Compare commits
12 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
2f5cca71fb | ||
|
|
85e0690a1b | ||
|
34415c50f8 | ||
|
|
47f0c52c18 | ||
|
|
9853220549 | ||
|
|
71cdab5d9e | ||
|
|
b049d07374 | ||
|
|
1c979d5a21 | ||
|
|
a038a5a92f | ||
|
|
f36dbc1938 | ||
|
|
f711b03b4f | ||
|
|
49b82201c7 |
@@ -45,7 +45,7 @@ return array(
|
||||
'type' => 'option',
|
||||
'default' => 0,
|
||||
'option_mode' => 'one',
|
||||
'option_options' => array(0 => $lng['serversettings']['systemdefault'], 1 => 'MD5', 2 => 'BLOWFISH', 3 => 'SHA-256', 4 => 'SHA-512'),
|
||||
'option_options_method' => 'getAvailablePasswordHashes',
|
||||
'save_method' => 'storeSettingField',
|
||||
),
|
||||
'system_allow_error_report_admin' => array(
|
||||
|
||||
@@ -202,7 +202,10 @@ if ($page == 'admins'
|
||||
$email = $idna_convert->encode(validate($_POST['email'], 'email'));
|
||||
|
||||
$custom_notes = validate(str_replace("\r\n", "\n", $_POST['custom_notes']), 'custom_notes', '/^[^\0]*$/');
|
||||
$custom_notes_show = intval_ressource($_POST['custom_notes_show']);
|
||||
$custom_notes_show = 0;
|
||||
if (isset($_POST['custom_notes_show'])) {
|
||||
$custom_notes_show = intval_ressource($_POST['custom_notes_show']);
|
||||
}
|
||||
|
||||
$loginname = validate($_POST['loginname'], 'loginname');
|
||||
$password = validate($_POST['admin_password'], 'password');
|
||||
@@ -498,7 +501,10 @@ if ($page == 'admins'
|
||||
$email = $idna_convert->encode(validate($_POST['email'], 'email'));
|
||||
|
||||
$custom_notes = validate(str_replace("\r\n", "\n", $_POST['custom_notes']), 'custom_notes', '/^[^\0]*$/');
|
||||
$custom_notes_show = intval_ressource($_POST['custom_notes_show']);
|
||||
$custom_notes_show = $result['custom_notes_show'];
|
||||
if (isset($_POST['custom_notes_show'])) {
|
||||
$custom_notes_show = intval_ressource($_POST['custom_notes_show']);
|
||||
}
|
||||
|
||||
if ($result['adminid'] == $userinfo['userid']) {
|
||||
|
||||
|
||||
@@ -420,7 +420,10 @@ if ($page == 'customers'
|
||||
$gender = intval_ressource($_POST['gender']);
|
||||
|
||||
$custom_notes = validate(str_replace("\r\n", "\n", $_POST['custom_notes']), 'custom_notes', '/^[^\0]*$/');
|
||||
$custom_notes_show = intval_ressource($_POST['custom_notes_show']);
|
||||
$custom_notes_show = 0;
|
||||
if (isset($_POST['custom_notes_show'])) {
|
||||
$custom_notes_show = intval_ressource($_POST['custom_notes_show']);
|
||||
}
|
||||
|
||||
$diskspace = intval_ressource($_POST['diskspace']);
|
||||
if (isset($_POST['diskspace_ul'])) {
|
||||
@@ -889,7 +892,7 @@ if ($page == 'customers'
|
||||
`domain` = :domain,
|
||||
`customerid` = :customerid,
|
||||
`adminid` = :adminid,
|
||||
`parentdomainid` = '-1',
|
||||
`parentdomainid` = '0',
|
||||
`documentroot` = :docroot,
|
||||
`zonefile` = '',
|
||||
`isemaildomain` = '0',
|
||||
@@ -1037,7 +1040,7 @@ if ($page == 'customers'
|
||||
*/
|
||||
$available_admins_stmt = Database::prepare("
|
||||
SELECT * FROM `" . TABLE_PANEL_ADMINS . "`
|
||||
WHERE (`customers` = '-1' OR `customers` < `customers_used`)"
|
||||
WHERE (`customers` = '-1' OR `customers` > `customers_used`)"
|
||||
);
|
||||
Database::pexecute($available_admins_stmt);
