| commit | author | age | ||
| 18341e | 1 | <?php |
| T | 2 | /* |
| 3 | Copyright (c) 2007, Till Brehm, projektfarm Gmbh | |
| 4 | All rights reserved. | |
| 5 | ||
| 6 | Redistribution and use in source and binary forms, with or without modification, | |
| 7 | are permitted provided that the following conditions are met: | |
| 8 | ||
| 9 | * Redistributions of source code must retain the above copyright notice, | |
| 10 | this list of conditions and the following disclaimer. | |
| 11 | * Redistributions in binary form must reproduce the above copyright notice, | |
| 12 | this list of conditions and the following disclaimer in the documentation | |
| 13 | and/or other materials provided with the distribution. | |
| 14 | * Neither the name of ISPConfig nor the names of its contributors | |
| 15 | may be used to endorse or promote products derived from this software without | |
| 16 | specific prior written permission. | |
| 17 | ||
| 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND | |
| 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | |
| 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | |
| 21 | IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, | |
| 22 | INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, | |
| 23 | BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
| 24 | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY | |
| 25 | OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | |
| 26 | NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, | |
| 27 | EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
| 28 | */ | |
| 29 | ||
| 30 | ||
| 31 | /****************************************** | |
| 32 | * Begin Form configuration | |
| 33 | ******************************************/ | |
| 34 | ||
| 35 | $tform_def_file = "form/ftp_user.tform.php"; | |
| 36 | ||
| 37 | /****************************************** | |
| 38 | * End Form configuration | |
| 39 | ******************************************/ | |
| 40 | ||
| 7fe908 | 41 | require_once '../../lib/config.inc.php'; |
| MC | 42 | require_once '../../lib/app.inc.php'; |
| 18341e | 43 | |
| 910093 | 44 | //* Check permissions for module |
| T | 45 | $app->auth->check_module_permissions('sites'); |
| 18341e | 46 | |
| T | 47 | // Loading classes |
| 48 | $app->uses('tpl,tform,tform_actions'); | |
| 49 | $app->load('tform_actions'); | |
| 50 | ||
| 51 | class page_action extends tform_actions { | |
| 7fe908 | 52 | |
| 4fae7e | 53 | function onShowNew() { |
| T | 54 | global $app, $conf; |
| 7fe908 | 55 | |
| 4fae7e | 56 | // we will check only users, not admins |
| T | 57 | if($_SESSION["s"]["user"]["typ"] == 'user') { |
| 3cebc3 | 58 | if(!$app->tform->checkClientLimit('limit_ftp_user')) { |
| T | 59 | $app->error($app->tform->wordbook["limit_ftp_user_txt"]); |
| 60 | } | |
| 61 | if(!$app->tform->checkResellerLimit('limit_ftp_user')) { | |
| 62 | $app->error('Reseller: '.$app->tform->wordbook["limit_ftp_user_txt"]); | |
| 4fae7e | 63 | } |
| T | 64 | } |
| 7fe908 | 65 | |
| 4fae7e | 66 | parent::onShowNew(); |
| T | 67 | } |
| 5190fe | 68 | |
| V | 69 | function onShowEnd() { |
| 70 | global $app, $conf, $interfaceConf; | |
| 71 | /* | |
| 72 | * If the names are restricted -> remove the restriction, so that the | |
| 73 | * data can be edited | |
| 74 | */ | |
| 7fe908 | 75 | |
| 31f6ce | 76 | $app->uses('getconf,tools_sites'); |
| db5aa6 | 77 | $global_config = $app->getconf->get_global_config('sites'); |
| 31f6ce | 78 | $ftpuser_prefix = $app->tools_sites->replacePrefix($global_config['ftpuser_prefix'], $this->dataRecord); |
| 7fe908 | 79 | |
| db5aa6 | 80 | if ($this->dataRecord['username'] != ""){ |
| T | 81 | /* REMOVE the restriction */ |
| 10b4c8 | 82 | $app->tpl->setVar("username", $app->tools_sites->removePrefix($this->dataRecord['username'], $this->dataRecord['username_prefix'], $ftpuser_prefix)); |
