| commit | author | age | ||
| 24854c | 1 | <?php |
| T | 2 | |
| 3 | /* | |
| 4 | Copyright (c) 2007 - 2009, Till Brehm, projektfarm Gmbh | |
| 5 | All rights reserved. | |
| 6 | ||
| 7 | Redistribution and use in source and binary forms, with or without modification, | |
| 8 | are permitted provided that the following conditions are met: | |
| 9 | ||
| 10 | * Redistributions of source code must retain the above copyright notice, | |
| 11 | this list of conditions and the following disclaimer. | |
| 12 | * Redistributions in binary form must reproduce the above copyright notice, | |
| 13 | this list of conditions and the following disclaimer in the documentation | |
| 14 | and/or other materials provided with the distribution. | |
| 15 | * Neither the name of ISPConfig nor the names of its contributors | |
| 16 | may be used to endorse or promote products derived from this software without | |
| 17 | specific prior written permission. | |
| 18 | ||
| 19 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND | |
| 20 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | |
| 21 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | |
| 22 | IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, | |
| 23 | INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, | |
| 24 | BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
| 25 | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY | |
| 26 | OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | |
| 27 | NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, | |
| 28 | EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
| 29 | */ | |
| 30 | ||
| 31 | class apache2_plugin { | |
| 32 | ||
| 33 | var $plugin_name = 'apache2_plugin'; | |
| 34 | var $class_name = 'apache2_plugin'; | |
| 35 | ||
| 36 | // private variables | |
| 37 | var $action = ''; | |
| 38 | ||
| 39 | //* This function is called during ispconfig installation to determine | |
| 40 | // if a symlink shall be created for this plugin. | |
| 41 | function onInstall() { | |
| 42 | global $conf; | |
| 43 | ||
| 44 | if($conf['services']['web'] == true) { | |
| 45 | return true; | |
| 46 | } else { | |
| 47 | return false; | |
| 48 | } | |
| 49 | ||
| 50 | } | |
| 51 | ||
| 52 | ||
| 53 | /* | |
| 54 | This function is called when the plugin is loaded | |
| 55 | */ | |
| 56 | ||
| 57 | function onLoad() { | |
| 58 | global $app; | |
| 59 | ||
| 60 | /* | |
| 61 | Register for the events | |
| 62 | */ | |
| 63 | ||
| 64 | ||
| 65 | ||
| 66 | $app->plugins->registerEvent('web_domain_insert',$this->plugin_name,'ssl'); | |
| 67 | $app->plugins->registerEvent('web_domain_update',$this->plugin_name,'ssl'); | |
| 68 | $app->plugins->registerEvent('web_domain_delete',$this->plugin_name,'ssl'); | |
| 69 | ||
| 70 | $app->plugins->registerEvent('web_domain_insert',$this->plugin_name,'insert'); | |
| 71 | $app->plugins->registerEvent('web_domain_update',$this->plugin_name,'update'); | |
| 72 | $app->plugins->registerEvent('web_domain_delete',$this->plugin_name,'delete'); | |
| 73 | ||
| 74 | $app->plugins->registerEvent('server_ip_insert',$this->plugin_name,'server_ip'); | |
| 75 | $app->plugins->registerEvent('server_ip_update',$this->plugin_name,'server_ip'); | |
| 76 | $app->plugins->registerEvent('server_ip_delete',$this->plugin_name,'server_ip'); | |
| 77 | ||
| 78 | } | |
| 79 | ||
| 80 | // Handle the creation of SSL certificates | |
| 81 | function ssl($event_name,$data) { | |
| 82 | global $app, $conf; | |
| 83 | ||
| 84 | if(!is_dir($data["new"]["document_root"]."/ssl")) exec("mkdir -p ".$data["new"]["document_root"]."/ssl"); | |
| 85 | $ssl_dir = $data["new"]["document_root"]."/ssl"; | |
| 86 | $domain = $data["new"]["domain"]; | |
| 87 | $key_file = $ssl_dir.'/'.$domain.".key.org"; | |
| 88 | $key_file2 = $ssl_dir.'/'.$domain.".key"; | |
| 89 | $csr_file = $ssl_dir.'/'.$domain.".csr"; | |
| 90 | $crt_file = $ssl_dir.'/'.$domain.".crt"; | |
| 91 | ||
| 92 | //* Create a SSL Certificate | |
| 93 | if($data["new"]["ssl_action"] == 'create') { | |
| 94 | $rand_file = $ssl_dir."/random_file"; | |
| 95 | $rand_data = md5(uniqid(microtime(),1)); | |
| 96 | for($i=0; $i<1000; $i++){ | |
| 97 | $rand_data .= md5(uniqid(microtime(),1)); | |
| 98 | $rand_data .= md5(uniqid(microtime(),1)); | |
| 99 | $rand_data .= md5(uniqid(microtime(),1)); | |
| 100 | $rand_data .= md5(uniqid(microtime(),1)); | |
| 101 | } | |
| 102 | file_put_contents($rand_file, $rand_data); | |
| 103 | ||
| 104 | $ssl_password = substr(md5(uniqid(microtime(),1)), 0, 15); | |
| 105 | ||
| 106 | $ssl_cnf = " RANDFILE = $rand_file | |
| 107 | ||
| 108 | [ req ] | |
| 109 | default_bits = 1024 | |
| 110 | default_keyfile = keyfile.pem | |
| 111 | distinguished_name = req_distinguished_name | |
| 112 | attributes = req_attributes | |
| 113 | prompt = no | |
| 114 | output_password = $ssl_password | |
| 115 | ||
| 116 | [ req_distinguished_name ] | |
| 117 | C = ".$data['new']['ssl_country']." | |
| 118 | ST = ".$data['new']['ssl_state']." | |
| 119 | L = ".$data['new']['ssl_locality']." | |
| 120 | O = ".$data['new']['ssl_organisation']." | |
| 121 | OU = ".$data['new']['ssl_organisation_unit']." | |
| 122 | CN = $domain | |
| 123 | emailAddress = webmaster@".$data['new']['domain']." | |
| 124 | ||
| 125 | [ req_attributes ] | |
| 126 | challengePassword = A challenge password"; | |
| 127 | ||
| 128 | $ssl_cnf_file = $ssl_dir."/openssl.conf"; | |
| 129 | file_put_contents($ssl_cnf_file,$ssl_cnf); | |
| 130 | ||
| 131 | $rand_file = escapeshellcmd($rand_file); | |
| 132 | $key_file = escapeshellcmd($key_file); | |
| 133 | $key_file2 = escapeshellcmd($key_file2); | |
| 134 | $ssl_days = 3650; | |
| 135 | $csr_file = escapeshellcmd($csr_file); | |
| 136 | $config_file = escapeshellcmd($ssl_cnf_file); | |
| 137 | $crt_file = escapeshellcmd($crt_file); | |
| 138 | ||
| 139 | if(is_file($ssl_cnf_file)){ | |
| 140 | exec("openssl genrsa -des3 -rand $rand_file -passout pass:$ssl_password -out $key_file 1024 && openssl req -new -passin pass:$ssl_password -passout pass:$ssl_password -key $key_file -out $csr_file -days $ssl_days -config $config_file && openssl req -x509 -passin pass:$ssl_password -passout pass:$ssl_password -key $key_file -in $csr_file -out $crt_file -days $ssl_days -config $config_file && openssl rsa -passin pass:$ssl_password -in $key_file -out $key_file2"); | |
| 141 | $app->log("Creating SSL Cert for: $domain",LOGLEVEL_DEBUG); | |
| 142 | } | |
| 143 | ||
| 144 | exec("chmod 400 $key_file2"); | |
