From f77a4fa894772cc7e4894b267e9eea6873d1fef2 Mon Sep 17 00:00:00 2001 From: David Ramos Date: Mon, 27 Nov 2017 11:28:41 +0100 Subject: [PATCH] =?UTF-8?q?Recuperaci=C3=B3n=20de=20los=20distintos=20pref?= =?UTF-8?q?ix=20para=20la=20creaci=C3=B3n=20de=20los=20nombres=20y=20usuar?= =?UTF-8?q?ios=20de=20bases=20de=20datos=20y=20usuarios=20de=20FTP?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 0 database_edit.php | 513 +++++++++++++++++++++++++++++ database_user_edit.php | 249 ++++++++++++++ form/database.tform.php | 194 +++++++++++ form/database_user.tform.php | 134 ++++++++ form/ftp_user.tform.php | 303 +++++++++++++++++ fpdf/font/arial-narrow.php | 0 fpdf/font/arial-narrow.ttf | Bin fpdf/font/arial-narrow.z | Bin ftp_user_edit.php | 221 +++++++++++++ imagen/open6-logo.png | Bin lib/admin.conf.php | 0 lib/lang/en_ftp_user.lng | 36 ++ lib/lang/en_new_service_webdns.lng | 23 ++ lib/lang/en_template.lng | 0 lib/lang/es_database.lng | 49 +++ lib/lang/es_ftp_user.lng | 35 ++ lib/lang/es_new_service_webdns.lng | 23 ++ lib/lang/es_template.lng | 0 lib/module.conf.php | 10 +- lib/remote.conf.php | 0 list/template.list.php | 0 new_service_webdns.php | 353 +++++++++++++++++--- templates/database_edit.htm | 157 +++++++++ templates/ftp_user_edit.htm | 67 ++++ templates/new_service_webdns.htm | 369 ++++----------------- webdns_db.sql | 0 27 files changed, 2388 insertions(+), 348 deletions(-) mode change 100644 => 100755 README.md create mode 100755 database_edit.php create mode 100755 database_user_edit.php create mode 100755 form/database.tform.php create mode 100755 form/database_user.tform.php create mode 100755 form/ftp_user.tform.php mode change 100644 => 100755 fpdf/font/arial-narrow.php mode change 100644 => 100755 fpdf/font/arial-narrow.ttf mode change 100644 => 100755 fpdf/font/arial-narrow.z create mode 100755 ftp_user_edit.php mode change 100644 => 100755 imagen/open6-logo.png mode change 100644 => 100755 lib/admin.conf.php create mode 100755 lib/lang/en_ftp_user.lng mode change 100644 => 100755 lib/lang/en_new_service_webdns.lng mode change 100644 => 100755 lib/lang/en_template.lng create mode 100755 lib/lang/es_database.lng create mode 100755 lib/lang/es_ftp_user.lng mode change 100644 => 100755 lib/lang/es_new_service_webdns.lng mode change 100644 => 100755 lib/lang/es_template.lng mode change 100644 => 100755 lib/module.conf.php mode change 100644 => 100755 lib/remote.conf.php mode change 100644 => 100755 list/template.list.php create mode 100755 templates/database_edit.htm create mode 100755 templates/ftp_user_edit.htm mode change 100644 => 100755 templates/new_service_webdns.htm mode change 100644 => 100755 webdns_db.sql diff --git a/README.md b/README.md old mode 100644 new mode 100755 diff --git a/database_edit.php b/database_edit.php new file mode 100755 index 0000000..213063a --- /dev/null +++ b/database_edit.php @@ -0,0 +1,513 @@ +auth->check_module_permissions('sites'); + +// Loading classes +$app->uses('tpl,tform,tform_actions'); +$app->load('tform_actions'); + +class page_action extends tform_actions { + + function onShowNew() { + global $app, $conf; + + // we will check only users, not admins + if($_SESSION["s"]["user"]["typ"] == 'user') { + if(!$app->tform->checkClientLimit('limit_database')) { + $app->error($app->tform->wordbook["limit_database_txt"]); + } + if(!$app->tform->checkResellerLimit('limit_database')) { + $app->error('Reseller: '.$app->tform->wordbook["limit_database_txt"]); + } + } else { + $settings = $app->getconf->get_global_config('sites'); + $app->tform->formDef['tabs']['database']['fields']['server_id']['default'] = intval($settings['default_dbserver']); + } + + parent::onShowNew(); + } + + function onShowEnd() { + global $app, $conf, $interfaceConf; + + if($_SESSION["s"]["user"]["typ"] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) { + + // Get the limits of the client + $client_group_id = $_SESSION["s"]["user"]["default_group"]; + $client = $app->db->queryOneRecord("SELECT db_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id); + + // Set the webserver to the default server of the client + $tmp = $app->db->queryAllRecords("SELECT server_id, server_name FROM server WHERE server_id IN ?", explode(',', $client['db_servers'])); + + $only_one_server = count($tmp) === 1; + $app->tpl->setVar('only_one_server', $only_one_server); + + if ($only_one_server) { + $app->tpl->setVar('server_id_value', $tmp[0]['server_id']); + } + + foreach ($tmp as $db_server) { + $options_db_servers .= ''; + } + + $app->tpl->setVar("server_id", $options_db_servers); + unset($tmp); + + } elseif ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSION['s']['user']['userid'])) { + + // Get the limits of the client + $client_group_id = $_SESSION["s"]["user"]["default_group"]; + $client = $app->db->queryOneRecord("SELECT client.client_id, limit_web_domain, db_servers, contact_name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id); + + // Set the webserver to the default server of the client + $tmp = $app->db->queryAllRecords("SELECT server_id, server_name FROM server WHERE server_id IN ?", explode(',', $client['db_servers'])); + + $only_one_server = count($tmp) === 1; + $app->tpl->setVar('only_one_server', $only_one_server); + + if ($only_one_server) { + $app->tpl->setVar('server_id_value', $tmp[0]['server_id']); + } + + foreach ($tmp as $db_server) { + $options_db_servers .= ''; + } + + $app->tpl->setVar("server_id", $options_db_servers); + unset($tmp); + + } else { + + // The user is admin + if($this->id > 0) { + $server_id = $this->dataRecord["server_id"]; + } else { + // Get the first server ID + $tmp = $app->db->queryOneRecord("SELECT server_id FROM server WHERE web_server = 1 ORDER BY server_name LIMIT 0,1"); + $server_id = $tmp['server_id']; + } + + } + + /* + * If the names are restricted -> remove the restriction, so that the + * data can be edited + */ + + //* Get the database name and database user prefix + $app->uses('getconf,tools_sites'); + $global_config = $app->getconf->get_global_config('sites'); + $dbname_prefix = $app->tools_sites->replacePrefix($global_config['dbname_prefix'], $this->dataRecord); + + if ($this->dataRecord['database_name'] != ""){ + /* REMOVE the restriction */ + $app->tpl->setVar("database_name", $app->tools_sites->removePrefix($this->dataRecord['database_name'], $this->dataRecord['database_name_prefix'], $dbname_prefix)); + } + + if($this->dataRecord['database_name'] == "") { + $app->tpl->setVar("database_name_prefix", $dbname_prefix); + } else { + $app->tpl->setVar("database_name_prefix", $app->tools_sites->getPrefix($this->dataRecord['database_name_prefix'], $dbname_prefix, $global_config['dbname_prefix'])); + } + + if($this->id > 0) { + //* we are editing a existing record + $edit_disabled = @($_SESSION["s"]["user"]["typ"] == 'admin')? 0 : 1; //* admin can change the database-name + $app->tpl->setVar("edit_disabled", $edit_disabled); + $app->tpl->setVar("server_id_value", $this->dataRecord["server_id"]); + $app->tpl->setVar("database_charset_value", $this->dataRecord["database_charset"]); + $app->tpl->setVar("limit_database_quota", $this->dataRecord["database_quota"]); + } else { + $app->tpl->setVar("edit_disabled", 0); + } + + parent::onShowEnd(); + } + + function onSubmit() { + global $app, $conf; + + $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ? AND ".$app->tform->getAuthSQL('r'), @$this->dataRecord["parent_domain_id"]); + if(!$parent_domain || $parent_domain['domain_id'] != @$this->dataRecord['parent_domain_id']) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm"); + + if($_SESSION["s"]["user"]["typ"] != 'admin') { + // Get the limits of the client + $client_group_id = $_SESSION["s"]["user"]["default_group"]; + $client = $app->db->queryOneRecord("SELECT db_servers, limit_database, limit_database_quota, parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.groupid = ?", $client_group_id); + + // When the record is updated + if($this->id > 0) { + // restore the server ID if the user is not admin and record is edited + $tmp = $app->db->queryOneRecord("SELECT server_id FROM web_database WHERE database_id = ?", $app->functions->intval($this->id)); + $this->dataRecord["server_id"] = $tmp["server_id"]; + unset($tmp); + //* Check client quota + if ($client['limit_database_quota'] >= 0) { + //* get the database prefix + $app->uses('getconf,tools_sites'); + $global_config = $app->getconf->get_global_config('sites'); + $dbname_prefix = $app->tools_sites->replacePrefix($global_config['dbname_prefix'], $this->dataRecord); + //* get quota from other databases + $tmp = $app->db->queryOneRecord("SELECT sum(database_quota) as db_quota FROM web_database WHERE sys_groupid = ? AND database_name <> ?", $client_group_id, $dbname_prefix.$this->dataRecord['database_name']); + $used_quota = $app->functions->intval($tmp['db_quota']); + $new_db_quota = $app->functions->intval($this->dataRecord["database_quota"]); + if(($used_quota + $new_db_quota > $client['limit_database_quota']) || ($new_db_quota < 0 && $client['limit_database_quota'] >= 0)) { + $max_free_quota = floor($client['limit_database_quota'] - $used_quota); + if($max_free_quota < 0) { + $max_free_quota = 0; + } + $app->tform->errorMessage .= $app->tform->lng("limit_database_quota_free_txt").": ".$max_free_quota." MB
"; + $this->dataRecord['database_quota'] = $max_free_quota; + } + unset($tmp); + unset($global_config); + unset($dbname_prefix); + } + + if($client['parent_client_id'] > 0) { + // Get the limits of the reseller + $reseller = $app->db->queryOneRecord("SELECT limit_database, limit_database_quota FROM client WHERE client_id = ?", $client['parent_client_id']); + + //* Check the website quota of the client + if ($reseller['limit_database_quota'] >= 0) { + //* get the database prefix + $app->uses('getconf,tools_sites'); + $global_config = $app->getconf->get_global_config('sites'); + $dbname_prefix = $app->tools_sites->replacePrefix($global_config['dbname_prefix'], $this->dataRecord); + //* get quota from other databases + $tmp = $app->db->queryOneRecord("SELECT sum(database_quota) as db_quota FROM web_database, sys_group, client WHERE web_database.sys_groupid=sys_group.groupid AND sys_group.client_id=client.client_id AND ? IN (client.parent_client_id, client.client_id) AND database_name <> ?", $client['parent_client_id'], $dbname_prefix.$this->dataRecord['database_name']); + + $used_quota = $app->functions->intval($tmp['db_quota']); + $new_db_quota = $app->functions->intval($this->dataRecord["database_quota"]); + if(($used_quota + $new_db_quota > $reseller["limit_database_quota"]) || ($new_db_quota < 0 && $reseller["limit_database_quota"] >= 0)) { + $max_free_quota = floor($reseller["limit_database_quota"] - $used_quota); + if($max_free_quota < 0) $max_free_quota = 0; + $app->tform->errorMessage .= $app->tform->lng("limit_database_quota_free_txt").": ".$max_free_quota." MB
"; + $this->dataRecord["database_quota"] = $max_free_quota; + } + unset($tmp); + unset($global_config); + unset($dbname_prefix); + } + } + // When the record is inserted + } else { + $client['db_servers_ids'] = explode(',', $client['db_servers']); + + // Check if chosen server is in authorized servers for this client + if (!(is_array($client['db_servers_ids']) && in_array($this->dataRecord["server_id"], $client['db_servers_ids'])) && $_SESSION["s"]["user"]["typ"] != 'admin') { + $app->error($app->tform->wordbook['error_not_allowed_server_id']); + } + + // Check if the user may add another database + if($client["limit_database"] >= 0) { + $tmp = $app->db->queryOneRecord("SELECT count(database_id) as number FROM web_database WHERE sys_groupid = ?", $client_group_id); + if($tmp["number"] >= $client["limit_database"]) { + $app->error($app->tform->wordbook["limit_database_txt"]); + } + } + + //* Check client quota + if ($client['limit_database_quota'] >= 0) { + $tmp = $app->db->queryOneRecord("SELECT sum(database_quota) as db_quota FROM web_database WHERE sys_groupid = ?", $client_group_id); + $db_quota = $tmp['db_quota']; + $new_db_quota = $app->functions->intval($this->dataRecord["database_quota"]); + if(($db_quota + $new_db_quota > $client['limit_database_quota']) || ($new_db_quota < 0 && $client['limit_database_quota'] >= 0)) { + $max_free_quota = floor($client['limit_database_quota'] - $db_quota); + if($max_free_quota < 0) $max_free_quota = 0; + $app->tform->errorMessage .= $app->tform->lng("limit_database_quota_free_txt").": ".$max_free_quota." MB
"; + $this->dataRecord['database_quota'] = $max_free_quota; + } + unset($tmp); + } + } + } else { + // check if client of database parent domain is client of db user! + $web_group = $app->db->queryOneRecord("SELECT sys_groupid FROM web_domain WHERE domain_id = ?", $this->dataRecord['parent_domain_id']); + if($this->dataRecord['database_user_id']) { + $group = $app->db->queryOneRecord("SELECT sys_groupid FROM web_database_user WHERE database_user_id = ?", $this->dataRecord['database_user_id']); + if($group['sys_groupid'] != $web_group['sys_groupid']) { + $app->error($app->tform->wordbook['database_client_differs_txt']); + } + } + if($this->dataRecord['database_ro_user_id']) { + $group = $app->db->queryOneRecord("SELECT sys_groupid FROM web_database_user WHERE database_user_id = ?", $this->dataRecord['database_ro_user_id']); + if($group['sys_groupid'] != $web_group['sys_groupid']) { + $app->error($app->tform->wordbook['database_client_differs_txt']); + } + } + } + + + parent::onSubmit(); + } + + function onBeforeUpdate() { + global $app, $conf, $interfaceConf; + + //* Site shall not be empty + if($this->dataRecord['parent_domain_id'] == 0) $app->tform->errorMessage .= $app->tform->lng("database_site_error_empty").'
