| commit | author | age | ||
| 310ec5 | 1 | <?php |
| T | 2 | /* |
| 3 | Copyright (c) 2007, Till Brehm, projektfarm Gmbh | |
| 4 | All rights reserved. | |
| 5 | ||
| 6 | Redistribution and use in source and binary forms, with or without modification, | |
| 7 | are permitted provided that the following conditions are met: | |
| 8 | ||
| 9 | * Redistributions of source code must retain the above copyright notice, | |
| 10 | this list of conditions and the following disclaimer. | |
| 11 | * Redistributions in binary form must reproduce the above copyright notice, | |
| 12 | this list of conditions and the following disclaimer in the documentation | |
| 13 | and/or other materials provided with the distribution. | |
| 14 | * Neither the name of ISPConfig nor the names of its contributors | |
| 15 | may be used to endorse or promote products derived from this software without | |
| 16 | specific prior written permission. | |
| 17 | ||
| 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND | |
| 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | |
| 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | |
| 21 | IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, | |
| 22 | INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, | |
| 23 | BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
| 24 | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY | |
| 25 | OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | |
| 26 | NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, | |
| 27 | EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
| 28 | */ | |
| 29 | ||
| 30 | ||
| 31 | /****************************************** | |
| 32 | * Begin Form configuration | |
| 33 | ******************************************/ | |
| 34 | ||
| 35 | $tform_def_file = "form/shell_user.tform.php"; | |
| 36 | ||
| 37 | /****************************************** | |
| 38 | * End Form configuration | |
| 39 | ******************************************/ | |
| 40 | ||
| 7fe908 | 41 | require_once '../../lib/config.inc.php'; |
| MC | 42 | require_once '../../lib/app.inc.php'; |
| 310ec5 | 43 | |
| T | 44 | //* Check permissions for module |
| 45 | $app->auth->check_module_permissions('sites'); | |
| 46 | ||
| 47 | // Loading classes | |
| 48 | $app->uses('tpl,tform,tform_actions'); | |
| 49 | $app->load('tform_actions'); | |
| 50 | ||
| 51 | class page_action extends tform_actions { | |
| 7fe908 | 52 | |
| 310ec5 | 53 | function onShowNew() { |
| T | 54 | global $app, $conf; |
| 7fe908 | 55 | |
| 310ec5 | 56 | // we will check only users, not admins |
| T | 57 | if($_SESSION["s"]["user"]["typ"] == 'user') { |
| 3cebc3 | 58 | if(!$app->tform->checkClientLimit('limit_shell_user')) { |
| T | 59 | $app->error($app->tform->wordbook["limit_shell_user_txt"]); |
| 60 | } | |
| 61 | if(!$app->tform->checkResellerLimit('limit_shell_user')) { | |
| 62 | $app->error('Reseller: '.$app->tform->wordbook["limit_shell_user_txt"]); | |
| 310ec5 | 63 | } |
| T | 64 | } |
| 7fe908 | 65 | |
| 310ec5 | 66 | parent::onShowNew(); |
| T | 67 | } |
| 68 | ||
| 69 | function onShowEnd() { | |
| 70 | global $app, $conf, $interfaceConf; | |
| 71 | /* | |
| 72 | * If the names are restricted -> remove the restriction, so that the | |
| 73 | * data can be edited | |
| 74 | */ | |
| 7fe908 | 75 | |
| 31f6ce | 76 | $app->uses('getconf,tools_sites'); |
| 310ec5 | 77 | $global_config = $app->getconf->get_global_config('sites'); |
| 31f6ce | 78 | $shelluser_prefix = $app->tools_sites->replacePrefix($global_config['shelluser_prefix'], $this->dataRecord); |
| 7fe908 | 79 | |
| 310ec5 | 80 | if ($this->dataRecord['username'] != ""){ |
| T | 81 | /* REMOVE the restriction */ |
| 10b4c8 | 82 | $app->tpl->setVar("username", $app->tools_sites->removePrefix($this->dataRecord['username'], $this->dataRecord['username_prefix'], $shelluser_prefix)); |