| 145 | @unlink($config_file); | |
| 146 | @unlink($rand_file); | |
| 147 | $ssl_request = file_get_contents($csr_file); | |
| 148 | $ssl_cert = file_get_contents($crt_file); | |
| 8c4aa3 | 149 | /* Update the DB of the (local) Server */ |
| 24854c | 150 | $app->db->query("UPDATE web_domain SET ssl_request = '$ssl_request', ssl_cert = '$ssl_cert' WHERE domain = '".$data["new"]["domain"]."'"); |
| T | 151 | $app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data["new"]["domain"]."'"); |
| 8c4aa3 | 152 | /* Update also the master-DB of the Server-Farm */ |
| T | 153 | $app->dbmaster->query("UPDATE web_domain SET ssl_request = '$ssl_request', ssl_cert = '$ssl_cert' WHERE domain = '".$data["new"]["domain"]."'"); |
| 154 | $app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data["new"]["domain"]."'"); | |
| 24854c | 155 | } |
| T | 156 | |
| 157 | //* Save a SSL certificate to disk | |
| 158 | if($data["new"]["ssl_action"] == 'save') { | |
| 159 | $ssl_dir = $data["new"]["document_root"]."/ssl"; | |
| 160 | $domain = $data["new"]["domain"]; | |
| 161 | $csr_file = $ssl_dir.'/'.$domain.".csr"; | |
| 162 | $crt_file = $ssl_dir.'/'.$domain.".crt"; | |
| 163 | $bundle_file = $ssl_dir.'/'.$domain.".bundle"; | |
| 164 | file_put_contents($csr_file,$data["new"]["ssl_request"]); | |
| 165 | file_put_contents($crt_file,$data["new"]["ssl_cert"]); | |
| 166 | if(trim($data["new"]["ssl_bundle"]) != '') file_put_contents($bundle_file,$data["new"]["ssl_bundle"]); | |
| 8c4aa3 | 167 | /* Update the DB of the (local) Server */ |
| 24854c | 168 | $app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data["new"]["domain"]."'"); |
| 8c4aa3 | 169 | /* Update also the master-DB of the Server-Farm */ |
| T | 170 | $app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data["new"]["domain"]."'"); |
| 24854c | 171 | $app->log("Saving SSL Cert for: $domain",LOGLEVEL_DEBUG); |
| T | 172 | } |
| 173 | ||
| 174 | //* Delete a SSL certificate | |
| 175 | if($data["new"]["ssl_action"] == 'del') { | |
| 176 | $ssl_dir = $data["new"]["document_root"]."/ssl"; | |
| 177 | $domain = $data["new"]["domain"]; | |
| 178 | $csr_file = $ssl_dir.'/'.$domain.".csr"; | |
| 179 | $crt_file = $ssl_dir.'/'.$domain.".crt"; | |
| 180 | $bundle_file = $ssl_dir.'/'.$domain.".bundle"; | |
| 181 | unlink($csr_file); | |
| 182 | unlink($crt_file); | |
| 183 | unlink($bundle_file); | |
| 8c4aa3 | 184 | /* Update the DB of the (local) Server */ |
| T | 185 | $app->db->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '' WHERE domain = '".$data["new"]["domain"]."'"); |
| 24854c | 186 | $app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data["new"]["domain"]."'"); |
| 8c4aa3 | 187 | /* Update also the master-DB of the Server-Farm */ |
| T | 188 | $app->dbmaster->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '' WHERE domain = '".$data["new"]["domain"]."'"); |
| 189 | $app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data["new"]["domain"]."'"); | |
| 24854c | 190 | $app->log("Deleting SSL Cert for: $domain",LOGLEVEL_DEBUG); |
| T | 191 | } |
| 192 | ||
| 193 | ||
| 194 | } | |
| 195 | ||
| 196 | ||
| 197 | function insert($event_name,$data) { | |
| 198 | global $app, $conf; | |
| 199 | ||
| 200 | $this->action = 'insert'; | |
| 201 | // just run the update function | |
| 202 | $this->update($event_name,$data); | |
| 203 | ||
| 204 | ||
| 205 | } | |
| 206 | ||
| 207 | ||
| 208 | function update($event_name,$data) { | |
| 209 | global $app, $conf; | |
| 210 | ||
| 211 | if($this->action != 'insert') $this->action = 'update'; | |
| 212 | ||
| 213 | if($data["new"]["type"] != "vhost" && $data["new"]["parent_domain_id"] > 0) { | |
| 214 | ||
| 215 | $old_parent_domain_id = intval($data["old"]["parent_domain_id"]); | |
| 216 | $new_parent_domain_id = intval($data["new"]["parent_domain_id"]); | |
| 217 | ||
| 218 | // If the parent_domain_id has been chenged, we will have to update the old site as well. | |
| 219 | if($this->action == 'update' && $data["new"]["parent_domain_id"] != $data["old"]["parent_domain_id"]) { | |
| 220 | $tmp = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$old_parent_domain_id." AND active = 'y'"); | |
| 221 | $data["new"] = $tmp; | |
| 222 | $data["old"] = $tmp; | |
| 223 | $this->action = 'update'; | |
| 224 | $this->update($event_name,$data); | |
| 225 | } | |
| 226 | ||
| 227 | // This is not a vhost, so we need to update the parent record instead. | |
| 228 | $tmp = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$new_parent_domain_id." AND active = 'y'"); | |
| 229 | $data["new"] = $tmp; | |
| 230 | $data["old"] = $tmp; | |
| 231 | $this->action = 'update'; | |
| 232 | } | |
| 233 | ||
| 234 | // load the server configuration options | |
| 235 | $app->uses("getconf"); | |
| 236 | $web_config = $app->getconf->get_server_config($conf["server_id"], 'web'); | |
| 237 | ||
| 542146 | 238 | //* Check if this is a chrooted setup |
| T | 239 | if($web_config['website_basedir'] != '' && @is_file($web_config['website_basedir'].'/etc/passwd')) { |
| 240 | $apache_chrooted = true; | |
| 241 | $app->log("Info: Apache is chrooted.",LOGLEVEL_DEBUG); | |
| 242 | } else { | |
| 243 | $apache_chrooted = false; | |
| 244 | } | |
| 245 | ||
| 24854c | 246 | if($data["new"]["document_root"] == '') { |
| T | 247 | $app->log("document_root not set",LOGLEVEL_WARN); |
| 248 | return 0; | |
| 249 | } | |
| 250 | if($data["new"]["system_user"] == 'root' or $data["new"]["system_group"] == 'root') { | |
| 251 | $app->log("Websites can not be owned by the root user or group.",LOGLEVEL_WARN); | |
| 252 | return 0; | |
| 253 | } | |
| 254 | ||
| 255 | //* If the client of the site has been changed, we have a change of the document root | |
| 256 | if($this->action == 'update' && $data["new"]["document_root"] != $data["old"]["document_root"]) { | |
| 257 | ||
| 258 | //* Get the old client ID | |
| 259 | $old_client = $app->dbmaster->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = ".intval($data["old"]["sys_groupid"])); | |
| 260 | $old_client_id = intval($old_client["client_id"]); | |
| 261 | unset($old_client); | |
| 262 | ||
| 263 | //* Remove the old symlinks | |
| 264 | $tmp_symlinks_array = explode(':',$web_config["website_symlinks"]); | |
| 265 | if(is_array($tmp_symlinks_array)) { | |
| 266 | foreach($tmp_symlinks_array as $tmp_symlink) { | |
| 267 | $tmp_symlink = str_replace("[client_id]",$old_client_id,$tmp_symlink); | |
| 268 | $tmp_symlink = str_replace("[website_domain]",$data["old"]["domain"],$tmp_symlink); | |