'; + + //* Get the database name and database user prefix + $app->uses('getconf,tools_sites'); + $global_config = $app->getconf->get_global_config('sites'); + $dbname_prefix = $app->tools_sites->replacePrefix($global_config['dbname_prefix'], $this->dataRecord); + + //* Prevent that the database name and charset is changed + $old_record = $app->tform->getDataRecord($this->id); + $dbname_prefix = $app->tools_sites->getPrefix($old_record['database_name_prefix'], $dbname_prefix); + $this->dataRecord['database_name_prefix'] = $dbname_prefix; + + //* Only admin can change the database name + if ($_SESSION["s"]["user"]["typ"] != 'admin') { + if($old_record["database_name"] != $dbname_prefix . $this->dataRecord["database_name"]) { + $app->tform->errorMessage .= $app->tform->wordbook["database_name_change_txt"].'
'; + } + } + if($old_record["database_charset"] != $this->dataRecord["database_charset"]) { + $app->tform->errorMessage .= $app->tform->wordbook["database_charset_change_txt"].'
'; + } + + if(!$this->dataRecord['database_user_id']) { + $app->tform->errorMessage .= $app->tform->wordbook["database_user_missing_txt"].'
'; + } + + //* Database username and database name shall not be empty + if($this->dataRecord['database_name'] == '') $app->tform->errorMessage .= $app->tform->wordbook["database_name_error_empty"].'
'; + + //* Check if the server has been changed + // We do this only for the admin or reseller users, as normal clients can not change the server ID anyway + if($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) { + if($old_record["server_id"] != $this->dataRecord["server_id"]) { + //* Add a error message and switch back to old server + $app->tform->errorMessage .= $app->lng('The Server can not be changed.'); + $this->dataRecord["server_id"] = $rec['server_id']; + } + } + unset($old_record); + + if(strlen($dbname_prefix . $this->dataRecord['database_name']) > 64) $app->tform->errorMessage .= str_replace('{db}', $dbname_prefix . $this->dataRecord['database_name'], $app->tform->wordbook["database_name_error_len"]).'
'; + + //* Check database name and user against blacklist + $dbname_blacklist = array($conf['db_database'], 'mysql'); + if(in_array($dbname_prefix . $this->dataRecord['database_name'], $dbname_blacklist)) { + $app->tform->errorMessage .= $app->lng('Database name not allowed.').'
'; + } + + if ($app->tform->errorMessage == ''){ + /* restrict the names if there is no error */ + /* crop user and db names if they are too long -> mysql: user: 16 chars / db: 64 chars */ + $this->dataRecord['database_name'] = substr($dbname_prefix . $this->dataRecord['database_name'], 0, 64); + } + + //* Check for duplicates + $tmp = $app->db->queryOneRecord("SELECT count(database_id) as dbnum FROM web_database WHERE database_name = ? AND server_id = ? AND database_id != ?", $this->dataRecord['database_name'], $this->dataRecord["server_id"], $this->id); + if($tmp['dbnum'] > 0) $app->tform->errorMessage .= $app->lng('database_name_error_unique').'
'; + + // get the web server ip (parent domain) + $tmp = $app->db->queryOneRecord("SELECT server_id FROM web_domain WHERE domain_id = ?", $this->dataRecord['parent_domain_id']); + if($tmp['server_id'] && $tmp['server_id'] != $this->dataRecord['server_id']) { + // we need remote access rights for this server, so get it's ip address + $server_config = $app->getconf->get_server_config($tmp['server_id'], 'server'); + if($server_config['ip_address']!='') { + if($this->dataRecord['remote_access'] != 'y'){ + $this->dataRecord['remote_ips'] = $server_config['ip_address']; + $this->dataRecord['remote_access'] = 'y'; + } else { + if($this->dataRecord['remote_ips'] != ''){ + if(preg_match('/(^|,)' . preg_quote($server_config['ip_address'], '/') . '(,|$)/', $this->dataRecord['remote_ips']) == false) { + $this->dataRecord['remote_ips'] .= ',' . $server_config['ip_address']; + } + $tmp = preg_split('/\s*,\s*/', $this->dataRecord['remote_ips']); + $tmp = array_unique($tmp); + $this->dataRecord['remote_ips'] = implode(',', $tmp); + unset($tmp); + } + } + } + } + + if ($app->tform->errorMessage == '') { + // force update of the used database user + if($this->dataRecord['database_user_id']) { + $user_old_rec = $app->db->queryOneRecord('SELECT * FROM `web_database_user` WHERE `database_user_id` = ?', $this->dataRecord['database_user_id']); + if($user_old_rec) { + $user_new_rec = $user_old_rec; + $user_new_rec['server_id'] = $this->dataRecord['server_id']; + $app->db->datalogSave('web_database_user', 'UPDATE', 'database_user_id', $this->dataRecord['database_user_id'], $user_old_rec, $user_new_rec); + } + } + if($this->dataRecord['database_ro_user_id']) { + $user_old_rec = $app->db->queryOneRecord('SELECT * FROM `web_database_user` WHERE `database_user_id` = ?', $this->dataRecord['database_ro_user_id']); + if($user_old_rec) { + $user_new_rec = $user_old_rec; + $user_new_rec['server_id'] = $this->dataRecord['server_id']; + $app->db->datalogSave('web_database_user', 'UPDATE', 'database_user_id', $this->dataRecord['database_ro_user_id'], $user_old_rec, $user_new_rec); + } + } + } + + parent::onBeforeUpdate(); + } + + function onBeforeInsert() { + global $app, $conf, $interfaceConf; + + //* Site shell not be empty + if($this->dataRecord['parent_domain_id'] == 0) $app->tform->errorMessage .= $app->tform->lng("database_site_error_empty").'
'; + + //* Database username and database name shall not be empty + if($this->dataRecord['database_name'] == '') $app->tform->errorMessage .= $app->tform->wordbook["database_name_error_empty"].'
'; + + //* Get the database name and database user prefix + $app->uses('getconf,tools_sites'); + $global_config = $app->getconf->get_global_config('sites'); + $dbname_prefix = $app->tools_sites->replacePrefix($global_config['dbname_prefix'], $this->dataRecord); + $this->dataRecord['database_name_prefix'] = $dbname_prefix; + + if(strlen($dbname_prefix . $this->dataRecord['database_name']) > 64) $app->tform->errorMessage .= str_replace('{db}', $dbname_prefix . $this->dataRecord['database_name'], $app->tform->wordbook["database_name_error_len"]).'
'; + + //* Check database name and user against blacklist + $dbname_blacklist = array($conf['db_database'], 'mysql'); + if(in_array($dbname_prefix . $this->dataRecord['database_name'], $dbname_blacklist)) { + $app->tform->errorMessage .= $app->lng('Database name not allowed.').'
'; + } + + /* restrict the names */ + /* crop user and db names if they are too long -> mysql: user: 16 chars / db: 64 chars */ + if ($app->tform->errorMessage == ''){ + $this->dataRecord['database_name'] = substr($dbname_prefix . $this->dataRecord['database_name'], 0, 64); + } + + //* Check for duplicates + $tmp = $app->db->queryOneRecord("SELECT count(database_id) as dbnum FROM web_database WHERE database_name = ? AND server_id = ?", $this->dataRecord['database_name'], $this->dataRecord["server_id"]); + if($tmp['dbnum'] > 0) $app->tform->errorMessage .= $app->tform->lng('database_name_error_unique').'
'; + + // get the web server ip (parent domain) + $tmp = $app->db->queryOneRecord("SELECT server_id FROM web_domain WHERE domain_id = ?", $this->dataRecord['parent_domain_id']); + if($tmp['server_id'] && $tmp['server_id'] != $this->dataRecord['server_id']) { + // we need remote access rights for this server, so get it's ip address + $server_config = $app->getconf->get_server_config($tmp['server_id'], 'server'); + if($server_config['ip_address']!='') { + if($this->dataRecord['remote_access'] != 'y'){ + $this->dataRecord['remote_ips'] = $server_config['ip_address']; + $this->dataRecord['remote_access'] = 'y'; + } else { + if($this->dataRecord['remote_ips'] != ''){ + if(preg_match('/(^|,)' . preg_quote($server_config['ip_address'], '/') . '(,|$)/', $this->dataRecord['remote_ips']) == false) { + $this->dataRecord['remote_ips'] .= ',' . $server_config['ip_address']; + } + $tmp = preg_split('/\s*,\s*/', $this->dataRecord['remote_ips']); + $tmp = array_unique($tmp); + $this->dataRecord['remote_ips'] = implode(',', $tmp); + unset($tmp); + } + } + } + } + + if ($app->tform->errorMessage == '') { + // force update of the used database user + if($this->dataRecord['database_user_id']) { + $user_old_rec = $app->db->queryOneRecord('SELECT * FROM `web_database_user` WHERE `database_user_id` = ?', $this->dataRecord['database_user_id']); + if($user_old_rec) { + $user_new_rec = $user_old_rec; + $user_new_rec['server_id'] = $this->dataRecord['server_id']; + $app->db->datalogSave('web_database_user', 'UPDATE', 'database_user_id', $this->dataRecord['database_user_id'], $user_old_rec, $user_new_rec); + } + } + if($this->dataRecord['database_ro_user_id']) { + $user_old_rec = $app->db->queryOneRecord('SELECT * FROM `web_database_user` WHERE `database_user_id` = ?', $this->dataRecord['database_ro_user_id']); + if($user_old_rec) { + $user_new_rec = $user_old_rec; + $user_new_rec['server_id'] = $this->dataRecord['server_id']; + $app->db->datalogSave('web_database_user', 'UPDATE', 'database_user_id', $this->dataRecord['database_ro_user_id'], $user_old_rec, $user_new_rec); + } + } + } + + + parent::onBeforeInsert(); + } + + function onInsertSave($sql) { + global $app, $conf; + + $app->db->query($sql); + if($app->db->errorMessage != '') die($app->db->errorMessage); + $new_id = $app->db->insertID(); + + return $new_id; + } + + function onUpdateSave($sql) { + global $app; + if(!empty($sql) && !$app->tform->isReadonlyTab($app->tform->getCurrentTab(), $this->id)) { + + $app->db->query($sql); + if($app->db->errorMessage != '') die($app->db->errorMessage); + } + } + + function onAfterInsert() { + global $app, $conf; + + $app->uses('sites_database_plugin'); + $app->sites_database_plugin->processDatabaseInsert($this); + } + + function onAfterUpdate() { + global $app, $conf; + + $app->uses('sites_database_plugin'); + $app->sites_database_plugin->processDatabaseUpdate($this); + } + +} + +$page = new page_action; +$page->onLoad(); + +?> diff --git a/database_user_edit.php b/database_user_edit.php new file mode 100755 index 0000000..5224cc5 --- /dev/null +++ b/database_user_edit.php @@ -0,0 +1,249 @@ +auth->check_module_permissions('sites'); + +// Loading classes +$app->uses('tpl,tform,tform_actions'); +$app->load('tform_actions'); + +class page_action extends tform_actions { + + function onShowNew() { + global $app; + + // we will check only users, not admins + if($_SESSION['s']['user']['typ'] == 'user') { + if(!$app->tform->checkClientLimit('limit_database_user')) { + $app->error($app->tform->wordbook["limit_database_user_txt"]); + } + if(!$app->tform->checkResellerLimit('limit_database_user')) { + $app->error('Reseller: '.$app->tform->wordbook["limit_database_user_txt"]); + } + } + + parent::onShowNew(); + } + + function onShowEnd() { + global $app, $conf, $interfaceConf; + + /* + * If the names are restricted -> remove the restriction, so that the + * data can be edited + */ + + //* Get the database user prefix + $app->uses('getconf,tools_sites'); + $global_config = $app->getconf->get_global_config('sites'); + $dbuser_prefix = $app->tools_sites->replacePrefix($global_config['dbuser_prefix'], $this->dataRecord); + + if ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSION['s']['user']['userid'])) { + // Get the limits of the client + $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]); + $client = $app->db->queryOneRecord("SELECT client.company_name, client.contact_name, client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id); + + // Fill the client select field + $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name"; + $records = $app->db->queryAllRecords($sql, $client['client_id']); + $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']); + $client_select = ''; + //$tmp_data_record = $app->tform->getDataRecord($this->id); + if(is_array($records)) { + foreach( $records as $rec) { + $selected = @(is_array($this->dataRecord) && ($rec["groupid"] == $this->dataRecord['client_group_id'] || $rec["groupid"] == $this->dataRecord['sys_groupid']))?'SELECTED':''; + $client_select .= "\r\n"; + } + } + $app->tpl->setVar("client_group_id", $client_select); + } elseif($_SESSION["s"]["user"]["typ"] == 'admin') { + // Fill the client select field + $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.client_id > 0 ORDER BY client.company_name, client.contact_name, sys_group.name"; + $clients = $app->db->queryAllRecords($sql); + $client_select = ""; + //$tmp_data_record = $app->tform->getDataRecord($this->id); + if(is_array($clients)) { + foreach( $clients as $client) { + //$selected = @($client["groupid"] == $tmp_data_record["sys_groupid"])?'SELECTED':''; + $selected = @(is_array($this->dataRecord) && ($client["groupid"] == $this->dataRecord['client_group_id'] || $client["groupid"] == $this->dataRecord['sys_groupid']))?'SELECTED':''; + $client_select .= "\r\n"; + } + } + $app->tpl->setVar("client_group_id", $client_select); + } + + + if ($this->dataRecord['database_user'] != ""){ + /* REMOVE the restriction */ + $app->tpl->setVar("database_user", $app->tools_sites->removePrefix($this->dataRecord['database_user'], $this->dataRecord['database_user_prefix'], $dbuser_prefix)); + } + + if($this->dataRecord['database_user'] == "") { + $app->tpl->setVar("database_user_prefix", $dbuser_prefix); + } else { + $app->tpl->setVar("database_user_prefix", $app->tools_sites->getPrefix($this->dataRecord['database_user_prefix'], $dbuser_prefix, $global_config['dbuser_prefix'])); + } + + parent::onShowEnd(); + } + + function onSubmit() { + global $app; + + if($_SESSION['s']['user']['typ'] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) unset($this->dataRecord["client_group_id"]); + + parent::onSubmit(); + } + + function onBeforeUpdate() { + global $app, $conf, $interfaceConf; + + //* Get the database user prefix + $app->uses('getconf,tools_sites'); + $global_config = $app->getconf->get_global_config('sites'); + $dbuser_prefix = $app->tools_sites->replacePrefix($global_config['dbuser_prefix'], $this->dataRecord); + + $this->oldDataRecord = $app->db->queryOneRecord("SELECT * FROM web_database_user WHERE database_user_id = ?", $this->id); + + $dbuser_prefix = $app->tools_sites->getPrefix($this->oldDataRecord['database_user_prefix'], $dbuser_prefix); + $this->dataRecord['database_user_prefix'] = $dbuser_prefix; + + //* Database username shall not be empty + if($this->dataRecord['database_user'] == '') $app->tform->errorMessage .= $app->tform->wordbook["database_user_error_empty"].'
