github/myvesta
1
0
Fork 0
mirror of https://github.com/myvesta/vesta synced 2025-08-19 21:04:07 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

🔒 ♻️ Implement secure exec wrapper functions.

Browse source
This commit is contained in:
Flat 2015-12-02 21:24:34 +09:00
commit 8e951ac72e
115 changed files with 1345 additions and 1986 deletions
Download patch file Download diff file Expand all files Collapse all files

7
web/add/cron/autoupdate/index.php
View file

@ -3,13 +3,12 @@
error_reporting(NULL); error_reporting(NULL);
ob_start(); ob_start();
session_start(); session_start();
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php"); include($_SERVER['DOCUMENT_ROOT'].'/inc/main.php');
if ($_SESSION['user'] == 'admin') { if ($_SESSION['user'] == 'admin') {
exec (VESTA_CMD."v-add-cron-vesta-autoupdate", $output, $return_var); v_exec('v-add-cron-vesta-autoupdate', [], false);
$_SESSION['error_msg'] = __('Autoupdate has been successfully enabled'); $_SESSION['error_msg'] = __('Autoupdate has been successfully enabled');
unset($output);
} }
header("Location: /list/updates/"); header('Location: /list/updates/');
exit; exit;

19
web/add/cron/index.php
View file

@ -13,7 +13,7 @@ if (!empty($_POST['ok'])) {
// Check token // Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) { if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/'); header('location: /login/');
exit(); exit;
} }
// Check empty fields // Check empty fields
@ -35,18 +35,16 @@ if (!empty($_POST['ok'])) {
} }
// Protect input // Protect input
$v_min = escapeshellarg($_POST['v_min']); $v_min = $_POST['v_min'];
$v_hour = escapeshellarg($_POST['v_hour']); $v_hour = $_POST['v_hour'];
$v_day = escapeshellarg($_POST['v_day']); $v_day = $_POST['v_day'];
$v_month = escapeshellarg($_POST['v_month']); $v_month = $_POST['v_month'];
$v_wday = escapeshellarg($_POST['v_wday']); $v_wday = $_POST['v_wday'];
$v_cmd = escapeshellarg($_POST['v_cmd']); $v_cmd = $_POST['v_cmd'];
// Add cron job // Add cron job
if (empty($_SESSION['error_msg'])) { if (empty($_SESSION['error_msg'])) {
exec (VESTA_CMD."v-add-cron-job ".$user." ".$v_min." ".$v_hour." ".$v_day." ".$v_month." ".$v_wday." ".$v_cmd, $output, $return_var); v_exec('v-add-cron-job', [$user, $v_min, $v_hour, $v_day, $v_month, $v_wday, $v_cmd]);
check_return_code($return_var,$output);
unset($output);
} }
// Flush field values on success // Flush field values on success
@ -58,7 +56,6 @@ if (!empty($_POST['ok'])) {
unset($v_month); unset($v_month);
unset($v_wday); unset($v_wday);
unset($v_cmd); unset($v_cmd);
unset($output);
} }
} }

7
web/add/cron/reports/index.php
View file

@ -3,11 +3,10 @@
error_reporting(NULL); error_reporting(NULL);
ob_start(); ob_start();
session_start(); session_start();
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php"); include($_SERVER['DOCUMENT_ROOT'].'/inc/main.php');
exec (VESTA_CMD."v-add-cron-reports ".$user, $output, $return_var); v_exec('v-add-cron-reports', [$user], false);
$_SESSION['error_msg'] = __('Cronjob email reporting has been successfully enabled'); $_SESSION['error_msg'] = __('Cronjob email reporting has been successfully enabled');
unset($output);
header("Location: /list/cron/"); header('Location: /list/cron/');
exit; exit;

46
web/add/db/index.php
View file

@ -12,7 +12,7 @@ if (!empty($_POST['ok'])) {
// Check token // Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) { if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/'); header('location: /login/');
exit(); exit;
} }
// Check empty fields // Check empty fields
@ -46,9 +46,8 @@ if (!empty($_POST['ok'])) {
if ($pw_len < 6) $_SESSION['error_msg'] = __('Password is too short.', $error_msg); if ($pw_len < 6) $_SESSION['error_msg'] = __('Password is too short.', $error_msg);
} }
// Protect input $v_database = $_POST['v_database'];
$v_database = escapeshellarg($_POST['v_database']); $v_dbuser = $_POST['v_dbuser'];
$v_dbuser = escapeshellarg($_POST['v_dbuser']);
$v_type = $_POST['v_type']; $v_type = $_POST['v_type'];
$v_charset = $_POST['v_charset']; $v_charset = $_POST['v_charset'];
$v_host = $_POST['v_host']; $v_host = $_POST['v_host'];
@ -56,32 +55,24 @@ if (!empty($_POST['ok'])) {
// Add database // Add database
if (empty($_SESSION['error_msg'])) { if (empty($_SESSION['error_msg'])) {
$v_type = escapeshellarg($_POST['v_type']); $v_password = tempnam('/tmp', 'vst');
$v_charset = escapeshellarg($_POST['v_charset']); $fp = fopen($v_password, 'w');
$v_host = escapeshellarg($_POST['v_host']);
$v_password = tempnam("/tmp","vst");
$fp = fopen($v_password, "w");
fwrite($fp, $_POST['v_password']."\n"); fwrite($fp, $_POST['v_password']."\n");
fclose($fp); fclose($fp);
exec (VESTA_CMD."v-add-database ".$user." ".$v_database." ".$v_dbuser." ".$v_password." ".$v_type." ".$v_host." ".$v_charset, $output, $return_var); v_exec('v-add-database', [$user, $v_database, $v_dbuser, $v_password, $v_type, $v_host, $v_charset]);
check_return_code($return_var,$output);
unset($output);
unlink($v_password); unlink($v_password);
$v_password = escapeshellarg($_POST['v_password']); $v_password = $_POST['v_password'];
$v_type = $_POST['v_type'];
$v_host = $_POST['v_host'];
$v_charset = $_POST['v_charset'];
} }
// Get database manager url // Get database manager url
if (empty($_SESSION['error_msg'])) { if (empty($_SESSION['error_msg'])) {
list($http_host, $port) = explode(':', $_SERVER["HTTP_HOST"] . ":"); list($http_host, $port) = explode(':', $_SERVER['HTTP_HOST'] . ':');
if ($_POST['v_host'] != 'localhost' ) $http_host = $_POST['v_host']; if ($_POST['v_host'] != 'localhost' ) $http_host = $_POST['v_host'];
if ($_POST['v_type'] == 'mysql') $db_admin = "phpMyAdmin"; if ($_POST['v_type'] == 'mysql') $db_admin = 'phpMyAdmin';
if ($_POST['v_type'] == 'mysql') $db_admin_link = "http://".$http_host."/phpmyadmin/"; if ($_POST['v_type'] == 'mysql') $db_admin_link = "http://$http_host/phpmyadmin/";
if (($_POST['v_type'] == 'mysql') && (!empty($_SESSION['DB_PMA_URL']))) $db_admin_link = $_SESSION['DB_PMA_URL']; if (($_POST['v_type'] == 'mysql') && (!empty($_SESSION['DB_PMA_URL']))) $db_admin_link = $_SESSION['DB_PMA_URL'];
if ($_POST['v_type'] == 'pgsql') $db_admin = "phpPgAdmin"; if ($_POST['v_type'] == 'pgsql') $db_admin = 'phpPgAdmin';
if ($_POST['v_type'] == 'pgsql') $db_admin_link = "http://".$http_host."/phppgadmin/"; if ($_POST['v_type'] == 'pgsql') $db_admin_link = "http://$http_host/phppgadmin/";
if (($_POST['v_type'] == 'pgsql') && (!empty($_SESSION['DB_PGA_URL']))) $db_admin_link = $_SESSION['DB_PGA_URL']; if (($_POST['v_type'] == 'pgsql') && (!empty($_SESSION['DB_PGA_URL']))) $db_admin_link = $_SESSION['DB_PGA_URL'];
} }
@ -91,14 +82,14 @@ if (!empty($_POST['ok'])) {
$subject = __("Database Credentials"); $subject = __("Database Credentials");
$hostname = exec('hostname'); $hostname = exec('hostname');
$from = __('MAIL_FROM', $hostname); $from = __('MAIL_FROM', $hostname);
$mailtext = __('DATABASE_READY',$user."_".$_POST['v_database'],$user."_".$_POST['v_dbuser'],$_POST['v_password'],$db_admin_link); $mailtext = __('DATABASE_READY', $user.'_'.$_POST['v_database'], $user.'_'.$_POST['v_dbuser'], $_POST['v_password'], $db_admin_link);
send_email($to, $subject, $mailtext, $from); send_email($to, $subject, $mailtext, $from);
} }
// Flush field values on success // Flush field values on success
if (empty($_SESSION['error_msg'])) { if (empty($_SESSION['error_msg'])) {
$_SESSION['ok_msg'] = __('DATABASE_CREATED_OK',htmlentities($user)."_".htmlentities($_POST['v_database']),htmlentities($user)."_".htmlentities($_POST['v_database'])); $_SESSION['ok_msg'] = __('DATABASE_CREATED_OK', htmlentities($user.'_'.$_POST['v_database']), htmlentities($user.'_'.$_POST['v_database']));
$_SESSION['ok_msg'] .= " / <a href=".$db_admin_link." target='_blank'>" . __('open %s',$db_admin) . "</a>"; $_SESSION['ok_msg'] .= " / <a href=$db_admin_link target='_blank'>" . __('open %s', $db_admin) . '</a>';
unset($v_database); unset($v_database);
unset($v_dbuser); unset($v_dbuser);
unset($v_password); unset($v_password);
@ -117,16 +108,15 @@ top_panel($user,$TAB);
$v_db_email = $panel[$user]['CONTACT']; $v_db_email = $panel[$user]['CONTACT'];
// List avaiable database types // List avaiable database types
$db_types = split(",",$_SESSION['DB_SYSTEM']); $db_types = explode(',', $_SESSION['DB_SYSTEM']);
// List available database servers // List available database servers
$db_hosts = array(); $db_hosts = array();
foreach ($db_types as $db_type ) { foreach ($db_types as $db_type ) {
exec (VESTA_CMD."v-list-database-hosts ".$db_type." 'json'", $output, $return_var); v_exec('v-list-database-hosts', [$db_type, 'json'], false, $output);
$db_hosts_tmp = json_decode(implode('', $output), true); $db_hosts_tmp = json_decode($output, true);
$db_hosts = array_merge($db_hosts, $db_hosts_tmp); $db_hosts = array_merge($db_hosts, $db_hosts_tmp);
unset($db_hosts_tmp); unset($db_hosts_tmp);
unset($output);
} }
// Display body // Display body

63
web/add/dns/index.php
View file

@ -13,7 +13,7 @@ if (!empty($_POST['ok'])) {
// Check token // Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) { if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/'); header('location: /login/');
exit(); exit;
} }
// Check empty fields // Check empty fields
@ -32,51 +32,42 @@ if (!empty($_POST['ok'])) {
// Protect input // Protect input
$v_domain = preg_replace("/^www./i", "", $_POST['v_domain']); $v_domain = preg_replace("/^www./i", "", $_POST['v_domain']);
$v_domain = escapeshellarg($v_domain);
$v_domain = strtolower($v_domain); $v_domain = strtolower($v_domain);
$v_ip = escapeshellarg($_POST['v_ip']); $v_ip = $_POST['v_ip'];
if (!empty($_POST['v_ns1'])) $v_ns1 = escapeshellarg($_POST['v_ns1']); if (!empty($_POST['v_ns1'])) $v_ns1 = $_POST['v_ns1'];
if (!empty($_POST['v_ns2'])) $v_ns2 = escapeshellarg($_POST['v_ns2']); if (!empty($_POST['v_ns2'])) $v_ns2 = $_POST['v_ns2'];
if (!empty($_POST['v_ns3'])) $v_ns3 = escapeshellarg($_POST['v_ns3']); if (!empty($_POST['v_ns3'])) $v_ns3 = $_POST['v_ns3'];
if (!empty($_POST['v_ns4'])) $v_ns4 = escapeshellarg($_POST['v_ns4']); if (!empty($_POST['v_ns4'])) $v_ns4 = $_POST['v_ns4'];
if (!empty($_POST['v_ns5'])) $v_ns5 = escapeshellarg($_POST['v_ns5']); if (!empty($_POST['v_ns5'])) $v_ns5 = $_POST['v_ns5'];
if (!empty($_POST['v_ns6'])) $v_ns6 = escapeshellarg($_POST['v_ns6']); if (!empty($_POST['v_ns6'])) $v_ns6 = $_POST['v_ns6'];
if (!empty($_POST['v_ns7'])) $v_ns7 = escapeshellarg($_POST['v_ns7']); if (!empty($_POST['v_ns7'])) $v_ns7 = $_POST['v_ns7'];
if (!empty($_POST['v_ns8'])) $v_ns8 = escapeshellarg($_POST['v_ns8']); if (!empty($_POST['v_ns8'])) $v_ns8 = $_POST['v_ns8'];
// Add dns domain // Add dns domain
if (empty($_SESSION['error_msg'])) { if (empty($_SESSION['error_msg'])) {
exec (VESTA_CMD."v-add-dns-domain ".$user." ".$v_domain." ".$v_ip." ".$v_ns1." ".$v_ns2." ".$v_ns3." ".$v_ns4." ".$v_ns5." ".$v_ns6." ".$v_ns7." ".$v_ns8." no", $output, $return_var); v_exec('v-add-dns-domain', [$user, $v_domain, $v_ip, $v_ns1, $v_ns2, $v_ns3, $v_ns4, $v_ns5, $v_ns6, $v_ns7, $v_ns8, 'no']);
check_return_code($return_var,$output);
unset($output);
} }
// Set expiriation date // Set expiriation date
if (empty($_SESSION['error_msg'])) { if (empty($_SESSION['error_msg'])) {
if ((!empty($_POST['v_exp'])) && ($_POST['v_exp'] != date('Y-m-d', strtotime('+1 year')))) { if ((!empty($_POST['v_exp'])) && ($_POST['v_exp'] != date('Y-m-d', strtotime('+1 year')))) {
$v_exp = escapeshellarg($_POST['v_exp']); $v_exp = $_POST['v_exp'];
exec (VESTA_CMD."v-change-dns-domain-exp ".$user." ".$v_domain." ".$v_exp." no", $output, $return_var); v_exec('v-change-dns-domain-exp', [$user, $v_domain, $v_exp, 'no']);
check_return_code($return_var,$output);
unset($output);
} }
} }
// Set ttl // Set ttl
if (empty($_SESSION['error_msg'])) { if (empty($_SESSION['error_msg'])) {
if ((!empty($_POST['v_ttl'])) && ($_POST['v_ttl'] != '14400') && (empty($_SESSION['error_msg']))) { if ((!empty($_POST['v_ttl'])) && ($_POST['v_ttl'] != '14400') && (empty($_SESSION['error_msg']))) {
$v_ttl = escapeshellarg($_POST['v_ttl']); $v_ttl = $_POST['v_ttl'];
exec (VESTA_CMD."v-change-dns-domain-ttl ".$user." ".$v_domain." ".$v_ttl." no", $output, $return_var); v_exec('v-change-dns-domain-ttl', [$user, $v_domain, $v_ttl, 'no']);
check_return_code($return_var,$output);
unset($output);
} }
} }
// Restart dns server // Restart dns server
if (empty($_SESSION['error_msg'])) { if (empty($_SESSION['error_msg'])) {
exec (VESTA_CMD."v-restart-dns", $output, $return_var); v_exec('v-restart-dns');
check_return_code($return_var,$output);
unset($output);
} }
// Flush field values on success // Flush field values on success
@ -93,7 +84,7 @@ if (!empty($_POST['ok_rec'])) {
// Check token // Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) { if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/'); header('location: /login/');
exit(); exit;
} }
// Check empty fields // Check empty fields
@ -113,18 +104,15 @@ if (!empty($_POST['ok_rec'])) {
} }
// Protect input // Protect input
$v_domain = escapeshellarg($_POST['v_domain']); $v_domain = $_POST['v_domain'];
$v_rec = escapeshellarg($_POST['v_rec']); $v_rec = $_POST['v_rec'];
$v_type = escapeshellarg($_POST['v_type']); $v_type = $_POST['v_type'];
$v_val = escapeshellarg($_POST['v_val']); $v_val = $_POST['v_val'];
$v_priority = escapeshellarg($_POST['v_priority']); $v_priority = $_POST['v_priority'];
// Add dns record // Add dns record
if (empty($_SESSION['error_msg'])) { if (empty($_SESSION['error_msg'])) {
exec (VESTA_CMD."v-add-dns-record ".$user." ".$v_domain." ".$v_rec." ".$v_type." ".$v_val." ".$v_priority, $output, $return_var); v_exec('v-add-dns-record', [$user, $v_domain, $v_rec, $v_type, $v_val, $v_priority]);
check_return_code($return_var,$output);
unset($output);
$v_type = $_POST['v_type'];
} }
// Flush field values on success // Flush field values on success
@ -159,8 +147,8 @@ if (empty($_GET['domain'])) {
if (empty($v_ttl)) $v_ttl = 14400; if (empty($v_ttl)) $v_ttl = 14400;
if (empty($v_exp)) $v_exp = date('Y-m-d', strtotime('+1 year')); if (empty($v_exp)) $v_exp = date('Y-m-d', strtotime('+1 year'));
if (empty($v_ns1)) { if (empty($v_ns1)) {
exec (VESTA_CMD."v-list-user-ns ".$user." json", $output, $return_var); v_exec('v-list-user-ns', [$user, 'json'], false, $output);
$nameservers = json_decode(implode('', $output), true); $nameservers = json_decode($output, true);
$v_ns1 = str_replace("'", "", $nameservers[0]); $v_ns1 = str_replace("'", "", $nameservers[0]);
$v_ns2 = str_replace("'", "", $nameservers[1]); $v_ns2 = str_replace("'", "", $nameservers[1]);
$v_ns3 = str_replace("'", "", $nameservers[2]); $v_ns3 = str_replace("'", "", $nameservers[2]);
@ -169,7 +157,6 @@ if (empty($_GET['domain'])) {
$v_ns6 = str_replace("'", "", $nameservers[5]); $v_ns6 = str_replace("'", "", $nameservers[5]);
$v_ns7 = str_replace("'", "", $nameservers[6]); $v_ns7 = str_replace("'", "", $nameservers[6]);
$v_ns8 = str_replace("'", "", $nameservers[7]); $v_ns8 = str_replace("'", "", $nameservers[7]);
unset($output);
} }
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/add_dns.html'); include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/add_dns.html');
} }

12
web/add/favorite/index.php
View file

@ -9,15 +9,13 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check token // Check token
// if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) { // if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
// header('location: /login/'); // header('location: /login/');
// exit(); // exit;
// } // }
// Protect input $v_section = $_REQUEST['v_section'];
$v_section = escapeshellarg($_REQUEST['v_section']); $v_unit_id = $_REQUEST['v_unit_id'];
$v_unit_id = escapeshellarg($_REQUEST['v_unit_id']);
$_SESSION['favourites'][strtoupper($_REQUEST['v_section'])][$_REQUEST['v_unit_id']] = 1; $_SESSION['favourites'][strtoupper((string)$v_section)][(string)$v_unit_id] = 1;
exec (VESTA_CMD."v-add-user-favourites ".$_SESSION['user']." ".$v_section." ".$v_unit_id, $output, $return_var); v_exec('v-add-user-favourites', [$_SESSION['user'], $v_section, $v_unit_id], false/*true*/);
// check_return_code($return_var,$output);
?> ?>

9
web/add/firewall/banlist/index.php
View file

@ -31,15 +31,12 @@ if (!empty($_POST['ok'])) {
$_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg); $_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
} }
// Protect input $v_chain = $_POST['v_chain'];
$v_chain = escapeshellarg($_POST['v_chain']); $v_ip = $_POST['v_ip'];
$v_ip = escapeshellarg($_POST['v_ip']);
// Add firewall ban // Add firewall ban
if (empty($_SESSION['error_msg'])) { if (empty($_SESSION['error_msg'])) {
exec (VESTA_CMD."v-add-firewall-ban ".$v_ip." ".$v_chain, $output, $return_var); v_exec('v-add-firewall-ban', [$v_ip, $v_chain]);
check_return_code($return_var,$output);
unset($output);
} }
// Flush field values on success // Flush field values on success

20
web/add/firewall/index.php
View file

@ -20,7 +20,7 @@ if (!empty($_POST['ok'])) {
// Check token // Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) { if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/'); header('location: /login/');
exit(); exit;
} }
// Check empty fields // Check empty fields
@ -39,21 +39,17 @@ if (!empty($_POST['ok'])) {
$_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg); $_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
} }
// Protect input $v_action = $_POST['v_action'];
$v_action = escapeshellarg($_POST['v_action']); $v_protocol = $_POST['v_protocol'];
$v_protocol = escapeshellarg($_POST['v_protocol']); $v_port = str_replace(' ', ',', $_POST['v_port']);
$v_port = str_replace(" ",",", $_POST['v_port']);
$v_port = preg_replace('/\,+/', ',', $v_port); $v_port = preg_replace('/\,+/', ',', $v_port);
$v_port = trim($v_port, ","); $v_port = trim($v_port, ',');
$v_port = escapeshellarg($v_port); $v_ip = $_POST['v_ip'];
$v_ip = escapeshellarg($_POST['v_ip']); $v_comment = $_POST['v_comment'];
$v_comment = escapeshellarg($_POST['v_comment']);
// Add firewall rule // Add firewall rule
if (empty($_SESSION['error_msg'])) { if (empty($_SESSION['error_msg'])) {
exec (VESTA_CMD."v-add-firewall-rule ".$v_action." ".$v_ip." ".$v_port." ".$v_protocol." ".$v_comment, $output, $return_var); v_exec('v-add-firewall-rule', [$v_action, $v_ip, $v_port, $v_protocol, $v_comment]);
check_return_code($return_var,$output);
unset($output);
} }
// Flush field values on success // Flush field values on success

32
web/add/ip/index.php
View file

@ -19,7 +19,7 @@ if (!empty($_POST['ok'])) {
// Check token // Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) { if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/'); header('location: /login/');
exit(); exit;
} }
// Check empty fields // Check empty fields
@ -38,13 +38,12 @@ if (!empty($_POST['ok'])) {
$_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg); $_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
} }
// Protect input $v_ip = $_POST['v_ip'];
$v_ip = escapeshellarg($_POST['v_ip']); $v_netmask = $_POST['v_netmask'];
$v_netmask = escapeshellarg($_POST['v_netmask']); $v_name = $_POST['v_name'];
$v_name = escapeshellarg($_POST['v_name']); $v_nat = $_POST['v_nat'];
$v_nat = escapeshellarg($_POST['v_nat']); $v_interface = $_POST['v_interface'];
$v_interface = escapeshellarg($_POST['v_interface']); $v_owner = $_POST['v_owner'];
$v_owner = escapeshellarg($_POST['v_owner']);
$v_shared = $_POST['v_shared']; $v_shared = $_POST['v_shared'];
// Check shared checkmark // Check shared checkmark
@ -53,16 +52,11 @@ if (!empty($_POST['ok'])) {
} else { } else {
$ip_status = 'dedicated'; $ip_status = 'dedicated';
$v_dedicated = 'yes'; $v_dedicated = 'yes';
} }
// Add IP // Add IP
if (empty($_SESSION['error_msg'])) { if (empty($_SESSION['error_msg'])) {
exec (VESTA_CMD."v-add-sys-ip ".$v_ip." ".$v_netmask." ".$v_interface." ".$v_owner." '".$ip_status."' ".$v_name." ".$v_nat, $output, $return_var); v_exec('v-add-sys-ip', [$v_ip, $v_netmask, $v_interface, $v_owner, $ip_status, $v_name, $v_nat]);
check_return_code($return_var,$output);
unset($output);
$v_owner = $_POST['v_owner'];
$v_interface = $_POST['v_interface'];
} }
// Flush field values on success // Flush field values on success
@ -82,14 +76,12 @@ include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
top_panel($user,$TAB); top_panel($user,$TAB);
// List network interfaces // List network interfaces
exec (VESTA_CMD."v-list-sys-interfaces 'json'", $output, $return_var); v_exec('v-list-sys-interfaces', ['json'], false, $output);
$interfaces = json_decode(implode('', $output), true); $interfaces = json_decode($output, true);
unset($output);
// List users // List users
exec (VESTA_CMD."v-list-sys-users 'json'", $output, $return_var); v_exec('v-list-sys-users', ['json'], false, $output);
$users = json_decode(implode('', $output), true); $users = json_decode($output, true);
unset($output);
// Display body // Display body
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/add_ip.html'); include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/add_ip.html');

58
web/add/mail/index.php
View file

@ -14,7 +14,7 @@ if (!empty($_POST['ok'])) {
// Check token // Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) { if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/'); header('location: /login/');
exit(); exit;
} }
// Check empty fields // Check empty fields
@ -53,14 +53,11 @@ if (!empty($_POST['ok'])) {
// Set domain name to lowercase and remove www prefix // Set domain name to lowercase and remove www prefix
$v_domain = preg_replace("/^www./i", "", $_POST['v_domain']); $v_domain = preg_replace("/^www./i", "", $_POST['v_domain']);
$v_domain = escapeshellarg($v_domain);
$v_domain = strtolower($v_domain); $v_domain = strtolower($v_domain);
// Add mail domain // Add mail domain
if (empty($_SESSION['error_msg'])) { if (empty($_SESSION['error_msg'])) {
exec (VESTA_CMD."v-add-mail-domain ".$user." ".$v_domain." ".$v_antispam." ".$v_antivirus." ".$v_dkim, $output, $return_var); v_exec('v-add-mail-domain', [$user, $v_domain, $v_antispam, $v_antivirus, $v_dkim]);
check_return_code($return_var,$output);
unset($output);
} }
// Flush field values on success // Flush field values on success
@ -77,7 +74,7 @@ if (!empty($_POST['ok_acc'])) {
// Check token // Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) { if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/'); header('location: /login/');
exit(); exit;
} }
// Check empty fields // Check empty fields
@ -96,13 +93,12 @@ if (!empty($_POST['ok_acc'])) {
} }
// Protect input // Protect input
$v_domain = escapeshellarg($_POST['v_domain']); $v_domain = strtolower($_POST['v_domain']);
$v_domain = strtolower($v_domain); $v_account = $_POST['v_account'];
$v_account = escapeshellarg($_POST['v_account']); $v_quota = $_POST['v_quota'];
$v_quota = escapeshellarg($_POST['v_quota']);
$v_aliases = $_POST['v_aliases']; $v_aliases = $_POST['v_aliases'];
$v_fwd = $_POST['v_fwd']; $v_fwd = $_POST['v_fwd'];
if (empty($_POST['v_quota'])) $v_quota = 0; if (empty($_POST['v_quota'])) $v_quota = '0';
if ((!empty($_POST['v_quota'])) || (!empty($_POST['v_aliases'])) || (!empty($_POST['v_fwd'])) ) $v_adv = 'yes'; if ((!empty($_POST['v_quota'])) || (!empty($_POST['v_aliases'])) || (!empty($_POST['v_fwd'])) ) $v_adv = 'yes';
// Add Mail Account // Add Mail Account
@ -111,65 +107,55 @@ if (!empty($_POST['ok_acc'])) {
$fp = fopen($v_password, "w"); $fp = fopen($v_password, "w");
fwrite($fp, $_POST['v_password']."\n"); fwrite($fp, $_POST['v_password']."\n");
fclose($fp); fclose($fp);
exec (VESTA_CMD."v-add-mail-account ".$user." ".$v_domain." ".$v_account." ".$v_password." ".$v_quota, $output, $return_var); v_exec('v-add-mail-account', [$user, $v_domain, $v_account, $v_password, $v_quota]);
check_return_code($return_var,$output);
unset($output);
unlink($v_password); unlink($v_password);
$v_password = escapeshellarg($_POST['v_password']); $v_password = $_POST['v_password'];
} }
// Add Aliases // Add Aliases
if ((!empty($_POST['v_aliases'])) && (empty($_SESSION['error_msg']))) { if ((!empty($_POST['v_aliases'])) && (empty($_SESSION['error_msg']))) {
$valiases = preg_replace("/\n/", " ", $_POST['v_aliases']); $valiases = preg_replace('/\n/', ' ', $_POST['v_aliases']);
$valiases = preg_replace("/,/", " ", $valiases); $valiases = preg_replace('/,/', ' ', $valiases);
$valiases = preg_replace('/\s+/', ' ',$valiases); $valiases = preg_replace('/\s+/', ' ',$valiases);
$valiases = trim($valiases); $valiases = trim($valiases);
$aliases = explode(" ", $valiases); $aliases = explode(' ', $valiases);
foreach ($aliases as $alias) { foreach ($aliases as $alias) {
$alias = escapeshellarg($alias);
if (empty($_SESSION['error_msg'])) { if (empty($_SESSION['error_msg'])) {
exec (VESTA_CMD."v-add-mail-account-alias ".$user." ".$v_domain." ".$v_account." ".$alias, $output, $return_var); v_exec('v-add-mail-account-alias', [$user, $v_domain, $v_account, $alias]);
check_return_code($return_var,$output);
unset($output);
} }
} }
} }
// Add Forwarders // Add Forwarders
if ((!empty($_POST['v_fwd'])) && (empty($_SESSION['error_msg']))) { if ((!empty($_POST['v_fwd'])) && (empty($_SESSION['error_msg']))) {
$vfwd = preg_replace("/\n/", " ", $_POST['v_fwd']); $vfwd = preg_replace('/\n/', ' ', $_POST['v_fwd']);
$vfwd = preg_replace("/,/", " ", $vfwd); $vfwd = preg_replace('/,/', ' ', $vfwd);
$vfwd = preg_replace('/\s+/', ' ',$vfwd); $vfwd = preg_replace('/\s+/', ' ',$vfwd);
$vfwd = trim($vfwd); $vfwd = trim($vfwd);
$fwd = explode(" ", $vfwd); $fwd = explode(' ', $vfwd);
foreach ($fwd as $forward) { foreach ($fwd as $forward) {
$forward = escapeshellarg($forward);
if (empty($_SESSION['error_msg'])) { if (empty($_SESSION['error_msg'])) {
exec (VESTA_CMD."v-add-mail-account-forward ".$user." ".$v_domain." ".$v_account." ".$forward, $output, $return_var); v_exec('v-add-mail-account-forward', [$user, $v_domain, $v_account, $forward]);
check_return_code($return_var,$output);
unset($output);
} }
} }
} }
// Add fwd_only flag // Add fwd_only flag
if ((!empty($_POST['v_fwd_only'])) && (empty($_SESSION['error_msg']))) { if ((!empty($_POST['v_fwd_only'])) && (empty($_SESSION['error_msg']))) {
exec (VESTA_CMD."v-add-mail-account-fwd-only ".$user." ".$v_domain." ".$v_account, $output, $return_var); v_exec('v-add-mail-account-fwd-only', [$user, $v_domain, $v_account]);
check_return_code($return_var,$output);
unset($output);
} }
// Get webmail url // Get webmail url
if (empty($_SESSION['error_msg'])) { if (empty($_SESSION['error_msg'])) {
list($http_host, $port) = explode(':', $_SERVER["HTTP_HOST"].":"); list($http_host, $port) = explode(':', $_SERVER['HTTP_HOST'].':');
$webmail = "http://".$http_host."/webmail/"; $webmail = "http://$http_host/webmail/";
if (!empty($_SESSION['MAIL_URL'])) $webmail = $_SESSION['MAIL_URL']; if (!empty($_SESSION['MAIL_URL'])) $webmail = $_SESSION['MAIL_URL'];
} }
// Flush field values on success // Flush field values on success
if (empty($_SESSION['error_msg'])) { if (empty($_SESSION['error_msg'])) {
$_SESSION['ok_msg'] = __('MAIL_ACCOUNT_CREATED_OK',htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST[v_domain]),htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST[v_domain])); $_SESSION['ok_msg'] = __('MAIL_ACCOUNT_CREATED_OK', htmlentities(strtolower($_POST['v_account'])), htmlentities($_POST['v_domain']), htmlentities(strtolower($_POST['v_account'])), htmlentities($_POST['v_domain']));
$_SESSION['ok_msg'] .= " / <a href=".$webmail." target='_blank'>" . __('open webmail') . "</a>"; $_SESSION['ok_msg'] .= " / <a href=$webmail target='_blank'>" . __('open webmail') . '</a>';
unset($v_account); unset($v_account);
unset($v_password); unset($v_password);
unset($v_password); unset($v_password);

144
web/add/package/index.php
View file

@ -19,7 +19,7 @@ if (!empty($_POST['ok'])) {
// Check token // Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) { if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/'); header('location: /login/');
exit(); exit;
} }
// Check empty fields // Check empty fields
@ -57,24 +57,23 @@ if (!empty($_POST['ok'])) {
$_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg); $_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
} }
// Protect input $v_package = $_POST['v_package'];
$v_package = escapeshellarg($_POST['v_package']); $v_web_template = $_POST['v_web_template'];
$v_web_template = escapeshellarg($_POST['v_web_template']); $v_backend_template = $_POST['v_backend_template'];
$v_backend_template = escapeshellarg($_POST['v_backend_template']); $v_proxy_template = $_POST['v_proxy_template'];
$v_proxy_template = escapeshellarg($_POST['v_proxy_template']); $v_dns_template = $_POST['v_dns_template'];
$v_dns_template = escapeshellarg($_POST['v_dns_template']); $v_shell = $_POST['v_shell'];
$v_shell = escapeshellarg($_POST['v_shell']); $v_web_domains = $_POST['v_web_domains'];
$v_web_domains = escapeshellarg($_POST['v_web_domains']); $v_web_aliases = $_POST['v_web_aliases'];
$v_web_aliases = escapeshellarg($_POST['v_web_aliases']); $v_dns_domains = $_POST['v_dns_domains'];
$v_dns_domains = escapeshellarg($_POST['v_dns_domains']); $v_dns_records = $_POST['v_dns_records'];
$v_dns_records = escapeshellarg($_POST['v_dns_records']); $v_mail_domains = $_POST['v_mail_domains'];
$v_mail_domains = escapeshellarg($_POST['v_mail_domains']); $v_mail_accounts = $_POST['v_mail_accounts'];
$v_mail_accounts = escapeshellarg($_POST['v_mail_accounts']); $v_databases = $_POST['v_databases'];
$v_databases = escapeshellarg($_POST['v_databases']); $v_cron_jobs = $_POST['v_cron_jobs'];
$v_cron_jobs = escapeshellarg($_POST['v_cron_jobs']); $v_backups = $_POST['v_backups'];
$v_backups = escapeshellarg($_POST['v_backups']); $v_disk_quota = $_POST['v_disk_quota'];
$v_disk_quota = escapeshellarg($_POST['v_disk_quota']); $v_bandwidth = $_POST['v_bandwidth'];
$v_bandwidth = escapeshellarg($_POST['v_bandwidth']);
$v_ns1 = trim($_POST['v_ns1'], '.'); $v_ns1 = trim($_POST['v_ns1'], '.');
$v_ns2 = trim($_POST['v_ns2'], '.'); $v_ns2 = trim($_POST['v_ns2'], '.');
$v_ns3 = trim($_POST['v_ns3'], '.'); $v_ns3 = trim($_POST['v_ns3'], '.');
@ -90,9 +89,8 @@ if (!empty($_POST['ok'])) {
if (!empty($v_ns6)) $v_ns .= ",".$v_ns6; if (!empty($v_ns6)) $v_ns .= ",".$v_ns6;
if (!empty($v_ns7)) $v_ns .= ",".$v_ns7; if (!empty($v_ns7)) $v_ns .= ",".$v_ns7;
if (!empty($v_ns8)) $v_ns .= ",".$v_ns8; if (!empty($v_ns8)) $v_ns .= ",".$v_ns8;
$v_ns = escapeshellarg($v_ns); $v_time = date('H:i:s');
$v_time = escapeshellarg(date('H:i:s')); $v_date = date('Y-m-d');
$v_date = escapeshellarg(date('Y-m-d'));
// Create temporary dir // Create temporary dir
if (empty($_SESSION['error_msg'])) { if (empty($_SESSION['error_msg'])) {
@ -104,29 +102,33 @@ if (!empty($_POST['ok'])) {
// Create package file // Create package file
if (empty($_SESSION['error_msg'])) { if (empty($_SESSION['error_msg'])) {
$pkg = "WEB_TEMPLATE=".$v_web_template."\n"; $a_pkg = [
if (!empty($_SESSION['WEB_BACKEND'])) { 'WEB_TEMPLATE' => $v_web_template,
$pkg .= "BACKEND_TEMPLATE=".$v_backend_template."\n"; 'BACKEND_TEMPLATE' => !empty($_SESSION['WEB_BACKEND']) ? $v_backend_template : null,
'PROXY_TEMPLATE' => !empty($_SESSION['PROXY_SYSTEM']) ? $v_proxy_template : null,
'DNS_TEMPLATE' => $v_dns_template,
'WEB_DOMAINS' => $v_web_domains,
'WEB_ALIASES' => $v_web_aliases,
'DNS_DOMAINS' => $v_dns_domains,
'DNS_RECORDS' => $v_dns_records,
'MAIL_DOMAINS' => $v_mail_domains,
'MAIL_ACCOUNTS' => $v_mail_accounts,
'DATABASES' => $v_databases,
'CRON_JOBS' => $v_cron_jobs,
'DISK_QUOTA' => $v_disk_quota,
'BANDWIDTH' => $v_bandwidth,
'NS' => $v_ns,
'SHELL' => $v_shell,
'BACKUPS' => $v_backups,
'TIME' => $v_time,
'DATE' => $v_date,
];
$pkg = '';
foreach ($a_pkg as $key => $value) {
if (is_null($value)) continue;
$pkg .= $key . '=' . escapeshellarg($value) . "\n";
} }
if (!empty($_SESSION['PROXY_SYSTEM'])) {
$pkg .= "PROXY_TEMPLATE=".$v_proxy_template."\n";
}
$pkg .= "DNS_TEMPLATE=".$v_dns_template."\n";
$pkg .= "WEB_DOMAINS=".$v_web_domains."\n";
$pkg .= "WEB_ALIASES=".$v_web_aliases."\n";
$pkg .= "DNS_DOMAINS=".$v_dns_domains."\n";
$pkg .= "DNS_RECORDS=".$v_dns_records."\n";
$pkg .= "MAIL_DOMAINS=".$v_mail_domains."\n";
$pkg .= "MAIL_ACCOUNTS=".$v_mail_accounts."\n";
$pkg .= "DATABASES=".$v_databases."\n";
$pkg .= "CRON_JOBS=".$v_cron_jobs."\n";
$pkg .= "DISK_QUOTA=".$v_disk_quota."\n";
$pkg .= "BANDWIDTH=".$v_bandwidth."\n";
$pkg .= "NS=".$v_ns."\n";
$pkg .= "SHELL=".$v_shell."\n";
$pkg .= "BACKUPS=".$v_backups."\n";
$pkg .= "TIME=".$v_time."\n";
$pkg .= "DATE=".$v_date."\n";
$fp = fopen($tmpdir."/".$_POST['v_package'].".pkg", 'w'); $fp = fopen($tmpdir."/".$_POST['v_package'].".pkg", 'w');
fwrite($fp, $pkg); fwrite($fp, $pkg);
@ -135,14 +137,11 @@ if (!empty($_POST['ok'])) {
// Add new package // Add new package
if (empty($_SESSION['error_msg'])) { if (empty($_SESSION['error_msg'])) {
exec (VESTA_CMD."v-add-user-package ".$tmpdir." ".$v_package, $output, $return_var); v_exec('v-add-user-package', [$tmpdir, $v_package]);
check_return_code($return_var,$output);
unset($output);
} }
// Remove tmpdir // Remove tmpdir
exec ('rm -rf '.$tmpdir, $output, $return_var); safe_exec('rm', ['-rf', $tmpdir]);
unset($output);
// Flush field values on success // Flush field values on success
if (empty($_SESSION['error_msg'])) { if (empty($_SESSION['error_msg'])) {
@ -160,33 +159,28 @@ include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
top_panel($user,$TAB); top_panel($user,$TAB);
// List web temmplates // List web temmplates
exec (VESTA_CMD."v-list-web-templates json", $output, $return_var); v_exec('v-list-web-templates', ['json'], false, $output);
$web_templates = json_decode(implode('', $output), true); $web_templates = json_decode($output, true);
unset($output);
// List web templates for backend // List web templates for backend
if (!empty($_SESSION['WEB_BACKEND'])) { if (!empty($_SESSION['WEB_BACKEND'])) {
exec (VESTA_CMD."v-list-web-templates-backend json", $output, $return_var); v_exec('v-list-web-templates-backend', ['json'], false, $output);
$backend_templates = json_decode(implode('', $output), true); $backend_templates = json_decode($output, true);
unset($output);
} }
// List web templates for proxy // List web templates for proxy
if (!empty($_SESSION['PROXY_SYSTEM'])) { if (!empty($_SESSION['PROXY_SYSTEM'])) {
exec (VESTA_CMD."v-list-web-templates-proxy json", $output, $return_var); v_exec('v-list-web-templates-proxy', ['json'], false, $output);
$proxy_templates = json_decode(implode('', $output), true); $proxy_templates = json_decode($output, true);
unset($output);
} }
// List DNS templates // List DNS templates
exec (VESTA_CMD."v-list-dns-templates json", $output, $return_var); v_exec('v-list-dns-templates', ['json'], false, $output);
$dns_templates = json_decode(implode('', $output), true); $dns_templates = json_decode($output, true);
unset($output);
// List system shells // List system shells
exec (VESTA_CMD."v-list-sys-shells json", $output, $return_var); v_exec('v-list-sys-shells', ['json'], false, $output);
$shells = json_decode(implode('', $output), true); $shells = json_decode($output, true);
unset($output);
// Set default values // Set default values
if (empty($v_web_template)) $v_web_template = 'default'; if (empty($v_web_template)) $v_web_template = 'default';
@ -194,17 +188,17 @@ if (empty($v_backend_template)) $v_backend_template = 'default';
if (empty($v_proxy_template)) $v_proxy_template = 'default'; if (empty($v_proxy_template)) $v_proxy_template = 'default';
if (empty($v_dns_template)) $v_dns_template = 'default'; if (empty($v_dns_template)) $v_dns_template = 'default';
if (empty($v_shell)) $v_shell = 'nologin'; if (empty($v_shell)) $v_shell = 'nologin';
if (empty($v_web_domains)) $v_web_domains = "'1'"; if (empty($v_web_domains)) $v_web_domains = '1';
if (empty($v_web_aliases)) $v_web_aliases = "'1'"; if (empty($v_web_aliases)) $v_web_aliases = '1';
if (empty($v_dns_domains)) $v_dns_domains = "'1'"; if (empty($v_dns_domains)) $v_dns_domains = '1';
if (empty($v_dns_records)) $v_dns_records = "'1'"; if (empty($v_dns_records)) $v_dns_records = '1';
if (empty($v_mail_domains)) $v_mail_domains = "'1'"; if (empty($v_mail_domains)) $v_mail_domains = '1';
if (empty($v_mail_accounts)) $v_mail_accounts = "'1'"; if (empty($v_mail_accounts)) $v_mail_accounts = '1';
if (empty($v_databases)) $v_databases = "'1'"; if (empty($v_databases)) $v_databases = '1';
if (empty($v_cron_jobs)) $v_cron_jobs = "'1'"; if (empty($v_cron_jobs)) $v_cron_jobs = '1';
if (empty($v_backups)) $v_backups = "'1'"; if (empty($v_backups)) $v_backups = '1';
if (empty($v_disk_quota)) $v_disk_quota = "'1000'"; if (empty($v_disk_quota)) $v_disk_quota = '1000';
if (empty($v_bandwidth)) $v_bandwidth = "'1000'"; if (empty($v_bandwidth)) $v_bandwidth = '1000';
if (empty($v_ns1)) $v_ns1 = 'ns1.example.ltd'; if (empty($v_ns1)) $v_ns1 = 'ns1.example.ltd';
if (empty($v_ns2)) $v_ns2 = 'ns2.example.ltd'; if (empty($v_ns2)) $v_ns2 = 'ns2.example.ltd';

