| commit | author | age | ||
| a892b8 | 1 | <?php |
| V | 2 | /* |
| 3 | Copyright (c) 2010 Till Brehm, projektfarm Gmbh and Oliver Vogel www.muv.com | |
| 4 | All rights reserved. | |
| 5 | ||
| 6 | Redistribution and use in source and binary forms, with or without modification, | |
| 7 | are permitted provided that the following conditions are met: | |
| 8 | ||
| 9 | * Redistributions of source code must retain the above copyright notice, | |
| 10 | this list of conditions and the following disclaimer. | |
| 11 | * Redistributions in binary form must reproduce the above copyright notice, | |
| 12 | this list of conditions and the following disclaimer in the documentation | |
| 13 | and/or other materials provided with the distribution. | |
| 14 | * Neither the name of ISPConfig nor the names of its contributors | |
| 15 | may be used to endorse or promote products derived from this software without | |
| 16 | specific prior written permission. | |
| 17 | ||
| 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND | |
| 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | |
| 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | |
| 21 | IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, | |
| 22 | INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, | |
| 23 | BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
| 24 | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY | |
| 25 | OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | |
| 26 | NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, | |
| 27 | EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
| 28 | */ | |
| 29 | ||
| 30 | ||
| 31 | /****************************************** | |
| 32 | * Begin Form configuration | |
| 33 | ******************************************/ | |
| 34 | ||
| 35 | $tform_def_file = "form/webdav_user.tform.php"; | |
| 36 | ||
| 37 | /****************************************** | |
| 38 | * End Form configuration | |
| 39 | ******************************************/ | |
| 40 | ||
| 7fe908 | 41 | require_once '../../lib/config.inc.php'; |
| MC | 42 | require_once '../../lib/app.inc.php'; |
| a892b8 | 43 | |
| V | 44 | //* Check permissions for module |
| 45 | $app->auth->check_module_permissions('sites'); | |
| 46 | ||
| 47 | // Loading classes | |
| 48 | $app->uses('tpl,tform,tform_actions'); | |
| 49 | $app->load('tform_actions'); | |
| 50 | ||
| 51 | class page_action extends tform_actions { | |
| 1cc9f1 | 52 | |
| a892b8 | 53 | function onShowNew() { |
| V | 54 | global $app, $conf; |
| 1cc9f1 | 55 | |
| a892b8 | 56 | // we will check only users, not admins |
| V | 57 | if($_SESSION["s"]["user"]["typ"] == 'user') { |
| 58 | if(!$app->tform->checkClientLimit('limit_webdav_user')) { | |
| 59 | $app->error($app->tform->wordbook["limit_webdav_user_txt"]); | |
| 60 | } | |
| 61 | if(!$app->tform->checkResellerLimit('limit_webdav_user')) { | |
| 62 | $app->error('Reseller: '.$app->tform->wordbook["limit_webdav_user_txt"]); | |
| 63 | } | |
| 64 | } | |
| 1cc9f1 | 65 | |
| a892b8 | 66 | parent::onShowNew(); |
| V | 67 | } |
| 68 | ||
| 69 | function onShowEnd() { | |
| 70 | global $app, $conf, $interfaceConf; | |
| 71 | /* | |
| 72 | * If the names are restricted -> remove the restriction, so that the | |