'; + + if(strlen($dbuser_prefix . $this->dataRecord['database_user']) > 16) $app->tform->errorMessage .= str_replace('{user}', htmlentities($dbuser_prefix . $this->dataRecord['database_user'], ENT_QUOTES, 'UTF-8'), $app->tform->wordbook["database_user_error_len"]).'
'; + + //* Check database user against blacklist + $dbuser_blacklist = array($conf['db_user'], 'mysql', 'root'); + if(in_array($dbuser_prefix . $this->dataRecord['database_user'], $dbuser_blacklist)) { + $app->tform->errorMessage .= $app->lng('Database user not allowed.').'
'; + } + + if ($app->tform->errorMessage == ''){ + /* restrict the names if there is no error */ + /* crop user and db names if they are too long -> mysql: user: 16 chars / db: 64 chars */ + $this->dataRecord['database_user'] = substr($dbuser_prefix . $this->dataRecord['database_user'], 0, 16); + } + + /* prepare password for MongoDB */ + // TODO: this still doens't work as when only the username changes we have no database_password. + // taking the one from oldData doesn't work as it's encrypted...shit! +/* + $this->dataRecord['database_password_mongo'] = $this->dataRecord['database_user'].":mongo:".$this->dataRecord['database_password']; + + $this->dataRecord['server_id'] = 0; // we need this on all servers +*/ + parent::onBeforeUpdate(); + } + + function onBeforeInsert() { + global $app, $conf, $interfaceConf; + + //* Database username shall not be empty + if($this->dataRecord['database_user'] == '') $app->tform->errorMessage .= $app->tform->wordbook["database_user_error_empty"].'
'; + + //* Database password shall not be empty + if($this->dataRecord['database_password'] == '') $app->tform->errorMessage .= $app->tform->wordbook["database_password_error_empty"].'
'; + + //* Get the database name and database user prefix + $app->uses('getconf,tools_sites'); + $global_config = $app->getconf->get_global_config('sites'); + $dbuser_prefix = $app->tools_sites->replacePrefix($global_config['dbuser_prefix'], $this->dataRecord); + + $this->dataRecord['database_user_prefix'] = $dbuser_prefix; + + if(strlen($dbuser_prefix . $this->dataRecord['database_user']) > 16) $app->tform->errorMessage .= str_replace('{user}', htmlentities($dbuser_prefix . $this->dataRecord['database_user'], ENT_QUOTES, 'UTF-8'), $app->tform->wordbook["database_user_error_len"]).'
'; + + //* Check database user against blacklist + $dbuser_blacklist = array($conf['db_user'], 'mysql', 'root'); + if(is_array($dbuser_blacklist) && in_array($dbuser_prefix . $this->dataRecord['database_user'], $dbuser_blacklist)) { + $app->tform->errorMessage .= $app->lng('Database user not allowed.').'
'; + } + + /* restrict the names */ + /* crop user names if they are too long -> mysql: user: 16 chars / db: 64 chars */ + if ($app->tform->errorMessage == ''){ + $this->dataRecord['database_user'] = substr($dbuser_prefix . $this->dataRecord['database_user'], 0, 16); + } + + $this->dataRecord['server_id'] = 0; // we need this on all servers + + /* prepare password for MongoDB */ +// $this->dataRecord['database_password_mongo'] = $this->dataRecord['database_user'].":mongo:".$this->dataRecord['database_password']; + + parent::onBeforeInsert(); + } + + function onAfterInsert() { + global $app, $conf; + + if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) { + $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]); + $app->db->query("UPDATE web_database_user SET sys_groupid = ?, sys_perm_group = 'riud' WHERE database_user_id = ?", $client_group_id, $this->id); + } + if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($this->dataRecord["client_group_id"])) { + $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]); + $app->db->query("UPDATE web_database_user SET sys_groupid = ?, sys_perm_group = 'riud' WHERE database_user_id = ?", $client_group_id, $this->id); + } + } + + function onAfterUpdate() { + global $app, $conf; + + if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) { + $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]); + $app->db->query("UPDATE web_database_user SET sys_groupid = ?, sys_perm_group = 'riud' WHERE database_user_id = ?", $client_group_id, $this->id); + } + if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($this->dataRecord["client_group_id"])) { + $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]); + $app->db->query("UPDATE web_database_user SET sys_groupid = ?, sys_perm_group = 'riud' WHERE database_user_id = ?", $client_group_id, $this->id); + } + } + +} + +$page = new page_action; +$page->onLoad(); + +?> diff --git a/form/database.tform.php b/form/database.tform.php new file mode 100755 index 0000000..aef56f5 --- /dev/null +++ b/form/database.tform.php @@ -0,0 +1,194 @@ + 0 id must match with id of current user +$form["auth_preset"]["groupid"] = 0; // 0 = default groupid of the user, > 0 id must match with groupid of current user +$form["auth_preset"]["perm_user"] = 'riud'; //r = read, i = insert, u = update, d = delete +$form["auth_preset"]["perm_group"] = 'riud'; //r = read, i = insert, u = update, d = delete +$form["auth_preset"]["perm_other"] = ''; //r = read, i = insert, u = update, d = delete + +$form["tabs"]['database'] = array ( + 'title' => "Database", + 'width' => 100, + 'template' => "templates/database_edit.htm", + 'fields' => array ( + //################################# + // Begin Datatable fields + //################################# + 'server_id' => array ( + 'datatype' => 'INTEGER', + 'formtype' => 'SELECT', + 'default' => '', + 'datasource' => array ( 'type' => 'SQL', + 'querystring' => 'SELECT server_id,server_name FROM server WHERE mirror_server_id = 0 AND {AUTHSQL} AND db_server = 1 ORDER BY server_name', + 'keyfield'=> 'server_id', + 'valuefield'=> 'server_name' + ), + 'value' => '' + ), + 'parent_domain_id' => array ( + 'datatype' => 'INTEGER', + 'formtype' => 'SELECT', + 'default' => '', + 'datasource' => array ( 'type' => 'SQL', + 'querystring' => "SELECT web_domain.domain_id, CONCAT(web_domain.domain, ' :: ', server.server_name) AS parent_domain FROM web_domain, server WHERE web_domain.type = 'vhost' AND web_domain.server_id = server.server_id AND {AUTHSQL::web_domain} ORDER BY web_domain.domain", + 'keyfield'=> 'domain_id', + 'valuefield'=> 'parent_domain' + ), + 'value' => array('0' => 'select_site_txt') + ), + 'type' => array ( + 'datatype' => 'VARCHAR', + 'formtype' => 'SELECT', + 'default' => 'mysql', + 'value' => array( + /*'mongo' => 'MongoDB',*/ + 'mysql' => 'MySQL' + ) + ), + 'database_name' => array ( + 'datatype' => 'VARCHAR', + 'formtype' => 'TEXT', + 'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY', + 'errmsg'=> 'database_name_error_empty'), + 1 => array ( 'type' => 'REGEX', + 'regex' => '/^[a-zA-Z0-9_]{2,64}$/', + 'errmsg'=> 'database_name_error_regex'), + ), + 'default' => '', + 'value' => '', + 'width' => '30', + 'maxlength' => '255', + 'searchable' => 1 + ), + 'database_name_prefix' => array ( + 'datatype' => 'VARCHAR', + 'formtype' => 'TEXT', + 'default' => '', + 'value' => '', + 'width' => '30', + 'maxlength' => '25' + ), + 'database_quota' => array ( + 'datatype' => 'INTEGER', + 'formtype' => 'TEXT', + 'validators' => array ( 0 => array ( 'type' => 'ISINT', + 'errmsg'=> 'limit_database_quota_error_notint'), + ), + 'default' => '-1', + 'value' => '', + 'separator' => '', + 'width' => '10', + 'maxlength' => '10', + 'rows' => '', + 'cols' => '' + ), + 'database_user_id' => array ( + 'datatype' => 'INTEGER', + 'formtype' => 'SELECT', + 'default' => '', + 'datasource' => array ( 'type' => 'SQL', + 'querystring' => "SELECT database_user_id,database_user FROM web_database_user WHERE {AUTHSQL} ORDER BY database_user", + 'keyfield'=> 'database_user_id', + 'valuefield'=> 'database_user' + ), + 'value' => array('0' => 'select_dbuser_txt') + ), + 'database_ro_user_id' => array ( + 'datatype' => 'INTEGER', + 'formtype' => 'SELECT', + 'default' => '', + 'datasource' => array ( 'type' => 'SQL', + 'querystring' => "SELECT database_user_id,database_user FROM web_database_user WHERE {AUTHSQL} ORDER BY database_user", + 'keyfield'=> 'database_user_id', + 'valuefield'=> 'database_user' + ), + 'value' => array('0' => 'no_dbuser_txt') + ), + 'database_charset' => array ( + 'datatype' => 'VARCHAR', + 'formtype' => 'SELECT', + 'default' => '', + 'value' => array('' => 'DB-Default', 'latin1' => 'Latin 1', 'utf8' => 'UTF-8') + ), + 'remote_access' => array ( + 'datatype' => 'VARCHAR', + 'formtype' => 'CHECKBOX', + 'default' => 'n', + 'value' => array(0 => 'n', 1 => 'y') + ), + 'active' => array ( + 'datatype' => 'VARCHAR', + 'formtype' => 'CHECKBOX', + 'default' => 'y', + 'value' => array(0 => 'n', 1 => 'y') + ), + 'remote_ips' => array ( + 'datatype' => 'TEXT', + 'formtype' => 'TEXT', + 'validators' => array ( 0 => array ( 'type' => 'CUSTOM', + 'class' => 'validate_database', + 'function' => 'valid_ip_list', + 'errmsg' => 'database_remote_error_ips'), + ), + 'default' => '', + 'value' => '', + 'width' => '60', + 'searchable' => 2 + ), + //################################# + // ENDE Datatable fields + //################################# + ) +); + + +?> diff --git a/form/database_user.tform.php b/form/database_user.tform.php new file mode 100755 index 0000000..48a340e --- /dev/null +++ b/form/database_user.tform.php @@ -0,0 +1,134 @@ + 0 id must match with id of current user +$form["auth_preset"]["groupid"] = 0; // 0 = default groupid of the user, > 0 id must match with groupid of current user +$form["auth_preset"]["perm_user"] = 'riud'; //r = read, i = insert, u = update, d = delete +$form["auth_preset"]["perm_group"] = 'riud'; //r = read, i = insert, u = update, d = delete +$form["auth_preset"]["perm_other"] = ''; //r = read, i = insert, u = update, d = delete + +$form["tabs"]['database_user'] = array ( + 'title' => "Database User", + 'width' => 100, + 'template' => "templates/new_service_webdns.htm", + 'fields' => array ( + //################################# + // Begin Datatable fields + //################################# + 'server_id' => array ( + 'datatype' => 'INTEGER', + 'formtype' => 'SELECT', + 'default' => '', + 'datasource' => array ( 'type' => 'SQL', + 'querystring' => 'SELECT server_id,server_name FROM server WHERE mirror_server_id = 0 AND {AUTHSQL} AND db_server = 1 ORDER BY server_name', + 'keyfield'=> 'server_id', + 'valuefield'=> 'server_name' + ), + 'value' => '' + ), + 'database_user' => array ( + 'datatype' => 'VARCHAR', + 'formtype' => 'TEXT', + 'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY', + 'errmsg'=> 'database_user_error_empty'), + 1 => array ( 'type' => 'UNIQUE', + 'errmsg'=> 'database_user_error_unique'), + 2 => array ( 'type' => 'REGEX', + 'regex' => '/^[a-zA-Z0-9_]{2,64}$/', + 'errmsg'=> 'database_user_error_regex'), + ), + 'default' => '', + 'value' => '', + 'width' => '30', + 'maxlength' => '255', + 'searchable' => 1 + ), + 'database_user_prefix' => array ( + 'datatype' => 'VARCHAR', + 'formtype' => 'TEXT', + 'default' => '', + 'value' => '', + 'width' => '30', + 'maxlength' => '25' + ), + 'database_password' => array ( + 'datatype' => 'VARCHAR', + 'formtype' => 'PASSWORD', + 'validators' => array( + 0 => array( + 'type' => 'CUSTOM', + 'class' => 'validate_password', + 'function' => 'password_check', + 'errmsg' => 'weak_password_txt' + ) + ), + 'encryption' => 'MYSQL', + 'default' => '', + 'value' => '', + 'width' => '30', + 'maxlength' => '255' + ), + 'database_password_mongo' => array ( + 'datatype' => 'VARCHAR', + 'formtype' => 'PASSWORD', + 'default' => '', + 'value' => '', + 'width' => '30', + 'maxlength' => '255' + ), + //################################# + // ENDE Datatable fields + //################################# + ) +); + + +?