36
web/add/user/index.php
View file

@ -19,7 +19,7 @@ if (!empty($_POST['ok'])) {
// Check token // Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) { if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/'); header('location: /login/');
exit(); exit;
} }
// Check empty fields // Check empty fields
@ -51,13 +51,12 @@ if (!empty($_POST['ok'])) {
if ($pw_len < 6) $_SESSION['error_msg'] = __('Password is too short.', $error_msg); if ($pw_len < 6) $_SESSION['error_msg'] = __('Password is too short.', $error_msg);
} }
// Protect input $v_username = $_POST['v_username'];
$v_username = escapeshellarg($_POST['v_username']); $v_email = $_POST['v_email'];
$v_email = escapeshellarg($_POST['v_email']); $v_package = $_POST['v_package'];
$v_package = escapeshellarg($_POST['v_package']); $v_language = $_POST['v_language'];
$v_language = escapeshellarg($_POST['v_language']); $v_fname = $_POST['v_fname'];
$v_fname = escapeshellarg($_POST['v_fname']); $v_lname = $_POST['v_lname'];
$v_lname = escapeshellarg($_POST['v_lname']);
$v_notify = $_POST['v_notify']; $v_notify = $_POST['v_notify'];
@ -67,18 +66,14 @@ if (!empty($_POST['ok'])) {
$fp = fopen($v_password, "w"); $fp = fopen($v_password, "w");
fwrite($fp, $_POST['v_password']."\n"); fwrite($fp, $_POST['v_password']."\n");
fclose($fp); fclose($fp);
exec (VESTA_CMD."v-add-user ".$v_username." ".$v_password." ".$v_email." ".$v_package." ".$v_fname." ".$v_lname, $output, $return_var); v_exec('v-add-user', [$v_username, $v_password, $v_email, $v_package, $v_fname, $v_lname]);
check_return_code($return_var,$output);
unset($output);
unlink($v_password); unlink($v_password);
$v_password = escapeshellarg($_POST['v_password']); $v_password = $_POST['v_password'];
} }
// Set language // Set language
if (empty($_SESSION['error_msg'])) { if (empty($_SESSION['error_msg'])) {
exec (VESTA_CMD."v-change-user-language ".$v_username." ".$v_language, $output, $return_var); v_exec('v-change-user-language', [$v_username, $v_language]);
check_return_code($return_var,$output);
unset($output);
} }
// Send email to the new user // Send email to the new user
@ -86,7 +81,6 @@ if (!empty($_POST['ok'])) {
$to = $_POST['v_notify']; $to = $_POST['v_notify'];
$subject = _translate($_POST['v_language'],"Welcome to Vesta Control Panel"); $subject = _translate($_POST['v_language'],"Welcome to Vesta Control Panel");
$hostname = exec('hostname'); $hostname = exec('hostname');
unset($output);
$from = _translate($_POST['v_language'],'MAIL_FROM',$hostname); $from = _translate($_POST['v_language'],'MAIL_FROM',$hostname);
if (!empty($_POST['v_fname'])) { if (!empty($_POST['v_fname'])) {
$mailtext = _translate($_POST['v_language'],'GREETINGS_GORDON_FREEMAN',$_POST['v_fname'],$_POST['v_lname']); $mailtext = _translate($_POST['v_language'],'GREETINGS_GORDON_FREEMAN',$_POST['v_fname'],$_POST['v_lname']);
@ -118,15 +112,13 @@ include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
top_panel($user,$TAB); top_panel($user,$TAB);
// List hosting packages // List hosting packages
exec (VESTA_CMD."v-list-user-packages json", $output, $return_var); $return_var = v_exec('v-list-user-packages', ['json'], false, $output);
check_error($return_var); check_error($return_var);
$data = json_decode(implode('', $output), true); $data = json_decode($output, true);
unset($output);
// List languages // List languages
exec (VESTA_CMD."v-list-sys-languages json", $output, $return_var); v_exec('v-list-sys-languages', ['json'], false, $output);
$languages = json_decode(implode('', $output), true); $languages = json_decode($output, true);
unset($output);
// Display body // Display body
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/add_user.html'); include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/add_user.html');

106
web/add/web/index.php
View file

@ -13,7 +13,7 @@ if (!empty($_POST['ok'])) {
// Check token // Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) { if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/'); header('location: /login/');
exit(); exit;
} }
// Check for empty fields // Check for empty fields
@ -42,11 +42,10 @@ if (!empty($_POST['ok'])) {
// Set domain to lowercase and remove www prefix // Set domain to lowercase and remove www prefix
$v_domain = preg_replace("/^www\./i", "", $_POST['v_domain']); $v_domain = preg_replace("/^www\./i", "", $_POST['v_domain']);
$v_domain = escapeshellarg($v_domain);
$v_domain = strtolower($v_domain); $v_domain = strtolower($v_domain);
// Define domain ip address // Define domain ip address
$v_ip = escapeshellarg($_POST['v_ip']); $v_ip = $_POST['v_ip'];
// Define domain aliases // Define domain aliases
$v_aliases = $_POST['v_aliases']; $v_aliases = $_POST['v_aliases'];
@ -54,11 +53,10 @@ if (!empty($_POST['ok'])) {
$aliases = preg_replace("/\r/", ",", $aliases); $aliases = preg_replace("/\r/", ",", $aliases);
$aliases = preg_replace("/\t/", ",", $aliases); $aliases = preg_replace("/\t/", ",", $aliases);
$aliases = preg_replace("/ /", ",", $aliases); $aliases = preg_replace("/ /", ",", $aliases);
$aliases_arr = explode(",", $aliases); $aliases_arr = explode(',', $aliases);
$aliases_arr = array_unique($aliases_arr); $aliases_arr = array_unique($aliases_arr);
$aliases_arr = array_filter($aliases_arr); $aliases_arr = array_filter($aliases_arr);
$aliases = implode(",",$aliases_arr); $aliases = implode(',', $aliases_arr);
$aliases = escapeshellarg($aliases);
// Define proxy extentions // Define proxy extentions
$v_proxy_ext = $_POST['v_proxy_ext']; $v_proxy_ext = $_POST['v_proxy_ext'];
@ -66,11 +64,10 @@ if (!empty($_POST['ok'])) {
$proxy_ext = preg_replace("/\r/", ",", $proxy_ext); $proxy_ext = preg_replace("/\r/", ",", $proxy_ext);
$proxy_ext = preg_replace("/\t/", ",", $proxy_ext); $proxy_ext = preg_replace("/\t/", ",", $proxy_ext);
$proxy_ext = preg_replace("/ /", ",", $proxy_ext); $proxy_ext = preg_replace("/ /", ",", $proxy_ext);
$proxy_ext_arr = explode(",", $proxy_ext); $proxy_ext_arr = explode(',', $proxy_ext);
$proxy_ext_arr = array_unique($proxy_ext_arr); $proxy_ext_arr = array_unique($proxy_ext_arr);
$proxy_ext_arr = array_filter($proxy_ext_arr); $proxy_ext_arr = array_filter($proxy_ext_arr);
$proxy_ext = implode(",",$proxy_ext_arr); $proxy_ext = implode(',', $proxy_ext_arr);
$proxy_ext = escapeshellarg($proxy_ext);
// Define other options // Define other options
$v_elog = $_POST['v_elog']; $v_elog = $_POST['v_elog'];
@ -79,7 +76,7 @@ if (!empty($_POST['ok'])) {
$v_ssl_key = $_POST['v_ssl_key']; $v_ssl_key = $_POST['v_ssl_key'];
$v_ssl_ca = $_POST['v_ssl_ca']; $v_ssl_ca = $_POST['v_ssl_ca'];
$v_ssl_home = $data[$v_domain]['SSL_HOME']; $v_ssl_home = $data[$v_domain]['SSL_HOME'];
$v_stats = escapeshellarg($_POST['v_stats']); $v_stats = $_POST['v_stats'];
$v_stats_user = $data[$v_domain]['STATS_USER']; $v_stats_user = $data[$v_domain]['STATS_USER'];
$v_stats_password = $data[$v_domain]['STATS_PASSWORD']; $v_stats_password = $data[$v_domain]['STATS_PASSWORD'];
$v_ftp = $_POST['v_ftp']; $v_ftp = $_POST['v_ftp'];
@ -104,44 +101,32 @@ if (!empty($_POST['ok'])) {
// Add web domain // Add web domain
if (empty($_SESSION['error_msg'])) { if (empty($_SESSION['error_msg'])) {
exec (VESTA_CMD."v-add-web-domain ".$user." ".$v_domain." ".$v_ip." 'no' ".$aliases." ".$proxy_ext, $output, $return_var); v_exec('v-add-web-domain', [$user, $v_domain, $v_ip, 'no', $aliases, $proxy_ext]);
check_return_code($return_var,$output);
unset($output);
$domain_added = empty($_SESSION['error_msg']); $domain_added = empty($_SESSION['error_msg']);
} }
// Add DNS domain // Add DNS domain
if (($_POST['v_dns'] == 'on') && (empty($_SESSION['error_msg']))) { if (($_POST['v_dns'] == 'on') && (empty($_SESSION['error_msg']))) {
exec (VESTA_CMD."v-add-dns-domain ".$user." ".$v_domain." ".$v_ip, $output, $return_var); v_exec('v-add-dns-domain', [$user, $v_domain, $v_ip]);
check_return_code($return_var,$output);
unset($output);
} }
// Add DNS for domain aliases // Add DNS for domain aliases
if (($_POST['v_dns'] == 'on') && (empty($_SESSION['error_msg']))) { if (($_POST['v_dns'] == 'on') && (empty($_SESSION['error_msg']))) {
foreach ($aliases_arr as $alias) { foreach ($aliases_arr as $alias) {
if ($alias != "www.".$_POST['v_domain']) { if ($alias != 'www.' . $_POST['v_domain']) {
$alias = escapeshellarg($alias); v_exec('v-add-dns-on-web-alias', [$user, $alias, $v_ip, 'no']);
exec (VESTA_CMD."v-add-dns-on-web-alias ".$user." ".$alias." ".$v_ip." 'no'", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
} }
} }
} }
// Add mail domain // Add mail domain
if (($_POST['v_mail'] == 'on') && (empty($_SESSION['error_msg']))) { if (($_POST['v_mail'] == 'on') && (empty($_SESSION['error_msg']))) {
exec (VESTA_CMD."v-add-mail-domain ".$user." ".$v_domain, $output, $return_var); v_exec('v-add-mail-domain', [$user, $v_domain]);
check_return_code($return_var,$output);
unset($output);
} }
// Delete proxy support // Delete proxy support
if ((!empty($_SESSION['PROXY_SYSTEM'])) && ($_POST['v_proxy'] == 'off') && (empty($_SESSION['error_msg']))) { if ((!empty($_SESSION['PROXY_SYSTEM'])) && ($_POST['v_proxy'] == 'off') && (empty($_SESSION['error_msg']))) {
$ext = escapeshellarg($ext); v_exec('v-delete-web-domain-proxy', [$user, $v_domain, 'no']);
exec (VESTA_CMD."v-delete-web-domain-proxy ".$user." ".$v_domain." 'no'", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
} }
// Add SSL certificates // Add SSL certificates
@ -174,60 +159,46 @@ if (!empty($_POST['ok'])) {
fclose($fp); fclose($fp);
} }
$v_ssl_home = escapeshellarg($_POST['v_ssl_home']); $v_ssl_home = $_POST['v_ssl_home'];
exec (VESTA_CMD."v-add-web-domain-ssl ".$user." ".$v_domain." ".$tmpdir." ".$v_ssl_home." 'no'", $output, $return_var); v_exec('v-add-web-domain-ssl', [$user, $v_domain, $tmpdir, $v_ssl_home, 'no']);
check_return_code($return_var,$output);
unset($output);
} }
// Add web stats // Add web stats
if ((!empty($_POST['v_stats'])) && ($_POST['v_stats'] != 'none' ) && (empty($_SESSION['error_msg']))) { if ((!empty($_POST['v_stats'])) && ($_POST['v_stats'] != 'none' ) && (empty($_SESSION['error_msg']))) {
$v_stats = escapeshellarg($_POST['v_stats']); $v_stats = $_POST['v_stats'];
exec (VESTA_CMD."v-add-web-domain-stats ".$user." ".$v_domain." ".$v_stats, $output, $return_var); v_exec('v-add-web-domain-stats', [$user, $v_domain, $v_stats]);
check_return_code($return_var,$output);
unset($output);
} }
// Add web stats password // Add web stats password
if ((!empty($_POST['v_stats_user'])) && (empty($_SESSION['error_msg']))) { if ((!empty($_POST['v_stats_user'])) && (empty($_SESSION['error_msg']))) {
$v_stats_user = escapeshellarg($_POST['v_stats_user']); $v_stats_user = $_POST['v_stats_user'];
$v_stats_password = tempnam("/tmp","vst"); $v_stats_password = tempnam("/tmp","vst");
$fp = fopen($v_stats_password, "w"); $fp = fopen($v_stats_password, "w");
fwrite($fp, $_POST['v_stats_password']."\n"); fwrite($fp, $_POST['v_stats_password']."\n");
fclose($fp); fclose($fp);
exec (VESTA_CMD."v-add-web-domain-stats-user ".$user." ".$v_domain." ".$v_stats_user." ".$v_stats_password, $output, $return_var); v_exec('v-add-web-domain-stats-user', [$user, $v_domain, $v_stats_user, $v_stats_password]);
check_return_code($return_var,$output);
unset($output);
unlink($v_stats_password); unlink($v_stats_password);
$v_stats_password = escapeshellarg($_POST['v_stats_password']); $v_stats_password = $_POST['v_stats_password'];
} }
// Restart DNS server // Restart DNS server
if (($_POST['v_dns'] == 'on') && (empty($_SESSION['error_msg']))) { if (($_POST['v_dns'] == 'on') && (empty($_SESSION['error_msg']))) {
exec (VESTA_CMD."v-restart-dns", $output, $return_var); v_exec('v-restart-dns');
check_return_code($return_var,$output);
unset($output);
} }
// Restart web server // Restart web server
if (empty($_SESSION['error_msg'])) { if (empty($_SESSION['error_msg'])) {
exec (VESTA_CMD."v-restart-web", $output, $return_var); v_exec('v-restart-web');
check_return_code($return_var,$output);
unset($output);
} }
// Restart backend server // Restart backend server
//if ((!empty($_SESSION['WEB_BACKEND'])) && (empty($_SESSION['error_msg']))) { //if ((!empty($_SESSION['WEB_BACKEND'])) && (empty($_SESSION['error_msg']))) {
// exec (VESTA_CMD."v-restart-web-backend", $output, $return_var); // v_exec('v-restart-backend');
// check_return_code($return_var,$output);
// unset($output);
//} //}
// Restart proxy server // Restart proxy server
if ((!empty($_SESSION['PROXY_SYSTEM'])) && ($_POST['v_proxy'] == 'on') && (empty($_SESSION['error_msg']))) { if ((!empty($_SESSION['PROXY_SYSTEM'])) && ($_POST['v_proxy'] == 'on') && (empty($_SESSION['error_msg']))) {
exec (VESTA_CMD."v-restart-proxy", $output, $return_var); v_exec('v-restart-proxy');
check_return_code($return_var,$output);
unset($output);
} }
// Add FTP // Add FTP
@ -265,22 +236,19 @@ if (!empty($_POST['ok'])) {
$v_ftp_user_data['v_ftp_user'] = preg_replace("/^".$user."_/i", "", $v_ftp_user_data['v_ftp_user']); $v_ftp_user_data['v_ftp_user'] = preg_replace("/^".$user."_/i", "", $v_ftp_user_data['v_ftp_user']);
$v_ftp_username = $v_ftp_user_data['v_ftp_user']; $v_ftp_username = $v_ftp_user_data['v_ftp_user'];
$v_ftp_username_full = $user . '_' . $v_ftp_user_data['v_ftp_user']; $v_ftp_username_full = $user . '_' . $v_ftp_user_data['v_ftp_user'];
$v_ftp_user = escapeshellarg($v_ftp_user_data['v_ftp_user']);
if ($domain_added) { if ($domain_added) {
$v_ftp_path = escapeshellarg(trim($v_ftp_user_data['v_ftp_path'])); $v_ftp_path = trim($v_ftp_user_data['v_ftp_path']);
$v_ftp_password = tempnam("/tmp","vst"); $v_ftp_password = tempnam("/tmp","vst");
$fp = fopen($v_ftp_password, "w"); $fp = fopen($v_ftp_password, "w");
fwrite($fp, $v_ftp_user_data['v_ftp_password']."\n"); fwrite($fp, $v_ftp_user_data['v_ftp_password']."\n");
fclose($fp); fclose($fp);
exec (VESTA_CMD."v-add-web-domain-ftp ".$user." ".$v_domain." ".$v_ftp_user." ".$v_ftp_password . " " . $v_ftp_path, $output, $return_var); v_exec('v-add-web-domain-ftp', [$user, $v_domain, $v_ftp_username, $v_ftp_password, $v_ftp_path]);
check_return_code($return_var,$output);
unset($output);
unlink($v_ftp_password); unlink($v_ftp_password);
if ((!empty($v_ftp_user_data['v_ftp_email'])) && (empty($_SESSION['error_msg']))) { if ((!empty($v_ftp_user_data['v_ftp_email'])) && (empty($_SESSION['error_msg']))) {
$to = $v_ftp_user_data['v_ftp_email']; $to = $v_ftp_user_data['v_ftp_email'];
$subject = __("FTP login credentials"); $subject = __('FTP login credentials');
$from = __('MAIL_FROM', $_POST['v_domain']); $from = __('MAIL_FROM', $_POST['v_domain']);
$mailtext = __('FTP_ACCOUNT_READY',$_POST['v_domain'],$user,$v_ftp_user_data['v_ftp_user'],$v_ftp_user_data['v_ftp_password']); $mailtext = __('FTP_ACCOUNT_READY', $_POST['v_domain'], $user, $v_ftp_username, $v_ftp_user_data['v_ftp_password']);
send_email($to, $subject, $mailtext, $from); send_email($to, $subject, $mailtext, $from);
unset($v_ftp_email); unset($v_ftp_email);
} }
@ -289,13 +257,13 @@ if (!empty($_POST['ok'])) {
} }
if ($return_var == 0) { if ($return_var == 0) {
$v_ftp_password = "••••••••"; $v_ftp_password = '••••••••';
$v_ftp_user_data['is_new'] = 0; $v_ftp_user_data['is_new'] = 0;
} else { } else {
$v_ftp_user_data['is_new'] = 1; $v_ftp_user_data['is_new'] = 1;
} }
$v_ftp_username = preg_replace("/^".$user."_/", "", $v_ftp_user_data['v_ftp_user']); $v_ftp_username = preg_replace("/^{$user}_/", '', $v_ftp_user_data['v_ftp_user']);
$v_ftp_users_updated[] = array( $v_ftp_users_updated[] = array(
'is_new' => $v_ftp_user_data['is_new'], 'is_new' => $v_ftp_user_data['is_new'],
'v_ftp_user' => $return_var == 0 ? $v_ftp_username_full : $v_ftp_username, 'v_ftp_user' => $return_var == 0 ? $v_ftp_username_full : $v_ftp_username,
@ -311,8 +279,8 @@ if (!empty($_POST['ok'])) {
if (!empty($_SESSION['error_msg']) && $domain_added) { if (!empty($_SESSION['error_msg']) && $domain_added) {
$_SESSION['ok_msg'] = __('WEB_DOMAIN_CREATED_OK',htmlentities($_POST[v_domain]),htmlentities($_POST[v_domain])); $_SESSION['ok_msg'] = __('WEB_DOMAIN_CREATED_OK',htmlentities($_POST[v_domain]),htmlentities($_POST[v_domain]));
$_SESSION['flash_error_msg'] = $_SESSION['error_msg']; $_SESSION['flash_error_msg'] = $_SESSION['error_msg'];
$url = '/edit/web/?domain='.strtolower(preg_replace("/^www\./i", "", $_POST['v_domain'])); $url = '/edit/web/?domain=' . strtolower(preg_replace('/^www\./i', '', $_POST['v_domain']));
header('Location: ' . $url); header("Location: $url");
exit; exit;
} }
} }
@ -344,14 +312,12 @@ $v_ftp_user_prepath = $panel[$user]['HOME'] . "/web";
$v_ftp_email = $panel[$user]['CONTACT']; $v_ftp_email = $panel[$user]['CONTACT'];
// List IP addresses // List IP addresses
exec (VESTA_CMD."v-list-user-ips ".$user." json", $output, $return_var); v_exec('v-list-user-ips', [$user, 'json'], false, $output);
$ips = json_decode(implode('', $output), true); $ips = json_decode($output, true);
unset($output);
// List web stat engines // List web stat engines
exec (VESTA_CMD."v-list-web-stats json", $output, $return_var); v_exec('v-list-web-stats', ['json'], false, $output);
$stats = json_decode(implode('', $output), true); $stats = json_decode($output, true);
unset($output);
// Display body // Display body
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/add_web.html'); include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/add_web.html');

55
web/api/index.php
View file

@ -2,7 +2,6 @@
define('VESTA_CMD', '/usr/bin/sudo /usr/local/vesta/bin/'); define('VESTA_CMD', '/usr/bin/sudo /usr/local/vesta/bin/');
if (isset($_POST['user']) || isset($_POST['hash'])) { if (isset($_POST['user']) || isset($_POST['hash'])) {
// Authentication // Authentication
$auth_code = 1; $auth_code = 1;
if (empty($_POST['hash'])) { if (empty($_POST['hash'])) {
@ -12,18 +11,18 @@ if (isset($_POST['user']) || isset($_POST['hash'])) {
exit; exit;
} }
$v_user = escapeshellarg($_POST['user']); $v_user = $_POST['user'];
$v_password = tempnam("/tmp","vst"); $v_password = tempnam("/tmp","vst");
$fp = fopen($v_password, "w"); $fp = fopen($v_password, "w");
fwrite($fp, $_POST['password']."\n"); fwrite($fp, $_POST['password']."\n");
fclose($fp); fclose($fp);
$v_ip_addr = escapeshellarg($_SERVER["REMOTE_ADDR"]); $v_ip_addr = $_SERVER['REMOTE_ADDR'];
exec(VESTA_CMD ."v-check-user-password ".$v_user." ".$v_password." '".$v_ip_addr."'", $output, $auth_code); $auth_code = v_exec('v-check-user-password', [$v_user, $v_password, $v_ip_addr], false);
unlink($v_password); unlink($v_password);
} else { } else {
$key = '/usr/local/vesta/data/keys/' . basename($_POST['hash']); $key = '/usr/local/vesta/data/keys/' . basename($_POST['hash']);
if (file_exists($key) && is_file($key)) { if (file_exists($key) && is_file($key)) {
$auth_code = '0'; $auth_code = 0;
} }
} }
@ -33,37 +32,17 @@ if (isset($_POST['user']) || isset($_POST['hash'])) {
} }
// Prepare arguments // Prepare arguments
if (isset($_POST['cmd'])) $cmd = escapeshellarg($_POST['cmd']); $args = [];
if (isset($_POST['arg1'])) $arg1 = escapeshellarg($_POST['arg1']); if (isset($_POST['cmd'])) $cmd = $_POST['cmd'];
if (isset($_POST['arg2'])) $arg2 = escapeshellarg($_POST['arg2']); if (isset($_POST['arg1'])) $args[] = $_POST['arg1'];
if (isset($_POST['arg3'])) $arg3 = escapeshellarg($_POST['arg3']); if (isset($_POST['arg2'])) $args[] = $_POST['arg2'];
if (isset($_POST['arg4'])) $arg4 = escapeshellarg($_POST['arg4']); if (isset($_POST['arg3'])) $args[] = $_POST['arg3'];
if (isset($_POST['arg5'])) $arg5 = escapeshellarg($_POST['arg5']); if (isset($_POST['arg4'])) $args[] = $_POST['arg4'];
if (isset($_POST['arg6'])) $arg6 = escapeshellarg($_POST['arg6']); if (isset($_POST['arg5'])) $args[] = $_POST['arg5'];
if (isset($_POST['arg7'])) $arg7 = escapeshellarg($_POST['arg7']); if (isset($_POST['arg6'])) $args[] = $_POST['arg6'];
if (isset($_POST['arg8'])) $arg8 = escapeshellarg($_POST['arg8']); if (isset($_POST['arg7'])) $args[] = $_POST['arg7'];
if (isset($_POST['arg9'])) $arg9 = escapeshellarg($_POST['arg9']); if (isset($_POST['arg8'])) $args[] = $_POST['arg8'];
if (isset($_POST['arg9'])) $args[] = $_POST['arg9'];
// Build query
$cmdquery = VESTA_CMD.$cmd." ";
if(!empty($arg1)){
$cmdquery = $cmdquery.$arg1." "; }
if(!empty($arg2)){
$cmdquery = $cmdquery.$arg2." "; }
if(!empty($arg3)){
$cmdquery = $cmdquery.$arg3." "; }
if(!empty($arg4)){
$cmdquery = $cmdquery.$arg4." "; }
if(!empty($arg5)){
$cmdquery = $cmdquery.$arg5." "; }
if(!empty($arg6)){
$cmdquery = $cmdquery.$arg6." "; }
if(!empty($arg7)){
$cmdquery = $cmdquery.$arg7." "; }
if(!empty($arg8)){
$cmdquery = $cmdquery.$arg8." "; }
if(!empty($arg9)){
$cmdquery = $cmdquery.$arg9; }
// Check command // Check command
if ($cmd == "'v-make-tmp-file'") { if ($cmd == "'v-make-tmp-file'") {
@ -74,7 +53,7 @@ if (isset($_POST['user']) || isset($_POST['hash'])) {
$return_var = 0; $return_var = 0;
} else { } else {
// Run normal cmd query // Run normal cmd query
exec ($cmdquery, $output, $return_var); $return_var = v_exec($cmd, $args, false, $output);
} }
if ((!empty($_POST['returncode'])) && ($_POST['returncode'] == 'yes')) { if ((!empty($_POST['returncode'])) && ($_POST['returncode'] == 'yes')) {
@ -83,7 +62,7 @@ if (isset($_POST['user']) || isset($_POST['hash'])) {
if (($return_var == 0) && (empty($output))) { if (($return_var == 0) && (empty($output))) {
echo "OK"; echo "OK";
} else { } else {
echo implode("\n",$output)."\n"; echo $output . "\n";
} }
} }
} }

3
web/bulk/backup/exclusions/index.php
View file

@ -16,8 +16,7 @@ switch ($action) {
} }
foreach ($backup as $value) { foreach ($backup as $value) {
$value = escapeshellarg($value); v_exec($cmd, [$user, $value], false);
exec (VESTA_CMD.$cmd." ".$user." ".$value, $output, $return_var);
} }
header("Location: /list/backup/exclusions"); header("Location: /list/backup/exclusions");

5
web/bulk/backup/index.php
View file

@ -12,7 +12,7 @@ $action = $_POST['action'];
// Check token // Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) { if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/'); header('location: /login/');
exit(); exit;
} }
switch ($action) { switch ($action) {
@ -22,8 +22,7 @@ switch ($action) {
} }
foreach ($backup as $value) { foreach ($backup as $value) {
$value = escapeshellarg($value); v_exec($cmd, [$user, $value], false);
exec (VESTA_CMD.$cmd." ".$user." ".$value, $output, $return_var);
} }
header("Location: /list/backup/"); header("Location: /list/backup/");

23
web/bulk/cron/index.php
View file

@ -9,7 +9,7 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check token // Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) { if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/'); header('location: /login/');
exit(); exit;
} }
$job = $_POST['job']; $job = $_POST['job'];
@ -24,19 +24,15 @@ if ($_SESSION['user'] == 'admin') {
case 'unsuspend': $cmd='v-unsuspend-cron-job'; case 'unsuspend': $cmd='v-unsuspend-cron-job';
break; break;
case 'delete-cron-reports': $cmd='v-delete-cron-reports'; case 'delete-cron-reports': $cmd='v-delete-cron-reports';
exec (VESTA_CMD.$cmd." ".$user, $output, $return_var); v_exec($cmd, [$user], false);
$_SESSION['error_msg'] = __('Cronjob email reporting has been successfully diabled'); $_SESSION['error_msg'] = __('Cronjob email reporting has been successfully diabled');
unset($output);
header("Location: /list/cron/"); header("Location: /list/cron/");
exit; exit;
break;
case 'add-cron-reports': $cmd='v-add-cron-reports'; case 'add-cron-reports': $cmd='v-add-cron-reports';
exec (VESTA_CMD.$cmd." ".$user, $output, $return_var); v_exec($cmd, [$user], false);
$_SESSION['error_msg'] = __('Cronjob email reporting has been successfully enabled'); $_SESSION['error_msg'] = __('Cronjob email reporting has been successfully enabled');
unset($output);
header("Location: /list/cron/"); header("Location: /list/cron/");
exit; exit;
break;
default: header("Location: /list/cron/"); exit; default: header("Location: /list/cron/"); exit;
} }
} else { } else {
@ -44,31 +40,26 @@ if ($_SESSION['user'] == 'admin') {
case 'delete': $cmd='v-delete-cron-job'; case 'delete': $cmd='v-delete-cron-job';
break; break;
case 'delete-cron-reports': $cmd='v-delete-cron-reports'; case 'delete-cron-reports': $cmd='v-delete-cron-reports';
exec (VESTA_CMD.$cmd." ".$user, $output, $return_var); v_exec($cmd, [$user], false);
$_SESSION['error_msg'] = __('Cronjob email reporting has been successfully diabled'); $_SESSION['error_msg'] = __('Cronjob email reporting has been successfully diabled');
unset($output);
header("Location: /list/cron/"); header("Location: /list/cron/");
exit; exit;
break;
case 'add-cron-reports': $cmd='v-add-cron-reports'; case 'add-cron-reports': $cmd='v-add-cron-reports';
exec (VESTA_CMD.$cmd." ".$user, $output, $return_var); v_exec($cmd, [$user], false);
$_SESSION['error_msg'] = __('Cronjob email reporting has been successfully enabled'); $_SESSION['error_msg'] = __('Cronjob email reporting has been successfully enabled');
unset($output);
header("Location: /list/cron/"); header("Location: /list/cron/");
exit; exit;
break;
default: header("Location: /list/cron/"); exit; default: header("Location: /list/cron/"); exit;
} }
} }
foreach ($job as $value) { foreach ($job as $value) {
$value = escapeshellarg($value); v_exec($cmd, [$user, $value, 'no'], false);
exec (VESTA_CMD.$cmd." ".$user." ".$value." no", $output, $return_var);
$restart = 'yes'; $restart = 'yes';
} }
if (!empty($restart)) { if (!empty($restart)) {
exec (VESTA_CMD."v-restart-cron", $output, $return_var); v_exec('v-restart-cron', [], false);
} }
header("Location: /list/cron/"); header("Location: /list/cron/");

5
web/bulk/db/index.php
View file

@ -9,7 +9,7 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check token // Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) { if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/'); header('location: /login/');
exit(); exit;
} }
$database = $_POST['database']; $database = $_POST['database'];
@ -34,8 +34,7 @@ if ($_SESSION['user'] == 'admin') {
} }
foreach ($database as $value) { foreach ($database as $value) {
$value = escapeshellarg($value); v_exec($cmd, [$user, $value], false);
exec (VESTA_CMD.$cmd." ".$user." ".$value, $output, $return_var);
} }
header("Location: /list/db/"); header("Location: /list/db/");

11
web/bulk/dns/index.php
View file

@ -9,7 +9,7 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check token // Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) { if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/'); header('location: /login/');
exit(); exit;
} }
$domain = $_POST['domain']; $domain = $_POST['domain'];
@ -58,22 +58,19 @@ if ($_SESSION['user'] == 'admin') {
if (empty($record)) { if (empty($record)) {
foreach ($domain as $value) { foreach ($domain as $value) {
// DNS // DNS
$value = escapeshellarg($value); v_exec($cmd, [$user, $value, 'no'], false);
exec (VESTA_CMD.$cmd." ".$user." ".$value." no", $output, $return_var);
$restart = 'yes'; $restart = 'yes';
} }
} else { } else {
foreach ($record as $value) { foreach ($record as $value) {
// DNS Record // DNS Record
$value = escapeshellarg($value); v_exec($cmd, [$user, $domain, $value, 'no'], false);
$dom = escapeshellarg($domain);
exec (VESTA_CMD.$cmd." ".$user." ".$dom." ".$value." no", $output, $return_var);
$restart = 'yes'; $restart = 'yes';
} }
} }
if (!empty($restart)) { if (!empty($restart)) {
exec (VESTA_CMD."v-restart-dns", $output, $return_var); v_exec('v-restart-dns', [], false);
} }
if (empty($record)) { if (empty($record)) {

