ISPConfig3 devel
view | history | commit | commitdiff
Marius Cramer
2014-08-13 42539643c396f9d8865dcf9a51b13dc869709d16
commit | author | age
310ec5 1 <?php
T 2 /*
3 Copyright (c) 2007, Till Brehm, projektfarm Gmbh
4 All rights reserved.
5
6 Redistribution and use in source and binary forms, with or without modification,
7 are permitted provided that the following conditions are met:
8
9     * Redistributions of source code must retain the above copyright notice,
10       this list of conditions and the following disclaimer.
11     * Redistributions in binary form must reproduce the above copyright notice,
12       this list of conditions and the following disclaimer in the documentation
13       and/or other materials provided with the distribution.
14     * Neither the name of ISPConfig nor the names of its contributors
15       may be used to endorse or promote products derived from this software without
16       specific prior written permission.
17
18 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21 IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
22 INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
23 BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24 DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
25 OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
26 NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
27 EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 */
29
30
31 /******************************************
32 * Begin Form configuration
33 ******************************************/
34
35 $tform_def_file = "form/shell_user.tform.php";
36
37 /******************************************
38 * End Form configuration
39 ******************************************/
40
7fe908 41 require_once '../../lib/config.inc.php';
MC 42 require_once '../../lib/app.inc.php';
310ec5 43
T 44 //* Check permissions for module
45 $app->auth->check_module_permissions('sites');
46
47 // Loading classes
48 $app->uses('tpl,tform,tform_actions');
49 $app->load('tform_actions');
50
51 class page_action extends tform_actions {
7fe908 52
310ec5 53     function onShowNew() {
T 54         global $app, $conf;
7fe908 55
310ec5 56         // we will check only users, not admins
T 57         if($_SESSION["s"]["user"]["typ"] == 'user') {
3cebc3 58             if(!$app->tform->checkClientLimit('limit_shell_user')) {
T 59                 $app->error($app->tform->wordbook["limit_shell_user_txt"]);
60             }
61             if(!$app->tform->checkResellerLimit('limit_shell_user')) {
62                 $app->error('Reseller: '.$app->tform->wordbook["limit_shell_user_txt"]);
310ec5 63             }
T 64         }
7fe908 65
310ec5 66         parent::onShowNew();
T 67     }
68
69     function onShowEnd() {
70         global $app, $conf, $interfaceConf;
71         /*
72          * If the names are restricted -> remove the restriction, so that the
73          * data can be edited
74          */
7fe908 75
31f6ce 76         $app->uses('getconf,tools_sites');
310ec5 77         $global_config = $app->getconf->get_global_config('sites');
31f6ce 78         $shelluser_prefix = $app->tools_sites->replacePrefix($global_config['shelluser_prefix'], $this->dataRecord);
7fe908 79
310ec5 80         if ($this->dataRecord['username'] != ""){
T 81             /* REMOVE the restriction */
10b4c8 82             $app->tpl->setVar("username", $app->tools_sites->removePrefix($this->dataRecord['username'], $this->dataRecord['username_prefix'], $shelluser_prefix));
310ec5 83         }
7fe908 84
MC 85         $app->tpl->setVar("username_prefix", $app->tools_sites->getPrefix($this->dataRecord['username_prefix'], $shelluser_prefix, $global_config['shelluser_prefix']));
86
310ec5 87         if($this->id > 0) {
T 88             //* we are editing a existing record
89             $app->tpl->setVar("edit_disabled", 1);
90             $app->tpl->setVar("parent_domain_id_value", $this->dataRecord["parent_domain_id"]);
91         } else {
92             $app->tpl->setVar("edit_disabled", 0);
93         }
94
95         parent::onShowEnd();
96     }
7fe908 97
310ec5 98     function onSubmit() {
T 99         global $app, $conf;
7fe908 100
310ec5 101         // Get the record of the parent domain
7b47c0 102         //$parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r'));
7fe908 103         //if(!$parent_domain || $parent_domain['domain_id'] != @$this->dataRecord['parent_domain_id']) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");
7b47c0 104         if(isset($this->dataRecord["parent_domain_id"])) {
T 105             $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r'));
106             if(!$parent_domain || $parent_domain['domain_id'] != @$this->dataRecord['parent_domain_id']) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");
107         } else {
108             $tmp = $app->tform->getDataRecord($this->id);
109             $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval($tmp["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r'));
110             if(!$parent_domain) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");
111             unset($tmp);
112         }
7fe908 113
310ec5 114         // Set a few fixed values
T 115         $this->dataRecord["server_id"] = $parent_domain["server_id"];
7fe908 116
951880 117         if(isset($this->dataRecord['username']) && trim($this->dataRecord['username']) == '') $app->tform->errorMessage .= $app->tform->lng('username_error_empty').'<br />';
T 118         if(isset($this->dataRecord['username']) && empty($this->dataRecord['parent_domain_id'])) $app->tform->errorMessage .= $app->tform->lng('parent_domain_id_error_empty').'<br />';
7fe908 119         if(isset($this->dataRecord['dir']) && stristr($this->dataRecord['dir'], '..')) $app->tform->errorMessage .= $app->tform->lng('dir_dot_error').'<br />';
MC 120         if(isset($this->dataRecord['dir']) && stristr($this->dataRecord['dir'], './')) $app->tform->errorMessage .= $app->tform->lng('dir_slashdot_error').'<br />';
121
8ab3cd 122         if(isset($this->dataRecord['ssh_rsa'])) $this->dataRecord['ssh_rsa'] = trim($this->dataRecord['ssh_rsa']);
7fe908 123
310ec5 124         parent::onSubmit();
T 125     }
7fe908 126
310ec5 127     function onBeforeInsert() {
T 128         global $app, $conf, $interfaceConf;
129
130         // check if the username is not blacklisted
131         $blacklist = file(ISPC_LIB_PATH.'/shelluser_blacklist');
132         foreach($blacklist as $line) {
133             if(strtolower(trim($line)) == strtolower(trim($this->dataRecord['username']))){
615a0a 134                 $app->tform->errorMessage .= $app->tform->lng('username_not_allowed_txt');
310ec5 135             }
T 136         }
137         unset($blacklist);
f2fc77 138         
TB 139         if($app->functions->is_allowed_user(trim(strtolower($this->dataRecord['username']))) == false) $app->tform->errorMessage .= $app->tform->lng('username_not_allowed_txt');
7fe908 140
310ec5 141         /*
T 142          * If the names should be restricted -> do it!
