gitlabFork/ISPConfig3.git - Solinfo Gitblit

Fixed: FS#2176 - collision between shell/ftp accounts and client accounts n...

tbrehm

2012-04-16 84569173c9a21ebab5ecdb662d9b4fb98b7c336b

commit \| author \| age
b488b5	1	<?php
T	2	/*
845691	3	Copyright (c) 2005 - 2012, Till Brehm, projektfarm Gmbh, ISPConfig UG
b488b5	4	All rights reserved.
T	5
	6	Redistribution and use in source and binary forms, with or without modification,
	7	are permitted provided that the following conditions are met:
	8
	9	* Redistributions of source code must retain the above copyright notice,
	10	this list of conditions and the following disclaimer.
	11	* Redistributions in binary form must reproduce the above copyright notice,
	12	this list of conditions and the following disclaimer in the documentation
	13	and/or other materials provided with the distribution.
	14	* Neither the name of ISPConfig nor the names of its contributors
	15	may be used to endorse or promote products derived from this software without
	16	specific prior written permission.
	17
	18	THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
	19	ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
	20	WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
	21	IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
	22	INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
	23	BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	24	DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
	25	OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
	26	NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
	27	EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	28	*/
	29
	30
	31	/******************************************
	32	* Begin Form configuration
	33	******************************************/
	34
	35	$tform_def_file = "form/client.tform.php";
	36
	37	/******************************************
	38	* End Form configuration
	39	******************************************/
	40
	41	require_once('../../lib/config.inc.php');
	42	require_once('../../lib/app.inc.php');
	43	require_once('tools.inc.php');
	44
	45	//* Check permissions for module
	46	$app->auth->check_module_permissions('client');
	47
	48	// Loading classes
	49	$app->uses('tpl,tform,tform_actions');
	50	$app->load('tform_actions');
	51
	52	class page_action extends tform_actions {
	53
	54
	55	function onShowNew() {
	56	global $app, $conf;
	57
	58	// we will check only users, not admins
	59	if($_SESSION["s"]["user"]["typ"] == 'user') {
	60
	61	// Get the limits of the client
	62	$client_group_id = $_SESSION["s"]["user"]["default_group"];
	63	$client = $app->db->queryOneRecord("SELECT limit_client FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
	64
	65	// Check if the user may add another website.
	66	if($client["limit_client"] >= 0) {
	67	$tmp = $app->db->queryOneRecord("SELECT count(client_id) as number FROM client WHERE sys_groupid = $client_group_id");
	68	if($tmp["number"] >= $client["limit_client"]) {
	69	$app->error($app->tform->wordbook["limit_client_txt"]);
	70	}
	71	}
	72	}
	73
	74	parent::onShowNew();
	75	}
	76
	77
	78	function onSubmit() {
	79	global $app, $conf;
	80
	81	// we will check only users, not admins
	82	if($_SESSION["s"]["user"]["typ"] == 'user' && $this->id == 0) {
	83
	84	// Get the limits of the client
	85	$client_group_id = $_SESSION["s"]["user"]["default_group"];
	86	$client = $app->db->queryOneRecord("SELECT limit_client FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
	87
	88	// Check if the user may add another website.