| db5aa6 | 83 | } |
| 7fe908 | 84 | |
| MC | 85 | $app->tpl->setVar("username_prefix", $app->tools_sites->getPrefix($this->dataRecord['username_prefix'], $ftpuser_prefix, $global_config['ftpuser_prefix'])); |
| 5190fe | 86 | |
| V | 87 | parent::onShowEnd(); |
| 88 | } | |
| 7fe908 | 89 | |
| e7d184 | 90 | function onSubmit() { |
| T | 91 | global $app, $conf; |
| 7fe908 | 92 | |
| e7d184 | 93 | // Get the record of the parent domain |
| 7b47c0 | 94 | if(isset($this->dataRecord["parent_domain_id"])) { |
| T | 95 | $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r')); |
| 96 | if(!$parent_domain || $parent_domain['domain_id'] != @$this->dataRecord['parent_domain_id']) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm"); | |
| 97 | } else { | |
| 98 | $tmp = $app->tform->getDataRecord($this->id); | |
| 99 | $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval($tmp["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r')); | |
| 100 | if(!$parent_domain) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm"); | |
| 101 | unset($tmp); | |
| 102 | } | |
| 7fe908 | 103 | |
| e7d184 | 104 | // Set a few fixed values |
| T | 105 | $this->dataRecord["server_id"] = $parent_domain["server_id"]; |
| 7fe908 | 106 | |
| 951880 | 107 | //die(print_r($this->dataRecord)); |
| 7fe908 | 108 | |
| 951880 | 109 | if(isset($this->dataRecord['username']) && trim($this->dataRecord['username']) == '') $app->tform->errorMessage .= $app->tform->lng('username_error_empty').'<br />'; |
| T | 110 | if(isset($this->dataRecord['username']) && empty($this->dataRecord['parent_domain_id'])) $app->tform->errorMessage .= $app->tform->lng('parent_domain_id_error_empty').'<br />'; |
| 7fe908 | 111 | if(isset($this->dataRecord['dir']) && stristr($this->dataRecord['dir'], '..')) $app->tform->errorMessage .= $app->tform->lng('dir_dot_error').'<br />'; |
| MC | 112 | if(isset($this->dataRecord['dir']) && stristr($this->dataRecord['dir'], './')) $app->tform->errorMessage .= $app->tform->lng('dir_slashdot_error').'<br />'; |
| 113 | ||
| e7d184 | 114 | parent::onSubmit(); |
| T | 115 | } |
| 7fe908 | 116 | |
| 5190fe | 117 | function onBeforeInsert() { |
| V | 118 | global $app, $conf, $interfaceConf; |
| 7fe908 | 119 | |
| 31f6ce | 120 | $app->uses('getconf,tools_sites'); |
| db5aa6 | 121 | $global_config = $app->getconf->get_global_config('sites'); |
| 31f6ce | 122 | $ftpuser_prefix = $app->tools_sites->replacePrefix($global_config['ftpuser_prefix'], $this->dataRecord); |
| 10b4c8 | 123 | |
| 7fe908 | 124 | $this->dataRecord['username_prefix'] = $ftpuser_prefix; |
| MC | 125 | |
| db5aa6 | 126 | if ($app->tform->errorMessage == '') { |
| T | 127 | $this->dataRecord['username'] = $ftpuser_prefix . $this->dataRecord['username']; |
| 5190fe | 128 | } |
| 7fe908 | 129 | |
| 5190fe | 130 | parent::onBeforeInsert(); |
| V | 131 | } |
| 132 | ||
| 7fe908 | 133 | function onAfterInsert() { |
| b4c750 | 134 | global $app, $conf; |
| 7fe908 | 135 | |
| 65ea2e | 136 | $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($this->dataRecord["parent_domain_id"])); |
| 604c0c | 137 | $server_id = $app->functions->intval($web["server_id"]); |
| TB | 138 | $dir = $app->db->quote($web["document_root"]); |
| 139 | $uid = $app->db->quote($web["system_user"]); | |
| 140 | $gid = $app->db->quote($web["system_group"]); | |
| f2fc77 | 141 | |
| TB | 142 | // Check system user and group |
| 143 | if($app->functions->is_allowed_user($uid) == false || $app->functions->is_allowed_group($gid) == false) { | |
| 144 | $app->error('Invalid system user or group'); | |
| 145 | } | |
| 7fe908 | 146 | |
| 8e6584 | 147 | // The FTP user shall be owned by the same group then the website |
| 604c0c | 148 | $sys_groupid = $app->functions->intval($web['sys_groupid']); |