| 73 | * data can be edited | |
| 1cc9f1 | 74 | */ |
| 31f6ce | 75 | $app->uses('getconf,tools_sites'); |
| a892b8 | 76 | $global_config = $app->getconf->get_global_config('sites'); |
| 31f6ce | 77 | $webdavuser_prefix = $app->tools_sites->replacePrefix($global_config['webdavuser_prefix'], $this->dataRecord); |
| 1cc9f1 | 78 | |
| V | 79 | if ($this->dataRecord['username'] != "") { |
| a892b8 | 80 | /* REMOVE the restriction */ |
| 10b4c8 | 81 | $app->tpl->setVar("username", $app->tools_sites->removePrefix($this->dataRecord['username'], $this->dataRecord['username_prefix'], $webdavuser_prefix)); |
| a892b8 | 82 | } |
| 7fe908 | 83 | |
| MC | 84 | $app->tpl->setVar("username_prefix", $app->tools_sites->getPrefix($this->dataRecord['username_prefix'], $webdavuser_prefix, $global_config['webdavuser_prefix'])); |
| 85 | ||
| a892b8 | 86 | if($this->id > 0) { |
| V | 87 | //* we are editing a existing record |
| 88 | $app->tpl->setVar("edit_disabled", 1); | |
| 89 | $app->tpl->setVar("parent_domain_id_value", $this->dataRecord["parent_domain_id"]); | |
| 90 | } else { | |
| 91 | $app->tpl->setVar("edit_disabled", 0); | |
| 92 | } | |
| 93 | ||
| 94 | parent::onShowEnd(); | |
| 95 | } | |
| 1cc9f1 | 96 | |
| a892b8 | 97 | function onSubmit() { |
| V | 98 | global $app, $conf; |
| 1cc9f1 | 99 | |
| V | 100 | /* Get the record of the parent domain */ |
| 7b47c0 | 101 | $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r')); |
| 7fe908 | 102 | if(!$parent_domain || $parent_domain['domain_id'] != @$this->dataRecord['parent_domain_id']) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm"); |
| 1cc9f1 | 103 | |
| V | 104 | /* |
| 105 | * Set a few fixed values | |
| 106 | */ | |
| a892b8 | 107 | $this->dataRecord["server_id"] = $parent_domain["server_id"]; |
| 1cc9f1 | 108 | |
| V | 109 | /* |
| 110 | * Are there some errors? | |
| 111 | */ | |
| a892b8 | 112 | if(isset($this->dataRecord['username']) && trim($this->dataRecord['username']) == '') $app->tform->errorMessage .= $app->tform->lng('username_error_empty').'<br />'; |
| V | 113 | if(isset($this->dataRecord['username']) && empty($this->dataRecord['parent_domain_id'])) $app->tform->errorMessage .= $app->tform->lng('parent_domain_id_error_empty').'<br />'; |
| 7fe908 | 114 | if(isset($this->dataRecord['dir']) && stristr($this->dataRecord['dir'], '..')) $app->tform->errorMessage .= $app->tform->lng('dir_dot_error').'<br />'; |
| MC | 115 | if(isset($this->dataRecord['dir']) && stristr($this->dataRecord['dir'], './')) $app->tform->errorMessage .= $app->tform->lng('dir_slashdot_error').'<br />'; |
| 116 | ||
| a892b8 | 117 | parent::onSubmit(); |
| V | 118 | } |
| 1cc9f1 | 119 | |
| a892b8 | 120 | function onBeforeInsert() { |
| V | 121 | global $app, $conf, $interfaceConf; |
| 122 | ||
| 123 | /* | |
| 124 | * If the names should be restricted -> do it! | |
| 1cc9f1 | 125 | */ |
| V | 126 | if ($app->tform->errorMessage == '') { |
| 127 | ||
| 31f6ce | 128 | $app->uses('getconf,tools_sites'); |
| a892b8 | 129 | $global_config = $app->getconf->get_global_config('sites'); |
| 31f6ce | 130 | $webdavuser_prefix = $app->tools_sites->replacePrefix($global_config['webdavuser_prefix'], $this->dataRecord); |
| 1cc9f1 | 131 | |