13
web/bulk/firewall/banlist/index.php
View file

@ -10,7 +10,7 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check token // Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) { if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/'); header('location: /login/');
exit(); exit;
} }
// Check user // Check user
@ -22,10 +22,7 @@ if ($_SESSION['user'] != 'admin') {
$ipchain = $_POST['ipchain']; $ipchain = $_POST['ipchain'];
/*if (!empty($_POST['ipchain'])) { /*if (!empty($_POST['ipchain'])) {
$ipchain = $_POST['ipchain']; $ipchain = $_POST['ipchain'];
list($ip,$chain) = split(":",$ipchain); list($ip, $chain) = explode(':', $ipchain);
$v_ip = escapeshellarg($ip);
$v_chain = escapeshellarg($chain);
}*/ }*/
$action = $_POST['action']; $action = $_POST['action'];
@ -37,10 +34,8 @@ switch ($action) {
} }
foreach ($ipchain as $value) { foreach ($ipchain as $value) {
list($ip,$chain) = split(":",$value); list($ip, $chain) = explode(':', $value);
$v_ip = escapeshellarg($ip); v_exec($cmd, [$ip, $chain], false);
$v_chain = escapeshellarg($chain);
exec (VESTA_CMD.$cmd." ".$v_ip." ".$v_chain, $output, $return_var);
} }
header("Location: /list/firewall/banlist"); header("Location: /list/firewall/banlist");

5
web/bulk/firewall/index.php
View file

@ -10,7 +10,7 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check token // Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) { if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/'); header('location: /login/');
exit(); exit;
} }
// Check user // Check user
@ -34,8 +34,7 @@ switch ($action) {
} }
foreach ($rule as $value) { foreach ($rule as $value) {
$value = escapeshellarg($value); v_exec($cmd, [$value], false);
exec (VESTA_CMD.$cmd." ".$value, $output, $return_var);
$restart = 'yes'; $restart = 'yes';
} }

11
web/bulk/ip/index.php
View file

@ -9,7 +9,7 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check token // Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) { if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/'); header('location: /login/');
exit(); exit;
} }
$ip = $_POST['ip']; $ip = $_POST['ip'];
@ -17,10 +17,10 @@ $action = $_POST['action'];
if ($_SESSION['user'] == 'admin') { if ($_SESSION['user'] == 'admin') {
switch ($action) { switch ($action) {
case 'reread IP': exec(VESTA_CMD."v-update-sys-ip", $output, $return_var); case 'reread IP': $cmd = 'v-update-sys-ip';
header("Location: /list/ip/"); v_exec($cmd, [], false);
header('Location: /list/ip/');
exit; exit;
break;
case 'delete': $cmd = 'v-delete-sys-ip'; case 'delete': $cmd = 'v-delete-sys-ip';
break; break;
default: header("Location: /list/ip/"); exit; default: header("Location: /list/ip/"); exit;
@ -31,8 +31,7 @@ if ($_SESSION['user'] == 'admin') {
} }
foreach ($ip as $value) { foreach ($ip as $value) {
$value = escapeshellarg($value); v_exec($cmd, [$value], false);
exec (VESTA_CMD.$cmd." ".$value, $output, $return_var);
} }
header("Location: /list/ip/"); header("Location: /list/ip/");

9
web/bulk/mail/index.php
View file

@ -9,7 +9,7 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check token // Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) { if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/'); header('location: /login/');
exit(); exit;
} }
$domain = $_POST['domain']; $domain = $_POST['domain'];
@ -58,16 +58,13 @@ if ($_SESSION['user'] == 'admin') {
if (empty($account)) { if (empty($account)) {
foreach ($domain as $value) { foreach ($domain as $value) {
// Mail // Mail
$value = escapeshellarg($value); v_exec($cmd, [$user, $value], false);
exec (VESTA_CMD.$cmd." ".$user." ".$value, $output, $return_var);
$restart = 'yes'; $restart = 'yes';
} }
} else { } else {
foreach ($account as $value) { foreach ($account as $value) {
// Mail Account // Mail Account
$value = escapeshellarg($value); v_exec($cmd, [$user, $domain, $value], false);
$dom = escapeshellarg($domain);
exec (VESTA_CMD.$cmd." ".$user." ".$dom." ".$value, $output, $return_var);
$restart = 'yes'; $restart = 'yes';
} }
} }

5
web/bulk/package/index.php
View file

@ -9,7 +9,7 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check token // Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) { if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/'); header('location: /login/');
exit(); exit;
} }
$package = $_POST['package']; $package = $_POST['package'];
@ -27,8 +27,7 @@ if ($_SESSION['user'] == 'admin') {
} }
foreach ($package as $value) { foreach ($package as $value) {
$value = escapeshellarg($value); v_exec($cmd, [$value], false);
exec (VESTA_CMD.$cmd." ".$value, $output, $return_var);
$restart = 'yes'; $restart = 'yes';
} }

29
web/bulk/restore/index.php
View file

@ -9,11 +9,11 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check token // Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) { if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/'); header('location: /login/');
exit(); exit;
} }
$action = $_POST['action']; $action = $_POST['action'];
$backup = escapeshellarg($_POST['backup']); $backup = $_POST['backup'];
$web = 'no'; $web = 'no';
$dns = 'no'; $dns = 'no';
@ -22,25 +22,22 @@ $db = 'no';
$cron = 'no'; $cron = 'no';
$udir = 'no'; $udir = 'no';
if (!empty($_POST['web'])) $web = escapeshellarg(implode(",",$_POST['web'])); if (!empty($_POST['web'])) $web = implode(',', $_POST['web']);
if (!empty($_POST['dns'])) $dns = escapeshellarg(implode(",",$_POST['dns'])); if (!empty($_POST['dns'])) $dns = implode(',', $_POST['dns']);
if (!empty($_POST['mail'])) $mail = escapeshellarg(implode(",",$_POST['mail'])); if (!empty($_POST['mail'])) $mail = implode(',', $_POST['mail']);
if (!empty($_POST['db'])) $db = escapeshellarg(implode(",",$_POST['db'])); if (!empty($_POST['db'])) $db = implode(',', $_POST['db']);
if (!empty($_POST['cron'])) $cron = 'yes'; if (!empty($_POST['cron'])) $cron = 'yes';
if (!empty($_POST['udir'])) $udir = escapeshellarg(implode(",",$_POST['udir'])); if (!empty($_POST['udir'])) $udir = implode(',', $_POST['udir']);
if ($action == 'restore') { if ($action == 'restore') {
exec (VESTA_CMD."v-schedule-user-restore ".$user." ".$backup." ".$web." ".$dns." ".$mail." ".$db." ".$cron." ".$udir, $output, $return_var); $return_var = v_exec('v-schedule-user-restore', [$user, $backup, $web, $dns, $mail, $db, $cron, $udir]);
if ($return_var == 0) { switch ($return_var) {
case 0:
$_SESSION['error_msg'] = __('RESTORE_SCHEDULED'); $_SESSION['error_msg'] = __('RESTORE_SCHEDULED');
} else { break;
$_SESSION['error_msg'] = implode('<br>', $output); case 4:
if (empty($_SESSION['error_msg'])) {
$_SESSION['error_msg'] = __('Error: vesta did not return any output.');
}
if ($return_var == 4) {
$_SESSION['error_msg'] = __('RESTORE_EXISTS'); $_SESSION['error_msg'] = __('RESTORE_EXISTS');
} break;
} }
} }

8
web/bulk/service/index.php
View file

@ -9,7 +9,7 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check token // Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) { if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/'); header('location: /login/');
exit(); exit;
} }
$service = $_POST['service']; $service = $_POST['service'];
@ -27,16 +27,14 @@ if ($_SESSION['user'] == 'admin') {
} }
if ((!empty($_POST['system'])) && ($action == 'restart')) { if ((!empty($_POST['system'])) && ($action == 'restart')) {
exec (VESTA_CMD."v-restart-system yes", $output, $return_var); v_exec('v-restart-system', ['yes'], false);
$_SESSION['error_srv'] = 'The system is going down for reboot NOW!'; $_SESSION['error_srv'] = 'The system is going down for reboot NOW!';
unset($output);
header("Location: /list/server/"); header("Location: /list/server/");
exit; exit;
} }
foreach ($service as $value) { foreach ($service as $value) {
$value = escapeshellarg($value); v_exec($cmd, [$value], false);
exec (VESTA_CMD.$cmd." ".$value, $output, $return_var);
} }
} }

11
web/bulk/user/index.php
View file

@ -9,7 +9,7 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check token // Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) { if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/'); header('location: /login/');
exit(); exit;
} }
$user = $_POST['user']; $user = $_POST['user'];
@ -48,15 +48,14 @@ if ($_SESSION['user'] == 'admin') {
} }
foreach ($user as $value) { foreach ($user as $value) {
$value = escapeshellarg($value); v_exec($cmd, [$value, $restart], false);
exec (VESTA_CMD.$cmd." ".$value." ".$restart, $output, $return_var);
$changes = 'yes'; $changes = 'yes';
} }
if ((!empty($restart)) && (!empty($changes))) { if ((!empty($restart)) && (!empty($changes))) {
exec (VESTA_CMD."v-restart-web", $output, $return_var); v_exec('v-restart-web', [], false);
exec (VESTA_CMD."v-restart-dns", $output, $return_var); v_exec('v-restart-dns', [], false);
exec (VESTA_CMD."v-restart-cron", $output, $return_var); v_exec('v-restart-cron', [], false);
} }
header("Location: /list/user/"); header("Location: /list/user/");

5
web/bulk/vesta/index.php
View file

@ -9,7 +9,7 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check token // Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) { if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/'); header('location: /login/');
exit(); exit;
} }
@ -23,8 +23,7 @@ if ($_SESSION['user'] == 'admin') {
default: header("Location: /list/updates/"); exit; default: header("Location: /list/updates/"); exit;
} }
foreach ($pkg as $value) { foreach ($pkg as $value) {
$value = escapeshellarg($value); v_exec($cmd, [$value], false);
exec (VESTA_CMD.$cmd." ".$value, $output, $return_var);
} }
} }

11
web/bulk/web/index.php
View file

@ -9,7 +9,7 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check token // Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) { if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/'); header('location: /login/');
exit(); exit;
} }
$domain = $_POST['domain']; $domain = $_POST['domain'];
@ -34,15 +34,14 @@ if ($_SESSION['user'] == 'admin') {
} }
foreach ($domain as $value) { foreach ($domain as $value) {
$value = escapeshellarg($value); v_exec($cmd, [$user, $value, 'no'], false);
exec (VESTA_CMD.$cmd." ".$user." ".$value." no", $output, $return_var);
$restart = 'yes'; $restart = 'yes';
} }
if (isset($restart)) { if (isset($restart)) {
exec (VESTA_CMD."v-restart-web", $output, $return_var); v_exec('v-restart-web', [], false);
exec (VESTA_CMD."v-restart-proxy", $output, $return_var); v_exec('v-restart-proxy', [], false);
exec (VESTA_CMD."v-restart-dns", $output, $return_var); v_exec('v-restart-dns', [], false);
} }
header("Location: /list/web/"); header("Location: /list/web/");

9
web/delete/backup/exclusion/index.php
View file

@ -10,16 +10,13 @@ if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
} }
if (!empty($_GET['system'])) { if (!empty($_GET['system'])) {
$v_username = escapeshellarg($user); $v_system = $_GET['system'];
$v_system = escapeshellarg($_GET['system']); v_exec('v-delete-user-backup-exclusions', [$user, $v_system]);
exec (VESTA_CMD."v-delete-user-backup-exclusions ".$v_username." ".$v_system, $output, $return_var);
} }
check_return_code($return_var,$output);
unset($output);
$back = $_SESSION['back']; $back = $_SESSION['back'];
if (!empty($back)) { if (!empty($back)) {
header("Location: ".$back); header("Location: $back");
exit; exit;
} }

11
web/delete/backup/index.php
View file

@ -12,20 +12,17 @@ if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
// Check token // Check token
if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) { if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
header('location: /login/'); header('location: /login/');
exit(); exit;
} }
if (!empty($_GET['backup'])) { if (!empty($_GET['backup'])) {
$v_username = escapeshellarg($user); $v_backup = $_GET['backup'];
$v_backup = escapeshellarg($_GET['backup']); v_exec('v-delete-user-backup', [$user, $v_backup]);
exec (VESTA_CMD."v-delete-user-backup ".$v_username." ".$v_backup, $output, $return_var);
} }
check_return_code($return_var,$output);
unset($output);
$back = $_SESSION['back']; $back = $_SESSION['back'];
if (!empty($back)) { if (!empty($back)) {
header("Location: ".$back); header("Location: $back");
exit; exit;
} }

3
web/delete/cron/autoupdate/index.php
View file

@ -6,9 +6,8 @@ session_start();
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php"); include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
if ($_SESSION['user'] == 'admin') { if ($_SESSION['user'] == 'admin') {
exec (VESTA_CMD."v-delete-cron-vesta-autoupdate", $output, $return_var); v_exec('v-delete-cron-vesta-autoupdate', [], false);
$_SESSION['error_msg'] = __('Autoupdate has been successfully disabled'); $_SESSION['error_msg'] = __('Autoupdate has been successfully disabled');
unset($output);
} }
header("Location: /list/updates/"); header("Location: /list/updates/");

11
web/delete/cron/index.php
View file

@ -12,20 +12,17 @@ if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
// Check token // Check token
if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) { if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
header('location: /login/'); header('location: /login/');
exit(); exit;
} }
if (!empty($_GET['job'])) { if (!empty($_GET['job'])) {
$v_username = escapeshellarg($user); $v_job = $_GET['job'];
$v_job = escapeshellarg($_GET['job']); v_exec('v-delete-cron-job', [$user, $v_job]);
exec (VESTA_CMD."v-delete-cron-job ".$v_username." ".$v_job, $output, $return_var);
} }
check_return_code($return_var,$output);
unset($output);
$back = $_SESSION['back']; $back = $_SESSION['back'];
if (!empty($back)) { if (!empty($back)) {
header("Location: ".$back); header("Location: $back");
exit; exit;
} }

3
web/delete/cron/reports/index.php
View file

@ -5,9 +5,8 @@ ob_start();
session_start(); session_start();
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php"); include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
exec (VESTA_CMD."v-delete-cron-reports ".$user, $output, $return_var); v_exec('v-delete-cron-reports', [$user], false);
$_SESSION['error_msg'] = __('Cronjob email reporting has been successfully disabled'); $_SESSION['error_msg'] = __('Cronjob email reporting has been successfully disabled');
unset($output);
header("Location: /list/cron/"); header("Location: /list/cron/");
exit; exit;

11
web/delete/db/index.php
View file

@ -12,20 +12,17 @@ if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
// Check token // Check token
if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) { if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
header('location: /login/'); header('location: /login/');
exit(); exit;
} }
if (!empty($_GET['database'])) { if (!empty($_GET['database'])) {
$v_username = escapeshellarg($user); $v_database = $_GET['database'];
$v_database = escapeshellarg($_GET['database']); v_exec('v-delete-database', [$user, $v_database]);
exec (VESTA_CMD."v-delete-database ".$v_username." ".$v_database, $output, $return_var);
} }
check_return_code($return_var,$output);
unset($output);
$back = $_SESSION['back']; $back = $_SESSION['back'];
if (!empty($back)) { if (!empty($back)) {
header("Location: ".$back); header("Location: $back");
exit; exit;
} }

25
web/delete/dns/index.php
View file

@ -13,20 +13,17 @@ if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
// Check token // Check token
if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) { if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
header('location: /login/'); header('location: /login/');
exit(); exit;
} }
// DNS domain // DNS domain
if ((!empty($_GET['domain'])) && (empty($_GET['record_id']))) { if ((!empty($_GET['domain'])) && (empty($_GET['record_id']))) {
$v_username = escapeshellarg($user); $v_domain = $_GET['domain'];
$v_domain = escapeshellarg($_GET['domain']); v_exec('v-delete-dns-domain', [$user, $v_domain]);
exec (VESTA_CMD."v-delete-dns-domain ".$v_username." ".$v_domain, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$back = $_SESSION['back']; $back = $_SESSION['back'];
if (!empty($back)) { if (!empty($back)) {
header("Location: ".$back); header("Location: $back");
exit; exit;
} }
header("Location: /list/dns/"); header("Location: /list/dns/");
@ -35,15 +32,13 @@ if ((!empty($_GET['domain'])) && (empty($_GET['record_id']))) {
// DNS record // DNS record
if ((!empty($_GET['domain'])) && (!empty($_GET['record_id']))) { if ((!empty($_GET['domain'])) && (!empty($_GET['record_id']))) {
$v_username = escapeshellarg($user); $v_domain = $_GET['domain'];
$v_domain = escapeshellarg($_GET['domain']); $v_record_id = $_GET['record_id'];
$v_record_id = escapeshellarg($_GET['record_id']); v_exec('v-delete-dns-record', [$user, $v_domain, $v_record_id]);
exec (VESTA_CMD."v-delete-dns-record ".$v_username." ".$v_domain." ".$v_record_id, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$back = $_SESSION['back']; $back = $_SESSION['back'];
if (!empty($back)) { if (!empty($back)) {
header("Location: ".$back); header("Location: $back");
exit; exit;
} }
header("Location: /list/dns/?domain=".$_GET['domain']); header("Location: /list/dns/?domain=".$_GET['domain']);
@ -52,7 +47,7 @@ if ((!empty($_GET['domain'])) && (!empty($_GET['record_id']))) {
$back = $_SESSION['back']; $back = $_SESSION['back'];
if (!empty($back)) { if (!empty($back)) {
header("Location: ".$back); header("Location: $back");
exit; exit;
} }

9
web/delete/favorite/index.php
View file

@ -5,11 +5,10 @@
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php"); include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
unset($_SESSION['favourites'][strtoupper($_REQUEST['v_section'])][$_REQUEST['v_unit_id']]); $v_section = $_REQUEST['v_section'];
$v_unit_id = $_REQUEST['v_unit_id'];
$v_section = escapeshellarg($_REQUEST['v_section']); unset($_SESSION['favourites'][strtoupper((string)$v_section)][(string)$v_unit_id]);
$v_unit_id = escapeshellarg($_REQUEST['v_unit_id']);
exec (VESTA_CMD."v-delete-user-favourites ".$_SESSION['user']." ".$v_section." ".$v_unit_id, $output, $return_var); v_exec('v-delete-user-favourites', [$_SESSION['user'], $v_section, $v_unit_id], false/*true*/);
// check_return_code($return_var,$output);
?> ?>

12
web/delete/firewall/banlist/index.php
View file

@ -16,20 +16,18 @@ if ($_SESSION['user'] != 'admin') {
// Check token // Check token
if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) { if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
header('location: /login/'); header('location: /login/');
exit(); exit;
} }
if ((!empty($_GET['ip'])) && (!empty($_GET['chain']))) { if ((!empty($_GET['ip'])) && (!empty($_GET['chain']))) {
$v_ip = escapeshellarg($_GET['ip']); $v_ip = $_GET['ip'];
$v_chain = escapeshellarg($_GET['chain']); $v_chain = $_GET['chain'];
exec (VESTA_CMD."v-delete-firewall-ban ".$v_ip." ".$v_chain, $output, $return_var); v_exec('v-delete-firewall-ban', [$v_ip, $v_chain]);
} }
check_return_code($return_var,$output);
unset($output);
$back = $_SESSION['back']; $back = $_SESSION['back'];
if (!empty($back)) { if (!empty($back)) {
header("Location: ".$back); header("Location: $back");
exit; exit;
} }

10
web/delete/firewall/index.php
View file

@ -16,19 +16,17 @@ if ($_SESSION['user'] != 'admin') {
// Check token // Check token
if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) { if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
header('location: /login/'); header('location: /login/');
exit(); exit;
} }
if (!empty($_GET['rule'])) { if (!empty($_GET['rule'])) {
$v_rule = escapeshellarg($_GET['rule']); $v_rule = $_GET['rule'];
exec (VESTA_CMD."v-delete-firewall-rule ".$v_rule, $output, $return_var); v_exec('v-delete-firewall-rule', [$v_rule]);
} }
check_return_code($return_var,$output);
unset($output);
$back = $_SESSION['back']; $back = $_SESSION['back'];
if (!empty($back)) { if (!empty($back)) {
header("Location: ".$back); header("Location: $back");
exit; exit;
} }

11
web/delete/ip/index.php
View file

@ -8,22 +8,19 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check token // Check token
if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) { if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
header('location: /login/'); header('location: /login/');
exit(); exit;
} }
if ($_SESSION['user'] == 'admin') { if ($_SESSION['user'] == 'admin') {
if (!empty($_GET['ip'])) { if (!empty($_GET['ip'])) {
$v_ip = escapeshellarg($_GET['ip']); $v_ip = $_GET['ip'];
exec (VESTA_CMD."v-delete-sys-ip ".$v_ip, $output, $return_var); v_exec('v-delete-sys-ip', [$v_ip]);
} }
check_return_code($return_var,$output);
unset($output);
} }
$back = $_SESSION['back']; $back = $_SESSION['back'];
if (!empty($back)) { if (!empty($back)) {
header("Location: ".$back); header("Location: $back");
exit; exit;
} }

24
web/delete/mail/index.php
View file

@ -13,19 +13,16 @@ if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
// Check token // Check token
if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) { if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
header('location: /login/'); header('location: /login/');
exit(); exit;
} }
// Mail domain // Mail domain
if ((!empty($_GET['domain'])) && (empty($_GET['account']))) { if ((!empty($_GET['domain'])) && (empty($_GET['account']))) {
$v_username = escapeshellarg($user); $v_domain = $_GET['domain'];
$v_domain = escapeshellarg($_GET['domain']); v_exec('v-delete-mail-domain', [$user, $v_domain]);
exec (VESTA_CMD."v-delete-mail-domain ".$v_username." ".$v_domain, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$back = $_SESSION['back']; $back = $_SESSION['back'];
if (!empty($back)) { if (!empty($back)) {
header("Location: ".$back); header("Location: $back");
exit; exit;
} }
header("Location: /list/mail/"); header("Location: /list/mail/");
@ -34,15 +31,12 @@ if ((!empty($_GET['domain'])) && (empty($_GET['account']))) {
// Mail account // Mail account
if ((!empty($_GET['domain'])) && (!empty($_GET['account']))) { if ((!empty($_GET['domain'])) && (!empty($_GET['account']))) {
$v_username = escapeshellarg($user); $v_domain = $_GET['domain'];
$v_domain = escapeshellarg($_GET['domain']); $v_account = $_GET['account'];
$v_account = escapeshellarg($_GET['account']); v_exec('v-delete-mail-account', [$user, $v_domain, $v_account]);
exec (VESTA_CMD."v-delete-mail-account ".$v_username." ".$v_domain." ".$v_account, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$back = $_SESSION['back']; $back = $_SESSION['back'];
if (!empty($back)) { if (!empty($back)) {
header("Location: ".$back); header("Location: $back");
exit; exit;
} }
header("Location: /list/mail/?domain=".$_GET['domain']); header("Location: /list/mail/?domain=".$_GET['domain']);
@ -51,7 +45,7 @@ if ((!empty($_GET['domain'])) && (!empty($_GET['account']))) {
$back = $_SESSION['back']; $back = $_SESSION['back'];
if (!empty($back)) { if (!empty($back)) {
header("Location: ".$back); header("Location: $back");
exit; exit;
} }

18
web/delete/notification/index.php
View file

@ -8,23 +8,17 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check token // Check token
if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) { if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
header('location: /login/'); header('location: /login/');
exit(); exit;
} }
if($_GET['delete'] == 1){ if($_GET['delete'] == 1){
$v_username = escapeshellarg($user); $v_id = (string)((int)$_GET['notification_id']);
$v_id = escapeshellarg((int)$_GET['notification_id']); v_exec('v-delete-user-notification', [$user, $v_id]);
exec (VESTA_CMD."v-delete-user-notification ".$v_username." ".$v_id, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
} else { } else {
$v_username = escapeshellarg($user); $v_id = (string)((int)$_GET['notification_id']);
$v_id = escapeshellarg((int)$_GET['notification_id']); //echo VESTA_CMD."v-acknowledge-user-notification ".$v_username." ".$v_id;
echo VESTA_CMD."v-acknowledge-user-notification ".$v_username." ".$v_id; v_exec('v-acknowledge-user-notification', [$user, $v_id]);
exec (VESTA_CMD."v-acknowledge-user-notification ".$v_username." ".$v_id, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
} }
exit; exit;

10
web/delete/package/index.php
View file

@ -8,21 +8,19 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check token // Check token
if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) { if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
header('location: /login/'); header('location: /login/');
exit(); exit;
} }
if ($_SESSION['user'] == 'admin') { if ($_SESSION['user'] == 'admin') {
if (!empty($_GET['package'])) { if (!empty($_GET['package'])) {
$v_package = escapeshellarg($_GET['package']); $v_package = $_GET['package'];
exec (VESTA_CMD."v-delete-user-package ".$v_package, $output, $return_var); v_exec('v-delete-user-package', [$v_package]);
} }
check_return_code($return_var,$output);
unset($output);
} }
$back = $_SESSION['back']; $back = $_SESSION['back'];
if (!empty($back)) { if (!empty($back)) {
header("Location: ".$back); header("Location: $back");
exit; exit;
} }

10
web/delete/user/index.php
View file

@ -8,22 +8,20 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check token // Check token
if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) { if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
header('location: /login/'); header('location: /login/');
exit(); exit;
} }
if ($_SESSION['user'] == 'admin') { if ($_SESSION['user'] == 'admin') {
if (!empty($_GET['user'])) { if (!empty($_GET['user'])) {
$v_username = escapeshellarg($_GET['user']); $v_username = $_GET['user'];
exec (VESTA_CMD."v-delete-user ".$v_username, $output, $return_var); v_exec('v-delete-user', [$v_username]);
} }
check_return_code($return_var,$output);
unset($_SESSION['look']); unset($_SESSION['look']);
unset($output);
} }
$back = $_SESSION['back']; $back = $_SESSION['back'];
if (!empty($back)) { if (!empty($back)) {
header("Location: ".$back); header("Location: $back");
exit; exit;
} }

11
web/delete/web/index.php
View file

@ -8,7 +8,7 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check token // Check token
if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) { if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
header('location: /login/'); header('location: /login/');
exit(); exit;
} }
// Delete as someone else? // Delete as someone else?
@ -17,16 +17,13 @@ if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
} }
if (!empty($_GET['domain'])) { if (!empty($_GET['domain'])) {
$v_username = escapeshellarg($user); $v_domain = $_GET['domain'];
$v_domain = escapeshellarg($_GET['domain']); v_exec('v-delete-domain', [$user, $v_domain]);
exec (VESTA_CMD."v-delete-domain ".$v_username." ".$v_domain, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
} }
$back = $_SESSION['back']; $back = $_SESSION['back'];
if (!empty($back)) { if (!empty($back)) {
header("Location: ".$back); header("Location: $back");
exit; exit;
} }

6
web/download/file/index.php
View file

@ -16,10 +16,10 @@ if (!empty($_REQUEST['path'])) {
header("Content-type: application/octet-stream"); header("Content-type: application/octet-stream");
header("Content-Transfer-Encoding: binary"); header("Content-Transfer-Encoding: binary");
header("Content-disposition: attachment;filename=".basename($path)); header("Content-disposition: attachment;filename=".basename($path));
passthru (VESTA_CMD . "v-open-fs-file " . $user . " " . escapeshellarg($path)); // TODO: Implement `v_passthru`?
passthru(VESTA_CMD.'v-open-fs-file '.build_shell_args([$user, $path]));
exit; exit;
} } else {
else {
die('File not found'); die('File not found');
} }

14
web/download/web-log/index.php
View file

@ -3,26 +3,20 @@
error_reporting(NULL); error_reporting(NULL);
session_start(); session_start();
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php"); include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
$v_domain = $_GET['domain']; $v_domain = $_GET['domain'];
$v_domain = escapeshellarg($_GET['domain']);
if ($_GET['type'] == 'access') $type = 'access'; if ($_GET['type'] == 'access') $type = 'access';
if ($_GET['type'] == 'error') $type = 'error'; if ($_GET['type'] == 'error') $type = 'error';
header("Cache-Control: public"); header("Cache-Control: public");
header("Content-Description: File Transfer"); header("Content-Description: File Transfer");
header("Content-Disposition: attachment; filename=".$_GET['domain'].".".$type."-log.txt"); header("Content-Disposition: attachment; filename=".$_GET['domain'].".".$type."-log.txt");
header("Content-Type: application/octet-stream; "); header("Content-Type: application/octet-stream");
header("Content-Transfer-Encoding: binary"); header("Content-Transfer-Encoding: binary");
$v_domain = escapeshellarg($_GET['domain']); $return_var = v_exec("v-list-web-domain-{$type}log", [$user, $v_domain, '5000'], false, $output);
if ($_GET['type'] == 'access') $type = 'access';
if ($_GET['type'] == 'error') $type = 'error';
exec (VESTA_CMD."v-list-web-domain-".$type."log $user ".$v_domain." 5000", $output, $return_var);
if ($return_var == 0) { if ($return_var == 0) {
foreach($output as $file) { echo $output . "\n";
echo $file . "\n";
}
} }
?> ?>

15
web/edit/backup/exclusions/index.php
View file

@ -9,14 +9,12 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Edit as someone else? // Edit as someone else?
if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) { if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
$user=escapeshellarg($_GET['user']); $user = $_GET['user'];
} }
// List backup exclustions // List backup exclustions
exec (VESTA_CMD."v-list-user-backup-exclusions ".$user." 'json'", $output, $return_var); v_exec('v-list-user-backup-exclusions', [$user, 'json'], true, $output);
check_return_code($return_var,$output); $data = json_decode($output, true);
$data = json_decode(implode('', $output), true);
unset($output);
// Parse web // Parse web
$v_username = $user; $v_username = $user;
@ -70,9 +68,10 @@ if (!empty($_POST['save'])) {
// Check token // Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) { if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/'); header('location: /login/');
exit(); exit;
} }
// TODO: Use array?
$v_web = $_POST['v_web']; $v_web = $_POST['v_web'];
$v_web_tmp = str_replace("\r\n", ",", $_POST['v_web']); $v_web_tmp = str_replace("\r\n", ",", $_POST['v_web']);
$v_web_tmp = rtrim($v_web_tmp, ","); $v_web_tmp = rtrim($v_web_tmp, ",");
@ -112,9 +111,7 @@ if (!empty($_POST['save'])) {
unset($mktemp_output); unset($mktemp_output);
// Save changes // Save changes
exec (VESTA_CMD."v-update-user-backup-exclusions ".$user." ".$tmp, $output, $return_var); v_exec('v-update-user-backup-exclusions', [$user, $tmp]);
check_return_code($return_var,$output);
unset($output);
// Set success message // Set success message
if (empty($_SESSION['error_msg'])) { if (empty($_SESSION['error_msg'])) {

45
web/edit/cron/index.php
View file

@ -9,7 +9,7 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Edit as someone else? // Edit as someone else?
if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) { if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
$user=escapeshellarg($_GET['user']); $user = $_GET['user'];
} }
// Check job id // Check job id
@ -18,16 +18,14 @@ if (empty($_GET['job'])) {
exit; exit;
} }
// List cron job
$v_job = escapeshellarg($_GET['job']);
exec (VESTA_CMD."v-list-cron-job ".$user." ".$v_job." 'json'", $output, $return_var);
check_return_code($return_var,$output);
$data = json_decode(implode('', $output), true);
unset($output);
// Parse cron job
$v_username = $user; $v_username = $user;
$v_job = $_GET['job']; $v_job = $_GET['job'];
// List cron job
v_exec('v-list-cron-job', [$user, $v_job, 'json'], true, $output);
$data = json_decode($output, true);
// Parse cron job
$v_min = $data[$v_job]['MIN']; $v_min = $data[$v_job]['MIN'];
$v_hour = $data[$v_job]['HOUR']; $v_hour = $data[$v_job]['HOUR'];
$v_day = $data[$v_job]['DAY']; $v_day = $data[$v_job]['DAY'];
@ -37,36 +35,25 @@ $v_cmd = $data[$v_job]['CMD'];
$v_date = $data[$v_job]['DATE']; $v_date = $data[$v_job]['DATE'];
$v_time = $data[$v_job]['TIME']; $v_time = $data[$v_job]['TIME'];
$v_suspended = $data[$v_job]['SUSPENDED']; $v_suspended = $data[$v_job]['SUSPENDED'];
if ( $v_suspended == 'yes' ) { $v_status = $v_suspended == 'yes' ? 'suspended' : 'active';
$v_status = 'suspended';
} else {
$v_status = 'active';
}
// Check POST request // Check POST request
if (!empty($_POST['save'])) { if (!empty($_POST['save'])) {
// Check token // Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) { if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/'); header('location: /login/');
exit(); exit;
} }
$v_username = $user; $v_min = $_POST['v_min'];
$v_job = escapeshellarg($_GET['job']); $v_hour = $_POST['v_hour'];
$v_min = escapeshellarg($_POST['v_min']); $v_day = $_POST['v_day'];
$v_hour = escapeshellarg($_POST['v_hour']); $v_month = $_POST['v_month'];
$v_day = escapeshellarg($_POST['v_day']); $v_wday = $_POST['v_wday'];
$v_month = escapeshellarg($_POST['v_month']); $v_cmd = $_POST['v_cmd'];
$v_wday = escapeshellarg($_POST['v_wday']);
$v_cmd = escapeshellarg($_POST['v_cmd']);
// Save changes // Save changes
exec (VESTA_CMD."v-change-cron-job ".$v_username." ".$v_job." ".$v_min." ".$v_hour." ".$v_day." ".$v_month." ".$v_wday." ".$v_cmd, $output, $return_var); v_exec('v-change-cron-job', [$v_username, $v_job, $v_min, $v_hour, $v_day, $v_month, $v_wday, $v_cmd]);
check_return_code($return_var,$output);
unset($output);
$v_cmd = $_POST['v_cmd'];
// Set success message // Set success message
if (empty($_SESSION['error_msg'])) { if (empty($_SESSION['error_msg'])) {

41
web/edit/db/index.php
View file

@ -21,51 +21,40 @@ if (empty($_GET['database'])) {
// Edit as someone else? // Edit as someone else?
if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) { if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
$user=escapeshellarg($_GET['user']); $user = $_GET['user'];
} }
// List datbase
$v_database = escapeshellarg($_GET['database']);
exec (VESTA_CMD."v-list-database ".$user." ".$v_database." 'json'", $output, $return_var);
check_return_code($return_var,$output);
$data = json_decode(implode('', $output), true);
unset($output);
// Parse database
$v_username = $user; $v_username = $user;
$v_database = $_GET['database']; $v_database = $_GET['database'];
// List datbase
v_exec('v-list-database', [$user, $v_database, 'json'], true, $output);
$data = json_decode($output, true);
// Parse database
$v_dbuser = $data[$v_database]['DBUSER']; $v_dbuser = $data[$v_database]['DBUSER'];
$v_password = ""; $v_password = '';
$v_host = $data[$v_database]['HOST']; $v_host = $data[$v_database]['HOST'];
$v_type = $data[$v_database]['TYPE']; $v_type = $data[$v_database]['TYPE'];
$v_charset = $data[$v_database]['CHARSET']; $v_charset = $data[$v_database]['CHARSET'];
$v_date = $data[$v_database]['DATE']; $v_date = $data[$v_database]['DATE'];
$v_time = $data[$v_database]['TIME']; $v_time = $data[$v_database]['TIME'];
$v_suspended = $data[$v_database]['SUSPENDED']; $v_suspended = $data[$v_database]['SUSPENDED'];
if ( $v_suspended == 'yes' ) { $v_status = $v_suspended == 'yes' ? 'suspended' : 'active';
$v_status = 'suspended';
} else {
$v_status = 'active';
}
// Check POST request // Check POST request
if (!empty($_POST['save'])) { if (!empty($_POST['save'])) {
$v_username = $user;
// Check token // Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) { if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/'); header('location: /login/');
exit(); exit;
} }
// Change database user // Change database user
if (($v_dbuser != $_POST['v_dbuser']) && (empty($_SESSION['error_msg']))) { if (($v_dbuser != $_POST['v_dbuser']) && (empty($_SESSION['error_msg']))) {
$v_dbuser = preg_replace("/^".$user."_/", "", $_POST['v_dbuser']); $v_dbuser = preg_replace("/^".$user."_/", "", $_POST['v_dbuser']);
$v_dbuser = escapeshellarg($v_dbuser); v_exec('v-change-database-user', [$v_username, $v_database, $v_dbuser]);
exec (VESTA_CMD."v-change-database-user ".$v_username." ".$v_database." ".$v_dbuser, $output, $return_var); $v_dbuser = $user . '_' . $v_dbuser;
check_return_code($return_var,$output);
unset($output);
$v_dbuser = $user."_".preg_replace("/^".$user."_/", "", $_POST['v_dbuser']);
} }
// Change database password // Change database password
@ -74,11 +63,9 @@ if (!empty($_POST['save'])) {
$fp = fopen($v_password, "w"); $fp = fopen($v_password, "w");
fwrite($fp, $_POST['v_password']."\n"); fwrite($fp, $_POST['v_password']."\n");
fclose($fp); fclose($fp);
exec (VESTA_CMD."v-change-database-password ".$v_username." ".$v_database." ".$v_password, $output, $return_var); v_exec('v-change-database-password', [$v_username, $v_database, $v_password]);
check_return_code($return_var,$output);
unset($output);
unlink($v_password); unlink($v_password);
$v_password = escapeshellarg($_POST['v_password']); $v_password = $_POST['v_password'];
} }
// Set success message // Set success message