| 269 | // Remove trailing slash | |
| 270 | if(substr($tmp_symlink, -1, 1) == '/') $tmp_symlink = substr($tmp_symlink, 0, -1); | |
| 271 | // create the symlinks, if not exist | |
| 8c4aa3 | 272 | if(is_link($tmp_symlink)) { |
| 24854c | 273 | exec("rm -f ".escapeshellcmd($tmp_symlink)); |
| T | 274 | $app->log("Removed Symlink: rm -f ".$tmp_symlink,LOGLEVEL_DEBUG); |
| 275 | } | |
| 276 | } | |
| 277 | } | |
| 278 | ||
| 279 | //* Move the site data | |
| 280 | $tmp_docroot = explode('/',$data["new"]["document_root"]); | |
| 281 | unset($tmp_docroot[count($tmp_docroot)-1]); | |
| 282 | $new_dir = implode('/',$tmp_docroot); | |
| 283 | ||
| 284 | $tmp_docroot = explode('/',$data["old"]["document_root"]); | |
| 285 | unset($tmp_docroot[count($tmp_docroot)-1]); | |
| 286 | $old_dir = implode('/',$tmp_docroot); | |
| 287 | ||
| 288 | exec('rm -rf '.$data["new"]["document_root"]); | |
| 289 | if(!is_dir($new_dir)) exec('mkdir -p '.$new_dir); | |
| 290 | exec('mv '.$data["old"]["document_root"].' '.$new_dir); | |
| 291 | $app->log("Moving site to new document root: ".'mv '.$data["old"]["document_root"].' '.$new_dir,LOGLEVEL_DEBUG); | |
| 292 | ||
| 68e917 | 293 | //* Change the owner of the website files to the new website owner |
| T | 294 | exec('chown --recursive --from='.escapeshellcmd($data["old"]["system_user"]).':'.escapeshellcmd($data['old']['system_group']).' '.escapeshellcmd($data["new"]["system_user"]).':'.escapeshellcmd($data['new']['system_group']).' '.$new_dir); |
| 295 | ||
| 24854c | 296 | //* Change the home directory and group of the website user |
| T | 297 | $command = 'usermod'; |
| 298 | $command .= ' --home '.escapeshellcmd($data["new"]["document_root"]); | |
| 299 | $command .= ' --gid '.escapeshellcmd($data['new']['system_group']); | |
| 300 | $command .= ' '.escapeshellcmd($data["new"]["system_user"]); | |
| 301 | exec($command); | |
| 68e917 | 302 | |
| 542146 | 303 | if($apache_chrooted) $this->_exec("chroot ".escapeshellcmd($web_config['website_basedir'])." ".$command); |
| 68e917 | 304 | |
| 24854c | 305 | |
| T | 306 | } |
| 307 | ||
| 308 | //print_r($data); | |
| 309 | ||
| 310 | // Check if the directories are there and create them if nescessary. | |
| 311 | if(!is_dir($data["new"]["document_root"]."/web")) exec("mkdir -p ".$data["new"]["document_root"]."/web"); | |
| 312 | if(!is_dir($data["new"]["document_root"]."/web/error") and $data["new"]["errordocs"]) exec("mkdir -p ".$data["new"]["document_root"]."/web/error"); | |
| 313 | //if(!is_dir($data["new"]["document_root"]."/log")) exec("mkdir -p ".$data["new"]["document_root"]."/log"); | |
| 314 | if(!is_dir($data["new"]["document_root"]."/ssl")) exec("mkdir -p ".$data["new"]["document_root"]."/ssl"); | |
| 315 | if(!is_dir($data["new"]["document_root"]."/cgi-bin")) exec("mkdir -p ".$data["new"]["document_root"]."/cgi-bin"); | |
| 316 | if(!is_dir($data["new"]["document_root"]."/tmp")) exec("mkdir -p ".$data["new"]["document_root"]."/tmp"); | |
| 317 | ||
| 318 | // Remove the symlink for the site, if site is renamed | |
| 319 | if($this->action == 'update' && $data["old"]["domain"] != '' && $data["new"]["domain"] != $data["old"]["domain"]) { | |
| 320 | if(is_dir('/var/log/ispconfig/httpd/'.$data["old"]["domain"])) exec('rm -rf /var/log/ispconfig/httpd/'.$data["old"]["domain"]); | |
| 321 | if(is_link($data["old"]["document_root"]."/log")) unlink($data["old"]["document_root"]."/log"); | |
| 322 | } | |
| 323 | ||
| 324 | // Create the symlink for the logfiles | |
| 325 | if(!is_dir('/var/log/ispconfig/httpd/'.$data["new"]["domain"])) exec('mkdir -p /var/log/ispconfig/httpd/'.$data["new"]["domain"]); | |
| 326 | if(!is_link($data["new"]["document_root"]."/log")) { | |
| 327 | exec("ln -s /var/log/ispconfig/httpd/".$data["new"]["domain"]." ".$data["new"]["document_root"]."/log"); | |
| 328 | $app->log("Creating Symlink: ln -s /var/log/ispconfig/httpd/".$data["new"]["domain"]." ".$data["new"]["document_root"]."/log",LOGLEVEL_DEBUG); | |
| 329 | } | |
| 330 | /* | |
| 331 | // Create the symlink for the logfiles | |
| 332 | // This does not work as vlogger can not log trogh symlinks. | |
| 333 | if($this->action == 'update' && $data["old"]["domain"] != '' && $data["new"]["domain"] != $data["old"]["domain"]) { | |
| 334 | if(is_dir($data["old"]["document_root"]."/log")) exec('rm -rf '.$data["old"]["document_root"]."/log"); | |
| 335 | if(is_link('/var/log/ispconfig/httpd/'.$data["old"]["domain"])) unlink('/var/log/ispconfig/httpd/'.$data["old"]["domain"]); | |
| 336 | } | |
| 337 | ||
| 338 | // Create the symlink for the logfiles | |
| 339 | if(!is_dir($data["new"]["document_root"]."/log")) exec('mkdir -p '.$data["new"]["document_root"]."/log"); | |
| 340 | if(!is_link('/var/log/ispconfig/httpd/'.$data["new"]["domain"])) { | |
| 341 | exec("ln -s ".$data["new"]["document_root"]."/log /var/log/ispconfig/httpd/".$data["new"]["domain"]); | |
| 342 | $app->log("Creating Symlink: ln -s ".$data["new"]["document_root"]."/log /var/log/ispconfig/httpd/".$data["new"]["domain"],LOGLEVEL_DEBUG); | |
| 343 | } | |
| 344 | */ | |
| 345 | ||
| 346 | // Get the client ID | |
| 347 | $client = $app->dbmaster->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = ".intval($data["new"]["sys_groupid"])); | |
| 348 | $client_id = intval($client["client_id"]); | |
| 349 | unset($client); | |
| 350 | ||
| 351 | // Remove old symlinks, if site is renamed | |
| 352 | if($this->action == 'update' && $data["old"]["domain"] != '' && $data["new"]["domain"] != $data["old"]["domain"]) { | |
| 353 | $tmp_symlinks_array = explode(':',$web_config["website_symlinks"]); | |
| 354 | if(is_array($tmp_symlinks_array)) { | |
| 355 | foreach($tmp_symlinks_array as $tmp_symlink) { | |
| 356 | $tmp_symlink = str_replace("[client_id]",$client_id,$tmp_symlink); | |
| 357 | $tmp_symlink = str_replace("[website_domain]",$data["old"]["domain"],$tmp_symlink); | |
| 358 | // Remove trailing slash | |
| 359 | if(substr($tmp_symlink, -1, 1) == '/') $tmp_symlink = substr($tmp_symlink, 0, -1); | |
| 360 | // remove the symlinks, if not exist | |
| 361 | if(is_link($tmp_symlink)) { | |
| 362 | exec("rm -f ".escapeshellcmd($tmp_symlink)); | |
| 363 | $app->log("Removed Symlink: rm -f ".$tmp_symlink,LOGLEVEL_DEBUG); | |
| 364 | } | |
| 365 | } | |
| 366 | } | |
| 367 | } | |
| 368 | ||
| 369 | // Create the symlinks for the sites | |
| 370 | $tmp_symlinks_array = explode(':',$web_config["website_symlinks"]); | |
| 371 | if(is_array($tmp_symlinks_array)) { | |