| 7fe908 | 149 | |
| 8e6584 | 150 | $sql = "UPDATE ftp_user SET server_id = $server_id, dir = '$dir', uid = '$uid', gid = '$gid', sys_groupid = '$sys_groupid' WHERE ftp_user_id = ".$this->id; |
| b4c750 | 151 | $app->db->query($sql); |
| 7fe908 | 152 | } |
| 5190fe | 153 | |
| V | 154 | function onBeforeUpdate() { |
| 155 | global $app, $conf, $interfaceConf; | |
| f2fc77 | 156 | |
| 5190fe | 157 | /* |
| V | 158 | * If the names should be restricted -> do it! |
| 159 | */ | |
| 7fe908 | 160 | |
| 31f6ce | 161 | $app->uses('getconf,tools_sites'); |
| db5aa6 | 162 | $global_config = $app->getconf->get_global_config('sites'); |
| 31f6ce | 163 | $ftpuser_prefix = $app->tools_sites->replacePrefix($global_config['ftpuser_prefix'], $this->dataRecord); |
| 7fe908 | 164 | |
| MC | 165 | $old_record = $app->tform->getDataRecord($this->id); |
| 166 | $ftpuser_prefix = $app->tools_sites->getPrefix($old_record['username_prefix'], $ftpuser_prefix); | |
| 167 | $this->dataRecord['username_prefix'] = $ftpuser_prefix; | |
| 168 | ||
| db5aa6 | 169 | /* restrict the names */ |
| T | 170 | if ($app->tform->errorMessage == '') { |
| 1ff13e | 171 | $this->dataRecord['username'] = $ftpuser_prefix . $this->dataRecord['username']; |
| 5190fe | 172 | } |
| V | 173 | } |
| 7fe908 | 174 | |
| b4c750 | 175 | function onAfterUpdate() { |
| T | 176 | global $app, $conf; |
| 7fe908 | 177 | |
| 92ada0 | 178 | //* When the site of the FTP user has been changed |
| 378935 | 179 | if(isset($this->dataRecord['parent_domain_id']) && $this->oldDataRecord['parent_domain_id'] != $this->dataRecord['parent_domain_id']) { |
| 65ea2e | 180 | $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($this->dataRecord["parent_domain_id"])); |
| 604c0c | 181 | $server_id = $app->functions->intval($web["server_id"]); |
| TB | 182 | $dir = $app->db->quote($web["document_root"]); |
| 183 | $uid = $app->db->quote($web["system_user"]); | |
| 184 | $gid = $app->db->quote($web["system_group"]); | |
| 7fe908 | 185 | |
| 92ada0 | 186 | // The FTP user shall be owned by the same group then the website |
| 604c0c | 187 | $sys_groupid = $app->functions->intval($web['sys_groupid']); |
| 7fe908 | 188 | |
| 92ada0 | 189 | $sql = "UPDATE ftp_user SET server_id = $server_id, dir = '$dir', uid = '$uid', gid = '$gid', sys_groupid = '$sys_groupid' WHERE ftp_user_id = ".$this->id; |
| T | 190 | $app->db->query($sql); |
| 191 | } | |
| 7fe908 | 192 | |
| 615a0a | 193 | //* 2. check to ensure that the FTP user path is not changed to a path outside of the docroot by a normal user |
| T | 194 | if(isset($this->dataRecord['dir']) && $this->dataRecord['dir'] != $this->oldDataRecord['dir'] && !$app->auth->is_admin()) { |
| 195 | $vd = new validate_ftpuser; | |
| 196 | $error_message = $vd->ftp_dir('dir', $this->dataRecord['dir'], ''); | |
| 197 | //* This check should normally never be triggered | |
| 198 | //* Set the path to a safe path (web doc root). | |
| 199 | if($error_message != '') { | |
| 200 | $ftp_data = $app->db->queryOneRecord("SELECT parent_domain_id FROM ftp_user WHERE ftp_user_id = '".$app->db->quote($app->tform->primary_id)."'"); | |
| 201 | $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($ftp_data["parent_domain_id"])); | |
| 604c0c | 202 | $dir = $app->db->quote($web["document_root"]); |
| 615a0a | 203 | $sql = "UPDATE ftp_user SET dir = '$dir' WHERE ftp_user_id = ".$this->id; |
| T | 204 | $app->db->query($sql); |
| 205 | $app->log("Error in FTP path settings of FTP user ".$this->dataRecord['username'], 1); | |
| 206 | } | |
| 7fe908 | 207 | |
| 615a0a | 208 | } |
| 7fe908 | 209 | |
| b4c750 | 210 | } |
| 7fe908 | 211 | |
| 18341e | 212 | } |
| T | 213 | |
| 214 | $page = new page_action; | |
| 215 | $page->onLoad(); | |
| 216 | ||
| 378935 | 217 | ?> |
