gitlabFork/ISPConfig3.git - Solinfo Gitblit

- don't set password via remoting if field is empty

Marius Cramer

2015-08-06 37b29231e47a0c4458dc1c15d98588f16f07e1e2

commit \| author \| age
6fa2f1	1	<?php
T	2
	3	/*
44d2a7	4	Copyright (c) 2007 - 2009, Till Brehm, projektfarm Gmbh
6fa2f1	5	All rights reserved.
T	6
	7	Redistribution and use in source and binary forms, with or without modification,
	8	are permitted provided that the following conditions are met:
	9
	10	* Redistributions of source code must retain the above copyright notice,
	11	this list of conditions and the following disclaimer.
	12	* Redistributions in binary form must reproduce the above copyright notice,
	13	this list of conditions and the following disclaimer in the documentation
	14	and/or other materials provided with the distribution.
	15	* Neither the name of ISPConfig nor the names of its contributors
	16	may be used to endorse or promote products derived from this software without
	17	specific prior written permission.
	18
	19	THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
	20	ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
	21	WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
	22	IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
	23	INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
	24	BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	25	DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
	26	OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
	27	NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
	28	EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	29	*/
	30
8cf78b	31	//* Enable gzip compression for the interface
T	32	ob_start('ob_gzhandler');
	33
	34	//* Set timezone
	35	if(isset($conf['timezone']) && $conf['timezone'] != '') date_default_timezone_set($conf['timezone']);
	36
	37	//* Set error reporting level when we are not on a developer system
	38	if(DEVSYSTEM == 0) {
	39	@ini_set('error_reporting', E_ALL & ~E_NOTICE & ~E_DEPRECATED);
	40	}
	41
6fa2f1	42	/*
T	43	Application Class
	44	*/
	45	class app {
	46
	47	private $_language_inc = 0;
	48	private $_wb;
	49	private $_loaded_classes = array();
	50	private $_conf;
cb1221	51	private $_security_config;
357679	52
MC	53	public $loaded_plugins = array();
6fa2f1	54
ae3a8a	55	public function __construct() {
6fa2f1	56	global $conf;
ae3a8a	57
6fa2f1	58	if (isset($_REQUEST['GLOBALS']) \|\| isset($_FILES['GLOBALS']) \|\| isset($_REQUEST['s']) \|\| isset($_REQUEST['s_old']) \|\| isset($_REQUEST['conf'])) {
T	59	die('Internal Error: var override attempt detected');
	60	}
357679	61
6fa2f1	62	$this->_conf = $conf;
T	63	if($this->_conf['start_db'] == true) {
	64	$this->load('db_'.$this->_conf['db_type']);
	65	$this->db = new db;
	66	}
ae3a8a	67
6fa2f1	68	//* Start the session
T	69	if($this->_conf['start_session'] == true) {
7fe908	70
a2d572	71	$this->uses('session');
e20f18	72	$sess_timeout = $this->conf('interface', 'session_timeout');
97f28b	73	$cookie_domain = (isset($_SERVER['SERVER_NAME']) ? $_SERVER['SERVER_NAME'] : $_SERVER['HTTP_HOST']);
TB	74	$cookie_secure = ($_SERVER["HTTPS"] == 'on')?true:false;
e20f18	75	if($sess_timeout) {
de0256	76	/* check if user wants to stay logged in */
MC	77	if(isset($_POST['s_mod']) && isset($_POST['s_pg']) && $_POST['s_mod'] == 'login' && $_POST['s_pg'] == 'index' && isset($_POST['stay']) && $_POST['stay'] == '1') {
	78	/* check if staying logged in is allowed */
9540ba	79	$this->uses('ini_parser');
TB	80	$tmp = $this->db->queryOneRecord('SELECT config FROM sys_ini WHERE sysini_id = 1');
	81	$tmp = $this->ini_parser->parse_ini_string(stripslashes($tmp['config']));
