[ { "path": ".editorconfig", "content": "root = true\n\n[*]\ncharset = utf-8\nend_of_line = lf\ninsert_final_newline = true\nindent_style = tab\nindent_size = 4\ntrim_trailing_whitespace = true\n\n[*.md]\ntrim_trailing_whitespace = false\n\n[*.{yml,yaml}]\nindent_style = space\nindent_size = 2\n\n[docker-compose.yml]\nindent_size = 4\n" }, { "path": ".github/CONTRIBUTING.md", "content": "# Contribution\n\nBefore you start working on a PR, contact us via [Discord](https://discord.froxlor.org) or the forum at [https://forum.froxlor.org](https://forum.froxlor.org) to get a clue whether someone else isn't already working on it or if we don not want/need this certain change. Of course, bugfixes are always welcome.\n\nPlease always focus on the **main** branch of our [Github repository](https://github.com/Froxlor/Froxlor).\n\n## Checklist\n\nGeneral rules for PRs are:\n\n* Please save us all some trouble and unnecessary round-trips by _testing_ your changes.\n* Re-write your commit history to provide a CLEAN history!\n * i.e. do not provide PRs which contain a commit that changes something, the next changes it back, a third one changes it again, only a little differently...\n\nThanks!\n\n### Service changes\n\nIf you make changes to the functionality of service configurations, please make sure your implementation covers all supported services and distributions.\n\n### l10n\n\nIf you add new language strings, please make sure you add the english fallback strings in `lng/en.php`.\n\n### New settings and database-layout changes\n\nIf you add new settings or implement database-changes, please make sure you add these to\n\n* `install/froxlor.sql.php`\n* handle the update (see [`install/updates/froxlor/update_2.x.inc.php`](https://github.com/Froxlor/Froxlor/blob/main/install/updates/froxlor/update_2.x.inc.php))\n* if you have any question on how update-process works, please contact us\n" }, { "path": ".github/FUNDING.yml", "content": "# These are supported funding model platforms\n\ngithub: d00p\ncustom: ['https://paypal.me/Froxlor']\n" }, { "path": ".github/ISSUE_TEMPLATE/bug_report.md", "content": "---\nname: Bug report\nabout: Create a report to help us improve\ntitle: ''\nlabels: ''\nassignees: ''\n\n---\n\n**As a rule of thumb: before reporting an issue**\n* see if it hasn't been [reported](https://github.com/Froxlor/froxlor/issues) (and possibly already been [fixed](https://github.com/Froxlor/froxlor/issues?utf8=✓&q=is:issue%20is:closed)) first\n* try with the git master\n\n**Describe the bug**\nA clear and concise description of what the bug is.\n\n**System information**\n* Froxlor version: \\$version/\\$gitSHA1\n* PHP sapi & version: php-fpm 8.3 / fcgid 8.0 / etc.\n* Web server: apache2/nginx\n* DNS server: Bind/PowerDNS (standalone)/PowerDNS (Bind-backend)\n* POP/IMAP server: Courier/Dovecot\n* SMTP server: postfix/exim\n* FTP server: proftpd/pureftpd\n* OS/Version: ...\n\n**To Reproduce**\nSteps to reproduce the behavior:\n1. Go to '...'\n2. Click on '....'\n3. Scroll down to '....'\n4. See error\n\n**Expected behavior**\nA clear and concise description of what you expected to happen.\n\n**Logfiles**\nIf applicable, add log-entries to help explain your problem.\n\n**Additional context**\nAdd any other context about the problem here.\n" }, { "path": ".github/ISSUE_TEMPLATE/feature_request.md", "content": "---\nname: Feature request\nabout: Suggest an idea for this project\ntitle: ''\nlabels: ''\nassignees: ''\n\n---\n\n**Is your feature request related to a problem? Please describe.**\nA clear and concise description of what the problem is. Ex. I'm always frustrated when [...]\n\n**Describe the solution you'd like**\nA clear and concise description of what you want to happen.\n\n**Describe alternatives you've considered**\nA clear and concise description of any alternative solutions or features you've considered.\n\n**Additional context**\nAdd any other context or screenshots about the feature request here.\n" }, { "path": ".github/ISSUE_TEMPLATE.md", "content": "# Bug report vs. support request\n\nIf you're unsure of whether your problem is a bug or a configuration error\n* contact us via IRC in #froxlor on irc.libera.chat\n* or post a thread in our forum at https://forum.froxlor.org\n\nAs a rule of thumb: before reporting an issue\n\n* see if it hasn't been [reported](https://github.com/Froxlor/froxlor/issues) (and possibly already been [fixed](https://github.com/Froxlor/froxlor/issues?utf8=✓&q=is:issue%20is:closed)) first\n* try with the git master\n\n# Summary\n\nPlease provide a concise summary of the problem you're experiencing...\n\n# System information\n\n* Froxlor version: $version/$gitSHA1\n* PHP sapi & version: php-fpm 8.3 / fcgid 8.0 / etc.\n* Web server: apache2/nginx\n* DNS server: Bind/PowerDNS (standalone)/PowerDNS (Bind-backend)\n* POP/IMAP server: Courier/Dovecot\n* SMTP server: postfix/exim\n* FTP server: proftpd/pureftpd\n* OS/Version: ...\n\n# Steps to reproduce\n\n1.\n2.\n3.\n\n# Expected behavior\n\n1.\n2.\n3.\n\n# Actual behavior\n\n1.\n2.\n3.\n\n# Log files/log entries\n\nsyslog:\n
\nexample\n
\n" }, { "path": ".github/LICENSE_HEADER", "content": "/**\n * This file is part of the froxlor project.\n * Copyright (c) 2010 the froxlor Team (see authors).\n *\n * This program is free software; you can redistribute it and/or\n * modify it under the terms of the GNU General Public License\n * as published by the Free Software Foundation; either version 2\n * of the License, or (at your option) any later version.\n *\n * This program is distributed in the hope that it will be useful,\n * but WITHOUT ANY WARRANTY; without even the implied warranty of\n * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n * GNU General Public License for more details.\n *\n * You should have received a copy of the GNU General Public License\n * along with this program; if not, you can also view it online at\n * https://files.froxlor.org/misc/COPYING.txt\n *\n * @copyright the authors\n * @author froxlor team \n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n" }, { "path": ".github/PULL_REQUEST_TEMPLATE.md", "content": "# Description\n\nPlease include a summary of the change and which issue is fixed if any. Please also include relevant motivation and context. List any dependencies that are required for this change.\n\nFixes # (issue)\n\n## Type of change\n\nPlease delete options that are not relevant.\n\n- [ ] Bug fix (non-breaking change which fixes an issue)\n- [ ] New feature (non-breaking change which adds functionality)\n- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)\n- [ ] This change requires a documentation update\n\n# How Has This Been Tested?\n\nPlease describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration\n\n- [ ] Test A\n- [ ] Test B\n\n**Test Configuration**:\n\n* Distribution:\n* Webserver:\n* PHP:\n* etc.etc.:\n\n# Checklist:\n\n- [ ] I have performed a self-review of my own code\n- [ ] I have commented my code, particularly in hard-to-understand areas\n- [ ] I have made corresponding changes to the documentation\n- [ ] My changes generate no new warnings\n- [ ] I have added tests that prove my fix is effective or that my feature works\n- [ ] New and existing unit tests pass locally with my changes\n" }, { "path": ".github/workflows/build-docs.yml", "content": "name: build-documentation\n\non:\n release:\n # only run for stable releases\n types: [released]\n\njobs:\n build_docs:\n runs-on: ubuntu-latest\n steps:\n - env:\n GITHUB_TOKEN: ${{ secrets.ORG_GITHUB_TOKEN }}\n run: |\n gh workflow run --repo Froxlor/Documentation build-and-deploy.yml -f type=tags -f ref=${{github.ref_name}}\n" }, { "path": ".github/workflows/build-mariadb.yml", "content": "name: Froxlor-CI-MariaDB\non: [ 'push', 'pull_request', 'create' ]\n\njobs:\n froxlor:\n name: Froxlor (PHP ${{ matrix.php-versions }}, MariaDB ${{ matrix.mariadb-version }})\n runs-on: ubuntu-latest\n strategy:\n fail-fast: false\n matrix:\n php-versions: [ '7.4', '8.4' ]\n mariadb-version: [ 10.11, 11.7 ]\n steps:\n - name: Checkout\n uses: actions/checkout@v4\n\n - name: Setup PHP, with composer and extensions\n uses: shivammathur/setup-php@v2\n with:\n php-version: ${{ matrix.php-versions }}\n tools: composer:v2\n extensions: mbstring, xml, ctype, pdo_mysql, mysql, curl, json, zip, session, filter, posix, openssl, fileinfo, bcmath, gmp\n\n - name: Install tools\n run: sudo apt-get install -y ant\n\n - name: Adjust firewall\n run: |\n sudo ufw allow out 3306/tcp\n sudo ufw allow in 3306/tcp\n\n - name: Setup MariaDB\n uses: shogo82148/actions-setup-mysql@v1.47.0\n with:\n distribution: \"mariadb\"\n mysql-version: ${{ matrix.mariadb-version }}\n root-password: 'fr0xl0r.TravisCI'\n user: 'froxlor010'\n password: 'fr0xl0r.TravisCI'\n\n - name: Wait for database\n run: sleep 15\n\n - name: Setup databases\n run: |\n mysql -h 127.0.0.1 --protocol=TCP -u root -pfr0xl0r.TravisCI -e \"CREATE DATABASE froxlor010;\"\n php -r \"echo include('install/froxlor.sql.php');\" > /tmp/froxlor.sql\n mysql -h 127.0.0.1 --protocol=TCP -u root -pfr0xl0r.TravisCI froxlor010 < /tmp/froxlor.sql\n\n - name: Run testing\n run: ant quick-build\n\n nightly:\n name: Create nightly/testing tarball\n runs-on: ubuntu-latest\n needs: froxlor\n if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}\n\n steps:\n - name: Checkout\n uses: actions/checkout@v4\n\n - name: Setup PHP with PECL extension\n uses: shivammathur/setup-php@v2\n with:\n php-version: '7.4'\n tools: composer:v2\n extensions: mbstring, xml, ctype, pdo_mysql, mysql, curl, json, zip, session, filter, posix, openssl, fileinfo, bcmath, gmp, gnupg\n\n - name: Install composer dependencies\n run: composer install --no-dev\n\n - name: Install Node.js\n uses: actions/setup-node@v5\n with:\n node-version: '22.x'\n\n - name: Install npm dependencies\n run: npm install\n\n - name: Build assets\n run: npm run build\n working-directory: .\n\n - name: Setting file/directory permissions\n run: |\n find -exec chmod ugo+r,u+w,go-w {} \\;\n find -type f -exec chmod ugo-x {} \\;\n find -type d -exec chmod ugo+x {} \\;\n chmod 0755 bin/froxlor-cli\n\n - name: Remove vcs and unneeded files\n run: |\n rm .gitignore\n rm .editorconfig\n rm -rf node_modules\n rm composer.json\n rm composer.lock\n rm package.json\n rm package-lock.json\n rm *.xml\n rm vite.config.js\n\n - name: Create empty index.html in built assets directory\n run: |\n touch templates/Froxlor/build/index.html\n touch templates/Froxlor/build/assets/index.html\n\n - name: Set outputs\n id: vars\n run: echo \"sha_short=$(git rev-parse --short HEAD)\" >> $GITHUB_OUTPUT\n\n - name: Set nightly branding\n run: |\n sed -i \"s/const BRANDING = '';/const BRANDING = '+nightly.${{steps.vars.outputs.sha_short}}';/\" lib/Froxlor/Froxlor.php\n zip -r froxlor-nightly.${{steps.vars.outputs.sha_short}}.zip . -x \"*.git*\"\n sha256sum froxlor-nightly.${{steps.vars.outputs.sha_short}}.zip > froxlor-nightly.${{steps.vars.outputs.sha_short}}.zip.sha256\n mkdir dist\n mv froxlor-nightly.${{steps.vars.outputs.sha_short}}.zip dist/\n mv froxlor-nightly.${{steps.vars.outputs.sha_short}}.zip.sha256 dist/\n\n - name: Deploy nightly to server\n uses: easingthemes/ssh-deploy@main\n with:\n ARGS: \"-rltDzvO --chown=${{ secrets.WEB_USER }}:${{ secrets.WEB_USER }}\"\n SOURCE: \"dist/\"\n SSH_PRIVATE_KEY: ${{ secrets.SERVER_SSH_KEY }}\n REMOTE_HOST: ${{ secrets.REMOTE_HOST }}\n REMOTE_USER: ${{ secrets.REMOTE_USER }}\n TARGET: \"${{ secrets.REMOTE_TARGET }}\"\n" }, { "path": ".github/workflows/build-mysql.yml", "content": "name: Froxlor-CI-MySQL\non: ['push', 'pull_request', 'create']\n\njobs:\n froxlor:\n name: Froxlor (PHP ${{ matrix.php-versions }}, MySQL ${{ matrix.mysql-version }})\n runs-on: ubuntu-latest\n strategy:\n fail-fast: false\n matrix:\n php-versions: ['7.4', '8.4']\n mysql-version: [8.4, 5.7]\n steps:\n - name: Checkout\n uses: actions/checkout@v4\n\n - name: Setup PHP, with composer and extensions\n uses: shivammathur/setup-php@v2\n with:\n php-version: ${{ matrix.php-versions }}\n tools: composer:v2\n extensions: mbstring, xml, ctype, pdo_mysql, mysql, curl, json, zip, session, filter, posix, openssl, fileinfo, bcmath, gmp\n\n - name: Install tools\n run: sudo apt-get install -y ant\n\n - name: Adjust firewall\n run: |\n sudo ufw allow out 3306/tcp\n sudo ufw allow in 3306/tcp\n\n - name: Setup MySQL\n uses: shogo82148/actions-setup-mysql@v1.47.0\n with:\n mysql-version: ${{ matrix.mysql-version }}\n root-password: 'fr0xl0r.TravisCI'\n user: 'froxlor010'\n password: 'fr0xl0r.TravisCI'\n\n - name: Wait for database\n run: sleep 15\n\n - name: Setup database\n run: |\n mysql -h 127.0.0.1 --protocol=TCP -u root -pfr0xl0r.TravisCI -e \"CREATE DATABASE froxlor010;\"\n php -r \"echo include('install/froxlor.sql.php');\" > /tmp/froxlor.sql\n mysql -h 127.0.0.1 --protocol=TCP -u root -pfr0xl0r.TravisCI froxlor010 < /tmp/froxlor.sql\n\n - name: Run testing\n run: ant quick-build\n" }, { "path": ".gitignore", "content": "install/update.log\ninstall/*.json\nlib/userdata.inc.php\nlib/userdata.inc.php.bak\nlib/config.inc.php\nlogs/*\n!logs/index.html\n.buildpath\n.project\n.settings/\n.test/\n*.diff\n*.patch\n*~\n.well-known\n.idea\n.DS_Store\n*.iml\nimg/\nvendor/\nnode_modules/\nfonts/\ntemplates/*\n!templates/index.html\n!templates/Froxlor/\ntemplates/Froxlor/build/\ntemplates/Froxlor/hot\n!templates/misc/\n" }, { "path": "2fa.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nif (!defined('AREA')) {\n\theader(\"Location: index.php\");\n\texit();\n}\n\nuse Froxlor\\Database\\Database;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\FroxlorTwoFactorAuth;\nuse Froxlor\\Settings;\nuse Froxlor\\UI\\Panel\\UI;\nuse Froxlor\\UI\\Request;\nuse Froxlor\\UI\\Response;\nuse Froxlor\\PhpHelper;\nuse Froxlor\\User;\n\nif (Settings::Get('2fa.enabled') != '1') {\n\tResponse::dynamicError('2fa.2fa_not_activated');\n}\n\n// This file is being included in admin_index and customer_index\n// and therefore does not need to require lib/init.php\nif (AREA == 'admin') {\n\t$upd_stmt = Database::prepare(\"UPDATE `\" . TABLE_PANEL_ADMINS . \"` SET `type_2fa` = :t2fa, `data_2fa` = :d2fa WHERE adminid = :id\");\n\t$uid = $userinfo['adminid'];\n} elseif (AREA == 'customer') {\n\t$upd_stmt = Database::prepare(\"UPDATE `\" . TABLE_PANEL_CUSTOMERS . \"` SET `type_2fa` = :t2fa, `data_2fa` = :d2fa WHERE customerid = :id\");\n\t$uid = $userinfo['customerid'];\n}\n$success_message = \"\";\n\n$tfa = new FroxlorTwoFactorAuth('Froxlor ' . Settings::Get('system.hostname'));\n\n// do the delete and then just show a success-message\nif ($action == 'delete') {\n\tDatabase::pexecute($upd_stmt, [\n\t\t't2fa' => 0,\n\t\t'd2fa' => \"\",\n\t\t'id' => $uid\n\t]);\n\tResponse::standardSuccess('2fa.2fa_removed');\n} elseif ($action == 'preadd') {\n\t$type = Request::post('type_2fa', '0');\n\n\t$data = \"\";\n\tif ($type > 0) {\n\t\t// generate secret for TOTP\n\t\t$data = $tfa->createSecret();\n\n\t\t$userinfo['type_2fa'] = $type;\n\t\t$userinfo['data_2fa'] = $data;\n\t\t$userinfo['2fa_unsaved'] = true;\n\n\t\t// if type = email, send a code there for confirmation\n\t\tif ($type == 1) {\n\t\t\t$code = $tfa->getCode($data);\n\t\t\t$_mailerror = false;\n\t\t\t$mailerr_msg = \"\";\n\t\t\t$replace_arr = [\n\t\t\t\t'CODE' => $code\n\t\t\t];\n\t\t\t$mail_body = html_entity_decode(PhpHelper::replaceVariables(lng('mails.2fa.mailbody'), $replace_arr));\n\n\t\t\ttry {\n\t\t\t\t$mail->Subject = lng('mails.2fa.subject');\n\t\t\t\t$mail->AltBody = $mail_body;\n\t\t\t\t$mail->MsgHTML(str_replace(\"\\n\", \"
\", $mail_body));\n\t\t\t\t$mail->AddAddress($userinfo['email'], User::getCorrectUserSalutation($userinfo));\n\t\t\t\t$mail->Send();\n\t\t\t} catch (\\PHPMailer\\PHPMailer\\Exception $e) {\n\t\t\t\t$mailerr_msg = $e->errorMessage();\n\t\t\t\t$_mailerror = true;\n\t\t\t} catch (Exception $e) {\n\t\t\t\t$mailerr_msg = $e->getMessage();\n\t\t\t\t$_mailerror = true;\n\t\t\t}\n\n\t\t\tif ($_mailerror) {\n\t\t\t\tResponse::dynamicError($mailerr_msg);\n\t\t\t}\n\t\t}\n\t\tUI::twig()->addGlobal('userinfo', $userinfo);\n\t} else {\n\t\tResponse::dynamicError('Select one of the possible values for 2FA');\n\t}\n} elseif ($action == 'add') {\n\t$type = Request::post('type_2fa', '0');\n\t$data = Request::post('data_2fa', '');\n\t$code = Request::post('codevalidation', '');\n\n\t// validate\n\t$result = $tfa->verifyCode($data, $code, 3);\n\n\tif ($result) {\n\t\tif ($type == 0 || $type == 1) {\n\t\t\t// no fixed secret for email validation, the validation code will be set on the fly\n\t\t\t$data = \"\";\n\t\t}\n\t\tDatabase::pexecute($upd_stmt, [\n\t\t\t't2fa' => $type,\n\t\t\t'd2fa' => $data,\n\t\t\t'id' => $uid\n\t\t]);\n\t\tResponse::standardSuccess('2fa.2fa_added', $filename);\n\t}\n\tResponse::dynamicError('Invalid/wrong code');\n}\n\n$log->logAction(FroxlorLogger::USR_ACTION, LOG_NOTICE, \"viewed 2fa::overview\");\n\n$type_select_values = [];\n$ga_qrcode = '';\nif ($userinfo['type_2fa'] == '0') {\n\t// available types\n\t$type_select_values = [\n\t\t0 => '-',\n\t\t1 => 'E-Mail',\n\t\t2 => 'Authenticator'\n\t];\n\tasort($type_select_values);\n} elseif ($userinfo['type_2fa'] == '1') {\n\t// email 2fa enabled\n} elseif ($userinfo['type_2fa'] == '2') {\n\t// authenticator 2fa enabled\n\t$ga_qrcode = $tfa->getQRCodeImageAsDataUri($userinfo['loginname'], $userinfo['data_2fa']);\n}\n\nUI::view('user/2fa.html.twig', [\n\t'type_select_values' => $type_select_values,\n\t'ga_qrcode' => $ga_qrcode\n]);\n" }, { "path": "COPYING", "content": "\t\t GNU GENERAL PUBLIC LICENSE\n\t\t Version 2, June 1991\n\n Copyright (C) 1989, 1991 Free Software Foundation, Inc.\n 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA\n Everyone is permitted to copy and distribute verbatim copies\n of this license document, but changing it is not allowed.\n\n\t\t\t Preamble\n\n The licenses for most software are designed to take away your\nfreedom to share and change it. By contrast, the GNU General Public\nLicense is intended to guarantee your freedom to share and change free\nsoftware--to make sure the software is free for all its users. This\nGeneral Public License applies to most of the Free Software\nFoundation's software and to any other program whose authors commit to\nusing it. (Some other Free Software Foundation software is covered by\nthe GNU Library General Public License instead.) You can apply it to\nyour programs, too.\n\n When we speak of free software, we are referring to freedom, not\nprice. Our General Public Licenses are designed to make sure that you\nhave the freedom to distribute copies of free software (and charge for\nthis service if you wish), that you receive source code or can get it\nif you want it, that you can change the software or use pieces of it\nin new free programs; and that you know you can do these things.\n\n To protect your rights, we need to make restrictions that forbid\nanyone to deny you these rights or to ask you to surrender the rights.\nThese restrictions translate to certain responsibilities for you if you\ndistribute copies of the software, or if you modify it.\n\n For example, if you distribute copies of such a program, whether\ngratis or for a fee, you must give the recipients all the rights that\nyou have. You must make sure that they, too, receive or can get the\nsource code. And you must show them these terms so they know their\nrights.\n\n We protect your rights with two steps: (1) copyright the software, and\n(2) offer you this license which gives you legal permission to copy,\ndistribute and/or modify the software.\n\n Also, for each author's protection and ours, we want to make certain\nthat everyone understands that there is no warranty for this free\nsoftware. If the software is modified by someone else and passed on, we\nwant its recipients to know that what they have is not the original, so\nthat any problems introduced by others will not reflect on the original\nauthors' reputations.\n\n Finally, any free program is threatened constantly by software\npatents. We wish to avoid the danger that redistributors of a free\nprogram will individually obtain patent licenses, in effect making the\nprogram proprietary. To prevent this, we have made it clear that any\npatent must be licensed for everyone's free use or not licensed at all.\n\n The precise terms and conditions for copying, distribution and\nmodification follow.\n\f\n\t\t GNU GENERAL PUBLIC LICENSE\n TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION\n\n 0. This License applies to any program or other work which contains\na notice placed by the copyright holder saying it may be distributed\nunder the terms of this General Public License. The \"Program\", below,\nrefers to any such program or work, and a \"work based on the Program\"\nmeans either the Program or any derivative work under copyright law:\nthat is to say, a work containing the Program or a portion of it,\neither verbatim or with modifications and/or translated into another\nlanguage. (Hereinafter, translation is included without limitation in\nthe term \"modification\".) Each licensee is addressed as \"you\".\n\nActivities other than copying, distribution and modification are not\ncovered by this License; they are outside its scope. The act of\nrunning the Program is not restricted, and the output from the Program\nis covered only if its contents constitute a work based on the\nProgram (independent of having been made by running the Program).\nWhether that is true depends on what the Program does.\n\n 1. You may copy and distribute verbatim copies of the Program's\nsource code as you receive it, in any medium, provided that you\nconspicuously and appropriately publish on each copy an appropriate\ncopyright notice and disclaimer of warranty; keep intact all the\nnotices that refer to this License and to the absence of any warranty;\nand give any other recipients of the Program a copy of this License\nalong with the Program.\n\nYou may charge a fee for the physical act of transferring a copy, and\nyou may at your option offer warranty protection in exchange for a fee.\n\n 2. You may modify your copy or copies of the Program or any portion\nof it, thus forming a work based on the Program, and copy and\ndistribute such modifications or work under the terms of Section 1\nabove, provided that you also meet all of these conditions:\n\n a) You must cause the modified files to carry prominent notices\n stating that you changed the files and the date of any change.\n\n b) You must cause any work that you distribute or publish, that in\n whole or in part contains or is derived from the Program or any\n part thereof, to be licensed as a whole at no charge to all third\n parties under the terms of this License.\n\n c) If the modified program normally reads commands interactively\n when run, you must cause it, when started running for such\n interactive use in the most ordinary way, to print or display an\n announcement including an appropriate copyright notice and a\n notice that there is no warranty (or else, saying that you provide\n a warranty) and that users may redistribute the program under\n these conditions, and telling the user how to view a copy of this\n License. (Exception: if the Program itself is interactive but\n does not normally print such an announcement, your work based on\n the Program is not required to print an announcement.)\n\f\nThese requirements apply to the modified work as a whole. If\nidentifiable sections of that work are not derived from the Program,\nand can be reasonably considered independent and separate works in\nthemselves, then this License, and its terms, do not apply to those\nsections when you distribute them as separate works. But when you\ndistribute the same sections as part of a whole which is a work based\non the Program, the distribution of the whole must be on the terms of\nthis License, whose permissions for other licensees extend to the\nentire whole, and thus to each and every part regardless of who wrote it.\n\nThus, it is not the intent of this section to claim rights or contest\nyour rights to work written entirely by you; rather, the intent is to\nexercise the right to control the distribution of derivative or\ncollective works based on the Program.\n\nIn addition, mere aggregation of another work not based on the Program\nwith the Program (or with a work based on the Program) on a volume of\na storage or distribution medium does not bring the other work under\nthe scope of this License.\n\n 3. You may copy and distribute the Program (or a work based on it,\nunder Section 2) in object code or executable form under the terms of\nSections 1 and 2 above provided that you also do one of the following:\n\n a) Accompany it with the complete corresponding machine-readable\n source code, which must be distributed under the terms of Sections\n 1 and 2 above on a medium customarily used for software interchange; or,\n\n b) Accompany it with a written offer, valid for at least three\n years, to give any third party, for a charge no more than your\n cost of physically performing source distribution, a complete\n machine-readable copy of the corresponding source code, to be\n distributed under the terms of Sections 1 and 2 above on a medium\n customarily used for software interchange; or,\n\n c) Accompany it with the information you received as to the offer\n to distribute corresponding source code. (This alternative is\n allowed only for noncommercial distribution and only if you\n received the program in object code or executable form with such\n an offer, in accord with Subsection b above.)\n\nThe source code for a work means the preferred form of the work for\nmaking modifications to it. For an executable work, complete source\ncode means all the source code for all modules it contains, plus any\nassociated interface definition files, plus the scripts used to\ncontrol compilation and installation of the executable. However, as a\nspecial exception, the source code distributed need not include\nanything that is normally distributed (in either source or binary\nform) with the major components (compiler, kernel, and so on) of the\noperating system on which the executable runs, unless that component\nitself accompanies the executable.\n\nIf distribution of executable or object code is made by offering\naccess to copy from a designated place, then offering equivalent\naccess to copy the source code from the same place counts as\ndistribution of the source code, even though third parties are not\ncompelled to copy the source along with the object code.\n\f\n 4. You may not copy, modify, sublicense, or distribute the Program\nexcept as expressly provided under this License. Any attempt\notherwise to copy, modify, sublicense or distribute the Program is\nvoid, and will automatically terminate your rights under this License.\nHowever, parties who have received copies, or rights, from you under\nthis License will not have their licenses terminated so long as such\nparties remain in full compliance.\n\n 5. You are not required to accept this License, since you have not\nsigned it. However, nothing else grants you permission to modify or\ndistribute the Program or its derivative works. These actions are\nprohibited by law if you do not accept this License. Therefore, by\nmodifying or distributing the Program (or any work based on the\nProgram), you indicate your acceptance of this License to do so, and\nall its terms and conditions for copying, distributing or modifying\nthe Program or works based on it.\n\n 6. Each time you redistribute the Program (or any work based on the\nProgram), the recipient automatically receives a license from the\noriginal licensor to copy, distribute or modify the Program subject to\nthese terms and conditions. You may not impose any further\nrestrictions on the recipients' exercise of the rights granted herein.\nYou are not responsible for enforcing compliance by third parties to\nthis License.\n\n 7. If, as a consequence of a court judgment or allegation of patent\ninfringement or for any other reason (not limited to patent issues),\nconditions are imposed on you (whether by court order, agreement or\notherwise) that contradict the conditions of this License, they do not\nexcuse you from the conditions of this License. If you cannot\ndistribute so as to satisfy simultaneously your obligations under this\nLicense and any other pertinent obligations, then as a consequence you\nmay not distribute the Program at all. For example, if a patent\nlicense would not permit royalty-free redistribution of the Program by\nall those who receive copies directly or indirectly through you, then\nthe only way you could satisfy both it and this License would be to\nrefrain entirely from distribution of the Program.\n\nIf any portion of this section is held invalid or unenforceable under\nany particular circumstance, the balance of the section is intended to\napply and the section as a whole is intended to apply in other\ncircumstances.\n\nIt is not the purpose of this section to induce you to infringe any\npatents or other property right claims or to contest validity of any\nsuch claims; this section has the sole purpose of protecting the\nintegrity of the free software distribution system, which is\nimplemented by public license practices. Many people have made\ngenerous contributions to the wide range of software distributed\nthrough that system in reliance on consistent application of that\nsystem; it is up to the author/donor to decide if he or she is willing\nto distribute software through any other system and a licensee cannot\nimpose that choice.\n\nThis section is intended to make thoroughly clear what is believed to\nbe a consequence of the rest of this License.\n\f\n 8. If the distribution and/or use of the Program is restricted in\ncertain countries either by patents or by copyrighted interfaces, the\noriginal copyright holder who places the Program under this License\nmay add an explicit geographical distribution limitation excluding\nthose countries, so that distribution is permitted only in or among\ncountries not thus excluded. In such case, this License incorporates\nthe limitation as if written in the body of this License.\n\n 9. The Free Software Foundation may publish revised and/or new versions\nof the General Public License from time to time. Such new versions will\nbe similar in spirit to the present version, but may differ in detail to\naddress new problems or concerns.\n\nEach version is given a distinguishing version number. If the Program\nspecifies a version number of this License which applies to it and \"any\nlater version\", you have the option of following the terms and conditions\neither of that version or of any later version published by the Free\nSoftware Foundation. If the Program does not specify a version number of\nthis License, you may choose any version ever published by the Free Software\nFoundation.\n\n 10. If you wish to incorporate parts of the Program into other free\nprograms whose distribution conditions are different, write to the author\nto ask for permission. For software which is copyrighted by the Free\nSoftware Foundation, write to the Free Software Foundation; we sometimes\nmake exceptions for this. Our decision will be guided by the two goals\nof preserving the free status of all derivatives of our free software and\nof promoting the sharing and reuse of software generally.\n\n\t\t\t NO WARRANTY\n\n 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY\nFOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN\nOTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES\nPROVIDE THE PROGRAM \"AS IS\" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED\nOR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF\nMERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS\nTO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE\nPROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,\nREPAIR OR CORRECTION.\n\n 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING\nWILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR\nREDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,\nINCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING\nOUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED\nTO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY\nYOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER\nPROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE\nPOSSIBILITY OF SUCH DAMAGES.\n\n\t\t END OF TERMS AND CONDITIONS\n" }, { "path": "README.md", "content": "[![Froxlor-CI](https://github.com/Froxlor/Froxlor/actions/workflows/build-mariadb.yml/badge.svg?branch=main)](https://github.com/Froxlor/Froxlor/actions/workflows/build-mariadb.yml)\n[![Froxlor-CI](https://github.com/Froxlor/Froxlor/actions/workflows/build-mysql.yml/badge.svg?branch=main)](https://github.com/Froxlor/Froxlor/actions/workflows/build-mysql.yml)\n[![Discord](https://badgen.net/badge/icon/discord?icon=discord&label)](https://discord.froxlor.org)\n\n# Froxlor\n\nThe server administration software for your needs.\nDeveloped by experienced server administrators, this panel simplifies the effort of managing your hosting platform.\n\n## Installation\n\n### Fast install\n\n1. Ensure that your webserver serves /var/www/html\n2. Extract froxlor into /var/www/html\n3. Point your browser to http://[ip-of-webserver]/froxlor\n4. Follow the installer\n5. Login as administrator\n6. Have fun!\n\nIf you have chosen to do the configuration by hand during the installation, you have to complete some more steps:\n\n1. Adjust \"System > Settings\" according to your needs\n2. Choose your distribution under \"System > Configuration\"\n3. Follow the steps for your services\n\n### Detailed installation\n\nhttps://docs.froxlor.org/latest/general/installation/\n\n## Help\n\nYou may find help in the following places:\n\n### Discord\n\nThe froxlor community discord server can be found here: https://discord.froxlor.org\n\n### Forum\n\nThe community is located on https://forum.froxlor.org/\n\n### Documentation\n\nThe documentation may be found at https://docs.froxlor.org/\n\n## License\n\nMay be found in [COPYING](COPYING)\n\n## Downloads\n\n### Tarball\n\nhttps://files.froxlor.org/releases/froxlor-latest.tar.gz [MD5](https://files.froxlor.org/releases/froxlor-latest.tar.gz.md5) [SHA1](https://files.froxlor.org/releases/froxlor-latest.tar.gz.sha1)\n\n### Debian / Ubuntu repository\n\n[HowTo](https://docs.froxlor.org/latest/general/installation/apt-package.html)\n\n#### Debian\n\n```\napt -y install apt-transport-https lsb-release ca-certificates curl gnupg\ncurl -sSLo /usr/share/keyrings/deb.froxlor.org-froxlor.gpg https://deb.froxlor.org/froxlor.gpg\nsh -c 'echo \"deb [signed-by=/usr/share/keyrings/deb.froxlor.org-froxlor.gpg] https://deb.froxlor.org/debian $(lsb_release -sc) main\" > /etc/apt/sources.list.d/froxlor.list'\n```\n\n#### Ubuntu\n\n```\napt -y install apt-transport-https lsb-release ca-certificates curl gnupg\ncurl -sSLo /usr/share/keyrings/deb.froxlor.org-froxlor.gpg https://deb.froxlor.org/froxlor.gpg\nsh -c 'echo \"deb [signed-by=/usr/share/keyrings/deb.froxlor.org-froxlor.gpg] https://deb.froxlor.org/ubuntu $(lsb_release -sc) main\" > /etc/apt/sources.list.d/froxlor.list'\n```\n\n## Contributing\n\n[see here](.github/CONTRIBUTING.md)\n" }, { "path": "SECURITY.md", "content": "# froxlor's Security Policy\n\nWelcome and thanks for taking interest in [froxlor](https://www.froxlor.org)!\n\nWe are mostly interested in reports by actual froxlor users but all high quality contributions are welcome.\n\nPlease try your best to describe a clear and realistic impact for your report and please don't open any public issues on GitHub or social media, we're doing our best to respond through huntr as quickly as we can.\n\nWith that, good luck hacking us ;)\n\n## Supported versions\n\n- ️✅ **2.3.x** (`main` and `v2.3` git-branch)\n- ️❌ <=2.2.x\n- ❌ other git-branches\n\n## Qualifying Vulnerabilities\n\n### Vulnerabilities we really care about\n- SQL injection bugs\n- server-side code execution bugs\n- cross-site scripting vulnerabilities\n- cross-site request forgery vulnerabilities\n- authentication and authorization flaws\n- sensitive information disclosure\n\n### Vulnerabilities we accept\n\nOnly reproducible issues on a default/clean setup from the latest stable release of a supported version will be accepted.\n\n## Non-Qualifying Vulnerabilities\n\n- Reports from automated tools or scanners\n- Theoretical attacks without proof of exploitability\n- Attacks that are the result of a third party library should be reported to the library maintainers\n- Social engineering\n- Attacks that require disabling security features or reducing the security level of the environment\n- Exploits by an admin user itself (privileged user and implicitly trusted)\n- Reflected file download\n- Physical attacks\n- Weak SSL/TLS/SSH algorithms or protocols\n- Attacks involving physical access to a user’s device, or involving a device or network that’s already seriously compromised (eg man-in-the-middle).\n- The user attacks themselves\n- anything in `/doc`\n- anything in `/tests`\n\n## Reporting a Vulnerability\n\nIf you think you have found a vulnerability in froxlor, please head over to [https://github.com/Froxlor/Froxlor/security/advisories](https://github.com/Froxlor/Froxlor/security/advisories/new) and use the reporting possibilities there. Also, please give us appropriate time to fix the issue and build update-packages before publishing anything into the wild. Alternatively you can email us to [team@froxlor.org](team@froxlor.org).\n" }, { "path": "actions/admin/index.html", "content": "" }, { "path": "actions/admin/settings/100.panel.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nreturn [\n\t'groups' => [\n\t\t'panel' => [\n\t\t\t'title' => lng('admin.panelsettings'),\n\t\t\t'icon' => 'fa-solid fa-chalkboard-user',\n\t\t\t'fields' => [\n\t\t\t\t'panel_standardlanguage' => [\n\t\t\t\t\t'label' => [\n\t\t\t\t\t\t'title' => lng('login.language'),\n\t\t\t\t\t\t'description' => lng('serversettings.language.description')\n\t\t\t\t\t],\n\t\t\t\t\t'settinggroup' => 'panel',\n\t\t\t\t\t'varname' => 'standardlanguage',\n\t\t\t\t\t'type' => 'select',\n\t\t\t\t\t'default' => 'en',\n\t\t\t\t\t'option_options_method' => [\n\t\t\t\t\t\t'\\\\Froxlor\\\\Language',\n\t\t\t\t\t\t'getLanguages'\n\t\t\t\t\t],\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'panel_default_theme' => [\n\t\t\t\t\t'label' => [\n\t\t\t\t\t\t'title' => lng('panel.theme'),\n\t\t\t\t\t\t'description' => lng('serversettings.default_theme')\n\t\t\t\t\t],\n\t\t\t\t\t'settinggroup' => 'panel',\n\t\t\t\t\t'varname' => 'default_theme',\n\t\t\t\t\t'type' => 'select',\n\t\t\t\t\t'default' => 'Froxlor',\n\t\t\t\t\t'option_options_method' => [\n\t\t\t\t\t\t'\\\\Froxlor\\\\UI\\\\Panel\\\\UI',\n\t\t\t\t\t\t'getThemes'\n\t\t\t\t\t],\n\t\t\t\t\t'save_method' => 'storeSettingDefaultTheme'\n\t\t\t\t],\n\t\t\t\t'panel_allow_theme_change_customer' => [\n\t\t\t\t\t'label' => lng('serversettings.panel_allow_theme_change_customer'),\n\t\t\t\t\t'settinggroup' => 'panel',\n\t\t\t\t\t'varname' => 'allow_theme_change_customer',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => true,\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'panel_allow_theme_change_admin' => [\n\t\t\t\t\t'label' => lng('serversettings.panel_allow_theme_change_admin'),\n\t\t\t\t\t'settinggroup' => 'panel',\n\t\t\t\t\t'varname' => 'allow_theme_change_admin',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => true,\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'panel_natsorting' => [\n\t\t\t\t\t'label' => lng('serversettings.natsorting'),\n\t\t\t\t\t'settinggroup' => 'panel',\n\t\t\t\t\t'varname' => 'natsorting',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => false,\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t\t'panel_paging' => [\n\t\t\t\t\t'label' => lng('serversettings.paging'),\n\t\t\t\t\t'settinggroup' => 'panel',\n\t\t\t\t\t'varname' => 'paging',\n\t\t\t\t\t'type' => 'number',\n\t\t\t\t\t'min' => 0,\n\t\t\t\t\t'default' => 0,\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'panel_pathedit' => [\n\t\t\t\t\t'label' => lng('serversettings.pathedit'),\n\t\t\t\t\t'settinggroup' => 'panel',\n\t\t\t\t\t'varname' => 'pathedit',\n\t\t\t\t\t'type' => 'select',\n\t\t\t\t\t'default' => 'Manual',\n\t\t\t\t\t'select_var' => [\n\t\t\t\t\t\t'Manual' => lng('serversettings.manual'),\n\t\t\t\t\t\t'Dropdown' => lng('serversettings.dropdown')\n\t\t\t\t\t],\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'panel_adminmail' => [\n\t\t\t\t\t'label' => lng('serversettings.adminmail'),\n\t\t\t\t\t'settinggroup' => 'panel',\n\t\t\t\t\t'varname' => 'adminmail',\n\t\t\t\t\t'type' => 'email',\n\t\t\t\t\t'string_emptyallowed' => true,\n\t\t\t\t\t'default' => '',\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'panel_adminmail_defname' => [\n\t\t\t\t\t'label' => lng('serversettings.adminmail_defname'),\n\t\t\t\t\t'settinggroup' => 'panel',\n\t\t\t\t\t'varname' => 'adminmail_defname',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'default' => 'Froxlor Administrator',\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'panel_adminmail_return' => [\n\t\t\t\t\t'label' => lng('serversettings.adminmail_return'),\n\t\t\t\t\t'settinggroup' => 'panel',\n\t\t\t\t\t'varname' => 'adminmail_return',\n\t\t\t\t\t'type' => 'email',\n\t\t\t\t\t'string_emptyallowed' => true,\n\t\t\t\t\t'default' => '',\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t\t'panel_decimal_places' => [\n\t\t\t\t\t'label' => lng('serversettings.decimal_places'),\n\t\t\t\t\t'settinggroup' => 'panel',\n\t\t\t\t\t'varname' => 'decimal_places',\n\t\t\t\t\t'type' => 'number',\n\t\t\t\t\t'min' => 0,\n\t\t\t\t\t'max' => 15,\n\t\t\t\t\t'default' => 4,\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t\t'panel_phpmyadmin_url' => [\n\t\t\t\t\t'label' => lng('serversettings.phpmyadmin_url'),\n\t\t\t\t\t'settinggroup' => 'panel',\n\t\t\t\t\t'varname' => 'phpmyadmin_url',\n\t\t\t\t\t'type' => 'url',\n\t\t\t\t\t'string_emptyallowed' => true,\n\t\t\t\t\t'default' => '',\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'panel_webmail_url' => [\n\t\t\t\t\t'label' => lng('serversettings.webmail_url'),\n\t\t\t\t\t'settinggroup' => 'panel',\n\t\t\t\t\t'varname' => 'webmail_url',\n\t\t\t\t\t'type' => 'url',\n\t\t\t\t\t'string_emptyallowed' => true,\n\t\t\t\t\t'default' => '',\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'panel_webftp_url' => [\n\t\t\t\t\t'label' => lng('serversettings.webftp_url'),\n\t\t\t\t\t'settinggroup' => 'panel',\n\t\t\t\t\t'varname' => 'webftp_url',\n\t\t\t\t\t'type' => 'url',\n\t\t\t\t\t'string_emptyallowed' => true,\n\t\t\t\t\t'default' => '',\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'admin_show_version_login' => [\n\t\t\t\t\t'label' => lng('admin.show_version_login'),\n\t\t\t\t\t'settinggroup' => 'admin',\n\t\t\t\t\t'varname' => 'show_version_login',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => false,\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t\t'admin_show_version_footer' => [\n\t\t\t\t\t'label' => lng('admin.show_version_footer'),\n\t\t\t\t\t'settinggroup' => 'admin',\n\t\t\t\t\t'varname' => 'show_version_footer',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => false,\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'admin_show_news_feed' => [\n\t\t\t\t\t'label' => lng('admin.show_news_feed'),\n\t\t\t\t\t'settinggroup' => 'admin',\n\t\t\t\t\t'varname' => 'show_news_feed',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => false,\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'customer_show_news_feed' => [\n\t\t\t\t\t'label' => lng('admin.customer_show_news_feed'),\n\t\t\t\t\t'settinggroup' => 'customer',\n\t\t\t\t\t'varname' => 'show_news_feed',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => false,\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'customer_news_feed_url' => [\n\t\t\t\t\t'label' => lng('admin.customer_news_feed_url'),\n\t\t\t\t\t'settinggroup' => 'customer',\n\t\t\t\t\t'varname' => 'news_feed_url',\n\t\t\t\t\t'type' => 'url',\n\t\t\t\t\t'string_emptyallowed' => true,\n\t\t\t\t\t'default' => '',\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'panel_allow_domain_change_admin' => [\n\t\t\t\t\t'label' => lng('serversettings.panel_allow_domain_change_admin'),\n\t\t\t\t\t'settinggroup' => 'panel',\n\t\t\t\t\t'varname' => 'allow_domain_change_admin',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => false,\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t\t'panel_allow_domain_change_customer' => [\n\t\t\t\t\t'label' => lng('serversettings.panel_allow_domain_change_customer'),\n\t\t\t\t\t'settinggroup' => 'panel',\n\t\t\t\t\t'varname' => 'allow_domain_change_customer',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => false,\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t\t'panel_phpconfigs_hidesubdomains' => [\n\t\t\t\t\t'label' => lng('serversettings.panel_phpconfigs_hidesubdomains'),\n\t\t\t\t\t'settinggroup' => 'panel',\n\t\t\t\t\t'varname' => 'phpconfigs_hidesubdomains',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => true,\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t\t'panel_phpconfigs_hidestdsubdomain' => [\n\t\t\t\t\t'label' => lng('serversettings.panel_phpconfigs_hidestdsubdomain'),\n\t\t\t\t\t'settinggroup' => 'panel',\n\t\t\t\t\t'varname' => 'phpconfigs_hidestdsubdomain',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => false,\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t\t'panel_customer_hide_options' => [\n\t\t\t\t\t'label' => lng('serversettings.panel_customer_hide_options'),\n\t\t\t\t\t'settinggroup' => 'panel',\n\t\t\t\t\t'varname' => 'customer_hide_options',\n\t\t\t\t\t'type' => 'select',\n\t\t\t\t\t'default' => '',\n\t\t\t\t\t'select_mode' => 'multiple',\n\t\t\t\t\t'option_emptyallowed' => true,\n\t\t\t\t\t'select_var' => [\n\t\t\t\t\t\t'email' => lng('menue.email.email'),\n\t\t\t\t\t\t'mysql' => lng('menue.mysql.mysql'),\n\t\t\t\t\t\t'domains' => lng('menue.domains.domains'),\n\t\t\t\t\t\t'ftp' => lng('menue.ftp.ftp'),\n\t\t\t\t\t\t'extras' => lng('menue.extras.extras'),\n\t\t\t\t\t\t'extras.directoryprotection' => lng('menue.extras.extras') . \" / \" . lng('menue.extras.directoryprotection'),\n\t\t\t\t\t\t'extras.pathoptions' => lng('menue.extras.extras') . \" / \" . lng('menue.extras.pathoptions'),\n\t\t\t\t\t\t'extras.logger' => lng('menue.extras.extras') . \" / \" . lng('menue.logger.logger'),\n\t\t\t\t\t\t'extras.export' => lng('menue.extras.extras') . \" / \" . lng('menue.extras.export'),\n\t\t\t\t\t\t'traffic' => lng('menue.traffic.traffic'),\n\t\t\t\t\t\t'traffic.http' => lng('menue.traffic.traffic') . \" / HTTP\",\n\t\t\t\t\t\t'traffic.ftp' => lng('menue.traffic.traffic') . \" / FTP\",\n\t\t\t\t\t\t'traffic.mail' => lng('menue.traffic.traffic') . \" / Mail\",\n\t\t\t\t\t\t'misc.documentation' => lng('admin.documentation'),\n\t\t\t\t\t],\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t\t'panel_imprint_url' => [\n\t\t\t\t\t'label' => lng('serversettings.imprint_url'),\n\t\t\t\t\t'settinggroup' => 'panel',\n\t\t\t\t\t'varname' => 'imprint_url',\n\t\t\t\t\t'type' => 'url',\n\t\t\t\t\t'string_emptyallowed' => true,\n\t\t\t\t\t'default' => '',\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'panel_terms_url' => [\n\t\t\t\t\t'label' => lng('serversettings.terms_url'),\n\t\t\t\t\t'settinggroup' => 'panel',\n\t\t\t\t\t'varname' => 'terms_url',\n\t\t\t\t\t'type' => 'url',\n\t\t\t\t\t'string_emptyallowed' => true,\n\t\t\t\t\t'default' => '',\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'panel_privacy_url' => [\n\t\t\t\t\t'label' => lng('serversettings.privacy_url'),\n\t\t\t\t\t'settinggroup' => 'panel',\n\t\t\t\t\t'varname' => 'privacy_url',\n\t\t\t\t\t'type' => 'url',\n\t\t\t\t\t'string_emptyallowed' => true,\n\t\t\t\t\t'default' => '',\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'panel_logo_overridetheme' => [\n\t\t\t\t\t'label' => lng('serversettings.logo_overridetheme'),\n\t\t\t\t\t'settinggroup' => 'panel',\n\t\t\t\t\t'varname' => 'logo_overridetheme',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => false,\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'panel_logo_overridecustom' => [\n\t\t\t\t\t'label' => lng('serversettings.logo_overridecustom'),\n\t\t\t\t\t'settinggroup' => 'panel',\n\t\t\t\t\t'varname' => 'logo_overridecustom',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => false,\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'panel_logo_image_header' => [\n\t\t\t\t\t'label' => lng('serversettings.logo_image_header'),\n\t\t\t\t\t'settinggroup' => 'panel',\n\t\t\t\t\t'varname' => 'logo_image_header',\n\t\t\t\t\t'type' => 'image',\n\t\t\t\t\t'accept' => 'image/jpeg, image/jpg, image/png, image/gif',\n\t\t\t\t\t'image_name' => 'logo_header',\n\t\t\t\t\t'default' => '',\n\t\t\t\t\t'save_method' => 'storeSettingImage'\n\t\t\t\t],\n\t\t\t\t'panel_logo_image_login' => [\n\t\t\t\t\t'label' => lng('serversettings.logo_image_login'),\n\t\t\t\t\t'settinggroup' => 'panel',\n\t\t\t\t\t'varname' => 'logo_image_login',\n\t\t\t\t\t'type' => 'image',\n\t\t\t\t\t'accept' => 'image/jpeg, image/jpg, image/png, image/gif',\n\t\t\t\t\t'image_name' => 'logo_login',\n\t\t\t\t\t'default' => '',\n\t\t\t\t\t'save_method' => 'storeSettingImage'\n\t\t\t\t],\n\t\t\t\t'panel_menu_collapsed' => [\n\t\t\t\t\t'label' => lng('serversettings.panel_menu_collapsed'),\n\t\t\t\t\t'settinggroup' => 'panel',\n\t\t\t\t\t'varname' => 'menu_collapsed',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => true,\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t],\n\t\t\t]\n\t\t]\n\t]\n];\n" }, { "path": "actions/admin/settings/110.accounts.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nreturn [\n\t'groups' => [\n\t\t'accounts' => [\n\t\t\t'title' => lng('admin.accountsettings'),\n\t\t\t'icon' => 'fa-solid fa-users-gear',\n\t\t\t'fields' => [\n\t\t\t\t'session_sessiontimeout' => [\n\t\t\t\t\t'label' => lng('serversettings.session_timeout'),\n\t\t\t\t\t'settinggroup' => 'session',\n\t\t\t\t\t'varname' => 'sessiontimeout',\n\t\t\t\t\t'type' => 'number',\n\t\t\t\t\t'min' => 60,\n\t\t\t\t\t'max' => 31536000,\n\t\t\t\t\t'default' => 600,\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'session_allow_multiple_login' => [\n\t\t\t\t\t'label' => lng('serversettings.session_allow_multiple_login'),\n\t\t\t\t\t'settinggroup' => 'session',\n\t\t\t\t\t'varname' => 'allow_multiple_login',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => false,\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'login_domain_login' => [\n\t\t\t\t\t'label' => lng('serversettings.login_domain_login'),\n\t\t\t\t\t'settinggroup' => 'login',\n\t\t\t\t\t'varname' => 'domain_login',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => false,\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'login_maxloginattempts' => [\n\t\t\t\t\t'label' => lng('serversettings.maxloginattempts'),\n\t\t\t\t\t'settinggroup' => 'login',\n\t\t\t\t\t'varname' => 'maxloginattempts',\n\t\t\t\t\t'type' => 'number',\n\t\t\t\t\t'min' => 1,\n\t\t\t\t\t'default' => 3,\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'login_deactivatetime' => [\n\t\t\t\t\t'label' => lng('serversettings.deactivatetime'),\n\t\t\t\t\t'settinggroup' => 'login',\n\t\t\t\t\t'varname' => 'deactivatetime',\n\t\t\t\t\t'type' => 'number',\n\t\t\t\t\t'min' => 0,\n\t\t\t\t\t'default' => 900,\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'2fa_enabled' => [\n\t\t\t\t\t'label' => lng('2fa.2fa_enabled'),\n\t\t\t\t\t'settinggroup' => '2fa',\n\t\t\t\t\t'varname' => 'enabled',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => true,\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'panel_password_min_length' => [\n\t\t\t\t\t'label' => lng('serversettings.panel_password_min_length'),\n\t\t\t\t\t'settinggroup' => 'panel',\n\t\t\t\t\t'varname' => 'password_min_length',\n\t\t\t\t\t'type' => 'number',\n\t\t\t\t\t'min' => 0,\n\t\t\t\t\t'default' => 0,\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'panel_password_alpha_lower' => [\n\t\t\t\t\t'label' => lng('serversettings.panel_password_alpha_lower'),\n\t\t\t\t\t'settinggroup' => 'panel',\n\t\t\t\t\t'varname' => 'password_alpha_lower',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => true,\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'panel_password_alpha_upper' => [\n\t\t\t\t\t'label' => lng('serversettings.panel_password_alpha_upper'),\n\t\t\t\t\t'settinggroup' => 'panel',\n\t\t\t\t\t'varname' => 'password_alpha_upper',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => true,\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'panel_password_numeric' => [\n\t\t\t\t\t'label' => lng('serversettings.panel_password_numeric'),\n\t\t\t\t\t'settinggroup' => 'panel',\n\t\t\t\t\t'varname' => 'password_numeric',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => false,\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'panel_password_special_char_required' => [\n\t\t\t\t\t'label' => lng('serversettings.panel_password_special_char_required'),\n\t\t\t\t\t'settinggroup' => 'panel',\n\t\t\t\t\t'varname' => 'password_special_char_required',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => false,\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'panel_password_special_char' => [\n\t\t\t\t\t'label' => lng('serversettings.panel_password_special_char'),\n\t\t\t\t\t'settinggroup' => 'panel',\n\t\t\t\t\t'varname' => 'password_special_char',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'default' => '!?<>§$%+#=@',\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'panel_password_regex' => [\n\t\t\t\t\t'label' => lng('serversettings.panel_password_regex'),\n\t\t\t\t\t'settinggroup' => 'panel',\n\t\t\t\t\t'varname' => 'password_regex',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'default' => '',\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t\t'system_req_limit_per_interval' => [\n\t\t\t\t\t'label' => lng('serversettings.req_limit_per_interval'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'req_limit_per_interval',\n\t\t\t\t\t'type' => 'number',\n\t\t\t\t\t'min' => 30,\n\t\t\t\t\t'default' => 60,\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t\t'system_req_limit_interval' => [\n\t\t\t\t\t'label' => lng('serversettings.req_limit_interval'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'req_limit_interval',\n\t\t\t\t\t'type' => 'number',\n\t\t\t\t\t'min' => 5,\n\t\t\t\t\t'default' => 60,\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t\t'customer_accountprefix' => [\n\t\t\t\t\t'label' => lng('serversettings.accountprefix'),\n\t\t\t\t\t'settinggroup' => 'customer',\n\t\t\t\t\t'varname' => 'accountprefix',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'default' => '',\n\t\t\t\t\t'plausibility_check_method' => [\n\t\t\t\t\t\t'\\\\Froxlor\\\\Validate\\\\Check',\n\t\t\t\t\t\t'checkUsername'\n\t\t\t\t\t],\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'customer_mysqlprefix' => [\n\t\t\t\t\t'label' => lng('serversettings.mysqlprefix'),\n\t\t\t\t\t'settinggroup' => 'customer',\n\t\t\t\t\t'varname' => 'mysqlprefix',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'default' => '',\n\t\t\t\t\t'plausibility_check_method' => [\n\t\t\t\t\t\t'\\\\Froxlor\\\\Validate\\\\Check',\n\t\t\t\t\t\t'checkUsername'\n\t\t\t\t\t],\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'customer_ftpprefix' => [\n\t\t\t\t\t'label' => lng('serversettings.ftpprefix'),\n\t\t\t\t\t'settinggroup' => 'customer',\n\t\t\t\t\t'varname' => 'ftpprefix',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'default' => '',\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'customer_ftpatdomain' => [\n\t\t\t\t\t'label' => lng('serversettings.ftpdomain'),\n\t\t\t\t\t'settinggroup' => 'customer',\n\t\t\t\t\t'varname' => 'ftpatdomain',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => false,\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'panel_allow_preset' => [\n\t\t\t\t\t'label' => lng('serversettings.allow_password_reset'),\n\t\t\t\t\t'settinggroup' => 'panel',\n\t\t\t\t\t'varname' => 'allow_preset',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => false,\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'dependency' => [\n\t\t\t\t\t\t'fieldname' => 'panel_allow_preset_admin',\n\t\t\t\t\t\t'fielddata' => [\n\t\t\t\t\t\t\t'settinggroup' => 'panel',\n\t\t\t\t\t\t\t'varname' => 'allow_preset_admin'\n\t\t\t\t\t\t],\n\t\t\t\t\t\t'onlyif' => 0\n\t\t\t\t\t]\n\t\t\t\t],\n\t\t\t\t'panel_allow_preset_admin' => [\n\t\t\t\t\t'label' => lng('serversettings.allow_password_reset_admin'),\n\t\t\t\t\t'settinggroup' => 'panel',\n\t\t\t\t\t'varname' => 'allow_preset_admin',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => false,\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'dependency' => [\n\t\t\t\t\t\t'fieldname' => 'panel_allow_preset',\n\t\t\t\t\t\t'fielddata' => [\n\t\t\t\t\t\t\t'settinggroup' => 'panel',\n\t\t\t\t\t\t\t'varname' => 'allow_preset'\n\t\t\t\t\t\t],\n\t\t\t\t\t\t'onlyif' => 1\n\t\t\t\t\t]\n\t\t\t\t],\n\t\t\t\t'system_exportenabled' => [\n\t\t\t\t\t'label' => lng('serversettings.exportenabled'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'exportenabled',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => false,\n\t\t\t\t\t'cronmodule' => 'froxlor/export',\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'system_createstdsubdom_default' => [\n\t\t\t\t\t'label' => lng('serversettings.createstdsubdom_default'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'createstdsubdom_default',\n\t\t\t\t\t'type' => 'select',\n\t\t\t\t\t'default' => '1',\n\t\t\t\t\t'select_var' => [\n\t\t\t\t\t\t'0' => lng('panel.no'),\n\t\t\t\t\t\t'1' => lng('panel.yes')\n\t\t\t\t\t],\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t]\n\t\t]\n\t]\n];\n" }, { "path": "actions/admin/settings/120.system.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nreturn [\n\t'groups' => [\n\t\t'system' => [\n\t\t\t'title' => lng('admin.systemsettings'),\n\t\t\t'icon' => 'fa-solid fa-gears',\n\t\t\t'fields' => [\n\t\t\t\t'system_documentroot_prefix' => [\n\t\t\t\t\t'label' => lng('serversettings.documentroot_prefix'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'documentroot_prefix',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'string_type' => 'dir',\n\t\t\t\t\t'default' => '/var/customers/webs/',\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'plausibility_check_method' => [\n\t\t\t\t\t\t'\\\\Froxlor\\\\Validate\\\\Check',\n\t\t\t\t\t\t'checkPathConflicts'\n\t\t\t\t\t],\n\t\t\t\t\t'requires_reconf' => ['http']\n\t\t\t\t],\n\t\t\t\t'system_documentroot_use_default_value' => [\n\t\t\t\t\t'label' => lng('serversettings.documentroot_use_default_value'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'documentroot_use_default_value',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => false,\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'system_ipaddress' => [\n\t\t\t\t\t'label' => lng('serversettings.ipaddress'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'ipaddress',\n\t\t\t\t\t'type' => 'select',\n\t\t\t\t\t'option_options_method' => [\n\t\t\t\t\t\t'\\\\Froxlor\\\\Domain\\\\IpAddr',\n\t\t\t\t\t\t'getIpAddresses'\n\t\t\t\t\t],\n\t\t\t\t\t'default' => '',\n\t\t\t\t\t'save_method' => 'storeSettingIpAddress'\n\t\t\t\t],\n\t\t\t\t'system_defaultip' => [\n\t\t\t\t\t'label' => lng('serversettings.defaultip'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'defaultip',\n\t\t\t\t\t'type' => 'select',\n\t\t\t\t\t'select_mode' => 'multiple',\n\t\t\t\t\t'option_options_method' => [\n\t\t\t\t\t\t'\\\\Froxlor\\\\Domain\\\\IpAddr',\n\t\t\t\t\t\t'getIpPortCombinations'\n\t\t\t\t\t],\n\t\t\t\t\t'default' => '',\n\t\t\t\t\t'save_method' => 'storeSettingDefaultIp'\n\t\t\t\t],\n\t\t\t\t'system_defaultsslip' => [\n\t\t\t\t\t'label' => lng('serversettings.defaultsslip'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'defaultsslip',\n\t\t\t\t\t'type' => 'select',\n\t\t\t\t\t'select_mode' => 'multiple',\n\t\t\t\t\t'option_options_method' => [\n\t\t\t\t\t\t'\\\\Froxlor\\\\Domain\\\\IpAddr',\n\t\t\t\t\t\t'getSslIpPortCombinations'\n\t\t\t\t\t],\n\t\t\t\t\t'default' => '',\n\t\t\t\t\t'save_method' => 'storeSettingDefaultSslIp'\n\t\t\t\t],\n\t\t\t\t'system_hostname' => [\n\t\t\t\t\t'label' => lng('serversettings.hostname'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'hostname',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'default' => '',\n\t\t\t\t\t'save_method' => 'storeSettingHostname',\n\t\t\t\t\t'plausibility_check_method' => [\n\t\t\t\t\t\t'\\\\Froxlor\\\\Validate\\\\Check',\n\t\t\t\t\t\t'checkHostname'\n\t\t\t\t\t]\n\t\t\t\t],\n\t\t\t\t'api_enabled' => [\n\t\t\t\t\t'label' => lng('serversettings.enable_api'),\n\t\t\t\t\t'settinggroup' => 'api',\n\t\t\t\t\t'varname' => 'enabled',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => false,\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'required_otp' => true\n\t\t\t\t],\n\t\t\t\t'api_customer_default' => [\n\t\t\t\t\t'label' => lng('serversettings.api_customer_default'),\n\t\t\t\t\t'settinggroup' => 'api',\n\t\t\t\t\t'varname' => 'customer_default',\n\t\t\t\t\t'type' => 'select',\n\t\t\t\t\t'default' => 1,\n\t\t\t\t\t'select_var' => [\n\t\t\t\t\t\t1 => lng('panel.yes'),\n\t\t\t\t\t\t0 => lng('panel.no')\n\t\t\t\t\t],\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'system_update_channel' => [\n\t\t\t\t\t'label' => lng('serversettings.update_channel'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'update_channel',\n\t\t\t\t\t'type' => 'select',\n\t\t\t\t\t'default' => 'stable',\n\t\t\t\t\t'select_var' => [\n\t\t\t\t\t\t'stable' => lng('serversettings.uc_stable'),\n\t\t\t\t\t\t'testing' => lng('serversettings.uc_testing'),\n\t\t\t\t\t\t'nightly' => lng('serversettings.uc_nightly')\n\t\t\t\t\t],\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t\t'system_validate_domain' => [\n\t\t\t\t\t'label' => lng('serversettings.validate_domain'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'validate_domain',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => true,\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'system_stdsubdomain' => [\n\t\t\t\t\t'label' => lng('serversettings.stdsubdomainhost'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'stdsubdomain',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'default' => '',\n\t\t\t\t\t'save_method' => 'storeSettingHostname'\n\t\t\t\t],\n\t\t\t\t'system_mysql_access_host' => [\n\t\t\t\t\t'label' => lng('serversettings.mysql_access_host'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'mysql_access_host',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'default' => '127.0.0.1,localhost',\n\t\t\t\t\t'plausibility_check_method' => [\n\t\t\t\t\t\t'\\\\Froxlor\\\\Validate\\\\Check',\n\t\t\t\t\t\t'checkMysqlAccessHost'\n\t\t\t\t\t],\n\t\t\t\t\t'save_method' => 'storeSettingMysqlAccessHost'\n\t\t\t\t],\n\t\t\t\t'system_nssextrausers' => [\n\t\t\t\t\t'label' => lng('serversettings.nssextrausers'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'nssextrausers',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => false,\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'system_store_index_file_subs' => [\n\t\t\t\t\t'label' => lng('serversettings.system_store_index_file_subs'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'store_index_file_subs',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => true,\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'system_report_enable' => [\n\t\t\t\t\t'label' => lng('serversettings.report.report'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'report_enable',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => true,\n\t\t\t\t\t'cronmodule' => 'froxlor/reports',\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'system_report_webmax' => [\n\t\t\t\t\t'label' => lng('serversettings.report.webmax'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'report_webmax',\n\t\t\t\t\t'type' => 'number',\n\t\t\t\t\t'min' => 0,\n\t\t\t\t\t'max' => 150,\n\t\t\t\t\t'default' => 90,\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'system_report_trafficmax' => [\n\t\t\t\t\t'label' => lng('serversettings.report.trafficmax'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'report_trafficmax',\n\t\t\t\t\t'type' => 'number',\n\t\t\t\t\t'min' => 0,\n\t\t\t\t\t'max' => 150,\n\t\t\t\t\t'default' => 90,\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'system_report_web_bccadmin' => [\n\t\t\t\t\t'label' => lng('serversettings.report.report_web_bccadmin'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'report_web_bccadmin',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => false,\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'system_mail_use_smtp' => [\n\t\t\t\t\t'label' => lng('serversettings.mail_use_smtp'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'mail_use_smtp',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => false,\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'system_mail_smtp_host' => [\n\t\t\t\t\t'label' => lng('serversettings.mail_smtp_host'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'mail_smtp_host',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'default' => 'localhost',\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'system_mail_smtp_port' => [\n\t\t\t\t\t'label' => lng('serversettings.mail_smtp_port'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'mail_smtp_port',\n\t\t\t\t\t'type' => 'number',\n\t\t\t\t\t'min' => 1,\n\t\t\t\t\t'max' => 65535,\n\t\t\t\t\t'default' => 25,\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'system_mail_smtp_usetls' => [\n\t\t\t\t\t'label' => lng('serversettings.mail_smtp_usetls'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'mail_smtp_usetls',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => true,\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'system_mail_smtp_auth' => [\n\t\t\t\t\t'label' => lng('serversettings.mail_smtp_auth'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'mail_smtp_auth',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => true,\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'system_mail_smtp_user' => [\n\t\t\t\t\t'label' => lng('serversettings.mail_smtp_user'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'mail_smtp_user',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'default' => '',\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'autocomplete' => 'off'\n\t\t\t\t],\n\t\t\t\t'system_mail_smtp_passwd' => [\n\t\t\t\t\t'label' => lng('serversettings.mail_smtp_passwd'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'mail_smtp_passwd',\n\t\t\t\t\t'type' => 'password',\n\t\t\t\t\t'default' => '',\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'autocomplete' => 'new-password'\n\t\t\t\t],\n\t\t\t\t'system_apply_specialsettings_default' => [\n\t\t\t\t\t'label' => lng('serversettings.apply_specialsettings_default'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'apply_specialsettings_default',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => true,\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t\t'system_apply_phpconfigs_default' => [\n\t\t\t\t\t'label' => lng('serversettings.apply_phpconfigs_default'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'apply_phpconfigs_default',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => true,\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t\t'system_domaindefaultalias' => [\n\t\t\t\t\t'label' => lng('admin.domaindefaultalias'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'domaindefaultalias',\n\t\t\t\t\t'type' => 'select',\n\t\t\t\t\t'default' => '0',\n\t\t\t\t\t'select_var' => [\n\t\t\t\t\t\t'0' => lng('domains.serveraliasoption_wildcard'),\n\t\t\t\t\t\t'1' => lng('domains.serveraliasoption_www'),\n\t\t\t\t\t\t'2' => lng('domains.serveraliasoption_none')\n\t\t\t\t\t],\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t\t'system_hide_incompatible_settings' => [\n\t\t\t\t\t'label' => lng('serversettings.hide_incompatible_settings'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'hide_incompatible_settings',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => true,\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t]\n\t\t]\n\t]\n];\n" }, { "path": "actions/admin/settings/122.froxlorvhost.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nuse Froxlor\\Settings;\n\nreturn [\n\t'groups' => [\n\t\t'froxlorvhost' => [\n\t\t\t'title' => lng('admin.froxlorvhost') . (call_user_func([\n\t\t\t\t'\\Froxlor\\Settings\\FroxlorVhostSettings',\n\t\t\t\t'hasVhostContainerEnabled'\n\t\t\t]) == false ? lng('admin.novhostcontainer') : ''),\n\t\t\t'icon' => 'fa-solid fa-wrench',\n\t\t\t'fields' => [\n\t\t\t\t/**\n\t\t\t\t * Webserver-Vhost\n\t\t\t\t */\n\t\t\t\t'system_froxlordirectlyviahostname' => [\n\t\t\t\t\t'label' => lng('serversettings.froxlordirectlyviahostname'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'froxlordirectlyviahostname',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => true,\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'system_froxloraliases' => [\n\t\t\t\t\t'label' => lng('serversettings.froxloraliases'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'froxloraliases',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'string_regexp' => '/^(([a-z0-9\\-\\._]+, ?)*[a-z0-9\\-\\._]+)?$/i',\n\t\t\t\t\t'string_emptyallowed' => true,\n\t\t\t\t\t'default' => '',\n\t\t\t\t\t'save_method' => 'storeSettingClearCertificates',\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t\t/**\n\t\t\t\t * SSL / Let's Encrypt\n\t\t\t\t */\n\t\t\t\t'system_le_froxlor_enabled' => [\n\t\t\t\t\t'label' => lng('serversettings.le_froxlor_enabled'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'le_froxlor_enabled',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => false,\n\t\t\t\t\t'save_method' => 'storeSettingClearCertificates',\n\t\t\t\t\t'visible' => Settings::Get('system.leenabled') && call_user_func([\n\t\t\t\t\t\t'\\Froxlor\\Settings\\FroxlorVhostSettings',\n\t\t\t\t\t\t'hasVhostContainerEnabled'\n\t\t\t\t\t], true),\n\t\t\t\t\t'requires_reconf' => ['http']\n\t\t\t\t],\n\t\t\t\t'system_le_froxlor_redirect' => [\n\t\t\t\t\t'label' => lng('serversettings.le_froxlor_redirect'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'le_froxlor_redirect',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => false,\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'visible' => Settings::Get('system.use_ssl') && call_user_func([\n\t\t\t\t\t\t'\\Froxlor\\Settings\\FroxlorVhostSettings',\n\t\t\t\t\t\t'hasVhostContainerEnabled'\n\t\t\t\t\t], true)\n\t\t\t\t],\n\t\t\t\t'system_hsts_maxage' => [\n\t\t\t\t\t'label' => lng('admin.domain_hsts_maxage'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'hsts_maxage',\n\t\t\t\t\t'type' => 'number',\n\t\t\t\t\t'min' => 0,\n\t\t\t\t\t'max' => 94608000, // 3-years\n\t\t\t\t\t'default' => 10368000,\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'visible' => Settings::Get('system.use_ssl') && call_user_func([\n\t\t\t\t\t\t'\\Froxlor\\Settings\\FroxlorVhostSettings',\n\t\t\t\t\t\t'hasVhostContainerEnabled'\n\t\t\t\t\t], true),\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t\t'system_hsts_incsub' => [\n\t\t\t\t\t'label' => lng('admin.domain_hsts_incsub'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'hsts_incsub',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => false,\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'visible' => Settings::Get('system.use_ssl') && call_user_func([\n\t\t\t\t\t\t'\\Froxlor\\Settings\\FroxlorVhostSettings',\n\t\t\t\t\t\t'hasVhostContainerEnabled'\n\t\t\t\t\t], true),\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t\t'system_hsts_preload' => [\n\t\t\t\t\t'label' => lng('admin.domain_hsts_preload'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'hsts_preload',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => false,\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'visible' => Settings::Get('system.use_ssl') && call_user_func([\n\t\t\t\t\t\t'\\Froxlor\\Settings\\FroxlorVhostSettings',\n\t\t\t\t\t\t'hasVhostContainerEnabled'\n\t\t\t\t\t], true),\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t\t'system_honorcipherorder' => [\n\t\t\t\t\t'label' => lng('admin.domain_honorcipherorder'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'honorcipherorder',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => false,\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'visible' => Settings::Get('system.use_ssl') && call_user_func([\n\t\t\t\t\t\t'\\Froxlor\\Settings\\FroxlorVhostSettings',\n\t\t\t\t\t\t'hasVhostContainerEnabled'\n\t\t\t\t\t], true),\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t\t'system_sessiontickets' => [\n\t\t\t\t\t'label' => lng('admin.domain_sessiontickets'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'sessiontickets',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => true,\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'visible' => Settings::Get('system.use_ssl') && call_user_func([\n\t\t\t\t\t\t'\\Froxlor\\Settings\\FroxlorVhostSettings',\n\t\t\t\t\t\t'hasVhostContainerEnabled'\n\t\t\t\t\t], true),\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t\t/**\n\t\t\t\t * FCGID\n\t\t\t\t */\n\t\t\t\t'system_mod_fcgid_ownvhost' => [\n\t\t\t\t\t'label' => lng('serversettings.mod_fcgid_ownvhost'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'mod_fcgid_ownvhost',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => true,\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'websrv_avail' => [\n\t\t\t\t\t\t'apache2'\n\t\t\t\t\t],\n\t\t\t\t\t'visible' => Settings::Get('system.mod_fcgid') && call_user_func([\n\t\t\t\t\t\t'\\Froxlor\\Settings\\FroxlorVhostSettings',\n\t\t\t\t\t\t'hasVhostContainerEnabled'\n\t\t\t\t\t]),\n\t\t\t\t\t'requires_reconf' => ['system:fcgid']\n\t\t\t\t],\n\t\t\t\t'system_mod_fcgid_httpuser' => [\n\t\t\t\t\t'label' => lng('admin.mod_fcgid_user'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'mod_fcgid_httpuser',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'default' => 'froxlorlocal',\n\t\t\t\t\t'string_emptyallowed' => false,\n\t\t\t\t\t'plausibility_check_method' => [\n\t\t\t\t\t\t'\\\\Froxlor\\\\Validate\\\\Check',\n\t\t\t\t\t\t'checkSystemUsername'\n\t\t\t\t\t],\n\t\t\t\t\t'save_method' => 'storeSettingWebserverFcgidFpmUser',\n\t\t\t\t\t'websrv_avail' => [\n\t\t\t\t\t\t'apache2'\n\t\t\t\t\t],\n\t\t\t\t\t'visible' => Settings::Get('system.mod_fcgid') && call_user_func([\n\t\t\t\t\t\t'\\Froxlor\\Settings\\FroxlorVhostSettings',\n\t\t\t\t\t\t'hasVhostContainerEnabled'\n\t\t\t\t\t]),\n\t\t\t\t\t'requires_reconf' => ['system:fcgid']\n\t\t\t\t],\n\t\t\t\t'system_mod_fcgid_httpgroup' => [\n\t\t\t\t\t'label' => lng('admin.mod_fcgid_group'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'mod_fcgid_httpgroup',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'default' => 'froxlorlocal',\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'string_emptyallowed' => false,\n\t\t\t\t\t'websrv_avail' => [\n\t\t\t\t\t\t'apache2'\n\t\t\t\t\t],\n\t\t\t\t\t'visible' => Settings::Get('system.mod_fcgid') && call_user_func([\n\t\t\t\t\t\t'\\Froxlor\\Settings\\FroxlorVhostSettings',\n\t\t\t\t\t\t'hasVhostContainerEnabled'\n\t\t\t\t\t]),\n\t\t\t\t\t'requires_reconf' => ['system:fcgid']\n\t\t\t\t],\n\t\t\t\t'system_mod_fcgid_defaultini_ownvhost' => [\n\t\t\t\t\t'label' => lng('serversettings.mod_fcgid.defaultini_ownvhost'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'mod_fcgid_defaultini_ownvhost',\n\t\t\t\t\t'type' => 'select',\n\t\t\t\t\t'default' => '2',\n\t\t\t\t\t'option_options_method' => [\n\t\t\t\t\t\t'\\\\Froxlor\\\\Http\\\\PhpConfig',\n\t\t\t\t\t\t'getPhpConfigs'\n\t\t\t\t\t],\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'websrv_avail' => [\n\t\t\t\t\t\t'apache2'\n\t\t\t\t\t],\n\t\t\t\t\t'visible' => Settings::Get('system.mod_fcgid') && call_user_func([\n\t\t\t\t\t\t'\\Froxlor\\Settings\\FroxlorVhostSettings',\n\t\t\t\t\t\t'hasVhostContainerEnabled'\n\t\t\t\t\t])\n\t\t\t\t],\n\t\t\t\t/**\n\t\t\t\t * php-fpm\n\t\t\t\t */\n\t\t\t\t'phpfpm_enabled_ownvhost' => [\n\t\t\t\t\t'label' => lng('phpfpm.ownvhost'),\n\t\t\t\t\t'settinggroup' => 'phpfpm',\n\t\t\t\t\t'varname' => 'enabled_ownvhost',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => true,\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'visible' => Settings::Get('phpfpm.enabled') && call_user_func([\n\t\t\t\t\t\t'\\Froxlor\\Settings\\FroxlorVhostSettings',\n\t\t\t\t\t\t'hasVhostContainerEnabled'\n\t\t\t\t\t]),\n\t\t\t\t\t'requires_reconf' => ['system:php-fpm']\n\t\t\t\t],\n\t\t\t\t'phpfpm_vhost_httpuser' => [\n\t\t\t\t\t'label' => lng('phpfpm.vhost_httpuser'),\n\t\t\t\t\t'settinggroup' => 'phpfpm',\n\t\t\t\t\t'varname' => 'vhost_httpuser',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'default' => 'froxlorlocal',\n\t\t\t\t\t'string_emptyallowed' => false,\n\t\t\t\t\t'plausibility_check_method' => [\n\t\t\t\t\t\t'\\\\Froxlor\\\\Validate\\\\Check',\n\t\t\t\t\t\t'checkSystemUsername'\n\t\t\t\t\t],\n\t\t\t\t\t'save_method' => 'storeSettingWebserverFcgidFpmUser',\n\t\t\t\t\t'visible' => Settings::Get('phpfpm.enabled') && call_user_func([\n\t\t\t\t\t\t'\\Froxlor\\Settings\\FroxlorVhostSettings',\n\t\t\t\t\t\t'hasVhostContainerEnabled'\n\t\t\t\t\t]),\n\t\t\t\t\t'requires_reconf' => ['system:php-fpm']\n\t\t\t\t],\n\t\t\t\t'phpfpm_vhost_httpgroup' => [\n\t\t\t\t\t'label' => lng('phpfpm.vhost_httpgroup'),\n\t\t\t\t\t'settinggroup' => 'phpfpm',\n\t\t\t\t\t'varname' => 'vhost_httpgroup',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'default' => 'froxlorlocal',\n\t\t\t\t\t'string_emptyallowed' => false,\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'visible' => Settings::Get('phpfpm.enabled') && call_user_func([\n\t\t\t\t\t\t'\\Froxlor\\Settings\\FroxlorVhostSettings',\n\t\t\t\t\t\t'hasVhostContainerEnabled'\n\t\t\t\t\t]),\n\t\t\t\t\t'requires_reconf' => ['system:php-fpm']\n\t\t\t\t],\n\t\t\t\t'phpfpm_vhost_defaultini' => [\n\t\t\t\t\t'label' => lng('serversettings.mod_fcgid.defaultini_ownvhost'),\n\t\t\t\t\t'settinggroup' => 'phpfpm',\n\t\t\t\t\t'varname' => 'vhost_defaultini',\n\t\t\t\t\t'type' => 'select',\n\t\t\t\t\t'default' => '2',\n\t\t\t\t\t'option_options_method' => [\n\t\t\t\t\t\t'\\\\Froxlor\\\\Http\\\\PhpConfig',\n\t\t\t\t\t\t'getPhpConfigs'\n\t\t\t\t\t],\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'visible' => Settings::Get('phpfpm.enabled') && call_user_func([\n\t\t\t\t\t\t'\\Froxlor\\Settings\\FroxlorVhostSettings',\n\t\t\t\t\t\t'hasVhostContainerEnabled'\n\t\t\t\t\t])\n\t\t\t\t],\n\t\t\t\t/**\n\t\t\t\t * DNS\n\t\t\t\t */\n\t\t\t\t'system_dns_createhostnameentry' => [\n\t\t\t\t\t'label' => lng('serversettings.dns_createhostnameentry'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'dns_createhostnameentry',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => false,\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'visible' => Settings::Get('system.bind_enable')\n\t\t\t\t]\n\t\t\t]\n\t\t]\n\t]\n];\n" }, { "path": "actions/admin/settings/125.cronjob.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nreturn [\n\t'groups' => [\n\t\t'crond' => [\n\t\t\t'title' => lng('admin.cronsettings'),\n\t\t\t'icon' => 'fa-solid fa-clock-rotate-left',\n\t\t\t'advanced_mode' => true,\n\t\t\t'fields' => [\n\t\t\t\t'system_cronconfig' => [\n\t\t\t\t\t'label' => lng('serversettings.system_cronconfig'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'cronconfig',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'string_type' => 'file',\n\t\t\t\t\t'default' => '/etc/cron.d/froxlor',\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'system_croncmdline' => [\n\t\t\t\t\t'label' => lng('serversettings.system_croncmdline'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'croncmdline',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'string_regexp' => '/^[a-z0-9\\/\\._\\- ]+$/i',\n\t\t\t\t\t'default' => '/usr/bin/nice -n 5 /usr/bin/php -q',\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'required_otp' => true\n\t\t\t\t],\n\t\t\t\t'system_crondreload' => [\n\t\t\t\t\t'label' => lng('serversettings.system_crondreload'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'crondreload',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'string_regexp' => '/^[a-z0-9\\/\\._\\- ]+$/i',\n\t\t\t\t\t'default' => '/etc/init.d/cron reload',\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'required_otp' => true\n\t\t\t\t],\n\t\t\t\t'system_cron_allowautoupdate' => [\n\t\t\t\t\t'label' => lng('serversettings.system_cron_allowautoupdate'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'cron_allowautoupdate',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => false,\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'required_otp' => true\n\t\t\t\t]\n\t\t\t]\n\t\t]\n\t]\n];\n" }, { "path": "actions/admin/settings/130.webserver.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nuse Froxlor\\Settings;\n\nreturn [\n\t'groups' => [\n\t\t'webserver' => [\n\t\t\t'title' => lng('admin.webserversettings'),\n\t\t\t'icon' => 'fa-solid fa-server',\n\t\t\t'fields' => [\n\t\t\t\t'system_webserver' => [\n\t\t\t\t\t'label' => lng('admin.webserver'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'webserver',\n\t\t\t\t\t'type' => 'select',\n\t\t\t\t\t'default' => 'apache2',\n\t\t\t\t\t'select_var' => [\n\t\t\t\t\t\t'apache2' => 'Apache 2',\n\t\t\t\t\t\t'nginx' => 'Nginx'\n\t\t\t\t\t],\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'plausibility_check_method' => [\n\t\t\t\t\t\t'\\\\Froxlor\\\\Validate\\\\Check',\n\t\t\t\t\t\t'checkPhpInterfaceSetting'\n\t\t\t\t\t],\n\t\t\t\t\t'requires_reconf' => ['http']\n\t\t\t\t],\n\t\t\t\t'system_apache24' => [\n\t\t\t\t\t'label' => lng('serversettings.apache_24'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'apache24',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => false,\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'websrv_avail' => [\n\t\t\t\t\t\t'apache2'\n\t\t\t\t\t]\n\t\t\t\t],\n\t\t\t\t'system_apacheitksupport' => [\n\t\t\t\t\t'label' => lng('serversettings.apache_itksupport'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'apacheitksupport',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => false,\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'visible' => (Settings::Get('system.mod_fcgid') == 0 && Settings::Get('phpfpm.enabled') == 0),\n\t\t\t\t\t'websrv_avail' => [\n\t\t\t\t\t\t'apache2'\n\t\t\t\t\t],\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t\t'system_http2_support' => [\n\t\t\t\t\t'label' => lng('serversettings.http2_support'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'http2_support',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => false,\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'websrv_avail' => [\n\t\t\t\t\t\t'apache2',\n\t\t\t\t\t\t'nginx'\n\t\t\t\t\t],\n\t\t\t\t\t'visible' => Settings::Get('system.use_ssl')\n\t\t\t\t],\n\t\t\t\t'system_http3_support' => [\n\t\t\t\t\t'label' => lng('serversettings.http3_support'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'http3_support',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => false,\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'websrv_avail' => [\n\t\t\t\t\t\t'nginx'\n\t\t\t\t\t],\n\t\t\t\t\t'visible' => Settings::Get('system.use_ssl')\n\t\t\t\t],\n\t\t\t\t'system_dhparams_file' => [\n\t\t\t\t\t'label' => lng('serversettings.dhparams_file'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'dhparams_file',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'string_type' => 'file',\n\t\t\t\t\t'string_emptyallowed' => true,\n\t\t\t\t\t'default' => '',\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'visible' => Settings::Get('system.use_ssl'),\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t\t'system_httpuser' => [\n\t\t\t\t\t'label' => lng('admin.webserver_user'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'httpuser',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'default' => 'www-data',\n\t\t\t\t\t'plausibility_check_method' => [\n\t\t\t\t\t\t'\\\\Froxlor\\\\Validate\\\\Check',\n\t\t\t\t\t\t'checkSystemUsername'\n\t\t\t\t\t],\n\t\t\t\t\t'save_method' => 'storeSettingWebserverFcgidFpmUser'\n\t\t\t\t],\n\t\t\t\t'system_httpgroup' => [\n\t\t\t\t\t'label' => lng('admin.webserver_group'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'httpgroup',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'default' => 'www-data',\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'system_apacheconf_vhost' => [\n\t\t\t\t\t'label' => lng('serversettings.apacheconf_vhost'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'apacheconf_vhost',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'string_type' => 'filedir',\n\t\t\t\t\t'default' => '/etc/apache2/sites-enabled/',\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'requires_reconf' => ['http']\n\t\t\t\t],\n\t\t\t\t'system_apacheconf_diroptions' => [\n\t\t\t\t\t'label' => lng('serversettings.apacheconf_diroptions'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'apacheconf_diroptions',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'string_type' => 'filedir',\n\t\t\t\t\t'default' => '/etc/apache2/sites-enabled/',\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'requires_reconf' => ['http']\n\t\t\t\t],\n\t\t\t\t'system_apacheconf_htpasswddir' => [\n\t\t\t\t\t'label' => lng('serversettings.apacheconf_htpasswddir'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'apacheconf_htpasswddir',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'string_type' => 'confdir',\n\t\t\t\t\t'default' => '/etc/apache2/htpasswd/',\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'system_logfiles_directory' => [\n\t\t\t\t\t'label' => lng('serversettings.logfiles_directory'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'logfiles_directory',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'string_type' => 'dir',\n\t\t\t\t\t'default' => '/var/customers/logs/',\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'requires_reconf' => ['http']\n\t\t\t\t],\n\t\t\t\t'system_logfiles_script' => [\n\t\t\t\t\t'label' => lng('serversettings.logfiles_script'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'logfiles_script',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'default' => '',\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'websrv_avail' => [\n\t\t\t\t\t\t'apache2'\n\t\t\t\t\t],\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t\t'system_logfiles_piped' => [\n\t\t\t\t\t'label' => lng('serversettings.logfiles_piped'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'logfiles_piped',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => false,\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'websrv_avail' => [\n\t\t\t\t\t\t'apache2'\n\t\t\t\t\t],\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t\t'system_logfiles_format' => [\n\t\t\t\t\t'label' => lng('serversettings.logfiles_format'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'logfiles_format',\n\t\t\t\t\t'type' => (strpos(Settings::Get('system.logfiles_format'), '\"') !== false ? 'textarea' : 'text'),\n\t\t\t\t\t'string_regexp' => '/^[^\\0\\r\\n<>]*$/i',\n\t\t\t\t\t'default' => '',\n\t\t\t\t\t'string_emptyallowed' => true,\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'websrv_avail' => [\n\t\t\t\t\t\t'apache2',\n\t\t\t\t\t\t'nginx'\n\t\t\t\t\t],\n\t\t\t\t\t'visible' => Settings::Get('system.traffictool') != 'webalizer',\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t\t'system_logfiles_type' => [\n\t\t\t\t\t'label' => lng('serversettings.logfiles_type'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'logfiles_type',\n\t\t\t\t\t'type' => 'select',\n\t\t\t\t\t'default' => '1',\n\t\t\t\t\t'select_var' => [\n\t\t\t\t\t\t'1' => 'combined',\n\t\t\t\t\t\t'2' => 'vhost_combined'\n\t\t\t\t\t],\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'websrv_avail' => [\n\t\t\t\t\t\t'apache2'\n\t\t\t\t\t]\n\t\t\t\t],\n\t\t\t\t'system_errorlog_level' => [\n\t\t\t\t\t'label' => lng('serversettings.errorlog_level'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'errorlog_level',\n\t\t\t\t\t'type' => 'select',\n\t\t\t\t\t'default' => (Settings::Get('system.webserver') == 'nginx' ? 'error' : 'warn'),\n\t\t\t\t\t'select_var' => [\n\t\t\t\t\t\t'emerg' => 'emerg',\n\t\t\t\t\t\t'alert' => 'alert',\n\t\t\t\t\t\t'crit' => 'crit',\n\t\t\t\t\t\t'error' => 'error',\n\t\t\t\t\t\t'warn' => 'warn',\n\t\t\t\t\t\t'notice' => 'notice',\n\t\t\t\t\t\t'info' => 'info',\n\t\t\t\t\t\t'debug' => 'debug'\n\t\t\t\t\t],\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'websrv_avail' => [\n\t\t\t\t\t\t'apache2',\n\t\t\t\t\t\t'nginx'\n\t\t\t\t\t]\n\t\t\t\t],\n\t\t\t\t'system_customer_ssl_path' => [\n\t\t\t\t\t'label' => lng('serversettings.customerssl_directory'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'customer_ssl_path',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'string_type' => 'confdir',\n\t\t\t\t\t'default' => '/etc/ssl/froxlor-custom/',\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'system_phpappendopenbasedir' => [\n\t\t\t\t\t'label' => lng('serversettings.phpappendopenbasedir'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'phpappendopenbasedir',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'string_emptyallowed' => true,\n\t\t\t\t\t'default' => '',\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t\t'system_deactivateddocroot' => [\n\t\t\t\t\t'label' => lng('serversettings.deactivateddocroot'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'deactivateddocroot',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'string_type' => 'dir',\n\t\t\t\t\t'string_emptyallowed' => true,\n\t\t\t\t\t'default' => '',\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'requires_reconf' => ['http']\n\t\t\t\t],\n\t\t\t\t'system_default_vhostconf' => [\n\t\t\t\t\t'label' => lng('serversettings.default_vhostconf'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'default_vhostconf',\n\t\t\t\t\t'type' => 'textarea',\n\t\t\t\t\t'default' => '',\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t\t'system_default_sslvhostconf' => [\n\t\t\t\t\t'label' => lng('serversettings.default_sslvhostconf'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'default_sslvhostconf',\n\t\t\t\t\t'type' => 'textarea',\n\t\t\t\t\t'default' => '',\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'visible' => Settings::Get('system.use_ssl') == 1,\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t\t'system_include_default_vhostconf' => [\n\t\t\t\t\t'label' => lng('serversettings.includedefault_sslvhostconf'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'include_default_vhostconf',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => false,\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t\t'system_apacheglobaldiropt' => [\n\t\t\t\t\t'label' => lng('serversettings.apache_globaldiropt'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'apacheglobaldiropt',\n\t\t\t\t\t'type' => 'textarea',\n\t\t\t\t\t'default' => '',\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'visible' => (Settings::Get('system.mod_fcgid') == 0 && Settings::Get('phpfpm.enabled') == 0),\n\t\t\t\t\t'websrv_avail' => [\n\t\t\t\t\t\t'apache2'\n\t\t\t\t\t],\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t\t'system_apachereload_command' => [\n\t\t\t\t\t'label' => lng('serversettings.apachereload_command'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'apachereload_command',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'string_regexp' => '/^[a-z0-9\\/\\._\\- ]+$/i',\n\t\t\t\t\t'default' => '/etc/init.d/apache2 reload',\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'required_otp' => true\n\t\t\t\t],\n\t\t\t\t'system_phpreload_command' => [\n\t\t\t\t\t'label' => lng('serversettings.phpreload_command'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'phpreload_command',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'string_regexp' => '/^[a-z0-9\\/\\._\\- ]+$/i',\n\t\t\t\t\t'default' => '',\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'websrv_avail' => [\n\t\t\t\t\t\t'nginx'\n\t\t\t\t\t],\n\t\t\t\t\t'required_otp' => true\n\t\t\t\t],\n\t\t\t\t'system_nginx_php_backend' => [\n\t\t\t\t\t'label' => lng('serversettings.nginx_php_backend'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'nginx_php_backend',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'default' => '127.0.0.1:8888',\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'websrv_avail' => [\n\t\t\t\t\t\t'nginx'\n\t\t\t\t\t]\n\t\t\t\t],\n\t\t\t\t'nginx_fastcgiparams' => [\n\t\t\t\t\t'label' => lng('serversettings.nginx_fastcgiparams'),\n\t\t\t\t\t'settinggroup' => 'nginx',\n\t\t\t\t\t'varname' => 'fastcgiparams',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'string_type' => 'file',\n\t\t\t\t\t'default' => '/etc/nginx/fastcgi_params',\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'websrv_avail' => [\n\t\t\t\t\t\t'nginx'\n\t\t\t\t\t]\n\t\t\t\t],\n\t\t\t\t'defaultwebsrverrhandler_enabled' => [\n\t\t\t\t\t'label' => lng('serversettings.defaultwebsrverrhandler_enabled'),\n\t\t\t\t\t'settinggroup' => 'defaultwebsrverrhandler',\n\t\t\t\t\t'varname' => 'enabled',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => false,\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t\t'defaultwebsrverrhandler_err401' => [\n\t\t\t\t\t'label' => lng('serversettings.defaultwebsrverrhandler_err401'),\n\t\t\t\t\t'settinggroup' => 'defaultwebsrverrhandler',\n\t\t\t\t\t'varname' => 'err401',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'default' => '',\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'websrv_avail' => [\n\t\t\t\t\t\t'apache2',\n\t\t\t\t\t\t'nginx'\n\t\t\t\t\t],\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t\t'defaultwebsrverrhandler_err403' => [\n\t\t\t\t\t'label' => lng('serversettings.defaultwebsrverrhandler_err403'),\n\t\t\t\t\t'settinggroup' => 'defaultwebsrverrhandler',\n\t\t\t\t\t'varname' => 'err403',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'default' => '',\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'websrv_avail' => [\n\t\t\t\t\t\t'apache2',\n\t\t\t\t\t\t'nginx'\n\t\t\t\t\t],\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t\t'defaultwebsrverrhandler_err404' => [\n\t\t\t\t\t'label' => lng('serversettings.defaultwebsrverrhandler_err404'),\n\t\t\t\t\t'settinggroup' => 'defaultwebsrverrhandler',\n\t\t\t\t\t'varname' => 'err404',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'default' => '',\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t\t'defaultwebsrverrhandler_err500' => [\n\t\t\t\t\t'label' => lng('serversettings.defaultwebsrverrhandler_err500'),\n\t\t\t\t\t'settinggroup' => 'defaultwebsrverrhandler',\n\t\t\t\t\t'varname' => 'err500',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'default' => '',\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'websrv_avail' => [\n\t\t\t\t\t\t'apache2',\n\t\t\t\t\t\t'nginx'\n\t\t\t\t\t],\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t\t'customredirect_enabled' => [\n\t\t\t\t\t'label' => lng('serversettings.customredirect_enabled'),\n\t\t\t\t\t'settinggroup' => 'customredirect',\n\t\t\t\t\t'varname' => 'enabled',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => false,\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'customredirect_default' => [\n\t\t\t\t\t'label' => lng('serversettings.customredirect_default'),\n\t\t\t\t\t'settinggroup' => 'customredirect',\n\t\t\t\t\t'varname' => 'default',\n\t\t\t\t\t'type' => 'select',\n\t\t\t\t\t'default' => '1',\n\t\t\t\t\t'option_options_method' => ['\\\\Froxlor\\\\Domain\\\\Domain', 'getRedirectCodes'],\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'system_webserver_serveradmin' => [\n\t\t\t\t\t'label' => lng('admin.webserver_serveradmin.setting'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'webserver_serveradmin',\n\t\t\t\t\t'type' => 'select',\n\t\t\t\t\t'default' => 'customer',\n\t\t\t\t\t'select_var' => [\n\t\t\t\t\t\t'customer' => lng('admin.webserver_serveradmin.customer'),\n\t\t\t\t\t\t'admin' => lng('admin.webserver_serveradmin.admin'),\n\t\t\t\t\t\t'global' => lng('admin.webserver_serveradmin.global'),\n\t\t\t\t\t\t'none' => lng('admin.webserver_serveradmin.none')\n\t\t\t\t\t],\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'websrv_avail' => [\n\t\t\t\t\t\t'apache2',\n\t\t\t\t\t],\n\t\t\t\t],\n\t\t\t]\n\t\t]\n\t]\n];\n" }, { "path": "actions/admin/settings/131.ssl.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nuse Froxlor\\Froxlor;\nuse Froxlor\\Settings;\n\nreturn [\n\t'groups' => [\n\t\t'ssl' => [\n\t\t\t'title' => lng('admin.sslsettings'),\n\t\t\t'icon' => 'fa-solid fa-shield',\n\t\t\t'fields' => [\n\t\t\t\t'system_use_ssl' => [\n\t\t\t\t\t'label' => lng('serversettings.ssl.use_ssl'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'use_ssl',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => false,\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'overview_option' => true,\n\t\t\t\t\t'requires_reconf' => ['http']\n\t\t\t\t],\n\t\t\t\t'system_ssl_protocols' => [\n\t\t\t\t\t'label' => lng('serversettings.ssl.ssl_protocols'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'ssl_protocols',\n\t\t\t\t\t'type' => 'select',\n\t\t\t\t\t'default' => 'TLSv1.2',\n\t\t\t\t\t'select_mode' => 'multiple',\n\t\t\t\t\t'select_var' => [\n\t\t\t\t\t\t'TLSv1' => 'TLSv1',\n\t\t\t\t\t\t'TLSv1.1' => 'TLSv1.1',\n\t\t\t\t\t\t'TLSv1.2' => 'TLSv1.2',\n\t\t\t\t\t\t'TLSv1.3' => 'TLSv1.3'\n\t\t\t\t\t],\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'system_ssl_cipher_list' => [\n\t\t\t\t\t'label' => lng('serversettings.ssl.ssl_cipher_list'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'ssl_cipher_list',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'string_emptyallowed' => false,\n\t\t\t\t\t'default' => 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305',\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t\t'system_tlsv13_cipher_list' => [\n\t\t\t\t\t'label' => lng('serversettings.ssl.tlsv13_cipher_list'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'tlsv13_cipher_list',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'string_emptyallowed' => true,\n\t\t\t\t\t'default' => '',\n\t\t\t\t\t'visible' => Settings::Get('system.webserver') == \"apache2\" && Settings::Get('system.apache24') == 1,\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t\t'system_ssl_cert_file' => [\n\t\t\t\t\t'label' => lng('serversettings.ssl.ssl_cert_file'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'ssl_cert_file',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'string_type' => 'file',\n\t\t\t\t\t'string_emptyallowed' => true,\n\t\t\t\t\t'default' => '/etc/ssl/froxlor_selfsigned.pem',\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'system_ssl_key_file' => [\n\t\t\t\t\t'label' => lng('serversettings.ssl.ssl_key_file'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'ssl_key_file',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'string_type' => 'file',\n\t\t\t\t\t'string_emptyallowed' => true,\n\t\t\t\t\t'default' => '/etc/ssl/froxlor_selfsigned.key',\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'system_ssl_cert_chainfile' => [\n\t\t\t\t\t'label' => lng('admin.ipsandports.ssl_cert_chainfile'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'ssl_cert_chainfile',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'string_type' => 'file',\n\t\t\t\t\t'string_emptyallowed' => true,\n\t\t\t\t\t'default' => '',\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'system_ssl_ca_file' => [\n\t\t\t\t\t'label' => lng('serversettings.ssl.ssl_ca_file'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'ssl_ca_file',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'string_type' => 'file',\n\t\t\t\t\t'string_emptyallowed' => true,\n\t\t\t\t\t'default' => '',\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'system_apache24_ocsp_cache_path' => [\n\t\t\t\t\t'label' => lng('serversettings.ssl.apache24_ocsp_cache_path'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'apache24_ocsp_cache_path',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'string_emptyallowed' => false,\n\t\t\t\t\t'default' => 'shmcb:/var/run/apache2/ocsp-stapling.cache(131072)',\n\t\t\t\t\t'visible' => Settings::Get('system.webserver') == \"apache2\" && Settings::Get('system.apache24') == 1,\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t\t'system_sessionticketsenabled' => [\n\t\t\t\t\t'label' => lng('admin.domain_sessionticketsenabled'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'sessionticketsenabled',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => true,\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'visible' => Settings::Get('system.use_ssl') && (Settings::Get('system.webserver') == \"nginx\" || (Settings::Get('system.webserver') == \"apache2\" && Settings::Get('system.apache24') == 1)),\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t\t'system_leenabled' => [\n\t\t\t\t\t'label' => lng('serversettings.leenabled'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'leenabled',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => false,\n\t\t\t\t\t'cronmodule' => 'froxlor/letsencrypt',\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'requires_reconf' => ['http']\n\t\t\t\t],\n\t\t\t\t'system_acmeshpath' => [\n\t\t\t\t\t'label' => lng('serversettings.acmeshpath'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'acmeshpath',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'string_type' => 'file',\n\t\t\t\t\t'default' => '/root/.acme.sh/acme.sh',\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'advanced_mode' => true,\n\t\t\t\t\t'required_otp' => true\n\t\t\t\t],\n\t\t\t\t'system_letsencryptacmeconf' => [\n\t\t\t\t\t'label' => lng('serversettings.letsencryptacmeconf'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'letsencryptacmeconf',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'string_type' => 'file',\n\t\t\t\t\t'default' => '/etc/apache2/conf-enabled/acme.conf',\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'requires_reconf' => ['http']\n\t\t\t\t],\n\t\t\t\t'system_letsencryptca' => [\n\t\t\t\t\t'label' => lng('serversettings.letsencryptca'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'letsencryptca',\n\t\t\t\t\t'type' => 'select',\n\t\t\t\t\t'default' => 'letsencrypt',\n\t\t\t\t\t'select_var' => [\n\t\t\t\t\t\t'letsencrypt_test' => 'Let\\'s Encrypt (Test / Staging)',\n\t\t\t\t\t\t'letsencrypt' => 'Let\\'s Encrypt (Live)',\n\t\t\t\t\t\t'buypass_test' => 'Buypass (Test / Staging)',\n\t\t\t\t\t\t'buypass' => 'Buypass (Live)',\n\t\t\t\t\t\t'zerossl' => 'ZeroSSL (Live)',\n\t\t\t\t\t\t'google' => 'Google (Live)',\n\t\t\t\t\t\t'google_test' => 'Google (Test / Staging)',\n\t\t\t\t\t],\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'system_letsencryptchallengepath' => [\n\t\t\t\t\t'label' => lng('serversettings.letsencryptchallengepath'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'letsencryptchallengepath',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'string_emptyallowed' => false,\n\t\t\t\t\t'default' => Froxlor::getInstallDir(),\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'advanced_mode' => true,\n\t\t\t\t\t'requires_reconf' => ['http']\n\t\t\t\t],\n\t\t\t\t'system_letsencryptkeysize' => [\n\t\t\t\t\t'label' => lng('serversettings.letsencryptkeysize'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'letsencryptkeysize',\n\t\t\t\t\t'type' => 'select',\n\t\t\t\t\t'default' => '2048',\n\t\t\t\t\t'select_var' => [\n\t\t\t\t\t\t'2048' => '2048',\n\t\t\t\t\t\t'3072' => '3072',\n\t\t\t\t\t\t'4096' => '4096',\n\t\t\t\t\t\t'8192' => '8192'\n\t\t\t\t\t],\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'system_leecc' => [\n\t\t\t\t\t'label' => lng('serversettings.letsencryptecc'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'leecc',\n\t\t\t\t\t'type' => 'select',\n\t\t\t\t\t'default' => '0',\n\t\t\t\t\t'select_var' => [\n\t\t\t\t\t\t'0' => '-',\n\t\t\t\t\t\t'256' => 'ec-256',\n\t\t\t\t\t\t'384' => 'ec-384'\n\t\t\t\t\t],\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t\t'system_letsencryptreuseold' => [\n\t\t\t\t\t'label' => lng('serversettings.letsencryptreuseold'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'letsencryptreuseold',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => true,\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t\t'system_le_domain_dnscheck' => [\n\t\t\t\t\t'label' => lng('serversettings.le_domain_dnscheck'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'le_domain_dnscheck',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => true,\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'system_le_domain_dnscheck_resolver' => [\n\t\t\t\t\t'label' => lng('serversettings.le_domain_dnscheck_resolver'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'le_domain_dnscheck_resolver',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'string_type' => 'validate_ip',\n\t\t\t\t\t'string_emptyallowed' => true,\n\t\t\t\t\t'default' => '',\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t\t'system_le_renew_services' => [\n\t\t\t\t\t'label' => lng('serversettings.le_renew_services'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'le_renew_services',\n\t\t\t\t\t'type' => 'select',\n\t\t\t\t\t'default' => '',\n\t\t\t\t\t'select_mode' => 'multiple',\n\t\t\t\t\t'option_emptyallowed' => true,\n\t\t\t\t\t'select_var' => [\n\t\t\t\t\t\t'' => lng('panel.none_value'),\n\t\t\t\t\t\t'postfix' => 'postfix (smtp)',\n\t\t\t\t\t\t'dovecot' => 'dovecot <2.4 (imap/pop3)',\n\t\t\t\t\t\t'dovecot24' => 'dovecot >=2.4 (imap/pop3)',\n\t\t\t\t\t\t'proftpd' => 'proftpd (ftp)',\n\t\t\t\t\t],\n\t\t\t\t\t'save_method' => 'storeSettingFieldInsertUpdateServicesTask',\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t\t'system_le_renew_hook' => [\n\t\t\t\t\t'label' => lng('serversettings.le_renew_hook'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'le_renew_hook',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'string_regexp' => '/^[a-z0-9\\/\\._\\- ]+$/i',\n\t\t\t\t\t'default' => 'systemctl restart postfix dovecot proftpd',\n\t\t\t\t\t'save_method' => 'storeSettingFieldInsertUpdateServicesTask',\n\t\t\t\t\t'advanced_mode' => true,\n\t\t\t\t\t'required_otp' => true\n\t\t\t\t],\n\t\t\t]\n\t\t]\n\t]\n];\n" }, { "path": "actions/admin/settings/135.fcgid.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nreturn [\n\t'groups' => [\n\t\t'fcgid' => [\n\t\t\t'title' => lng('admin.fcgid_settings'),\n\t\t\t'icon' => 'fa-brands fa-php',\n\t\t\t'websrv_avail' => [\n\t\t\t\t'apache2',\n\t\t\t],\n\t\t\t'fields' => [\n\t\t\t\t'system_mod_fcgid' => [\n\t\t\t\t\t'label' => lng('serversettings.mod_fcgid'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'mod_fcgid',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => false,\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'plausibility_check_method' => [\n\t\t\t\t\t\t'\\\\Froxlor\\\\Validate\\\\Check',\n\t\t\t\t\t\t'checkFcgidPhpFpm'\n\t\t\t\t\t],\n\t\t\t\t\t'overview_option' => true,\n\t\t\t\t\t'requires_reconf' => ['http', 'system:fcgid']\n\t\t\t\t],\n\t\t\t\t'system_mod_fcgid_configdir' => [\n\t\t\t\t\t'label' => lng('serversettings.mod_fcgid.configdir'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'mod_fcgid_configdir',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'string_type' => 'confdir',\n\t\t\t\t\t'default' => '/var/www/php-fcgi-scripts/',\n\t\t\t\t\t'plausibility_check_method' => [\n\t\t\t\t\t\t'\\\\Froxlor\\\\Validate\\\\Check',\n\t\t\t\t\t\t'checkPathConflicts'\n\t\t\t\t\t],\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'requires_reconf' => ['system:fcgid']\n\t\t\t\t],\n\t\t\t\t'system_mod_fcgid_tmpdir' => [\n\t\t\t\t\t'label' => lng('serversettings.mod_fcgid.tmpdir'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'mod_fcgid_tmpdir',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'string_type' => 'dir',\n\t\t\t\t\t'default' => '/var/customers/tmp/',\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'requires_reconf' => ['http']\n\t\t\t\t],\n\t\t\t\t'system_mod_fcgid_peardir' => [\n\t\t\t\t\t'label' => lng('serversettings.mod_fcgid.peardir'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'mod_fcgid_peardir',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'string_type' => 'dir',\n\t\t\t\t\t'string_delimiter' => ':',\n\t\t\t\t\t'string_emptyallowed' => true,\n\t\t\t\t\t'default' => '/usr/share/php/:/usr/share/php5/',\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t\t'system_mod_fcgid_wrapper' => [\n\t\t\t\t\t'label' => lng('serversettings.mod_fcgid.wrapper'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'mod_fcgid_wrapper',\n\t\t\t\t\t'type' => 'select',\n\t\t\t\t\t'select_var' => [\n\t\t\t\t\t\t0 => 'ScriptAlias',\n\t\t\t\t\t\t1 => 'FcgidWrapper'\n\t\t\t\t\t],\n\t\t\t\t\t'default' => 1,\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'websrv_avail' => [\n\t\t\t\t\t\t'apache2'\n\t\t\t\t\t],\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t\t'system_mod_fcgid_starter' => [\n\t\t\t\t\t'label' => lng('serversettings.mod_fcgid.starter'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'mod_fcgid_starter',\n\t\t\t\t\t'type' => 'number',\n\t\t\t\t\t'min' => 0,\n\t\t\t\t\t'default' => 0,\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t\t'system_mod_fcgid_maxrequests' => [\n\t\t\t\t\t'label' => lng('serversettings.mod_fcgid.maxrequests'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'mod_fcgid_maxrequests',\n\t\t\t\t\t'type' => 'number',\n\t\t\t\t\t'default' => 250,\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t\t'system_mod_fcgid_defaultini' => [\n\t\t\t\t\t'label' => lng('serversettings.mod_fcgid.defaultini'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'mod_fcgid_defaultini',\n\t\t\t\t\t'type' => 'select',\n\t\t\t\t\t'default' => '1',\n\t\t\t\t\t'option_options_method' => [\n\t\t\t\t\t\t'\\\\Froxlor\\\\Http\\\\PhpConfig',\n\t\t\t\t\t\t'getPhpConfigs'\n\t\t\t\t\t],\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'system_mod_fcgid_idle_timeout' => [\n\t\t\t\t\t'label' => lng('serversettings.mod_fcgid.idle_timeout'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'mod_fcgid_idle_timeout',\n\t\t\t\t\t'type' => 'number',\n\t\t\t\t\t'default' => 30,\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t]\n\t\t\t]\n\t\t]\n\t]\n];\n" }, { "path": "actions/admin/settings/136.phpfpm.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nuse Froxlor\\Settings;\n\nreturn [\n\t'groups' => [\n\t\t'phpfpm' => [\n\t\t\t'title' => lng('admin.phpfpm_settings'),\n\t\t\t'icon' => 'fa-brands fa-php',\n\t\t\t'fields' => [\n\t\t\t\t'phpfpm_enabled' => [\n\t\t\t\t\t'label' => lng('serversettings.phpfpm'),\n\t\t\t\t\t'settinggroup' => 'phpfpm',\n\t\t\t\t\t'varname' => 'enabled',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => false,\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'plausibility_check_method' => [\n\t\t\t\t\t\t'\\\\Froxlor\\\\Validate\\\\Check',\n\t\t\t\t\t\t'checkFcgidPhpFpm'\n\t\t\t\t\t],\n\t\t\t\t\t'overview_option' => true,\n\t\t\t\t\t'requires_reconf' => ['http', 'system:php-fpm']\n\t\t\t\t],\n\t\t\t\t'phpfpm_defaultini' => [\n\t\t\t\t\t'label' => lng('serversettings.mod_fcgid.defaultini'),\n\t\t\t\t\t'settinggroup' => 'phpfpm',\n\t\t\t\t\t'varname' => 'defaultini',\n\t\t\t\t\t'type' => 'select',\n\t\t\t\t\t'default' => '1',\n\t\t\t\t\t'option_options_method' => [\n\t\t\t\t\t\t'\\\\Froxlor\\\\Http\\\\PhpConfig',\n\t\t\t\t\t\t'getPhpConfigs'\n\t\t\t\t\t],\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'phpfpm_aliasconfigdir' => [\n\t\t\t\t\t'label' => lng('serversettings.phpfpm_settings.aliasconfigdir'),\n\t\t\t\t\t'settinggroup' => 'phpfpm',\n\t\t\t\t\t'varname' => 'aliasconfigdir',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'string_type' => 'confdir',\n\t\t\t\t\t'default' => '/var/www/php-fpm/',\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t\t'phpfpm_tmpdir' => [\n\t\t\t\t\t'label' => lng('serversettings.mod_fcgid.tmpdir'),\n\t\t\t\t\t'settinggroup' => 'phpfpm',\n\t\t\t\t\t'varname' => 'tmpdir',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'string_type' => 'dir',\n\t\t\t\t\t'default' => '/var/customers/tmp/',\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'phpfpm_peardir' => [\n\t\t\t\t\t'label' => lng('serversettings.mod_fcgid.peardir'),\n\t\t\t\t\t'settinggroup' => 'phpfpm',\n\t\t\t\t\t'varname' => 'peardir',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'string_type' => 'dir',\n\t\t\t\t\t'string_delimiter' => ':',\n\t\t\t\t\t'string_emptyallowed' => true,\n\t\t\t\t\t'default' => '/usr/share/php/:/usr/share/php5/',\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t\t'phpfpm_envpath' => [\n\t\t\t\t\t'label' => lng('serversettings.phpfpm_settings.envpath'),\n\t\t\t\t\t'settinggroup' => 'phpfpm',\n\t\t\t\t\t'varname' => 'envpath',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'string_type' => 'dir',\n\t\t\t\t\t'string_delimiter' => ':',\n\t\t\t\t\t'string_emptyallowed' => true,\n\t\t\t\t\t'default' => '/usr/local/bin:/usr/bin:/bin',\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t\t'phpfpm_fastcgi_ipcdir' => [\n\t\t\t\t\t'label' => lng('serversettings.phpfpm_settings.ipcdir'),\n\t\t\t\t\t'settinggroup' => 'phpfpm',\n\t\t\t\t\t'varname' => 'fastcgi_ipcdir',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'string_type' => 'dir',\n\t\t\t\t\t'default' => '/var/lib/apache2/fastcgi/',\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t\t'phpfpm_use_mod_proxy' => [\n\t\t\t\t\t'label' => lng('phpfpm.use_mod_proxy'),\n\t\t\t\t\t'settinggroup' => 'phpfpm',\n\t\t\t\t\t'varname' => 'use_mod_proxy',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => true,\n\t\t\t\t\t'visible' => Settings::Get('system.apache24'),\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'phpfpm_ini_flags' => [\n\t\t\t\t\t'label' => lng('phpfpm.ini_flags'),\n\t\t\t\t\t'settinggroup' => 'phpfpm',\n\t\t\t\t\t'varname' => 'ini_flags',\n\t\t\t\t\t'type' => 'textarea',\n\t\t\t\t\t'default' => '',\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'advanced_mode' => true,\n\t\t\t\t\t'required_otp' => true\n\t\t\t\t],\n\t\t\t\t'phpfpm_ini_values' => [\n\t\t\t\t\t'label' => lng('phpfpm.ini_values'),\n\t\t\t\t\t'settinggroup' => 'phpfpm',\n\t\t\t\t\t'varname' => 'ini_values',\n\t\t\t\t\t'type' => 'textarea',\n\t\t\t\t\t'default' => '',\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'advanced_mode' => true,\n\t\t\t\t\t'required_otp' => true\n\t\t\t\t],\n\t\t\t\t'phpfpm_ini_admin_flags' => [\n\t\t\t\t\t'label' => lng('phpfpm.ini_admin_flags'),\n\t\t\t\t\t'settinggroup' => 'phpfpm',\n\t\t\t\t\t'varname' => 'ini_admin_flags',\n\t\t\t\t\t'type' => 'textarea',\n\t\t\t\t\t'default' => '',\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'advanced_mode' => true,\n\t\t\t\t\t'required_otp' => true\n\t\t\t\t],\n\t\t\t\t'phpfpm_ini_admin_values' => [\n\t\t\t\t\t'label' => lng('phpfpm.ini_admin_values'),\n\t\t\t\t\t'settinggroup' => 'phpfpm',\n\t\t\t\t\t'varname' => 'ini_admin_values',\n\t\t\t\t\t'type' => 'textarea',\n\t\t\t\t\t'default' => '',\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'advanced_mode' => true,\n\t\t\t\t\t'required_otp' => true\n\t\t\t\t]\n\t\t\t]\n\t\t]\n\t]\n];\n" }, { "path": "actions/admin/settings/137.perl.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nreturn [\n\t'groups' => [\n\t\t'perl' => [\n\t\t\t'title' => lng('admin.perl_settings'),\n\t\t\t'icon' => 'fa-solid fa-code',\n\t\t\t'fields' => [\n\t\t\t\t'perl_suexecworkaround' => [\n\t\t\t\t\t'label' => lng('serversettings.perl.suexecworkaround'),\n\t\t\t\t\t'settinggroup' => 'perl',\n\t\t\t\t\t'varname' => 'suexecworkaround',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => false,\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'websrv_avail' => [\n\t\t\t\t\t\t'apache2'\n\t\t\t\t\t]\n\t\t\t\t],\n\t\t\t\t'perl_suexecpath' => [\n\t\t\t\t\t'label' => lng('serversettings.perl.suexeccgipath'),\n\t\t\t\t\t'settinggroup' => 'perl',\n\t\t\t\t\t'varname' => 'suexecpath',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'string_type' => 'dir',\n\t\t\t\t\t'default' => '/var/www/cgi-bin/',\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'websrv_avail' => [\n\t\t\t\t\t\t'apache2'\n\t\t\t\t\t]\n\t\t\t\t],\n\t\t\t\t'serversettings_perl_server' => [\n\t\t\t\t\t'label' => lng('serversettings.perl_server'),\n\t\t\t\t\t'settinggroup' => 'serversettings',\n\t\t\t\t\t'varname' => 'perl_server',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'default' => 'unix:/var/run/nginx/cgiwrap-dispatch.sock',\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'websrv_avail' => [\n\t\t\t\t\t\t'nginx'\n\t\t\t\t\t]\n\t\t\t\t]\n\t\t\t]\n\t\t]\n\t]\n];\n" }, { "path": "actions/admin/settings/140.statistics.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nuse Froxlor\\Settings;\n\nreturn [\n\t'groups' => [\n\t\t'statistics' => [\n\t\t\t'title' => lng('admin.statisticsettings'),\n\t\t\t'icon' => 'fa-solid fa-chart-area',\n\t\t\t'fields' => [\n\t\t\t\t'system_traffictool' => [\n\t\t\t\t\t'label' => lng('serversettings.traffictool.toolselect'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'traffictool',\n\t\t\t\t\t'type' => 'select',\n\t\t\t\t\t'default' => 'goaccess',\n\t\t\t\t\t'select_var' => [\n\t\t\t\t\t\t'webalizer' => lng('serversettings.traffictool.webalizer'),\n\t\t\t\t\t\t'awstats' => lng('serversettings.traffictool.awstats'),\n\t\t\t\t\t\t'goaccess' => lng('serversettings.traffictool.goaccess')\n\t\t\t\t\t],\n\t\t\t\t\t'save_method' => 'storeSettingUpdateTrafficTool',\n\t\t\t\t\t'requires_reconf' => ['system']\n\t\t\t\t],\n\t\t\t\t'system_webalizer_quiet' => [\n\t\t\t\t\t'label' => lng('serversettings.webalizer_quiet'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'webalizer_quiet',\n\t\t\t\t\t'type' => 'select',\n\t\t\t\t\t'default' => 2,\n\t\t\t\t\t'select_var' => [\n\t\t\t\t\t\t0 => lng('admin.webalizer.normal'),\n\t\t\t\t\t\t1 => lng('admin.webalizer.quiet'),\n\t\t\t\t\t\t2 => lng('admin.webalizer.veryquiet')\n\t\t\t\t\t],\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'visible' => Settings::Get('system.traffictool') == 'webalizer'\n\t\t\t\t],\n\t\t\t\t'system_awstats_path' => [\n\t\t\t\t\t'label' => lng('serversettings.awstats_path'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'awstats_path',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'string_type' => 'dir',\n\t\t\t\t\t'default' => '/usr/share/awstats/tools/',\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'visible' => Settings::Get('system.traffictool') == 'awstats'\n\t\t\t\t],\n\t\t\t\t'system_awstats_awstatspath' => [\n\t\t\t\t\t'label' => lng('serversettings.awstats_awstatspath'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'awstats_awstatspath',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'string_type' => 'dir',\n\t\t\t\t\t'default' => '/usr/lib/cgi-bin/',\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'visible' => Settings::Get('system.traffictool') == 'awstats'\n\t\t\t\t],\n\t\t\t\t'system_awstats_conf' => [\n\t\t\t\t\t'label' => lng('serversettings.awstats_conf'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'awstats_conf',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'string_type' => 'dir',\n\t\t\t\t\t'default' => '/etc/awstats/',\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'visible' => Settings::Get('system.traffictool') == 'awstats',\n\t\t\t\t\t'requires_reconf' => ['system:awstats']\n\t\t\t\t],\n\t\t\t\t'system_awstats_icons' => [\n\t\t\t\t\t'label' => lng('serversettings.awstats_icons'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'awstats_icons',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'string_type' => 'dir',\n\t\t\t\t\t'default' => '/usr/share/awstats/icon/',\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'visible' => Settings::Get('system.traffictool') == 'awstats'\n\t\t\t\t],\n\t\t\t\t'system_awstats_logformat' => [\n\t\t\t\t\t'label' => lng('serversettings.awstats.logformat'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'awstats_logformat',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'default' => '1',\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'visible' => Settings::Get('system.traffictool') == 'awstats',\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t]\n\t\t\t]\n\t\t]\n\t]\n];\n" }, { "path": "actions/admin/settings/150.mail.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nreturn [\n\t'groups' => [\n\t\t'mail' => [\n\t\t\t'title' => lng('admin.mailserversettings'),\n\t\t\t'icon' => 'fa-solid fa-envelope',\n\t\t\t'fields' => [\n\t\t\t\t'system_vmail_uid' => [\n\t\t\t\t\t'label' => lng('serversettings.vmail_uid'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'vmail_uid',\n\t\t\t\t\t'type' => 'number',\n\t\t\t\t\t'default' => 2000,\n\t\t\t\t\t'min' => 2,\n\t\t\t\t\t'max' => 65535,\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'advanced_mode' => true,\n\t\t\t\t\t'requires_reconf' => ['smtp']\n\t\t\t\t],\n\t\t\t\t'system_vmail_gid' => [\n\t\t\t\t\t'label' => lng('serversettings.vmail_gid'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'vmail_gid',\n\t\t\t\t\t'type' => 'number',\n\t\t\t\t\t'default' => 2000,\n\t\t\t\t\t'min' => 2,\n\t\t\t\t\t'max' => 65535,\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'advanced_mode' => true,\n\t\t\t\t\t'requires_reconf' => ['smtp']\n\t\t\t\t],\n\t\t\t\t'system_vmail_homedir' => [\n\t\t\t\t\t'label' => lng('serversettings.vmail_homedir'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'vmail_homedir',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'string_type' => 'dir',\n\t\t\t\t\t'default' => '/var/customers/mail/',\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'requires_reconf' => ['smtp']\n\t\t\t\t],\n\t\t\t\t'system_vmail_maildirname' => [\n\t\t\t\t\t'label' => lng('serversettings.vmail_maildirname'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'vmail_maildirname',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'string_type' => 'dir',\n\t\t\t\t\t'default' => 'Maildir',\n\t\t\t\t\t'string_emptyallowed' => true,\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t\t'panel_sendalternativemail' => [\n\t\t\t\t\t'label' => lng('serversettings.sendalternativemail'),\n\t\t\t\t\t'settinggroup' => 'panel',\n\t\t\t\t\t'varname' => 'sendalternativemail',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => false,\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'system_mail_quota_enabled' => [\n\t\t\t\t\t'label' => lng('serversettings.mail_quota_enabled'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'mail_quota_enabled',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => false,\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'system_mail_quota' => [\n\t\t\t\t\t'label' => lng('serversettings.mail_quota'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'mail_quota',\n\t\t\t\t\t'type' => 'number',\n\t\t\t\t\t'default' => 100,\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'catchall_catchall_enabled' => [\n\t\t\t\t\t'label' => lng('serversettings.catchall_enabled'),\n\t\t\t\t\t'settinggroup' => 'catchall',\n\t\t\t\t\t'varname' => 'catchall_enabled',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => true,\n\t\t\t\t\t'save_method' => 'storeSettingResetCatchall'\n\t\t\t\t],\n\t\t\t\t'system_mailtraffic_enabled' => [\n\t\t\t\t\t'label' => lng('serversettings.mailtraffic_enabled'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'mailtraffic_enabled',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => true,\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t\t'system_mdaserver' => [\n\t\t\t\t\t'label' => lng('serversettings.mdaserver'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'mdaserver',\n\t\t\t\t\t'type' => 'select',\n\t\t\t\t\t'default' => 'dovecot',\n\t\t\t\t\t'select_var' => [\n\t\t\t\t\t\t'courier' => 'Courier',\n\t\t\t\t\t\t'dovecot' => 'Dovecot'\n\t\t\t\t\t],\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t\t'system_mdalog' => [\n\t\t\t\t\t'label' => lng('serversettings.mdalog'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'mdalog',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'string_type' => 'file',\n\t\t\t\t\t'default' => '/var/log/mail.log',\n\t\t\t\t\t'string_emptyallowed' => true,\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t\t'system_mtaserver' => [\n\t\t\t\t\t'label' => lng('serversettings.mtaserver'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'mtaserver',\n\t\t\t\t\t'type' => 'select',\n\t\t\t\t\t'default' => 'postfix',\n\t\t\t\t\t'select_var' => [\n\t\t\t\t\t\t'exim4' => 'Exim4',\n\t\t\t\t\t\t'postfix' => 'Postfix'\n\t\t\t\t\t],\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t\t'system_mtalog' => [\n\t\t\t\t\t'label' => lng('serversettings.mtalog'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'mtalog',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'string_type' => 'file',\n\t\t\t\t\t'default' => '/var/log/mail.log',\n\t\t\t\t\t'string_emptyallowed' => true,\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t\t'mail_enable_allow_sender' => [\n\t\t\t\t\t'label' => lng('serversettings.mail_enable_allow_sender'),\n\t\t\t\t\t'settinggroup' => 'mail',\n\t\t\t\t\t'varname' => 'enable_allow_sender',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => false,\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'mail_allow_external_domains' => [\n\t\t\t\t\t'label' => lng('serversettings.mail_allow_external_domains'),\n\t\t\t\t\t'settinggroup' => 'mail',\n\t\t\t\t\t'varname' => 'allow_external_domains',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => false,\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t]\n\t\t]\n\t]\n];\n" }, { "path": "actions/admin/settings/155.ftpserver.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nreturn [\n\t'groups' => [\n\t\t'ftpserver' => [\n\t\t\t'title' => lng('admin.ftpserversettings'),\n\t\t\t'icon' => 'fa-solid fa-arrow-right-arrow-left',\n\t\t\t'fields' => [\n\t\t\t\t'system_ftpserver' => [\n\t\t\t\t\t'label' => lng('admin.ftpserver'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'ftpserver',\n\t\t\t\t\t'type' => 'select',\n\t\t\t\t\t'default' => 'proftpd',\n\t\t\t\t\t'select_var' => [\n\t\t\t\t\t\t'proftpd' => 'Proftpd',\n\t\t\t\t\t\t'pureftpd' => 'Pureftpd'\n\t\t\t\t\t],\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t]\n\t\t\t]\n\t\t]\n\t]\n];\n" }, { "path": "actions/admin/settings/160.nameserver.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nuse Froxlor\\Settings;\n\nreturn [\n\t'groups' => [\n\t\t'nameserver' => [\n\t\t\t'title' => lng('admin.nameserversettings'),\n\t\t\t'icon' => 'fa-solid fa-globe',\n\t\t\t'fields' => [\n\t\t\t\t'system_bind_enable' => [\n\t\t\t\t\t'label' => lng('serversettings.bindenable'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'bind_enable',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => true,\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'overview_option' => true,\n\t\t\t\t\t'requires_reconf' => ['dns']\n\t\t\t\t],\n\t\t\t\t'system_dnsenabled' => [\n\t\t\t\t\t'label' => lng('serversettings.dnseditorenable'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'dnsenabled',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => false,\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'system_dns_server' => [\n\t\t\t\t\t'label' => lng('serversettings.dns_server'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'dns_server',\n\t\t\t\t\t'type' => 'select',\n\t\t\t\t\t'default' => 'Bind',\n\t\t\t\t\t'select_var' => [\n\t\t\t\t\t\t'Bind' => 'Bind9',\n\t\t\t\t\t\t'PowerDNS' => 'PowerDNS'\n\t\t\t\t\t],\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'requires_reconf' => ['dns']\n\t\t\t\t],\n\t\t\t\t'system_bindconf_directory' => [\n\t\t\t\t\t'label' => lng('serversettings.bindconf_directory'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'bindconf_directory',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'string_type' => 'dir',\n\t\t\t\t\t'default' => '/etc/bind/',\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'visible' => Settings::Get('system.dns_server') == 'Bind',\n\t\t\t\t\t'requires_reconf' => ['dns:bind']\n\t\t\t\t],\n\t\t\t\t'system_bindreload_command' => [\n\t\t\t\t\t'label' => lng('serversettings.bindreload_command'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'bindreload_command',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'string_regexp' => '/^[a-z0-9\\/\\._\\- ]+$/i',\n\t\t\t\t\t'default' => '/etc/init.d/bind9 reload',\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'required_otp' => true\n\t\t\t\t],\n\t\t\t\t'system_nameservers' => [\n\t\t\t\t\t'label' => lng('serversettings.nameservers'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'nameservers',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'string_regexp' => '/^(([a-z0-9\\-\\._]+, ?)*[a-z0-9\\-\\._]+)?$/i',\n\t\t\t\t\t'string_emptyallowed' => true,\n\t\t\t\t\t'default' => '',\n\t\t\t\t\t'save_method' => 'storeSettingFieldInsertBindTask'\n\t\t\t\t],\n\t\t\t\t'system_mxservers' => [\n\t\t\t\t\t'label' => lng('serversettings.mxservers'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'mxservers',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'string_regexp' => '/^(([0-9]+ [a-z0-9\\-\\._]+, ?)*[0-9]+ [a-z0-9\\-\\._]+)?$/i',\n\t\t\t\t\t'string_emptyallowed' => true,\n\t\t\t\t\t'default' => '',\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'system_axfrservers' => [\n\t\t\t\t\t'label' => lng('serversettings.axfrservers'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'axfrservers',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'string_type' => 'validate_ip_incl_private',\n\t\t\t\t\t'string_delimiter' => ',',\n\t\t\t\t\t'string_emptyallowed' => true,\n\t\t\t\t\t'default' => '',\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'required_otp' => true\n\t\t\t\t],\n\t\t\t\t'system_powerdns_mode' => [\n\t\t\t\t\t'label' => lng('serversettings.powerdns_mode'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'powerdns_mode',\n\t\t\t\t\t'type' => 'select',\n\t\t\t\t\t'default' => 'Native',\n\t\t\t\t\t'select_var' => [\n\t\t\t\t\t\t'Native' => 'Native',\n\t\t\t\t\t\t'Master' => 'Master'\n\t\t\t\t\t],\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'advanced_mode' => true,\n\t\t\t\t\t'visible' => Settings::Get('system.dns_server') == 'PowerDNS',\n\t\t\t\t],\n\t\t\t\t'system_dns_createmailentry' => [\n\t\t\t\t\t'label' => lng('serversettings.mail_also_with_mxservers'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'dns_createmailentry',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => false,\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'system_dns_createcaaentry' => [\n\t\t\t\t\t'label' => lng('serversettings.caa_entry'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'dns_createcaaentry',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => true,\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t\t'caa_caa_entry' => [\n\t\t\t\t\t'label' => lng('serversettings.caa_entry_custom'),\n\t\t\t\t\t'settinggroup' => 'caa',\n\t\t\t\t\t'varname' => 'caa_entry',\n\t\t\t\t\t'type' => 'textarea',\n\t\t\t\t\t'default' => '',\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t\t'system_defaultttl' => [\n\t\t\t\t\t'label' => lng('serversettings.defaultttl'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'defaultttl',\n\t\t\t\t\t'type' => 'number',\n\t\t\t\t\t'default' => 604800, /* 1 week */\n\t\t\t\t\t'min' => 3600, /* 1 hour */\n\t\t\t\t\t'max' => 2147483647, /* integer max */\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'system_soaemail' => [\n\t\t\t\t\t'label' => lng('serversettings.soaemail'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'soaemail',\n\t\t\t\t\t'type' => 'email',\n\t\t\t\t\t'string_emptyallowed' => true,\n\t\t\t\t\t'default' => '',\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t]\n\t\t\t]\n\t\t]\n\t]\n];\n" }, { "path": "actions/admin/settings/170.logger.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nreturn [\n\t'groups' => [\n\t\t'logging' => [\n\t\t\t'title' => lng('admin.loggersettings'),\n\t\t\t'icon' => 'fa-solid fa-file-lines',\n\t\t\t'fields' => [\n\t\t\t\t'logger_enabled' => [\n\t\t\t\t\t'label' => lng('serversettings.logger.enable'),\n\t\t\t\t\t'settinggroup' => 'logger',\n\t\t\t\t\t'varname' => 'enabled',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => false,\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'overview_option' => true\n\t\t\t\t],\n\t\t\t\t'logger_severity' => [\n\t\t\t\t\t'label' => lng('serversettings.logger.severity'),\n\t\t\t\t\t'settinggroup' => 'logger',\n\t\t\t\t\t'varname' => 'severity',\n\t\t\t\t\t'type' => 'select',\n\t\t\t\t\t'default' => 1,\n\t\t\t\t\t'select_var' => [\n\t\t\t\t\t\t1 => lng('admin.logger.normal'),\n\t\t\t\t\t\t2 => lng('admin.logger.paranoid')\n\t\t\t\t\t],\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'logger_logtypes' => [\n\t\t\t\t\t'label' => lng('serversettings.logger.types'),\n\t\t\t\t\t'settinggroup' => 'logger',\n\t\t\t\t\t'varname' => 'logtypes',\n\t\t\t\t\t'type' => 'select',\n\t\t\t\t\t'default' => 'syslog,mysql',\n\t\t\t\t\t'select_mode' => 'multiple',\n\t\t\t\t\t'select_var' => [\n\t\t\t\t\t\t'syslog' => 'syslog',\n\t\t\t\t\t\t'file' => 'file',\n\t\t\t\t\t\t'mysql' => 'mysql'\n\t\t\t\t\t],\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'logger_logfile' => [\n\t\t\t\t\t'label' => lng('serversettings.logger.logfile'),\n\t\t\t\t\t'settinggroup' => 'logger',\n\t\t\t\t\t'varname' => 'logfile',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'string_type' => 'file',\n\t\t\t\t\t'string_emptyallowed' => true,\n\t\t\t\t\t'default' => '',\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'logger_log_cron' => [\n\t\t\t\t\t'label' => lng('serversettings.logger.logcron'),\n\t\t\t\t\t'settinggroup' => 'logger',\n\t\t\t\t\t'varname' => 'log_cron',\n\t\t\t\t\t'type' => 'select',\n\t\t\t\t\t'default' => 0,\n\t\t\t\t\t'select_var' => [\n\t\t\t\t\t\t0 => lng('serversettings.logger.logcronoption.never'),\n\t\t\t\t\t\t1 => lng('serversettings.logger.logcronoption.once'),\n\t\t\t\t\t\t2 => lng('serversettings.logger.logcronoption.always')\n\t\t\t\t\t],\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t]\n\t\t\t]\n\t\t]\n\t]\n];\n" }, { "path": "actions/admin/settings/180.antispam.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nreturn [\n\t'groups' => [\n\t\t'antispam' => [\n\t\t\t'title' => lng('admin.antispam_settings'),\n\t\t\t'icon' => 'fa-solid fa-clipboard-check',\n\t\t\t'fields' => [\n\t\t\t\t'antispam_activated' => [\n\t\t\t\t\t'label' => lng('antispam.activated'),\n\t\t\t\t\t'settinggroup' => 'antispam',\n\t\t\t\t\t'varname' => 'activated',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => true,\n\t\t\t\t\t'overview_option' => true,\n\t\t\t\t\t'save_method' => 'storeSettingFieldInsertAntispamTask',\n\t\t\t\t],\n\t\t\t\t'antispam_config_file' => [\n\t\t\t\t\t'label' => lng('antispam.config_file'),\n\t\t\t\t\t'settinggroup' => 'antispam',\n\t\t\t\t\t'varname' => 'config_file',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'string_type' => 'file',\n\t\t\t\t\t'default' => '/etc/rspamd/local.d/froxlor_settings.conf',\n\t\t\t\t\t'save_method' => 'storeSettingFieldInsertAntispamTask',\n\t\t\t\t\t'requires_reconf' => ['antispam']\n\t\t\t\t],\n\t\t\t\t'antispam_reload_command' => [\n\t\t\t\t\t'label' => lng('antispam.reload_command'),\n\t\t\t\t\t'settinggroup' => 'antispam',\n\t\t\t\t\t'varname' => 'reload_command',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'string_regexp' => '/^[a-z0-9\\/\\._\\- ]+$/i',\n\t\t\t\t\t'default' => 'service rspamd restart',\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'required_otp' => true\n\t\t\t\t],\n\t\t\t\t'antispam_default_bypass_spam' => [\n\t\t\t\t\t'label' => lng('antispam.default_bypass_spam'),\n\t\t\t\t\t'settinggroup' => 'antispam',\n\t\t\t\t\t'varname' => 'default_bypass_spam',\n\t\t\t\t\t'type' => 'select',\n\t\t\t\t\t'default' => 2,\n\t\t\t\t\t'select_var' => [\n\t\t\t\t\t\t1 => lng('antispam.default_select.on_changeable'),\n\t\t\t\t\t\t2 => lng('antispam.default_select.off_changeable'),\n\t\t\t\t\t\t3 => lng('antispam.default_select.on_unchangeable'),\n\t\t\t\t\t\t4 => lng('antispam.default_select.off_unchangeable'),\n\t\t\t\t\t],\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t\t'antispam_default_spam_rewrite_subject' => [\n\t\t\t\t\t'label' => lng('antispam.default_spam_rewrite_subject'),\n\t\t\t\t\t'settinggroup' => 'antispam',\n\t\t\t\t\t'varname' => 'default_spam_rewrite_subject',\n\t\t\t\t\t'type' => 'select',\n\t\t\t\t\t'default' => 1,\n\t\t\t\t\t'select_var' => [\n\t\t\t\t\t\t1 => lng('antispam.default_select.on_changeable'),\n\t\t\t\t\t\t2 => lng('antispam.default_select.off_changeable'),\n\t\t\t\t\t\t3 => lng('antispam.default_select.on_unchangeable'),\n\t\t\t\t\t\t4 => lng('antispam.default_select.off_unchangeable'),\n\t\t\t\t\t],\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t\t'antispam_default_policy_greylist' => [\n\t\t\t\t\t'label' => lng('antispam.default_policy_greylist'),\n\t\t\t\t\t'settinggroup' => 'antispam',\n\t\t\t\t\t'varname' => 'default_policy_greylist',\n\t\t\t\t\t'type' => 'select',\n\t\t\t\t\t'default' => 1,\n\t\t\t\t\t'select_var' => [\n\t\t\t\t\t\t1 => lng('antispam.default_select.on_changeable'),\n\t\t\t\t\t\t2 => lng('antispam.default_select.off_changeable'),\n\t\t\t\t\t\t3 => lng('antispam.default_select.on_unchangeable'),\n\t\t\t\t\t\t4 => lng('antispam.default_select.off_unchangeable'),\n\t\t\t\t\t],\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'advanced_mode' => true\n\t\t\t\t],\n\t\t\t\t'antispam_dkim_keylength' => [\n\t\t\t\t\t'label' => lng('antispam.dkim_keylength'),\n\t\t\t\t\t'settinggroup' => 'antispam',\n\t\t\t\t\t'varname' => 'dkim_keylength',\n\t\t\t\t\t'type' => 'select',\n\t\t\t\t\t'default' => '1024',\n\t\t\t\t\t'select_var' => [\n\t\t\t\t\t\t'1024' => '1024 Bit',\n\t\t\t\t\t\t'2048' => '2048 Bit'\n\t\t\t\t\t],\n\t\t\t\t\t'save_method' => 'storeSettingFieldInsertBindTask',\n\t\t\t\t\t'advanced_mode' => true,\n\t\t\t\t],\n\t\t\t\t'spf_use_spf' => [\n\t\t\t\t\t'label' => lng('spf.use_spf'),\n\t\t\t\t\t'settinggroup' => 'spf',\n\t\t\t\t\t'varname' => 'use_spf',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => false,\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t],\n\t\t\t\t'spf_spf_entry' => [\n\t\t\t\t\t'label' => lng('spf.spf_entry'),\n\t\t\t\t\t'settinggroup' => 'spf',\n\t\t\t\t\t'varname' => 'spf_entry',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'string_regexp' => '/^v=spf[a-z0-9:~?\\s\\.\\-\\/]+$/i',\n\t\t\t\t\t'default' => 'v=spf1 a mx -all',\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t],\n\t\t\t\t'dmarc_use_dmarc' => [\n\t\t\t\t\t'label' => lng('dmarc.use_dmarc'),\n\t\t\t\t\t'settinggroup' => 'dmarc',\n\t\t\t\t\t'varname' => 'use_dmarc',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => false,\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t],\n\t\t\t\t'dmarc_dmarc_entry' => [\n\t\t\t\t\t'label' => lng('dmarc.dmarc_entry'),\n\t\t\t\t\t'settinggroup' => 'dmarc',\n\t\t\t\t\t'varname' => 'dmarc_entry',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'string_regexp' => '/^v=dmarc1(.+)$/i',\n\t\t\t\t\t'default' => 'v=DMARC1; p=none;',\n\t\t\t\t\t'save_method' => 'storeSettingField'\n\t\t\t\t]\n\t\t\t]\n\t\t]\n\t]\n];\n" }, { "path": "actions/admin/settings/210.security.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nuse Froxlor\\Settings;\n\nreturn [\n\t'groups' => [\n\t\t'security' => [\n\t\t\t'title' => lng('admin.security_settings'),\n\t\t\t'icon' => 'fa-solid fa-user-lock',\n\t\t\t'fields' => [\n\t\t\t\t'panel_unix_names' => [\n\t\t\t\t\t'label' => lng('serversettings.unix_names'),\n\t\t\t\t\t'settinggroup' => 'panel',\n\t\t\t\t\t'varname' => 'unix_names',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => true,\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'required_otp' => true\n\t\t\t\t],\n\t\t\t\t'system_mailpwcleartext' => [\n\t\t\t\t\t'label' => lng('serversettings.mailpwcleartext'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'mailpwcleartext',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => false,\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'advanced_mode' => true,\n\t\t\t\t\t'required_otp' => true\n\t\t\t\t],\n\t\t\t\t'system_passwordcryptfunc' => [\n\t\t\t\t\t'label' => lng('serversettings.passwordcryptfunc'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'passwordcryptfunc',\n\t\t\t\t\t'type' => 'select',\n\t\t\t\t\t'default' => PASSWORD_DEFAULT,\n\t\t\t\t\t'option_options_method' => [\n\t\t\t\t\t\t'\\\\Froxlor\\\\System\\\\Crypt',\n\t\t\t\t\t\t'getAvailablePasswordHashes'\n\t\t\t\t\t],\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'advanced_mode' => true,\n\t\t\t\t\t'required_otp' => true\n\t\t\t\t],\n\t\t\t\t'system_allow_error_report_admin' => [\n\t\t\t\t\t'label' => lng('serversettings.allow_error_report_admin'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'allow_error_report_admin',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => false,\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'required_otp' => true\n\t\t\t\t],\n\t\t\t\t'system_allow_error_report_customer' => [\n\t\t\t\t\t'label' => lng('serversettings.allow_error_report_customer'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'allow_error_report_customer',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => false,\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'required_otp' => true\n\t\t\t\t],\n\t\t\t\t'system_allow_customer_shell' => [\n\t\t\t\t\t'label' => lng('serversettings.allow_allow_customer_shell'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'allow_customer_shell',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => false,\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'advanced_mode' => true,\n\t\t\t\t\t'required_otp' => true\n\t\t\t\t],\n\t\t\t\t'system_available_shells' => [\n\t\t\t\t\t'label' => lng('serversettings.available_shells'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'available_shells',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'string_emptyallowed' => true,\n\t\t\t\t\t'default' => '',\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'advanced_mode' => true,\n\t\t\t\t\t'required_otp' => true\n\t\t\t\t],\n\t\t\t\t'system_froxlorusergroup' => [\n\t\t\t\t\t'label' => lng('serversettings.froxlorusergroup'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'froxlorusergroup',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'default' => '',\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'plausibility_check_method' => [\n\t\t\t\t\t\t'\\\\Froxlor\\\\Validate\\\\Check',\n\t\t\t\t\t\t'checkLocalGroup'\n\t\t\t\t\t],\n\t\t\t\t\t'visible' => Settings::Get('system.nssextrausers'),\n\t\t\t\t\t'advanced_mode' => true,\n\t\t\t\t\t'required_otp' => true\n\t\t\t\t],\n\t\t\t]\n\t\t]\n\t]\n];\n" }, { "path": "actions/admin/settings/220.quota.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nreturn [\n\t'groups' => [\n\t\t'diskquota' => [\n\t\t\t'title' => lng('diskquota'),\n\t\t\t'icon' => 'fa-solid fa-sliders',\n\t\t\t'advanced_mode' => true,\n\t\t\t'fields' => [\n\t\t\t\t'system_diskquota_enabled' => [\n\t\t\t\t\t'label' => lng('serversettings.diskquota_enabled'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'diskquota_enabled',\n\t\t\t\t\t'type' => 'checkbox',\n\t\t\t\t\t'default' => false,\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'overview_option' => true\n\t\t\t\t],\n\t\t\t\t'system_diskquota_repquota_path' => [\n\t\t\t\t\t'label' => lng('serversettings.diskquota_repquota_path.description'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'diskquota_repquota_path',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'string_type' => 'file',\n\t\t\t\t\t'default' => '/usr/sbin/repquota',\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'required_otp' => true\n\t\t\t\t],\n\t\t\t\t'system_diskquota_quotatool_path' => [\n\t\t\t\t\t'label' => lng('serversettings.diskquota_quotatool_path.description'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'diskquota_quotatool_path',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'string_type' => 'file',\n\t\t\t\t\t'default' => '/usr/bin/quotatool',\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'required_otp' => true\n\t\t\t\t],\n\t\t\t\t'system_diskquota_customer_partition' => [\n\t\t\t\t\t'label' => lng('serversettings.diskquota_customer_partition.description'),\n\t\t\t\t\t'settinggroup' => 'system',\n\t\t\t\t\t'varname' => 'diskquota_customer_partition',\n\t\t\t\t\t'type' => 'text',\n\t\t\t\t\t'string_type' => 'file',\n\t\t\t\t\t'default' => '/dev/root',\n\t\t\t\t\t'save_method' => 'storeSettingField',\n\t\t\t\t\t'required_otp' => true\n\t\t\t\t]\n\t\t\t]\n\t\t]\n\t]\n];\n" }, { "path": "actions/admin/settings/index.html", "content": "" }, { "path": "actions/index.html", "content": "" }, { "path": "admin_admins.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nconst AREA = 'admin';\nrequire __DIR__ . '/lib/init.php';\n\nuse Froxlor\\Api\\Commands\\Admins;\nuse Froxlor\\CurrentUser;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\PhpHelper;\nuse Froxlor\\Settings;\nuse Froxlor\\UI\\Collection;\nuse Froxlor\\UI\\HTML;\nuse Froxlor\\UI\\Listing;\nuse Froxlor\\UI\\Panel\\UI;\nuse Froxlor\\UI\\Request;\nuse Froxlor\\UI\\Response;\n\n$id = (int)Request::any('id');\n\nif (($page == 'admins' || $page == 'overview') && $userinfo['change_serversettings'] == '1') {\n\tif ($action == '') {\n\t\t$log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, \"viewed admin_admins\");\n\n\t\ttry {\n\t\t\t$admin_list_data = include_once dirname(__FILE__) . '/lib/tablelisting/admin/tablelisting.admins.php';\n\t\t\t$collection = (new Collection(Admins::class, $userinfo))\n\t\t\t\t->withPagination($admin_list_data['admin_list']['columns'], $admin_list_data['admin_list']['default_sorting']);\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\n\t\tUI::view('user/table.html.twig', [\n\t\t\t'listing' => Listing::format($collection, $admin_list_data, 'admin_list'),\n\t\t\t'actions_links' => [\n\t\t\t\t[\n\t\t\t\t\t'href' => $linker->getLink(['section' => 'admins', 'page' => $page, 'action' => 'add']),\n\t\t\t\t\t'label' => lng('admin.admin_add')\n\t\t\t\t]\n\t\t\t]\n\t\t]);\n\t} elseif ($action == 'su') {\n\t\ttry {\n\t\t\t$json_result = Admins::getLocal($userinfo, [\n\t\t\t\t'id' => $id\n\t\t\t])->get();\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\t\t$result = json_decode($json_result, true)['data'];\n\t\t$destination_admin = $result['loginname'];\n\n\t\tif ($destination_admin != '' && $result['adminid'] != $userinfo['userid']) {\n\t\t\t$result['switched_user'] = CurrentUser::getData();\n\t\t\t$result['adminsession'] = 1;\n\t\t\t$result['userid'] = $result['adminid'];\n\t\t\tsession_regenerate_id(true);\n\t\t\tCurrentUser::setData($result);\n\n\t\t\t$log->logAction(\n FroxlorLogger::ADM_ACTION,\n LOG_INFO,\n \"switched adminuser and is now '\" . $destination_admin . \"'\"\n );\n\t\t\tResponse::redirectTo('admin_index.php');\n\t\t} else {\n\t\t\tResponse::redirectTo('index.php', [\n\t\t\t\t'action' => 'login'\n\t\t\t]);\n\t\t}\n\t} elseif ($action == 'delete' && $id != 0) {\n\t\ttry {\n\t\t\t$json_result = Admins::getLocal($userinfo, [\n\t\t\t\t'id' => $id\n\t\t\t])->get();\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\t\t$result = json_decode($json_result, true)['data'];\n\n\t\tif ($result['loginname'] != '') {\n\t\t\tif ($result['adminid'] == $userinfo['userid']) {\n\t\t\t\tResponse::standardError('youcantdeleteyourself');\n\t\t\t}\n\n\t\t\tif (Request::post('send') == 'send') {\n\t\t\t\tAdmins::getLocal($userinfo, [\n\t\t\t\t\t'id' => $id\n\t\t\t\t])->delete();\n\t\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t\t'page' => $page\n\t\t\t\t]);\n\t\t\t} else {\n\t\t\t\tHTML::askYesNo('admin_admin_reallydelete', $filename, [\n\t\t\t\t\t'id' => $id,\n\t\t\t\t\t'page' => $page,\n\t\t\t\t\t'action' => $action\n\t\t\t\t], $result['loginname']);\n\t\t\t}\n\t\t}\n\t} elseif ($action == 'add') {\n\t\tif (Request::post('send') == 'send') {\n\t\t\ttry {\n\t\t\t\tAdmins::getLocal($userinfo, Request::postAll())->add();\n\t\t\t} catch (Exception $e) {\n\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t}\n\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t'page' => $page\n\t\t\t]);\n\t\t} else {\n\t\t\t$ipaddress = [];\n\t\t\t$ipaddress[-1] = lng('admin.allips');\n\t\t\t$ipsandports_stmt = Database::query(\"\n\t\t\t\tSELECT `id`, `ip` FROM `\" . TABLE_PANEL_IPSANDPORTS . \"` GROUP BY `ip` ORDER BY `ip` ASC\n\t\t\t\");\n\t\t\twhile ($row = $ipsandports_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t$ipaddress[$row['id']] = $row['ip'];\n\t\t\t}\n\n\t\t\t$admin_add_data = include_once dirname(__FILE__) . '/lib/formfields/admin/admin/formfield.admin_add.php';\n\n\t\t\tUI::view('user/form.html.twig', [\n\t\t\t\t'formaction' => $linker->getLink(['section' => 'admins']),\n\t\t\t\t'formdata' => $admin_add_data['admin_add']\n\t\t\t]);\n\t\t}\n\t} elseif ($action == 'edit' && $id != 0) {\n\t\ttry {\n\t\t\t$json_result = Admins::getLocal($userinfo, [\n\t\t\t\t'id' => $id\n\t\t\t])->get();\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\t\t$result = json_decode($json_result, true)['data'];\n\n\t\tif ($result['loginname'] != '') {\n\t\t\tif (Request::post('send') == 'send') {\n\t\t\t\ttry {\n\t\t\t\t\tAdmins::getLocal($userinfo, Request::postAll())->update();\n\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t\t}\n\t\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t\t'page' => $page\n\t\t\t\t]);\n\t\t\t} else {\n\t\t\t\t$dec_places = Settings::Get('panel.decimal_places');\n\t\t\t\t$result['traffic'] = round($result['traffic'] / (1024 * 1024), $dec_places);\n\t\t\t\t$result['diskspace'] = round($result['diskspace'] / 1024, $dec_places);\n\t\t\t\t$result['email'] = $idna_convert->decode($result['email']);\n\n\t\t\t\t$ipaddress = [];\n\t\t\t\t$ipaddress[-1] = lng('admin.allips');\n\t\t\t\t$ipsandports_stmt = Database::query(\"\n\t\t\t\t\tSELECT `id`, `ip` FROM `\" . TABLE_PANEL_IPSANDPORTS . \"` GROUP BY `ip` ORDER BY `ip` ASC\n\t\t\t\t\");\n\t\t\t\twhile ($row = $ipsandports_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t\t$ipaddress[$row['id']] = $row['ip'];\n\t\t\t\t}\n\n\t\t\t\t$result = PhpHelper::htmlentitiesArray($result);\n\n\t\t\t\t$admin_edit_data = include_once dirname(__FILE__) . '/lib/formfields/admin/admin/formfield.admin_edit.php';\n\n\t\t\t\tUI::view('user/form.html.twig', [\n\t\t\t\t\t'formaction' => $linker->getLink(['section' => 'admins', 'id' => $id]),\n\t\t\t\t\t'formdata' => $admin_edit_data['admin_edit'],\n\t\t\t\t\t'editid' => $id\n\t\t\t\t]);\n\t\t\t}\n\t\t}\n\t}\n}\n" }, { "path": "admin_apcuinfo.php", "content": "\n * @author Janos Muzsi \n * @author Ralf Becker \n * @author Rasmus Lerdorf \n * @author Ilia Alshanetsky \n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n *\n * Based on https://github.com/krakjoe/apcu/blob/master/apc.php, which is\n * licensed under the PHP licence (version 3.01), which can be viewed\n * online at https://www.php.net/license/3_01.txt\n */\n\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\UI\\Panel\\UI;\nuse Froxlor\\UI\\Request;\nuse Froxlor\\UI\\Response;\nuse Froxlor\\UI\\HTML;\n\nconst AREA = 'admin';\nrequire __DIR__ . '/lib/init.php';\n\n$horizontal_bar_size = 950; // 1280px window width\n\nif ($action == 'delete' && function_exists('apcu_clear_cache') && $userinfo['change_serversettings'] == '1') {\n\tif (Request::post('send') == 'send') {\n\t\tapcu_clear_cache();\n\t\t$log->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, \"cleared APCu cache\");\n\t\theader('Location: ' . $linker->getLink([\n\t\t\t\t'section' => 'apcuinfo',\n\t\t\t\t'page' => 'showinfo'\n\t\t\t]));\n\t\texit();\n\t} else {\n\t\tHTML::askYesNo('cache_reallydelete', $filename, [\n\t\t\t'page' => $page,\n\t\t\t'action' => 'delete',\n\t\t], '', [\n\t\t\t'section' => 'apcuinfo',\n\t\t\t'page' => 'showinfo'\n\t\t]);\n\t}\n}\n\nif (!function_exists('apcu_cache_info') || !function_exists('apcu_sma_info')) {\n\tResponse::standardError('no_apcuinfo');\n}\n\nif ($page == 'showinfo' && $userinfo['change_serversettings'] == '1') {\n\t$cache = apcu_cache_info();\n\t$mem = apcu_sma_info();\n\t$time = time();\n\t$log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, \"viewed admin_apcuinfo\");\n\n\t// check for possible empty values that are used in the templates\n\tif (!isset($cache['file_upload_progress'])) {\n\t\t$cache['file_upload_progress'] = lng('logger.unknown');\n\t}\n\n\tif (!isset($cache['num_expunges'])) {\n\t\t$cache['num_expunges'] = lng('logger.unknown');\n\t}\n\n\t$overview = [\n\t\t'mem_size' => $mem['num_seg'] * $mem['seg_size'],\n\t\t'mem_avail' => $mem['avail_mem'],\n\t\t'mem_used' => ($mem['num_seg'] * $mem['seg_size']) - $mem['avail_mem'],\n\t\t'seg_size' => bsize($mem['seg_size']),\n\t\t'num_hits' => $cache['num_hits'],\n\t\t'num_misses' => $cache['num_misses'],\n\t\t'num_inserts' => $cache['num_inserts'],\n\t\t'req_rate_user' => sprintf(\"%.2f\",\n\t\t\t$cache['num_hits'] ? (($cache['num_hits'] + $cache['num_misses']) / ($time - $cache['start_time'])) : 0),\n\t\t'hit_rate_user' => sprintf(\"%.2f\",\n\t\t\t$cache['num_hits'] ? (($cache['num_hits']) / ($time - $cache['start_time'])) : 0),\n\t\t'miss_rate_user' => sprintf(\"%.2f\",\n\t\t\t$cache['num_misses'] ? (($cache['num_misses']) / ($time - $cache['start_time'])) : 0),\n\t\t'insert_rate_user' => sprintf(\"%.2f\",\n\t\t\t$cache['num_inserts'] ? (($cache['num_inserts']) / ($time - $cache['start_time'])) : 0),\n\t\t'apcversion' => phpversion('apcu'),\n\t\t'phpversion' => phpversion(),\n\t\t'number_vars' => $cache['num_entries'],\n\t\t'size_vars' => bsize($cache['mem_size']),\n\t\t'num_hits_and_misses' => 0 >= ($cache['num_hits'] + $cache['num_misses']) ? 1 : ($cache['num_hits'] + $cache['num_misses']),\n\t\t'file_upload_progress' => $cache['file_upload_progress'],\n\t\t'num_expunges' => $cache['num_expunges'],\n\t\t'host' => (function_exists('gethostname')\n\t\t\t? gethostname()\n\t\t\t: (php_uname('n')\n\t\t\t\t?: (empty($_SERVER['SERVER_NAME'])\n\t\t\t\t\t? $_SERVER['HOST_NAME']\n\t\t\t\t\t: $_SERVER['SERVER_NAME']\n\t\t\t\t)\n\t\t\t)\n\t\t),\n\t\t'server' => $_SERVER['SERVER_SOFTWARE'] ?: '',\n\t\t'start_time' => $cache['start_time'],\n\t\t'uptime' => duration($cache['start_time'])\n\t];\n\n\t$overview['mem_used_percentage'] = number_format(($overview['mem_used'] / $overview['mem_size']) * 100, 1);\n\t$overview['num_hits_percentage'] = number_format(($overview['num_hits'] / $overview['num_hits_and_misses']) * 100,\n\t\t1);\n\t$overview['num_misses_percentage'] = number_format(($overview['num_misses'] / $overview['num_hits_and_misses']) * 100,\n\t\t1);\n\t$overview['readable'] = [\n\t\t'mem_size' => bsize($overview['mem_size']),\n\t\t'mem_avail' => bsize($overview['mem_avail']),\n\t\t'mem_used' => bsize($overview['mem_used']),\n\t\t'num_hits' => number_format($overview['num_hits']),\n\t\t'num_misses' => number_format($overview['num_misses']),\n\t\t'number_vars' => number_format($overview['number_vars']),\n\t];\n\n\t$overview['runtimelines'] = [];\n\tforeach (ini_get_all('apcu') as $name => $v) {\n\t\t$value = $v['local_value'];\n\t\t$overview['runtimelines'][$name] = $value;\n\t}\n\n\t// Fragementation: (freeseg - 1) / total_seg\n\t$nseg = $freeseg = $fragsize = $freetotal = 0;\n\tfor ($i = 0; $i < $mem['num_seg']; $i++) {\n\t\t$ptr = 0;\n\t\tforeach ($mem['block_lists'][$i] as $block) {\n\t\t\tif ($block['offset'] != $ptr) {\n\t\t\t\t++$nseg;\n\t\t\t}\n\t\t\t$ptr = $block['offset'] + $block['size'];\n\t\t\t/* Only consider blocks <5M for the fragmentation % */\n\t\t\tif ($block['size'] < (5 * 1024 * 1024)) {\n\t\t\t\t$fragsize += $block['size'];\n\t\t\t}\n\t\t\t$freetotal += $block['size'];\n\t\t}\n\t\t$freeseg += count($mem['block_lists'][$i]);\n\t}\n\n\t$overview['fragmentation'] = [];\n\tif ($freeseg > 1) {\n\t\t$overview['fragmentation']['used_percentage'] = number_format(($fragsize / $freetotal) * 100, 1);\n\t\t$overview['fragmentation']['used_bytes'] = $fragsize;\n\t\t$overview['fragmentation']['total_bytes'] = $freetotal;\n\t\t$overview['fragmentation']['num_frags'] = $freeseg;\n\t\t$overview['fragmentation']['readable'] = [\n\t\t\t'used_bytes' => bsize($fragsize),\n\t\t\t'total_bytes' => bsize($freetotal),\n\t\t\t'num_frags' => number_format($freeseg)\n\t\t];\n\t} else {\n\t\t$overview['fragmentation'] = 0;\n\t}\n\n\tUI::view('settings/apcuinfo.html.twig', [\n\t\t'apcuinfo' => $overview\n\t]);\n}\n// pretty printer for byte values\nfunction bsize($size)\n{\n\t$i = 0;\n\t$val = ['b', 'KB', 'MB', 'GB', 'TB', 'PB', 'EB', 'ZB', 'YB'];\n\twhile (($size / 1024) > 1) {\n\t\t$size /= 1024;\n\t\t++$i;\n\t}\n\treturn sprintf(\n\t\t'%.2f%s%s',\n\t\t$size,\n\t\t'',\n\t\t$val[$i]\n\t);\n}\n\nfunction duration($ts)\n{\n\tglobal $time;\n\t$years = (int)((($time - $ts) / (7 * 86400)) / 52.177457);\n\t$rem = (int)(($time - $ts) - ($years * 52.177457 * 7 * 86400));\n\t$weeks = (int)(($rem) / (7 * 86400));\n\t$days = (int)(($rem) / 86400) - $weeks * 7;\n\t$hours = (int)(($rem) / 3600) - $days * 24 - $weeks * 7 * 24;\n\t$mins = (int)(($rem) / 60) - $hours * 60 - $days * 24 * 60 - $weeks * 7 * 24 * 60;\n\t$str = '';\n\tif ($years == 1) {\n\t\t$str .= \"$years year, \";\n\t}\n\tif ($years > 1) {\n\t\t$str .= \"$years years, \";\n\t}\n\tif ($weeks == 1) {\n\t\t$str .= \"$weeks week, \";\n\t}\n\tif ($weeks > 1) {\n\t\t$str .= \"$weeks weeks, \";\n\t}\n\tif ($days == 1) {\n\t\t$str .= \"$days day,\";\n\t}\n\tif ($days > 1) {\n\t\t$str .= \"$days days,\";\n\t}\n\tif ($hours == 1) {\n\t\t$str .= \" $hours hour and\";\n\t}\n\tif ($hours > 1) {\n\t\t$str .= \" $hours hours and\";\n\t}\n\tif ($mins == 1) {\n\t\t$str .= \" 1 minute\";\n\t} else {\n\t\t$str .= \" $mins minutes\";\n\t}\n\treturn $str;\n}\n" }, { "path": "admin_autoupdate.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nconst AREA = 'admin';\nrequire __DIR__ . '/lib/init.php';\n\nuse Froxlor\\Froxlor;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\FileDir;\nuse Froxlor\\Install\\AutoUpdate;\nuse Froxlor\\Settings;\nuse Froxlor\\UI\\Panel\\UI;\nuse Froxlor\\UI\\Request;\nuse Froxlor\\UI\\Response;\n\nif ($page != 'error') {\n\t// check for webupdate to be enabled\n\tif (Settings::Config('enable_webupdate') != true) {\n\t\tResponse::redirectTo($filename, [\n\t\t\t'page' => 'error',\n\t\t\t'errno' => 11\n\t\t]);\n\t}\n}\n\n// display initial version check\nif ($page == 'overview') {\n\t// log our actions\n\t$log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, \"checking auto-update\");\n\n\t// check for new version\n\ttry {\n\t\t$result = AutoUpdate::checkVersion();\n\t} catch (Exception $e) {\n\t\tResponse::dynamicError($e->getMessage());\n\t}\n\n\tif ($result == 1) {\n\n\t\t// anzeige über version-status mit ggfls. formular\n\t\t// zum update schritt #1 -> download\n\t\t$text = lng('admin.newerversionavailable') . ' ' . lng('admin.newerversiondetails', [AutoUpdate::getFromResult('version'), Froxlor::VERSION]);\n\n\t\t$upd_formfield = [\n\t\t\t'updates' => [\n\t\t\t\t'title' => lng('update.update'),\n\t\t\t\t'image' => 'fa-solid fa-download',\n\t\t\t\t'sections' => [\n\t\t\t\t\t'section_autoupd' => [\n\t\t\t\t\t\t'fields' => [\n\t\t\t\t\t\t\t'newversion' => ['type' => 'hidden', 'value' => AutoUpdate::getFromResult('version')]\n\t\t\t\t\t\t]\n\t\t\t\t\t]\n\t\t\t\t],\n\t\t\t\t'buttons' => [\n\t\t\t\t\t[\n\t\t\t\t\t\t'class' => 'btn-outline-secondary',\n\t\t\t\t\t\t'label' => lng('panel.cancel'),\n\t\t\t\t\t\t'type' => 'reset'\n\t\t\t\t\t],\n\t\t\t\t\t[\n\t\t\t\t\t\t'label' => lng('update.proceed')\n\t\t\t\t\t]\n\t\t\t\t]\n\t\t\t]\n\t\t];\n\n\t\tUI::view('user/form-note.html.twig', [\n\t\t\t'formaction' => $linker->getLink(['section' => 'autoupdate', 'page' => 'getdownload']),\n\t\t\t'formdata' => $upd_formfield['updates'],\n\t\t\t// alert\n\t\t\t'type' => 'warning',\n\t\t\t'alert_msg' => $text\n\t\t]);\n\t} else if ($result < 0 || $result > 1) {\n\t\t// remote errors\n\t\tif ($result < 0) {\n\t\t\tResponse::dynamicError(AutoUpdate::getLastError());\n\t\t} else {\n\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t'page' => 'error',\n\t\t\t\t'errno' => $result\n\t\t\t]);\n\t\t}\n\t} else {\n\t\t// no new version\n\t\tResponse::standardSuccess('update.noupdatesavail', (Settings::Get('system.update_channel') == 'testing' ? lng('serversettings.uc_testing') . ' ' : ''));\n\t}\n} // download the new archive\nelseif ($page == 'getdownload') {\n\t// retrieve the new version from the form\n\t$newversion = Request::post('newversion');\n\n\t$result = 6;\n\t// valid?\n\tif ($newversion !== null) {\n\t\t$result = AutoUpdate::downloadZip($newversion);\n\t\tif (!is_numeric($result)) {\n\t\t\t// to the next step\n\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t'page' => 'extract',\n\t\t\t\t'archive' => $result\n\t\t\t]);\n\t\t}\n\t}\n\tResponse::redirectTo($filename, [\n\t\t'page' => 'error',\n\t\t'errno' => $result\n\t]);\n} // extract and install new version\nelseif ($page == 'extract') {\n\tif (Request::post('send') == 'send') {\n\t\t$toExtract = Request::post('archive');\n\t\t$localArchive = FileDir::makeCorrectFile(Froxlor::getInstallDir() . '/updates/' . $toExtract);\n\t\t$log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, \"Extracting \" . $localArchive . \" to \" . Froxlor::getInstallDir());\n\t\t$result = AutoUpdate::extractZip($localArchive);\n\t\tif ($result > 0) {\n\t\t\t// error\n\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t'page' => 'error',\n\t\t\t\t'errno' => $result\n\t\t\t]);\n\t\t}\n\t\tif (function_exists('opcache_reset')) {\n\t\t\t@opcache_reset();\n\t\t}\n\t\t// redirect to update-page\n\t\tResponse::redirectTo('admin_updates.php');\n\t} else {\n\t\t$toExtract = Request::get('archive');\n\t\t$localArchive = FileDir::makeCorrectFile(Froxlor::getInstallDir() . '/updates/' . $toExtract);\n\t}\n\n\tif (!file_exists($localArchive)) {\n\t\tResponse::redirectTo($filename, [\n\t\t\t'page' => 'error',\n\t\t\t'errno' => 7\n\t\t]);\n\t}\n\n\t$text = lng('admin.extractdownloadedzip', [$toExtract]);\n\n\t$upd_formfield = [\n\t\t'updates' => [\n\t\t\t'title' => lng('update.update'),\n\t\t\t'image' => 'fa-solid fa-download',\n\t\t\t'sections' => [\n\t\t\t\t'section_autoupd' => [\n\t\t\t\t\t'fields' => [\n\t\t\t\t\t\t'archive' => ['type' => 'hidden', 'value' => $toExtract]\n\t\t\t\t\t]\n\t\t\t\t]\n\t\t\t],\n\t\t\t'buttons' => [\n\t\t\t\t[\n\t\t\t\t\t'class' => 'btn-outline-secondary',\n\t\t\t\t\t'label' => lng('panel.cancel'),\n\t\t\t\t\t'type' => 'reset'\n\t\t\t\t],\n\t\t\t\t[\n\t\t\t\t\t'label' => lng('update.proceed')\n\t\t\t\t]\n\t\t\t]\n\t\t]\n\t];\n\n\tUI::view('user/form-note.html.twig', [\n\t\t'formaction' => $linker->getLink(['section' => 'autoupdate', 'page' => 'extract']),\n\t\t'formdata' => $upd_formfield['updates'],\n\t\t// alert\n\t\t'type' => 'warning',\n\t\t'alert_msg' => $text\n\t]);\n} // display error\nelseif ($page == 'error') {\n\t// retrieve error-number via url-parameter\n\t$errno = Request::get('errno', 0);\n\n\t// 2 = no Zlib\n\t// 3 = custom version detected\n\t// 4 = could not store archive to local hdd\n\t// 5 = some weird value came from version.froxlor.org\n\t// 6 = download without valid version\n\t// 7 = local archive does not exist\n\t// 8 = could not extract archive\n\t// 9 = checksum mismatch\n\t// 10 = \n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nconst AREA = 'admin';\nrequire __DIR__ . '/lib/init.php';\n\nuse Froxlor\\Config\\ConfigParser;\nuse Froxlor\\FileDir;\nuse Froxlor\\Froxlor;\nuse Froxlor\\Settings;\nuse Froxlor\\UI\\Panel\\UI;\nuse Froxlor\\UI\\Request;\nuse Froxlor\\UI\\Response;\nuse Froxlor\\Validate\\Validate;\n\nif ($userinfo['change_serversettings'] == '1') {\n\tif ($action == 'setconfigured') {\n\t\tSettings::Set('panel.is_configured', '1', true);\n\t\tResponse::redirectTo('admin_configfiles.php');\n\t}\n\n\t// get distro from URL param\n\t$distribution = Request::any('distribution');\n\t$reselect = Request::any('reselect', 0);\n\n\t// check for possible setting\n\tif (empty($distribution)) {\n\t\t$distribution = Settings::Get('system.distribution') ?? \"\";\n\t}\n\tif ($reselect == 2) {\n\t\tSettings::Set('system.distro_mismatch', '2');\n\t\t$reselect = 1;\n\t}\n\tif ($reselect == 1) {\n\t\t$distribution = '';\n\t}\n\n\t$distributions_select = [];\n\n\t$services = [];\n\t$config_dir = FileDir::makeCorrectDir(Froxlor::getInstallDir() . '/lib/configfiles/');\n\n\tif (!empty($distribution)) {\n\t\tif (!file_exists($config_dir . '/' . $distribution . \".xml\")) {\n\t\t\t// unknown distribution -> redirect to select a valid distribution for config-templates\n\t\t\tSettings::Set('system.distribution', '');\n\t\t\tResponse::redirectTo('admin_configfiles.php', ['reselect' => 1]);\n\t\t}\n\n\t\t// update setting if different\n\t\tif ($distribution != Settings::Get('system.distribution')) {\n\t\t\tSettings::Set('system.distribution', $distribution);\n\t\t\tSettings::Set('system.distro_mismatch', '0');\n\t\t}\n\n\t\t// create configparser object\n\t\t$configfiles = new ConfigParser($config_dir . '/' . $distribution . \".xml\");\n\n\t\t// get distro-info\n\t\t$dist_display = $configfiles->getCompleteDistroName();\n\n\t\t// get all the services from the distro\n\t\t$services = $configfiles->getServices();\n\t} else {\n\t\t// show list of available distro's\n\t\t$distros = glob($config_dir . '*.xml');\n\t\t// read in all the distros\n\t\tforeach ($distros as $_distribution) {\n\t\t\t// get configparser object\n\t\t\t$dist = new ConfigParser($_distribution);\n\t\t\t// store in tmp array\n\t\t\t$distributions_select[str_replace(\".xml\", \"\", strtolower(basename($_distribution)))] = $dist->getCompleteDistroName();\n\t\t}\n\n\t\t// sort by distribution name\n\t\tasort($distributions_select);\n\t}\n\n\tif ($distribution != \"\" && !empty(Request::post('finish'))) {\n\t\t$valid_keys = ['http', 'dns', 'smtp', 'mail', 'antispam', 'ftp', 'system', 'distro'];\n\t\tunset($_POST['finish']);\n\t\tunset($_POST['csrf_token']);\n\t\t$params = Request::postAll();\n\t\t$params['distro'] = $distribution;\n\t\t$params['system'] = [];\n\t\tforeach (Request::post('system', []) as $sysdaemon) {\n\t\t\t$params['system'][] = $sysdaemon;\n\t\t}\n\t\t// validate params\n\t\tforeach ($params as $key => $value) {\n\t\t\tif (!in_array($key, $valid_keys)) {\n\t\t\t\tunset($params[$key]);\n\t\t\t\tcontinue;\n\t\t\t}\n\t\t\tif (!is_array($value)) {\n\t\t\t\t$params[$key] = Validate::validate($value, $key);\n\t\t\t} else {\n\t\t\t\tforeach ($value as $subkey => $subvalue) {\n\t\t\t\t\t$params[$key][$subkey] = Validate::validate($subvalue, $key.'.'.$subkey);\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t\t$params_content = json_encode($params);\n\t\t$params_filename = FileDir::makeCorrectFile(Froxlor::getInstallDir() . 'install/' . Froxlor::genSessionId() . '.json');\n\t\tfile_put_contents($params_filename, $params_content);\n\n\t\tUI::twigBuffer('settings/configuration-final.html.twig', [\n\t\t\t'distribution' => $distribution,\n\t\t\t// alert\n\t\t\t'type' => 'info',\n\t\t\t'alert_msg' => lng('admin.configfiles.finishnote'),\n\t\t\t'basedir' => Froxlor::getInstallDir(),\n\t\t\t'params_filename' => $params_filename\n\t\t]);\n\t} else {\n\t\tif (!empty($distribution)) {\n\t\t\t// show available services to configure\n\t\t\t$fields = $services;\n\t\t\t$link_params = ['section' => 'configfiles', 'distribution' => $distribution];\n\t\t\tUI::twigBuffer('settings/configuration.html.twig', [\n\t\t\t\t'action' => $linker->getLink($link_params),\n\t\t\t\t'fields' => $fields,\n\t\t\t\t'distribution' => $distribution\n\t\t\t]);\n\t\t} else {\n\t\t\t$cfg_formfield = [\n\t\t\t\t'config' => [\n\t\t\t\t\t'title' => lng('admin.configfiles.serverconfiguration'),\n\t\t\t\t\t'image' => 'fa-solid fa-wrench',\n\t\t\t\t\t'description' => lng('admin.configfiles.description'),\n\t\t\t\t\t'sections' => [\n\t\t\t\t\t\t'section_config' => [\n\t\t\t\t\t\t\t'fields' => [\n\t\t\t\t\t\t\t\t'distribution' => [\n\t\t\t\t\t\t\t\t\t'type' => 'select',\n\t\t\t\t\t\t\t\t\t'select_var' => $distributions_select,\n\t\t\t\t\t\t\t\t\t'label' => lng('admin.configfiles.distribution'),\n\t\t\t\t\t\t\t\t\t'selected' => Settings::Get('system.distribution') ?? ''\n\t\t\t\t\t\t\t\t]\n\t\t\t\t\t\t\t]\n\t\t\t\t\t\t]\n\t\t\t\t\t],\n\t\t\t\t\t'buttons' => [\n\t\t\t\t\t\t[\n\t\t\t\t\t\t\t'class' => 'btn-outline-secondary',\n\t\t\t\t\t\t\t'label' => lng('panel.cancel'),\n\t\t\t\t\t\t\t'type' => 'reset'\n\t\t\t\t\t\t],\n\t\t\t\t\t\t[\n\t\t\t\t\t\t\t'label' => lng('update.proceed')\n\t\t\t\t\t\t]\n\t\t\t\t\t]\n\t\t\t\t]\n\t\t\t];\n\n\t\t\tUI::twigBuffer('user/form-note.html.twig', [\n\t\t\t\t'formaction' => $linker->getLink(['section' => 'configfiles']),\n\t\t\t\t'formdata' => $cfg_formfield['config'],\n\t\t\t\t'actions_links' => (int)Settings::Get('panel.is_configured') == 0 ? [\n\t\t\t\t\t[\n\t\t\t\t\t\t'href' => $linker->getLink([\n\t\t\t\t\t\t\t'section' => 'configfiles',\n\t\t\t\t\t\t\t'page' => 'overview',\n\t\t\t\t\t\t\t'action' => 'setconfigured'\n\t\t\t\t\t\t]),\n\t\t\t\t\t\t'label' => lng('panel.ihave_configured'),\n\t\t\t\t\t\t'class' => 'btn-outline-warning',\n\t\t\t\t\t\t'icon' => 'fa-solid fa-circle-check'\n\t\t\t\t\t]\n\t\t\t\t] : [],\n\t\t\t\t// alert\n\t\t\t\t'type' => 'warning',\n\t\t\t\t'alert_msg' => lng('panel.settings_before_configuration') . ((int)Settings::Get('panel.is_configured') == 1 ? '

' . lng('panel.system_is_configured') : '')\n\t\t\t]);\n\t\t}\n\t}\n\n\tUI::twigOutputBuffer();\n} else {\n\tResponse::redirectTo('admin_index.php');\n}\n" }, { "path": "admin_cronjobs.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nconst AREA = 'admin';\nrequire __DIR__ . '/lib/init.php';\n\nuse Froxlor\\Api\\Commands\\Cronjobs;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\UI\\Collection;\nuse Froxlor\\UI\\Listing;\nuse Froxlor\\UI\\Panel\\UI;\nuse Froxlor\\UI\\Request;\nuse Froxlor\\UI\\Response;\n\n$id = (int)Request::any('id');\n\nif (($page == 'cronjobs' || $page == 'overview') && $userinfo['change_serversettings'] == '1') {\n\tif ($action == '') {\n\t\t$log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, 'viewed admin_cronjobs');\n\n\t\ttry {\n\t\t\t$cron_list_data = include_once dirname(__FILE__) . '/lib/tablelisting/admin/tablelisting.cronjobs.php';\n\t\t\t$collection = (new Collection(Cronjobs::class, $userinfo))\n\t\t\t\t->withPagination($cron_list_data['cron_list']['columns'], $cron_list_data['cron_list']['default_sorting']);\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\n\t\tUI::view('user/table-note.html.twig', [\n\t\t\t'listing' => Listing::format($collection, $cron_list_data, 'cron_list'),\n\t\t\t// alert-box\n\t\t\t'type' => 'warning',\n\t\t\t'alert_msg' => lng('cron.changewarning')\n\t\t]);\n\t} elseif ($action == 'new') {\n\t\t/*\n\t\t * @TODO later\n\t\t */\n\t} elseif ($action == 'edit' && $id != 0) {\n\t\ttry {\n\t\t\t$json_result = Cronjobs::getLocal($userinfo, [\n\t\t\t\t'id' => $id\n\t\t\t])->get();\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\t\t$result = json_decode($json_result, true)['data'];\n\t\tif ($result['cronfile'] != '') {\n\t\t\tif (Request::post('send') == 'send') {\n\t\t\t\ttry {\n\t\t\t\t\tCronjobs::getLocal($userinfo, Request::postAll())->update();\n\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t\t}\n\t\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t\t'page' => $page\n\t\t\t\t]);\n\t\t\t} else {\n\t\t\t\t$cronjobs_edit_data = include_once dirname(__FILE__) . '/lib/formfields/admin/cronjobs/formfield.cronjobs_edit.php';\n\n\t\t\t\tUI::view('user/form.html.twig', [\n\t\t\t\t\t'formaction' => $linker->getLink(['section' => 'cronjobs', 'id' => $id]),\n\t\t\t\t\t'formdata' => $cronjobs_edit_data['cronjobs_edit'],\n\t\t\t\t\t'editid' => $id\n\t\t\t\t]);\n\t\t\t}\n\t\t}\n\t} elseif ($action == 'delete' && $id != 0) {\n\t\t/*\n\t\t * @TODO later\n\t\t */\n\t}\n}\n" }, { "path": "admin_customers.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nconst AREA = 'admin';\nrequire __DIR__ . '/lib/init.php';\n\nuse Froxlor\\Api\\Commands\\Admins;\nuse Froxlor\\Api\\Commands\\Customers;\nuse Froxlor\\Api\\Commands\\MysqlServer;\nuse Froxlor\\CurrentUser;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\Froxlor;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\PhpHelper;\nuse Froxlor\\Settings;\nuse Froxlor\\UI\\Collection;\nuse Froxlor\\UI\\HTML;\nuse Froxlor\\UI\\Listing;\nuse Froxlor\\UI\\Panel\\UI;\nuse Froxlor\\UI\\Request;\nuse Froxlor\\UI\\Response;\n\n$id = (int)Request::any('id');\n\nif (($page == 'customers' || $page == 'overview') && $userinfo['customers'] != '0') {\n\tif ($action == '') {\n\t\t$log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, \"viewed admin_customers\");\n\n\t\ttry {\n\t\t\t$customer_list_data = include_once dirname(__FILE__) . '/lib/tablelisting/admin/tablelisting.customers.php';\n\t\t\t$collection = (new Collection(Customers::class, $userinfo, ['show_usages' => true]))\n\t\t\t\t->withPagination($customer_list_data['customer_list']['columns'], $customer_list_data['customer_list']['default_sorting']);\n\t\t\tif ($userinfo['change_serversettings']) {\n\t\t\t\t$collection->has('admin', Admins::class, 'adminid', 'adminid');\n\t\t\t}\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\n\t\t$actions_links = false;\n\t\tif (CurrentUser::canAddResource('customers')) {\n\t\t\t$actions_links = [\n\t\t\t\t[\n\t\t\t\t\t'href' => $linker->getLink(['section' => 'customers', 'page' => $page, 'action' => 'add']),\n\t\t\t\t\t'label' => lng('admin.customer_add')\n\t\t\t\t]\n\t\t\t];\n\t\t}\n\n\t\tUI::view('user/table.html.twig', [\n\t\t\t'listing' => Listing::format($collection, $customer_list_data, 'customer_list'),\n\t\t\t'actions_links' => $actions_links\n\t\t]);\n\t} elseif ($action == 'su' && $id != 0) {\n\t\ttry {\n\t\t\t$json_result = Customers::getLocal($userinfo, [\n\t\t\t\t'id' => $id\n\t\t\t])->get();\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\t\t$result = json_decode($json_result, true)['data'];\n\n\t\t$destination_user = $result['loginname'];\n\n\t\tif ($destination_user != '') {\n\t\t\tif ($result['deactivated'] == '1') {\n\t\t\t\tResponse::standardError(\"usercurrentlydeactivated\", $destination_user);\n\t\t\t}\n\n\t\t\t$result['switched_user'] = CurrentUser::getData();\n\t\t\t$result['adminsession'] = 0;\n\t\t\t$result['userid'] = $result['customerid'];\n\t\t\tsession_regenerate_id(true);\n\t\t\tCurrentUser::setData($result);\n\n\t\t\t$log->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, \"switched user and is now '\" . $destination_user . \"'\");\n\n\t\t\t$target = Request::get('target', 'index');\n\t\t\t$redirect = \"customer_\" . $target . \".php\";\n\t\t\tif (!file_exists(Froxlor::getInstallDir() . \"/\" . $redirect)) {\n\t\t\t\t$redirect = \"customer_index.php\";\n\t\t\t}\n\t\t\tResponse::redirectTo($redirect, null, true);\n\t\t} else {\n\t\t\tResponse::redirectTo('index.php', [\n\t\t\t\t'action' => 'login'\n\t\t\t]);\n\t\t}\n\t} elseif ($action == 'unlock' && $id != 0) {\n\t\ttry {\n\t\t\t$json_result = Customers::getLocal($userinfo, [\n\t\t\t\t'id' => $id\n\t\t\t])->get();\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\t\t$result = json_decode($json_result, true)['data'];\n\n\t\tif (Request::post('send') == 'send') {\n\t\t\ttry {\n\t\t\t\t$json_result = Customers::getLocal($userinfo, [\n\t\t\t\t\t'id' => $id\n\t\t\t\t])->unlock();\n\t\t\t} catch (Exception $e) {\n\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t}\n\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t'page' => $page\n\t\t\t]);\n\t\t} else {\n\t\t\tHTML::askYesNo('customer_reallyunlock', $filename, [\n\t\t\t\t'id' => $id,\n\t\t\t\t'page' => $page,\n\t\t\t\t'action' => $action\n\t\t\t], $result['loginname']);\n\t\t}\n\t} elseif ($action == 'delete' && $id != 0) {\n\t\ttry {\n\t\t\t$json_result = Customers::getLocal($userinfo, [\n\t\t\t\t'id' => $id\n\t\t\t])->get();\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\t\t$result = json_decode($json_result, true)['data'];\n\n\t\tif (Request::post('send') == 'send') {\n\t\t\ttry {\n\t\t\t\t$json_result = Customers::getLocal($userinfo, [\n\t\t\t\t\t'id' => $id,\n\t\t\t\t\t'delete_userfiles' => Request::post('delete_userfiles', 0)\n\t\t\t\t])->delete();\n\t\t\t} catch (Exception $e) {\n\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t}\n\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t'page' => $page\n\t\t\t]);\n\t\t} else {\n\t\t\tHTML::askYesNoWithCheckbox('admin_customer_reallydelete', 'admin_customer_alsoremovefiles', $filename, [\n\t\t\t\t'id' => $id,\n\t\t\t\t'page' => $page,\n\t\t\t\t'action' => $action\n\t\t\t], $result['loginname']);\n\t\t}\n\t} elseif ($action == 'add') {\n\t\tif (Request::post('send') == 'send') {\n\t\t\ttry {\n\t\t\t\tCustomers::getLocal($userinfo, Request::postAll())->add();\n\t\t\t} catch (Exception $e) {\n\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t}\n\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t'page' => $page\n\t\t\t]);\n\t\t} else {\n\t\t\t$mysql_servers = [];\n\t\t\ttry {\n\t\t\t\t$result_json = MysqlServer::getLocal($userinfo)->listing();\n\t\t\t\t$result_decoded = json_decode($result_json, true)['data']['list'];\n\t\t\t\tforeach ($result_decoded as $dbserver => $dbdata) {\n\t\t\t\t\t$mysql_servers[] = [\n\t\t\t\t\t\t'label' => $dbdata['caption'],\n\t\t\t\t\t\t'value' => $dbserver\n\t\t\t\t\t];\n\t\t\t\t}\n\t\t\t} catch (Exception $e) {\n\t\t\t\t/* just none */\n\t\t\t}\n\n\t\t\t$phpconfigs = [];\n\t\t\t$configs = Database::query(\"\n\t\t\t\tSELECT c.*, fc.description as interpreter\n\t\t\t\tFROM `\" . TABLE_PANEL_PHPCONFIGS . \"` c\n\t\t\t\tLEFT JOIN `\" . TABLE_PANEL_FPMDAEMONS . \"` fc ON fc.id = c.fpmsettingid\n\t\t\t\");\n\t\t\twhile ($row = $configs->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\tif ((int)Settings::Get('phpfpm.enabled') == 1) {\n\t\t\t\t\t$phpconfigs[] = [\n\t\t\t\t\t\t'label' => $row['description'] . \" [\" . $row['interpreter'] . \"]\",\n\t\t\t\t\t\t'value' => $row['id']\n\t\t\t\t\t];\n\t\t\t\t} else {\n\t\t\t\t\t$phpconfigs[] = [\n\t\t\t\t\t\t'label' => $row['description'],\n\t\t\t\t\t\t'value' => $row['id']\n\t\t\t\t\t];\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// hosting plans\n\t\t\t$hosting_plans = [];\n\t\t\t$plans = Database::query(\"\n\t\t\t\tSELECT *\n\t\t\t\tFROM `\" . TABLE_PANEL_PLANS . \"`\n\t\t\t\tORDER BY name ASC\n\t\t\t\");\n\t\t\t$hosting_plans = [\n\t\t\t\t0 => \"---\"\n\t\t\t];\n\t\t\twhile ($row = $plans->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t$hosting_plans[$row['id']] = $row['name'];\n\t\t\t}\n\n\t\t\t$customer_add_data = include_once dirname(__FILE__) . '/lib/formfields/admin/customer/formfield.customer_add.php';\n\n\t\t\tUI::view('user/form.html.twig', [\n\t\t\t\t'formaction' => $linker->getLink(['section' => 'customers']),\n\t\t\t\t'formdata' => $customer_add_data['customer_add']\n\t\t\t]);\n\t\t}\n\t} elseif ($action == 'edit' && $id != 0) {\n\t\ttry {\n\t\t\t$json_result = Customers::getLocal($userinfo, [\n\t\t\t\t'id' => $id\n\t\t\t])->get();\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\t\t$result = json_decode($json_result, true)['data'];\n\n\t\tif ($result['loginname'] != '') {\n\t\t\tif (Request::post('send') == 'send') {\n\t\t\t\ttry {\n\t\t\t\t\tCustomers::getLocal($userinfo, Request::postAll())->update();\n\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t\t}\n\t\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t\t'page' => $page\n\t\t\t\t]);\n\t\t\t} else {\n\t\t\t\t$dec_places = Settings::Get('panel.decimal_places');\n\t\t\t\t$result['traffic'] = round($result['traffic'] / (1024 * 1024), $dec_places);\n\t\t\t\t$result['diskspace'] = round($result['diskspace'] / 1024, $dec_places);\n\t\t\t\t$result['email'] = $idna_convert->decode($result['email']);\n\n\t\t\t\t$result = PhpHelper::htmlentitiesArray($result);\n\n\t\t\t\t$mysql_servers = [];\n\t\t\t\ttry {\n\t\t\t\t\t$result_json = MysqlServer::getLocal($userinfo)->listing();\n\t\t\t\t\t$result_decoded = json_decode($result_json, true)['data']['list'];\n\t\t\t\t\tforeach ($result_decoded as $dbserver => $dbdata) {\n\t\t\t\t\t\t$mysql_servers[] = [\n\t\t\t\t\t\t\t'label' => $dbdata['caption'],\n\t\t\t\t\t\t\t'value' => $dbserver\n\t\t\t\t\t\t];\n\t\t\t\t\t}\n\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\t/* just none */\n\t\t\t\t}\n\n\t\t\t\t$phpconfigs = [];\n\t\t\t\t$configs = Database::query(\"\n\t\t\t\t\tSELECT c.*, fc.description as interpreter\n\t\t\t\t\tFROM `\" . TABLE_PANEL_PHPCONFIGS . \"` c\n\t\t\t\t\tLEFT JOIN `\" . TABLE_PANEL_FPMDAEMONS . \"` fc ON fc.id = c.fpmsettingid\n\t\t\t\t\");\n\t\t\t\twhile ($row = $configs->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t\tif ((int)Settings::Get('phpfpm.enabled') == 1) {\n\t\t\t\t\t\t$phpconfigs[] = [\n\t\t\t\t\t\t\t'label' => $row['description'] . \" [\" . $row['interpreter'] . \"]\",\n\t\t\t\t\t\t\t'value' => $row['id']\n\t\t\t\t\t\t];\n\t\t\t\t\t} else {\n\t\t\t\t\t\t$phpconfigs[] = [\n\t\t\t\t\t\t\t'label' => $row['description'],\n\t\t\t\t\t\t\t'value' => $row['id']\n\t\t\t\t\t\t];\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\t// hosting plans\n\t\t\t\t$plans = Database::query(\"\n\t\t\t\t\tSELECT *\n\t\t\t\t\tFROM `\" . TABLE_PANEL_PLANS . \"`\n\t\t\t\t\tORDER BY name ASC\n\t\t\t\t\");\n\t\t\t\t$hosting_plans = [\n\t\t\t\t\t0 => \"---\"\n\t\t\t\t];\n\t\t\t\twhile ($row = $plans->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t\t$hosting_plans[$row['id']] = $row['name'];\n\t\t\t\t}\n\n\t\t\t\t$admin_select = [];\n\t\t\t\tif ($userinfo['customers_see_all'] == '1') {\n\t\t\t\t\t$available_admins_stmt = Database::prepare(\"\n\t\t\t\t\t\tSELECT * FROM `\" . TABLE_PANEL_ADMINS . \"`\n\t\t\t\t\t\tWHERE (`customers` = '-1' OR `customers` > `customers_used`)\n\t\t\t\t\t\tAND adminid <> :currentadmin\n\t\t\t\t\t\");\n\t\t\t\t\tDatabase::pexecute($available_admins_stmt, ['currentadmin' => $result['adminid']]);\n\t\t\t\t\t$admin_select = [\n\t\t\t\t\t\t0 => \"---\"\n\t\t\t\t\t];\n\t\t\t\t\twhile ($available_admin = $available_admins_stmt->fetch()) {\n\t\t\t\t\t\t$admin_select[$available_admin['adminid']] = $available_admin['name'] . \" (\" . $available_admin['loginname'] . \")\";\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\t$customer_edit_data = include_once dirname(__FILE__) . '/lib/formfields/admin/customer/formfield.customer_edit.php';\n\n\t\t\t\tUI::view('user/form.html.twig', [\n\t\t\t\t\t'formaction' => $linker->getLink(['section' => 'customers', 'id' => $id]),\n\t\t\t\t\t'formdata' => $customer_edit_data['customer_edit'],\n\t\t\t\t\t'editid' => $id\n\t\t\t\t]);\n\t\t\t}\n\t\t}\n\t}\n}\n" }, { "path": "admin_domains.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nconst AREA = 'admin';\nrequire __DIR__ . '/lib/init.php';\n\nuse Froxlor\\Api\\Commands\\Customers as Customers;\nuse Froxlor\\Api\\Commands\\Domains as Domains;\nuse Froxlor\\Bulk\\DomainBulkAction;\nuse Froxlor\\Cron\\TaskId;\nuse Froxlor\\CurrentUser;\nuse Froxlor\\Customer\\Customer;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\FileDir;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\Settings;\nuse Froxlor\\System\\Cronjob;\nuse Froxlor\\UI\\Collection;\nuse Froxlor\\UI\\HTML;\nuse Froxlor\\UI\\Listing;\nuse Froxlor\\UI\\Panel\\UI;\nuse Froxlor\\UI\\Request;\nuse Froxlor\\UI\\Response;\nuse Froxlor\\User;\nuse Froxlor\\Validate\\Validate;\n\n$id = (int)Request::any('id');\n\nif ($page == 'domains' || $page == 'overview') {\n\tif ($action == '') {\n\t\t$log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, \"viewed admin_domains\");\n\n\t\ttry {\n\t\t\t$customerCollection = (new Collection(Customers::class, $userinfo));\n\t\t\t$domain_list_data = include_once dirname(__FILE__) . '/lib/tablelisting/admin/tablelisting.domains.php';\n\t\t\t$collection = (new Collection(Domains::class, $userinfo))\n\t\t\t\t->has('customer', Customers::class, 'customerid', 'customerid')\n\t\t\t\t->withPagination($domain_list_data['domain_list']['columns'], $domain_list_data['domain_list']['default_sorting']);\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\n\t\t$actions_links = false;\n\t\tif (CurrentUser::canAddResource('domains')) {\n\t\t\t$actions_links = [];\n\t\t\t$actions_links[] = [\n\t\t\t\t'href' => $linker->getLink(['section' => 'domains', 'page' => $page, 'action' => 'add']),\n\t\t\t\t'label' => lng('admin.domain_add')\n\t\t\t];\n\t\t\t$actions_links[] = [\n\t\t\t\t'href' => $linker->getLink(['section' => 'domains', 'page' => $page, 'action' => 'import']),\n\t\t\t\t'label' => lng('domains.domain_import'),\n\t\t\t\t'icon' => 'fa-solid fa-file-import',\n\t\t\t\t'class' => 'btn-outline-secondary'\n\t\t\t];\n\t\t}\n\n\t\tUI::view('user/table.html.twig', [\n\t\t\t'listing' => Listing::format($collection, $domain_list_data, 'domain_list'),\n\t\t\t'actions_links' => $actions_links\n\t\t]);\n\t} elseif ($action == 'delete' && $id != 0) {\n\t\ttry {\n\t\t\t$json_result = Domains::getLocal($userinfo, [\n\t\t\t\t'id' => $id,\n\t\t\t\t'no_std_subdomain' => true\n\t\t\t])->get();\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\t\t$result = json_decode($json_result, true)['data'];\n\n\t\t$alias_check_stmt = Database::prepare(\"\n\t\t\tSELECT COUNT(`id`) AS `count` FROM `\" . TABLE_PANEL_DOMAINS . \"`\n\t\t\tWHERE `aliasdomain`= :id\");\n\t\t$alias_check = Database::pexecute_first($alias_check_stmt, [\n\t\t\t'id' => $id\n\t\t]);\n\n\t\tif ($result['domain'] != '') {\n\t\t\tif (Request::post('send') == 'send' && $alias_check['count'] == 0) {\n\t\t\t\ttry {\n\t\t\t\t\tDomains::getLocal($userinfo, Request::postAll())->delete();\n\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t\t}\n\n\t\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t\t'page' => $page\n\t\t\t\t]);\n\t\t\t} elseif ($alias_check['count'] > 0) {\n\t\t\t\tResponse::standardError('domains_cantdeletedomainwithaliases');\n\t\t\t} else {\n\t\t\t\tHTML::askYesNoWithCheckbox('admin_domain_reallydelete', 'admin_customer_alsoremovemail', $filename, [\n\t\t\t\t\t'id' => $id,\n\t\t\t\t\t'page' => $page,\n\t\t\t\t\t'action' => $action\n\t\t\t\t], $idna_convert->decode($result['domain']));\n\t\t\t}\n\t\t}\n\t} elseif ($action == 'add') {\n\t\tif (Request::post('send') == 'send') {\n\t\t\ttry {\n\t\t\t\tDomains::getLocal($userinfo, Request::postAll())->add();\n\t\t\t} catch (Exception $e) {\n\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t}\n\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t'page' => $page\n\t\t\t]);\n\t\t} else {\n\t\t\t$customers = [\n\t\t\t\t0 => lng('panel.please_choose')\n\t\t\t];\n\t\t\t$result_customers_stmt = Database::prepare(\"\n\t\t\t\t\tSELECT `customerid`, `loginname`, `name`, `firstname`, `company`\n\t\t\t\t\tFROM `\" . TABLE_PANEL_CUSTOMERS . \"` \" . ($userinfo['customers_see_all'] ? '' : \" WHERE `adminid` = :adminid \") . \" ORDER BY COALESCE(NULLIF(`name`,''), `company`) ASC\");\n\t\t\t$params = [];\n\t\t\tif ($userinfo['customers_see_all'] == '0') {\n\t\t\t\t$params['adminid'] = $userinfo['adminid'];\n\t\t\t}\n\t\t\tDatabase::pexecute($result_customers_stmt, $params);\n\n\t\t\twhile ($row_customer = $result_customers_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t$customers[$row_customer['customerid']] = User::getCorrectFullUserDetails($row_customer) . ' (' . $row_customer['loginname'] . ')';\n\t\t\t}\n\n\t\t\t$admins = [];\n\t\t\tif ($userinfo['customers_see_all'] == '1') {\n\t\t\t\t$result_admins_stmt = Database::query(\"\n\t\t\t\t\t\tSELECT `adminid`, `loginname`, `name`\n\t\t\t\t\t\tFROM `\" . TABLE_PANEL_ADMINS . \"`\n\t\t\t\t\t\tWHERE `domains_used` < `domains` OR `domains` = '-1' ORDER BY `name` ASC\");\n\n\t\t\t\twhile ($row_admin = $result_admins_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t\t$admins[$row_admin['adminid']] = User::getCorrectFullUserDetails($row_admin) . ' (' . $row_admin['loginname'] . ')';\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tif ($userinfo['ip'] == \"-1\") {\n\t\t\t\t$result_ipsandports_stmt = Database::query(\"\n\t\t\t\t\t\tSELECT `id`, `ip`, `port` FROM `\" . TABLE_PANEL_IPSANDPORTS . \"` WHERE `ssl`='0' ORDER BY `ip`, `port` ASC\n\t\t\t\t\t\");\n\t\t\t\t$result_ssl_ipsandports_stmt = Database::query(\"\n\t\t\t\t\t\tSELECT `id`, `ip`, `port` FROM `\" . TABLE_PANEL_IPSANDPORTS . \"` WHERE `ssl`='1' ORDER BY `ip`, `port` ASC\n\t\t\t\t\t\");\n\t\t\t} else {\n\t\t\t\t$admin_ip_stmt = Database::prepare(\"\n\t\t\t\t\t\tSELECT `id`, `ip`, `port` FROM `\" . TABLE_PANEL_IPSANDPORTS . \"` WHERE `id` = :ipid ORDER BY `ip`, `port` ASC\n\t\t\t\t\t\");\n\t\t\t\t$admin_ip = Database::pexecute_first($admin_ip_stmt, [\n\t\t\t\t\t'ipid' => $userinfo['ip']\n\t\t\t\t]);\n\n\t\t\t\t$result_ipsandports_stmt = Database::prepare(\"\n\t\t\t\t\t\tSELECT `id`, `ip`, `port` FROM `\" . TABLE_PANEL_IPSANDPORTS . \"` WHERE `ssl`='0' AND `ip` = :ipid ORDER BY `ip`, `port` ASC\n\t\t\t\t\t\");\n\t\t\t\tDatabase::pexecute($result_ipsandports_stmt, [\n\t\t\t\t\t'ipid' => $admin_ip['ip']\n\t\t\t\t]);\n\n\t\t\t\t$result_ssl_ipsandports_stmt = Database::prepare(\"\n\t\t\t\t\t\tSELECT `id`, `ip`, `port` FROM `\" . TABLE_PANEL_IPSANDPORTS . \"` WHERE `ssl`='1' AND `ip` = :ipid ORDER BY `ip`, `port` ASC\n\t\t\t\t\t\");\n\t\t\t\tDatabase::pexecute($result_ssl_ipsandports_stmt, [\n\t\t\t\t\t'ipid' => $admin_ip['ip']\n\t\t\t\t]);\n\t\t\t}\n\n\t\t\t// Build array holding all IPs and Ports available to this admin\n\t\t\t$ipsandports = [];\n\t\t\twhile ($row_ipandport = $result_ipsandports_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\tif (filter_var($row_ipandport['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {\n\t\t\t\t\t$row_ipandport['ip'] = '[' . $row_ipandport['ip'] . ']';\n\t\t\t\t}\n\n\t\t\t\t$ipsandports[] = [\n\t\t\t\t\t'label' => $row_ipandport['ip'] . ':' . $row_ipandport['port'],\n\t\t\t\t\t'value' => $row_ipandport['id']\n\t\t\t\t];\n\t\t\t}\n\n\t\t\t$ssl_ipsandports = [];\n\t\t\twhile ($row_ssl_ipandport = $result_ssl_ipsandports_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\tif (filter_var($row_ssl_ipandport['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {\n\t\t\t\t\t$row_ssl_ipandport['ip'] = '[' . $row_ssl_ipandport['ip'] . ']';\n\t\t\t\t}\n\n\t\t\t\t$ssl_ipsandports[] = [\n\t\t\t\t\t'label' => $row_ssl_ipandport['ip'] . ':' . $row_ssl_ipandport['port'],\n\t\t\t\t\t'value' => $row_ssl_ipandport['id']\n\t\t\t\t];\n\t\t\t}\n\n\t\t\t$standardsubdomains = [];\n\t\t\t$result_standardsubdomains_stmt = Database::query(\"\n\t\t\t\t\tSELECT `id` FROM `\" . TABLE_PANEL_DOMAINS . \"` `d`, `\" . TABLE_PANEL_CUSTOMERS . \"` `c` WHERE `d`.`id` = `c`.`standardsubdomain`\n\t\t\t\t\");\n\n\t\t\twhile ($row_standardsubdomain = $result_standardsubdomains_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t$standardsubdomains[$row_standardsubdomain['id']] = $row_standardsubdomain['id'];\n\t\t\t}\n\n\t\t\tif (count($standardsubdomains) > 0) {\n\t\t\t\t$standardsubdomains = \" AND `d`.`id` NOT IN (\" . join(',', $standardsubdomains) . \") \";\n\t\t\t} else {\n\t\t\t\t$standardsubdomains = '';\n\t\t\t}\n\n\t\t\t$domains = [\n\t\t\t\t0 => lng('domains.noaliasdomain')\n\t\t\t];\n\t\t\t$result_domains_stmt = Database::prepare(\"\n\t\t\t\t\tSELECT `d`.`id`, `d`.`domain`, `c`.`loginname` FROM `\" . TABLE_PANEL_DOMAINS . \"` `d`, `\" . TABLE_PANEL_CUSTOMERS . \"` `c`\n\t\t\t\t\tWHERE `d`.`aliasdomain` IS NULL AND `d`.`parentdomainid` = 0\" . $standardsubdomains . ($userinfo['customers_see_all'] ? '' : \" AND `d`.`adminid` = :adminid\") . \"\n\t\t\t\t\tAND `d`.`customerid`=`c`.`customerid` ORDER BY `loginname`, `domain` ASC\n\t\t\t\t\");\n\t\t\t$params = [];\n\t\t\tif ($userinfo['customers_see_all'] == '0') {\n\t\t\t\t$params['adminid'] = $userinfo['adminid'];\n\t\t\t}\n\t\t\tDatabase::pexecute($result_domains_stmt, $params);\n\n\t\t\twhile ($row_domain = $result_domains_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t$domains[$row_domain['id']] = $idna_convert->decode($row_domain['domain']) . ' (' . $row_domain['loginname'] . ')';\n\t\t\t}\n\n\t\t\t$phpconfigs = [];\n\t\t\t$configs = Database::query(\"\n\t\t\t\t\tSELECT c.*, fc.description as interpreter\n\t\t\t\t\tFROM `\" . TABLE_PANEL_PHPCONFIGS . \"` c\n\t\t\t\t\tLEFT JOIN `\" . TABLE_PANEL_FPMDAEMONS . \"` fc ON fc.id = c.fpmsettingid\n\t\t\t\t\");\n\n\t\t\twhile ($row = $configs->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\tif ((int)Settings::Get('phpfpm.enabled') == 1) {\n\t\t\t\t\t$phpconfigs[$row['id']] = $row['description'] . \" [\" . $row['interpreter'] . \"]\";\n\t\t\t\t} else {\n\t\t\t\t\t$phpconfigs[$row['id']] = $row['description'];\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t$openbasedir = [\n\t\t\t\t0 => lng('domain.docroot'),\n\t\t\t\t1 => lng('domain.homedir'),\n\t\t\t\t2 => lng('domain.docparent')\n\t\t\t];\n\n\t\t\t// create serveralias options\n\t\t\t$serveraliasoptions = [\n\t\t\t\t0 => lng('domains.serveraliasoption_wildcard'),\n\t\t\t\t1 => lng('domains.serveraliasoption_www'),\n\t\t\t\t2 => lng('domains.serveraliasoption_none')\n\t\t\t];\n\n\t\t\t$subcanemaildomain = [\n\t\t\t\t0 => lng('admin.subcanemaildomain.never'),\n\t\t\t\t1 => lng('admin.subcanemaildomain.choosableno'),\n\t\t\t\t2 => lng('admin.subcanemaildomain.choosableyes'),\n\t\t\t\t3 => lng('admin.subcanemaildomain.always')\n\t\t\t];\n\n\t\t\t$domain_add_data = include_once dirname(__FILE__) . '/lib/formfields/admin/domains/formfield.domains_add.php';\n\n\t\t\tUI::view('user/form.html.twig', [\n\t\t\t\t'formaction' => $linker->getLink(['section' => 'domains']),\n\t\t\t\t'formdata' => $domain_add_data['domain_add']\n\t\t\t]);\n\t\t}\n\t} elseif ($action == 'edit' && $id != 0) {\n\t\ttry {\n\t\t\t$json_result = Domains::getLocal($userinfo, [\n\t\t\t\t'id' => $id\n\t\t\t])->get();\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\t\t$result = json_decode($json_result, true)['data'];\n\n\t\tif ($result['domain'] != '') {\n\t\t\t$subdomains_stmt = Database::prepare(\"\n\t\t\t\tSELECT COUNT(`id`) AS count FROM `\" . TABLE_PANEL_DOMAINS . \"` WHERE\n\t\t\t\t`parentdomainid` = :resultid\n\t\t\t\");\n\t\t\t$subdomains = Database::pexecute_first($subdomains_stmt, [\n\t\t\t\t'resultid' => $result['id']\n\t\t\t]);\n\t\t\t$subdomains = $subdomains['count'];\n\n\t\t\t$alias_check_stmt = Database::prepare(\"\n\t\t\t\tSELECT COUNT(`id`) AS count FROM `\" . TABLE_PANEL_DOMAINS . \"` WHERE\n\t\t\t\t`aliasdomain` = :resultid\n\t\t\t\");\n\t\t\t$alias_check = Database::pexecute_first($alias_check_stmt, [\n\t\t\t\t'resultid' => $result['id']\n\t\t\t]);\n\t\t\t$alias_check = $alias_check['count'];\n\n\t\t\t$domain_emails_result_stmt = Database::prepare(\"\n\t\t\t\tSELECT `email`, `email_full`, `destination`, `popaccountid`\n\t\t\t\tFROM `\" . TABLE_MAIL_VIRTUAL . \"` WHERE `customerid` = :customerid AND `domainid` = :id\n\t\t\t\");\n\t\t\tDatabase::pexecute($domain_emails_result_stmt, [\n\t\t\t\t'customerid' => $result['customerid'],\n\t\t\t\t'id' => $result['id']\n\t\t\t]);\n\n\t\t\t$emails = Database::num_rows();\n\t\t\t$email_forwarders = 0;\n\t\t\t$email_accounts = 0;\n\n\t\t\twhile ($domain_emails_row = $domain_emails_result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\tif ($domain_emails_row['destination'] != '') {\n\t\t\t\t\t$domain_emails_row['destination'] = explode(' ', FileDir::makeCorrectDestination($domain_emails_row['destination']));\n\t\t\t\t\t$email_forwarders += count($domain_emails_row['destination']);\n\n\t\t\t\t\tif (in_array($domain_emails_row['email_full'], $domain_emails_row['destination'])) {\n\t\t\t\t\t\t$email_forwarders -= 1;\n\t\t\t\t\t\t$email_accounts++;\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t$ipsresult_stmt = Database::prepare(\"\n\t\t\t\tSELECT `id_ipandports` FROM `\" . TABLE_DOMAINTOIP . \"` WHERE `id_domain` = :id\n\t\t\t\");\n\t\t\tDatabase::pexecute($ipsresult_stmt, [\n\t\t\t\t'id' => $result['id']\n\t\t\t]);\n\n\t\t\t$usedips = [];\n\t\t\twhile ($ipsresultrow = $ipsresult_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t$usedips[] = $ipsresultrow['id_ipandports'];\n\t\t\t}\n\n\t\t\tif (Request::post('send') == 'send') {\n\t\t\t\ttry {\n\t\t\t\t\t// remove ssl ip/ports if set is empty\n\t\t\t\t\tif (empty(Request::post('ssl_ipandport'))) {\n\t\t\t\t\t\t$_POST['remove_ssl_ipandport'] = true;\n\t\t\t\t\t}\n\t\t\t\t\tDomains::getLocal($userinfo, Request::postAll())->update();\n\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t\t}\n\t\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t\t'page' => $page\n\t\t\t\t]);\n\t\t\t} else {\n\t\t\t\tif (Settings::Get('panel.allow_domain_change_customer') == '1') {\n\t\t\t\t\t$customers = [];\n\t\t\t\t\t$result_customers_stmt = Database::prepare(\"\n\t\t\t\t\t\tSELECT `customerid`, `loginname`, `name`, `firstname`, `company` FROM `\" . TABLE_PANEL_CUSTOMERS . \"`\n\t\t\t\t\t\tWHERE ( (`subdomains_used` + :subdomains <= `subdomains` OR `subdomains` = '-1' )\n\t\t\t\t\t\tAND (`emails_used` + :emails <= `emails` OR `emails` = '-1' )\n\t\t\t\t\t\tAND (`email_forwarders_used` + :forwarders <= `email_forwarders` OR `email_forwarders` = '-1' )\n\t\t\t\t\t\tAND (`email_accounts_used` + :accounts <= `email_accounts` OR `email_accounts` = '-1' ) \" . ($userinfo['customers_see_all'] ? '' : \" AND `adminid` = :adminid \") . \")\n\t\t\t\t\t\tOR `customerid` = :customerid ORDER BY `name` ASC\n\t\t\t\t\t\");\n\t\t\t\t\t$params = [\n\t\t\t\t\t\t'subdomains' => $subdomains,\n\t\t\t\t\t\t'emails' => $emails,\n\t\t\t\t\t\t'forwarders' => $email_forwarders,\n\t\t\t\t\t\t'accounts' => $email_accounts,\n\t\t\t\t\t\t'customerid' => $result['customerid']\n\t\t\t\t\t];\n\t\t\t\t\tif ($userinfo['customers_see_all'] == '0') {\n\t\t\t\t\t\t$params['adminid'] = $userinfo['adminid'];\n\t\t\t\t\t}\n\t\t\t\t\tDatabase::pexecute($result_customers_stmt, $params);\n\n\t\t\t\t\twhile ($row_customer = $result_customers_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t\t\t$customers[$row_customer['customerid']] = User::getCorrectFullUserDetails($row_customer) . ' (' . $row_customer['loginname'] . ')';\n\t\t\t\t\t}\n\t\t\t\t} else {\n\t\t\t\t\t$customer_stmt = Database::prepare(\"\n\t\t\t\t\t\tSELECT `customerid`, `loginname`, `name`, `firstname`, `company` FROM `\" . TABLE_PANEL_CUSTOMERS . \"`\n\t\t\t\t\t\tWHERE `customerid` = :customerid\n\t\t\t\t\t\");\n\t\t\t\t\t$customer = Database::pexecute_first($customer_stmt, [\n\t\t\t\t\t\t'customerid' => $result['customerid']\n\t\t\t\t\t]);\n\t\t\t\t\t$result['customername'] = User::getCorrectFullUserDetails($customer);\n\t\t\t\t}\n\n\t\t\t\tif ($userinfo['customers_see_all'] == '1') {\n\t\t\t\t\tif (Settings::Get('panel.allow_domain_change_admin') == '1') {\n\t\t\t\t\t\t$admins = [];\n\t\t\t\t\t\t$result_admins_stmt = Database::prepare(\"\n\t\t\t\t\t\t\tSELECT `adminid`, `loginname`, `name` FROM `\" . TABLE_PANEL_ADMINS . \"`\n\t\t\t\t\t\t\tWHERE (`domains_used` < `domains` OR `domains` = '-1') OR `adminid` = :adminid ORDER BY `name` ASC\n\t\t\t\t\t\t\");\n\t\t\t\t\t\tDatabase::pexecute($result_admins_stmt, [\n\t\t\t\t\t\t\t'adminid' => $result['adminid']\n\t\t\t\t\t\t]);\n\n\t\t\t\t\t\twhile ($row_admin = $result_admins_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t\t\t\t$admins[$row_admin['adminid']] = User::getCorrectFullUserDetails($row_admin) . ' (' . $row_admin['loginname'] . ')';\n\t\t\t\t\t\t}\n\t\t\t\t\t} else {\n\t\t\t\t\t\t$admin_stmt = Database::prepare(\"\n\t\t\t\t\t\t\tSELECT `adminid`, `loginname`, `name` FROM `\" . TABLE_PANEL_ADMINS . \"` WHERE `adminid` = :adminid\n\t\t\t\t\t\t\");\n\t\t\t\t\t\t$admin = Database::pexecute_first($admin_stmt, [\n\t\t\t\t\t\t\t'adminid' => $result['adminid']\n\t\t\t\t\t\t]);\n\t\t\t\t\t\t$result['adminname'] = User::getCorrectFullUserDetails($admin) . ' (' . $admin['loginname'] . ')';\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\t$domains = [\n\t\t\t\t\t0 => lng('domains.noaliasdomain')\n\t\t\t\t];\n\n\t\t\t\t$result_domains_stmt = Database::prepare(\"\n\t\t\t\t\tSELECT `d`.`id`, `d`.`domain` FROM `\" . TABLE_PANEL_DOMAINS . \"` `d`, `\" . TABLE_PANEL_CUSTOMERS . \"` `c`\n\t\t\t\t\tWHERE `d`.`aliasdomain` IS NULL AND `d`.`parentdomainid` = '0' AND `d`.`id` <> :id\n\t\t\t\t\tAND `c`.`standardsubdomain`<>`d`.`id` AND `d`.`customerid` = :customerid AND `c`.`customerid`=`d`.`customerid`\n\t\t\t\t\tORDER BY `d`.`domain` ASC\n\t\t\t\t\");\n\t\t\t\tDatabase::pexecute($result_domains_stmt, [\n\t\t\t\t\t'id' => $result['id'],\n\t\t\t\t\t'customerid' => $result['customerid']\n\t\t\t\t]);\n\n\t\t\t\twhile ($row_domain = $result_domains_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t\t$domains[$row_domain['id']] = $idna_convert->decode($row_domain['domain']);\n\t\t\t\t}\n\n\t\t\t\tif ($userinfo['ip'] == \"-1\") {\n\t\t\t\t\t$result_ipsandports_stmt = Database::query(\"\n\t\t\t\t\t\tSELECT `id`, `ip`, `port` FROM `\" . TABLE_PANEL_IPSANDPORTS . \"` WHERE `ssl`='0' ORDER BY `ip`, `port` ASC\n\t\t\t\t\t\");\n\t\t\t\t\t$result_ssl_ipsandports_stmt = Database::query(\"\n\t\t\t\t\t\tSELECT `id`, `ip`, `port` FROM `\" . TABLE_PANEL_IPSANDPORTS . \"` WHERE `ssl`='1' ORDER BY `ip`, `port` ASC\n\t\t\t\t\t\");\n\t\t\t\t} else {\n\t\t\t\t\t$admin_ip_stmt = Database::prepare(\"\n\t\t\t\t\t\tSELECT `id`, `ip`, `port` FROM `\" . TABLE_PANEL_IPSANDPORTS . \"` WHERE `id` = :ipid ORDER BY `ip`, `port` ASC\n\t\t\t\t\t\");\n\t\t\t\t\t$admin_ip = Database::pexecute_first($admin_ip_stmt, [\n\t\t\t\t\t\t'ipid' => $userinfo['ip']\n\t\t\t\t\t]);\n\n\t\t\t\t\t$result_ipsandports_stmt = Database::prepare(\"\n\t\t\t\t\t\tSELECT `id`, `ip`, `port` FROM `\" . TABLE_PANEL_IPSANDPORTS . \"` WHERE `ssl`='0' AND `ip` = :ipid ORDER BY `ip`, `port` ASC\n\t\t\t\t\t\");\n\t\t\t\t\tDatabase::pexecute($result_ipsandports_stmt, [\n\t\t\t\t\t\t'ipid' => $admin_ip['ip']\n\t\t\t\t\t]);\n\n\t\t\t\t\t$result_ssl_ipsandports_stmt = Database::prepare(\"\n\t\t\t\t\t\tSELECT `id`, `ip`, `port` FROM `\" . TABLE_PANEL_IPSANDPORTS . \"` WHERE `ssl`='1' AND `ip` = :ipid ORDER BY `ip`, `port` ASC\n\t\t\t\t\t\");\n\t\t\t\t\tDatabase::pexecute($result_ssl_ipsandports_stmt, [\n\t\t\t\t\t\t'ipid' => $admin_ip['ip']\n\t\t\t\t\t]);\n\t\t\t\t}\n\n\t\t\t\t$ipsandports = [];\n\t\t\t\twhile ($row_ipandport = $result_ipsandports_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t\tif (filter_var($row_ipandport['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {\n\t\t\t\t\t\t$row_ipandport['ip'] = '[' . $row_ipandport['ip'] . ']';\n\t\t\t\t\t}\n\t\t\t\t\t$ipsandports[] = [\n\t\t\t\t\t\t'label' => $row_ipandport['ip'] . ':' . $row_ipandport['port'],\n\t\t\t\t\t\t'value' => $row_ipandport['id']\n\t\t\t\t\t];\n\t\t\t\t}\n\n\t\t\t\t$ssl_ipsandports = [];\n\t\t\t\twhile ($row_ssl_ipandport = $result_ssl_ipsandports_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t\tif (filter_var($row_ssl_ipandport['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {\n\t\t\t\t\t\t$row_ssl_ipandport['ip'] = '[' . $row_ssl_ipandport['ip'] . ']';\n\t\t\t\t\t}\n\t\t\t\t\t$ssl_ipsandports[] = [\n\t\t\t\t\t\t'label' => $row_ssl_ipandport['ip'] . ':' . $row_ssl_ipandport['port'],\n\t\t\t\t\t\t'value' => $row_ssl_ipandport['id']\n\t\t\t\t\t];\n\t\t\t\t}\n\n\t\t\t\t// check that letsencrypt is not activated for wildcard domain\n\t\t\t\tif ($result['iswildcarddomain'] == '1') {\n\t\t\t\t\t$letsencrypt = 0;\n\t\t\t\t}\n\n\t\t\t\t// Fudge the result for ssl_redirect to hide the Let's Encrypt steps\n\t\t\t\t$result['temporary_ssl_redirect'] = $result['ssl_redirect'];\n\t\t\t\t$result['ssl_redirect'] = ($result['ssl_redirect'] == 0 ? 0 : 1);\n\n\t\t\t\t$openbasedir = [\n\t\t\t\t\t0 => lng('domain.docroot'),\n\t\t\t\t\t1 => lng('domain.homedir'),\n\t\t\t\t\t2 => lng('domain.docparent')\n\t\t\t\t];\n\n\t\t\t\t$serveraliasoptions = [\n\t\t\t\t\t0 => lng('domains.serveraliasoption_wildcard'),\n\t\t\t\t\t1 => lng('domains.serveraliasoption_www'),\n\t\t\t\t\t2 => lng('domains.serveraliasoption_none')\n\t\t\t\t];\n\n\t\t\t\t$subcanemaildomain = [\n\t\t\t\t\t0 => lng('admin.subcanemaildomain.never'),\n\t\t\t\t\t1 => lng('admin.subcanemaildomain.choosableno'),\n\t\t\t\t\t2 => lng('admin.subcanemaildomain.choosableyes'),\n\t\t\t\t\t3 => lng('admin.subcanemaildomain.always')\n\t\t\t\t];\n\n\t\t\t\t$phpconfigs = [];\n\t\t\t\t$phpconfigs_result_stmt = Database::query(\"\n\t\t\t\t\tSELECT c.*, fc.description as interpreter\n\t\t\t\t\tFROM `\" . TABLE_PANEL_PHPCONFIGS . \"` c\n\t\t\t\t\tLEFT JOIN `\" . TABLE_PANEL_FPMDAEMONS . \"` fc ON fc.id = c.fpmsettingid\n\t\t\t\t\");\n\t\t\t\t$c_allowed_configs = Customer::getCustomerDetail($result['customerid'], 'allowed_phpconfigs');\n\t\t\t\tif (!empty($c_allowed_configs)) {\n\t\t\t\t\t$c_allowed_configs = json_decode($c_allowed_configs, true);\n\t\t\t\t} else {\n\t\t\t\t\t$c_allowed_configs = [];\n\t\t\t\t}\n\n\t\t\t\twhile ($phpconfigs_row = $phpconfigs_result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t\t$disabled = !empty($c_allowed_configs) && !in_array($phpconfigs_row['id'], $c_allowed_configs);\n\t\t\t\t\tif (!$disabled) {\n\t\t\t\t\t\tif ((int)Settings::Get('phpfpm.enabled') == 1) {\n\t\t\t\t\t\t\t$phpconfigs[$phpconfigs_row['id']] = $phpconfigs_row['description'] . \" [\" . $phpconfigs_row['interpreter'] . \"]\";\n\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t$phpconfigs[$phpconfigs_row['id']] = $phpconfigs_row['description'];\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\tif (Settings::Get('panel.allow_domain_change_customer') != '1') {\n\t\t\t\t\t$result['customername'] .= ' (getLink([\n\t\t\t\t\t\t\t'section' => 'customers',\n\t\t\t\t\t\t\t'page' => 'customers',\n\t\t\t\t\t\t\t'action' => 'su',\n\t\t\t\t\t\t\t'id' => $customer['customerid']\n\t\t\t\t\t\t]) . '\" rel=\"external\">' . $customer['loginname'] . ')';\n\t\t\t\t}\n\n\t\t\t\t$domain_edit_data = include_once dirname(__FILE__) . '/lib/formfields/admin/domains/formfield.domains_edit.php';\n\n\t\t\t\tUI::view('user/form.html.twig', [\n\t\t\t\t\t'formaction' => $linker->getLink(['section' => 'domains', 'id' => $id]),\n\t\t\t\t\t'formdata' => $domain_edit_data['domain_edit'],\n\t\t\t\t\t'editid' => $id\n\t\t\t\t]);\n\t\t\t}\n\t\t}\n\t} elseif ($action == 'jqGetCustomerPHPConfigs') {\n\t\t$customerid = intval(Request::post('customerid'));\n\t\t$allowed_phpconfigs = Customer::getCustomerDetail($customerid, 'allowed_phpconfigs');\n\t\techo !empty($allowed_phpconfigs) ? $allowed_phpconfigs : json_encode([]);\n\t\texit();\n\t} elseif ($action == 'jqSpeciallogfileNote') {\n\t\t$domainid = intval(Request::post('id'));\n\t\t$newval = intval(Request::post('newval'));\n\t\ttry {\n\t\t\t$json_result = Domains::getLocal($userinfo, [\n\t\t\t\t'id' => $domainid\n\t\t\t])->get();\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\t\t$result = json_decode($json_result, true)['data'];\n\t\tif ($newval != $result['speciallogfile']) {\n\t\t\techo json_encode(['changed' => true, 'info' => lng('admin.speciallogwarning')]);\n\t\t\texit();\n\t\t}\n\t\techo 0;\n\t\texit();\n\t} elseif ($action == 'jqEmaildomainNote') {\n\t\t$domainid = intval(Request::post('id'));\n\t\t$newval = intval(Request::post('newval'));\n\t\ttry {\n\t\t\t$json_result = Domains::getLocal($userinfo, [\n\t\t\t\t'id' => $domainid\n\t\t\t])->get();\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\t\t$result = json_decode($json_result, true)['data'];\n\t\tif ((int)$newval == 0 && $newval != $result['isemaildomain']) {\n\t\t\techo json_encode(['changed' => true, 'info' => lng('admin.emaildomainwarning')]);\n\t\t\texit();\n\t\t}\n\t\techo 0;\n\t\texit();\n\t} elseif ($action == 'import') {\n\t\tif (Request::post('send') == 'send') {\n\t\t\t$separator = Validate::validate(Request::post('separator'), 'separator');\n\t\t\t$offset = (int)Validate::validate(Request::post('offset'), 'offset', \"/[0-9]/i\");\n\n\t\t\t$file_name = $_FILES['file']['tmp_name'];\n\n\t\t\t$result = [];\n\n\t\t\ttry {\n\t\t\t\t$bulk = new DomainBulkAction($file_name, $userinfo);\n\t\t\t\t$result = $bulk->doImport($separator, $offset);\n\t\t\t} catch (Exception $e) {\n\t\t\t\tResponse::standardError('domain_import_error', $e->getMessage());\n\t\t\t}\n\n\t\t\tif (!empty($bulk->getErrors())) {\n\t\t\t\tResponse::dynamicError(implode(\"
\", $bulk->getErrors()));\n\t\t\t}\n\n\t\t\t// update customer/admin counters\n\t\t\tUser::updateCounters(false);\n\t\t\tCronjob::inserttask(TaskId::REBUILD_VHOST);\n\t\t\tCronjob::inserttask(TaskId::REBUILD_DNS);\n\n\t\t\t$result_str = $result['imported'] . ' / ' . $result['all'] . (!empty($result['note']) ? ' (' . $result['note'] . ')' : '');\n\t\t\tResponse::standardSuccess('domain_import_successfully', $result_str, [\n\t\t\t\t'filename' => $filename,\n\t\t\t\t'action' => '',\n\t\t\t\t'page' => 'domains'\n\t\t\t]);\n\t\t} else {\n\t\t\t$domain_import_data = include_once dirname(__FILE__) . '/lib/formfields/admin/domains/formfield.domains_import.php';\n\n\t\t\tUI::view('user/form-note.html.twig', [\n\t\t\t\t'formaction' => $linker->getLink(['section' => 'domains', 'page' => $page]),\n\t\t\t\t'formdata' => $domain_import_data['domain_import'],\n\t\t\t\t// alert-box\n\t\t\t\t'type' => 'info',\n\t\t\t\t'alert_msg' => lng('domains.import_description')\n\t\t\t]);\n\t\t}\n\t} elseif ($action == 'duplicate') {\n\t\tif (Request::post('send') == 'send') {\n\t\t\ttry {\n\t\t\t\tDomains::getLocal($userinfo, Request::postAll())->duplicate();\n\t\t\t} catch (Exception $e) {\n\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t}\n\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t'page' => $page,\n\t\t\t\t'searchfield' => 'd.domain_ace',\n\t\t\t\t'searchtext' => Request::post('domain', \"\")\n\t\t\t]);\n\t\t} else {\n\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t'page' => 'overview'\n\t\t\t]);\n\t\t}\n\t}\n} elseif ($page == 'domainssleditor') {\n\trequire_once __DIR__ . '/ssl_editor.php';\n} elseif ($page == 'domaindnseditor' && Settings::Get('system.dnsenabled') == '1') {\n\trequire_once __DIR__ . '/dns_editor.php';\n} elseif ($page == 'sslcertificates') {\n\trequire_once __DIR__ . '/ssl_certificates.php';\n} elseif ($page == 'logfiles') {\n\trequire_once __DIR__ . '/logfiles_viewer.php';\n}\n" }, { "path": "admin_index.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nconst AREA = 'admin';\nrequire __DIR__ . '/lib/init.php';\n\nuse Froxlor\\Api\\Commands\\Admins as Admins;\nuse Froxlor\\Api\\Commands\\Froxlor as Froxlor;\nuse Froxlor\\CurrentUser;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\Language;\nuse Froxlor\\Settings;\nuse Froxlor\\System\\Cronjob;\nuse Froxlor\\System\\Crypt;\nuse Froxlor\\UI\\Panel\\UI;\nuse Froxlor\\UI\\Request;\nuse Froxlor\\UI\\Response;\nuse Froxlor\\Validate\\Validate;\n\n$id = (int)Request::any('id');\n\nif ($action == 'logout') {\n\t$log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, \"logged out\");\n\tunset($_SESSION['userinfo']);\n\tCurrentUser::setData();\n\tsession_destroy();\n\n\tResponse::redirectTo('index.php');\n} elseif ($action == 'suback') {\n\tif (is_array(CurrentUser::getField('switched_user'))) {\n\t\t$result = CurrentUser::getData();\n\t\t$result = $result['switched_user'];\n\t\tsession_regenerate_id(true);\n\t\tCurrentUser::setData($result);\n\t\t$target = Request::get('target', 'index');\n\t\t$redirect = \"admin_\" . $target . \".php\";\n\t\tif (!file_exists(\\Froxlor\\Froxlor::getInstallDir() . \"/\" . $redirect)) {\n\t\t\t$redirect = \"admin_index.php\";\n\t\t}\n\t\tResponse::redirectTo($redirect, null, true);\n\t} else {\n\t\tResponse::dynamicError(\"Cannot change back - You've never switched to another user :-)\");\n\t}\n}\n\nif ($page == 'overview') {\n\t$log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, \"viewed admin_index\");\n\t$params = [];\n\tif ($userinfo['customers_see_all'] == '0') {\n\t\t$params = [\n\t\t\t'adminid' => $userinfo['adminid']\n\t\t];\n\t}\n\t$overview_stmt = Database::prepare(\"SELECT COUNT(*) AS `number_customers`,\n\t\t\t\tSUM(case when `diskspace` > 0 then `diskspace` else 0 end) AS `diskspace_assigned`,\n\t\t\t\tSUM(`diskspace_used`) AS `diskspace_used`,\n\t\t\t\tSUM(case when `mysqls` > 0 then `mysqls` else 0 end) AS `mysqls_assigned`,\n\t\t\t\tSUM(`mysqls_used`) AS `mysqls_used`,\n\t\t\t\tSUM(case when `emails` > 0 then `emails` else 0 end) AS `emails_assigned`,\n\t\t\t\tSUM(`emails_used`) AS `emails_used`,\n\t\t\t\tSUM(case when `email_accounts` > 0 then `email_accounts` else 0 end) AS `email_accounts_assigned`,\n\t\t\t\tSUM(`email_accounts_used`) AS `email_accounts_used`,\n\t\t\t\tSUM(case when `email_forwarders` > 0 then `email_forwarders` else 0 end) AS `email_forwarders_assigned`,\n\t\t\t\tSUM(`email_forwarders_used`) AS `email_forwarders_used`,\n\t\t\t\tSUM(case when `email_quota` > 0 then `email_quota` else 0 end) AS `email_quota_assigned`,\n\t\t\t\tSUM(`email_quota_used`) AS `email_quota_used`,\n\t\t\t\tSUM(case when `ftps` > 0 then `ftps` else 0 end) AS `ftps_assigned`,\n\t\t\t\tSUM(`ftps_used`) AS `ftps_used`,\n\t\t\t\tSUM(case when `subdomains` > 0 then `subdomains` else 0 end) AS `subdomains_assigned`,\n\t\t\t\tSUM(`subdomains_used`) AS `subdomains_used`,\n\t\t\t\tSUM(case when `traffic` > 0 then `traffic` else 0 end) AS `traffic_assigned`,\n\t\t\t\tSUM(`traffic_used`) AS `traffic_used`\n\t\t\t\tFROM `\" . TABLE_PANEL_CUSTOMERS . \"`\" . ($userinfo['customers_see_all'] ? '' : \" WHERE `adminid` = :adminid \"));\n\t$overview = Database::pexecute_first($overview_stmt, $params);\n\n\t$userinfo['diskspace_bytes'] = ($userinfo['diskspace'] > -1) ? $userinfo['diskspace'] * 1024 : -1;\n\t$overview['diskspace_bytes'] = $overview['diskspace_assigned'] * 1024;\n\t$overview['diskspace_bytes_used'] = $overview['diskspace_used'] * 1024;\n\n\t$userinfo['traffic_bytes'] = ($userinfo['traffic'] > -1) ? $userinfo['traffic'] * 1024 : -1;\n\t$overview['traffic_bytes'] = $overview['traffic_assigned'] * 1024;\n\t$overview['traffic_bytes_used'] = $overview['traffic_used'] * 1024;\n\n\t$number_domains_stmt = Database::prepare(\"\n\t\tSELECT COUNT(*) AS `number_domains` FROM `\" . TABLE_PANEL_DOMAINS . \"`\n\t\tWHERE `parentdomainid`='0'\" . ($userinfo['customers_see_all'] ? '' : \" AND `adminid` = :adminid\"));\n\t$number_domains = Database::pexecute_first($number_domains_stmt, $params);\n\n\t$overview['number_domains'] = $number_domains['number_domains'];\n\n\tif (Request::get('lookfornewversion') == 'yes' || (isset($lookfornewversion) && $lookfornewversion == 'yes')) {\n\t\ttry {\n\t\t\t$json_result = Froxlor::getLocal($userinfo)->checkUpdate();\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\t\t$result = json_decode($json_result, true)['data'];\n\n\t\t$lookfornewversion_lable = $result['version'];\n\t\t$lookfornewversion_link = $result['link'];\n\t\t$lookfornewversion_message = $result['message'];\n\t\t$lookfornewversion_addinfo = $result['additional_info'];\n\t\t$isnewerversion = $result['isnewerversion'];\n\t} else {\n\t\t$lookfornewversion_lable = lng('admin.lookfornewversion.clickhere');\n\t\t$lookfornewversion_link = htmlspecialchars($filename . '?page=' . urlencode($page) . '&lookfornewversion=yes');\n\t\t$lookfornewversion_message = '';\n\t\t$lookfornewversion_addinfo = '';\n\t\t$isnewerversion = 0;\n\t}\n\n\t$cron_last_runs = Cronjob::getCronjobsLastRun();\n\t$outstanding_tasks = Cronjob::getOutstandingTasks();\n\n\t// additional sys-infos\n\t$meminfo = explode(\"\\n\", @file_get_contents(\"/proc/meminfo\"));\n\t$memory = \"\";\n\tfor ($i = 0; $i < count($meminfo); ++$i) {\n\t\tif (substr($meminfo[$i], 0, 3) === \"Mem\") {\n\t\t\t$memory .= $meminfo[$i] . PHP_EOL;\n\t\t}\n\t}\n\n\tif (function_exists('sys_getloadavg')) {\n\t\t$loadArray = sys_getloadavg();\n\t\t$load = number_format($loadArray[0], 2, '.', '') . \" / \" . number_format($loadArray[1], 2, '.', '') . \" / \" . number_format($loadArray[2], 2, '.', '');\n\t} else {\n\t\t$load = @file_get_contents('/proc/loadavg');\n\t\tif (!$load) {\n\t\t\t$load = lng('admin.noloadavailable');\n\t\t}\n\t}\n\n\t$kernel = '';\n\tif (function_exists('posix_uname')) {\n\t\t$kernel_nfo = posix_uname();\n\t\t$kernel = $kernel_nfo['release'] . ' (' . $kernel_nfo['machine'] . ')';\n\t}\n\n\t// Try to get the uptime\n\t// First: With exec (let's hope it's enabled for the Froxlor - vHost)\n\t$uptime_array = explode(\" \", @file_get_contents(\"/proc/uptime\"));\n\t$uptime = '';\n\tif (is_array($uptime_array) && isset($uptime_array[0]) && is_numeric($uptime_array[0])) {\n\t\t// Some calculatioon to get a nicly formatted display\n\t\t$seconds = round($uptime_array[0], 0);\n\t\t$minutes = $seconds / 60;\n\t\t$hours = $minutes / 60;\n\t\t$days = floor($hours / 24);\n\t\t$hours = floor($hours - ($days * 24));\n\t\t$minutes = floor($minutes - ($days * 24 * 60) - ($hours * 60));\n\t\t$seconds = floor($seconds - ($days * 24 * 60 * 60) - ($hours * 60 * 60) - ($minutes * 60));\n\t\t$uptime = \"{$days}d, {$hours}h, {$minutes}m, {$seconds}s\";\n\t\t// Just cleanup\n\t\tunset($uptime_array, $seconds, $minutes, $hours, $days);\n\t}\n\n\t$sysinfo = [\n\t\t'webserver' => $_SERVER['SERVER_SOFTWARE'] ?? 'unknown',\n\t\t'phpversion' => phpversion(),\n\t\t'mysqlserverversion' => Database::getAttribute(PDO::ATTR_SERVER_VERSION),\n\t\t'phpsapi' => strtoupper(@php_sapi_name()),\n\t\t'hostname' => gethostname(),\n\t\t'memory' => $memory,\n\t\t'load' => $load,\n\t\t'kernel' => $kernel,\n\t\t'uptime' => $uptime\n\t];\n\n\tUI::twig()->addGlobal('userinfo', $userinfo);\n\tUI::view('user/index.html.twig', [\n\t\t'sysinfo' => $sysinfo,\n\t\t'overview' => $overview,\n\t\t'outstanding_tasks' => $outstanding_tasks,\n\t\t'cron_last_runs' => $cron_last_runs\n\t]);\n} elseif ($page == 'profile') {\n\t$languages = Language::getLanguages();\n\n\tif (!empty($_POST)) {\n\t\tif (Request::post('send') == 'changepassword') {\n\t\t\t$old_password = Validate::validate(Request::post('old_password'), 'old password');\n\n\t\t\tif (!Crypt::validatePasswordLogin($userinfo, $old_password, TABLE_PANEL_ADMINS, 'adminid')) {\n\t\t\t\tResponse::standardError('oldpasswordnotcorrect');\n\t\t\t}\n\n\t\t\ttry {\n\t\t\t\t$new_password = Crypt::validatePassword(Request::post('new_password'), 'new password');\n\t\t\t\t$new_password_confirm = Crypt::validatePassword(Request::post('new_password_confirm'), 'new password confirm');\n\t\t\t} catch (Exception $e) {\n\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t}\n\n\t\t\tif ($old_password == '') {\n\t\t\t\tResponse::standardError([\n\t\t\t\t\t'stringisempty',\n\t\t\t\t\t'changepassword.old_password'\n\t\t\t\t]);\n\t\t\t} elseif ($new_password == '') {\n\t\t\t\tResponse::standardError([\n\t\t\t\t\t'stringisempty',\n\t\t\t\t\t'changepassword.new_password'\n\t\t\t\t]);\n\t\t\t} elseif ($new_password_confirm == '') {\n\t\t\t\tResponse::standardError([\n\t\t\t\t\t'stringisempty',\n\t\t\t\t\t'changepassword.new_password_confirm'\n\t\t\t\t]);\n\t\t\t} elseif ($new_password != $new_password_confirm) {\n\t\t\t\tResponse::standardError('newpasswordconfirmerror');\n\t\t\t} else {\n\t\t\t\ttry {\n\t\t\t\t\tAdmins::getLocal($userinfo, [\n\t\t\t\t\t\t'id' => $userinfo['adminid'],\n\t\t\t\t\t\t'admin_password' => $new_password\n\t\t\t\t\t])->update();\n\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t\t}\n\t\t\t\t$log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, 'changed password');\n\t\t\t\tResponse::redirectTo($filename);\n\t\t\t}\n\t\t} elseif (Request::post('send') == 'changetheme') {\n\t\t\tif (Settings::Get('panel.allow_theme_change_admin') == 1) {\n\t\t\t\t$theme = Validate::validate(Request::post('theme'), 'theme');\n\t\t\t\ttry {\n\t\t\t\t\tAdmins::getLocal($userinfo, [\n\t\t\t\t\t\t'id' => $userinfo['adminid'],\n\t\t\t\t\t\t'theme' => $theme\n\t\t\t\t\t])->update();\n\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t\t}\n\n\t\t\t\t$log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, \"changed his/her theme to '\" . $theme . \"'\");\n\t\t\t}\n\t\t\tResponse::redirectTo($filename);\n\t\t} elseif (Request::post('send') == 'changelanguage') {\n\t\t\t$def_language = Validate::validate(Request::post('def_language'), 'default language');\n\n\t\t\tif (isset($languages[$def_language])) {\n\t\t\t\ttry {\n\t\t\t\t\tAdmins::getLocal($userinfo, [\n\t\t\t\t\t\t'id' => $userinfo['adminid'],\n\t\t\t\t\t\t'def_language' => $def_language\n\t\t\t\t\t])->update();\n\t\t\t\t\tCurrentUser::setField('language', $def_language);\n\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t\t}\n\t\t\t}\n\t\t\t$log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, \"changed his/her default language to '\" . $def_language . \"'\");\n\t\t\tResponse::redirectTo($filename);\n\t\t}\n\t} else {\n\t\t// change theme\n\t\t$default_theme = Settings::Get('panel.default_theme');\n\t\tif ($userinfo['theme'] != '') {\n\t\t\t$default_theme = $userinfo['theme'];\n\t\t}\n\t\t$themes_avail = UI::getThemes();\n\n\t\t// change language\n\t\t$default_lang = Settings::Get('panel.standardlanguage');\n\t\tif ($userinfo['def_language'] != '') {\n\t\t\t$default_lang = $userinfo['def_language'];\n\t\t}\n\n\t\tUI::view('user/profile.html.twig', [\n\t\t\t'themes' => $themes_avail,\n\t\t\t'default_theme' => $default_theme,\n\t\t\t'languages' => $languages,\n\t\t\t'default_lang' => $default_lang,\n\t\t]);\n\t}\n} elseif ($page == 'send_error_report' && Settings::Get('system.allow_error_report_admin') == '1') {\n\trequire_once __DIR__ . '/error_report.php';\n} elseif ($page == 'apikeys' && Settings::Get('api.enabled') == 1) {\n\trequire_once __DIR__ . '/api_keys.php';\n} elseif ($page == '2fa' && Settings::Get('2fa.enabled') == 1) {\n\trequire_once __DIR__ . '/2fa.php';\n}\n" }, { "path": "admin_ipsandports.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nconst AREA = 'admin';\nrequire __DIR__ . '/lib/init.php';\n\nuse Froxlor\\Api\\Commands\\IpsAndPorts;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\PhpHelper;\nuse Froxlor\\UI\\Collection;\nuse Froxlor\\UI\\HTML;\nuse Froxlor\\UI\\Listing;\nuse Froxlor\\UI\\Panel\\UI;\nuse Froxlor\\UI\\Request;\nuse Froxlor\\UI\\Response;\n\n$id = (int)Request::any('id');\n\nif (($page == 'ipsandports' || $page == 'overview') && $userinfo['change_serversettings'] == '1') {\n\tif ($action == '') {\n\t\t$log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, \"viewed admin_ipsandports\");\n\n\t\ttry {\n\t\t\t$ipsandports_list_data = include_once dirname(__FILE__) . '/lib/tablelisting/admin/tablelisting.ipsandports.php';\n\t\t\t$collection = (new Collection(IpsAndPorts::class, $userinfo))\n\t\t\t\t->withPagination($ipsandports_list_data['ipsandports_list']['columns'], $ipsandports_list_data['ipsandports_list']['default_sorting']);\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\n\t\tUI::view('user/table.html.twig', [\n\t\t\t'listing' => Listing::format($collection, $ipsandports_list_data, 'ipsandports_list'),\n\t\t\t'actions_links' => [\n\t\t\t\t[\n\t\t\t\t\t'href' => $linker->getLink(['section' => 'ipsandports', 'page' => $page, 'action' => 'add']),\n\t\t\t\t\t'label' => lng('admin.ipsandports.add')\n\t\t\t\t]\n\t\t\t]\n\t\t]);\n\t} elseif ($action == 'delete' && $id != 0) {\n\t\ttry {\n\t\t\t$json_result = IpsAndPorts::getLocal($userinfo, [\n\t\t\t\t'id' => $id\n\t\t\t])->get();\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\t\t$result = json_decode($json_result, true)['data'];\n\n\t\tif (isset($result['id']) && $result['id'] == $id) {\n\t\t\tif (Request::post('send') == 'send') {\n\t\t\t\ttry {\n\t\t\t\t\tIpsAndPorts::getLocal($userinfo, [\n\t\t\t\t\t\t'id' => $id\n\t\t\t\t\t])->delete();\n\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t\t}\n\n\t\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t\t'page' => $page\n\t\t\t\t]);\n\t\t\t} else {\n\t\t\t\tHTML::askYesNo('admin_ip_reallydelete', $filename, [\n\t\t\t\t\t'id' => $id,\n\t\t\t\t\t'page' => $page,\n\t\t\t\t\t'action' => $action\n\t\t\t\t], $result['ip'] . ':' . $result['port']);\n\t\t\t}\n\t\t}\n\t} elseif ($action == 'add') {\n\t\tif (Request::post('send') == 'send') {\n\t\t\ttry {\n\t\t\t\tIpsAndPorts::getLocal($userinfo, Request::postAll())->add();\n\t\t\t} catch (Exception $e) {\n\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t}\n\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t'page' => $page\n\t\t\t]);\n\t\t} else {\n\t\t\t$ipsandports_add_data = include_once dirname(__FILE__) . '/lib/formfields/admin/ipsandports/formfield.ipsandports_add.php';\n\n\t\t\tUI::view('user/form.html.twig', [\n\t\t\t\t'formaction' => $linker->getLink(['section' => 'ipsandports']),\n\t\t\t\t'formdata' => $ipsandports_add_data['ipsandports_add']\n\t\t\t]);\n\t\t}\n\t} elseif ($action == 'edit' && $id != 0) {\n\t\ttry {\n\t\t\t$json_result = IpsAndPorts::getLocal($userinfo, [\n\t\t\t\t'id' => $id\n\t\t\t])->get();\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\t\t$result = json_decode($json_result, true)['data'];\n\n\t\tif ($result['ip'] != '') {\n\t\t\tif (Request::post('send') == 'send') {\n\t\t\t\ttry {\n\t\t\t\t\tIpsAndPorts::getLocal($userinfo, Request::postAll())->update();\n\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t\t}\n\t\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t\t'page' => $page\n\t\t\t\t]);\n\t\t\t} else {\n\t\t\t\t$result = PhpHelper::htmlentitiesArray($result);\n\n\t\t\t\t$ipsandports_edit_data = include_once dirname(__FILE__) . '/lib/formfields/admin/ipsandports/formfield.ipsandports_edit.php';\n\n\t\t\t\tUI::view('user/form.html.twig', [\n\t\t\t\t\t'formaction' => $linker->getLink(['section' => 'ipsandports', 'id' => $id]),\n\t\t\t\t\t'formdata' => $ipsandports_edit_data['ipsandports_edit'],\n\t\t\t\t\t'editid' => $id\n\t\t\t\t]);\n\t\t\t}\n\t\t}\n\t} elseif ($action == 'jqCheckIP') {\n\t\t$ip = Request::post('ip', '');\n\t\tif (!filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 | FILTER_FLAG_IPV6)) {\n\t\t\techo json_encode('
'.lng('error.invalidip', [$ip]).'