95
web/edit/dns/index.php
View file

@ -15,20 +15,18 @@ if (empty($_GET['domain'])) {
// Edit as someone else? // Edit as someone else?
if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) { if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
$user=escapeshellarg($_GET['user']); $user = $_GET['user'];
} }
$v_username = $user;
// List dns domain // List dns domain
if ((!empty($_GET['domain'])) && (empty($_GET['record_id']))) { if ((!empty($_GET['domain'])) && (empty($_GET['record_id']))) {
$v_domain = escapeshellarg($_GET['domain']); $v_domain = $_GET['domain'];
exec (VESTA_CMD."v-list-dns-domain ".$user." ".$v_domain." json", $output, $return_var);
check_return_code($return_var,$output); v_exec('v-list-dns-domain', [$user, $v_domain, 'json'], true, $output);
$data = json_decode(implode('', $output), true); $data = json_decode($output, true);
unset($output);
// Parse dns domain // Parse dns domain
$v_username = $user;
$v_domain = $_GET['domain'];
$v_ip = $data[$v_domain]['IP']; $v_ip = $data[$v_domain]['IP'];
$v_template = $data[$v_domain]['TPL']; $v_template = $data[$v_domain]['TPL'];
$v_ttl = $data[$v_domain]['TTL']; $v_ttl = $data[$v_domain]['TTL'];
@ -44,24 +42,19 @@ if ((!empty($_GET['domain'])) && (empty($_GET['record_id']))) {
} }
// List dns templates // List dns templates
exec (VESTA_CMD."v-list-dns-templates json", $output, $return_var); v_exec('v-list-dns-templates', ['json'], false, $output);
$templates = json_decode(implode('', $output), true); $templates = json_decode($output, true);
unset($output);
} }
// List dns record // List dns record
if ((!empty($_GET['domain'])) && (!empty($_GET['record_id']))) { if ((!empty($_GET['domain'])) && (!empty($_GET['record_id']))) {
$v_domain = escapeshellarg($_GET['domain']);
$v_record_id = escapeshellarg($_GET['record_id']);
exec (VESTA_CMD."v-list-dns-records ".$user." ".$v_domain." 'json'", $output, $return_var);
check_return_code($return_var,$output);
$data = json_decode(implode('', $output), true);
unset($output);
// Parse dns record
$v_username = $user;
$v_domain = $_GET['domain']; $v_domain = $_GET['domain'];
$v_record_id = $_GET['record_id']; $v_record_id = $_GET['record_id'];
v_exec('v-list-dns-records', [$user, $v_domain, 'json'], true, $output);
$data = json_decode($output, true);
// Parse dns record
$v_rec = $data[$v_record_id]['RECORD']; $v_rec = $data[$v_record_id]['RECORD'];
$v_type = $data[$v_record_id]['TYPE']; $v_type = $data[$v_record_id]['TYPE'];
$v_val = $data[$v_record_id]['VALUE']; $v_val = $data[$v_record_id]['VALUE'];
@ -78,63 +71,51 @@ if ((!empty($_GET['domain'])) && (!empty($_GET['record_id']))) {
// Check POST request for dns domain // Check POST request for dns domain
if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (empty($_GET['record_id']))) { if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (empty($_GET['record_id']))) {
$v_domain = escapeshellarg($_POST['v_domain']); $v_domain = $_POST['v_domain'];
// Check token // Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) { if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/'); header('location: /login/');
exit(); exit;
} }
// Change domain IP // Change domain IP
if (($v_ip != $_POST['v_ip']) && (empty($_SESSION['error_msg']))) { if (($v_ip != $_POST['v_ip']) && (empty($_SESSION['error_msg']))) {
$v_ip = escapeshellarg($_POST['v_ip']); $v_ip = $_POST['v_ip'];
exec (VESTA_CMD."v-change-dns-domain-ip ".$v_username." ".$v_domain." ".$v_ip." 'no'", $output, $return_var); v_exec('v-change-dns-domain-ip', [$v_username, $v_domain, $v_ip, 'no']);
check_return_code($return_var,$output);
$restart_dns = 'yes'; $restart_dns = 'yes';
unset($output);
} }
// Change domain template // Change domain template
if (($v_template != $_POST['v_template']) && (empty($_SESSION['error_msg']))) { if (($v_template != $_POST['v_template']) && (empty($_SESSION['error_msg']))) {
$v_template = escapeshellarg($_POST['v_template']); $v_template = $_POST['v_template'];
exec (VESTA_CMD."v-change-dns-domain-tpl ".$v_username." ".$v_domain." ".$v_template." 'no'", $output, $return_var); v_exec('v-change-dns-domain-tpl', [$v_username, $v_domain, $v_template, 'no']);
check_return_code($return_var,$output);
unset($output);
$restart_dns = 'yes'; $restart_dns = 'yes';
} }
// Change SOA record // Change SOA record
if (($v_soa != $_POST['v_soa']) && (empty($_SESSION['error_msg']))) { if (($v_soa != $_POST['v_soa']) && (empty($_SESSION['error_msg']))) {
$v_soa = escapeshellarg($_POST['v_soa']); $v_soa = $_POST['v_soa'];
exec (VESTA_CMD."v-change-dns-domain-soa ".$v_username." ".$v_domain." ".$v_soa." 'no'", $output, $return_var); v_exec('v-change-dns-domain-soa', [$v_username, $v_domain, $v_soa, 'no']);
check_return_code($return_var,$output);
unset($output);
$restart_dns = 'yes'; $restart_dns = 'yes';
} }
// Change expiriation date // Change expiriation date
if (($v_exp != $_POST['v_exp']) && (empty($_SESSION['error_msg']))) { if (($v_exp != $_POST['v_exp']) && (empty($_SESSION['error_msg']))) {
$v_exp = escapeshellarg($_POST['v_exp']); $v_exp = $_POST['v_exp'];
exec (VESTA_CMD."v-change-dns-domain-exp ".$v_username." ".$v_domain." ".$v_exp." 'no'", $output, $return_var); v_exec('v-change-dns-domain-exp', [$v_username, $v_domain, $v_exp, 'no']);
check_return_code($return_var,$output);
unset($output);
} }
// Change domain ttl // Change domain ttl
if (($v_ttl != $_POST['v_ttl']) && (empty($_SESSION['error_msg']))) { if (($v_ttl != $_POST['v_ttl']) && (empty($_SESSION['error_msg']))) {
$v_ttl = escapeshellarg($_POST['v_ttl']); $v_ttl = $_POST['v_ttl'];
exec (VESTA_CMD."v-change-dns-domain-ttl ".$v_username." ".$v_domain." ".$v_ttl." 'no'", $output, $return_var); v_exec('v-change-dns-domain-ttl', [$v_username, $v_domain, $v_ttl, 'no']);
check_return_code($return_var,$output);
unset($output);
$restart_dns = 'yes'; $restart_dns = 'yes';
} }
// Restart dns server // Restart dns server
if (!empty($restart_dns) && (empty($_SESSION['error_msg']))) { if (!empty($restart_dns) && (empty($_SESSION['error_msg']))) {
exec (VESTA_CMD."v-restart-dns", $output, $return_var); v_exec('v-restart-dns');
check_return_code($return_var,$output);
unset($output);
} }
// Set success message // Set success message
@ -149,38 +130,30 @@ if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (!empty($_GET['reco
// Check token // Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) { if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/'); header('location: /login/');
exit(); exit;
} }
// Protect input $v_domain = $_POST['v_domain'];
$v_domain = escapeshellarg($_POST['v_domain']); $v_record_id = $_POST['v_record_id'];
$v_record_id = escapeshellarg($_POST['v_record_id']);
// Change dns record // Change dns record
if (($v_val != $_POST['v_val']) || ($v_priority != $_POST['v_priority']) && (empty($_SESSION['error_msg']))) { if (($v_val != $_POST['v_val']) || ($v_priority != $_POST['v_priority']) && (empty($_SESSION['error_msg']))) {
$v_val = escapeshellarg($_POST['v_val']);
$v_priority = escapeshellarg($_POST['v_priority']);
exec (VESTA_CMD."v-change-dns-record ".$v_username." ".$v_domain." ".$v_record_id." ".$v_val." ".$v_priority, $output, $return_var);
check_return_code($return_var,$output);
$v_val = $_POST['v_val']; $v_val = $_POST['v_val'];
unset($output); $v_priority = $_POST['v_priority'];
v_exec('v-change-dns-record', [$v_username, $v_domain, $v_record_id, $v_val, $v_priority]);
$restart_dns = 'yes'; $restart_dns = 'yes';
} }
// Change dns record id // Change dns record id
if (($_GET['record_id'] != $_POST['v_record_id']) && (empty($_SESSION['error_msg']))) { if (($_GET['record_id'] != $_POST['v_record_id']) && (empty($_SESSION['error_msg']))) {
$v_old_record_id = escapeshellarg($_GET['record_id']); $v_old_record_id = $_GET['record_id'];
exec (VESTA_CMD."v-change-dns-record-id ".$v_username." ".$v_domain." ".$v_old_record_id." ".$v_record_id, $output, $return_var); v_exec('v-change-dns-record-id', [$v_username, $v_domain, $v_old_record_id, $v_record_id]);
check_return_code($return_var,$output);
unset($output);
$restart_dns = 'yes'; $restart_dns = 'yes';
} }
// Restart dns server // Restart dns server
if (!empty($restart_dns) && (empty($_SESSION['error_msg']))) { if (!empty($restart_dns) && (empty($_SESSION['error_msg']))) {
exec (VESTA_CMD."v-restart-dns", $output, $return_var); v_exec('v-restart-dns');
check_return_code($return_var,$output);
unset($output);
} }
// Set success message // Set success message

8
web/edit/file/index.php
View file

@ -32,7 +32,6 @@ if (($_SESSION['user'] == 'admin') && (!empty($_SESSION['look']))) {
<div id="error-message" style="display:none; position: absoulte;background-color: red; color: white; padding: 10px;"></div> <div id="error-message" style="display:none; position: absoulte;background-color: red; color: white; padding: 10px;"></div>
<?php <?php
if (!empty($_REQUEST['path'])) { if (!empty($_REQUEST['path'])) {
$content = ''; $content = '';
$path = $_REQUEST['path']; $path = $_REQUEST['path'];
@ -47,8 +46,7 @@ if (($_SESSION['user'] == 'admin') && (!empty($_SESSION['look']))) {
chmod($fn, 0644); chmod($fn, 0644);
if ($f) { if ($f) {
exec (VESTA_CMD . "v-copy-fs-file {$user} {$fn} ".escapeshellarg($path), $output, $return_var); $return_var = v_exec('v-copy-fs-file', [$user, $fn, $path]);
$error = check_return_code($return_var, $output);
if ($return_var != 0) { if ($return_var != 0) {
print('<p style="color: white">Error while saving file</p>'); print('<p style="color: white">Error while saving file</p>');
exit; exit;
@ -58,12 +56,12 @@ if (($_SESSION['user'] == 'admin') && (!empty($_SESSION['look']))) {
} }
} }
exec (VESTA_CMD . "v-open-fs-file {$user} ".escapeshellarg($path), $content, $return_var); $return_var = v_exec('v-open-fs-file', [$user, $path], false, $content);
if ($return_var != 0) { if ($return_var != 0) {
print 'Error while opening file'; // todo: handle this more styled print 'Error while opening file'; // todo: handle this more styled
exit; exit;
} }
$content = implode("\n", $content)."\n"; $content = $content . "\n";
} else { } else {
$content = ''; $content = '';
} }

39
web/edit/firewall/index.php
View file

@ -20,15 +20,13 @@ if (empty($_GET['rule'])) {
exit; exit;
} }
$v_rule = $_GET['rule'];
// List rule // List rule
$v_rule = escapeshellarg($_GET['rule']); v_exec('v-list-firewall-rule', [$v_rule, 'json'], true, $output);
exec (VESTA_CMD."v-list-firewall-rule ".$v_rule." 'json'", $output, $return_var); $data = json_decode($output, true);
check_return_code($return_var,$output);
$data = json_decode(implode('', $output), true);
unset($output);
// Parse rule // Parse rule
$v_rule = $_GET['rule'];
$v_action = $data[$v_rule]['ACTION']; $v_action = $data[$v_rule]['ACTION'];
$v_protocol = $data[$v_rule]['PROTOCOL']; $v_protocol = $data[$v_rule]['PROTOCOL'];
$v_port = $data[$v_rule]['PORT']; $v_port = $data[$v_rule]['PORT'];
@ -37,37 +35,17 @@ $v_comment = $data[$v_rule]['COMMENT'];
$v_date = $data[$v_rule]['DATE']; $v_date = $data[$v_rule]['DATE'];
$v_time = $data[$v_rule]['TIME']; $v_time = $data[$v_rule]['TIME'];
$v_suspended = $data[$v_rule]['SUSPENDED']; $v_suspended = $data[$v_rule]['SUSPENDED'];
if ( $v_suspended == 'yes' ) { $v_status = $v_suspended == 'yes' ? 'suspended' : 'active';
$v_status = 'suspended';
} else {
$v_status = 'active';
}
// Check POST request // Check POST request
if (!empty($_POST['save'])) { if (!empty($_POST['save'])) {
// Check token // Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) { if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/'); header('location: /login/');
exit(); exit;
} }
$v_rule = escapeshellarg($_GET['rule']); $v_rule = $_GET['rule'];
$v_action = escapeshellarg($_POST['v_action']);
$v_protocol = escapeshellarg($_POST['v_protocol']);
$v_port = str_replace(" ",",", $_POST['v_port']);
$v_port = preg_replace('/\,+/', ',', $v_port);
$v_port = trim($v_port, ",");
$v_port = escapeshellarg($v_port);
$v_ip = escapeshellarg($_POST['v_ip']);
$v_comment = escapeshellarg($_POST['v_comment']);
// Change Status
exec (VESTA_CMD."v-change-firewall-rule ".$v_rule." ".$v_action." ".$v_ip." ".$v_port." ".$v_protocol." ".$v_comment, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$v_rule = $_GET['v_rule'];
$v_action = $_POST['v_action']; $v_action = $_POST['v_action'];
$v_protocol = $_POST['v_protocol']; $v_protocol = $_POST['v_protocol'];
$v_port = str_replace(" ",",", $_POST['v_port']); $v_port = str_replace(" ",",", $_POST['v_port']);
@ -76,6 +54,9 @@ if (!empty($_POST['save'])) {
$v_ip = $_POST['v_ip']; $v_ip = $_POST['v_ip'];
$v_comment = $_POST['v_comment']; $v_comment = $_POST['v_comment'];
// Change Status
v_exec('v-change-firewall-rule', [$v_rule, $v_action, $v_ip, $v_port, $v_protocol, $v_comment]);
// Set success message // Set success message
if (empty($_SESSION['error_msg'])) { if (empty($_SESSION['error_msg'])) {
$_SESSION['ok_msg'] = __('Changes has been saved.'); $_SESSION['ok_msg'] = __('Changes has been saved.');

46
web/edit/ip/index.php
View file

@ -19,16 +19,14 @@ if (empty($_GET['ip'])) {
exit; exit;
} }
// List ip
$v_ip = escapeshellarg($_GET['ip']);
exec (VESTA_CMD."v-list-sys-ip ".$v_ip." 'json'", $output, $return_var);
check_return_code($return_var,$output);
$data = json_decode(implode('', $output), true);
unset($output);
// Parse ip
$v_username = $user; $v_username = $user;
$v_ip = $_GET['ip']; $v_ip = $_GET['ip'];
// List ip
v_exec('v-list-sys-ip', [$v_ip, 'json'], true, $output);
$data = json_decode($output, true);
// Parse ip
$v_netmask = $data[$v_ip]['NETMASK']; $v_netmask = $data[$v_ip]['NETMASK'];
$v_interace = $data[$v_ip]['INTERFACE']; $v_interace = $data[$v_ip]['INTERFACE'];
$v_name = $data[$v_ip]['NAME']; $v_name = $data[$v_ip]['NAME'];
@ -46,51 +44,39 @@ if ( $v_suspended == 'yes' ) {
} }
// List users // List users
exec (VESTA_CMD."v-list-sys-users 'json'", $output, $return_var); v_exec('v-list-sys-users', ['json'], false, $output);
$users = json_decode(implode('', $output), true); $users = json_decode($output, true);
unset($output);
// Check POST request // Check POST request
if (!empty($_POST['save'])) { if (!empty($_POST['save'])) {
$v_ip = escapeshellarg($_POST['v_ip']); $v_ip = $_POST['v_ip'];
// Change Status // Change Status
if (($v_ipstatus == 'shared') && (empty($_POST['v_shared'])) && (empty($_SESSION['error_msg']))) { if (($v_ipstatus == 'shared') && (empty($_POST['v_shared'])) && (empty($_SESSION['error_msg']))) {
exec (VESTA_CMD."v-change-sys-ip-status ".$v_ip." 'dedicated'", $output, $return_var); v_exec('v-change-sys-ip-status', [$v_ip, 'dedicated']);
check_return_code($return_var,$output);
unset($output);
$v_dedicated = 'yes'; $v_dedicated = 'yes';
} }
if (($v_ipstatus == 'dedicated') && (!empty($_POST['v_shared'])) && (empty($_SESSION['error_msg']))) { if (($v_ipstatus == 'dedicated') && (!empty($_POST['v_shared'])) && (empty($_SESSION['error_msg']))) {
exec (VESTA_CMD."v-change-sys-ip-status ".$v_ip." 'shared'", $output, $return_var); v_exec('v-change-sys-ip-status', [$v_ip, 'shared']);
check_return_code($return_var,$output);
unset($output);
unset($v_dedicated); unset($v_dedicated);
} }
// Change owner // Change owner
if (($v_owner != $_POST['v_owner']) && (empty($_SESSION['error_msg']))) { if (($v_owner != $_POST['v_owner']) && (empty($_SESSION['error_msg']))) {
$v_owner = escapeshellarg($_POST['v_owner']);
exec (VESTA_CMD."v-change-sys-ip-owner ".$v_ip." ".$v_owner, $output, $return_var);
check_return_code($return_var,$output);
$v_owner = $_POST['v_owner']; $v_owner = $_POST['v_owner'];
unset($output); v_exec('v-change-sys-ip-owner', [$v_ip, $v_owner]);
} }
// Change associated domain // Change associated domain
if (($v_name != $_POST['v_name']) && (empty($_SESSION['error_msg']))) { if (($v_name != $_POST['v_name']) && (empty($_SESSION['error_msg']))) {
$v_name = escapeshellarg($_POST['v_name']); $v_name = $_POST['v_name'];
exec (VESTA_CMD."v-change-sys-ip-name ".$v_ip." ".$v_name, $output, $return_var); v_exec('v-change-sys-ip-name', [$v_ip, $v_name]);
check_return_code($return_var,$output);
unset($output);
} }
// Change NAT address // Change NAT address
if (($v_nat != $_POST['v_nat']) && (empty($_SESSION['error_msg']))) { if (($v_nat != $_POST['v_nat']) && (empty($_SESSION['error_msg']))) {
$v_nat = escapeshellarg($_POST['v_nat']); $v_nat = $_POST['v_nat'];
exec (VESTA_CMD."v-change-sys-ip-nat ".$v_ip." ".$v_nat, $output, $return_var); v_exec('v-change-sys-ip-nat', [$v_ip, $v_nat]);
check_return_code($return_var,$output);
unset($output);
} }
// Set success message // Set success message

129
web/edit/mail/index.php
View file

@ -21,19 +21,18 @@ if (empty($_GET['domain'])) {
// Edit as someone else? // Edit as someone else?
if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) { if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
$user=escapeshellarg($_GET['user']); $user = $_GET['user'];
} }
$v_username = $user; $v_username = $user;
// List mail domain // List mail domain
if ((!empty($_GET['domain'])) && (empty($_GET['account']))) { if ((!empty($_GET['domain'])) && (empty($_GET['account']))) {
$v_domain = escapeshellarg($_GET['domain']); $v_domain = $_GET['domain'];
exec (VESTA_CMD."v-list-mail-domain ".$user." ".$v_domain." json", $output, $return_var);
$data = json_decode(implode('', $output), true); v_exec('v-list-mail-domain', [$user, $v_domain, 'json'], false, $output);
unset($output); $data = json_decode($output, true);
// Parse domain // Parse domain
$v_domain = $_GET['domain'];
$v_antispam = $data[$v_domain]['ANTISPAM']; $v_antispam = $data[$v_domain]['ANTISPAM'];
$v_antivirus = $data[$v_domain]['ANTIVIRUS']; $v_antivirus = $data[$v_domain]['ANTIVIRUS'];
$v_dkim = $data[$v_domain]['DKIM']; $v_dkim = $data[$v_domain]['DKIM'];
@ -50,17 +49,14 @@ if ((!empty($_GET['domain'])) && (empty($_GET['account']))) {
// List mail account // List mail account
if ((!empty($_GET['domain'])) && (!empty($_GET['account']))) { if ((!empty($_GET['domain'])) && (!empty($_GET['account']))) {
$v_domain = escapeshellarg($_GET['domain']);
$v_account = escapeshellarg($_GET['account']);
exec (VESTA_CMD."v-list-mail-account ".$user." ".$v_domain." ".$v_account." 'json'", $output, $return_var);
$data = json_decode(implode('', $output), true);
unset($output);
// Parse mail account
$v_username = $user;
$v_domain = $_GET['domain']; $v_domain = $_GET['domain'];
$v_account = $_GET['account']; $v_account = $_GET['account'];
$v_password = "";
v_exec('v-list-mail-account', [$user, $v_domain, $v_account, 'json'], false, $output);
$data = json_decode($output, true);
// Parse mail account
$v_password = '';
$v_aliases = str_replace(',', "\n", $data[$v_account]['ALIAS']); $v_aliases = str_replace(',', "\n", $data[$v_account]['ALIAS']);
$valiases = explode(",", $data[$v_account]['ALIAS']); $valiases = explode(",", $data[$v_account]['ALIAS']);
$v_fwd = str_replace(',', "\n", $data[$v_account]['FWD']); $v_fwd = str_replace(',', "\n", $data[$v_account]['FWD']);
@ -79,9 +75,8 @@ if ((!empty($_GET['domain'])) && (!empty($_GET['account']))) {
// Parse autoreply // Parse autoreply
if ( $v_autoreply == 'yes' ) { if ( $v_autoreply == 'yes' ) {
exec (VESTA_CMD."v-list-mail-account-autoreply ".$user." '".$v_domain."' '".$v_account."' json", $output, $return_var); v_exec('v-list-mail-account-autoreply', [$user, $v_domain, $v_account, 'json'], false, $output);
$autoreply_str = json_decode(implode('', $output), true); $autoreply_str = json_decode($output, true);
unset($output);
$v_autoreply_message = $autoreply_str[$v_account]['MSG']; $v_autoreply_message = $autoreply_str[$v_account]['MSG'];
} }
} }
@ -89,86 +84,68 @@ if ((!empty($_GET['domain'])) && (!empty($_GET['account']))) {
// Check POST request for mail domain // Check POST request for mail domain
if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (empty($_GET['account']))) { if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (empty($_GET['account']))) {
$v_domain = escapeshellarg($_POST['v_domain']); $v_domain = $_POST['v_domain'];
// Check token // Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) { if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/'); header('location: /login/');
exit(); exit;
} }
// Delete antispam // Delete antispam
if (($v_antispam == 'yes') && (empty($_POST['v_antispam'])) && (empty($_SESSION['error_msg']))) { if (($v_antispam == 'yes') && (empty($_POST['v_antispam'])) && (empty($_SESSION['error_msg']))) {
exec (VESTA_CMD."v-delete-mail-domain-antispam ".$v_username." ".$v_domain, $output, $return_var); v_exec('v-delete-mail-domain-antispam', [$v_username, $v_domain]);
check_return_code($return_var,$output);
$v_antispam = 'no'; $v_antispam = 'no';
unset($output);
} }
// Add antispam // Add antispam
if (($v_antispam == 'no') && (!empty($_POST['v_antispam'])) && (empty($_SESSION['error_msg']))) { if (($v_antispam == 'no') && (!empty($_POST['v_antispam'])) && (empty($_SESSION['error_msg']))) {
exec (VESTA_CMD."v-add-mail-domain-antispam ".$v_username." ".$v_domain, $output, $return_var); v_exec('v-add-mail-domain-antispam', [$v_username, $v_domain]);
check_return_code($return_var,$output);
$v_antispam = 'yes'; $v_antispam = 'yes';
unset($output);
} }
// Delete antivirus // Delete antivirus
if (($v_antivirus == 'yes') && (empty($_POST['v_antivirus'])) && (empty($_SESSION['error_msg']))) { if (($v_antivirus == 'yes') && (empty($_POST['v_antivirus'])) && (empty($_SESSION['error_msg']))) {
exec (VESTA_CMD."v-delete-mail-domain-antivirus ".$v_username." ".$v_domain, $output, $return_var); v_exec('v-delete-mail-domain-antivirus', [$v_username, $v_domain]);
check_return_code($return_var,$output);
$v_antivirus = 'no'; $v_antivirus = 'no';
unset($output);
} }
// Add antivirs // Add antivirs
if (($v_antivirus == 'no') && (!empty($_POST['v_antivirus'])) && (empty($_SESSION['error_msg']))) { if (($v_antivirus == 'no') && (!empty($_POST['v_antivirus'])) && (empty($_SESSION['error_msg']))) {
exec (VESTA_CMD."v-add-mail-domain-antivirus ".$v_username." ".$v_domain, $output, $return_var); v_exec('v-add-mail-domain-antivirus', [$v_username, $v_domain]);
check_return_code($return_var,$output);
$v_antivirus = 'yes'; $v_antivirus = 'yes';
unset($output);
} }
// Delete DKIM // Delete DKIM
if (($v_dkim == 'yes') && (empty($_POST['v_dkim'])) && (empty($_SESSION['error_msg']))) { if (($v_dkim == 'yes') && (empty($_POST['v_dkim'])) && (empty($_SESSION['error_msg']))) {
exec (VESTA_CMD."v-delete-mail-domain-dkim ".$v_username." ".$v_domain, $output, $return_var); v_exec('v-delete-mail-domain-dkim', [$v_username, $v_domain]);
check_return_code($return_var,$output);
$v_dkim = 'no'; $v_dkim = 'no';
unset($output);
} }
// Add DKIM // Add DKIM
if (($v_dkim == 'no') && (!empty($_POST['v_dkim'])) && (empty($_SESSION['error_msg']))) { if (($v_dkim == 'no') && (!empty($_POST['v_dkim'])) && (empty($_SESSION['error_msg']))) {
exec (VESTA_CMD."v-add-mail-domain-dkim ".$v_username." ".$v_domain, $output, $return_var); v_exec('v-add-mail-domain-dkim', [$v_username, $v_domain]);
check_return_code($return_var,$output);
$v_dkim = 'yes'; $v_dkim = 'yes';
unset($output);
} }
// Delete catchall // Delete catchall
if ((!empty($v_catchall)) && (empty($_POST['v_catchall'])) && (empty($_SESSION['error_msg']))) { if ((!empty($v_catchall)) && (empty($_POST['v_catchall'])) && (empty($_SESSION['error_msg']))) {
exec (VESTA_CMD."v-delete-mail-domain-catchall ".$v_username." ".$v_domain, $output, $return_var); v_exec('v-delete-mail-domain-catchall', [$v_username, $v_domain]);
check_return_code($return_var,$output);
$v_catchall = ''; $v_catchall = '';
unset($output);
} }
// Change catchall address // Change catchall address
if ((!empty($v_catchall)) && (!empty($_POST['v_catchall'])) && (empty($_SESSION['error_msg']))) { if ((!empty($v_catchall)) && (!empty($_POST['v_catchall'])) && (empty($_SESSION['error_msg']))) {
if ($v_catchall != $_POST['v_catchall']) { if ($v_catchall != $_POST['v_catchall']) {
$v_catchall = escapeshellarg($_POST['v_catchall']); $v_catchall = $_POST['v_catchall'];
exec (VESTA_CMD."v-change-mail-domain-catchall ".$v_username." ".$v_domain." ".$v_catchall, $output, $return_var); v_exec('v-change-mail-domain-catchall', [$v_username, $v_domain, $v_catchall]);
check_return_code($return_var,$output);
unset($output);
} }
} }
// Add catchall // Add catchall
if ((empty($v_catchall)) && (!empty($_POST['v_catchall'])) && (empty($_SESSION['error_msg']))) { if ((empty($v_catchall)) && (!empty($_POST['v_catchall'])) && (empty($_SESSION['error_msg']))) {
$v_catchall = escapeshellarg($_POST['v_catchall']); $v_catchall = $_POST['v_catchall'];
exec (VESTA_CMD."v-add-mail-domain-catchall ".$v_username." ".$v_domain." ".$v_catchall, $output, $return_var); v_exec('v-add-mail-domain-catchall', [$v_username, $v_domain, $v_catchall]);
check_return_code($return_var,$output);
unset($output);
} }
// Set success message // Set success message
@ -183,11 +160,11 @@ if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (!empty($_GET['acco
// Check token // Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) { if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/'); header('location: /login/');
exit(); exit;
} }
$v_domain = escapeshellarg($_POST['v_domain']); $v_domain = $_POST['v_domain'];
$v_account = escapeshellarg($_POST['v_account']); $v_account = $_POST['v_account'];
// Change password // Change password
if ((!empty($_POST['v_password'])) && (empty($_SESSION['error_msg']))) { if ((!empty($_POST['v_password'])) && (empty($_SESSION['error_msg']))) {
@ -195,23 +172,19 @@ if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (!empty($_GET['acco
$fp = fopen($v_password, "w"); $fp = fopen($v_password, "w");
fwrite($fp, $_POST['v_password']."\n"); fwrite($fp, $_POST['v_password']."\n");
fclose($fp); fclose($fp);
exec (VESTA_CMD."v-change-mail-account-password ".$v_username." ".$v_domain." ".$v_account." ".$v_password, $output, $return_var); v_exec('v-change-mail-account-password', [$v_username, $v_domain, $v_account, $v_password]);
check_return_code($return_var,$output);
unset($output);
unlink($v_password); unlink($v_password);
$v_password = escapeshellarg($_POST['v_password']);; $v_password = $_POST['v_password'];
} }
// Change quota // Change quota
if (($v_quota != $_POST['v_quota']) && (empty($_SESSION['error_msg']))) { if (($v_quota != $_POST['v_quota']) && (empty($_SESSION['error_msg']))) {
if (empty($_POST['v_quota'])) { if (empty($_POST['v_quota'])) {
$v_quota = 0; $v_quota = '0';
} else { } else {
$v_quota = escapeshellarg($_POST['v_quota']); $v_quota = $_POST['v_quota'];
} }
exec (VESTA_CMD."v-change-mail-account-quota ".$v_username." ".$v_domain." ".$v_account." ".$v_quota, $output, $return_var); v_exec('v-change-mail-account-quota', [$v_username, $v_domain, $v_account, $v_quota]);
check_return_code($return_var,$output);
unset($output);
} }
// Change account aliases // Change account aliases
@ -225,17 +198,13 @@ if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (!empty($_GET['acco
$result = array_diff($valiases, $aliases); $result = array_diff($valiases, $aliases);
foreach ($result as $alias) { foreach ($result as $alias) {
if ((empty($_SESSION['error_msg'])) && (!empty($alias))) { if ((empty($_SESSION['error_msg'])) && (!empty($alias))) {
exec (VESTA_CMD."v-delete-mail-account-alias ".$v_username." ".$v_domain." ".$v_account." '".$alias."'", $output, $return_var); v_exec('v-delete-mail-account-alias', [$v_username, $v_domain, $v_account, $alias]);
check_return_code($return_var,$output);
unset($output);
} }
} }
$result = array_diff($aliases, $valiases); $result = array_diff($aliases, $valiases);
foreach ($result as $alias) { foreach ($result as $alias) {
if ((empty($_SESSION['error_msg'])) && (!empty($alias))) { if ((empty($_SESSION['error_msg'])) && (!empty($alias))) {
exec (VESTA_CMD."v-add-mail-account-alias ".$v_username." ".$v_domain." ".$v_account." ".escapeshellarg($alias), $output, $return_var); v_exec('v-add-mail-account-alias', [$v_username, $v_domain, $v_account, $alias]);
check_return_code($return_var,$output);
unset($output);
} }
} }
} }
@ -251,42 +220,32 @@ if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (!empty($_GET['acco
$result = array_diff($vfwd, $fwd); $result = array_diff($vfwd, $fwd);
foreach ($result as $forward) { foreach ($result as $forward) {
if ((empty($_SESSION['error_msg'])) && (!empty($forward))) { if ((empty($_SESSION['error_msg'])) && (!empty($forward))) {
exec (VESTA_CMD."v-delete-mail-account-forward ".$v_username." ".$v_domain." ".$v_account." '".$forward."'", $output, $return_var); v_exec('v-delete-mail-account-forward', [$v_username, $v_domain, $v_account, $forward]);
check_return_code($return_var,$output);
unset($output);
} }
} }
$result = array_diff($fwd, $vfwd); $result = array_diff($fwd, $vfwd);
foreach ($result as $forward) { foreach ($result as $forward) {
if ((empty($_SESSION['error_msg'])) && (!empty($forward))) { if ((empty($_SESSION['error_msg'])) && (!empty($forward))) {
exec (VESTA_CMD."v-add-mail-account-forward ".$v_username." ".$v_domain." ".$v_account." ".escapeshellarg($forward), $output, $return_var); v_exec('v-add-mail-account-forward', [$v_username, $v_domain, $v_account, $forward]);
check_return_code($return_var,$output);
unset($output);
} }
} }
} }
// Delete FWD_ONLY flag // Delete FWD_ONLY flag
if (($v_fwd_only == 'yes') && (empty($_POST['v_fwd_only'])) && (empty($_SESSION['error_msg']))) { if (($v_fwd_only == 'yes') && (empty($_POST['v_fwd_only'])) && (empty($_SESSION['error_msg']))) {
exec (VESTA_CMD."v-delete-mail-account-fwd-only ".$v_username." ".$v_domain." ".$v_account, $output, $return_var); v_exec('v-delete-mail-account-fwd-only', [$v_username, $v_domain, $v_account]);
check_return_code($return_var,$output);
unset($output);
$v_fwd_only = ''; $v_fwd_only = '';
} }
// Add FWD_ONLY flag // Add FWD_ONLY flag
if (($v_fwd_only != 'yes') && (!empty($_POST['v_fwd_only'])) && (empty($_SESSION['error_msg']))) { if (($v_fwd_only != 'yes') && (!empty($_POST['v_fwd_only'])) && (empty($_SESSION['error_msg']))) {
exec (VESTA_CMD."v-add-mail-account-fwd-only ".$v_username." ".$v_domain." ".$v_account, $output, $return_var); v_exec('v-add-mail-account-fwd-only', [$v_username, $v_domain, $v_account]);
check_return_code($return_var,$output);
unset($output);
$v_fwd_only = 'yes'; $v_fwd_only = 'yes';
} }
// Delete autoreply // Delete autoreply
if (($v_autoreply == 'yes') && (empty($_POST['v_autoreply'])) && (empty($_SESSION['error_msg']))) { if (($v_autoreply == 'yes') && (empty($_POST['v_autoreply'])) && (empty($_SESSION['error_msg']))) {
exec (VESTA_CMD."v-delete-mail-account-autoreply ".$v_username." ".$v_domain." ".$v_account, $output, $return_var); v_exec('v-delete-mail-account-autoreply', [$v_username, $v_domain, $v_account]);
check_return_code($return_var,$output);
unset($output);
$v_autoreply = 'no'; $v_autoreply = 'no';
$v_autoreply_message = ''; $v_autoreply_message = '';
} }
@ -295,12 +254,8 @@ if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (!empty($_GET['acco
if ((!empty($_POST['v_autoreply'])) && (empty($_SESSION['error_msg']))) { if ((!empty($_POST['v_autoreply'])) && (empty($_SESSION['error_msg']))) {
if ($v_autoreply_message != str_replace("\r\n", "\n", $_POST['v_autoreply_message'])) { if ($v_autoreply_message != str_replace("\r\n", "\n", $_POST['v_autoreply_message'])) {
$v_autoreply_message = str_replace("\r\n", "\n", $_POST['v_autoreply_message']); $v_autoreply_message = str_replace("\r\n", "\n", $_POST['v_autoreply_message']);
$v_autoreply_message = escapeshellarg($v_autoreply_message); v_exec('v-add-mail-account-autoreply', [$v_username, $v_domain, $v_account, $v_autoreply_message]);
exec (VESTA_CMD."v-add-mail-account-autoreply ".$v_username." ".$v_domain." ".$v_account." ".$v_autoreply_message, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$v_autoreply = 'yes'; $v_autoreply = 'yes';
$v_autoreply_message = $_POST['v_autoreply_message'];
} }
} }