| 310ec5 | 83 | } |
| 7fe908 | 84 | |
| ba18a8 | 85 | if($this->dataRecord['username'] == "") { |
| 07c297 | 86 | $app->tpl->setVar("username_prefix", $shelluser_prefix); |
| SC | 87 | } else { |
| 88 | $app->tpl->setVar("username_prefix", $app->tools_sites->getPrefix($this->dataRecord['username_prefix'], $shelluser_prefix, $global_config['shelluser_prefix'])); | |
| 89 | } | |
| 7fe908 | 90 | |
| 310ec5 | 91 | if($this->id > 0) { |
| T | 92 | //* we are editing a existing record |
| 93 | $app->tpl->setVar("edit_disabled", 1); | |
| 94 | $app->tpl->setVar("parent_domain_id_value", $this->dataRecord["parent_domain_id"]); | |
| 95 | } else { | |
| 96 | $app->tpl->setVar("edit_disabled", 0); | |
| 97 | } | |
| 98 | ||
| 99 | parent::onShowEnd(); | |
| 100 | } | |
| 7fe908 | 101 | |
| 310ec5 | 102 | function onSubmit() { |
| T | 103 | global $app, $conf; |
| 7fe908 | 104 | |
| 310ec5 | 105 | // Get the record of the parent domain |
| 7b47c0 | 106 | if(isset($this->dataRecord["parent_domain_id"])) { |
| cc7a82 | 107 | $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ? AND ".$app->tform->getAuthSQL('r'), @$this->dataRecord["parent_domain_id"]); |
| 7b47c0 | 108 | if(!$parent_domain || $parent_domain['domain_id'] != @$this->dataRecord['parent_domain_id']) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm"); |
| T | 109 | } else { |
| 110 | $tmp = $app->tform->getDataRecord($this->id); | |
| cc7a82 | 111 | $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ? AND ".$app->tform->getAuthSQL('r'), $tmp["parent_domain_id"]); |
| 7b47c0 | 112 | if(!$parent_domain) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm"); |
| T | 113 | unset($tmp); |
| 114 | } | |
| 7fe908 | 115 | |
| 310ec5 | 116 | // Set a few fixed values |
| T | 117 | $this->dataRecord["server_id"] = $parent_domain["server_id"]; |
| 7fe908 | 118 | |
| 951880 | 119 | if(isset($this->dataRecord['username']) && trim($this->dataRecord['username']) == '') $app->tform->errorMessage .= $app->tform->lng('username_error_empty').'<br />'; |
| T | 120 | if(isset($this->dataRecord['username']) && empty($this->dataRecord['parent_domain_id'])) $app->tform->errorMessage .= $app->tform->lng('parent_domain_id_error_empty').'<br />'; |
| 7fe908 | 121 | if(isset($this->dataRecord['dir']) && stristr($this->dataRecord['dir'], '..')) $app->tform->errorMessage .= $app->tform->lng('dir_dot_error').'<br />'; |
| MC | 122 | if(isset($this->dataRecord['dir']) && stristr($this->dataRecord['dir'], './')) $app->tform->errorMessage .= $app->tform->lng('dir_slashdot_error').'<br />'; |
| 123 | ||
| 8ab3cd | 124 | if(isset($this->dataRecord['ssh_rsa'])) $this->dataRecord['ssh_rsa'] = trim($this->dataRecord['ssh_rsa']); |
| 7fe908 | 125 | |
| 310ec5 | 126 | parent::onSubmit(); |
| T | 127 | } |
| 7fe908 | 128 | |
| 310ec5 | 129 | function onBeforeInsert() { |
| T | 130 | global $app, $conf, $interfaceConf; |
| 131 | ||
| 132 | // check if the username is not blacklisted | |
| 133 | $blacklist = file(ISPC_LIB_PATH.'/shelluser_blacklist'); | |
| 134 | foreach($blacklist as $line) { | |
| 135 | if(strtolower(trim($line)) == strtolower(trim($this->dataRecord['username']))){ | |
| 615a0a | 136 | $app->tform->errorMessage .= $app->tform->lng('username_not_allowed_txt'); |
| 310ec5 | 137 | } |
| T | 138 | } |
| 139 | unset($blacklist); | |
| f2fc77 | 140 | |
| TB | 141 | if($app->functions->is_allowed_user(trim(strtolower($this->dataRecord['username']))) == false) $app->tform->errorMessage .= $app->tform->lng('username_not_allowed_txt'); |
| 7fe908 | 142 | |
| 310ec5 | 143 | /* |
| T | 144 | * If the names should be restricted -> do it! |
| 145 | */ | |
| 146 | if ($app->tform->errorMessage == ''){ | |
| 7fe908 | 147 | |
| 31f6ce | 148 | $app->uses('getconf,tools_sites'); |
| 310ec5 | 149 | $global_config = $app->getconf->get_global_config('sites'); |