| 372 | foreach($tmp_symlinks_array as $tmp_symlink) { | |
| 373 | $tmp_symlink = str_replace("[client_id]",$client_id,$tmp_symlink); | |
| 374 | $tmp_symlink = str_replace("[website_domain]",$data["new"]["domain"],$tmp_symlink); | |
| 375 | // Remove trailing slash | |
| 376 | if(substr($tmp_symlink, -1, 1) == '/') $tmp_symlink = substr($tmp_symlink, 0, -1); | |
| 377 | //* Remove symlink if target folder has been changed. | |
| 378 | if($data["old"]["document_root"] != '' && $data["old"]["document_root"] != $data["new"]["document_root"] && is_link($tmp_symlink)) { | |
| 379 | unlink($tmp_symlink); | |
| 380 | } | |
| 381 | // create the symlinks, if not exist | |
| 382 | if(!is_link($tmp_symlink)) { | |
| 383 | exec("ln -s ".escapeshellcmd($data["new"]["document_root"])."/ ".escapeshellcmd($tmp_symlink)); | |
| 384 | $app->log("Creating Symlink: ln -s ".$data["new"]["document_root"]."/ ".$tmp_symlink,LOGLEVEL_DEBUG); | |
| 385 | } | |
| 386 | } | |
| 387 | } | |
| 388 | ||
| 389 | ||
| 390 | if($this->action == 'insert' && $data["new"]["type"] == 'vhost') { | |
| 391 | // Copy the error pages | |
| 392 | if($data["new"]["errordocs"]){ | |
| 393 | $error_page_path = escapeshellcmd($data["new"]["document_root"])."/web/error/"; | |
| 394 | if (file_exists("/usr/local/ispconfig/server/conf-custom/error/".substr(escapeshellcmd($conf["language"]),0,2))){ | |
| 395 | exec("cp /usr/local/ispconfig/server/conf-custom/error/".substr(escapeshellcmd($conf["language"]),0,2)."/* ".$error_page_path); | |
| 396 | } | |
| 397 | else { | |
| 398 | if (file_exists("/usr/local/ispconfig/server/conf-custom/error/400.html")){ | |
| 399 | exec("cp /usr/local/ispconfig/server/conf-custom/error/*.html ".$error_page_path); | |
| 400 | } | |
| 401 | else { | |
| 402 | exec("cp /usr/local/ispconfig/server/conf/error/".substr(escapeshellcmd($conf["language"]),0,2)."/* ".$error_page_path); | |
| 403 | } | |
| 404 | } | |
| 405 | exec("chmod -R a+r ".$error_page_path); | |
| 406 | } | |
| 407 | ||
| 408 | // copy the standard index page | |
| 409 | if (file_exists("/usr/local/ispconfig/server/conf-custom/index/standard_index.html_".substr(escapeshellcmd($conf["language"]),0,2))){ | |
| 410 | exec("cp /usr/local/ispconfig/server/conf-custom/index/standard_index.html_".substr(escapeshellcmd($conf["language"]),0,2)." ".escapeshellcmd($data["new"]["document_root"])."/web/index.html"); | |
| 411 | } | |
| 412 | else { | |
| 413 | if (file_exists("/usr/local/ispconfig/server/conf-custom/index/standard_index.html")){ | |
| 414 | exec("cp /usr/local/ispconfig/server/conf-custom/index/standard_index.html ".escapeshellcmd($data["new"]["document_root"])."/web/index.html"); | |
| 415 | } | |
| 416 | else { | |
| 417 | exec("cp /usr/local/ispconfig/server/conf/index/standard_index.html_".substr(escapeshellcmd($conf["language"]),0,2)." ".escapeshellcmd($data["new"]["document_root"])."/web/index.html"); | |
| 418 | exec("cp /usr/local/ispconfig/server/conf/index/favicon.ico ".escapeshellcmd($data["new"]["document_root"])."/web/"); | |
| 419 | exec("cp /usr/local/ispconfig/server/conf/index/robots.txt ".escapeshellcmd($data["new"]["document_root"])."/web/"); | |
| 420 | exec("cp /usr/local/ispconfig/server/conf/index/.htaccess ".escapeshellcmd($data["new"]["document_root"])."/web/"); | |
| 421 | } | |
| 422 | } | |
| 423 | exec("chmod -R a+r ".escapeshellcmd($data["new"]["document_root"])."/web/"); | |
| 424 | ||
| 425 | //** Copy the error documents on update when the error document checkbox has been activated and was deactivated before | |
| 426 | } elseif ($this->action == 'update' && $data["new"]["type"] == 'vhost' && $data["old"]["errordocs"] == 0 && $data["new"]["errordocs"] == 1) { | |
| 427 | ||
| 428 | $error_page_path = escapeshellcmd($data["new"]["document_root"])."/web/error/"; | |
| 429 | if (file_exists("/usr/local/ispconfig/server/conf-custom/error/".substr(escapeshellcmd($conf["language"]),0,2))){ | |
| 430 | exec("cp /usr/local/ispconfig/server/conf-custom/error/".substr(escapeshellcmd($conf["language"]),0,2)."/* ".$error_page_path); | |
| 431 | } | |
| 432 | else { | |
| 433 | if (file_exists("/usr/local/ispconfig/server/conf-custom/error/400.html")){ | |
| 434 | exec("cp /usr/local/ispconfig/server/conf-custom/error/*.html ".$error_page_path); | |
| 435 | } | |
| 436 | else { | |
| 437 | exec("cp /usr/local/ispconfig/server/conf/error/".substr(escapeshellcmd($conf["language"]),0,2)."/* ".$error_page_path); | |
| 438 | } | |
| 439 | } | |
| 440 | exec("chmod -R a+r ".$error_page_path); | |
| 441 | } // end copy error docs | |
| 442 | ||
| 443 | // Create group and user, if not exist | |
| 444 | $app->uses("system"); | |
| 445 | ||
| 446 | $groupname = escapeshellcmd($data["new"]["system_group"]); | |
| 447 | if($data["new"]["system_group"] != '' && !$app->system->is_group($data["new"]["system_group"])) { | |
| 448 | exec("groupadd $groupname"); | |
| 542146 | 449 | if($apache_chrooted) $this->_exec("chroot ".escapeshellcmd($web_config['website_basedir'])." groupadd $groupname"); |
| 24854c | 450 | $app->log("Adding the group: $groupname",LOGLEVEL_DEBUG); |
| T | 451 | } |
| 452 | ||
| 453 | $username = escapeshellcmd($data["new"]["system_user"]); | |
| 454 | if($data["new"]["system_user"] != '' && !$app->system->is_user($data["new"]["system_user"])) { | |
| 8c4aa3 | 455 | exec("useradd -d ".escapeshellcmd($data["new"]["document_root"])." -g $groupname -G sshusers $username -s /bin/false"); |
| 542146 | 456 | if($apache_chrooted) $this->_exec("chroot ".escapeshellcmd($web_config['website_basedir'])." "."useradd -d ".escapeshellcmd($data["new"]["document_root"])." -g $groupname -G sshusers $username -s /bin/false"); |
| 24854c | 457 | $app->log("Adding the user: $username",LOGLEVEL_DEBUG); |
| T | 458 | } |
| 459 | ||
| 460 | // Set the quota for the user | |
| 461 | if($username != '' && $app->system->is_user($username)) { | |
| 462 | if($data["new"]["hd_quota"] > 0){ | |
| 463 | $blocks_soft = $data["new"]["hd_quota"] * 1024; | |
| 464 | $blocks_hard = $blocks_soft + 1024; | |
| 465 | } else { | |
| 466 | $blocks_soft = $blocks_hard = 0; | |
| 467 | } | |
| 468 | exec("setquota -u $username $blocks_soft $blocks_hard 0 0 -a &> /dev/null"); | |
| 469 | exec("setquota -T -u $username 604800 604800 -a &> /dev/null"); | |
| 470 | } | |
| 471 | ||
| 472 | if($this->action == 'insert') { | |
| 473 | // Chown and chmod the directories below the document root | |
| 69944a | 474 | $this->_exec("chown -R $username:$groupname ".escapeshellcmd($data["new"]["document_root"])); |