56
web/edit/package/index.php
View file

@ -21,14 +21,13 @@ if (empty($_GET['package'])) {
} }
$v_package = $_GET['package'];
// List package // List package
$v_package = escapeshellarg($_GET['package']); v_exec('v-list-user-package', [$v_package, 'json'], false, $output);
exec (VESTA_CMD."v-list-user-package ".$v_package." 'json'", $output, $return_var); $data = json_decode($output, true);
$data = json_decode(implode('', $output), true);
unset($output);
// Parse package // Parse package
$v_package = $_GET['package'];
$v_web_template = $data[$v_package]['WEB_TEMPLATE']; $v_web_template = $data[$v_package]['WEB_TEMPLATE'];
$v_backend_template = $data[$v_package]['BACKEND_TEMPLATE']; $v_backend_template = $data[$v_package]['BACKEND_TEMPLATE'];
$v_proxy_template = $data[$v_package]['PROXY_TEMPLATE']; $v_proxy_template = $data[$v_package]['PROXY_TEMPLATE'];
@ -45,7 +44,7 @@ $v_disk_quota = $data[$v_package]['DISK_QUOTA'];
$v_bandwidth = $data[$v_package]['BANDWIDTH']; $v_bandwidth = $data[$v_package]['BANDWIDTH'];
$v_shell = $data[$v_package]['SHELL']; $v_shell = $data[$v_package]['SHELL'];
$v_ns = $data[$v_package]['NS']; $v_ns = $data[$v_package]['NS'];
$nameservers = explode(", ", $v_ns); $nameservers = explode(', ', $v_ns);
$v_ns1 = $nameservers[0]; $v_ns1 = $nameservers[0];
$v_ns2 = $nameservers[1]; $v_ns2 = $nameservers[1];
$v_ns3 = $nameservers[2]; $v_ns3 = $nameservers[2];
@ -60,42 +59,36 @@ $v_time = $data[$v_package]['TIME'];
$v_status = 'active'; $v_status = 'active';
// List web templates // List web templates
exec (VESTA_CMD."v-list-web-templates json", $output, $return_var); v_exec('v-list-web-templates', ['json'], false, $output);
$web_templates = json_decode(implode('', $output), true); $web_templates = json_decode($output, true);
unset($output);
// List backend templates // List backend templates
if (!empty($_SESSION['WEB_BACKEND'])) { if (!empty($_SESSION['WEB_BACKEND'])) {
exec (VESTA_CMD."v-list-web-templates-backend json", $output, $return_var); v_exec('v-list-web-templates-backend', ['json'], false, $output);
$backend_templates = json_decode(implode('', $output), true); $backend_templates = json_decode($output, true);
unset($output);
} }
// List proxy templates // List proxy templates
if (!empty($_SESSION['PROXY_SYSTEM'])) { if (!empty($_SESSION['PROXY_SYSTEM'])) {
exec (VESTA_CMD."v-list-web-templates-proxy json", $output, $return_var); v_exec('v-list-web-templates-proxy', ['json'], false, $output);
$proxy_templates = json_decode(implode('', $output), true); $proxy_templates = json_decode($output, true);
unset($output);
} }
// List dns templates // List dns templates
exec (VESTA_CMD."v-list-dns-templates json", $output, $return_var); v_exec('v-list-dns-templates', ['json'], false, $output);
$dns_templates = json_decode(implode('', $output), true); $dns_templates = json_decode($output, true);
unset($output);
// List shels // List shels
exec (VESTA_CMD."v-list-sys-shells json", $output, $return_var); v_exec('v-list-sys-shells', ['json'], false, $output);
$shells = json_decode(implode('', $output), true); $shells = json_decode($output, true);
unset($output);
// Check POST request // Check POST request
if (!empty($_POST['save'])) { if (!empty($_POST['save'])) {
// Check token // Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) { if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/'); header('location: /login/');
exit(); exit;
} }
// Check empty fields // Check empty fields
@ -133,8 +126,10 @@ if (!empty($_POST['save'])) {
$_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg); $_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
} }
$v_package = $_POST['v_package'];
// Protect input // Protect input
$v_package = escapeshellarg($_POST['v_package']); // TODO: Use array?
$v_web_template = escapeshellarg($_POST['v_web_template']); $v_web_template = escapeshellarg($_POST['v_web_template']);
if (!empty($_SESSION['WEB_BACKEND'])) { if (!empty($_SESSION['WEB_BACKEND'])) {
$v_backend_template = escapeshellarg($_POST['v_backend_template']); $v_backend_template = escapeshellarg($_POST['v_backend_template']);
@ -199,23 +194,18 @@ if (!empty($_POST['save'])) {
$pkg .= "BACKUPS=".$v_backups."\n"; $pkg .= "BACKUPS=".$v_backups."\n";
$pkg .= "TIME=".$v_time."\n"; $pkg .= "TIME=".$v_time."\n";
$pkg .= "DATE=".$v_date."\n"; $pkg .= "DATE=".$v_date."\n";
$fp = fopen($tmpdir."/".$_POST['v_package'].".pkg", 'w'); $fp = fopen("$tmpdir/$v_package.pkg", 'w');
fwrite($fp, $pkg); fwrite($fp, $pkg);
fclose($fp); fclose($fp);
// Save changes // Save changes
exec (VESTA_CMD."v-add-user-package ".$tmpdir." ".$v_package." 'yes'", $output, $return_var); v_exec('v-add-user-package', [$tmpdir, $v_package, 'yes']);
check_return_code($return_var,$output);
unset($output);
// Remove temporary dir // Remove temporary dir
exec ('rm -rf '.$tmpdir, $output, $return_var); safe_exec('rm', ['-rf', $tmpdir]);
unset($output);
// Propogate new package // Propogate new package
exec (VESTA_CMD."v-update-user-package ".$v_package." 'json'", $output, $return_var); v_exec('v-update-user-package', [$v_package, 'json']);
check_return_code($return_var,$output);
unset($output);
// Set success message // Set success message
if (empty($_SESSION['error_msg'])) { if (empty($_SESSION['error_msg'])) {

227
web/edit/server/index.php
View file

@ -16,9 +16,8 @@ $v_hostname = exec('hostname');
// List available timezones and get current one // List available timezones and get current one
$v_timezones = list_timezones(); $v_timezones = list_timezones();
exec (VESTA_CMD."v-get-sys-timezone", $output, $return_var); v_exec('v-get-sys-timezone', [], false, $output);
$v_timezone = $output[0]; $v_timezone = strtok($output, "\n");
unset($output);
if ($v_timezone == 'Etc/UTC' ) $v_timezone = 'UTC'; if ($v_timezone == 'Etc/UTC' ) $v_timezone = 'UTC';
if ($v_timezone == 'Pacific/Honolulu' ) $v_timezone = 'HAST'; if ($v_timezone == 'Pacific/Honolulu' ) $v_timezone = 'HAST';
if ($v_timezone == 'US/Aleutian' ) $v_timezone = 'HADT'; if ($v_timezone == 'US/Aleutian' ) $v_timezone = 'HADT';
@ -34,51 +33,40 @@ if ($v_timezone == 'America/Puerto_Rico' ) $v_timezone = 'AST';
if ($v_timezone == 'America/Halifax' ) $v_timezone = 'ADT'; if ($v_timezone == 'America/Halifax' ) $v_timezone = 'ADT';
// List supported languages // List supported languages
exec (VESTA_CMD."v-list-sys-languages json", $output, $return_var); v_exec('v-list-sys-languages', ['json'], false, $output);
$languages = json_decode(implode('', $output), true); $languages = json_decode($output, true);
unset($output);
// List dns cluster hosts // List dns cluster hosts
exec (VESTA_CMD."v-list-remote-dns-hosts json", $output, $return_var); v_exec('v-list-remote-dns-hosts', ['json'], false, $output);
$dns_cluster = json_decode(implode('', $output), true); $dns_cluster = json_decode($output, true);
unset($output); if (count($dns_cluster) >= 1) $v_dns_cluster = 'yes';
foreach ($dns_cluster as $key => $value) {
$v_dns_cluster = 'yes';
}
// List MySQL hosts // List MySQL hosts
exec (VESTA_CMD."v-list-database-hosts mysql json", $output, $return_var); v_exec('v-list-database-hosts', ['mysql', 'json'], false, $output);
$v_mysql_hosts = json_decode(implode('', $output), true); $v_mysql_hosts = json_decode($output, true);
unset($output); if (count($v_mysql_hosts) >= 1) $v_mysql = 'yes';
foreach ($v_mysql_hosts as $key => $value) {
$v_mysql = 'yes';
}
// List PostgreSQL hosts // List PostgreSQL hosts
exec (VESTA_CMD."v-list-database-hosts pgsql json", $output, $return_var); v_exec('v-list-database-hosts', ['pgsql', 'json'], false, $output);
$v_pgsql_hosts = json_decode(implode('', $output), true); $v_pgsql_hosts = json_decode($output, true);
unset($output); if (count($v_pgsql_hosts) >= 1) $v_psql = 'yes';
foreach ($v_pgsql_hosts as $key => $value) {
$v_psql = 'yes';
}
// List backup settings // List backup settings
$v_backup_dir = "/backup"; $v_backup_dir = '/backup';
if (!empty($_SESSION['BACKUP'])) $v_backup_dir = $_SESSION['BACKUP']; if (!empty($_SESSION['BACKUP'])) $v_backup_dir = $_SESSION['BACKUP'];
$v_backup_gzip = '5'; $v_backup_gzip = '5';
if (!empty($_SESSION['BACKUP_GZIP'])) $v_backup_gzip = $_SESSION['BACKUP_GZIP']; if (!empty($_SESSION['BACKUP_GZIP'])) $v_backup_gzip = $_SESSION['BACKUP_GZIP'];
$backup_types = split(",",$_SESSION['BACKUP_SYSTEM']); $backup_types = explode(',', $_SESSION['BACKUP_SYSTEM']);
foreach ($backup_types as $backup_type) { foreach ($backup_types as $backup_type) {
if ($backup_type == 'local') { if ($backup_type == 'local') {
$v_backup = 'yes'; $v_backup = 'yes';
} else { } else {
exec (VESTA_CMD."v-list-backup-host ".$backup_type. " json", $output, $return_var); v_exec('v-list-backup-host', [$backup_type, 'json'], false, $output);
$v_remote_backup = json_decode(implode('', $output), true); $v_remote_backup = json_decode($output, true);
unset($output);
$v_backup_host = $v_remote_backup[$backup_type]['HOST']; $v_backup_host = $v_remote_backup[$backup_type]['HOST'];
$v_backup_type = $v_remote_backup[$backup_type]['TYPE']; $v_backup_type = $v_remote_backup[$backup_type]['TYPE'];
$v_backup_username = $v_remote_backup[$backup_type]['USERNAME']; $v_backup_username = $v_remote_backup[$backup_type]['USERNAME'];
$v_backup_password = ""; $v_backup_password = '';
$v_backup_port = $v_remote_backup[$backup_type]['PORT']; $v_backup_port = $v_remote_backup[$backup_type]['PORT'];
$v_backup_bpath = $v_remote_backup[$backup_type]['BPATH']; $v_backup_bpath = $v_remote_backup[$backup_type]['BPATH'];
} }
@ -86,19 +74,16 @@ foreach ($backup_types as $backup_type) {
// Check POST request // Check POST request
if (!empty($_POST['save'])) { if (!empty($_POST['save'])) {
// Check token // Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) { if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/'); header('location: /login/');
exit(); exit;
} }
// Change hostname // Change hostname
if ((!empty($_POST['v_hostname'])) && ($v_hostname != $_POST['v_hostname'])) { if ((!empty($_POST['v_hostname'])) && ($v_hostname != $_POST['v_hostname'])) {
exec (VESTA_CMD."v-change-sys-hostname ".escapeshellarg($_POST['v_hostname']), $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$v_hostname = $_POST['v_hostname']; $v_hostname = $_POST['v_hostname'];
v_exec('v-change-sys-hostname', [$v_hostname]);
} }
// Change timezone // Change timezone
@ -120,10 +105,8 @@ if (!empty($_POST['save'])) {
if ($v_tz == 'ADT' ) $v_tz = 'America/Halifax'; if ($v_tz == 'ADT' ) $v_tz = 'America/Halifax';
if ($v_timezone != $v_tz) { if ($v_timezone != $v_tz) {
exec (VESTA_CMD."v-change-sys-timezone ".escapeshellarg($v_tz), $output, $return_var);
check_return_code($return_var,$output);
$v_timezone = $v_tz; $v_timezone = $v_tz;
unset($output); v_exec('v-change-sys-timezone', [$v_timezone]);
} }
} }
} }
@ -131,9 +114,7 @@ if (!empty($_POST['save'])) {
// Change default language // Change default language
if (empty($_SESSION['error_msg'])) { if (empty($_SESSION['error_msg'])) {
if ((!empty($_POST['v_language'])) && ($_SESSION['LANGUAGE'] != $_POST['v_language'])) { if ((!empty($_POST['v_language'])) && ($_SESSION['LANGUAGE'] != $_POST['v_language'])) {
exec (VESTA_CMD."v-change-sys-language ".escapeshellarg($_POST['v_language']), $output, $return_var); v_exec('v-change-sys-language', [$_POST['v_language']]);
check_return_code($return_var,$output);
unset($output);
if (empty($_SESSION['error_msg'])) $_SESSION['LANGUAGE'] = $_POST['v_language']; if (empty($_SESSION['error_msg'])) $_SESSION['LANGUAGE'] = $_POST['v_language'];
} }
} }
@ -142,14 +123,10 @@ if (!empty($_POST['save'])) {
if (empty($_SESSION['error_msg'])) { if (empty($_SESSION['error_msg'])) {
if ((!empty($_POST['v_quota'])) && ($_SESSION['DISK_QUOTA'] != $_POST['v_quota'])) { if ((!empty($_POST['v_quota'])) && ($_SESSION['DISK_QUOTA'] != $_POST['v_quota'])) {
if($_POST['v_quota'] == 'yes') { if($_POST['v_quota'] == 'yes') {
exec (VESTA_CMD."v-add-sys-quota", $output, $return_var); v_exec('v-add-sys-quota');
check_return_code($return_var,$output);
unset($output);
if (empty($_SESSION['error_msg'])) $_SESSION['DISK_QUOTA'] = 'yes'; if (empty($_SESSION['error_msg'])) $_SESSION['DISK_QUOTA'] = 'yes';
} else { } else {
exec (VESTA_CMD."v-delete-sys-quota", $output, $return_var); v_exec('v-delete-sys-quota');
check_return_code($return_var,$output);
unset($output);
if (empty($_SESSION['error_msg'])) $_SESSION['DISK_QUOTA'] = 'no'; if (empty($_SESSION['error_msg'])) $_SESSION['DISK_QUOTA'] = 'no';
} }
} }
@ -161,14 +138,10 @@ if (!empty($_POST['save'])) {
if ($_SESSION['FIREWALL_SYSTEM'] != 'iptables') $v_firewall = 'no'; if ($_SESSION['FIREWALL_SYSTEM'] != 'iptables') $v_firewall = 'no';
if ((!empty($_POST['v_firewall'])) && ($v_firewall != $_POST['v_firewall'])) { if ((!empty($_POST['v_firewall'])) && ($v_firewall != $_POST['v_firewall'])) {
if($_POST['v_firewall'] == 'yes') { if($_POST['v_firewall'] == 'yes') {
exec (VESTA_CMD."v-add-sys-firewall", $output, $return_var); v_exec('v-add-sys-firewall');
check_return_code($return_var,$output);
unset($output);
if (empty($_SESSION['error_msg'])) $_SESSION['FIREWALL_SYSTEM'] = 'iptables'; if (empty($_SESSION['error_msg'])) $_SESSION['FIREWALL_SYSTEM'] = 'iptables';
} else { } else {
exec (VESTA_CMD."v-delete-sys-firewall", $output, $return_var); v_exec('v-delete-sys-firewall');
check_return_code($return_var,$output);
unset($output);
if (empty($_SESSION['error_msg'])) $_SESSION['FIREWALL_SYSTEM'] = ''; if (empty($_SESSION['error_msg'])) $_SESSION['FIREWALL_SYSTEM'] = '';
} }
} }
@ -177,9 +150,7 @@ if (!empty($_POST['save'])) {
// Update mysql pasword // Update mysql pasword
if (empty($_SESSION['error_msg'])) { if (empty($_SESSION['error_msg'])) {
if (!empty($_POST['v_mysql_password'])) { if (!empty($_POST['v_mysql_password'])) {
exec (VESTA_CMD."v-change-database-host-password mysql localhost root '".escapeshellarg($_POST['v_mysql_password'])."'", $output, $return_var); v_exec('v-change-database-host-password', ['mysql', 'localhost', 'root', $_POST['v_mysql_password']]);
check_return_code($return_var,$output);
unset($output);
$v_db_adv = 'yes'; $v_db_adv = 'yes';
} }
} }
@ -188,9 +159,7 @@ if (!empty($_POST['save'])) {
// Update webmail url // Update webmail url
if (empty($_SESSION['error_msg'])) { if (empty($_SESSION['error_msg'])) {
if ($_POST['v_mail_url'] != $_SESSION['MAIL_URL']) { if ($_POST['v_mail_url'] != $_SESSION['MAIL_URL']) {
exec (VESTA_CMD."v-change-sys-config-value MAIL_URL '".escapeshellarg($_POST['v_mail_url'])."'", $output, $return_var); v_exec('v-change-sys-config-value', ['MAIL_URL', $_POST['v_mail_url']]);
check_return_code($return_var,$output);
unset($output);
$v_mail_adv = 'yes'; $v_mail_adv = 'yes';
} }
} }
@ -198,9 +167,7 @@ if (!empty($_POST['save'])) {
// Update phpMyAdmin url // Update phpMyAdmin url
if (empty($_SESSION['error_msg'])) { if (empty($_SESSION['error_msg'])) {
if ($_POST['v_mysql_url'] != $_SESSION['DB_PMA_URL']) { if ($_POST['v_mysql_url'] != $_SESSION['DB_PMA_URL']) {
exec (VESTA_CMD."v-change-sys-config-value DB_PMA_URL '".escapeshellarg($_POST['v_mysql_url'])."'", $output, $return_var); v_exec('v-change-sys-config-value', ['DB_PMA_URL', $_POST['v_mysql_url']]);
check_return_code($return_var,$output);
unset($output);
$v_db_adv = 'yes'; $v_db_adv = 'yes';
} }
} }
@ -208,9 +175,7 @@ if (!empty($_POST['save'])) {
// Update phpPgAdmin url // Update phpPgAdmin url
if (empty($_SESSION['error_msg'])) { if (empty($_SESSION['error_msg'])) {
if ($_POST['v_psql_url'] != $_SESSION['DB_PGA_URL']) { if ($_POST['v_psql_url'] != $_SESSION['DB_PGA_URL']) {
exec (VESTA_CMD."v-change-sys-config-value DB_PGA_URL '".escapeshellarg($_POST['v_pgsql_url'])."'", $output, $return_var); v_exec('v-change-sys-config-value', ['DB_PGA_URL', $_POST['v_pgsql_url']]);
check_return_code($return_var,$output);
unset($output);
$v_db_adv = 'yes'; $v_db_adv = 'yes';
} }
} }
@ -218,9 +183,7 @@ if (!empty($_POST['save'])) {
// Disable local backup // Disable local backup
if (empty($_SESSION['error_msg'])) { if (empty($_SESSION['error_msg'])) {
if (($_POST['v_backup'] == 'no') && ($v_backup == 'yes')) { if (($_POST['v_backup'] == 'no') && ($v_backup == 'yes')) {
exec (VESTA_CMD."v-delete-backup-host local", $output, $return_var); v_exec('v-delete-backup-host', ['local']);
check_return_code($return_var,$output);
unset($output);
if (empty($_SESSION['error_msg'])) $v_backup = 'no'; if (empty($_SESSION['error_msg'])) $v_backup = 'no';
$v_backup_adv = 'yes'; $v_backup_adv = 'yes';
} }
@ -229,9 +192,7 @@ if (!empty($_POST['save'])) {
// Enable local backups // Enable local backups
if (empty($_SESSION['error_msg'])) { if (empty($_SESSION['error_msg'])) {
if (($_POST['v_backup'] == 'yes') && ($v_backup != 'yes' )) { if (($_POST['v_backup'] == 'yes') && ($v_backup != 'yes' )) {
exec (VESTA_CMD."v-add-backup-host local", $output, $return_var); v_exec('v-add-backup-host', ['local']);
check_return_code($return_var,$output);
unset($output);
if (empty($_SESSION['error_msg'])) $v_backup = 'yes'; if (empty($_SESSION['error_msg'])) $v_backup = 'yes';
$v_backup_adv = 'yes'; $v_backup_adv = 'yes';
} }
@ -241,9 +202,7 @@ if (!empty($_POST['save'])) {
// Change backup gzip level // Change backup gzip level
if (empty($_SESSION['error_msg'])) { if (empty($_SESSION['error_msg'])) {
if ($_POST['v_backup_gzip'] != $v_backup_gzip ) { if ($_POST['v_backup_gzip'] != $v_backup_gzip ) {
exec (VESTA_CMD."v-change-sys-config-value BACKUP_GZIP ".escapeshellarg($_POST['v_backup_gzip']), $output, $return_var); v_exec('v-change-sys-config-value', ['BACKUP_GZIP', $_POST['v_backup_gzip']]);
check_return_code($return_var,$output);
unset($output);
if (empty($_SESSION['error_msg'])) $v_backup_gzip = $_POST['v_backup_gzip']; if (empty($_SESSION['error_msg'])) $v_backup_gzip = $_POST['v_backup_gzip'];
$v_backup_adv = 'yes'; $v_backup_adv = 'yes';
} }
@ -252,9 +211,7 @@ if (!empty($_POST['save'])) {
// Change backup path // Change backup path
if (empty($_SESSION['error_msg'])) { if (empty($_SESSION['error_msg'])) {
if ($_POST['v_backup_dir'] != $v_backup_dir ) { if ($_POST['v_backup_dir'] != $v_backup_dir ) {
exec (VESTA_CMD."v-change-sys-config-value BACKUP ".escapeshellarg($_POST['v_backup_dir']), $output, $return_var); v_exec('v-change-sys-config-value', ['BACKUP', $_POST['v_backup_dir']]);
check_return_code($return_var,$output);
unset($output);
if (empty($_SESSION['error_msg'])) $v_backup_dir = $_POST['v_backup_dir']; if (empty($_SESSION['error_msg'])) $v_backup_dir = $_POST['v_backup_dir'];
$v_backup_adv = 'yes'; $v_backup_adv = 'yes';
} }
@ -263,19 +220,12 @@ if (!empty($_POST['save'])) {
// Add remote backup host // Add remote backup host
if (empty($_SESSION['error_msg'])) { if (empty($_SESSION['error_msg'])) {
if ((!empty($_POST['v_backup_host'])) && (empty($v_backup_host))) { if ((!empty($_POST['v_backup_host'])) && (empty($v_backup_host))) {
$v_backup_host = escapeshellarg($_POST['v_backup_host']); $v_backup_host = $_POST['v_backup_host'];
$v_backup_type = escapeshellarg($_POST['v_backup_type']); $v_backup_type = $_POST['v_backup_type'];
$v_backup_username = escapeshellarg($_POST['v_backup_username']); $v_backup_username = $_POST['v_backup_username'];
$v_backup_password = escapeshellarg($_POST['v_backup_password']); $v_backup_password = $_POST['v_backup_password'];
$v_backup_bpath = escapeshellarg($_POST['v_backup_bpath']); $v_backup_bpath = $_POST['v_backup_bpath'];
exec (VESTA_CMD."v-add-backup-host '". $v_backup_type ."' '". $v_backup_host ."' '". $v_backup_username ."' '". $v_backup_password ."' '". $v_backup_bpath ."'", $output, $return_var); v_exec('v-add-backup-host', [$v_backup_type, $v_backup_host, $v_backup_username, $v_backup_password, $v_backup_bpath]);
check_return_code($return_var,$output);
unset($output);
if (empty($_SESSION['error_msg'])) $v_backup_host = $_POST['v_backup_host'];
if (empty($_SESSION['error_msg'])) $v_backup_type = $_POST['v_backup_type'];
if (empty($_SESSION['error_msg'])) $v_backup_username = $_POST['v_backup_username'];
if (empty($_SESSION['error_msg'])) $v_backup_password = $_POST['v_backup_password'];
if (empty($_SESSION['error_msg'])) $v_backup_bpath = $_POST['v_backup_bpath'];
$v_backup_new = 'yes'; $v_backup_new = 'yes';
$v_backup_adv = 'yes'; $v_backup_adv = 'yes';
$v_backup_remote_adv = 'yes'; $v_backup_remote_adv = 'yes';
@ -285,22 +235,14 @@ if (!empty($_POST['save'])) {
// Change remote backup host type // Change remote backup host type
if (empty($_SESSION['error_msg'])) { if (empty($_SESSION['error_msg'])) {
if ((!empty($_POST['v_backup_host'])) && ($_POST['v_backup_type'] != $v_backup_type)) { if ((!empty($_POST['v_backup_host'])) && ($_POST['v_backup_type'] != $v_backup_type)) {
exec (VESTA_CMD."v-delete-backup-host '". $v_backup_type ."'", $output, $return_var); v_exec('v-delete-backup-host', [$v_backup_type], false);
unset($output);
$v_backup_host = escapeshellarg($_POST['v_backup_host']); $v_backup_host = $_POST['v_backup_host'];
$v_backup_type = escapeshellarg($_POST['v_backup_type']); $v_backup_type = $_POST['v_backup_type'];
$v_backup_username = escapeshellarg($_POST['v_backup_username']); $v_backup_username = $_POST['v_backup_username'];
$v_backup_password = escapeshellarg($_POST['v_backup_password']); $v_backup_password = $_POST['v_backup_password'];
$v_backup_bpath = escapeshellarg($_POST['v_backup_bpath']); $v_backup_bpath = $_POST['v_backup_bpath'];
exec (VESTA_CMD."v-add-backup-host '". $v_backup_type ."' '". $v_backup_host ."' '". $v_backup_username ."' '". $v_backup_password ."' '". $v_backup_bpath ."'", $output, $return_var); v_exec('v-add-backup-host', [$v_backup_type, $v_backup_host, $v_backup_username, $v_backup_password, $v_backup_bpath]);
check_return_code($return_var,$output);
unset($output);
if (empty($_SESSION['error_msg'])) $v_backup_host = $_POST['v_backup_host'];
if (empty($_SESSION['error_msg'])) $v_backup_type = $_POST['v_backup_type'];
if (empty($_SESSION['error_msg'])) $v_backup_username = $_POST['v_backup_username'];
if (empty($_SESSION['error_msg'])) $v_backup_password = $_POST['v_backup_password'];
if (empty($_SESSION['error_msg'])) $v_backup_bpath = $_POST['v_backup_bpath'];
$v_backup_adv = 'yes'; $v_backup_adv = 'yes';
$v_backup_remote_adv = 'yes'; $v_backup_remote_adv = 'yes';
} }
@ -310,19 +252,12 @@ if (!empty($_POST['save'])) {
if (empty($_SESSION['error_msg'])) { if (empty($_SESSION['error_msg'])) {
if ((!empty($_POST['v_backup_host'])) && ($_POST['v_backup_type'] == $v_backup_type) && (!isset($v_backup_new))) { if ((!empty($_POST['v_backup_host'])) && ($_POST['v_backup_type'] == $v_backup_type) && (!isset($v_backup_new))) {
if (($_POST['v_backup_host'] != $v_backup_host) || ($_POST['v_backup_username'] != $v_backup_username) || ($_POST['v_backup_password'] || $v_backup_password) || ($_POST['v_backup_bpath'] == $v_backup_bpath)){ if (($_POST['v_backup_host'] != $v_backup_host) || ($_POST['v_backup_username'] != $v_backup_username) || ($_POST['v_backup_password'] || $v_backup_password) || ($_POST['v_backup_bpath'] == $v_backup_bpath)){
$v_backup_host = escapeshellarg($_POST['v_backup_host']); $v_backup_host = $_POST['v_backup_host'];
$v_backup_type = escapeshellarg($_POST['v_backup_type']); $v_backup_type = $_POST['v_backup_type'];
$v_backup_username = escapeshellarg($_POST['v_backup_username']); $v_backup_username = $_POST['v_backup_username'];
$v_backup_password = escapeshellarg($_POST['v_backup_password']); $v_backup_password = $_POST['v_backup_password'];
$v_backup_bpath = escapeshellarg($_POST['v_backup_bpath']); $v_backup_bpath = $_POST['v_backup_bpath'];
exec (VESTA_CMD."v-add-backup-host '". $v_backup_type ."' '". $v_backup_host ."' '". $v_backup_username ."' '". $v_backup_password ."' '". $v_backup_bpath ."'", $output, $return_var); v_exec('v-add-backup-host', [$v_backup_type, $v_backup_host, $v_backup_username, $v_backup_password, $v_backup_bpath]);
check_return_code($return_var,$output);
unset($output);
if (empty($_SESSION['error_msg'])) $v_backup_host = $_POST['v_backup_host'];
if (empty($_SESSION['error_msg'])) $v_backup_type = $_POST['v_backup_type'];
if (empty($_SESSION['error_msg'])) $v_backup_username = $_POST['v_backup_username'];
if (empty($_SESSION['error_msg'])) $v_backup_password = $_POST['v_backup_password'];
if (empty($_SESSION['error_msg'])) $v_backup_bpath = $_POST['v_backup_bpath'];
$v_backup_adv = 'yes'; $v_backup_adv = 'yes';
$v_backup_remote_adv = 'yes'; $v_backup_remote_adv = 'yes';
} }
@ -333,14 +268,14 @@ if (!empty($_POST['save'])) {
// Delete remote backup host // Delete remote backup host
if (empty($_SESSION['error_msg'])) { if (empty($_SESSION['error_msg'])) {
if ((empty($_POST['v_backup_host'])) && (!empty($v_backup_host))) { if ((empty($_POST['v_backup_host'])) && (!empty($v_backup_host))) {
exec (VESTA_CMD."v-delete-backup-host '". $v_backup_type ."'", $output, $return_var); v_exec('v-delete-backup-host', [$v_backup_type]);
check_return_code($return_var,$output); if (empty($_SESSION['error_msg'])) {
unset($output); $v_backup_host = '';
if (empty($_SESSION['error_msg'])) $v_backup_host = ''; $v_backup_type = '';
if (empty($_SESSION['error_msg'])) $v_backup_type = ''; $v_backup_username = '';
if (empty($_SESSION['error_msg'])) $v_backup_username = ''; $v_backup_password = '';
if (empty($_SESSION['error_msg'])) $v_backup_password = ''; $v_backup_bpath = '';
if (empty($_SESSION['error_msg'])) $v_backup_bpath = ''; }
$v_backup_adv = ''; $v_backup_adv = '';
$v_backup_remote_adv = ''; $v_backup_remote_adv = '';
} }
@ -351,29 +286,25 @@ if (!empty($_POST['save'])) {
$_SESSION['ok_msg'] = __('Changes has been saved.'); $_SESSION['ok_msg'] = __('Changes has been saved.');
} }
// activating sftp licence // Activate sftp licence
if (empty($_SESSION['error_msg'])) { if (empty($_SESSION['error_msg'])) {
if ($_SESSION['SFTPJAIL_KEY'] != $_POST['v_sftp_licence'] && $_POST['v_sftp'] == 'yes') { if ($_SESSION['SFTPJAIL_KEY'] != $_POST['v_sftp_licence'] && $_POST['v_sftp'] == 'yes') {
$module = 'sftpjail'; $module = 'sftpjail';
$licence_key = escapeshellarg($_POST['v_sftp_licence']); $licence_key = $_POST['v_sftp_licence'];
exec (VESTA_CMD."v-activate-vesta-license ".$module." ".$licence_key, $output, $return_var); v_exec('v-activate-vesta-license', [$module, $licence_key]);
check_return_code($return_var,$output);
unset($output);
if (empty($_SESSION['error_msg'])) { if (empty($_SESSION['error_msg'])) {
$_SESSION['ok_msg'] = __('Licence Activated'); $_SESSION['ok_msg'] = __('Licence Activated');
$_SESSION['SFTPJAIL_KEY'] = $_POST['v_sftp_licence']; $_SESSION['SFTPJAIL_KEY'] = $licence_key;
} }
} }
} }
// cancel sftp licence // Cancel sftp licence
if (empty($_SESSION['error_msg'])) { if (empty($_SESSION['error_msg'])) {
if ($_POST['v_sftp'] == 'cancel' && $_SESSION['SFTPJAIL_KEY']) { if ($_POST['v_sftp'] == 'cancel' && $_SESSION['SFTPJAIL_KEY']) {
$module = 'sftpjail'; $module = 'sftpjail';
$licence_key = escapeshellarg($_SESSION['SFTPJAIL_KEY']); $licence_key = $_SESSION['SFTPJAIL_KEY'];
exec (VESTA_CMD."v-deactivate-vesta-license ".$module." ".$licence_key, $output, $return_var); v_exec('v-deactivate-vesta-license', [$module, $licence_key]);
check_return_code($return_var,$output);
unset($output);
if (empty($_SESSION['error_msg'])) { if (empty($_SESSION['error_msg'])) {
$_SESSION['ok_msg'] = __('Licence Deactivated'); $_SESSION['ok_msg'] = __('Licence Deactivated');
unset($_SESSION['SFTPJAIL_KEY']); unset($_SESSION['SFTPJAIL_KEY']);
@ -382,29 +313,25 @@ if (!empty($_POST['save'])) {
} }
// activating filemanager licence // Activate filemanager licence
if (empty($_SESSION['error_msg'])) { if (empty($_SESSION['error_msg'])) {
if ($_SESSION['FILEMANAGER_KEY'] != $_POST['v_filemanager_licence'] && $_POST['v_filemanager'] == 'yes') { if ($_SESSION['FILEMANAGER_KEY'] != $_POST['v_filemanager_licence'] && $_POST['v_filemanager'] == 'yes') {
$module = 'filemanager'; $module = 'filemanager';
$licence_key = escapeshellarg($_POST['v_filemanager_licence']); $licence_key = $_POST['v_filemanager_licence'];
exec (VESTA_CMD."v-activate-vesta-license ".$module." ".$licence_key, $output, $return_var); v_exec('v-activate-vesta-license', [$module, $licence_key]);
check_return_code($return_var,$output);
unset($output);
if (empty($_SESSION['error_msg'])) { if (empty($_SESSION['error_msg'])) {
$_SESSION['ok_msg'] = __('Licence Activated'); $_SESSION['ok_msg'] = __('Licence Activated');
$_SESSION['FILEMANAGER_KEY'] = $_POST['v_filemanager_licence']; $_SESSION['FILEMANAGER_KEY'] = $licence_key;
} }
} }
} }
// cancel filemanager licence // Cancel filemanager licence
if (empty($_SESSION['error_msg'])) { if (empty($_SESSION['error_msg'])) {
if ($_POST['v_filemanager'] == 'cancel' && $_SESSION['FILEMANAGER_KEY']) { if ($_POST['v_filemanager'] == 'cancel' && $_SESSION['FILEMANAGER_KEY']) {
$module = 'filemanager'; $module = 'filemanager';
$licence_key = escapeshellarg($_SESSION['FILEMANAGER_KEY']); $licence_key = $_SESSION['FILEMANAGER_KEY'];
exec (VESTA_CMD."v-deactivate-vesta-license ".$module." ".$licence_key, $output, $return_var); v_exec('v-deactivate-vesta-license', [$module, $licence_key]);
check_return_code($return_var,$output);
unset($output);
if (empty($_SESSION['error_msg'])) { if (empty($_SESSION['error_msg'])) {
$_SESSION['ok_msg'] = __('Licence Deactivated'); $_SESSION['ok_msg'] = __('Licence Deactivated');
unset($_SESSION['FILEMANAGER_KEY']); unset($_SESSION['FILEMANAGER_KEY']);
@ -414,8 +341,8 @@ if (!empty($_POST['save'])) {
} }
// Check system configuration // Check system configuration
exec (VESTA_CMD . "v-list-sys-config json", $output, $return_var); v_exec('v-list-sys-config', ['json'], false, $output);
$data = json_decode(implode('', $output), true); $data = json_decode($output, true);
$sys_arr = $data['config']; $sys_arr = $data['config'];
foreach ($sys_arr as $key => $value) { foreach ($sys_arr as $key => $value) {
$_SESSION[$key] = $value; $_SESSION[$key] = $value;