');\n\t\t} elseif (!filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_RES_RANGE | FILTER_FLAG_NO_PRIV_RANGE)) {\n\t\t\t// returns notice if private network detected, so we can display it\n\t\t\techo json_encode(lng('admin.ipsandports.ipnote'));\n\t\t} else {\n\t\t\techo 0;\n\t\t}\n\t\texit();\n\t}\n}\n" }, { "path": "admin_logger.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nconst AREA = 'admin';\nrequire __DIR__ . '/lib/init.php';\n\nuse Froxlor\\Api\\Commands\\SysLog;\nuse Froxlor\\UI\\Collection;\nuse Froxlor\\UI\\HTML;\nuse Froxlor\\UI\\Listing;\nuse Froxlor\\UI\\Panel\\UI;\nuse Froxlor\\UI\\Request;\nuse Froxlor\\UI\\Response;\n\nif ($page == 'log') {\n\tif ($action == '') {\n\t\ttry {\n\t\t\t$syslog_list_data = include_once dirname(__FILE__) . '/lib/tablelisting/tablelisting.syslog.php';\n\t\t\t$collection = (new Collection(SysLog::class, $userinfo))\n\t\t\t\t->withPagination($syslog_list_data['syslog_list']['columns'], $syslog_list_data['syslog_list']['default_sorting']);\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\n\t\tUI::view('user/table.html.twig', [\n\t\t\t'listing' => Listing::format($collection, $syslog_list_data, 'syslog_list'),\n\t\t\t'actions_links' => ($userinfo['change_serversettings'] == '1' ? [\n\t\t\t\t[\n\t\t\t\t\t'href' => $linker->getLink(['section' => 'logger', 'page' => 'log', 'action' => 'truncate']),\n\t\t\t\t\t'label' => lng('logger.truncate'),\n\t\t\t\t\t'icon' => 'fa-solid fa-recycle',\n\t\t\t\t\t'class' => 'btn-warning'\n\t\t\t\t]\n\t\t\t] : [])\n\t\t]);\n\t} elseif ($action == 'truncate' && $userinfo['change_serversettings'] == '1') {\n\t\tif (Request::post('send') == 'send') {\n\t\t\ttry {\n\t\t\t\tSysLog::getLocal($userinfo, [\n\t\t\t\t\t'min_to_keep' => 10\n\t\t\t\t])->delete();\n\t\t\t} catch (Exception $e) {\n\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t}\n\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t'page' => $page\n\t\t\t]);\n\t\t} else {\n\t\t\tHTML::askYesNo('logger_reallytruncate', $filename, [\n\t\t\t\t'page' => $page,\n\t\t\t\t'action' => $action\n\t\t\t], TABLE_PANEL_LOG);\n\t\t}\n\t}\n}\n" }, { "path": "admin_message.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nconst AREA = 'admin';\nrequire __DIR__ . '/lib/init.php';\n\nuse Froxlor\\Database\\Database;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\UI\\Panel\\UI;\nuse Froxlor\\UI\\Request;\nuse Froxlor\\UI\\Response;\nuse Froxlor\\User;\n\n$id = (int)Request::any('id');\n\n$note_type = null;\n$note_msg = null;\n\nif ($page == 'message') {\n\tif ($action == '') {\n\t\t$log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, 'viewed panel_message');\n\n\t\tif (Request::post('send') == 'send') {\n\t\t\tif (Request::post('recipient', -1) == 0 && $userinfo['customers_see_all'] == '1') {\n\t\t\t\t$log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, 'sending messages to admins');\n\t\t\t\t$result = Database::query('SELECT `name`, `email` FROM `' . TABLE_PANEL_ADMINS . \"`\");\n\t\t\t} elseif (Request::post('recipient', -1) == 1) {\n\t\t\t\tif ($userinfo['customers_see_all'] == '1') {\n\t\t\t\t\t$log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, 'sending messages to ALL customers');\n\t\t\t\t\t$result = Database::query('SELECT `firstname`, `name`, `company`, `email` FROM `' . TABLE_PANEL_CUSTOMERS . \"`\");\n\t\t\t\t} else {\n\t\t\t\t\t$log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, 'sending messages to customers');\n\t\t\t\t\t$result = Database::prepare('\n\t\t\t\t\t\tSELECT `firstname`, `name`, `company`, `email` FROM `' . TABLE_PANEL_CUSTOMERS . \"`\n\t\t\t\t\t\tWHERE `adminid` = :adminid\");\n\t\t\t\t\tDatabase::pexecute($result, [\n\t\t\t\t\t\t'adminid' => $userinfo['adminid']\n\t\t\t\t\t]);\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\tResponse::standardError('norecipientsgiven');\n\t\t\t}\n\n\t\t\t$subject = Request::post('subject');\n\t\t\t$message = wordwrap(Request::post('message'), 70);\n\n\t\t\tif (!empty($message)) {\n\t\t\t\t$mailcounter = 0;\n\t\t\t\t$mail->Body = $message;\n\t\t\t\t$mail->Subject = $subject;\n\n\t\t\t\twhile ($row = $result->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t\t$row['firstname'] = isset($row['firstname']) ? $row['firstname'] : '';\n\t\t\t\t\t$row['company'] = isset($row['company']) ? $row['company'] : '';\n\t\t\t\t\t$mail->AddAddress($row['email'], User::getCorrectUserSalutation([\n\t\t\t\t\t\t'firstname' => $row['firstname'],\n\t\t\t\t\t\t'name' => $row['name'],\n\t\t\t\t\t\t'company' => $row['company']\n\t\t\t\t\t]));\n\t\t\t\t\t$mail->From = $userinfo['email'];\n\t\t\t\t\t$mail->FromName = (isset($userinfo['firstname']) ? $userinfo['firstname'] . ' ' : '') . $userinfo['name'];\n\n\t\t\t\t\tif (!$mail->Send()) {\n\t\t\t\t\t\tif ($mail->ErrorInfo != '') {\n\t\t\t\t\t\t\t$mailerr_msg = $mail->ErrorInfo;\n\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t$mailerr_msg = $row['email'];\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\t$log->logAction(FroxlorLogger::ADM_ACTION, LOG_ERR, 'Error sending mail: ' . $mailerr_msg);\n\t\t\t\t\t\tResponse::standardError('errorsendingmail', $row['email']);\n\t\t\t\t\t}\n\n\t\t\t\t\t$mailcounter++;\n\t\t\t\t\t$mail->ClearAddresses();\n\t\t\t\t}\n\n\t\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t\t'page' => $page,\n\t\t\t\t\t'action' => 'showsuccess',\n\t\t\t\t\t'sentitems' => $mailcounter\n\t\t\t\t]);\n\t\t\t} else {\n\t\t\t\tResponse::standardError('nomessagetosend');\n\t\t\t}\n\t\t}\n\t} elseif ($action == 'showsuccess') {\n\t\t$sentitems = Request::get('sentitems', 0);\n\n\t\tif ($sentitems == 0) {\n\t\t\t$note_type = 'info';\n\t\t\t$note_msg = lng('message.norecipients');\n\t\t} else {\n\t\t\t$note_type = 'success';\n\t\t\t$note_msg = lng('message.success', [$sentitems]);\n\t\t}\n\t}\n\n\t$recipients = [];\n\n\tif ($userinfo['customers_see_all'] == '1') {\n\t\t$recipients[0] = lng('panel.reseller');\n\t}\n\t$recipients[1] = lng('panel.customer');\n\n\t$messages_add_data = include_once dirname(__FILE__) . '/lib/formfields/admin/messages/formfield.messages_add.php';\n\n\tUI::view('user/form-note.html.twig', [\n\t\t'formaction' => $linker->getLink(['section' => 'message', 'action' => '']),\n\t\t'formdata' => $messages_add_data['messages_add'],\n\t\t'actions_links' => ($userinfo['change_serversettings'] == '1' ? [\n\t\t\t[\n\t\t\t\t'href' => $linker->getLink([\n\t\t\t\t\t'section' => 'settings',\n\t\t\t\t\t'page' => 'overview',\n\t\t\t\t\t'part' => 'system',\n\t\t\t\t\t'em' => 'system_mail_use_smtp'\n\t\t\t\t]),\n\t\t\t\t'label' => lng('admin.smtpsettings'),\n\t\t\t\t'icon' => 'fa-solid fa-gears',\n\t\t\t\t'class' => 'btn-outline-secondary'\n\t\t\t]\n\t\t] : []),\n\t\t// alert-box\n\t\t'type' => $note_type,\n\t\t'alert_msg' => $note_msg\n\t]);\n}\n" }, { "path": "admin_mysqlserver.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nconst AREA = 'admin';\nrequire __DIR__ . '/lib/init.php';\n\nuse Froxlor\\Api\\Commands\\MysqlServer;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\PhpHelper;\nuse Froxlor\\UI\\Collection;\nuse Froxlor\\UI\\HTML;\nuse Froxlor\\UI\\Listing;\nuse Froxlor\\UI\\Panel\\UI;\nuse Froxlor\\UI\\Request;\nuse Froxlor\\UI\\Response;\n\n$id = (int)Request::any('id');\n\nif (($page == 'mysqlserver' || $page == 'overview') && $userinfo['change_serversettings'] == '1') {\n\tif ($action == '') {\n\t\t$log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, \"viewed admin_mysqlserver\");\n\n\t\ttry {\n\t\t\t$mysqlserver_list_data = include_once dirname(__FILE__) . '/lib/tablelisting/admin/tablelisting.mysqlserver.php';\n\t\t\t$collection = (new Collection(MysqlServer::class, $userinfo))\n\t\t\t\t->withPagination($mysqlserver_list_data['mysqlserver_list']['columns'], $mysqlserver_list_data['mysqlserver_list']['default_sorting']);\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\n\t\tUI::view('user/table.html.twig', [\n\t\t\t'listing' => Listing::format($collection, $mysqlserver_list_data, 'mysqlserver_list'),\n\t\t\t'actions_links' => [\n\t\t\t\t[\n\t\t\t\t\t'href' => $linker->getLink(['section' => 'mysqlserver', 'page' => $page, 'action' => 'add']),\n\t\t\t\t\t'label' => lng('admin.mysqlserver.add')\n\t\t\t\t]\n\t\t\t]\n\t\t]);\n\t} elseif ($action == 'delete' && $id != 0) {\n\t\ttry {\n\t\t\t$json_result = MysqlServer::getLocal($userinfo, [\n\t\t\t\t'id' => $id\n\t\t\t])->get();\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\t\t$result = json_decode($json_result, true)['data'];\n\n\t\tif (isset($result['id']) && $result['id'] == $id) {\n\t\t\tif (Request::post('send') == 'send') {\n\t\t\t\ttry {\n\t\t\t\t\tMysqlServer::getLocal($userinfo, [\n\t\t\t\t\t\t'id' => $id\n\t\t\t\t\t])->delete();\n\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t\t}\n\n\t\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t\t'page' => $page\n\t\t\t\t]);\n\t\t\t} else {\n\t\t\t\tHTML::askYesNo('admin_mysqlserver_reallydelete', $filename, [\n\t\t\t\t\t'id' => $id,\n\t\t\t\t\t'page' => $page,\n\t\t\t\t\t'action' => $action\n\t\t\t\t], $result['caption'] . ' (' . $result['host'] . ')');\n\t\t\t}\n\t\t}\n\t} elseif ($action == 'add') {\n\t\tif (Request::post('send') == 'send') {\n\t\t\ttry {\n\t\t\t\tMysqlServer::getLocal($userinfo, Request::postAll())->add();\n\t\t\t} catch (Exception $e) {\n\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t}\n\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t'page' => $page\n\t\t\t]);\n\t\t} else {\n\t\t\t$mysqlserver_add_data = include_once dirname(__FILE__) . '/lib/formfields/admin/mysqlserver/formfield.mysqlserver_add.php';\n\n\t\t\tUI::view('user/form.html.twig', [\n\t\t\t\t'formaction' => $linker->getLink(['section' => 'mysqlserver']),\n\t\t\t\t'formdata' => $mysqlserver_add_data['mysqlserver_add']\n\t\t\t]);\n\t\t}\n\t} elseif ($action == 'edit' && $id >= 0) {\n\t\ttry {\n\t\t\t$json_result = MysqlServer::getLocal($userinfo, [\n\t\t\t\t'id' => $id\n\t\t\t])->get();\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\t\t$result = json_decode($json_result, true)['data'];\n\n\t\tif (isset($result['id']) && $result['id'] == $id) {\n\t\t\tif (Request::post('send') == 'send') {\n\t\t\t\ttry {\n\t\t\t\t\tMysqlServer::getLocal($userinfo, Request::postAll())->update();\n\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t\t}\n\t\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t\t'page' => $page\n\t\t\t\t]);\n\t\t\t} else {\n\t\t\t\t$result = PhpHelper::htmlentitiesArray($result);\n\n\t\t\t\t$mysqlserver_edit_data = include_once dirname(__FILE__) . '/lib/formfields/admin/mysqlserver/formfield.mysqlserver_edit.php';\n\n\t\t\t\tUI::view('user/form.html.twig', [\n\t\t\t\t\t'formaction' => $linker->getLink(['section' => 'mysqlserver', 'id' => $id]),\n\t\t\t\t\t'formdata' => $mysqlserver_edit_data['mysqlserver_edit'],\n\t\t\t\t\t'editid' => $id\n\t\t\t\t]);\n\t\t\t}\n\t\t}\n\t}\n}\n" }, { "path": "admin_opcacheinfo.php", "content": "\n * @author Janos Muzsi \n * @author Andrew Collington \n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n *\n * Based on https://github.com/amnuts/opcache-gui, which is\n * licensed under the MIT licence, which can be viewed\n * online at https://acollington.mit-license.org/\n */\n\nconst AREA = 'admin';\nrequire __DIR__ . '/lib/init.php';\n\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\UI\\HTML;\nuse Froxlor\\UI\\Panel\\UI;\nuse Froxlor\\UI\\Request;\nuse Froxlor\\UI\\Response;\n\nif ($action == 'reset' && function_exists('opcache_reset') && $userinfo['change_serversettings'] == '1') {\n\tif (Request::post('send') == 'send') {\n\t\topcache_reset();\n\t\t$log->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, \"reset OPcache\");\n\t\theader('Location: ' . $linker->getLink([\n\t\t\t\t'section' => 'opcacheinfo',\n\t\t\t\t'page' => 'showinfo'\n\t\t\t]));\n\t\texit();\n\t} else {\n\t\tHTML::askYesNo('cache_reallydelete', $filename, [\n\t\t\t'page' => $page,\n\t\t\t'action' => 'reset',\n\t\t], '', [\n\t\t\t'section' => 'opcacheinfo',\n\t\t\t'page' => 'showinfo'\n\t\t]);\n\t}\n}\n\nif (!extension_loaded('Zend OPcache')) {\n\tResponse::standardError('no_opcacheinfo');\n}\n\n$ocEnabled = ini_get('opcache.enable');\nif (empty($ocEnabled)) {\n\tResponse::standardError('inactive_opcacheinfo');\n}\n\nif ($page == 'showinfo' && $userinfo['change_serversettings'] == '1') {\n\t$time = time();\n\t$log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, \"viewed OPcache info\");\n\n\t$opcache = (new \\Amnuts\\Opcache\\Service())->getData();\n\n\tUI::view('settings/opcacheinfo.html.twig', [\n\t\t'opcacheinfo' => [\n\t\t\t'version' => $opcache['version'],\n\t\t\t'overview' => $opcache['overview'],\n\t\t\t'files' => $opcache['files'],\n\t\t\t'preload' => $opcache['preload'],\n\t\t\t'directives' => $opcache['directives'],\n\t\t\t'blacklist' => $opcache['blacklist'],\n\t\t\t'functions' => $opcache['functions'],\n\t\t]\n\t]);\n}\n" }, { "path": "admin_phpsettings.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nconst AREA = 'admin';\nrequire __DIR__ . '/lib/init.php';\n\nuse Froxlor\\Api\\Commands\\FpmDaemons;\nuse Froxlor\\Api\\Commands\\PhpSettings;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\Froxlor;\nuse Froxlor\\UI\\Collection;\nuse Froxlor\\UI\\HTML;\nuse Froxlor\\UI\\Listing;\nuse Froxlor\\UI\\Panel\\UI;\nuse Froxlor\\UI\\Request;\nuse Froxlor\\UI\\Response;\n\n$id = (int)Request::any('id');\n\nif ($page == 'overview') {\n\tif ($action == '') {\n\t\ttry {\n\t\t\t$phpconf_list_data = include_once dirname(__FILE__) . '/lib/tablelisting/admin/tablelisting.phpconfigs.php';\n\t\t\t$collection = (new Collection(PhpSettings::class, $userinfo, ['with_subdomains' => true]))\n\t\t\t\t->withPagination($phpconf_list_data['phpconf_list']['columns'], $phpconf_list_data['phpconf_list']['default_sorting']);\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\n\t\tUI::view('user/table.html.twig', [\n\t\t\t'listing' => Listing::format($collection, $phpconf_list_data, 'phpconf_list'),\n\t\t\t'actions_links' => (bool)$userinfo['change_serversettings'] ? [\n\t\t\t\t[\n\t\t\t\t\t'href' => $linker->getLink(['section' => 'phpsettings', 'page' => $page, 'action' => 'add']),\n\t\t\t\t\t'label' => lng('admin.phpsettings.addnew')\n\t\t\t\t]\n\t\t\t] : []\n\t\t]);\n\t}\n\n\tif ($action == 'add') {\n\t\tif ((int)$userinfo['change_serversettings'] == 1) {\n\t\t\tif (Request::post('send') == 'send') {\n\t\t\t\ttry {\n\t\t\t\t\tPhpSettings::getLocal($userinfo, Request::postAll())->add();\n\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t\t}\n\t\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t\t'page' => $page\n\t\t\t\t]);\n\t\t\t} else {\n\t\t\t\tif (file_exists(Froxlor::getInstallDir() . '/templates/misc/php/default.ini.php')) {\n\t\t\t\t\tinclude Froxlor::getInstallDir() . '/templates/misc/php/default.ini.php';\n\t\t\t\t\t$result = [\n\t\t\t\t\t\t'phpsettings' => $phpini\n\t\t\t\t\t];\n\t\t\t\t} else {\n\t\t\t\t\t// use first php-config as fallback\n\t\t\t\t\t$result_stmt = Database::query(\"SELECT * FROM `\" . TABLE_PANEL_PHPCONFIGS . \"` WHERE `id` = 1\");\n\t\t\t\t\t$result = $result_stmt->fetch(PDO::FETCH_ASSOC);\n\t\t\t\t}\n\n\t\t\t\t$fpmconfigs = [];\n\t\t\t\t$configs = Database::query(\"SELECT * FROM `\" . TABLE_PANEL_FPMDAEMONS . \"` ORDER BY `description` ASC\");\n\t\t\t\twhile ($row = $configs->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t\t$fpmconfigs[$row['id']] = $row['description'];\n\t\t\t\t}\n\n\t\t\t\t$phpconfig_add_data = include_once dirname(__FILE__) . '/lib/formfields/admin/phpconfig/formfield.phpconfig_add.php';\n\n\t\t\t\tUI::view('user/form-replacers.html.twig', [\n\t\t\t\t\t'formaction' => $linker->getLink(['section' => 'phpsettings']),\n\t\t\t\t\t'formdata' => $phpconfig_add_data['phpconfig_add'],\n\t\t\t\t\t'replacers' => $phpconfig_add_data['phpconfig_replacers']\n\t\t\t\t]);\n\t\t\t}\n\t\t} else {\n\t\t\tResponse::standardError('nopermissionsorinvalidid');\n\t\t}\n\t}\n\n\tif ($action == 'delete') {\n\t\ttry {\n\t\t\t$json_result = PhpSettings::getLocal($userinfo, [\n\t\t\t\t'id' => $id\n\t\t\t])->get();\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\t\t$result = json_decode($json_result, true)['data'];\n\n\t\tif ($result['id'] != 0 && $result['id'] == $id && (int)$userinfo['change_serversettings'] == 1 && $id != 1) // cannot delete the default php.config\n\t\t{\n\t\t\tif (Request::post('send') == 'send') {\n\t\t\t\ttry {\n\t\t\t\t\tPhpSettings::getLocal($userinfo, [\n\t\t\t\t\t\t'id' => $id\n\t\t\t\t\t])->delete();\n\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t\t}\n\t\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t\t'page' => $page\n\t\t\t\t]);\n\t\t\t} else {\n\t\t\t\tHTML::askYesNo('phpsetting_reallydelete', $filename, [\n\t\t\t\t\t'id' => $id,\n\t\t\t\t\t'page' => $page,\n\t\t\t\t\t'action' => $action\n\t\t\t\t], $result['description']);\n\t\t\t}\n\t\t} else {\n\t\t\tResponse::standardError('nopermissionsorinvalidid');\n\t\t}\n\t}\n\n\tif ($action == 'edit') {\n\t\ttry {\n\t\t\t$json_result = PhpSettings::getLocal($userinfo, [\n\t\t\t\t'id' => $id\n\t\t\t])->get();\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\t\t$result = json_decode($json_result, true)['data'];\n\n\t\tif ($result['id'] != 0 && $result['id'] == $id && (int)$userinfo['change_serversettings'] == 1) {\n\t\t\tif (Request::post('send') == 'send') {\n\t\t\t\ttry {\n\t\t\t\t\tPhpSettings::getLocal($userinfo, Request::postAll())->update();\n\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t\t}\n\t\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t\t'page' => $page\n\t\t\t\t]);\n\t\t\t} else {\n\t\t\t\t$fpmconfigs = [];\n\t\t\t\t$configs = Database::query(\"SELECT * FROM `\" . TABLE_PANEL_FPMDAEMONS . \"` ORDER BY `description` ASC\");\n\t\t\t\twhile ($row = $configs->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t\t$fpmconfigs[$row['id']] = $row['description'];\n\t\t\t\t}\n\n\t\t\t\t$phpconfig_edit_data = include_once dirname(__FILE__) . '/lib/formfields/admin/phpconfig/formfield.phpconfig_edit.php';\n\n\t\t\t\tUI::view('user/form-replacers.html.twig', [\n\t\t\t\t\t'formaction' => $linker->getLink(['section' => 'phpsettings', 'id' => $id]),\n\t\t\t\t\t'formdata' => $phpconfig_edit_data['phpconfig_edit'],\n\t\t\t\t\t'replacers' => $phpconfig_edit_data['phpconfig_replacers'],\n\t\t\t\t\t'editid' => $id\n\t\t\t\t]);\n\t\t\t}\n\t\t} else {\n\t\t\tResponse::standardError('nopermissionsorinvalidid');\n\t\t}\n\t}\n} elseif ($page == 'fpmdaemons') {\n\tif ($action == '') {\n\t\ttry {\n\t\t\t$fpmconf_list_data = include_once dirname(__FILE__) . '/lib/tablelisting/admin/tablelisting.fpmconfigs.php';\n\t\t\t$collection = (new Collection(FpmDaemons::class, $userinfo))\n\t\t\t\t->withPagination($fpmconf_list_data['fpmconf_list']['columns'], $fpmconf_list_data['fpmconf_list']['default_sorting']);\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\n\t\tUI::view('user/table.html.twig', [\n\t\t\t'listing' => Listing::format($collection, $fpmconf_list_data, 'fpmconf_list'),\n\t\t\t'actions_links' => (bool)$userinfo['change_serversettings'] ? [\n\t\t\t\t[\n\t\t\t\t\t'href' => $linker->getLink(['section' => 'phpsettings', 'page' => $page, 'action' => 'add']),\n\t\t\t\t\t'label' => lng('admin.fpmsettings.addnew')\n\t\t\t\t]\n\t\t\t] : []\n\t\t]);\n\t}\n\n\tif ($action == 'add') {\n\t\tif ((int)$userinfo['change_serversettings'] == 1) {\n\t\t\tif (Request::post('send') == 'send') {\n\t\t\t\ttry {\n\t\t\t\t\tFpmDaemons::getLocal($userinfo, Request::postAll())->add();\n\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t\t}\n\t\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t\t'page' => $page\n\t\t\t\t]);\n\t\t\t} else {\n\t\t\t\t$fpmconfig_add_data = include_once dirname(__FILE__) . '/lib/formfields/admin/phpconfig/formfield.fpmconfig_add.php';\n\n\t\t\t\tUI::view('user/form-replacers.html.twig', [\n\t\t\t\t\t'formaction' => $linker->getLink(['section' => 'phpsettings', 'page' => 'fpmdaemons']),\n\t\t\t\t\t'formdata' => $fpmconfig_add_data['fpmconfig_add'],\n\t\t\t\t\t'replacers' => $fpmconfig_add_data['fpmconfig_replacers']\n\t\t\t\t]);\n\t\t\t}\n\t\t} else {\n\t\t\tResponse::standardError('nopermissionsorinvalidid');\n\t\t}\n\t}\n\n\tif ($action == 'delete') {\n\t\ttry {\n\t\t\t$json_result = FpmDaemons::getLocal($userinfo, [\n\t\t\t\t'id' => $id\n\t\t\t])->get();\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\t\t$result = json_decode($json_result, true)['data'];\n\n\t\tif ($id == 1) {\n\t\t\tResponse::standardError('cannotdeletedefaultphpconfig');\n\t\t}\n\n\t\tif ($result['id'] != 0 && $result['id'] == $id && (int)$userinfo['change_serversettings'] == 1 && $id != 1) // cannot delete the default php.config\n\t\t{\n\t\t\tif (Request::post('send') == 'send') {\n\t\t\t\ttry {\n\t\t\t\t\tFpmDaemons::getLocal($userinfo, Request::postAll())->delete();\n\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t\t}\n\t\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t\t'page' => $page\n\t\t\t\t]);\n\t\t\t} else {\n\t\t\t\tHTML::askYesNo('fpmsetting_reallydelete', $filename, [\n\t\t\t\t\t'id' => $id,\n\t\t\t\t\t'page' => $page,\n\t\t\t\t\t'action' => $action\n\t\t\t\t], $result['description']);\n\t\t\t}\n\t\t} else {\n\t\t\tResponse::standardError('nopermissionsorinvalidid');\n\t\t}\n\t}\n\n\tif ($action == 'edit') {\n\t\ttry {\n\t\t\t$json_result = FpmDaemons::getLocal($userinfo, [\n\t\t\t\t'id' => $id\n\t\t\t])->get();\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\t\t$result = json_decode($json_result, true)['data'];\n\n\t\tif ($result['id'] != 0 && $result['id'] == $id && (int)$userinfo['change_serversettings'] == 1) {\n\t\t\tif (Request::post('send') == 'send') {\n\t\t\t\ttry {\n\t\t\t\t\tFpmDaemons::getLocal($userinfo, Request::postAll())->update();\n\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t\t}\n\t\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t\t'page' => $page\n\t\t\t\t]);\n\t\t\t} else {\n\t\t\t\t$fpmconfig_edit_data = include_once dirname(__FILE__) . '/lib/formfields/admin/phpconfig/formfield.fpmconfig_edit.php';\n\n\t\t\t\tUI::view('user/form-replacers.html.twig', [\n\t\t\t\t\t'formaction' => $linker->getLink(['section' => 'phpsettings', 'page' => 'fpmdaemons', 'id' => $id]),\n\t\t\t\t\t'formdata' => $fpmconfig_edit_data['fpmconfig_edit'],\n\t\t\t\t\t'replacers' => $fpmconfig_edit_data['fpmconfig_replacers'],\n\t\t\t\t\t'editid' => $id\n\t\t\t\t]);\n\t\t\t}\n\t\t} else {\n\t\t\tResponse::standardError('nopermissionsorinvalidid');\n\t\t}\n\t}\n}\n" }, { "path": "admin_plans.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nconst AREA = 'admin';\nrequire __DIR__ . '/lib/init.php';\n\nuse Froxlor\\Api\\Commands\\HostingPlans;\nuse Froxlor\\Api\\Commands\\MysqlServer;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\PhpHelper;\nuse Froxlor\\Settings;\nuse Froxlor\\UI\\Collection;\nuse Froxlor\\UI\\HTML;\nuse Froxlor\\UI\\Listing;\nuse Froxlor\\UI\\Panel\\UI;\nuse Froxlor\\UI\\Request;\nuse Froxlor\\UI\\Response;\n\n$id = (int)Request::any('id');\n\nif ($page == '' || $page == 'overview') {\n\tif ($action == '') {\n\t\t$log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, \"viewed admin_plans\");\n\n\t\ttry {\n\t\t\t$plan_list_data = include_once dirname(__FILE__) . '/lib/tablelisting/admin/tablelisting.plans.php';\n\t\t\t$collection = (new Collection(HostingPlans::class, $userinfo))\n\t\t\t\t->withPagination($plan_list_data['plan_list']['columns'], $plan_list_data['plan_list']['default_sorting']);\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\n\t\tUI::view('user/table.html.twig', [\n\t\t\t'listing' => Listing::format($collection, $plan_list_data, 'plan_list'),\n\t\t\t'actions_links' => [\n\t\t\t\t[\n\t\t\t\t\t'href' => $linker->getLink(['section' => 'plans', 'page' => $page, 'action' => 'add']),\n\t\t\t\t\t'label' => lng('admin.plans.add')\n\t\t\t\t]\n\t\t\t]\n\t\t]);\n\t} elseif ($action == 'delete' && $id != 0) {\n\t\ttry {\n\t\t\t$json_result = HostingPlans::getLocal($userinfo, [\n\t\t\t\t'id' => $id\n\t\t\t])->get();\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\t\t$result = json_decode($json_result, true)['data'];\n\n\t\tif ($result['id'] != 0 && $result['id'] == $id && (int)$userinfo['adminid'] == $result['adminid']) {\n\t\t\tif (Request::post('send') == 'send') {\n\t\t\t\ttry {\n\t\t\t\t\tHostingPlans::getLocal($userinfo, [\n\t\t\t\t\t\t'id' => $id\n\t\t\t\t\t])->delete();\n\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t\t}\n\n\t\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t\t'page' => $page\n\t\t\t\t]);\n\t\t\t} else {\n\t\t\t\tHTML::askYesNo('plan_reallydelete', $filename, [\n\t\t\t\t\t'id' => $id,\n\t\t\t\t\t'page' => $page,\n\t\t\t\t\t'action' => $action\n\t\t\t\t], $result['name']);\n\t\t\t}\n\t\t} else {\n\t\t\tResponse::standardError('nopermissionsorinvalidid');\n\t\t}\n\t} elseif ($action == 'add') {\n\t\tif (Request::post('send') == 'send') {\n\t\t\ttry {\n\t\t\t\tHostingPlans::getLocal($userinfo, Request::postAll())->add();\n\t\t\t} catch (Exception $e) {\n\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t}\n\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t'page' => $page\n\t\t\t]);\n\t\t} else {\n\t\t\t$mysql_servers = [];\n\t\t\ttry {\n\t\t\t\t$result_json = MysqlServer::getLocal($userinfo)->listing();\n\t\t\t\t$result_decoded = json_decode($result_json, true)['data']['list'];\n\t\t\t\tforeach ($result_decoded as $dbserver => $dbdata) {\n\t\t\t\t\t$mysql_servers[] = [\n\t\t\t\t\t\t'label' => $dbdata['caption'],\n\t\t\t\t\t\t'value' => $dbserver\n\t\t\t\t\t];\n\t\t\t\t}\n\t\t\t} catch (Exception $e) {\n\t\t\t\t/* just none */\n\t\t\t}\n\n\t\t\t$phpconfigs = [];\n\t\t\t$configs = Database::query(\"\n\t\t\t\t\tSELECT c.*, fc.description as interpreter\n\t\t\t\t\tFROM `\" . TABLE_PANEL_PHPCONFIGS . \"` c\n\t\t\t\t\tLEFT JOIN `\" . TABLE_PANEL_FPMDAEMONS . \"` fc ON fc.id = c.fpmsettingid\n\t\t\t\t\");\n\t\t\twhile ($row = $configs->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\tif ((int)Settings::Get('phpfpm.enabled') == 1) {\n\t\t\t\t\t$phpconfigs[] = [\n\t\t\t\t\t\t'label' => $row['description'] . \" [\" . $row['interpreter'] . \"]\",\n\t\t\t\t\t\t'value' => $row['id']\n\t\t\t\t\t];\n\t\t\t\t} else {\n\t\t\t\t\t$phpconfigs[] = [\n\t\t\t\t\t\t'label' => $row['description'],\n\t\t\t\t\t\t'value' => $row['id']\n\t\t\t\t\t];\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// dummy to avoid unknown variables\n\t\t\t$hosting_plans = null;\n\n\t\t\t$plans_add_data = include_once __DIR__ . '/lib/formfields/admin/plans/formfield.plans_add.php';\n\t\t\t$cust_add_data = include_once __DIR__ . '/lib/formfields/admin/customer/formfield.customer_add.php';\n\t\t\t// unset unneeded stuff\n\t\t\tunset($cust_add_data['customer_add']['sections']['section_a']);\n\t\t\tunset($cust_add_data['customer_add']['sections']['section_b']);\n\t\t\tunset($cust_add_data['customer_add']['sections']['section_cpre']);\n\t\t\t// merge\n\t\t\t$plans_add_data['plans_add']['sections'] = array_merge($plans_add_data['plans_add']['sections'], $cust_add_data['customer_add']['sections']);\n\n\t\t\tUI::view('user/form.html.twig', [\n\t\t\t\t'formaction' => $linker->getLink(['section' => 'plans']),\n\t\t\t\t'formdata' => $plans_add_data['plans_add']\n\t\t\t]);\n\t\t}\n\t} elseif ($action == 'edit' && $id != 0) {\n\t\ttry {\n\t\t\t$json_result = HostingPlans::getLocal($userinfo, [\n\t\t\t\t'id' => $id\n\t\t\t])->get();\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\t\t$result = json_decode($json_result, true)['data'];\n\n\t\tif ($result['name'] != '') {\n\t\t\t$result['value'] = json_decode($result['value'], true);\n\t\t\t$result = PhpHelper::htmlentitiesArray($result);\n\n\t\t\tforeach ($result['value'] as $index => $value) {\n\t\t\t\t$result[$index] = $value;\n\t\t\t}\n\t\t\t$result['allowed_phpconfigs'] = json_encode($result['allowed_phpconfigs']);\n\n\t\t\tif (Request::post('send') == 'send') {\n\t\t\t\ttry {\n\t\t\t\t\tHostingPlans::getLocal($userinfo, Request::postAll())->update();\n\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t\t}\n\t\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t\t'page' => $page\n\t\t\t\t]);\n\t\t\t} else {\n\t\t\t\t$mysql_servers = [];\n\t\t\t\ttry {\n\t\t\t\t\t$result_json = MysqlServer::getLocal($userinfo)->listing();\n\t\t\t\t\t$result_decoded = json_decode($result_json, true)['data']['list'];\n\t\t\t\t\tforeach ($result_decoded as $dbserver => $dbdata) {\n\t\t\t\t\t\t$mysql_servers[] = [\n\t\t\t\t\t\t\t'label' => $dbdata['caption'],\n\t\t\t\t\t\t\t'value' => $dbserver\n\t\t\t\t\t\t];\n\t\t\t\t\t}\n\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\t/* just none */\n\t\t\t\t}\n\n\t\t\t\t$phpconfigs = [];\n\t\t\t\t$configs = Database::query(\"\n\t\t\t\t\tSELECT c.*, fc.description as interpreter\n\t\t\t\t\tFROM `\" . TABLE_PANEL_PHPCONFIGS . \"` c\n\t\t\t\t\tLEFT JOIN `\" . TABLE_PANEL_FPMDAEMONS . \"` fc ON fc.id = c.fpmsettingid\n\t\t\t\t\");\n\t\t\t\twhile ($row = $configs->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t\tif ((int)Settings::Get('phpfpm.enabled') == 1) {\n\t\t\t\t\t\t$phpconfigs[] = [\n\t\t\t\t\t\t\t'label' => $row['description'] . \" [\" . $row['interpreter'] . \"]\",\n\t\t\t\t\t\t\t'value' => $row['id']\n\t\t\t\t\t\t];\n\t\t\t\t\t} else {\n\t\t\t\t\t\t$phpconfigs[] = [\n\t\t\t\t\t\t\t'label' => $row['description'],\n\t\t\t\t\t\t\t'value' => $row['id']\n\t\t\t\t\t\t];\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\t$result['imap'] = $result['email_imap'];\n\t\t\t\t$result['pop3'] = $result['email_pop3'];\n\n\t\t\t\t// dummy to avoid unknown variables\n\t\t\t\t$result['loginname'] = null;\n\t\t\t\t$result['documentroot'] = null;\n\t\t\t\t$result['standardsubdomain'] = null;\n\t\t\t\t$result['deactivated'] = null;\n\t\t\t\t$result['def_language'] = null;\n\t\t\t\t$result['firstname'] = null;\n\t\t\t\t$result['gender'] = null;\n\t\t\t\t$result['company'] = null;\n\t\t\t\t$result['street'] = null;\n\t\t\t\t$result['zipcode'] = null;\n\t\t\t\t$result['city'] = null;\n\t\t\t\t$result['phone'] = null;\n\t\t\t\t$result['fax'] = null;\n\t\t\t\t$result['email'] = null;\n\t\t\t\t$result['customernumber'] = null;\n\t\t\t\t$result['custom_notes'] = null;\n\t\t\t\t$result['custom_notes_show'] = null;\n\t\t\t\t$result['api_allowed'] = null;\n\t\t\t\t$hosting_plans = null;\n\t\t\t\t$admin_select = [];\n\n\t\t\t\t$plans_edit_data = include_once __DIR__ . '/lib/formfields/admin/plans/formfield.plans_edit.php';\n\t\t\t\t$cust_edit_data = include_once __DIR__ . '/lib/formfields/admin/customer/formfield.customer_edit.php';\n\t\t\t\t// unset unneeded stuff\n\t\t\t\tunset($cust_edit_data['customer_edit']['sections']['section_a']);\n\t\t\t\tunset($cust_edit_data['customer_edit']['sections']['section_b']);\n\t\t\t\tunset($cust_edit_data['customer_edit']['sections']['section_cpre']);\n\t\t\t\tunset($cust_edit_data['customer_edit']['sections']['section_d']);\n\t\t\t\t// merge\n\t\t\t\t$plans_edit_data['plans_edit']['sections'] = array_merge($plans_edit_data['plans_edit']['sections'], $cust_edit_data['customer_edit']['sections']);\n\n\t\t\t\tUI::view('user/form.html.twig', [\n\t\t\t\t\t'formaction' => $linker->getLink(['section' => 'plans', 'id' => $id]),\n\t\t\t\t\t'formdata' => $plans_edit_data['plans_edit'],\n\t\t\t\t\t'editid' => $id\n\t\t\t\t]);\n\t\t\t}\n\t\t}\n\t} elseif ($action == 'jqGetPlanValues') {\n\t\t$planid = (int)Request::any('planid', 0);\n\t\ttry {\n\t\t\t$json_result = HostingPlans::getLocal($userinfo, [\n\t\t\t\t'id' => $planid\n\t\t\t])->get();\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\t\t$result = json_decode($json_result, true)['data'];\n\t\techo $result['value'];\n\t\texit();\n\t}\n}\n" }, { "path": "admin_settings.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nuse Froxlor\\Api\\Commands\\Froxlor;\nuse Froxlor\\Cron\\TaskId;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\Database\\IntegrityCheck;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\PhpHelper;\nuse Froxlor\\Settings;\nuse Froxlor\\System\\Cronjob;\nuse Froxlor\\UI\\Form;\nuse Froxlor\\UI\\HTML;\nuse Froxlor\\UI\\Listing;\nuse Froxlor\\UI\\Panel\\UI;\nuse Froxlor\\UI\\Request;\nuse Froxlor\\UI\\Response;\nuse Froxlor\\User;\nuse PHPMailer\\PHPMailer\\PHPMailer;\n\nconst AREA = 'admin';\nrequire __DIR__ . '/lib/init.php';\n\nif ($page == 'overview' && $userinfo['change_serversettings'] == '1') {\n\t$settings_data = PhpHelper::loadConfigArrayDir('./actions/admin/settings/');\n\tSettings::loadSettingsInto($settings_data);\n\n\tif (Request::post('send') == 'send') {\n\t\t$_part = Request::get('part', '');\n\t\tif ($_part == '') {\n\t\t\t$_part = Request::post('part', '');\n\t\t}\n\n\t\tif ($_part != '') {\n\t\t\tif ($_part == 'all') {\n\t\t\t\t$settings_all = true;\n\t\t\t\t$settings_part = false;\n\t\t\t} else {\n\t\t\t\t$settings_all = false;\n\t\t\t\t$settings_part = true;\n\t\t\t}\n\t\t\t$only_enabledisable = false;\n\t\t} else {\n\t\t\t$settings_all = false;\n\t\t\t$settings_part = false;\n\t\t\t$only_enabledisable = true;\n\t\t}\n\n\t\t// check if the session timeout is too low #815\n\t\tif (!empty(Request::post('session_sessiontimeout')) && intval(Request::post('session_sessiontimeout', 0)) < 60) {\n\t\t\tResponse::standardError(['session_timeout', 'session_timeout_desc']);\n\t\t}\n\n\t\ttry {\n\t\t\tif (Form::processForm($settings_data, Request::postAll(), [\n\t\t\t\t'filename' => $filename,\n\t\t\t\t'action' => $action,\n\t\t\t\t'page' => $page,\n\t\t\t\t'part' => $_part,\n\t\t\t], $_part, $settings_all, $settings_part, $only_enabledisable)) {\n\t\t\t\t$log->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, \"rebuild configfiles due to changed setting\");\n\t\t\t\tCronjob::inserttask(TaskId::REBUILD_VHOST);\n\t\t\t\t// Using nameserver, insert a task which rebuilds the server config\n\t\t\t\tCronjob::inserttask(TaskId::REBUILD_DNS);\n\t\t\t\t// cron.d file\n\t\t\t\tCronjob::inserttask(TaskId::REBUILD_CRON);\n\n\t\t\t\tResponse::standardSuccess('settingssaved', '', [\n\t\t\t\t\t'filename' => $filename,\n\t\t\t\t\t'action' => $action,\n\t\t\t\t\t'page' => $page\n\t\t\t\t]);\n\t\t\t}\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage(), $e->getCode());\n\t\t}\n\t} else {\n\t\t$_part = Request::get('part', '');\n\t\tif ($_part == '') {\n\t\t\t$_part = Request::post('part', '');\n\t\t}\n\n\t\t$fields = Form::buildForm($settings_data, $_part);\n\n\t\tif ($_part == '' || $_part == 'all') {\n\t\t\tUI::view('settings/index.html.twig', ['fields' => $fields]);\n\t\t} else {\n\t\t\t$em = Request::any('em', '');\n\t\t\tUI::view('settings/detailpart.html.twig', [\n\t\t\t\t'fields' => $fields,\n\t\t\t\t'em' => $em,\n\t\t\t\t'part' => $_part,\n\t\t\t\t// alert-box\n\t\t\t\t'type' => 'warning',\n\t\t\t\t'heading' => lng('dns.nis2note.title'),\n\t\t\t\t'alert_msg' => lng('dns.nis2note.content')\n\t\t\t]);\n\t\t}\n\t}\n} elseif ($page == 'phpinfo' && $userinfo['change_serversettings'] == '1') {\n\tob_start();\n\tphpinfo();\n\t$phpinfo = [\n\t\t'phpinfo' => []\n\t];\n\tif (preg_match_all('#(?:

(?:)?(.*?)(?:)?

)|(?:(.*?)\\s*(?:(.*?)\\s*(?:(.*?)\\s*)?)?)#s', ob_get_clean(), $matches, PREG_SET_ORDER)) {\n\t\tforeach ($matches as $match) {\n\t\t\t$end = array_keys($phpinfo);\n\t\t\t$end = end($end);\n\t\t\tif (strlen($match[1])) {\n\t\t\t\t$phpinfo[$match[1]] = [];\n\t\t\t} elseif (isset($match[3])) {\n\t\t\t\t$phpinfo[$end][$match[2]] = isset($match[4]) ? [\n\t\t\t\t\t$match[3],\n\t\t\t\t\t$match[4]\n\t\t\t\t] : $match[3];\n\t\t\t} else {\n\t\t\t\t$phpinfo[$end][] = $match[2];\n\t\t\t}\n\t\t}\n\t} else {\n\t\tResponse::standardError('error.no_phpinfo');\n\t}\n\tUI::view('settings/phpinfo.html.twig', [\n\t\t'phpversion' => PHP_VERSION,\n\t\t'phpinfo' => $phpinfo\n\t]);\n} elseif ($page == 'rebuildconfigs' && $userinfo['change_serversettings'] == '1') {\n\tif (Request::post('send') == 'send') {\n\t\t$log->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, \"rebuild configfiles\");\n\t\tCronjob::inserttask(TaskId::REBUILD_VHOST);\n\t\tCronjob::inserttask(TaskId::CREATE_QUOTA);\n\t\t// Using nameserver, insert a task which rebuilds the server config\n\t\tCronjob::inserttask(TaskId::REBUILD_DNS);\n\t\t// cron.d file\n\t\tCronjob::inserttask(TaskId::REBUILD_CRON);\n\n\t\tResponse::standardSuccess('rebuildingconfigs', '', [\n\t\t\t'filename' => 'admin_index.php'\n\t\t]);\n\t} else {\n\t\tHTML::askYesNo('admin_configs_reallyrebuild', $filename, [\n\t\t\t'page' => $page\n\t\t]);\n\t}\n} elseif ($page == 'updatecounters' && $userinfo['change_serversettings'] == '1') {\n\tif (Request::post('send') == 'send') {\n\t\t$log->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, \"updated resource-counters\");\n\t\t$updatecounters = User::updateCounters(true);\n\t\tUI::view('user/resource-counter.html.twig', [\n\t\t\t'counters' => $updatecounters\n\t\t]);\n\t} else {\n\t\tHTML::askYesNo('admin_counters_reallyupdate', $filename, [\n\t\t\t'page' => $page\n\t\t]);\n\t}\n} elseif ($page == 'wipecleartextmailpws' && $userinfo['change_serversettings'] == '1') {\n\tif (Request::post('send') == 'send') {\n\t\t$log->logAction(FroxlorLogger::ADM_ACTION, LOG_WARNING, \"wiped all cleartext mail passwords\");\n\t\tDatabase::query(\"UPDATE `\" . TABLE_MAIL_USERS . \"` SET `password` = '';\");\n\t\tDatabase::query(\"UPDATE `\" . TABLE_PANEL_SETTINGS . \"` SET `value` = '0' WHERE `settinggroup` = 'system' AND `varname` = 'mailpwcleartext'\");\n\t\tResponse::redirectTo($filename);\n\t} else {\n\t\tHTML::askYesNo('admin_cleartextmailpws_reallywipe', $filename, [\n\t\t\t'page' => $page\n\t\t]);\n\t}\n} elseif ($page == 'wipequotas' && $userinfo['change_serversettings'] == '1') {\n\tif (Request::post('send') == 'send') {\n\t\t$log->logAction(FroxlorLogger::ADM_ACTION, LOG_WARNING, \"wiped all mailquotas\");\n\n\t\t// Set the quota to 0 which means unlimited\n\t\tDatabase::query(\"UPDATE `\" . TABLE_MAIL_USERS . \"` SET `quota` = '0';\");\n\t\tDatabase::query(\"UPDATE `\" . TABLE_PANEL_CUSTOMERS . \"` SET `email_quota_used` = '0'\");\n\t\tResponse::redirectTo($filename);\n\t} else {\n\t\tHTML::askYesNo('admin_quotas_reallywipe', $filename, [\n\t\t\t'page' => $page\n\t\t]);\n\t}\n} elseif ($page == 'enforcequotas' && $userinfo['change_serversettings'] == '1') {\n\tif (Request::post('send') == 'send') {\n\t\t// Fetch all accounts\n\t\t$result_stmt = Database::query(\"SELECT `quota`, `customerid` FROM `\" . TABLE_MAIL_USERS . \"`\");\n\n\t\tif (Database::num_rows() > 0) {\n\t\t\t$upd_stmt = Database::prepare(\"\n\t\t\t\tUPDATE `\" . TABLE_PANEL_CUSTOMERS . \"` SET\n\t\t\t\t`email_quota_used` = `email_quota_used` + :diff\n\t\t\t\tWHERE `customerid` = :customerid\n\t\t\t\");\n\n\t\t\twhile ($array = $result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t$difference = Settings::Get('system.mail_quota') - $array['quota'];\n\t\t\t\tDatabase::pexecute($upd_stmt, [\n\t\t\t\t\t'diff' => $difference,\n\t\t\t\t\t'customerid' => $customerid\n\t\t\t\t]);\n\t\t\t}\n\t\t}\n\n\t\t// Set the new quota\n\t\t$upd_stmt = Database::prepare(\"\n\t\t\tUPDATE `\" . TABLE_MAIL_USERS . \"` SET `quota` = :quota\n\t\t\");\n\t\tDatabase::pexecute($upd_stmt, [\n\t\t\t'quota' => Settings::Get('system.mail_quota')\n\t\t]);\n\n\t\t// Update the Customer, if the used quota is bigger than the allowed quota\n\t\tDatabase::query(\"UPDATE `\" . TABLE_PANEL_CUSTOMERS . \"` SET `email_quota` = `email_quota_used` WHERE `email_quota` < `email_quota_used`\");\n\t\t$log->logAction(FroxlorLogger::ADM_ACTION, LOG_WARNING, 'enforcing mailquota to all customers: ' . Settings::Get('system.mail_quota') . ' MB');\n\t\tResponse::redirectTo($filename);\n\t} else {\n\t\tHTML::askYesNo('admin_quotas_reallyenforce', $filename, [\n\t\t\t'page' => $page\n\t\t]);\n\t}\n} elseif ($page == 'integritycheck' && $userinfo['change_serversettings'] == '1') {\n\t$integrity = new IntegrityCheck();\n\tif (Request::post('send') == 'send') {\n\t\t$integrity->fixAll();\n\t} elseif (Request::get('action') == \"fix\") {\n\t\tHTML::askYesNo('admin_integritycheck_reallyfix', $filename, [\n\t\t\t'page' => $page\n\t\t]);\n\t}\n\n\t$integritycheck = [];\n\tforeach ($integrity->available as $id => $check) {\n\t\t$integritycheck[] = [\n\t\t\t'displayid' => $id + 1,\n\t\t\t'result' => $integrity->$check(),\n\t\t\t'checkdesc' => lng('integrity_check.' . $check)\n\t\t];\n\t}\n\n\t$integrity_list_data = include_once dirname(__FILE__) . '/lib/tablelisting/admin/tablelisting.integrity.php';\n\t$collection = [\n\t\t'data' => $integritycheck,\n\t\t'pagination' => []\n\t];\n\n\tUI::view('user/table.html.twig', [\n\t\t'listing' => Listing::formatFromArray($collection, $integrity_list_data['integrity_list'], 'integrity_list'),\n\t\t'actions_links' => [\n\t\t\t[\n\t\t\t\t'href' => $linker->getLink(['section' => 'settings', 'page' => $page, 'action' => 'fix']),\n\t\t\t\t'label' => lng('admin.integrityfix'),\n\t\t\t\t'icon' => 'fa-solid fa-screwdriver-wrench',\n\t\t\t\t'class' => 'btn-warning'\n\t\t\t]\n\t\t]\n\t]);\n} elseif ($page == 'importexport' && $userinfo['change_serversettings'] == '1') {\n\t// check for json-stuff\n\tif (!extension_loaded('json')) {\n\t\tResponse::standardError('jsonextensionnotfound');\n\t}\n\n\tif (Request::get('action') == \"export\") {\n\t\t// export\n\t\ttry {\n\t\t\t$json_result = Froxlor::getLocal($userinfo)->exportSettings();\n\t\t\t$json_export = json_decode($json_result, true)['data'];\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\t\theader('Content-disposition: attachment; filename=Froxlor_settings-' . \\Froxlor\\Froxlor::VERSION . '-' . \\Froxlor\\Froxlor::DBVERSION . '_' . date('d.m.Y') . '.json');\n\t\theader('Content-type: application/json');\n\t\techo $json_export;\n\t\texit();\n\t} elseif (Request::get('action') == \"import\") {\n\t\t// import\n\t\tif (Request::post('send') == 'send') {\n\t\t\t// get uploaded file\n\t\t\tif (isset($_FILES[\"import_file\"][\"tmp_name\"])) {\n\t\t\t\t$imp_content = file_get_contents($_FILES[\"import_file\"][\"tmp_name\"]);\n\t\t\t\ttry {\n\t\t\t\t\tFroxlor::getLocal($userinfo, [\n\t\t\t\t\t\t'json_str' => $imp_content\n\t\t\t\t\t])->importSettings();\n\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t\t}\n\t\t\t\tResponse::standardSuccess('settingsimported', '', [\n\t\t\t\t\t'filename' => 'admin_settings.php'\n\t\t\t\t]);\n\t\t\t}\n\t\t\tResponse::dynamicError(\"Upload failed\");\n\t\t}\n\t} else {\n\t\t$settings_data = include_once dirname(__FILE__) . '/lib/formfields/admin/settings/formfield.settings_import.php';\n\n\t\tUI::view('user/form.html.twig', [\n\t\t\t'formaction' => $linker->getLink(['section' => 'settings', 'page' => $page, 'action' => 'import']),\n\t\t\t'formdata' => $settings_data['settings_import'],\n\t\t\t'actions_links' => [\n\t\t\t\t[\n\t\t\t\t\t'class' => 'btn-outline-primary',\n\t\t\t\t\t'href' => $linker->getLink(['section' => 'settings', 'page' => 'overview']),\n\t\t\t\t\t'label' => lng('admin.configfiles.overview'),\n\t\t\t\t\t'icon' => 'fa-solid fa-grip'\n\t\t\t\t],\n\t\t\t\t[\n\t\t\t\t\t'class' => 'btn-outline-secondary',\n\t\t\t\t\t'href' => $linker->getLink(['section' => 'settings', 'page' => $page, 'action' => 'export']),\n\t\t\t\t\t'label' => 'Download/export ' . lng('admin.serversettings'),\n\t\t\t\t\t'icon' => 'fa-solid fa-file-import'\n\t\t\t\t]\n\t\t\t]\n\t\t]);\n\t}\n} elseif ($page == 'testmail') {\n\t$note_type = 'info';\n\t$note_msg = lng('admin.smtptestnote');\n\n\tif (Request::post('send') == 'send') {\n\t\t$test_addr = Request::post('test_addr');\n\n\t\t// Initialize the mailingsystem\n\t\t$testmail = new PHPMailer(true);\n\t\t$testmail->CharSet = \"UTF-8\";\n\n\t\tif (Settings::Get('system.mail_use_smtp')) {\n\t\t\t$testmail->isSMTP();\n\t\t\t$testmail->Host = Settings::Get('system.mail_smtp_host');\n\t\t\t$testmail->SMTPAuth = Settings::Get('system.mail_smtp_auth') == '1';\n\t\t\t$testmail->Username = Settings::Get('system.mail_smtp_user');\n\t\t\t$testmail->Password = Settings::Get('system.mail_smtp_passwd');\n\t\t\tif (Settings::Get('system.mail_smtp_usetls')) {\n\t\t\t\t$testmail->SMTPSecure = 'tls';\n\t\t\t} else {\n\t\t\t\t$testmail->SMTPAutoTLS = false;\n\t\t\t}\n\t\t\t$testmail->Port = Settings::Get('system.mail_smtp_port');\n\t\t}\n\n\t\t$_mailerror = false;\n\t\tif (PHPMailer::ValidateAddress(Settings::Get('panel.adminmail')) !== false) {\n\t\t\t// set return-to address and custom sender-name, see #76\n\t\t\t$testmail->SetFrom(Settings::Get('panel.adminmail'), Settings::Get('panel.adminmail_defname'));\n\t\t\tif (Settings::Get('panel.adminmail_return') != '') {\n\t\t\t\t$testmail->AddReplyTo(Settings::Get('panel.adminmail_return'), Settings::Get('panel.adminmail_defname'));\n\t\t\t}\n\n\t\t\ttry {\n\t\t\t\t$testmail->Subject = \"Froxlor Test-Mail\";\n\t\t\t\t$mail_body = \"Yay, this worked :)\";\n\t\t\t\t$testmail->AltBody = $mail_body;\n\t\t\t\t$testmail->MsgHTML(str_replace(\"\\n\", \"
\", $mail_body));\n\t\t\t\t$testmail->AddAddress($test_addr);\n\t\t\t\t$testmail->Send();\n\t\t\t} catch (\\PHPMailer\\PHPMailer\\Exception $e) {\n\t\t\t\t$note_type = 'danger';\n\t\t\t\t$note_msg = $e->getMessage();\n\t\t\t\t$_mailerror = true;\n\t\t\t} catch (Exception $e) {\n\t\t\t\t$note_type = 'danger';\n\t\t\t\t$note_msg = $e->getMessage();\n\t\t\t\t$_mailerror = true;\n\t\t\t}\n\n\t\t\tif (!$_mailerror) {\n\t\t\t\t// success\n\t\t\t\t$mail->ClearAddresses();\n\t\t\t\tResponse::standardSuccess('testmailsent', '', [\n\t\t\t\t\t'filename' => 'admin_settings.php',\n\t\t\t\t\t'page' => 'testmail'\n\t\t\t\t]);\n\t\t\t}\n\t\t} else {\n\t\t\t// invalid sender e-mail\n\t\t\t$note_type = 'warning';\n\t\t\t$note_msg = \"Invalid sender e-mail address: \" . Settings::Get('panel.adminmail');\n\t\t}\n\t}\n\n\t$mailtest_add_data = include_once dirname(__FILE__) . '/lib/formfields/admin/settings/formfield.settings_mailtest.php';\n\n\tUI::view('user/form-note.html.twig', [\n\t\t'formaction' => $linker->getLink(['section' => 'settings']),\n\t\t'formdata' => $mailtest_add_data['mailtest'],\n\t\t'actions_links' => ($userinfo['change_serversettings'] == '1' ? [\n\t\t\t[\n\t\t\t\t'href' => $linker->getLink([\n\t\t\t\t\t'section' => 'settings',\n\t\t\t\t\t'page' => 'overview',\n\t\t\t\t\t'part' => 'system',\n\t\t\t\t\t'em' => 'system_mail_use_smtp'\n\t\t\t\t]),\n\t\t\t\t'label' => lng('admin.smtpsettings'),\n\t\t\t\t'icon' => 'fa-solid fa-gears',\n\t\t\t\t'class' => 'btn-outline-secondary'\n\t\t\t]\n\t\t] : []),\n\t\t// alert-box\n\t\t'type' => $note_type,\n\t\t'alert_msg' => $note_msg\n\t]);\n} elseif ($page == 'toggleSettingsMode') {\n\tif ($userinfo['change_serversettings'] == '1') {\n\t\t$cmode = Settings::Get('panel.settings_mode');\n\t\tSettings::Set('panel.settings_mode', (int)(!(bool)$cmode));\n\t}\n\tResponse::redirectTo($filename);\n}\n" }, { "path": "admin_templates.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nconst AREA = 'admin';\nrequire __DIR__ . '/lib/init.php';\n\nuse Froxlor\\Database\\Database;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\Language;\nuse Froxlor\\PhpHelper;\nuse Froxlor\\Settings;\nuse Froxlor\\UI\\HTML;\nuse Froxlor\\UI\\Listing;\nuse Froxlor\\UI\\Panel\\UI;\nuse Froxlor\\UI\\Request;\nuse Froxlor\\UI\\Response;\nuse Froxlor\\Validate\\Validate;\nuse Froxlor\\CurrentUser;\n\n$id = (int)Request::any('id');\n$subjectid = intval(Request::any('subjectid'));\n$mailbodyid = intval(Request::any('mailbodyid'));\n\n$available_templates = [\n\t'createcustomer',\n\t'pop_success',\n\t'new_database_by_customer',\n\t'new_ftpaccount_by_customer',\n\t'password_reset'\n];\n\n// only show templates of features that are enabled #1191\nif ((int)Settings::Get('system.report_enable') == 1) {\n\tarray_push($available_templates, 'trafficmaxpercent', 'diskmaxpercent');\n}\nif (Settings::Get('panel.sendalternativemail') == 1) {\n\tarray_push($available_templates, 'pop_success_alternative');\n}\n\n$file_templates = [\n\t'index_html',\n\t'unconfigured_html'\n];\n\n$languages = Language::getLanguages();\n\nif ($action == '') {\n\t// email templates\n\t$log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, \"viewed admin_templates\");\n\n\t$templates_array = [];\n\t$result_stmt = Database::prepare(\"\n\t\tSELECT `id`, `language`, `varname` FROM `\" . TABLE_PANEL_TEMPLATES . \"`\n\t\tWHERE `adminid` = :adminid AND `templategroup`='mails'\n\t\tORDER BY `language`, `varname`\n\t\");\n\tDatabase::pexecute($result_stmt, [\n\t\t'adminid' => $userinfo['adminid']\n\t]);\n\n\twhile ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t$parts = [];\n\t\tpreg_match('/^([a-z]([a-z_]+[a-z])*)_(mailbody|subject)$/', $row['varname'], $parts);\n\t\t$templates_array[$row['language']][$parts[1]][$parts[3]] = $row['id'];\n\t}\n\n\t$templates = [];\n\tforeach ($templates_array as $language => $template_defs) {\n\t\tforeach ($template_defs as $action => $email) {\n\t\t\t$templates[] = [\n\t\t\t\t'subjectid' => $email['subject'],\n\t\t\t\t'mailbodyid' => $email['mailbody'],\n\t\t\t\t'template' => lng('admin.templates.' . $action),\n\t\t\t\t'language' => $language\n\t\t\t];\n\t\t}\n\t}\n\n\t$mail_actions_links = false;\n\tforeach ($languages as $language_file => $language_name) {\n\t\t$templates_done = [];\n\t\t$result_stmt = Database::prepare(\"\n\t\t\tSELECT `varname` FROM `\" . TABLE_PANEL_TEMPLATES . \"`\n\t\t\tWHERE `adminid` = :adminid AND `language`= :lang\n\t\t\tAND `templategroup` = 'mails' AND `varname` LIKE '%_subject'\n\t\t\");\n\t\tDatabase::pexecute($result_stmt, [\n\t\t\t'adminid' => $userinfo['adminid'],\n\t\t\t'lang' => $language_name\n\t\t]);\n\n\t\twhile ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t$templates_done[] = str_replace('_subject', '', $row['varname']);\n\t\t}\n\n\t\tif (count(array_diff($available_templates, $templates_done)) > 0) {\n\t\t\t$mail_actions_links = [\n\t\t\t\t[\n\t\t\t\t\t'href' => $linker->getLink(['section' => 'templates', 'page' => $page, 'action' => 'add']),\n\t\t\t\t\t'label' => lng('admin.templates.template_add')\n\t\t\t\t]\n\t\t\t];\n\t\t}\n\t}\n\n\t$mailtpl_list_data = include_once dirname(__FILE__) . '/lib/tablelisting/admin/tablelisting.mailtemplates.php';\n\t$collection_mail = [\n\t\t'data' => $templates,\n\t\t'pagination' => []\n\t];\n\n\t// filetemplates\n\t$result_stmt = Database::prepare(\"\n\t\tSELECT `id`, `varname` FROM `\" . TABLE_PANEL_TEMPLATES . \"`\n\t\tWHERE `adminid` = :adminid AND `templategroup`='files'\");\n\tDatabase::pexecute($result_stmt, [\n\t\t'adminid' => $userinfo['adminid']\n\t]);\n\n\t$filetemplates = [];\n\twhile ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t$filetemplates[] = [\n\t\t\t'id' => $row['id'],\n\t\t\t'template' => lng('admin.templates.' . $row['varname'])\n\t\t];\n\t}\n\n\t$file_actions_links = false;\n\tif (Database::num_rows() != count($file_templates)) {\n\t\t$file_actions_links = [\n\t\t\t[\n\t\t\t\t'href' => $linker->getLink([\n\t\t\t\t\t'section' => 'templates',\n\t\t\t\t\t'page' => $page,\n\t\t\t\t\t'action' => 'add',\n\t\t\t\t\t'files' => 'files'\n\t\t\t\t]),\n\t\t\t\t'label' => lng('admin.templates.template_fileadd')\n\t\t\t]\n\t\t];\n\t}\n\n\t$filetpl_list_data = include_once dirname(__FILE__) . '/lib/tablelisting/admin/tablelisting.filetemplates.php';\n\t$collection_file = [\n\t\t'data' => $filetemplates,\n\t\t'pagination' => []\n\t];\n\n\tif ($mail_actions_links === false) {\n\t\t$mail_actions_links = [];\n\t}\n\tif ($file_actions_links === false) {\n\t\t$file_actions_links = [];\n\t}\n\n\tUI::view('user/table-tpl.html.twig', [\n\t\t'maillisting' => Listing::formatFromArray($collection_mail, $mailtpl_list_data['mailtpl_list'], 'mailtpl_list'),\n\t\t'filelisting' => Listing::formatFromArray($collection_file, $filetpl_list_data['filetpl_list'], 'filetpl_list'),\n\t\t'actions_links' => array_merge($mail_actions_links, $file_actions_links)\n\t]);\n} elseif ($action == 'delete' && $subjectid != 0 && $mailbodyid != 0) {\n\t// email templates\n\t$result_stmt = Database::prepare(\"\n\t\tSELECT `language`, `varname` FROM `\" . TABLE_PANEL_TEMPLATES . \"`\n\t\tWHERE `adminid` = :adminid AND `id` = :id\");\n\tDatabase::pexecute($result_stmt, [\n\t\t'adminid' => $userinfo['adminid'],\n\t\t'id' => $subjectid\n\t]);\n\t$result = $result_stmt->fetch(PDO::FETCH_ASSOC);\n\n\tif ($result['varname'] != '') {\n\t\tif (Request::post('send') == 'send') {\n\t\t\t$del_stmt = Database::prepare(\"\n\t\t\t\tDELETE FROM `\" . TABLE_PANEL_TEMPLATES . \"`\n\t\t\t\tWHERE `adminid` = :adminid\n\t\t\t\tAND (`id` = :ida OR `id` = :idb)\");\n\t\t\tDatabase::pexecute($del_stmt, [\n\t\t\t\t'adminid' => $userinfo['adminid'],\n\t\t\t\t'ida' => $subjectid,\n\t\t\t\t'idb' => $mailbodyid\n\t\t\t]);\n\t\t\t$log->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, \"deleted template '\" . $result['language'] . ' - ' . lng('admin.templates.' . str_replace('_subject', '', $result['varname'])) . \"'\");\n\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t'page' => $page\n\t\t\t]);\n\t\t} else {\n\t\t\tHTML::askYesNo('admin_template_reallydelete', $filename, [\n\t\t\t\t'subjectid' => $subjectid,\n\t\t\t\t'mailbodyid' => $mailbodyid,\n\t\t\t\t'page' => $page,\n\t\t\t\t'action' => $action\n\t\t\t], $result['language'] . ' - ' . lng('admin.templates.' . str_replace('_subject', '', $result['varname'])));\n\t\t}\n\t}\n} elseif ($action == 'deletef' && $id != 0) {\n\t// file templates\n\t$result_stmt = Database::prepare(\"\n\t\tSELECT * FROM `\" . TABLE_PANEL_TEMPLATES . \"`\n\t\tWHERE `adminid` = :adminid AND `id` = :id\");\n\tDatabase::pexecute($result_stmt, [\n\t\t'adminid' => $userinfo['adminid'],\n\t\t'id' => $id\n\t]);\n\n\tif (Database::num_rows() > 0) {\n\t\t$row = $result_stmt->fetch(PDO::FETCH_ASSOC);\n\n\t\tif (Request::post('send') == 'send') {\n\t\t\t$del_stmt = Database::prepare(\"\n\t\t\t\tDELETE FROM `\" . TABLE_PANEL_TEMPLATES . \"`\n\t\t\t\tWHERE `adminid` = :adminid AND `id` = :id\");\n\t\t\tDatabase::pexecute($del_stmt, [\n\t\t\t\t'adminid' => $userinfo['adminid'],\n\t\t\t\t'id' => $id\n\t\t\t]);\n\t\t\t$log->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, \"deleted template '\" . lng('admin.templates.' . $row['varname']) . \"'\");\n\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t'page' => $page\n\t\t\t]);\n\t\t} else {\n\t\t\tHTML::askYesNo('admin_template_reallydelete', $filename, [\n\t\t\t\t'id' => $id,\n\t\t\t\t'page' => $page,\n\t\t\t\t'action' => $action\n\t\t\t], lng('admin.templates.' . $row['varname']));\n\t\t}\n\t} else {\n\t\tResponse::standardError('templatenotfound');\n\t}\n} elseif ($action == 'add') {\n\tif (Request::post('prepare') == 'prepare') {\n\t\t// email templates\n\t\t$language = htmlentities(Validate::validate(Request::post('language'), 'language', '/^[^\\r\\n\\0\"\\']+$/', 'nolanguageselect'));\n\t\tif (!array_key_exists($language, $languages)) {\n\t\t\tResponse::standardError('templatelanguageinvalid');\n\t\t}\n\t\t$template = Validate::validate(Request::post('template'), 'template');\n\n\t\t$result_stmt = Database::prepare(\"\n\t\t\tSELECT COUNT(*) as def FROM `\" . TABLE_PANEL_TEMPLATES . \"`\n\t\t\tWHERE `adminid` = :adminid AND `language` = :lang\n\t\t\tAND `templategroup` = 'mails' AND `varname` LIKE :template\n\t\t\");\n\t\t$result = Database::pexecute_first($result_stmt, [\n\t\t\t'adminid' => $userinfo['adminid'],\n\t\t\t'lang' => $language,\n\t\t\t'template' => $template . '%'\n\t\t]);\n\t\tif ($result && $result['def'] > 0) {\n\t\t\tResponse::standardError('templatelanguagecombodefined');\n\t\t}\n\n\t\t// set target language\n\t\tLanguage::setLanguage($language);\n\n\t\t$subject = lng('mails.' . $template . '.subject');\n\t\t$body = str_replace('\\n', \"\\n\", lng('mails.' . $template . '.mailbody'));\n\n\t\t// re set language to user\n\t\tLanguage::setLanguage(CurrentUser::getField('def_language'));\n\n\t\t$template_add_data = include_once dirname(__FILE__) . '/lib/formfields/admin/templates/formfield.template_add.php';\n\n\t\tUI::view('user/form-replacers.html.twig', [\n\t\t\t'formaction' => $linker->getLink(['section' => 'templates']),\n\t\t\t'formdata' => $template_add_data['template_add'],\n\t\t\t'replacers' => $template_add_data['template_replacers']\n\t\t]);\n\t} elseif (Request::post('send') == 'send' && empty(Request::post('filesend'))) {\n\t\t// email templates\n\t\t$language = htmlentities(Validate::validate(Request::post('language'), 'language', '/^[^\\r\\n\\0\"\\']+$/', 'nolanguageselect'));\n\t\tif (!array_key_exists($language, $languages)) {\n\t\t\tResponse::standardError('templatelanguageinvalid');\n\t\t}\n\t\t$template = Validate::validate(Request::post('template'), 'template');\n\t\t$subject = Validate::validate(Request::post('subject'), 'subject', '/^[^\\r\\n\\0]+$/', 'nosubjectcreate');\n\t\t$mailbody = Validate::validate(Request::post('mailbody'), 'mailbody', '/^[^\\0]+$/', 'nomailbodycreate');\n\t\t$templates = [];\n\t\t$result_stmt = Database::prepare(\"\n\t\t\tSELECT `varname` FROM `\" . TABLE_PANEL_TEMPLATES . \"`\n\t\t\tWHERE `adminid` = :adminid AND `language` = :lang\n\t\t\tAND `templategroup` = 'mails' AND `varname` LIKE '%_subject'\");\n\t\tDatabase::pexecute($result_stmt, [\n\t\t\t'adminid' => $userinfo['adminid'],\n\t\t\t'lang' => $language\n\t\t]);\n\n\t\twhile ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t$templates[] = str_replace('_subject', '', $row['varname']);\n\t\t}\n\n\t\t$templates = array_diff($available_templates, $templates);\n\t\tif (!in_array($template, $templates)) {\n\t\t\tResponse::standardError('templatenotfound');\n\t\t} else {\n\t\t\t$ins_stmt = Database::prepare(\"\n\t\t\t\tINSERT INTO `\" . TABLE_PANEL_TEMPLATES . \"` SET\n\t\t\t\t\t`adminid` = :adminid,\n\t\t\t\t\t`language` = :lang,\n\t\t\t\t\t`templategroup` = 'mails',\n\t\t\t\t\t`varname` = :var,\n\t\t\t\t\t`value` = :value\");\n\n\t\t\t// mail-subject\n\t\t\t$ins_data = [\n\t\t\t\t'adminid' => $userinfo['adminid'],\n\t\t\t\t'lang' => $language,\n\t\t\t\t'var' => $template . '_subject',\n\t\t\t\t'value' => $subject\n\t\t\t];\n\t\t\tDatabase::pexecute($ins_stmt, $ins_data);\n\n\t\t\t// mail-body\n\t\t\t$ins_data = [\n\t\t\t\t'adminid' => $userinfo['adminid'],\n\t\t\t\t'lang' => $language,\n\t\t\t\t'var' => $template . '_mailbody',\n\t\t\t\t'value' => $mailbody\n\t\t\t];\n\t\t\tDatabase::pexecute($ins_stmt, $ins_data);\n\n\t\t\t$log->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, \"added template '\" . $language . ' - ' . $template . \"'\");\n\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t'page' => $page\n\t\t\t]);\n\t\t}\n\t} elseif (Request::post('filesend') == 'filesend') {\n\t\t// file templates\n\t\t$template = Validate::validate(Request::post('template'), 'template');\n\t\t$filecontent = Validate::validate(Request::post('filecontent'), 'filecontent', '/^[^\\0]+$/', 'filecontentnotset');\n\n\t\t$ins_stmt = Database::prepare(\"\n\t\t\tINSERT INTO `\" . TABLE_PANEL_TEMPLATES . \"` SET\n\t\t\t\t`adminid` = :adminid,\n\t\t\t\t`language` = '',\n\t\t\t\t`templategroup` = 'files',\n\t\t\t\t`varname` = :var,\n\t\t\t\t`value` = :value\");\n\n\t\t$ins_data = [\n\t\t\t'adminid' => $userinfo['adminid'],\n\t\t\t'var' => $template,\n\t\t\t'value' => $filecontent\n\t\t];\n\t\tDatabase::pexecute($ins_stmt, $ins_data);\n\n\t\t$log->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, \"added template '\" . $template . \"'\");\n\t\tResponse::redirectTo($filename, [\n\t\t\t'page' => $page\n\t\t]);\n\t} elseif (empty(Request::get('files'))) {\n\t\t// email templates\n\t\t$add = false;\n\t\t$language_options = [];\n\t\t$template_options = [];\n\n\t\tforeach ($languages as $language_file => $language_name) {\n\t\t\t$templates = [];\n\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\tSELECT `varname` FROM `\" . TABLE_PANEL_TEMPLATES . \"`\n\t\t\t\tWHERE `adminid` = :adminid AND `language` = :lang\n\t\t\t\tAND `templategroup` = 'mails' AND `varname` LIKE '%_subject'\");\n\t\t\tDatabase::pexecute($result_stmt, [\n\t\t\t\t'adminid' => $userinfo['adminid'],\n\t\t\t\t'lang' => $language_name\n\t\t\t]);\n\n\t\t\twhile ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t$templates[] = str_replace('_subject', '', $row['varname']);\n\t\t\t}\n\n\t\t\tif (count(array_diff($available_templates, $templates)) > 0) {\n\t\t\t\t$add = true;\n\t\t\t\t$language_options[$language_file] = $language_name;\n\n\t\t\t\t$templates = array_diff($available_templates, $templates);\n\n\t\t\t\tforeach ($templates as $template) {\n\t\t\t\t\t$template_options[$template] = lng('admin.templates.' . $template);\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tif ($add) {\n\t\t\tUI::view('user/form.html.twig', [\n\t\t\t\t'formaction' => $linker->getLink(['section' => 'templates']),\n\t\t\t\t'formdata' => [\n\t\t\t\t\t'title' => lng('admin.templates.template_add'),\n\t\t\t\t\t'image' => 'fa-solid fa-plus',\n\t\t\t\t\t'self_overview' => ['section' => 'templates', 'page' => 'email'],\n\t\t\t\t\t'sections' => [\n\t\t\t\t\t\t'section_a' => [\n\t\t\t\t\t\t\t'title' => lng('admin.templates.template_add'),\n\t\t\t\t\t\t\t'fields' => [\n\t\t\t\t\t\t\t\t'language' => [\n\t\t\t\t\t\t\t\t\t'label' => lng('login.language'),\n\t\t\t\t\t\t\t\t\t'type' => 'select',\n\t\t\t\t\t\t\t\t\t'select_var' => $language_options,\n\t\t\t\t\t\t\t\t\t'selected' => $userinfo['language']\n\t\t\t\t\t\t\t\t],\n\t\t\t\t\t\t\t\t'template' => [\n\t\t\t\t\t\t\t\t\t'label' => lng('admin.templates.action'),\n\t\t\t\t\t\t\t\t\t'type' => 'select',\n\t\t\t\t\t\t\t\t\t'select_var' => $template_options\n\t\t\t\t\t\t\t\t],\n\t\t\t\t\t\t\t\t'prepare' => [\n\t\t\t\t\t\t\t\t\t'type' => 'hidden',\n\t\t\t\t\t\t\t\t\t'value' => 'prepare'\n\t\t\t\t\t\t\t\t]\n\t\t\t\t\t\t\t]\n\t\t\t\t\t\t]\n\t\t\t\t\t]\n\t\t\t\t],\n\t\t\t\t'editid' => $id\n\t\t\t]);\n\t\t} else {\n\t\t\tResponse::standardError('alltemplatesdefined');\n\t\t}\n\t} else {\n\t\t// filetemplates\n\t\t$result_stmt = Database::prepare(\"\n\t\t\tSELECT `id`, `varname` FROM `\" . TABLE_PANEL_TEMPLATES . \"`\n\t\t\tWHERE `adminid` = :adminid AND `templategroup`='files'\");\n\t\tDatabase::pexecute($result_stmt, [\n\t\t\t'adminid' => $userinfo['adminid']\n\t\t]);\n\n\t\tif (Database::num_rows() == count($file_templates)) {\n\t\t\tResponse::standardError('alltemplatesdefined');\n\t\t} else {\n\t\t\t$templatesdefined = [];\n\t\t\t$free_templates = [];\n\n\t\t\twhile ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t$templatesdefined[] = $row['varname'];\n\t\t\t}\n\n\t\t\tforeach (array_diff($file_templates, $templatesdefined) as $template) {\n\t\t\t\t$free_templates[$template] = lng('admin.templates.' . $template);\n\t\t\t}\n\n\t\t\t$filetemplate_add_data = include_once dirname(__FILE__) . '/lib/formfields/admin/templates/formfield.filetemplate_add.php';\n\n\t\t\tUI::view('user/form-replacers.html.twig', [\n\t\t\t\t'formaction' => $linker->getLink(['section' => 'templates']),\n\t\t\t\t'formdata' => $filetemplate_add_data['filetemplate_add'],\n\t\t\t\t'replacers' => $filetemplate_add_data['filetemplate_replacers']\n\t\t\t]);\n\t\t}\n\t}\n} elseif ($action == 'edit' && $subjectid != 0 && $mailbodyid != 0) {\n\t// email templates\n\t$result_stmt = Database::prepare(\"\n\t\tSELECT `language`, `varname`, `value` FROM `\" . TABLE_PANEL_TEMPLATES . \"`\n\t\tWHERE `adminid` = :adminid AND `id` = :subjectid\");\n\tDatabase::pexecute($result_stmt, [\n\t\t'adminid' => $userinfo['adminid'],\n\t\t'subjectid' => $subjectid\n\t]);\n\t$result = $result_stmt->fetch(PDO::FETCH_ASSOC);\n\n\tif ($result['varname'] != '') {\n\t\tif (Request::post('send') == 'send') {\n\t\t\t$subject = Validate::validate(Request::post('subject'), 'subject', '/^[^\\r\\n\\0]+$/', 'nosubjectcreate');\n\t\t\t$mailbody = Validate::validate(Request::post('mailbody'), 'mailbody', '/^[^\\0]+$/', 'nomailbodycreate');\n\n\t\t\t$upd_stmt = Database::prepare(\"\n\t\t\t\tUPDATE `\" . TABLE_PANEL_TEMPLATES . \"` SET\n\t\t\t\t\t`value` = :value\n\t\t\t\tWHERE `adminid` = :adminid AND `id` = :id\");\n\t\t\t// subject\n\t\t\tDatabase::pexecute($upd_stmt, [\n\t\t\t\t'value' => $subject,\n\t\t\t\t'adminid' => $userinfo['adminid'],\n\t\t\t\t'id' => $subjectid\n\t\t\t]);\n\t\t\t// same query but mailbody\n\t\t\tDatabase::pexecute($upd_stmt, [\n\t\t\t\t'value' => $mailbody,\n\t\t\t\t'adminid' => $userinfo['adminid'],\n\t\t\t\t'id' => $mailbodyid\n\t\t\t]);\n\n\t\t\t$log->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, \"edited template '\" . $result['varname'] . \"'\");\n\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t'page' => $page\n\t\t\t]);\n\t\t} else {\n\t\t\t$result = PhpHelper::htmlentitiesArray($result);\n\t\t\t$template_name = lng('admin.templates.' . str_replace('_subject', '', $result['varname']));\n\t\t\t$subject = $result['value'];\n\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\tSELECT `language`, `varname`, `value`\n\t\t\t\tFROM `\" . TABLE_PANEL_TEMPLATES . \"`\n\t\t\t\tWHERE `id` = :id\");\n\t\t\tDatabase::pexecute($result_stmt, [\n\t\t\t\t'id' => $mailbodyid\n\t\t\t]);\n\t\t\t$result = $result_stmt->fetch(PDO::FETCH_ASSOC);\n\n\t\t\t$template = str_replace('_mailbody', '', $result['varname']);\n\n\t\t\t// don't escape the already escaped language-string so save up before htmlentities()\n\t\t\t$language = $result['language'];\n\t\t\t$result = PhpHelper::htmlentitiesArray($result);\n\t\t\t$mailbody = $result['value'];\n\n\t\t\t$template_edit_data = include_once dirname(__FILE__) . '/lib/formfields/admin/templates/formfield.template_edit.php';\n\n\t\t\tUI::view('user/form-replacers.html.twig', [\n\t\t\t\t'formaction' => $linker->getLink(['section' => 'templates']),\n\t\t\t\t'formdata' => $template_edit_data['template_edit'],\n\t\t\t\t'replacers' => $template_edit_data['template_replacers']\n\t\t\t]);\n\t\t}\n\t}\n} elseif ($action == 'editf' && $id != 0) {\n\t// file templates\n\t$result_stmt = Database::prepare(\"\n\t\tSELECT * FROM `\" . TABLE_PANEL_TEMPLATES . \"`\n\t\tWHERE `adminid` = :adminid AND `id` = :id\");\n\tDatabase::pexecute($result_stmt, [\n\t\t'adminid' => $userinfo['adminid'],\n\t\t'id' => $id\n\t]);\n\n\tif (Database::num_rows() > 0) {\n\t\t$row = $result_stmt->fetch(PDO::FETCH_ASSOC);\n\n\t\t// filetemplates\n\t\tif (Request::post('filesend') == 'filesend') {\n\t\t\t$filecontent = Validate::validate(Request::post('filecontent'), 'filecontent', '/^[^\\0]+$/', 'filecontentnotset');\n\t\t\t$upd_stmt = Database::prepare(\"\n\t\t\t\tUPDATE `\" . TABLE_PANEL_TEMPLATES . \"` SET\n\t\t\t\t\t`value` = :value\n\t\t\t\tWHERE `adminid` = :adminid AND `id` = :id\");\n\t\t\tDatabase::pexecute($upd_stmt, [\n\t\t\t\t'value' => $filecontent,\n\t\t\t\t'adminid' => $userinfo['adminid'],\n\t\t\t\t'id' => $id\n\t\t\t]);\n\n\t\t\t$log->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, \"edited template '\" . $row['varname'] . \"'\");\n\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t'page' => $page\n\t\t\t]);\n\t\t} else {\n\t\t\t$row = PhpHelper::htmlentitiesArray($row);\n\n\t\t\t$filetemplate_edit_data = include_once dirname(__FILE__) . '/lib/formfields/admin/templates/formfield.filetemplate_edit.php';\n\n\t\t\tUI::view('user/form-replacers.html.twig', [\n\t\t\t\t'formaction' => $linker->getLink(['section' => 'templates']),\n\t\t\t\t'formdata' => $filetemplate_edit_data['filetemplate_edit'],\n\t\t\t\t'replacers' => $filetemplate_edit_data['filetemplate_replacers'],\n\t\t\t\t'editid' => $id\n\t\t\t]);\n\t\t}\n\t} else {\n\t\tResponse::standardError('templatenotfound');\n\t}\n}\n" }, { "path": "admin_traffic.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nconst AREA = 'admin';\nrequire __DIR__ . '/lib/init.php';\n\nuse Froxlor\\Traffic\\Traffic;\nuse Froxlor\\UI\\Panel\\UI;\nuse Froxlor\\UI\\Request;\nuse Froxlor\\UI\\Response;\n\n$range = Request::any('range', 'currentmonth');\n\nif ($page == 'overview' || $page == 'customers') {\n\ttry {\n\t\t$context = Traffic::getCustomerStats($userinfo, $range);\n\t} catch (Exception $e) {\n\t\tif ($e->getCode() === 405) {\n\t\t\tResponse::dynamicError(lng('traffic.nocustomers'));\n\t\t}\n\t\tResponse::dynamicError($e->getMessage());\n\t}\n\n\t// pass metrics to the view\n\tUI::view('user/traffic.html.twig', $context);\n}\n" }, { "path": "admin_updates.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nconst AREA = 'admin';\nrequire __DIR__ . '/lib/init.php';\n\nuse Froxlor\\Cron\\TaskId;\nuse Froxlor\\Froxlor;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\Install\\Preconfig;\nuse Froxlor\\Install\\Update;\nuse Froxlor\\Settings;\nuse Froxlor\\System\\Cronjob;\nuse Froxlor\\UI\\Panel\\UI;\nuse Froxlor\\UI\\Request;\nuse Froxlor\\UI\\Response;\nuse Froxlor\\User;\n\nif ($page == 'overview') {\n\t$log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, \"viewed admin_updates\");\n\n\tif (!Froxlor::isFroxlor()) {\n\t\tthrow new Exception('SysCP/customized upgrades are not supported');\n\t}\n\n\tif (Froxlor::hasDbUpdates() || Froxlor::hasUpdates()) {\n\t\t$successful_update = false;\n\t\t$message = '';\n\n\t\tif (Request::post('send') == 'send') {\n\t\t\tif ((!empty(Request::post('update_preconfig')) && intval(Request::post('update_changesagreed', 0)) != 0) || empty(Request::post('update_preconfig'))) {\n\t\t\t\tinclude_once Froxlor::getInstallDir() . 'install/updatesql.php';\n\n\t\t\t\tUser::updateCounters();\n\t\t\t\tCronjob::inserttask(TaskId::REBUILD_VHOST);\n\t\t\t\t@chmod(Froxlor::getInstallDir() . '/lib/userdata.inc.php', 0400);\n\n\t\t\t\tUI::view('install/update.html.twig', [\n\t\t\t\t\t'checks' => Update::getUpdateTasks()\n\t\t\t\t]);\n\t\t\t\texit;\n\t\t\t} else {\n\t\t\t\t$message = '

You have to agree that you have read the update notifications.';\n\t\t\t}\n\t\t}\n\n\t\t$current_version = Settings::Get('panel.version');\n\t\t$current_db_version = Settings::Get('panel.db_version');\n\t\tif (empty($current_db_version)) {\n\t\t\t$current_db_version = \"0\";\n\t\t}\n\t\t$new_version = Froxlor::VERSION;\n\t\t$new_db_version = Froxlor::DBVERSION;\n\n\t\tif (Froxlor::VERSION != $current_version) {\n\t\t\t$replacer_currentversion = $current_version;\n\t\t\t$replacer_newversion = $new_version;\n\t\t} else {\n\t\t\t// show db version\n\t\t\t$replacer_currentversion = $current_db_version;\n\t\t\t$replacer_newversion = $new_db_version;\n\t\t}\n\t\t$ui_text = lng('update.update_information.part_a', [$replacer_newversion, $replacer_currentversion]);\n\t\t$ui_text .= lng('update.update_information.part_b');\n\n\t\t$upd_formfield = [\n\t\t\t'updates' => [\n\t\t\t\t'title' => lng('update.update'),\n\t\t\t\t'image' => 'fa-solid fa-download',\n\t\t\t\t'description' => lng('update.description'),\n\t\t\t\t'sections' => [],\n\t\t\t\t'buttons' => [\n\t\t\t\t\t[\n\t\t\t\t\t\t'label' => lng('update.proceed')\n\t\t\t\t\t]\n\t\t\t\t]\n\t\t\t]\n\t\t];\n\n\t\t$preconfig = Preconfig::getPreConfig();\n\t\tif (!empty($preconfig)) {\n\t\t\t$upd_formfield['updates']['sections'] = $preconfig;\n\t\t}\n\n\t\tUI::view('user/form-note.html.twig', [\n\t\t\t'formaction' => $linker->getLink(['section' => 'updates']),\n\t\t\t'formdata' => $upd_formfield['updates'],\n\t\t\t// alert\n\t\t\t'type' => !empty($message) ? 'danger' : 'info',\n\t\t\t'alert_msg' => $ui_text . $message\n\t\t]);\n\t} else {\n\t\tResponse::standardSuccess('update.noupdatesavail', Settings::Get('system.update_channel') == 'testing' ? lng('serversettings.uc_testing') . ' ' : '');\n\t}\n}\n" }, { "path": "api.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nuse Froxlor\\Api\\Api;\nuse Froxlor\\Api\\Response;\n\nrequire __DIR__ . '/vendor/autoload.php';\nrequire __DIR__ . '/lib/functions.php';\nrequire __DIR__ . '/lib/tables.inc.php';\n\n// set error-handler\n@set_error_handler([\n\t'\\\\Froxlor\\\\Api\\\\Api',\n\t'phpErrHandler'\n]);\n\n// Return response\ntry {\n\techo (new Api)->formatMiddleware(@file_get_contents('php://input'))->handle();\n} catch (Exception $e) {\n\techo Response::jsonErrorResponse($e->getMessage(), $e->getCode());\n}\n" }, { "path": "api_keys.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nif (!defined('AREA')) {\n\theader(\"Location: index.php\");\n\texit();\n}\n\nuse Froxlor\\Database\\Database;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\UI\\HTML;\nuse Froxlor\\UI\\Listing;\nuse Froxlor\\UI\\Panel\\UI;\nuse Froxlor\\UI\\Request;\nuse Froxlor\\UI\\Response;\n\n// redirect if this customer has no permission for API usage\nif ($userinfo['adminsession'] == 0 && $userinfo['api_allowed'] == 0) {\n\tResponse::redirectTo('customer_index.php');\n}\n// redirect if this admin has no permission for API usage\nif ($userinfo['adminsession'] == 1 && $userinfo['api_allowed'] == 0) {\n\tResponse::redirectTo('admin_index.php');\n}\n\n// This file is being included in admin_index and customer_index\n// and therefore does not need to require lib/init.php\n\n$del_stmt = Database::prepare(\"DELETE FROM `\" . TABLE_API_KEYS . \"` WHERE id = :id\");\n$id = (int)Request::any('id');\n\n// do the delete and then just show a success-message and the apikeys list again\nif ($action == 'delete' && $id > 0) {\n\tHTML::askYesNo('apikey_reallydelete', $filename, [\n\t\t'id' => $id,\n\t\t'page' => $page,\n\t\t'action' => 'deletesure'\n\t], '', [\n\t\t'section' => 'index',\n\t\t'page' => $page\n\t]);\n} elseif (Request::post('send') == 'send' && $action == 'deletesure' && $id > 0) {\n\t$chk = (AREA == 'admin' && $userinfo['customers_see_all'] == '1') ? true : false;\n\tif (AREA == 'customer') {\n\t\t$chk_stmt = Database::prepare(\"\n\t\t\t\tSELECT c.customerid FROM `\" . TABLE_PANEL_CUSTOMERS . \"` c\n\t\t\t\tLEFT JOIN `\" . TABLE_API_KEYS . \"` ak ON ak.customerid = c.customerid\n\t\t\t\tWHERE ak.`id` = :id AND c.`customerid` = :cid\n\t\t\t\");\n\t\t$chk = Database::pexecute_first($chk_stmt, [\n\t\t\t'id' => $id,\n\t\t\t'cid' => $userinfo['customerid']\n\t\t]);\n\t} elseif (AREA == 'admin' && $userinfo['customers_see_all'] == '0') {\n\t\t$chk_stmt = Database::prepare(\"\n\t\t\t\tSELECT a.adminid FROM `\" . TABLE_PANEL_ADMINS . \"` a\n\t\t\t\tLEFT JOIN `\" . TABLE_API_KEYS . \"` ak ON ak.adminid = a.adminid\n\t\t\t\tWHERE ak.`id` = :id AND a.`adminid` = :aid\n\t\t\t\");\n\t\t$chk = Database::pexecute_first($chk_stmt, [\n\t\t\t'id' => $id,\n\t\t\t'aid' => $userinfo['adminid']\n\t\t]);\n\t}\n\tif ($chk !== false) {\n\t\tDatabase::pexecute($del_stmt, [\n\t\t\t'id' => $id\n\t\t]);\n\t\tResponse::standardSuccess('apikeys.apikey_removed', $id, [\n\t\t\t'filename' => $filename,\n\t\t\t'page' => $page\n\t\t]);\n\t}\n} elseif ($action == 'add') {\n\tif (Request::post('send') == 'send') {\n\t\t$user_passwd = Request::post('user_password');\n\t\tif (empty($user_passwd)) {\n\t\t\tResponse::dynamicError(lng('panel.noauthentication'));\n\t\t}\n\t\tif ($userinfo['adminsession']) {\n\t\t\t$table = \"`\" . TABLE_PANEL_ADMINS . \"`\";\n\t\t\t$uid = 'adminid';\n\t\t} else {\n\t\t\t$table = \"`\" . TABLE_PANEL_CUSTOMERS . \"`\";\n\t\t\t$uid = 'customerid';\n\t\t}\n\t\tif (\\Froxlor\\System\\Crypt::validatePasswordLogin($userinfo, $user_passwd, $table, $uid)) {\n\t\t\t$ins_stmt = Database::prepare(\"\n\t\t\t\tINSERT INTO `\" . TABLE_API_KEYS . \"` SET\n\t\t\t\t`apikey` = :key, `secret` = :secret, `adminid` = :aid, `customerid` = :cid, `valid_until` = '-1', `allowed_from` = ''\n\t\t\t\");\n\t\t\t// customer generates for himself, admins will see a customer-select-box later\n\t\t\tif (AREA == 'admin') {\n\t\t\t\t$cid = 0;\n\t\t\t} elseif (AREA == 'customer') {\n\t\t\t\t$cid = $userinfo['customerid'];\n\t\t\t}\n\t\t\t$key = hash('sha256', openssl_random_pseudo_bytes(64 * 64));\n\t\t\t$secret = hash('sha512', openssl_random_pseudo_bytes(64 * 64 * 4));\n\t\t\tDatabase::pexecute($ins_stmt, [\n\t\t\t\t'key' => $key,\n\t\t\t\t'secret' => $secret,\n\t\t\t\t'aid' => $userinfo['adminid'],\n\t\t\t\t'cid' => $cid\n\t\t\t]);\n\t\t\tResponse::standardSuccess('apikeys.apikey_added', '', [\n\t\t\t\t'filename' => $filename,\n\t\t\t\t'page' => $page\n\t\t\t]);\n\t\t} else {\n\t\t\tResponse::dynamicError(lng('panel.authenticationfailed'));\n\t\t}\n\t}\n\tHTML::askUserPasswd('apikey_reallyadd', $filename, [\n\t\t'id' => $id,\n\t\t'page' => $page,\n\t\t'action' => $action\n\t], '', [\n\t\t'section' => 'index',\n\t\t'page' => $page\n\t]);\n\texit;\n}\n\n$log->logAction(FroxlorLogger::USR_ACTION, LOG_NOTICE, \"viewed api::api_keys\");\n\n// select all my (accessible) api-keys\n$keys_stmt_query = \"SELECT ak.*, c.loginname, a.loginname as adminname\n\tFROM `\" . TABLE_API_KEYS . \"` ak\n\tLEFT JOIN `\" . TABLE_PANEL_CUSTOMERS . \"` c ON `c`.`customerid` = `ak`.`customerid`\n\tLEFT JOIN `\" . TABLE_PANEL_ADMINS . \"` a ON `a`.`adminid` = `ak`.`adminid`\n\tWHERE \";\n\n$qry_params = [];\nif (AREA == 'admin' && $userinfo['customers_see_all'] == '0') {\n\t// admin with only customer-specific permissions\n\t$keys_stmt_query .= \"ak.adminid = :adminid \";\n\t$qry_params['adminid'] = $userinfo['adminid'];\n\t$fields = [\n\t\t'a.loginname' => lng('login.username')\n\t];\n} elseif (AREA == 'customer') {\n\t// customer-area\n\t$keys_stmt_query .= \"ak.customerid = :cid \";\n\t$qry_params['cid'] = $userinfo['customerid'];\n\t$fields = [\n\t\t'c.loginname' => lng('login.username')\n\t];\n} else {\n\t// admin who can see all customers / reseller / admins\n\t$keys_stmt_query .= \"1 \";\n\t$fields = [\n\t\t'a.loginname' => lng('login.username')\n\t];\n}\n\n//$keys_stmt_query .= $paging->getSqlWhere(true) . \" \" . $paging->getSqlOrderBy() . \" \" . $paging->getSqlLimit();\n\n$keys_stmt = Database::prepare($keys_stmt_query);\nDatabase::pexecute($keys_stmt, $qry_params);\n$all_keys = $keys_stmt->fetchAll(PDO::FETCH_ASSOC);\n\n$apikeys_list_data = include_once dirname(__FILE__) . '/lib/tablelisting/tablelisting.apikeys.php';\n$collection = [\n\t'data' => $all_keys,\n\t'pagination' => []\n];\n\n$tpl = 'user/table.html.twig';\n\nUI::view($tpl, [\n\t'listing' => Listing::formatFromArray($collection, $apikeys_list_data['apikeys_list'], 'apikeys_list'),\n\t'actions_links' => (int)$userinfo['api_allowed'] == 1 ? [\n\t\t[\n\t\t\t'href' => $linker->getLink(['section' => 'index', 'page' => $page, 'action' => 'add']),\n\t\t\t'label' => lng('apikeys.key_add')\n\t\t]\n\t] : null,\n]);\n" }, { "path": "bin/froxlor-cli", "content": "#!/usr/bin/env php\n\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nuse Froxlor\\Froxlor;\nuse Symfony\\Component\\Console\\Application;\n\n// validate correct php version\nif (version_compare(\"7.4.0\", PHP_VERSION, \">=\")) {\n\tdie('Froxlor requires at least php-7.4. Please validate that your php-cli version is suitable.');\n}\n\n// ensure that default timezone is set\nif (function_exists(\"date_default_timezone_set\") && function_exists(\"date_default_timezone_get\")) {\n\t@date_default_timezone_set(@date_default_timezone_get());\n}\n\nrequire dirname(__DIR__) . '/vendor/autoload.php';\nrequire dirname(__DIR__) . '/lib/tables.inc.php';\n\n$application = new Application('froxlor-cli', Froxlor::getFullVersion());\n\n// files that are no commands\n$fileIgnoreList = [\n\t// Current non-command files\n\t'CliCommand.php',\n\t'index.html',\n\t'install.functions.php',\n];\n// directory of commands to include\n$cmd_files = glob(Froxlor::getInstallDir() . '/lib/Froxlor/Cli/*.php');\n\n// include and add commands\nforeach ($cmd_files as $cmdFile) {\n\t// check ignore-list\n\tif (!in_array(basename($cmdFile), $fileIgnoreList)) {\n\t\t// include class-file\n\t\trequire $cmdFile;\n\t\t// create class-name including namespace\n\t\t$cmdClass = \"\\\\Froxlor\\\\Cli\\\\\" . substr(basename($cmdFile), 0, -4);\n\t\t// check whether it exists\n\t\tif (class_exists($cmdClass) && is_subclass_of($cmdClass, '\\Symfony\\Component\\Console\\Command\\Command')) {\n\t\t\t// add to cli application\n\t\t\t$application->add(new $cmdClass());\n\t\t}\n\t}\n}\n\n$application->run();\n" }, { "path": "build.xml", "content": "\n\n\n\n\t\n\t\n\t\n\t\n\t\n\t\n\t\n\n\t\n\n\t\n\n\t\n\n\t\n\n\t\n\t\n\t\t\n\t\t\t\n\t\t\t\t\n\t\t\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\n\t\n\n\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\n\n\t\n\t\t\n\t\t\n\t\t\n\t\t\n\n\t\t\n\t\n\n\t\n\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\n\t\n\n\t\n\t\t\n\t\t\t\n\n\t\t\t\n\t\t\t\t\n\t\t\t\t\n\t\t\t\n\n\t\t\t\n\t\t\t\t\n\t\t\t\t\n\t\t\t\n\t\t\n\n\t\t\n\t\n\n\t\n\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\n\n\t\t\n\t\n\n\t\n\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\n\n\t\t\n\t\n\n\t\n\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\n\n\t\t\n\t\n\n\t\n\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\n\n\t\t\n\t\n\n\t\n\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\n\n\t\t\n\t\n\n\t\n\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\n\n\t\t\n\t\n\n\t\n\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\n\n\t\t\n\t\n\n\t\n\t\t\n\t\t\t\n\t\t\n\n\t\t\n\t\n\n\t\n\t\t\n\t\t\t\n\t\t\n\n\t\t\n\t\n\n\t\n\t\t\n\t\t\t\n\t\t\n\n\t\t\n\t\n\n\t\n\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\n\n\t\t\n\t\n\n\t\n\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\n\n\t\t\n\t\n\n\t\n\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\n\n\t\t\n\t\n\n\t\n\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\n\n\t\t\n\t\n\n\t\n\t\t\n\t\t\t\n\t\t\t\t\n\t\t\t\t\t\n\t\t\t\t\n\t\t\t\n\t\t\n\t\n\n" }, { "path": "composer.json", "content": "{\n\t\"name\": \"froxlor/froxlor\",\n\t\"description\": \"The server administration software for your needs. Developed by experienced server administrators, this panel simplifies the effort of managing your hosting platform.\",\n\t\"keywords\": [\n\t\t\"server\",\n\t\t\"administration\",\n\t\t\"php\"\n\t],\n\t\"homepage\": \"https://www.froxlor.org\",\n\t\"license\": \"GPL-2.0-or-later\",\n\t\"authors\": [\n\t\t{\n\t\t\t\"name\": \"Michael Kaufmann\",\n\t\t\t\"email\": \"team@froxlor.org\",\n\t\t\t\"role\": \"Lead Developer\"\n\t\t}\n\t],\n\t\"support\": {\n\t\t\"email\": \"team@froxlor.org\",\n\t\t\"issues\": \"https://github.com/Froxlor/Froxlor/issues\",\n\t\t\"forum\": \"https://forum.froxlor.org/\",\n\t\t\"source\": \"https://github.com/Froxlor/Froxlor\",\n\t\t\"docs\": \"https://docs.froxlor.org/\",\n\t\t\"chat\": \"https://discord.froxlor.org/\"\n\t},\n\t\"funding\": [\n\t\t{\n\t\t\t\"type\": \"github\",\n\t\t\t\"url\": \"https://github.com/sponsors/d00p\"\n\t\t}\n\t],\n\t\"require\": {\n\t\t\"php\": \"^7.4 || ^8.0\",\n\t\t\"ext-session\": \"*\",\n\t\t\"ext-ctype\": \"*\",\n\t\t\"ext-pdo\": \"*\",\n\t\t\"ext-pdo_mysql\": \"*\",\n\t\t\"ext-simplexml\": \"*\",\n\t\t\"ext-xml\": \"*\",\n\t\t\"ext-filter\": \"*\",\n\t\t\"ext-posix\": \"*\",\n\t\t\"ext-mbstring\": \"*\",\n\t\t\"ext-curl\": \"*\",\n\t\t\"ext-json\": \"*\",\n\t\t\"ext-openssl\": \"*\",\n\t\t\"ext-fileinfo\": \"*\",\n\t\t\"ext-gmp\": \"*\",\n\t\t\"ext-gd\": \"*\",\n\t\t\"phpmailer/phpmailer\": \"~6.0\",\n\t\t\"monolog/monolog\": \"^1.24\",\n\t\t\"robthree/twofactorauth\": \"^1.6\",\n\t\t\"froxlor/idna-convert-legacy\": \"^2.1\",\n\t\t\"voku/anti-xss\": \"^4.1\",\n\t\t\"twig/twig\": \"^3.3\",\n\t\t\"symfony/console\": \"^5.4\",\n\t\t\"pear/net_dns2\": \"^1.5\",\n\t\t\"amnuts/opcache-gui\": \"^3.4\",\n\t\t\"league/commonmark\": \"^2.4\",\n\t\t\"phpseclib/phpseclib\": \"~3.0\"\n\t},\n\t\"require-dev\": {\n\t\t\"phpunit/phpunit\": \"^9\",\n\t\t\"ext-pcntl\": \"*\",\n\t\t\"phpcompatibility/php-compatibility\": \"*\",\n\t\t\"squizlabs/php_codesniffer\": \"*\",\n\t\t\"pdepend/pdepend\": \"^2.9\",\n\t\t\"sebastian/phpcpd\": \"^6.0\",\n\t\t\"phploc/phploc\": \"^7.0\",\n\t\t\"phpmd/phpmd\": \"^2.10\",\n\t\t\"phpunit/php-timer\" : \"^5\",\n\t\t\"phpstan/phpstan\": \"^1.8\"\n\t},\n\t\"suggest\": {\n\t\t\"ext-bcmath\": \"*\",\n\t\t\"ext-zip\": \"*\",\n\t\t\"ext-gnupg\": \"*\",\n\t\t\"ext-apcu\": \"*\",\n\t\t\"ext-readline\": \"*\"\n\t},\n\t\"config\": {\n\t\t\"platform\": {\n\t\t\t\"php\": \"7.4\"\n\t\t}\n\t},\n\t\"autoload\": {\n\t\t\"psr-4\": {\n\t\t\t\"Froxlor\\\\\": [\n\t\t\t\t\"lib/Froxlor\"\n\t\t\t]\n\t\t}\n\t},\n\t\"scripts\": {\n\t\t\"dev\": [\n\t\t\t\"Composer\\\\Config::disableProcessTimeout\",\n\t\t\t\"npx concurrently -c \\\"#93c5fd,#fdba74\\\" \\\"php -S 127.0.0.1:8000\\\" \\\"npm run dev\\\" --names=server,vite\"\n\t\t],\n\t\t\"post-install-cmd\": \"if [ -f ./vendor/bin/phpcs ]; then \\\"vendor/bin/phpcs\\\" --config-set installed_paths vendor/phpcompatibility/php-compatibility ; fi\",\n\t\t\"post-update-cmd\" : \"if [ -f ./vendor/bin/phpcs ]; then \\\"vendor/bin/phpcs\\\" --config-set installed_paths vendor/phpcompatibility/php-compatibility ; fi\"\n\t}\n}\n" }, { "path": "customer_domains.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nconst AREA = 'customer';\nrequire __DIR__ . '/lib/init.php';\n\nuse Froxlor\\Api\\Commands\\SubDomains;\nuse Froxlor\\CurrentUser;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\Domain\\Domain;\nuse Froxlor\\FileDir;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\PhpHelper;\nuse Froxlor\\Settings;\nuse Froxlor\\UI\\Collection;\nuse Froxlor\\UI\\HTML;\nuse Froxlor\\UI\\Listing;\nuse Froxlor\\UI\\Panel\\UI;\nuse Froxlor\\UI\\Request;\nuse Froxlor\\UI\\Response;\nuse Froxlor\\Validate\\Validate;\n\n// redirect if this customer page is hidden via settings\nif (Settings::IsInList('panel.customer_hide_options', 'domains')) {\n\tResponse::redirectTo('customer_index.php');\n}\n\n$id = (int)Request::any('id');\n\nif ($page == 'overview' || $page == 'domains') {\n\tif ($action == '') {\n\t\t$log->logAction(FroxlorLogger::USR_ACTION, LOG_INFO, \"viewed customer_domains::domains\");\n\n\t\t$parentdomain_id = (int)Request::any('pid', '0');\n\n\t\ttry {\n\t\t\t$domain_list_data = include_once dirname(__FILE__) . '/lib/tablelisting/customer/tablelisting.domains.php';\n\t\t\t$collection = (new Collection(SubDomains::class, $userinfo))\n\t\t\t\t->withPagination($domain_list_data['domain_list']['columns'], $domain_list_data['domain_list']['default_sorting']);\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\n\t\t$actions_links = [];\n\t\tif (CurrentUser::canAddResource('subdomains')) {\n\t\t\t$actions_links[] = [\n\t\t\t\t'href' => $linker->getLink(['section' => 'domains', 'page' => 'domains', 'action' => 'add']),\n\t\t\t\t'label' => lng('domains.subdomain_add')\n\t\t\t];\n\t\t}\n\n\t\t$actions_links[] = [\n\t\t\t'href' => \\Froxlor\\Froxlor::getDocsUrl() . 'user-guide/domains/',\n\t\t\t'target' => '_blank',\n\t\t\t'icon' => 'fa-solid fa-circle-info',\n\t\t\t'class' => 'btn-outline-secondary'\n\t\t];\n\n\t\t$table_tpl = 'table.html.twig';\n\t\tif ($collection->count() == 0) {\n\t\t\t$table_tpl = 'table-note.html.twig';\n\t\t}\n\t\tUI::view('user/' . $table_tpl, [\n\t\t\t'listing' => Listing::format($collection, $domain_list_data, 'domain_list'),\n\t\t\t'actions_links' => $actions_links,\n\t\t\t'entity_info' => lng('domains.description'),\n\t\t\t// alert-box\n\t\t\t'type' => 'warning',\n\t\t\t'alert_msg' => lng('domains.nodomainsassignedbyadmin')\n\t\t]);\n\t} elseif ($action == 'delete' && $id != 0) {\n\t\ttry {\n\t\t\t$json_result = SubDomains::getLocal($userinfo, [\n\t\t\t\t'id' => $id\n\t\t\t])->get();\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\t\t$result = json_decode($json_result, true)['data'];\n\n\t\t$alias_stmt = Database::prepare(\"SELECT COUNT(`id`) AS `count` FROM `\" . TABLE_PANEL_DOMAINS . \"` WHERE `aliasdomain` = :aliasdomain\");\n\t\t$alias_check = Database::pexecute_first($alias_stmt, [\n\t\t\t\"aliasdomain\" => $id\n\t\t]);\n\n\t\tif (isset($result['parentdomainid']) && $result['parentdomainid'] != '0' && $alias_check['count'] == 0) {\n\t\t\tif (Request::post('send') == 'send') {\n\t\t\t\ttry {\n\t\t\t\t\tSubDomains::getLocal($userinfo, Request::postAll())->delete();\n\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t\t}\n\t\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t\t'page' => $page\n\t\t\t\t]);\n\t\t\t} else {\n\t\t\t\tHTML::askYesNo('domains_reallydelete', $filename, [\n\t\t\t\t\t'id' => $id,\n\t\t\t\t\t'page' => $page,\n\t\t\t\t\t'action' => $action\n\t\t\t\t], $idna_convert->decode($result['domain']));\n\t\t\t}\n\t\t} else {\n\t\t\tResponse::standardError('domains_cantdeletemaindomain');\n\t\t}\n\t} elseif ($action == 'add') {\n\t\tif ($userinfo['subdomains_used'] < $userinfo['subdomains'] || $userinfo['subdomains'] == '-1') {\n\t\t\tif (Request::post('send') == 'send') {\n\t\t\t\ttry {\n\t\t\t\t\tSubDomains::getLocal($userinfo, Request::postAll())->add();\n\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t\t}\n\t\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t\t'page' => $page\n\t\t\t\t]);\n\t\t\t} else {\n\t\t\t\t$stmt = Database::prepare(\"SELECT `id`, `domain`, `documentroot`, `ssl_redirect`,`isemaildomain`,`letsencrypt` FROM `\" . TABLE_PANEL_DOMAINS . \"`\n\t\t\t\t\tWHERE `customerid` = :customerid\n\t\t\t\t\tAND `parentdomainid` = '0'\n\t\t\t\t\tAND `email_only` = '0'\n\t\t\t\t\tAND `deactivated` = '0'\n\t\t\t\t\tORDER BY `domain` ASC\");\n\t\t\t\tDatabase::pexecute($stmt, [\n\t\t\t\t\t\"customerid\" => $userinfo['customerid']\n\t\t\t\t]);\n\t\t\t\t$domains = [];\n\t\t\t\twhile ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t\t$domains[$row['domain']] = $idna_convert->decode($row['domain']);\n\t\t\t\t}\n\n\t\t\t\t// check of there are any domains to be used\n\t\t\t\tif (count($domains) <= 0) {\n\t\t\t\t\t// no, possible direct URL access, redirect to overview\n\t\t\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t\t\t'page' => $page\n\t\t\t\t\t]);\n\t\t\t\t}\n\n\t\t\t\t$aliasdomains[0] = lng('domains.noaliasdomain');\n\t\t\t\t$domains_stmt = Database::prepare(\"SELECT `d`.`id`, `d`.`domain` FROM `\" . TABLE_PANEL_DOMAINS . \"` `d`, `\" . TABLE_PANEL_CUSTOMERS . \"` `c`\n\t\t\t\t\tWHERE `d`.`aliasdomain` IS NULL\n\t\t\t\t\tAND `d`.`id` <> `c`.`standardsubdomain`\n\t\t\t\t\tAND `d`.`parentdomainid` = '0'\n\t\t\t\t\tAND `d`.`customerid`=`c`.`customerid`\n\t\t\t\t\tAND `d`.`email_only`='0'\n\t\t\t\t\tAND `d`.`customerid`= :customerid\n\t\t\t\t\tORDER BY `d`.`domain` ASC\");\n\t\t\t\tDatabase::pexecute($domains_stmt, [\n\t\t\t\t\t\"customerid\" => $userinfo['customerid']\n\t\t\t\t]);\n\n\t\t\t\twhile ($row_domain = $domains_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t\t$aliasdomains[$row_domain['id']] = $idna_convert->decode($row_domain['domain']);\n\t\t\t\t}\n\n\t\t\t\t$redirectcode = [];\n\t\t\t\tif (Settings::Get('customredirect.enabled') == '1') {\n\t\t\t\t\t$codes = Domain::getRedirectCodesArray();\n\t\t\t\t\tforeach ($codes as $rc) {\n\t\t\t\t\t\t$redirectcode[$rc['id']] = $rc['code'] . ' (' . lng('redirect_desc.' . $rc['desc']) . ')';\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\t// check if we at least have one ssl-ip/port, #1179\n\t\t\t\t$ssl_ipsandports = false;\n\t\t\t\t$ssl_ip_stmt = Database::prepare(\"\n\t\t\t\t\tSELECT COUNT(*) as countSSL\n\t\t\t\t\tFROM `\" . TABLE_PANEL_IPSANDPORTS . \"` pip\n\t\t\t\t\tLEFT JOIN `\" . TABLE_DOMAINTOIP . \"` dti ON dti.id_ipandports = pip.id\n\t\t\t\t\tWHERE pip.`ssl`='1'\n\t\t\t\t\");\n\t\t\t\tDatabase::pexecute($ssl_ip_stmt);\n\t\t\t\t$resultX = $ssl_ip_stmt->fetch(PDO::FETCH_ASSOC);\n\t\t\t\tif (isset($resultX['countSSL']) && (int)$resultX['countSSL'] > 0) {\n\t\t\t\t\t$ssl_ipsandports = true;\n\t\t\t\t}\n\n\t\t\t\t$openbasedir = [\n\t\t\t\t\t0 => lng('domain.docroot'),\n\t\t\t\t\t1 => lng('domain.homedir'),\n\t\t\t\t\t2 => lng('domain.docparent')\n\t\t\t\t];\n\t\t\t\t$pathSelect = FileDir::makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid']);\n\n\t\t\t\t$phpconfigs = [];\n\t\t\t\tif (isset($userinfo['allowed_phpconfigs']) && !empty($userinfo['allowed_phpconfigs'])) {\n\t\t\t\t\t$allowed_cfg = json_decode($userinfo['allowed_phpconfigs'], JSON_OBJECT_AS_ARRAY);\n\t\t\t\t\t$phpconfigs_result_stmt = Database::query(\"\n\t\t\t\t\t\tSELECT c.*, fc.description as interpreter\n\t\t\t\t\t\tFROM `\" . TABLE_PANEL_PHPCONFIGS . \"` c\n\t\t\t\t\t\tLEFT JOIN `\" . TABLE_PANEL_FPMDAEMONS . \"` fc ON fc.id = c.fpmsettingid\n\t\t\t\t\t\tWHERE c.id IN (\" . implode(\", \", $allowed_cfg) . \")\n\t\t\t\t\t\");\n\t\t\t\t\twhile ($phpconfigs_row = $phpconfigs_result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t\t\tif ((int)Settings::Get('phpfpm.enabled') == 1) {\n\t\t\t\t\t\t\t$phpconfigs[$phpconfigs_row['id']] = $phpconfigs_row['description'] . \" [\" . $phpconfigs_row['interpreter'] . \"]\";\n\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t$phpconfigs[$phpconfigs_row['id']] = $phpconfigs_row['description'];\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\t$subdomain_add_data = include_once dirname(__FILE__) . '/lib/formfields/customer/domains/formfield.domains_add.php';\n\n\t\t\t\tUI::view('user/form.html.twig', [\n\t\t\t\t\t'formaction' => $linker->getLink(['section' => 'domains']),\n\t\t\t\t\t'formdata' => $subdomain_add_data['domain_add']\n\t\t\t\t]);\n\t\t\t}\n\t\t}\n\t} elseif ($action == 'edit' && $id != 0) {\n\t\ttry {\n\t\t\t$json_result = SubDomains::getLocal($userinfo, [\n\t\t\t\t'id' => $id\n\t\t\t])->get();\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\t\t$result = json_decode($json_result, true)['data'];\n\n\t\tif (isset($result['customerid']) && $result['customerid'] == $userinfo['customerid']) {\n\n\t\t\tif ((int)$result['caneditdomain'] == 0) {\n\t\t\t\tResponse::standardError('domaincannotbeedited', $result['domain']);\n\t\t\t}\n\n\t\t\tif (Request::post('send') == 'send') {\n\t\t\t\ttry {\n\t\t\t\t\tSubDomains::getLocal($userinfo, Request::postAll())->update();\n\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t\t}\n\t\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t\t'page' => $page\n\t\t\t\t]);\n\t\t\t} else {\n\t\t\t\t$result['domain'] = $idna_convert->decode($result['domain']);\n\n\t\t\t\t$domains[0] = lng('domains.noaliasdomain');\n\t\t\t\t// also check ip/port combination to be the same, #176\n\t\t\t\t$domains_stmt = Database::prepare(\"SELECT `d`.`id`, `d`.`domain` FROM `\" . TABLE_PANEL_DOMAINS . \"` `d` , `\" . TABLE_PANEL_CUSTOMERS . \"` `c` , `\" . TABLE_DOMAINTOIP . \"` `dip`\n\t\t\t\t\tWHERE `d`.`aliasdomain` IS NULL\n\t\t\t\t\tAND `d`.`id` <> :id\n\t\t\t\t\tAND `c`.`standardsubdomain` <> `d`.`id`\n\t\t\t\t\tAND `d`.`parentdomainid` = '0'\n\t\t\t\t\tAND `d`.`customerid` = :customerid\n\t\t\t\t\tAND `c`.`customerid` = `d`.`customerid`\n\t\t\t\t\tAND `d`.`id` = `dip`.`id_domain`\n\t\t\t\t\tAND `dip`.`id_ipandports`\n\t\t\t\t\tIN (SELECT `id_ipandports` FROM `\" . TABLE_DOMAINTOIP . \"`\n\t\t\t\t\t\tWHERE `id_domain` = :id)\n\t\t\t\t\tGROUP BY `d`.`id`, `d`.`domain`\n\t\t\t\t\tORDER BY `d`.`domain` ASC\");\n\t\t\t\tDatabase::pexecute($domains_stmt, [\n\t\t\t\t\t\"id\" => $result['id'],\n\t\t\t\t\t\"customerid\" => $userinfo['customerid']\n\t\t\t\t]);\n\n\t\t\t\twhile ($row_domain = $domains_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t\t$domains[$row_domain['id']] = $idna_convert->decode($row_domain['domain']);\n\t\t\t\t}\n\n\t\t\t\tif (preg_match('/^https?\\:\\/\\//', $result['documentroot']) && Validate::validateUrl($result['documentroot'])) {\n\t\t\t\t\tif (Settings::Get('panel.pathedit') == 'Dropdown') {\n\t\t\t\t\t\t$urlvalue = $result['documentroot'];\n\t\t\t\t\t\t$pathSelect = FileDir::makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid']);\n\t\t\t\t\t} else {\n\t\t\t\t\t\t$urlvalue = '';\n\t\t\t\t\t\t$pathSelect = FileDir::makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid'], $result['documentroot'], true);\n\t\t\t\t\t}\n\t\t\t\t} else {\n\t\t\t\t\t$urlvalue = '';\n\t\t\t\t\t$pathSelect = FileDir::makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid'], $result['documentroot']);\n\t\t\t\t}\n\n\t\t\t\t$redirectcode = [];\n\t\t\t\tif (Settings::Get('customredirect.enabled') == '1') {\n\t\t\t\t\t$def_code = Domain::getDomainRedirectId($id);\n\t\t\t\t\t$codes = Domain::getRedirectCodesArray();\n\t\t\t\t\tforeach ($codes as $rc) {\n\t\t\t\t\t\t$redirectcode[$rc['id']] = $rc['code'] . ' (' . lng('redirect_desc.' . $rc['desc']) . ')';\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\t// check if we at least have one ssl-ip/port, #1179\n\t\t\t\t$ssl_ipsandports = false;\n\t\t\t\t$ssl_ip_stmt = Database::prepare(\"\n\t\t\t\t\tSELECT COUNT(*) as countSSL\n\t\t\t\t\tFROM `\" . TABLE_PANEL_IPSANDPORTS . \"` pip\n\t\t\t\t\tLEFT JOIN `\" . TABLE_DOMAINTOIP . \"` dti ON dti.id_ipandports = pip.id\n\t\t\t\t\tWHERE `dti`.`id_domain` = :id_domain AND pip.`ssl`='1'\n\t\t\t\t\");\n\t\t\t\tDatabase::pexecute($ssl_ip_stmt, [\n\t\t\t\t\t\"id_domain\" => $result['id']\n\t\t\t\t]);\n\t\t\t\t$resultX = $ssl_ip_stmt->fetch(PDO::FETCH_ASSOC);\n\t\t\t\tif (isset($resultX['countSSL']) && (int)$resultX['countSSL'] > 0) {\n\t\t\t\t\t$ssl_ipsandports = true;\n\t\t\t\t}\n\n\t\t\t\t// Fudge the result for ssl_redirect to hide the Let's Encrypt steps\n\t\t\t\t$result['temporary_ssl_redirect'] = $result['ssl_redirect'];\n\t\t\t\t$result['ssl_redirect'] = ($result['ssl_redirect'] == 0 ? 0 : 1);\n\n\t\t\t\t$openbasedir = [\n\t\t\t\t\t0 => lng('domain.docroot'),\n\t\t\t\t\t1 => lng('domain.homedir'),\n\t\t\t\t\t2 => lng('domain.docparent')\n\t\t\t\t];\n\n\t\t\t\t// create serveralias options\n\t\t\t\t$serveraliasoptions = [];\n\t\t\t\t$serveraliasoptions_selected = '2';\n\t\t\t\tif ($result['iswildcarddomain'] == '1') {\n\t\t\t\t\t$serveraliasoptions_selected = '0';\n\t\t\t\t} elseif ($result['wwwserveralias'] == '1') {\n\t\t\t\t\t$serveraliasoptions_selected = '1';\n\t\t\t\t}\n\t\t\t\t$serveraliasoptions[0] = lng('domains.serveraliasoption_wildcard');\n\t\t\t\t$serveraliasoptions[1] = lng('domains.serveraliasoption_www');\n\t\t\t\t$serveraliasoptions[2] = lng('domains.serveraliasoption_none');\n\n\t\t\t\t$ips_stmt = Database::prepare(\"SELECT `p`.`ip` AS `ip` FROM `\" . TABLE_PANEL_IPSANDPORTS . \"` `p`\n\t\t\t\t\tLEFT JOIN `\" . TABLE_DOMAINTOIP . \"` `dip`\n\t\t\t\t\tON ( `dip`.`id_ipandports` = `p`.`id` )\n\t\t\t\t\tWHERE `dip`.`id_domain` = :id_domain\n\t\t\t\t\tGROUP BY `p`.`ip`\");\n\t\t\t\tDatabase::pexecute($ips_stmt, [\n\t\t\t\t\t\"id_domain\" => $result['id']\n\t\t\t\t]);\n\t\t\t\t$domainips = [];\n\t\t\t\twhile ($rowip = $ips_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t\t$domainips[] = ['item' => $rowip['ip']];\n\t\t\t\t}\n\n\t\t\t\t$phpconfigs = [];\n\t\t\t\tif (isset($userinfo['allowed_phpconfigs']) && !empty($userinfo['allowed_phpconfigs'])) {\n\t\t\t\t\t$allowed_cfg = json_decode($userinfo['allowed_phpconfigs'], JSON_OBJECT_AS_ARRAY);\n\t\t\t\t\t$phpconfigs_result_stmt = Database::query(\"\n\t\t\t\t\t\tSELECT c.*, fc.description as interpreter\n\t\t\t\t\t\tFROM `\" . TABLE_PANEL_PHPCONFIGS . \"` c\n\t\t\t\t\t\tLEFT JOIN `\" . TABLE_PANEL_FPMDAEMONS . \"` fc ON fc.id = c.fpmsettingid\n\t\t\t\t\t\tWHERE c.id IN (\" . implode(\", \", $allowed_cfg) . \")\n\t\t\t\t\t\");\n\t\t\t\t\twhile ($phpconfigs_row = $phpconfigs_result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t\t\tif ((int)Settings::Get('phpfpm.enabled') == 1) {\n\t\t\t\t\t\t\t$phpconfigs[$phpconfigs_row['id']] = $phpconfigs_row['description'] . \" [\" . $phpconfigs_row['interpreter'] . \"]\";\n\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t$phpconfigs[$phpconfigs_row['id']] = $phpconfigs_row['description'];\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\t$alias_stmt = Database::prepare(\"SELECT COUNT(`id`) AS count FROM `\" . TABLE_PANEL_DOMAINS . \"` WHERE `aliasdomain`= :aliasdomain\");\n\t\t\t\t$alias_check = Database::pexecute_first($alias_stmt, [\n\t\t\t\t\t\"aliasdomain\" => $result['id']\n\t\t\t\t]);\n\t\t\t\t$alias_check = $alias_check['count'];\n\n\t\t\t\t$subdomain_edit_data = include_once dirname(__FILE__) . '/lib/formfields/customer/domains/formfield.domains_edit.php';\n\n\t\t\t\tUI::view('user/form.html.twig', [\n\t\t\t\t\t'formaction' => $linker->getLink(['section' => 'domains', 'id' => $id]),\n\t\t\t\t\t'formdata' => $subdomain_edit_data['domain_edit'],\n\t\t\t\t\t'editid' => $id\n\t\t\t\t]);\n\t\t\t}\n\t\t} else {\n\t\t\tResponse::standardError('domains_canteditdomain');\n\t\t}\n\t} elseif ($action == 'jqSpeciallogfileNote') {\n\t\t$domainid = intval(Request::post('id'));\n\t\t$newval = intval(Request::post('newval'));\n\t\ttry {\n\t\t\t$json_result = SubDomains::getLocal($userinfo, [\n\t\t\t\t'id' => $domainid\n\t\t\t])->get();\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\t\t$result = json_decode($json_result, true)['data'];\n\t\tif ($newval != $result['speciallogfile']) {\n\t\t\techo json_encode(['changed' => true, 'info' => lng('admin.speciallogwarning')]);\n\t\t\texit();\n\t\t}\n\t\techo 0;\n\t\texit();\n\t}\n} elseif ($page == 'domainssleditor') {\n\trequire_once __DIR__ . '/ssl_editor.php';\n} elseif ($page == 'domaindnseditor' && $userinfo['dnsenabled'] == '1' && Settings::Get('system.dnsenabled') == '1') {\n\trequire_once __DIR__ . '/dns_editor.php';\n} elseif ($page == 'sslcertificates') {\n\trequire_once __DIR__ . '/ssl_certificates.php';\n} elseif ($page == 'logfiles') {\n\trequire_once __DIR__ . '/logfiles_viewer.php';\n}\n" }, { "path": "customer_email.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nconst AREA = 'customer';\nrequire __DIR__ . '/lib/init.php';\n\nuse Froxlor\\Api\\Commands\\EmailAccounts;\nuse Froxlor\\Api\\Commands\\EmailDomains;\nuse Froxlor\\Api\\Commands\\EmailForwarders;\nuse Froxlor\\Api\\Commands\\Emails;\nuse Froxlor\\Api\\Commands\\EmailSender;\nuse Froxlor\\CurrentUser;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\Froxlor;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\PhpHelper;\nuse Froxlor\\Settings;\nuse Froxlor\\UI\\Collection;\nuse Froxlor\\UI\\HTML;\nuse Froxlor\\UI\\Listing;\nuse Froxlor\\UI\\Panel\\UI;\nuse Froxlor\\UI\\Request;\nuse Froxlor\\UI\\Response;\nuse Froxlor\\Validate\\Check;\n\n// redirect if this customer page is hidden via settings\nif (Settings::IsInList('panel.customer_hide_options', 'email') || $userinfo['emails'] == 0) {\n\tResponse::redirectTo('customer_index.php');\n}\n\n$id = (int)Request::any('id');\n\nif ($page == 'overview' || $page == 'emails') {\n\t$result_stmt = Database::prepare(\"\n\t\tSELECT COUNT(DISTINCT `domainid`) as maildomains FROM `\" . TABLE_MAIL_VIRTUAL . \"` WHERE `customerid`= :cid\n\t\");\n\t$domain_count = Database::pexecute_first($result_stmt, [\n\t\t\"cid\" => $userinfo['customerid']\n\t]);\n\tif ($domain_count['maildomains'] && $domain_count['maildomains'] > 1) {\n\t\ttry {\n\t\t\t$emaildomain_list_data = include_once dirname(__FILE__) . '/lib/tablelisting/customer/tablelisting.emails_overview.php';\n\t\t\t$collection = (new Collection(EmailDomains::class, $userinfo))\n\t\t\t\t->withPagination($emaildomain_list_data['emaildomain_list']['columns'],\n\t\t\t\t\t$emaildomain_list_data['emaildomain_list']['default_sorting']);\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\n\t\t$actions_links = [];\n\t\tif (CurrentUser::canAddResource('emails')) {\n\t\t\t$actions_links[] = [\n\t\t\t\t'href' => $linker->getLink(['section' => 'email', 'page' => 'email_domain', 'action' => 'add']),\n\t\t\t\t'label' => lng('emails.emails_add')\n\t\t\t];\n\t\t}\n\n\t\t$actions_links[] = [\n\t\t\t'href' => Froxlor::getDocsUrl() . 'user-guide/emails/',\n\t\t\t'target' => '_blank',\n\t\t\t'icon' => 'fa-solid fa-circle-info',\n\t\t\t'class' => 'btn-outline-secondary'\n\t\t];\n\n\t\tUI::view('user/table.html.twig', [\n\t\t\t'listing' => Listing::format($collection, $emaildomain_list_data, 'emaildomain_list'),\n\t\t\t'actions_links' => $actions_links,\n\t\t]);\n\t} else {\n\t\t// only emails for one domain -> show email address listing directly\n\t\t$page = 'email_domain';\n\t}\n}\nif ($page == 'email_domain') {\n\t$email_domainid = Request::any('domainid', 0);\n\tif ($action == '') {\n\t\t$log->logAction(FroxlorLogger::USR_ACTION, LOG_INFO, \"viewed customer_email::emails\");\n\n\t\t$sql_search = [];\n\t\tif ($email_domainid > 0) {\n\t\t\t$sql_search = ['sql_search' => ['m.domainid' => ['op' => '=', 'value' => $email_domainid]]];\n\t\t}\n\t\ttry {\n\t\t\t$email_list_data = include_once dirname(__FILE__) . '/lib/tablelisting/customer/tablelisting.emails.php';\n\t\t\t$collection = (new Collection(Emails::class, $userinfo, $sql_search))\n\t\t\t\t->withPagination($email_list_data['email_list']['columns'],\n\t\t\t\t\t$email_list_data['email_list']['default_sorting'], ['domainid=' . $email_domainid]);\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\n\t\t$result_stmt = Database::prepare(\"\n\t\t\tSELECT COUNT(`id`) as emaildomains\n\t\t\tFROM `\" . TABLE_PANEL_DOMAINS . \"`\n\t\t\tWHERE `customerid`= :cid AND `isemaildomain` = '1'\n\t\t\");\n\t\t$result2 = Database::pexecute_first($result_stmt, [\n\t\t\t\"cid\" => $userinfo['customerid']\n\t\t]);\n\t\t$emaildomains_count = $result2['emaildomains'];\n\n\t\t$actions_links = [];\n\t\tif ($email_domainid > 0) {\n\t\t\t$actions_links[] = [\n\t\t\t\t'class' => 'btn-outline-primary',\n\t\t\t\t'href' => $linker->getLink([\n\t\t\t\t\t'section' => 'email',\n\t\t\t\t\t'page' => 'emails',\n\t\t\t\t]),\n\t\t\t\t'label' => lng('emails.back_to_overview'),\n\t\t\t\t'icon' => 'fa-solid fa-reply'\n\t\t\t];\n\t\t}\n\t\tif (CurrentUser::canAddResource('emails')) {\n\t\t\t$actions_links[] = [\n\t\t\t\t'href' => $linker->getLink(['section' => 'email', 'page' => 'email_domain', 'action' => 'add', 'domainid' => $email_domainid]),\n\t\t\t\t'label' => lng('emails.emails_add')\n\t\t\t];\n\t\t}\n\t\t$actions_links[] = [\n\t\t\t'href' => Froxlor::getDocsUrl() . 'user-guide/emails/',\n\t\t\t'target' => '_blank',\n\t\t\t'icon' => 'fa-solid fa-circle-info',\n\t\t\t'class' => 'btn-outline-secondary'\n\t\t];\n\n\t\tUI::view('user/table.html.twig', [\n\t\t\t'listing' => Listing::format($collection, $email_list_data, 'email_list'),\n\t\t\t'actions_links' => $actions_links,\n\t\t\t'entity_info' => lng('emails.description')\n\t\t]);\n\t} elseif ($action == 'delete' && $id != 0) {\n\t\ttry {\n\t\t\t$json_result = Emails::getLocal($userinfo, [\n\t\t\t\t'id' => $id\n\t\t\t])->get();\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\t\t$result = json_decode($json_result, true)['data'];\n\n\t\tif (isset($result['email']) && $result['email'] != '') {\n\t\t\tif (Request::post('send') == 'send') {\n\t\t\t\ttry {\n\t\t\t\t\tEmails::getLocal($userinfo, [\n\t\t\t\t\t\t'id' => $id,\n\t\t\t\t\t\t'delete_userfiles' => Request::post('delete_userfiles', 0)\n\t\t\t\t\t])->delete();\n\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t\t}\n\t\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t\t'page' => $page\n\t\t\t\t]);\n\t\t\t} else {\n\t\t\t\tif ($result['popaccountid'] != '0') {\n\t\t\t\t\t$show_checkbox = true;\n\t\t\t\t} else {\n\t\t\t\t\t$show_checkbox = false;\n\t\t\t\t}\n\t\t\t\tHTML::askYesNoWithCheckbox('email_reallydelete', 'admin_customer_alsoremovemail', $filename, [\n\t\t\t\t\t'id' => $id,\n\t\t\t\t\t'page' => $page,\n\t\t\t\t\t'action' => $action\n\t\t\t\t], $idna_convert->decode($result['email_full']), $show_checkbox);\n\t\t\t}\n\t\t}\n\t} elseif ($action == 'add') {\n\t\tif ($userinfo['emails_used'] < $userinfo['emails'] || $userinfo['emails'] == '-1') {\n\t\t\tif (Request::post('send') == 'send') {\n\t\t\t\ttry {\n\t\t\t\t\t$json_result = Emails::getLocal($userinfo, Request::postAll())->add();\n\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t\t}\n\t\t\t\t$result = json_decode($json_result, true)['data'];\n\t\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t\t'page' => $page,\n\t\t\t\t\t'action' => 'edit',\n\t\t\t\t\t'id' => $result['id']\n\t\t\t\t]);\n\t\t\t} else {\n\t\t\t\t$result_stmt = Database::prepare(\"SELECT `id`, `domain`, `customerid` FROM `\" . TABLE_PANEL_DOMAINS . \"`\n\t\t\t\t\tWHERE `customerid`= :cid\n\t\t\t\t\tAND `isemaildomain`='1'\n\t\t\t\t\tORDER BY `domain_ace` ASC\");\n\t\t\t\tDatabase::pexecute($result_stmt, [\n\t\t\t\t\t\"cid\" => $userinfo['customerid']\n\t\t\t\t]);\n\t\t\t\t$domains = [];\n\t\t\t\t$selected_domain = \"\";\n\t\t\t\twhile ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t\tif ($email_domainid == $row['id']) {\n\t\t\t\t\t\t$selected_domain = $row['domain'];\n\t\t\t\t\t}\n\t\t\t\t\t$domains[$row['domain']] = $idna_convert->decode($row['domain']);\n\t\t\t\t}\n\n\t\t\t\tif (count($domains) > 0) {\n\t\t\t\t\t$email_add_data = include_once dirname(__FILE__) . '/lib/formfields/customer/email/formfield.emails_add.php';\n\n\t\t\t\t\tif (Settings::Get('catchall.catchall_enabled') != '1') {\n\t\t\t\t\t\tunset($email_add_data['emails_add']['sections']['section_a']['fields']['iscatchall']);\n\t\t\t\t\t}\n\t\t\t\t\tUI::view('user/form.html.twig', [\n\t\t\t\t\t\t'formaction' => $linker->getLink(['section' => 'email']),\n\t\t\t\t\t\t'formdata' => $email_add_data['emails_add']\n\t\t\t\t\t]);\n\t\t\t\t} else {\n\t\t\t\t\tResponse::standardError('emails.noemaildomainaddedyet');\n\t\t\t\t}\n\t\t\t}\n\t\t} else {\n\t\t\tResponse::standardError('allresourcesused');\n\t\t}\n\t} elseif ($action == 'edit' && $id != 0) {\n\t\ttry {\n\t\t\t$json_result = Emails::getLocal($userinfo, [\n\t\t\t\t'id' => $id\n\t\t\t])->get();\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\t\t$result = json_decode($json_result, true)['data'];\n\n\t\tif (isset($result['email']) && $result['email'] != '') {\n\t\t\tif (Request::post('send') == 'send') {\n\t\t\t\ttry {\n\t\t\t\t\tEmails::getLocal($userinfo, Request::postAll())->update();\n\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t\t}\n\t\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t\t'page' => $page\n\t\t\t\t]);\n\t\t\t}\n\t\t\t$result['email'] = $idna_convert->decode($result['email']);\n\t\t\t$result['email_full'] = $idna_convert->decode($result['email_full']);\n\t\t\t$result['destination'] = explode(' ', $result['destination']);\n\t\t\tuasort($result['destination'], 'strcasecmp');\n\t\t\t$forwarders = [];\n\t\t\t$forwarders_count = 0;\n\n\t\t\tforeach ($result['destination'] as $dest_id => $destination) {\n\t\t\t\t$destination = $idna_convert->decode($destination);\n\t\t\t\tif ($destination != $result['email_full'] && $destination != '') {\n\t\t\t\t\t$forwarders[] = [\n\t\t\t\t\t\t'item' => $destination,\n\t\t\t\t\t\t'href' => $linker->getLink([\n\t\t\t\t\t\t\t'section' => 'email',\n\t\t\t\t\t\t\t'page' => 'forwarders',\n\t\t\t\t\t\t\t'action' => 'delete',\n\t\t\t\t\t\t\t'id' => $id,\n\t\t\t\t\t\t\t'forwarderid' => $dest_id\n\t\t\t\t\t\t]),\n\t\t\t\t\t\t'label' => lng('panel.delete'),\n\t\t\t\t\t\t'classes' => 'btn btn-sm btn-danger'\n\t\t\t\t\t];\n\t\t\t\t\t$forwarders_count++;\n\t\t\t\t}\n\t\t\t\t$result['destination'][$dest_id] = $destination;\n\t\t\t}\n\t\t\t$destinations_count = count($result['destination']);\n\n\t\t\t// allowed senders listing\n\t\t\t$senders = [];\n\t\t\t$senders_count = 0;\n\t\t\tif (Settings::Get('mail.enable_allow_sender') == '1') {\n\t\t\t\ttry {\n\t\t\t\t\t$json_result = EmailSender::getLocal($userinfo, [\n\t\t\t\t\t\t'id' => $id\n\t\t\t\t\t])->listing();\n\t\t\t\t\t$sender_listing = json_decode($json_result, true)['data'];\n\t\t\t\t\tif ($sender_listing['count'] > 0) {\n\t\t\t\t\t\tforeach ($sender_listing['list'] as $sender) {\n\t\t\t\t\t\t\t$senders[] = [\n\t\t\t\t\t\t\t\t'item' => $sender['allowed_sender'],\n\t\t\t\t\t\t\t\t'href' => $linker->getLink([\n\t\t\t\t\t\t\t\t\t'section' => 'email',\n\t\t\t\t\t\t\t\t\t'page' => 'senders',\n\t\t\t\t\t\t\t\t\t'action' => 'delete',\n\t\t\t\t\t\t\t\t\t'id' => $id,\n\t\t\t\t\t\t\t\t\t'senderid' => $sender['id']\n\t\t\t\t\t\t\t\t]),\n\t\t\t\t\t\t\t\t'label' => lng('panel.delete'),\n\t\t\t\t\t\t\t\t'classes' => 'btn btn-sm btn-danger'\n\t\t\t\t\t\t\t];\n\t\t\t\t\t\t\t$senders_count++;\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\t// nothing\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t$result = PhpHelper::htmlentitiesArray($result);\n\n\t\t\t$email_edit_data = include_once dirname(__FILE__) . '/lib/formfields/customer/email/formfield.emails_edit.php';\n\n\t\t\tUI::view('user/form.html.twig', [\n\t\t\t\t'formaction' => $linker->getLink(['section' => 'email']),\n\t\t\t\t'formdata' => $email_edit_data['emails_edit'],\n\t\t\t\t'editid' => $id\n\t\t\t]);\n\t\t}\n\t}\n} elseif ($page == 'accounts') {\n\t$email_domainid = Request::any('domainid', 0);\n\tif ($action == 'add' && $id != 0) {\n\t\tif ($userinfo['email_accounts'] == '-1' || ($userinfo['email_accounts_used'] < $userinfo['email_accounts'])) {\n\t\t\ttry {\n\t\t\t\t$json_result = Emails::getLocal($userinfo, [\n\t\t\t\t\t'id' => $id\n\t\t\t\t])->get();\n\t\t\t} catch (Exception $e) {\n\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t}\n\t\t\t$result = json_decode($json_result, true)['data'];\n\n\t\t\tif (Request::post('send') == 'send') {\n\t\t\t\ttry {\n\t\t\t\t\tEmailAccounts::getLocal($userinfo, Request::postAll())->add();\n\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t\t}\n\t\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t\t'page' => 'email_domain',\n\t\t\t\t\t'domainid' => $email_domainid,\n\t\t\t\t\t'action' => 'edit',\n\t\t\t\t\t'id' => $id\n\t\t\t\t]);\n\t\t\t} else {\n\t\t\t\tif (Check::checkMailAccDeletionState($result['email_full'])) {\n\t\t\t\t\tResponse::standardError([\n\t\t\t\t\t\t'mailaccistobedeleted'\n\t\t\t\t\t], $result['email_full']);\n\t\t\t\t}\n\n\t\t\t\t$result['email_full'] = $idna_convert->decode($result['email_full']);\n\t\t\t\t$result = PhpHelper::htmlentitiesArray($result);\n\t\t\t\t$quota = Settings::Get('system.mail_quota');\n\n\t\t\t\t$account_add_data = include_once dirname(__FILE__) . '/lib/formfields/customer/email/formfield.emails_addaccount.php';\n\n\t\t\t\tUI::view('user/form.html.twig', [\n\t\t\t\t\t'formaction' => $linker->getLink(['section' => 'email', 'id' => $id]),\n\t\t\t\t\t'formdata' => $account_add_data['emails_addaccount'],\n\t\t\t\t\t'actions_links' => [\n\t\t\t\t\t\t[\n\t\t\t\t\t\t\t'class' => 'btn-secondary',\n\t\t\t\t\t\t\t'href' => $linker->getLink([\n\t\t\t\t\t\t\t\t'section' => 'email',\n\t\t\t\t\t\t\t\t'page' => 'email_domain',\n\t\t\t\t\t\t\t\t'domainid' => $email_domainid,\n\t\t\t\t\t\t\t\t'action' => 'edit',\n\t\t\t\t\t\t\t\t'id' => $id\n\t\t\t\t\t\t\t]),\n\t\t\t\t\t\t\t'label' => lng('emails.emails_edit'),\n\t\t\t\t\t\t\t'icon' => 'fa-solid fa-pen'\n\t\t\t\t\t\t],\n\t\t\t\t\t\t[\n\t\t\t\t\t\t\t'class' => 'btn-secondary',\n\t\t\t\t\t\t\t'href' => $linker->getLink([\n\t\t\t\t\t\t\t\t'section' => 'email',\n\t\t\t\t\t\t\t\t'page' => 'email_domain',\n\t\t\t\t\t\t\t\t'domainid' => $email_domainid\n\t\t\t\t\t\t\t]),\n\t\t\t\t\t\t\t'label' => lng('menue.email.emails'),\n\t\t\t\t\t\t\t'icon' => 'fa-solid fa-envelope'\n\t\t\t\t\t\t]\n\t\t\t\t\t],\n\t\t\t\t]);\n\t\t\t}\n\t\t} else {\n\t\t\tResponse::standardError([\n\t\t\t\t'allresourcesused',\n\t\t\t\t'allocatetoomuchquota'\n\t\t\t], $quota);\n\t\t}\n\t} elseif ($action == 'changepw' && $id != 0) {\n\t\ttry {\n\t\t\t$json_result = Emails::getLocal($userinfo, [\n\t\t\t\t'id' => $id\n\t\t\t])->get();\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\t\t$result = json_decode($json_result, true)['data'];\n\n\t\tif (isset($result['popaccountid']) && $result['popaccountid'] != '') {\n\t\t\tif (Request::post('send') == 'send') {\n\t\t\t\ttry {\n\t\t\t\t\tEmailAccounts::getLocal($userinfo, Request::postAll())->update();\n\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t\t}\n\t\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t\t'page' => 'email_domain',\n\t\t\t\t\t'domainid' => $email_domainid,\n\t\t\t\t\t'action' => 'edit',\n\t\t\t\t\t'id' => $id\n\t\t\t\t]);\n\t\t\t} else {\n\t\t\t\t$result['email_full'] = $idna_convert->decode($result['email_full']);\n\t\t\t\t$result = PhpHelper::htmlentitiesArray($result);\n\n\t\t\t\t$account_changepw_data = include_once dirname(__FILE__) . '/lib/formfields/customer/email/formfield.emails_accountchangepasswd.php';\n\n\t\t\t\tUI::view('user/form.html.twig', [\n\t\t\t\t\t'formaction' => $linker->getLink(['section' => 'email', 'id' => $id]),\n\t\t\t\t\t'formdata' => $account_changepw_data['emails_accountchangepasswd'],\n\t\t\t\t\t'actions_links' => [\n\t\t\t\t\t\t[\n\t\t\t\t\t\t\t'class' => 'btn-secondary',\n\t\t\t\t\t\t\t'href' => $linker->getLink([\n\t\t\t\t\t\t\t\t'section' => 'email',\n\t\t\t\t\t\t\t\t'page' => 'email_domain',\n\t\t\t\t\t\t\t\t'domainid' => $email_domainid,\n\t\t\t\t\t\t\t\t'action' => 'edit',\n\t\t\t\t\t\t\t\t'id' => $id\n\t\t\t\t\t\t\t]),\n\t\t\t\t\t\t\t'label' => lng('emails.emails_edit'),\n\t\t\t\t\t\t\t'icon' => 'fa-solid fa-pen'\n\t\t\t\t\t\t],\n\t\t\t\t\t\t[\n\t\t\t\t\t\t\t'class' => 'btn-secondary',\n\t\t\t\t\t\t\t'href' => $linker->getLink([\n\t\t\t\t\t\t\t\t'section' => 'email',\n\t\t\t\t\t\t\t\t'page' => 'email_domain',\n\t\t\t\t\t\t\t\t'domainid' => $email_domainid\n\t\t\t\t\t\t\t]),\n\t\t\t\t\t\t\t'label' => lng('menue.email.emails'),\n\t\t\t\t\t\t\t'icon' => 'fa-solid fa-envelope'\n\t\t\t\t\t\t]\n\t\t\t\t\t],\n\t\t\t\t]);\n\t\t\t}\n\t\t}\n\t} elseif ($action == 'changequota' && Settings::Get('system.mail_quota_enabled') == '1' && $id != 0) {\n\t\ttry {\n\t\t\t$json_result = Emails::getLocal($userinfo, [\n\t\t\t\t'id' => $id\n\t\t\t])->get();\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\t\t$result = json_decode($json_result, true)['data'];\n\n\t\tif (isset($result['popaccountid']) && $result['popaccountid'] != '') {\n\t\t\tif (Request::post('send') == 'send') {\n\t\t\t\ttry {\n\t\t\t\t\tEmailAccounts::getLocal($userinfo, Request::postAll())->update();\n\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t\t}\n\t\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t\t'page' => 'email_domain',\n\t\t\t\t\t'domainid' => $email_domainid,\n\t\t\t\t\t'action' => 'edit',\n\t\t\t\t\t'id' => $id\n\t\t\t\t]);\n\t\t\t} else {\n\t\t\t\t$result['email_full'] = $idna_convert->decode($result['email_full']);\n\t\t\t\t$result = PhpHelper::htmlentitiesArray($result);\n\n\t\t\t\t$quota_edit_data = include_once dirname(__FILE__) . '/lib/formfields/customer/email/formfield.emails_accountchangequota.php';\n\n\t\t\t\tUI::view('user/form.html.twig', [\n\t\t\t\t\t'formaction' => $linker->getLink(['section' => 'email', 'id' => $id]),\n\t\t\t\t\t'formdata' => $quota_edit_data['emails_accountchangequota'],\n\t\t\t\t\t'actions_links' => [\n\t\t\t\t\t\t[\n\t\t\t\t\t\t\t'class' => 'btn-secondary',\n\t\t\t\t\t\t\t'href' => $linker->getLink([\n\t\t\t\t\t\t\t\t'section' => 'email',\n\t\t\t\t\t\t\t\t'page' => 'email_domain',\n\t\t\t\t\t\t\t\t'domainid' => $email_domainid,\n\t\t\t\t\t\t\t\t'action' => 'edit',\n\t\t\t\t\t\t\t\t'id' => $id\n\t\t\t\t\t\t\t]),\n\t\t\t\t\t\t\t'label' => lng('emails.emails_edit'),\n\t\t\t\t\t\t\t'icon' => 'fa-solid fa-pen'\n\t\t\t\t\t\t],\n\t\t\t\t\t\t[\n\t\t\t\t\t\t\t'class' => 'btn-secondary',\n\t\t\t\t\t\t\t'href' => $linker->getLink([\n\t\t\t\t\t\t\t\t'section' => 'email',\n\t\t\t\t\t\t\t\t'page' => 'email_domain',\n\t\t\t\t\t\t\t\t'domainid' => $email_domainid\n\t\t\t\t\t\t\t]),\n\t\t\t\t\t\t\t'label' => lng('menue.email.emails'),\n\t\t\t\t\t\t\t'icon' => 'fa-solid fa-envelope'\n\t\t\t\t\t\t]\n\t\t\t\t\t],\n\t\t\t\t]);\n\t\t\t}\n\t\t}\n\t} elseif ($action == 'delete' && $id != 0) {\n\t\ttry {\n\t\t\t$json_result = Emails::getLocal($userinfo, [\n\t\t\t\t'id' => $id\n\t\t\t])->get();\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\t\t$result = json_decode($json_result, true)['data'];\n\n\t\tif (isset($result['popaccountid']) && $result['popaccountid'] != '') {\n\t\t\tif (Request::post('send') == 'send') {\n\t\t\t\ttry {\n\t\t\t\t\tEmailAccounts::getLocal($userinfo, Request::postAll())->delete();\n\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t\t}\n\t\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t\t'page' => 'email_domain',\n\t\t\t\t\t'domainid' => $email_domainid,\n\t\t\t\t\t'action' => 'edit',\n\t\t\t\t\t'id' => $id\n\t\t\t\t]);\n\t\t\t} else {\n\t\t\t\tHTML::askYesNoWithCheckbox('email_reallydelete_account', 'admin_customer_alsoremovemail', $filename, [\n\t\t\t\t\t'id' => $id,\n\t\t\t\t\t'page' => $page,\n\t\t\t\t\t'domainid' => $email_domainid,\n\t\t\t\t\t'action' => $action\n\t\t\t\t], $idna_convert->decode($result['email_full']));\n\t\t\t}\n\t\t}\n\t}\n} elseif ($page == 'forwarders') {\n\t$email_domainid = Request::any('domainid', 0);\n\tif ($action == 'add' && $id != 0) {\n\t\tif ($userinfo['email_forwarders_used'] < $userinfo['email_forwarders'] || $userinfo['email_forwarders'] == '-1') {\n\t\t\ttry {\n\t\t\t\t$json_result = Emails::getLocal($userinfo, [\n\t\t\t\t\t'id' => $id\n\t\t\t\t])->get();\n\t\t\t} catch (Exception $e) {\n\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t}\n\t\t\t$result = json_decode($json_result, true)['data'];\n\n\t\t\tif (isset($result['email']) && $result['email'] != '') {\n\t\t\t\tif (Request::post('send') == 'send') {\n\t\t\t\t\ttry {\n\t\t\t\t\t\tEmailForwarders::getLocal($userinfo, Request::postAll())->add();\n\t\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t\t\t}\n\t\t\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t\t\t'page' => 'email_domain',\n\t\t\t\t\t\t'domainid' => $email_domainid,\n\t\t\t\t\t\t'action' => 'edit',\n\t\t\t\t\t\t'id' => $id\n\t\t\t\t\t]);\n\t\t\t\t} else {\n\t\t\t\t\t$result['email_full'] = $idna_convert->decode($result['email_full']);\n\t\t\t\t\t$result = PhpHelper::htmlentitiesArray($result);\n\n\t\t\t\t\t$forwarder_add_data = include_once dirname(__FILE__) . '/lib/formfields/customer/email/formfield.emails_addforwarder.php';\n\n\t\t\t\t\tUI::view('user/form.html.twig', [\n\t\t\t\t\t\t'formaction' => $linker->getLink(['section' => 'email', 'id' => $id]),\n\t\t\t\t\t\t'formdata' => $forwarder_add_data['emails_addforwarder'],\n\t\t\t\t\t\t'actions_links' => [\n\t\t\t\t\t\t\t[\n\t\t\t\t\t\t\t\t'class' => 'btn-secondary',\n\t\t\t\t\t\t\t\t'href' => $linker->getLink([\n\t\t\t\t\t\t\t\t\t'section' => 'email',\n\t\t\t\t\t\t\t\t\t'page' => 'email_domain',\n\t\t\t\t\t\t\t\t\t'domainid' => $email_domainid,\n\t\t\t\t\t\t\t\t\t'action' => 'edit',\n\t\t\t\t\t\t\t\t\t'id' => $id\n\t\t\t\t\t\t\t\t]),\n\t\t\t\t\t\t\t\t'label' => lng('emails.emails_edit'),\n\t\t\t\t\t\t\t\t'icon' => 'fa-solid fa-pen'\n\t\t\t\t\t\t\t],\n\t\t\t\t\t\t\t[\n\t\t\t\t\t\t\t\t'class' => 'btn-secondary',\n\t\t\t\t\t\t\t\t'href' => $linker->getLink([\n\t\t\t\t\t\t\t\t\t'section' => 'email',\n\t\t\t\t\t\t\t\t\t'page' => 'email_domain',\n\t\t\t\t\t\t\t\t\t'domainid' => $email_domainid\n\t\t\t\t\t\t\t\t]),\n\t\t\t\t\t\t\t\t'label' => lng('menue.email.emails'),\n\t\t\t\t\t\t\t\t'icon' => 'fa-solid fa-envelope'\n\t\t\t\t\t\t\t]\n\t\t\t\t\t\t],\n\t\t\t\t\t]);\n\t\t\t\t}\n\t\t\t}\n\t\t} else {\n\t\t\tResponse::standardError('allresourcesused');\n\t\t}\n\t} elseif ($action == 'delete' && $id != 0) {\n\t\ttry {\n\t\t\t$json_result = Emails::getLocal($userinfo, [\n\t\t\t\t'id' => $id\n\t\t\t])->get();\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\t\t$result = json_decode($json_result, true)['data'];\n\n\t\tif (isset($result['destination']) && $result['destination'] != '') {\n\t\t\t$forwarderid = Request::any('forwarderid', 0);\n\t\t\t$result['destination'] = explode(' ', $result['destination']);\n\n\t\t\tif (isset($result['destination'][$forwarderid]) && $result['email'] != $result['destination'][$forwarderid]) {\n\t\t\t\t$forwarder = $result['destination'][$forwarderid];\n\n\t\t\t\tif (Request::post('send') == 'send') {\n\t\t\t\t\ttry {\n\t\t\t\t\t\tEmailForwarders::getLocal($userinfo, Request::postAll())->delete();\n\t\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t\t\t}\n\t\t\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t\t\t'page' => 'email_domain',\n\t\t\t\t\t\t'domainid' => $email_domainid,\n\t\t\t\t\t\t'action' => 'edit',\n\t\t\t\t\t\t'id' => $id\n\t\t\t\t\t]);\n\t\t\t\t} else {\n\t\t\t\t\tHTML::askYesNo('email_reallydelete_forwarder', $filename, [\n\t\t\t\t\t\t'id' => $id,\n\t\t\t\t\t\t'forwarderid' => $forwarderid,\n\t\t\t\t\t\t'page' => $page,\n\t\t\t\t\t\t'domainid' => $email_domainid,\n\t\t\t\t\t\t'action' => $action\n\t\t\t\t\t], $idna_convert->decode($result['email_full']) . ' -> ' . $idna_convert->decode($forwarder));\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t}\n} elseif ($page == 'senders' && Settings::Get('mail.enable_allow_sender') == '1') {\n\t$email_domainid = Request::any('domainid', 0);\n\tif ($action == 'add' && $id != 0) {\n\t\ttry {\n\t\t\t$json_result = Emails::getLocal($userinfo, [\n\t\t\t\t'id' => $id\n\t\t\t])->get();\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\t\t$result = json_decode($json_result, true)['data'];\n\n\t\tif (isset($result['email']) && $result['email'] != '') {\n\t\t\tif (Request::post('send') == 'send') {\n\t\t\t\ttry {\n\t\t\t\t\t// build target-sender\n\t\t\t\t\t$allowed_sender = Request::post('allowed_sender', '');\n\t\t\t\t\t$allowed_sender .= '@' . Request::post('allowed_domain', '');\n\t\t\t\t\t$postdata = [\n\t\t\t\t\t\t'id' => $id,\n\t\t\t\t\t\t'allowed_sender' => $allowed_sender\n\t\t\t\t\t];\n\t\t\t\t\tEmailSender::getLocal($userinfo, $postdata)->add();\n\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t\t}\n\t\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t\t'page' => 'email_domain',\n\t\t\t\t\t'domainid' => $email_domainid,\n\t\t\t\t\t'action' => 'edit',\n\t\t\t\t\t'id' => $id\n\t\t\t\t]);\n\t\t\t} else {\n\t\t\t\t$result['email_full'] = $idna_convert->decode($result['email_full']);\n\t\t\t\t$result = PhpHelper::htmlentitiesArray($result);\n\n\t\t\t\tif (Settings::Get('mail.allow_external_domains') == '0') {\n\t\t\t\t\t$result_stmt = Database::prepare(\"SELECT `id`, `domain`, `customerid` FROM `\" . TABLE_PANEL_DOMAINS . \"`\n\t\t\t\t\t\tWHERE `customerid`= :cid\n\t\t\t\t\t\tAND `isemaildomain`='1'\n\t\t\t\t\t\tORDER BY `domain_ace` ASC\n\t\t\t\t\t\");\n\t\t\t\t\tDatabase::pexecute($result_stmt, [\n\t\t\t\t\t\t\"cid\" => $userinfo['customerid']\n\t\t\t\t\t]);\n\t\t\t\t\t$domains = [];\n\t\t\t\t\t$selected_domain = \"\";\n\t\t\t\t\twhile ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t\t\tif ($email_domainid == $row['id']) {\n\t\t\t\t\t\t\t$selected_domain = $row['domain'];\n\t\t\t\t\t\t}\n\t\t\t\t\t\t$domains[$row['domain']] = $idna_convert->decode($row['domain']);\n\t\t\t\t\t}\n\n\t\t\t\t\tif (count($domains) == 0) {\n\t\t\t\t\t\tResponse::standardError('emails.noemaildomainaddedyet');\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\t$sender_add_data = include_once dirname(__FILE__) . '/lib/formfields/customer/email/formfield.emails_addsender.php';\n\n\t\t\t\tUI::view('user/form-note.html.twig', [\n\t\t\t\t\t'formaction' => $linker->getLink(['section' => 'email', 'id' => $id]),\n\t\t\t\t\t'formdata' => $sender_add_data['emails_addsender'],\n\t\t\t\t\t'actions_links' => [\n\t\t\t\t\t\t[\n\t\t\t\t\t\t\t'class' => 'btn-secondary',\n\t\t\t\t\t\t\t'href' => $linker->getLink([\n\t\t\t\t\t\t\t\t'section' => 'email',\n\t\t\t\t\t\t\t\t'page' => 'email_domain',\n\t\t\t\t\t\t\t\t'domainid' => $email_domainid,\n\t\t\t\t\t\t\t\t'action' => 'edit',\n\t\t\t\t\t\t\t\t'id' => $id\n\t\t\t\t\t\t\t]),\n\t\t\t\t\t\t\t'label' => lng('emails.emails_edit'),\n\t\t\t\t\t\t\t'icon' => 'fa-solid fa-pen'\n\t\t\t\t\t\t],\n\t\t\t\t\t\t[\n\t\t\t\t\t\t\t'class' => 'btn-secondary',\n\t\t\t\t\t\t\t'href' => $linker->getLink([\n\t\t\t\t\t\t\t\t'section' => 'email',\n\t\t\t\t\t\t\t\t'page' => 'email_domain',\n\t\t\t\t\t\t\t\t'domainid' => $email_domainid\n\t\t\t\t\t\t\t]),\n\t\t\t\t\t\t\t'label' => lng('menue.email.emails'),\n\t\t\t\t\t\t\t'icon' => 'fa-solid fa-envelope'\n\t\t\t\t\t\t]\n\t\t\t\t\t],\n\t\t\t\t\t// alert-box\n\t\t\t\t\t'type' => 'info',\n\t\t\t\t\t'alert_msg' => lng('emails.allowed_sender_info')\n\t\t\t\t]);\n\t\t\t}\n\t\t}\n\t} elseif ($action == 'delete' && $id != 0) {\n\t\ttry {\n\t\t\t$json_result = Emails::getLocal($userinfo, [\n\t\t\t\t'id' => $id\n\t\t\t])->get();\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\t\t$result = json_decode($json_result, true)['data'];\n\n\t\tif (!empty($result['popaccountid'])) {\n\t\t\t$senderid = Request::any('senderid', 0);\n\n\t\t\tif (Request::post('send') == 'send') {\n\t\t\t\ttry {\n\t\t\t\t\tEmailSender::getLocal($userinfo, Request::postAll())->delete();\n\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t\t}\n\t\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t\t'page' => 'email_domain',\n\t\t\t\t\t'domainid' => $email_domainid,\n\t\t\t\t\t'action' => 'edit',\n\t\t\t\t\t'id' => $id\n\t\t\t\t]);\n\t\t\t} else {\n\t\t\t\t$sel_stmt = Database::prepare(\"\n\t\t\t\t\tSELECT s.`allowed_sender`\n\t\t\t\t\tFROM `\" . TABLE_MAIL_SENDER_ALIAS . \"` s\n\t\t\t\t\tLEFT JOIN `\" . TABLE_MAIL_USERS . \"` u ON u.username = s.email\n\t\t\t\t\tWHERE u.id = :popaccountid AND u.customerid = :cid AND s.id = :senderid\n\t\t\t\t\");\n\t\t\t\t$sender_data = Database::pexecute_first($sel_stmt, ['popaccountid' => $result['popaccountid'], 'cid' => $userinfo['customerid'], 'senderid' => (int)$senderid]);\n\n\t\t\t\tif ($sender_data) {\n\t\t\t\t\tHTML::askYesNo('email_reallydelete_sender', $filename, [\n\t\t\t\t\t\t'id' => $id,\n\t\t\t\t\t\t'senderid' => $senderid,\n\t\t\t\t\t\t'page' => $page,\n\t\t\t\t\t\t'domainid' => $email_domainid,\n\t\t\t\t\t\t'action' => $action\n\t\t\t\t\t], $idna_convert->decode($result['email_full']) . ' -> ' . $sender_data['allowed_sender']);\n\t\t\t\t}\n\t\t\t\tResponse::dynamicError('No such entity');\n\t\t\t}\n\t\t}\n\t}\n}\n" }, { "path": "customer_extras.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nconst AREA = 'customer';\nrequire __DIR__ . '/lib/init.php';\n\nuse Froxlor\\Api\\Commands\\DataDump as DataDump;\nuse Froxlor\\Api\\Commands\\DirOptions as DirOptions;\nuse Froxlor\\Api\\Commands\\DirProtections as DirProtections;\nuse Froxlor\\Customer\\Customer;\nuse Froxlor\\FileDir;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\PhpHelper;\nuse Froxlor\\Settings;\nuse Froxlor\\UI\\Collection;\nuse Froxlor\\UI\\HTML;\nuse Froxlor\\UI\\Listing;\nuse Froxlor\\UI\\Panel\\UI;\nuse Froxlor\\UI\\Request;\nuse Froxlor\\UI\\Response;\n\n// redirect if this customer page is hidden via settings\nif (Settings::IsInList('panel.customer_hide_options', 'extras')) {\n\tResponse::redirectTo('customer_index.php');\n}\n\n$id = (int)Request::any('id');\n\nif ($page == 'overview' || $page == 'htpasswds') {\n\t// redirect if this customer sub-page is hidden via settings\n\tif (Settings::IsInList('panel.customer_hide_options', 'extras.directoryprotection')) {\n\t\tResponse::redirectTo('customer_index.php');\n\t}\n\n\tif ($action == '') {\n\t\t$log->logAction(FroxlorLogger::USR_ACTION, LOG_NOTICE, \"viewed customer_extras::htpasswds\");\n\t\t$fields = [\n\t\t\t'username' => lng('login.username'),\n\t\t\t'path' => lng('panel.path')\n\t\t];\n\t\ttry {\n\t\t\t$htpasswd_list_data = include_once dirname(__FILE__) . '/lib/tablelisting/customer/tablelisting.htpasswd.php';\n\t\t\t$collection = (new Collection(DirProtections::class, $userinfo))\n\t\t\t\t->withPagination($htpasswd_list_data['htpasswd_list']['columns'], $htpasswd_list_data['htpasswd_list']['default_sorting']);\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\n\t\t$actions_links = [];\n\t\t$actions_links[] = [\n\t\t\t'href' => $linker->getLink(['section' => 'extras', 'page' => 'htpasswds', 'action' => 'add']),\n\t\t\t'label' => lng('extras.directoryprotection_add')\n\t\t];\n\n\t\t$actions_links[] = [\n\t\t\t'href' => \\Froxlor\\Froxlor::getDocsUrl() . 'user-guide/extras/',\n\t\t\t'target' => '_blank',\n\t\t\t'icon' => 'fa-solid fa-circle-info',\n\t\t\t'class' => 'btn-outline-secondary'\n\t\t];\n\n\t\tUI::view('user/table.html.twig', [\n\t\t\t'listing' => Listing::format($collection, $htpasswd_list_data, 'htpasswd_list'),\n\t\t\t'actions_links' => $actions_links,\n\t\t\t'entity_info' => lng('extras.description')\n\t\t]);\n\t} elseif ($action == 'delete' && $id != 0) {\n\t\ttry {\n\t\t\t$json_result = DirProtections::getLocal($userinfo, [\n\t\t\t\t'id' => $id\n\t\t\t])->get();\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\t\t$result = json_decode($json_result, true)['data'];\n\n\t\tif (isset($result['username']) && $result['username'] != '') {\n\t\t\tif (Request::post('send') == 'send') {\n\t\t\t\ttry {\n\t\t\t\t\tDirProtections::getLocal($userinfo, Request::postAll())->delete();\n\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t\t}\n\t\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t\t'page' => $page\n\t\t\t\t]);\n\t\t\t} else {\n\t\t\t\tif (strpos($result['path'], $userinfo['documentroot']) === 0) {\n\t\t\t\t\t$result['path'] = str_replace($userinfo['documentroot'], \"/\", $result['path']);\n\t\t\t\t}\n\n\t\t\t\tHTML::askYesNo('extras_reallydelete', $filename, [\n\t\t\t\t\t'id' => $id,\n\t\t\t\t\t'page' => $page,\n\t\t\t\t\t'action' => $action\n\t\t\t\t], $result['username'] . ' (' . $result['path'] . ')');\n\t\t\t}\n\t\t}\n\t} elseif ($action == 'add') {\n\t\tif (Request::post('send') == 'send') {\n\t\t\ttry {\n\t\t\t\tDirProtections::getLocal($userinfo, Request::postAll())->add();\n\t\t\t} catch (Exception $e) {\n\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t}\n\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t'page' => $page\n\t\t\t]);\n\t\t} else {\n\t\t\t$pathSelect = FileDir::makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid']);\n\n\t\t\t$htpasswd_add_data = include_once dirname(__FILE__) . '/lib/formfields/customer/extras/formfield.htpasswd_add.php';\n\n\t\t\tUI::view('user/form.html.twig', [\n\t\t\t\t'formaction' => $linker->getLink(['section' => 'extras']),\n\t\t\t\t'formdata' => $htpasswd_add_data['htpasswd_add']\n\t\t\t]);\n\t\t}\n\t} elseif ($action == 'edit' && $id != 0) {\n\t\ttry {\n\t\t\t$json_result = DirProtections::getLocal($userinfo, [\n\t\t\t\t'id' => $id\n\t\t\t])->get();\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\t\t$result = json_decode($json_result, true)['data'];\n\n\t\tif (isset($result['username']) && $result['username'] != '') {\n\t\t\tif (Request::post('send') == 'send') {\n\t\t\t\ttry {\n\t\t\t\t\tDirProtections::getLocal($userinfo, Request::postAll())->update();\n\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t\t}\n\t\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t\t'page' => $page\n\t\t\t\t]);\n\t\t\t} else {\n\t\t\t\tif (strpos($result['path'], $userinfo['documentroot']) === 0) {\n\t\t\t\t\t$result['path'] = str_replace($userinfo['documentroot'], \"/\", $result['path']);\n\t\t\t\t}\n\t\t\t\t$result = PhpHelper::htmlentitiesArray($result);\n\n\t\t\t\t$htpasswd_edit_data = include_once dirname(__FILE__) . '/lib/formfields/customer/extras/formfield.htpasswd_edit.php';\n\n\t\t\t\tUI::view('user/form.html.twig', [\n\t\t\t\t\t'formaction' => $linker->getLink(['section' => 'extras', 'id' => $id]),\n\t\t\t\t\t'formdata' => $htpasswd_edit_data['htpasswd_edit'],\n\t\t\t\t\t'editid' => $id\n\t\t\t\t]);\n\t\t\t}\n\t\t}\n\t}\n} elseif ($page == 'htaccess') {\n\t// redirect if this customer sub-page is hidden via settings\n\tif (Settings::IsInList('panel.customer_hide_options', 'extras.pathoptions')) {\n\t\tResponse::redirectTo('customer_index.php');\n\t}\n\n\tif ($action == '') {\n\t\t$log->logAction(FroxlorLogger::USR_ACTION, LOG_NOTICE, \"viewed customer_extras::htaccess\");\n\n\t\t$cperlenabled = Customer::customerHasPerlEnabled($userinfo['customerid']);\n\n\t\ttry {\n\t\t\t$htaccess_list_data = include_once dirname(__FILE__) . '/lib/tablelisting/customer/tablelisting.htaccess.php';\n\t\t\t$collection = (new Collection(DirOptions::class, $userinfo))\n\t\t\t\t->withPagination($htaccess_list_data['htaccess_list']['columns'], $htaccess_list_data['htaccess_list']['default_sorting']);\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\n\t\t$actions_links = [];\n\t\t$actions_links[] = [\n\t\t\t'href' => $linker->getLink(['section' => 'extras', 'page' => 'htaccess', 'action' => 'add']),\n\t\t\t'label' => lng('extras.pathoptions_add')\n\t\t];\n\n\t\t$actions_links[] = [\n\t\t\t'href' => \\Froxlor\\Froxlor::getDocsUrl() . 'user-guide/extras/',\n\t\t\t'target' => '_blank',\n\t\t\t'icon' => 'fa-solid fa-circle-info',\n\t\t\t'class' => 'btn-outline-secondary'\n\t\t];\n\n\t\tUI::view('user/table.html.twig', [\n\t\t\t'listing' => Listing::format($collection, $htaccess_list_data, 'htaccess_list'),\n\t\t\t'actions_links' => $actions_links,\n\t\t\t'entity_info' => lng('extras.description')\n\t\t]);\n\t} elseif ($action == 'delete' && $id != 0) {\n\t\ttry {\n\t\t\t$json_result = DirOptions::getLocal($userinfo, [\n\t\t\t\t'id' => $id\n\t\t\t])->get();\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\t\t$result = json_decode($json_result, true)['data'];\n\n\t\tif (isset($result['customerid']) && $result['customerid'] != '' && $result['customerid'] == $userinfo['customerid']) {\n\t\t\tif (Request::post('send') == 'send') {\n\t\t\t\ttry {\n\t\t\t\t\tDirOptions::getLocal($userinfo, Request::postAll())->delete();\n\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t\t}\n\t\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t\t'page' => $page\n\t\t\t\t]);\n\t\t\t} else {\n\t\t\t\tHTML::askYesNo('extras_reallydelete_pathoptions', $filename, [\n\t\t\t\t\t'id' => $id,\n\t\t\t\t\t'page' => $page,\n\t\t\t\t\t'action' => $action\n\t\t\t\t], str_replace($userinfo['documentroot'], '/', $result['path']));\n\t\t\t}\n\t\t}\n\t} elseif ($action == 'add') {\n\t\tif (Request::post('send') == 'send') {\n\t\t\ttry {\n\t\t\t\tDirOptions::getLocal($userinfo, Request::postAll())->add();\n\t\t\t} catch (Exception $e) {\n\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t}\n\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t'page' => $page\n\t\t\t]);\n\t\t} else {\n\t\t\t$pathSelect = FileDir::makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid']);\n\t\t\t$cperlenabled = Customer::customerHasPerlEnabled($userinfo['customerid']);\n\n\t\t\t$htaccess_add_data = include_once dirname(__FILE__) . '/lib/formfields/customer/extras/formfield.htaccess_add.php';\n\n\t\t\tUI::view('user/form.html.twig', [\n\t\t\t\t'formaction' => $linker->getLink(['section' => 'extras']),\n\t\t\t\t'formdata' => $htaccess_add_data['htaccess_add']\n\t\t\t]);\n\t\t}\n\t} elseif (($action == 'edit') && ($id != 0)) {\n\t\ttry {\n\t\t\t$json_result = DirOptions::getLocal($userinfo, [\n\t\t\t\t'id' => $id\n\t\t\t])->get();\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\t\t$result = json_decode($json_result, true)['data'];\n\n\t\tif ((isset($result['customerid'])) && ($result['customerid'] != '') && ($result['customerid'] == $userinfo['customerid'])) {\n\t\t\tif (Request::post('send') == 'send') {\n\t\t\t\ttry {\n\t\t\t\t\tDirOptions::getLocal($userinfo, Request::postAll())->update();\n\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t\t}\n\t\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t\t'page' => $page\n\t\t\t\t]);\n\t\t\t} else {\n\t\t\t\tif (strpos($result['path'], $userinfo['documentroot']) === 0) {\n\t\t\t\t\t$result['path'] = str_replace($userinfo['documentroot'], \"/\", $result['path']);\n\t\t\t\t}\n\t\t\t\t$cperlenabled = Customer::customerHasPerlEnabled($userinfo['customerid']);\n\n\t\t\t\t$result = PhpHelper::htmlentitiesArray($result);\n\n\t\t\t\t$htaccess_edit_data = include_once dirname(__FILE__) . '/lib/formfields/customer/extras/formfield.htaccess_edit.php';\n\n\t\t\t\tUI::view('user/form.html.twig', [\n\t\t\t\t\t'formaction' => $linker->getLink(['section' => 'extras', 'id' => $id]),\n\t\t\t\t\t'formdata' => $htaccess_edit_data['htaccess_edit'],\n\t\t\t\t\t'editid' => $id\n\t\t\t\t]);\n\t\t\t}\n\t\t}\n\t}\n} elseif ($page == 'export') {\n\t// redirect if this customer sub-page is hidden via settings\n\tif (Settings::IsInList('panel.customer_hide_options', 'extras.export')) {\n\t\tResponse::redirectTo('customer_index.php');\n\t}\n\n\tif (Settings::Get('system.exportenabled') == 1) {\n\t\tif ($action == 'abort') {\n\t\t\tif (Request::post('send') == 'send') {\n\t\t\t\t$log->logAction(FroxlorLogger::USR_ACTION, LOG_NOTICE, \"customer_extras::export - aborted scheduled data export job\");\n\t\t\t\ttry {\n\t\t\t\t\tDataDump::getLocal($userinfo, Request::postAll())->delete();\n\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t\t}\n\t\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t\t'page' => $page,\n\t\t\t\t\t'action' => ''\n\t\t\t\t]);\n\t\t\t} else {\n\t\t\t\tHTML::askYesNo('extras_reallydelete_export', $filename, [\n\t\t\t\t\t'job_entry' => $id,\n\t\t\t\t\t'section' => 'extras',\n\t\t\t\t\t'page' => $page,\n\t\t\t\t\t'action' => $action\n\t\t\t\t]);\n\t\t\t}\n\t\t} elseif ($action == '') {\n\t\t\t$log->logAction(FroxlorLogger::USR_ACTION, LOG_INFO, \"viewed customer_extras::export\");\n\n\t\t\t// check whether there is a backup-job for this customer\n\t\t\ttry {\n\t\t\t\t$export_list_data = include_once dirname(__FILE__) . '/lib/tablelisting/customer/tablelisting.export.php';\n\t\t\t\t$collection = (new Collection(DataDump::class, $userinfo));\n\t\t\t} catch (Exception $e) {\n\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t}\n\n\t\t\tif (Request::post('send') == 'send') {\n\t\t\t\ttry {\n\t\t\t\t\tDataDump::getLocal($userinfo, Request::postAll())->add();\n\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t\t}\n\t\t\t\tResponse::standardSuccess('exportscheduled');\n\t\t\t} else {\n\t\t\t\t$pathSelect = FileDir::makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid']);\n\t\t\t\t$export_data = include_once dirname(__FILE__) . '/lib/formfields/customer/extras/formfield.export.php';\n\n\t\t\t\t$actions_links = [\n\t\t\t\t\t[\n\t\t\t\t\t\t'href' => \\Froxlor\\Froxlor::getDocsUrl() . 'user-guide/extras/',\n\t\t\t\t\t\t'target' => '_blank',\n\t\t\t\t\t\t'icon' => 'fa-solid fa-circle-info',\n\t\t\t\t\t\t'class' => 'btn-outline-secondary'\n\t\t\t\t\t]\n\t\t\t\t];\n\n\t\t\t\tUI::view('user/form-datatable.html.twig', [\n\t\t\t\t\t'formaction' => $linker->getLink(['section' => 'extras']),\n\t\t\t\t\t'formdata' => $export_data['export'],\n\t\t\t\t\t'actions_links' => $actions_links,\n\t\t\t\t\t'tabledata' => Listing::format($collection, $export_list_data, 'export_list'),\n\t\t\t\t]);\n\t\t\t}\n\t\t}\n\t} else {\n\t\tResponse::standardError('exportfunctionnotenabled');\n\t}\n}\n" }, { "path": "customer_ftp.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nconst AREA = 'customer';\nrequire __DIR__ . '/lib/init.php';\n\nuse Froxlor\\Api\\Commands\\Ftps;\nuse Froxlor\\Api\\Commands\\SshKeys;\nuse Froxlor\\CurrentUser;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\FileDir;\nuse Froxlor\\Froxlor;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\Settings;\nuse Froxlor\\UI\\Collection;\nuse Froxlor\\UI\\HTML;\nuse Froxlor\\UI\\Listing;\nuse Froxlor\\UI\\Panel\\UI;\nuse Froxlor\\UI\\Request;\nuse Froxlor\\UI\\Response;\n\n// redirect if this customer page is hidden via settings\nif (Settings::IsInList('panel.customer_hide_options', 'ftp')) {\n\tResponse::redirectTo('customer_index.php');\n}\n\n$id = (int)Request::any('id', 0);\n\nif ($page == 'overview' || $page == 'accounts') {\n\tif ($action == '') {\n\t\t$log->logAction(FroxlorLogger::USR_ACTION, LOG_NOTICE, \"viewed customer_ftp::accounts\");\n\t\ttry {\n\t\t\t$ftp_list_data = include_once dirname(__FILE__) . '/lib/tablelisting/customer/tablelisting.ftps.php';\n\t\t\t$collection = (new Collection(Ftps::class, $userinfo))\n\t\t\t\t->withPagination($ftp_list_data['ftp_list']['columns'], $ftp_list_data['ftp_list']['default_sorting']);\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\n\t\t$actions_links = [];\n\t\tif (CurrentUser::canAddResource('ftps')) {\n\t\t\t$actions_links[] = [\n\t\t\t\t'href' => $linker->getLink(['section' => 'ftp', 'page' => 'accounts', 'action' => 'add']),\n\t\t\t\t'label' => lng('ftp.account_add')\n\t\t\t];\n\t\t}\n\t\t$actions_links[] = [\n\t\t\t'href' => Froxlor::getDocsUrl() . 'user-guide/ftp-accounts/',\n\t\t\t'target' => '_blank',\n\t\t\t'icon' => 'fa-solid fa-circle-info',\n\t\t\t'class' => 'btn-outline-secondary'\n\t\t];\n\n\t\tUI::view('user/table.html.twig', [\n\t\t\t'listing' => Listing::format($collection, $ftp_list_data, 'ftp_list'),\n\t\t\t'actions_links' => $actions_links,\n\t\t\t'entity_info' => lng('ftp.description')\n\t\t]);\n\t} elseif ($action == 'delete' && $id != 0) {\n\t\ttry {\n\t\t\t$json_result = Ftps::getLocal($userinfo, [\n\t\t\t\t'id' => $id\n\t\t\t])->get();\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\t\t$result = json_decode($json_result, true)['data'];\n\n\t\tif (isset($result['username']) && $result['username'] != $userinfo['loginname']) {\n\t\t\tif (Request::post('send') == 'send') {\n\t\t\t\ttry {\n\t\t\t\t\tFtps::getLocal($userinfo, Request::postAll())->delete();\n\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t\t}\n\t\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t\t'page' => $page\n\t\t\t\t]);\n\t\t\t} else {\n\t\t\t\tHTML::askYesNoWithCheckbox('ftp_reallydelete', 'admin_customer_alsoremoveftphomedir', $filename, [\n\t\t\t\t\t'id' => $id,\n\t\t\t\t\t'page' => $page,\n\t\t\t\t\t'action' => $action\n\t\t\t\t], $result['username']);\n\t\t\t}\n\t\t} else {\n\t\t\tResponse::standardError('ftp_cantdeletemainaccount');\n\t\t}\n\t} elseif ($action == 'add') {\n\t\tif ($userinfo['ftps_used'] < $userinfo['ftps'] || $userinfo['ftps'] == '-1') {\n\t\t\tif (Request::post('send') == 'send') {\n\t\t\t\ttry {\n\t\t\t\t\tFtps::getLocal($userinfo, Request::postAll())->add();\n\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t\t}\n\t\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t\t'page' => $page\n\t\t\t\t]);\n\t\t\t} else {\n\t\t\t\t$pathSelect = FileDir::makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid'], '/');\n\n\t\t\t\tif (Settings::Get('customer.ftpatdomain') == '1') {\n\t\t\t\t\t$domainlist = [];\n\t\t\t\t\t$result_domains_stmt = Database::prepare(\"SELECT `domain` FROM `\" . TABLE_PANEL_DOMAINS . \"`\n\t\t\t\t\t\tWHERE `customerid`= :customerid ORDER BY `domain` ASC\");\n\t\t\t\t\tDatabase::pexecute($result_domains_stmt, [\n\t\t\t\t\t\t\"customerid\" => $userinfo['customerid']\n\t\t\t\t\t]);\n\n\t\t\t\t\twhile ($row_domain = $result_domains_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t\t\t$domainlist[$row_domain['domain']] = $idna_convert->decode($row_domain['domain']);\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\t$user_shell_allowed = intval($userinfo['shell_allowed']) == 1;\n\t\t\t\tif (Settings::Get('system.allow_customer_shell') == '1') {\n\t\t\t\t\t$shells['/bin/false'] = \"/bin/false\";\n\t\t\t\t\t$shells_avail = Settings::Get('system.available_shells');\n\t\t\t\t\tif (!empty($shells_avail)) {\n\t\t\t\t\t\t$shells_avail_arr = explode(\",\", $shells_avail);\n\t\t\t\t\t\t$shells_avail_arr = array_map(\"trim\", $shells_avail_arr);\n\t\t\t\t\t\tforeach ($shells_avail_arr as $shell) {\n\t\t\t\t\t\t\t$shells[$shell] = $shell;\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\t$ftp_add_data = include_once dirname(__FILE__) . '/lib/formfields/customer/ftp/formfield.ftp_add.php';\n\n\t\t\t\tUI::view('user/form.html.twig', [\n\t\t\t\t\t'formaction' => $linker->getLink(['section' => 'ftp']),\n\t\t\t\t\t'formdata' => $ftp_add_data['ftp_add']\n\t\t\t\t]);\n\t\t\t}\n\t\t}\n\t} elseif ($action == 'edit' && $id != 0) {\n\t\ttry {\n\t\t\t$json_result = Ftps::getLocal($userinfo, [\n\t\t\t\t'id' => $id\n\t\t\t])->get();\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\t\t$result = json_decode($json_result, true)['data'];\n\n\t\tif (isset($result['username']) && $result['username'] != '') {\n\t\t\tif (Request::post('send') == 'send') {\n\t\t\t\ttry {\n\t\t\t\t\tFtps::getLocal($userinfo, Request::postAll())->update();\n\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t\t}\n\t\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t\t'page' => $page\n\t\t\t\t]);\n\t\t\t} else {\n\t\t\t\tif (strpos($result['homedir'], $userinfo['documentroot']) === 0) {\n\t\t\t\t\t$homedir = str_replace($userinfo['documentroot'], \"/\", $result['homedir']);\n\t\t\t\t} else {\n\t\t\t\t\t$homedir = $result['homedir'];\n\t\t\t\t}\n\t\t\t\t$homedir = FileDir::makeCorrectDir($homedir);\n\n\t\t\t\t$pathSelect = FileDir::makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid'], $homedir);\n\n\t\t\t\t$user_shell_allowed = intval($userinfo['shell_allowed']) == 1;\n\t\t\t\tif (Settings::Get('system.allow_customer_shell') == '1') {\n\t\t\t\t\t$shells['/bin/false'] = \"/bin/false\";\n\t\t\t\t\t$shells_avail = Settings::Get('system.available_shells');\n\t\t\t\t\tif (!empty($shells_avail)) {\n\t\t\t\t\t\t$shells_avail_arr = explode(\",\", $shells_avail);\n\t\t\t\t\t\t$shells_avail_arr = array_map(\"trim\", $shells_avail_arr);\n\t\t\t\t\t\tforeach ($shells_avail_arr as $shell) {\n\t\t\t\t\t\t\t$shells[$shell] = $shell;\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\t$ftp_edit_data = include_once dirname(__FILE__) . '/lib/formfields/customer/ftp/formfield.ftp_edit.php';\n\n\t\t\t\tUI::view('user/form.html.twig', [\n\t\t\t\t\t'formaction' => $linker->getLink(['section' => 'ftp', 'id' => $id]),\n\t\t\t\t\t'formdata' => $ftp_edit_data['ftp_edit'],\n\t\t\t\t\t'editid' => $id\n\t\t\t\t]);\n\t\t\t}\n\t\t}\n\t}\n} elseif ($page == 'sshkeys') {\n\n\t// redirect if this customer has no permission for API usage\n\tif ($userinfo['adminsession'] == 0 && (intval(Settings::Get('system.allow_customer_shell')) == 0 || $userinfo['shell_allowed'] == 0)) {\n\t\tResponse::redirectTo('customer_index.php');\n\t}\n\n\tif ($action == '') {\n\t\t$log->logAction(FroxlorLogger::USR_ACTION, LOG_NOTICE, \"viewed customer_ftp::sshkeys\");\n\t\ttry {\n\t\t\t$sshkeys_list_data = include_once dirname(__FILE__) . '/lib/tablelisting/customer/tablelisting.sshkeys.php';\n\t\t\t$collection = (new Collection(SshKeys::class, $userinfo))\n\t\t\t\t->withPagination($sshkeys_list_data['sshkeys_list']['columns'], $sshkeys_list_data['sshkeys_list']['default_sorting']);\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\n\t\t$actions_links = [];\n\t\tif (/* User-has-ftp-users-with-active-shell */\n\t\ttrue) {\n\t\t\t$actions_links[] = [\n\t\t\t\t'href' => $linker->getLink(['section' => 'ftp', 'page' => 'sshkeys', 'action' => 'add']),\n\t\t\t\t'label' => lng('ftp.sshkey_add')\n\t\t\t];\n\t\t}\n\t\t$actions_links[] = [\n\t\t\t'href' => Froxlor::getDocsUrl() . 'user-guide/ssh-keys/',\n\t\t\t'target' => '_blank',\n\t\t\t'icon' => 'fa-solid fa-circle-info',\n\t\t\t'class' => 'btn-outline-secondary'\n\t\t];\n\n\t\tUI::view('user/table.html.twig', [\n\t\t\t'listing' => Listing::format($collection, $sshkeys_list_data, 'sshkeys_list'),\n\t\t\t'actions_links' => $actions_links,\n\t\t\t'entity_info' => lng('sshkeys.description')\n\t\t]);\n\t} elseif ($action == 'add') {\n\n\t\tif (Request::post('send') == 'send') {\n\t\t\ttry {\n\t\t\t\tSshKeys::getLocal($userinfo, Request::postAll())->add();\n\t\t\t} catch (Exception $e) {\n\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t}\n\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t'page' => $page\n\t\t\t]);\n\t\t} else {\n\n\t\t\t$userList = [];\n\t\t\t$result_ftpusers_stmt = Database::prepare(\"\n\t\t\t\tSELECT `id`, `username`, `shell`\n\t\t\t\tFROM `\" . TABLE_FTP_USERS . \"`\n\t\t\t\tWHERE `customerid` = :customerid\n\t\t\t\tORDER BY `username` ASC\n\t\t\t\");\n\t\t\tDatabase::pexecute($result_ftpusers_stmt, [\n\t\t\t\t\"customerid\" => $userinfo['customerid']\n\t\t\t]);\n\n\t\t\twhile ($row_ftpusers = $result_ftpusers_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t$userList[$row_ftpusers['id']] = $row_ftpusers['username'] . ' (Shell: ' . $row_ftpusers['shell'] . ')';\n\t\t\t}\n\n\t\t\t$sshkey_add_data = include_once dirname(__FILE__) . '/lib/formfields/customer/ftp/formfield.ftp_ssh_add.php';\n\n\t\t\tUI::view('user/form.html.twig', [\n\t\t\t\t'formaction' => $linker->getLink(['section' => 'ftp', 'page' => 'sshkeys']),\n\t\t\t\t'formdata' => $sshkey_add_data['sshkey_add']\n\t\t\t]);\n\t\t}\n\t} elseif ($action == 'edit' && $id != 0) {\n\t\ttry {\n\t\t\t$json_result = SshKeys::getLocal($userinfo, [\n\t\t\t\t'id' => $id\n\t\t\t])->get();\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\t\t$result = json_decode($json_result, true)['data'];\n\n\t\tif (isset($result['ssh_pubkey']) && $result['ssh_pubkey'] != '') {\n\t\t\tif (Request::post('send') == 'send') {\n\t\t\t\ttry {\n\t\t\t\t\tSshKeys::getLocal($userinfo, Request::postAll())->update();\n\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t\t}\n\t\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t\t'page' => $page\n\t\t\t\t]);\n\t\t\t} else {\n\n\t\t\t\t$sshkey_edit_data = include_once dirname(__FILE__) . '/lib/formfields/customer/ftp/formfield.ftp_ssh_edit.php';\n\n\t\t\t\tUI::view('user/form.html.twig', [\n\t\t\t\t\t'formaction' => $linker->getLink(['section' => 'ftp', 'page' => 'sshkeys', 'id' => $id]),\n\t\t\t\t\t'formdata' => $sshkey_edit_data['sshkey_edit'],\n\t\t\t\t\t'editid' => $id\n\t\t\t\t]);\n\t\t\t}\n\t\t}\n\t} elseif ($action == 'delete' && $id != 0) {\n\t\ttry {\n\t\t\t$json_result = SshKeys::getLocal($userinfo, [\n\t\t\t\t'id' => $id\n\t\t\t])->get();\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\t\t$result = json_decode($json_result, true)['data'];\n\n\t\tif (isset($result['ssh_pubkey']) && $result['ssh_pubkey'] != '') {\n\t\t\tif (Request::post('send') == 'send') {\n\t\t\t\ttry {\n\t\t\t\t\tSshKeys::getLocal($userinfo, Request::postAll())->delete();\n\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t\t}\n\t\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t\t'page' => $page\n\t\t\t\t]);\n\t\t\t} else {\n\t\t\t\tHTML::askYesNo('sshkey_reallydelete', $filename, [\n\t\t\t\t\t'id' => $id,\n\t\t\t\t\t'page' => $page,\n\t\t\t\t\t'action' => $action\n\t\t\t\t], $result['fingerprint']);\n\t\t\t}\n\t\t}\n\t}\n}\n" }, { "path": "customer_index.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nconst AREA = 'customer';\nrequire __DIR__ . '/lib/init.php';\n\nuse Froxlor\\Api\\Commands\\Customers as Customers;\nuse Froxlor\\Cron\\TaskId;\nuse Froxlor\\CurrentUser;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\Database\\DbManager;\nuse Froxlor\\Froxlor;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\Language;\nuse Froxlor\\Settings;\nuse Froxlor\\System\\Cronjob;\nuse Froxlor\\System\\Crypt;\nuse Froxlor\\UI\\Panel\\UI;\nuse Froxlor\\UI\\Request;\nuse Froxlor\\UI\\Response;\nuse Froxlor\\Validate\\Validate;\n\nif ($action == 'logout') {\n\t$log->logAction(FroxlorLogger::USR_ACTION, LOG_INFO, 'logged out');\n\n\tunset($_SESSION['userinfo']);\n\tCurrentUser::setData();\n\tsession_destroy();\n\n\tResponse::redirectTo('index.php');\n} elseif ($action == 'suback') {\n\tif (is_array(CurrentUser::getField('switched_user'))) {\n\t\t$result = CurrentUser::getData();\n\t\t$result = $result['switched_user'];\n\t\tsession_regenerate_id(true);\n\t\tCurrentUser::setData($result);\n\t\t$target = Request::get('target', 'index');\n\t\t$redirect = \"admin_\" . $target . \".php\";\n\t\tif (!file_exists(Froxlor::getInstallDir() . \"/\" . $redirect)) {\n\t\t\t$redirect = \"admin_index.php\";\n\t\t}\n\t\tResponse::redirectTo($redirect, null, true);\n\t} else {\n\t\tResponse::dynamicError(\"Cannot change back - You've never switched to another user :-)\");\n\t}\n}\n\nif ($page == 'overview') {\n\t$log->logAction(FroxlorLogger::USR_ACTION, LOG_INFO, \"viewed customer_index\");\n\n\t$domain_stmt = Database::prepare(\"SELECT `domain` FROM `\" . TABLE_PANEL_DOMAINS . \"`\n\t\tWHERE `customerid` = :customerid\n\t\tAND `parentdomainid` = '0'\n\t\tAND `id` <> :standardsubdomain\n\t\");\n\tDatabase::pexecute($domain_stmt, [\n\t\t\"customerid\" => $userinfo['customerid'],\n\t\t\"standardsubdomain\" => $userinfo['standardsubdomain']\n\t]);\n\n\t$domainArray = [];\n\twhile ($row = $domain_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t$domainArray[] = $idna_convert->decode($row['domain']);\n\t}\n\tnatsort($domainArray);\n\n\t// standard-subdomain\n\t$stdsubdomain = '';\n\tif ($userinfo['standardsubdomain'] != '0') {\n\t\t$std_domain_stmt = Database::prepare(\"\n\t\t\tSELECT `domain` FROM `\" . TABLE_PANEL_DOMAINS . \"`\n\t\t\tWHERE `customerid` = :customerid\n\t\t\tAND `id` = :standardsubdomain\n\t\t\");\n\t\t$std_domain = Database::pexecute_first($std_domain_stmt, [\n\t\t\t\"customerid\" => $userinfo['customerid'],\n\t\t\t\"standardsubdomain\" => $userinfo['standardsubdomain']\n\t\t]);\n\t\t$stdsubdomain = $std_domain['domain'];\n\t}\n\n\t$userinfo['email'] = $idna_convert->decode($userinfo['email']);\n\t$yesterday = time() - (60 * 60 * 24);\n\t$month = date('M Y', $yesterday);\n\n\t// get disk-space usages for web, mysql and mail\n\t$usages_stmt = Database::prepare(\"SELECT * FROM `\" . TABLE_PANEL_DISKSPACE . \"` WHERE `customerid` = :cid ORDER BY `stamp` DESC LIMIT 1\");\n\t$usages = Database::pexecute_first($usages_stmt, [\n\t\t'cid' => $userinfo['customerid']\n\t]);\n\n\t// get everything in bytes for the percentage calculation on the dashboard\n\t$userinfo['diskspace_bytes'] = ($userinfo['diskspace'] > -1) ? $userinfo['diskspace'] * 1024 : -1;\n\t$userinfo['traffic_bytes'] = ($userinfo['traffic'] > -1) ? $userinfo['traffic'] * 1024 : -1;\n\t$userinfo['traffic_bytes_used'] = $userinfo['traffic_used'] * 1024;\n\n\tif (Settings::Get('system.mail_quota_enabled')) {\n\t\t$userinfo['email_quota_bytes'] = ($userinfo['email_quota'] > -1) ? $userinfo['email_quota'] * 1024 * 1024 : -1;\n\t\t$userinfo['email_quota_bytes_used'] = $userinfo['email_quota_used'] * 1024 * 1024;\n\t}\n\n\tif ($usages) {\n\t\t$userinfo['diskspace_bytes_used'] = $usages['webspace'] * 1024;\n\t\t$userinfo['mailspace_used'] = $usages['mail'] * 1024;\n\t\t$userinfo['dbspace_used'] = $usages['mysql'] * 1024;\n\t\t$userinfo['total_bytes_used'] = ($usages['webspace'] + $usages['mail'] + $usages['mysql']) * 1024;\n\t} else {\n\t\t$userinfo['diskspace_bytes_used'] = 0;\n\t\t$userinfo['total_bytes_used'] = 0;\n\t\t$userinfo['mailspace_used'] = 0;\n\t\t$userinfo['dbspace_used'] = 0;\n\t}\n\n\tUI::twig()->addGlobal('userinfo', $userinfo);\n\tUI::view('user/index.html.twig', [\n\t\t'domains' => $domainArray,\n\t\t'stdsubdomain' => $stdsubdomain\n\t]);\n} elseif ($page == 'profile') {\n\t$languages = Language::getLanguages();\n\n\tif (!empty($_POST)) {\n\t\tif (Request::post('send') == 'changepassword') {\n\t\t\t$old_password = Validate::validate(Request::post('old_password'), 'old password');\n\n\t\t\tif (!Crypt::validatePasswordLogin($userinfo, $old_password, TABLE_PANEL_CUSTOMERS, 'customerid')) {\n\t\t\t\tResponse::standardError('oldpasswordnotcorrect');\n\t\t\t}\n\n\t\t\ttry {\n\t\t\t\t$new_password = Crypt::validatePassword(Request::post('new_password'), 'new password');\n\t\t\t\t$new_password_confirm = Crypt::validatePassword(Request::post('new_password_confirm'), 'new password confirm');\n\t\t\t} catch (Exception $e) {\n\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t}\n\n\t\t\tif ($old_password == '') {\n\t\t\t\tResponse::standardError([\n\t\t\t\t\t'stringisempty',\n\t\t\t\t\t'changepassword.old_password'\n\t\t\t\t]);\n\t\t\t} elseif ($new_password == '') {\n\t\t\t\tResponse::standardError([\n\t\t\t\t\t'stringisempty',\n\t\t\t\t\t'changepassword.new_password'\n\t\t\t\t]);\n\t\t\t} elseif ($new_password_confirm == '') {\n\t\t\t\tResponse::standardError([\n\t\t\t\t\t'stringisempty',\n\t\t\t\t\t'changepassword.new_password_confirm'\n\t\t\t\t]);\n\t\t\t} elseif ($new_password != $new_password_confirm) {\n\t\t\t\tResponse::standardError('newpasswordconfirmerror');\n\t\t\t} else {\n\t\t\t\t// Update user password\n\t\t\t\ttry {\n\t\t\t\t\tCustomers::getLocal($userinfo, [\n\t\t\t\t\t\t'id' => $userinfo['customerid'],\n\t\t\t\t\t\t'new_customer_password' => $new_password\n\t\t\t\t\t])->update();\n\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t\t}\n\t\t\t\t$log->logAction(FroxlorLogger::USR_ACTION, LOG_NOTICE, 'changed password');\n\n\t\t\t\t// Update ftp password\n\t\t\t\tif (Request::post('change_main_ftp') == 'true') {\n\t\t\t\t\t$cryptPassword = Crypt::makeCryptPassword($new_password);\n\t\t\t\t\t$stmt = Database::prepare(\"UPDATE `\" . TABLE_FTP_USERS . \"`\n\t\t\t\t\tSET `password` = :password\n\t\t\t\t\tWHERE `customerid` = :customerid\n\t\t\t\t\tAND `username` = :username\");\n\t\t\t\t\t$params = [\n\t\t\t\t\t\t\"password\" => $cryptPassword,\n\t\t\t\t\t\t\"customerid\" => $userinfo['customerid'],\n\t\t\t\t\t\t\"username\" => $userinfo['loginname']\n\t\t\t\t\t];\n\t\t\t\t\tDatabase::pexecute($stmt, $params);\n\t\t\t\t\t$log->logAction(FroxlorLogger::USR_ACTION, LOG_NOTICE, 'changed main ftp password');\n\t\t\t\t}\n\n\t\t\t\t// Update statistics password\n\t\t\t\tif (Request::post('change_stats') == 'true') {\n\t\t\t\t\t$new_stats_password = Crypt::makeCryptPassword($new_password, true);\n\n\t\t\t\t\t$stmt = Database::prepare(\"UPDATE `\" . TABLE_PANEL_HTPASSWDS . \"`\n\t\t\t\t\tSET `password` = :password\n\t\t\t\t\tWHERE `customerid` = :customerid\n\t\t\t\t\tAND `username` = :username\");\n\t\t\t\t\t$params = [\n\t\t\t\t\t\t\"password\" => $new_stats_password,\n\t\t\t\t\t\t\"customerid\" => $userinfo['customerid'],\n\t\t\t\t\t\t\"username\" => $userinfo['loginname']\n\t\t\t\t\t];\n\t\t\t\t\tDatabase::pexecute($stmt, $params);\n\t\t\t\t\tCronjob::inserttask(TaskId::REBUILD_VHOST);\n\t\t\t\t}\n\n\t\t\t\t// Update global myqsl user password\n\t\t\t\tif ($userinfo['mysqls'] != 0 && Request::post('change_global_mysql') == 'true') {\n\t\t\t\t\t$allowed_mysqlservers = json_decode($userinfo['allowed_mysqlserver'] ?? '[]', true);\n\t\t\t\t\tforeach ($allowed_mysqlservers as $dbserver) {\n\t\t\t\t\t\t// require privileged access for target db-server\n\t\t\t\t\t\tDatabase::needRoot(true, $dbserver, false);\n\t\t\t\t\t\t// get DbManager\n\t\t\t\t\t\t$dbm = new DbManager($log);\n\t\t\t\t\t\t// give permission to the user on every access-host we have\n\t\t\t\t\t\tforeach (array_map('trim', explode(',', Settings::Get('system.mysql_access_host'))) as $mysql_access_host) {\n\t\t\t\t\t\t\tif ($dbm->getManager()->userExistsOnHost($userinfo['loginname'], $mysql_access_host)) {\n\t\t\t\t\t\t\t\t$dbm->getManager()->grantPrivilegesTo($userinfo['loginname'], $new_password, $mysql_access_host, false, true);\n\t\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t\t// create global mysql user if not exists\n\t\t\t\t\t\t\t\t$dbm->getManager()->grantPrivilegesTo($userinfo['loginname'], $new_password, $mysql_access_host, false, false, true);\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t\t$dbm->getManager()->flushPrivileges();\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\tResponse::redirectTo($filename);\n\t\t\t}\n\t\t} elseif (Request::post('send') == 'changetheme') {\n\t\t\tif (Settings::Get('panel.allow_theme_change_customer') == 1) {\n\t\t\t\t$theme = Validate::validate(Request::post('theme'), 'theme');\n\t\t\t\ttry {\n\t\t\t\t\tCustomers::getLocal($userinfo, [\n\t\t\t\t\t\t'id' => $userinfo['customerid'],\n\t\t\t\t\t\t'theme' => $theme\n\t\t\t\t\t])->update();\n\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t\t}\n\n\t\t\t\t$log->logAction(FroxlorLogger::USR_ACTION, LOG_NOTICE, \"changed default theme to '\" . $theme . \"'\");\n\t\t\t}\n\t\t\tResponse::redirectTo($filename);\n\t\t} elseif (Request::post('send') == 'changelanguage') {\n\t\t\t$def_language = Validate::validate(Request::post('def_language'), 'default language');\n\t\t\tif (isset($languages[$def_language])) {\n\t\t\t\ttry {\n\t\t\t\t\tCustomers::getLocal($userinfo, [\n\t\t\t\t\t\t'id' => $userinfo['customerid'],\n\t\t\t\t\t\t'def_language' => $def_language\n\t\t\t\t\t])->update();\n\t\t\t\t\tCurrentUser::setField('language', $def_language);\n\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t\t}\n\t\t\t}\n\t\t\t$log->logAction(FroxlorLogger::USR_ACTION, LOG_NOTICE, \"changed default language to '\" . $def_language . \"'\");\n\t\t\tResponse::redirectTo($filename);\n\t\t}\n\t} else {\n\t\t// change theme\n\t\t$default_theme = Settings::Get('panel.default_theme');\n\t\tif ($userinfo['theme'] != '') {\n\t\t\t$default_theme = $userinfo['theme'];\n\t\t}\n\t\t$themes_avail = UI::getThemes();\n\n\t\t// change language\n\t\t$default_lang = Settings::Get('panel.standardlanguage');\n\t\tif ($userinfo['def_language'] != '') {\n\t\t\t$default_lang = $userinfo['def_language'];\n\t\t}\n\n\t\tUI::view('user/profile.html.twig', [\n\t\t\t'themes' => $themes_avail,\n\t\t\t'default_theme' => $default_theme,\n\t\t\t'languages' => $languages,\n\t\t\t'default_lang' => $default_lang,\n\t\t]);\n\t}\n} elseif ($page == 'send_error_report' && Settings::Get('system.allow_error_report_customer') == '1') {\n\trequire_once __DIR__ . '/error_report.php';\n} elseif ($page == 'apikeys' && Settings::Get('api.enabled') == 1) {\n\trequire_once __DIR__ . '/api_keys.php';\n} elseif ($page == '2fa' && Settings::Get('2fa.enabled') == 1) {\n\trequire_once __DIR__ . '/2fa.php';\n}\n" }, { "path": "customer_logger.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nconst AREA = 'customer';\nrequire __DIR__ . '/lib/init.php';\n\nuse Froxlor\\Api\\Commands\\SysLog;\nuse Froxlor\\Settings;\nuse Froxlor\\UI\\Collection;\nuse Froxlor\\UI\\Listing;\nuse Froxlor\\UI\\Panel\\UI;\nuse Froxlor\\UI\\Response;\n\n// redirect if this customer page is hidden via settings\nif (Settings::IsInList('panel.customer_hide_options', 'extras.logger')) {\n\tResponse::redirectTo('customer_index.php');\n}\n\nif ($page == 'log') {\n\tif ($action == '') {\n\t\ttry {\n\t\t\t$syslog_list_data = include_once dirname(__FILE__) . '/lib/tablelisting/tablelisting.syslog.php';\n\t\t\t$collection = (new Collection(SysLog::class, $userinfo))\n\t\t\t\t->withPagination($syslog_list_data['syslog_list']['columns'], $syslog_list_data['syslog_list']['default_sorting']);\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\t\tUI::view('user/table.html.twig', [\n\t\t\t'listing' => Listing::format($collection, $syslog_list_data, 'syslog_list')\n\t\t]);\n\t}\n}\n" }, { "path": "customer_mysql.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nconst AREA = 'customer';\nrequire __DIR__ . '/lib/init.php';\n\nuse Froxlor\\Api\\Commands\\Mysqls;\nuse Froxlor\\Api\\Commands\\MysqlServer;\nuse Froxlor\\CurrentUser;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\Database\\DbManager;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\Settings;\nuse Froxlor\\System\\Crypt;\nuse Froxlor\\UI\\Collection;\nuse Froxlor\\UI\\HTML;\nuse Froxlor\\UI\\Listing;\nuse Froxlor\\UI\\Panel\\UI;\nuse Froxlor\\UI\\Request;\nuse Froxlor\\UI\\Response;\n\n// redirect if this customer page is hidden via settings or no resources given\nif (Settings::IsInList('panel.customer_hide_options', 'mysql') || $userinfo['mysqls'] == 0) {\n\tResponse::redirectTo('customer_index.php');\n}\n\n// get sql-root access data\nDatabase::needRoot(true);\nDatabase::needSqlData();\n$sql_root = Database::getSqlData();\nDatabase::needRoot(false);\n\n$id = (int)Request::any('id');\n\nif ($page == 'overview' || $page == 'mysqls') {\n\tif ($action == '') {\n\t\t$log->logAction(FroxlorLogger::USR_ACTION, LOG_NOTICE, \"viewed customer_mysql::mysqls\");\n\n\t\t$multiple_mysqlservers = count(json_decode($userinfo['allowed_mysqlserver'] ?? '[]', true)) > 1;\n\n\t\ttry {\n\t\t\t$mysql_list_data = include_once dirname(__FILE__) . '/lib/tablelisting/customer/tablelisting.mysqls.php';\n\t\t\t$collection = (new Collection(Mysqls::class, $userinfo))\n\t\t\t\t->withPagination($mysql_list_data['mysql_list']['columns'], $mysql_list_data['mysql_list']['default_sorting']);\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\n\t\t$actions_links = [];\n\t\tif (CurrentUser::canAddResource('mysqls')) {\n\t\t\t$actions_links[] = [\n\t\t\t\t'href' => $linker->getLink(['section' => 'mysql', 'page' => 'mysqls', 'action' => 'add']),\n\t\t\t\t'label' => lng('mysql.database_create')\n\t\t\t];\n\t\t}\n\n\t\t$view = 'user/table.html.twig';\n\t\tif ($collection->count() > 0) {\n\t\t\t$view = 'user/table-note.html.twig';\n\n\t\t\t$actions_links[] = [\n\t\t\t\t'href' => $linker->getLink(['section' => 'mysql', 'page' => 'mysqls', 'action' => 'global_user']),\n\t\t\t\t'label' => lng('mysql.edit_global_user'),\n\t\t\t\t'icon' => 'fa-solid fa-user-tie',\n\t\t\t\t'class' => 'btn-outline-secondary'\n\t\t\t];\n\t\t}\n\n\t\t$actions_links[] = [\n\t\t\t'href' => \\Froxlor\\Froxlor::getDocsUrl() . 'user-guide/databases/',\n\t\t\t'target' => '_blank',\n\t\t\t'icon' => 'fa-solid fa-circle-info',\n\t\t\t'class' => 'btn-outline-secondary'\n\t\t];\n\n\t\tUI::view($view, [\n\t\t\t'listing' => Listing::format($collection, $mysql_list_data, 'mysql_list'),\n\t\t\t'actions_links' => $actions_links,\n\t\t\t'entity_info' => lng('mysql.description'),\n\t\t\t// alert-box\n\t\t\t'type' => 'info',\n\t\t\t'alert_msg' => lng('mysql.globaluserinfo', [$userinfo['loginname']]),\n\t\t]);\n\t} elseif ($action == 'delete' && $id != 0) {\n\t\ttry {\n\t\t\t$json_result = Mysqls::getLocal($userinfo, [\n\t\t\t\t'id' => $id\n\t\t\t])->get();\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\t\t$result = json_decode($json_result, true)['data'];\n\n\t\tif (isset($result['databasename']) && $result['databasename'] != '') {\n\t\t\tDatabase::needRoot(true, $result['dbserver'], false);\n\t\t\tDatabase::needSqlData();\n\t\t\t$sql_root = Database::getSqlData();\n\t\t\tDatabase::needRoot(false);\n\n\t\t\tif (!isset($sql_root[$result['dbserver']]) || !is_array($sql_root[$result['dbserver']])) {\n\t\t\t\t$result['dbserver'] = 0;\n\t\t\t}\n\n\t\t\tif (Request::post('send') == 'send') {\n\t\t\t\ttry {\n\t\t\t\t\tMysqls::getLocal($userinfo, Request::postAll())->delete();\n\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t\t}\n\t\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t\t'page' => $page\n\t\t\t\t]);\n\t\t\t} else {\n\t\t\t\t$dbnamedesc = $result['databasename'];\n\t\t\t\tif (isset($result['description']) && $result['description'] != '') {\n\t\t\t\t\t$dbnamedesc .= ' (' . $result['description'] . ')';\n\t\t\t\t}\n\t\t\t\tHTML::askYesNo('mysql_reallydelete', $filename, [\n\t\t\t\t\t'id' => $id,\n\t\t\t\t\t'page' => $page,\n\t\t\t\t\t'action' => $action\n\t\t\t\t], $dbnamedesc);\n\t\t\t}\n\t\t}\n\t} elseif ($action == 'add') {\n\t\tif ($userinfo['mysqls_used'] < $userinfo['mysqls'] || $userinfo['mysqls'] == '-1') {\n\t\t\tif (Request::post('send') == 'send') {\n\t\t\t\ttry {\n\t\t\t\t\tMysqls::getLocal($userinfo, Request::postAll())->add();\n\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t\t}\n\t\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t\t'page' => $page\n\t\t\t\t]);\n\t\t\t} else {\n\t\t\t\t$mysql_servers = [];\n\t\t\t\ttry {\n\t\t\t\t\t$result_json = MysqlServer::getLocal($userinfo)->listing();\n\t\t\t\t\t$result_decoded = json_decode($result_json, true)['data']['list'];\n\t\t\t\t\tforeach ($result_decoded as $dbserver => $dbdata) {\n\t\t\t\t\t\t$mysql_servers[$dbserver] = $dbdata['caption'];\n\t\t\t\t\t}\n\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\t/* just none */\n\t\t\t\t}\n\n\t\t\t\t$mysql_add_data = include_once dirname(__FILE__) . '/lib/formfields/customer/mysql/formfield.mysql_add.php';\n\n\t\t\t\tUI::view('user/form.html.twig', [\n\t\t\t\t\t'formaction' => $linker->getLink(['section' => 'mysql']),\n\t\t\t\t\t'formdata' => $mysql_add_data['mysql_add']\n\t\t\t\t]);\n\t\t\t}\n\t\t}\n\t} elseif ($action == 'edit' && $id != 0) {\n\t\ttry {\n\t\t\t$json_result = Mysqls::getLocal($userinfo, [\n\t\t\t\t'id' => $id\n\t\t\t])->get();\n\t\t} catch (Exception $e) {\n\t\t\tResponse::dynamicError($e->getMessage());\n\t\t}\n\t\t$result = json_decode($json_result, true)['data'];\n\n\t\tif (isset($result['databasename']) && $result['databasename'] != '') {\n\t\t\tif (Request::post('send') == 'send') {\n\t\t\t\ttry {\n\t\t\t\t\t$json_result = Mysqls::getLocal($userinfo, Request::postAll())->update();\n\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t\t}\n\t\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t\t'page' => $page\n\t\t\t\t]);\n\t\t\t} else {\n\t\t\t\t$mysql_servers = [];\n\t\t\t\ttry {\n\t\t\t\t\t$result_json = MysqlServer::getLocal($userinfo)->listing();\n\t\t\t\t\t$result_decoded = json_decode($result_json, true)['data']['list'];\n\t\t\t\t\tforeach ($result_decoded as $dbserver => $dbdata) {\n\t\t\t\t\t\t$mysql_servers[$dbserver] = $dbdata['caption'] . ' (' . $dbdata['host'] . (isset($dbdata['port']) && !empty($dbdata['port']) ? ':' . $dbdata['port'] : '') . ')';\n\t\t\t\t\t}\n\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\t/* just none */\n\t\t\t\t}\n\n\t\t\t\t$mysql_edit_data = include_once dirname(__FILE__) . '/lib/formfields/customer/mysql/formfield.mysql_edit.php';\n\n\t\t\t\tUI::view('user/form.html.twig', [\n\t\t\t\t\t'formaction' => $linker->getLink(['section' => 'mysql', 'id' => $id]),\n\t\t\t\t\t'formdata' => $mysql_edit_data['mysql_edit'],\n\t\t\t\t\t'editid' => $id\n\t\t\t\t]);\n\t\t\t}\n\t\t}\n\t} elseif ($action == 'global_user') {\n\n\t\t$allowed_mysqlservers = json_decode($userinfo['allowed_mysqlserver'] ?? '[]', true);\n\t\tif ($userinfo['mysqls'] == 0 || empty($allowed_mysqlservers)) {\n\t\t\tResponse::dynamicError('No permission');\n\t\t}\n\n\t\tif (Request::post('send') == 'send') {\n\n\t\t\t$new_password = Crypt::validatePassword(Request::post('mysql_password'));\n\t\t\tforeach ($allowed_mysqlservers as $dbserver) {\n\t\t\t\t// require privileged access for target db-server\n\t\t\t\tDatabase::needRoot(true, $dbserver, true);\n\t\t\t\t// get DbManager\n\t\t\t\t$dbm = new DbManager($log);\n\t\t\t\t// give permission to the user on every access-host we have\n\t\t\t\tforeach (array_map('trim', explode(',', Settings::Get('system.mysql_access_host'))) as $mysql_access_host) {\n\t\t\t\t\tif ($dbm->getManager()->userExistsOnHost($userinfo['loginname'], $mysql_access_host)) {\n\t\t\t\t\t\t// update password\n\t\t\t\t\t\t$dbm->getManager()->grantPrivilegesTo($userinfo['loginname'], $new_password, $mysql_access_host, false, true, true);\n\t\t\t\t\t} else {\n\t\t\t\t\t\t// create missing user\n\t\t\t\t\t\t$dbm->getManager()->grantPrivilegesTo($userinfo['loginname'], $new_password, $mysql_access_host, false, false, true);\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\t$dbm->getManager()->flushPrivileges();\n\t\t\t}\n\n\t\t\tResponse::redirectTo($filename, [\n\t\t\t\t'page' => 'overview'\n\t\t\t]);\n\t\t} else {\n\t\t\t$mysql_global_user_data = include_once dirname(__FILE__) . '/lib/formfields/customer/mysql/formfield.mysql_global_user.php';\n\n\t\t\tUI::view('user/form.html.twig', [\n\t\t\t\t'formaction' => $linker->getLink(['section' => 'mysql', 'page' => 'mysqls', 'action' => 'global_user']),\n\t\t\t\t'formdata' => $mysql_global_user_data['mysql_global_user'],\n\t\t\t\t'editid' => $id\n\t\t\t]);\n\t\t}\n\t}\n}\n" }, { "path": "customer_traffic.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nconst AREA = 'customer';\nrequire __DIR__ . '/lib/init.php';\n\nuse Froxlor\\Traffic\\Traffic;\nuse Froxlor\\Settings;\nuse Froxlor\\UI\\Panel\\UI;\nuse Froxlor\\UI\\Request;\nuse Froxlor\\UI\\Response;\n\n// redirect if this customer page is hidden via settings\nif (Settings::IsInList('panel.customer_hide_options', 'traffic')) {\n\tResponse::redirectTo('customer_index.php');\n}\n\n$range = Request::any('range', 'currentyear');\n\nif ($page == 'current') {\n\t$range = 'currentmonth';\n}\n\ntry {\n\t$context = Traffic::getCustomerStats($userinfo, $range);\n} catch (Exception $e) {\n\tResponse::dynamicError($e->getMessage());\n}\n\n// pass metrics to the view\nUI::view('user/traffic.html.twig', $context);\n" }, { "path": "dns_editor.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nif (!defined('AREA')) {\n\theader(\"Location: index.php\");\n\texit();\n}\n\nuse Froxlor\\Api\\Commands\\DomainZones;\nuse Froxlor\\Dns\\Dns;\nuse Froxlor\\Settings;\nuse Froxlor\\UI\\Collection;\nuse Froxlor\\UI\\HTML;\nuse Froxlor\\UI\\Listing;\nuse Froxlor\\UI\\Panel\\UI;\nuse Froxlor\\UI\\Request;\nuse Froxlor\\UI\\Response;\n\n// This file is being included in admin_domains and customer_domains\n// and therefore does not need to require lib/init.php\n\n$domain_id = (int)Request::any('domain_id');\n\n$record = Request::post('dns_record');\n$type = Request::post('dns_type', 'A');\n$prio = Request::post('dns_mxp');\n$content = Request::post('dns_content');\n$ttl = (int)Request::post('dns_ttl', Settings::get('system.defaultttl'));\n\n// get domain-name\n$domain = Dns::getAllowedDomainEntry($domain_id, AREA, $userinfo);\n\n$errors = \"\";\n$success_message = \"\";\n\n// action for adding a new entry\nif ($action == 'add_record' && !empty($_POST)) {\n\ttry {\n\t\tDomainZones::getLocal($userinfo, [\n\t\t\t'id' => $domain_id,\n\t\t\t'record' => $record,\n\t\t\t'type' => $type,\n\t\t\t'prio' => $prio,\n\t\t\t'content' => $content,\n\t\t\t'ttl' => $ttl\n\t\t])->add();\n\t\t$success_message = lng('success.dns_record_added');\n\t\t$record = $prio = $content = \"\";\n\t} catch (Exception $e) {\n\t\t$errors = str_replace(\"\\n\", \"
\", $e->getMessage());\n\t}\n} elseif ($action == 'delete') {\n\t$entry_id = (int)Request::get('id', 0);\n\tHTML::askYesNo('dnsentry_reallydelete', $filename, [\n\t\t'id' => $entry_id,\n\t\t'domain_id' => $domain_id,\n\t\t'page' => $page,\n\t\t'action' => 'deletesure'\n\t], '', [\n\t\t'section' => 'domains',\n\t\t'page' => $page,\n\t\t'domain_id' => $domain_id\n\t]);\n} elseif (Request::post('send') == 'send' && $action == 'deletesure' && !empty($_POST)) {\n\t$entry_id = (int)Request::post('id', 0);\n\t$domain_id = (int)Request::post('domain_id', 0);\n\t// remove entry\n\tif ($entry_id > 0 && $domain_id > 0) {\n\t\ttry {\n\t\t\tDomainZones::getLocal($userinfo, [\n\t\t\t\t'entry_id' => $entry_id,\n\t\t\t\t'id' => $domain_id\n\t\t\t])->delete();\n\t\t\t// success message (inline)\n\t\t\t$success_message = lng('success.dns_record_deleted');\n\t\t} catch (Exception $e) {\n\t\t\t$errors = str_replace(\"\\n\", \"
\", $e->getMessage());\n\t\t}\n\t}\n}\n\n// select all entries\ntry {\n\t$dns_list_data = include_once dirname(__FILE__) . '/lib/tablelisting/tablelisting.dns.php';\n\t$collection = (new Collection(DomainZones::class, $userinfo, ['id' => $domain_id]))\n\t\t->withPagination($dns_list_data['dns_list']['columns'], $dns_list_data['dns_list']['default_sorting'], ['domain_id='.$domain_id]);\n} catch (Exception $e) {\n\tResponse::dynamicError($e->getMessage());\n}\n\ntry {\n\t$json_result = DomainZones::getLocal($userinfo, [\n\t\t'id' => $domain_id\n\t])->get();\n} catch (Exception $e) {\n\tResponse::dynamicError($e->getMessage());\n}\n$result = json_decode($json_result, true)['data'];\n$zonefile = implode(\"\\n\", $result);\n\n$dns_add_data = include_once dirname(__FILE__) . '/lib/formfields/formfield.dns_add.php';\n\nUI::view('user/dns-editor.html.twig', [\n\t'listing' => Listing::format($collection, $dns_list_data, 'dns_list', ['domain_id' => $domain_id]),\n\t'actions_links' => [\n\t\t[\n\t\t\t'href' => $linker->getLink([\n\t\t\t\t'section' => 'domains',\n\t\t\t\t'page' => 'domains',\n\t\t\t\t'action' => 'edit',\n\t\t\t\t'id' => $domain_id\n\t\t\t]),\n\t\t\t'label' => lng('admin.domain_edit'),\n\t\t\t'icon' => 'fa-solid fa-pen'\n\t\t],\n\t\t[\n\t\t\t'href' => $linker->getLink(['section' => 'domains', 'page' => 'domains']),\n\t\t\t'label' => lng('panel.backtooverview'),\n\t\t\t'icon' => 'fa-solid fa-reply'\n\t\t]\n\t],\n\t'formaction' => $linker->getLink(['section' => 'domains', 'action' => 'add_record', 'domain_id' => $domain_id]),\n\t'formdata' => $dns_add_data['dns_add'],\n\t// alert-box\n\t'type' => (!empty($errors) ? 'danger' : (!empty($success_message) ? 'success' : 'warning')),\n\t'alert_msg' => (!empty($errors) ? $errors : (!empty($success_message) ? $success_message : lng('dns.howitworks'))),\n\t'zonefile' => $zonefile,\n]);\n" }, { "path": "doc/example/FroxlorAPI.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nclass FroxlorAPI\n{\n private string $url;\n private string $key;\n private string $secret;\n private ?array $lastError = null;\n private ?string $lastStatusCode = null;\n\n public function __construct($url, $key, $secret)\n {\n $this->url = $url;\n $this->key = $key;\n $this->secret = $secret;\n }\n\n public function request($command, array $data = [])\n {\n $payload = [\n 'command' => $command,\n 'params' => $data\n ];\n\n $ch = curl_init($this->url);\n curl_setopt($ch, CURLOPT_HTTPHEADER, ['Content-Type: application/json']);\n curl_setopt($ch, CURLOPT_HEADER, 0);\n curl_setopt($ch, CURLOPT_USERPWD, $this->key . \":\" . $this->secret);\n curl_setopt($ch, CURLOPT_TIMEOUT, 30);\n curl_setopt($ch, CURLOPT_POST, 1);\n curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload));\n curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);\n $result = curl_exec($ch);\n\n $this->lastStatusCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);\n\n return json_decode($result ?? curl_error($ch), true);\n }\n\n public function getLastStatusCode(): ?string\n {\n return $this->lastStatusCode;\n }\n}\n" }, { "path": "doc/example/create_customer.php", "content": " 'test',\n\t'email' => 'test@froxlor.org',\n\t'firstname' => 'Test',\n\t'name' => 'Testman',\n\t'customernumber' => 1337,\n\t'new_customer_password' => 's0mEcRypt1cpassword' . uniqid()\n];\n// send request\n$response = $fapi->request('Customers.add', $data);\n\n// check for error\nif ($fapi->getLastStatusCode() != 200) {\n\techo \"HTTP-STATUS: \" . $fapi->getLastStatusCode() . PHP_EOL;\n echo \"Description: \" . $response['message'] . PHP_EOL;\n exit();\n}\n\n// view response data\nvar_dump($response);\n\n/*\narray(60) {\n [\"customerid\"]=>\n string(1) \"1\"\n [\"loginname\"]=>\n string(4) \"test\"\n [\"password\"]=>\n string(63) \"$5$asdasdasd.asdasd\"\n [\"adminid\"]=>\n string(1) \"1\"\n [\"name\"]=>\n string(7) \"Testman\"\n [\"firstname\"]=>\n string(4) \"Test\"\n [...]\n*/" }, { "path": "doc/example/index.html", "content": "" }, { "path": "doc/example/list_functions.php", "content": "request('Froxlor.listFunctions');\n\n// check for error\nif ($fapi->getLastStatusCode() != 200) {\n echo \"HTTP-STATUS: \" . $fapi->getLastStatusCode() . PHP_EOL;\n echo \"Description: \" . $response['message'] . PHP_EOL;\n exit();\n}\n\n// view response data\nvar_dump($response);\n" }, { "path": "doc/index.html", "content": "" }, { "path": "error_report.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nif (!defined('AREA')) {\n\theader(\"Location: index.php\");\n\texit();\n}\n\nuse Froxlor\\FileDir;\nuse Froxlor\\Froxlor;\nuse Froxlor\\UI\\Panel\\UI;\nuse Froxlor\\UI\\Request;\nuse Froxlor\\UI\\Response;\nuse Froxlor\\Database\\Database;\n\n// This file is being included in admin_domains and customer_domains\n// and therefore does not need to require lib/init.php\n\n$errid = Request::any('errorid');\n\nif (!empty($errid)) {\n\t// read error file\n\t$err_dir = FileDir::makeCorrectDir(Froxlor::getInstallDir() . \"/logs/\");\n\t$err_file = FileDir::makeCorrectFile($err_dir . \"/\" . $errid . \"_sql-error.log\");\n\n\tif (file_exists($err_file)) {\n\t\t$error_content = file_get_contents($err_file);\n\t\t$error = explode(\"|\", $error_content);\n\n\t\t$_error = [\n\t\t\t'code' => str_replace(\"\\n\", \"\", substr($error[1], 5)),\n\t\t\t'message' => str_replace(\"\\n\", \"\", substr($error[2], 4)),\n\t\t\t'file' => str_replace(\"\\n\", \"\", substr($error[3], 5 + strlen(Froxlor::getInstallDir()))),\n\t\t\t'line' => str_replace(\"\\n\", \"\", substr($error[4], 5)),\n\t\t\t'trace' => str_replace(Froxlor::getInstallDir(), \"\", substr($error[5], 6))\n\t\t];\n\n\t\t// build mail-content\n\t\t$mail_body = \"Dear froxlor-team,\\n\\n\";\n\t\t$mail_body .= \"the following error has been reported by a user:\\n\\n\";\n\t\t$mail_body .= \"-------------------------------------------------------------\\n\";\n\t\t$mail_body .= $_error['code'] . ' ' . $_error['message'] . \"\\n\\n\";\n\t\t$mail_body .= \"File: \" . $_error['file'] . ':' . $_error['line'] . \"\\n\\n\";\n\t\t$mail_body .= \"Trace:\\n\" . trim($_error['trace']) . \"\\n\\n\";\n\t\t$mail_body .= \"-------------------------------------------------------------\\n\\n\";\n\t\t$mail_body .= \"User-Area: \" . AREA . \"\\n\";\n\t\t$mail_body .= \"Froxlor-version: \" . Froxlor::VERSION . \"\\n\";\n\t\t$mail_body .= \"DB-version: \" . Froxlor::DBVERSION . \"\\n\\n\";\n\t\ttry {\n\t\t\t$mail_body .= \"Database: \" . Database::getAttribute(PDO::ATTR_SERVER_VERSION);\n\t\t} catch (\\Exception $e) {\n\t\t\t/* ignore */\n\t\t}\n\t\t$mail_body .= \"End of report\";\n\t\t$mail_html = nl2br($mail_body);\n\n\t\t// send actual report to dev-team\n\t\tif (Request::post('send') == 'send') {\n\t\t\t// send mail and say thanks\n\t\t\t$_mailerror = false;\n\t\t\ttry {\n\t\t\t\t$mail->Subject = '[Froxlor] Error report by user';\n\t\t\t\t$mail->AltBody = $mail_body;\n\t\t\t\t$mail->MsgHTML($mail_html);\n\t\t\t\t$mail->AddAddress('error-reports@froxlor.org', 'Froxlor Developer Team');\n\t\t\t\t$mail->Send();\n\t\t\t} catch (\\PHPMailer\\PHPMailer\\Exception $e) {\n\t\t\t\t$mailerr_msg = $e->errorMessage();\n\t\t\t\t$_mailerror = true;\n\t\t\t} catch (Exception $e) {\n\t\t\t\t$mailerr_msg = $e->getMessage();\n\t\t\t\t$_mailerror = true;\n\t\t\t}\n\n\t\t\tif ($_mailerror) {\n\t\t\t\t// error when reporting an error...LOLFUQ\n\t\t\t\tResponse::standardError('send_report_error', $mailerr_msg);\n\t\t\t}\n\n\t\t\t// finally remove error from fs\n\t\t\t@unlink($err_file);\n\t\t\tResponse::standardSuccess('sent_error_report', '', ['filename' => 'index.php']);\n\t\t}\n\t\t// show a nice summary of the error-report\n\t\t// before actually sending anything\n\t\tUI::view('user/error_report.html.twig', [\n\t\t\t'mail_html' => $mail_body,\n\t\t\t'errorid' => $errid\n\t\t]);\n\t} else {\n\t\tResponse::redirectTo($filename);\n\t}\n} else {\n\tResponse::redirectTo($filename);\n}\n" }, { "path": "index.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nconst AREA = 'login';\nrequire __DIR__ . '/lib/init.php';\n\nuse Froxlor\\Api\\FroxlorRPC;\nuse Froxlor\\CurrentUser;\nuse Froxlor\\Customer\\Customer;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\FileDir;\nuse Froxlor\\Froxlor;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\FroxlorTwoFactorAuth;\nuse Froxlor\\PhpHelper;\nuse Froxlor\\Settings;\nuse Froxlor\\System\\Crypt;\nuse Froxlor\\UI\\Panel\\UI;\nuse Froxlor\\UI\\Request;\nuse Froxlor\\UI\\Response;\nuse Froxlor\\User;\nuse Froxlor\\Validate\\Validate;\n\nif ($action == '') {\n\t$action = 'login';\n}\n\nif ($action == '2fa_entercode') {\n\t// page for entering the 2FA code after successful login\n\tif (!isset($_SESSION) || !isset($_SESSION['secret_2fa'])) {\n\t\t// no session - redirect to index\n\t\tResponse::redirectTo('index.php');\n\t\texit();\n\t}\n\t$smessage = (int)Request::get('showmessage', 0);\n\t$message = \"\";\n\tif ($smessage > 0) {\n\t\t$message = lng('error.2fa_wrongcode');\n\t}\n\t// show template to enter code\n\tUI::view('login/enter2fa.html.twig', [\n\t\t'pagetitle' => lng('login.2fa'),\n\t\t'remember_me' => (Settings::Get('panel.db_version') >= 202407200) ? true : false,\n\t\t'message' => $message\n\t]);\n} elseif ($action == '2fa_verify') {\n\t// verify code from 2fa code-enter form\n\tif (!isset($_SESSION) || !isset($_SESSION['secret_2fa'])) {\n\t\t// no session - redirect to index\n\t\tResponse::redirectTo('index.php');\n\t\texit();\n\t}\n\t$code = Request::post('2fa_code');\n\t$remember = Request::post('2fa_remember');\n\t// verify entered code\n\t$tfa = new FroxlorTwoFactorAuth('Froxlor ' . Settings::Get('system.hostname'));\n\t// get user-data\n\t$table = $_SESSION['uidtable_2fa'];\n\t$field = $_SESSION['uidfield_2fa'];\n\t$uid = $_SESSION['uid_2fa'];\n\t$isadmin = $_SESSION['unfo_2fa'];\n\tif ($_SESSION['secret_2fa'] == 'email') {\n\t\t// verify code set to user's data_2fa field\n\t\t$sel_stmt = Database::prepare(\"SELECT `data_2fa` FROM \" . $table . \" WHERE `\" . $field . \"` = :uid\");\n\t\t$userinfo_code = Database::pexecute_first($sel_stmt, ['uid' => $uid]);\n\t\t// 60sec discrepancy (possible slow email delivery)\n\t\t$result = $tfa->verifyCode($userinfo_code['data_2fa'], $code, 60);\n\t} else {\n\t\t$result = $tfa->verifyCode($_SESSION['secret_2fa'], $code, 3);\n\t}\n\t// either the code is valid when using authenticator-app, or we will select userdata by id and entered code\n\t// which is temporarily stored for the customer when using email-2fa\n\tif ($result) {\n\t\t$sel_param = [\n\t\t\t'uid' => $uid\n\t\t];\n\t\t$sel_stmt = Database::prepare(\"SELECT * FROM \" . $table . \" WHERE `\" . $field . \"` = :uid\");\n\t\t$userinfo = Database::pexecute_first($sel_stmt, $sel_param);\n\t\t// whoops, no (valid) user? Start again\n\t\tif (empty($userinfo)) {\n\t\t\tResponse::redirectTo('index.php', [\n\t\t\t\t'showmessage' => '2'\n\t\t\t]);\n\t\t}\n\t\t// set fields in $userinfo required for finishLogin()\n\t\t$userinfo['adminsession'] = $isadmin;\n\t\t$userinfo['userid'] = $uid;\n\n\t\t// when using email-2fa, remove the one-time-code\n\t\tif ($userinfo['type_2fa'] == '1') {\n\t\t\t$del_stmt = Database::prepare(\"UPDATE \" . $table . \" SET `data_2fa` = '' WHERE `\" . $field . \"` = :uid\");\n\t\t\tDatabase::pexecute_first($del_stmt, [\n\t\t\t\t'uid' => $uid\n\t\t\t]);\n\t\t}\n\n\t\t// when remember is activated, set the cookie\n\t\tif ($remember) {\n\t\t\t$selector = base64_encode(Froxlor::genSessionId(9));\n\t\t\t$authenticator = Froxlor::genSessionId(33);\n\t\t\t$valid_until = time()+60*60*24*30;\n\t\t\t$ins_stmt = Database::prepare(\"\n\t\t\t\tINSERT INTO `\".TABLE_PANEL_2FA_TOKENS.\"` SET\n\t\t\t\t`selector` = :selector,\n\t\t\t\t`token` = :authenticator,\n\t\t\t\t`userid` = :userid,\n\t\t\t\t`valid_until` = :valid_until\n\t\t\t\");\n\t\t\tDatabase::pexecute($ins_stmt, [\n\t\t\t\t'selector' => $selector,\n\t\t\t\t'authenticator' => hash('sha256', $authenticator),\n\t\t\t\t'userid' => $uid,\n\t\t\t\t'valid_until' => $valid_until\n\t\t\t]);\n\t\t\t$cookie_params = [\n\t\t\t\t'expires' => $valid_until, // 30 days\n\t\t\t\t'path' => '/',\n\t\t\t\t'domain' => UI::getCookieHost(),\n\t\t\t\t'secure' => UI::requestIsHttps(),\n\t\t\t\t'httponly' => true,\n\t\t\t\t'samesite' => 'Strict'\n\t\t\t];\n\t\t\tsetcookie('frx_2fa_remember', $selector.':'.base64_encode($authenticator), $cookie_params);\n\t\t}\n\n\t\t// if not successful somehow - start again\n\t\tif (!finishLogin($userinfo)) {\n\t\t\tResponse::redirectTo('index.php', [\n\t\t\t\t'showmessage' => '2'\n\t\t\t]);\n\t\t}\n\t\texit();\n\t}\n\t// wrong 2fa code - treat like \"wrong password\"\n\t$stmt = Database::prepare(\"\n\t\tUPDATE \" . $table . \"\n\t\tSET `lastlogin_fail`= :lastlogin_fail, `loginfail_count`=`loginfail_count`+1\n\t\tWHERE `\" . $field . \"`= :uid\n\t\");\n\tDatabase::pexecute($stmt, [\n\t\t\"lastlogin_fail\" => time(),\n\t\t\"uid\" => $uid\n\t]);\n\n\t// get data for processing further\n\t$stmt = Database::prepare(\"\n\t\tSELECT `loginname`, `loginfail_count`, `lastlogin_fail` FROM \" . $table . \"\n\t\tWHERE `\" . $field . \"`= :uid\n\t\");\n\t$fail_user = Database::pexecute_first($stmt, [\n\t\t\"uid\" => $uid\n\t]);\n\n\tif ($fail_user['loginfail_count'] >= Settings::Get('login.maxloginattempts') && $fail_user['lastlogin_fail'] > (time() - Settings::Get('login.deactivatetime'))) {\n\t\t// Log failed login\n\t\t$rstlog = FroxlorLogger::getInstanceOf([\n\t\t\t'loginname' => $_SERVER['REMOTE_ADDR']\n\t\t]);\n\t\t$rstlog->logAction(FroxlorLogger::LOGIN_ACTION, LOG_WARNING, \"User '\" . $fail_user['loginname'] . \"' entered wrong 2fa code too often.\");\n\t\tunset($fail_user);\n\t\tResponse::redirectTo('index.php', [\n\t\t\t'showmessage' => '3'\n\t\t]);\n\t\texit();\n\t}\n\tunset($fail_user);\n\t// back to form\n\tResponse::redirectTo('index.php', [\n\t\t'action' => '2fa_entercode',\n\t\t'showmessage' => '1'\n\t]);\n\texit();\n} elseif ($action == 'login') {\n\tif (!empty($_POST)) {\n\t\t$loginname = Validate::validate(Request::post('loginname'), 'loginname');\n\t\t$password = Validate::validate(Request::post('password'), 'password');\n\n\t\t$select_additional = '';\n\t\tif (Settings::Get('panel.db_version') >= 202312230) {\n\t\t\t$select_additional = ' AND `gui_access` = 1';\n\t\t}\n\t\t$stmt = Database::prepare(\"\n\t\t\tSELECT `loginname` AS `customer`\n\t\t\tFROM `\" . TABLE_PANEL_CUSTOMERS . \"`\n\t\t\tWHERE `loginname`= :loginname\" .\n\t\t\t$select_additional\n\t\t);\n\t\tDatabase::pexecute($stmt, [\n\t\t\t\"loginname\" => $loginname\n\t\t]);\n\t\t$row = $stmt->fetch(PDO::FETCH_ASSOC);\n\n\t\t$is_admin = false;\n\t\t$table = \"\";\n\t\tif ($row && $row['customer'] == $loginname) {\n\t\t\t$table = \"`\" . TABLE_PANEL_CUSTOMERS . \"`\";\n\t\t\t$uid = 'customerid';\n\t\t\t$adminsession = '0';\n\t\t} else {\n\t\t\tif ((int)Settings::Get('login.domain_login') == 1) {\n\t\t\t\t$domainname = $idna_convert->encode(preg_replace([\n\t\t\t\t\t'/\\:(\\d)+$/',\n\t\t\t\t\t'/^https?\\:\\/\\//'\n\t\t\t\t], '', $loginname));\n\t\t\t\t$stmt = Database::prepare(\"\n\t\t\t\t\tSELECT `customerid`\n\t\t\t\t\tFROM `\" . TABLE_PANEL_DOMAINS . \"`\n\t\t\t\t\tWHERE `domain` = :domain\n\t\t\t\t\");\n\t\t\t\tDatabase::pexecute($stmt, [\n\t\t\t\t\t\"domain\" => $domainname\n\t\t\t\t]);\n\t\t\t\t$row2 = $stmt->fetch(PDO::FETCH_ASSOC);\n\n\t\t\t\tif (isset($row2['customerid']) && $row2['customerid'] > 0) {\n\t\t\t\t\t$loginname = Customer::getCustomerDetail($row2['customerid'], 'loginname');\n\t\t\t\t\tif ($loginname !== false) {\n\t\t\t\t\t\t$stmt = Database::prepare(\"\n\t\t\t\t\t\t\tSELECT `loginname` AS `customer`\n\t\t\t\t\t\t\tFROM `\" . TABLE_PANEL_CUSTOMERS . \"`\n\t\t\t\t\t\t\tWHERE `loginname`= :loginname\n\t\t\t\t\t\t\");\n\t\t\t\t\t\tDatabase::pexecute($stmt, [\n\t\t\t\t\t\t\t\"loginname\" => $loginname\n\t\t\t\t\t\t]);\n\t\t\t\t\t\t$row3 = $stmt->fetch(PDO::FETCH_ASSOC);\n\t\t\t\t\t\tif ($row3 && $row3['customer'] == $loginname) {\n\t\t\t\t\t\t\t$table = \"`\" . TABLE_PANEL_CUSTOMERS . \"`\";\n\t\t\t\t\t\t\t$uid = 'customerid';\n\t\t\t\t\t\t\t$adminsession = '0';\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tif (empty($table)) {\n\t\t\t// try login as admin of no customer-login method worked\n\t\t\t$is_admin = true;\n\t\t}\n\n\t\tif ((Froxlor::hasUpdates() || Froxlor::hasDbUpdates()) && $is_admin == false) {\n\t\t\tResponse::redirectTo('index.php');\n\t\t\texit();\n\t\t}\n\n\t\tif ($is_admin) {\n\t\t\tif (Froxlor::hasUpdates() || Froxlor::hasDbUpdates()) {\n\t\t\t\t$stmt = Database::prepare(\"\n\t\t\t\t\tSELECT `loginname` AS `admin` FROM `\" . TABLE_PANEL_ADMINS . \"`\n\t\t\t\t\tWHERE `loginname`= :loginname\n\t\t\t\t\tAND `change_serversettings` = '1'\n\t\t\t\t\");\n\t\t\t\tDatabase::pexecute($stmt, [\n\t\t\t\t\t\"loginname\" => $loginname\n\t\t\t\t]);\n\t\t\t\t$row = $stmt->fetch(PDO::FETCH_ASSOC);\n\t\t\t\tif (!isset($row['admin'])) {\n\t\t\t\t\t// not an admin who can see updates\n\t\t\t\t\tResponse::redirectTo('index.php');\n\t\t\t\t\texit();\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\t$select_additional = '';\n\t\t\t\tif (Settings::Get('panel.db_version') >= 202312230) {\n\t\t\t\t\t$select_additional = ' AND `gui_access` = 1';\n\t\t\t\t}\n\t\t\t\t$stmt = Database::prepare(\"\n\t\t\t\t\tSELECT `loginname` AS `admin`\n\t\t\t\t\tFROM `\" . TABLE_PANEL_ADMINS . \"`\n\t\t\t\t\tWHERE `loginname`= :loginname\" .\n\t\t\t\t\t$select_additional\n\t\t\t\t);\n\t\t\t\tDatabase::pexecute($stmt, [\n\t\t\t\t\t\"loginname\" => $loginname\n\t\t\t\t]);\n\t\t\t\t$row = $stmt->fetch(PDO::FETCH_ASSOC);\n\t\t\t}\n\n\t\t\tif ($row && $row['admin'] == $loginname) {\n\t\t\t\t$table = \"`\" . TABLE_PANEL_ADMINS . \"`\";\n\t\t\t\t$uid = 'adminid';\n\t\t\t\t$adminsession = '1';\n\t\t\t} else {\n\t\t\t\t// Log failed login\n\t\t\t\t$rstlog = FroxlorLogger::getInstanceOf([\n\t\t\t\t\t'loginname' => $_SERVER['REMOTE_ADDR']\n\t\t\t\t]);\n\t\t\t\t$rstlog->logAction(FroxlorLogger::LOGIN_ACTION, LOG_WARNING, \"Unknown user tried to login.\");\n\n\t\t\t\tResponse::redirectTo('index.php', [\n\t\t\t\t\t'showmessage' => '2'\n\t\t\t\t]);\n\t\t\t\texit();\n\t\t\t}\n\t\t}\n\n\t\t$userinfo_stmt = Database::prepare(\"\n\t\t\tSELECT * FROM $table WHERE `loginname`= :loginname\n\t\t\");\n\t\tDatabase::pexecute($userinfo_stmt, [\n\t\t\t\"loginname\" => $loginname\n\t\t]);\n\t\t$userinfo = $userinfo_stmt->fetch(PDO::FETCH_ASSOC);\n\n\t\tif ($userinfo['loginfail_count'] >= Settings::Get('login.maxloginattempts') && $userinfo['lastlogin_fail'] > (time() - Settings::Get('login.deactivatetime'))) {\n\t\t\tResponse::redirectTo('index.php', [\n\t\t\t\t'showmessage' => '3'\n\t\t\t]);\n\t\t\texit();\n\t\t} elseif (Crypt::validatePasswordLogin($userinfo, $password, $table, $uid)) {\n\t\t\t// only show \"you're banned\" if the login was successful\n\t\t\t// because we don't want to publish that the user does exist\n\t\t\tif ($userinfo['deactivated']) {\n\t\t\t\tunset($userinfo);\n\t\t\t\tResponse::redirectTo('index.php', [\n\t\t\t\t\t'showmessage' => '5'\n\t\t\t\t]);\n\t\t\t\texit();\n\t\t\t} else {\n\t\t\t\t// login correct\n\t\t\t\t// reset loginfail_counter, set lastlogin_succ\n\t\t\t\t$stmt = Database::prepare(\"\n\t\t\t\t\tUPDATE $table\n\t\t\t\t\tSET `lastlogin_succ`= :lastlogin_succ, `loginfail_count`='0'\n\t\t\t\t\tWHERE `$uid`= :uid\n\t\t\t\t\");\n\t\t\t\tDatabase::pexecute($stmt, [\n\t\t\t\t\t\"lastlogin_succ\" => time(),\n\t\t\t\t\t\"uid\" => $userinfo[$uid]\n\t\t\t\t]);\n\t\t\t\t$userinfo['userid'] = $userinfo[$uid];\n\t\t\t\t$userinfo['adminsession'] = $adminsession;\n\t\t\t}\n\t\t} else {\n\t\t\t// login incorrect\n\t\t\t$stmt = Database::prepare(\"\n\t\t\t\tUPDATE $table\n\t\t\t\tSET `lastlogin_fail`= :lastlogin_fail, `loginfail_count`=`loginfail_count`+1\n\t\t\t\tWHERE `$uid`= :uid\n\t\t\t\");\n\t\t\tDatabase::pexecute($stmt, [\n\t\t\t\t\"lastlogin_fail\" => time(),\n\t\t\t\t\"uid\" => $userinfo[$uid]\n\t\t\t]);\n\n\t\t\t// Log failed login\n\t\t\t$rstlog = FroxlorLogger::getInstanceOf([\n\t\t\t\t'loginname' => $_SERVER['REMOTE_ADDR']\n\t\t\t]);\n\t\t\t$rstlog->logAction(FroxlorLogger::LOGIN_ACTION, LOG_WARNING, \"User tried to login with wrong password.\");\n\n\t\t\tunset($userinfo);\n\t\t\tResponse::redirectTo('index.php', [\n\t\t\t\t'showmessage' => '2'\n\t\t\t]);\n\t\t\texit();\n\t\t}\n\n\t\t// 2FA activated\n\t\tif (Settings::Get('2fa.enabled') == '1' && $userinfo['type_2fa'] > 0) {\n\n\t\t\t// check for remember cookie\n\t\t\tif (!empty($_COOKIE['frx_2fa_remember'])) {\n\t\t\t\tlist($selector, $authenticator) = explode(':', $_COOKIE['frx_2fa_remember']);\n\t\t\t\t$sel_stmt = Database::prepare(\"SELECT `token` FROM `\".TABLE_PANEL_2FA_TOKENS.\"` WHERE `selector` = :selector AND `userid` = :uid AND `valid_until` >= UNIX_TIMESTAMP()\");\n\t\t\t\t$token_check = Database::pexecute_first($sel_stmt, ['selector' => $selector, 'uid' => $userinfo[$uid]]);\n\t\t\t\tif ($token_check && hash_equals($token_check['token'], hash('sha256', base64_decode($authenticator)))) {\n\t\t\t\t\tif (!finishLogin($userinfo)) {\n\t\t\t\t\t\tResponse::redirectTo('index.php', [\n\t\t\t\t\t\t\t'showmessage' => '2'\n\t\t\t\t\t\t]);\n\t\t\t\t\t}\n\t\t\t\t\texit();\n\t\t\t\t}\n\t\t\t\t// not found or invalid, this cookie is useless, get rid of it\n\t\t\t\tunset($_COOKIE['frx_2fa_remember']);\n\t\t\t\tsetcookie('frx_2fa_remember', \"\", time()-3600);\n\t\t\t}\n\n\t\t\t// redirect to code-enter-page\n\t\t\t$_SESSION['secret_2fa'] = ($userinfo['type_2fa'] == 2 ? $userinfo['data_2fa'] : 'email');\n\t\t\t$_SESSION['uid_2fa'] = $userinfo[$uid];\n\t\t\t$_SESSION['uidfield_2fa'] = $uid;\n\t\t\t$_SESSION['uidtable_2fa'] = $table;\n\t\t\t$_SESSION['unfo_2fa'] = $is_admin;\n\t\t\t// send mail if type_2fa = 1 (email)\n\t\t\tif ($userinfo['type_2fa'] == 1) {\n\t\t\t\t// generate code\n\t\t\t\t$tfa = new FroxlorTwoFactorAuth('Froxlor ' . Settings::Get('system.hostname'));\n\t\t\t\t$secret = $tfa->createSecret();\n\t\t\t\t$code = $tfa->getCode($secret);\n\t\t\t\t// set code for user\n\t\t\t\t$stmt = Database::prepare(\"UPDATE $table SET `data_2fa` = :d2fa WHERE `$uid` = :uid\");\n\t\t\t\tDatabase::pexecute($stmt, [\n\t\t\t\t\t\"d2fa\" => $secret,\n\t\t\t\t\t\"uid\" => $userinfo[$uid]\n\t\t\t\t]);\n\t\t\t\t// build up & send email\n\t\t\t\t$_mailerror = false;\n\t\t\t\t$mailerr_msg = \"\";\n\t\t\t\t$replace_arr = [\n\t\t\t\t\t'CODE' => $code\n\t\t\t\t];\n\t\t\t\t$mail_body = html_entity_decode(PhpHelper::replaceVariables(lng('mails.2fa.mailbody'), $replace_arr));\n\n\t\t\t\ttry {\n\t\t\t\t\t$mail->Subject = lng('mails.2fa.subject');\n\t\t\t\t\t$mail->AltBody = $mail_body;\n\t\t\t\t\t$mail->MsgHTML(str_replace(\"\\n\", \"