|
||||
$admin_select = makeoption("-----", 0, true, true, true);
|
||||
@@ -1073,7 +1076,10 @@ if ($page == 'customers'
|
||||
$move_to_admin = isset($_POST['move_to_admin']) ? intval_ressource($_POST['move_to_admin']) : 0;
|
||||
|
||||
$custom_notes = validate(str_replace("\r\n", "\n", $_POST['custom_notes']), 'custom_notes', '/^[^\0]*$/');
|
||||
$custom_notes_show = intval_ressource($_POST['custom_notes_show']);
|
||||
$custom_notes_show = $result['custom_notes_show'];
|
||||
if (isset($_POST['custom_notes_show'])) {
|
||||
$custom_notes_show = intval_ressource($_POST['custom_notes_show']);
|
||||
}
|
||||
|
||||
$diskspace = intval_ressource($_POST['diskspace']);
|
||||
if (isset($_POST['diskspace_ul'])) {
|
||||
@@ -1248,7 +1254,7 @@ if ($page == 'customers'
|
||||
`domain` = :domain,
|
||||
`customerid` = :customerid,
|
||||
`adminid` = :adminid,
|
||||
`parentdomainid` = '-1',
|
||||
`parentdomainid` = '0',
|
||||
`documentroot` = :docroot,
|
||||
`zonefile` = '',
|
||||
`isemaildomain` = '0',
|
||||
|
||||
33
index.php
33
index.php
@@ -119,15 +119,23 @@ if ($action == 'login') {
|
||||
redirectTo('index.php', array('showmessage' => '3'));
|
||||
exit;
|
||||
} elseif (validatePasswordLogin($userinfo, $password, $table, $uid)) {
|
||||
// login correct
|
||||
// reset loginfail_counter, set lastlogin_succ
|
||||
$stmt = Database::prepare("UPDATE $table
|
||||
SET `lastlogin_succ`= :lastlogin_succ, `loginfail_count`='0'
|
||||
WHERE `$uid`= :uid"
|
||||
);
|
||||
Database::pexecute($stmt, array("lastlogin_succ" => time(), "uid" => $userinfo[$uid]));
|
||||
$userinfo['userid'] = $userinfo[$uid];
|
||||
$userinfo['adminsession'] = $adminsession;
|
||||
// only show "you're banned" if the login was successfull
|
||||
// because we don't want to publish that the user does exist
|
||||
if ($userinfo['deactivated']) {
|
||||
unset($userinfo);
|
||||
redirectTo('index.php', array('showmessage' => '5'));
|
||||
exit;
|
||||
} else {
|
||||
// login correct
|
||||
// reset loginfail_counter, set lastlogin_succ
|
||||
$stmt = Database::prepare("UPDATE $table
|
||||
SET `lastlogin_succ`= :lastlogin_succ, `loginfail_count`='0'
|
||||
WHERE `$uid`= :uid"
|
||||
);
|
||||
Database::pexecute($stmt, array("lastlogin_succ" => time(), "uid" => $userinfo[$uid]));
|
||||
$userinfo['userid'] = $userinfo[$uid];
|
||||
$userinfo['adminsession'] = $adminsession;
|
||||
}
|
||||
} else {
|
||||
// login incorrect
|
||||
$stmt = Database::prepare("UPDATE $table
|
||||
@@ -269,6 +277,9 @@ if ($action == 'login') {
|
||||
case 7:
|
||||
$message = $lng['pwdreminder']['wrongcode'];
|
||||
break;
|
||||
case 8:
|
||||
$message = $lng['pwdreminder']['notallowed'];
|
||||
break;
|
||||
}
|
||||
|
||||
$update_in_progress = '';
|
||||
@@ -326,8 +337,8 @@ if ($action == 'forgotpwd') {
|
||||
|
||||
/* Check whether user is banned */
|
||||
if ($user['deactivated']) {
|
||||
$message = $lng['pwdreminder']['notallowed'];
|
||||
redirectTo('index.php', array('showmessage' => '5'));
|
||||
redirectTo('index.php', array('showmessage' => '8'));
|
||||
exit;
|
||||
}
|
||||
|
||||
if (($adminchecked && Settings::Get('panel.allow_preset_admin') == '1') || $adminchecked == false) {