124
web/edit/user/index.php
View file

@ -17,20 +17,17 @@ if (empty($_GET['user'])) {
// Edit as someone else? // Edit as someone else?
if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) { if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
$user = $_GET['user']; $user = $_GET['user'];
$v_username=$_GET['user'];
} else { } else {
$user = $_SESSION['user']; $user = $_SESSION['user'];
$v_username=$_SESSION['user'];
} }
$v_username = $user;
// List user // List user
exec (VESTA_CMD."v-list-user ".escapeshellarg($v_username)." json", $output, $return_var); v_exec('v-list-user', [$v_username, 'json'], true, $output);
check_return_code($return_var,$output); $data = json_decode($output, true);
$data = json_decode(implode('', $output), true);
unset($output);
// Parse user // Parse user
$v_password = ""; $v_password = '';
$v_email = $data[$v_username]['CONTACT']; $v_email = $data[$v_username]['CONTACT'];
$v_package = $data[$v_username]['PACKAGE']; $v_package = $data[$v_username]['PACKAGE'];
$v_language = $data[$v_username]['LANGUAGE']; $v_language = $data[$v_username]['LANGUAGE'];
@ -38,7 +35,7 @@ $v_fname = $data[$v_username]['FNAME'];
$v_lname = $data[$v_username]['LNAME']; $v_lname = $data[$v_username]['LNAME'];
$v_shell = $data[$v_username]['SHELL']; $v_shell = $data[$v_username]['SHELL'];
$v_ns = $data[$v_username]['NS']; $v_ns = $data[$v_username]['NS'];
$nameservers = explode(", ", $v_ns); $nameservers = explode(', ', $v_ns);
$v_ns1 = $nameservers[0]; $v_ns1 = $nameservers[0];
$v_ns2 = $nameservers[1]; $v_ns2 = $nameservers[1];
$v_ns3 = $nameservers[2]; $v_ns3 = $nameservers[2];
@ -58,29 +55,25 @@ $v_time = $data[$v_username]['TIME'];
$v_date = $data[$v_username]['DATE']; $v_date = $data[$v_username]['DATE'];
// List packages // List packages
exec (VESTA_CMD."v-list-user-packages json", $output, $return_var); v_exec('v-list-user-packages', ['json'], false, $output);
$packages = json_decode(implode('', $output), true); $packages = json_decode($output, true);
unset($output);
// List languages // List languages
exec (VESTA_CMD."v-list-sys-languages json", $output, $return_var); v_exec('v-list-sys-languages', ['json'], false, $output);
$languages = json_decode(implode('', $output), true); $languages = json_decode($output, true);
unset($output);
// List shells // List shells
exec (VESTA_CMD."v-list-sys-shells json", $output, $return_var); v_exec('v-list-sys-shells', ['json'], false, $output);
$shells = json_decode(implode('', $output), true); $shells = json_decode($output, true);
unset($output);
// Are you admin? // Are you admin?
// Check POST request // Check POST request
if (!empty($_POST['save'])) { if (!empty($_POST['save'])) {
// Check token // Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) { if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/'); header('location: /login/');
exit(); exit;
} }
// Change password // Change password
@ -89,38 +82,34 @@ if (!empty($_POST['save'])) {
$fp = fopen($v_password, "w"); $fp = fopen($v_password, "w");
fwrite($fp, $_POST['v_password']."\n"); fwrite($fp, $_POST['v_password']."\n");
fclose($fp); fclose($fp);
exec (VESTA_CMD."v-change-user-password ".escapeshellarg($v_username)." ".$v_password, $output, $return_var); v_exec('v-change-user-password', [$v_username, $v_password]);
check_return_code($return_var,$output);
unset($output);
unlink($v_password); unlink($v_password);
$v_password = escapeshellarg($_POST['v_password']); $v_password = $_POST['v_password'];
} }
// Change package (admin only) // Change package (admin only)
if (($v_package != $_POST['v_package']) && ($_SESSION['user'] == 'admin') && (empty($_SESSION['error_msg']))) { if (($v_package != $_POST['v_package']) && ($_SESSION['user'] == 'admin') && (empty($_SESSION['error_msg']))) {
$v_package = escapeshellarg($_POST['v_package']); $v_package = $_POST['v_package'];
exec (VESTA_CMD."v-change-user-package ".escapeshellarg($v_username)." ".$v_package, $output, $return_var); v_exec('v-change-user-package', [$v_username, $v_package]);
check_return_code($return_var,$output);
unset($output);
} }
// Change language // Change language
if (($v_language != $_POST['v_language']) && (empty($_SESSION['error_msg']))) { if (($v_language != $_POST['v_language']) && (empty($_SESSION['error_msg']))) {
$v_language = escapeshellarg($_POST['v_language']); $v_language = $_POST['v_language'];
exec (VESTA_CMD."v-change-user-language ".escapeshellarg($v_username)." ".$v_language, $output, $return_var); v_exec('v-change-user-language', [$v_username, $v_language]);
check_return_code($return_var,$output);
if (empty($_SESSION['error_msg'])) { if (empty($_SESSION['error_msg'])) {
if ((empty($_GET['user'])) || ($_GET['user'] == $_SESSION['user'])) $_SESSION['language'] = $_POST['v_language']; if ((empty($_GET['user'])) || ($_GET['user'] == $_SESSION['user'])) {
$_SESSION['language'] = $_POST['v_language'];
}
} }
unset($output);
} }
// Change shell (admin only) // Change shell (admin only)
if (($v_shell != $_POST['v_shell']) && ($_SESSION['user'] == 'admin') && (empty($_SESSION['error_msg']))) { if ($_SESSION['user'] == 'admin') {
$v_shell = escapeshellarg($_POST['v_shell']); if (($v_shell != $_POST['v_shell']) && (empty($_SESSION['error_msg']))) {
exec (VESTA_CMD."v-change-user-shell ".escapeshellarg($v_username)." ".$v_shell, $output, $return_var); $v_shell = $_POST['v_shell'];
check_return_code($return_var,$output); v_exec('v-change-user-shell', [$v_username, $v_shell]);
unset($output); }
} }
// Change contact email // Change contact email
@ -128,54 +117,37 @@ if (!empty($_POST['save'])) {
if (!filter_var($_POST['v_email'], FILTER_VALIDATE_EMAIL)) { if (!filter_var($_POST['v_email'], FILTER_VALIDATE_EMAIL)) {
$_SESSION['error_msg'] = __('Please enter valid email address.'); $_SESSION['error_msg'] = __('Please enter valid email address.');
} else { } else {
$v_email = escapeshellarg($_POST['v_email']); $v_email = $_POST['v_email'];
exec (VESTA_CMD."v-change-user-contact ".escapeshellarg($v_username)." ".$v_email, $output, $return_var); v_exec('v-change-user-contact', [$v_username, $v_email]);
check_return_code($return_var,$output);
unset($output);
} }
} }
// Change full name // Change full name
if (($v_fname != $_POST['v_fname']) || ($v_lname != $_POST['v_lname']) && (empty($_SESSION['error_msg']))) { if ((($v_fname != $_POST['v_fname']) || ($v_lname != $_POST['v_lname'])) && (empty($_SESSION['error_msg']))) {
$v_fname = escapeshellarg($_POST['v_fname']);
$v_lname = escapeshellarg($_POST['v_lname']);
exec (VESTA_CMD."v-change-user-name ".escapeshellarg($v_username)." ".$v_fname." ".$v_lname, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$v_fname = $_POST['v_fname']; $v_fname = $_POST['v_fname'];
$v_lname = $_POST['v_lname']; $v_lname = $_POST['v_lname'];
v_exec('v-change-user-name', [$v_username, $v_fname, $v_lname]);
} }
// Change NameServers // Change NameServers
if (($v_ns1 != $_POST['v_ns1']) || ($v_ns2 != $_POST['v_ns2']) || ($v_ns3 != $_POST['v_ns3']) || ($v_ns4 != $_POST['v_ns4']) || ($v_ns5 != $_POST['v_ns5']) if ((($v_ns1 != $_POST['v_ns1']) || ($v_ns2 != $_POST['v_ns2']) || ($v_ns3 != $_POST['v_ns3']) || ($v_ns4 != $_POST['v_ns4']) || ($v_ns5 != $_POST['v_ns5'])
|| ($v_ns6 != $_POST['v_ns6']) || ($v_ns7 != $_POST['v_ns7']) || ($v_ns8 != $_POST['v_ns8']) && (empty($_SESSION['error_msg']))) { || ($v_ns6 != $_POST['v_ns6']) || ($v_ns7 != $_POST['v_ns7']) || ($v_ns8 != $_POST['v_ns8'])) && (empty($_SESSION['error_msg']))) {
$v_ns1 = escapeshellarg($_POST['v_ns1']); $v_ns1 = $_POST['v_ns1'];
$v_ns2 = escapeshellarg($_POST['v_ns2']); $v_ns2 = $_POST['v_ns2'];
$v_ns3 = escapeshellarg($_POST['v_ns3']); $v_ns3 = $_POST['v_ns3'];
$v_ns4 = escapeshellarg($_POST['v_ns4']); $v_ns4 = $_POST['v_ns4'];
$v_ns5 = escapeshellarg($_POST['v_ns5']); $v_ns5 = $_POST['v_ns5'];
$v_ns6 = escapeshellarg($_POST['v_ns6']); $v_ns6 = $_POST['v_ns6'];
$v_ns7 = escapeshellarg($_POST['v_ns7']); $v_ns7 = $_POST['v_ns7'];
$v_ns8 = escapeshellarg($_POST['v_ns8']); $v_ns8 = $_POST['v_ns8'];
$ns_cmd = VESTA_CMD."v-change-user-ns ".escapeshellarg($v_username)." ".$v_ns1." ".$v_ns2; $ns_args = [$v_username, $v_ns1, $v_ns2];
if (!empty($_POST['v_ns3'])) $ns_cmd = $ns_cmd." ".$v_ns3; if (!empty($_POST['v_ns3'])) $ns_args[] = $v_ns3;
if (!empty($_POST['v_ns4'])) $ns_cmd = $ns_cmd." ".$v_ns4; if (!empty($_POST['v_ns4'])) $ns_args[] = $v_ns4;
if (!empty($_POST['v_ns5'])) $ns_cmd = $ns_cmd." ".$v_ns5; if (!empty($_POST['v_ns5'])) $ns_args[] = $v_ns5;
if (!empty($_POST['v_ns6'])) $ns_cmd = $ns_cmd." ".$v_ns6; if (!empty($_POST['v_ns6'])) $ns_args[] = $v_ns6;
if (!empty($_POST['v_ns7'])) $ns_cmd = $ns_cmd." ".$v_ns7; if (!empty($_POST['v_ns7'])) $ns_args[] = $v_ns7;
if (!empty($_POST['v_ns8'])) $ns_cmd = $ns_cmd." ".$v_ns8; if (!empty($_POST['v_ns8'])) $ns_args[] = $v_ns8;
exec ($ns_cmd, $output, $return_var); v_exec('v-change-user-ns', $ns_args);
check_return_code($return_var,$output);
unset($output);
$v_ns1 = str_replace("'","", $v_ns1);
$v_ns2 = str_replace("'","", $v_ns2);
$v_ns3 = str_replace("'","", $v_ns3);
$v_ns4 = str_replace("'","", $v_ns4);
$v_ns5 = str_replace("'","", $v_ns5);
$v_ns6 = str_replace("'","", $v_ns6);
$v_ns7 = str_replace("'","", $v_ns7);
$v_ns8 = str_replace("'","", $v_ns8);
} }
// Set success message // Set success message

252
web/edit/web/index.php
View file

@ -16,18 +16,17 @@ if (empty($_GET['domain'])) {
// Edit as someone else? // Edit as someone else?
if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) { if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
$user=escapeshellarg($_GET['user']); $user = $_GET['user'];
} }
// List domain
$v_domain = escapeshellarg($_GET['domain']);
exec (VESTA_CMD."v-list-web-domain ".$user." ".$v_domain." json", $output, $return_var);
$data = json_decode(implode('', $output), true);
unset($output);
// Parse domain
$v_username = $user; $v_username = $user;
$v_domain = $_GET['domain']; $v_domain = $_GET['domain'];
// List domain
v_exec('v-list-web-domain', [$user, $v_domain, 'json'], false, $output);
$data = json_decode($output, true);
// Parse domain
$v_ip = $data[$v_domain]['IP']; $v_ip = $data[$v_domain]['IP'];
$v_template = $data[$v_domain]['TPL']; $v_template = $data[$v_domain]['TPL'];
$v_aliases = str_replace(',', "\n", $data[$v_domain]['ALIAS']); $v_aliases = str_replace(',', "\n", $data[$v_domain]['ALIAS']);
@ -37,9 +36,8 @@ $v_cgi = $data[$v_domain]['CGI'];
$v_elog = $data[$v_domain]['ELOG']; $v_elog = $data[$v_domain]['ELOG'];
$v_ssl = $data[$v_domain]['SSL']; $v_ssl = $data[$v_domain]['SSL'];
if ($v_ssl == 'yes') { if ($v_ssl == 'yes') {
exec (VESTA_CMD."v-list-web-domain-ssl ".$user." '".$v_domain."' json", $output, $return_var); v_exec('v-list-web-domain-ssl', [$user, $v_domain, 'json'], false, $output);
$ssl_str = json_decode(implode('', $output), true); $ssl_str = json_decode($output, true);
unset($output);
$v_ssl_crt = $ssl_str[$v_domain]['CRT']; $v_ssl_crt = $ssl_str[$v_domain]['CRT'];
$v_ssl_key = $ssl_str[$v_domain]['KEY']; $v_ssl_key = $ssl_str[$v_domain]['KEY'];
$v_ssl_ca = $ssl_str[$v_domain]['CA']; $v_ssl_ca = $ssl_str[$v_domain]['CA'];
@ -51,10 +49,10 @@ $v_proxy_template = $data[$v_domain]['PROXY'];
$v_proxy_ext = str_replace(',', ', ', $data[$v_domain]['PROXY_EXT']); $v_proxy_ext = str_replace(',', ', ', $data[$v_domain]['PROXY_EXT']);
$v_stats = $data[$v_domain]['STATS']; $v_stats = $data[$v_domain]['STATS'];
$v_stats_user = $data[$v_domain]['STATS_USER']; $v_stats_user = $data[$v_domain]['STATS_USER'];
if (!empty($v_stats_user)) $v_stats_password = ""; if (!empty($v_stats_user)) $v_stats_password = '';
$v_ftp_user = $data[$v_domain]['FTP_USER']; $v_ftp_user = $data[$v_domain]['FTP_USER'];
$v_ftp_path = $data[$v_domain]['FTP_PATH']; $v_ftp_path = $data[$v_domain]['FTP_PATH'];
if (!empty($v_ftp_user)) $v_ftp_password = ""; if (!empty($v_ftp_user)) $v_ftp_password = '';
$v_ftp_user_prepath = $data[$v_domain]['DOCUMENT_ROOT']; $v_ftp_user_prepath = $data[$v_domain]['DOCUMENT_ROOT'];
$v_ftp_user_prepath = str_replace('/public_html', '', $v_ftp_user_prepath, $occurance = 1); $v_ftp_user_prepath = str_replace('/public_html', '', $v_ftp_user_prepath, $occurance = 1);
$v_ftp_email = $panel[$user]['CONTACT']; $v_ftp_email = $panel[$user]['CONTACT'];
@ -68,88 +66,79 @@ $v_time = $data[$v_domain]['TIME'];
$v_date = $data[$v_domain]['DATE']; $v_date = $data[$v_domain]['DATE'];
// List ip addresses // List ip addresses
exec (VESTA_CMD."v-list-user-ips ".$user." json", $output, $return_var); v_exec('v-list-user-ips', [$user, 'json'], false, $output);
$ips = json_decode(implode('', $output), true); $ips = json_decode($output, true);
unset($output);
// List web templates // List web templates
exec (VESTA_CMD."v-list-web-templates json", $output, $return_var); v_exec('v-list-web-templates', ['json'], false, $output);
$templates = json_decode(implode('', $output), true); $templates = json_decode($output, true);
unset($output);
// List backend templates // List backend templates
if (!empty($_SESSION['WEB_BACKEND'])) { if (!empty($_SESSION['WEB_BACKEND'])) {
exec (VESTA_CMD."v-list-web-templates-backend json", $output, $return_var); v_exec('v-list-web-templates-backend', ['json'], false, $output);
$backend_templates = json_decode(implode('', $output), true); $backend_templates = json_decode($output, true);
unset($output);
} }
// List proxy templates // List proxy templates
if (!empty($_SESSION['PROXY_SYSTEM'])) { if (!empty($_SESSION['PROXY_SYSTEM'])) {
exec (VESTA_CMD."v-list-web-templates-proxy json", $output, $return_var); v_exec('v-list-web-templates-proxy', ['json'], false, $output);
$proxy_templates = json_decode(implode('', $output), true); $proxy_templates = json_decode($output, true);
unset($output);
} }
// List web stat engines // List web stat engines
exec (VESTA_CMD."v-list-web-stats json", $output, $return_var); v_exec('v-list-web-stats', ['json'], false, $output);
$stats = json_decode(implode('', $output), true); $stats = json_decode($output, true);
unset($output);
// Check POST request // Check POST request
if (!empty($_POST['save'])) { if (!empty($_POST['save'])) {
$v_domain = escapeshellarg($_POST['v_domain']); $v_domain = $_POST['v_domain'];
// Check token // Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) { if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/'); header('location: /login/');
exit(); exit;
} }
// IP has been changed
if ($v_ip != $_POST['v_ip']) {
$v_ip = $_POST['v_ip'];
// Change web domain IP // Change web domain IP
if (($v_ip != $_POST['v_ip']) && (empty($_SESSION['error_msg']))) { if (empty($_SESSION['error_msg'])) {
$v_ip = escapeshellarg($_POST['v_ip']); v_exec('v-change-web-domain-ip', [$v_username, $v_domain, $v_ip, 'no']);
exec (VESTA_CMD."v-change-web-domain-ip ".$v_username." ".$v_domain." ".$v_ip." 'no'", $output, $return_var);
check_return_code($return_var,$output);
$restart_web = 'yes'; $restart_web = 'yes';
$restart_proxy = 'yes'; $restart_proxy = 'yes';
unset($output);
} }
// Chane dns domain IP // Chane dns domain IP
if (($v_ip != $_POST['v_ip']) && (empty($_SESSION['error_msg']))) { if (empty($_SESSION['error_msg'])) {
exec (VESTA_CMD."v-list-dns-domain ".$v_username." ".$v_domain." json", $output, $return_var); $return_var = v_exec('v-list-dns-domain', [$v_username, $v_domain, 'json'], false);
unset($output);
if ($return_var == 0) { if ($return_var == 0) {
exec (VESTA_CMD."v-change-dns-domain-ip ".$v_username." ".$v_domain." ".$v_ip." 'no'", $output, $return_var); v_exec('v-change-dns-domain-ip', [$v_username, $v_domain, $v_ip, 'no']);
check_return_code($return_var,$output);
unset($output);
$restart_dns = 'yes'; $restart_dns = 'yes';
} }
} }
// Change dns ip for each alias // Change dns ip for each alias
if (($v_ip != $_POST['v_ip']) && (empty($_SESSION['error_msg']))) { if (empty($_SESSION['error_msg'])) {
foreach ($valiases as $v_alias) { foreach ($valiases as $v_alias) {
exec (VESTA_CMD."v-list-dns-domain ".$v_username." '".$v_alias."' json", $output, $return_var); $return_var = v_exec('v-list-dns-domain', [$v_username, $v_alias, 'json'], false);
unset($output);
if ($return_var == 0) { if ($return_var == 0) {
exec (VESTA_CMD."v-change-dns-domain-ip ".$v_username." '".$v_alias."' ".$v_ip, $output, $return_var); v_exe ('v-change-dns-domain-ip', [$v_username, $v_alias, $v_ip]);
check_return_code($return_var,$output);
unset($output);
$restart_dns = 'yes'; $restart_dns = 'yes';
} }
} }
} }
}
// Change template (admin only) // Change template (admin only)
if (($v_template != $_POST['v_template']) && ( $_SESSION['user'] == 'admin') && (empty($_SESSION['error_msg']))) { if ($_SESSION['user'] == 'admin') {
$v_template = escapeshellarg($_POST['v_template']); if (($v_template != $_POST['v_template']) && (empty($_SESSION['error_msg']))) {
exec (VESTA_CMD."v-change-web-domain-tpl ".$v_username." ".$v_domain." ".$v_template." 'no'", $output, $return_var); $v_template = $_POST['v_template'];
check_return_code($return_var,$output); v_exec('v-change-web-domain-tpl', [$v_username, $v_domain, $v_template, 'no']);
unset($output);
$restart_web = 'yes'; $restart_web = 'yes';
} }
}
// Change aliases // Change aliases
if (empty($_SESSION['error_msg'])) { if (empty($_SESSION['error_msg'])) {
@ -164,18 +153,12 @@ if (!empty($_POST['save'])) {
if ((empty($_SESSION['error_msg'])) && (!empty($alias))) { if ((empty($_SESSION['error_msg'])) && (!empty($alias))) {
$restart_web = 'yes'; $restart_web = 'yes';
$restart_proxy = 'yes'; $restart_proxy = 'yes';
$v_template = escapeshellarg($_POST['v_template']); $v_template = $_POST['v_template'];
exec (VESTA_CMD."v-delete-web-domain-alias ".$v_username." ".$v_domain." '".$alias."' 'no'", $output, $return_var); v_exec('v-delete-web-domain-alias', [$v_username, $v_domain, $alias, 'no']);
check_return_code($return_var,$output);
unset($output);
if (empty($_SESSION['error_msg'])) { if (empty($_SESSION['error_msg'])) {
exec (VESTA_CMD."v-list-dns-domain ".$v_username." ".$v_domain, $output, $return_var); $return_var = v_exec('v-list-dns-domain', [$v_username, $v_domain], false);
unset($output);
if ($return_var == 0) { if ($return_var == 0) {
exec (VESTA_CMD."v-delete-dns-on-web-alias ".$v_username." ".$v_domain." '".$alias."' 'no'", $output, $return_var); v_exec('v-delete-dns-on-web-alias', [$v_username, $v_domain, $alias, 'no']);
check_return_code($return_var,$output);
unset($output);
$restart_dns = 'yes'; $restart_dns = 'yes';
} }
} }
@ -187,17 +170,12 @@ if (!empty($_POST['save'])) {
if ((empty($_SESSION['error_msg'])) && (!empty($alias))) { if ((empty($_SESSION['error_msg'])) && (!empty($alias))) {
$restart_web = 'yes'; $restart_web = 'yes';
$restart_proxy = 'yes'; $restart_proxy = 'yes';
$v_template = escapeshellarg($_POST['v_template']); $v_template = $_POST['v_template'];
exec (VESTA_CMD."v-add-web-domain-alias ".$v_username." ".$v_domain." ".escapeshellarg($alias)." 'no'", $output, $return_var); v_exec('v-add-web-domain-alias', [$v_username, $v_domain, $alias, 'no']);
check_return_code($return_var,$output);
unset($output);
if (empty($_SESSION['error_msg'])) { if (empty($_SESSION['error_msg'])) {
exec (VESTA_CMD."v-list-dns-domain ".$v_username." ".$v_domain, $output, $return_var); $return_var = v_exec('v-list-dns-domain', [$v_username, $v_domain], false);
unset($output);
if ($return_var == 0) { if ($return_var == 0) {
exec (VESTA_CMD."v-add-dns-on-web-alias ".$v_username." ".escapeshellarg($alias)." ".$v_ip." no", $output, $return_var); v_exec('v-add-dns-on-web-alias', [$v_username, $alias, $v_ip, 'no']);
check_return_code($return_var,$output);
unset($output);
$restart_dns = 'yes'; $restart_dns = 'yes';
} }
} }
@ -205,19 +183,17 @@ if (!empty($_POST['save'])) {
} }
} }
// Change backend template // Change backend template (admin only)
if ((!empty($_SESSION['WEB_BACKEND'])) && ( $v_backend_template != $_POST['v_backend_template']) && ( $_SESSION['user'] == 'admin') && (empty($_SESSION['error_msg']))) { if ($_SESSION['user'] == 'admin') {
if ((!empty($_SESSION['WEB_BACKEND'])) && ($v_backend_template != $_POST['v_backend_template']) && (empty($_SESSION['error_msg']))) {
$v_backend_template = $_POST['v_backend_template']; $v_backend_template = $_POST['v_backend_template'];
exec (VESTA_CMD."v-change-web-domain-backend-tpl ".$v_username." ".$v_domain." ".escapeshellarg($v_backend_template), $output, $return_var); v_exec('v-change-web-domain-backend-tpl', [$v_username, $v_domain, $v_backend_template]);
check_return_code($return_var,$output); }
unset($output);
} }
// Delete proxy support // Delete proxy support
if ((!empty($_SESSION['PROXY_SYSTEM'])) && (!empty($v_proxy)) && (empty($_POST['v_proxy'])) && (empty($_SESSION['error_msg']))) { if ((!empty($_SESSION['PROXY_SYSTEM'])) && (!empty($v_proxy)) && (empty($_POST['v_proxy'])) && (empty($_SESSION['error_msg']))) {
exec (VESTA_CMD."v-delete-web-domain-proxy ".$v_username." ".$v_domain." 'no'", $output, $return_var); v_exec('v-delete-web-domain-proxy', [$v_username, $v_domain, 'no']);
check_return_code($return_var,$output);
unset($output);
unset($v_proxy); unset($v_proxy);
$restart_proxy = 'yes'; $restart_proxy = 'yes';
} }
@ -232,10 +208,8 @@ if (!empty($_POST['save'])) {
if (($v_proxy_template != $_POST['v_proxy_template']) || ($v_proxy_ext != $ext)) { if (($v_proxy_template != $_POST['v_proxy_template']) || ($v_proxy_ext != $ext)) {
$ext = str_replace(', ', ",", $ext); $ext = str_replace(', ', ",", $ext);
if (!empty($_POST['v_proxy_template'])) $v_proxy_template = $_POST['v_proxy_template']; if (!empty($_POST['v_proxy_template'])) $v_proxy_template = $_POST['v_proxy_template'];
exec (VESTA_CMD."v-change-web-domain-proxy-tpl ".$v_username." ".$v_domain." ".escapeshellarg($v_proxy_template)." ".escapeshellarg($ext)." 'no'", $output, $return_var); v_exec('v-change-web-domain-proxy-tpl', [$v_username, $v_domain, $v_proxy_template, $ext, 'no']);
check_return_code($return_var,$output);
$v_proxy_ext = str_replace(',', ', ', $ext); $v_proxy_ext = str_replace(',', ', ', $ext);
unset($output);
$restart_proxy = 'yes'; $restart_proxy = 'yes';
} }
} }
@ -251,17 +225,13 @@ if (!empty($_POST['save'])) {
$ext = str_replace(' ', ",", $ext); $ext = str_replace(' ', ",", $ext);
$v_proxy_ext = str_replace(',', ', ', $ext); $v_proxy_ext = str_replace(',', ', ', $ext);
} }
exec (VESTA_CMD."v-add-web-domain-proxy ".$v_username." ".$v_domain." ".escapeshellarg($v_proxy_template)." ".escapeshellarg($ext)." 'no'", $output, $return_var); v_exec('v-add-web-domain-proxy', [$v_username, $v_domain, $v_proxy_template, $ext, 'no']);
check_return_code($return_var,$output);
unset($output);
$restart_proxy = 'yes'; $restart_proxy = 'yes';
} }
// Delete SSL certificate // Delete SSL certificate
if (($v_ssl == 'yes') && (empty($_POST['v_ssl'])) && (empty($_SESSION['error_msg']))) { if (($v_ssl == 'yes') && (empty($_POST['v_ssl'])) && (empty($_SESSION['error_msg']))) {
exec (VESTA_CMD."v-delete-web-domain-ssl ".$v_username." ".$v_domain." 'no'", $output, $return_var); v_exec('v-delete-web-domain-ssl', [$v_username, $v_domain, 'no']);
check_return_code($return_var,$output);
unset($output);
$v_ssl = 'no'; $v_ssl = 'no';
$restart_web = 'yes'; $restart_web = 'yes';
$restart_proxy = 'yes'; $restart_proxy = 'yes';
@ -297,9 +267,7 @@ if (!empty($_POST['save'])) {
fclose($fp); fclose($fp);
} }
exec (VESTA_CMD."v-change-web-domain-sslcert ".$user." ".$v_domain." ".$tmpdir." 'no'", $output, $return_var); v_exec('v-change-web-domain-sslcert', [$user, $v_domain, $tmpdir, 'no']);
check_return_code($return_var,$output);
unset($output);
$restart_web = 'yes'; $restart_web = 'yes';
$restart_proxy = 'yes'; $restart_proxy = 'yes';
$v_ssl_crt = $_POST['v_ssl_crt']; $v_ssl_crt = $_POST['v_ssl_crt'];
@ -328,7 +296,6 @@ if (!empty($_POST['save'])) {
if ((!empty($_POST['v_ssl'])) && (empty($_POST['v_ssl_crt']))) $errors[] = 'ssl certificate'; if ((!empty($_POST['v_ssl'])) && (empty($_POST['v_ssl_crt']))) $errors[] = 'ssl certificate';
if ((!empty($_POST['v_ssl'])) && (empty($_POST['v_ssl_key']))) $errors[] = 'ssl key'; if ((!empty($_POST['v_ssl'])) && (empty($_POST['v_ssl_key']))) $errors[] = 'ssl key';
if ((!empty($_POST['v_ssl'])) && (empty($_POST['v_ssl_home']))) $errors[] = 'ssl home'; if ((!empty($_POST['v_ssl'])) && (empty($_POST['v_ssl_home']))) $errors[] = 'ssl home';
$v_ssl_home = escapeshellarg($_POST['v_ssl_home']);
if (!empty($errors[0])) { if (!empty($errors[0])) {
foreach ($errors as $i => $error) { foreach ($errors as $i => $error) {
if ( $i == 0 ) { if ( $i == 0 ) {
@ -339,39 +306,39 @@ if (!empty($_POST['save'])) {
} }
$_SESSION['error_msg'] = __('Field "%s" can not be blank.', $error_msg); $_SESSION['error_msg'] = __('Field "%s" can not be blank.', $error_msg);
} else { } else {
$v_ssl_home = $_POST['v_ssl_home'];
$v_ssl_crt = str_replace("\r\n", "\n", $_POST['v_ssl_crt']);
$v_ssl_key = str_replace("\r\n", "\n", $_POST['v_ssl_key']);
$v_ssl_ca = str_replace("\r\n", "\n", $_POST['v_ssl_ca']);
exec('mktemp -d', $mktemp_output, $return_var); exec('mktemp -d', $mktemp_output, $return_var);
$tmpdir = $mktemp_output[0]; $tmpdir = $mktemp_output[0];
// Certificate // Certificate
if (!empty($_POST['v_ssl_crt'])) { if (!empty($_POST['v_ssl_crt'])) {
$fp = fopen($tmpdir."/".$_POST['v_domain'].".crt", 'w'); $fp = fopen($tmpdir."/".$_POST['v_domain'].".crt", 'w');
fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_crt'])); fwrite($fp, $v_ssl_crt);
fclose($fp); fclose($fp);
} }
// Key // Key
if (!empty($_POST['v_ssl_key'])) { if (!empty($_POST['v_ssl_key'])) {
$fp = fopen($tmpdir."/".$_POST['v_domain'].".key", 'w'); $fp = fopen($tmpdir."/".$_POST['v_domain'].".key", 'w');
fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_key'])); fwrite($fp, $v_ssl_key);
fclose($fp); fclose($fp);
} }
// CA // CA
if (!empty($_POST['v_ssl_ca'])) { if (!empty($_POST['v_ssl_ca'])) {
$fp = fopen($tmpdir."/".$_POST['v_domain'].".ca", 'w'); $fp = fopen($tmpdir."/".$_POST['v_domain'].".ca", 'w');
fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_ca'])); fwrite($fp, $v_ssl_ca);
fclose($fp); fclose($fp);
} }
exec (VESTA_CMD."v-add-web-domain-ssl ".$user." ".$v_domain." ".$tmpdir." ".$v_ssl_home." 'no'", $output, $return_var);
check_return_code($return_var,$output); v_exec('v-add-web-domain-ssl', [$user, $v_domain, $tmpdir, $v_ssl_home, 'no']);
unset($output);
$v_ssl = 'yes'; $v_ssl = 'yes';
$restart_web = 'yes'; $restart_web = 'yes';
$restart_proxy = 'yes'; $restart_proxy = 'yes';
$v_ssl_crt = $_POST['v_ssl_crt'];
$v_ssl_key = $_POST['v_ssl_key'];
$v_ssl_ca = $_POST['v_ssl_ca'];
$v_ssl_home = $_POST['v_ssl_home'];
// Cleanup certificate tempfiles // Cleanup certificate tempfiles
if (!empty($_POST['v_ssl_crt'])) { if (!empty($_POST['v_ssl_crt'])) {
@ -393,45 +360,34 @@ if (!empty($_POST['save'])) {
// Change document root for ssl domain // Change document root for ssl domain
if (($v_ssl == 'yes') && (!empty($_POST['v_ssl'])) && (empty($_SESSION['error_msg']))) { if (($v_ssl == 'yes') && (!empty($_POST['v_ssl'])) && (empty($_SESSION['error_msg']))) {
if ($v_ssl_home != $_POST['v_ssl_home']) { if ($v_ssl_home != $_POST['v_ssl_home']) {
$v_ssl_home = escapeshellarg($_POST['v_ssl_home']);
exec (VESTA_CMD."v-change-web-domain-sslhome ".$user." ".$v_domain." ".$v_ssl_home." 'no'", $output, $return_var);
check_return_code($return_var,$output);
$v_ssl_home = $_POST['v_ssl_home']; $v_ssl_home = $_POST['v_ssl_home'];
unset($output); v_exec('v-change-web-domain-sslhome', [$user, $v_domain, $v_ssl_home, 'no']);
} }
} }
// Delete web stats // Delete web stats
if ((!empty($v_stats)) && ($_POST['v_stats'] == 'none') && (empty($_SESSION['error_msg']))) { if ((!empty($v_stats)) && ($_POST['v_stats'] == 'none') && (empty($_SESSION['error_msg']))) {
exec (VESTA_CMD."v-delete-web-domain-stats ".$v_username." ".$v_domain, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$v_stats = ''; $v_stats = '';
v_exec('v-delete-web-domain-stats', [$v_username, $v_domain]);
} }
// Change web stats engine // Change web stats engine
if ((!empty($v_stats)) && ($_POST['v_stats'] != $v_stats) && (empty($_SESSION['error_msg']))) { if ((!empty($v_stats)) && ($_POST['v_stats'] != $v_stats) && (empty($_SESSION['error_msg']))) {
$v_stats = escapeshellarg($_POST['v_stats']); $v_stats = $_POST['v_stats'];
exec (VESTA_CMD."v-change-web-domain-stats ".$v_username." ".$v_domain." ".$v_stats, $output, $return_var); v_exec('v-change-web-domain-stats', [$v_username, $v_domain, $v_stats]);
check_return_code($return_var,$output);
unset($output);
} }
// Add web stats // Add web stats
if ((empty($v_stats)) && ($_POST['v_stats'] != 'none') && (empty($_SESSION['error_msg']))) { if ((empty($v_stats)) && ($_POST['v_stats'] != 'none') && (empty($_SESSION['error_msg']))) {
$v_stats = escapeshellarg($_POST['v_stats']); $v_stats = $_POST['v_stats'];
exec (VESTA_CMD."v-add-web-domain-stats ".$v_username." ".$v_domain." ".$v_stats, $output, $return_var); v_exec('v-add-web-domain-stats', [$v_username, $v_domain, $v_stats]);
check_return_code($return_var,$output);
unset($output);
} }
// Delete web stats authorization // Delete web stats authorization
if ((!empty($v_stats_user)) && (empty($_POST['v_stats_auth'])) && (empty($_SESSION['error_msg']))) { if ((!empty($v_stats_user)) && (empty($_POST['v_stats_auth'])) && (empty($_SESSION['error_msg']))) {
exec (VESTA_CMD."v-delete-web-domain-stats-user ".$v_username." ".$v_domain, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$v_stats_user = ''; $v_stats_user = '';
$v_stats_password = ''; $v_stats_password = '';
v_exec('v-delete-web-domain-stats-user', [$v_username, $v_domain]);
} }
// Change web stats user or password // Change web stats user or password
@ -447,16 +403,14 @@ if (!empty($_POST['save'])) {
} }
$_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg); $_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
} else { } else {
$v_stats_user = escapeshellarg($_POST['v_stats_user']); $v_stats_user = $_POST['v_stats_user'];
$v_stats_password = tempnam("/tmp","vst"); $v_stats_password = tempnam("/tmp","vst");
$fp = fopen($v_stats_password, "w"); $fp = fopen($v_stats_password, "w");
fwrite($fp, $_POST['v_stats_password']."\n"); fwrite($fp, $_POST['v_stats_password']."\n");
fclose($fp); fclose($fp);
exec (VESTA_CMD."v-add-web-domain-stats-user ".$v_username." ".$v_domain." ".$v_stats_user." ".$v_stats_password, $output, $return_var); v_exec('v-add-web-domain-stats-user', [$v_username, $v_domain, $v_stats_user, $v_stats_password]);
check_return_code($return_var,$output);
unset($output);
unlink($v_stats_password); unlink($v_stats_password);
$v_stats_password = escapeshellarg($_POST['v_stats_password']); $v_stats_password = $_POST['v_stats_password'];
} }
} }
@ -474,16 +428,14 @@ if (!empty($_POST['save'])) {
$_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg); $_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
} }
if (($v_stats_user != $_POST['v_stats_user']) || (!empty($_POST['v_stats_password'])) && (empty($_SESSION['error_msg']))) { if (($v_stats_user != $_POST['v_stats_user']) || (!empty($_POST['v_stats_password'])) && (empty($_SESSION['error_msg']))) {
$v_stats_user = escapeshellarg($_POST['v_stats_user']); $v_stats_user = $_POST['v_stats_user'];
$v_stats_password = tempnam("/tmp","vst"); $v_stats_password = tempnam("/tmp","vst");
$fp = fopen($v_stats_password, "w"); $fp = fopen($v_stats_password, "w");
fwrite($fp, $_POST['v_stats_password']."\n"); fwrite($fp, $_POST['v_stats_password']."\n");
fclose($fp); fclose($fp);
exec (VESTA_CMD."v-add-web-domain-stats-user ".$v_username." ".$v_domain." ".$v_stats_user." ".$v_stats_password, $output, $return_var); v_exec('v-add-web-domain-stats-user', [$v_username, $v_domain, $v_stats_user, $v_stats_password]);
check_return_code($return_var,$output);
unset($output);
unlink($v_stats_password); unlink($v_stats_password);
$v_stats_password = escapeshellarg($_POST['v_stats_password']); $v_stats_password = $_POST['v_stats_password'];
} }
} }
@ -513,15 +465,13 @@ if (!empty($_POST['save'])) {
// Add ftp account // Add ftp account
$v_ftp_username = $v_ftp_user_data['v_ftp_user']; $v_ftp_username = $v_ftp_user_data['v_ftp_user'];
$v_ftp_username_full = $user . '_' . $v_ftp_user_data['v_ftp_user']; $v_ftp_username_full = $user . '_' . $v_ftp_user_data['v_ftp_user'];
$v_ftp_user = escapeshellarg($v_ftp_username); $v_ftp_path = trim($v_ftp_user_data['v_ftp_path']);
$v_ftp_path = escapeshellarg(trim($v_ftp_user_data['v_ftp_path']));
if (empty($_SESSION['error_msg'])) { if (empty($_SESSION['error_msg'])) {
$v_ftp_password = tempnam("/tmp","vst"); $v_ftp_password = tempnam("/tmp","vst");
$fp = fopen($v_ftp_password, "w"); $fp = fopen($v_ftp_password, "w");
fwrite($fp, $v_ftp_user_data['v_ftp_password']."\n"); fwrite($fp, $v_ftp_user_data['v_ftp_password']."\n");
fclose($fp); fclose($fp);
exec (VESTA_CMD."v-add-web-domain-ftp ".$v_username." ".$v_domain." ".$v_ftp_user." ".$v_ftp_password . " " . $v_ftp_path, $output, $return_var); v_exec('v-add-web-domain-ftp', [$v_username, $v_domain, $v_ftp_username, $v_ftp_password, $v_ftp_path]);
check_return_code($return_var,$output);
if ((!empty($v_ftp_user_data['v_ftp_email'])) && (empty($_SESSION['error_msg']))) { if ((!empty($v_ftp_user_data['v_ftp_email'])) && (empty($_SESSION['error_msg']))) {
$to = $v_ftp_user_data['v_ftp_email']; $to = $v_ftp_user_data['v_ftp_email'];
$subject = __("FTP login credentials"); $subject = __("FTP login credentials");
@ -531,16 +481,14 @@ if (!empty($_POST['save'])) {
send_email($to, $subject, $mailtext, $from); send_email($to, $subject, $mailtext, $from);
unset($v_ftp_email); unset($v_ftp_email);
} }
unset($output);
unlink($v_ftp_password); unlink($v_ftp_password);
$v_ftp_password = escapeshellarg($v_ftp_user_data['v_ftp_password']); $v_ftp_password = $v_ftp_user_data['v_ftp_password'];
} }
if ($return_var == 0) { if ($return_var == 0) {
$v_ftp_password = ""; $v_ftp_password = '';
$v_ftp_user_data['is_new'] = 0; $v_ftp_user_data['is_new'] = 0;
} } else {
else {
$v_ftp_user_data['is_new'] = 1; $v_ftp_user_data['is_new'] = 1;
} }
@ -559,10 +507,7 @@ if (!empty($_POST['save'])) {
// Delete FTP account // Delete FTP account
if ($v_ftp_user_data['delete'] == 1) { if ($v_ftp_user_data['delete'] == 1) {
$v_ftp_username = $user . '_' . $v_ftp_user_data['v_ftp_user']; $v_ftp_username = $user . '_' . $v_ftp_user_data['v_ftp_user'];
exec (VESTA_CMD."v-delete-web-domain-ftp ".$v_username." ".$v_domain." ".$v_ftp_username, $output, $return_var); v_exec('v-delete-web-domain-ftp', [$v_username, $v_domain, $v_ftp_username]);
check_return_code($return_var,$output);
unset($output);
continue; continue;
} }
@ -581,10 +526,9 @@ if (!empty($_POST['save'])) {
// Change FTP account path // Change FTP account path
$v_ftp_username = $user . '_' . $v_ftp_user_data['v_ftp_user']; //preg_replace("/^".$user."_/", "", $v_ftp_user_data['v_ftp_user']); $v_ftp_username = $user . '_' . $v_ftp_user_data['v_ftp_user']; //preg_replace("/^".$user."_/", "", $v_ftp_user_data['v_ftp_user']);
$v_ftp_username = escapeshellarg($v_ftp_username);
//if (!empty($v_ftp_user_data['v_ftp_path'])) { //if (!empty($v_ftp_user_data['v_ftp_path'])) {
$v_ftp_path = escapeshellarg(trim($v_ftp_user_data['v_ftp_path'])); $v_ftp_path = trim($v_ftp_user_data['v_ftp_path']);
exec (VESTA_CMD."v-change-web-domain-ftp-path ".$v_username." ".$v_domain." ".$v_ftp_username." ".$v_ftp_path, $output, $return_var); v_exec('v-change-web-domain-ftp-path', [$v_username, $v_domain, $v_ftp_username, $v_ftp_path]);
//} //}
// Change FTP account password // Change FTP account password
@ -593,7 +537,7 @@ if (!empty($_POST['save'])) {
$fp = fopen($v_ftp_password, "w"); $fp = fopen($v_ftp_password, "w");
fwrite($fp, $v_ftp_user_data['v_ftp_password']."\n"); fwrite($fp, $v_ftp_user_data['v_ftp_password']."\n");
fclose($fp); fclose($fp);
exec (VESTA_CMD."v-change-web-domain-ftp-password ".$v_username." ".$v_domain." ".$v_ftp_username." ".$v_ftp_password, $output, $return_var); v_exec('v-change-web-domain-ftp-password', [$v_username, $v_domain, $v_ftp_username, $v_ftp_password]);
unlink($v_ftp_password); unlink($v_ftp_password);
$to = $v_ftp_user_data['v_ftp_email']; $to = $v_ftp_user_data['v_ftp_email'];
@ -604,8 +548,6 @@ if (!empty($_POST['save'])) {
send_email($to, $subject, $mailtext, $from); send_email($to, $subject, $mailtext, $from);
unset($v_ftp_email); unset($v_ftp_email);
} }
check_return_code($return_var, $output);
unset($output);
$v_ftp_users_updated[] = array( $v_ftp_users_updated[] = array(
'is_new' => 0, 'is_new' => 0,
@ -621,23 +563,17 @@ if (!empty($_POST['save'])) {
// Restart web server // Restart web server
if (!empty($restart_web) && (empty($_SESSION['error_msg']))) { if (!empty($restart_web) && (empty($_SESSION['error_msg']))) {
exec (VESTA_CMD."v-restart-web", $output, $return_var); v_exec('v-restart-web');
check_return_code($return_var,$output);
unset($output);
} }
// Restart proxy server // Restart proxy server
if ((!empty($_SESSION['PROXY_SYSTEM'])) && !empty($restart_proxy) && (empty($_SESSION['error_msg']))) { if ((!empty($_SESSION['PROXY_SYSTEM'])) && !empty($restart_proxy) && (empty($_SESSION['error_msg']))) {
exec (VESTA_CMD."v-restart-proxy", $output, $return_var); v_exec('v-restart-proxy');
check_return_code($return_var,$output);
unset($output);
} }
// Restart dns server // Restart dns server
if (!empty($restart_dns) && (empty($_SESSION['error_msg']))) { if (!empty($restart_dns) && (empty($_SESSION['error_msg']))) {
exec (VESTA_CMD."v-restart-dns", $output, $return_var); v_exec('v-restart-dns');
check_return_code($return_var,$output);
unset($output);
} }
// Set success message // Set success message

