github/myvesta
1
0
Fork 0
mirror of https://github.com/myvesta/vesta synced 2025-08-14 10:37:42 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Revert "[SECURITY] Fix OS command injection."

Browse source
This commit is contained in:
Serghey Rodin 2015-12-11 21:14:49 +02:00
commit 39e9b6397b
115 changed files with 1980 additions and 1340 deletions
Download patch file Download diff file Expand all files Collapse all files

15
web/edit/backup/exclusions/index.php
View file

@ -9,12 +9,14 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Edit as someone else?
if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
$user = $_GET['user'];
$user=escapeshellarg($_GET['user']);
}
// List backup exclustions
v_exec('v-list-user-backup-exclusions', [$user, 'json'], true, $output);
$data = json_decode($output, true);
exec (VESTA_CMD."v-list-user-backup-exclusions ".$user." 'json'", $output, $return_var);
check_return_code($return_var,$output);
$data = json_decode(implode('', $output), true);
unset($output);
// Parse web
$v_username = $user;
@ -68,10 +70,9 @@ if (!empty($_POST['save'])) {
// Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/');
exit;
exit();
}
// TODO: Use array?
$v_web = $_POST['v_web'];
$v_web_tmp = str_replace("\r\n", ",", $_POST['v_web']);
$v_web_tmp = rtrim($v_web_tmp, ",");
@ -111,7 +112,9 @@ if (!empty($_POST['save'])) {
unset($mktemp_output);
// Save changes
v_exec('v-update-user-backup-exclusions', [$user, $tmp]);
exec (VESTA_CMD."v-update-user-backup-exclusions ".$user." ".$tmp, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
// Set success message
if (empty($_SESSION['error_msg'])) {

42
web/edit/cron/index.php
View file

@ -9,7 +9,7 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Edit as someone else?
if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
$user = $_GET['user'];
$user=escapeshellarg($_GET['user']);
}
// Check job id
@ -18,14 +18,16 @@ if (empty($_GET['job'])) {
exit;
}
$v_username = $user;
$v_job = $_GET['job'];
// List cron job
v_exec('v-list-cron-job', [$user, $v_job, 'json'], true, $output);
$data = json_decode($output, true);
$v_job = escapeshellarg($_GET['job']);
exec (VESTA_CMD."v-list-cron-job ".$user." ".$v_job." 'json'", $output, $return_var);
check_return_code($return_var,$output);
$data = json_decode(implode('', $output), true);
unset($output);
// Parse cron job
$v_username = $user;
$v_job = $_GET['job'];
$v_min = $data[$v_job]['MIN'];
$v_hour = $data[$v_job]['HOUR'];
$v_day = $data[$v_job]['DAY'];
@ -35,25 +37,35 @@ $v_cmd = $data[$v_job]['CMD'];
$v_date = $data[$v_job]['DATE'];
$v_time = $data[$v_job]['TIME'];
$v_suspended = $data[$v_job]['SUSPENDED'];
$v_status = $v_suspended == 'yes' ? 'suspended' : 'active';
if ( $v_suspended == 'yes' ) {
$v_status = 'suspended';
} else {
$v_status = 'active';
}
// Check POST request
if (!empty($_POST['save'])) {
// Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/');
exit;
exit();
}
$v_min = $_POST['v_min'];
$v_hour = $_POST['v_hour'];
$v_day = $_POST['v_day'];
$v_month = $_POST['v_month'];
$v_wday = $_POST['v_wday'];
$v_cmd = $_POST['v_cmd'];
$v_username = $user;
$v_min = escapeshellarg($_POST['v_min']);
$v_hour = escapeshellarg($_POST['v_hour']);
$v_day = escapeshellarg($_POST['v_day']);
$v_month = escapeshellarg($_POST['v_month']);
$v_wday = escapeshellarg($_POST['v_wday']);
$v_cmd = escapeshellarg($_POST['v_cmd']);
// Save changes
v_exec('v-change-cron-job', [$v_username, $v_job, $v_min, $v_hour, $v_day, $v_month, $v_wday, $v_cmd]);
exec (VESTA_CMD."v-change-cron-job ".$v_username." ".$v_job." ".$v_min." ".$v_hour." ".$v_day." ".$v_month." ".$v_wday." ".$v_cmd, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$v_cmd = $_POST['v_cmd'];
// Set success message
if (empty($_SESSION['error_msg'])) {

39
web/edit/db/index.php
View file

@ -21,40 +21,51 @@ if (empty($_GET['database'])) {
// Edit as someone else?
if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
$user = $_GET['user'];
$user=escapeshellarg($_GET['user']);
}
$v_username = $user;
$v_database = $_GET['database'];
// List datbase
v_exec('v-list-database', [$user, $v_database, 'json'], true, $output);
$data = json_decode($output, true);
$v_database = escapeshellarg($_GET['database']);
exec (VESTA_CMD."v-list-database ".$user." ".$v_database." 'json'", $output, $return_var);
check_return_code($return_var,$output);
$data = json_decode(implode('', $output), true);
unset($output);
// Parse database
$v_username = $user;
$v_database = $_GET['database'];
$v_dbuser = $data[$v_database]['DBUSER'];
$v_password = '';
$v_password = "";
$v_host = $data[$v_database]['HOST'];
$v_type = $data[$v_database]['TYPE'];
$v_charset = $data[$v_database]['CHARSET'];
$v_date = $data[$v_database]['DATE'];
$v_time = $data[$v_database]['TIME'];
$v_suspended = $data[$v_database]['SUSPENDED'];
$v_status = $v_suspended == 'yes' ? 'suspended' : 'active';
if ( $v_suspended == 'yes' ) {
$v_status = 'suspended';
} else {
$v_status = 'active';
}
// Check POST request
if (!empty($_POST['save'])) {
$v_username = $user;
// Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/');
exit;
exit();
}
// Change database user
if (($v_dbuser != $_POST['v_dbuser']) && (empty($_SESSION['error_msg']))) {
$v_dbuser = preg_replace("/^".$user."_/", "", $_POST['v_dbuser']);
v_exec('v-change-database-user', [$v_username, $v_database, $v_dbuser]);
$v_dbuser = $user . '_' . $v_dbuser;
$v_dbuser = escapeshellarg($v_dbuser);
exec (VESTA_CMD."v-change-database-user ".$v_username." ".$v_database." ".$v_dbuser, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$v_dbuser = $user."_".preg_replace("/^".$user."_/", "", $_POST['v_dbuser']);
}
// Change database password
@ -63,9 +74,11 @@ if (!empty($_POST['save'])) {
$fp = fopen($v_password, "w");
fwrite($fp, $_POST['v_password']."\n");
fclose($fp);
v_exec('v-change-database-password', [$v_username, $v_database, $v_password]);
exec (VESTA_CMD."v-change-database-password ".$v_username." ".$v_database." ".$v_password, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
unlink($v_password);
$v_password = $_POST['v_password'];
$v_password = escapeshellarg($_POST['v_password']);
}
// Set success message

95
web/edit/dns/index.php
View file

@ -15,18 +15,20 @@ if (empty($_GET['domain'])) {
// Edit as someone else?
if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
$user = $_GET['user'];
$user=escapeshellarg($_GET['user']);
}
$v_username = $user;
// List dns domain
if ((!empty($_GET['domain'])) && (empty($_GET['record_id']))) {
$v_domain = $_GET['domain'];
v_exec('v-list-dns-domain', [$user, $v_domain, 'json'], true, $output);
$data = json_decode($output, true);
$v_domain = escapeshellarg($_GET['domain']);
exec (VESTA_CMD."v-list-dns-domain ".$user." ".$v_domain." json", $output, $return_var);
check_return_code($return_var,$output);
$data = json_decode(implode('', $output), true);
unset($output);
// Parse dns domain
$v_username = $user;
$v_domain = $_GET['domain'];
$v_ip = $data[$v_domain]['IP'];
$v_template = $data[$v_domain]['TPL'];
$v_ttl = $data[$v_domain]['TTL'];
@ -42,19 +44,24 @@ if ((!empty($_GET['domain'])) && (empty($_GET['record_id']))) {
}
// List dns templates
v_exec('v-list-dns-templates', ['json'], false, $output);
$templates = json_decode($output, true);
exec (VESTA_CMD."v-list-dns-templates json", $output, $return_var);
$templates = json_decode(implode('', $output), true);
unset($output);
}
// List dns record
if ((!empty($_GET['domain'])) && (!empty($_GET['record_id']))) {
$v_domain = $_GET['domain'];
$v_record_id = $_GET['record_id'];
v_exec('v-list-dns-records', [$user, $v_domain, 'json'], true, $output);
$data = json_decode($output, true);
$v_domain = escapeshellarg($_GET['domain']);
$v_record_id = escapeshellarg($_GET['record_id']);
exec (VESTA_CMD."v-list-dns-records ".$user." ".$v_domain." 'json'", $output, $return_var);
check_return_code($return_var,$output);
$data = json_decode(implode('', $output), true);
unset($output);
// Parse dns record
$v_username = $user;
$v_domain = $_GET['domain'];
$v_record_id = $_GET['record_id'];
$v_rec = $data[$v_record_id]['RECORD'];
$v_type = $data[$v_record_id]['TYPE'];
$v_val = $data[$v_record_id]['VALUE'];
@ -71,51 +78,63 @@ if ((!empty($_GET['domain'])) && (!empty($_GET['record_id']))) {
// Check POST request for dns domain
if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (empty($_GET['record_id']))) {
$v_domain = $_POST['v_domain'];
$v_domain = escapeshellarg($_POST['v_domain']);
// Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/');
exit;
exit();
}
// Change domain IP
if (($v_ip != $_POST['v_ip']) && (empty($_SESSION['error_msg']))) {
$v_ip = $_POST['v_ip'];
v_exec('v-change-dns-domain-ip', [$v_username, $v_domain, $v_ip, 'no']);
$v_ip = escapeshellarg($_POST['v_ip']);
exec (VESTA_CMD."v-change-dns-domain-ip ".$v_username." ".$v_domain." ".$v_ip." 'no'", $output, $return_var);
check_return_code($return_var,$output);
$restart_dns = 'yes';
unset($output);
}
// Change domain template
if (($v_template != $_POST['v_template']) && (empty($_SESSION['error_msg']))) {
$v_template = $_POST['v_template'];
v_exec('v-change-dns-domain-tpl', [$v_username, $v_domain, $v_template, 'no']);
$v_template = escapeshellarg($_POST['v_template']);
exec (VESTA_CMD."v-change-dns-domain-tpl ".$v_username." ".$v_domain." ".$v_template." 'no'", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$restart_dns = 'yes';
}
// Change SOA record
if (($v_soa != $_POST['v_soa']) && (empty($_SESSION['error_msg']))) {
$v_soa = $_POST['v_soa'];
v_exec('v-change-dns-domain-soa', [$v_username, $v_domain, $v_soa, 'no']);
$v_soa = escapeshellarg($_POST['v_soa']);
exec (VESTA_CMD."v-change-dns-domain-soa ".$v_username." ".$v_domain." ".$v_soa." 'no'", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$restart_dns = 'yes';
}
// Change expiriation date
if (($v_exp != $_POST['v_exp']) && (empty($_SESSION['error_msg']))) {
$v_exp = $_POST['v_exp'];
v_exec('v-change-dns-domain-exp', [$v_username, $v_domain, $v_exp, 'no']);
$v_exp = escapeshellarg($_POST['v_exp']);
exec (VESTA_CMD."v-change-dns-domain-exp ".$v_username." ".$v_domain." ".$v_exp." 'no'", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
}
// Change domain ttl
if (($v_ttl != $_POST['v_ttl']) && (empty($_SESSION['error_msg']))) {
$v_ttl = $_POST['v_ttl'];
v_exec('v-change-dns-domain-ttl', [$v_username, $v_domain, $v_ttl, 'no']);
$v_ttl = escapeshellarg($_POST['v_ttl']);
exec (VESTA_CMD."v-change-dns-domain-ttl ".$v_username." ".$v_domain." ".$v_ttl." 'no'", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$restart_dns = 'yes';
}
// Restart dns server
if (!empty($restart_dns) && (empty($_SESSION['error_msg']))) {
v_exec('v-restart-dns');
exec (VESTA_CMD."v-restart-dns", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
}
// Set success message
@ -130,30 +149,38 @@ if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (!empty($_GET['reco
// Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/');
exit;
exit();
}
$v_domain = $_POST['v_domain'];
$v_record_id = $_POST['v_record_id'];
// Protect input
$v_domain = escapeshellarg($_POST['v_domain']);
$v_record_id = escapeshellarg($_POST['v_record_id']);
// Change dns record
if (($v_val != $_POST['v_val']) || ($v_priority != $_POST['v_priority']) && (empty($_SESSION['error_msg']))) {
$v_val = escapeshellarg($_POST['v_val']);
$v_priority = escapeshellarg($_POST['v_priority']);
exec (VESTA_CMD."v-change-dns-record ".$v_username." ".$v_domain." ".$v_record_id." ".$v_val." ".$v_priority, $output, $return_var);
check_return_code($return_var,$output);
$v_val = $_POST['v_val'];
$v_priority = $_POST['v_priority'];
v_exec('v-change-dns-record', [$v_username, $v_domain, $v_record_id, $v_val, $v_priority]);
unset($output);
$restart_dns = 'yes';
}
// Change dns record id
if (($_GET['record_id'] != $_POST['v_record_id']) && (empty($_SESSION['error_msg']))) {
$v_old_record_id = $_GET['record_id'];
v_exec('v-change-dns-record-id', [$v_username, $v_domain, $v_old_record_id, $v_record_id]);
$v_old_record_id = escapeshellarg($_GET['record_id']);
exec (VESTA_CMD."v-change-dns-record-id ".$v_username." ".$v_domain." ".$v_old_record_id." ".$v_record_id, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$restart_dns = 'yes';
}
// Restart dns server
if (!empty($restart_dns) && (empty($_SESSION['error_msg']))) {
v_exec('v-restart-dns');
exec (VESTA_CMD."v-restart-dns", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
}
// Set success message