| 31f6ce | 150 | $shelluser_prefix = $app->tools_sites->replacePrefix($global_config['shelluser_prefix'], $this->dataRecord); |
| 7fe908 | 151 | |
| MC | 152 | $this->dataRecord['username_prefix'] = $shelluser_prefix; |
| 310ec5 | 153 | /* restrict the names */ |
| T | 154 | $this->dataRecord['username'] = $shelluser_prefix . $this->dataRecord['username']; |
| 7fe908 | 155 | |
| 615a0a | 156 | if(strlen($this->dataRecord['username']) > 32) $app->tform->errorMessage .= $app->tform->lng("username_must_not_exceed_32_chars_txt"); |
| 310ec5 | 157 | } |
| T | 158 | parent::onBeforeInsert(); |
| 159 | } | |
| 7fe908 | 160 | |
| 310ec5 | 161 | function onAfterInsert() { |
| T | 162 | global $app, $conf; |
| 7fe908 | 163 | |
| cc7a82 | 164 | $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $this->dataRecord["parent_domain_id"]); |
| ae0707 | 165 | |
| 604c0c | 166 | $server_id = $app->functions->intval($web["server_id"]); |
| 2af58c | 167 | $dir = $web["document_root"]; |
| MC | 168 | $uid = $web["system_user"]; |
| 169 | $gid = $web["system_group"]; | |
| f2fc77 | 170 | |
| TB | 171 | // Check system user and group |
| 172 | if($app->functions->is_allowed_user($uid) == false || $app->functions->is_allowed_group($gid) == false) { | |
| 173 | $app->error($app->tform->lng('invalid_system_user_or_group_txt')); | |
| 174 | } | |
| 7fe908 | 175 | |
| 310ec5 | 176 | // The FTP user shall be owned by the same group then the website |
| 604c0c | 177 | $sys_groupid = $app->functions->intval($web['sys_groupid']); |
| 7fe908 | 178 | |
| cc7a82 | 179 | $sql = "UPDATE shell_user SET server_id = ?, dir = ?, puser = ?, pgroup = ?, sys_groupid = ? WHERE shell_user_id = ?"; |
| MC | 180 | $app->db->query($sql, $server_id, $dir, $uid, $gid, $sys_groupid, $this->id); |
| 7fe908 | 181 | |
| 310ec5 | 182 | } |
| 7fe908 | 183 | |
| 310ec5 | 184 | function onBeforeUpdate() { |
| T | 185 | global $app, $conf, $interfaceConf; |
| 7fe908 | 186 | |
| 310ec5 | 187 | // check if the username is not blacklisted |
| T | 188 | $blacklist = file(ISPC_LIB_PATH.'/shelluser_blacklist'); |
| 189 | foreach($blacklist as $line) { | |
| 190 | if(strtolower(trim($line)) == strtolower(trim($this->dataRecord['username']))){ | |
| 615a0a | 191 | $app->tform->errorMessage .= $app->tform->lng('username_not_allowed_txt'); |
| 310ec5 | 192 | } |
| T | 193 | } |
| 194 | unset($blacklist); | |
| 195 | ||
| 196 | /* | |
| 197 | * If the names should be restricted -> do it! | |
| 198 | */ | |
| 199 | if ($app->tform->errorMessage == '') { | |
| 200 | /* | |
| 201 | * If the names should be restricted -> do it! | |
| 202 | */ | |
| 31f6ce | 203 | $app->uses('getconf,tools_sites'); |
| 310ec5 | 204 | $global_config = $app->getconf->get_global_config('sites'); |
| 31f6ce | 205 | $shelluser_prefix = $app->tools_sites->replacePrefix($global_config['shelluser_prefix'], $this->dataRecord); |
| 7fe908 | 206 | |
| MC | 207 | $old_record = $app->tform->getDataRecord($this->id); |
| 208 | $shelluser_prefix = $app->tools_sites->getPrefix($old_record['username_prefix'], $shelluser_prefix); | |
| 209 | $this->dataRecord['username_prefix'] = $shelluser_prefix; | |
| 210 | ||
| 310ec5 | 211 | /* restrict the names */ |
| T | 212 | $this->dataRecord['username'] = $shelluser_prefix . $this->dataRecord['username']; |
| 7fe908 | 213 | |
| 615a0a | 214 | if(strlen($this->dataRecord['username']) > 32) $app->tform->errorMessage .= $app->tform->lng("username_must_not_exceed_32_chars_txt"); |
| 310ec5 | 215 | } |
| T | 216 | } |
| 7fe908 | 217 | |
| 310ec5 | 218 | function onAfterUpdate() { |
| T | 219 | global $app, $conf; |
| 7fe908 | 220 | |
| MC | 221 | |
| 310ec5 | 222 | } |
| 7fe908 | 223 | |
| 310ec5 | 224 | } |
| T | 225 | |
| 226 | $page = new page_action; | |
| 227 | $page->onLoad(); | |
| 228 | ||
| 7fe908 | 229 | ?> |