\", $mail_body));\n\t\t\t\t\t$mail->AddAddress($userinfo['email'], User::getCorrectUserSalutation($userinfo));\n\t\t\t\t\t$mail->Send();\n\t\t\t\t} catch (\\PHPMailer\\PHPMailer\\Exception $e) {\n\t\t\t\t\t$mailerr_msg = $e->errorMessage();\n\t\t\t\t\t$_mailerror = true;\n\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\t$mailerr_msg = $e->getMessage();\n\t\t\t\t\t$_mailerror = true;\n\t\t\t\t}\n\n\t\t\t\tif ($_mailerror) {\n\t\t\t\t\t$rstlog = FroxlorLogger::getInstanceOf([\n\t\t\t\t\t\t'loginname' => '2fa code-sending'\n\t\t\t\t\t]);\n\t\t\t\t\t$rstlog->logAction(FroxlorLogger::ADM_ACTION, LOG_ERR, \"Error sending mail: \" . $mailerr_msg);\n\t\t\t\t\tResponse::redirectTo('index.php', [\n\t\t\t\t\t\t'showmessage' => '4',\n\t\t\t\t\t\t'customermail' => $userinfo['email']\n\t\t\t\t\t]);\n\t\t\t\t\texit();\n\t\t\t\t}\n\n\t\t\t\t$mail->ClearAddresses();\n\t\t\t}\n\t\t\tResponse::redirectTo('index.php', [\n\t\t\t\t'action' => '2fa_entercode'\n\t\t\t]);\n\t\t\texit();\n\t\t}\n\n\t\tif (!finishLogin($userinfo)) {\n\t\t\tResponse::redirectTo('index.php', [\n\t\t\t\t'showmessage' => '2'\n\t\t\t]);\n\t\t}\n\t\texit();\n\t} else {\n\t\t$smessage = (int)Request::get('showmessage', 0);\n\t\t$message = '';\n\t\t$successmessage = '';\n\n\t\tswitch ($smessage) {\n\t\t\tcase 1:\n\t\t\t\t$successmessage = lng('pwdreminder.success');\n\t\t\t\tbreak;\n\t\t\tcase 2:\n\t\t\t\t$message = lng('error.login');\n\t\t\t\tbreak;\n\t\t\tcase 3:\n\t\t\t\t$message = lng('error.login_blocked', [Settings::Get('login.deactivatetime')]);\n\t\t\t\tbreak;\n\t\t\tcase 4:\n\t\t\t\t$message = lng('error.errorsendingmailpub');\n\t\t\t\tbreak;\n\t\t\tcase 5:\n\t\t\t\t$message = lng('error.user_banned');\n\t\t\t\tbreak;\n\t\t\tcase 6:\n\t\t\t\t$successmessage = lng('pwdreminder.changed');\n\t\t\t\tbreak;\n\t\t\tcase 7:\n\t\t\t\t$message = lng('pwdreminder.wrongcode');\n\t\t\t\tbreak;\n\t\t\tcase 8:\n\t\t\t\t$message = lng('pwdreminder.notallowed');\n\t\t\t\tbreak;\n\t\t}\n\n\t\t$update_in_progress = false;\n\t\tif (Froxlor::hasUpdates() || Froxlor::hasDbUpdates()) {\n\t\t\t$update_in_progress = true;\n\t\t}\n\n\t\t// Pass the last used page if needed\n\t\t$lastscript = Request::any('script', '');\n\t\tif (!empty($lastscript)) {\n\t\t\t$lastscript = str_replace(\"..\", \"\", $lastscript);\n\t\t\t$lastscript = htmlspecialchars($lastscript, ENT_QUOTES);\n\n\t\t\tif (file_exists(__DIR__ . \"/\" . $lastscript)) {\n\t\t\t\t$_SESSION['lastscript'] = $lastscript;\n\t\t\t} else {\n\t\t\t\t$lastscript = \"\";\n\t\t\t}\n\t\t}\n\t\t$lastqrystr = Request::any('qrystr', '');\n\t\tif (!empty($lastqrystr)) {\n\t\t\t$lastqrystr = urlencode($lastqrystr);\n\t\t\t$_SESSION['lastqrystr'] = $lastqrystr;\n\t\t}\n\n\t\tUI::view('login/login.html.twig', [\n\t\t\t'pagetitle' => 'Login',\n\t\t\t'upd_in_progress' => $update_in_progress,\n\t\t\t'message' => $message,\n\t\t\t'successmsg' => $successmessage\n\t\t]);\n\t}\n}\n\nif ($action == 'forgotpwd') {\n\t$adminchecked = false;\n\t$message = '';\n\n\tif (!empty($_POST)) {\n\t\t$loginname = Validate::validate(Request::post('loginname'), 'loginname');\n\t\t$email = Validate::validateEmail(Request::post('loginemail'));\n\t\t$result_stmt = Database::prepare(\"SELECT `adminid`, `customerid`, `customernumber`, `firstname`, `name`, `company`, `email`, `loginname`, `def_language`, `deactivated` FROM `\" . TABLE_PANEL_CUSTOMERS . \"`\n\t\t\tWHERE `loginname`= :loginname\n\t\t\tAND `email`= :email\");\n\t\tDatabase::pexecute($result_stmt, [\n\t\t\t\"loginname\" => $loginname,\n\t\t\t\"email\" => $email\n\t\t]);\n\n\t\tif (Database::num_rows() == 0) {\n\t\t\t$result_stmt = Database::prepare(\"SELECT `adminid`, `name`, `email`, `loginname`, `def_language`, `deactivated` FROM `\" . TABLE_PANEL_ADMINS . \"`\n\t\t\t\tWHERE `loginname`= :loginname\n\t\t\t\tAND `email`= :email\");\n\t\t\tDatabase::pexecute($result_stmt, [\n\t\t\t\t\"loginname\" => $loginname,\n\t\t\t\t\"email\" => $email\n\t\t\t]);\n\n\t\t\tif (Database::num_rows() > 0) {\n\t\t\t\t$adminchecked = true;\n\t\t\t} else {\n\t\t\t\t$result_stmt = null;\n\t\t\t}\n\t\t}\n\n\t\tif ($adminchecked) {\n\t\t\tif (Settings::Get('panel.allow_preset_admin') != '1') {\n\t\t\t\t$message = lng('pwdreminder.notallowed');\n\t\t\t\tunset($adminchecked);\n\t\t\t}\n\t\t} else {\n\t\t\tif (Settings::Get('panel.allow_preset') != '1') {\n\t\t\t\t$message = lng('pwdreminder.notallowed');\n\t\t\t}\n\t\t}\n\n\t\tif (empty($message)) {\n\t\t\tif ($result_stmt !== null) {\n\t\t\t\t$user = $result_stmt->fetch(PDO::FETCH_ASSOC);\n\n\t\t\t\t/* Check whether user is banned */\n\t\t\t\tif ($user['deactivated']) {\n\t\t\t\t\t$message = lng('pwdreminder.notallowed');\n\t\t\t\t} else {\n\t\t\t\t\tif (($adminchecked && Settings::Get('panel.allow_preset_admin') == '1') || $adminchecked == false) {\n\t\t\t\t\t\tif ($user !== false) {\n\t\t\t\t\t\t\t// build a activation code\n\t\t\t\t\t\t\t$timestamp = time();\n\t\t\t\t\t\t\t$first = substr(md5($user['loginname'] . $timestamp . PhpHelper::randomStr(16)), 0, 15);\n\t\t\t\t\t\t\t$third = substr(md5($user['email'] . $timestamp . PhpHelper::randomStr(16)), -15);\n\t\t\t\t\t\t\t$activationcode = $first . $timestamp . $third . substr(md5($third . $timestamp), 0, 10);\n\n\t\t\t\t\t\t\t// Drop all existing activation codes for this user\n\t\t\t\t\t\t\t$stmt = Database::prepare(\"DELETE FROM `\" . TABLE_PANEL_ACTIVATION . \"`\n\t\t\t\t\t\t\t\tWHERE `userid` = :userid\n\t\t\t\t\t\t\t\tAND `admin` = :admin\");\n\t\t\t\t\t\t\t$params = [\n\t\t\t\t\t\t\t\t\"userid\" => $adminchecked ? $user['adminid'] : $user['customerid'],\n\t\t\t\t\t\t\t\t\"admin\" => $adminchecked ? 1 : 0\n\t\t\t\t\t\t\t];\n\t\t\t\t\t\t\tDatabase::pexecute($stmt, $params);\n\n\t\t\t\t\t\t\t// Add new activation code to database\n\t\t\t\t\t\t\t$stmt = Database::prepare(\"INSERT INTO `\" . TABLE_PANEL_ACTIVATION . \"`\n\t\t\t\t\t\t\t\t(userid, admin, creation, activationcode)\n\t\t\t\t\t\t\t\tVALUES (:userid, :admin, :creation, :activationcode)\");\n\t\t\t\t\t\t\t$params = [\n\t\t\t\t\t\t\t\t\"userid\" => $adminchecked ? $user['adminid'] : $user['customerid'],\n\t\t\t\t\t\t\t\t\"admin\" => $adminchecked ? 1 : 0,\n\t\t\t\t\t\t\t\t\"creation\" => $timestamp,\n\t\t\t\t\t\t\t\t\"activationcode\" => $activationcode\n\t\t\t\t\t\t\t];\n\t\t\t\t\t\t\tDatabase::pexecute($stmt, $params);\n\n\t\t\t\t\t\t\t$rstlog = FroxlorLogger::getInstanceOf([\n\t\t\t\t\t\t\t\t'loginname' => 'password_reset'\n\t\t\t\t\t\t\t]);\n\t\t\t\t\t\t\t$rstlog->logAction(FroxlorLogger::USR_ACTION, LOG_WARNING, \"User '\" . $user['loginname'] . \"' requested a link for setting a new password.\");\n\n\t\t\t\t\t\t\t// Set together our activation link\n\t\t\t\t\t\t\t$protocol = empty($_SERVER['HTTPS']) ? 'http' : 'https';\n\t\t\t\t\t\t\t// this can be a fixed value to avoid potential exploiting by modifying headers\n\t\t\t\t\t\t\t$host = Settings::Get('system.hostname'); // $_SERVER['HTTP_HOST'];\n\t\t\t\t\t\t\t$port = $_SERVER['SERVER_PORT'] != 80 ? ':' . $_SERVER['SERVER_PORT'] : '';\n\t\t\t\t\t\t\t// don't add :443 when https is used, as it is default (and just looks weird!)\n\t\t\t\t\t\t\tif ($protocol == 'https' && $_SERVER['SERVER_PORT'] == '443') {\n\t\t\t\t\t\t\t\t$port = '';\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t// there can be only one script to handle this so we can use a fixed value here\n\t\t\t\t\t\t\t$script = \"/index.php\"; // $_SERVER['SCRIPT_NAME'];\n\t\t\t\t\t\t\tif (Settings::Get('system.froxlordirectlyviahostname') == 0) {\n\t\t\t\t\t\t\t\t$script = FileDir::makeCorrectFile(\"/\" . basename(__DIR__) . \"/\" . $script);\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t$activationlink = $protocol . '://' . $host . $port . $script . '?action=resetpwd&resetcode=' . $activationcode;\n\n\t\t\t\t\t\t\t$replace_arr = [\n\t\t\t\t\t\t\t\t'SALUTATION' => User::getCorrectUserSalutation($user),\n\t\t\t\t\t\t\t\t'NAME' => $user['name'],\n\t\t\t\t\t\t\t\t'FIRSTNAME' => $user['firstname'] ?? \"\",\n\t\t\t\t\t\t\t\t'COMPANY' => $user['company'] ?? \"\",\n\t\t\t\t\t\t\t\t'CUSTOMER_NO' => $user['customernumber'] ?? 0,\n\t\t\t\t\t\t\t\t'USERNAME' => $loginname,\n\t\t\t\t\t\t\t\t'LINK' => $activationlink\n\t\t\t\t\t\t\t];\n\n\t\t\t\t\t\t\t$def_language = ($user['def_language'] != '') ? $user['def_language'] : Settings::Get('panel.standardlanguage');\n\t\t\t\t\t\t\t$result_stmt = Database::prepare('SELECT `value` FROM `' . TABLE_PANEL_TEMPLATES . '`\n\t\t\t\t\t\t\t\tWHERE `adminid`= :adminid\n\t\t\t\t\t\t\t\tAND `language`= :lang\n\t\t\t\t\t\t\t\tAND `templategroup`=\\'mails\\'\n\t\t\t\t\t\t\t\tAND `varname`=\\'password_reset_subject\\'');\n\t\t\t\t\t\t\tDatabase::pexecute($result_stmt, [\n\t\t\t\t\t\t\t\t\"adminid\" => $user['adminid'],\n\t\t\t\t\t\t\t\t\"lang\" => $def_language\n\t\t\t\t\t\t\t]);\n\t\t\t\t\t\t\t$result = $result_stmt->fetch(PDO::FETCH_ASSOC);\n\t\t\t\t\t\t\t$mail_subject = html_entity_decode(PhpHelper::replaceVariables((($result['value'] != '') ? $result['value'] : lng('mails.password_reset.subject')), $replace_arr));\n\n\t\t\t\t\t\t\t$result_stmt = Database::prepare('SELECT `value` FROM `' . TABLE_PANEL_TEMPLATES . '`\n\t\t\t\t\t\t\t\tWHERE `adminid`= :adminid\n\t\t\t\t\t\t\t\tAND `language`= :lang\n\t\t\t\t\t\t\t\tAND `templategroup`=\\'mails\\'\n\t\t\t\t\t\t\t\tAND `varname`=\\'password_reset_mailbody\\'');\n\t\t\t\t\t\t\tDatabase::pexecute($result_stmt, [\n\t\t\t\t\t\t\t\t\"adminid\" => $user['adminid'],\n\t\t\t\t\t\t\t\t\"lang\" => $def_language\n\t\t\t\t\t\t\t]);\n\t\t\t\t\t\t\t$result = $result_stmt->fetch(PDO::FETCH_ASSOC);\n\t\t\t\t\t\t\t$mail_body = html_entity_decode(PhpHelper::replaceVariables((($result['value'] != '') ? $result['value'] : lng('mails.password_reset.mailbody')), $replace_arr));\n\n\t\t\t\t\t\t\t$_mailerror = false;\n\t\t\t\t\t\t\t$mailerr_msg = \"\";\n\t\t\t\t\t\t\ttry {\n\t\t\t\t\t\t\t\t$mail->Subject = $mail_subject;\n\t\t\t\t\t\t\t\t$mail->AltBody = $mail_body;\n\t\t\t\t\t\t\t\t$mail->MsgHTML(str_replace(\"\\n\", \"
\", $mail_body));\n\t\t\t\t\t\t\t\t$mail->AddAddress($user['email'], User::getCorrectUserSalutation($user));\n\t\t\t\t\t\t\t\t$mail->Send();\n\t\t\t\t\t\t\t} catch (\\PHPMailer\\PHPMailer\\Exception $e) {\n\t\t\t\t\t\t\t\t$mailerr_msg = $e->errorMessage();\n\t\t\t\t\t\t\t\t$_mailerror = true;\n\t\t\t\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\t\t\t\t$mailerr_msg = $e->getMessage();\n\t\t\t\t\t\t\t\t$_mailerror = true;\n\t\t\t\t\t\t\t}\n\n\t\t\t\t\t\t\tif ($_mailerror) {\n\t\t\t\t\t\t\t\t$rstlog = FroxlorLogger::getInstanceOf([\n\t\t\t\t\t\t\t\t\t'loginname' => 'password_reset'\n\t\t\t\t\t\t\t\t]);\n\t\t\t\t\t\t\t\t$rstlog->logAction(FroxlorLogger::ADM_ACTION, LOG_ERR, \"Error sending mail: \" . $mailerr_msg);\n\t\t\t\t\t\t\t\tResponse::redirectTo('index.php', [\n\t\t\t\t\t\t\t\t\t'showmessage' => '4',\n\t\t\t\t\t\t\t\t\t'customermail' => $user['email']\n\t\t\t\t\t\t\t\t]);\n\t\t\t\t\t\t\t\texit();\n\t\t\t\t\t\t\t}\n\n\t\t\t\t\t\t\t$mail->ClearAddresses();\n\t\t\t\t\t\t\tResponse::redirectTo('index.php', [\n\t\t\t\t\t\t\t\t'showmessage' => '1'\n\t\t\t\t\t\t\t]);\n\t\t\t\t\t\t\texit();\n\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t$rstlog = FroxlorLogger::getInstanceOf([\n\t\t\t\t\t\t\t\t'loginname' => 'password_reset'\n\t\t\t\t\t\t\t]);\n\t\t\t\t\t\t\t$rstlog->logAction(FroxlorLogger::USR_ACTION, LOG_WARNING, \"Unknown user requested to set a new password, but was not found in database!\");\n\t\t\t\t\t\t\t$message = lng('login.usernotfound');\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\tunset($user);\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\t$message = lng('pwdreminder.notallowed');\n\t\t\t}\n\t\t}\n\t}\n\n\tUI::view('login/fpwd.html.twig', [\n\t\t'pagetitle' => lng('login.presend'),\n\t\t'formaction' => 'index.php?action=' . $action,\n\t\t'message' => $message,\n\t]);\n}\n\nif ($action == 'resetpwd') {\n\t$message = '';\n\n\t// Remove old activation codes\n\t$stmt = Database::prepare(\"DELETE FROM `\" . TABLE_PANEL_ACTIVATION . \"`\n\t\tWHERE creation < :oldest\");\n\tDatabase::pexecute($stmt, [\n\t\t\"oldest\" => time() - 86400\n\t]);\n\n\t$activationcode = Request::get('resetcode');\n\tif (!empty($activationcode) && strlen($activationcode) == 50) {\n\t\t// Check if activation code is valid\n\t\t$timestamp = substr($activationcode, 15, 10);\n\t\t$third = substr($activationcode, 25, 15);\n\t\t$check = substr($activationcode, 40, 10);\n\n\t\tif (substr(md5($third . $timestamp), 0, 10) == $check && $timestamp >= time() - 86400) {\n\t\t\tif (!empty($_POST)) {\n\t\t\t\t$stmt = Database::prepare(\"SELECT `userid`, `admin` FROM `\" . TABLE_PANEL_ACTIVATION . \"`\n\t\t\t\t\tWHERE `activationcode` = :activationcode\");\n\t\t\t\t$result = Database::pexecute_first($stmt, [\n\t\t\t\t\t\"activationcode\" => $activationcode\n\t\t\t\t]);\n\n\t\t\t\tif ($result !== false) {\n\t\t\t\t\ttry {\n\t\t\t\t\t\t$new_password = Crypt::validatePassword(Request::post('new_password'), true);\n\t\t\t\t\t\t$new_password_confirm = Crypt::validatePassword(Request::post('new_password_confirm'), true);\n\t\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\t\t$message = $e->getMessage();\n\t\t\t\t\t}\n\n\t\t\t\t\tif (empty($message) && (empty($new_password) || $new_password != $new_password_confirm)) {\n\t\t\t\t\t\t$message = lng('error.newpasswordconfirmerror');\n\t\t\t\t\t}\n\n\t\t\t\t\tif (empty($message)) {\n\t\t\t\t\t\t// Update user password\n\t\t\t\t\t\tif ($result['admin'] == 1) {\n\t\t\t\t\t\t\t$stmt = Database::prepare(\"UPDATE `\" . TABLE_PANEL_ADMINS . \"`\n\t\t\t\t\t\t\t\tSET `password` = :newpassword\n\t\t\t\t\t\t\t\tWHERE `adminid` = :userid\");\n\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t$stmt = Database::prepare(\"UPDATE `\" . TABLE_PANEL_CUSTOMERS . \"`\n\t\t\t\t\t\t\t\tSET `password` = :newpassword\n\t\t\t\t\t\t\t\tWHERE `customerid` = :userid\");\n\t\t\t\t\t\t}\n\t\t\t\t\t\tDatabase::pexecute($stmt, [\n\t\t\t\t\t\t\t\"newpassword\" => Crypt::makeCryptPassword($new_password),\n\t\t\t\t\t\t\t\"userid\" => $result['userid']\n\t\t\t\t\t\t]);\n\n\t\t\t\t\t\t$rstlog = FroxlorLogger::getInstanceOf([\n\t\t\t\t\t\t\t'loginname' => 'password_reset'\n\t\t\t\t\t\t]);\n\t\t\t\t\t\t$rstlog->logAction(FroxlorLogger::USR_ACTION, LOG_NOTICE, \"changed password using password reset.\");\n\n\t\t\t\t\t\t// Remove activation code from DB\n\t\t\t\t\t\t$stmt = Database::prepare(\"DELETE FROM `\" . TABLE_PANEL_ACTIVATION . \"`\n\t\t\t\t\t\t\tWHERE `activationcode` = :activationcode\n\t\t\t\t\t\t\tAND `userid` = :userid\");\n\t\t\t\t\t\tDatabase::pexecute($stmt, [\n\t\t\t\t\t\t\t\"activationcode\" => $activationcode,\n\t\t\t\t\t\t\t\"userid\" => $result['userid']\n\t\t\t\t\t\t]);\n\t\t\t\t\t\tResponse::redirectTo('index.php', [\n\t\t\t\t\t\t\t\"showmessage\" => '6'\n\t\t\t\t\t\t]);\n\t\t\t\t\t}\n\t\t\t\t} else {\n\t\t\t\t\tResponse::redirectTo('index.php', [\n\t\t\t\t\t\t\"showmessage\" => '7'\n\t\t\t\t\t]);\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tUI::view('login/rpwd.html.twig', [\n\t\t\t\t'pagetitle' => lng('pwdreminder.choosenew'),\n\t\t\t\t'formaction' => 'index.php?action=resetpwd&resetcode=' . $activationcode,\n\t\t\t\t'message' => $message,\n\t\t\t]);\n\t\t} else {\n\t\t\tResponse::redirectTo('index.php', [\n\t\t\t\t\"showmessage\" => '7'\n\t\t\t]);\n\t\t}\n\t} else {\n\t\tResponse::redirectTo('index.php');\n\t}\n}\n\n// one-time link login\nif ($action == 'll') {\n\tif (!Froxlor::hasUpdates() && !Froxlor::hasDbUpdates()) {\n\t\t$loginname = Request::get('ln');\n\t\t$hash = Request::get('h');\n\t\tif ($loginname && $hash) {\n\t\t\t$sel_stmt = Database::prepare(\"\n\t\t\t\tSELECT * FROM `\" . TABLE_PANEL_LOGINLINKS . \"`\n\t\t\t\tWHERE `loginname` = :loginname AND `hash` = :hash\n\t\t\t\");\n\t\t\ttry {\n\t\t\t\t$entry = Database::pexecute_first($sel_stmt, ['loginname' => $loginname, 'hash' => $hash]);\n\t\t\t} catch (Exception $e) {\n\t\t\t\t$entry = false;\n\t\t\t}\n\t\t\tif ($entry) {\n\t\t\t\t// delete entry\n\t\t\t\t$del_stmt = Database::prepare(\"DELETE FROM `\" . TABLE_PANEL_LOGINLINKS . \"` WHERE `loginname` = :loginname AND `hash` = :hash\");\n\t\t\t\tDatabase::pexecute($del_stmt, ['loginname' => $loginname, 'hash' => $hash]);\n\t\t\t\tif (time() <= $entry['valid_until']) {\n\t\t\t\t\t$valid = true;\n\t\t\t\t\t// validate source ip if specified\n\t\t\t\t\tif (!empty($entry['allowed_from'])) {\n\t\t\t\t\t\t$valid = false;\n\t\t\t\t\t\t$ip_list = explode(\",\", $entry['allowed_from']);\n\t\t\t\t\t\tif (FroxlorRPC::validateAllowedFrom($ip_list, $_SERVER['REMOTE_ADDR'])) {\n\t\t\t\t\t\t\t$valid = true;\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t\tif ($valid) {\n\t\t\t\t\t\t// login user / select only non-deactivated (in case the user got deactivated after generating the link)\n\t\t\t\t\t\t$userinfo_stmt = Database::prepare(\"SELECT * FROM `\" . TABLE_PANEL_CUSTOMERS . \"` WHERE `loginname`= :loginname AND `deactivated` = 0\");\n\t\t\t\t\t\ttry {\n\t\t\t\t\t\t\t$userinfo = Database::pexecute_first($userinfo_stmt, [\n\t\t\t\t\t\t\t\t\"loginname\" => $loginname\n\t\t\t\t\t\t\t]);\n\t\t\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\t\t\t$userinfo = false;\n\t\t\t\t\t\t}\n\t\t\t\t\t\tif ($userinfo) {\n\t\t\t\t\t\t\t$userinfo['userid'] = $userinfo['customerid'];\n\t\t\t\t\t\t\t$userinfo['adminsession'] = 0;\n\t\t\t\t\t\t\tfinishLogin($userinfo);\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t}\n\tResponse::redirectTo('index.php');\n}\n\nfunction finishLogin($userinfo)\n{\n\tif (isset($userinfo['userid']) && $userinfo['userid'] != '') {\n\t\tsession_regenerate_id(true);\n\t\tCurrentUser::setData($userinfo);\n\n\t\t$language = $userinfo['def_language'] ?? Settings::Get('panel.standardlanguage');\n\t\tCurrentUser::setField('language', $language);\n\n\t\tif (isset($userinfo['theme']) && $userinfo['theme'] != '') {\n\t\t\t$theme = $userinfo['theme'];\n\t\t} else {\n\t\t\t$theme = Settings::Get('panel.default_theme');\n\t\t}\n\t\tCurrentUser::setField('theme', $theme);\n\n\t\t$qryparams = [];\n\t\tif (!empty($_SESSION['lastqrystr'])) {\n\t\t\tparse_str(urldecode($_SESSION['lastqrystr']), $qryparams);\n\t\t\tunset($_SESSION['lastqrystr']);\n\t\t}\n\n\t\tif ($userinfo['adminsession'] == '1') {\n\t\t\tif (Froxlor::hasUpdates() || Froxlor::hasDbUpdates()) {\n\t\t\t\tResponse::redirectTo('admin_updates.php?page=overview');\n\t\t\t} else {\n\t\t\t\tif (!empty($_SESSION['lastscript'])) {\n\t\t\t\t\t$lastscript = $_SESSION['lastscript'];\n\t\t\t\t\tunset($_SESSION['lastscript']);\n\t\t\t\t\tif (preg_match(\"/customer\\_/\", $lastscript) === 1) {\n\t\t\t\t\t\tResponse::redirectTo('admin_customers.php', [\n\t\t\t\t\t\t\t\"page\" => \"customers\"\n\t\t\t\t\t\t]);\n\t\t\t\t\t} else {\n\t\t\t\t\t\tResponse::redirectTo($lastscript, $qryparams);\n\t\t\t\t\t}\n\t\t\t\t} else {\n\t\t\t\t\tResponse::redirectTo('admin_index.php', $qryparams);\n\t\t\t\t}\n\t\t\t}\n\t\t} else {\n\t\t\tif (!empty($_SESSION['lastscript'])) {\n\t\t\t\t$lastscript = $_SESSION['lastscript'];\n\t\t\t\tunset($_SESSION['lastscript']);\n\t\t\t\tResponse::redirectTo($lastscript, $qryparams);\n\t\t\t} else {\n\t\t\t\tResponse::redirectTo('customer_index.php', $qryparams);\n\t\t\t}\n\t\t}\n\t}\n\treturn false;\n}\n" }, { "path": "install/froxlor.sql.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nreturn <<<'FROXLORSQL'\nDROP TABLE IF EXISTS `ftp_groups`;\nCREATE TABLE `ftp_groups` (\n `id` int(20) NOT NULL auto_increment,\n `groupname` varchar(60) NOT NULL default '',\n `gid` int(5) NOT NULL default '0',\n `members` longtext NOT NULL,\n `customerid` int(11) NOT NULL default '0',\n PRIMARY KEY (`id`),\n UNIQUE KEY `groupname` (`groupname`),\n KEY `customerid` (`customerid`)\n) ENGINE=InnoDB CHARSET=utf8 COLLATE=utf8_general_ci;\n\nDROP TABLE IF EXISTS `ftp_users`;\nCREATE TABLE `ftp_users` (\n `id` int(20) NOT NULL auto_increment,\n `username` varchar(255) NOT NULL,\n `uid` int(5) NOT NULL default '0',\n `gid` int(5) NOT NULL default '0',\n `password` varchar(255) NOT NULL,\n `homedir` varchar(255) NOT NULL default '',\n `shell` varchar(255) NOT NULL default '/bin/false',\n `login_enabled` enum('N','Y') NOT NULL default 'N',\n `login_count` int(15) NOT NULL default '0',\n `last_login` datetime default NULL,\n `up_count` int(15) NOT NULL default '0',\n `up_bytes` bigint(30) NOT NULL default '0',\n `down_count` int(15) NOT NULL default '0',\n `down_bytes` bigint(30) NOT NULL default '0',\n `customerid` int(11) NOT NULL default '0',\n `description` varchar(255) NOT NULL DEFAULT '',\n PRIMARY KEY (`id`),\n UNIQUE KEY `username` (`username`),\n KEY `customerid` (`customerid`)\n) ENGINE=InnoDB CHARSET=utf8 COLLATE=utf8_general_ci;\n\n\nDROP TABLE IF EXISTS `mail_users`;\nCREATE TABLE `mail_users` (\n `id` int(11) NOT NULL auto_increment,\n `email` varchar(255) NOT NULL default '',\n `username` varchar(255) NOT NULL default '',\n `password` varchar(255) NOT NULL default '',\n `password_enc` varchar(255) NOT NULL default '',\n `uid` int(11) NOT NULL default '0',\n `gid` int(11) NOT NULL default '0',\n `homedir` varchar(255) NOT NULL default '',\n `maildir` varchar(255) NOT NULL default '',\n `postfix` enum('Y','N') NOT NULL default 'Y',\n `domainid` int(11) NOT NULL default '0',\n `customerid` int(11) NOT NULL default '0',\n `quota` bigint(13) NOT NULL default '0',\n `pop3` tinyint(1) NOT NULL default '1',\n `imap` tinyint(1) NOT NULL default '1',\n `mboxsize` bigint(30) NOT NULL default '0',\n PRIMARY KEY (`id`),\n UNIQUE KEY `email` (`email`)\n) ENGINE=InnoDB CHARSET=utf8 COLLATE=utf8_general_ci;\n\n\nDROP TABLE IF EXISTS `mail_virtual`;\nCREATE TABLE `mail_virtual` (\n `id` int(11) NOT NULL auto_increment,\n `email` varchar(255) NOT NULL default '',\n `email_full` varchar(255) NOT NULL default '',\n `destination` text,\n `domainid` int(11) NOT NULL default '0',\n `customerid` int(11) NOT NULL default '0',\n `popaccountid` int(11) NOT NULL default '0',\n `iscatchall` tinyint(1) unsigned NOT NULL default '0',\n `description` varchar(255) NOT NULL DEFAULT '',\n `spam_tag_level` float(4,1) NOT NULL DEFAULT 7.0,\n `rewrite_subject` tinyint(1) NOT NULL default '1',\n `spam_kill_level` float(4,1) NOT NULL DEFAULT 14.0,\n `bypass_spam` tinyint(1) NOT NULL default '0',\n `policy_greylist` tinyint(1) NOT NULL default '1',\n PRIMARY KEY (`id`),\n KEY `email` (`email`)\n) ENGINE=InnoDB CHARSET=utf8 COLLATE=utf8_general_ci;\n\nDROP TABLE IF EXISTS `mail_sender_aliases`;\nCREATE TABLE `mail_sender_aliases` (\n `id` int(11) NOT NULL auto_increment,\n `email` varchar(255) NOT NULL,\n `allowed_sender` varchar(255) NOT NULL,\n PRIMARY KEY (`id`),\n UNIQUE KEY `email_sender` (`email`, `allowed_sender`)\n) ENGINE=InnoDB CHARSET=utf8 COLLATE=utf8_general_ci;\n\nDROP TABLE IF EXISTS `panel_activation`;\nCREATE TABLE `panel_activation` (\n `id` int(11) unsigned NOT NULL auto_increment,\n `userid` int(11) unsigned NOT NULL default '0',\n `admin` tinyint(1) unsigned NOT NULL default '0',\n `creation` int(11) unsigned NOT NULL default '0',\n `activationcode` varchar(50) default NULL,\n PRIMARY KEY (id)\n) ENGINE=InnoDB CHARSET=utf8 COLLATE=utf8_general_ci;\n\n\nDROP TABLE IF EXISTS `panel_admins`;\nCREATE TABLE `panel_admins` (\n `adminid` int(11) unsigned NOT NULL auto_increment,\n `loginname` varchar(50) NOT NULL,\n `password` varchar(255) NOT NULL,\n `name` varchar(255) NOT NULL default '',\n `email` varchar(255) NOT NULL default '',\n `def_language` varchar(100) NOT NULL default '',\n `ip` varchar(500) NOT NULL default '-1',\n `customers` int(15) NOT NULL default '0',\n `customers_used` int(15) NOT NULL default '0',\n `customers_see_all` tinyint(1) NOT NULL default '0',\n `domains` int(15) NOT NULL default '0',\n `domains_used` int(15) NOT NULL default '0',\n `caneditphpsettings` tinyint(1) NOT NULL default '0',\n `change_serversettings` tinyint(1) NOT NULL default '0',\n `diskspace` int(15) NOT NULL default '0',\n `diskspace_used` int(15) NOT NULL default '0',\n `mysqls` int(15) NOT NULL default '0',\n `mysqls_used` int(15) NOT NULL default '0',\n `emails` int(15) NOT NULL default '0',\n `emails_used` int(15) NOT NULL default '0',\n `email_accounts` int(15) NOT NULL default '0',\n `email_accounts_used` int(15) NOT NULL default '0',\n `email_forwarders` int(15) NOT NULL default '0',\n `email_forwarders_used` int(15) NOT NULL default '0',\n `email_quota` bigint(13) NOT NULL default '0',\n `email_quota_used` bigint(13) NOT NULL default '0',\n `ftps` int(15) NOT NULL default '0',\n `ftps_used` int(15) NOT NULL default '0',\n `subdomains` int(15) NOT NULL default '0',\n `subdomains_used` int(15) NOT NULL default '0',\n `traffic` bigint(30) NOT NULL default '0',\n `traffic_used` bigint(30) NOT NULL default '0',\n `deactivated` tinyint(1) NOT NULL default '0',\n `lastlogin_succ` int(11) unsigned NOT NULL default '0',\n `lastlogin_fail` int(11) unsigned NOT NULL default '0',\n `loginfail_count` int(11) unsigned NOT NULL default '0',\n `reportsent` tinyint(4) unsigned NOT NULL default '0',\n `theme` varchar(50) NOT NULL default 'Froxlor',\n `custom_notes` text,\n `custom_notes_show` tinyint(1) NOT NULL default '0',\n `type_2fa` tinyint(1) NOT NULL default '0',\n `data_2fa` varchar(25) NOT NULL default '',\n `api_allowed` tinyint(1) NOT NULL default '1',\n `gui_access` tinyint(1) NOT NULL default '1',\n PRIMARY KEY (`adminid`),\n UNIQUE KEY `loginname` (`loginname`)\n) ENGINE=InnoDB CHARSET=utf8 COLLATE=utf8_general_ci ROW_FORMAT=DYNAMIC;\n\n\nDROP TABLE IF EXISTS `panel_customers`;\nCREATE TABLE `panel_customers` (\n `customerid` int(11) unsigned NOT NULL auto_increment,\n `loginname` varchar(50) NOT NULL,\n `password` varchar(255) NOT NULL default '',\n `adminid` int(11) unsigned NOT NULL default '0',\n `name` varchar(255) NOT NULL default '',\n `firstname` varchar(255) NOT NULL default '',\n `gender` int(1) NOT NULL DEFAULT '0',\n `company` varchar(255) NOT NULL default '',\n `street` varchar(255) NOT NULL default '',\n `zipcode` varchar(25) NOT NULL default '',\n `city` varchar(255) NOT NULL default '',\n `phone` varchar(50) NOT NULL default '',\n `fax` varchar(50) NOT NULL default '',\n `email` varchar(255) NOT NULL default '',\n `customernumber` varchar(100) NOT NULL default '',\n `def_language` varchar(100) NOT NULL default '',\n `diskspace` bigint(30) NOT NULL default '0',\n `diskspace_used` bigint(30) NOT NULL default '0',\n `mysqls` int(15) NOT NULL default '0',\n `mysqls_used` int(15) NOT NULL default '0',\n `emails` int(15) NOT NULL default '0',\n `emails_used` int(15) NOT NULL default '0',\n `email_accounts` int(15) NOT NULL default '0',\n `email_accounts_used` int(15) NOT NULL default '0',\n `email_forwarders` int(15) NOT NULL default '0',\n `email_forwarders_used` int(15) NOT NULL default '0',\n `email_quota` bigint(13) NOT NULL default '0',\n `email_quota_used` bigint(13) NOT NULL default '0',\n `ftps` int(15) NOT NULL default '0',\n `ftps_used` int(15) NOT NULL default '0',\n `subdomains` int(15) NOT NULL default '0',\n `subdomains_used` int(15) NOT NULL default '0',\n `traffic` bigint(30) NOT NULL default '0',\n `traffic_used` bigint(30) NOT NULL default '0',\n `documentroot` varchar(255) NOT NULL default '',\n `standardsubdomain` int(11) NOT NULL default '0',\n `guid` int(5) NOT NULL default '0',\n `ftp_lastaccountnumber` int(11) NOT NULL default '0',\n `mysql_lastaccountnumber` int(11) NOT NULL default '0',\n `deactivated` tinyint(1) NOT NULL default '0',\n `phpenabled` tinyint(1) NOT NULL default '1',\n `lastlogin_succ` int(11) unsigned NOT NULL default '0',\n `lastlogin_fail` int(11) unsigned NOT NULL default '0',\n `loginfail_count` int(11) unsigned NOT NULL default '0',\n `reportsent` tinyint(4) unsigned NOT NULL default '0',\n `pop3` tinyint(1) NOT NULL default '1',\n `imap` tinyint(1) NOT NULL default '1',\n `perlenabled` tinyint(1) NOT NULL default '0',\n `dnsenabled` tinyint(1) NOT NULL default '0',\n `theme` varchar(50) NOT NULL default 'Froxlor',\n `custom_notes` text,\n `custom_notes_show` tinyint(1) NOT NULL default '0',\n `lepublickey` mediumtext default NULL,\n `leprivatekey` mediumtext default NULL,\n `leregistered` tinyint(1) NOT NULL default '0',\n `allowed_phpconfigs` text NOT NULL,\n `type_2fa` tinyint(1) NOT NULL default '0',\n `data_2fa` varchar(25) NOT NULL default '',\n `api_allowed` tinyint(1) NOT NULL default '1',\n `shell_allowed` tinyint(1) NOT NULL default '0',\n `logviewenabled` tinyint(1) NOT NULL default '0',\n `allowed_mysqlserver` text NOT NULL,\n `gui_access` tinyint(1) NOT NULL default '1',\n PRIMARY KEY (`customerid`),\n UNIQUE KEY `loginname` (`loginname`)\n) ENGINE=InnoDB CHARSET=utf8 COLLATE=utf8_general_ci ROW_FORMAT=DYNAMIC;\n\n\nDROP TABLE IF EXISTS `panel_databases`;\nCREATE TABLE `panel_databases` (\n `id` int(11) unsigned NOT NULL auto_increment,\n `customerid` int(11) NOT NULL default '0',\n `databasename` varchar(255) NOT NULL default '',\n `description` varchar(255) NOT NULL default '',\n `dbserver` int(11) unsigned NOT NULL default '0',\n PRIMARY KEY (`id`),\n KEY `customerid` (`customerid`)\n) ENGINE=InnoDB CHARSET=utf8 COLLATE=utf8_general_ci;\n\n\nDROP TABLE IF EXISTS `panel_domains`;\nCREATE TABLE `panel_domains` (\n `id` int(11) unsigned NOT NULL auto_increment,\n `domain` varchar(255) NOT NULL,\n `domain_ace` varchar(255) NOT NULL default '',\n `adminid` int(11) unsigned NOT NULL default '0',\n `customerid` int(11) unsigned NOT NULL default '0',\n `aliasdomain` int(11) unsigned NULL,\n `documentroot` varchar(255) NOT NULL default '',\n `isbinddomain` tinyint(1) NOT NULL default '0',\n `isemaildomain` tinyint(1) NOT NULL default '0',\n `email_only` tinyint(1) NOT NULL default '0',\n `iswildcarddomain` tinyint(1) NOT NULL default '1',\n `subcanemaildomain` tinyint(1) NOT NULL default '0',\n `caneditdomain` tinyint(1) NOT NULL default '1',\n `zonefile` varchar(255) NOT NULL default '',\n `dkim` tinyint(1) NOT NULL default '0',\n `dkim_id` int(11) unsigned NOT NULL default '0',\n `dkim_privkey` text,\n `dkim_pubkey` text,\n `wwwserveralias` tinyint(1) NOT NULL default '1',\n `parentdomainid` int(11) NOT NULL default '0',\n `phpenabled` tinyint(1) NOT NULL default '0',\n `openbasedir` tinyint(1) NOT NULL default '0',\n `openbasedir_path` tinyint(1) NOT NULL default '0',\n `speciallogfile` tinyint(1) NOT NULL default '0',\n `ssl_redirect` tinyint(4) NOT NULL default '0',\n `specialsettings` text,\n `ssl_specialsettings` text,\n `include_specialsettings` tinyint(1) NOT NULL default '0',\n `deactivated` tinyint(1) NOT NULL default '0',\n `bindserial` varchar(10) NOT NULL default '2000010100',\n `add_date` int( 11 ) NOT NULL default '0',\n `registration_date` date DEFAULT NULL,\n `termination_date` date DEFAULT NULL,\n `phpsettingid` INT( 11 ) UNSIGNED NOT NULL DEFAULT '1',\n `mod_fcgid_starter` int(4) default '-1',\n `mod_fcgid_maxrequests` int(4) default '-1',\n `letsencrypt` tinyint(1) NOT NULL default '0',\n `hsts` varchar(10) NOT NULL default '0',\n `hsts_sub` tinyint(1) NOT NULL default '0',\n `hsts_preload` tinyint(1) NOT NULL default '0',\n `ocsp_stapling` tinyint(1) DEFAULT '0',\n `http2` tinyint(1) DEFAULT '0',\n `http3` tinyint(1) DEFAULT '0',\n `notryfiles` tinyint(1) DEFAULT '0',\n `writeaccesslog` tinyint(1) DEFAULT '1',\n `writeerrorlog` tinyint(1) DEFAULT '1',\n `override_tls` tinyint(1) DEFAULT '0',\n `ssl_protocols` varchar(255) NOT NULL DEFAULT '',\n `ssl_cipher_list` varchar(500) NOT NULL DEFAULT '',\n `tlsv13_cipher_list` varchar(500) NOT NULL DEFAULT '',\n `ssl_enabled` tinyint(1) DEFAULT '1',\n `ssl_honorcipherorder` tinyint(1) DEFAULT '0',\n `ssl_sessiontickets` tinyint(1) DEFAULT '1',\n `description` varchar(255) NOT NULL DEFAULT '',\n PRIMARY KEY (`id`),\n KEY `customerid` (`customerid`),\n KEY `parentdomain` (`parentdomainid`),\n KEY `domain` (`domain`)\n) ENGINE=InnoDB CHARSET=utf8 COLLATE=utf8_general_ci ROW_FORMAT=DYNAMIC;\n\n\nDROP TABLE IF EXISTS `panel_ipsandports`;\nCREATE TABLE `panel_ipsandports` (\n `id` int(11) unsigned NOT NULL auto_increment,\n `ip` varchar(39) NOT NULL,\n `port` int(5) NOT NULL default '80',\n `listen_statement` tinyint(1) NOT NULL default '0',\n `namevirtualhost_statement` tinyint(1) NOT NULL default '0',\n `vhostcontainer` tinyint(1) NOT NULL default '0',\n `vhostcontainer_servername_statement` tinyint(1) NOT NULL default '0',\n `specialsettings` text,\n `ssl` tinyint(4) NOT NULL default '0',\n `ssl_cert_file` varchar(255) NOT NULL default '',\n `ssl_key_file` varchar(255) NOT NULL default '',\n `ssl_ca_file` varchar(255) NOT NULL default '',\n `default_vhostconf_domain` text,\n `ssl_cert_chainfile` varchar(255) NOT NULL default '',\n `docroot` varchar(255) NOT NULL default '',\n `ssl_specialsettings` text,\n `include_specialsettings` tinyint(1) NOT NULL default '0',\n `ssl_default_vhostconf_domain` text,\n `include_default_vhostconf_domain` tinyint(1) NOT NULL default '0',\n PRIMARY KEY (`id`),\n UNIQUE KEY `ip_port` (`ip`,`port`)\n) ENGINE=InnoDB CHARSET=utf8 COLLATE=utf8_general_ci;\n\n\nDROP TABLE IF EXISTS `panel_htaccess`;\nCREATE TABLE `panel_htaccess` (\n `id` int(11) unsigned NOT NULL auto_increment,\n `customerid` int(11) unsigned NOT NULL default '0',\n `path` varchar(255) NOT NULL default '',\n `options_indexes` tinyint(1) NOT NULL default '0',\n `error404path` varchar(255) NOT NULL default '',\n `error403path` varchar(255) NOT NULL default '',\n `error500path` varchar(255) NOT NULL default '',\n `error401path` varchar(255) NOT NULL default '',\n `options_cgi` tinyint(1) NOT NULL default '0',\n PRIMARY KEY (`id`)\n) ENGINE=InnoDB CHARSET=utf8 COLLATE=utf8_general_ci;\n\n\nDROP TABLE IF EXISTS `panel_htpasswds`;\nCREATE TABLE `panel_htpasswds` (\n `id` int(11) unsigned NOT NULL auto_increment,\n `customerid` int(11) unsigned NOT NULL default '0',\n `path` varchar(255) NOT NULL default '',\n `username` varchar(255) NOT NULL default '',\n `password` varchar(255) NOT NULL default '',\n `authname` varchar(255) NOT NULL default 'Restricted Area',\n PRIMARY KEY (`id`),\n KEY `customerid` (`customerid`)\n) ENGINE=InnoDB CHARSET=utf8 COLLATE=utf8_general_ci;\n\n\nDROP TABLE IF EXISTS `panel_settings`;\nCREATE TABLE `panel_settings` (\n `settingid` int(11) unsigned NOT NULL auto_increment,\n `settinggroup` varchar(255) NOT NULL default '',\n `varname` varchar(255) NOT NULL default '',\n `value` text NOT NULL,\n PRIMARY KEY (`settingid`)\n) ENGINE=InnoDB CHARSET=utf8 COLLATE=utf8_general_ci;\n\nINSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES\n\t('catchall', 'catchall_enabled', '1'),\n\t('session', 'allow_multiple_login', '0'),\n\t('session', 'sessiontimeout', '600'),\n\t('customer', 'accountprefix', 'web'),\n\t('customer', 'ftpprefix', 'ftp'),\n\t('customer', 'mysqlprefix', 'sql'),\n\t('customer', 'ftpatdomain', '0'),\n\t('customer', 'show_news_feed', '0'),\n\t('customer', 'news_feed_url', ''),\n\t('logger', 'enabled', '1'),\n\t('logger', 'log_cron', '0'),\n\t('logger', 'logfile', ''),\n\t('logger', 'logtypes', 'syslog,mysql'),\n\t('logger', 'severity', '1'),\n\t('antispam', 'activated', '0'),\n\t('antispam', 'config_file', '/etc/rspamd/local.d/froxlor_settings.conf'),\n\t('antispam', 'reload_command', 'service rspamd restart'),\n\t('antispam', 'dkim_keylength', '1024'),\n\t('antispam', 'default_bypass_spam', '2'),\n\t('antispam', 'default_spam_rewrite_subject', '1'),\n\t('antispam', 'default_policy_greylist', '1'),\n\t('admin', 'show_news_feed', '0'),\n\t('admin', 'show_version_login', '0'),\n\t('admin', 'show_version_footer', '0'),\n\t('caa', 'caa_entry', ''),\n\t('spf', 'use_spf', '0'),\n\t('spf', 'spf_entry', 'v=spf1 a mx -all'),\n\t('dmarc', 'use_dmarc', '0'),\n\t('dmarc', 'dmarc_entry', 'v=DMARC1; p=none;'),\n\t('defaultwebsrverrhandler', 'enabled', '0'),\n\t('defaultwebsrverrhandler', 'err401', ''),\n\t('defaultwebsrverrhandler', 'err403', ''),\n\t('defaultwebsrverrhandler', 'err404', ''),\n\t('defaultwebsrverrhandler', 'err500', ''),\n\t('customredirect', 'enabled', '1'),\n\t('customredirect', 'default', '1'),\n\t('perl', 'suexecworkaround', '0'),\n\t('perl', 'suexecpath', '/var/www/cgi-bin/'),\n\t('login', 'domain_login', '0'),\n\t('login', 'maxloginattempts', '3'),\n\t('login', 'deactivatetime', '900'),\n\t('phpfpm', 'enabled', '0'),\n\t('phpfpm', 'tmpdir', '/var/customers/tmp/'),\n\t('phpfpm', 'peardir', '/usr/share/php/:/usr/share/php5/'),\n\t('phpfpm', 'envpath', '/usr/local/bin:/usr/bin:/bin'),\n\t('phpfpm', 'enabled_ownvhost', '0'),\n\t('phpfpm', 'vhost_httpuser', 'froxlorlocal'),\n\t('phpfpm', 'vhost_httpgroup', 'froxlorlocal'),\n\t('phpfpm', 'aliasconfigdir', '/var/www/php-fpm/'),\n\t('phpfpm', 'defaultini', '1'),\n\t('phpfpm', 'vhost_defaultini', '2'),\n\t('phpfpm', 'fastcgi_ipcdir', '/var/lib/apache2/fastcgi/'),\n\t('phpfpm', 'use_mod_proxy', '1'),\n\t('phpfpm', 'ini_flags', 'asp_tags\ndisplay_errors\ndisplay_startup_errors\nhtml_errors\nlog_errors\nmagic_quotes_gpc\nmagic_quotes_runtime\nmagic_quotes_sybase\nmail.add_x_header\nsession.cookie_secure\nsession.use_cookies\nshort_open_tag\ntrack_errors\nxmlrpc_errors\nsuhosin.simulation\nsuhosin.session.encrypt\nsuhosin.session.cryptua\nsuhosin.session.cryptdocroot\nsuhosin.cookie.encrypt\nsuhosin.cookie.cryptua\nsuhosin.cookie.cryptdocroot\nsuhosin.executor.disable_eval\nmbstring.func_overload'),\n\t('phpfpm', 'ini_values', 'auto_append_file\nauto_prepend_file\ndate.timezone\ndefault_charset\nerror_reporting\ninclude_path\nlog_errors_max_len\nmail.log\nmax_execution_time\nsession.cookie_domain\nsession.cookie_lifetime\nsession.cookie_path\nsession.name\nsession.serialize_handler\nupload_max_filesize\nxmlrpc_error_number\nsession.auto_start\nalways_populate_raw_post_data\nsuhosin.session.cryptkey\nsuhosin.session.cryptraddr\nsuhosin.session.checkraddr\nsuhosin.cookie.cryptkey\nsuhosin.cookie.plainlist\nsuhosin.cookie.cryptraddr\nsuhosin.cookie.checkraddr\nsuhosin.executor.func.blacklist\nsuhosin.executor.eval.whitelist'),\n\t('phpfpm', 'ini_admin_flags', 'allow_call_time_pass_reference\nallow_url_fopen\nallow_url_include\nauto_detect_line_endings\ncgi.fix_pathinfo\ncgi.force_redirect\nenable_dl\nexpose_php\nfile_uploads\nignore_repeated_errors\nignore_repeated_source\nlog_errors\nregister_argc_argv\nreport_memleaks\nopcache.enable\nopcache.consistency_checks\nopcache.dups_fix\nopcache.load_comments\nopcache.revalidate_path\nopcache.save_comments\nopcache.use_cwd\nopcache.fast_shutdown'),\n\t('phpfpm', 'ini_admin_values', 'cgi.redirect_status_env\ndisable_classes\ndisable_functions\nerror_log\ngpc_order\nmax_input_time\nmax_input_vars\nmemory_limit\nopen_basedir\noutput_buffering\npost_max_size\nprecision\nsendmail_path\nsession.gc_divisor\nsession.gc_probability\nvariables_order\nopcache.log_verbosity_level\nopcache.restrict_api\nopcache.revalidate_freq\nopcache.max_accelerated_files\nopcache.memory_consumption\nopcache.interned_strings_buffer\nopcache.validate_timestamps'),\n\t('nginx', 'fastcgiparams', '/etc/nginx/fastcgi_params'),\n\t('system', 'lastaccountnumber', '0'),\n\t('system', 'lastguid', '9999'),\n\t('system', 'documentroot_prefix', '/var/customers/webs/'),\n\t('system', 'logfiles_directory', '/var/customers/logs/'),\n\t('system', 'ipaddress', 'SERVERIP'),\n\t('system', 'apachereload_command', 'service apache2 reload'),\n\t('system', 'last_traffic_run', '000000'),\n\t('system', 'vmail_uid', '2000'),\n\t('system', 'vmail_gid', '2000'),\n\t('system', 'vmail_homedir', '/var/customers/mail/'),\n\t('system', 'vmail_maildirname', 'Maildir'),\n\t('system', 'bind_enable', '0'),\n\t('system', 'bindconf_directory', '/etc/bind/'),\n\t('system', 'bindreload_command', 'service bind9 reload'),\n\t('system', 'hostname', 'SERVERNAME'),\n\t('system', 'mysql_access_host', 'localhost'),\n\t('system', 'lastcronrun', ''),\n\t('system', 'defaultip', '1'),\n\t('system', 'defaultsslip', ''),\n\t('system', 'phpappendopenbasedir', '/tmp/'),\n\t('system', 'deactivateddocroot', '/var/www/html/froxlor/templates/misc/deactivated/'),\n\t('system', 'mailpwcleartext', '0'),\n\t('system', 'last_tasks_run', '000000'),\n\t('system', 'nameservers', ''),\n\t('system', 'mxservers', ''),\n\t('system', 'mod_fcgid', '0'),\n\t('system', 'apacheconf_vhost', '/etc/apache2/sites-enabled/'),\n\t('system', 'apacheconf_diroptions', '/etc/apache2/sites-enabled/'),\n\t('system', 'apacheconf_htpasswddir', '/etc/apache2/froxlor-htpasswd/'),\n\t('system', 'webalizer_quiet', '2'),\n\t('system', 'last_archive_run', '000000'),\n\t('system', 'mod_fcgid_configdir', '/var/www/php-fcgi-scripts'),\n\t('system', 'mod_fcgid_tmpdir', '/var/customers/tmp'),\n\t('system', 'ssl_cert_file', '/etc/ssl/froxlor_selfsigned.pem'),\n\t('system', 'use_ssl', '0'),\n\t('system', 'default_vhostconf', ''),\n\t('system', 'default_sslvhostconf', ''),\n\t('system', 'mail_quota_enabled', '0'),\n\t('system', 'mail_quota', '100'),\n\t('system', 'httpuser', 'www-data'),\n\t('system', 'httpgroup', 'www-data'),\n\t('system', 'webserver', 'apache2'),\n\t('system', 'mod_fcgid_wrapper', '1'),\n\t('system', 'mod_fcgid_starter', '0'),\n\t('system', 'mod_fcgid_peardir', '/usr/share/php/:/usr/share/php5/'),\n\t('system', 'mod_fcgid_maxrequests', '250'),\n\t('system', 'ssl_key_file','/etc/ssl/froxlor_selfsigned.key'),\n\t('system', 'ssl_ca_file', ''),\n\t('system', 'debug_cron', '0'),\n\t('system', 'store_index_file_subs', '1'),\n\t('system', 'stdsubdomain', ''),\n\t('system', 'awstats_path', '/usr/share/awstats/tools/'),\n\t('system', 'awstats_conf', '/etc/awstats/'),\n\t('system', 'awstats_logformat', '1'),\n\t('system', 'defaultttl', '604800'),\n\t('system', 'mod_fcgid_defaultini', '1'),\n\t('system', 'ftpserver', 'proftpd'),\n\t('system', 'dns_createmailentry', '0'),\n\t('system', 'dns_createcaaentry', '1'),\n\t('system', 'froxlordirectlyviahostname', '1'),\n\t('system', 'report_enable', '1'),\n\t('system', 'report_webmax', '90'),\n\t('system', 'report_trafficmax', '90'),\n\t('system', 'validate_domain', '1'),\n\t('system', 'diskquota_enabled', '0'),\n\t('system', 'diskquota_repquota_path', '/usr/sbin/repquota'),\n\t('system', 'diskquota_quotatool_path', '/usr/bin/quotatool'),\n\t('system', 'diskquota_customer_partition', '/dev/root'),\n\t('system', 'mod_fcgid_idle_timeout', '30'),\n\t('system', 'mod_fcgid_ownvhost', '0'),\n\t('system', 'mod_fcgid_httpuser', 'froxlorlocal'),\n\t('system', 'mod_fcgid_httpgroup', 'froxlorlocal'),\n\t('system', 'awstats_awstatspath', '/usr/lib/cgi-bin/'),\n\t('system', 'mod_fcgid_defaultini_ownvhost', '2'),\n\t('system', 'awstats_icons', '/usr/share/awstats/icon/'),\n\t('system', 'ssl_cert_chainfile', ''),\n\t('system', 'ssl_cipher_list', 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305'),\n\t('system', 'nginx_php_backend', '127.0.0.1:8888'),\n\t('system', 'http2_support', '0'),\n\t('system', 'http3_support', '0'),\n\t('system', 'perl_server', 'unix:/var/run/nginx/cgiwrap-dispatch.sock'),\n\t('system', 'phpreload_command', ''),\n\t('system', 'apache24', '1'),\n\t('system', 'apache24_ocsp_cache_path', 'shmcb:/var/run/apache2/ocsp-stapling.cache(131072)'),\n\t('system', 'documentroot_use_default_value', '0'),\n\t('system', 'passwordcryptfunc', '2y'),\n\t('system', 'axfrservers', ''),\n\t('system', 'powerdns_mode', 'Native'),\n\t('system', 'customer_ssl_path', '/etc/ssl/froxlor-custom/'),\n\t('system', 'allow_error_report_admin', '1'),\n\t('system', 'allow_error_report_customer', '0'),\n\t('system', 'mdalog', '/var/log/mail.log'),\n\t('system', 'mtalog', '/var/log/mail.log'),\n\t('system', 'mdaserver', 'dovecot'),\n\t('system', 'mtaserver', 'postfix'),\n\t('system', 'mailtraffic_enabled', '1'),\n\t('system', 'cronconfig', '/etc/cron.d/froxlor'),\n\t('system', 'crondreload', 'service cron reload'),\n\t('system', 'croncmdline', '/usr/bin/nice -n 5 /usr/bin/php -q'),\n\t('system', 'cron_allowautoupdate', '0'),\n\t('system', 'dns_createhostnameentry', '0'),\n\t('system', 'send_cron_errors', '0'),\n\t('system', 'apacheitksupport', '0'),\n\t('system', 'leprivatekey', 'unset'),\n\t('system', 'lepublickey', 'unset'),\n\t('system', 'letsencryptca', 'letsencrypt'),\n\t('system', 'letsencryptchallengepath', '/var/www/html/froxlor'),\n\t('system', 'letsencryptkeysize', '4096'),\n\t('system', 'letsencryptreuseold', 0),\n\t('system', 'leenabled', '0'),\n\t('system', 'leapiversion', '2'),\n\t('system', 'exportenabled', '0'),\n\t('system', 'dnsenabled', '0'),\n\t('system', 'dns_server', 'Bind'),\n\t('system', 'apacheglobaldiropt', ''),\n\t('system', 'allow_customer_shell', '0'),\n\t('system', 'available_shells', ''),\n\t('system', 'le_froxlor_enabled', '0'),\n\t('system', 'le_froxlor_redirect', '0'),\n\t('system', 'le_renew_hook', 'systemctl restart postfix dovecot proftpd'),\n\t('system', 'le_renew_services', ''),\n\t('system', 'letsencryptacmeconf', '/etc/apache2/conf-enabled/acme.conf'),\n\t('system', 'mail_use_smtp', '0'),\n\t('system', 'mail_smtp_host', 'localhost'),\n\t('system', 'mail_smtp_port', '25'),\n\t('system', 'mail_smtp_usetls', '1'),\n\t('system', 'mail_smtp_auth', '1'),\n\t('system', 'mail_smtp_user', ''),\n\t('system', 'mail_smtp_passwd', ''),\n\t('system', 'hsts_maxage', '10368000'),\n\t('system', 'hsts_incsub', '0'),\n\t('system', 'hsts_preload', '0'),\n\t('system', 'leregistered', '0'),\n\t('system', 'leaccount', ''),\n\t('system', 'nssextrausers', '1'),\n\t('system', 'le_domain_dnscheck', '1'),\n\t('system', 'le_domain_dnscheck_resolver', '1.1.1.1'),\n\t('system', 'ssl_protocols', 'TLSv1.2'),\n\t('system', 'tlsv13_cipher_list', ''),\n\t('system', 'honorcipherorder', '0'),\n\t('system', 'sessiontickets', '1'),\n\t('system', 'sessionticketsenabled', '1'),\n\t('system', 'logfiles_format', ''),\n\t('system', 'logfiles_type', '1'),\n\t('system', 'logfiles_piped', '0'),\n\t('system', 'logfiles_script', ''),\n\t('system', 'dhparams_file', ''),\n\t('system', 'errorlog_level', 'warn'),\n\t('system', 'leecc', '0'),\n\t('system', 'froxloraliases', ''),\n\t('system', 'apply_specialsettings_default', '1'),\n\t('system', 'apply_phpconfigs_default', '1'),\n\t('system', 'hide_incompatible_settings', '1'),\n\t('system', 'include_default_vhostconf', '0'),\n\t('system', 'soaemail', ''),\n\t('system', 'domaindefaultalias', '0'),\n\t('system', 'createstdsubdom_default', '1'),\n\t('system', 'froxlorusergroup', ''),\n\t('system', 'froxlorusergroup_gid', ''),\n\t('system', 'acmeshpath', '/root/.acme.sh/acme.sh'),\n\t('system', 'distribution', ''),\n\t('system', 'distro_mismatch', '0'),\n\t('system', 'update_channel', 'stable'),\n\t('system', 'updatecheck_data', ''),\n\t('system', 'update_notify_last', ''),\n\t('system', 'traffictool', 'goaccess'),\n\t('system', 'req_limit_per_interval', 60),\n\t('system', 'req_limit_interval', 60),\n\t('system', 'report_web_bccadmin', '0'),\n\t('system', 'webserver_serveradmin', 'customer'),\n\t('api', 'enabled', '0'),\n\t('api', 'customer_default', '1'),\n\t('2fa', 'enabled', '1'),\n\t('mail', 'enable_allow_sender', '0'),\n\t('mail', 'allow_external_domains', '0'),\n\t('panel', 'decimal_places', '4'),\n\t('panel', 'adminmail', 'ADMIN_MAIL'),\n\t('panel', 'phpmyadmin_url', ''),\n\t('panel', 'webmail_url', ''),\n\t('panel', 'webftp_url', ''),\n\t('panel', 'standardlanguage', 'en'),\n\t('panel', 'pathedit', 'Manual'),\n\t('panel', 'paging', '20'),\n\t('panel', 'natsorting', '1'),\n\t('panel', 'sendalternativemail', '0'),\n\t('panel', 'allow_domain_change_admin', '0'),\n\t('panel', 'allow_domain_change_customer', '0'),\n\t('panel', 'frontend', 'froxlor'),\n\t('panel', 'default_theme', 'Froxlor'),\n\t('panel', 'password_min_length', '0'),\n\t('panel', 'adminmail_defname', 'Froxlor Administrator'),\n\t('panel', 'adminmail_return', ''),\n\t('panel', 'unix_names', '1'),\n\t('panel', 'allow_preset', '1'),\n\t('panel', 'allow_preset_admin', '0'),\n\t('panel', 'password_regex', ''),\n\t('panel', 'phpconfigs_hidestdsubdomain', '0'),\n\t('panel', 'phpconfigs_hidesubdomains', '1'),\n\t('panel', 'allow_theme_change_admin', '1'),\n\t('panel', 'allow_theme_change_customer', '1'),\n\t('panel', 'password_alpha_lower', '1'),\n\t('panel', 'password_alpha_upper', '1'),\n\t('panel', 'password_numeric', '0'),\n\t('panel', 'password_special_char_required', '0'),\n\t('panel', 'password_special_char', '!?<>§$%+#=@'),\n\t('panel', 'customer_hide_options', ''),\n\t('panel', 'is_configured', '0'),\n\t('panel', 'imprint_url', ''),\n\t('panel', 'terms_url', ''),\n\t('panel', 'privacy_url', ''),\n\t('panel', 'logo_image_header', ''),\n\t('panel', 'logo_image_login', ''),\n\t('panel', 'logo_overridetheme', '0'),\n\t('panel', 'logo_overridecustom', '0'),\n\t('panel', 'settings_mode', '0'),\n\t('panel', 'menu_collapsed', '1'),\n\t('panel', 'version', '2.3.7'),\n\t('panel', 'db_version', '202603100');\n\n\nDROP TABLE IF EXISTS `panel_tasks`;\nCREATE TABLE `panel_tasks` (\n `id` int(11) unsigned NOT NULL auto_increment,\n `type` int(11) NOT NULL default '0',\n `data` text,\n PRIMARY KEY (`id`)\n) ENGINE=InnoDB CHARSET=utf8 COLLATE=utf8_general_ci;\n\n\nINSERT INTO `panel_tasks` (`type`) VALUES ('99');\n\n\nDROP TABLE IF EXISTS `panel_templates`;\nCREATE TABLE `panel_templates` (\n `id` int(11) NOT NULL auto_increment,\n `adminid` int(11) NOT NULL default '0',\n `language` varchar(255) NOT NULL default '',\n `templategroup` varchar(255) NOT NULL default '',\n `varname` varchar(255) NOT NULL default '',\n `value` longtext NOT NULL,\n `file_extension` varchar(50) NOT NULL default 'html',\n PRIMARY KEY (id),\n KEY adminid (adminid)\n) ENGINE=InnoDB CHARSET=utf8 COLLATE=utf8_general_ci;\n\n\nDROP TABLE IF EXISTS `panel_traffic`;\nCREATE TABLE `panel_traffic` (\n `id` int(11) unsigned NOT NULL auto_increment,\n `customerid` int(11) unsigned NOT NULL default '0',\n `year` int(4) unsigned zerofill NOT NULL default '0000',\n `month` int(2) unsigned zerofill NOT NULL default '00',\n `day` int(2) unsigned zerofill NOT NULL default '00',\n `stamp` int(11) unsigned NOT NULL default '0',\n `http` bigint(30) unsigned NOT NULL default '0',\n `ftp_up` bigint(30) unsigned NOT NULL default '0',\n `ftp_down` bigint(30) unsigned NOT NULL default '0',\n `mail` bigint(30) unsigned NOT NULL default '0',\n PRIMARY KEY (`id`),\n KEY `customerid` (`customerid`)\n) ENGINE=InnoDB CHARSET=utf8 COLLATE=utf8_general_ci;\n\n\nDROP TABLE IF EXISTS `panel_traffic_admins`;\nCREATE TABLE `panel_traffic_admins` (\n `id` int(11) unsigned NOT NULL auto_increment,\n `adminid` int(11) unsigned NOT NULL default '0',\n `year` int(4) unsigned zerofill NOT NULL default '0000',\n `month` int(2) unsigned zerofill NOT NULL default '00',\n `day` int(2) unsigned zerofill NOT NULL default '00',\n `stamp` int(11) unsigned NOT NULL default '0',\n `http` bigint(30) unsigned NOT NULL default '0',\n `ftp_up` bigint(30) unsigned NOT NULL default '0',\n `ftp_down` bigint(30) unsigned NOT NULL default '0',\n `mail` bigint(30) unsigned NOT NULL default '0',\n PRIMARY KEY (`id`),\n KEY `adminid` (`adminid`)\n) ENGINE=InnoDB CHARSET=utf8 COLLATE=utf8_general_ci;\n\n\nDROP TABLE IF EXISTS `panel_diskspace`;\nCREATE TABLE `panel_diskspace` (\n `id` int(11) unsigned NOT NULL auto_increment,\n `customerid` int(11) unsigned NOT NULL default '0',\n `year` int(4) unsigned zerofill NOT NULL default '0000',\n `month` int(2) unsigned zerofill NOT NULL default '00',\n `day` int(2) unsigned zerofill NOT NULL default '00',\n `stamp` int(11) unsigned NOT NULL default '0',\n `webspace` bigint(30) unsigned NOT NULL default '0',\n `mail` bigint(30) unsigned NOT NULL default '0',\n `mysql` bigint(30) unsigned NOT NULL default '0',\n PRIMARY KEY (`id`),\n KEY `customerid` (`customerid`)\n) ENGINE=InnoDB CHARSET=utf8 COLLATE=utf8_general_ci;\n\n\nDROP TABLE IF EXISTS `panel_syslog`;\nCREATE TABLE IF NOT EXISTS `panel_syslog` (\n `logid` bigint(20) NOT NULL auto_increment,\n `action` int(5) NOT NULL default '10',\n `type` int(5) NOT NULL default '0',\n `date` int(15) NOT NULL,\n `user` varchar(50) NOT NULL,\n `text` text NOT NULL,\n PRIMARY KEY (`logid`)\n) ENGINE=InnoDB CHARSET=utf8 COLLATE=utf8_general_ci;\n\n\nDROP TABLE IF EXISTS `panel_fpmdaemons`;\nCREATE TABLE `panel_fpmdaemons` (\n `id` int(11) unsigned NOT NULL auto_increment,\n `description` varchar(50) NOT NULL,\n `reload_cmd` varchar(255) NOT NULL,\n `config_dir` varchar(255) NOT NULL,\n `pm` varchar(15) NOT NULL DEFAULT 'dynamic',\n `max_children` int(4) NOT NULL DEFAULT '5',\n `start_servers` int(4) NOT NULL DEFAULT '2',\n `min_spare_servers` int(4) NOT NULL DEFAULT '1',\n `max_spare_servers` int(4) NOT NULL DEFAULT '3',\n `max_requests` int(4) NOT NULL DEFAULT '0',\n `idle_timeout` int(4) NOT NULL DEFAULT '10',\n `limit_extensions` varchar(255) NOT NULL default '.php',\n `custom_config` text,\n PRIMARY KEY (`id`),\n UNIQUE KEY `reload` (`reload_cmd`),\n UNIQUE KEY `config` (`config_dir`)\n) ENGINE=InnoDB CHARSET=utf8 COLLATE=utf8_general_ci;\n\n\nINSERT INTO `panel_fpmdaemons` (`id`, `description`, `reload_cmd`, `config_dir`) VALUES\n(1, 'System default', 'service php7.4-fpm restart', '/etc/php/7.4/fpm/pool.d/');\n\n\nDROP TABLE IF EXISTS `panel_phpconfigs`;\nCREATE TABLE `panel_phpconfigs` (\n `id` int(11) unsigned NOT NULL auto_increment,\n `description` varchar(50) NOT NULL,\n `binary` varchar(255) NOT NULL,\n `file_extensions` varchar(255) NOT NULL,\n `mod_fcgid_starter` int(4) NOT NULL DEFAULT '-1',\n `mod_fcgid_maxrequests` int(4) NOT NULL DEFAULT '-1',\n `mod_fcgid_umask` varchar(15) NOT NULL DEFAULT '022',\n `fpm_slowlog` tinyint(1) NOT NULL default '0',\n `fpm_reqterm` varchar(15) NOT NULL default '60s',\n `fpm_reqslow` varchar(15) NOT NULL default '5s',\n `phpsettings` text NOT NULL,\n `fpmsettingid` int(11) NOT NULL DEFAULT '1',\n `pass_authorizationheader` tinyint(1) NOT NULL default '0',\n `override_fpmconfig` tinyint(1) NOT NULL DEFAULT '0',\n `pm` varchar(15) NOT NULL DEFAULT 'dynamic',\n `max_children` int(4) NOT NULL DEFAULT '5',\n `start_servers` int(4) NOT NULL DEFAULT '2',\n `min_spare_servers` int(4) NOT NULL DEFAULT '1',\n `max_spare_servers` int(4) NOT NULL DEFAULT '3',\n `max_requests` int(4) NOT NULL DEFAULT '0',\n `idle_timeout` int(4) NOT NULL DEFAULT '10',\n `limit_extensions` varchar(255) NOT NULL default '.php',\n PRIMARY KEY (`id`),\n KEY `fpmsettingid` (`fpmsettingid`)\n) ENGINE=InnoDB CHARSET=utf8 COLLATE=utf8_general_ci;\n\n\nINSERT INTO `panel_phpconfigs` (`id`, `description`, `binary`, `file_extensions`, `mod_fcgid_starter`, `mod_fcgid_maxrequests`, `pass_authorizationheader`, `phpsettings`) VALUES\n(1, 'Default Config', '/usr/bin/php-cgi', 'php', '-1', '-1', '1', 'allow_url_fopen = Off\\r\\nallow_url_include = Off\\r\\nauto_append_file =\\r\\nauto_globals_jit = On\\r\\nauto_prepend_file =\\r\\nbcmath.scale = 0\\r\\ncli_server.color = On\\r\\ndefault_charset = \"UTF-8\"\\r\\ndefault_mimetype = \"text/html\"\\r\\ndefault_socket_timeout = 60\\r\\nasp_tags = Off\\r\\ndisable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,curl_exec,curl_multi_exec,exec,parse_ini_file,passthru,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec,show_source,system\\r\\ndisplay_errors = Off\\r\\ndisplay_startup_errors = Off\\r\\ndoc_root =\\r\\nenable_dl = Off\\r\\nerror_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT & ~E_NOTICE\\r\\nexpose_php = Off\\r\\nfile_uploads = On\\r\\nhtml_errors = On\\r\\nignore_repeated_errors = Off\\r\\nignore_repeated_source = Off\\r\\ninclude_path = \".:{PEAR_DIR}\"\\r\\nimplicit_flush = Off\\r\\nldap.max_links = -1\\r\\nlog_errors = On\\r\\nlog_errors_max_len = 1024\\r\\nmail.add_x_header = Off\\r\\nmax_execution_time = 30\\r\\nmax_file_uploads = 20\\r\\nmax_input_time = 60\\r\\nmemory_limit = 128M\\r\\n{OPEN_BASEDIR_C}open_basedir = \"{OPEN_BASEDIR}\"\\r\\noutput_buffering = 4096\\r\\npost_max_size = 16M\\r\\nprecision = 14\\r\\nregister_argc_argv = Off\\r\\nreport_memleaks = On\\r\\nrequest_order = \"GP\"\\r\\nsendmail_path = \"/usr/sbin/sendmail -t -i -f postmaster@{DOMAIN}\"\\r\\nserialize_precision = -1\\r\\nsession.auto_start = 0\\r\\nsession.cache_expire = 180\\r\\nsession.cache_limiter = nocache\\r\\nsession.cookie_domain =\\r\\nsession.cookie_httponly =\\r\\nsession.cookie_lifetime = 0\\r\\nsession.cookie_path = /\\r\\nsession.cookie_samesite =\\r\\nsession.gc_divisor = 1000\\r\\nsession.gc_maxlifetime = 1440\\r\\nsession.gc_probability = 0\\r\\nsession.name = PHPSESSID\\r\\nsession.referer_check =\\r\\nsession.save_handler = files\\r\\nsession.save_path = \"{TMP_DIR}\"\\r\\nsession.serialize_handler = php\\r\\nsession.sid_bits_per_character = 5\\r\\nsession.sid_length = 26\\r\\nsession.trans_sid_tags = \"a=href,area=href,frame=src,form=\"\\r\\nsession.use_cookies = 1\\r\\nsession.use_only_cookies = 1\\r\\nsession.use_strict_mode = 0\\r\\nsession.use_trans_sid = 0\\r\\nshort_open_tag = On\\r\\nupload_max_filesize = 32M\\r\\nupload_tmp_dir = \"{TMP_DIR}\"\\r\\nvariables_order = \"GPCS\"\\r\\nopcache.restrict_api = \"{DOCUMENT_ROOT}\"\\r\\n'),\n(2, 'Froxlor Vhost Config', '/usr/bin/php-cgi', 'php', '-1', '-1', '1', 'allow_url_fopen = On\\r\\nallow_url_include = Off\\r\\nauto_append_file =\\r\\nauto_globals_jit = On\\r\\nauto_prepend_file =\\r\\nbcmath.scale = 0\\r\\ncli_server.color = On\\r\\ndefault_charset = \"UTF-8\"\\r\\ndefault_mimetype = \"text/html\"\\r\\ndefault_socket_timeout = 60\\r\\nasp_tags = Off\\r\\ndisable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,curl_multi_exec,parse_ini_file,passthru,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec,show_source,system\\r\\ndisplay_errors = Off\\r\\ndisplay_startup_errors = Off\\r\\ndoc_root =\\r\\nenable_dl = Off\\r\\nerror_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT & ~E_NOTICE\\r\\nexpose_php = Off\\r\\nfile_uploads = On\\r\\nhtml_errors = On\\r\\nignore_repeated_errors = Off\\r\\nignore_repeated_source = Off\\r\\ninclude_path = \".:{PEAR_DIR}\"\\r\\nimplicit_flush = Off\\r\\nldap.max_links = -1\\r\\nlog_errors = On\\r\\nlog_errors_max_len = 1024\\r\\nmail.add_x_header = Off\\r\\nmax_execution_time = 60\\r\\nmax_file_uploads = 20\\r\\nmax_input_time = 60\\r\\nmemory_limit = 128M\\r\\noutput_buffering = 4096\\r\\npost_max_size = 16M\\r\\nprecision = 14\\r\\nregister_argc_argv = Off\\r\\nreport_memleaks = On\\r\\nrequest_order = \"GP\"\\r\\nsendmail_path = \"/usr/sbin/sendmail -t -i -f postmaster@{DOMAIN}\"\\r\\nserialize_precision = -1\\r\\nsession.auto_start = 0\\r\\nsession.cache_expire = 180\\r\\nsession.cache_limiter = nocache\\r\\nsession.cookie_domain =\\r\\nsession.cookie_httponly =\\r\\nsession.cookie_lifetime = 0\\r\\nsession.cookie_path = /\\r\\nsession.cookie_samesite =\\r\\nsession.gc_divisor = 1000\\r\\nsession.gc_maxlifetime = 1440\\r\\nsession.gc_probability = 0\\r\\nsession.name = PHPSESSID\\r\\nsession.referer_check =\\r\\nsession.save_handler = files\\r\\nsession.save_path = \"{TMP_DIR}\"\\r\\nsession.serialize_handler = php\\r\\nsession.sid_bits_per_character = 5\\r\\nsession.sid_length = 26\\r\\nsession.trans_sid_tags = \"a=href,area=href,frame=src,form=\"\\r\\nsession.use_cookies = 1\\r\\nsession.use_only_cookies = 1\\r\\nsession.use_strict_mode = 0\\r\\nsession.use_trans_sid = 0\\r\\nshort_open_tag = On\\r\\nupload_max_filesize = 32M\\r\\nupload_tmp_dir = \"{TMP_DIR}\"\\r\\nvariables_order = \"GPCS\"\\r\\nopcache.restrict_api = \"\"\\r\\n');\n\n\nDROP TABLE IF EXISTS `cronjobs_run`;\nCREATE TABLE IF NOT EXISTS `cronjobs_run` (\n `id` bigint(20) NOT NULL auto_increment,\n `module` varchar(250) NOT NULL,\n `cronfile` varchar(250) NOT NULL,\n `cronclass` varchar(500) NOT NULL,\n `lastrun` int(15) NOT NULL DEFAULT '0',\n `interval` varchar(100) NOT NULL DEFAULT '5 MINUTE',\n `isactive` tinyint(1) DEFAULT '1',\n `desc_lng_key` varchar(100) NOT NULL DEFAULT 'cron_unknown_desc',\n PRIMARY KEY (`id`)\n) ENGINE=InnoDB CHARSET=utf8 COLLATE=utf8_general_ci;\n\n\nINSERT INTO `cronjobs_run` (`id`, `module`, `cronfile`, `cronclass`, `interval`, `isactive`, `desc_lng_key`) VALUES\n\t(1, 'froxlor/core', 'tasks', '\\\\Froxlor\\\\Cron\\\\System\\\\TasksCron', '5 MINUTE', '1', 'cron_tasks'),\n\t(2, 'froxlor/core', 'traffic', '\\\\Froxlor\\\\Cron\\\\Traffic\\\\TrafficCron', '1 DAY', '1', 'cron_traffic'),\n\t(3, 'froxlor/reports', 'usage_report', '\\\\Froxlor\\\\Cron\\\\Traffic\\\\ReportsCron', '1 DAY', '1', 'cron_usage_report'),\n\t(4, 'froxlor/core', 'mailboxsize', '\\\\Froxlor\\\\Cron\\\\System\\\\MailboxsizeCron', '6 HOUR', '1', 'cron_mailboxsize'),\n\t(5, 'froxlor/letsencrypt', 'letsencrypt', '\\\\Froxlor\\\\Cron\\\\Http\\\\LetsEncrypt\\\\AcmeSh', '5 MINUTE', '0', 'cron_letsencrypt'),\n\t(6, 'froxlor/export', 'export', '\\\\Froxlor\\\\Cron\\\\System\\\\ExportCron', '1 HOUR', '0', 'cron_export');\n\n\nDROP TABLE IF EXISTS `ftp_quotalimits`;\nCREATE TABLE IF NOT EXISTS `ftp_quotalimits` (\n `name` varchar(255) default NULL,\n `quota_type` enum('user','group','class','all') NOT NULL default 'user',\n `per_session` enum('false','true') NOT NULL default 'false',\n `limit_type` enum('soft','hard') NOT NULL default 'hard',\n `bytes_in_avail` float NOT NULL,\n `bytes_out_avail` float NOT NULL,\n `bytes_xfer_avail` float NOT NULL,\n `files_in_avail` int(10) unsigned NOT NULL,\n `files_out_avail` int(10) unsigned NOT NULL,\n `files_xfer_avail` int(10) unsigned NOT NULL\n) ENGINE=InnoDB CHARSET=utf8 COLLATE=utf8_general_ci;\n\n\nINSERT INTO `ftp_quotalimits` (`name`, `quota_type`, `per_session`, `limit_type`, `bytes_in_avail`, `bytes_out_avail`, `bytes_xfer_avail`, `files_in_avail`, `files_out_avail`, `files_xfer_avail`) VALUES\n\t('froxlor', 'user', 'false', 'hard', 0, 0, 0, 0, 0, 0);\n\n\nDROP TABLE IF EXISTS `ftp_quotatallies`;\nCREATE TABLE IF NOT EXISTS `ftp_quotatallies` (\n `name` varchar(255) NOT NULL,\n `quota_type` enum('user','group','class','all') NOT NULL,\n `bytes_in_used` float NOT NULL,\n `bytes_out_used` float NOT NULL,\n `bytes_xfer_used` float NOT NULL,\n `files_in_used` int(10) unsigned NOT NULL,\n `files_out_used` int(10) unsigned NOT NULL,\n `files_xfer_used` int(10) unsigned NOT NULL\n) ENGINE=InnoDB CHARSET=utf8 COLLATE=utf8_general_ci;\n\n\nDROP TABLE IF EXISTS `redirect_codes`;\nCREATE TABLE IF NOT EXISTS `redirect_codes` (\n `id` int(5) NOT NULL auto_increment,\n `code` varchar(3) NOT NULL,\n `desc` varchar(200) NOT NULL,\n `enabled` tinyint(1) DEFAULT '1',\n PRIMARY KEY (`id`)\n) ENGINE=InnoDB CHARSET=utf8 COLLATE=utf8_general_ci;\n\n\nINSERT INTO `redirect_codes` (`id`, `code`, `desc`, `enabled`) VALUES\n\t(1, '---', 'rc_default', 1),\n\t(2, '301', 'rc_movedperm', 1),\n\t(3, '302', 'rc_found', 1),\n\t(4, '303', 'rc_seeother', 1),\n\t(5, '307', 'rc_tempred', 1);\n\n\nDROP TABLE IF EXISTS `domain_redirect_codes`;\nCREATE TABLE IF NOT EXISTS `domain_redirect_codes` (\n `rid` int(5) NOT NULL,\n `did` int(11) unsigned NOT NULL,\n UNIQUE KEY `rc` (`rid`, `did`)\n) ENGINE=InnoDB CHARSET=utf8 COLLATE=utf8_general_ci;\n\n\nDROP TABLE IF EXISTS `domain_ssl_settings`;\nCREATE TABLE IF NOT EXISTS `domain_ssl_settings` (\n `id` int(5) NOT NULL auto_increment,\n `domainid` int(11) NOT NULL,\n `ssl_cert_file` mediumtext,\n `ssl_key_file` mediumtext,\n `ssl_ca_file` mediumtext,\n `ssl_cert_chainfile` mediumtext,\n `ssl_csr_file` mediumtext,\n `ssl_fullchain_file` mediumtext,\n `validfromdate` datetime DEFAULT NULL,\n `validtodate` datetime DEFAULT NULL,\n `issuer` varchar(255) NOT NULL default '',\n PRIMARY KEY (`id`),\n UNIQUE KEY (`domainid`)\n) ENGINE=InnoDB CHARSET=utf8 COLLATE=utf8_general_ci;\n\n\nDROP TABLE IF EXISTS `panel_domaintoip`;\nCREATE TABLE IF NOT EXISTS `panel_domaintoip` (\n `id_domain` int(11) unsigned NOT NULL,\n `id_ipandports` int(11) unsigned NOT NULL,\n PRIMARY KEY (`id_domain`,`id_ipandports`)\n) ENGINE=InnoDB CHARSET=utf8 COLLATE=utf8_general_ci;\n\n\nDROP TABLE IF EXISTS `domain_dns_entries`;\nCREATE TABLE `domain_dns_entries` (\n `id` int(20) NOT NULL auto_increment,\n `domain_id` int(15) NOT NULL,\n `record` varchar(255) NOT NULL,\n `type` varchar(10) NOT NULL DEFAULT 'A',\n `content` text NOT NULL,\n `ttl` int(11) NOT NULL DEFAULT '18000',\n `prio` int(11) DEFAULT NULL,\n PRIMARY KEY (`id`)\n) ENGINE=InnoDB CHARSET=utf8 COLLATE=utf8_general_ci;\n\n\nDROP TABLE IF EXISTS `panel_plans`;\nCREATE TABLE `panel_plans` (\n `id` int(11) NOT NULL auto_increment,\n `adminid` int(11) NOT NULL default '0',\n `name` varchar(255) NOT NULL default '',\n `description` text NOT NULL,\n `value` longtext NOT NULL,\n `ts` int(15) NOT NULL default '0',\n PRIMARY KEY (id),\n KEY adminid (adminid)\n) ENGINE=InnoDB CHARSET=utf8 COLLATE=utf8_general_ci;\n\n\nDROP TABLE IF EXISTS `api_keys`;\nCREATE TABLE `api_keys` (\n `id` int(11) NOT NULL auto_increment,\n `adminid` int(11) NOT NULL default '0',\n `customerid` int(11) NOT NULL default '0',\n `apikey` varchar(500) NOT NULL default '',\n `secret` varchar(500) NOT NULL default '',\n `allowed_from` text NOT NULL,\n `valid_until` int(15) NOT NULL default '0',\n PRIMARY KEY (id),\n KEY adminid (adminid),\n KEY customerid (customerid)\n) ENGINE=InnoDB CHARSET=utf8 COLLATE=utf8_general_ci;\n\n\nDROP TABLE IF EXISTS `panel_usercolumns`;\nCREATE TABLE `panel_usercolumns` (\n `adminid` int(11) NOT NULL default '0',\n `customerid` int(11) NOT NULL default '0',\n `section` varchar(500) NOT NULL default '',\n `columns` text NOT NULL,\n UNIQUE KEY `user_section` (`adminid`, `customerid`, `section`),\n KEY adminid (adminid),\n KEY customerid (customerid)\n) ENGINE=InnoDB CHARSET=utf8 COLLATE=utf8_general_ci;\n\n\nDROP TABLE IF EXISTS `panel_loginlinks`;\nCREATE TABLE `panel_loginlinks` (\n `hash` varchar(500) NOT NULL,\n `loginname` varchar(50) NOT NULL,\n `valid_until` int(15) NOT NULL,\n `allowed_from` text NOT NULL,\n UNIQUE KEY `loginname` (`loginname`)\n) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci;\n\n\nDROP TABLE IF EXISTS `panel_2fa_tokens`;\nCREATE TABLE `panel_2fa_tokens` (\n `id` int(11) NOT NULL auto_increment,\n `selector` varchar(200) NOT NULL,\n `token` varchar(200) NOT NULL,\n `userid` int(11) NOT NULL default '0',\n `valid_until` int(15) NOT NULL,\n PRIMARY KEY (id)\n) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci;\n\nDROP TABLE IF EXISTS `panel_sshkeys`;\nCREATE TABLE `panel_sshkeys` (\n `id` int(11) NOT NULL auto_increment,\n `customerid` int(11) NOT NULL,\n `ftp_user_id` int(20) NOT NULL,\n `ssh_pubkey` text NOT NULL,\n `description` varchar(255) NOT NULL DEFAULT '',\n PRIMARY KEY (id)\n) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci;\nFROXLORSQL;\n" }, { "path": "install/index.html", "content": "" }, { "path": "install/install.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nuse Froxlor\\Http\\RateLimiter;\nuse Froxlor\\UI\\Panel\\UI;\nuse Froxlor\\Install\\Install;\n\nrequire dirname(__DIR__) . '/lib/functions.php';\n\n// define default theme for configurehint, etc.\n$_deftheme = 'Froxlor';\n\n// validate correct php version\nif (version_compare(\"7.4.0\", PHP_VERSION, \">=\")) {\n\tdie(view($_deftheme . '/misc/phprequirementfailed.html.twig', [\n\t\t'{{ basehref }}' => '../',\n\t\t'{{ froxlor_min_version }}' => '7.4.0',\n\t\t'{{ current_version }}' => PHP_VERSION,\n\t\t'{{ current_year }}' => date('Y', time()),\n\t]));\n}\n\n// validate vendor autoloader\nif (!file_exists(dirname(__DIR__) . '/vendor/autoload.php')) {\n\tdie(view($_deftheme . '/misc/vendormissinghint.html.twig', [\n\t\t'{{ basehref }}' => '../',\n\t\t'{{ froxlor_install_dir }}' => dirname(__DIR__),\n\t\t'{{ current_year }}' => date('Y', time()),\n\t]));\n}\n\n// check installation status\nif (file_exists(dirname(__DIR__) . '/lib/userdata.inc.php')) {\n\theader(\"Location: ../\");\n\texit;\n}\n\nrequire dirname(__DIR__) . '/vendor/autoload.php';\nrequire dirname(__DIR__) . '/lib/tables.inc.php';\n\n// init twig\nUI::initTwig(true);\nUI::sendHeaders();\nRateLimiter::run(true);\n\n$installer = new Install();\n$installer->handle();\n" }, { "path": "install/updates/froxlor/index.html", "content": "" }, { "path": "install/updates/froxlor/update_2.0.inc.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nuse Froxlor\\Database\\Database;\nuse Froxlor\\FileDir;\nuse Froxlor\\Froxlor;\nuse Froxlor\\Install\\Update;\nuse Froxlor\\Settings;\n\nif (!defined('_CRON_UPDATE')) {\n\tif (!defined('AREA') || (defined('AREA') && AREA != 'admin') || !isset($userinfo['loginname']) || (isset($userinfo['loginname']) && $userinfo['loginname'] == '')) {\n\t\theader('Location: ../../../../index.php');\n\t\texit();\n\t}\n}\n\n// last 0.10.x release\nif (Froxlor::isFroxlorVersion('0.10.38.3')) {\n\t$update_to = '2.0.0-beta1';\n\n\tUpdate::showUpdateStep(\"Updating from 0.10.38.3 to \" . $update_to, false);\n\n\tUpdate::showUpdateStep(\"Removing unused table\");\n\tDatabase::query(\"DROP TABLE IF EXISTS `panel_sessions`;\");\n\tDatabase::query(\"DROP TABLE IF EXISTS `panel_languages`;\");\n\tUpdate::lastStepStatus(0);\n\n\tUpdate::showUpdateStep(\"Updating froxlor - theme\");\n\tDatabase::query(\"UPDATE `\" . TABLE_PANEL_ADMINS . \"` SET `theme` = 'Froxlor' WHERE `theme` <> 'Froxlor';\");\n\tDatabase::query(\"UPDATE `\" . TABLE_PANEL_CUSTOMERS . \"` SET `theme` = 'Froxlor' WHERE `theme` <> 'Froxlor';\");\n\tSettings::Set('panel.default_theme', 'Froxlor');\n\tUpdate::lastStepStatus(0);\n\n\tUpdate::showUpdateStep(\"Creating new tables and fields\");\n\tDatabase::query(\"DROP TABLE IF EXISTS `panel_usercolumns`;\");\n\t$sql = \"CREATE TABLE `panel_usercolumns` (\n\t`adminid` int(11) NOT NULL default '0',\n\t`customerid` int(11) NOT NULL default '0',\n\t`section` varchar(500) NOT NULL default '',\n\t`columns` text NOT NULL,\n\tUNIQUE KEY `user_section` (`adminid`, `customerid`, `section`),\n\tKEY adminid (adminid),\n\tKEY customerid (customerid)\n\t) ENGINE=InnoDB CHARSET=utf8 COLLATE=utf8_general_ci;\";\n\tDatabase::query($sql);\n\t// new customer allowed_mysqlserver field\n\tDatabase::query(\"ALTER TABLE `\" . TABLE_PANEL_CUSTOMERS . \"` ROW_FORMAT=DYNAMIC;\");\n\tDatabase::query(\"ALTER TABLE `\" . TABLE_PANEL_CUSTOMERS . \"` CHANGE COLUMN `customernumber` `customernumber` varchar(100) NOT NULL default '';\");\n\tDatabase::query(\"ALTER TABLE `\" . TABLE_PANEL_CUSTOMERS . \"` CHANGE COLUMN `allowed_phpconfigs` `allowed_phpconfigs` text NOT NULL;\");\n\tDatabase::query(\"ALTER TABLE `\" . TABLE_PANEL_CUSTOMERS . \"` ADD `allowed_mysqlserver` text NOT NULL;\");\n\t$has_customer_table_update_200 = true;\n\t// ftp_users adjustments\n\tDatabase::query(\"ALTER TABLE `\" . TABLE_FTP_USERS . \"` CHANGE COLUMN `password` `password` varchar(255) NOT NULL default '';\");\n\tDatabase::query(\"ALTER TABLE `\" . TABLE_FTP_QUOTALIMITS . \"` CHANGE COLUMN `name` `name` varchar(255) default NULL;\");\n\tDatabase::query(\"ALTER TABLE `\" . TABLE_FTP_QUOTATALLIES . \"` CHANGE COLUMN `name` `name` varchar(255) default NULL;\");\n\t// mail_users adjustments\n\tDatabase::query(\"ALTER TABLE `\" . TABLE_MAIL_USERS . \"` CHANGE COLUMN `password` `password` varchar(255) NOT NULL default '';\");\n\tDatabase::query(\"ALTER TABLE `\" . TABLE_MAIL_USERS . \"` CHANGE COLUMN `password_enc` `password_enc` varchar(255) NOT NULL default '';\");\n\t// drop domains_see_all field from panel_admins\n\tDatabase::query(\"ALTER TABLE `\" . TABLE_PANEL_ADMINS . \"` DROP COLUMN `domains_see_all`;\");\n\tUpdate::lastStepStatus(0);\n\n\tUpdate::showUpdateStep(\"Checking for multiple mysql-servers to allow access to customers for existing databases\");\n\t$dbservers_stmt = Database::query(\"\n\t\tSELECT `customerid`,\n\t\tGROUP_CONCAT(DISTINCT `dbserver` SEPARATOR ',') as allowed_mysqlserver\n\t\tFROM `\" . TABLE_PANEL_DATABASES . \"`\n\t\tGROUP BY `customerid`;\n\t\");\n\t$upd_stmt = Database::prepare(\"UPDATE `\" . TABLE_PANEL_CUSTOMERS . \"` SET `allowed_mysqlserver` = :allowed_mysqlserver WHERE `customerid` = :customerid\");\n\twhile ($dbserver = $dbservers_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\tif (isset($dbserver['allowed_mysqlserver']) && !empty($dbserver['allowed_mysqlserver'])) {\n\t\t\t$allowed_mysqlserver = json_encode(explode(\",\", $dbserver['allowed_mysqlserver']));\n\t\t\tDatabase::pexecute($upd_stmt,\n\t\t\t\t['allowed_mysql_server' => $allowed_mysqlserver, 'customerid' => $dbserver['customerid']]);\n\t\t}\n\t}\n\tUpdate::lastStepStatus(0);\n\n\t$to_clean = array(\n\t\t\"install/lib\",\n\t\t\"install/lng\",\n\t\t\"install/updates/froxlor/0.9\",\n\t\t\"install/updates/froxlor/0.10\",\n\t\t\"install/updates/preconfig/0.9\",\n\t\t\"install/updates/preconfig/0.10\",\n\t\t\"install/updates/preconfig.php\",\n\t\t\"templates/Sparkle\",\n\t\t\"lib/version.inc.php\",\n\t\t\"lng/czech.lng.php\",\n\t\t\"lng/dutch.lng.php\",\n\t\t\"lng/english.lng.php\",\n\t\t\"lng/french.lng.php\",\n\t\t\"lng/german.lng.php\",\n\t\t\"lng/italian.lng.php\",\n\t\t\"lng/lng_references.php\",\n\t\t\"lng/portugues.lng.php\",\n\t\t\"lng/swedish.lng.php\",\n\t\t\"scripts\",\n\t);\n\tUpdate::cleanOldFiles($to_clean);\n\n\tUpdate::showUpdateStep(\"Adding new settings\");\n\t$panel_settings_mode = isset($_POST['panel_settings_mode']) ? (int)$_POST['panel_settings_mode'] : 0;\n\tSettings::AddNew(\"panel.settings_mode\", $panel_settings_mode);\n\t$system_distribution = isset($_POST['system_distribution']) ? $_POST['system_distribution'] : 'bullseye';\n\tSettings::AddNew(\"system.distribution\", $system_distribution);\n\tSettings::AddNew(\"system.update_channel\", 'stable');\n\tSettings::AddNew(\"system.updatecheck_data\", '');\n\tSettings::AddNew(\"system.update_notify_last\", $update_to);\n\tSettings::AddNew(\"panel.phpconfigs_hidesubdomains\", '1');\n\tUpdate::lastStepStatus(0);\n\n\tUpdate::showUpdateStep(\"Adjusting existing settings\");\n\tSettings::Set('system.passwordcryptfunc', PASSWORD_DEFAULT);\n\t// remap default-language\n\t$lang_map = [\n\t\t'Deutsch' => 'de',\n\t\t'English' => 'en',\n\t\t'Français' => 'fr',\n\t\t'Português' => 'pt',\n\t\t'Italiano' => 'it',\n\t\t'Nederlands' => 'nl',\n\t\t'Svenska' => 'se',\n\t\t'Česká republika' => 'cz'\n\t];\n\t// update user default languages\n\t$upd_adm_stmt = Database::prepare(\"UPDATE `\" . TABLE_PANEL_ADMINS . \"` SET `def_language` = :nv WHERE `def_language` = :ov\");\n\t$upd_cus_stmt = Database::prepare(\"UPDATE `\" . TABLE_PANEL_CUSTOMERS . \"` SET `def_language` = :nv WHERE `def_language` = :ov\");\n\tforeach ($lang_map as $old_val => $new_val) {\n\t\tDatabase::pexecute($upd_adm_stmt, ['nv' => $new_val, 'ov' => $old_val]);\n\t\tDatabase::pexecute($upd_cus_stmt, ['nv' => $new_val, 'ov' => $old_val]);\n\t}\n\tSettings::Set('panel.standardlanguage', $lang_map[Settings::Get('panel_standardlanguage')] ?? 'en');\n\tDatabase::query(\"DELETE FROM `\" . TABLE_PANEL_SETTINGS . \"` WHERE `settinggroup` = 'system' AND `varname` = 'debug_cron'\");\n\tDatabase::query(\"DELETE FROM `\" . TABLE_PANEL_SETTINGS . \"` WHERE `settinggroup` = 'system' AND `varname` = 'letsencryptcountrycode'\");\n\tDatabase::query(\"DELETE FROM `\" . TABLE_PANEL_SETTINGS . \"` WHERE `settinggroup` = 'system' AND `varname` = 'letsencryptstate'\");\n\tUpdate::lastStepStatus(0);\n\n\tUpdate::showUpdateStep(\"Updating email account password-hashes\");\n\tDatabase::query(\"UPDATE `\" . TABLE_MAIL_USERS . \"` SET `password_enc` = REPLACE(`password_enc`, '$1$', '{MD5-CRYPT}$1$') WHERE SUBSTRING(`password_enc`, 1, 3) = '$1$'\");\n\tDatabase::query(\"UPDATE `\" . TABLE_MAIL_USERS . \"` SET `password_enc` = REPLACE(`password_enc`, '$5$', '{SHA256-CRYPT}$5$') WHERE SUBSTRING(`password_enc`, 1, 3) = '$5$'\");\n\tDatabase::query(\"UPDATE `\" . TABLE_MAIL_USERS . \"` SET `password_enc` = REPLACE(`password_enc`, '$6$', '{SHA512-CRYPT}$6$') WHERE SUBSTRING(`password_enc`, 1, 3) = '$6$'\");\n\tDatabase::query(\"UPDATE `\" . TABLE_MAIL_USERS . \"` SET `password_enc` = REPLACE(`password_enc`, '$2y$', '{BLF-CRYPT}$2y$') WHERE SUBSTRING(`password_enc`, 1, 4) = '$2y$'\");\n\tUpdate::lastStepStatus(0);\n\n\tFroxlor::updateToVersion($update_to);\n}\n\nif (Froxlor::isDatabaseVersion('202112310')) {\n\tUpdate::showUpdateStep(\"Adjusting traffic tool settings\");\n\t$traffic_tool = Settings::Get('system.awstats_enabled') == 1 ? 'awstats' : 'webalizer';\n\tSettings::AddNew(\"system.traffictool\", $traffic_tool);\n\tDatabase::query(\"DELETE FROM `\" . TABLE_PANEL_SETTINGS . \"` WHERE `settinggroup` = 'system' AND `varname` = 'awstats_enabled'\");\n\tUpdate::lastStepStatus(0);\n\n\tFroxlor::updateToDbVersion('202211030');\n}\n\nif (Froxlor::isDatabaseVersion('202211030')) {\n\tUpdate::showUpdateStep(\"Creating backward compatibility for cronjob\");\n\t$disabled = explode(',', ini_get('disable_functions'));\n\t$exec_allowed = !in_array('exec', $disabled);\n\t// check whether old files could be deleted in previous updates and if not,\n\t// user should run cron to regenerate cron.d-file manually as he will run\n\t// the other commands manually only after the update so this file would be deleted too\n\tif ($exec_allowed) {\n\t\t$complete_filedir = Froxlor::getInstallDir() . '/scripts';\n\t\tmkdir($complete_filedir, 0750, true);\n\t\t$newCronBin = Froxlor::getInstallDir() . '/bin/froxlor-cli';\n\t\t$compCron = <<
' . $cron_run_cmd . '
');\n\t}\n\n\tFroxlor::updateToDbVersion('202212060');\n}\n\nif (Froxlor::isFroxlorVersion('2.0.0-beta1')) {\n\tUpdate::showUpdateStep(\"Updating from 2.0.0-beta1 to 2.0.0\", false);\n\tFroxlor::updateToVersion('2.0.0');\n}\n\nif (Froxlor::isFroxlorVersion('2.0.0')) {\n\tUpdate::showUpdateStep(\"Updating from 2.0.0 to 2.0.1\", false);\n\n\tif (!isset($has_customer_table_update_200)) {\n\t\tUpdate::showUpdateStep(\"Creating new tables and fields\");\n\t\t// new customer allowed_mysqlserver field\n\t\tDatabase::query(\"ALTER TABLE `\" . TABLE_PANEL_CUSTOMERS . \"` CHANGE COLUMN `allowed_mysqlserver` `allowed_mysqlserver` text NOT NULL;\");\n\t\tDatabase::query(\"ALTER TABLE `\" . TABLE_PANEL_CUSTOMERS . \"` CHANGE COLUMN `allowed_phpconfigs` `allowed_phpconfigs` text NOT NULL;\");\n\t\tDatabase::query(\"ALTER TABLE `\" . TABLE_PANEL_CUSTOMERS . \"` CHANGE COLUMN `customernumber` `customernumber` varchar(100) NOT NULL default '';\");\n\t\tUpdate::lastStepStatus(0);\n\t}\n\n\tFroxlor::updateToVersion('2.0.1');\n}\n\nif (Froxlor::isFroxlorVersion('2.0.1')) {\n\tUpdate::showUpdateStep(\"Updating from 2.0.1 to 2.0.2\", false);\n\tFroxlor::updateToVersion('2.0.2');\n}\n\nif (Froxlor::isFroxlorVersion('2.0.2')) {\n\tUpdate::showUpdateStep(\"Updating from 2.0.2 to 2.0.3\", false);\n\tFroxlor::updateToVersion('2.0.3');\n}\n\nif (Froxlor::isFroxlorVersion('2.0.3')) {\n\tUpdate::showUpdateStep(\"Updating from 2.0.3 to 2.0.4\", false);\n\n\t$complete_filedir = Froxlor::getInstallDir() . '/scripts';\n\t// check if compat. cronjob still exists (most likely didn't run successfully b/c of error from former 2.0 release)\n\tif (@file_exists($complete_filedir . '/froxlor_master_cronjob.php')) {\n\t\tUpdate::showUpdateStep(\"Adjusting backward compatibility for cronjob\");\n\t\t$disabled = explode(',', ini_get('disable_functions'));\n\t\t$exec_allowed = !in_array('exec', $disabled);\n\t\tif ($exec_allowed) {\n\t\t\t$newCronBin = Froxlor::getInstallDir() . '/bin/froxlor-cli';\n\t\t\t$compCron = <<
' . $cron_run_cmd . '
');\n\t\t}\n\t}\n\tFroxlor::updateToVersion('2.0.4');\n}\n\nif (Froxlor::isFroxlorVersion('2.0.4')) {\n\tUpdate::showUpdateStep(\"Updating from 2.0.4 to 2.0.5\", false);\n\tFroxlor::updateToVersion('2.0.5');\n}\n\nif (Froxlor::isFroxlorVersion('2.0.5')) {\n\tUpdate::showUpdateStep(\"Updating from 2.0.5 to 2.0.6\", false);\n\n\tUpdate::showUpdateStep(\"Updating possible missing email account password-hashes\");\n\tDatabase::query(\"UPDATE `\" . TABLE_MAIL_USERS . \"` SET `password_enc` = REPLACE(`password_enc`, '$1$', '{MD5-CRYPT}$1$') WHERE SUBSTRING(`password_enc`, 1, 3) = '$1$'\");\n\tDatabase::query(\"UPDATE `\" . TABLE_MAIL_USERS . \"` SET `password_enc` = REPLACE(`password_enc`, '$5$', '{SHA256-CRYPT}$5$') WHERE SUBSTRING(`password_enc`, 1, 3) = '$5$'\");\n\tDatabase::query(\"UPDATE `\" . TABLE_MAIL_USERS . \"` SET `password_enc` = REPLACE(`password_enc`, '$6$', '{SHA512-CRYPT}$6$') WHERE SUBSTRING(`password_enc`, 1, 3) = '$6$'\");\n\tDatabase::query(\"UPDATE `\" . TABLE_MAIL_USERS . \"` SET `password_enc` = REPLACE(`password_enc`, '$2y$', '{BLF-CRYPT}$2y$') WHERE SUBSTRING(`password_enc`, 1, 4) = '$2y$'\");\n\tUpdate::lastStepStatus(0);\n\n\tFroxlor::updateToVersion('2.0.6');\n}\n\nif (Froxlor::isFroxlorVersion('2.0.6')) {\n\tUpdate::showUpdateStep(\"Updating from 2.0.6 to 2.0.7\", false);\n\n\tUpdate::showUpdateStep(\"Correcting allowed_mysqlserver for customers\");\n\tDatabase::query(\"UPDATE `\" . TABLE_PANEL_CUSTOMERS . \"` SET `allowed_mysqlserver` = '[0]' WHERE `allowed_mysqlserver` = ''\");\n\tUpdate::lastStepStatus(0);\n\n\tFroxlor::updateToVersion('2.0.7');\n}\n\nif (Froxlor::isDatabaseVersion('202212060')) {\n\tUpdate::showUpdateStep(\"Validating acme.sh challenge path\");\n\t$acmesh_challenge_dir = Settings::Get('system.letsencryptchallengepath');\n\t$system_letsencryptchallengepath_upd = isset($_POST['system_letsencryptchallengepath_upd']) ? $_POST['system_letsencryptchallengepath_upd'] : $acmesh_challenge_dir;\n\tif ($acmesh_challenge_dir != $system_letsencryptchallengepath_upd) {\n\t\tSettings::Set('system.letsencryptchallengepath', $system_letsencryptchallengepath_upd);\n\t\tif ((int)Settings::Get('system.leenabled') == 1) {\n\t\t\t// create JSON string for --apply\n\t\t\t$dist = Settings::Get('system.distribution');\n\t\t\t$webserver = Settings::Get('system.webserver');\n\t\t\tif ($webserver == 'apache2') {\n\t\t\t\t$webserver = 'apache22';\n\t\t\t\tif (Settings::Get('system.apache24')) {\n\t\t\t\t\t$webserver = 'apache24';\n\t\t\t\t}\n\t\t\t}\n\t\t\t$apply_json = '{\"http\":\"' . $webserver . '\",\"dns\":\"x\",\"smtp\":\"x\",\"mail\":\"x\",\"ftp\":\"x\",\"distro\":\"' . $dist . '\",\"system\":[]}';\n\t\t\tUpdate::lastStepStatus(1, 'manual commands needed',\n\t\t\t\t\"Please reconfigure webserver service using 
bin/froxlor-cli froxlor:config-services --apply='\" . $apply_json . \"'
\" .\n\t\t\t\t'
or adjust the path manually in 
' . Settings::Get('system.letsencryptacmeconf') . '
' .\n\t\t\t\t'

In case you already have certificates issued, run the following command to validate and correct the webroot used for renewal:
' .\n\t\t\t\t'
bin/froxlor-cli froxlor:validate-acme-webroot

'\n\t\t\t);\n\t\t} else {\n\t\t\tUpdate::lastStepStatus(0);\n\t\t}\n\t} else {\n\t\tUpdate::lastStepStatus(0);\n\t}\n\n\tFroxlor::updateToDbVersion('202301120');\n}\n\nif (Froxlor::isFroxlorVersion('2.0.7')) {\n\tUpdate::showUpdateStep(\"Updating from 2.0.7 to 2.0.8\", false);\n\n\t// adjust file-logging to be set to froxlor/logs/\n\t$logtypes = explode(',', Settings::Get('logger.logtypes'));\n\tif (in_array('file', $logtypes)) {\n\t\tUpdate::showUpdateStep(\"Adjusting froxlor logfile for system-logging to be stored in logs/froxlor.log\");\n\t\tSettings::Set('logger.logfile', 'froxlor.log');\n\t\tUpdate::lastStepStatus(0);\n\t}\n\n\tFroxlor::updateToVersion('2.0.8');\n}\n\nif (Froxlor::isDatabaseVersion('202301120')) {\n\tUpdate::showUpdateStep(\"Adding new setting for DNS resolver when using Let's Encrypt\");\n\t$system_le_domain_dnscheck_resolver = isset($_POST['system_le_domain_dnscheck_resolver']) ? $_POST['system_le_domain_dnscheck_resolver'] : '1.1.1.1';\n\tSettings::AddNew(\"system.le_domain_dnscheck_resolver\", $system_le_domain_dnscheck_resolver);\n\tUpdate::lastStepStatus(0);\n\n\tFroxlor::updateToDbVersion('202301180');\n}\n\nif (Froxlor::isFroxlorVersion('2.0.8')) {\n\tUpdate::showUpdateStep(\"Updating from 2.0.8 to 2.0.9\", false);\n\tFroxlor::updateToVersion('2.0.9');\n}\n\nif (Froxlor::isFroxlorVersion('2.0.9')) {\n\tUpdate::showUpdateStep(\"Updating from 2.0.9 to 2.0.10\", false);\n\tFroxlor::updateToVersion('2.0.10');\n}\n\nif (Froxlor::isDatabaseVersion('202301180')) {\n\tUpdate::showUpdateStep(\"Adding new setting for 'Allow API access' default value for new customers\");\n\tSettings::AddNew(\"api.customer_default\", \"1\");\n\tUpdate::lastStepStatus(0);\n\n\tFroxlor::updateToDbVersion('202302030');\n}\n\nif (Froxlor::isFroxlorVersion('2.0.10')) {\n\tUpdate::showUpdateStep(\"Updating from 2.0.10 to 2.0.11\", false);\n\tFroxlor::updateToVersion('2.0.11');\n}\n\nif (Froxlor::isFroxlorVersion('2.0.11')) {\n\tUpdate::showUpdateStep(\"Updating from 2.0.11 to 2.0.12\", false);\n\tFroxlor::updateToVersion('2.0.12');\n}\n\nif (Froxlor::isFroxlorVersion('2.0.12')) {\n\tUpdate::showUpdateStep(\"Updating from 2.0.12 to 2.0.13\", false);\n\tFroxlor::updateToVersion('2.0.13');\n}\n\nif (Froxlor::isDatabaseVersion('202302030')) {\n\tUpdate::showUpdateStep(\"Correcting language mapping of templates created pre 2.0.x\");\n\t// languages from 0.10.x\n\t$language_mapping_comp = [\n\t\t'de' => 'Deutsch',\n\t\t'en' => 'English',\n\t\t'fr' => 'Français',\n\t\t'pt' => 'Português',\n\t\t'it' => 'Italiano',\n\t\t'nl' => 'Nederlands',\n\t\t'se' => 'Svenska',\n\t\t'cz' => 'Česká republika'\n\t];\n\t$upd_tpl_stmt = Database::prepare(\"UPDATE `\" . TABLE_PANEL_TEMPLATES . \"` SET `language` = :iso WHERE `language` = :lng\");\n\tforeach ($language_mapping_comp as $iso => $lang) {\n\t\tDatabase::pexecute($upd_tpl_stmt, ['iso' => $iso, 'lng' => $lang]);\n\t}\n\tUpdate::lastStepStatus(0);\n\n\tUpdate::showUpdateStep(\"Enhancing ssl data table\");\n\tDatabase::query(\"ALTER TABLE `\" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . \"` CHANGE `expirationdate` `validtodate` datetime DEFAULT NULL;\");\n\tDatabase::query(\"ALTER TABLE `\" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . \"` ADD `validfromdate` datetime DEFAULT NULL AFTER `ssl_fullchain_file`;\");\n\tDatabase::query(\"ALTER TABLE `\" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . \"` ADD `issuer` varchar(255) NOT NULL default '' AFTER `validtodate`;\");\n\tUpdate::lastStepStatus(0);\n\n\tUpdate::showUpdateStep(\"Filling new ssl data fields with existing certificate data\");\n\t$crt_upd_stmt = Database::prepare(\"UPDATE `\" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . \"` SET `validfromdate` = :validfromdate, `issuer` = :issuer WHERE `id` = :id\");\n\t$crt_stmt = Database::prepare(\"SELECT * FROM `\" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . \"`\");\n\tDatabase::pexecute($crt_stmt);\n\twhile ($cert = $crt_stmt->fetch(\\PDO::FETCH_ASSOC)) {\n\t\t$cert_content = openssl_x509_parse($cert['ssl_cert_file']);\n\t\tif (is_array($cert_content)) {\n\t\t\t$validfromdate = empty($cert_content['validFrom_time_t']) ? null : date(\"Y-m-d H:i:s\", $cert_content['validFrom_time_t']);\n\t\t\t$issuer = $cert_content['issuer']['O'] ?? \"\";\n\t\t\tDatabase::pexecute($crt_upd_stmt, ['validfromdate' => $validfromdate, 'issuer' => $issuer, 'id' => $cert['id']]);\n\t\t}\n\t}\n\t// clear possible user customized columns\n\tDatabase::query(\"DELETE FROM `\" . TABLE_PANEL_USERCOLUMNS . \"` WHERE `section` = 'sslcertificates_list'\");\n\tUpdate::lastStepStatus(0);\n\n\tFroxlor::updateToDbVersion('202303150');\n}\n\nif (Froxlor::isFroxlorVersion('2.0.13')) {\n\tUpdate::showUpdateStep(\"Updating from 2.0.13 to 2.0.14\", false);\n\tFroxlor::updateToVersion('2.0.14');\n}\n\nif (Froxlor::isFroxlorVersion('2.0.14')) {\n\tUpdate::showUpdateStep(\"Updating from 2.0.14 to 2.0.15\", false);\n\tFroxlor::updateToVersion('2.0.15');\n}\n\nif (Froxlor::isDatabaseVersion('202303150')) {\n\tUpdate::showUpdateStep(\"Adding new request rate limit settings\");\n\tSettings::AddNew(\"system.req_limit_per_interval\", \"60\");\n\tSettings::AddNew(\"system.req_limit_interval\", \"60\");\n\tUpdate::lastStepStatus(0);\n\n\tFroxlor::updateToDbVersion('202304260');\n}\n\nif (Froxlor::isFroxlorVersion('2.0.15')) {\n\tUpdate::showUpdateStep(\"Updating from 2.0.15 to 2.0.16\", false);\n\tFroxlor::updateToVersion('2.0.16');\n}\n\nif (Froxlor::isFroxlorVersion('2.0.16')) {\n\tUpdate::showUpdateStep(\"Updating from 2.0.16 to 2.0.17\", false);\n\tFroxlor::updateToVersion('2.0.17');\n}\n\nif (Froxlor::isFroxlorVersion('2.0.17')) {\n\tUpdate::showUpdateStep(\"Updating from 2.0.17 to 2.0.18\", false);\n\tFroxlor::updateToVersion('2.0.18');\n}\n\nif (Froxlor::isFroxlorVersion('2.0.18')) {\n\tUpdate::showUpdateStep(\"Updating from 2.0.18 to 2.0.19\", false);\n\tFroxlor::updateToVersion('2.0.19');\n}\n\nif (Froxlor::isFroxlorVersion('2.0.19')) {\n\tUpdate::showUpdateStep(\"Updating from 2.0.19 to 2.0.20\", false);\n\tFroxlor::updateToVersion('2.0.20');\n}\n\nif (Froxlor::isFroxlorVersion('2.0.20')) {\n\tUpdate::showUpdateStep(\"Updating from 2.0.20 to 2.0.21\", false);\n\tFroxlor::updateToVersion('2.0.21');\n}\n\nif (Froxlor::isFroxlorVersion('2.0.21')) {\n\tUpdate::showUpdateStep(\"Updating from 2.0.21 to 2.0.22\", false);\n\tFroxlor::updateToVersion('2.0.22');\n}\n\nif (Froxlor::isFroxlorVersion('2.0.22')) {\n\tUpdate::showUpdateStep(\"Updating from 2.0.22 to 2.0.23\", false);\n\tFroxlor::updateToVersion('2.0.23');\n}\n\nif (Froxlor::isFroxlorVersion('2.0.23')) {\n\tUpdate::showUpdateStep(\"Updating from 2.0.23 to 2.0.24\", false);\n\tFroxlor::updateToVersion('2.0.24');\n}\n" }, { "path": "install/updates/froxlor/update_2.1.inc.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nuse Froxlor\\Database\\Database;\nuse Froxlor\\FileDir;\nuse Froxlor\\Froxlor;\nuse Froxlor\\Install\\Update;\nuse Froxlor\\Settings;\n\nif (!defined('_CRON_UPDATE')) {\n\tif (!defined('AREA') || (defined('AREA') && AREA != 'admin') || !isset($userinfo['loginname']) || (isset($userinfo['loginname']) && $userinfo['loginname'] == '')) {\n\t\theader('Location: ../../../../index.php');\n\t\texit();\n\t}\n}\n\nif (Froxlor::isFroxlorVersion('2.0.24')) {\n\tUpdate::showUpdateStep(\"Cleaning domains table\");\n\tDatabase::query(\"ALTER TABLE `\" . TABLE_PANEL_DOMAINS . \"` ROW_FORMAT=DYNAMIC;\");\n\tDatabase::query(\"ALTER TABLE `\" . TABLE_PANEL_DOMAINS . \"` DROP COLUMN `ismainbutsubto`;\");\n\tUpdate::lastStepStatus(0);\n\n\tUpdate::showUpdateStep(\"Creating new tables and fields\");\n\tDatabase::query(\"DROP TABLE IF EXISTS `panel_loginlinks`;\");\n\t$sql = \"CREATE TABLE `panel_loginlinks` (\n\t `hash` varchar(500) NOT NULL,\n\t `loginname` varchar(50) NOT NULL,\n\t `valid_until` int(15) NOT NULL,\n\t `allowed_from` text NOT NULL,\n\t UNIQUE KEY `loginname` (`loginname`)\n\t) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci;\";\n\tDatabase::query($sql);\n\tUpdate::lastStepStatus(0);\n\n\tUpdate::showUpdateStep(\"Adding new settings\");\n\tSettings::AddNew('panel.menu_collapsed', 1);\n\tUpdate::lastStepStatus(0);\n\n\tUpdate::showUpdateStep(\"Adjusting setting for deactivated webroot\");\n\t$current_deactivated_webroot = Settings::Get('system.deactivateddocroot');\n\tif (empty($current_deactivated_webroot)) {\n\t\tSettings::Set('system.deactivateddocroot', FileDir::makeCorrectDir(Froxlor::getInstallDir() . '/templates/misc/deactivated/'));\n\t\tUpdate::lastStepStatus(0);\n\t} else {\n\t\tUpdate::lastStepStatus(1, 'Customized setting, not changing');\n\t}\n\n\tUpdate::showUpdateStep(\"Adjusting cronjobs\");\n\t$cfupd_stmt = Database::prepare(\"\n UPDATE `\" . TABLE_PANEL_CRONRUNS . \"` SET\n `module`= 'froxlor/export',\n `cronfile` = 'export',\n `cronclass` = :cc,\n `interval` = '1 HOUR',\n `desc_lng_key` = 'cron_export'\n WHERE `module` = 'froxlor/backup'\n \");\n\tDatabase::pexecute($cfupd_stmt, [\n\t\t'cc' => '\\\\Froxlor\\\\Cron\\\\System\\\\ExportCron'\n\t]);\n\tUpdate::lastStepStatus(0);\n\n\tUpdate::showUpdateStep(\"Adjusting system for data-export function\");\n\tDatabase::query(\"UPDATE `\" . TABLE_PANEL_SETTINGS . \"`SET `varname` = 'exportenabled' WHERE `settinggroup`= 'system' AND `varname`= 'backupenabled'\");\n\tDatabase::query(\"UPDATE `\" . TABLE_PANEL_SETTINGS . \"`SET `value` = REPLACE(`value`, 'extras.backup', 'extras.export') WHERE `settinggroup` = 'panel' AND `varname` = 'customer_hide_options'\");\n\tDatabase::query(\"DELETE FROM `\" . TABLE_PANEL_USERCOLUMNS . \"` WHERE `section` = 'backup_list'\");\n\tDatabase::query(\"DELETE FROM `\" . TABLE_PANEL_TASKS . \"` WHERE `type` = '20'\");\n\tUpdate::lastStepStatus(0);\n\n\tFroxlor::updateToDbVersion('202305240');\n\tFroxlor::updateToVersion('2.1.0-dev1');\n}\n\nif (Froxlor::isFroxlorVersion('2.1.0-dev1')) {\n\tUpdate::showUpdateStep(\"Updating from 2.1.0-dev1 to 2.1.0-beta1\", false);\n\tFroxlor::updateToVersion('2.1.0-beta1');\n}\n\nif (Froxlor::isFroxlorVersion('2.1.0-beta1')) {\n\tUpdate::showUpdateStep(\"Updating from 2.1.0-beta1 to 2.1.0-beta2\", false);\n\n\tUpdate::showUpdateStep(\"Removing unused table\");\n\tDatabase::query(\"DROP TABLE IF EXISTS `panel_sessions`;\");\n\tUpdate::lastStepStatus(0);\n\n\tFroxlor::updateToVersion('2.1.0-beta2');\n}\n\nif (Froxlor::isFroxlorVersion('2.1.0-beta2')) {\n\tUpdate::showUpdateStep(\"Updating from 2.1.0-beta2 to 2.1.0-rc1\", false);\n\tFroxlor::updateToVersion('2.1.0-rc1');\n}\n\nif (Froxlor::isFroxlorVersion('2.1.0-rc1')) {\n\tUpdate::showUpdateStep(\"Updating from 2.1.0-rc1 to 2.1.0-rc2\", false);\n\n\tUpdate::showUpdateStep(\"Adjusting setting spf_entry\");\n\t$spf_entry = Settings::Get('spf.spf_entry');\n\tif (!preg_match('/^v=spf[a-z0-9:~?\\s.-]+$/i', $spf_entry)) {\n\t\tSettings::Set('spf.spf_entry', 'v=spf1 a mx -all');\n\t\tUpdate::lastStepStatus(1, 'corrected');\n\t} else {\n\t\tUpdate::lastStepStatus(0);\n\t}\n\n\tFroxlor::updateToVersion('2.1.0-rc2');\n}\n\nif (Froxlor::isDatabaseVersion('202305240')) {\n\n\tUpdate::showUpdateStep(\"Adjusting file-template file extension setttings\");\n\t$current_fileextension = Settings::Get('system.index_file_extension');\n\tDatabase::query(\"DELETE FROM `\" . TABLE_PANEL_SETTINGS . \"` WHERE `settinggroup`= 'system' AND `varname`= 'index_file_extension'\");\n\tDatabase::query(\"ALTER TABLE `\" . TABLE_PANEL_TEMPLATES . \"` ADD `file_extension` varchar(50) NOT NULL default 'html';\");\n\tif (!empty(trim($current_fileextension)) && strtolower(trim($current_fileextension)) != 'html') {\n\t\t$stmt = Database::prepare(\"UPDATE `\" . TABLE_PANEL_TEMPLATES . \"` SET `file_extension` = :ext WHERE `templategroup` = 'files'\");\n\t\tDatabase::pexecute($stmt, ['ext' => strtolower(trim($current_fileextension))]);\n\t}\n\tUpdate::lastStepStatus(0);\n\n\tFroxlor::updateToDbVersion('202311260');\n}\n\nif (Froxlor::isFroxlorVersion('2.1.0-rc2')) {\n\tUpdate::showUpdateStep(\"Updating from 2.1.0-rc2 to 2.1.0-rc3\", false);\n\tFroxlor::updateToVersion('2.1.0-rc3');\n}\n\nif (Froxlor::isDatabaseVersion('202311260')) {\n\t$to_clean = array(\n\t\t\"install/updates/froxlor/update_2.x.inc.php\",\n\t\t\"install/updates/preconfig/preconfig_2.x.inc.php\",\n\t\t\"lib/Froxlor/Api/Commands/CustomerBackups.php\",\n\t\t\"lib/Froxlor/Cli/Action\",\n\t\t\"lib/Froxlor/Cli/Action.php\",\n\t\t\"lib/Froxlor/Cli/CmdLineHandler.php\",\n\t\t\"lib/Froxlor/Cli/ConfigServicesCmd.php\",\n\t\t\"lib/Froxlor/Cli/PhpSessioncleanCmd.php\",\n\t\t\"lib/Froxlor/Cli/SwitchServerIpCmd.php\",\n\t\t\"lib/Froxlor/Cli/UpdateCliCmd.php\",\n\t\t\"lib/Froxlor/Cron/System/BackupCron.php\",\n\t\t\"lib/formfields/customer/extras/formfield.backup.php\",\n\t\t\"lib/tablelisting/customer/tablelisting.backups.php\",\n\t\t\"templates/Froxlor/assets/mix-manifest.json\",\n\t\t\"templates/Froxlor/assets/css\",\n\t\t\"templates/Froxlor/assets/webfonts\",\n\t\t\"templates/Froxlor/assets/js/main.js\",\n\t\t\"templates/Froxlor/assets/js/main.js.LICENSE.txt\",\n\t\t\"templates/Froxlor/src\",\n\t\t\"templates/Froxlor/user/change_language.html.twig\",\n\t\t\"templates/Froxlor/user/change_password.html.twig\",\n\t\t\"templates/Froxlor/user/change_theme.html.twig\",\n\t\t\"tests/Backup/CustomerBackupsTest.php\"\n\t);\n\tUpdate::cleanOldFiles($to_clean);\n\n\tFroxlor::updateToDbVersion('202312050');\n}\n\nif (Froxlor::isFroxlorVersion('2.1.0-rc3')) {\n\tUpdate::showUpdateStep(\"Updating from 2.1.0-rc3 to 2.1.0 stable\", false);\n\tFroxlor::updateToVersion('2.1.0');\n}\n\nif (Froxlor::isFroxlorVersion('2.1.0')) {\n\tUpdate::showUpdateStep(\"Updating from 2.1.0 to 2.1.1\", false);\n\tFroxlor::updateToVersion('2.1.1');\n}\n\nif (Froxlor::isDatabaseVersion('202312050')) {\n\t$to_clean = array(\n\t\t\"lib/configfiles/centos7.xml\",\n\t\t\"lib/configfiles/centos8.xml\",\n\t\t\"lib/configfiles/stretch.xml\",\n\t\t\"lib/configfiles/xenial.xml\",\n\t\t\"lib/configfiles/buster.xml\",\n\t\t\"lib/configfiles/bionic.xml\",\n\t);\n\tUpdate::cleanOldFiles($to_clean);\n\n\tFroxlor::updateToDbVersion('202312100');\n}\n\nif (Froxlor::isDatabaseVersion('202312100')) {\n\n\tUpdate::showUpdateStep(\"Adjusting table row format of larger tables\");\n\tDatabase::query(\"ALTER TABLE `\" . TABLE_PANEL_ADMINS . \"` ROW_FORMAT=DYNAMIC;\");\n\tDatabase::query(\"ALTER TABLE `\" . TABLE_PANEL_DOMAINS . \"` ROW_FORMAT=DYNAMIC;\");\n\tUpdate::lastStepStatus(0);\n\n\tFroxlor::updateToDbVersion('202312120');\n}\n\nif (Froxlor::isFroxlorVersion('2.1.1')) {\n\tUpdate::showUpdateStep(\"Updating from 2.1.1 to 2.1.2\", false);\n\tFroxlor::updateToVersion('2.1.2');\n}\n\nif (Froxlor::isFroxlorVersion('2.1.2')) {\n\tUpdate::showUpdateStep(\"Updating from 2.1.2 to 2.1.3\", false);\n\tFroxlor::updateToVersion('2.1.3');\n}\n\nif (Froxlor::isFroxlorVersion('2.1.3')) {\n\tUpdate::showUpdateStep(\"Updating from 2.1.3 to 2.1.4\", false);\n\tFroxlor::updateToVersion('2.1.4');\n}\n\nif (Froxlor::isFroxlorVersion('2.1.4')) {\n\tUpdate::showUpdateStep(\"Updating from 2.1.4 to 2.1.5\", false);\n\tFroxlor::updateToVersion('2.1.5');\n}\n\nif (Froxlor::isFroxlorVersion('2.1.5')) {\n\tUpdate::showUpdateStep(\"Updating from 2.1.5 to 2.1.6\", false);\n\tFroxlor::updateToVersion('2.1.6');\n}\n\nif (Froxlor::isFroxlorVersion('2.1.6')) {\n\tUpdate::showUpdateStep(\"Updating from 2.1.6 to 2.1.7\", false);\n\tFroxlor::updateToVersion('2.1.7');\n}\n\nif (Froxlor::isFroxlorVersion('2.1.7')) {\n\tUpdate::showUpdateStep(\"Updating from 2.1.7 to 2.1.8\", false);\n\tFroxlor::updateToVersion('2.1.8');\n}\n\nif (Froxlor::isFroxlorVersion('2.1.8')) {\n\tUpdate::showUpdateStep(\"Updating from 2.1.8 to 2.1.9\", false);\n\tFroxlor::updateToVersion('2.1.9');\n}\n" }, { "path": "install/updates/froxlor/update_2.2.inc.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nuse Froxlor\\Database\\Database;\nuse Froxlor\\Database\\DbManager;\nuse Froxlor\\Froxlor;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\Install\\Update;\nuse Froxlor\\Settings;\n\nif (!defined('_CRON_UPDATE')) {\n\tif (!defined('AREA') || (defined('AREA') && AREA != 'admin') || !isset($userinfo['loginname']) || (isset($userinfo['loginname']) && $userinfo['loginname'] == '')) {\n\t\theader('Location: ../../../../index.php');\n\t\texit();\n\t}\n}\n\nif (Froxlor::isFroxlorVersion('2.1.9')) {\n\tUpdate::showUpdateStep(\"Enhancing virtual email table\");\n\tDatabase::query(\"ALTER TABLE `\" . TABLE_MAIL_VIRTUAL . \"` ADD `spam_tag_level` float(4,1) NOT NULL DEFAULT 7.0;\");\n\tDatabase::query(\"ALTER TABLE `\" . TABLE_MAIL_VIRTUAL . \"` ADD `spam_kill_level` float(4,1) NOT NULL DEFAULT 14.0;\");\n\tDatabase::query(\"ALTER TABLE `\" . TABLE_MAIL_VIRTUAL . \"` ADD `bypass_spam` tinyint(1) NOT NULL default '0';\");\n\tDatabase::query(\"ALTER TABLE `\" . TABLE_MAIL_VIRTUAL . \"` ADD `policy_greylist` tinyint(1) NOT NULL default '1';\");\n\tUpdate::lastStepStatus(0);\n\n\tUpdate::showUpdateStep(\"Adjusting settings\");\n\t$antispam_activated = $_POST['antispam_activated'] ?? 0;\n\tDatabase::query(\"UPDATE `\" . TABLE_PANEL_SETTINGS . \"` SET `settinggroup` = 'antispam', `varname` = 'activated', `value` = '\" . (int)$antispam_activated . \"' WHERE `settinggroup` = 'dkim' AND `varname` = 'use_dkim';\");\n\tDatabase::query(\"UPDATE `\" . TABLE_PANEL_SETTINGS . \"` SET `settinggroup` = 'antispam', `varname` = 'reload_command', `value` = 'service rspamd restart' WHERE `settinggroup` = 'dkim' AND `varname` = 'dkimrestart_command';\");\n\tDatabase::query(\"UPDATE `\" . TABLE_PANEL_SETTINGS . \"` SET `settinggroup` = 'antispam', `varname` = 'config_file', `value` = '/etc/rspamd/local.d/froxlor_settings.conf' WHERE `settinggroup` = 'dkim' AND `varname` = 'dkim_prefix';\");\n\tDatabase::query(\"UPDATE `\" . TABLE_PANEL_SETTINGS . \"` SET `settinggroup` = 'antispam' WHERE `settinggroup` = 'dkim' AND `varname` = 'dkim_keylength';\");\n\tSettings::AddNew(\"dmarc.use_dmarc\", \"0\");\n\tSettings::AddNew(\"dmarc.dmarc_entry\", \"v=DMARC1; p=none;\");\n\tDatabase::query(\"DELETE FROM `\" . TABLE_PANEL_SETTINGS . \"` WHERE `settinggroup` = 'dkim' AND `varname` = 'privkeysuffix';\");\n\tDatabase::query(\"DELETE FROM `\" . TABLE_PANEL_SETTINGS . \"` WHERE `settinggroup` = 'dkim' AND `varname` = 'dkim_domains';\");\n\tDatabase::query(\"DELETE FROM `\" . TABLE_PANEL_SETTINGS . \"` WHERE `settinggroup` = 'dkim' AND `varname` = 'dkim_algorithm';\");\n\tDatabase::query(\"DELETE FROM `\" . TABLE_PANEL_SETTINGS . \"` WHERE `settinggroup` = 'dkim' AND `varname` = 'dkim_notes';\");\n\tDatabase::query(\"DELETE FROM `\" . TABLE_PANEL_SETTINGS . \"` WHERE `settinggroup` = 'dkim' AND `varname` = 'dkim_add_adsp';\");\n\tDatabase::query(\"DELETE FROM `\" . TABLE_PANEL_SETTINGS . \"` WHERE `settinggroup` = 'dkim' AND `varname` = 'dkim_dkimkeys';\");\n\tDatabase::query(\"DELETE FROM `\" . TABLE_PANEL_SETTINGS . \"` WHERE `settinggroup` = 'dkim' AND `varname` = 'dkim_servicetype';\");\n\tDatabase::query(\"DELETE FROM `\" . TABLE_PANEL_SETTINGS . \"` WHERE `settinggroup` = 'dkim' AND `varname` = 'dkim_add_adsppolicy';\");\n\tUpdate::lastStepStatus(0);\n\n\tif ($antispam_activated) {\n\t\tUpdate::showUpdateStep(\"Converting existing domainkeys\");\n\t\t$sel_stmt = Database::prepare(\"SELECT * FROM `\" . TABLE_PANEL_DOMAINS . \"` WHERE `dkim` = '1' AND `dkim_pubkey` <> ''\");\n\t\tDatabase::pexecute($sel_stmt);\n\t\t$upd_stmt = Database::prepare(\"UPDATE `\" . TABLE_PANEL_DOMAINS . \"` SET `dkim_pubkey` = :pkey WHERE `id` = :did\");\n\t\twhile ($domain = $sel_stmt->fetch(\\PDO::FETCH_ASSOC)) {\n\t\t\t$pubkey = trim(preg_replace(\n\t\t\t\t'/-----BEGIN PUBLIC KEY-----(.+)-----END PUBLIC KEY-----/s',\n\t\t\t\t'$1',\n\t\t\t\tstr_replace(\"\\n\", '', $domain['dkim_pubkey'])\n\t\t\t));\n\t\t\tDatabase::pexecute($upd_stmt, ['pkey' => $pubkey, 'did' => $domain['id']]);\n\t\t}\n\t\tUpdate::lastStepStatus(0);\n\n\t\tUpdate::showUpdateStep(\"Configure antispam services\");\n\t\t$froxlorCliBin = Froxlor::getInstallDir() . '/bin/froxlor-cli';\n\t\t$currentDistro = Settings::Get('system.distribution');\n\t\t$manual_command = <<
\" . $manual_command . \"
\"\n\t\t);\n\t} else {\n\t\tUpdate::showUpdateStep(\"Removing existing domainkeys because antispam is disabled\");\n\t\tDatabase::query(\"UPDATE `\" . TABLE_PANEL_DOMAINS . \"` SET `dkim` = '0', `dkim_id` = '0', `dkim_privkey` = '', `dkim_pubkey` = '' WHERE `dkim` = '1';\");\n\t\tUpdate::lastStepStatus(1, '!!!');\n\t}\n\n\tUpdate::showUpdateStep(\"Enhancing admin and user table\");\n\tDatabase::query(\"ALTER TABLE `\" . TABLE_PANEL_ADMINS . \"` ADD `gui_access` tinyint(1) NOT NULL default '1';\");\n\tDatabase::query(\"ALTER TABLE `\" . TABLE_PANEL_CUSTOMERS . \"` ADD `gui_access` tinyint(1) NOT NULL default '1';\");\n\tUpdate::lastStepStatus(0);\n\n\t$to_clean = [\n\t\t'actions/admin/settings/180.dkim.php',\n\t\t'actions/admin/settings/185.spf.php',\n\t];\n\tUpdate::cleanOldFiles($to_clean);\n\n\tFroxlor::updateToDbVersion('202312230');\n\tFroxlor::updateToVersion('2.2.0-dev1');\n}\n\nif (Froxlor::isDatabaseVersion('202312230')) {\n\n\tUpdate::showUpdateStep(\"Adding new settings\");\n\tSettings::AddNew(\"system.le_renew_services\", \"\");\n\tSettings::AddNew(\"system.le_renew_hook\", \"systemctl restart postfix dovecot proftpd\");\n\tUpdate::lastStepStatus(0);\n\n\tFroxlor::updateToDbVersion('202401090');\n}\n\nif (Froxlor::isFroxlorVersion('2.2.0-dev1')) {\n\tUpdate::showUpdateStep(\"Updating from 2.2.0-dev1 to 2.2.0-rc1\", false);\n\tFroxlor::updateToVersion('2.2.0-rc1');\n}\n\nif (Froxlor::isDatabaseVersion('202401090')) {\n\n\tUpdate::showUpdateStep(\"Adding new table for 2fa tokens\");\n\tDatabase::query(\"DROP TABLE IF EXISTS `panel_2fa_tokens`;\");\n\t$sql = \"CREATE TABLE `panel_2fa_tokens` (\n\t `id` int(11) NOT NULL auto_increment,\n\t `selector` varchar(20) NOT NULL,\n\t `token` varchar(200) NOT NULL,\n\t `userid` int(11) NOT NULL default '0',\n\t `valid_until` int(15) NOT NULL,\n\t PRIMARY KEY (id)\n\t) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci;\";\n\tDatabase::query($sql);\n\tUpdate::lastStepStatus(0);\n\n\tFroxlor::updateToDbVersion('202407200');\n}\n\nif (Froxlor::isFroxlorVersion('2.2.0-rc1')) {\n\tUpdate::showUpdateStep(\"Updating from 2.2.0-rc1 to 2.2.0-rc2\", false);\n\tFroxlor::updateToVersion('2.2.0-rc2');\n}\n\nif (Froxlor::isFroxlorVersion('2.2.0-rc2')) {\n\tUpdate::showUpdateStep(\"Updating from 2.2.0-rc2 to 2.2.0-rc3\", false);\n\tFroxlor::updateToVersion('2.2.0-rc3');\n}\n\nif (Froxlor::isDatabaseVersion('202407200')) {\n\n\tUpdate::showUpdateStep(\"Adjusting field in 2fa-token table\");\n\tDatabase::query(\"ALTER TABLE `panel_2fa_tokens` CHANGE COLUMN `selector` `selector` varchar(200) NOT NULL;\");\n\tUpdate::lastStepStatus(0);\n\n\tFroxlor::updateToDbVersion('202408140');\n}\n\nif (Froxlor::isFroxlorVersion('2.2.0-rc3')) {\n\tUpdate::showUpdateStep(\"Updating from 2.2.0-rc3 to 2.2.0 stable\", false);\n\tFroxlor::updateToVersion('2.2.0');\n}\n\nif (Froxlor::isFroxlorVersion('2.2.0')) {\n\tUpdate::showUpdateStep(\"Updating from 2.2.0 to 2.2.1\", false);\n\tFroxlor::updateToVersion('2.2.1');\n}\n\nif (Froxlor::isDatabaseVersion('202408140')) {\n\n\tUpdate::showUpdateStep(\"Adding new rewrite-subject field to email table\");\n\tDatabase::query(\"ALTER TABLE `\" . TABLE_MAIL_VIRTUAL . \"` ADD `rewrite_subject` tinyint(1) NOT NULL default '1' AFTER `spam_tag_level`;\");\n\tUpdate::lastStepStatus(0);\n\n\tFroxlor::updateToDbVersion('202409280');\n}\n\nif (Froxlor::isFroxlorVersion('2.2.1')) {\n\tUpdate::showUpdateStep(\"Updating from 2.2.1 to 2.2.2\", false);\n\tFroxlor::updateToVersion('2.2.2');\n}\n\nif (Froxlor::isFroxlorVersion('2.2.2')) {\n\tUpdate::showUpdateStep(\"Updating from 2.2.2 to 2.2.3\", false);\n\tFroxlor::updateToVersion('2.2.3');\n}\n\nif (Froxlor::isFroxlorVersion('2.2.3')) {\n\tUpdate::showUpdateStep(\"Updating from 2.2.3 to 2.2.4\", false);\n\tFroxlor::updateToVersion('2.2.4');\n}\n\nif (Froxlor::isFroxlorVersion('2.2.4')) {\n\tUpdate::showUpdateStep(\"Updating from 2.2.4 to 2.2.5\", false);\n\tFroxlor::updateToVersion('2.2.5');\n}\n\nif (Froxlor::isDatabaseVersion('202409280')) {\n\n\tUpdate::showUpdateStep(\"Adding new antispam settings\");\n\tSettings::AddNew(\"antispam.default_bypass_spam\", \"2\");\n\tSettings::AddNew(\"antispam.default_spam_rewrite_subject\", \"1\");\n\tSettings::AddNew(\"antispam.default_policy_greylist\", \"1\");\n\tUpdate::lastStepStatus(0);\n\n\tFroxlor::updateToDbVersion('202411200');\n}\n\nif (Froxlor::isDatabaseVersion('202411200')) {\n\n\tUpdate::showUpdateStep(\"Adjusting customer mysql global user\");\n\t// get all customers that are not deactivated and that have at least one database (hence a global database-user)\n\t$customers = Database::query(\"\n\t\tSELECT DISTINCT c.loginname, c.allowed_mysqlserver\n\t\tFROM `\" . TABLE_PANEL_CUSTOMERS . \"` c\n\t\tLEFT JOIN `\" . TABLE_PANEL_DATABASES . \"` d ON c.customerid = d.customerid\n\t\tWHERE c.deactivated = '0' AND d.id IS NOT NULL\n\t\");\n\twhile ($customer = $customers->fetch(\\PDO::FETCH_ASSOC)) {\n\t\t$current_allowed_mysqlserver = !empty($customer['allowed_mysqlserver']) ? json_decode($customer['allowed_mysqlserver'], true) : [];\n\t\tforeach ($current_allowed_mysqlserver as $dbserver) {\n\t\t\t// require privileged access for target db-server\n\t\t\tDatabase::needRoot(true, $dbserver, false);\n\t\t\t// get DbManager\n\t\t\t$dbm = new DbManager(FroxlorLogger::getInstanceOf());\n\t\t\tforeach (array_map('trim', explode(',', Settings::Get('system.mysql_access_host'))) as $mysql_access_host) {\n\t\t\t\ttry {\n\t\t\t\t\tif ($dbm->getManager()->userExistsOnHost($customer['loginname'], $mysql_access_host)) {\n\t\t\t\t\t\t// deactivate temporarily\n\t\t\t\t\t\t$dbm->getManager()->disableUser($customer['loginname'], $mysql_access_host);\n\t\t\t\t\t\t// re-enable\n\t\t\t\t\t\t$dbm->getManager()->enableUser($customer['loginname'], $mysql_access_host, true);\n\t\t\t\t\t}\n\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\t// continue\n\t\t\t\t}\n\t\t\t}\n\t\t\t$dbm->getManager()->flushPrivileges();\n\t\t\tDatabase::needRoot();\n\t\t}\n\t}\n\tUpdate::lastStepStatus(0);\n\n\tFroxlor::updateToDbVersion('202412030');\n}\n\nif (Froxlor::isFroxlorVersion('2.2.5')) {\n\tUpdate::showUpdateStep(\"Updating from 2.2.5 to 2.2.6\", false);\n\tFroxlor::updateToVersion('2.2.6');\n}\n\nif (Froxlor::isFroxlorVersion('2.2.6')) {\n\tUpdate::showUpdateStep(\"Updating from 2.2.6 to 2.2.7\", false);\n\tFroxlor::updateToVersion('2.2.7');\n}\n\nif (Froxlor::isFroxlorVersion('2.2.7')) {\n\tUpdate::showUpdateStep(\"Updating from 2.2.7 to 2.2.8\", false);\n\tFroxlor::updateToVersion('2.2.8');\n}\n\n" }, { "path": "install/updates/froxlor/update_2.3.inc.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nuse Froxlor\\Database\\Database;\nuse Froxlor\\Froxlor;\nuse Froxlor\\Install\\Update;\nuse Froxlor\\Settings;\n\nif (!defined('_CRON_UPDATE')) {\n\tif (!defined('AREA') || (defined('AREA') && AREA != 'admin') || !isset($userinfo['loginname']) || (isset($userinfo['loginname']) && $userinfo['loginname'] == '')) {\n\t\theader('Location: ../../../../index.php');\n\t\texit();\n\t}\n}\n\nif (Froxlor::isDatabaseVersion('202412030')) {\n\tUpdate::showUpdateStep(\"Enhancing customer table\");\n\tDatabase::query(\"ALTER TABLE `\" . TABLE_PANEL_CUSTOMERS . \"` ADD `shell_allowed` tinyint(1) NOT NULL DEFAULT 0;\");\n\tUpdate::lastStepStatus(0);\n\n\tif (Settings::Get('system.allow_customer_shell') == '1') {\n\t\tUpdate::showUpdateStep(\"Allowing shell-usage to current customers as setting is globally enabled\");\n\t\tDatabase::query(\"UPDATE `\" . TABLE_PANEL_CUSTOMERS . \"` SET `shell_allowed` = '1';\");\n\t\tUpdate::lastStepStatus(0);\n\t}\n\n\tFroxlor::updateToDbVersion('202508310');\n\n\tUpdate::showUpdateStep(\"Updating from 2.2.8 to 2.3.0-dev1\", false);\n\tFroxlor::updateToVersion('2.3.0-dev1');\n}\n\nif (Froxlor::isDatabaseVersion('202508310')) {\n\tUpdate::showUpdateStep(\"Remove old settings\");\n\tDatabase::query(\"DELETE FROM `\" . TABLE_PANEL_SETTINGS . \"` WHERE `settinggroup` = 'system' AND `varname` = 'perl_path'\");\n\tUpdate::lastStepStatus(0);\n\n\tif (Settings::Get('system.webserver') == 'lighttpd') {\n\t\t$system_alt_webserver = $_POST['system_alt_webserver'] ?? 'apache2';\n\t\tUpdate::showUpdateStep(\"Switching from lighttpd to \" . $system_alt_webserver);\n\t\tSettings::Set('system.webserver', $system_alt_webserver);\n\t\tSettings::Set('system.apache24', 1);\n\t\tUpdate::lastStepStatus(0);\n\t}\n\n\tFroxlor::updateToDbVersion('202509010');\n}\n\nif (Froxlor::isDatabaseVersion('202509010')) {\n\tUpdate::showUpdateStep(\"Adding new table for user ssh-keys\");\n\tDatabase::query(\"DROP TABLE IF EXISTS `panel_sshkeys`;\");\n\t$sql = \"CREATE TABLE `panel_sshkeys` (\n\t `id` int(11) NOT NULL auto_increment,\n\t `customerid` int(11) NOT NULL,\n\t `ftp_user_id` int(20) NOT NULL,\n\t `ssh_pubkey` text NOT NULL,\n\t `description` varchar(255) NOT NULL DEFAULT '',\n\t PRIMARY KEY (id)\n\t) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci;\";\n\tDatabase::query($sql);\n\tUpdate::lastStepStatus(0);\n\n\tFroxlor::updateToDbVersion('202509060');\n}\n\nif (Froxlor::isDatabaseVersion('202509060')) {\n\tUpdate::showUpdateStep(\"Disabling OCSP for Let's Encrypt enabled domains, as service is EOL\");\n\tDatabase::query(\"UPDATE `\" . TABLE_PANEL_DOMAINS . \"` SET `ocsp_stapling` = '0' WHERE `letsencrypt` = '1';\");\n\tUpdate::lastStepStatus(0);\n\n\t// clear templates cache\n\tUpdate::cleanOldFiles([\n\t\t'cache/*'\n\t]);\n\n\tFroxlor::updateToDbVersion('202509120');\n}\n\nif (Froxlor::isDatabaseVersion('202509120')) {\n\tUpdate::showUpdateStep(\"Adding new settings\");\n\tSettings::AddNew(\"system.http3_support\", \"0\");\n\tUpdate::lastStepStatus(0);\n\n\tUpdate::showUpdateStep(\"Adding http3 field to domain table\");\n\tDatabase::query(\"ALTER TABLE `\" . TABLE_PANEL_DOMAINS . \"` ADD `http3` tinyint(1) NOT NULL default '0' AFTER `http2`;\");\n\tUpdate::lastStepStatus(0);\n\n\tFroxlor::updateToDbVersion('202509210');\n}\n\nif (Froxlor::isDatabaseVersion('202509210')) {\n\tUpdate::showUpdateStep(\"Adding new table for email sender aliases\");\n\tDatabase::query(\"DROP TABLE IF EXISTS `mail_sender_aliases`;\");\n\t$sql = \"CREATE TABLE `mail_sender_aliases` (\n\t `id` int(11) NOT NULL auto_increment,\n\t `email` varchar(255) NOT NULL,\n\t `allowed_sender` varchar(255) NOT NULL,\n\t PRIMARY KEY (`id`),\n\t UNIQUE KEY `email_sender` (`email`, `allowed_sender`)\n\t) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci;\";\n\tDatabase::query($sql);\n\t$mail_enable_allow_sender = $_POST['mail_enable_allow_sender'] ?? 0;\n\tSettings::AddNew('mail.enable_allow_sender', $mail_enable_allow_sender);\n\t$mail_allow_external_domains = $_POST['mail_allow_external_domains'] ?? 0;\n\tSettings::AddNew('mail.allow_external_domains', $mail_allow_external_domains);\n\tUpdate::lastStepStatus(0);\n\n\t$to_clean = [\n\t\t'lib/configfiles/gentoo.xml',\n\t];\n\tUpdate::cleanOldFiles($to_clean);\n\n\tFroxlor::updateToDbVersion('202509270');\n}\n\nif (Froxlor::isDatabaseVersion('202509270')) {\n\n\tSettings::AddNew('system.distro_mismatch', '0');\n\tFroxlor::updateToDbVersion('202511020');\n}\n\nif (Froxlor::isFroxlorVersion('2.3.0-dev1')) {\n\tUpdate::showUpdateStep(\"Updating from 2.3.0-dev1 to 2.3.0-rc1\", false);\n\tFroxlor::updateToVersion('2.3.0-rc1');\n}\n\nif (Froxlor::isFroxlorVersion('2.3.0-rc1')) {\n\tUpdate::showUpdateStep(\"Updating from 2.3.0-rc1 to 2.3.0\", false);\n\tFroxlor::updateToVersion('2.3.0');\n}\n\nif (Froxlor::isDatabaseVersion('202511020')) {\n\n\tSettings::AddNew('system.report_web_bccadmin', '0');\n\tFroxlor::updateToDbVersion('202512090');\n}\n\nif (Froxlor::isDatabaseVersion('202512090')) {\n\n\t$to_clean = [\n\t\t'install/updates/froxlor/update_0.10.inc.php',\n\t\t'install/updates/preconfig/preconfig_0.10.inc.php',\n\t\t'lib/Froxlor/Cron/Http/Lighttpd.php',\n\t\t'lib/Froxlor/Cron/Http/LighttpdFcgi.php',\n\t];\n\tUpdate::cleanOldFiles($to_clean);\n\n\tFroxlor::updateToDbVersion('202512280');\n}\n\nif (Froxlor::isFroxlorVersion('2.3.0')) {\n\tUpdate::showUpdateStep(\"Updating from 2.3.0 to 2.3.1\", false);\n\tFroxlor::updateToVersion('2.3.1');\n}\n\nif (Froxlor::isFroxlorVersion('2.3.1')) {\n\tUpdate::showUpdateStep(\"Updating from 2.3.1 to 2.3.2\", false);\n\tFroxlor::updateToVersion('2.3.2');\n}\n\nif (Froxlor::isFroxlorVersion('2.3.2')) {\n\tUpdate::showUpdateStep(\"Updating from 2.3.2 to 2.3.3\", false);\n\tFroxlor::updateToVersion('2.3.3');\n}\n\nif (Froxlor::isFroxlorVersion('2.3.3')) {\n\tUpdate::showUpdateStep(\"Updating from 2.3.3 to 2.3.4\", false);\n\tFroxlor::updateToVersion('2.3.4');\n}\n\nif (Froxlor::isFroxlorVersion('2.3.4')) {\n\tUpdate::showUpdateStep(\"Updating from 2.3.4 to 2.3.5\", false);\n\tFroxlor::updateToVersion('2.3.5');\n}\n\nif (Froxlor::isDatabaseVersion('202512280')) {\n\n\tUpdate::showUpdateStep(\"Adding new settings\");\n\t$system_webserver_serveradmin = $_POST['system_webserver_serveradmin'] ?? 'customer';\n\tif (!in_array($system_webserver_serveradmin, ['customer', 'admin', 'global', 'none'])) {\n\t\t$system_webserver_serveradmin = 'customer';\n\t}\n\tSettings::AddNew(\"system.webserver_serveradmin\", $system_webserver_serveradmin);\n\tUpdate::lastStepStatus(0);\n\n\tFroxlor::updateToDbVersion('202603100');\n}\n\nif (Froxlor::isFroxlorVersion('2.3.5')) {\n\tUpdate::showUpdateStep(\"Updating from 2.3.5 to 2.3.6\", false);\n\tFroxlor::updateToVersion('2.3.6');\n}\n\nif (Froxlor::isFroxlorVersion('2.3.6')) {\n\tUpdate::showUpdateStep(\"Updating from 2.3.6 to 2.3.7\", false);\n\tFroxlor::updateToVersion('2.3.7');\n}\n" }, { "path": "install/updates/index.html", "content": "" }, { "path": "install/updates/preconfig/index.html", "content": "" }, { "path": "install/updates/preconfig/preconfig_2.0.inc.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nuse Froxlor\\Froxlor;\nuse Froxlor\\FileDir;\nuse Froxlor\\Config\\ConfigParser;\nuse Froxlor\\Install\\Update;\nuse Froxlor\\Settings;\n\n$preconfig = [\n\t'title' => '2.0.x updates',\n\t'fields' => []\n];\n$return = [];\n\nif (Update::versionInUpdate($current_version, '2.0.0-beta1')) {\n\t$description = 'We have rearranged the settings and split them into basic and advanced categories. This makes it easier for users who do not need all the detailed or very specific settings and options and gives a better overview of the basic/mostly used settings.';\n\t$question = 'Chose settings mode (you can change that at any time)';\n\t$return['panel_settings_mode'] = [\n\t\t'type' => 'select',\n\t\t'select_var' => [\n\t\t\t0 => 'Basic',\n\t\t\t1 => 'Advanced'\n\t\t],\n\t\t'selected' => 1,\n\t\t'label' => $question,\n\t\t'prior_infotext' => $description\n\t];\n\n\t$description = 'The configuration page now can preselect a distribution, please select your current distribution';\n\t$question = 'Select distribution';\n\t$config_dir = FileDir::makeCorrectDir(Froxlor::getInstallDir() . '/lib/configfiles/');\n\t// show list of available distro's\n\t$distros = glob($config_dir . '*.xml');\n\t// selection is required $distributions_select[''] = '-';\n\t// read in all the distros\n\tforeach ($distros as $_distribution) {\n\t\t// get configparser object\n\t\t$dist = new ConfigParser($_distribution);\n\t\t// store in tmp array\n\t\t$distributions_select[str_replace(\".xml\", \"\", strtolower(basename($_distribution)))] = $dist->getCompleteDistroName();\n\t}\n\t// sort by distribution name\n\tasort($distributions_select);\n\t$return['system_distribution'] = [\n\t\t'type' => 'select',\n\t\t'select_var' => $distributions_select,\n\t\t'selected' => '',\n\t\t'label' => $question,\n\t\t'prior_infotext' => $description\n\t];\n}\n\nif (Update::versionInUpdate($current_db_version, '202301120')) {\n\t$acmesh_challenge_dir = rtrim(FileDir::makeCorrectDir(Settings::Get('system.letsencryptchallengepath')), \"/\");\n\t$recommended = rtrim(FileDir::makeCorrectDir(Froxlor::getInstallDir()), \"/\");\n\tif ((int) Settings::Get('system.leenabled') == 1 && $acmesh_challenge_dir != $recommended) {\n\t\t$has_preconfig = true;\n\t\t$description = 'ACME challenge docroot from settings differs from the current installation directory.';\n\t\t$question = 'Validate Let\\'s Encrypt challenge path (recommended value: ' . $recommended . ')';\n\t\t$return['system_letsencryptchallengepath_upd'] = [\n\t\t\t'type' => 'text',\n\t\t\t'value' => $recommended,\n\t\t\t'placeholder' => $acmesh_challenge_dir,\n\t\t\t'label' => $question,\n\t\t\t'prior_infotext' => $description,\n\t\t\t'mandatory' => true,\n\t\t];\n\t}\n}\n\nif (Update::versionInUpdate($current_db_version, '202301180')) {\n\tif ((int) Settings::Get('system.leenabled') == 1) {\n\t\t$has_preconfig = true;\n\t\t$description = 'Froxlor now supports to set an external DNS resolver for the Let\\'s Encrypt pre-check.';\n\t\t$question = 'Specify a DNS resolver IP (recommended value: 1.1.1.1 or similar)';\n\t\t$return['system_le_domain_dnscheck_resolver'] = [\n\t\t\t'type' => 'text',\n\t\t\t'pattern' => '^(?:(?:25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\\.){3}(?:25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])$|^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$|^\\s*$',\n\t\t\t'value' => '1.1.1.1',\n\t\t\t'placeholder' => '1.1.1.1',\n\t\t\t'label' => $question,\n\t\t\t'prior_infotext' => $description,\n\t\t];\n\t}\n}\n\n$preconfig['fields'] = $return;\nreturn $preconfig;\n" }, { "path": "install/updates/preconfig/preconfig_2.1.inc.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nuse Froxlor\\Install\\Update;\n\n$preconfig = [\n\t'title' => '2.1.x updates',\n\t'fields' => []\n];\n$return = [];\n\nif (Update::versionInUpdate($current_version, '2.1.0-dev1')) {\n\n}\n\n$preconfig['fields'] = $return;\nreturn $preconfig;\n" }, { "path": "install/updates/preconfig/preconfig_2.2.inc.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nuse Froxlor\\Install\\Update;\n\n$preconfig = [\n\t'title' => '2.2.x updates',\n\t'fields' => []\n];\n$return = [];\n\nif (Update::versionInUpdate($current_version, '2.2.0-dev1')) {\n\t$has_preconfig = true;\n\t$description = 'Froxlor now features antispam configurations using rspamd. Would you like to enable the antispam feature (required re-configuration of services)?
ATTENTION: When not enabled and the former DomainKey feature was used, keep in mind that all existing domainkeys for all domain are being removed and the dkim-flag disabled for the domains.';\n\t$question = 'Enable antispam (recommended) ';\n\t$return['antispam_activated'] = [\n\t\t'type' => 'checkbox',\n\t\t'value' => 1,\n\t\t'checked' => 0,\n\t\t'label' => $question,\n\t\t'prior_infotext' => $description\n\t];\n}\n\n$preconfig['fields'] = $return;\nreturn $preconfig;\n" }, { "path": "install/updates/preconfig/preconfig_2.3.inc.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nuse Froxlor\\Install\\Update;\nuse Froxlor\\Settings;\n\n$preconfig = [\n\t'title' => '2.3.x updates',\n\t'fields' => []\n];\n$return = [];\n\nif (Update::versionInUpdate($current_db_version, '202509010')) {\n\tif (Settings::Get('system.webserver') == 'lighttpd') {\n\t\t$has_preconfig = true;\n\t\t$description = 'You seem to be using \"lighttpd\" as webserver, froxlor 2.3 no longer supports this webserver. Please select an alternative one. Remember to configure the service after the update!';\n\t\t$question = 'Switch webserver to: ';\n\t\t$return['system_alt_webserver'] = [\n\t\t\t'type' => 'select',\n\t\t\t'select_var' => [\n\t\t\t\t'apache2' => 'Apache 2.4',\n\t\t\t\t'nginx' => 'Nginx'\n\t\t\t],\n\t\t\t'selected' => 'apache2',\n\t\t\t'label' => $question,\n\t\t\t'prior_infotext' => $description\n\t\t];\n\t}\n}\n\nif (Update::versionInUpdate($current_db_version, '202509270')) {\n\n\t$has_preconfig = true;\n\t$description = 'It is now possible for customers to add \"allowed sender\" addresses for email-accounts to send from if enabled.';\n\t$question = 'Enable \"allowed sender\" for customers? ';\n\t$return['mail_enable_allow_sender'] = [\n\t\t'type' => 'checkbox',\n\t\t'value' => 1,\n\t\t'checked' => 0,\n\t\t'label' => $question,\n\t\t'prior_infotext' => $description\n\t];\n\t$description = 'By default, a customer cannot use domains that are not added to the account for the \"allowed sender\" feature. You can specify if you would like to allow adding addresses from external domains not managed by your installation.';\n\t$question = 'Allow external domains for \"allowed sender\"? ';\n\t$return['mail_allow_external_domains'] = [\n\t\t'type' => 'checkbox',\n\t\t'value' => 1,\n\t\t'checked' => 0,\n\t\t'label' => $question,\n\t\t'prior_infotext' => $description\n\t];\n}\n\nif (Update::versionInUpdate($current_db_version, '202603100')) {\n\n\tif (Settings::Get('system.webserver') == 'apache2') {\n\t\t$has_preconfig = true;\n\t\t$description = 'Select default value for the \"ServerAdmin\" value which is shown on webserver error pages (depending on ServerSignature setting).';\n\t\t$question = 'Which email address should be shown in ServerAdmin directive? ';\n\t\t$return['system_webserver_serveradmin'] = [\n\t\t\t'type' => 'select',\n\t\t\t'select_var' => [\n\t\t\t\t'customer' => 'Customer email address (default)',\n\t\t\t\t'admin' => 'Admin email address',\n\t\t\t\t'global' => 'Panel admin email address',\n\t\t\t\t'none' => 'No ServerAdmin'\n\t\t\t],\n\t\t\t'selected' => 'customer',\n\t\t\t'label' => $question,\n\t\t\t'prior_infotext' => $description\n\t\t];\n\t}\n}\n\n$preconfig['fields'] = $return;\nreturn $preconfig;\n" }, { "path": "install/updatesql.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nuse Froxlor\\Froxlor;\nuse Froxlor\\FileDir;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\Settings;\nuse Froxlor\\UI\\Response;\nuse Froxlor\\Database\\IntegrityCheck;\nuse Froxlor\\Install\\Update;\n\nif (!defined('_CRON_UPDATE')) {\n\tif (!defined('AREA') || (defined('AREA') && AREA != 'admin') || !isset($userinfo['loginname']) || (isset($userinfo['loginname']) && $userinfo['loginname'] == '')) {\n\t\theader('Location: ../index.php');\n\t\texit();\n\t}\n}\n\n$filelog = FroxlorLogger::getInstanceOf(array(\n\t'loginname' => 'updater'\n));\n\n// if first writing does not work we'll stop, tell the user to fix it\n// and then let him try again.\ntry {\n\t$filelog->logAction(FroxlorLogger::ADM_ACTION, LOG_WARNING, '-------------- START LOG --------------');\n} catch (Exception $e) {\n\tResponse::standardError('exception', $e->getMessage());\n}\n\nif (Froxlor::isFroxlor()) {\n\n\tinclude_once(FileDir::makeCorrectFile(dirname(__FILE__) . '/updates/froxlor/update_2.0.inc.php'));\n\tinclude_once(FileDir::makeCorrectFile(dirname(__FILE__) . '/updates/froxlor/update_2.1.inc.php'));\n\tinclude_once(FileDir::makeCorrectFile(dirname(__FILE__) . '/updates/froxlor/update_2.2.inc.php'));\n\tinclude_once(FileDir::makeCorrectFile(dirname(__FILE__) . '/updates/froxlor/update_2.3.inc.php'));\n\n\t// Check Froxlor - database integrity (only happens after all updates are done, so we know the db-layout is okay)\n\tUpdate::showUpdateStep(\"Checking database integrity\");\n\n\t$integrity = new IntegrityCheck();\n\tif (!$integrity->checkAll()) {\n\t\tUpdate::lastStepStatus(1, 'Integrity could not be validated');\n\t\tUpdate::showUpdateStep(\"Trying to automatically restore integrity\");\n\t\tif (!$integrity->fixAll()) {\n\t\t\tUpdate::lastStepStatus(2, 'failed', 'Check \"database validation\" as admin on the left-side menu to see where the problem is');\n\t\t} else {\n\t\t\tUpdate::lastStepStatus(0, 'Integrity restored');\n\t\t}\n\t} else {\n\t\tUpdate::lastStepStatus(0);\n\t}\n\n\t// reset cached version check\n\tSettings::Set('system.updatecheck_data', '');\n\n\t$filelog->logAction(FroxlorLogger::ADM_ACTION, LOG_WARNING, '--------------- END LOG ---------------');\n\tunset($filelog);\n}\n" }, { "path": "lib/Froxlor/Ajax/Ajax.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Ajax;\n\nuse Exception;\nuse DateTime;\nuse Froxlor\\Config\\ConfigDisplay;\nuse Froxlor\\Config\\ConfigParser;\nuse Froxlor\\CurrentUser;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\FileDir;\nuse Froxlor\\Froxlor;\nuse Froxlor\\Http\\HttpClient;\nuse Froxlor\\Install\\Update;\nuse Froxlor\\Settings;\nuse Froxlor\\UI\\Listing;\nuse Froxlor\\UI\\Panel\\UI;\nuse Froxlor\\UI\\Request;\nuse Froxlor\\UI\\Response;\nuse Froxlor\\Validate\\Validate;\n\nclass Ajax\n{\n\tprotected string $action;\n\tprotected string $theme;\n\tprotected array $userinfo;\n\n\t/**\n\t * @throws Exception\n\t */\n\tpublic function __construct()\n\t{\n\t\t$this->action = Request::any('action');\n\t\t$this->theme = Request::any('theme', 'Froxlor');\n\n\t\tUI::sendHeaders();\n\t\tUI::sendSslHeaders();\n\t}\n\n\t/**\n\t * @throws Exception\n\t */\n\tpublic function handle()\n\t{\n\t\t$this->userinfo = $this->getValidatedSession();\n\n\t\tswitch ($this->action) {\n\t\t\tcase 'newsfeed':\n\t\t\t\treturn $this->getNewsfeed();\n\t\t\tcase 'updatecheck':\n\t\t\t\treturn $this->getUpdateCheck();\n\t\t\tcase 'searchglobal':\n\t\t\t\treturn $this->searchGlobal();\n\t\t\tcase 'updatetablelisting':\n\t\t\t\treturn $this->updateTablelisting();\n\t\t\tcase 'resettablelisting':\n\t\t\t\treturn $this->resetTablelisting();\n\t\t\tcase 'editapikey':\n\t\t\t\treturn $this->editApiKey();\n\t\t\tcase 'getConfigDetails':\n\t\t\t\treturn $this->getConfigDetails();\n\t\t\tcase 'getConfigJsonExport':\n\t\t\t\treturn $this->getConfigJsonExport();\n\t\t\tcase 'loadLanguageString':\n\t\t\t\treturn $this->loadLanguageString();\n\t\t\tdefault:\n\t\t\t\treturn $this->errorResponse('Action not found!');\n\t\t}\n\t}\n\n\t/**\n\t * @throws Exception\n\t */\n\tprivate function getValidatedSession(): array\n\t{\n\t\tif (CurrentUser::hasSession() == false) {\n\t\t\tthrow new Exception(\"No valid session\");\n\t\t}\n\t\treturn CurrentUser::getData();\n\t}\n\n\t/**\n\t * @throws Exception\n\t */\n\tprivate function getNewsfeed()\n\t{\n\t\tUI::initTwig();\n\n\t\t$feed = \"https://inside.froxlor.org/news/\";\n\n\t\t// Set custom feed if provided\n\t\t$role = Request::get('role');\n\t\tif ($role == \"customer\") {\n\t\t\t$custom_feed = Settings::Get(\"customer.news_feed_url\");\n\t\t\tif (!empty(trim($custom_feed))) {\n\t\t\t\t$feed = $custom_feed;\n\t\t\t}\n\t\t}\n\n\t\t// Check for simplexml_load_file\n\t\tif (!function_exists(\"simplexml_load_file\")) {\n\t\t\treturn $this->errorResponse([\n\t\t\t\t\"Newsfeed not available due to missing php-simplexml extension\",\n\t\t\t\t\"Please install the php-simplexml extension in order to view our newsfeed.\"\n\t\t\t]);\n\t\t}\n\n\t\t// Check for curl_version\n\t\tif (!function_exists('curl_version')) {\n\t\t\treturn $this->errorResponse([\n\t\t\t\t\"Newsfeed not available due to missing php-curl extension\",\n\t\t\t\t\"Please install the php-curl extension in order to view our newsfeed.\"\n\t\t\t]);\n\t\t}\n\n\t\t$output = HttpClient::urlGet($feed);\n\t\t$news = simplexml_load_string(trim($output));\n\n\t\tif ($news === false) {\n\t\t\t$err = [];\n\t\t\tforeach (libxml_get_errors() as $error) {\n\t\t\t\t$err[] = $error->message;\n\t\t\t}\n\t\t\treturn $this->errorResponse(\n\t\t\t\t$err\n\t\t\t);\n\t\t}\n\n\t\t// Handle items\n\t\tif ($news) {\n\t\t\t$items = null;\n\n\t\t\tfor ($i = 0; $i < 3; $i++) {\n\t\t\t\t$item = $news->channel->item[$i];\n\n\t\t\t\t$title = (string)$item->title;\n\t\t\t\t$link = (string)$item->link;\n\t\t\t\t$date = date(\"d.m.Y\", strtotime($item->pubDate));\n\t\t\t\t$content = preg_replace(\"/[\\r\\n]+/\", \" \", strip_tags($item->description));\n\t\t\t\t$content = substr($content, 0, 150) . \"...\";\n\n\t\t\t\t$items .= UI::twig()->render(UI::validateThemeTemplate('/user/newsfeeditem.html.twig', $this->theme), [\n\t\t\t\t\t'link' => $link,\n\t\t\t\t\t'title' => $title,\n\t\t\t\t\t'date' => $date,\n\t\t\t\t\t'content' => $content\n\t\t\t\t]);\n\t\t\t}\n\n\t\t\treturn $this->jsonResponse($items);\n\t\t} else {\n\t\t\treturn $this->errorResponse('No Newsfeeds available at the moment.');\n\t\t}\n\t}\n\n\tpublic function errorResponse($message, int $response_code = 500)\n\t{\n\t\theader(\"Content-Type: application/json\");\n\t\treturn \\Froxlor\\Api\\Response::jsonErrorResponse($message, $response_code);\n\t}\n\n\tpublic function jsonResponse($value, int $response_code = 200)\n\t{\n\t\theader(\"Content-Type: application/json\");\n\t\treturn \\Froxlor\\Api\\Response::jsonResponse($value, $response_code);\n\t}\n\n\tprivate function getUpdateCheck()\n\t{\n\t\tUI::initTwig();\n\n\t\ttry {\n\t\t\t$force = Request::get('force', 0);\n\t\t\t$json_result = \\Froxlor\\Api\\Commands\\Froxlor::getLocal($this->userinfo, ['force' => $force])->checkUpdate();\n\t\t\t$result = json_decode($json_result, true)['data'];\n\t\t\t$result['full_version'] = Froxlor::getFullVersion();\n\t\t\t$result['dbversion'] = Froxlor::DBVERSION;\n\t\t\t$uc_data = Update::getUpdateCheckData();\n\t\t\t$result['last_update_check'] = $uc_data['ts'];\n\t\t\t$result['channel'] = Settings::Get('system.update_channel');\n\n\t\t\t$result_rendered = UI::twig()->render(UI::validateThemeTemplate('/misc/version_top.html.twig', $this->theme), $result);\n\t\t\treturn $this->jsonResponse($result_rendered);\n\t\t} catch (Exception $e) {\n\t\t\t// don't display anything if just not allowed due to permissions\n\t\t\tif ($e->getCode() != 403) {\n\t\t\t\treturn $this->errorResponse($e->getMessage(), $e->getCode());\n\t\t\t}\n\t\t}\n\t}\n\n\t/**\n\t * search globally in various resources\n\t */\n\tprivate function searchGlobal()\n\t{\n\t\t$searchtext = Request::any('searchtext');\n\n\t\t$result = [];\n\n\t\t// settings\n\t\t$result_settings = [];\n\t\tif (isset($this->userinfo['adminsession']) && $this->userinfo['adminsession'] == 1 && $this->userinfo['change_serversettings'] == 1) {\n\t\t\t$result_settings = GlobalSearch::searchSettings($searchtext, $this->userinfo);\n\t\t}\n\n\t\t// all searchable entities\n\t\t$result_entities = GlobalSearch::searchGlobal($searchtext, $this->userinfo);\n\n\t\t$result = array_merge($result_settings, $result_entities);\n\n\t\treturn $this->jsonResponse($result);\n\t}\n\n\tprivate function updateTablelisting()\n\t{\n\t\t$columns = [];\n\t\tforeach ((Request::post('columns') ?? []) as $value) {\n\t\t\t$columns[] = $value;\n\t\t}\n\t\tif (!empty($columns)) {\n\t\t\t$columns = Listing::storeColumnListingForUser([Request::get('listing') => $columns]);\n\t\t\treturn $this->jsonResponse($columns);\n\t\t}\n\t\treturn $this->errorResponse('At least one column must be selected', 406);\n\t}\n\n\tprivate function resetTablelisting()\n\t{\n\t\tListing::deleteColumnListingForUser([Request::get('listing') => []]);\n\t\treturn $this->jsonResponse([]);\n\t}\n\n\tprivate function editApiKey()\n\t{\n\t\t$keyid = Request::post('id', 0);\n\t\t$allowed_from = Request::post('allowed_from', \"\");\n\t\t$valid_until = Request::post('valid_until', \"\");\n\n\t\tif (empty($keyid)) {\n\t\t\treturn $this->errorResponse('Invalid call', 406);\n\t\t}\n\n\t\t// validate allowed_from\n\t\tif (!empty($allowed_from)) {\n\t\t\t$ip_list = array_map('trim', explode(\",\", $allowed_from));\n\t\t\t$_check_list = $ip_list;\n\t\t\tforeach ($_check_list as $idx => $ip) {\n\t\t\t\tif (Validate::validate_ip2($ip, true, 'invalidip', true, true, true) == false) {\n\t\t\t\t\treturn $this->errorResponse('Invalid ip address', 406);\n\t\t\t\t}\n\t\t\t\t// check for cidr\n\t\t\t\tif (strpos($ip, '/') !== false) {\n\t\t\t\t\t$ipparts = explode(\"/\", $ip);\n\t\t\t\t\t// shorten IP\n\t\t\t\t\t$ip = inet_ntop(inet_pton($ipparts[0]));\n\t\t\t\t\t// re-add cidr\n\t\t\t\t\t$ip .= '/' . $ipparts[1];\n\t\t\t\t} else {\n\t\t\t\t\t// shorten IP\n\t\t\t\t\t$ip = inet_ntop(inet_pton($ip));\n\t\t\t\t}\n\t\t\t\t$ip_list[$idx] = $ip;\n\t\t\t}\n\t\t\t$allowed_from = implode(\",\", array_unique($ip_list));\n\t\t}\n\n\t\tif (!empty($valid_until)) {\n\t\t\t$valid_until_db = DateTime::createFromFormat('Y-m-d\\TH:i', $valid_until)->format('U');\n\t\t} else {\n\t\t\t$valid_until_db = -1;\n\t\t}\n\n\t\t$upd_stmt = Database::prepare(\"\n\t\t\tUPDATE `\" . TABLE_API_KEYS . \"` SET\n\t\t\t`valid_until` = :vu, `allowed_from` = :af\n\t\t\tWHERE `id` = :keyid AND `adminid` = :aid AND `customerid` = :cid\n\t\t\");\n\t\tif ((int)$this->userinfo['adminsession'] == 1) {\n\t\t\t$cid = 0;\n\t\t} else {\n\t\t\t$cid = $this->userinfo['customerid'];\n\t\t}\n\t\tDatabase::pexecute($upd_stmt, [\n\t\t\t'keyid' => $keyid,\n\t\t\t'af' => $allowed_from,\n\t\t\t'vu' => $valid_until_db,\n\t\t\t'aid' => $this->userinfo['adminid'],\n\t\t\t'cid' => $cid\n\t\t]);\n\t\treturn $this->jsonResponse(['allowed_from' => $allowed_from, 'valid_until' => $valid_until]);\n\t}\n\n\t/**\n\t * return parsed commands/files of configuration templates\n\t */\n\tprivate function getConfigDetails()\n\t{\n\t\tif (isset($this->userinfo['adminsession']) && $this->userinfo['adminsession'] == 1 && $this->userinfo['change_serversettings'] == 1) {\n\t\t\t$distribution = Request::post('distro', \"\");\n\t\t\t$section = Request::post('section', \"\");\n\t\t\t$daemon = Request::post('daemon', \"\");\n\n\t\t\t// validate distribution config-xml exists\n\t\t\t$config_dir = FileDir::makeCorrectDir(Froxlor::getInstallDir() . '/lib/configfiles/');\n\t\t\tif (!file_exists($config_dir . \"/\" . $distribution . \".xml\")) {\n\t\t\t\treturn $this->errorResponse(\"Unknown distribution. The configuration could not be found.\");\n\t\t\t}\n\t\t\t// read in all configurations\n\t\t\t$configfiles = new ConfigParser($config_dir . \"/\" . $distribution . \".xml\");\n\t\t\t// get the services\n\t\t\t$services = $configfiles->getServices();\n\t\t\t// validate selected service exists for this distribution\n\t\t\tif (!isset($services[$section])) {\n\t\t\t\treturn $this->errorResponse(\"Unknown category for selected distribution\");\n\t\t\t}\n\t\t\t// get the daemons\n\t\t\t$daemons = $services[$section]->getDaemons();\n\t\t\t// validate selected daemon exists for this section\n\t\t\tif (!isset($daemons[$daemon])) {\n\t\t\t\treturn $this->errorResponse(\"Unknown service for selected category\");\n\t\t\t}\n\t\t\t// finally the config-steps\n\t\t\t$confarr = $daemons[$daemon]->getConfig();\n\t\t\t// get parsed content\n\t\t\tUI::initTwig();\n\t\t\t$content = ConfigDisplay::fromConfigArr($confarr, $configfiles->distributionEditor, $this->theme);\n\n\t\t\treturn $this->jsonResponse([\n\t\t\t\t'title' => $configfiles->getCompleteDistroName() . ' » ' . $services[$section]->title . ' » ' . $daemons[$daemon]->title,\n\t\t\t\t'content' => $content\n\t\t\t]);\n\t\t}\n\t\treturn $this->errorResponse('Not allowed', 403);\n\t}\n\n\t/**\n\t * download JSON export of config-selection\n\t */\n\tprivate function getConfigJsonExport()\n\t{\n\t\tif (isset($this->userinfo['adminsession']) && $this->userinfo['adminsession'] == 1 && $this->userinfo['change_serversettings'] == 1) {\n\t\t\t$params = $_GET;\n\t\t\tunset($params['action']);\n\t\t\tunset($params['finish']);\n\t\t\tunset($params['csrf_token']);\n\t\t\theader('Content-disposition: attachment; filename=froxlor-config-' . time() . '.json');\n\t\t\treturn $this->jsonResponse($params);\n\t\t}\n\t\treturn $this->errorResponse('Not allowed', 403);\n\t}\n\n\t/**\n\t * loads a given language string by its identifier\n\t */\n\tprivate function loadLanguageString()\n\t{\n\t\t$langid = Request::post('langid', \"\");\n\t\tif (preg_match('/^([a-zA-Z\\.]+)$/', $langid)) {\n\t\t\treturn $this->jsonResponse(lng($langid));\n\t\t}\n\t\treturn $this->errorResponse('Invalid identifier: ' . $langid, 406);\n\t}\n}\n" }, { "path": "lib/Froxlor/Ajax/GlobalSearch.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Ajax;\n\nuse Froxlor\\Api\\Commands\\Admins;\nuse Froxlor\\Api\\Commands\\Customers;\nuse Froxlor\\Api\\Commands\\Domains;\nuse Froxlor\\Api\\Commands\\EmailDomains;\nuse Froxlor\\Api\\Commands\\Emails;\nuse Froxlor\\Api\\Commands\\FpmDaemons;\nuse Froxlor\\Api\\Commands\\Ftps;\nuse Froxlor\\Api\\Commands\\HostingPlans;\nuse Froxlor\\Api\\Commands\\IpsAndPorts;\nuse Froxlor\\Api\\Commands\\Mysqls;\nuse Froxlor\\Api\\Commands\\PhpSettings;\nuse Froxlor\\Api\\Commands\\SubDomains;\nuse Froxlor\\Froxlor;\nuse Froxlor\\PhpHelper;\nuse Froxlor\\Settings;\nuse Froxlor\\UI\\Collection;\n\nclass GlobalSearch\n{\n\tprotected array $userinfo;\n\n\tpublic static function searchSettings(string $searchtext, array $userinfo): array\n\t{\n\t\t$result = [];\n\t\tif ($searchtext && strlen(trim($searchtext)) > 2) {\n\t\t\t$processed = [];\n\t\t\t$stparts = explode(\" \", $searchtext);\n\t\t\tforeach ($stparts as $searchtext) {\n\t\t\t\t$searchtext = trim($searchtext);\n\t\t\t\tif (preg_match('/^([a-z]+):$/', $searchtext, $matches)) {\n\t\t\t\t\t// only search settings if specific search is 'settings', else skip\n\t\t\t\t\tif ($matches[1] == 'settings') {\n\t\t\t\t\t\tcontinue;\n\t\t\t\t\t} else {\n\t\t\t\t\t\tbreak;\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\t$settings_data = PhpHelper::loadConfigArrayDir(Froxlor::getInstallDir() . '/actions/admin/settings/');\n\t\t\t\t$results = [];\n\t\t\t\tif (!isset($processed['settings'])) {\n\t\t\t\t\t$processed['settings'] = [];\n\t\t\t\t}\n\t\t\t\tPhpHelper::recursive_array_search($searchtext, $settings_data, $results);\n\t\t\t\tforeach ($results as $pathkey) {\n\t\t\t\t\t$pk = explode(\".\", $pathkey);\n\t\t\t\t\tif (count($pk) > 4) {\n\t\t\t\t\t\t$settingkey = $pk[0] . '.' . $pk[1] . '.' . $pk[2] . '.' . $pk[3];\n\t\t\t\t\t\tif (isset($settings_data[$pk[0]][$pk[1]]['advanced_mode']) && $settings_data[$pk[0]][$pk[1]]['advanced_mode'] && (int)Settings::Get('panel.settings_mode') == 0) {\n\t\t\t\t\t\t\tcontinue;\n\t\t\t\t\t\t}\n\t\t\t\t\t\tif (is_array($processed['settings']) && !array_key_exists($settingkey, $processed['settings'])) {\n\t\t\t\t\t\t\t$processed['settings'][$settingkey] = true;\n\t\t\t\t\t\t\t$sresult = $settings_data[$pk[0]][$pk[1]][$pk[2]][$pk[3]];\n\t\t\t\t\t\t\tif (isset($sresult['advanced_mode']) && $sresult['advanced_mode'] && (int)Settings::Get('panel.settings_mode') == 0) {\n\t\t\t\t\t\t\t\tcontinue;\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\tif ($sresult['type'] != 'hidden') {\n\t\t\t\t\t\t\t\tif (!isset($result['settings'])) {\n\t\t\t\t\t\t\t\t\t$result['settings'] = [];\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t$result['settings'][] = [\n\t\t\t\t\t\t\t\t\t'title' => (is_array($sresult['label']) ? $sresult['label']['title'] : $sresult['label']),\n\t\t\t\t\t\t\t\t\t'href' => 'admin_settings.php?page=overview&part=' . $pk[1] . '&em=' . $pk[3]\n\t\t\t\t\t\t\t\t];\n\t\t\t\t\t\t\t} // not hidden\n\t\t\t\t\t\t} // if not processed\n\t\t\t\t\t} // correct settingkey\n\t\t\t\t} // foreach\n\t\t\t} // foreach\n\t\t} // searchtext min 3 chars\n\t\treturn $result;\n\t}\n\n\t/**\n\t *\n\t */\n\tpublic static function searchGlobal(string $searchtext, array $userinfo): array\n\t{\n\t\t$result = [];\n\t\tif ($searchtext && strlen(trim($searchtext)) > 2) {\n\t\t\t$processed = [];\n\n\t\t\t$stparts = explode(\" \", $searchtext);\n\t\t\t$module = \"\";\n\n\t\t\tforeach ($stparts as $searchtext) {\n\t\t\t\t$searchtext = trim($searchtext);\n\n\t\t\t\tif (preg_match('/^([a-z]+):$/', $searchtext, $matches)) {\n\t\t\t\t\t$module = $matches[1];\n\t\t\t\t\tif ($matches[1] == 'settings') {\n\t\t\t\t\t\tbreak;\n\t\t\t\t\t} else {\n\t\t\t\t\t\tcontinue;\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\t// admin\n\t\t\t\tif (isset($userinfo['adminsession']) && $userinfo['adminsession'] == 1) {\n\t\t\t\t\t$toSearch = [\n\t\t\t\t\t\t// customers\n\t\t\t\t\t\t'customer' => [\n\t\t\t\t\t\t\t'class' => Customers::class,\n\t\t\t\t\t\t\t'searchfields' => [\n\t\t\t\t\t\t\t\t'c.loginname',\n\t\t\t\t\t\t\t\t'c.name',\n\t\t\t\t\t\t\t\t'c.firstname',\n\t\t\t\t\t\t\t\t'c.company',\n\t\t\t\t\t\t\t\t'c.street',\n\t\t\t\t\t\t\t\t'c.zipcode',\n\t\t\t\t\t\t\t\t'c.city',\n\t\t\t\t\t\t\t\t'c.email',\n\t\t\t\t\t\t\t\t'c.customernumber',\n\t\t\t\t\t\t\t\t'c.custom_notes'\n\t\t\t\t\t\t\t],\n\t\t\t\t\t\t\t'result_key' => 'loginname',\n\t\t\t\t\t\t\t'result_format' => [\n\t\t\t\t\t\t\t\t'title' => ['\\\\Froxlor\\\\User', 'getCorrectFullUserDetails'],\n\t\t\t\t\t\t\t\t'href' => 'admin_customers.php?page=customers&searchfield=c.loginname&searchtext='\n\t\t\t\t\t\t\t]\n\t\t\t\t\t\t],\n\t\t\t\t\t\t// domains\n\t\t\t\t\t\t'domains' => [\n\t\t\t\t\t\t\t'class' => Domains::class,\n\t\t\t\t\t\t\t'searchfields' => [\n\t\t\t\t\t\t\t\t'd.domain',\n\t\t\t\t\t\t\t\t'd.domain_ace',\n\t\t\t\t\t\t\t\t'd.documentroot'\n\t\t\t\t\t\t\t],\n\t\t\t\t\t\t\t'result_key' => 'domain_ace',\n\t\t\t\t\t\t\t'result_format' => [\n\t\t\t\t\t\t\t\t'title' => ['\\\\Froxlor\\\\Ajax\\\\GlobalSearch', 'getFieldFromResult'],\n\t\t\t\t\t\t\t\t'title_args' => 'domain_ace',\n\t\t\t\t\t\t\t\t'href' => 'admin_domains.php?page=domains&searchfield=d.domain_ace&searchtext='\n\t\t\t\t\t\t\t]\n\t\t\t\t\t\t],\n\t\t\t\t\t\t// ips and ports\n\t\t\t\t\t\t'ipsandports' => [\n\t\t\t\t\t\t\t'class' => IpsAndPorts::class,\n\t\t\t\t\t\t\t'searchfields' => [\n\t\t\t\t\t\t\t\t'ip',\n\t\t\t\t\t\t\t\t'vhostcontainer',\n\t\t\t\t\t\t\t\t'specialsettings'\n\t\t\t\t\t\t\t],\n\t\t\t\t\t\t\t'result_key' => 'ip',\n\t\t\t\t\t\t\t'result_groupkey' => 'ip',\n\t\t\t\t\t\t\t'result_format' => [\n\t\t\t\t\t\t\t\t'title' => ['\\\\Froxlor\\\\Ajax\\\\GlobalSearch', 'getFieldFromResult'],\n\t\t\t\t\t\t\t\t'title_args' => 'ip',\n\t\t\t\t\t\t\t\t'href' => 'admin_ipsandports.php?page=ipsandports&searchfield=ip&searchtext='\n\t\t\t\t\t\t\t]\n\t\t\t\t\t\t],\n\t\t\t\t\t\t// hosting-plans\n\t\t\t\t\t\t'hostingplans' => [\n\t\t\t\t\t\t\t'class' => HostingPlans::class,\n\t\t\t\t\t\t\t'searchfields' => [\n\t\t\t\t\t\t\t\t'p.name',\n\t\t\t\t\t\t\t\t'p.description'\n\t\t\t\t\t\t\t],\n\t\t\t\t\t\t\t'result_key' => 'id',\n\t\t\t\t\t\t\t'result_format' => [\n\t\t\t\t\t\t\t\t'title' => ['\\\\Froxlor\\\\Ajax\\\\GlobalSearch', 'getFieldFromResult'],\n\t\t\t\t\t\t\t\t'title_args' => 'name',\n\t\t\t\t\t\t\t\t'href' => 'admin_plans.php?page=overview&searchfield=id&searchtext='\n\t\t\t\t\t\t\t]\n\t\t\t\t\t\t],\n\t\t\t\t\t\t// PHP configs\n\t\t\t\t\t\t'phpconfigs' => [\n\t\t\t\t\t\t\t'class' => PhpSettings::class,\n\t\t\t\t\t\t\t'searchfields' => [\n\t\t\t\t\t\t\t\t'c.description',\n\t\t\t\t\t\t\t\t'fd.description',\n\t\t\t\t\t\t\t\t'c.binary'\n\t\t\t\t\t\t\t],\n\t\t\t\t\t\t\t'result_key' => 'id',\n\t\t\t\t\t\t\t'result_format' => [\n\t\t\t\t\t\t\t\t'title' => ['\\\\Froxlor\\\\Ajax\\\\GlobalSearch', 'getFieldFromResult'],\n\t\t\t\t\t\t\t\t'title_args' => 'description',\n\t\t\t\t\t\t\t\t'href' => 'admin_phpsettings.php?page=overview&searchfield=id&searchtext='\n\t\t\t\t\t\t\t]\n\t\t\t\t\t\t],\n\t\t\t\t\t\t// FPM daemons\n\t\t\t\t\t\t'fpmconfigs' => [\n\t\t\t\t\t\t\t'class' => FpmDaemons::class,\n\t\t\t\t\t\t\t'searchfields' => [\n\t\t\t\t\t\t\t\t'description',\n\t\t\t\t\t\t\t\t'reload_cmd'\n\t\t\t\t\t\t\t],\n\t\t\t\t\t\t\t'result_key' => 'id',\n\t\t\t\t\t\t\t'result_format' => [\n\t\t\t\t\t\t\t\t'title' => ['\\\\Froxlor\\\\Ajax\\\\GlobalSearch', 'getFieldFromResult'],\n\t\t\t\t\t\t\t\t'title_args' => 'description',\n\t\t\t\t\t\t\t\t'href' => 'admin_phpsettings.php?page=fpmdaemons&searchfield=id&searchtext='\n\t\t\t\t\t\t\t]\n\t\t\t\t\t\t]\n\t\t\t\t\t];\n\n\t\t\t\t\tif ((bool)$userinfo['change_serversettings']) {\n\t\t\t\t\t\t// admins\n\t\t\t\t\t\t$toSearch['admins'] = [\n\t\t\t\t\t\t\t'class' => Admins::class,\n\t\t\t\t\t\t\t'searchfields' => [\n\t\t\t\t\t\t\t\t'loginname',\n\t\t\t\t\t\t\t\t'name',\n\t\t\t\t\t\t\t\t'email',\n\t\t\t\t\t\t\t\t'custom_notes'\n\t\t\t\t\t\t\t],\n\t\t\t\t\t\t\t'result_key' => 'loginname',\n\t\t\t\t\t\t\t'result_format' => [\n\t\t\t\t\t\t\t\t'title' => ['\\\\Froxlor\\\\Ajax\\\\GlobalSearch', 'getFieldFromResult'],\n\t\t\t\t\t\t\t\t'title_args' => 'name',\n\t\t\t\t\t\t\t\t'href' => 'admin_admins.php?page=admins&searchfield=loginname&searchtext='\n\t\t\t\t\t\t\t]\n\t\t\t\t\t\t];\n\t\t\t\t\t}\n\t\t\t\t} else {\n\t\t\t\t\t$toSearch = [\n\t\t\t\t\t\t// (sub)domains\n\t\t\t\t\t\t'domains' => [\n\t\t\t\t\t\t\t'class' => SubDomains::class,\n\t\t\t\t\t\t\t'searchfields' => [\n\t\t\t\t\t\t\t\t'd.domain',\n\t\t\t\t\t\t\t\t'd.domain_ace',\n\t\t\t\t\t\t\t\t'd.documentroot'\n\t\t\t\t\t\t\t],\n\t\t\t\t\t\t\t'result_key' => 'domain_ace',\n\t\t\t\t\t\t\t'result_format' => [\n\t\t\t\t\t\t\t\t'title' => ['\\\\Froxlor\\\\Ajax\\\\GlobalSearch', 'getFieldFromResult'],\n\t\t\t\t\t\t\t\t'title_args' => 'domain_ace',\n\t\t\t\t\t\t\t\t'href' => 'customer_domains.php?page=domains&searchfield=d.domain_ace&searchtext='\n\t\t\t\t\t\t\t]\n\t\t\t\t\t\t],\n\t\t\t\t\t\t// email addresses\n\t\t\t\t\t\t'emails' => [\n\t\t\t\t\t\t\t'class' => Emails::class,\n\t\t\t\t\t\t\t'searchfields' => [\n\t\t\t\t\t\t\t\t'm.email',\n\t\t\t\t\t\t\t\t'm.email_full'\n\t\t\t\t\t\t\t],\n\t\t\t\t\t\t\t'result_key' => 'email',\n\t\t\t\t\t\t\t'result_format' => [\n\t\t\t\t\t\t\t\t'title' => ['\\\\Froxlor\\\\Ajax\\\\GlobalSearch', 'getFieldFromResult'],\n\t\t\t\t\t\t\t\t'title_args' => 'email',\n\t\t\t\t\t\t\t\t'href' => 'customer_email.php?page=email_domain&domainid={domainid}&searchfield=m.email&searchtext='\n\t\t\t\t\t\t\t]\n\t\t\t\t\t\t],\n\t\t\t\t\t\t// email-domains\n\t\t\t\t\t\t'email_domains' => [\n\t\t\t\t\t\t\t'class' => EmailDomains::class,\n\t\t\t\t\t\t\t'searchfields' => [\n\t\t\t\t\t\t\t\t'd.domain',\n\t\t\t\t\t\t\t],\n\t\t\t\t\t\t\t'result_key' => 'domain',\n\t\t\t\t\t\t\t'result_format' => [\n\t\t\t\t\t\t\t\t'title' => ['\\\\Froxlor\\\\Ajax\\\\GlobalSearch', 'getFieldFromResult'],\n\t\t\t\t\t\t\t\t'title_args' => 'domain',\n\t\t\t\t\t\t\t\t'href' => 'customer_email.php?page=emails&searchfield=d.domain&searchtext='\n\t\t\t\t\t\t\t]\n\t\t\t\t\t\t],\n\t\t\t\t\t\t// databases\n\t\t\t\t\t\t'databases' => [\n\t\t\t\t\t\t\t'class' => Mysqls::class,\n\t\t\t\t\t\t\t'searchfields' => [\n\t\t\t\t\t\t\t\t'databasename',\n\t\t\t\t\t\t\t\t'description'\n\t\t\t\t\t\t\t],\n\t\t\t\t\t\t\t'result_key' => 'databasename',\n\t\t\t\t\t\t\t'result_format' => [\n\t\t\t\t\t\t\t\t'title' => ['\\\\Froxlor\\\\Ajax\\\\GlobalSearch', 'getFieldFromResult'],\n\t\t\t\t\t\t\t\t'title_args' => 'databasename',\n\t\t\t\t\t\t\t\t'href' => 'customer_mysql.php?page=mysqls&searchfield=databasename&searchtext='\n\t\t\t\t\t\t\t]\n\t\t\t\t\t\t],\n\t\t\t\t\t\t// ftp user\n\t\t\t\t\t\t'ftpuser' => [\n\t\t\t\t\t\t\t'class' => Ftps::class,\n\t\t\t\t\t\t\t'searchfields' => [\n\t\t\t\t\t\t\t\t'username',\n\t\t\t\t\t\t\t\t'description'\n\t\t\t\t\t\t\t],\n\t\t\t\t\t\t\t'result_key' => 'username',\n\t\t\t\t\t\t\t'result_format' => [\n\t\t\t\t\t\t\t\t'title' => ['\\\\Froxlor\\\\Ajax\\\\GlobalSearch', 'getFieldFromResult'],\n\t\t\t\t\t\t\t\t'title_args' => 'username',\n\t\t\t\t\t\t\t\t'href' => 'customer_ftp.php?page=accounts&searchfield=username&searchtext='\n\t\t\t\t\t\t\t]\n\t\t\t\t\t\t]\n\t\t\t\t\t];\n\t\t\t\t}\n\n\t\t\t\t// module specific search\n\t\t\t\tif (!empty($module)) {\n\t\t\t\t\t$modSearch = $toSearch[$module] ?? [];\n\t\t\t\t\t$toSearch = [$module => $modSearch];\n\t\t\t\t}\n\n\t\t\t\tforeach ($toSearch as $entity => $edata) {\n\t\t\t\t\t$collection = (new Collection($edata['class'], $userinfo))\n\t\t\t\t\t\t->setInternal(true)\n\t\t\t\t\t\t->addParam([\n\t\t\t\t\t\t\t'sql_search' => [\n\t\t\t\t\t\t\t\t'_plainsql' => self::searchStringSql($edata['searchfields'], $searchtext)\n\t\t\t\t\t\t\t]\n\t\t\t\t\t\t]);\n\t\t\t\t\tif ($collection->count() > 0) {\n\t\t\t\t\t\tif (!isset($processed[$entity])) {\n\t\t\t\t\t\t\t$processed[$entity] = [];\n\t\t\t\t\t\t}\n\t\t\t\t\t\t$group_key = $edata['result_groupkey'] ?? $edata['result_key'];\n\t\t\t\t\t\tforeach ($collection->getList() as $cresult) {\n\t\t\t\t\t\t\tif (is_array($processed[$entity]) && !array_key_exists($cresult[$group_key], $processed[$entity])) {\n\t\t\t\t\t\t\t\t$processed[$entity][$cresult[$group_key]] = true;\n\t\t\t\t\t\t\t\tif (!isset($result[$entity])) {\n\t\t\t\t\t\t\t\t\t$result[$entity] = [];\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t// replacer from result in href\n\t\t\t\t\t\t\t\t$href_replacer = [];\n\t\t\t\t\t\t\t\tif (preg_match_all('/\\{([a-z]+)\\}/', $edata['result_format']['href'], $href_replacer) !== false) {\n\t\t\t\t\t\t\t\t\tforeach ($href_replacer[1] as $href_field) {\n\t\t\t\t\t\t\t\t\t\t$href_field_value = self::getFieldFromResult($cresult, $href_field);\n\t\t\t\t\t\t\t\t\t\t$edata['result_format']['href'] = str_replace('{' . $href_field . '}', $href_field_value, $edata['result_format']['href']);\n\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t$result[$entity][] = [\n\t\t\t\t\t\t\t\t\t'title' => call_user_func($edata['result_format']['title'], $cresult, ($edata['result_format']['title_args'] ?? null)),\n\t\t\t\t\t\t\t\t\t'href' => $edata['result_format']['href'] . $cresult[$edata['result_key']]\n\t\t\t\t\t\t\t\t];\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t} // foreach entity\n\n\t\t\t} // foreach split search-term\n\t\t}\n\t\treturn $result;\n\t}\n\n\tprivate static function searchStringSql(array $searchfields, $searchtext)\n\t{\n\t\t$result = ['sql' => [], 'values' => []];\n\t\t$result['sql'] = \"(\";\n\t\tforeach ($searchfields as $sf) {\n\t\t\t$result['sql'] .= $sf . \" LIKE :searchtext OR \";\n\t\t}\n\t\t$result['sql'] = substr($result['sql'], 0, -3) . \")\";\n\t\t$result['values'] = ['searchtext' => '%' . $searchtext . '%'];\n\t\treturn $result;\n\t}\n\n\tprivate static function getFieldFromResult(array $resultset, string $field = null)\n\t{\n\t\treturn $resultset[$field] ?? '';\n\t}\n}\n" }, { "path": "lib/Froxlor/Ajax/index.html", "content": "" }, { "path": "lib/Froxlor/Api/Api.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Api;\n\nuse Exception;\nuse Froxlor\\Http\\RateLimiter;\nuse Froxlor\\Settings;\nuse voku\\helper\\AntiXSS;\n\nclass Api\n{\n\tprotected array $headers;\n\n\tprotected $request = null;\n\n\t/**\n\t * Api constructor.\n\t *\n\t * @throws Exception\n\t */\n\tpublic function __construct()\n\t{\n\t\t$this->headers = getallheaders();\n\n\t\t// set header for the response\n\t\theader(\"Accept: application/json\");\n\t\theader(\"Content-Type: application/json\");\n\n\t\t// check whether API interface is enabled after all\n\t\tif (Settings::Get('api.enabled') != 1) {\n\t\t\tthrow new Exception('API is not enabled. Please contact the administrator if you think this is wrong.', 400);\n\t\t}\n\n\t\tRateLimiter::run();\n\t}\n\n\t/**\n\t * @param mixed $request\n\t *\n\t * @return Api\n\t */\n\tpublic function formatMiddleware($request): Api\n\t{\n\t\t// check auf RESTful api call\n\t\t$this->request = $request;\n\n\t\t$uri = parse_url($_SERVER[\"REQUEST_URI\"], PHP_URL_QUERY);\n\t\t// map /module/command to internal request array if match\n\t\tif (!empty($uri) && preg_match(\"/^\\/([a-z]+)\\/([a-z]+)\\/?/\", $uri, $matches)) {\n\t\t\t$request = [];\n\t\t\t$request['command'] = ucfirst($matches[1]) . '.' . $matches[2];\n\t\t\t$request['params'] = !empty($this->request) ? json_decode($this->request, true) : null;\n\t\t\t$this->request = json_encode($request);\n\t\t}\n\t\treturn $this;\n\t}\n\n\t/**\n\t * Handle incoming api request to our backend.\n\t *\n\t * @throws Exception\n\t */\n\tpublic function handle()\n\t{\n\t\t$request = $this->request;\n\t\t// validate content\n\t\t$request = FroxlorRPC::validateRequest($request);\n\t\t$request = (new AntiXSS())->xss_clean(\n\t\t\t$this->stripcslashesDeep($request)\n\t\t);\n\n\t\t// now actually do it\n\t\t$cls = \"\\\\Froxlor\\\\Api\\\\Commands\\\\\" . $request['command']['class'];\n\t\t$method = $request['command']['method'];\n\t\t$apiObj = new $cls([\n\t\t\t'apikey' => $_SERVER['PHP_AUTH_USER'],\n\t\t\t'secret' => $_SERVER['PHP_AUTH_PW']\n\t\t], $request['params']);\n\n\t\t// call the method with the params if any\n\t\treturn $apiObj->$method();\n\t}\n\n\t/**\n\t * API PHP error handler to always return a valid JSON response\n\t *\n\t * @param mixed $errno\n\t * @param mixed $errstr\n\t * @param mixed $errfile\n\t * @param mixed $errline\n\t * @return never\n\t */\n\tpublic static function phpErrHandler($errno, $errstr, $errfile, $errline)\n\t{\n\t\tthrow new Exception('Internal PHP error: #' . $errno . ' ' . $errstr /* . ' in ' . $errfile . ':' . $errline */, 500);\n\t}\n\n\tprivate function stripcslashesDeep($value)\n\t{\n\t\treturn is_array($value) ? array_map([$this, 'stripcslashesDeep'], $value) : (!empty($value) ? stripcslashes($value) : $value);\n\t}\n}\n" }, { "path": "lib/Froxlor/Api/ApiCommand.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Api;\n\nuse Exception;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\Froxlor;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\Language;\nuse Froxlor\\PhpHelper;\nuse Froxlor\\Settings;\nuse Froxlor\\System\\Mailer;\n\nabstract class ApiCommand extends ApiParameter\n{\n\n\t/**\n\t * froxlor version\n\t *\n\t * @var string\n\t */\n\tprotected $version = null;\n\t/**\n\t * froxlor dbversion\n\t *\n\t * @var int\n\t */\n\tprotected $dbversion = null;\n\t/**\n\t * froxlor version-branding\n\t *\n\t * @var string\n\t */\n\tprotected $branding = null;\n\t/**\n\t * debug flag\n\t *\n\t * @var boolean\n\t */\n\tprivate $debug = false;\n\t/**\n\t * is admin flag\n\t *\n\t * @var boolean\n\t */\n\tprivate $is_admin = false;\n\t/**\n\t * internal user data array\n\t *\n\t * @var array\n\t */\n\tprivate $user_data = null;\n\t/**\n\t * logger interface\n\t *\n\t * @var FroxlorLogger\n\t */\n\tprivate $logger = null;\n\t/**\n\t * mail interface\n\t *\n\t * @var Mailer\n\t */\n\tprivate $mail = null;\n\t/**\n\t * whether the call is an internal one or not\n\t *\n\t * @var boolean\n\t */\n\tprivate $internal_call = false;\n\n\t/**\n\t *\n\t * @param array $header\n\t * optional, passed via API\n\t * @param array $params\n\t * optional, array of parameters (var=>value) for the command\n\t * @param array $userinfo\n\t * optional, passed via WebInterface (instead of $header)\n\t * @param boolean $internal\n\t * optional whether called internally, default false\n\t *\n\t * @throws Exception\n\t */\n\tfinal public function __construct($header = null, $params = null, $userinfo = null, $internal = false)\n\t{\n\t\tparent::__construct($params);\n\n\t\t$this->version = Froxlor::VERSION;\n\t\t$this->dbversion = Froxlor::DBVERSION;\n\t\t$this->branding = Froxlor::BRANDING;\n\n\t\tif (!empty($header)) {\n\t\t\t$this->readUserData($header);\n\t\t} elseif (!empty($userinfo)) {\n\t\t\t$this->user_data = $userinfo;\n\t\t\t$this->is_admin = (isset($userinfo['adminsession']) && $userinfo['adminsession'] == 1 && $userinfo['adminid'] > 0) ? true : false;\n\t\t} else {\n\t\t\tthrow new Exception(\"Invalid user data\", 500);\n\t\t}\n\t\t$this->logger = FroxlorLogger::getInstanceOf($this->user_data);\n\n\t\t// check whether the user is deactivated\n\t\tif ($this->getUserDetail('deactivated') == 1) {\n\t\t\t$this->logger()->logAction(FroxlorLogger::LOG_ERROR, LOG_INFO, \"[API] User '\" . $this->getUserDetail('loginnname') . \"' tried to use API but is deactivated\");\n\t\t\tthrow new Exception(\"Account suspended\", 406);\n\t\t}\n\n\t\t$this->initLang();\n\n\t\t/**\n\t\t * Initialize the mailingsystem\n\t\t */\n\t\t$this->mail = new Mailer(true);\n\n\t\tif ($this->debug) {\n\t\t\t$this->logger()->logAction(FroxlorLogger::LOG_ERROR, LOG_DEBUG, \"[API] \" . get_called_class() . \": \" . json_encode($params, JSON_UNESCAPED_SLASHES));\n\t\t}\n\n\t\t// set internal call flag\n\t\t$this->internal_call = $internal;\n\t}\n\n\t/**\n\t * read user data from database by api-request-header fields\n\t *\n\t * @param array $header\n\t * api-request header\n\t *\n\t * @return boolean\n\t * @throws Exception\n\t */\n\tprivate function readUserData($header = null)\n\t{\n\t\t$sel_stmt = Database::prepare(\"SELECT * FROM `api_keys` WHERE `apikey` = :ak AND `secret` = :as\");\n\t\t$result = Database::pexecute_first($sel_stmt, [\n\t\t\t'ak' => $header['apikey'],\n\t\t\t'as' => $header['secret']\n\t\t], true, true);\n\t\tif ($result) {\n\t\t\t// admin or customer?\n\t\t\tif ($result['customerid'] == 0 && $result['adminid'] > 0) {\n\t\t\t\t$this->is_admin = true;\n\t\t\t\t$table = 'panel_admins';\n\t\t\t\t$key = \"adminid\";\n\t\t\t} elseif ($result['customerid'] > 0 && $result['adminid'] > 0) {\n\t\t\t\t$this->is_admin = false;\n\t\t\t\t$table = 'panel_customers';\n\t\t\t\t$key = \"customerid\";\n\t\t\t} else {\n\t\t\t\t// neither adminid is > 0 nor customerid is > 0 - sorry man, no way\n\t\t\t\tthrow new Exception(\"Invalid API credentials\", 400);\n\t\t\t}\n\t\t\t$sel_stmt = Database::prepare(\"SELECT * FROM `\" . $table . \"` WHERE `\" . $key . \"` = :id\");\n\t\t\t$this->user_data = Database::pexecute_first($sel_stmt, [\n\t\t\t\t'id' => ($this->is_admin ? $result['adminid'] : $result['customerid'])\n\t\t\t], true, true);\n\t\t\tif ($this->is_admin) {\n\t\t\t\t$this->user_data['adminsession'] = 1;\n\t\t\t}\n\t\t\treturn true;\n\t\t}\n\t\tthrow new Exception(\"Invalid API credentials\", 400);\n\t}\n\n\t/**\n\t * return field from user-table\n\t *\n\t * @param string $detail\n\t *\n\t * @return string|null\n\t */\n\tprotected function getUserDetail($detail = null)\n\t{\n\t\treturn ($this->user_data[$detail] ?? null);\n\t}\n\n\t/**\n\t * return logger instance\n\t *\n\t * @return FroxlorLogger\n\t */\n\tprotected function logger()\n\t{\n\t\treturn $this->logger;\n\t}\n\n\t/**\n\t * initialize language to have localized strings available for the ApiCommands\n\t */\n\tprivate function initLang()\n\t{\n\t\tLanguage::setLanguage(Settings::Get('panel.standardlanguage'));\n\n\t\tif ($this->getUserDetail('language') !== null && isset(Language::getLanguages()[$this->getUserDetail('language')])) {\n\t\t\tLanguage::setLanguage($this->getUserDetail('language'));\n\t\t} elseif ($this->getUserDetail('def_language') !== null) {\n\t\t\tLanguage::setLanguage($this->getUserDetail('def_language'));\n\t\t}\n\t}\n\n\t/**\n\t * increase/decrease a resource field for customers/admins\n\t *\n\t * @param string $table\n\t * @param string $keyfield\n\t * @param int $key\n\t * @param string $operator\n\t * @param string $resource\n\t * @param string $extra\n\t * @param int $step\n\t */\n\tprotected static function updateResourceUsage($table = null, $keyfield = null, $key = null, $operator = '+', $resource = null, $extra = null, $step = 1)\n\t{\n\t\t$stmt = Database::prepare(\"\n\t\t\tUPDATE `\" . $table . \"`\n\t\t\tSET `\" . $resource . \"` = `\" . $resource . \"` \" . $operator . \" \" . (int)$step . \" \" . $extra . \"\n\t\t\tWHERE `\" . $keyfield . \"` = :key\n\t\t\");\n\t\tDatabase::pexecute($stmt, [\n\t\t\t'key' => $key\n\t\t], true, true);\n\t}\n\n\t/**\n\t * return SQL when parameter $sql_search is given via API\n\t *\n\t * @param array $sql_search\n\t * optional array with index = fieldname, and value = array with 'op' => operator (one of <, > or =),\n\t * LIKE is used if left empty and 'value' => searchvalue\n\t * @param array $query_fields\n\t * optional array of placeholders mapped to the actual value which is used in the API commands when\n\t * executing the statement [internal]\n\t * @param boolean $append\n\t * optional append to WHERE clause rather then create new one, default false [internal]\n\t *\n\t * @return string\n\t */\n\tprotected function getSearchWhere(&$query_fields = [], $append = false)\n\t{\n\t\t$search = $this->getParam('sql_search', true, []);\n\t\t$condition = '';\n\t\tif (!empty($search)) {\n\t\t\tif ($append == true) {\n\t\t\t\t$condition = ' AND ';\n\t\t\t} else {\n\t\t\t\t$condition = ' WHERE ';\n\t\t\t}\n\t\t\t$ops = [\n\t\t\t\t'<',\n\t\t\t\t'>',\n\t\t\t\t'=',\n\t\t\t\t'<>'\n\t\t\t];\n\t\t\t$first = true;\n\t\t\tforeach ($search as $field => $valoper) {\n\t\t\t\tif ($field == '_plainsql' && $this->internal_call) {\n\t\t\t\t\tif (isset($valoper['sql']) && isset($valoper['values']) && is_array($valoper['values'])) {\n\t\t\t\t\t\tif (preg_match('/^([a-z0-9\\-\\.,=\\+_`\\(\\)\\:\\'\\\"\\!\\<\\>\\ ]+)$/i', $valoper['sql']) == false) {\n\t\t\t\t\t\t\t// skip\n\t\t\t\t\t\t\tcontinue;\n\t\t\t\t\t\t}\n\t\t\t\t\t\t$condition .= $valoper['sql'];\n\t\t\t\t\t\tforeach ($valoper['values'] as $var => $value) {\n\t\t\t\t\t\t\t$query_fields[':' . $var] = $value;\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t} else {\n\t\t\t\t\t$cleanfield = str_replace(\".\", \"\", $field);\n\t\t\t\t\t$sortfield = explode('.', $field);\n\t\t\t\t\tforeach ($sortfield as $id => $sfield) {\n\t\t\t\t\t\tif (substr($sfield, -1, 1) != '`') {\n\t\t\t\t\t\t\t$sfield .= '`';\n\t\t\t\t\t\t}\n\t\t\t\t\t\tif ($sfield[0] != '`') {\n\t\t\t\t\t\t\t$sfield = '`' . $sfield;\n\t\t\t\t\t\t}\n\t\t\t\t\t\t$sortfield[$id] = $sfield;\n\t\t\t\t\t}\n\t\t\t\t\t$field = implode('.', $sortfield);\n\t\t\t\t\tif (preg_match('/^([a-z0-9\\-\\._`]+)$/i', $field) == false) {\n\t\t\t\t\t\t// skip\n\t\t\t\t\t\tcontinue;\n\t\t\t\t\t}\n\t\t\t\t\tif (!$first) {\n\t\t\t\t\t\t$condition .= ' AND ';\n\t\t\t\t\t}\n\t\t\t\t\tif (!is_array($valoper) || !isset($valoper['op']) || empty($valoper['op'])) {\n\t\t\t\t\t\t$condition .= $field . ' LIKE :' . $cleanfield;\n\t\t\t\t\t\tif (!is_array($valoper)) {\n\t\t\t\t\t\t\t$query_fields[':' . $cleanfield] = '%' . $valoper . '%';\n\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t$query_fields[':' . $cleanfield] = '%' . $valoper['value'] . '%';\n\t\t\t\t\t\t}\n\t\t\t\t\t} elseif (in_array($valoper['op'], $ops)) {\n\t\t\t\t\t\t$condition .= $field . ' ' . $valoper['op'] . ':' . $cleanfield;\n\t\t\t\t\t\t$query_fields[':' . $cleanfield] = $valoper['value'] ?? '';\n\t\t\t\t\t} elseif (strtolower($valoper['op']) == 'in' && is_array($valoper['value']) && count($valoper['value']) > 0) {\n\t\t\t\t\t\t$condition .= $field . ' ' . $valoper['op'] . ' (';\n\t\t\t\t\t\tforeach ($valoper['value'] as $incnt => $invalue) {\n\t\t\t\t\t\t\tif (!is_numeric($incnt)) {\n\t\t\t\t\t\t\t\t// skip\n\t\t\t\t\t\t\t\tcontinue;\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\tif (!empty($invalue) && preg_match('/^([a-z0-9\\-\\._`]+)$/i', $invalue) == false) {\n\t\t\t\t\t\t\t\t// skip\n\t\t\t\t\t\t\t\tcontinue;\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t$condition .= \":\" . $cleanfield . $incnt . \", \";\n\t\t\t\t\t\t\t$query_fields[':' . $cleanfield . $incnt] = $invalue ?? '';\n\t\t\t\t\t\t}\n\t\t\t\t\t\t$condition = substr($condition, 0, -2) . ')';\n\t\t\t\t\t} else {\n\t\t\t\t\t\tcontinue;\n\t\t\t\t\t}\n\t\t\t\t\tif ($first) {\n\t\t\t\t\t\t$first = false;\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t\treturn $condition;\n\t}\n\n\t/**\n\t * return LIMIT clause when at least $sql_limit parameter is given via API\n\t *\n\t * @param int $sql_limit\n\t * optional, limit resultset, default 0\n\t * @param int $sql_offset\n\t * optional, offset for limitation, default 0\n\t *\n\t * @return string\n\t */\n\tprotected function getLimit()\n\t{\n\t\t$limit = $this->getParam('sql_limit', true, 0);\n\t\t$offset = $this->getParam('sql_offset', true, 0);\n\n\t\tif (!is_numeric($limit)) {\n\t\t\t$limit = 0;\n\t\t}\n\t\tif (!is_numeric($offset)) {\n\t\t\t$offset = 0;\n\t\t}\n\n\t\tif ($limit > 0) {\n\t\t\treturn ' LIMIT ' . $offset . ',' . $limit;\n\t\t}\n\n\t\treturn '';\n\t}\n\n\t/**\n\t * return ORDER BY clause if parameter $sql_orderby parameter is given via API\n\t *\n\t * @param array $sql_orderby\n\t * optional array with index = fieldname and value = ASC|DESC\n\t * @param boolean $append\n\t * optional append to ORDER BY clause rather then create new one, default false [internal]\n\t *\n\t * @return string\n\t */\n\tprotected function getOrderBy($append = false)\n\t{\n\t\t$orderby = $this->getParam('sql_orderby', true, []);\n\t\t$order = \"\";\n\t\tif (!empty($orderby)) {\n\t\t\tif ($append) {\n\t\t\t\t$order .= \", \";\n\t\t\t} else {\n\t\t\t\t$order .= \" ORDER BY \";\n\t\t\t}\n\n\t\t\t$nat_fields = [\n\t\t\t\t'`c`.`loginname`',\n\t\t\t\t'`c`.`name`',\n\t\t\t\t'`a`.`loginname`',\n\t\t\t\t'`adminname`',\n\t\t\t\t'`databasename`',\n\t\t\t\t'`username`'\n\t\t\t];\n\n\t\t\tforeach ($orderby as $field => $by) {\n\t\t\t\t$sortfield = explode('.', $field);\n\t\t\t\tforeach ($sortfield as $id => $sfield) {\n\t\t\t\t\tif (substr($sfield, -1, 1) != '`') {\n\t\t\t\t\t\t$sfield .= '`';\n\t\t\t\t\t}\n\t\t\t\t\tif ($sfield[0] != '`') {\n\t\t\t\t\t\t$sfield = '`' . $sfield;\n\t\t\t\t\t}\n\t\t\t\t\t$sortfield[$id] = $sfield;\n\t\t\t\t}\n\t\t\t\t$field = implode('.', $sortfield);\n\t\t\t\tif (preg_match('/^([a-z0-9\\-\\._`]+)$/i', $field) == false) {\n\t\t\t\t\t// skip\n\t\t\t\t\tcontinue;\n\t\t\t\t}\n\t\t\t\t$by = strtoupper($by);\n\t\t\t\tif (!in_array($by, [\n\t\t\t\t\t'ASC',\n\t\t\t\t\t'DESC'\n\t\t\t\t])) {\n\t\t\t\t\t$by = 'ASC';\n\t\t\t\t}\n\t\t\t\tif (Settings::Get('panel.natsorting') == 1 && in_array($field, $nat_fields)) {\n\t\t\t\t\t// Acts similar to php's natsort(), found in one comment at http://my.opera.com/cpr/blog/show.dml/160556\n\t\t\t\t\t$order .= \"CONCAT( IF( ASCII( LEFT( \" . $field . \", 5 ) ) > 57,\n\t\t\t\t\tLEFT( \" . $field . \", 1 ), 0 ),\n\t\t\t\t\tIF( ASCII( RIGHT( \" . $field . \", 1 ) ) > 57,\n\t\t\t\t\t\tLPAD( \" . $field . \", 255, '0' ),\n\t\t\t\t\t\tLPAD( CONCAT( \" . $field . \", '-' ), 255, '0' )\n\t\t\t\t\t)) \" . $by . \", \";\n\t\t\t\t} else {\n\t\t\t\t\t$order .= $field . \" \" . $by . \", \";\n\t\t\t\t}\n\t\t\t}\n\t\t\t$order = substr($order, 0, -2);\n\t\t}\n\n\t\treturn $order;\n\t}\n\n\t/**\n\t * return mailer instance\n\t *\n\t * @return Mailer\n\t */\n\tprotected function mailer()\n\t{\n\t\treturn $this->mail;\n\t}\n\n\t/**\n\t * return api-compatible response in JSON format and send corresponding http-header\n\t *\n\t * @param mixed $data\n\t * @param int $response_code\n\t * @return string json-encoded response message\n\t */\n\tprotected function response($data = null, int $response_code = 200)\n\t{\n\t\treturn Response::jsonDataResponse($data, $response_code);\n\t}\n\n\t/**\n\t * returns an array of customers the current user can access\n\t *\n\t * @param string $customer_hide_option\n\t * optional, when called as customer, some options might be hidden due to the\n\t * panel.customer_hide_options settings\n\t *\n\t * @return array\n\t * @throws Exception\n\t */\n\tprotected function getAllowedCustomerIds($customer_hide_option = '')\n\t{\n\t\t$customer_ids = [];\n\t\tif ($this->isAdmin()) {\n\t\t\t// if we're an admin, list all of the admins customers\n\t\t\t// or optionally for one specific customer identified by id or loginname\n\t\t\t$customerid = $this->getParam('customerid', true, 0);\n\t\t\t$loginname = $this->getParam('loginname', true, '');\n\n\t\t\tif (!empty($customerid) || !empty($loginname)) {\n\t\t\t\t$_result = $this->apiCall('Customers.get', [\n\t\t\t\t\t'id' => $customerid,\n\t\t\t\t\t'loginname' => $loginname\n\t\t\t\t]);\n\t\t\t\t$custom_list_result = [\n\t\t\t\t\t$_result\n\t\t\t\t];\n\t\t\t} else {\n\t\t\t\t$_custom_list_result = $this->apiCall('Customers.listing');\n\t\t\t\t$custom_list_result = $_custom_list_result['list'];\n\t\t\t}\n\t\t\tforeach ($custom_list_result as $customer) {\n\t\t\t\t$customer_ids[] = $customer['customerid'];\n\t\t\t}\n\t\t} else {\n\t\t\tif (!$this->isInternal() && !empty($customer_hide_option) && Settings::IsInList('panel.customer_hide_options', $customer_hide_option)) {\n\t\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t\t}\n\t\t\t$customer_ids = [\n\t\t\t\t$this->getUserDetail('customerid')\n\t\t\t];\n\t\t}\n\t\tif (empty($customer_ids)) {\n\t\t\tthrow new Exception(\"Required resource unsatisfied.\", 405);\n\t\t}\n\t\treturn $customer_ids;\n\t}\n\n\t/**\n\t * admin flag\n\t *\n\t * @return boolean\n\t */\n\tprotected function isAdmin()\n\t{\n\t\treturn $this->is_admin;\n\t}\n\n\t/**\n\t * call an api-command internally\n\t *\n\t * @param string $command\n\t * @param array|null $params\n\t * @param boolean $internal\n\t * optional whether called internally, default false\n\t *\n\t *\n\t * @return array\n\t */\n\tprotected function apiCall($command = null, $params = null, $internal = false)\n\t{\n\t\t$_command = explode(\".\", $command);\n\t\t$module = __NAMESPACE__ . \"\\Commands\\\\\" . $_command[0];\n\t\t$function = $_command[1];\n\t\t$json_result = $module::getLocal($this->getUserData(), $params, $internal)->{$function}();\n\t\treturn json_decode($json_result, true)['data'];\n\t}\n\n\t/**\n\t * returns an instance of the wanted ApiCommand (e.g.\n\t * Customers, Domains, etc);\n\t * this is used widely in the WebInterface\n\t *\n\t * @param array $userinfo\n\t * array of user-data\n\t * @param array $params\n\t * array of parameters for the command\n\t * @param boolean $internal\n\t * optional whether called internally, default false\n\t *\n\t * @return static\n\t * @throws Exception\n\t */\n\tpublic static function getLocal($userinfo = null, $params = null, $internal = false)\n\t{\n\t\treturn new static(null, $params, $userinfo, $internal);\n\t}\n\n\t/**\n\t * return user-data array\n\t *\n\t * @return array\n\t */\n\tprotected function getUserData()\n\t{\n\t\treturn $this->user_data;\n\t}\n\n\t/**\n\t * internal call flag\n\t *\n\t * @return boolean\n\t */\n\tprotected function isInternal()\n\t{\n\t\treturn $this->internal_call;\n\t}\n\n\t/**\n\t * returns an array of customer data for customer, or by customer-id/loginname for admin/reseller\n\t *\n\t * @param int $customerid\n\t * optional, required if loginname is empty\n\t * @param string $loginname\n\t * optional, required of customerid is empty\n\t * @param string $customer_resource_check\n\t * optional, when called as admin, check the resources of the target customer\n\t *\n\t * @return array\n\t * @throws Exception\n\t */\n\tprotected function getCustomerData($customer_resource_check = '')\n\t{\n\t\tif ($this->isAdmin()) {\n\t\t\t$customerid = $this->getParam('customerid', true, 0);\n\t\t\t$loginname = $this->getParam('loginname', true, '');\n\t\t\t$customer = $this->apiCall('Customers.get', [\n\t\t\t\t'id' => $customerid,\n\t\t\t\t'loginname' => $loginname\n\t\t\t]);\n\t\t\t// check whether the customer has enough resources\n\t\t\tif (!empty($customer_resource_check) && $customer[$customer_resource_check . '_used'] >= $customer[$customer_resource_check] && $customer[$customer_resource_check] != '-1') {\n\t\t\t\tthrow new Exception(\"Customer has no more resources available\", 406);\n\t\t\t}\n\t\t} else {\n\t\t\t$customer = $this->getUserData();\n\t\t}\n\t\treturn $customer;\n\t}\n\n\t/**\n\t * return email template content from database or global language file if not found in DB\n\t *\n\t * @param array $customerdata\n\t * @param string $group\n\t * @param string $varname\n\t * @param array $replace_arr\n\t * @param string $default\n\t *\n\t * @return string\n\t */\n\tprotected function getMailTemplate($customerdata = null, $group = null, $varname = null, $replace_arr = [], $default = \"\")\n\t{\n\t\t// get template\n\t\t$stmt = Database::prepare(\"\n\t\t\tSELECT `value` FROM `\" . TABLE_PANEL_TEMPLATES . \"` WHERE `adminid`= :adminid\n\t\t\tAND `language`= :lang AND `templategroup`= :group AND `varname`= :var\n\t\t\");\n\t\t$result = Database::pexecute_first($stmt, [\n\t\t\t\"adminid\" => $customerdata['adminid'],\n\t\t\t\"lang\" => $customerdata['def_language'],\n\t\t\t\"group\" => $group,\n\t\t\t\"var\" => $varname\n\t\t], true, true);\n\t\t$content = $default;\n\t\tif ($result) {\n\t\t\t$content = $result['value'] ?? $default;\n\t\t}\n\t\t// @fixme html_entity_decode\n\t\t$content = html_entity_decode(PhpHelper::replaceVariables($content, $replace_arr));\n\t\treturn $content;\n\t}\n}\n" }, { "path": "lib/Froxlor/Api/ApiParameter.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Api;\n\nuse Exception;\n\nabstract class ApiParameter\n{\n\n\t/**\n\t * array of parameters passed to the command\n\t *\n\t * @var array\n\t */\n\tprivate $cmd_params = null;\n\n\t/**\n\t *\n\t * @param array|null $params\n\t * optional, array of parameters (var=>value) for the command\n\t *\n\t * @throws Exception\n\t */\n\tpublic function __construct(?array $params = null)\n\t{\n\t\tif (!is_null($params)) {\n\t\t\t$params = $this->trimArray($params);\n\t\t}\n\t\t$this->cmd_params = $params;\n\t}\n\n\t/**\n\t * run 'trim' function on an array recursively\n\t *\n\t * @param array $input\n\t *\n\t * @return string|array\n\t */\n\tprivate function trimArray($input)\n\t{\n\t\tif ($input === '') {\n\t\t\treturn \"\";\n\t\t}\n\t\tif (is_numeric($input) || is_null($input)) {\n\t\t\treturn $input;\n\t\t}\n\t\tif (!is_array($input)) {\n\t\t\treturn trim($input);\n\t\t}\n\t\treturn array_map([\n\t\t\t$this,\n\t\t\t'trimArray'\n\t\t], $input);\n\t}\n\n\t/**\n\t * get specific parameter which also has and unlimited-field\n\t *\n\t * @param string|null $param\n\t * parameter to get out of the request-parameter list\n\t * @param string|null $ul_field\n\t * parameter to get out of the request-parameter list\n\t * @param bool $optional\n\t * default: false\n\t * @param mixed $default\n\t * value which is returned if optional=true and param is not set\n\t *\n\t * @return mixed\n\t * @throws Exception\n\t */\n\tprotected function getUlParam(?string $param = null, ?string $ul_field = null, bool $optional = false, $default = 0)\n\t{\n\t\t$param_value = (int)$this->getParam($param, $optional, $default);\n\t\t$ul_field_value = $this->getBoolParam($ul_field, true, 0);\n\t\tif ($ul_field_value != '0') {\n\t\t\t$param_value = -1;\n\t\t}\n\t\treturn $param_value;\n\t}\n\n\t/**\n\t * get specific parameter from the parameter list;\n\t * check for existence and != empty if needed.\n\t * Maybe more in the future\n\t *\n\t * @param string|null $param\n\t * parameter to get out of the request-parameter list\n\t * @param bool $optional\n\t * default: false\n\t * @param mixed $default\n\t * value which is returned if optional=true and param is not set\n\t *\n\t * @return mixed\n\t * @throws Exception\n\t */\n\tprotected function getParam(?string $param = null, bool $optional = false, $default = '')\n\t{\n\t\t// does it exist?\n\t\tif (!isset($this->cmd_params[$param])) {\n\t\t\tif ($optional === false) {\n\t\t\t\t// get module + function for better error-messages\n\t\t\t\t$inmod = $this->getModFunctionString();\n\t\t\t\tthrow new Exception('Requested parameter \"' . $param . '\" could not be found for \"' . $inmod . '\"', 404);\n\t\t\t}\n\t\t\treturn $default;\n\t\t}\n\t\t// is it empty? - test really on string, as value 0 is being seen as empty by php\n\t\tif (!is_array($this->cmd_params[$param]) && trim($this->cmd_params[$param]) === \"\") {\n\t\t\tif ($optional === false) {\n\t\t\t\t// get module + function for better error-messages\n\t\t\t\t$inmod = $this->getModFunctionString();\n\t\t\t\tthrow new Exception('Requested parameter \"' . $param . '\" is empty where it should not be for \"' . $inmod . '\"', 406);\n\t\t\t}\n\t\t\treturn '';\n\t\t}\n\t\t// everything else is fine\n\t\treturn $this->cmd_params[$param];\n\t}\n\n\t/**\n\t * returns \"module::function()\" for better error-messages (missing parameter etc.)\n\t * makes debugging a lot more comfortable\n\t *\n\t * @param int $level\n\t * depth of backtrace, default 2\n\t *\n\t * @param int $max_level\n\t * @param array|null $trace\n\t *\n\t * @return string\n\t */\n\tprivate function getModFunctionString(int $level = 1, int $max_level = 5, $trace = null)\n\t{\n\t\t// which class called us\n\t\t$_class = get_called_class();\n\t\tif (empty($trace)) {\n\t\t\t// get backtrace\n\t\t\t$trace = debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS);\n\t\t}\n\t\t// check class and function\n\t\t$class = $trace[$level]['class'];\n\t\t$func = $trace[$level]['function'];\n\t\t// is it the one we are looking for?\n\t\tif ($class != $_class && $level <= $max_level) {\n\t\t\t// check one level deeper\n\t\t\treturn $this->getModFunctionString(++$level, $max_level, $trace);\n\t\t}\n\t\treturn str_replace(\"Froxlor\\\\Api\\\\Commands\\\\\", \"\", $class) . ':' . $func;\n\t}\n\n\t/**\n\t * getParam wrapper for boolean parameter\n\t *\n\t * @param string|null $param\n\t * parameter to get out of the request-parameter list\n\t * @param bool $optional\n\t * default: false\n\t * @param mixed $default\n\t * value which is returned if optional=true and param is not set\n\t *\n\t * @return string\n\t */\n\tprotected function getBoolParam(?string $param = null, bool $optional = false, $default = false)\n\t{\n\t\t$_default = '0';\n\t\tif ($default) {\n\t\t\t$_default = '1';\n\t\t}\n\t\t$param_value = $this->getParam($param, $optional, $_default);\n\t\tif ($param_value && intval($param_value) != 0) {\n\t\t\treturn '1';\n\t\t}\n\t\treturn '0';\n\t}\n\n\t/**\n\t * return list of all parameters\n\t *\n\t * @return array\n\t */\n\tprotected function getParamList()\n\t{\n\t\treturn $this->cmd_params;\n\t}\n}\n" }, { "path": "lib/Froxlor/Api/Commands/Admins.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Api\\Commands;\n\nuse Exception;\nuse Froxlor\\Api\\ApiCommand;\nuse Froxlor\\Api\\ResourceEntity;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\Idna\\IdnaWrapper;\nuse Froxlor\\Language;\nuse Froxlor\\Settings;\nuse Froxlor\\System\\Crypt;\nuse Froxlor\\UI\\Response;\nuse Froxlor\\User;\nuse Froxlor\\Validate\\Validate;\nuse PDO;\n\n/**\n * @since 0.10.0\n */\nclass Admins extends ApiCommand implements ResourceEntity\n{\n\n\t/**\n\t * increase resource-usage\n\t *\n\t * @param int $adminid\n\t * @param string $resource\n\t * @param string $extra\n\t * optional, default empty\n\t * @param int $increase_by\n\t * optional, default 1\n\t */\n\tpublic static function increaseUsage($adminid = 0, $resource = null, $extra = '', $increase_by = 1)\n\t{\n\t\tself::updateResourceUsage(TABLE_PANEL_ADMINS, 'adminid', $adminid, '+', $resource, $extra, $increase_by);\n\t}\n\n\t/**\n\t * decrease resource-usage\n\t *\n\t * @param int $adminid\n\t * @param string $resource\n\t * @param string $extra\n\t * optional, default empty\n\t * @param int $decrease_by\n\t * optional, default 1\n\t */\n\tpublic static function decreaseUsage($adminid = 0, $resource = null, $extra = '', $decrease_by = 1)\n\t{\n\t\tself::updateResourceUsage(TABLE_PANEL_ADMINS, 'adminid', $adminid, '-', $resource, $extra, $decrease_by);\n\t}\n\n\t/**\n\t * lists all admin entries\n\t *\n\t * @param array $sql_search\n\t * optional array with index = fieldname, and value = array with 'op' => operator (one of <, > or =),\n\t * LIKE is used if left empty and 'value' => searchvalue\n\t * @param int $sql_limit\n\t * optional specify number of results to be returned\n\t * @param int $sql_offset\n\t * optional specify offset for resultset\n\t * @param array $sql_orderby\n\t * optional array with index = fieldname and value = ASC|DESC to order the resultset by one or more\n\t * fields\n\t *\n\t * @access admin\n\t * @return string json-encoded array count|list\n\t * @throws Exception\n\t */\n\tpublic function listing()\n\t{\n\t\tif ($this->isAdmin() && $this->getUserDetail('change_serversettings') == 1) {\n\t\t\t$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, \"[API] list admins\");\n\t\t\t$query_fields = [];\n\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\tSELECT *\n\t\t\t\tFROM `\" . TABLE_PANEL_ADMINS . \"`\" . $this->getSearchWhere($query_fields) . $this->getOrderBy() . $this->getLimit());\n\t\t\tDatabase::pexecute($result_stmt, $query_fields, true, true);\n\t\t\t$result = [];\n\t\t\twhile ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t$result[] = $row;\n\t\t\t}\n\t\t\treturn $this->response([\n\t\t\t\t'count' => count($result),\n\t\t\t\t'list' => $result\n\t\t\t]);\n\t\t}\n\t\tthrow new Exception(\"Not allowed to execute given command.\", 403);\n\t}\n\n\t/**\n\t * returns the total number of admins for the given admin\n\t *\n\t * @access admin\n\t * @return string json-encoded response message\n\t * @throws Exception\n\t */\n\tpublic function listingCount()\n\t{\n\t\tif ($this->isAdmin() && $this->getUserDetail('change_serversettings') == 1) {\n\t\t\t$query_fields = [];\n\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\tSELECT COUNT(*) as num_admins\n\t\t\t\tFROM `\" . TABLE_PANEL_ADMINS . \"`\n\t\t\t\" . $this->getSearchWhere($query_fields));\n\t\t\t$result = Database::pexecute_first($result_stmt, $query_fields, true, true);\n\t\t\tif ($result) {\n\t\t\t\treturn $this->response($result['num_admins']);\n\t\t\t}\n\t\t\t$this->response(0);\n\t\t}\n\t\tthrow new Exception(\"Not allowed to execute given command.\", 403);\n\t}\n\n\t/**\n\t * create a new admin user\n\t *\n\t * @param string $name\n\t * required, name of the adminstrator\n\t * @param string $email\n\t * required, email address of the administrator\n\t * @param string $new_loginname\n\t * required, loginname/username of the administrator\n\t * @param string $admin_password\n\t * optional, default auto-generated\n\t * @param string $def_language\n\t * optional, ISO 639-1 language code (e.g. 'en', 'de', see lng-folder for supported languages),\n\t * default is system-default language\n\t * @param bool $gui_access\n\t * optional, allow login via webui, if false ONLY the login via webui is disallowed; default true\n\t * @param bool $api_allowed\n\t * optional, default is true if system setting api.enabled is true, else false\n\t * @param string $custom_notes\n\t * optional, default empty\n\t * @param bool $custom_notes_show\n\t * optional, default false\n\t * @param int $diskspace\n\t * optional, default 0\n\t * @param bool $diskspace_ul\n\t * optional, default false\n\t * @param int $traffic\n\t * optional, default 0\n\t * @param bool $traffic_ul\n\t * optional, default false\n\t * @param int $customers\n\t * optional, default 0\n\t * @param bool $customers_ul\n\t * optional, default false\n\t * @param int $domains\n\t * optional, default 0\n\t * @param bool $domains_ul\n\t * optional, default false\n\t * @param int $subdomains\n\t * optional, default 0\n\t * @param bool $subdomains_ul\n\t * optional, default false\n\t * @param int $emails\n\t * optional, default 0\n\t * @param bool $emails_ul\n\t * optional, default false\n\t * @param int $email_accounts\n\t * optional, default 0\n\t * @param bool $email_accounts_ul\n\t * optional, default false\n\t * @param int $email_forwarders\n\t * optional, default 0\n\t * @param bool $email_forwarders_ul\n\t * optional, default false\n\t * @param int $email_quota\n\t * optional, default 0\n\t * @param bool $email_quota_ul\n\t * optional, default false\n\t * @param int $ftps\n\t * optional, default 0\n\t * @param bool $ftps_ul\n\t * optional, default false\n\t * @param int $mysqls\n\t * optional, default 0\n\t * @param bool $mysqls_ul\n\t * optional, default false\n\t * @param bool $customers_see_all\n\t * optional, default false\n\t * @param bool $caneditphpsettings\n\t * optional, default false\n\t * @param bool $change_serversettings\n\t * optional, default false\n\t * @param array $ipaddress\n\t * optional, list of ip-address id's; default -1 (all IP's)\n\t *\n\t * @access admin\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function add()\n\t{\n\t\tif ($this->isAdmin() && $this->getUserDetail('change_serversettings') == 1) {\n\t\t\t// required parameters\n\t\t\t$name = $this->getParam('name');\n\t\t\t$email = $this->getParam('email');\n\t\t\t$loginname = $this->getParam('new_loginname');\n\n\t\t\t// parameters\n\t\t\t$def_language = $this->getParam('def_language', true, Settings::Get('panel.standardlanguage'));\n\t\t\t$gui_access = $this->getBoolParam('gui_access', true, true);\n\t\t\t$api_allowed = $this->getBoolParam('api_allowed', true, Settings::Get('api.enabled'));\n\t\t\t$custom_notes = $this->getParam('custom_notes', true, '');\n\t\t\t$custom_notes_show = $this->getBoolParam('custom_notes_show', true, 0);\n\t\t\t$password = $this->getParam('admin_password', true, '');\n\n\t\t\t$diskspace = $this->getUlParam('diskspace', 'diskspace_ul', true, 0);\n\t\t\t$traffic = $this->getUlParam('traffic', 'traffic_ul', true, 0);\n\t\t\t$customers = $this->getUlParam('customers', 'customers_ul', true, 0);\n\t\t\t$domains = $this->getUlParam('domains', 'domains_ul', true, 0);\n\t\t\t$subdomains = $this->getUlParam('subdomains', 'subdomains_ul', true, 0);\n\t\t\t$emails = $this->getUlParam('emails', 'emails_ul', true, 0);\n\t\t\t$email_accounts = $this->getUlParam('email_accounts', 'email_accounts_ul', true, 0);\n\t\t\t$email_forwarders = $this->getUlParam('email_forwarders', 'email_forwarders_ul', true, 0);\n\t\t\t$email_quota = $this->getUlParam('email_quota', 'email_quota_ul', true, 0);\n\t\t\t$ftps = $this->getUlParam('ftps', 'ftps_ul', true, 0);\n\t\t\t$mysqls = $this->getUlParam('mysqls', 'mysqls_ul', true, 0);\n\n\t\t\t$customers_see_all = $this->getBoolParam('customers_see_all', true, 0);\n\t\t\t$caneditphpsettings = $this->getBoolParam('caneditphpsettings', true, 0);\n\t\t\t$change_serversettings = $this->getBoolParam('change_serversettings', true, 0);\n\t\t\t$ipaddress = $this->getParam('ipaddress', true, -1);\n\n\t\t\t// validation\n\t\t\t$name = Validate::validate($name, 'name', Validate::REGEX_DESC_TEXT, '', [], true);\n\t\t\t$idna_convert = new IdnaWrapper();\n\t\t\t$email = $idna_convert->encode(Validate::validate($email, 'email', '', '', [], true));\n\t\t\t$def_language = Validate::validate($def_language, 'default language', '', '', [], true);\n\t\t\tif (!empty($def_language) && !isset(Language::getLanguages()[$def_language])) {\n\t\t\t\t$def_language = Settings::Get('panel.standardlanguage');\n\t\t\t}\n\t\t\t$custom_notes = Validate::validate(str_replace(\"\\r\\n\", \"\\n\", $custom_notes), 'custom_notes', Validate::REGEX_CONF_TEXT, '', [], true);\n\n\t\t\tif (Settings::Get('system.mail_quota_enabled') != '1') {\n\t\t\t\t$email_quota = -1;\n\t\t\t}\n\n\t\t\t$password = Validate::validate($password, 'password', '', '', [], true);\n\t\t\t// only check if not empty,\n\t\t\t// cause empty == generate password automatically\n\t\t\tif ($password != '') {\n\t\t\t\t$password = Crypt::validatePassword($password, true);\n\t\t\t}\n\n\t\t\t$diskspace *= 1024;\n\t\t\t$traffic *= 1024 * 1024;\n\n\t\t\t// Check if the account already exists\n\t\t\t// do not check via api as we skip any permission checks for this task\n\t\t\t$loginname_check_stmt = Database::prepare(\"\n\t\t\t\tSELECT `loginname` FROM `\" . TABLE_PANEL_CUSTOMERS . \"` WHERE `loginname` = :login\n\t\t\t\");\n\t\t\t$loginname_check = Database::pexecute_first($loginname_check_stmt, [\n\t\t\t\t'login' => $loginname\n\t\t\t], true, true);\n\n\t\t\t// Check if an admin with the loginname already exists\n\t\t\t// do not check via api as we skip any permission checks for this task\n\t\t\t$loginname_check_admin_stmt = Database::prepare(\"\n\t\t\t\tSELECT `loginname` FROM `\" . TABLE_PANEL_ADMINS . \"` WHERE `loginname` = :login\n\t\t\t\");\n\t\t\t$loginname_check_admin = Database::pexecute_first($loginname_check_admin_stmt, [\n\t\t\t\t'login' => $loginname\n\t\t\t], true, true);\n\n\t\t\t// Check for existing email address\n\t\t\t// do not check via api as we skip any permission checks for this task\n\t\t\t$email_check_admin_stmt = Database::prepare(\"\n\t\t\t\tSELECT `email` FROM `\" . TABLE_PANEL_ADMINS . \"` WHERE `email` = :email\n\t\t\t\");\n\t\t\t$email_check_admin = Database::pexecute_first($email_check_admin_stmt, [\n\t\t\t\t'email' => $email\n\t\t\t], true, true);\n\n\t\t\tif (($loginname_check && strtolower($loginname_check['loginname']) == strtolower($loginname)) || ($loginname_check_admin && strtolower($loginname_check_admin['loginname']) == strtolower($loginname))) {\n\t\t\t\tResponse::standardError('loginnameexists', $loginname, true);\n\t\t\t} elseif (preg_match('/^' . preg_quote(Settings::Get('customer.accountprefix'), '/') . '([0-9]+)/', $loginname)) {\n\t\t\t\t// Accounts which match systemaccounts are not allowed, filtering them\n\t\t\t\tResponse::standardError('loginnameisusingprefix', Settings::Get('customer.accountprefix'), true);\n\t\t\t} elseif (function_exists('posix_getpwnam') && !in_array(\"posix_getpwnam\", explode(\",\", ini_get('disable_functions'))) && posix_getpwnam($loginname)) {\n\t\t\t\tResponse::standardError('loginnameissystemaccount', $loginname, true);\n\t\t\t} elseif (!Validate::validateUsername($loginname)) {\n\t\t\t\tResponse::standardError('loginnameiswrong', $loginname, true);\n\t\t\t} elseif (!Validate::validateEmail($email)) {\n\t\t\t\tResponse::standardError('emailiswrong', $email, true);\n\t\t\t} elseif ($email_check_admin && strtolower($email_check_admin['email']) == strtolower($email)) {\n\t\t\t\tResponse::standardError('emailexists', $email, true);\n\t\t\t} else {\n\t\t\t\tif ($customers_see_all != '1') {\n\t\t\t\t\t$customers_see_all = '0';\n\t\t\t\t}\n\n\t\t\t\tif ($caneditphpsettings != '1') {\n\t\t\t\t\t$caneditphpsettings = '0';\n\t\t\t\t}\n\n\t\t\t\tif ($change_serversettings != '1') {\n\t\t\t\t\t$change_serversettings = '0';\n\t\t\t\t}\n\n\t\t\t\tif ($password == '') {\n\t\t\t\t\t$password = Crypt::generatePassword();\n\t\t\t\t}\n\n\t\t\t\t$_theme = Settings::Get('panel.default_theme');\n\n\t\t\t\t$ins_data = [\n\t\t\t\t\t'loginname' => $loginname,\n\t\t\t\t\t'password' => Crypt::makeCryptPassword($password),\n\t\t\t\t\t'name' => $name,\n\t\t\t\t\t'email' => $email,\n\t\t\t\t\t'lang' => $def_language,\n\t\t\t\t\t'gui_access' => $gui_access,\n\t\t\t\t\t'api_allowed' => $api_allowed,\n\t\t\t\t\t'change_serversettings' => $change_serversettings,\n\t\t\t\t\t'customers' => $customers,\n\t\t\t\t\t'customers_see_all' => $customers_see_all,\n\t\t\t\t\t'domains' => $domains,\n\t\t\t\t\t'caneditphpsettings' => $caneditphpsettings,\n\t\t\t\t\t'diskspace' => $diskspace,\n\t\t\t\t\t'traffic' => $traffic,\n\t\t\t\t\t'subdomains' => $subdomains,\n\t\t\t\t\t'emails' => $emails,\n\t\t\t\t\t'accounts' => $email_accounts,\n\t\t\t\t\t'forwarders' => $email_forwarders,\n\t\t\t\t\t'quota' => $email_quota,\n\t\t\t\t\t'ftps' => $ftps,\n\t\t\t\t\t'mysqls' => $mysqls,\n\t\t\t\t\t'ip' => empty($ipaddress) ? \"\" : (is_array($ipaddress) && $ipaddress > 0 ? json_encode($ipaddress) : -1),\n\t\t\t\t\t'theme' => $_theme,\n\t\t\t\t\t'custom_notes' => $custom_notes,\n\t\t\t\t\t'custom_notes_show' => $custom_notes_show\n\t\t\t\t];\n\n\t\t\t\t$ins_stmt = Database::prepare(\"\n\t\t\t\t\tINSERT INTO `\" . TABLE_PANEL_ADMINS . \"` SET\n\t\t\t\t\t`loginname` = :loginname,\n\t\t\t\t\t`password` = :password,\n\t\t\t\t\t`name` = :name,\n\t\t\t\t\t`email` = :email,\n\t\t\t\t\t`def_language` = :lang,\n\t\t\t\t\t`gui_access` = :gui_access,\n\t\t\t\t\t`api_allowed` = :api_allowed,\n\t\t\t\t\t`change_serversettings` = :change_serversettings,\n\t\t\t\t\t`customers` = :customers,\n\t\t\t\t\t`customers_see_all` = :customers_see_all,\n\t\t\t\t\t`domains` = :domains,\n\t\t\t\t\t`caneditphpsettings` = :caneditphpsettings,\n\t\t\t\t\t`diskspace` = :diskspace,\n\t\t\t\t\t`traffic` = :traffic,\n\t\t\t\t\t`subdomains` = :subdomains,\n\t\t\t\t\t`emails` = :emails,\n\t\t\t\t\t`email_accounts` = :accounts,\n\t\t\t\t\t`email_forwarders` = :forwarders,\n\t\t\t\t\t`email_quota` = :quota,\n\t\t\t\t\t`ftps` = :ftps,\n\t\t\t\t\t`mysqls` = :mysqls,\n\t\t\t\t\t`ip` = :ip,\n\t\t\t\t\t`theme` = :theme,\n\t\t\t\t\t`custom_notes` = :custom_notes,\n\t\t\t\t\t`custom_notes_show` = :custom_notes_show\n\t\t\t\t\");\n\t\t\t\tDatabase::pexecute($ins_stmt, $ins_data, true, true);\n\n\t\t\t\t$adminid = Database::lastInsertId();\n\t\t\t\t$ins_data['adminid'] = $adminid;\n\t\t\t\t$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_WARNING, \"[API] added admin '\" . $loginname . \"'\");\n\n\t\t\t\t// get all admin-data for return-array\n\t\t\t\t$result = $this->apiCall('Admins.get', [\n\t\t\t\t\t'id' => $adminid\n\t\t\t\t]);\n\t\t\t\treturn $this->response($result);\n\t\t\t}\n\t\t}\n\t\tthrow new Exception(\"Not allowed to execute given command.\", 403);\n\t}\n\n\t/**\n\t * return an admin entry by either id or loginname\n\t *\n\t * @param int $id\n\t * optional, the admin-id\n\t * @param string $loginname\n\t * optional, the loginname\n\t *\n\t * @access admin\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function get()\n\t{\n\t\t$id = $this->getParam('id', true, 0);\n\t\t$ln_optional = $id > 0;\n\t\t$loginname = $this->getParam('loginname', $ln_optional, '');\n\n\t\tif ($this->isAdmin() && ($this->getUserDetail('change_serversettings') == 1 || ($this->getUserDetail('adminid') == $id || $this->getUserDetail('loginname') == $loginname))) {\n\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\tSELECT * FROM `\" . TABLE_PANEL_ADMINS . \"`\n\t\t\t\tWHERE \" . ($id > 0 ? \"`adminid` = :idln\" : \"`loginname` = :idln\"));\n\t\t\t$params = [\n\t\t\t\t'idln' => ($id <= 0 ? $loginname : $id)\n\t\t\t];\n\t\t\t$result = Database::pexecute_first($result_stmt, $params, true, true);\n\t\t\tif ($result) {\n\t\t\t\t$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, \"[API] get admin '\" . $result['loginname'] . \"'\");\n\t\t\t\treturn $this->response($result);\n\t\t\t}\n\t\t\t$key = ($id > 0 ? \"id #\" . $id : \"loginname '\" . $loginname . \"'\");\n\t\t\tthrow new Exception(\"Admin with \" . $key . \" could not be found\", 404);\n\t\t}\n\t\tthrow new Exception(\"Not allowed to execute given command.\", 403);\n\t}\n\n\t/**\n\t * update an admin user by given id or loginname\n\t *\n\t * @param int $id\n\t * optional, the admin-id\n\t * @param string $loginname\n\t * optional, the loginname\n\t * @param string $name\n\t * optional\n\t * @param string $email\n\t * optional\n\t * @param string $admin_password\n\t * optional, default auto-generated\n\t * @param string $def_language\n\t * optional, ISO 639-1 language code (e.g. 