> diff --git a/form/ftp_user.tform.php b/form/ftp_user.tform.php new file mode 100755 index 0000000..239bfdb --- /dev/null +++ b/form/ftp_user.tform.php @@ -0,0 +1,303 @@ + 0 id must match with id of current user +$form["auth_preset"]["groupid"] = 0; // 0 = default groupid of the user, > 0 id must match with groupid of current user +$form["auth_preset"]["perm_user"] = 'riud'; //r = read, i = insert, u = update, d = delete +$form["auth_preset"]["perm_group"] = 'riud'; //r = read, i = insert, u = update, d = delete +$form["auth_preset"]["perm_other"] = ''; //r = read, i = insert, u = update, d = delete + +$form["tabs"]['ftp'] = array ( + 'title' => "FTP User", + 'width' => 100, + 'template' => "templates/ftp_user_edit.htm", + 'fields' => array ( + //################################# + // Begin Datatable fields + //################################# + 'server_id' => array ( + 'datatype' => 'INTEGER', + 'formtype' => 'SELECT', + 'default' => '', + 'datasource' => array ( 'type' => 'SQL', + 'querystring' => 'SELECT server_id,server_name FROM server WHERE mirror_server_id = 0 AND {AUTHSQL} ORDER BY server_name', + 'keyfield'=> 'server_id', + 'valuefield'=> 'server_name' + ), + 'value' => '' + ), + 'parent_domain_id' => array ( + 'datatype' => 'INTEGER', + 'formtype' => 'SELECT', + 'default' => '', + 'datasource' => array ( 'type' => 'SQL', + 'querystring' => "SELECT web_domain.domain_id, CONCAT(web_domain.domain, ' :: ', server.server_name) AS parent_domain FROM web_domain, server WHERE web_domain.type = 'vhost' AND web_domain.server_id = server.server_id AND {AUTHSQL::web_domain} ORDER BY web_domain.domain", + 'keyfield'=> 'domain_id', + 'valuefield'=> 'parent_domain' + ), + 'value' => '' + ), + 'username' => array ( + 'datatype' => 'VARCHAR', + 'formtype' => 'TEXT', + 'validators' => array ( 0 => array ( 'type' => 'UNIQUE', + 'errmsg'=> 'username_error_unique'), + 1 => array ( 'type' => 'REGEX', + 'regex' => '/^[\w\.\-@\+]{0,64}$/', + 'errmsg'=> 'username_error_regex'), + ), + 'default' => '', + 'value' => '', + 'width' => '30', + 'maxlength' => '255', + 'searchable' => 1 + ), + 'username_prefix' => array ( + 'datatype' => 'VARCHAR', + 'formtype' => 'TEXT', + 'default' => '', + 'value' => '', + 'width' => '30', + 'maxlength' => '25' + ), + 'password' => array ( + 'datatype' => 'VARCHAR', + 'validators' => array( + 0 => array( + 'type' => 'CUSTOM', + 'class' => 'validate_password', + 'function' => 'password_check', + 'errmsg' => 'weak_password_txt' + ) + ), + 'formtype' => 'PASSWORD', + 'encryption' => 'CRYPT', + 'default' => '', + 'value' => '', + 'width' => '30', + 'maxlength' => '255' + ), + 'quota_size' => array ( + 'datatype' => 'INTEGER', + 'formtype' => 'TEXT', + 'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY', + 'errmsg'=> 'quota_size_error_empty'), + 1 => array ( 'type' => 'REGEX', + 'regex' => '/^(\-1|[0-9]{1,10})$/', + 'errmsg'=> 'quota_size_error_regex'), + ), + 'default' => '-1', + 'value' => '', + 'width' => '7', + 'maxlength' => '7' + ), + 'active' => array ( + 'datatype' => 'VARCHAR', + 'formtype' => 'CHECKBOX', + 'default' => 'y', + 'value' => array(0 => 'n', 1 => 'y') + ), + //################################# + // ENDE Datatable fields + //################################# + ) +); + +if($app->auth->is_admin()) { + + $form["tabs"]['advanced'] = array ( + 'title' => "Options", + 'width' => 100, + 'template' => "templates/ftp_user_advanced.htm", + 'fields' => array ( + //################################# + // Begin Datatable fields + //################################# + 'uid' => array ( + 'datatype' => 'VARCHAR', + 'formtype' => 'TEXT', + 'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY', + 'errmsg'=> 'uid_error_empty'), + 1 => array( + 'type' => 'CUSTOM', + 'class' => 'validate_systemuser', + 'function' => 'check_sysuser', + 'check_names' => true, + 'errmsg' => 'invalid_system_user_or_group_txt' + ), + ), + 'default' => '0', + 'value' => '', + 'width' => '30', + 'maxlength' => '255' + ), + 'gid' => array ( + 'datatype' => 'VARCHAR', + 'formtype' => 'TEXT', + 'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY', + 'errmsg'=> 'gid_error_empty'), + 1 => array( + 'type' => 'CUSTOM', + 'class' => 'validate_systemuser', + 'function' => 'check_sysgroup', + 'check_names' => true, + 'errmsg' => 'invalid_system_user_or_group_txt' + ), + ), + 'default' => '0', + 'value' => '', + 'width' => '30', + 'maxlength' => '255' + ), + 'dir' => array ( + 'datatype' => 'VARCHAR', + 'formtype' => 'TEXT', + 'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY', + 'errmsg'=> 'directory_error_empty'), + 1 => array ( 'type' => 'REGEX', + 'regex' => '/^\/[a-zA-Z0-9\ \.\-\_\/]{10,128}$/', + 'errmsg'=> 'directory_error_regex'), + 2 => array ( 'type' => 'CUSTOM', + 'class' => 'validate_ftpuser', + 'function' => 'ftp_dir', + 'errmsg' => 'directory_error_notinweb'), + ), + 'default' => '', + 'value' => '', + 'width' => '30', + 'maxlength' => '255' + ), + 'quota_files' => array ( + 'datatype' => 'INTEGER', + 'formtype' => 'TEXT', + 'default' => '0', + 'value' => '', + 'width' => '7', + 'maxlength' => '7' + ), + 'ul_ratio' => array ( + 'datatype' => 'INTEGER', + 'formtype' => 'TEXT', + 'default' => '0', + 'value' => '', + 'width' => '7', + 'maxlength' => '7' + ), + 'dl_ratio' => array ( + 'datatype' => 'INTEGER', + 'formtype' => 'TEXT', + 'default' => '0', + 'value' => '', + 'width' => '7', + 'maxlength' => '7' + ), + 'ul_bandwidth' => array ( + 'datatype' => 'INTEGER', + 'formtype' => 'TEXT', + 'default' => '0', + 'value' => '', + 'width' => '7', + 'maxlength' => '7' + ), + 'dl_bandwidth' => array ( + 'datatype' => 'INTEGER', + 'formtype' => 'TEXT', + 'default' => '0', + 'value' => '', + 'width' => '7', + 'maxlength' => '7' + ), + //################################# + // ENDE Datatable fields + //################################# + ) + ); + +} else { + + $form["tabs"]['advanced'] = array ( + 'title' => "Options", + 'width' => 100, + 'template' => "templates/ftp_user_advanced_client.htm", + 'fields' => array ( + //################################# + // Begin Datatable fields + //################################# + 'dir' => array ( + 'datatype' => 'VARCHAR', + 'formtype' => 'TEXT', + 'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY', + 'errmsg'=> 'directory_error_empty'), + 1 => array ( 'type' => 'CUSTOM', + 'class' => 'validate_ftpuser', + 'function' => 'ftp_dir', + 'errmsg' => 'directory_error_notinweb'), + ), + 'default' => '', + 'value' => '', + 'width' => '30', + 'maxlength' => '255' + ), + //################################# + // ENDE Datatable fields + //################################# + ) + ); + +} + +$form['tabs']['advanced']['fields']['expires'] = array( + 'datatype' => 'DATETIME', + 'formtype' => 'DATETIME' +); + + +?> diff --git a/fpdf/font/arial-narrow.php b/fpdf/font/arial-narrow.php old mode 100644 new mode 100755 diff --git a/fpdf/font/arial-narrow.ttf b/fpdf/font/arial-narrow.ttf old mode 100644 new mode 100755 diff --git a/fpdf/font/arial-narrow.z b/fpdf/font/arial-narrow.z old mode 100644 new mode 100755 diff --git a/ftp_user_edit.php b/ftp_user_edit.php new file mode 100755 index 0000000..9de400c --- /dev/null +++ b/ftp_user_edit.php @@ -0,0 +1,221 @@ +auth->check_module_permissions('sites'); + +// Loading classes +$app->uses('tpl,tform,tform_actions'); +$app->load('tform_actions'); + +class page_action extends tform_actions { + + function onShowNew() { + global $app, $conf; + + // we will check only users, not admins + if($_SESSION["s"]["user"]["typ"] == 'user') { + if(!$app->tform->checkClientLimit('limit_ftp_user')) { + $app->error($app->tform->wordbook["limit_ftp_user_txt"]); + } + if(!$app->tform->checkResellerLimit('limit_ftp_user')) { + $app->error('Reseller: '.$app->tform->wordbook["limit_ftp_user_txt"]); + } + } + + parent::onShowNew(); + } + + function onShowEnd() { + global $app, $conf, $interfaceConf; + /* + * If the names are restricted -> remove the restriction, so that the + * data can be edited + */ + + $app->uses('getconf,tools_sites'); + $global_config = $app->getconf->get_global_config('sites'); + $ftpuser_prefix = $app->tools_sites->replacePrefix($global_config['ftpuser_prefix'], $this->dataRecord); + + if ($this->dataRecord['username'] != ""){ + /* REMOVE the restriction */ + $app->tpl->setVar("username", $app->tools_sites->removePrefix($this->dataRecord['username'], $this->dataRecord['username_prefix'], $ftpuser_prefix)); + } + + if($this->dataRecord['username'] == "") { + $app->tpl->setVar("username_prefix", $ftpuser_prefix); + } else { + $app->tpl->setVar("username_prefix", $app->tools_sites->getPrefix($this->dataRecord['username_prefix'], $ftpuser_prefix, $global_config['ftpuser_prefix'])); + } + + parent::onShowEnd(); + } + + function onSubmit() { + global $app, $conf; + + // Get the record of the parent domain + if(isset($this->dataRecord["parent_domain_id"])) { + $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ? AND ".$app->tform->getAuthSQL('r'), @$this->dataRecord["parent_domain_id"]); + if(!$parent_domain || $parent_domain['domain_id'] != @$this->dataRecord['parent_domain_id']) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm"); + } else { + $tmp = $app->tform->getDataRecord($this->id); + $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ? AND ".$app->tform->getAuthSQL('r'), $tmp["parent_domain_id"]); + if(!$parent_domain) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm"); + unset($tmp); + } + + // Set a few fixed values + $this->dataRecord["server_id"] = $parent_domain["server_id"]; + + //die(print_r($this->dataRecord)); + + if(isset($this->dataRecord['username']) && trim($this->dataRecord['username']) == '') $app->tform->errorMessage .= $app->tform->lng('username_error_empty').'
'; + if(isset($this->dataRecord['username']) && empty($this->dataRecord['parent_domain_id'])) $app->tform->errorMessage .= $app->tform->lng('parent_domain_id_error_empty').'
'; + if(isset($this->dataRecord['dir']) && stristr($this->dataRecord['dir'], '..')) $app->tform->errorMessage .= $app->tform->lng('dir_dot_error').'
'; + if(isset($this->dataRecord['dir']) && stristr($this->dataRecord['dir'], './')) $app->tform->errorMessage .= $app->tform->lng('dir_slashdot_error').'
'; + + parent::onSubmit(); + } + + function onBeforeInsert() { + global $app, $conf, $interfaceConf; + + $app->uses('getconf,tools_sites'); + $global_config = $app->getconf->get_global_config('sites'); + $ftpuser_prefix = $app->tools_sites->replacePrefix($global_config['ftpuser_prefix'], $this->dataRecord); + + $this->dataRecord['username_prefix'] = $ftpuser_prefix; + + if ($app->tform->errorMessage == '') { + $this->dataRecord['username'] = $ftpuser_prefix . $this->dataRecord['username']; + } + + parent::onBeforeInsert(); + } + + function onAfterInsert() { + global $app, $conf; + + $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $this->dataRecord["parent_domain_id"]); + $server_id = $app->functions->intval($web["server_id"]); + $dir = $web["document_root"]; + $uid = $web["system_user"]; + $gid = $web["system_group"]; + + // Check system user and group + if($app->functions->is_allowed_user($uid) == false || $app->functions->is_allowed_group($gid) == false) { + $app->error('Invalid system user or group'); + } + + // The FTP user shall be owned by the same group then the website + $sys_groupid = $app->functions->intval($web['sys_groupid']); + + $sql = "UPDATE ftp_user SET server_id = ?, dir = ?, uid = ?, gid = ?, sys_groupid = ? WHERE ftp_user_id = ?"; + $app->db->query($sql, $server_id, $dir, $uid, $gid, $sys_groupid, $this->id); + } + + function onBeforeUpdate() { + global $app, $conf, $interfaceConf; + + /* + * If the names should be restricted -> do it! + */ + + $app->uses('getconf,tools_sites'); + $global_config = $app->getconf->get_global_config('sites'); + $ftpuser_prefix = $app->tools_sites->replacePrefix($global_config['ftpuser_prefix'], $this->dataRecord); + + $old_record = $app->tform->getDataRecord($this->id); + $ftpuser_prefix = $app->tools_sites->getPrefix($old_record['username_prefix'], $ftpuser_prefix); + $this->dataRecord['username_prefix'] = $ftpuser_prefix; + + /* restrict the names */ + if ($app->tform->errorMessage == '') { + $this->dataRecord['username'] = $ftpuser_prefix . $this->dataRecord['username']; + } + } + + function onAfterUpdate() { + global $app, $conf; + + //* When the site of the FTP user has been changed + if(isset($this->dataRecord['parent_domain_id']) && $this->oldDataRecord['parent_domain_id'] != $this->dataRecord['parent_domain_id']) { + $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $this->dataRecord["parent_domain_id"]); + $server_id = $app->functions->intval($web["server_id"]); + $dir = $web["document_root"]; + $uid = $web["system_user"]; + $gid = $web["system_group"]; + + // The FTP user shall be owned by the same group then the website + $sys_groupid = $app->functions->intval($web['sys_groupid']); + + $sql = "UPDATE ftp_user SET server_id = ?, dir = ?, uid = ?, gid = ?, sys_groupid = ? WHERE ftp_user_id = ?"; + $app->db->query($sql, $server_id, $dir, $uid, $gid, $sys_groupid, $this->id); + } + + //* 2. check to ensure that the FTP user path is not changed to a path outside of the docroot by a normal user + if(isset($this->dataRecord['dir']) && $this->dataRecord['dir'] != $this->oldDataRecord['dir'] && !