10
web/file_manager/fm_api.php
View file

@ -10,13 +10,12 @@ include($_SERVER['DOCUMENT_ROOT']."/file_manager/fm_core.php");
// todo: set in session? // todo: set in session?
if (empty($panel)) { if (empty($panel)) {
$command = VESTA_CMD."v-list-user '".$user."' 'json'"; $return_var = v_exec('v-list-user', [$user, 'json'], false, $output);
exec ($command, $output, $return_var);
if ($return_var > 0) { if ($return_var > 0) {
header("Location: /error/"); header("Location: /error/");
exit; exit;
} }
$panel = json_decode(implode('', $output), true); $panel = json_decode($output, true);
} }
$fm = new FileManager($user); $fm = new FileManager($user);
@ -31,27 +30,23 @@ switch ($_REQUEST['action']) {
break; break;
case 'check_file_type': case 'check_file_type':
$dir = $_REQUEST['dir']; $dir = $_REQUEST['dir'];
print json_encode($fm->checkFileType($dir)); print json_encode($fm->checkFileType($dir));
break; break;
case 'rename_file': case 'rename_file':
$dir = $_REQUEST['dir']; $dir = $_REQUEST['dir'];
$item = $_REQUEST['item']; $item = $_REQUEST['item'];
$target_name = $_REQUEST['target_name']; $target_name = $_REQUEST['target_name'];
print json_encode($fm->renameFile($dir, $item, $target_name)); print json_encode($fm->renameFile($dir, $item, $target_name));
break; break;
case 'rename_directory': case 'rename_directory':
$dir = $_REQUEST['dir']; $dir = $_REQUEST['dir'];
$item = $_REQUEST['item']; $item = $_REQUEST['item'];
$target_name = $_REQUEST['target_name']; $target_name = $_REQUEST['target_name'];
print json_encode($fm->renameDirectory($dir, $item, $target_name)); print json_encode($fm->renameDirectory($dir, $item, $target_name));
break; break;
case 'delete_files': case 'delete_files':
$dir = $_REQUEST['dir']; $dir = $_REQUEST['dir'];
$item = $_REQUEST['item']; $item = $_REQUEST['item'];
print json_encode($fm->deleteItem($dir, $item)); print json_encode($fm->deleteItem($dir, $item));
break; break;
case 'create_file': case 'create_file':
@ -64,7 +59,6 @@ switch ($_REQUEST['action']) {
$dirname = $_REQUEST['dirname']; $dirname = $_REQUEST['dirname'];
print json_encode($fm->createDir($dir, $dirname)); print json_encode($fm->createDir($dir, $dirname));
break; break;
case 'open_file': case 'open_file':
$dir = $_REQUEST['dir']; $dir = $_REQUEST['dir'];
print json_encode($fm->open_file($dir)); print json_encode($fm->open_file($dir));

137
web/file_manager/fm_core.php
View file

@ -1,5 +1,7 @@
<?php <?php
require_once(__DIR__.'/../inc/exec.php');
class FileManager { class FileManager {
protected $delimeter = '|'; protected $delimeter = '|';
@ -17,6 +19,25 @@ class FileManager {
protected $user = null; protected $user = null;
public $ROOT_DIR = null; public $ROOT_DIR = null;
static function v_exec($command, array $arguments=[], $checkReturn=true, &$output=null) {
$output = '';
$return_var = v_exec($command, $arguments, false, $output);
return $checkReturn ? self::check_return_code($return_var, explode("\n", $output)) : null;
}
static function check_return_code($return_var, $output) {
if ($return_var != 0) {
$error = implode('<br>', $output);
return $error;
//if (empty($error)) $error = __('Error code:',$return_var);
//$_SESSION['error_msg'] = $error;
}
return null;
}
public function setRootDir($root = null) { public function setRootDir($root = null) {
if (null != $root) { if (null != $root) {
$root = realpath($root); $root = realpath($root);
@ -44,15 +65,15 @@ class FileManager {
public function checkFileType($dir) { public function checkFileType($dir) {
$dir = $this->formatFullPath($dir); $dir = $this->formatFullPath($dir);
exec(VESTA_CMD . "v-get-fs-file-type {$this->user} {$dir}", $output, $return_var);
$error = self::check_return_code($return_var, $output); $error = self::v_exec('v-get-fs-file-type', [$this->user, $dir]);
if (empty($error)) { if (empty($error)) {
return array( return array(
'result' => true, 'result' => true,
'data' => implode('', $output) 'data' => implode('', $output)
); );
} } else {
else {
return array( return array(
'result' => false, 'result' => false,
'message' => $error 'message' => $error
@ -63,27 +84,24 @@ class FileManager {
public function formatFullPath($path_part = '') { public function formatFullPath($path_part = '') {
if (substr($path_part, 0, strlen($this->ROOT_DIR)) === $this->ROOT_DIR) { if (substr($path_part, 0, strlen($this->ROOT_DIR)) === $this->ROOT_DIR) {
$path = $path_part; $path = $path_part;
} } else {
else {
$path = $this->ROOT_DIR . '/' . $path_part; $path = $this->ROOT_DIR . '/' . $path_part;
} }
//var_dump($path);die(); //var_dump($path);die();
//$path = str_replace(' ', '\ ', $path); //$path = str_replace(' ', '\ ', $path);
return escapeshellarg($path); return $path;
} }
function deleteItem($dir, $item) { function deleteItem($dir, $item) {
$dir = $this->formatFullPath($item); $dir = $this->formatFullPath($item);
exec (VESTA_CMD . "v-delete-fs-directory {$this->user} {$dir}", $output, $return_var);
$error = self::check_return_code($return_var, $output); $error = self::v_exec('v-delete-fs-directory', [$this->user, $dir]);
if (empty($error)) { if (empty($error)) {
return array( return array(
'result' => true 'result' => true
); );
} } else {
else {
return array( return array(
'result' => false, 'result' => false,
'message' => $error 'message' => $error
@ -108,16 +126,13 @@ class FileManager {
$src = $this->formatFullPath($item); $src = $this->formatFullPath($item);
$dst = $this->formatFullPath($target_dir); $dst = $this->formatFullPath($target_dir);
exec (VESTA_CMD . "v-copy-fs-file {$this->user} {$src} {$dst}", $output, $return_var); $error = self::v_exec('v-copy-fs-file', [$this->user, $src, $dst]);
$error = self::check_return_code($return_var, $output);
if (empty($error)) { if (empty($error)) {
return array( return array(
'result' => true 'result' => true
); );
} } else {
else {
return array( return array(
'result' => false, 'result' => false,
'message' => $error 'message' => $error
@ -130,17 +145,13 @@ class FileManager {
$src = $this->formatFullPath($item); $src = $this->formatFullPath($item);
$dst = $this->formatFullPath($target_dir); $dst = $this->formatFullPath($target_dir);
exec (VESTA_CMD . "v-copy-fs-directory {$this->user} {$src} {$dst}", $output, $return_var); $error = self::v_exec('v-copy-fs-directory', [$this->user, $src, $dst]);
$error = self::check_return_code($return_var, $output);
if (empty($error)) { if (empty($error)) {
return array( return array(
'result' => true 'result' => true
); );
} } else {
else {
return array( return array(
'result' => false, 'result' => false,
'message' => $error 'message' => $error
@ -148,30 +159,16 @@ class FileManager {
} }
} }
static function check_return_code($return_var, $output) {
if ($return_var != 0) {
$error = implode('<br>', $output);
return $error;
//if (empty($error)) $error = __('Error code:',$return_var);
//$_SESSION['error_msg'] = $error;
}
return null;
}
function createFile($dir, $filename) { function createFile($dir, $filename) {
$dir = $this->formatFullPath($dir . '/' . $filename); $dir = $this->formatFullPath($dir . '/' . $filename);
exec (VESTA_CMD . "v-add-fs-file {$this->user} {$dir}", $output, $return_var); $error = self::v_exec('v-add-fs-file', [$this->user, $dir]);
$error = self::check_return_code($return_var, $output);
if (empty($error)) { if (empty($error)) {
return array( return array(
'result' => true 'result' => true
); );
} } else {
else {
return array( return array(
'result' => false, 'result' => false,
'message' => $error 'message' => $error
@ -182,21 +179,18 @@ class FileManager {
function packItem($item, $dir, $target_dir, $filename) { function packItem($item, $dir, $target_dir, $filename) {
$item = $this->formatFullPath($item); $item = $this->formatFullPath($item);
$dst_item = $this->formatFullPath($target_dir); $dst_item = $this->formatFullPath($target_dir);
$dst_item = str_replace('.tar.gz', '', $dst_item); $dst_item = str_replace('.tar.gz', '', $dst_item);
//$item = str_replace($dir . '/', '', $item); //$item = str_replace($dir . '/', '', $item);
//var_dump(VESTA_CMD . "v-add-fs-archive {$this->user} {$dst_item} {$item}");die(); //var_dump(VESTA_CMD . "v-add-fs-archive {$this->user} {$dst_item} {$item}");die();
exec (VESTA_CMD . "v-add-fs-archive {$this->user} {$dst_item} {$item}", $output, $return_var);
$error = self::check_return_code($return_var, $output); $error = self::v_exec('v-add-fs-archive', [$this->user, $dst_item, $item]);
if (empty($error)) { if (empty($error)) {
return array( return array(
'result' => true 'result' => true
); );
} } else {
else {
return array( return array(
'result' => false, 'result' => false,
'message' => $error 'message' => $error
@ -205,39 +199,20 @@ class FileManager {
} }
function backupItem($item) { function backupItem($item) {
$src_item = $this->formatFullPath($item); $src_item = $this->formatFullPath($item);
$dst_item_name = $item . '~' . date('Ymd_His'); $dst_item_name = $item . '~' . date('Ymd_His');
$dst_item = $this->formatFullPath($dst_item_name); $dst_item = $this->formatFullPath($dst_item_name);
//print VESTA_CMD . "v-add-fs-archive {$this->user} {$item} {$dst_item}";die(); //print VESTA_CMD . "v-add-fs-archive {$this->user} {$item} {$dst_item}";die();
exec (VESTA_CMD . "v-copy-fs-file {$this->user} {$src_item} {$dst_item}", $output, $return_var);
$error = self::check_return_code($return_var, $output); $error = self::v_exec('v-copy-fs-file', [$this->user, $src_item, $dst_item]);
if (empty($error)) { if (empty($error)) {
return array( return array(
'result' => true, 'result' => true,
'filename' => $dst_item_name 'filename' => $dst_item_name
); );
} } else {
else {
return array(
'result' => false,
'message' => $error
);
}
$error = self::check_return_code($return_var, $output);
if (empty($error)) {
return array(
'result' => true
);
}
else {
return array( return array(
'result' => false, 'result' => false,
'message' => $error 'message' => $error
@ -249,16 +224,13 @@ class FileManager {
$item = $this->formatFullPath($item); $item = $this->formatFullPath($item);
$dst_item = $this->formatFullPath($target_dir); $dst_item = $this->formatFullPath($target_dir);
exec (VESTA_CMD . "v-extract-fs-archive {$this->user} {$item} {$dst_item}", $output, $return_var); $error = self::v_exec('v-extract-fs-archive', [$this->user, $item, $dst_item]);
$error = self::check_return_code($return_var, $output);
if (empty($error)) { if (empty($error)) {
return array( return array(
'result' => true 'result' => true
); );
} } else {
else {
return array( return array(
'result' => false, 'result' => false,
'message' => $error 'message' => $error
@ -272,16 +244,13 @@ class FileManager {
//var_dump(VESTA_CMD . "v-move-fs-file {$this->user} {$item} {$dst_item}");die(); //var_dump(VESTA_CMD . "v-move-fs-file {$this->user} {$item} {$dst_item}");die();
exec (VESTA_CMD . "v-move-fs-file {$this->user} {$item} {$dst_item}", $output, $return_var); $error = self::v_exec('v-move-fs-file', [$this->user, $item, $dst_item]);
$error = self::check_return_code($return_var, $output);
if (empty($error)) { if (empty($error)) {
return array( return array(
'result' => true 'result' => true
); );
} } else {
else {
return array( return array(
'result' => false, 'result' => false,
'message' => $error 'message' => $error
@ -298,17 +267,13 @@ class FileManager {
); );
} }
$error = self::v_exec('v-move-fs-directory', [$this->user, $item, $dst_item]);
exec (VESTA_CMD . "v-move-fs-directory {$this->user} {$item} {$dst_item}", $output, $return_var);
$error = self::check_return_code($return_var, $output);
if (empty($error)) { if (empty($error)) {
return array( return array(
'result' => true 'result' => true
); );
} } else {
else {
return array( return array(
'result' => false, 'result' => false,
'message' => $error 'message' => $error
@ -319,16 +284,13 @@ class FileManager {
function createDir($dir, $dirname) { function createDir($dir, $dirname) {
$dir = $this->formatFullPath($dir . '/' . $dirname); $dir = $this->formatFullPath($dir . '/' . $dirname);
exec (VESTA_CMD . "v-add-fs-directory {$this->user} {$dir}", $output, $return_var); $error = self::v_exec('v-add-fs-directory', [$this->user, $dir]);
$error = self::check_return_code($return_var, $output);
if (empty($error)) { if (empty($error)) {
return array( return array(
'result' => true 'result' => true
); );
} } else {
else {
return array( return array(
'result' => false, 'result' => false,
'message' => $error 'message' => $error
@ -338,9 +300,8 @@ class FileManager {
function getDirectoryListing($dir = '') { function getDirectoryListing($dir = '') {
$dir = $this->formatFullPath($dir); $dir = $this->formatFullPath($dir);
exec (VESTA_CMD . "v-list-fs-directory {$this->user} {$dir}", $output, $return_var); self::v_exec('v-list-fs-directory', [$this->user, $dir], false, $output);
return $this->parseListing(explode("\n", $output));
return $this->parseListing($output);
} }
public function ls($dir = '') { public function ls($dir = '') {

31
web/generate/ssl/index.php
View file

@ -31,7 +31,7 @@ $_SESSION['back'] = '';
if (!isset($_POST['generate'])) { if (!isset($_POST['generate'])) {
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/generate_ssl.html'); include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/generate_ssl.html');
include($_SERVER['DOCUMENT_ROOT'].'/templates/footer.html'); include($_SERVER['DOCUMENT_ROOT'].'/templates/footer.html');
exit(); exit;
} }
// Check input // Check input
@ -41,6 +41,7 @@ if (empty($_POST['v_state'])) $errors[] = __('domain');
if (empty($_POST['v_locality'])) $errors[] = __('city'); if (empty($_POST['v_locality'])) $errors[] = __('city');
if (empty($_POST['v_org'])) $errors[] = __('organization'); if (empty($_POST['v_org'])) $errors[] = __('organization');
if (empty($_POST['v_email'])) $errors[] = __('email'); if (empty($_POST['v_email'])) $errors[] = __('email');
$v_domain = $_POST['v_domain']; $v_domain = $_POST['v_domain'];
$v_email = $_POST['v_email']; $v_email = $_POST['v_email'];
$v_country = $_POST['v_country']; $v_country = $_POST['v_country'];
@ -61,44 +62,24 @@ if (!empty($errors[0])) {
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/generate_ssl.html'); include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/generate_ssl.html');
include($_SERVER['DOCUMENT_ROOT'].'/templates/footer.html'); include($_SERVER['DOCUMENT_ROOT'].'/templates/footer.html');
unset($_SESSION['error_msg']); unset($_SESSION['error_msg']);
exit(); exit;
} }
// Protect input $return_var = v_exec('v-generate-ssl-cert', [$v_domain, $v_email, $v_country, $v_state, $v_locality, $v_org, 'IT', 'json'], true, $output);
$v_domain = escapeshellarg($_POST['v_domain']);
$v_email = escapeshellarg($_POST['v_email']);
$v_country = escapeshellarg($_POST['v_country']);
$v_state = escapeshellarg($_POST['v_state']);
$v_locality = escapeshellarg($_POST['v_locality']);
$v_org = escapeshellarg($_POST['v_org']);
exec (VESTA_CMD."v-generate-ssl-cert ".$v_domain." ".$v_email." ".$v_country." ".$v_state." ".$v_locality." ".$v_org." IT json", $output, $return_var);
// Revert to raw values
$v_domain = $_POST['v_domain'];
$v_email = $_POST['v_email'];
$v_country = $_POST['v_country'];
$v_state = $_POST['v_state'];
$v_locality = $_POST['v_locality'];
$v_org = $_POST['v_org'];
// Check return code // Check return code
if ($return_var != 0) { if ($return_var != 0) {
$error = implode('<br>', $output);
if (empty($error)) $error = __('Error code:',$return_var);
$_SESSION['error_msg'] = $error;
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/generate_ssl.html'); include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/generate_ssl.html');
include($_SERVER['DOCUMENT_ROOT'].'/templates/footer.html'); include($_SERVER['DOCUMENT_ROOT'].'/templates/footer.html');
unset($_SESSION['error_msg']); unset($_SESSION['error_msg']);
exit(); exit;
} }
// OK message // OK message
$_SESSION['ok_msg'] = __('SSL_GENERATED_OK'); $_SESSION['ok_msg'] = __('SSL_GENERATED_OK');
// Parse output // Parse output
$data = json_decode(implode('', $output), true); $data = json_decode($output, true);
unset($output);
$v_crt = $data[$v_domain]['CRT']; $v_crt = $data[$v_domain]['CRT'];
$v_key = $data[$v_domain]['KEY']; $v_key = $data[$v_domain]['KEY'];
$v_csr = $data[$v_domain]['CSR']; $v_csr = $data[$v_domain]['CSR'];

85
web/inc/exec.php Normal file
View file

@ -0,0 +1,85 @@
<?php
// Secure `exec` wrapper functions
define('SUDO_CMD', '/usr/bin/sudo');
define('VESTA_BIN_DIR', '/usr/local/vesta/bin/');
define('VESTA_CMD', SUDO_CMD.' '.VESTA_BIN_DIR);
function check_error($return_var) {
if ($return_var > 0) {
header('Location: /error/');
exit;
}
}
function check_return_code($return_var, $output) {
if ($return_var != 0) {
$error = implode('<br>', $output);
if (empty($error)) $error = __('Error code:', $return_var);
$_SESSION['error_msg'] = $error;
}
}
/**
* Build shell command arguments from a string array.
* @param string[] $arguments Unescaped command line arguments. (eg. ['-a', "b'c"], default: [])
* @return string Escaped arguments.
*/
function build_shell_args($arguments=[]) {
$ret = [];
// Convert $arguments to an array
if (!is_array($arguments)) $arguments = !is_null($arguments) ? [$arguments] : [];
foreach ($arguments as $arg) {
// Convert $arg to a string if $arg is an array (for an argument like this: ?abc[def]=ghi)
if (is_array($arg)) $arg = implode('', $arg);
// Convert $arg to a string (just in case)
if (!is_string($arg)) $arg = (string)$arg;
// Append the argument
$ret[] = escapeshellarg($arg);
}
return implode(' ', $ret);
}
/**
* Execute a command.
* @param string $command Command to execute. (eg. ls)
* @param string[] $arguments (optional) Unescaped command line arguments. (eg. ['-a', '/'], default: [])
* @param string &$output (optional) Variable to contain output from the command.
* @return int Exit code (return status) of the executed command.
*/
function safe_exec($command, $arguments=[], &$output=null) {
$cmd = build_shell_args($command);
$arg = build_shell_args($arguments);
if (!empty($arg)) {
$cmd .= ' ' . $arg;
}
// Execute
exec($cmd, $rawOutput, $status);
$output = implode("\n", $rawOutput);
return $status;
}
/**
* Execute a vesta command line APIs (VESTA_CMD/v-*).
* (Wrapper function of `safe_exec`.)
* @see safe_exec
* @param string $command Command to execute. (eg. v-search-object)
* @param string[] $arguments (optional) Unescaped command line arguments. (eg. ["We've", 'json'], default: [])
* @param bool $checkReturn (optional) If this set to true, check_return_code will be called after the command executes. (default: true)
* @param string &$output (optional) Variable to contain output from the command.
* @return int Exit code (return status) of the executed command.
*/
function v_exec($command, $arguments=[], $checkReturn=true, &$output=null) {
// Check command
if (preg_match('#^\.*$|/#', $command)) return -1;
// Convert $arguments to an array
if (!is_array($arguments)) $arguments = !is_null($arguments) ? [$arguments] : [];
// Execute
$status = safe_exec([SUDO_CMD, VESTA_BIN_DIR.$command], $arguments, $output);
if ($checkReturn) {
check_return_code($status, explode("\n", $output));
}
return $status;
}

17
web/inc/i18n.php
View file

@ -1,6 +1,8 @@
<?php <?php
// Functions for internationalization // Functions for internationalization
require_once(__DIR__.'/exec.php');
/** /**
* Translates string to given language in first parameter, key given in second parameter (dynamically loads required language). Works like spritf from second parameter * Translates string to given language in first parameter, key given in second parameter (dynamically loads required language). Works like spritf from second parameter
* @global array $LANG Associative array of language pharses * @global array $LANG Associative array of language pharses
@ -16,7 +18,7 @@ function _translate() {
$key = $args[1]; $key = $args[1];
if (!isset($LANG[$l])) { if (!isset($LANG[$l])) {
require_once($_SERVER['DOCUMENT_ROOT'].'/inc/i18n/'.$l.'.php'); require_once(__DIR__."/i18n/$l.php");
} }
if (!isset($LANG[$l][$key])) { if (!isset($LANG[$l][$key])) {
@ -28,7 +30,7 @@ function _translate() {
array_shift($args); array_shift($args);
if (count($args) > 1) { if (count($args) > 1) {
$args[0] = $text; $args[0] = $text;
return call_user_func_array("sprintf",$args); return call_user_func_array('sprintf', $args);
} else { } else {
return $text; return $text;
} }
@ -43,7 +45,7 @@ function _translate() {
function __() { function __() {
$args = func_get_args(); $args = func_get_args();
array_unshift($args, $_SESSION['language']); array_unshift($args, $_SESSION['language']);
return call_user_func_array("_translate",$args); return call_user_func_array('_translate', $args);
} }
/** /**
@ -86,16 +88,15 @@ function detect_user_language($fallback='en') {
arsort($accept_langs_sorted); arsort($accept_langs_sorted);
// List languages // List languages
exec (VESTA_CMD."v-list-sys-languages json", $output, $return_var); v_exec('v-list-sys-languages', ['json'], false, $output);
$languages = json_decode(implode('', $output), true); $languages = json_decode($output, true);
unset($output);
// Find best matching language // Find best matching language
foreach ($accept_langs_sorted as $user_lang => $dummy) { foreach ($accept_langs_sorted as $req_lang => $dummy) {
$decision = ''; $decision = '';
foreach ($languages as $prov_lang) { foreach ($languages as $prov_lang) {
if (strlen($decision) > strlen($prov_lang)) continue; if (strlen($decision) > strlen($prov_lang)) continue;
if (strpos($user_lang, $prov_lang) !== false) { if (stripos($req_lang, $prov_lang) !== false) {
$decision = $prov_lang; $decision = $prov_lang;
} }
} }

5
web/inc/mail-wrapper.php
View file

@ -8,13 +8,14 @@ if (empty($argv[1])) {
$options = getopt("s:f:"); $options = getopt("s:f:");
require_once(__DIR__.'/exec.php');
define('NO_AUTH_REQUIRED', true); define('NO_AUTH_REQUIRED', true);
include("/usr/local/vesta/web/inc/main.php"); include("/usr/local/vesta/web/inc/main.php");
// Set system language // Set system language
exec (VESTA_CMD . "v-list-sys-config json", $output, $return_var); v_exec('v-list-sys-config', ['json'], false, $output);
$data = json_decode(implode('', $output), true); $data = json_decode($output, true);
if (!empty($data['config']['LANGUAGE'])) { if (!empty($data['config']['LANGUAGE'])) {
$_SESSION['language'] = $data['config']['LANGUAGE']; $_SESSION['language'] = $data['config']['LANGUAGE'];
} else { } else {

36
web/inc/main.php
View file

@ -1,7 +1,8 @@
<?php <?php
session_start(); session_start();
require_once($_SERVER['DOCUMENT_ROOT'].'/inc/i18n.php'); require_once(__DIR__ . '/exec.php');
require_once(__DIR__ . '/i18n.php');
// Check system settings // Check system settings
if ((!isset($_SESSION['VERSION'])) && (!defined('NO_AUTH_REQUIRED'))) { if ((!isset($_SESSION['VERSION'])) && (!defined('NO_AUTH_REQUIRED'))) {
@ -25,8 +26,6 @@ if (isset($_SESSION['user'])) {
} }
} }
define('VESTA_CMD', '/usr/bin/sudo /usr/local/vesta/bin/');
$i = 0; $i = 0;
if (isset($_SESSION['language'])) { if (isset($_SESSION['language'])) {
@ -60,9 +59,9 @@ if (isset($_SESSION['look']) && ( $_SESSION['look'] != 'admin' )) {
} }
function get_favourites(){ function get_favourites(){
exec (VESTA_CMD."v-list-user-favourites ".$_SESSION['user']." json", $output, $return_var); v_exec('v-list-user-favourites', [$_SESSION['user'], 'json'], false, $output);
// $data = json_decode(implode('', $output).'}', true); // $data = json_decode($output.'}', true);
$data = json_decode(implode('', $output), true); $data = json_decode($output, true);
$data = array_reverse($data, true); $data = array_reverse($data, true);
$favourites = array(); $favourites = array();
@ -79,33 +78,14 @@ function get_favourites(){
$_SESSION['favourites'] = $favourites; $_SESSION['favourites'] = $favourites;
} }
function check_error($return_var) {
if ( $return_var > 0 ) {
header("Location: /error/");
exit;
}
}
function check_return_code($return_var,$output) {
if ($return_var != 0) {
$error = implode('<br>', $output);
if (empty($error)) $error = __('Error code:',$return_var);
$_SESSION['error_msg'] = $error;
}
}
function top_panel($user, $TAB) { function top_panel($user, $TAB) {
global $panel; global $panel;
$command = VESTA_CMD."v-list-user '".$user."' 'json'"; $return_var = v_exec('v-list-user', [$user, 'json'], false, $output);
exec ($command, $output, $return_var);
if ($return_var > 0) { if ($return_var > 0) {
header("Location: /error/"); header('Location: /error/');
exit; exit;
} }
$panel = json_decode(implode('', $output), true); $panel = json_decode($output, true);
unset($output);
if ($user == 'admin') { if ($user == 'admin') {
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/panel.html'); include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/panel.html');
} else { } else {

5
web/list/backup/exclusions/index.php
View file

@ -12,9 +12,8 @@ include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
top_panel($user,$TAB); top_panel($user,$TAB);
// Data // Data
exec (VESTA_CMD."v-list-user-backup-exclusions $user json", $output, $return_var); v_exec('v-list-user-backup-exclusions', [$user, 'json'], false, $output);
$data = json_decode(implode('', $output), true); $data = json_decode($output, true);
unset($output);
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_backup_exclusions.html'); include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_backup_exclusions.html');
// Back uri // Back uri

10
web/list/backup/index.php
View file

@ -13,16 +13,14 @@ top_panel($user,$TAB);
// Data // Data
if (empty($_GET['backup'])){ if (empty($_GET['backup'])){
exec (VESTA_CMD."v-list-user-backups $user json", $output, $return_var); v_exec('v-list-user-backups', [$user, 'json'], false, $output);
$data = json_decode(implode('', $output), true); $data = json_decode($output, true);
$data = array_reverse($data, true); $data = array_reverse($data, true);
unset($output);
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_backup.html'); include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_backup.html');
} else { } else {
exec (VESTA_CMD."v-list-user-backup $user '".escapeshellarg($_GET['backup'])."' json", $output, $return_var); v_exec('v-list-user-backup', [$user, $_GET['backup'], 'json'], false, $output);
$data = json_decode(implode('', $output), true); $data = json_decode($output, true);
$data = array_reverse($data, true); $data = array_reverse($data, true);
unset($output);
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_backup_detail.html'); include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_backup_detail.html');
} }

5
web/list/cron/index.php
View file

@ -13,10 +13,9 @@ include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
top_panel($user,$TAB); top_panel($user,$TAB);
// Data // Data
exec (VESTA_CMD."v-list-cron-jobs $user json", $output, $return_var); v_exec('v-list-cron-jobs', [$user, 'json'], false, $output);
$data = json_decode(implode('', $output), true); $data = json_decode($output, true);
$data = array_reverse($data, true); $data = array_reverse($data, true);
unset($output);
if ($_SESSION['user'] == 'admin') { if ($_SESSION['user'] == 'admin') {
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_cron.html'); include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_cron.html');

5
web/list/db/index.php
View file

@ -12,10 +12,9 @@ include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
top_panel($user,$TAB); top_panel($user,$TAB);
// Data // Data
exec (VESTA_CMD."v-list-databases $user json", $output, $return_var); v_exec('v-list-databases', [$user, 'json'], false, $output);
$data = json_decode(implode('', $output), true); $data = json_decode($output, true);
$data = array_reverse($data, true); $data = array_reverse($data, true);
unset($output);
if ($_SESSION['user'] == 'admin') { if ($_SESSION['user'] == 'admin') {
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_db.html'); include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_db.html');

5
web/list/directory/index.php
View file

@ -15,13 +15,12 @@ if (($_SESSION['user'] == 'admin') && (!empty($_SESSION['look']))) {
} }
if (empty($panel)) { if (empty($panel)) {
$command = VESTA_CMD."v-list-user '".$user."' 'json'"; $return_var = v_exec('v-list-user', [$user, 'json'], false, $output);
exec ($command, $output, $return_var);
if ($return_var > 0) { if ($return_var > 0) {
header("Location: /error/"); header("Location: /error/");
exit; exit;
} }
$panel = json_decode(implode('', $output), true); $panel = json_decode($output, true);
} }
$path_a = !empty($_REQUEST['dir_a']) ? $_REQUEST['dir_a'] : ''; $path_a = !empty($_REQUEST['dir_a']) ? $_REQUEST['dir_a'] : '';

10
web/list/dns/index.php
View file

@ -14,20 +14,18 @@ top_panel($user,$TAB);
// Data // Data
if (empty($_GET['domain'])){ if (empty($_GET['domain'])){
exec (VESTA_CMD."v-list-dns-domains $user json", $output, $return_var); v_exec('v-list-dns-domains', [$user, 'json'], false, $output);
$data = json_decode(implode('', $output), true); $data = json_decode($output, true);
$data = array_reverse($data, true); $data = array_reverse($data, true);
unset($output);
if ($_SESSION['user'] == 'admin') { if ($_SESSION['user'] == 'admin') {
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_dns.html'); include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_dns.html');
} else { } else {
include($_SERVER['DOCUMENT_ROOT'].'/templates/user/list_dns.html'); include($_SERVER['DOCUMENT_ROOT'].'/templates/user/list_dns.html');
} }
} else { } else {
exec (VESTA_CMD."v-list-dns-records '".$user."' '".escapeshellarg($_GET['domain'])."' 'json'", $output, $return_var); v_exec('v-list-dns-records', [$user, $_GET['domain'], 'json'], false, $output);
$data = json_decode(implode('', $output), true); $data = json_decode($output, true);
$data = array_reverse($data, true); $data = array_reverse($data, true);
unset($output);
if ($_SESSION['user'] == 'admin') { if ($_SESSION['user'] == 'admin') {
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_dns_rec.html'); include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_dns_rec.html');
} else { } else {

8
web/list/favorites/index.php
View file

@ -5,20 +5,20 @@ error_reporting(NULL);
echo '<br> Favorites: <br>'; echo '<br> Favorites: <br>';
// Data // Data
exec (VESTA_CMD."v-list-user-favourites ".$_SESSION['user']." json", $output, $return_var); v_exec('v-list-user-favourites', [$_SESSION['user'], 'json'], false, $output);
// print_r(implode('', $output)); // print_r($output);
// $json = '{ "Favourites": { "USER": "", "WEB": "bulletfarm.com", "DNS": "", "MAIL": "", "DB": "", "CRON": "", "BACKUP": "", "IP": "", "PACKAGE": "", "FIREWALL": ""}}'; // $json = '{ "Favourites": { "USER": "", "WEB": "bulletfarm.com", "DNS": "", "MAIL": "", "DB": "", "CRON": "", "BACKUP": "", "IP": "", "PACKAGE": "", "FIREWALL": ""}}';
// $data = json_decode($json, true); // $data = json_decode($json, true);
$data = json_decode(implode('', $output).'}', true); $data = json_decode($output.'}', true);
$data = array_reverse($data, true); $data = array_reverse($data, true);
print_r($data); print_r($data);
// $data = array_reverse($data,true); // $data = array_reverse($data,true);
// $data = json_decode(implode('', $output), true); // $data = json_decode($output, true);
?> ?>

5
web/list/firewall/banlist/index.php
View file

@ -19,10 +19,9 @@ include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
top_panel($user,$TAB); top_panel($user,$TAB);
// Data // Data
exec (VESTA_CMD."v-list-firewall-ban json", $output, $return_var); v_exec('v-list-firewall-ban', ['json'], false, $output);
$data = json_decode(implode('', $output), true); $data = json_decode($output, true);
$data = array_reverse($data, true); $data = array_reverse($data, true);
unset($output);
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_firewall_banlist.html'); include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_firewall_banlist.html');
// Back uri // Back uri

5
web/list/firewall/index.php
View file

@ -19,10 +19,9 @@ include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
top_panel($user,$TAB); top_panel($user,$TAB);
// Data // Data
exec (VESTA_CMD."v-list-firewall json", $output, $return_var); v_exec('v-list-firewall', ['json'], false, $output);
$data = json_decode(implode('', $output), true); $data = json_decode($output, true);
$data = array_reverse($data, true); $data = array_reverse($data, true);
unset($output);
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_firewall.html'); include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_firewall.html');
// Back uri // Back uri

5
web/list/ip/index.php
View file

@ -13,10 +13,9 @@ top_panel($user,$TAB);
// Data // Data
if ($_SESSION['user'] == 'admin') { if ($_SESSION['user'] == 'admin') {
exec (VESTA_CMD."v-list-sys-ips json", $output, $return_var); v_exec('v-list-sys-ips', ['json'], false, $output);
$data = json_decode(implode('', $output), true); $data = json_decode($output, true);
$data = array_reverse($data, true); $data = array_reverse($data, true);
unset($output);
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_ip.html'); include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_ip.html');
} }

5
web/list/log/index.php
View file

@ -12,11 +12,10 @@ include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
top_panel($user,$TAB); top_panel($user,$TAB);
// Data // Data
exec (VESTA_CMD."v-list-user-log $user json", $output, $return_var); $return_var = v_exec('v-list-user-log', [$user, 'json'], false, $output);
check_error($return_var); check_error($return_var);
$data = json_decode(implode('', $output), true); $data = json_decode($output, true);
$data = array_reverse($data); $data = array_reverse($data);
unset($output);
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_log.html'); include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_log.html');