'en', 'de', see lng-folder for supported languages),\n\t * default is system-default language\n\t * @param bool $gui_access\n\t * optional, allow login via webui, if false ONLY the login via webui is disallowed; default true\n\t * @param bool $api_allowed\n\t * optional, default is true if system setting api.enabled is true, else false\n\t * @param string $custom_notes\n\t * optional, default empty\n\t * @param string $theme\n\t * optional\n\t * @param bool $deactivated\n\t * optional, default false\n\t * @param bool $custom_notes_show\n\t * optional, default false\n\t * @param int $diskspace\n\t * optional, default 0\n\t * @param bool $diskspace_ul\n\t * optional, default false\n\t * @param int $traffic\n\t * optional, default 0\n\t * @param bool $traffic_ul\n\t * optional, default false\n\t * @param int $customers\n\t * optional, default 0\n\t * @param bool $customers_ul\n\t * optional, default false\n\t * @param int $domains\n\t * optional, default 0\n\t * @param bool $domains_ul\n\t * optional, default false\n\t * @param int $subdomains\n\t * optional, default 0\n\t * @param bool $subdomains_ul\n\t * optional, default false\n\t * @param int $emails\n\t * optional, default 0\n\t * @param bool $emails_ul\n\t * optional, default false\n\t * @param int $email_accounts\n\t * optional, default 0\n\t * @param bool $email_accounts_ul\n\t * optional, default false\n\t * @param int $email_forwarders\n\t * optional, default 0\n\t * @param bool $email_forwarders_ul\n\t * optional, default false\n\t * @param int $email_quota\n\t * optional, default 0\n\t * @param bool $email_quota_ul\n\t * optional, default false\n\t * @param int $ftps\n\t * optional, default 0\n\t * @param bool $ftps_ul\n\t * optional, default false\n\t * @param int $mysqls\n\t * optional, default 0\n\t * @param bool $mysqls_ul\n\t * optional, default false\n\t * @param bool $customers_see_all\n\t * optional, default false\n\t * @param bool $caneditphpsettings\n\t * optional, default false\n\t * @param bool $change_serversettings\n\t * optional, default false\n\t * @param array $ipaddress\n\t * optional, list of ip-address id's; default -1 (all IP's)\n\t *\n\t * @access admin\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function update()\n\t{\n\t\tif ($this->isAdmin()) {\n\t\t\t$id = $this->getParam('id', true, 0);\n\t\t\t$ln_optional = $id > 0;\n\t\t\t$loginname = $this->getParam('loginname', $ln_optional, '');\n\n\t\t\t$result = $this->apiCall('Admins.get', [\n\t\t\t\t'id' => $id,\n\t\t\t\t'loginname' => $loginname\n\t\t\t]);\n\t\t\t$id = $result['adminid'];\n\n\t\t\tif ($this->getUserDetail('change_serversettings') == 1 || $result['adminid'] == $this->getUserDetail('adminid')) {\n\t\t\t\t// parameters\n\t\t\t\t$name = $this->getParam('name', true, $result['name']);\n\t\t\t\t$idna_convert = new IdnaWrapper();\n\t\t\t\t$email = $this->getParam('email', true, $idna_convert->decode($result['email']));\n\t\t\t\t$password = $this->getParam('admin_password', true, '');\n\t\t\t\t$def_language = $this->getParam('def_language', true, $result['def_language']);\n\t\t\t\t$custom_notes = $this->getParam('custom_notes', true, ($result['custom_notes'] ?? \"\"));\n\t\t\t\t$custom_notes_show = $this->getBoolParam('custom_notes_show', true, $result['custom_notes_show']);\n\t\t\t\t$theme = $this->getParam('theme', true, $result['theme']);\n\n\t\t\t\t// you cannot edit some of the details of yourself\n\t\t\t\tif ($result['adminid'] == $this->getUserDetail('adminid')) {\n\t\t\t\t\t$gui_access = $result['gui_access'];\n\t\t\t\t\t$api_allowed = $result['api_allowed'];\n\t\t\t\t\t$deactivated = $result['deactivated'];\n\t\t\t\t\t$customers = $result['customers'];\n\t\t\t\t\t$domains = $result['domains'];\n\t\t\t\t\t$subdomains = $result['subdomains'];\n\t\t\t\t\t$emails = $result['emails'];\n\t\t\t\t\t$email_accounts = $result['email_accounts'];\n\t\t\t\t\t$email_forwarders = $result['email_forwarders'];\n\t\t\t\t\t$email_quota = $result['email_quota'];\n\t\t\t\t\t$ftps = $result['ftps'];\n\t\t\t\t\t$mysqls = $result['mysqls'];\n\t\t\t\t\t$customers_see_all = $result['customers_see_all'];\n\t\t\t\t\t$caneditphpsettings = $result['caneditphpsettings'];\n\t\t\t\t\t$change_serversettings = $result['change_serversettings'];\n\t\t\t\t\t$diskspace = $result['diskspace'];\n\t\t\t\t\t$traffic = $result['traffic'];\n\t\t\t\t\t$ipaddress = ($result['ip'] != -1 ? json_decode($result['ip'], true) : -1);\n\t\t\t\t} else {\n\t\t\t\t\t$gui_access = $this->getBoolParam('gui_access', true, $result['gui_access']);\n\t\t\t\t\t$api_allowed = $this->getBoolParam('api_allowed', true, $result['api_allowed']);\n\t\t\t\t\t$deactivated = $this->getBoolParam('deactivated', true, $result['deactivated']);\n\n\t\t\t\t\t$dec_places = Settings::Get('panel.decimal_places');\n\t\t\t\t\t$diskspace = $this->getUlParam('diskspace', 'diskspace_ul', true, round($result['diskspace'] / 1024, $dec_places));\n\t\t\t\t\t$traffic = $this->getUlParam('traffic', 'traffic_ul', true, round($result['traffic'] / (1024 * 1024), $dec_places));\n\t\t\t\t\t$customers = $this->getUlParam('customers', 'customers_ul', true, $result['customers']);\n\t\t\t\t\t$domains = $this->getUlParam('domains', 'domains_ul', true, $result['domains']);\n\t\t\t\t\t$subdomains = $this->getUlParam('subdomains', 'subdomains_ul', true, $result['subdomains']);\n\t\t\t\t\t$emails = $this->getUlParam('emails', 'emails_ul', true, $result['emails']);\n\t\t\t\t\t$email_accounts = $this->getUlParam('email_accounts', 'email_accounts_ul', true, $result['email_accounts']);\n\t\t\t\t\t$email_forwarders = $this->getUlParam('email_forwarders', 'email_forwarders_ul', true, $result['email_forwarders']);\n\t\t\t\t\t$email_quota = $this->getUlParam('email_quota', 'email_quota_ul', true, $result['email_quota']);\n\t\t\t\t\t$ftps = $this->getUlParam('ftps', 'ftps_ul', true, $result['ftps']);\n\t\t\t\t\t$mysqls = $this->getUlParam('mysqls', 'mysqls_ul', true, $result['mysqls']);\n\n\t\t\t\t\t$customers_see_all = $this->getBoolParam('customers_see_all', true, $result['customers_see_all']);\n\t\t\t\t\t$caneditphpsettings = $this->getBoolParam('caneditphpsettings', true, $result['caneditphpsettings']);\n\t\t\t\t\t$change_serversettings = $this->getBoolParam('change_serversettings', true, $result['change_serversettings']);\n\t\t\t\t\t$ipaddress = $this->getParam('ipaddress', true, ($result['ip'] != -1 ? json_decode($result['ip'], true) : -1));\n\n\t\t\t\t\t$diskspace *= 1024;\n\t\t\t\t\t$traffic *= 1024 * 1024;\n\t\t\t\t}\n\n\t\t\t\t// validation\n\t\t\t\t$name = Validate::validate($name, 'name', Validate::REGEX_DESC_TEXT, '', [], true);\n\t\t\t\t$idna_convert = new IdnaWrapper();\n\t\t\t\t$email = $idna_convert->encode(Validate::validate($email, 'email', '', '', [], true));\n\t\t\t\t$def_language = Validate::validate($def_language, 'default language', '', '', [], true);\n\t\t\t\tif (!empty($def_language) && !isset(Language::getLanguages()[$def_language])) {\n\t\t\t\t\t$def_language = Settings::Get('panel.standardlanguage');\n\t\t\t\t}\n\t\t\t\t$custom_notes = Validate::validate(str_replace(\"\\r\\n\", \"\\n\", $custom_notes ?? \"\"), 'custom_notes', Validate::REGEX_CONF_TEXT, '', [], true);\n\t\t\t\t$theme = Validate::validate($theme, 'theme', '', '', [], true);\n\t\t\t\t$password = Validate::validate($password, 'password', '', '', [], true);\n\n\t\t\t\tif (Settings::Get('system.mail_quota_enabled') != '1') {\n\t\t\t\t\t$email_quota = -1;\n\t\t\t\t}\n\n\t\t\t\tif (empty($theme)) {\n\t\t\t\t\t$theme = Settings::Get('panel.default_theme');\n\t\t\t\t}\n\n\t\t\t\tif (empty(trim($name))) {\n\t\t\t\t\tResponse::standardError([\n\t\t\t\t\t\t'stringisempty',\n\t\t\t\t\t\t'admin.name'\n\t\t\t\t\t], '', true);\n\t\t\t\t}\n\t\t\t\tif (empty(trim($email))) {\n\t\t\t\t\tResponse::standardError([\n\t\t\t\t\t\t'stringisempty',\n\t\t\t\t\t\t'admin.email'\n\t\t\t\t\t], '', true);\n\t\t\t\t}\n\t\t\t\t// Check for existing email address\n\t\t\t\t// do not check via api as we skip any permission checks for this task\n\t\t\t\t$email_check_admin_stmt = Database::prepare(\"\n\t\t\t\t\tSELECT `email` FROM `\" . TABLE_PANEL_ADMINS . \"` WHERE `email` = :email and `adminid` <> :adminid\n\t\t\t\t\");\n\t\t\t\t$email_check_admin = Database::pexecute_first($email_check_admin_stmt, [\n\t\t\t\t\t'email' => $email,\n\t\t\t\t\t'adminid' => $id,\n\t\t\t\t], true, true);\n\n\t\t\t\tif (!Validate::validateEmail($email)) {\n\t\t\t\t\tResponse::standardError('emailiswrong', $email, true);\n\t\t\t\t} elseif ($email_check_admin && strtolower($email_check_admin['email']) == strtolower($email)) {\n\t\t\t\t\tResponse::standardError('emailexists', $email, true);\n\t\t\t\t} else {\n\t\t\t\t\tif ($deactivated != '1') {\n\t\t\t\t\t\t$deactivated = '0';\n\t\t\t\t\t}\n\n\t\t\t\t\tif ($customers_see_all != '1') {\n\t\t\t\t\t\t$customers_see_all = '0';\n\t\t\t\t\t}\n\n\t\t\t\t\tif ($caneditphpsettings != '1') {\n\t\t\t\t\t\t$caneditphpsettings = '0';\n\t\t\t\t\t}\n\n\t\t\t\t\tif ($change_serversettings != '1') {\n\t\t\t\t\t\t$change_serversettings = '0';\n\t\t\t\t\t}\n\n\t\t\t\t\tif ($password != '') {\n\t\t\t\t\t\t$password = Crypt::validatePassword($password, true);\n\t\t\t\t\t\t$password = Crypt::makeCryptPassword($password);\n\t\t\t\t\t} else {\n\t\t\t\t\t\t$password = $result['password'];\n\t\t\t\t\t}\n\n\t\t\t\t\t// check if a resource was set to something lower\n\t\t\t\t\t// than actually used by the admin/reseller\n\t\t\t\t\t$res_warning = \"\";\n\t\t\t\t\tif ($customers != $result['customers'] && $customers != -1 && $customers < $result['customers_used']) {\n\t\t\t\t\t\t$res_warning .= lng('error.setlessthanalreadyused', ['customers']);\n\t\t\t\t\t}\n\t\t\t\t\tif ($domains != $result['domains'] && $domains != -1 && $domains < $result['domains_used']) {\n\t\t\t\t\t\t$res_warning .= lng('error.setlessthanalreadyused', ['domains']);\n\t\t\t\t\t}\n\t\t\t\t\tif ($diskspace != $result['diskspace'] && ($diskspace / 1024) != -1 && $diskspace < $result['diskspace_used']) {\n\t\t\t\t\t\t$res_warning .= lng('error.setlessthanalreadyused', ['diskspace']);\n\t\t\t\t\t}\n\t\t\t\t\tif ($traffic != $result['traffic'] && ($traffic / 1024 / 1024) != -1 && $traffic < $result['traffic_used']) {\n\t\t\t\t\t\t$res_warning .= lng('error.setlessthanalreadyused', ['traffic']);\n\t\t\t\t\t}\n\t\t\t\t\tif ($emails != $result['emails'] && $emails != -1 && $emails < $result['emails_used']) {\n\t\t\t\t\t\t$res_warning .= lng('error.setlessthanalreadyused', ['emails']);\n\t\t\t\t\t}\n\t\t\t\t\tif ($email_accounts != $result['email_accounts'] && $email_accounts != -1 && $email_accounts < $result['email_accounts_used']) {\n\t\t\t\t\t\t$res_warning .= lng('error.setlessthanalreadyused', ['email accounts']);\n\t\t\t\t\t}\n\t\t\t\t\tif ($email_forwarders != $result['email_forwarders'] && $email_forwarders != -1 && $email_forwarders < $result['email_forwarders_used']) {\n\t\t\t\t\t\t$res_warning .= lng('error.setlessthanalreadyused', ['email forwarders']);\n\t\t\t\t\t}\n\t\t\t\t\tif ($email_quota != $result['email_quota'] && $email_quota != -1 && $email_quota < $result['email_quota_used']) {\n\t\t\t\t\t\t$res_warning .= lng('error.setlessthanalreadyused', ['email quota']);\n\t\t\t\t\t}\n\t\t\t\t\tif ($ftps != $result['ftps'] && $ftps != -1 && $ftps < $result['ftps_used']) {\n\t\t\t\t\t\t$res_warning .= lng('error.setlessthanalreadyused', ['ftps']);\n\t\t\t\t\t}\n\t\t\t\t\tif ($mysqls != $result['mysqls'] && $mysqls != -1 && $mysqls < $result['mysqls_used']) {\n\t\t\t\t\t\t$res_warning .= lng('error.setlessthanalreadyused', ['mysqls']);\n\t\t\t\t\t}\n\n\t\t\t\t\tif (!empty($res_warning)) {\n\t\t\t\t\t\tthrow new Exception($res_warning, 406);\n\t\t\t\t\t}\n\n\t\t\t\t\t$upd_data = [\n\t\t\t\t\t\t'password' => $password,\n\t\t\t\t\t\t'name' => $name,\n\t\t\t\t\t\t'email' => $email,\n\t\t\t\t\t\t'lang' => $def_language,\n\t\t\t\t\t\t'gui_access' => $gui_access,\n\t\t\t\t\t\t'api_allowed' => $api_allowed,\n\t\t\t\t\t\t'change_serversettings' => $change_serversettings,\n\t\t\t\t\t\t'customers' => $customers,\n\t\t\t\t\t\t'customers_see_all' => $customers_see_all,\n\t\t\t\t\t\t'domains' => $domains,\n\t\t\t\t\t\t'caneditphpsettings' => $caneditphpsettings,\n\t\t\t\t\t\t'diskspace' => $diskspace,\n\t\t\t\t\t\t'traffic' => $traffic,\n\t\t\t\t\t\t'subdomains' => $subdomains,\n\t\t\t\t\t\t'emails' => $emails,\n\t\t\t\t\t\t'accounts' => $email_accounts,\n\t\t\t\t\t\t'forwarders' => $email_forwarders,\n\t\t\t\t\t\t'quota' => $email_quota,\n\t\t\t\t\t\t'ftps' => $ftps,\n\t\t\t\t\t\t'mysqls' => $mysqls,\n\t\t\t\t\t\t'ip' => empty($ipaddress) ? \"\" : (is_array($ipaddress) && $ipaddress > 0 ? json_encode($ipaddress) : -1),\n\t\t\t\t\t\t'deactivated' => $deactivated,\n\t\t\t\t\t\t'custom_notes' => $custom_notes,\n\t\t\t\t\t\t'custom_notes_show' => $custom_notes_show,\n\t\t\t\t\t\t'theme' => $theme,\n\t\t\t\t\t\t'adminid' => $id\n\t\t\t\t\t];\n\n\t\t\t\t\t$upd_stmt = Database::prepare(\"\n\t\t\t\t\t\tUPDATE `\" . TABLE_PANEL_ADMINS . \"` SET\n\t\t\t\t\t\t`password` = :password,\n\t\t\t\t\t\t`name` = :name,\n\t\t\t\t\t\t`email` = :email,\n\t\t\t\t\t\t`def_language` = :lang,\n\t\t\t\t\t\t`gui_access` = :gui_access,\n\t\t\t\t\t\t`api_allowed` = :api_allowed,\n\t\t\t\t\t\t`change_serversettings` = :change_serversettings,\n\t\t\t\t\t\t`customers` = :customers,\n\t\t\t\t\t\t`customers_see_all` = :customers_see_all,\n\t\t\t\t\t\t`domains` = :domains,\n\t\t\t\t\t\t`caneditphpsettings` = :caneditphpsettings,\n\t\t\t\t\t\t`diskspace` = :diskspace,\n\t\t\t\t\t\t`traffic` = :traffic,\n\t\t\t\t\t\t`subdomains` = :subdomains,\n\t\t\t\t\t\t`emails` = :emails,\n\t\t\t\t\t\t`email_accounts` = :accounts,\n\t\t\t\t\t\t`email_forwarders` = :forwarders,\n\t\t\t\t\t\t`email_quota` = :quota,\n\t\t\t\t\t\t`ftps` = :ftps,\n\t\t\t\t\t\t`mysqls` = :mysqls,\n\t\t\t\t\t\t`ip` = :ip,\n\t\t\t\t\t\t`deactivated` = :deactivated,\n\t\t\t\t\t\t`custom_notes` = :custom_notes,\n\t\t\t\t\t\t`custom_notes_show` = :custom_notes_show,\n\t\t\t\t\t\t`theme` = :theme\n\t\t\t\t\t\tWHERE `adminid` = :adminid\n\t\t\t\t\t\");\n\t\t\t\t\tDatabase::pexecute($upd_stmt, $upd_data, true, true);\n\t\t\t\t\t$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, \"[API] edited admin '\" . $result['loginname'] . \"'\");\n\n\t\t\t\t\t// get all admin-data for return-array\n\t\t\t\t\t$result = $this->apiCall('Admins.get', [\n\t\t\t\t\t\t'id' => $result['adminid']\n\t\t\t\t\t]);\n\t\t\t\t\treturn $this->response($result);\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t\tthrow new Exception(\"Not allowed to execute given command.\", 403);\n\t}\n\n\t/**\n\t * delete a admin entry by either id or loginname\n\t *\n\t * @param int $id\n\t * optional, the admin-id\n\t * @param string $loginname\n\t * optional, the loginname\n\t *\n\t * @access admin\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function delete()\n\t{\n\t\tif ($this->isAdmin() && $this->getUserDetail('change_serversettings') == 1) {\n\t\t\t$id = $this->getParam('id', true, 0);\n\t\t\t$ln_optional = $id > 0;\n\t\t\t$loginname = $this->getParam('loginname', $ln_optional, '');\n\n\t\t\t$result = $this->apiCall('Admins.get', [\n\t\t\t\t'id' => $id,\n\t\t\t\t'loginname' => $loginname\n\t\t\t]);\n\t\t\t$id = $result['adminid'];\n\n\t\t\t// don't be stupid\n\t\t\tif ($id == $this->getUserDetail('adminid')) {\n\t\t\t\tResponse::standardError('youcantdeleteyourself', '', true);\n\t\t\t}\n\t\t\t// can't delete the first superadmin\n\t\t\tif ($id == 1) {\n\t\t\t\tResponse::standardError('cannotdeletesuperadmin', '', true);\n\t\t\t}\n\n\t\t\t// delete admin\n\t\t\t$del_stmt = Database::prepare(\"\n\t\t\t\tDELETE FROM `\" . TABLE_PANEL_ADMINS . \"` WHERE `adminid` = :adminid\n\t\t\t\");\n\t\t\tDatabase::pexecute($del_stmt, [\n\t\t\t\t'adminid' => $id\n\t\t\t], true, true);\n\n\t\t\t// delete the traffic-usage\n\t\t\t$del_stmt = Database::prepare(\"\n\t\t\t\tDELETE FROM `\" . TABLE_PANEL_TRAFFIC_ADMINS . \"` WHERE `adminid` = :adminid\n\t\t\t\");\n\t\t\tDatabase::pexecute($del_stmt, [\n\t\t\t\t'adminid' => $id\n\t\t\t], true, true);\n\n\t\t\t// set admin-id of the old admin's customer to current admins\n\t\t\t$upd_stmt = Database::prepare(\"\n\t\t\t\tUPDATE `\" . TABLE_PANEL_CUSTOMERS . \"` SET\n\t\t\t\t`adminid` = :userid WHERE `adminid` = :adminid\n\t\t\t\");\n\t\t\tDatabase::pexecute($upd_stmt, [\n\t\t\t\t'userid' => $this->getUserDetail('adminid'),\n\t\t\t\t'adminid' => $id\n\t\t\t], true, true);\n\n\t\t\t// set admin-id of the old admin's domains to current admins\n\t\t\t$upd_stmt = Database::prepare(\"\n\t\t\t\tUPDATE `\" . TABLE_PANEL_DOMAINS . \"` SET\n\t\t\t\t`adminid` = :userid WHERE `adminid` = :adminid\n\t\t\t\");\n\t\t\tDatabase::pexecute($upd_stmt, [\n\t\t\t\t'userid' => $this->getUserDetail('adminid'),\n\t\t\t\t'adminid' => $id\n\t\t\t], true, true);\n\n\t\t\t// delete old admin's api keys if exists (no customer keys)\n\t\t\t$upd_stmt = Database::prepare(\"\n\t\t\t\tDELETE FROM `\" . TABLE_API_KEYS . \"` WHERE\n\t\t\t\t`adminid` = :adminid AND `customerid` = '0'\n\t\t\t\");\n\t\t\tDatabase::pexecute($upd_stmt, [\n\t\t\t\t'adminid' => $id\n\t\t\t], true, true);\n\n\t\t\t// set admin-id of the old admin's api-keys to current admins\n\t\t\t$upd_stmt = Database::prepare(\"\n\t\t\t\tUPDATE `\" . TABLE_API_KEYS . \"` SET\n\t\t\t\t`adminid` = :userid WHERE `adminid` = :adminid\n\t\t\t\");\n\t\t\tDatabase::pexecute($upd_stmt, [\n\t\t\t\t'userid' => $this->getUserDetail('adminid'),\n\t\t\t\t'adminid' => $id\n\t\t\t], true, true);\n\n\t\t\t$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_WARNING, \"[API] deleted admin '\" . $result['loginname'] . \"'\");\n\t\t\tUser::updateCounters();\n\t\t\treturn $this->response($result);\n\t\t}\n\t\tthrow new Exception(\"Not allowed to execute given command.\", 403);\n\t}\n\n\t/**\n\t * unlock a locked admin by either id or loginname\n\t *\n\t * @param int $id\n\t * optional, the admin-id\n\t * @param string $loginname\n\t * optional, the loginname\n\t *\n\t * @access admin\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function unlock()\n\t{\n\t\tif ($this->isAdmin() && $this->getUserDetail('change_serversettings') == 1) {\n\t\t\t$id = $this->getParam('id', true, 0);\n\t\t\t$ln_optional = $id > 0;\n\t\t\t$loginname = $this->getParam('loginname', $ln_optional, '');\n\n\t\t\t$result = $this->apiCall('Admins.get', [\n\t\t\t\t'id' => $id,\n\t\t\t\t'loginname' => $loginname\n\t\t\t]);\n\t\t\t$id = $result['adminid'];\n\n\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\tUPDATE `\" . TABLE_PANEL_ADMINS . \"` SET\n\t\t\t\t`loginfail_count` = '0'\n\t\t\t\tWHERE `adminid`= :id\n\t\t\t\");\n\t\t\tDatabase::pexecute($result_stmt, [\n\t\t\t\t'id' => $id\n\t\t\t], true, true);\n\t\t\t// set the new value for result-array\n\t\t\t$result['loginfail_count'] = 0;\n\n\t\t\t$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_WARNING, \"[API] unlocked admin '\" . $result['loginname'] . \"'\");\n\t\t\treturn $this->response($result);\n\t\t}\n\t\tthrow new Exception(\"Not allowed to execute given command.\", 403);\n\t}\n}\n" }, { "path": "lib/Froxlor/Api/Commands/Certificates.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Api\\Commands;\n\nuse Exception;\nuse Froxlor\\Api\\ApiCommand;\nuse Froxlor\\Api\\ResourceEntity;\nuse Froxlor\\Cron\\TaskId;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\Settings;\nuse Froxlor\\System\\Cronjob;\nuse Froxlor\\UI\\Response;\nuse PDO;\n\n/**\n * @since 0.10.0\n */\nclass Certificates extends ApiCommand implements ResourceEntity\n{\n\n\t/**\n\t * add new ssl-certificate entry for given domain by either id or domainname\n\t *\n\t * @param int $id\n\t * optional, the domain-id\n\t * @param string $domainname\n\t * optional, the domainname\n\t * @param string $ssl_cert_file\n\t * @param string $ssl_key_file\n\t * @param string $ssl_ca_file\n\t * optional\n\t * @param string $ssl_cert_chainfile\n\t * optional\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function add()\n\t{\n\t\t$domainid = $this->getParam('domainid', true, 0);\n\t\t$dn_optional = $domainid > 0;\n\t\t$domainname = $this->getParam('domainname', $dn_optional, '');\n\n\t\tif ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'domains')) {\n\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t}\n\n\t\t$domain = $this->apiCall('SubDomains.get', [\n\t\t\t'id' => $domainid,\n\t\t\t'domainname' => $domainname\n\t\t]);\n\t\t$domainid = $domain['id'];\n\n\t\t// parameters\n\t\t$ssl_cert_file = $this->getParam('ssl_cert_file');\n\t\t$ssl_key_file = $this->getParam('ssl_key_file');\n\t\t$ssl_ca_file = $this->getParam('ssl_ca_file', true, '');\n\t\t$ssl_cert_chainfile = $this->getParam('ssl_cert_chainfile', true, '');\n\n\t\t// validate whether the domain does not already have an entry\n\t\t$has_cert = true;\n\t\ttry {\n\t\t\t$this->apiCall('Certificates.get', [\n\t\t\t\t'id' => $domainid\n\t\t\t]);\n\t\t} catch (Exception $e) {\n\t\t\tif ($e->getCode() == 412) {\n\t\t\t\t$has_cert = false;\n\t\t\t} else {\n\t\t\t\tthrow $e;\n\t\t\t}\n\t\t}\n\t\tif (!$has_cert) {\n\t\t\t$this->addOrUpdateCertificate($domain['id'], $ssl_cert_file, $ssl_key_file, $ssl_ca_file, $ssl_cert_chainfile, true);\n\t\t\t$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, \"[API] added ssl-certificate for '\" . $domain['domain'] . \"'\");\n\t\t\t$result = $this->apiCall('Certificates.get', [\n\t\t\t\t'id' => $domain['id']\n\t\t\t]);\n\t\t\treturn $this->response($result);\n\t\t}\n\t\tthrow new Exception(\"Domain '\" . $domain['domain'] . \"' already has a certificate. Did you mean to call update?\", 406);\n\t}\n\n\t/**\n\t * insert or update certificates entry\n\t *\n\t * @param int $domainid\n\t * @param string $ssl_cert_file\n\t * @param string $ssl_key_file\n\t * @param string $ssl_ca_file\n\t * @param string $ssl_cert_chainfile\n\t * @param boolean $do_insert\n\t * optional default false\n\t *\n\t * @return boolean\n\t * @throws Exception\n\t */\n\tprivate function addOrUpdateCertificate($domainid = 0, $ssl_cert_file = '', $ssl_key_file = '', $ssl_ca_file = '', $ssl_cert_chainfile = '', $do_insert = false)\n\t{\n\t\tif ($ssl_cert_file != '' && $ssl_key_file == '') {\n\t\t\tResponse::standardError('sslcertificateismissingprivatekey', '', true);\n\t\t}\n\n\t\t$do_verify = true;\n\t\t$validtodate = null;\n\t\t$validtodate = null;\n\t\t$issuer = \"\";\n\t\t// no cert-file given -> forget everything\n\t\tif ($ssl_cert_file == '') {\n\t\t\t$ssl_key_file = '';\n\t\t\t$ssl_ca_file = '';\n\t\t\t$ssl_cert_chainfile = '';\n\t\t\t$do_verify = false;\n\t\t}\n\n\t\t// verify certificate content\n\t\tif ($do_verify) {\n\t\t\t// array openssl_x509_parse ( mixed $x509cert [, bool $shortnames = true ] )\n\t\t\t// openssl_x509_parse() returns information about the supplied x509cert, including fields such as\n\t\t\t// subject name, issuer name, purposes, valid from and valid to dates etc.\n\t\t\t$cert_content = openssl_x509_parse($ssl_cert_file);\n\n\t\t\tif (is_array($cert_content) && isset($cert_content['subject']) && isset($cert_content['subject']['CN'])) {\n\t\t\t\t// bool openssl_x509_check_private_key ( mixed $cert , mixed $key )\n\t\t\t\t// Checks whether the given key is the private key that corresponds to cert.\n\t\t\t\tif (openssl_x509_check_private_key($ssl_cert_file, $ssl_key_file) === false) {\n\t\t\t\t\tResponse::standardError('sslcertificateinvalidcertkeypair', '', true);\n\t\t\t\t}\n\n\t\t\t\t// check optional stuff\n\t\t\t\tif ($ssl_ca_file != '') {\n\t\t\t\t\t$ca_content = openssl_x509_parse($ssl_ca_file);\n\t\t\t\t\tif (!is_array($ca_content)) {\n\t\t\t\t\t\t// invalid\n\t\t\t\t\t\tResponse::standardError('sslcertificateinvalidca', '', true);\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\tif ($ssl_cert_chainfile != '') {\n\t\t\t\t\t$chain_content = openssl_x509_parse($ssl_cert_chainfile);\n\t\t\t\t\tif (!is_array($chain_content)) {\n\t\t\t\t\t\t// invalid\n\t\t\t\t\t\tResponse::standardError('sslcertificateinvalidchain', '', true);\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\tResponse::standardError('sslcertificateinvalidcert', '', true);\n\t\t\t}\n\t\t\t// get data from certificate to store in the table\n\t\t\t$validfromdate = empty($cert_content['validFrom_time_t']) ? null : date(\"Y-m-d H:i:s\", $cert_content['validFrom_time_t']);\n\t\t\t$validtodate = empty($cert_content['validTo_time_t']) ? null : date(\"Y-m-d H:i:s\", $cert_content['validTo_time_t']);\n\t\t\t$issuer = $cert_content['issuer']['O'] ?? \"\";\n\t\t}\n\n\t\t// Add/Update database entry\n\t\t$qrystart = \"UPDATE \";\n\t\t$qrywhere = \"WHERE \";\n\t\tif ($do_insert) {\n\t\t\t$qrystart = \"INSERT INTO \";\n\t\t\t$qrywhere = \", \";\n\t\t}\n\t\t$stmt = Database::prepare($qrystart . \" `\" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . \"` SET\n\t\t\t`ssl_cert_file` = :ssl_cert_file,\n\t\t\t`ssl_key_file` = :ssl_key_file,\n\t\t\t`ssl_ca_file` = :ssl_ca_file,\n\t\t\t`ssl_cert_chainfile` = :ssl_cert_chainfile,\n\t\t\t`validfromdate` = :validfromdate,\n\t\t\t`validtodate` = :validtodate,\n\t\t\t`issuer` = :issuer\n\t\t\t\" . $qrywhere . \" `domainid`= :domainid\n\t\t\");\n\t\t$params = [\n\t\t\t\"ssl_cert_file\" => $ssl_cert_file,\n\t\t\t\"ssl_key_file\" => $ssl_key_file,\n\t\t\t\"ssl_ca_file\" => $ssl_ca_file,\n\t\t\t\"ssl_cert_chainfile\" => $ssl_cert_chainfile,\n\t\t\t\"validfromdate\" => $validfromdate,\n\t\t\t\"validtodate\" => $validtodate,\n\t\t\t\"issuer\" => $issuer,\n\t\t\t\"domainid\" => $domainid\n\t\t];\n\t\tDatabase::pexecute($stmt, $params, true, true);\n\t\t// insert task to re-generate webserver-configs (#1260)\n\t\tCronjob::inserttask(TaskId::REBUILD_VHOST);\n\t\treturn true;\n\t}\n\n\t/**\n\t * update ssl-certificate entry for given domain by either id or domainname\n\t *\n\t * @param int $id\n\t * optional, the domain-id\n\t * @param string $domainname\n\t * optional, the domainname\n\t * @param string $ssl_cert_file\n\t * @param string $ssl_key_file\n\t * @param string $ssl_ca_file\n\t * optional\n\t * @param string $ssl_cert_chainfile\n\t * optional\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function update()\n\t{\n\t\t$id = $this->getParam('id', true, 0);\n\t\t$dn_optional = $id > 0;\n\t\t$domainname = $this->getParam('domainname', $dn_optional, '');\n\n\t\tif ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'domains')) {\n\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t}\n\n\t\t$domain = $this->apiCall('SubDomains.get', [\n\t\t\t'id' => $id,\n\t\t\t'domainname' => $domainname\n\t\t]);\n\n\t\t// parameters\n\t\t$ssl_cert_file = $this->getParam('ssl_cert_file');\n\t\t$ssl_key_file = $this->getParam('ssl_key_file');\n\t\t$ssl_ca_file = $this->getParam('ssl_ca_file', true, '');\n\t\t$ssl_cert_chainfile = $this->getParam('ssl_cert_chainfile', true, '');\n\t\t$this->addOrUpdateCertificate($domain['id'], $ssl_cert_file, $ssl_key_file, $ssl_ca_file, $ssl_cert_chainfile, false);\n\t\t$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, \"[API] updated ssl-certificate for '\" . $domain['domain'] . \"'\");\n\t\t$result = $this->apiCall('Certificates.get', [\n\t\t\t'id' => $domain['id']\n\t\t]);\n\t\treturn $this->response($result);\n\t}\n\n\t/**\n\t * lists all certificate entries\n\t *\n\t * @param array $sql_search\n\t * optional array with index = fieldname, and value = array with 'op' => operator (one of <, > or =),\n\t * LIKE is used if left empty and 'value' => searchvalue\n\t * @param int $sql_limit\n\t * optional specify number of results to be returned\n\t * @param int $sql_offset\n\t * optional specify offset for resultset\n\t * @param array $sql_orderby\n\t * optional array with index = fieldname and value = ASC|DESC to order the resultset by one or more\n\t * fields\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded array count|list\n\t * @throws Exception\n\t */\n\tpublic function listing()\n\t{\n\t\t// select all my (accessible) certificates\n\t\t$certs_stmt_query = \"SELECT s.*, d.domain, d.letsencrypt, c.customerid, c.loginname\n\t\t\tFROM `\" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . \"` s\n\t\t\tLEFT JOIN `\" . TABLE_PANEL_DOMAINS . \"` d ON `d`.`id` = `s`.`domainid`\n\t\t\tLEFT JOIN `\" . TABLE_PANEL_CUSTOMERS . \"` c ON `c`.`customerid` = `d`.`customerid`\n\t\t\tWHERE \";\n\n\t\t$qry_params = [];\n\t\t$query_fields = [];\n\t\tif ($this->isAdmin() && $this->getUserDetail('customers_see_all') == '0') {\n\t\t\t// admin with only customer-specific permissions\n\t\t\t$certs_stmt_query .= \"d.adminid = :adminid \";\n\t\t\t$qry_params['adminid'] = $this->getUserDetail('adminid');\n\t\t} elseif ($this->isAdmin() == false) {\n\t\t\t// customer-area\n\t\t\t$certs_stmt_query .= \"d.customerid = :cid \";\n\t\t\t$qry_params['cid'] = $this->getUserDetail('customerid');\n\t\t} else {\n\t\t\t$certs_stmt_query .= \"1 \";\n\t\t}\n\t\t$certs_stmt = Database::prepare($certs_stmt_query . $this->getSearchWhere($query_fields, true) . $this->getOrderBy() . $this->getLimit());\n\t\t$qry_params = array_merge($qry_params, $query_fields);\n\t\tDatabase::pexecute($certs_stmt, $qry_params, true, true);\n\t\t$result = [];\n\t\twhile ($cert = $certs_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t// respect froxlor-hostname\n\t\t\tif ($cert['domainid'] == 0) {\n\t\t\t\t$cert['domain'] = Settings::Get('system.hostname');\n\t\t\t\t$cert['letsencrypt'] = Settings::Get('system.le_froxlor_enabled');\n\t\t\t\t$cert['loginname'] = 'froxlor.panel';\n\t\t\t}\n\n\t\t\t// Set data from certificate\n\t\t\t$cert['isvalid'] = false;\n\t\t\t$cert['san'] = null;\n\t\t\t$cert_data = openssl_x509_parse($cert['ssl_cert_file']);\n\t\t\tif ($cert_data) {\n\t\t\t\t$cert['isvalid'] = (bool)$cert_data['validTo_time_t'] > time();\n\t\t\t\t// Set subject alt names from certificate\n\t\t\t\tif (isset($cert_data['extensions']['subjectAltName']) && !empty($cert_data['extensions']['subjectAltName'])) {\n\t\t\t\t\t$SANs = explode(\",\", $cert_data['extensions']['subjectAltName']);\n\t\t\t\t\t$SANs = array_map('trim', $SANs);\n\t\t\t\t\tforeach ($SANs as $san) {\n\t\t\t\t\t\t$san = str_replace(\"DNS:\", \"\", $san);\n\t\t\t\t\t\tif ($san != $cert_data['subject']['CN'] && strpos($san, \"othername:\") === false) {\n\t\t\t\t\t\t\t$cert['san'][] = $san;\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t\t$result[] = $cert;\n\t\t}\n\t\treturn $this->response([\n\t\t\t'count' => count($result),\n\t\t\t'list' => $result\n\t\t]);\n\t}\n\n\t/**\n\t * return ssl-certificate entry for given domain by either id or domainname\n\t *\n\t * @param int $id\n\t * optional, the domain-id\n\t * @param string $domainname\n\t * optional, the domainname\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function get()\n\t{\n\t\t$id = $this->getParam('id', true, 0);\n\t\t$dn_optional = $id > 0;\n\t\t$domainname = $this->getParam('domainname', $dn_optional, '');\n\n\t\tif ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'domains')) {\n\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t}\n\n\t\t$domain = $this->apiCall('SubDomains.get', [\n\t\t\t'id' => $id,\n\t\t\t'domainname' => $domainname\n\t\t]);\n\t\t$domainid = $domain['id'];\n\n\t\t$stmt = Database::prepare(\"SELECT * FROM `\" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . \"` WHERE `domainid`= :domainid\");\n\t\t$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO, \"[API] get ssl-certificate for '\" . $domain['domain'] . \"'\");\n\t\t$result = Database::pexecute_first($stmt, [\n\t\t\t\"domainid\" => $domainid\n\t\t]);\n\t\tif (!$result) {\n\t\t\tthrow new Exception(\"Domain '\" . $domain['domain'] . \"' does not have a certificate.\", 412);\n\t\t}\n\t\treturn $this->response($result);\n\t}\n\n\t/**\n\t * returns the total number of certificates for the given user\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded response message\n\t * @throws Exception\n\t */\n\tpublic function listingCount()\n\t{\n\t\t// select all my (accessible) certificates\n\t\t$certs_stmt_query = \"SELECT COUNT(*) as num_certs\n\t\t\tFROM `\" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . \"` s\n\t\t\tLEFT JOIN `\" . TABLE_PANEL_DOMAINS . \"` d ON `d`.`id` = `s`.`domainid`\n\t\t\tLEFT JOIN `\" . TABLE_PANEL_CUSTOMERS . \"` c ON `c`.`customerid` = `d`.`customerid`\n\t\t\tWHERE \";\n\t\t$qry_params = [];\n\t\t$query_fields = [];\n\t\tif ($this->isAdmin() && $this->getUserDetail('customers_see_all') == '0') {\n\t\t\t// admin with only customer-specific permissions\n\t\t\t$certs_stmt_query .= \"d.adminid = :adminid \";\n\t\t\t$qry_params['adminid'] = $this->getUserDetail('adminid');\n\t\t} elseif ($this->isAdmin() == false) {\n\t\t\t// customer-area\n\t\t\t$certs_stmt_query .= \"d.customerid = :cid \";\n\t\t\t$qry_params['cid'] = $this->getUserDetail('customerid');\n\t\t} else {\n\t\t\t$certs_stmt_query .= \"1 \";\n\t\t}\n\t\t$certs_stmt = Database::prepare($certs_stmt_query . $this->getSearchWhere($query_fields, true));\n\t\t$qry_params = array_merge($qry_params, $query_fields);\n\t\t$result = Database::pexecute_first($certs_stmt, $qry_params, true, true);\n\t\tif ($result) {\n\t\t\treturn $this->response($result['num_certs']);\n\t\t}\n\t\treturn $this->response(0);\n\t}\n\n\t/**\n\t * delete certificates entry by id\n\t *\n\t * @param int $id\n\t *\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function delete()\n\t{\n\t\t$id = $this->getParam('id');\n\n\t\tif ($this->isAdmin() == false) {\n\t\t\t$chk_stmt = Database::prepare(\"\n\t\t\t\tSELECT d.domain, d.letsencrypt FROM `\" . TABLE_PANEL_DOMAINS . \"` d\n\t\t\t\tLEFT JOIN `\" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . \"` s ON s.domainid = d.id\n\t\t\t\tWHERE s.`id` = :id AND d.`customerid` = :cid\n\t\t\t\");\n\t\t\t$chk = Database::pexecute_first($chk_stmt, [\n\t\t\t\t'id' => $id,\n\t\t\t\t'cid' => $this->getUserDetail('customerid')\n\t\t\t]);\n\t\t} elseif ($this->isAdmin()) {\n\t\t\t$chk_stmt = Database::prepare(\"\n\t\t\t\tSELECT d.domain, d.letsencrypt FROM `\" . TABLE_PANEL_DOMAINS . \"` d\n\t\t\t\tLEFT JOIN `\" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . \"` s ON s.domainid = d.id\n\t\t\t\tWHERE s.`id` = :id\" . ($this->getUserDetail('customers_see_all') == '0' ? \" AND d.`adminid` = :aid\" : \"\"));\n\t\t\t$params = [\n\t\t\t\t'id' => $id\n\t\t\t];\n\t\t\tif ($this->getUserDetail('customers_see_all') == '0') {\n\t\t\t\t$params['aid'] = $this->getUserDetail('adminid');\n\t\t\t}\n\t\t\t$chk = Database::pexecute_first($chk_stmt, $params);\n\t\t\tif ($chk == false && $this->getUserDetail('change_serversettings')) {\n\t\t\t\t// check whether it might be the froxlor-vhost certificate\n\t\t\t\t$chk_stmt = Database::prepare(\"\n\t\t\t\tSELECT \\\"\" . Settings::Get('system.hostname') . \"\\\" as domain, \\\"\" . Settings::Get('system.le_froxlor_enabled') . \"\\\" as letsencrypt FROM `\" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . \"`\n\t\t\t\tWHERE `id` = :id AND `domainid` = '0'\");\n\t\t\t\t$params = [\n\t\t\t\t\t'id' => $id\n\t\t\t\t];\n\t\t\t\t$chk = Database::pexecute_first($chk_stmt, $params);\n\t\t\t\t$chk['isFroxlorVhost'] = true;\n\t\t\t}\n\t\t}\n\t\tif ($chk !== false) {\n\t\t\t// additional access check by trying to get the certificate\n\t\t\tif (isset($chk['isFroxlorVhost']) && $chk['isFroxlorVhost'] == true) {\n\t\t\t\t$result = $chk;\n\t\t\t} else {\n\t\t\t\t$result = $this->apiCall('Certificates.get', [\n\t\t\t\t\t'domainname' => $chk['domain']\n\t\t\t\t]);\n\t\t\t}\n\t\t\t$del_stmt = Database::prepare(\"DELETE FROM `\" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . \"` WHERE id = :id\");\n\t\t\tDatabase::pexecute($del_stmt, [\n\t\t\t\t'id' => $id\n\t\t\t]);\n\t\t\t// trigger removing of certificate from acme.sh if let's encrypt\n\t\t\tif ($chk['letsencrypt'] == '1') {\n\t\t\t\tCronjob::inserttask(TaskId::DELETE_DOMAIN_SSL, $chk['domain']);\n\t\t\t}\n\t\t\t$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, \"[API] removed ssl-certificate for '\" . $chk['domain'] . \"'\");\n\t\t\treturn $this->response($result);\n\t\t}\n\t\tthrow new Exception(\"Unable to determine SSL certificate. Maybe no access?\", 406);\n\t}\n}\n" }, { "path": "lib/Froxlor/Api/Commands/Cronjobs.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Api\\Commands;\n\nuse Exception;\nuse Froxlor\\Api\\ApiCommand;\nuse Froxlor\\Api\\ResourceEntity;\nuse Froxlor\\Cron\\TaskId;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\System\\Cronjob;\nuse Froxlor\\UI\\Response;\nuse Froxlor\\Validate\\Validate;\nuse PDO;\n\n/**\n * @since 0.10.0\n */\nclass Cronjobs extends ApiCommand implements ResourceEntity\n{\n\n\tprivate array $allowed_intervals = [\n\t\t'MINUTE',\n\t\t'HOUR',\n\t\t'DAY',\n\t\t'WEEK',\n\t\t'MONTH'\n\t];\n\n\t/**\n\t * You cannot add new cronjobs yet.\n\t */\n\tpublic function add()\n\t{\n\t\tthrow new Exception('You cannot add new cronjobs yet.', 303);\n\t}\n\n\t/**\n\t * return a cronjob entry by id\n\t *\n\t * @param int $id\n\t * cronjob-id\n\t *\n\t * @access admin\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function get()\n\t{\n\t\tif ($this->isAdmin()) {\n\t\t\t$id = $this->getParam('id');\n\n\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\tSELECT * FROM `\" . TABLE_PANEL_CRONRUNS . \"` WHERE `id` = :id\n\t\t\t\");\n\t\t\t$result = Database::pexecute_first($result_stmt, [\n\t\t\t\t'id' => $id\n\t\t\t], true, true);\n\t\t\tif ($result) {\n\t\t\t\treturn $this->response($result);\n\t\t\t}\n\t\t\tthrow new Exception(\"cronjob with id #\" . $id . \" could not be found\", 404);\n\t\t}\n\t\tthrow new Exception(\"Not allowed to execute given command.\", 403);\n\t}\n\n\t/**\n\t * update a cronjob entry by given id\n\t *\n\t * @param int $id\n\t * @param bool $isactive\n\t * optional whether the cronjob is active or not\n\t * @param int $interval_value\n\t * optional number of seconds/minutes/hours/etc. for the interval\n\t * @param string $interval_interval\n\t * optional interval for the cronjob (MINUTE, HOUR, DAY, WEEK or MONTH)\n\t *\n\t * @access admin\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function update()\n\t{\n\t\tif ($this->isAdmin() && $this->getUserDetail('change_serversettings') == 1) {\n\t\t\t// required parameter\n\t\t\t$id = $this->getParam('id');\n\n\t\t\t$result = $this->apiCall('Cronjobs.get', [\n\t\t\t\t'id' => $id\n\t\t\t]);\n\n\t\t\t// split interval\n\t\t\t$cur_int = explode(\" \", $result['interval']);\n\n\t\t\t// parameter\n\t\t\t$isactive = $this->getBoolParam('isactive', true, $result['isactive']);\n\t\t\t$interval_value = $this->getParam('interval_value', true, $cur_int[0]);\n\t\t\t$interval_interval = $this->getParam('interval_interval', true, $cur_int[1]);\n\n\t\t\t// validation\n\t\t\tif ($isactive != 1) {\n\t\t\t\t$isactive = 0;\n\t\t\t}\n\t\t\t$interval_value = Validate::validate($interval_value, 'interval_value', '/^([0-9]+)$/Di', 'stringisempty', [], true);\n\t\t\t$interval_interval = Validate::validate($interval_interval, 'interval_interval', '', '', [], true);\n\n\t\t\tif (!in_array(strtoupper($interval_interval), $this->allowed_intervals)) {\n\t\t\t\tResponse::standardError('invalidcronjobintervalvalue', implode(\", \", $this->allowed_intervals), true);\n\t\t\t}\n\n\t\t\t// put together interval value\n\t\t\t$interval = $interval_value . ' ' . strtoupper($interval_interval);\n\n\t\t\t$upd_stmt = Database::prepare(\"\n\t\t\t\tUPDATE `\" . TABLE_PANEL_CRONRUNS . \"`\n\t\t\t\tSET `isactive` = :isactive, `interval` = :int\n\t\t\t\tWHERE `id` = :id\n\t\t\t\");\n\t\t\tDatabase::pexecute($upd_stmt, [\n\t\t\t\t'isactive' => $isactive,\n\t\t\t\t'int' => $interval,\n\t\t\t\t'id' => $id\n\t\t\t], true, true);\n\n\t\t\t// insert task to re-generate the cron.d-file\n\t\t\tCronjob::inserttask(TaskId::REBUILD_CRON);\n\t\t\t$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, \"[API] cronjob with description '\" . $result['module'] . '/' . $result['cronfile'] . \"' has been updated by '\" . $this->getUserDetail('loginname') . \"'\");\n\t\t\t$result = $this->apiCall('Cronjobs.get', [\n\t\t\t\t'id' => $id\n\t\t\t]);\n\t\t\treturn $this->response($result);\n\t\t}\n\t\tthrow new Exception(\"Not allowed to execute given command.\", 403);\n\t}\n\n\t/**\n\t * lists all cronjob entries\n\t *\n\t * @param array $sql_search\n\t * optional array with index = fieldname, and value = array with 'op' => operator (one of <, > or =),\n\t * LIKE is used if left empty and 'value' => searchvalue\n\t * @param int $sql_limit\n\t * optional specify number of results to be returned\n\t * @param int $sql_offset\n\t * optional specify offset for resultset\n\t * @param array $sql_orderby\n\t * optional array with index = fieldname and value = ASC|DESC to order the resultset by one or more\n\t * fields\n\t *\n\t * @access admin\n\t * @return string json-encoded array count|list\n\t * @throws Exception\n\t */\n\tpublic function listing()\n\t{\n\t\tif ($this->isAdmin()) {\n\t\t\t$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, \"[API] list cronjobs\");\n\t\t\t$query_fields = [];\n\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\tSELECT `c`.* FROM `\" . TABLE_PANEL_CRONRUNS . \"` `c` \" . $this->getSearchWhere($query_fields) . $this->getOrderBy() . $this->getLimit());\n\t\t\tDatabase::pexecute($result_stmt, $query_fields, true, true);\n\t\t\t$result = [];\n\t\t\twhile ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t$result[] = $row;\n\t\t\t}\n\t\t\treturn $this->response([\n\t\t\t\t'count' => count($result),\n\t\t\t\t'list' => $result\n\t\t\t]);\n\t\t}\n\t\tthrow new Exception(\"Not allowed to execute given command.\", 403);\n\t}\n\n\t/**\n\t * returns the total number of cronjobs\n\t *\n\t * @access admin\n\t * @return string json-encoded response message\n\t * @throws Exception\n\t */\n\tpublic function listingCount()\n\t{\n\t\tif ($this->isAdmin()) {\n\t\t\t$query_fields = [];\n\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\tSELECT COUNT(*) as num_crons FROM `\" . TABLE_PANEL_CRONRUNS . \"` `c`\n\t\t\t\" . $this->getSearchWhere($query_fields));\n\t\t\t$result = Database::pexecute_first($result_stmt, $query_fields, true, true);\n\t\t\tif ($result) {\n\t\t\t\treturn $this->response($result['num_crons']);\n\t\t\t}\n\t\t\treturn $this->response(0);\n\t\t}\n\t\tthrow new Exception(\"Not allowed to execute given command.\", 403);\n\t}\n\n\t/**\n\t * You cannot delete system cronjobs.\n\t */\n\tpublic function delete()\n\t{\n\t\tthrow new Exception('You cannot delete system cronjobs.', 303);\n\t}\n}\n" }, { "path": "lib/Froxlor/Api/Commands/Customers.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Api\\Commands;\n\nuse Exception;\nuse Froxlor\\Api\\ApiCommand;\nuse Froxlor\\Api\\ResourceEntity;\nuse Froxlor\\Cron\\TaskId;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\Database\\DbManager;\nuse Froxlor\\FileDir;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\Idna\\IdnaWrapper;\nuse Froxlor\\Language;\nuse Froxlor\\Settings;\nuse Froxlor\\System\\Cronjob;\nuse Froxlor\\System\\Crypt;\nuse Froxlor\\UI\\Response;\nuse Froxlor\\User;\nuse Froxlor\\Validate\\Validate;\nuse PDO;\n\n/**\n * @since 0.10.0\n */\nclass Customers extends ApiCommand implements ResourceEntity\n{\n\n\t/**\n\t * lists all customer entries\n\t *\n\t * @param array $sql_search\n\t * optional array with index = fieldname, and value = array with 'op' => operator (one of <, > or =),\n\t * LIKE is used if left empty and 'value' => searchvalue\n\t * @param int $sql_limit\n\t * optional specify number of results to be returned\n\t * @param int $sql_offset\n\t * optional specify offset for resultset\n\t * @param array $sql_orderby\n\t * optional array with index = fieldname and value = ASC|DESC to order the resultset by one or more\n\t * fields\n\t * @param bool $show_usages\n\t * optional, default false\n\t *\n\t * @access admin\n\t * @return string json-encoded array count|list\n\t * @throws Exception\n\t */\n\tpublic function listing()\n\t{\n\t\tif ($this->isAdmin()) {\n\t\t\t$show_usages = $this->getBoolParam('show_usages', true, false);\n\t\t\t$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, \"[API] list customers\");\n\t\t\t$query_fields = [];\n\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\tSELECT `c`.*, `a`.`loginname` AS `adminname`\n\t\t\t\tFROM `\" . TABLE_PANEL_CUSTOMERS . \"` `c`, `\" . TABLE_PANEL_ADMINS . \"` `a`\n\t\t\t\tWHERE \" . ($this->getUserDetail('customers_see_all') ? '' : \" `c`.`adminid` = :adminid AND \") . \"\n\t\t\t\t`c`.`adminid` = `a`.`adminid`\" . $this->getSearchWhere($query_fields, true) . $this->getOrderBy() . $this->getLimit());\n\t\t\t$params = [];\n\t\t\tif ($this->getUserDetail('customers_see_all') == '0') {\n\t\t\t\t$params = [\n\t\t\t\t\t'adminid' => $this->getUserDetail('adminid')\n\t\t\t\t];\n\t\t\t}\n\t\t\t$params = array_merge($params, $query_fields);\n\t\t\tDatabase::pexecute($result_stmt, $params, true, true);\n\t\t\t$result = [];\n\n\t\t\t$domains_stmt = null;\n\t\t\t$usages_stmt = null;\n\t\t\tif ($show_usages) {\n\t\t\t\t$domains_stmt = Database::prepare(\"\n\t\t\t\t\tSELECT COUNT(`id`) AS `domains`\n\t\t\t\t\tFROM `\" . TABLE_PANEL_DOMAINS . \"`\n\t\t\t\t\tWHERE `customerid` = :cid\n\t\t\t\t\tAND `parentdomainid` = '0'\n\t\t\t\t\tAND `id`<> :stdd\n\t\t\t\t\");\n\t\t\t\t$usages_stmt = Database::prepare(\"\n\t\t\t\t\tSELECT webspace, mail, mysql FROM `\" . TABLE_PANEL_DISKSPACE . \"`\n\t\t\t\t\tWHERE `customerid` = :cid\n\t\t\t\t\tORDER BY `stamp` DESC LIMIT 1\n\t\t\t\t\");\n\t\t\t}\n\n\t\t\twhile ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\tif ($show_usages) {\n\t\t\t\t\t// get number of domains\n\t\t\t\t\t$domains = Database::pexecute_first($domains_stmt, [\n\t\t\t\t\t\t'cid' => $row['customerid'],\n\t\t\t\t\t\t'stdd' => $row['standardsubdomain']\n\t\t\t\t\t]);\n\t\t\t\t\t$row['domains'] = intval($domains['domains']);\n\t\t\t\t\t// get disk-space usages for web, mysql and mail\n\t\t\t\t\t$usages = Database::pexecute_first($usages_stmt, [\n\t\t\t\t\t\t'cid' => $row['customerid']\n\t\t\t\t\t]);\n\t\t\t\t\tif ($usages) {\n\t\t\t\t\t\t$row['webspace_used'] = $usages['webspace'];\n\t\t\t\t\t\t$row['mailspace_used'] = $usages['mail'];\n\t\t\t\t\t\t$row['dbspace_used'] = $usages['mysql'];\n\t\t\t\t\t} else {\n\t\t\t\t\t\t$row['webspace_used'] = 0;\n\t\t\t\t\t\t$row['mailspace_used'] = 0;\n\t\t\t\t\t\t$row['dbspace_used'] = 0;\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\t$result[] = $row;\n\t\t\t}\n\t\t\treturn $this->response([\n\t\t\t\t'count' => count($result),\n\t\t\t\t'list' => $result\n\t\t\t]);\n\t\t}\n\t\tthrow new Exception(\"Not allowed to execute given command.\", 403);\n\t}\n\n\t/**\n\t * returns the total number of customers for the given admin\n\t *\n\t * @access admin\n\t * @return string json-encoded response message\n\t * @throws Exception\n\t */\n\tpublic function listingCount()\n\t{\n\t\tif ($this->isAdmin()) {\n\t\t\t$query_fields = [];\n\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\tSELECT COUNT(*) as num_customers\n\t\t\t\tFROM `\" . TABLE_PANEL_CUSTOMERS . \"` `c`, `\" . TABLE_PANEL_ADMINS . \"` `a`\n\t\t\t\tWHERE `c`.`adminid` = `a`.`adminid` AND \" . ($this->getUserDetail('customers_see_all') ? \"1\" : \" `c`.`adminid` = :adminid \") . $this->getSearchWhere($query_fields, true));\n\t\t\t$params = [];\n\t\t\tif ($this->getUserDetail('customers_see_all') == '0') {\n\t\t\t\t$params = [\n\t\t\t\t\t'adminid' => $this->getUserDetail('adminid')\n\t\t\t\t];\n\t\t\t}\n\t\t\t$params = array_merge($params, $query_fields);\n\t\t\t$result = Database::pexecute_first($result_stmt, $params, true, true);\n\t\t\tif ($result) {\n\t\t\t\treturn $this->response($result['num_customers']);\n\t\t\t}\n\t\t\treturn $this->response(0);\n\t\t}\n\t\tthrow new Exception(\"Not allowed to execute given command.\", 403);\n\t}\n\n\t/**\n\t * create a new customer with default ftp-user and standard-subdomain (if wanted)\n\t *\n\t * @param string $email\n\t * required, email address of new customer\n\t * @param string $name\n\t * optional if company is set, else required\n\t * @param string $firstname\n\t * optional if company is set, else required\n\t * @param string $company\n\t * optional but required if name/firstname empty\n\t * @param string $street\n\t * optional\n\t * @param string $zipcode\n\t * optional\n\t * @param string $city\n\t * optional\n\t * @param string $phone\n\t * optional\n\t * @param string $fax\n\t * optional\n\t * @param int $customernumber\n\t * optional\n\t * @param string $def_language\n\t * optional, ISO 639-1 language code (e.g. 'en', 'de', see lng-folder for supported languages),\n\t * default is system-default language\n\t * @param bool $gui_access\n\t * optional, allow login via webui, if false ONLY the login via webui is disallowed; default true\n\t * @param bool $api_allowed\n\t * optional, default is true if system setting api.enabled is true, else false\n\t * @param bool $shell_allowed\n\t * optional, default is true if system setting system.allow_customer_shell is true, else false\n\t * @param int $gender\n\t * optional, 0 = no-gender, 1 = male, 2 = female\n\t * @param string $custom_notes\n\t * optional notes\n\t * @param bool $custom_notes_show\n\t * optional, whether to show the content of custom_notes to the customer, default 0\n\t * (false)\n\t * @param string $new_loginname\n\t * optional, if empty generated automatically using customer-prefix and increasing\n\t * number\n\t * @param string $new_customer_password\n\t * optional, if empty generated automatically and send to the customer's email if\n\t * $sendpassword is 1\n\t * @param bool $sendpassword\n\t * optional, whether to send the password to the customer after creation, default 0\n\t * (false)\n\t * @param int $diskspace\n\t * optional disk-space available for customer in MB, default 0\n\t * @param bool $diskspace_ul\n\t * optional, whether customer should have unlimited diskspace, default 0 (false)\n\t * @param int $traffic\n\t * optional traffic available for customer in GB, default 0\n\t * @param bool $traffic_ul\n\t * optional, whether customer should have unlimited traffic, default 0 (false)\n\t * @param int $subdomains\n\t * optional amount of subdomains available for customer, default 0\n\t * @param bool $subdomains_ul\n\t * optional, whether customer should have unlimited subdomains, default 0 (false)\n\t * @param int $emails\n\t * optional amount of emails available for customer, default 0\n\t * @param bool $emails_ul\n\t * optional, whether customer should have unlimited emails, default 0 (false)\n\t * @param int $email_accounts\n\t * optional amount of email-accounts available for customer, default 0\n\t * @param bool $email_accounts_ul\n\t * optional, whether customer should have unlimited email-accounts, default 0 (false)\n\t * @param int $email_forwarders\n\t * optional amount of email-forwarders available for customer, default 0\n\t * @param bool $email_forwarders_ul\n\t * optional, whether customer should have unlimited email-forwarders, default 0 (false)\n\t * @param int $email_quota\n\t * optional size of email-quota available for customer in MB, default is system-setting\n\t * mail_quota\n\t * @param bool $email_quota_ul\n\t * optional, whether customer should have unlimited email-quota, default 0 (false)\n\t * @param bool $email_imap\n\t * optional, whether to allow IMAP access, default 0 (false)\n\t * @param bool $email_pop3\n\t * optional, whether to allow POP3 access, default 0 (false)\n\t * @param int $ftps\n\t * optional amount of ftp-accounts available for customer, default 0\n\t * @param bool $ftps_ul\n\t * optional, whether customer should have unlimited ftp-accounts, default 0 (false)\n\t * @param int $mysqls\n\t * optional amount of mysql-databases available for customer, default 0\n\t * @param bool $mysqls_ul\n\t * optional, whether customer should have unlimited mysql-databases, default 0 (false)\n\t * @param bool $createstdsubdomain\n\t * optional, whether to create a standard-subdomain ([loginname].froxlor-hostname.tld),\n\t * default [system.createstdsubdom_default]\n\t * @param bool $phpenabled\n\t * optional, whether to allow usage of PHP, default 0 (false)\n\t * @param array $allowed_phpconfigs\n\t * optional, array of IDs of php-config that the customer is allowed to use, default\n\t * empty (none)\n\t * @param bool $perlenabled\n\t * optional, whether to allow usage of Perl/CGI, default 0 (false)\n\t * @param bool $dnsenabled\n\t * optional, whether to allow usage of the DNS editor (requires activated nameserver in\n\t * settings), default 0 (false)\n\t * @param bool $logviewenabled\n\t * optional, whether to allow access to webserver access/error-logs, default 0 (false)\n\t * @param bool $store_defaultindex\n\t * optional, whether to store the default index file to customers homedir\n\t * @param int $hosting_plan_id\n\t * optional, specify a hosting-plan to set certain resource-values from the plan\n\t * instead of specifying them\n\t * @param array $allowed_mysqlserver\n\t * optional, array of IDs of defined mysql-servers the customer is allowed to use,\n\t * default is to allow the default dbserver (id=0)\n\t *\n\t * @access admin\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function add()\n\t{\n\t\tif ($this->isAdmin()) {\n\t\t\tif ($this->getUserDetail('customers_used') < $this->getUserDetail('customers') || $this->getUserDetail('customers') == '-1') {\n\t\t\t\t// required parameters\n\t\t\t\t$email = $this->getParam('email');\n\n\t\t\t\t// parameters\n\t\t\t\t$name = $this->getParam('name', true, '');\n\t\t\t\t$firstname = $this->getParam('firstname', true, '');\n\t\t\t\t$company_required = (!empty($name) && empty($firstname)) || (empty($name) && !empty($firstname)) || (empty($name) && empty($firstname));\n\t\t\t\t$company = $this->getParam('company', !$company_required, '');\n\t\t\t\t$street = $this->getParam('street', true, '');\n\t\t\t\t$zipcode = $this->getParam('zipcode', true, '');\n\t\t\t\t$city = $this->getParam('city', true, '');\n\t\t\t\t$phone = $this->getParam('phone', true, '');\n\t\t\t\t$fax = $this->getParam('fax', true, '');\n\t\t\t\t$customernumber = $this->getParam('customernumber', true, '');\n\t\t\t\t$def_language = $this->getParam('def_language', true, Settings::Get('panel.standardlanguage'));\n\t\t\t\t$gui_access = $this->getBoolParam('gui_access', true, 1);\n\t\t\t\t$api_allowed = $this->getBoolParam('api_allowed', true, (Settings::Get('api.enabled') && Settings::Get('api.customer_default')));\n\t\t\t\t$shell_allowed = $this->getBoolParam('shell_allowed', true, intval(Settings::Get('system.allow_customer_shell')));\n\t\t\t\t$gender = (int)$this->getParam('gender', true, 0);\n\t\t\t\t$custom_notes = $this->getParam('custom_notes', true, '');\n\t\t\t\t$custom_notes_show = $this->getBoolParam('custom_notes_show', true, 0);\n\t\t\t\t$createstdsubdomain = $this->getBoolParam('createstdsubdomain', true, Settings::Get('system.createstdsubdom_default'));\n\t\t\t\t$password = $this->getParam('new_customer_password', true, '');\n\t\t\t\t$sendpassword = $this->getBoolParam('sendpassword', true, 0);\n\t\t\t\t$store_defaultindex = $this->getBoolParam('store_defaultindex', true, 0);\n\t\t\t\t$loginname = $this->getParam('new_loginname', true, '');\n\n\t\t\t\t// hosting-plan values\n\t\t\t\t$hosting_plan_id = $this->getParam('hosting_plan_id', true, 0);\n\t\t\t\tif ($hosting_plan_id > 0) {\n\t\t\t\t\t$hp_result = $this->apiCall('HostingPlans.get', [\n\t\t\t\t\t\t'id' => $hosting_plan_id\n\t\t\t\t\t]);\n\t\t\t\t\t$hp_result['value'] = json_decode($hp_result['value'], true);\n\t\t\t\t\tforeach ($hp_result['value'] as $index => $value) {\n\t\t\t\t\t\t$hp_result[$index] = $value;\n\t\t\t\t\t}\n\t\t\t\t\t$diskspace = $hp_result['diskspace'] ?? 0;\n\t\t\t\t\t$traffic = $hp_result['traffic'] ?? 0;\n\t\t\t\t\t$subdomains = $hp_result['subdomains'] ?? 0;\n\t\t\t\t\t$emails = $hp_result['emails'] ?? 0;\n\t\t\t\t\t$email_accounts = $hp_result['email_accounts'] ?? 0;\n\t\t\t\t\t$email_forwarders = $hp_result['email_forwarders'] ?? 0;\n\t\t\t\t\t$email_quota = $hp_result['email_quota'] ?? Settings::Get('system.mail_quota');\n\t\t\t\t\t$email_imap = $hp_result['email_imap'] ?? 0;\n\t\t\t\t\t$email_pop3 = $hp_result['email_pop3'] ?? 0;\n\t\t\t\t\t$ftps = $hp_result['ftps'] ?? 0;\n\t\t\t\t\t$mysqls = $hp_result['mysqls'] ?? 0;\n\t\t\t\t\t$phpenabled = $hp_result['phpenabled'] ?? 0;\n\t\t\t\t\t$p_allowed_phpconfigs = $hp_result['allowed_phpconfigs'] ?? 0;\n\t\t\t\t\t$perlenabled = $hp_result['perlenabled'] ?? 0;\n\t\t\t\t\t$dnsenabled = $hp_result['dnsenabled'] ?? 0;\n\t\t\t\t\t$logviewenabled = $hp_result['logviewenabled'] ?? 0;\n\t\t\t\t} else {\n\t\t\t\t\t$diskspace = $this->getUlParam('diskspace', 'diskspace_ul', true, 0);\n\t\t\t\t\t$traffic = $this->getUlParam('traffic', 'traffic_ul', true, 0);\n\t\t\t\t\t$subdomains = $this->getUlParam('subdomains', 'subdomains_ul', true, 0);\n\t\t\t\t\t$emails = $this->getUlParam('emails', 'emails_ul', true, 0);\n\t\t\t\t\t$email_accounts = $this->getUlParam('email_accounts', 'email_accounts_ul', true, 0);\n\t\t\t\t\t$email_forwarders = $this->getUlParam('email_forwarders', 'email_forwarders_ul', true, 0);\n\t\t\t\t\t$email_quota = $this->getUlParam('email_quota', 'email_quota_ul', true, Settings::Get('system.mail_quota'));\n\t\t\t\t\t$email_imap = $this->getBoolParam('email_imap', true, 0);\n\t\t\t\t\t$email_pop3 = $this->getBoolParam('email_pop3', true, 0);\n\t\t\t\t\t$ftps = $this->getUlParam('ftps', 'ftps_ul', true, 0);\n\t\t\t\t\t$mysqls = $this->getUlParam('mysqls', 'mysqls_ul', true, 0);\n\t\t\t\t\t$phpenabled = $this->getBoolParam('phpenabled', true, 0);\n\t\t\t\t\t$p_allowed_phpconfigs = $this->getParam('allowed_phpconfigs', true, []);\n\t\t\t\t\t$perlenabled = $this->getBoolParam('perlenabled', true, 0);\n\t\t\t\t\t$dnsenabled = $this->getBoolParam('dnsenabled', true, 0);\n\t\t\t\t\t$logviewenabled = $this->getBoolParam('logviewenabled', true, 0);\n\t\t\t\t}\n\n\t\t\t\tif ($mysqls == -1 || $mysqls > 0) {\n\t\t\t\t\t$p_allowed_mysqlserver = $this->getParam('allowed_mysqlserver', true, [0]);\n\t\t\t\t} else {\n\t\t\t\t\t// mysql not allowed, so no mysql available for customer\n\t\t\t\t\t$p_allowed_mysqlserver = [];\n\t\t\t\t}\n\n\t\t\t\t// validation\n\t\t\t\t$name = Validate::validate($name, 'name', Validate::REGEX_DESC_TEXT, '', [], true);\n\t\t\t\t$firstname = Validate::validate($firstname, 'first name', Validate::REGEX_DESC_TEXT, '', [], true);\n\t\t\t\t$company = Validate::validate($company, 'company', Validate::REGEX_DESC_TEXT, '', [], true);\n\t\t\t\t$street = Validate::validate($street, 'street', Validate::REGEX_DESC_TEXT, '', [], true);\n\t\t\t\t$zipcode = Validate::validate($zipcode, 'zipcode', '/^[0-9 \\-A-Z]*$/', '', [], true);\n\t\t\t\t$city = Validate::validate($city, 'city', Validate::REGEX_DESC_TEXT, '', [], true);\n\t\t\t\t$phone = Validate::validate($phone, 'phone', '/^[0-9\\- \\+\\(\\)\\/]*$/', '', [], true);\n\t\t\t\t$fax = Validate::validate($fax, 'fax', '/^[0-9\\- \\+\\(\\)\\/]*$/', '', [], true);\n\t\t\t\t$idna_convert = new IdnaWrapper();\n\t\t\t\t$email = $idna_convert->encode(Validate::validate($email, 'email', '', '', [], true));\n\t\t\t\t$customernumber = Validate::validate($customernumber, 'customer number', '/^[A-Za-z0-9 \\-]*$/Di', '', [], true);\n\t\t\t\t$def_language = Validate::validate($def_language, 'default language', '', '', [], true);\n\t\t\t\tif (!empty($def_language) && !isset(Language::getLanguages()[$def_language])) {\n\t\t\t\t\t$def_language = Settings::Get('panel.standardlanguage');\n\t\t\t\t}\n\t\t\t\t$custom_notes = Validate::validate(str_replace(\"\\r\\n\", \"\\n\", $custom_notes), 'custom_notes', Validate::REGEX_CONF_TEXT, '', [], true);\n\n\t\t\t\tif (Settings::Get('system.mail_quota_enabled') != '1') {\n\t\t\t\t\t$email_quota = -1;\n\t\t\t\t}\n\n\t\t\t\t$password = Validate::validate($password, 'password', '', '', [], true);\n\t\t\t\t// only check if not empty,\n\t\t\t\t// cause empty == generate password automatically\n\t\t\t\tif ($password != '') {\n\t\t\t\t\t$password = Crypt::validatePassword($password, true);\n\t\t\t\t}\n\n\t\t\t\t// gender out of range? [0,2]\n\t\t\t\tif ($gender < 0 || $gender > 2) {\n\t\t\t\t\t$gender = 0;\n\t\t\t\t}\n\n\t\t\t\t$allowed_phpconfigs = [];\n\t\t\t\tif (!empty($p_allowed_phpconfigs) && is_array($p_allowed_phpconfigs)) {\n\t\t\t\t\tforeach ($p_allowed_phpconfigs as $allowed_phpconfig) {\n\t\t\t\t\t\t$allowed_phpconfig = intval($allowed_phpconfig);\n\t\t\t\t\t\t$allowed_phpconfigs[] = $allowed_phpconfig;\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\t$allowed_phpconfigs = array_map('intval', $allowed_phpconfigs);\n\n\t\t\t\tif (empty($allowed_phpconfigs) && $phpenabled == 1) {\n\t\t\t\t\t// only required if not using mod_php\n\t\t\t\t\tif ((int)Settings::Get('system.mod_fcgid') == 1 || (int)Settings::Get('phpfpm.enabled') == 1) {\n\t\t\t\t\t\tResponse::standardError('customerphpenabledbutnoconfig', '', true);\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\t$allowed_mysqlserver = array();\n\t\t\t\tif (!empty($p_allowed_mysqlserver) && is_array($p_allowed_mysqlserver)) {\n\t\t\t\t\tforeach ($p_allowed_mysqlserver as $allowed_ms) {\n\t\t\t\t\t\t$allowed_ms = intval($allowed_ms);\n\t\t\t\t\t\t$allowed_mysqlserver[] = $allowed_ms;\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\t$allowed_mysqlserver = array_map('intval', $allowed_mysqlserver);\n\n\t\t\t\t$diskspace *= 1024;\n\t\t\t\t$traffic *= 1024 * 1024;\n\n\t\t\t\tif (\n\t\t\t\t\t($diskspace != 0 && (($this->getUserDetail('diskspace_used') + $diskspace) > $this->getUserDetail('diskspace')) && ($this->getUserDetail('diskspace') / 1024) != '-1')\n\t\t\t\t\t|| ($mysqls != 0 && (($this->getUserDetail('mysqls_used') + $mysqls) > $this->getUserDetail('mysqls')) && $this->getUserDetail('mysqls') != '-1')\n\t\t\t\t\t|| ($emails != 0 && (($this->getUserDetail('emails_used') + $emails) > $this->getUserDetail('emails')) && $this->getUserDetail('emails') != '-1')\n\t\t\t\t\t|| ($email_accounts != 0 && (($this->getUserDetail('email_accounts_used') + $email_accounts) > $this->getUserDetail('email_accounts')) && $this->getUserDetail('email_accounts') != '-1')\n\t\t\t\t\t|| ($email_forwarders != 0 && (($this->getUserDetail('email_forwarders_used') + $email_forwarders) > $this->getUserDetail('email_forwarders')) && $this->getUserDetail('email_forwarders') != '-1')\n\t\t\t\t\t|| ($email_quota != 0 && (($this->getUserDetail('email_quota_used') + $email_quota) > $this->getUserDetail('email_quota')) && $this->getUserDetail('email_quota') != '-1' && Settings::Get('system.mail_quota_enabled') == '1')\n\t\t\t\t\t|| ($ftps != 0 && (($this->getUserDetail('ftps_used') + $ftps) > $this->getUserDetail('ftps')) && $this->getUserDetail('ftps') != '-1')\n\t\t\t\t\t|| ($subdomains != 0 && (($this->getUserDetail('subdomains_used') + $subdomains) > $this->getUserDetail('subdomains')) && $this->getUserDetail('subdomains') != '-1')\n\t\t\t\t\t|| (($diskspace / 1024) == '-1' && ($this->getUserDetail('diskspace') / 1024) != '-1')\n\t\t\t\t\t|| ($mysqls == '-1' && $this->getUserDetail('mysqls') != '-1')\n\t\t\t\t\t|| ($emails == '-1' && $this->getUserDetail('emails') != '-1')\n\t\t\t\t\t|| ($email_accounts == '-1' && $this->getUserDetail('email_accounts') != '-1')\n\t\t\t\t\t|| ($email_forwarders == '-1' && $this->getUserDetail('email_forwarders') != '-1')\n\t\t\t\t\t|| ($email_quota == '-1' && $this->getUserDetail('email_quota') != '-1' && Settings::Get('system.mail_quota_enabled') == '1')\n\t\t\t\t\t|| ($ftps == '-1' && $this->getUserDetail('ftps') != '-1')\n\t\t\t\t\t|| ($subdomains == '-1' && $this->getUserDetail('subdomains') != '-1')\n\t\t\t\t) {\n\t\t\t\t\tResponse::standardError('youcantallocatemorethanyouhave', '', true);\n\t\t\t\t}\n\n\t\t\t\tif (!Validate::validateEmail($email)) {\n\t\t\t\t\tResponse::standardError('emailiswrong', $email, true);\n\t\t\t\t} else {\n\t\t\t\t\tif ($loginname != '') {\n\t\t\t\t\t\t$accountnumber = intval(Settings::Get('system.lastaccountnumber'));\n\t\t\t\t\t\t$loginname = Validate::validate($loginname, 'loginname', '/^[a-z][a-z0-9\\-_]+$/i', '', [], true);\n\n\t\t\t\t\t\t// Accounts which match systemaccounts are not allowed, filtering them\n\t\t\t\t\t\tif (preg_match('/^' . preg_quote(Settings::Get('customer.accountprefix'), '/') . '([0-9]+)/', $loginname)) {\n\t\t\t\t\t\t\tResponse::standardError('loginnameisusingprefix', Settings::Get('customer.accountprefix'), true);\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\t// Additional filtering for Bug #962\n\t\t\t\t\t\tif (function_exists('posix_getpwnam') && !in_array(\"posix_getpwnam\", explode(\",\", ini_get('disable_functions'))) && posix_getpwnam($loginname)) {\n\t\t\t\t\t\t\tResponse::standardError('loginnameissystemaccount', $loginname, true);\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\t// blacklist some system-internal names that might lead to issues\n\t\t\t\t\t\tDatabase::needSqlData();\n\t\t\t\t\t\t$sqldata = Database::getSqlData();\n\t\t\t\t\t\tDatabase::needRoot(true);\n\t\t\t\t\t\tDatabase::needSqlData();\n\t\t\t\t\t\t$sqlrdata = Database::getSqlData();\n\t\t\t\t\t\t$login_blacklist = [\n\t\t\t\t\t\t\t'root',\n\t\t\t\t\t\t\t'admin',\n\t\t\t\t\t\t\t'froxroot',\n\t\t\t\t\t\t\t'froxlor',\n\t\t\t\t\t\t\t$sqldata['user'],\n\t\t\t\t\t\t\t$sqldata['db'],\n\t\t\t\t\t\t\t$sqlrdata['user'],\n\t\t\t\t\t\t];\n\t\t\t\t\t\tunset($sqldata);\n\t\t\t\t\t\tunset($sqlrdata);\n\t\t\t\t\t\t$login_blacklist = array_unique($login_blacklist);\n\t\t\t\t\t\tif (in_array($loginname, $login_blacklist)) {\n\t\t\t\t\t\t\tResponse::standardError('loginnameisreservedname', $loginname, true);\n\t\t\t\t\t\t}\n\t\t\t\t\t} else {\n\t\t\t\t\t\t$accountnumber = intval(Settings::Get('system.lastaccountnumber')) + 1;\n\t\t\t\t\t\t$loginname = Settings::Get('customer.accountprefix') . $accountnumber;\n\t\t\t\t\t}\n\n\t\t\t\t\t// Check if the account already exists\n\t\t\t\t\t// do not check via api as we skip any permission checks for this task\n\t\t\t\t\t$loginname_check_stmt = Database::prepare(\"\n\t\t\t\t\t\tSELECT `loginname` FROM `\" . TABLE_PANEL_CUSTOMERS . \"` WHERE `loginname` = :login\n\t\t\t\t\t\");\n\t\t\t\t\t$loginname_check = Database::pexecute_first($loginname_check_stmt, [\n\t\t\t\t\t\t'login' => $loginname\n\t\t\t\t\t], true, true);\n\n\t\t\t\t\t// Check if an admin with the loginname already exists\n\t\t\t\t\t// do not check via api as we skip any permission checks for this task\n\t\t\t\t\t$loginname_check_admin_stmt = Database::prepare(\"\n\t\t\t\t\t\tSELECT `loginname` FROM `\" . TABLE_PANEL_ADMINS . \"` WHERE `loginname` = :login\n\t\t\t\t\t\");\n\t\t\t\t\t$loginname_check_admin = Database::pexecute_first($loginname_check_admin_stmt, [\n\t\t\t\t\t\t'login' => $loginname\n\t\t\t\t\t], true, true);\n\n\t\t\t\t\t// Check for existing email address\n\t\t\t\t\t// do not check via api as we skip any permission checks for this task\n\t\t\t\t\t$email_check_admin_stmt = Database::prepare(\"\n\t\t\t\t\t\tSELECT `email` FROM `\" . TABLE_PANEL_ADMINS . \"` WHERE `email` = :email\n\t\t\t\t\t\");\n\t\t\t\t\t$email_check_admin = Database::pexecute_first($email_check_admin_stmt, [\n\t\t\t\t\t\t'email' => $email\n\t\t\t\t\t], true, true);\n\n\t\t\t\t\t$mysql_maxlen = Database::getSqlUsernameLength() - strlen(Settings::Get('customer.mysqlprefix'));\n\t\t\t\t\tif (($loginname_check && strtolower($loginname_check['loginname']) == strtolower($loginname)) || ($loginname_check_admin && strtolower($loginname_check_admin['loginname']) == strtolower($loginname))) {\n\t\t\t\t\t\tResponse::standardError('loginnameexists', $loginname, true);\n\t\t\t\t\t} elseif (!Validate::validateUsername($loginname, Settings::Get('panel.unix_names'), $mysql_maxlen)) {\n\t\t\t\t\t\tif (strlen($loginname) > $mysql_maxlen) {\n\t\t\t\t\t\t\tResponse::standardError('loginnameiswrong2', $mysql_maxlen, true);\n\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\tResponse::standardError('loginnameiswrong', $loginname, true);\n\t\t\t\t\t\t}\n\t\t\t\t\t} elseif ($email_check_admin && strtolower($email_check_admin['email']) == strtolower($email)) {\n\t\t\t\t\t\tResponse::standardError('emailexistsanon', $email, true);\n\t\t\t\t\t}\n\n\t\t\t\t\t$guid = intval(Settings::Get('system.lastguid')) + 1;\n\t\t\t\t\t$documentroot = FileDir::makeCorrectDir(Settings::Get('system.documentroot_prefix') . '/' . $loginname);\n\n\t\t\t\t\tif (file_exists($documentroot)) {\n\t\t\t\t\t\tResponse::standardError('documentrootexists', $documentroot, true);\n\t\t\t\t\t}\n\n\t\t\t\t\tif ($password == '') {\n\t\t\t\t\t\t$password = Crypt::generatePassword();\n\t\t\t\t\t}\n\n\t\t\t\t\t$_theme = Settings::Get('panel.default_theme');\n\n\t\t\t\t\t$ins_data = [\n\t\t\t\t\t\t'adminid' => $this->getUserDetail('adminid'),\n\t\t\t\t\t\t'loginname' => $loginname,\n\t\t\t\t\t\t'passwd' => Crypt::makeCryptPassword($password),\n\t\t\t\t\t\t'name' => $name,\n\t\t\t\t\t\t'firstname' => $firstname,\n\t\t\t\t\t\t'gender' => $gender,\n\t\t\t\t\t\t'company' => $company,\n\t\t\t\t\t\t'street' => $street,\n\t\t\t\t\t\t'zipcode' => $zipcode,\n\t\t\t\t\t\t'city' => $city,\n\t\t\t\t\t\t'phone' => $phone,\n\t\t\t\t\t\t'fax' => $fax,\n\t\t\t\t\t\t'email' => $email,\n\t\t\t\t\t\t'customerno' => $customernumber,\n\t\t\t\t\t\t'lang' => $def_language,\n\t\t\t\t\t\t'gui_access' => $gui_access,\n\t\t\t\t\t\t'api_allowed' => $api_allowed,\n\t\t\t\t\t\t'shell_allowed' => $shell_allowed,\n\t\t\t\t\t\t'docroot' => $documentroot,\n\t\t\t\t\t\t'guid' => $guid,\n\t\t\t\t\t\t'diskspace' => $diskspace,\n\t\t\t\t\t\t'traffic' => $traffic,\n\t\t\t\t\t\t'subdomains' => $subdomains,\n\t\t\t\t\t\t'emails' => $emails,\n\t\t\t\t\t\t'email_accounts' => $email_accounts,\n\t\t\t\t\t\t'email_forwarders' => $email_forwarders,\n\t\t\t\t\t\t'email_quota' => $email_quota,\n\t\t\t\t\t\t'ftps' => $ftps,\n\t\t\t\t\t\t'mysqls' => $mysqls,\n\t\t\t\t\t\t'phpenabled' => $phpenabled,\n\t\t\t\t\t\t'allowed_phpconfigs' => empty($allowed_phpconfigs) ? \"\" : json_encode($allowed_phpconfigs),\n\t\t\t\t\t\t'imap' => $email_imap,\n\t\t\t\t\t\t'pop3' => $email_pop3,\n\t\t\t\t\t\t'perlenabled' => $perlenabled,\n\t\t\t\t\t\t'dnsenabled' => $dnsenabled,\n\t\t\t\t\t\t'logviewenabled' => $logviewenabled,\n\t\t\t\t\t\t'theme' => $_theme,\n\t\t\t\t\t\t'custom_notes' => $custom_notes,\n\t\t\t\t\t\t'custom_notes_show' => $custom_notes_show,\n\t\t\t\t\t\t'allowed_mysqlserver' => empty($allowed_mysqlserver) ? \"\" : json_encode($allowed_mysqlserver)\n\t\t\t\t\t];\n\n\t\t\t\t\t$ins_stmt = Database::prepare(\"\n\t\t\t\t\t\tINSERT INTO `\" . TABLE_PANEL_CUSTOMERS . \"` SET\n\t\t\t\t\t\t`adminid` = :adminid,\n\t\t\t\t\t\t`loginname` = :loginname,\n\t\t\t\t\t\t`password` = :passwd,\n\t\t\t\t\t\t`name` = :name,\n\t\t\t\t\t\t`firstname` = :firstname,\n\t\t\t\t\t\t`gender` = :gender,\n\t\t\t\t\t\t`company` = :company,\n\t\t\t\t\t\t`street` = :street,\n\t\t\t\t\t\t`zipcode` = :zipcode,\n\t\t\t\t\t\t`city` = :city,\n\t\t\t\t\t\t`phone` = :phone,\n\t\t\t\t\t\t`fax` = :fax,\n\t\t\t\t\t\t`email` = :email,\n\t\t\t\t\t\t`customernumber` = :customerno,\n\t\t\t\t\t\t`def_language` = :lang,\n\t\t\t\t\t\t`gui_access` = :gui_access,\n\t\t\t\t\t\t`api_allowed` = :api_allowed,\n\t\t\t\t\t\t`shell_allowed` = :shell_allowed,\n\t\t\t\t\t\t`documentroot` = :docroot,\n\t\t\t\t\t\t`guid` = :guid,\n\t\t\t\t\t\t`diskspace` = :diskspace,\n\t\t\t\t\t\t`traffic` = :traffic,\n\t\t\t\t\t\t`subdomains` = :subdomains,\n\t\t\t\t\t\t`emails` = :emails,\n\t\t\t\t\t\t`email_accounts` = :email_accounts,\n\t\t\t\t\t\t`email_forwarders` = :email_forwarders,\n\t\t\t\t\t\t`email_quota` = :email_quota,\n\t\t\t\t\t\t`ftps` = :ftps,\n\t\t\t\t\t\t`mysqls` = :mysqls,\n\t\t\t\t\t\t`standardsubdomain` = '0',\n\t\t\t\t\t\t`phpenabled` = :phpenabled,\n\t\t\t\t\t\t`allowed_phpconfigs` = :allowed_phpconfigs,\n\t\t\t\t\t\t`imap` = :imap,\n\t\t\t\t\t\t`pop3` = :pop3,\n\t\t\t\t\t\t`perlenabled` = :perlenabled,\n\t\t\t\t\t\t`dnsenabled` = :dnsenabled,\n\t\t\t\t\t\t`logviewenabled` = :logviewenabled,\n\t\t\t\t\t\t`theme` = :theme,\n\t\t\t\t\t\t`custom_notes` = :custom_notes,\n\t\t\t\t\t\t`custom_notes_show` = :custom_notes_show,\n\t\t\t\t\t\t`allowed_mysqlserver`= :allowed_mysqlserver\n\t\t\t\t\t\");\n\t\t\t\t\tDatabase::pexecute($ins_stmt, $ins_data, true, true);\n\n\t\t\t\t\t$customerid = Database::lastInsertId();\n\t\t\t\t\t$ins_data['customerid'] = $customerid;\n\n\t\t\t\t\tAdmins::increaseUsage($this->getUserDetail('adminid'), 'customers_used');\n\n\t\t\t\t\t// update admin resource-usage\n\t\t\t\t\tif ($mysqls != '-1') {\n\t\t\t\t\t\tAdmins::increaseUsage($this->getUserDetail('adminid'), 'mysqls_used', '', (int)$mysqls);\n\t\t\t\t\t}\n\n\t\t\t\t\tif ($emails != '-1') {\n\t\t\t\t\t\tAdmins::increaseUsage($this->getUserDetail('adminid'), 'emails_used', '', (int)$emails);\n\t\t\t\t\t}\n\n\t\t\t\t\tif ($email_accounts != '-1') {\n\t\t\t\t\t\tAdmins::increaseUsage($this->getUserDetail('adminid'), 'email_accounts_used', '', (int)$email_accounts);\n\t\t\t\t\t}\n\n\t\t\t\t\tif ($email_forwarders != '-1') {\n\t\t\t\t\t\tAdmins::increaseUsage($this->getUserDetail('adminid'), 'email_forwarders_used', '', (int)$email_forwarders);\n\t\t\t\t\t}\n\n\t\t\t\t\tif ($email_quota != '-1') {\n\t\t\t\t\t\tAdmins::increaseUsage($this->getUserDetail('adminid'), 'email_quota_used', '', (int)$email_quota);\n\t\t\t\t\t}\n\n\t\t\t\t\tif ($subdomains != '-1') {\n\t\t\t\t\t\tAdmins::increaseUsage($this->getUserDetail('adminid'), 'subdomains_used', '', (int)$subdomains);\n\t\t\t\t\t}\n\n\t\t\t\t\tif ($ftps != '-1') {\n\t\t\t\t\t\tAdmins::increaseUsage($this->getUserDetail('adminid'), 'ftps_used', '', (int)$ftps);\n\t\t\t\t\t}\n\n\t\t\t\t\tif (($diskspace / 1024) != '-1') {\n\t\t\t\t\t\tAdmins::increaseUsage($this->getUserDetail('adminid'), 'diskspace_used', '', (int)$diskspace);\n\t\t\t\t\t}\n\n\t\t\t\t\t// update last guid\n\t\t\t\t\tSettings::Set('system.lastguid', $guid, true);\n\n\t\t\t\t\tif ($accountnumber != intval(Settings::Get('system.lastaccountnumber'))) {\n\t\t\t\t\t\t// update last account number\n\t\t\t\t\t\tSettings::Set('system.lastaccountnumber', $accountnumber, true);\n\t\t\t\t\t}\n\n\t\t\t\t\t$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, \"[API] added customer '\" . $loginname . \"'\");\n\t\t\t\t\tunset($ins_data);\n\n\t\t\t\t\t// insert task to create homedir etc.\n\t\t\t\t\tCronjob::inserttask(TaskId::CREATE_HOME, $loginname, $guid, $guid, $store_defaultindex);\n\n\t\t\t\t\t// Using filesystem - quota, insert a task which cleans the filesystem - quota\n\t\t\t\t\tCronjob::inserttask(TaskId::CREATE_QUOTA);\n\n\t\t\t\t\t// Add htpasswd for the stats-pages\n\t\t\t\t\t$htpasswdPassword = Crypt::makeCryptPassword($password, true);\n\n\t\t\t\t\t$ins_stmt = Database::prepare(\"\n\t\t\t\t\t\tINSERT INTO `\" . TABLE_PANEL_HTPASSWDS . \"` SET\n\t\t\t\t\t\t`customerid` = :customerid,\n\t\t\t\t\t\t`username` = :username,\n\t\t\t\t\t\t`password` = :passwd,\n\t\t\t\t\t\t`path` = :path\n\t\t\t\t\t\");\n\t\t\t\t\t$ins_data = [\n\t\t\t\t\t\t'customerid' => $customerid,\n\t\t\t\t\t\t'username' => $loginname,\n\t\t\t\t\t\t'passwd' => $htpasswdPassword\n\t\t\t\t\t];\n\n\t\t\t\t\t$stats_folder = Settings::Get('system.traffictool');\n\t\t\t\t\t$ins_data['path'] = FileDir::makeCorrectDir($documentroot . '/' . $stats_folder . '/');\n\t\t\t\t\t$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, \"[API] automatically added \" . $stats_folder . \" htpasswd for user '\" . $loginname . \"'\");\n\t\t\t\t\tDatabase::pexecute($ins_stmt, $ins_data, true, true);\n\n\t\t\t\t\tCronjob::inserttask(TaskId::REBUILD_VHOST);\n\n\t\t\t\t\t// add default FTP-User\n\t\t\t\t\t// also, add froxlor-local user to ftp-group (if exists!) to\n\t\t\t\t\t// allow access to customer-directories from within the panel, which\n\t\t\t\t\t// is necessary when pathedit = Dropdown\n\t\t\t\t\t$local_users = [\n\t\t\t\t\t\tSettings::Get('system.httpuser')\n\t\t\t\t\t];\n\t\t\t\t\tif ((int)Settings::Get('system.mod_fcgid_ownvhost') == 1 || (int)Settings::Get('phpfpm.enabled_ownvhost') == 1) {\n\t\t\t\t\t\tif ((int)Settings::Get('system.mod_fcgid') == 1) {\n\t\t\t\t\t\t\t$local_user = Settings::Get('system.mod_fcgid_httpuser');\n\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t$local_user = Settings::Get('phpfpm.vhost_httpuser');\n\t\t\t\t\t\t}\n\t\t\t\t\t\t// check froxlor-local user membership in ftp-group\n\t\t\t\t\t\t// without this check addition may duplicate user in list if httpuser == local_user\n\t\t\t\t\t\tif (in_array($local_user, $local_users) == false) {\n\t\t\t\t\t\t\t$local_users[] = $local_user;\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t\t$this->apiCall('Ftps.add', [\n\t\t\t\t\t\t'customerid' => $customerid,\n\t\t\t\t\t\t'path' => '/',\n\t\t\t\t\t\t'ftp_password' => $password,\n\t\t\t\t\t\t'ftp_description' => \"Default\",\n\t\t\t\t\t\t'sendinfomail' => 0,\n\t\t\t\t\t\t'ftp_username' => $loginname,\n\t\t\t\t\t\t'additional_members' => $local_users,\n\t\t\t\t\t\t'is_defaultuser' => 1\n\t\t\t\t\t]);\n\n\t\t\t\t\t$_stdsubdomain = '';\n\t\t\t\t\tif ($createstdsubdomain == '1') {\n\t\t\t\t\t\tif (Settings::Get('system.stdsubdomain') !== null && Settings::Get('system.stdsubdomain') != '') {\n\t\t\t\t\t\t\t$_stdsubdomain = $loginname . '.' . Settings::Get('system.stdsubdomain');\n\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t$_stdsubdomain = $loginname . '.' . Settings::Get('system.hostname');\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\t$ins_data = [\n\t\t\t\t\t\t\t'domain' => $_stdsubdomain,\n\t\t\t\t\t\t\t'customerid' => $customerid,\n\t\t\t\t\t\t\t'adminid' => $this->getUserDetail('adminid'),\n\t\t\t\t\t\t\t'docroot' => $documentroot,\n\t\t\t\t\t\t\t'phpenabled' => $phpenabled,\n\t\t\t\t\t\t\t'openbasedir' => '1',\n\t\t\t\t\t\t\t'is_stdsubdomain' => 1\n\t\t\t\t\t\t];\n\t\t\t\t\t\t$domainid = -1;\n\t\t\t\t\t\ttry {\n\t\t\t\t\t\t\t$std_domain = $this->apiCall('Domains.add', $ins_data, true);\n\t\t\t\t\t\t\t$domainid = $std_domain['id'];\n\t\t\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\t\t\t$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_ERR, \"[API] Unable to add standard-subdomain: \" . $e->getMessage());\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\tif ($domainid > 0) {\n\t\t\t\t\t\t\t$upd_stmt = Database::prepare(\"\n\t\t\t\t\t\t\t\tUPDATE `\" . TABLE_PANEL_CUSTOMERS . \"` SET `standardsubdomain` = :domainid WHERE `customerid` = :customerid\n\t\t\t\t\t\t\t\");\n\t\t\t\t\t\t\tDatabase::pexecute($upd_stmt, [\n\t\t\t\t\t\t\t\t'domainid' => $domainid,\n\t\t\t\t\t\t\t\t'customerid' => $customerid\n\t\t\t\t\t\t\t], true, true);\n\t\t\t\t\t\t\t$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, \"[API] automatically added standardsubdomain for user '\" . $loginname . \"'\");\n\t\t\t\t\t\t\tCronjob::inserttask(TaskId::REBUILD_VHOST);\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\n\t\t\t\t\t// Create default mysql-user if enabled\n\t\t\t\t\tif ($mysqls != 0) {\n\t\t\t\t\t\tforeach ($allowed_mysqlserver as $dbserver) {\n\t\t\t\t\t\t\t// require privileged access for target db-server\n\t\t\t\t\t\t\tDatabase::needRoot(true, $dbserver, false);\n\t\t\t\t\t\t\t// get DbManager\n\t\t\t\t\t\t\t$dbm = new DbManager($this->logger());\n\t\t\t\t\t\t\t// give permission to the user on every access-host we have\n\t\t\t\t\t\t\tforeach (array_map('trim', explode(',', Settings::Get('system.mysql_access_host'))) as $mysql_access_host) {\n\t\t\t\t\t\t\t\t$dbm->getManager()->grantPrivilegesTo($loginname, $password, $mysql_access_host, false, false, true);\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t$dbm->getManager()->flushPrivileges();\n\t\t\t\t\t\t\tDatabase::needRoot(false);\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\n\t\t\t\t\tif ($sendpassword == '1') {\n\t\t\t\t\t\t$srv_hostname = Settings::Get('system.hostname');\n\t\t\t\t\t\tif (Settings::Get('system.froxlordirectlyviahostname') == '0') {\n\t\t\t\t\t\t\t$srv_hostname .= '/' . basename(\\Froxlor\\Froxlor::getInstallDir());\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\t$srv_ip_stmt = Database::prepare(\"\n\t\t\t\t\t\t\tSELECT ip, port FROM `\" . TABLE_PANEL_IPSANDPORTS . \"`\n\t\t\t\t\t\t\tWHERE `id` = :defaultip\n\t\t\t\t\t\t\");\n\t\t\t\t\t\t$default_ips = Settings::Get('system.defaultip');\n\t\t\t\t\t\t$default_ips = explode(',', $default_ips);\n\t\t\t\t\t\t$srv_ip = Database::pexecute_first($srv_ip_stmt, [\n\t\t\t\t\t\t\t'defaultip' => reset($default_ips)\n\t\t\t\t\t\t], true, true);\n\n\t\t\t\t\t\t$replace_arr = [\n\t\t\t\t\t\t\t'FIRSTNAME' => $firstname,\n\t\t\t\t\t\t\t'NAME' => $name,\n\t\t\t\t\t\t\t'COMPANY' => $company,\n\t\t\t\t\t\t\t'SALUTATION' => User::getCorrectUserSalutation([\n\t\t\t\t\t\t\t\t'firstname' => $firstname,\n\t\t\t\t\t\t\t\t'name' => $name,\n\t\t\t\t\t\t\t\t'company' => $company\n\t\t\t\t\t\t\t]),\n\t\t\t\t\t\t\t'CUSTOMER_NO' => $customernumber,\n\t\t\t\t\t\t\t'USERNAME' => $loginname,\n\t\t\t\t\t\t\t'PASSWORD' => $password,\n\t\t\t\t\t\t\t'SERVER_HOSTNAME' => $srv_hostname,\n\t\t\t\t\t\t\t'SERVER_IP' => $srv_ip['ip'] ?? '',\n\t\t\t\t\t\t\t'SERVER_PORT' => $srv_ip['port'] ?? '',\n\t\t\t\t\t\t\t'DOMAINNAME' => $_stdsubdomain\n\t\t\t\t\t\t];\n\n\t\t\t\t\t\t// get template for mail subject\n\t\t\t\t\t\t$mail_subject = $this->getMailTemplate([\n\t\t\t\t\t\t\t'adminid' => $this->getUserDetail('adminid'),\n\t\t\t\t\t\t\t'def_language' => $def_language\n\t\t\t\t\t\t], 'mails', 'createcustomer_subject', $replace_arr, lng('mails.createcustomer.subject'));\n\t\t\t\t\t\t// get template for mail body\n\t\t\t\t\t\t$mail_body = $this->getMailTemplate([\n\t\t\t\t\t\t\t'adminid' => $this->getUserDetail('adminid'),\n\t\t\t\t\t\t\t'def_language' => $def_language\n\t\t\t\t\t\t], 'mails', 'createcustomer_mailbody', $replace_arr, lng('mails.createcustomer.mailbody'));\n\n\t\t\t\t\t\t$_mailerror = false;\n\t\t\t\t\t\t$mailerr_msg = \"\";\n\t\t\t\t\t\ttry {\n\t\t\t\t\t\t\t$this->mailer()->Subject = $mail_subject;\n\t\t\t\t\t\t\t$this->mailer()->AltBody = $mail_body;\n\t\t\t\t\t\t\t$this->mailer()->Body = str_replace(\"\\n\", \"
\", $mail_body);\n\t\t\t\t\t\t\t$this->mailer()->addAddress($email, User::getCorrectUserSalutation([\n\t\t\t\t\t\t\t\t'firstname' => $firstname,\n\t\t\t\t\t\t\t\t'name' => $name,\n\t\t\t\t\t\t\t\t'company' => $company\n\t\t\t\t\t\t\t]));\n\t\t\t\t\t\t\t$this->mailer()->send();\n\t\t\t\t\t\t} catch (\\PHPMailer\\PHPMailer\\Exception $e) {\n\t\t\t\t\t\t\t$mailerr_msg = $e->errorMessage();\n\t\t\t\t\t\t\t$_mailerror = true;\n\t\t\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\t\t\t$mailerr_msg = $e->getMessage();\n\t\t\t\t\t\t\t$_mailerror = true;\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\tif ($_mailerror) {\n\t\t\t\t\t\t\t$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_ERR, \"[API] Error sending mail: \" . $mailerr_msg);\n\t\t\t\t\t\t\tResponse::standardError('errorsendingmail', $email, true);\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\t$this->mailer()->clearAddresses();\n\t\t\t\t\t\t$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, \"[API] automatically sent password to user '\" . $loginname . \"'\");\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\t$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_WARNING, \"[API] added customer '\" . $loginname . \"'\");\n\n\t\t\t\t$result = $this->apiCall('Customers.get', [\n\t\t\t\t\t'loginname' => $loginname\n\t\t\t\t]);\n\t\t\t\treturn $this->response($result);\n\t\t\t}\n\t\t\tthrow new Exception(\"No more resources available\", 406);\n\t\t}\n\t\tthrow new Exception(\"Not allowed to execute given command.\", 403);\n\t}\n\n\t/**\n\t * return a customer entry by either id or loginname\n\t *\n\t * @param int $id\n\t * optional, the customer-id\n\t * @param string $loginname\n\t * optional, the loginname\n\t * @param bool $show_usages\n\t * optional, default false\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function get()\n\t{\n\t\t$id = $this->getParam('id', true, 0);\n\t\t$ln_optional = $id > 0;\n\t\t$loginname = $this->getParam('loginname', $ln_optional, '');\n\t\t$show_usages = $this->getBoolParam('show_usages', true, false);\n\n\t\tif ($this->isAdmin()) {\n\t\t\t$result_stmt = Database::prepare(\"\n\t\t\tSELECT `c`.*, `a`.`loginname` AS `adminname`\n\t\t\tFROM `\" . TABLE_PANEL_CUSTOMERS . \"` `c`, `\" . TABLE_PANEL_ADMINS . \"` `a`\n\t\t\tWHERE \" . ($id > 0 ? \"`c`.`customerid` = :idln\" : \"`c`.`loginname` = :idln\") . ($this->getUserDetail('customers_see_all') ? '' : \" AND `c`.`adminid` = :adminid\") . \" AND `c`.`adminid` = `a`.`adminid`\");\n\t\t\t$params = [\n\t\t\t\t'idln' => ($id <= 0 ? $loginname : $id)\n\t\t\t];\n\t\t\tif ($this->getUserDetail('customers_see_all') == '0') {\n\t\t\t\t$params['adminid'] = $this->getUserDetail('adminid');\n\t\t\t}\n\t\t} else {\n\t\t\tif (($id > 0 && $id != $this->getUserDetail('customerid')) || !empty($loginname) && $loginname != $this->getUserDetail('loginname')) {\n\t\t\t\tthrow new Exception(\"You cannot access data of other customers\", 401);\n\t\t\t}\n\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\tSELECT * FROM `\" . TABLE_PANEL_CUSTOMERS . \"`\n\t\t\t\tWHERE \" . ($id > 0 ? \"`customerid` = :idln\" : \"`loginname` = :idln\"));\n\t\t\t$params = [\n\t\t\t\t'idln' => ($id <= 0 ? $loginname : $id)\n\t\t\t];\n\t\t}\n\t\t$result = Database::pexecute_first($result_stmt, $params, true, true);\n\t\tif ($result) {\n\t\t\t// check whether the admin does not want the customer to see the notes\n\t\t\tif (!$this->isAdmin() && $result['custom_notes_show'] != 1) {\n\t\t\t\t$result['custom_notes'] = \"\";\n\t\t\t}\n\t\t\tif ($show_usages) {\n\t\t\t\t// get number of domains\n\t\t\t\t$domains_stmt = Database::prepare(\"\n\t\t\t\t\tSELECT COUNT(`id`) AS `domains`\n\t\t\t\t\tFROM `\" . TABLE_PANEL_DOMAINS . \"`\n\t\t\t\t\tWHERE `customerid` = :cid\n\t\t\t\t\tAND `parentdomainid` = '0'\n\t\t\t\t\tAND `id`<> :stdd\n\t\t\t\t\");\n\t\t\t\tDatabase::pexecute($domains_stmt, [\n\t\t\t\t\t'cid' => $result['customerid'],\n\t\t\t\t\t'stdd' => $result['standardsubdomain']\n\t\t\t\t]);\n\t\t\t\t$domains = $domains_stmt->fetch(PDO::FETCH_ASSOC);\n\t\t\t\t$result['domains'] = intval($domains['domains']);\n\t\t\t\t// get disk-space usages for web, mysql and mail\n\t\t\t\t$usages_stmt = Database::prepare(\"\n\t\t\t\t\tSELECT * FROM `\" . TABLE_PANEL_DISKSPACE . \"`\n\t\t\t\t\tWHERE `customerid` = :cid\n\t\t\t\t\tORDER BY `stamp` DESC LIMIT 1\n\t\t\t\t\");\n\t\t\t\t$usages = Database::pexecute_first($usages_stmt, [\n\t\t\t\t\t'cid' => $result['customerid']\n\t\t\t\t]);\n\t\t\t\tif ($usages) {\n\t\t\t\t\t$result['webspace_used'] = $usages['webspace'];\n\t\t\t\t\t$result['mailspace_used'] = $usages['mail'];\n\t\t\t\t\t$result['dbspace_used'] = $usages['mysql'];\n\t\t\t\t} else {\n\t\t\t\t\t$result['webspace_used'] = 0;\n\t\t\t\t\t$result['mailspace_used'] = 0;\n\t\t\t\t\t$result['dbspace_used'] = 0;\n\t\t\t\t}\n\t\t\t}\n\t\t\t$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO, \"[API] get customer '\" . $result['loginname'] . \"'\");\n\t\t\treturn $this->response($result);\n\t\t}\n\t\t$key = ($id > 0 ? \"id #\" . $id : \"loginname '\" . $loginname . \"'\");\n\t\tthrow new Exception(\"Customer with \" . $key . \" could not be found\", 404);\n\t}\n\n\t/**\n\t * increase resource-usage\n\t *\n\t * @param int $customerid\n\t * @param string $resource\n\t * @param string $extra\n\t * optional, default empty\n\t * @param int $increase_by\n\t * optional, default 1\n\t */\n\tpublic static function increaseUsage($customerid = 0, $resource = null, $extra = '', $increase_by = 1)\n\t{\n\t\tself::updateResourceUsage(TABLE_PANEL_CUSTOMERS, 'customerid', $customerid, '+', $resource, $extra, $increase_by);\n\t}\n\n\t/**\n\t * update customer entry by either id or loginname, customer can only change language, password and theme\n\t *\n\t * @param int $id\n\t * optional, the customer-id\n\t * @param string $loginname\n\t * optional, the loginname\n\t * @param string $email\n\t * optional\n\t * @param string $name\n\t * optional if company is set, else required\n\t * @param string $firstname\n\t * optional if company is set, else required\n\t * @param string $company\n\t * optional but required if name/firstname empty\n\t * @param string $street\n\t * optional\n\t * @param string $zipcode\n\t * optional\n\t * @param string $city\n\t * optional\n\t * @param string $phone\n\t * optional\n\t * @param string $fax\n\t * optional\n\t * @param int $customernumber\n\t * optional\n\t * @param string $def_language\n\t * optional, ISO 639-1 language code (e.g. 'en', 'de', see lng-folder for supported languages),\n\t * default is system-default language\n\t * @param bool $gui_access\n\t * optional, allow login via webui, if false ONLY the login via webui is disallowed; default true\n\t * @param bool $api_allowed\n\t * optional, default is true if system setting api.enabled is true, else false\n\t * @param bool $shell_allowed\n\t * optional, default is true if system setting system.allow_customer_shell is true, else false\n\t * @param int $gender\n\t * optional, 0 = no-gender, 1 = male, 2 = female\n\t * @param string $custom_notes\n\t * optional notes\n\t * @param bool $custom_notes_show\n\t * optional, whether to show the content of custom_notes to the customer, default 0\n\t * (false)\n\t * @param string $new_customer_password\n\t * optional, set new password\n\t * @param bool $sendpassword\n\t * optional, whether to send the password to the customer after creation, default 0\n\t * (false)\n\t * @param int $move_to_admin\n\t * optional, if valid admin-id is given here, the customer's admin/reseller can be\n\t * changed\n\t * @param bool $deactivated\n\t * optional, if 1 (true) the customer can be deactivated/suspended\n\t * @param int $diskspace\n\t * optional disk-space available for customer in MB, default 0\n\t * @param bool $diskspace_ul\n\t * optional, whether customer should have unlimited diskspace, default 0 (false)\n\t * @param int $traffic\n\t * optional traffic available for customer in GB, default 0\n\t * @param bool $traffic_ul\n\t * optional, whether customer should have unlimited traffic, default 0 (false)\n\t * @param int $subdomains\n\t * optional amount of subdomains available for customer, default 0\n\t * @param bool $subdomains_ul\n\t * optional, whether customer should have unlimited subdomains, default 0 (false)\n\t * @param int $emails\n\t * optional amount of emails available for customer, default 0\n\t * @param bool $emails_ul\n\t * optional, whether customer should have unlimited emails, default 0 (false)\n\t * @param int $email_accounts\n\t * optional amount of email-accounts available for customer, default 0\n\t * @param bool $email_accounts_ul\n\t * optional, whether customer should have unlimited email-accounts, default 0 (false)\n\t * @param int $email_forwarders\n\t * optional amount of email-forwarders available for customer, default 0\n\t * @param bool $email_forwarders_ul\n\t * optional, whether customer should have unlimited email-forwarders, default 0 (false)\n\t * @param int $email_quota\n\t * optional size of email-quota available for customer in MB, default is system-setting\n\t * mail_quota\n\t * @param bool $email_quota_ul\n\t * optional, whether customer should have unlimited email-quota, default 0 (false)\n\t * @param bool $email_imap\n\t * optional, whether to allow IMAP access, default 0 (false)\n\t * @param bool $email_pop3\n\t * optional, whether to allow POP3 access, default 0 (false)\n\t * @param int $ftps\n\t * optional amount of ftp-accounts available for customer, default 0\n\t * @param bool $ftps_ul\n\t * optional, whether customer should have unlimited ftp-accounts, default 0 (false)\n\t * @param int $mysqls\n\t * optional amount of mysql-databases available for customer, default 0\n\t * @param bool $mysqls_ul\n\t * optional, whether customer should have unlimited mysql-databases, default 0 (false)\n\t * @param bool $createstdsubdomain\n\t * optional, whether to create a standard-subdomain ([loginname].froxlor-hostname.tld),\n\t * default 1 (if customer has std-subdomain) else 0 (false)\n\t * @param bool $phpenabled\n\t * optional, whether to allow usage of PHP, default 0 (false)\n\t * @param array $allowed_phpconfigs\n\t * optional, array of IDs of php-config that the customer is allowed to use, default\n\t * empty (none)\n\t * @param bool $perlenabled\n\t * optional, whether to allow usage of Perl/CGI, default 0 (false)\n\t * @param bool $dnsenabled\n\t * optional, whether to allow usage of the DNS editor (requires activated nameserver in\n\t * settings), default 0 (false)\n\t * @param bool $logviewenabled\n\t * optional, whether to allow access to webserver access/error-logs, default 0 (false)\n\t * @param string $theme\n\t * optional, change theme\n\t * @param array $allowed_mysqlserver\n\t * optional, array of IDs of defined mysql-servers the customer is allowed to use,\n\t * default is to allow the default dbserver (id=0)\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function update()\n\t{\n\t\t$id = $this->getParam('id', true, 0);\n\t\t$ln_optional = $id > 0;\n\t\t$loginname = $this->getParam('loginname', $ln_optional, '');\n\n\t\t$result = $this->apiCall('Customers.get', [\n\t\t\t'id' => $id,\n\t\t\t'loginname' => $loginname\n\t\t]);\n\t\t$id = $result['customerid'];\n\n\t\tif ($this->isAdmin()) {\n\t\t\t// parameters\n\t\t\t$move_to_admin = (int)($this->getParam('move_to_admin', true, 0));\n\n\t\t\t$idna_convert = new IdnaWrapper();\n\t\t\t$email = $this->getParam('email', true, $idna_convert->decode($result['email']));\n\t\t\t$name = $this->getParam('name', true, $result['name']);\n\t\t\t$firstname = $this->getParam('firstname', true, $result['firstname']);\n\t\t\t$company_required = ((!empty($name) && empty($firstname)) || (empty($name) && !empty($firstname)) || (empty($name) && empty($firstname))) && empty($result['company']);\n\t\t\t$company = $this->getParam('company', !$company_required, $result['company']);\n\t\t\t$street = $this->getParam('street', true, $result['street']);\n\t\t\t$zipcode = $this->getParam('zipcode', true, $result['zipcode']);\n\t\t\t$city = $this->getParam('city', true, $result['city']);\n\t\t\t$phone = $this->getParam('phone', true, $result['phone']);\n\t\t\t$fax = $this->getParam('fax', true, $result['fax']);\n\t\t\t$customernumber = $this->getParam('customernumber', true, $result['customernumber']);\n\t\t\t$def_language = $this->getParam('def_language', true, $result['def_language']);\n\t\t\t$gui_access = $this->getBoolParam('gui_access', true, $result['gui_access']);\n\t\t\t$api_allowed = $this->getBoolParam('api_allowed', true, $result['api_allowed']);\n\t\t\t$shell_allowed = $this->getBoolParam('shell_allowed', true, $result['shell_allowed']);\n\t\t\t$gender = (int)$this->getParam('gender', true, $result['gender']);\n\t\t\t$custom_notes = $this->getParam('custom_notes', true, $result['custom_notes']);\n\t\t\t$custom_notes_show = $this->getBoolParam('custom_notes_show', true, $result['custom_notes_show']);\n\n\t\t\t$dec_places = Settings::Get('panel.decimal_places');\n\t\t\t$diskspace = $this->getUlParam('diskspace', 'diskspace_ul', true, round($result['diskspace'] / 1024, $dec_places));\n\t\t\t$traffic = $this->getUlParam('traffic', 'traffic_ul', true, round($result['traffic'] / (1024 * 1024), $dec_places));\n\t\t\t$subdomains = $this->getUlParam('subdomains', 'subdomains_ul', true, $result['subdomains']);\n\t\t\t$emails = $this->getUlParam('emails', 'emails_ul', true, $result['emails']);\n\t\t\t$email_accounts = $this->getUlParam('email_accounts', 'email_accounts_ul', true, $result['email_accounts']);\n\t\t\t$email_forwarders = $this->getUlParam('email_forwarders', 'email_forwarders_ul', true, $result['email_forwarders']);\n\t\t\t$email_quota = $this->getUlParam('email_quota', 'email_quota_ul', true, $result['email_quota']);\n\t\t\t$email_imap = $this->getParam('email_imap', true, $result['imap']);\n\t\t\t$email_pop3 = $this->getParam('email_pop3', true, $result['pop3']);\n\t\t\t$ftps = $this->getUlParam('ftps', 'ftps_ul', true, $result['ftps']);\n\t\t\t$mysqls = $this->getUlParam('mysqls', 'mysqls_ul', true, $result['mysqls']);\n\t\t\t$createstdsubdomain = $this->getBoolParam('createstdsubdomain', true, ($result['standardsubdomain'] != 0 ? 1 : 0));\n\t\t\t$password = $this->getParam('new_customer_password', true, '');\n\t\t\t$phpenabled = $this->getBoolParam('phpenabled', true, $result['phpenabled']);\n\t\t\t$allowed_phpconfigs = $this->getParam('allowed_phpconfigs', true, json_decode($result['allowed_phpconfigs'], true));\n\t\t\t$perlenabled = $this->getBoolParam('perlenabled', true, $result['perlenabled']);\n\t\t\t$dnsenabled = $this->getBoolParam('dnsenabled', true, $result['dnsenabled']);\n\t\t\t$logviewenabled = $this->getBoolParam('logviewenabled', true, $result['logviewenabled']);\n\t\t\t$deactivated = $this->getBoolParam('deactivated', true, $result['deactivated']);\n\t\t\t$theme = $this->getParam('theme', true, $result['theme']);\n\t\t\t$allowed_mysqlserver = $this->getParam('allowed_mysqlserver', true, json_decode($result['allowed_mysqlserver'], true));\n\t\t} else {\n\t\t\t// allowed parameters\n\t\t\t$def_language = $this->getParam('def_language', true, $result['def_language']);\n\t\t\t$password = $this->getParam('new_customer_password', true, '');\n\t\t\t$theme = $this->getParam('theme', true, $result['theme']);\n\t\t}\n\n\t\t// validation\n\t\tif ($this->isAdmin()) {\n\t\t\t$idna_convert = new IdnaWrapper();\n\t\t\t$name = Validate::validate($name, 'name', Validate::REGEX_DESC_TEXT, '', [], true);\n\t\t\t$firstname = Validate::validate($firstname, 'first name', Validate::REGEX_DESC_TEXT, '', [], true);\n\t\t\t$company = Validate::validate($company, 'company', Validate::REGEX_DESC_TEXT, '', [], true);\n\t\t\t$street = Validate::validate($street, 'street', Validate::REGEX_DESC_TEXT, '', [], true);\n\t\t\t$zipcode = Validate::validate($zipcode, 'zipcode', '/^[0-9 \\-A-Z]*$/', '', [], true);\n\t\t\t$city = Validate::validate($city, 'city', Validate::REGEX_DESC_TEXT, '', [], true);\n\t\t\t$phone = Validate::validate($phone, 'phone', '/^[0-9\\- \\+\\(\\)\\/]*$/', '', [], true);\n\t\t\t$fax = Validate::validate($fax, 'fax', '/^[0-9\\- \\+\\(\\)\\/]*$/', '', [], true);\n\t\t\t$email = $idna_convert->encode(Validate::validate($email, 'email', '', '', [], true));\n\t\t\t$customernumber = Validate::validate($customernumber, 'customer number', '/^[A-Za-z0-9 \\-]*$/Di', '', [], true);\n\t\t\t$custom_notes = Validate::validate(str_replace(\"\\r\\n\", \"\\n\", $custom_notes), 'custom_notes', Validate::REGEX_CONF_TEXT, '', [], true);\n\t\t\tif (!empty($allowed_phpconfigs)) {\n\t\t\t\t$allowed_phpconfigs = array_map('intval', $allowed_phpconfigs);\n\t\t\t}\n\t\t\tif (empty($allowed_phpconfigs) && $phpenabled == 1) {\n\t\t\t\t// only required if not using mod_php\n\t\t\t\tif ((int)Settings::Get('system.mod_fcgid') == 1 || (int)Settings::Get('phpfpm.enabled') == 1) {\n\t\t\t\t\tResponse::standardError('customerphpenabledbutnoconfig', '', true);\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// add permission for allowed mysql usage if customer was not allowed to use mysql prior\n\t\t\tif ($result['mysqls'] == 0 && ($mysqls == -1 || $mysqls > 0)) {\n\t\t\t\t$allowed_mysqlserver = $this->getParam('allowed_mysqlserver', true, [0]);\n\t\t\t}\n\t\t\tif (!empty($allowed_mysqlserver)) {\n\t\t\t\t$allowed_mysqlserver = array_map('intval', $allowed_mysqlserver);\n\t\t\t}\n\n\t\t}\n\t\t$def_language = Validate::validate($def_language, 'default language', '', '', [], true);\n\t\tif (!empty($def_language) && !isset(Language::getLanguages()[$def_language])) {\n\t\t\t$def_language = Settings::Get('panel.standardlanguage');\n\t\t}\n\n\t\t$theme = Validate::validate($theme, 'theme', '', '', [], true);\n\n\t\tif (Settings::Get('system.mail_quota_enabled') != '1') {\n\t\t\t$email_quota = -1;\n\t\t}\n\n\t\tif (empty($theme)) {\n\t\t\t$theme = Settings::Get('panel.default_theme');\n\t\t}\n\n\t\tif ($this->isAdmin()) {\n\t\t\t$diskspace *= 1024;\n\t\t\t$traffic *= 1024 * 1024;\n\n\t\t\tif (\n\t\t\t\t($diskspace != 0 && (($this->getUserDetail('diskspace_used') + $diskspace - $result['diskspace']) > $this->getUserDetail('diskspace')) && ($this->getUserDetail('diskspace') / 1024) != '-1')\n\t\t\t\t|| ($mysqls != 0 && (($this->getUserDetail('mysqls_used') + $mysqls - $result['mysqls']) > $this->getUserDetail('mysqls')) && $this->getUserDetail('mysqls') != '-1')\n\t\t\t\t|| ($emails != 0 && (($this->getUserDetail('emails_used') + $emails - $result['emails']) > $this->getUserDetail('emails')) && $this->getUserDetail('emails') != '-1')\n\t\t\t\t|| ($email_accounts != 0 && (($this->getUserDetail('email_accounts_used') + $email_accounts - $result['email_accounts']) > $this->getUserDetail('email_accounts')) && $this->getUserDetail('email_accounts') != '-1')\n\t\t\t\t|| ($email_forwarders != 0 && (($this->getUserDetail('email_forwarders_used') + $email_forwarders - $result['email_forwarders']) > $this->getUserDetail('email_forwarders')) && $this->getUserDetail('email_forwarders') != '-1')\n\t\t\t\t|| ($email_quota != 0 && (($this->getUserDetail('email_quota_used') + $email_quota - $result['email_quota']) > $this->getUserDetail('email_quota')) && $this->getUserDetail('email_quota') != '-1' && Settings::Get('system.mail_quota_enabled') == '1')\n\t\t\t\t|| ($ftps != 0 && (($this->getUserDetail('ftps_used') + $ftps - $result['ftps']) > $this->getUserDetail('ftps')) && $this->getUserDetail('ftps') != '-1')\n\t\t\t\t|| ($subdomains != 0 && (($this->getUserDetail('subdomains_used') + $subdomains - $result['subdomains']) > $this->getUserDetail('subdomains')) && $this->getUserDetail('subdomains') != '-1')\n\t\t\t\t|| (($diskspace / 1024) == '-1' && ($this->getUserDetail('diskspace') / 1024) != '-1')\n\t\t\t\t|| ($mysqls == '-1' && $this->getUserDetail('mysqls') != '-1')\n\t\t\t\t|| ($emails == '-1' && $this->getUserDetail('emails') != '-1')\n\t\t\t\t|| ($email_accounts == '-1' && $this->getUserDetail('email_accounts') != '-1')\n\t\t\t\t|| ($email_forwarders == '-1' && $this->getUserDetail('email_forwarders') != '-1')\n\t\t\t\t|| ($email_quota == '-1' && $this->getUserDetail('email_quota') != '-1' && Settings::Get('system.mail_quota_enabled') == '1')\n\t\t\t\t|| ($ftps == '-1' && $this->getUserDetail('ftps') != '-1')\n\t\t\t\t|| ($subdomains == '-1' && $this->getUserDetail('subdomains') != '-1')\n\t\t\t) {\n\t\t\t\tResponse::standardError('youcantallocatemorethanyouhave', '', true);\n\t\t\t}\n\n\t\t\t// validate allowed_mysqls whether the customer has databases on a removed, now disallowed db-server and abort if true\n\t\t\t$former_allowed_mysqlserver = json_decode($result['allowed_mysqlserver'], true);\n\t\t\tif ($allowed_mysqlserver != $former_allowed_mysqlserver && !empty($former_allowed_mysqlserver)) {\n\t\t\t\t$to_remove_mysqlserver = array_diff($former_allowed_mysqlserver, $allowed_mysqlserver);\n\t\t\t\tif (count($to_remove_mysqlserver) > 0) {\n\t\t\t\t\tforeach ($to_remove_mysqlserver as $mysqlserver_check) {\n\t\t\t\t\t\t$result_ms = $this->apiCall('MysqlServer.databasesOnServer', [\n\t\t\t\t\t\t\t'mysql_server' => $mysqlserver_check,\n\t\t\t\t\t\t\t'customerid' => $id\n\t\t\t\t\t\t]);\n\t\t\t\t\t\tif ($result_ms['count'] > 0) {\n\t\t\t\t\t\t\tResponse::standardError('mysqlserverstillhasdbs', '', true);\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tif ($email == '') {\n\t\t\t\tResponse::standardError([\n\t\t\t\t\t'stringisempty',\n\t\t\t\t\t'customer.email'\n\t\t\t\t], '', true);\n\t\t\t} elseif (!Validate::validateEmail($email)) {\n\t\t\t\tResponse::standardError('emailiswrong', $email, true);\n\t\t\t} else {\n\t\t\t\t// Check for existing email address\n\t\t\t\t// do not check via api as we skip any permission checks for this task\n\t\t\t\t$email_check_admin_stmt = Database::prepare(\"\n\t\t\t\t\t\tSELECT `email` FROM `\" . TABLE_PANEL_ADMINS . \"` WHERE `email` = :email\n\t\t\t\t\t\");\n\t\t\t\t$email_check_admin = Database::pexecute_first($email_check_admin_stmt, [\n\t\t\t\t\t'email' => $email\n\t\t\t\t], true, true);\n\t\t\t\tif ($email_check_admin && strtolower($email_check_admin['email']) == strtolower($email)) {\n\t\t\t\t\tResponse::standardError('emailexistsanon', $email, true);\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tif ($password != '') {\n\t\t\t$password = Crypt::validatePassword($password, true);\n\t\t\t$password = Crypt::makeCryptPassword($password);\n\t\t} else {\n\t\t\t$password = $result['password'];\n\t\t}\n\n\t\tif ($this->isAdmin()) {\n\t\t\tif ($createstdsubdomain != '1' || $deactivated) {\n\t\t\t\t$createstdsubdomain = '0';\n\t\t\t}\n\n\t\t\tif ($createstdsubdomain == '1' && $result['standardsubdomain'] == '0') {\n\t\t\t\tif (Settings::Get('system.stdsubdomain') !== null && Settings::Get('system.stdsubdomain') != '') {\n\t\t\t\t\t$_stdsubdomain = $result['loginname'] . '.' . Settings::Get('system.stdsubdomain');\n\t\t\t\t} else {\n\t\t\t\t\t$_stdsubdomain = $result['loginname'] . '.' . Settings::Get('system.hostname');\n\t\t\t\t}\n\n\t\t\t\t$ins_data = [\n\t\t\t\t\t'domain' => $_stdsubdomain,\n\t\t\t\t\t'customerid' => $result['customerid'],\n\t\t\t\t\t'adminid' => $this->getUserDetail('adminid'),\n\t\t\t\t\t'docroot' => $result['documentroot'],\n\t\t\t\t\t'phpenabled' => $phpenabled,\n\t\t\t\t\t'openbasedir' => '1'\n\t\t\t\t];\n\t\t\t\t$domainid = -1;\n\t\t\t\ttry {\n\t\t\t\t\t$std_domain = $this->apiCall('Domains.add', $ins_data);\n\t\t\t\t\t$domainid = $std_domain['id'];\n\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\t$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_ERR, \"[API] Unable to add standard-subdomain: \" . $e->getMessage());\n\t\t\t\t}\n\n\t\t\t\tif ($domainid > 0) {\n\t\t\t\t\t$upd_stmt = Database::prepare(\"\n\t\t\t\t\t\t\tUPDATE `\" . TABLE_PANEL_CUSTOMERS . \"` SET `standardsubdomain` = :domainid WHERE `customerid` = :customerid\n\t\t\t\t\t\t\");\n\t\t\t\t\tDatabase::pexecute($upd_stmt, [\n\t\t\t\t\t\t'domainid' => $domainid,\n\t\t\t\t\t\t'customerid' => $result['customerid']\n\t\t\t\t\t], true, true);\n\t\t\t\t\t$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, \"[API] automatically added standardsubdomain for user '\" . $result['loginname'] . \"'\");\n\t\t\t\t\tCronjob::inserttask(TaskId::REBUILD_VHOST);\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tif ($createstdsubdomain == '0' && $result['standardsubdomain'] != '0') {\n\t\t\t\ttry {\n\t\t\t\t\t$std_domain = $this->apiCall('Domains.delete', [\n\t\t\t\t\t\t'id' => $result['standardsubdomain'],\n\t\t\t\t\t\t'is_stdsubdomain' => 1\n\t\t\t\t\t]);\n\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\t$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_ERR, \"[API] Unable to delete standard-subdomain: \" . $e->getMessage());\n\t\t\t\t}\n\t\t\t\t$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, \"[API] automatically deleted standardsubdomain for user '\" . $result['loginname'] . \"'\");\n\t\t\t\tCronjob::inserttask(TaskId::REBUILD_VHOST);\n\t\t\t}\n\n\t\t\tif ($phpenabled != $result['phpenabled'] || $perlenabled != $result['perlenabled'] || $email != $result['email']) {\n\t\t\t\tCronjob::inserttask(TaskId::REBUILD_VHOST);\n\t\t\t}\n\n\t\t\t// activate/deactivate customer services\n\t\t\tif ($deactivated != $result['deactivated']) {\n\t\t\t\t$yesno = ($deactivated ? 'N' : 'Y');\n\t\t\t\t$pop3 = ($deactivated ? '0' : (int)$result['pop3']);\n\t\t\t\t$imap = ($deactivated ? '0' : (int)$result['imap']);\n\n\t\t\t\t$upd_stmt = Database::prepare(\"\n\t\t\t\t\tUPDATE `\" . TABLE_MAIL_USERS . \"` SET `postfix`= :yesno, `pop3` = :pop3, `imap` = :imap WHERE `customerid` = :customerid\n\t\t\t\t\");\n\t\t\t\tDatabase::pexecute($upd_stmt, [\n\t\t\t\t\t'yesno' => $yesno,\n\t\t\t\t\t'pop3' => $pop3,\n\t\t\t\t\t'imap' => $imap,\n\t\t\t\t\t'customerid' => $id\n\t\t\t\t]);\n\n\t\t\t\t$upd_stmt = Database::prepare(\"\n\t\t\t\t\tUPDATE `\" . TABLE_FTP_USERS . \"` SET `login_enabled` = :yesno WHERE `customerid` = :customerid\n\t\t\t\t\");\n\t\t\t\tDatabase::pexecute($upd_stmt, [\n\t\t\t\t\t'yesno' => $yesno,\n\t\t\t\t\t'customerid' => $id\n\t\t\t\t]);\n\n\t\t\t\t$upd_stmt = Database::prepare(\"\n\t\t\t\t\tUPDATE `\" . TABLE_PANEL_DOMAINS . \"` SET `deactivated`= :deactivated WHERE `customerid` = :customerid\n\t\t\t\t\");\n\t\t\t\tDatabase::pexecute($upd_stmt, [\n\t\t\t\t\t'deactivated' => $deactivated,\n\t\t\t\t\t'customerid' => $id\n\t\t\t\t]);\n\n\t\t\t\t// enable/disable global mysql-user (loginname)\n\t\t\t\t$current_allowed_mysqlserver = isset($result['allowed_mysqlserver']) && !empty($result['allowed_mysqlserver']) ? json_decode($result['allowed_mysqlserver'], true) : [];\n\t\t\t\tforeach ($current_allowed_mysqlserver as $dbserver) {\n\t\t\t\t\t// require privileged access for target db-server\n\t\t\t\t\tDatabase::needRoot(true, $dbserver, true);\n\t\t\t\t\t// get DbManager\n\t\t\t\t\t$dbm = new DbManager($this->logger());\n\t\t\t\t\tforeach (array_map('trim', explode(',', Settings::Get('system.mysql_access_host'))) as $mysql_access_host) {\n\t\t\t\t\t\t// Prevent access, if deactivated\n\t\t\t\t\t\tif ($deactivated) {\n\t\t\t\t\t\t\t// failsafe if user has been deleted manually (requires MySQL 4.1.2+)\n\t\t\t\t\t\t\t$dbm->getManager()->disableUser($result['loginname'], $mysql_access_host);\n\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t// Otherwise grant access\n\t\t\t\t\t\t\t$dbm->getManager()->enableUser($result['loginname'], $mysql_access_host, true);\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t\t$dbm->getManager()->flushPrivileges();\n\t\t\t\t\tDatabase::needRoot(false);\n\t\t\t\t}\n\n\t\t\t\t// Retrieve customer's databases\n\t\t\t\t$databases_stmt = Database::prepare(\"SELECT * FROM \" . TABLE_PANEL_DATABASES . \" WHERE customerid = :customerid ORDER BY `dbserver`\");\n\t\t\t\tDatabase::pexecute($databases_stmt, [\n\t\t\t\t\t'customerid' => $id\n\t\t\t\t]);\n\n\t\t\t\tDatabase::needRoot(true);\n\t\t\t\t$last_dbserver = 0;\n\n\t\t\t\t$dbm = new DbManager($this->logger());\n\n\t\t\t\t// For each of them\n\t\t\t\t$priv_changed = false;\n\t\t\t\twhile ($row_database = $databases_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t\tif ($last_dbserver != $row_database['dbserver']) {\n\t\t\t\t\t\t$dbm->getManager()->flushPrivileges();\n\t\t\t\t\t\tDatabase::needRoot(true, $row_database['dbserver']);\n\t\t\t\t\t\t$last_dbserver = $row_database['dbserver'];\n\t\t\t\t\t}\n\n\t\t\t\t\tforeach (array_map('trim', explode(',', Settings::Get('system.mysql_access_host'))) as $mysql_access_host) {\n\t\t\t\t\t\t// Prevent access, if deactivated\n\t\t\t\t\t\tif ($deactivated) {\n\t\t\t\t\t\t\t// failsafe if user has been deleted manually (requires MySQL 4.1.2+)\n\t\t\t\t\t\t\t$dbm->getManager()->disableUser($row_database['databasename'], $mysql_access_host);\n\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t// Otherwise grant access\n\t\t\t\t\t\t\t$dbm->getManager()->enableUser($row_database['databasename'], $mysql_access_host);\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t\t$priv_changed = true;\n\t\t\t\t}\n\n\t\t\t\t// At last flush the new privileges\n\t\t\t\tif ($priv_changed) {\n\t\t\t\t\t$dbm->getManager()->flushPrivileges();\n\t\t\t\t}\n\t\t\t\tDatabase::needRoot(false);\n\n\t\t\t\t// reactivate/deactivate api-keys\n\t\t\t\t$valid_until = $deactivated ? 0 : -1;\n\t\t\t\t$stmt = Database::prepare(\"UPDATE `\" . TABLE_API_KEYS . \"` SET `valid_until` = :vu WHERE `customerid` = :id\");\n\t\t\t\tDatabase::pexecute($stmt, [\n\t\t\t\t\t'id' => $id,\n\t\t\t\t\t'vu' => $valid_until\n\t\t\t\t], true, true);\n\n\t\t\t\t$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, \"[API] \" . ($deactivated ? 'deactivated' : 'reactivated') . \" user '\" . $result['loginname'] . \"'\");\n\t\t\t\tCronjob::inserttask(TaskId::REBUILD_VHOST);\n\t\t\t}\n\n\t\t\t// Disable or enable POP3 Login for customers Mail Accounts\n\t\t\tif ($email_pop3 != $result['pop3']) {\n\t\t\t\t$upd_stmt = Database::prepare(\"UPDATE `\" . TABLE_MAIL_USERS . \"` SET `pop3` = :pop3 WHERE `customerid` = :customerid\");\n\t\t\t\tDatabase::pexecute($upd_stmt, [\n\t\t\t\t\t'pop3' => $email_pop3,\n\t\t\t\t\t'customerid' => $id\n\t\t\t\t]);\n\t\t\t}\n\n\t\t\t// Disable or enable IMAP Login for customers Mail Accounts\n\t\t\tif ($email_imap != $result['imap']) {\n\t\t\t\t$upd_stmt = Database::prepare(\"UPDATE `\" . TABLE_MAIL_USERS . \"` SET `imap` = :imap WHERE `customerid` = :customerid\");\n\t\t\t\tDatabase::pexecute($upd_stmt, [\n\t\t\t\t\t'imap' => $email_imap,\n\t\t\t\t\t'customerid' => $id\n\t\t\t\t]);\n\t\t\t}\n\t\t}\n\n\t\t$upd_data = [\n\t\t\t'customerid' => $id,\n\t\t\t'passwd' => $password,\n\t\t\t'lang' => $def_language,\n\t\t\t'theme' => $theme\n\t\t];\n\n\t\tif ($this->isAdmin()) {\n\t\t\t$admin_upd_data = [\n\t\t\t\t'name' => $name,\n\t\t\t\t'firstname' => $firstname,\n\t\t\t\t'gender' => $gender,\n\t\t\t\t'company' => $company,\n\t\t\t\t'street' => $street,\n\t\t\t\t'zipcode' => $zipcode,\n\t\t\t\t'city' => $city,\n\t\t\t\t'phone' => $phone,\n\t\t\t\t'fax' => $fax,\n\t\t\t\t'email' => $email,\n\t\t\t\t'customerno' => $customernumber,\n\t\t\t\t'diskspace' => $diskspace,\n\t\t\t\t'traffic' => $traffic,\n\t\t\t\t'subdomains' => $subdomains,\n\t\t\t\t'emails' => $emails,\n\t\t\t\t'email_accounts' => $email_accounts,\n\t\t\t\t'email_forwarders' => $email_forwarders,\n\t\t\t\t'email_quota' => $email_quota,\n\t\t\t\t'ftps' => $ftps,\n\t\t\t\t'mysqls' => $mysqls,\n\t\t\t\t'deactivated' => $deactivated,\n\t\t\t\t'phpenabled' => $phpenabled,\n\t\t\t\t'allowed_phpconfigs' => empty($allowed_phpconfigs) ? \"\" : json_encode($allowed_phpconfigs),\n\t\t\t\t'imap' => $email_imap,\n\t\t\t\t'pop3' => $email_pop3,\n\t\t\t\t'perlenabled' => $perlenabled,\n\t\t\t\t'dnsenabled' => $dnsenabled,\n\t\t\t\t'logviewenabled' => $logviewenabled,\n\t\t\t\t'custom_notes' => $custom_notes,\n\t\t\t\t'custom_notes_show' => $custom_notes_show,\n\t\t\t\t'gui_access' => $gui_access,\n\t\t\t\t'api_allowed' => $api_allowed,\n\t\t\t\t'shell_allowed' => $shell_allowed,\n\t\t\t\t'allowed_mysqlserver' => empty($allowed_mysqlserver) ? \"\" : json_encode($allowed_mysqlserver)\n\t\t\t];\n\t\t\t$upd_data += $admin_upd_data;\n\t\t}\n\n\t\t$upd_query = \"UPDATE `\" . TABLE_PANEL_CUSTOMERS . \"` SET\n\t\t\t\t`def_language` = :lang,\n\t\t\t\t`password` = :passwd,\n\t\t\t\t`theme` = :theme\";\n\n\t\tif ($this->isAdmin()) {\n\t\t\t$admin_upd_query = \",\n\t\t\t\t`name` = :name,\n\t\t\t\t`firstname` = :firstname,\n\t\t\t\t`gender` = :gender,\n\t\t\t\t`company` = :company,\n\t\t\t\t`street` = :street,\n\t\t\t\t`zipcode` = :zipcode,\n\t\t\t\t`city` = :city,\n\t\t\t\t`phone` = :phone,\n\t\t\t\t`fax` = :fax,\n\t\t\t\t`email` = :email,\n\t\t\t\t`customernumber` = :customerno,\n\t\t\t\t`diskspace` = :diskspace,\n\t\t\t\t`traffic` = :traffic,\n\t\t\t\t`subdomains` = :subdomains,\n\t\t\t\t`emails` = :emails,\n\t\t\t\t`email_accounts` = :email_accounts,\n\t\t\t\t`email_forwarders` = :email_forwarders,\n\t\t\t\t`ftps` = :ftps,\n\t\t\t\t`mysqls` = :mysqls,\n\t\t\t\t`deactivated` = :deactivated,\n\t\t\t\t`phpenabled` = :phpenabled,\n\t\t\t\t`allowed_phpconfigs` = :allowed_phpconfigs,\n\t\t\t\t`email_quota` = :email_quota,\n\t\t\t\t`imap` = :imap,\n\t\t\t\t`pop3` = :pop3,\n\t\t\t\t`perlenabled` = :perlenabled,\n\t\t\t\t`dnsenabled` = :dnsenabled,\n\t\t\t\t`logviewenabled` = :logviewenabled,\n\t\t\t\t`custom_notes` = :custom_notes,\n\t\t\t\t`custom_notes_show` = :custom_notes_show,\n\t\t\t\t`gui_access` = :gui_access,\n\t\t\t\t`api_allowed` = :api_allowed,\n\t\t\t\t`shell_allowed` = :shell_allowed,\n\t\t\t\t`allowed_mysqlserver` = :allowed_mysqlserver\";\n\t\t\t$upd_query .= $admin_upd_query;\n\t\t}\n\t\t$upd_query .= \" WHERE `customerid` = :customerid\";\n\t\t$upd_stmt = Database::prepare($upd_query);\n\t\tDatabase::pexecute($upd_stmt, $upd_data);\n\n\t\tif ($this->isAdmin()) {\n\t\t\t// Using filesystem - quota, insert a task which cleans the filesystem - quota\n\t\t\tCronjob::inserttask(TaskId::CREATE_QUOTA);\n\n\t\t\t$admin_update_query = \"UPDATE `\" . TABLE_PANEL_ADMINS . \"` SET `customers_used` = `customers_used` \";\n\n\t\t\tif ($mysqls != '-1' || $result['mysqls'] != '-1') {\n\t\t\t\t$admin_update_query .= \", `mysqls_used` = `mysqls_used` \";\n\n\t\t\t\tif ($mysqls != '-1') {\n\t\t\t\t\t$admin_update_query .= \" + 0\" . (int)$mysqls . \" \";\n\t\t\t\t}\n\t\t\t\tif ($result['mysqls'] != '-1') {\n\t\t\t\t\t$admin_update_query .= \" - 0\" . (int)$result['mysqls'] . \" \";\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tif ($emails != '-1' || $result['emails'] != '-1') {\n\t\t\t\t$admin_update_query .= \", `emails_used` = `emails_used` \";\n\n\t\t\t\tif ($emails != '-1') {\n\t\t\t\t\t$admin_update_query .= \" + 0\" . (int)$emails . \" \";\n\t\t\t\t}\n\t\t\t\tif ($result['emails'] != '-1') {\n\t\t\t\t\t$admin_update_query .= \" - 0\" . (int)$result['emails'] . \" \";\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tif ($email_accounts != '-1' || $result['email_accounts'] != '-1') {\n\t\t\t\t$admin_update_query .= \", `email_accounts_used` = `email_accounts_used` \";\n\n\t\t\t\tif ($email_accounts != '-1') {\n\t\t\t\t\t$admin_update_query .= \" + 0\" . (int)$email_accounts . \" \";\n\t\t\t\t}\n\t\t\t\tif ($result['email_accounts'] != '-1') {\n\t\t\t\t\t$admin_update_query .= \" - 0\" . (int)$result['email_accounts'] . \" \";\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tif ($email_forwarders != '-1' || $result['email_forwarders'] != '-1') {\n\t\t\t\t$admin_update_query .= \", `email_forwarders_used` = `email_forwarders_used` \";\n\n\t\t\t\tif ($email_forwarders != '-1') {\n\t\t\t\t\t$admin_update_query .= \" + 0\" . (int)$email_forwarders . \" \";\n\t\t\t\t}\n\t\t\t\tif ($result['email_forwarders'] != '-1') {\n\t\t\t\t\t$admin_update_query .= \" - 0\" . (int)$result['email_forwarders'] . \" \";\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tif ($email_quota != '-1' || $result['email_quota'] != '-1') {\n\t\t\t\t$admin_update_query .= \", `email_quota_used` = `email_quota_used` \";\n\n\t\t\t\tif ($email_quota != '-1') {\n\t\t\t\t\t$admin_update_query .= \" + 0\" . (int)$email_quota . \" \";\n\t\t\t\t}\n\t\t\t\tif ($result['email_quota'] != '-1') {\n\t\t\t\t\t$admin_update_query .= \" - 0\" . (int)$result['email_quota'] . \" \";\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tif ($subdomains != '-1' || $result['subdomains'] != '-1') {\n\t\t\t\t$admin_update_query .= \", `subdomains_used` = `subdomains_used` \";\n\n\t\t\t\tif ($subdomains != '-1') {\n\t\t\t\t\t$admin_update_query .= \" + 0\" . (int)$subdomains . \" \";\n\t\t\t\t}\n\t\t\t\tif ($result['subdomains'] != '-1') {\n\t\t\t\t\t$admin_update_query .= \" - 0\" . (int)$result['subdomains'] . \" \";\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tif ($ftps != '-1' || $result['ftps'] != '-1') {\n\t\t\t\t$admin_update_query .= \", `ftps_used` = `ftps_used` \";\n\n\t\t\t\tif ($ftps != '-1') {\n\t\t\t\t\t$admin_update_query .= \" + 0\" . (int)$ftps . \" \";\n\t\t\t\t}\n\t\t\t\tif ($result['ftps'] != '-1') {\n\t\t\t\t\t$admin_update_query .= \" - 0\" . (int)$result['ftps'] . \" \";\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tif (($diskspace / 1024) != '-1' || ($result['diskspace'] / 1024) != '-1') {\n\t\t\t\t$admin_update_query .= \", `diskspace_used` = `diskspace_used` \";\n\n\t\t\t\tif (($diskspace / 1024) != '-1') {\n\t\t\t\t\t$admin_update_query .= \" + 0\" . (int)$diskspace . \" \";\n\t\t\t\t}\n\t\t\t\tif (($result['diskspace'] / 1024) != '-1') {\n\t\t\t\t\t$admin_update_query .= \" - 0\" . (int)$result['diskspace'] . \" \";\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t$admin_update_query .= \" WHERE `adminid` = '\" . (int)$result['adminid'] . \"'\";\n\t\t\tDatabase::query($admin_update_query);\n\t\t}\n\n\t\t// shell allowance has changed\n\t\tif ($result['shell_allowed'] == '1' && $shell_allowed == '0') {\n\t\t\t// update all users with a valid shell to have /bin/false (disable shell)\n\t\t\t$ftp_upd_stmt = Database::prepare(\"UPDATE `\" . TABLE_FTP_USERS . \"` SET `shell` = '/bin/false' WHERE `customerid` = :cid\");\n\t\t\tDatabase::pexecute($ftp_upd_stmt, ['cid' => (int)$result['customerid']]);\n\t\t}\n\n\t\t$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, \"[API] edited user '\" . $result['loginname'] . \"'\");\n\n\t\t/*\n\t\t * move customer to another admin/reseller; #1166\n\t\t */\n\t\tif ($this->isAdmin()) {\n\t\t\tif ($move_to_admin > 0 && $move_to_admin != $result['adminid']) {\n\t\t\t\t$move_result = $this->apiCall('Customers.move', [\n\t\t\t\t\t'id' => $result['customerid'],\n\t\t\t\t\t'adminid' => $move_to_admin\n\t\t\t\t]);\n\t\t\t\tif ($move_result != true) {\n\t\t\t\t\tResponse::standardError('moveofcustomerfailed', $move_result, true);\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\t$result = $this->apiCall('Customers.get', [\n\t\t\t'id' => $result['customerid']\n\t\t]);\n\t\treturn $this->response($result);\n\t}\n\n\t/**\n\t * delete a customer entry by either id or loginname\n\t *\n\t * @param int $id\n\t * optional, the customer-id\n\t * @param string $loginname\n\t * optional, the loginname\n\t * @param bool $delete_userfiles\n\t * optional, default false\n\t *\n\t * @access admin\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function delete()\n\t{\n\t\tif ($this->isAdmin()) {\n\t\t\t$id = $this->getParam('id', true, 0);\n\t\t\t$ln_optional = $id > 0;\n\t\t\t$loginname = $this->getParam('loginname', $ln_optional, '');\n\t\t\t$delete_userfiles = $this->getParam('delete_userfiles', true, 0);\n\n\t\t\t$result = $this->apiCall('Customers.get', [\n\t\t\t\t'id' => $id,\n\t\t\t\t'loginname' => $loginname\n\t\t\t]);\n\t\t\t$id = $result['customerid'];\n\n\t\t\t// remove global mysql-user (loginname)\n\t\t\t$current_allowed_mysqlserver = isset($result['allowed_mysqlserver']) && !empty($result['allowed_mysqlserver']) ? json_decode($result['allowed_mysqlserver'], true) : [];\n\t\t\tforeach ($current_allowed_mysqlserver as $dbserver) {\n\t\t\t\t// require privileged access for target db-server\n\t\t\t\tDatabase::needRoot(true, $dbserver, false);\n\t\t\t\t// get DbManager\n\t\t\t\t$dbm = new DbManager($this->logger());\n\t\t\t\tforeach (array_map('trim', explode(',', Settings::Get('system.mysql_access_host'))) as $mysql_access_host) {\n\t\t\t\t\t$dbm->getManager()->deleteUser($result['loginname'], $mysql_access_host);\n\t\t\t\t}\n\t\t\t\t$dbm->getManager()->flushPrivileges();\n\t\t\t\tDatabase::needRoot(false);\n\t\t\t}\n\n\t\t\t// remove all databases\n\t\t\t$databases_stmt = Database::prepare(\"\n\t\t\t\tSELECT * FROM `\" . TABLE_PANEL_DATABASES . \"`\n\t\t\t\tWHERE `customerid` = :id ORDER BY `dbserver`\n\t\t\t\");\n\t\t\tDatabase::pexecute($databases_stmt, [\n\t\t\t\t'id' => $id\n\t\t\t]);\n\t\t\tDatabase::needRoot(true);\n\t\t\t$last_dbserver = 0;\n\n\t\t\t$dbm = new DbManager($this->logger());\n\n\t\t\t$priv_changed = false;\n\t\t\twhile ($row_database = $databases_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\tif ($last_dbserver != $row_database['dbserver']) {\n\t\t\t\t\t$dbm->getManager()->flushPrivileges();\n\t\t\t\t\tDatabase::needRoot(true, $row_database['dbserver']);\n\t\t\t\t\t$last_dbserver = $row_database['dbserver'];\n\t\t\t\t}\n\t\t\t\t$dbm->getManager()->deleteDatabase($row_database['databasename']);\n\t\t\t\t$priv_changed = true;\n\t\t\t}\n\t\t\tif ($priv_changed) {\n\t\t\t\t$dbm->getManager()->flushPrivileges();\n\t\t\t}\n\t\t\tDatabase::needRoot(false);\n\n\t\t\t// delete customer itself\n\t\t\t$stmt = Database::prepare(\"DELETE FROM `\" . TABLE_PANEL_CUSTOMERS . \"` WHERE `customerid` = :id\");\n\t\t\tDatabase::pexecute($stmt, [\n\t\t\t\t'id' => $id\n\t\t\t], true, true);\n\n\t\t\t// delete customer databases\n\t\t\t$stmt = Database::prepare(\"DELETE FROM `\" . TABLE_PANEL_DATABASES . \"` WHERE `customerid` = :id\");\n\t\t\tDatabase::pexecute($stmt, [\n\t\t\t\t'id' => $id\n\t\t\t], true, true);\n\n\t\t\t// first gather all domain-id's to clean up panel_domaintoip, dns-entries and certificates accordingly\n\t\t\t$did_stmt = Database::prepare(\"SELECT `id`, `domain` FROM `\" . TABLE_PANEL_DOMAINS . \"` WHERE `customerid` = :id\");\n\t\t\tDatabase::pexecute($did_stmt, [\n\t\t\t\t'id' => $id\n\t\t\t], true, true);\n\t\t\twhile ($row = $did_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t// remove domain->ip connection\n\t\t\t\t$stmt = Database::prepare(\"DELETE FROM `\" . TABLE_DOMAINTOIP . \"` WHERE `id_domain` = :did\");\n\t\t\t\tDatabase::pexecute($stmt, [\n\t\t\t\t\t'did' => $row['id']\n\t\t\t\t], true, true);\n\t\t\t\t// remove domain->dns entries\n\t\t\t\t$stmt = Database::prepare(\"DELETE FROM `\" . TABLE_DOMAIN_DNS . \"` WHERE `domain_id` = :did\");\n\t\t\t\tDatabase::pexecute($stmt, [\n\t\t\t\t\t'did' => $row['id']\n\t\t\t\t], true, true);\n\t\t\t\t// remove domain->certificates entries\n\t\t\t\t$stmt = Database::prepare(\"DELETE FROM `\" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . \"` WHERE `domainid` = :did\");\n\t\t\t\tDatabase::pexecute($stmt, [\n\t\t\t\t\t'did' => $row['id']\n\t\t\t\t], true, true);\n\t\t\t\t// remove domains DNS from powerDNS if used, #581\n\t\t\t\tCronjob::inserttask(TaskId::DELETE_DOMAIN_PDNS, $row['domain']);\n\t\t\t\t// remove domain from acme.sh / lets encrypt if used\n\t\t\t\tCronjob::inserttask(TaskId::DELETE_DOMAIN_SSL, $row['domain']);\n\t\t\t}\n\t\t\t// remove customer domains\n\t\t\t$stmt = Database::prepare(\"DELETE FROM `\" . TABLE_PANEL_DOMAINS . \"` WHERE `customerid` = :id\");\n\t\t\tDatabase::pexecute($stmt, [\n\t\t\t\t'id' => $id\n\t\t\t], true, true);\n\t\t\t$domains_deleted = $stmt->rowCount();\n\n\t\t\t// delete htpasswds\n\t\t\t$stmt = Database::prepare(\"DELETE FROM `\" . TABLE_PANEL_HTPASSWDS . \"` WHERE `customerid` = :id\");\n\t\t\tDatabase::pexecute($stmt, [\n\t\t\t\t'id' => $id\n\t\t\t], true, true);\n\n\t\t\t// delete htaccess options\n\t\t\t$stmt = Database::prepare(\"DELETE FROM `\" . TABLE_PANEL_HTACCESS . \"` WHERE `customerid` = :id\");\n\t\t\tDatabase::pexecute($stmt, [\n\t\t\t\t'id' => $id\n\t\t\t], true, true);\n\n\t\t\t// delete traffic information\n\t\t\t$stmt = Database::prepare(\"DELETE FROM `\" . TABLE_PANEL_TRAFFIC . \"` WHERE `customerid` = :id\");\n\t\t\tDatabase::pexecute($stmt, [\n\t\t\t\t'id' => $id\n\t\t\t], true, true);\n\n\t\t\t// remove diskspace analysis\n\t\t\t$stmt = Database::prepare(\"DELETE FROM `\" . TABLE_PANEL_DISKSPACE . \"` WHERE `customerid` = :id\");\n\t\t\tDatabase::pexecute($stmt, [\n\t\t\t\t'id' => $id\n\t\t\t], true, true);\n\n\t\t\t// delete mail-accounts\n\t\t\t$stmt = Database::prepare(\"DELETE FROM `\" . TABLE_MAIL_USERS . \"` WHERE `customerid` = :id\");\n\t\t\tDatabase::pexecute($stmt, [\n\t\t\t\t'id' => $id\n\t\t\t], true, true);\n\n\t\t\t// delete mail-addresses\n\t\t\t$stmt = Database::prepare(\"DELETE FROM `\" . TABLE_MAIL_VIRTUAL . \"` WHERE `customerid` = :id\");\n\t\t\tDatabase::pexecute($stmt, [\n\t\t\t\t'id' => $id\n\t\t\t], true, true);\n\n\t\t\t// gather ftp-user names\n\t\t\t$result2_stmt = Database::prepare(\"SELECT `username` FROM `\" . TABLE_FTP_USERS . \"` WHERE `customerid` = :id\");\n\t\t\tDatabase::pexecute($result2_stmt, [\n\t\t\t\t'id' => $id\n\t\t\t], true, true);\n\t\t\twhile ($row = $result2_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t// delete ftp-quotatallies by username\n\t\t\t\t$stmt = Database::prepare(\"DELETE FROM `\" . TABLE_FTP_QUOTATALLIES . \"` WHERE `name` = :name\");\n\t\t\t\tDatabase::pexecute($stmt, [\n\t\t\t\t\t'name' => $row['username']\n\t\t\t\t], true, true);\n\t\t\t}\n\n\t\t\t// remove ftp-group\n\t\t\t$stmt = Database::prepare(\"DELETE FROM `\" . TABLE_FTP_GROUPS . \"` WHERE `customerid` = :id\");\n\t\t\tDatabase::pexecute($stmt, [\n\t\t\t\t'id' => $id\n\t\t\t], true, true);\n\n\t\t\t// remove ftp-users\n\t\t\t$stmt = Database::prepare(\"DELETE FROM `\" . TABLE_FTP_USERS . \"` WHERE `customerid` = :id\");\n\t\t\tDatabase::pexecute($stmt, [\n\t\t\t\t'id' => $id\n\t\t\t], true, true);\n\n\t\t\t// remove api-keys\n\t\t\t$stmt = Database::prepare(\"DELETE FROM `\" . TABLE_API_KEYS . \"` WHERE `customerid` = :id\");\n\t\t\tDatabase::pexecute($stmt, [\n\t\t\t\t'id' => $id\n\t\t\t], true, true);\n\n\t\t\t// Delete all waiting \"create user\" -tasks for this user, #276\n\t\t\t// Note: the WHERE selects part of a serialized array, but it should be safe this way\n\t\t\t$del_stmt = Database::prepare(\"\n\t\t\t\tDELETE FROM `\" . TABLE_PANEL_TASKS . \"`\n\t\t\t\tWHERE `type` = '2' AND `data` LIKE :loginname\n\t\t\t\");\n\t\t\tDatabase::pexecute($del_stmt, [\n\t\t\t\t'loginname' => \"%:{$result['loginname']};%\"\n\t\t\t], true, true);\n\n\t\t\t// update admin-resource-usage\n\t\t\tAdmins::decreaseUsage($result['adminid'], 'customers_used');\n\t\t\tAdmins::decreaseUsage($result['adminid'], 'domains_used', '', (int)($domains_deleted - $result['subdomains_used']));\n\n\t\t\tif ($result['mysqls'] != '-1') {\n\t\t\t\tAdmins::decreaseUsage($result['adminid'], 'mysqls_used', '', (int)$result['mysqls']);\n\t\t\t}\n\n\t\t\tif ($result['emails'] != '-1') {\n\t\t\t\tAdmins::decreaseUsage($result['adminid'], 'emails_used', '', (int)$result['emails']);\n\t\t\t}\n\n\t\t\tif ($result['email_accounts'] != '-1') {\n\t\t\t\tAdmins::decreaseUsage($result['adminid'], 'email_accounts_used', '', (int)$result['email_accounts']);\n\t\t\t}\n\n\t\t\tif ($result['email_forwarders'] != '-1') {\n\t\t\t\tAdmins::decreaseUsage($result['adminid'], 'email_forwarders_used', '', (int)$result['email_forwarders']);\n\t\t\t}\n\n\t\t\tif ($result['email_quota'] != '-1') {\n\t\t\t\tAdmins::decreaseUsage($result['adminid'], 'email_quota_used', '', (int)$result['email_quota']);\n\t\t\t}\n\n\t\t\tif ($result['subdomains'] != '-1') {\n\t\t\t\tAdmins::decreaseUsage($result['adminid'], 'subdomains_used', '', (int)$result['subdomains']);\n\t\t\t}\n\n\t\t\tif ($result['ftps'] != '-1') {\n\t\t\t\tAdmins::decreaseUsage($result['adminid'], 'ftps_used', '', (int)$result['ftps']);\n\t\t\t}\n\n\t\t\tif (($result['diskspace'] / 1024) != '-1') {\n\t\t\t\tAdmins::decreaseUsage($result['adminid'], 'diskspace_used', '', (int)$result['diskspace']);\n\t\t\t}\n\n\t\t\t// rebuild configs\n\t\t\tCronjob::inserttask(TaskId::REBUILD_VHOST);\n\n\t\t\t// Using nameserver, insert a task which rebuilds the server config\n\t\t\tCronjob::inserttask(TaskId::REBUILD_DNS);\n\n\t\t\tif ($delete_userfiles == 1) {\n\t\t\t\t// insert task to remove the customers files from the filesystem\n\t\t\t\tCronjob::inserttask(TaskId::DELETE_CUSTOMER_FILES, $result['loginname']);\n\t\t\t}\n\n\t\t\t// Using filesystem - quota, insert a task which cleans the filesystem - quota\n\t\t\tCronjob::inserttask(TaskId::CREATE_QUOTA);\n\n\t\t\t$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_WARNING, \"[API] deleted customer '\" . $result['loginname'] . \"'\");\n\t\t\treturn $this->response($result);\n\t\t}\n\t\tthrow new Exception(\"Not allowed to execute given command.\", 403);\n\t}\n\n\t/**\n\t * decrease resource-usage\n\t *\n\t * @param int $customerid\n\t * @param string $resource\n\t * @param string $extra\n\t * optional, default empty\n\t * @param int $decrease_by\n\t * optional, default 1\n\t */\n\tpublic static function decreaseUsage($customerid = 0, $resource = null, $extra = '', $decrease_by = 1)\n\t{\n\t\tself::updateResourceUsage(TABLE_PANEL_CUSTOMERS, 'customerid', $customerid, '-', $resource, $extra, $decrease_by);\n\t}\n\n\t/**\n\t * unlock a locked customer by either id or loginname\n\t *\n\t * @param int $id\n\t * optional, the customer-id\n\t * @param string $loginname\n\t * optional, the loginname\n\t *\n\t * @access admin\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function unlock()\n\t{\n\t\tif ($this->isAdmin()) {\n\t\t\t$id = $this->getParam('id', true, 0);\n\t\t\t$ln_optional = $id > 0;\n\t\t\t$loginname = $this->getParam('loginname', $ln_optional, '');\n\n\t\t\t$result = $this->apiCall('Customers.get', [\n\t\t\t\t'id' => $id,\n\t\t\t\t'loginname' => $loginname\n\t\t\t]);\n\t\t\t$id = $result['customerid'];\n\n\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\tUPDATE `\" . TABLE_PANEL_CUSTOMERS . \"` SET\n\t\t\t\t`loginfail_count` = '0'\n\t\t\t\tWHERE `customerid`= :id\n\t\t\t\");\n\t\t\tDatabase::pexecute($result_stmt, [\n\t\t\t\t'id' => $id\n\t\t\t], true, true);\n\t\t\t// set the new value for result-array\n\t\t\t$result['loginfail_count'] = 0;\n\n\t\t\t$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_WARNING, \"[API] unlocked customer '\" . $result['loginname'] . \"'\");\n\t\t\treturn $this->response($result);\n\t\t}\n\t\tthrow new Exception(\"Not allowed to execute given command.\", 403);\n\t}\n\n\t/**\n\t * Function to move a given customer to a given admin/reseller\n\t * and update all its references accordingly\n\t *\n\t * @param int $id\n\t * optional, the customer-id\n\t * @param string $loginname\n\t * optional, the loginname\n\t * @param int $adminid\n\t * target-admin-id\n\t *\n\t * @access admin\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function move()\n\t{\n\t\tif ($this->isAdmin() && $this->getUserDetail('change_serversettings') == 1) {\n\t\t\t$adminid = $this->getParam('adminid');\n\t\t\t$id = $this->getParam('id', true, 0);\n\t\t\t$ln_optional = $id > 0;\n\t\t\t$loginname = $this->getParam('loginname', $ln_optional, '');\n\n\t\t\t$c_result = $this->apiCall('Customers.get', [\n\t\t\t\t'id' => $id,\n\t\t\t\t'loginname' => $loginname\n\t\t\t]);\n\t\t\t$id = $c_result['customerid'];\n\n\t\t\t// check if target-admin is the current admin\n\t\t\tif ($adminid == $c_result['adminid']) {\n\t\t\t\tthrow new Exception(\"Cannot move customer to the same admin/reseller as he currently is assigned to\", 406);\n\t\t\t}\n\n\t\t\t// get target admin\n\t\t\t$a_result = $this->apiCall('Admins.get', [\n\t\t\t\t'id' => $adminid\n\t\t\t]);\n\n\t\t\t// Update customer entry\n\t\t\t$updCustomer_stmt = Database::prepare(\"\n\t\t\t\tUPDATE `\" . TABLE_PANEL_CUSTOMERS . \"` SET `adminid` = :adminid WHERE `customerid` = :cid\n\t\t\t\");\n\t\t\tDatabase::pexecute($updCustomer_stmt, [\n\t\t\t\t'adminid' => $adminid,\n\t\t\t\t'cid' => $id\n\t\t\t], true, true);\n\n\t\t\t// Update customer-domains\n\t\t\t$updDomains_stmt = Database::prepare(\"\n\t\t\t\tUPDATE `\" . TABLE_PANEL_DOMAINS . \"` SET `adminid` = :adminid WHERE `customerid` = :cid\n\t\t\t\");\n\t\t\tDatabase::pexecute($updDomains_stmt, [\n\t\t\t\t'adminid' => $adminid,\n\t\t\t\t'cid' => $id\n\t\t\t], true, true);\n\n\t\t\t// now, recalculate the resource-usage for the old and the new admin\n\t\t\tUser::updateCounters(false);\n\n\t\t\t$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, \"[API] moved user '\" . $c_result['loginname'] . \"' from admin/reseller '\" . $c_result['adminname'] . \" to admin/reseller '\" . $a_result['loginname'] . \"'\");\n\n\t\t\t$result = $this->apiCall('Customers.get', [\n\t\t\t\t'id' => $c_result['customerid']\n\t\t\t]);\n\t\t\treturn $this->response($result);\n\t\t}\n\t\tthrow new Exception(\"Not allowed to execute given command.\", 403);\n\t}\n}\n" }, { "path": "lib/Froxlor/Api/Commands/DataDump.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Api\\Commands;\n\nuse Exception;\nuse Froxlor\\Api\\ApiCommand;\nuse Froxlor\\Api\\ResourceEntity;\nuse Froxlor\\Cron\\TaskId;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\FileDir;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\Settings;\nuse Froxlor\\System\\Cronjob;\nuse Froxlor\\UI\\Response;\nuse Froxlor\\Validate\\Validate;\nuse PDO;\n\n/**\n * @since 0.10.0\n */\nclass DataDump extends ApiCommand implements ResourceEntity\n{\n\n\t/**\n\t * add a new data dump job\n\t *\n\t * @param string $path\n\t * path to store the dumped data to\n\t * @param string $pgp_public_key\n\t * optional pgp public key to encrypt the archive, default is empty\n\t * @param bool $dump_dbs\n\t * optional whether to include databases, default is 0 (false)\n\t * @param bool $dump_mail\n\t * optional whether to include mail-data, default is 0 (false)\n\t * @param bool $dump_web\n\t * optional whether to incoude web-data, default is 0 (false)\n\t * @param int $customerid\n\t * optional, required when called as admin (if $loginname is not specified)\n\t * @param string $loginname\n\t * optional, required when called as admin (if $customerid is not specified)\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function add()\n\t{\n\t\t$this->validateAccess();\n\n\t\t// required parameter\n\t\t$path = $this->getParam('path');\n\n\t\t// parameter\n\t\t$pgp_public_key = $this->getParam('pgp_public_key', true, '');\n\t\t$dump_dbs = $this->getBoolParam('dump_dbs', true, 0);\n\t\t$dump_mail = $this->getBoolParam('dump_mail', true, 0);\n\t\t$dump_web = $this->getBoolParam('dump_web', true, 0);\n\n\t\t// get customer data\n\t\t$customer = $this->getCustomerData();\n\n\t\t// validation\n\t\t$path = FileDir::makeCorrectDir(Validate::validate($path, 'path', '', '', [], true));\n\t\t$userpath = $path;\n\t\t$path = FileDir::makeCorrectDir($customer['documentroot'] . '/' . $path, $customer['documentroot']);\n\n\t\t// path cannot be the customers docroot\n\t\tif ($path == FileDir::makeCorrectDir($customer['documentroot'])) {\n\t\t\tResponse::standardError('dumpfoldercannotbedocroot', '', true);\n\t\t}\n\n\t\t// pgp public key validation\n\t\tif (!empty($pgp_public_key)) {\n\t\t\t// check if gnupg extension is loaded\n\t\t\tif (!extension_loaded('gnupg')) {\n\t\t\t\tResponse::standardError('gnupgextensionnotavailable', '', true);\n\t\t\t}\n\t\t\t// check if the pgp public key is a valid key\n\t\t\tputenv('GNUPGHOME='.sys_get_temp_dir());\n\t\t\tif (gnupg_import(gnupg_init(), $pgp_public_key) === false) {\n\t\t\t\tResponse::standardError('invalidpgppublickey', '', true);\n\t\t\t}\n\t\t}\n\n\t\tif ($dump_dbs != '1') {\n\t\t\t$dump_dbs = '0';\n\t\t}\n\n\t\tif ($dump_mail != '1') {\n\t\t\t$dump_mail = '0';\n\t\t}\n\n\t\tif ($dump_web != '1') {\n\t\t\t$dump_web = '0';\n\t\t}\n\n\t\t$task_data = [\n\t\t\t'customerid' => $customer['customerid'],\n\t\t\t'uid' => $customer['guid'],\n\t\t\t'gid' => $customer['guid'],\n\t\t\t'loginname' => $customer['loginname'],\n\t\t\t'destdir' => $path,\n\t\t\t'pgp_public_key' => $pgp_public_key,\n\t\t\t'dump_dbs' => $dump_dbs,\n\t\t\t'dump_mail' => $dump_mail,\n\t\t\t'dump_web' => $dump_web\n\t\t];\n\n\t\t// schedule export job\n\t\tCronjob::inserttask(TaskId::CREATE_CUSTOMER_DATADUMP, $task_data);\n\n\t\t$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, \"[API] added customer data export job for '\" . $customer['loginname'] . \"'. Target directory: \" . $userpath);\n\t\treturn $this->response($task_data);\n\t}\n\n\t/**\n\t * check whether data dump is enabled systemwide and if accessible for customer (hide_options)\n\t *\n\t * @throws Exception\n\t */\n\tprivate function validateAccess()\n\t{\n\t\tif (Settings::Get('system.exportenabled') != 1) {\n\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t}\n\t\tif ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'extras')) {\n\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t}\n\t\tif ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'extras.export')) {\n\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t}\n\t}\n\n\t/**\n\t * You cannot get a planned data export.\n\t * Try DataDump.listing()\n\t */\n\tpublic function get()\n\t{\n\t\tthrow new Exception('You cannot get a planned data export. Try DataDump.listing()', 303);\n\t}\n\n\t/**\n\t * You cannot update a planned data export.\n\t * You need to delete it and re-add it.\n\t */\n\tpublic function update()\n\t{\n\t\tthrow new Exception('You cannot update a planned data export. You need to delete it and re-add it.', 303);\n\t}\n\n\t/**\n\t * list all planned data export jobs, if called from an admin, list all planned data export jobs of all customers you are\n\t * allowed to view, or specify id or loginname for one specific customer\n\t *\n\t * @param int $customerid\n\t * optional, admin-only, select data export jobs of a specific customer by id\n\t * @param string $loginname\n\t * optional, admin-only, select data export jobs of a specific customer by loginname\n\t * @param array $sql_search\n\t * optional array with index = fieldname, and value = array with 'op' => operator (one of <, > or =),\n\t * LIKE is used if left empty and 'value' => searchvalue\n\t * @param int $sql_limit\n\t * optional specify number of results to be returned\n\t * @param int $sql_offset\n\t * optional specify offset for resultset\n\t * @param array $sql_orderby\n\t * optional array with index = fieldname and value = ASC|DESC to order the resultset by one or more\n\t * fields\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded array count|list\n\t * @throws Exception\n\t */\n\tpublic function listing()\n\t{\n\t\t$this->validateAccess();\n\n\t\t$customer_ids = $this->getAllowedCustomerIds('extras.export');\n\n\t\t// check whether there is a data export job for this customer\n\t\t$query_fields = [];\n\t\t$sel_stmt = Database::prepare(\"SELECT * FROM `\" . TABLE_PANEL_TASKS . \"` WHERE `type` = '20'\" . $this->getSearchWhere($query_fields, true) . $this->getOrderBy() . $this->getLimit());\n\t\tDatabase::pexecute($sel_stmt, $query_fields, true, true);\n\t\t$result = [];\n\t\twhile ($entry = $sel_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t$entry['data'] = json_decode($entry['data'], true);\n\t\t\tif (in_array($entry['data']['customerid'], $customer_ids)) {\n\t\t\t\t$result[] = $entry;\n\t\t\t}\n\t\t}\n\t\t$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO, \"[API] list customer data dump jobs\");\n\t\treturn $this->response([\n\t\t\t'count' => count($result),\n\t\t\t'list' => $result\n\t\t]);\n\t}\n\n\t/**\n\t * returns the total number of planned data exports\n\t *\n\t * @param int $customerid\n\t * optional, admin-only, select data export jobs of a specific customer by id\n\t * @param string $loginname\n\t * optional, admin-only, select data export jobs of a specific customer by loginname\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded response message\n\t * @throws Exception\n\t */\n\tpublic function listingCount()\n\t{\n\t\t$this->validateAccess();\n\n\t\t$customer_ids = $this->getAllowedCustomerIds('extras.export');\n\n\t\t// check whether there is a data export job for this customer\n\t\t$result_count = 0;\n\t\t$query_fields = [];\n\t\t$sel_stmt = Database::prepare(\"SELECT * FROM `\" . TABLE_PANEL_TASKS . \"` WHERE `type` = '20' \" . $this->getSearchWhere($query_fields, true));\n\t\tDatabase::pexecute($sel_stmt, $query_fields, true, true);\n\t\twhile ($entry = $sel_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t$entry['data'] = json_decode($entry['data'], true);\n\t\t\tif (in_array($entry['data']['customerid'], $customer_ids)) {\n\t\t\t\t$result_count++;\n\t\t\t}\n\t\t}\n\t\treturn $this->response($result_count);\n\t}\n\n\t/**\n\t * delete a planned data export jobs by id, if called from an admin you need to specify the customerid/loginname\n\t *\n\t * @param int $job_entry\n\t * id of data export job\n\t * @param int $customerid\n\t * optional, required when called as admin (if $loginname is not specified)\n\t * @param string $loginname\n\t * optional, required when called as admin (if $customerid is not specified)\n\t *\n\t * @access admin, customer\n\t * @return bool\n\t * @throws Exception\n\t */\n\tpublic function delete()\n\t{\n\t\t// get planned exports\n\t\t$result = $this->apiCall('DataDump.listing', $this->getParamList());\n\n\t\t$entry = $this->getParam('job_entry');\n\t\t$customer_ids = $this->getAllowedCustomerIds('extras.export');\n\n\t\tif ($result['count'] > 0 && $entry > 0) {\n\t\t\t// prepare statement\n\t\t\t$del_stmt = Database::prepare(\"DELETE FROM `\" . TABLE_PANEL_TASKS . \"` WHERE `id` = :tid\");\n\t\t\t// check for the correct job\n\t\t\tforeach ($result['list'] as $exportjob) {\n\t\t\t\tif ($exportjob['id'] == $entry && in_array($exportjob['data']['customerid'], $customer_ids)) {\n\t\t\t\t\tDatabase::pexecute($del_stmt, [\n\t\t\t\t\t\t'tid' => $entry\n\t\t\t\t\t], true, true);\n\t\t\t\t\t$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, \"[API] deleted planned customer data export job #\" . $entry);\n\t\t\t\t\treturn $this->response(true);\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t\tthrow new Exception('Data export job with id #' . $entry . ' could not be found', 404);\n\t}\n}\n" }, { "path": "lib/Froxlor/Api/Commands/DirOptions.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Api\\Commands;\n\nuse Exception;\nuse Froxlor\\Api\\ApiCommand;\nuse Froxlor\\Api\\ResourceEntity;\nuse Froxlor\\Cron\\TaskId;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\FileDir;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\Settings;\nuse Froxlor\\System\\Cronjob;\nuse Froxlor\\UI\\Response;\nuse Froxlor\\Validate\\Validate;\nuse PDO;\n\n/**\n * @since 0.10.0\n */\nclass DirOptions extends ApiCommand implements ResourceEntity\n{\n\n\t/**\n\t * add options for a given directory\n\t *\n\t * @param int $customerid\n\t * optional, required when called as admin (if $loginname is not specified)\n\t * @param string $loginname\n\t * optional, required when called as admin (if $customerid is not specified)\n\t * @param string $path\n\t * path relative to the customer's home-Directory\n\t * @param bool $options_indexes\n\t * optional, activate directory-listing for this path, default 0 (false)\n\t * @param bool $options_cgi\n\t * optional, allow Perl/CGI execution, default 0 (false)\n\t * @param string $error404path\n\t * optional, custom 404 error string/file\n\t * @param string $error403path\n\t * optional, custom 403 error string/file\n\t * @param string $error500path\n\t * optional, custom 500 error string/file\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function add()\n\t{\n\t\tif ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'extras')) {\n\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t}\n\t\tif ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'extras.pathoptions')) {\n\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t}\n\n\t\t// get needed customer info to reduce the email-address-counter by one\n\t\t$customer = $this->getCustomerData();\n\n\t\t// required parameters\n\t\t$path = $this->getParam('path');\n\n\t\t// parameters\n\t\t$options_indexes = $this->getBoolParam('options_indexes', true, 0);\n\t\t$options_cgi = $this->getBoolParam('options_cgi', true, 0);\n\t\t$error404path = $this->getParam('error404path', true, '');\n\t\t$error403path = $this->getParam('error403path', true, '');\n\t\t$error500path = $this->getParam('error500path', true, '');\n\n\t\t// validation\n\t\t$path = FileDir::makeCorrectDir(Validate::validate($path, 'path', Validate::REGEX_DIR, '', [], true));\n\t\t$userpath = $path;\n\t\t$path = FileDir::makeCorrectDir($customer['documentroot'] . '/' . $path, $customer['documentroot']);\n\n\t\tif (!empty($error404path)) {\n\t\t\t$error404path = $this->correctErrorDocument($error404path, true);\n\t\t}\n\n\t\tif (!empty($error403path)) {\n\t\t\t$error403path = $this->correctErrorDocument($error403path, true);\n\t\t}\n\n\t\tif (!empty($error500path)) {\n\t\t\t$error500path = $this->correctErrorDocument($error500path, true);\n\t\t}\n\n\t\t// check for duplicate path\n\t\t$path_dupe_check_stmt = Database::prepare(\"\n\t\t\tSELECT `id`, `path` FROM `\" . TABLE_PANEL_HTACCESS . \"`\n\t\t\tWHERE `path`= :path AND `customerid`= :customerid\n\t\t\");\n\t\t$path_dupe_check = Database::pexecute_first($path_dupe_check_stmt, [\n\t\t\t\"path\" => $path,\n\t\t\t\"customerid\" => $customer['customerid']\n\t\t], true, true);\n\n\t\t// duplicate check\n\t\tif ($path_dupe_check && $path_dupe_check['path'] == $path) {\n\t\t\tResponse::standardError('errordocpathdupe', $userpath, true);\n\t\t}\n\n\t\t// insert the entry\n\t\t$stmt = Database::prepare('\n\t\t\tINSERT INTO `' . TABLE_PANEL_HTACCESS . '` SET\n\t\t\t`customerid` = :customerid,\n\t\t\t`path` = :path,\n\t\t\t`options_indexes` = :options_indexes,\n\t\t\t`error404path` = :error404path,\n\t\t\t`error403path` = :error403path,\n\t\t\t`error500path` = :error500path,\n\t\t\t`options_cgi` = :options_cgi\n\t\t');\n\t\t$params = [\n\t\t\t\"customerid\" => $customer['customerid'],\n\t\t\t\"path\" => $path,\n\t\t\t\"options_indexes\" => $options_indexes,\n\t\t\t\"error403path\" => $error403path,\n\t\t\t\"error404path\" => $error404path,\n\t\t\t\"error500path\" => $error500path,\n\t\t\t\"options_cgi\" => $options_cgi\n\t\t];\n\t\tDatabase::pexecute($stmt, $params, true, true);\n\t\t$id = Database::lastInsertId();\n\t\t$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, \"[API] added directory-option for '\" . $userpath . \"'\");\n\t\tCronjob::inserttask(TaskId::REBUILD_VHOST);\n\n\t\t$result = $this->apiCall('DirOptions.get', [\n\t\t\t'id' => $id\n\t\t]);\n\t\treturn $this->response($result);\n\t}\n\n\t/**\n\t * this functions validates a given value as ErrorDocument\n\t * refs #267\n\t *\n\t * @param string $errdoc\n\t * @param bool $throw_exception\n\t *\n\t * @return string error-document-string\n\t *\n\t */\n\tprivate function correctErrorDocument(string $errdoc, $throw_exception = false)\n\t{\n\t\tif (trim($errdoc) != '') {\n\t\t\t// not a URL\n\t\t\tif ((strtoupper(substr($errdoc, 0, 5)) != 'HTTP:' && strtoupper(substr($errdoc, 0, 6)) != 'HTTPS:') || !Validate::validateUrl($errdoc)) {\n\t\t\t\t// a file\n\t\t\t\tif (substr($errdoc, 0, 1) != '\"') {\n\t\t\t\t\t$errdoc = FileDir::makeCorrectFile($errdoc);\n\t\t\t\t\t// apache needs a starting-slash (starting at the domains-docroot)\n\t\t\t\t\tif (!substr($errdoc, 0, 1) == '/') {\n\t\t\t\t\t\t$errdoc = '/' . $errdoc;\n\t\t\t\t\t}\n\t\t\t\t} elseif (preg_match('/^\"([^\\r\\n\\t\\f\\0\"]+)\"$/', $errdoc)) {\n\t\t\t\t\t// a string (check for ending \")\n\t\t\t\t} else {\n\t\t\t\t\tResponse::standardError('invaliderrordocumentvalue', '', $throw_exception);\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t\treturn trim($errdoc);\n\t}\n\n\t/**\n\t * return a directory-protection entry by id\n\t *\n\t * @param int $id\n\t * id of dir-protection entry\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function get()\n\t{\n\t\tif ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'extras')) {\n\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t}\n\n\t\t$id = $this->getParam('id', true, 0);\n\n\t\t$params = [];\n\t\tif ($this->isAdmin()) {\n\t\t\tif ($this->getUserDetail('customers_see_all') == false) {\n\t\t\t\t// if it's a reseller or an admin who cannot see all customers, we need to check\n\t\t\t\t// whether the database belongs to one of his customers\n\t\t\t\t$_custom_list_result = $this->apiCall('Customers.listing');\n\t\t\t\t$custom_list_result = $_custom_list_result['list'];\n\t\t\t\t$customer_ids = [];\n\t\t\t\tforeach ($custom_list_result as $customer) {\n\t\t\t\t\t$customer_ids[] = $customer['customerid'];\n\t\t\t\t}\n\t\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\t\tSELECT * FROM `\" . TABLE_PANEL_HTACCESS . \"`\n\t\t\t\t\tWHERE `customerid` IN (\" . implode(\", \", $customer_ids) . \")\n\t\t\t\t\tAND `id` = :id\n\t\t\t\t\");\n\t\t\t} else {\n\t\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\t\tSELECT * FROM `\" . TABLE_PANEL_HTACCESS . \"`\n\t\t\t\t\tWHERE `id` = :id\n\t\t\t\t\");\n\t\t\t}\n\t\t} else {\n\t\t\tif (Settings::IsInList('panel.customer_hide_options', 'extras.pathoptions')) {\n\t\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t\t}\n\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\tSELECT * FROM `\" . TABLE_PANEL_HTACCESS . \"`\n\t\t\t\tWHERE `customerid` = :customerid\n\t\t\t\tAND `id` = :id\n\t\t\t\");\n\t\t\t$params['customerid'] = $this->getUserDetail('customerid');\n\t\t}\n\t\t$params['id'] = $id;\n\t\t$result = Database::pexecute_first($result_stmt, $params, true, true);\n\t\tif ($result) {\n\t\t\t$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO, \"[API] get directory options for '\" . $result['path'] . \"'\");\n\t\t\treturn $this->response($result);\n\t\t}\n\t\t$key = \"id #\" . $id;\n\t\tthrow new Exception(\"Directory option with \" . $key . \" could not be found\", 404);\n\t}\n\n\t/**\n\t * update options for a given directory by id\n\t *\n\t * @param int $id\n\t * id of dir-protection entry\n\t * @param int $customerid\n\t * optional, required when called as admin (if $loginname is not specified)\n\t * @param string $loginname\n\t * optional, required when called as admin (if $customerid is not specified)\n\t * @param bool $options_indexes\n\t * optional, activate directory-listing for this path, default 0 (false)\n\t * @param bool $options_cgi\n\t * optional, allow Perl/CGI execution, default 0 (false)\n\t * @param string $error404path\n\t * optional, custom 404 error string/file\n\t * @param string $error403path\n\t * optional, custom 403 error string/file\n\t * @param string $error500path\n\t * optional, custom 500 error string/file\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function update()\n\t{\n\t\t$id = $this->getParam('id', true, 0);\n\n\t\t// validation\n\t\t$result = $this->apiCall('DirOptions.get', [\n\t\t\t'id' => $id\n\t\t]);\n\n\t\t// get needed customer info to reduce the email-address-counter by one\n\t\t$customer = $this->getCustomerData();\n\n\t\t// parameters\n\t\t$options_indexes = $this->getBoolParam('options_indexes', true, $result['options_indexes']);\n\t\t$options_cgi = $this->getBoolParam('options_cgi', true, $result['options_cgi']);\n\t\t$error404path = $this->getParam('error404path', true, $result['error404path']);\n\t\t$error403path = $this->getParam('error403path', true, $result['error403path']);\n\t\t$error500path = $this->getParam('error500path', true, $result['error500path']);\n\n\t\tif (!empty($error404path)) {\n\t\t\t$error404path = $this->correctErrorDocument($error404path, true);\n\t\t}\n\n\t\tif (!empty($error403path)) {\n\t\t\t$error403path = $this->correctErrorDocument($error403path, true);\n\t\t}\n\n\t\tif (!empty($error500path)) {\n\t\t\t$error500path = $this->correctErrorDocument($error500path, true);\n\t\t}\n\n\t\tif (($options_indexes != $result['options_indexes']) || ($error404path != $result['error404path']) || ($error403path != $result['error403path']) || ($error500path != $result['error500path']) || ($options_cgi != $result['options_cgi'])) {\n\t\t\tCronjob::inserttask(TaskId::REBUILD_VHOST);\n\t\t\t$stmt = Database::prepare(\"\n\t\t\t\tUPDATE `\" . TABLE_PANEL_HTACCESS . \"`\n\t\t\t\tSET `options_indexes` = :options_indexes,\n\t\t\t\t`error404path` = :error404path,\n\t\t\t\t`error403path` = :error403path,\n\t\t\t\t`error500path` = :error500path,\n\t\t\t\t`options_cgi` = :options_cgi\n\t\t\t\tWHERE `customerid` = :customerid\n\t\t\t\tAND `id` = :id\n\t\t\t\");\n\t\t\t$params = [\n\t\t\t\t\"customerid\" => $customer['customerid'],\n\t\t\t\t\"options_indexes\" => $options_indexes,\n\t\t\t\t\"error403path\" => $error403path,\n\t\t\t\t\"error404path\" => $error404path,\n\t\t\t\t\"error500path\" => $error500path,\n\t\t\t\t\"options_cgi\" => $options_cgi,\n\t\t\t\t\"id\" => $id\n\t\t\t];\n\t\t\tDatabase::pexecute($stmt, $params, true, true);\n\t\t\t$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, \"[API] edited directory options for '\" . str_replace($customer['documentroot'], '/', $result['path']) . \"'\");\n\t\t}\n\n\t\t$result = $this->apiCall('DirOptions.get', [\n\t\t\t'id' => $id\n\t\t]);\n\t\treturn $this->response($result);\n\t}\n\n\t/**\n\t * list all directory-options, if called from an admin, list all directory-options of all customers you are allowed\n\t * to view, or specify id or loginname for one specific customer\n\t *\n\t * @param int $customerid\n\t * optional, admin-only, select directory-protections of a specific customer by id\n\t * @param string $loginname\n\t * optional, admin-only, select directory-protections of a specific customer by loginname\n\t * @param array $sql_search\n\t * optional array with index = fieldname, and value = array with 'op' => operator (one of <, > or =),\n\t * LIKE is used if left empty and 'value' => searchvalue\n\t * @param int $sql_limit\n\t * optional specify number of results to be returned\n\t * @param int $sql_offset\n\t * optional specify offset for resultset\n\t * @param array $sql_orderby\n\t * optional array with index = fieldname and value = ASC|DESC to order the resultset by one or more\n\t * fields\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded array count|list\n\t * @throws Exception\n\t */\n\tpublic function listing()\n\t{\n\t\tif ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'extras')) {\n\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t}\n\t\t$customer_ids = $this->getAllowedCustomerIds('extras.pathoptions');\n\n\t\t$result = [];\n\t\t$query_fields = [];\n\t\t$result_stmt = Database::prepare(\"\n\t\t\tSELECT * FROM `\" . TABLE_PANEL_HTACCESS . \"`\n\t\t\tWHERE `customerid` IN (\" . implode(', ', $customer_ids) . \")\" . $this->getSearchWhere($query_fields, true) . $this->getOrderBy() . $this->getLimit());\n\t\tDatabase::pexecute($result_stmt, $query_fields, true, true);\n\t\twhile ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t$result[] = $row;\n\t\t}\n\t\t$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO, \"[API] list directory-options\");\n\t\treturn $this->response([\n\t\t\t'count' => count($result),\n\t\t\t'list' => $result\n\t\t]);\n\t}\n\n\t/**\n\t * returns the total number of accessible directory options\n\t *\n\t * @param int $customerid\n\t * optional, admin-only, select directory-protections of a specific customer by id\n\t * @param string $loginname\n\t * optional, admin-only, select directory-protections of a specific customer by loginname\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded response message\n\t * @throws Exception\n\t */\n\tpublic function listingCount()\n\t{\n\t\tif ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'extras')) {\n\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t}\n\t\t$customer_ids = $this->getAllowedCustomerIds('extras.pathoptions');\n\n\t\t$result = [];\n\t\t$query_fields = [];\n\t\t$result_stmt = Database::prepare(\"\n\t\t\tSELECT COUNT(*) as num_htaccess FROM `\" . TABLE_PANEL_HTACCESS . \"`\n\t\t\tWHERE `customerid` IN (\" . implode(', ', $customer_ids) . \")\n\t\t\" . $this->getSearchWhere($query_fields, true));\n\t\t$result = Database::pexecute_first($result_stmt, $query_fields, true, true);\n\t\tif ($result) {\n\t\t\treturn $this->response($result['num_htaccess']);\n\t\t}\n\t\treturn $this->response(0);\n\t}\n\n\t/**\n\t * delete a directory-options by id\n\t *\n\t * @param int $id\n\t * id of dir-protection entry\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function delete()\n\t{\n\t\tif ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'extras')) {\n\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t}\n\n\t\t$id = $this->getParam('id');\n\n\t\tif ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'extras.pathoptions')) {\n\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t}\n\n\t\t// get directory-option\n\t\t$result = $this->apiCall('DirOptions.get', [\n\t\t\t'id' => $id\n\t\t]);\n\n\t\tif ($this->isAdmin()) {\n\t\t\t// get customer-data\n\t\t\t$customer_data = $this->apiCall('Customers.get', [\n\t\t\t\t'id' => $result['customerid']\n\t\t\t]);\n\t\t} else {\n\t\t\t$customer_data = $this->getUserData();\n\t\t}\n\n\t\t// do we have to remove the symlink and folder in suexecpath?\n\t\tif ((int)Settings::Get('perl.suexecworkaround') == 1) {\n\t\t\t$loginname = $customer_data['loginname'];\n\t\t\t$suexecpath = FileDir::makeCorrectDir(Settings::Get('perl.suexecpath') . '/' . $loginname . '/' . md5($result['path']) . '/');\n\t\t\t$perlsymlink = FileDir::makeCorrectFile($result['path'] . '/cgi-bin');\n\t\t\t// remove symlink\n\t\t\tif (file_exists($perlsymlink)) {\n\t\t\t\tFileDir::safe_exec('rm -f ' . escapeshellarg($perlsymlink));\n\t\t\t\t$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_DEBUG, \"[API] deleted suexecworkaround symlink '\" . $perlsymlink . \"'\");\n\t\t\t}\n\t\t\t// remove folder in suexec-path\n\t\t\tif (file_exists($suexecpath)) {\n\t\t\t\tFileDir::safe_exec('rm -rf ' . escapeshellarg($suexecpath));\n\t\t\t\t$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_DEBUG, \"[API] deleted suexecworkaround path '\" . $suexecpath . \"'\");\n\t\t\t}\n\t\t}\n\t\t$stmt = Database::prepare(\"\n\t\t\tDELETE FROM `\" . TABLE_PANEL_HTACCESS . \"`\n\t\t\tWHERE `customerid`= :customerid\n\t\t\tAND `id`= :id\n\t\t\");\n\t\tDatabase::pexecute($stmt, [\n\t\t\t\"customerid\" => $customer_data['customerid'],\n\t\t\t\"id\" => $id\n\t\t], true, true);\n\t\t$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, \"[API] deleted directory-option for '\" . str_replace($customer_data['documentroot'], '/', $result['path']) . \"'\");\n\t\tCronjob::inserttask(TaskId::REBUILD_VHOST);\n\t\treturn $this->response($result);\n\t}\n}\n" }, { "path": "lib/Froxlor/Api/Commands/DirProtections.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Api\\Commands;\n\nuse Exception;\nuse Froxlor\\Api\\ApiCommand;\nuse Froxlor\\Api\\ResourceEntity;\nuse Froxlor\\Cron\\TaskId;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\FileDir;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\Settings;\nuse Froxlor\\System\\Cronjob;\nuse Froxlor\\System\\Crypt;\nuse Froxlor\\UI\\Response;\nuse Froxlor\\Validate\\Validate;\nuse PDO;\n\n/**\n * @since 0.10.0\n */\nclass DirProtections extends ApiCommand implements ResourceEntity\n{\n\n\t/**\n\t * add htaccess protection to a given directory\n\t *\n\t * @param int $customerid\n\t * optional, required when called as admin (if $loginname is not specified)\n\t * @param string $loginname\n\t * optional, required when called as admin (if $customerid is not specified)\n\t * @param string $path\n\t * @param string $username\n\t * @param string $directory_password\n\t * @param string $directory_authname\n\t * optional name/description for the protection\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function add()\n\t{\n\t\tif ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'extras')) {\n\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t}\n\t\tif ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'extras.directoryprotection')) {\n\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t}\n\n\t\t// get needed customer info to reduce the email-address-counter by one\n\t\t$customer = $this->getCustomerData();\n\n\t\t// required parameters\n\t\t$path = $this->getParam('path');\n\t\t$username = $this->getParam('username');\n\t\t$password = $this->getParam('directory_password');\n\n\t\t// parameters\n\t\t$authname = $this->getParam('directory_authname', true, '');\n\n\t\t// validation\n\t\t$path = FileDir::makeCorrectDir(Validate::validate($path, 'path', Validate::REGEX_DIR, '', [], true));\n\t\t$path = FileDir::makeCorrectDir($customer['documentroot'] . '/' . $path, $customer['documentroot']);\n\t\t$username = Validate::validate($username, 'username', '/^[a-zA-Z0-9][a-zA-Z0-9\\-_]+\\$?$/', '', [], true);\n\t\t$authname = Validate::validate($authname, 'directory_authname', '/^[a-zA-Z0-9][a-zA-Z0-9\\-_ ]+\\$?$/', '', [], true);\n\t\t$password = Validate::validate($password, 'password', '', '', [], true);\n\t\t$password = Crypt::validatePassword($password, true);\n\n\t\t// check for duplicate usernames for the path\n\t\t$username_path_check_stmt = Database::prepare(\"\n\t\t\tSELECT `id`, `username`, `path` FROM `\" . TABLE_PANEL_HTPASSWDS . \"`\n\t\t\tWHERE `username`= :username AND `path`= :path AND `customerid`= :customerid\n\t\t\");\n\t\t$params = [\n\t\t\t\"username\" => $username,\n\t\t\t\"path\" => $path,\n\t\t\t\"customerid\" => $customer['customerid']\n\t\t];\n\t\t$username_path_check = Database::pexecute_first($username_path_check_stmt, $params, true, true);\n\n\t\t$password_enc = Crypt::makeCryptPassword($password, true);\n\n\t\t// duplicate check\n\t\tif ($username_path_check && $username_path_check['username'] == $username && $username_path_check['path'] == $path) {\n\t\t\tResponse::standardError('userpathcombinationdupe', '', true);\n\t\t} elseif ($password == $username) {\n\t\t\tResponse::standardError('passwordshouldnotbeusername', '', true);\n\t\t}\n\n\t\t// insert the entry\n\t\t$stmt = Database::prepare(\"\n\t\t\tINSERT INTO `\" . TABLE_PANEL_HTPASSWDS . \"` SET\n\t\t\t`customerid` = :customerid,\n\t\t\t`username` = :username,\n\t\t\t`password` = :password,\n\t\t\t`path` = :path,\n\t\t\t`authname` = :authname\n\t\t\");\n\t\t$params = [\n\t\t\t\"customerid\" => $customer['customerid'],\n\t\t\t\"username\" => $username,\n\t\t\t\"password\" => $password_enc,\n\t\t\t\"path\" => $path,\n\t\t\t\"authname\" => $authname\n\t\t];\n\t\tDatabase::pexecute($stmt, $params, true, true);\n\t\t$id = Database::lastInsertId();\n\t\t$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, \"[API] added directory-protection for '\" . $username . \" (\" . $path . \")'\");\n\t\tCronjob::inserttask(TaskId::REBUILD_VHOST);\n\n\t\t$result = $this->apiCall('DirProtections.get', [\n\t\t\t'id' => $id\n\t\t]);\n\t\treturn $this->response($result);\n\t}\n\n\t/**\n\t * return a directory-protection entry by either id or username\n\t *\n\t * @param int $id\n\t * optional, the directory-protection-id\n\t * @param string $username\n\t * optional, the username\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function get()\n\t{\n\t\tif ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'extras')) {\n\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t}\n\n\t\t$id = $this->getParam('id', true, 0);\n\t\t$un_optional = $id > 0;\n\t\t$username = $this->getParam('username', $un_optional, '');\n\n\t\t$params = [];\n\t\tif ($this->isAdmin()) {\n\t\t\tif ($this->getUserDetail('customers_see_all') == false) {\n\t\t\t\t// if it's a reseller or an admin who cannot see all customers, we need to check\n\t\t\t\t// whether the database belongs to one of his customers\n\t\t\t\t$_custom_list_result = $this->apiCall('Customers.listing');\n\t\t\t\t$custom_list_result = $_custom_list_result['list'];\n\t\t\t\t$customer_ids = [];\n\t\t\t\tforeach ($custom_list_result as $customer) {\n\t\t\t\t\t$customer_ids[] = $customer['customerid'];\n\t\t\t\t}\n\t\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\t\tSELECT * FROM `\" . TABLE_PANEL_HTPASSWDS . \"`\n\t\t\t\t\tWHERE `customerid` IN (\" . implode(\", \", $customer_ids) . \")\n\t\t\t\t\tAND (`id` = :idun OR `username` = :idun)\n\t\t\t\t\");\n\t\t\t} else {\n\t\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\t\tSELECT * FROM `\" . TABLE_PANEL_HTPASSWDS . \"`\n\t\t\t\t\tWHERE (`id` = :idun OR `username` = :idun)\n\t\t\t\t\");\n\t\t\t}\n\t\t} else {\n\t\t\tif (Settings::IsInList('panel.customer_hide_options', 'extras.directoryprotection')) {\n\t\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t\t}\n\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\tSELECT * FROM `\" . TABLE_PANEL_HTPASSWDS . \"`\n\t\t\t\tWHERE `customerid` = :customerid\n\t\t\t\tAND (`id` = :idun OR `username` = :idun)\n\t\t\t\");\n\t\t\t$params['customerid'] = $this->getUserDetail('customerid');\n\t\t}\n\t\t$params['idun'] = ($id <= 0 ? $username : $id);\n\t\t$result = Database::pexecute_first($result_stmt, $params, true, true);\n\t\tif ($result) {\n\t\t\t$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO, \"[API] get directory protection for '\" . $result['path'] . \"'\");\n\t\t\treturn $this->response($result);\n\t\t}\n\t\t$key = ($id > 0 ? \"id #\" . $id : \"username '\" . $username . \"'\");\n\t\tthrow new Exception(\"Directory protection with \" . $key . \" could not be found\", 404);\n\t}\n\n\t/**\n\t * update htaccess protection of a given directory\n\t *\n\t * @param int $id\n\t * optional the directory-protection-id\n\t * @param string $username\n\t * optional, the username\n\t * @param int $customerid\n\t * optional, required when called as admin (if $loginname is not specified)\n\t * @param string $loginname\n\t * optional, required when called as admin (if $customerid is not specified)\n\t * @param string $directory_password\n\t * optional, leave empty for no change\n\t * @param string $directory_authname\n\t * optional name/description for the protection\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function update()\n\t{\n\t\t$id = $this->getParam('id', true, 0);\n\t\t$un_optional = $id > 0;\n\t\t$username = $this->getParam('username', $un_optional, '');\n\n\t\t// validation\n\t\t$result = $this->apiCall('DirProtections.get', [\n\t\t\t'id' => $id,\n\t\t\t'username' => $username\n\t\t]);\n\t\t$id = $result['id'];\n\n\t\t// parameters\n\t\t$password = $this->getParam('directory_password', true, '');\n\t\t$authname = $this->getParam('directory_authname', true, $result['authname']);\n\n\t\t// get needed customer info\n\t\t$customer = $this->getCustomerData();\n\n\t\t// validation\n\t\t$authname = Validate::validate($authname, 'directory_authname', '/^[a-zA-Z0-9][a-zA-Z0-9\\-_ ]+\\$?$/', '', [], true);\n\t\t$password = Validate::validate($password, 'password', '', '', [], true);\n\t\t$password = Crypt::validatePassword($password, true);\n\n\t\t$upd_query = \"\";\n\t\t$upd_params = [\n\t\t\t\"id\" => $result['id'],\n\t\t\t\"cid\" => $customer['customerid']\n\t\t];\n\t\tif (!empty($password)) {\n\t\t\tif ($password == $result['username']) {\n\t\t\t\tResponse::standardError('passwordshouldnotbeusername', '', true);\n\t\t\t}\n\t\t\t$password_enc = Crypt::makeCryptPassword($password, true);\n\n\t\t\t$upd_query .= \"`password`= :password_enc\";\n\t\t\t$upd_params['password_enc'] = $password_enc;\n\t\t}\n\t\tif ($authname != $result['authname']) {\n\t\t\tif (!empty($upd_query)) {\n\t\t\t\t$upd_query .= \", \";\n\t\t\t}\n\t\t\t$upd_query .= \"`authname` = :authname\";\n\t\t\t$upd_params['authname'] = $authname;\n\t\t}\n\n\t\t// build update query\n\t\tif (!empty($upd_query)) {\n\t\t\t$upd_stmt = Database::prepare(\"\n\t\t\t\tUPDATE `\" . TABLE_PANEL_HTPASSWDS . \"` SET \" . $upd_query . \" WHERE `id` = :id AND `customerid`= :cid\n\t\t\t\");\n\t\t\tDatabase::pexecute($upd_stmt, $upd_params, true, true);\n\t\t\tCronjob::inserttask(TaskId::REBUILD_VHOST);\n\t\t}\n\n\t\t$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, \"[API] updated directory-protection '\" . $result['username'] . \" (\" . $result['path'] . \")'\");\n\t\t$result = $this->apiCall('DirProtections.get', [\n\t\t\t'id' => $result['id']\n\t\t]);\n\t\treturn $this->response($result);\n\t}\n\n\t/**\n\t * list all directory-protections, if called from an admin, list all directory-protections of all customers you are\n\t * allowed to view, or specify id or loginname for one specific customer\n\t *\n\t * @param int $customerid\n\t * optional, admin-only, select directory-protections of a specific customer by id\n\t * @param string $loginname\n\t * optional, admin-only, select directory-protections of a specific customer by loginname\n\t * @param array $sql_search\n\t * optional array with index = fieldname, and value = array with 'op' => operator (one of <, > or =),\n\t * LIKE is used if left empty and 'value' => searchvalue\n\t * @param int $sql_limit\n\t * optional specify number of results to be returned\n\t * @param int $sql_offset\n\t * optional specify offset for resultset\n\t * @param array $sql_orderby\n\t * optional array with index = fieldname and value = ASC|DESC to order the resultset by one or more\n\t * fields\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded array count|list\n\t * @throws Exception\n\t */\n\tpublic function listing()\n\t{\n\t\tif ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'extras')) {\n\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t}\n\t\t$customer_ids = $this->getAllowedCustomerIds('extras.directoryprotection');\n\n\t\t$result = [];\n\t\t$query_fields = [];\n\t\t$result_stmt = Database::prepare(\"\n\t\t\tSELECT * FROM `\" . TABLE_PANEL_HTPASSWDS . \"`\n\t\t\tWHERE `customerid` IN (\" . implode(', ', $customer_ids) . \")\" . $this->getSearchWhere($query_fields, true) . $this->getOrderBy() . $this->getLimit());\n\t\tDatabase::pexecute($result_stmt, $query_fields, true, true);\n\t\twhile ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t$result[] = $row;\n\t\t}\n\t\t$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO, \"[API] list directory-protections\");\n\t\treturn $this->response([\n\t\t\t'count' => count($result),\n\t\t\t'list' => $result\n\t\t]);\n\t}\n\n\t/**\n\t * returns the total number of accessible directory protections\n\t *\n\t * @param int $customerid\n\t * optional, admin-only, select directory-protections of a specific customer by id\n\t * @param string $loginname\n\t * optional, admin-only, select directory-protections of a specific customer by loginname\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded response message\n\t * @throws Exception\n\t */\n\tpublic function listingCount()\n\t{\n\t\tif ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'extras')) {\n\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t}\n\t\t$customer_ids = $this->getAllowedCustomerIds('extras.directoryprotection');\n\n\t\t$result = [];\n\t\t$query_fields = [];\n\t\t$result_stmt = Database::prepare(\"\n\t\t\tSELECT COUNT(*) as num_htpasswd FROM `\" . TABLE_PANEL_HTPASSWDS . \"`\n\t\t\tWHERE `customerid` IN (\" . implode(', ', $customer_ids) . \")\n\t\t\" . $this->getSearchWhere($query_fields, true));\n\t\t$result = Database::pexecute_first($result_stmt, $query_fields, true, true);\n\t\tif ($result) {\n\t\t\treturn $this->response($result['num_htpasswd']);\n\t\t}\n\t\treturn $this->response(0);\n\t}\n\n\t/**\n\t * delete a directory-protection by either id or username\n\t *\n\t * @param int $id\n\t * optional, the directory-protection-id\n\t * @param string $username\n\t * optional, the username\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function delete()\n\t{\n\t\tif ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'extras')) {\n\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t}\n\n\t\t$id = $this->getParam('id', true, 0);\n\t\t$un_optional = $id > 0;\n\t\t$username = $this->getParam('username', $un_optional, '');\n\n\t\tif ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'extras.directoryprotection')) {\n\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t}\n\n\t\t// get directory protection\n\t\t$result = $this->apiCall('DirProtections.get', [\n\t\t\t'id' => $id,\n\t\t\t'username' => $username\n\t\t]);\n\t\t$id = $result['id'];\n\n\t\tif ($this->isAdmin()) {\n\t\t\t// get customer-data\n\t\t\t$customer_data = $this->apiCall('Customers.get', [\n\t\t\t\t'id' => $result['customerid']\n\t\t\t]);\n\t\t} else {\n\t\t\t$customer_data = $this->getUserData();\n\t\t}\n\n\t\t$stmt = Database::prepare(\"\n\t\t\tDELETE FROM `\" . TABLE_PANEL_HTPASSWDS . \"` WHERE `customerid`= :customerid\tAND `id`= :id\n\t\t\");\n\t\tDatabase::pexecute($stmt, [\n\t\t\t\"customerid\" => $customer_data['customerid'],\n\t\t\t\"id\" => $id\n\t\t]);\n\n\t\t$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_WARNING, \"[API] deleted htpasswd for '\" . $result['username'] . \" (\" . $result['path'] . \")'\");\n\t\tCronjob::inserttask(TaskId::REBUILD_VHOST);\n\t\treturn $this->response($result);\n\t}\n}\n" }, { "path": "lib/Froxlor/Api/Commands/DomainZones.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Api\\Commands;\n\nuse Exception;\nuse Froxlor\\Api\\ApiCommand;\nuse Froxlor\\Api\\ResourceEntity;\nuse Froxlor\\Cron\\TaskId;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\Dns\\Dns;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\Idna\\IdnaWrapper;\nuse Froxlor\\Settings;\nuse Froxlor\\System\\Cronjob;\nuse Froxlor\\UI\\Response;\nuse Froxlor\\Validate\\Validate;\nuse PDO;\n\n/**\n * @since 0.10.0\n */\nclass DomainZones extends ApiCommand implements ResourceEntity\n{\n\n\t/**\n\t * add a new dns zone for a given domain by id or domainname\n\t *\n\t * @param int $id\n\t * optional domain id\n\t * @param string $domainname\n\t * optional domain name\n\t * @param string $record\n\t * optional, default empty\n\t * @param string $type\n\t * optional, zone-entry type (A, AAAA, TXT, etc.), default 'A'\n\t * @param int $prio\n\t * optional, priority, default empty\n\t * @param string $content\n\t * optional, default empty\n\t * @param int $ttl\n\t * optional, default 18000\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function add()\n\t{\n\t\tif (Settings::Get('system.dnsenabled') != '1') {\n\t\t\tthrow new Exception(\"DNS service not enabled on this system\", 405);\n\t\t}\n\n\t\tif ($this->isAdmin() == false && $this->getUserDetail('dnsenabled') != '1') {\n\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t}\n\n\t\t$id = $this->getParam('id', true, 0);\n\t\t$dn_optional = $id > 0;\n\t\t$domainname = $this->getParam('domainname', $dn_optional, '');\n\n\t\t// get requested domain\n\t\t$result = $this->apiCall('SubDomains.get', [\n\t\t\t'id' => $id,\n\t\t\t'domainname' => $domainname\n\t\t]);\n\t\t$id = $result['id'];\n\n\t\t// parameters\n\t\t$record = $this->getParam('record', true, null);\n\t\t$type = $this->getParam('type', true, 'A');\n\t\t$prio = $this->getParam('prio', true, null);\n\t\t$content = $this->getParam('content', true, null);\n\t\t$ttl = $this->getParam('ttl', true, 18000);\n\n\t\tif ($result['parentdomainid'] != '0') {\n\t\t\tthrow new Exception(\"DNS zones can only be generated for the main domain, not for subdomains\", 406);\n\t\t}\n\n\t\tif ($result['subisbinddomain'] != '1') {\n\t\t\tResponse::standardError('dns_domain_nodns', '', true);\n\t\t}\n\n\t\t$idna_convert = new IdnaWrapper();\n\t\t$domain = $idna_convert->encode($result['domain']);\n\n\t\t// select all entries\n\t\t$sel_stmt = Database::prepare(\"SELECT * FROM `\" . TABLE_DOMAIN_DNS . \"` WHERE domain_id = :did\");\n\t\tDatabase::pexecute($sel_stmt, [\n\t\t\t'did' => $id\n\t\t], true, true);\n\t\t$dom_entries = $sel_stmt->fetchAll(PDO::FETCH_ASSOC);\n\n\t\t// validation\n\t\t$errors = [];\n\t\tif (empty(trim($record))) {\n\t\t\t$record = \"@\";\n\t\t}\n\n\t\t$record = trim(strtolower($record));\n\n\t\tif ($record != '@' && $record != '*') {\n\t\t\t// validate record\n\t\t\tif (strpos($record, '--') !== false) {\n\t\t\t\t$errors[] = lng('error.domain_nopunycode');\n\t\t\t} else {\n\t\t\t\t// check for wildcard-record\n\t\t\t\t$add_wildcard_again = false;\n\t\t\t\tif (substr($record, 0, 2) == '*.') {\n\t\t\t\t\t$record = substr($record, 2);\n\t\t\t\t\t$add_wildcard_again = true;\n\t\t\t\t}\n\t\t\t\t// convert entry\n\t\t\t\t$record = $idna_convert->encode($record);\n\n\t\t\t\tif ($add_wildcard_again) {\n\t\t\t\t\t$record = '*.' . $record;\n\t\t\t\t}\n\n\t\t\t\tif (strlen($record) > 63) {\n\t\t\t\t\t$errors[] = lng('error.dns_record_toolong');\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tif ($ttl <= 0) {\n\t\t\t$ttl = 18000;\n\t\t}\n\n\t\t$content = trim($content);\n\t\tif (empty($content)) {\n\t\t\t$errors[] = lng('error.dns_content_empty');\n\t\t}\n\n\t\t// remove invalid control characters (allow tab + printable ASCII)\n\t\t$content = preg_replace('/[^\\x09\\x20-\\x7E]/', '', $content);\n\t\t// collapse excessive whitespace\n\t\t$content = preg_replace('/\\s+/', ' ', $content);\n\n\t\tif ($type != 'CNAME') {\n\t\t\t// check whether there is a CNAME-record for the same resource\n\t\t\tforeach ($dom_entries as $existing_entries) {\n\t\t\t\tif ($existing_entries['type'] == 'CNAME' && $existing_entries['record'] == $record) {\n\t\t\t\t\t$errors[] = lng('error.dns_other_nomorerr');\n\t\t\t\t\tbreak;\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\t// types\n\t\tif ($type == 'A' && filter_var($content, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) === false) {\n\t\t\t$errors[] = lng('error.dns_arec_noipv4');\n\t\t} elseif ($type == 'AAAA' && filter_var($content, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) === false) {\n\t\t\t$errors[] = lng('error.dns_aaaarec_noipv6');\n\t\t} elseif ($type == 'CAA' && !empty($content)) {\n\t\t\t$re = '/(?\\'critical\\'\\d+)\\h*(?\\'type\\'iodef|issue|issuewild)\\h*(?\\'value\\'(?\\'issuevalue\\'\"(?\\'domain\\'(?=.{3,128}$)(?>(?>[a-zA-Z0-9]+[a-zA-Z0-9-]*[a-zA-Z0-9]+|[a-zA-Z0-9]+)\\.)*(?>[a-zA-Z]{2,}|[a-zA-Z0-9]{2,}\\.[a-zA-Z]{2,}))[;\\h]*(?\\'parameters\\'(?>[a-zA-Z0-9]{1,60}=[a-zA-Z0-9:\\.\\/\\-]{1,60}\\h*)+)?\")|(?\\'iodefvalue\\'\"(?\\'url\\'(mailto:.*|http:\\/\\/.*|https:\\/\\/.*))\"))/';\n\t\t\tpreg_match($re, $content, $matches);\n\n\t\t\tif (empty($matches)) {\n\t\t\t\t$errors[] = lng('error.dns_content_invalid');\n\t\t\t} elseif (($matches['type'] == 'issue' || $matches['type'] == 'issuewild') && !Validate::validateDomain($matches['domain'])) {\n\t\t\t\t$errors[] = lng('error.dns_content_invalid');\n\t\t\t} elseif ($matches['type'] == 'iodef' && !Validate::validateUrl($matches['url'])) {\n\t\t\t\t$errors[] = lng('error.dns_content_invalid');\n\t\t\t} else {\n\t\t\t\t$content = $matches[0];\n\t\t\t}\n\t\t} elseif ($type == 'CNAME' || $type == 'DNAME') {\n\t\t\t// check for trailing dot\n\t\t\tif (substr($content, -1) == '.') {\n\t\t\t\t// remove it for checks\n\t\t\t\t$content = substr($content, 0, -1);\n\t\t\t} else {\n\t\t\t\t// add domain name\n\t\t\t\t$content .= '.' . $domain;\n\t\t\t}\n\t\t\tif (!Validate::validateDomain($content, true)) {\n\t\t\t\t$errors[] = lng('error.dns_cname_invaliddom');\n\t\t\t} else {\n\t\t\t\t// check whether there are RR-records for the same resource\n\t\t\t\tforeach ($dom_entries as $existing_entries) {\n\t\t\t\t\tif ($existing_entries['record'] == $record) {\n\t\t\t\t\t\t$errors[] = lng('error.dns_cname_nomorerr');\n\t\t\t\t\t\tbreak;\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\t// check www-alias setting\n\t\t\t\tif ($result['wwwserveralias'] == '1' && $result['iswildcarddomain'] == '0' && $record == 'www') {\n\t\t\t\t\t$errors[] = lng('error.no_wwwcnamae_ifwwwalias');\n\t\t\t\t}\n\t\t\t}\n\t\t\t// append trailing dot (again)\n\t\t\t$content .= '.';\n\t\t} elseif ($type == 'LOC' && !empty($content)) {\n\t\t\tif (!Validate::validateDnsLoc($content)) {\n\t\t\t\t$errors[] = lng('error.dns_loc_invalid');\n\t\t\t}\n\t\t} elseif ($type == 'MX') {\n\t\t\tif ($prio === null || $prio < 0) {\n\t\t\t\t$errors[] = lng('error.dns_mx_prioempty');\n\t\t\t}\n\t\t\t// check for trailing dot\n\t\t\tif (substr($content, -1) == '.') {\n\t\t\t\t// remove it for checks\n\t\t\t\t$content = substr($content, 0, -1);\n\t\t\t}\n\t\t\tif (!empty($content) && !Validate::validateDomain($content)) {\n\t\t\t\t$errors[] = lng('error.dns_mx_needdom');\n\t\t\t} else {\n\t\t\t\t// check whether there is a CNAME-record for the same resource\n\t\t\t\tforeach ($dom_entries as $existing_entries) {\n\t\t\t\t\t$fqdn = $existing_entries['record'] . '.' . $domain;\n\t\t\t\t\tif ($existing_entries['type'] == 'CNAME' && $fqdn == $content) {\n\t\t\t\t\t\t$errors[] = lng('error.dns_mx_noalias');\n\t\t\t\t\t\tbreak;\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t\t// append trailing dot (again)\n\t\t\t$content .= '.';\n\t\t\t// if content is only \".\", the prio needs to be 0 which results in a \"null mx\" entry\n\t\t\tif ($content == '.' && $prio != 0) {\n\t\t\t\t$prio = 0;\n\t\t\t}\n\t\t} elseif ($type == 'NAPTR' && !empty($content)) {\n\t\t\tif (!Validate::validateDnsNaptr($content)) {\n\t\t\t\t$errors[] = lng('error.dns_naptr_invalid');\n\t\t\t}\n\t\t} elseif ($type == 'NS') {\n\t\t\t// check for trailing dot\n\t\t\tif (substr($content, -1) == '.') {\n\t\t\t\t// remove it for checks\n\t\t\t\t$content = substr($content, 0, -1);\n\t\t\t}\n\t\t\tif (!Validate::validateDomain($content)) {\n\t\t\t\t$errors[] = lng('error.dns_ns_invaliddom');\n\t\t\t}\n\t\t\t// append trailing dot (again)\n\t\t\t$content .= '.';\n\t\t} elseif ($type == 'RP' && !empty($content)) {\n\t\t\tif (!Validate::validateDnsRp($content)) {\n\t\t\t\t$errors[] = lng('error.dns_rp_invalid');\n\t\t\t}\n\t\t} elseif ($type == 'SRV') {\n\t\t\tif ($prio === null || $prio < 0) {\n\t\t\t\t$errors[] = lng('error.dns_srv_prioempty');\n\t\t\t}\n\t\t\t// check only last part of content, as it can look like:\n\t\t\t// _service._proto.name. TTL class SRV priority weight port target.\n\t\t\t$_split_content = explode(\" \", $content);\n\t\t\t// SRV content must be [weight] [port] [target]\n\t\t\tif (count($_split_content) != 3) {\n\t\t\t\t$errors[] = lng('error.dns_srv_invalidcontent');\n\t\t\t}\n\t\t\t$target = trim($_split_content[count($_split_content) - 1]);\n\t\t\tif ($target != '.') {\n\t\t\t\t// check for trailing dot\n\t\t\t\tif (substr($target, -1) == '.') {\n\t\t\t\t\t// remove it for checks\n\t\t\t\t\t$target = substr($target, 0, -1);\n\t\t\t\t}\n\t\t\t}\n\t\t\tif ($target != '.' && !Validate::validateDomain($target, true)) {\n\t\t\t\t$errors[] = lng('error.dns_srv_needdom');\n\t\t\t} else {\n\t\t\t\t// check whether there is a CNAME-record for the same resource\n\t\t\t\tforeach ($dom_entries as $existing_entries) {\n\t\t\t\t\t$fqdn = $existing_entries['record'] . '.' . $domain;\n\t\t\t\t\tif ($existing_entries['type'] == 'CNAME' && $fqdn == $target) {\n\t\t\t\t\t\t$errors[] = lng('error.dns_srv_noalias');\n\t\t\t\t\t\tbreak;\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t\t// append trailing dot if there's none\n\t\t\tif (substr($content, -1) != '.') {\n\t\t\t\t$content .= '.';\n\t\t\t}\n\t\t} elseif ($type == 'SSHFP' && !empty($content)) {\n\t\t\tif (!Validate::validateDnsSshfp($content)) {\n\t\t\t\t$errors[] = lng('error.dns_sshfp_invalid');\n\t\t\t}\n\t\t} elseif ($type == 'TLSA' && !empty($content)) {\n\t\t\tif (!Validate::validateDnsTlsa($content)) {\n\t\t\t\t$errors[] = lng('error.dns_tlsa_invalid');\n\t\t\t}\n\t\t} elseif ($type == 'TXT' && !empty($content)) {\n\t\t\t// check that TXT content is enclosed in \" \"\n\t\t\t$content = Dns::encloseTXTContent($content);\n\t\t}\n\n\t\t$new_entry = [\n\t\t\t'record' => $record,\n\t\t\t'type' => $type,\n\t\t\t'prio' => (int)$prio,\n\t\t\t'content' => $content,\n\t\t\t'ttl' => (int)$ttl,\n\t\t\t'domain_id' => (int)$id\n\t\t];\n\t\tksort($new_entry);\n\n\t\t// check for duplicate\n\t\tforeach ($dom_entries as $existing_entry) {\n\t\t\t// compare json-encoded string of array\n\t\t\t$check_entry = $existing_entry;\n\t\t\t// new entry has no ID yet\n\t\t\tunset($check_entry['id']);\n\t\t\t// sort by key\n\t\t\tksort($check_entry);\n\t\t\t// format integer fields to real integer (as they are read as string from the DB)\n\t\t\t$check_entry['prio'] = (int)$check_entry['prio'];\n\t\t\t$check_entry['ttl'] = (int)$check_entry['ttl'];\n\t\t\t$check_entry['domain_id'] = (int)$check_entry['domain_id'];\n\t\t\t// encode both\n\t\t\t$check_entry = json_encode($check_entry);\n\t\t\t$new = json_encode($new_entry);\n\t\t\t// compare\n\t\t\tif ($check_entry === $new) {\n\t\t\t\t$errors[] = lng('error.dns_duplicate_entry');\n\t\t\t\tunset($check_entry);\n\t\t\t\tbreak;\n\t\t\t}\n\t\t}\n\n\t\tif (empty($errors)) {\n\t\t\t$ins_stmt = Database::prepare(\"\n\t\t\t\tINSERT INTO `\" . TABLE_DOMAIN_DNS . \"` SET\n\t\t\t\t`record` = :record,\n\t\t\t\t`type` = :type,\n\t\t\t\t`prio` = :prio,\n\t\t\t\t`content` = :content,\n\t\t\t\t`ttl` = :ttl,\n\t\t\t\t`domain_id` = :domain_id\n\t\t\t\");\n\t\t\tDatabase::pexecute($ins_stmt, $new_entry, true, true);\n\t\t\t$new_entry_id = Database::lastInsertId();\n\n\t\t\t// add temporary to the entries-array (no reread of DB necessary)\n\t\t\t$new_entry['id'] = $new_entry_id;\n\t\t\t$dom_entries[] = $new_entry;\n\n\t\t\t// re-generate bind configs\n\t\t\tCronjob::inserttask(TaskId::REBUILD_DNS);\n\n\t\t\t$result = $this->apiCall('DomainZones.get', [\n\t\t\t\t'id' => $id\n\t\t\t]);\n\t\t\treturn $this->response($result);\n\t\t}\n\t\t// return $errors\n\t\tthrow new Exception(implode(\"\\n\", $errors), 406);\n\t}\n\n\t/**\n\t * return a domain-dns entry by either id or domainname\n\t *\n\t * @param int $id\n\t * optional, the domain id\n\t * @param string $domainname\n\t * optional, the domain name\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function get()\n\t{\n\t\tif (Settings::Get('system.dnsenabled') != '1') {\n\t\t\tthrow new Exception(\"DNS service not enabled on this system\", 405);\n\t\t}\n\n\t\tif ($this->isAdmin() == false && $this->getUserDetail('dnsenabled') != '1') {\n\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t}\n\n\t\t$id = $this->getParam('id', true, 0);\n\t\t$dn_optional = $id > 0;\n\t\t$domainname = $this->getParam('domainname', $dn_optional, '');\n\n\t\t// get requested domain\n\t\t$result = $this->apiCall('SubDomains.get', [\n\t\t\t'id' => $id,\n\t\t\t'domainname' => $domainname\n\t\t]);\n\t\t$id = $result['id'];\n\n\t\tif ($result['parentdomainid'] != '0') {\n\t\t\tthrow new Exception(\"DNS zones can only be generated for the main domain, not for subdomains\", 406);\n\t\t}\n\n\t\tif ($result['subisbinddomain'] != '1') {\n\t\t\tResponse::standardError('dns_domain_nodns', '', true);\n\t\t}\n\n\t\t$zone = Dns::createDomainZone($id);\n\t\t$zonefile = (string)$zone;\n\n\t\t$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO, \"[API] get dns-zone for '\" . $result['domain'] . \"'\");\n\t\treturn $this->response(explode(\"\\n\", $zonefile));\n\t}\n\n\t/**\n\t * You cannot update a dns zone entry.\n\t * You need to delete it and re-add it.\n\t */\n\tpublic function update()\n\t{\n\t\tthrow new Exception('You cannot update a dns zone entry. You need to delete it and re-add it.', 303);\n\t}\n\n\t/**\n\t * List all entry records of a given domain by either id or domainname\n\t *\n\t * @param int $id\n\t * optional, the domain id\n\t * @param string $domainname\n\t * optional, the domain name\n\t * @param array $sql_search\n\t * optional array with index = fieldname, and value = array with 'op' => operator (one of <, > or =),\n\t * LIKE is used if left empty and 'value' => searchvalue\n\t * @param int $sql_limit\n\t * optional specify number of results to be returned\n\t * @param int $sql_offset\n\t * optional specify offset for resultset\n\t * @param array $sql_orderby\n\t * optional array with index = fieldname and value = ASC|DESC to order the resultset by one or more\n\t * fields\n\t *\n\t * @access admin, customer\n\t * @return bool\n\t * @throws Exception\n\t */\n\tpublic function listing()\n\t{\n\t\tif (Settings::Get('system.dnsenabled') != '1') {\n\t\t\tthrow new Exception(\"DNS service not enabled on this system\", 405);\n\t\t}\n\n\t\tif ($this->isAdmin() == false && $this->getUserDetail('dnsenabled') != '1') {\n\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t}\n\n\t\t$id = $this->getParam('id', true, 0);\n\t\t$dn_optional = $id > 0;\n\t\t$domainname = $this->getParam('domainname', $dn_optional, '');\n\n\t\t// get requested domain\n\t\t$result = $this->apiCall('SubDomains.get', [\n\t\t\t'id' => $id,\n\t\t\t'domainname' => $domainname\n\t\t]);\n\t\t$id = $result['id'];\n\t\t$query_fields = [];\n\t\t$sel_stmt = Database::prepare(\"SELECT * FROM `\" . TABLE_DOMAIN_DNS . \"` WHERE `domain_id` = :did\" . $this->getSearchWhere($query_fields, true) . $this->getOrderBy() . $this->getLimit());\n\t\t$query_fields['did'] = $id;\n\t\tDatabase::pexecute($sel_stmt, $query_fields, true, true);\n\t\t$result = [];\n\t\twhile ($row = $sel_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t$result[] = $row;\n\t\t}\n\t\treturn $this->response([\n\t\t\t'count' => count($result),\n\t\t\t'list' => $result\n\t\t]);\n\t}\n\n\t/**\n\t * returns the total number of domainzone-entries for given domain\n\t *\n\t * @param int $id\n\t * optional, the domain id\n\t * @param string $domainname\n\t * optional, the domain name\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded response message\n\t * @throws Exception\n\t */\n\tpublic function listingCount()\n\t{\n\t\tif (Settings::Get('system.dnsenabled') != '1') {\n\t\t\tthrow new Exception(\"DNS service not enabled on this system\", 405);\n\t\t}\n\n\t\tif ($this->isAdmin() == false && $this->getUserDetail('dnsenabled') != '1') {\n\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t}\n\n\t\t$id = $this->getParam('id', true, 0);\n\t\t$dn_optional = $id > 0;\n\t\t$domainname = $this->getParam('domainname', $dn_optional, '');\n\n\t\t// get requested domain\n\t\t$result = $this->apiCall('SubDomains.get', [\n\t\t\t'id' => $id,\n\t\t\t'domainname' => $domainname\n\t\t]);\n\t\t$id = $result['id'];\n\n\t\t$query_fields = [];\n\t\t$sel_stmt = Database::prepare(\"SELECT COUNT(*) as num_dns FROM `\" . TABLE_DOMAIN_DNS . \"` WHERE `domain_id` = :did\" . $this->getSearchWhere($query_fields, true));\n\t\t$params = array_merge(['did' => $id], $query_fields);\n\t\t$result = Database::pexecute_first($sel_stmt, $params, true, true);\n\t\tif ($result) {\n\t\t\treturn $this->response($result['num_dns']);\n\t\t}\n\t\treturn $this->response(0);\n\t}\n\n\t/**\n\t * deletes a domain-dns entry by id\n\t *\n\t * @param int $entry_id\n\t * @param int $id\n\t * optional, the domain id\n\t * @param string $domainname\n\t * optional, the domain name\n\t *\n\t * @access admin, customer\n\t * @return bool\n\t * @throws Exception\n\t */\n\tpublic function delete()\n\t{\n\t\tif (Settings::Get('system.dnsenabled') != '1') {\n\t\t\tthrow new Exception(\"DNS service not enabled on this system\", 405);\n\t\t}\n\n\t\tif ($this->isAdmin() == false && $this->getUserDetail('dnsenabled') != '1') {\n\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t}\n\n\t\t$entry_id = $this->getParam('entry_id');\n\t\t$id = $this->getParam('id', true, 0);\n\t\t$dn_optional = $id > 0;\n\t\t$domainname = $this->getParam('domainname', $dn_optional, '');\n\n\t\t// get requested domain\n\t\t$result = $this->apiCall('SubDomains.get', [\n\t\t\t'id' => $id,\n\t\t\t'domainname' => $domainname\n\t\t]);\n\t\t$id = $result['id'];\n\n\t\t$del_stmt = Database::prepare(\"DELETE FROM `\" . TABLE_DOMAIN_DNS . \"` WHERE `id` = :id AND `domain_id` = :did\");\n\t\tDatabase::pexecute($del_stmt, [\n\t\t\t'id' => $entry_id,\n\t\t\t'did' => $id\n\t\t], true, true);\n\t\tif ($del_stmt->rowCount() > 0) {\n\t\t\t// re-generate bind configs\n\t\t\tCronjob::inserttask(TaskId::REBUILD_DNS);\n\t\t\treturn $this->response(true);\n\t\t}\n\t\treturn $this->response(true, 304);\n\t}\n}\n" }, { "path": "lib/Froxlor/Api/Commands/Domains.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Api\\Commands;\n\nuse Exception;\nuse Froxlor\\Api\\ApiCommand;\nuse Froxlor\\Api\\ResourceEntity;\nuse Froxlor\\Cron\\TaskId;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\Domain\\Domain;\nuse Froxlor\\FileDir;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\Idna\\IdnaWrapper;\nuse Froxlor\\PhpHelper;\nuse Froxlor\\Settings;\nuse Froxlor\\System\\Cronjob;\nuse Froxlor\\UI\\Response;\nuse Froxlor\\User;\nuse Froxlor\\Validate\\Validate;\nuse PDO;\n\n/**\n * @since 0.10.0\n */\nclass Domains extends ApiCommand implements ResourceEntity\n{\n\n\t/**\n\t * lists all domain entries\n\t *\n\t * @param bool $with_ips\n\t * optional, default true\n\t * @param array $sql_search\n\t * optional array with index = fieldname, and value = array with 'op' => operator (one of <, > or =),\n\t * LIKE is used if left empty and 'value' => searchvalue\n\t * @param int $sql_limit\n\t * optional specify number of results to be returned\n\t * @param int $sql_offset\n\t * optional specify offset for resultset\n\t * @param array $sql_orderby\n\t * optional array with index = fieldname and value = ASC|DESC to order the resultset by one or more\n\t * fields\n\t *\n\t * @access admin\n\t * @return string json-encoded array count|list\n\t * @throws Exception\n\t */\n\tpublic function listing()\n\t{\n\t\tif ($this->isAdmin()) {\n\t\t\t$with_ips = $this->getParam('with_ips', true, true);\n\t\t\t$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, \"[API] list domains\");\n\t\t\t$query_fields = [];\n\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\tSELECT\n\t\t\t\t`d`.*, `c`.`loginname`, `c`.`deactivated` as `customer_deactivated`, `c`.`name`, `c`.`firstname`, `c`.`company`, `c`.`standardsubdomain`, `c`.`adminid` as customeradmin,\n\t\t\t\t`ad`.`id` AS `aliasdomainid`, `ad`.`domain` AS `aliasdomain`\n\t\t\t\tFROM `\" . TABLE_PANEL_DOMAINS . \"` `d`\n\t\t\t\tLEFT JOIN `\" . TABLE_PANEL_CUSTOMERS . \"` `c` USING(`customerid`)\n\t\t\t\tLEFT JOIN `\" . TABLE_PANEL_DOMAINS . \"` `ad` ON `d`.`aliasdomain`=`ad`.`id`\n\t\t\t\tWHERE `d`.`parentdomainid`='0' \" . ($this->getUserDetail('customers_see_all') ? '' : \" AND `d`.`adminid` = :adminid \") . $this->getSearchWhere($query_fields, true) . $this->getOrderBy() . $this->getLimit());\n\t\t\t$params = [];\n\t\t\tif ($this->getUserDetail('customers_see_all') == '0') {\n\t\t\t\t$params['adminid'] = $this->getUserDetail('adminid');\n\t\t\t}\n\t\t\t$params = array_merge($params, $query_fields);\n\t\t\tDatabase::pexecute($result_stmt, $params, true, true);\n\t\t\t$result = [];\n\t\t\twhile ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t$row['ipsandports'] = [];\n\t\t\t\tif ($with_ips) {\n\t\t\t\t\t$row['ipsandports'] = $this->getIpsForDomain($row['id']);\n\t\t\t\t}\n\t\t\t\t$row['domain_hascert'] = $this->getHasCertValueForDomain((int)$row['id'], (int)$row['parentdomainid']);\n\t\t\t\t$result[] = $row;\n\t\t\t}\n\t\t\treturn $this->response([\n\t\t\t\t'count' => count($result),\n\t\t\t\t'list' => $result\n\t\t\t]);\n\t\t}\n\t\tthrow new Exception(\"Not allowed to execute given command.\", 403);\n\t}\n\n\t/**\n\t * get ips connected to given domain as array\n\t *\n\t * @param number $domain_id\n\t * @param bool $ssl_only\n\t * optional, return only ssl enabled ips, default false\n\t * @return array\n\t */\n\tprivate function getIpsForDomain($domain_id = 0, $ssl_only = false)\n\t{\n\t\t$resultips_stmt = Database::prepare(\"\n\t\t\tSELECT `ips`.* FROM `\" . TABLE_DOMAINTOIP . \"` AS `dti`, `\" . TABLE_PANEL_IPSANDPORTS . \"` AS `ips`\n\t\t\tWHERE `dti`.`id_ipandports` = `ips`.`id` AND `dti`.`id_domain` = :domainid \" . ($ssl_only ? \" AND `ips`.`ssl` = '1'\" : \"\"));\n\n\t\tDatabase::pexecute($resultips_stmt, [\n\t\t\t'domainid' => $domain_id\n\t\t]);\n\n\t\t$ipandports = [];\n\t\twhile ($rowip = $resultips_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\tif (filter_var($rowip['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {\n\t\t\t\t$rowip['is_ipv6'] = true;\n\t\t\t}\n\t\t\t$ipandports[] = $rowip;\n\t\t}\n\n\t\treturn $ipandports;\n\t}\n\n\tprivate function getHasCertValueForDomain(int $domainid, int $parentdomainid): int\n\t{\n\t\t// nothing (ssl_global)\n\t\t$domain_hascert = 0;\n\t\t$ssl_stmt = Database::prepare(\"SELECT * FROM `\" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . \"` WHERE `domainid` = :domainid\");\n\t\tDatabase::pexecute($ssl_stmt, array(\n\t\t\t\"domainid\" => $domainid\n\t\t));\n\t\t$ssl_result = $ssl_stmt->fetch(PDO::FETCH_ASSOC);\n\t\tif (is_array($ssl_result) && isset($ssl_result['ssl_cert_file']) && $ssl_result['ssl_cert_file'] != '') {\n\t\t\t// own certificate (ssl_customer_green)\n\t\t\t$domain_hascert = 1;\n\t\t} else {\n\t\t\t// check if it's parent has one set (shared)\n\t\t\tif ($parentdomainid != 0) {\n\t\t\t\t$ssl_stmt = Database::prepare(\"SELECT * FROM `\" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . \"` WHERE `domainid` = :domainid\");\n\t\t\t\tDatabase::pexecute($ssl_stmt, array(\n\t\t\t\t\t\"domainid\" => $parentdomainid\n\t\t\t\t));\n\t\t\t\t$ssl_result = $ssl_stmt->fetch(PDO::FETCH_ASSOC);\n\t\t\t\tif (is_array($ssl_result) && isset($ssl_result['ssl_cert_file']) && $ssl_result['ssl_cert_file'] != '') {\n\t\t\t\t\t// parent has a certificate (ssl_shared)\n\t\t\t\t\t$domain_hascert = 2;\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t\treturn $domain_hascert;\n\t}\n\n\t/**\n\t * returns the total number of accessible domains\n\t *\n\t * @access admin\n\t * @return string json-encoded array count|list\n\t * @throws Exception\n\t */\n\tpublic function listingCount()\n\t{\n\t\tif ($this->isAdmin()) {\n\t\t\t$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, \"[API] list domains\");\n\t\t\t$query_fields = [];\n\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\tSELECT\n\t\t\t\tCOUNT(*) as num_domains\n\t\t\t\tFROM `\" . TABLE_PANEL_DOMAINS . \"` `d`\n\t\t\t\tLEFT JOIN `\" . TABLE_PANEL_CUSTOMERS . \"` `c` USING(`customerid`)\n\t\t\t\tLEFT JOIN `\" . TABLE_PANEL_DOMAINS . \"` `ad` ON `d`.`aliasdomain`=`ad`.`id`\n\t\t\t\tWHERE `d`.`parentdomainid`='0' \" . ($this->getUserDetail('customers_see_all') ? '' : \" AND `d`.`adminid` = :adminid \") . $this->getSearchWhere($query_fields, true));\n\t\t\t$params = [];\n\t\t\tif ($this->getUserDetail('customers_see_all') == '0') {\n\t\t\t\t$params['adminid'] = $this->getUserDetail('adminid');\n\t\t\t}\n\t\t\t$params = array_merge($params, $query_fields);\n\t\t\t$result = Database::pexecute_first($result_stmt, $params, true, true);\n\t\t\tif ($result) {\n\t\t\t\treturn $this->response($result['num_domains']);\n\t\t\t}\n\t\t}\n\t\tthrow new Exception(\"Not allowed to execute given command.