$app->auth->is_admin()) { + $vd = new validate_ftpuser; + $error_message = $vd->ftp_dir('dir', $this->dataRecord['dir'], ''); + //* This check should normally never be triggered + //* Set the path to a safe path (web doc root). + if($error_message != '') { + $ftp_data = $app->db->queryOneRecord("SELECT parent_domain_id FROM ftp_user WHERE ftp_user_id = ?", $app->tform->primary_id); + $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $ftp_data["parent_domain_id"]); + $dir = $web["document_root"]; + $sql = "UPDATE ftp_user SET dir = ? WHERE ftp_user_id = ?"; + $app->db->query($sql, $dir, $this->id); + $app->log("Error in FTP path settings of FTP user ".$this->dataRecord['username'], 1); + } + + } + + } + +} + +$page = new page_action; +$page->onLoad(); + +?> diff --git a/imagen/open6-logo.png b/imagen/open6-logo.png old mode 100644 new mode 100755 diff --git a/lib/admin.conf.php b/lib/admin.conf.php old mode 100644 new mode 100755 diff --git a/lib/lang/en_ftp_user.lng b/lib/lang/en_ftp_user.lng new file mode 100755 index 0000000..9d6a27f --- /dev/null +++ b/lib/lang/en_ftp_user.lng @@ -0,0 +1,36 @@ + 0'; +$wb['dir_dot_error'] = 'No .. in path allowed.'; +$wb['dir_slashdot_error'] = 'No ./ in path allowed.'; +$wb['generate_password_txt'] = 'Generate Password'; +$wb['repeat_password_txt'] = 'Repeat Password'; +$wb['password_mismatch_txt'] = 'The passwords do not match.'; +$wb['password_match_txt'] = 'The passwords do match.'; +$wb['expires_txt'] = 'Expire at'; +?> diff --git a/lib/lang/en_new_service_webdns.lng b/lib/lang/en_new_service_webdns.lng old mode 100644 new mode 100755 index 616e9c5..a51d626 --- a/lib/lang/en_new_service_webdns.lng +++ b/lib/lang/en_new_service_webdns.lng @@ -186,4 +186,27 @@ $wb['error_no_existe_dominio_padre'] = 'El dominio padre para este subdominio, n $wb['error_no_ip'] = 'No tiene ip, necesita añadirla en la configuración.'; $wb['error_subdominio_existe'] = 'Este subdominio existe.'; $wb['error_sitio_web_existe'] = 'El dominio que intenta crear ya tiene sitio web.'; +$wb["database_user_txt"] = 'Database user'; +$wb["database_password_txt"] = 'Database password'; +$wb["password_strength_txt"] = 'Password strength'; +$wb["client_txt"] = 'Client'; +$wb["active_txt"] = 'Active'; +$wb["database_user_error_empty"] = 'Database user is empty.'; +$wb["database_user_error_unique"] = 'There is already a database user with this name on the server. To get a unique name, e.g. prepend your domain name to the username.'; +$wb["database_user_error_regex"] = 'Invalid database user name. The username may contain these characters: a-z, A-Z, 0-9 and the underscore. Length: 2 - 64 characters.'; +$wb["database_user_error_len"] = 'Database username - {user} - too long. The max. database username length incl. prefix is 16 chars.'; +$wb["btn_save_txt"] = 'Save'; +$wb["btn_cancel_txt"] = 'Cancel'; +$wb['generate_password_txt'] = 'Generate Password'; +$wb['repeat_password_txt'] = 'Repeat Password'; +$wb['password_mismatch_txt'] = 'The passwords do not match.'; +$wb['password_match_txt'] = 'The passwords do match.'; +$wb['globalsearch_resultslimit_of_txt'] = "of"; +$wb['globalsearch_resultslimit_results_txt'] = "results"; +$wb['globalsearch_noresults_text_txt'] = "No results."; +$wb['globalsearch_noresults_limit_txt'] = "0 results"; +$wb['globalsearch_searchfield_watermark_txt'] = "Search"; +$wb['globalsearch_suggestions_text_txt'] = "Suggestions"; +$wb['limit_database_user_txt'] = "The max. number of database users is reached."; +$wb['database_password_error_empty'] = 'Database password is empty.'; ?> \ No newline at end of file diff --git a/lib/lang/en_template.lng b/lib/lang/en_template.lng old mode 100644 new mode 100755 diff --git a/lib/lang/es_database.lng b/lib/lang/es_database.lng new file mode 100755 index 0000000..95c021c --- /dev/null +++ b/lib/lang/es_database.lng @@ -0,0 +1,49 @@ +todas)'; +$wb['repeat_password_txt'] = 'Repetir contraseña'; +$wb['select_dbuser_txt'] = 'Seleccionar usuario de base de datos'; +$wb['select_site_txt'] = '- Seleccionar sitio -'; +$wb['server_id_txt'] = 'Servidor'; +$wb['type_txt'] = 'Tipo'; +?> diff --git a/lib/lang/es_ftp_user.lng b/lib/lang/es_ftp_user.lng new file mode 100755 index 0000000..29019d3 --- /dev/null +++ b/lib/lang/es_ftp_user.lng @@ -0,0 +1,35 @@ + 0'; +$wb['dir_dot_error'] = 'No se permite .. en la ruta.'; +$wb['dir_slashdot_error'] = 'No se permite ./ en la ruta.'; +$wb['generate_password_txt'] = 'Generar contraseña'; +$wb['repeat_password_txt'] = 'Repetir contraseña'; +$wb['password_mismatch_txt'] = 'Las contraseñas no coinciden.'; +$wb['password_match_txt'] = 'Las contraseñas coinciden.'; +$wb['expires_txt'] = 'Expire at'; +?> diff --git a/lib/lang/es_new_service_webdns.lng b/lib/lang/es_new_service_webdns.lng old mode 100644 new mode 100755 index c5319a2..6d52d98 --- a/lib/lang/es_new_service_webdns.lng +++ b/lib/lang/es_new_service_webdns.lng @@ -186,4 +186,27 @@ $wb['error_no_existe_dominio_padre'] = 'El dominio padre para este subdominio, n $wb['error_no_ip'] = 'No tiene ip, necesita añadirla en la configuración.'; $wb['error_subdominio_existe'] = 'Este subdominio existe.'; $wb['error_sitio_web_existe'] = 'El dominio que intenta crear ya tiene sitio web.'; +$wb['database_user_txt'] = 'Usuario de la base de datos'; +$wb['database_password_txt'] = 'Contraseña de la base de datos'; +$wb['password_strength_txt'] = 'Fortaleza de la contraseña'; +$wb['client_txt'] = 'Cliente'; +$wb['active_txt'] = 'Habilitado'; +$wb['database_user_error_empty'] = 'El usuario de la base de datos está vacío.'; +$wb['database_user_error_unique'] = 'Ya existe un usuario de base de datos con ese nombre en el servidor. Para obtener un nombre único, eje. agregue el nombre de dominio al inicio del nombre de usuario.'; +$wb['database_user_error_regex'] = 'Nombre de usuario de base de datos inválido. El nombre de usuario debe contener estos caracteres: a-z, A-Z, 0-9 y guión bajo. Largo: 2 - 64 caracteres.'; +$wb['database_user_error_len'] = 'El nombre de usuario de base de datos - {user} - es muy largo. El largo máx. del nombre de usuario incluyendo el prefijo es de 16 caracteres.'; +$wb['btn_save_txt'] = 'Guardar'; +$wb['btn_cancel_txt'] = 'Cancelar'; +$wb['generate_password_txt'] = 'Generar contraseña'; +$wb['repeat_password_txt'] = 'Repetir contraseña'; +$wb['password_mismatch_txt'] = 'Las contraseñas no coinciden.'; +$wb['password_match_txt'] = 'Las contraseñas coinciden.'; +$wb['globalsearch_resultslimit_of_txt'] = 'de'; +$wb['globalsearch_resultslimit_results_txt'] = 'resultados'; +$wb['globalsearch_noresults_text_txt'] = 'Sin resultados.'; +$wb['globalsearch_noresults_limit_txt'] = '0 resultados'; +$wb['globalsearch_searchfield_watermark_txt'] = 'Buscar'; +$wb['globalsearch_suggestions_text_txt'] = 'Sugerencias'; +$wb['limit_database_user_txt'] = 'The max. number of database users is reached.'; +$wb['database_password_error_empty'] = 'Database password is empty.'; ?> diff --git a/lib/lang/es_template.lng b/lib/lang/es_template.lng old mode 100644 new mode 100755 diff --git a/lib/module.conf.php b/lib/module.conf.php old mode 100644 new mode 100755 index 781fa59..5ddad5c --- a/lib/module.conf.php +++ b/lib/module.conf.php @@ -32,12 +32,18 @@ $items[] = array( 'title' => 'Nuevo servicio web', 'link' => 'webdns/new_service_webdns.php', 'html_id' => 'new_service_webdns' ); - /*$items[] = array( 'title' => 'La BD', 'target' => 'content', 'link' => 'webdns/database_edit.php', 'html_id' =>'db_service' - );*/ + ); + +$items[] = array( 'title' => 'El FTP', + 'target' => 'content', + 'link' => 'webdns/ftp_user_edit.php', + 'html_id' =>'ftp_user_service' + ); +*/ $items[] = array( 'title' => 'Versión', 'target' => 'content', 'link' => 'webdns/version_webdns.php', diff --git a/lib/remote.conf.php b/lib/remote.conf.php old mode 100644 new mode 100755 diff --git a/list/template.list.php b/list/template.list.php old mode 100644 new mode 100755 diff --git a/new_service_webdns.php b/new_service_webdns.php index feb6515..f2e5f13 100755 --- a/new_service_webdns.php +++ b/new_service_webdns.php @@ -35,37 +35,158 @@ $app->load('tform_actions'); class page_action extends tform_actions { - //Con esta funcion se parsean y preparan los campos del formulario, new_service_dns.tform.php - //justo después de la carga de este. - /*function onShowEnd() { - global $app, $conf;*/ - //FORMULARIO - //Con esta llamada a al clase $app cargo todos los campos definidos en el formulario, - //en este caso, los definidos en el array $form["tabs"]['webdns']; - //$fields = $app->tform->encode($this->dataRecord, $app->tform->getCurrentTab(), true); - - // select first template as default - /*if($fields['dns_template_id'] == 0) - { - $first_template = $app->db->queryOneRecord("SELECT template_id FROM dns_template WHERE visible = 'Y' ORDER BY name ASC"); - $fields['dns_template_id'] = $first_template['template_id']; - }*/ - //BASE DE DATOS - TEMPLATE - //Cargo todos los valores de la tabla dns_template que coincidan con id del template seleccionado. - ///$template_record = $app->db->queryOneRecord("SELECT * FROM dns_template WHERE template_id = ?", $fields['dns_template_id']); - //IMPORTANTE, aquí­ cargo el campo fields de la tabla dns_template - //que contiene una lista de los campos que se muestran en el template(vista) - /*$fields = explode(',', $template_record['fields']); - if(is_array($fields)) { - foreach($fields as $field) { - $app->tpl->setVar($field."_VISIBLE", 1); - $field = strtolower($field); - $app->tpl->setVar($field, $_POST['dns_'.$field]); + + + function onShowNew() { + global $app; + + // we will check only users, not admins + if($_SESSION['s']['user']['typ'] == 'user') { + if(!$app->tform->checkClientLimit('limit_database_user')) { + $app->error($app->tform->wordbook["limit_database_user_txt"]); } - }*/ + if(!$app->tform->checkResellerLimit('limit_database_user')) { + $app->error('Reseller: '.$app->tform->wordbook["limit_database_user_txt"]); + } + } + + parent::onShowNew(); + } + + function onShowEnd() { + global $app, $conf, $interfaceConf; + + /* + * If the names are restricted -> remove the restriction, so that the + * data can be edited + */ + + //* Get the database user prefix + $app->uses('getconf,tools_sites'); + $global_config = $app->getconf->get_global_config('sites'); + $dbuser_prefix = $app->tools_sites->replacePrefix($global_config['dbuser_prefix'], $this->dataRecord); + $ftpuser_prefix = $app->tools_sites->replacePrefix($global_config['ftpuser_prefix'], $this->dataRecord); + + if ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSION['s']['user']['userid'])) { + // Get the limits of the client + $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]); + $client = $app->db->queryOneRecord("SELECT client.company_name, client.contact_name, client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id); + + // Fill the client select field + $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name"; + $records = $app->db->queryAllRecords($sql, $client['client_id']); + $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']); + $client_select = ''; + //$tmp_data_record = $app->tform->getDataRecord($this->id); + if(is_array($records)) { + foreach( $records as $rec) { + $selected = @(is_array($this->dataRecord) && ($rec["groupid"] == $this->dataRecord['client_group_id'] || $rec["groupid"] == $this->dataRecord['sys_groupid']))?'SELECTED':''; + $client_select .= "\r\n"; + } + } + $app->tpl->setVar("client_group_id", $client_select); + } elseif($_SESSION["s"]["user"]["typ"] == 'admin') { + // Fill the client select field + $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.client_id > 0 ORDER BY client.company_name, client.contact_name, sys_group.name"; + $clients = $app->db->queryAllRecords($sql); + $client_select = ""; + //$tmp_data_record = $app->tform->getDataRecord($this->id); + if(is_array($clients)) { + foreach( $clients as $client) { + //$selected = @($client["groupid"] == $tmp_data_record["sys_groupid"])?'SELECTED':''; + $selected = @(is_array($this->dataRecord) && ($client["groupid"] == $this->dataRecord['client_group_id'] || $client["groupid"] == $this->dataRecord['sys_groupid']))?'SELECTED':''; + $client_select .= "\r\n"; + } + } + $app->tpl->setVar("client_group_id", $client_select); + } + + + if ($this->dataRecord['database_user'] != ""){ + /* REMOVE the restriction */ + $app->tpl->setVar("database_user", $app->tools_sites->removePrefix($this->dataRecord['database_user'], $this->dataRecord['database_user_prefix'], $dbuser_prefix)); + } + + if($this->dataRecord['database_user'] == "") { + $app->tpl->setVar("database_user_prefix", $dbuser_prefix); + } else { + $app->tpl->setVar("database_user_prefix", $app->tools_sites->getPrefix($this->dataRecord['database_user_prefix'], $dbuser_prefix, $global_config['dbuser_prefix'])); + } + + if ($this->dataRecord['username'] != ""){ + /* REMOVE the restriction */ + $app->tpl->setVar("username", $app->tools_sites->removePrefix($this->dataRecord['username'], $this->dataRecord['username_prefix'], $ftpuser_prefix)); + } + + if($this->dataRecord['username'] == "") { + $app->tpl->setVar("username_prefix", $ftpuser_prefix); + } else { + $app->tpl->setVar("username_prefix", $app->tools_sites->getPrefix($this->dataRecord['username_prefix'], $ftpuser_prefix, $global_config['ftpuser_prefix'])); + } + + parent::onShowEnd(); + } + + + public $valor_prefix; + public $valor_prefix_ftp; + + function tratarVariablesHTML(){ + //function onBeforeInsert() { + global $app, $conf, $interfaceConf; + + //* Database username shall not be empty + //if($this->dataRecord['database_user'] == '') $app->tform->errorMessage .= $app->tform->wordbook["database_user_error_empty"].'
