github/myvesta
1
0
Fork 0
mirror of https://github.com/myvesta/vesta synced 2025-08-14 10:37:42 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

password transmission via tmp files

Browse source
This commit is contained in:
Serghey Rodin 2015-03-31 00:01:44 +03:00
commit 1a7612cc66
14 changed files with 172 additions and 87 deletions
Download patch file Download diff file Expand all files Collapse all files

10
web/edit/db/index.php
View file

@ -64,11 +64,15 @@ if (!empty($_POST['save'])) {
// Change database password
if (($v_password != $_POST['v_password']) && (empty($_SESSION['error_msg']))) {
$v_password = escapeshellarg($_POST['v_password']);
$v_password = tempnam("/tmp","vst");
$fp = fopen($v_password, "w");
fwrite($fp, $_POST['v_password']."\n");
fclose($fp);
exec (VESTA_CMD."v-change-database-password ".$v_username." ".$v_database." ".$v_password, $output, $return_var);
check_return_code($return_var,$output);
$v_password = "••••••••";
check_return_code($return_var,$output);
unset($output);
unlink($v_password);
$v_password = "••••••••";
}
// Set success message

8
web/edit/mail/index.php
View file

@ -178,11 +178,15 @@ if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (!empty($_GET['acco
// Change password
if (($v_password != $_POST['v_password']) && (empty($_SESSION['error_msg']))) {
$v_password = escapeshellarg($_POST['v_password']);
$v_password = tempnam("/tmp","vst");
$fp = fopen($v_password, "w");
fwrite($fp, $_POST['v_password']."\n");
fclose($fp);
exec (VESTA_CMD."v-change-mail-account-password ".$v_username." ".$v_domain." ".$v_account." ".$v_password, $output, $return_var);
check_return_code($return_var,$output);
$v_password = "••••••••";
unset($output);
unlink($v_password);
$v_password = "••••••••";
}
// Change quota

8
web/edit/user/index.php
View file

@ -76,11 +76,15 @@ if (!empty($_POST['save'])) {
// Change password
if (($v_password != $_POST['v_password']) && (empty($_SESSION['error_msg']))) {
$v_password = escapeshellarg($_POST['v_password']);
$v_password = tempnam("/tmp","vst");
$fp = fopen($v_password, "w");
fwrite($fp, $_POST['v_password']."\n");
fclose($fp);
exec (VESTA_CMD."v-change-user-password ".$v_username." ".$v_password, $output, $return_var);
check_return_code($return_var,$output);
$v_password = "••••••••";
unset($output);
unlink($v_password);
$v_password = "••••••••";
}
// Change package (admin only)

25
web/edit/web/index.php
View file

@ -426,10 +426,14 @@ if (!empty($_POST['save'])) {
$_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
} else {
$v_stats_user = escapeshellarg($_POST['v_stats_user']);
$v_stats_password = escapeshellarg($_POST['v_stats_password']);
$v_stats_password = tempnam("/tmp","vst");
$fp = fopen($v_stats_password, "w");
fwrite($fp, $_POST['v_stats_password']."\n");
fclose($fp);
exec (VESTA_CMD."v-add-web-domain-stats-user ".$v_username." ".$v_domain." ".$v_stats_user." ".$v_stats_password, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
unlink($v_stats_password);
$v_stats_password = "••••••••";
}
}
@ -450,10 +454,14 @@ if (!empty($_POST['save'])) {
}
if (($v_stats_user != $_POST['v_stats_user']) || ($_POST['v_stats_password'] != "••••••••" ) && (empty($_SESSION['error_msg']))) {
$v_stats_user = escapeshellarg($_POST['v_stats_user']);
$v_stats_password = escapeshellarg($_POST['v_stats_password']);
$v_stats_password = tempnam("/tmp","vst");
$fp = fopen($v_stats_password, "w");
fwrite($fp, $_POST['v_stats_password']."\n");
fclose($fp);
exec (VESTA_CMD."v-add-web-domain-stats-user ".$v_username." ".$v_domain." ".$v_stats_user." ".$v_stats_password, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
unlink($v_stats_password);
$v_stats_password = "••••••••";
}
}
@ -484,9 +492,12 @@ if (!empty($_POST['save'])) {
$v_ftp_username = $v_ftp_user_data['v_ftp_user'];
$v_ftp_username_full = $user . '_' . $v_ftp_user_data['v_ftp_user'];
$v_ftp_user = escapeshellarg($v_ftp_username);
$v_ftp_password = escapeshellarg($v_ftp_user_data['v_ftp_password']);
$v_ftp_path = escapeshellarg(trim($v_ftp_user_data['v_ftp_path']));
if (empty($_SESSION['error_msg'])) {
$v_ftp_password = tempnam("/tmp","vst");
$fp = fopen($v_ftp_password, "w");
fwrite($fp, $v_ftp_user_data['v_ftp_password']."\n");
fclose($fp);
exec (VESTA_CMD."v-add-web-domain-ftp ".$v_username." ".$v_domain." ".$v_ftp_username." ".$v_ftp_password . " " . $v_ftp_path, $output, $return_var);
check_return_code($return_var,$output);
if ((!empty($v_ftp_user_data['v_ftp_email'])) && (empty($_SESSION['error_msg']))) {
@ -499,6 +510,8 @@ if (!empty($_POST['save'])) {
unset($v_ftp_email);
}
unset($output);
unlink($v_ftp_password);
$v_ftp_password = escapeshellarg($v_ftp_user_data['v_ftp_password']);
}
if ($return_var == 0) {
@ -552,7 +565,13 @@ if (!empty($_POST['save'])) {
$v_ftp_path = escapeshellarg(trim($v_ftp_user_data['v_ftp_path']));
exec (VESTA_CMD."v-change-web-domain-ftp-path ".$v_username." ".$v_domain." ".$v_ftp_username." ".$v_ftp_path, $output, $return_var);
if ($v_ftp_user_data['v_ftp_password'] != "'••••••••'" && $v_ftp_user_data['v_ftp_password'] != "••••••••" && !empty($v_ftp_user_data['v_ftp_password'])) {
$v_ftp_password = tempnam("/tmp","vst");
$fp = fopen($v_ftp_password, "w");
fwrite($fp, $v_ftp_user_data['v_ftp_password']."\n");
fclose($fp);
exec (VESTA_CMD."v-change-web-domain-ftp-password ".$v_username." ".$v_domain." ".$v_ftp_username." ".$v_ftp_user_data['v_ftp_password'], $output, $return_var);
unlink($v_ftp_password);
$v_ftp_user_data['v_ftp_password'] = escapeshellarg(trim($v_ftp_user_data['v_ftp_password']));
$to = $v_ftp_user_data['v_ftp_email'];
$subject = __("FTP login credentials");
$hostname = exec('hostname');