\", 403);\n\t}\n\n\t/**\n\t * add new domain entry\n\t *\n\t * @param string $domain\n\t * domain-name\n\t * @param int $customerid\n\t * optional, required when called as admin (if $loginname is not specified)\n\t * @param string $loginname\n\t * optional, required when called as admin (if $customerid is not specified)\n\t * @param int $adminid\n\t * optional, default is the calling admin's ID\n\t * @param array $ipandport\n\t * optional list of ip/ports to assign to domain, default is system-default-ips\n\t * @param int $subcanemaildomain\n\t * optional, allow subdomains of this domain as email domains, 1 = choosable (default no), 2 = choosable\n\t * (default yes), 3 = always, default 0 (never)\n\t * @param bool $isemaildomain\n\t * optional, allow email usage with this domain, default 0 (false)\n\t * @param bool $email_only\n\t * optional, restrict domain to email usage, default 0 (false)\n\t * @param int $selectserveralias\n\t * optional, 0 = wildcard, 1 = www-alias, 2 = none, default [system.domaindefaultalias]\n\t * @param bool $speciallogfile\n\t * optional, whether to create an exclusive web-logfile for this domain, default 0 (false)\n\t * @param int $alias\n\t * optional, domain-id of a domain that the new domain should be an alias of, default 0 (none)\n\t * @param string $registration_date\n\t * optional, date of domain registration in form of YYYY-MM-DD, default empty (none)\n\t * @param string $termination_date\n\t * optional, date of domain termination in form of YYYY-MM-DD, default empty (none)\n\t * @param bool $caneditdomain\n\t * optional, whether to allow the customer to edit domain settings, default 0 (false)\n\t * @param bool $isbinddomain\n\t * optional, whether to generate a dns-zone or not (only of nameserver is activated), default 0 (false)\n\t * @param string $zonefile\n\t * optional, custom dns zone filename (only of nameserver is activated), default empty (auto-generated)\n\t * @param bool $dkim\n\t * optional, whether this domain should use dkim if antispam is activated, default 0 (false)\n\t * @param string $specialsettings\n\t * optional, custom webserver vhost-content which is added to the generated vhost, default empty\n\t * @param string $ssl_specialsettings\n\t * optional, custom webserver vhost-content which is added to the generated ssl-vhost, default empty\n\t * @param bool $include_specialsettings\n\t * optional, whether to include non-ssl specialsettings in the generated ssl-vhost, default false\n\t * @param bool $notryfiles\n\t * optional, [nginx only] do not generate the default try-files directive, default 0 (false)\n\t * @param bool $writeaccesslog\n\t * optional, Enable writing an access-log file for this domain, default 1 (true)\n\t * @param bool $writeerrorlog\n\t * optional, Enable writing an error-log file for this domain, default 1 (true)\n\t * @param string $documentroot\n\t * optional, specify homedir of domain by specifying a directory (relative to customer-docroot), be\n\t * aware, if path starts with / it is considered a full path, not relative to customer-docroot. Also\n\t * specifying a URL is possible here (redirect), default empty (autogenerated)\n\t * @param bool $phpenabled\n\t * optional, whether php is enabled for this domain, default 0 (false)\n\t * @param bool $openbasedir\n\t * optional, whether to activate openbasedir restriction for this domain, default 0 (false)\n\t * @param int $openbasedir_path\n\t * optional, either 0 for domains-docroot, 1 for customers-homedir or 2 for parent-directory of domains-docroot\n\t * @param int $phpsettingid\n\t * optional, specify php-configuration that is being used by id, default 1 (system-default)\n\t * @param int $mod_fcgid_starter\n\t * optional number of fcgid-starters if FCGID is used, default is -1\n\t * @param int $mod_fcgid_maxrequests\n\t * optional number of fcgid-maxrequests if FCGID is used, default is -1\n\t * @param bool $ssl_redirect\n\t * optional, whether to generate a https-redirect or not, default false; requires SSL to be enabled\n\t * @param bool $letsencrypt\n\t * optional, whether to generate a Let's Encrypt certificate for this domain, default false; requires\n\t * SSL to be enabled\n\t * @param array $ssl_ipandport\n\t * optional, list of ssl-enabled ip/port id's to assign to this domain, default empty\n\t * @param bool $dont_use_default_ssl_ipandport_if_empty\n\t * optional, do NOT set the systems default ssl ip addresses if none are given via $ssl_ipandport\n\t * parameter\n\t * @param bool $sslenabled\n\t * optional, whether SSL is enabled for this domain, regardless of the assigned ssl-ips, default\n\t * 1 (true)\n\t * @param bool $http2\n\t * optional, whether to enable http/2 for this domain (requires to be enabled in the settings), default\n\t * 0 (false)\n\t * @param bool $http3\n\t * optional, whether to enable http/3 for this domain (requires to be enabled in the settings), default\n\t * 0 (false)\n\t * @param int $hsts_maxage\n\t * optional max-age value for HSTS header\n\t * @param bool $hsts_sub\n\t * optional whether to add subdomains to the HSTS header\n\t * @param bool $hsts_preload\n\t * optional whether to preload HSTS header value\n\t * @param bool $ocsp_stapling\n\t * optional whether to enable ocsp-stapling for this domain. default 0 (false), requires SSL\n\t * @param bool $honorcipherorder\n\t * optional whether to honor the (server) cipher order for this domain. default 0 (false), requires SSL\n\t * @param bool $sessiontickets\n\t * optional whether to enable or disable TLS sessiontickets (RFC 5077) for this domain. default 1\n\t * (true), requires SSL\n\t * @param bool $override_tls\n\t * optional whether to override system-tls settings like protocol, ssl-ciphers and if applicable\n\t * tls-1.3 ciphers, requires change_serversettings flag for the admin, default false\n\t * @param array $ssl_protocols\n\t * optional list of allowed/used ssl/tls protocols, see system.ssl_protocols setting, only used/required\n\t * if $override_tls is true, default empty or system.ssl_protocols setting if $override_tls is true\n\t * @param string $ssl_cipher_list\n\t * optional list of allowed/used ssl/tls ciphers, see system.ssl_cipher_list setting, only used/required\n\t * if $override_tls is true, default empty or system.ssl_cipher_list setting if $override_tls is true\n\t * @param string $tlsv13_cipher_list\n\t * optional list of allowed/used tls-1.3 specific ciphers, see system.tlsv13_cipher_list setting, only\n\t * used/required if $override_tls is true, default empty or system.tlsv13_cipher_list setting if\n\t * $override_tls is true\n\t * @param string $description\n\t * optional custom description (currently not used/shown in the frontend), default empty\n\t * @param bool $is_stdsubdomain\n\t * (internally) optional whether this is a standard subdomain for a customer which is being added so no usage is decreased\n\t * @access admin\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function add()\n\t{\n\t\tif ($this->isAdmin()) {\n\t\t\t$is_stdsubdomain = $this->isInternal() ? $this->getBoolParam('is_stdsubdomain', true, 0) : false;\n\t\t\tif ($is_stdsubdomain || $this->getUserDetail('domains_used') < $this->getUserDetail('domains') || $this->getUserDetail('domains') == '-1') {\n\t\t\t\t// parameters\n\t\t\t\t$p_domain = $this->getParam('domain');\n\n\t\t\t\t// optional parameters\n\t\t\t\t$p_ipandports = $this->getParam('ipandport', true, explode(',', Settings::Get('system.defaultip')));\n\t\t\t\t$adminid = intval($this->getParam('adminid', true, $this->getUserDetail('adminid')));\n\t\t\t\t$subcanemaildomain = $this->getParam('subcanemaildomain', true, 0);\n\t\t\t\t$isemaildomain = $this->getBoolParam('isemaildomain', true, 0);\n\t\t\t\t$email_only = $this->getBoolParam('email_only', true, 0);\n\t\t\t\t$serveraliasoption = $this->getParam('selectserveralias', true, Settings::Get('system.domaindefaultalias'));\n\t\t\t\t$speciallogfile = $this->getBoolParam('speciallogfile', true, 0);\n\t\t\t\t$aliasdomain = intval($this->getParam('alias', true, 0));\n\t\t\t\t$registration_date = $this->getParam('registration_date', true, '');\n\t\t\t\t$termination_date = $this->getParam('termination_date', true, '');\n\t\t\t\t$caneditdomain = $this->getBoolParam('caneditdomain', true, 0);\n\t\t\t\t$isbinddomain = $this->getBoolParam('isbinddomain', true, 0);\n\t\t\t\t$zonefile = $this->getParam('zonefile', true, '');\n\t\t\t\t$dkim = $this->getBoolParam('dkim', true, 0);\n\t\t\t\t$specialsettings = $this->getParam('specialsettings', true, '');\n\t\t\t\t$ssl_specialsettings = $this->getParam('ssl_specialsettings', true, '');\n\t\t\t\t$include_specialsettings = $this->getBoolParam('include_specialsettings', true, 0);\n\t\t\t\t$notryfiles = $this->getBoolParam('notryfiles', true, 0);\n\t\t\t\t$writeaccesslog = $this->getBoolParam('writeaccesslog', true, 1);\n\t\t\t\t$writeerrorlog = $this->getBoolParam('writeerrorlog', true, 1);\n\t\t\t\t$documentroot = $this->getParam('documentroot', true, '');\n\t\t\t\t$phpenabled = $this->getBoolParam('phpenabled', true, 0);\n\t\t\t\t$openbasedir = $this->getBoolParam('openbasedir', true, 0);\n\t\t\t\t$openbasedir_path = $this->getParam('openbasedir_path', true, 0);\n\t\t\t\t$phpsettingid = $this->getParam('phpsettingid', true, 1);\n\t\t\t\t$mod_fcgid_starter = $this->getParam('mod_fcgid_starter', true, -1);\n\t\t\t\t$mod_fcgid_maxrequests = $this->getParam('mod_fcgid_maxrequests', true, -1);\n\t\t\t\t$ssl_redirect = $this->getBoolParam('ssl_redirect', true, 0);\n\t\t\t\t$letsencrypt = $this->getBoolParam('letsencrypt', true, 0);\n\t\t\t\t$sslenabled = $this->getBoolParam('sslenabled', true, 1);\n\t\t\t\t$dont_use_default_ssl_ipandport_if_empty = $this->getBoolParam('dont_use_default_ssl_ipandport_if_empty', true, 0);\n\t\t\t\t$p_ssl_ipandports = $this->getParam('ssl_ipandport', true, $dont_use_default_ssl_ipandport_if_empty ? [] : explode(',', Settings::Get('system.defaultsslip')));\n\t\t\t\t$http2 = $this->getBoolParam('http2', true, 0);\n\t\t\t\t$http3 = $this->getBoolParam('http3', true, 0);\n\t\t\t\t$hsts_maxage = $this->getParam('hsts_maxage', true, 0);\n\t\t\t\t$hsts_sub = $this->getBoolParam('hsts_sub', true, 0);\n\t\t\t\t$hsts_preload = $this->getBoolParam('hsts_preload', true, 0);\n\t\t\t\t$ocsp_stapling = $this->getBoolParam('ocsp_stapling', true, 0);\n\t\t\t\t$honorcipherorder = $this->getBoolParam('honorcipherorder', true, 0);\n\t\t\t\t$sessiontickets = $this->getBoolParam('sessiontickets', true, 1);\n\n\t\t\t\t$override_tls = $this->getBoolParam('override_tls', true, 0);\n\t\t\t\t$p_ssl_protocols = [];\n\t\t\t\t$ssl_cipher_list = \"\";\n\t\t\t\t$tlsv13_cipher_list = \"\";\n\n\t\t\t\tif ($this->getUserDetail('change_serversettings') == '1') {\n\t\t\t\t\tif ($override_tls) {\n\t\t\t\t\t\t$p_ssl_protocols = $this->getParam('ssl_protocols', true, explode(',', Settings::Get('system.ssl_protocols')));\n\t\t\t\t\t\t$ssl_cipher_list = $this->getParam('ssl_cipher_list', true, Settings::Get('system.ssl_cipher_list'));\n\t\t\t\t\t\t$tlsv13_cipher_list = $this->getParam('tlsv13_cipher_list', true, Settings::Get('system.tlsv13_cipher_list'));\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\t$description = $this->getParam('description', true, '');\n\n\t\t\t\t// validation\n\t\t\t\t$p_domain = strtolower($p_domain);\n\t\t\t\tif ($p_domain == strtolower(Settings::Get('system.hostname'))) {\n\t\t\t\t\tResponse::standardError('admin_domain_emailsystemhostname', '', true);\n\t\t\t\t}\n\n\t\t\t\tif (substr($p_domain, 0, 4) == 'xn--') {\n\t\t\t\t\tResponse::standardError('domain_nopunycode', '', true);\n\t\t\t\t} elseif (Validate::validate_ip2($p_domain, true, '', true, true)) {\n\t\t\t\t\tResponse::standardError('domain_noipaddress', '', true);\n\t\t\t\t}\n\n\t\t\t\t$idna_convert = new IdnaWrapper();\n\t\t\t\t$domain = $idna_convert->encode(preg_replace([\n\t\t\t\t\t'/\\:(\\d)+$/',\n\t\t\t\t\t'/^https?\\:\\/\\//'\n\t\t\t\t], '', Validate::validate($p_domain, 'domain')));\n\n\t\t\t\t// Check whether domain validation is enabled and if, validate the domain\n\t\t\t\tif (Settings::Get('system.validate_domain') && !Validate::validateDomain($domain)) {\n\t\t\t\t\tResponse::standardError([\n\t\t\t\t\t\t'stringiswrong',\n\t\t\t\t\t\t'mydomain'\n\t\t\t\t\t], '', true);\n\t\t\t\t}\n\n\t\t\t\t$customer = $this->getCustomerData();\n\t\t\t\t$customerid = $customer['customerid'];\n\n\t\t\t\tif ($this->getUserDetail('customers_see_all') == '1' && $adminid != $this->getUserDetail('adminid')) {\n\t\t\t\t\t$admin_stmt = Database::prepare(\"\n\t\t\t\t\t\tSELECT * FROM `\" . TABLE_PANEL_ADMINS . \"`\n\t\t\t\t\t\tWHERE `adminid` = :adminid AND (`domains_used` < `domains` OR `domains` = '-1')\");\n\t\t\t\t\t$admin = Database::pexecute_first($admin_stmt, [\n\t\t\t\t\t\t'adminid' => $adminid\n\t\t\t\t\t], true, true);\n\t\t\t\t\tif (empty($admin)) {\n\t\t\t\t\t\tResponse::dynamicError(\"Selected admin cannot have any more domains or could not be found\");\n\t\t\t\t\t}\n\t\t\t\t\tunset($admin);\n\t\t\t\t} else {\n\t\t\t\t\t// Force adminid to the caller's own ID when they don't have customers_see_all\n\t\t\t\t\t$adminid = intval($this->getUserDetail('adminid'));\n\t\t\t\t}\n\n\t\t\t\t// set default path if admin/reseller has \"change_serversettings == false\" but we still\n\t\t\t\t// need to respect the documentroot_use_default_value - setting\n\t\t\t\t$path_suffix = '';\n\t\t\t\tif (Settings::Get('system.documentroot_use_default_value') == 1) {\n\t\t\t\t\t$path_suffix = '/' . $domain;\n\t\t\t\t}\n\t\t\t\t$_documentroot = FileDir::makeCorrectDir($customer['documentroot'] . $path_suffix);\n\n\t\t\t\t$documentroot = Validate::validate($documentroot, 'documentroot', Validate::REGEX_DIR, '', [], true);\n\n\t\t\t\t// If path is empty and 'Use domain name as default value for DocumentRoot path' is enabled in settings,\n\t\t\t\t// set default path to subdomain or domain name\n\t\t\t\tif (!empty($documentroot)) {\n\t\t\t\t\tif (substr($documentroot, 0, 1) != '/' && !preg_match('/^https?\\:\\/\\//', $documentroot)) {\n\t\t\t\t\t\t$documentroot = $_documentroot . '/' . $documentroot;\n\t\t\t\t\t} elseif (substr($documentroot, 0, 1) == '/' && $this->getUserDetail('change_serversettings') != '1') {\n\t\t\t\t\t\tResponse::standardError('pathmustberelative', '', true);\n\t\t\t\t\t}\n\t\t\t\t} else {\n\t\t\t\t\t$documentroot = $_documentroot;\n\t\t\t\t}\n\n\t\t\t\tif (!is_null($registration_date)) {\n\t\t\t\t\t$registration_date = Validate::validate($registration_date, 'registration_date',\n\t\t\t\t\t\tValidate::REGEX_YYYY_MM_DD, '', [\n\t\t\t\t\t\t\t'0000-00-00',\n\t\t\t\t\t\t\t'0',\n\t\t\t\t\t\t\t''\n\t\t\t\t\t\t], true);\n\t\t\t\t}\n\t\t\t\tif ($registration_date == '0000-00-00' || empty($registration_date)) {\n\t\t\t\t\t$registration_date = null;\n\t\t\t\t}\n\t\t\t\tif (!is_null($termination_date)) {\n\t\t\t\t\t$termination_date = Validate::validate($termination_date, 'termination_date',\n\t\t\t\t\t\tValidate::REGEX_YYYY_MM_DD, '', [\n\t\t\t\t\t\t\t'0000-00-00',\n\t\t\t\t\t\t\t'0',\n\t\t\t\t\t\t\t''\n\t\t\t\t\t\t], true);\n\t\t\t\t}\n\t\t\t\tif ($termination_date == '0000-00-00' || empty($termination_date)) {\n\t\t\t\t\t$termination_date = null;\n\t\t\t\t}\n\n\t\t\t\tif ($this->getUserDetail('change_serversettings') == '1') {\n\t\t\t\t\tif (Settings::Get('system.bind_enable') == '1') {\n\t\t\t\t\t\t$zonefile = Validate::validate($zonefile, 'zonefile', '', '', [], true);\n\t\t\t\t\t} else {\n\t\t\t\t\t\t$isbinddomain = 0;\n\t\t\t\t\t\t$zonefile = '';\n\t\t\t\t\t}\n\n\t\t\t\t\t$specialsettings = Validate::validate(str_replace(\"\\r\\n\", \"\\n\", $specialsettings), 'specialsettings', Validate::REGEX_CONF_TEXT, '', [], true);\n\n\t\t\t\t\t$ssl_protocols = [];\n\t\t\t\t\tif (!empty($p_ssl_protocols) && is_numeric($p_ssl_protocols)) {\n\t\t\t\t\t\t$p_ssl_protocols = [\n\t\t\t\t\t\t\t$p_ssl_protocols\n\t\t\t\t\t\t];\n\t\t\t\t\t}\n\t\t\t\t\tif (!empty($p_ssl_protocols) && !is_array($p_ssl_protocols)) {\n\t\t\t\t\t\t$p_ssl_protocols = json_decode($p_ssl_protocols, true);\n\t\t\t\t\t}\n\t\t\t\t\tif (!empty($p_ssl_protocols) && is_array($p_ssl_protocols)) {\n\t\t\t\t\t\t$protocols_available = [\n\t\t\t\t\t\t\t'TLSv1',\n\t\t\t\t\t\t\t'TLSv1.1',\n\t\t\t\t\t\t\t'TLSv1.2',\n\t\t\t\t\t\t\t'TLSv1.3'\n\t\t\t\t\t\t];\n\t\t\t\t\t\tforeach ($p_ssl_protocols as $ssl_protocol) {\n\t\t\t\t\t\t\tif (!in_array(trim($ssl_protocol), $protocols_available)) {\n\t\t\t\t\t\t\t\t$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_DEBUG, \"[API] unknown SSL protocol '\" . trim($ssl_protocol) . \"'\");\n\t\t\t\t\t\t\t\tcontinue;\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t$ssl_protocols[] = $ssl_protocol;\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t\tif (empty($ssl_protocols)) {\n\t\t\t\t\t\t$override_tls = '0';\n\t\t\t\t\t}\n\n\t\t\t\t\t// http/3 for nginx only works with TLSv1.3 enabled\n\t\t\t\t\tif ($http3 == '1') {\n\t\t\t\t\t\t// overwrite enabled?\n\t\t\t\t\t\tif (Settings::Get('system.webserver') != 'nginx') {\n\t\t\t\t\t\t\t$http3 = '0';\n\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\tif (($override_tls == '1' && !in_array('TLSv1.3', $ssl_protocols)) ||\n\t\t\t\t\t\t\t\t($override_tls == '0' && !in_array('TLSv1.3', explode(\",\", Settings::Get('system.ssl_protocols'))))\n\t\t\t\t\t\t\t) {\n\t\t\t\t\t\t\t\t// no tlsv1.3 -> no http/3\n\t\t\t\t\t\t\t\tResponse::standardError('tls13requiredforhttp3', '', true);\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t} else {\n\t\t\t\t\t$isbinddomain = '0';\n\t\t\t\t\tif (Settings::Get('system.bind_enable') == '1') {\n\t\t\t\t\t\t$isbinddomain = '1';\n\t\t\t\t\t}\n\t\t\t\t\t$caneditdomain = '1';\n\t\t\t\t\t$zonefile = '';\n\t\t\t\t\t$specialsettings = '';\n\t\t\t\t\t$ssl_specialsettings = '';\n\t\t\t\t\t$include_specialsettings = 0;\n\t\t\t\t\t$notryfiles = '0';\n\t\t\t\t\t$writeaccesslog = '1';\n\t\t\t\t\t$writeerrorlog = '1';\n\t\t\t\t\t$override_tls = '0';\n\t\t\t\t\t$ssl_protocols = [];\n\t\t\t\t}\n\n\t\t\t\tif ($this->getUserDetail('caneditphpsettings') == '1' || $this->getUserDetail('change_serversettings') == '1') {\n\t\t\t\t\tif ((int)Settings::Get('system.mod_fcgid') == 1 || (int)Settings::Get('phpfpm.enabled') == 1) {\n\t\t\t\t\t\t$phpsettingid_check_stmt = Database::prepare(\"\n\t\t\t\t\t\t\tSELECT * FROM `\" . TABLE_PANEL_PHPCONFIGS . \"`\n\t\t\t\t\t\t\tWHERE `id` = :phpsettingid\");\n\t\t\t\t\t\t$phpsettingid_check = Database::pexecute_first($phpsettingid_check_stmt, [\n\t\t\t\t\t\t\t'phpsettingid' => $phpsettingid\n\t\t\t\t\t\t], true, true);\n\n\t\t\t\t\t\tif (!isset($phpsettingid_check['id']) || $phpsettingid_check['id'] == '0' || $phpsettingid_check['id'] != $phpsettingid) {\n\t\t\t\t\t\t\tResponse::standardError('phpsettingidwrong', '', true);\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\tif ((int)Settings::Get('system.mod_fcgid') == 1) {\n\t\t\t\t\t\t\t$mod_fcgid_starter = Validate::validate($mod_fcgid_starter, 'mod_fcgid_starter', '/^[0-9]*$/', '', [\n\t\t\t\t\t\t\t\t'-1',\n\t\t\t\t\t\t\t\t''\n\t\t\t\t\t\t\t], true);\n\t\t\t\t\t\t\t$mod_fcgid_maxrequests = Validate::validate($mod_fcgid_maxrequests, 'mod_fcgid_maxrequests', '/^[0-9]*$/', '', [\n\t\t\t\t\t\t\t\t'-1',\n\t\t\t\t\t\t\t\t''\n\t\t\t\t\t\t\t], true);\n\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t$mod_fcgid_starter = '-1';\n\t\t\t\t\t\t\t$mod_fcgid_maxrequests = '-1';\n\t\t\t\t\t\t}\n\t\t\t\t\t} else {\n\t\t\t\t\t\tif ((int)Settings::Get('phpfpm.enabled') == 1) {\n\t\t\t\t\t\t\t$phpsettingid = Settings::Get('phpfpm.defaultini');\n\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t$phpsettingid = Settings::Get('system.mod_fcgid_defaultini');\n\t\t\t\t\t\t}\n\t\t\t\t\t\t$mod_fcgid_starter = '-1';\n\t\t\t\t\t\t$mod_fcgid_maxrequests = '-1';\n\t\t\t\t\t}\n\t\t\t\t} else {\n\t\t\t\t\t// set default to whether the customer has php enabled or not\n\t\t\t\t\t$phpenabled = $customer['phpenabled'];\n\t\t\t\t\t$openbasedir = '1';\n\n\t\t\t\t\tif ((int)Settings::Get('phpfpm.enabled') == 1) {\n\t\t\t\t\t\t$phpsettingid = Settings::Get('phpfpm.defaultini');\n\t\t\t\t\t} else {\n\t\t\t\t\t\t$phpsettingid = Settings::Get('system.mod_fcgid_defaultini');\n\t\t\t\t\t}\n\t\t\t\t\t$mod_fcgid_starter = '-1';\n\t\t\t\t\t$mod_fcgid_maxrequests = '-1';\n\t\t\t\t}\n\n\t\t\t\tif ($openbasedir_path > 2 && $openbasedir_path < 0) {\n\t\t\t\t\t$openbasedir_path = 0;\n\t\t\t\t}\n\n\t\t\t\t// check non-ssl IP\n\t\t\t\t$ipandports = $this->validateIpAddresses($p_ipandports);\n\t\t\t\t// check ssl IP\n\t\t\t\t$ssl_ipandports = [];\n\t\t\t\tif (Settings::Get('system.use_ssl') == \"1\" && !empty($p_ssl_ipandports)) {\n\t\t\t\t\t$ssl_ipandports = $this->validateIpAddresses($p_ssl_ipandports, true);\n\n\t\t\t\t\tif ($this->getUserDetail('change_serversettings') == '1') {\n\t\t\t\t\t\t$ssl_specialsettings = Validate::validate(str_replace(\"\\r\\n\", \"\\n\", $ssl_specialsettings), 'ssl_specialsettings', '/^[^\\0]*$/', '', [], true);\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\tif (Settings::Get('system.use_ssl') == \"1\" && $sslenabled == 1 && empty($ssl_ipandports)) {\n\t\t\t\t\t// if this is a customer standard-subdomain, we simply ignore this and disable ssl-related settings (see if-statement below)\n\t\t\t\t\tif (!$is_stdsubdomain) {\n\t\t\t\t\t\t// enabled ssl for the domain but no ssl ip/port is selected\n\t\t\t\t\t\tResponse::standardError('nosslippportgiven', '', true);\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\tif (Settings::Get('system.use_ssl') == \"0\" || empty($ssl_ipandports)) {\n\t\t\t\t\t$ssl_redirect = 0;\n\t\t\t\t\t$letsencrypt = 0;\n\t\t\t\t\t$http2 = 0;\n\t\t\t\t\t$http3 = 0;\n\t\t\t\t\t// we need this for the json_encode\n\t\t\t\t\t// if ssl is disabled or no ssl-ip/port exists\n\t\t\t\t\t$ssl_ipandports[] = -1;\n\n\t\t\t\t\t// HSTS\n\t\t\t\t\t$hsts_maxage = 0;\n\t\t\t\t\t$hsts_sub = 0;\n\t\t\t\t\t$hsts_preload = 0;\n\n\t\t\t\t\t// OCSP stapling\n\t\t\t\t\t$ocsp_stapling = 0;\n\n\t\t\t\t\t// vhost container settings\n\t\t\t\t\t$ssl_specialsettings = '';\n\t\t\t\t\t$include_specialsettings = 0;\n\t\t\t\t}\n\n\t\t\t\t// validate dns if lets encrypt is enabled to check whether we can use it at all\n\t\t\t\tif ($letsencrypt == '1' && Settings::Get('system.le_domain_dnscheck') == '1') {\n\t\t\t\t\t$domain_ips = PhpHelper::gethostbynamel6($domain, true, Settings::Get('system.le_domain_dnscheck_resolver'));\n\t\t\t\t\t$selected_ips = $this->getIpsFromIdArray($ssl_ipandports);\n\t\t\t\t\tif ($domain_ips == false || count(array_intersect($selected_ips, $domain_ips)) <= 0) {\n\t\t\t\t\t\tResponse::standardError('invaliddnsforletsencrypt', '', true);\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\t// We can't enable let's encrypt for wildcard-domains\n\t\t\t\tif ($serveraliasoption == '0' && $letsencrypt == '1') {\n\t\t\t\t\tResponse::standardError('nowildcardwithletsencrypt', '', true);\n\t\t\t\t}\n\n\t\t\t\t// Temporarily deactivate ssl_redirect until Let's Encrypt certificate was generated\n\t\t\t\tif ($ssl_redirect > 0 && $letsencrypt == 1) {\n\t\t\t\t\t$ssl_redirect = 2;\n\t\t\t\t}\n\n\t\t\t\t// Check if given documentroot is either a valid URL or a valid path\n\t\t\t\tif (preg_match('/^https?\\:\\/\\//', $documentroot)) {\n\t\t\t\t\t$encoded = $idna_convert->encode($documentroot);\n\t\t\t\t\tif (!Validate::validateUrl($encoded, true)) {\n\t\t\t\t\t\tResponse::standardError('invaliddocumentrooturl', '', true);\n\t\t\t\t\t}\n\t\t\t\t\t$documentroot = $encoded;\n\t\t\t\t} else {\n\t\t\t\t\tif (strpos($documentroot, ':') !== false) {\n\t\t\t\t\t\tResponse::standardError('pathmaynotcontaincolon', '', true);\n\t\t\t\t\t}\n\t\t\t\t\t$documentroot = FileDir::makeCorrectDir($documentroot);\n\t\t\t\t}\n\n\t\t\t\t$domain_check_stmt = Database::prepare(\"\n\t\t\t\t\tSELECT `id`, `domain` FROM `\" . TABLE_PANEL_DOMAINS . \"`\n\t\t\t\t\tWHERE `domain` = :domain\");\n\t\t\t\t$domain_check = Database::pexecute_first($domain_check_stmt, [\n\t\t\t\t\t'domain' => strtolower($domain)\n\t\t\t\t], true, true);\n\t\t\t\t$aliasdomain_check = [\n\t\t\t\t\t'id' => 0\n\t\t\t\t];\n\n\t\t\t\tif ($aliasdomain != 0) {\n\t\t\t\t\t// Overwrite given ipandports with these of the \"main\" domain\n\t\t\t\t\t$ipandports = [];\n\t\t\t\t\t$ssl_ipandports = [];\n\t\t\t\t\t$origipresult_stmt = Database::prepare(\"\n\t\t\t\t\t\tSELECT `id_ipandports` FROM `\" . TABLE_DOMAINTOIP . \"`\n\t\t\t\t\t\tWHERE `id_domain` = :id\");\n\t\t\t\t\tDatabase::pexecute($origipresult_stmt, [\n\t\t\t\t\t\t'id' => $aliasdomain\n\t\t\t\t\t], true, true);\n\t\t\t\t\t$ipdata_stmt = Database::prepare(\"SELECT * FROM `\" . TABLE_PANEL_IPSANDPORTS . \"` WHERE `id` = :ipid\");\n\t\t\t\t\twhile ($origip = $origipresult_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t\t\t$_origip_tmp = Database::pexecute_first($ipdata_stmt, [\n\t\t\t\t\t\t\t'ipid' => $origip['id_ipandports']\n\t\t\t\t\t\t], true, true);\n\t\t\t\t\t\tif ($_origip_tmp['ssl'] == 0) {\n\t\t\t\t\t\t\t$ipandports[] = $origip['id_ipandports'];\n\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t$ssl_ipandports[] = $origip['id_ipandports'];\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\n\t\t\t\t\tif (count($ssl_ipandports) == 0) {\n\t\t\t\t\t\t// we need this for the json_encode\n\t\t\t\t\t\t// if ssl is disabled or no ssl-ip/port exists\n\t\t\t\t\t\t$ssl_ipandports[] = -1;\n\t\t\t\t\t}\n\n\t\t\t\t\t$aliasdomain_check_stmt = Database::prepare(\"\n\t\t\t\t\t\tSELECT `d`.`id` FROM `\" . TABLE_PANEL_DOMAINS . \"` `d`, `\" . TABLE_PANEL_CUSTOMERS . \"` `c`\n\t\t\t\t\t\tWHERE `d`.`customerid` = :customerid\n\t\t\t\t\t\tAND `d`.`aliasdomain` IS NULL AND `d`.`id` <> `c`.`standardsubdomain`\n\t\t\t\t\t\tAND `c`.`customerid` = :customerid\n\t\t\t\t\t\tAND `d`.`id` = :aliasdomainid\");\n\t\t\t\t\t$alias_params = [\n\t\t\t\t\t\t'customerid' => $customerid,\n\t\t\t\t\t\t'aliasdomainid' => $aliasdomain\n\t\t\t\t\t];\n\t\t\t\t\t$aliasdomain_check = Database::pexecute_first($aliasdomain_check_stmt, $alias_params, true, true);\n\t\t\t\t}\n\n\t\t\t\tif (count($ipandports) == 0) {\n\t\t\t\t\tResponse::standardError('noipportgiven', '', true);\n\t\t\t\t}\n\n\t\t\t\tif ($email_only == '1') {\n\t\t\t\t\t$isemaildomain = '1';\n\t\t\t\t} else {\n\t\t\t\t\t$email_only = '0';\n\t\t\t\t}\n\n\t\t\t\tif ($subcanemaildomain != '1' && $subcanemaildomain != '2' && $subcanemaildomain != '3') {\n\t\t\t\t\t$subcanemaildomain = '0';\n\t\t\t\t}\n\n\t\t\t\tif ($serveraliasoption != '1' && $serveraliasoption != '2') {\n\t\t\t\t\t$serveraliasoption = '0';\n\t\t\t\t}\n\n\t\t\t\t$idna_convert = new IdnaWrapper();\n\t\t\t\tif ($domain == '') {\n\t\t\t\t\tResponse::standardError([\n\t\t\t\t\t\t'stringisempty',\n\t\t\t\t\t\t'mydomain'\n\t\t\t\t\t], '', true);\n\t\t\t\t} elseif ($documentroot == '') {\n\t\t\t\t\tResponse::standardError([\n\t\t\t\t\t\t'stringisempty',\n\t\t\t\t\t\t'mydocumentroot'\n\t\t\t\t\t], '', true);\n\t\t\t\t} elseif ($customerid == 0) {\n\t\t\t\t\tResponse::standardError('adduserfirst', '', true);\n\t\t\t\t} elseif ($domain_check && strtolower($domain_check['domain']) == strtolower($domain)) {\n\t\t\t\t\tResponse::standardError('domainalreadyexists', $idna_convert->decode($domain), true);\n\t\t\t\t} elseif ($aliasdomain_check && $aliasdomain_check['id'] != $aliasdomain) {\n\t\t\t\t\tResponse::standardError('domainisaliasorothercustomer', '', true);\n\t\t\t\t} else {\n\t\t\t\t\t$wwwserveralias = ($serveraliasoption == '1') ? '1' : '0';\n\t\t\t\t\t$iswildcarddomain = ($serveraliasoption == '0') ? '1' : '0';\n\n\t\t\t\t\t$ins_data = [\n\t\t\t\t\t\t'domain' => $domain,\n\t\t\t\t\t\t'domain_ace' => $idna_convert->decode($domain),\n\t\t\t\t\t\t'customerid' => $customerid,\n\t\t\t\t\t\t'adminid' => $adminid,\n\t\t\t\t\t\t'documentroot' => $documentroot,\n\t\t\t\t\t\t'aliasdomain' => ($aliasdomain != 0 ? $aliasdomain : null),\n\t\t\t\t\t\t'zonefile' => $zonefile,\n\t\t\t\t\t\t'dkim' => $dkim,\n\t\t\t\t\t\t'wwwserveralias' => $wwwserveralias,\n\t\t\t\t\t\t'iswildcarddomain' => $iswildcarddomain,\n\t\t\t\t\t\t'isbinddomain' => $isbinddomain,\n\t\t\t\t\t\t'isemaildomain' => $isemaildomain,\n\t\t\t\t\t\t'email_only' => $email_only,\n\t\t\t\t\t\t'subcanemaildomain' => $subcanemaildomain,\n\t\t\t\t\t\t'caneditdomain' => $caneditdomain,\n\t\t\t\t\t\t'phpenabled' => $phpenabled,\n\t\t\t\t\t\t'openbasedir' => $openbasedir,\n\t\t\t\t\t\t'openbasedir_path' => $openbasedir_path,\n\t\t\t\t\t\t'speciallogfile' => $speciallogfile,\n\t\t\t\t\t\t'specialsettings' => $specialsettings,\n\t\t\t\t\t\t'ssl_specialsettings' => $ssl_specialsettings,\n\t\t\t\t\t\t'include_specialsettings' => $include_specialsettings,\n\t\t\t\t\t\t'notryfiles' => $notryfiles,\n\t\t\t\t\t\t'writeaccesslog' => $writeaccesslog,\n\t\t\t\t\t\t'writeerrorlog' => $writeerrorlog,\n\t\t\t\t\t\t'ssl_redirect' => $ssl_redirect,\n\t\t\t\t\t\t'add_date' => time(),\n\t\t\t\t\t\t'registration_date' => $registration_date,\n\t\t\t\t\t\t'termination_date' => $termination_date,\n\t\t\t\t\t\t'phpsettingid' => $phpsettingid,\n\t\t\t\t\t\t'mod_fcgid_starter' => $mod_fcgid_starter,\n\t\t\t\t\t\t'mod_fcgid_maxrequests' => $mod_fcgid_maxrequests,\n\t\t\t\t\t\t'letsencrypt' => $letsencrypt,\n\t\t\t\t\t\t'http2' => $http2,\n\t\t\t\t\t\t'http3' => $http3,\n\t\t\t\t\t\t'hsts' => $hsts_maxage,\n\t\t\t\t\t\t'hsts_sub' => $hsts_sub,\n\t\t\t\t\t\t'hsts_preload' => $hsts_preload,\n\t\t\t\t\t\t'ocsp_stapling' => $ocsp_stapling,\n\t\t\t\t\t\t'override_tls' => $override_tls,\n\t\t\t\t\t\t'ssl_protocols' => implode(\",\", $ssl_protocols),\n\t\t\t\t\t\t'ssl_cipher_list' => $ssl_cipher_list,\n\t\t\t\t\t\t'tlsv13_cipher_list' => $tlsv13_cipher_list,\n\t\t\t\t\t\t'sslenabled' => $sslenabled,\n\t\t\t\t\t\t'honorcipherorder' => $honorcipherorder,\n\t\t\t\t\t\t'sessiontickets' => $sessiontickets,\n\t\t\t\t\t\t'description' => $description\n\t\t\t\t\t];\n\n\t\t\t\t\t$ins_stmt = Database::prepare(\"\n\t\t\t\t\t\tINSERT INTO `\" . TABLE_PANEL_DOMAINS . \"` SET\n\t\t\t\t\t\t`domain` = :domain,\n\t\t\t\t\t\t`domain_ace` = :domain_ace,\n\t\t\t\t\t\t`customerid` = :customerid,\n\t\t\t\t\t\t`adminid` = :adminid,\n\t\t\t\t\t\t`documentroot` = :documentroot,\n\t\t\t\t\t\t`aliasdomain` = :aliasdomain,\n\t\t\t\t\t\t`zonefile` = :zonefile,\n\t\t\t\t\t\t`dkim` = :dkim,\n\t\t\t\t\t\t`dkim_id` = '0',\n\t\t\t\t\t\t`dkim_privkey` = '',\n\t\t\t\t\t\t`dkim_pubkey` = '',\n\t\t\t\t\t\t`wwwserveralias` = :wwwserveralias,\n\t\t\t\t\t\t`iswildcarddomain` = :iswildcarddomain,\n\t\t\t\t\t\t`isbinddomain` = :isbinddomain,\n\t\t\t\t\t\t`isemaildomain` = :isemaildomain,\n\t\t\t\t\t\t`email_only` = :email_only,\n\t\t\t\t\t\t`subcanemaildomain` = :subcanemaildomain,\n\t\t\t\t\t\t`caneditdomain` = :caneditdomain,\n\t\t\t\t\t\t`phpenabled` = :phpenabled,\n\t\t\t\t\t\t`openbasedir` = :openbasedir,\n\t\t\t\t\t\t`openbasedir_path` = :openbasedir_path,\n\t\t\t\t\t\t`speciallogfile` = :speciallogfile,\n\t\t\t\t\t\t`specialsettings` = :specialsettings,\n\t\t\t\t\t\t`ssl_specialsettings` = :ssl_specialsettings,\n\t\t\t\t\t\t`include_specialsettings` = :include_specialsettings,\n\t\t\t\t\t\t`notryfiles` = :notryfiles,\n\t\t\t\t\t\t`writeaccesslog` = :writeaccesslog,\n\t\t\t\t\t\t`writeerrorlog` = :writeerrorlog,\n\t\t\t\t\t\t`ssl_redirect` = :ssl_redirect,\n\t\t\t\t\t\t`add_date` = :add_date,\n\t\t\t\t\t\t`registration_date` = :registration_date,\n\t\t\t\t\t\t`termination_date` = :termination_date,\n\t\t\t\t\t\t`phpsettingid` = :phpsettingid,\n\t\t\t\t\t\t`mod_fcgid_starter` = :mod_fcgid_starter,\n\t\t\t\t\t\t`mod_fcgid_maxrequests` = :mod_fcgid_maxrequests,\n\t\t\t\t\t\t`letsencrypt` = :letsencrypt,\n\t\t\t\t\t\t`http2` = :http2,\n\t\t\t\t\t\t`http3` = :http3,\n\t\t\t\t\t\t`hsts` = :hsts,\n\t\t\t\t\t\t`hsts_sub` = :hsts_sub,\n\t\t\t\t\t\t`hsts_preload` = :hsts_preload,\n\t\t\t\t\t\t`ocsp_stapling` = :ocsp_stapling,\n\t\t\t\t\t\t`override_tls` = :override_tls,\n\t\t\t\t\t\t`ssl_protocols` = :ssl_protocols,\n\t\t\t\t\t\t`ssl_cipher_list` = :ssl_cipher_list,\n\t\t\t\t\t\t`tlsv13_cipher_list` = :tlsv13_cipher_list,\n\t\t\t\t\t\t`ssl_enabled` = :sslenabled,\n\t\t\t\t\t\t`ssl_honorcipherorder` = :honorcipherorder,\n\t\t\t\t\t\t`ssl_sessiontickets` = :sessiontickets,\n\t\t\t\t\t\t`description` = :description\n\t\t\t\t\t\");\n\t\t\t\t\tDatabase::pexecute($ins_stmt, $ins_data, true, true);\n\t\t\t\t\t$domainid = Database::lastInsertId();\n\t\t\t\t\t$ins_data['id'] = $domainid;\n\t\t\t\t\tunset($ins_data);\n\n\t\t\t\t\tif (!$is_stdsubdomain) {\n\t\t\t\t\t\t$upd_stmt = Database::prepare(\"\n\t\t\t\t\t\t\tUPDATE `\" . TABLE_PANEL_ADMINS . \"` SET `domains_used` = `domains_used` + 1\n\t\t\t\t\t\t\tWHERE `adminid` = :adminid\n\t\t\t\t\t\t\");\n\t\t\t\t\t\tDatabase::pexecute($upd_stmt, [\n\t\t\t\t\t\t\t'adminid' => $adminid\n\t\t\t\t\t\t], true, true);\n\t\t\t\t\t}\n\n\t\t\t\t\t$ins_stmt = Database::prepare(\"\n\t\t\t\t\t\tINSERT INTO `\" . TABLE_DOMAINTOIP . \"` SET\n\t\t\t\t\t\t`id_domain` = :domainid,\n\t\t\t\t\t\t`id_ipandports` = :ipandportsid\n\t\t\t\t\t\");\n\n\t\t\t\t\tforeach ($ipandports as $ipportid) {\n\t\t\t\t\t\t$ins_data = [\n\t\t\t\t\t\t\t'domainid' => $domainid,\n\t\t\t\t\t\t\t'ipandportsid' => $ipportid\n\t\t\t\t\t\t];\n\t\t\t\t\t\tDatabase::pexecute($ins_stmt, $ins_data, true, true);\n\t\t\t\t\t}\n\n\t\t\t\t\tforeach ($ssl_ipandports as $ssl_ipportid) {\n\t\t\t\t\t\tif ($ssl_ipportid > 0) {\n\t\t\t\t\t\t\t$ins_data = [\n\t\t\t\t\t\t\t\t'domainid' => $domainid,\n\t\t\t\t\t\t\t\t'ipandportsid' => $ssl_ipportid\n\t\t\t\t\t\t\t];\n\t\t\t\t\t\t\tDatabase::pexecute($ins_stmt, $ins_data, true, true);\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\n\t\t\t\t\tDomain::triggerLetsEncryptCSRForAliasDestinationDomain($aliasdomain, $this->logger());\n\n\t\t\t\t\tCronjob::inserttask(TaskId::REBUILD_VHOST);\n\t\t\t\t\t// Using nameserver, insert a task which rebuilds the server config\n\t\t\t\t\tCronjob::inserttask(TaskId::REBUILD_DNS);\n\t\t\t\t\tif ($dkim == '1') {\n\t\t\t\t\t\tCronjob::inserttask(TaskId::REBUILD_RSPAMD);\n\t\t\t\t\t}\n\n\t\t\t\t\t$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_WARNING, \"[API] added domain '\" . $domain . \"'\");\n\n\t\t\t\t\t$result = $this->apiCall('Domains.get', [\n\t\t\t\t\t\t'domainname' => $domain\n\t\t\t\t\t]);\n\t\t\t\t\treturn $this->response($result);\n\t\t\t\t}\n\t\t\t}\n\t\t\tthrow new Exception(\"No more resources available\", 406);\n\t\t}\n\t\tthrow new Exception(\"Not allowed to execute given command.\", 403);\n\t}\n\n\t/**\n\t * return a domain entry by either id or domainname\n\t *\n\t * @param int $id\n\t * optional, the domain-id\n\t * @param string $domainname\n\t * optional, the domainname\n\t * @param bool $with_ips\n\t * optional, default true\n\t * @param bool $no_std_subdomain\n\t * optional, default false\n\t *\n\t * @access admin\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function get()\n\t{\n\t\tif ($this->isAdmin()) {\n\t\t\t$id = $this->getParam('id', true, 0);\n\t\t\t$dn_optional = $id > 0;\n\t\t\t$domainname = $this->getParam('domainname', $dn_optional, '');\n\t\t\t$with_ips = $this->getParam('with_ips', true, true);\n\t\t\t$no_std_subdomain = $this->getParam('no_std_subdomain', true, false);\n\n\t\t\t// convert possible idn domain to punycode\n\t\t\tif (substr($domainname, 0, 4) != 'xn--') {\n\t\t\t\t$idna_convert = new IdnaWrapper();\n\t\t\t\t$domainname = $idna_convert->encode($domainname);\n\t\t\t}\n\n\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\tSELECT `d`.*, `c`.`customerid`\n\t\t\t\tFROM `\" . TABLE_PANEL_DOMAINS . \"` `d`\n\t\t\t\tLEFT JOIN `\" . TABLE_PANEL_CUSTOMERS . \"` `c` USING(`customerid`)\n\t\t\t\tWHERE `d`.`parentdomainid` = '0'\n\t\t\t\tAND \" . ($id > 0 ? \"`d`.`id` = :iddn\" : \"`d`.`domain` = :iddn\") . ($no_std_subdomain ? ' AND `d`.`id` <> `c`.`standardsubdomain`' : '') . ($this->getUserDetail('customers_see_all') ? '' : \" AND `d`.`adminid` = :adminid\"));\n\t\t\t$params = [\n\t\t\t\t'iddn' => ($id <= 0 ? $domainname : $id)\n\t\t\t];\n\t\t\tif ($this->getUserDetail('customers_see_all') == '0') {\n\t\t\t\t$params['adminid'] = $this->getUserDetail('adminid');\n\t\t\t}\n\t\t\t$result = Database::pexecute_first($result_stmt, $params, true, true);\n\t\t\tif ($result) {\n\t\t\t\t$result['ipsandports'] = [];\n\t\t\t\tif ($with_ips) {\n\t\t\t\t\t$result['ipsandports'] = $this->getIpsForDomain($result['id']);\n\t\t\t\t}\n\t\t\t\t$result['domain_hascert'] = $this->getHasCertValueForDomain((int)$result['id'], (int)$result['parentdomainid']);\n\t\t\t\t$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, \"[API] get domain '\" . $result['domain'] . \"'\");\n\t\t\t\treturn $this->response($result);\n\t\t\t}\n\t\t\t$key = ($id > 0 ? \"id #\" . $id : \"domainname '\" . $domainname . \"'\");\n\t\t\tthrow new Exception(\"Domain with \" . $key . \" could not be found\", 404);\n\t\t}\n\t\tthrow new Exception(\"Not allowed to execute given command.\", 403);\n\t}\n\n\t/**\n\t * validate given ips\n\t *\n\t * @param int|string|array $p_ipandports\n\t * @param boolean $ssl\n\t * default false\n\t * @param int $edit_id\n\t * default 0\n\t *\n\t * @return array\n\t * @throws Exception\n\t */\n\tprivate function validateIpAddresses($p_ipandports = null, $ssl = false, $edit_id = 0)\n\t{\n\t\t// when adding a new domain and no ip is given, we try to use the\n\t\t// system-default, check here if there is none\n\t\t// this is not required for ssl-enabled ip's\n\t\tif ($edit_id <= 0 && !$ssl && empty($p_ipandports)) {\n\t\t\tthrow new Exception(\"No IPs given, unable to add domain (no default IPs set?)\", 406);\n\t\t}\n\n\t\t// convert given value(s) correctly\n\t\t$ipandports = [];\n\t\tif (!empty($p_ipandports) && is_numeric($p_ipandports)) {\n\t\t\t$p_ipandports = [\n\t\t\t\t$p_ipandports\n\t\t\t];\n\t\t}\n\t\tif (!empty($p_ipandports) && !is_array($p_ipandports)) {\n\t\t\t$p_ipandports = json_decode($p_ipandports, true);\n\t\t}\n\n\t\t// check whether there are ip usage restrictions\n\t\t$additional_ip_condition = '';\n\t\t$aip_param = [];\n\t\tif ($this->getUserDetail('ip') != \"-1\") {\n\t\t\t// handle multiple-ip-array\n\t\t\t$additional_ip_condition = \" AND `ip` IN (\" . implode(\",\", json_decode($this->getUserDetail('ip'), true)) . \") \";\n\t\t}\n\n\t\tif (!empty($p_ipandports) && is_array($p_ipandports)) {\n\t\t\t$ipandport_check_stmt = Database::prepare(\"\n\t\t\t\tSELECT `id`, `ip`, `port`\n\t\t\t\tFROM `\" . TABLE_PANEL_IPSANDPORTS . \"`\n\t\t\t\tWHERE `id` = :ipandport \" . ($ssl ? \" AND `ssl` = '1'\" : \"\") . $additional_ip_condition);\n\t\t\tforeach ($p_ipandports as $ipandport) {\n\t\t\t\tif (trim($ipandport) == \"\") {\n\t\t\t\t\tcontinue;\n\t\t\t\t}\n\t\t\t\t// fix if no ip/port is checked\n\t\t\t\tif (trim($ipandport) < 1) {\n\t\t\t\t\tcontinue;\n\t\t\t\t}\n\t\t\t\t$ipandport = intval($ipandport);\n\t\t\t\t$ip_params = array_merge([\n\t\t\t\t\t'ipandport' => $ipandport\n\t\t\t\t], $aip_param);\n\t\t\t\t$ipandport_check = Database::pexecute_first($ipandport_check_stmt, $ip_params, true, true);\n\t\t\t\tif (!isset($ipandport_check['id']) || $ipandport_check['id'] == '0' || $ipandport_check['id'] != $ipandport) {\n\t\t\t\t\tResponse::standardError('ipportdoesntexist', '', true);\n\t\t\t\t} else {\n\t\t\t\t\t$ipandports[] = $ipandport;\n\t\t\t\t}\n\t\t\t}\n\t\t} elseif ($edit_id > 0) {\n\t\t\t// set currently used ip's\n\t\t\t$ipsresult_stmt = Database::prepare(\"\n\t\t\t\tSELECT d2i.`id_ipandports`\n\t\t\t\tFROM `\" . TABLE_DOMAINTOIP . \"` d2i\n\t\t\t\tLEFT JOIN `\" . TABLE_PANEL_IPSANDPORTS . \"` i ON i.id = d2i.id_ipandports\n\t\t\t\tWHERE d2i.`id_domain` = :id AND i.`ssl` = \" . ($ssl ? \"'1'\" : \"'0'\"));\n\t\t\tDatabase::pexecute($ipsresult_stmt, [\n\t\t\t\t'id' => $edit_id\n\t\t\t], true, true);\n\t\t\twhile ($ipsresultrow = $ipsresult_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t$ipandports[] = $ipsresultrow['id_ipandports'];\n\t\t\t}\n\t\t}\n\t\treturn $ipandports;\n\t}\n\n\t/**\n\t * get ips from array of id's\n\t *\n\t * @param array $ips\n\t * @return array\n\t */\n\tprivate function getIpsFromIdArray(array $ids)\n\t{\n\t\t$resultips_stmt = Database::prepare(\"\n\t\t\tSELECT `ip` FROM `\" . TABLE_PANEL_IPSANDPORTS . \"` WHERE id = :id\n\t\t\");\n\t\t$result = [];\n\t\tforeach ($ids as $id) {\n\t\t\t$entry = Database::pexecute_first($resultips_stmt, [\n\t\t\t\t'id' => $id\n\t\t\t]);\n\t\t\t$result[] = $entry['ip'];\n\t\t}\n\t\treturn $result;\n\t}\n\n\t/**\n\t * update domain entry by either id or domainname\n\t *\n\t * @param int $id\n\t * optional, the domain-id\n\t * @param string $domainname\n\t * optional, the domainname\n\t * @param int $customerid\n\t * required (if $loginname is not specified)\n\t * @param string $loginname\n\t * required (if $customerid is not specified)\n\t * @param int $adminid\n\t * optional, default is the calling admin's ID\n\t * @param array $ipandport\n\t * optional list of ip/ports to assign to domain, default is system-default-ips\n\t * @param int $subcanemaildomain\n\t * optional, allow subdomains of this domain as email domains, 1 = choosable (default no), 2 = choosable\n\t * (default yes), 3 = always, default 0 (never)\n\t * @param bool $isemaildomain\n\t * optional, allow email usage with this domain, default 0 (false)\n\t * @param bool $emaildomainverified\n\t * optional, when setting $isemaildomain to false, this needs to be set to true to confirm the action in case email addresses exist for this domain,\n\t * default 0 (false)\n\t * @param bool $email_only\n\t * optional, restrict domain to email usage, default 0 (false)\n\t * @param int $selectserveralias\n\t * optional, 0 = wildcard, 1 = www-alias, 2 = none, default 0\n\t * @param bool $speciallogfile\n\t * optional, whether to create an exclusive web-logfile for this domain, default 0 (false)\n\t * @param bool $speciallogverified\n\t * optional, when setting $speciallogfile to false, this needs to be set to true to confirm the action,\n\t * default 0 (false)\n\t * @param int $alias\n\t * optional, domain-id of a domain that the new domain should be an alias of, default 0 (none)\n\t * @param string $registration_date\n\t * optional, date of domain registration in form of YYYY-MM-DD, default empty (none)\n\t * @param string $termination_date\n\t * optional, date of domain termination in form of YYYY-MM-DD, default empty (none)\n\t * @param bool $caneditdomain\n\t * optional, whether to allow the customer to edit domain settings, default 0 (false)\n\t * @param bool $isbinddomain\n\t * optional, whether to generate a dns-zone or not (only of nameserver is activated), default 0 (false)\n\t * @param string $zonefile\n\t * optional, custom dns zone filename (only of nameserver is activated), default empty (auto-generated)\n\t * @param bool $dkim\n\t * optional, whether this domain should use dkim if antispam is activated, default 0 (false)\n\t * @param string $specialsettings\n\t * optional, custom webserver vhost-content which is added to the generated vhost, default empty\n\t * @param string $ssl_specialsettings\n\t * optional, custom webserver vhost-content which is added to the generated ssl-vhost, default empty\n\t * @param bool $include_specialsettings\n\t * optional, whether to include non-ssl specialsettings in the generated ssl-vhost, default false\n\t * @param bool $specialsettingsforsubdomains\n\t * optional, whether to apply specialsettings to all subdomains of this domain, default is read from\n\t * setting system.apply_specialsettings_default\n\t * @param bool $notryfiles\n\t * optional, [nginx only] do not generate the default try-files directive, default 0 (false)\n\t * @param bool $writeaccesslog\n\t * optional, Enable writing an access-log file for this domain, default 1 (true)\n\t * @param bool $writeerrorlog\n\t * optional, Enable writing an error-log file for this domain, default 1 (true)\n\t * @param string $documentroot\n\t * optional, specify homedir of domain by specifying a directory (relative to customer-docroot), be\n\t * aware, if path starts with / it is considered a full path, not relative to customer-docroot. Also\n\t * specifying a URL is possible here (redirect), default empty (autogenerated)\n\t * @param bool $phpenabled\n\t * optional, whether php is enabled for this domain, default 0 (false)\n\t * @param bool $phpsettingsforsubdomains\n\t * optional, whether to apply php-setting to apply to all subdomains of this domain, default is read\n\t * from setting system.apply_phpconfigs_default\n\t * @param bool $openbasedir\n\t * optional, whether to activate openbasedir restriction for this domain, default 0 (false)\n\t * @param int $openbasedir_path\n\t * optional, either 0 for domains-docroot, 1 for customers-homedir or 2 for parent-directory of domains-docroot\n\t * @param int $phpsettingid\n\t * optional, specify php-configuration that is being used by id, default 1 (system-default)\n\t * @param int $mod_fcgid_starter\n\t * optional number of fcgid-starters if FCGID is used, default is -1\n\t * @param int $mod_fcgid_maxrequests\n\t * optional number of fcgid-maxrequests if FCGID is used, default is -1\n\t * @param bool $ssl_redirect\n\t * optional, whether to generate a https-redirect or not, default false; requires SSL to be enabled\n\t * @param bool $letsencrypt\n\t * optional, whether to generate a Let's Encrypt certificate for this domain, default false; requires\n\t * SSL to be enabled\n\t * @param array $ssl_ipandport\n\t * optional, list of ssl-enabled ip/port id's to assign to this domain, if left empty, the current set\n\t * value is being used, to remove all ssl ips use $remove_ssl_ipandport\n\t * @param bool $remove_ssl_ipandport\n\t * optional, if set to true and no $ssl_ipandport value is given, the ip's get removed, otherwise, the\n\t * currently set value is used, default false\n\t * @param bool $sslenabled\n\t * optional, whether SSL is enabled for this domain, regardless of the assigned ssl-ips, default\n\t * 1 (true)\n\t * @param bool $http2\n\t * optional, whether to enable http/2 for this domain (requires to be enabled in the settings), default\n\t * 0 (false)\n\t * @param bool $http3\n\t * optional, whether to enable http/3 for this domain (requires to be enabled in the settings), default\n\t * 0 (false)\n\t * @param int $hsts_maxage\n\t * optional max-age value for HSTS header\n\t * @param bool $hsts_sub\n\t * optional whether to add subdomains to the HSTS header\n\t * @param bool $hsts_preload\n\t * optional whether to preload HSTS header value\n\t * @param bool $ocsp_stapling\n\t * optional whether to enable ocsp-stapling for this domain. default 0 (false), requires SSL\n\t * @param bool $honorcipherorder\n\t * optional whether to honor the (server) cipher order for this domain. default 0 (false), requires SSL\n\t * @param bool $sessiontickets\n\t * optional whether to enable or disable TLS sessiontickets (RFC 5077) for this domain. default 1\n\t * (true), requires SSL\n\t * @param string $description\n\t * optional custom description (currently not used/shown in the frontend), default empty\n\t * @param bool $deactivated\n\t * optional, if 1 (true) the domain can be deactivated/suspended\n\t *\n\t * @access admin\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function update()\n\t{\n\t\tif ($this->isAdmin()) {\n\t\t\t// parameters\n\t\t\t$id = $this->getParam('id', true, 0);\n\t\t\t$dn_optional = $id > 0;\n\t\t\t$domainname = $this->getParam('domainname', $dn_optional, '');\n\n\t\t\t// get requested domain\n\t\t\t$result = $this->apiCall('Domains.get', [\n\t\t\t\t'id' => $id,\n\t\t\t\t'domainname' => $domainname\n\t\t\t]);\n\t\t\t$id = $result['id'];\n\n\t\t\t// optional parameters\n\t\t\t$p_ipandports = $this->getParam('ipandport', true, []);\n\t\t\t$adminid = intval($this->getParam('adminid', true, $result['adminid']));\n\n\t\t\tif ($this->getParam('customerid', true, 0) == 0 && $this->getParam('loginname', true, '') == '') {\n\t\t\t\t$customerid = $result['customerid'];\n\t\t\t\t$customer = $this->apiCall('Customers.get', [\n\t\t\t\t\t'id' => $customerid\n\t\t\t\t]);\n\t\t\t} else {\n\t\t\t\t$customer = $this->getCustomerData();\n\t\t\t\t$customerid = $customer['customerid'];\n\t\t\t}\n\n\t\t\t$subcanemaildomain = $this->getParam('subcanemaildomain', true, $result['subcanemaildomain']);\n\t\t\t$isemaildomain = $this->getBoolParam('isemaildomain', true, $result['isemaildomain']);\n\t\t\t$emaildomainverified = $this->getBoolParam('emaildomainverified', true, 0);\n\t\t\t$email_only = $this->getBoolParam('email_only', true, $result['email_only']);\n\t\t\t$p_serveraliasoption = $this->getParam('selectserveralias', true, -1);\n\t\t\t$speciallogfile = $this->getBoolParam('speciallogfile', true, $result['speciallogfile']);\n\t\t\t$speciallogverified = $this->getBoolParam('speciallogverified', true, 0);\n\t\t\t$aliasdomain = intval($this->getParam('alias', true, $result['aliasdomain']));\n\t\t\t$registration_date = $this->getParam('registration_date', true, $result['registration_date']);\n\t\t\t$termination_date = $this->getParam('termination_date', true, $result['termination_date']);\n\t\t\t$caneditdomain = $this->getBoolParam('caneditdomain', true, $result['caneditdomain']);\n\t\t\t$isbinddomain = $this->getBoolParam('isbinddomain', true, $result['isbinddomain']);\n\t\t\t$zonefile = $this->getParam('zonefile', true, $result['zonefile']);\n\t\t\t$dkim = $this->getBoolParam('dkim', true, $result['dkim']);\n\t\t\t$specialsettings = $this->getParam('specialsettings', true, $result['specialsettings']);\n\t\t\t$ssl_specialsettings = $this->getParam('ssl_specialsettings', true, $result['ssl_specialsettings']);\n\t\t\t$include_specialsettings = $this->getBoolParam('include_specialsettings', true, $result['include_specialsettings']);\n\t\t\t$ssfs = $this->getBoolParam('specialsettingsforsubdomains', true, Settings::Get('system.apply_specialsettings_default'));\n\t\t\t$notryfiles = $this->getBoolParam('notryfiles', true, $result['notryfiles']);\n\t\t\t$writeaccesslog = $this->getBoolParam('writeaccesslog', true, $result['writeaccesslog']);\n\t\t\t$writeerrorlog = $this->getBoolParam('writeerrorlog', true, $result['writeerrorlog']);\n\t\t\t$documentroot = $this->getParam('documentroot', true, $result['documentroot']);\n\t\t\t$phpenabled = $this->getBoolParam('phpenabled', true, $result['phpenabled']);\n\t\t\t$phpfs = $this->getBoolParam('phpsettingsforsubdomains', true, Settings::Get('system.apply_phpconfigs_default'));\n\t\t\t$openbasedir = $this->getBoolParam('openbasedir', true, $result['openbasedir']);\n\t\t\t$openbasedir_path = $this->getParam('openbasedir_path', true, $result['openbasedir_path']);\n\t\t\t$phpsettingid = $this->getParam('phpsettingid', true, $result['phpsettingid']);\n\t\t\t$mod_fcgid_starter = $this->getParam('mod_fcgid_starter', true, $result['mod_fcgid_starter']);\n\t\t\t$mod_fcgid_maxrequests = $this->getParam('mod_fcgid_maxrequests', true, $result['mod_fcgid_maxrequests']);\n\t\t\t$ssl_redirect = $this->getBoolParam('ssl_redirect', true, $result['ssl_redirect']);\n\t\t\t$letsencrypt = $this->getBoolParam('letsencrypt', true, $result['letsencrypt']);\n\t\t\t$remove_ssl_ipandport = $this->getBoolParam('remove_ssl_ipandport', true, 0);\n\t\t\t$p_ssl_ipandports = $this->getParam('ssl_ipandport', true, $remove_ssl_ipandport ? [\n\t\t\t\t-1\n\t\t\t] : null);\n\t\t\t$sslenabled = $remove_ssl_ipandport ? false : $this->getBoolParam('sslenabled', true, $result['ssl_enabled']);\n\t\t\t$http2 = $this->getBoolParam('http2', true, $result['http2']);\n\t\t\t$http3 = $this->getBoolParam('http3', true, $result['http3']);\n\t\t\t$hsts_maxage = $this->getParam('hsts_maxage', true, $result['hsts']);\n\t\t\t$hsts_sub = $this->getBoolParam('hsts_sub', true, $result['hsts_sub']);\n\t\t\t$hsts_preload = $this->getBoolParam('hsts_preload', true, $result['hsts_preload']);\n\t\t\t$ocsp_stapling = $this->getBoolParam('ocsp_stapling', true, $result['ocsp_stapling']);\n\t\t\t$honorcipherorder = $this->getBoolParam('honorcipherorder', true, $result['ssl_honorcipherorder']);\n\t\t\t$sessiontickets = $this->getBoolParam('sessiontickets', true, $result['ssl_sessiontickets']);\n\n\t\t\t$override_tls = $this->getBoolParam('override_tls', true, $result['override_tls']);\n\n\t\t\tif ($this->getUserDetail('change_serversettings') == '1') {\n\t\t\t\tif ($override_tls) {\n\t\t\t\t\t$p_ssl_protocols = $this->getParam('ssl_protocols', true, explode(',', $result['ssl_protocols']));\n\t\t\t\t\t$ssl_cipher_list = $this->getParam('ssl_cipher_list', true, $result['ssl_cipher_list']);\n\t\t\t\t\t$tlsv13_cipher_list = $this->getParam('tlsv13_cipher_list', true, $result['tlsv13_cipher_list']);\n\t\t\t\t} else {\n\t\t\t\t\t$p_ssl_protocols = [];\n\t\t\t\t\t$ssl_cipher_list = \"\";\n\t\t\t\t\t$tlsv13_cipher_list = \"\";\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\t$p_ssl_protocols = explode(',', $result['ssl_protocols']);\n\t\t\t\t$ssl_cipher_list = $result['ssl_cipher_list'];\n\t\t\t\t$tlsv13_cipher_list = $result['tlsv13_cipher_list'];\n\t\t\t}\n\t\t\t$description = $this->getParam('description', true, $result['description']);\n\t\t\t$deactivated = $this->getBoolParam('deactivated', true, $result['deactivated']);\n\n\t\t\t// count subdomain usage of source-domain\n\t\t\t$subdomains_stmt = Database::prepare(\"\n\t\t\t\tSELECT COUNT(`id`) AS count FROM `\" . TABLE_PANEL_DOMAINS . \"` WHERE\n\t\t\t\t`parentdomainid` = :resultid\n\t\t\t\");\n\t\t\t$subdomains = Database::pexecute_first($subdomains_stmt, [\n\t\t\t\t'resultid' => $result['id']\n\t\t\t], true, true);\n\t\t\t$subdomains = $subdomains['count'];\n\n\t\t\t// count where this domain is alias domain\n\t\t\t$alias_check_stmt = Database::prepare(\"\n\t\t\t\tSELECT COUNT(`id`) AS count FROM `\" . TABLE_PANEL_DOMAINS . \"` WHERE\n\t\t\t\t`aliasdomain` = :resultid\n\t\t\t\");\n\t\t\t$alias_check = Database::pexecute_first($alias_check_stmt, [\n\t\t\t\t'resultid' => $result['id']\n\t\t\t], true, true);\n\t\t\t$alias_check = $alias_check['count'];\n\n\t\t\t// count where we are used in email-accounts\n\t\t\t$domain_emails_result_stmt = Database::prepare(\"\n\t\t\t\tSELECT `email`, `email_full`, `destination`, `popaccountid`\n\t\t\t\tFROM `\" . TABLE_MAIL_VIRTUAL . \"` WHERE `customerid` = :customerid AND `domainid` = :id\n\t\t\t\");\n\t\t\tDatabase::pexecute($domain_emails_result_stmt, [\n\t\t\t\t'customerid' => $result['customerid'],\n\t\t\t\t'id' => $result['id']\n\t\t\t], true, true);\n\n\t\t\t$emails = Database::num_rows();\n\t\t\t$email_forwarders = 0;\n\t\t\t$email_accounts = 0;\n\n\t\t\twhile ($domain_emails_row = $domain_emails_result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\tif ($domain_emails_row['destination'] != '') {\n\t\t\t\t\t$domain_emails_row['destination'] = explode(' ', FileDir::makeCorrectDestination($domain_emails_row['destination']));\n\t\t\t\t\t$email_forwarders += count($domain_emails_row['destination']);\n\t\t\t\t\tif (in_array($domain_emails_row['email_full'], $domain_emails_row['destination'])) {\n\t\t\t\t\t\t$email_forwarders -= 1;\n\t\t\t\t\t\t$email_accounts++;\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tif ($emails > 0 && (int)$isemaildomain == 0 && (int)$result['isemaildomain'] == 1 && (int)$emaildomainverified == 0) {\n\t\t\t\tResponse::standardError('emaildomainstillhasaddresses', '', true);\n\t\t\t}\n\n\t\t\t// handle change of customer (move domain from customer to customer)\n\t\t\tif ($customerid > 0 && $customerid != $result['customerid'] && Settings::Get('panel.allow_domain_change_customer') == '1') {\n\t\t\t\t// check whether target customer has enough resources\n\t\t\t\t$customer_stmt = Database::prepare(\"\n\t\t\t\t\tSELECT * FROM `\" . TABLE_PANEL_CUSTOMERS . \"`\n\t\t\t\t\tWHERE `customerid` = :customerid\n\t\t\t\t\tAND (`subdomains_used` + :subdomains <= `subdomains` OR `subdomains` = '-1' )\n\t\t\t\t\tAND (`emails_used` + :emails <= `emails` OR `emails` = '-1' )\n\t\t\t\t\tAND (`email_forwarders_used` + :forwarders <= `email_forwarders` OR `email_forwarders` = '-1' )\n\t\t\t\t\tAND (`email_accounts_used` + :accounts <= `email_accounts` OR `email_accounts` = '-1' ) \" . ($this->getUserDetail('customers_see_all') ? '' : \" AND `adminid` = :adminid\"));\n\t\t\t\t$params = [\n\t\t\t\t\t'customerid' => $customerid,\n\t\t\t\t\t'subdomains' => $subdomains,\n\t\t\t\t\t'emails' => $emails,\n\t\t\t\t\t'forwarders' => $email_forwarders,\n\t\t\t\t\t'accounts' => $email_accounts\n\t\t\t\t];\n\t\t\t\tif ($this->getUserDetail('customers_see_all') == '0') {\n\t\t\t\t\t$params['adminid'] = $this->getUserDetail('adminid');\n\t\t\t\t}\n\t\t\t\t$customer = Database::pexecute_first($customer_stmt, $params, true, true);\n\t\t\t\tif (empty($customer) || $customer['customerid'] != $customerid) {\n\t\t\t\t\tResponse::standardError('customerdoesntexist', '', true);\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// handle change of admin (move domain from admin to admin)\n\t\t\tif ($this->getUserDetail('customers_see_all') == '1') {\n\t\t\t\tif ($adminid > 0 && $adminid != $result['adminid'] && Settings::Get('panel.allow_domain_change_admin') == '1') {\n\t\t\t\t\t$admin_stmt = Database::prepare(\"\n\t\t\t\t\t\tSELECT * FROM `\" . TABLE_PANEL_ADMINS . \"`\n\t\t\t\t\t\tWHERE `adminid` = :adminid AND ( `domains_used` < `domains` OR `domains` = '-1' )\n\t\t\t\t\t\");\n\t\t\t\t\t$admin = Database::pexecute_first($admin_stmt, [\n\t\t\t\t\t\t'adminid' => $adminid\n\t\t\t\t\t], true, true);\n\n\t\t\t\t\tif (empty($admin) || $admin['adminid'] != $adminid) {\n\t\t\t\t\t\tResponse::standardError('admindoesntexist', '', true);\n\t\t\t\t\t}\n\t\t\t\t} else {\n\t\t\t\t\t$adminid = $result['adminid'];\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\t$adminid = $result['adminid'];\n\t\t\t}\n\n\t\t\tif (!is_null($registration_date)) {\n\t\t\t\t$registration_date = Validate::validate($registration_date, 'registration_date',\n\t\t\t\t\tValidate::REGEX_YYYY_MM_DD, '', [\n\t\t\t\t\t\t'0000-00-00',\n\t\t\t\t\t\t'0',\n\t\t\t\t\t\t''\n\t\t\t\t\t], true);\n\t\t\t}\n\t\t\tif ($registration_date == '0000-00-00' || empty($registration_date)) {\n\t\t\t\t$registration_date = null;\n\t\t\t}\n\t\t\tif (!is_null($termination_date)) {\n\t\t\t\t$termination_date = Validate::validate($termination_date, 'termination_date',\n\t\t\t\t\tValidate::REGEX_YYYY_MM_DD, '', [\n\t\t\t\t\t\t'0000-00-00',\n\t\t\t\t\t\t'0',\n\t\t\t\t\t\t''\n\t\t\t\t\t], true);\n\t\t\t}\n\t\t\tif ($termination_date == '0000-00-00' || empty($termination_date)) {\n\t\t\t\t$termination_date = null;\n\t\t\t}\n\n\t\t\t$serveraliasoption = '2';\n\t\t\tif ($result['iswildcarddomain'] == '1') {\n\t\t\t\t$serveraliasoption = '0';\n\t\t\t} elseif ($result['wwwserveralias'] == '1') {\n\t\t\t\t$serveraliasoption = '1';\n\t\t\t}\n\t\t\tif ($p_serveraliasoption > -1) {\n\t\t\t\t$serveraliasoption = $p_serveraliasoption;\n\t\t\t}\n\n\t\t\t$documentroot = Validate::validate($documentroot, 'documentroot', Validate::REGEX_DIR, '', [], true);\n\n\t\t\tif (!empty($documentroot) && $documentroot != $result['documentroot'] && substr($documentroot, 0, 1) == '/' && substr($documentroot, 0, strlen($customer['documentroot'])) != $customer['documentroot'] && $this->getUserDetail('change_serversettings') != '1') {\n\t\t\t\tResponse::standardError('pathmustberelative', '', true);\n\t\t\t}\n\n\t\t\t// when moving customer and no path is specified, update would normally reuse the current document-root\n\t\t\t// which would point to the wrong customer, therefore we will re-create that directory\n\t\t\tif (!empty($documentroot) && $customerid > 0 && $customerid != $result['customerid'] && Settings::Get('panel.allow_domain_change_customer') == '1') {\n\t\t\t\tif (Settings::Get('system.documentroot_use_default_value') == 1) {\n\t\t\t\t\t$_documentroot = FileDir::makeCorrectDir($customer['documentroot'] . '/' . $result['domain']);\n\t\t\t\t} else {\n\t\t\t\t\t$_documentroot = $customer['documentroot'];\n\t\t\t\t}\n\t\t\t\t// set the customers default docroot\n\t\t\t\t$documentroot = $_documentroot;\n\t\t\t}\n\n\t\t\tif ($documentroot == '') {\n\t\t\t\t// If path is empty and 'Use domain name as default value for DocumentRoot path' is enabled in settings,\n\t\t\t\t// set default path to subdomain or domain name\n\t\t\t\tif (Settings::Get('system.documentroot_use_default_value') == 1) {\n\t\t\t\t\t$documentroot = FileDir::makeCorrectDir($customer['documentroot'] . '/' . $result['domain']);\n\t\t\t\t} else {\n\t\t\t\t\t$documentroot = $customer['documentroot'];\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tif ($this->getUserDetail('change_serversettings') == '1') {\n\t\t\t\tif (Settings::Get('system.bind_enable') == '1') {\n\t\t\t\t\t$zonefile = Validate::validate($zonefile, 'zonefile', '', '', [], true);\n\t\t\t\t} else {\n\t\t\t\t\t$isbinddomain = $result['isbinddomain'];\n\t\t\t\t\t$zonefile = $result['zonefile'];\n\t\t\t\t}\n\n\t\t\t\tif (Settings::Get('antispam.activated') != '1') {\n\t\t\t\t\t$dkim = $result['dkim'];\n\t\t\t\t}\n\n\t\t\t\t$specialsettings = Validate::validate(str_replace(\"\\r\\n\", \"\\n\", $specialsettings), 'specialsettings', Validate::REGEX_CONF_TEXT, '', [], true);\n\n\t\t\t\t$ssl_protocols = [];\n\t\t\t\tif (!empty($p_ssl_protocols) && is_numeric($p_ssl_protocols)) {\n\t\t\t\t\t$p_ssl_protocols = [\n\t\t\t\t\t\t$p_ssl_protocols\n\t\t\t\t\t];\n\t\t\t\t}\n\t\t\t\tif (!empty($p_ssl_protocols) && !is_array($p_ssl_protocols)) {\n\t\t\t\t\t$p_ssl_protocols = json_decode($p_ssl_protocols, true);\n\t\t\t\t}\n\t\t\t\tif (!empty($p_ssl_protocols) && is_array($p_ssl_protocols)) {\n\t\t\t\t\t$protocols_available = [\n\t\t\t\t\t\t'TLSv1',\n\t\t\t\t\t\t'TLSv1.1',\n\t\t\t\t\t\t'TLSv1.2',\n\t\t\t\t\t\t'TLSv1.3'\n\t\t\t\t\t];\n\t\t\t\t\tforeach ($p_ssl_protocols as $ssl_protocol) {\n\t\t\t\t\t\tif (!in_array(trim($ssl_protocol), $protocols_available)) {\n\t\t\t\t\t\t\t$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_DEBUG, \"[API] unknown SSL protocol '\" . trim($ssl_protocol) . \"'\");\n\t\t\t\t\t\t\tcontinue;\n\t\t\t\t\t\t}\n\t\t\t\t\t\t$ssl_protocols[] = $ssl_protocol;\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\tif (empty($ssl_protocols)) {\n\t\t\t\t\t$override_tls = '0';\n\t\t\t\t}\n\n\t\t\t\t// http/3 for nginx only works with TLSv1.3 enabled\n\t\t\t\tif ($http3 == '1') {\n\t\t\t\t\t// overwrite enabled?\n\t\t\t\t\tif (Settings::Get('system.webserver') != 'nginx') {\n\t\t\t\t\t\t$http3 = '0';\n\t\t\t\t\t} else {\n\t\t\t\t\t\tif (($override_tls == '1' && !in_array('TLSv1.3', $ssl_protocols)) ||\n\t\t\t\t\t\t\t($override_tls == '0' && !in_array('TLSv1.3', explode(\",\", Settings::Get('system.ssl_protocols'))))\n\t\t\t\t\t\t) {\n\t\t\t\t\t\t\t// no tlsv1.3 -> no http/3\n\t\t\t\t\t\t\tResponse::standardError('tls13requiredforhttp3', '', true);\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\t$isbinddomain = $result['isbinddomain'];\n\t\t\t\t$zonefile = $result['zonefile'];\n\t\t\t\t$specialsettings = $result['specialsettings'];\n\t\t\t\t$ssl_specialsettings = $result['ssl_specialsettings'];\n\t\t\t\t$include_specialsettings = $result['include_specialsettings'];\n\t\t\t\t$ssfs = (empty($specialsettings) ? 0 : 1);\n\t\t\t\t$notryfiles = $result['notryfiles'];\n\t\t\t\t$writeaccesslog = $result['writeaccesslog'];\n\t\t\t\t$writeerrorlog = $result['writeerrorlog'];\n\t\t\t\t$ssl_protocols = $p_ssl_protocols;\n\t\t\t\t$override_tls = $result['override_tls'];\n\t\t\t}\n\n\t\t\tif ($this->getUserDetail('caneditphpsettings') == '1' || $this->getUserDetail('change_serversettings') == '1') {\n\t\t\t\tif ((int)Settings::Get('system.mod_fcgid') == 1 || (int)Settings::Get('phpfpm.enabled') == 1) {\n\t\t\t\t\t$phpsettingid_check_stmt = Database::prepare(\"\n\t\t\t\t\t\tSELECT * FROM `\" . TABLE_PANEL_PHPCONFIGS . \"` WHERE `id` = :phpid\n\t\t\t\t\t\");\n\t\t\t\t\t$phpsettingid_check = Database::pexecute_first($phpsettingid_check_stmt, [\n\t\t\t\t\t\t'phpid' => $phpsettingid\n\t\t\t\t\t], true, true);\n\n\t\t\t\t\tif (!isset($phpsettingid_check['id']) || $phpsettingid_check['id'] == '0' || $phpsettingid_check['id'] != $phpsettingid) {\n\t\t\t\t\t\tResponse::standardError('phpsettingidwrong', '', true);\n\t\t\t\t\t}\n\n\t\t\t\t\tif ((int)Settings::Get('system.mod_fcgid') == 1) {\n\t\t\t\t\t\t$mod_fcgid_starter = Validate::validate($mod_fcgid_starter, 'mod_fcgid_starter', '/^[0-9]*$/', '', [\n\t\t\t\t\t\t\t'-1',\n\t\t\t\t\t\t\t''\n\t\t\t\t\t\t], true);\n\t\t\t\t\t\t$mod_fcgid_maxrequests = Validate::validate($mod_fcgid_maxrequests, 'mod_fcgid_maxrequests', '/^[0-9]*$/', '', [\n\t\t\t\t\t\t\t'-1',\n\t\t\t\t\t\t\t''\n\t\t\t\t\t\t], true);\n\t\t\t\t\t} else {\n\t\t\t\t\t\t$mod_fcgid_starter = $result['mod_fcgid_starter'];\n\t\t\t\t\t\t$mod_fcgid_maxrequests = $result['mod_fcgid_maxrequests'];\n\t\t\t\t\t}\n\t\t\t\t} else {\n\t\t\t\t\t$phpsettingid = $result['phpsettingid'];\n\t\t\t\t\t$phpfs = 1;\n\t\t\t\t\t$mod_fcgid_starter = $result['mod_fcgid_starter'];\n\t\t\t\t\t$mod_fcgid_maxrequests = $result['mod_fcgid_maxrequests'];\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\t$phpenabled = $result['phpenabled'];\n\t\t\t\t$openbasedir = $result['openbasedir'];\n\t\t\t\t$phpsettingid = $result['phpsettingid'];\n\t\t\t\t$phpfs = 1;\n\t\t\t\t$mod_fcgid_starter = $result['mod_fcgid_starter'];\n\t\t\t\t$mod_fcgid_maxrequests = $result['mod_fcgid_maxrequests'];\n\t\t\t}\n\n\t\t\t// check changes of openbasedir-path variable\n\t\t\tif ($openbasedir_path > 2 && $openbasedir_path < 0) {\n\t\t\t\t$openbasedir_path = 0;\n\t\t\t}\n\n\t\t\t// check non-ssl IP\n\t\t\t$ipandports = $this->validateIpAddresses($p_ipandports, false, $result['id']);\n\t\t\t// check ssl IP\n\t\t\tif (empty($p_ssl_ipandports) || (!is_array($p_ssl_ipandports) && is_null($p_ssl_ipandports))) {\n\t\t\t\t$p_ssl_ipandports = [];\n\t\t\t\tforeach ($result['ipsandports'] as $ip) {\n\t\t\t\t\tif ($ip['ssl'] == 1) {\n\t\t\t\t\t\t$p_ssl_ipandports[] = $ip['id'];\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t\t$ssl_ipandports = [];\n\t\t\tif (Settings::Get('system.use_ssl') == \"1\" && !empty($p_ssl_ipandports) && $p_ssl_ipandports[0] != -1) {\n\t\t\t\t$ssl_ipandports = $this->validateIpAddresses($p_ssl_ipandports, true, $result['id']);\n\n\t\t\t\tif ($this->getUserDetail('change_serversettings') == '1') {\n\t\t\t\t\t$ssl_specialsettings = Validate::validate(str_replace(\"\\r\\n\", \"\\n\", $ssl_specialsettings), 'ssl_specialsettings', '/^[^\\0]*$/', '', [], true);\n\t\t\t\t}\n\t\t\t}\n\t\t\tif ($remove_ssl_ipandport || (!empty($p_ssl_ipandports) && $p_ssl_ipandports[0] == -1)) {\n\t\t\t\t$ssl_ipandports = [];\n\t\t\t}\n\t\t\tif (Settings::Get('system.use_ssl') == \"1\" && $sslenabled && empty($ssl_ipandports)) {\n\t\t\t\t// enabled ssl for the domain but no ssl ip/port is selected\n\t\t\t\tResponse::standardError('nosslippportgiven', '', true);\n\t\t\t}\n\t\t\tif (Settings::Get('system.use_ssl') == \"0\" || empty($ssl_ipandports) || !$sslenabled) {\n\t\t\t\t$ssl_redirect = 0;\n\t\t\t\t$letsencrypt = 0;\n\t\t\t\t$http2 = 0;\n\t\t\t\t$http3 = 0;\n\t\t\t\t// act like $remove_ssl_ipandport\n\t\t\t\t$ssl_ipandports = [];\n\n\t\t\t\t// HSTS\n\t\t\t\t$hsts_maxage = 0;\n\t\t\t\t$hsts_sub = 0;\n\t\t\t\t$hsts_preload = 0;\n\n\t\t\t\t// OCSP stapling\n\t\t\t\t$ocsp_stapling = 0;\n\n\t\t\t\t// vhost container settings\n\t\t\t\t$ssl_specialsettings = '';\n\t\t\t\t$include_specialsettings = 0;\n\t\t\t}\n\n\t\t\t// validate dns if lets encrypt is enabled to check whether we can use it at all\n\t\t\tif ($letsencrypt == '1' && Settings::Get('system.le_domain_dnscheck') == '1') {\n\t\t\t\t$domain_ips = PhpHelper::gethostbynamel6($result['domain'], true, Settings::Get('system.le_domain_dnscheck_resolver'));\n\t\t\t\t$selected_ips = $this->getIpsFromIdArray($ssl_ipandports);\n\t\t\t\tif ($domain_ips == false || count(array_intersect($selected_ips, $domain_ips)) <= 0) {\n\t\t\t\t\tResponse::standardError('invaliddnsforletsencrypt', '', true);\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// We can't enable let's encrypt for wildcard-domains\n\t\t\tif ($serveraliasoption == '0' && $letsencrypt == '1') {\n\t\t\t\tResponse::standardError('nowildcardwithletsencrypt', '', true);\n\t\t\t}\n\n\t\t\t// Temporarily deactivate ssl_redirect until Let's Encrypt certificate was generated\n\t\t\tif ($result['letsencrypt'] != $letsencrypt && $ssl_redirect > 0 && $letsencrypt == 1) {\n\t\t\t\t$ssl_redirect = 2;\n\t\t\t}\n\n\t\t\t$idna_convert = new IdnaWrapper();\n\t\t\tif ($documentroot != $result['documentroot']) {\n\t\t\t\tif (preg_match('/^https?\\:\\/\\//', $documentroot)) {\n\t\t\t\t\t$encoded = $idna_convert->encode($documentroot);\n\t\t\t\t\tif (!Validate::validateUrl($encoded, true)) {\n\t\t\t\t\t\tResponse::standardError('invaliddocumentrooturl', '', true);\n\t\t\t\t\t}\n\t\t\t\t\t$documentroot = $encoded;\n\t\t\t\t} else {\n\t\t\t\t\tif (substr($documentroot, 0, 1) != \"/\") {\n\t\t\t\t\t\t$documentroot = $customer['documentroot'] . '/' . $documentroot;\n\t\t\t\t\t}\n\t\t\t\t\tif (strpos($documentroot, ':') !== false) {\n\t\t\t\t\t\tResponse::standardError('pathmaynotcontaincolon', '', true);\n\t\t\t\t\t}\n\t\t\t\t\t$documentroot = FileDir::makeCorrectDir($documentroot);\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tif ($email_only == '1') {\n\t\t\t\t$isemaildomain = '1';\n\t\t\t} else {\n\t\t\t\t$email_only = '0';\n\t\t\t}\n\n\t\t\tif ($subcanemaildomain != '1' && $subcanemaildomain != '2' && $subcanemaildomain != '3') {\n\t\t\t\t$subcanemaildomain = '0';\n\t\t\t}\n\n\t\t\t$aliasdomain_check = [\n\t\t\t\t'id' => 0\n\t\t\t];\n\n\t\t\tif ($aliasdomain != 0) {\n\t\t\t\t// Overwrite given ipandports with these of the \"main\" domain\n\t\t\t\t$ipandports = [];\n\t\t\t\t$ssl_ipandports = [];\n\t\t\t\t$origipresult_stmt = Database::prepare(\"\n\t\t\t\t\tSELECT `id_ipandports` FROM `\" . TABLE_DOMAINTOIP . \"` WHERE `id_domain` = :aliasdomain\n\t\t\t\t\");\n\t\t\t\tDatabase::pexecute($origipresult_stmt, [\n\t\t\t\t\t'aliasdomain' => $aliasdomain\n\t\t\t\t], true, true);\n\t\t\t\t$ipdata_stmt = Database::prepare(\"SELECT * FROM `\" . TABLE_PANEL_IPSANDPORTS . \"` WHERE `id` = :ipid\");\n\t\t\t\twhile ($origip = $origipresult_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t\t$_origip_tmp = Database::pexecute_first($ipdata_stmt, [\n\t\t\t\t\t\t'ipid' => $origip['id_ipandports']\n\t\t\t\t\t], true, true);\n\t\t\t\t\tif ($_origip_tmp['ssl'] == 0) {\n\t\t\t\t\t\t$ipandports[] = $origip['id_ipandports'];\n\t\t\t\t\t} else {\n\t\t\t\t\t\t$ssl_ipandports[] = $origip['id_ipandports'];\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\tif (count($ssl_ipandports) == 0) {\n\t\t\t\t\t// we need this for the json_encode\n\t\t\t\t\t// if ssl is disabled or no ssl-ip/port exists\n\t\t\t\t\t$ssl_ipandports[] = -1;\n\t\t\t\t}\n\n\t\t\t\t$aliasdomain_check_stmt = Database::prepare(\"\n\t\t\t\t\tSELECT `d`.`id` FROM `\" . TABLE_PANEL_DOMAINS . \"` `d`, `\" . TABLE_PANEL_CUSTOMERS . \"` `c`\n\t\t\t\t\tWHERE `d`.`customerid` = :customerid\n\t\t\t\t\tAND `d`.`aliasdomain` IS NULL AND `d`.`id` <> `c`.`standardsubdomain`\n\t\t\t\t\tAND `c`.`customerid` = :customerid\n\t\t\t\t\tAND `d`.`id` = :aliasdomain\n\t\t\t\t\");\n\t\t\t\t$aliasdomain_check = Database::pexecute_first($aliasdomain_check_stmt, [\n\t\t\t\t\t'customerid' => $customerid,\n\t\t\t\t\t'aliasdomain' => $aliasdomain\n\t\t\t\t], true, true);\n\t\t\t}\n\n\t\t\tif (count($ipandports) == 0) {\n\t\t\t\tResponse::standardError('noipportgiven', '', true);\n\t\t\t}\n\n\t\t\tif ($aliasdomain_check['id'] != $aliasdomain) {\n\t\t\t\tResponse::standardError('domainisaliasorothercustomer', '', true);\n\t\t\t}\n\n\t\t\tif ($serveraliasoption != '1' && $serveraliasoption != '2') {\n\t\t\t\t$serveraliasoption = '0';\n\t\t\t}\n\n\t\t\t$wwwserveralias = ($serveraliasoption == '1') ? '1' : '0';\n\t\t\t$iswildcarddomain = ($serveraliasoption == '0') ? '1' : '0';\n\n\t\t\tif ($documentroot != $result['documentroot']\n\t\t\t\t|| $ssl_redirect != $result['ssl_redirect']\n\t\t\t\t|| $wwwserveralias != $result['wwwserveralias']\n\t\t\t\t|| $iswildcarddomain != $result['iswildcarddomain']\n\t\t\t\t|| $phpenabled != $result['phpenabled']\n\t\t\t\t|| $openbasedir != $result['openbasedir']\n\t\t\t\t|| $openbasedir_path != $result['openbasedir_path']\n\t\t\t\t|| $phpsettingid != $result['phpsettingid']\n\t\t\t\t|| $mod_fcgid_starter != $result['mod_fcgid_starter']\n\t\t\t\t|| $mod_fcgid_maxrequests != $result['mod_fcgid_maxrequests']\n\t\t\t\t|| $specialsettings != $result['specialsettings']\n\t\t\t\t|| $ssl_specialsettings != $result['ssl_specialsettings']\n\t\t\t\t|| $notryfiles != $result['notryfiles']\n\t\t\t\t|| $writeaccesslog != $result['writeaccesslog']\n\t\t\t\t|| $writeerrorlog != $result['writeerrorlog']\n\t\t\t\t|| $aliasdomain != $result['aliasdomain']\n\t\t\t\t|| $email_only != $result['email_only']\n\t\t\t\t|| ($speciallogfile != $result['speciallogfile'] && $speciallogverified == '1')\n\t\t\t\t|| $letsencrypt != $result['letsencrypt']\n\t\t\t\t|| $http2 != $result['http2']\n\t\t\t\t|| $http3 != $result['http3']\n\t\t\t\t|| $hsts_maxage != $result['hsts']\n\t\t\t\t|| $hsts_sub != $result['hsts_sub']\n\t\t\t\t|| $hsts_preload != $result['hsts_preload']\n\t\t\t\t|| $ocsp_stapling != $result['ocsp_stapling']\n\t\t\t\t|| $sslenabled != $result['ssl_enabled']\n\t\t\t\t|| $override_tls != $result['override_tls']\n\t\t\t\t|| implode(\",\", $ssl_protocols) != $result['ssl_protocols']\n\t\t\t) {\n\t\t\t\tCronjob::inserttask(TaskId::REBUILD_VHOST);\n\t\t\t}\n\n\t\t\tif ($dkim != $result['dkim']) {\n\t\t\t\tCronjob::inserttask(TaskId::REBUILD_RSPAMD);\n\t\t\t}\n\n\t\t\tif ($speciallogfile != $result['speciallogfile'] && $speciallogverified != '1') {\n\t\t\t\t$speciallogfile = $result['speciallogfile'];\n\t\t\t}\n\n\t\t\tif ($isbinddomain != $result['isbinddomain'] || $zonefile != $result['zonefile'] || $dkim != $result['dkim'] || $isemaildomain != $result['isemaildomain']) {\n\t\t\t\tCronjob::inserttask(TaskId::REBUILD_DNS);\n\t\t\t}\n\t\t\t// check whether nameserver has been disabled, #581\n\t\t\tif ($isbinddomain != $result['isbinddomain'] && $isbinddomain == 0) {\n\t\t\t\tCronjob::inserttask(TaskId::DELETE_DOMAIN_PDNS, $result['domain']);\n\t\t\t}\n\n\t\t\tif ($isemaildomain == '0' && $result['isemaildomain'] == '1') {\n\t\t\t\t$del_stmt = Database::prepare(\"\n\t\t\t\t\tDELETE FROM `\" . TABLE_MAIL_USERS . \"` WHERE `domainid` = :id\n\t\t\t\t\");\n\t\t\t\tDatabase::pexecute($del_stmt, [\n\t\t\t\t\t'id' => $id\n\t\t\t\t], true, true);\n\n\t\t\t\t$del_stmt = Database::prepare(\"\n\t\t\t\t\tDELETE FROM `\" . TABLE_MAIL_VIRTUAL . \"` WHERE `domainid` = :id\n\t\t\t\t\");\n\t\t\t\tDatabase::pexecute($del_stmt, [\n\t\t\t\t\t'id' => $id\n\t\t\t\t], true, true);\n\t\t\t\t$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, \"[API] deleted domain #\" . $id . \" from mail-tables as is-email-domain was set to 0\");\n\t\t\t}\n\n\t\t\t// check whether LE has been disabled, so we remove the certificate\n\t\t\tif ($letsencrypt == '0' && $result['letsencrypt'] == '1') {\n\t\t\t\t$del_stmt = Database::prepare(\"\n\t\t\t\t\tDELETE FROM `\" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . \"` WHERE `domainid` = :id\n\t\t\t\t\");\n\t\t\t\tDatabase::pexecute($del_stmt, [\n\t\t\t\t\t'id' => $id\n\t\t\t\t], true, true);\n\t\t\t\t// remove domain from acme.sh / lets encrypt if used\n\t\t\t\tCronjob::inserttask(TaskId::DELETE_DOMAIN_SSL, $result['domain']);\n\t\t\t}\n\n\t\t\t$updatechildren = '';\n\n\t\t\tif ($subcanemaildomain == '0' && $result['subcanemaildomain'] != '0') {\n\t\t\t\t$updatechildren = \", `isemaildomain` = '0' \";\n\t\t\t} elseif ($subcanemaildomain == '3' && $result['subcanemaildomain'] != '3') {\n\t\t\t\t$updatechildren = \", `isemaildomain` = '1' \";\n\t\t\t}\n\n\t\t\tif ($customerid != $result['customerid'] && Settings::Get('panel.allow_domain_change_customer') == '1') {\n\t\t\t\t$upd_data = [\n\t\t\t\t\t'customerid' => $customerid,\n\t\t\t\t\t'domainid' => $result['id']\n\t\t\t\t];\n\t\t\t\t$upd_stmt = Database::prepare(\"\n\t\t\t\t\tUPDATE `\" . TABLE_MAIL_USERS . \"` SET `customerid` = :customerid WHERE `domainid` = :domainid\n\t\t\t\t\");\n\t\t\t\tDatabase::pexecute($upd_stmt, $upd_data, true, true);\n\t\t\t\t$upd_stmt = Database::prepare(\"\n\t\t\t\t\tUPDATE `\" . TABLE_MAIL_VIRTUAL . \"` SET `customerid` = :customerid WHERE `domainid` = :domainid\n\t\t\t\t\");\n\t\t\t\tDatabase::pexecute($upd_stmt, $upd_data, true, true);\n\t\t\t\t$upd_data = [\n\t\t\t\t\t'subdomains' => $subdomains,\n\t\t\t\t\t'emails' => $emails,\n\t\t\t\t\t'forwarders' => $email_forwarders,\n\t\t\t\t\t'accounts' => $email_accounts\n\t\t\t\t];\n\t\t\t\t$upd_data['customerid'] = $customerid;\n\t\t\t\t$upd_stmt = Database::prepare(\"\n\t\t\t\t\tUPDATE `\" . TABLE_PANEL_CUSTOMERS . \"` SET\n\t\t\t\t\t`subdomains_used` = `subdomains_used` + :subdomains,\n\t\t\t\t\t`emails_used` = `emails_used` + :emails,\n\t\t\t\t\t`email_forwarders_used` = `email_forwarders_used` + :forwarders,\n\t\t\t\t\t`email_accounts_used` = `email_accounts_used` + :accounts\n\t\t\t\t\tWHERE `customerid` = :customerid\n\t\t\t\t\");\n\t\t\t\tDatabase::pexecute($upd_stmt, $upd_data, true, true);\n\n\t\t\t\t$upd_data['customerid'] = $result['customerid'];\n\t\t\t\t$upd_stmt = Database::prepare(\"\n\t\t\t\t\tUPDATE `\" . TABLE_PANEL_CUSTOMERS . \"` SET\n\t\t\t\t\t`subdomains_used` = `subdomains_used` - :subdomains,\n\t\t\t\t\t`emails_used` = `emails_used` - :emails,\n\t\t\t\t\t`email_forwarders_used` = `email_forwarders_used` - :forwarders,\n\t\t\t\t\t`email_accounts_used` = `email_accounts_used` - :accounts\n\t\t\t\t\tWHERE `customerid` = :customerid\n\t\t\t\t\");\n\t\t\t\tDatabase::pexecute($upd_stmt, $upd_data, true, true);\n\t\t\t}\n\n\t\t\tif ($adminid != $result['adminid'] && Settings::Get('panel.allow_domain_change_admin') == '1') {\n\t\t\t\t$upd_stmt = Database::prepare(\"\n\t\t\t\t\tUPDATE `\" . TABLE_PANEL_ADMINS . \"` SET `domains_used` = `domains_used` + 1 WHERE `adminid` = :adminid\n\t\t\t\t\");\n\t\t\t\tDatabase::pexecute($upd_stmt, [\n\t\t\t\t\t'adminid' => $adminid\n\t\t\t\t], true, true);\n\n\t\t\t\t$upd_stmt = Database::prepare(\"\n\t\t\t\t\tUPDATE `\" . TABLE_PANEL_ADMINS . \"` SET `domains_used` = `domains_used` - 1 WHERE `adminid` = :adminid\n\t\t\t\t\");\n\t\t\t\tDatabase::pexecute($upd_stmt, [\n\t\t\t\t\t'adminid' => $result['adminid']\n\t\t\t\t], true, true);\n\t\t\t}\n\n\t\t\t$_update_data = [];\n\n\t\t\tif ($ssfs == 1) {\n\t\t\t\t$_update_data['specialsettings'] = $specialsettings;\n\t\t\t\t$_update_data['ssl_specialsettings'] = $ssl_specialsettings;\n\t\t\t\t$_update_data['include_specialsettings'] = $include_specialsettings;\n\t\t\t\t$upd_specialsettings = \", `specialsettings` = :specialsettings, `ssl_specialsettings` = :ssl_specialsettings, `include_specialsettings` = :include_specialsettings \";\n\t\t\t} else {\n\t\t\t\t$upd_specialsettings = '';\n\t\t\t\t$upd_stmt = Database::prepare(\"\n\t\t\t\t\tUPDATE `\" . TABLE_PANEL_DOMAINS . \"` SET `specialsettings`='', `ssl_specialsettings`='', `include_specialsettings`='0' WHERE `parentdomainid` = :id\n\t\t\t\t\");\n\t\t\t\tDatabase::pexecute($upd_stmt, [\n\t\t\t\t\t'id' => $id\n\t\t\t\t], true, true);\n\t\t\t\t$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, \"[API] removed specialsettings on all subdomains of domain #\" . $id);\n\t\t\t}\n\n\t\t\t$wwwserveralias = ($serveraliasoption == '1') ? '1' : '0';\n\t\t\t$iswildcarddomain = ($serveraliasoption == '0') ? '1' : '0';\n\n\t\t\t$update_data = [];\n\t\t\t$update_data['customerid'] = $customerid;\n\t\t\t$update_data['adminid'] = $adminid;\n\t\t\t$update_data['documentroot'] = $documentroot;\n\t\t\t$update_data['ssl_redirect'] = $ssl_redirect;\n\t\t\t$update_data['aliasdomain'] = ($aliasdomain != 0 && $alias_check == 0) ? $aliasdomain : null;\n\t\t\t$update_data['isbinddomain'] = $isbinddomain;\n\t\t\t$update_data['isemaildomain'] = $isemaildomain;\n\t\t\t$update_data['email_only'] = $email_only;\n\t\t\t$update_data['subcanemaildomain'] = $subcanemaildomain;\n\t\t\t$update_data['dkim'] = $dkim;\n\t\t\t$update_data['caneditdomain'] = $caneditdomain;\n\t\t\t$update_data['zonefile'] = $zonefile;\n\t\t\t$update_data['wwwserveralias'] = $wwwserveralias;\n\t\t\t$update_data['iswildcarddomain'] = $iswildcarddomain;\n\t\t\t$update_data['phpenabled'] = $phpenabled;\n\t\t\t$update_data['openbasedir'] = $openbasedir;\n\t\t\t$update_data['openbasedir_path'] = $openbasedir_path;\n\t\t\t$update_data['speciallogfile'] = $speciallogfile;\n\t\t\t$update_data['phpsettingid'] = $phpsettingid;\n\t\t\t$update_data['mod_fcgid_starter'] = $mod_fcgid_starter;\n\t\t\t$update_data['mod_fcgid_maxrequests'] = $mod_fcgid_maxrequests;\n\t\t\t$update_data['specialsettings'] = $specialsettings;\n\t\t\t$update_data['ssl_specialsettings'] = $ssl_specialsettings;\n\t\t\t$update_data['include_specialsettings'] = $include_specialsettings;\n\t\t\t$update_data['notryfiles'] = $notryfiles;\n\t\t\t$update_data['writeaccesslog'] = $writeaccesslog;\n\t\t\t$update_data['writeerrorlog'] = $writeerrorlog;\n\t\t\t$update_data['registration_date'] = $registration_date;\n\t\t\t$update_data['termination_date'] = $termination_date;\n\t\t\t$update_data['letsencrypt'] = $letsencrypt;\n\t\t\t$update_data['http2'] = $http2;\n\t\t\t$update_data['http3'] = $http3;\n\t\t\t$update_data['hsts'] = $hsts_maxage;\n\t\t\t$update_data['hsts_sub'] = $hsts_sub;\n\t\t\t$update_data['hsts_preload'] = $hsts_preload;\n\t\t\t$update_data['ocsp_stapling'] = $ocsp_stapling;\n\t\t\t$update_data['override_tls'] = $override_tls;\n\t\t\t$update_data['ssl_protocols'] = implode(\",\", $ssl_protocols);\n\t\t\t$update_data['ssl_cipher_list'] = $ssl_cipher_list;\n\t\t\t$update_data['tlsv13_cipher_list'] = $tlsv13_cipher_list;\n\t\t\t$update_data['sslenabled'] = $sslenabled;\n\t\t\t$update_data['honorcipherorder'] = $honorcipherorder;\n\t\t\t$update_data['sessiontickets'] = $sessiontickets;\n\t\t\t$update_data['description'] = $description;\n\t\t\t$update_data['deactivated'] = $deactivated;\n\t\t\t$update_data['id'] = $id;\n\n\t\t\t$update_stmt = Database::prepare(\"\n\t\t\t\tUPDATE `\" . TABLE_PANEL_DOMAINS . \"` SET\n\t\t\t\t`customerid` = :customerid,\n\t\t\t\t`adminid` = :adminid,\n\t\t\t\t`documentroot` = :documentroot,\n\t\t\t\t`ssl_redirect` = :ssl_redirect,\n\t\t\t\t`aliasdomain` = :aliasdomain,\n\t\t\t\t`isbinddomain` = :isbinddomain,\n\t\t\t\t`isemaildomain` = :isemaildomain,\n\t\t\t\t`email_only` = :email_only,\n\t\t\t\t`subcanemaildomain` = :subcanemaildomain,\n\t\t\t\t`dkim` = :dkim,\n\t\t\t\t`caneditdomain` = :caneditdomain,\n\t\t\t\t`zonefile` = :zonefile,\n\t\t\t\t`wwwserveralias` = :wwwserveralias,\n\t\t\t\t`iswildcarddomain` = :iswildcarddomain,\n\t\t\t\t`phpenabled` = :phpenabled,\n\t\t\t\t`openbasedir` = :openbasedir,\n\t\t\t\t`openbasedir_path` = :openbasedir_path,\n\t\t\t\t`speciallogfile` = :speciallogfile,\n\t\t\t\t`phpsettingid` = :phpsettingid,\n\t\t\t\t`mod_fcgid_starter` = :mod_fcgid_starter,\n\t\t\t\t`mod_fcgid_maxrequests` = :mod_fcgid_maxrequests,\n\t\t\t\t`specialsettings` = :specialsettings,\n\t\t\t\t`ssl_specialsettings` = :ssl_specialsettings,\n\t\t\t\t`include_specialsettings` = :include_specialsettings,\n\t\t\t\t`notryfiles` = :notryfiles,\n\t\t\t\t`writeaccesslog` = :writeaccesslog,\n\t\t\t\t`writeerrorlog` = :writeerrorlog,\n\t\t\t\t`registration_date` = :registration_date,\n\t\t\t\t`termination_date` = :termination_date,\n\t\t\t\t`letsencrypt` = :letsencrypt,\n\t\t\t\t`http2` = :http2,\n\t\t\t\t`http3` = :http3,\n\t\t\t\t`hsts` = :hsts,\n\t\t\t\t`hsts_sub` = :hsts_sub,\n\t\t\t\t`hsts_preload` = :hsts_preload,\n\t\t\t\t`ocsp_stapling` = :ocsp_stapling,\n\t\t\t\t`override_tls` = :override_tls,\n\t\t\t\t`ssl_protocols` = :ssl_protocols,\n\t\t\t\t`ssl_cipher_list` = :ssl_cipher_list,\n\t\t\t\t`tlsv13_cipher_list` = :tlsv13_cipher_list,\n\t\t\t\t`ssl_enabled` = :sslenabled,\n\t\t\t\t`ssl_honorcipherorder` = :honorcipherorder,\n\t\t\t\t`ssl_sessiontickets` = :sessiontickets,\n\t\t\t\t`description` = :description,\n\t\t\t\t`deactivated` = :deactivated\n\t\t\t\tWHERE `id` = :id\n\t\t\t\");\n\t\t\tDatabase::pexecute($update_stmt, $update_data, true, true);\n\n\t\t\t// activate/deactivate domain-based services\n\t\t\tif ($deactivated != $result['deactivated']) {\n\t\t\t\t// deactivate email accounts\n\t\t\t\t$yesno = ($deactivated ? 'N' : 'Y');\n\t\t\t\t$pop3 = ($deactivated ? '0' : (int)$customer['pop3']);\n\t\t\t\t$imap = ($deactivated ? '0' : (int)$customer['imap']);\n\n\t\t\t\t$upd_stmt = Database::prepare(\"\n\t\t\t\t\tUPDATE `\" . TABLE_MAIL_USERS . \"`\n\t\t\t\t\tSET `postfix`= :yesno, `pop3` = :pop3, `imap` = :imap\n\t\t\t\t\tWHERE `customerid` = :customerid AND `domainid` = :domainid\n\t\t\t\t\");\n\t\t\t\tDatabase::pexecute($upd_stmt, [\n\t\t\t\t\t'yesno' => $yesno,\n\t\t\t\t\t'pop3' => $pop3,\n\t\t\t\t\t'imap' => $imap,\n\t\t\t\t\t'customerid' => $customerid,\n\t\t\t\t\t'domainid' => $id\n\t\t\t\t]);\n\n\t\t\t\t$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, \"[API] \" . ($deactivated ? 'deactivated' : 'reactivated') . \" domain '\" . $result['domain'] . \"'\");\n\t\t\t\tCronjob::inserttask(TaskId::REBUILD_VHOST);\n\t\t\t}\n\n\t\t\t$_update_data['customerid'] = $customerid;\n\t\t\t$_update_data['adminid'] = $adminid;\n\t\t\t$_update_data['phpenabled'] = $phpenabled;\n\t\t\t$_update_data['openbasedir'] = $openbasedir;\n\t\t\t$_update_data['openbasedir_path'] = $openbasedir_path;\n\t\t\t$_update_data['mod_fcgid_starter'] = $mod_fcgid_starter;\n\t\t\t$_update_data['mod_fcgid_maxrequests'] = $mod_fcgid_maxrequests;\n\t\t\t$_update_data['notryfiles'] = $notryfiles;\n\t\t\t$_update_data['writeaccesslog'] = $writeaccesslog;\n\t\t\t$_update_data['writeerrorlog'] = $writeerrorlog;\n\t\t\t$_update_data['override_tls'] = $override_tls;\n\t\t\t$_update_data['ssl_protocols'] = implode(\",\", $ssl_protocols);\n\t\t\t$_update_data['ssl_cipher_list'] = $ssl_cipher_list;\n\t\t\t$_update_data['tlsv13_cipher_list'] = $tlsv13_cipher_list;\n\t\t\t$_update_data['honorcipherorder'] = $honorcipherorder;\n\t\t\t$_update_data['sessiontickets'] = $sessiontickets;\n\t\t\t$_update_data['parentdomainid'] = $id;\n\t\t\t$_update_data['deactivated'] = $deactivated;\n\n\t\t\t// if php config is to be set for all subdomains, check here\n\t\t\t$update_phpconfig = '';\n\t\t\tif ($phpfs == 1) {\n\t\t\t\t$_update_data['phpsettingid'] = $phpsettingid;\n\t\t\t\t$update_phpconfig = \", `phpsettingid` = :phpsettingid\";\n\t\t\t}\n\t\t\t// if we have no more ssl-ip's for this domain,\n\t\t\t// all its subdomains must have \"ssl-redirect = 0\"\n\t\t\t// and disable let's encrypt\n\t\t\t$update_sslredirect = '';\n\t\t\tif (count($ssl_ipandports) == 1 && $ssl_ipandports[0] == -1) {\n\t\t\t\t$update_sslredirect = \", `ssl_redirect` = '0', `letsencrypt` = '0' \";\n\t\t\t}\n\n\t\t\t$_update_stmt = Database::prepare(\"\n\t\t\t\tUPDATE `\" . TABLE_PANEL_DOMAINS . \"` SET\n\t\t\t\t`customerid` = :customerid,\n\t\t\t\t`adminid` = :adminid,\n\t\t\t\t`phpenabled` = :phpenabled,\n\t\t\t\t`openbasedir` = :openbasedir,\n\t\t\t\t`openbasedir_path` = :openbasedir_path,\n\t\t\t\t`mod_fcgid_starter` = :mod_fcgid_starter,\n\t\t\t\t`mod_fcgid_maxrequests` = :mod_fcgid_maxrequests,\n\t\t\t\t`notryfiles` = :notryfiles,\n\t\t\t\t`writeaccesslog` = :writeaccesslog,\n\t\t\t\t`writeerrorlog` = :writeerrorlog,\n\t\t\t\t`override_tls` = :override_tls,\n\t\t\t\t`ssl_protocols` = :ssl_protocols,\n\t\t\t\t`ssl_cipher_list` = :ssl_cipher_list,\n\t\t\t\t`tlsv13_cipher_list` = :tlsv13_cipher_list,\n\t\t\t\t`ssl_honorcipherorder` = :honorcipherorder,\n\t\t\t\t`ssl_sessiontickets` = :sessiontickets,\n\t\t\t\t`deactivated` = :deactivated\n\t\t\t\t\" . $update_phpconfig . $upd_specialsettings . $updatechildren . $update_sslredirect . \"\n\t\t\t\tWHERE `parentdomainid` = :parentdomainid\n\t\t\t\");\n\t\t\tDatabase::pexecute($_update_stmt, $_update_data, true, true);\n\n\t\t\t// get current ip<>domain entries\n\t\t\t$ip_sel_stmt = Database::prepare(\"\n\t\t\t\tSELECT id_ipandports FROM `\" . TABLE_DOMAINTOIP . \"` WHERE `id_domain` = :id\n\t\t\t\");\n\t\t\tDatabase::pexecute($ip_sel_stmt, [\n\t\t\t\t'id' => $id\n\t\t\t], true, true);\n\t\t\t$current_ips = [];\n\t\t\twhile ($cIP = $ip_sel_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t$current_ips[] = $cIP['id_ipandports'];\n\t\t\t}\n\n\t\t\t// Cleanup domain <-> ip mapping\n\t\t\t$del_stmt = Database::prepare(\"\n\t\t\t\tDELETE FROM `\" . TABLE_DOMAINTOIP . \"` WHERE `id_domain` = :id\n\t\t\t\");\n\t\t\tDatabase::pexecute($del_stmt, [\n\t\t\t\t'id' => $id\n\t\t\t], true, true);\n\n\t\t\t$ins_stmt = Database::prepare(\"\n\t\t\t\tINSERT INTO `\" . TABLE_DOMAINTOIP . \"` SET `id_domain` = :domainid, `id_ipandports` = :ipportid\n\t\t\t\");\n\n\t\t\tforeach ($ipandports as $ipportid) {\n\t\t\t\tDatabase::pexecute($ins_stmt, [\n\t\t\t\t\t'domainid' => $id,\n\t\t\t\t\t'ipportid' => $ipportid\n\t\t\t\t], true, true);\n\t\t\t}\n\t\t\tforeach ($ssl_ipandports as $ssl_ipportid) {\n\t\t\t\tif ($ssl_ipportid > 0) {\n\t\t\t\t\tDatabase::pexecute($ins_stmt, [\n\t\t\t\t\t\t'domainid' => $id,\n\t\t\t\t\t\t'ipportid' => $ssl_ipportid\n\t\t\t\t\t], true, true);\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// check ip changes\n\t\t\t$all_new_ips = array_merge($ipandports, $ssl_ipandports);\n\t\t\tif (count(array_diff($current_ips, $all_new_ips)) != 0 || count(array_diff($all_new_ips, $current_ips)) != 0) {\n\t\t\t\tCronjob::inserttask(TaskId::REBUILD_VHOST);\n\t\t\t}\n\n\t\t\t// Cleanup domain <-> ip mapping for subdomains\n\t\t\t$domainidsresult_stmt = Database::prepare(\"\n\t\t\t\tSELECT `id` FROM `\" . TABLE_PANEL_DOMAINS . \"` WHERE `parentdomainid` = :id\n\t\t\t\");\n\t\t\tDatabase::pexecute($domainidsresult_stmt, [\n\t\t\t\t'id' => $id\n\t\t\t], true, true);\n\n\t\t\twhile ($row = $domainidsresult_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t$del_stmt = Database::prepare(\"\n\t\t\t\t\tDELETE FROM `\" . TABLE_DOMAINTOIP . \"` WHERE `id_domain` = :rowid\n\t\t\t\t\");\n\t\t\t\tDatabase::pexecute($del_stmt, [\n\t\t\t\t\t'rowid' => $row['id']\n\t\t\t\t], true, true);\n\n\t\t\t\t$ins_stmt = Database::prepare(\"\n\t\t\t\t\tINSERT INTO `\" . TABLE_DOMAINTOIP . \"` SET\n\t\t\t\t\t`id_domain` = :rowid,\n\t\t\t\t\t`id_ipandports` = :ipportid\n\t\t\t\t\");\n\n\t\t\t\tforeach ($ipandports as $ipportid) {\n\t\t\t\t\tDatabase::pexecute($ins_stmt, [\n\t\t\t\t\t\t'rowid' => $row['id'],\n\t\t\t\t\t\t'ipportid' => $ipportid\n\t\t\t\t\t], true, true);\n\t\t\t\t}\n\t\t\t\tforeach ($ssl_ipandports as $ssl_ipportid) {\n\t\t\t\t\tif ($ssl_ipportid > 0) {\n\t\t\t\t\t\tDatabase::pexecute($ins_stmt, [\n\t\t\t\t\t\t\t'rowid' => $row['id'],\n\t\t\t\t\t\t\t'ipportid' => $ssl_ipportid\n\t\t\t\t\t\t], true, true);\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t\tif ($result['aliasdomain'] != $aliasdomain && is_numeric($result['aliasdomain'])) {\n\t\t\t\t// trigger when domain id for alias destination has changed: both for old and new destination\n\t\t\t\tDomain::triggerLetsEncryptCSRForAliasDestinationDomain($result['aliasdomain'], $this->logger());\n\t\t\t\tDomain::triggerLetsEncryptCSRForAliasDestinationDomain($aliasdomain, $this->logger());\n\t\t\t}\n\t\t\tif ($result['wwwserveralias'] != $wwwserveralias || $result['letsencrypt'] != $letsencrypt) {\n\t\t\t\t// or when wwwserveralias or letsencrypt was changed\n\t\t\t\tif ((int)$aliasdomain === 0) {\n\t\t\t\t\t// in case the wwwserveralias is set on a main domain, $aliasdomain is 0\n\t\t\t\t\tDomain::triggerLetsEncryptCSRForAliasDestinationDomain($id, $this->logger());\n\t\t\t\t} else {\n\t\t\t\t\tDomain::triggerLetsEncryptCSRForAliasDestinationDomain($aliasdomain, $this->logger());\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_WARNING, \"[API] updated domain '\" . $idna_convert->decode($result['domain']) . \"'\");\n\t\t\t$result = $this->apiCall('Domains.get', [\n\t\t\t\t'domainname' => $result['domain']\n\t\t\t]);\n\t\t\treturn $this->response($result);\n\t\t}\n\t\tthrow new Exception(\"Not allowed to execute given command.\", 403);\n\t}\n\n\t/**\n\t * delete a domain entry by either id or domainname\n\t *\n\t * @param int $id\n\t * optional, the domain-id\n\t * @param string $domainname\n\t * optional, the domainname\n\t * @param bool $is_stdsubdomain\n\t * optional, default false, specify whether it's a std-subdomain you are deleting as it does not count\n\t * as subdomain-resource\n\t * @param bool $delete_userfiles\n\t * optional, delete email account files on filesystem (if any), default false\n\t *\n\t * @access admin\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function delete()\n\t{\n\t\tif ($this->isAdmin()) {\n\t\t\t$id = $this->getParam('id', true, 0);\n\t\t\t$dn_optional = $id > 0;\n\t\t\t$domainname = $this->getParam('domainname', $dn_optional, '');\n\t\t\t$is_stdsubdomain = $this->getBoolParam('is_stdsubdomain', true, 0);\n\t\t\t$delete_user_emailfiles = $this->getBoolParam('delete_userfiles', true, 0);\n\n\t\t\t$result = $this->apiCall('Domains.get', [\n\t\t\t\t'id' => $id,\n\t\t\t\t'domainname' => $domainname\n\t\t\t]);\n\t\t\t$id = $result['id'];\n\n\t\t\t$subresult_stmt = Database::prepare(\"\n\t\t\t\tSELECT `id` FROM `\" . TABLE_PANEL_DOMAINS . \"`\n\t\t\t\tWHERE (`id` = :id OR `parentdomainid` = :id)\n\t\t\t\");\n\t\t\tDatabase::pexecute($subresult_stmt, [\n\t\t\t\t'id' => $id\n\t\t\t], true, true);\n\t\t\t$idString = [];\n\t\t\t$paramString = [];\n\t\t\twhile ($subRow = $subresult_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t$idString[] = \"`domainid` = :domain_\" . (int)$subRow['id'];\n\t\t\t\t$paramString['domain_' . $subRow['id']] = $subRow['id'];\n\t\t\t}\n\t\t\t$idString = implode(' OR ', $idString);\n\n\t\t\tif ($idString != '') {\n\t\t\t\tif ($delete_user_emailfiles) {\n\t\t\t\t\t// determine all connected email-accounts\n\t\t\t\t\t$emailaccount_sel = Database::prepare(\"SELECT `email`, `homedir`, `maildir` FROM `\" . TABLE_MAIL_USERS . \"` WHERE \" . $idString);\n\t\t\t\t\tDatabase::pexecute($emailaccount_sel, $paramString, true, true);\n\t\t\t\t\twhile ($emailacc_row = $emailaccount_sel->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t\t\tCronjob::inserttask(TaskId::DELETE_EMAIL_DATA, $emailacc_row['email'], FileDir::makeCorrectDir($emailacc_row['homedir'] . '/' . $emailacc_row['maildir']));\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\t$del_stmt = Database::prepare(\"\n\t\t\t\t\t\tDELETE FROM `\" . TABLE_MAIL_USERS . \"` WHERE \" . $idString);\n\t\t\t\tDatabase::pexecute($del_stmt, $paramString, true, true);\n\t\t\t\t$del_stmt = Database::prepare(\"\n\t\t\t\t\t\tDELETE FROM `\" . TABLE_MAIL_VIRTUAL . \"` WHERE \" . $idString);\n\t\t\t\tDatabase::pexecute($del_stmt, $paramString, true, true);\n\t\t\t\t$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, \"[API] deleted domain/s from mail-tables\");\n\t\t\t}\n\n\t\t\t$del_stmt = Database::prepare(\"\n\t\t\t\tDELETE FROM `\" . TABLE_PANEL_DOMAINS . \"`\n\t\t\t\tWHERE `id` = :id OR `parentdomainid` = :id\n\t\t\t\");\n\t\t\tDatabase::pexecute($del_stmt, [\n\t\t\t\t'id' => $id\n\t\t\t], true, true);\n\n\t\t\t$deleted_domains = $del_stmt->rowCount();\n\n\t\t\tif ($is_stdsubdomain == 0) {\n\t\t\t\t$upd_stmt = Database::prepare(\"\n\t\t\t\t\t\tUPDATE `\" . TABLE_PANEL_CUSTOMERS . \"` SET\n\t\t\t\t\t\t`subdomains_used` = `subdomains_used` - :domaincount\n\t\t\t\t\t\tWHERE `customerid` = :customerid\");\n\t\t\t\tDatabase::pexecute($upd_stmt, [\n\t\t\t\t\t'domaincount' => ($deleted_domains - 1),\n\t\t\t\t\t'customerid' => $result['customerid']\n\t\t\t\t], true, true);\n\n\t\t\t\t$upd_stmt = Database::prepare(\"\n\t\t\t\t\t\tUPDATE `\" . TABLE_PANEL_ADMINS . \"` SET\n\t\t\t\t\t\t`domains_used` = `domains_used` - 1\n\t\t\t\t\t\tWHERE `adminid` = :adminid\");\n\t\t\t\tDatabase::pexecute($upd_stmt, [\n\t\t\t\t\t'adminid' => $this->getUserDetail('adminid')\n\t\t\t\t], true, true);\n\t\t\t}\n\n\t\t\t$upd_stmt = Database::prepare(\"\n\t\t\t\t\tUPDATE `\" . TABLE_PANEL_CUSTOMERS . \"` SET\n\t\t\t\t\t`standardsubdomain` = '0'\n\t\t\t\t\tWHERE `standardsubdomain` = :id AND `customerid` = :customerid\");\n\t\t\tDatabase::pexecute($upd_stmt, [\n\t\t\t\t'id' => $result['id'],\n\t\t\t\t'customerid' => $result['customerid']\n\t\t\t], true, true);\n\n\t\t\t$del_stmt = Database::prepare(\"\n\t\t\t\t\tDELETE FROM `\" . TABLE_DOMAINTOIP . \"`\n\t\t\t\t\tWHERE `id_domain` = :domainid\");\n\t\t\tDatabase::pexecute($del_stmt, [\n\t\t\t\t'domainid' => $id\n\t\t\t], true, true);\n\n\t\t\t$del_stmt = Database::prepare(\"\n\t\t\t\t\tDELETE FROM `\" . TABLE_PANEL_DOMAINREDIRECTS . \"`\n\t\t\t\t\tWHERE `did` = :domainid\");\n\t\t\tDatabase::pexecute($del_stmt, [\n\t\t\t\t'domainid' => $id\n\t\t\t], true, true);\n\n\t\t\t// remove certificate from domain_ssl_settings, fixes #1596\n\t\t\t$del_stmt = Database::prepare(\"\n\t\t\t\t\tDELETE FROM `\" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . \"`\n\t\t\t\t\tWHERE `domainid` = :domainid\");\n\t\t\tDatabase::pexecute($del_stmt, [\n\t\t\t\t'domainid' => $id\n\t\t\t], true, true);\n\n\t\t\t// remove possible existing DNS entries\n\t\t\t$del_stmt = Database::prepare(\"\n\t\t\t\t\tDELETE FROM `\" . TABLE_DOMAIN_DNS . \"`\n\t\t\t\t\tWHERE `domain_id` = :domainid\n\t\t\t\t\");\n\t\t\tDatabase::pexecute($del_stmt, [\n\t\t\t\t'domainid' => $id\n\t\t\t], true, true);\n\n\t\t\tif ((int)$result['aliasdomain'] !== 0) {\n\t\t\t\tDomain::triggerLetsEncryptCSRForAliasDestinationDomain($result['aliasdomain'], $this->logger());\n\t\t\t}\n\n\t\t\t// remove domains DNS from powerDNS if used, #581\n\t\t\tCronjob::inserttask(TaskId::DELETE_DOMAIN_PDNS, $result['domain']);\n\n\t\t\t// remove domain from acme.sh / lets encrypt if used\n\t\t\tCronjob::inserttask(TaskId::DELETE_DOMAIN_SSL, $result['domain']);\n\n\t\t\t$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_WARNING, \"[API] deleted domain/subdomains (#\" . $result['id'] . \")\");\n\t\t\tUser::updateCounters();\n\t\t\tCronjob::inserttask(TaskId::REBUILD_VHOST);\n\t\t\t// Using nameserver, insert a task which rebuilds the server config\n\t\t\tCronjob::inserttask(TaskId::REBUILD_DNS);\n\t\t\treturn $this->response($result);\n\t\t}\n\t\tthrow new Exception(\"Not allowed to execute given command.\", 403);\n\t}\n\n\t/**\n\t * duplicate domain entry by either id or domainname. All parameters from Domains.add() can be used\n\t * to overwrite source entity values if necessary.\n\t *\n\t * @param int $id\n\t * optional, the domain-id\n\t * @param string $domainname\n\t * optional, the domainname\n\t * @param string $domain\n\t * required, name of the new domain to be added\n\t *\n\t * @access admin\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function duplicate()\n\t{\n\t\tif ($this->isAdmin()) {\n\t\t\t// parameters\n\t\t\t$id = $this->getParam('id', true, 0);\n\t\t\t$dn_optional = $id > 0;\n\t\t\t$domainname = $this->getParam('domainname', $dn_optional, '');\n\t\t\t$p_domain = $this->getParam('domain');\n\n\t\t\t// get requested domain\n\t\t\t$result = $this->apiCall('Domains.get', [\n\t\t\t\t'id' => $id,\n\t\t\t\t'domainname' => $domainname,\n\t\t\t]);\n\n\t\t\t// clear some defaults\n\t\t\tunset($result['domain_ace']);\n\t\t\tunset($result['adminid']);\n\t\t\tunset($result['documentroot']);\n\t\t\tunset($result['registration_date']);\n\t\t\tunset($result['termination_date']);\n\t\t\tunset($result['zonefile']);\n\t\t\t// clear auto-generated values\n\t\t\tunset($result['bindserial']);\n\t\t\tunset($result['dkim_privkey']);\n\t\t\tunset($result['dkim_pubkey']);\n\t\t\t// clear api-call generated fields\n\t\t\tunset($result['domain_hascert']);\n\n\t\t\t// set correct ip/port information\n\t\t\t$domain_ips = $result['ipsandports'];\n\t\t\tunset($result['ipsandports']);\n\t\t\t$result['ipandport'] = [];\n\t\t\t$result['ssl_ipandport'] = [];\n\t\t\tforeach ($domain_ips as $dip) {\n\t\t\t\tif ($dip['ssl'] == 1) {\n\t\t\t\t\t$result['ssl_ipandport'][] = $dip['id'];\n\t\t\t\t} else {\n\t\t\t\t\t$result['ipandport'][] = $dip['id'];\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// check whether we are changing the customer/owner\n\t\t\tif ($this->getParam('customerid', true, 0) == 0 && $this->getParam('loginname', true, '') == '') {\n\t\t\t\t$customerid = $result['customerid'];\n\t\t\t} else {\n\t\t\t\t$customer = $this->getCustomerData();\n\t\t\t\t$customerid = $customer['customerid'];\n\t\t\t}\n\n\t\t\t// check for alias-domain and whether it belongs to the target user\n\t\t\tif (!empty($result['aliasdomain']) && $customerid == $result['customerid']) {\n\t\t\t\t// duplicate alias entry\n\t\t\t\t$result['alias'] = $result['aliasdomain'];\n\t\t\t}\n\t\t\tunset($result['aliasdomain']);\n\n\t\t\t// validate possible fpm configs and whether the customer is allowed to use them\n\t\t\tif ($customerid != $result['customerid']) {\n\t\t\t\t$allowed_phpconfigs = json_decode($customer['allowed_phpconfigs'] ?? '[]', true);\n\t\t\t\tif (empty($allowed_phpconfigs)) {\n\t\t\t\t\t// system defaults\n\t\t\t\t\tunset($result['phpsettingid']);\n\t\t\t\t} elseif (!in_array($result['phpsettingid'], $allowed_phpconfigs)) {\n\t\t\t\t\t// use the first customer allowed config\n\t\t\t\t\t$result['phpsettingid'] = array_shift($allowed_phpconfigs);\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// translate serveralias values\n\t\t\t$result['selectserveralias'] = 2;\n\t\t\tif ((int)$result['wwwserveralias'] == 1) {\n\t\t\t\t$result['selectserveralias'] = 1;\n\t\t\t} elseif ((int)$result['iswildcarddomain'] == 1) {\n\t\t\t\t$result['selectserveralias'] = 0;\n\t\t\t}\n\t\t\tunset($result['wwwserveralias']);\n\t\t\tunset($result['iswildcarddomain']);\n\n\t\t\t// translate sslenabled flag\n\t\t\t$result['sslenabled'] = $result['ssl_enabled'];\n\t\t\tunset($result['ssl_enabled']);\n\n\t\t\t$additional_params = $this->getParamList();\n\t\t\t// unset unneeded params from this call\n\t\t\tunset($additional_params['id']);\n\t\t\tunset($additional_params['domainname']);\n\t\t\tunset($additional_params['domain']);\n\n\t\t\t// set new values and merge with optional add() parameters\n\t\t\t$new_domain = array_merge($result, $additional_params);\n\t\t\t$new_domain['domain'] = $p_domain;\n\n\t\t\t$result_new = $this->apiCall('Domains.add', $new_domain);\n\t\t\treturn $this->response($result_new);\n\t\t}\n\t\tthrow new Exception(\"Not allowed to execute given command.\", 403);\n\t}\n}\n" }, { "path": "lib/Froxlor/Api/Commands/EmailAccounts.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Api\\Commands;\n\nuse Exception;\nuse Froxlor\\Api\\ApiCommand;\nuse Froxlor\\Api\\ResourceEntity;\nuse Froxlor\\Cron\\TaskId;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\FileDir;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\Idna\\IdnaWrapper;\nuse Froxlor\\Settings;\nuse Froxlor\\System\\Cronjob;\nuse Froxlor\\System\\Crypt;\nuse Froxlor\\UI\\Response;\nuse Froxlor\\User;\nuse Froxlor\\Validate\\Check;\nuse Froxlor\\Validate\\Validate;\n\n/**\n * @since 0.10.0\n */\nclass EmailAccounts extends ApiCommand implements ResourceEntity\n{\n\n\t/**\n\t * add a new email account for a given email-address either by id or emailaddr\n\t *\n\t * @param int $id\n\t * optional email-address-id of email-address to add the account for\n\t * @param string $emailaddr\n\t * optional email-address to add the account for\n\t * @param int $customerid\n\t * optional, required when called as admin (if $loginname is not specified)\n\t * @param string $loginname\n\t * optional, required when called as admin (if $customerid is not specified)\n\t * @param string $email_password\n\t * password for the account\n\t * @param string $alternative_email\n\t * optional email address to send account information to, default is the account that is being created\n\t * @param int $email_quota\n\t * optional quota if enabled in MB, default setting: system.mail_quota\n\t * @param bool $sendinfomail\n\t * optional, sends the welcome message to the new account (needed for creation, without the user won't\n\t * be able to login before any mail is received), default 1 (true)\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function add()\n\t{\n\t\tif ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'email')) {\n\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t}\n\n\t\tif ($this->getUserDetail('email_accounts_used') < $this->getUserDetail('email_accounts') || $this->getUserDetail('email_accounts') == '-1') {\n\t\t\t// parameter\n\t\t\t$id = $this->getParam('id', true, 0);\n\t\t\t$ea_optional = $id > 0;\n\t\t\t$emailaddr = $this->getParam('emailaddr', $ea_optional, '');\n\t\t\t$email_password = $this->getParam('email_password');\n\t\t\t$alternative_email = $this->getParam('alternative_email', true, '');\n\t\t\t$quota = $this->getParam('email_quota', true, Settings::Get('system.mail_quota') ?? 0);\n\t\t\t$sendinfomail = $this->getBoolParam('sendinfomail', true, 1);\n\n\t\t\t// validation\n\t\t\t$quota = Validate::validate($quota, 'email_quota', '/^\\d+$/', 'vmailquotawrong', [], true);\n\n\t\t\t// get needed customer info to reduce the email-account-counter by one\n\t\t\t$customer = $this->getCustomerData('email_accounts');\n\n\t\t\t// check for imap||pop3 == 1, see #1298\n\t\t\t// d00p, 6.5.2023 @revert this - if a customer has resources which allow email accounts\n\t\t\t// it implicitly allowed SMTP, e.g. sending of emails which also requires an account to exist\n\t\t\t/*\n\t\t\tif ($customer['imap'] != '1' && $customer['pop3'] != '1') {\n\t\t\t\tResponse::standardError('notallowedtouseaccounts', '', true);\n\t\t\t}\n\t\t\t*/\n\n\t\t\tif (!empty($emailaddr)) {\n\t\t\t\t$idna_convert = new IdnaWrapper();\n\t\t\t\t$emailaddr = $idna_convert->encode($emailaddr);\n\t\t\t}\n\n\t\t\t// get email address\n\t\t\t$result = $this->apiCall('Emails.get', [\n\t\t\t\t'id' => $id,\n\t\t\t\t'emailaddr' => $emailaddr\n\t\t\t]);\n\t\t\t$id = $result['id'];\n\n\t\t\t$idna_convert = new IdnaWrapper();\n\t\t\t$email_full = $result['email_full'];\n\t\t\t$username = $email_full;\n\t\t\t$password = Validate::validate($email_password, 'password', '', '', [], true);\n\t\t\t$password = Crypt::validatePassword($password, true);\n\n\t\t\tif ($result['popaccountid'] != 0) {\n\t\t\t\tthrow new Exception(\"Email address '\" . $email_full . \"' has already an account assigned.\", 406);\n\t\t\t}\n\n\t\t\tif (Check::checkMailAccDeletionState($email_full)) {\n\t\t\t\tResponse::standardError([\n\t\t\t\t\t'mailaccistobedeleted'\n\t\t\t\t], $email_full, true);\n\t\t\t}\n\n\t\t\t// alternative email address to send info to\n\t\t\tif (Settings::Get('panel.sendalternativemail') == 1) {\n\t\t\t\t$alternative_email = $idna_convert->encode(Validate::validate($alternative_email, 'alternative_email', '', '', [], true));\n\t\t\t\tif (!empty($alternative_email) && !Validate::validateEmail($alternative_email)) {\n\t\t\t\t\tResponse::standardError('alternativeemailiswrong', $alternative_email, true);\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\t$alternative_email = '';\n\t\t\t}\n\n\t\t\t// validate quota if enabled\n\t\t\tif (Settings::Get('system.mail_quota_enabled') == 1) {\n\t\t\t\tif ($customer['email_quota'] != '-1' && ($quota == 0 || ($quota + $customer['email_quota_used']) > $customer['email_quota'])) {\n\t\t\t\t\tResponse::standardError('allocatetoomuchquota', $quota, true);\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\t// disable\n\t\t\t\t$quota = 0;\n\t\t\t}\n\n\t\t\tif ($password == $email_full) {\n\t\t\t\tResponse::standardError('passwordshouldnotbeusername', '', true);\n\t\t\t}\n\n\t\t\t// prefix hash-algo\n\t\t\tswitch (Settings::Get('system.passwordcryptfunc')) {\n\t\t\t\tcase 'argon2i':\n\t\t\t\t\t$cpPrefix = '{ARGON2I}';\n\t\t\t\t\tbreak;\n\t\t\t\tcase 'argon2id':\n\t\t\t\t\t$cpPrefix = '{ARGON2ID}';\n\t\t\t\t\tbreak;\n\t\t\t\tdefault:\n\t\t\t\t\t$cpPrefix = '{BLF-CRYPT}';\n\t\t\t\t\tbreak;\n\t\t\t}\n\t\t\t// encrypt the password\n\t\t\t$cryptPassword = $cpPrefix . Crypt::makeCryptPassword($password);\n\n\t\t\t$email_user = substr($email_full, 0, strrpos($email_full, \"@\"));\n\t\t\t$email_domain = substr($email_full, strrpos($email_full, \"@\") + 1);\n\t\t\t$maildirname = trim(Settings::Get('system.vmail_maildirname'));\n\t\t\t// Add trailing slash to Maildir if needed\n\t\t\t$maildirpath = $maildirname;\n\t\t\tif (!empty($maildirname) && substr($maildirname, -1) != \"/\") {\n\t\t\t\t$maildirpath .= \"/\";\n\t\t\t}\n\n\t\t\t// insert data\n\t\t\t$stmt = Database::prepare(\"INSERT INTO `\" . TABLE_MAIL_USERS . \"` SET\n\t\t\t\t`customerid` = :cid,\n\t\t\t\t`email` = :email,\n\t\t\t\t`username` = :username,\" . (Settings::Get('system.mailpwcleartext') == '1' ? '`password` = :password, ' : '') . \"\n\t\t\t\t`password_enc` = :password_enc,\n\t\t\t\t`homedir` = :homedir,\n\t\t\t\t`maildir` = :maildir,\n\t\t\t\t`uid` = :uid,\n\t\t\t\t`gid` = :gid,\n\t\t\t\t`domainid` = :domainid,\n\t\t\t\t`postfix` = 'y',\n\t\t\t\t`quota` = :quota,\n\t\t\t\t`imap` = :imap,\n\t\t\t\t`pop3` = :pop3\n\t\t\t\");\n\t\t\t$params = [\n\t\t\t\t\"cid\" => $customer['customerid'],\n\t\t\t\t\"email\" => $email_full,\n\t\t\t\t\"username\" => $username,\n\t\t\t\t\"password_enc\" => $cryptPassword,\n\t\t\t\t\"homedir\" => Settings::Get('system.vmail_homedir'),\n\t\t\t\t\"maildir\" => $customer['loginname'] . '/' . $email_domain . \"/\" . $email_user . \"/\" . $maildirpath,\n\t\t\t\t\"uid\" => Settings::Get('system.vmail_uid'),\n\t\t\t\t\"gid\" => Settings::Get('system.vmail_gid'),\n\t\t\t\t\"domainid\" => $result['domainid'],\n\t\t\t\t\"quota\" => $quota,\n\t\t\t\t\"imap\" => $customer['imap'],\n\t\t\t\t\"pop3\" => $customer['pop3']\n\t\t\t];\n\t\t\tif (Settings::Get('system.mailpwcleartext') == '1') {\n\t\t\t\t$params[\"password\"] = $password;\n\t\t\t}\n\t\t\tDatabase::pexecute($stmt, $params, true, true);\n\t\t\t$popaccountid = Database::lastInsertId();\n\n\t\t\t// add email address to its destination field\n\t\t\t$result['destination'] .= ' ' . $email_full;\n\t\t\t$stmt = Database::prepare(\"\n\t\t\t\tUPDATE `\" . TABLE_MAIL_VIRTUAL . \"`\tSET `destination` = :destination, `popaccountid` = :popaccountid\n\t\t\t\tWHERE `customerid`= :cid AND `id`= :id\n\t\t\t\");\n\t\t\t$params = [\n\t\t\t\t\"destination\" => FileDir::makeCorrectDestination($result['destination']),\n\t\t\t\t\"popaccountid\" => $popaccountid,\n\t\t\t\t\"cid\" => $customer['customerid'],\n\t\t\t\t\"id\" => $id\n\t\t\t];\n\t\t\tDatabase::pexecute($stmt, $params, true, true);\n\n\t\t\t// update customer usage\n\t\t\tCustomers::increaseUsage($customer['customerid'], 'email_accounts_used');\n\t\t\tCustomers::increaseUsage($customer['customerid'], 'email_quota_used', '', $quota);\n\n\t\t\tif ($sendinfomail) {\n\t\t\t\t// replacer array for mail to create account on server\n\t\t\t\t$replace_arr = [\n\t\t\t\t\t'EMAIL' => $email_full,\n\t\t\t\t\t'PASSWORD' => htmlentities(htmlentities($password)),\n\t\t\t\t\t'SALUTATION' => User::getCorrectUserSalutation($customer),\n\t\t\t\t\t'NAME' => $customer['name'],\n\t\t\t\t\t'FIRSTNAME' => $customer['firstname'],\n\t\t\t\t\t'COMPANY' => $customer['company'],\n\t\t\t\t\t'USERNAME' => $customer['loginname'],\n\t\t\t\t\t'CUSTOMER_NO' => $customer['customernumber']\n\t\t\t\t];\n\n\t\t\t\t// get the customers admin\n\t\t\t\t$stmt = Database::prepare(\"SELECT `name`, `email` FROM `\" . TABLE_PANEL_ADMINS . \"` WHERE `adminid`= :adminid\");\n\t\t\t\t$admin = Database::pexecute_first($stmt, [\n\t\t\t\t\t\"adminid\" => $customer['adminid']\n\t\t\t\t]);\n\n\t\t\t\t// get template for mail subject\n\t\t\t\t$mail_subject = $this->getMailTemplate($customer, 'mails', 'pop_success_subject', $replace_arr, lng('mails.pop_success.subject'));\n\t\t\t\t// get template for mail body\n\t\t\t\t$mail_body = $this->getMailTemplate($customer, 'mails', 'pop_success_mailbody', $replace_arr, lng('mails.pop_success.mailbody'));\n\n\t\t\t\t$_mailerror = false;\n\t\t\t\t$mailerr_msg = \"\";\n\t\t\t\ttry {\n\t\t\t\t\t$this->mailer()->setFrom(Settings::Get('panel.adminmail'), User::getCorrectUserSalutation($admin));\n\t\t\t\t\t$this->mailer()->clearReplyTos();\n\t\t\t\t\t$this->mailer()->addReplyTo($admin['email'], User::getCorrectUserSalutation($admin));\n\t\t\t\t\t$this->mailer()->Subject = $mail_subject;\n\t\t\t\t\t$this->mailer()->AltBody = $mail_body;\n\t\t\t\t\t$this->mailer()->Body = str_replace(\"\\n\", \"
\", $mail_body);\n\t\t\t\t\t$this->mailer()->addAddress($email_full);\n\t\t\t\t\t$this->mailer()->send();\n\t\t\t\t} catch (\\PHPMailer\\PHPMailer\\Exception $e) {\n\t\t\t\t\t$mailerr_msg = $e->errorMessage();\n\t\t\t\t\t$_mailerror = true;\n\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\t$mailerr_msg = $e->getMessage();\n\t\t\t\t\t$_mailerror = true;\n\t\t\t\t}\n\n\t\t\t\tif ($_mailerror) {\n\t\t\t\t\t$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_ERR, \"[API] Error sending mail: \" . $mailerr_msg);\n\t\t\t\t\tResponse::standardError('errorsendingmail', $email_full, true);\n\t\t\t\t}\n\n\t\t\t\t$this->mailer()->clearAddresses();\n\n\t\t\t\t// customer wants to send the e-mail to an alternative email address too\n\t\t\t\tif (Settings::Get('panel.sendalternativemail') == 1 && !empty($alternative_email)) {\n\t\t\t\t\t// get template for mail subject\n\t\t\t\t\t$mail_subject = $this->getMailTemplate($customer, 'mails', 'pop_success_alternative_subject', $replace_arr, lng('mails.pop_success_alternative.subject'));\n\t\t\t\t\t// get template for mail body\n\t\t\t\t\t$mail_body = $this->getMailTemplate($customer, 'mails', 'pop_success_alternative_mailbody', $replace_arr, lng('mails.pop_success_alternative.mailbody'));\n\n\t\t\t\t\t$_mailerror = false;\n\t\t\t\t\ttry {\n\t\t\t\t\t\t$this->mailer()->setFrom(Settings::Get('panel.adminmail'), User::getCorrectUserSalutation($admin));\n\t\t\t\t\t\t$this->mailer()->clearReplyTos();\n\t\t\t\t\t\t$this->mailer()->addReplyTo($admin['email'], User::getCorrectUserSalutation($admin));\n\t\t\t\t\t\t$this->mailer()->Subject = $mail_subject;\n\t\t\t\t\t\t$this->mailer()->AltBody = $mail_body;\n\t\t\t\t\t\t$this->mailer()->msgHTML(str_replace(\"\\n\", \"
\", $mail_body));\n\t\t\t\t\t\t$this->mailer()->addAddress($idna_convert->encode($alternative_email), User::getCorrectUserSalutation($customer));\n\t\t\t\t\t\t$this->mailer()->send();\n\t\t\t\t\t} catch (\\PHPMailer\\PHPMailer\\Exception $e) {\n\t\t\t\t\t\t$mailerr_msg = $e->errorMessage();\n\t\t\t\t\t\t$_mailerror = true;\n\t\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\t\t$mailerr_msg = $e->getMessage();\n\t\t\t\t\t\t$_mailerror = true;\n\t\t\t\t\t}\n\n\t\t\t\t\tif ($_mailerror) {\n\t\t\t\t\t\t$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_ERR, \"[API] Error sending mail: \" . $mailerr_msg);\n\t\t\t\t\t\tResponse::standardError([\n\t\t\t\t\t\t\t'errorsendingmail'\n\t\t\t\t\t\t], $alternative_email, true);\n\t\t\t\t\t}\n\n\t\t\t\t\t$this->mailer()->clearAddresses();\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, \"[API] added email account for '\" . $result['email_full'] . \"'\");\n\t\t\t$result = $this->apiCall('Emails.get', [\n\t\t\t\t'emailaddr' => $result['email_full']\n\t\t\t]);\n\t\t\treturn $this->response($result);\n\t\t}\n\t\tthrow new Exception(\"No more resources available\", 406);\n\t}\n\n\t/**\n\t * You cannot directly get an email account.\n\t * You need to call Emails.get()\n\t */\n\tpublic function get()\n\t{\n\t\tthrow new Exception('You cannot directly get an email account. You need to call Emails.get()', 303);\n\t}\n\n\t/**\n\t * update email-account entry for given email-address by either id or email-address\n\t *\n\t * @param int $id\n\t * optional, the email-address-id\n\t * @param string $emailaddr\n\t * optional, the email-address to update\n\t * @param int $customerid\n\t * optional, required when called as admin (if $loginname is not specified)\n\t * @param string $loginname\n\t * optional, required when called as admin (if $customerid is not specified)\n\t * @param int $email_quota\n\t * optional, update quota\n\t * @param string $email_password\n\t * optional, update password\n\t * @param bool $deactivated\n\t * optional, admin-only\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function update()\n\t{\n\t\tif ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'email')) {\n\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t}\n\n\t\t// parameter\n\t\t$id = $this->getParam('id', true, 0);\n\t\t$ea_optional = $id > 0;\n\t\t$emailaddr = $this->getParam('emailaddr', $ea_optional, '');\n\n\t\tif (!empty($emailaddr)) {\n\t\t\t$idna_convert = new IdnaWrapper();\n\t\t\t$emailaddr = $idna_convert->encode($emailaddr);\n\t\t}\n\n\t\t// validation\n\t\t$result = $this->apiCall('Emails.get', [\n\t\t\t'id' => $id,\n\t\t\t'emailaddr' => $emailaddr\n\t\t]);\n\t\t$id = $result['id'];\n\n\t\tif (empty($result['popaccountid']) || $result['popaccountid'] == 0) {\n\t\t\tthrow new Exception(\"Email address '\" . $result['email_full'] . \"' has no account assigned.\", 406);\n\t\t}\n\n\t\t$password = $this->getParam('email_password', true, '');\n\t\t$quota = $this->getParam('email_quota', true, $result['quota']);\n\t\t$deactivated = $this->getBoolParam('deactivated', true, strtolower($result['postfix']) == 'n');\n\n\t\t// get needed customer info to reduce the email-account-counter by one\n\t\t$customer = $this->getCustomerData();\n\n\t\t// validation\n\t\t$quota = Validate::validate($quota, 'email_quota', '/^\\d+$/', 'vmailquotawrong', [], true);\n\n\t\t$upd_query = \"\";\n\t\t$upd_params = [\n\t\t\t\"id\" => $result['popaccountid'],\n\t\t\t\"cid\" => $customer['customerid']\n\t\t];\n\t\tif (!empty($password)) {\n\t\t\tif ($password == $result['email_full']) {\n\t\t\t\tResponse::standardError('passwordshouldnotbeusername', '', true);\n\t\t\t}\n\t\t\t$password = Crypt::validatePassword($password, true);\n\t\t\t// prefix hash-algo\n\t\t\tswitch (Settings::Get('system.passwordcryptfunc')) {\n\t\t\t\tcase 'argon2i':\n\t\t\t\t\t$cpPrefix = '{ARGON2I}';\n\t\t\t\t\tbreak;\n\t\t\t\tcase 'argon2id':\n\t\t\t\t\t$cpPrefix = '{ARGON2ID}';\n\t\t\t\t\tbreak;\n\t\t\t\tdefault:\n\t\t\t\t\t$cpPrefix = '{BLF-CRYPT}';\n\t\t\t\t\tbreak;\n\t\t\t}\n\t\t\t// encrypt the password\n\t\t\t$cryptPassword = $cpPrefix . Crypt::makeCryptPassword($password);\n\t\t\t$upd_query .= (Settings::Get('system.mailpwcleartext') == '1' ? \"`password` = :password, \" : '') . \"`password_enc`= :password_enc\";\n\t\t\t$upd_params['password_enc'] = $cryptPassword;\n\t\t\tif (Settings::Get('system.mailpwcleartext') == '1') {\n\t\t\t\t$upd_params['password'] = $password;\n\t\t\t}\n\t\t}\n\n\t\tif (Settings::Get('system.mail_quota_enabled') == 1) {\n\t\t\tif ($quota != $result['quota']) {\n\t\t\t\tif ($customer['email_quota'] != '-1' && ($quota == 0 || ($quota + $customer['email_quota_used'] - $result['quota']) > $customer['email_quota'])) {\n\t\t\t\t\tResponse::standardError('allocatetoomuchquota', $quota, true);\n\t\t\t\t}\n\t\t\t\tif (!empty($upd_query)) {\n\t\t\t\t\t$upd_query .= \", \";\n\t\t\t\t}\n\t\t\t\t$upd_query .= \"`quota` = :quota\";\n\t\t\t\t$upd_params['quota'] = $quota;\n\t\t\t}\n\t\t} else {\n\t\t\t// disable\n\t\t\t$quota = 0;\n\t\t}\n\n\t\tif ($this->isAdmin()) {\n\t\t\tif (($deactivated == true && strtolower($result['postfix']) == 'y') || ($deactivated == false && strtolower($result['postfix']) == 'n')) {\n\t\t\t\tif (!empty($upd_query)) {\n\t\t\t\t\t$upd_query .= \", \";\n\t\t\t\t}\n\t\t\t\t$upd_query .= \"`postfix` = :postfix, `imap` = :imap, `pop3` = :pop3\";\n\t\t\t\t$upd_params['postfix'] = $deactivated ? 'N' : 'Y';\n\t\t\t\t$upd_params['imap'] = $deactivated ? '0' : '1';\n\t\t\t\t$upd_params['pop3'] = $deactivated ? '0' : '1';\n\t\t\t}\n\t\t}\n\n\t\t// build update query\n\t\tif (!empty($upd_query)) {\n\t\t\t$upd_stmt = Database::prepare(\"\n\t\t\t\tUPDATE `\" . TABLE_MAIL_USERS . \"` SET \" . $upd_query . \" WHERE `id` = :id AND `customerid`= :cid\n\t\t\t\");\n\t\t\tDatabase::pexecute($upd_stmt, $upd_params, true, true);\n\t\t}\n\n\t\tif ($customer['email_quota'] != '-1') {\n\t\t\tCustomers::increaseUsage($customer['customerid'], 'email_quota_used', '', ($quota - $result['quota']));\n\t\t\tAdmins::increaseUsage($customer['adminid'], 'email_quota_used', '', ($quota - $result['quota']));\n\t\t}\n\n\t\t$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, \"[API] updated email account '\" . $result['email_full'] . \"'\");\n\t\t$result = $this->apiCall('Emails.get', [\n\t\t\t'emailaddr' => $result['email_full']\n\t\t]);\n\t\treturn $this->response($result);\n\t}\n\n\t/**\n\t * You cannot directly list email accounts.\n\t * You need to call Emails.listing()\n\t */\n\tpublic function listing()\n\t{\n\t\tthrow new Exception('You cannot directly list email accounts. You need to call Emails.listing()', 303);\n\t}\n\n\t/**\n\t * You cannot directly count email accounts.\n\t * You need to call Emails.listingCount()\n\t */\n\tpublic function listingCount()\n\t{\n\t\tthrow new Exception('You cannot directly count email accounts. You need to call Emails.listingCount()', 303);\n\t}\n\n\t/**\n\t * delete email-account entry for given email-address by either id or email-address\n\t *\n\t * @param int $id\n\t * optional, the email-address-id\n\t * @param string $emailaddr\n\t * optional, the email-address to delete the account for\n\t * @param int $customerid\n\t * optional, required when called as admin (if $loginname is not specified)\n\t * @param string $loginname\n\t * optional, required when called as admin (if $customerid is not specified)\n\t * @param bool $delete_userfiles\n\t * optional, default false\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function delete()\n\t{\n\t\tif ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'email')) {\n\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t}\n\n\t\t// parameter\n\t\t$id = $this->getParam('id', true, 0);\n\t\t$ea_optional = $id > 0;\n\t\t$emailaddr = $this->getParam('emailaddr', $ea_optional, '');\n\t\t$delete_userfiles = $this->getBoolParam('delete_userfiles', true, 0);\n\n\t\t// validation\n\t\t$result = $this->apiCall('Emails.get', [\n\t\t\t'id' => $id,\n\t\t\t'emailaddr' => $emailaddr\n\t\t], true);\n\t\t$id = $result['id'];\n\n\t\tif (empty($result['popaccountid']) || $result['popaccountid'] == 0) {\n\t\t\tthrow new Exception(\"Email address '\" . $result['email_full'] . \"' has no account assigned.\", 406);\n\t\t}\n\n\t\t// get needed customer info to reduce the email-account-counter by one\n\t\t$customer = $this->getCustomerData();\n\n\t\t// delete entry\n\t\t$stmt = Database::prepare(\"\n\t\t\tDELETE FROM `\" . TABLE_MAIL_USERS . \"` WHERE `customerid`= :cid AND `id`= :id\n\t\t\");\n\t\tDatabase::pexecute($stmt, [\n\t\t\t\"cid\" => $customer['customerid'],\n\t\t\t\"id\" => $result['popaccountid']\n\t\t], true, true);\n\n\t\t// update mail-virtual entry\n\t\t$result['destination'] = str_replace($result['email_full'], '', $result['destination']);\n\n\t\t$stmt = Database::prepare(\"\n\t\t\tUPDATE `\" . TABLE_MAIL_VIRTUAL . \"` SET `destination` = :dest, `popaccountid` = '0' WHERE `customerid`= :cid AND `id`= :id\n\t\t\");\n\t\t$params = [\n\t\t\t\"dest\" => FileDir::makeCorrectDestination($result['destination']),\n\t\t\t\"cid\" => $customer['customerid'],\n\t\t\t\"id\" => $id\n\t\t];\n\t\tDatabase::pexecute($stmt, $params, true, true);\n\t\t$result['popaccountid'] = 0;\n\n\t\tif (Settings::Get('system.mail_quota_enabled') == '1' && $customer['email_quota'] != '-1') {\n\t\t\t$quota = (int)$result['quota'];\n\t\t} else {\n\t\t\t$quota = 0;\n\t\t}\n\n\t\tif ($delete_userfiles) {\n\t\t\tCronjob::inserttask(TaskId::DELETE_EMAIL_DATA, $customer['loginname'], FileDir::makeCorrectDir($result['homedir'] . '/' . $result['maildir']));\n\t\t}\n\n\t\t// decrease usage for customer\n\t\tCustomers::decreaseUsage($customer['customerid'], 'email_accounts_used');\n\t\tCustomers::decreaseUsage($customer['customerid'], 'email_quota_used', '', $quota);\n\n\t\t$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_WARNING, \"[API] deleted email account for '\" . $result['email_full'] . \"'\");\n\t\treturn $this->response($result);\n\t}\n}\n" }, { "path": "lib/Froxlor/Api/Commands/EmailDomains.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Api\\Commands;\n\nuse Exception;\nuse Froxlor\\Api\\ApiCommand;\nuse Froxlor\\Api\\ResourceEntity;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\Settings;\nuse PDO;\n\n/**\n * @since 2.0\n */\nclass EmailDomains extends ApiCommand implements ResourceEntity\n{\n\t/**\n\t * list all domains with email addresses connected to it.\n\t * If called from an admin, list all domains with email addresses\n\t * connected to it from all customers you are allowed to view, or\n\t * specify id or loginname for one specific customer\n\t *\n\t * @param int $customerid\n\t * optional, admin-only, select email addresses of a specific customer by id\n\t * @param string $loginname\n\t * optional, admin-only, select email addresses of a specific customer by loginname\n\t * @param array $sql_search\n\t * optional array with index = fieldname, and value = array with 'op' => operator (one of <, > or =),\n\t * LIKE is used if left empty and 'value' => searchvalue\n\t * @param int $sql_limit\n\t * optional specify number of results to be returned\n\t * @param int $sql_offset\n\t * optional specify offset for resultset\n\t * @param array $sql_orderby\n\t * optional array with index = fieldname and value = ASC|DESC to order the resultset by one or more\n\t * fields\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded array count|list\n\t * @throws Exception\n\t */\n\tpublic function listing()\n\t{\n\t\t$customer_ids = $this->getAllowedCustomerIds('email');\n\t\t$result = [];\n\t\t$query_fields = [];\n\t\t$result_stmt = Database::prepare(\"\n\t\tSELECT DISTINCT d.domain, d.domain_ace, e.domainid,\n\t\tCOUNT(e.email) as addresses,\n\t\tIFNULL(SUM(CASE WHEN e.popaccountid > 0 THEN 1 ELSE 0 END), 0) as accounts,\n\t\tIFNULL(SUM(\n\t\t\tCASE\n\t\t\tWHEN LENGTH(REPLACE(e.destination, CONCAT(e.email_full, ' '), '')) - LENGTH(REPLACE(REPLACE(e.destination, CONCAT(e.email_full, ' '), ''), ' ', '')) > 0\n\t\t\tTHEN LENGTH(REPLACE(e.destination, CONCAT(e.email_full, ' '), '')) - LENGTH(REPLACE(REPLACE(e.destination, CONCAT(e.email_full, ' '), ''), ' ', ''))\n\t\t\tWHEN e.destination <> e.email_full THEN 1\n\t\t\tELSE 0\n\t\t\tEND\n\t\t), 0) as forwarder\n\t\tFROM `\" . TABLE_MAIL_VIRTUAL . \"` e\n\t\tLEFT JOIN `\" . TABLE_PANEL_DOMAINS . \"` d ON d.id = e.domainid\n\t\tWHERE e.customerid IN (\" . implode(\", \", $customer_ids) . \") AND d.domain IS NOT NULL \" .\n\t\t\t$this->getSearchWhere($query_fields,\n\t\t\t\ttrue) . \" GROUP BY e.domainid \" . $this->getOrderBy() . $this->getLimit());\n\t\tDatabase::pexecute($result_stmt, $query_fields, true, true);\n\t\twhile ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t$result[] = $row;\n\t\t}\n\t\t$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO,\n\t\t\t\"[API] list email-domains\");\n\t\treturn $this->response([\n\t\t\t'count' => count($result),\n\t\t\t'list' => $result\n\t\t]);\n\t}\n\n\t/**\n\t * returns the total number of accessible domains with email addresses connected to\n\t *\n\t * @param int $customerid\n\t * optional, admin-only, select email addresses of a specific customer by id\n\t * @param string $loginname\n\t * optional, admin-only, select email addresses of a specific customer by loginname\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded response message\n\t * @throws Exception\n\t */\n\tpublic function listingCount()\n\t{\n\t\t$customer_ids = $this->getAllowedCustomerIds('email');\n\t\t$query_fields = [];\n\t\t$result_stmt = Database::prepare(\"\n\t\tSELECT COUNT(DISTINCT d.domain) as num_emaildomains\n\t\tFROM `\" . TABLE_MAIL_VIRTUAL . \"` e\n\t\tLEFT JOIN `\" . TABLE_PANEL_DOMAINS . \"` d ON d.id = e.domainid\n\t\tWHERE e.customerid IN (\" . implode(\", \", $customer_ids) . \") AND d.domain IS NOT NULL\n\t\t\" . $this->getSearchWhere($query_fields, true));\n\t\t$result = Database::pexecute_first($result_stmt, $query_fields, true, true);\n\t\tif ($result) {\n\t\t\treturn $this->response($result['num_emaildomains']);\n\t\t}\n\t\treturn $this->response(0);\n\t}\n\n\t/**\n\t * You cannot directly access email-domains\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function get()\n\t{\n\t\tif ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'email')) {\n\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t}\n\t\tthrow new Exception('You cannot directly access this resource.', 303);\n\t}\n\n\t/**\n\t * You cannot directly add email-domains\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function add()\n\t{\n\t\tif ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'email')) {\n\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t}\n\t\tthrow new Exception('You cannot directly add this resource.', 303);\n\t}\n\n\t/**\n\t * toggle catchall flag of given email address either by id or email-address\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function update()\n\t{\n\t\tif ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'email')) {\n\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t}\n\t\tthrow new Exception('You cannot directly update this resource.', 303);\n\t}\n\n\t/**\n\t * You cannot directly delete email-domains\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function delete()\n\t{\n\t\tif ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'email')) {\n\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t}\n\t\tthrow new Exception('You cannot directly delete this resource.', 303);\n\t}\n\n}\n" }, { "path": "lib/Froxlor/Api/Commands/EmailForwarders.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Api\\Commands;\n\nuse Exception;\nuse Froxlor\\Api\\ApiCommand;\nuse Froxlor\\Api\\ResourceEntity;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\FileDir;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\Idna\\IdnaWrapper;\nuse Froxlor\\Settings;\nuse Froxlor\\UI\\Response;\nuse Froxlor\\Validate\\Validate;\n\n/**\n * @since 0.10.0\n */\nclass EmailForwarders extends ApiCommand implements ResourceEntity\n{\n\n\t/**\n\t * add new email-forwarder entry for given email-address by either id or email-address\n\t *\n\t * @param int $id\n\t * optional, the email-address-id\n\t * @param string $emailaddr\n\t * optional, the email-address to add the forwarder for\n\t * @param int $customerid\n\t * optional, required when called as admin (if $loginname is not specified)\n\t * @param string $loginname\n\t * optional, required when called as admin (if $customerid is not specified)\n\t * @param string $destination\n\t * email-address to add as forwarder\n\t *\n\t * @access admin,customer\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function add()\n\t{\n\t\tif ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'email')) {\n\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t}\n\n\t\tif ($this->getUserDetail('email_forwarders_used') < $this->getUserDetail('email_forwarders') || $this->getUserDetail('email_forwarders') == '-1') {\n\t\t\t// parameter\n\t\t\t$id = $this->getParam('id', true, 0);\n\t\t\t$ea_optional = $id > 0;\n\t\t\t$emailaddr = $this->getParam('emailaddr', $ea_optional, '');\n\t\t\t$destination = $this->getParam('destination');\n\n\t\t\t// validation\n\t\t\t$idna_convert = new IdnaWrapper();\n\t\t\t$destination = $idna_convert->encode($destination);\n\n\t\t\tif (!empty($emailaddr)) {\n\t\t\t\t$idna_convert = new IdnaWrapper();\n\t\t\t\t$emailaddr = $idna_convert->encode($emailaddr);\n\t\t\t}\n\n\t\t\t$result = $this->apiCall('Emails.get', [\n\t\t\t\t'id' => $id,\n\t\t\t\t'emailaddr' => $emailaddr\n\t\t\t]);\n\t\t\t$id = $result['id'];\n\n\t\t\t// current destination array\n\t\t\t$result['destination_array'] = explode(' ', ($result['destination'] ?? \"\"));\n\n\t\t\t// prepare destination\n\t\t\t$destination = trim($destination);\n\n\t\t\tif (!Validate::validateEmail($destination)) {\n\t\t\t\tResponse::standardError('destinationiswrong', $destination, true);\n\t\t\t} elseif ($destination == $result['email']) {\n\t\t\t\tResponse::standardError('destinationalreadyexistasmail', $destination, true);\n\t\t\t} elseif (in_array($destination, $result['destination_array'])) {\n\t\t\t\tResponse::standardError('destinationalreadyexist', $destination, true);\n\t\t\t}\n\n\t\t\t// get needed customer info to reduce the email-forwarder-counter by one\n\t\t\t$customer = $this->getCustomerData('email_forwarders');\n\n\t\t\t// add destination to address\n\t\t\t$result['destination'] .= ' ' . $destination;\n\t\t\t$stmt = Database::prepare(\"\n\t\t\t\tUPDATE `\" . TABLE_MAIL_VIRTUAL . \"` SET `destination` = :dest\n\t\t\t\tWHERE `customerid`= :cid AND `id`= :id\n\t\t\t\");\n\t\t\t$params = [\n\t\t\t\t\"dest\" => FileDir::makeCorrectDestination($result['destination']),\n\t\t\t\t\"cid\" => $customer['customerid'],\n\t\t\t\t\"id\" => $id\n\t\t\t];\n\t\t\tDatabase::pexecute($stmt, $params, true, true);\n\n\t\t\t// update customer usage\n\t\t\tCustomers::increaseUsage($customer['customerid'], 'email_forwarders_used');\n\n\t\t\t$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, \"[API] added email forwarder for '\" . $result['email_full'] . \"'\");\n\n\t\t\t$result = $this->apiCall('Emails.get', [\n\t\t\t\t'emailaddr' => $result['email_full']\n\t\t\t]);\n\t\t\treturn $this->response($result);\n\t\t}\n\t\tthrow new Exception(\"No more resources available\", 406);\n\t}\n\n\t/**\n\t * You cannot directly get an email forwarder.\n\t * Try EmailForwarders.listing()\n\t */\n\tpublic function get()\n\t{\n\t\tthrow new Exception('You cannot directly get an email forwarder. Try EmailForwarders.listing()', 303);\n\t}\n\n\t/**\n\t * You cannot update an email forwarder.\n\t * You need to delete the entry and create a new one.\n\t */\n\tpublic function update()\n\t{\n\t\tthrow new Exception('You cannot update an email forwarder. You need to delete the entry and create a new one.', 303);\n\t}\n\n\t/**\n\t * List email forwarders for a given email address\n\t *\n\t * @param int $id\n\t * optional, the email-address-id\n\t * @param string $emailaddr\n\t * optional, the email-address to delete the forwarder from\n\t * @param int $customerid\n\t * optional, admin-only, the customer-id\n\t * @param string $loginname\n\t * optional, admin-only, the loginname\n\t *\n\t * @access admin,customer\n\t * @return string json-encoded array count|list\n\t * @throws Exception\n\t */\n\tpublic function listing()\n\t{\n\t\tif ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'email')) {\n\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t}\n\n\t\t// parameter\n\t\t$id = $this->getParam('id', true, 0);\n\t\t$ea_optional = $id > 0;\n\t\t$emailaddr = $this->getParam('emailaddr', $ea_optional, '');\n\n\t\t// validation\n\t\t$result = $this->apiCall('Emails.get', [\n\t\t\t'id' => $id,\n\t\t\t'emailaddr' => $emailaddr\n\t\t]);\n\t\t$id = $result['id'];\n\n\t\t$result['destination'] = explode(' ', $result['destination']);\n\t\t$destination = [];\n\t\tforeach ($result['destination'] as $index => $address) {\n\t\t\t$destination[] = [\n\t\t\t\t'id' => $index,\n\t\t\t\t'address' => $address\n\t\t\t];\n\t\t}\n\n\t\treturn $this->response([\n\t\t\t'count' => count($destination),\n\t\t\t'list' => $destination\n\t\t]);\n\t}\n\n\t/**\n\t * count email forwarders for a given email address\n\t *\n\t * @param int $id\n\t * optional, the email-address-id\n\t * @param string $emailaddr\n\t * optional, the email-address to delete the forwarder from\n\t * @param int $customerid\n\t * optional, admin-only, the customer-id\n\t * @param string $loginname\n\t * optional, admin-only, the loginname\n\t *\n\t * @access admin,customer\n\t * @return string json-encoded response message\n\t * @throws Exception\n\t */\n\tpublic function listingCount()\n\t{\n\t\tif ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'email')) {\n\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t}\n\n\t\t// parameter\n\t\t$id = $this->getParam('id', true, 0);\n\t\t$ea_optional = $id > 0;\n\t\t$emailaddr = $this->getParam('emailaddr', $ea_optional, '');\n\n\t\t// validation\n\t\t$result = $this->apiCall('Emails.get', [\n\t\t\t'id' => $id,\n\t\t\t'emailaddr' => $emailaddr\n\t\t]);\n\t\t$id = $result['id'];\n\n\t\t$result['destination'] = explode(' ', $result['destination']);\n\n\t\treturn $this->response(count($result['destination']));\n\t}\n\n\t/**\n\t * delete email-forwarder entry for given email-address by either id or email-address and forwarder-id\n\t *\n\t * @param int $id\n\t * optional, the email-address-id\n\t * @param string $emailaddr\n\t * optional, the email-address to delete the forwarder from\n\t * @param int $customerid\n\t * optional, required when called as admin (if $loginname is not specified)\n\t * @param string $loginname\n\t * optional, required when called as admin (if $customerid is not specified)\n\t * @param int $forwarderid\n\t * id of the forwarder to delete\n\t *\n\t * @access admin,customer\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function delete()\n\t{\n\t\tif ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'email')) {\n\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t}\n\n\t\t// parameter\n\t\t$id = $this->getParam('id', true, 0);\n\t\t$ea_optional = $id > 0;\n\t\t$emailaddr = $this->getParam('emailaddr', $ea_optional, '');\n\t\t$forwarderid = $this->getParam('forwarderid');\n\n\t\t// validation\n\t\t$result = $this->apiCall('Emails.get', [\n\t\t\t'id' => $id,\n\t\t\t'emailaddr' => $emailaddr\n\t\t]);\n\t\t$id = $result['id'];\n\n\t\t$result['destination'] = explode(' ', $result['destination']);\n\t\tif (isset($result['destination'][$forwarderid]) && $result['email'] != $result['destination'][$forwarderid]) {\n\t\t\t// get needed customer info to reduce the email-forwarder-counter by one\n\t\t\t$customer = $this->getCustomerData();\n\n\t\t\t// unset it from array\n\t\t\tunset($result['destination'][$forwarderid]);\n\t\t\t// rebuild destination-string\n\t\t\t$result['destination'] = implode(' ', $result['destination']);\n\t\t\t// update in DB\n\t\t\t$stmt = Database::prepare(\"\n\t\t\t\tUPDATE `\" . TABLE_MAIL_VIRTUAL . \"` SET `destination` = :dest\n\t\t\t\tWHERE `customerid`= :cid AND `id`= :id\n\t\t\t\");\n\t\t\t$params = [\n\t\t\t\t\"dest\" => FileDir::makeCorrectDestination($result['destination']),\n\t\t\t\t\"cid\" => $customer['customerid'],\n\t\t\t\t\"id\" => $id\n\t\t\t];\n\t\t\tDatabase::pexecute($stmt, $params, true, true);\n\n\t\t\t// update customer usage\n\t\t\tCustomers::decreaseUsage($customer['customerid'], 'email_forwarders_used');\n\n\t\t\t$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, \"[API] deleted email forwarder for '\" . $result['email_full'] . \"'\");\n\n\t\t\t$result = $this->apiCall('Emails.get', [\n\t\t\t\t'emailaddr' => $result['email_full']\n\t\t\t]);\n\t\t\treturn $this->response($result);\n\t\t}\n\t\tthrow new Exception(\"Unknown forwarder id\", 404);\n\t}\n}\n" }, { "path": "lib/Froxlor/Api/Commands/EmailSender.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Api\\Commands;\n\nuse Exception;\nuse Froxlor\\Api\\ApiCommand;\nuse Froxlor\\Api\\ResourceEntity;\nuse Froxlor\\CurrentUser;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\Idna\\IdnaWrapper;\nuse Froxlor\\Settings;\nuse Froxlor\\UI\\Response;\nuse Froxlor\\Validate\\Validate;\n\n/**\n * @since 2.3.0\n */\nclass EmailSender extends ApiCommand implements ResourceEntity\n{\n\n\t/**\n\t * add a new sender email address for a given email-address either by id or emailaddr\n\t *\n\t * @param int $id\n\t * optional id of email-address to add the allowed sender for (must have an account)\n\t * @param string $emailaddr\n\t * optional address of email-address to add the allowed sender for (must have an account)\n\t * @param int $customerid\n\t * optional, required when called as admin (if $loginname is not specified)\n\t * @param string $loginname\n\t * optional, required when called as admin (if $customerid is not specified)\n\t * @param string $allowed_sender\n\t * required email-address or @domain.tld notation (wildcard) of allowed sender entry for the given account\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function add()\n\t{\n\n\t\tif (Settings::Get('mail.enable_allow_sender') != '1') {\n\t\t\tthrow new Exception(\"Allowed-sender not enabled on this system\", 405);\n\t\t}\n\n\t\tif ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'email')) {\n\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t}\n\n\t\t// parameter\n\t\t$id = $this->getParam('id', true, 0);\n\t\t$ea_optional = $id > 0;\n\t\t$emailaddr = $this->getParam('emailaddr', $ea_optional, '');\n\t\t$allowed_sender = strtolower($this->getParam('allowed_sender'));\n\n\t\t// validation\n\t\t$idna_convert = new IdnaWrapper();\n\t\tif (!empty($emailaddr)) {\n\t\t\t$emailaddr = $idna_convert->encode($emailaddr);\n\t\t}\n\n\t\t$result = $this->apiCall('Emails.get', [\n\t\t\t'id' => $id,\n\t\t\t'emailaddr' => $emailaddr\n\t\t]);\n\t\t$id = $result['id'];\n\n\t\tif (empty($result['popaccountid'])) {\n\t\t\tResponse::standardError('emailhasnoaccount', $result['email_full'], true);\n\t\t}\n\n\t\tif (substr($allowed_sender, 0, 1) != '@') {\n\t\t\tif (!Validate::validateEmail($idna_convert->encode($allowed_sender))) {\n\t\t\t\tResponse::standardError('emailiswrong', $allowed_sender, true);\n\t\t\t}\n\t\t\tself::validateLocalDomainOwnership(explode(\"@\", $allowed_sender)[1] ?? \"\");\n\t\t} else {\n\t\t\tif (!Validate::validateDomain($idna_convert->encode(substr($allowed_sender, 1)))) {\n\t\t\t\tResponse::standardError('wildcardemailiswrong', substr($allowed_sender, 1), true);\n\t\t\t}\n\t\t\tself::validateLocalDomainOwnership(substr($allowed_sender, 1));\n\t\t}\n\n\t\t// get needed customer info\n\t\t$customer = $this->getCustomerData();\n\n\t\t// check whether account exists and if it belongs to the customer\n\t\t$sel_stmt = Database::prepare(\"\n\t\t\tSELECT `username`\n\t\t\tFROM `\" . TABLE_MAIL_USERS . \"`\n\t\t\tWHERE `id` = :id\n\t\t\tAND `customerid` = :cid\n\t\t\");\n\t\t$emailaccount = Database::pexecute_first($sel_stmt, [\n\t\t\t'id' => (int)$result['popaccountid'],\n\t\t\t'cid' => (int)$customer['customerid']\n\t\t]);\n\t\tif ($emailaccount && !empty($emailaccount['username'])) {\n\t\t\t// insert email sender\n\t\t\t$ins_stmt = Database::prepare(\"\n\t\t\t\tINSERT IGNORE INTO `\" . TABLE_MAIL_SENDER_ALIAS . \"` SET\n\t\t\t\t`email` = :email,\n\t\t\t\t`allowed_sender` = :allowed_sender\n\t\t\t\");\n\t\t\t$result = [\n\t\t\t\t'email' => $emailaccount['username'],\n\t\t\t\t'allowed_sender' => $allowed_sender\n\t\t\t];\n\t\t\tDatabase::pexecute($ins_stmt, $result);\n\t\t\t$result['id'] = Database::lastInsertId();\n\n\t\t\t$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO, \"[API] added email-sender alias '\" . $result['email'] . \"' for account '\" . $result['allowed_sender'] . \"'\");\n\t\t\treturn $this->response($result);\n\t\t}\n\t\tthrow new Exception(\"Email account for email-address \" . $result['email_full'] . \" could not be found\", 404);\n\t}\n\n\t/**\n\t * You cannot update an email sender alias.\n\t * You need to delete the entry and create a new one.\n\t */\n\tpublic function update()\n\t{\n\t\tthrow new Exception('You cannot update an email sender alias. You need to delete the entry and create a new one.', 303);\n\t}\n\n\t/**\n\t * You cannot directly get an email sender alias.\n\t * Try EmailSender.listing()\n\t */\n\tpublic function get()\n\t{\n\t\tthrow new Exception('You cannot directly get an email sender alias. Try EmailSender.listing()', 303);\n\t}\n\n\t/**\n\t * List email senders for a given email address\n\t *\n\t * @param int $id\n\t * optional, the id of the email-address to list allowed senders from\n\t * @param string $emailaddr\n\t * optional, the email-address to list allowed senders from\n\t * @param int $customerid\n\t * optional, admin-only, the customer-id\n\t * @param string $loginname\n\t * optional, admin-only, the loginname\n\t *\n\t * @access admin,customer\n\t * @return string json-encoded array count|list\n\t * @throws Exception\n\t */\n\tpublic function listing()\n\t{\n\t\tif (Settings::Get('mail.enable_allow_sender') != '1') {\n\t\t\tthrow new Exception(\"Allowed-sender not enabled on this system\", 405);\n\t\t}\n\n\t\tif ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'email')) {\n\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t}\n\n\t\t// parameter\n\t\t$id = $this->getParam('id', true, 0);\n\t\t$ea_optional = $id > 0;\n\t\t$emailaddr = $this->getParam('emailaddr', $ea_optional, '');\n\n\t\t// validation\n\t\t$result = $this->apiCall('Emails.get', [\n\t\t\t'id' => $id,\n\t\t\t'emailaddr' => $emailaddr\n\t\t]);\n\t\t$id = $result['id'];\n\n\t\tif (empty($result['popaccountid'])) {\n\t\t\treturn $this->response([\n\t\t\t\t'count' => 0,\n\t\t\t\t'list' => []\n\t\t\t]);\n\t\t} else {\n\t\t\t$sel_stmt = Database::prepare(\"\n\t\t\t\tSELECT s.*\n\t\t\t\tFROM `\" . TABLE_MAIL_SENDER_ALIAS . \"` s\n\t\t\t\tLEFT JOIN `\" . TABLE_MAIL_USERS . \"` u ON u.username = s.email\n\t\t\t\tWHERE u.id = :popaccountid AND u.customerid = :cid\n\t\t\t\");\n\t\t\tDatabase::pexecute($sel_stmt, ['popaccountid' => (int)$result['popaccountid'], 'cid' => $result['customerid']]);\n\t\t\t$senders = [];\n\t\t\twhile ($row = $sel_stmt->fetch(\\PDO::FETCH_ASSOC)) {\n\t\t\t\t$senders[] = $row;\n\t\t\t}\n\t\t\t$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO, \"[API] list email-senders for '\" . $result['email_full'] . \"'\");\n\t\t\treturn $this->response([\n\t\t\t\t'count' => count($senders),\n\t\t\t\t'list' => $senders\n\t\t\t]);\n\t\t}\n\t}\n\n\t/**\n\t * returns the total number of allowed sender addresses for a given email address\n\t *\n\t * @param int $id\n\t * \t\t\toptional, the id of the email-address to list allowed senders from\n\t * @param string $emailaddr\n\t * \t\t\toptional, the email-address to list allowed senders from\n\t * @param int $customerid\n\t * \t\t\toptional, admin-only, the customer-id\n\t * @param string $loginname\n\t * \t\t\toptional, admin-only, the loginname\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded response message\n\t * @throws Exception\n\t */\n\tpublic function listingCount()\n\t{\n\t\tif (Settings::Get('mail.enable_allow_sender') != '1') {\n\t\t\tthrow new Exception(\"Allowed-sender not enabled on this system\", 405);\n\t\t}\n\n\t\tif ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'email')) {\n\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t}\n\n\t\t// parameter\n\t\t$id = $this->getParam('id', true, 0);\n\t\t$ea_optional = $id > 0;\n\t\t$emailaddr = $this->getParam('emailaddr', $ea_optional, '');\n\n\t\t// validation\n\t\t$result = $this->apiCall('Emails.get', [\n\t\t\t'id' => $id,\n\t\t\t'emailaddr' => $emailaddr\n\t\t]);\n\t\t$id = $result['id'];\n\n\t\tif (empty($result['popaccountid'])) {\n\t\t\treturn $this->response(0);\n\t\t} else {\n\t\t\t$sel_stmt = Database::prepare(\"\n\t\t\t\tSELECT COUNT(*) as cnt\n\t\t\t\tFROM `\" . TABLE_MAIL_SENDER_ALIAS . \"` s\n\t\t\t\tLEFT JOIN `\" . TABLE_MAIL_USERS . \"` u ON u.username = s.email\n\t\t\t\tWHERE u.id = :popaccountid AND u.customerid = :cid\n\t\t\t\");\n\t\t\t$sender_cnt = Database::pexecute_first($sel_stmt, ['popaccountid' => (int)$result['popaccountid'], 'cid' => $result['customerid']]);\n\n\t\t\treturn $this->response($sender_cnt['cnt']);\n\t\t}\n\t}\n\n\t/**\n\t * delete email-sender entry for given email-address by either id or email-address and sender-id\n\t *\n\t * @param int $id\n\t * optional, the email-address-id\n\t * @param string $emailaddr\n\t * optional, the email-address to delete the forwarder from\n\t * @param int $customerid\n\t * optional, required when called as admin (if $loginname is not specified)\n\t * @param string $loginname\n\t * optional, required when called as admin (if $customerid is not specified)\n\t * @param int $senderid\n\t * id of the sender to delete\n\t *\n\t * @access admin,customer\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function delete()\n\t{\n\t\tif (Settings::Get('mail.enable_allow_sender') != '1') {\n\t\t\tthrow new Exception(\"Allowed-sender not enabled on this system\", 405);\n\t\t}\n\n\t\tif ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'email')) {\n\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t}\n\n\t\t// parameter\n\t\t$id = $this->getParam('id', true, 0);\n\t\t$ea_optional = $id > 0;\n\t\t$emailaddr = $this->getParam('emailaddr', $ea_optional, '');\n\t\t$senderid = $this->getParam('senderid');\n\n\t\t// validation\n\t\t$result = $this->apiCall('Emails.get', [\n\t\t\t'id' => $id,\n\t\t\t'emailaddr' => $emailaddr\n\t\t]);\n\t\t$id = $result['id'];\n\n\t\tif (!empty($result['popaccountid'])) {\n\t\t\t// get needed customer info\n\t\t\t$customer = $this->getCustomerData();\n\n\t\t\t$sel_stmt = Database::prepare(\"\n\t\t\t\tSELECT s.id\n\t\t\t\tFROM `\" . TABLE_MAIL_SENDER_ALIAS . \"` s\n\t\t\t\tLEFT JOIN `\" . TABLE_MAIL_USERS . \"` u ON u.username = s.email\n\t\t\t\tWHERE u.id = :popaccountid AND u.customerid = :cid AND s.id = :senderid\n\t\t\t\");\n\t\t\t$sender_result = Database::pexecute_first($sel_stmt, [\n\t\t\t\t'popaccountid' => (int)$result['popaccountid'],\n\t\t\t\t'cid' => $customer['customerid'],\n\t\t\t\t'senderid' => $senderid\n\t\t\t]);\n\t\t\tif ($sender_result && $sender_result['id'] == $senderid) {\n\t\t\t\t$del_stmt = Database::prepare(\"DELETE FROM `\" . TABLE_MAIL_SENDER_ALIAS . \"` WHERE `id` = :senderid\");\n\t\t\t\tDatabase::pexecute($del_stmt, ['senderid' => $senderid]);\n\n\t\t\t\t$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, \"[API] deleted email sender for '\" . $result['email_full'] . \"'\");\n\t\t\t\t$result = $this->apiCall('Emails.get', [\n\t\t\t\t\t'emailaddr' => $result['email_full']\n\t\t\t\t]);\n\t\t\t\treturn $this->response($result);\n\t\t\t}\n\t\t}\n\t\tthrow new Exception(\"Unknown sender id\", 404);\n\t}\n\n\tprivate static function validateLocalDomainOwnership(string $domain): void\n\t{\n\t\t// check whether the used domain belongs to the customer if it's a domain on this system\n\t\t$sel_stmt = Database::prepare(\"SELECT customerid FROM `\" . TABLE_PANEL_DOMAINS . \"` WHERE `domain` = :domain\");\n\t\t$domain_result = Database::pexecute_first($sel_stmt, ['domain' => $domain]);\n\t\tif ($domain_result && $domain_result['customerid'] != CurrentUser::getField('customerid')) {\n\t\t\t// domain exists in our system but not owned by current user\n\t\t\tResponse::standardError('senderdomainnotowned', $domain, true);\n\t\t}\n\t}\n}\n" }, { "path": "lib/Froxlor/Api/Commands/Emails.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Api\\Commands;\n\nuse Exception;\nuse Froxlor\\Api\\ApiCommand;\nuse Froxlor\\Api\\ResourceEntity;\nuse Froxlor\\Cron\\TaskId;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\Idna\\IdnaWrapper;\nuse Froxlor\\Settings;\nuse Froxlor\\System\\Cronjob;\nuse Froxlor\\UI\\Response;\nuse Froxlor\\Validate\\Validate;\nuse PDO;\n\n/**\n * @since 0.10.0\n */\nclass Emails extends ApiCommand implements ResourceEntity\n{\n\n\t/**\n\t * add a new email address\n\t *\n\t * @param string $email_part\n\t * name of the address before @\n\t * @param string $domain\n\t * domain-name for the email-address\n\t * @param float $spam_tag_level\n\t * optional, score which is required to tag emails as spam, default: 7.0\n\t * @param bool $rewrite_subject\n\t * optional, whether to add ***SPAM*** to the email's subject if applicable, default: [antispam.default_spam_rewrite_subject]\n\t * @param float $spam_kill_level\n\t * optional, score which is required to discard emails, default: 14.0\n\t * @param boolean $bypass_spam\n\t * optional, disable spam-filter entirely, default: [antispam.default_bypass_spam]\n\t * @param boolean $policy_greylist\n\t * optional, enable grey-listing, default: [antispam.default_policy_greylist]\n\t * @param boolean $iscatchall\n\t * optional, make this address a catchall address, default: no\n\t * @param int $customerid\n\t * optional, required when called as admin (if $loginname is not specified)\n\t * @param string $loginname\n\t * optional, required when called as admin (if $customerid is not specified)\n\t * @param string $description\n\t * optional custom description (currently not used/shown in the frontend), default empty\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function add()\n\t{\n\t\tif ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'email')) {\n\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t}\n\n\t\tif ($this->getUserDetail('emails_used') < $this->getUserDetail('emails') || $this->getUserDetail('emails') == '-1') {\n\t\t\t// required parameters\n\t\t\t$email_part = $this->getParam('email_part');\n\t\t\t$domain = $this->getParam('domain');\n\n\t\t\t// parameters\n\t\t\t$spam_tag_level = $this->getParam('spam_tag_level', true, '7.0');\n\t\t\t$spam_kill_level = $this->getUlParam('spam_kill_level', 'spam_kill_level_ul', true, '14.0');\n\t\t\t$iscatchall = $this->getBoolParam('iscatchall', true, 0);\n\t\t\t$description = $this->getParam('description', true, '');\n\n\t\t\tif ((int)Settings::Get('antispam.default_spam_rewrite_subject') <= 2) {\n\t\t\t\t$rewrite_subject = $this->getBoolParam('rewrite_subject', true, (int)Settings::Get('antispam.default_spam_rewrite_subject') == 1 ? 1 : 0);\n\t\t\t} else {\n\t\t\t\t$rewrite_subject = (int)Settings::Get('antispam.default_spam_rewrite_subject') == 3 ? 1 : 0;\n\t\t\t}\n\t\t\tif ((int)Settings::Get('antispam.default_bypass_spam') <= 2) {\n\t\t\t\t$bypass_spam = $this->getBoolParam('bypass_spam', true, (int)Settings::Get('antispam.default_bypass_spam') == 1 ? 1 : 0);\n\t\t\t} else {\n\t\t\t\t$bypass_spam = (int)Settings::Get('antispam.default_bypass_spam') == 3 ? 1 : 0;\n\t\t\t}\n\t\t\tif ((int)Settings::Get('antispam.default_policy_greylist') <= 2) {\n\t\t\t\t$policy_greylist = $this->getBoolParam('policy_greylist', true, (int)Settings::Get('antispam.default_policy_greylist') == 1 ? 1 : 0);\n\t\t\t} else {\n\t\t\t\t$policy_greylist = (int)Settings::Get('antispam.default_policy_greylist') == 3 ? 1 : 0;\n\t\t\t}\n\n\t\t\t// validation\n\t\t\t$idna_convert = new IdnaWrapper();\n\t\t\tif (substr($domain, 0, 4) != 'xn--') {\n\t\t\t\t$domain = $idna_convert->encode(Validate::validate($domain, 'domain', '', '', [], true));\n\t\t\t}\n\t\t\t$email_part = $idna_convert->encode(strtolower($email_part));\n\n\t\t\t// check domain and whether it's an email-enabled domain\n\t\t\t// use internal call because the customer might have 'domains' in customer_hide_options\n\t\t\t$domain_check = $this->apiCall('SubDomains.get', [\n\t\t\t\t'domainname' => $domain\n\t\t\t], true);\n\t\t\tif ((int)$domain_check['isemaildomain'] == 0) {\n\t\t\t\tResponse::standardError('maindomainnonexist', $idna_convert->decode($domain), true);\n\t\t\t}\n\t\t\tif ((int)$domain_check['deactivated'] == 1) {\n\t\t\t\tResponse::standardError('maindomaindeactivated', $idna_convert->decode($domain), true);\n\t\t\t}\n\n\t\t\tif (Settings::Get('catchall.catchall_enabled') != '1') {\n\t\t\t\t$iscatchall = 0;\n\t\t\t}\n\n\t\t\t// check for catchall-flag\n\t\t\tif ($iscatchall) {\n\t\t\t\t$iscatchall = '1';\n\t\t\t\t$email = '@' . $domain;\n\t\t\t} else {\n\t\t\t\t$iscatchall = '0';\n\t\t\t\t$email = $email_part . '@' . $domain;\n\t\t\t}\n\n\t\t\t// full email value\n\t\t\t$email_full = $email_part . '@' . $domain;\n\n\t\t\t// validate it\n\t\t\tif (!Validate::validateEmail($email_full)) {\n\t\t\t\tResponse::standardError('emailiswrong', $idna_convert->decode($email_full), true);\n\t\t\t}\n\n\t\t\t// get needed customer info to reduce the email-address-counter by one\n\t\t\t$customer = $this->getCustomerData('emails');\n\n\t\t\t// duplicate check\n\t\t\t$stmt = Database::prepare(\"\n\t\t\t\tSELECT `id`, `email`, `email_full`, `iscatchall`, `destination`, `customerid` FROM `\" . TABLE_MAIL_VIRTUAL . \"`\n\t\t\t\tWHERE (`email` = :email OR `email_full` = :emailfull )\n\t\t\t\tAND `customerid`= :cid\n\t\t\t\");\n\t\t\t$params = [\n\t\t\t\t\"email\" => $email,\n\t\t\t\t\"emailfull\" => $email_full,\n\t\t\t\t\"cid\" => $customer['customerid']\n\t\t\t];\n\t\t\t$email_check = Database::pexecute_first($stmt, $params, true, true);\n\n\t\t\tif ($email_check) {\n\t\t\t\tif (strtolower($email_check['email_full']) == strtolower($email_full)) {\n\t\t\t\t\tResponse::standardError('emailexistalready', $idna_convert->decode($email_full), true);\n\t\t\t\t} elseif ($email_check['email'] == $email) {\n\t\t\t\t\tResponse::standardError('youhavealreadyacatchallforthisdomain', '', true);\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t$spam_tag_level = Validate::validate($spam_tag_level, 'spam_tag_level', '/^\\d{1,}(\\.\\d{1})?$/', '', [7.0], true);\n\t\t\tif ($spam_kill_level > -1) {\n\t\t\t\t$spam_kill_level = Validate::validate($spam_kill_level, 'spam_kill_level', '/^\\d{1,}(\\.\\d{1})?$/', '', [14.0], true);\n\t\t\t}\n\t\t\t$description = Validate::validate(trim($description), 'description', Validate::REGEX_DESC_TEXT, '', [], true);\n\n\t\t\t$stmt = Database::prepare(\"\n\t\t\t\tINSERT INTO `\" . TABLE_MAIL_VIRTUAL . \"` SET\n\t\t\t\t`customerid` = :cid,\n\t\t\t\t`email` = :email,\n\t\t\t\t`email_full` = :email_full,\n\t\t\t\t`spam_tag_level` = :spam_tag_level,\n\t\t\t\t`rewrite_subject` = :rewrite_subject,\n\t\t\t\t`spam_kill_level` = :spam_kill_level,\n\t\t\t\t`bypass_spam` = :bypass_spam,\n\t\t\t\t`policy_greylist` = :policy_greylist,\n\t\t\t\t`iscatchall` = :iscatchall,\n\t\t\t\t`domainid` = :domainid,\n\t\t\t\t`description` = :description\n\t\t\t\");\n\t\t\t$params = [\n\t\t\t\t\"cid\" => $customer['customerid'],\n\t\t\t\t\"email\" => $email,\n\t\t\t\t\"email_full\" => $email_full,\n\t\t\t\t\"spam_tag_level\" => $spam_tag_level,\n\t\t\t\t\"rewrite_subject\" => $rewrite_subject,\n\t\t\t\t\"spam_kill_level\" => $spam_kill_level,\n\t\t\t\t\"bypass_spam\" => $bypass_spam,\n\t\t\t\t\"policy_greylist\" => $policy_greylist,\n\t\t\t\t\"iscatchall\" => $iscatchall,\n\t\t\t\t\"domainid\" => $domain_check['id'],\n\t\t\t\t\"description\" => $description\n\t\t\t];\n\t\t\tDatabase::pexecute($stmt, $params, true, true);\n\n\t\t\t// update customer usage\n\t\t\tCustomers::increaseUsage($customer['customerid'], 'emails_used');\n\n\t\t\tCronjob::inserttask(TaskId::REBUILD_RSPAMD);\n\t\t\t$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, \"[API] added email address '\" . $email_full . \"'\");\n\n\t\t\t$result = $this->apiCall('Emails.get', [\n\t\t\t\t'emailaddr' => $email_full\n\t\t\t]);\n\t\t\treturn $this->response($result);\n\t\t}\n\t\tthrow new Exception(\"No more resources available\", 406);\n\t}\n\n\t/**\n\t * return a email-address entry by either id or email-address\n\t *\n\t * @param int $id\n\t * optional, the email-address-id\n\t * @param string $emailaddr\n\t * optional, the email-address\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function get()\n\t{\n\t\t$id = $this->getParam('id', true, 0);\n\t\t$ea_optional = $id > 0;\n\t\t$emailaddr = $this->getParam('emailaddr', $ea_optional, '');\n\n\t\t$params = [];\n\t\t$customer_ids = $this->getAllowedCustomerIds('email');\n\t\t$params['idea'] = ($id <= 0 ? $emailaddr : $id);\n\n\t\t$result_stmt = Database::prepare(\"SELECT v.*, u.`quota`, u.`imap`, u.`pop3`, u.`postfix`, u.`mboxsize` \" . ($this->isInternal() ? \", `u`.`homedir`, `u`.`maildir`\" : \"\") . \"\n\t\t\tFROM `\" . TABLE_MAIL_VIRTUAL . \"` v\n\t\t\tLEFT JOIN `\" . TABLE_MAIL_USERS . \"` u ON v.`popaccountid` = u.`id`\n\t\t\tWHERE v.`customerid` IN (\" . implode(\", \", $customer_ids) . \")\n\t\t\tAND \" . (is_numeric($params['idea']) ? \"v.`id`= :idea\" : \"(v.`email` = :idea OR v.`email_full` = :idea)\"\n\t\t\t));\n\t\t$result = Database::pexecute_first($result_stmt, $params, true, true);\n\t\tif ($result) {\n\t\t\t$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO, \"[API] get email address '\" . $result['email_full'] . \"'\");\n\t\t\treturn $this->response($result);\n\t\t}\n\t\t$key = ($id > 0 ? \"id #\" . $id : \"emailaddr '\" . $emailaddr . \"'\");\n\t\tthrow new Exception(\"Email address with \" . $key . \" could not be found\", 404);\n\t}\n\n\t/**\n\t * toggle catchall flag of given email address either by id or email-address\n\t *\n\t * @param int $id\n\t * optional, the email-address-id\n\t * @param string $emailaddr\n\t * optional, the email-address\n\t * @param int $customerid\n\t * optional, required when called as admin (if $loginname is not specified)\n\t * @param string $loginname\n\t * optional, required when called as admin (if $customerid is not specified)\n\t * @param float $spam_tag_level\n\t * optional, score which is required to tag emails as spam, default: 7.0\n\t * @param bool $rewrite_subject\n\t * optional, whether to add ***SPAM*** to the email's subject if applicable, default: [antispam.default_spam_rewrite_subject]\n\t * @param float $spam_kill_level\n\t * optional, score which is required to discard emails, default: 14.0\n\t * @param boolean $bypass_spam\n\t * optional, disable spam-filter entirely, default: [antispam.default_bypass_spam]\n\t * @param boolean $policy_greylist\n\t * optional, enable grey-listing, default: [antispam.default_policy_greylist]\n\t * @param boolean $iscatchall\n\t * optional\n\t * @param string $description\n\t * optional custom description (currently not used/shown in the frontend), default empty\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function update()\n\t{\n\t\tif ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'email')) {\n\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t}\n\n\t\t$id = $this->getParam('id', true, 0);\n\t\t$ea_optional = $id > 0;\n\t\t$emailaddr = $this->getParam('emailaddr', $ea_optional, '');\n\n\t\t$result = $this->apiCall('Emails.get', [\n\t\t\t'id' => $id,\n\t\t\t'emailaddr' => $emailaddr\n\t\t]);\n\t\t$id = $result['id'];\n\n\t\t// parameters\n\t\t$spam_tag_level = $this->getParam('spam_tag_level', true, $result['spam_tag_level']);\n\t\t$spam_kill_level = $this->getUlParam('spam_kill_level', 'spam_kill_level_ul', true, $result['spam_kill_level']);\n\t\t$iscatchall = $this->getBoolParam('iscatchall', true, $result['iscatchall']);\n\t\t$description = $this->getParam('description', true, $result['description']);\n\n\t\tif ((int)Settings::Get('antispam.default_spam_rewrite_subject') <= 2) {\n\t\t\t$rewrite_subject = $this->getBoolParam('rewrite_subject', true, $result['rewrite_subject']);\n\t\t} else {\n\t\t\t$rewrite_subject = (int)Settings::Get('antispam.default_spam_rewrite_subject') == 3 ? 1 : 0;\n\t\t}\n\t\tif ((int)Settings::Get('antispam.default_bypass_spam') <= 2) {\n\t\t\t$bypass_spam = $this->getBoolParam('bypass_spam', true, $result['bypass_spam']);\n\t\t} else {\n\t\t\t$bypass_spam = (int)Settings::Get('antispam.default_bypass_spam') == 3 ? 1 : 0;\n\t\t}\n\t\tif ((int)Settings::Get('antispam.default_policy_greylist') <= 2) {\n\t\t\t$policy_greylist = $this->getBoolParam('policy_greylist', true, $result['policy_greylist']);\n\t\t} else {\n\t\t\t$policy_greylist = (int)Settings::Get('antispam.default_policy_greylist') == 3 ? 1 : 0;\n\t\t}\n\n\t\t// if enabling catchall is not allowed by settings, we do not need\n\t\t// to run update()\n\t\tif ($iscatchall && $result['iscatchall'] == 0 && Settings::Get('catchall.catchall_enabled') != '1') {\n\t\t\tResponse::standardError([\n\t\t\t\t'operationnotpermitted',\n\t\t\t\t'featureisdisabled'\n\t\t\t], 'catchall', true);\n\t\t}\n\n\t\t// get needed customer info to reduce the email-address-counter by one\n\t\t$customer = $this->getCustomerData();\n\n\t\t// check for catchall-flag\n\t\t$email = $result['email_full'];\n\t\tif ($iscatchall) {\n\t\t\t$iscatchall = '1';\n\t\t\t$email = $result['email'];\n\t\t\t// update only required if it was not a catchall before\n\t\t\tif ($result['iscatchall'] == 0) {\n\t\t\t\t$email_parts = explode('@', $result['email_full']);\n\t\t\t\t$email = '@' . $email_parts[1];\n\t\t\t\t// catchall check\n\t\t\t\t$stmt = Database::prepare(\"\n\t\t\t\t\tSELECT `email_full` FROM `\" . TABLE_MAIL_VIRTUAL . \"`\n\t\t\t\t\tWHERE `email` = :email AND `customerid` = :cid AND `iscatchall` = '1'\n\t\t\t\t\");\n\t\t\t\t$params = [\n\t\t\t\t\t\"email\" => $email,\n\t\t\t\t\t\"cid\" => $customer['customerid']\n\t\t\t\t];\n\t\t\t\t$email_check = Database::pexecute_first($stmt, $params, true, true);\n\t\t\t\tif ($email_check) {\n\t\t\t\t\tResponse::standardError('youhavealreadyacatchallforthisdomain', '', true);\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\t$spam_tag_level = Validate::validate($spam_tag_level, 'spam_tag_level', '/^\\d{1,}(\\.\\d{1,2})?$/', '', [7.0], true);\n\t\tif ($spam_kill_level > -1) {\n\t\t\t$spam_kill_level = Validate::validate($spam_kill_level, 'spam_kill_level', '/^\\d{1,}(\\.\\d{1,2})?$/', '', [14.0], true);\n\t\t}\n\t\t$description = Validate::validate(trim($description), 'description', Validate::REGEX_DESC_TEXT, '', [], true);\n\n\t\t$stmt = Database::prepare(\"\n\t\t\tUPDATE `\" . TABLE_MAIL_VIRTUAL . \"` SET\n\t\t\t`email` = :email ,\n\t\t\t`spam_tag_level` = :spam_tag_level,\n\t\t\t`rewrite_subject` = :rewrite_subject,\n\t\t\t`spam_kill_level` = :spam_kill_level,\n\t\t\t`bypass_spam` = :bypass_spam,\n\t\t\t`policy_greylist` = :policy_greylist,\n\t\t\t`iscatchall` = :caflag,\n\t\t\t`description` = :description\n\t\t\tWHERE `customerid`= :cid AND `id`= :id\n\t\t\");\n\t\t$params = [\n\t\t\t\"email\" => $email,\n\t\t\t\"spam_tag_level\" => $spam_tag_level,\n\t\t\t\"rewrite_subject\" => $rewrite_subject,\n\t\t\t\"spam_kill_level\" => $spam_kill_level,\n\t\t\t\"bypass_spam\" => $bypass_spam,\n\t\t\t\"policy_greylist\" => $policy_greylist,\n\t\t\t\"caflag\" => $iscatchall,\n\t\t\t\"description\" => $description,\n\t\t\t\"cid\" => $customer['customerid'],\n\t\t\t\"id\" => $id\n\t\t];\n\t\tDatabase::pexecute($stmt, $params, true, true);\n\t\tCronjob::inserttask(TaskId::REBUILD_RSPAMD);\n\t\t$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, \"[API] toggled catchall-flag for email address '\" . $result['email_full'] . \"'\");\n\n\t\t$result = $this->apiCall('Emails.get', [\n\t\t\t'emailaddr' => $result['email_full']\n\t\t]);\n\t\treturn $this->response($result);\n\t}\n\n\t/**\n\t * list all email addresses, if called from an admin, list all email addresses of all customers you are allowed to\n\t * view, or specify id or loginname for one specific customer\n\t *\n\t * @param int $customerid\n\t * optional, admin-only, select email addresses of a specific customer by id\n\t * @param string $loginname\n\t * optional, admin-only, select email addresses of a specific customer by loginname\n\t * @param array $sql_search\n\t * optional array with index = fieldname, and value = array with 'op' => operator (one of <, > or =),\n\t * LIKE is used if left empty and 'value' => searchvalue\n\t * @param int $sql_limit\n\t * optional specify number of results to be returned\n\t * @param int $sql_offset\n\t * optional specify offset for resultset\n\t * @param array $sql_orderby\n\t * optional array with index = fieldname and value = ASC|DESC to order the resultset by one or more\n\t * fields\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded array count|list\n\t * @throws Exception\n\t */\n\tpublic function listing()\n\t{\n\t\t$customer_ids = $this->getAllowedCustomerIds('email');\n\t\t$result = [];\n\t\t$query_fields = [];\n\t\t$result_stmt = Database::prepare(\"\n\t\t\tSELECT m.*, d.`domain`, u.`quota`, u.`imap`, u.`pop3`, u.`postfix`, u.`mboxsize`\n\t\t\tFROM `\" . TABLE_MAIL_VIRTUAL . \"` m\n\t\t\tLEFT JOIN `\" . TABLE_PANEL_DOMAINS . \"` d ON (m.`domainid` = d.`id`)\n\t\t\tLEFT JOIN `\" . TABLE_MAIL_USERS . \"` u ON (m.`popaccountid` = u.`id`)\n\t\t\tWHERE m.`customerid` IN (\" . implode(\", \", $customer_ids) . \")\" . $this->getSearchWhere($query_fields, true) . $this->getOrderBy() . $this->getLimit());\n\t\tDatabase::pexecute($result_stmt, $query_fields, true, true);\n\t\t$idna_convert = new IdnaWrapper();\n\t\twhile ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t$row['email'] = $idna_convert->decode($row['email']);\n\t\t\t$row['email_full'] = $idna_convert->decode($row['email_full']);\n\t\t\t$result[] = $row;\n\t\t}\n\t\t$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO, \"[API] list email-addresses\");\n\t\treturn $this->response([\n\t\t\t'count' => count($result),\n\t\t\t'list' => $result\n\t\t]);\n\t}\n\n\t/**\n\t * returns the total number of accessible email addresses\n\t *\n\t * @param int $customerid\n\t * optional, admin-only, select email addresses of a specific customer by id\n\t * @param string $loginname\n\t * optional, admin-only, select email addresses of a specific customer by loginname\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded response message\n\t * @throws Exception\n\t */\n\tpublic function listingCount()\n\t{\n\t\t$customer_ids = $this->getAllowedCustomerIds('email');\n\t\t$query_fields = [];\n\t\t$result_stmt = Database::prepare(\"\n\t\t\tSELECT COUNT(*) as num_emails\n\t\t\tFROM `\" . TABLE_MAIL_VIRTUAL . \"` m\n\t\t\tLEFT JOIN `\" . TABLE_PANEL_DOMAINS . \"` d ON (m.`domainid` = d.`id`)\n\t\t\tLEFT JOIN `\" . TABLE_MAIL_USERS . \"` u ON (m.`popaccountid` = u.`id`)\n\t\t\tWHERE m.`customerid` IN (\" . implode(\", \", $customer_ids) . \")\n\t\t\" . $this->getSearchWhere($query_fields, true));\n\t\t$result = Database::pexecute_first($result_stmt, $query_fields, true, true);\n\t\tif ($result) {\n\t\t\treturn $this->response($result['num_emails']);\n\t\t}\n\t\treturn $this->response(0);\n\t}\n\n\t/**\n\t * delete an email address by either id or username\n\t *\n\t * @param int $id\n\t * optional, the email-address-id\n\t * @param string $emailaddr\n\t * optional, the email-address\n\t * @param int $customerid\n\t * optional, required when called as admin (if $loginname is not specified)\n\t * @param string $loginname\n\t * optional, required when called as admin (if $customerid is not specified)\n\t * @param boolean $delete_userfiles\n\t * optional, delete email data from filesystem, default: 0 (false)\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function delete()\n\t{\n\t\tif ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'email')) {\n\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t}\n\n\t\t$id = $this->getParam('id', true, 0);\n\t\t$ea_optional = $id > 0;\n\t\t$emailaddr = $this->getParam('emailaddr', $ea_optional, '');\n\n\t\t$result = $this->apiCall('Emails.get', [\n\t\t\t'id' => $id,\n\t\t\t'emailaddr' => $emailaddr\n\t\t]);\n\t\t$id = $result['id'];\n\n\t\t// parameters\n\t\t$delete_userfiles = $this->getBoolParam('delete_userfiles', true, 0);\n\n\t\t// get needed customer info to reduce the email-address-counter by one\n\t\t$customer = $this->getCustomerData();\n\n\t\t// check for forwarders\n\t\t$number_forwarders = 0;\n\t\tif ($result['destination'] != '') {\n\t\t\t$result['destination'] = explode(' ', $result['destination']);\n\t\t\t$number_forwarders = count($result['destination']);\n\t\t}\n\t\t// check whether this address is an account\n\t\tif ($result['popaccountid'] != 0) {\n\t\t\t// use EmailAccounts.delete\n\t\t\t$this->apiCall('EmailAccounts.delete', [\n\t\t\t\t'id' => $result['id'],\n\t\t\t\t'customerid' => $customer['customerid'],\n\t\t\t\t'delete_userfiles' => $delete_userfiles\n\t\t\t]);\n\t\t\t$number_forwarders--;\n\t\t}\n\n\t\t// decrease forwarder counter\n\t\tCustomers::decreaseUsage($customer['customerid'], 'email_forwarders_used', '', $number_forwarders);\n\t\tAdmins::decreaseUsage($customer['customerid'], 'email_forwarders_used', '', $number_forwarders);\n\n\t\t// delete address\n\t\t$stmt = Database::prepare(\"DELETE FROM `\" . TABLE_MAIL_VIRTUAL . \"` WHERE `customerid`= :customerid AND `id`= :id\");\n\t\tDatabase::pexecute($stmt, [\n\t\t\t\"customerid\" => $customer['customerid'],\n\t\t\t\"id\" => $id\n\t\t], true, true);\n\t\tCustomers::decreaseUsage($customer['customerid'], 'emails_used');\n\n\t\t$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_WARNING, \"[API] deleted email address '\" . $result['email_full'] . \"'\");\n\t\treturn $this->response($result);\n\t}\n}\n" }, { "path": "lib/Froxlor/Api/Commands/FpmDaemons.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Api\\Commands;\n\nuse Exception;\nuse Froxlor\\Api\\ApiCommand;\nuse Froxlor\\Api\\ResourceEntity;\nuse Froxlor\\Cron\\TaskId;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\FileDir;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\System\\Cronjob;\nuse Froxlor\\UI\\Response;\nuse Froxlor\\Validate\\Validate;\nuse PDO;\n\n/**\n * @since 0.10.0\n */\nclass FpmDaemons extends ApiCommand implements ResourceEntity\n{\n\n\t/**\n\t * lists all fpm-daemon entries\n\t *\n\t * @param array $sql_search\n\t * optional array with index = fieldname, and value = array with 'op' => operator (one of <, > or =),\n\t * LIKE is used if left empty and 'value' => searchvalue\n\t * @param int $sql_limit\n\t * optional specify number of results to be returned\n\t * @param int $sql_offset\n\t * optional specify offset for resultset\n\t * @param array $sql_orderby\n\t * optional array with index = fieldname and value = ASC|DESC to order the resultset by one or more\n\t * fields\n\t *\n\t * @access admin\n\t * @return string json-encoded array count|list\n\t * @throws Exception\n\t */\n\tpublic function listing()\n\t{\n\t\tif ($this->isAdmin()) {\n\t\t\t$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, \"[API] list fpm-daemons\");\n\t\t\t$query_fields = [];\n\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\tSELECT * FROM `\" . TABLE_PANEL_FPMDAEMONS . \"`\" . $this->getSearchWhere($query_fields) . $this->getOrderBy() . $this->getLimit());\n\t\t\tDatabase::pexecute($result_stmt, $query_fields, true, true);\n\t\t\t$fpmdaemons = [];\n\t\t\twhile ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t$query_params = [\n\t\t\t\t\t'id' => $row['id']\n\t\t\t\t];\n\n\t\t\t\t$configresult_stmt = Database::prepare(\"SELECT * FROM `\" . TABLE_PANEL_PHPCONFIGS . \"` WHERE `fpmsettingid` = :id\");\n\t\t\t\tDatabase::pexecute($configresult_stmt, $query_params, true, true);\n\n\t\t\t\t$configs = [];\n\t\t\t\tif (Database::num_rows() > 0) {\n\t\t\t\t\twhile ($row2 = $configresult_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t\t\t$configs[] = $row2['description'];\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\tif (empty($configs)) {\n\t\t\t\t\t$configs[] = lng('admin.phpsettings.notused');\n\t\t\t\t}\n\n\t\t\t\t$row['configs'] = $configs;\n\t\t\t\t$fpmdaemons[] = $row;\n\t\t\t}\n\n\t\t\treturn $this->response([\n\t\t\t\t'count' => count($fpmdaemons),\n\t\t\t\t'list' => $fpmdaemons\n\t\t\t]);\n\t\t}\n\t\tthrow new Exception(\"Not allowed to execute given command.\", 403);\n\t}\n\n\t/**\n\t * returns the total number of accessible fpm daemons\n\t *\n\t * @access admin\n\t * @return string json-encoded response message\n\t * @throws Exception\n\t */\n\tpublic function listingCount()\n\t{\n\t\tif ($this->isAdmin()) {\n\t\t\t$query_fields = [];\n\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\tSELECT COUNT(*) as num_fpms FROM `\" . TABLE_PANEL_FPMDAEMONS . \"`\n\t\t\t\" . $this->getSearchWhere($query_fields));\n\t\t\t$result = Database::pexecute_first($result_stmt, $query_fields, true, true);\n\t\t\tif ($result) {\n\t\t\t\treturn $this->response($result['num_fpms']);\n\t\t\t}\n\t\t\treturn $this->response(0);\n\t\t}\n\t\tthrow new Exception(\"Not allowed to execute given command.\", 403);\n\t}\n\n\t/**\n\t * return a fpm-daemon entry by id\n\t *\n\t * @param int $id\n\t * fpm-daemon-id\n\t *\n\t * @access admin\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function get()\n\t{\n\t\tif ($this->isAdmin()) {\n\t\t\t$id = $this->getParam('id');\n\n\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\tSELECT * FROM `\" . TABLE_PANEL_FPMDAEMONS . \"` WHERE `id` = :id\n\t\t\t\");\n\t\t\t$result = Database::pexecute_first($result_stmt, [\n\t\t\t\t'id' => $id\n\t\t\t], true, true);\n\t\t\tif ($result) {\n\t\t\t\treturn $this->response($result);\n\t\t\t}\n\t\t\tthrow new Exception(\"fpm-daemon with id #\" . $id . \" could not be found\", 404);\n\t\t}\n\t\tthrow new Exception(\"Not allowed to execute given command.\", 403);\n\t}\n\n\t/**\n\t * create a new fpm-daemon entry\n\t *\n\t * @param string $description\n\t * @param string $reload_cmd\n\t * @param string $config_dir\n\t * @param string $pm\n\t * optional, process-manager, one of 'static', 'dynamic' or 'ondemand', default 'dynamic'\n\t * @param int $max_children\n\t * optional, default 5\n\t * @param int $start_servers\n\t * optional, default 2\n\t * @param int $min_spare_servers\n\t * optional, default 1\n\t * @param int $max_spare_servers\n\t * optional, default 3\n\t * @param int $max_requests\n\t * optional, default 0\n\t * @param int $idle_timeout\n\t * optional, default 10\n\t * @param string $limit_extensions\n\t * optional, limit execution to the following extensions, default '.php'\n\t * @param string $custom_config\n\t * optional, custom settings appended to phpfpm pool configuration\n\t *\n\t * @access admin\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function add()\n\t{\n\t\tif ($this->isAdmin() && $this->getUserDetail('change_serversettings') == 1) {\n\t\t\t// required parameter\n\t\t\t$description = $this->getParam('description');\n\t\t\t$reload_cmd = $this->getParam('reload_cmd');\n\t\t\t$config_dir = $this->getParam('config_dir');\n\n\t\t\t// parameters\n\t\t\t$pmanager = $this->getParam('pm', true, 'dynamic');\n\t\t\t$max_children = $this->getParam('max_children', true, 5);\n\t\t\t$start_servers = $this->getParam('start_servers', true, 2);\n\t\t\t$min_spare_servers = $this->getParam('min_spare_servers', true, 1);\n\t\t\t$max_spare_servers = $this->getParam('max_spare_servers', true, 3);\n\t\t\t$max_requests = $this->getParam('max_requests', true, 0);\n\t\t\t$idle_timeout = $this->getParam('idle_timeout', true, 10);\n\t\t\t$limit_extensions = $this->getParam('limit_extensions', true, '.php');\n\t\t\t$custom_config = $this->getParam('custom_config', true, '');\n\n\t\t\t// validation\n\t\t\t$description = Validate::validate($description, 'description', Validate::REGEX_DESC_TEXT, '', [], true);\n\t\t\t$reload_cmd = Validate::validate($reload_cmd, 'reload_cmd', '/^[a-z0-9\\/\\._\\-@ ]+$/i', '', [], true);\n\t\t\t$sel_stmt = Database::prepare(\"SELECT `id` FROM `\".TABLE_PANEL_FPMDAEMONS.\"` WHERE `reload_cmd` = :rc\");\n\t\t\t$dupcheck = Database::pexecute_first($sel_stmt, ['rc' => $reload_cmd]);\n\t\t\tif ($dupcheck && $dupcheck['id']) {\n\t\t\t\tthrow new Exception(\"PHP-FPM version with the given restart command already exists\", 406);\n\t\t\t}\n\t\t\t$config_dir = Validate::validate($config_dir, 'config_dir', Validate::REGEX_DIR, '', [], true);\n\t\t\tif (!in_array($pmanager, [\n\t\t\t\t'static',\n\t\t\t\t'dynamic',\n\t\t\t\t'ondemand'\n\t\t\t])) {\n\t\t\t\tthrow new Exception(\"Unknown process manager\", 406);\n\t\t\t}\n\t\t\tif (empty($limit_extensions)) {\n\t\t\t\t$limit_extensions = '.php';\n\t\t\t}\n\t\t\t$limit_extensions = Validate::validate($limit_extensions, 'limit_extensions', '/^(\\.[a-z]([a-z0-9]+)\\ ?)+$/', '', [], true);\n\n\t\t\tif (strlen($description) == 0 || strlen($description) > 50) {\n\t\t\t\tResponse::standardError('descriptioninvalid', '', true);\n\t\t\t}\n\n\t\t\t$ins_stmt = Database::prepare(\"\n\t\t\t\tINSERT INTO `\" . TABLE_PANEL_FPMDAEMONS . \"` SET\n\t\t\t\t`description` = :desc,\n\t\t\t\t`reload_cmd` = :reload_cmd,\n\t\t\t\t`config_dir` = :config_dir,\n\t\t\t\t`pm` = :pm,\n\t\t\t\t`max_children` = :max_children,\n\t\t\t\t`start_servers` = :start_servers,\n\t\t\t\t`min_spare_servers` = :min_spare_servers,\n\t\t\t\t`max_spare_servers` = :max_spare_servers,\n\t\t\t\t`max_requests` = :max_requests,\n\t\t\t\t`idle_timeout` = :idle_timeout,\n\t\t\t\t`limit_extensions` = :limit_extensions,\n\t\t\t\t`custom_config` = :custom_config\n\t\t\t\");\n\t\t\t$ins_data = [\n\t\t\t\t'desc' => $description,\n\t\t\t\t'reload_cmd' => $reload_cmd,\n\t\t\t\t'config_dir' => FileDir::makeCorrectDir($config_dir),\n\t\t\t\t'pm' => $pmanager,\n\t\t\t\t'max_children' => $max_children,\n\t\t\t\t'start_servers' => $start_servers,\n\t\t\t\t'min_spare_servers' => $min_spare_servers,\n\t\t\t\t'max_spare_servers' => $max_spare_servers,\n\t\t\t\t'max_requests' => $max_requests,\n\t\t\t\t'idle_timeout' => $idle_timeout,\n\t\t\t\t'limit_extensions' => $limit_extensions,\n\t\t\t\t'custom_config' => $custom_config\n\t\t\t];\n\t\t\tDatabase::pexecute($ins_stmt, $ins_data);\n\t\t\t$id = Database::lastInsertId();\n\n\t\t\tCronjob::inserttask(TaskId::REBUILD_VHOST);\n\t\t\t$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, \"[API] fpm-daemon with description '\" . $description . \"' has been created by '\" . $this->getUserDetail('loginname') . \"'\");\n\t\t\t$result = $this->apiCall('FpmDaemons.get', [\n\t\t\t\t'id' => $id\n\t\t\t]);\n\t\t\treturn $this->response($result);\n\t\t}\n\t\tthrow new Exception(\"Not allowed to execute given command.\", 403);\n\t}\n\n\t/**\n\t * update a fpm-daemon entry by given id\n\t *\n\t * @param int $id\n\t * fpm-daemon id\n\t * @param string $description\n\t * optional\n\t * @param string $reload_cmd\n\t * optional\n\t * @param string $config_dir\n\t * optional\n\t * @param string $pm\n\t * optional, process-manager, one of 'static', 'dynamic' or 'ondemand', default 'dynamic'\n\t * @param int $max_children\n\t * optional, default 5\n\t * @param int $start_servers\n\t * optional, default 2\n\t * @param int $min_spare_servers\n\t * optional, default 1\n\t * @param int $max_spare_servers\n\t * optional, default 3\n\t * @param int $max_requests\n\t * optional, default 0\n\t * @param int $idle_timeout\n\t * optional, default 10\n\t * @param string $limit_extensions\n\t * optional, limit execution to the following extensions, default '.php'\n\t * @param string $custom_config\n\t * optional, custom settings appended to phpfpm pool configuration\n\t *\n\t * @access admin\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function update()\n\t{\n\t\tif ($this->isAdmin() && $this->getUserDetail('change_serversettings') == 1) {\n\t\t\t// required parameter\n\t\t\t$id = $this->getParam('id');\n\n\t\t\t$result = $this->apiCall('FpmDaemons.get', [\n\t\t\t\t'id' => $id\n\t\t\t]);\n\n\t\t\t// parameters\n\t\t\t$description = $this->getParam('description', true, $result['description']);\n\t\t\t$reload_cmd = $this->getParam('reload_cmd', true, $result['reload_cmd']);\n\t\t\t$config_dir = $this->getParam('config_dir', true, $result['config_dir']);\n\t\t\t$pmanager = $this->getParam('pm', true, $result['pm']);\n\t\t\t$max_children = $this->getParam('max_children', true, $result['max_children']);\n\t\t\t$start_servers = $this->getParam('start_servers', true, $result['start_servers']);\n\t\t\t$min_spare_servers = $this->getParam('min_spare_servers', true, $result['min_spare_servers']);\n\t\t\t$max_spare_servers = $this->getParam('max_spare_servers', true, $result['max_spare_servers']);\n\t\t\t$max_requests = $this->getParam('max_requests', true, $result['max_requests']);\n\t\t\t$idle_timeout = $this->getParam('idle_timeout', true, $result['idle_timeout']);\n\t\t\t$limit_extensions = $this->getParam('limit_extensions', true, $result['limit_extensions']);\n\t\t\t$custom_config = $this->getParam('custom_config', true, $result['custom_config']);\n\n\t\t\t// validation\n\t\t\t$description = Validate::validate($description, 'description', Validate::REGEX_DESC_TEXT, '', [], true);\n\t\t\t$reload_cmd = Validate::validate($reload_cmd, 'reload_cmd', '/^[a-z0-9\\/\\._\\-@ ]+$/i', '', [], true);\n\t\t\t$sel_stmt = Database::prepare(\"SELECT `id` FROM `\".TABLE_PANEL_FPMDAEMONS.\"` WHERE `reload_cmd` = :rc\");\n\t\t\t$dupcheck = Database::pexecute_first($sel_stmt, ['rc' => $reload_cmd]);\n\t\t\tif ($dupcheck && $dupcheck['id'] != $id) {\n\t\t\t\tthrow new Exception(\"PHP-FPM version with the given restart command already exists\", 406);\n\t\t\t}\n\t\t\t$config_dir = Validate::validate($config_dir, 'config_dir', Validate::REGEX_DIR, '', [], true);\n\t\t\tif (!in_array($pmanager, [\n\t\t\t\t'static',\n\t\t\t\t'dynamic',\n\t\t\t\t'ondemand'\n\t\t\t])) {\n\t\t\t\tthrow new Exception(\"Unknown process manager\", 406);\n\t\t\t}\n\t\t\tif (empty($limit_extensions)) {\n\t\t\t\t$limit_extensions = '.php';\n\t\t\t}\n\t\t\t$limit_extensions = Validate::validate($limit_extensions, 'limit_extensions', '/^(\\.[a-z]([a-z0-9]+)\\ ?)+$/', '', [], true);\n\n\t\t\tif (strlen($description) == 0 || strlen($description) > 50) {\n\t\t\t\tResponse::standardError('descriptioninvalid', '', true);\n\t\t\t}\n\n\t\t\t$upd_stmt = Database::prepare(\"\n\t\t\t\tUPDATE `\" . TABLE_PANEL_FPMDAEMONS . \"` SET\n\t\t\t\t`description` = :desc,\n\t\t\t\t`reload_cmd` = :reload_cmd,\n\t\t\t\t`config_dir` = :config_dir,\n\t\t\t\t`pm` = :pm,\n\t\t\t\t`max_children` = :max_children,\n\t\t\t\t`start_servers` = :start_servers,\n\t\t\t\t`min_spare_servers` = :min_spare_servers,\n\t\t\t\t`max_spare_servers` = :max_spare_servers,\n\t\t\t\t`max_requests` = :max_requests,\n\t\t\t\t`idle_timeout` = :idle_timeout,\n\t\t\t\t`limit_extensions` = :limit_extensions,\n\t\t\t\t`custom_config` = :custom_config\n\t\t\t\tWHERE `id` = :id\n\t\t\t\");\n\t\t\t$upd_data = [\n\t\t\t\t'desc' => $description,\n\t\t\t\t'reload_cmd' => $reload_cmd,\n\t\t\t\t'config_dir' => FileDir::makeCorrectDir($config_dir),\n\t\t\t\t'pm' => $pmanager,\n\t\t\t\t'max_children' => $max_children,\n\t\t\t\t'start_servers' => $start_servers,\n\t\t\t\t'min_spare_servers' => $min_spare_servers,\n\t\t\t\t'max_spare_servers' => $max_spare_servers,\n\t\t\t\t'max_requests' => $max_requests,\n\t\t\t\t'idle_timeout' => $idle_timeout,\n\t\t\t\t'limit_extensions' => $limit_extensions,\n\t\t\t\t'custom_config' => $custom_config,\n\t\t\t\t'id' => $id\n\t\t\t];\n\t\t\tDatabase::pexecute($upd_stmt, $upd_data, true, true);\n\n\t\t\tCronjob::inserttask(TaskId::REBUILD_VHOST);\n\t\t\t$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, \"[API] fpm-daemon with description '\" . $description . \"' has been updated by '\" . $this->getUserDetail('loginname') . \"'\");\n\t\t\t$result = $this->apiCall('FpmDaemons.get', [\n\t\t\t\t'id' => $id\n\t\t\t]);\n\t\t\treturn $this->response($result);\n\t\t}\n\t\tthrow new Exception(\"Not allowed to execute given command.\", 403);\n\t}\n\n\t/**\n\t * delete a fpm-daemon entry by id\n\t *\n\t * @param int $id\n\t * fpm-daemon-id\n\t *\n\t * @access admin\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function delete()\n\t{\n\t\tif ($this->isAdmin() && $this->getUserDetail('change_serversettings') == 1) {\n\t\t\t$id = $this->getParam('id');\n\n\t\t\tif ($id == 1) {\n\t\t\t\tResponse::standardError('cannotdeletedefaultphpconfig', '', true);\n\t\t\t}\n\n\t\t\t$result = $this->apiCall('FpmDaemons.get', [\n\t\t\t\t'id' => $id\n\t\t\t]);\n\n\t\t\t// set default fpm daemon config for all php-config that use this config that is to be deleted\n\t\t\t$upd_stmt = Database::prepare(\"\n\t\t\t\tUPDATE `\" . TABLE_PANEL_PHPCONFIGS . \"` SET\n\t\t\t\t`fpmsettingid` = '1' WHERE `fpmsettingid` = :id\n\t\t\t\");\n\t\t\tDatabase::pexecute($upd_stmt, [\n\t\t\t\t'id' => $id\n\t\t\t], true, true);\n\n\t\t\t$del_stmt = Database::prepare(\"\n\t\t\t\tDELETE FROM `\" . TABLE_PANEL_FPMDAEMONS . \"` WHERE `id` = :id\n\t\t\t\");\n\t\t\tDatabase::pexecute($del_stmt, [\n\t\t\t\t'id' => $id\n\t\t\t], true, true);\n\n\t\t\tCronjob::inserttask(TaskId::REBUILD_VHOST);\n\t\t\t$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, \"[API] fpm-daemon setting '\" . $result['description'] . \"' has been deleted by '\" . $this->getUserDetail('loginname') . \"'\");\n\t\t\treturn $this->response($result);\n\t\t}\n\t\tthrow new Exception(\"Not allowed to execute given command.\", 403);\n\t}\n}\n" }, { "path": "lib/Froxlor/Api/Commands/Froxlor.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Api\\Commands;\n\nuse Exception;\nuse Froxlor\\Api\\ApiCommand;\nuse Froxlor\\Cron\\TaskId;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\Database\\IntegrityCheck;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\Install\\AutoUpdate;\nuse Froxlor\\Install\\Update;\nuse Froxlor\\Settings;\nuse Froxlor\\SImExporter;\nuse Froxlor\\System\\Cronjob;\nuse Froxlor\\System\\Crypt;\nuse Froxlor\\Validate\\Validate;\nuse PDO;\nuse RecursiveDirectoryIterator;\nuse RecursiveIteratorIterator;\nuse ReflectionClass;\nuse ReflectionException;\nuse ReflectionMethod;\n\n/**\n * @since 0.10.0\n */\nclass Froxlor extends ApiCommand\n{\n\n\tconst UPDATE_CHECK_INTERVAL = 21600; // 6 hrs\n\n\t/**\n\t * checks whether there is a newer version of froxlor available\n\t *\n\t * @param bool $force optional, force live update-check\n\t *\n\t * @access admin\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function checkUpdate()\n\t{\n\t\tif ($this->isAdmin() && $this->getUserDetail('change_serversettings')) {\n\n\t\t\t$uc_data = Update::getUpdateCheckData();\n\n\t\t\t$force_ucheck = $this->getBoolParam('force', true, 0);\n\t\t\t$response = $uc_data['data'] ?? [];\n\n\t\t\tif (empty($uc_data) || empty($response) || $uc_data['ts'] + self::UPDATE_CHECK_INTERVAL < time() || $uc_data['channel'] != Settings::Get('system.update_channel') || $force_ucheck) {\n\t\t\t\t// log our actions\n\t\t\t\t$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, \"[API] checking for updates\");\n\n\t\t\t\t// check for new version\n\t\t\t\t$aucheck = AutoUpdate::checkVersion();\n\n\t\t\t\t$response = [];\n\t\t\t\tif ($aucheck == 1) {\n\t\t\t\t\t// anzeige über version-status mit ggfls. formular\n\t\t\t\t\t// zum update schritt #1 -> download\n\t\t\t\t\t$text = lng('update.uc_newinfo', [(Settings::Get('system.update_channel') != 'stable' ? Settings::Get('system.update_channel').' ' : ''), AutoUpdate::getFromResult('version'), $this->version]);\n\t\t\t\t\t$response = [\n\t\t\t\t\t\t'isnewerversion' => (int) !AutoUpdate::getFromResult('has_latest'),\n\t\t\t\t\t\t'version' => $this->version,\n\t\t\t\t\t\t'message' => $text,\n\t\t\t\t\t\t'link' => AutoUpdate::getFromResult('url'),\n\t\t\t\t\t\t'additional_info' => AutoUpdate::getFromResult('info'),\n\t\t\t\t\t\t'aucheck' => $aucheck\n\t\t\t\t\t];\n\t\t\t\t} elseif ($aucheck < 0 || $aucheck > 1) {\n\t\t\t\t\t// errors\n\t\t\t\t\tif ($aucheck < 0) {\n\t\t\t\t\t\t$errmsg = AutoUpdate::getLastError();\n\t\t\t\t\t} else {\n\t\t\t\t\t\tif ($aucheck == 3) {\n\t\t\t\t\t\t\t$errmsg = lng('error.customized_version');\n\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t$errmsg = lng('error.autoupdate_' . $aucheck);\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t\t$response = [\n\t\t\t\t\t\t'isnewerversion' => 0,\n\t\t\t\t\t\t'version' => $this->version,\n\t\t\t\t\t\t'message' => '',\n\t\t\t\t\t\t'link' => '',\n\t\t\t\t\t\t'additional_info' => $errmsg,\n\t\t\t\t\t\t'aucheck' => $aucheck\n\t\t\t\t\t];\n\t\t\t\t} else {\n\t\t\t\t\t$response = [\n\t\t\t\t\t\t'isnewerversion' => 0,\n\t\t\t\t\t\t'version' => $this->version,\n\t\t\t\t\t\t'message' => '',\n\t\t\t\t\t\t'link' => '',\n\t\t\t\t\t\t'additional_info' => AutoUpdate::getFromResult('info'),\n\t\t\t\t\t\t'aucheck' => $aucheck\n\t\t\t\t\t];\n\t\t\t\t}\n\n\t\t\t\tUpdate::storeUpdateCheckData($response);\n\t\t\t}\n\n\t\t\treturn $this->response($response);\n\t\t}\n\t\tthrow new Exception(\"Not allowed to execute given command.\", 403);\n\t}\n\n\t/**\n\t * import settings\n\t *\n\t * @param string $json_str\n\t * content of exported froxlor-settings json file\n\t *\n\t * @access admin\n\t * @return string json-encoded bool\n\t * @throws Exception\n\t */\n\tpublic function importSettings()\n\t{\n\t\tif ($this->isAdmin() && $this->getUserDetail('change_serversettings')) {\n\t\t\t$json_str = $this->getParam('json_str');\n\t\t\t$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_WARNING, \"User \" . $this->getUserDetail('loginname') . \" imported settings\");\n\t\t\ttry {\n\t\t\t\tSImExporter::import($json_str);\n\t\t\t\tCronjob::inserttask(TaskId::REBUILD_VHOST);\n\t\t\t\tCronjob::inserttask(TaskId::CREATE_QUOTA);\n\t\t\t\t// Using nameserver, insert a task which rebuilds the server config\n\t\t\t\tCronjob::inserttask(TaskId::REBUILD_DNS);\n\t\t\t\t// cron.d file\n\t\t\t\tCronjob::inserttask(TaskId::REBUILD_CRON);\n\t\t\t\treturn $this->response(true);\n\t\t\t} catch (Exception $e) {\n\t\t\t\tthrow new Exception($e->getMessage(), 406);\n\t\t\t}\n\t\t}\n\t\tthrow new Exception(\"Not allowed to execute given command.\", 403);\n\t}\n\n\t/**\n\t * export settings\n\t *\n\t * @access admin\n\t * @return string json-string\n\t * @throws Exception\n\t */\n\tpublic function exportSettings()\n\t{\n\t\tif ($this->isAdmin() && $this->getUserDetail('change_serversettings')) {\n\t\t\t$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, \"User \" . $this->getUserDetail('loginname') . \" exported settings\");\n\t\t\t$json_export = SImExporter::export();\n\t\t\treturn $this->response($json_export);\n\t\t}\n\t\tthrow new Exception(\"Not allowed to execute given command.\", 403);\n\t}\n\n\t/**\n\t * return a list of all settings\n\t *\n\t * @access admin\n\t * @return string json-encoded array count|list\n\t * @throws Exception\n\t */\n\tpublic function listSettings()\n\t{\n\t\tif ($this->isAdmin() && $this->getUserDetail('change_serversettings')) {\n\t\t\t$sel_stmt = Database::prepare(\"\n\t\t\t\tSELECT * FROM `\" . TABLE_PANEL_SETTINGS . \"` ORDER BY settinggroup ASC, varname ASC\n\t\t\t\");\n\t\t\tDatabase::pexecute($sel_stmt, null, true, true);\n\t\t\t$result = [];\n\t\t\twhile ($row = $sel_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t$result[] = [\n\t\t\t\t\t'key' => $row['settinggroup'] . '.' . $row['varname'],\n\t\t\t\t\t'value' => $row['value']\n\t\t\t\t];\n\t\t\t}\n\t\t\treturn $this->response([\n\t\t\t\t'count' => count($result),\n\t\t\t\t'list' => $result\n\t\t\t]);\n\t\t}\n\t\tthrow new Exception(\"Not allowed to execute given command.\", 403);\n\t}\n\n\t/**\n\t * return a setting by settinggroup.varname couple\n\t *\n\t * @param string $key\n\t * settinggroup.varname couple\n\t *\n\t * @access admin\n\t * @return string\n\t * @throws Exception\n\t */\n\tpublic function getSetting()\n\t{\n\t\tif ($this->isAdmin() && $this->getUserDetail('change_serversettings')) {\n\t\t\t$setting = $this->getParam('key');\n\t\t\treturn $this->response(Settings::Get($setting));\n\t\t}\n\t\tthrow new Exception(\"Not allowed to execute given command.\", 403);\n\t}\n\n\t/**\n\t * updates a setting\n\t *\n\t * @param string $key\n\t * settinggroup.varname couple\n\t * @param string $value\n\t * optional the new value, default is ''\n\t *\n\t * @access admin\n\t * @return string\n\t * @throws Exception\n\t */\n\tpublic function updateSetting()\n\t{\n\t\t// currently not implemented as it requires validation too so no wrong settings are being stored via API\n\t\tthrow new Exception(\"Not available yet.\", 501);\n\n\t\tif ($this->isAdmin() && $this->getUserDetail('change_serversettings')) {\n\t\t\t$setting = $this->getParam('key');\n\t\t\t$value = $this->getParam('value', true, '');\n\t\t\t$oldvalue = Settings::Get($setting);\n\t\t\tif (is_null($oldvalue)) {\n\t\t\t\tthrow new Exception(\"Setting '\" . $setting . \"' could not be found\");\n\t\t\t}\n\t\t\t$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_WARNING, \"[API] Changing setting '\" . $setting . \"' from '\" . $oldvalue . \"' to '\" . $value . \"'\");\n\t\t\treturn $this->response(Settings::Set($setting, $value, true));\n\t\t}\n\t\tthrow new Exception(\"Not allowed to execute given command.\", 403);\n\t}\n\n\t/**\n\t * returns a random password based on froxlor settings for min-length, included characters, etc.\n\t *\n\t * @param int $length\n\t * optional length of password, defaults to 0 (panel.password_min_length)\n\t *\n\t * @access admin, customer\n\t * @return string\n\t * @throws Exception\n\t */\n\tpublic function generatePassword(): string\n\t{\n\t\t$length = $this->getParam('length', true, 0);\n\t\treturn $this->response(Crypt::generatePassword($length));\n\t}\n\n\t/**\n\t * return a one-time login link URL for a given user\n\t *\n\t * @param int $customerid optional, required if $loginname is not specified, user to create link for\n\t * @param string $loginname optional, required if $customerid is not specified, user to create link for\n\t * @param int $valid_time optional, value in seconds how long the link will be valid, default is 10 seconds, valid values are numbers from 10 to 120\n\t * @param string $allowed_from optional, comma separated list of ip addresses or networks to allow login from via this link\n\t *\n\t * @access admin\n\t * @return string json-encoded array [base => domain, uri => relative link]\n\t * @throws Exception\n\t */\n\tpublic function generateLoginLink()\n\t{\n\t\tif ($this->isAdmin()) {\n\t\t\t$customer = $this->getCustomerData();\n\n\t\t\t// cannot create link for deactivated users\n\t\t\tif ((int)$customer['deactivated'] == 1) {\n\t\t\t\tthrow new Exception(\"Cannot generate link for deactivated user\", 406);\n\t\t\t}\n\n\t\t\t$valid_time = (int)$this->getParam('valid_time', true, 10);\n\t\t\t$allowed_from = $this->getParam('allowed_from', true, '');\n\n\t\t\t$valid_time = Validate::validate($valid_time, 'valid time', '/^(1[0-1][0-9]|120|[1-9][0-9])$/', 'invalid_validtime', [10], true);\n\n\t\t\t// validate allowed_from\n\t\t\tif (!empty($allowed_from)) {\n\t\t\t\t$ip_list = array_map('trim', explode(\",\", $allowed_from));\n\t\t\t\t$_check_list = $ip_list;\n\t\t\t\tforeach ($_check_list as $idx => $ip) {\n\t\t\t\t\tif (Validate::validate_ip2($ip, true, 'invalidip', true, true, true) == false) {\n\t\t\t\t\t\tthrow new Exception('Invalid ip address', 406);\n\t\t\t\t\t}\n\t\t\t\t\t// check for cidr\n\t\t\t\t\tif (strpos($ip, '/') !== false) {\n\t\t\t\t\t\t$ipparts = explode(\"/\", $ip);\n\t\t\t\t\t\t// shorten IP\n\t\t\t\t\t\t$ip = inet_ntop(inet_pton($ipparts[0]));\n\t\t\t\t\t\t// re-add cidr\n\t\t\t\t\t\t$ip .= '/' . $ipparts[1];\n\t\t\t\t\t} else {\n\t\t\t\t\t\t// shorten IP\n\t\t\t\t\t\t$ip = inet_ntop(inet_pton($ip));\n\t\t\t\t\t}\n\t\t\t\t\t$ip_list[$idx] = $ip;\n\t\t\t\t}\n\t\t\t\t$allowed_from = implode(\",\", array_unique($ip_list));\n\t\t\t}\n\n\t\t\t$hash = hash('sha256', openssl_random_pseudo_bytes(64 * 64));\n\n\t\t\t$ins_stmt = Database::prepare(\"\n\t\t\t\tINSERT INTO `\" . TABLE_PANEL_LOGINLINKS . \"`\n\t\t\t\tSET `hash` = :hash, `loginname` = :loginname, `valid_until` = :validuntil, `allowed_from` = :allowedfrom\n\t\t\t\tON DUPLICATE KEY UPDATE `hash` = :hash, `valid_until` = :validuntil, `allowed_from` = :allowedfrom\n\t\t\t\");\n\t\t\tDatabase::pexecute($ins_stmt, [\n\t\t\t\t'hash' => $hash,\n\t\t\t\t'loginname' => $customer['loginname'],\n\t\t\t\t'validuntil' => time() + $valid_time,\n\t\t\t\t'allowedfrom' => $allowed_from\n\t\t\t]);\n\n\t\t\treturn $this->response([\n\t\t\t\t'base' => 'https://' . Settings::Get('system.hostname') . '/' . (Settings::Get('system.froxlordirectlyviahostname') != 1 ? basename(\\Froxlor\\Froxlor::getInstallDir()) . '/' : ''),\n\t\t\t\t'uri' => 'index.php?action=ll&ln=' . $customer['loginname'] . '&h=' . $hash\n\t\t\t]);\n\t\t}\n\t\tthrow new Exception(\"Not allowed to execute given command.\", 403);\n\t}\n\n\t/**\n\t * can be used to remotely run the integritiy checks froxlor implements\n\t *\n\t * @access admin\n\t * @return string\n\t * @throws Exception\n\t */\n\tpublic function integrityCheck()\n\t{\n\t\tif ($this->isAdmin() && $this->getUserDetail('change_serversettings')) {\n\t\t\t$integrity = new IntegrityCheck();\n\t\t\t$result = $integrity->checkAll();\n\t\t\tif ($result) {\n\t\t\t\treturn $this->response(null, 204);\n\t\t\t}\n\t\t\tthrow new Exception(\"Some checks failed.\", 406);\n\t\t}\n\t\tthrow new Exception(\"Not allowed to execute given command.\", 403);\n\t}\n\n\t/**\n\t * returns a list of all available api functions\n\t *\n\t * @param string $module\n\t * optional, return list of functions for a specific module\n\t * @param string $function\n\t * optional, return parameter information for a specific module and function\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function listFunctions()\n\t{\n\t\t$module = $this->getParam('module', true, '');\n\t\t$function = $this->getParam('function', true, '');\n\n\t\t$functions = [];\n\t\tif ($module != null) {\n\t\t\t// check existence\n\t\t\t$this->requireModules($module);\n\t\t\t// now get all static functions\n\t\t\t$reflection = new ReflectionClass(__NAMESPACE__ . '\\\\' . $module);\n\t\t\t$_functions = $reflection->getMethods(ReflectionMethod::IS_PUBLIC);\n\t\t\tforeach ($_functions as $func) {\n\t\t\t\tif (empty($function) || ($function != null && $func->name == $function)) {\n\t\t\t\t\tif ($func->class == __NAMESPACE__ . '\\\\' . $module && $func->isPublic()) {\n\t\t\t\t\t\tarray_push($functions, array_merge([\n\t\t\t\t\t\t\t'module' => $module,\n\t\t\t\t\t\t\t'function' => $func->name\n\t\t\t\t\t\t], $this->getParamListFromDoc($module, $func->name)));\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t} else {\n\t\t\t// check all the modules\n\t\t\t$path = \\Froxlor\\Froxlor::getInstallDir() . '/lib/Froxlor/Api/Commands/';\n\t\t\t// valid directory?\n\t\t\tif (is_dir($path)) {\n\t\t\t\t// create RecursiveIteratorIterator\n\t\t\t\t$its = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($path));\n\t\t\t\t// check every file\n\t\t\t\tforeach ($its as $it) {\n\t\t\t\t\t// does it match the Filename pattern?\n\t\t\t\t\t$matches = [];\n\t\t\t\t\tif (preg_match(\"/^(.+)\\.php$/i\", $it->getFilename(), $matches)) {\n\t\t\t\t\t\t// check for existence\n\t\t\t\t\t\ttry {\n\t\t\t\t\t\t\t// set the module to be in our namespace\n\t\t\t\t\t\t\t$mod = $matches[1];\n\t\t\t\t\t\t\t$this->requireModules($mod);\n\t\t\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\t\t\t// @todo log?\n\t\t\t\t\t\t\tcontinue;\n\t\t\t\t\t\t}\n\t\t\t\t\t\t// now get all static functions\n\t\t\t\t\t\t$reflection = new ReflectionClass(__NAMESPACE__ . '\\\\' . $mod);\n\t\t\t\t\t\t$_functions = $reflection->getMethods(ReflectionMethod::IS_PUBLIC);\n\t\t\t\t\t\tforeach ($_functions as $func) {\n\t\t\t\t\t\t\tif ($func->class == __NAMESPACE__ . '\\\\' . $mod && $func->isPublic() && !$func->isStatic()) {\n\t\t\t\t\t\t\t\tarray_push($functions, array_merge([\n\t\t\t\t\t\t\t\t\t'module' => $matches[1],\n\t\t\t\t\t\t\t\t\t'function' => $func->name\n\t\t\t\t\t\t\t\t], $this->getParamListFromDoc($matches[1], $func->name)));\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\t// yikes - no valid directory to check\n\t\t\t\tthrow new Exception(\"Cannot search directory '\" . $path . \"'. No such directory.\", 500);\n\t\t\t}\n\t\t}\n\n\t\t// return the list\n\t\treturn $this->response($functions);\n\t}\n\n\t/**\n\t * this functions is used to check the availability\n\t * of a given list of modules.\n\t * If either one of\n\t * them are not found, throw an Exception\n\t *\n\t * @param string|array $modules\n\t *\n\t * @throws Exception\n\t */\n\tprivate function requireModules($modules = null)\n\t{\n\t\tif ($modules != null) {\n\t\t\t// no array -> create one\n\t\t\tif (!is_array($modules)) {\n\t\t\t\t$modules = [\n\t\t\t\t\t$modules\n\t\t\t\t];\n\t\t\t}\n\t\t\t// check all the modules\n\t\t\tforeach ($modules as $module) {\n\t\t\t\ttry {\n\t\t\t\t\t$module = __NAMESPACE__ . '\\\\' . $module;\n\t\t\t\t\t// can we use the class?\n\t\t\t\t\tif (class_exists($module)) {\n\t\t\t\t\t\tcontinue;\n\t\t\t\t\t} else {\n\t\t\t\t\t\tthrow new Exception('The required class \"' . $module . '\" could not be found but the module-file exists', 404);\n\t\t\t\t\t}\n\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\t// The autoloader will throw an Exception\n\t\t\t\t\t// that the required class could not be found\n\t\t\t\t\t// but we want a nicer error-message for this here\n\t\t\t\t\tthrow new Exception('The required module \"' . $module . '\" could not be found', 404);\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t}\n\n\t/**\n\t * generate an api-response to list all parameters and the return-value of\n\t * a given module.function-combination\n\t *\n\t * @param string $module\n\t * @param string $function\n\t *\n\t * @return array|bool\n\t * @throws Exception\n\t */\n\tprivate function getParamListFromDoc($module = null, $function = null)\n\t{\n\t\ttry {\n\t\t\t// set the module\n\t\t\t$cls = new ReflectionMethod(__NAMESPACE__ . '\\\\' . $module, $function);\n\t\t\t$comment = $cls->getDocComment();\n\t\t\tif ($comment == false) {\n\t\t\t\treturn [\n\t\t\t\t\t'head' => 'There is no comment-block for \"' . $module . '.' . $function . '\"'\n\t\t\t\t];\n\t\t\t}\n\n\t\t\t$clines = explode(\"\\n\", $comment);\n\t\t\t$result = [];\n\t\t\t$result['params'] = [];\n\t\t\t$param_desc = false;\n\t\t\t$r = [];\n\t\t\tforeach ($clines as $c) {\n\t\t\t\t$c = trim($c);\n\t\t\t\t// check param-section\n\t\t\t\tif (strpos($c, '@param')) {\n\t\t\t\t\tpreg_match('/^\\*\\s\\@param\\s(.+)\\s(\\$\\w+)(\\s.*)?/', $c, $r);\n\t\t\t\t\t// cut $ off the parameter-name as it is not wanted in the api-request\n\t\t\t\t\t$result['params'][] = [\n\t\t\t\t\t\t'parameter' => substr($r[2], 1),\n\t\t\t\t\t\t'type' => $r[1],\n\t\t\t\t\t\t'desc' => (isset($r[3]) ? trim($r['3']) : '')\n\t\t\t\t\t];\n\t\t\t\t\t$param_desc = true;\n\t\t\t\t} elseif (strpos($c, '@access')) {\n\t\t\t\t\t// check access-section\n\t\t\t\t\tpreg_match('/^\\*\\s\\@access\\s(.*)/', $c, $r);\n\t\t\t\t\tif (!isset($r[0]) || empty($r[0])) {\n\t\t\t\t\t\t$r[1] = 'This function has no restrictions';\n\t\t\t\t\t}\n\t\t\t\t\t$result['access'] = [\n\t\t\t\t\t\t'groups' => (isset($r[1]) ? trim($r[1]) : '')\n\t\t\t\t\t];\n\t\t\t\t} elseif (strpos($c, '@return')) {\n\t\t\t\t\t// check return-section\n\t\t\t\t\tpreg_match('/^\\*\\s\\@return\\s(\\w+)(\\s.*)?/', $c, $r);\n\t\t\t\t\tif (!isset($r[0]) || empty($r[0])) {\n\t\t\t\t\t\t$r[1] = 'null';\n\t\t\t\t\t\t$r[2] = 'This function has no return value given';\n\t\t\t\t\t}\n\t\t\t\t\t$result['return'] = [\n\t\t\t\t\t\t'type' => $r[1],\n\t\t\t\t\t\t'desc' => (isset($r[2]) ? trim($r[2]) : '')\n\t\t\t\t\t];\n\t\t\t\t} elseif (!empty($c) && strpos($c, '@throws') === false) {\n\t\t\t\t\t// check throws-section\n\t\t\t\t\tif (substr($c, 0, 3) == \"/**\") {\n\t\t\t\t\t\tcontinue;\n\t\t\t\t\t}\n\t\t\t\t\tif (substr($c, 0, 2) == \"*/\") {\n\t\t\t\t\t\tcontinue;\n\t\t\t\t\t}\n\t\t\t\t\tif (substr($c, 0, 1) == \"*\") {\n\t\t\t\t\t\t$c = trim(substr($c, 1));\n\t\t\t\t\t\tif (empty($c)) {\n\t\t\t\t\t\t\tcontinue;\n\t\t\t\t\t\t}\n\t\t\t\t\t\tif ($param_desc) {\n\t\t\t\t\t\t\t$result['params'][count($result['params']) - 1]['desc'] .= $c;\n\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\tif (!isset($result['head']) || empty($result['head'])) {\n\t\t\t\t\t\t\t\t$result['head'] = $c . \" \";\n\t\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t\t$result['head'] .= $c . \" \";\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t\t$result['head'] = trim($result['head']);\n\t\t\treturn $result;\n\t\t} catch (ReflectionException $e) {\n\t\t\treturn [];\n\t\t}\n\t}\n}\n" }, { "path": "lib/Froxlor/Api/Commands/Ftps.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Api\\Commands;\n\nuse Exception;\nuse Froxlor\\Api\\ApiCommand;\nuse Froxlor\\Api\\ResourceEntity;\nuse Froxlor\\Cron\\TaskId;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\FileDir;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\Idna\\IdnaWrapper;\nuse Froxlor\\Settings;\nuse Froxlor\\System\\Cronjob;\nuse Froxlor\\System\\Crypt;\nuse Froxlor\\UI\\Response;\nuse Froxlor\\User;\nuse Froxlor\\Validate\\Validate;\nuse PDO;\n\n/**\n * @since 0.10.0\n */\nclass Ftps extends ApiCommand implements ResourceEntity\n{\n\n\t/**\n\t * add a new ftp-user\n\t *\n\t * @param string $ftp_password\n\t * password for the created database and database-user\n\t * @param string $path\n\t * destination path relative to the customers-homedir\n\t * @param string $ftp_description\n\t * optional, description for ftp-user\n\t * @param bool $sendinfomail\n\t * optional, send created resource-information to customer, default: false\n\t * @param string $shell\n\t * optional, default /bin/false (not changeable when deactivated)\n\t * @param string $ftp_username\n\t * optional if customer.ftpatdomain is allowed, specify an username\n\t * @param string $ftp_domain\n\t * optional if customer.ftpatdomain is allowed, specify a domain (customer must be owner)\n\t * @param int $customerid\n\t * optional, required when called as admin (if $loginname is not specified)\n\t * @param string $loginname\n\t * optional, required when called as admin (if $customerid is not specified)\n\t * @param array $additional_members\n\t * optional whether to add additional usernames to the group\n\t * @param bool $is_defaultuser\n\t * optional whether this is the standard default ftp user which is being added so no usage is decreased\n\t * @param bool $login_enabled\n\t * optional whether to allow login (default) or not\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function add()\n\t{\n\t\tif ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'ftp')) {\n\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t}\n\n\t\t$is_defaultuser = $this->getBoolParam('is_defaultuser', true, 0);\n\t\t$login_enabled = $this->getBoolParam('login_enabled', true, 1);\n\n\t\tif (($this->getUserDetail('ftps_used') < $this->getUserDetail('ftps') || $this->getUserDetail('ftps') == '-1') || $this->isAdmin() && $is_defaultuser == 1) {\n\t\t\t// required parameters\n\t\t\t$path = $this->getParam('path');\n\t\t\t$password = $this->getParam('ftp_password');\n\n\t\t\t// parameters\n\t\t\t$description = $this->getParam('ftp_description', true, '');\n\t\t\t$sendinfomail = $this->getBoolParam('sendinfomail', true, 0);\n\t\t\t$shell = $this->getParam('shell', true, '/bin/false');\n\n\t\t\t$ftpusername = $this->getParam('ftp_username', true, '');\n\t\t\t$ftpdomain = $this->getParam('ftp_domain', true, '');\n\n\t\t\t$additional_members = $this->getParam('additional_members', true, []);\n\n\t\t\t// validation\n\t\t\t$password = Validate::validate($password, 'password', '', '', [], true);\n\t\t\t$password = Crypt::validatePassword($password, true);\n\t\t\t$description = Validate::validate(trim($description), 'description', Validate::REGEX_DESC_TEXT, '', [], true);\n\n\t\t\t// get needed customer info to reduce the ftp-user-counter by one\n\t\t\tif ($is_defaultuser) {\n\t\t\t\t// no resource check for default user\n\t\t\t\t$customer = $this->getCustomerData();\n\t\t\t} else {\n\t\t\t\t$customer = $this->getCustomerData('ftps');\n\t\t\t}\n\n\t\t\tif (Settings::Get('system.allow_customer_shell') == '1' && $customer['shell_allowed'] == '1') {\n\t\t\t\t$shell = Validate::validate(trim($shell), 'shell', '', '', [], true);\n\t\t\t\t$availableshells = explode(',', Settings::Get('system.available_shells'));\n\t\t\t\tif (!is_array($availableshells) || empty($availableshells) || !in_array($shell, $availableshells)) {\n\t\t\t\t\t$shell = \"/bin/false\";\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\t$shell = \"/bin/false\";\n\t\t\t}\n\n\t\t\tif (Settings::Get('customer.ftpatdomain') == '1') {\n\t\t\t\t$ftpusername = Validate::validate(trim($ftpusername), 'username', '/^[a-zA-Z0-9][a-zA-Z0-9\\-_]+\\$?$/', '', [], true);\n\t\t\t\tif (substr($ftpdomain, 0, 4) != 'xn--') {\n\t\t\t\t\t$idna_convert = new IdnaWrapper();\n\t\t\t\t\t$ftpdomain = $idna_convert->encode(Validate::validate($ftpdomain, 'domain', '', '', [], true));\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t$params = [];\n\n\t\t\tif ($sendinfomail != 1) {\n\t\t\t\t$sendinfomail = 0;\n\t\t\t}\n\n\t\t\tif (Settings::Get('customer.ftpatdomain') == '1' && !$is_defaultuser) {\n\t\t\t\tif ($ftpusername == '') {\n\t\t\t\t\tResponse::standardError([\n\t\t\t\t\t\t'stringisempty',\n\t\t\t\t\t\t'username'\n\t\t\t\t\t], '', true);\n\t\t\t\t}\n\t\t\t\t$ftpdomain_check_stmt = Database::prepare(\"SELECT `id`, `domain`, `customerid` FROM `\" . TABLE_PANEL_DOMAINS . \"`\n\t\t\t\t\t\tWHERE `domain` = :domain\n\t\t\t\t\t\tAND `customerid` = :customerid\");\n\t\t\t\t$ftpdomain_check = Database::pexecute_first($ftpdomain_check_stmt, [\n\t\t\t\t\t\"domain\" => $ftpdomain,\n\t\t\t\t\t\"customerid\" => $customer['customerid']\n\t\t\t\t], true, true);\n\n\t\t\t\tif ($ftpdomain_check && $ftpdomain_check['domain'] != $ftpdomain) {\n\t\t\t\t\tResponse::standardError('maindomainnonexist', $ftpdomain, true);\n\t\t\t\t}\n\t\t\t\t$username = $ftpusername . \"@\" . $ftpdomain;\n\t\t\t} else {\n\t\t\t\tif ($is_defaultuser) {\n\t\t\t\t\t$username = $customer['loginname'];\n\t\t\t\t} else {\n\t\t\t\t\t$username = $customer['loginname'] . Settings::Get('customer.ftpprefix') . (intval($customer['ftp_lastaccountnumber']) + 1);\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t$username_check_stmt = Database::prepare(\"\n\t\t\t\tSELECT * FROM `\" . TABLE_FTP_USERS . \"`\tWHERE `username` = :username\n\t\t\t\");\n\t\t\t$username_check = Database::pexecute_first($username_check_stmt, [\n\t\t\t\t\"username\" => $username\n\t\t\t], true, true);\n\n\t\t\tif (!empty($username_check) && $username_check['username'] = $username) {\n\t\t\t\tResponse::standardError('usernamealreadyexists', $username, true);\n\t\t\t} elseif ($username == $password) {\n\t\t\t\tResponse::standardError('passwordshouldnotbeusername', '', true);\n\t\t\t} else {\n\t\t\t\t$path = FileDir::makeCorrectDir($customer['documentroot'] . '/' . $path, $customer['documentroot']);\n\t\t\t\t$cryptPassword = Crypt::makeCryptPassword($password, false, true);\n\n\t\t\t\t$stmt = Database::prepare(\"INSERT INTO `\" . TABLE_FTP_USERS . \"`\n\t\t\t\t\t\t(`customerid`, `username`, `description`, `password`, `homedir`, `login_enabled`, `uid`, `gid`, `shell`)\n\t\t\t\t\t\tVALUES (:customerid, :username, :description, :password, :homedir, :loginenabled, :guid, :guid, :shell)\");\n\t\t\t\t$params = [\n\t\t\t\t\t\"customerid\" => $customer['customerid'],\n\t\t\t\t\t\"username\" => $username,\n\t\t\t\t\t\"description\" => $description,\n\t\t\t\t\t\"password\" => $cryptPassword,\n\t\t\t\t\t\"homedir\" => $path,\n\t\t\t\t\t\"loginenabled\" => $login_enabled ? 'Y' : 'N',\n\t\t\t\t\t\"guid\" => $customer['guid'],\n\t\t\t\t\t\"shell\" => $shell\n\t\t\t\t];\n\t\t\t\tDatabase::pexecute($stmt, $params, true, true);\n\n\t\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\t\tSELECT `bytes_in_used` FROM `\" . TABLE_FTP_QUOTATALLIES . \"` WHERE `name` = :name\n\t\t\t\t\");\n\t\t\t\tDatabase::pexecute($result_stmt, [\n\t\t\t\t\t\"name\" => $customer['loginname']\n\t\t\t\t], true, true);\n\n\t\t\t\twhile ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t\t$stmt = Database::prepare(\"INSERT INTO `\" . TABLE_FTP_QUOTATALLIES . \"`\n\t\t\t\t\t\t(`name`, `quota_type`, `bytes_in_used`, `bytes_out_used`, `bytes_xfer_used`, `files_in_used`, `files_out_used`, `files_xfer_used`)\n\t\t\t\t\t\tVALUES (:name, 'user', :bytes_in_used, '0', '0', '0', '0', '0')\n\t\t\t\t\t\");\n\t\t\t\t\tDatabase::pexecute($stmt, [\n\t\t\t\t\t\t\"name\" => $username,\n\t\t\t\t\t\t\"bytes_in_used\" => $row['bytes_in_used']\n\t\t\t\t\t], true, true);\n\t\t\t\t}\n\n\t\t\t\t// create quotatallies entry if it not exists, refs #885\n\t\t\t\tif ($result_stmt->rowCount() == 0) {\n\t\t\t\t\t$stmt = Database::prepare(\"INSERT INTO `\" . TABLE_FTP_QUOTATALLIES . \"`\n\t\t\t\t\t\t(`name`, `quota_type`, `bytes_in_used`, `bytes_out_used`, `bytes_xfer_used`, `files_in_used`, `files_out_used`, `files_xfer_used`)\n\t\t\t\t\t\tVALUES (:name, 'user', '0', '0', '0', '0', '0', '0')\n\t\t\t\t\t\");\n\t\t\t\t\tDatabase::pexecute($stmt, [\n\t\t\t\t\t\t\"name\" => $username\n\t\t\t\t\t], true, true);\n\t\t\t\t}\n\n\t\t\t\t$group_upd_stmt = Database::prepare(\"\n\t\t\t\t\tUPDATE `\" . TABLE_FTP_GROUPS . \"`\n\t\t\t\t\tSET `members` = CONCAT_WS(',',`members`, :username)\n\t\t\t\t\tWHERE `customerid`= :customerid AND `gid`= :guid\n\t\t\t\t\");\n\t\t\t\t$params = [\n\t\t\t\t\t\"username\" => $username,\n\t\t\t\t\t\"customerid\" => $customer['customerid'],\n\t\t\t\t\t\"guid\" => $customer['guid']\n\t\t\t\t];\n\n\t\t\t\tif ($is_defaultuser) {\n\t\t\t\t\t// add the new group\n\t\t\t\t\t$group_ins_stmt = Database::prepare(\"\n\t\t\t\t\t\tINSERT INTO `\" . TABLE_FTP_GROUPS . \"`\n\t\t\t\t\t\tSET `customerid`= :customerid, `gid`= :guid, `groupname` = :username, `members` = :username\n\t\t\t\t\t\");\n\t\t\t\t\tDatabase::pexecute($group_ins_stmt, $params, true, true);\n\t\t\t\t} else {\n\t\t\t\t\t// just update\n\t\t\t\t\tDatabase::pexecute($group_upd_stmt, $params, true, true);\n\t\t\t\t}\n\n\t\t\t\tif (count($additional_members) > 0) {\n\t\t\t\t\tforeach ($additional_members as $add_member) {\n\t\t\t\t\t\t$params = [\n\t\t\t\t\t\t\t\"username\" => $add_member,\n\t\t\t\t\t\t\t\"customerid\" => $customer['customerid'],\n\t\t\t\t\t\t\t\"guid\" => $customer['guid']\n\t\t\t\t\t\t];\n\t\t\t\t\t\tDatabase::pexecute($group_upd_stmt, $params, true, true);\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\tif (!$is_defaultuser) {\n\t\t\t\t\t// update customer usage\n\t\t\t\t\tCustomers::increaseUsage($customer['customerid'], 'ftps_used');\n\t\t\t\t\tCustomers::increaseUsage($customer['customerid'], 'ftp_lastaccountnumber');\n\t\t\t\t\tCronjob::inserttask(TaskId::REBUILD_NSSUSERS);\n\t\t\t\t}\n\n\t\t\t\t$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, \"[API] added ftp-account '\" . $username . \" (\" . $path . \")'\");\n\t\t\t\tCronjob::inserttask(TaskId::CREATE_FTP);\n\n\t\t\t\tif ($sendinfomail == 1) {\n\t\t\t\t\t$replace_arr = [\n\t\t\t\t\t\t'SALUTATION' => User::getCorrectUserSalutation($customer),\n\t\t\t\t\t\t'CUST_NAME' => User::getCorrectUserSalutation($customer),\n\t\t\t\t\t\t// < keep this for compatibility\n\t\t\t\t\t\t'NAME' => $customer['name'],\n\t\t\t\t\t\t'FIRSTNAME' => $customer['firstname'],\n\t\t\t\t\t\t'COMPANY' => $customer['company'],\n\t\t\t\t\t\t'USERNAME' => $customer['loginname'],\n\t\t\t\t\t\t'CUSTOMER_NO' => $customer['customernumber'],\n\t\t\t\t\t\t'USR_NAME' => $username,\n\t\t\t\t\t\t'USR_PASS' => htmlentities(htmlentities($password)),\n\t\t\t\t\t\t'USR_PATH' => FileDir::makeCorrectDir(str_replace($customer['documentroot'], \"/\", $path))\n\t\t\t\t\t];\n\t\t\t\t\t// get template for mail subject\n\t\t\t\t\t$mail_subject = $this->getMailTemplate($customer, 'mails', 'new_ftpaccount_by_customer_subject', $replace_arr, lng('mails.new_ftpaccount_by_customer.subject'));\n\t\t\t\t\t// get template for mail body\n\t\t\t\t\t$mail_body = $this->getMailTemplate($customer, 'mails', 'new_ftpaccount_by_customer_mailbody', $replace_arr, lng('mails.new_ftpaccount_by_customer.mailbody'));\n\n\t\t\t\t\t$_mailerror = false;\n\t\t\t\t\t$mailerr_msg = \"\";\n\t\t\t\t\ttry {\n\t\t\t\t\t\t$this->mailer()->Subject = $mail_subject;\n\t\t\t\t\t\t$this->mailer()->AltBody = $mail_body;\n\t\t\t\t\t\t$this->mailer()->Body = str_replace(\"\\n\", \"