| T | 475 | // The document root itself has to be owned by root in normal level and by the web owner in security level 20 |
| 476 | if($web_config['security_level'] == 20) { | |
| 477 | $this->_exec("chown $username:$groupname ".escapeshellcmd($data["new"]["document_root"])); | |
| 478 | } else { | |
| 479 | $this->_exec("chown root:root ".escapeshellcmd($data["new"]["document_root"])); | |
| 480 | } | |
| 24854c | 481 | } |
| T | 482 | |
| 8c4aa3 | 483 | |
| T | 484 | |
| 69944a | 485 | //* If the security level is set to high |
| 8c4aa3 | 486 | if($web_config['security_level'] == 20) { |
| T | 487 | |
| 69944a | 488 | $this->_exec("chmod 751 ".escapeshellcmd($data["new"]["document_root"]."/")); |
| T | 489 | $this->_exec("chmod 751 ".escapeshellcmd($data["new"]["document_root"])."/*"); |
| 490 | $this->_exec("chmod 710 ".escapeshellcmd($data["new"]["document_root"]."/web")); | |
| 8c4aa3 | 491 | |
| T | 492 | // make temp direcory writable for the apache user and the website user |
| 69944a | 493 | $this->_exec("chmod 777 ".escapeshellcmd($data["new"]["document_root"]."/tmp")); |
| 8c4aa3 | 494 | |
| T | 495 | $command = 'usermod'; |
| 496 | $command .= ' --groups sshusers'; | |
| 497 | $command .= ' '.escapeshellcmd($data["new"]["system_user"]); | |
| 69944a | 498 | $this->_exec($command); |
| 542146 | 499 | |
| T | 500 | //* if we have a chrooted apache enviroment |
| 501 | if($apache_chrooted) { | |
| 502 | $this->_exec("chroot ".escapeshellcmd($web_config['website_basedir'])." ".$command); | |
| 503 | ||
| 504 | //* add the apache user to the client group in the chroot enviroment | |
| 505 | $tmp_groupfile = $app->system->server_conf["group_datei"]; | |
| 506 | $app->system->server_conf["group_datei"] = $web_config['website_basedir'].'/etc/group'; | |
| 507 | $app->system->add_user_to_group($groupname, escapeshellcmd($web_config['user'])); | |
| 508 | $app->system->server_conf["group_datei"] = $tmp_groupfile; | |
| 509 | unset($tmp_groupfile); | |
| 510 | } | |
| 8c4aa3 | 511 | |
| T | 512 | //* add the apache user to the client group |
| 513 | $app->system->add_user_to_group($groupname, escapeshellcmd($web_config['user'])); | |
| 514 | ||
| 69944a | 515 | $this->_exec("chown $username:$groupname ".escapeshellcmd($data["new"]["document_root"])); |
| T | 516 | |
| 517 | /* | |
| 518 | * Workaround for jailkit: If jailkit is enabled for the site, the | |
| 519 | * website root has to be owned by the root user and we have to chmod it to 755 then | |
| 520 | */ | |
| 521 | ||
| 522 | //* Check if there is a jailkit user for this site | |
| 523 | $tmp = $app->db->queryOneRecord("SELECT count(shell_user_id) as number FROM shell_user WHERE parent_domain_id = ".$data["new"]["domain_id"]." AND chroot = 'jailkit'"); | |
| 524 | if($tmp['number'] > 0) { | |
| 525 | $this->_exec("chmod 755 ".escapeshellcmd($data["new"]["document_root"]."/")); | |
| 526 | $this->_exec("chown root:root ".escapeshellcmd($data["new"]["document_root"]."/")); | |
| 527 | } | |
| 528 | unset($tmp); | |
| 529 | ||
| 8c4aa3 | 530 | // If the security Level is set to medium |
| T | 531 | } else { |
| 532 | ||
| 69944a | 533 | $this->_exec("chmod 755 ".escapeshellcmd($data["new"]["document_root"]."/")); |
| T | 534 | $this->_exec("chmod 755 ".escapeshellcmd($data["new"]["document_root"]."/*")); |
| 535 | $this->_exec("chown root:root ".escapeshellcmd($data["new"]["document_root"]."/")); | |
| 8c4aa3 | 536 | |
| T | 537 | // make temp direcory writable for the apache user and the website user |
| 69944a | 538 | $this->_exec("chmod 777 ".escapeshellcmd($data["new"]["document_root"]."/tmp")); |
| 8c4aa3 | 539 | } |
| 24854c | 540 | |
| 8ba08e | 541 | // Change the owner of the error log to the owner of the website |
| T | 542 | if(!@is_file($data["new"]["document_root"]."/log/error.log")) exec('touch '.escapeshellcmd($data["new"]["document_root"])."/log/error.log"); |
| 543 | $this->_exec("chown $username:$groupname ".escapeshellcmd($data["new"]["document_root"])."/log/error.log"); | |
| 544 | ||
| 24854c | 545 | |
| T | 546 | // Create the vhost config file |
| 547 | $app->load('tpl'); | |
| 548 | ||
| 549 | $tpl = new tpl(); | |
| 550 | $tpl->newTemplate("vhost.conf.master"); | |
| 551 | ||
| 552 | $vhost_data = $data["new"]; | |
| 553 | $vhost_data["web_document_root"] = $data["new"]["document_root"]."/web"; | |
| 554 | $vhost_data["web_document_root_www"] = $web_config["website_basedir"]."/".$data["new"]["domain"]."/web"; | |
| 555 | $vhost_data["web_basedir"] = $web_config["website_basedir"]; | |
| 8c4aa3 | 556 | $vhost_data["security_level"] = $web_config["security_level"]; |
| 24854c | 557 | |
| T | 558 | // Check if a SSL cert exists |
| 559 | $ssl_dir = $data["new"]["document_root"]."/ssl"; | |
| 560 | $domain = $data["new"]["domain"]; | |
| 561 | $key_file = $ssl_dir.'/'.$domain.".key"; | |
| 562 | $crt_file = $ssl_dir.'/'.$domain.".crt"; | |
| 563 | $bundle_file = $ssl_dir.'/'.$domain.".bundle"; | |
| 564 | ||
| 565 | if($data["new"]["ssl"] == 'y' && @is_file($crt_file) && @is_file($key_file)) { | |
| 566 | $vhost_data["ssl_enabled"] = 1; | |
| 567 | $app->log("Enable SSL for: $domain",LOGLEVEL_DEBUG); | |
| 568 | } else { | |
| 569 | $vhost_data["ssl_enabled"] = 0; | |
| 570 | $app->log("Disable SSL for: $domain",LOGLEVEL_DEBUG); | |
| 571 | } | |
| 572 | ||
| 573 | if(@is_file($bundle_file)) $vhost_data['has_bundle_cert'] = 1; | |
| 574 | ||
| 575 | //$vhost_data["document_root"] = $data["new"]["document_root"]."/web"; | |
| 576 | $tpl->setVar($vhost_data); | |
| 577 | ||
| 578 | // Rewrite rules | |
| 579 | $rewrite_rules = array(); | |
| 580 | if($data["new"]["redirect_type"] != '') { | |
| 3f7668 | 581 | $data["new"]["redirect_path"] = str_replace('../','',$data["new"]["redirect_path"]); |
| 8c4aa3 | 582 | if(substr($data["new"]["redirect_path"],-1) != '/') $data["new"]["redirect_path"] .= '/'; |
| c0ab84 | 583 | if($data["new"]["redirect_type"] != 'R' && substr($data["new"]["redirect_path"],0,4) != 'http') { |
| 3f7668 | 584 | if($data["new"]["redirect_path"] == '/') { |
| T | 585 | $data["new"]["redirect_path"] = $data["new"]["document_root"]."/web/"; |
| 586 | } else { | |
| 587 | if(substr($data["new"]["redirect_path"],0,1) != '/') $data["new"]["redirect_path"] = '/'.$data["new"]["redirect_path"]; | |
| 588 | $data["new"]["redirect_path"] = $data["new"]["document_root"]."/web".$data["new"]["redirect_path"]; | |
| 589 | } | |
| ee64f0 | 590 | } |
| T | 591 | |