	89	if($client["limit_client"] >= 0) {
	90	$tmp = $app->db->queryOneRecord("SELECT count(client_id) as number FROM client WHERE sys_groupid = $client_group_id");
	91	if($tmp["number"] >= $client["limit_client"]) {
	92	$app->error($app->tform->wordbook["limit_client_txt"]);
	93	}
	94	}
	95	}
	96
	97	parent::onSubmit();
	98	}
	99
	100	function onShowEnd() {
	101
	102	global $app;
	103
	104	$sql = "SELECT template_id,template_name FROM client_template WHERE template_type = 'a'";
	105	$tpls = $app->db->queryAllRecords($sql);
	106	$option = '';
	107	$tpl = array();
	108	foreach($tpls as $item){
	109	$option .= '<option value="' . $item['template_id'] . '\|' . $item['template_name'] . '">' . $item['template_name'] . '</option>';
	110	$tpl[$item['template_id']] = $item['template_name'];
	111	}
	112	$app->tpl->setVar('tpl_add_select',$option);
	113
	114	$sql = "SELECT template_additional FROM client WHERE client_id = " . $this->id;
	115	$result = $app->db->queryOneRecord($sql);
	116	$tplAdd = explode("/", $result['template_additional']);
	117	$text = '';
	118	foreach($tplAdd as $item){
	119	if (trim($item) != ''){
	120	if ($text != '') $text .= '<br />';
	121	$text .= $tpl[$item];
	122	}
	123	}
	124
	125	$app->tpl->setVar('template_additional_list', $text);
1ca823	126	$app->tpl->setVar('app_module','client');
b488b5	127
T	128	parent::onShowEnd();
	129
	130	}
	131
	132	/*
	133	This function is called automatically right after
	134	the data was successful inserted in the database.
	135	*/
	136	function onAfterInsert() {
3398c2	137	global $app, $conf;
b488b5	138	// Create the group for the client
T	139	$groupid = $app->db->datalogInsert('sys_group', "(name,description,client_id) VALUES ('".mysql_real_escape_string($this->dataRecord["username"])."','',".$this->id.")", 'groupid');
	140	$groups = $groupid;
	141
	142	$username = $app->db->quote($this->dataRecord["username"]);
	143	$password = $app->db->quote($this->dataRecord["password"]);
3398c2	144	$modules = $conf['interface_modules_enabled'];
b488b5	145	if($this->dataRecord["limit_client"] > 0) $modules .= ',client';
f150f0	146	$startmodule = (stristr($modules,'dashboard'))?'dashboard':'client';
b488b5	147	$usertheme = $app->db->quote($this->dataRecord["usertheme"]);
T	148	$type = 'user';
	149	$active = 1;
	150	$language = $app->db->quote($this->dataRecord["language"]);
c614f1	151	$password = $app->auth->crypt_password($password);
f5d954	152
T	153	// Create the controlpaneluser for the client
08c588	154	//Generate ssh-rsa-keys
L	155	exec('ssh-keygen -t rsa -C '.$username.'-rsa-key-'.time().' -f /tmp/id_rsa -N ""');
b74ef5	156	$app->db->query("UPDATE client SET created_at = ".time().", id_rsa = '".$app->db->quote(@file_get_contents('/tmp/id_rsa'))."', ssh_rsa = '".$app->db->quote(@file_get_contents('/tmp/id_rsa.pub'))."' WHERE client_id = ".$this->id);
08c588	157	exec('rm -f /tmp/id_rsa /tmp/id_rsa.pub');
28a1b8	158
b488b5	159	// Create the controlpaneluser for the client
28a1b8	160	$sql = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id)
f5d954	161	VALUES ('$username','$password','$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,".$this->id.")";
b488b5	162	$app->db->query($sql);
T	163
	164	//* If the user who inserted the client is a reseller (not admin), we will have to add this new client group
	165	//* to his groups, so he can administrate the records of this client.