'; + + //* Database password shall not be empty + //if($this->dataRecord['database_password'] == '') $app->tform->errorMessage .= $app->tform->wordbook["database_password_error_empty"].'
'; + + //* Get the database name and database user prefix + $app->uses('getconf,tools_sites'); + $global_config = $app->getconf->get_global_config('sites'); + $dbuser_prefix = $app->tools_sites->replacePrefix($global_config['dbuser_prefix'], $this->dataRecord); + $ftpuser_prefix = $app->tools_sites->replacePrefix($global_config['ftpuser_prefix'], $this->dataRecord); + + $this->dataRecord['username_prefix'] = $ftpuser_prefix; + $this->dataRecord['database_user_prefix'] = $dbuser_prefix; + $valor2 = $this->dataRecord['database_user_prefix'] = $dbuser_prefix; + + $this->valor_prefix = $this->dataRecord['database_user_prefix'] = $dbuser_prefix; + $this->valor_prefix_ftp = $this->dataRecord['username_prefix'] = $ftpuser_prefix; + //$this->dataRecord['database_user'] = substr($dbuser_prefix . $this->dataRecord['database_user'], 0, 16); + + //$valor1 = $this->dataRecord['database_user']; + + if(strlen($dbuser_prefix . $this->dataRecord['database_user']) > 16) + $app->tform->errorMessage .= str_replace('{user}', htmlentities($dbuser_prefix . $this->dataRecord['database_user'], ENT_QUOTES, 'UTF-8'), + $app->tform->wordbook["database_user_error_len"]).'
'; + + + //echo('Tratando ' . '
' . 'Mas ' . $valor2 . '
' . + // $this->valor_prefix_ftp . '
'); + + + //* Check database user against blacklist + $dbuser_blacklist = array($conf['db_user'], 'mysql', 'root'); + if(is_array($dbuser_blacklist) && in_array($dbuser_prefix . $this->dataRecord['database_user'], $dbuser_blacklist)) { + $app->tform->errorMessage .= $app->lng('Database user not allowed.').'
'; + } + + /* restrict the names */ + /* crop user names if they are too long -> mysql: user: 16 chars / db: 64 chars */ + if ($app->tform->errorMessage == ''){ + $this->dataRecord['database_user'] = substr($dbuser_prefix . $this->dataRecord['database_user'], 0, 16); + } + //echo('Ultima variable ' . '
'); + $this->dataRecord['server_id'] = 0; // we need this on all servers + + /* prepare password for MongoDB */ +// $this->dataRecord['database_password_mongo'] = $this->dataRecord['database_user'].":mongo:".$this->dataRecord['database_password']; + + //parent::onBeforeInsert(); + } + - /*parent::onShowEnd(); - }*/ public $dominio; @@ -80,8 +201,75 @@ class page_action extends tform_actions { public $pass_db_txt; public $usuario_ftp_txt; public $pass_ftp_txt; + public $nombre_user_ftp; + function generaNombreFTP(){ + global $app, $conf, $interfaceConf; + + //* Database username shall not be empty + //if($this->dataRecord['database_user'] == '') $app->tform->errorMessage .= $app->tform->wordbook["database_user_error_empty"].'
'; + + //* Database password shall not be empty + //if($this->dataRecord['database_password'] == '') $app->tform->errorMessage .= $app->tform->wordbook["database_password_error_empty"].'
'; + + //* Get the database name and database user prefix + $app->uses('getconf,tools_sites'); + $global_config = $app->getconf->get_global_config('sites'); + $dbuser_prefix = $app->tools_sites->replacePrefix($global_config['dbuser_prefix'], $this->dataRecord); + + $dbuser_prefix_valor = $app->tpl->setVar("database_name", $app->tools_sites->removePrefix($this->dataRecord['database_name'], $this->dataRecord['database_name_prefix'], $dbname_prefix)); + //echo ('El prefix de los cohone ' . $dbuser_prefix); + $this->dataRecord['database_user_prefix'] = $dbuser_prefix_valor; + + + //echo ('PreFIX ' . '{user}' . str_replace('{user}', htmlentities($dbuser_prefix . $this->dataRecord['database_user'], ENT_QUOTES, 'UTF-8'))); + if(strlen($dbuser_prefix . $this->dataRecord['database_user']) > 16) + $app->tform->errorMessage .= str_replace('{user}', htmlentities($dbuser_prefix . $this->dataRecord['database_user'], ENT_QUOTES, 'UTF-8'), + $app->tform->wordbook["database_user_error_len"]).'
'; + + //* Check database user against blacklist + $dbuser_blacklist = array($conf['db_user'], 'mysql', 'root'); + if(is_array($dbuser_blacklist) && in_array($dbuser_prefix . $this->dataRecord['database_user'], $dbuser_blacklist)) { + $app->tform->errorMessage .= $app->lng('Database user not allowed.').'
'; + } + + /* restrict the names */ + /* crop user names if they are too long -> mysql: user: 16 chars / db: 64 chars */ + if ($app->tform->errorMessage == ''){ + $this->dataRecord['database_user'] = substr($dbuser_prefix . $this->dataRecord['database_user'], 0, 16); + } + + $this->dataRecord['server_id'] = 0; // we need this on all servers + $this->tratarVariablesHTML(); + + //echo ('PreFIX Valor ' . $dbuser_prefix_valor); + //Cadena de caractares para construir las nombre. + $cadena = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ23456789"; + //$cadSpeciales = "!@#_"; + + //Obtengo la longitud de las cadenas + $longitudCadena=strlen($cadena); + //$longSpeciales = strlen($cadSpeciales); + + //Variable para la nombre + $nombre = ""; + //Longitud para la nombre + $longitudNombre=8; + + //Creo la nombre + for($i=1 ; $i<=$longitudNombre ; $i++){ + //Número aleatorio entre 0 y la longitud de la cadena de caracteres-1 + $pos=rand(0,$longitudCadena-1); + //Formo la nombre en cada iteraccion del bucle, añadiendo a la cadena $nombre + //la letra correspondiente a la posicion $pos en la cadena de caracteres definida. + $nombre .= substr($cadena,$pos,1); + + + } + return $nombre;//$this->valor_prefix_ftp; + } + function generaPass(){ //Cadena de caractares para construir las password. $cadena = "abcdefghijklmnopqrstuvwxyz!@#_ABCDEFGHIJKLMNOPQRSTUVWXYZ23456789"; @@ -112,6 +300,71 @@ class page_action extends tform_actions { return $pass; } + function generaNombreBD(){ + global $app, $conf, $interfaceConf; + + //* Database username shall not be empty + //if($this->dataRecord['database_user'] == '') $app->tform->errorMessage .= $app->tform->wordbook["database_user_error_empty"].'
'; + + //* Database password shall not be empty + //if($this->dataRecord['database_password'] == '') $app->tform->errorMessage .= $app->tform->wordbook["database_password_error_empty"].'
'; + + //* Get the database name and database user prefix + $app->uses('getconf,tools_sites'); + $global_config = $app->getconf->get_global_config('sites'); + $dbuser_prefix = $app->tools_sites->replacePrefix($global_config['dbuser_prefix'], $this->dataRecord); + + $dbuser_prefix_valor = $app->tpl->setVar("database_name", $app->tools_sites->removePrefix($this->dataRecord['database_name'], $this->dataRecord['database_name_prefix'], $dbname_prefix)); + //echo ('El prefix de los cohone ' . $dbuser_prefix); + $this->dataRecord['database_user_prefix'] = $dbuser_prefix_valor; + + + //echo ('PreFIX ' . '{user}' . str_replace('{user}', htmlentities($dbuser_prefix . $this->dataRecord['database_user'], ENT_QUOTES, 'UTF-8'))); + if(strlen($dbuser_prefix . $this->dataRecord['database_user']) > 16) + $app->tform->errorMessage .= str_replace('{user}', htmlentities($dbuser_prefix . $this->dataRecord['database_user'], ENT_QUOTES, 'UTF-8'), + $app->tform->wordbook["database_user_error_len"]).'
'; + + //* Check database user against blacklist + $dbuser_blacklist = array($conf['db_user'], 'mysql', 'root'); + if(is_array($dbuser_blacklist) && in_array($dbuser_prefix . $this->dataRecord['database_user'], $dbuser_blacklist)) { + $app->tform->errorMessage .= $app->lng('Database user not allowed.').'
'; + } + + /* restrict the names */ + /* crop user names if they are too long -> mysql: user: 16 chars / db: 64 chars */ + if ($app->tform->errorMessage == ''){ + $this->dataRecord['database_user'] = substr($dbuser_prefix . $this->dataRecord['database_user'], 0, 16); + } + + $this->dataRecord['server_id'] = 0; // we need this on all servers + $this->tratarVariablesHTML(); + + //echo ('PreFIX Valor ' . $dbuser_prefix_valor); + //Cadena de caractares para construir las nombre. + $cadena = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ23456789"; + //$cadSpeciales = "!@#_"; + + //Obtengo la longitud de las cadenas + $longitudCadena=strlen($cadena); + //$longSpeciales = strlen($cadSpeciales); + + //Variable para la nombre + $nombre = ""; + //Longitud para la nombre + $longitudNombre=8; + + //Creo la nombre + for($i=1 ; $i<=$longitudNombre ; $i++){ + //Número aleatorio entre 0 y la longitud de la cadena de caracteres-1 + $pos=rand(0,$longitudCadena-1); + //Formo la nombre en cada iteraccion del bucle, añadiendo a la cadena $nombre + //la letra correspondiente a la posicion $pos en la cadena de caracteres definida. + $nombre .= substr($cadena,$pos,1); + + } + return $this->valor_prefix . $nombre; + } + /*function comprobarPass($claveGenerada){ //compruebo que el tamaño del string sea válido. if (strlen($claveGenerada)<3 || strlen($claveGenerada)>20){ @@ -145,8 +398,7 @@ class page_action extends tform_actions { global $app, $conf; $fields = $app->tform->encode($this->dataRecord, $app->tform->getCurrentTab(), true); - // generate username lo uso para generar el nombre del usuario y nombre BBDD y usuario FTP - + $app->uses('ini_parser,getconf'); $server_config_array = $app->getconf->get_global_config(); @@ -158,28 +410,28 @@ class page_action extends tform_actions { //print "Cantidad de digitos: " . $min_password_length; //print 'La clave ' . $this->generaPass(); - $generated_username = $fields['client_id'].substr(sha1(rand()), 0, 10);//client_prefix.substr(sha1(rand()), 0, 8); - //print "
"; print_r($generated_username); print "
\n"; + $generated_usernameBBDD = $this->generaNombreBD();//$fields['client_id'].substr(sha1(rand()), 0, 10);//client_prefix.substr(sha1(rand()), 0, 8); + //print "
"; print_r($generated_usernameBBDD); print "
\n"; $sitio_id = $app->db->queryOneRecord('SELECT domain_id, domain FROM web_domain WHERE domain = "'.$fields['domain'].'"'); //print "
"; print_r($camDnsRR); print "
\n"; $camDnsRR = $app->db->queryOneRecord('SELECT server_id, zone FROM dns_rr WHERE name LIKE "'.$this->dominio.'%"'); - + //print "
"; print_r($fields['client_id']); print "
\n"; + $clavePass = $this->generaPass(); //*Recupero todos los prefix necesarios $app->uses('getconf,tools_sites'); $global_config = $app->getconf->get_global_config('sites'); - $dbuser_prefix = $app->tools_sites->replacePrefix($global_config['dbuser_prefix'], $this->dataRecord); - $dbname_prefix = $app->tools_sites->replacePrefix($global_config['dbname_prefix'], $this->dataRecord); + //$dbuser_prefix = $app->tools_sites->replacePrefix($global_config['dbuser_prefix'], $this->dataRecord); + //$dbname_prefix = $app->tools_sites->replacePrefix($global_config['dbname_prefix'], $this->dataRecord); $ftpuser_prefix = $app->tools_sites->replacePrefix($global_config['ftpuser_prefix'], $this->dataRecord); - /*if(isset($dbuser_prefix)){ - print 'BBDD prefix-->' . $dbuser_prefix . "<-->" . $generated_username; - }*/ + // añado database user con su prefix $db_user_params = array( 'server_id' => $camDnsRR['server_id'], - 'database_user' => $dbuser_prefix . $generated_username, - 'database_password' => $clavePass//substr(sha1($dbuser_prefix . $generated_username), 0, 16) + 'database_user' => $generated_usernameBBDD, //$dbuser_prefix3 . $generated_usernameBBDD, + 'database_user_prefix' => $this->valor_prefix, + 'database_password' => $clavePass//substr(sha1($dbuser_prefix . $generated_usernameBBDD), 0, 16) //substr(sha1(rand()), 0, 20) ); @@ -199,7 +451,8 @@ class page_action extends tform_actions { 'parent_domain_id' => $sitio_id['domain_id'], 'type' => 'mysql', 'database_quota' => '-1', - 'database_name' => $dbname_prefix . $generated_username,//$db_user_params['database_user'], + 'database_name' => $generated_usernameBBDD, //$dbuser_prefix3 . $generated_usernameBBDD,//$db_user_params['database_user'], + 'database_name_prefix' => $this->valor_prefix, 'database_user_id' => $db_user_id, 'database_charset' => 'utf8', 'remote_access' => 'n', @@ -219,11 +472,13 @@ class page_action extends tform_actions { $app->remoting_lib->loadFormDef('../sites/form/web_vhost_domain.tform.php'); $site_data = $app->remoting_lib->getDataRecord($sitio_id); + $this->nombre_user_ftp = $this->generaNombreFTP(); // add ftp user $ftp_params = array( 'server_id' => $camDnsRR['server_id'], 'parent_domain_id' => $sitio_id['domain_id'], - 'username' => $ftpuser_prefix . $generated_username, + 'username' => $this->valor_prefix_ftp . $this->nombre_user_ftp, //$ftpuser_prefix . $generated_username, + 'username_prefix' => $this->valor_prefix_ftp, 'password' => $clavePass,//substr(sha1(rand()), 0, 10), 'quota_size' => '-1', 'dir' => $site_data['0']['document_root'], @@ -394,8 +649,8 @@ class page_action extends tform_actions { //Comprobamos que el resultado para el cliente seleccionado no esta vacío, //si lo esta tomamos los datos del cliente id 0 if(!$dns_ip_servidor_ipv6){ - $dns_ip_servidor = $app->db->queryOneRecord("SELECT ip_type, ip_address FROM server_ip WHERE client_id = 0 AND ip_type='IPv4'"); - $dns_ip_servidor_ipv6 = $app->db->queryOneRecord("SELECT ip_type, ip_address FROM server_ip WHERE client_id = 0 AND ip_type='IPv6'"); + $dns_ip_servidor = $app->db->queryOneRecord("SELECT ip_type, ip_address FROM server_ip WHERE client_id = 1 AND ip_type='IPv4'"); + $dns_ip_servidor_ipv6 = $app->db->queryOneRecord("SELECT ip_type, ip_address FROM server_ip WHERE client_id = 1 AND ip_type='IPv6'"); /*echo '