\", $mail_body);\n\t\t\t\t\t\t$this->mailer()->addAddress($customer['email'], User::getCorrectUserSalutation($customer));\n\t\t\t\t\t\t$this->mailer()->send();\n\t\t\t\t\t} catch (\\PHPMailer\\PHPMailer\\Exception $e) {\n\t\t\t\t\t\t$mailerr_msg = $e->errorMessage();\n\t\t\t\t\t\t$_mailerror = true;\n\t\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\t\t$mailerr_msg = $e->getMessage();\n\t\t\t\t\t\t$_mailerror = true;\n\t\t\t\t\t}\n\n\t\t\t\t\tif ($_mailerror) {\n\t\t\t\t\t\t$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_ERR, \"[API] Error sending mail: \" . $mailerr_msg);\n\t\t\t\t\t\tResponse::standardError('errorsendingmail', $customer['email'], true);\n\t\t\t\t\t}\n\n\t\t\t\t\t$this->mailer()->clearAddresses();\n\t\t\t\t}\n\t\t\t\t$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, \"[API] added ftp-user '\" . $username . \"'\");\n\n\t\t\t\t$result = $this->apiCall('Ftps.get', [\n\t\t\t\t\t'username' => $username\n\t\t\t\t]);\n\t\t\t\treturn $this->response($result);\n\t\t\t}\n\t\t}\n\t\tthrow new Exception(\"No more resources available\", 406);\n\t}\n\n\t/**\n\t * return a ftp-user entry by either id or username\n\t *\n\t * @param int $id\n\t * optional, the customer-id\n\t * @param string $username\n\t * optional, the username\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function get()\n\t{\n\t\t$id = $this->getParam('id', true, 0);\n\t\t$un_optional = $id > 0;\n\t\t$username = $this->getParam('username', $un_optional, '');\n\n\t\t$params = [];\n\t\tif ($this->isAdmin()) {\n\t\t\tif ($this->getUserDetail('customers_see_all') == false) {\n\t\t\t\t// if it's a reseller or an admin who cannot see all customers, we need to check\n\t\t\t\t// whether the database belongs to one of his customers\n\t\t\t\t$_custom_list_result = $this->apiCall('Customers.listing');\n\t\t\t\t$custom_list_result = $_custom_list_result['list'];\n\t\t\t\t$customer_ids = [];\n\t\t\t\tforeach ($custom_list_result as $customer) {\n\t\t\t\t\t$customer_ids[] = $customer['customerid'];\n\t\t\t\t}\n\t\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\t\tSELECT * FROM `\" . TABLE_FTP_USERS . \"`\n\t\t\t\t\tWHERE `customerid` IN (\" . implode(\", \", $customer_ids) . \")\n\t\t\t\t\tAND (`id` = :idun OR `username` = :idun)\n\t\t\t\t\");\n\t\t\t} else {\n\t\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\t\tSELECT * FROM `\" . TABLE_FTP_USERS . \"`\n\t\t\t\t\tWHERE (`id` = :idun OR `username` = :idun)\n\t\t\t\t\");\n\t\t\t}\n\t\t} else {\n\t\t\tif (Settings::IsInList('panel.customer_hide_options', 'ftp')) {\n\t\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t\t}\n\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\tSELECT * FROM `\" . TABLE_FTP_USERS . \"`\n\t\t\t\tWHERE `customerid` = :customerid\n\t\t\t\tAND (`id` = :idun OR `username` = :idun)\n\t\t\t\");\n\t\t\t$params['customerid'] = $this->getUserDetail('customerid');\n\t\t}\n\t\t$params['idun'] = ($id <= 0 ? $username : $id);\n\t\t$result = Database::pexecute_first($result_stmt, $params, true, true);\n\t\tif ($result) {\n\t\t\t$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO, \"[API] get ftp-user '\" . $result['username'] . \"'\");\n\t\t\treturn $this->response($result);\n\t\t}\n\t\t$key = ($id > 0 ? \"id #\" . $id : \"username '\" . $username . \"'\");\n\t\tthrow new Exception(\"FTP user with \" . $key . \" could not be found\", 404);\n\t}\n\n\t/**\n\t * update a given ftp-user by id or username\n\t *\n\t * @param int $id\n\t * optional, the ftp-user-id\n\t * @param string $username\n\t * optional, the username\n\t * @param string $ftp_password\n\t * optional, update password if specified\n\t * @param string $path\n\t * destination path relative to the customers-homedir\n\t * @param string $ftp_description\n\t * optional, description for ftp-user\n\t * @param string $shell\n\t * optional, default /bin/false (not changeable when deactivated)\n\t * @param bool $login_enabled\n\t * optional whether to allow login (default) or not\n\t * @param int $customerid\n\t * optional, required when called as admin (if $loginname is not specified)\n\t * @param string $loginname\n\t * optional, required when called as admin (if $customerid is not specified)\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function update()\n\t{\n\t\tif ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'ftp')) {\n\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t}\n\n\t\t$id = $this->getParam('id', true, 0);\n\t\t$un_optional = $id > 0;\n\t\t$username = $this->getParam('username', $un_optional, '');\n\n\t\t$result = $this->apiCall('Ftps.get', [\n\t\t\t'id' => $id,\n\t\t\t'username' => $username\n\t\t]);\n\t\t$id = $result['id'];\n\n\t\t// parameters\n\t\t$path = $this->getParam('path', true, '');\n\t\t$password = $this->getParam('ftp_password', true, '');\n\t\t$description = $this->getParam('ftp_description', true, $result['description']);\n\t\t$shell = $this->getParam('shell', true, $result['shell']);\n\t\t$login_enabled = $this->getBoolParam('login_enabled', true, ($result['login_enabled'] == 'Y' ? 1 : 0));\n\n\t\t// validation\n\t\t$password = Validate::validate($password, 'password', '', '', [], true);\n\t\t$description = Validate::validate(trim($description), 'description', Validate::REGEX_DESC_TEXT, '', [], true);\n\n\t\t// get needed customer info to reduce the ftp-user-counter by one\n\t\t$customer = $this->getCustomerData();\n\n\t\tif (Settings::Get('system.allow_customer_shell') == '1' && $customer['shell_allowed'] == '1') {\n\t\t\t$shell = Validate::validate(trim($shell), 'shell', '', '', [], true);\n\t\t\t$availableshells = explode(',', Settings::Get('system.available_shells'));\n\t\t\tif (!is_array($availableshells) || empty($availableshells) || !in_array($shell, $availableshells)) {\n\t\t\t\t$shell = \"/bin/false\";\n\t\t\t}\n\t\t} else {\n\t\t\t$shell = \"/bin/false\";\n\t\t}\n\n\t\tif ($login_enabled != 1) {\n\t\t\t$login_enabled = 0;\n\t\t}\n\n\t\t// password update?\n\t\tif ($password != '') {\n\t\t\t// validate password\n\t\t\t$password = Crypt::validatePassword($password, true);\n\n\t\t\tif ($password == $result['username']) {\n\t\t\t\tResponse::standardError('passwordshouldnotbeusername', '', true);\n\t\t\t}\n\t\t\t$cryptPassword = Crypt::makeCryptPassword($password, false, true);\n\n\t\t\t$stmt = Database::prepare(\"UPDATE `\" . TABLE_FTP_USERS . \"`\n\t\t\t\tSET `password` = :password\n\t\t\t\tWHERE `customerid` = :customerid\n\t\t\t\tAND `id` = :id\n\t\t\t\");\n\t\t\tDatabase::pexecute($stmt, [\n\t\t\t\t\"customerid\" => $customer['customerid'],\n\t\t\t\t\"id\" => $id,\n\t\t\t\t\"password\" => $cryptPassword\n\t\t\t], true, true);\n\t\t\t$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, \"[API] updated ftp-account password for '\" . $result['username'] . \"'\");\n\t\t}\n\n\t\t// path update?\n\t\tif ($path != '') {\n\t\t\t$path = FileDir::makeCorrectDir($customer['documentroot'] . '/' . $path, $customer['documentroot']);\n\n\t\t\tif ($path != $result['homedir']) {\n\t\t\t\t$stmt = Database::prepare(\"UPDATE `\" . TABLE_FTP_USERS . \"`\n\t\t\t\t\tSET `homedir` = :homedir\n\t\t\t\t\tWHERE `customerid` = :customerid\n\t\t\t\t\tAND `id` = :id\n\t\t\t\t\");\n\t\t\t\tDatabase::pexecute($stmt, [\n\t\t\t\t\t\"homedir\" => $path,\n\t\t\t\t\t\"customerid\" => $customer['customerid'],\n\t\t\t\t\t\"id\" => $id\n\t\t\t\t], true, true);\n\t\t\t\t$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, \"[API] updated ftp-account homdir for '\" . $result['username'] . \"'\");\n\t\t\t}\n\t\t}\n\t\t// it's the task for \"new ftp\" but that will\n\t\t// create all directories and correct their permissions\n\t\tCronjob::inserttask(TaskId::CREATE_FTP);\n\t\tCronjob::inserttask(TaskId::REBUILD_NSSUSERS);\n\n\t\t$stmt = Database::prepare(\"\n\t\t\tUPDATE `\" . TABLE_FTP_USERS . \"`\n\t\t\tSET `description` = :desc, `shell` = :shell, `login_enabled` = :loginenabled\n\t\t\tWHERE `customerid` = :customerid\n\t\t\tAND `id` = :id\n\t\t\");\n\t\tDatabase::pexecute($stmt, [\n\t\t\t\"desc\" => $description,\n\t\t\t\"shell\" => $shell,\n\t\t\t\"loginenabled\" => $login_enabled ? 'Y' : 'N',\n\t\t\t\"customerid\" => $customer['customerid'],\n\t\t\t\"id\" => $id\n\t\t], true, true);\n\n\t\t$result = $this->apiCall('Ftps.get', [\n\t\t\t'username' => $result['username']\n\t\t]);\n\t\t$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, \"[API] updated ftp-user '\" . $result['username'] . \"'\");\n\t\treturn $this->response($result);\n\t}\n\n\t/**\n\t * list all ftp-users, if called from an admin, list all ftp-users of all customers you are allowed to view, or\n\t * specify id or loginname for one specific customer\n\t *\n\t * @param int $customerid\n\t * optional, admin-only, select ftp-users of a specific customer by id\n\t * @param string $loginname\n\t * optional, admin-only, select ftp-users of a specific customer by loginname\n\t * @param array $sql_search\n\t * optional array with index = fieldname, and value = array with 'op' => operator (one of <, > or =),\n\t * LIKE is used if left empty and 'value' => searchvalue\n\t * @param int $sql_limit\n\t * optional specify number of results to be returned\n\t * @param int $sql_offset\n\t * optional specify offset for resultset\n\t * @param array $sql_orderby\n\t * optional array with index = fieldname and value = ASC|DESC to order the resultset by one or more\n\t * fields\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded array count|list\n\t * @throws Exception\n\t */\n\tpublic function listing()\n\t{\n\t\t$customer_ids = $this->getAllowedCustomerIds('ftp');\n\t\t$result = [];\n\t\t$query_fields = [];\n\t\t$result_stmt = Database::prepare(\"\n\t\t\tSELECT * FROM `\" . TABLE_FTP_USERS . \"`\n\t\t\tWHERE `customerid` IN (\" . implode(\", \", $customer_ids) . \")\" . $this->getSearchWhere($query_fields, true) . $this->getOrderBy() . $this->getLimit());\n\t\tDatabase::pexecute($result_stmt, $query_fields, true, true);\n\t\twhile ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t$result[] = $row;\n\t\t}\n\t\t$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO, \"[API] list ftp-users\");\n\t\treturn $this->response([\n\t\t\t'count' => count($result),\n\t\t\t'list' => $result\n\t\t]);\n\t}\n\n\t/**\n\t * returns the total number of accessible ftp accounts\n\t *\n\t * @param int $customerid\n\t * optional, admin-only, select ftp-users of a specific customer by id\n\t * @param string $loginname\n\t * optional, admin-only, select ftp-users of a specific customer by loginname\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded response message\n\t * @throws Exception\n\t */\n\tpublic function listingCount()\n\t{\n\t\t$customer_ids = $this->getAllowedCustomerIds('ftp');\n\t\t$result = [];\n\t\t$query_fields = [];\n\t\t$result_stmt = Database::prepare(\"\n\t\t\tSELECT COUNT(*) as num_ftps FROM `\" . TABLE_FTP_USERS . \"`\n\t\t\tWHERE `customerid` IN (\" . implode(\", \", $customer_ids) . \")\n\t\t\" . $this->getSearchWhere($query_fields, true));\n\t\t$result = Database::pexecute_first($result_stmt, $query_fields, true, true);\n\t\tif ($result) {\n\t\t\treturn $this->response($result['num_ftps']);\n\t\t}\n\t\treturn $this->response(0);\n\t}\n\n\t/**\n\t * delete a ftp-user by either id or username\n\t *\n\t * @param int $id\n\t * optional, the ftp-user-id\n\t * @param string $username\n\t * optional, the username\n\t * @param bool $delete_userfiles\n\t * optional, default false\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function delete()\n\t{\n\t\t$id = $this->getParam('id', true, 0);\n\t\t$un_optional = $id > 0;\n\t\t$username = $this->getParam('username', $un_optional, '');\n\t\t$delete_userfiles = $this->getBoolParam('delete_userfiles', true, 0);\n\n\t\tif ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'ftp')) {\n\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t}\n\n\t\t// get ftp-user\n\t\t$result = $this->apiCall('Ftps.get', [\n\t\t\t'id' => $id,\n\t\t\t'username' => $username\n\t\t]);\n\t\t$id = $result['id'];\n\n\t\tif ($this->isAdmin()) {\n\t\t\t// get customer-data\n\t\t\t$customer_data = $this->apiCall('Customers.get', [\n\t\t\t\t'id' => $result['customerid']\n\t\t\t]);\n\t\t} else {\n\t\t\t$customer_data = $this->getUserData();\n\t\t}\n\n\t\t// add usage of this ftp-user to main-ftp user of customer if different\n\t\tif ($result['username'] != $customer_data['loginname']) {\n\t\t\t$stmt = Database::prepare(\"UPDATE `\" . TABLE_FTP_USERS . \"`\n\t\t\t\tSET `up_count` = `up_count` + :up_count,\n\t\t\t\t`up_bytes` = `up_bytes` + :up_bytes,\n\t\t\t\t`down_count` = `down_count` + :down_count,\n\t\t\t\t`down_bytes` = `down_bytes` + :down_bytes\n\t\t\t\tWHERE `username` = :username\n\t\t\t\");\n\t\t\t$params = [\n\t\t\t\t\"up_count\" => $result['up_count'],\n\t\t\t\t\"up_bytes\" => $result['up_bytes'],\n\t\t\t\t\"down_count\" => $result['down_count'],\n\t\t\t\t\"down_bytes\" => $result['down_bytes'],\n\t\t\t\t\"username\" => $customer_data['loginname']\n\t\t\t];\n\t\t\tDatabase::pexecute($stmt, $params, true, true);\n\t\t} else {\n\t\t\t// do not allow removing default ftp-account\n\t\t\tResponse::standardError('ftp_cantdeletemainaccount', '', true);\n\t\t}\n\n\t\t// remove all quotatallies\n\t\t$stmt = Database::prepare(\"DELETE FROM `\" . TABLE_FTP_QUOTATALLIES . \"` WHERE `name` = :name\");\n\t\tDatabase::pexecute($stmt, [\n\t\t\t\"name\" => $result['username']\n\t\t], true, true);\n\n\t\t// remove user itself\n\t\t$stmt = Database::prepare(\"\n\t\t\tDELETE FROM `\" . TABLE_FTP_USERS . \"` WHERE `customerid` = :customerid AND `id` = :id\n\t\t\");\n\t\tDatabase::pexecute($stmt, [\n\t\t\t\"customerid\" => $customer_data['customerid'],\n\t\t\t\"id\" => $id\n\t\t], true, true);\n\n\t\t// update ftp-groups\n\t\t$stmt = Database::prepare(\"\n\t\t\tUPDATE `\" . TABLE_FTP_GROUPS . \"` SET\n\t\t\t`members` = REPLACE(`members`, :username,'')\n\t\t\tWHERE `customerid` = :customerid\n\t\t\");\n\t\tDatabase::pexecute($stmt, [\n\t\t\t\"username\" => \",\" . $result['username'],\n\t\t\t\"customerid\" => $customer_data['customerid']\n\t\t], true, true);\n\n\t\t// refs #293\n\t\tif ($delete_userfiles == 1) {\n\t\t\tCronjob::inserttask(TaskId::DELETE_FTP_DATA, $customer_data['loginname'], $result['homedir']);\n\t\t} else {\n\t\t\tif (Settings::Get('system.nssextrausers') == 1) {\n\t\t\t\t// this is used so that the libnss-extrausers cron is fired\n\t\t\t\tCronjob::inserttask(TaskId::CREATE_FTP);\n\t\t\t}\n\t\t}\n\t\tCronjob::inserttask(TaskId::REBUILD_NSSUSERS);\n\n\t\t// decrease ftp-user usage for customer\n\t\t$resetaccnumber = ($customer_data['ftps_used'] == '1') ? \" , `ftp_lastaccountnumber`='0'\" : '';\n\t\tCustomers::decreaseUsage($customer_data['customerid'], 'ftps_used', $resetaccnumber);\n\n\t\t$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_WARNING, \"[API] deleted ftp-user '\" . $result['username'] . \"'\");\n\t\treturn $this->response($result);\n\t}\n}\n" }, { "path": "lib/Froxlor/Api/Commands/HostingPlans.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Api\\Commands;\n\nuse Exception;\nuse Froxlor\\Api\\ApiCommand;\nuse Froxlor\\Api\\ResourceEntity;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\Settings;\nuse Froxlor\\Validate\\Validate;\nuse PDO;\n\n/**\n * @since 0.10.0\n */\nclass HostingPlans extends ApiCommand implements ResourceEntity\n{\n\n\t/**\n\t * list all available hosting plans\n\t *\n\t * @param array $sql_search\n\t * optional array with index = fieldname, and value = array with 'op' => operator (one of <, > or =),\n\t * LIKE is used if left empty and 'value' => searchvalue\n\t * @param int $sql_limit\n\t * optional specify number of results to be returned\n\t * @param int $sql_offset\n\t * optional specify offset for resultset\n\t * @param array $sql_orderby\n\t * optional array with index = fieldname and value = ASC|DESC to order the resultset by one or more\n\t * fields\n\t *\n\t * @access admin\n\t * @return string json-encoded array count|list\n\t * @throws Exception\n\t */\n\tpublic function listing()\n\t{\n\t\tif ($this->isAdmin()) {\n\t\t\t$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, \"[API] list hosting-plans\");\n\t\t\t$query_fields = [];\n\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\tSELECT p.*, a.loginname as adminname\n\t\t\t\tFROM `\" . TABLE_PANEL_PLANS . \"` p, `\" . TABLE_PANEL_ADMINS . \"` a\n\t\t\t\tWHERE `p`.`adminid` = `a`.`adminid`\" . ($this->getUserDetail('customers_see_all') ? '' : \" AND `p`.`adminid` = :adminid \") . $this->getSearchWhere($query_fields, true) . $this->getOrderBy() . $this->getLimit());\n\t\t\t$params = [];\n\t\t\tif ($this->getUserDetail('customers_see_all') == '0') {\n\t\t\t\t$params['adminid'] = $this->getUserDetail('adminid');\n\t\t\t}\n\t\t\t$params = array_merge($params, $query_fields);\n\t\t\tDatabase::pexecute($result_stmt, $params, true, true);\n\t\t\t$result = [];\n\t\t\twhile ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t$result[] = $row;\n\t\t\t}\n\t\t\treturn $this->response([\n\t\t\t\t'count' => count($result),\n\t\t\t\t'list' => $result\n\t\t\t]);\n\t\t}\n\t\tthrow new Exception(\"Not allowed to execute given command.\", 403);\n\t}\n\n\t/**\n\t * returns the total number of accessible hosting plans\n\t *\n\t * @access admin\n\t * @return string json-encoded response message\n\t * @throws Exception\n\t */\n\tpublic function listingCount()\n\t{\n\t\tif ($this->isAdmin()) {\n\t\t\t$query_fields = [];\n\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\tSELECT COUNT(*) as num_plans\n\t\t\t\tFROM `\" . TABLE_PANEL_PLANS . \"` p, `\" . TABLE_PANEL_ADMINS . \"` a\n\t\t\t\tWHERE `p`.`adminid` = `a`.`adminid`\" . ($this->getUserDetail('customers_see_all') ? '' : \" AND `p`.`adminid` = :adminid \") . $this->getSearchWhere($query_fields, true));\n\t\t\t$params = [];\n\t\t\tif ($this->getUserDetail('customers_see_all') == '0') {\n\t\t\t\t$params['adminid'] = $this->getUserDetail('adminid');\n\t\t\t}\n\t\t\t$params = array_merge($params, $query_fields);\n\t\t\t$result = Database::pexecute_first($result_stmt, $params, true, true);\n\t\t\tif ($result) {\n\t\t\t\treturn $this->response($result['num_plans']);\n\t\t\t}\n\t\t\treturn $this->response(0);\n\t\t}\n\t\tthrow new Exception(\"Not allowed to execute given command.\", 403);\n\t}\n\n\t/**\n\t * add new hosting-plan\n\t *\n\t * @param string $name\n\t * name of the plan\n\t * @param string $description\n\t * optional, description for hosting-plan\n\t * @param int $diskspace\n\t * optional disk-space available for customer in MB, default 0\n\t * @param bool $diskspace_ul\n\t * optional, whether customer should have unlimited diskspace, default 0 (false)\n\t * @param int $traffic\n\t * optional traffic available for customer in GB, default 0\n\t * @param bool $traffic_ul\n\t * optional, whether customer should have unlimited traffic, default 0 (false)\n\t * @param int $subdomains\n\t * optional amount of subdomains available for customer, default 0\n\t * @param bool $subdomains_ul\n\t * optional, whether customer should have unlimited subdomains, default 0 (false)\n\t * @param int $emails\n\t * optional amount of emails available for customer, default 0\n\t * @param bool $emails_ul\n\t * optional, whether customer should have unlimited emails, default 0 (false)\n\t * @param int $email_accounts\n\t * optional amount of email-accounts available for customer, default 0\n\t * @param bool $email_accounts_ul\n\t * optional, whether customer should have unlimited email-accounts, default 0 (false)\n\t * @param int $email_forwarders\n\t * optional amount of email-forwarders available for customer, default 0\n\t * @param bool $email_forwarders_ul\n\t * optional, whether customer should have unlimited email-forwarders, default 0 (false)\n\t * @param int $email_quota\n\t * optional size of email-quota available for customer in MB, default is system-setting mail_quota\n\t * @param bool $email_quota_ul\n\t * optional, whether customer should have unlimited email-quota, default 0 (false)\n\t * @param bool $email_imap\n\t * optional, whether to allow IMAP access, default 0 (false)\n\t * @param bool $email_pop3\n\t * optional, whether to allow POP3 access, default 0 (false)\n\t * @param int $ftps\n\t * optional amount of ftp-accounts available for customer, default 0\n\t * @param bool $ftps_ul\n\t * optional, whether customer should have unlimited ftp-accounts, default 0 (false)\n\t * @param int $mysqls\n\t * optional amount of mysql-databases available for customer, default 0\n\t * @param bool $mysqls_ul\n\t * optional, whether customer should have unlimited mysql-databases, default 0 (false)\n\t * @param bool $phpenabled\n\t * optional, whether to allow usage of PHP, default 0 (false)\n\t * @param array $allowed_phpconfigs\n\t * optional, array of IDs of php-config that the customer is allowed to use, default empty (none)\n\t * @param bool $perlenabled\n\t * optional, whether to allow usage of Perl/CGI, default 0 (false)\n\t * @param bool $dnsenabled\n\t * optional, whether to allow usage of the DNS editor (requires activated nameserver in settings),\n\t * default 0 (false)\n\t * @param bool $logviewenabled\n\t * optional, whether to allow access to webserver access/error-logs, default 0 (false)\n\t *\n\t * @access admin\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function add()\n\t{\n\t\tif ($this->isAdmin()) {\n\t\t\t$name = $this->getParam('name');\n\t\t\t$description = $this->getParam('description', true, '');\n\n\t\t\t$value_arr = [];\n\t\t\t$value_arr['diskspace'] = $this->getUlParam('diskspace', 'diskspace_ul', true, 0);\n\t\t\t$value_arr['traffic'] = $this->getUlParam('traffic', 'traffic_ul', true, 0);\n\t\t\t$value_arr['subdomains'] = $this->getUlParam('subdomains', 'subdomains_ul', true, 0);\n\t\t\t$value_arr['emails'] = $this->getUlParam('emails', 'emails_ul', true, 0);\n\t\t\t$value_arr['email_accounts'] = $this->getUlParam('email_accounts', 'email_accounts_ul', true, 0);\n\t\t\t$value_arr['email_forwarders'] = $this->getUlParam('email_forwarders', 'email_forwarders_ul', true, 0);\n\t\t\t$value_arr['email_quota'] = $this->getUlParam('email_quota', 'email_quota_ul', true, Settings::Get('system.mail_quota'));\n\t\t\t$value_arr['email_imap'] = $this->getBoolParam('email_imap', true, 0);\n\t\t\t$value_arr['email_pop3'] = $this->getBoolParam('email_pop3', true, 0);\n\t\t\t$value_arr['ftps'] = $this->getUlParam('ftps', 'ftps_ul', true, 0);\n\t\t\t$value_arr['mysqls'] = $this->getUlParam('mysqls', 'mysqls_ul', true, 0);\n\t\t\t$value_arr['phpenabled'] = $this->getBoolParam('phpenabled', true, 0);\n\t\t\t$p_allowed_phpconfigs = $this->getParam('allowed_phpconfigs', true, []);\n\t\t\t$value_arr['perlenabled'] = $this->getBoolParam('perlenabled', true, 0);\n\t\t\t$value_arr['dnsenabled'] = $this->getBoolParam('dnsenabled', true, 0);\n\t\t\t$value_arr['logviewenabled'] = $this->getBoolParam('logviewenabled', true, 0);\n\n\t\t\t// validation\n\t\t\t$name = Validate::validate(trim($name), 'name', Validate::REGEX_DESC_TEXT, '', [], true);\n\t\t\t$description = Validate::validate(str_replace(\"\\r\\n\", \"\\n\", $description), 'description', Validate::REGEX_DESC_TEXT);\n\n\t\t\tif (Settings::Get('system.mail_quota_enabled') != '1') {\n\t\t\t\t$value_arr['email_quota'] = -1;\n\t\t\t}\n\n\t\t\t$value_arr['allowed_phpconfigs'] = [];\n\t\t\tif (!empty($p_allowed_phpconfigs) && is_array($p_allowed_phpconfigs)) {\n\t\t\t\tforeach ($p_allowed_phpconfigs as $allowed_phpconfig) {\n\t\t\t\t\t$allowed_phpconfig = intval($allowed_phpconfig);\n\t\t\t\t\t$value_arr['allowed_phpconfigs'][] = $allowed_phpconfig;\n\t\t\t\t}\n\t\t\t}\n\t\t\t$value_arr['allowed_phpconfigs'] = array_map('intval', $value_arr['allowed_phpconfigs']);\n\n\t\t\t$ins_stmt = Database::prepare(\"\n\t\t\t\tINSERT INTO `\" . TABLE_PANEL_PLANS . \"`\n\t\t\t\tSET `adminid` = :adminid, `name` = :name, `description` = :desc, `value` = :valuearr, `ts` = UNIX_TIMESTAMP();\n\t\t\t\");\n\t\t\t$ins_data = [\n\t\t\t\t'adminid' => $this->getUserDetail('adminid'),\n\t\t\t\t'name' => $name,\n\t\t\t\t'desc' => $description,\n\t\t\t\t'valuearr' => json_encode($value_arr)\n\t\t\t];\n\t\t\tDatabase::pexecute($ins_stmt, $ins_data, true, true);\n\t\t\t$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, \"[API] added hosting-plan '\" . $name . \"'\");\n\t\t\t$result = $this->apiCall('HostingPlans.get', [\n\t\t\t\t'planname' => $name\n\t\t\t]);\n\t\t\treturn $this->response($result);\n\t\t}\n\t\tthrow new Exception(\"Not allowed to execute given command.\", 403);\n\t}\n\n\t/**\n\t * return a hosting-plan entry by either id or plan-name\n\t *\n\t * @param int $id\n\t * optional, the hosting-plan-id\n\t * @param string $planname\n\t * optional, the hosting-plan-name\n\t *\n\t * @access admin\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function get()\n\t{\n\t\tif ($this->isAdmin()) {\n\t\t\t$id = $this->getParam('id', true, 0);\n\t\t\t$dn_optional = $id > 0;\n\t\t\t$planname = $this->getParam('planname', $dn_optional, '');\n\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\tSELECT * FROM `\" . TABLE_PANEL_PLANS . \"` WHERE \" . ($id > 0 ? \"`id` = :iddn\" : \"`name` = :iddn\") . ($this->getUserDetail('customers_see_all') ? '' : \" AND `adminid` = :adminid\"));\n\t\t\t$params = [\n\t\t\t\t'iddn' => ($id <= 0 ? $planname : $id)\n\t\t\t];\n\t\t\tif ($this->getUserDetail('customers_see_all') == '0') {\n\t\t\t\t$params['adminid'] = $this->getUserDetail('adminid');\n\t\t\t}\n\t\t\t$result = Database::pexecute_first($result_stmt, $params, true, true);\n\t\t\tif ($result) {\n\t\t\t\t$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, \"[API] get hosting-plan '\" . $result['name'] . \"'\");\n\t\t\t\treturn $this->response($result);\n\t\t\t}\n\t\t\t$key = ($id > 0 ? \"id #\" . $id : \"planname '\" . $planname . \"'\");\n\t\t\tthrow new Exception(\"Hosting-plan with \" . $key . \" could not be found\", 404);\n\t\t}\n\t\tthrow new Exception(\"Not allowed to execute given command.\", 403);\n\t}\n\n\t/**\n\t * update hosting-plan by either id or plan-name\n\t *\n\t * @param int $id\n\t * optional the hosting-plan-id\n\t * @param string $planname\n\t * optional the hosting-plan-name\n\t * @param string $name\n\t * optional name of the plan\n\t * @param string $description\n\t * optional description for hosting-plan\n\t * @param int $diskspace\n\t * optional disk-space available for customer in MB, default 0\n\t * @param bool $diskspace_ul\n\t * optional, whether customer should have unlimited diskspace, default 0 (false)\n\t * @param int $traffic\n\t * optional traffic available for customer in GB, default 0\n\t * @param bool $traffic_ul\n\t * optional, whether customer should have unlimited traffic, default 0 (false)\n\t * @param int $subdomains\n\t * optional amount of subdomains available for customer, default 0\n\t * @param bool $subdomains_ul\n\t * optional, whether customer should have unlimited subdomains, default 0 (false)\n\t * @param int $emails\n\t * optional amount of emails available for customer, default 0\n\t * @param bool $emails_ul\n\t * optional, whether customer should have unlimited emails, default 0 (false)\n\t * @param int $email_accounts\n\t * optional amount of email-accounts available for customer, default 0\n\t * @param bool $email_accounts_ul\n\t * optional, whether customer should have unlimited email-accounts, default 0 (false)\n\t * @param int $email_forwarders\n\t * optional amount of email-forwarders available for customer, default 0\n\t * @param bool $email_forwarders_ul\n\t * optional, whether customer should have unlimited email-forwarders, default 0 (false)\n\t * @param int $email_quota\n\t * optional size of email-quota available for customer in MB, default is system-setting mail_quota\n\t * @param bool $email_quota_ul\n\t * optional, whether customer should have unlimited email-quota, default 0 (false)\n\t * @param bool $email_imap\n\t * optional, whether to allow IMAP access, default 0 (false)\n\t * @param bool $email_pop3\n\t * optional, whether to allow POP3 access, default 0 (false)\n\t * @param int $ftps\n\t * optional amount of ftp-accounts available for customer, default 0\n\t * @param bool $ftps_ul\n\t * optional, whether customer should have unlimited ftp-accounts, default 0 (false)\n\t * @param int $mysqls\n\t * optional amount of mysql-databases available for customer, default 0\n\t * @param bool $mysqls_ul\n\t * optional, whether customer should have unlimited mysql-databases, default 0 (false)\n\t * @param bool $phpenabled\n\t * optional, whether to allow usage of PHP, default 0 (false)\n\t * @param array $allowed_phpconfigs\n\t * optional, array of IDs of php-config that the customer is allowed to use, default empty (none)\n\t * @param bool $perlenabled\n\t * optional, whether to allow usage of Perl/CGI, default 0 (false)\n\t * @param bool $dnsenabled\n\t * optional, either to allow usage of the DNS editor (requires activated nameserver in settings),\n\t * default 0 (false)\n\t * @param bool $logviewenabled\n\t * optional, either to allow access to webserver access/error-logs, default 0 (false)\n\t *\n\t * @access admin\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function update()\n\t{\n\t\tif ($this->isAdmin()) {\n\t\t\t// parameters\n\t\t\t$id = $this->getParam('id', true, 0);\n\t\t\t$dn_optional = $id > 0;\n\t\t\t$planname = $this->getParam('planname', $dn_optional, '');\n\n\t\t\t// get requested hosting-plan\n\t\t\t$result = $this->apiCall('HostingPlans.get', [\n\t\t\t\t'id' => $id,\n\t\t\t\t'planname' => $planname\n\t\t\t]);\n\t\t\t$id = $result['id'];\n\n\t\t\t$result['value'] = json_decode($result['value'], true);\n\t\t\tforeach ($result['value'] as $index => $value) {\n\t\t\t\t$result[$index] = $value;\n\t\t\t}\n\n\t\t\t$name = $this->getParam('name', true, $result['name']);\n\t\t\t$description = $this->getParam('description', true, $result['description']);\n\n\t\t\t$value_arr = [];\n\t\t\t$value_arr['diskspace'] = $this->getUlParam('diskspace', 'diskspace_ul', true, $result['diskspace']);\n\t\t\t$value_arr['traffic'] = $this->getUlParam('traffic', 'traffic_ul', true, $result['traffic']);\n\t\t\t$value_arr['subdomains'] = $this->getUlParam('subdomains', 'subdomains_ul', true, $result['subdomains']);\n\t\t\t$value_arr['emails'] = $this->getUlParam('emails', 'emails_ul', true, $result['emails']);\n\t\t\t$value_arr['email_accounts'] = $this->getUlParam('email_accounts', 'email_accounts_ul', true, $result['email_accounts']);\n\t\t\t$value_arr['email_forwarders'] = $this->getUlParam('email_forwarders', 'email_forwarders_ul', true, $result['email_forwarders']);\n\t\t\t$value_arr['email_quota'] = $this->getUlParam('email_quota', 'email_quota_ul', true, $result['email_quota']);\n\t\t\t$value_arr['email_imap'] = $this->getParam('email_imap', true, $result['email_imap']);\n\t\t\t$value_arr['email_pop3'] = $this->getParam('email_pop3', true, $result['email_pop3']);\n\t\t\t$value_arr['ftps'] = $this->getUlParam('ftps', 'ftps_ul', true, $result['ftps']);\n\t\t\t$value_arr['mysqls'] = $this->getUlParam('mysqls', 'mysqls_ul', true, $result['mysqls']);\n\t\t\t$value_arr['phpenabled'] = $this->getBoolParam('phpenabled', true, $result['phpenabled']);\n\t\t\t$p_allowed_phpconfigs = $this->getParam('allowed_phpconfigs', true, $result['allowed_phpconfigs']);\n\t\t\t$value_arr['perlenabled'] = $this->getBoolParam('perlenabled', true, $result['perlenabled']);\n\t\t\t$value_arr['dnsenabled'] = $this->getBoolParam('dnsenabled', true, $result['dnsenabled']);\n\t\t\t$value_arr['logviewenabled'] = $this->getBoolParam('logviewenabled', true, $result['logviewenabled']);\n\n\t\t\t// validation\n\t\t\t$name = Validate::validate(trim($name), 'name', Validate::REGEX_DESC_TEXT, '', [], true);\n\t\t\t$description = Validate::validate(str_replace(\"\\r\\n\", \"\\n\", $description), 'description', Validate::REGEX_DESC_TEXT);\n\n\t\t\tif (Settings::Get('system.mail_quota_enabled') != '1') {\n\t\t\t\t$value_arr['email_quota'] = -1;\n\t\t\t}\n\n\t\t\tif (empty($name)) {\n\t\t\t\t$name = $result['name'];\n\t\t\t}\n\n\t\t\t$value_arr['allowed_phpconfigs'] = [];\n\t\t\tif (!empty($p_allowed_phpconfigs) && is_array($p_allowed_phpconfigs)) {\n\t\t\t\tforeach ($p_allowed_phpconfigs as $allowed_phpconfig) {\n\t\t\t\t\t$allowed_phpconfig = intval($allowed_phpconfig);\n\t\t\t\t\t$value_arr['allowed_phpconfigs'][] = $allowed_phpconfig;\n\t\t\t\t}\n\t\t\t}\n\t\t\t$value_arr['allowed_phpconfigs'] = array_map('intval', $value_arr['allowed_phpconfigs']);\n\n\t\t\t$upd_stmt = Database::prepare(\"\n\t\t\t\tUPDATE `\" . TABLE_PANEL_PLANS . \"`\n\t\t\t\tSET `name` = :name, `description` = :desc, `value` = :valuearr, `ts` = UNIX_TIMESTAMP()\n\t\t\t\tWHERE `id` = :id\n\t\t\t\");\n\t\t\t$update_data = [\n\t\t\t\t'name' => $name,\n\t\t\t\t'desc' => $description,\n\t\t\t\t'valuearr' => json_encode($value_arr),\n\t\t\t\t'id' => $id\n\t\t\t];\n\t\t\tDatabase::pexecute($upd_stmt, $update_data, true, true);\n\t\t\t$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, \"[API] updated hosting-plan '\" . $result['name'] . \"'\");\n\t\t\treturn $this->response($update_data);\n\t\t}\n\t\tthrow new Exception(\"Not allowed to execute given command.\", 403);\n\t}\n\n\t/**\n\t * delete hosting-plan by either id or plan-name\n\t *\n\t * @param int $id\n\t * optional the hosting-plan-id\n\t * @param string $planname\n\t * optional the hosting-plan-name\n\t *\n\t * @access admin\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function delete()\n\t{\n\t\tif ($this->isAdmin()) {\n\t\t\t$id = $this->getParam('id', true, 0);\n\t\t\t$dn_optional = $id > 0;\n\t\t\t$planname = $this->getParam('planname', $dn_optional, '');\n\n\t\t\t// get requested hosting-plan\n\t\t\t$result = $this->apiCall('HostingPlans.get', [\n\t\t\t\t'id' => $id,\n\t\t\t\t'planname' => $planname\n\t\t\t]);\n\t\t\t$id = $result['id'];\n\n\t\t\t$del_stmt = Database::prepare(\"\n\t\t\t\tDELETE FROM `\" . TABLE_PANEL_PLANS . \"` WHERE `id` = :id\n\t\t\t\");\n\t\t\tDatabase::pexecute($del_stmt, [\n\t\t\t\t'id' => $id\n\t\t\t], true, true);\n\t\t\t$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_WARNING, \"[API] deleted hosting-plan '\" . $result['name'] . \"'\");\n\t\t\treturn $this->response($result);\n\t\t}\n\t\tthrow new Exception(\"Not allowed to execute given command.\", 403);\n\t}\n}\n" }, { "path": "lib/Froxlor/Api/Commands/IpsAndPorts.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Api\\Commands;\n\nuse Exception;\nuse Froxlor\\Api\\ApiCommand;\nuse Froxlor\\Api\\ResourceEntity;\nuse Froxlor\\Cron\\TaskId;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\FileDir;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\Settings;\nuse Froxlor\\System\\Cronjob;\nuse Froxlor\\UI\\Response;\nuse Froxlor\\Validate\\Validate;\nuse PDO;\n\n/**\n * @since 0.10.0\n */\nclass IpsAndPorts extends ApiCommand implements ResourceEntity\n{\n\n\t/**\n\t * lists all ip/port entries\n\t *\n\t * @param array $sql_search\n\t * optional array with index = fieldname, and value = array with 'op' => operator (one of <, > or =),\n\t * LIKE is used if left empty and 'value' => searchvalue\n\t * @param int $sql_limit\n\t * optional specify number of results to be returned\n\t * @param int $sql_offset\n\t * optional specify offset for resultset\n\t * @param array $sql_orderby\n\t * optional array with index = fieldname and value = ASC|DESC to order the resultset by one or more\n\t * fields\n\t *\n\t * @access admin\n\t * @return string json-encoded array count|list\n\t * @throws Exception\n\t */\n\tpublic function listing()\n\t{\n\t\tif ($this->isAdmin() && ($this->getUserDetail('change_serversettings') || !empty($this->getUserDetail('ip')))) {\n\t\t\t$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, \"[API] list ips and ports\");\n\t\t\t$ip_where = \"\";\n\t\t\t$append_where = false;\n\t\t\tif (!empty($this->getUserDetail('ip')) && $this->getUserDetail('ip') != -1) {\n\t\t\t\t$ip_where = \"WHERE `id` IN (\" . implode(\", \", json_decode($this->getUserDetail('ip'), true)) . \")\";\n\t\t\t\t$append_where = true;\n\t\t\t}\n\t\t\t$query_fields = [];\n\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\tSELECT * FROM `\" . TABLE_PANEL_IPSANDPORTS . \"` \" . $ip_where . $this->getSearchWhere($query_fields, $append_where) . $this->getOrderBy() . $this->getLimit());\n\t\t\tDatabase::pexecute($result_stmt, $query_fields, true, true);\n\t\t\t$result = [];\n\t\t\twhile ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t$result[] = $row;\n\t\t\t}\n\t\t\treturn $this->response([\n\t\t\t\t'count' => count($result),\n\t\t\t\t'list' => $result\n\t\t\t]);\n\t\t}\n\t\tthrow new Exception(\"Not allowed to execute given command.\", 403);\n\t}\n\n\t/**\n\t * returns the total number of accessible ip/port entries\n\t *\n\t * @access admin\n\t * @return string json-encoded response message\n\t * @throws Exception\n\t */\n\tpublic function listingCount()\n\t{\n\t\tif ($this->isAdmin() && ($this->getUserDetail('change_serversettings') || !empty($this->getUserDetail('ip')))) {\n\t\t\t$ip_where = \"\";\n\t\t\t$query_fields = [];\n\t\t\tif (!empty($this->getUserDetail('ip')) && $this->getUserDetail('ip') != -1) {\n\t\t\t\t$ip_where = \"WHERE `id` IN (\" . implode(\", \", json_decode($this->getUserDetail('ip'), true)) . \") \" . $this->getSearchWhere($query_fields, true);\n\t\t\t} else {\n\t\t\t\t$ip_where = $this->getSearchWhere($query_fields);\n\t\t\t}\n\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\tSELECT COUNT(*) as num_ips FROM `\" . TABLE_PANEL_IPSANDPORTS . \"` \" . $ip_where);\n\t\t\t$result = Database::pexecute_first($result_stmt, $query_fields, true, true);\n\t\t\tif ($result) {\n\t\t\t\treturn $this->response($result['num_ips']);\n\t\t\t}\n\t\t\treturn $this->response(0);\n\t\t}\n\t\tthrow new Exception(\"Not allowed to execute given command.\", 403);\n\t}\n\n\t/**\n\t * create a new ip/port entry\n\t *\n\t * @param string $ip\n\t * @param int $port\n\t * optional, default 80\n\t * @param bool $listen_statement\n\t * optional, default 0 (false)\n\t * @param bool $namevirtualhost_statement\n\t * optional, default 0 (false)\n\t * @param bool $vhostcontainer\n\t * optional, default 0 (false)\n\t * @param string $specialsettings\n\t * optional, default empty\n\t * @param bool $vhostcontainer_servername_statement\n\t * optional, default 0 (false)\n\t * @param string $default_vhostconf_domain\n\t * optional, defatul empty\n\t * @param string $docroot\n\t * optional, default empty (point to froxlor)\n\t * @param bool $ssl\n\t * optional, default 0 (false)\n\t * @param string $ssl_cert_file\n\t * optional, requires $ssl = 1, default empty\n\t * @param string $ssl_key_file\n\t * optional, requires $ssl = 1, default empty\n\t * @param string $ssl_ca_file\n\t * optional, requires $ssl = 1, default empty\n\t * @param string $ssl_cert_chainfile\n\t * optional, requires $ssl = 1, default empty\n\t * @param string $ssl_specialsettings\n\t * optional, requires $ssl = 1, default empty\n\t * @param bool $include_specialsettings\n\t * optional, requires $ssl = 1, whether or not to include non-ssl specialsettings, default false\n\t * @param string $ssl_default_vhostconf_domain\n\t * optional, requires $ssl = 1, defatul empty\n\t * @param bool $include_default_vhostconf_domain\n\t * optional, requires $ssl = 1, whether or not to include non-ssl default_vhostconf_domain, default false\n\t *\n\t * @access admin\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function add()\n\t{\n\t\tif ($this->isAdmin() && $this->getUserDetail('change_serversettings')) {\n\t\t\t$ip = Validate::validate_ip2($this->getParam('ip'), false, 'invalidip', false, true, false, false, true);\n\t\t\t$port = Validate::validate($this->getParam('port', true, 80), 'port', Validate::REGEX_PORT, [\n\t\t\t\t'stringisempty',\n\t\t\t\t'myport'\n\t\t\t], [], true);\n\t\t\t$listen_statement = !empty($this->getBoolParam('listen_statement', true, 0)) ? 1 : 0;\n\t\t\t$namevirtualhost_statement = !empty($this->getBoolParam('namevirtualhost_statement', true, 0)) ? 1 : 0;\n\t\t\t$vhostcontainer = !empty($this->getBoolParam('vhostcontainer', true, 0)) ? 1 : 0;\n\t\t\t$ss = $this->getParam('specialsettings', true, '');\n\t\t\t$specialsettings = Validate::validate(str_replace(\"\\r\\n\", \"\\n\", $ss ?? \"\"), 'specialsettings', Validate::REGEX_CONF_TEXT, '', [], true);\n\t\t\t$vhostcontainer_servername_statement = !empty($this->getBoolParam('vhostcontainer_servername_statement', true, 1)) ? 1 : 0;\n\t\t\t$dvd = $this->getParam('default_vhostconf_domain', true, '');\n\t\t\t$default_vhostconf_domain = Validate::validate(str_replace(\"\\r\\n\", \"\\n\", $dvd), 'default_vhostconf_domain', Validate::REGEX_CONF_TEXT, '', [], true);\n\t\t\t$docroot = Validate::validate($this->getParam('docroot', true, ''), 'docroot', Validate::REGEX_DIR, '', [], true);\n\n\t\t\tif ((int)Settings::Get('system.use_ssl') == 1) {\n\t\t\t\t$ssl = (bool)$this->getBoolParam('ssl', true, 0);\n\t\t\t\t$cert_optional = !($ssl && empty(Settings::Get('system.ssl_cert_file')));\n\t\t\t\t$ssl_cert_file = Validate::validate($this->getParam('ssl_cert_file', $cert_optional, ''), 'ssl_cert_file', '', '', [], true);\n\t\t\t\t$ssl_key_file = Validate::validate($this->getParam('ssl_key_file', $cert_optional, ''), 'ssl_key_file', '', '', [], true);\n\t\t\t\t$ssl_ca_file = Validate::validate($this->getParam('ssl_ca_file', true, ''), 'ssl_ca_file', '', '', [], true);\n\t\t\t\t$ssl_cert_chainfile = Validate::validate($this->getParam('ssl_cert_chainfile', true, ''), 'ssl_cert_chainfile', '', '', [], true);\n\t\t\t\t$sslss = $this->getParam('ssl_specialsettings', true, '');\n\t\t\t\t$ssl_specialsettings = Validate::validate(str_replace(\"\\r\\n\", \"\\n\", $sslss ?? \"\"), 'ssl_specialsettings', Validate::REGEX_CONF_TEXT, '', [], true);\n\t\t\t\t$include_specialsettings = !empty($this->getBoolParam('include_specialsettings', true, 0)) ? 1 : 0;\n\t\t\t\t$ssldvd = $this->getParam('ssl_default_vhostconf_domain', true, '');\n\t\t\t\t$ssl_default_vhostconf_domain = Validate::validate(str_replace(\"\\r\\n\", \"\\n\", $ssldvd ?? \"\"), 'ssl_default_vhostconf_domain', Validate::REGEX_CONF_TEXT, '', [], true);\n\t\t\t\t$include_default_vhostconf_domain = !empty($this->getBoolParam('include_default_vhostconf_domain', true, 0)) ? 1 : 0;\n\t\t\t} else {\n\t\t\t\t$ssl = 0;\n\t\t\t\t$ssl_cert_file = '';\n\t\t\t\t$ssl_key_file = '';\n\t\t\t\t$ssl_ca_file = '';\n\t\t\t\t$ssl_cert_chainfile = '';\n\t\t\t\t$ssl_specialsettings = '';\n\t\t\t\t$include_specialsettings = 0;\n\t\t\t\t$ssl_default_vhostconf_domain = '';\n\t\t\t\t$include_default_vhostconf_domain = 0;\n\t\t\t}\n\n\t\t\tif ($listen_statement != '1') {\n\t\t\t\t$listen_statement = '0';\n\t\t\t}\n\n\t\t\tif ($namevirtualhost_statement != '1') {\n\t\t\t\t$namevirtualhost_statement = '0';\n\t\t\t}\n\n\t\t\tif ($vhostcontainer != '1') {\n\t\t\t\t$vhostcontainer = '0';\n\t\t\t}\n\n\t\t\tif ($vhostcontainer_servername_statement != '1') {\n\t\t\t\t$vhostcontainer_servername_statement = '0';\n\t\t\t}\n\n\t\t\tif ($ssl != '1') {\n\t\t\t\t$ssl = '0';\n\t\t\t}\n\n\t\t\tif ($ssl_cert_file != '') {\n\t\t\t\t$ssl_cert_file = FileDir::makeCorrectFile($ssl_cert_file);\n\t\t\t}\n\n\t\t\tif ($ssl_key_file != '') {\n\t\t\t\t$ssl_key_file = FileDir::makeCorrectFile($ssl_key_file);\n\t\t\t}\n\n\t\t\tif ($ssl_ca_file != '') {\n\t\t\t\t$ssl_ca_file = FileDir::makeCorrectFile($ssl_ca_file);\n\t\t\t}\n\n\t\t\tif ($ssl_cert_chainfile != '') {\n\t\t\t\t$ssl_cert_chainfile = FileDir::makeCorrectFile($ssl_cert_chainfile);\n\t\t\t}\n\n\t\t\tif (strlen(trim($docroot)) > 0) {\n\t\t\t\t$docroot = FileDir::makeCorrectDir($docroot);\n\t\t\t} else {\n\t\t\t\t$docroot = '';\n\t\t\t}\n\n\t\t\t// always use compressed ipv6 format\n\t\t\t$ip = inet_ntop(inet_pton($ip));\n\n\t\t\t$result_checkfordouble_stmt = Database::prepare(\"\n\t\t\tSELECT `id` FROM `\" . TABLE_PANEL_IPSANDPORTS . \"`\n\t\t\tWHERE `ip` = :ip AND `port` = :port\");\n\t\t\t$result_checkfordouble = Database::pexecute_first($result_checkfordouble_stmt, [\n\t\t\t\t'ip' => $ip,\n\t\t\t\t'port' => $port\n\t\t\t]);\n\n\t\t\tif ($result_checkfordouble && $result_checkfordouble['id'] != '') {\n\t\t\t\tResponse::standardError('myipnotdouble', '', true);\n\t\t\t}\n\n\t\t\t$ins_stmt = Database::prepare(\"\n\t\t\t\tINSERT INTO `\" . TABLE_PANEL_IPSANDPORTS . \"`\n\t\t\t\tSET\n\t\t\t\t`ip` = :ip, `port` = :port, `listen_statement` = :ls,\n\t\t\t\t`namevirtualhost_statement` = :nvhs, `vhostcontainer` = :vhc,\n\t\t\t\t`vhostcontainer_servername_statement` = :vhcss,\n\t\t\t\t`specialsettings` = :ss, `ssl` = :ssl,\n\t\t\t\t`ssl_cert_file` = :ssl_cert, `ssl_key_file` = :ssl_key,\n\t\t\t\t`ssl_ca_file` = :ssl_ca, `ssl_cert_chainfile` = :ssl_chain,\n\t\t\t\t`default_vhostconf_domain` = :dvhd, `docroot` = :docroot,\n\t\t\t\t`ssl_specialsettings` = :ssl_ss, `include_specialsettings` = :incss,\n\t\t\t\t`ssl_default_vhostconf_domain` = :ssl_dvhd, `include_default_vhostconf_domain` = :incdvhd;\n\t\t\t\");\n\t\t\t$ins_data = [\n\t\t\t\t'ip' => $ip,\n\t\t\t\t'port' => $port,\n\t\t\t\t'ls' => $listen_statement,\n\t\t\t\t'nvhs' => $namevirtualhost_statement,\n\t\t\t\t'vhc' => $vhostcontainer,\n\t\t\t\t'vhcss' => $vhostcontainer_servername_statement,\n\t\t\t\t'ss' => $specialsettings,\n\t\t\t\t'ssl' => $ssl,\n\t\t\t\t'ssl_cert' => $ssl_cert_file,\n\t\t\t\t'ssl_key' => $ssl_key_file,\n\t\t\t\t'ssl_ca' => $ssl_ca_file,\n\t\t\t\t'ssl_chain' => $ssl_cert_chainfile,\n\t\t\t\t'dvhd' => $default_vhostconf_domain,\n\t\t\t\t'docroot' => $docroot,\n\t\t\t\t'ssl_ss' => $ssl_specialsettings,\n\t\t\t\t'incss' => $include_specialsettings,\n\t\t\t\t'ssl_dvhd' => $ssl_default_vhostconf_domain,\n\t\t\t\t'incdvhd' => $include_default_vhostconf_domain\n\t\t\t];\n\t\t\tDatabase::pexecute($ins_stmt, $ins_data);\n\t\t\t$ins_data['id'] = Database::lastInsertId();\n\n\t\t\tCronjob::inserttask(TaskId::REBUILD_VHOST);\n\t\t\t// Using nameserver, insert a task which rebuilds the server config\n\t\t\tCronjob::inserttask(TaskId::REBUILD_DNS);\n\n\t\t\tif (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {\n\t\t\t\t$ip = '[' . $ip . ']';\n\t\t\t}\n\t\t\t$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_WARNING, \"[API] added IP/port '\" . $ip . \":\" . $port . \"'\");\n\t\t\t// get ip for return-array\n\t\t\t$result = $this->apiCall('IpsAndPorts.get', [\n\t\t\t\t'id' => $ins_data['id']\n\t\t\t]);\n\t\t\treturn $this->response($result);\n\t\t}\n\t\tthrow new Exception(\"Not allowed to execute given command.\", 403);\n\t}\n\n\t/**\n\t * return an ip/port entry by id\n\t *\n\t * @param int $id\n\t * ip-port-id\n\t *\n\t * @access admin\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function get()\n\t{\n\t\tif ($this->isAdmin() && ($this->getUserDetail('change_serversettings') || !empty($this->getUserDetail('ip')))) {\n\t\t\t$id = $this->getParam('id');\n\t\t\tif (!empty($this->getUserDetail('ip')) && $this->getUserDetail('ip') != -1) {\n\t\t\t\t$allowed_ips = json_decode($this->getUserDetail('ip'), true);\n\t\t\t\tif (!in_array($id, $allowed_ips)) {\n\t\t\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t\t\t}\n\t\t\t}\n\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\tSELECT * FROM `\" . TABLE_PANEL_IPSANDPORTS . \"` WHERE `id` = :id\n\t\t\t\");\n\t\t\t$result = Database::pexecute_first($result_stmt, [\n\t\t\t\t'id' => $id\n\t\t\t], true, true);\n\t\t\tif ($result) {\n\t\t\t\t$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, \"[API] get ip \" . $result['ip'] . \" \" . $result['port']);\n\t\t\t\treturn $this->response($result);\n\t\t\t}\n\t\t\tthrow new Exception(\"IP/port with id #\" . $id . \" could not be found\", 404);\n\t\t}\n\t\tthrow new Exception(\"Not allowed to execute given command.\", 403);\n\t}\n\n\t/**\n\t * update ip/port entry by given id\n\t *\n\t * @param int $id\n\t * @param string $ip\n\t * optional\n\t * @param int $port\n\t * optional, default 80\n\t * @param bool $listen_statement\n\t * optional, default 0 (false)\n\t * @param bool $namevirtualhost_statement\n\t * optional, default 0 (false)\n\t * @param bool $vhostcontainer\n\t * optional, default 0 (false)\n\t * @param string $specialsettings\n\t * optional, default empty\n\t * @param bool $vhostcontainer_servername_statement\n\t * optional, default 0 (false)\n\t * @param string $default_vhostconf_domain\n\t * optional, defatul empty\n\t * @param string $docroot\n\t * optional, default empty (point to froxlor)\n\t * @param bool $ssl\n\t * optional, default 0 (false)\n\t * @param string $ssl_cert_file\n\t * optional, requires $ssl = 1, default empty\n\t * @param string $ssl_key_file\n\t * optional, requires $ssl = 1, default empty\n\t * @param string $ssl_ca_file\n\t * optional, requires $ssl = 1, default empty\n\t * @param string $ssl_cert_chainfile\n\t * optional, requires $ssl = 1, default empty\n\t * @param string $ssl_specialsettings\n\t * optional, requires $ssl = 1, default empty\n\t * @param bool $include_specialsettings\n\t * optional, requires $ssl = 1, whether or not to include non-ssl specialsettings, default false\n\t * @param string $ssl_default_vhostconf_domain\n\t * optional, requires $ssl = 1, defatul empty\n\t * @param bool $include_default_vhostconf_domain\n\t * optional, requires $ssl = 1, whether or not to include non-ssl default_vhostconf_domain, default false\n\t *\n\t *\n\t * @access admin\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function update()\n\t{\n\t\tif ($this->isAdmin() && $this->getUserDetail('change_serversettings')) {\n\t\t\t$id = $this->getParam('id');\n\n\t\t\t$result = $this->apiCall('IpsAndPorts.get', [\n\t\t\t\t'id' => $id\n\t\t\t]);\n\n\t\t\t$ip = Validate::validate_ip2($this->getParam('ip', true, $result['ip']), false, 'invalidip', false, true, false, false, true);\n\t\t\t$port = Validate::validate($this->getParam('port', true, $result['port']), 'port', Validate::REGEX_PORT, [\n\t\t\t\t'stringisempty',\n\t\t\t\t'myport'\n\t\t\t], [], true);\n\t\t\t$listen_statement = $this->getBoolParam('listen_statement', true, $result['listen_statement']);\n\t\t\t$namevirtualhost_statement = $this->getBoolParam('namevirtualhost_statement', true, $result['namevirtualhost_statement']);\n\t\t\t$vhostcontainer = $this->getBoolParam('vhostcontainer', true, $result['vhostcontainer']);\n\t\t\t$ss = $this->getParam('specialsettings', true, $result['specialsettings']);\n\t\t\t$specialsettings = Validate::validate(str_replace(\"\\r\\n\", \"\\n\", $ss ?? \"\"), 'specialsettings', Validate::REGEX_CONF_TEXT, '', [], true);\n\t\t\t$vhostcontainer_servername_statement = $this->getParam('vhostcontainer_servername_statement', true, $result['vhostcontainer_servername_statement']);\n\t\t\t$dvd = $this->getParam('default_vhostconf_domain', true, $result['default_vhostconf_domain']);\n\t\t\t$default_vhostconf_domain = Validate::validate(str_replace(\"\\r\\n\", \"\\n\", $dvd ?? \"\"), 'default_vhostconf_domain', Validate::REGEX_CONF_TEXT, '', [], true);\n\t\t\t$docroot = Validate::validate($this->getParam('docroot', true, $result['docroot']), 'docroot', Validate::REGEX_DIR, '', [], true);\n\n\t\t\tif ((int)Settings::Get('system.use_ssl') == 1) {\n\t\t\t\t$ssl = (bool)$this->getBoolParam('ssl', true, $result['ssl']);\n\t\t\t\t$cert_optional = !($ssl && empty(Settings::Get('system.ssl_cert_file')));\n\t\t\t\t$ssl_cert_file = Validate::validate($this->getParam('ssl_cert_file', $cert_optional, $result['ssl_cert_file']), 'ssl_cert_file', '', '', [], true);\n\t\t\t\t$ssl_key_file = Validate::validate($this->getParam('ssl_key_file', $cert_optional, $result['ssl_key_file']), 'ssl_key_file', '', '', [], true);\n\t\t\t\t$ssl_ca_file = Validate::validate($this->getParam('ssl_ca_file', true, $result['ssl_ca_file']), 'ssl_ca_file', '', '', [], true);\n\t\t\t\t$ssl_cert_chainfile = Validate::validate($this->getParam('ssl_cert_chainfile', true, $result['ssl_cert_chainfile']), 'ssl_cert_chainfile', '', '', [], true);\n\t\t\t\t$sslss = $this->getParam('ssl_specialsettings', true, $result['ssl_specialsettings']);\n\t\t\t\t$ssl_specialsettings = Validate::validate(str_replace(\"\\r\\n\", \"\\n\", $sslss ?? \"\"), 'ssl_specialsettings', Validate::REGEX_CONF_TEXT, '', [], true);\n\t\t\t\t$include_specialsettings = $this->getBoolParam('include_specialsettings', true, $result['include_specialsettings']);\n\t\t\t\t$ssldvd = $this->getParam('ssl_default_vhostconf_domain', true, $result['ssl_default_vhostconf_domain']);\n\t\t\t\t$ssl_default_vhostconf_domain = Validate::validate(str_replace(\"\\r\\n\", \"\\n\", $ssldvd ?? \"\"), 'ssl_default_vhostconf_domain', Validate::REGEX_CONF_TEXT, '', [], true);\n\t\t\t\t$include_default_vhostconf_domain = $this->getBoolParam('include_default_vhostconf_domain', true, $result['include_default_vhostconf_domain']);\n\t\t\t} else {\n\t\t\t\t$ssl = 0;\n\t\t\t\t$ssl_cert_file = '';\n\t\t\t\t$ssl_key_file = '';\n\t\t\t\t$ssl_ca_file = '';\n\t\t\t\t$ssl_cert_chainfile = '';\n\t\t\t\t$ssl_specialsettings = '';\n\t\t\t\t$include_specialsettings = 0;\n\t\t\t\t$ssl_default_vhostconf_domain = '';\n\t\t\t\t$include_default_vhostconf_domain = 0;\n\t\t\t}\n\n\t\t\t$result_checkfordouble_stmt = Database::prepare(\"\n\t\t\t\tSELECT `id` FROM `\" . TABLE_PANEL_IPSANDPORTS . \"`\n\t\t\t\tWHERE `ip` = :ip AND `port` = :port\n\t\t\t\");\n\t\t\t$result_checkfordouble = Database::pexecute_first($result_checkfordouble_stmt, [\n\t\t\t\t'ip' => $ip,\n\t\t\t\t'port' => $port\n\t\t\t]);\n\n\t\t\t$result_sameipotherport_stmt = Database::prepare(\"\n\t\t\t\tSELECT `id` FROM `\" . TABLE_PANEL_IPSANDPORTS . \"`\n\t\t\t\tWHERE `ip` = :ip AND `id` <> :id\n\t\t\t\");\n\t\t\t$result_sameipotherport = Database::pexecute_first($result_sameipotherport_stmt, [\n\t\t\t\t'ip' => $ip,\n\t\t\t\t'id' => $id\n\t\t\t], true, true);\n\n\t\t\tif ($listen_statement != '1') {\n\t\t\t\t$listen_statement = '0';\n\t\t\t}\n\n\t\t\tif ($namevirtualhost_statement != '1') {\n\t\t\t\t$namevirtualhost_statement = '0';\n\t\t\t}\n\n\t\t\tif ($vhostcontainer != '1') {\n\t\t\t\t$vhostcontainer = '0';\n\t\t\t}\n\n\t\t\tif ($vhostcontainer_servername_statement != '1') {\n\t\t\t\t$vhostcontainer_servername_statement = '0';\n\t\t\t}\n\n\t\t\tif ($ssl != '1') {\n\t\t\t\t$ssl = '0';\n\t\t\t}\n\n\t\t\tif ($ssl_cert_file != '') {\n\t\t\t\t$ssl_cert_file = FileDir::makeCorrectFile($ssl_cert_file);\n\t\t\t}\n\n\t\t\tif ($ssl_key_file != '') {\n\t\t\t\t$ssl_key_file = FileDir::makeCorrectFile($ssl_key_file);\n\t\t\t}\n\n\t\t\tif ($ssl_ca_file != '') {\n\t\t\t\t$ssl_ca_file = FileDir::makeCorrectFile($ssl_ca_file);\n\t\t\t}\n\n\t\t\tif ($ssl_cert_chainfile != '') {\n\t\t\t\t$ssl_cert_chainfile = FileDir::makeCorrectFile($ssl_cert_chainfile);\n\t\t\t}\n\n\t\t\tif (strlen(trim($docroot)) > 0) {\n\t\t\t\t$docroot = FileDir::makeCorrectDir($docroot);\n\t\t\t} else {\n\t\t\t\t$docroot = '';\n\t\t\t}\n\n\t\t\t// always use compressed ipv6 format\n\t\t\t$ip = inet_ntop(inet_pton($ip));\n\n\t\t\tif ($result['ip'] != $ip && $result['ip'] == Settings::Get('system.ipaddress') && $result_sameipotherport == false) {\n\t\t\t\tResponse::standardError('cantchangesystemip', '', true);\n\t\t\t} elseif ($result_checkfordouble && $result_checkfordouble['id'] != '' && $result_checkfordouble['id'] != $id) {\n\t\t\t\tResponse::standardError('myipnotdouble', '', true);\n\t\t\t} else {\n\t\t\t\t$upd_stmt = Database::prepare(\"\n\t\t\t\t\tUPDATE `\" . TABLE_PANEL_IPSANDPORTS . \"`\n\t\t\t\t\tSET\n\t\t\t\t\t`ip` = :ip, `port` = :port, `listen_statement` = :ls,\n\t\t\t\t\t`namevirtualhost_statement` = :nvhs, `vhostcontainer` = :vhc,\n\t\t\t\t\t`vhostcontainer_servername_statement` = :vhcss,\n\t\t\t\t\t`specialsettings` = :ss, `ssl` = :ssl,\n\t\t\t\t\t`ssl_cert_file` = :ssl_cert, `ssl_key_file` = :ssl_key,\n\t\t\t\t\t`ssl_ca_file` = :ssl_ca, `ssl_cert_chainfile` = :ssl_chain,\n\t\t\t\t\t`default_vhostconf_domain` = :dvhd, `docroot` = :docroot,\n\t\t\t\t\t`ssl_specialsettings` = :ssl_ss, `include_specialsettings` = :incss,\n\t\t\t\t\t`ssl_default_vhostconf_domain` = :ssl_dvhd, `include_default_vhostconf_domain` = :incdvhd\n\t\t\t\t\tWHERE `id` = :id;\n\t\t\t\t\");\n\t\t\t\t$upd_data = [\n\t\t\t\t\t'ip' => $ip,\n\t\t\t\t\t'port' => $port,\n\t\t\t\t\t'ls' => $listen_statement,\n\t\t\t\t\t'nvhs' => $namevirtualhost_statement,\n\t\t\t\t\t'vhc' => $vhostcontainer,\n\t\t\t\t\t'vhcss' => $vhostcontainer_servername_statement,\n\t\t\t\t\t'ss' => $specialsettings,\n\t\t\t\t\t'ssl' => $ssl,\n\t\t\t\t\t'ssl_cert' => $ssl_cert_file,\n\t\t\t\t\t'ssl_key' => $ssl_key_file,\n\t\t\t\t\t'ssl_ca' => $ssl_ca_file,\n\t\t\t\t\t'ssl_chain' => $ssl_cert_chainfile,\n\t\t\t\t\t'dvhd' => $default_vhostconf_domain,\n\t\t\t\t\t'docroot' => $docroot,\n\t\t\t\t\t'ssl_ss' => $ssl_specialsettings,\n\t\t\t\t\t'incss' => $include_specialsettings,\n\t\t\t\t\t'ssl_dvhd' => $ssl_default_vhostconf_domain,\n\t\t\t\t\t'incdvhd' => $include_default_vhostconf_domain,\n\t\t\t\t\t'id' => $id\n\t\t\t\t];\n\t\t\t\tDatabase::pexecute($upd_stmt, $upd_data);\n\n\t\t\t\tCronjob::inserttask(TaskId::REBUILD_VHOST);\n\t\t\t\t// Using nameserver, insert a task which rebuilds the server config\n\t\t\t\tCronjob::inserttask(TaskId::REBUILD_DNS);\n\n\t\t\t\t$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_WARNING, \"[API] changed IP/port from '\" . $result['ip'] . \":\" . $result['port'] . \"' to '\" . $ip . \":\" . $port . \"'\");\n\n\t\t\t\t$result = $this->apiCall('IpsAndPorts.get', [\n\t\t\t\t\t'id' => $result['id']\n\t\t\t\t]);\n\t\t\t\treturn $this->response($result);\n\t\t\t}\n\t\t}\n\t\tthrow new Exception(\"Not allowed to execute given command.\", 403);\n\t}\n\n\t/**\n\t * delete an ip/port entry by id\n\t *\n\t * @param int $id\n\t * ip-port-id\n\t *\n\t * @access admin\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function delete()\n\t{\n\t\tif ($this->isAdmin() && $this->getUserDetail('change_serversettings')) {\n\t\t\t$id = $this->getParam('id');\n\n\t\t\t$result = $this->apiCall('IpsAndPorts.get', [\n\t\t\t\t'id' => $id\n\t\t\t]);\n\n\t\t\t$result_checkdomain_stmt = Database::prepare(\"\n\t\t\t\tSELECT `id_domain` FROM `\" . TABLE_DOMAINTOIP . \"` WHERE `id_ipandports` = :id\n\t\t\t\");\n\t\t\t$result_checkdomain = Database::pexecute_first($result_checkdomain_stmt, [\n\t\t\t\t'id' => $id\n\t\t\t], true, true);\n\n\t\t\tif (empty($result_checkdomain)) {\n\t\t\t\tif (!in_array($result['id'], explode(',', Settings::Get('system.defaultip'))) && !in_array($result['id'], explode(',', Settings::Get('system.defaultsslip')))) {\n\t\t\t\t\t// check whether there is the same IP with a different port\n\t\t\t\t\t// in case this ip-address is the system.ipaddress and therefore\n\t\t\t\t\t// when there is one - we have an alternative\n\t\t\t\t\t$result_sameipotherport_stmt = Database::prepare(\"\n\t\t\t\t\t\tSELECT `id` FROM `\" . TABLE_PANEL_IPSANDPORTS . \"`\n\t\t\t\t\t\tWHERE `ip` = :ip AND `id` <> :id\");\n\t\t\t\t\t$result_sameipotherport = Database::pexecute_first($result_sameipotherport_stmt, [\n\t\t\t\t\t\t'id' => $id,\n\t\t\t\t\t\t'ip' => $result['ip']\n\t\t\t\t\t]);\n\n\t\t\t\t\tif (($result['ip'] != Settings::Get('system.ipaddress')) || ($result['ip'] == Settings::Get('system.ipaddress') && $result_sameipotherport != false)) {\n\t\t\t\t\t\t$del_stmt = Database::prepare(\"\n\t\t\t\t\t\t\tDELETE FROM `\" . TABLE_PANEL_IPSANDPORTS . \"`\n\t\t\t\t\t\t\tWHERE `id` = :id\n\t\t\t\t\t\t\");\n\t\t\t\t\t\tDatabase::pexecute($del_stmt, [\n\t\t\t\t\t\t\t'id' => $id\n\t\t\t\t\t\t], true, true);\n\n\t\t\t\t\t\t// also, remove connections to domains (multi-stack)\n\t\t\t\t\t\t$del_stmt = Database::prepare(\"\n\t\t\t\t\t\t\tDELETE FROM `\" . TABLE_DOMAINTOIP . \"` WHERE `id_ipandports` = :id\n\t\t\t\t\t\t\");\n\t\t\t\t\t\tDatabase::pexecute($del_stmt, [\n\t\t\t\t\t\t\t'id' => $id\n\t\t\t\t\t\t], true, true);\n\n\t\t\t\t\t\tCronjob::inserttask(TaskId::REBUILD_VHOST);\n\t\t\t\t\t\t// Using nameserver, insert a task which rebuilds the server config\n\t\t\t\t\t\tCronjob::inserttask(TaskId::REBUILD_DNS);\n\n\t\t\t\t\t\t$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_WARNING, \"[API] deleted IP/port '\" . $result['ip'] . \":\" . $result['port'] . \"'\");\n\t\t\t\t\t\treturn $this->response($result);\n\t\t\t\t\t} else {\n\t\t\t\t\t\tResponse::standardError('cantdeletesystemip', '', true);\n\t\t\t\t\t}\n\t\t\t\t} else {\n\t\t\t\t\tResponse::standardError('cantdeletedefaultip', '', true);\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\tResponse::standardError('ipstillhasdomains', '', true);\n\t\t\t}\n\t\t}\n\t\tthrow new Exception(\"Not allowed to execute given command.\", 403);\n\t}\n}\n" }, { "path": "lib/Froxlor/Api/Commands/MysqlServer.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Api\\Commands;\n\nuse Exception;\nuse Froxlor\\Api\\ApiCommand;\nuse Froxlor\\Api\\ResourceEntity;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\FileDir;\nuse Froxlor\\Froxlor;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\PhpHelper;\nuse Froxlor\\Validate\\Validate;\nuse PDO;\nuse PDOException;\n\nclass MysqlServer extends ApiCommand implements ResourceEntity\n{\n\n\t/**\n\t * check whether the user is allowed\n\t *\n\t * @throws Exception\n\t */\n\tprivate function validateAccess()\n\t{\n\t\tif ($this->isAdmin() == false || ($this->isAdmin() && $this->getUserDetail('change_serversettings') == 0)) {\n\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t}\n\t}\n\n\t/**\n\t * add a new mysql-server\n\t *\n\t * @param string $mysql_host\n\t * ip/hostname of mysql-server\n\t * @param string $mysql_port\n\t * optional, port to connect to\n\t * @param string $mysql_ca\n\t * optional, path to certificate file\n\t * @param string $mysql_verifycert\n\t * optional, verify server certificate\n\t * @param string $privileged_user\n\t * privileged user on the mysql-server (must have GRANT privileges)\n\t * @param string $privileged_password\n\t * password of privileged user\n\t * @param string $description\n\t * optional, description for server\n\t * @param bool $allow_all_customers\n\t * optional add this configuration to the list of every existing customer's allowed-mysqlserver-config list, default is false (no)\n\t * @param bool $test_connection\n\t * optional, test connection with given credentials, default is true (yes)\n\t *\n\t * @access admin\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function add()\n\t{\n\t\t$this->validateAccess();\n\n\t\t$mysql_host = $this->getParam('mysql_host');\n\t\t$mysql_port = $this->getParam('mysql_port', true, 3306);\n\t\t$mysql_ca = $this->getParam('mysql_ca', true, '');\n\t\t$mysql_verifycert = $this->getBoolParam('mysql_verifycert', true, 0);\n\t\t$privileged_user = $this->getParam('privileged_user');\n\t\t$privileged_password = $this->getParam('privileged_password');\n\t\t$description = $this->getParam('description', true, '');\n\t\t$allow_all_customers = $this->getParam('allow_all_customers', true, 0);\n\t\t$test_connection = $this->getParam('test_connection', true, 1);\n\n\t\t// validation\n\t\t$mysql_host_chk = Validate::validate_ip2($mysql_host, true, 'invalidip', true, true, false);\n\t\tif ($mysql_host_chk === false) {\n\t\t\t$mysql_host_chk = Validate::validateLocalHostname($mysql_host);\n\t\t\tif ($mysql_host_chk === false) {\n\t\t\t\t$mysql_host_chk = Validate::validateDomain($mysql_host);\n\t\t\t\tif ($mysql_host_chk === false) {\n\t\t\t\t\tthrow new Exception(\"Invalid mysql server ip/hostname\", 406);\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t\t$mysql_port = Validate::validate($mysql_port, 'port', Validate::REGEX_PORT, '', [3306], true);\n\t\t$mysql_ca = !empty($mysql_ca) ? FileDir::makeCorrectFile($mysql_ca) : '';\n\t\t$privileged_user = Validate::validate($privileged_user, 'privileged_user', '/^[a-z][a-z0-9\\-_]+$/i', '', [], true);\n\t\t$privileged_password = Validate::validate($privileged_password, 'password', '', '', [], true);\n\t\t$description = Validate::validate(trim($description), 'description', Validate::REGEX_DESC_TEXT, '', [], true);\n\n\t\t// testing connection with given credentials\n\t\tif ($test_connection) {\n\t\t\t$options = array(\n\t\t\t\tPDO::MYSQL_ATTR_INIT_COMMAND => 'SET names utf8'\n\t\t\t);\n\t\t\tif (!empty($mysql_ca)) {\n\t\t\t\t$options[PDO::MYSQL_ATTR_SSL_CA] = $mysql_ca;\n\t\t\t\t$options[PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT] = (bool)$mysql_verifycert;\n\t\t\t}\n\n\t\t\t$dsn = \"mysql:host=\" . $mysql_host . \";port=\" . $mysql_port . \";\";\n\t\t\ttry {\n\t\t\t\t$db_test = new \\PDO($dsn, $privileged_user, $privileged_password, $options);\n\t\t\t\tunset($db_test);\n\t\t\t} catch (PDOException $e) {\n\t\t\t\tthrow new Exception(\"Connection to given mysql database could not be established. Error-message: \" . $e->getMessage(), $e->getCode());\n\t\t\t}\n\t\t}\n\n\t\t$sql = [];\n\t\t$sql_root = [];\n\n\t\t// get all data from lib/userdata\n\t\trequire Froxlor::getInstallDir() . \"/lib/userdata.inc.php\";\n\n\t\t// le format\n\t\tif (isset($sql['root_user']) && isset($sql['root_password']) && !is_array($sql_root)) {\n\t\t\t$sql_root = array(\n\t\t\t\t0 => array(\n\t\t\t\t\t'caption' => 'Default',\n\t\t\t\t\t'host' => $sql['host'],\n\t\t\t\t\t'socket' => (isset($sql['socket']) ? $sql['socket'] : null),\n\t\t\t\t\t'user' => $sql['root_user'],\n\t\t\t\t\t'password' => $sql['root_password']\n\t\t\t\t)\n\t\t\t);\n\t\t\tunset($sql['root_user']);\n\t\t\tunset($sql['root_password']);\n\t\t}\n\n\t\t// add new values to sql_root array\n\t\t$sql_root[] = [\n\t\t\t'caption' => $description,\n\t\t\t'host' => $mysql_host,\n\t\t\t'port' => $mysql_port,\n\t\t\t'user' => $privileged_user,\n\t\t\t'password' => $privileged_password,\n\t\t\t'ssl' => [\n\t\t\t\t'caFile' => $mysql_ca ?? \"\",\n\t\t\t\t'verifyServerCertificate' => $mysql_verifycert\n\t\t\t]\n\t\t];\n\n\t\t$this->generateNewUserData($sql, $sql_root);\n\n\t\t// last added to array\n\t\t$newdbserver = array_key_last($sql_root);\n\n\t\tif ($allow_all_customers) {\n\t\t\t$this->addDatabaseFromCustomerAllowedList($newdbserver);\n\t\t}\n\n\t\t$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_WARNING, \"[API] added new database server '\" . $description . \"' (\" . $mysql_host . \")\");\n\n\t\treturn $this->response(['dbserver' => $newdbserver]);\n\t}\n\n\t/**\n\t * remove a mysql-server\n\t *\n\t * @param int $id\n\t * optional the number of the mysql server (either id or dbserver must be set)\n\t * @param int $dbserver\n\t * optional the number of the mysql server (either id or dbserver must be set)\n\t *\n\t * @access admin\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function delete()\n\t{\n\t\t$this->validateAccess();\n\n\t\t$id = (int)$this->getParam('id', true, -1);\n\t\t$dn_optional = $id >= 0;\n\t\t$dbserver = (int)$this->getParam('dbserver', $dn_optional, -1);\n\t\t$dbserver = $id >= 0 ? $id : $dbserver;\n\n\t\tif ($dbserver == 0) {\n\t\t\tthrow new Exception('Cannot delete first/default mysql-server', 406);\n\t\t}\n\n\t\t$sql_root = [];\n\t\t// get all data from lib/userdata\n\t\trequire Froxlor::getInstallDir() . \"/lib/userdata.inc.php\";\n\n\t\tif (!isset($sql_root[$dbserver])) {\n\t\t\tthrow new Exception('Mysql server not found', 404);\n\t\t}\n\n\t\t// check whether the server is in use by any customer\n\t\t$result_ms = $this->databasesOnServer(true, $dbserver);\n\t\tif ($result_ms > 0) {\n\t\t\tthrow new Exception(lng('error.mysqlserverstillhasdbs'), 406);\n\t\t}\n\n\t\t// when removing, remove from list of allowed_mysqlservers from any customers\n\t\t$this->removeDatabaseFromCustomerAllowedList($dbserver);\n\n\t\t$description = $sql_root[$dbserver]['caption'] ?? \"unknown\";\n\t\t$mysql_host = $sql_root[$dbserver]['host'] ?? \"unknown\";\n\t\tunset($sql_root[$dbserver]);\n\n\t\t$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_WARNING, \"[API] removed database server '\" . $description . \"' (\" . $mysql_host . \")\");\n\n\t\t$this->generateNewUserData($sql, $sql_root);\n\t\treturn $this->response(['true']);\n\t}\n\n\t/**\n\t * list available mysql-server\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded array\n\t */\n\tpublic function listing()\n\t{\n\t\t$sql = [];\n\t\t$sql_root = [];\n\t\t// get all data from lib/userdata\n\t\trequire Froxlor::getInstallDir() . \"/lib/userdata.inc.php\";\n\n\t\t// limit customer to its allowed servers\n\t\t$allowed_mysqls = [];\n\t\tif ($this->isAdmin() == false) {\n\t\t\t$allowed_mysqls = json_decode($this->getUserDetail('allowed_mysqlserver'), true);\n\t\t}\n\n\t\t$result = [];\n\t\tforeach ($sql_root as $index => $sqlrootdata) {\n\t\t\tif ($this->isAdmin() == false) {\n\t\t\t\tif ($allowed_mysqls === false || empty($allowed_mysqls)) {\n\t\t\t\t\tbreak;\n\t\t\t\t} elseif (!in_array($index, $allowed_mysqls)) {\n\t\t\t\t\tcontinue;\n\t\t\t\t}\n\t\t\t\t// no usernames required for non-admins\n\t\t\t\tunset($sqlrootdata['user']);\n\t\t\t}\n\t\t\t// passwords will not be returned in any case for security reasons\n\t\t\tunset($sqlrootdata['password']);\n\t\t\t$sqlrootdata['id'] = $index;\n\t\t\t$result[$index] = $sqlrootdata;\n\t\t}\n\n\t\treturn $this->response(['list' => $result, 'count' => count($result)]);\n\t}\n\n\t/**\n\t * returns the total number of mysql servers\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded response message\n\t */\n\tpublic function listingCount()\n\t{\n\t\tif ($this->isAdmin() == false) {\n\t\t\t$allowed_mysqls = json_decode($this->getUserDetail('allowed_mysqlserver'), true);\n\t\t\tif ($allowed_mysqls) {\n\t\t\t\treturn $this->response(count($allowed_mysqls));\n\t\t\t}\n\t\t\treturn $this->response(0);\n\t\t}\n\t\t$sql_root = [];\n\t\t// get all data from lib/userdata\n\t\trequire Froxlor::getInstallDir() . \"/lib/userdata.inc.php\";\n\t\treturn $this->response(count($sql_root));\n\t}\n\n\t/**\n\t * Return info about a specific mysql-server\n\t *\n\t * @param int $id\n\t * optional the number of the mysql server (either id or dbserver must be set)\n\t * @param int $dbserver\n\t * optional the number of the mysql server (either id or dbserver must be set)\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function get()\n\t{\n\t\t$id = (int)$this->getParam('id', true, -1);\n\t\t$dn_optional = $id >= 0;\n\t\t$dbserver = (int)$this->getParam('dbserver', $dn_optional, -1);\n\t\t$dbserver = $id >= 0 ? $id : $dbserver;\n\n\t\t$sql_root = [];\n\t\t// get all data from lib/userdata\n\t\trequire Froxlor::getInstallDir() . \"/lib/userdata.inc.php\";\n\n\t\tif (!isset($sql_root[$dbserver])) {\n\t\t\tthrow new Exception('Mysql server not found', 404);\n\t\t}\n\n\t\t// limit customer to its allowed servers\n\t\tif ($this->isAdmin() == false) {\n\t\t\t$allowed_mysqls = json_decode($this->getUserDetail('allowed_mysqlserver'), true);\n\t\t\tif ($allowed_mysqls === false || empty($allowed_mysqls) || !in_array($dbserver, $allowed_mysqls)) {\n\t\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t\t}\n\t\t\t// no usernames required for non-admins\n\t\t\tunset($sql_root[$dbserver]['user']);\n\t\t}\n\n\t\tunset($sql_root[$dbserver]['password']);\n\t\t$sql_root[$dbserver]['id'] = $dbserver;\n\t\t$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, \"[API] get database-server '\" . $sql_root[$dbserver]['caption'] . \"'\");\n\t\treturn $this->response($sql_root[$dbserver]);\n\t}\n\n\t/**\n\t * update given mysql-server\n\t *\n\t * @param int $id\n\t * optional the number of the mysql server (either id or dbserver must be set)\n\t * @param int $dbserver\n\t * optional the number of the mysql server (either id or dbserver must be set)\n\t * @param string $mysql_host\n\t * ip/hostname of mysql-server\n\t * @param string $mysql_port\n\t * optional, port to connect to\n\t * @param string $mysql_ca\n\t * optional, path to certificate file\n\t * @param string $mysql_verifycert\n\t * optional, verify server certificate\n\t * @param string $privileged_user\n\t * privileged user on the mysql-server (must have GRANT privileges)\n\t * @param string $privileged_password\n\t * password of privileged user\n\t * @param string $description\n\t * optional, description for server\n\t * @param bool $allow_all_customers\n\t * optional add this configuration to the list of every existing customer's allowed-mysqlserver-config list, default is false (no)\n\t * @param bool $test_connection\n\t * optional, test connection with given credentials, default is true (yes)\n\t *\n\t * @access admin\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function update()\n\t{\n\t\t$this->validateAccess();\n\n\t\t$id = (int)$this->getParam('id', true, -1);\n\t\t$dn_optional = $id >= 0;\n\t\t$dbserver = (int)$this->getParam('dbserver', $dn_optional, -1);\n\t\t$dbserver = $id >= 0 ? $id : $dbserver;\n\n\t\t$sql_root = [];\n\t\trequire Froxlor::getInstallDir() . \"/lib/userdata.inc.php\";\n\n\t\tif (!isset($sql_root[$dbserver])) {\n\t\t\tthrow new Exception('Mysql server not found', 404);\n\t\t}\n\n\t\t$result = $sql_root[$dbserver];\n\n\t\tif ($dbserver == 0) {\n\t\t\t$mysql_host = $result['host'];\n\t\t} else {\n\t\t\t$mysql_host = $this->getParam('mysql_host', true, $result['host']);\n\t\t}\n\t\t$mysql_port = $this->getParam('mysql_port', true, $result['port'] ?? 3306);\n\t\t$mysql_ca = $this->getParam('mysql_ca', true, $result['ssl']['caFile'] ?? '');\n\t\t$mysql_verifycert = $this->getBoolParam('mysql_verifycert', true, $result['ssl']['verifyServerCertificate'] ?? 0);\n\t\t$privileged_user = $this->getParam('privileged_user', true, $result['user']);\n\t\t$privileged_password = $this->getParam('privileged_password', true, '');\n\t\t$description = $this->getParam('description', true, $result['caption']);\n\t\t$allow_all_customers = $this->getParam('allow_all_customers', true, 0);\n\t\t$test_connection = $this->getParam('test_connection', true, 1);\n\n\t\t// validation\n\t\t$mysql_host_chk = Validate::validate_ip2($mysql_host, true, 'invalidip', true, true, false);\n\t\tif ($mysql_host_chk === false) {\n\t\t\t$mysql_host_chk = Validate::validateLocalHostname($mysql_host);\n\t\t\tif ($mysql_host_chk === false) {\n\t\t\t\t$mysql_host_chk = Validate::validateDomain($mysql_host);\n\t\t\t\tif ($mysql_host_chk === false) {\n\t\t\t\t\tthrow new Exception(\"Invalid mysql server ip/hostname\", 406);\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t\t$mysql_port = Validate::validate($mysql_port, 'port', Validate::REGEX_PORT, '', [3306], true);\n\t\t$mysql_ca = !empty($mysql_ca) ? FileDir::makeCorrectFile($mysql_ca) : '';\n\t\t$privileged_user = Validate::validate($privileged_user, 'privileged_user', '/^[a-z][a-z0-9\\-_]+$/i', '', [], true);\n\t\t$privileged_password = Validate::validate($privileged_password, 'password', '', '', [], true);\n\t\t$description = Validate::validate(trim($description), 'description', Validate::REGEX_DESC_TEXT, '', [], true);\n\n\t\t// keep old password?\n\t\tif (empty($privileged_password)) {\n\t\t\t$privileged_password = $result['password'];\n\t\t}\n\n\t\tif ($mysql_host != $result['host']) {\n\t\t\t// check whether the server is in use by any customer\n\t\t\t$result_ms = $this->databasesOnServer(true, $dbserver);\n\t\t\tif ($result_ms > 0) {\n\t\t\t\tthrow new Exception(\"Unable to update mysql-host as there are still databases on it\", 406);\n\t\t\t}\n\t\t}\n\n\t\t// testing connection with given credentials\n\t\tif ($test_connection) {\n\t\t\t$options = array(\n\t\t\t\tPDO::MYSQL_ATTR_INIT_COMMAND => 'SET names utf8'\n\t\t\t);\n\t\t\tif (!empty($mysql_ca)) {\n\t\t\t\t$options[PDO::MYSQL_ATTR_SSL_CA] = $mysql_ca;\n\t\t\t\t$options[PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT] = (bool)$mysql_verifycert;\n\t\t\t}\n\n\t\t\t$dsn = \"mysql:host=\" . $mysql_host . \";port=\" . $mysql_port . \";\";\n\t\t\ttry {\n\t\t\t\t$db_test = new \\PDO($dsn, $privileged_user, $privileged_password, $options);\n\t\t\t\tunset($db_test);\n\t\t\t} catch (PDOException $e) {\n\t\t\t\tthrow new Exception(\"Connection to given mysql database could not be established. Error-message: \" . $e->getMessage(), $e->getCode());\n\t\t\t}\n\t\t}\n\n\t\t// set new values to sql_root array\n\t\t$sql_root[$dbserver] = [\n\t\t\t'caption' => $description,\n\t\t\t'host' => $mysql_host,\n\t\t\t'port' => $mysql_port,\n\t\t\t'user' => $privileged_user,\n\t\t\t'password' => $privileged_password,\n\t\t\t'ssl' => [\n\t\t\t\t'caFile' => $mysql_ca ?? \"\",\n\t\t\t\t'verifyServerCertificate' => $mysql_verifycert ?? false\n\t\t\t]\n\t\t];\n\n\t\t$this->generateNewUserData($sql, $sql_root);\n\n\t\tif ($allow_all_customers) {\n\t\t\t$this->addDatabaseFromCustomerAllowedList($dbserver);\n\t\t}\n\n\t\t$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_WARNING, \"[API] edited database server '\" . $description . \"' (\" . $mysql_host . \")\");\n\n\t\treturn $this->response(['true']);\n\t}\n\n\t/**\n\t * check whether a given customer / current user (as customer) has\n\t * databases on the given dbserver\n\t *\n\t * @param int $mysql_server\n\t * @param int $customerid\n\t * optional, admin-only, select ftp-users of a specific customer by id\n\t * @param string $loginname\n\t * optional, admin-only, select ftp-users of a specific customer by loginname\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded array count\n\t */\n\tpublic function databasesOnServer(bool $internal_all = false, int $dbserver = 0)\n\t{\n\t\tif ($internal_all) {\n\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\tSELECT COUNT(*) num_dbs FROM `\" . TABLE_PANEL_DATABASES . \"`\n\t\t\t\tWHERE `dbserver` = :dbserver\n\t\t\t\");\n\t\t\t$result = Database::pexecute_first($result_stmt, ['dbserver' => $dbserver], true, true);\n\t\t\treturn (int)$result['num_dbs'];\n\t\t} else {\n\t\t\t$dbserver = $this->getParam('mysql_server');\n\t\t\t$customer_ids = $this->getAllowedCustomerIds();\n\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\tSELECT COUNT(*) num_dbs FROM `\" . TABLE_PANEL_DATABASES . \"`\n\t\t\t\tWHERE `customerid` IN (\" . implode(\", \", $customer_ids) . \") AND `dbserver` = :dbserver\n\t\t\t\");\n\t\t\t$result = Database::pexecute_first($result_stmt, ['dbserver' => $dbserver], true, true);\n\t\t\treturn $this->response(['count' => $result['num_dbs']]);\n\t\t}\n\t}\n\n\tprivate function removeDatabaseFromCustomerAllowedList(int $dbserver)\n\t{\n\t\t$sel_stmt = Database::prepare(\"\n\t\t\tSELECT customerid, allowed_mysqlserver FROM `\" . TABLE_PANEL_CUSTOMERS . \"`\n\t\t\");\n\t\tDatabase::pexecute($sel_stmt);\n\t\t$upd_stmt = Database::prepare(\"\n\t\t\tUPDATE `\" . TABLE_PANEL_CUSTOMERS . \"` SET\n\t\t\t`allowed_mysqlserver` = :am WHERE `customerid` = :cid\n\t\t\");\n\t\twhile ($customer = $sel_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t$allowed_mysqls = json_decode(($customer['allowed_mysqlserver'] ?? '[]'), true);\n\t\t\tif (($key = array_search($dbserver, $allowed_mysqls)) !== false) {\n\t\t\t\tunset($allowed_mysqls[$key]);\n\t\t\t\t$allowed_mysqls = json_encode($allowed_mysqls);\n\t\t\t\tDatabase::pexecute($upd_stmt, ['am' => $allowed_mysqls, 'cid' => $customer['customerid']]);\n\t\t\t}\n\t\t}\n\t}\n\n\tprivate function addDatabaseFromCustomerAllowedList(int $dbserver)\n\t{\n\t\t$sel_stmt = Database::prepare(\"\n\t\t\tSELECT customerid, allowed_mysqlserver FROM `\" . TABLE_PANEL_CUSTOMERS . \"`\n\t\t\");\n\t\tDatabase::pexecute($sel_stmt);\n\t\t$upd_stmt = Database::prepare(\"\n\t\t\tUPDATE `\" . TABLE_PANEL_CUSTOMERS . \"` SET\n\t\t\t`allowed_mysqlserver` = :am WHERE `customerid` = :cid\n\t\t\");\n\t\twhile ($customer = $sel_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t$allowed_mysqls = json_decode(($customer['allowed_mysqlserver'] ?: '[]'), true);\n\t\t\tif (!in_array($dbserver, $allowed_mysqls)) {\n\t\t\t\t$allowed_mysqls[] = $dbserver;\n\t\t\t\t$allowed_mysqls = json_encode($allowed_mysqls);\n\t\t\t\tDatabase::pexecute($upd_stmt, ['am' => $allowed_mysqls, 'cid' => $customer['customerid']]);\n\t\t\t}\n\t\t}\n\t}\n\n\t/**\n\t * write new userdata.inc.php file\n\t */\n\tprivate function generateNewUserData(array $sql, array $sql_root)\n\t{\n\t\t$content = PhpHelper::parseArrayToPhpFile(\n\t\t\t['sql' => $sql, 'sql_root' => $sql_root],\n\t\t\t'automatically generated userdata.inc.php for froxlor'\n\t\t);\n\t\tchmod(Froxlor::getInstallDir() . \"/lib/userdata.inc.php\", 0700);\n\t\tfile_put_contents(Froxlor::getInstallDir() . \"/lib/userdata.inc.php\", $content);\n\t\tchmod(Froxlor::getInstallDir() . \"/lib/userdata.inc.php\", 0400);\n\t\tclearstatcache();\n\t\tif (function_exists('opcache_invalidate')) {\n\t\t\t@opcache_invalidate(Froxlor::getInstallDir() . \"/lib/userdata.inc.php\", true);\n\t\t}\n\t}\n}\n" }, { "path": "lib/Froxlor/Api/Commands/Mysqls.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Api\\Commands;\n\nuse Exception;\nuse Froxlor\\Api\\ApiCommand;\nuse Froxlor\\Api\\ResourceEntity;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\Database\\DbManager;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\Settings;\nuse Froxlor\\System\\Crypt;\nuse Froxlor\\UI\\Response;\nuse Froxlor\\User;\nuse Froxlor\\Validate\\Validate;\nuse PDO;\n\n/**\n * @since 0.10.0\n */\nclass Mysqls extends ApiCommand implements ResourceEntity\n{\n\n\t/**\n\t * add a new mysql-database\n\t *\n\t * @param string $mysql_password\n\t * password for the created database and database-user\n\t * @param int $mysql_server\n\t * optional, default is 0\n\t * @param string $description\n\t * optional, description for database\n\t * @param string $custom_suffix\n\t * optional, name for database if customer.mysqlprefix setting is set to \"DBNAME\"\n\t * @param bool $sendinfomail\n\t * optional, send created resource-information to customer, default: false\n\t * @param int $customerid\n\t * optional, required when called as admin (if $loginname is not specified)\n\t * @param string $loginname\n\t * optional, required when called as admin (if $customerid is not specified)\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function add()\n\t{\n\t\tif (($this->getUserDetail('mysqls_used') < $this->getUserDetail('mysqls') || $this->getUserDetail('mysqls') == '-1') || $this->isAdmin()) {\n\t\t\t// required parameters\n\t\t\t$password = $this->getParam('mysql_password');\n\n\t\t\t// parameters\n\t\t\t$databasedescription = $this->getParam('description', true, '');\n\t\t\t$databasename = $this->getParam('custom_suffix', true, '');\n\t\t\t$sendinfomail = $this->getBoolParam('sendinfomail', true, 0);\n\t\t\t// get needed customer info to reduce the mysql-usage-counter by one\n\t\t\t$customer = $this->getCustomerData('mysqls');\n\t\t\t$dbserver = $this->getParam('mysql_server', true, $this->getDefaultMySqlServer($customer));\n\n\t\t\t// validation\n\t\t\t$password = Validate::validate($password, 'password', '', '', [], true);\n\t\t\t$password = Crypt::validatePassword($password, true);\n\t\t\t$databasedescription = Validate::validate(trim($databasedescription), 'description', Validate::REGEX_DESC_TEXT, '', [], true);\n\t\t\tif (!empty($databasename)) {\n\t\t\t\t$databasename = Validate::validate(trim($databasename), 'database_name', '/^[A-Za-z0-9][A-Za-z0-9\\-_]+$/i', '', [], true);\n\t\t\t}\n\n\t\t\t// validate whether the dbserver exists\n\t\t\t$dbserver = Validate::validate($dbserver, html_entity_decode(lng('mysql.mysql_server')), '/^[0-9]+$/', '', 0, true);\n\t\t\t// enforce per-customer allowed_mysqlserver allowlist\n\t\t\tif (!$this->isAdmin()) {\n\t\t\t\t$allowed = json_decode($customer['allowed_mysqlserver'] ?? '[]', true);\n\t\t\t\tif (!is_array($allowed) || empty($allowed)\n\t\t\t\t\t|| !in_array((int)$dbserver, array_map('intval', $allowed), true)) {\n\t\t\t\t\tthrow new Exception('You cannot access this resource', 405);\n\t\t\t\t}\n\t\t\t}\n\t\t\tDatabase::needRoot(true, $dbserver, false);\n\t\t\tDatabase::needSqlData();\n\t\t\t$sql_root = Database::getSqlData();\n\t\t\tDatabase::needRoot(false);\n\t\t\tif (!is_array($sql_root)) {\n\t\t\t\tthrow new Exception(\"Database server with index #\" . $dbserver . \" is unknown\", 404);\n\t\t\t}\n\n\t\t\tif ($sendinfomail != 1) {\n\t\t\t\t$sendinfomail = 0;\n\t\t\t}\n\n\t\t\t$newdb_params = [\n\t\t\t\t'loginname' => ($this->isAdmin() ? $customer['loginname'] : $this->getUserDetail('loginname')),\n\t\t\t\t'mysql_lastaccountnumber' => ($this->isAdmin() ? $customer['mysql_lastaccountnumber'] : $this->getUserDetail('mysql_lastaccountnumber'))\n\t\t\t];\n\t\t\t// create database, user, set permissions, etc.pp.\n\t\t\t$dbm = new DbManager($this->logger());\n\n\t\t\tif (strtoupper(Settings::Get('customer.mysqlprefix')) == 'DBNAME' && !empty($databasename)) {\n\t\t\t\tif (strlen($newdb_params['loginname'] . '_' . $databasename) > Database::getSqlUsernameLength()) {\n\t\t\t\t\tthrow new Exception(\"Database name cannot be longer than \" . (Database::getSqlUsernameLength() - strlen($newdb_params['loginname'] . '_')) . \" characters.\", 406);\n\t\t\t\t}\n\t\t\t\t$username = $dbm->createDatabase($newdb_params['loginname'] . '_' . $databasename, $password, $dbserver, 0, $newdb_params['loginname']);\n\t\t\t} else {\n\t\t\t\t$username = $dbm->createDatabase($newdb_params['loginname'], $password, $dbserver, $newdb_params['mysql_lastaccountnumber'], $newdb_params['loginname']);\n\t\t\t}\n\n\t\t\t// we've checked against the password in dbm->createDatabase\n\t\t\tif ($username == false) {\n\t\t\t\tResponse::standardError('passwordshouldnotbeusername', '', true);\n\t\t\t}\n\n\t\t\t// add database info to froxlor\n\t\t\t$stmt = Database::prepare(\"\n\t\t\t\tINSERT INTO `\" . TABLE_PANEL_DATABASES . \"`\n\t\t\t\tSET\n\t\t\t\t`customerid` = :customerid,\n\t\t\t\t`databasename` = :databasename,\n\t\t\t\t`description` = :description,\n\t\t\t\t`dbserver` = :dbserver\n\t\t\t\");\n\t\t\t$params = [\n\t\t\t\t\"customerid\" => $customer['customerid'],\n\t\t\t\t\"databasename\" => $username,\n\t\t\t\t\"description\" => $databasedescription,\n\t\t\t\t\"dbserver\" => $dbserver\n\t\t\t];\n\t\t\tDatabase::pexecute($stmt, $params, true, true);\n\t\t\t$databaseid = Database::lastInsertId();\n\t\t\t$params['id'] = $databaseid;\n\n\t\t\t// update customer usage\n\t\t\tCustomers::increaseUsage($customer['customerid'], 'mysqls_used');\n\t\t\tCustomers::increaseUsage($customer['customerid'], 'mysql_lastaccountnumber');\n\n\t\t\t// send info-mail?\n\t\t\tif ($sendinfomail == 1) {\n\t\t\t\t$pma = lng('admin.notgiven');\n\t\t\t\tif (Settings::Get('panel.phpmyadmin_url') != '') {\n\t\t\t\t\t$pma = Settings::Get('panel.phpmyadmin_url');\n\t\t\t\t}\n\n\t\t\t\tDatabase::needRoot(true, $dbserver, false);\n\t\t\t\tDatabase::needSqlData();\n\t\t\t\t$sql_root = Database::getSqlData();\n\t\t\t\tDatabase::needRoot(false);\n\t\t\t\t$userinfo = $customer;\n\n\t\t\t\t$replace_arr = [\n\t\t\t\t\t'SALUTATION' => User::getCorrectUserSalutation($userinfo),\n\t\t\t\t\t'CUST_NAME' => User::getCorrectUserSalutation($userinfo), // < keep this for compatibility\n\t\t\t\t\t'NAME' => $userinfo['name'],\n\t\t\t\t\t'FIRSTNAME' => $userinfo['firstname'],\n\t\t\t\t\t'COMPANY' => $userinfo['company'],\n\t\t\t\t\t'USERNAME' => $userinfo['loginname'],\n\t\t\t\t\t'CUSTOMER_NO' => $userinfo['customernumber'],\n\t\t\t\t\t'DB_NAME' => $username,\n\t\t\t\t\t'DB_PASS' => htmlentities(htmlentities($password)),\n\t\t\t\t\t'DB_DESC' => $databasedescription,\n\t\t\t\t\t'DB_SRV' => $sql_root['host'],\n\t\t\t\t\t'PMA_URI' => $pma\n\t\t\t\t];\n\n\t\t\t\t// get template for mail subject\n\t\t\t\t$mail_subject = $this->getMailTemplate($userinfo, 'mails', 'new_database_by_customer_subject', $replace_arr, lng('mails.new_database_by_customer.subject'));\n\t\t\t\t// get template for mail body\n\t\t\t\t$mail_body = $this->getMailTemplate($userinfo, 'mails', 'new_database_by_customer_mailbody', $replace_arr, lng('mails.new_database_by_customer.mailbody'));\n\n\t\t\t\t$_mailerror = false;\n\t\t\t\t$mailerr_msg = \"\";\n\t\t\t\ttry {\n\t\t\t\t\t$this->mailer()->Subject = $mail_subject;\n\t\t\t\t\t$this->mailer()->AltBody = $mail_body;\n\t\t\t\t\t$this->mailer()->Body = str_replace(\"\\n\", \"
\", $mail_body);\n\t\t\t\t\t$this->mailer()->addAddress($userinfo['email'], User::getCorrectUserSalutation($userinfo));\n\t\t\t\t\t$this->mailer()->send();\n\t\t\t\t} catch (\\PHPMailer\\PHPMailer\\Exception $e) {\n\t\t\t\t\t$mailerr_msg = $e->errorMessage();\n\t\t\t\t\t$_mailerror = true;\n\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\t$mailerr_msg = $e->getMessage();\n\t\t\t\t\t$_mailerror = true;\n\t\t\t\t}\n\n\t\t\t\tif ($_mailerror) {\n\t\t\t\t\t$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_ERR, \"[API] Error sending mail: \" . $mailerr_msg);\n\t\t\t\t\tResponse::standardError('errorsendingmail', $userinfo['email'], true);\n\t\t\t\t}\n\n\t\t\t\t$this->mailer()->clearAddresses();\n\t\t\t}\n\t\t\t$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, \"[API] added mysql-database '\" . $username . \"'\");\n\n\t\t\t$result = $this->apiCall('Mysqls.get', [\n\t\t\t\t'dbname' => $username,\n\t\t\t\t'mysql_server' => $dbserver\n\t\t\t]);\n\t\t\treturn $this->response($result);\n\t\t}\n\t\tthrow new Exception(\"No more resources available\", 406);\n\t}\n\n\t/**\n\t * return a mysql database entry by either id or dbname\n\t *\n\t * @param int $id\n\t * optional, the database-id\n\t * @param string $dbname\n\t * optional, the databasename\n\t * @param int $mysql_server\n\t * optional, specify database-server, default is none\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function get()\n\t{\n\t\t$id = $this->getParam('id', true, 0);\n\t\t$dn_optional = $id > 0;\n\t\t$dbname = $this->getParam('dbname', $dn_optional, '');\n\t\t$dbserver = $this->getParam('mysql_server', true, -1);\n\n\t\tif ($dbserver != -1) {\n\t\t\t$dbserver = Validate::validate($dbserver, html_entity_decode(lng('mysql.mysql_server')), '/^[0-9]+$/', '', 0, true);\n\t\t}\n\n\t\tif ($this->isAdmin()) {\n\t\t\tif ($this->getUserDetail('customers_see_all') != 1) {\n\t\t\t\t// if it's a reseller or an admin who cannot see all customers, we need to check\n\t\t\t\t// whether the database belongs to one of his customers\n\t\t\t\t$_custom_list_result = $this->apiCall('Customers.listing');\n\t\t\t\t$custom_list_result = $_custom_list_result['list'];\n\t\t\t\t$customer_ids = [];\n\t\t\t\tforeach ($custom_list_result as $customer) {\n\t\t\t\t\t$customer_ids[] = $customer['customerid'];\n\t\t\t\t}\n\t\t\t\tif (count($customer_ids) > 0) {\n\t\t\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\t\t\tSELECT * FROM `\" . TABLE_PANEL_DATABASES . \"`\n\t\t\t\t\t\tWHERE \" . ($id > 0 ? \"`id` = :iddn\" : \"`databasename` = :iddn\") . ($dbserver >= 0 ? \" AND `dbserver` = :dbserver\" : \"\") . \" AND `customerid` IN (\" . implode(\", \", $customer_ids) . \")\n\t\t\t\t\t\");\n\t\t\t\t\t$params = [\n\t\t\t\t\t\t'iddn' => ($id <= 0 ? $dbname : $id)\n\t\t\t\t\t];\n\t\t\t\t\tif ($dbserver >= 0) {\n\t\t\t\t\t\t$params['dbserver'] = $dbserver;\n\t\t\t\t\t}\n\t\t\t\t} else {\n\t\t\t\t\tthrow new Exception(\"You do not have any customers yet\", 406);\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\t\tSELECT * FROM `\" . TABLE_PANEL_DATABASES . \"`\n\t\t\t\t\tWHERE \" . ($id > 0 ? \"`id` = :iddn\" : \"`databasename` = :iddn\") . ($dbserver >= 0 ? \" AND `dbserver` = :dbserver\" : \"\"));\n\t\t\t\t$params = [\n\t\t\t\t\t'iddn' => ($id <= 0 ? $dbname : $id)\n\t\t\t\t];\n\t\t\t\tif ($dbserver >= 0) {\n\t\t\t\t\t$params['dbserver'] = $dbserver;\n\t\t\t\t}\n\t\t\t}\n\t\t} else {\n\t\t\tif (Settings::IsInList('panel.customer_hide_options', 'mysql')) {\n\t\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t\t}\n\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\tSELECT * FROM `\" . TABLE_PANEL_DATABASES . \"`\n\t\t\t\tWHERE `customerid`= :customerid AND \" . ($id > 0 ? \"`id` = :iddn\" : \"`databasename` = :iddn\") . ($dbserver >= 0 ? \" AND `dbserver` = :dbserver\" : \"\"));\n\t\t\t$params = [\n\t\t\t\t'customerid' => $this->getUserDetail('customerid'),\n\t\t\t\t'iddn' => ($id <= 0 ? $dbname : $id)\n\t\t\t];\n\t\t\tif ($dbserver >= 0) {\n\t\t\t\t$params['dbserver'] = $dbserver;\n\t\t\t}\n\t\t}\n\t\t$result = Database::pexecute_first($result_stmt, $params, true, true);\n\t\tif ($result) {\n\t\t\tDatabase::needRoot(true, $result['dbserver'], false);\n\t\t\t$mbdata_stmt = Database::prepare(\"\n\t\t\t\tSELECT SUM(data_length + index_length) as MB FROM information_schema.TABLES\n\t\t\t\tWHERE table_schema = :table_schema\n\t\t\t\tGROUP BY table_schema\n\t\t\t\");\n\t\t\tDatabase::pexecute($mbdata_stmt, [\n\t\t\t\t\"table_schema\" => $result['databasename']\n\t\t\t], true, true);\n\t\t\t$mbdata = $mbdata_stmt->fetch(PDO::FETCH_ASSOC);\n\t\t\tDatabase::needRoot(false);\n\t\t\t$result['size'] = $mbdata['MB'] ?? 0;\n\t\t\t$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO, \"[API] get database '\" . $result['databasename'] . \"'\");\n\t\t\treturn $this->response($result);\n\t\t}\n\t\t$key = ($id > 0 ? \"id #\" . $id : \"dbname '\" . $dbname . \"'\");\n\t\tthrow new Exception(\"MySQL database with \" . $key . \" could not be found\", 404);\n\t}\n\n\t/**\n\t * update a mysql database entry by either id or dbname\n\t *\n\t * @param int $id\n\t * optional, the database-id\n\t * @param string $dbname\n\t * optional, the databasename\n\t * @param int $mysql_server\n\t * optional, specify database-server, default is none\n\t * @param string $mysql_password\n\t * optional, update password for the database\n\t * @param string $description\n\t * optional, description for database\n\t * @param int $customerid\n\t * optional, required when called as admin (if $loginname is not specified)\n\t * @param string $loginname\n\t * optional, required when called as admin (if $customerid is not specified)\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function update()\n\t{\n\t\t$id = $this->getParam('id', true, 0);\n\t\t$dn_optional = $id > 0;\n\t\t$dbname = $this->getParam('dbname', $dn_optional, '');\n\t\t$dbserver = $this->getParam('mysql_server', true, -1);\n\t\t$customer = $this->getCustomerData();\n\n\t\tif ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'mysql')) {\n\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t}\n\n\t\t$result = $this->apiCall('Mysqls.get', [\n\t\t\t'id' => $id,\n\t\t\t'dbname' => $dbname,\n\t\t\t'mysql_server' => $dbserver\n\t\t]);\n\t\t$id = $result['id'];\n\n\t\t// parameters\n\t\t$password = $this->getParam('mysql_password', true, '');\n\t\t$databasedescription = $this->getParam('description', true, $result['description']);\n\n\t\t// validation\n\t\t$password = Validate::validate($password, 'password', '', '', [], true);\n\t\t$databasedescription = Validate::validate(trim($databasedescription), 'description', Validate::REGEX_DESC_TEXT, '', [], true);\n\n\t\tif ($password != '') {\n\t\t\t// validate password\n\t\t\t$password = Crypt::validatePassword($password, true);\n\n\t\t\tif ($password == $result['databasename']) {\n\t\t\t\tResponse::standardError('passwordshouldnotbeusername', '', true);\n\t\t\t}\n\n\t\t\t// Begin root-session\n\t\t\tDatabase::needRoot(true, $result['dbserver'], false);\n\t\t\t$dbmgr = new DbManager($this->logger());\n\t\t\tforeach (array_map('trim', explode(',', Settings::Get('system.mysql_access_host'))) as $mysql_access_host) {\n\t\t\t\t$dbmgr->getManager()->grantPrivilegesTo($result['databasename'], $password, $mysql_access_host, false, true);\n\t\t\t}\n\n\t\t\t$stmt = Database::prepare(\"FLUSH PRIVILEGES\");\n\t\t\tDatabase::pexecute($stmt, null, true, true);\n\t\t\tDatabase::needRoot(false);\n\t\t\t// End root-session\n\t\t}\n\t\t$stmt = Database::prepare(\"\n\t\t\tUPDATE `\" . TABLE_PANEL_DATABASES . \"`\n\t\t\tSET `description` = :desc\n\t\t\tWHERE `customerid` = :customerid\n\t\t\tAND `id` = :id\n\t\t\");\n\t\t$params = [\n\t\t\t\"desc\" => $databasedescription,\n\t\t\t\"customerid\" => $customer['customerid'],\n\t\t\t\"id\" => $id\n\t\t];\n\t\tDatabase::pexecute($stmt, $params, true, true);\n\n\t\t$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, \"[API] updated mysql-database '\" . $result['databasename'] . \"'\");\n\t\t$result = $this->apiCall('Mysqls.get', [\n\t\t\t'dbname' => $result['databasename']\n\t\t]);\n\t\treturn $this->response($result);\n\t}\n\n\t/**\n\t * list all databases, if called from an admin, list all databases of all customers you are allowed to view, or\n\t * specify id or loginname for one specific customer\n\t *\n\t * @param int $mysql_server\n\t * optional, specify dbserver to select from, else use all available\n\t * @param int $customerid\n\t * optional, admin-only, select dbs of a specific customer by id\n\t * @param string $loginname\n\t * optional, admin-only, select dbs of a specific customer by loginname\n\t * @param array $sql_search\n\t * optional array with index = fieldname, and value = array with 'op' => operator (one of <, > or =),\n\t * LIKE is used if left empty and 'value' => searchvalue\n\t * @param int $sql_limit\n\t * optional specify number of results to be returned\n\t * @param int $sql_offset\n\t * optional specify offset for resultset\n\t * @param array $sql_orderby\n\t * optional array with index = fieldname and value = ASC|DESC to order the resultset by one or more\n\t * fields\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded array count|list\n\t * @throws Exception\n\t */\n\tpublic function listing()\n\t{\n\t\t$result = [];\n\t\t$dbserver = $this->getParam('mysql_server', true, -1);\n\t\t$customer_ids = $this->getAllowedCustomerIds('mysql');\n\t\t$query_fields = [];\n\t\t$result_stmt = Database::prepare(\"\n\t\t\tSELECT * FROM `\" . TABLE_PANEL_DATABASES . \"`\n\t\t\tWHERE `customerid`= :customerid AND `dbserver` = :dbserver\" . $this->getSearchWhere($query_fields, true) . $this->getOrderBy() . $this->getLimit());\n\t\tif ($dbserver < 0) {\n\t\t\t// use all dbservers\n\t\t\t$dbservers_stmt = Database::query(\"SELECT DISTINCT `dbserver` FROM `\" . TABLE_PANEL_DATABASES . \"`\");\n\t\t\t$dbservers = $dbservers_stmt->fetchAll(PDO::FETCH_ASSOC);\n\t\t} else {\n\t\t\t// use specific dbserver\n\t\t\t$dbservers = [\n\t\t\t\t[\n\t\t\t\t\t'dbserver' => $dbserver\n\t\t\t\t]\n\t\t\t];\n\t\t}\n\n\t\tforeach ($customer_ids as $customer_id) {\n\t\t\tforeach ($dbservers as $_dbserver) {\n\t\t\t\tDatabase::pexecute($result_stmt, array_merge([\n\t\t\t\t\t'customerid' => $customer_id,\n\t\t\t\t\t'dbserver' => $_dbserver['dbserver']\n\t\t\t\t], $query_fields), true, true);\n\t\t\t\t// Begin root-session\n\t\t\t\tDatabase::needRoot(true, $_dbserver['dbserver'], false);\n\t\t\t\twhile ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t\t$mbdata_stmt = Database::prepare(\"\n\t\t\t\t\t\tSELECT SUM(data_length + index_length) as MB FROM information_schema.TABLES\n\t\t\t\t\t\tWHERE table_schema = :table_schema\n\t\t\t\t\t\tGROUP BY table_schema\n\t\t\t\t\t\");\n\t\t\t\t\tDatabase::pexecute($mbdata_stmt, [\n\t\t\t\t\t\t\"table_schema\" => $row['databasename']\n\t\t\t\t\t], true, true);\n\t\t\t\t\t$mbdata = $mbdata_stmt->fetch(PDO::FETCH_ASSOC);\n\t\t\t\t\t$row['size'] = $mbdata['MB'] ?? 0;\n\t\t\t\t\t$result[] = $row;\n\t\t\t\t}\n\t\t\t\tDatabase::needRoot(false);\n\t\t\t}\n\t\t}\n\t\treturn $this->response([\n\t\t\t'count' => count($result),\n\t\t\t'list' => $result\n\t\t]);\n\t}\n\n\t/**\n\t * returns the total number of accessible databases\n\t *\n\t * @param int $customerid\n\t * optional, admin-only, select dbs of a specific customer by id\n\t * @param string $loginname\n\t * optional, admin-only, select dbs of a specific customer by loginname\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded response message\n\t * @throws Exception\n\t */\n\tpublic function listingCount()\n\t{\n\t\t$customer_ids = $this->getAllowedCustomerIds('mysql');\n\t\t$query_fields = [];\n\t\t$result_stmt = Database::prepare(\"\n\t\t\tSELECT COUNT(*) as num_dbs FROM `\" . TABLE_PANEL_DATABASES . \"`\n\t\t\tWHERE `customerid` IN (\" . implode(\", \", $customer_ids) . \")\n\t\t\" . $this->getSearchWhere($query_fields, true));\n\t\t$result = Database::pexecute_first($result_stmt, $query_fields, true, true);\n\t\tif ($result) {\n\t\t\treturn $this->response($result['num_dbs']);\n\t\t}\n\t\treturn $this->response(0);\n\t}\n\n\t/**\n\t * delete a mysql database by either id or dbname\n\t *\n\t * @param int $id\n\t * optional, the database-id\n\t * @param string $dbname\n\t * optional, the databasename\n\t * @param int $mysql_server\n\t * optional, specify database-server, default is none\n\t * @param int $customerid\n\t * optional, required when called as admin (if $loginname is not specified)\n\t * @param string $loginname\n\t * optional, required when called as admin (if $customerid is not specified)\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function delete()\n\t{\n\t\t$id = $this->getParam('id', true, 0);\n\t\t$dn_optional = $id > 0;\n\t\t$dbname = $this->getParam('dbname', $dn_optional, '');\n\t\t$dbserver = $this->getParam('mysql_server', true, -1);\n\t\t$customer = $this->getCustomerData();\n\n\t\tif ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'mysql')) {\n\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t}\n\n\t\t$result = $this->apiCall('Mysqls.get', [\n\t\t\t'id' => $id,\n\t\t\t'dbname' => $dbname,\n\t\t\t'mysql_server' => $dbserver\n\t\t]);\n\t\t$id = $result['id'];\n\n\t\t// Begin root-session\n\t\tDatabase::needRoot(true, $result['dbserver'], false);\n\t\t$dbm = new DbManager($this->logger());\n\t\t$dbm->getManager()->deleteDatabase($result['databasename'], $customer['loginname']);\n\t\tDatabase::needRoot(false);\n\t\t// End root-session\n\n\t\t// delete from table\n\t\t$stmt = Database::prepare(\"DELETE FROM `\" . TABLE_PANEL_DATABASES . \"` WHERE `id` = :id\");\n\t\tDatabase::pexecute($stmt, [\n\t\t\t\"id\" => $id\n\t\t], true, true);\n\n\t\t// get needed customer info to reduce the mysql-usage-counter by one\n\t\t$mysql_used = $customer['mysqls_used'];\n\n\t\t// reduce mysql-usage-counter\n\t\t$resetaccnumber = ($mysql_used == '1') ? \" , `mysql_lastaccountnumber` = '0' \" : '';\n\t\tCustomers::decreaseUsage($customer['customerid'], 'mysqls_used', $resetaccnumber);\n\n\t\t$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_WARNING, \"[API] deleted database '\" . $result['databasename'] . \"'\");\n\t\treturn $this->response($result);\n\t}\n\n\tprivate function getDefaultMySqlServer(array $customer) {\n\t\t$allowed_mysqlservers = json_decode($customer['allowed_mysqlserver'] ?? '[]', true);\n\t\tasort($allowed_mysqlservers, SORT_NUMERIC);\n\t\tif (count($allowed_mysqlservers) == 1 && $allowed_mysqlservers[0] != 0) {\n\t\t\treturn (int) $allowed_mysqlservers[0];\n\t\t}\n\t\treturn (int) array_shift($allowed_mysqlservers);\n\t}\n}\n" }, { "path": "lib/Froxlor/Api/Commands/PhpSettings.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Api\\Commands;\n\nuse Exception;\nuse Froxlor\\Api\\ApiCommand;\nuse Froxlor\\Api\\ResourceEntity;\nuse Froxlor\\Cron\\TaskId;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\FileDir;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\Settings;\nuse Froxlor\\System\\Cronjob;\nuse Froxlor\\UI\\Response;\nuse Froxlor\\Validate\\Validate;\nuse PDO;\n\n/**\n * @since 0.10.0\n */\nclass PhpSettings extends ApiCommand implements ResourceEntity\n{\n\n\t/**\n\t * lists all php-setting entries\n\t *\n\t * @param bool $with_subdomains\n\t * optional, also include subdomains to the list domains that use the config, default 0 (false)\n\t * @param array $sql_search\n\t * optional array with index = fieldname, and value = array with 'op' => operator (one of <, > or =),\n\t * LIKE is used if left empty and 'value' => searchvalue\n\t * @param int $sql_limit\n\t * optional specify number of results to be returned\n\t * @param int $sql_offset\n\t * optional specify offset for resultset\n\t * @param array $sql_orderby\n\t * optional array with index = fieldname and value = ASC|DESC to order the resultset by one or more\n\t * fields\n\t *\n\t * @access admin\n\t * @return string json-encoded array count|list\n\t * @throws Exception\n\t */\n\tpublic function listing()\n\t{\n\t\tif ($this->isAdmin()) {\n\t\t\t$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, \"[API] list php-configs\");\n\n\t\t\t$with_subdomains = $this->getBoolParam('with_subdomains', true, false);\n\t\t\t$query_fields = [];\n\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\tSELECT c.*, fd.description as fpmdesc\n\t\t\t\tFROM `\" . TABLE_PANEL_PHPCONFIGS . \"` c\n\t\t\t\tLEFT JOIN `\" . TABLE_PANEL_FPMDAEMONS . \"` fd ON fd.id = c.fpmsettingid\" . $this->getSearchWhere($query_fields) . $this->getOrderBy() . $this->getLimit());\n\t\t\tDatabase::pexecute($result_stmt, $query_fields, true, true);\n\t\t\t$phpconfigs = [];\n\t\t\twhile ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t$query_params = [\n\t\t\t\t\t'id' => $row['id']\n\t\t\t\t];\n\n\t\t\t\t$query = \"SELECT * FROM `\" . TABLE_PANEL_DOMAINS . \"`\n\t\t\t\t\tWHERE `phpsettingid` = :id AND `email_only` = '0' AND `phpenabled` = '1'\";\n\n\t\t\t\tif (!$with_subdomains) {\n\t\t\t\t\t$query .= \" AND `parentdomainid` = '0'\";\n\t\t\t\t}\n\n\t\t\t\tif ((int)$this->getUserDetail('customers_see_all') == 0) {\n\t\t\t\t\t$query .= \" AND `adminid` = :adminid\";\n\t\t\t\t\t$query_params['adminid'] = $this->getUserDetail('adminid');\n\t\t\t\t}\n\n\t\t\t\tif ((int)Settings::Get('panel.phpconfigs_hidestdsubdomain') == 1) {\n\t\t\t\t\t$ssdids_res = Database::query(\"\n\t\t\t\t\tSELECT DISTINCT `standardsubdomain` FROM `\" . TABLE_PANEL_CUSTOMERS . \"`\n\t\t\t\t\tWHERE `standardsubdomain` > 0 ORDER BY `standardsubdomain` ASC;\");\n\t\t\t\t\t$ssdids = [];\n\t\t\t\t\twhile ($ssd = $ssdids_res->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t\t\t$ssdids[] = $ssd['standardsubdomain'];\n\t\t\t\t\t}\n\t\t\t\t\tif (count($ssdids) > 0) {\n\t\t\t\t\t\t$query .= \" AND `id` NOT IN (\" . implode(', ', $ssdids) . \")\";\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\t$domains = [];\n\t\t\t\t$subdomains = [];\n\t\t\t\t$domainresult_stmt = Database::prepare($query);\n\t\t\t\tDatabase::pexecute($domainresult_stmt, $query_params, true, true);\n\n\t\t\t\tif (Database::num_rows() > 0) {\n\t\t\t\t\twhile ($row2 = $domainresult_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t\t\tif ($row2['parentdomainid'] != 0) {\n\t\t\t\t\t\t\t$subdomains[] = $row2['domain'];\n\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t$domains[] = $row2['domain'];\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\t// check whether we use that config as froxor-vhost config\n\t\t\t\tif ((Settings::Get('system.mod_fcgid') == '1' && Settings::Get('system.mod_fcgid_defaultini_ownvhost') == $row['id']) || (Settings::Get('phpfpm.enabled') == '1' && Settings::Get('phpfpm.vhost_defaultini') == $row['id'])) {\n\t\t\t\t\t$domains[] = Settings::Get('system.hostname');\n\t\t\t\t}\n\n\t\t\t\t// check whether this is our default config\n\t\t\t\tif ((Settings::Get('system.mod_fcgid') == '1' && Settings::Get('system.mod_fcgid_defaultini') == $row['id']) || (Settings::Get('phpfpm.enabled') == '1' && Settings::Get('phpfpm.defaultini') == $row['id'])) {\n\t\t\t\t\t$row['is_default'] = true;\n\t\t\t\t}\n\n\t\t\t\t$row['domains'] = $domains;\n\t\t\t\t$row['subdomains'] = $subdomains;\n\t\t\t\t$phpconfigs[] = $row;\n\t\t\t}\n\n\t\t\treturn $this->response([\n\t\t\t\t'count' => count($phpconfigs),\n\t\t\t\t'list' => $phpconfigs\n\t\t\t]);\n\t\t}\n\t\tthrow new Exception(\"Not allowed to execute given command.\", 403);\n\t}\n\n\t/**\n\t * return a php-setting entry by id\n\t *\n\t * @param int $id\n\t * php-settings-id\n\t *\n\t * @access admin\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function get()\n\t{\n\t\tif ($this->isAdmin()) {\n\t\t\t$id = $this->getParam('id');\n\n\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\tSELECT * FROM `\" . TABLE_PANEL_PHPCONFIGS . \"` WHERE `id` = :id\n\t\t\t\");\n\t\t\t$result = Database::pexecute_first($result_stmt, [\n\t\t\t\t'id' => $id\n\t\t\t], true, true);\n\t\t\tif ($result) {\n\t\t\t\treturn $this->response($result);\n\t\t\t}\n\t\t\tthrow new Exception(\"php-config with id #\" . $id . \" could not be found\", 404);\n\t\t}\n\t\tthrow new Exception(\"Not allowed to execute given command.\", 403);\n\t}\n\n\t/**\n\t * returns the total number of accessible php-setting entries\n\t *\n\t * @access admin\n\t * @return string json-encoded response message\n\t * @throws Exception\n\t */\n\tpublic function listingCount()\n\t{\n\t\tif ($this->isAdmin()) {\n\t\t\t$query_fields = [];\n\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\tSELECT COUNT(*) as num_phps\n\t\t\t\tFROM `\" . TABLE_PANEL_PHPCONFIGS . \"` c\n\t\t\t\tLEFT JOIN `\" . TABLE_PANEL_FPMDAEMONS . \"` fd ON fd.id = c.fpmsettingid\" .\n\t\t\t\t$this->getSearchWhere($query_fields));\n\t\t\t$result = Database::pexecute_first($result_stmt, $query_fields, true, true);\n\t\t\tif ($result) {\n\t\t\t\treturn $this->response($result['num_phps']);\n\t\t\t}\n\t\t\treturn $this->response(0);\n\t\t}\n\t\tthrow new Exception(\"Not allowed to execute given command.\", 403);\n\t}\n\n\t/**\n\t * add new php-settings entry\n\t *\n\t * @param string $description\n\t * description of the php-config\n\t * @param string $phpsettings\n\t * the actual ini-settings\n\t * @param string $binary\n\t * optional the binary to php-cgi if FCGID is used\n\t * @param string $file_extensions\n\t * optional allowed php-file-extensions if FCGID is used, default is 'php'\n\t * @param int $mod_fcgid_starter\n\t * optional number of fcgid-starters if FCGID is used, default is -1\n\t * @param int $mod_fcgid_maxrequests\n\t * optional number of fcgid-maxrequests if FCGID is used, default is -1\n\t * @param string $mod_fcgid_umask\n\t * optional umask if FCGID is used, default is '022'\n\t * @param int $fpmconfig\n\t * optional id of the fpm-daemon-config if FPM is used\n\t * @param bool $phpfpm_enable_slowlog\n\t * optional whether to write a slowlog or not if FPM is used, default is 0 (false)\n\t * @param string $phpfpm_reqtermtimeout\n\t * optional request terminate timeout if FPM is used, default is '60s'\n\t * @param string $phpfpm_reqslowtimeout\n\t * optional request slowlog timeout if FPM is used, default is '5s'\n\t * @param bool $pass_authorizationheader\n\t * optional whether to pass authorization header to webserver if FPM/FCGID is used, default is 0 (false)\n\t * @param bool $override_fpmconfig\n\t * optional whether to override fpm-daemon-config value for the following settings if FPM is used,\n\t * default is 0 (false)\n\t * @param string $pm\n\t * optional process-manager to use if FPM is used (allowed values are 'static', 'dynamic' and\n\t * 'ondemand'), default is fpm-daemon-value\n\t * @param int $max_children\n\t * optional number of max children if FPM is used, default is the fpm-daemon-value\n\t * @param int $start_server\n\t * optional number of servers to start if FPM is used, default is fpm-daemon-value\n\t * @param int $min_spare_servers\n\t * optional number of minimum spare servers if FPM is used, default is fpm-daemon-value\n\t * @param int $max_spare_servers\n\t * optional number of maximum spare servers if FPM is used, default is fpm-daemon-value\n\t * @param int $max_requests\n\t * optional number of maximum requests if FPM is used, default is fpm-daemon-value\n\t * @param int $idle_timeout\n\t * optional number of seconds for idle-timeout if FPM is used, default is fpm-daemon-value\n\t * @param string $limit_extensions\n\t * optional limitation of php-file-extensions if FPM is used, default is fpm-daemon-value\n\t * @param bool $allow_all_customers\n\t * optional add this configuration to the list of every existing customer's allowed-fpm-config list,\n\t * default is false (no)\n\t *\n\t * @access admin\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function add()\n\t{\n\t\tif ($this->isAdmin() && $this->getUserDetail('change_serversettings') == 1) {\n\t\t\t// required parameter\n\t\t\t$description = $this->getParam('description');\n\t\t\t$phpsettings = $this->getParam('phpsettings');\n\n\t\t\tif (Settings::Get('system.mod_fcgid') == 1) {\n\t\t\t\t$binary = $this->getParam('binary');\n\t\t\t\t$fpm_config_id = 1;\n\t\t\t} elseif (Settings::Get('phpfpm.enabled') == 1) {\n\t\t\t\t$fpm_config_id = intval($this->getParam('fpmconfig'));\n\t\t\t} else {\n\t\t\t\t$fpm_config_id = 1;\n\t\t\t}\n\n\t\t\t// parameters\n\t\t\t$file_extensions = $this->getParam('file_extensions', true, 'php');\n\t\t\t$mod_fcgid_starter = $this->getParam('mod_fcgid_starter', true, -1);\n\t\t\t$mod_fcgid_maxrequests = $this->getParam('mod_fcgid_maxrequests', true, -1);\n\t\t\t$mod_fcgid_umask = $this->getParam('mod_fcgid_umask', true, \"022\");\n\t\t\t$fpm_enableslowlog = $this->getBoolParam('phpfpm_enable_slowlog', true, 0);\n\t\t\t$fpm_reqtermtimeout = $this->getParam('phpfpm_reqtermtimeout', true, \"60s\");\n\t\t\t$fpm_reqslowtimeout = $this->getParam('phpfpm_reqslowtimeout', true, \"5s\");\n\t\t\t$pass_authorizationheader = $this->getBoolParam('pass_authorizationheader', true, 0);\n\n\t\t\t$override_fpmconfig = $this->getBoolParam('override_fpmconfig', true, 0);\n\t\t\t$def_fpmconfig = $this->apiCall('FpmDaemons.get', [\n\t\t\t\t'id' => $fpm_config_id\n\t\t\t]);\n\t\t\t$pmanager = $this->getParam('pm', true, $def_fpmconfig['pm']);\n\t\t\t$max_children = $this->getParam('max_children', true, $def_fpmconfig['max_children']);\n\t\t\t$start_servers = $this->getParam('start_servers', true, $def_fpmconfig['start_servers']);\n\t\t\t$min_spare_servers = $this->getParam('min_spare_servers', true, $def_fpmconfig['min_spare_servers']);\n\t\t\t$max_spare_servers = $this->getParam('max_spare_servers', true, $def_fpmconfig['max_spare_servers']);\n\t\t\t$max_requests = $this->getParam('max_requests', true, $def_fpmconfig['max_requests']);\n\t\t\t$idle_timeout = $this->getParam('idle_timeout', true, $def_fpmconfig['idle_timeout']);\n\t\t\t$limit_extensions = $this->getParam('limit_extensions', true, $def_fpmconfig['limit_extensions']);\n\t\t\t$allow_all_customers = $this->getBoolParam('allow_all_customers', true, 0);\n\n\t\t\t// validation\n\t\t\t$description = Validate::validate($description, 'description', Validate::REGEX_DESC_TEXT, '', [], true);\n\t\t\t$phpsettings = Validate::validate(str_replace(\"\\r\\n\", \"\\n\", $phpsettings), 'phpsettings', '/^[^\\0]*$/', '', [], true);\n\t\t\tif (Settings::Get('system.mod_fcgid') == 1) {\n\t\t\t\t$binary = FileDir::makeCorrectFile(Validate::validate($binary, 'binary', '', '', [], true));\n\t\t\t\t$file_extensions = Validate::validate($file_extensions, 'file_extensions', '/^[a-zA-Z0-9\\s]*$/', '', [], true);\n\t\t\t\t$mod_fcgid_starter = Validate::validate($mod_fcgid_starter, 'mod_fcgid_starter', '/^[0-9]*$/', '', [\n\t\t\t\t\t'-1',\n\t\t\t\t\t''\n\t\t\t\t], true);\n\t\t\t\t$mod_fcgid_maxrequests = Validate::validate($mod_fcgid_maxrequests, 'mod_fcgid_maxrequests', '/^[0-9]*$/', '', [\n\t\t\t\t\t'-1',\n\t\t\t\t\t''\n\t\t\t\t], true);\n\t\t\t\t$mod_fcgid_umask = Validate::validate($mod_fcgid_umask, 'mod_fcgid_umask', '/^[0-9]*$/', '', [], true);\n\t\t\t\t// disable fpm stuff\n\t\t\t\t$fpm_config_id = 1;\n\t\t\t\t$fpm_enableslowlog = 0;\n\t\t\t\t$fpm_reqtermtimeout = 0;\n\t\t\t\t$fpm_reqslowtimeout = 0;\n\t\t\t\t$override_fpmconfig = 0;\n\t\t\t} elseif (Settings::Get('phpfpm.enabled') == 1) {\n\t\t\t\t$fpm_reqtermtimeout = Validate::validate($fpm_reqtermtimeout, 'phpfpm_reqtermtimeout', '/^([0-9]+)(|s|m|h|d)$/', '', [], true);\n\t\t\t\t$fpm_reqslowtimeout = Validate::validate($fpm_reqslowtimeout, 'phpfpm_reqslowtimeout', '/^([0-9]+)(|s|m|h|d)$/', '', [], true);\n\t\t\t\tif (!in_array($pmanager, [\n\t\t\t\t\t'static',\n\t\t\t\t\t'dynamic',\n\t\t\t\t\t'ondemand'\n\t\t\t\t])) {\n\t\t\t\t\tthrow new Exception(\"Unknown process manager\", 406);\n\t\t\t\t}\n\t\t\t\tif (empty($limit_extensions)) {\n\t\t\t\t\t$limit_extensions = '.php';\n\t\t\t\t}\n\t\t\t\t$limit_extensions = Validate::validate($limit_extensions, 'limit_extensions', '/^(\\.[a-z]([a-z0-9]+)\\ ?)+$/', '', [], true);\n\n\t\t\t\t// disable fcgid stuff\n\t\t\t\t$binary = '/usr/bin/php-cgi';\n\t\t\t\t$file_extensions = 'php';\n\t\t\t\t$mod_fcgid_starter = 0;\n\t\t\t\t$mod_fcgid_maxrequests = 0;\n\t\t\t\t$mod_fcgid_umask = \"022\";\n\t\t\t}\n\n\t\t\tif (strlen($description) == 0 || strlen($description) > 50) {\n\t\t\t\tResponse::standardError('descriptioninvalid', '', true);\n\t\t\t}\n\n\t\t\t$ins_stmt = Database::prepare(\"\n\t\t\t\tINSERT INTO `\" . TABLE_PANEL_PHPCONFIGS . \"` SET\n\t\t\t\t`description` = :desc,\n\t\t\t\t`binary` = :binary,\n\t\t\t\t`file_extensions` = :fext,\n\t\t\t\t`mod_fcgid_starter` = :starter,\n\t\t\t\t`mod_fcgid_maxrequests` = :mreq,\n\t\t\t\t`mod_fcgid_umask` = :umask,\n\t\t\t\t`fpm_slowlog` = :fpmslow,\n\t\t\t\t`fpm_reqterm` = :fpmreqterm,\n\t\t\t\t`fpm_reqslow` = :fpmreqslow,\n\t\t\t\t`phpsettings` = :phpsettings,\n\t\t\t\t`fpmsettingid` = :fpmsettingid,\n\t\t\t\t`pass_authorizationheader` = :fpmpassauth,\n\t\t\t\t`override_fpmconfig` = :ofc,\n\t\t\t\t`pm` = :pm,\n\t\t\t\t`max_children` = :max_children,\n\t\t\t\t`start_servers` = :start_servers,\n\t\t\t\t`min_spare_servers` = :min_spare_servers,\n\t\t\t\t`max_spare_servers` = :max_spare_servers,\n\t\t\t\t`max_requests` = :max_requests,\n\t\t\t\t`idle_timeout` = :idle_timeout,\n\t\t\t\t`limit_extensions` = :limit_extensions\n\t\t\t\");\n\t\t\t$ins_data = [\n\t\t\t\t'desc' => $description,\n\t\t\t\t'binary' => $binary,\n\t\t\t\t'fext' => $file_extensions,\n\t\t\t\t'starter' => $mod_fcgid_starter,\n\t\t\t\t'mreq' => $mod_fcgid_maxrequests,\n\t\t\t\t'umask' => $mod_fcgid_umask,\n\t\t\t\t'fpmslow' => $fpm_enableslowlog,\n\t\t\t\t'fpmreqterm' => $fpm_reqtermtimeout,\n\t\t\t\t'fpmreqslow' => $fpm_reqslowtimeout,\n\t\t\t\t'phpsettings' => $phpsettings,\n\t\t\t\t'fpmsettingid' => $fpm_config_id,\n\t\t\t\t'fpmpassauth' => $pass_authorizationheader,\n\t\t\t\t'ofc' => $override_fpmconfig,\n\t\t\t\t'pm' => $pmanager,\n\t\t\t\t'max_children' => $max_children,\n\t\t\t\t'start_servers' => $start_servers,\n\t\t\t\t'min_spare_servers' => $min_spare_servers,\n\t\t\t\t'max_spare_servers' => $max_spare_servers,\n\t\t\t\t'max_requests' => $max_requests,\n\t\t\t\t'idle_timeout' => $idle_timeout,\n\t\t\t\t'limit_extensions' => $limit_extensions\n\t\t\t];\n\t\t\tDatabase::pexecute($ins_stmt, $ins_data, true, true);\n\t\t\t$ins_data['id'] = Database::lastInsertId();\n\n\t\t\tCronjob::inserttask(TaskId::REBUILD_VHOST);\n\t\t\t$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, \"[API] php setting with description '\" . $description . \"' has been created by '\" . $this->getUserDetail('loginname') . \"'\");\n\n\t\t\t$result = $this->apiCall('PhpSettings.get', [\n\t\t\t\t'id' => $ins_data['id']\n\t\t\t]);\n\n\t\t\t$this->addForAllCustomers($allow_all_customers, $ins_data['id']);\n\t\t\treturn $this->response($result);\n\t\t}\n\t\tthrow new Exception(\"Not allowed to execute given command.\", 403);\n\t}\n\n\t/**\n\t * add given php-config id to the list of allowed php-config to all currently existing customers\n\t * if allow_all_customers parameter is true in PhpSettings::add() or PhpSettings::update()\n\t *\n\t * @param bool $allow_all_customers\n\t * @param int $config_id\n\t */\n\tprivate function addForAllCustomers(bool $allow_all_customers, int $config_id)\n\t{\n\t\t// should this config be added to the allowed list of all existing customers?\n\t\tif ($allow_all_customers) {\n\t\t\t$sel_stmt = Database::prepare(\"SELECT customerid, allowed_phpconfigs FROM `\" . TABLE_PANEL_CUSTOMERS . \"`\");\n\t\t\t$upd_stmt = Database::prepare(\"UPDATE `\" . TABLE_PANEL_CUSTOMERS . \"` SET allowed_phpconfigs = :ap WHERE customerid = :cid\");\n\t\t\tDatabase::pexecute($sel_stmt);\n\t\t\twhile ($cust = $sel_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t// get existing entries of customer\n\t\t\t\t$ap = json_decode($cust['allowed_phpconfigs'], true);\n\t\t\t\t// initialize array if it's empty\n\t\t\t\tif (empty($ap)) {\n\t\t\t\t\t$ap = [];\n\t\t\t\t}\n\t\t\t\t// add this config\n\t\t\t\t$ap[] = $config_id;\n\t\t\t\t// check for duplicates and force value-type to be int\n\t\t\t\t$ap = array_map('intval', array_unique($ap));\n\t\t\t\t// update customer-entry\n\t\t\t\tDatabase::pexecute($upd_stmt, [\n\t\t\t\t\t'ap' => json_encode($ap),\n\t\t\t\t\t'cid' => $cust['customerid']\n\t\t\t\t]);\n\t\t\t}\n\t\t}\n\t}\n\n\t/**\n\t * update a php-setting entry by given id\n\t *\n\t * @param int $id\n\t * @param string $description\n\t * description of the php-config\n\t * @param string $phpsettings\n\t * the actual ini-settings\n\t * @param string $binary\n\t * optional the binary to php-cgi if FCGID is used\n\t * @param string $file_extensions\n\t * optional allowed php-file-extensions if FCGID is used, default is 'php'\n\t * @param int $mod_fcgid_starter\n\t * optional number of fcgid-starters if FCGID is used, default is -1\n\t * @param int $mod_fcgid_maxrequests\n\t * optional number of fcgid-maxrequests if FCGID is used, default is -1\n\t * @param string $mod_fcgid_umask\n\t * optional umask if FCGID is used, default is '022'\n\t * @param int $fpmconfig\n\t * optional id of the fpm-daemon-config if FPM is used\n\t * @param bool $phpfpm_enable_slowlog\n\t * optional whether to write a slowlog or not if FPM is used, default is 0 (false)\n\t * @param string $phpfpm_reqtermtimeout\n\t * optional request terminate timeout if FPM is used, default is '60s'\n\t * @param string $phpfpm_reqslowtimeout\n\t * optional request slowlog timeout if FPM is used, default is '5s'\n\t * @param bool $pass_authorizationheader\n\t * optional whether to pass authorization header to webserver if FPM is used, default is 0 (false)\n\t * @param bool $override_fpmconfig\n\t * optional whether to override fpm-daemon-config value for the following settings if FPM is used,\n\t * default is 0 (false)\n\t * @param string $pm\n\t * optional process-manager to use if FPM is used (allowed values are 'static', 'dynamic' and\n\t * 'ondemand'), default is fpm-daemon-value\n\t * @param int $max_children\n\t * optional number of max children if FPM is used, default is the fpm-daemon-value\n\t * @param int $start_server\n\t * optional number of servers to start if FPM is used, default is fpm-daemon-value\n\t * @param int $min_spare_servers\n\t * optional number of minimum spare servers if FPM is used, default is fpm-daemon-value\n\t * @param int $max_spare_servers\n\t * optional number of maximum spare servers if FPM is used, default is fpm-daemon-value\n\t * @param int $max_requests\n\t * optional number of maximum requests if FPM is used, default is fpm-daemon-value\n\t * @param int $idle_timeout\n\t * optional number of seconds for idle-timeout if FPM is used, default is fpm-daemon-value\n\t * @param string $limit_extensions\n\t * optional limitation of php-file-extensions if FPM is used, default is fpm-daemon-value\n\t * @param bool $allow_all_customers\n\t * optional add this configuration to the list of every existing customer's allowed-fpm-config list,\n\t * default is false (no)\n\t *\n\t * @access admin\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function update()\n\t{\n\t\tif ($this->isAdmin() && $this->getUserDetail('change_serversettings') == 1) {\n\t\t\t// required parameter\n\t\t\t$id = $this->getParam('id');\n\n\t\t\t$result = $this->apiCall('PhpSettings.get', [\n\t\t\t\t'id' => $id\n\t\t\t]);\n\n\t\t\t// parameters\n\t\t\t$description = $this->getParam('description', true, $result['description']);\n\t\t\t$phpsettings = $this->getParam('phpsettings', true, $result['phpsettings']);\n\t\t\t$binary = $this->getParam('binary', true, $result['binary']);\n\t\t\t$fpm_config_id = intval($this->getParam('fpmconfig', true, $result['fpmsettingid']));\n\t\t\t$file_extensions = $this->getParam('file_extensions', true, $result['file_extensions']);\n\t\t\t$mod_fcgid_starter = $this->getParam('mod_fcgid_starter', true, $result['mod_fcgid_starter']);\n\t\t\t$mod_fcgid_maxrequests = $this->getParam('mod_fcgid_maxrequests', true, $result['mod_fcgid_maxrequests']);\n\t\t\t$mod_fcgid_umask = $this->getParam('mod_fcgid_umask', true, $result['mod_fcgid_umask']);\n\t\t\t$fpm_enableslowlog = $this->getBoolParam('phpfpm_enable_slowlog', true, $result['fpm_slowlog']);\n\t\t\t$fpm_reqtermtimeout = $this->getParam('phpfpm_reqtermtimeout', true, $result['fpm_reqterm']);\n\t\t\t$fpm_reqslowtimeout = $this->getParam('phpfpm_reqslowtimeout', true, $result['fpm_reqslow']);\n\t\t\t$pass_authorizationheader = $this->getBoolParam('pass_authorizationheader', true, $result['pass_authorizationheader']);\n\t\t\t$override_fpmconfig = $this->getBoolParam('override_fpmconfig', true, $result['override_fpmconfig']);\n\t\t\t$pmanager = $this->getParam('pm', true, $result['pm']);\n\t\t\t$max_children = $this->getParam('max_children', true, $result['max_children']);\n\t\t\t$start_servers = $this->getParam('start_servers', true, $result['start_servers']);\n\t\t\t$min_spare_servers = $this->getParam('min_spare_servers', true, $result['min_spare_servers']);\n\t\t\t$max_spare_servers = $this->getParam('max_spare_servers', true, $result['max_spare_servers']);\n\t\t\t$max_requests = $this->getParam('max_requests', true, $result['max_requests']);\n\t\t\t$idle_timeout = $this->getParam('idle_timeout', true, $result['idle_timeout']);\n\t\t\t$limit_extensions = $this->getParam('limit_extensions', true, $result['limit_extensions']);\n\t\t\t$allow_all_customers = $this->getBoolParam('allow_all_customers', true, 0);\n\n\t\t\t// validation\n\t\t\t$description = Validate::validate($description, 'description', Validate::REGEX_DESC_TEXT, '', [], true);\n\t\t\t$phpsettings = Validate::validate(str_replace(\"\\r\\n\", \"\\n\", $phpsettings), 'phpsettings', '/^[^\\0]*$/', '', [], true);\n\t\t\tif (Settings::Get('system.mod_fcgid') == 1) {\n\t\t\t\t$binary = FileDir::makeCorrectFile(Validate::validate($binary, 'binary', '', '', [], true));\n\t\t\t\t$file_extensions = Validate::validate($file_extensions, 'file_extensions', '/^[a-zA-Z0-9\\s]*$/', '', [], true);\n\t\t\t\t$mod_fcgid_starter = Validate::validate($mod_fcgid_starter, 'mod_fcgid_starter', '/^[0-9]*$/', '', [\n\t\t\t\t\t'-1',\n\t\t\t\t\t''\n\t\t\t\t], true);\n\t\t\t\t$mod_fcgid_maxrequests = Validate::validate($mod_fcgid_maxrequests, 'mod_fcgid_maxrequests', '/^[0-9]*$/', '', [\n\t\t\t\t\t'-1',\n\t\t\t\t\t''\n\t\t\t\t], true);\n\t\t\t\t$mod_fcgid_umask = Validate::validate($mod_fcgid_umask, 'mod_fcgid_umask', '/^[0-9]*$/', '', [], true);\n\t\t\t\t// disable fpm stuff\n\t\t\t\t$fpm_config_id = 1;\n\t\t\t\t$fpm_enableslowlog = 0;\n\t\t\t\t$fpm_reqtermtimeout = 0;\n\t\t\t\t$fpm_reqslowtimeout = 0;\n\t\t\t\t$override_fpmconfig = 0;\n\t\t\t} elseif (Settings::Get('phpfpm.enabled') == 1) {\n\t\t\t\t$fpm_reqtermtimeout = Validate::validate($fpm_reqtermtimeout, 'phpfpm_reqtermtimeout', '/^([0-9]+)(|s|m|h|d)$/', '', [], true);\n\t\t\t\t$fpm_reqslowtimeout = Validate::validate($fpm_reqslowtimeout, 'phpfpm_reqslowtimeout', '/^([0-9]+)(|s|m|h|d)$/', '', [], true);\n\t\t\t\tif (!in_array($pmanager, [\n\t\t\t\t\t'static',\n\t\t\t\t\t'dynamic',\n\t\t\t\t\t'ondemand'\n\t\t\t\t])) {\n\t\t\t\t\tthrow new Exception(\"Unknown process manager\", 406);\n\t\t\t\t}\n\t\t\t\tif (empty($limit_extensions)) {\n\t\t\t\t\t$limit_extensions = '.php';\n\t\t\t\t}\n\t\t\t\t$limit_extensions = Validate::validate($limit_extensions, 'limit_extensions', '/^(\\.[a-z]([a-z0-9]+)\\ ?)+$/', '', [], true);\n\n\t\t\t\t// disable fcgid stuff\n\t\t\t\t$binary = '/usr/bin/php-cgi';\n\t\t\t\t$file_extensions = 'php';\n\t\t\t\t$mod_fcgid_starter = 0;\n\t\t\t\t$mod_fcgid_maxrequests = 0;\n\t\t\t\t$mod_fcgid_umask = \"022\";\n\t\t\t}\n\n\t\t\tif (strlen($description) == 0 || strlen($description) > 50) {\n\t\t\t\tResponse::standardError('descriptioninvalid', '', true);\n\t\t\t}\n\n\t\t\t$upd_stmt = Database::prepare(\"\n\t\t\t\tUPDATE `\" . TABLE_PANEL_PHPCONFIGS . \"` SET\n\t\t\t\t`description` = :desc,\n\t\t\t\t`binary` = :binary,\n\t\t\t\t`file_extensions` = :fext,\n\t\t\t\t`mod_fcgid_starter` = :starter,\n\t\t\t\t`mod_fcgid_maxrequests` = :mreq,\n\t\t\t\t`mod_fcgid_umask` = :umask,\n\t\t\t\t`fpm_slowlog` = :fpmslow,\n\t\t\t\t`fpm_reqterm` = :fpmreqterm,\n\t\t\t\t`fpm_reqslow` = :fpmreqslow,\n\t\t\t\t`phpsettings` = :phpsettings,\n\t\t\t\t`fpmsettingid` = :fpmsettingid,\n\t\t\t\t`pass_authorizationheader` = :fpmpassauth,\n\t\t\t\t`override_fpmconfig` = :ofc,\n\t\t\t\t`pm` = :pm,\n\t\t\t\t`max_children` = :max_children,\n\t\t\t\t`start_servers` = :start_servers,\n\t\t\t\t`min_spare_servers` = :min_spare_servers,\n\t\t\t\t`max_spare_servers` = :max_spare_servers,\n\t\t\t\t`max_requests` = :max_requests,\n\t\t\t\t`idle_timeout` = :idle_timeout,\n\t\t\t\t`limit_extensions` = :limit_extensions\n\t\t\t\tWHERE `id` = :id\n\t\t\t\");\n\t\t\t$upd_data = [\n\t\t\t\t'desc' => $description,\n\t\t\t\t'binary' => $binary,\n\t\t\t\t'fext' => $file_extensions,\n\t\t\t\t'starter' => $mod_fcgid_starter,\n\t\t\t\t'mreq' => $mod_fcgid_maxrequests,\n\t\t\t\t'umask' => $mod_fcgid_umask,\n\t\t\t\t'fpmslow' => $fpm_enableslowlog,\n\t\t\t\t'fpmreqterm' => $fpm_reqtermtimeout,\n\t\t\t\t'fpmreqslow' => $fpm_reqslowtimeout,\n\t\t\t\t'phpsettings' => $phpsettings,\n\t\t\t\t'fpmsettingid' => $fpm_config_id,\n\t\t\t\t'fpmpassauth' => $pass_authorizationheader,\n\t\t\t\t'ofc' => $override_fpmconfig,\n\t\t\t\t'pm' => $pmanager,\n\t\t\t\t'max_children' => $max_children,\n\t\t\t\t'start_servers' => $start_servers,\n\t\t\t\t'min_spare_servers' => $min_spare_servers,\n\t\t\t\t'max_spare_servers' => $max_spare_servers,\n\t\t\t\t'max_requests' => $max_requests,\n\t\t\t\t'idle_timeout' => $idle_timeout,\n\t\t\t\t'limit_extensions' => $limit_extensions,\n\t\t\t\t'id' => $id\n\t\t\t];\n\t\t\tDatabase::pexecute($upd_stmt, $upd_data, true, true);\n\n\t\t\tCronjob::inserttask(TaskId::REBUILD_VHOST);\n\t\t\t$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, \"[API] php setting with description '\" . $description . \"' has been updated by '\" . $this->getUserDetail('loginname') . \"'\");\n\n\t\t\t$result = $this->apiCall('PhpSettings.get', [\n\t\t\t\t'id' => $id\n\t\t\t]);\n\n\t\t\t$this->addForAllCustomers($allow_all_customers, $id);\n\t\t\treturn $this->response($result);\n\t\t}\n\t\tthrow new Exception(\"Not allowed to execute given command.\", 403);\n\t}\n\n\t/**\n\t * delete a php-setting entry by id\n\t *\n\t * @param int $id\n\t * php-settings-id\n\t *\n\t * @access admin\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function delete()\n\t{\n\t\tif ($this->isAdmin() && $this->getUserDetail('change_serversettings') == 1) {\n\t\t\t$id = $this->getParam('id');\n\n\t\t\t$result = $this->apiCall('PhpSettings.get', [\n\t\t\t\t'id' => $id\n\t\t\t]);\n\n\t\t\tif ((Settings::Get('system.mod_fcgid') == '1' && Settings::Get('system.mod_fcgid_defaultini_ownvhost') == $id) || (Settings::Get('phpfpm.enabled') == '1' && Settings::Get('phpfpm.vhost_defaultini') == $id)) {\n\t\t\t\tResponse::standardError('cannotdeletehostnamephpconfig', '', true);\n\t\t\t}\n\n\t\t\tif ((Settings::Get('system.mod_fcgid') == '1' && Settings::Get('system.mod_fcgid_defaultini') == $id) || (Settings::Get('phpfpm.enabled') == '1' && Settings::Get('phpfpm.defaultini') == $id)) {\n\t\t\t\tResponse::standardError('cannotdeletedefaultphpconfig', '', true);\n\t\t\t}\n\n\t\t\t// set php-config to default for all domains using the\n\t\t\t// config that is to be deleted\n\t\t\t$upd_stmt = Database::prepare(\"\n\t\t\t\tUPDATE `\" . TABLE_PANEL_DOMAINS . \"` SET\n\t\t\t\t`phpsettingid` = '1' WHERE `phpsettingid` = :id\n\t\t\t\");\n\t\t\tDatabase::pexecute($upd_stmt, [\n\t\t\t\t'id' => $id\n\t\t\t], true, true);\n\n\t\t\t$del_stmt = Database::prepare(\"\n\t\t\t\tDELETE FROM `\" . TABLE_PANEL_PHPCONFIGS . \"` WHERE `id` = :id\n\t\t\t\");\n\t\t\tDatabase::pexecute($del_stmt, [\n\t\t\t\t'id' => $id\n\t\t\t], true, true);\n\n\t\t\tCronjob::inserttask(TaskId::REBUILD_VHOST);\n\t\t\t$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_WARNING, \"[API] php setting '\" . $result['description'] . \"' has been deleted by '\" . $this->getUserDetail('loginname') . \"'\");\n\t\t\treturn $this->response($result);\n\t\t}\n\t\tthrow new Exception(\"Not allowed to execute given command.\", 403);\n\t}\n}\n" }, { "path": "lib/Froxlor/Api/Commands/SshKeys.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Api\\Commands;\n\nuse Exception;\nuse Froxlor\\Api\\ApiCommand;\nuse Froxlor\\Api\\ResourceEntity;\nuse Froxlor\\Cron\\TaskId;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\Settings;\nuse Froxlor\\System\\Cronjob;\nuse Froxlor\\Validate\\Validate;\nuse phpseclib3\\Crypt\\PublicKeyLoader;\n\n/**\n * @since 2.3.0\n */\nclass SshKeys extends ApiCommand implements ResourceEntity\n{\n\n\t/**\n\t * add a new ssh-key\n\t *\n\t * @param int $id\n\t * optional id of ftp-user to add the ssh-key for, required if `ftpuser` is empty\n\t * @param string $ftpuser\n\t * optional loginname of ftp-user to add the ssh-key for, required if `id` is empty\n\t * @param int $customerid\n\t * optional, required when called as admin (if $loginname is not specified)\n\t * @param string $loginname\n\t * optional, required when called as admin (if $customerid is not specified)\n\t * @param string $ssh_pubkey\n\t * ssh public key to add for the given user\n\t * @param string $description\n\t * optional, description for ssh-key\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function add()\n\t{\n\t\tif ($this->isAdmin() == false &&\n\t\t\t(Settings::IsInList('panel.customer_hide_options', 'ftp')\n\t\t\t\t|| intval(Settings::Get('system.allow_customer_shell')) == 0\n\t\t\t\t|| intval($this->getUserDetail('shell_allowed')) == 0)\n\t\t) {\n\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t}\n\n\t\t// get needed customer info\n\t\t$customer = $this->getCustomerData();\n\n\t\t$id = $this->getParam('id', true, 0);\n\t\t$ea_optional = $id > 0;\n\t\t$ftpuser = $this->getParam('ftpuser', $ea_optional);\n\n\t\t// get ftp user\n\t\t$ftp_user = $this->apiCall('Ftps.get', [\n\t\t\t'id' => $id,\n\t\t\t'username' => $ftpuser\n\t\t]);\n\t\t$id = $ftp_user['id'];\n\n\t\t// parameters\n\t\t$ssh_pubkey = $this->getParam('ssh_pubkey');\n\t\t$description = $this->getParam('description', true, '');\n\n\t\t// validation\n\t\tif ($customer['customerid'] != $ftp_user['customerid']) {\n\t\t\tthrow new Exception(\"ftp user not found\", 404);\n\t\t}\n\t\tif (!$this->isValidSshPublicKey($ssh_pubkey)) {\n\t\t\tthrow new Exception(\"Given SSH-key does not seem to be a valid public key\", 406);\n\t\t}\n\t\t$key = PublicKeyLoader::loadPublicKey(trim($ssh_pubkey));\n\t\tif (empty($description)) {\n\t\t\t$description = $key->getComment() ?? '';\n\t\t}\n\t\t$description = Validate::validate(trim($description), 'description', Validate::REGEX_DESC_TEXT, '', [], true);\n\n\t\t// check for existing ssh-key for given user\n\t\t$check_stmt = Database::prepare(\"\n\t\t\tSELECT `ssh_pubkey`\n\t\t\tFROM `\" . TABLE_PANEL_USER_SSHKEYS . \"`\n\t\t\tWHERE `ftp_user_id` = :fuid\n\t\t\");\n\t\tDatabase::pexecute($check_stmt, ['fuid' => $id]);\n\t\twhile ($row = $check_stmt->fetch(\\PDO::FETCH_ASSOC)) {\n\t\t\t$rowkey = PublicKeyLoader::loadPublicKey($row['ssh_pubkey']);\n\t\t\tif ($rowkey->getFingerprint('sha256') == $key->getFingerprint('sha256')) {\n\t\t\t\tthrow new Exception(\"This SSH-key already exists for the given user\", 406);\n\t\t\t}\n\t\t}\n\n\t\t// insert data\n\t\t$stmt = Database::prepare(\"\n\t\t\tINSERT INTO `\" . TABLE_PANEL_USER_SSHKEYS . \"` SET\n\t\t\t`customerid` = :cid,\n\t\t\t`ftp_user_id` = :fid,\n\t\t\t`ssh_pubkey` = :sshpub,\n\t\t\t`description` = :desc\n\t\t\");\n\t\t$params = [\n\t\t\t\"cid\" => $customer['customerid'],\n\t\t\t\"fid\" => $id,\n\t\t\t\"sshpub\" => trim($ssh_pubkey),\n\t\t\t\"desc\" => $description\n\t\t];\n\t\tDatabase::pexecute($stmt, $params, true, true);\n\t\t$sshkeyid = Database::lastInsertId();\n\n\t\t$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, \"[API] added ssh key for '\" . $ftp_user['username'] . \"'\");\n\t\t$result = $this->apiCall('SshKeys.get', [\n\t\t\t'id' => $sshkeyid\n\t\t]);\n\n\t\tif (Settings::Get('system.nssextrausers') == 1) {\n\t\t\t// this is used so that the libnss-extrausers cron is fired\n\t\t\tCronjob::inserttask(TaskId::REBUILD_NSSUSERS);\n\t\t}\n\n\t\treturn $this->response($result);\n\t}\n\n\t/**\n\t * return a ssh-key entry by id\n\t *\n\t * @param int $id\n\t * the ssh-key id\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function get()\n\t{\n\t\t$id = $this->getParam('id');\n\n\t\t$params = [];\n\t\tif ($this->isAdmin()) {\n\t\t\tif ($this->getUserDetail('customers_see_all') == false) {\n\t\t\t\t// if it's a reseller or an admin who cannot see all customers, we need to check\n\t\t\t\t// whether the database belongs to one of his customers\n\t\t\t\t$_custom_list_result = $this->apiCall('Customers.listing');\n\t\t\t\t$custom_list_result = $_custom_list_result['list'];\n\t\t\t\t$customer_ids = [];\n\t\t\t\tforeach ($custom_list_result as $customer) {\n\t\t\t\t\t$customer_ids[] = $customer['customerid'];\n\t\t\t\t}\n\t\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\t\tSELECT s.*, f.username\n\t\t\t\t\tFROM `\" . TABLE_PANEL_USER_SSHKEYS . \"` s\n\t\t\t\t\tLEFT JOIN `\" . TABLE_FTP_USERS . \"` f ON f.id = s.ftp_user_id\n\t\t\t\t\tWHERE s.`customerid` IN (\" . implode(\", \", $customer_ids) . \")\n\t\t\t\t\tAND s.`id` = :id\n\t\t\t\t\");\n\t\t\t} else {\n\t\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\t\tSELECT s.*, f.username\n\t\t\t\t\tFROM `\" . TABLE_PANEL_USER_SSHKEYS . \"` s\n\t\t\t\t\tLEFT JOIN `\" . TABLE_FTP_USERS . \"` f ON f.id = s.ftp_user_id\n\t\t\t\t\tWHERE s.`id` = :id\n\t\t\t\t\");\n\t\t\t}\n\t\t} else {\n\t\t\tif (Settings::IsInList('panel.customer_hide_options', 'ftp')\n\t\t\t\t|| intval(Settings::Get('system.allow_customer_shell')) == 0\n\t\t\t\t|| intval($this->getUserDetail('shell_allowed')) == 0) {\n\t\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t\t}\n\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\tSELECT s.*, f.username\n\t\t\t\tFROM `\" . TABLE_PANEL_USER_SSHKEYS . \"` s\n\t\t\t\tLEFT JOIN `\" . TABLE_FTP_USERS . \"` f ON f.id = s.ftp_user_id\n\t\t\t\tWHERE s.`customerid` = :customerid\n\t\t\t\tAND s.`id` = :id\n\t\t\t\");\n\t\t\t$params['customerid'] = $this->getUserDetail('customerid');\n\t\t}\n\t\t$params['id'] = $id;\n\t\t$result = Database::pexecute_first($result_stmt, $params, true, true);\n\t\tif ($result) {\n\t\t\t$key = PublicKeyLoader::loadPublicKey($result['ssh_pubkey']);\n\t\t\t$result['fingerprint'] = 'SHA256:' . $key->getFingerprint('sha256');\n\t\t\t$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO, \"[API] get ssh-key for ftp-user '\" . $result['ftp_user_id'] . \"'\");\n\t\t\treturn $this->response($result);\n\t\t}\n\t\t$key = \"id #\" . $id;\n\t\tthrow new Exception(\"FTP user with \" . $key . \" could not be found\", 404);\n\t}\n\n\t/**\n\t * update a given ftp-user by id or username\n\t *\n\t * @param int $id\n\t * the ssh-key id\n\t * @param string $description\n\t * optional, description for ssh-key\n\t * @param int $customerid\n\t * optional, required when called as admin (if $loginname is not specified)\n\t * @param string $loginname\n\t * optional, required when called as admin (if $customerid is not specified)\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function update()\n\t{\n\t\tif ($this->isAdmin() == false &&\n\t\t\t(Settings::IsInList('panel.customer_hide_options', 'ftp')\n\t\t\t\t|| intval(Settings::Get('system.allow_customer_shell')) == 0\n\t\t\t\t|| intval($this->getUserDetail('shell_allowed')) == 0)\n\t\t) {\n\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t}\n\n\t\t$id = $this->getParam('id');\n\n\t\t$result = $this->apiCall('SshKeys.get', [\n\t\t\t'id' => $id\n\t\t]);\n\t\t$id = $result['id'];\n\n\t\t// parameters\n\t\t$description = $this->getParam('description', true, $result['description']);\n\n\t\t// validation\n\t\t$description = Validate::validate(trim($description), 'description', Validate::REGEX_DESC_TEXT, '', [], true);\n\n\t\t// get needed customer info\n\t\t$customer = $this->getCustomerData();\n\n\t\t$stmt = Database::prepare(\"\n\t\t\tUPDATE `\" . TABLE_PANEL_USER_SSHKEYS . \"`\n\t\t\tSET `description` = :desc\n\t\t\tWHERE `customerid` = :customerid\n\t\t\tAND `id` = :id\n\t\t\");\n\t\tDatabase::pexecute($stmt, [\n\t\t\t\"desc\" => $description,\n\t\t\t\"customerid\" => $customer['customerid'],\n\t\t\t\"id\" => $id\n\t\t], true, true);\n\n\t\t$result = $this->apiCall('SshKeys.get', [\n\t\t\t'id' => $result['id']\n\t\t]);\n\t\t$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, \"[API] updated ssh-key '\" . $result['id'] . \"'\");\n\n\t\tif (Settings::Get('system.nssextrausers') == 1) {\n\t\t\t// this is used so that the libnss-extrausers cron is fired\n\t\t\tCronjob::inserttask(TaskId::REBUILD_NSSUSERS);\n\t\t}\n\n\t\treturn $this->response($result);\n\t}\n\n\t/**\n\t * list all ssh-keys, if called from an admin, list all ssh-keys of all customers you are allowed to view, or\n\t * specify id or loginname for one specific customer\n\t *\n\t * @param int $customerid\n\t * optional, admin-only, select ftp-users of a specific customer by id\n\t * @param string $loginname\n\t * optional, admin-only, select ftp-users of a specific customer by loginname\n\t * @param array $sql_search\n\t * optional array with index = fieldname, and value = array with 'op' => operator (one of <, > or =),\n\t * LIKE is used if left empty and 'value' => searchvalue\n\t * @param int $sql_limit\n\t * optional specify number of results to be returned\n\t * @param int $sql_offset\n\t * optional specify offset for resultset\n\t * @param array $sql_orderby\n\t * optional array with index = fieldname and value = ASC|DESC to order the resultset by one or more\n\t * fields\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded array count|list\n\t * @throws Exception\n\t */\n\tpublic function listing()\n\t{\n\t\tif ($this->isAdmin() == false &&\n\t\t\t(Settings::IsInList('panel.customer_hide_options', 'ftp')\n\t\t\t\t|| intval(Settings::Get('system.allow_customer_shell')) == 0\n\t\t\t\t|| intval($this->getUserDetail('shell_allowed')) == 0)\n\t\t) {\n\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t}\n\n\t\t$customer_ids = $this->getAllowedCustomerIds('ftp');\n\t\t$result = [];\n\t\t$query_fields = [];\n\t\t$result_stmt = Database::prepare(\"\n\t\t\tSELECT s.*, f.username\n\t\t\tFROM `\" . TABLE_PANEL_USER_SSHKEYS . \"` s\n\t\t\tLEFT JOIN `\" . TABLE_FTP_USERS . \"` f ON f.id = s.ftp_user_id\n\t\t\tWHERE s.`customerid` IN (\" . implode(\", \", $customer_ids) . \")\" . $this->getSearchWhere($query_fields, true) . $this->getOrderBy() . $this->getLimit());\n\t\tDatabase::pexecute($result_stmt, $query_fields, true, true);\n\t\twhile ($row = $result_stmt->fetch(\\PDO::FETCH_ASSOC)) {\n\t\t\t$key = PublicKeyLoader::loadPublicKey($row['ssh_pubkey']);\n\t\t\t$row['fingerprint'] = 'SHA256:' . $key->getFingerprint('sha256');\n\t\t\t$result[] = $row;\n\t\t}\n\t\t$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO, \"[API] list ssh-keys\");\n\t\treturn $this->response([\n\t\t\t'count' => count($result),\n\t\t\t'list' => $result\n\t\t]);\n\t}\n\n\t/**\n\t * returns the total number of accessible ssh keys\n\t *\n\t * @param int $customerid\n\t * optional, admin-only, select ftp-users of a specific customer by id\n\t * @param string $loginname\n\t * optional, admin-only, select ftp-users of a specific customer by loginname\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded response message\n\t * @throws Exception\n\t */\n\tpublic function listingCount()\n\t{\n\t\tif ($this->isAdmin() == false &&\n\t\t\t(Settings::IsInList('panel.customer_hide_options', 'ftp')\n\t\t\t\t|| intval(Settings::Get('system.allow_customer_shell')) == 0\n\t\t\t\t|| intval($this->getUserDetail('shell_allowed')) == 0)\n\t\t) {\n\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t}\n\n\t\t$customer_ids = $this->getAllowedCustomerIds('ftp');\n\t\t$result = [];\n\t\t$query_fields = [];\n\t\t$result_stmt = Database::prepare(\"\n\t\t\tSELECT COUNT(*) as num_sshkeys FROM `\" . TABLE_PANEL_USER_SSHKEYS . \"`\n\t\t\tWHERE `customerid` IN (\" . implode(\", \", $customer_ids) . \")\n\t\t\" . $this->getSearchWhere($query_fields, true));\n\t\t$result = Database::pexecute_first($result_stmt, $query_fields, true, true);\n\t\tif ($result) {\n\t\t\treturn $this->response($result['num_sshkeys']);\n\t\t}\n\t\treturn $this->response(0);\n\t}\n\n\t/**\n\t * delete a ftp-user by either id or username\n\t *\n\t * @param int $id\n\t * the ssh-key id\n\t * @param int $customerid\n\t * optional, required when called as admin (if $loginname is not specified)\n\t * @param string $loginname\n\t * optional, required when called as admin (if $customerid is not specified)\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function delete()\n\t{\n\t\t$id = $this->getParam('id');\n\n\t\tif ($this->isAdmin() == false &&\n\t\t\t(Settings::IsInList('panel.customer_hide_options', 'ftp')\n\t\t\t\t|| intval(Settings::Get('system.allow_customer_shell')) == 0\n\t\t\t\t|| intval($this->getUserDetail('shell_allowed')) == 0)\n\t\t) {\n\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t}\n\n\t\t// get ssh-key\n\t\t$result = $this->apiCall('SshKeys.get', [\n\t\t\t'id' => $id\n\t\t]);\n\t\t$id = $result['id'];\n\n\t\t$customer = $this->getCustomerData();\n\n\t\t// remove entry\n\t\t$stmt = Database::prepare(\"\n\t\t\tDELETE FROM `\" . TABLE_PANEL_USER_SSHKEYS . \"` WHERE `customerid` = :customerid AND `id` = :id\n\t\t\");\n\t\tDatabase::pexecute($stmt, [\n\t\t\t\"customerid\" => $customer['customerid'],\n\t\t\t\"id\" => $id\n\t\t], true, true);\n\n\t\t$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_WARNING, \"[API] deleted ssh-key '\" . $result['id'] . \"'\");\n\n\t\tif (Settings::Get('system.nssextrausers') == 1) {\n\t\t\t// this is used so that the libnss-extrausers cron is fired\n\t\t\tCronjob::inserttask(TaskId::REBUILD_NSSUSERS);\n\t\t}\n\n\t\treturn $this->response($result);\n\t}\n\n\tprivate function isValidSshPublicKey(string $key): bool\n\t{\n\t\ttry {\n\t\t\t$loaded = PublicKeyLoader::loadPublicKey($key);\n\t\t\treturn $loaded !== null;\n\t\t} catch (\\Exception $e) {\n\t\t\treturn false;\n\t\t}\n\t}\n}\n" }, { "path": "lib/Froxlor/Api/Commands/SubDomains.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Api\\Commands;\n\nuse Exception;\nuse Froxlor\\Api\\ApiCommand;\nuse Froxlor\\Api\\ResourceEntity;\nuse Froxlor\\Cron\\TaskId;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\Domain\\Domain;\nuse Froxlor\\FileDir;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\Idna\\IdnaWrapper;\nuse Froxlor\\PhpHelper;\nuse Froxlor\\Settings;\nuse Froxlor\\System\\Cronjob;\nuse Froxlor\\UI\\Response;\nuse Froxlor\\Validate\\Validate;\nuse PDO;\n\n/**\n * @since 0.10.0\n */\nclass SubDomains extends ApiCommand implements ResourceEntity\n{\n\n\t/**\n\t * add a new subdomain\n\t *\n\t * @param string $subdomain\n\t * part before domain.tld to create as subdomain\n\t * @param string $domain\n\t * domainname of main-domain\n\t * @param int $alias\n\t * optional, domain-id of a domain that the new domain should be an alias of\n\t * @param string $path\n\t * optional, destination path relative to the customers-homedir, default is customers-homedir\n\t * @param string $url\n\t * optional, overwrites path value with an URL to generate a redirect, alternatively use the path\n\t * parameter also for URLs\n\t * @param int $openbasedir_path\n\t * optional, either 0 for domains-docroot [default], 1 for customers-homedir or 2 for parent-directory of domains-docroot\n\t * @param int $phpsettingid\n\t * optional, php-settings-id, if empty the $domain value is used\n\t * @param int $redirectcode\n\t * optional, redirect-code-id from TABLE_PANEL_REDIRECTCODES\n\t * @param int $speciallogfile\n\t * optional, whether to create an exclusive web-logfile for this domain (1) or not (0) or inherit value from parentdomain (2, default)\n\t * @param bool $sslenabled\n\t * optional, whether or not SSL is enabled for this domain, regardless of the assigned ssl-ips, default\n\t * 1 (true)\n\t * @param bool $ssl_redirect\n\t * optional, whether to generate a https-redirect or not, default false; requires SSL to be enabled\n\t * @param bool $letsencrypt\n\t * optional, whether to generate a Let's Encrypt certificate for this domain, default false; requires\n\t * SSL to be enabled\n\t * @param bool $http2\n\t * optional, whether to enable http/2 for this subdomain (requires to be enabled in the settings),\n\t * default 0 (false)\n\t * @param bool $http3\n\t * optional, whether to enable http/3 for this subdomain (requires to be enabled in the settings),\n\t * default 0 (false)\n\t * @param int $hsts_maxage\n\t * optional max-age value for HSTS header, default 0\n\t * @param bool $hsts_sub\n\t * optional whether or not to add subdomains to the HSTS header, default 0\n\t * @param bool $hsts_preload\n\t * optional whether or not to preload HSTS header value, default 0\n\t * @param int $customerid\n\t * optional, required when called as admin (if $loginname is not specified)\n\t * @param string $loginname\n\t * optional, required when called as admin (if $customerid is not specified)\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function add()\n\t{\n\t\tif (($this->getUserDetail('subdomains_used') < $this->getUserDetail('subdomains') || $this->getUserDetail('subdomains') == '-1') || $this->isAdmin()) {\n\t\t\t// parameters\n\t\t\t$subdomain = $this->getParam('subdomain');\n\t\t\t$domain = $this->getParam('domain');\n\n\t\t\t// optional parameters\n\t\t\t$aliasdomain = $this->getParam('alias', true, 0);\n\t\t\t$path = $this->getParam('path', true, '');\n\t\t\t$url = $this->getParam('url', true, '');\n\t\t\t$openbasedir_path = $this->getParam('openbasedir_path', true, 0);\n\t\t\t$phpsettingid = $this->getParam('phpsettingid', true, 0);\n\t\t\t$redirectcode = $this->getParam('redirectcode', true, Settings::Get('customredirect.default'));\n\t\t\t$speciallogfile = intval($this->getParam('speciallogfile', true, 2));\n\t\t\t$isemaildomain = $this->getParam('isemaildomain', true, 0);\n\t\t\tif (Settings::Get('system.use_ssl')) {\n\t\t\t\t$sslenabled = $this->getBoolParam('sslenabled', true, 1);\n\t\t\t\t$ssl_redirect = $this->getBoolParam('ssl_redirect', true, 0);\n\t\t\t\t$letsencrypt = $this->getBoolParam('letsencrypt', true, 0);\n\t\t\t\t$http2 = $this->getBoolParam('http2', true, 0);\n\t\t\t\t$http3 = $this->getBoolParam('http3', true, 0);\n\t\t\t\t$hsts_maxage = $this->getParam('hsts_maxage', true, 0);\n\t\t\t\t$hsts_sub = $this->getBoolParam('hsts_sub', true, 0);\n\t\t\t\t$hsts_preload = $this->getBoolParam('hsts_preload', true, 0);\n\t\t\t} else {\n\t\t\t\t$sslenabled = 0;\n\t\t\t\t$ssl_redirect = 0;\n\t\t\t\t$letsencrypt = 0;\n\t\t\t\t$http2 = 0;\n\t\t\t\t$http3 = 0;\n\t\t\t\t$hsts_maxage = 0;\n\t\t\t\t$hsts_sub = 0;\n\t\t\t\t$hsts_preload = 0;\n\t\t\t}\n\n\t\t\t// get needed customer info to reduce the subdomain-usage-counter by one\n\t\t\t$customer = $this->getCustomerData('subdomains');\n\n\t\t\t// validation\n\t\t\t$subdomain = strtolower($subdomain);\n\t\t\tif (substr($subdomain, 0, 4) == 'xn--') {\n\t\t\t\tResponse::standardError('domain_nopunycode', '', true);\n\t\t\t}\n\n\t\t\t$idna_convert = new IdnaWrapper();\n\t\t\t$subdomain = $idna_convert->encode(preg_replace([\n\t\t\t\t'/\\:(\\d)+$/',\n\t\t\t\t'/^https?\\:\\/\\//'\n\t\t\t], '', Validate::validate($subdomain, 'subdomain', '', 'subdomainiswrong', [], true)));\n\n\t\t\t// merge the two parts together\n\t\t\t$completedomain = $subdomain . '.' . $domain;\n\n\t\t\tif (Settings::Get('system.validate_domain') && !Validate::validateDomain($completedomain)) {\n\t\t\t\tResponse::standardError([\n\t\t\t\t\t'stringiswrong',\n\t\t\t\t\t'mydomain'\n\t\t\t\t], '', true);\n\t\t\t}\n\t\t\tif ($completedomain == strtolower(Settings::Get('system.hostname'))) {\n\t\t\t\tResponse::standardError('admin_domain_emailsystemhostname', '', true);\n\t\t\t}\n\n\t\t\t// check whether the domain already exists\n\t\t\t$completedomain_stmt = Database::prepare(\"\n\t\t\t\tSELECT * FROM `\" . TABLE_PANEL_DOMAINS . \"`\n\t\t\t\tWHERE `domain` = :domain\n\t\t\t\tAND `customerid` = :customerid\n\t\t\t\tAND `email_only` = '0'\n\t\t\t\");\n\t\t\t$completedomain_check = Database::pexecute_first($completedomain_stmt, [\n\t\t\t\t\"domain\" => $completedomain,\n\t\t\t\t\"customerid\" => $customer['customerid']\n\t\t\t], true, true);\n\n\t\t\tif ($completedomain_check) {\n\t\t\t\t// no exception so far - domain exists\n\t\t\t\tResponse::standardError('domainexistalready', $completedomain, true);\n\t\t\t}\n\n\t\t\t// alias domain checked?\n\t\t\tif ($aliasdomain != 0) {\n\t\t\t\t// also check ip/port combination to be the same, #176\n\t\t\t\t$aliasdomain_stmt = Database::prepare(\"\n\t\t\t\t\tSELECT `d`.`id` FROM `\" . TABLE_PANEL_DOMAINS . \"` `d` , `\" . TABLE_PANEL_CUSTOMERS . \"` `c` , `\" . TABLE_DOMAINTOIP . \"` `dip`\n\t\t\t\t\tWHERE `d`.`aliasdomain` IS NULL\n\t\t\t\t\tAND `d`.`id` = :id\n\t\t\t\t\tAND `c`.`standardsubdomain` <> `d`.`id`\n\t\t\t\t\tAND `d`.`customerid` = :customerid\n\t\t\t\t\tAND `c`.`customerid` = `d`.`customerid`\n\t\t\t\t\tAND `d`.`id` = `dip`.`id_domain`\n\t\t\t\t\tAND `dip`.`id_ipandports`\n\t\t\t\t\tIN (SELECT `id_ipandports` FROM `\" . TABLE_DOMAINTOIP . \"` WHERE `id_domain` = :id )\n\t\t\t\t\tGROUP BY `d`.`domain`\n\t\t\t\t\tORDER BY `d`.`domain` ASC\n\t\t\t\t\");\n\t\t\t\t$aliasdomain_check = Database::pexecute_first($aliasdomain_stmt, [\n\t\t\t\t\t\"id\" => $aliasdomain,\n\t\t\t\t\t\"customerid\" => $customer['customerid']\n\t\t\t\t], true, true);\n\t\t\t\tif ($aliasdomain_check['id'] != $aliasdomain) {\n\t\t\t\t\tResponse::standardError('domainisaliasorothercustomer', '', true);\n\t\t\t\t}\n\t\t\t\tDomain::triggerLetsEncryptCSRForAliasDestinationDomain($aliasdomain, $this->logger());\n\t\t\t}\n\n\t\t\t// validate / correct path/url of domain\n\t\t\t$_doredirect = false;\n\t\t\t$path = $this->validateDomainDocumentRoot($path, $url, $customer, $completedomain, $_doredirect);\n\n\t\t\tif ($openbasedir_path > 2 && $openbasedir_path < 0) {\n\t\t\t\t$openbasedir_path = 0;\n\t\t\t}\n\n\t\t\t// get main domain for various checks\n\t\t\t$domain_stmt = Database::prepare(\"\n\t\t\t\tSELECT * FROM `\" . TABLE_PANEL_DOMAINS . \"`\n\t\t\t\tWHERE `domain` = :domain\n\t\t\t\tAND `customerid` = :customerid\n\t\t\t\tAND `parentdomainid` = '0'\n\t\t\t\tAND `email_only` = '0'\n\t\t\t\");\n\t\t\t$domain_check = Database::pexecute_first($domain_stmt, [\n\t\t\t\t\"domain\" => $domain,\n\t\t\t\t\"customerid\" => $customer['customerid']\n\t\t\t], true, true);\n\n\t\t\tif (!$domain_check) {\n\t\t\t\t// the given main-domain\n\t\t\t\tResponse::standardError('maindomainnonexist', $domain, true);\n\t\t\t} elseif ($subdomain == 'www' && $domain_check['wwwserveralias'] == '1') {\n\t\t\t\t// you cannot add 'www' as subdomain when the maindomain generates a www-alias\n\t\t\t\tResponse::standardError('wwwnotallowed', '', true);\n\t\t\t} elseif ($completedomain_check && strtolower($completedomain_check['domain']) == strtolower($completedomain)) {\n\t\t\t\t// the domain does already exist as main-domain\n\t\t\t\tResponse::standardError('domainexistalready', $completedomain, true);\n\t\t\t} elseif ((int)$domain_check['deactivated'] == 1) {\n\t\t\t\t// main domain is deactivated\n\t\t\t\tResponse::standardError('maindomaindeactivated', $domain, true);\n\t\t\t}\n\n\t\t\t// if allowed, check for 'is email domain'-flag\n\t\t\tif ($domain_check['subcanemaildomain'] == '1' || $domain_check['subcanemaildomain'] == '2') {\n\t\t\t\t$isemaildomain = intval($isemaildomain);\n\t\t\t} else {\n\t\t\t\t$isemaildomain = $domain_check['subcanemaildomain'] == '3' ? 1 : 0;\n\t\t\t}\n\n\t\t\tif ($ssl_redirect != 0) {\n\t\t\t\t// a ssl-redirect only works if there actually is a\n\t\t\t\t// ssl ip/port assigned to the domain\n\t\t\t\tif (Domain::domainHasSslIpPort($domain_check['id']) == true) {\n\t\t\t\t\t$ssl_redirect = '1';\n\t\t\t\t\t$_doredirect = true;\n\t\t\t\t} else {\n\t\t\t\t\tResponse::standardError('sslredirectonlypossiblewithsslipport', '', true);\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tif ($letsencrypt != 0) {\n\t\t\t\t// let's encrypt only works if there actually is a\n\t\t\t\t// ssl ip/port assigned to the domain\n\t\t\t\tif (Domain::domainHasSslIpPort($domain_check['id']) == true) {\n\t\t\t\t\t$letsencrypt = '1';\n\t\t\t\t} else {\n\t\t\t\t\tResponse::standardError('letsencryptonlypossiblewithsslipport', '', true);\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// validate dns if lets encrypt is enabled to check whether we can use it at all\n\t\t\tif ($letsencrypt == '1' && Settings::Get('system.le_domain_dnscheck') == '1') {\n\t\t\t\t$our_ips = Domain::getIpsOfDomain($domain_check['id']);\n\t\t\t\t$domain_ips = PhpHelper::gethostbynamel6($completedomain, true, Settings::Get('system.le_domain_dnscheck_resolver'));\n\t\t\t\tif ($domain_ips == false || count(array_intersect($our_ips, $domain_ips)) <= 0) {\n\t\t\t\t\tResponse::standardError('invaliddnsforletsencrypt', '', true);\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// Temporarily deactivate ssl_redirect until Let's Encrypt certificate was generated\n\t\t\tif ($ssl_redirect > 0 && $letsencrypt == 1) {\n\t\t\t\t$ssl_redirect = 2;\n\t\t\t}\n\n\t\t\t// validate speciallogfile value\n\t\t\tif ($speciallogfile < 0 || $speciallogfile > 2) {\n\t\t\t\t$speciallogfile = 2; // inherit from parent-domain\n\t\t\t}\n\n\t\t\t// get the phpsettingid from parentdomain, #107\n\t\t\t$phpsid_stmt = Database::prepare(\"\n\t\t\t\tSELECT `phpsettingid` FROM `\" . TABLE_PANEL_DOMAINS . \"` WHERE `id` = :id\n\t\t\t\");\n\t\t\t$phpsid_result = Database::pexecute_first($phpsid_stmt, [\n\t\t\t\t\"id\" => $domain_check['id']\n\t\t\t], true, true);\n\n\t\t\tif (!isset($phpsid_result['phpsettingid']) || (int)$phpsid_result['phpsettingid'] <= 0) {\n\t\t\t\t// assign default config\n\t\t\t\t$phpsid_result['phpsettingid'] = 1;\n\t\t\t}\n\n\t\t\tif ($domain_check['phpenabled'] == 1) {\n\t\t\t\t// check whether the customer has chosen its own php-config\n\t\t\t\tif ($phpsettingid > 0 && $phpsettingid != $phpsid_result['phpsettingid']) {\n\t\t\t\t\t$phpsid_result['phpsettingid'] = intval($phpsettingid);\n\t\t\t\t}\n\n\t\t\t\t$allowed_phpconfigs = $customer['allowed_phpconfigs'];\n\t\t\t\tif (!empty($allowed_phpconfigs)) {\n\t\t\t\t\t$allowed_phpconfigs = json_decode($allowed_phpconfigs, true);\n\t\t\t\t} else {\n\t\t\t\t\t$allowed_phpconfigs = [];\n\t\t\t\t}\n\t\t\t\t// only with fcgid/fpm enabled will it be possible to select a php-setting\n\t\t\t\tif ((int)Settings::Get('system.mod_fcgid') == 1 || (int)Settings::Get('phpfpm.enabled') == 1) {\n\t\t\t\t\tif (!in_array($phpsid_result['phpsettingid'], $allowed_phpconfigs)) {\n\t\t\t\t\t\tResponse::standardError('notallowedphpconfigused', '', true);\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// actually insert domain\n\t\t\t$stmt = Database::prepare(\"\n\t\t\t\tINSERT INTO `\" . TABLE_PANEL_DOMAINS . \"` SET\n\t\t\t\t`customerid` = :customerid,\n\t\t\t\t`adminid` = :adminid,\n\t\t\t\t`domain` = :domain,\n\t\t\t\t`domain_ace` = :domain_ace,\n\t\t\t\t`documentroot` = :documentroot,\n\t\t\t\t`aliasdomain` = :aliasdomain,\n\t\t\t\t`parentdomainid` = :parentdomainid,\n\t\t\t\t`wwwserveralias` = :wwwserveralias,\n\t\t\t\t`isemaildomain` = :isemaildomain,\n\t\t\t\t`iswildcarddomain` = :iswildcarddomain,\n\t\t\t\t`phpenabled` = :phpenabled,\n\t\t\t\t`openbasedir` = :openbasedir,\n\t\t\t\t`openbasedir_path` = :openbasedir_path,\n\t\t\t\t`speciallogfile` = :speciallogfile,\n\t\t\t\t`specialsettings` = :specialsettings,\n\t\t\t\t`ssl_specialsettings` = :ssl_specialsettings,\n\t\t\t\t`include_specialsettings` = :include_specialsettings,\n\t\t\t\t`ssl_redirect` = :ssl_redirect,\n\t\t\t\t`phpsettingid` = :phpsettingid,\n\t\t\t\t`letsencrypt` = :letsencrypt,\n\t\t\t\t`http2` = :http2,\n\t\t\t\t`http3` = :http3,\n\t\t\t\t`hsts` = :hsts,\n\t\t\t\t`hsts_sub` = :hsts_sub,\n\t\t\t\t`hsts_preload` = :hsts_preload,\n\t\t\t\t`ocsp_stapling` = :ocsp_stapling,\n\t\t\t\t`override_tls` = :override_tls,\n\t\t\t\t`ssl_protocols` = :ssl_protocols,\n\t\t\t\t`ssl_cipher_list` = :ssl_cipher_list,\n\t\t\t\t`tlsv13_cipher_list` = :tlsv13_cipher_list,\n\t\t\t\t`ssl_enabled` = :sslenabled,\n\t\t\t\t`dkim` = :dkim\n\t\t\t\");\n\t\t\t$params = [\n\t\t\t\t\"customerid\" => $customer['customerid'],\n\t\t\t\t\"adminid\" => $customer['adminid'],\n\t\t\t\t\"domain\" => $completedomain,\n\t\t\t\t\"domain_ace\" => $idna_convert->decode($completedomain),\n\t\t\t\t\"documentroot\" => $path,\n\t\t\t\t\"aliasdomain\" => $aliasdomain != 0 ? $aliasdomain : null,\n\t\t\t\t\"parentdomainid\" => $domain_check['id'],\n\t\t\t\t\"wwwserveralias\" => $domain_check['wwwserveralias'] == '1' ? '1' : '0',\n\t\t\t\t\"iswildcarddomain\" => $domain_check['iswildcarddomain'] == '1' ? '1' : '0',\n\t\t\t\t\"isemaildomain\" => $isemaildomain,\n\t\t\t\t\"openbasedir\" => $domain_check['openbasedir'],\n\t\t\t\t\"openbasedir_path\" => $openbasedir_path,\n\t\t\t\t\"phpenabled\" => $domain_check['phpenabled'],\n\t\t\t\t\"speciallogfile\" => $speciallogfile == 2 ? $domain_check['speciallogfile'] : $speciallogfile,\n\t\t\t\t\"specialsettings\" => $domain_check['specialsettings'],\n\t\t\t\t\"ssl_specialsettings\" => $domain_check['ssl_specialsettings'],\n\t\t\t\t\"include_specialsettings\" => $domain_check['include_specialsettings'],\n\t\t\t\t\"ssl_redirect\" => $ssl_redirect,\n\t\t\t\t\"phpsettingid\" => $phpsid_result['phpsettingid'],\n\t\t\t\t\"letsencrypt\" => $letsencrypt,\n\t\t\t\t\"http2\" => $http2,\n\t\t\t\t\"http3\" => $http3,\n\t\t\t\t\"hsts\" => $hsts_maxage,\n\t\t\t\t\"hsts_sub\" => $hsts_sub,\n\t\t\t\t\"hsts_preload\" => $hsts_preload,\n\t\t\t\t\"ocsp_stapling\" => $domain_check['ocsp_stapling'],\n\t\t\t\t\"override_tls\" => $domain_check['override_tls'],\n\t\t\t\t\"ssl_protocols\" => $domain_check['ssl_protocols'],\n\t\t\t\t\"ssl_cipher_list\" => $domain_check['ssl_cipher_list'],\n\t\t\t\t\"tlsv13_cipher_list\" => $domain_check['tlsv13_cipher_list'],\n\t\t\t\t\"sslenabled\" => $sslenabled,\n\t\t\t\t\"dkim\" => $domain_check['dkim'],\n\t\t\t];\n\t\t\tDatabase::pexecute($stmt, $params, true, true);\n\t\t\t$subdomain_id = Database::lastInsertId();\n\n\t\t\t$stmt = Database::prepare(\"\n\t\t\t\tINSERT INTO `\" . TABLE_DOMAINTOIP . \"`\n\t\t\t\t(`id_domain`, `id_ipandports`)\n\t\t\t\tSELECT LAST_INSERT_ID(), `id_ipandports`\n\t\t\t\tFROM `\" . TABLE_DOMAINTOIP . \"`\n\t\t\t\tWHERE `id_domain` = :id_domain\n\t\t\t\");\n\t\t\tDatabase::pexecute($stmt, [\n\t\t\t\t\"id_domain\" => $domain_check['id']\n\t\t\t]);\n\n\t\t\tif ($_doredirect) {\n\t\t\t\tDomain::addRedirectToDomain($subdomain_id, $redirectcode);\n\t\t\t}\n\n\t\t\tCronjob::inserttask(TaskId::REBUILD_VHOST);\n\t\t\t// Using nameserver, insert a task which rebuilds the server config\n\t\t\tCronjob::inserttask(TaskId::REBUILD_DNS);\n\n\t\t\tCustomers::increaseUsage($customer['customerid'], 'subdomains_used');\n\n\t\t\t$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO, \"[API] added subdomain '\" . $completedomain . \"'\");\n\n\t\t\t$result = $this->apiCall('SubDomains.get', [\n\t\t\t\t'id' => $subdomain_id\n\t\t\t]);\n\t\t\treturn $this->response($result);\n\t\t}\n\t\tthrow new Exception(\"No more resources available\", 406);\n\t}\n\n\t/**\n\t * return a subdomain entry by either id or domainname\n\t *\n\t * @param int $id\n\t * optional, the domain-id\n\t * @param string $domainname\n\t * optional, the domainname\n\t * @param bool $with_ips\n\t * optional, default true\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function get()\n\t{\n\t\t$id = $this->getParam('id', true, 0);\n\t\t$dn_optional = $id > 0;\n\t\t$domainname = $this->getParam('domainname', $dn_optional, '');\n\t\t$with_ips = $this->getParam('with_ips', true, true);\n\n\t\t// convert possible idn domain to punycode\n\t\tif (substr($domainname, 0, 4) != 'xn--') {\n\t\t\t$idna_convert = new IdnaWrapper();\n\t\t\t$domainname = $idna_convert->encode($domainname);\n\t\t}\n\n\t\tif ($this->isAdmin()) {\n\t\t\tif ($this->getUserDetail('customers_see_all') != 1) {\n\t\t\t\t// if it's a reseller or an admin who cannot see all customers, we need to check\n\t\t\t\t// whether the database belongs to one of his customers\n\t\t\t\t$_custom_list_result = $this->apiCall('Customers.listing');\n\t\t\t\t$custom_list_result = $_custom_list_result['list'];\n\t\t\t\t$customer_ids = [];\n\t\t\t\tforeach ($custom_list_result as $customer) {\n\t\t\t\t\t$customer_ids[] = $customer['customerid'];\n\t\t\t\t}\n\t\t\t\tif (count($customer_ids) > 0) {\n\t\t\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\t\t\tSELECT d.*, pd.`subcanemaildomain`, pd.`isbinddomain` as subisbinddomain\n\t\t\t\t\t\tFROM `\" . TABLE_PANEL_DOMAINS . \"` d, `\" . TABLE_PANEL_DOMAINS . \"` pd\n\t\t\t\t\t\tWHERE \" . ($id > 0 ? \"d.`id` = :iddn\" : \"d.`domain` = :iddn\") . \" AND d.`customerid` IN (\" . implode(\", \", $customer_ids) . \")\n\t\t\t\t\t\tAND ((d.`parentdomainid`!='0' AND pd.`id` = d.`parentdomainid`) OR (d.`parentdomainid`='0' AND pd.`id` = d.`id`))\n\t\t\t\t\t\");\n\t\t\t\t\t$params = [\n\t\t\t\t\t\t'iddn' => ($id <= 0 ? $domainname : $id)\n\t\t\t\t\t];\n\t\t\t\t} else {\n\t\t\t\t\tthrow new Exception(\"You do not have any customers yet\", 406);\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\t\tSELECT d.*, pd.`subcanemaildomain`, pd.`isbinddomain` as subisbinddomain\n\t\t\t\t\tFROM `\" . TABLE_PANEL_DOMAINS . \"` d, `\" . TABLE_PANEL_DOMAINS . \"` pd\n\t\t\t\t\tWHERE \" . ($id > 0 ? \"d.`id` = :iddn\" : \"d.`domain` = :iddn\") . \"\n\t\t\t\t\tAND ((d.`parentdomainid`!='0' AND pd.`id` = d.`parentdomainid`) OR (d.`parentdomainid`='0' AND pd.`id` = d.`id`))\n\t\t\t\t\");\n\t\t\t\t$params = [\n\t\t\t\t\t'iddn' => ($id <= 0 ? $domainname : $id)\n\t\t\t\t];\n\t\t\t}\n\t\t} else {\n\t\t\tif (!$this->isInternal() && Settings::IsInList('panel.customer_hide_options', 'domains')) {\n\t\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t\t}\n\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\tSELECT d.*, pd.`subcanemaildomain`, pd.`isbinddomain` as subisbinddomain, pd.`domain` as parentdomain\n\t\t\t\tFROM `\" . TABLE_PANEL_DOMAINS . \"` d, `\" . TABLE_PANEL_DOMAINS . \"` pd\n\t\t\t\tWHERE d.`customerid`= :customerid AND \" . ($id > 0 ? \"d.`id` = :iddn\" : \"d.`domain` = :iddn\") . \"\n\t\t\t\tAND ((d.`parentdomainid`!='0' AND pd.`id` = d.`parentdomainid`) OR (d.`parentdomainid`='0' AND pd.`id` = d.`id`))\n\t\t\t\");\n\t\t\t$params = [\n\t\t\t\t'customerid' => $this->getUserDetail('customerid'),\n\t\t\t\t'iddn' => ($id <= 0 ? $domainname : $id)\n\t\t\t];\n\t\t}\n\t\t$result = Database::pexecute_first($result_stmt, $params, true, true);\n\t\tif ($result) {\n\t\t\t$result['ipsandports'] = [];\n\t\t\tif ($with_ips) {\n\t\t\t\t$result['ipsandports'] = $this->getIpsForDomain($result['id']);\n\t\t\t}\n\t\t\t$result['domain_hascert'] = $this->getHasCertValueForDomain((int)$result['id'], (int)$result['parentdomainid']);\n\t\t\t$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO, \"[API] get subdomain '\" . $result['domain'] . \"'\");\n\t\t\treturn $this->response($result);\n\t\t}\n\t\tthrow new Exception(\"Requested subdomain could not be found\", 404);\n\t}\n\n\tprivate function getHasCertValueForDomain(int $domainid, int $parentdomainid): int\n\t{\n\t\t// nothing (ssl_global)\n\t\t$domain_hascert = 0;\n\t\t$ssl_stmt = Database::prepare(\"SELECT * FROM `\" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . \"` WHERE `domainid` = :domainid\");\n\t\tDatabase::pexecute($ssl_stmt, array(\n\t\t\t\"domainid\" => $domainid\n\t\t));\n\t\t$ssl_result = $ssl_stmt->fetch(PDO::FETCH_ASSOC);\n\t\tif (is_array($ssl_result) && isset($ssl_result['ssl_cert_file']) && $ssl_result['ssl_cert_file'] != '') {\n\t\t\t// own certificate (ssl_customer_green)\n\t\t\t$domain_hascert = 1;\n\t\t} else {\n\t\t\t// check if it's parent has one set (shared)\n\t\t\tif ($parentdomainid != 0) {\n\t\t\t\t$ssl_stmt = Database::prepare(\"SELECT * FROM `\" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . \"` WHERE `domainid` = :domainid\");\n\t\t\t\tDatabase::pexecute($ssl_stmt, array(\n\t\t\t\t\t\"domainid\" => $parentdomainid\n\t\t\t\t));\n\t\t\t\t$ssl_result = $ssl_stmt->fetch(PDO::FETCH_ASSOC);\n\t\t\t\tif (is_array($ssl_result) && isset($ssl_result['ssl_cert_file']) && $ssl_result['ssl_cert_file'] != '') {\n\t\t\t\t\t// parent has a certificate (ssl_shared)\n\t\t\t\t\t$domain_hascert = 2;\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t\treturn $domain_hascert;\n\t}\n\n\t/**\n\t * validate given path and replace with url if given and valid\n\t *\n\t * @param string $path\n\t * @param string $url\n\t * @param array $customer\n\t * @param string $completedomain\n\t * @param boolean $_doredirect\n\t *\n\t * @return string validated path\n\t * @throws Exception\n\t */\n\tprivate function validateDomainDocumentRoot($path = null, $url = null, $customer = null, $completedomain = null, &$_doredirect = false)\n\t{\n\t\t$_doredirect = false;\n\t\t$idna = new IdnaWrapper();\n\n\t\t// url mode: either $url or $path begins with http:// or https://\n\t\t$maybeUrl = !empty($url) ? $url : (preg_match('/^https?\\:\\/\\//', $path) ? $path : '');\n\t\tif ($maybeUrl !== '') {\n\t\t\t$encoded = $idna->encode($maybeUrl);\n\t\t\tif (!Validate::validateUrl($encoded, true)) {\n\t\t\t\tResponse::standardError('invaliddocumentrooturl', '', true);\n\t\t\t}\n\t\t\t$_doredirect = true;\n\t\t\treturn $encoded;\n\t\t}\n\n\t\t// path mode: regular directory path\n\t\t$path = Validate::validate($path, 'path', Validate::REGEX_DIR, '', [], true);\n\n\t\t// default path if empty and setting active\n\t\tif (($path === '' || $path === '/') && Settings::Get('system.documentroot_use_default_value') == 1) {\n\t\t\treturn FileDir::makeCorrectDir($customer['documentroot'] . '/' . $completedomain, $customer['documentroot']);\n\t\t}\n\t\t// check if path does not contain a colon\n\t\tif (strpos($path, ':') !== false) {\n\t\t\tResponse::standardError('pathmaynotcontaincolon', '', true);\n\t\t}\n\n\t\treturn FileDir::makeCorrectDir($customer['documentroot'] . '/' . $path, $customer['documentroot']);\n\t}\n\n\t/**\n\t * update subdomain entry by either id or domainname\n\t *\n\t * @param int $id\n\t * optional, the domain-id\n\t * @param string $domainname\n\t * optional, the domainname\n\t * @param int $alias\n\t * optional, domain-id of a domain that the new domain should be an alias of\n\t * @param string $path\n\t * optional, destination path relative to the customers-homedir, default is customers-homedir\n\t * @param string $url\n\t * optional, overwrites path value with an URL to generate a redirect, alternatively use the path\n\t * parameter also for URLs\n\t * @param int $selectserveralias\n\t * optional, 0 = wildcard, 1 = www-alias, 2 = none\n\t * @param bool $isemaildomain\n\t * optional\n\t * @param int $openbasedir_path\n\t * optional, either 0 for domains-docroot, 1 for customers-homedir or 2 for parent-directory of domains-docroot\n\t * @param int $phpsettingid\n\t * optional, php-settings-id, if empty the $domain value is used\n\t * @param int $redirectcode\n\t * optional, redirect-code-id from TABLE_PANEL_REDIRECTCODES\n\t * @param bool $speciallogfile\n\t * optional, whether to create an exclusive web-logfile for this domain\n\t * @param bool $speciallogverified\n\t * optional, when setting $speciallogfile to false, this needs to be set to true to confirm the action,\n\t * default 0 (false)\n\t * @param bool $sslenabled\n\t * optional, whether or not SSL is enabled for this domain, regardless of the assigned ssl-ips, default\n\t * 1 (true)\n\t * @param bool $ssl_redirect\n\t * optional, whether to generate a https-redirect or not, default false; requires SSL to be enabled\n\t * @param bool $letsencrypt\n\t * optional, whether to generate a Let's Encrypt certificate for this domain, default false; requires\n\t * SSL to be enabled\n\t * @param bool $http2\n\t * optional, whether to enable http/2 for this domain (requires to be enabled in the settings), default\n\t * 0 (false)\n\t * @param bool $http3\n\t * optional, whether to enable http/3 for this domain (requires to be enabled in the settings), default\n\t * 0 (false)\n\t * @param int $hsts_maxage\n\t * optional max-age value for HSTS header\n\t * @param bool $hsts_sub\n\t * optional whether or not to add subdomains to the HSTS header\n\t * @param bool $hsts_preload\n\t * optional whether or not to preload HSTS header value\n\t * @param int $customerid\n\t * optional, required when called as admin (if $loginname is not specified)\n\t * @param string $loginname\n\t * optional, required when called as admin (if $customerid is not specified)\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function update()\n\t{\n\t\t$id = $this->getParam('id', true, 0);\n\t\t$dn_optional = $id > 0;\n\t\t$domainname = $this->getParam('domainname', $dn_optional, '');\n\n\t\tif ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'domains')) {\n\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t}\n\n\t\t$result = $this->apiCall('SubDomains.get', [\n\t\t\t'id' => $id,\n\t\t\t'domainname' => $domainname\n\t\t]);\n\t\t$id = $result['id'];\n\n\t\tif ($this->isAdmin() == false && (int)$result['caneditdomain'] == 0) {\n\t\t\tthrow new Exception(lng('error.domaincannotbeedited', [$result['domain']]), 406);\n\t\t}\n\n\t\t// parameters\n\t\t$aliasdomain = $this->getParam('alias', true, 0);\n\t\t$path = $this->getParam('path', true, $result['documentroot']);\n\t\t$url = $this->getParam('url', true, '');\n\t\t// default: 0 = wildcard, 1 = www-alias, 2 = none\n\t\t$_serveraliasdefault = $result['iswildcarddomain'] == '1' ? 0 : ($result['wwwserveralias'] == '1' ? 1 : 2);\n\t\t$selectserveralias = $this->getParam('selectserveralias', true, $_serveraliasdefault);\n\t\t$isemaildomain = $this->getBoolParam('isemaildomain', true, $result['isemaildomain']);\n\t\t$openbasedir_path = $this->getParam('openbasedir_path', true, $result['openbasedir_path']);\n\t\t$phpsettingid = $this->getParam('phpsettingid', true, $result['phpsettingid']);\n\t\t$redirectcode = $this->getParam('redirectcode', true, Domain::getDomainRedirectId($id));\n\t\t$speciallogfile = $this->getBoolParam('speciallogfile', true, $result['speciallogfile']);\n\t\t$speciallogverified = $this->getBoolParam('speciallogverified', true, 0);\n\t\tif (Settings::Get('system.use_ssl')) {\n\t\t\t$sslenabled = $this->getBoolParam('sslenabled', true, $result['ssl_enabled']);\n\t\t\t$ssl_redirect = $this->getBoolParam('ssl_redirect', true, $result['ssl_redirect']);\n\t\t\t$letsencrypt = $this->getBoolParam('letsencrypt', true, $result['letsencrypt']);\n\t\t\t$http2 = $this->getBoolParam('http2', true, $result['http2']);\n\t\t\t$http3 = $this->getBoolParam('http3', true, $result['http3']);\n\t\t\t$hsts_maxage = $this->getParam('hsts_maxage', true, $result['hsts']);\n\t\t\t$hsts_sub = $this->getBoolParam('hsts_sub', true, $result['hsts_sub']);\n\t\t\t$hsts_preload = $this->getBoolParam('hsts_preload', true, $result['hsts_preload']);\n\t\t} else {\n\t\t\t$sslenabled = 0;\n\t\t\t$ssl_redirect = 0;\n\t\t\t$letsencrypt = 0;\n\t\t\t$http2 = 0;\n\t\t\t$http3 = 0;\n\t\t\t$hsts_maxage = 0;\n\t\t\t$hsts_sub = 0;\n\t\t\t$hsts_preload = 0;\n\t\t}\n\n\t\t// get needed customer info to reduce the subdomain-usage-counter by one\n\t\t$customer = $this->getCustomerData();\n\n\t\t$alias_stmt = Database::prepare(\"SELECT COUNT(`id`) AS count FROM `\" . TABLE_PANEL_DOMAINS . \"` WHERE `aliasdomain`= :aliasdomain\");\n\t\t$alias_check = Database::pexecute_first($alias_stmt, [\n\t\t\t\"aliasdomain\" => $result['id']\n\t\t]);\n\t\t$alias_check = $alias_check['count'];\n\n\t\t// alias domain checked?\n\t\tif ($aliasdomain != 0) {\n\t\t\t$aliasdomain_stmt = Database::prepare(\"\n\t\t\t\tSELECT `id` FROM `\" . TABLE_PANEL_DOMAINS . \"` `d`,`\" . TABLE_PANEL_CUSTOMERS . \"` `c`\n\t\t\t\tWHERE `d`.`customerid`= :customerid\n\t\t\t\tAND `d`.`aliasdomain` IS NULL\n\t\t\t\tAND `d`.`id`<>`c`.`standardsubdomain`\n\t\t\t\tAND `c`.`customerid`= :customerid\n\t\t\t\tAND `d`.`id`= :id\n\t\t\t\");\n\t\t\t$aliasdomain_check = Database::pexecute_first($aliasdomain_stmt, [\n\t\t\t\t\"id\" => $aliasdomain,\n\t\t\t\t\"customerid\" => $customer['customerid']\n\t\t\t], true, true);\n\t\t\tif ($aliasdomain_check['id'] != $aliasdomain) {\n\t\t\t\tResponse::standardError('domainisaliasorothercustomer', '', true);\n\t\t\t}\n\t\t\tDomain::triggerLetsEncryptCSRForAliasDestinationDomain($aliasdomain, $this->logger());\n\t\t}\n\n\t\t// validate / correct path/url of domain\n\t\t$_doredirect = false;\n\t\t$path = $this->validateDomainDocumentRoot($path, $url, $customer, $result['domain'], $_doredirect);\n\n\t\t// set alias-fields according to selected alias mode\n\t\t$iswildcarddomain = ($selectserveralias == '0') ? '1' : '0';\n\t\t$wwwserveralias = ($selectserveralias == '1') ? '1' : '0';\n\n\t\t// if allowed, check for 'is email domain'-flag\n\t\tif ($isemaildomain != $result['isemaildomain']) {\n\t\t\tif ($result['parentdomainid'] != '0' && ($result['subcanemaildomain'] == '1' || $result['subcanemaildomain'] == '2')) {\n\t\t\t\t$isemaildomain = intval($isemaildomain);\n\t\t\t} elseif ($result['parentdomainid'] != '0') {\n\t\t\t\t$isemaildomain = $result['subcanemaildomain'] == '3' ? 1 : 0;\n\t\t\t}\n\t\t}\n\n\t\t// check changes of openbasedir-path variable\n\t\tif ($openbasedir_path > 2 && $openbasedir_path < 0) {\n\t\t\t$openbasedir_path = 0;\n\t\t}\n\n\t\tif ($ssl_redirect != 0) {\n\t\t\t// a ssl-redirect only works if there actually is a\n\t\t\t// ssl ip/port assigned to the domain\n\t\t\tif (Domain::domainHasSslIpPort($result['id']) == true) {\n\t\t\t\t$ssl_redirect = '1';\n\t\t\t\t$_doredirect = true;\n\t\t\t} else {\n\t\t\t\tResponse::standardError('sslredirectonlypossiblewithsslipport', '', true);\n\t\t\t}\n\t\t}\n\n\t\tif ($letsencrypt != 0) {\n\t\t\t// let's encrypt only works if there actually is a\n\t\t\t// ssl ip/port assigned to the domain\n\t\t\tif (Domain::domainHasSslIpPort($result['id']) == true) {\n\t\t\t\t$letsencrypt = '1';\n\t\t\t} else {\n\t\t\t\tResponse::standardError('letsencryptonlypossiblewithsslipport', '', true);\n\t\t\t}\n\t\t}\n\n\t\t// validate dns if lets encrypt is enabled to check whether we can use it at all\n\t\tif ($result['letsencrypt'] != $letsencrypt && $letsencrypt == '1' && Settings::Get('system.le_domain_dnscheck') == '1') {\n\t\t\t$our_ips = Domain::getIpsOfDomain($result['parentdomainid']);\n\t\t\t$domain_ips = PhpHelper::gethostbynamel6($result['domain'], true, Settings::Get('system.le_domain_dnscheck_resolver'));\n\t\t\tif ($domain_ips == false || count(array_intersect($our_ips, $domain_ips)) <= 0) {\n\t\t\t\tResponse::standardError('invaliddnsforletsencrypt', '', true);\n\t\t\t}\n\t\t}\n\n\t\t// We can't enable let's encrypt for wildcard-domains\n\t\tif ($iswildcarddomain == '1' && $letsencrypt == '1') {\n\t\t\tResponse::standardError('nowildcardwithletsencrypt', '', true);\n\t\t}\n\n\t\t// Temporarily deactivate ssl_redirect until Let's Encrypt certificate was generated\n\t\tif ($ssl_redirect > 0 && $letsencrypt == 1 && $result['letsencrypt'] != $letsencrypt) {\n\t\t\t$ssl_redirect = 2;\n\t\t}\n\n\t\tif ($speciallogfile != $result['speciallogfile'] && $speciallogverified != '1') {\n\t\t\t$speciallogfile = $result['speciallogfile'];\n\t\t}\n\n\t\t// is-email-domain flag changed - remove mail accounts and mail-addresses\n\t\tif (($result['isemaildomain'] == '1') && $isemaildomain == '0') {\n\t\t\t$params = [\n\t\t\t\t\"customerid\" => $customer['customerid'],\n\t\t\t\t\"domainid\" => $id\n\t\t\t];\n\t\t\t$stmt = Database::prepare(\"DELETE FROM `\" . TABLE_MAIL_USERS . \"` WHERE `customerid`= :customerid AND `domainid`= :domainid\");\n\t\t\tDatabase::pexecute($stmt, $params, true, true);\n\t\t\t$stmt = Database::prepare(\"DELETE FROM `\" . TABLE_MAIL_VIRTUAL . \"` WHERE `customerid`= :customerid AND `domainid`= :domainid\");\n\t\t\tDatabase::pexecute($stmt, $params, true, true);\n\t\t\t$idna_convert = new IdnaWrapper();\n\t\t\t$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, \"[API] automatically deleted mail-table entries for '\" . $idna_convert->decode($result['domain']) . \"'\");\n\t\t}\n\n\t\t$allowed_phpconfigs = $customer['allowed_phpconfigs'];\n\t\tif (!empty($allowed_phpconfigs)) {\n\t\t\t$allowed_phpconfigs = json_decode($allowed_phpconfigs, true);\n\t\t} else {\n\t\t\t$allowed_phpconfigs = [];\n\t\t}\n\t\t// only with fcgid/fpm enabled will it be possible to select a php-setting\n\t\tif ((int)$result['phpenabled'] == 1 && ((int)Settings::Get('system.mod_fcgid') == 1 || (int)Settings::Get('phpfpm.enabled') == 1)) {\n\t\t\tif (!in_array($phpsettingid, $allowed_phpconfigs)) {\n\t\t\t\tResponse::standardError('notallowedphpconfigused', '', true);\n\t\t\t}\n\t\t}\n\n\t\t// handle redirect\n\t\tif ($_doredirect) {\n\t\t\tDomain::updateRedirectOfDomain($id, $redirectcode);\n\t\t}\n\n\t\tif ($path != $result['documentroot']\n\t\t\t|| $isemaildomain != $result['isemaildomain']\n\t\t\t|| $wwwserveralias != $result['wwwserveralias']\n\t\t\t|| $iswildcarddomain != $result['iswildcarddomain']\n\t\t\t|| $aliasdomain != (int)$result['aliasdomain']\n\t\t\t|| $openbasedir_path != $result['openbasedir_path']\n\t\t\t|| $sslenabled != $result['ssl_enabled']\n\t\t\t|| $ssl_redirect != $result['ssl_redirect']\n\t\t\t|| $letsencrypt != $result['letsencrypt']\n\t\t\t|| $hsts_maxage != $result['hsts']\n\t\t\t|| $hsts_sub != $result['hsts_sub']\n\t\t\t|| $hsts_preload != $result['hsts_preload']\n\t\t\t|| $phpsettingid != $result['phpsettingid']\n\t\t\t|| $http2 != $result['http2']\n\t\t\t|| $http3 != $result['http3']\n\t\t\t|| ($speciallogfile != $result['speciallogfile'] && $speciallogverified == '1')\n\t\t) {\n\t\t\t$stmt = Database::prepare(\"\n\t\t\t\t\tUPDATE `\" . TABLE_PANEL_DOMAINS . \"` SET\n\t\t\t\t\t`documentroot` = :documentroot,\n\t\t\t\t\t`isemaildomain` = :isemaildomain,\n\t\t\t\t\t`wwwserveralias` = :wwwserveralias,\n\t\t\t\t\t`iswildcarddomain` = :iswildcarddomain,\n\t\t\t\t\t`aliasdomain` = :aliasdomain,\n\t\t\t\t\t`openbasedir_path` = :openbasedir_path,\n\t\t\t\t\t`ssl_enabled` = :sslenabled,\n\t\t\t\t\t`ssl_redirect` = :ssl_redirect,\n\t\t\t\t\t`letsencrypt` = :letsencrypt,\n\t\t\t\t\t`http2` = :http2,\n\t\t\t\t\t`http3` = :http3,\n\t\t\t\t\t`hsts` = :hsts,\n\t\t\t\t\t`hsts_sub` = :hsts_sub,\n\t\t\t\t\t`hsts_preload` = :hsts_preload,\n\t\t\t\t\t`phpsettingid` = :phpsettingid,\n\t\t\t\t\t`speciallogfile` = :speciallogfile\n\t\t\t\t\tWHERE `customerid`= :customerid AND `id`= :id\n\t\t\t\t\");\n\t\t\t$params = [\n\t\t\t\t\"documentroot\" => $path,\n\t\t\t\t\"isemaildomain\" => $isemaildomain,\n\t\t\t\t\"wwwserveralias\" => $wwwserveralias,\n\t\t\t\t\"iswildcarddomain\" => $iswildcarddomain,\n\t\t\t\t\"aliasdomain\" => ($aliasdomain != 0 && $alias_check == 0) ? $aliasdomain : null,\n\t\t\t\t\"openbasedir_path\" => $openbasedir_path,\n\t\t\t\t\"sslenabled\" => $sslenabled,\n\t\t\t\t\"ssl_redirect\" => $ssl_redirect,\n\t\t\t\t\"letsencrypt\" => $letsencrypt,\n\t\t\t\t\"http2\" => $http2,\n\t\t\t\t\"http3\" => $http3,\n\t\t\t\t\"hsts\" => $hsts_maxage,\n\t\t\t\t\"hsts_sub\" => $hsts_sub,\n\t\t\t\t\"hsts_preload\" => $hsts_preload,\n\t\t\t\t\"phpsettingid\" => $phpsettingid,\n\t\t\t\t\"speciallogfile\" => $speciallogfile,\n\t\t\t\t\"customerid\" => $customer['customerid'],\n\t\t\t\t\"id\" => $id\n\t\t\t];\n\t\t\tDatabase::pexecute($stmt, $params, true, true);\n\n\t\t\tif ($result['aliasdomain'] != $aliasdomain && is_numeric($result['aliasdomain'])) {\n\t\t\t\t// trigger when domain id for alias destination has changed: both for old and new destination\n\t\t\t\tDomain::triggerLetsEncryptCSRForAliasDestinationDomain($result['aliasdomain'], $this->logger());\n\t\t\t\tDomain::triggerLetsEncryptCSRForAliasDestinationDomain($aliasdomain, $this->logger());\n\t\t\t}\n\t\t\tif ($result['wwwserveralias'] != $wwwserveralias || $result['letsencrypt'] != $letsencrypt) {\n\t\t\t\t// or when wwwserveralias or letsencrypt was changed\n\t\t\t\tDomain::triggerLetsEncryptCSRForAliasDestinationDomain($aliasdomain, $this->logger());\n\t\t\t\tif ((int)$aliasdomain === 0) {\n\t\t\t\t\t// in case the wwwserveralias is set on a main domain, $aliasdomain is 0\n\t\t\t\t\t// --> the call just above to triggerLetsEncryptCSRForAliasDestinationDomain\n\t\t\t\t\t// is a noop...let's repeat it with the domain id of the main domain\n\t\t\t\t\tDomain::triggerLetsEncryptCSRForAliasDestinationDomain($id, $this->logger());\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// check whether LE has been disabled, so we remove the certificate\n\t\t\tif ($letsencrypt == '0' && $result['letsencrypt'] == '1') {\n\t\t\t\t$del_stmt = Database::prepare(\"\n\t\t\t\t\t\tDELETE FROM `\" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . \"` WHERE `domainid` = :id\n\t\t\t\t\t\");\n\t\t\t\tDatabase::pexecute($del_stmt, [\n\t\t\t\t\t'id' => $id\n\t\t\t\t], true, true);\n\t\t\t\t// remove domain from acme.sh / lets encrypt if used\n\t\t\t\tCronjob::inserttask(TaskId::DELETE_DOMAIN_SSL, $result['domain']);\n\t\t\t}\n\n\t\t\tCronjob::inserttask(TaskId::REBUILD_VHOST);\n\t\t\tCronjob::inserttask(TaskId::REBUILD_DNS);\n\t\t\t$idna_convert = new IdnaWrapper();\n\t\t\t$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, \"[API] edited domain '\" . $idna_convert->decode($result['domain']) . \"'\");\n\t\t}\n\t\t$result = $this->apiCall('SubDomains.get', [\n\t\t\t'id' => $id\n\t\t]);\n\t\treturn $this->response($result);\n\t}\n\n\t/**\n\t * lists all customer domain/subdomain entries\n\t *\n\t * @param bool $with_ips\n\t * optional, default true\n\t * @param int $customerid\n\t * optional, admin-only, select (sub)domains of a specific customer by id\n\t * @param string $loginname\n\t * optional, admin-only, select (sub)domains of a specific customer by loginname\n\t * @param array $sql_search\n\t * optional array with index = fieldname, and value = array with 'op' => operator (one of <, > or =),\n\t * LIKE is used if left empty and 'value' => searchvalue\n\t * @param int $sql_limit\n\t * optional specify number of results to be returned\n\t * @param int $sql_offset\n\t * optional specify offset for resultset\n\t * @param array $sql_orderby\n\t * optional array with index = fieldname and value = ASC|DESC to order the resultset by one or more\n\t * fields\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded array count|list\n\t * @throws Exception\n\t */\n\tpublic function listing()\n\t{\n\t\t$with_ips = $this->getParam('with_ips', true, true);\n\t\tif ($this->isAdmin()) {\n\t\t\t// if we're an admin, list all subdomains of all the admins customers\n\t\t\t// or optionally for one specific customer identified by id or loginname\n\t\t\t$customerid = $this->getParam('customerid', true, 0);\n\t\t\t$loginname = $this->getParam('loginname', true, '');\n\n\t\t\tif (!empty($customerid) || !empty($loginname)) {\n\t\t\t\t$result = $this->apiCall('Customers.get', [\n\t\t\t\t\t'id' => $customerid,\n\t\t\t\t\t'loginname' => $loginname\n\t\t\t\t]);\n\t\t\t\t$custom_list_result = [\n\t\t\t\t\t$result\n\t\t\t\t];\n\t\t\t} else {\n\t\t\t\t$_custom_list_result = $this->apiCall('Customers.listing');\n\t\t\t\t$custom_list_result = $_custom_list_result['list'];\n\t\t\t}\n\t\t\t$customer_ids = [];\n\t\t\tforeach ($custom_list_result as $customer) {\n\t\t\t\t$customer_ids[] = $customer['customerid'];\n\t\t\t}\n\t\t\tif (empty($customer_ids)) {\n\t\t\t\tthrow new Exception(\"Required resource unsatisfied.