14
web/edit/file/index.php
View file

@ -31,22 +31,24 @@ if (($_SESSION['user'] == 'admin') && (!empty($_SESSION['look']))) {
<div id="message" style="display:none; position: absoulte;background-color: green; color: white; padding: 10px;"></div>
<div id="error-message" style="display:none; position: absoulte;background-color: red; color: white; padding: 10px;"></div>
<?php
<?php
if (!empty($_REQUEST['path'])) {
$content = '';
$path = $_REQUEST['path'];
if (!empty($_POST['save'])) {
$fn = tempnam('/tmp', 'vst-save-file-');
$fn = tempnam ('/tmp', 'vst-save-file-');
if ($fn) {
$contents = $_POST['contents'];
$contents = preg_replace("/\r/", "", $contents);
$f = fopen($fn, 'w+');
$f = fopen ($fn, 'w+');
fwrite($f, $contents);
fclose($f);
chmod($fn, 0644);
if ($f) {
$return_var = v_exec('v-copy-fs-file', [$user, $fn, $path]);
exec (VESTA_CMD . "v-copy-fs-file {$user} {$fn} ".escapeshellarg($path), $output, $return_var);
$error = check_return_code($return_var, $output);
if ($return_var != 0) {
print('<p style="color: white">Error while saving file</p>');
exit;
@ -56,12 +58,12 @@ if (($_SESSION['user'] == 'admin') && (!empty($_SESSION['look']))) {
}
}
$return_var = v_exec('v-open-fs-file', [$user, $path], false, $content);
exec (VESTA_CMD . "v-open-fs-file {$user} ".escapeshellarg($path), $content, $return_var);
if ($return_var != 0) {
print 'Error while opening file'; // todo: handle this more styled
exit;
}
$content = $content . "\n";
$content = implode("\n", $content)."\n";
} else {
$content = '';
}

39
web/edit/firewall/index.php
View file

@ -20,13 +20,15 @@ if (empty($_GET['rule'])) {
exit;
}
$v_rule = $_GET['rule'];
// List rule
v_exec('v-list-firewall-rule', [$v_rule, 'json'], true, $output);
$data = json_decode($output, true);
$v_rule = escapeshellarg($_GET['rule']);
exec (VESTA_CMD."v-list-firewall-rule ".$v_rule." 'json'", $output, $return_var);
check_return_code($return_var,$output);
$data = json_decode(implode('', $output), true);
unset($output);
// Parse rule
$v_rule = $_GET['rule'];
$v_action = $data[$v_rule]['ACTION'];
$v_protocol = $data[$v_rule]['PROTOCOL'];
$v_port = $data[$v_rule]['PORT'];
@ -35,17 +37,37 @@ $v_comment = $data[$v_rule]['COMMENT'];
$v_date = $data[$v_rule]['DATE'];
$v_time = $data[$v_rule]['TIME'];
$v_suspended = $data[$v_rule]['SUSPENDED'];
$v_status = $v_suspended == 'yes' ? 'suspended' : 'active';
if ( $v_suspended == 'yes' ) {
$v_status = 'suspended';
} else {
$v_status = 'active';
}
// Check POST request
if (!empty($_POST['save'])) {
// Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/');
exit;
exit();
}
$v_rule = $_GET['rule'];
$v_rule = escapeshellarg($_GET['rule']);
$v_action = escapeshellarg($_POST['v_action']);
$v_protocol = escapeshellarg($_POST['v_protocol']);
$v_port = str_replace(" ",",", $_POST['v_port']);
$v_port = preg_replace('/\,+/', ',', $v_port);
$v_port = trim($v_port, ",");
$v_port = escapeshellarg($v_port);
$v_ip = escapeshellarg($_POST['v_ip']);
$v_comment = escapeshellarg($_POST['v_comment']);
// Change Status
exec (VESTA_CMD."v-change-firewall-rule ".$v_rule." ".$v_action." ".$v_ip." ".$v_port." ".$v_protocol." ".$v_comment, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$v_rule = $_GET['v_rule'];
$v_action = $_POST['v_action'];
$v_protocol = $_POST['v_protocol'];
$v_port = str_replace(" ",",", $_POST['v_port']);
@ -54,9 +76,6 @@ if (!empty($_POST['save'])) {
$v_ip = $_POST['v_ip'];
$v_comment = $_POST['v_comment'];
// Change Status
v_exec('v-change-firewall-rule', [$v_rule, $v_action, $v_ip, $v_port, $v_protocol, $v_comment]);
// Set success message
if (empty($_SESSION['error_msg'])) {
$_SESSION['ok_msg'] = __('Changes has been saved.');

46
web/edit/ip/index.php
View file

@ -19,14 +19,16 @@ if (empty($_GET['ip'])) {
exit;
}
$v_username = $user;
$v_ip = $_GET['ip'];
// List ip
v_exec('v-list-sys-ip', [$v_ip, 'json'], true, $output);
$data = json_decode($output, true);
$v_ip = escapeshellarg($_GET['ip']);
exec (VESTA_CMD."v-list-sys-ip ".$v_ip." 'json'", $output, $return_var);
check_return_code($return_var,$output);
$data = json_decode(implode('', $output), true);
unset($output);
// Parse ip
$v_username = $user;
$v_ip = $_GET['ip'];
$v_netmask = $data[$v_ip]['NETMASK'];
$v_interace = $data[$v_ip]['INTERFACE'];
$v_name = $data[$v_ip]['NAME'];
@ -44,39 +46,51 @@ if ( $v_suspended == 'yes' ) {
}
// List users
v_exec('v-list-sys-users', ['json'], false, $output);
$users = json_decode($output, true);
exec (VESTA_CMD."v-list-sys-users 'json'", $output, $return_var);
$users = json_decode(implode('', $output), true);
unset($output);
// Check POST request
if (!empty($_POST['save'])) {
$v_ip = $_POST['v_ip'];
$v_ip = escapeshellarg($_POST['v_ip']);
// Change Status
if (($v_ipstatus == 'shared') && (empty($_POST['v_shared'])) && (empty($_SESSION['error_msg']))) {
v_exec('v-change-sys-ip-status', [$v_ip, 'dedicated']);
$v_dedicated = 'yes';
exec (VESTA_CMD."v-change-sys-ip-status ".$v_ip." 'dedicated'", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$v_dedicated = 'yes';
}
if (($v_ipstatus == 'dedicated') && (!empty($_POST['v_shared'])) && (empty($_SESSION['error_msg']))) {
v_exec('v-change-sys-ip-status', [$v_ip, 'shared']);
exec (VESTA_CMD."v-change-sys-ip-status ".$v_ip." 'shared'", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
unset($v_dedicated);
}
// Change owner
if (($v_owner != $_POST['v_owner']) && (empty($_SESSION['error_msg']))) {
$v_owner = escapeshellarg($_POST['v_owner']);
exec (VESTA_CMD."v-change-sys-ip-owner ".$v_ip." ".$v_owner, $output, $return_var);
check_return_code($return_var,$output);
$v_owner = $_POST['v_owner'];
v_exec('v-change-sys-ip-owner', [$v_ip, $v_owner]);
unset($output);
}
// Change associated domain
if (($v_name != $_POST['v_name']) && (empty($_SESSION['error_msg']))) {
$v_name = $_POST['v_name'];
v_exec('v-change-sys-ip-name', [$v_ip, $v_name]);
$v_name = escapeshellarg($_POST['v_name']);
exec (VESTA_CMD."v-change-sys-ip-name ".$v_ip." ".$v_name, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
}
// Change NAT address
if (($v_nat != $_POST['v_nat']) && (empty($_SESSION['error_msg']))) {
$v_nat = $_POST['v_nat'];
v_exec('v-change-sys-ip-nat', [$v_ip, $v_nat]);
$v_nat = escapeshellarg($_POST['v_nat']);
exec (VESTA_CMD."v-change-sys-ip-nat ".$v_ip." ".$v_nat, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
}
// Set success message