de0256	82	if(!isset($tmp['misc']['session_allow_endless']) \|\| $tmp['misc']['session_allow_endless'] != 'y') {
e20f18	83	$this->session->set_timeout($sess_timeout);
97f28b	84	session_set_cookie_params(3600 * 24 * 365,'/',$cookie_domain,$cookie_secure,true); // cookie timeout is never updated, so it must not be short
de0256	85	} else {
MC	86	// we are doing login here, so we need to set the session data
	87	$this->session->set_permanent(true);
97f28b	88	$this->session->set_timeout(365 * 24 * 3600,'/',$cookie_domain,$cookie_secure,true); // one year
TB	89	session_set_cookie_params(3600 * 24 * 365,'/',$cookie_domain,$cookie_secure,true); // cookie timeout is never updated, so it must not be short
de0256	90	}
MC	91	} else {
e20f18	92	$this->session->set_timeout($sess_timeout);
97f28b	93	session_set_cookie_params(3600 * 24 * 365,'/',$cookie_domain,$cookie_secure,true); // cookie timeout is never updated, so it must not be short
de0256	94	}
a2d572	95	} else {
97f28b	96	session_set_cookie_params(0,'/',$cookie_domain,$cookie_secure,true); // until browser is closed
c951bb	97	}
MC	98
7fe908	99	session_set_save_handler( array($this->session, 'open'),
MC	100	array($this->session, 'close'),
	101	array($this->session, 'read'),
	102	array($this->session, 'write'),
	103	array($this->session, 'destroy'),
	104	array($this->session, 'gc'));
	105
6fa2f1	106	session_start();
a2d572	107
6fa2f1	108	//* Initialize session variables
T	109	if(!isset($_SESSION['s']['id']) ) $_SESSION['s']['id'] = session_id();
	110	if(empty($_SESSION['s']['theme'])) $_SESSION['s']['theme'] = $conf['theme'];
	111	if(empty($_SESSION['s']['language'])) $_SESSION['s']['language'] = $conf['language'];
	112	}
ae3a8a	113
7fe908	114	$this->uses('functions'); // we need this before all others!
cb1221	115	$this->uses('auth,plugin,ini_parser,getconf');
TB	116
6fa2f1	117	}
7fe908	118
357679	119	public function __get($prop) {
MC	120	if(property_exists($this, $prop)) return $this->{$prop};
	121
	122	$this->uses($prop);
	123	if(property_exists($this, $prop)) return $this->{$prop};
	124	else return null;
	125	}
	126
b55e2b	127	public function __destruct() {
T	128	session_write_close();
	129	}
6fa2f1	130
ae3a8a	131	public function uses($classes) {
V	132	$cl = explode(',', $classes);
6fa2f1	133	if(is_array($cl)) {
ae3a8a	134	foreach($cl as $classname) {
6fa2f1	135	$classname = trim($classname);
ae3a8a	136	//* Class is not loaded so load it
357679	137	if(!array_key_exists($classname, $this->_loaded_classes) && is_file(ISPC_CLASS_PATH."/$classname.inc.php")) {
7fe908	138	include_once ISPC_CLASS_PATH."/$classname.inc.php";
6fa2f1	139	$this->$classname = new $classname();
T	140	$this->_loaded_classes[$classname] = true;
	141	}
	142	}
	143	}
	144	}
	145
ae3a8a	146	public function load($files) {
6fa2f1	147	$fl = explode(',', $files);
T	148	if(is_array($fl)) {
ae3a8a	149	foreach($fl as $file) {
6fa2f1	150	$file = trim($file);
7fe908	151	include_once ISPC_CLASS_PATH."/$file.inc.php";
6fa2f1	152	}
T	153	}
	154	}
e20f18	155
MC	156	public function conf($plugin, $key, $value = null) {
	157	if(is_null($value)) {
cc7a82	158	$tmpconf = $this->db->queryOneRecord("SELECT `value` FROM `sys_config` WHERE `group` = ? AND `name` = ?", $plugin, $key);
e20f18	159	if($tmpconf) return $tmpconf['value'];
MC	160	else return null;
	161	} else {
	162	if($value === false) {
cc7a82	163	$this->db->query("DELETE FROM `sys_config` WHERE `group` = ? AND `name` = ?", $plugin, $key);
e20f18	164	return null;
MC	165	} else {
cc7a82	166	$this->db->query("REPLACE INTO `sys_config` (`group`, `name`, `value`) VALUES (?, ?, ?)", $plugin, $key, $value);