\", 405);\n\t\t\t}\n\n\t\t\t$select_fields = [\n\t\t\t\t'`d`.*'\n\t\t\t];\n\t\t} else {\n\t\t\tif (Settings::IsInList('panel.customer_hide_options', 'domains')) {\n\t\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t\t}\n\t\t\t$customer_ids = [\n\t\t\t\t$this->getUserDetail('customerid')\n\t\t\t];\n\n\t\t\t$select_fields = [\n\t\t\t\t'`d`.`id`',\n\t\t\t\t'`d`.`customerid`',\n\t\t\t\t'`d`.`domain`',\n\t\t\t\t'`d`.`domain_ace`',\n\t\t\t\t'`d`.`documentroot`',\n\t\t\t\t'`d`.`isbinddomain`',\n\t\t\t\t'`d`.`isemaildomain`',\n\t\t\t\t'`d`.`caneditdomain`',\n\t\t\t\t'`d`.`iswildcarddomain`',\n\t\t\t\t'`d`.`parentdomainid`',\n\t\t\t\t'`d`.`letsencrypt`',\n\t\t\t\t'`d`.`registration_date`',\n\t\t\t\t'`d`.`termination_date`',\n\t\t\t\t'`d`.`deactivated`',\n\t\t\t\t'`d`.`email_only`',\n\t\t\t];\n\t\t}\n\n\t\t$query_fields = [];\n\n\t\t// prepare select statement\n\t\t$domains_stmt = Database::prepare(\"\n\t\t\tSELECT \" . implode(\",\", $select_fields) . \", IF(`d`.`parentdomainid` > 0, `pd`.`domain_ace`, `d`.`domain_ace`) AS `parentdomainname`, `ad`.`id` AS `aliasdomainid`, `ad`.`domain` AS `aliasdomain`, `da`.`id` AS `domainaliasid`, `da`.`domain` AS `domainalias`\n\t\t\tFROM `\" . TABLE_PANEL_DOMAINS . \"` `d`\n\t\t\tLEFT JOIN `\" . TABLE_PANEL_DOMAINS . \"` `ad` ON `d`.`aliasdomain`=`ad`.`id`\n\t\t\tLEFT JOIN `\" . TABLE_PANEL_DOMAINS . \"` `da` ON `da`.`aliasdomain`=`d`.`id`\n\t\t\tLEFT JOIN `\" . TABLE_PANEL_DOMAINS . \"` `pd` ON `pd`.`id`=`d`.`parentdomainid`\n\t\t\tWHERE `d`.`customerid` IN (\" . implode(', ', $customer_ids) . \")\n\t\t\t\" . $this->getSearchWhere($query_fields, true) . \" GROUP BY `d`.`id` ORDER BY `parentdomainname` ASC, `d`.`parentdomainid` ASC \" . $this->getOrderBy(true) . $this->getLimit());\n\n\t\t$result = [];\n\t\tDatabase::pexecute($domains_stmt, $query_fields, true, true);\n\t\twhile ($row = $domains_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t$row['ipsandports'] = [];\n\t\t\tif ($with_ips) {\n\t\t\t\t$row['ipsandports'] = $this->getIpsForDomain($row['id']);\n\t\t\t}\n\t\t\t$row['domain_hascert'] = $this->getHasCertValueForDomain((int)$row['id'], (int)$row['parentdomainid']);\n\t\t\t$result[] = $row;\n\t\t}\n\t\treturn $this->response([\n\t\t\t'count' => count($result),\n\t\t\t'list' => $result\n\t\t]);\n\t}\n\n\t/**\n\t * get ips connected to given domain as array\n\t *\n\t * @param number $domain_id\n\t * @param bool $ssl_only\n\t * optional, return only ssl enabled ip's, default false\n\t * @return array\n\t */\n\tprivate function getIpsForDomain($domain_id = 0, $ssl_only = false)\n\t{\n\t\t$fields = '`ips`.ip, `ips`.port, `ips`.ssl';\n\t\tif ($this->isAdmin()) {\n\t\t\t$fields = '`ips`.*';\n\t\t}\n\t\t$resultips_stmt = Database::prepare(\"\n\t\t\tSELECT \" . $fields . \" FROM `\" . TABLE_DOMAINTOIP . \"` AS `dti`, `\" . TABLE_PANEL_IPSANDPORTS . \"` AS `ips`\n\t\t\tWHERE `dti`.`id_ipandports` = `ips`.`id` AND `dti`.`id_domain` = :domainid \" . ($ssl_only ? \" AND `ips`.`ssl` = '1'\" : \"\"));\n\n\t\tDatabase::pexecute($resultips_stmt, [\n\t\t\t'domainid' => $domain_id\n\t\t]);\n\n\t\t$ipandports = [];\n\t\twhile ($rowip = $resultips_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\tif (filter_var($rowip['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {\n\t\t\t\t$rowip['is_ipv6'] = true;\n\t\t\t}\n\t\t\t$ipandports[] = $rowip;\n\t\t}\n\n\t\treturn $ipandports;\n\t}\n\n\t/**\n\t * returns the total number of accessible subdomain entries\n\t *\n\t * @param int $customerid\n\t * optional, admin-only, select (sub)domains of a specific customer by id\n\t * @param string $loginname\n\t * optional, admin-only, select (sub)domains of a specific customer by loginname\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded response message\n\t * @throws Exception\n\t */\n\tpublic function listingCount()\n\t{\n\t\tif ($this->isAdmin()) {\n\t\t\t// if we're an admin, list all databases of all the admins customers\n\t\t\t// or optionally for one specific customer identified by id or loginname\n\t\t\t$customerid = $this->getParam('customerid', true, 0);\n\t\t\t$loginname = $this->getParam('loginname', true, '');\n\n\t\t\tif (!empty($customerid) || !empty($loginname)) {\n\t\t\t\t$result = $this->apiCall('Customers.get', [\n\t\t\t\t\t'id' => $customerid,\n\t\t\t\t\t'loginname' => $loginname\n\t\t\t\t]);\n\t\t\t\t$custom_list_result = [\n\t\t\t\t\t$result\n\t\t\t\t];\n\t\t\t} else {\n\t\t\t\t$_custom_list_result = $this->apiCall('Customers.listing');\n\t\t\t\t$custom_list_result = $_custom_list_result['list'];\n\t\t\t}\n\t\t\t$customer_ids = [];\n\t\t\tforeach ($custom_list_result as $customer) {\n\t\t\t\t$customer_ids[] = $customer['customerid'];\n\t\t\t}\n\t\t} else {\n\t\t\tif (Settings::IsInList('panel.customer_hide_options', 'domains')) {\n\t\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t\t}\n\t\t\t$customer_ids = [\n\t\t\t\t$this->getUserDetail('customerid')\n\t\t\t];\n\t\t}\n\n\t\tif (!empty($customer_ids)) {\n\t\t\t$query_fields = [];\n\t\t\t// prepare select statement\n\t\t\t$domains_stmt = Database::prepare(\"\n\t\t\t\tSELECT COUNT(*) as num_subdom\n\t\t\t\tFROM `\" . TABLE_PANEL_DOMAINS . \"` `d`\n\t\t\t\tWHERE `d`.`customerid` IN (\" . implode(', ', $customer_ids) . \")\n\t\t\t\" . $this->getSearchWhere($query_fields, true));\n\t\t\t$result = Database::pexecute_first($domains_stmt, $query_fields, true, true);\n\t\t\tif ($result) {\n\t\t\t\treturn $this->response($result['num_subdom']);\n\t\t\t}\n\t\t}\n\t\treturn $this->response(0);\n\t}\n\n\t/**\n\t * delete a subdomain by either id or domainname\n\t *\n\t * @param int $id\n\t * optional, the domain-id\n\t * @param string $domainname\n\t * optional, the domainname\n\t * @param int $customerid\n\t * optional, required when called as admin (if $loginname is not specified)\n\t * @param string $loginname\n\t * optional, required when called as admin (if $customerid is not specified)\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function delete()\n\t{\n\t\t$id = $this->getParam('id', true, 0);\n\t\t$dn_optional = $id > 0;\n\t\t$domainname = $this->getParam('domainname', $dn_optional, '');\n\n\t\tif ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'domains')) {\n\t\t\tthrow new Exception(\"You cannot access this resource\", 405);\n\t\t}\n\n\t\t$result = $this->apiCall('SubDomains.get', [\n\t\t\t'id' => $id,\n\t\t\t'domainname' => $domainname\n\t\t]);\n\t\t$id = $result['id'];\n\n\t\t// get needed customer info to reduce the subdomain-usage-counter by one\n\t\t$customer = $this->getCustomerData();\n\n\t\tif (!$this->isAdmin() && $result['caneditdomain'] == 0) {\n\t\t\tthrow new Exception(\"You cannot edit this resource\", 405);\n\t\t}\n\n\t\tif ($result['isemaildomain'] == '1') {\n\t\t\t// check for e-mail addresses\n\t\t\t$emails_stmt = Database::prepare(\"\n\t\t\t\tSELECT COUNT(`id`) AS `count` FROM `\" . TABLE_MAIL_VIRTUAL . \"`\n\t\t\t\tWHERE `customerid` = :customerid AND `domainid` = :domainid\n\t\t\t\");\n\t\t\t$emails = Database::pexecute_first($emails_stmt, [\n\t\t\t\t\"customerid\" => $customer['customerid'],\n\t\t\t\t\"domainid\" => $id\n\t\t\t], true, true);\n\n\t\t\tif ($emails['count'] != '0') {\n\t\t\t\tResponse::standardError('domains_cantdeletedomainwithemail', '', true);\n\t\t\t}\n\t\t}\n\n\t\tif ((int)$result['aliasdomain'] !== 0) {\n\t\t\tDomain::triggerLetsEncryptCSRForAliasDestinationDomain($result['aliasdomain'], $this->logger());\n\t\t}\n\n\t\t// delete domain from table\n\t\t$stmt = Database::prepare(\"\n\t\t\tDELETE FROM `\" . TABLE_PANEL_DOMAINS . \"` WHERE `customerid` = :customerid AND `id` = :id\n\t\t\");\n\t\tDatabase::pexecute($stmt, [\n\t\t\t\"customerid\" => $customer['customerid'],\n\t\t\t\"id\" => $id\n\t\t], true, true);\n\n\t\t// remove connections to ips and domainredirects\n\t\t$del_stmt = Database::prepare(\"\n\t\t\tDELETE FROM `\" . TABLE_DOMAINTOIP . \"`\n\t\t\tWHERE `id_domain` = :domainid\n\t\t\");\n\t\tDatabase::pexecute($del_stmt, [\n\t\t\t'domainid' => $id\n\t\t], true, true);\n\n\t\t// remove redirect-codes\n\t\t$del_stmt = Database::prepare(\"\n\t\t\tDELETE FROM `\" . TABLE_PANEL_DOMAINREDIRECTS . \"`\n\t\t\tWHERE `did` = :domainid\n\t\t\");\n\t\tDatabase::pexecute($del_stmt, [\n\t\t\t'domainid' => $id\n\t\t], true, true);\n\n\t\t// remove certificate from domain_ssl_settings, fixes #1596\n\t\t$del_stmt = Database::prepare(\"\n\t\t\tDELETE FROM `\" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . \"`\n\t\t\tWHERE `domainid` = :domainid\n\t\t\");\n\t\tDatabase::pexecute($del_stmt, [\n\t\t\t'domainid' => $id\n\t\t], true, true);\n\n\t\t// remove possible existing DNS entries\n\t\t$del_stmt = Database::prepare(\"\n\t\t\tDELETE FROM `\" . TABLE_DOMAIN_DNS . \"`\n\t\t\tWHERE `domain_id` = :domainid\n\t\t\");\n\t\tDatabase::pexecute($del_stmt, [\n\t\t\t'domainid' => $id\n\t\t], true, true);\n\n\t\tCronjob::inserttask(TaskId::REBUILD_VHOST);\n\t\t// Using nameserver, insert a task which rebuilds the server config\n\t\tCronjob::inserttask(TaskId::REBUILD_DNS);\n\t\t// remove domains DNS from powerDNS if used, #581\n\t\tCronjob::inserttask(TaskId::DELETE_DOMAIN_PDNS, $result['domain']);\n\t\t// remove domain from acme.sh / lets encrypt if used\n\t\tCronjob::inserttask(TaskId::DELETE_DOMAIN_SSL, $result['domain']);\n\n\t\t// reduce subdomain-usage-counter\n\t\tCustomers::decreaseUsage($customer['customerid'], 'subdomains_used');\n\n\t\t$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_WARNING, \"[API] deleted subdomain '\" . $result['domain'] . \"'\");\n\t\treturn $this->response($result);\n\t}\n}\n" }, { "path": "lib/Froxlor/Api/Commands/SysLog.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Api\\Commands;\n\nuse Exception;\nuse Froxlor\\Api\\ApiCommand;\nuse Froxlor\\Api\\ResourceEntity;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\FroxlorLogger;\nuse PDO;\n\n/**\n * @since 0.10.6\n */\nclass SysLog extends ApiCommand implements ResourceEntity\n{\n\n\t/**\n\t * list all log-entries\n\t *\n\t * @param array $sql_search\n\t * optional array with index = fieldname, and value = array with 'op' => operator (one of <, > or =),\n\t * LIKE is used if left empty and 'value' => searchvalue\n\t * @param int $sql_limit\n\t * optional specify number of results to be returned\n\t * @param int $sql_offset\n\t * optional specify offset for resultset\n\t * @param array $sql_orderby\n\t * optional array with index = fieldname and value = ASC|DESC to order the resultset by one or more\n\t * fields\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded array count|list\n\t * @throws Exception\n\t */\n\tpublic function listing()\n\t{\n\t\t$result = [];\n\t\t$query_fields = [];\n\t\tif ($this->isAdmin() && $this->getUserDetail('customers_see_all') == '1') {\n\t\t\t$result_stmt = Database::prepare(\"\n\t\t\tSELECT * FROM `\" . TABLE_PANEL_LOG . \"` \" . $this->getSearchWhere($query_fields) . $this->getOrderBy() . $this->getLimit());\n\t\t} elseif ($this->isAdmin()) {\n\t\t\t// get all admin customers\n\t\t\t$_custom_list_result = $this->apiCall('Customers.listing');\n\t\t\t$custom_list_result = $_custom_list_result['list'];\n\t\t\t$customer_names = [];\n\t\t\tforeach ($custom_list_result as $customer) {\n\t\t\t\t$customer_names[] = $customer['loginname'];\n\t\t\t}\n\t\t\tif (count($customer_names) > 0) {\n\t\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\tSELECT * FROM `\" . TABLE_PANEL_LOG . \"`\n\t\t\t\tWHERE `user` = :loginname OR `user` IN ('\" . implode(\"', '\", $customer_names) . \"')\" . $this->getSearchWhere($query_fields, true) . $this->getOrderBy() . $this->getLimit());\n\t\t\t} else {\n\t\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\tSELECT * FROM `\" . TABLE_PANEL_LOG . \"`\n\t\t\t\tWHERE `user` = :loginname\" . $this->getSearchWhere($query_fields, true) . $this->getOrderBy() . $this->getLimit());\n\t\t\t}\n\t\t\t$query_fields['loginname'] = $this->getUserDetail('loginname');\n\t\t} else {\n\t\t\t// every one else just sees their logs\n\t\t\t$result_stmt = Database::prepare(\"\n\t\t\tSELECT * FROM `\" . TABLE_PANEL_LOG . \"`\n\t\t\tWHERE `user` = :loginname AND `action` <> 99 \" . $this->getSearchWhere($query_fields, true) . $this->getOrderBy() . $this->getLimit());\n\t\t\t$query_fields['loginname'] = $this->getUserDetail('loginname');\n\t\t}\n\t\tDatabase::pexecute($result_stmt, $query_fields, true, true);\n\t\twhile ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t// clean log-text\n\t\t\t$row['text'] = preg_replace(\"/[^\\w @#\\\"':.,()\\[\\]+\\-_\\/\\\\\\!]/i\", \"_\", $row['text']);\n\t\t\t$result[] = $row;\n\t\t}\n\t\t$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO, \"[API] list log-entries\");\n\t\treturn $this->response([\n\t\t\t'count' => count($result),\n\t\t\t'list' => $result\n\t\t]);\n\t}\n\n\t/**\n\t * returns the total number of log-entries\n\t *\n\t * @access admin\n\t * @return string json-encoded response message\n\t * @throws Exception\n\t */\n\tpublic function listingCount()\n\t{\n\t\t$params = [];\n\t\t$query_fields = [];\n\t\tif ($this->isAdmin() && $this->getUserDetail('customers_see_all') == '1') {\n\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\tSELECT COUNT(*) as num_logs FROM `\" . TABLE_PANEL_LOG . \"`\n\t\t\t\" . $this->getSearchWhere($query_fields));\n\t\t} elseif ($this->isAdmin()) {\n\t\t\t// get all admin customers\n\t\t\t$_custom_list_result = $this->apiCall('Customers.listing');\n\t\t\t$custom_list_result = $_custom_list_result['list'];\n\t\t\t$customer_names = [];\n\t\t\tforeach ($custom_list_result as $customer) {\n\t\t\t\t$customer_names[] = $customer['loginname'];\n\t\t\t}\n\t\t\tif (count($customer_names) > 0) {\n\t\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\t\tSELECT COUNT(*) as num_logs FROM `\" . TABLE_PANEL_LOG . \"`\n\t\t\t\t\tWHERE `user` = :loginname OR `user` IN ('\" . implode(\"', '\", $customer_names) . \"')\n\t\t\t\t\" . $this->getSearchWhere($query_fields, true));\n\t\t\t} else {\n\t\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\t\tSELECT COUNT(*) as num_logs FROM `\" . TABLE_PANEL_LOG . \"`\n\t\t\t\t\tWHERE `user` = :loginname\n\t\t\t\t\" . $this->getSearchWhere($query_fields, true));\n\t\t\t}\n\t\t\t$params = [\n\t\t\t\t'loginname' => $this->getUserDetail('loginname')\n\t\t\t];\n\t\t} else {\n\t\t\t// every one else just sees their logs\n\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\tSELECT COUNT(*) as num_logs FROM `\" . TABLE_PANEL_LOG . \"`\n\t\t\t\tWHERE `user` = :loginname AND `action` <> 99\n\t\t\t\" . $this->getSearchWhere($query_fields, true));\n\t\t\t$params = [\n\t\t\t\t'loginname' => $this->getUserDetail('loginname')\n\t\t\t];\n\t\t}\n\t\t$params = array_merge($params, $query_fields);\n\t\t$result = Database::pexecute_first($result_stmt, $params, true, true);\n\t\tif ($result) {\n\t\t\treturn $this->response($result['num_logs']);\n\t\t}\n\t\treturn $this->response(0);\n\t}\n\n\t/**\n\t * You cannot get log entries\n\t */\n\tpublic function get()\n\t{\n\t\tthrow new Exception('You cannot get log entries', 303);\n\t}\n\n\t/**\n\t * You cannot add log entries\n\t */\n\tpublic function add()\n\t{\n\t\tthrow new Exception('You cannot add log entries', 303);\n\t}\n\n\t/**\n\t * You cannot update log entries\n\t */\n\tpublic function update()\n\t{\n\t\tthrow new Exception('You cannot update log entries', 303);\n\t}\n\n\t/**\n\t * delete log entries\n\t *\n\t * @param int $min_to_keep\n\t * optional minutes to keep, default is 10\n\t *\n\t * @access admin\n\t * @return string json-encoded array\n\t * @throws Exception\n\t */\n\tpublic function delete()\n\t{\n\t\tif ($this->isAdmin()) {\n\t\t\t$min_to_keep = self::getParam('min_to_keep', true, 10);\n\t\t\tif ($min_to_keep < 0) {\n\t\t\t\t$min_to_keep = 0;\n\t\t\t}\n\t\t\t$truncatedate = time() - (60 * $min_to_keep);\n\t\t\t$params = [];\n\t\t\tif ($this->getUserDetail('customers_see_all') == '1') {\n\t\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\t\tDELETE FROM `\" . TABLE_PANEL_LOG . \"` WHERE `date` < :trunc\n\t\t\t\t\");\n\t\t\t} else {\n\t\t\t\t// get all admin customers\n\t\t\t\t$_custom_list_result = $this->apiCall('Customers.listing');\n\t\t\t\t$custom_list_result = $_custom_list_result['list'];\n\t\t\t\t$customer_names = [];\n\t\t\t\tforeach ($custom_list_result as $customer) {\n\t\t\t\t\t$customer_names[] = $customer['loginname'];\n\t\t\t\t}\n\t\t\t\tif (count($customer_names) > 0) {\n\t\t\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\t\t\tDELETE FROM `\" . TABLE_PANEL_LOG . \"` WHERE `date` < :trunc AND `user` = :loginname OR `user` IN ('\" . implode(\"', '\", $customer_names) . \"')\n\t\t\t\t\t\");\n\t\t\t\t} else {\n\t\t\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\t\t\tDELETE FROM `\" . TABLE_PANEL_LOG . \"` WHERE `date` < :trunc AND `user` = :loginname\n\t\t\t\t\t\");\n\t\t\t\t}\n\t\t\t\t$params = [\n\t\t\t\t\t'loginname' => $this->getUserDetail('loginname')\n\t\t\t\t];\n\t\t\t}\n\t\t\t$params['trunc'] = $truncatedate;\n\t\t\tDatabase::pexecute($result_stmt, $params, true, true);\n\t\t\t$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_WARNING, \"[API] truncated the froxlor syslog\");\n\t\t\treturn $this->response(true);\n\t\t}\n\t\tthrow new Exception(\"Not allowed to execute given command.\", 403);\n\t}\n}\n" }, { "path": "lib/Froxlor/Api/Commands/Traffic.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Api\\Commands;\n\nuse Exception;\nuse Froxlor\\Api\\ApiCommand;\nuse Froxlor\\Api\\ResourceEntity;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\FroxlorLogger;\nuse PDO;\n\n/**\n * @since 0.10.0\n */\nclass Traffic extends ApiCommand implements ResourceEntity\n{\n\n\t/**\n\t * You cannot add traffic data\n\t *\n\t * @throws Exception\n\t */\n\tpublic function add()\n\t{\n\t\tthrow new Exception('You cannot add traffic data', 303);\n\t}\n\n\t/**\n\t * to get specific traffic details use year, month and/or day parameter for Traffic.listing()\n\t *\n\t * @throws Exception\n\t */\n\tpublic function get()\n\t{\n\t\tthrow new Exception('To get specific traffic details use year, month and/or day parameter for Traffic.listing()', 303);\n\t}\n\n\t/**\n\t * You cannot update traffic data\n\t *\n\t * @throws Exception\n\t */\n\tpublic function update()\n\t{\n\t\tthrow new Exception('You cannot update traffic data', 303);\n\t}\n\n\t/**\n\t * list traffic information\n\t *\n\t * @param int $year\n\t * optional, default empty\n\t * @param int $month\n\t * optional, default empty\n\t * @param int $day\n\t * optional, default empty\n\t * @param int $date_from\n\t * optional timestamp, default empty, if specified, $year, $month and $day will be ignored\n\t * @param int $date_until\n\t * optional timestamp, default empty, if specified, $year, $month and $day will be ignored\n\t * @param bool $customer_traffic\n\t * optional, admin-only, whether to output ones own traffic or all of ones customers, default is 0\n\t * (false)\n\t * @param int $customerid\n\t * optional, admin-only, select traffic of a specific customer by id\n\t * @param string $loginname\n\t * optional, admin-only, select traffic of a specific customer by loginname\n\t *\n\t * @access admin, customer\n\t * @return string json-encoded array count|list\n\t * @throws Exception\n\t */\n\tpublic function listing()\n\t{\n\t\t$year = $this->getParam('year', true, \"\");\n\t\t$month = $this->getParam('month', true, \"\");\n\t\t$day = $this->getParam('day', true, \"\");\n\t\t$date_from = $this->getParam('date_from', true, -1);\n\t\t$date_until = $this->getParam('date_until', true, -1);\n\t\t$customer_traffic = $this->getBoolParam('customer_traffic', true, 0);\n\t\t$customer_ids = $this->getAllowedCustomerIds();\n\t\t$result = [];\n\t\t$params = [];\n\n\t\t// validate parameters\n\t\tif ($date_from >= 0 || $date_until >= 0) {\n\t\t\t$year = \"\";\n\t\t\t$month = \"\";\n\t\t\t$day = \"\";\n\t\t\tif ($date_from == $date_until) {\n\t\t\t\t$date_until = -1;\n\t\t\t}\n\t\t\tif ($date_from >= 0 && $date_until >= 0 && $date_until < $date_from) {\n\t\t\t\t// switch\n\t\t\t\t$temp_ts = $date_from;\n\t\t\t\t$date_from = $date_until;\n\t\t\t\t$date_until = $temp_ts;\n\t\t\t}\n\t\t}\n\n\t\t// check for year/month/day\n\t\t$where_str = \"\";\n\t\tif (!empty($year) && is_numeric($year)) {\n\t\t\t$where_str .= \" AND `year` = :year\";\n\t\t\t$params['year'] = $year;\n\t\t}\n\t\tif (!empty($month) && is_numeric($month)) {\n\t\t\t$where_str .= \" AND `month` = :month\";\n\t\t\t$params['month'] = $month;\n\t\t}\n\t\tif (!empty($day) && is_numeric($day)) {\n\t\t\t$where_str .= \" AND `day` = :day\";\n\t\t\t$params['day'] = $day;\n\t\t}\n\t\tif ($date_from >= 0 && $date_until >= 0) {\n\t\t\t$where_str .= \" AND `stamp` BETWEEN :df AND :du\";\n\t\t\t$params['df'] = $date_from;\n\t\t\t$params['du'] = $date_until;\n\t\t} elseif ($date_from >= 0 && $date_until < 0) {\n\t\t\t$where_str .= \" AND `stamp` > :df\";\n\t\t\t$params['df'] = $date_from;\n\t\t} elseif ($date_from < 0 && $date_until >= 0) {\n\t\t\t$where_str .= \" AND `stamp` < :du\";\n\t\t\t$params['du'] = $date_until;\n\t\t}\n\n\t\tif (!$this->isAdmin() || ($this->isAdmin() && $customer_traffic)) {\n\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\tSELECT * FROM `\" . TABLE_PANEL_TRAFFIC . \"`\n\t\t\t\tWHERE `customerid` IN (\" . implode(\", \", $customer_ids) . \")\" . $where_str);\n\t\t} else {\n\t\t\t$params['adminid'] = $this->getUserDetail('adminid');\n\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\tSELECT * FROM `\" . TABLE_PANEL_TRAFFIC_ADMINS . \"`\n\t\t\t\tWHERE `adminid` = :adminid\" . $where_str);\n\t\t}\n\t\tDatabase::pexecute($result_stmt, $params, true, true);\n\t\twhile ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t// make Bytes from KB\n\t\t\t$row['http'] *= 1024;\n\t\t\t$row['ftp_up'] *= 1024;\n\t\t\t$row['ftp_down'] *= 1024;\n\t\t\t$row['mail'] *= 1024;\n\t\t\t$result[] = $row;\n\t\t}\n\t\t$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO, \"[API] list traffic\");\n\t\treturn $this->response([\n\t\t\t'count' => count($result),\n\t\t\t'list' => $result\n\t\t]);\n\t}\n\n\t/**\n\t * You cannot count the traffic data list\n\t *\n\t * @throws Exception\n\t */\n\tpublic function listingCount()\n\t{\n\t\tthrow new Exception('You cannot count the traffic data list', 303);\n\t}\n\n\t/**\n\t * You cannot delete traffic data\n\t *\n\t * @throws Exception\n\t */\n\tpublic function delete()\n\t{\n\t\tthrow new Exception('You cannot delete traffic data', 303);\n\t}\n}\n" }, { "path": "lib/Froxlor/Api/Commands/index.html", "content": "" }, { "path": "lib/Froxlor/Api/FroxlorRPC.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Api;\n\nuse Exception;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\System\\IPTools;\n\nclass FroxlorRPC\n{\n\t/**\n\t * validate a given request\n\t *\n\t * @param $request\n\t * @return array\n\t * @throws Exception\n\t */\n\tpublic static function validateRequest($request): array\n\t{\n\t\t// make basic authentication\n\t\tif (!isset($_SERVER['PHP_AUTH_USER']) || !self::validateAuth($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'])) {\n\t\t\tif (@php_sapi_name() !== 'cli') {\n\t\t\t\theader('WWW-Authenticate: Basic realm=\"API\"');\n\t\t\t}\n\t\t\tthrow new Exception('Unauthenticated. Please provide api user credentials.', 401);\n\t\t}\n\n\t\t// check if present\n\t\tif (empty($request)) {\n\t\t\tthrow new Exception('Empty request body.', 400);\n\t\t}\n\n\t\t// decode json request\n\t\t$decoded_request = json_decode($request, true);\n\n\t\t// is it valid?\n\t\tif (is_null($decoded_request)) {\n\t\t\tthrow new Exception('Invalid JSON Format.', 400);\n\t\t}\n\n\t\treturn self::validateBody($decoded_request);\n\t}\n\n\t/**\n\t * validates the given api credentials\n\t *\n\t * @param string $key\n\t * @param string $secret\n\t *\n\t * @return bool\n\t */\n\tprivate static function validateAuth(string $key, string $secret): bool\n\t{\n\t\t$sel_stmt = Database::prepare(\n\t\t\t\"\n\t\t\tSELECT ak.*, a.api_allowed as admin_api_allowed, c.api_allowed as cust_api_allowed, c.deactivated\n\t\t\tFROM `api_keys` ak\n\t\t\tLEFT JOIN `panel_admins` a ON a.adminid = ak.adminid\n\t\t\tLEFT JOIN `panel_customers` c ON c.customerid = ak.customerid\n\t\t\tWHERE `apikey` = :ak AND `secret` = :as\n\t\t\"\n\t\t);\n\t\t$result = Database::pexecute_first($sel_stmt, [\n\t\t\t'ak' => $key,\n\t\t\t'as' => $secret\n\t\t], true, true);\n\t\tif ($result) {\n\t\t\tif ($result['apikey'] == $key && $result['secret'] == $secret && ($result['valid_until'] == -1 || $result['valid_until'] >= time()) && (($result['customerid'] == 0 && $result['admin_api_allowed'] == 1) || ($result['customerid'] > 0 && $result['cust_api_allowed'] == 1 && $result['deactivated'] == 0))) {\n\t\t\t\t// get user to check whether api call is allowed\n\t\t\t\tif (!empty($result['allowed_from'])) {\n\t\t\t\t\t// @todo allow specification and validating of whole subnets later\n\t\t\t\t\t$ip_list = explode(\",\", $result['allowed_from']);\n\t\t\t\t\tif (self::validateAllowedFrom($ip_list, $_SERVER['REMOTE_ADDR'])) {\n\t\t\t\t\t\treturn true;\n\t\t\t\t\t}\n\t\t\t\t} else {\n\t\t\t\t\treturn true;\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t\tthrow new Exception('Invalid authorization credentials', 403);\n\t}\n\n\t/**\n\t * validate if given remote_addr is within the list of allowed ip/ip-ranges\n\t *\n\t * @param array $allowed_from\n\t * @param string $remote_addr\n\t *\n\t * @return bool\n\t */\n\tpublic static function validateAllowedFrom(array $allowed_from, string $remote_addr): bool\n\t{\n\t\t// shorten IP for comparison\n\t\t$remote_addr = inet_ntop(inet_pton($remote_addr));\n\t\t// check for direct matches\n\t\tif (in_array($remote_addr, $allowed_from)) {\n\t\t\treturn true;\n\t\t}\n\t\t// check for possible cidr ranges\n\t\tforeach ($allowed_from as $ip) {\n\t\t\t$ip_cidr = explode(\"/\", $ip);\n\t\t\tif (count($ip_cidr) == 2 && IPTools::ip_in_range($ip_cidr, $remote_addr)) {\n\t\t\t\treturn true;\n\t\t\t}\n\t\t}\n\t\treturn false;\n\t}\n\n\t/**\n\t * validates the given command\n\t *\n\t * @param array $request\n\t *\n\t * @return array\n\t * @throws Exception\n\t */\n\tprivate static function validateBody($request)\n\t{\n\t\t// check command exists\n\t\tif (empty($request['command'])) {\n\t\t\tthrow new Exception(\"Please provide a command.\", 400);\n\t\t}\n\n\t\t$command = explode(\".\", $request['command']);\n\n\t\tif (count($command) != 2) {\n\t\t\tthrow new Exception(\"The given command is invalid.\", 400);\n\t\t}\n\t\t// simply check for file-existance, as we do not want to use our autoloader because this way\n\t\t// it will recognize non-api classes+methods as valid commands\n\t\t$apiclass = '\\\\Froxlor\\\\Api\\\\Commands\\\\' . $command[0];\n\t\tif (!class_exists($apiclass) || !@method_exists($apiclass, $command[1])) {\n\t\t\tthrow new Exception(\"Unknown command\", 400);\n\t\t}\n\t\treturn [\n\t\t\t'command' => [\n\t\t\t\t'class' => $command[0],\n\t\t\t\t'method' => $command[1]\n\t\t\t],\n\t\t\t'params' => $request['params'] ?? null\n\t\t];\n\t}\n}\n" }, { "path": "lib/Froxlor/Api/ResourceEntity.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Api;\n\n/**\n * @since 0.10.0\n */\ninterface ResourceEntity\n{\n\n\tpublic function listing();\n\n\tpublic function listingCount();\n\n\tpublic function get();\n\n\tpublic function add();\n\n\tpublic function update();\n\n\tpublic function delete();\n}\n" }, { "path": "lib/Froxlor/Api/Response.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Api;\n\nclass Response\n{\n\tpublic static function jsonDataResponse($data = null, int $response_code = 200)\n\t{\n\t\treturn self::jsonResponse(['data' => $data], $response_code);\n\t}\n\n\tpublic static function jsonResponse($data = null, int $response_code = 200)\n\t{\n\t\tif (!defined('TRAVIS_CI') || TRAVIS_CI == 0) {\n\t\t\thttp_response_code($response_code);\n\t\t}\n\n\t\treturn json_encode($data, JSON_UNESCAPED_SLASHES | JSON_PRETTY_PRINT);\n\t}\n\n\tpublic static function jsonErrorResponse($message = null, int $response_code = 400)\n\t{\n\t\treturn self::jsonResponse(['message' => $message], $response_code);\n\t}\n}\n" }, { "path": "lib/Froxlor/Api/index.html", "content": "" }, { "path": "lib/Froxlor/Bulk/BulkAction.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Bulk;\n\nuse Exception;\nuse Froxlor\\FileDir;\n\n/**\n * Abstract Class BulkAction to mass-import entities\n *\n * @author Michael Kaufmann (d00p) \n *\n */\nabstract class BulkAction\n{\n\n\t/**\n\t * logged in user\n\t *\n\t * @var array\n\t */\n\tprotected $userinfo = [];\n\t/**\n\t * complete path including filename of file to be imported\n\t *\n\t * @var string\n\t */\n\tprivate $impFile = null;\n\t/**\n\t * api-function to call for addingg entity\n\t *\n\t * @var string\n\t */\n\tprivate $api_call = null;\n\t/**\n\t * api-function parameter names, read from import-file (first line)\n\t *\n\t * @var array\n\t */\n\tprivate $api_params = null;\n\t/**\n\t * errors while importing\n\t *\n\t * @var array\n\t */\n\tprivate $errors = [];\n\n\t/**\n\t * class constructor, optionally sets file and customer-id\n\t *\n\t * @param string $import_file\n\t * @param array $userinfo\n\t *\n\t * @return object BulkAction instance\n\t */\n\tprotected function __construct(string $import_file = null, array $userinfo = [])\n\t{\n\t\tif (!empty($import_file)) {\n\t\t\t$this->impFile = FileDir::makeCorrectFile($import_file);\n\t\t}\n\t\t$this->userinfo = $userinfo;\n\t}\n\n\t/**\n\t * import the parsed import file data with an optional separator other then semicolon\n\t * and offset (maybe for header-line in csv or similar)\n\t *\n\t * @param string $separator\n\t * @param int $offset\n\t *\n\t * @return array 'all' => amount of records processed, 'imported' => number of imported records\n\t */\n\tabstract public function doImport(string $separator = \";\", int $offset = 0);\n\n\t/**\n\t * setter for import-file\n\t *\n\t * @param string $import_file\n\t *\n\t * @return void\n\t */\n\tpublic function setImportFile($import_file = null)\n\t{\n\t\t$this->impFile = FileDir::makeCorrectFile($import_file);\n\t}\n\n\t/**\n\t * return the list of errors\n\t *\n\t * @return array\n\t */\n\tpublic function getErrors()\n\t{\n\t\treturn $this->errors;\n\t}\n\n\t/**\n\t * setter for api_call\n\t *\n\t * @param string $api_call\n\t *\n\t * @return void\n\t */\n\tprotected function setApiCall($api_call = \"\")\n\t{\n\t\t$this->api_call = $api_call;\n\t}\n\n\tprotected function importEntity($data_array = null)\n\t{\n\t\tif (empty($data_array)) {\n\t\t\treturn null;\n\t\t}\n\n\t\t$module = '\\\\Froxlor\\\\Api\\\\Commands\\\\' . substr($this->api_call, 0, strpos($this->api_call, \".\"));\n\t\t$function = substr($this->api_call, strpos($this->api_call, \".\") + 1);\n\n\t\t$new_data = [];\n\t\tforeach ($this->api_params as $idx => $param) {\n\t\t\tif (isset($data_array[$idx])) {\n\t\t\t\t$new_data[$param] = $data_array[$idx];\n\t\t\t}\n\t\t}\n\n\t\t$result = null;\n\t\ttry {\n\t\t\t$json_result = $module::getLocal($this->userinfo, $new_data)->$function();\n\t\t\t$result = json_decode($json_result, true)['data'];\n\t\t} catch (Exception $e) {\n\t\t\t$this->errors[] = $e->getMessage();\n\t\t}\n\t\treturn !empty($result);\n\t}\n\n\t/**\n\t * reads in the csv import file and returns an array with\n\t * all the entities to be imported\n\t *\n\t * @param string $separator\n\t *\n\t * @return array\n\t */\n\tprotected function parseImportFile($separator = \";\")\n\t{\n\t\tif (empty($this->impFile)) {\n\t\t\tthrow new Exception(\"No file was given for import\");\n\t\t}\n\n\t\tif (!file_exists($this->impFile)) {\n\t\t\tthrow new Exception(\"The file '\" . $this->impFile . \"' could not be found\");\n\t\t}\n\n\t\tif (!is_readable($this->impFile)) {\n\t\t\tthrow new Exception(\"Unable to read file '\" . $this->impFile . \"'\");\n\t\t}\n\n\t\tif (empty($separator) || strlen($separator) != 1) {\n\t\t\tthrow new Exception(\"Invalid separator specified: '\" . $separator . \"'\");\n\t\t}\n\n\t\t$file_data = [];\n\t\t$is_params_line = true;\n\t\t$fh = @fopen($this->impFile, \"r\");\n\t\tif ($fh) {\n\t\t\twhile (($line = fgets($fh)) !== false) {\n\t\t\t\t$tmp_arr = explode($separator, $line);\n\t\t\t\t$data_arr = [];\n\t\t\t\tforeach ($tmp_arr as $idx => $data) {\n\t\t\t\t\tif ($is_params_line) {\n\t\t\t\t\t\t$this->api_params[$idx] = $data;\n\t\t\t\t\t} else {\n\t\t\t\t\t\t$data_arr[$idx] = $data;\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\tif ($is_params_line) {\n\t\t\t\t\t$is_params_line = false;\n\t\t\t\t\tcontinue;\n\t\t\t\t}\n\t\t\t\t$file_data[] = array_map(\"trim\", $data_arr);\n\t\t\t}\n\t\t\t$this->api_params = array_map(\"trim\", $this->api_params);\n\t\t} else {\n\t\t\tthrow new Exception(\"Unable to open file '\" . $this->impFile . \"'\");\n\t\t}\n\t\tfclose($fh);\n\n\t\treturn $file_data;\n\t}\n\n}\n" }, { "path": "lib/Froxlor/Bulk/DomainBulkAction.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Bulk;\n\nuse Exception;\n\n/**\n * Class DomainBulkAction to mass-import domains for a given customer\n */\nclass DomainBulkAction extends BulkAction\n{\n\n\t/**\n\t * @param string $import_file\n\t * @param array $userinfo\n\t *\n\t * @return DomainBulkAction\n\t */\n\tpublic function __construct(string $import_file = null, array $userinfo = [])\n\t{\n\t\tparent::__construct($import_file, $userinfo);\n\t\t$this->setApiCall('Domains.add');\n\t}\n\n\t/**\n\t * import the parsed import file data with an optional separator other then semicolon\n\t * and offset (maybe for header-line in csv or similar)\n\t *\n\t * @param string $separator\n\t * @param int $offset\n\t *\n\t * @return array 'all' => amount of records processed, 'imported' => number of imported records\n\t */\n\tpublic function doImport(string $separator = \";\", int $offset = 0)\n\t{\n\t\tif ($this->userinfo['domains'] == \"-1\") {\n\t\t\t$dom_unlimited = true;\n\t\t} else {\n\t\t\t$dom_unlimited = false;\n\t\t}\n\n\t\t$domains_used = (int)$this->userinfo['domains_used'];\n\t\t$domains_avail = (int)$this->userinfo['domains'];\n\n\t\tif (!is_int($offset) || $offset < 0) {\n\t\t\tthrow new Exception(\"Invalid offset specified\");\n\t\t}\n\n\t\ttry {\n\t\t\t$domain_array = $this->parseImportFile($separator);\n\t\t} catch (Exception $e) {\n\t\t\tthrow $e;\n\t\t}\n\n\t\tif (count($domain_array) <= 0) {\n\t\t\tthrow new Exception(\"No domains were read from the file.\");\n\t\t}\n\n\t\t$global_counter = 0;\n\t\t$import_counter = 0;\n\t\t$note = '';\n\t\tforeach ($domain_array as $idx => $dom) {\n\t\t\tif ($idx >= $offset) {\n\t\t\t\tif ($dom_unlimited || (!$dom_unlimited && $domains_used < $domains_avail)) {\n\t\t\t\t\t$result = $this->importEntity($dom);\n\t\t\t\t\tif ($result) {\n\t\t\t\t\t\t$import_counter++;\n\t\t\t\t\t\t$domains_used++;\n\t\t\t\t\t}\n\t\t\t\t} else {\n\t\t\t\t\t$note .= 'You have reached your maximum allocation of domains (' . $domains_avail . ').';\n\t\t\t\t\tbreak;\n\t\t\t\t}\n\t\t\t}\n\t\t\t$global_counter++;\n\t\t}\n\n\t\treturn [\n\t\t\t'all' => $global_counter,\n\t\t\t'imported' => $import_counter,\n\t\t\t'notice' => $note\n\t\t];\n\t}\n}\n" }, { "path": "lib/Froxlor/Bulk/index.html", "content": "" }, { "path": "lib/Froxlor/Cli/CliCommand.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Cli;\n\nuse Exception;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\Froxlor;\nuse Froxlor\\Settings;\nuse PDO;\nuse Symfony\\Component\\Console\\Command\\Command;\nuse Symfony\\Component\\Console\\Output\\OutputInterface;\n\nclass CliCommand extends Command\n{\n\n\tprotected function validateRequirements(OutputInterface $output, bool $ignore_has_updates = false): int\n\t{\n\t\tif (!file_exists(Froxlor::getInstallDir() . '/lib/userdata.inc.php')) {\n\t\t\t$output->writeln(\"Could not find froxlor's userdata.inc.php file. You should use this script only with an installed froxlor system.\");\n\t\t\treturn self::INVALID;\n\t\t}\n\t\t// try database connection\n\t\ttry {\n\t\t\tDatabase::query(\"SELECT 1\");\n\t\t} catch (Exception $e) {\n\t\t\t// Do not proceed further if no database connection could be established\n\t\t\t$output->writeln(\"\" . $e->getMessage() . \"\");\n\t\t\treturn self::INVALID;\n\t\t}\n\t\tif (!$ignore_has_updates && (Froxlor::hasUpdates() || Froxlor::hasDbUpdates())) {\n\t\t\tif ((int)Settings::Get('system.cron_allowautoupdate') == 1) {\n\t\t\t\treturn $this->runUpdate($output);\n\t\t\t} else {\n\t\t\t\t$output->writeln(\"It seems that the froxlor files have been updated. Please login and finish the update procedure.\");\n\t\t\t\treturn self::INVALID;\n\t\t\t}\n\t\t}\n\t\treturn self::SUCCESS;\n\t}\n\n\tprotected function getUserByName(?string $loginname, bool $deactivated_check = true): array\n\t{\n\t\tif (empty($loginname)) {\n\t\t\tthrow new Exception(\"Empty username\");\n\t\t}\n\n\t\t$stmt = Database::prepare(\"\n\t\t\tSELECT `loginname` AS `customer`\n\t\t\tFROM `\" . TABLE_PANEL_CUSTOMERS . \"`\n\t\t\tWHERE `loginname`= :loginname\n\t\t\");\n\t\tDatabase::pexecute($stmt, [\n\t\t\t\"loginname\" => $loginname\n\t\t]);\n\t\t$row = $stmt->fetch(PDO::FETCH_ASSOC);\n\n\t\tif ($row && $row['customer'] == $loginname) {\n\t\t\t$table = \"`\" . TABLE_PANEL_CUSTOMERS . \"`\";\n\t\t\t$adminsession = '0';\n\t\t} else {\n\t\t\t$stmt = Database::prepare(\"\n\t\t\t\tSELECT `loginname` AS `admin` FROM `\" . TABLE_PANEL_ADMINS . \"`\n\t\t\t\tWHERE `loginname`= :loginname\n\t\t\t\");\n\t\t\tDatabase::pexecute($stmt, [\n\t\t\t\t\"loginname\" => $loginname\n\t\t\t]);\n\t\t\t$row = $stmt->fetch(PDO::FETCH_ASSOC);\n\n\t\t\tif ($row && $row['admin'] == $loginname) {\n\t\t\t\t$table = \"`\" . TABLE_PANEL_ADMINS . \"`\";\n\t\t\t\t$adminsession = '1';\n\t\t\t} else {\n\t\t\t\tthrow new Exception(\"Unknown user '\" . $loginname . \"'\");\n\t\t\t}\n\t\t}\n\n\t\t$userinfo_stmt = Database::prepare(\"\n\t\t\tSELECT * FROM $table\n\t\t\tWHERE `loginname`= :loginname\n\t\t\");\n\t\tDatabase::pexecute($userinfo_stmt, [\n\t\t\t\"loginname\" => $loginname\n\t\t]);\n\t\t$userinfo = $userinfo_stmt->fetch(PDO::FETCH_ASSOC);\n\t\t$userinfo['adminsession'] = $adminsession;\n\n\t\tif ($deactivated_check && $userinfo['deactivated']) {\n\t\t\tthrow new Exception(\"User '\" . $loginname . \"' is currently deactivated\");\n\t\t}\n\n\t\treturn $userinfo;\n\t}\n\n\tprotected function runUpdate(OutputInterface $output, bool $manual = false): int\n\t{\n\t\tif (!$manual) {\n\t\t\t$output->writeln('Automatic update is activated and we are going to proceed without any notices');\n\t\t}\n\t\tinclude_once Froxlor::getInstallDir() . '/lib/tables.inc.php';\n\t\tdefine('_CRON_UPDATE', 1);\n\t\tob_start([\n\t\t\t$this,\n\t\t\t'cleanUpdateOutput'\n\t\t]);\n\t\tinclude_once Froxlor::getInstallDir() . '/install/updatesql.php';\n\t\tob_end_flush();\n\t\t$output->writeln('' . ($manual ? 'Database' : 'Automatic') . ' update done - you should check your settings to be sure everything is fine');\n\t\treturn self::SUCCESS;\n\t}\n\n\tprivate function cleanUpdateOutput($buffer): string\n\t{\n\t\treturn strip_tags(preg_replace(\"//\", \"\\n\", $buffer));\n\t}\n}\n" }, { "path": "lib/Froxlor/Cli/ConfigDiff.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Cli;\n\nuse Froxlor\\Config\\ConfigParser;\nuse Froxlor\\FileDir;\nuse Froxlor\\Froxlor;\nuse Symfony\\Component\\Console\\Input\\InputArgument;\nuse Symfony\\Component\\Console\\Input\\InputInterface;\nuse Symfony\\Component\\Console\\Input\\InputOption;\nuse Symfony\\Component\\Console\\Output\\OutputInterface;\n\nfinal class ConfigDiff extends CliCommand\n{\n\tprotected function configure(): void\n\t{\n\t\t$this->setName('froxlor:config-diff')\n\t\t\t->setDescription('Shows differences in config templates between OS versions')\n\t\t\t->addArgument('from', InputArgument::OPTIONAL, 'OS version to compare against')\n\t\t\t->addArgument('to', InputArgument::OPTIONAL, 'OS version to compare from')\n\t\t\t->addOption('list', 'l', InputOption::VALUE_NONE, 'List all possible OS versions')\n\t\t\t->addOption('diff-params', '', InputOption::VALUE_REQUIRED, 'Additional parameters for `diff`, e.g. --diff-params=\"--color=always\"');\n\t}\n\n\t/**\n\t * @throws \\Exception\n\t */\n\tprotected function execute(InputInterface $input, OutputInterface $output): int\n\t{\n\t\trequire Froxlor::getInstallDir() . '/lib/functions.php';\n\n\t\t$parsers = $versions = [];\n\t\tforeach (glob(Froxlor::getInstallDir() . '/lib/configfiles/*.xml') as $config) {\n\t\t\t$name = str_replace(\".xml\", \"\", strtolower(basename($config)));\n\t\t\t$parser = new ConfigParser($config);\n\t\t\t$versions[$name] = $parser->getCompleteDistroName();\n\t\t\t$parsers[$name] = $parser;\n\t\t}\n\t\tasort($versions);\n\n\t\tif ($input->getOption('list') === true) {\n\t\t\t$output->writeln('The following OS version templates are available:');\n\t\t\tforeach ($versions as $k => $v) {\n\t\t\t\t$output->writeln(str_pad($k, 20) . $v);\n\t\t\t}\n\t\t\treturn self::SUCCESS;\n\t\t}\n\n\t\tif (!$input->hasArgument('from') || !array_key_exists($input->getArgument('from'), $versions)) {\n\t\t\t$output->writeln('Missing or invalid \"from\" argument.');\n\t\t\t$output->writeln('Available versions: ' . implode(', ', array_keys($versions)));\n\t\t\treturn self::INVALID;\n\t\t}\n\n\t\tif (!$input->hasArgument('to') || !array_key_exists($input->getArgument('to'), $versions)) {\n\t\t\t$output->writeln('Missing or invalid \"to\" argument.');\n\t\t\t$output->writeln('Available versions: ' . implode(', ', array_keys($versions)));\n\t\t\treturn self::INVALID;\n\t\t}\n\n\t\t// Make sure diff is installed\n\t\t$check_diff_installed = FileDir::safe_exec('which diff');\n\t\tif (count($check_diff_installed) === 0) {\n\t\t\t$output->writeln('Unable to find \"diff\" installation on your system.');\n\t\t\treturn self::INVALID;\n\t\t}\n\n\t\t$parser_from = $parsers[$input->getArgument('from')];\n\t\t$parser_to = $parsers[$input->getArgument('to')];\n\t\t$tmp_from = tempnam(sys_get_temp_dir(), 'froxlor_config_diff_from');\n\t\t$tmp_to = tempnam(sys_get_temp_dir(), 'froxlor_config_diff_to');\n\t\t$files = [];\n\t\t$titles_by_key = [];\n\n\t\t// Aggregate content for each config file\n\t\tforeach ([[$parser_from, 'from'], [$parser_to, 'to']] as $todo) {\n\t\t\tforeach ($todo[0]->getServices() as $service_type => $service) {\n\t\t\t\tforeach ($service->getDaemons() as $daemon_name => $daemon) {\n\t\t\t\t\tforeach ($daemon->getConfig() as $instruction) {\n\t\t\t\t\t\tif ($instruction['type'] !== 'file') {\n\t\t\t\t\t\t\tcontinue;\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\tif (isset($instruction['subcommands'])) {\n\t\t\t\t\t\t\tforeach ($instruction['subcommands'] as $subinstruction) {\n\t\t\t\t\t\t\t\tif ($subinstruction['type'] !== 'file') {\n\t\t\t\t\t\t\t\t\tcontinue;\n\t\t\t\t\t\t\t\t}\n\n\t\t\t\t\t\t\t\t$content = $subinstruction['content'];\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t$content = $instruction['content'];\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\tif (!isset($content)) {\n\t\t\t\t\t\t\tthrow new \\Exception(\"Cannot find content for {$instruction['name']}\");\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\t$key = \"{$service_type}_{$daemon_name}_{$instruction['name']}\";\n\t\t\t\t\t\t$titles_by_key[$key] = \"{$service->title} : {$daemon->title} : {$instruction['name']}\";\n\t\t\t\t\t\tif (!isset($files[$key])) {\n\t\t\t\t\t\t\t$files[$key] = ['from' => '', 'to' => ''];\n\t\t\t\t\t\t}\n\t\t\t\t\t\t$files[$key][$todo[1]] = $this->filterContent($content);\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t\tksort($files);\n\n\t\t$diff_params = '';\n\t\tif ($input->hasOption('diff-params') && trim($input->getOption('diff-params')) !== '') {\n\t\t\t$diff_params = trim($input->getOption('diff-params'));\n\t\t}\n\n\t\t// Run diff on each file and output, if anything changed\n\t\tforeach ($files as $file_key => $content) {\n\t\t\tfile_put_contents($tmp_from, $content['from']);\n\t\t\tfile_put_contents($tmp_to, $content['to']);\n\t\t\t$diff_output = FileDir::safe_exec(\"{$check_diff_installed[0]} {$diff_params} {$tmp_from} {$tmp_to}\");\n\n\t\t\tif (count($diff_output) === 0) {\n\t\t\t\tcontinue;\n\t\t\t}\n\n\t\t\t$output->writeln('# ' . $titles_by_key[$file_key] . '');\n\t\t\t$output->writeln(implode(\"\\n\", $diff_output) . \"\\n\");\n\t\t\tunset($diff_output);\n\t\t}\n\n\t\t// Remove tmp files again\n\t\tunlink($tmp_from);\n\t\tunlink($tmp_to);\n\n\t\treturn self::SUCCESS;\n\t}\n\n\tprivate function filterContent(string $content): string\n\t{\n\t\t$new_content = '';\n\n\t\tforeach (explode(\"\\n\", $content) as $n) {\n\t\t\t$n = trim($n);\n\t\t\tif (!$n) {\n\t\t\t\tcontinue;\n\t\t\t}\n\n\t\t\tif (str_starts_with($n, '#')) {\n\t\t\t\tcontinue;\n\t\t\t}\n\n\t\t\t$new_content .= $n . \"\\n\";\n\t\t}\n\n\t\treturn $new_content;\n\t}\n}\n" }, { "path": "lib/Froxlor/Cli/ConfigServices.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Cli;\n\nuse Exception;\nuse Froxlor\\Config\\ConfigParser;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\FileDir;\nuse Froxlor\\Froxlor;\nuse Froxlor\\PhpHelper;\nuse Froxlor\\Settings;\nuse Froxlor\\SImExporter;\nuse Froxlor\\System\\Crypt;\nuse Symfony\\Component\\Console\\Input\\InputInterface;\nuse Symfony\\Component\\Console\\Input\\InputOption;\nuse Symfony\\Component\\Console\\Output\\OutputInterface;\nuse Symfony\\Component\\Console\\Style\\SymfonyStyle;\n\nfinal class ConfigServices extends CliCommand\n{\n\tprivate $yes_to_all_supported = [\n\t\t'trixie',\n\t\t'bookworm',\n\t\t'bullseye',\n\t\t'focal',\n\t\t'jammy',\n\t\t'noble',\n\t];\n\n\tprotected function configure()\n\t{\n\t\t$this->setName('froxlor:config-services');\n\t\t$this->setDescription('Configure system services');\n\t\t$this->addOption('create', 'c', InputOption::VALUE_NONE, 'Create a services list configuration for the --apply option.')\n\t\t\t->addOption('apply', 'a', InputOption::VALUE_REQUIRED, 'Configure your services by given configuration file/string. To create one run the command with the --create option.')\n\t\t\t->addOption('list', 'l', InputOption::VALUE_NONE, 'Output the services that are going to be configured using a given config file (--apply option). No services will be configured.')\n\t\t\t->addOption('daemon', 'd', InputOption::VALUE_REQUIRED | InputOption::VALUE_IS_ARRAY, 'When used with --apply you can specify one or multiple daemons. These will be the only services that get configured.')\n\t\t\t->addOption('import-settings', 'i', InputOption::VALUE_REQUIRED, 'Import settings from another froxlor installation. This can be done standalone or in addition to --apply.')\n\t\t\t->addOption('yes-to-all', 'A', InputOption::VALUE_NONE, 'Install packages without asking questions (Debian/Ubuntu only currently)')\n\t\t\t->addOption('delete-file', 'D', InputOption::VALUE_NONE, 'If --apply is called with a local file, remove it after successful configurations.');\n\t}\n\n\tprotected function execute(InputInterface $input, OutputInterface $output): int\n\t{\n\t\t$result = $this->validateRequirements($output);\n\n\t\trequire Froxlor::getInstallDir() . '/lib/functions.php';\n\n\t\tif ($result == self::SUCCESS && $input->getOption('import-settings') == false && $input->getOption('create') == false && $input->getOption('apply') == false) {\n\t\t\t$output->writeln('No option given to do something, exiting.');\n\t\t\treturn self::INVALID;\n\t\t}\n\n\t\t// import settings if given\n\t\tif ($result == self::SUCCESS && $input->getOption('import-settings')) {\n\t\t\t$result = $this->importSettings($input, $output);\n\t\t}\n\n\t\tif ($result == self::SUCCESS && $input->getOption('yes-to-all')) {\n\t\t\tif (in_array(Settings::Get('system.distribution'), $this->yes_to_all_supported)) {\n\t\t\t\tputenv(\"DEBIAN_FRONTEND=noninteractive\");\n\t\t\t\texec(\"echo 'APT::Get::Assume-Yes \\\"true\\\";' > /tmp/_tmp_apt.conf\");\n\t\t\t\tputenv(\"APT_CONFIG=/tmp/_tmp_apt.conf\");\n\t\t\t} else {\n\t\t\t\t$output->writeln('--yes-to-all ignored, not configured for supported distribution');\n\t\t\t}\n\t\t}\n\n\t\tif ($result == self::SUCCESS) {\n\t\t\t$io = new SymfonyStyle($input, $output);\n\t\t\tif ($input->getOption('create')) {\n\t\t\t\t$result = $this->createConfig($output, $io);\n\t\t\t} elseif ($input->getOption('apply')) {\n\t\t\t\t$result = $this->applyConfig($input, $output, $io);\n\t\t\t} elseif ($input->getOption('list') || $input->getOption('daemon')) {\n\t\t\t\t$output->writeln('Options --list and --daemon only work together with --apply.');\n\t\t\t\t$result = self::INVALID;\n\t\t\t}\n\t\t}\n\n\t\tif ($input->getOption('yes-to-all') && in_array(Settings::Get('system.distribution'), $this->yes_to_all_supported)) {\n\t\t\tputenv(\"DEBIAN_FRONTEND\");\n\t\t\tunlink(\"/tmp/_tmp_apt.conf\");\n\t\t\tputenv(\"APT_CONFIG\");\n\t\t}\n\n\t\treturn $result;\n\t}\n\n\tprivate function importSettings(InputInterface $input, OutputInterface $output)\n\t{\n\t\t$importFile = $input->getOption('import-settings');\n\n\t\tif (strtoupper(substr($importFile, 0, 4)) == 'HTTP') {\n\t\t\t$output->writeln(\"Settings file seems to be an URL, trying to download\");\n\t\t\t$target = \"/tmp/froxlor-import-settings-\" . time() . \".json\";\n\t\t\tif (@file_exists($target)) {\n\t\t\t\t@unlink($target);\n\t\t\t}\n\t\t\t$this->downloadFile($importFile, $target);\n\t\t\t$importFile = $target;\n\t\t}\n\t\tif (!is_file($importFile)) {\n\t\t\t$output->writeln('Given settings file is not a file');\n\t\t\treturn self::INVALID;\n\t\t} elseif (!file_exists($importFile)) {\n\t\t\t$output->writeln('Given settings file cannot be found (' . $importFile . ')');\n\t\t\treturn self::INVALID;\n\t\t} elseif (!is_readable($importFile)) {\n\t\t\t$output->writeln('Given settings file cannot be read (' . $importFile . ')');\n\t\t\treturn self::INVALID;\n\t\t}\n\t\t$imp_content = file_get_contents($importFile);\n\t\tSImExporter::import($imp_content);\n\t\t$output->writeln(\"Successfully imported settings from '\" . $input->getOption('import-settings') . \"'\");\n\t\treturn self::SUCCESS;\n\t}\n\n\tprivate function downloadFile($src, $dest)\n\t{\n\t\tset_time_limit(0);\n\t\t// This is the file where we save the information\n\t\t$fp = fopen($dest, 'w+');\n\t\t// Here is the file we are downloading, replace spaces with %20\n\t\t$ch = curl_init(str_replace(\" \", \"%20\", $src));\n\t\tcurl_setopt($ch, CURLOPT_TIMEOUT, 50);\n\t\tcurl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);\n\t\t// write curl response to file\n\t\tcurl_setopt($ch, CURLOPT_FILE, $fp);\n\t\tcurl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);\n\t\t// get curl response\n\t\tcurl_exec($ch);\n\t\tfclose($fp);\n\t}\n\n\t/**\n\t * @throws Exception\n\t */\n\tprivate function createConfig(OutputInterface $output, SymfonyStyle $io): int\n\t{\n\t\t$_daemons_config = [\n\t\t\t'distro' => \"\"\n\t\t];\n\n\t\t$config_dir = Froxlor::getInstallDir() . '/lib/configfiles/';\n\t\t// show list of available distro's\n\t\t$distros = glob($config_dir . '*.xml');\n\t\t// tmp array\n\t\t$distributions_select_data = [];\n\n\t\t//set default os.\n\t\t$os_dist = ['ID' => 'trixie'];\n\t\t$os_version = ['0' => '13'];\n\t\t$os_default = $os_dist['ID'];\n\n\t\t//read os-release\n\t\tif (file_exists('/etc/os-release')) {\n\t\t\t$os_dist = parse_ini_file('/etc/os-release', false);\n\t\t\tif (is_array($os_dist) && array_key_exists('ID', $os_dist) && array_key_exists('VERSION_ID', $os_dist)) {\n\t\t\t\t$os_version = explode('.', $os_dist['VERSION_ID'])[0];\n\t\t\t}\n\t\t}\n\n\t\t// read in all the distros\n\t\tforeach ($distros as $_distribution) {\n\t\t\t// get configparser object\n\t\t\t$dist = new ConfigParser($_distribution);\n\t\t\t// get distro-info\n\t\t\t$dist_display = $dist->getCompleteDistroName();\n\t\t\t// store in tmp array\n\t\t\t$distributions_select_data[$dist_display] = str_replace(\".xml\", \"\", strtolower(basename($_distribution)));\n\n\t\t\t//guess if this is the current distro.\n\t\t\t$ver = explode('.', $dist->distributionVersion)[0];\n\t\t\tif (strtolower($os_dist['ID']) == strtolower($dist->distributionName) && $os_version == $ver) {\n\t\t\t\t$os_default = str_replace(\".xml\", \"\", strtolower(basename($_distribution)));\n\t\t\t}\n\t\t}\n\n\t\t// sort by distribution name\n\t\tksort($distributions_select_data);\n\n\t\t// list all distributions\n\t\t$table_rows = [];\n\t\t$valid_dists = [];\n\t\tforeach ($distributions_select_data as $name => $filename) {\n\t\t\t$table_rows[] = [$filename, $name];\n\t\t\t$valid_dists[] = $filename;\n\t\t}\n\t\t$io->table(\n\t\t\t['ID', 'Distribution'],\n\t\t\t$table_rows\n\t\t);\n\n\t\t$_daemons_config['distro'] = $io->choice('Choose distribution', $valid_dists, $os_default);\n\n\t\t// go through all services and let user check whether to include it or not\n\t\tif (empty($_daemons_config['distro']) || !file_exists($config_dir . '/' . $_daemons_config['distro'] . \".xml\")) {\n\t\t\t$output->writeln('Empty or non-existing distribution given.');\n\t\t\treturn self::INVALID;\n\t\t}\n\t\t$configfiles = new ConfigParser($config_dir . '/' . $_daemons_config['distro'] . \".xml\");\n\t\t$services = $configfiles->getServices();\n\n\t\tforeach ($services as $si => $service) {\n\t\t\t$output->writeln(\"--- \" . strtoupper($si) . \" ---\");\n\t\t\t$_daemons_config[$si] = \"\";\n\n\t\t\t$daemons = $service->getDaemons();\n\t\t\t$default_daemon = \"\";\n\t\t\t$table_rows = [];\n\t\t\t$valid_options = [];\n\t\t\tif ($si != 'system') {\n\t\t\t\t$table_rows[] = ['x', 'No'];\n\t\t\t\t$valid_options[] = 'x';\n\t\t\t}\n\t\t\tforeach ($daemons as $di => $dd) {\n\t\t\t\t$title = $dd->title;\n\t\t\t\tif ($dd->default) {\n\t\t\t\t\t$default_daemon = $di;\n\t\t\t\t\t$title .= \" (default)\";\n\t\t\t\t}\n\t\t\t\t$table_rows[] = [$di, $title];\n\t\t\t\t$valid_options[] = $di;\n\t\t\t}\n\t\t\t$io->table(\n\t\t\t\t['Value', 'Name'],\n\t\t\t\t$table_rows\n\t\t\t);\n\n\t\t\t$daemons['x'] = 'x';\n\t\t\tif ($si == 'system') {\n\t\t\t\t$_daemons_config[$si] = [];\n\t\t\t\t// for the system/other services we need a multiple choice possibility\n\t\t\t\t$output->writeln(\"Select every service you need. Enter empty value when done\");\n\t\t\t\t$sysservice = \"\";\n\t\t\t\tdo {\n\t\t\t\t\t$sysservice = $io->ask('Choose service');\n\t\t\t\t\tif (!empty($sysservice)) {\n\t\t\t\t\t\t$_daemons_config[$si][] = $sysservice;\n\t\t\t\t\t}\n\t\t\t\t} while (!empty($sysservice));\n\t\t\t\t// add 'cron' as fixed part (doesn't hurt if it exists)\n\t\t\t\tif (!in_array('cron', $_daemons_config[$si])) {\n\t\t\t\t\t$_daemons_config[$si][] = 'cron';\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\t// for all others -> only one value\n\t\t\t\t$_daemons_config[$si] = $io->choice('Choose service', $valid_options, $default_daemon);\n\t\t\t}\n\t\t}\n\n\t\t$daemons_config = json_encode($_daemons_config);\n\t\t$output_file = $io->ask(\"Choose output-filename\", \"/tmp/froxlor-config-\" . date('Ymd') . \".json\");\n\t\tfile_put_contents($output_file, $daemons_config);\n\t\t$output->writeln(\"Successfully generated service-configfile '\" . $output_file . \"'\");\n\t\t$output->writeln([\n\t\t\t\"\",\n\t\t\t\"You can now apply this config running:\",\n\t\t\t\"php \" . Froxlor::getInstallDir() . \"bin/froxlor-cli froxlor:config-services --apply=\" . $output_file,\n\t\t\t\"\"\n\t\t]);\n\t\t$proceed = $io->confirm(\"Do you want to apply the config now?\", false);\n\t\tif ($proceed) {\n\t\t\tpassthru(\"php \" . Froxlor::getInstallDir() . \"bin/froxlor-cli froxlor:config-services --apply=\" . $output_file);\n\t\t}\n\t\treturn self::SUCCESS;\n\t}\n\n\t/**\n\t * @throws Exception\n\t */\n\tprivate function applyConfig(InputInterface $input, OutputInterface $output, SymfonyStyle $io): int\n\t{\n\t\t$applyFile = $input->getOption('apply');\n\n\t\t// check if plain JSON\n\t\t$decoded_config = json_decode($applyFile, true);\n\t\t$skipFileCheck = false;\n\t\tif (json_last_error() == JSON_ERROR_NONE) {\n\t\t\t$skipFileCheck = true;\n\t\t}\n\n\t\tif (!$skipFileCheck) {\n\t\t\tif (strtoupper(substr($applyFile, 0, 4)) == 'HTTP') {\n\t\t\t\t$output->writeln(\"Config file seems to be an URL, trying to download\");\n\t\t\t\t$target = \"/tmp/froxlor-config-\" . time() . \".json\";\n\t\t\t\tif (@file_exists($target)) {\n\t\t\t\t\t@unlink($target);\n\t\t\t\t}\n\t\t\t\t$this->downloadFile($applyFile, $target);\n\t\t\t\t$applyFile = $target;\n\t\t\t}\n\t\t\tif (!is_file($applyFile)) {\n\t\t\t\t$output->writeln('Given config file is not a file');\n\t\t\t\treturn self::INVALID;\n\t\t\t} elseif (!file_exists($applyFile)) {\n\t\t\t\t$output->writeln('Given config file cannot be found (' . $applyFile . ')');\n\t\t\t\treturn self::INVALID;\n\t\t\t} elseif (!is_readable($applyFile)) {\n\t\t\t\t$output->writeln('Given config file cannot be read (' . $applyFile . ')');\n\t\t\t\treturn self::INVALID;\n\t\t\t}\n\n\t\t\t$config = file_get_contents($applyFile);\n\t\t\t$decoded_config = json_decode($config, true);\n\t\t}\n\n\t\tif ($input->getOption('list') != false) {\n\t\t\t$table_rows = [];\n\t\t\tforeach ($decoded_config as $service => $daemon) {\n\t\t\t\tif (is_array($daemon) && count($daemon) > 0) {\n\t\t\t\t\tforeach ($daemon as $sysdaemon) {\n\t\t\t\t\t\t$table_rows[] = [$service, $sysdaemon];\n\t\t\t\t\t}\n\t\t\t\t} else {\n\t\t\t\t\tif ($daemon == 'x') {\n\t\t\t\t\t\t$daemon = '--- skipped ---';\n\t\t\t\t\t}\n\t\t\t\t\t$table_rows[] = [$service, $daemon];\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t$io->table(\n\t\t\t\t['Service', 'Selected daemon'],\n\t\t\t\t$table_rows\n\t\t\t);\n\t\t\treturn self::SUCCESS;\n\t\t}\n\n\t\t$only_daemon = [];\n\t\tif ($input->getOption('daemon') != false) {\n\t\t\t$only_daemon = $input->getOption('daemon');\n\t\t}\n\n\t\tif (!empty($decoded_config)) {\n\n\t\t\t$config_dir = Froxlor::getInstallDir() . 'lib/configfiles/';\n\t\t\tif (empty($decoded_config['distro']) || !file_exists($config_dir . '/' . $decoded_config['distro'] . \".xml\")) {\n\t\t\t\t$output->writeln('Empty or non-existing distribution given. Please login with an admin, go to \"System -> Configuration\" and select your correct distribution in the top-right corner or specify valid distribution name for \"distro\" parameter.');\n\t\t\t\treturn self::INVALID;\n\t\t\t}\n\t\t\t$configfiles = new ConfigParser($config_dir . '/' . $decoded_config['distro'] . \".xml\");\n\t\t\t$services = $configfiles->getServices();\n\t\t\t$replace_arr = $this->getReplacerArray();\n\t\t\t$clean_replace_arr = array_map(function ($v) {\n\t\t\t\treturn escapeshellarg((string)($v ?? ''));\n\t\t\t}, $replace_arr);\n\n\t\t\t// be sure the fallback certificate specified in the settings exists\n\t\t\t$certFile = Settings::Get('system.ssl_cert_file');\n\t\t\t$keyFile = Settings::Get('system.ssl_key_file');\n\t\t\tif (empty($certFile) || empty($keyFile) || !file_exists($certFile) || !file_exists($keyFile)) {\n\t\t\t\t$output->writeln('Creating missing certificate ' . $certFile . '');\n\t\t\t\tCrypt::createSelfSignedCertificate();\n\t\t\t}\n\n\t\t\tforeach ($services as $si => $service) {\n\t\t\t\t$output->writeln(\"--- Configuring: \" . strtoupper($si) . \" ---\");\n\t\t\t\tif (!isset($decoded_config[$si]) || $decoded_config[$si] == 'x') {\n\t\t\t\t\t$output->writeln('Skipping ' . strtoupper($si) . ' configuration as desired');\n\t\t\t\t\tcontinue;\n\t\t\t\t}\n\t\t\t\t$daemons = $service->getDaemons();\n\t\t\t\tforeach ($daemons as $di => $dd) {\n\t\t\t\t\t// check for desired service\n\t\t\t\t\tif (($si != 'system' && $decoded_config[$si] != $di) || (is_array($decoded_config[$si]) && !in_array($di, $decoded_config[$si]))) {\n\t\t\t\t\t\tcontinue;\n\t\t\t\t\t}\n\t\t\t\t\t$output->writeln(\"Configuring '\" . $di . \"'\");\n\n\t\t\t\t\tif (!empty($only_daemon) && !in_array($di, $only_daemon)) {\n\t\t\t\t\t\t$output->writeln('Skipping ' . $di . ' configuration as desired');\n\t\t\t\t\t\tcontinue;\n\t\t\t\t\t}\n\t\t\t\t\t// run all cmds\n\t\t\t\t\t$confarr = $dd->getConfig();\n\t\t\t\t\tforeach ($confarr as $action) {\n\t\t\t\t\t\tswitch ($action['type']) {\n\t\t\t\t\t\t\tcase \"install\":\n\t\t\t\t\t\t\t\t$output->writeln(\"Installing required packages\");\n\t\t\t\t\t\t\t\t$result = null;\n\t\t\t\t\t\t\t\tpassthru(strtr($action['content'], $clean_replace_arr), $result);\n\t\t\t\t\t\t\t\tif (strlen($result) > 1) {\n\t\t\t\t\t\t\t\t\techo $result;\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\tbreak;\n\t\t\t\t\t\t\tcase \"command\":\n\t\t\t\t\t\t\t\texec(strtr($action['content'], $clean_replace_arr));\n\t\t\t\t\t\t\t\tbreak;\n\t\t\t\t\t\t\tcase \"file\":\n\t\t\t\t\t\t\t\tif (array_key_exists('content', $action)) {\n\t\t\t\t\t\t\t\t\t$output->writeln('Creating file \"' . $action['name'] . '\"');\n\t\t\t\t\t\t\t\t\tfile_put_contents($action['name'], trim(strtr($action['content'], $replace_arr)) . PHP_EOL);\n\t\t\t\t\t\t\t\t} elseif (array_key_exists('subcommands', $action)) {\n\t\t\t\t\t\t\t\t\tforeach ($action['subcommands'] as $fileaction) {\n\t\t\t\t\t\t\t\t\t\tif (array_key_exists('execute', $fileaction) && $fileaction['execute'] == \"pre\") {\n\t\t\t\t\t\t\t\t\t\t\texec(strtr($fileaction['content'], $replace_arr));\n\t\t\t\t\t\t\t\t\t\t} elseif (array_key_exists('execute', $fileaction) && $fileaction['execute'] == \"post\") {\n\t\t\t\t\t\t\t\t\t\t\texec(strtr($fileaction['content'], $replace_arr));\n\t\t\t\t\t\t\t\t\t\t} elseif ($fileaction['type'] == 'file') {\n\t\t\t\t\t\t\t\t\t\t\t$output->writeln('Creating file \"' . $fileaction['name'] . '\"');\n\t\t\t\t\t\t\t\t\t\t\tfile_put_contents($fileaction['name'], trim(strtr($fileaction['content'], $replace_arr)) . PHP_EOL);\n\t\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\tbreak;\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t\t// set is_configured flag\n\t\t\tSettings::Set('panel.is_configured', '1', true);\n\t\t\t// run cronjob at the end to ensure configs are all up to date\n\t\t\texec('php ' . Froxlor::getInstallDir() . 'bin/froxlor-cli froxlor:cron --force');\n\t\t\t// and done\n\t\t\t$output->writeln('All services have been configured');\n\n\t\t\tif ($input->getOption('delete-file') && file_exists($applyFile)) {\n\t\t\t\t@unlink($applyFile);\n\t\t\t}\n\t\t\treturn self::SUCCESS;\n\t\t} else {\n\t\t\t$output->writeln('Unable to decode given JSON file');\n\t\t\treturn self::INVALID;\n\t\t}\n\t}\n\n\t/**\n\t * @throws Exception\n\t */\n\tprivate function getReplacerArray(): array\n\t{\n\t\t$customer_tmpdir = '/tmp/';\n\t\tif (Settings::Get('system.mod_fcgid') == '1' && Settings::Get('system.mod_fcgid_tmpdir') != '') {\n\t\t\t$customer_tmpdir = Settings::Get('system.mod_fcgid_tmpdir');\n\t\t} elseif (Settings::Get('phpfpm.enabled') == '1' && Settings::Get('phpfpm.tmpdir') != '') {\n\t\t\t$customer_tmpdir = Settings::Get('phpfpm.tmpdir');\n\t\t}\n\n\t\t// try to convert nameserver hosts to ip's\n\t\t$ns_ips = \"\";\n\t\t$known_ns_ips = [];\n\t\tif (Settings::Get('system.nameservers') != '') {\n\t\t\t$nameservers = explode(',', Settings::Get('system.nameservers'));\n\t\t\tforeach ($nameservers as $nameserver) {\n\t\t\t\t$nameserver = trim($nameserver);\n\t\t\t\t// DNS servers might be multi homed; allow transfer from all ip\n\t\t\t\t// addresses of the DNS server\n\t\t\t\t$nameserver_ips = PhpHelper::gethostbynamel6($nameserver);\n\t\t\t\t// append dot to hostname\n\t\t\t\tif (substr($nameserver, -1, 1) != '.') {\n\t\t\t\t\t$nameserver .= '.';\n\t\t\t\t}\n\t\t\t\t// ignore invalid responses\n\t\t\t\tif (!is_array($nameserver_ips)) {\n\t\t\t\t\t// act like PhpHelper::gethostbynamel6() and return unmodified hostname on error\n\t\t\t\t\t$nameserver_ips = [\n\t\t\t\t\t\t$nameserver\n\t\t\t\t\t];\n\t\t\t\t} else {\n\t\t\t\t\t$known_ns_ips = array_merge($known_ns_ips, $nameserver_ips);\n\t\t\t\t}\n\t\t\t\tif (!empty($ns_ips)) {\n\t\t\t\t\t$ns_ips .= ',';\n\t\t\t\t}\n\t\t\t\t$ns_ips .= implode(\",\", $nameserver_ips);\n\t\t\t}\n\t\t}\n\n\t\t// AXFR server\n\t\tif (Settings::Get('system.axfrservers') != '') {\n\t\t\t$axfrservers = explode(',', Settings::Get('system.axfrservers'));\n\t\t\tforeach ($axfrservers as $axfrserver) {\n\t\t\t\tif (!in_array(trim($axfrserver), $known_ns_ips)) {\n\t\t\t\t\tif (!empty($ns_ips)) {\n\t\t\t\t\t\t$ns_ips .= ',';\n\t\t\t\t\t}\n\t\t\t\t\t$ns_ips .= trim($axfrserver);\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tDatabase::needSqlData();\n\t\t$sql = Database::getSqlData();\n\n\t\treturn [\n\t\t\t'' => $sql['user'],\n\t\t\t'' => $sql['passwd'],\n\t\t\t'' => $sql['db'],\n\t\t\t'' => $sql['host'],\n\t\t\t'' => $sql['socket'] ?? null,\n\t\t\t'' => Settings::Get('system.hostname'),\n\t\t\t'' => Settings::Get('system.ipaddress'),\n\t\t\t'' => Settings::Get('system.nameservers'),\n\t\t\t'' => $ns_ips,\n\t\t\t'' => Settings::Get('system.vmail_homedir'),\n\t\t\t'' => Settings::Get('system.vmail_uid'),\n\t\t\t'' => Settings::Get('system.vmail_gid'),\n\t\t\t'' => (Settings::Get('system.use_ssl') == '1') ? 'imaps pop3s' : '',\n\t\t\t'' => FileDir::makeCorrectDir($customer_tmpdir),\n\t\t\t'' => Froxlor::getInstallDir(),\n\t\t\t'' => FileDir::makeCorrectDir(Settings::Get('system.bindconf_directory')),\n\t\t\t'' => Settings::Get('system.apachereload_command'),\n\t\t\t'' => FileDir::makeCorrectDir(Settings::Get('system.logfiles_directory')),\n\t\t\t'' => FileDir::makeCorrectDir(Settings::Get('phpfpm.fastcgi_ipcdir')),\n\t\t\t'' => Settings::Get('system.httpgroup'),\n\t\t\t'' => Settings::Get('system.ssl_cert_file'),\n\t\t\t'' => Settings::Get('system.ssl_key_file'),\n\t\t\t'' => Settings::Get('panel.adminmail'),\n\t\t];\n\t}\n}\n" }, { "path": "lib/Froxlor/Cli/InstallCommand.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Cli;\n\nuse Exception;\nuse Froxlor\\Config\\ConfigParser;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\Froxlor;\nuse Froxlor\\Install\\Install;\nuse Froxlor\\Install\\Install\\Core;\nuse Froxlor\\Settings;\nuse Symfony\\Component\\Console\\Command\\Command;\nuse Symfony\\Component\\Console\\Helper\\Table;\nuse Symfony\\Component\\Console\\Input\\InputArgument;\nuse Symfony\\Component\\Console\\Input\\InputInterface;\nuse Symfony\\Component\\Console\\Input\\InputOption;\nuse Symfony\\Component\\Console\\Output\\OutputInterface;\nuse Symfony\\Component\\Console\\Style\\SymfonyStyle;\n\nfinal class InstallCommand extends Command\n{\n\n\tprivate $io = null;\n\n\tprivate $formfielddata = [];\n\n\tprotected function configure()\n\t{\n\t\t$this->setName('froxlor:install');\n\t\t$this->setDescription('Installation process to use instead of web-ui');\n\t\t$this->addArgument('input-file', InputArgument::OPTIONAL, 'Optional JSON array file to use for unattended installations');\n\t\t$this->addOption('print-example-file', 'p', InputOption::VALUE_NONE, 'Outputs an example JSON content to be used with the input file parameter')\n\t\t\t->addOption('create-userdata-from-str', 'c', InputOption::VALUE_REQUIRED, 'Creates lib/userdata.inc.php file from string created by web-install process')\n\t\t\t->addOption('show-sysinfo', 's', InputOption::VALUE_NONE, 'Outputs system information about your froxlor installation');\n\t}\n\n\t/**\n\t * @throws Exception\n\t */\n\tprotected function execute(InputInterface $input, OutputInterface $output): int\n\t{\n\t\t$result = self::SUCCESS;\n\n\t\tif ($input->getOption('create-userdata-from-str') !== null) {\n\t\t\t$ud_str = $input->getOption('create-userdata-from-str');\n\t\t\t$ud_dec = @json_decode(@base64_decode($ud_str), true);\n\t\t\tif (is_array($ud_dec) && !empty($ud_dec) && count($ud_dec) == 8) {\n\t\t\t\t$core = new Core($ud_dec);\n\t\t\t\t$core->createUserdataConf();\n\t\t\t\treturn $result;\n\t\t\t}\n\t\t\t$output->writeln(\"Invalid parameter value.\");\n\t\t\treturn self::INVALID;\n\t\t}\n\n\t\tif ($input->getOption('show-sysinfo') !== false) {\n\t\t\tif (!file_exists(Froxlor::getInstallDir() . '/lib/userdata.inc.php')) {\n\t\t\t\t$output->writeln(\"Could not find froxlor's userdata.inc.php file. You can use this parameter only with an installed froxlor system.\");\n\t\t\t\treturn self::INVALID;\n\t\t\t}\n\t\t\t$this->printSysInfo($output);\n\t\t\treturn self::SUCCESS;\n\t\t}\n\n\t\tsession_start();\n\n\t\trequire __DIR__ . '/install.functions.php';\n\n\t\t// set a few defaults CLI cannot know\n\t\t$_SERVER['SERVER_SOFTWARE'] = 'apache';\n\t\t$host = [];\n\t\texec('hostname -f', $host);\n\t\t$_SERVER['SERVER_NAME'] = $host[0] ?? '';\n\t\t$ips = [];\n\t\texec('hostname -I', $ips);\n\t\t$ips = explode(\" \", $ips[0] ?? \"\");\n\t\t// ipv4 address?\n\t\t$_SERVER['SERVER_ADDR'] = filter_var($ips[0] ?? \"\", FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) ? ($ips[0] ?? '') : '';\n\t\tif (empty($_SERVER['SERVER_ADDR'])) {\n\t\t\t// possible ipv6 address?\n\t\t\t$_SERVER['SERVER_ADDR'] = filter_var($ips[0] ?? \"\", FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) ? ($ips[0] ?? '') : '';\n\t\t}\n\n\t\tif ($input->getOption('print-example-file') !== false) {\n\t\t\t$this->printExampleFile($output);\n\t\t\treturn self::SUCCESS;\n\t\t}\n\n\t\tif (file_exists(Froxlor::getInstallDir() . '/lib/userdata.inc.php')) {\n\t\t\t$output->writeln(\"froxlor seems to be installed already.\");\n\t\t\treturn self::INVALID;\n\t\t}\n\n\t\t$this->io = new SymfonyStyle($input, $output);\n\t\t$this->io->title('Froxlor installation');\n\n\t\tif ($input->getArgument('input-file')) {\n\t\t\t$inputFile = $input->getArgument('input-file');\n\t\t\tif (strtoupper(substr($inputFile, 0, 4)) == 'HTTP') {\n\t\t\t\t$output->writeln(\"Input file seems to be an URL, trying to download\");\n\t\t\t\t$target = \"/tmp/froxlor-install-\" . time() . \".json\";\n\t\t\t\tif (@file_exists($target)) {\n\t\t\t\t\t@unlink($target);\n\t\t\t\t}\n\t\t\t\t$this->downloadFile($inputFile, $target);\n\t\t\t\t$inputFile = $target;\n\t\t\t}\n\t\t\tif (!is_file($inputFile)) {\n\t\t\t\t$output->writeln('Given input file is not a file');\n\t\t\t\treturn self::INVALID;\n\t\t\t} elseif (!file_exists($inputFile)) {\n\t\t\t\t$output->writeln('Given input file cannot be found (' . $inputFile . ')');\n\t\t\t\treturn self::INVALID;\n\t\t\t} elseif (!is_readable($inputFile)) {\n\t\t\t\t$output->writeln('Given input file cannot be read (' . $inputFile . ')');\n\t\t\t\treturn self::INVALID;\n\t\t\t}\n\n\t\t\t$inputcontent = file_get_contents($inputFile);\n\t\t\t$decoded_input = json_decode($inputcontent, true) ?? [];\n\t\t\t$extended = true;\n\n\t\t\tif (empty($decoded_input)) {\n\t\t\t\t$output->writeln('Given input file seems to be invalid JSON');\n\t\t\t\treturn self::INVALID;\n\t\t\t}\n\t\t\t$this->io->info('Running unattended installation');\n\t\t} else {\n\t\t\t$extended = $this->io->confirm('Use advanced installation mode?', false);\n\t\t\t$decoded_input = [];\n\t\t}\n\n\t\treturn $this->showStep(0, $extended, $decoded_input);\n\t}\n\n\t/**\n\t * @throws Exception\n\t */\n\tprivate function showStep(int $step = 0, bool $extended = false, array $decoded_input = []): int\n\t{\n\t\t$result = self::SUCCESS;\n\t\t$inst = new Install(['step' => $step, 'extended' => $extended]);\n\t\tswitch ($step) {\n\t\t\tcase 0:\n\t\t\t\t$this->io->section(lng('install.preflight'));\n\t\t\t\t$crresult = $inst->checkRequirements();\n\t\t\t\t$this->io->info($crresult['text']);\n\t\t\t\tif (!empty($crresult['criticals'])) {\n\t\t\t\t\tforeach ($crresult['criticals'] as $ctype => $critical) {\n\t\t\t\t\t\tif (!empty($ctype) && $ctype == 'wrong_ownership') {\n\t\t\t\t\t\t\t$this->io->error(lng('install.errors.' . $ctype, [$critical['user'], $critical['group']]));\n\t\t\t\t\t\t} elseif (!empty($ctype) && $ctype == 'missing_extensions') {\n\t\t\t\t\t\t\t$this->io->error([\n\t\t\t\t\t\t\t\tlng('install.errors.' . $ctype),\n\t\t\t\t\t\t\t\timplode(\"\\n\", $critical)\n\t\t\t\t\t\t\t]);\n\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t$this->io->error($critical);\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t\t$result = self::FAILURE;\n\t\t\t\t}\n\t\t\t\tif (!empty($crresult['suggestions'])) {\n\t\t\t\t\tforeach ($crresult['suggestions'] as $ctype => $suggestion) {\n\t\t\t\t\t\tif ($ctype == 'missing_extensions') {\n\t\t\t\t\t\t\t$this->io->warning([\n\t\t\t\t\t\t\t\tlng('install.errors.suggestedextensions'),\n\t\t\t\t\t\t\t\timplode(\"\\n\", $suggestion)\n\t\t\t\t\t\t\t]);\n\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t$this->io->warning($suggestion);\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\tif ($result == self::SUCCESS) {\n\t\t\t\t\treturn $this->showStep(++$step, $extended, $decoded_input);\n\t\t\t\t}\n\t\t\t\tbreak;\n\t\t\tcase 1:\n\t\t\tcase 2:\n\t\t\tcase 3:\n\t\t\t\t$section = $inst->formfield['install']['sections']['step' . $step] ?? [];\n\t\t\t\t$this->io->section($section['title']);\n\t\t\t\tif (empty($decoded_input)) {\n\t\t\t\t\t$this->io->note($section['description']);\n\t\t\t\t}\n\t\t\t\tforeach ($section['fields'] as $fieldname => $fielddata) {\n\t\t\t\t\tif ($extended == false && isset($fielddata['advanced']) && $fielddata['advanced'] == true) {\n\t\t\t\t\t\tif ($fieldname == 'httpuser' || $fieldname == 'httpgroup') {\n\t\t\t\t\t\t\t// overwrite posix_getgrgid(posix_getgid())['name'] as it would result in 'root'\n\t\t\t\t\t\t\t$this->formfielddata[$fieldname] = 'www-data';\n\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t$this->formfielddata[$fieldname] = $fielddata['value'];\n\t\t\t\t\t\t}\n\t\t\t\t\t\tcontinue;\n\t\t\t\t\t}\n\t\t\t\t\t$ask_field = true;\n\t\t\t\t\t// preset from input-file\n\t\t\t\t\tif (!empty($decoded_input) && isset($decoded_input[$fieldname])) {\n\t\t\t\t\t\t$this->formfielddata[$fieldname] = $decoded_input[$fieldname];\n\t\t\t\t\t\t$ask_field = false;\n\t\t\t\t\t}\n\t\t\t\t\t$fielddata['value'] = $this->formfielddata[$fieldname] ?? ($fielddata['value'] ?? null);\n\t\t\t\t\t$fielddata['label'] = $this->cliTextFormat($fielddata['label'], \" \");\n\t\t\t\t\tif ($ask_field) {\n\t\t\t\t\t\tif ($fielddata['type'] == 'password') {\n\t\t\t\t\t\t\t$this->formfielddata[$fieldname] = $this->io->askHidden($fielddata['label'], function ($value) use ($fielddata) {\n\t\t\t\t\t\t\t\tif (isset($fielddata['mandatory']) && $fielddata['mandatory'] && empty($value)) {\n\t\t\t\t\t\t\t\t\tthrow new \\RuntimeException('You must enter a value.');\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\treturn $value;\n\t\t\t\t\t\t\t});\n\t\t\t\t\t\t} elseif ($fielddata['type'] == 'checkbox') {\n\t\t\t\t\t\t\t$this->formfielddata[$fieldname] = $this->io->confirm($fielddata['label'], $fielddata['value'] ?? false);\n\t\t\t\t\t\t} elseif ($fielddata['type'] == 'select') {\n\t\t\t\t\t\t\t$this->formfielddata[$fieldname] = $this->io->choice($fielddata['label'], $fielddata['select_var'], $fielddata['selected'] ?? '');\n\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t$this->formfielddata[$fieldname] = $this->io->ask($fielddata['label'], $fielddata['value'] ?? '', function ($value) use ($fielddata) {\n\t\t\t\t\t\t\t\tif (isset($fielddata['mandatory']) && $fielddata['mandatory'] && empty($value)) {\n\t\t\t\t\t\t\t\t\tthrow new \\RuntimeException('You must enter a value.');\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\treturn $value;\n\t\t\t\t\t\t\t});\n\t\t\t\t\t\t}\n\t\t\t\t\t} else {\n\t\t\t\t\t\t$this->io->text(\"Setting field '\" . $fieldname . \"' to value '\" . ($fielddata['type'] == 'password' ? '*hidden*' : $fielddata['value']) . \"'\");\n\t\t\t\t\t\tif (isset($fielddata['mandatory']) && $fielddata['mandatory'] && empty($fielddata['value'])) {\n\t\t\t\t\t\t\t$this->io->error(\"Mandatory field '\" . $fieldname . \"' not specified/empty value in input file\");\n\t\t\t\t\t\t\treturn self::FAILURE;\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\ttry {\n\t\t\t\t\tif ($step == 1) {\n\t\t\t\t\t\t$inst->checkDatabase($this->formfielddata);\n\t\t\t\t\t} elseif ($step == 2) {\n\t\t\t\t\t\t$inst->checkAdminUser($this->formfielddata);\n\t\t\t\t\t} elseif ($step == 3) {\n\t\t\t\t\t\t$inst->checkSystem($this->formfielddata);\n\t\t\t\t\t}\n\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\t$this->io->error($e->getMessage());\n\t\t\t\t\tif ($this->io->confirm('Retry?', empty($decoded_input))) {\n\t\t\t\t\t\treturn $this->showStep($step, $extended, $decoded_input);\n\t\t\t\t\t}\n\t\t\t\t\treturn self::FAILURE;\n\t\t\t\t}\n\t\t\t\tif ($step == 3) {\n\t\t\t\t\t// do actual install with data from $this->formfielddata\n\t\t\t\t\t$core = new Core($this->formfielddata);\n\t\t\t\t\t$core->doInstall(false);\n\t\t\t\t\t$core->createUserdataConf();\n\t\t\t\t}\n\t\t\t\treturn $this->showStep(++$step, $extended, $decoded_input);\n\t\t\t\tbreak;\n\t\t\tcase 4:\n\t\t\t\t$section = $inst->formfield['install']['sections']['step' . $step] ?? [];\n\t\t\t\t$this->io->section($section['title']);\n\t\t\t\t$this->io->note($this->cliTextFormat($section['description']));\n\t\t\t\t$cmdfield = $section['fields']['system'];\n\t\t\t\t$this->io->success([\n\t\t\t\t\t$cmdfield['label'],\n\t\t\t\t\t$cmdfield['value']\n\t\t\t\t]);\n\t\t\t\tif (!isset($decoded_input['manual_config']) || (bool)$decoded_input['manual_config'] === false) {\n\t\t\t\t\tif (!empty($decoded_input) || $this->io->confirm('Execute command now?', false)) {\n\t\t\t\t\t\tpassthru($cmdfield['value']);\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\tbreak;\n\t\t}\n\t\treturn $result;\n\t}\n\n\tprivate function printExampleFile(OutputInterface $output)\n\t{\n\t\t// show list of available distro's\n\t\t$distros = glob(dirname(__DIR__, 3) . '/lib/configfiles/*.xml');\n\t\t// read in all the distros\n\t\tforeach ($distros as $distribution) {\n\t\t\t// get configparser object\n\t\t\t$dist = new ConfigParser($distribution);\n\t\t\t// store in tmp array\n\t\t\t$supportedOS[str_replace(\".xml\", \"\", strtolower(basename($distribution)))] = $dist->getCompleteDistroName();\n\t\t}\n\t\t// sort by distribution name\n\t\tasort($supportedOS);\n\t\t$webserverBackend = [\n\t\t\t'php-fpm' => 'PHP-FPM',\n\t\t\t'fcgid' => 'FCGID',\n\t\t\t'mod_php' => 'mod_php (not recommended)',\n\t\t];\n\t\t$guessedDistribution = \"\";\n\t\t$guessedWebserver = \"\";\n\t\t$fields = include dirname(dirname(__DIR__)) . '/formfields/install/formfield.install.php';\n\t\t$json_output = [];\n\t\tforeach ($fields['install']['sections'] as $section => $section_fields) {\n\t\t\tforeach ($section_fields['fields'] as $name => $field) {\n\t\t\t\tif ($name == 'system' || $name == 'target_servername') {\n\t\t\t\t\tcontinue;\n\t\t\t\t}\n\t\t\t\tif ($field['type'] == 'text' || $field['type'] == 'email') {\n\t\t\t\t\tif ($name == 'httpuser' || $name == 'httpgroup') {\n\t\t\t\t\t\t$fieldval = 'www-data';\n\t\t\t\t\t} else {\n\t\t\t\t\t\t$fieldval = $field['value'] ?? \"\";\n\t\t\t\t\t}\n\t\t\t\t} elseif ($field['type'] == 'password') {\n\t\t\t\t\t$fieldval = '******';\n\t\t\t\t} elseif ($field['type'] == 'select') {\n\t\t\t\t\t$fieldval = implode(\"|\", array_keys($field['select_var']));\n\t\t\t\t} elseif ($field['type'] == 'checkbox') {\n\t\t\t\t\t$fieldval = \"1|0\";\n\t\t\t\t} else {\n\t\t\t\t\t$fieldval = \"?\";\n\t\t\t\t}\n\t\t\t\t$json_output[$name] = $fieldval;\n\t\t\t}\n\t\t}\n\t\t$output->writeln(json_encode($json_output, JSON_PRETTY_PRINT));\n\t}\n\n\tprivate function downloadFile($src, $dest)\n\t{\n\t\tset_time_limit(0);\n\t\t// This is the file where we save the information\n\t\t$fp = fopen($dest, 'w+');\n\t\t// Here is the file we are downloading, replace spaces with %20\n\t\t$ch = curl_init(str_replace(\" \", \"%20\", $src));\n\t\tcurl_setopt($ch, CURLOPT_TIMEOUT, 50);\n\t\tcurl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);\n\t\t// write curl response to file\n\t\tcurl_setopt($ch, CURLOPT_FILE, $fp);\n\t\tcurl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);\n\t\t// get curl response\n\t\tcurl_exec($ch);\n\t\tfclose($fp);\n\t}\n\n\tprivate function printSysInfo(OutputInterface $output)\n\t{\n\n\t\t$php_sapi = 'mod_php';\n\t\t$php_version = phpversion();\n\t\tif (Settings::Get('system.mod_fcgid') == '1') {\n\t\t\t$php_sapi = 'FCGID';\n\t\t\tif (Settings::Get('system.mod_fcgid_ownvhost') == '1') {\n\t\t\t\t$php_sapi .= ' (+ froxlor)';\n\t\t\t}\n\t\t} elseif (Settings::Get('phpfpm.enabled') == '1') {\n\t\t\t$php_sapi = 'PHP-FPM';\n\t\t\tif (Settings::Get('phpfpm.enabled_ownvhost') == '1') {\n\t\t\t\t$php_sapi .= ' (+ froxlor)';\n\t\t\t}\n\t\t}\n\n\t\t$kernel = 'unknown';\n\t\tif (function_exists('posix_uname')) {\n\t\t\t$kernel_nfo = posix_uname();\n\t\t\t$kernel = $kernel_nfo['release'] . ' (' . $kernel_nfo['machine'] . ')';\n\t\t}\n\n\t\t$ips = [];\n\t\t$ips_stmt = Database::query(\"SELECT CONCAT(`ip`, ' (', `port`, ')') as ipaddr FROM `\" . TABLE_PANEL_IPSANDPORTS . \"` ORDER BY `id`\");\n\t\twhile ($ip = $ips_stmt->fetch(\\PDO::FETCH_ASSOC)) {\n\t\t\t$ips[] = $ip['ipaddr'];\n\t\t}\n\n\t\t$table = new Table($output);\n\t\t$table\n\t\t\t->setHeaders([\n\t\t\t\t'Key', 'Value'\n\t\t\t])\n\t\t\t->setRows([\n\t\t\t\t['Froxlor', Froxlor::getVersionString()],\n\t\t\t\t['Update-channel', Settings::Get('system.update_channel')],\n\t\t\t\t['Hostname', Settings::Get('system.hostname')],\n\t\t\t\t['Install-dir', Froxlor::getInstallDir()],\n\t\t\t\t['PHP CLI', $php_version],\n\t\t\t\t['PHP SAPI', $php_sapi],\n\t\t\t\t['Webserver', Settings::Get('system.webserver')],\n\t\t\t\t['Kernel', $kernel],\n\t\t\t\t['Database', Database::getAttribute(\\PDO::ATTR_SERVER_VERSION)],\n\t\t\t\t['Distro config', Settings::Get('system.distribution')],\n\t\t\t\t['IP addresses', implode(\"\\n\", $ips)],\n\t\t\t]);\n\t\t$table->setStyle('box');\n\t\t$table->render();\n\t}\n\n\tprivate function cliTextFormat(string $text, string $nl_char = \"\\n\"): string\n\t{\n\t\t$text = str_replace(['
', '
', '
'], [$nl_char, $nl_char, $nl_char], $text);\n\t\treturn strip_tags($text);\n\t}\n}\n" }, { "path": "lib/Froxlor/Cli/MasterCron.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Cli;\n\nuse Exception;\nuse Froxlor\\Cron\\CronConfig;\nuse Froxlor\\Cron\\TaskId;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\FileDir;\nuse Froxlor\\Froxlor;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\Settings;\nuse Froxlor\\System\\Cronjob;\nuse PDO;\nuse Symfony\\Component\\Console\\Input\\InputArgument;\nuse Symfony\\Component\\Console\\Input\\InputInterface;\nuse Symfony\\Component\\Console\\Input\\InputOption;\nuse Symfony\\Component\\Console\\Output\\OutputInterface;\n\nfinal class MasterCron extends CliCommand\n{\n\tprivate $lockFile = null;\n\n\tprivate $cronLog = null;\n\n\tprotected function configure()\n\t{\n\t\t$this->setName('froxlor:cron');\n\t\t$this->setDescription('Regulary perform tasks created by froxlor');\n\t\t$this->addArgument('job', InputArgument::IS_ARRAY, 'Job(s) to run');\n\t\t$this->addOption('run-task', 'r', InputOption::VALUE_REQUIRED | InputOption::VALUE_IS_ARRAY, 'Run a specific task [1 = re-generate configs, 4 = re-generate dns zones, 9 = re-generate rspamd configs, 10 = re-set quotas, 99 = re-create cron.d-file]')\n\t\t\t->addOption('force', 'f', InputOption::VALUE_NONE, 'Forces given job or, if none given, forces re-generating of config-files (webserver, nameserver, etc.)')\n\t\t\t->addOption('debug', 'd', InputOption::VALUE_NONE, 'Output debug information about what is going on to STDOUT.')\n\t\t\t->addOption('no-fork', 'N', InputOption::VALUE_NONE, 'Do not fork to background (traffic cron only).');\n\t}\n\n\t/**\n\t * @throws Exception\n\t */\n\tprotected function execute(InputInterface $input, OutputInterface $output): int\n\t{\n\t\t$result = $this->validateRequirements($output);\n\n\t\tif ($result != self::SUCCESS) {\n\t\t\t// requirements failed, exit\n\t\t\treturn $result;\n\t\t}\n\n\t\t$jobs = $input->getArgument('job');\n\n\t\t// handle force option\n\t\tif ($input->getOption('force')) {\n\t\t\tif (empty($jobs) || in_array('tasks', $jobs)) {\n\t\t\t\tCronjob::inserttask(TaskId::REBUILD_VHOST);\n\t\t\t\tCronjob::inserttask(TaskId::REBUILD_DNS);\n\t\t\t\tCronjob::inserttask(TaskId::REBUILD_RSPAMD);\n\t\t\t\tCronjob::inserttask(TaskId::CREATE_QUOTA);\n\t\t\t\tCronjob::inserttask(TaskId::REBUILD_CRON);\n\t\t\t\tCronjob::inserttask(TaskId::UPDATE_LE_SERVICES);\n\t\t\t\tCronjob::inserttask(TaskId::REBUILD_NSSUSERS);\n\t\t\t\t$jobs[] = 'tasks';\n\t\t\t}\n\t\t\tdefine('CRON_IS_FORCED', 1);\n\t\t}\n\t\t// handle debug option\n\t\tif ($input->getOption('debug')) {\n\t\t\tdefine('CRON_DEBUG_FLAG', 1);\n\t\t}\n\t\t// handle no-fork option\n\t\tif ($input->getOption('no-fork')) {\n\t\t\tdefine('CRON_NOFORK_FLAG', 1);\n\t\t}\n\t\t// handle run-task option\n\t\tif ($input->getOption('run-task')) {\n\t\t\t$tasks_to_run = $input->getOption('run-task');\n\t\t\tforeach ($tasks_to_run as $ttr) {\n\t\t\t\tif (in_array($ttr, [TaskId::REBUILD_VHOST, TaskId::REBUILD_DNS, TaskId::REBUILD_RSPAMD, TaskId::CREATE_QUOTA, TaskId::REBUILD_CRON, TaskId::UPDATE_LE_SERVICES, TaskId::REBUILD_NSSUSERS])) {\n\t\t\t\t\tCronjob::inserttask($ttr);\n\t\t\t\t\t$jobs[] = 'tasks';\n\t\t\t\t} else {\n\t\t\t\t\t$output->writeln('Unknown task number \"' . $ttr . '\"');\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\t// unique job-array\n\t\t$jobs = array_unique($jobs);\n\n\t\t// check for given job(s) to execute and return if empty\n\t\tif (empty($jobs)) {\n\t\t\t$output->writeln('No job given. Nothing to do.');\n\t\t\treturn self::INVALID;\n\t\t}\n\n\t\t$this->validateOwnership($output);\n\n\t\t$this->cronLog = FroxlorLogger::getInstanceOf([\n\t\t\t'loginname' => 'cronjob'\n\t\t]);\n\t\t$this->cronLog->setCronDebugFlag(defined('CRON_DEBUG_FLAG'));\n\n\t\t// check whether there are actual tasks to perform by 'tasks'-cron, so\n\t\t// we don't regenerate files unnecessarily\n\t\t$tasks_cnt_stmt = Database::query(\"SELECT COUNT(*) as jobcnt FROM `panel_tasks`\");\n\t\t$tasks_cnt = $tasks_cnt_stmt->fetch(PDO::FETCH_ASSOC);\n\n\t\t// iterate through all needed jobs\n\t\tforeach ($jobs as $job) {\n\t\t\t// lock the job\n\t\t\tif ($this->lockJob($job, $output)) {\n\t\t\t\t// get FQDN of cron-class\n\t\t\t\t$cronfile = $this->getCronModule($job, $output);\n\t\t\t\t// validate\n\t\t\t\tif ($cronfile && class_exists($cronfile)) {\n\t\t\t\t\t// info\n\t\t\t\t\t$output->writeln('Running \"' . $job . '\" job' . (defined('CRON_IS_FORCED') ? ' (forced)' : '') . (defined('CRON_DEBUG_FLAG') ? ' (debug)' : '') . (defined('CRON_NOFORK_FLAG') ? ' (not forking)' : '') . '');\n\t\t\t\t\t// update time of last run\n\t\t\t\t\tCronjob::updateLastRunOfCron($job);\n\t\t\t\t\t// set logger\n\t\t\t\t\t$cronfile::setCronlog($this->cronLog);\n\t\t\t\t\t// run the job\n\t\t\t\t\t$cronfile::run();\n\t\t\t\t}\n\t\t\t\t// free the lockfile\n\t\t\t\t$this->unlockJob();\n\t\t\t}\n\t\t}\n\n\t\t// possible long-running jobs disconnect from the database\n\t\tSettings::refreshState();\n\n\t\t// we have to check the system's last guid with every cron run\n\t\t// in case the admin installed new software which added a new user\n\t\t//so users in the database don't conflict with system users\n\t\t$this->cronLog->logAction(FroxlorLogger::CRON_ACTION, LOG_NOTICE, 'Checking system\\'s last guid');\n\t\tCronjob::checkLastGuid();\n\t\t$this->cronLog->logAction(FroxlorLogger::CRON_ACTION, LOG_NOTICE, 'Checking system\\'s OS version');\n\t\tCronjob::checkCurrentDistro();\n\t\t// validate if we're on fcgid/php-fpm that the local froxlor user is in the http-group to access log files\n\t\tif ((int)Settings::Get('phpfpm.enabled') == 1 || (int)Settings::Get('system.mod_fcgid') == 1) {\n\t\t\t$this->cronLog->logAction(FroxlorLogger::CRON_ACTION, LOG_NOTICE, 'Checking group membership of local user');\n\t\t\tCronjob::checkLocalUserGroupMembership();\n\t\t}\n\n\n\t\t// check for cron.d-generation task and create it if necessary\n\t\tCronConfig::checkCrondConfigurationFile();\n\n\t\t// check for old/compatibility cronjob file\n\t\tif (file_exists(Froxlor::getInstallDir() . '/scripts/froxlor_master_cronjob.php')) {\n\t\t\t@unlink(Froxlor::getInstallDir() . '/scripts/froxlor_master_cronjob.php');\n\t\t\t@rmdir(Froxlor::getInstallDir() . '/scripts');\n\t\t}\n\n\t\t// reset cronlog-flag if set to \"once\"\n\t\tif ((int)Settings::Get('logger.log_cron') == 1) {\n\t\t\tFroxlorLogger::getInstanceOf()->setCronLog(0);\n\t\t}\n\n\t\t// clean up possible old login-links and 2fa tokens\n\t\tDatabase::query(\"DELETE FROM `\" . TABLE_PANEL_LOGINLINKS . \"` WHERE `valid_until` < UNIX_TIMESTAMP()\");\n\t\tDatabase::query(\"DELETE FROM `\" . TABLE_PANEL_2FA_TOKENS . \"` WHERE `valid_until` < UNIX_TIMESTAMP()\");\n\n\t\treturn $result;\n\t}\n\n\t/**\n\t * @throws Exception\n\t */\n\tprivate function validateOwnership(OutputInterface $output)\n\t{\n\t\t// when using fcgid or fpm for froxlor-vhost itself, we have to check\n\t\t// whether the permission of the files are still correct\n\t\t$output->write('Checking froxlor file permissions...');\n\t\t$_mypath = FileDir::makeCorrectDir(Froxlor::getInstallDir());\n\n\t\tif (((int)Settings::Get('system.mod_fcgid') == 1 && (int)Settings::Get('system.mod_fcgid_ownvhost') == 1) || ((int)Settings::Get('phpfpm.enabled') == 1 && (int)Settings::Get('phpfpm.enabled_ownvhost') == 1)) {\n\t\t\t$user = Settings::Get('system.mod_fcgid_httpuser');\n\t\t\t$group = Settings::Get('system.mod_fcgid_httpgroup');\n\n\t\t\tif (Settings::Get('phpfpm.enabled') == 1) {\n\t\t\t\t$user = Settings::Get('phpfpm.vhost_httpuser');\n\t\t\t\t$group = Settings::Get('phpfpm.vhost_httpgroup');\n\t\t\t}\n\t\t\t// all the files and folders have to belong to the local user\n\t\t\tFileDir::safe_exec('chown -R ' . $user . ':' . $group . ' ' . escapeshellarg($_mypath));\n\t\t} else {\n\t\t\t// back to webserver permission\n\t\t\t$user = Settings::Get('system.httpuser');\n\t\t\t$group = Settings::Get('system.httpgroup');\n\t\t\tFileDir::safe_exec('chown -R ' . $user . ':' . $group . ' ' . escapeshellarg($_mypath));\n\t\t}\n\t\t$output->writeln('OK');\n\t}\n\n\tprivate function lockJob(string $job, OutputInterface $output): bool\n\t{\n\n\t\t$this->lockFile = '/run/lock/froxlor_' . $job . '.lock';\n\n\t\tif (file_exists($this->lockFile)) {\n\t\t\t$jobinfo = json_decode(file_get_contents($this->lockFile), true);\n\t\t\tif ($jobinfo === false || !is_array($jobinfo)) {\n\t\t\t\t// looks like an invalid lockfile\n\t\t\t\t$check_pid_return = 1;\n\t\t\t} else {\n\t\t\t\t$check_pid_return = null;\n\t\t\t\t// get status of process\n\t\t\t\tsystem(\"kill -CHLD \" . (int)$jobinfo['pid'] . \" 1> /dev/null 2> /dev/null\", $check_pid_return);\n\t\t\t}\n\t\t\tif ($check_pid_return == 1) {\n\t\t\t\t// Process does not seem to run, most likely it has died\n\t\t\t\t$this->unlockJob();\n\t\t\t} else {\n\t\t\t\t// cronjob still running, output info and stop\n\t\t\t\t$output->writeln([\n\t\t\t\t\t'Job \"' . $jobinfo['job'] . '\" is currently running.',\n\t\t\t\t\t'Started: ' . date('d.m.Y H:i', (int)$jobinfo['startts']),\n\t\t\t\t\t'PID: ' . $jobinfo['pid'] . ''\n\t\t\t\t]);\n\t\t\t\treturn false;\n\t\t\t}\n\t\t}\n\n\t\t$jobinfo = [\n\t\t\t'job' => $job,\n\t\t\t'startts' => time(),\n\t\t\t'pid' => getmypid()\n\t\t];\n\t\treturn file_put_contents($this->lockFile, json_encode($jobinfo)) !== false;\n\t}\n\n\tprivate function unlockJob(): bool\n\t{\n\t\treturn @unlink($this->lockFile);\n\t}\n\n\tprivate function getCronModule(string $cronname, OutputInterface $output)\n\t{\n\t\t$upd_stmt = Database::prepare(\"\n\t\t\tSELECT `cronclass` FROM `\" . TABLE_PANEL_CRONRUNS . \"` WHERE `cronfile` = :cron;\n\t\t\");\n\t\t$cron = Database::pexecute_first($upd_stmt, [\n\t\t\t'cron' => $cronname\n\t\t]);\n\t\tif ($cron) {\n\t\t\treturn $cron['cronclass'];\n\t\t}\n\t\t$output->writeln(\"Requested cronjob '\" . $cronname . \"' could not be found.\");\n\t\treturn false;\n\t}\n}\n" }, { "path": "lib/Froxlor/Cli/PhpSessionclean.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Cli;\n\nuse Froxlor\\Database\\Database;\nuse Froxlor\\FileDir;\nuse Froxlor\\Settings;\nuse PDO;\nuse Symfony\\Component\\Console\\Input\\InputArgument;\nuse Symfony\\Component\\Console\\Input\\InputInterface;\nuse Symfony\\Component\\Console\\Output\\OutputInterface;\n\nfinal class PhpSessionclean extends CliCommand\n{\n\n\tprotected function configure()\n\t{\n\t\t$this->setName('froxlor:php-sessionclean');\n\t\t$this->setDescription('Cleans old php-session files from tmp folder');\n\t\t$this->addArgument('max-lifetime', InputArgument::OPTIONAL, 'The number of seconds after which data will be seen as \"garbage\" and potentially cleaned up. Defaults to \"1440\"');\n\t}\n\n\tprotected function execute(InputInterface $input, OutputInterface $output): int\n\t{\n\t\t$result = $this->validateRequirements($output);\n\n\t\tif ($result == self::SUCCESS) {\n\t\t\tif ((int)Settings::Get('phpfpm.enabled') == 1) {\n\t\t\t\tif ($input->hasArgument('max-lifetime') && is_numeric($input->getArgument('max-lifetime')) && $input->getArgument('max-lifetime') > 0) {\n\t\t\t\t\t$this->cleanSessionfiles((int)$input->getArgument('max-lifetime'));\n\t\t\t\t} else {\n\t\t\t\t\t// use default max-lifetime value\n\t\t\t\t\t$this->cleanSessionfiles();\n\t\t\t\t}\n\t\t\t\t$result = self::SUCCESS;\n\t\t\t} else {\n\t\t\t\t// php-fpm not enabled\n\t\t\t\t$output->writeln('PHP-FPM not enabled for this installation.');\n\t\t\t\t$result = self::INVALID;\n\t\t\t}\n\t\t}\n\t\treturn $result;\n\t}\n\n\tprivate function cleanSessionfiles(int $maxlifetime = 1440)\n\t{\n\t\t// store paths to clean up\n\t\t$paths_to_clean = [];\n\t\t// get all pool-config directories configured\n\t\t$sel_stmt = Database::prepare(\"SELECT DISTINCT `config_dir` FROM `\" . TABLE_PANEL_FPMDAEMONS . \"`\");\n\t\tDatabase::pexecute($sel_stmt);\n\t\twhile ($fpmd = $sel_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t$poolfiles = glob(FileDir::makeCorrectFile($fpmd['config_dir'] . '/*.conf'));\n\t\t\tforeach ($poolfiles as $cf) {\n\t\t\t\t$contents = file_get_contents($cf);\n\t\t\t\t$pattern = preg_quote('session.save_path', '/');\n\t\t\t\t$pattern = \"/\" . $pattern . \".+?\\=(.*)/\";\n\t\t\t\tif (preg_match_all($pattern, $contents, $matches)) {\n\t\t\t\t\t$session_path = trim($matches[1][0]);\n\t\t\t\t\t// Skip non-file-based session storage (Redis, Memcached, etc.)\n\t\t\t\t\t// These typically contain protocol indicators like :// or are not valid directories\n\t\t\t\t\tif (strpos($session_path, '://') !== false) {\n\t\t\t\t\t\t// Skip paths with protocol indicators (tcp://, redis://, memcached://, etc.)\n\t\t\t\t\t\tcontinue;\n\t\t\t\t\t}\n\t\t\t\t\t$paths_to_clean[] = FileDir::makeCorrectDir(trim($matches[1][0]));\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\t// every path is just needed once\n\t\t$paths_to_clean = array_unique($paths_to_clean);\n\n\t\tif (count($paths_to_clean) > 0) {\n\t\t\tforeach ($paths_to_clean as $ptc) {\n\t\t\t\t// find all files older than maxlifetime and delete them\n\t\t\t\tFileDir::safe_exec(\"find -O3 \\\"\" . $ptc . \"\\\" -ignore_readdir_race -depth -mindepth 1 -name 'sess_*' -type f -cmin \\\"+\" . $maxlifetime . \"\\\" -delete\");\n\t\t\t}\n\t\t}\n\t}\n}\n" }, { "path": "lib/Froxlor/Cli/RunApiCommand.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Cli;\n\nuse Exception;\nuse Froxlor\\Froxlor;\nuse Symfony\\Component\\Console\\Input\\InputArgument;\nuse Symfony\\Component\\Console\\Input\\InputInterface;\nuse Symfony\\Component\\Console\\Input\\InputOption;\nuse Symfony\\Component\\Console\\Output\\OutputInterface;\nuse Symfony\\Component\\Console\\Style\\SymfonyStyle;\n\nfinal class RunApiCommand extends CliCommand\n{\n\n\tprotected function configure()\n\t{\n\t\t$this->setName('froxlor:api-call');\n\t\t$this->setDescription('Run an API command as given user');\n\t\t$this->addArgument('user', InputArgument::REQUIRED, 'Loginname of the user you want to run the command as')\n\t\t\t->addArgument('api-command', InputArgument::REQUIRED, 'The command to execute in the form \"Module.function\"')\n\t\t\t->addArgument('parameters', InputArgument::OPTIONAL, 'Parameters to pass to the command as JSON array');\n\t\t$this->addOption('show-params', 's', InputOption::VALUE_NONE, 'Show possible parameters for given api-command (given command will *not* be called)');\n\t}\n\n\tprotected function execute(InputInterface $input, OutputInterface $output): int\n\t{\n\t\t$result = $this->validateRequirements($output);\n\n\t\trequire Froxlor::getInstallDir() . '/lib/functions.php';\n\n\t\t// set error-handler\n\t\t@set_error_handler([\n\t\t\t'\\\\Froxlor\\\\Api\\\\Api',\n\t\t\t'phpErrHandler'\n\t\t]);\n\n\t\tif ($result == self::SUCCESS) {\n\t\t\ttry {\n\t\t\t\t$loginname = $input->getArgument('user');\n\t\t\t\t$userinfo = $this->getUserByName($loginname);\n\t\t\t\t$command = $input->getArgument('api-command');\n\t\t\t\t$apicmd = $this->validateCommand($command);\n\t\t\t\t$module = \"\\\\Froxlor\\\\Api\\\\Commands\\\\\" . $apicmd['class'];\n\t\t\t\t$function = $apicmd['function'];\n\t\t\t\tif ($input->getOption('show-params') !== false) {\n\t\t\t\t\t$json_result = \\Froxlor\\Api\\Commands\\Froxlor::getLocal($userinfo, ['module' => $apicmd['class'], 'function' => $function])->listFunctions();\n\t\t\t\t\t$io = new SymfonyStyle($input, $output);\n\t\t\t\t\t$result = $this->outputParamsList($json_result, $io);\n\t\t\t\t} else {\n\t\t\t\t\t$params_json = $input->getArgument('parameters');\n\t\t\t\t\t$params = json_decode($params_json ?? '', true);\n\t\t\t\t\t$json_result = $module::getLocal($userinfo, $params)->{$function}();\n\t\t\t\t\t$output->write($json_result);\n\t\t\t\t\t$result = self::SUCCESS;\n\t\t\t\t}\n\t\t\t} catch (Exception $e) {\n\t\t\t\t$output->writeln('' . $e->getMessage() . '');\n\t\t\t\t$result = self::FAILURE;\n\t\t\t}\n\t\t}\n\n\t\treturn $result;\n\t}\n\n\tprivate function outputParamsList(string $json, SymfonyStyle $io): int\n\t{\n\t\t$docs = json_decode($json, true);\n\t\t$docs = array_shift($docs['data']);\n\t\tif (!isset($docs['params'])) {\n\t\t\t$io->warning(($docs['head'] ?? \"unknown return\"));\n\t\t\treturn self::INVALID;\n\t\t}\n\t\tif (empty($docs['params'])) {\n\t\t\t$io->success(\"No parameters required\");\n\t\t} else {\n\t\t\t$rows = [];\n\t\t\tforeach ($docs['params'] as $param) {\n\t\t\t\t$rows[] = [$param['type'], '' . $param['parameter'] . '', $param['desc'] ?? \"\"];\n\t\t\t}\n\t\t\t$io->table(['Type', 'Name', 'Description'], $rows);\n\t\t}\n\t\treturn self::SUCCESS;\n\t}\n\n\t/**\n\t * @throws Exception\n\t */\n\tprivate function validateCommand(string $command): array\n\t{\n\t\t$command = explode(\".\", $command);\n\n\t\tif (count($command) != 2) {\n\t\t\tthrow new Exception(\"The given command is invalid.\");\n\t\t}\n\t\t// simply check for file-existance, as we do not want to use our autoloader because this way\n\t\t// it will recognize non-api classes+methods as valid commands\n\t\t$apiclass = '\\\\Froxlor\\\\Api\\\\Commands\\\\' . $command[0];\n\t\tif (!class_exists($apiclass) || !@method_exists($apiclass, $command[1])) {\n\t\t\tthrow new Exception(\"Unknown command\");\n\t\t}\n\t\treturn ['class' => $command[0], 'function' => $command[1]];\n\t}\n\n}\n" }, { "path": "lib/Froxlor/Cli/SwitchServerIp.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Cli;\n\nuse Froxlor\\Database\\Database;\nuse PDO;\nuse Symfony\\Component\\Console\\Input\\InputInterface;\nuse Symfony\\Component\\Console\\Input\\InputOption;\nuse Symfony\\Component\\Console\\Output\\OutputInterface;\nuse Symfony\\Component\\Console\\Style\\SymfonyStyle;\n\nfinal class SwitchServerIp extends CliCommand\n{\n\n\tprotected function configure()\n\t{\n\t\t$this->setName('froxlor:switch-server-ip');\n\t\t$this->setDescription('Easily switch IP addresses e.g. after server migration');\n\t\t$this->addOption('switch', 's', InputOption::VALUE_REQUIRED | InputOption::VALUE_IS_ARRAY, 'Switch IP-address pair. A pair is separated by comma. For example: --switch=A,B')\n\t\t\t->addOption('list', 'l', InputOption::VALUE_NONE, 'List all IP addresses currently added for this server in froxlor');\n\t}\n\n\tprotected function execute(InputInterface $input, OutputInterface $output): int\n\t{\n\t\t$result = $this->validateRequirements($output);\n\n\t\tif ($result == self::SUCCESS && $input->getOption('list') == false && $input->getOption('switch') == false) {\n\t\t\t$output->writeln('Either --list or --switch option must be provided. Nothing to do, exiting.');\n\t\t\t$result = self::INVALID;\n\t\t}\n\n\t\t$io = new SymfonyStyle($input, $output);\n\n\t\tif ($result == self::SUCCESS && $input->getOption('list')) {\n\t\t\t$sel_stmt = Database::prepare(\"SELECT * FROM panel_ipsandports ORDER BY ip ASC, port ASC\");\n\t\t\tDatabase::pexecute($sel_stmt);\n\t\t\t$ips = $sel_stmt->fetchAll(PDO::FETCH_ASSOC);\n\t\t\t$table_rows = [];\n\t\t\tforeach ($ips as $ipdata) {\n\t\t\t\t$table_rows[] = [$ipdata['id'], $ipdata['ip'], $ipdata['port']];\n\t\t\t}\n\n\t\t\t$io->table(\n\t\t\t\t['#', 'IP address', 'Port'],\n\t\t\t\t$table_rows\n\t\t\t);\n\t\t}\n\n\t\tif ($result == self::SUCCESS && $input->getOption('switch')) {\n\t\t\t$result = $this->switchIPs($input, $output);\n\t\t}\n\n\t\treturn $result;\n\t}\n\n\tprivate function switchIPs(InputInterface $input, OutputInterface $output): int\n\t{\n\t\t$ip_list = $input->getOption('switch');\n\n\t\t$has_error = false;\n\t\t$ips_to_switch = [];\n\t\tforeach ($ip_list as $ips_combo) {\n\t\t\t$ip_pair = explode(\",\", $ips_combo);\n\t\t\tif (count($ip_pair) != 2) {\n\t\t\t\t$output->writeln('Invalid option parameter, not a valid IP address pair.');\n\t\t\t\t$has_error = true;\n\t\t\t} else {\n\t\t\t\tif (filter_var($ip_pair[0], FILTER_VALIDATE_IP) == false) {\n\t\t\t\t\t$output->writeln('Invalid source ip address: ' . $ip_pair[0] . '');\n\t\t\t\t\t$has_error = true;\n\t\t\t\t}\n\t\t\t\tif (filter_var($ip_pair[1], FILTER_VALIDATE_IP) == false) {\n\t\t\t\t\t$output->writeln('Invalid target ip address: ' . $ip_pair[1] . '');\n\t\t\t\t\t$has_error = true;\n\t\t\t\t}\n\t\t\t\tif ($ip_pair[0] == $ip_pair[1] && !$has_error) {\n\t\t\t\t\t$output->writeln('Source and target ip address are equal');\n\t\t\t\t\t$has_error = true;\n\t\t\t\t}\n\t\t\t}\n\t\t\t$ips_to_switch[] = $ip_pair;\n\t\t}\n\t\tif ($has_error) {\n\t\t\treturn self::FAILURE;\n\t\t}\n\n\t\tif (count($ips_to_switch) > 0) {\n\t\t\t$check_stmt = Database::prepare(\"SELECT `id` FROM panel_ipsandports WHERE `ip` = :newip\");\n\t\t\t$upd_stmt = Database::prepare(\"UPDATE panel_ipsandports SET `ip` = :newip WHERE `ip` = :oldip\");\n\n\t\t\t// system.ipaddress\n\t\t\t$check_sysip_stmt = Database::prepare(\"SELECT `value` FROM `panel_settings` WHERE `settinggroup` = 'system' and `varname` = 'ipaddress'\");\n\t\t\t$check_sysip = Database::pexecute_first($check_sysip_stmt);\n\n\t\t\t// system.mysql_access_host\n\t\t\t$check_mysqlip_stmt = Database::prepare(\"SELECT `value` FROM `panel_settings` WHERE `settinggroup` = 'system' and `varname` = 'mysql_access_host'\");\n\t\t\t$check_mysqlip = Database::pexecute_first($check_mysqlip_stmt);\n\n\t\t\t// system.axfrservers\n\t\t\t$check_axfrip_stmt = Database::prepare(\"SELECT `value` FROM `panel_settings` WHERE `settinggroup` = 'system' and `varname` = 'axfrservers'\");\n\t\t\t$check_axfrip = Database::pexecute_first($check_axfrip_stmt);\n\n\t\t\tforeach ($ips_to_switch as $ip_pair) {\n\t\t\t\t$output->writeln('Switching IP ' . $ip_pair[0] . ' to IP ' . $ip_pair[1] . '');\n\n\t\t\t\t$ip_check = Database::pexecute_first($check_stmt, [\n\t\t\t\t\t'newip' => $ip_pair[1]\n\t\t\t\t]);\n\t\t\t\tif ($ip_check) {\n\t\t\t\t\t$output->writeln('Note: ' . $ip_pair[0] . ' not updated to ' . $ip_pair[1] . ' - IP already exists in froxlor\\'s database');\n\t\t\t\t\tcontinue;\n\t\t\t\t}\n\n\t\t\t\tDatabase::pexecute($upd_stmt, [\n\t\t\t\t\t'newip' => $ip_pair[1],\n\t\t\t\t\t'oldip' => $ip_pair[0]\n\t\t\t\t]);\n\t\t\t\t$rows_updated = $upd_stmt->rowCount();\n\n\t\t\t\tif ($rows_updated == 0) {\n\t\t\t\t\t$output->writeln('Note: ' . $ip_pair[0] . ' not updated to ' . $ip_pair[1] . ' (possibly no entry found in froxlor database. Use --list to see what IP addresses are added in froxlor');\n\t\t\t\t\tcontinue;\n\t\t\t\t}\n\n\t\t\t\t// check whether the system.ipaddress needs updating\n\t\t\t\tif ($check_sysip['value'] == $ip_pair[0]) {\n\t\t\t\t\t$upd2_stmt = Database::prepare(\"UPDATE `panel_settings` SET `value` = :newip WHERE `settinggroup` = 'system' and `varname` = 'ipaddress'\");\n\t\t\t\t\tDatabase::pexecute($upd2_stmt, [\n\t\t\t\t\t\t'newip' => $ip_pair[1]\n\t\t\t\t\t]);\n\t\t\t\t\t$output->writeln('Updated system-ipaddress from ' . $ip_pair[0] . ' to ' . $ip_pair[1] . '');\n\t\t\t\t}\n\n\t\t\t\t// check whether the system.mysql_access_host needs updating\n\t\t\t\tif (strstr($check_mysqlip['value'], $ip_pair[0]) !== false) {\n\t\t\t\t\t$new_mysqlip = str_replace($ip_pair[0], $ip_pair[1], $check_mysqlip['value']);\n\t\t\t\t\t$upd2_stmt = Database::prepare(\"UPDATE `panel_settings` SET `value` = :newmysql WHERE `settinggroup` = 'system' and `varname` = 'mysql_access_host'\");\n\t\t\t\t\tDatabase::pexecute($upd2_stmt, [\n\t\t\t\t\t\t'newmysql' => $new_mysqlip\n\t\t\t\t\t]);\n\t\t\t\t\t$output->writeln('Updated mysql_access_host from ' . $check_mysqlip['value'] . ' to ' . $new_mysqlip . '');\n\t\t\t\t}\n\n\t\t\t\t// check whether the system.axfrservers needs updating\n\t\t\t\tif (strstr($check_axfrip['value'], $ip_pair[0]) !== false) {\n\t\t\t\t\t$new_axfrip = str_replace($ip_pair[0], $ip_pair[1], $check_axfrip['value']);\n\t\t\t\t\t$upd2_stmt = Database::prepare(\"UPDATE `panel_settings` SET `value` = :newaxfr WHERE `settinggroup` = 'system' and `varname` = 'axfrservers'\");\n\t\t\t\t\tDatabase::pexecute($upd2_stmt, [\n\t\t\t\t\t\t'newaxfr' => $new_axfrip\n\t\t\t\t\t]);\n\t\t\t\t\t$output->writeln('Updated axfr-servers from ' . $check_axfrip['value'] . ' to ' . $new_axfrip . '');\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\t$output->writeln(\"\");\n\t\t$output->writeln(\"*** ATTENTION *** Remember to replace IP addresses in configuration files if used anywhere.\");\n\t\t$output->writeln(\"IP addresses updated\");\n\t\treturn self::SUCCESS;\n\t}\n}\n" }, { "path": "lib/Froxlor/Cli/UpdateCommand.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Cli;\n\nuse Exception;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\FileDir;\nuse Froxlor\\Froxlor;\nuse Froxlor\\Install\\AutoUpdate;\nuse Froxlor\\Install\\Preconfig;\nuse Froxlor\\Install\\Update;\nuse Froxlor\\Settings;\nuse Froxlor\\System\\Mailer;\nuse Symfony\\Component\\Console\\Input\\InputInterface;\nuse Symfony\\Component\\Console\\Input\\InputOption;\nuse Symfony\\Component\\Console\\Output\\OutputInterface;\nuse Symfony\\Component\\Console\\Question\\ChoiceQuestion;\nuse Symfony\\Component\\Console\\Question\\ConfirmationQuestion;\nuse Symfony\\Component\\Console\\Question\\Question;\nuse Symfony\\Component\\Console\\Style\\SymfonyStyle;\n\nfinal class UpdateCommand extends CliCommand\n{\n\n\tprotected function configure()\n\t{\n\t\t$this->setName('froxlor:update');\n\t\t$this->setDescription('Check for newer version and update froxlor');\n\t\t$this->addOption('check-only', 'c', InputOption::VALUE_NONE, 'Only check for newer version and exit')\n\t\t\t->addOption('show-update-options', 'o', InputOption::VALUE_NONE, 'Show possible update option parameter for the update if any. Only usable in combination with \"check-only\".')\n\t\t\t->addOption('update-options', 'O', InputOption::VALUE_IS_ARRAY | InputOption::VALUE_REQUIRED, 'Parameter list of update options.')\n\t\t\t->addOption('database', 'd', InputOption::VALUE_NONE, 'Only run database updates in case updates are done via apt or manually.')\n\t\t\t->addOption('mail-notify', 'm', InputOption::VALUE_NONE, 'Additionally inform administrator via email if a newer version was found')\n\t\t\t->addOption('yes-to-all', 'A', InputOption::VALUE_NONE, 'Do not ask for download, extract and database-update, just do it (if not --check-only is set)')\n\t\t\t->addOption('integer-return', 'i', InputOption::VALUE_NONE, 'Return integer whether a new version is available or not (implies --check-only). Useful for programmatic use.');\n\t}\n\n\tprotected function execute(InputInterface $input, OutputInterface $output)\n\t{\n\t\t$result = self::SUCCESS;\n\n\t\t// database update only\n\t\tif ($input->getOption('database')) {\n\t\t\t$result = $this->validateRequirements($output, true);\n\t\t\tif ($result == self::SUCCESS) {\n\t\t\t\trequire Froxlor::getInstallDir() . '/lib/functions.php';\n\t\t\t\tif (Froxlor::hasUpdates() || Froxlor::hasDbUpdates()) {\n\t\t\t\t\t$output->writeln('' . lng('update.dbupdate_required') . '');\n\t\t\t\t\tif ($input->getOption('check-only')) {\n\t\t\t\t\t\t$output->writeln('Doing nothing because of \"check-only\" flag.');\n\t\t\t\t\t\t$this->askUpdateOptions($input, $output, null, false);\n\t\t\t\t\t} else {\n\t\t\t\t\t\t$yestoall = $input->getOption('yes-to-all') !== false;\n\t\t\t\t\t\t$helper = $this->getHelper('question');\n\n\t\t\t\t\t\t$this->askUpdateOptions($input, $output, $helper, $yestoall);\n\n\t\t\t\t\t\t$question = new ConfirmationQuestion('Update database? [no] ', false, '/^(y|j)/i');\n\t\t\t\t\t\tif ($yestoall || $helper->ask($input, $output, $question)) {\n\t\t\t\t\t\t\t$result = $this->runUpdate($output, true);\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t\treturn $result;\n\t\t\t\t}\n\t\t\t\t$output->writeln('' . lng('update.noupdatesavail', [(Settings::Get('system.update_channel') == 'testing' ? lng('serversettings.uc_testing') . ' ' : '')]) . '');\n\t\t\t}\n\t\t\treturn $result;\n\t\t}\n\n\t\t$result = $this->validateRequirements($output);\n\n\t\tif ($result != self::SUCCESS) {\n\t\t\t// requirements failed, exit\n\t\t\treturn $result;\n\t\t}\n\n\t\trequire Froxlor::getInstallDir() . '/lib/functions.php';\n\n\t\t// version check\n\t\t$newversionavail = false;\n\t\tif ($result == self::SUCCESS) {\n\t\t\ttry {\n\t\t\t\t$aucheck = AutoUpdate::checkVersion();\n\n\t\t\t\tif ($aucheck == 1) {\n\t\t\t\t\t$this->mailNotify($input, $output);\n\t\t\t\t\tif ($input->getOption('integer-return')) {\n\t\t\t\t\t\t$output->write(1);\n\t\t\t\t\t\treturn self::SUCCESS;\n\t\t\t\t\t}\n\t\t\t\t\t// there is a new version\n\t\t\t\t\tif ($input->getOption('check-only')) {\n\t\t\t\t\t\t$text = lng('update.uc_newinfo', [(Settings::Get('system.update_channel') != 'stable' ? Settings::Get('system.update_channel') . ' ' : ''), AutoUpdate::getFromResult('version'), Froxlor::VERSION]);\n\t\t\t\t\t} else {\n\t\t\t\t\t\t$text = lng('admin.newerversionavailable') . ' ' . lng('admin.newerversiondetails', [AutoUpdate::getFromResult('version'), Froxlor::VERSION]);\n\t\t\t\t\t}\n\t\t\t\t\t$text = str_replace(\"
\", \" \", $text);\n\t\t\t\t\t$text = str_replace(\"\", \"\", $text);\n\t\t\t\t\t$text = str_replace(\"\", \"\", $text);\n\t\t\t\t\t$newversionavail = true;\n\t\t\t\t\t$output->writeln('' . $text . '');\n\t\t\t\t\t$result = self::SUCCESS;\n\t\t\t\t} elseif ($aucheck < 0 || $aucheck > 1) {\n\t\t\t\t\tif ($input->getOption('integer-return')) {\n\t\t\t\t\t\t$output->write(-1);\n\t\t\t\t\t\treturn self::INVALID;\n\t\t\t\t\t}\n\t\t\t\t\t// errors\n\t\t\t\t\tif ($aucheck < 0) {\n\t\t\t\t\t\t$output->writeln('' . AutoUpdate::getLastError() . '');\n\t\t\t\t\t} else {\n\t\t\t\t\t\t$errmsg = 'error.autoupdate_' . $aucheck;\n\t\t\t\t\t\tif ($aucheck == 3) {\n\t\t\t\t\t\t\t$errmsg = 'error.customized_version';\n\t\t\t\t\t\t}\n\t\t\t\t\t\t$output->writeln('' . lng($errmsg) . '');\n\t\t\t\t\t}\n\t\t\t\t\t$result = self::INVALID;\n\t\t\t\t} else {\n\t\t\t\t\tif ($input->getOption('integer-return')) {\n\t\t\t\t\t\t$output->write(0);\n\t\t\t\t\t\treturn self::SUCCESS;\n\t\t\t\t\t}\n\t\t\t\t\t// no new version\n\t\t\t\t\t$output->writeln('' . AutoUpdate::getFromResult('info') . '');\n\t\t\t\t\t$result = self::SUCCESS;\n\t\t\t\t}\n\t\t\t} catch (Exception $e) {\n\t\t\t\tif ($input->getOption('integer-return')) {\n\t\t\t\t\t$output->write(-1);\n\t\t\t\t\treturn self::FAILURE;\n\t\t\t\t}\n\t\t\t\t$output->writeln('' . $e->getMessage() . '');\n\t\t\t\t$result = self::FAILURE;\n\t\t\t}\n\t\t}\n\n\t\t// if there's a newer version, proceed\n\t\tif ($result == self::SUCCESS && $newversionavail) {\n\n\t\t\t// check whether we only wanted to check\n\t\t\tif ($input->getOption('check-only')) {\n\t\t\t\t//$output->writeln('Not proceeding as \"check-only\" is specified');\n\t\t\t\t$this->askUpdateOptions($input, $output, null, false);\n\t\t\t\treturn $result;\n\t\t\t} else {\n\t\t\t\t$yestoall = $input->getOption('yes-to-all') !== false;\n\n\t\t\t\t$helper = $this->getHelper('question');\n\n\t\t\t\t// ask download\n\t\t\t\t$question = new ConfirmationQuestion('Download newer version? [no] ', false, '/^(y|j)/i');\n\t\t\t\tif ($yestoall || $helper->ask($input, $output, $question)) {\n\t\t\t\t\t// do download\n\t\t\t\t\t$output->writeln('Downloading...');\n\t\t\t\t\t$audl = AutoUpdate::downloadZip(AutoUpdate::getFromResult('version'));\n\t\t\t\t\tif (!is_numeric($audl)) {\n\t\t\t\t\t\t// ask extract\n\t\t\t\t\t\t$question = new ConfirmationQuestion('Extract downloaded archive? [no] ', false, '/^(y|j)/i');\n\t\t\t\t\t\tif ($yestoall || $helper->ask($input, $output, $question)) {\n\t\t\t\t\t\t\t// do extract\n\t\t\t\t\t\t\t$output->writeln('Extracting...');\n\t\t\t\t\t\t\t$auex = AutoUpdate::extractZip(Froxlor::getInstallDir() . '/updates/' . $audl);\n\t\t\t\t\t\t\tif ($auex == 0) {\n\t\t\t\t\t\t\t\t$output->writeln(\"Froxlor files updated successfully.\");\n\t\t\t\t\t\t\t\t$result = self::SUCCESS;\n\n\t\t\t\t\t\t\t\t// restart fpm if used to clear opcache\n\t\t\t\t\t\t\t\tif ((int)Settings::Get('phpfpm.enabled') == 1 && Settings::Get('phpfpm.enabled_ownvhost') == '1') {\n\t\t\t\t\t\t\t\t\t// get fpm restart cmd\n\t\t\t\t\t\t\t\t\t$startstop_sel = Database::prepare(\"\n\t\t\t\t\t\t\t\t\t\tSELECT f.reload_cmd, f.config_dir\n\t\t\t\t\t\t\t\t\t\tFROM `\" . TABLE_PANEL_FPMDAEMONS . \"` f\n\t\t\t\t\t\t\t\t\t\tLEFT JOIN `\" . TABLE_PANEL_PHPCONFIGS . \"` p ON p.fpmsettingid = f.id\n\t\t\t\t\t\t\t\t\t\tWHERE p.id = :phpconfigid\n\t\t\t\t\t\t\t\t\t\");\n\t\t\t\t\t\t\t\t\t$restart_cmd = Database::pexecute_first($startstop_sel, [\n\t\t\t\t\t\t\t\t\t\t'phpconfigid' => Settings::Get('phpfpm.vhost_defaultini')\n\t\t\t\t\t\t\t\t\t]);\n\t\t\t\t\t\t\t\t\t// restart php-fpm instance\n\t\t\t\t\t\t\t\t\tFileDir::safe_exec(escapeshellcmd($restart_cmd['reload_cmd']));\n\t\t\t\t\t\t\t\t}\n\n\t\t\t\t\t\t\t\t$this->askUpdateOptions($input, $output, $helper, $yestoall);\n\n\t\t\t\t\t\t\t\t$question = new ConfirmationQuestion('Update database? [no] ', false, '/^(y|j)/i');\n\t\t\t\t\t\t\t\tif ($yestoall || $helper->ask($input, $output, $question)) {\n\t\t\t\t\t\t\t\t\t// run in separate process to ensure the use of newly unpacked files\n\t\t\t\t\t\t\t\t\tpassthru(Froxlor::getInstallDir() . '/bin/froxlor-cli froxlor:update -dA', $result);\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t\t$errmsg = 'error.autoupdate_' . $auex;\n\t\t\t\t\t\t\t\t$output->writeln('' . lng($errmsg) . '');\n\t\t\t\t\t\t\t\t$result = self::FAILURE;\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t} else {\n\t\t\t\t\t\t$errmsg = 'error.autoupdate_' . $audl;\n\t\t\t\t\t\t$output->writeln('' . lng($errmsg) . '');\n\t\t\t\t\t\t$result = self::FAILURE;\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t\treturn $result;\n\t}\n\n\t/**\n\t * @param InputInterface $input\n\t * @param OutputInterface $output\n\t * @param $helper\n\t * @param bool $yestoall\n\t * @return void\n\t */\n\tprivate function askUpdateOptions(InputInterface $input, OutputInterface $output, $helper, bool $yestoall = false)\n\t{\n\t\t// check for preconfigs\n\t\t$preconfig = Preconfig::getPreConfig(true);\n\t\t$show_options_only = $input->getOption('show-update-options') !== false;\n\t\tif (!is_null($helper) && $show_options_only) {\n\t\t\t$output->writeln('Unsetting \"show-update-options\" due to not being called with \"check-only\".');\n\t\t\t$show_options_only = false;\n\t\t}\n\t\t$update_options = [];\n\t\t// set parameters\n\t\t$uOptions = $input->getOption('update-options');\n\t\tif (!empty($uOptions)) {\n\t\t\t$options_value = [];\n\t\t\tforeach ($uOptions as $givenOption) {\n\t\t\t\t$optVal = explode(\"=\", $givenOption);\n\t\t\t\tif (count($optVal) == 2) {\n\t\t\t\t\t$options_value[$optVal[0]] = $optVal[1];\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t\tif (!empty($preconfig)) {\n\t\t\tkrsort($preconfig);\n\t\t\tforeach ($preconfig as $section) {\n\t\t\t\tif (!$show_options_only) {\n\t\t\t\t\t$output->writeln(\"Updater questions for \" . $section['title'] . \"\");\n\t\t\t\t}\n\t\t\t\tforeach ($section['fields'] as $update_field => $metainfo) {\n\t\t\t\t\tif (isset($options_value[$update_field])) {\n\t\t\t\t\t\t$output->writeln('Setting given parameter \"' . $update_field . '\" to \"' . $options_value[$update_field] . '\"');\n\t\t\t\t\t\t$_POST[$update_field] = $options_value[$update_field];\n\t\t\t\t\t\tcontinue;\n\t\t\t\t\t}\n\t\t\t\t\t$default = null;\n\t\t\t\t\t$question_text = html_entity_decode(strip_tags($metainfo['label']), ENT_QUOTES | ENT_IGNORE, \"UTF-8\");\n\t\t\t\t\tif ($metainfo['type'] == 'checkbox') {\n\t\t\t\t\t\t$default = (int)$metainfo['checked'];\n\t\t\t\t\t\tif ($show_options_only) {\n\t\t\t\t\t\t\t$update_options[] = [\n\t\t\t\t\t\t\t\t'name' => $update_field,\n\t\t\t\t\t\t\t\t'question' => $question_text,\n\t\t\t\t\t\t\t\t'default' => $default,\n\t\t\t\t\t\t\t\t'choices' => '0: No' . PHP_EOL . '1: Yes' . PHP_EOL\n\t\t\t\t\t\t\t];\n\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t$question = new ConfirmationQuestion($question_text . ' [' . ($metainfo['checked'] ? 'yes' : 'no') . '] ', (bool)$metainfo['checked'], '/^(y|j)/i');\n\t\t\t\t\t\t}\n\t\t\t\t\t} elseif ($metainfo['type'] == 'select') {\n\t\t\t\t\t\t$default = $metainfo['selected'];\n\t\t\t\t\t\t$choices = \"\";\n\t\t\t\t\t\tforeach (array_values($metainfo['select_var'] ?? []) as $index => $choice) {\n\t\t\t\t\t\t\t$choices .= $index . ': ' . $choice . PHP_EOL;\n\t\t\t\t\t\t}\n\t\t\t\t\t\tif ($show_options_only) {\n\t\t\t\t\t\t\t$update_options[] = [\n\t\t\t\t\t\t\t\t'name' => $update_field,\n\t\t\t\t\t\t\t\t'question' => $question_text,\n\t\t\t\t\t\t\t\t'default' => !empty($default) ? $default : '-',\n\t\t\t\t\t\t\t\t'choices' => $choices\n\t\t\t\t\t\t\t];\n\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t$question = new ChoiceQuestion(\n\t\t\t\t\t\t\t\t$question_text,\n\t\t\t\t\t\t\t\tarray_values($metainfo['select_var'] ?? []),\n\t\t\t\t\t\t\t\t$metainfo['selected']\n\t\t\t\t\t\t\t);\n\t\t\t\t\t\t\t$question->setValidator(function ($answer) use ($metainfo): string {\n\t\t\t\t\t\t\t\t$key = array_keys($metainfo['select_var'])[(int)$answer] ?? false; // Find the key based on the selected value\n\t\t\t\t\t\t\t\tif ($key === false) {\n\t\t\t\t\t\t\t\t\tthrow new \\RuntimeException('Invalid selection.');\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\treturn $key;\n\t\t\t\t\t\t\t});\n\t\t\t\t\t\t}\n\t\t\t\t\t} elseif ($metainfo['type'] == 'text') {\n\t\t\t\t\t\t$default = $metainfo['value'] ?? '';\n\t\t\t\t\t\tif ($show_options_only) {\n\t\t\t\t\t\t\t$update_options[] = [\n\t\t\t\t\t\t\t\t'name' => $update_field,\n\t\t\t\t\t\t\t\t'question' => $question_text,\n\t\t\t\t\t\t\t\t'default' => $default,\n\t\t\t\t\t\t\t\t'choices' => PHP_EOL\n\t\t\t\t\t\t\t];\n\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t$question = new Question($question_text . (!empty($metainfo['value']) ? ' [' . $metainfo['value'] . ']' : ''), $default);\n\t\t\t\t\t\t\t$question->setValidator(function (string $answer) use ($metainfo): string {\n\t\t\t\t\t\t\t\tif (($metainfo['mandatory'] ?? false) && empty($answer)) {\n\t\t\t\t\t\t\t\t\tthrow new \\RuntimeException(\n\t\t\t\t\t\t\t\t\t\t'Answer cannot be empty'\n\t\t\t\t\t\t\t\t\t);\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\tif (!empty($metainfo['pattern'] ?? \"\") && !preg_match(\"/\" . $metainfo['pattern'] . \"/\", $answer)) {\n\t\t\t\t\t\t\t\t\tthrow new \\RuntimeException('Answer does not seem to be in valid format');\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\treturn $answer;\n\t\t\t\t\t\t\t});\n\t\t\t\t\t\t}\n\t\t\t\t\t} else {\n\t\t\t\t\t\t$output->writeln(\"Unknown type \" . $metainfo['type'] . \"\");\n\t\t\t\t\t\tcontinue;\n\t\t\t\t\t}\n\n\t\t\t\t\tif (!$show_options_only) {\n\t\t\t\t\t\tif ($yestoall) {\n\t\t\t\t\t\t\t$_POST[$update_field] = $default;\n\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t$_POST[$update_field] = $helper->ask($input, $output, $question);\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tif ($show_options_only) {\n\t\t\t\t$io = new SymfonyStyle($input, $output);\n\t\t\t\t$io->table(\n\t\t\t\t\t['Parameter', 'Description', 'Default', 'Choices'],\n\t\t\t\t\t$update_options\n\t\t\t\t);\n\t\t\t}\n\t\t}\n\t}\n\n\tprivate function mailNotify(InputInterface $input, OutputInterface $output)\n\t{\n\t\tif ($input->getOption('mail-notify')) {\n\t\t\t$last_check_version = Settings::Get('system.update_notify_last');\n\t\t\tif (Update::versionInUpdate($last_check_version, AutoUpdate::getFromResult('version'))) {\n\t\t\t\t$text = lng('update.uc_newinfo', [(Settings::Get('system.update_channel') != 'stable' ? Settings::Get('system.update_channel') . ' ' : ''), AutoUpdate::getFromResult('version'), Froxlor::VERSION]);\n\t\t\t\t$mail = new Mailer(true);\n\t\t\t\t$mail->Body = $text;\n\t\t\t\t$mail->Subject = \"[froxlor] \" . lng('update.notify_subject');\n\t\t\t\t$mail->AddAddress(Settings::Get('panel.adminmail'), Settings::Get('panel.adminmail_defname'));\n\t\t\t\tif (!$mail->Send() && $input->getOption('integer-return') == null) {\n\t\t\t\t\t$output->writeln('' . $mail->ErrorInfo . '');\n\t\t\t\t}\n\t\t\t\tSettings::Set('system.update_notify_last', AutoUpdate::getFromResult('version'));\n\t\t\t}\n\t\t}\n\t}\n}\n" }, { "path": "lib/Froxlor/Cli/UserCommand.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Cli;\n\nuse Exception;\nuse Froxlor\\Api\\Commands\\Admins;\nuse Froxlor\\Api\\Commands\\Customers;\nuse Froxlor\\Froxlor;\nuse Froxlor\\System\\Crypt;\nuse Symfony\\Component\\Console\\Input\\InputArgument;\nuse Symfony\\Component\\Console\\Input\\InputInterface;\nuse Symfony\\Component\\Console\\Input\\InputOption;\nuse Symfony\\Component\\Console\\Output\\OutputInterface;\nuse Symfony\\Component\\Console\\Style\\SymfonyStyle;\n\nfinal class UserCommand extends CliCommand\n{\n\n\tprotected function configure()\n\t{\n\t\t$this->setName('froxlor:user');\n\t\t$this->setDescription('Various user actions');\n\t\t$this->addArgument('user', InputArgument::REQUIRED, 'Loginname of the target user')\n\t\t\t->addArgument('admin', InputArgument::OPTIONAL, 'Loginname of the executing admin/reseller user', 'admin');\n\t\t$this->addOption('unlock', 'u', InputOption::VALUE_NONE, 'Unlock user after too many failed login attempts')\n\t\t\t->addOption('change-passwd', 'p', InputOption::VALUE_NONE, 'Set new password for given user')\n\t\t\t->addOption('show-info', 's', InputOption::VALUE_NONE, 'Output information details of given user');\n\t}\n\n\tprotected function execute(InputInterface $input, OutputInterface $output): int\n\t{\n\t\t$result = self::SUCCESS;\n\n\t\t$result = $this->validateRequirements($output);\n\n\t\trequire Froxlor::getInstallDir() . '/lib/functions.php';\n\n\t\t// set error-handler\n\t\t@set_error_handler([\n\t\t\t'\\\\Froxlor\\\\Api\\\\Api',\n\t\t\t'phpErrHandler'\n\t\t]);\n\n\t\tif ($result == self::SUCCESS) {\n\t\t\ttry {\n\t\t\t\t$adminname = $input->getArgument('admin');\n\t\t\t\t$admininfo = $this->getUserByName($adminname);\n\t\t\t\t$loginname = $input->getArgument('user');\n\t\t\t\t$userinfo = $this->getUserByName($loginname, false);\n\n\t\t\t\t$do_unlock = $input->getOption('unlock');\n\t\t\t\t$do_passwd = $input->getOption('change-passwd');\n\t\t\t\t$do_show = $input->getOption('show-info');\n\n\t\t\t\tif ($do_unlock === false && $do_passwd === false && $do_show === false) {\n\t\t\t\t\t$output->writeln('No option given, nothing to do.');\n\t\t\t\t\t$result = self::INVALID;\n\t\t\t\t}\n\n\t\t\t\tif ($do_unlock !== false) {\n\t\t\t\t\t// unlock given user\n\t\t\t\t\tif ((int)$userinfo['adminsession'] == 1) {\n\t\t\t\t\t\tAdmins::getLocal($admininfo, ['loginname' => $loginname])->unlock();\n\t\t\t\t\t} else {\n\t\t\t\t\t\tCustomers::getLocal($admininfo, ['loginname' => $loginname])->unlock();\n\t\t\t\t\t}\n\t\t\t\t\t$output->writeln('User ' . $loginname . ' unlocked successfully');\n\t\t\t\t\t$result = self::SUCCESS;\n\t\t\t\t}\n\t\t\t\tif ($result == self::SUCCESS && $do_passwd !== false) {\n\t\t\t\t\t$io = new SymfonyStyle($input, $output);\n\t\t\t\t\t$passwd = $io->askHidden(\"Enter new password\", function ($value) {\n\t\t\t\t\t\tif (empty($value)) {\n\t\t\t\t\t\t\tthrow new \\RuntimeException('You must enter a value.');\n\t\t\t\t\t\t}\n\t\t\t\t\t\t$value = Crypt::validatePassword($value, 'new password');\n\t\t\t\t\t\treturn $value;\n\t\t\t\t\t});\n\t\t\t\t\t$passwd2 = $io->askHidden(\"Confirm new password\", function ($value) use ($passwd) {\n\t\t\t\t\t\tif (empty($value)) {\n\t\t\t\t\t\t\tthrow new \\RuntimeException('You must enter a value.');\n\t\t\t\t\t\t} elseif ($value != $passwd) {\n\t\t\t\t\t\t\tthrow new \\RuntimeException('Passwords do not match');\n\t\t\t\t\t\t}\n\t\t\t\t\t\treturn $value;\n\t\t\t\t\t});\n\t\t\t\t\tif ((int)$userinfo['adminsession'] == 1) {\n\t\t\t\t\t\tAdmins::getLocal($admininfo, ['id' => $userinfo['adminid'], 'admin_password' => $passwd])->update();\n\t\t\t\t\t} else {\n\t\t\t\t\t\tCustomers::getLocal($admininfo, ['id' => $userinfo['customerid'], 'new_customer_password' => $passwd])->update();\n\t\t\t\t\t}\n\t\t\t\t\t$output->writeln('Changed password for ' . $loginname . '');\n\t\t\t\t\t$result = self::SUCCESS;\n\t\t\t\t}\n\t\t\t\tif ($result == self::SUCCESS && $do_show !== false) {\n\t\t\t\t\t$userinfo['password'] = '[hidden]';\n\t\t\t\t\t$userinfo['data_2fa'] = '[hidden]';\n\t\t\t\t\t$io = new SymfonyStyle($input, $output);\n\t\t\t\t\t$io->horizontalTable(\n\t\t\t\t\t\tarray_keys($userinfo),\n\t\t\t\t\t\t[array_values($userinfo)]\n\t\t\t\t\t);\n\t\t\t\t}\n\t\t\t} catch (Exception $e) {\n\t\t\t\t$output->writeln('' . $e->getMessage() . '');\n\t\t\t\t$result = self::FAILURE;\n\t\t\t}\n\t\t}\n\n\t\treturn $result;\n\t}\n}\n" }, { "path": "lib/Froxlor/Cli/ValidateAcmeWebroot.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Cli;\n\nuse Froxlor\\Cron\\TaskId;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\FileDir;\nuse Froxlor\\Froxlor;\nuse Froxlor\\Settings;\nuse Froxlor\\System\\Cronjob;\nuse PDO;\nuse Symfony\\Component\\Console\\Input\\InputInterface;\nuse Symfony\\Component\\Console\\Input\\InputOption;\nuse Symfony\\Component\\Console\\Output\\OutputInterface;\nuse Symfony\\Component\\Console\\Question\\ConfirmationQuestion;\nuse Symfony\\Component\\Console\\Style\\SymfonyStyle;\n\nfinal class ValidateAcmeWebroot extends CliCommand\n{\n\n\tprotected function configure()\n\t{\n\t\t$this->setName('froxlor:validate-acme-webroot');\n\t\t$this->setDescription('Validates the Le_Webroot value is correct for froxlor managed domains with Let\\'s Encrypt certificate.');\n\t\t$this->addOption('yes-to-all', 'A', InputOption::VALUE_NONE, 'Do not ask for confirmation, update files if necessary');\n\t}\n\n\t/**\n\t * @throws \\Exception\n\t */\n\tprotected function execute(InputInterface $input, OutputInterface $output): int\n\t{\n\t\t$result = $this->validateRequirements($output, true);\n\n\t\t$io = new SymfonyStyle($input, $output);\n\n\t\tif ((int)Settings::Get('system.leenabled') == 0) {\n\t\t\t$io->info(\"Let's Encrypt not activated in froxlor settings.\");\n\t\t\t$result = self::INVALID;\n\t\t}\n\n\t\tif ($result == self::SUCCESS) {\n\t\t\t$yestoall = $input->getOption('yes-to-all') !== false;\n\t\t\t$helper = $this->getHelper('question');\n\t\t\t$count_changes = 0;\n\t\t\t// get all Let's Encrypt enabled domains\n\t\t\t$sel_stmt = Database::prepare(\"SELECT id, domain FROM panel_domains WHERE `letsencrypt` = '1' AND aliasdomain IS NULL ORDER BY id ASC\");\n\t\t\tDatabase::pexecute($sel_stmt);\n\t\t\t$domains = $sel_stmt->fetchAll(PDO::FETCH_ASSOC);\n\t\t\t// check for froxlor-vhost\n\t\t\tif (Settings::Get('system.le_froxlor_enabled') == '1') {\n\t\t\t\t$domains[] = [\n\t\t\t\t\t'id' => 0,\n\t\t\t\t\t'domain' => Settings::Get('system.hostname')\n\t\t\t\t];\n\t\t\t}\n\t\t\t$upd_stmt = Database::prepare(\"UPDATE domain_ssl_settings SET `validtodate`=NULL WHERE `domainid` = :did\");\n\t\t\t$acmesh_dir = dirname(Settings::Get('system.acmeshpath'));\n\t\t\t$acmesh_challenge_dir = rtrim(FileDir::makeCorrectDir(Settings::Get('system.letsencryptchallengepath')), \"/\");\n\t\t\t$recommended = rtrim(FileDir::makeCorrectDir(Froxlor::getInstallDir()), \"/\");\n\n\t\t\tif ($acmesh_challenge_dir != $recommended) {\n\t\t\t\t$io->warning([\n\t\t\t\t\t\"ACME challenge docroot from settings differs from the current installation directory.\",\n\t\t\t\t\t\"Settings: '\" . $acmesh_challenge_dir . \"'\",\n\t\t\t\t\t\"Default/recommended value: '\" . $recommended . \"'\",\n\t\t\t\t]);\n\t\t\t\t$question = new ConfirmationQuestion('Fix ACME challenge docroot setting? [yes] ', true, '/^(y|j)/i');\n\t\t\t\tif ($yestoall || $helper->ask($input, $output, $question)) {\n\t\t\t\t\tSettings::Set('system.letsencryptchallengepath', $recommended);\n\t\t\t\t\t$former_value = $acmesh_challenge_dir;\n\t\t\t\t\t$acmesh_challenge_dir = $recommended;\n\t\t\t\t\t// need to update the corresponding acme-alias config-file\n\t\t\t\t\t$acme_alias_file = Settings::Get('system.letsencryptacmeconf');\n\t\t\t\t\t$sed_params = \"s@\" . $former_value . \"@\" . $acmesh_challenge_dir . \"@\";\n\t\t\t\t\tFileDir::safe_exec('sed -i -e \"' . $sed_params . '\" ' . escapeshellarg($acme_alias_file));\n\t\t\t\t\t$count_changes++;\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tforeach ($domains as $domain_arr) {\n\t\t\t\t$domain = $domain_arr['domain'];\n\t\t\t\t$acme_domain_conf = FileDir::makeCorrectFile($acmesh_dir . '/' . $domain . '/' . $domain . '.conf');\n\t\t\t\tif (file_exists($acme_domain_conf)) {\n\t\t\t\t\t$io->text(\"Getting info from \" . $acme_domain_conf);\n\t\t\t\t\t$conf_content = file_get_contents($acme_domain_conf);\n\t\t\t\t} else {\n\t\t\t\t\t$acme_domain_conf = FileDir::makeCorrectFile($acmesh_dir . '/' . $domain . '_ecc/' . $domain . '.conf');\n\t\t\t\t\tif (file_exists($acme_domain_conf)) {\n\t\t\t\t\t\t$io->text(\"Getting info from \" . $acme_domain_conf);\n\t\t\t\t\t\t$conf_content = file_get_contents($acme_domain_conf);\n\t\t\t\t\t} else {\n\t\t\t\t\t\t$io->info(\"No domain configuration file found in '\" . $acmesh_dir . \"'\");\n\t\t\t\t\t\tcontinue;\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\tif (!empty($conf_content)) {\n\t\t\t\t\t$lines = explode(\"\\n\", $conf_content);\n\t\t\t\t\tforeach ($lines as $line) {\n\t\t\t\t\t\t$val_key = explode(\"=\", $line);\n\t\t\t\t\t\tif ($val_key[0] == 'Le_Webroot') {\n\t\t\t\t\t\t\t$domain_webroot = trim(trim($val_key[1], \"'\"), '\"');\n\t\t\t\t\t\t\tif ($domain_webroot != $acmesh_challenge_dir) {\n\t\t\t\t\t\t\t\t$io->warning(\"Domain '\" . $domain . \"' has old/wrong Le_Webroot setting: '\" . $domain_webroot . ' <> ' . $acmesh_challenge_dir . \"'\");\n\t\t\t\t\t\t\t\t$question = new ConfirmationQuestion('Fix Le_Webroot? [yes] ', true, '/^(y|j)/i');\n\t\t\t\t\t\t\t\tif ($yestoall || $helper->ask($input, $output, $question)) {\n\t\t\t\t\t\t\t\t\t$sed_params = \"s@Le_Webroot=.*@Le_Webroot='\" . $acmesh_challenge_dir . \"'@\";\n\t\t\t\t\t\t\t\t\tFileDir::safe_exec('sed -i -e \"' . $sed_params . '\" ' . escapeshellarg($acme_domain_conf));\n\t\t\t\t\t\t\t\t\tDatabase::pexecute($upd_stmt, ['did' => $domain_arr['id']]);\n\t\t\t\t\t\t\t\t\t$io->success(\"Correction of Le_Webroot successful\");\n\t\t\t\t\t\t\t\t\t$count_changes++;\n\t\t\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t\t\tcontinue;\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t\t$io->info(\"Domain '\" . $domain . \"' Le_Webroot value is correct\");\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\tbreak;\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t\tif ($count_changes > 0) {\n\t\t\t\tif (Froxlor::hasUpdates() || Froxlor::hasDbUpdates()) {\n\t\t\t\t\t$io->info(\"Changes detected but froxlor has been updated. Inserting task to rebuild vhosts after update.\");\n\t\t\t\t\tCronjob::inserttask(TaskId::REBUILD_VHOST);\n\t\t\t\t} else {\n\t\t\t\t\t$question = new ConfirmationQuestion('Changes detected. Force cronjob to refresh certificates? [yes] ', true, '/^(y|j)/i');\n\t\t\t\t\tif ($yestoall || $helper->ask($input, $output, $question)) {\n\t\t\t\t\t\tpassthru(FileDir::makeCorrectFile(Froxlor::getInstallDir() . '/bin/froxlor-cli') . ' froxlor:cron -f -d');\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\t$io->success(\"No changes necessary.\");\n\t\t\t}\n\t\t}\n\n\t\treturn $result;\n\t}\n\n}\n" }, { "path": "lib/Froxlor/Cli/index.html", "content": "" }, { "path": "lib/Froxlor/Cli/install.functions.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nuse Froxlor\\Language;\n\nfunction lng(string $identifier, array $arguments = [])\n{\n\treturn Language::getTranslation($identifier, $arguments);\n}\n\nfunction old(string $identifier, string $default = null, string $session = null)\n{\n\treturn $default;\n}\n" }, { "path": "lib/Froxlor/Config/ConfigDaemon.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Config;\n\nuse Exception;\nuse Froxlor\\Froxlor;\nuse Froxlor\\Settings;\nuse SimpleXMLElement;\n\n/**\n * Class ConfigDaemon\n *\n * Parses a distributions XML - file and gives access to the configuration\n * Not to be used directly\n */\nclass ConfigDaemon\n{\n\n\t/**\n\t * Human - readable title of this service\n\t *\n\t * @var string\n\t */\n\tpublic $title;\n\t/**\n\t * Whether this is the default daemon of the service-category\n\t *\n\t * @var boolean\n\t */\n\tpublic $default;\n\t/**\n\t * Holding the commands for this daemon\n\t *\n\t * @var array\n\t */\n\tprivate $orders = [];\n\t/**\n\t * Store the parsed SimpleXMLElement for usage\n\t *\n\t * @var SimpleXMLElement\n\t */\n\tprivate $fullxml;\n\t/**\n\t * Memorize if we already parsed the XML\n\t *\n\t * @var bool\n\t */\n\tprivate $isparsed = false;\n\t/**\n\t * Sub - area of the full - XML only holding the daemon - data we are interested in\n\t *\n\t * @var SimpleXMLElement\n\t */\n\tprivate $daemon;\n\t/**\n\t * xpath leading to this daemon in the full XML\n\t *\n\t * @var string\n\t */\n\tprivate $xpath;\n\t/**\n\t * cache of sql-data if used\n\t */\n\tprivate $sqldata_cache = null;\n\n\tpublic function __construct($xml, $xpath)\n\t{\n\t\t$this->fullxml = $xml;\n\t\t$this->xpath = $xpath;\n\t\t$this->daemon = $this->fullxml->xpath($this->xpath);\n\t\tif (count($this->daemon) !== 1) {\n\t\t\tthrow new Exception('XPath \"' . $this->xpath . '\" didn\\'t return exactly one element');\n\t\t}\n\t\t$attributes = $this->daemon[0]->attributes();\n\t\tif ($attributes['title'] != '') {\n\t\t\t$this->title = $this->parseContent((string)$attributes['title']);\n\t\t}\n\t\tif (isset($attributes['default'])) {\n\t\t\t$this->default = ($attributes['default'] == true);\n\t\t}\n\t}\n\n\t/**\n\t * Replace placeholders with content\n\t *\n\t * @param string $content\n\t * @return string $content w/o placeholder\n\t */\n\tprivate function parseContent($content)\n\t{\n\t\t$content = preg_replace_callback('/\\{\\{(.*)\\}\\}/Ui', function ($matches) {\n\t\t\t$match = null;\n\t\t\tif (preg_match('/^settings\\.(.*)$/', $matches[1], $match)) {\n\t\t\t\treturn Settings::Get($match[1]);\n\t\t\t} elseif (preg_match('/^lng\\.(.*)(?:\\.(.*)(?:\\.(.*)))$/U', $matches[1], $match)) {\n\t\t\t\tif (isset($match[1]) && $match[1] != '' && isset($match[2]) && $match[2] != '' && isset($match[3]) && $match[3] != '') {\n\t\t\t\t\treturn lng($match[1] . '.' . $match[2] . '.' . $match[3]);\n\t\t\t\t} elseif (isset($match[1]) && $match[1] != '' && isset($match[2]) && $match[2] != '') {\n\t\t\t\t\treturn lng($match[1] . '.' . $match[2]);\n\t\t\t\t} elseif (isset($match[1]) && $match[1] != '') {\n\t\t\t\t\treturn lng($match[1]);\n\t\t\t\t}\n\t\t\t\treturn '';\n\t\t\t} elseif (preg_match('/^const\\.(.*)$/', $matches[1], $match)) {\n\t\t\t\treturn $this->returnDynamic($match[1]);\n\t\t\t} elseif (preg_match('/^sql\\.(.*)$/', $matches[1], $match)) {\n\t\t\t\tif (is_null($this->sqldata_cache)) {\n\t\t\t\t\t// read in sql-data (if exists)\n\t\t\t\t\tif (file_exists(Froxlor::getInstallDir() . \"/lib/userdata.inc.php\")) {\n\t\t\t\t\t\t$sql = [];\n\t\t\t\t\t\t$sql_root = [];\n\t\t\t\t\t\trequire Froxlor::getInstallDir() . \"/lib/userdata.inc.php\";\n\t\t\t\t\t\tunset($sql_root);\n\t\t\t\t\t\t$this->sqldata_cache = $sql;\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\treturn isset($this->sqldata_cache[$match[1]]) ? $this->sqldata_cache[$match[1]] : '';\n\t\t\t}\n\t\t}, $content);\n\t\treturn $content;\n\t}\n\n\tprivate function returnDynamic($key = null)\n\t{\n\t\t$dynamics = [\n\t\t\t'install_dir' => Froxlor::getInstallDir()\n\t\t];\n\t\treturn $dynamics[$key] ?? '';\n\t}\n\n\t/**\n\t * Get config for this daemon\n\t *\n\t * The returned array will be an array of array, each sub-array looking like this:\n\t * array('type' => 'install|file|command', 'content' => '')\n\t * If the type is \"file\", an additional \"name\" - element will be added to the array\n\t * To configure a daemon, the steps in the array must be followed in order\n\t *\n\t * @return array\n\t */\n\tpublic function getConfig()\n\t{\n\t\t$this->parse();\n\t\treturn $this->orders;\n\t}\n\n\t/**\n\t * Parse the XML and populate $this->orders\n\t *\n\t * @return bool\n\t */\n\tprivate function parse()\n\t{\n\t\t// We only want to parse the stuff one time\n\t\tif ($this->isparsed == true) {\n\t\t\treturn true;\n\t\t}\n\n\t\t$preparsed = [];\n\t\t// First: let's push everything into an array and expand all includes\n\t\tforeach ($this->daemon[0]->children() as $order) {\n\t\t\tswitch ((string)$order->getName()) {\n\t\t\t\tcase \"install\":\n\t\t\t\tcase \"file\":\n\t\t\t\tcase \"command\":\n\t\t\t\t\t// Normal stuff, just add it to the preparsed - array\n\t\t\t\t\t$preparsed[] = $order;\n\t\t\t\t\tbreak;\n\t\t\t\tcase \"include\":\n\t\t\t\t\t// Includes, get the part we want via xpath\n\t\t\t\t\t$includes = $this->fullxml->xpath((string)$order);\n\t\t\t\t\tforeach ($includes[0] as $include) {\n\t\t\t\t\t\t// The \"include\" is also a child, so just skip it, would make a mess later\n\t\t\t\t\t\tif ((string)$include->getName() == 'include') {\n\t\t\t\t\t\t\tcontinue;\n\t\t\t\t\t\t}\n\t\t\t\t\t\t$preparsed[] = $include;\n\t\t\t\t\t}\n\t\t\t\t\tbreak;\n\t\t\t\t\t// The next 3 are groupings, MUST come first in this to work properly\n\t\t\t\tcase \"commands\":\n\t\t\t\tcase \"files\":\n\t\t\t\tcase \"installs\":\n\t\t\t\t\t// Hold the results\n\t\t\t\t\t$visibility = 1;\n\t\t\t\t\tforeach ($order->children() as $child) {\n\t\t\t\t\t\tswitch ((string)$child->getName()) {\n\t\t\t\t\t\t\tcase \"visibility\":\n\t\t\t\t\t\t\t\t$visibility += $this->checkVisibility($child);\n\t\t\t\t\t\t\t\tbreak;\n\t\t\t\t\t\t\tcase \"install\":\n\t\t\t\t\t\t\tcase \"file\":\n\t\t\t\t\t\t\tcase \"command\":\n\t\t\t\t\t\t\t\tif ($visibility > 0) {\n\t\t\t\t\t\t\t\t\t$preparsed[] = $child;\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\tbreak;\n\t\t\t\t\t\t\tcase \"include\":\n\t\t\t\t\t\t\t\t// Includes, get the part we want via xpath\n\t\t\t\t\t\t\t\t$includes = $this->fullxml->xpath((string)$child);\n\t\t\t\t\t\t\t\tforeach ($includes[0] as $include) {\n\t\t\t\t\t\t\t\t\t// The \"include\" is also a child, so just skip it, would make a mess later\n\t\t\t\t\t\t\t\t\tif ((string)$include->getName() == 'include') {\n\t\t\t\t\t\t\t\t\t\tcontinue;\n\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t\t$preparsed[] = $include;\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\tbreak;\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t\tbreak;\n\t\t\t}\n\t\t}\n\n\t\t// Go through every preparsed order and evaluate what should happen to it\n\t\tforeach ($preparsed as $order) {\n\t\t\t$parsedorder = $this->parseOrder($order);\n\t\t\t// We got an array (= valid order) and the array already has a type -> add to stack\n\t\t\tif (is_array($parsedorder) && array_key_exists('type', $parsedorder)) {\n\t\t\t\t$this->orders[] = $parsedorder;\n\t\t\t\t// We got an array, but no type, means we got multiple orders back, at them to the stack one at a time\n\t\t\t} elseif (is_array($parsedorder)) {\n\t\t\t\tforeach ($parsedorder as $neworder) {\n\t\t\t\t\t$this->orders[] = $neworder;\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\t// Switch flag to indicate we parsed our data\n\t\t$this->isparsed = true;\n\t\treturn true;\n\t}\n\n\t/**\n\t * Check if visibility should be changed\n\t *\n\t * @param SimpleXMLElement $order\n\t * @return int 0|-1\n\t */\n\tprivate function checkVisibility($order)\n\t{\n\t\t$attributes = [];\n\t\tforeach ($order->attributes() as $key => $value) {\n\t\t\t$attributes[(string)$key] = $this->parseContent(trim((string)$value));\n\t\t}\n\n\t\t$order = $this->parseContent(trim((string)$order));\n\t\tif (!array_key_exists('mode', $attributes)) {\n\t\t\tthrow new Exception('\"' . $order . '\" is missing mode');\n\t\t}\n\n\t\t$return = 0;\n\t\tswitch ($attributes['mode']) {\n\t\t\tcase \"isfile\":\n\t\t\t\tif (!is_file($order)) {\n\t\t\t\t\t$return = -1;\n\t\t\t\t}\n\t\t\t\tbreak;\n\t\t\tcase \"notisfile\":\n\t\t\t\tif (is_file($order)) {\n\t\t\t\t\t$return = -1;\n\t\t\t\t}\n\t\t\t\tbreak;\n\t\t\tcase \"isdir\":\n\t\t\t\tif (!is_dir($order)) {\n\t\t\t\t\t$return = -1;\n\t\t\t\t}\n\t\t\t\tbreak;\n\t\t\tcase \"notisdir\":\n\t\t\t\tif (is_dir($order)) {\n\t\t\t\t\t$return = -1;\n\t\t\t\t}\n\t\t\t\tbreak;\n\t\t\tcase \"false\":\n\t\t\t\tif ($order == true) {\n\t\t\t\t\t$return = -1;\n\t\t\t\t}\n\t\t\t\tbreak;\n\t\t\tcase \"true\":\n\t\t\t\tif ($order == false) {\n\t\t\t\t\t$return = -1;\n\t\t\t\t}\n\t\t\t\tbreak;\n\t\t\tcase \"notempty\":\n\t\t\t\tif ($order == \"\") {\n\t\t\t\t\t$return = -1;\n\t\t\t\t}\n\t\t\t\tbreak;\n\t\t\tcase \"userexists\":\n\t\t\t\tif (posix_getpwuid($order) === false) {\n\t\t\t\t\t$return = -1;\n\t\t\t\t}\n\t\t\t\tbreak;\n\t\t\tcase \"groupexists\":\n\t\t\t\tif (posix_getgrgid($order) === false) {\n\t\t\t\t\t$return = -1;\n\t\t\t\t}\n\t\t\t\tbreak;\n\t\t\tcase \"usernotexists\":\n\t\t\t\tif (is_array(posix_getpwuid($order))) {\n\t\t\t\t\t$return = -1;\n\t\t\t\t}\n\t\t\t\tbreak;\n\t\t\tcase \"groupnotexists\":\n\t\t\t\tif (is_array(posix_getgrgid($order))) {\n\t\t\t\t\t$return = -1;\n\t\t\t\t}\n\t\t\t\tbreak;\n\t\t\tcase \"usernamenotexists\":\n\t\t\t\tif (is_array(posix_getpwnam($order))) {\n\t\t\t\t\t$return = -1;\n\t\t\t\t}\n\t\t\t\tbreak;\n\t\t\tcase \"equals\":\n\t\t\t\t$return = (isset($attributes['value']) && $attributes['value'] == $order ? 0 : -1);\n\t\t\t\tbreak;\n\t\t}\n\t\treturn $return;\n\t}\n\n\t/**\n\t * Parse a single order and return it in a format for easier usage\n\t *\n\t * @param\n\t * SimpleXMLElement object holding a single order from the distribution - XML\n\t * @return array|string\n\t */\n\tprivate function parseOrder($order)\n\t{\n\t\t$attributes = [];\n\t\tforeach ($order->attributes() as $key => $value) {\n\t\t\t$attributes[(string)$key] = (string)$value;\n\t\t}\n\n\t\t$parsedorder = '';\n\t\tswitch ((string)$order->getName()) {\n\t\t\tcase \"file\":\n\t\t\t\t$parsedorder = $this->parseFile($order, $attributes);\n\t\t\t\tbreak;\n\t\t\tcase \"command\":\n\t\t\t\t$parsedorder = $this->parseCommand($order, $attributes);\n\t\t\t\tbreak;\n\t\t\tcase \"install\":\n\t\t\t\t$parsedorder = $this->parseInstall($order, $attributes);\n\t\t\t\tbreak;\n\t\t\tdefault:\n\t\t\t\tthrow new Exception('Invalid order: ' . (string)$order->getName());\n\t\t}\n\n\t\treturn $parsedorder;\n\t}\n\n\t/**\n\t * Parse a file - order and return it in a format for easier usage\n\t *\n\t * @param\n\t * SimpleXMLElement object holding a single file from the distribution - XML\n\t * @return array|string\n\t */\n\tprivate function parseFile($order, $attributes)\n\t{\n\t\t$visibility = 1;\n\t\t// No sub - elements, so the content can be returned directly\n\t\tif ($order->count() == 0) {\n\t\t\t$content = (string)$order;\n\t\t} else {\n\t\t\t// Hold the results\n\t\t\tforeach ($order->children() as $child) {\n\t\t\t\tswitch ((string)$child->getName()) {\n\t\t\t\t\tcase \"visibility\":\n\t\t\t\t\t\t$visibility += $this->checkVisibility($child);\n\t\t\t\t\t\tbreak;\n\t\t\t\t\tcase \"content\":\n\t\t\t\t\t\t$content = (string)$child;\n\t\t\t\t\t\tbreak;\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\t$return = [];\n\t\t// Check if the original file should be backupped\n\t\t// @TODO: Maybe have a backup - location somewhere central?\n\t\t// @TODO: Use IO - class\n\t\tif (array_key_exists('backup', $attributes)) {\n\t\t\tif (array_key_exists('mode', $attributes) && $attributes['mode'] == 'append') {\n\t\t\t\t$cmd = 'cp';\n\t\t\t} else {\n\t\t\t\t$cmd = 'mv';\n\t\t\t}\n\t\t\t$return[] = [\n\t\t\t\t'type' => 'command',\n\t\t\t\t'content' => '[ -f ' . $this->parseContent($attributes['name']) . ' ] && ' . $cmd . ' \"' . $this->parseContent($attributes['name']) . '\" \"' . $this->parseContent($attributes['name']) . '.frx.bak\"',\n\t\t\t\t'execute' => \"pre\"\n\t\t\t];\n\t\t}\n\n\t\t// Now the content of the file can be written\n\t\tif (isset($attributes['mode'])) {\n\t\t\t$return[] = [\n\t\t\t\t'type' => 'file',\n\t\t\t\t'content' => $this->parseContent($content),\n\t\t\t\t'name' => $this->parseContent($attributes['name']),\n\t\t\t\t'mode' => $this->parseContent($attributes['mode'])\n\t\t\t];\n\t\t} else {\n\t\t\t$return[] = [\n\t\t\t\t'type' => 'file',\n\t\t\t\t'content' => $this->parseContent($content),\n\t\t\t\t'name' => $this->parseContent($attributes['name'])\n\t\t\t];\n\t\t}\n\n\t\t// Let's check if the mode of the file should be changed\n\t\tif (array_key_exists('chmod', $attributes)) {\n\t\t\t$return[] = [\n\t\t\t\t'type' => 'command',\n\t\t\t\t'content' => 'chmod ' . $attributes['chmod'] . ' \"' . $this->parseContent($attributes['name']) . '\"',\n\t\t\t\t'execute' => \"post\"\n\t\t\t];\n\t\t}\n\n\t\t// Let's check if the owner of the file should be changed\n\t\tif (array_key_exists('chown', $attributes)) {\n\t\t\t$return[] = [\n\t\t\t\t'type' => 'command',\n\t\t\t\t'content' => 'chown ' . $attributes['chown'] . ' \"' . $this->parseContent($attributes['name']) . '\"',\n\t\t\t\t'execute' => \"post\"\n\t\t\t];\n\t\t}\n\n\t\t// If we have more than 1 element, we want to group this stuff for easier processing later\n\t\tif (count($return) > 1) {\n\t\t\t$return = [\n\t\t\t\t'type' => 'file',\n\t\t\t\t'subcommands' => $return,\n\t\t\t\t'name' => $this->parseContent($attributes['name'])\n\t\t\t];\n\t\t}\n\n\t\tif ($visibility > 0) {\n\t\t\treturn $return;\n\t\t} else {\n\t\t\treturn '';\n\t\t}\n\t}\n\n\t/**\n\t * Parse a command - order and return it in a format for easier usage\n\t *\n\t * @param\n\t * SimpleXMLElement object holding a single command from the distribution - XML\n\t * @return array|string\n\t */\n\tprivate function parseCommand($order, $attributes)\n\t{\n\t\t// No sub - elements, so the content can be returned directly\n\t\tif ($order->count() == 0) {\n\t\t\treturn [\n\t\t\t\t'type' => 'command',\n\t\t\t\t'content' => $this->parseContent(trim((string)$order))\n\t\t\t];\n\t\t}\n\n\t\t// Hold the results\n\t\t$visibility = 1;\n\t\t$content = '';\n\t\tforeach ($order->children() as $child) {\n\t\t\tswitch ((string)$child->getName()) {\n\t\t\t\tcase \"visibility\":\n\t\t\t\t\t$visibility += $this->checkVisibility($child);\n\t\t\t\t\tbreak;\n\t\t\t\tcase \"content\":\n\t\t\t\t\t$content = trim((string)$child);\n\t\t\t\t\tbreak;\n\t\t\t}\n\t\t}\n\n\t\tif ($visibility > 0) {\n\t\t\treturn [\n\t\t\t\t'type' => 'command',\n\t\t\t\t'content' => $this->parseContent($content)\n\t\t\t];\n\t\t} else {\n\t\t\treturn '';\n\t\t}\n\t}\n\n\t/**\n\t * Parse a install - order and return it in a format for easier usage\n\t *\n\t * @param\n\t * SimpleXMLElement object holding a single install from the distribution - XML\n\t * @return array|string\n\t */\n\tprivate function parseInstall($order, $attributes)\n\t{\n\t\t// No sub - elements, so the content can be returned directly\n\t\tif ($order->count() == 0) {\n\t\t\treturn [\n\t\t\t\t'type' => 'install',\n\t\t\t\t'content' => $this->parseContent(trim((string)$order))\n\t\t\t];\n\t\t}\n\n\t\t// Hold the results\n\t\t$visibility = 1;\n\t\t$content = '';\n\t\tforeach ($order->children() as $child) {\n\t\t\tswitch ((string)$child->getName()) {\n\t\t\t\tcase \"visibility\":\n\t\t\t\t\t$visibility += $this->checkVisibility($child);\n\t\t\t\t\tbreak;\n\t\t\t\tcase \"content\":\n\t\t\t\t\t$content = trim((string)$child);\n\t\t\t\t\tbreak;\n\t\t\t}\n\t\t}\n\n\t\tif ($visibility > 0) {\n\t\t\treturn [\n\t\t\t\t'type' => 'install',\n\t\t\t\t'content' => $this->parseContent($content)\n\t\t\t];\n\t\t} else {\n\t\t\treturn '';\n\t\t}\n\t}\n}\n" }, { "path": "lib/Froxlor/Config/ConfigDisplay.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Config;\n\nuse Froxlor\\Database\\Database;\nuse Froxlor\\FileDir;\nuse Froxlor\\Froxlor;\nuse Froxlor\\PhpHelper;\nuse Froxlor\\Settings;\nuse Froxlor\\UI\\Panel\\UI;\n\nclass ConfigDisplay\n{\n\t/**\n\t * @var array\n\t */\n\tprivate static $replace_arr;\n\n\t/**\n\t * @var string\n\t */\n\tprivate static $editor;\n\n\t/**\n\t * @var string\n\t */\n\tprivate static $theme;\n\n\t/**\n\t * @param array $confarr\n\t * @param string $editor\n\t * @param string $theme\n\t */\n\tpublic static function fromConfigArr(array $confarr, string $editor, string $theme)\n\t{\n\t\tself::$editor = $editor;\n\t\tself::$theme = $theme;\n\n\t\t$customer_tmpdir = '/tmp/';\n\t\tif (Settings::Get('system.mod_fcgid') == '1' && Settings::Get('system.mod_fcgid_tmpdir') != '') {\n\t\t\t$customer_tmpdir = Settings::Get('system.mod_fcgid_tmpdir');\n\t\t} elseif (Settings::Get('phpfpm.enabled') == '1' && Settings::Get('phpfpm.tmpdir') != '') {\n\t\t\t$customer_tmpdir = Settings::Get('phpfpm.tmpdir');\n\t\t}\n\n\t\t// try to convert namserver hosts to ip's\n\t\t$ns_ips = \"\";\n\t\t$known_ns_ips = [];\n\t\tif (Settings::Get('system.nameservers') != '') {\n\t\t\t$nameservers = explode(',', Settings::Get('system.nameservers'));\n\t\t\tforeach ($nameservers as $nameserver) {\n\t\t\t\t$nameserver = trim($nameserver);\n\t\t\t\t// DNS servers might be multi homed; allow transfer from all ip\n\t\t\t\t// addresses of the DNS server\n\t\t\t\t$nameserver_ips = PhpHelper::gethostbynamel6($nameserver);\n\t\t\t\t// append dot to hostname\n\t\t\t\tif (substr($nameserver, -1, 1) != '.') {\n\t\t\t\t\t$nameserver .= '.';\n\t\t\t\t}\n\t\t\t\t// ignore invalid responses\n\t\t\t\tif (!is_array($nameserver_ips)) {\n\t\t\t\t\t// act like \\Froxlor\\PhpHelper::gethostbynamel6() and return unmodified hostname on error\n\t\t\t\t\t$nameserver_ips = [\n\t\t\t\t\t\t$nameserver\n\t\t\t\t\t];\n\t\t\t\t} else {\n\t\t\t\t\t$known_ns_ips = array_merge($known_ns_ips, $nameserver_ips);\n\t\t\t\t}\n\t\t\t\tif (!empty($ns_ips)) {\n\t\t\t\t\t$ns_ips .= ',';\n\t\t\t\t}\n\t\t\t\t$ns_ips .= implode(\",\", $nameserver_ips);\n\t\t\t}\n\t\t}\n\n\t\t// AXFR server\n\t\tif (Settings::Get('system.axfrservers') != '') {\n\t\t\t$axfrservers = explode(',', Settings::Get('system.axfrservers'));\n\t\t\tforeach ($axfrservers as $axfrserver) {\n\t\t\t\tif (!in_array(trim($axfrserver), $known_ns_ips)) {\n\t\t\t\t\tif (!empty($ns_ips)) {\n\t\t\t\t\t\t$ns_ips .= ',';\n\t\t\t\t\t}\n\t\t\t\t\t$ns_ips .= trim($axfrserver);\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tDatabase::needSqlData();\n\t\t$sql = Database::getSqlData();\n\n\t\tself::$replace_arr = [\n\t\t\t'' => $sql['user'],\n\t\t\t'' => 'FROXLOR_MYSQL_PASSWORD',\n\t\t\t'' => $sql['db'],\n\t\t\t'' => $sql['host'],\n\t\t\t'' => $sql['socket'] ?? null,\n\t\t\t'' => Settings::Get('system.hostname'),\n\t\t\t'' => Settings::Get('system.ipaddress'),\n\t\t\t'' => Settings::Get('system.nameservers'),\n\t\t\t'' => $ns_ips,\n\t\t\t'' => Settings::Get('system.vmail_homedir'),\n\t\t\t'' => Settings::Get('system.vmail_uid'),\n\t\t\t'' => Settings::Get('system.vmail_gid'),\n\t\t\t'' => (Settings::Get('system.use_ssl') == '1') ? 'imaps pop3s' : '',\n\t\t\t'' => FileDir::makeCorrectDir($customer_tmpdir),\n\t\t\t'' => Froxlor::getInstallDir(),\n\t\t\t'' => FileDir::makeCorrectDir(Settings::Get('system.bindconf_directory')),\n\t\t\t'' => Settings::Get('system.apachereload_command'),\n\t\t\t'' => FileDir::makeCorrectDir(Settings::Get('system.logfiles_directory')),\n\t\t\t'' => FileDir::makeCorrectDir(Settings::Get('phpfpm.fastcgi_ipcdir')),\n\t\t\t'' => Settings::Get('system.httpgroup'),\n\t\t\t'' => Settings::Get('system.ssl_cert_file'),\n\t\t\t'' => Settings::Get('system.ssl_key_file'),\n\t\t\t'' => Settings::Get('panel.adminmail'),\n\t\t];\n\n\t\t$commands_pre = \"\";\n\t\t$commands_file = \"\";\n\t\t$commands_post = \"\";\n\n\t\t$lasttype = '';\n\t\t$commands = '';\n\n\t\t$configpage = \"\";\n\n\t\tforeach ($confarr as $_action) {\n\t\t\tif ($lasttype != '' && $lasttype != $_action['type']) {\n\t\t\t\t$commands = trim($commands);\n\t\t\t\t$numbrows = count(explode(\"\\n\", $commands));\n\t\t\t\t$configpage .= UI::twig()->render(UI::validateThemeTemplate('/settings/conf/command.html.twig', self::$theme), [\n\t\t\t\t\t'commands' => $commands,\n\t\t\t\t\t'numbrows' => $numbrows\n\t\t\t\t]);\n\t\t\t\t$lasttype = '';\n\t\t\t\t$commands = '';\n\t\t\t}\n\t\t\tswitch ($_action['type']) {\n\t\t\t\tcase \"install\":\n\t\t\t\t\t$commands .= strtr($_action['content'], self::$replace_arr) . \"\\n\";\n\t\t\t\t\t$lasttype = \"install\";\n\t\t\t\t\tbreak;\n\t\t\t\tcase \"command\":\n\t\t\t\t\t$commands .= strtr($_action['content'], self::$replace_arr) . \"\\n\";\n\t\t\t\t\t$lasttype = \"command\";\n\t\t\t\t\tbreak;\n\t\t\t\tcase \"file\":\n\t\t\t\t\tif (array_key_exists('content', $_action)) {\n\t\t\t\t\t\t$commands_file = self::getFileContentContainer($_action['content'], $_action['name']);\n\t\t\t\t\t} elseif (array_key_exists('subcommands', $_action)) {\n\t\t\t\t\t\tforeach ($_action['subcommands'] as $fileaction) {\n\t\t\t\t\t\t\tif (array_key_exists('execute', $fileaction) && $fileaction['execute'] == \"pre\") {\n\t\t\t\t\t\t\t\t$commands_pre .= $fileaction['content'] . \"\\n\";\n\t\t\t\t\t\t\t} elseif (array_key_exists('execute', $fileaction) && $fileaction['execute'] == \"post\") {\n\t\t\t\t\t\t\t\t$commands_post .= $fileaction['content'] . \"\\n\";\n\t\t\t\t\t\t\t} elseif ($fileaction['type'] == 'file') {\n\t\t\t\t\t\t\t\t$commands_file = self::getFileContentContainer($fileaction['content'], $_action['name']);\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t\t$realname = $_action['name'];\n\t\t\t\t\t$commands = trim($commands_pre);\n\t\t\t\t\tif ($commands != \"\") {\n\t\t\t\t\t\t$numbrows = count(explode(\"\\n\", $commands));\n\t\t\t\t\t\t$commands_pre = UI::twig()->render(UI::validateThemeTemplate('/settings/conf/command.html.twig', self::$theme), [\n\t\t\t\t\t\t\t'commands' => $commands,\n\t\t\t\t\t\t\t'numbrows' => $numbrows\n\t\t\t\t\t\t]);\n\t\t\t\t\t}\n\t\t\t\t\t$commands = trim($commands_post);\n\t\t\t\t\tif ($commands != \"\") {\n\t\t\t\t\t\t$numbrows = count(explode(\"\\n\", $commands));\n\t\t\t\t\t\t$commands_post = UI::twig()->render(UI::validateThemeTemplate('/settings/conf/command.html.twig', self::$theme), [\n\t\t\t\t\t\t\t'commands' => $commands,\n\t\t\t\t\t\t\t'numbrows' => $numbrows\n\t\t\t\t\t\t]);\n\t\t\t\t\t}\n\t\t\t\t\t$configpage .= UI::twig()->render(UI::validateThemeTemplate('/settings/conf/fileblock.html.twig', self::$theme), [\n\t\t\t\t\t\t'realname' => $realname,\n\t\t\t\t\t\t'commands_pre' => $commands_pre,\n\t\t\t\t\t\t'commands_file' => $commands_file,\n\t\t\t\t\t\t'commands_post' => $commands_post\n\t\t\t\t\t]);\n\t\t\t\t\t$commands = '';\n\t\t\t\t\t$commands_pre = '';\n\t\t\t\t\t$commands_post = '';\n\t\t\t\t\tbreak;\n\t\t\t}\n\t\t}\n\t\t$commands = trim($commands);\n\t\tif ($commands != '') {\n\t\t\t$numbrows = count(explode(\"\\n\", $commands));\n\t\t\t$configpage .= UI::twig()->render(UI::validateThemeTemplate('/settings/conf/command.html.twig', self::$theme), [\n\t\t\t\t'commands' => $commands,\n\t\t\t\t'numbrows' => $numbrows\n\t\t\t]);\n\t\t}\n\t\treturn $configpage;\n\t}\n\n\t/**\n\t * @param string $file_content\n\t * @param string $realname\n\t *\n\t * @return string\n\t */\n\tprivate static function getFileContentContainer(string $file_content, string $realname): string\n\t{\n\t\t$files = \"\";\n\t\t$file_content = trim($file_content);\n\t\tif ($file_content != '') {\n\t\t\t$file_content = strtr($file_content, self::$replace_arr);\n\t\t\t$file_content = htmlspecialchars($file_content);\n\t\t\t$numbrows = count(explode(\"\\n\", $file_content));\n\t\t\t//eval(\"\\$files=\\\"\" . \\Froxlor\\UI\\Template::getTemplate(\"configfiles/configfiles_file\") . \"\\\";\");\n\t\t\t$files = UI::twig()->render(UI::validateThemeTemplate('/settings/conf/file.html.twig', self::$theme), [\n\t\t\t\t'distro_editor' => self::$editor,\n\t\t\t\t'realname' => $realname,\n\t\t\t\t'numbrows' => $numbrows,\n\t\t\t\t'file_content' => $file_content\n\t\t\t]);\n\t\t}\n\t\treturn $files;\n\t}\n}\n" }, { "path": "lib/Froxlor/Config/ConfigParser.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Config;\n\nuse Exception;\nuse SimpleXMLElement;\n\n/**\n * Class ConfigParser\n *\n * Parses a distributions XML - file and gives access to the configuration\n */\nclass ConfigParser\n{\n\n\t/**\n\t * Name of the distribution this configuration is for\n\t *\n\t * @var string\n\t */\n\tpublic $distributionName = '';\n\t/**\n\t * Codename of the distribution this configuration is for\n\t *\n\t * @var string\n\t */\n\tpublic $distributionCodename = '';\n\t/**\n\t * Version of the distribution this configuration is for\n\t *\n\t * @var string\n\t */\n\tpublic $distributionVersion = '';\n\t/**\n\t * Recommended editor\n\t *\n\t * @var string\n\t */\n\tpublic $distributionEditor = '/bin/nano';\n\t/**\n\t * Show if this configuration is deprecated\n\t *\n\t * @var bool\n\t */\n\tpublic $deprecated = false;\n\t/**\n\t * Holding the available services in the XML\n\t *\n\t * @var array\n\t */\n\tprivate $services = [];\n\t/**\n\t * Holding the available defaults in the XML\n\t *\n\t * @var array\n\t */\n\tprivate $defaults = [];\n\t/**\n\t * Store the parsed SimpleXMLElement for usage\n\t *\n\t * @var SimpleXMLElement\n\t */\n\tprivate $xml;\n\t/**\n\t * Memorize if we already parsed the XML\n\t *\n\t * @var bool\n\t */\n\tprivate $isparsed = false;\n\n\t/**\n\t * Constructor\n\t *\n\t * Initialize the XML - ConfigParser\n\t *\n\t * @param string $filename\n\t * filename of the froxlor - configurationfile\n\t * @return void\n\t */\n\tpublic function __construct($filename)\n\t{\n\t\tif (!is_readable($filename)) {\n\t\t\tthrow new Exception('File not readable');\n\t\t}\n\n\t\t$this->xml = simplexml_load_file($filename);\n\t\tif ($this->xml === false) {\n\t\t\t$error = '';\n\t\t\tforeach (libxml_get_errors() as $error) {\n\t\t\t\t$error .= \"\\t\" . $error->message;\n\t\t\t}\n\t\t\tthrow new Exception($error);\n\t\t}\n\n\t\t// Let's see if we can find a block in the XML\n\t\t$distribution = $this->xml->xpath('//distribution');\n\n\t\t// No distribution found - can't use this file\n\t\tif (!is_array($distribution)) {\n\t\t\tthrow new Exception('Invalid XML, no distribution found');\n\t\t}\n\n\t\t// Search for attributes we understand\n\t\tforeach ($distribution[0]->attributes() as $key => $value) {\n\t\t\tswitch ((string)$key) {\n\t\t\t\tcase \"name\":\n\t\t\t\t\t$this->distributionName = (string)$value;\n\t\t\t\t\tbreak;\n\t\t\t\tcase \"version\":\n\t\t\t\t\t$this->distributionVersion = (string)$value;\n\t\t\t\t\tbreak;\n\t\t\t\tcase \"codename\":\n\t\t\t\t\t$this->distributionCodename = (string)$value;\n\t\t\t\t\tbreak;\n\t\t\t\tcase \"defaulteditor\":\n\t\t\t\t\t$this->distributionEditor = (string)$value;\n\t\t\t\t\tbreak;\n\t\t\t\tcase \"deprecated\":\n\t\t\t\t\t(string)$value == 'true' ? $this->deprecated = true : $this->deprecated = false;\n\t\t\t\t\tbreak;\n\t\t\t}\n\t\t}\n\t}\n\n\t/**\n\t * Return all services defined by the XML\n\t *\n\t * The array will hold ConfigService - Objects for further handling\n\t *\n\t * @return array\n\t */\n\tpublic function getServices()\n\t{\n\t\t// Let's parse this shit(!)\n\t\t$this->parseServices();\n\n\t\t// Return our carefully searched for services\n\t\treturn $this->services;\n\t}\n\n\t/**\n\t * Parse the XML and populate $this->services\n\t *\n\t * @return bool\n\t */\n\tprivate function parseServices()\n\t{\n\t\t// We only want to parse the stuff one time\n\t\tif ($this->isparsed == true) {\n\t\t\treturn true;\n\t\t}\n\n\t\t// Get all services\n\t\t$services = $this->xml->xpath('//services/service');\n\t\tforeach ($services as $service) {\n\t\t\t// We don't want comments\n\t\t\tif ($service->getName() == 'comment') {\n\t\t\t\tcontinue;\n\t\t\t}\n\t\t\t// Search the attributes for \"type\"\n\t\t\tforeach ($service->attributes() as $key => $value) {\n\t\t\t\tif ($key == 'type') {\n\t\t\t\t\t$this->services[(string)$value] = new ConfigService($this->xml, '//services/service[@type=\"' . (string)$value . '\"]');\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\t// Switch flag to indicate we parsed our data\n\t\t$this->isparsed = true;\n\t\treturn true;\n\t}\n\n\t/**\n\t * Return all defaults defined by the XML\n\t *\n\t * The array will hold ConfigDefaults - Objects for further handling\n\t *\n\t * @return array\n\t */\n\tpublic function getDefaults()\n\t{\n\t\t// Let's parse this shit(!)\n\t\t$this->parseDefaults();\n\n\t\t// Return our carefully searched for defaults\n\t\treturn $this->defaults;\n\t}\n\n\t/**\n\t * Parse the XML and populate $this->services\n\t *\n\t * @return bool\n\t */\n\tprivate function parseDefaults()\n\t{\n\t\t// We only want to parse the stuff one time\n\t\tif ($this->isparsed == true) {\n\t\t\treturn true;\n\t\t}\n\n\t\t// Get all defaults\n\t\t$defaults = $this->xml->xpath('//defaults/default');\n\t\tforeach ($defaults as $default) {\n\t\t\t$this->defaults[] = $default;\n\t\t}\n\n\t\t// Switch flag to indicate we parsed our data\n\t\t$this->isparsed = true;\n\t\treturn true;\n\t}\n\n\t/**\n\t * return complete distribution string \"Name [codename] [ (version)] [deprecated]\n\t *\n\t * @return string\n\t */\n\tpublic function getCompleteDistroName(): string\n\t{\n\t\t// get distro-info\n\t\t$dist_display = $this->distributionName;\n\t\tif ($this->distributionCodename != '') {\n\t\t\t$dist_display .= \" \" . $this->distributionCodename;\n\t\t}\n\t\tif ($this->distributionVersion != '') {\n\t\t\t$dist_display .= \" (\" . $this->distributionVersion . \")\";\n\t\t}\n\t\tif ($this->deprecated) {\n\t\t\t$dist_display .= \" [deprecated]\";\n\t\t}\n\t\treturn $dist_display;\n\t}\n}\n" }, { "path": "lib/Froxlor/Config/ConfigService.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Config;\n\nuse Exception;\nuse Froxlor\\Settings;\nuse SimpleXMLElement;\n\n/**\n * Class ConfigService\n *\n * Parses a distributions XML - file and gives access to the services within\n * Not to be used directly\n */\nclass ConfigService\n{\n\n\t/**\n\t * Human - readable title of this service\n\t *\n\t * @var string\n\t */\n\tpublic $title;\n\t/**\n\t * Holding the available daemons in this service\n\t *\n\t * @var array\n\t */\n\tprivate $daemons = [];\n\t/**\n\t * Store the parsed SimpleXMLElement for usage\n\t *\n\t * @var SimpleXMLElement\n\t */\n\tprivate $fullxml;\n\t/**\n\t * Memorize if we already parsed the XML\n\t *\n\t * @var bool\n\t */\n\tprivate $isparsed = false;\n\t/**\n\t * xpath leading to this service in the full XML\n\t *\n\t * @var string\n\t */\n\tprivate $xpath;\n\n\tpublic function __construct($xml, $xpath)\n\t{\n\t\t$this->fullxml = $xml;\n\t\t$this->xpath = $xpath;\n\t\t$service = $this->fullxml->xpath($this->xpath);\n\t\t$attributes = $service[0]->attributes();\n\t\tif ($attributes['title'] != '') {\n\t\t\t$this->title = $this->parseContent((string)$attributes['title']);\n\t\t}\n\t}\n\n\t/**\n\t * Replace placeholders with content\n\t *\n\t * @param string $content\n\t * @return string $content w/o placeholder\n\t */\n\tprivate function parseContent($content)\n\t{\n\t\t$content = preg_replace_callback('/\\{\\{(.*)\\}\\}/Ui', function ($matches) {\n\t\t\t$match = null;\n\t\t\tif (preg_match('/^settings\\.(.*)$/', $matches[1], $match)) {\n\t\t\t\treturn Settings::Get($match[1]);\n\t\t\t} elseif (preg_match('/^lng\\.(.*)(?:\\.(.*)(?:\\.(.*)))$/U', $matches[1], $match)) {\n\t\t\t\tif (isset($match[1]) && $match[1] != '' && isset($match[2]) && $match[2] != '' && isset($match[3]) && $match[3] != '') {\n\t\t\t\t\treturn lng($match[1] . '.' . $match[2] . '.' . $match[3]);\n\t\t\t\t} elseif (isset($match[1]) && $match[1] != '' && isset($match[2]) && $match[2] != '') {\n\t\t\t\t\treturn lng($match[1] . '.' . $match[2]);\n\t\t\t\t} elseif (isset($match[1]) && $match[1] != '') {\n\t\t\t\t\treturn lng($match[1]);\n\t\t\t\t}\n\t\t\t\treturn '';\n\t\t\t}\n\t\t}, $content);\n\t\treturn $content;\n\t}\n\n\tpublic function getDaemons()\n\t{\n\t\t$this->parse();\n\t\treturn $this->daemons;\n\t}\n\n\t/**\n\t * Parse the XML and populate $this->daemons\n\t *\n\t * @return bool\n\t */\n\tprivate function parse()\n\t{\n\t\t// We only want to parse the stuff one time\n\t\tif ($this->isparsed == true) {\n\t\t\treturn true;\n\t\t}\n\n\t\t$daemons = $this->fullxml->xpath($this->xpath . '/daemon');\n\t\tforeach ($daemons as $daemon) {\n\t\t\tif ($daemon->getName() == 'comment') {\n\t\t\t\tcontinue;\n\t\t\t}\n\t\t\t$name = '';\n\t\t\t$nametag = '';\n\t\t\t$versiontag = '';\n\t\t\tforeach ($daemon->attributes() as $key => $value) {\n\t\t\t\tif ($key == 'name' && $name == '') {\n\t\t\t\t\t$name = (string)$value;\n\t\t\t\t\t$nametag = \"[@name='\" . $value . \"']\";\n\t\t\t\t} elseif ($key == 'name' && $name != '') {\n\t\t\t\t\t$name = (string)$value . '_' . $name;\n\t\t\t\t\t$nametag = \"[@name='\" . $value . \"']\";\n\t\t\t\t} elseif ($key == 'version' && $name == '') {\n\t\t\t\t\t$name = str_replace('.', '', $value);\n\t\t\t\t\t$versiontag = \"[@version='\" . $value . \"']\";\n\t\t\t\t} elseif ($key == 'version' && $name != '') {\n\t\t\t\t\t$name .= str_replace('.', '', $value);\n\t\t\t\t\t$versiontag = \"[@version='\" . $value . \"']\";\n\t\t\t\t}\n\t\t\t}\n\t\t\tif ($name == '') {\n\t\t\t\tthrow new Exception('No name attribute for daemon');\n\t\t\t}\n\t\t\t$this->daemons[$name] = new ConfigDaemon($this->fullxml, $this->xpath . \"/daemon\" . $nametag . $versiontag);\n\t\t}\n\n\t\t// Switch flag to indicate we parsed our data\n\t\t$this->isparsed = true;\n\t\treturn true;\n\t}\n}\n" }, { "path": "lib/Froxlor/Config/index.html", "content": "" }, { "path": "lib/Froxlor/Cron/CronConfig.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Cron;\n\nuse Froxlor\\Database\\Database;\nuse Froxlor\\FileDir;\nuse Froxlor\\Froxlor;\nuse Froxlor\\Settings;\nuse PDO;\n\nclass CronConfig\n{\n\n\t/**\n\t * 1st: check for task of generation\n\t * 2nd: if task found, generate cron.d-file\n\t * 3rd: maybe restart cron?\n\t */\n\tpublic static function checkCrondConfigurationFile()\n\t{\n\t\t// check for task\n\t\tDatabase::query(\"\n\t\t\tSELECT * FROM `\" . TABLE_PANEL_TASKS . \"` WHERE `type` = '99'\n\t\t\");\n\t\t$num_results = Database::num_rows();\n\n\t\t// is there a task for re-generating the cron.d-file?\n\t\tif ($num_results > 0) {\n\t\t\t// get all crons and their intervals\n\t\t\tif (FileDir::isFreeBSD()) {\n\t\t\t\t// FreeBSD does not need a header as we are writing directly to the crontab\n\t\t\t\t$cronfile = \"\\n\";\n\t\t\t} else {\n\t\t\t\t$cronfile = \"# automatically generated cron-configuration by froxlor\\n\";\n\t\t\t\t$cronfile .= \"# do not manually edit this file as it will be re-generated periodically.\\n\";\n\t\t\t\t$cronfile .= \"PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin\\n#\\n\";\n\t\t\t}\n\n\t\t\t// get all the crons\n\t\t\t$result_stmt = Database::query(\"\n\t\t\t\tSELECT * FROM `\" . TABLE_PANEL_CRONRUNS . \"` WHERE `isactive` = '1'\n\t\t\t\");\n\n\t\t\t$binpath = Settings::Get(\"system.croncmdline\");\n\t\t\t// fallback as it is important\n\t\t\tif ($binpath === null) {\n\t\t\t\t$binpath = \"/usr/bin/nice -n 5 /usr/bin/php -q\";\n\t\t\t}\n\n\t\t\t$hour_delay = 0;\n\t\t\t$day_delay = 5;\n\t\t\t$month_delay = 7;\n\t\t\twhile ($row_cronentry = $result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t// create cron.d-entry\n\t\t\t\t$matches = [];\n\t\t\t\tif (preg_match(\"/(\\d+) (MINUTE|HOUR|DAY|WEEK|MONTH)/\", $row_cronentry['interval'], $matches)) {\n\t\t\t\t\tif ($matches[1] == 1) {\n\t\t\t\t\t\t$minvalue = \"*\";\n\t\t\t\t\t} else {\n\t\t\t\t\t\t$minvalue = \"*/\" . $matches[1];\n\t\t\t\t\t}\n\t\t\t\t\tswitch ($matches[2]) {\n\t\t\t\t\t\tcase \"MINUTE\":\n\t\t\t\t\t\t\t$cronfile .= $minvalue . \" * * * * \";\n\t\t\t\t\t\t\tbreak;\n\t\t\t\t\t\tcase \"HOUR\":\n\t\t\t\t\t\t\t$cronfile .= $hour_delay . \" \" . $minvalue . \" * * * \";\n\t\t\t\t\t\t\t$hour_delay += 3;\n\t\t\t\t\t\t\tbreak;\n\t\t\t\t\t\tcase \"DAY\":\n\t\t\t\t\t\t\tif ($row_cronentry['cronfile'] == 'traffic') {\n\t\t\t\t\t\t\t\t// traffic at exactly 0:00 o'clock\n\t\t\t\t\t\t\t\t$cronfile .= \"0 0 \" . $minvalue . \" * * \";\n\t\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t\t$cronfile .= $day_delay . \" 0 \" . $minvalue . \" * * \";\n\t\t\t\t\t\t\t\t$day_delay += 5;\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\tbreak;\n\t\t\t\t\t\tcase \"MONTH\":\n\t\t\t\t\t\t\t$cronfile .= $month_delay . \" 0 1 \" . $minvalue . \" * \";\n\t\t\t\t\t\t\t$month_delay += 7;\n\t\t\t\t\t\t\tbreak;\n\t\t\t\t\t\tcase \"WEEK\":\n\t\t\t\t\t\t\t$cronfile .= $day_delay . \" 0 \" . ($matches[1] * 7) . \" * * \";\n\t\t\t\t\t\t\t$day_delay += 5;\n\t\t\t\t\t\t\tbreak;\n\t\t\t\t\t}\n\n\t\t\t\t\t// create entry-line\n\t\t\t\t\t$cronfile .= \"root \" . $binpath . \" \" . FileDir::makeCorrectFile(Froxlor::getInstallDir() . \"/bin/froxlor-cli\") . \" froxlor:cron \" . escapeshellarg($row_cronentry['cronfile']) . \" -q 1> /dev/null\\n\";\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// php sessionclean if enabled\n\t\t\tif ((int)Settings::Get('phpfpm.enabled') == 1) {\n\t\t\t\t$cronfile .= \"# Look for and purge old sessions every 30 minutes\" . PHP_EOL;\n\t\t\t\t$cronfile .= \"09,39 * * * * root \" . $binpath . \" \" . FileDir::makeCorrectFile(Froxlor::getInstallDir() . \"/bin/froxlor-cli\") . \" froxlor:php-sessionclean 1> /dev/null\" . PHP_EOL;\n\t\t\t}\n\n\t\t\tif (FileDir::isFreeBSD()) {\n\t\t\t\t// FreeBSD handles the cron-stuff in another way. We need to directly\n\t\t\t\t// write to the crontab file as there is not cron.d/froxlor file\n\t\t\t\t// (settings for system.cronconfig should be set correctly of course)\n\t\t\t\t$crontab = file_get_contents(Settings::Get(\"system.cronconfig\"));\n\n\t\t\t\tif ($crontab === false) {\n\t\t\t\t\tdie(\"Oh snap, we cannot read the crontab file. This should not happen.\\nPlease check the path and permissions, the cron will keep trying if you don't stop the cron-service.\\n\\n\");\n\t\t\t\t}\n\n\t\t\t\t// now parse out / replace our entries\n\t\t\t\t$crontablines = explode(\"\\n\", $crontab);\n\t\t\t\t$newcrontab = \"\";\n\t\t\t\tforeach ($crontablines as $ctl) {\n\t\t\t\t\t$ctl = trim($ctl);\n\t\t\t\t\tif (!empty($ctl) && !preg_match(\"/(.*)froxlor\\:cron(.*)/\", $ctl)) {\n\t\t\t\t\t\t$newcrontab .= $ctl . \"\\n\";\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\t// re-assemble old-content + new froxlor-content\n\t\t\t\t$newcrontab .= $cronfile;\n\n\t\t\t\t// now continue with writing the file\n\t\t\t\t$cronfile = $newcrontab;\n\t\t\t}\n\n\t\t\t// write the file\n\t\t\tif (file_put_contents(Settings::Get(\"system.cronconfig\"), $cronfile) === false) {\n\t\t\t\t// oh snap cannot create new crond-file\n\t\t\t\tdie(\"Oh snap, we cannot create the cron-file. This should not happen.\\nPlease check the path and permissions, the cron will keep trying if you don't stop the cron-service.\\n\\n\");\n\t\t\t}\n\t\t\t// correct permissions\n\t\t\tchmod(Settings::Get(\"system.cronconfig\"), 0640);\n\n\t\t\t// remove all re-generation tasks\n\t\t\tDatabase::query(\"DELETE FROM `\" . TABLE_PANEL_TASKS . \"` WHERE `type` = '99'\");\n\n\t\t\t// run reload command\n\t\t\tFileDir::safe_exec(escapeshellcmd(Settings::Get('system.crondreload')));\n\t\t}\n\t\treturn true;\n\t}\n}\n" }, { "path": "lib/Froxlor/Cron/Dns/Bind.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Cron\\Dns;\n\nuse Froxlor\\Dns\\Dns;\nuse Froxlor\\FileDir;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\Settings;\nuse Froxlor\\Validate\\Validate;\nuse RecursiveDirectoryIterator;\nuse RecursiveIteratorIterator;\n\nclass Bind extends DnsBase\n{\n\n\tprivate $bindconf_file = \"\";\n\n\tpublic function writeConfigs()\n\t{\n\t\t// tell the world what we are doing\n\t\t$this->logger->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'Task4 started - Rebuilding froxlor_bind.conf');\n\n\t\t// clean up\n\t\t$this->cleanZonefiles();\n\n\t\t// check for subfolder in bind-config-directory\n\t\tif (!file_exists(FileDir::makeCorrectDir(Settings::Get('system.bindconf_directory') . '/domains/'))) {\n\t\t\t$this->logger->logAction(FroxlorLogger::CRON_ACTION, LOG_NOTICE, 'mkdir ' . escapeshellarg(FileDir::makeCorrectDir(Settings::Get('system.bindconf_directory') . '/domains/')));\n\t\t\tFileDir::safe_exec('mkdir -p ' . escapeshellarg(FileDir::makeCorrectDir(Settings::Get('system.bindconf_directory') . '/domains/')));\n\t\t}\n\n\t\t$domains = $this->getDomainList();\n\n\t\tif (empty($domains)) {\n\t\t\t$this->logger->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'No domains found for nameserver-config, not creating any zones...');\n\t\t\t$this->bindconf_file = '';\n\t\t} else {\n\t\t\t$this->bindconf_file = '# ' . Settings::Get('system.bindconf_directory') . 'froxlor_bind.conf' . \"\\n\" . '# Created ' . date('d.m.Y H:i') . \"\\n\" . '# Do NOT manually edit this file, all changes will be deleted after the next domain change at the panel.' . \"\\n\\n\";\n\t\t\tforeach ($domains as $domain) {\n\t\t\t\tif ($domain['is_child']) {\n\t\t\t\t\t// domains that are subdomains to other main domains are handled by recursion within walkDomainList()\n\t\t\t\t\tcontinue;\n\t\t\t\t}\n\t\t\t\t$this->walkDomainList($domain, $domains);\n\t\t\t}\n\t\t}\n\n\t\t$bindconf_file_handler = fopen(FileDir::makeCorrectFile(Settings::Get('system.bindconf_directory') . '/froxlor_bind.conf'), 'w');\n\t\tfwrite($bindconf_file_handler, $this->bindconf_file);\n\t\tfclose($bindconf_file_handler);\n\t\t$this->logger->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'froxlor_bind.conf written');\n\t\t$this->reloadDaemon();\n\t\t$this->logger->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'Task4 finished');\n\t}\n\n\tprivate function cleanZonefiles()\n\t{\n\t\t$config_dir = FileDir::makeCorrectFile(Settings::Get('system.bindconf_directory') . '/domains/');\n\n\t\t$this->logger->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'Cleaning dns zone files from ' . $config_dir);\n\n\t\t// check directory\n\t\tif (@is_dir($config_dir)) {\n\t\t\t// create directory iterator\n\t\t\t$its = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($config_dir));\n\n\t\t\t// iterate through all subdirs, look for zone files and delete them\n\t\t\tforeach ($its as $it) {\n\t\t\t\tif ($it->isFile()) {\n\t\t\t\t\t// remove file\n\t\t\t\t\tFileDir::safe_exec('rm -f ' . escapeshellarg(FileDir::makeCorrectFile($its->getPathname())));\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t}\n\n\tprivate function walkDomainList($domain, $domains)\n\t{\n\t\t$zoneContent = '';\n\t\t$subzones = '';\n\n\t\tforeach ($domain['children'] as $child_domain_id) {\n\t\t\t$subzones .= $this->walkDomainList($domains[$child_domain_id], $domains);\n\t\t}\n\n\t\tif ($domain['zonefile'] == '') {\n\t\t\t// check for system-hostname\n\t\t\t$isFroxlorHostname = false;\n\t\t\tif (isset($domain['froxlorhost']) && $domain['froxlorhost'] == 1) {\n\t\t\t\t$isFroxlorHostname = true;\n\t\t\t}\n\n\t\t\tif (!$domain['is_child']) {\n\t\t\t\t$zoneContent = (string)Dns::createDomainZone(($domain['id'] == 'none') ? $domain : $domain['id'], $isFroxlorHostname);\n\t\t\t\t$domain['zonefile'] = 'domains/' . $domain['domain'] . '.zone';\n\t\t\t\t$zonefile_name = FileDir::makeCorrectFile(Settings::Get('system.bindconf_directory') . '/' . $domain['zonefile']);\n\t\t\t\t$zonefile_handler = fopen($zonefile_name, 'w');\n\t\t\t\tfwrite($zonefile_handler, $zoneContent . $subzones);\n\t\t\t\tfclose($zonefile_handler);\n\t\t\t\t$this->logger->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, '`' . $zonefile_name . '` written');\n\t\t\t\t$this->bindconf_file .= $this->generateDomainConfig($domain);\n\t\t\t} else {\n\t\t\t\treturn (string)Dns::createDomainZone(($domain['id'] == 'none') ? $domain : $domain['id'], $isFroxlorHostname, true);\n\t\t\t}\n\t\t} else {\n\t\t\t$this->logger->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'Added zonefile ' . $domain['zonefile'] . ' for domain ' . $domain['domain'] . ' - Note that you will also have to handle ALL records for ALL subdomains.');\n\t\t\t$this->bindconf_file .= $this->generateDomainConfig($domain);\n\t\t}\n\t}\n\n\tprivate function generateDomainConfig($domain = [])\n\t{\n\t\t$this->logger->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, 'Generating dns config for ' . $domain['domain']);\n\n\t\t$bindconf_file = '# Domain ID: ' . $domain['id'] . ' - CustomerID: ' . $domain['customerid'] . ' - CustomerLogin: ' . $domain['loginname'] . \"\\n\";\n\t\t$bindconf_file .= 'zone \"' . $domain['domain'] . '\" in {' . \"\\n\";\n\t\t$bindconf_file .= '\ttype master;' . \"\\n\";\n\t\t$bindconf_file .= '\tfile \"' . FileDir::makeCorrectFile(Settings::Get('system.bindconf_directory') . '/' . $domain['zonefile']) . '\";' . \"\\n\";\n\t\t$bindconf_file .= '\tallow-query { any; };' . \"\\n\";\n\n\t\tif (count($this->ns) > 0 || count($this->axfr) > 0) {\n\t\t\t// open allow-transfer\n\t\t\t$bindconf_file .= '\tallow-transfer {' . \"\\n\";\n\t\t\t// put nameservers in allow-transfer\n\t\t\tif (count($this->ns) > 0) {\n\t\t\t\tforeach ($this->ns as $ns) {\n\t\t\t\t\tforeach ($ns[\"ips\"] as $ip) {\n\t\t\t\t\t\t$ip = Validate::validate_ip2($ip, true, 'invalidip', true, true, true);\n\t\t\t\t\t\tif ($ip) {\n\t\t\t\t\t\t\t$bindconf_file .= '\t\t' . $ip . \";\\n\";\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t\t// AXFR server #100\n\t\t\tif (count($this->axfr) > 0) {\n\t\t\t\tforeach ($this->axfr as $axfrserver) {\n\t\t\t\t\t$bindconf_file .= '\t\t' . $axfrserver . ';' . \"\\n\";\n\t\t\t\t}\n\t\t\t}\n\t\t\t// close allow-transfer\n\t\t\t$bindconf_file .= '\t};' . \"\\n\";\n\t\t}\n\n\t\t$bindconf_file .= '};' . \"\\n\";\n\t\t$bindconf_file .= \"\\n\";\n\n\t\treturn $bindconf_file;\n\t}\n}\n" }, { "path": "lib/Froxlor/Cron/Dns/DnsBase.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Cron\\Dns;\n\nuse Froxlor\\Database\\Database;\nuse Froxlor\\Domain\\Domain;\nuse Froxlor\\FileDir;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\PhpHelper;\nuse Froxlor\\Settings;\nuse PDO;\n\n/**\n * Class DnsBase\n *\n * Base class for all DNS server configs\n */\nabstract class DnsBase\n{\n\n\tprotected $logger = false;\n\n\tprotected $ns = [];\n\n\tprotected $mx = [];\n\n\tprotected $axfr = [];\n\n\tpublic function __construct($logger)\n\t{\n\t\t$this->logger = $logger;\n\n\t\t$known_ns_ips = [];\n\t\tif (Settings::Get('system.nameservers') != '') {\n\t\t\t$nameservers = explode(',', Settings::Get('system.nameservers'));\n\t\t\tforeach ($nameservers as $nameserver) {\n\t\t\t\t$nameserver = trim($nameserver);\n\t\t\t\t// DNS servers might be multi homed; allow transfer from all ip\n\t\t\t\t// addresses of the DNS server\n\t\t\t\t$nameserver_ips = PhpHelper::gethostbynamel6($nameserver);\n\t\t\t\t// append dot to hostname\n\t\t\t\tif (substr($nameserver, -1, 1) != '.') {\n\t\t\t\t\t$nameserver .= '.';\n\t\t\t\t}\n\t\t\t\t// ignore invalid responses\n\t\t\t\tif (!is_array($nameserver_ips)) {\n\t\t\t\t\t// act like \\Froxlor\\PhpHelper::gethostbynamel6() and return unmodified hostname on error\n\t\t\t\t\t$nameserver_ips = [\n\t\t\t\t\t\t$nameserver\n\t\t\t\t\t];\n\t\t\t\t} else {\n\t\t\t\t\t$known_ns_ips = array_merge($known_ns_ips, $nameserver_ips);\n\t\t\t\t}\n\t\t\t\t$this->ns[] = [\n\t\t\t\t\t'hostname' => $nameserver,\n\t\t\t\t\t'ips' => $nameserver_ips\n\t\t\t\t];\n\t\t\t}\n\t\t}\n\n\t\tif (Settings::Get('system.mxservers') != '') {\n\t\t\t$mxservers = explode(',', Settings::Get('system.mxservers'));\n\t\t\tforeach ($mxservers as $mxserver) {\n\t\t\t\tif (substr($mxserver, -1, 1) != '.') {\n\t\t\t\t\t$mxserver .= '.';\n\t\t\t\t}\n\t\t\t\t$this->mx[] = $mxserver;\n\t\t\t}\n\t\t}\n\n\t\t// AXFR server #100\n\t\tif (Settings::Get('system.axfrservers') != '') {\n\t\t\t$axfrservers = explode(',', Settings::Get('system.axfrservers'));\n\t\t\tforeach ($axfrservers as $axfrserver) {\n\t\t\t\tif (!in_array(trim($axfrserver), $known_ns_ips)) {\n\t\t\t\t\t$this->axfr[] = trim($axfrserver);\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t}\n\n\tabstract public function writeConfigs();\n\n\tpublic function reloadDaemon()\n\t{\n\t\t// reload DNS daemon\n\t\t$cmd = Settings::Get('system.bindreload_command');\n\t\t$cmdStatus = 1;\n\t\tFileDir::safe_exec(escapeshellcmd($cmd), $cmdStatus);\n\t\tif ($cmdStatus === 0) {\n\t\t\t$this->logger->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, Settings::Get('system.dns_server') . ' daemon reloaded');\n\t\t} else {\n\t\t\t$this->logger->logAction(FroxlorLogger::CRON_ACTION, LOG_ERR, 'Error while running `' . $cmd . '`: exit code (' . $cmdStatus . ') - please check your system logs');\n\t\t}\n\t}\n\n\tprotected function getDomainList()\n\t{\n\t\t$result_domains_stmt = Database::query(\"\n\t\t\tSELECT\n\t\t\t\t`d`.`id`,\n\t\t\t\t`d`.`domain`,\n\t\t\t\t`d`.`isemaildomain`,\n\t\t\t\t`d`.`iswildcarddomain`,\n\t\t\t\t`d`.`wwwserveralias`,\n\t\t\t\t`d`.`customerid`,\n\t\t\t\t`d`.`zonefile`,\n\t\t\t\t`d`.`bindserial`,\n\t\t\t\t`d`.`dkim`,\n\t\t\t\t`d`.`dkim_id`,\n\t\t\t\t`d`.`dkim_pubkey`,\n\t\t\t\t`c`.`loginname`,\n\t\t\t\t`c`.`guid`\n\t\t\tFROM\n\t\t\t\t`\" . TABLE_PANEL_DOMAINS . \"` `d`\n\t\t\tLEFT JOIN `\" . TABLE_PANEL_CUSTOMERS . \"` `c` USING(`customerid`)\n\t\t\tWHERE\n\t\t\t\t`d`.`isbinddomain` = '1'\n\t\t\tORDER BY\n\t\t\t\tLENGTH(`d`.`domain`), `d`.`domain` ASC\n\t\t\");\n\n\t\t$domains = [];\n\t\t// don't use fetchall() to be able to set the first column to the domain id and use it later on to set the rows'\n\t\t// array of direct children without having to search the outer array\n\t\twhile ($domain = $result_domains_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t$domains[$domain[\"id\"]] = $domain;\n\t\t}\n\n\t\t// frolxor-hostname (#1090)\n\t\tif (Settings::get('system.dns_createhostnameentry') == 1) {\n\t\t\t$hostname_arr = [\n\t\t\t\t'id' => 'none',\n\t\t\t\t'domain' => Settings::Get('system.hostname'),\n\t\t\t\t'isbinddomain' => '1',\n\t\t\t\t'isemaildomain' => Settings::Get('system.dns_createmailentry'),\n\t\t\t\t'email_only' => '0',\n\t\t\t\t'customerid' => 'none',\n\t\t\t\t'loginname' => 'froxlor.panel',\n\t\t\t\t'bindserial' => date('Ymd') . '00',\n\t\t\t\t'dkim' => '0',\n\t\t\t\t'iswildcarddomain' => '1',\n\t\t\t\t'zonefile' => '',\n\t\t\t\t'froxlorhost' => '1'\n\t\t\t];\n\t\t\t$domains[0] = $hostname_arr;\n\t\t}\n\n\t\tif (empty($domains)) {\n\t\t\treturn null;\n\t\t}\n\n\t\t// collect domain IDs of direct child domains as arrays in ['children'] column\n\t\tforeach (array_keys($domains) as $key) {\n\t\t\tif (!isset($domains[$key]['children'])) {\n\t\t\t\t$domains[$key]['children'] = [];\n\t\t\t}\n\t\t\tif (!isset($domains[$key]['is_child'])) {\n\t\t\t\t$domains[$key]['is_child'] = false;\n\t\t\t}\n\t\t\t$children = Domain::getMainSubdomainIds($key);\n\t\t\tif (count($children) > 0) {\n\t\t\t\tforeach ($children as $child) {\n\t\t\t\t\tif (isset($domains[$child])) {\n\t\t\t\t\t\t$domains[$key]['children'][] = $domains[$child]['id'];\n\t\t\t\t\t\t$domains[$child]['is_child'] = true;\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\t$this->logger->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, str_pad('domId', 9, ' ') . str_pad('domain', 40, ' ') . \"list of child domain ids\");\n\t\tforeach ($domains as $domain) {\n\t\t\t$logLine = str_pad($domain['id'], 9, ' ') . str_pad($domain['domain'], 40, ' ') . join(', ', $domain['children']);\n\t\t\t$this->logger->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, $logLine);\n\t\t}\n\n\t\treturn $domains;\n\t}\n}\n" }, { "path": "lib/Froxlor/Cron/Dns/PowerDNS.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Cron\\Dns;\n\nuse Froxlor\\Dns\\Dns;\nuse Froxlor\\Dns\\DnsZone;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\Settings;\nuse PDO;\n\nclass PowerDNS extends DnsBase\n{\n\n\tpublic function writeConfigs()\n\t{\n\t\t// tell the world what we are doing\n\t\t$this->logger->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'Task4 started - Refreshing DNS database');\n\n\t\t$domains = $this->getDomainList();\n\n\t\t// clean up\n\t\t$this->clearZoneTables($domains);\n\n\t\tif (empty($domains)) {\n\t\t\t$this->logger->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'No domains found for nameserver-config, not creating any zones...');\n\t\t} else {\n\t\t\tforeach ($domains as $domain) {\n\t\t\t\tif ($domain['is_child']) {\n\t\t\t\t\t// domains that are subdomains to other main domains are handled by recursion within walkDomainList()\n\t\t\t\t\tcontinue;\n\t\t\t\t}\n\t\t\t\t$this->walkDomainList($domain, $domains);\n\t\t\t}\n\t\t}\n\t\t$this->logger->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'PowerDNS database updated');\n\t\t$this->reloadDaemon();\n\t\t$this->logger->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'Task4 finished');\n\t}\n\n\tprivate function clearZoneTables($domains = null)\n\t{\n\t\t$this->logger->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'Cleaning dns zone entries from database');\n\n\t\t$pdns_domains_stmt = \\Froxlor\\Dns\\PowerDNS::getDB()->prepare(\"SELECT `id`, `name` FROM `domains` WHERE `name` = :domain\");\n\n\t\t$del_rec_stmt = \\Froxlor\\Dns\\PowerDNS::getDB()->prepare(\"DELETE FROM `records` WHERE `domain_id` = :did\");\n\t\t$del_meta_stmt = \\Froxlor\\Dns\\PowerDNS::getDB()->prepare(\"DELETE FROM `domainmetadata` WHERE `domain_id` = :did\");\n\t\t$del_dom_stmt = \\Froxlor\\Dns\\PowerDNS::getDB()->prepare(\"DELETE FROM `domains` WHERE `id` = :did\");\n\n\t\tforeach ($domains as $domain) {\n\t\t\t$pdns_domains_stmt->execute([\n\t\t\t\t'domain' => $domain['domain']\n\t\t\t]);\n\t\t\t$pdns_domain = $pdns_domains_stmt->fetch(PDO::FETCH_ASSOC);\n\n\t\t\tif ($pdns_domain && !empty($pdns_domain['id'])) {\n\t\t\t\t$del_rec_stmt->execute([\n\t\t\t\t\t'did' => $pdns_domain['id']\n\t\t\t\t]);\n\t\t\t\t$del_meta_stmt->execute([\n\t\t\t\t\t'did' => $pdns_domain['id']\n\t\t\t\t]);\n\t\t\t\t$del_dom_stmt->execute([\n\t\t\t\t\t'did' => $pdns_domain['id']\n\t\t\t\t]);\n\t\t\t}\n\t\t}\n\t}\n\n\tprivate function walkDomainList($domain, $domains)\n\t{\n\t\t$zoneContent = '';\n\t\t$subzones = [];\n\n\t\tforeach ($domain['children'] as $child_domain_id) {\n\t\t\t$subzones[] = $this->walkDomainList($domains[$child_domain_id], $domains);\n\t\t}\n\n\t\tif ($domain['zonefile'] == '') {\n\t\t\t// check for system-hostname\n\t\t\t$isFroxlorHostname = false;\n\t\t\tif (isset($domain['froxlorhost']) && $domain['froxlorhost'] == 1) {\n\t\t\t\t$isFroxlorHostname = true;\n\t\t\t}\n\n\t\t\tif (!$domain['is_child']) {\n\t\t\t\t$zoneContent = Dns::createDomainZone(($domain['id'] == 'none') ? $domain : $domain['id'], $isFroxlorHostname);\n\t\t\t\tif (count($subzones)) {\n\t\t\t\t\tforeach ($subzones as $subzone) {\n\t\t\t\t\t\t$zoneContent->records[] = $subzone;\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\t$pdnsDomId = $this->insertZone($zoneContent->origin, $zoneContent->serial);\n\t\t\t\t$this->insertRecords($pdnsDomId, $zoneContent->records, $zoneContent->origin);\n\t\t\t\t$this->insertAllowedTransfers($pdnsDomId);\n\t\t\t\t$this->logger->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'DB entries stored for zone `' . $domain['domain'] . '`');\n\t\t\t} else {\n\t\t\t\treturn Dns::createDomainZone(($domain['id'] == 'none') ? $domain : $domain['id'], $isFroxlorHostname, true);\n\t\t\t}\n\t\t} else {\n\t\t\t$this->logger->logAction(FroxlorLogger::CRON_ACTION, LOG_ERR, 'Custom zonefiles are NOT supported when PowerDNS is selected as DNS daemon (triggered by: ' . $domain['domain'] . ')');\n\t\t}\n\t}\n\n\tprivate function insertZone($domainname, $serial = 0)\n\t{\n\t\t$ins_stmt = \\Froxlor\\Dns\\PowerDNS::getDB()->prepare(\"\n\t\t\tINSERT INTO domains set `name` = :domainname, `notified_serial` = :serial, `type` = :type\n\t\t\");\n\t\t$ins_stmt->execute([\n\t\t\t'domainname' => $domainname,\n\t\t\t'serial' => $serial,\n\t\t\t'type' => strtoupper(Settings::Get('system.powerdns_mode'))\n\t\t]);\n\t\t$lastid = \\Froxlor\\Dns\\PowerDNS::getDB()->lastInsertId();\n\t\treturn $lastid;\n\t}\n\n\tprivate function insertRecords($domainid = 0, $records = [], $origin = \"\")\n\t{\n\t\t$ins_stmt = \\Froxlor\\Dns\\PowerDNS::getDB()->prepare(\"\n\t\t\tINSERT INTO records set\n\t\t\t`domain_id` = :did,\n\t\t\t`name` = :rec,\n\t\t\t`type` = :type,\n\t\t\t`content` = :content,\n\t\t\t`ttl` = :ttl,\n\t\t\t`prio` = :prio,\n\t\t\t`disabled` = '0'\n\t\t\");\n\n\t\tforeach ($records as $record) {\n\t\t\tif ($record instanceof DnsZone) {\n\t\t\t\t$this->insertRecords($domainid, $record->records, $record->origin);\n\t\t\t\tcontinue;\n\t\t\t}\n\n\t\t\tif ($record->record == '@') {\n\t\t\t\t$_record = $origin;\n\t\t\t} else {\n\t\t\t\t$_record = $record->record . \".\" . $origin;\n\t\t\t}\n\n\t\t\t$ins_data = [\n\t\t\t\t'did' => $domainid,\n\t\t\t\t'rec' => $_record,\n\t\t\t\t'type' => $record->type,\n\t\t\t\t'content' => $record->content,\n\t\t\t\t'ttl' => $record->ttl,\n\t\t\t\t'prio' => $record->priority\n\t\t\t];\n\t\t\t$ins_stmt->execute($ins_data);\n\t\t}\n\t}\n\n\tprivate function insertAllowedTransfers($domainid)\n\t{\n\t\t$ins_stmt = \\Froxlor\\Dns\\PowerDNS::getDB()->prepare(\"\n\t\t\tINSERT INTO domainmetadata set `domain_id` = :did, `kind` = 'ALLOW-AXFR-FROM', `content` = :value\n\t\t\");\n\n\t\t$ins_data = [\n\t\t\t'did' => $domainid\n\t\t];\n\n\t\tif (count($this->ns) > 0 || count($this->axfr) > 0) {\n\t\t\t// put nameservers in allow-transfer\n\t\t\tif (count($this->ns) > 0) {\n\t\t\t\tforeach ($this->ns as $ns) {\n\t\t\t\t\tforeach ($ns[\"ips\"] as $ip) {\n\t\t\t\t\t\t$ins_data['value'] = $ip;\n\t\t\t\t\t\t$ins_stmt->execute($ins_data);\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t\t// AXFR server #100\n\t\t\tif (count($this->axfr) > 0) {\n\t\t\t\tforeach ($this->axfr as $axfrserver) {\n\t\t\t\t\t$ins_data['value'] = $axfrserver;\n\t\t\t\t\t$ins_stmt->execute($ins_data);\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t}\n}\n" }, { "path": "lib/Froxlor/Cron/Dns/index.html", "content": "" }, { "path": "lib/Froxlor/Cron/Forkable.php", "content": "= $concurrentChildren) {\n\t\t\t\t\t\tforeach ($childrenPids as $key => $pid) {\n\t\t\t\t\t\t\t$res = pcntl_waitpid($pid, $status, WNOHANG);\n\t\t\t\t\t\t\t// If the process has already exited\n\t\t\t\t\t\t\tif ($res == -1 || $res > 0) {\n\t\t\t\t\t\t\t\tunset($childrenPids[$key]);\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t\tsleep(1);\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t\twhile (pcntl_waitpid(0, $status) != -1);\n\t\t} else {\n\t\t\tif (!defined('CRON_NOFORK_FLAG')) {\n\t\t\t\tif (extension_loaded('pcntl')) {\n\t\t\t\t\t$msg = \"PHP compiled with pcntl but pcntl_fork function is not available.\";\n\t\t\t\t} else {\n\t\t\t\t\t$msg = \"PHP compiled without pcntl.\";\n\t\t\t\t}\n\t\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_WARNING, $msg . \" Not forking \" . self::class . \", this may take a long time!\");\n\t\t\t}\n\t\t\tforeach ($attributes as $closureAttributes) {\n\t\t\t\t$closure($closureAttributes);\n\t\t\t}\n\t\t}\n\t}\n}\n" }, { "path": "lib/Froxlor/Cron/FroxlorCron.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Cron;\n\nabstract class FroxlorCron\n{\n\n\tprotected static $cronlog = null;\n\tprotected static $lockfile = null;\n\n\tabstract public static function run();\n\n\tpublic static function getLockfile()\n\t{\n\t\treturn static::$lockfile;\n\t}\n\n\tpublic static function setLockfile($lockfile = null)\n\t{\n\t\tstatic::$lockfile = $lockfile;\n\t}\n\n\tpublic static function setCronlog($cronlog = null)\n\t{\n\t\tstatic::$cronlog = $cronlog;\n\t}\n}\n" }, { "path": "lib/Froxlor/Cron/Http/Apache.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Cron\\Http;\n\nuse Froxlor\\Cron\\Http\\Php\\PhpInterface;\nuse Froxlor\\Cron\\TaskId;\nuse Froxlor\\Customer\\Customer;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\Domain\\Domain;\nuse Froxlor\\FileDir;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\Http\\Directory;\nuse Froxlor\\Http\\Statistics;\nuse Froxlor\\PhpHelper;\nuse Froxlor\\Settings;\nuse Froxlor\\System\\Cronjob;\nuse Froxlor\\System\\Crypt;\nuse Froxlor\\Validate\\Validate;\nuse PDO;\n\nclass Apache extends HttpConfigBase\n{\n\n\t// protected\n\tprotected $known_diroptionsfilenames = [];\n\n\tprotected $known_htpasswdsfilenames = [];\n\n\tprotected $virtualhosts_data = [];\n\n\tprotected $diroptions_data = [];\n\n\tprotected $htpasswds_data = [];\n\n\t/**\n\t * indicator whether a customer is deactivated or not\n\t * if yes, only the webroot will be generated\n\t *\n\t * @var bool\n\t */\n\tprivate $deactivated = false;\n\n\tpublic function createIpPort()\n\t{\n\t\t$result_ipsandports_stmt = Database::query(\"SELECT * FROM `\" . TABLE_PANEL_IPSANDPORTS . \"` ORDER BY `ip` ASC, `port` ASC\");\n\n\t\twhile ($row_ipsandports = $result_ipsandports_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\tif (filter_var($row_ipsandports['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {\n\t\t\t\t$ipport = '[' . $row_ipsandports['ip'] . ']:' . $row_ipsandports['port'];\n\t\t\t} else {\n\t\t\t\t$ipport = $row_ipsandports['ip'] . ':' . $row_ipsandports['port'];\n\t\t\t}\n\n\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'apache::createIpPort: creating ip/port settings for ' . $ipport);\n\t\t\t$vhosts_filename = FileDir::makeCorrectFile(Settings::Get('system.apacheconf_vhost') . '/10_froxlor_ipandport_' . trim(str_replace(':', '.', $row_ipsandports['ip']), '.') . '.' . $row_ipsandports['port'] . '.conf');\n\n\t\t\tif (!isset($this->virtualhosts_data[$vhosts_filename])) {\n\t\t\t\t$this->virtualhosts_data[$vhosts_filename] = '';\n\t\t\t}\n\n\t\t\tif ($row_ipsandports['listen_statement'] == '1') {\n\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= 'Listen ' . $ipport . \"\\n\";\n\t\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, $ipport . ' :: inserted listen-statement');\n\t\t\t}\n\n\t\t\tif ($row_ipsandports['namevirtualhost_statement'] == '1') {\n\t\t\t\t// >=apache-2.4 enabled?\n\t\t\t\tif (Settings::Get('system.apache24') == '1') {\n\t\t\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_NOTICE, $ipport . ' :: namevirtualhost-statement no longer needed for apache-2.4');\n\t\t\t\t} else {\n\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= 'NameVirtualHost ' . $ipport . \"\\n\";\n\t\t\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, $ipport . ' :: inserted namevirtualhost-statement');\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tif ($row_ipsandports['vhostcontainer'] == '1') {\n\t\t\t\t$without_vhost = $this->virtualhosts_data[$vhosts_filename];\n\t\t\t\t$close_vhost = true;\n\n\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= '' . \"\\n\";\n\n\t\t\t\t$mypath = $this->getMyPath($row_ipsandports);\n\n\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= 'DocumentRoot \"' . rtrim($mypath, \"/\") . '\"' . \"\\n\";\n\n\t\t\t\tif ($row_ipsandports['vhostcontainer_servername_statement'] == '1') {\n\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' ServerName ' . Settings::Get('system.hostname') . \"\\n\";\n\n\t\t\t\t\t$froxlor_aliases = Settings::Get('system.froxloraliases');\n\t\t\t\t\tif (!empty($froxlor_aliases)) {\n\t\t\t\t\t\t$froxlor_aliases = explode(\",\", $froxlor_aliases);\n\t\t\t\t\t\t$aliases = \"\";\n\t\t\t\t\t\tforeach ($froxlor_aliases as $falias) {\n\t\t\t\t\t\t\tif (Validate::validateDomain(trim($falias))) {\n\t\t\t\t\t\t\t\t$aliases .= trim($falias) . \" \";\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t\t$aliases = trim($aliases);\n\t\t\t\t\t\tif (!empty($aliases)) {\n\t\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' ServerAlias ' . $aliases . \"\\n\";\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\t$is_redirect = false;\n\t\t\t\t// check for SSL redirect\n\t\t\t\tif ($row_ipsandports['ssl'] == '0' && Settings::Get('system.le_froxlor_redirect') == '1') {\n\t\t\t\t\t$is_redirect = true;\n\t\t\t\t\t// check whether froxlor uses Let's Encrypt and not cert is being generated yet\n\t\t\t\t\t// or a renewal is ongoing - disable redirect\n\t\t\t\t\tif (Settings::Get('system.leenabled') == '1' && Settings::Get('system.le_froxlor_enabled') && ($this->froxlorVhostHasLetsEncryptCert() == false || $this->froxlorVhostLetsEncryptNeedsRenew())) {\n\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= '# temp. disabled ssl-redirect due to Let\\'s Encrypt certificate generation.' . PHP_EOL;\n\t\t\t\t\t\t$is_redirect = false;\n\t\t\t\t\t\tCronjob::inserttask(TaskId::REBUILD_VHOST);\n\t\t\t\t\t} else {\n\t\t\t\t\t\t$_sslport = $this->checkAlternativeSslPort();\n\n\t\t\t\t\t\t$mypath = 'https://' . Settings::Get('system.hostname') . $_sslport . '/';\n\t\t\t\t\t\t$code = '301';\n\t\t\t\t\t\t$modrew_red = ' [R=' . $code . ';L,NE]';\n\n\t\t\t\t\t\t// redirect everything, not only root-directory, #541\n\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' ' . \"\\n\";\n\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' RewriteEngine On' . \"\\n\";\n\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' RewriteCond %{HTTPS} off' . \"\\n\";\n\t\t\t\t\t\tif (Settings::Get('system.leenabled') == '1' && Settings::Get('system.le_froxlor_enabled') == '1') {\n\t\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' RewriteCond %{REQUEST_URI} !