|
||||
|
||||
@@ -538,7 +538,7 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
|
||||
('panel', 'password_numeric', '0'),
|
||||
('panel', 'password_special_char_required', '0'),
|
||||
('panel', 'password_special_char', '!?<>§$%+#=@'),
|
||||
('panel', 'version', '0.9.33');
|
||||
('panel', 'version', '0.9.33.1');
|
||||
|
||||
|
||||
DROP TABLE IF EXISTS `panel_tasks`;
|
||||
|
||||
@@ -2892,3 +2892,11 @@ if (isFroxlorVersion('0.9.33-rc3')) {
|
||||
updateToVersion('0.9.33');
|
||||
|
||||
}
|
||||
|
||||
if (isFroxlorVersion('0.9.33')) {
|
||||
|
||||
showUpdateStep("Updating from 0.9.33 to 0.9.33.1");
|
||||
lastStepStatus(0);
|
||||
updateToVersion('0.9.33.1');
|
||||
|
||||
}
|
||||
|
||||
@@ -264,7 +264,7 @@ class Database {
|
||||
'charset' => 'utf8'
|
||||
);
|
||||
|
||||
if (!validateLocalHostname($host) && !validate_ip2($host, true, 'invalidip', true)) {
|
||||
if (!validateLocalHostname($host) && !validate_ip2($host, true, 'invalidip', true, true)) {
|
||||
$dbconf["dsn"]['unix_socket'] = makeCorrectFile($host);
|
||||
} else {
|
||||
$dbconf["dsn"]['host'] = $host;
|
||||
|
||||
@@ -250,7 +250,7 @@ class phpinterface_fpm {
|
||||
|
||||
$php_ini_variables = array(
|
||||
'SAFE_MODE' => 'Off', // keep this for compatibility, just in case
|
||||
'PEAR_DIR' => Settings::Get('system.mod_fcgid_peardir'),
|
||||
'PEAR_DIR' => Settings::Get('phpfpm.peardir'),
|
||||
'TMP_DIR' => $this->getTempDir(),
|
||||
'CUSTOMER_EMAIL' => $this->_domain['email'],
|
||||
'ADMIN_EMAIL' => $admin['email'],
|
||||
|
||||
@@ -403,7 +403,8 @@ return array(
|
||||
'chmod 600 /usr/local/etc/libnss-mysql.cfg /usr/local/etc/libnss-mysql-root.cfg'
|
||||
),
|
||||
'restart' => array(
|
||||
'sh /etc/rc.d/nscd restart'
|
||||
'sh /etc/rc.d/nscd restart',
|
||||
'nscd --invalidate=group'
|
||||
)
|
||||
),
|
||||
'logrotate' => array(
|
||||
|
||||
@@ -410,7 +410,8 @@ milter_default_action = accept" >> /etc/postfix/main.cf',
|
||||
'rc-update add nscd default'
|
||||
),
|
||||
'restart' => array(
|
||||
'/etc/init.d/nscd restart'
|
||||
'/etc/init.d/nscd restart',
|
||||
'nscd --invalidate=group'
|
||||
)
|
||||
),
|
||||
'logrotate' => array(
|
||||
|
||||
@@ -393,7 +393,8 @@ return array(
|
||||
'etc_nsswitch.conf' => '/etc/nsswitch.conf',
|
||||
),
|
||||
'restart' => array(
|
||||
'/etc/init.d/nscd restart'
|
||||
'/etc/init.d/nscd restart',
|
||||
'nscd --invalidate=group'
|
||||
)
|
||||
),
|
||||
'logrotate' => array(
|
||||
|
||||
@@ -395,7 +395,8 @@ return array(
|
||||
'etc_nsswitch.conf' => '/etc/nsswitch.conf',
|
||||
),
|
||||
'restart' => array(
|
||||
'/etc/init.d/nscd restart'
|
||||
'/etc/init.d/nscd restart',
|
||||
'nscd --invalidate=group'
|
||||
)
|
||||
),
|
||||
'logrotate' => array(
|
||||
|
||||
@@ -392,7 +392,8 @@ return array(
|
||||
'etc_nsswitch.conf' => '/etc/nsswitch.conf',
|
||||
),
|
||||
'restart' => array(
|
||||
'/etc/init.d/nscd restart'
|
||||
'/etc/init.d/nscd restart',
|
||||
'nscd --invalidate=group'
|
||||
)
|
||||
),
|
||||
'logrotate' => array(
|
||||
|
||||
@@ -390,7 +390,8 @@ return array(
|
||||
'etc_nsswitch.conf' => '/etc/nsswitch.conf',
|
||||
),
|
||||