| 24854c | 592 | $rewrite_rules[] = array( 'rewrite_domain' => $data["new"]["domain"], |
| T | 593 | 'rewrite_type' => ($data["new"]["redirect_type"] == 'no')?'':'['.$data["new"]["redirect_type"].']', |
| 594 | 'rewrite_target' => $data["new"]["redirect_path"]); | |
| 595 | ||
| 596 | switch($data["new"]["subdomain"]) { | |
| 597 | case 'www': | |
| 598 | $rewrite_rules[] = array( 'rewrite_domain' => 'www.'.$data["new"]["domain"], | |
| 599 | 'rewrite_type' => ($data["new"]["redirect_type"] == 'no')?'':'['.$data["new"]["redirect_type"].']', | |
| 600 | 'rewrite_target' => $data["new"]["redirect_path"]); | |
| 601 | break; | |
| 602 | case '*': | |
| 603 | // TODO | |
| 604 | //$rewrite_rules[] = array( 'rewrite_domain' => '*'.$alias["domain"], | |
| 605 | // 'rewrite_type' => $alias["redirect_type"], | |
| 606 | // 'rewrite_target' => $alias["redirect_path"]); | |
| 607 | break; | |
| 608 | } | |
| 609 | } | |
| 610 | ||
| 611 | // get alias domains (co-domains and subdomains) | |
| 612 | $aliases = $app->db->queryAllRecords("SELECT * FROM web_domain WHERE parent_domain_id = ".$data["new"]["domain_id"]." AND active = 'y'"); | |
| 8c4aa3 | 613 | $server_alias = array(); |
| T | 614 | switch($data["new"]["subdomain"]) { |
| 24854c | 615 | case 'www': |
| 8c4aa3 | 616 | $server_alias[] .= 'www.'.$data["new"]["domain"].' '; |
| 24854c | 617 | break; |
| T | 618 | case '*': |
| 8c4aa3 | 619 | $server_alias[] .= '*.'.$data["new"]["domain"].' '; |
| 24854c | 620 | break; |
| T | 621 | } |
| 622 | if(is_array($aliases)) { | |
| 623 | foreach($aliases as $alias) { | |
| 624 | switch($alias["subdomain"]) { | |
| 625 | case 'www': | |
| 8c4aa3 | 626 | $server_alias[] .= 'www.'.$alias["domain"].' '.$alias["domain"].' '; |
| 24854c | 627 | break; |
| T | 628 | case '*': |
| 8c4aa3 | 629 | $server_alias[] .= '*.'.$alias["domain"].' '.$alias["domain"].' '; |
| 24854c | 630 | break; |
| T | 631 | default: |
| 8c4aa3 | 632 | $server_alias[] .= $alias["domain"].' '; |
| 24854c | 633 | break; |
| T | 634 | } |
| 635 | $app->log("Add server alias: $alias[domain]",LOGLEVEL_DEBUG); | |
| 636 | // Rewriting | |
| 637 | if($alias["redirect_type"] != '') { | |
| 3f7668 | 638 | $alias["redirect_path"] = str_replace('../','',$alias["redirect_path"]); |
| T | 639 | if(substr($alias["redirect_path"],-1) != '/') $alias["redirect_path"] .= '/'; |
| 640 | if($alias["redirect_type"] != 'R' && substr($alias["redirect_path"],0,4) != 'http') { | |
| 641 | if($alias["redirect_path"] == '/') { | |
| 642 | $alias["redirect_path"] = $data["new"]["document_root"]."/web/"; | |
| 643 | } else { | |
| 644 | if(substr($alias["redirect_path"],0,1) != '/') $alias["redirect_path"] = '/'.$alias["redirect_path"]; | |
| 645 | $alias["redirect_path"] = $data["new"]["document_root"]."/web".$alias["redirect_path"]; | |
| 646 | } | |
| ee64f0 | 647 | } |
| 24854c | 648 | $rewrite_rules[] = array( 'rewrite_domain' => $alias["domain"], |
| T | 649 | 'rewrite_type' => ($alias["redirect_type"] == 'no')?'':'['.$alias["redirect_type"].']', |
| 650 | 'rewrite_target' => $alias["redirect_path"]); | |
| 651 | switch($alias["subdomain"]) { | |
| 652 | case 'www': | |
| 653 | $rewrite_rules[] = array( 'rewrite_domain' => 'www.'.$alias["domain"], | |
| 654 | 'rewrite_type' => ($alias["redirect_type"] == 'no')?'':'['.$alias["redirect_type"].']', | |
| 655 | 'rewrite_target' => $alias["redirect_path"]); | |
| 656 | break; | |
| 657 | case '*': | |
| 658 | // TODO | |
| 659 | //$rewrite_rules[] = array( 'rewrite_domain' => '*'.$alias["domain"], | |
| 660 | // 'rewrite_type' => $alias["redirect_type"], | |
| 661 | // 'rewrite_target' => $alias["redirect_path"]); | |
| 662 | break; | |
| 663 | } | |
| 664 | } | |
| 665 | } | |
| 666 | } | |
| 8c4aa3 | 667 | |
| T | 668 | //* If we have some alias records |
| 669 | if(count($server_alias) > 0) { | |
| 670 | $server_alias_str = ''; | |
| 671 | $n = 0; | |
| 672 | ||
| 673 | // begin a new ServerAlias line after 30 alias domains | |
| 674 | foreach($server_alias as $tmp_alias) { | |
| 675 | if($n % 30 == 0) $server_alias_str .= "\n ServerAlias "; | |
| 676 | $server_alias_str .= $tmp_alias; | |
| 677 | } | |
| 678 | unset($tmp_alias); | |
| 679 | ||
| 680 | $tpl->setVar('alias',trim($server_alias_str)); | |
| 681 | } else { | |
| 682 | $tpl->setVar('alias',''); | |
| 683 | } | |
| 684 | ||
| 24854c | 685 | if(count($rewrite_rules) > 0) { |
| T | 686 | $tpl->setVar('rewrite_enabled',1); |
| 687 | } else { | |
| 688 | $tpl->setVar('rewrite_enabled',0); | |
| 689 | } | |
| 690 | $tpl->setLoop('redirects',$rewrite_rules); | |
| 691 | ||
| 692 | /** | |
| 693 | * install fast-cgi starter script and add script aliasd config | |
| 694 | * first we create the script directory if not already created, then copy over the starter script | |
| 695 | * settings are copied over from the server ini config for now | |
| 696 | * TODO: Create form for fastcgi configs per site. | |
| 697 | */ | |
| 698 | ||
| 699 | if ($data["new"]["php"] == "fast-cgi") | |
| 700 | { | |
| 701 | $fastcgi_config = $app->getconf->get_server_config($conf["server_id"], 'fastcgi'); | |
| 702 | ||
| 703 | $fastcgi_starter_path = str_replace("[system_user]",$data["new"]["system_user"],$fastcgi_config["fastcgi_starter_path"]); | |
| 704 | $fastcgi_starter_path = str_replace("[client_id]",$client_id,$fastcgi_starter_path); | |
| 705 | ||
| 706 | if (!is_dir($fastcgi_starter_path)) | |
| 707 | { | |
| 708 | exec("mkdir -p ".escapeshellcmd($fastcgi_starter_path)); | |
| 68e917 | 709 | //exec("chown ".$data["new"]["system_user"].":".$data["new"]["system_group"]." ".escapeshellcmd($fastcgi_starter_path)); |
| 24854c | 710 | |
| T | 711 | |
| 712 | $app->log("Creating fastcgi starter script directory: $fastcgi_starter_path",LOGLEVEL_DEBUG); | |
| 713 | } | |
| 714 | ||
| 68e917 | 715 | exec("chown -R ".$data["new"]["system_user"].":".$data["new"]["system_group"]." ".escapeshellcmd($fastcgi_starter_path)); |
| T | 716 | |
| 24854c | 717 | $fcgi_tpl = new tpl(); |
| T | 718 | $fcgi_tpl->newTemplate("php-fcgi-starter.master"); |
| 719 | ||
| 720 | $fcgi_tpl->setVar('php_ini_path',$fastcgi_config["fastcgi_phpini_path"]); | |
| 721 | $fcgi_tpl->setVar('document_root',$data["new"]["document_root"]); | |
| 722 | $fcgi_tpl->setVar('php_fcgi_children',$fastcgi_config["fastcgi_children"]); | |
| 723 | $fcgi_tpl->setVar('php_fcgi_max_requests',$fastcgi_config["fastcgi_max_requests"]); | |
| 724 | $fcgi_tpl->setVar('php_fcgi_bin',$fastcgi_config["fastcgi_bin"]); | |
| 8c4aa3 | 725 | $fcgi_tpl->setVar('security_level',$web_config["security_level"]); |