131
web/edit/mail/index.php
View file

@ -21,18 +21,19 @@ if (empty($_GET['domain'])) {
// Edit as someone else?
if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
$user = $_GET['user'];
$user=escapeshellarg($_GET['user']);
}
$v_username = $user;
// List mail domain
if ((!empty($_GET['domain'])) && (empty($_GET['account']))) {
$v_domain = $_GET['domain'];
v_exec('v-list-mail-domain', [$user, $v_domain, 'json'], false, $output);
$data = json_decode($output, true);
$v_domain = escapeshellarg($_GET['domain']);
exec (VESTA_CMD."v-list-mail-domain ".$user." ".$v_domain." json", $output, $return_var);
$data = json_decode(implode('', $output), true);
unset($output);
// Parse domain
$v_domain = $_GET['domain'];
$v_antispam = $data[$v_domain]['ANTISPAM'];
$v_antivirus = $data[$v_domain]['ANTIVIRUS'];
$v_dkim = $data[$v_domain]['DKIM'];
@ -49,14 +50,17 @@ if ((!empty($_GET['domain'])) && (empty($_GET['account']))) {
// List mail account
if ((!empty($_GET['domain'])) && (!empty($_GET['account']))) {
$v_domain = $_GET['domain'];
$v_account = $_GET['account'];
v_exec('v-list-mail-account', [$user, $v_domain, $v_account, 'json'], false, $output);
$data = json_decode($output, true);
$v_domain = escapeshellarg($_GET['domain']);
$v_account = escapeshellarg($_GET['account']);
exec (VESTA_CMD."v-list-mail-account ".$user." ".$v_domain." ".$v_account." 'json'", $output, $return_var);
$data = json_decode(implode('', $output), true);
unset($output);
// Parse mail account
$v_password = '';
$v_username = $user;
$v_domain = $_GET['domain'];
$v_account = $_GET['account'];
$v_password = "";
$v_aliases = str_replace(',', "\n", $data[$v_account]['ALIAS']);
$valiases = explode(",", $data[$v_account]['ALIAS']);
$v_fwd = str_replace(',', "\n", $data[$v_account]['FWD']);
@ -75,8 +79,9 @@ if ((!empty($_GET['domain'])) && (!empty($_GET['account']))) {
// Parse autoreply
if ( $v_autoreply == 'yes' ) {
v_exec('v-list-mail-account-autoreply', [$user, $v_domain, $v_account, 'json'], false, $output);
$autoreply_str = json_decode($output, true);
exec (VESTA_CMD."v-list-mail-account-autoreply ".$user." '".$v_domain."' '".$v_account."' json", $output, $return_var);
$autoreply_str = json_decode(implode('', $output), true);
unset($output);
$v_autoreply_message = $autoreply_str[$v_account]['MSG'];
}
}
@ -84,68 +89,86 @@ if ((!empty($_GET['domain'])) && (!empty($_GET['account']))) {
// Check POST request for mail domain
if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (empty($_GET['account']))) {
$v_domain = $_POST['v_domain'];
$v_domain = escapeshellarg($_POST['v_domain']);
// Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/');
exit;
exit();
}
// Delete antispam
if (($v_antispam == 'yes') && (empty($_POST['v_antispam'])) && (empty($_SESSION['error_msg']))) {
v_exec('v-delete-mail-domain-antispam', [$v_username, $v_domain]);
exec (VESTA_CMD."v-delete-mail-domain-antispam ".$v_username." ".$v_domain, $output, $return_var);
check_return_code($return_var,$output);
$v_antispam = 'no';
unset($output);
}
// Add antispam
if (($v_antispam == 'no') && (!empty($_POST['v_antispam'])) && (empty($_SESSION['error_msg']))) {
v_exec('v-add-mail-domain-antispam', [$v_username, $v_domain]);
exec (VESTA_CMD."v-add-mail-domain-antispam ".$v_username." ".$v_domain, $output, $return_var);
check_return_code($return_var,$output);
$v_antispam = 'yes';
unset($output);
}
// Delete antivirus
if (($v_antivirus == 'yes') && (empty($_POST['v_antivirus'])) && (empty($_SESSION['error_msg']))) {
v_exec('v-delete-mail-domain-antivirus', [$v_username, $v_domain]);
exec (VESTA_CMD."v-delete-mail-domain-antivirus ".$v_username." ".$v_domain, $output, $return_var);
check_return_code($return_var,$output);
$v_antivirus = 'no';
unset($output);
}
// Add antivirs
if (($v_antivirus == 'no') && (!empty($_POST['v_antivirus'])) && (empty($_SESSION['error_msg']))) {
v_exec('v-add-mail-domain-antivirus', [$v_username, $v_domain]);
exec (VESTA_CMD."v-add-mail-domain-antivirus ".$v_username." ".$v_domain, $output, $return_var);
check_return_code($return_var,$output);
$v_antivirus = 'yes';
unset($output);
}
// Delete DKIM
if (($v_dkim == 'yes') && (empty($_POST['v_dkim'])) && (empty($_SESSION['error_msg']))) {
v_exec('v-delete-mail-domain-dkim', [$v_username, $v_domain]);
exec (VESTA_CMD."v-delete-mail-domain-dkim ".$v_username." ".$v_domain, $output, $return_var);
check_return_code($return_var,$output);
$v_dkim = 'no';
unset($output);
}
// Add DKIM
if (($v_dkim == 'no') && (!empty($_POST['v_dkim'])) && (empty($_SESSION['error_msg']))) {
v_exec('v-add-mail-domain-dkim', [$v_username, $v_domain]);
exec (VESTA_CMD."v-add-mail-domain-dkim ".$v_username." ".$v_domain, $output, $return_var);
check_return_code($return_var,$output);
$v_dkim = 'yes';
unset($output);
}
// Delete catchall
if ((!empty($v_catchall)) && (empty($_POST['v_catchall'])) && (empty($_SESSION['error_msg']))) {
v_exec('v-delete-mail-domain-catchall', [$v_username, $v_domain]);
exec (VESTA_CMD."v-delete-mail-domain-catchall ".$v_username." ".$v_domain, $output, $return_var);
check_return_code($return_var,$output);
$v_catchall = '';
unset($output);
}
// Change catchall address
if ((!empty($v_catchall)) && (!empty($_POST['v_catchall'])) && (empty($_SESSION['error_msg']))) {
if ($v_catchall != $_POST['v_catchall']) {
$v_catchall = $_POST['v_catchall'];
v_exec('v-change-mail-domain-catchall', [$v_username, $v_domain, $v_catchall]);
$v_catchall = escapeshellarg($_POST['v_catchall']);
exec (VESTA_CMD."v-change-mail-domain-catchall ".$v_username." ".$v_domain." ".$v_catchall, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
}
}
// Add catchall
if ((empty($v_catchall)) && (!empty($_POST['v_catchall'])) && (empty($_SESSION['error_msg']))) {
$v_catchall = $_POST['v_catchall'];
v_exec('v-add-mail-domain-catchall', [$v_username, $v_domain, $v_catchall]);
$v_catchall = escapeshellarg($_POST['v_catchall']);
exec (VESTA_CMD."v-add-mail-domain-catchall ".$v_username." ".$v_domain." ".$v_catchall, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
}
// Set success message
@ -160,11 +183,11 @@ if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (!empty($_GET['acco
// Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/');
exit;
exit();
}
$v_domain = $_POST['v_domain'];
$v_account = $_POST['v_account'];
$v_domain = escapeshellarg($_POST['v_domain']);
$v_account = escapeshellarg($_POST['v_account']);
// Change password
if ((!empty($_POST['v_password'])) && (empty($_SESSION['error_msg']))) {
@ -172,19 +195,23 @@ if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (!empty($_GET['acco
$fp = fopen($v_password, "w");
fwrite($fp, $_POST['v_password']."\n");
fclose($fp);
v_exec('v-change-mail-account-password', [$v_username, $v_domain, $v_account, $v_password]);
exec (VESTA_CMD."v-change-mail-account-password ".$v_username." ".$v_domain." ".$v_account." ".$v_password, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
unlink($v_password);
$v_password = $_POST['v_password'];
$v_password = escapeshellarg($_POST['v_password']);;
}
// Change quota
if (($v_quota != $_POST['v_quota']) && (empty($_SESSION['error_msg']))) {
if (empty($_POST['v_quota'])) {
$v_quota = '0';
$v_quota = 0;
} else {
$v_quota = $_POST['v_quota'];
$v_quota = escapeshellarg($_POST['v_quota']);
}
v_exec('v-change-mail-account-quota', [$v_username, $v_domain, $v_account, $v_quota]);
exec (VESTA_CMD."v-change-mail-account-quota ".$v_username." ".$v_domain." ".$v_account." ".$v_quota, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
}
// Change account aliases
@ -198,13 +225,17 @@ if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (!empty($_GET['acco
$result = array_diff($valiases, $aliases);
foreach ($result as $alias) {
if ((empty($_SESSION['error_msg'])) && (!empty($alias))) {
v_exec('v-delete-mail-account-alias', [$v_username, $v_domain, $v_account, $alias]);
exec (VESTA_CMD."v-delete-mail-account-alias ".$v_username." ".$v_domain." ".$v_account." '".$alias."'", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
}
}
$result = array_diff($aliases, $valiases);
foreach ($result as $alias) {
if ((empty($_SESSION['error_msg'])) && (!empty($alias))) {
v_exec('v-add-mail-account-alias', [$v_username, $v_domain, $v_account, $alias]);
exec (VESTA_CMD."v-add-mail-account-alias ".$v_username." ".$v_domain." ".$v_account." '".$alias."'", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
}
}
}
@ -220,42 +251,56 @@ if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (!empty($_GET['acco
$result = array_diff($vfwd, $fwd);
foreach ($result as $forward) {
if ((empty($_SESSION['error_msg'])) && (!empty($forward))) {
v_exec('v-delete-mail-account-forward', [$v_username, $v_domain, $v_account, $forward]);
exec (VESTA_CMD."v-delete-mail-account-forward ".$v_username." ".$v_domain." ".$v_account." '".$forward."'", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
}
}
$result = array_diff($fwd, $vfwd);
foreach ($result as $forward) {
if ((empty($_SESSION['error_msg'])) && (!empty($forward))) {
v_exec('v-add-mail-account-forward', [$v_username, $v_domain, $v_account, $forward]);
exec (VESTA_CMD."v-add-mail-account-forward ".$v_username." ".$v_domain." ".$v_account." '".$forward."'", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
}
}
}
// Delete FWD_ONLY flag
if (($v_fwd_only == 'yes') && (empty($_POST['v_fwd_only'])) && (empty($_SESSION['error_msg']))) {
v_exec('v-delete-mail-account-fwd-only', [$v_username, $v_domain, $v_account]);
exec (VESTA_CMD."v-delete-mail-account-fwd-only ".$v_username." ".$v_domain." ".$v_account, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$v_fwd_only = '';
}
// Add FWD_ONLY flag
if (($v_fwd_only != 'yes') && (!empty($_POST['v_fwd_only'])) && (empty($_SESSION['error_msg']))) {
v_exec('v-add-mail-account-fwd-only', [$v_username, $v_domain, $v_account]);
exec (VESTA_CMD."v-add-mail-account-fwd-only ".$v_username." ".$v_domain." ".$v_account, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$v_fwd_only = 'yes';
}
// Delete autoreply
if (($v_autoreply == 'yes') && (empty($_POST['v_autoreply'])) && (empty($_SESSION['error_msg']))) {
v_exec('v-delete-mail-account-autoreply', [$v_username, $v_domain, $v_account]);
exec (VESTA_CMD."v-delete-mail-account-autoreply ".$v_username." ".$v_domain." ".$v_account, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$v_autoreply = 'no';
$v_autoreply_message = '';
}
// Add autoreply
if ((!empty($_POST['v_autoreply'])) && (empty($_SESSION['error_msg']))) {
if ($v_autoreply_message != str_replace("\r\n", "\n", $_POST['v_autoreply_message'])) {
if ( $v_autoreply_message != str_replace("\r\n", "\n", $_POST['v_autoreply_message'])) {
$v_autoreply_message = str_replace("\r\n", "\n", $_POST['v_autoreply_message']);
v_exec('v-add-mail-account-autoreply', [$v_username, $v_domain, $v_account, $v_autoreply_message]);
$v_autoreply_message = escapeshellarg($v_autoreply_message);
exec (VESTA_CMD."v-add-mail-account-autoreply ".$v_username." ".$v_domain." ".$v_account." ".$v_autoreply_message, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$v_autoreply = 'yes';
$v_autoreply_message = $_POST['v_autoreply_message'];
}
}

58
web/edit/package/index.php
View file

@ -21,13 +21,14 @@ if (empty($_GET['package'])) {
}
$v_package = $_GET['package'];
// List package
v_exec('v-list-user-package', [$v_package, 'json'], false, $output);
$data = json_decode($output, true);
$v_package = escapeshellarg($_GET['package']);
exec (VESTA_CMD."v-list-user-package ".$v_package." 'json'", $output, $return_var);
$data = json_decode(implode('', $output), true);
unset($output);
// Parse package
$v_package = $_GET['package'];
$v_web_template = $data[$v_package]['WEB_TEMPLATE'];
$v_backend_template = $data[$v_package]['BACKEND_TEMPLATE'];
$v_proxy_template = $data[$v_package]['PROXY_TEMPLATE'];
@ -44,7 +45,7 @@ $v_disk_quota = $data[$v_package]['DISK_QUOTA'];
$v_bandwidth = $data[$v_package]['BANDWIDTH'];
$v_shell = $data[$v_package]['SHELL'];
$v_ns = $data[$v_package]['NS'];
$nameservers = explode(', ', $v_ns);
$nameservers = explode(", ", $v_ns);
$v_ns1 = $nameservers[0];
$v_ns2 = $nameservers[1];
$v_ns3 = $nameservers[2];
@ -56,39 +57,45 @@ $v_ns8 = $nameservers[7];
$v_backups = $data[$v_package]['BACKUPS'];
$v_date = $data[$v_package]['DATE'];
$v_time = $data[$v_package]['TIME'];
$v_status = 'active';
$v_status = 'active';
// List web templates
v_exec('v-list-web-templates', ['json'], false, $output);
$web_templates = json_decode($output, true);
exec (VESTA_CMD."v-list-web-templates json", $output, $return_var);
$web_templates = json_decode(implode('', $output), true);
unset($output);
// List backend templates
if (!empty($_SESSION['WEB_BACKEND'])) {
v_exec('v-list-web-templates-backend', ['json'], false, $output);
$backend_templates = json_decode($output, true);
exec (VESTA_CMD."v-list-web-templates-backend json", $output, $return_var);
$backend_templates = json_decode(implode('', $output), true);
unset($output);
}
// List proxy templates
if (!empty($_SESSION['PROXY_SYSTEM'])) {
v_exec('v-list-web-templates-proxy', ['json'], false, $output);
$proxy_templates = json_decode($output, true);
exec (VESTA_CMD."v-list-web-templates-proxy json", $output, $return_var);
$proxy_templates = json_decode(implode('', $output), true);
unset($output);
}
// List dns templates
v_exec('v-list-dns-templates', ['json'], false, $output);
$dns_templates = json_decode($output, true);
exec (VESTA_CMD."v-list-dns-templates json", $output, $return_var);
$dns_templates = json_decode(implode('', $output), true);
unset($output);
// List shels
v_exec('v-list-sys-shells', ['json'], false, $output);
$shells = json_decode($output, true);
exec (VESTA_CMD."v-list-sys-shells json", $output, $return_var);
$shells = json_decode(implode('', $output), true);
unset($output);
// Check POST request
if (!empty($_POST['save'])) {
// Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/');
exit;
exit();
}
// Check empty fields
@ -126,10 +133,8 @@ if (!empty($_POST['save'])) {
$_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
}
$v_package = $_POST['v_package'];
// Protect input
// TODO: Use array?
$v_package = escapeshellarg($_POST['v_package']);
$v_web_template = escapeshellarg($_POST['v_web_template']);
if (!empty($_SESSION['WEB_BACKEND'])) {
$v_backend_template = escapeshellarg($_POST['v_backend_template']);
@ -194,18 +199,23 @@ if (!empty($_POST['save'])) {
$pkg .= "BACKUPS=".$v_backups."\n";
$pkg .= "TIME=".$v_time."\n";
$pkg .= "DATE=".$v_date."\n";
$fp = fopen("$tmpdir/$v_package.pkg", 'w');
$fp = fopen($tmpdir."/".$_POST['v_package'].".pkg", 'w');
fwrite($fp, $pkg);
fclose($fp);
// Save changes
v_exec('v-add-user-package', [$tmpdir, $v_package, 'yes']);
exec (VESTA_CMD."v-add-user-package ".$tmpdir." ".$v_package." 'yes'", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
// Remove temporary dir
safe_exec('rm', ['-rf', $tmpdir]);
exec ('rm -rf '.$tmpdir, $output, $return_var);
unset($output);
// Propogate new package
v_exec('v-update-user-package', [$v_package, 'json']);
exec (VESTA_CMD."v-update-user-package ".$v_package." 'json'", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
// Set success message
if (empty($_SESSION['error_msg'])) {