'restart' => array(
|
||||
'service nscd restart'
|
||||
'service nscd restart',
|
||||
'nscd --invalidate=group'
|
||||
)
|
||||
),
|
||||
'logrotate' => array(
|
||||
|
||||
@@ -397,7 +397,8 @@ return array(
|
||||
'etc_nsswitch.conf' => '/etc/nsswitch.conf',
|
||||
),
|
||||
'restart' => array(
|
||||
'/etc/init.d/nscd restart'
|
||||
'/etc/init.d/nscd restart',
|
||||
'nscd --invalidate=group'
|
||||
)
|
||||
),
|
||||
'logrotate' => array(
|
||||
|
||||
@@ -107,8 +107,14 @@ function validateFormFieldString($fieldname, $fielddata, $newfieldvalue)
|
||||
}
|
||||
}
|
||||
elseif (isset($fielddata['string_type']) && $fielddata['string_type'] == 'validate_ip') {
|
||||
$newfieldvalue = validate_ip2($newfieldvalue);
|
||||
$returnvalue = ($newfieldvalue !== false ? true : 'invalidip');
|
||||
// check for empty value (it might be allowed)
|
||||
if (trim($newfieldvalue) == '') {
|
||||
$newfieldvalue = '';
|
||||
$returnvalue = 'stringmustntbeempty';
|
||||
} else {
|
||||
$newfieldvalue = validate_ip2($newfieldvalue, true);
|
||||
$returnvalue = ($newfieldvalue !== false ? true : 'invalidip');
|
||||
}
|
||||
}
|
||||
elseif (preg_match('/^[^\r\n\t\f\0]*$/D', $newfieldvalue)) {
|
||||
$returnvalue = true;
|
||||
|
||||
@@ -10,6 +10,9 @@
|
||||
* @return true on sucess, error-message on failure
|
||||
*/
|
||||
function moveCustomerToAdmin($id = 0, $adminid = 0) {
|
||||
|
||||
global $log;
|
||||
|
||||
if ($id <= 0 || $adminid <= 0) {
|
||||
return "no valid id's given";
|
||||
}
|
||||
@@ -23,12 +26,14 @@ function moveCustomerToAdmin($id = 0, $adminid = 0) {
|
||||
'cid' => $id
|
||||
) );
|
||||
|
||||
$log->logAction(ADM_ACTION, LOG_INFO, "moved user #" . $id . " from admin/reseller #".$cAdmin['adminid']." to admin/reseller #".$adminid);
|
||||
|
||||
// Update customer entry
|
||||
$updCustomer_stmt = Database::prepare ( "
|
||||
UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `adminid` = :adminid WHERE `customerid` = :cid
|
||||
" );
|
||||
Database::pexecute ( $updCustomer_stmt, array (
|
||||
'adminid' => $cAdmin ['adminid'],
|
||||
'adminid' => $adminid,
|
||||
'cid' => $id
|
||||
) );
|
||||
|
||||
@@ -37,7 +42,7 @@ function moveCustomerToAdmin($id = 0, $adminid = 0) {
|
||||
UPDATE `" . TABLE_PANEL_DOMAINS . "` SET `adminid` = :adminid WHERE `customerid` = :cid
|
||||
" );
|
||||
Database::pexecute ( $updDomains_stmt, array (
|
||||
'adminid' => $cAdmin ['adminid'],
|
||||
'adminid' => $adminid,
|
||||
'cid' => $id
|
||||
) );
|
||||
|
||||
@@ -46,7 +51,7 @@ function moveCustomerToAdmin($id = 0, $adminid = 0) {
|
||||
UPDATE `" . TABLE_PANEL_TICKETS . "` SET `adminid` = :adminid WHERE `customerid` = :cid
|
||||
" );
|
||||
Database::pexecute ( $updTickets_stmt, array (
|
||||
'adminid' => $cAdmin ['adminid'],
|
||||
'adminid' => $adminid,
|
||||
'cid' => $id
|
||||
) );
|
||||
|
||||
|
||||
46
lib/functions/system/function.getAvailablePasswordHashes.php
Normal file
46
lib/functions/system/function.getAvailablePasswordHashes.php
Normal file
@@ -0,0 +1,46 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* This file is part of the Froxlor project.
|
||||
* Copyright (c) 2015 the Froxlor Team (see authors).