| 24854c | 726 | |
| T | 727 | $fcgi_starter_script = escapeshellcmd($fastcgi_starter_path.$fastcgi_config["fastcgi_starter_script"]); |
| 728 | file_put_contents($fcgi_starter_script,$fcgi_tpl->grab()); | |
| 729 | unset($fcgi_tpl); | |
| 730 | ||
| 731 | $app->log("Creating fastcgi starter script: $fcgi_starter_script",LOGLEVEL_DEBUG); | |
| 732 | ||
| 733 | ||
| 734 | exec("chmod 755 $fcgi_starter_script"); | |
| 735 | exec("chown ".$data["new"]["system_user"].":".$data["new"]["system_group"]." $fcgi_starter_script"); | |
| 736 | ||
| 737 | $tpl->setVar('fastcgi_alias',$fastcgi_config["fastcgi_alias"]); | |
| 738 | $tpl->setVar('fastcgi_starter_path',$fastcgi_starter_path); | |
| 739 | $tpl->setVar('fastcgi_starter_script',$fastcgi_config["fastcgi_starter_script"]); | |
| 740 | ||
| 741 | } | |
| 742 | ||
| 743 | /** | |
| 744 | * install cgi starter script and add script alias to config. | |
| 745 | * This is needed to allow cgi with suexec (to do so, we need a bin in the document-path!) | |
| 746 | * first we create the script directory if not already created, then copy over the starter script. | |
| 747 | * TODO: we have to fetch the data from the server-settings. | |
| 748 | */ | |
| 749 | ||
| 750 | if ($data["new"]["php"] == "cgi") | |
| 751 | { | |
| 752 | //$cgi_config = $app->getconf->get_server_config($conf["server_id"], 'cgi'); | |
| 753 | ||
| 754 | $cgi_config["cgi_starter_path"] = $web_config["website_basedir"]."/php-cgi-scripts/[system_user]/"; | |
| 755 | $cgi_config["cgi_starter_script"] = "php-cgi-starter"; | |
| 756 | $cgi_config["cgi_bin"] = "/usr/bin/php-cgi"; | |
| 757 | ||
| 758 | $cgi_starter_path = str_replace("[system_user]",$data["new"]["system_user"],$cgi_config["cgi_starter_path"]); | |
| 759 | $cgi_starter_path = str_replace("[client_id]",$client_id,$cgi_starter_path); | |
| 760 | ||
| 761 | if (!is_dir($cgi_starter_path)) | |
| 762 | { | |
| 763 | exec("mkdir -p ".escapeshellcmd($cgi_starter_path)); | |
| 764 | exec("chown ".$data["new"]["system_user"].":".$data["new"]["system_group"]." ".escapeshellcmd($cgi_starter_path)); | |
| 765 | ||
| 766 | $app->log("Creating cgi starter script directory: $cgi_starter_path",LOGLEVEL_DEBUG); | |
| 767 | } | |
| 768 | ||
| 769 | $cgi_tpl = new tpl(); | |
| 770 | $cgi_tpl->newTemplate("php-cgi-starter.master"); | |
| 771 | ||
| 772 | // This works, because php "rewrites" a symlink to the physical path | |
| 773 | $cgi_tpl->setVar('open_basedir', $data["new"]["document_root"]); | |
| 774 | // This will NOT work! | |
| 775 | //$cgi_tpl->setVar('open_basedir', "/var/www/" . $data["new"]["domain"]); | |
| 776 | $cgi_tpl->setVar('php_cgi_bin',$cgi_config["cgi_bin"]); | |
| 8c4aa3 | 777 | $cgi_tpl->setVar('security_level',$web_config["security_level"]); |
| 24854c | 778 | |
| T | 779 | $cgi_starter_script = escapeshellcmd($cgi_starter_path.$cgi_config["cgi_starter_script"]); |
| 780 | file_put_contents($cgi_starter_script,$cgi_tpl->grab()); | |
| 781 | unset($cgi_tpl); | |
| 782 | ||
| 783 | $app->log("Creating cgi starter script: $cgi_starter_script",LOGLEVEL_DEBUG); | |
| 784 | ||
| 785 | ||
| 786 | exec("chmod 755 $cgi_starter_script"); | |
| 787 | exec("chown ".$data["new"]["system_user"].":".$data["new"]["system_group"]." $cgi_starter_script"); | |
| 788 | ||
| 789 | $tpl->setVar('cgi_starter_path',$cgi_starter_path); | |
| 790 | $tpl->setVar('cgi_starter_script',$cgi_config["cgi_starter_script"]); | |
| 791 | ||
| 792 | } | |
| 793 | ||
| 794 | $vhost_file = escapeshellcmd($web_config["vhost_conf_dir"].'/'.$data["new"]["domain"].'.vhost'); | |
| 795 | file_put_contents($vhost_file,$tpl->grab()); | |
| 796 | $app->log("Writing the vhost file: $vhost_file",LOGLEVEL_DEBUG); | |
| 797 | unset($tpl); | |
| 798 | ||
| 799 | // Set the symlink to enable the vhost | |
| 800 | $vhost_symlink = escapeshellcmd($web_config["vhost_conf_enabled_dir"].'/'.$data["new"]["domain"].'.vhost'); | |
| 801 | if($data["new"]["active"] == 'y' && !is_link($vhost_symlink)) { | |
| 802 | symlink($vhost_file,$vhost_symlink); | |
| 803 | $app->log("Creating the symlink: $vhost_symlink => $vhost_file",LOGLEVEL_DEBUG); | |
| 804 | } | |
| 805 | ||
| 806 | // Remove the symlink, if site is inactive | |
| 807 | if($data["new"]["active"] == 'n' && is_link($vhost_symlink)) { | |
| 808 | unlink($vhost_symlink); | |
| 809 | $app->log("Removing symlink: $vhost_symlink => $vhost_file",LOGLEVEL_DEBUG); | |
| 810 | } | |
| 811 | ||
| 812 | // remove old symlink and vhost file, if domain name of the site has changed | |
| 813 | if($this->action == 'update' && $data["old"]["domain"] != '' && $data["new"]["domain"] != $data["old"]["domain"]) { | |
| 814 | $vhost_symlink = escapeshellcmd($web_config["vhost_conf_enabled_dir"].'/'.$data["old"]["domain"].'.vhost'); | |
| 815 | unlink($vhost_symlink); | |
| 816 | $app->log("Removing symlink: $vhost_symlink => $vhost_file",LOGLEVEL_DEBUG); | |
| 817 | $vhost_file = escapeshellcmd($web_config["vhost_conf_dir"].'/'.$data["old"]["domain"].'.vhost'); | |
| 818 | unlink($vhost_file); | |
| 819 | $app->log("Removing File $vhost_file",LOGLEVEL_DEBUG); | |
| 820 | } | |
| 821 | ||
| 822 | //* Create .htaccess and .htpasswd file for website statistics | |
| 8c4aa3 | 823 | if(!is_file($data["new"]["document_root"].'/web/stats/.htaccess') or $data["old"]["document_root"] != $data["new"]["document_root"]) { |
| 24854c | 824 | if(!is_dir($data["new"]["document_root"].'/web/stats')) mkdir($data["new"]["document_root"].'/web/stats'); |
| ee64f0 | 825 | $ht_file = "AuthType Basic\nAuthName \"Members Only\"\nAuthUserFile ".$data["new"]["document_root"]."/.htpasswd_stats\nrequire valid-user"; |
| 24854c | 826 | file_put_contents($data["new"]["document_root"].'/web/stats/.htaccess',$ht_file); |
| T | 827 | chmod($data["new"]["document_root"].'/web/stats/.htaccess',0664); |
| 828 | unset($ht_file); | |
| 829 | } | |
| 830 | ||
| 831 | if(!is_file($data["new"]["document_root"].'/.htpasswd_stats') || $data["new"]["stats_password"] != $data["old"]["stats_password"]) { | |
| 832 | if(trim($data["new"]["stats_password"]) != '') { | |
| 833 | $htp_file = 'admin:'.trim($data["new"]["stats_password"]); | |
| 834 | file_put_contents($data["new"]["document_root"].'/.htpasswd_stats',$htp_file); | |
| 835 | chmod($data["new"]["document_root"].'/.htpasswd_stats',0664); | |
| 836 | unset($htp_file); | |
| 837 | } | |
| 838 | } | |
| 839 | ||
| 840 | ||
| 542146 | 841 | if($apache_chrooted) { |