237
web/edit/server/index.php
View file

@ -16,8 +16,9 @@ $v_hostname = exec('hostname');
// List available timezones and get current one
$v_timezones = list_timezones();
v_exec('v-get-sys-timezone', [], false, $output);
$v_timezone = strtok($output, "\n");
exec (VESTA_CMD."v-get-sys-timezone", $output, $return_var);
$v_timezone = $output[0];
unset($output);
if ($v_timezone == 'Etc/UTC' ) $v_timezone = 'UTC';
if ($v_timezone == 'Pacific/Honolulu' ) $v_timezone = 'HAST';
if ($v_timezone == 'US/Aleutian' ) $v_timezone = 'HADT';
@ -33,40 +34,51 @@ if ($v_timezone == 'America/Puerto_Rico' ) $v_timezone = 'AST';
if ($v_timezone == 'America/Halifax' ) $v_timezone = 'ADT';
// List supported languages
v_exec('v-list-sys-languages', ['json'], false, $output);
$languages = json_decode($output, true);
exec (VESTA_CMD."v-list-sys-languages json", $output, $return_var);
$languages = json_decode(implode('', $output), true);
unset($output);
// List dns cluster hosts
v_exec('v-list-remote-dns-hosts', ['json'], false, $output);
$dns_cluster = json_decode($output, true);
if (count($dns_cluster) >= 1) $v_dns_cluster = 'yes';
exec (VESTA_CMD."v-list-remote-dns-hosts json", $output, $return_var);
$dns_cluster = json_decode(implode('', $output), true);
unset($output);
foreach ($dns_cluster as $key => $value) {
$v_dns_cluster = 'yes';
}
// List MySQL hosts
v_exec('v-list-database-hosts', ['mysql', 'json'], false, $output);
$v_mysql_hosts = json_decode($output, true);
if (count($v_mysql_hosts) >= 1) $v_mysql = 'yes';
exec (VESTA_CMD."v-list-database-hosts mysql json", $output, $return_var);
$v_mysql_hosts = json_decode(implode('', $output), true);
unset($output);
foreach ($v_mysql_hosts as $key => $value) {
$v_mysql = 'yes';
}
// List PostgreSQL hosts
v_exec('v-list-database-hosts', ['pgsql', 'json'], false, $output);
$v_pgsql_hosts = json_decode($output, true);
if (count($v_pgsql_hosts) >= 1) $v_psql = 'yes';
exec (VESTA_CMD."v-list-database-hosts pgsql json", $output, $return_var);
$v_pgsql_hosts = json_decode(implode('', $output), true);
unset($output);
foreach ($v_pgsql_hosts as $key => $value) {
$v_psql = 'yes';
}
// List backup settings
$v_backup_dir = '/backup';
$v_backup_dir = "/backup";
if (!empty($_SESSION['BACKUP'])) $v_backup_dir = $_SESSION['BACKUP'];
$v_backup_gzip = '5';
if (!empty($_SESSION['BACKUP_GZIP'])) $v_backup_gzip = $_SESSION['BACKUP_GZIP'];
$backup_types = explode(',', $_SESSION['BACKUP_SYSTEM']);
$backup_types = split(",",$_SESSION['BACKUP_SYSTEM']);
foreach ($backup_types as $backup_type) {
if ($backup_type == 'local') {
$v_backup = 'yes';
} else {
v_exec('v-list-backup-host', [$backup_type, 'json'], false, $output);
$v_remote_backup = json_decode($output, true);
exec (VESTA_CMD."v-list-backup-host ".$backup_type. " json", $output, $return_var);
$v_remote_backup = json_decode(implode('', $output), true);
unset($output);
$v_backup_host = $v_remote_backup[$backup_type]['HOST'];
$v_backup_type = $v_remote_backup[$backup_type]['TYPE'];
$v_backup_username = $v_remote_backup[$backup_type]['USERNAME'];
$v_backup_password = '';
$v_backup_password = "";
$v_backup_port = $v_remote_backup[$backup_type]['PORT'];
$v_backup_bpath = $v_remote_backup[$backup_type]['BPATH'];
}
@ -74,16 +86,19 @@ foreach ($backup_types as $backup_type) {
// Check POST request
if (!empty($_POST['save'])) {
// Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/');
exit;
exit();
}
// Change hostname
if ((!empty($_POST['v_hostname'])) && ($v_hostname != $_POST['v_hostname'])) {
exec (VESTA_CMD."v-change-sys-hostname ".escapeshellarg($_POST['v_hostname']), $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$v_hostname = $_POST['v_hostname'];
v_exec('v-change-sys-hostname', [$v_hostname]);
}
// Change timezone
@ -105,8 +120,10 @@ if (!empty($_POST['save'])) {
if ($v_tz == 'ADT' ) $v_tz = 'America/Halifax';
if ($v_timezone != $v_tz) {
exec (VESTA_CMD."v-change-sys-timezone ".escapeshellarg($v_tz), $output, $return_var);
check_return_code($return_var,$output);
$v_timezone = $v_tz;
v_exec('v-change-sys-timezone', [$v_timezone]);
unset($output);
}
}
}
@ -114,7 +131,9 @@ if (!empty($_POST['save'])) {
// Change default language
if (empty($_SESSION['error_msg'])) {
if ((!empty($_POST['v_language'])) && ($_SESSION['LANGUAGE'] != $_POST['v_language'])) {
v_exec('v-change-sys-language', [$_POST['v_language']]);
exec (VESTA_CMD."v-change-sys-language ".escapeshellarg($_POST['v_language']), $output, $return_var);
check_return_code($return_var,$output);
unset($output);
if (empty($_SESSION['error_msg'])) $_SESSION['LANGUAGE'] = $_POST['v_language'];
}
}
@ -123,10 +142,14 @@ if (!empty($_POST['save'])) {
if (empty($_SESSION['error_msg'])) {
if ((!empty($_POST['v_quota'])) && ($_SESSION['DISK_QUOTA'] != $_POST['v_quota'])) {
if($_POST['v_quota'] == 'yes') {
v_exec('v-add-sys-quota');
exec (VESTA_CMD."v-add-sys-quota", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
if (empty($_SESSION['error_msg'])) $_SESSION['DISK_QUOTA'] = 'yes';
} else {
v_exec('v-delete-sys-quota');
exec (VESTA_CMD."v-delete-sys-quota", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
if (empty($_SESSION['error_msg'])) $_SESSION['DISK_QUOTA'] = 'no';
}
}
@ -138,10 +161,14 @@ if (!empty($_POST['save'])) {
if ($_SESSION['FIREWALL_SYSTEM'] != 'iptables') $v_firewall = 'no';
if ((!empty($_POST['v_firewall'])) && ($v_firewall != $_POST['v_firewall'])) {
if($_POST['v_firewall'] == 'yes') {
v_exec('v-add-sys-firewall');
exec (VESTA_CMD."v-add-sys-firewall", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
if (empty($_SESSION['error_msg'])) $_SESSION['FIREWALL_SYSTEM'] = 'iptables';
} else {
v_exec('v-delete-sys-firewall');
exec (VESTA_CMD."v-delete-sys-firewall", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
if (empty($_SESSION['error_msg'])) $_SESSION['FIREWALL_SYSTEM'] = '';
}
}
@ -150,7 +177,9 @@ if (!empty($_POST['save'])) {
// Update mysql pasword
if (empty($_SESSION['error_msg'])) {
if (!empty($_POST['v_mysql_password'])) {
v_exec('v-change-database-host-password', ['mysql', 'localhost', 'root', $_POST['v_mysql_password']]);
exec (VESTA_CMD."v-change-database-host-password mysql localhost root '".escapeshellarg($_POST['v_mysql_password'])."'", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$v_db_adv = 'yes';
}
}
@ -159,7 +188,9 @@ if (!empty($_POST['save'])) {
// Update webmail url
if (empty($_SESSION['error_msg'])) {
if ($_POST['v_mail_url'] != $_SESSION['MAIL_URL']) {
v_exec('v-change-sys-config-value', ['MAIL_URL', $_POST['v_mail_url']]);
exec (VESTA_CMD."v-change-sys-config-value MAIL_URL '".escapeshellarg($_POST['v_mail_url'])."'", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$v_mail_adv = 'yes';
}
}
@ -167,7 +198,9 @@ if (!empty($_POST['save'])) {
// Update phpMyAdmin url
if (empty($_SESSION['error_msg'])) {
if ($_POST['v_mysql_url'] != $_SESSION['DB_PMA_URL']) {
v_exec('v-change-sys-config-value', ['DB_PMA_URL', $_POST['v_mysql_url']]);
exec (VESTA_CMD."v-change-sys-config-value DB_PMA_URL '".escapeshellarg($_POST['v_mysql_url'])."'", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$v_db_adv = 'yes';
}
}
@ -175,15 +208,19 @@ if (!empty($_POST['save'])) {
// Update phpPgAdmin url
if (empty($_SESSION['error_msg'])) {
if ($_POST['v_psql_url'] != $_SESSION['DB_PGA_URL']) {
v_exec('v-change-sys-config-value', ['DB_PGA_URL', $_POST['v_pgsql_url']]);
exec (VESTA_CMD."v-change-sys-config-value DB_PGA_URL '".escapeshellarg($_POST['v_pgsql_url'])."'", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$v_db_adv = 'yes';
}
}
// Disable local backup
if (empty($_SESSION['error_msg'])) {
if (($_POST['v_backup'] == 'no') && ($v_backup == 'yes')) {
v_exec('v-delete-backup-host', ['local']);
if (($_POST['v_backup'] == 'no') && ($v_backup == 'yes' )) {
exec (VESTA_CMD."v-delete-backup-host local", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
if (empty($_SESSION['error_msg'])) $v_backup = 'no';
$v_backup_adv = 'yes';
}
@ -192,7 +229,9 @@ if (!empty($_POST['save'])) {
// Enable local backups
if (empty($_SESSION['error_msg'])) {
if (($_POST['v_backup'] == 'yes') && ($v_backup != 'yes' )) {
v_exec('v-add-backup-host', ['local']);
exec (VESTA_CMD."v-add-backup-host local", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
if (empty($_SESSION['error_msg'])) $v_backup = 'yes';
$v_backup_adv = 'yes';
}
@ -202,7 +241,9 @@ if (!empty($_POST['save'])) {
// Change backup gzip level
if (empty($_SESSION['error_msg'])) {
if ($_POST['v_backup_gzip'] != $v_backup_gzip ) {
v_exec('v-change-sys-config-value', ['BACKUP_GZIP', $_POST['v_backup_gzip']]);
exec (VESTA_CMD."v-change-sys-config-value BACKUP_GZIP ".escapeshellarg($_POST['v_backup_gzip']), $output, $return_var);
check_return_code($return_var,$output);
unset($output);
if (empty($_SESSION['error_msg'])) $v_backup_gzip = $_POST['v_backup_gzip'];
$v_backup_adv = 'yes';
}
@ -211,7 +252,9 @@ if (!empty($_POST['save'])) {
// Change backup path
if (empty($_SESSION['error_msg'])) {
if ($_POST['v_backup_dir'] != $v_backup_dir ) {
v_exec('v-change-sys-config-value', ['BACKUP', $_POST['v_backup_dir']]);
exec (VESTA_CMD."v-change-sys-config-value BACKUP ".escapeshellarg($_POST['v_backup_dir']), $output, $return_var);
check_return_code($return_var,$output);
unset($output);
if (empty($_SESSION['error_msg'])) $v_backup_dir = $_POST['v_backup_dir'];