|
||||
*
|
||||
* For the full copyright and license information, please view the COPYING
|
||||
* file that was distributed with this source code. You can also view the
|
||||
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
|
||||
*
|
||||
* @copyright (c) the authors
|
||||
* @author Froxlor team <team@froxlor.org> (2014-)
|
||||
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
|
||||
* @package Functions
|
||||
*
|
||||
* @since 0.9.33.1
|
||||
*/
|
||||
|
||||
/**
|
||||
* return an array of available hashes for the crypt() function
|
||||
*
|
||||
* @return array
|
||||
*/
|
||||
function getAvailablePasswordHashes()
|
||||
{
|
||||
global $lng;
|
||||
|
||||
// get available pwd-hases
|
||||
$available_pwdhashes = array(
|
||||
0 => $lng['serversettings']['systemdefault']
|
||||
);
|
||||
if (defined('CRYPT_MD5') && CRYPT_MD5 == 1) {
|
||||
$available_pwdhashes[1] = 'MD5';
|
||||
}
|
||||
if (defined('CRYPT_BLOWFISH') && CRYPT_BLOWFISH == 1) {
|
||||
$available_pwdhashes[2] = 'BLOWFISH';
|
||||
}
|
||||
if (defined('CRYPT_SHA256') && CRYPT_SHA256 == 1) {
|
||||
$available_pwdhashes[3] = 'SHA-256';
|
||||
}
|
||||
if (defined('CRYPT_SHA512') && CRYPT_SHA512 == 1) {
|
||||
$available_pwdhashes[4] = 'SHA-512';
|
||||
}
|
||||
|
||||
return $available_pwdhashes;
|
||||
}
|
||||
@@ -23,7 +23,7 @@ function checkMysqlAccessHost($fieldname, $fielddata, $newfieldvalue, $allnewfie
|
||||
|
||||
foreach ($mysql_access_host_array as $host_entry) {
|
||||
|
||||
if (validate_ip2($host_entry, true, 'invalidip', true) == false
|
||||
if (validate_ip2($host_entry, true, 'invalidip', true, true) == false
|
||||
&& validateDomain($host_entry) == false
|
||||
&& validateLocalHostname($host_entry) == false
|
||||
&& $host_entry != '%'
|
||||
|
||||
@@ -44,13 +44,21 @@ function validate_ip($ip, $return_bool = false, $lng = 'invalidip') {
|
||||
/**
|
||||
* Checks whether it is a valid ip
|
||||
*
|
||||
* @return mixed ip address on success, false on failure
|
||||
* @param string $ip ip-address to check
|
||||
* @param bool $return_bool whether to return bool or call standard_error()
|
||||
* @param string $lng index for error-message (if $return_bool is false)
|
||||
* @param bool $allow_localhost whether to allow 127.0.0.1
|
||||
* @param bool $allow_priv whether to allow private network addresses
|
||||
*
|
||||
* @return string|bool ip address on success, false on failure
|
||||
*/
|
||||
function validate_ip2($ip, $return_bool = false, $lng = 'invalidip', $allow_localhost = false) {
|
||||
function validate_ip2($ip, $return_bool = false, $lng = 'invalidip', $allow_localhost = false, $allow_priv = false) {
|
||||
|
||||
$filter_lan = $allow_priv ? FILTER_FLAG_NO_RES_RANGE : (FILTER_FLAG_NO_RES_RANGE | FILTER_FLAG_NO_PRIV_RANGE);
|
||||
|
||||
if ((filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)
|
||||
|| filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4))
|
||||
&& filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_RES_RANGE | FILTER_FLAG_NO_PRIV_RANGE)
|
||||
&& filter_var($ip, FILTER_VALIDATE_IP, $filter_lan)
|
||||
) {
|
||||
return $ip;
|
||||
}
|
||||
|
||||
@@ -51,6 +51,6 @@ define('TABLE_PANEL_DOMAIN_SSL_SETTINGS', 'domain_ssl_settings');
|
||||
define('TABLE_DOMAINTOIP', 'panel_domaintoip');
|
||||
|
||||
// VERSION INFO
|
||||
$version = '0.9.33';
|
||||
$version = '0.9.33.1';
|
||||
$dbversion = '2';
|
||||
$branding = '';
|
||||
|
||||
@@ -449,7 +449,7 @@ class nginx {
|
||||
|
||||
// Clean user defined settings
|
||||
$vhost_usr = str_replace("\r", "\n", $vhost_usr); // Remove windows linebreaks
|
||||
$vhost_usr = str_replace(array("{", "}"), array("{\n", "\n}"), $vhost_usr); // Break blocks into lines
|
||||
$vhost_usr = str_replace(array("{ ", " }"), array("{\n", "\n}"), $vhost_usr); // Break blocks into lines
|
||||
$vhost_usr = explode("\n", preg_replace('/[ \t]+/', ' ', trim(preg_replace('/\t+/', '', $vhost_usr)))); // Break into array items
|
||||
$vhost_usr = array_filter($vhost_usr, create_function('$a','return preg_match("#\S#", $a);')); // Remove empty lines
|
||||
|
||||
|
||||
@@ -1,3 +1,3 @@
|
||||
|
||||
# added for Froxlor
|
||||
dovecot unix - n n - - pipe flags=DRhu user=vmail:mail argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${recipient}
|
||||
dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${recipient}
|
||||
|
||||
Reference in New Issue
Block a user