $lng['pwdreminder']['notallowed'];
} }
} }
@@ -427,27 +427,27 @@ if ($action == 'forgotpwd') {
if ($action == 'resetpwd') { if ($action == 'resetpwd') {
$message = ''; $message = '';
// Remove old activation codes // Remove old activation codes
$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_ACTIVATION . "` $stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_ACTIVATION . "`
WHERE creation < :oldest" WHERE creation < :oldest"
); );
Database::pexecute($stmt, array("oldest" => time() - 86400)); Database::pexecute($stmt, array("oldest" => time() - 86400));
if (isset($_GET['resetcode']) && strlen($_GET['resetcode']) == 50) { if (isset($_GET['resetcode']) && strlen($_GET['resetcode']) == 50) {
// Check if activation code is valid // Check if activation code is valid
$activationcode = $_GET['resetcode']; $activationcode = $_GET['resetcode'];
$timestamp = substr($activationcode, 15, 10); $timestamp = substr($activationcode, 15, 10);
$third = substr($activationcode, 25, 15); $third = substr($activationcode, 25, 15);
$check = substr($activationcode, 40, 10); $check = substr($activationcode, 40, 10);
if (substr(md5($third . $timestamp), 0, 10) == $check && $timestamp >= time() - 86400) { if (substr(md5($third . $timestamp), 0, 10) == $check && $timestamp >= time() - 86400) {
if (isset($_POST['send']) && $_POST['send'] == 'send') { if (isset($_POST['send']) && $_POST['send'] == 'send') {
$stmt = Database::prepare("SELECT `userid`, `admin` FROM `" . TABLE_PANEL_ACTIVATION . "` $stmt = Database::prepare("SELECT `userid`, `admin` FROM `" . TABLE_PANEL_ACTIVATION . "`
WHERE `activationcode` = :activationcode" WHERE `activationcode` = :activationcode"
); );
$result = Database::pexecute_first($stmt, array("activationcode" => $activationcode)); $result = Database::pexecute_first($stmt, array("activationcode" => $activationcode));
if ($result !== false) { if ($result !== false) {
if ($result['admin'] == 1) { if ($result['admin'] == 1) {
$new_password = validate($_POST['new_password'], 'new password'); $new_password = validate($_POST['new_password'], 'new password');
@@ -456,12 +456,12 @@ if ($action == 'resetpwd') {
$new_password = validatePassword($_POST['new_password'], 'new password'); $new_password = validatePassword($_POST['new_password'], 'new password');
$new_password_confirm = validatePassword($_POST['new_password_confirm'], 'new password confirm'); $new_password_confirm = validatePassword($_POST['new_password_confirm'], 'new password confirm');
} }
if ($new_password == '') { if ($new_password == '') {
$message = $new_password; $message = $new_password;
} elseif($new_password_confirm == '') { } elseif ($new_password_confirm == '') {
$message = $new_password_confirm; $message = $new_password_confirm;
} elseif($new_password != $new_password_confirm) { } elseif ($new_password != $new_password_confirm) {
$message = $new_password . " != " . $new_password_confirm; $message = $new_password . " != " . $new_password_confirm;
} else { } else {
// Update user password // Update user password
@@ -477,10 +477,10 @@ if ($action == 'resetpwd') {
); );
} }
Database::pexecute($stmt, array("newpassword" => md5($new_password), "userid" => $result['userid'])); Database::pexecute($stmt, array("newpassword" => md5($new_password), "userid" => $result['userid']));
$rstlog = FroxlorLogger::getInstanceOf(array('loginname' => 'password_reset'), $settings); $rstlog = FroxlorLogger::getInstanceOf(array('loginname' => 'password_reset'));
$rstlog->logAction(USR_ACTION, LOG_NOTICE, "changed password using password reset."); $rstlog->logAction(USR_ACTION, LOG_NOTICE, "changed password using password reset.");
// Remove activation code from DB // Remove activation code from DB
$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_ACTIVATION . "` $stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_ACTIVATION . "`
WHERE `activationcode` = :activationcode WHERE `activationcode` = :activationcode
@@ -493,13 +493,13 @@ if ($action == 'resetpwd') {
redirectTo('index.php', array("showmessage" => '7'), true); redirectTo('index.php', array("showmessage" => '7'), true);
} }
} }
eval("echo \"" . getTemplate('rpwd') . "\";"); eval("echo \"" . getTemplate('rpwd') . "\";");
} else { } else {
redirectTo('index.php', array("showmessage" => '7'), true); redirectTo('index.php', array("showmessage" => '7'), true);
} }
} else { } else {
redirectTo('index.php'); redirectTo('index.php');
} }