143          */
144         if ($app->tform->errorMessage == ''){
7fe908 145
31f6ce 146             $app->uses('getconf,tools_sites');
310ec5 147             $global_config = $app->getconf->get_global_config('sites');
31f6ce 148             $shelluser_prefix = $app->tools_sites->replacePrefix($global_config['shelluser_prefix'], $this->dataRecord);
7fe908 149
MC 150             $this->dataRecord['username_prefix'] = $shelluser_prefix;
310ec5 151             /* restrict the names */
T 152             $this->dataRecord['username'] = $shelluser_prefix . $this->dataRecord['username'];
7fe908 153
615a0a 154             if(strlen($this->dataRecord['username']) > 32) $app->tform->errorMessage .= $app->tform->lng("username_must_not_exceed_32_chars_txt");
310ec5 155         }
T 156         parent::onBeforeInsert();
157     }
7fe908 158
310ec5 159     function onAfterInsert() {
T 160         global $app, $conf;
7fe908 161
65ea2e 162         $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($this->dataRecord["parent_domain_id"]));
ae0707 163
604c0c 164         $server_id = $app->functions->intval($web["server_id"]);
TB 165         $dir = $app->db->quote($web["document_root"]);
166         $uid = $app->db->quote($web["system_user"]);
167         $gid = $app->db->quote($web["system_group"]);
f2fc77 168         
TB 169         // Check system user and group
170         if($app->functions->is_allowed_user($uid) == false || $app->functions->is_allowed_group($gid) == false) {
171             $app->error($app->tform->lng('invalid_system_user_or_group_txt'));
172         }
7fe908 173
310ec5 174         // The FTP user shall be owned by the same group then the website
604c0c 175         $sys_groupid = $app->functions->intval($web['sys_groupid']);
7fe908 176
ae0707 177         $sql = "UPDATE shell_user SET server_id = $server_id, dir = '$dir', puser = '$uid', pgroup = '$gid', sys_groupid = '$sys_groupid' WHERE shell_user_id = ".$this->id;
310ec5 178         $app->db->query($sql);
7fe908 179
310ec5 180     }
7fe908 181
310ec5 182     function onBeforeUpdate() {
T 183         global $app, $conf, $interfaceConf;
7fe908 184
310ec5 185         // check if the username is not blacklisted
T 186         $blacklist = file(ISPC_LIB_PATH.'/shelluser_blacklist');
187         foreach($blacklist as $line) {
188             if(strtolower(trim($line)) == strtolower(trim($this->dataRecord['username']))){
615a0a 189                 $app->tform->errorMessage .= $app->tform->lng('username_not_allowed_txt');
310ec5 190             }
T 191         }
192         unset($blacklist);
193
194         /*
195          * If the names should be restricted -> do it!
196          */
197         if ($app->tform->errorMessage == '') {
198             /*
199             * If the names should be restricted -> do it!
200             */
31f6ce 201             $app->uses('getconf,tools_sites');
310ec5 202             $global_config = $app->getconf->get_global_config('sites');
31f6ce 203             $shelluser_prefix = $app->tools_sites->replacePrefix($global_config['shelluser_prefix'], $this->dataRecord);
7fe908 204
MC 205             $old_record = $app->tform->getDataRecord($this->id);
206             $shelluser_prefix = $app->tools_sites->getPrefix($old_record['username_prefix'], $shelluser_prefix);
207             $this->dataRecord['username_prefix'] = $shelluser_prefix;
208
310ec5 209             /* restrict the names */
T 210             $this->dataRecord['username'] = $shelluser_prefix . $this->dataRecord['username'];
7fe908 211
615a0a 212             if(strlen($this->dataRecord['username']) > 32) $app->tform->errorMessage .= $app->tform->lng("username_must_not_exceed_32_chars_txt");
310ec5 213         }
T 214     }
7fe908 215
310ec5 216     function onAfterUpdate() {
T 217         global $app, $conf;
7fe908 218
MC 219
310ec5 220     }
7fe908 221
310ec5 222 }
T 223
224 $page = new page_action;
225 $page->onLoad();
226
7fe908 227 ?>