Valor de la consulta '.$dns_ip_servidor_ipv6[ip_address].' '; echo '

Valor de la consulta '.$dns_ip_servidor[ip_address].' ';*/ } @@ -406,7 +661,7 @@ class page_action extends tform_actions { $res = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$app->functions->intval($fields['client_id'])); $client_group_id = $res['groupid']; - + //echo ('El server es: ' . $dns_servidor['default_webserver']); // add site $paramsite = array( 'type' => 'vhost', @@ -711,10 +966,10 @@ class page_action extends tform_actions { 'client_group_id' => $client_group_id, ); - /*print 'Valores: ' . $dns_ip_servidor_ipv6 . " " . $formulario . " Parametros: " ; - print "
"; print_r($paramsite); print "
\n"; + //print 'Valores: ' . $dns_ip_servidor_ipv6 . " " . $formulario . " Parametros: " ; + //print "
"; print_r($paramsite); print "
\n"; - print '
 cliente id ' . $fields['client_id'];
+		/*print '
 cliente id ' . $fields['client_id'];
 		print "
";print_r($fields);print "
\n";*/
 		//print "
Formulario ";print_r($formulario);print "
\n";
 		
diff --git a/templates/database_edit.htm b/templates/database_edit.htm
new file mode 100755
index 0000000..290ae30
--- /dev/null
+++ b/templates/database_edit.htm
@@ -0,0 +1,157 @@
+