| T | 842 | $app->services->restartServiceDelayed('httpd','restart'); |
| 843 | } else { | |
| 844 | // request a httpd reload when all records have been processed | |
| 845 | $app->services->restartServiceDelayed('httpd','reload'); | |
| 846 | } | |
| 24854c | 847 | |
| 8c4aa3 | 848 | //* Unset action to clean it for next processed vhost. |
| T | 849 | $this->action = ''; |
| 850 | ||
| 24854c | 851 | } |
| T | 852 | |
| 853 | function delete($event_name,$data) { | |
| 854 | global $app, $conf; | |
| 855 | ||
| 856 | // load the server configuration options | |
| 857 | $app->uses("getconf"); | |
| 858 | $web_config = $app->getconf->get_server_config($conf["server_id"], 'web'); | |
| 859 | ||
| 542146 | 860 | //* Check if this is a chrooted setup |
| T | 861 | if($web_config['website_basedir'] != '' && @is_file($web_config['/var/www'].'/etc/passwd')) { |
| 862 | $apache_chrooted = true; | |
| 863 | } else { | |
| 864 | $apache_chrooted = false; | |
| 865 | } | |
| 24854c | 866 | |
| T | 867 | if($data["old"]["type"] != "vhost" && $data["old"]["parent_domain_id"] > 0) { |
| 868 | //* This is a alias domain or subdomain, so we have to update the website instead | |
| 869 | $parent_domain_id = intval($data["old"]["parent_domain_id"]); | |
| 870 | $tmp = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$parent_domain_id." AND active = 'y'"); | |
| 871 | $data["new"] = $tmp; | |
| 872 | $data["old"] = $tmp; | |
| 873 | $this->action = 'update'; | |
| 874 | // just run the update function | |
| 875 | $this->update($event_name,$data); | |
| 876 | ||
| 877 | } else { | |
| 878 | //* This is a website | |
| 879 | // Deleting the vhost file, symlink and the data directory | |
| 880 | $vhost_symlink = escapeshellcmd($web_config["vhost_conf_enabled_dir"].'/'.$data["old"]["domain"].'.vhost'); | |
| 881 | unlink($vhost_symlink); | |
| 882 | $app->log("Removing symlink: $vhost_symlink => $vhost_file",LOGLEVEL_DEBUG); | |
| 883 | ||
| 884 | $vhost_file = escapeshellcmd($web_config["vhost_conf_dir"].'/'.$data["old"]["domain"].'.vhost'); | |
| 885 | unlink($vhost_file); | |
| 886 | $app->log("Removing vhost file: $vhost_file",LOGLEVEL_DEBUG); | |
| 887 | ||
| 888 | $docroot = escapeshellcmd($data["old"]["document_root"]); | |
| 889 | if($docroot != '' && !stristr($docroot,'..')) exec("rm -rf $docroot"); | |
| 890 | ||
| 891 | ||
| 892 | //remove the php fastgi starter script if available | |
| 893 | if ($data["old"]["php"] == "fast-cgi") | |
| 894 | { | |
| 895 | $fastcgi_starter_path = str_replace("[system_user]",$data["old"]["system_user"],$web_config["fastcgi_starter_path"]); | |
| 896 | if (is_dir($fastcgi_starter_path)) | |
| 897 | { | |
| 898 | exec("rm -rf $fastcgi_starter_path"); | |
| 899 | } | |
| 900 | } | |
| 901 | ||
| 902 | //remove the php cgi starter script if available | |
| 903 | if ($data["old"]["php"] == "cgi") | |
| 904 | { | |
| 905 | // TODO: fetch the date from the server-settings | |
| 906 | $web_config["cgi_starter_path"] = $web_config["website_basedir"]."/php-cgi-scripts/[system_user]/"; | |
| 907 | ||
| 908 | $cgi_starter_path = str_replace("[system_user]",$data["old"]["system_user"],$web_config["cgi_starter_path"]); | |
| 909 | if (is_dir($cgi_starter_path)) | |
| 910 | { | |
| 911 | exec("rm -rf $cgi_starter_path"); | |
| 912 | } | |
| 913 | } | |
| 914 | ||
| 915 | $app->log("Removing website: $docroot",LOGLEVEL_DEBUG); | |
| 916 | ||
| 917 | // Delete the symlinks for the sites | |
| 918 | $client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = ".intval($data["old"]["sys_groupid"])); | |
| 919 | $client_id = intval($client["client_id"]); | |
| 920 | unset($client); | |
| 921 | $tmp_symlinks_array = explode(':',$web_config["website_symlinks"]); | |
| 922 | if(is_array($tmp_symlinks_array)) { | |
| 923 | foreach($tmp_symlinks_array as $tmp_symlink) { | |
| 924 | $tmp_symlink = str_replace("[client_id]",$client_id,$tmp_symlink); | |
| 925 | $tmp_symlink = str_replace("[website_domain]",$data["old"]["domain"],$tmp_symlink); | |
| 926 | // Remove trailing slash | |
| 927 | if(substr($tmp_symlink, -1, 1) == '/') $tmp_symlink = substr($tmp_symlink, 0, -1); | |
| 928 | // create the symlinks, if not exist | |
| 929 | if(is_link($tmp_symlink)) { | |
| 930 | unlink($tmp_symlink); | |
| 931 | $app->log("Removing symlink: ".$tmp_symlink,LOGLEVEL_DEBUG); | |
| 932 | } | |
| 933 | } | |
| 934 | } | |
| 935 | // end removing symlinks | |
| 936 | ||
| 937 | // Delete the log file directory | |
| 938 | $vhost_logfile_dir = escapeshellcmd('/var/log/ispconfig/httpd/'.$data["old"]["domain"]); | |
| 939 | if($data["old"]["domain"] != '' && !stristr($vhost_logfile_dir,'..')) exec("rm -rf $vhost_logfile_dir"); | |
| 940 | $app->log("Removing website logfile directory: $vhost_logfile_dir",LOGLEVEL_DEBUG); | |
| 941 | ||
| 942 | //delete the web user | |
| 943 | $command = 'userdel'; | |
| 944 | $command .= ' '.$data["old"]["system_user"]; | |
| 945 | exec($command); | |
| 542146 | 946 | if($apache_chrooted) $this->_exec("chroot ".escapeshellcmd($web_config['website_basedir'])." ".$command); |
| T | 947 | |
| 24854c | 948 | } |
| T | 949 | } |
| 950 | ||
| 951 | //* This function is called when a IP on the server is inserted, updated or deleted | |
| 952 | function server_ip($event_name,$data) { | |
| 953 | global $app, $conf; | |
| 954 | ||
| 955 | // load the server configuration options | |
| 956 | $app->uses("getconf"); | |
| 957 | $web_config = $app->getconf->get_server_config($conf["server_id"], 'web'); | |
| 958 | ||
| 959 | $app->load('tpl'); | |
| 960 | ||
| 961 | $tpl = new tpl(); | |
| 962 | $tpl->newTemplate("apache_ispconfig.conf.master"); | |
| 963 | $records = $app->db->queryAllRecords("SELECT * FROM server_ip WHERE server_id = ".$conf["server_id"]." AND virtualhost = 'y'"); | |
| 964 | ||
| 965 | if(count($records) > 0) { | |
| 966 | $tpl->setLoop('ip_adresses',$records); | |
| 967 | } | |
| 968 | ||
| 969 | $vhost_file = escapeshellcmd($web_config["vhost_conf_dir"].'/ispconfig.conf'); | |
| 970 | file_put_contents($vhost_file,$tpl->grab()); | |
| 971 | $app->log("Writing the conf file: ispconfig.conf",LOGLEVEL_DEBUG); | |
| 972 | unset($tpl); | |
| 973 | ||
| 974 | } | |
| 975 | ||
| 69944a | 976 | //* Wrapper for exec function for easier debugging |
| T | 977 | private function _exec($command) { |
| 978 | global $app; | |
| 979 | $app->log("exec: ".$command,LOGLEVEL_DEBUG); | |
| 980 | exec($command); | |
| 981 | } | |
| 982 | ||
| 24854c | 983 | |
| T | 984 | } // end class |
| 985 | ||
| d74308 | 986 | ?> |