| 7fe908 | 132 | $this->dataRecord['username_prefix'] = $webdavuser_prefix; |
| MC | 133 | |
| a892b8 | 134 | /* restrict the names */ |
| V | 135 | $this->dataRecord['username'] = $webdavuser_prefix . $this->dataRecord['username']; |
| 1cc9f1 | 136 | |
| V | 137 | /* |
| 138 | * Get the data of the domain, owning the webdav user | |
| 139 | */ | |
| 65ea2e | 140 | $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($this->dataRecord["parent_domain_id"])); |
| 1cc9f1 | 141 | /* The server is the server of the domain */ |
| V | 142 | $this->dataRecord["server_id"] = $web["server_id"]; |
| 143 | /* The Webdav user shall be owned by the same group then the website */ | |
| 144 | $this->dataRecord["sys_groupid"] = $web['sys_groupid']; | |
| a892b8 | 145 | } |
| 1cc9f1 | 146 | |
| a892b8 | 147 | parent::onBeforeInsert(); |
| V | 148 | } |
| 1cc9f1 | 149 | |
| a892b8 | 150 | function onAfterInsert() { |
| V | 151 | global $app, $conf; |
| 1b7190 | 152 | |
| FT | 153 | /* |
| 154 | * We shall not save the pwd in plaintext, so we store it as the hash, the apache-moule needs | |
| 155 | */ | |
| 156 | $hash = md5($this->dataRecord["username"] . ':' . $this->dataRecord["dir"] . ':' . $this->dataRecord["password"]); | |
| 157 | $this->dataRecord["password"] = $hash; | |
| 158 | ||
| 159 | $app->db->query("UPDATE webdav_user SET password = '".$this->dataRecord["password"]."' WHERE webdav_user_id = ".$this->id); | |
| a892b8 | 160 | } |
| 1cc9f1 | 161 | |
| a892b8 | 162 | function onBeforeUpdate() { |
| V | 163 | global $app, $conf, $interfaceConf; |
| 1cc9f1 | 164 | |
| a892b8 | 165 | /* |
| 1cc9f1 | 166 | * we can not change the username and the dir, so get the "old" - data from the db |
| V | 167 | * and set it |
| 168 | */ | |
| 65ea2e | 169 | $data = $app->db->queryOneRecord("SELECT * FROM webdav_user WHERE webdav_user_id = ".$app->functions->intval($this->id)); |
| 1cc9f1 | 170 | $this->dataRecord["username"] = $data['username']; |
| V | 171 | $this->dataRecord["dir"] = $data['dir']; |
| 10b4c8 | 172 | $this->dataRecord['username_prefix'] = $data['username_prefix']; |
| 1b7190 | 173 | $this->dataRecord['passwordOld'] = $data['password']; |
| 1cc9f1 | 174 | |
| V | 175 | parent::onBeforeUpdate(); |
| a892b8 | 176 | } |
| 1cc9f1 | 177 | |
| a892b8 | 178 | function onAfterUpdate() { |
| V | 179 | global $app, $conf; |
| 1b7190 | 180 | |
| FT | 181 | /* |
| 182 | * We shall not save the pwd in plaintext, so we store it as the hash, the apache-moule | |
| 183 | * needs (only if the pwd is changed) | |
| 184 | */ | |
| 185 | if ((isset($this->dataRecord["password"])) && ($this->dataRecord["password"] != '') && ($this->dataRecord["password"] != $this->dataRecord['passwordOld'])) { | |
| 186 | $hash = md5($this->dataRecord["username"] . ':' . $this->dataRecord["dir"] . ':' . $this->dataRecord["password"]); | |
| 187 | $this->dataRecord["password"] = $hash; | |
| 3b09eb | 188 | $app->db->query("UPDATE webdav_user SET password = '".$this->dataRecord["password"]."' WHERE webdav_user_id = ".$this->id); |
| 1b7190 | 189 | } |
| FT | 190 | |
| a892b8 | 191 | } |
| 7fe908 | 192 | |
| a892b8 | 193 | } |
| V | 194 | |
| 195 | $page = new page_action; | |
| 196 | $page->onLoad(); | |
| 197 | ||
| 7fe908 | 198 | ?> |