10
web/list/mail/index.php
View file

@ -14,20 +14,18 @@ top_panel($user,$TAB);
// Data // Data
if (empty($_GET['domain'])){ if (empty($_GET['domain'])){
exec (VESTA_CMD."v-list-mail-domains $user json", $output, $return_var); v_exec('v-list-mail-domains', [$user, 'json'], false, $output);
$data = json_decode(implode('', $output), true); $data = json_decode($output, true);
$data = array_reverse($data, true); $data = array_reverse($data, true);
unset($output);
if ($_SESSION['user'] == 'admin') { if ($_SESSION['user'] == 'admin') {
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_mail.html'); include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_mail.html');
} else { } else {
include($_SERVER['DOCUMENT_ROOT'].'/templates/user/list_mail.html'); include($_SERVER['DOCUMENT_ROOT'].'/templates/user/list_mail.html');
} }
} else { } else {
exec (VESTA_CMD."v-list-mail-accounts '".$user."' '".escapeshellarg($_GET['domain'])."' json", $output, $return_var); v_exec('v-list-mail-accounts', [$user, $_GET['domain'], 'json'], false, $output);
$data = json_decode(implode('', $output), true); $data = json_decode($output, true);
$data = array_reverse($data, true); $data = array_reverse($data, true);
unset($output);
if ($_SESSION['user'] == 'admin') { if ($_SESSION['user'] == 'admin') {
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_mail_acc.html'); include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_mail_acc.html');
} else { } else {

10
web/list/notifications/index.php
View file

@ -7,15 +7,15 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
if ($_REQUEST['ajax'] == 1) { if ($_REQUEST['ajax'] == 1) {
// Data // Data
exec (VESTA_CMD."v-list-user-notifications $user json", $output, $return_var); v_exec('v-list-user-notifications', [$user, 'json'], false, $output);
$data = json_decode(implode('', $output), true); $data = json_decode($output, true);
$data = array_reverse($data, true); $data = array_reverse($data, true);
foreach ($data as $key => $note) { foreach ($data as $key => $note) {
$note['ID'] = $key; $note['ID'] = $key;
$data[$key] = $note; $data[$key] = $note;
} }
echo json_encode($data); echo json_encode($data);
exit(); exit;
} }
@ -28,8 +28,8 @@ include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
top_panel($user,$TAB); top_panel($user,$TAB);
// Data // Data
exec (VESTA_CMD."v-list-user-notifications $user json", $output, $return_var); v_exec('v-list-user-notifications', [$user, 'json'], false, $output);
$data = json_decode(implode('', $output), true); $data = json_decode($output, true);
$data = array_reverse($data, true); $data = array_reverse($data, true);
if ($_SESSION['user'] == 'admin') { if ($_SESSION['user'] == 'admin') {
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_notifications.html'); include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_notifications.html');

5
web/list/package/index.php
View file

@ -18,9 +18,8 @@ include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
top_panel($user,$TAB); top_panel($user,$TAB);
// Data // Data
exec (VESTA_CMD."v-list-user-packages json", $output, $return_var); v_exec('v-list-user-packages', ['json'], false, $output);
$data = json_decode(implode('', $output), true); $data = json_decode($output, true);
unset($output);
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_packages.html'); include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_packages.html');
// Back uri // Back uri

5
web/list/rrd/index.php
View file

@ -13,9 +13,8 @@ top_panel($user,$TAB);
// Data // Data
if ($_SESSION['user'] == 'admin') { if ($_SESSION['user'] == 'admin') {
exec (VESTA_CMD."v-list-sys-rrd json", $output, $return_var); v_exec('v-list-sys-rrd', ['json'], false, $output);
$data = json_decode(implode('', $output), true); $data = json_decode($output, true);
unset($output);
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_rrd.html'); include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_rrd.html');
} }

76
web/list/server/index.php
View file

@ -15,60 +15,50 @@ if ($_SESSION['user'] != 'admin') {
if (isset($_GET['cpu'])) { if (isset($_GET['cpu'])) {
$TAB = 'CPU'; $TAB = 'CPU';
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_server_info.html'); include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_server_info.html');
exec (VESTA_CMD.'v-list-sys-cpu-status', $output, $return_var); v_exec('v-list-sys-cpu-status', [], false, $output);
foreach($output as $file) { echo $output . "\n";
echo $file . "\n";
}
echo " </pre>\n</body>\n</html>\n"; echo " </pre>\n</body>\n</html>\n";
exit(); exit;
} }
// Memory info // Memory info
if (isset($_GET['mem'])) { if (isset($_GET['mem'])) {
$TAB = 'MEMORY'; $TAB = 'MEMORY';
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_server_info.html'); include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_server_info.html');
exec (VESTA_CMD.'v-list-sys-memory-status', $output, $return_var); v_exec('v-list-sys-memory-status', [], false, $output);
foreach($output as $file) { echo $output . "\n";
echo $file . "\n";
}
echo " </pre>\n</body>\n</html>\n"; echo " </pre>\n</body>\n</html>\n";
exit(); exit;
} }
// Disk info // Disk info
if (isset($_GET['disk'])) { if (isset($_GET['disk'])) {
$TAB = 'MEMORY'; $TAB = 'MEMORY';
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_server_info.html'); include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_server_info.html');
exec (VESTA_CMD.'v-list-sys-disk-status', $output, $return_var); v_exec('v-list-sys-disk-status', [], false, $output);
foreach($output as $file) { echo $output . "\n";
echo $file . "\n";
}
echo " </pre>\n</body>\n</html>\n"; echo " </pre>\n</body>\n</html>\n";
exit(); exit;
} }
// Network info // Network info
if (isset($_GET['net'])) { if (isset($_GET['net'])) {
$TAB = 'MEMORY'; $TAB = 'MEMORY';
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_server_info.html'); include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_server_info.html');
exec (VESTA_CMD.'v-list-sys-network-status', $output, $return_var); v_exec('v-list-sys-network-status', [], false, $output);
foreach($output as $file) { echo $output . "\n";
echo $file . "\n";
}
echo " </pre>\n</body>\n</html>\n"; echo " </pre>\n</body>\n</html>\n";
exit(); exit;
} }
// Web info // Web info
if (isset($_GET['web'])) { if (isset($_GET['web'])) {
$TAB = 'WEB'; $TAB = 'WEB';
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_server_info.html'); include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_server_info.html');
exec (VESTA_CMD.'v-list-sys-web-status', $output, $return_var); v_exec('v-list-sys-web-status', [], false, $output);
foreach($output as $file) { echo $output . "\n";
echo $file . "\n";
}
echo " </pre>\n</body>\n</html>\n"; echo " </pre>\n</body>\n</html>\n";
exit(); exit;
} }
@ -76,40 +66,34 @@ if (isset($_GET['web'])) {
if (isset($_GET['dns'])) { if (isset($_GET['dns'])) {
$TAB = 'DNS'; $TAB = 'DNS';
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_server_info.html'); include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_server_info.html');
exec (VESTA_CMD.'v-list-sys-dns-status', $output, $return_var); $return_var = v_exec('v-list-sys-dns-status', [], false, $output);
foreach($output as $file) { echo $output . "\n";
echo $file . "\n";
}
echo " </pre>\n</body>\n</html>\n"; echo " </pre>\n</body>\n</html>\n";
exit(); exit;
} }
// Mail info // Mail info
if (isset($_GET['mail'])) { if (isset($_GET['mail'])) {
$TAB = 'MAIL'; $TAB = 'MAIL';
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_server_info.html'); include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_server_info.html');
exec (VESTA_CMD.'v-list-sys-mail-status', $output, $return_var); $return_var = v_exec('v-list-sys-mail-status', [], false, $output);
if ($return_var == 0) { if ($return_var == 0) {
foreach($output as $file) { echo $output . "\n";
echo $file . "\n";
}
} }
echo " </pre>\n</body>\n</html>\n"; echo " </pre>\n</body>\n</html>\n";
exit(); exit;
} }
// DB info // DB info
if (isset($_GET['db'])) { if (isset($_GET['db'])) {
$TAB = 'DB'; $TAB = 'DB';
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_server_info.html'); include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_server_info.html');
exec (VESTA_CMD.'v-list-sys-db-status', $output, $return_var); $return_var = v_exec('v-list-sys-db-status', [], false, $output);
if ($return_var == 0) { if ($return_var == 0) {
foreach($output as $file) { echo $output . "\n";
echo $file . "\n";
}
} }
echo " </pre>\n</body>\n</html>\n"; echo " </pre>\n</body>\n</html>\n";
exit(); exit;
} }
@ -120,12 +104,12 @@ include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
top_panel($user,$TAB); top_panel($user,$TAB);
// Data // Data
exec (VESTA_CMD."v-list-sys-info json", $output, $return_var); v_exec('v-list-sys-info', ['json'], false, $output);
$sys = json_decode(implode('', $output), true); $sys = json_decode($output, true);
unset($output);
exec (VESTA_CMD."v-list-sys-services json", $output, $return_var); v_exec('v-list-sys-services', ['json'], false, $output);
$data = json_decode(implode('', $output), true); $data = json_decode($output, true);
unset($output);
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_services.html'); include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_services.html');
// Back uri // Back uri

22
web/list/stats/index.php
View file

@ -14,28 +14,24 @@ top_panel($user,$TAB);
// Data // Data
if ($user == 'admin') { if ($user == 'admin') {
if (empty($_GET['user'])) { if (empty($_GET['user'])) {
exec (VESTA_CMD."v-list-users-stats json", $output, $return_var); v_exec('v-list-users-stats', ['json'], false, $output);
$data = json_decode(implode('', $output), true); $data = json_decode($output, true);
$data = array_reverse($data, true); $data = array_reverse($data, true);
unset($output);
} else { } else {
$v_user = escapeshellarg($_GET['user']); $v_user = $_GET['user'];
exec (VESTA_CMD."v-list-user-stats $v_user json", $output, $return_var); v_exec('v-list-user-stats', [$v_user, 'json'], false, $output);
$data = json_decode(implode('', $output), true); $data = json_decode($output, true);
$data = array_reverse($data, true); $data = array_reverse($data, true);
unset($output);
} }
exec (VESTA_CMD."v-list-sys-users 'json'", $output, $return_var); v_exec('v-list-sys-users', ['json'], false, $output);
$users = json_decode(implode('', $output), true); $users = json_decode($output, true);
unset($output);
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_stats.html'); include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_stats.html');
} else { } else {
exec (VESTA_CMD."v-list-user-stats $user json", $output, $return_var); v_exec('v-list-user-stats', [$user, 'json'], false, $output);
$data = json_decode(implode('', $output), true); $data = json_decode($output, true);
$data = array_reverse($data, true); $data = array_reverse($data, true);
unset($output);
include($_SERVER['DOCUMENT_ROOT'].'/templates/user/list_stats.html'); include($_SERVER['DOCUMENT_ROOT'].'/templates/user/list_stats.html');
} }

11
web/list/updates/index.php
View file

@ -13,12 +13,11 @@ top_panel($user,$TAB);
// Data // Data
if ($_SESSION['user'] == 'admin') { if ($_SESSION['user'] == 'admin') {
exec (VESTA_CMD."v-list-sys-vesta-updates json", $output, $return_var); v_exec('v-list-sys-vesta-updates', ['json'], false, $output);
$data = json_decode(implode('', $output), true); $data = json_decode($output, true);
unset($output);
exec (VESTA_CMD."v-list-sys-vesta-autoupdate plain", $output, $return_var); v_exec('v-list-sys-vesta-autoupdate', ['plain'], false, $output);
$autoupdate = $output['0']; $autoupdate = strtok($output, "\n");
unset($output);
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_updates.html'); include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_updates.html');
} }

10
web/list/user/index.php
View file

@ -15,17 +15,17 @@ top_panel($user,$TAB);
// Data // Data
if ($_SESSION['user'] == 'admin') { if ($_SESSION['user'] == 'admin') {
if ($user == 'admin') { if ($user == 'admin') {
exec (VESTA_CMD . "v-list-users json", $output, $return_var); v_exec('v-list-users', ['json'], false, $output);
} else { } else {
exec (VESTA_CMD . "v-list-user ".$user." json", $output, $return_var); v_exec('v-list-user', [$user, 'json'], false, $output);
} }
$data = json_decode(implode('', $output), true); $data = json_decode($output, true);
$data = array_reverse($data, true); $data = array_reverse($data, true);
display_error_block(); display_error_block();
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_user.html'); include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_user.html');
} else { } else {
exec (VESTA_CMD . "v-list-user ".$user." json", $output, $return_var); v_exec('v-list-user', [$user, 'json'], false, $output);
$data = json_decode(implode('', $output), true); $data = json_decode($output, true);
display_error_block(); display_error_block();
include($_SERVER['DOCUMENT_ROOT'].'/templates/user/list_user.html'); include($_SERVER['DOCUMENT_ROOT'].'/templates/user/list_user.html');
} }

9
web/list/web-log/index.php
View file

@ -7,15 +7,14 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Header // Header
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_weblog.html'); include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_weblog.html');
$v_domain = escapeshellarg($_GET['domain']); $v_domain = $_GET['domain'];
if ($_GET['type'] == 'access') $type = 'access'; if ($_GET['type'] == 'access') $type = 'access';
if ($_GET['type'] == 'error') $type = 'error'; if ($_GET['type'] == 'error') $type = 'error';
exec (VESTA_CMD."v-list-web-domain-".$type."log $user ".$v_domain, $output, $return_var); $return_var = v_exec("v-list-web-domain-{$type}log", [$user, $v_domain], false, $output);
if ($return_var == 0) { if ($return_var == 0) {
foreach($output as $file) { print $output . "\n";
echo $file . "\n";
}
} }
echo " </pre>\n</body>\n</html>\n"; echo " </pre>\n</body>\n</html>\n";

4
web/list/web/index.php
View file

@ -12,8 +12,8 @@ include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
top_panel($user,$TAB); top_panel($user,$TAB);
// Data // Data
exec (VESTA_CMD."v-list-web-domains $user json", $output, $return_var); v_exec('v-list-web-domains', [$user, 'json'], false, $output);
$data = json_decode(implode('', $output), true); $data = json_decode($output, true);
$data = array_reverse($data, true); $data = array_reverse($data, true);
if ($_SESSION['user'] == 'admin') { if ($_SESSION['user'] == 'admin') {
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_web.html'); include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_web.html');

21
web/login/index.php
View file

@ -21,9 +21,9 @@ if (isset($_GET['logout'])) {
// Login as someone else // Login as someone else
if (isset($_SESSION['user'])) { if (isset($_SESSION['user'])) {
if ($_SESSION['user'] == 'admin' && !empty($_GET['loginas'])) { if ($_SESSION['user'] == 'admin' && !empty($_GET['loginas'])) {
exec (VESTA_CMD . "v-list-user ".escapeshellarg($_GET['loginas'])." json", $output, $return_var); $return_var = v_exec('v-list-user', [$_GET['loginas'], 'json'], false, $output);
if ($return_var == 0) { if ($return_var == 0) {
$data = json_decode(implode('', $output), true); $data = json_decode($output, true);
reset($data); reset($data);
$_SESSION['look'] = key($data); $_SESSION['look'] = key($data);
$_SESSION['look_alert'] = 'yes'; $_SESSION['look_alert'] = 'yes';
@ -35,7 +35,7 @@ if (isset($_SESSION['user'])) {
// Basic auth // Basic auth
if (isset($_POST['user']) && isset($_POST['password'])) { if (isset($_POST['user']) && isset($_POST['password'])) {
$v_user = escapeshellarg($_POST['user']); $v_user = $_POST['user'];
// Send password via tmp file // Send password via tmp file
$v_password = exec('mktemp -p /tmp'); $v_password = exec('mktemp -p /tmp');
@ -44,8 +44,7 @@ if (isset($_POST['user']) && isset($_POST['password'])) {
fclose($fp); fclose($fp);
// Check user & password // Check user & password
exec(VESTA_CMD ."v-check-user-password ".$v_user." ".$v_password." ".escapeshellarg($_SERVER['REMOTE_ADDR']), $output, $return_var); $return_var = v_exec('v-check-user-password', [$v_user, $v_password, $_SERVER['REMOTE_ADDR']]);
unset($output);
// Remove tmp file // Remove tmp file
unlink($v_password); unlink($v_password);
@ -53,15 +52,13 @@ if (isset($_POST['user']) && isset($_POST['password'])) {
// Check API answer // Check API answer
if ($return_var > 0) { if ($return_var > 0) {
$ERROR = "<a class=\"error\">".__('Invalid username or password')."</a>"; $ERROR = "<a class=\"error\">".__('Invalid username or password')."</a>";
} else { } else {
// Make root admin user // Make root admin user
if ($_POST['user'] == 'root') $v_user = 'admin'; if ($_POST['user'] == 'root') $v_user = 'admin';
// Get user speciefic parameters // Get user speciefic parameters
exec (VESTA_CMD . "v-list-user ".$v_user." json", $output, $return_var); v_exec('v-list-user', [$v_user, 'json'], false, $output);
$data = json_decode(implode('', $output), true); $data = json_decode($output, true);
// Define session user // Define session user
$_SESSION['user'] = key($data); $_SESSION['user'] = key($data);
@ -75,7 +72,7 @@ if (isset($_POST['user']) && isset($_POST['password'])) {
// Redirect request to control panel interface // Redirect request to control panel interface
if (!empty($_SESSION['request_uri'])) { if (!empty($_SESSION['request_uri'])) {
header("Location: ".$_SESSION['request_uri']); header('Location: '.$_SESSION['request_uri']);
unset($_SESSION['request_uri']); unset($_SESSION['request_uri']);
exit; exit;
} else { } else {
@ -86,8 +83,8 @@ if (isset($_POST['user']) && isset($_POST['password'])) {
} }
// Check system configuration // Check system configuration
exec (VESTA_CMD . "v-list-sys-config json", $output, $return_var); v_exec('v-list-sys-config', ['json'], false, $output);
$data = json_decode(implode('', $output), true); $data = json_decode($output, true);
$sys_arr = $data['config']; $sys_arr = $data['config'];
foreach ($sys_arr as $key => $value) { foreach ($sys_arr as $key => $value) {
$_SESSION[$key] = $value; $_SESSION[$key] = $value;

20
web/reset/index.php
View file

@ -11,28 +11,25 @@ if (isset($_SESSION['user'])) {
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php"); include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
if ((!empty($_POST['user'])) && (empty($_POST['code']))) { if ((!empty($_POST['user'])) && (empty($_POST['code']))) {
$v_user = escapeshellarg($_POST['user']);
$user = $_POST['user']; $user = $_POST['user'];
$cmd="/usr/bin/sudo /usr/local/vesta/bin/v-list-user"; $return_var = v_exec('v-list-user', [$user, 'json'], false, $output);
exec ($cmd." ".$v_user." json", $output, $return_var);
if ($return_var == 0) { if ($return_var == 0) {
$data = json_decode(implode('', $output), true); $data = json_decode($output, true);
$rkey = $data[$user]['RKEY']; $rkey = $data[$user]['RKEY'];
$fname = $data[$user]['FNAME']; $fname = $data[$user]['FNAME'];
$lname = $data[$user]['LNAME']; $lname = $data[$user]['LNAME'];
$contact = $data[$user]['CONTACT']; $contact = $data[$user]['CONTACT'];
$to = $data[$user]['CONTACT']; $to = $data[$user]['CONTACT'];
$subject = __('MAIL_RESET_SUBJECT',date("Y-m-d H:i:s")); $subject = __('MAIL_RESET_SUBJECT', date('Y-m-d H:i:s'));
$hostname = exec('hostname'); $hostname = exec('hostname');
$from = __('MAIL_FROM', $hostname); $from = __('MAIL_FROM', $hostname);
if (!empty($fname)) { if (!empty($fname) || !empty($lname)) {
$mailtext = __('GREETINGS_GORDON_FREEMAN', $fname, $lname); $mailtext = __('GREETINGS_GORDON_FREEMAN', $fname, $lname);
} else { } else {
$mailtext = __('GREETINGS'); $mailtext = __('GREETINGS');
} }
$mailtext .= __('PASSWORD_RESET_REQUEST', $_SERVER['HTTP_HOST'], $user, $rkey, $_SERVER['HTTP_HOST'], $user, $rkey); $mailtext .= __('PASSWORD_RESET_REQUEST', $_SERVER['HTTP_HOST'], $user, $rkey, $_SERVER['HTTP_HOST'], $user, $rkey);
if (!empty($rkey)) send_email($to, $subject, $mailtext, $from); if (!empty($rkey)) send_email($to, $subject, $mailtext, $from);
unset($output);
} }
header("Location: /reset/?action=code&user=".$_POST['user']); header("Location: /reset/?action=code&user=".$_POST['user']);
@ -41,20 +38,17 @@ if ((!empty($_POST['user'])) && (empty($_POST['code']))) {
if ((!empty($_POST['user'])) && (!empty($_POST['code'])) && (!empty($_POST['password'])) ) { if ((!empty($_POST['user'])) && (!empty($_POST['code'])) && (!empty($_POST['password'])) ) {
if ($_POST['password'] == $_POST['password_confirm']) { if ($_POST['password'] == $_POST['password_confirm']) {
$v_user = escapeshellarg($_POST['user']);
$user = $_POST['user']; $user = $_POST['user'];
$cmd="/usr/bin/sudo /usr/local/vesta/bin/v-list-user"; $return_var = v_exec('v-list-user', [$user, 'json'], false, $output);
exec ($cmd." ".$v_user." json", $output, $return_var);
if ($return_var == 0) { if ($return_var == 0) {
$data = json_decode(implode('', $output), true); $data = json_decode($output, true);
$rkey = $data[$user]['RKEY']; $rkey = $data[$user]['RKEY'];
if ($rkey == $_POST['code']) { if ($rkey == $_POST['code']) {
$v_password = tempnam("/tmp","vst"); $v_password = tempnam("/tmp","vst");
$fp = fopen($v_password, "w"); $fp = fopen($v_password, "w");
fwrite($fp, $_POST['password']."\n"); fwrite($fp, $_POST['password']."\n");
fclose($fp); fclose($fp);
$cmd="/usr/bin/sudo /usr/local/vesta/bin/v-change-user-password"; $return_var = v_exec('v-change-user-password', [$user, $v_password], false);
exec ($cmd." ".$v_user." ".$v_password, $output, $return_var);
unlink($v_password); unlink($v_password);
if ($return_var > 0) { if ($return_var > 0) {
$ERROR = "<a class=\"error\">".__('An internal error occurred')."</a>"; $ERROR = "<a class=\"error\">".__('An internal error occurred')."</a>";

16
web/reset/mail/index.php
View file

@ -102,25 +102,21 @@ function to64 ($v, $n)
// Check arguments // Check arguments
if ((!empty($_POST['email'])) && (!empty($_POST['password'])) && (!empty($_POST['new']))) { if ((!empty($_POST['email'])) && (!empty($_POST['password'])) && (!empty($_POST['new']))) {
list($v_account, $v_domain) = explode('@', $_POST['email']); list($v_account, $v_domain) = explode('@', $_POST['email']);
$v_domain = escapeshellarg($v_domain);
$v_account = escapeshellarg($v_account);
$v_password = $_POST['password']; $v_password = $_POST['password'];
// Get domain owner // Get domain owner
exec (VESTA_CMD."v-search-domain-owner ".$v_domain." 'mail'", $output, $return_var); $return_var = v_exec('v-search-domain-owner', [$v_domain, 'mail'], false, $output);
if ($return_var == 0) { if ($return_var == 0) {
$v_user = $output[0]; $v_user = strtok($output, "\n");
} }
unset($output);
// Get current md5 hash // Get current md5 hash
if (!empty($v_user)) { if (!empty($v_user)) {
exec (VESTA_CMD."v-get-mail-account-value '".$v_user."' ".$v_domain." ".$v_account." 'md5'", $output, $return_var); $return_var = v_exec('v-get-mail-account-value', [$v_user, $v_domain, $v_account, 'md5'], false, $output);
if ($return_var == 0) { if ($return_var == 0) {
$v_hash = $output[0]; $v_hash = strtok($output, "\n");
} }
} }
unset($output);
// Compare hashes // Compare hashes
if (!empty($v_hash)) { if (!empty($v_hash)) {
@ -134,9 +130,9 @@ if ((!empty($_POST['email'])) && (!empty($_POST['password'])) && (!empty($_POST[
$fp = fopen($v_new_password, "w"); $fp = fopen($v_new_password, "w");
fwrite($fp, $_POST['new']."\n"); fwrite($fp, $_POST['new']."\n");
fclose($fp); fclose($fp);
exec (VESTA_CMD."v-change-mail-account-password '".$v_user."' ".$v_domain." ".$v_account." ".$v_new_password, $output, $return_var); $return_var = v_exec('v-change-mail-account-password', [$v_user, $v_domain, $v_account, $v_new_password], false, $output);
if ($return_var == 0) { if ($return_var == 0) {
echo "ok"; echo 'ok';
exit; exit;
} }
} }

9
web/restart/service/index.php
View file

@ -8,18 +8,17 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
if ($_SESSION['user'] == 'admin') { if ($_SESSION['user'] == 'admin') {
if (!empty($_GET['srv'])) { if (!empty($_GET['srv'])) {
if ($_GET['srv'] == 'iptables') { if ($_GET['srv'] == 'iptables') {
exec (VESTA_CMD."v-update-firewall", $output, $return_var); $return_var = v_exec('v-update-firewall', [], false, $output);
} else { } else {
$v_service = escapeshellarg($_GET['srv']); $v_service = $_GET['srv'];
exec (VESTA_CMD."v-restart-service ".$v_service, $output, $return_var); $return_var = v_exec('v-restart-service', [$v_service], false, $output);
} }
} }
if ($return_var != 0) { if ($return_var != 0) {
$error = implode('<br>', $output); $error = implode('<br>', $output);
if (empty($error)) $error = __('SERVICE_ACTION_FAILED',__('restart'),$v_service); if (empty($error)) $error = __('SERVICE_ACTION_FAILED', __('restart'), htmlentities($_GET['srv']));
$_SESSION['error_msg'] = $error; $_SESSION['error_msg'] = $error;
} }
unset($output);
} }
header("Location: /list/server/"); header("Location: /list/server/");

4
web/restart/system/index.php
View file

@ -3,14 +3,14 @@
error_reporting(NULL); error_reporting(NULL);
ob_start(); ob_start();
session_start(); session_start();
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php"); include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
if ($_SESSION['user'] == 'admin') { if ($_SESSION['user'] == 'admin') {
if (!empty($_GET['hostname'])) { if (!empty($_GET['hostname'])) {
exec (VESTA_CMD."v-restart-system yes", $output, $return_var); v_exec('v-restart-system', ['yes'], false);
$_SESSION['error_msg'] = 'The system is going down for reboot NOW!'; $_SESSION['error_msg'] = 'The system is going down for reboot NOW!';
} }
unset($output);
} }
header("Location: /list/server/"); header("Location: /list/server/");

18
web/schedule/backup/index.php
View file

@ -5,21 +5,15 @@ ob_start();
session_start(); session_start();
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php"); include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
$v_username = escapeshellarg($user); $return_var = v_exec('v-schedule-user-backup', [$user]);
exec (VESTA_CMD."v-schedule-user-backup ".$v_username, $output, $return_var); switch ($return_var) {
if ($return_var == 0) { case 0:
$_SESSION['error_msg'] = __('BACKUP_SCHEDULED'); $_SESSION['error_msg'] = __('BACKUP_SCHEDULED');
} else { break;
$_SESSION['error_msg'] = implode('<br>', $output); case 4:
if (empty($_SESSION['error_msg'])) {
$_SESSION['error_msg'] = __('Error: vesta did not return any output.');
}
if ($return_var == 4) {
$_SESSION['error_msg'] = __('BACKUP_EXISTS'); $_SESSION['error_msg'] = __('BACKUP_EXISTS');
break;
} }
}
unset($output);
header("Location: /list/backup/"); header("Location: /list/backup/");
exit; exit;

31
web/schedule/restore/index.php
View file

@ -6,7 +6,7 @@ session_start();
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php"); include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
$backup = escapeshellarg($_GET['backup']); $backup = $_GET['backup'];
$web = 'no'; $web = 'no';
$dns = 'no'; $dns = 'no';
@ -15,30 +15,27 @@ $db = 'no';
$cron = 'no'; $cron = 'no';
$udir = 'no'; $udir = 'no';
if ($_GET['type'] == 'web') $web = escapeshellarg($_GET['object']); if ($_GET['type'] == 'web') $web = $_GET['object'];
if ($_GET['type'] == 'dns') $dns = escapeshellarg($_GET['object']); if ($_GET['type'] == 'dns') $dns = $_GET['object'];
if ($_GET['type'] == 'mail') $mail = escapeshellarg($_GET['object']); if ($_GET['type'] == 'mail') $mail = $_GET['object'];
if ($_GET['type'] == 'db') $db = escapeshellarg($_GET['object']); if ($_GET['type'] == 'db') $db = $_GET['object'];
if ($_GET['type'] == 'cron') $cron = 'yes'; if ($_GET['type'] == 'cron') $cron = 'yes';
if ($_GET['type'] == 'udir') $udir = escapeshellarg($_GET['object']); if ($_GET['type'] == 'udir') $udir = $_GET['object'];
if (!empty($_GET['type'])) { if (!empty($_GET['type'])) {
$restore_cmd = VESTA_CMD."v-schedule-user-restore ".$user." ".$backup." ".$web." ".$dns." ".$mail." ".$db." ".$cron." ".$udir; $restore_args = [$user, $backup, $web, $dns, $mail, $db, $cron, $udir];
} else { } else {
$restore_cmd = VESTA_CMD."v-schedule-user-restore ".$user." ".$backup; $restore_args = [$user, $backup];
} }
exec ($restore_cmd, $output, $return_var); $return_var = v_exec('v-schedule-user-restore', $restore_args);
if ($return_var == 0) { switch ($return_var) {
case 0:
$_SESSION['error_msg'] = __('RESTORE_SCHEDULED'); $_SESSION['error_msg'] = __('RESTORE_SCHEDULED');
} else { break;
$_SESSION['error_msg'] = implode('<br>', $output); case 4:
if (empty($_SESSION['error_msg'])) {
$_SESSION['error_msg'] = __('Error: vesta did not return any output.');
}
if ($return_var == 4) {
$_SESSION['error_msg'] = __('RESTORE_EXISTS'); $_SESSION['error_msg'] = __('RESTORE_EXISTS');
} break;
} }
header("Location: /list/backup/?backup=" . $_GET['backup']); header("Location: /list/backup/?backup=" . $_GET['backup']);

13
web/search/index.php
View file

@ -9,9 +9,9 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check query // Check query
$q = $_GET['q']; $q = $_GET['q'];
if (empty($q)) { if (empty($q)) {
$back=getenv("HTTP_REFERER"); $back = getenv('HTTP_REFERER');
if (!empty($back)) { if (!empty($back)) {
header("Location: ".$back); header("Location: $back");
exit; exit;
} }
header("Location: /"); header("Location: /");
@ -28,14 +28,13 @@ $lang = 'ru_RU.utf8';
//setlocale(LC_ALL, $lang); //setlocale(LC_ALL, $lang);
// Data // Data
$q = escapeshellarg($q);
if ($_SESSION['user'] == 'admin') { if ($_SESSION['user'] == 'admin') {
exec (VESTA_CMD."v-search-object ".$q." json", $output, $return_var); v_exec('v-search-object', [$q, 'json'], false, $output);
$data = json_decode(implode('', $output), true); $data = json_decode($output, true);
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_search.html'); include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_search.html');
} else { } else {
exec (VESTA_CMD."v-search-user-object ".$user." ".$q." json", $output, $return_var); v_exec('v-search-user-object', [$user, $q, 'json'], false, $output);
$data = json_decode(implode('', $output), true); $data = json_decode($output, true);
include($_SERVER['DOCUMENT_ROOT'].'/templates/user/list_search.html'); include($_SERVER['DOCUMENT_ROOT'].'/templates/user/list_search.html');
} }

9
web/start/service/index.php
View file

@ -8,18 +8,17 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
if ($_SESSION['user'] == 'admin') { if ($_SESSION['user'] == 'admin') {
if (!empty($_GET['srv'])) { if (!empty($_GET['srv'])) {
if ($_GET['srv'] == 'iptables') { if ($_GET['srv'] == 'iptables') {
exec (VESTA_CMD."v-update-firewall", $output, $return_var); $return_var = v_exec('v-update-firewall', [], false, $output);
} else { } else {
$v_service = escapeshellarg($_GET['srv']); $v_service = $_GET['srv'];
exec (VESTA_CMD."v-start-service ".$v_service, $output, $return_var); $return_var = v_exec('v-start-service', [$v_service], false, $output);
} }
} }
if ($return_var != 0) { if ($return_var != 0) {
$error = implode('<br>', $output); $error = implode('<br>', $output);
if (empty($error)) $error = __('SERVICE_ACTION_FAILED',__('start'),$v_service);; if (empty($error)) $error = __('SERVICE_ACTION_FAILED', __('start'), htmlentities($_GET['srv']));
$_SESSION['error_srv'] = $error; $_SESSION['error_srv'] = $error;
} }
unset($output);
} }
header("Location: /list/server/"); header("Location: /list/server/");

10
web/stop/service/index.php
View file

@ -8,18 +8,18 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
if ($_SESSION['user'] == 'admin') { if ($_SESSION['user'] == 'admin') {
if (!empty($_GET['srv'])) { if (!empty($_GET['srv'])) {
if ($_GET['srv'] == 'iptables') { if ($_GET['srv'] == 'iptables') {
exec (VESTA_CMD."v-stop-firewall", $output, $return_var); $return_var = v_exec('v-stop-firewall', [], false, $output);
} else { } else {
$v_service = escapeshellarg($_GET['srv']); $v_service = $_GET['srv'];
exec (VESTA_CMD."v-stop-service ".$v_service, $output, $return_var); $return_var = v_exec('v-stop-service', [$v_service], false, $output);
} }
} }
if ($return_var != 0) { if ($return_var != 0) {
$error = implode('<br>', $output); $error = implode('<br>', $output);
if (empty($error)) $error = __('SERVICE_ACTION_FAILED',__('stop'),$v_service); if (empty($error)) $error = __('SERVICE_ACTION_FAILED', __('stop'), htmlentities($_GET['srv']));
$_SESSION['error_srv'] = $error; $_SESSION['error_srv'] = $error;
} }
unset($output);
} }
header("Location: /list/server/"); header("Location: /list/server/");

14
web/suspend/cron/index.php
View file

@ -8,7 +8,7 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check token // Check token
if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) { if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
header('location: /login/'); header('location: /login/');
exit(); exit;
} }
// Check user // Check user
@ -16,20 +16,20 @@ if ($_SESSION['user'] != 'admin') {
header("Location: /list/user"); header("Location: /list/user");
exit; exit;
} }
if (!empty($_GET['user'])) { if (!empty($_GET['user'])) {
$user = $_GET['user']; $user = $_GET['user'];
} }
if (!empty($_GET['job'])) { if (!empty($_GET['job'])) {
$v_username = escapeshellarg($user); $v_username = $user;
$v_job = escapeshellarg($_GET['job']); $v_job = $_GET['job'];
exec (VESTA_CMD."v-suspend-cron-job ".$v_username." ".$v_job, $output, $return_var); v_exec('v-suspend-cron-job', [$v_username, $v_job]);
} }
check_return_code($return_var,$output);
unset($output);
$back = $_SESSION['back']; $back = $_SESSION['back'];
if (!empty($back)) { if (!empty($back)) {
header("Location: ".$back); header("Location: $back");
exit; exit;
} }

12
web/suspend/db/index.php
View file

@ -8,7 +8,7 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check token // Check token
if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) { if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
header('location: /login/'); header('location: /login/');
exit(); exit;
} }
// Check user // Check user
@ -22,16 +22,14 @@ if (!empty($_GET['user'])) {
} }
if (!empty($_GET['database'])) { if (!empty($_GET['database'])) {
$v_username = escapeshellarg($user); $v_username = $user;
$v_database = escapeshellarg($_GET['database']); $v_database = $_GET['database'];
exec (VESTA_CMD."v-suspend-database ".$v_username." ".$v_database, $output, $return_var); v_exec('v-suspend-database', [$v_username, $v_database]);
} }
check_return_code($return_var,$output);
unset($output);
$back = $_SESSION['back']; $back = $_SESSION['back'];
if (!empty($back)) { if (!empty($back)) {
header("Location: ".$back); header("Location: $back");
exit; exit;
} }

26
web/suspend/dns/index.php
View file

@ -8,7 +8,7 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check token // Check token
if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) { if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
header('location: /login/'); header('location: /login/');
exit(); exit;
} }
// Check user // Check user
@ -23,14 +23,12 @@ if (!empty($_GET['user'])) {
// DNS domain // DNS domain
if ((!empty($_GET['domain'])) && (empty($_GET['record_id']))) { if ((!empty($_GET['domain'])) && (empty($_GET['record_id']))) {
$v_username = escapeshellarg($user); $v_username = $user;
$v_domain = escapeshellarg($_GET['domain']); $v_domain = $_GET['domain'];
exec (VESTA_CMD."v-suspend-dns-domain ".$v_username." ".$v_domain, $output, $return_var); v_exec('v-suspend-dns-domain', [$v_username, $v_domain]);
check_return_code($return_var,$output);
unset($output);
$back = $_SESSION['back']; $back = $_SESSION['back'];
if (!empty($back)) { if (!empty($back)) {
header("Location: ".$back); header("Location: $back");
exit; exit;
} }
header("Location: /list/dns/"); header("Location: /list/dns/");
@ -39,15 +37,13 @@ if ((!empty($_GET['domain'])) && (empty($_GET['record_id']))) {
// DNS record // DNS record
if ((!empty($_GET['domain'])) && (!empty($_GET['record_id']))) { if ((!empty($_GET['domain'])) && (!empty($_GET['record_id']))) {
$v_username = escapeshellarg($user); $v_username = $user;
$v_domain = escapeshellarg($_GET['domain']); $v_domain = $_GET['domain'];
$v_record_id = escapeshellarg($_GET['record_id']); $v_record_id = $_GET['record_id'];
exec (VESTA_CMD."v-suspend-dns-record ".$v_username." ".$v_domain." ".$v_record_id, $output, $return_var); v_exec('v-suspend-dns-record', [$v_username, $v_domain, $v_record_id]);
check_return_code($return_var,$output);
unset($output);
$back = $_SESSION['back']; $back = $_SESSION['back'];
if (!empty($back)) { if (!empty($back)) {
header("Location: ".$back); header("Location: $back");
exit; exit;
} }
header("Location: /list/dns/?domain=".$_GET['domain']); header("Location: /list/dns/?domain=".$_GET['domain']);
@ -56,7 +52,7 @@ if ((!empty($_GET['domain'])) && (!empty($_GET['record_id']))) {
$back = $_SESSION['back']; $back = $_SESSION['back'];
if (!empty($back)) { if (!empty($back)) {
header("Location: ".$back); header("Location: $back");
exit; exit;
} }

Some files were not shown because too many files have changed in this diff Show more