e20f18	167	return $value;
MC	168	}
	169	}
	170	}
6fa2f1	171
T	172	/** Priority values are: 0 = DEBUG, 1 = WARNING, 2 = ERROR */
7fe908	173
MC	174
ae3a8a	175	public function log($msg, $priority = 0) {
da1da4	176	global $conf;
6fa2f1	177	if($priority >= $this->_conf['log_priority']) {
da1da4	178	// $server_id = $conf["server_id"];
T	179	$server_id = 0;
65ea2e	180	$priority = $this->functions->intval($priority);
da1da4	181	$tstamp = time();
cc7a82	182	$msg = '[INTERFACE]: '.$msg;
MC	183	$this->db->query("INSERT INTO sys_log (server_id,datalog_id,loglevel,tstamp,message) VALUES (?, 0, ?, ?, ?)", $server_id, $priority,$tstamp,$msg);
da1da4	184	/*
6fa2f1	185	if (is_writable($this->_conf['log_file'])) {
T	186	if (!$fp = fopen ($this->_conf['log_file'], 'a')) {
	187	$this->error('Unable to open logfile.');
	188	}
	189	if (!fwrite($fp, date('d.m.Y-H:i').' - '. $msg."\r\n")) {
	190	$this->error('Unable to write to logfile.');
	191	}
	192	fclose($fp);
	193	} else {
	194	$this->error('Unable to write to logfile.');
	195	}
da1da4	196	*/
ae3a8a	197	}
V	198	}
6fa2f1	199
ae3a8a	200	/** Priority values are: 0 = DEBUG, 1 = WARNING, 2 = ERROR */
V	201	public function error($msg, $next_link = '', $stop = true, $priority = 1) {
6fa2f1	202	//$this->uses("error");
T	203	//$this->error->message($msg, $priority);
ae3a8a	204	if($stop == true) {
903ede	205	/*
V	206	* We always have a error. So it is better not to use any more objects like
	207	* the template or so, because we don't know why the error occours (it could be, that
	208	* the error occours in one of these objects..)
	209	*/
	210	/*
	211	* Use the template inside the user-template - Path. If it is not found, fallback to the
	212	* default-template (the "normal" behaviour of all template - files)
	213	*/
	214	if (file_exists(dirname(__FILE__) . '/../web/themes/' . $_SESSION['s']['theme'] . '/templates/error.tpl.htm')) {
	215	$content = file_get_contents(dirname(__FILE__) . '/../web/themes/' . $_SESSION['s']['theme'] . '/templates/error.tpl.htm');
	216	} else {
	217	$content = file_get_contents(dirname(__FILE__) . '/../web/themes/default/templates/error.tpl.htm');
	218	}
6fa2f1	219	if($next_link != '') $msg .= '<a href="'.$next_link.'">Next</a>';
ae3a8a	220	$content = str_replace('###ERRORMSG###', $msg, $content);
V	221	die($content);
6fa2f1	222	} else {
T	223	echo $msg;
	224	if($next_link != '') echo "<a href='$next_link'>Next</a>";
	225	}
	226	}
	227
ae3a8a	228	/** Translates strings in current language */
V	229	public function lng($text) {
c161ea	230	global $conf;
6fa2f1	231	if($this->_language_inc != 1) {
e83dd1	232	$language = (isset($_SESSION['s']['language']))?$_SESSION['s']['language']:$conf['language'];
2eff06	233	//* loading global Wordbook
e83dd1	234	$this->load_language_file('lib/lang/'.$language.'.lng');
2eff06	235	//* Load module wordbook, if it exists
e83dd1	236	if(isset($_SESSION['s']['module']['name'])) {
T	237	$lng_file = 'web/'.$_SESSION['s']['module']['name'].'/lib/lang/'.$language.'.lng';
1ca823	238	if(!file_exists(ISPC_ROOT_PATH.'/'.$lng_file)) $lng_file = '/web/'.$_SESSION['s']['module']['name'].'/lib/lang/en.lng';
44d2a7	239	$this->load_language_file($lng_file);
6fa2f1	240	}
T	241	$this->_language_inc = 1;
ae3a8a	242	}
86e699	243	if(isset($this->_wb[$text]) && $this->wb[$text] !== '') {
6fa2f1	244	$text = $this->_wb[$text];
ef3719	245	} else {
T	246	if($this->_conf['debug_language']) {
	247	$text = '#'.$text.'#';
	248	}
6fa2f1	249	}
T	250	return $text;
	251	}
ae3a8a	252
44d2a7	253	//** Helper function to load the language files.