$v_backup_adv = 'yes';
}
@ -220,12 +263,19 @@ if (!empty($_POST['save'])) {
// Add remote backup host
if (empty($_SESSION['error_msg'])) {
if ((!empty($_POST['v_backup_host'])) && (empty($v_backup_host))) {
$v_backup_host = $_POST['v_backup_host'];
$v_backup_type = $_POST['v_backup_type'];
$v_backup_username = $_POST['v_backup_username'];
$v_backup_password = $_POST['v_backup_password'];
$v_backup_bpath = $_POST['v_backup_bpath'];
v_exec('v-add-backup-host', [$v_backup_type, $v_backup_host, $v_backup_username, $v_backup_password, $v_backup_bpath]);
$v_backup_host = escapeshellarg($_POST['v_backup_host']);
$v_backup_type = escapeshellarg($_POST['v_backup_type']);
$v_backup_username = escapeshellarg($_POST['v_backup_username']);
$v_backup_password = escapeshellarg($_POST['v_backup_password']);
$v_backup_bpath = escapeshellarg($_POST['v_backup_bpath']);
exec (VESTA_CMD."v-add-backup-host '". $v_backup_type ."' '". $v_backup_host ."' '". $v_backup_username ."' '". $v_backup_password ."' '". $v_backup_bpath ."'", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
if (empty($_SESSION['error_msg'])) $v_backup_host = $_POST['v_backup_host'];
if (empty($_SESSION['error_msg'])) $v_backup_type = $_POST['v_backup_type'];
if (empty($_SESSION['error_msg'])) $v_backup_username = $_POST['v_backup_username'];
if (empty($_SESSION['error_msg'])) $v_backup_password = $_POST['v_backup_password'];
if (empty($_SESSION['error_msg'])) $v_backup_bpath = $_POST['v_backup_bpath'];
$v_backup_new = 'yes';
$v_backup_adv = 'yes';
$v_backup_remote_adv = 'yes';
@ -235,14 +285,22 @@ if (!empty($_POST['save'])) {
// Change remote backup host type
if (empty($_SESSION['error_msg'])) {
if ((!empty($_POST['v_backup_host'])) && ($_POST['v_backup_type'] != $v_backup_type)) {
v_exec('v-delete-backup-host', [$v_backup_type], false);
exec (VESTA_CMD."v-delete-backup-host '". $v_backup_type ."'", $output, $return_var);
unset($output);
$v_backup_host = $_POST['v_backup_host'];
$v_backup_type = $_POST['v_backup_type'];
$v_backup_username = $_POST['v_backup_username'];
$v_backup_password = $_POST['v_backup_password'];
$v_backup_bpath = $_POST['v_backup_bpath'];
v_exec('v-add-backup-host', [$v_backup_type, $v_backup_host, $v_backup_username, $v_backup_password, $v_backup_bpath]);
$v_backup_host = escapeshellarg($_POST['v_backup_host']);
$v_backup_type = escapeshellarg($_POST['v_backup_type']);
$v_backup_username = escapeshellarg($_POST['v_backup_username']);
$v_backup_password = escapeshellarg($_POST['v_backup_password']);
$v_backup_bpath = escapeshellarg($_POST['v_backup_bpath']);
exec (VESTA_CMD."v-add-backup-host '". $v_backup_type ."' '". $v_backup_host ."' '". $v_backup_username ."' '". $v_backup_password ."' '". $v_backup_bpath ."'", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
if (empty($_SESSION['error_msg'])) $v_backup_host = $_POST['v_backup_host'];
if (empty($_SESSION['error_msg'])) $v_backup_type = $_POST['v_backup_type'];
if (empty($_SESSION['error_msg'])) $v_backup_username = $_POST['v_backup_username'];
if (empty($_SESSION['error_msg'])) $v_backup_password = $_POST['v_backup_password'];
if (empty($_SESSION['error_msg'])) $v_backup_bpath = $_POST['v_backup_bpath'];
$v_backup_adv = 'yes';
$v_backup_remote_adv = 'yes';
}
@ -252,12 +310,19 @@ if (!empty($_POST['save'])) {
if (empty($_SESSION['error_msg'])) {
if ((!empty($_POST['v_backup_host'])) && ($_POST['v_backup_type'] == $v_backup_type) && (!isset($v_backup_new))) {
if (($_POST['v_backup_host'] != $v_backup_host) || ($_POST['v_backup_username'] != $v_backup_username) || ($_POST['v_backup_password'] || $v_backup_password) || ($_POST['v_backup_bpath'] == $v_backup_bpath)){
$v_backup_host = $_POST['v_backup_host'];
$v_backup_type = $_POST['v_backup_type'];
$v_backup_username = $_POST['v_backup_username'];
$v_backup_password = $_POST['v_backup_password'];
$v_backup_bpath = $_POST['v_backup_bpath'];
v_exec('v-add-backup-host', [$v_backup_type, $v_backup_host, $v_backup_username, $v_backup_password, $v_backup_bpath]);
$v_backup_host = escapeshellarg($_POST['v_backup_host']);
$v_backup_type = escapeshellarg($_POST['v_backup_type']);
$v_backup_username = escapeshellarg($_POST['v_backup_username']);
$v_backup_password = escapeshellarg($_POST['v_backup_password']);
$v_backup_bpath = escapeshellarg($_POST['v_backup_bpath']);
exec (VESTA_CMD."v-add-backup-host '". $v_backup_type ."' '". $v_backup_host ."' '". $v_backup_username ."' '". $v_backup_password ."' '". $v_backup_bpath ."'", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
if (empty($_SESSION['error_msg'])) $v_backup_host = $_POST['v_backup_host'];
if (empty($_SESSION['error_msg'])) $v_backup_type = $_POST['v_backup_type'];
if (empty($_SESSION['error_msg'])) $v_backup_username = $_POST['v_backup_username'];
if (empty($_SESSION['error_msg'])) $v_backup_password = $_POST['v_backup_password'];
if (empty($_SESSION['error_msg'])) $v_backup_bpath = $_POST['v_backup_bpath'];
$v_backup_adv = 'yes';
$v_backup_remote_adv = 'yes';
}
@ -268,14 +333,14 @@ if (!empty($_POST['save'])) {
// Delete remote backup host
if (empty($_SESSION['error_msg'])) {
if ((empty($_POST['v_backup_host'])) && (!empty($v_backup_host))) {
v_exec('v-delete-backup-host', [$v_backup_type]);
if (empty($_SESSION['error_msg'])) {
$v_backup_host = '';
$v_backup_type = '';
$v_backup_username = '';
$v_backup_password = '';
$v_backup_bpath = '';
}
exec (VESTA_CMD."v-delete-backup-host '". $v_backup_type ."'", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
if (empty($_SESSION['error_msg'])) $v_backup_host = '';
if (empty($_SESSION['error_msg'])) $v_backup_type = '';
if (empty($_SESSION['error_msg'])) $v_backup_username = '';
if (empty($_SESSION['error_msg'])) $v_backup_password = '';
if (empty($_SESSION['error_msg'])) $v_backup_bpath = '';
$v_backup_adv = '';
$v_backup_remote_adv = '';
}
@ -286,25 +351,29 @@ if (!empty($_POST['save'])) {
$_SESSION['ok_msg'] = __('Changes has been saved.');
}
// Activate sftp licence
// activating sftp licence
if (empty($_SESSION['error_msg'])) {
if ($_SESSION['SFTPJAIL_KEY'] != $_POST['v_sftp_licence'] && $_POST['v_sftp'] == 'yes') {
if($_SESSION['SFTPJAIL_KEY'] != $_POST['v_sftp_licence'] && $_POST['v_sftp'] == 'yes'){
$module = 'sftpjail';
$licence_key = $_POST['v_sftp_licence'];
v_exec('v-activate-vesta-license', [$module, $licence_key]);
$licence_key = escapeshellarg($_POST['v_sftp_licence']);
exec (VESTA_CMD."v-activate-vesta-license ".$module." ".$licence_key, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
if (empty($_SESSION['error_msg'])) {
$_SESSION['ok_msg'] = __('Licence Activated');
$_SESSION['SFTPJAIL_KEY'] = $licence_key;
$_SESSION['SFTPJAIL_KEY'] = $_POST['v_sftp_licence'];
}
}
}
// Cancel sftp licence
// cancel sftp licence
if (empty($_SESSION['error_msg'])) {
if ($_POST['v_sftp'] == 'cancel' && $_SESSION['SFTPJAIL_KEY']) {
if($_POST['v_sftp'] == 'cancel' && $_SESSION['SFTPJAIL_KEY']){
$module = 'sftpjail';
$licence_key = $_SESSION['SFTPJAIL_KEY'];
v_exec('v-deactivate-vesta-license', [$module, $licence_key]);
$licence_key = escapeshellarg($_SESSION['SFTPJAIL_KEY']);
exec (VESTA_CMD."v-deactivate-vesta-license ".$module." ".$licence_key, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
if (empty($_SESSION['error_msg'])) {
$_SESSION['ok_msg'] = __('Licence Deactivated');
unset($_SESSION['SFTPJAIL_KEY']);
@ -313,25 +382,29 @@ if (!empty($_POST['save'])) {
}
// Activate filemanager licence
// activating filemanager licence
if (empty($_SESSION['error_msg'])) {
if ($_SESSION['FILEMANAGER_KEY'] != $_POST['v_filemanager_licence'] && $_POST['v_filemanager'] == 'yes') {
if($_SESSION['FILEMANAGER_KEY'] != $_POST['v_filemanager_licence'] && $_POST['v_filemanager'] == 'yes'){
$module = 'filemanager';
$licence_key = $_POST['v_filemanager_licence'];
v_exec('v-activate-vesta-license', [$module, $licence_key]);
$licence_key = escapeshellarg($_POST['v_filemanager_licence']);
exec (VESTA_CMD."v-activate-vesta-license ".$module." ".$licence_key, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
if (empty($_SESSION['error_msg'])) {
$_SESSION['ok_msg'] = __('Licence Activated');
$_SESSION['FILEMANAGER_KEY'] = $licence_key;
$_SESSION['FILEMANAGER_KEY'] = $_POST['v_filemanager_licence'];
}
}
}
// Cancel filemanager licence
// cancel filemanager licence
if (empty($_SESSION['error_msg'])) {
if ($_POST['v_filemanager'] == 'cancel' && $_SESSION['FILEMANAGER_KEY']) {
if($_POST['v_filemanager'] == 'cancel' && $_SESSION['FILEMANAGER_KEY']){
$module = 'filemanager';
$licence_key = $_SESSION['FILEMANAGER_KEY'];
v_exec('v-deactivate-vesta-license', [$module, $licence_key]);
$licence_key = escapeshellarg($_SESSION['FILEMANAGER_KEY']);
exec (VESTA_CMD."v-deactivate-vesta-license ".$module." ".$licence_key, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
if (empty($_SESSION['error_msg'])) {
$_SESSION['ok_msg'] = __('Licence Deactivated');
unset($_SESSION['FILEMANAGER_KEY']);
@ -341,8 +414,8 @@ if (!empty($_POST['save'])) {
}
// Check system configuration
v_exec('v-list-sys-config', ['json'], false, $output);
$data = json_decode($output, true);
exec (VESTA_CMD . "v-list-sys-config json", $output, $return_var);
$data = json_decode(implode('', $output), true);
$sys_arr = $data['config'];
foreach ($sys_arr as $key => $value) {
$_SESSION[$key] = $value;