	166	if($_SESSION['s']['user']['typ'] == 'user') {
	167	$app->auth->add_group_to_user($_SESSION['s']['user']['userid'],$groupid);
	168	$app->db->query("UPDATE client SET parent_client_id = ".intval($_SESSION['s']['user']['client_id'])." WHERE client_id = ".$this->id);
	169	}
	170
990a55	171	//* Set the default servers
fcf6a0	172	$tmp = $app->db->queryOneRecord('SELECT server_id FROM server WHERE mail_server = 1 AND mirror_server_id = 0 LIMIT 0,1');
990a55	173	$default_mailserver = intval($tmp['server_id']);
fcf6a0	174	$tmp = $app->db->queryOneRecord('SELECT server_id FROM server WHERE web_server = 1 AND mirror_server_id = 0 LIMIT 0,1');
990a55	175	$default_webserver = intval($tmp['server_id']);
fcf6a0	176	$tmp = $app->db->queryOneRecord('SELECT server_id FROM server WHERE dns_server = 1 AND mirror_server_id = 0 LIMIT 0,1');
990a55	177	$default_dnsserver = intval($tmp['server_id']);
fcf6a0	178	$tmp = $app->db->queryOneRecord('SELECT server_id FROM server WHERE db_server = 1 AND mirror_server_id = 0 LIMIT 0,1');
990a55	179	$default_dbserver = intval($tmp['server_id']);
28a1b8	180
990a55	181	$sql = "UPDATE client SET default_mailserver = $default_mailserver, default_webserver = $default_webserver, default_dnsserver = $default_dnsserver, default_dbserver = $default_dbserver WHERE client_id = ".$this->id;
T	182	$app->db->query($sql);
	183
b488b5	184	/* If there is a client-template, process it */
T	185	applyClientTemplates($this->id);
	186
	187	parent::onAfterInsert();
	188	}
	189
	190
	191	/*
	192	This function is called automatically right after
	193	the data was successful updated in the database.
	194	*/
	195	function onAfterUpdate() {
	196	global $app;
	197
	198	// username changed
91624b	199	if($conf['demo_mode'] != true && isset($this->dataRecord['username']) && $this->dataRecord['username'] != '' && $this->oldDataRecord['username'] != $this->dataRecord['username']) {
b488b5	200	$username = $app->db->quote($this->dataRecord["username"]);
T	201	$client_id = $this->id;
	202	$sql = "UPDATE sys_user SET username = '$username' WHERE client_id = $client_id";
	203	$app->db->query($sql);
	204
	205	$tmp = $app->db->queryOneRecord("SELECT * FROM sys_group WHERE client_id = $client_id");
	206	$app->db->datalogUpdate("sys_group", "name = '$username'", 'groupid', $tmp['groupid']);
	207	unset($tmp);
	208	}
	209
	210	// password changed
91624b	211	if($conf['demo_mode'] != true && isset($this->dataRecord["password"]) && $this->dataRecord["password"] != '') {
b488b5	212	$password = $app->db->quote($this->dataRecord["password"]);
f5d954	213	$salt="$1$";
T	214	$base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
	215	for ($n=0;$n<8;$n++) {
	216	$salt.=$base64_alphabet[mt_rand(0,63)];
	217	}
	218	$salt.="$";
	219	$password = crypt(stripslashes($password),$salt);
b488b5	220	$client_id = $this->id;
f5d954	221	$sql = "UPDATE sys_user SET passwort = '$password' WHERE client_id = $client_id";
b488b5	222	$app->db->query($sql);
T	223	}
	224
cab924	225	// language changed
91624b	226	if($conf['demo_mode'] != true && isset($this->dataRecord['language']) && $this->dataRecord['language'] != '' && $this->oldDataRecord['language'] != $this->dataRecord['language']) {
cab924	227	$language = $app->db->quote($this->dataRecord["language"]);
T	228	$client_id = $this->id;
	229	$sql = "UPDATE sys_user SET language = '$language' WHERE client_id = $client_id";
	230	$app->db->query($sql);
	231	}
	232
b488b5	233	// reseller status changed
T	234	if(isset($this->dataRecord["limit_client"]) && $this->dataRecord["limit_client"] != $this->oldDataRecord["limit_client"]) {
3398c2	235	$modules = $conf['interface_modules_enabled'];
b488b5	236	if($this->dataRecord["limit_client"] > 0) $modules .= ',client';
T	237	$modules = $app->db->quote($modules);
	238	$client_id = $this->id;
	239	$sql = "UPDATE sys_user SET modules = '$modules' WHERE client_id = $client_id";
	240	$app->db->query($sql);
	241	}
08c588	242
b488b5	243	/*
T	244	* If there is a client-template, process it */
	245	applyClientTemplates($this->id);
	246
	247	parent::onAfterUpdate();
	248	}
	249	}
	250
	251	$page = new page_action;
	252	$page->onLoad();
	253
89bbd1	254	?>