+	

+

+

+
+
+        
+            
+                

+                    
+                        
+                        

+                        
+                        
+                            
+                            

+                    
+                

+            
+                
+                    
+                
+                    

+                        
+                            
+                            

+                            
+                            
+                                
+                                

+                        
+                    

+                
+            
+            

+                
+                

+            

+            

+                
+                

+            

+			

+                
+                

+					

+						{tmpl_var name='database_name_prefix'}
+						
+						
+						
+						
+						
+					

+				

+            

+			

+                
+                
MB

+            

+            

+                
+                

+            

+            

+                
+                

+				{tmpl_var name='optional_txt'}
+				

+            

+            

+                
+                    
+                    

+                    
+                    
+                        
+                        

+                
+            

+            

+                
+                

+                    {tmpl_var name='remote_access'}
+                

+            

+            

+                
+                

+            

+                
+                

+                    {tmpl_var name='active'}
+                

+            

+        
+
+        
+
+        

+            
+            
+        

+
diff --git a/templates/ftp_user_edit.htm b/templates/ftp_user_edit.htm
new file mode 100755
index 0000000..72ec55f
--- /dev/null
+++ b/templates/ftp_user_edit.htm
@@ -0,0 +1,67 @@
+

+	

+

+

+
+
+        
+            

+                
+                

+            

+            

+                
+                

+					

+						{tmpl_var name='username_prefix'}
+						
+					

+				

+            

+			

+                
+                

+				

+					
+					
+						
+					
+				

+				

+            

+            

+                
+                

+                

+                 
+                

+            

+            

+                
+                

+            

+				

+					
+					
+				

+			

+			

+                
+                
MB

+            

+            

+                
+                

+                    {tmpl_var name='active'}
+                

+            

+        
+
+        
+
+        

+            
+            
+        

\ No newline at end of file
diff --git a/templates/new_service_webdns.htm b/templates/new_service_webdns.htm
old mode 100644
new mode 100755
index 4be4380..06bef20
--- a/templates/new_service_webdns.htm
+++ b/templates/new_service_webdns.htm
@@ -14,146 +14,83 @@
         
     
 
-
-
-
+            
+                

+                    
+                    

+                

+            
+            
+                

+                    
+                    

+                

+            
+
+            
+
+			
+		
-
-
+	
 
 
-

-    
-    

-        {tmpl_var name='dns'}
-    

-

 
-
-
-
 
 
 
@@ -163,168 +100,6 @@
 
 
 
-
-
 
 

     

diff --git a/webdns_db.sql b/webdns_db.sql
old mode 100644
new mode 100755