128
web/edit/user/index.php
View file

@ -16,18 +16,21 @@ if (empty($_GET['user'])) {
// Edit as someone else?
if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
$user = $_GET['user'];
$user=$_GET['user'];
$v_username=$_GET['user'];
} else {
$user = $_SESSION['user'];
$user=$_SESSION['user'];
$v_username=$_SESSION['user'];
}
$v_username = $user;
// List user
v_exec('v-list-user', [$v_username, 'json'], true, $output);
$data = json_decode($output, true);
exec (VESTA_CMD."v-list-user ".escapeshellarg($v_username)." json", $output, $return_var);
check_return_code($return_var,$output);
$data = json_decode(implode('', $output), true);
unset($output);
// Parse user
$v_password = '';
$v_password = "";
$v_email = $data[$v_username]['CONTACT'];
$v_package = $data[$v_username]['PACKAGE'];
$v_language = $data[$v_username]['LANGUAGE'];
@ -35,7 +38,7 @@ $v_fname = $data[$v_username]['FNAME'];
$v_lname = $data[$v_username]['LNAME'];
$v_shell = $data[$v_username]['SHELL'];
$v_ns = $data[$v_username]['NS'];
$nameservers = explode(', ', $v_ns);
$nameservers = explode(", ", $v_ns);
$v_ns1 = $nameservers[0];
$v_ns2 = $nameservers[1];
$v_ns3 = $nameservers[2];
@ -55,25 +58,29 @@ $v_time = $data[$v_username]['TIME'];
$v_date = $data[$v_username]['DATE'];
// List packages
v_exec('v-list-user-packages', ['json'], false, $output);
$packages = json_decode($output, true);
exec (VESTA_CMD."v-list-user-packages json", $output, $return_var);
$packages = json_decode(implode('', $output), true);
unset($output);
// List languages
v_exec('v-list-sys-languages', ['json'], false, $output);
$languages = json_decode($output, true);
exec (VESTA_CMD."v-list-sys-languages json", $output, $return_var);
$languages = json_decode(implode('', $output), true);
unset($output);
// List shells
v_exec('v-list-sys-shells', ['json'], false, $output);
$shells = json_decode($output, true);
exec (VESTA_CMD."v-list-sys-shells json", $output, $return_var);
$shells = json_decode(implode('', $output), true);
unset($output);
// Are you admin?
// Check POST request
if (!empty($_POST['save'])) {
// Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/');
exit;
exit();
}
// Change password
@ -82,34 +89,38 @@ if (!empty($_POST['save'])) {
$fp = fopen($v_password, "w");
fwrite($fp, $_POST['v_password']."\n");
fclose($fp);
v_exec('v-change-user-password', [$v_username, $v_password]);
exec (VESTA_CMD."v-change-user-password ".escapeshellarg($v_username)." ".$v_password, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
unlink($v_password);
$v_password = $_POST['v_password'];
$v_password = escapeshellarg($_POST['v_password']);
}
// Change package (admin only)
if (($v_package != $_POST['v_package']) && ($_SESSION['user'] == 'admin') && (empty($_SESSION['error_msg']))) {
$v_package = $_POST['v_package'];
v_exec('v-change-user-package', [$v_username, $v_package]);
$v_package = escapeshellarg($_POST['v_package']);
exec (VESTA_CMD."v-change-user-package ".escapeshellarg($v_username)." ".$v_package, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
}
// Change language
if (($v_language != $_POST['v_language']) && (empty($_SESSION['error_msg']))) {
$v_language = $_POST['v_language'];
v_exec('v-change-user-language', [$v_username, $v_language]);
$v_language = escapeshellarg($_POST['v_language']);
exec (VESTA_CMD."v-change-user-language ".escapeshellarg($v_username)." ".$v_language, $output, $return_var);
check_return_code($return_var,$output);
if (empty($_SESSION['error_msg'])) {
if ((empty($_GET['user'])) || ($_GET['user'] == $_SESSION['user'])) {
$_SESSION['language'] = $_POST['v_language'];
}
if ((empty($_GET['user'])) || ($_GET['user'] == $_SESSION['user'])) $_SESSION['language'] = $_POST['v_language'];
}
unset($output);
}
// Change shell (admin only)
if ($_SESSION['user'] == 'admin') {
if (($v_shell != $_POST['v_shell']) && (empty($_SESSION['error_msg']))) {
$v_shell = $_POST['v_shell'];
v_exec('v-change-user-shell', [$v_username, $v_shell]);
}
if (($v_shell != $_POST['v_shell']) && ($_SESSION['user'] == 'admin') && (empty($_SESSION['error_msg']))) {
$v_shell = escapeshellarg($_POST['v_shell']);
exec (VESTA_CMD."v-change-user-shell ".escapeshellarg($v_username)." ".$v_shell, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
}
// Change contact email
@ -117,37 +128,54 @@ if (!empty($_POST['save'])) {
if (!filter_var($_POST['v_email'], FILTER_VALIDATE_EMAIL)) {
$_SESSION['error_msg'] = __('Please enter valid email address.');
} else {
$v_email = $_POST['v_email'];
v_exec('v-change-user-contact', [$v_username, $v_email]);
$v_email = escapeshellarg($_POST['v_email']);
exec (VESTA_CMD."v-change-user-contact ".escapeshellarg($v_username)." ".$v_email, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
}
}
// Change full name
if ((($v_fname != $_POST['v_fname']) || ($v_lname != $_POST['v_lname'])) && (empty($_SESSION['error_msg']))) {
if (($v_fname != $_POST['v_fname']) || ($v_lname != $_POST['v_lname']) && (empty($_SESSION['error_msg']))) {
$v_fname = escapeshellarg($_POST['v_fname']);
$v_lname = escapeshellarg($_POST['v_lname']);
exec (VESTA_CMD."v-change-user-name ".escapeshellarg($v_username)." ".$v_fname." ".$v_lname, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$v_fname = $_POST['v_fname'];
$v_lname = $_POST['v_lname'];
v_exec('v-change-user-name', [$v_username, $v_fname, $v_lname]);
}
// Change NameServers
if ((($v_ns1 != $_POST['v_ns1']) || ($v_ns2 != $_POST['v_ns2']) || ($v_ns3 != $_POST['v_ns3']) || ($v_ns4 != $_POST['v_ns4']) || ($v_ns5 != $_POST['v_ns5'])
|| ($v_ns6 != $_POST['v_ns6']) || ($v_ns7 != $_POST['v_ns7']) || ($v_ns8 != $_POST['v_ns8'])) && (empty($_SESSION['error_msg']))) {
$v_ns1 = $_POST['v_ns1'];
$v_ns2 = $_POST['v_ns2'];
$v_ns3 = $_POST['v_ns3'];
$v_ns4 = $_POST['v_ns4'];
$v_ns5 = $_POST['v_ns5'];
$v_ns6 = $_POST['v_ns6'];
$v_ns7 = $_POST['v_ns7'];
$v_ns8 = $_POST['v_ns8'];
$ns_args = [$v_username, $v_ns1, $v_ns2];
if (!empty($_POST['v_ns3'])) $ns_args[] = $v_ns3;
if (!empty($_POST['v_ns4'])) $ns_args[] = $v_ns4;
if (!empty($_POST['v_ns5'])) $ns_args[] = $v_ns5;
if (!empty($_POST['v_ns6'])) $ns_args[] = $v_ns6;
if (!empty($_POST['v_ns7'])) $ns_args[] = $v_ns7;
if (!empty($_POST['v_ns8'])) $ns_args[] = $v_ns8;
v_exec('v-change-user-ns', $ns_args);
if (($v_ns1 != $_POST['v_ns1']) || ($v_ns2 != $_POST['v_ns2']) || ($v_ns3 != $_POST['v_ns3']) || ($v_ns4 != $_POST['v_ns4']) || ($v_ns5 != $_POST['v_ns5'])
|| ($v_ns6 != $_POST['v_ns6']) || ($v_ns7 != $_POST['v_ns7']) || ($v_ns8 != $_POST['v_ns8']) && (empty($_SESSION['error_msg']))) {
$v_ns1 = escapeshellarg($_POST['v_ns1']);
$v_ns2 = escapeshellarg($_POST['v_ns2']);
$v_ns3 = escapeshellarg($_POST['v_ns3']);
$v_ns4 = escapeshellarg($_POST['v_ns4']);
$v_ns5 = escapeshellarg($_POST['v_ns5']);
$v_ns6 = escapeshellarg($_POST['v_ns6']);
$v_ns7 = escapeshellarg($_POST['v_ns7']);
$v_ns8 = escapeshellarg($_POST['v_ns8']);
$ns_cmd = VESTA_CMD."v-change-user-ns ".escapeshellarg($v_username)." ".$v_ns1." ".$v_ns2;
if (!empty($_POST['v_ns3'])) $ns_cmd = $ns_cmd." ".$v_ns3;
if (!empty($_POST['v_ns4'])) $ns_cmd = $ns_cmd." ".$v_ns4;
if (!empty($_POST['v_ns5'])) $ns_cmd = $ns_cmd." ".$v_ns5;
if (!empty($_POST['v_ns6'])) $ns_cmd = $ns_cmd." ".$v_ns6;
if (!empty($_POST['v_ns7'])) $ns_cmd = $ns_cmd." ".$v_ns7;
if (!empty($_POST['v_ns8'])) $ns_cmd = $ns_cmd." ".$v_ns8;
exec ($ns_cmd, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$v_ns1 = str_replace("'","", $v_ns1);
$v_ns2 = str_replace("'","", $v_ns2);
$v_ns3 = str_replace("'","", $v_ns3);
$v_ns4 = str_replace("'","", $v_ns4);
$v_ns5 = str_replace("'","", $v_ns5);
$v_ns6 = str_replace("'","", $v_ns6);
$v_ns7 = str_replace("'","", $v_ns7);
$v_ns8 = str_replace("'","", $v_ns8);
}
// Set success message