T	254	public function load_language_file($filename) {
	255	$filename = ISPC_ROOT_PATH.'/'.$filename;
7fe908	256	if(substr($filename, -4) != '.lng') $this->error('Language file has wrong extension.');
44d2a7	257	if(file_exists($filename)) {
7fe908	258	@include $filename;
44d2a7	259	if(is_array($wb)) {
T	260	if(is_array($this->_wb)) {
7fe908	261	$this->_wb = array_merge($this->_wb, $wb);
44d2a7	262	} else {
T	263	$this->_wb = $wb;
	264	}
	265	}
	266	}
	267	}
6fa2f1	268
ae3a8a	269	public function tpl_defaults() {
6fa2f1	270	$this->tpl->setVar('app_title', $this->_conf['app_title']);
b09c9a	271	if(isset($_SESSION['s']['user'])) {
T	272	$this->tpl->setVar('app_version', $this->_conf['app_version']);
7fe908	273	// get pending datalog changes
MC	274	$datalog = $this->db->datalogStatus();
	275	$this->tpl->setVar('datalog_changes_txt', $this->lng('datalog_changes_txt'));
	276	$this->tpl->setVar('datalog_changes_end_txt', $this->lng('datalog_changes_end_txt'));
	277	$this->tpl->setVar('datalog_changes_count', $datalog['count']);
	278	$this->tpl->setLoop('datalog_changes', $datalog['entries']);
b09c9a	279	} else {
T	280	$this->tpl->setVar('app_version', '');
	281	}
6fa2f1	282	$this->tpl->setVar('app_link', $this->_conf['app_link']);
02bf99	283	/*
ae3a8a	284	if(isset($this->_conf['app_logo']) && $this->_conf['app_logo'] != '' && @is_file($this->_conf['app_logo'])) {
6fa2f1	285	$this->tpl->setVar('app_logo', '<img src="'.$this->_conf['app_logo'].'">');
T	286	} else {
	287	$this->tpl->setVar('app_logo', ' ');
	288	}
02bf99	289	*/
T	290	$this->tpl->setVar('app_logo', $this->_conf['logo']);
6fa2f1	291
T	292	$this->tpl->setVar('phpsessid', session_id());
	293
	294	$this->tpl->setVar('theme', $_SESSION['s']['theme']);
	295	$this->tpl->setVar('html_content_encoding', $this->_conf['html_content_encoding']);
	296
	297	$this->tpl->setVar('delete_confirmation', $this->lng('delete_confirmation'));
ae3a8a	298	//print_r($_SESSION);
6fa2f1	299	if(isset($_SESSION['s']['module']['name'])) {
T	300	$this->tpl->setVar('app_module', $_SESSION['s']['module']['name']);
	301	}
	302	if(isset($_SESSION['s']['user']) && $_SESSION['s']['user']['typ'] == 'admin') {
	303	$this->tpl->setVar('is_admin', 1);
	304	}
	305	if(isset($_SESSION['s']['user']) && $this->auth->has_clients($_SESSION['s']['user']['userid'])) {
	306	$this->tpl->setVar('is_reseller', 1);
	307	}
955391	308	/* Show username */
V	309	if(isset($_SESSION['s']['user'])) {
	310	$this->tpl->setVar('cpuser', $_SESSION['s']['user']['username']);
8cf78b	311	$this->tpl->setVar('logout_txt', $this->lng('logout_txt'));
5c4200	312	/* Show search field only for normal users, not mail users */
7fe908	313	if(stristr($_SESSION['s']['user']['username'], '@')){
5c4200	314	$this->tpl->setVar('usertype', 'mailuser');
F	315	} else {
	316	$this->tpl->setVar('usertype', 'normaluser');
	317	}
955391	318	}
7fe908	319
59118c	320	/* Global Search */
F	321	$this->tpl->setVar('globalsearch_resultslimit_of_txt', $this->lng('globalsearch_resultslimit_of_txt'));
	322	$this->tpl->setVar('globalsearch_resultslimit_results_txt', $this->lng('globalsearch_resultslimit_results_txt'));
	323	$this->tpl->setVar('globalsearch_noresults_text_txt', $this->lng('globalsearch_noresults_text_txt'));
	324	$this->tpl->setVar('globalsearch_noresults_limit_txt', $this->lng('globalsearch_noresults_limit_txt'));
	325	$this->tpl->setVar('globalsearch_searchfield_watermark_txt', $this->lng('globalsearch_searchfield_watermark_txt'));
ae3a8a	326	}
V	327
6fa2f1	328	} // end class
T	329
	330	//** Initialize application (app) object
	331	//* possible future = new app($conf);
	332	$app = new app();
	333
cb1221	334	// load and enable PHP Intrusion Detection System (PHPIDS)
TB	335	$ids_security_config = $app->getconf->get_security_config('ids');
	336
	337	if(is_dir(ISPC_CLASS_PATH.'/IDS') && $ids_security_config['ids_enabled'] == 'yes') {
	338	$app->uses('ids');
	339	$app->ids->start();
	340	}
	341	unset($ids_security_config);
	342
f5b0ca	343	?>