288
web/edit/web/index.php
View file

@ -16,17 +16,18 @@ if (empty($_GET['domain'])) {
// Edit as someone else?
if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
$user = $_GET['user'];
$user=escapeshellarg($_GET['user']);
}
$v_username = $user;
$v_domain = $_GET['domain'];
// List domain
v_exec('v-list-web-domain', [$user, $v_domain, 'json'], false, $output);
$data = json_decode($output, true);
$v_domain = escapeshellarg($_GET['domain']);
exec (VESTA_CMD."v-list-web-domain ".$user." ".$v_domain." json", $output, $return_var);
$data = json_decode(implode('', $output), true);
unset($output);
// Parse domain
$v_username = $user;
$v_domain = $_GET['domain'];
$v_ip = $data[$v_domain]['IP'];
$v_template = $data[$v_domain]['TPL'];
$v_aliases = str_replace(',', "\n", $data[$v_domain]['ALIAS']);
@ -35,9 +36,10 @@ $v_tpl = $data[$v_domain]['IP'];
$v_cgi = $data[$v_domain]['CGI'];
$v_elog = $data[$v_domain]['ELOG'];
$v_ssl = $data[$v_domain]['SSL'];
if ($v_ssl == 'yes') {
v_exec('v-list-web-domain-ssl', [$user, $v_domain, 'json'], false, $output);
$ssl_str = json_decode($output, true);
if ( $v_ssl == 'yes' ) {
exec (VESTA_CMD."v-list-web-domain-ssl ".$user." '".$v_domain."' json", $output, $return_var);
$ssl_str = json_decode(implode('', $output), true);
unset($output);
$v_ssl_crt = $ssl_str[$v_domain]['CRT'];
$v_ssl_key = $ssl_str[$v_domain]['KEY'];
$v_ssl_ca = $ssl_str[$v_domain]['CA'];
@ -49,10 +51,10 @@ $v_proxy_template = $data[$v_domain]['PROXY'];
$v_proxy_ext = str_replace(',', ', ', $data[$v_domain]['PROXY_EXT']);
$v_stats = $data[$v_domain]['STATS'];
$v_stats_user = $data[$v_domain]['STATS_USER'];
if (!empty($v_stats_user)) $v_stats_password = '';
if (!empty($v_stats_user)) $v_stats_password = "";
$v_ftp_user = $data[$v_domain]['FTP_USER'];
$v_ftp_path = $data[$v_domain]['FTP_PATH'];
if (!empty($v_ftp_user)) $v_ftp_password = '';
if (!empty($v_ftp_user)) $v_ftp_password = "";
$v_ftp_user_prepath = $data[$v_domain]['DOCUMENT_ROOT'];
$v_ftp_user_prepath = str_replace('/public_html', '', $v_ftp_user_prepath, $occurance = 1);
$v_ftp_email = $panel[$user]['CONTACT'];
@ -66,78 +68,87 @@ $v_time = $data[$v_domain]['TIME'];
$v_date = $data[$v_domain]['DATE'];
// List ip addresses
v_exec('v-list-user-ips', [$user, 'json'], false, $output);
$ips = json_decode($output, true);
exec (VESTA_CMD."v-list-user-ips ".$user." json", $output, $return_var);
$ips = json_decode(implode('', $output), true);
unset($output);
// List web templates
v_exec('v-list-web-templates', ['json'], false, $output);
$templates = json_decode($output, true);
exec (VESTA_CMD."v-list-web-templates json", $output, $return_var);
$templates = json_decode(implode('', $output), true);
unset($output);
// List backend templates
if (!empty($_SESSION['WEB_BACKEND'])) {
v_exec('v-list-web-templates-backend', ['json'], false, $output);
$backend_templates = json_decode($output, true);
exec (VESTA_CMD."v-list-web-templates-backend json", $output, $return_var);
$backend_templates = json_decode(implode('', $output), true);
unset($output);
}
// List proxy templates
if (!empty($_SESSION['PROXY_SYSTEM'])) {
v_exec('v-list-web-templates-proxy', ['json'], false, $output);
$proxy_templates = json_decode($output, true);
exec (VESTA_CMD."v-list-web-templates-proxy json", $output, $return_var);
$proxy_templates = json_decode(implode('', $output), true);
unset($output);
}
// List web stat engines
v_exec('v-list-web-stats', ['json'], false, $output);
$stats = json_decode($output, true);
exec (VESTA_CMD."v-list-web-stats json", $output, $return_var);
$stats = json_decode(implode('', $output), true);
unset($output);
// Check POST request
if (!empty($_POST['save'])) {
$v_domain = $_POST['v_domain'];
$v_domain = escapeshellarg($_POST['v_domain']);
// Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/');
exit;
exit();
}
// IP has been changed
if ($v_ip != $_POST['v_ip']) {
$v_ip = $_POST['v_ip'];
// Change web domain IP
if (($v_ip != $_POST['v_ip']) && (empty($_SESSION['error_msg']))) {
$v_ip = escapeshellarg($_POST['v_ip']);
exec (VESTA_CMD."v-change-web-domain-ip ".$v_username." ".$v_domain." ".$v_ip." 'no'", $output, $return_var);
check_return_code($return_var,$output);
$restart_web = 'yes';
$restart_proxy = 'yes';
unset($output);
}
// Change web domain IP
if (empty($_SESSION['error_msg'])) {
v_exec('v-change-web-domain-ip', [$v_username, $v_domain, $v_ip, 'no']);
$restart_web = 'yes';
$restart_proxy = 'yes';
// Chane dns domain IP
if (($v_ip != $_POST['v_ip']) && (empty($_SESSION['error_msg']))) {
exec (VESTA_CMD."v-list-dns-domain ".$v_username." ".$v_domain." json", $output, $return_var);
unset($output);
if ($return_var == 0 ) {
exec (VESTA_CMD."v-change-dns-domain-ip ".$v_username." ".$v_domain." ".$v_ip." 'no'", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$restart_dns = 'yes';
}
}
// Chane dns domain IP
if (empty($_SESSION['error_msg'])) {
$return_var = v_exec('v-list-dns-domain', [$v_username, $v_domain, 'json'], false);
if ($return_var == 0) {
v_exec('v-change-dns-domain-ip', [$v_username, $v_domain, $v_ip, 'no']);
// Change dns ip for each alias
if (($v_ip != $_POST['v_ip']) && (empty($_SESSION['error_msg']))) {
foreach($valiases as $v_alias ){
exec (VESTA_CMD."v-list-dns-domain ".$v_username." '".$v_alias."' json", $output, $return_var);
unset($output);
if ($return_var == 0 ) {
exec (VESTA_CMD."v-change-dns-domain-ip ".$v_username." '".$v_alias."' ".$v_ip, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$restart_dns = 'yes';
}
}
// Change dns ip for each alias
if (empty($_SESSION['error_msg'])) {
foreach ($valiases as $v_alias) {
$return_var = v_exec('v-list-dns-domain', [$v_username, $v_alias, 'json'], false);
if ($return_var == 0) {
v_exe ('v-change-dns-domain-ip', [$v_username, $v_alias, $v_ip]);
$restart_dns = 'yes';
}
}
}
}
// Change template (admin only)
if ($_SESSION['user'] == 'admin') {
if (($v_template != $_POST['v_template']) && (empty($_SESSION['error_msg']))) {
$v_template = $_POST['v_template'];
v_exec('v-change-web-domain-tpl', [$v_username, $v_domain, $v_template, 'no']);
$restart_web = 'yes';
}
if (($v_template != $_POST['v_template']) && ( $_SESSION['user'] == 'admin') && (empty($_SESSION['error_msg']))) {
$v_template = escapeshellarg($_POST['v_template']);
exec (VESTA_CMD."v-change-web-domain-tpl ".$v_username." ".$v_domain." ".$v_template." 'no'", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$restart_web = 'yes';
}
// Change aliases
@ -153,12 +164,18 @@ if (!empty($_POST['save'])) {
if ((empty($_SESSION['error_msg'])) && (!empty($alias))) {
$restart_web = 'yes';
$restart_proxy = 'yes';
$v_template = $_POST['v_template'];
v_exec('v-delete-web-domain-alias', [$v_username, $v_domain, $alias, 'no']);
$v_template = escapeshellarg($_POST['v_template']);
exec (VESTA_CMD."v-delete-web-domain-alias ".$v_username." ".$v_domain." '".$alias."' 'no'", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
if (empty($_SESSION['error_msg'])) {
$return_var = v_exec('v-list-dns-domain', [$v_username, $v_domain], false);
exec (VESTA_CMD."v-list-dns-domain ".$v_username." ".$v_domain, $output, $return_var);
unset($output);
if ($return_var == 0) {
v_exec('v-delete-dns-on-web-alias', [$v_username, $v_domain, $alias, 'no']);
exec (VESTA_CMD."v-delete-dns-on-web-alias ".$v_username." ".$v_domain." '".$alias."' 'no'", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$restart_dns = 'yes';
}
}
@ -170,12 +187,17 @@ if (!empty($_POST['save'])) {
if ((empty($_SESSION['error_msg'])) && (!empty($alias))) {
$restart_web = 'yes';
$restart_proxy = 'yes';
$v_template = $_POST['v_template'];
v_exec('v-add-web-domain-alias', [$v_username, $v_domain, $alias, 'no']);
$v_template = escapeshellarg($_POST['v_template']);
exec (VESTA_CMD."v-add-web-domain-alias ".$v_username." ".$v_domain." '".$alias."' 'no'", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
if (empty($_SESSION['error_msg'])) {
$return_var = v_exec('v-list-dns-domain', [$v_username, $v_domain], false);
exec (VESTA_CMD."v-list-dns-domain ".$v_username." ".$v_domain, $output, $return_var);
unset($output);
if ($return_var == 0) {
v_exec('v-add-dns-on-web-alias', [$v_username, $alias, $v_ip, 'no']);
exec (VESTA_CMD."v-add-dns-on-web-alias ".$v_username." ".$alias." ".$v_ip." no", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$restart_dns = 'yes';
}
}
@ -183,17 +205,19 @@ if (!empty($_POST['save'])) {
}
}
// Change backend template (admin only)
if ($_SESSION['user'] == 'admin') {
if ((!empty($_SESSION['WEB_BACKEND'])) && ($v_backend_template != $_POST['v_backend_template']) && (empty($_SESSION['error_msg']))) {
// Change backend template
if ((!empty($_SESSION['WEB_BACKEND'])) && ( $v_backend_template != $_POST['v_backend_template']) && ( $_SESSION['user'] == 'admin') && (empty($_SESSION['error_msg']))) {
$v_backend_template = $_POST['v_backend_template'];
v_exec('v-change-web-domain-backend-tpl', [$v_username, $v_domain, $v_backend_template]);
}
exec (VESTA_CMD."v-change-web-domain-backend-tpl ".$v_username." ".$v_domain." ".escapeshellarg($v_backend_template), $output, $return_var);
check_return_code($return_var,$output);
unset($output);
}
// Delete proxy support
if ((!empty($_SESSION['PROXY_SYSTEM'])) && (!empty($v_proxy)) && (empty($_POST['v_proxy'])) && (empty($_SESSION['error_msg']))) {
v_exec('v-delete-web-domain-proxy', [$v_username, $v_domain, 'no']);
exec (VESTA_CMD."v-delete-web-domain-proxy ".$v_username." ".$v_domain." 'no'", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
unset($v_proxy);
$restart_proxy = 'yes';
}
@ -205,11 +229,13 @@ if (!empty($_POST['save'])) {
$ext = preg_replace('/\s+/', ' ',$ext);
$ext = trim($ext);
$ext = str_replace(' ', ", ", $ext);
if (($v_proxy_template != $_POST['v_proxy_template']) || ($v_proxy_ext != $ext)) {
if (( $v_proxy_template != $_POST['v_proxy_template']) || ($v_proxy_ext != $ext)) {
$ext = str_replace(', ', ",", $ext);
if (!empty($_POST['v_proxy_template'])) $v_proxy_template = $_POST['v_proxy_template'];
v_exec('v-change-web-domain-proxy-tpl', [$v_username, $v_domain, $v_proxy_template, $ext, 'no']);
exec (VESTA_CMD."v-change-web-domain-proxy-tpl ".$v_username." ".$v_domain." ".escapeshellarg($v_proxy_template)." ".escapeshellarg($ext)." 'no'", $output, $return_var);
check_return_code($return_var,$output);
$v_proxy_ext = str_replace(',', ', ', $ext);
unset($output);
$restart_proxy = 'yes';
}
}
@ -225,13 +251,17 @@ if (!empty($_POST['save'])) {
$ext = str_replace(' ', ",", $ext);
$v_proxy_ext = str_replace(',', ', ', $ext);
}
v_exec('v-add-web-domain-proxy', [$v_username, $v_domain, $v_proxy_template, $ext, 'no']);
exec (VESTA_CMD."v-add-web-domain-proxy ".$v_username." ".$v_domain." ".escapeshellarg($v_proxy_template)." ".escapeshellarg($ext)." 'no'", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$restart_proxy = 'yes';
}
// Delete SSL certificate
if (($v_ssl == 'yes') && (empty($_POST['v_ssl'])) && (empty($_SESSION['error_msg']))) {
v_exec('v-delete-web-domain-ssl', [$v_username, $v_domain, 'no']);
if (( $v_ssl == 'yes' ) && (empty($_POST['v_ssl'])) && (empty($_SESSION['error_msg']))) {
exec (VESTA_CMD."v-delete-web-domain-ssl ".$v_username." ".$v_domain." 'no'", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$v_ssl = 'no';
$restart_web = 'yes';
$restart_proxy = 'yes';
@ -267,7 +297,9 @@ if (!empty($_POST['save'])) {
fclose($fp);
}
v_exec('v-change-web-domain-sslcert', [$user, $v_domain, $tmpdir, 'no']);
exec (VESTA_CMD."v-change-web-domain-sslcert ".$user." ".$v_domain." ".$tmpdir." 'no'", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$restart_web = 'yes';
$restart_proxy = 'yes';
$v_ssl_crt = $_POST['v_ssl_crt'];
@ -296,6 +328,7 @@ if (!empty($_POST['save'])) {
if ((!empty($_POST['v_ssl'])) && (empty($_POST['v_ssl_crt']))) $errors[] = 'ssl certificate';
if ((!empty($_POST['v_ssl'])) && (empty($_POST['v_ssl_key']))) $errors[] = 'ssl key';
if ((!empty($_POST['v_ssl'])) && (empty($_POST['v_ssl_home']))) $errors[] = 'ssl home';
$v_ssl_home = escapeshellarg($_POST['v_ssl_home']);
if (!empty($errors[0])) {
foreach ($errors as $i => $error) {
if ( $i == 0 ) {
@ -304,41 +337,41 @@ if (!empty($_POST['save'])) {
$error_msg = $error_msg.", ".$error;
}
}
$_SESSION['error_msg'] = __('Field "%s" can not be blank.', $error_msg);
$_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
} else {
$v_ssl_home = $_POST['v_ssl_home'];
$v_ssl_crt = str_replace("\r\n", "\n", $_POST['v_ssl_crt']);
$v_ssl_key = str_replace("\r\n", "\n", $_POST['v_ssl_key']);
$v_ssl_ca = str_replace("\r\n", "\n", $_POST['v_ssl_ca']);
exec('mktemp -d', $mktemp_output, $return_var);
exec ('mktemp -d', $mktemp_output, $return_var);
$tmpdir = $mktemp_output[0];
// Certificate
if (!empty($_POST['v_ssl_crt'])) {
$fp = fopen($tmpdir."/".$_POST['v_domain'].".crt", 'w');
fwrite($fp, $v_ssl_crt);
fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_crt']));
fclose($fp);
}
// Key
if (!empty($_POST['v_ssl_key'])) {
$fp = fopen($tmpdir."/".$_POST['v_domain'].".key", 'w');
fwrite($fp, $v_ssl_key);
fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_key']));
fclose($fp);
}
// CA
if (!empty($_POST['v_ssl_ca'])) {
$fp = fopen($tmpdir."/".$_POST['v_domain'].".ca", 'w');
fwrite($fp, $v_ssl_ca);
fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_ca']));
fclose($fp);
}
v_exec('v-add-web-domain-ssl', [$user, $v_domain, $tmpdir, $v_ssl_home, 'no']);
exec (VESTA_CMD."v-add-web-domain-ssl ".$user." ".$v_domain." ".$tmpdir." ".$v_ssl_home." 'no'", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$v_ssl = 'yes';
$restart_web = 'yes';
$restart_proxy = 'yes';
$v_ssl_crt = $_POST['v_ssl_crt'];
$v_ssl_key = $_POST['v_ssl_key'];
$v_ssl_ca = $_POST['v_ssl_ca'];
$v_ssl_home = $_POST['v_ssl_home'];
// Cleanup certificate tempfiles
if (!empty($_POST['v_ssl_crt'])) {
@ -358,36 +391,47 @@ if (!empty($_POST['save'])) {
}
// Change document root for ssl domain
if (($v_ssl == 'yes') && (!empty($_POST['v_ssl'])) && (empty($_SESSION['error_msg']))) {
if ($v_ssl_home != $_POST['v_ssl_home']) {
if (( $v_ssl == 'yes') && (!empty($_POST['v_ssl'])) && (empty($_SESSION['error_msg']))) {
if ( $v_ssl_home != $_POST['v_ssl_home'] ) {
$v_ssl_home = escapeshellarg($_POST['v_ssl_home']);
exec (VESTA_CMD."v-change-web-domain-sslhome ".$user." ".$v_domain." ".$v_ssl_home." 'no'", $output, $return_var);
check_return_code($return_var,$output);
$v_ssl_home = $_POST['v_ssl_home'];
v_exec('v-change-web-domain-sslhome', [$user, $v_domain, $v_ssl_home, 'no']);
unset($output);
}
}
// Delete web stats
if ((!empty($v_stats)) && ($_POST['v_stats'] == 'none') && (empty($_SESSION['error_msg']))) {
exec (VESTA_CMD."v-delete-web-domain-stats ".$v_username." ".$v_domain, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$v_stats = '';
v_exec('v-delete-web-domain-stats', [$v_username, $v_domain]);
}
// Change web stats engine
if ((!empty($v_stats)) && ($_POST['v_stats'] != $v_stats) && (empty($_SESSION['error_msg']))) {
$v_stats = $_POST['v_stats'];
v_exec('v-change-web-domain-stats', [$v_username, $v_domain, $v_stats]);
$v_stats = escapeshellarg($_POST['v_stats']);
exec (VESTA_CMD."v-change-web-domain-stats ".$v_username." ".$v_domain." ".$v_stats, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
}
// Add web stats
if ((empty($v_stats)) && ($_POST['v_stats'] != 'none') && (empty($_SESSION['error_msg']))) {
$v_stats = $_POST['v_stats'];
v_exec('v-add-web-domain-stats', [$v_username, $v_domain, $v_stats]);
$v_stats = escapeshellarg($_POST['v_stats']);
exec (VESTA_CMD."v-add-web-domain-stats ".$v_username." ".$v_domain." ".$v_stats, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
}
// Delete web stats authorization
if ((!empty($v_stats_user)) && (empty($_POST['v_stats_auth'])) && (empty($_SESSION['error_msg']))) {
exec (VESTA_CMD."v-delete-web-domain-stats-user ".$v_username." ".$v_domain, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$v_stats_user = '';
$v_stats_password = '';
v_exec('v-delete-web-domain-stats-user', [$v_username, $v_domain]);
}
// Change web stats user or password
@ -403,14 +447,16 @@ if (!empty($_POST['save'])) {
}
$_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
} else {
$v_stats_user = $_POST['v_stats_user'];
$v_stats_user = escapeshellarg($_POST['v_stats_user']);
$v_stats_password = tempnam("/tmp","vst");
$fp = fopen($v_stats_password, "w");
fwrite($fp, $_POST['v_stats_password']."\n");
fclose($fp);
v_exec('v-add-web-domain-stats-user', [$v_username, $v_domain, $v_stats_user, $v_stats_password]);
exec (VESTA_CMD."v-add-web-domain-stats-user ".$v_username." ".$v_domain." ".$v_stats_user." ".$v_stats_password, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
unlink($v_stats_password);
$v_stats_password = $_POST['v_stats_password'];
$v_stats_password = escapeshellarg($_POST['v_stats_password']);
}
}
@ -428,14 +474,16 @@ if (!empty($_POST['save'])) {
$_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
}
if (($v_stats_user != $_POST['v_stats_user']) || (!empty($_POST['v_stats_password'])) && (empty($_SESSION['error_msg']))) {
$v_stats_user = $_POST['v_stats_user'];
$v_stats_user = escapeshellarg($_POST['v_stats_user']);
$v_stats_password = tempnam("/tmp","vst");
$fp = fopen($v_stats_password, "w");
fwrite($fp, $_POST['v_stats_password']."\n");
fclose($fp);
v_exec('v-add-web-domain-stats-user', [$v_username, $v_domain, $v_stats_user, $v_stats_password]);
exec (VESTA_CMD."v-add-web-domain-stats-user ".$v_username." ".$v_domain." ".$v_stats_user." ".$v_stats_password, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
unlink($v_stats_password);
$v_stats_password = $_POST['v_stats_password'];
$v_stats_password = escapeshellarg($_POST['v_stats_password']);
}
}
@ -465,13 +513,15 @@ if (!empty($_POST['save'])) {
// Add ftp account
$v_ftp_username = $v_ftp_user_data['v_ftp_user'];
$v_ftp_username_full = $user . '_' . $v_ftp_user_data['v_ftp_user'];
$v_ftp_path = trim($v_ftp_user_data['v_ftp_path']);
$v_ftp_user = escapeshellarg($v_ftp_username);
$v_ftp_path = escapeshellarg(trim($v_ftp_user_data['v_ftp_path']));
if (empty($_SESSION['error_msg'])) {
$v_ftp_password = tempnam("/tmp","vst");
$fp = fopen($v_ftp_password, "w");
fwrite($fp, $v_ftp_user_data['v_ftp_password']."\n");
fclose($fp);
v_exec('v-add-web-domain-ftp', [$v_username, $v_domain, $v_ftp_username, $v_ftp_password, $v_ftp_path]);
exec (VESTA_CMD."v-add-web-domain-ftp ".$v_username." ".$v_domain." ".$v_ftp_username." ".$v_ftp_password . " " . $v_ftp_path, $output, $return_var);
check_return_code($return_var,$output);
if ((!empty($v_ftp_user_data['v_ftp_email'])) && (empty($_SESSION['error_msg']))) {
$to = $v_ftp_user_data['v_ftp_email'];
$subject = __("FTP login credentials");
@ -481,14 +531,16 @@ if (!empty($_POST['save'])) {
send_email($to, $subject, $mailtext, $from);
unset($v_ftp_email);
}
unset($output);
unlink($v_ftp_password);
$v_ftp_password = $v_ftp_user_data['v_ftp_password'];
$v_ftp_password = escapeshellarg($v_ftp_user_data['v_ftp_password']);
}
if ($return_var == 0) {
$v_ftp_password = '';
$v_ftp_password = "";
$v_ftp_user_data['is_new'] = 0;
} else {
}
else {
$v_ftp_user_data['is_new'] = 1;
}
@ -507,7 +559,10 @@ if (!empty($_POST['save'])) {
// Delete FTP account
if ($v_ftp_user_data['delete'] == 1) {
$v_ftp_username = $user . '_' . $v_ftp_user_data['v_ftp_user'];
v_exec('v-delete-web-domain-ftp', [$v_username, $v_domain, $v_ftp_username]);
exec (VESTA_CMD."v-delete-web-domain-ftp ".$v_username." ".$v_domain." ".$v_ftp_username, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
continue;
}
@ -526,9 +581,10 @@ if (!empty($_POST['save'])) {
// Change FTP account path
$v_ftp_username = $user . '_' . $v_ftp_user_data['v_ftp_user']; //preg_replace("/^".$user."_/", "", $v_ftp_user_data['v_ftp_user']);
$v_ftp_username = escapeshellarg($v_ftp_username);
//if (!empty($v_ftp_user_data['v_ftp_path'])) {
$v_ftp_path = trim($v_ftp_user_data['v_ftp_path']);
v_exec('v-change-web-domain-ftp-path', [$v_username, $v_domain, $v_ftp_username, $v_ftp_path]);
$v_ftp_path = escapeshellarg(trim($v_ftp_user_data['v_ftp_path']));
exec (VESTA_CMD."v-change-web-domain-ftp-path ".$v_username." ".$v_domain." ".$v_ftp_username." ".$v_ftp_path, $output, $return_var);
//}
// Change FTP account password
@ -537,7 +593,7 @@ if (!empty($_POST['save'])) {
$fp = fopen($v_ftp_password, "w");
fwrite($fp, $v_ftp_user_data['v_ftp_password']."\n");
fclose($fp);
v_exec('v-change-web-domain-ftp-password', [$v_username, $v_domain, $v_ftp_username, $v_ftp_password]);
exec (VESTA_CMD."v-change-web-domain-ftp-password ".$v_username." ".$v_domain." ".$v_ftp_username." ".$v_ftp_password, $output, $return_var);
unlink($v_ftp_password);
$to = $v_ftp_user_data['v_ftp_email'];
@ -548,6 +604,8 @@ if (!empty($_POST['save'])) {
send_email($to, $subject, $mailtext, $from);
unset($v_ftp_email);
}
check_return_code($return_var, $output);
unset($output);
$v_ftp_users_updated[] = array(
'is_new' => 0,
@ -563,17 +621,23 @@ if (!empty($_POST['save'])) {
// Restart web server
if (!empty($restart_web) && (empty($_SESSION['error_msg']))) {
v_exec('v-restart-web');
exec (VESTA_CMD."v-restart-web", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
}
// Restart proxy server
if ((!empty($_SESSION['PROXY_SYSTEM'])) && !empty($restart_proxy) && (empty($_SESSION['error_msg']))) {
v_exec('v-restart-proxy');
exec (VESTA_CMD."v-restart-proxy", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
}
// Restart dns server
if (!empty($restart_dns) && (empty($_SESSION['error_msg']))) {
v_exec('v-restart-dns');
exec (VESTA_CMD."v-restart-dns", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
}
// Set success message