^/\\.well-known/acme-challenge' . \"\\n\";\n\t\t\t\t\t\t}\n\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' RewriteRule ^/(.*) ' . $mypath . '$1' . $modrew_red . \"\\n\";\n\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' ' . \"\\n\";\n\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' ' . \"\\n\";\n\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' Redirect ' . $code . ' / ' . $mypath . \"\\n\";\n\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' ' . \"\\n\";\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\tif (!$is_redirect) {\n\t\t\t\t\t// protect lib/userdata.inc.php\n\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' ' . \"\\n\";\n\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' ' . \"\\n\";\n\t\t\t\t\tif (Settings::Get('system.apache24') == '1') {\n\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' Require all denied' . \"\\n\";\n\t\t\t\t\t} else {\n\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' Order deny,allow' . \"\\n\";\n\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' deny from all' . \"\\n\";\n\t\t\t\t\t}\n\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' ' . \"\\n\";\n\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' ' . \"\\n\";\n\t\t\t\t\t// protect bin/\n\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' ' . \"\\n\";\n\t\t\t\t\tif (Settings::Get('system.apache24') == '1') {\n\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' Require all denied' . \"\\n\";\n\t\t\t\t\t} else {\n\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' Order deny,allow' . \"\\n\";\n\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' deny from all' . \"\\n\";\n\t\t\t\t\t}\n\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' ' . \"\\n\";\n\n\t\t\t\t\t// create fcgid -Part (starter is created in apache_fcgid)\n\t\t\t\t\tif (Settings::Get('system.mod_fcgid_ownvhost') == '1' && Settings::Get('system.mod_fcgid') == '1') {\n\t\t\t\t\t\t$configdir = FileDir::makeCorrectDir(Settings::Get('system.mod_fcgid_configdir') . '/froxlor.panel/' . Settings::Get('system.hostname'));\n\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' FcgidIdleTimeout ' . Settings::Get('system.mod_fcgid_idle_timeout') . \"\\n\";\n\t\t\t\t\t\tif ((int)Settings::Get('system.mod_fcgid_wrapper') == 0) {\n\t\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' SuexecUserGroup \"' . Settings::Get('system.mod_fcgid_httpuser') . '\" \"' . Settings::Get('system.mod_fcgid_httpgroup') . '\"' . \"\\n\";\n\t\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' ScriptAlias /php/ ' . $configdir . \"\\n\";\n\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t$domain = [\n\t\t\t\t\t\t\t\t'id' => 'none',\n\t\t\t\t\t\t\t\t'domain' => Settings::Get('system.hostname'),\n\t\t\t\t\t\t\t\t'adminid' => 1, /* first admin-user (superadmin) */\n\t\t\t\t\t\t\t\t'mod_fcgid_starter' => -1,\n\t\t\t\t\t\t\t\t'mod_fcgid_maxrequests' => -1,\n\t\t\t\t\t\t\t\t'guid' => Settings::Get('system.mod_fcgid_httpuser'),\n\t\t\t\t\t\t\t\t'openbasedir' => 0,\n\t\t\t\t\t\t\t\t'email' => Settings::Get('panel.adminmail'),\n\t\t\t\t\t\t\t\t'loginname' => 'froxlor.panel',\n\t\t\t\t\t\t\t\t'documentroot' => $mypath,\n\t\t\t\t\t\t\t\t'customerroot' => $mypath\n\t\t\t\t\t\t\t];\n\t\t\t\t\t\t\t$php = new PhpInterface($domain);\n\t\t\t\t\t\t\t$phpconfig = $php->getPhpConfig(Settings::Get('system.mod_fcgid_defaultini_ownvhost'));\n\t\t\t\t\t\t\tif ($phpconfig['pass_authorizationheader'] == '1') {\n\t\t\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' FcgidPassHeader Authorization' . \"\\n\";\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t$starter_filename = FileDir::makeCorrectFile($configdir . '/php-fcgi-starter');\n\t\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' SuexecUserGroup \"' . Settings::Get('system.mod_fcgid_httpuser') . '\" \"' . Settings::Get('system.mod_fcgid_httpgroup') . '\"' . \"\\n\";\n\t\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' ' . \"\\n\";\n\t\t\t\t\t\t\t$file_extensions = explode(' ', $phpconfig['file_extensions']);\n\t\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' ' . \"\\n\";\n\t\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' SetHandler fcgid-script' . \"\\n\";\n\t\t\t\t\t\t\tforeach ($file_extensions as $file_extension) {\n\t\t\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' FcgidWrapper ' . $starter_filename . ' .' . $file_extension . \"\\n\";\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' Options +ExecCGI' . \"\\n\";\n\t\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' ' . \"\\n\";\n\t\t\t\t\t\t\t// >=apache-2.4 enabled?\n\t\t\t\t\t\t\tif (Settings::Get('system.apache24') == '1') {\n\t\t\t\t\t\t\t\t$mypath_dir = new Directory($mypath);\n\t\t\t\t\t\t\t\t// only create the require all granted if there is not active directory-protection\n\t\t\t\t\t\t\t\t// for this path, as this would be the first require and therefore grant all access\n\t\t\t\t\t\t\t\tif ($mypath_dir->isUserProtected() == false) {\n\t\t\t\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' Require all granted' . \"\\n\";\n\t\t\t\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' AllowOverride All' . \"\\n\";\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' Order allow,deny' . \"\\n\";\n\t\t\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' allow from all' . \"\\n\";\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' ' . \"\\n\";\n\t\t\t\t\t\t}\n\t\t\t\t\t} elseif (Settings::Get('phpfpm.enabled') == '1' && (int)Settings::Get('phpfpm.enabled_ownvhost') == 1) {\n\t\t\t\t\t\t// get fpm config\n\t\t\t\t\t\t$fpm_sel_stmt = Database::prepare(\"\n\t\t\t\t\t\t\tSELECT f.id FROM `\" . TABLE_PANEL_FPMDAEMONS . \"` f\n\t\t\t\t\t\t\tLEFT JOIN `\" . TABLE_PANEL_PHPCONFIGS . \"` p ON p.fpmsettingid = f.id\n\t\t\t\t\t\t\tWHERE p.id = :phpconfigid\n\t\t\t\t\t\t\");\n\t\t\t\t\t\t$fpm_config = Database::pexecute_first($fpm_sel_stmt, [\n\t\t\t\t\t\t\t'phpconfigid' => Settings::Get('phpfpm.vhost_defaultini')\n\t\t\t\t\t\t]);\n\t\t\t\t\t\t// create php-fpm -Part (config is created in apache_fcgid)\n\t\t\t\t\t\t$domain = [\n\t\t\t\t\t\t\t'id' => 'none',\n\t\t\t\t\t\t\t'domain' => Settings::Get('system.hostname'),\n\t\t\t\t\t\t\t'adminid' => 1, /* first admin-user (superadmin) */\n\t\t\t\t\t\t\t'mod_fcgid_starter' => -1,\n\t\t\t\t\t\t\t'mod_fcgid_maxrequests' => -1,\n\t\t\t\t\t\t\t'guid' => Settings::Get('phpfpm.vhost_httpuser'),\n\t\t\t\t\t\t\t'openbasedir' => 0,\n\t\t\t\t\t\t\t'email' => Settings::Get('panel.adminmail'),\n\t\t\t\t\t\t\t'loginname' => 'froxlor.panel',\n\t\t\t\t\t\t\t'documentroot' => $mypath,\n\t\t\t\t\t\t\t'customerroot' => $mypath,\n\t\t\t\t\t\t\t'fpm_config_id' => isset($fpm_config['id']) ? $fpm_config['id'] : 1\n\t\t\t\t\t\t];\n\n\t\t\t\t\t\t$php = new phpinterface($domain);\n\t\t\t\t\t\t$phpconfig = $php->getPhpConfig(Settings::Get('phpfpm.vhost_defaultini'));\n\t\t\t\t\t\t$srvName = substr(md5($ipport), 0, 4) . '.fpm.external';\n\t\t\t\t\t\tif ($row_ipsandports['ssl']) {\n\t\t\t\t\t\t\t$srvName = substr(md5($ipport), 0, 4) . '.ssl-fpm.external';\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' ' . \"\\n\";\n\t\t\t\t\t\t// mod_proxy stuff for apache-2.4\n\t\t\t\t\t\tif (Settings::Get('system.apache24') == '1' && Settings::Get('phpfpm.use_mod_proxy') == '1') {\n\t\t\t\t\t\t\t$filesmatch = $phpconfig['fpm_settings']['limit_extensions'];\n\t\t\t\t\t\t\t$extensions = explode(\" \", $filesmatch);\n\t\t\t\t\t\t\t$filesmatch = \"\";\n\t\t\t\t\t\t\tforeach ($extensions as $ext) {\n\t\t\t\t\t\t\t\t$filesmatch .= substr($ext, 1) . '|';\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t// start block, cut off last pipe and close block\n\t\t\t\t\t\t\t$filesmatch = '(' . str_replace(\".\", \"\\.\", substr($filesmatch, 0, -1)) . ')';\n\t\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' ' . \"\\n\";\n\t\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' ' . \"\\n\";\n\t\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' \tSetHandler proxy:unix:' . $php->getInterface()->getSocketFile() . '|fcgi://localhost' . \"\\n\";\n\t\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' ' . \"\\n\";\n\t\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' ' . \"\\n\";\n\t\t\t\t\t\t\tif ($phpconfig['pass_authorizationheader'] == '1') {\n\t\t\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' CGIPassAuth On' . \"\\n\";\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t$addheader = \"\";\n\t\t\t\t\t\t\tif ($phpconfig['pass_authorizationheader'] == '1') {\n\t\t\t\t\t\t\t\t$addheader = \" -pass-header Authorization\";\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' FastCgiExternalServer ' . $php->getInterface()->getAliasConfigDir() . $srvName . ' -socket ' . $php->getInterface()->getSocketFile() . ' -idle-timeout ' . $phpconfig['fpm_settings']['idle_timeout'] . $addheader . \"\\n\";\n\t\t\t\t\t\t\t$filesmatch = $phpconfig['fpm_settings']['limit_extensions'];\n\t\t\t\t\t\t\t$extensions = explode(\" \", $filesmatch);\n\t\t\t\t\t\t\t$filesmatch = \"\";\n\t\t\t\t\t\t\tforeach ($extensions as $ext) {\n\t\t\t\t\t\t\t\t$filesmatch .= substr($ext, 1) . '|';\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t// start block, cut off last pipe and close block\n\t\t\t\t\t\t\t$filesmatch = '(' . str_replace(\".\", \"\\.\", substr($filesmatch, 0, -1)) . ')';\n\t\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' ' . \"\\n\";\n\t\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' AddHandler php-fastcgi .php' . \"\\n\";\n\t\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' Action php-fastcgi /fastcgiphp' . \"\\n\";\n\t\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' Options +ExecCGI' . \"\\n\";\n\t\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' ' . \"\\n\";\n\t\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' Alias /fastcgiphp ' . $php->getInterface()->getAliasConfigDir() . $srvName . \"\\n\";\n\t\t\t\t\t\t}\n\t\t\t\t\t\t// >=apache-2.4 enabled?\n\t\t\t\t\t\tif (Settings::Get('system.apache24') == '1') {\n\t\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' Require all granted' . \"\\n\";\n\t\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' AllowOverride All' . \"\\n\";\n\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' Order allow,deny' . \"\\n\";\n\t\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' allow from all' . \"\\n\";\n\t\t\t\t\t\t}\n\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' ' . \"\\n\";\n\t\t\t\t\t} else {\n\t\t\t\t\t\t// mod_php\n\t\t\t\t\t\t$domain = [\n\t\t\t\t\t\t\t'id' => 'none',\n\t\t\t\t\t\t\t'domain' => Settings::Get('system.hostname'),\n\t\t\t\t\t\t\t'adminid' => 1, /* first admin-user (superadmin) */\n\t\t\t\t\t\t\t'guid' => Settings::Get('system.httpuser'),\n\t\t\t\t\t\t\t'openbasedir' => 0,\n\t\t\t\t\t\t\t'email' => Settings::Get('panel.adminmail'),\n\t\t\t\t\t\t\t'loginname' => 'froxlor.panel',\n\t\t\t\t\t\t\t'documentroot' => $mypath,\n\t\t\t\t\t\t\t'customerroot' => $mypath\n\t\t\t\t\t\t];\n\t\t\t\t\t}\n\t\t\t\t\t// end of ssl-redirect check\n\t\t\t\t} else {\n\t\t\t\t\t// fallback of froxlor domain-data for processSpecialConfigTemplate()\n\t\t\t\t\t$domain = [\n\t\t\t\t\t\t'domain' => Settings::Get('system.hostname'),\n\t\t\t\t\t\t'loginname' => 'froxlor.panel',\n\t\t\t\t\t\t'documentroot' => $mypath,\n\t\t\t\t\t\t'customerroot' => $mypath\n\t\t\t\t\t];\n\t\t\t\t}\n\n\t\t\t\t/**\n\t\t\t\t * dirprotection, see #72\n\t\t\t\t *\n\t\t\t\t * @todo deferred until 0.9.5, needs more testing\n\t\t\t\t * $this->virtualhosts_data[$vhosts_filename] .= \"\\t\\n\";\n\t\t\t\t * $this->virtualhosts_data[$vhosts_filename] .= \"\\t\\tAllow from all\\n\";\n\t\t\t\t * $this->virtualhosts_data[$vhosts_filename] .= \"\\t\\tOptions -Indexes\\n\";\n\t\t\t\t * $this->virtualhosts_data[$vhosts_filename] .= \"\\t\\n\";\n\t\t\t\t *\n\t\t\t\t * $this->virtualhosts_data[$vhosts_filename] .= \"\\t\\n\";\n\t\t\t\t * $this->virtualhosts_data[$vhosts_filename] .= \"\\t\\tOrder Deny,Allow\\n\";\n\t\t\t\t * $this->virtualhosts_data[$vhosts_filename] .= \"\\t\\tDeny from All\\n\";\n\t\t\t\t * $this->virtualhosts_data[$vhosts_filename] .= \"\\t\\n\";\n\t\t\t\t * end of dirprotection\n\t\t\t\t */\n\n\t\t\t\tif ($row_ipsandports['specialsettings'] != '' && ($row_ipsandports['ssl'] == '0' || ($row_ipsandports['ssl'] == '1' && Settings::Get('system.use_ssl') == '1' && $row_ipsandports['include_specialsettings'] == '1'))) {\n\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= $this->processSpecialConfigTemplate($row_ipsandports['specialsettings'], $domain, $row_ipsandports['ip'], $row_ipsandports['port'], $row_ipsandports['ssl'] == '1') . \"\\n\";\n\t\t\t\t}\n\n\t\t\t\tif ($row_ipsandports['ssl'] == '1' && Settings::Get('system.use_ssl') == '1') {\n\t\t\t\t\tif ($row_ipsandports['ssl_specialsettings'] != '') {\n\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= $this->processSpecialConfigTemplate($row_ipsandports['ssl_specialsettings'], $domain, $row_ipsandports['ip'], $row_ipsandports['port'], $row_ipsandports['ssl'] == '1') . \"\\n\";\n\t\t\t\t\t}\n\n\t\t\t\t\t// check for required fallback\n\t\t\t\t\tif (($row_ipsandports['ssl_cert_file'] == '' || !file_exists($row_ipsandports['ssl_cert_file'])) && (Settings::Get('system.le_froxlor_enabled') == '0' || $this->froxlorVhostHasLetsEncryptCert() == false)) {\n\t\t\t\t\t\t$row_ipsandports['ssl_cert_file'] = Settings::Get('system.ssl_cert_file');\n\t\t\t\t\t\tif (!file_exists($row_ipsandports['ssl_cert_file'])) {\n\t\t\t\t\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, 'System certificate file \"' . Settings::Get('system.ssl_cert_file') . '\" does not seem to exist. Creating self-signed certificate...');\n\t\t\t\t\t\t\tCrypt::createSelfSignedCertificate();\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\n\t\t\t\t\tif ($row_ipsandports['ssl_key_file'] == '') {\n\t\t\t\t\t\t$row_ipsandports['ssl_key_file'] = Settings::Get('system.ssl_key_file');\n\t\t\t\t\t\tif (!file_exists($row_ipsandports['ssl_key_file'])) {\n\t\t\t\t\t\t\t// explicitly disable ssl for this vhost\n\t\t\t\t\t\t\t$row_ipsandports['ssl_cert_file'] = \"\";\n\t\t\t\t\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, 'System certificate key-file \"' . Settings::Get('system.ssl_key_file') . '\" does not seem to exist. Disabling SSL-vhost for \"' . Settings::Get('system.hostname') . '\"');\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\n\t\t\t\t\tif ($row_ipsandports['ssl_ca_file'] == '') {\n\t\t\t\t\t\t$row_ipsandports['ssl_ca_file'] = Settings::Get('system.ssl_ca_file');\n\t\t\t\t\t}\n\n\t\t\t\t\t// #418\n\t\t\t\t\tif ($row_ipsandports['ssl_cert_chainfile'] == '') {\n\t\t\t\t\t\t$row_ipsandports['ssl_cert_chainfile'] = Settings::Get('system.ssl_cert_chainfile');\n\t\t\t\t\t}\n\n\t\t\t\t\t$domain = [\n\t\t\t\t\t\t'id' => 0,\n\t\t\t\t\t\t'domain' => Settings::Get('system.hostname'),\n\t\t\t\t\t\t'adminid' => 1, /* first admin-user (superadmin) */\n\t\t\t\t\t\t'loginname' => 'froxlor.panel',\n\t\t\t\t\t\t'documentroot' => $mypath,\n\t\t\t\t\t\t'customerroot' => $mypath,\n\t\t\t\t\t\t'parentdomainid' => 0,\n\t\t\t\t\t\t'ssl_honorcipherorder' => Settings::Get('system.honorcipherorder'),\n\t\t\t\t\t\t'ssl_sessiontickets' => Settings::Get('system.sessiontickets')\n\t\t\t\t\t];\n\n\t\t\t\t\t// override corresponding array values\n\t\t\t\t\t$domain['ssl_cert_file'] = $row_ipsandports['ssl_cert_file'];\n\t\t\t\t\t$domain['ssl_key_file'] = $row_ipsandports['ssl_key_file'];\n\t\t\t\t\t$domain['ssl_ca_file'] = $row_ipsandports['ssl_ca_file'];\n\t\t\t\t\t$domain['ssl_cert_chainfile'] = $row_ipsandports['ssl_cert_chainfile'];\n\n\t\t\t\t\t// SSL STUFF\n\t\t\t\t\t$dssl = new DomainSSL();\n\t\t\t\t\t// this sets the ssl-related array-indices in the $domain array\n\t\t\t\t\t// if the domain has customer-defined ssl-certificates\n\t\t\t\t\t$dssl->setDomainSSLFilesArray($domain);\n\n\t\t\t\t\tif ($domain['ssl_cert_file'] != '') {\n\t\t\t\t\t\t// check for existence, #1485\n\t\t\t\t\t\tif (!file_exists($domain['ssl_cert_file'])) {\n\t\t\t\t\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_ERR, $ipport . ' :: certificate file \"' . $domain['ssl_cert_file'] . '\" does not exist! Cannot create ssl-directives');\n\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' SSLEngine On' . \"\\n\";\n\t\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' SSLProtocol -ALL +' . str_replace(\",\", \" +\", Settings::Get('system.ssl_protocols')) . \"\\n\";\n\t\t\t\t\t\t\tif (Settings::Get('system.apache24') == '1') {\n\t\t\t\t\t\t\t\tif (Settings::Get('system.http2_support') == '1') {\n\t\t\t\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' Protocols h2 http/1.1' . \"\\n\";\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\tif (!empty(Settings::Get('system.dhparams_file'))) {\n\t\t\t\t\t\t\t\t\t$dhparams = FileDir::makeCorrectFile(Settings::Get('system.dhparams_file'));\n\t\t\t\t\t\t\t\t\tif (!file_exists($dhparams)) {\n\t\t\t\t\t\t\t\t\t\tfile_put_contents($dhparams, self::FFDHE4096);\n\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' SSLOpenSSLConfCmd DHParameters \"' . $dhparams . '\"' . \"\\n\";\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' SSLCompression Off' . \"\\n\";\n\t\t\t\t\t\t\t\tif (Settings::Get('system.sessionticketsenabled') == '1') {\n\t\t\t\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' SSLSessionTickets ' . ($domain['ssl_sessiontickets'] == '1' ? 'on' : 'off') . \"\\n\";\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t}\n\n\t\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' SSLHonorCipherOrder ' . ($domain['ssl_honorcipherorder'] == '1' ? 'on' : 'off') . \"\\n\";\n\t\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' SSLCipherSuite ' . Settings::Get('system.ssl_cipher_list') . \"\\n\";\n\t\t\t\t\t\t\t$protocols = array_map('trim', explode(\",\", Settings::Get('system.ssl_protocols')));\n\t\t\t\t\t\t\tif (in_array(\"TLSv1.3\", $protocols) && !empty(Settings::Get('system.tlsv13_cipher_list')) && Settings::Get('system.apache24') == 1) {\n\t\t\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' SSLCipherSuite TLSv1.3 ' . Settings::Get('system.tlsv13_cipher_list') . \"\\n\";\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' SSLVerifyDepth 10' . \"\\n\";\n\t\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' SSLCertificateFile ' . FileDir::makeCorrectFile($domain['ssl_cert_file']) . \"\\n\";\n\n\t\t\t\t\t\t\tif ($domain['ssl_key_file'] != '') {\n\t\t\t\t\t\t\t\t// check for existence, #1485\n\t\t\t\t\t\t\t\tif (!file_exists($domain['ssl_key_file'])) {\n\t\t\t\t\t\t\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_ERR, $ipport . ' :: certificate key file \"' . $domain['ssl_key_file'] . '\" does not exist! Cannot create ssl-directives');\n\t\t\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' SSLCertificateKeyFile ' . FileDir::makeCorrectFile($domain['ssl_key_file']) . \"\\n\";\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t}\n\n\t\t\t\t\t\t\tif ($domain['ssl_ca_file'] != '') {\n\t\t\t\t\t\t\t\t// check for existence, #1485\n\t\t\t\t\t\t\t\tif (!file_exists($domain['ssl_ca_file'])) {\n\t\t\t\t\t\t\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_ERR, $ipport . ' :: certificate CA file \"' . $domain['ssl_ca_file'] . '\" does not exist! Cannot create ssl-directives');\n\t\t\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' SSLCACertificateFile ' . FileDir::makeCorrectFile($domain['ssl_ca_file']) . \"\\n\";\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t}\n\n\t\t\t\t\t\t\t// #418\n\t\t\t\t\t\t\tif ($domain['ssl_cert_chainfile'] != '') {\n\t\t\t\t\t\t\t\t// check for existence, #1485\n\t\t\t\t\t\t\t\tif (!file_exists($domain['ssl_cert_chainfile'])) {\n\t\t\t\t\t\t\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_ERR, $ipport . ' :: certificate chain file \"' . $domain['ssl_cert_chainfile'] . '\" does not exist! Cannot create ssl-directives');\n\t\t\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' SSLCertificateChainFile ' . FileDir::makeCorrectFile($domain['ssl_cert_chainfile']) . \"\\n\";\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t} else {\n\t\t\t\t\t\t// if there is no cert-file specified but we are generating a ssl-vhost,\n\t\t\t\t\t\t// we should return an empty string because this vhost would suck dick, ref #1583\n\t\t\t\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_ERR, $domain['domain'] . ' :: empty certificate file! Cannot create ssl-directives');\n\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] = $without_vhost;\n\t\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= '# no ssl-certificate was specified for this domain, therefore no explicit vhost-container is being generated';\n\t\t\t\t\t\t$close_vhost = false;\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\tif ($close_vhost) {\n\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= '' . \"\\n\";\n\t\t\t\t}\n\t\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, $ipport . ' :: inserted vhostcontainer');\n\t\t\t}\n\t\t\tunset($vhosts_filename);\n\t\t}\n\n\t\t/**\n\t\t * bug #32\n\t\t */\n\t\t$this->createStandardDirectoryEntry();\n\n\t\t/**\n\t\t * bug #unknown-yet\n\t\t */\n\t\t$this->createStandardErrorHandler();\n\t}\n\n\t/**\n\t * define a standard -statement, bug #32\n\t */\n\tprivate function createStandardDirectoryEntry()\n\t{\n\t\t$vhosts_filename = $this->getCustomVhostFilename('05_froxlor_dirfix_nofcgid.conf');\n\n\t\tif (!isset($this->virtualhosts_data[$vhosts_filename])) {\n\t\t\t$this->virtualhosts_data[$vhosts_filename] = '';\n\t\t}\n\n\t\t$this->virtualhosts_data[$vhosts_filename] .= ' ' . \"\\n\";\n\n\t\t// check for custom values, see #1638\n\t\t$custom_opts = Settings::Get('system.apacheglobaldiropt');\n\t\tif (!empty($custom_opts)) {\n\t\t\t$this->virtualhosts_data[$vhosts_filename] .= $custom_opts . \"\\n\";\n\t\t} else {\n\t\t\t// >=apache-2.4 enabled?\n\t\t\tif (Settings::Get('system.apache24') == '1') {\n\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' Require all granted' . \"\\n\";\n\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' AllowOverride All' . \"\\n\";\n\t\t\t} else {\n\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' Order allow,deny' . \"\\n\";\n\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= ' allow from all' . \"\\n\";\n\t\t\t}\n\t\t}\n\t\t$this->virtualhosts_data[$vhosts_filename] .= ' ' . \"\\n\";\n\n\t\t$ocsp_cache_filename = $this->getCustomVhostFilename('03_froxlor_ocsp_cache.conf');\n\t\tif (Settings::Get('system.use_ssl') == '1' && Settings::Get('system.apache24') == 1) {\n\t\t\t$this->virtualhosts_data[$ocsp_cache_filename] = 'SSLStaplingCache ' . Settings::Get('system.apache24_ocsp_cache_path') . \"\\n\";\n\t\t} else {\n\t\t\tif (file_exists($ocsp_cache_filename)) {\n\t\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_NOTICE, 'apache::_createStandardDirectoryEntry: unlinking ' . basename($ocsp_cache_filename));\n\t\t\t\tunlink(FileDir::makeCorrectFile($ocsp_cache_filename));\n\t\t\t}\n\t\t}\n\t}\n\n\t/**\n\t * define a default ErrorDocument-statement, bug #unknown-yet\n\t */\n\tprivate function createStandardErrorHandler()\n\t{\n\t\tif (Settings::Get('defaultwebsrverrhandler.enabled') == '1' && (Settings::Get('defaultwebsrverrhandler.err401') != '' || Settings::Get('defaultwebsrverrhandler.err403') != '' || Settings::Get('defaultwebsrverrhandler.err404') != '' || Settings::Get('defaultwebsrverrhandler.err500') != '')) {\n\t\t\t$vhosts_filename = $this->getCustomVhostFilename('05_froxlor_default_errorhandler.conf');\n\n\t\t\tif (!isset($this->virtualhosts_data[$vhosts_filename])) {\n\t\t\t\t$this->virtualhosts_data[$vhosts_filename] = '';\n\t\t\t}\n\n\t\t\t$statusCodes = [\n\t\t\t\t'401',\n\t\t\t\t'403',\n\t\t\t\t'404',\n\t\t\t\t'500'\n\t\t\t];\n\t\t\tforeach ($statusCodes as $statusCode) {\n\t\t\t\tif (Settings::Get('defaultwebsrverrhandler.err' . $statusCode) != '') {\n\t\t\t\t\t$defhandler = Settings::Get('defaultwebsrverrhandler.err' . $statusCode);\n\t\t\t\t\tif (!Validate::validateUrl($defhandler)) {\n\t\t\t\t\t\tif (substr($defhandler, 0, 1) != '\"' && substr($defhandler, -1, 1) != '\"') {\n\t\t\t\t\t\t\t$defhandler = '\"' . FileDir::makeCorrectFile($defhandler) . '\"';\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= 'ErrorDocument ' . $statusCode . ' ' . $defhandler . \"\\n\";\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t}\n\n\tpublic function createOwnVhostStarter()\n\t{\n\t\treturn;\n\t}\n\n\t/**\n\t * We compose the virtualhost entries for the domains\n\t */\n\tpublic function createVirtualHosts()\n\t{\n\t\t$domains = WebserverBase::getVhostsToCreate();\n\t\tforeach ($domains as $domain) {\n\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'apache::createVirtualHosts: creating vhost container for domain ' . $domain['id'] . ', customer ' . $domain['loginname']);\n\t\t\t$vhosts_filename = $this->getVhostFilename($domain);\n\n\t\t\t// Apply header\n\t\t\t$this->virtualhosts_data[$vhosts_filename] = '# Domain ID: ' . $domain['id'] . ' - CustomerID: ' . $domain['customerid'] . ' - CustomerLogin: ' . $domain['loginname'] . \"\\n\";\n\n\t\t\t$ddr = Settings::Get('system.deactivateddocroot');\n\t\t\tif (($domain['deactivated'] == '1' || $domain['customer_deactivated'] == '1') && empty($ddr)) {\n\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= '# Customer/domain deactivated and a docroot for deactivated users hasn\\'t been set.' . \"\\n\";\n\t\t\t} else {\n\t\t\t\t// Create vhost without ssl\n\t\t\t\t$this->virtualhosts_data[$vhosts_filename] .= $this->getVhostContent($domain, false);\n\n\t\t\t\tif ($domain['ssl_enabled'] == '1' && ($domain['ssl'] == '1' || $domain['ssl_redirect'] == '1')) {\n\t\t\t\t\t// Adding ssl stuff if enabled\n\t\t\t\t\t$vhosts_filename_ssl = $this->getVhostFilename($domain, true);\n\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename_ssl] = '# Domain ID: ' . $domain['id'] . ' (SSL) - CustomerID: ' . $domain['customerid'] . ' - CustomerLogin: ' . $domain['loginname'] . \"\\n\";\n\t\t\t\t\t$this->virtualhosts_data[$vhosts_filename_ssl] .= $this->getVhostContent($domain, true);\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t}\n\n\t/**\n\t * We compose the virtualhost entry for one domain\n\t */\n\tprotected function getVhostContent($domain, $ssl_vhost = false)\n\t{\n\t\tif ($ssl_vhost === true && ($domain['ssl_redirect'] != '1' && $domain['ssl'] != '1')) {\n\t\t\treturn '';\n\t\t}\n\n\t\t$query = \"SELECT * FROM `\" . TABLE_PANEL_IPSANDPORTS . \"` `i`, `\" . TABLE_DOMAINTOIP . \"` `dip`\n\t\t\tWHERE dip.id_domain = :domainid AND i.id = dip.id_ipandports \";\n\n\t\tif ($ssl_vhost === true && ($domain['ssl'] == '1' || $domain['ssl_redirect'] == '1')) {\n\t\t\t// by ordering by cert-file the row with filled out SSL-Fields will be shown last, thus it is enough to fill out 1 set of SSL-Fields\n\t\t\t$query .= \"AND i.ssl = '1' ORDER BY i.ssl_cert_file ASC;\";\n\t\t} else {\n\t\t\t$query .= \"AND i.ssl = '0';\";\n\t\t}\n\n\t\t$vhost_content = '';\n\t\t$result_stmt = Database::prepare($query);\n\t\tDatabase::pexecute($result_stmt, [\n\t\t\t'domainid' => $domain['id']\n\t\t]);\n\n\t\t$ipportlist = '';\n\t\t$_vhost_content = '';\n\t\twhile ($ipandport = $result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t$ipport = '';\n\t\t\t$domain['ip'] = $ipandport['ip'];\n\t\t\t$domain['port'] = $ipandport['port'];\n\t\t\tif ($domain['ssl'] == '1') {\n\t\t\t\t$domain['ssl_cert_file'] = $ipandport['ssl_cert_file'];\n\t\t\t\t$domain['ssl_key_file'] = $ipandport['ssl_key_file'];\n\t\t\t\t$domain['ssl_ca_file'] = $ipandport['ssl_ca_file'];\n\t\t\t\t$domain['ssl_cert_chainfile'] = $ipandport['ssl_cert_chainfile'];\n\n\t\t\t\t// SSL STUFF\n\t\t\t\t$dssl = new DomainSSL();\n\t\t\t\t// this sets the ssl-related array-indices in the $domain array\n\t\t\t\t// if the domain has customer-defined ssl-certificates\n\t\t\t\t$dssl->setDomainSSLFilesArray($domain);\n\t\t\t}\n\n\t\t\tif (filter_var($domain['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {\n\t\t\t\t$ipport = '[' . $domain['ip'] . ']:' . $domain['port'] . ' ';\n\t\t\t} else {\n\t\t\t\t$ipport = $domain['ip'] . ':' . $domain['port'] . ' ';\n\t\t\t}\n\n\t\t\tif ($ipandport['default_vhostconf_domain'] != '' && ($ssl_vhost == false || ($ssl_vhost == true && $ipandport['include_default_vhostconf_domain'] == '1'))) {\n\t\t\t\t$_vhost_content .= $this->processSpecialConfigTemplate($ipandport['default_vhostconf_domain'], $domain, $domain['ip'], $domain['port'], $ssl_vhost) . \"\\n\";\n\t\t\t}\n\t\t\tif ($ipandport['ssl_default_vhostconf_domain'] != '' && $ssl_vhost == true) {\n\t\t\t\t$_vhost_content .= $this->processSpecialConfigTemplate($ipandport['ssl_default_vhostconf_domain'], $domain, $domain['ip'], $domain['port'], $ssl_vhost) . \"\\n\";\n\t\t\t}\n\t\t\t$ipportlist .= $ipport;\n\t\t}\n\n\t\t$vhost_content .= '' . \"\\n\";\n\t\t$vhost_content .= $this->getServerNames($domain);\n\n\t\t$domain['documentroot_norewrite'] = $domain['documentroot'];\n\t\tif (($ssl_vhost == false && $domain['ssl'] == '1' && $domain['ssl_redirect'] == '1')) {\n\t\t\t// We must not check if our port differs from port 443,\n\t\t\t// but if there is a destination-port != 443\n\t\t\t$_sslport = '';\n\t\t\t// This returns the first port that is != 443 with ssl enabled, if any\n\t\t\t// ordered by ssl-certificate (if any) so that the ip/port combo\n\t\t\t// with certificate is used\n\t\t\t$ssldestport_stmt = Database::prepare(\"\n\t\t\t\tSELECT `ip`.`port` FROM \" . TABLE_PANEL_IPSANDPORTS . \" `ip`\n\t\t\t\tLEFT JOIN `\" . TABLE_DOMAINTOIP . \"` `dip` ON (`ip`.`id` = `dip`.`id_ipandports`)\n\t\t\t\tWHERE `dip`.`id_domain` = :domainid\n\t\t\t\tAND `ip`.`ssl` = '1' AND `ip`.`port` != 443\n\t\t\t\tORDER BY `ip`.`ssl_cert_file` DESC, `ip`.`port` LIMIT 1;\n\t\t\t\");\n\t\t\t$ssldestport = Database::pexecute_first($ssldestport_stmt, [\n\t\t\t\t'domainid' => $domain['id']\n\t\t\t]);\n\n\t\t\tif ($ssldestport && $ssldestport['port'] != '') {\n\t\t\t\t$_sslport = \":\" . $ssldestport['port'];\n\t\t\t}\n\n\t\t\t$domain['documentroot'] = 'https://%{HTTP_HOST}' . $_sslport . '/';\n\t\t\t$domain['documentroot_norewrite'] = 'https://' . $domain['domain'] . $_sslport . '/';\n\t\t}\n\n\t\tif ($ssl_vhost === true && $domain['ssl'] == '1' && Settings::Get('system.use_ssl') == '1') {\n\t\t\tif ($domain['ssl_cert_file'] == '' || !file_exists($domain['ssl_cert_file'])) {\n\t\t\t\t$domain['ssl_cert_file'] = Settings::Get('system.ssl_cert_file');\n\t\t\t\tif (!file_exists($domain['ssl_cert_file'])) {\n\t\t\t\t\t// explicitly disable ssl for this vhost\n\t\t\t\t\t$domain['ssl_cert_file'] = \"\";\n\t\t\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, 'System certificate file \"' . Settings::Get('system.ssl_cert_file') . '\" does not seem to exist. Disabling SSL-vhost for \"' . $domain['domain'] . '\"');\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tif ($domain['ssl_key_file'] == '' || !file_exists($domain['ssl_key_file'])) {\n\t\t\t\t$domain['ssl_key_file'] = Settings::Get('system.ssl_key_file');\n\t\t\t\tif (!file_exists($domain['ssl_key_file'])) {\n\t\t\t\t\t// explicitly disable ssl for this vhost\n\t\t\t\t\t$domain['ssl_cert_file'] = \"\";\n\t\t\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, 'System certificate key-file \"' . Settings::Get('system.ssl_key_file') . '\" does not seem to exist. Disabling SSL-vhost for \"' . $domain['domain'] . '\"');\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tif ($domain['ssl_ca_file'] == '') {\n\t\t\t\t$domain['ssl_ca_file'] = Settings::Get('system.ssl_ca_file');\n\t\t\t}\n\n\t\t\tif ($domain['ssl_cert_chainfile'] == '') {\n\t\t\t\t$domain['ssl_cert_chainfile'] = Settings::Get('system.ssl_cert_chainfile');\n\t\t\t}\n\n\t\t\tif ($domain['ssl_cert_file'] != '') {\n\t\t\t\t$ssl_protocols = ($domain['override_tls'] == '1' && !empty($domain['ssl_protocols'])) ? $domain['ssl_protocols'] : Settings::Get('system.ssl_protocols');\n\t\t\t\t$ssl_cipher_list = ($domain['override_tls'] == '1' && !empty($domain['ssl_cipher_list'])) ? $domain['ssl_cipher_list'] : Settings::Get('system.ssl_cipher_list');\n\t\t\t\t$tlsv13_cipher_list = ($domain['override_tls'] == '1' && !empty($domain['tlsv13_cipher_list'])) ? $domain['tlsv13_cipher_list'] : Settings::Get('system.tlsv13_cipher_list');\n\n\t\t\t\t$vhost_content .= ' SSLEngine On' . \"\\n\";\n\t\t\t\t$vhost_content .= ' SSLProtocol -ALL +' . str_replace(\",\", \" +\", $ssl_protocols) . \"\\n\";\n\t\t\t\tif (Settings::Get('system.apache24') == '1') {\n\t\t\t\t\tif (isset($domain['http2']) && $domain['http2'] == '1' && Settings::Get('system.http2_support') == '1') {\n\t\t\t\t\t\t$vhost_content .= ' Protocols h2 http/1.1' . \"\\n\";\n\t\t\t\t\t}\n\t\t\t\t\tif (!empty(Settings::Get('system.dhparams_file'))) {\n\t\t\t\t\t\t$dhparams = FileDir::makeCorrectFile(Settings::Get('system.dhparams_file'));\n\t\t\t\t\t\tif (!file_exists($dhparams)) {\n\t\t\t\t\t\t\tfile_put_contents($dhparams, self::FFDHE4096);\n\t\t\t\t\t\t}\n\t\t\t\t\t\t$vhost_content .= ' SSLOpenSSLConfCmd DHParameters \"' . $dhparams . '\"' . \"\\n\";\n\t\t\t\t\t}\n\t\t\t\t\t$vhost_content .= ' SSLCompression Off' . \"\\n\";\n\t\t\t\t\tif (Settings::Get('system.sessionticketsenabled') == '1') {\n\t\t\t\t\t\t$vhost_content .= ' SSLSessionTickets ' . ($domain['ssl_sessiontickets'] == '1' ? 'on' : 'off') . \"\\n\";\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\t$vhost_content .= ' SSLHonorCipherOrder ' . ($domain['ssl_honorcipherorder'] == '1' ? 'on' : 'off') . \"\\n\";\n\t\t\t\t$vhost_content .= ' SSLCipherSuite ' . $ssl_cipher_list . \"\\n\";\n\t\t\t\t$protocols = array_map('trim', explode(\",\", $ssl_protocols));\n\t\t\t\tif (in_array(\"TLSv1.3\", $protocols) && !empty($tlsv13_cipher_list) && Settings::Get('system.apache24') == 1) {\n\t\t\t\t\t$vhost_content .= ' SSLCipherSuite TLSv1.3 ' . $tlsv13_cipher_list . \"\\n\";\n\t\t\t\t}\n\t\t\t\t$vhost_content .= ' SSLVerifyDepth 10' . \"\\n\";\n\t\t\t\t$vhost_content .= ' SSLCertificateFile ' . FileDir::makeCorrectFile($domain['ssl_cert_file']) . \"\\n\";\n\n\t\t\t\tif ($domain['ssl_key_file'] != '') {\n\t\t\t\t\t$vhost_content .= ' SSLCertificateKeyFile ' . FileDir::makeCorrectFile($domain['ssl_key_file']) . \"\\n\";\n\t\t\t\t}\n\n\t\t\t\tif ($domain['ssl_ca_file'] != '') {\n\t\t\t\t\t$vhost_content .= ' SSLCACertificateFile ' . FileDir::makeCorrectFile($domain['ssl_ca_file']) . \"\\n\";\n\t\t\t\t}\n\n\t\t\t\tif ($domain['ssl_cert_chainfile'] != '') {\n\t\t\t\t\t$vhost_content .= ' SSLCertificateChainFile ' . FileDir::makeCorrectFile($domain['ssl_cert_chainfile']) . \"\\n\";\n\t\t\t\t}\n\n\t\t\t\tif (Settings::Get('system.apache24') == '1' && isset($domain['ocsp_stapling']) && $domain['ocsp_stapling'] == '1') {\n\t\t\t\t\t$vhost_content .= ' SSLUseStapling on' . PHP_EOL;\n\t\t\t\t}\n\n\t\t\t\tif ($domain['hsts'] >= 0) {\n\t\t\t\t\t$vhost_content .= ' ' . \"\\n\";\n\t\t\t\t\t$vhost_content .= ' Header always set Strict-Transport-Security \"max-age=' . $domain['hsts'];\n\t\t\t\t\tif ($domain['hsts_sub'] == 1) {\n\t\t\t\t\t\t$vhost_content .= '; includeSubDomains';\n\t\t\t\t\t}\n\t\t\t\t\tif ($domain['hsts_preload'] == 1) {\n\t\t\t\t\t\t$vhost_content .= '; preload';\n\t\t\t\t\t}\n\t\t\t\t\t$vhost_content .= '\"' . \"\\n\";\n\t\t\t\t\t$vhost_content .= ' ' . \"\\n\";\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\t// if there is no cert-file specified but we are generating a ssl-vhost,\n\t\t\t\t// we should return an empty string because this vhost would suck dick, ref #1583\n\t\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_ERR, $domain['domain'] . ' :: empty certificate file! Cannot create ssl-directives');\n\t\t\t\treturn '# no ssl-certificate was specified for this domain, therefore no explicit vhost is being generated';\n\t\t\t}\n\t\t}\n\n\t\t// avoid using any whitespaces\n\t\t$domain['documentroot'] = trim($domain['documentroot']);\n\n\t\tif (preg_match('/^https?\\:\\/\\//', $domain['documentroot'])) {\n\t\t\t$possible_deactivated_webroot = $this->getWebroot($domain);\n\t\t\tif ($this->deactivated == false) {\n\t\t\t\t$corrected_docroot = $domain['documentroot'];\n\n\t\t\t\t// Get domain's redirect code\n\t\t\t\t$code = Domain::getDomainRedirectCode($domain['id']);\n\t\t\t\t$modrew_red = '';\n\t\t\t\tif ($code != '') {\n\t\t\t\t\t$modrew_red = ' [R=' . $code . ';L,NE]';\n\t\t\t\t}\n\n\t\t\t\t$vhost_content .= $this->getLogfiles($domain);\n\t\t\t\t// redirect everything, not only root-directory, #541\n\t\t\t\t$vhost_content .= ' ' . \"\\n\";\n\t\t\t\t$vhost_content .= ' RewriteEngine On' . \"\\n\";\n\t\t\t\tif (!$ssl_vhost) {\n\t\t\t\t\t$vhost_content .= ' RewriteCond %{HTTPS} off' . \"\\n\";\n\t\t\t\t}\n\t\t\t\tif ($domain['letsencrypt'] == '1') {\n\t\t\t\t\t$vhost_content .= ' RewriteCond %{REQUEST_URI} !^/\\.well-known/acme-challenge' . \"\\n\";\n\t\t\t\t}\n\t\t\t\t$vhost_content .= ' RewriteRule ^/(.*) ' . $corrected_docroot . '$1' . $modrew_red . \"\\n\";\n\t\t\t\t$vhost_content .= ' ' . \"\\n\";\n\t\t\t\t$vhost_content .= ' ' . \"\\n\";\n\t\t\t\t$vhost_content .= ' Redirect ' . $code . ' / ' . $domain['documentroot_norewrite'] . \"\\n\";\n\t\t\t\t$vhost_content .= ' ' . \"\\n\";\n\t\t\t} elseif (Settings::Get('system.deactivateddocroot') != '') {\n\t\t\t\t$vhost_content .= $possible_deactivated_webroot;\n\t\t\t}\n\t\t} else {\n\t\t\tFileDir::mkDirWithCorrectOwnership($domain['customerroot'], $domain['documentroot'], $domain['guid'], $domain['guid'], true, true);\n\t\t\t$vhost_content .= $this->getWebroot($domain);\n\t\t\tif ($this->deactivated == false) {\n\t\t\t\t$vhost_content .= $this->composePhpOptions($domain, $ssl_vhost);\n\t\t\t\t$vhost_content .= $this->getStats($domain);\n\t\t\t}\n\t\t\t$vhost_content .= $this->getLogfiles($domain);\n\n\t\t\tif ($this->deactivated == false) {\n\t\t\t\tif ($domain['specialsettings'] != '' && ($ssl_vhost == false || ($ssl_vhost == true && $domain['include_specialsettings'] == 1))) {\n\t\t\t\t\t$vhost_content .= $this->processSpecialConfigTemplate($domain['specialsettings'], $domain, $domain['ip'], $domain['port'], $ssl_vhost) . \"\\n\";\n\t\t\t\t}\n\n\t\t\t\tif ($domain['ssl_specialsettings'] != '' && $ssl_vhost == true) {\n\t\t\t\t\t$vhost_content .= $this->processSpecialConfigTemplate($domain['ssl_specialsettings'], $domain, $domain['ip'], $domain['port'], $ssl_vhost) . \"\\n\";\n\t\t\t\t}\n\n\t\t\t\tif ($_vhost_content != '') {\n\t\t\t\t\t$vhost_content .= $_vhost_content;\n\t\t\t\t}\n\n\t\t\t\tif (Settings::Get('system.default_vhostconf') != '' && ($ssl_vhost == false || ($ssl_vhost == true && Settings::Get('system.include_default_vhostconf') == 1))) {\n\t\t\t\t\t$vhost_content .= $this->processSpecialConfigTemplate(Settings::Get('system.default_vhostconf'), $domain, $domain['ip'], $domain['port'], $ssl_vhost) . \"\\n\";\n\t\t\t\t}\n\n\t\t\t\tif (Settings::Get('system.default_sslvhostconf') != '' && $ssl_vhost == true) {\n\t\t\t\t\t$vhost_content .= $this->processSpecialConfigTemplate(Settings::Get('system.default_sslvhostconf'), $domain, $domain['ip'], $domain['port'], $ssl_vhost) . \"\\n\";\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\t$vhost_content .= '' . \"\\n\";\n\n\t\treturn $vhost_content;\n\t}\n\n\t/**\n\t * We collect all servernames and Aliases\n\t */\n\tprotected function getServerNames($domain)\n\t{\n\t\t$servernames_text = ' ServerName ' . $domain['domain'] . \"\\n\";\n\n\t\t$server_alias = '';\n\t\tif ($domain['iswildcarddomain'] == '1') {\n\t\t\t$server_alias = '*.' . $domain['domain'];\n\t\t} elseif ($domain['wwwserveralias'] == '1') {\n\t\t\t$server_alias = 'www.' . $domain['domain'];\n\t\t}\n\n\t\tif (trim($server_alias) != '') {\n\t\t\t$servernames_text .= ' ServerAlias ' . $server_alias . \"\\n\";\n\t\t}\n\n\t\t$alias_domains_stmt = Database::prepare(\"\n\t\t\tSELECT `domain`, `iswildcarddomain`, `wwwserveralias`\n\t\t\tFROM `\" . TABLE_PANEL_DOMAINS . \"`\n\t\t\tWHERE `aliasdomain`= :domainid\n\t\t\");\n\t\tDatabase::pexecute($alias_domains_stmt, [\n\t\t\t'domainid' => $domain['id']\n\t\t]);\n\n\t\twhile (($alias_domain = $alias_domains_stmt->fetch(PDO::FETCH_ASSOC)) !== false) {\n\t\t\t$server_alias = ' ServerAlias ' . $alias_domain['domain'];\n\n\t\t\tif ($alias_domain['iswildcarddomain'] == '1') {\n\t\t\t\t$server_alias .= ' *.' . $alias_domain['domain'];\n\t\t\t} else {\n\t\t\t\tif ($alias_domain['wwwserveralias'] == '1') {\n\t\t\t\t\t$server_alias .= ' www.' . $alias_domain['domain'];\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t$servernames_text .= $server_alias . \"\\n\";\n\t\t}\n\n\t\tswitch (Settings::Get('system.webserver_serveradmin')) {\n\t\t\tcase 'customer':\n\t\t\t\t$servernames_text .= ' ServerAdmin ' . $domain['email'] . \"\\n\";\n\t\t\t\tbreak;\n\t\t\tcase 'admin':\n\t\t\t\t$servernames_text .= ' ServerAdmin ' . $domain['admin_email'] . \"\\n\";\n\t\t\t\tbreak;\n\t\t\tcase 'global':\n\t\t\t\t$servernames_text .= ' ServerAdmin ' . Settings::Get('panel.adminmail') . \"\\n\";\n\t\t\t\tbreak;\n\t\t\tcase 'none':\n\t\t\tdefault:\n\t\t\t\t// empty\n\t\t}\n\n\t\treturn $servernames_text;\n\t}\n\n\t/**\n\t * Let's get the webroot\n\t */\n\tprotected function getWebroot($domain)\n\t{\n\t\t$webroot_text = '';\n\t\t$domain['customerroot'] = FileDir::makeCorrectDir($domain['customerroot']);\n\t\t$domain['documentroot'] = FileDir::makeCorrectDir($domain['documentroot']);\n\n\t\tif (($domain['deactivated'] == '1' || $domain['customer_deactivated'] == '1') && Settings::Get('system.deactivateddocroot') != '') {\n\t\t\t$webroot_text .= ' # Using docroot for deactivated users/domains...' . \"\\n\";\n\t\t\t$webroot_text .= ' DocumentRoot \"' . rtrim(FileDir::makeCorrectDir(Settings::Get('system.deactivateddocroot')), \"/\") . \"\\\"\\n\";\n\t\t\t$webroot_text .= ' ' . \"\\n\";\n\t\t\t// >=apache-2.4 enabled?\n\t\t\tif (Settings::Get('system.apache24') == '1') {\n\t\t\t\t$webroot_text .= ' Require all granted' . \"\\n\";\n\t\t\t\t$webroot_text .= ' AllowOverride All' . \"\\n\";\n\t\t\t} else {\n\t\t\t\t$webroot_text .= ' Order allow,deny' . \"\\n\";\n\t\t\t\t$webroot_text .= ' allow from all' . \"\\n\";\n\t\t\t}\n\t\t\t$webroot_text .= ' ' . \"\\n\";\n\t\t\t$this->deactivated = true;\n\t\t} else {\n\t\t\t$webroot_text .= ' DocumentRoot \"' . rtrim($domain['documentroot'], \"/\") . \"\\\"\\n\";\n\t\t\t$this->deactivated = false;\n\t\t}\n\n\t\treturn $webroot_text;\n\t}\n\n\t/**\n\t * We put together the needed php options in the virtualhost entries\n\t *\n\t * @param array $domain\n\t * @param bool $ssl_vhost\n\t *\n\t * @return string\n\t */\n\tprotected function composePhpOptions(&$domain, $ssl_vhost = false)\n\t{\n\t\t$php_options_text = '';\n\n\t\tif ($domain['phpenabled_customer'] == 1 && $domain['phpenabled_vhost'] == '1') {\n\t\t\t// This vHost has PHP enabled and we are using the regular mod_php\n\t\t\t$cmail = Customer::getCustomerDetail($domain['customerid'], 'email');\n\t\t\t$php_options_text .= ' php_admin_value sendmail_path \"/usr/sbin/sendmail -t -f ' . $cmail . '\"' . PHP_EOL;\n\n\t\t\tif ($domain['openbasedir'] == '1') {\n\t\t\t\tif ($domain['openbasedir_path'] == '1' || strstr($domain['documentroot'], \":\") !== false) {\n\t\t\t\t\t$_phpappendopenbasedir = Domain::appendOpenBasedirPath($domain['customerroot'], true);\n\t\t\t\t} else if ($domain['openbasedir_path'] == '2' && strpos(dirname($domain['documentroot']) . '/', $domain['customerroot']) !== false) {\n\t\t\t\t\t$_phpappendopenbasedir = Domain::appendOpenBasedirPath(dirname($domain['documentroot']) . '/', true);\n\t\t\t\t} else {\n\t\t\t\t\t$_phpappendopenbasedir = Domain::appendOpenBasedirPath($domain['documentroot'], true);\n\t\t\t\t}\n\n\t\t\t\t$_custom_openbasedir = explode(':', Settings::Get('system.phpappendopenbasedir'));\n\t\t\t\tforeach ($_custom_openbasedir as $cobd) {\n\t\t\t\t\t$_phpappendopenbasedir .= Domain::appendOpenBasedirPath($cobd);\n\t\t\t\t}\n\n\t\t\t\t$php_options_text .= ' php_admin_value open_basedir \"' . $_phpappendopenbasedir . '\"' . \"\\n\";\n\t\t\t}\n\t\t} else {\n\t\t\t$php_options_text .= ' # PHP is disabled for this vHost' . \"\\n\";\n\t\t\t$php_options_text .= ' php_flag engine off' . \"\\n\";\n\t\t}\n\n\t\t/**\n\t\t * check for apache-itk-support, #1400\n\t\t * why is this here? Because it only works with mod_php\n\t\t */\n\t\tif (Settings::get('system.apacheitksupport') == 1) {\n\t\t\t$php_options_text .= ' ' . \"\\n\";\n\t\t\t$php_options_text .= ' AssignUserID ' . $domain['loginname'] . ' ' . $domain['loginname'] . \"\\n\";\n\t\t\t$php_options_text .= ' ' . \"\\n\";\n\t\t}\n\n\t\treturn $php_options_text;\n\t}\n\n\t/**\n\t * Lets set the text part for the stats software\n\t */\n\tprotected function getStats($domain)\n\t{\n\t\t$stats_text = '';\n\n\t\t$statTool = Settings::Get('system.traffictool');\n\t\t$statDomain = \"\";\n\t\tif ($statTool == 'awstats') {\n\t\t\t// awstats generates for each domain regardless of speciallogfile\n\t\t\t$statDomain = \"/\" . $domain['domain'];\n\t\t}\n\t\tif ($domain['speciallogfile'] == '1') {\n\t\t\t$statDomain = \"/\" . (($domain['parentdomainid'] == '0') ? $domain['domain'] : $domain['parentdomain']);\n\t\t}\n\t\t$statDocroot = FileDir::makeCorrectFile($domain['customerroot'] . '/' . $statTool . $statDomain);\n\n\t\t$stats_text .= ' Alias /' . $statTool . ' \"' . $statDocroot . '\"' . \"\\n\";\n\t\t// awstats special requirement for icons\n\t\tif ($statTool == 'awstats') {\n\t\t\t$stats_text .= ' Alias /awstats-icon \"' . FileDir::makeCorrectDir(Settings::Get('system.awstats_icons')) . '\"' . \"\\n\";\n\t\t}\n\n\t\treturn $stats_text;\n\t}\n\n\t/**\n\t * Lets set the logfiles\n\t */\n\tprotected function getLogfiles($domain)\n\t{\n\t\t$logfiles_text = '';\n\n\t\tif ($domain['speciallogfile'] == '1') {\n\t\t\tif ($domain['parentdomainid'] == '0') {\n\t\t\t\t$speciallogfile = '-' . $domain['domain'];\n\t\t\t} else {\n\t\t\t\t$speciallogfile = '-' . $domain['parentdomain'];\n\t\t\t}\n\t\t} else {\n\t\t\t$speciallogfile = '';\n\t\t}\n\n\t\tif ($domain['writeerrorlog']) {\n\t\t\t// The normal access/error - logging is enabled\n\t\t\t$error_log = FileDir::makeCorrectFile(Settings::Get('system.logfiles_directory') . $domain['loginname'] . $speciallogfile . '-error.log');\n\t\t\t// Create the logfile if it does not exist (fixes #46)\n\t\t\ttouch($error_log);\n\t\t\tchmod($error_log, 0640);\n\t\t\tchown($error_log, Settings::Get('system.httpuser'));\n\t\t\tchgrp($error_log, Settings::Get('system.httpgroup'));\n\t\t\t// set error log log-level\n\t\t\t$logfiles_text .= ' LogLevel ' . Settings::Get('system.errorlog_level') . \"\\n\";\n\t\t} else {\n\t\t\t$error_log = '/dev/null';\n\t\t}\n\n\t\tif ($domain['writeaccesslog']) {\n\t\t\t$access_log = FileDir::makeCorrectFile(Settings::Get('system.logfiles_directory') . $domain['loginname'] . $speciallogfile . '-access.log');\n\t\t\t// Create the logfile if it does not exist (fixes #46)\n\t\t\ttouch($access_log);\n\t\t\tchmod($access_log, 0640);\n\t\t\tchown($access_log, Settings::Get('system.httpuser'));\n\t\t\tchgrp($access_log, Settings::Get('system.httpgroup'));\n\t\t} else {\n\t\t\t$access_log = '/dev/null';\n\t\t}\n\n\t\t$logtype = 'combined';\n\t\tif (Settings::Get('system.logfiles_format') != '') {\n\t\t\t$logtype = 'frx_custom';\n\t\t\t$logfiles_text .= ' LogFormat ' . Settings::Get('system.logfiles_format') . ' ' . $logtype . \"\\n\";\n\t\t}\n\t\tif (Settings::Get('system.logfiles_type') == '2' && Settings::Get('system.logfiles_format') == '') {\n\t\t\t$logtype = 'vhost_combined';\n\t\t}\n\n\t\tif (Settings::Get('system.logfiles_piped') == '1' && Settings::Get('system.logfiles_script') != '') {\n\t\t\tif ($domain['writeerrorlog']) {\n\t\t\t\t// replace for error_log\n\t\t\t\t$command = PhpHelper::replaceVariables(Settings::Get('system.logfiles_script'), [\n\t\t\t\t\t'LOGFILE' => $error_log,\n\t\t\t\t\t'DOMAIN' => $domain['domain'],\n\t\t\t\t\t'CUSTOMER' => $domain['loginname']\n\t\t\t\t]);\n\t\t\t\t$logfiles_text .= ' ErrorLog \"|' . $command . \"\\\"\\n\";\n\t\t\t} else {\n\t\t\t\t$logfiles_text .= ' ErrorLog \"' . $error_log . '\"' . \"\\n\";\n\t\t\t}\n\t\t\tif ($domain['writeaccesslog']) {\n\t\t\t\t// replace for access_log\n\t\t\t\t$command = PhpHelper::replaceVariables(Settings::Get('system.logfiles_script'), [\n\t\t\t\t\t'LOGFILE' => $access_log,\n\t\t\t\t\t'DOMAIN' => $domain['domain'],\n\t\t\t\t\t'CUSTOMER' => $domain['loginname']\n\t\t\t\t]);\n\t\t\t\t$logfiles_text .= ' CustomLog \"|' . $command . '\" ' . $logtype . \"\\n\";\n\t\t\t} else {\n\t\t\t\t$logfiles_text .= ' CustomLog \"' . $access_log . '\" ' . $logtype . \"\\n\";\n\t\t\t}\n\t\t} else {\n\t\t\t$logfiles_text .= ' ErrorLog \"' . $error_log . '\"' . \"\\n\";\n\t\t\t$logfiles_text .= ' CustomLog \"' . $access_log . '\" ' . $logtype . \"\\n\";\n\t\t}\n\n\t\tif (Settings::Get('system.traffictool') == 'awstats') {\n\t\t\tif ((int)$domain['parentdomainid'] == 0) {\n\t\t\t\t// prepare the aliases and subdomains for stats config files\n\t\t\t\t$server_alias = '';\n\t\t\t\t$alias_domains_stmt = Database::prepare(\"\n\t\t\t\t\tSELECT `domain`, `iswildcarddomain`, `wwwserveralias`\n\t\t\t\t\tFROM `\" . TABLE_PANEL_DOMAINS . \"`\n\t\t\t\t\tWHERE `aliasdomain` = :domainid OR `parentdomainid` = :domainid\n\t\t\t\t\");\n\t\t\t\tDatabase::pexecute($alias_domains_stmt, [\n\t\t\t\t\t'domainid' => $domain['id']\n\t\t\t\t]);\n\n\t\t\t\twhile (($alias_domain = $alias_domains_stmt->fetch(PDO::FETCH_ASSOC)) !== false) {\n\t\t\t\t\t$server_alias .= ' ' . $alias_domain['domain'] . ' ';\n\n\t\t\t\t\tif ($alias_domain['iswildcarddomain'] == '1') {\n\t\t\t\t\t\t$server_alias .= '*.' . $alias_domain['domain'];\n\t\t\t\t\t} elseif ($alias_domain['wwwserveralias'] == '1') {\n\t\t\t\t\t\t$server_alias .= 'www.' . $alias_domain['domain'];\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\t$alias = '';\n\t\t\t\tif ($domain['iswildcarddomain'] == '1') {\n\t\t\t\t\t$alias = '*.' . $domain['domain'];\n\t\t\t\t} elseif ($domain['wwwserveralias'] == '1') {\n\t\t\t\t\t$alias = 'www.' . $domain['domain'];\n\t\t\t\t}\n\n\t\t\t\t// After inserting the AWStats information,\n\t\t\t\t// be sure to build the awstats conf file as well\n\t\t\t\t// and chown it using $awstats_params, #258\n\t\t\t\t// Bug 960 + Bug 970 : Use full $domain instead of custom $awstats_params as following classes depend on the information\n\t\t\t\tStatistics::createAWStatsConf(Settings::Get('system.logfiles_directory') . $domain['loginname'] . $speciallogfile . '-access.log', $domain['domain'], $alias . $server_alias, $domain['customerroot'], $domain);\n\t\t\t}\n\t\t}\n\n\t\treturn $logfiles_text;\n\t}\n\n\t/**\n\t * We compose the diroption entries for the paths\n\t */\n\tpublic function createFileDirOptions()\n\t{\n\t\t$result_stmt = Database::query(\"\n\t\t\tSELECT `htac`.*, `c`.`guid`, `c`.`documentroot` AS `customerroot`\n\t\t\tFROM `\" . TABLE_PANEL_HTACCESS . \"` `htac`\n\t\t\tLEFT JOIN `\" . TABLE_PANEL_CUSTOMERS . \"` `c` USING (`customerid`)\n\t\t\tORDER BY `htac`.`path`\n\t\t\");\n\t\t$diroptions = [];\n\n\t\twhile ($row_diroptions = $result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\tif ($row_diroptions['customerid'] != 0 && isset($row_diroptions['customerroot']) && $row_diroptions['customerroot'] != '') {\n\t\t\t\t$diroptions[$row_diroptions['path']] = $row_diroptions;\n\t\t\t\t$diroptions[$row_diroptions['path']]['htpasswds'] = [];\n\t\t\t}\n\t\t}\n\n\t\t$result_stmt = Database::query(\"\n\t\t\tSELECT `htpw`.*, `c`.`guid`, `c`.`documentroot` AS `customerroot`\n\t\t\tFROM `\" . TABLE_PANEL_HTPASSWDS . \"` `htpw`\n\t\t\tLEFT JOIN `\" . TABLE_PANEL_CUSTOMERS . \"` `c` USING (`customerid`)\n\t\t\tORDER BY `htpw`.`path`, `htpw`.`username`\n\t\t\");\n\n\t\twhile ($row_htpasswds = $result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\tif ($row_htpasswds['customerid'] != 0 && isset($row_htpasswds['customerroot']) && $row_htpasswds['customerroot'] != '') {\n\t\t\t\tif (!isset($diroptions[$row_htpasswds['path']]) || !is_array($diroptions[$row_htpasswds['path']])) {\n\t\t\t\t\t$diroptions[$row_htpasswds['path']] = [];\n\t\t\t\t}\n\n\t\t\t\t$diroptions[$row_htpasswds['path']]['path'] = $row_htpasswds['path'];\n\t\t\t\t$diroptions[$row_htpasswds['path']]['guid'] = $row_htpasswds['guid'];\n\t\t\t\t$diroptions[$row_htpasswds['path']]['customerroot'] = $row_htpasswds['customerroot'];\n\t\t\t\t$diroptions[$row_htpasswds['path']]['customerid'] = $row_htpasswds['customerid'];\n\t\t\t\t$diroptions[$row_htpasswds['path']]['htpasswds'][] = $row_htpasswds;\n\t\t\t}\n\t\t}\n\n\t\tforeach ($diroptions as $row_diroptions) {\n\t\t\t$row_diroptions['path'] = FileDir::makeCorrectDir($row_diroptions['path']);\n\t\t\tFileDir::mkDirWithCorrectOwnership($row_diroptions['customerroot'], $row_diroptions['path'], $row_diroptions['guid'], $row_diroptions['guid']);\n\t\t\t$diroptions_filename = FileDir::makeCorrectFile(Settings::Get('system.apacheconf_diroptions') . '/40_froxlor_diroption_' . md5($row_diroptions['path']) . '.conf');\n\n\t\t\tif (!isset($this->diroptions_data[$diroptions_filename])) {\n\t\t\t\t$this->diroptions_data[$diroptions_filename] = '';\n\t\t\t}\n\n\t\t\tif (is_dir($row_diroptions['path'])) {\n\t\t\t\t$cperlenabled = Customer::customerHasPerlEnabled($row_diroptions['customerid']);\n\n\t\t\t\t$this->diroptions_data[$diroptions_filename] .= '' . \"\\n\";\n\n\t\t\t\tif (isset($row_diroptions['options_indexes']) && $row_diroptions['options_indexes'] == '1') {\n\t\t\t\t\t$this->diroptions_data[$diroptions_filename] .= ' Options +Indexes';\n\n\t\t\t\t\t// add perl options if enabled\n\t\t\t\t\tif ($cperlenabled && isset($row_diroptions['options_cgi']) && $row_diroptions['options_cgi'] == '1') {\n\t\t\t\t\t\t$this->diroptions_data[$diroptions_filename] .= ' +ExecCGI -MultiViews +SymLinksIfOwnerMatch +FollowSymLinks' . \"\\n\";\n\t\t\t\t\t} else {\n\t\t\t\t\t\t$this->diroptions_data[$diroptions_filename] .= \"\\n\";\n\t\t\t\t\t}\n\t\t\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'Setting Options +Indexes for ' . $row_diroptions['path']);\n\t\t\t\t}\n\n\t\t\t\tif (isset($row_diroptions['options_indexes']) && $row_diroptions['options_indexes'] == '0') {\n\t\t\t\t\t$this->diroptions_data[$diroptions_filename] .= ' Options -Indexes';\n\n\t\t\t\t\t// add perl options if enabled\n\t\t\t\t\tif ($cperlenabled && isset($row_diroptions['options_cgi']) && $row_diroptions['options_cgi'] == '1') {\n\t\t\t\t\t\t$this->diroptions_data[$diroptions_filename] .= ' +ExecCGI -MultiViews +SymLinksIfOwnerMatch +FollowSymLinks' . \"\\n\";\n\t\t\t\t\t} else {\n\t\t\t\t\t\t$this->diroptions_data[$diroptions_filename] .= \"\\n\";\n\t\t\t\t\t}\n\t\t\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'Setting Options -Indexes for ' . $row_diroptions['path']);\n\t\t\t\t}\n\n\t\t\t\t$statusCodes = [\n\t\t\t\t\t'404',\n\t\t\t\t\t'403',\n\t\t\t\t\t'500'\n\t\t\t\t];\n\t\t\t\tforeach ($statusCodes as $statusCode) {\n\t\t\t\t\tif (isset($row_diroptions['error' . $statusCode . 'path']) && $row_diroptions['error' . $statusCode . 'path'] != '') {\n\t\t\t\t\t\t$defhandler = $row_diroptions['error' . $statusCode . 'path'];\n\t\t\t\t\t\tif (!Validate::validateUrl($defhandler)) {\n\t\t\t\t\t\t\tif (substr($defhandler, 0, 1) != '\"' && substr($defhandler, -1, 1) != '\"') {\n\t\t\t\t\t\t\t\t$defhandler = '\"' . FileDir::makeCorrectFile($defhandler) . '\"';\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t\t$this->diroptions_data[$diroptions_filename] .= ' ErrorDocument ' . $statusCode . ' ' . $defhandler . \"\\n\";\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\tif ($cperlenabled && isset($row_diroptions['options_cgi']) && $row_diroptions['options_cgi'] == '1') {\n\t\t\t\t\t$this->diroptions_data[$diroptions_filename] .= ' AllowOverride None' . \"\\n\";\n\t\t\t\t\t$this->diroptions_data[$diroptions_filename] .= ' AddHandler cgi-script .cgi .pl' . \"\\n\";\n\t\t\t\t\t// >=apache-2.4 enabled?\n\t\t\t\t\tif (Settings::Get('system.apache24') == '1') {\n\t\t\t\t\t\t$mypath_dir = new Directory($row_diroptions['path']);\n\t\t\t\t\t\t// only create the' require all granted' if there is no active directory-protection\n\t\t\t\t\t\t// for this path, as this would be the first require and therefore grant all access\n\t\t\t\t\t\tif ($mypath_dir->isUserProtected() == false) {\n\t\t\t\t\t\t\t$this->diroptions_data[$diroptions_filename] .= ' Require all granted' . \"\\n\";\n\t\t\t\t\t\t\t// $this->diroptions_data[$diroptions_filename] .= ' AllowOverride All' . \"\\n\";\n\t\t\t\t\t\t}\n\t\t\t\t\t} else {\n\t\t\t\t\t\t$this->diroptions_data[$diroptions_filename] .= ' Order allow,deny' . \"\\n\";\n\t\t\t\t\t\t$this->diroptions_data[$diroptions_filename] .= ' Allow from all' . \"\\n\";\n\t\t\t\t\t}\n\t\t\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'Enabling perl execution for ' . $row_diroptions['path']);\n\n\t\t\t\t\t// check for suexec-workaround, #319\n\t\t\t\t\tif ((int)Settings::Get('perl.suexecworkaround') == 1) {\n\t\t\t\t\t\t// symlink this directory to suexec-safe-path\n\t\t\t\t\t\t$loginname = Customer::getCustomerDetail($row_diroptions['customerid'], 'loginname');\n\t\t\t\t\t\t$suexecpath = FileDir::makeCorrectDir(Settings::Get('perl.suexecpath') . '/' . $loginname . '/' . md5($row_diroptions['path']) . '/');\n\n\t\t\t\t\t\tif (!file_exists($suexecpath)) {\n\t\t\t\t\t\t\tFileDir::safe_exec('mkdir -p ' . escapeshellarg($suexecpath));\n\t\t\t\t\t\t\tFileDir::safe_exec('chown -R ' . escapeshellarg($row_diroptions['guid']) . ':' . escapeshellarg($row_diroptions['guid']) . ' ' . escapeshellarg($suexecpath));\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\t// symlink to {$givenpath}/cgi-bin\n\t\t\t\t\t\t// NOTE: symlinks are FILES, so do not append a / here\n\t\t\t\t\t\t$perlsymlink = FileDir::makeCorrectFile($row_diroptions['path'] . '/cgi-bin');\n\t\t\t\t\t\tif (!file_exists($perlsymlink)) {\n\t\t\t\t\t\t\tFileDir::safe_exec('ln -s ' . escapeshellarg($suexecpath) . ' ' . escapeshellarg($perlsymlink));\n\t\t\t\t\t\t}\n\t\t\t\t\t\tFileDir::safe_exec('chown -h ' . escapeshellarg($row_diroptions['guid']) . ':' . escapeshellarg($row_diroptions['guid']) . ' ' . escapeshellarg($perlsymlink));\n\t\t\t\t\t}\n\t\t\t\t} else {\n\t\t\t\t\t// if no perl-execution is enabled but the workaround is,\n\t\t\t\t\t// we have to remove the symlink and folder in suexecpath\n\t\t\t\t\tif ((int)Settings::Get('perl.suexecworkaround') == 1) {\n\t\t\t\t\t\t$loginname = Customer::getCustomerDetail($row_diroptions['customerid'], 'loginname');\n\t\t\t\t\t\t$suexecpath = FileDir::makeCorrectDir(Settings::Get('perl.suexecpath') . '/' . $loginname . '/' . md5($row_diroptions['path']) . '/');\n\t\t\t\t\t\t$perlsymlink = FileDir::makeCorrectFile($row_diroptions['path'] . '/cgi-bin');\n\n\t\t\t\t\t\t// remove symlink\n\t\t\t\t\t\tif (file_exists($perlsymlink)) {\n\t\t\t\t\t\t\tFileDir::safe_exec('rm -f ' . escapeshellarg($perlsymlink));\n\t\t\t\t\t\t}\n\t\t\t\t\t\t// remove folder in suexec-path\n\t\t\t\t\t\tif (file_exists($suexecpath)) {\n\t\t\t\t\t\t\tFileDir::safe_exec('rm -rf ' . escapeshellarg($suexecpath));\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\tif (count($row_diroptions['htpasswds']) > 0) {\n\t\t\t\t\t$htpasswd_filename = FileDir::makeCorrectFile(Settings::Get('system.apacheconf_htpasswddir') . '/' . $row_diroptions['customerid'] . '-' . md5($row_diroptions['path']) . '.htpasswd');\n\n\t\t\t\t\tif (!isset($this->htpasswds_data[$htpasswd_filename])) {\n\t\t\t\t\t\t$this->htpasswds_data[$htpasswd_filename] = '';\n\t\t\t\t\t}\n\n\t\t\t\t\tforeach ($row_diroptions['htpasswds'] as $row_htpasswd) {\n\t\t\t\t\t\t$this->htpasswds_data[$htpasswd_filename] .= $row_htpasswd['username'] . ':' . $row_htpasswd['password'] . \"\\n\";\n\t\t\t\t\t}\n\n\t\t\t\t\t$this->diroptions_data[$diroptions_filename] .= ' AuthType Basic' . \"\\n\";\n\t\t\t\t\t$this->diroptions_data[$diroptions_filename] .= ' AuthName \"' . $row_htpasswd['authname'] . '\"' . \"\\n\";\n\t\t\t\t\t$this->diroptions_data[$diroptions_filename] .= ' AuthUserFile ' . $htpasswd_filename . \"\\n\";\n\t\t\t\t\t$this->diroptions_data[$diroptions_filename] .= ' require valid-user' . \"\\n\";\n\t\t\t\t}\n\n\t\t\t\t$this->diroptions_data[$diroptions_filename] .= '' . \"\\n\";\n\t\t\t}\n\t\t}\n\t}\n\n\t/**\n\t * We write the configs\n\t */\n\tpublic function writeConfigs()\n\t{\n\t\t// Write diroptions\n\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, \"apache::writeConfigs: rebuilding \" . Settings::Get('system.apacheconf_diroptions'));\n\n\t\tif (count($this->diroptions_data) > 0) {\n\t\t\t$optsDir = new Directory(Settings::Get('system.apacheconf_diroptions'));\n\t\t\tif (!$optsDir->isConfigDir()) {\n\t\t\t\t// Save one big file\n\t\t\t\t$diroptions_file = '';\n\n\t\t\t\tforeach ($this->diroptions_data as $diroptions_filename => $diroptions_content) {\n\t\t\t\t\t$diroptions_file .= $diroptions_content . \"\\n\\n\";\n\t\t\t\t}\n\n\t\t\t\t$diroptions_filename = Settings::Get('system.apacheconf_diroptions');\n\n\t\t\t\t// Apply header\n\t\t\t\t$diroptions_file = '# ' . basename($diroptions_filename) . \"\\n\" . '# Created ' . date('d.m.Y H:i') . \"\\n\" . '# Do NOT manually edit this file, all changes will be deleted after the next domain change at the panel.' . \"\\n\" . \"\\n\" . $diroptions_file;\n\t\t\t\t$diroptions_file_handler = fopen($diroptions_filename, 'w');\n\t\t\t\tfwrite($diroptions_file_handler, $diroptions_file);\n\t\t\t\tfclose($diroptions_file_handler);\n\t\t\t} else {\n\t\t\t\tif (!file_exists(Settings::Get('system.apacheconf_diroptions'))) {\n\t\t\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_NOTICE, 'apache::writeConfigs: mkdir ' . escapeshellarg(FileDir::makeCorrectDir(Settings::Get('system.apacheconf_diroptions'))));\n\t\t\t\t\tFileDir::safe_exec('mkdir ' . escapeshellarg(FileDir::makeCorrectDir(Settings::Get('system.apacheconf_diroptions'))));\n\t\t\t\t}\n\n\t\t\t\t// Write a single file for every diroption\n\t\t\t\tforeach ($this->diroptions_data as $diroptions_filename => $diroptions_file) {\n\t\t\t\t\t$this->known_diroptionsfilenames[] = basename($diroptions_filename);\n\n\t\t\t\t\t// Apply header\n\t\t\t\t\t$diroptions_file = '# ' . basename($diroptions_filename) . \"\\n\" . '# Created ' . date('d.m.Y H:i') . \"\\n\" . '# Do NOT manually edit this file, all changes will be deleted after the next domain change at the panel.' . \"\\n\" . \"\\n\" . $diroptions_file;\n\t\t\t\t\t$diroptions_file_handler = fopen($diroptions_filename, 'w');\n\t\t\t\t\tfwrite($diroptions_file_handler, $diroptions_file);\n\t\t\t\t\tfclose($diroptions_file_handler);\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\t// Write htpasswds\n\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, \"apache::writeConfigs: rebuilding \" . Settings::Get('system.apacheconf_htpasswddir'));\n\n\t\tif (count($this->htpasswds_data) > 0) {\n\t\t\tif (!file_exists(Settings::Get('system.apacheconf_htpasswddir'))) {\n\t\t\t\t$umask = umask();\n\t\t\t\tumask(0000);\n\t\t\t\tmkdir(Settings::Get('system.apacheconf_htpasswddir'), 0751);\n\t\t\t\tumask($umask);\n\t\t\t}\n\n\t\t\t$htpasswdDir = new Directory(Settings::Get('system.apacheconf_htpasswddir'));\n\t\t\tif ($htpasswdDir->isConfigDir(true)) {\n\t\t\t\tforeach ($this->htpasswds_data as $htpasswd_filename => $htpasswd_file) {\n\t\t\t\t\t$this->known_htpasswdsfilenames[] = basename($htpasswd_filename);\n\t\t\t\t\t$htpasswd_file_handler = fopen($htpasswd_filename, 'w');\n\t\t\t\t\tfwrite($htpasswd_file_handler, $htpasswd_file);\n\t\t\t\t\tfclose($htpasswd_file_handler);\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_WARNING, 'WARNING!!! ' . Settings::Get('system.apacheconf_htpasswddir') . ' is not a directory. htpasswd directory protection is disabled!!!');\n\t\t\t}\n\t\t}\n\n\t\t// Write virtualhosts\n\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, \"apache::writeConfigs: rebuilding \" . Settings::Get('system.apacheconf_vhost'));\n\n\t\tif (count($this->virtualhosts_data) > 0) {\n\t\t\t$vhostDir = new Directory(Settings::Get('system.apacheconf_vhost'));\n\t\t\tif (!$vhostDir->isConfigDir()) {\n\t\t\t\t// Save one big file\n\t\t\t\t$vhosts_file = '';\n\n\t\t\t\t// sort by filename so the order is:\n\t\t\t\t// 1. subdomains x-29\n\t\t\t\t// 2. subdomains as main-domains 30\n\t\t\t\t// 3. main-domains 35\n\t\t\t\t// #437\n\t\t\t\tksort($this->virtualhosts_data);\n\n\t\t\t\tforeach ($this->virtualhosts_data as $vhosts_filename => $vhost_content) {\n\t\t\t\t\t$vhosts_file .= $vhost_content . \"\\n\\n\";\n\t\t\t\t}\n\n\t\t\t\t// Include diroptions file in case it exists\n\t\t\t\tif (file_exists(Settings::Get('system.apacheconf_diroptions'))) {\n\t\t\t\t\t$vhosts_file .= \"\\n\" . 'Include ' . Settings::Get('system.apacheconf_diroptions') . \"\\n\\n\";\n\t\t\t\t}\n\n\t\t\t\t$vhosts_filename = Settings::Get('system.apacheconf_vhost');\n\n\t\t\t\t// Apply header\n\t\t\t\t$vhosts_file = '# ' . basename($vhosts_filename) . \"\\n\" . '# Created ' . date('d.m.Y H:i') . \"\\n\" . '# Do NOT manually edit this file, all changes will be deleted after the next domain change at the panel.' . \"\\n\" . \"\\n\" . $vhosts_file;\n\t\t\t\t$vhosts_file_handler = fopen($vhosts_filename, 'w');\n\t\t\t\tfwrite($vhosts_file_handler, $vhosts_file);\n\t\t\t\tfclose($vhosts_file_handler);\n\t\t\t} else {\n\t\t\t\tif (!file_exists(Settings::Get('system.apacheconf_vhost'))) {\n\t\t\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_NOTICE, 'apache::writeConfigs: mkdir ' . escapeshellarg(FileDir::makeCorrectDir(Settings::Get('system.apacheconf_vhost'))));\n\t\t\t\t\tFileDir::safe_exec('mkdir ' . escapeshellarg(FileDir::makeCorrectDir(Settings::Get('system.apacheconf_vhost'))));\n\t\t\t\t}\n\n\t\t\t\t// Write a single file for every vhost\n\t\t\t\tforeach ($this->virtualhosts_data as $vhosts_filename => $vhosts_file) {\n\t\t\t\t\t// Apply header\n\t\t\t\t\t$vhosts_file = '# ' . basename($vhosts_filename) . \"\\n\" . '# Created ' . date('d.m.Y H:i') . \"\\n\" . '# Do NOT manually edit this file, all changes will be deleted after the next domain change at the panel.' . \"\\n\" . \"\\n\" . $vhosts_file;\n\t\t\t\t\t$vhosts_file_handler = fopen($vhosts_filename, 'w');\n\t\t\t\t\tfwrite($vhosts_file_handler, $vhosts_file);\n\t\t\t\t\tfclose($vhosts_file_handler);\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t}\n}\n" }, { "path": "lib/Froxlor/Cron/Http/ApacheFcgi.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Cron\\Http;\n\nuse Froxlor\\Cron\\Http\\Php\\PhpInterface;\nuse Froxlor\\Customer\\Customer;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\FileDir;\nuse Froxlor\\Froxlor;\nuse Froxlor\\Http\\Directory;\nuse Froxlor\\Settings;\n\n/**\n * @author Florian Lippert (2003-2009)\n * @author Froxlor team (2010-)\n */\nclass ApacheFcgi extends Apache\n{\n\n\tpublic function createOwnVhostStarter()\n\t{\n\t\tif (Settings::Get('system.mod_fcgid_ownvhost') == '1' || (Settings::Get('phpfpm.enabled') == '1' && Settings::Get('phpfpm.enabled_ownvhost') == '1')) {\n\t\t\t$mypath = Froxlor::getInstallDir();\n\n\t\t\tif (Settings::Get('system.mod_fcgid_ownvhost') == '1') {\n\t\t\t\t$user = Settings::Get('system.mod_fcgid_httpuser');\n\t\t\t\t$group = Settings::Get('system.mod_fcgid_httpgroup');\n\t\t\t} elseif (Settings::Get('phpfpm.enabled') == '1' && Settings::Get('phpfpm.enabled_ownvhost') == '1') {\n\t\t\t\t$user = Settings::Get('phpfpm.vhost_httpuser');\n\t\t\t\t$group = Settings::Get('phpfpm.vhost_httpgroup');\n\n\t\t\t\t// get fpm config\n\t\t\t\t$fpm_sel_stmt = Database::prepare(\"\n\t\t\t\t\tSELECT f.id FROM `\" . TABLE_PANEL_FPMDAEMONS . \"` f\n\t\t\t\t\tLEFT JOIN `\" . TABLE_PANEL_PHPCONFIGS . \"` p ON p.fpmsettingid = f.id\n\t\t\t\t\tWHERE p.id = :phpconfigid\n\t\t\t\t\");\n\t\t\t\t$fpm_config = Database::pexecute_first($fpm_sel_stmt, [\n\t\t\t\t\t'phpconfigid' => Settings::Get('phpfpm.vhost_defaultini')\n\t\t\t\t]);\n\t\t\t}\n\n\t\t\t$domain = [\n\t\t\t\t'id' => 'none',\n\t\t\t\t'domain' => Settings::Get('system.hostname'),\n\t\t\t\t'adminid' => 1, /* first admin-user (superadmin) */\n\t\t\t\t'mod_fcgid_starter' => -1,\n\t\t\t\t'mod_fcgid_maxrequests' => -1,\n\t\t\t\t'guid' => $user,\n\t\t\t\t'openbasedir' => 0,\n\t\t\t\t'email' => Settings::Get('panel.adminmail'),\n\t\t\t\t'loginname' => 'froxlor.panel',\n\t\t\t\t'documentroot' => $mypath,\n\t\t\t\t'customerroot' => $mypath,\n\t\t\t\t'fpm_config_id' => isset($fpm_config['id']) ? $fpm_config['id'] : 1\n\t\t\t];\n\n\t\t\t// all the files and folders have to belong to the local user\n\t\t\t// now because we also use fcgid for our own vhost\n\t\t\tFileDir::safe_exec('chown -R ' . $user . ':' . $group . ' ' . escapeshellarg($mypath));\n\n\t\t\t// get php.ini for our own vhost\n\t\t\t$php = new PhpInterface($domain);\n\n\t\t\t// get php-config\n\t\t\tif (Settings::Get('phpfpm.enabled') == '1') {\n\t\t\t\t// fpm\n\t\t\t\t$phpconfig = $php->getPhpConfig(Settings::Get('phpfpm.vhost_defaultini'));\n\t\t\t} else {\n\t\t\t\t// fcgid\n\t\t\t\t$phpconfig = $php->getPhpConfig(Settings::Get('system.mod_fcgid_defaultini_ownvhost'));\n\t\t\t}\n\n\t\t\t// create starter-file | config-file\n\t\t\t$php->getInterface()->createConfig($phpconfig);\n\n\t\t\t// create php.ini (fpm does nothing here, as it\n\t\t\t// defines ini-settings in its pool config)\n\t\t\t$php->getInterface()->createIniFile($phpconfig);\n\t\t}\n\t}\n\n\tprotected function composePhpOptions(&$domain, $ssl_vhost = false)\n\t{\n\t\t$php_options_text = '';\n\n\t\tif ($domain['phpenabled_customer'] == 1 && $domain['phpenabled_vhost'] == '1') {\n\t\t\t$php = new PhpInterface($domain);\n\t\t\t$phpconfig = $php->getPhpConfig((int)$domain['phpsettingid']);\n\n\t\t\tif ((int)Settings::Get('phpfpm.enabled') == 1) {\n\t\t\t\t$srvName = 'fpm.external';\n\t\t\t\tif ($domain['ssl'] == 1 && $ssl_vhost) {\n\t\t\t\t\t$srvName = 'ssl-fpm.external';\n\t\t\t\t}\n\t\t\t\t// #1317 - perl is executed via apache and therefore, when using fpm, does not know the user\n\t\t\t\t// which perl is supposed to run as, hence the need for Suexec need\n\t\t\t\tif (Customer::customerHasPerlEnabled($domain['customerid'])) {\n\t\t\t\t\t$php_options_text .= ' SuexecUserGroup \"' . $domain['loginname'] . '\" \"' . $domain['loginname'] . '\"' . \"\\n\";\n\t\t\t\t}\n\n\t\t\t\t$domain['fpm_socket'] = $php->getInterface()->getSocketFile();\n\n\t\t\t\t// mod_proxy stuff for apache-2.4\n\t\t\t\tif (Settings::Get('system.apache24') == '1' && Settings::Get('phpfpm.use_mod_proxy') == '1') {\n\n\t\t\t\t\t$php_options_text .= ' ' . \"\\n\";\n\n\t\t\t\t\t$filesmatch = $phpconfig['fpm_settings']['limit_extensions'];\n\t\t\t\t\t$extensions = explode(\" \", $filesmatch);\n\t\t\t\t\t$filesmatch = \"\";\n\t\t\t\t\tforeach ($extensions as $ext) {\n\t\t\t\t\t\t$filesmatch .= substr($ext, 1) . '|';\n\t\t\t\t\t}\n\t\t\t\t\t// start block, cut off last pipe and close block\n\t\t\t\t\t$filesmatch = '(' . str_replace(\".\", \"\\.\", substr($filesmatch, 0, -1)) . ')';\n\t\t\t\t\t$php_options_text .= ' ' . \"\\n\";\n\t\t\t\t\t$php_options_text .= ' ' . \"\\n\";\n\t\t\t\t\t$php_options_text .= ' SetHandler proxy:unix:' . $domain['fpm_socket'] . '|fcgi://localhost' . \"\\n\";\n\t\t\t\t\t$php_options_text .= ' ' . \"\\n\";\n\t\t\t\t\t$php_options_text .= ' ' . \"\\n\";\n\n\t\t\t\t\t$mypath_dir = new Directory($domain['documentroot']);\n\t\t\t\t\t// only create the \"require all granted\" directive if there is no active directory-protection\n\t\t\t\t\t// for this path, as this would be the first require and therefore grant all access\n\t\t\t\t\tif ($mypath_dir->isUserProtected() == false) {\n\t\t\t\t\t\tif ($phpconfig['pass_authorizationheader'] == '1') {\n\t\t\t\t\t\t\t$php_options_text .= ' CGIPassAuth On' . \"\\n\";\n\t\t\t\t\t\t}\n\t\t\t\t\t\t$php_options_text .= ' Require all granted' . \"\\n\";\n\t\t\t\t\t\t$php_options_text .= ' AllowOverride All' . \"\\n\";\n\t\t\t\t\t} elseif ($phpconfig['pass_authorizationheader'] == '1') {\n\t\t\t\t\t\t// allow Pass of Authorization header\n\t\t\t\t\t\t$php_options_text .= ' CGIPassAuth On' . \"\\n\";\n\t\t\t\t\t}\n\t\t\t\t\t$php_options_text .= ' ' . \"\\n\";\n\t\t\t\t} else {\n\t\t\t\t\t$addheader = \"\";\n\t\t\t\t\tif ($phpconfig['pass_authorizationheader'] == '1') {\n\t\t\t\t\t\t$addheader = \" -pass-header Authorization\";\n\t\t\t\t\t}\n\t\t\t\t\t$php_options_text .= ' FastCgiExternalServer ' . $php->getInterface()->getAliasConfigDir() . $srvName . ' -socket ' . $domain['fpm_socket'] . ' -idle-timeout ' . $phpconfig['fpm_settings']['idle_timeout'] . $addheader . \"\\n\";\n\t\t\t\t\t$php_options_text .= ' ' . \"\\n\";\n\t\t\t\t\t$filesmatch = $phpconfig['fpm_settings']['limit_extensions'];\n\t\t\t\t\t$extensions = explode(\" \", $filesmatch);\n\t\t\t\t\t$filesmatch = \"\";\n\t\t\t\t\tforeach ($extensions as $ext) {\n\t\t\t\t\t\t$filesmatch .= substr($ext, 1) . '|';\n\t\t\t\t\t}\n\t\t\t\t\t// start block, cut off last pipe and close block\n\t\t\t\t\t$filesmatch = '(' . str_replace(\".\", \"\\.\", substr($filesmatch, 0, -1)) . ')';\n\t\t\t\t\t$php_options_text .= ' ' . \"\\n\";\n\t\t\t\t\t$php_options_text .= ' SetHandler php-fastcgi' . \"\\n\";\n\t\t\t\t\t$php_options_text .= ' Action php-fastcgi /fastcgiphp' . \"\\n\";\n\t\t\t\t\t$php_options_text .= ' Options +ExecCGI' . \"\\n\";\n\t\t\t\t\t$php_options_text .= ' ' . \"\\n\";\n\t\t\t\t\t// >=apache-2.4 enabled?\n\t\t\t\t\tif (Settings::Get('system.apache24') == '1') {\n\t\t\t\t\t\t$mypath_dir = new Directory($domain['documentroot']);\n\t\t\t\t\t\t// only create the require all granted if there is not active directory-protection\n\t\t\t\t\t\t// for this path, as this would be the first require and therefore grant all access\n\t\t\t\t\t\tif ($mypath_dir->isUserProtected() == false) {\n\t\t\t\t\t\t\t$php_options_text .= ' Require all granted' . \"\\n\";\n\t\t\t\t\t\t\t$php_options_text .= ' AllowOverride All' . \"\\n\";\n\t\t\t\t\t\t}\n\t\t\t\t\t} else {\n\t\t\t\t\t\t$php_options_text .= ' Order allow,deny' . \"\\n\";\n\t\t\t\t\t\t$php_options_text .= ' allow from all' . \"\\n\";\n\t\t\t\t\t}\n\t\t\t\t\t$php_options_text .= ' ' . \"\\n\";\n\t\t\t\t\t$php_options_text .= ' Alias /fastcgiphp ' . $php->getInterface()->getAliasConfigDir() . $srvName . \"\\n\";\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\t$php_options_text .= ' FcgidIdleTimeout ' . Settings::Get('system.mod_fcgid_idle_timeout') . \"\\n\";\n\t\t\t\tif ($phpconfig['pass_authorizationheader'] == '1') {\n\t\t\t\t\t$php_options_text .= ' FcgidPassHeader Authorization' . \"\\n\";\n\t\t\t\t}\n\t\t\t\tif ((int)Settings::Get('system.mod_fcgid_wrapper') == 0) {\n\t\t\t\t\t$php_options_text .= ' SuexecUserGroup \"' . $domain['loginname'] . '\" \"' . $domain['loginname'] . '\"' . \"\\n\";\n\t\t\t\t\t$php_options_text .= ' ScriptAlias /php/ ' . $php->getInterface()->getConfigDir() . \"\\n\";\n\t\t\t\t} else {\n\t\t\t\t\t$php_options_text .= ' SuexecUserGroup \"' . $domain['loginname'] . '\" \"' . $domain['loginname'] . '\"' . \"\\n\";\n\t\t\t\t\t$php_options_text .= ' ' . \"\\n\";\n\t\t\t\t\t$file_extensions = explode(' ', $phpconfig['file_extensions']);\n\t\t\t\t\t$php_options_text .= ' ' . \"\\n\";\n\t\t\t\t\t$php_options_text .= ' SetHandler fcgid-script' . \"\\n\";\n\t\t\t\t\tforeach ($file_extensions as $file_extension) {\n\t\t\t\t\t\t$php_options_text .= ' FcgidWrapper ' . $php->getInterface()->getStarterFile() . ' .' . $file_extension . \"\\n\";\n\t\t\t\t\t}\n\t\t\t\t\t$php_options_text .= ' Options +ExecCGI' . \"\\n\";\n\t\t\t\t\t$php_options_text .= ' ' . \"\\n\";\n\t\t\t\t\t// >=apache-2.4 enabled?\n\t\t\t\t\tif (Settings::Get('system.apache24') == '1') {\n\t\t\t\t\t\t$mypath_dir = new Directory($domain['documentroot']);\n\t\t\t\t\t\t// only create the require all granted if there is not active directory-protection\n\t\t\t\t\t\t// for this path, as this would be the first require and therefore grant all access\n\t\t\t\t\t\tif ($mypath_dir->isUserProtected() == false) {\n\t\t\t\t\t\t\t$php_options_text .= ' Require all granted' . \"\\n\";\n\t\t\t\t\t\t\t$php_options_text .= ' AllowOverride All' . \"\\n\";\n\t\t\t\t\t\t}\n\t\t\t\t\t} else {\n\t\t\t\t\t\t$php_options_text .= ' Order allow,deny' . \"\\n\";\n\t\t\t\t\t\t$php_options_text .= ' allow from all' . \"\\n\";\n\t\t\t\t\t}\n\t\t\t\t\t$php_options_text .= ' ' . \"\\n\";\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// create starter-file | config-file\n\t\t\t$php->getInterface()->createConfig($phpconfig);\n\n\t\t\t// create php.ini (fpm does nothing here, as it\n\t\t\t// defines ini-settings in its pool config)\n\t\t\t$php->getInterface()->createIniFile($phpconfig);\n\t\t} else {\n\t\t\t$php_options_text .= ' # PHP is disabled for this vHost' . \"\\n\";\n\t\t}\n\n\t\treturn $php_options_text;\n\t}\n}\n" }, { "path": "lib/Froxlor/Cron/Http/ConfigIO.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Cron\\Http;\n\nuse Froxlor\\Database\\Database;\nuse Froxlor\\FileDir;\nuse Froxlor\\Froxlor;\nuse Froxlor\\Settings;\nuse PDO;\nuse RecursiveDirectoryIterator;\nuse RecursiveIteratorIterator;\n\nclass ConfigIO\n{\n\n\t/**\n\t * clean up former created configs, including (if enabled)\n\t * awstats, fcgid, php-fpm and of course automatically created\n\t * webserver vhost and diroption files\n\t *\n\t * @return null\n\t */\n\tpublic function cleanUp()\n\t{\n\t\t// old error logs\n\t\t$this->cleanErrLogs();\n\n\t\t// awstats files\n\t\t$this->cleanAwstatsFiles();\n\n\t\t// fcgid files\n\t\t$this->cleanFcgidFiles();\n\n\t\t// php-fpm files\n\t\t$this->cleanFpmFiles();\n\n\t\t// clean webserver-configs\n\t\t$this->cleanWebserverConfigs();\n\n\t\t// old htpasswd files\n\t\t$this->cleanHtpasswdFiles();\n\n\t\t// customer-specified ssl-certificates\n\t\t$this->cleanCustomerSslCerts();\n\t}\n\n\tprivate function cleanErrLogs()\n\t{\n\t\t$err_dir = FileDir::makeCorrectDir(Froxlor::getInstallDir() . \"/logs/\");\n\t\tif (@is_dir($err_dir)) {\n\t\t\t// now get rid of old stuff\n\t\t\t// (but append /*.log so we don't delete the directory)\n\t\t\t$err_dir .= '/*.log';\n\t\t\tFileDir::safe_exec('rm -f ' . FileDir::makeCorrectFile($err_dir));\n\t\t}\n\t}\n\n\t/**\n\t * remove awstats related configuration files before regeneration\n\t *\n\t * @return null\n\t */\n\tprivate function cleanAwstatsFiles()\n\t{\n\t\tif (Settings::Get('system.traffictool') != 'awstats') {\n\t\t\treturn;\n\t\t}\n\n\t\t// dhr: cleanout froxlor-generated awstats configs prior to re-creation\n\t\t$awstatsclean = [];\n\t\t$awstatsclean['header'] = \"## GENERATED BY FROXLOR\\n\";\n\t\t$awstatsclean['headerold'] = \"## GENERATED BY SYSCP\\n\";\n\t\t$awstatsclean['path'] = $this->getFile('system', 'awstats_conf');\n\n\t\t/**\n\t\t * don't do anything if the directory does not exist\n\t\t * (e.g.\n\t\t * awstats not installed yet or whatever)\n\t\t * fixes #45\n\t\t */\n\t\tif ($awstatsclean['path'] !== false && is_dir($awstatsclean['path'])) {\n\t\t\t$awstatsclean['dir'] = dir($awstatsclean['path']);\n\t\t\twhile ($awstatsclean['entry'] = $awstatsclean['dir']->read()) {\n\t\t\t\t$awstatsclean['fullentry'] = FileDir::makeCorrectFile($awstatsclean['path'] . '/' . $awstatsclean['entry']);\n\t\t\t\t/**\n\t\t\t\t * don't do anything if the file does not exist\n\t\t\t\t */\n\t\t\t\tif (@file_exists($awstatsclean['fullentry']) && $awstatsclean['entry'] != '.' && $awstatsclean['entry'] != '..') {\n\t\t\t\t\t$awstatsclean['fh'] = fopen($awstatsclean['fullentry'], 'r');\n\t\t\t\t\t$awstatsclean['headerRead'] = fgets($awstatsclean['fh'], strlen($awstatsclean['header']) + 1);\n\t\t\t\t\tfclose($awstatsclean['fh']);\n\n\t\t\t\t\tif ($awstatsclean['headerRead'] == $awstatsclean['header'] || $awstatsclean['headerRead'] == $awstatsclean['headerold']) {\n\t\t\t\t\t\t$awstats_conf_file = FileDir::makeCorrectFile($awstatsclean['fullentry']);\n\t\t\t\t\t\t@unlink($awstats_conf_file);\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t\tunset($awstatsclean);\n\t\t// end dhr\n\t}\n\n\t/**\n\t * returns a file/directory from the settings and checks whether it exists\n\t *\n\t * @param string $group\n\t * settings-group\n\t * @param string $varname\n\t * var-name\n\t * @param boolean $check_exists\n\t * check if the file exists\n\t *\n\t * @return string|boolean complete path including filename if any or false on error\n\t */\n\tprivate function getFile($group, $varname, $check_exists = true)\n\t{\n\t\t// read from settings\n\t\t$file = Settings::Get($group . '.' . $varname);\n\n\t\t// check whether it exists\n\t\tif ($check_exists && @file_exists($file) == false) {\n\t\t\treturn false;\n\t\t}\n\t\treturn $file;\n\t}\n\n\t/**\n\t * remove fcgid related configuration files before regeneration\n\t *\n\t * @return null\n\t */\n\tprivate function cleanFcgidFiles()\n\t{\n\t\tif (Settings::Get('system.mod_fcgid') == '0') {\n\t\t\treturn;\n\t\t}\n\n\t\t// get correct directory\n\t\t$configdir = $this->getFile('system', 'mod_fcgid_configdir');\n\t\tif ($configdir !== false) {\n\t\t\t$configdir = FileDir::makeCorrectDir($configdir);\n\n\t\t\tif (@is_dir($configdir)) {\n\t\t\t\t// create directory iterator\n\t\t\t\t$its = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($configdir));\n\n\t\t\t\t// iterate through all subdirs,\n\t\t\t\t// look for php-fcgi-starter files\n\t\t\t\t// and take immutable-flag away from them\n\t\t\t\t// so we can delete them :)\n\t\t\t\tforeach ($its as $it) {\n\t\t\t\t\tif ($it->isFile() && $it->getFilename() == 'php-fcgi-starter') {\n\t\t\t\t\t\t// set chattr -i\n\t\t\t\t\t\tFileDir::removeImmutable($its->getPathname());\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\t// now get rid of old stuff\n\t\t\t\t// (but append /* so we don't delete the directory)\n\t\t\t\t$configdir .= '/*';\n\t\t\t\tFileDir::safe_exec('rm -rf ' . FileDir::makeCorrectFile($configdir));\n\t\t\t}\n\t\t}\n\t}\n\n\t/**\n\t * remove php-fpm related configuration files before regeneration\n\t *\n\t * @return null\n\t */\n\tprivate function cleanFpmFiles()\n\t{\n\t\tif (Settings::Get('phpfpm.enabled') == '0') {\n\t\t\treturn;\n\t\t}\n\n\t\t// get all fpm config paths\n\t\t$fpmconf_sel = Database::prepare(\"SELECT config_dir FROM `\" . TABLE_PANEL_FPMDAEMONS . \"`\");\n\t\tDatabase::pexecute($fpmconf_sel);\n\t\t$fpmconf_paths = $fpmconf_sel->fetchAll(PDO::FETCH_ASSOC);\n\t\t// clean all php-fpm config-dirs\n\t\tforeach ($fpmconf_paths as $configdir) {\n\t\t\t$configdir = FileDir::makeCorrectDir($configdir['config_dir']);\n\t\t\tif (@is_dir($configdir)) {\n\t\t\t\t// now get rid of old stuff\n\t\t\t\t// (but append /*.conf so we don't delete the directory)\n\t\t\t\t$configdir .= '/*.conf';\n\t\t\t\tFileDir::safe_exec('rm -f ' . FileDir::makeCorrectFile($configdir));\n\t\t\t} else {\n\t\t\t\tFileDir::safe_exec('mkdir -p ' . $configdir);\n\t\t\t}\n\t\t}\n\n\t\t// also remove aliasconfigdir #1273\n\t\t$aliasconfigdir = $this->getFile('phpfpm', 'aliasconfigdir');\n\t\tif ($aliasconfigdir !== false) {\n\t\t\t$aliasconfigdir = FileDir::makeCorrectDir($aliasconfigdir);\n\t\t\tif (@is_dir($aliasconfigdir)) {\n\t\t\t\t$aliasconfigdir .= '/*';\n\t\t\t\tFileDir::safe_exec('rm -rf ' . FileDir::makeCorrectFile($aliasconfigdir));\n\t\t\t}\n\t\t}\n\t}\n\n\t/**\n\t * remove webserver related configuration files before regeneration\n\t *\n\t * @return null\n\t */\n\tprivate function cleanWebserverConfigs()\n\t{\n\t\t// get directories\n\t\t$configdirs = [];\n\t\t$dir = $this->getFile('system', 'apacheconf_vhost');\n\t\tif ($dir !== false) {\n\t\t\t$configdirs[] = FileDir::makeCorrectDir($dir);\n\t\t}\n\n\t\t$dir = $this->getFile('system', 'apacheconf_diroptions');\n\t\tif ($dir !== false) {\n\t\t\t$configdirs[] = FileDir::makeCorrectDir($dir);\n\t\t}\n\n\t\t// file pattern\n\t\t$pattern = \"/^([0-9]){2}_(froxlor|syscp)_(.+)\\.conf$/\";\n\n\t\t// check ALL the folders\n\t\tforeach ($configdirs as $config_dir) {\n\t\t\t// check directory\n\t\t\tif (@is_dir($config_dir)) {\n\t\t\t\t// create directory iterator\n\t\t\t\t$its = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($config_dir));\n\n\t\t\t\t// iterate through all subdirs,\n\t\t\t\t// look for vhost/diroption files\n\t\t\t\t// and delete them\n\t\t\t\tforeach ($its as $it) {\n\t\t\t\t\tif ($it->isFile() && preg_match($pattern, $it->getFilename())) {\n\t\t\t\t\t\t// remove file\n\t\t\t\t\t\tFileDir::safe_exec('rm -f ' . escapeshellarg(FileDir::makeCorrectFile($its->getPathname())));\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t}\n\n\t/**\n\t * remove htpasswd files before regeneration\n\t *\n\t * @return null\n\t */\n\tprivate function cleanHtpasswdFiles()\n\t{\n\t\t// get correct directory\n\t\t$configdir = $this->getFile('system', 'apacheconf_htpasswddir');\n\n\t\tif ($configdir !== false) {\n\t\t\t$configdir = FileDir::makeCorrectDir($configdir);\n\n\t\t\tif (@is_dir($configdir)) {\n\t\t\t\t// now get rid of old stuff\n\t\t\t\t// (but append /* so we don't delete the directory)\n\t\t\t\t$configdir .= '/*';\n\t\t\t\tFileDir::safe_exec('rm -f ' . FileDir::makeCorrectFile($configdir));\n\t\t\t}\n\t\t}\n\t}\n\n\t/**\n\t * remove customer-specified auto-generated ssl-certificates\n\t * (they are being regenerated)\n\t *\n\t * @return null\n\t */\n\tprivate function cleanCustomerSslCerts()\n\t{\n\t\t/*\n\t\t * only clean up if we're actually using SSL\n\t\t */\n\t\tif (Settings::Get('system.use_ssl') == '1') {\n\t\t\t// get correct directory\n\t\t\t$configdir = $this->getFile('system', 'customer_ssl_path');\n\t\t\tif ($configdir !== false) {\n\t\t\t\t$configdir = FileDir::makeCorrectDir($configdir);\n\n\t\t\t\tif (@is_dir($configdir)) {\n\t\t\t\t\t// now get rid of old stuff\n\t\t\t\t\t// (but append /* so we don't delete the directory)\n\t\t\t\t\t$configdir .= '/*';\n\t\t\t\t\tFileDir::safe_exec('rm -f ' . FileDir::makeCorrectFile($configdir));\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t}\n}\n" }, { "path": "lib/Froxlor/Cron/Http/DomainSSL.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Cron\\Http;\n\nuse Froxlor\\Database\\Database;\nuse Froxlor\\FileDir;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\Settings;\n\nclass DomainSSL\n{\n\n\t/**\n\t * read domain-related (or if empty, parentdomain-related) ssl-certificates from the database\n\t * and (if not empty) set the corresponding array-indices (ssl_cert_file, ssl_key_file,\n\t * ssl_ca_file and ssl_cert_chainfile).\n\t * Hence the parameter as reference.\n\t *\n\t * @param array $domain\n\t * domain-array as reference so we can set the corresponding array-indices\n\t *\n\t * @return null\n\t * @throws \\Exception\n\t */\n\tpublic function setDomainSSLFilesArray(?array &$domain = null)\n\t{\n\t\t// check if the domain itself has a certificate defined\n\t\t$dom_certs_stmt = Database::prepare(\"\n\t\t\tSELECT s.*, d.domain\n\t\t\tFROM `\" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . \"` s\n\t\t\tLEFT JOIN `\" . TABLE_PANEL_DOMAINS . \"` d ON d.id = s.domainid\n\t\t\tWHERE s.`domainid` = :domid\n\t\t\");\n\t\t$dom_certs = Database::pexecute_first($dom_certs_stmt, [\n\t\t\t'domid' => $domain['id']\n\t\t]);\n\n\t\t$parent_certificate = false;\n\t\tif (!is_array($dom_certs) || !isset($dom_certs['ssl_cert_file']) || $dom_certs['ssl_cert_file'] == '') {\n\t\t\t// maybe its parent?\n\t\t\tif (isset($domain['parentdomainid']) && $domain['parentdomainid'] != 0) {\n\t\t\t\t$dom_certs = Database::pexecute_first($dom_certs_stmt, [\n\t\t\t\t\t'domid' => $domain['parentdomainid']\n\t\t\t\t]);\n\t\t\t\t$parent_certificate = true;\n\t\t\t}\n\t\t}\n\n\t\t// check if it's an array and if the most important field is set\n\t\tif (is_array($dom_certs) && isset($dom_certs['ssl_cert_file']) && $dom_certs['ssl_cert_file'] != '') {\n\t\t\t// get destination path\n\t\t\t$sslcertpath = FileDir::makeCorrectDir(Settings::Get('system.customer_ssl_path'));\n\t\t\t// create path if it does not exist\n\t\t\tif (!file_exists($sslcertpath)) {\n\t\t\t\tFileDir::safe_exec('mkdir -p ' . escapeshellarg($sslcertpath));\n\t\t\t}\n\t\t\t// make correct files for the certificates\n\t\t\t$ssl_files = [\n\t\t\t\t'ssl_cert_file' => FileDir::makeCorrectFile($sslcertpath . '/' . ($parent_certificate ? $dom_certs['domain'] : $domain['domain']) . '.crt'),\n\t\t\t\t'ssl_key_file' => FileDir::makeCorrectFile($sslcertpath . '/' . ($parent_certificate ? $dom_certs['domain'] : $domain['domain']) . '.key')\n\t\t\t];\n\n\t\t\tif (!$this->validateCertificate($dom_certs)) {\n\t\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_ERR, 'Given SSL private key for ' . $domain['domain'] . ' does not seem to match the certificate. Cannot create ssl-directives');\n\t\t\t\treturn;\n\t\t\t}\n\n\t\t\t// initialize optional files\n\t\t\t$ssl_files['ssl_ca_file'] = '';\n\t\t\t$ssl_files['ssl_cert_chainfile'] = '';\n\t\t\t// set them if they are != empty\n\t\t\tif ($dom_certs['ssl_ca_file'] != '') {\n\t\t\t\t$ssl_files['ssl_ca_file'] = FileDir::makeCorrectFile($sslcertpath . '/' . ($parent_certificate ? $dom_certs['domain'] : $domain['domain']) . '_CA.pem');\n\t\t\t}\n\t\t\tif ($dom_certs['ssl_cert_chainfile'] != '') {\n\t\t\t\tif (Settings::Get('system.webserver') == 'nginx') {\n\t\t\t\t\t// put ca.crt in my.crt, as nginx does not support a separate chain file.\n\t\t\t\t\t$dom_certs['ssl_cert_file'] = trim($dom_certs['ssl_cert_file']) . \"\\n\" . trim($dom_certs['ssl_cert_chainfile']) . \"\\n\";\n\t\t\t\t} else {\n\t\t\t\t\t$ssl_files['ssl_cert_chainfile'] = FileDir::makeCorrectFile($sslcertpath . '/' . ($parent_certificate ? $dom_certs['domain'] : $domain['domain']) . '_chain.pem');\n\t\t\t\t}\n\t\t\t}\n\t\t\t// will only be generated to be used externally, froxlor does not need this\n\t\t\tif ($dom_certs['ssl_fullchain_file'] != '') {\n\t\t\t\t$ssl_files['ssl_fullchain_file'] = FileDir::makeCorrectFile($sslcertpath . '/' . ($parent_certificate ? $dom_certs['domain'] : $domain['domain']) . '_fullchain.pem');\n\t\t\t}\n\t\t\t// create them on the filesystem\n\t\t\tforeach ($ssl_files as $type => $filename) {\n\t\t\t\tif ($filename != '') {\n\t\t\t\t\ttouch($filename);\n\t\t\t\t\t$_fh = fopen($filename, 'w');\n\t\t\t\t\tfwrite($_fh, $dom_certs[$type]);\n\t\t\t\t\tfclose($_fh);\n\t\t\t\t\tif ($type == 'ssl_key_file') {\n\t\t\t\t\t\tchmod($filename, 0600);\n\t\t\t\t\t} else {\n\t\t\t\t\t\tchmod($filename, 0644);\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t\t// override corresponding array values\n\t\t\t$domain['ssl_cert_file'] = $ssl_files['ssl_cert_file'];\n\t\t\t$domain['ssl_key_file'] = $ssl_files['ssl_key_file'];\n\t\t\t$domain['ssl_ca_file'] = $ssl_files['ssl_ca_file'];\n\t\t\t$domain['ssl_cert_chainfile'] = $ssl_files['ssl_cert_chainfile'];\n\t\t}\n\n\t\treturn;\n\t}\n\n\tprivate function validateCertificate($dom_certs = []): bool\n\t{\n\t\treturn openssl_x509_check_private_key($dom_certs['ssl_cert_file'], $dom_certs['ssl_key_file']);\n\t}\n}\n" }, { "path": "lib/Froxlor/Cron/Http/HttpConfigBase.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Cron\\Http;\n\nuse Froxlor\\Cron\\Http\\LetsEncrypt\\AcmeSh;\nuse Froxlor\\Cron\\Http\\Php\\Fpm;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\Domain\\Domain;\nuse Froxlor\\FileDir;\nuse Froxlor\\Froxlor;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\PhpHelper;\nuse Froxlor\\Settings;\nuse Froxlor\\System\\Cronjob;\nuse PDO;\n\n/**\n * Class HttpConfigBase\n *\n * Base class for all HTTP server configs\n */\nclass HttpConfigBase\n{\n\n\t/**\n\t * Pre-defined DHE groups to use as fallback if dhparams_file\n\t * is given, but non-existent, see also https://github.com/froxlor/Froxlor/issues/1270\n\t */\n\tconst FFDHE4096 = <<logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'Running Let\\'s Encrypt cronjob prior to regenerating webserver config files');\n\t\t\tAcmeSh::$no_inserttask = true;\n\t\t\tAcmeSh::run(true);\n\t\t\t// set last run timestamp of cronjob\n\t\t\tCronjob::updateLastRunOfCron('letsencrypt');\n\t\t}\n\t}\n\n\tpublic function reload()\n\t{\n\t\t$called_class = get_called_class();\n\t\tif ((int)Settings::Get('phpfpm.enabled') == 1) {\n\t\t\t// get all start/stop commands\n\t\t\t$startstop_sel = Database::prepare(\"SELECT reload_cmd, config_dir FROM `\" . TABLE_PANEL_FPMDAEMONS . \"`\");\n\t\t\tDatabase::pexecute($startstop_sel);\n\t\t\t$restart_cmds = $startstop_sel->fetchAll(PDO::FETCH_ASSOC);\n\t\t\t// restart all php-fpm instances\n\t\t\tforeach ($restart_cmds as $restart_cmd) {\n\t\t\t\t// check whether the config dir is empty (no domains uses this daemon)\n\t\t\t\t// so we need to create a dummy\n\t\t\t\t$_conffiles = glob(FileDir::makeCorrectFile($restart_cmd['config_dir'] . \"/*.conf\"));\n\t\t\t\tif ($_conffiles === false || empty($_conffiles)) {\n\t\t\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, $called_class . '::reload: fpm config directory \"' . $restart_cmd['config_dir'] . '\" is empty. Creating dummy.');\n\t\t\t\t\tFpm::createDummyPool($restart_cmd['config_dir']);\n\t\t\t\t}\n\t\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, $called_class . '::reload: running ' . $restart_cmd['reload_cmd']);\n\t\t\t\tFileDir::safe_exec(escapeshellcmd($restart_cmd['reload_cmd']));\n\t\t\t}\n\t\t}\n\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, $called_class . '::reload: reloading ' . $called_class);\n\t\tFileDir::safe_exec(escapeshellcmd(Settings::Get('system.apachereload_command')));\n\n\t\t/**\n\t\t * nginx does not auto-spawn fcgi-processes\n\t\t */\n\t\tif (Settings::Get('system.webserver') == \"nginx\" && Settings::Get('system.phpreload_command') != '' && (int)Settings::Get('phpfpm.enabled') == 0) {\n\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, $called_class . '::reload: restarting php processes');\n\t\t\tFileDir::safe_exec(Settings::Get('system.phpreload_command'));\n\t\t}\n\t}\n\n\t/**\n\t * process special config as template, by substituting {VARIABLE} with the\n\t * respective value.\n\t *\n\t * The following variables are known at the moment:\n\t *\n\t * {DOMAIN} - domain name\n\t * {IP} - IP for this domain\n\t * {PORT} - Port for this domain\n\t * {CUSTOMER} - customer name\n\t * {IS_SSL} - evaluates to 'ssl' if domain/ip is ssl, otherwise it is an empty string\n\t * {DOCROOT} - document root for this domain\n\t *\n\t * @param\n\t * $template\n\t * @return string\n\t */\n\tprotected function processSpecialConfigTemplate($template, $domain, $ip, $port, $is_ssl_vhost)\n\t{\n\t\t$templateVars = [\n\t\t\t'DOMAIN' => $domain['domain'],\n\t\t\t'CUSTOMER' => $domain['loginname'],\n\t\t\t'IP' => $ip,\n\t\t\t'PORT' => $port,\n\t\t\t'SCHEME' => ($is_ssl_vhost) ? 'https' : 'http',\n\t\t\t'DOCROOT' => $domain['documentroot'],\n\t\t\t'FPMSOCKET' => ''\n\t\t];\n\t\tif ((int)Settings::Get('phpfpm.enabled') == 1 && isset($domain['fpm_socket']) && !empty($domain['fpm_socket'])) {\n\t\t\t$templateVars['FPMSOCKET'] = $domain['fpm_socket'];\n\t\t}\n\t\treturn PhpHelper::replaceVariables($template, $templateVars);\n\t}\n\n\tprotected function getMyPath($ip_port = null)\n\t{\n\t\tif (!empty($ip_port) && $ip_port['docroot'] == '') {\n\t\t\tif (Settings::Get('system.froxlordirectlyviahostname')) {\n\t\t\t\t$mypath = FileDir::makeCorrectDir(Froxlor::getInstallDir());\n\t\t\t} else {\n\t\t\t\t$mypath = FileDir::makeCorrectDir(dirname(Froxlor::getInstallDir()));\n\t\t\t}\n\t\t} else {\n\t\t\t// user-defined docroot, #417\n\t\t\t$mypath = FileDir::makeCorrectDir($ip_port['docroot']);\n\t\t}\n\t\treturn $mypath;\n\t}\n\n\tprotected function checkAlternativeSslPort()\n\t{\n\t\t// We must not check if our port differs from port 443,\n\t\t// but if there is a destination-port != 443\n\t\t$_sslport = '';\n\t\t// This returns the first port that is != 443 with ssl enabled,\n\t\t// ordered by ssl-certificate (if any) so that the ip/port combo\n\t\t// with certificate is used\n\t\t$ssldestport_stmt = Database::prepare(\"\n\t\t\tSELECT `ip`.`port` FROM \" . TABLE_PANEL_IPSANDPORTS . \" `ip`\n\t\t\tWHERE `ip`.`ssl` = '1' AND `ip`.`port` != 443\n\t\t\tORDER BY `ip`.`ssl_cert_file` DESC, `ip`.`port` LIMIT 1;\n\t\t\");\n\t\t$ssldestport = Database::pexecute_first($ssldestport_stmt);\n\n\t\tif ($ssldestport && $ssldestport['port'] != '') {\n\t\t\t$_sslport = \":\" . $ssldestport['port'];\n\t\t}\n\n\t\treturn $_sslport;\n\t}\n\n\tprotected function froxlorVhostHasLetsEncryptCert()\n\t{\n\t\t// check whether we have an entry with valid certificates which just does not need\n\t\t// updating yet, so we need to skip this here\n\t\t$froxlor_ssl_settings_stmt = Database::prepare(\"\n\t\t\tSELECT * FROM `\" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . \"` WHERE `domainid` = '0'\n\t\t\");\n\t\t$froxlor_ssl = Database::pexecute_first($froxlor_ssl_settings_stmt);\n\t\tif ($froxlor_ssl && !empty($froxlor_ssl['ssl_cert_file'])) {\n\t\t\treturn true;\n\t\t}\n\t\treturn false;\n\t}\n\n\tprotected function froxlorVhostLetsEncryptNeedsRenew()\n\t{\n\t\t$froxlor_ssl_settings_stmt = Database::prepare(\"\n\t\t\tSELECT * FROM `\" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . \"`\n\t\t\tWHERE `domainid` = '0' AND\n\t\t\t(`validtodate` < DATE_ADD(NOW(), INTERVAL 30 DAY) OR `validtodate` IS NULL)\n\t\t\");\n\t\t$froxlor_ssl = Database::pexecute_first($froxlor_ssl_settings_stmt);\n\t\tif ($froxlor_ssl && !empty($froxlor_ssl['ssl_cert_file'])) {\n\t\t\treturn true;\n\t\t}\n\t\treturn false;\n\t}\n\n\t/**\n\t * Get the filename for the virtualhost\n\t */\n\tprotected function getVhostFilename(array $domain, bool $ssl_vhost = false, bool $filename_only = false)\n\t{\n\t\t// number of dots in a domain specifies its position (and depth of subdomain) starting at 35 going downwards on higher depth\n\t\t$vhost_no = (string)(35 - substr_count($domain['domain'], \".\") + 1);\n\t\t$filename = $vhost_no . '_froxlor_' . ($ssl_vhost ? 'ssl' : 'normal') . '_vhost_' . $domain['domain'] . '.conf';\n\t\tif ($filename_only) {\n\t\t\treturn $filename;\n\t\t}\n\t\treturn FileDir::makeCorrectFile(Settings::Get('system.apacheconf_vhost') . '/' . $filename);\n\t}\n\n\tprotected function getCustomVhostFilename(string $name)\n\t{\n\t\t$vhosts_folder = FileDir::makeCorrectDir(dirname(Settings::Get('system.apacheconf_vhost')));\n\t\tif (is_dir(Settings::Get('system.apacheconf_vhost'))) {\n\t\t\t$vhosts_folder = FileDir::makeCorrectDir(Settings::Get('system.apacheconf_vhost'));\n\t\t}\n\t\treturn FileDir::makeCorrectFile($vhosts_folder . '/' . $name);\n\t}\n}\n" }, { "path": "lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Cron\\Http\\LetsEncrypt;\n\nuse Froxlor\\Cron\\FroxlorCron;\nuse Froxlor\\Cron\\TaskId;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\Domain\\Domain;\nuse Froxlor\\FileDir;\nuse Froxlor\\Froxlor;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\PhpHelper;\nuse Froxlor\\Settings;\nuse Froxlor\\System\\Cronjob;\nuse Froxlor\\Validate\\Validate;\nuse PDO;\nuse PDOStatement;\n\nclass AcmeSh extends FroxlorCron\n{\n\n\tconst ACME_PROVIDER = [\n\t\t'letsencrypt' => \"https://acme-v02.api.letsencrypt.org/directory\",\n\t\t'letsencrypt_test' => \"https://acme-staging-v02.api.letsencrypt.org/directory\",\n\t\t'buypass' => \"https://api.buypass.com/acme/directory\",\n\t\t'buypass_test' => \"https://api.test4.buypass.no/acme/directory\",\n\t\t'zerossl' => \"https://acme.zerossl.com/v2/DV90\",\n\t\t'google' => \"https://dv.acme-v02.api.pki.goog/directory\",\n\t\t'google_test' => \"https://dv.acme-v02.test-api.pki.goog/directory\",\n\t];\n\tpublic static $no_inserttask = false;\n\tprivate static $apiserver = \"\";\n\tprivate static $acmesh = \"/root/.acme.sh/acme.sh\";\n\t/**\n\t *\n\t * @var PDOStatement\n\t */\n\tprivate static $updcert_stmt = null;\n\t/**\n\t *\n\t * @var PDOStatement\n\t */\n\tprivate static $upddom_stmt = null;\n\n\t/**\n\t * run the task\n\t *\n\t * @param bool $internal\n\t * @return int\n\t * @throws \\Exception\n\t */\n\tpublic static function run(bool $internal = false)\n\t{\n\t\t// usually, this is action is called from within the tasks-jobs\n\t\tif (!defined('CRON_IS_FORCED') && !defined('CRON_DEBUG_FLAG') && $internal == false) {\n\t\t\t// Let's Encrypt cronjob is combined with regeneration of webserver configuration files.\n\t\t\t// For debugging purposes you can use the --debug switch and the --force switch to run the cron manually.\n\t\t\t// check whether we MIGHT need to run although there is no task to regenerate config-files\n\t\t\t$issue_froxlor = self::issueFroxlorVhost();\n\t\t\t$issue_domains = self::issueDomains();\n\t\t\t$renew_froxlor = self::renewFroxlorVhost();\n\t\t\t$renew_domains = self::renewDomains(true);\n\t\t\tif ($issue_froxlor || !empty($issue_domains) || !empty($renew_froxlor) || $renew_domains) {\n\t\t\t\t// insert task to generate certificates and vhost-configs\n\t\t\t\tCronjob::inserttask(TaskId::REBUILD_VHOST);\n\t\t\t\tif ($renew_froxlor) {\n\t\t\t\t\tCronjob::inserttask(TaskId::UPDATE_LE_SERVICES);\n\t\t\t\t}\n\t\t\t}\n\t\t\treturn 0;\n\t\t}\n\n\t\t// set server according to settings\n\t\tself::$apiserver = self::ACME_PROVIDER[Settings::Get('system.letsencryptca')];\n\n\t\t// validate acme.sh installation\n\t\tif (!self::checkInstall()) {\n\t\t\treturn -1;\n\t\t}\n\n\t\tself::checkUpgrade();\n\n\t\t// flag for re-generation of vhost files\n\t\t$changedetected = 0;\n\n\t\t// prepare update sql\n\t\tself::$updcert_stmt = Database::prepare(\"\n\t\t\tREPLACE INTO\n\t\t\t\t`\" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . \"`\n\t\t\tSET\n\t\t\t\t`id` = :id,\n\t\t\t\t`domainid` = :domainid,\n\t\t\t\t`ssl_cert_file` = :crt,\n\t\t\t\t`ssl_key_file` = :key,\n\t\t\t\t`ssl_ca_file` = :ca,\n\t\t\t\t`ssl_cert_chainfile` = :chain,\n\t\t\t\t`ssl_csr_file` = :csr,\n\t\t\t\t`ssl_fullchain_file` = :fullchain,\n\t\t\t\t`validfromdate` = :validfromdate,\n\t\t\t\t`validtodate` = :validtodate,\n\t\t\t\t`issuer` = :issuer\n\t\t\");\n\n\t\t// prepare domain update sql\n\t\tself::$upddom_stmt = Database::prepare(\"UPDATE `\" . TABLE_PANEL_DOMAINS . \"` SET `ssl_redirect` = '1' WHERE `id` = :domainid\");\n\n\t\t// check whether there are certificates to issue\n\t\t$issue_froxlor = self::issueFroxlorVhost();\n\t\t$issue_domains = self::issueDomains();\n\n\t\t// first - generate LE for system-vhost if enabled\n\t\tif ($issue_froxlor) {\n\t\t\t// build row\n\t\t\t$certrow = [\n\t\t\t\t'loginname' => 'froxlor.panel',\n\t\t\t\t'domain' => Settings::Get('system.hostname'),\n\t\t\t\t'domainid' => 0,\n\t\t\t\t'documentroot' => Froxlor::getInstallDir(),\n\t\t\t\t'leprivatekey' => Settings::Get('system.leprivatekey'),\n\t\t\t\t'lepublickey' => Settings::Get('system.lepublickey'),\n\t\t\t\t'leregistered' => Settings::Get('system.leregistered'),\n\t\t\t\t'ssl_redirect' => Settings::Get('system.le_froxlor_redirect'),\n\t\t\t\t'validfromdate' => null,\n\t\t\t\t'validtodate' => null,\n\t\t\t\t'issuer' => \"\",\n\t\t\t\t'ssl_cert_file' => null,\n\t\t\t\t'ssl_key_file' => null,\n\t\t\t\t'ssl_ca_file' => null,\n\t\t\t\t'ssl_csr_file' => null,\n\t\t\t\t'id' => null,\n\t\t\t\t'wwwserveralias' => 0\n\t\t\t];\n\n\t\t\t// add to queue\n\t\t\t$issue_domains[] = $certrow;\n\t\t}\n\n\t\tif (count($issue_domains)) {\n\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, \"Requesting \" . count($issue_domains) . \" new Let's Encrypt certificates\");\n\t\t\tself::runIssueFor($issue_domains);\n\t\t\t$changedetected = 1;\n\t\t}\n\n\t\t// compare file-system certificates with the ones in our database\n\t\t// and update if needed\n\t\t$renew_froxlor = self::renewFroxlorVhost();\n\t\t$renew_domains = self::renewDomains();\n\n\t\tif ($renew_froxlor) {\n\t\t\t// build row\n\t\t\t$certrow = [\n\t\t\t\t'loginname' => 'froxlor.panel',\n\t\t\t\t'domain' => Settings::Get('system.hostname'),\n\t\t\t\t'domainid' => 0,\n\t\t\t\t'documentroot' => Froxlor::getInstallDir(),\n\t\t\t\t'leprivatekey' => Settings::Get('system.leprivatekey'),\n\t\t\t\t'lepublickey' => Settings::Get('system.lepublickey'),\n\t\t\t\t'leregistered' => Settings::Get('system.leregistered'),\n\t\t\t\t'ssl_redirect' => Settings::Get('system.le_froxlor_redirect'),\n\t\t\t\t'validfromdate' => is_array($renew_froxlor) ? $renew_froxlor['validfromdate'] : date('Y-m-d H:i:s', 0),\n\t\t\t\t'validtodate' => is_array($renew_froxlor) ? $renew_froxlor['validtodate'] : date('Y-m-d H:i:s', 0),\n\t\t\t\t'issuer' => is_array($renew_froxlor) ? $renew_froxlor['issuer'] : \"\",\n\t\t\t\t'ssl_cert_file' => is_array($renew_froxlor) ? $renew_froxlor['ssl_cert_file'] : null,\n\t\t\t\t'ssl_key_file' => is_array($renew_froxlor) ? $renew_froxlor['ssl_key_file'] : null,\n\t\t\t\t'ssl_ca_file' => is_array($renew_froxlor) ? $renew_froxlor['ssl_ca_file'] : null,\n\t\t\t\t'ssl_csr_file' => is_array($renew_froxlor) ? $renew_froxlor['ssl_csr_file'] : null,\n\t\t\t\t'id' => is_array($renew_froxlor) ? $renew_froxlor['id'] : null,\n\t\t\t\t'wwwserveralias' => 0\n\t\t\t];\n\t\t\t$renew_domains[] = $certrow;\n\t\t}\n\n\t\tforeach ($renew_domains as $domain) {\n\t\t\t$cronlog = FroxlorLogger::getInstanceOf([\n\t\t\t\t'loginname' => $domain['loginname'],\n\t\t\t\t'adminsession' => 0\n\t\t\t]);\n\t\t\tif (defined('CRON_IS_FORCED') || self::checkFsFilesAreNewer($domain['domain'], $domain['validtodate'])) {\n\t\t\t\tself::certToDb($domain, $cronlog, []);\n\t\t\t\t$changedetected = 1;\n\t\t\t}\n\t\t}\n\n\t\t// If we have a change in a certificate, we need to update the webserver - configs\n\t\t// This is easiest done by just creating a new task ;)\n\t\tif ($changedetected) {\n\t\t\tif (self::$no_inserttask == false) {\n\t\t\t\tCronjob::inserttask(TaskId::REBUILD_VHOST);\n\t\t\t}\n\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, \"Let's Encrypt certificates have been updated\");\n\t\t} else {\n\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, \"No new certificates or certificate updates found\");\n\t\t}\n\t\treturn 0;\n\t}\n\n\t/**\n\t * check whether we need to issue a new certificate for froxlor itself\n\t *\n\t * @return boolean\n\t * @throws \\Exception\n\t */\n\tprivate static function issueFroxlorVhost()\n\t{\n\t\tif (Settings::Get('system.le_froxlor_enabled') == '1') {\n\t\t\t// let's encrypt is enabled, now check whether we have a certificate\n\t\t\t$froxlor_ssl_settings_stmt = Database::prepare(\"\n\t\t\t\tSELECT * FROM `\" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . \"`\n\t\t\t\tWHERE `domainid` = '0'\n\t\t\t\");\n\t\t\t$froxlor_ssl = Database::pexecute_first($froxlor_ssl_settings_stmt);\n\t\t\t// also check for possible existing certificate\n\t\t\tif (!$froxlor_ssl || empty($froxlor_ssl['validtodate'])) {\n\t\t\t\treturn true;\n\t\t\t}\n\t\t}\n\t\treturn false;\n\t}\n\n\tprivate static function checkFsFilesAreNewer($domain, $cert_date = 0): bool\n\t{\n\t\t$certificate_folder = self::getCertificateFolder(strtolower($domain));\n\t\tif (empty($certificate_folder)) {\n\t\t\treturn false;\n\t\t}\n\t\t$ssl_file = FileDir::makeCorrectFile($certificate_folder . '/' . strtolower($domain) . '.cer');\n\n\t\tif (is_dir($certificate_folder) && file_exists($ssl_file) && is_readable($ssl_file)) {\n\t\t\t$cert_data = openssl_x509_parse(file_get_contents($ssl_file));\n\t\t\tif ($cert_data && $cert_data['validTo_time_t'] > strtotime($cert_date)) {\n\t\t\t\treturn true;\n\t\t\t}\n\t\t}\n\t\treturn false;\n\t}\n\n\tpublic static function getWorkingDirFromEnv($domain = \"\", $forced_ecc = false): string\n\t{\n\t\t// first try without _ecc either if it's enabled currently or not as\n\t\t// it might have been at some point so there is a chance we have certificates\n\t\t// with and without _ecc - the method getCertificateFolder() will check both\n\t\t// possibilities\n\t\tif ($forced_ecc) {\n\t\t\t$domain .= \"_ecc\";\n\t\t}\n\t\t$env_file = FileDir::makeCorrectFile(dirname(self::getAcmeSh()) . '/acme.sh.env');\n\t\tif (file_exists($env_file)) {\n\t\t\t$output = [];\n\t\t\t$cut = <<fetchAll(PDO::FETCH_ASSOC);\n\t\tif ($customer_ssl) {\n\t\t\treturn $customer_ssl;\n\t\t}\n\t\treturn [];\n\t}\n\n\t/**\n\t * check whether we need to renew-check the certificate for froxlor itself\n\t *\n\t * @return boolean\n\t * @throws \\Exception\n\t */\n\tprivate static function renewFroxlorVhost()\n\t{\n\t\tif (Settings::Get('system.le_froxlor_enabled') == '1') {\n\t\t\t// let's encrypt is enabled, now check whether we have a certificate\n\t\t\t$froxlor_ssl_settings_stmt = Database::prepare(\"\n\t\t\t\tSELECT * FROM `\" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . \"`\n\t\t\t\tWHERE `domainid` = '0'\n\t\t\t\");\n\t\t\t$froxlor_ssl = Database::pexecute_first($froxlor_ssl_settings_stmt);\n\t\t\t// also check for possible existing certificate\n\t\t\tif ($froxlor_ssl && self::checkFsFilesAreNewer(Settings::Get('system.hostname'), $froxlor_ssl['validtodate'])) {\n\t\t\t\treturn $froxlor_ssl;\n\t\t\t}\n\t\t}\n\t\treturn false;\n\t}\n\n\t/**\n\t * get a list of domains that have a lets encrypt certificate (possible renew)\n\t */\n\tprivate static function renewDomains($check = false)\n\t{\n\t\t$certificates_stmt = Database::query(\"\n\t\t\tSELECT\n\t\t\t\tdomssl.`id`,\n\t\t\t\tdomssl.`domainid`,\n\t\t\t\tdomssl.`validfromdate`,\n\t\t\t\tdomssl.`validtodate`,\n\t\t\t\tdomssl.`issuer`,\n\t\t\t\tdomssl.`ssl_cert_file`,\n\t\t\t\tdomssl.`ssl_key_file`,\n\t\t\t\tdom.`domain`,\n\t\t\t\tdom.`id` AS 'domainid',\n\t\t\t\tdom.`ssl_redirect`,\n\t\t\t\tcust.`loginname`\n\t\t\tFROM\n\t\t\t\t`\" . TABLE_PANEL_CUSTOMERS . \"` AS cust,\n\t\t\t\t`\" . TABLE_PANEL_DOMAINS . \"` AS dom\n\t\t\tLEFT JOIN\n\t\t\t\t`\" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . \"` AS domssl ON\n\t\t\t\t\tdom.`id` = domssl.`domainid`\n\t\t\tWHERE\n\t\t\t\tdom.`customerid` = cust.`customerid`\n\t\t\t\tAND cust.deactivated = 0\n\t\t\t\tAND dom.deactivated = 0\n\t\t\t\tAND dom.`ssl_enabled` = 1\n\t\t\t\tAND dom.`letsencrypt` = 1\n\t\t\t\tAND dom.`aliasdomain` IS NULL\n\t\t\t\tAND dom.`iswildcarddomain` = 0\n\t\t\t\tAND dom.`email_only` = 0\n\t\t\t\tAND dom.`ssl_redirect` != 2\n\t\t\");\n\t\t$renew_certs = $certificates_stmt->fetchAll(PDO::FETCH_ASSOC);\n\t\tif ($renew_certs) {\n\t\t\tif ($check) {\n\t\t\t\tforeach ($renew_certs as $cert) {\n\t\t\t\t\tif (self::checkFsFilesAreNewer($cert['domain'], $cert['validtodate'])) {\n\t\t\t\t\t\treturn true;\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\treturn false;\n\t\t\t}\n\t\t\treturn $renew_certs;\n\t\t}\n\t\treturn [];\n\t}\n\n\t/**\n\t * install acme.sh if not found yet\n\t */\n\tprivate static function checkInstall($tries = 0)\n\t{\n\t\tif (!file_exists(self::getAcmeSh()) && $tries > 0) {\n\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_ERR, \"Download/installation of acme.sh seems to have failed. Re-run cronjob to try again or install manually to '\" . self::getAcmeSh() . \"'\");\n\t\t\techo PHP_EOL . \"Download/installation of acme.sh seems to have failed. Re-run cronjob to try again or install manually to '\" . self::getAcmeSh() . \"'\" . PHP_EOL;\n\t\t\treturn false;\n\t\t} else {\n\t\t\tif (!file_exists(self::getAcmeSh())) {\n\t\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, \"Could not find acme.sh - installing it to /root/.acme.sh/\");\n\t\t\t\t$return = false;\n\t\t\t\tFileDir::safe_exec(\"wget -O - https://get.acme.sh | sh -s email=\" . escapeshellarg(Settings::Get('panel.adminmail')), $return, [\n\t\t\t\t\t'|'\n\t\t\t\t]);\n\t\t\t\t$set_path = self::getAcmeSh();\n\t\t\t\t// after this, regardless of what the user specified, the acme.sh installation will be in /root/.acme.sh\n\t\t\t\tif ($set_path != '/root/.acme.sh/acme.sh') {\n\t\t\t\t\tSettings::Set('system.acmeshpath', '/root/.acme.sh/acme.sh', true);\n\t\t\t\t\t// let the user know\n\t\t\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_WARNING, \"Acme.sh could not be found in '\" . $set_path . \"' so froxlor installed it to the default location, which is '/root/.acme.sh/'\");\n\t\t\t\t\techo PHP_EOL . \"Acme.sh could not be found in '\" . $set_path . \"' so froxlor installed it to the default location, which is '/root/.acme.sh/'\" . PHP_EOL;\n\t\t\t\t}\n\t\t\t\t// check whether the installation worked\n\t\t\t\treturn self::checkInstall(++$tries);\n\t\t\t}\n\t\t}\n\t\treturn true;\n\t}\n\n\t/**\n\t * run upgrade\n\t */\n\tprivate static function checkUpgrade()\n\t{\n\t\t$acmesh_result = FileDir::safe_exec(self::getAcmeSh() . \" --upgrade --auto-upgrade 0\");\n\t\t// check for activated cron\n\t\t$acmesh_result2 = FileDir::safe_exec(self::getAcmeSh() . \" --install-cronjob\");\n\t\t// set default CA\n\t\t$acmesh_result3 = FileDir::safe_exec(self::getAcmeSh() . \" --set-default-ca --server \" . self::$apiserver);\n\t\t// log messages\n\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, \"Checking for LetsEncrypt client upgrades before renewing certificates:\\n\" . implode(\"\\n\", $acmesh_result) . \"\\n\" . implode(\"\\n\", $acmesh_result2) . \"\\n\" . implode(\"\\n\", $acmesh_result3));\n\t}\n\n\t/**\n\t * issue certificates for a list of domains\n\t */\n\tprivate static function runIssueFor($certrows = [])\n\t{\n\t\t// prepare aliasdomain-check\n\t\t$aliasdomains_stmt = Database::prepare(\"\n\t\t\tSELECT\n\t\t\t\tdom.`id` as domainid,\n\t\t\t\tdom.`domain`,\n\t\t\t\tdom.`wwwserveralias`\n\t\t\tFROM `\" . TABLE_PANEL_DOMAINS . \"` AS dom\n\t\t\tWHERE\n\t\t\t\tdom.`aliasdomain` = :id\n\t\t\t\tAND dom.`letsencrypt` = 1\n\t\t\t\tAND dom.`iswildcarddomain` = 0\n\t\t\");\n\t\t// iterate through all domains\n\t\tforeach ($certrows as $certrow) {\n\t\t\t// set logger to corresponding loginname for the log to appear in the users system-log\n\t\t\t$cronlog = FroxlorLogger::getInstanceOf([\n\t\t\t\t'loginname' => $certrow['loginname'],\n\t\t\t\t'adminsession' => 0\n\t\t\t]);\n\t\t\t// Only issue let's encrypt certificate if no broken ssl_redirect is enabled\n\t\t\tif ($certrow['ssl_redirect'] != 2) {\n\t\t\t\t$do_force = false;\n\t\t\t\tif (!empty($certrow['ssl_cert_file']) && empty($certrow['validtodate'])) {\n\t\t\t\t\t// domain changed (SAN or similar)\n\t\t\t\t\t$do_force = true;\n\t\t\t\t\t$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, \"Re-creating certificate for \" . $certrow['domain']);\n\t\t\t\t} else {\n\t\t\t\t\t$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, \"Creating certificate for \" . $certrow['domain']);\n\t\t\t\t}\n\t\t\t\t$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, \"Adding common-name: \" . $certrow['domain']);\n\t\t\t\t$domains = [\n\t\t\t\t\tstrtolower($certrow['domain'])\n\t\t\t\t];\n\t\t\t\t// add www. to SAN list\n\t\t\t\tif ($certrow['wwwserveralias'] == 1) {\n\t\t\t\t\t$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, \"Adding SAN entry: www.\" . $certrow['domain']);\n\t\t\t\t\t$domains[] = strtolower('www.' . $certrow['domain']);\n\t\t\t\t}\n\t\t\t\tif ($certrow['domainid'] == 0) {\n\t\t\t\t\t$froxlor_aliases = Settings::Get('system.froxloraliases');\n\t\t\t\t\tif (!empty($froxlor_aliases)) {\n\t\t\t\t\t\t$froxlor_aliases = explode(\",\", $froxlor_aliases);\n\t\t\t\t\t\tforeach ($froxlor_aliases as $falias) {\n\t\t\t\t\t\t\tif (Validate::validateDomain(trim($falias))) {\n\t\t\t\t\t\t\t\t$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, \"Adding SAN entry: \" . strtolower(trim($falias)));\n\t\t\t\t\t\t\t\t$domains[] = strtolower(trim($falias));\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t} else {\n\t\t\t\t\t// add alias domains (and possibly www.) to SAN list\n\t\t\t\t\tDatabase::pexecute($aliasdomains_stmt, [\n\t\t\t\t\t\t'id' => $certrow['domainid']\n\t\t\t\t\t]);\n\t\t\t\t\t$aliasdomains = $aliasdomains_stmt->fetchAll(PDO::FETCH_ASSOC);\n\t\t\t\t\tforeach ($aliasdomains as $aliasdomain) {\n\t\t\t\t\t\t$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, \"Adding SAN entry: \" . $aliasdomain['domain']);\n\t\t\t\t\t\t$domains[] = strtolower($aliasdomain['domain']);\n\t\t\t\t\t\tif ($aliasdomain['wwwserveralias'] == 1) {\n\t\t\t\t\t\t\t$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, \"Adding SAN entry: www.\" . $aliasdomain['domain']);\n\t\t\t\t\t\t\t$domains[] = strtolower('www.' . $aliasdomain['domain']);\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\tself::validateDns($domains, $certrow['domainid'], $cronlog);\n\n\t\t\t\tself::runAcmeSh($certrow, $domains, $cronlog, $do_force, $certrow['domainid'] == 0);\n\t\t\t} else {\n\t\t\t\t$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_WARNING, \"Skipping Let's Encrypt generation for \" . $certrow['domain'] . \" due to an enabled ssl_redirect\");\n\t\t\t\t// we need another reconfigure in order to get the certificate\n\t\t\t\tCronjob::inserttask(TaskId::REBUILD_VHOST);\n\t\t\t}\n\t\t}\n\t}\n\n\t/**\n\t * validate dns (A / AAAA record) of domain against known system ips\n\t *\n\t * @param array $domains\n\t * @param int $domain_id\n\t * @param FroxlorLogger $cronlog\n\t * @throws \\Exception\n\t */\n\tprivate static function validateDns(array &$domains, $domain_id, &$cronlog)\n\t{\n\t\tif (Settings::Get('system.le_domain_dnscheck') == '1' && !empty($domains)) {\n\t\t\t$loop_domains = $domains;\n\t\t\t// ips according to our system\n\t\t\t$our_ips = Domain::getIpsOfDomain($domain_id);\n\t\t\tforeach ($loop_domains as $idx => $domain) {\n\t\t\t\t$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, \"Validating DNS of \" . $domain);\n\t\t\t\t// ips according to NS\n\t\t\t\t$domain_ips = PhpHelper::gethostbynamel6($domain, true, Settings::Get('system.le_domain_dnscheck_resolver'));\n\t\t\t\tif ($domain_ips == false || count(array_intersect($our_ips, $domain_ips)) <= 0) {\n\t\t\t\t\t// no common ips...\n\t\t\t\t\t$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_WARNING, \"Skipping Let's Encrypt generation for \" . $domain . \" due to no system known IP address via DNS check\");\n\t\t\t\t\tunset($domains[$idx]);\n\t\t\t\t\t// in order to avoid a cron-loop that tries to get a certificate every 5 minutes, we disable let's encrypt for this domain\n\t\t\t\t\tif ($domain_id > 0) {\n\t\t\t\t\t\t$upd_stmt = Database::prepare(\"UPDATE `\" . TABLE_PANEL_DOMAINS . \"` SET `letsencrypt` = '0' WHERE `id` = :did\");\n\t\t\t\t\t\tDatabase::pexecute($upd_stmt, [\n\t\t\t\t\t\t\t'did' => $domain_id\n\t\t\t\t\t\t]);\n\t\t\t\t\t} else {\n\t\t\t\t\t\t// froxlor's hostname\n\t\t\t\t\t\tSettings::Set('system.le_froxlor_enabled', 0);\n\t\t\t\t\t}\n\t\t\t\t\t$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_WARNING, \"Let's Encrypt deactivated for domain \" . $domain);\n\t\t\t\t\tif (!defined('CRON_IS_FORCED') && !defined('CRON_DEBUG_FLAG')) {\n\t\t\t\t\t\t// email info to admin that lets encrypt has been disabled for this domain\n\t\t\t\t\t\tCronjob::notifyMailToAdmin(\"Let's Encrypt has been deactivated for domain '\" . $domain . \"' due to failed dns validation (wrong or no IP address)\");\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t}\n\n\tprivate static function runAcmeSh(array $certrow, array $domains, &$cronlog = null, bool $force = false, bool $renew_hook = false)\n\t{\n\t\tif (!empty($domains)) {\n\t\t\t$acmesh_cmd = self::getAcmeSh() . \" --server \" . self::$apiserver . \" --issue -d \" . implode(\" -d \", $domains);\n\t\t\t// challenge path\n\t\t\t$acmesh_cmd .= \" -w \" . Settings::Get('system.letsencryptchallengepath');\n\t\t\tif (Settings::Get('system.leecc') > 0) {\n\t\t\t\t// ecc certificate\n\t\t\t\t$acmesh_cmd .= \" --keylength ec-\" . Settings::Get('system.leecc');\n\t\t\t} else {\n\t\t\t\t$acmesh_cmd .= \" --keylength \" . Settings::Get('system.letsencryptkeysize');\n\t\t\t}\n\t\t\tif (Settings::Get('system.letsencryptreuseold') != '1') {\n\t\t\t\t$acmesh_cmd .= \" --always-force-new-domain-key\";\n\t\t\t}\n\t\t\tif (substr(Settings::Get('system.letsencryptca'), -5) == '_test') {\n\t\t\t\t$acmesh_cmd .= \" --staging\";\n\t\t\t}\n\t\t\tif ($force) {\n\t\t\t\t$acmesh_cmd .= \" --force\";\n\t\t\t}\n\t\t\tif ($renew_hook\n\t\t\t\t&& !empty(trim(Settings::Get('system.le_renew_services') ?? \"\"))\n\t\t\t\t&& !empty(trim(Settings::Get('system.le_renew_hook') ?? \"\"))\n\t\t\t) {\n\t\t\t\t$acmesh_cmd .= \" --renew-hook '\" . Settings::Get('system.le_renew_hook') . \"'\";\n\t\t\t}\n\t\t\tif (defined('CRON_DEBUG_FLAG')) {\n\t\t\t\t$acmesh_cmd .= \" --debug\";\n\t\t\t}\n\n\t\t\t$exit_code = null;\n\t\t\t$acme_result = FileDir::safe_exec($acmesh_cmd, $exit_code);\n\t\t\t// debug output of acme.sh run\n\t\t\t$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, implode(\"\\n\", $acme_result));\n\n\t\t\tif ($exit_code != 0) {\n\t\t\t\t$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, \"Non-successful exit-code returned :(\");\n\t\t\t\tif (!defined('CRON_IS_FORCED') && !defined('CRON_DEBUG_FLAG')) {\n\t\t\t\t\tCronjob::notifyMailToAdmin(\"Let's Encrypt certificate could not be obtained for: \" . implode(\", \", $domains) . \"\\n\\n\" . implode(\"\\n\", $acme_result));\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\t$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, \"Successful exit-code returned - storing certificate\");\n\t\t\t\t$cert_stored = self::certToDb($certrow, $cronlog, $acme_result);\n\n\t\t\t\tif ($cert_stored && $renew_hook) {\n\t\t\t\t\tself::renewHookConfigs($cronlog);\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t}\n\n\tpublic static function renewHookConfigs($cronlog)\n\t{\n\t\tif (!empty(trim(Settings::Get('system.le_renew_services') ?? \"\"))\n\t\t\t&& !empty(trim(Settings::Get('system.le_renew_hook') ?? \"\"))\n\t\t) {\n\n\t\t\t$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, \"Renew-hook is enabled - adjusting configurations\");\n\n\t\t\t$certificate_folder = self::getCertificateFolder(strtolower(Settings::Get('system.hostname')));\n\n\t\t\tif (empty($certificate_folder)) {\n\t\t\t\t$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, \"No certificate folder for '\" . Settings::Get('system.hostname') . \"' found\");\n\t\t\t\treturn;\n\t\t\t}\n\n\t\t\t$fullchain = FileDir::makeCorrectFile($certificate_folder . '/fullchain.cer');\n\t\t\t$keyfile = FileDir::makeCorrectFile($certificate_folder . '/' . strtolower(Settings::Get('system.hostname')) . '.key');\n\t\t\t$ca_file = FileDir::makeCorrectFile($certificate_folder . '/ca.cer');\n\n\t\t\tif (!file_exists($fullchain) || !file_exists($keyfile) || !file_exists($ca_file)) {\n\t\t\t\t$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, \"At least one of the required certificate files for '\" . Settings::Get('system.hostname') . \"' could not be found\");\n\t\t\t\treturn;\n\t\t\t}\n\n\t\t\t$dovecot_conf = '/etc/dovecot/conf.d/99-froxlor.ssl.conf'; // @fixme setting?\n\n\t\t\tif (Settings::IsInList('system.le_renew_services', 'postfix')) {\n\t\t\t\t// \"postconf -e\" for postfix\n\t\t\t\tFileDir::safe_exec('postconf -e smtpd_tls_cert_file=' . escapeshellarg($fullchain));\n\t\t\t\tFileDir::safe_exec('postconf -e smtpd_tls_key_file=' . escapeshellarg($keyfile));\n\t\t\t}\n\t\t\tif (Settings::IsInList('system.le_renew_services', 'dovecot')) {\n\t\t\t\t// custom config for dovecot\n\t\t\t\t$ssl_content = << $certrow['id'],\n\t\t\t\t\t'domainid' => $certrow['domainid'],\n\t\t\t\t\t'crt' => $return['crt'],\n\t\t\t\t\t'key' => $return['key'],\n\t\t\t\t\t'ca' => $return['chain'],\n\t\t\t\t\t'chain' => $return['chain'],\n\t\t\t\t\t'csr' => $return['csr'],\n\t\t\t\t\t'fullchain' => $return['fullchain'],\n\t\t\t\t\t'validfromdate' => date('Y-m-d H:i:s', $newcert['validFrom_time_t']),\n\t\t\t\t\t'validtodate' => date('Y-m-d H:i:s', $newcert['validTo_time_t']),\n\t\t\t\t\t'issuer' => $newcert['issuer']['O'] ?? \"\"\n\t\t\t\t]);\n\n\t\t\t\tif ($certrow['ssl_redirect'] == 3) {\n\t\t\t\t\tDatabase::pexecute(self::$upddom_stmt, [\n\t\t\t\t\t\t'domainid' => $certrow['domainid']\n\t\t\t\t\t]);\n\t\t\t\t}\n\n\t\t\t\t$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, \"Updated Let's Encrypt certificate for \" . $certrow['domain']);\n\t\t\t\treturn true;\n\t\t\t} else {\n\t\t\t\t$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_ERR, \"Got non-successful Let's Encrypt response for \" . $certrow['domain'] . \":\\n\" . implode(\"\\n\", $acme_result));\n\t\t\t}\n\t\t} else {\n\t\t\t$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_ERR, \"Could not get Let's Encrypt certificate for \" . $certrow['domain'] . \":\\n\" . implode(\"\\n\", $acme_result));\n\t\t}\n\t\treturn false;\n\t}\n\n\t/**\n\t * get certificate files from filesystem and store in $return array\n\t *\n\t * @param string $domain\n\t * @param array $return\n\t * @param object $cronlog\n\t */\n\tprivate static function readCertificateToVar($domain, &$return, &$cronlog)\n\t{\n\t\t$certificate_folder = self::getCertificateFolder($domain);\n\n\t\tif (!empty($certificate_folder)) {\n\t\t\t$certificate_files = [\n\t\t\t\t'crt' => $domain . '.cer',\n\t\t\t\t'key' => $domain . '.key',\n\t\t\t\t'chain' => 'ca.cer',\n\t\t\t\t'fullchain' => 'fullchain.cer',\n\t\t\t\t'csr' => $domain . '.csr'\n\t\t\t];\n\t\t\tforeach ($certificate_files as $index => $sslfile) {\n\t\t\t\t$ssl_file = FileDir::makeCorrectFile($certificate_folder . '/' . $sslfile);\n\t\t\t\tif (file_exists($ssl_file)) {\n\t\t\t\t\t$return[$index] = file_get_contents($ssl_file);\n\t\t\t\t} else {\n\t\t\t\t\t$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_ERR, \"Could not find file '\" . $sslfile . \"' in '\" . $certificate_folder . \"'\");\n\t\t\t\t\t$return[$index] = null;\n\t\t\t\t}\n\t\t\t}\n\t\t} else {\n\t\t\t$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_ERR, \"Could not find certificate-folder '\" . $certificate_folder . \"'\");\n\t\t}\n\t}\n\n\tprivate static function getCertificateFolder(string $domain): string\n\t{\n\t\t$certificate_folder = self::getWorkingDirFromEnv(strtolower($domain));\n\t\tif (file_exists($certificate_folder)) {\n\t\t\treturn $certificate_folder;\n\t\t}\n\t\t$certificate_folder_ecc = self::getWorkingDirFromEnv($domain, true);\n\t\tif (file_exists($certificate_folder_ecc)) {\n\t\t\treturn $certificate_folder_ecc;\n\t\t}\n\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_ERR, \"Could not find certificate-folder for domain '\" . $domain . \"'\");\n\t\treturn \"\";\n\t}\n}\n" }, { "path": "lib/Froxlor/Cron/Http/LetsEncrypt/index.html", "content": "" }, { "path": "lib/Froxlor/Cron/Http/Nginx.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Cron\\Http;\n\nuse Froxlor\\Cron\\Http\\Php\\PhpInterface;\nuse Froxlor\\Cron\\TaskId;\nuse Froxlor\\Customer\\Customer;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\Domain\\Domain;\nuse Froxlor\\Froxlor;\nuse Froxlor\\FileDir;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\Http\\Directory;\nuse Froxlor\\Http\\Statistics;\nuse Froxlor\\Settings;\nuse Froxlor\\System\\Cronjob;\nuse Froxlor\\Validate\\Validate;\nuse Froxlor\\System\\Crypt;\nuse PDO;\n\nclass Nginx extends HttpConfigBase\n{\n\n\tprotected $nginx_data = [];\n\n\t// protected\n\tprotected $needed_htpasswds = [];\n\tprotected $http2_on_directive = false;\n\tprotected $htpasswds_data = [];\n\tprotected $known_htpasswdsfilenames = [];\n\tprotected $vhost_root_autoindex = false;\n\n\t/**\n\t * indicator whether a customer is deactivated or not\n\t * if yes, only the webroot will be generated\n\t *\n\t * @var bool\n\t */\n\tprivate $deactivated = false;\n\n\tpublic function __construct()\n\t{\n\t\t$nores = false;\n\t\t$res = FileDir::safe_exec('nginx -v 2>&1', $nores, ['>', '&']);\n\t\t$ver_str = array_shift($res);\n\t\t$cNginxVer = substr($ver_str, strrpos($ver_str, \"/\") + 1);\n\t\tif (version_compare($cNginxVer, '1.25.1', '>=')) {\n\t\t\t// at least 1.25.1\n\t\t\t$this->http2_on_directive = true;\n\t\t}\n\t}\n\n\tpublic function createVirtualHosts()\n\t{\n\t\treturn;\n\t}\n\n\tpublic function createFileDirOptions()\n\t{\n\t\treturn;\n\t}\n\n\tpublic function createIpPort()\n\t{\n\t\t$this->createLogformatEntry();\n\n\t\t$result_ipsandports_stmt = Database::query(\"\n\t\t\tSELECT * FROM `\" . TABLE_PANEL_IPSANDPORTS . \"` ORDER BY `ip` ASC, `port` ASC\n\t\t\");\n\n\t\twhile ($row_ipsandports = $result_ipsandports_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\tif (filter_var($row_ipsandports['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {\n\t\t\t\t$ip = '[' . $row_ipsandports['ip'] . ']';\n\t\t\t} else {\n\t\t\t\t$ip = $row_ipsandports['ip'];\n\t\t\t}\n\t\t\t$port = $row_ipsandports['port'];\n\n\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'nginx::createIpPort: creating ip/port settings for ' . $ip . \":\" . $port);\n\t\t\t$vhost_filename = FileDir::makeCorrectFile(Settings::Get('system.apacheconf_vhost') . '/10_froxlor_ipandport_' . trim(str_replace(':', '.', $row_ipsandports['ip']), '.') . '.' . $row_ipsandports['port'] . '.conf');\n\n\t\t\tif (!isset($this->nginx_data[$vhost_filename])) {\n\t\t\t\t$this->nginx_data[$vhost_filename] = '';\n\t\t\t}\n\n\t\t\tif ($row_ipsandports['vhostcontainer'] == '1') {\n\t\t\t\t$this->nginx_data[$vhost_filename] .= 'server { ' . \"\\n\";\n\n\t\t\t\t$mypath = $this->getMyPath($row_ipsandports);\n\n\t\t\t\t// check for ssl before anything else so\n\t\t\t\t// we know whether it's an ssl vhost or not\n\t\t\t\t$ssl_vhost = false;\n\t\t\t\tif ($row_ipsandports['ssl'] == '1') {\n\t\t\t\t\t// check for required fallback\n\t\t\t\t\tif (($row_ipsandports['ssl_cert_file'] == '' || !file_exists($row_ipsandports['ssl_cert_file'])) && (Settings::Get('system.le_froxlor_enabled') == '0' || $this->froxlorVhostHasLetsEncryptCert() == false)) {\n\t\t\t\t\t\t$row_ipsandports['ssl_cert_file'] = Settings::Get('system.ssl_cert_file');\n\t\t\t\t\t\tif (!file_exists($row_ipsandports['ssl_cert_file'])) {\n\t\t\t\t\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, 'System certificate file \"' . Settings::Get('system.ssl_cert_file') . '\" does not seem to exist. Creating self-signed certificate...');\n\t\t\t\t\t\t\tCrypt::createSelfSignedCertificate();\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t\tif ($row_ipsandports['ssl_key_file'] == '') {\n\t\t\t\t\t\t$row_ipsandports['ssl_key_file'] = Settings::Get('system.ssl_key_file');\n\t\t\t\t\t\tif (!file_exists($row_ipsandports['ssl_key_file'])) {\n\t\t\t\t\t\t\t// explicitly disable ssl for this vhost\n\t\t\t\t\t\t\t$row_ipsandports['ssl_cert_file'] = \"\";\n\t\t\t\t\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, 'System certificate key-file \"' . Settings::Get('system.ssl_key_file') . '\" does not seem to exist. Disabling SSL-vhost for \"' . Settings::Get('system.hostname') . '\"');\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t\tif ($row_ipsandports['ssl_ca_file'] == '') {\n\t\t\t\t\t\t$row_ipsandports['ssl_ca_file'] = Settings::Get('system.ssl_ca_file');\n\t\t\t\t\t}\n\t\t\t\t\tif ($row_ipsandports['ssl_cert_file'] != '' && file_exists($row_ipsandports['ssl_cert_file'])) {\n\t\t\t\t\t\t$ssl_vhost = true;\n\t\t\t\t\t}\n\n\t\t\t\t\t$domain = [\n\t\t\t\t\t\t'id' => 0,\n\t\t\t\t\t\t'domain' => Settings::Get('system.hostname'),\n\t\t\t\t\t\t'adminid' => 1, /* first admin-user (superadmin) */\n\t\t\t\t\t\t'loginname' => 'froxlor.panel',\n\t\t\t\t\t\t'documentroot' => $mypath,\n\t\t\t\t\t\t'customerroot' => $mypath,\n\t\t\t\t\t\t'parentdomainid' => 0\n\t\t\t\t\t];\n\n\t\t\t\t\t// override corresponding array values\n\t\t\t\t\t$domain['ssl_cert_file'] = $row_ipsandports['ssl_cert_file'];\n\t\t\t\t\t$domain['ssl_key_file'] = $row_ipsandports['ssl_key_file'];\n\t\t\t\t\t$domain['ssl_ca_file'] = $row_ipsandports['ssl_ca_file'];\n\t\t\t\t\t$domain['ssl_cert_chainfile'] = $row_ipsandports['ssl_cert_chainfile'];\n\n\t\t\t\t\t// SSL STUFF\n\t\t\t\t\t$dssl = new DomainSSL();\n\t\t\t\t\t// this sets the ssl-related array-indices in the $domain array\n\t\t\t\t\t// if the domain has customer-defined ssl-certificates\n\t\t\t\t\t$dssl->setDomainSSLFilesArray($domain);\n\n\t\t\t\t\tif ($domain['ssl_cert_file'] != '' && file_exists($domain['ssl_cert_file'])) {\n\t\t\t\t\t\t// override corresponding array values\n\t\t\t\t\t\t$row_ipsandports['ssl_cert_file'] = $domain['ssl_cert_file'];\n\t\t\t\t\t\t$row_ipsandports['ssl_key_file'] = $domain['ssl_key_file'];\n\t\t\t\t\t\t$row_ipsandports['ssl_ca_file'] = $domain['ssl_ca_file'];\n\t\t\t\t\t\t$row_ipsandports['ssl_cert_chainfile'] = $domain['ssl_cert_chainfile'];\n\t\t\t\t\t\t$ssl_vhost = true;\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\t$http2 = $ssl_vhost == true && Settings::Get('system.http2_support') == '1';\n\t\t\t\t$http3 = $ssl_vhost == true && Settings::Get('system.http3_support') == '1';\n\n\t\t\t\t/**\n\t\t\t\t * this HAS to be set for the default host in nginx or else no vhost will work\n\t\t\t\t */\n\t\t\t\t$this->nginx_data[$vhost_filename] .= \"\\t\" . 'listen ' . $ip . ':' . $port . ' default_server' . ($ssl_vhost == true ? ' ssl' : '') . ($http2 && !$this->http2_on_directive ? ' http2' : '') . ';' . \"\\n\";\n\t\t\t\tif ($http2 && $this->http2_on_directive) {\n\t\t\t\t\t$this->nginx_data[$vhost_filename] .= \"\\t\" . 'http2 on;' . \"\\n\";\n\t\t\t\t}\n\t\t\t\tif ($http3) {\n\t\t\t\t\t$this->nginx_data[$vhost_filename] .= \"\\t\" . 'listen ' . $ip . ':' . $port . ' default_server quic reuseport;' . \"\\n\";\n\t\t\t\t\t$this->nginx_data[$vhost_filename] .= \"\\t\" . 'http3 on;' . \"\\n\";\n\t\t\t\t\t$this->nginx_data[$vhost_filename] .= \"\\t\" . 'quic_gso on;' . \"\\n\";\n\t\t\t\t\t$this->nginx_data[$vhost_filename] .= \"\\t\" . 'quic_retry on;' . \"\\n\";\n\t\t\t\t\t$this->nginx_data[$vhost_filename] .= \"\\t\" . 'add_header Alt-Svc \\'h3=\":' . $port . '\"; ma=86400\\' always;' . \"\\n\";\n\t\t\t\t}\n\t\t\t\t$this->nginx_data[$vhost_filename] .= \"\\t\" . '# Froxlor default vhost' . \"\\n\";\n\n\t\t\t\t$aliases = \"\";\n\t\t\t\t$froxlor_aliases = Settings::Get('system.froxloraliases');\n\t\t\t\tif (!empty($froxlor_aliases)) {\n\t\t\t\t\t$froxlor_aliases = explode(\",\", $froxlor_aliases);\n\t\t\t\t\tforeach ($froxlor_aliases as $falias) {\n\t\t\t\t\t\tif (Validate::validateDomain(trim($falias))) {\n\t\t\t\t\t\t\t$aliases .= trim($falias) . \" \";\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t\t$aliases = \" \" . trim($aliases);\n\t\t\t\t}\n\t\t\t\t$this->nginx_data[$vhost_filename] .= \"\\t\" . 'server_name ' . Settings::Get('system.hostname') . $aliases . ';' . \"\\n\";\n\n\t\t\t\t$logtype = 'combined';\n\t\t\t\tif (Settings::Get('system.logfiles_format') != '') {\n\t\t\t\t\t$logtype = 'frx_custom';\n\t\t\t\t}\n\t\t\t\t$this->nginx_data[$vhost_filename] .= \"\\t\" . 'access_log /var/log/nginx/access.log ' . $logtype . ';' . \"\\n\";\n\n\t\t\t\tif (Settings::Get('system.use_ssl') == '1' && Settings::Get('system.leenabled') == '1' && Settings::Get('system.le_froxlor_enabled') == '1') {\n\t\t\t\t\t$acmeConfFilename = Settings::Get('system.letsencryptacmeconf');\n\t\t\t\t\t$this->nginx_data[$vhost_filename] .= \"\\t\" . 'include ' . $acmeConfFilename . ';' . \"\\n\";\n\t\t\t\t}\n\n\t\t\t\t$is_redirect = false;\n\t\t\t\t// check for SSL redirect\n\t\t\t\tif ($row_ipsandports['ssl'] == '0' && Settings::Get('system.le_froxlor_redirect') == '1') {\n\t\t\t\t\t$is_redirect = true;\n\t\t\t\t\t// check whether froxlor uses Let's Encrypt and not cert is being generated yet\n\t\t\t\t\t// or a renewal is ongoing - disable redirect\n\t\t\t\t\tif (Settings::Get('system.leenabled') == '1' && Settings::Get('system.le_froxlor_enabled') && ($this->froxlorVhostHasLetsEncryptCert() == false || $this->froxlorVhostLetsEncryptNeedsRenew())) {\n\t\t\t\t\t\t$this->nginx_data[$vhost_filename] .= '# temp. disabled ssl-redirect due to Let\\'s Encrypt certificate generation.' . PHP_EOL;\n\t\t\t\t\t\t$is_redirect = false;\n\t\t\t\t\t\tCronjob::inserttask(TaskId::REBUILD_VHOST);\n\t\t\t\t\t} else {\n\t\t\t\t\t\t$_sslport = $this->checkAlternativeSslPort();\n\t\t\t\t\t\t$mypath = 'https://' . Settings::Get('system.hostname') . $_sslport;\n\t\t\t\t\t\t$this->nginx_data[$vhost_filename] .= \"\\t\" . 'location / {' . \"\\n\";\n\t\t\t\t\t\t$this->nginx_data[$vhost_filename] .= \"\\t\\t\" . 'return 301 ' . $mypath . '$request_uri;' . \"\\n\";\n\t\t\t\t\t\t$this->nginx_data[$vhost_filename] .= \"\\t\" . '}' . \"\\n\";\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\tif (!$is_redirect) {\n\t\t\t\t\t$this->nginx_data[$vhost_filename] .= \"\\t\" . 'root ' . $mypath . ';' . \"\\n\";\n\t\t\t\t\t$this->nginx_data[$vhost_filename] .= \"\\t\" . 'index index.php index.html index.htm;' . \"\\n\\n\";\n\t\t\t\t\t$this->nginx_data[$vhost_filename] .= \"\\t\" . 'location / {' . \"\\n\";\n\t\t\t\t\t$this->nginx_data[$vhost_filename] .= \"\\t\" . '}' . \"\\n\";\n\n\t\t\t\t\tif (Settings::Get('system.froxlordirectlyviahostname')) {\n\t\t\t\t\t\t$relpath = \"/\";\n\t\t\t\t\t} else {\n\t\t\t\t\t\t$relpath = \"/\".basename(Froxlor::getInstallDir());\n\t\t\t\t\t}\n\t\t\t\t\t// protect lib/userdata.inc.php\n\t\t\t\t\t$this->nginx_data[$vhost_filename] .= \"\\t\" . 'location = ' . rtrim($relpath, \"/\") . '/lib/userdata.inc.php {' . \"\\n\";\n\t\t\t\t\t$this->nginx_data[$vhost_filename] .= \"\\t\" . ' deny all;' . \"\\n\";\n\t\t\t\t\t$this->nginx_data[$vhost_filename] .= \"\\t\" . '}' . \"\\n\";\n\n\t\t\t\t\t// protect bin/\n\t\t\t\t\t$this->nginx_data[$vhost_filename] .= \"\\t\" . 'location ~ ^' . rtrim($relpath, \"/\") . '/(bin|cache|logs|tests|vendor) {' . \"\\n\";\n\t\t\t\t\t$this->nginx_data[$vhost_filename] .= \"\\t\" . ' deny all;' . \"\\n\";\n\t\t\t\t\t$this->nginx_data[$vhost_filename] .= \"\\t\" . '}' . \"\\n\";\n\t\t\t\t}\n\n\t\t\t\tif ($row_ipsandports['specialsettings'] != '' && ($row_ipsandports['ssl'] == '0' || ($row_ipsandports['ssl'] == '1' && Settings::Get('system.use_ssl') == '1' && $row_ipsandports['include_specialsettings'] == '1'))) {\n\t\t\t\t\t$this->nginx_data[$vhost_filename] .= $this->processSpecialConfigTemplate($row_ipsandports['specialsettings'], [\n\t\t\t\t\t\t'domain' => Settings::Get('system.hostname'),\n\t\t\t\t\t\t'loginname' => Settings::Get('phpfpm.vhost_httpuser'),\n\t\t\t\t\t\t'documentroot' => $mypath,\n\t\t\t\t\t\t'customerroot' => $mypath\n\t\t\t\t\t], $row_ipsandports['ip'], $row_ipsandports['port'], $row_ipsandports['ssl'] == '1') . \"\\n\";\n\t\t\t\t}\n\n\t\t\t\t/**\n\t\t\t\t * SSL config options\n\t\t\t\t */\n\t\t\t\tif ($row_ipsandports['ssl'] == '1') {\n\t\t\t\t\t$row_ipsandports['domain'] = Settings::Get('system.hostname');\n\t\t\t\t\t$row_ipsandports['ssl_honorcipherorder'] = Settings::Get('system.honorcipherorder');\n\t\t\t\t\t$row_ipsandports['ssl_sessiontickets'] = Settings::Get('system.sessiontickets');\n\t\t\t\t\t$this->nginx_data[$vhost_filename] .= $this->composeSslSettings($row_ipsandports);\n\t\t\t\t\tif ($row_ipsandports['ssl_specialsettings'] != '') {\n\t\t\t\t\t\t$this->nginx_data[$vhost_filename] .= $this->processSpecialConfigTemplate($row_ipsandports['ssl_specialsettings'], [\n\t\t\t\t\t\t\t'domain' => Settings::Get('system.hostname'),\n\t\t\t\t\t\t\t'loginname' => Settings::Get('phpfpm.vhost_httpuser'),\n\t\t\t\t\t\t\t'documentroot' => $mypath,\n\t\t\t\t\t\t\t'customerroot' => $mypath\n\t\t\t\t\t\t], $row_ipsandports['ip'], $row_ipsandports['port'], $row_ipsandports['ssl'] == '1') . \"\\n\";\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\tif (!$is_redirect) {\n\t\t\t\t\t$this->nginx_data[$vhost_filename] .= \"\\tlocation ~ \\.php {\\n\";\n\t\t\t\t\t$this->nginx_data[$vhost_filename] .= \"\\t\\tfastcgi_split_path_info ^(.+?\\.php)(/.*)$;\\n\";\n\t\t\t\t\t$this->nginx_data[$vhost_filename] .= \"\\t\\tinclude \" . Settings::Get('nginx.fastcgiparams') . \";\\n\";\n\t\t\t\t\t$this->nginx_data[$vhost_filename] .= \"\\t\\tfastcgi_param SCRIPT_FILENAME \\$request_filename;\\n\";\n\t\t\t\t\t$this->nginx_data[$vhost_filename] .= \"\\t\\ttry_files \\$fastcgi_script_name =404;\\n\";\n\t\t\t\t\t$this->nginx_data[$vhost_filename] .= \"\\t\\tset \\$path_info \\$fastcgi_path_info;\\n\";\n\t\t\t\t\t$this->nginx_data[$vhost_filename] .= \"\\t\\tfastcgi_param PATH_INFO \\$path_info;\\n\";\n\n\n\t\t\t\t\tif ($row_ipsandports['ssl'] == '1') {\n\t\t\t\t\t\t$this->nginx_data[$vhost_filename] .= \"\\t\\tfastcgi_param HTTPS on;\\n\";\n\t\t\t\t\t}\n\n\t\t\t\t\tif ((int)Settings::Get('phpfpm.enabled') == 1 && (int)Settings::Get('phpfpm.enabled_ownvhost') == 1) {\n\t\t\t\t\t\t// get fpm config\n\t\t\t\t\t\t$fpm_sel_stmt = Database::prepare(\"\n\t\t\t\t\t\t\tSELECT f.id FROM `\" . TABLE_PANEL_FPMDAEMONS . \"` f\n\t\t\t\t\t\t\tLEFT JOIN `\" . TABLE_PANEL_PHPCONFIGS . \"` p ON p.fpmsettingid = f.id\n\t\t\t\t\t\t\tWHERE p.id = :phpconfigid\n\t\t\t\t\t\t\");\n\t\t\t\t\t\t$fpm_config = Database::pexecute_first($fpm_sel_stmt, [\n\t\t\t\t\t\t\t'phpconfigid' => Settings::Get('phpfpm.vhost_defaultini')\n\t\t\t\t\t\t]);\n\t\t\t\t\t\t$domain = [\n\t\t\t\t\t\t\t'id' => 'none',\n\t\t\t\t\t\t\t'domain' => Settings::Get('system.hostname'),\n\t\t\t\t\t\t\t'adminid' => 1, /* first admin-user (superadmin) */\n\t\t\t\t\t\t\t'mod_fcgid_starter' => -1,\n\t\t\t\t\t\t\t'mod_fcgid_maxrequests' => -1,\n\t\t\t\t\t\t\t'guid' => Settings::Get('phpfpm.vhost_httpuser'),\n\t\t\t\t\t\t\t'openbasedir' => 0,\n\t\t\t\t\t\t\t'email' => Settings::Get('panel.adminmail'),\n\t\t\t\t\t\t\t'loginname' => 'froxlor.panel',\n\t\t\t\t\t\t\t'documentroot' => $mypath,\n\t\t\t\t\t\t\t'customerroot' => $mypath,\n\t\t\t\t\t\t\t'fpm_config_id' => isset($fpm_config['id']) ? $fpm_config['id'] : 1\n\t\t\t\t\t\t];\n\n\t\t\t\t\t\t$php = new PhpInterface($domain);\n\t\t\t\t\t\t$this->nginx_data[$vhost_filename] .= \"\\t\\tfastcgi_pass unix:\" . $php->getInterface()->getSocketFile() . \";\\n\";\n\t\t\t\t\t} else {\n\t\t\t\t\t\t$this->nginx_data[$vhost_filename] .= \"\\t\\tfastcgi_pass \" . Settings::Get('system.nginx_php_backend') . \";\\n\";\n\t\t\t\t\t}\n\n\t\t\t\t\t$this->nginx_data[$vhost_filename] .= \"\\t\\tfastcgi_index index.php;\\n\";\n\t\t\t\t\t$this->nginx_data[$vhost_filename] .= \"\\t}\\n\";\n\t\t\t\t}\n\n\t\t\t\t$this->nginx_data[$vhost_filename] .= \"}\\n\\n\";\n\t\t\t\t// End of Froxlor server{}-part\n\t\t\t}\n\t\t}\n\n\t\t$this->createNginxHosts();\n\n\t\t/**\n\t\t * standard error pages\n\t\t */\n\t\t$this->createStandardErrorHandler();\n\t}\n\n\tprivate function createLogformatEntry()\n\t{\n\t\tif (Settings::Get('system.logfiles_format') != '') {\n\t\t\t$vhosts_folder = '';\n\t\t\tif (is_dir(Settings::Get('system.apacheconf_vhost'))) {\n\t\t\t\t$vhosts_folder = FileDir::makeCorrectDir(Settings::Get('system.apacheconf_vhost'));\n\t\t\t} else {\n\t\t\t\t$vhosts_folder = FileDir::makeCorrectDir(dirname(Settings::Get('system.apacheconf_vhost')));\n\t\t\t}\n\n\t\t\t$vhosts_filename = FileDir::makeCorrectFile($vhosts_folder . '/02_froxlor_logfiles_format.conf');\n\n\t\t\tif (!isset($this->nginx_data[$vhosts_filename])) {\n\t\t\t\t$this->nginx_data[$vhosts_filename] = '';\n\t\t\t}\n\n\t\t\t$logtype = 'frx_custom';\n\t\t\t$this->nginx_data[$vhosts_filename] = 'log_format ' . $logtype . ' ' . Settings::Get('system.logfiles_format') . ';' . \"\\n\";\n\t\t}\n\t}\n\n\tprotected function composeSslSettings($domain_or_ip)\n\t{\n\t\t$sslsettings = '';\n\n\t\tif ($domain_or_ip['ssl_cert_file'] == '' || !file_exists($domain_or_ip['ssl_cert_file'])) {\n\t\t\t$domain_or_ip['ssl_cert_file'] = Settings::Get('system.ssl_cert_file');\n\t\t\tif (!file_exists($domain_or_ip['ssl_cert_file'])) {\n\t\t\t\t// explicitly disable ssl for this vhost\n\t\t\t\t$domain_or_ip['ssl_cert_file'] = \"\";\n\t\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, 'System certificate file \"' . Settings::Get('system.ssl_cert_file') . '\" does not seem to exist. Disabling SSL-vhost for \"' . $domain_or_ip['domain'] . '\"');\n\t\t\t}\n\t\t}\n\n\t\tif ($domain_or_ip['ssl_key_file'] == '' || !file_exists($domain_or_ip['ssl_key_file'])) {\n\t\t\t// use fallback\n\t\t\t$domain_or_ip['ssl_key_file'] = Settings::Get('system.ssl_key_file');\n\t\t\t// check whether it exists\n\t\t\tif (!file_exists($domain_or_ip['ssl_key_file'])) {\n\t\t\t\t// explicitly disable ssl for this vhost\n\t\t\t\t$domain_or_ip['ssl_cert_file'] = \"\";\n\t\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, 'System certificate key-file \"' . Settings::Get('system.ssl_key_file') . '\" does not seem to exist. Disabling SSL-vhost for \"' . $domain_or_ip['domain'] . '\"');\n\t\t\t}\n\t\t}\n\n\t\tif ($domain_or_ip['ssl_ca_file'] == '') {\n\t\t\t$domain_or_ip['ssl_ca_file'] = Settings::Get('system.ssl_ca_file');\n\t\t}\n\n\t\t// #418\n\t\tif ($domain_or_ip['ssl_cert_chainfile'] == '') {\n\t\t\t$domain_or_ip['ssl_cert_chainfile'] = Settings::Get('system.ssl_cert_chainfile');\n\t\t}\n\n\t\tif ($domain_or_ip['ssl_cert_file'] != '') {\n\t\t\t// check for existence, #1485\n\t\t\tif (!file_exists($domain_or_ip['ssl_cert_file'])) {\n\t\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_ERR, $domain_or_ip['domain'] . ' :: certificate file \"' . $domain_or_ip['ssl_cert_file'] . '\" does not exist! Cannot create ssl-directives');\n\t\t\t} else {\n\t\t\t\t$ssl_protocols = (isset($domain_or_ip['override_tls']) && $domain_or_ip['override_tls'] == '1' && !empty($domain_or_ip['ssl_protocols'])) ? $domain_or_ip['ssl_protocols'] : Settings::Get('system.ssl_protocols');\n\t\t\t\t$ssl_cipher_list = (isset($domain_or_ip['override_tls']) && $domain_or_ip['override_tls'] == '1' && !empty($domain_or_ip['ssl_cipher_list'])) ? $domain_or_ip['ssl_cipher_list'] : Settings::Get('system.ssl_cipher_list');\n\n\t\t\t\t// obsolete: ssl on now belongs to the listen block as 'ssl' at the end\n\t\t\t\t// $sslsettings .= \"\\t\" . 'ssl on;' . \"\\n\";\n\t\t\t\t$sslsettings .= \"\\t\" . 'ssl_protocols ' . str_replace(\",\", \" \", $ssl_protocols) . ';' . \"\\n\";\n\t\t\t\t$sslsettings .= \"\\t\" . 'ssl_ciphers ' . $ssl_cipher_list . ';' . \"\\n\";\n\t\t\t\tif (!empty(Settings::Get('system.dhparams_file'))) {\n\t\t\t\t\t$dhparams = FileDir::makeCorrectFile(Settings::Get('system.dhparams_file'));\n\t\t\t\t\tif (!file_exists($dhparams)) {\n\t\t\t\t\t\tfile_put_contents($dhparams, self::FFDHE4096);\n\t\t\t\t\t}\n\t\t\t\t\t$sslsettings .= \"\\t\" . 'ssl_dhparam ' . $dhparams . ';' . \"\\n\";\n\t\t\t\t}\n\t\t\t\t// When <1.11.0: Defaults to prime256v1, similar to first curve recommendation by Mozilla.\n\t\t\t\t// (When specifyng just one, there's no fallback when specific curve is not supported by client.)\n\t\t\t\t// When >1.11.0: Defaults to auto, using recommended curves provided by OpenSSL.\n\t\t\t\t// see https://github.com/Froxlor/Froxlor/issues/652\n\t\t\t\t// $sslsettings .= \"\\t\" . 'ssl_ecdh_curve secp384r1;' . \"\\n\";\n\t\t\t\t$sslsettings .= \"\\t\" . 'ssl_prefer_server_ciphers ' . (isset($domain_or_ip['ssl_honorcipherorder']) && $domain_or_ip['ssl_honorcipherorder'] == '1' ? 'on' : 'off') . ';' . \"\\n\";\n\t\t\t\tif (Settings::Get('system.sessionticketsenabled') == '1') {\n\t\t\t\t\t$sslsettings .= \"\\t\" . 'ssl_session_tickets ' . (isset($domain_or_ip['ssl_sessiontickets']) && $domain_or_ip['ssl_sessiontickets'] == '1' ? 'on' : 'off') . ';' . \"\\n\";\n\t\t\t\t}\n\t\t\t\t$sslsettings .= \"\\t\" . 'ssl_session_cache shared:SSL:10m;' . \"\\n\";\n\t\t\t\t$sslsettings .= \"\\t\" . 'ssl_certificate ' . FileDir::makeCorrectFile($domain_or_ip['ssl_cert_file']) . ';' . \"\\n\";\n\n\t\t\t\tif ($domain_or_ip['ssl_key_file'] != '') {\n\t\t\t\t\t// check for existence, #1485\n\t\t\t\t\tif (!file_exists($domain_or_ip['ssl_key_file'])) {\n\t\t\t\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_ERR, $domain_or_ip['domain'] . ' :: certificate key file \"' . $domain_or_ip['ssl_key_file'] . '\" does not exist! Cannot create ssl-directives');\n\t\t\t\t\t} else {\n\t\t\t\t\t\t$sslsettings .= \"\\t\" . 'ssl_certificate_key ' . FileDir::makeCorrectFile($domain_or_ip['ssl_key_file']) . ';' . \"\\n\";\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\tif (isset($domain_or_ip['hsts']) && $domain_or_ip['hsts'] >= 0) {\n\t\t\t\t\t$sslsettings .= 'add_header Strict-Transport-Security \"max-age=' . $domain_or_ip['hsts'];\n\t\t\t\t\tif ($domain_or_ip['hsts_sub'] == 1) {\n\t\t\t\t\t\t$sslsettings .= '; includeSubDomains';\n\t\t\t\t\t}\n\t\t\t\t\tif ($domain_or_ip['hsts_preload'] == 1) {\n\t\t\t\t\t\t$sslsettings .= '; preload';\n\t\t\t\t\t}\n\t\t\t\t\t$sslsettings .= '\" always;' . \"\\n\";\n\t\t\t\t}\n\n\t\t\t\tif ((isset($domain_or_ip['ocsp_stapling']) && $domain_or_ip['ocsp_stapling'] == \"1\")) {\n\t\t\t\t\t$sslsettings .= \"\\t\" . 'ssl_stapling on;' . \"\\n\";\n\t\t\t\t\t$sslsettings .= \"\\t\" . 'ssl_stapling_verify on;' . \"\\n\";\n\t\t\t\t\t$sslsettings .= \"\\t\" . 'ssl_trusted_certificate ' . FileDir::makeCorrectFile($domain_or_ip['ssl_cert_file']) . ';' . \"\\n\";\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\treturn $sslsettings;\n\t}\n\n\t/**\n\t * create vhosts\n\t */\n\tprotected function createNginxHosts()\n\t{\n\t\t$domains = WebserverBase::getVhostsToCreate();\n\t\tforeach ($domains as $domain) {\n\t\t\tif (is_dir(Settings::Get('system.apacheconf_vhost'))) {\n\t\t\t\tFileDir::safe_exec('mkdir -p ' . escapeshellarg(FileDir::makeCorrectDir(Settings::Get('system.apacheconf_vhost'))));\n\t\t\t}\n\n\t\t\t$vhost_filename = $this->getVhostFilename($domain);\n\n\t\t\tif (!isset($this->nginx_data[$vhost_filename])) {\n\t\t\t\t$this->nginx_data[$vhost_filename] = '';\n\t\t\t}\n\n\t\t\tif ((empty($this->nginx_data[$vhost_filename]) && !is_dir(Settings::Get('system.apacheconf_vhost'))) || is_dir(Settings::Get('system.apacheconf_vhost'))) {\n\t\t\t\t$domain['nonexistinguri'] = '/' . md5(uniqid(microtime(), 1)) . '.htm';\n\n\t\t\t\t// Create non-ssl host\n\t\t\t\t$this->nginx_data[$vhost_filename] .= $this->getVhostContent($domain, false);\n\t\t\t\tif ($domain['ssl'] == '1' || $domain['ssl_redirect'] == '1') {\n\t\t\t\t\t$vhost_filename_ssl = $this->getVhostFilename($domain, true);\n\t\t\t\t\tif (!isset($this->nginx_data[$vhost_filename_ssl])) {\n\t\t\t\t\t\t$this->nginx_data[$vhost_filename_ssl] = '';\n\t\t\t\t\t}\n\t\t\t\t\t// Now enable ssl stuff\n\t\t\t\t\t$this->nginx_data[$vhost_filename_ssl] .= $this->getVhostContent($domain, true);\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t}\n\n\tprotected function getVhostContent($domain, $ssl_vhost = false)\n\t{\n\t\tif ($ssl_vhost === true && $domain['ssl'] != '1' && $domain['ssl_redirect'] != '1') {\n\t\t\treturn '';\n\t\t}\n\n\t\t// check whether the customer/domain is deactivated and NO docroot for deactivated users has been set#\n\t\t$ddr = Settings::Get('system.deactivateddocroot');\n\t\tif (($domain['deactivated'] == '1' || $domain['customer_deactivated'] == '1') && empty($ddr)) {\n\t\t\treturn '# Customer deactivated and a docroot for deactivated users/domains hasn\\'t been set.' . \"\\n\";\n\t\t}\n\n\t\t$vhost_content = '';\n\t\t$_vhost_content = '';\n\t\t$has_http2_on = false;\n\n\t\t$query = \"SELECT * FROM `\" . TABLE_PANEL_IPSANDPORTS . \"` `i`, `\" . TABLE_DOMAINTOIP . \"` `dip`\n\t\t\tWHERE dip.id_domain = :domainid AND i.id = dip.id_ipandports \";\n\n\t\tif ($ssl_vhost === true && ($domain['ssl'] == '1' || $domain['ssl_redirect'] == '1')) {\n\t\t\t// by ordering by cert-file the row with filled out SSL-Fields will be shown last,\n\t\t\t// thus it is enough to fill out 1 set of SSL-Fields\n\t\t\t$query .= \"AND i.ssl = 1 ORDER BY i.ssl_cert_file ASC;\";\n\t\t} else {\n\t\t\t$query .= \"AND i.ssl = '0';\";\n\t\t}\n\n\t\t// start vhost\n\t\t$vhost_content .= 'server { ' . \"\\n\";\n\n\t\t$result_stmt = Database::prepare($query);\n\t\tDatabase::pexecute($result_stmt, [\n\t\t\t'domainid' => $domain['id']\n\t\t]);\n\n\t\t$http3 = $ssl_vhost == true && (isset($domain['http3']) && $domain['http3'] == '1' && Settings::Get('system.http3_support') == '1');\n\t\twhile ($ipandport = $result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t$domain['ip'] = $ipandport['ip'];\n\t\t\t$domain['port'] = $ipandport['port'];\n\t\t\tif ($domain['ssl'] == '1') {\n\t\t\t\t$domain['ssl_cert_file'] = $ipandport['ssl_cert_file'];\n\t\t\t\t$domain['ssl_key_file'] = $ipandport['ssl_key_file'];\n\t\t\t\t$domain['ssl_ca_file'] = $ipandport['ssl_ca_file'];\n\t\t\t\t$domain['ssl_cert_chainfile'] = $ipandport['ssl_cert_chainfile'];\n\n\t\t\t\t// SSL STUFF\n\t\t\t\t$dssl = new DomainSSL();\n\t\t\t\t// this sets the ssl-related array-indices in the $domain array\n\t\t\t\t// if the domain has customer-defined ssl-certificates\n\t\t\t\t$dssl->setDomainSSLFilesArray($domain);\n\t\t\t}\n\n\t\t\tif (filter_var($domain['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {\n\t\t\t\t$ipport = '[' . $domain['ip'] . ']:' . $domain['port'];\n\t\t\t} else {\n\t\t\t\t$ipport = $domain['ip'] . ':' . $domain['port'];\n\t\t\t}\n\n\t\t\tif ($ipandport['default_vhostconf_domain'] != '' && ($ssl_vhost == false || ($ssl_vhost == true && $ipandport['include_default_vhostconf_domain'] == '1'))) {\n\t\t\t\t$_vhost_content .= $this->processSpecialConfigTemplate($ipandport['default_vhostconf_domain'], $domain, $domain['ip'], $domain['port'], $ssl_vhost) . \"\\n\";\n\t\t\t}\n\t\t\tif ($ipandport['ssl_default_vhostconf_domain'] != '' && $ssl_vhost == true) {\n\t\t\t\t$_vhost_content .= $this->processSpecialConfigTemplate($ipandport['ssl_default_vhostconf_domain'], $domain, $domain['ip'], $domain['port'], $ssl_vhost) . \"\\n\";\n\t\t\t}\n\t\t\t$http2 = $ssl_vhost == true && (isset($domain['http2']) && $domain['http2'] == '1' && Settings::Get('system.http2_support') == '1');\n\n\t\t\t$vhost_content .= \"\\t\" . 'listen ' . $ipport . ($ssl_vhost == true ? ' ssl' : '') . ($http2 && !$this->http2_on_directive ? ' http2' : '') . ';' . \"\\n\";\n\t\t\tif ($http2 && $this->http2_on_directive && !$has_http2_on) {\n\t\t\t\t$vhost_content .= \"\\t\" . 'http2 on;' . \"\\n\";\n\t\t\t\t$has_http2_on = true;\n\t\t\t}\n\t\t\tif ($http3) {\n\t\t\t\t$vhost_content .= \"\\t\" . 'listen ' . $ipport . ' quic;' . \"\\n\";\n\t\t\t}\n\t\t}\n\n\t\tif ($http3) {\n\t\t\t$vhost_content .= \"\\t\" . 'add_header Alt-Svc \\'h3=\":' . $domain['port'] . '\"; ma=86400\\' always;' . \"\\n\";\n\t\t\t$vhost_content .= \"\\t\" . 'http3 on;' . \"\\n\";\n\t\t\t$vhost_content .= \"\\t\" . 'quic_gso on;' . \"\\n\";\n\t\t\t$vhost_content .= \"\\t\" . 'quic_retry on;' . \"\\n\";\n\t\t}\n\n\t\t// get all server-names\n\t\t$vhost_content .= $this->getServerNames($domain);\n\n\t\t// respect ssl_redirect settings, #542\n\t\tif ($ssl_vhost == false && $domain['ssl'] == '1' && $domain['ssl_redirect'] == '1') {\n\t\t\t// We must not check if our port differs from port 443,\n\t\t\t// but if there is a destination-port != 443\n\t\t\t$_sslport = '';\n\t\t\t// This returns the first port that is != 443 with ssl enabled, if any\n\t\t\t// ordered by ssl-certificate (if any) so that the ip/port combo\n\t\t\t// with certificate is used\n\t\t\t$ssldestport_stmt = Database::prepare(\"SELECT `ip`.`port` FROM \" . TABLE_PANEL_IPSANDPORTS . \" `ip`\n\t\t\t\tLEFT JOIN `\" . TABLE_DOMAINTOIP . \"` `dip` ON (`ip`.`id` = `dip`.`id_ipandports`)\n\t\t\t\tWHERE `dip`.`id_domain` = :domainid\n\t\t\t\tAND `ip`.`ssl` = '1' AND `ip`.`port` != 443\n\t\t\t\tORDER BY `ip`.`ssl_cert_file` DESC, `ip`.`port` LIMIT 1;\");\n\t\t\t$ssldestport = Database::pexecute_first($ssldestport_stmt, [\n\t\t\t\t'domainid' => $domain['id']\n\t\t\t]);\n\n\t\t\tif ($ssldestport && $ssldestport['port'] != '') {\n\t\t\t\t$_sslport = \":\" . $ssldestport['port'];\n\t\t\t}\n\n\t\t\t$domain['documentroot'] = 'https://$host' . $_sslport . '/';\n\t\t}\n\n\t\t// avoid using any whitespaces\n\t\t$domain['documentroot'] = trim($domain['documentroot']);\n\n\t\t// create ssl settings first since they are required for normal and redirect vhosts\n\t\tif ($ssl_vhost === true && $domain['ssl'] == '1' && Settings::Get('system.use_ssl') == '1') {\n\t\t\t$vhost_content .= \"\\n\" . $this->composeSslSettings($domain) . \"\\n\";\n\t\t}\n\n\t\tif (Settings::Get('system.use_ssl') == '1' && Settings::Get('system.leenabled') == '1') {\n\t\t\t$acmeConfFilename = Settings::Get('system.letsencryptacmeconf');\n\t\t\t$vhost_content .= \"\\t\" . 'include ' . $acmeConfFilename . ';' . \"\\n\";\n\t\t}\n\n\t\t// if the documentroot is an URL we just redirect\n\t\tif (preg_match('/^https?\\:\\/\\//', $domain['documentroot'])) {\n\t\t\t$possible_deactivated_webroot = $this->getWebroot($domain);\n\t\t\tif ($this->deactivated == false) {\n\t\t\t\t$uri = $domain['documentroot'];\n\t\t\t\tif (substr($uri, -1) == '/') {\n\t\t\t\t\t$uri = substr($uri, 0, -1);\n\t\t\t\t}\n\n\t\t\t\t// Get domain's redirect code\n\t\t\t\t$code = Domain::getDomainRedirectCode($domain['id']);\n\n\t\t\t\t$vhost_content .= $this->getLogFiles($domain);\n\t\t\t\t$vhost_content .= \"\\t\" . 'location / {' . \"\\n\";\n\t\t\t\t$vhost_content .= \"\\t\\t\" . 'return ' . $code . ' ' . $uri . '$request_uri;' . \"\\n\";\n\t\t\t\t$vhost_content .= \"\\t\" . '}' . \"\\n\";\n\t\t\t} elseif (Settings::Get('system.deactivateddocroot') != '') {\n\t\t\t\t$vhost_content .= $possible_deactivated_webroot;\n\t\t\t}\n\t\t} else {\n\t\t\tFileDir::mkDirWithCorrectOwnership($domain['customerroot'], $domain['documentroot'], $domain['guid'], $domain['guid'], true);\n\n\t\t\t$vhost_content .= $this->getLogFiles($domain);\n\t\t\t$vhost_content .= $this->getWebroot($domain);\n\n\t\t\tif ($this->deactivated == false) {\n\t\t\t\t$vhost_content = $this->mergeVhostCustom($vhost_content, $this->createPathOptions($domain)) . \"\\n\";\n\t\t\t\t$vhost_content .= $this->composePhpOptions($domain, $ssl_vhost);\n\n\t\t\t\t$vhost_content .= isset($this->needed_htpasswds[$domain['id']]) ? $this->needed_htpasswds[$domain['id']] . \"\\n\" : '';\n\n\t\t\t\tif ($domain['specialsettings'] != '' && ($ssl_vhost == false || ($ssl_vhost == true && $domain['include_specialsettings'] == 1))) {\n\t\t\t\t\t$vhost_content = $this->mergeVhostCustom($vhost_content, $this->processSpecialConfigTemplate($domain['specialsettings'], $domain, $domain['ip'], $domain['port'], $ssl_vhost));\n\t\t\t\t}\n\n\t\t\t\tif ($domain['ssl_specialsettings'] != '' && $ssl_vhost == true) {\n\t\t\t\t\t$vhost_content = $this->mergeVhostCustom($vhost_content, $this->processSpecialConfigTemplate($domain['ssl_specialsettings'], $domain, $domain['ip'], $domain['port'], $ssl_vhost));\n\t\t\t\t}\n\n\t\t\t\tif ($_vhost_content != '') {\n\t\t\t\t\t$vhost_content = $this->mergeVhostCustom($vhost_content, $_vhost_content);\n\t\t\t\t}\n\n\t\t\t\tif (Settings::Get('system.default_vhostconf') != '' && ($ssl_vhost == false || ($ssl_vhost == true && Settings::Get('system.include_default_vhostconf') == 1))) {\n\t\t\t\t\t$vhost_content = $this->mergeVhostCustom($vhost_content, $this->processSpecialConfigTemplate(Settings::Get('system.default_vhostconf'), $domain, $domain['ip'], $domain['port'], $ssl_vhost) . \"\\n\");\n\t\t\t\t}\n\n\t\t\t\tif (Settings::Get('system.default_sslvhostconf') != '' && $ssl_vhost == true) {\n\t\t\t\t\t$vhost_content = $this->mergeVhostCustom($vhost_content, $this->processSpecialConfigTemplate(Settings::Get('system.default_sslvhostconf'), $domain, $domain['ip'], $domain['port'], $ssl_vhost) . \"\\n\");\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t\t$vhost_content .= \"\\n}\\n\\n\";\n\n\t\treturn $vhost_content;\n\t}\n\n\tprotected function getServerNames($domain)\n\t{\n\t\t$server_alias = '';\n\n\t\tif ($domain['iswildcarddomain'] == '1') {\n\t\t\t$server_alias = '*.' . $domain['domain'];\n\t\t} elseif ($domain['wwwserveralias'] == '1') {\n\t\t\t$server_alias = 'www.' . $domain['domain'];\n\t\t}\n\n\t\t$alias_domains_stmt = Database::prepare(\"\n\t\t\tSELECT `domain`, `iswildcarddomain`, `wwwserveralias`\n\t\t\tFROM `\" . TABLE_PANEL_DOMAINS . \"`\n\t\t\tWHERE `aliasdomain` = :domainid\n\t\t\");\n\t\tDatabase::pexecute($alias_domains_stmt, [\n\t\t\t'domainid' => $domain['id']\n\t\t]);\n\n\t\twhile (($alias_domain = $alias_domains_stmt->fetch(PDO::FETCH_ASSOC)) !== false) {\n\t\t\t$server_alias .= ' ' . $alias_domain['domain'];\n\n\t\t\tif ($alias_domain['iswildcarddomain'] == '1') {\n\t\t\t\t$server_alias .= ' *.' . $alias_domain['domain'];\n\t\t\t} elseif ($alias_domain['wwwserveralias'] == '1') {\n\t\t\t\t$server_alias .= ' www.' . $alias_domain['domain'];\n\t\t\t}\n\t\t}\n\n\t\t$servernames_text = \"\\t\" . 'server_name ' . $domain['domain'];\n\t\tif (trim($server_alias) != '') {\n\t\t\t$servernames_text .= ' ' . $server_alias;\n\t\t}\n\t\t$servernames_text .= ';' . \"\\n\";\n\n\t\treturn $servernames_text;\n\t}\n\n\tprotected function getLogFiles($domain)\n\t{\n\t\t$logfiles_text = '';\n\n\t\t$speciallogfile = '';\n\t\tif ($domain['speciallogfile'] == '1') {\n\t\t\tif ($domain['parentdomainid'] == '0') {\n\t\t\t\t$speciallogfile = '-' . $domain['domain'];\n\t\t\t} else {\n\t\t\t\t$speciallogfile = '-' . $domain['parentdomain'];\n\t\t\t}\n\t\t}\n\n\t\tif ($domain['writeerrorlog']) {\n\t\t\t// The normal access/error - logging is enabled\n\t\t\t$error_log = FileDir::makeCorrectFile(Settings::Get('system.logfiles_directory') . $domain['loginname'] . $speciallogfile . '-error.log');\n\t\t\t// Create the logfile if it does not exist (fixes #46)\n\t\t\ttouch($error_log);\n\t\t\tchmod($error_log, 0640);\n\t\t\tchown($error_log, Settings::Get('system.httpuser'));\n\t\t\tchgrp($error_log, Settings::Get('system.httpgroup'));\n\t\t} else {\n\t\t\t$error_log = '/dev/null';\n\t\t}\n\n\t\tif ($domain['writeaccesslog']) {\n\t\t\t$access_log = FileDir::makeCorrectFile(Settings::Get('system.logfiles_directory') . $domain['loginname'] . $speciallogfile . '-access.log');\n\t\t\t// Create the logfile if it does not exist (fixes #46)\n\t\t\ttouch($access_log);\n\t\t\tchmod($access_log, 0640);\n\t\t\tchown($access_log, Settings::Get('system.httpuser'));\n\t\t\tchgrp($access_log, Settings::Get('system.httpgroup'));\n\t\t} else {\n\t\t\t$access_log = '/dev/null';\n\t\t}\n\n\t\t$logtype = 'combined';\n\t\tif (Settings::Get('system.logfiles_format') != '') {\n\t\t\t$logtype = 'frx_custom';\n\t\t}\n\n\t\t$logfiles_text .= \"\\t\" . 'access_log ' . $access_log . ' ' . $logtype . ';' . \"\\n\";\n\t\t$logfiles_text .= \"\\t\" . 'error_log ' . $error_log . ' ' . Settings::Get('system.errorlog_level') . ';' . \"\\n\";\n\n\t\tif (Settings::Get('system.traffictool') == 'awstats') {\n\t\t\tif ((int)$domain['parentdomainid'] == 0) {\n\t\t\t\t// prepare the aliases and subdomains for stats config files\n\t\t\t\t$server_alias = '';\n\t\t\t\t$alias_domains_stmt = Database::prepare(\"\n\t\t\t\t\tSELECT `domain`, `iswildcarddomain`, `wwwserveralias`\n\t\t\t\t\tFROM `\" . TABLE_PANEL_DOMAINS . \"`\n\t\t\t\t\tWHERE `aliasdomain` = :domainid OR `parentdomainid` = :domainid\n\t\t\t\t\");\n\t\t\t\tDatabase::pexecute($alias_domains_stmt, [\n\t\t\t\t\t'domainid' => $domain['id']\n\t\t\t\t]);\n\n\t\t\t\twhile (($alias_domain = $alias_domains_stmt->fetch(PDO::FETCH_ASSOC)) !== false) {\n\t\t\t\t\t$server_alias .= ' ' . $alias_domain['domain'] . ' ';\n\n\t\t\t\t\tif ($alias_domain['iswildcarddomain'] == '1') {\n\t\t\t\t\t\t$server_alias .= '*.' . $domain['domain'];\n\t\t\t\t\t} else {\n\t\t\t\t\t\tif ($alias_domain['wwwserveralias'] == '1') {\n\t\t\t\t\t\t\t$server_alias .= 'www.' . $alias_domain['domain'];\n\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t$server_alias .= '';\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\t$alias = '';\n\t\t\t\tif ($domain['iswildcarddomain'] == '1') {\n\t\t\t\t\t$alias = '*.' . $domain['domain'];\n\t\t\t\t} elseif ($domain['wwwserveralias'] == '1') {\n\t\t\t\t\t$alias = 'www.' . $domain['domain'];\n\t\t\t\t}\n\n\t\t\t\t// After inserting the AWStats information,\n\t\t\t\t// be sure to build the awstats conf file as well\n\t\t\t\t// and chown it using $awstats_params, #258\n\t\t\t\t// Bug 960 + Bug 970 : Use full $domain instead of custom $awstats_params as following classes depend on the information\n\t\t\t\tStatistics::createAWStatsConf(Settings::Get('system.logfiles_directory') . $domain['loginname'] . $speciallogfile . '-access.log', $domain['domain'], $alias . $server_alias, $domain['customerroot'], $domain);\n\t\t\t}\n\t\t}\n\n\t\treturn $logfiles_text;\n\t}\n\n\tprotected function getWebroot($domain)\n\t{\n\t\t$webroot_text = '';\n\n\t\tif (($domain['deactivated'] == '1' || $domain['customer_deactivated'] == '1' ) && Settings::Get('system.deactivateddocroot') != '') {\n\t\t\t$webroot_text .= \"\\t\" . '# Using docroot for deactivated users/domains...' . \"\\n\";\n\t\t\t$webroot_text .= \"\\t\" . 'root ' . FileDir::makeCorrectDir(Settings::Get('system.deactivateddocroot')) . ';' . \"\\n\";\n\t\t\t$this->deactivated = true;\n\t\t} else {\n\t\t\t$webroot_text .= \"\\t\" . 'root ' . FileDir::makeCorrectDir($domain['documentroot']) . ';' . \"\\n\";\n\t\t\t$this->deactivated = false;\n\t\t}\n\n\t\t$webroot_text .= \"\\n\\t\" . 'location / {' . \"\\n\";\n\n\t\tif ($domain['phpenabled_customer'] == 1 && $domain['phpenabled_vhost'] == '1') {\n\t\t\t$webroot_text .= \"\\t\" . 'index index.php index.html index.htm;' . \"\\n\";\n\t\t\tif ($domain['notryfiles'] != 1) {\n\t\t\t\t$webroot_text .= \"\\t\\t\" . 'try_files $uri $uri/ @rewrites;' . \"\\n\";\n\t\t\t}\n\t\t} else {\n\t\t\t$webroot_text .= \"\\t\" . 'index index.html index.htm;' . \"\\n\";\n\t\t}\n\n\t\tif ($this->vhost_root_autoindex) {\n\t\t\t$webroot_text .= \"\\t\\t\" . 'autoindex on;' . \"\\n\";\n\t\t\t$this->vhost_root_autoindex = false;\n\t\t}\n\n\t\t$webroot_text .= \"\\t\" . '}' . \"\\n\\n\";\n\t\tif ($domain['phpenabled_customer'] == 1 && $domain['phpenabled_vhost'] == '1' && $domain['notryfiles'] != 1) {\n\t\t\t$webroot_text .= \"\\tlocation @rewrites {\\n\";\n\t\t\t$webroot_text .= \"\\t\\trewrite ^ /index.php last;\\n\";\n\t\t\t$webroot_text .= \"\\t}\\n\\n\";\n\t\t}\n\n\t\treturn $webroot_text;\n\t}\n\n\tprotected function mergeVhostCustom($vhost_frx, $vhost_usr)\n\t{\n\t\t// Clean froxlor defined settings\n\t\t$vhost_frx = $this->cleanVhostStruct($vhost_frx);\n\t\t// Clean user defined settings\n\t\t$vhost_usr = $this->cleanVhostStruct($vhost_usr);\n\n\t\t// Cycle through the user defined settings\n\t\t$currentBlock = [];\n\t\t$blockLevel = 0;\n\t\tforeach ($vhost_usr as $line) {\n\t\t\t$line = trim($line);\n\t\t\t$currentBlock[] = $line;\n\n\t\t\tif (strpos($line, \"{\") !== false) {\n\t\t\t\t$blockLevel++;\n\t\t\t}\n\t\t\tif (strpos($line, \"}\") !== false && $blockLevel > 0) {\n\t\t\t\t$blockLevel--;\n\t\t\t}\n\n\t\t\tif ($line == \"}\" && $blockLevel == 0) {\n\t\t\t\tif (in_array($currentBlock[0], $vhost_frx)) {\n\t\t\t\t\t// Add to existing block\n\t\t\t\t\t$pos = array_search($currentBlock[0], $vhost_frx);\n\t\t\t\t\tdo {\n\t\t\t\t\t\t$pos++;\n\t\t\t\t\t} while ($vhost_frx[$pos] != \"}\");\n\n\t\t\t\t\tfor ($i = 1; $i < count($currentBlock) - 1; $i++) {\n\t\t\t\t\t\tarray_splice($vhost_frx, $pos + $i - 1, 0, $currentBlock[$i]);\n\t\t\t\t\t}\n\t\t\t\t} else {\n\t\t\t\t\t// Add to end\n\t\t\t\t\tarray_splice($vhost_frx, count($vhost_frx), 0, $currentBlock);\n\t\t\t\t}\n\t\t\t\t$currentBlock = [];\n\t\t\t} elseif ($blockLevel == 0) {\n\t\t\t\tarray_splice($vhost_frx, count($vhost_frx), 0, $currentBlock);\n\t\t\t\t$currentBlock = [];\n\t\t\t}\n\t\t}\n\n\t\t$nextLevel = 0;\n\t\tfor ($i = 0; $i < count($vhost_frx); $i++) {\n\t\t\tif (substr_count($vhost_frx[$i], \"}\") != 0 && substr_count($vhost_frx[$i], \"{\") == 0) {\n\t\t\t\t$nextLevel -= 1;\n\t\t\t\t$vhost_frx[$i] .= \"\\n\";\n\t\t\t}\n\t\t\tif ($nextLevel > 0) {\n\t\t\t\tfor ($j = 0; $j < $nextLevel; $j++) {\n\t\t\t\t\t$vhost_frx[$i] = \"\t\" . $vhost_frx[$i];\n\t\t\t\t}\n\t\t\t}\n\t\t\tif (substr_count($vhost_frx[$i], \"{\") != 0 && substr_count($vhost_frx[$i], \"}\") == 0) {\n\t\t\t\t$nextLevel += 1;\n\t\t\t}\n\t\t}\n\n\t\treturn implode(\"\\n\", $vhost_frx);\n\t}\n\n\tprivate function cleanVhostStruct($vhost = null)\n\t{\n\t\t// Remove windows linebreaks\n\t\t$vhost = str_replace(\"\\r\", \"\\n\", $vhost);\n\t\t// remove comments\n\t\t$vhost = implode(\"\\n\", preg_replace('/^(\\s+)?#(.*)$/', '', explode(\"\\n\", $vhost)));\n\t\t// Break blocks into lines\n\t\t$vhost = preg_replace(\"/^(\\s+)?location(.+)\\{(.+)\\}$/misU\", \"location $2 {\\n $3 \\n}\", $vhost);\n\t\t// Break into array items\n\t\t$vhost = explode(\"\\n\", preg_replace('/[ \\t]+/', ' ', trim(preg_replace('/\\t+/', '', $vhost))));\n\t\t// Remove empty lines\n\t\t$vhost = array_filter($vhost, function ($a) {\n\t\t\treturn preg_match(\"#\\S#\", $a);\n\t\t});\n\n\t\t// remove unnecessary whitespaces\n\t\t$vhost = array_map(\"trim\", $vhost);\n\t\t// re-number array keys\n\t\t$vhost = array_values($vhost);\n\t\treturn $vhost;\n\t}\n\n\tprotected function createPathOptions($domain)\n\t{\n\t\t$result_stmt = Database::prepare(\"\n\t\t\tSELECT * FROM \" . TABLE_PANEL_HTACCESS . \"\n\t\t\tWHERE `path` LIKE :docroot\n\t\t\");\n\t\tDatabase::pexecute($result_stmt, [\n\t\t\t'docroot' => $domain['documentroot'] . '%'\n\t\t]);\n\n\t\t$path_options = '';\n\t\t$htpasswds = $this->getHtpasswds($domain);\n\n\t\t// for each entry in the htaccess table\n\t\twhile ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\tif (!empty($row['error404path'])) {\n\t\t\t\t$defhandler = $row['error404path'];\n\t\t\t\tif (!Validate::validateUrl($defhandler)) {\n\t\t\t\t\t$defhandler = FileDir::makeCorrectFile($defhandler);\n\t\t\t\t}\n\t\t\t\t$path_options .= \"\\t\" . 'error_page 404 ' . $defhandler . ';' . \"\\n\";\n\t\t\t}\n\n\t\t\tif (!empty($row['error403path'])) {\n\t\t\t\t$defhandler = $row['error403path'];\n\t\t\t\tif (!Validate::validateUrl($defhandler)) {\n\t\t\t\t\t$defhandler = FileDir::makeCorrectFile($defhandler);\n\t\t\t\t}\n\t\t\t\t$path_options .= \"\\t\" . 'error_page 403 ' . $defhandler . ';' . \"\\n\";\n\t\t\t}\n\n\t\t\tif (!empty($row['error500path'])) {\n\t\t\t\t$defhandler = $row['error500path'];\n\t\t\t\tif (!Validate::validateUrl($defhandler)) {\n\t\t\t\t\t$defhandler = FileDir::makeCorrectFile($defhandler);\n\t\t\t\t}\n\t\t\t\t$path_options .= \"\\t\" . 'error_page 500 502 503 504 ' . $defhandler . ';' . \"\\n\";\n\t\t\t}\n\n\t\t\t// if ($row['options_indexes'] != '0') {\n\t\t\t$path = FileDir::makeCorrectDir(substr($row['path'], strlen($domain['documentroot']) - 1));\n\n\t\t\tFileDir::mkDirWithCorrectOwnership($domain['documentroot'], $row['path'], $domain['guid'], $domain['guid']);\n\n\t\t\t$path_options .= \"\\t\" . '# ' . $path . \"\\n\";\n\t\t\tif ($path == '/') {\n\t\t\t\tif ($row['options_indexes'] != '0') {\n\t\t\t\t\t$this->vhost_root_autoindex = true;\n\t\t\t\t}\n\t\t\t\t$path_options .= \"\\t\" . 'location ' . FileDir::makeCorrectDir($path) . ' {' . \"\\n\";\n\t\t\t\tif ($this->vhost_root_autoindex) {\n\t\t\t\t\t$path_options .= \"\\t\\t\" . 'autoindex on;' . \"\\n\";\n\t\t\t\t\t$this->vhost_root_autoindex = false;\n\t\t\t\t}\n\n\t\t\t\t// check if we have a htpasswd for this path\n\t\t\t\t// (damn nginx does not like more than one\n\t\t\t\t// 'location'-part with the same path)\n\t\t\t\tif (count($htpasswds) > 0) {\n\t\t\t\t\tforeach ($htpasswds as $idx => $single) {\n\t\t\t\t\t\tswitch ($single['path']) {\n\t\t\t\t\t\t\tcase '/awstats/':\n\t\t\t\t\t\t\tcase '/webalizer/':\n\t\t\t\t\t\t\tcase '/goaccess/':\n\t\t\t\t\t\t\t\t// no stats-alias in \"location /\"-context\n\t\t\t\t\t\t\t\tbreak;\n\t\t\t\t\t\t\tdefault:\n\t\t\t\t\t\t\t\tif ($single['path'] == '/') {\n\t\t\t\t\t\t\t\t\t$path_options .= \"\\t\\t\" . 'auth_basic \"' . $single['authname'] . '\";' . \"\\n\";\n\t\t\t\t\t\t\t\t\t$path_options .= \"\\t\\t\" . 'auth_basic_user_file ' . FileDir::makeCorrectFile($single['usrf']) . ';' . \"\\n\";\n\t\t\t\t\t\t\t\t\tif ($domain['phpenabled_customer'] == 1 && $domain['phpenabled_vhost'] == '1') {\n\t\t\t\t\t\t\t\t\t\t$path_options .= \"\\t\\t\" . 'index index.php index.html index.htm;' . \"\\n\";\n\t\t\t\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t\t\t\t$path_options .= \"\\t\\t\" . 'index index.html index.htm;' . \"\\n\";\n\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t\t// remove already used entries so we do not have doubles\n\t\t\t\t\t\t\t\t\tunset($htpasswds[$idx]);\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\t$path_options .= \"\\t\" . '}' . \"\\n\";\n\n\t\t\t\t$this->vhost_root_autoindex = false;\n\t\t\t} else {\n\t\t\t\t$path_options .= \"\\t\" . 'location ^~ ' . FileDir::makeCorrectFile($path) . ' {' . \"\\n\";\n\t\t\t\tif ($this->vhost_root_autoindex || $row['options_indexes'] != '0') {\n\t\t\t\t\t$path_options .= \"\\t\\t\" . 'autoindex on;' . \"\\n\";\n\t\t\t\t\t$this->vhost_root_autoindex = false;\n\t\t\t\t}\n\t\t\t\t$path_options .= \"\\t\" . '} ' . \"\\n\";\n\t\t\t}\n\t\t\t// }\n\n\t\t\t/**\n\t\t\t * Perl support\n\t\t\t * required the fastCGI wrapper to be running to receive the CGI requests.\n\t\t\t */\n\t\t\tif (Customer::customerHasPerlEnabled($domain['customerid']) && $row['options_cgi'] != '0') {\n\t\t\t\t$path = FileDir::makeCorrectDir(substr($row['path'], strlen($domain['documentroot']) - 1));\n\t\t\t\tFileDir::mkDirWithCorrectOwnership($domain['documentroot'], $row['path'], $domain['guid'], $domain['guid']);\n\n\t\t\t\t// We need to remove the last slash, otherwise the regex wouldn't work\n\t\t\t\tif ($row['path'] != $domain['documentroot']) {\n\t\t\t\t\t$path = substr($path, 0, -1);\n\t\t\t\t}\n\t\t\t\t$path_options .= \"\\t\" . 'location ~ \\(.pl|.cgi)$ {' . \"\\n\";\n\t\t\t\t$path_options .= \"\\t\\t\" . 'gzip off; #gzip makes scripts feel slower since they have to complete before getting gzipped' . \"\\n\";\n\t\t\t\t$path_options .= \"\\t\\t\" . 'fastcgi_pass ' . Settings::Get('system.perl_server') . ';' . \"\\n\";\n\t\t\t\t$path_options .= \"\\t\\t\" . 'fastcgi_index index.cgi;' . \"\\n\";\n\t\t\t\t$path_options .= \"\\t\\t\" . 'include ' . Settings::Get('nginx.fastcgiparams') . ';' . \"\\n\";\n\t\t\t\t$path_options .= \"\\t\" . '}' . \"\\n\";\n\t\t\t}\n\t\t}\n\n\t\t// now the rest of the htpasswds\n\t\tif (count($htpasswds) > 0) {\n\t\t\tforeach ($htpasswds as $idx => $single) {\n\t\t\t\t// if ($single['path'] != '/') {\n\t\t\t\tswitch ($single['path']) {\n\t\t\t\t\tcase '/awstats/':\n\t\t\t\t\tcase '/webalizer/':\n\t\t\t\t\tcase '/goaccess/':\n\t\t\t\t\t\t$path_options .= $this->getStats($domain, $single);\n\t\t\t\t\t\tunset($htpasswds[$idx]);\n\t\t\t\t\t\tbreak;\n\t\t\t\t\tdefault:\n\t\t\t\t\t\tif ($single['path'] == '/') {\n\t\t\t\t\t\t\t$path_options .= \"\\t\" . 'location ' . FileDir::makeCorrectDir($single['path']) . ' {' . \"\\n\";\n\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t$path_options .= \"\\t\" . 'location ^~ ' . FileDir::makeCorrectFile($single['path']) . ' {' . \"\\n\";\n\t\t\t\t\t\t}\n\t\t\t\t\t\t$path_options .= \"\\t\\t\" . 'auth_basic \"' . $single['authname'] . '\";' . \"\\n\";\n\t\t\t\t\t\t$path_options .= \"\\t\\t\" . 'auth_basic_user_file ' . FileDir::makeCorrectFile($single['usrf']) . ';' . \"\\n\";\n\t\t\t\t\t\tif ($domain['phpenabled_customer'] == 1 && $domain['phpenabled_vhost'] == '1') {\n\t\t\t\t\t\t\t$path_options .= \"\\t\\t\" . 'index index.php index.html index.htm;' . \"\\n\";\n\t\t\t\t\t\t\tif ($domain['notryfiles'] != 1) {\n\t\t\t\t\t\t\t\t$path_options .= \"\\t\\t\" . 'location ~ ^(.+?\\.php)(/.*)?$ {' . \"\\n\";\n\t\t\t\t\t\t\t\t$path_options .= \"\\t\\t\\t\" . 'try_files ' . $domain['nonexistinguri'] . ' @php;' . \"\\n\";\n\t\t\t\t\t\t\t\t$path_options .= \"\\t\\t\" . '}' . \"\\n\\n\";\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t$path_options .= \"\\t\\t\" . 'index index.html index.htm;' . \"\\n\";\n\t\t\t\t\t\t}\n\t\t\t\t\t\t$path_options .= \"\\t\" . '}' . \"\\n\";\n\t\t\t\t}\n\t\t\t\t// }\n\t\t\t\tunset($htpasswds[$idx]);\n\t\t\t}\n\t\t}\n\n\t\treturn $path_options;\n\t}\n\n\tprotected function getHtpasswds($domain)\n\t{\n\t\t$result_stmt = Database::prepare(\"\n\t\t\tSELECT a.*\n\t\t\tFROM `\" . TABLE_PANEL_HTPASSWDS . \"` AS a\n\t\t\tJOIN `\" . TABLE_PANEL_DOMAINS . \"` AS b USING (`customerid`)\n\t\t\tLEFT JOIN `\" . TABLE_PANEL_CUSTOMERS . \"` c ON c.customerid = b.customerid\n\t\t\tWHERE b.customerid = :customerid AND b.domain = :domain\n\t\t\tAND (a.path = CONCAT(c.documentroot, :ttool, '/') OR INSTR(a.path, b.documentroot));\n\t\t\");\n\t\tDatabase::pexecute($result_stmt, [\n\t\t\t'customerid' => $domain['customerid'],\n\t\t\t'domain' => $domain['domain'],\n\t\t\t'ttool' => Settings::Get('system.traffictool')\n\t\t]);\n\n\t\t$returnval = [];\n\t\t$x = 0;\n\t\twhile ($row_htpasswds = $result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\tif (count($row_htpasswds) > 0) {\n\t\t\t\t$htpasswd_filename = FileDir::makeCorrectFile(Settings::Get('system.apacheconf_htpasswddir') . '/' . $row_htpasswds['customerid'] . '-' . md5($row_htpasswds['path']) . '.htpasswd');\n\n\t\t\t\t// ensure we can write to the array with index $htpasswd_filename\n\t\t\t\tif (!isset($this->htpasswds_data[$htpasswd_filename])) {\n\t\t\t\t\t$this->htpasswds_data[$htpasswd_filename] = '';\n\t\t\t\t}\n\n\t\t\t\t$this->htpasswds_data[$htpasswd_filename] .= $row_htpasswds['username'] . ':' . $row_htpasswds['password'] . \"\\n\";\n\n\t\t\t\t// if the domains and their web contents are located in a subdirectory of\n\t\t\t\t// the nginx user, we have to evaluate the right path which is to protect\n\t\t\t\tif (stripos($row_htpasswds['path'], $domain['documentroot']) !== false) {\n\t\t\t\t\t// if the website contents is located in the user directory\n\t\t\t\t\t$path = FileDir::makeCorrectDir(substr($row_htpasswds['path'], strlen($domain['documentroot']) - 1));\n\t\t\t\t} else {\n\t\t\t\t\t// if the website contents is located in a subdirectory of the user\n\t\t\t\t\t$matches = [];\n\t\t\t\t\tpreg_match('/^([\\/[:print:]]*\\/)([[:print:]\\/]+){1}$/i', $row_htpasswds['path'], $matches);\n\t\t\t\t\t$path = FileDir::makeCorrectDir(substr($row_htpasswds['path'], strlen($matches[1]) - 1));\n\t\t\t\t}\n\n\t\t\t\t$returnval[$x]['path'] = $path;\n\t\t\t\t$returnval[$x]['root'] = FileDir::makeCorrectDir($domain['documentroot']);\n\n\t\t\t\t// Ensure there is only one auth name per password block, otherwise\n\t\t\t\t// the directives are inserted multiple times -> invalid config\n\t\t\t\t$authname = $row_htpasswds['authname'];\n\t\t\t\tfor ($i = 0; $i < $x; $i++) {\n\t\t\t\t\tif ($returnval[$i]['usrf'] == $htpasswd_filename) {\n\t\t\t\t\t\t$authname = $returnval[$i]['authname'];\n\t\t\t\t\t\tbreak;\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\t$returnval[$x]['authname'] = $authname;\n\n\t\t\t\t$returnval[$x]['usrf'] = $htpasswd_filename;\n\t\t\t\t$x++;\n\t\t\t}\n\t\t}\n\n\t\t// Remove duplicate entries\n\t\t$returnval = array_map(\"unserialize\", array_unique(array_map(\"serialize\", $returnval)));\n\n\t\treturn $returnval;\n\t}\n\n\tprotected function getStats($domain, $single)\n\t{\n\t\t$stats_text = '';\n\n\t\t$statTool = Settings::Get('system.traffictool');\n\t\t$statDomain = \"\";\n\t\tif ($statTool == 'awstats') {\n\t\t\t// awstats generates for each domain regardless of speciallogfile\n\t\t\t$statDomain = \"/\" . $domain['domain'];\n\t\t}\n\t\tif ($domain['speciallogfile'] == '1') {\n\t\t\t$statDomain = \"/\" . (($domain['parentdomainid'] == '0') ? $domain['domain'] : $domain['parentdomain']);\n\t\t}\n\t\t$statDocroot = FileDir::makeCorrectFile($domain['customerroot'] . '/' . $statTool . $statDomain);\n\n\t\t$stats_text .= \"\\t\" . 'location ^~ /'.$statTool.' {' . \"\\n\";\n\t\t$stats_text .= \"\\t\\t\" . 'alias ' . $statDocroot . '/;' . \"\\n\";\n\t\t$stats_text .= \"\\t\\t\" . 'auth_basic \"' . $single['authname'] . '\";' . \"\\n\";\n\t\t$stats_text .= \"\\t\\t\" . 'auth_basic_user_file ' . FileDir::makeCorrectFile($single['usrf']) . ';' . \"\\n\";\n\t\t$stats_text .= \"\\t\" . '}' . \"\\n\\n\";\n\n\t\t// awstats special requirement for icons\n\t\tif ($statTool == 'awstats') {\n\t\t\t$stats_text .= \"\\t\" . 'location ~ ^/awstats-icon/(.*)$ {' . \"\\n\";\n\t\t\t$stats_text .= \"\\t\\t\" . 'alias ' . FileDir::makeCorrectDir(Settings::Get('system.awstats_icons')) . '$1;' . \"\\n\";\n\t\t\t$stats_text .= \"\\t\" . '}' . \"\\n\\n\";\n\t\t}\n\n\t\treturn $stats_text;\n\t}\n\n\tprotected function composePhpOptions(&$domain, $ssl_vhost = false)\n\t{\n\t\t$phpopts = '';\n\t\tif ($domain['phpenabled_customer'] == 1 && $domain['phpenabled_vhost'] == '1') {\n\t\t\t$phpopts = \"\\t\" . 'location ~ ^(.+?\\.php)(/.*)?$ {' . \"\\n\";\n\t\t\tif ($domain['notryfiles'] != 1) {\n\t\t\t\t$phpopts .= \"\\t\\t\" . 'try_files ' . $domain['nonexistinguri'] . ' @php;' . \"\\n\";\n\t\t\t\t$phpopts .= \"\\t\" . '}' . \"\\n\\n\";\n\n\t\t\t\t$phpopts .= \"\\tlocation @php {\\n\";\n\t\t\t\t$phpopts .= \"\\t\\t\" . 'try_files $1 =404;' . \"\\n\\n\";\n\t\t\t}\n\t\t\t$phpopts .= \"\\t\\tfastcgi_split_path_info ^(.+?\\.php)(/.*)$;\\n\";\n\t\t\t$phpopts .= \"\\t\\tinclude \" . Settings::Get('nginx.fastcgiparams') . \";\\n\";\n\t\t\t$phpopts .= \"\\t\\tfastcgi_param SCRIPT_FILENAME \\$request_filename;\\n\";\n\t\t\t$phpopts .= \"\\t\\tset \\$path_info \\$fastcgi_path_info;\\n\";\n\t\t\t$phpopts .= \"\\t\\tfastcgi_param PATH_INFO \\$path_info;\\n\";\n\t\t\t$phpopts .= \"\\t\\tfastcgi_pass \" . Settings::Get('system.nginx_php_backend') . \";\\n\";\n\t\t\t$phpopts .= \"\\t\\tfastcgi_index index.php;\\n\";\n\t\t\tif ($domain['ssl'] == '1' && $ssl_vhost) {\n\t\t\t\t$phpopts .= \"\\t\\tfastcgi_param HTTPS on;\\n\";\n\t\t\t}\n\t\t\t$phpopts .= \"\\t}\\n\\n\";\n\t\t}\n\t\treturn $phpopts;\n\t}\n\n\t/**\n\t * define a default ErrorDocument-statement, bug #unknown-yet\n\t */\n\tprivate function createStandardErrorHandler()\n\t{\n\t\tif (Settings::Get('defaultwebsrverrhandler.enabled') == '1' && (Settings::Get('defaultwebsrverrhandler.err401') != '' || Settings::Get('defaultwebsrverrhandler.err403') != '' || Settings::Get('defaultwebsrverrhandler.err404') != '' || Settings::Get('defaultwebsrverrhandler.err500') != '')) {\n\t\t\t$vhosts_filename = $this->getCustomVhostFilename('05_froxlor_default_errorhandler.conf');\n\n\t\t\tif (!isset($this->nginx_data[$vhosts_filename])) {\n\t\t\t\t$this->nginx_data[$vhosts_filename] = '';\n\t\t\t}\n\n\t\t\t$statusCodes = [\n\t\t\t\t'401',\n\t\t\t\t'403',\n\t\t\t\t'404',\n\t\t\t\t'500'\n\t\t\t];\n\t\t\tforeach ($statusCodes as $statusCode) {\n\t\t\t\tif (Settings::Get('defaultwebsrverrhandler.err' . $statusCode) != '') {\n\t\t\t\t\t$defhandler = Settings::Get('defaultwebsrverrhandler.err' . $statusCode);\n\t\t\t\t\tif (!Validate::validateUrl($defhandler)) {\n\t\t\t\t\t\t$defhandler = FileDir::makeCorrectFile($defhandler);\n\t\t\t\t\t}\n\t\t\t\t\t$this->nginx_data[$vhosts_filename] .= 'error_page ' . $statusCode . ' ' . $defhandler . ';' . \"\\n\";\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t}\n\n\tpublic function createOwnVhostStarter()\n\t{\n\t\treturn;\n\t}\n\n\tpublic function writeConfigs()\n\t{\n\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, \"nginx::writeConfigs: rebuilding \" . Settings::Get('system.apacheconf_vhost'));\n\n\t\t$vhostDir = new Directory(Settings::Get('system.apacheconf_vhost'));\n\t\tif (!$vhostDir->isConfigDir()) {\n\t\t\t// Save one big file\n\t\t\t$vhosts_file = '';\n\n\t\t\t// sort by filename so the order is:\n\t\t\t// 1. subdomains\n\t\t\t// 2. subdomains as main-domains\n\t\t\t// 3. main-domains\n\t\t\tksort($this->nginx_data);\n\n\t\t\tforeach ($this->nginx_data as $vhosts_filename => $vhost_content) {\n\t\t\t\t$vhosts_file .= $vhost_content . \"\\n\\n\";\n\t\t\t}\n\n\t\t\t$vhosts_filename = Settings::Get('system.apacheconf_vhost');\n\n\t\t\t// Apply header\n\t\t\t$vhosts_file = '# ' . basename($vhosts_filename) . \"\\n\" . '# Created ' . date('d.m.Y H:i') . \"\\n\" . '# Do NOT manually edit this file, all changes will be deleted after the next domain change at the panel.' . \"\\n\" . \"\\n\" . $vhosts_file;\n\t\t\t$vhosts_file_handler = fopen($vhosts_filename, 'w');\n\t\t\tfwrite($vhosts_file_handler, $vhosts_file);\n\t\t\tfclose($vhosts_file_handler);\n\t\t} else {\n\t\t\tif (!file_exists(Settings::Get('system.apacheconf_vhost'))) {\n\t\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_NOTICE, 'nginx::writeConfigs: mkdir ' . escapeshellarg(FileDir::makeCorrectDir(Settings::Get('system.apacheconf_vhost'))));\n\t\t\t\tFileDir::safe_exec('mkdir -p ' . escapeshellarg(FileDir::makeCorrectDir(Settings::Get('system.apacheconf_vhost'))));\n\t\t\t}\n\n\t\t\t// Write a single file for every vhost\n\t\t\tforeach ($this->nginx_data as $vhosts_filename => $vhosts_file) {\n\t\t\t\t// Apply header\n\t\t\t\t$vhosts_file = '# ' . basename($vhosts_filename) . \"\\n\" . '# Created ' . date('d.m.Y H:i') . \"\\n\" . '# Do NOT manually edit this file, all changes will be deleted after the next domain change at the panel.' . \"\\n\" . \"\\n\" . $vhosts_file;\n\n\t\t\t\tif (!empty($vhosts_filename)) {\n\t\t\t\t\t$vhosts_file_handler = fopen($vhosts_filename, 'w');\n\t\t\t\t\tfwrite($vhosts_file_handler, $vhosts_file);\n\t\t\t\t\tfclose($vhosts_file_handler);\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\t// htaccess stuff\n\t\tif (count($this->htpasswds_data) > 0) {\n\t\t\tif (!file_exists(Settings::Get('system.apacheconf_htpasswddir'))) {\n\t\t\t\t$umask = umask();\n\t\t\t\tumask(0000);\n\t\t\t\tmkdir(Settings::Get('system.apacheconf_htpasswddir'), 0751);\n\t\t\t\tumask($umask);\n\t\t\t} elseif (!is_dir(Settings::Get('system.apacheconf_htpasswddir'))) {\n\t\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_WARNING, 'WARNING!!! ' . Settings::Get('system.apacheconf_htpasswddir') . ' is not a directory. htpasswd directory protection is disabled!!!');\n\t\t\t}\n\n\t\t\tif (is_dir(Settings::Get('system.apacheconf_htpasswddir'))) {\n\t\t\t\tforeach ($this->htpasswds_data as $htpasswd_filename => $htpasswd_file) {\n\t\t\t\t\t$this->known_htpasswdsfilenames[] = basename($htpasswd_filename);\n\t\t\t\t\t$htpasswd_file_handler = fopen($htpasswd_filename, 'w');\n\t\t\t\t\t// Filter duplicate pairs of username and password\n\t\t\t\t\t$htpasswd_file = implode(\"\\n\", array_unique(explode(\"\\n\", $htpasswd_file)));\n\t\t\t\t\tfwrite($htpasswd_file_handler, $htpasswd_file);\n\t\t\t\t\tfclose($htpasswd_file_handler);\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t}\n}\n" }, { "path": "lib/Froxlor/Cron/Http/NginxFcgi.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Cron\\Http;\n\nuse Froxlor\\Cron\\Http\\Php\\PhpInterface;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\FileDir;\nuse Froxlor\\Froxlor;\nuse Froxlor\\Settings;\n\nclass NginxFcgi extends Nginx\n{\n\n\tpublic function createOwnVhostStarter()\n\t{\n\t\tif (Settings::Get('phpfpm.enabled') == '1' && Settings::Get('phpfpm.enabled_ownvhost') == '1') {\n\t\t\t$mypath = Froxlor::getInstallDir();\n\n\t\t\t$user = Settings::Get('phpfpm.vhost_httpuser');\n\t\t\t$group = Settings::Get('phpfpm.vhost_httpgroup');\n\n\t\t\t// get fpm config\n\t\t\t$fpm_sel_stmt = Database::prepare(\"\n\t\t\t\tSELECT f.id FROM `\" . TABLE_PANEL_FPMDAEMONS . \"` f\n\t\t\t\tLEFT JOIN `\" . TABLE_PANEL_PHPCONFIGS . \"` p ON p.fpmsettingid = f.id\n\t\t\t\tWHERE p.id = :phpconfigid\n\t\t\t\");\n\t\t\t$fpm_config = Database::pexecute_first($fpm_sel_stmt, [\n\t\t\t\t'phpconfigid' => Settings::Get('phpfpm.vhost_defaultini')\n\t\t\t]);\n\n\t\t\t$domain = [\n\t\t\t\t'id' => 'none',\n\t\t\t\t'domain' => Settings::Get('system.hostname'),\n\t\t\t\t'adminid' => 1, /* first admin-user (superadmin) */\n\t\t\t\t'mod_fcgid_starter' => -1,\n\t\t\t\t'mod_fcgid_maxrequests' => -1,\n\t\t\t\t'guid' => $user,\n\t\t\t\t'openbasedir' => 0,\n\t\t\t\t'email' => Settings::Get('panel.adminmail'),\n\t\t\t\t'loginname' => 'froxlor.panel',\n\t\t\t\t'documentroot' => $mypath,\n\t\t\t\t'customerroot' => $mypath,\n\t\t\t\t'fpm_config_id' => isset($fpm_config['id']) ? $fpm_config['id'] : 1\n\t\t\t];\n\n\t\t\t// all the files and folders have to belong to the local user\n\t\t\t// now because we also use fcgid for our own vhost\n\t\t\tFileDir::safe_exec('chown -R ' . $user . ':' . $group . ' ' . escapeshellarg($mypath));\n\n\t\t\t// get php.ini for our own vhost\n\t\t\t$php = new PhpInterface($domain);\n\n\t\t\t// get php-config\n\t\t\tif (Settings::Get('phpfpm.enabled') == '1') {\n\t\t\t\t// fpm\n\t\t\t\t$phpconfig = $php->getPhpConfig(Settings::Get('phpfpm.vhost_defaultini'));\n\t\t\t} else {\n\t\t\t\t// fcgid\n\t\t\t\t$phpconfig = $php->getPhpConfig(Settings::Get('system.mod_fcgid_defaultini_ownvhost'));\n\t\t\t}\n\n\t\t\t// create starter-file | config-file\n\t\t\t$php->getInterface()->createConfig($phpconfig);\n\n\t\t\t// create php.ini (fpm does nothing here, as it\n\t\t\t// defines ini-settings in its pool config)\n\t\t\t$php->getInterface()->createIniFile($phpconfig);\n\t\t}\n\t}\n\n\tprotected function composePhpOptions(&$domain, $ssl_vhost = false)\n\t{\n\t\t$php_options_text = '';\n\n\t\tif ($domain['phpenabled_customer'] == 1 && $domain['phpenabled_vhost'] == '1') {\n\t\t\t$php = new PhpInterface($domain);\n\t\t\t$phpconfig = $php->getPhpConfig((int)$domain['phpsettingid']);\n\n\t\t\t$php_options_text = \"\\t\" . 'location ~ ^(.+?\\.php)(/.*)?$ {' . \"\\n\";\n\t\t\tif ($domain['notryfiles'] != 1) {\n\t\t\t\t$php_options_text .= \"\\t\\t\" . 'try_files ' . $domain['nonexistinguri'] . ' @php;' . \"\\n\";\n\t\t\t\t$php_options_text .= \"\\t\" . '}' . \"\\n\\n\";\n\n\t\t\t\t$php_options_text .= \"\\t\" . 'location @php {' . \"\\n\";\n\t\t\t\t$php_options_text .= \"\\t\\t\" . 'try_files $1 =404;' . \"\\n\\n\";\n\t\t\t}\n\t\t\t$php_options_text .= \"\\t\\t\" . 'include ' . Settings::Get('nginx.fastcgiparams') . \";\\n\";\n\t\t\t$php_options_text .= \"\\t\\t\" . 'fastcgi_split_path_info ^(.+?\\.php)(/.*)$;' . \"\\n\";\n\t\t\t$php_options_text .= \"\\t\\t\" . 'fastcgi_param SCRIPT_FILENAME $request_filename;' . \"\\n\";\n\t\t\t$php_options_text .= \"\\t\\t\" . 'set $path_info $fastcgi_path_info;' . \"\\n\";\n\t\t\t$php_options_text .= \"\\t\\t\" . 'fastcgi_param PATH_INFO $path_info;' . \"\\n\";\n\t\t\tif ($domain['ssl'] == '1' && $ssl_vhost) {\n\t\t\t\t$php_options_text .= \"\\t\\t\" . 'fastcgi_param HTTPS on;' . \"\\n\";\n\t\t\t}\n\t\t\t$domain['fpm_socket'] = $php->getInterface()->getSocketFile();\n\t\t\t$php_options_text .= \"\\t\\t\" . 'fastcgi_pass unix:' . $domain['fpm_socket'] . \";\\n\";\n\t\t\t$php_options_text .= \"\\t\\t\" . 'fastcgi_index index.php;' . \"\\n\";\n\t\t\t$php_options_text .= \"\\t}\\n\\n\";\n\n\t\t\t// create starter-file | config-file\n\t\t\t$php->getInterface()->createConfig($phpconfig);\n\n\t\t\t// create php.ini (fpm does nothing here, as it\n\t\t\t// defines ini-settings in its pool config)\n\t\t\t$php->getInterface()->createIniFile($phpconfig);\n\t\t} else {\n\t\t\t$php_options_text .= ' # PHP is disabled for this vHost' . \"\\n\";\n\t\t}\n\n\t\treturn $php_options_text;\n\t}\n}\n" }, { "path": "lib/Froxlor/Cron/Http/Php/Fcgid.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Cron\\Http\\Php;\n\nuse Froxlor\\Database\\Database;\nuse Froxlor\\Domain\\Domain;\nuse Froxlor\\FileDir;\nuse Froxlor\\PhpHelper;\nuse Froxlor\\Settings;\n\nclass Fcgid\n{\n\n\t/**\n\t * Domain-Data array\n\t *\n\t * @var array\n\t */\n\tprivate $domain = [];\n\n\t/**\n\t * Admin-Date cache array\n\t *\n\t * @var array\n\t */\n\tprivate $admin_cache = [];\n\n\t/**\n\t * main constructor\n\t */\n\tpublic function __construct($domain)\n\t{\n\t\t$this->domain = $domain;\n\t}\n\n\t/**\n\t * create fcgid-starter-file\n\t *\n\t * @param array $phpconfig\n\t */\n\tpublic function createConfig($phpconfig)\n\t{\n\t\t// create starter\n\t\t$starter_file = \"#!/bin/sh\\n\\n\";\n\t\t$starter_file .= \"#\\n\";\n\t\t$starter_file .= \"# starter created/changed on \" . date(\"Y.m.d H:i:s\") . \" for domain '\" . $this->domain['domain'] . \"' with id #\" . $this->domain['id'] . \" from php template '\" . $phpconfig['description'] . \"' with id #\" . $phpconfig['id'] . \"\\n\";\n\t\t$starter_file .= \"# Do not change anything in this file, it will be overwritten by the Froxlor Cronjob!\\n\";\n\t\t$starter_file .= \"#\\n\\n\";\n\t\t$starter_file .= \"umask \" . $phpconfig['mod_fcgid_umask'] . \"\\n\";\n\t\t$starter_file .= \"PHPRC=\" . escapeshellarg($this->getConfigDir()) . \"\\n\";\n\t\t$starter_file .= \"export PHPRC\\n\";\n\n\t\t// set number of processes for one domain\n\t\tif ((int)$this->domain['mod_fcgid_starter'] != -1) {\n\t\t\t$starter_file .= \"PHP_FCGI_CHILDREN=\" . (int)$this->domain['mod_fcgid_starter'] . \"\\n\";\n\t\t} else {\n\t\t\tif ((int)$phpconfig['mod_fcgid_starter'] != -1) {\n\t\t\t\t$starter_file .= \"PHP_FCGI_CHILDREN=\" . (int)$phpconfig['mod_fcgid_starter'] . \"\\n\";\n\t\t\t} else {\n\t\t\t\t$starter_file .= \"PHP_FCGI_CHILDREN=\" . (int)Settings::Get('system.mod_fcgid_starter') . \"\\n\";\n\t\t\t}\n\t\t}\n\n\t\t$starter_file .= \"export PHP_FCGI_CHILDREN\\n\";\n\n\t\t// set number of maximum requests for one domain\n\t\tif ((int)$this->domain['mod_fcgid_maxrequests'] != -1) {\n\t\t\t$starter_file .= \"PHP_FCGI_MAX_REQUESTS=\" . (int)$this->domain['mod_fcgid_maxrequests'] . \"\\n\";\n\t\t} else {\n\t\t\tif ((int)$phpconfig['mod_fcgid_maxrequests'] != -1) {\n\t\t\t\t$starter_file .= \"PHP_FCGI_MAX_REQUESTS=\" . (int)$phpconfig['mod_fcgid_maxrequests'] . \"\\n\";\n\t\t\t} else {\n\t\t\t\t$starter_file .= \"PHP_FCGI_MAX_REQUESTS=\" . (int)Settings::Get('system.mod_fcgid_maxrequests') . \"\\n\";\n\t\t\t}\n\t\t}\n\n\t\t$starter_file .= \"export PHP_FCGI_MAX_REQUESTS\\n\";\n\n\t\t// Set Binary\n\t\t$starter_file .= \"exec \" . $phpconfig['binary'] . \" -c \" . escapeshellarg($this->getConfigDir()) . \"\\n\";\n\n\t\t// remove +i attribute, so starter can be overwritten\n\t\tif (file_exists($this->getStarterFile())) {\n\t\t\tFileDir::removeImmutable($this->getStarterFile());\n\t\t}\n\n\t\t$starter_file_handler = fopen($this->getStarterFile(), 'w');\n\t\tfwrite($starter_file_handler, $starter_file);\n\t\tfclose($starter_file_handler);\n\t\tFileDir::safe_exec('chmod 750 ' . escapeshellarg($this->getStarterFile()));\n\t\tFileDir::safe_exec('chown ' . $this->domain['guid'] . ':' . $this->domain['guid'] . ' ' . escapeshellarg($this->getStarterFile()));\n\t\tFileDir::setImmutable($this->getStarterFile());\n\t}\n\n\t/**\n\t * fcgid-config directory\n\t *\n\t * @param boolean $createifnotexists\n\t * create the directory if it does not exist\n\t *\n\t * @return string the directory\n\t */\n\tpublic function getConfigDir($createifnotexists = true)\n\t{\n\t\t$configdir = FileDir::makeCorrectDir(Settings::Get('system.mod_fcgid_configdir') . '/' . $this->domain['loginname'] . '/' . $this->domain['domain'] . '/');\n\n\t\tif (!is_dir($configdir) && $createifnotexists) {\n\t\t\tFileDir::safe_exec('mkdir -p ' . escapeshellarg($configdir));\n\t\t\tFileDir::safe_exec('chmod 0755 ' . escapeshellarg(dirname($configdir)));\n\t\t\tFileDir::safe_exec('chmod 0755 ' . escapeshellarg($configdir));\n\t\t\tFileDir::safe_exec('chown ' . $this->domain['guid'] . ':' . $this->domain['guid'] . ' ' . escapeshellarg($configdir));\n\t\t}\n\n\t\treturn $configdir;\n\t}\n\n\t/**\n\t * return path of php-starter file\n\t *\n\t * @return string the directory\n\t */\n\tpublic function getStarterFile()\n\t{\n\t\t$starter_filename = FileDir::makeCorrectFile($this->getConfigDir() . '/php-fcgi-starter');\n\t\treturn $starter_filename;\n\t}\n\n\t/**\n\t * create customized php.ini\n\t *\n\t * @param array $phpconfig\n\t */\n\tpublic function createIniFile($phpconfig)\n\t{\n\t\t$openbasedir = '';\n\t\t$openbasedirc = ';';\n\n\t\tif ($this->domain['openbasedir'] == '1') {\n\t\t\t$openbasedirc = '';\n\t\t\t$_phpappendopenbasedir = '';\n\n\t\t\t$_custom_openbasedir = explode(':', Settings::Get('system.mod_fcgid_peardir'));\n\t\t\tforeach ($_custom_openbasedir as $cobd) {\n\t\t\t\t$_phpappendopenbasedir .= Domain::appendOpenBasedirPath($cobd);\n\t\t\t}\n\n\t\t\t$_custom_openbasedir = explode(':', Settings::Get('system.phpappendopenbasedir'));\n\t\t\tforeach ($_custom_openbasedir as $cobd) {\n\t\t\t\t$_phpappendopenbasedir .= Domain::appendOpenBasedirPath($cobd);\n\t\t\t}\n\n\t\t\tif ($this->domain['openbasedir_path'] == '0' && strstr($this->domain['documentroot'], \":\") === false) {\n\t\t\t\t$openbasedir = Domain::appendOpenBasedirPath($this->domain['documentroot'], true);\n\t\t\t} else if ($this->domain['openbasedir_path'] == '2' && strpos(dirname($this->domain['documentroot']).'/', $this->domain['customerroot']) !== false) {\n\t\t\t\t$openbasedir = Domain::appendOpenBasedirPath(dirname($this->domain['documentroot']).'/', true);\n\t\t\t} else {\n\t\t\t\t$openbasedir = Domain::appendOpenBasedirPath($this->domain['customerroot'], true);\n\t\t\t}\n\n\t\t\t$openbasedir .= Domain::appendOpenBasedirPath($this->getTempDir());\n\t\t\t$openbasedir .= $_phpappendopenbasedir;\n\t\t} else {\n\t\t\t$openbasedir = 'none';\n\t\t\t$openbasedirc = ';';\n\t\t}\n\n\t\t$admin = $this->getAdminData($this->domain['adminid']);\n\t\t$php_ini_variables = [\n\t\t\t'SAFE_MODE' => 'Off', // keep this for compatibility, just in case\n\t\t\t'PEAR_DIR' => Settings::Get('system.mod_fcgid_peardir'),\n\t\t\t'TMP_DIR' => $this->getTempDir(),\n\t\t\t'CUSTOMER_EMAIL' => $this->domain['email'],\n\t\t\t'ADMIN_EMAIL' => $admin['email'],\n\t\t\t'DOMAIN' => $this->domain['domain'],\n\t\t\t'CUSTOMER' => $this->domain['loginname'],\n\t\t\t'ADMIN' => $admin['loginname'],\n\t\t\t'OPEN_BASEDIR' => $openbasedir,\n\t\t\t'OPEN_BASEDIR_C' => $openbasedirc,\n\t\t\t'OPEN_BASEDIR_GLOBAL' => Settings::Get('system.phpappendopenbasedir'),\n\t\t\t'DOCUMENT_ROOT' => FileDir::makeCorrectDir($this->domain['documentroot']),\n\t\t\t'CUSTOMER_HOMEDIR' => FileDir::makeCorrectDir($this->domain['customerroot'])\n\t\t];\n\n\t\t// insert a small header for the file\n\t\t$phpini_file = \";\\n\";\n\t\t$phpini_file .= \"; php.ini created/changed on \" . date(\"Y.m.d H:i:s\") . \" for domain '\" . $this->domain['domain'] . \"' with id #\" . $this->domain['id'] . \" from php template '\" . $phpconfig['description'] . \"' with id #\" . $phpconfig['id'] . \"\\n\";\n\t\t$phpini_file .= \"; Do not change anything in this file, it will be overwritten by the Froxlor Cronjob!\\n\";\n\t\t$phpini_file .= \";\\n\\n\";\n\t\t$phpini_file .= PhpHelper::replaceVariables($phpconfig['phpsettings'], $php_ini_variables);\n\t\t$phpini_file = str_replace('\"none\"', 'none', $phpini_file);\n\t\t// $phpini_file = preg_replace('/\\\"+/', '\"', $phpini_file);\n\t\t$phpini_file_handler = fopen($this->getIniFile(), 'w');\n\t\tfwrite($phpini_file_handler, $phpini_file);\n\t\tfclose($phpini_file_handler);\n\t\tFileDir::safe_exec('chown root:0 ' . escapeshellarg($this->getIniFile()));\n\t\tFileDir::safe_exec('chmod 0644 ' . escapeshellarg($this->getIniFile()));\n\t}\n\n\t/**\n\t * fcgid-temp directory\n\t *\n\t * @param boolean $createifnotexists\n\t * create the directory if it does not exist\n\t *\n\t * @return string the directory\n\t */\n\tpublic function getTempDir($createifnotexists = true)\n\t{\n\t\t$tmpdir = FileDir::makeCorrectDir(Settings::Get('system.mod_fcgid_tmpdir') . '/' . $this->domain['loginname'] . '/');\n\n\t\tif (!is_dir($tmpdir) && $createifnotexists) {\n\t\t\tFileDir::safe_exec('mkdir -p ' . escapeshellarg($tmpdir));\n\t\t\tFileDir::safe_exec('chown -R ' . $this->domain['guid'] . ':' . $this->domain['guid'] . ' ' . escapeshellarg($tmpdir));\n\t\t\tFileDir::safe_exec('chmod 0750 ' . escapeshellarg($tmpdir));\n\t\t}\n\n\t\treturn $tmpdir;\n\t}\n\n\t/**\n\t * return the admin-data of a specific admin\n\t *\n\t * @param int $adminid\n\t * id of the admin-user\n\t *\n\t * @return array\n\t */\n\tprivate function getAdminData($adminid)\n\t{\n\t\t$adminid = intval($adminid);\n\n\t\tif (!isset($this->admin_cache[$adminid])) {\n\t\t\t$stmt = Database::prepare(\"\n\t\t\t\t\tSELECT `email`, `loginname` FROM `\" . TABLE_PANEL_ADMINS . \"` WHERE `adminid` = :id\");\n\t\t\t$this->admin_cache[$adminid] = Database::pexecute_first($stmt, [\n\t\t\t\t'id' => $adminid\n\t\t\t]);\n\t\t}\n\t\treturn $this->admin_cache[$adminid];\n\t}\n\n\t/**\n\t * return path of php.ini file\n\t *\n\t * @return string full with path file-name\n\t */\n\tpublic function getIniFile()\n\t{\n\t\t$phpini_filename = FileDir::makeCorrectFile($this->getConfigDir() . '/php.ini');\n\t\treturn $phpini_filename;\n\t}\n}\n" }, { "path": "lib/Froxlor/Cron/Http/Php/Fpm.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Cron\\Http\\Php;\n\nuse Froxlor\\Database\\Database;\nuse Froxlor\\Domain\\Domain;\nuse Froxlor\\FileDir;\nuse Froxlor\\PhpHelper;\nuse Froxlor\\Settings;\nuse InvalidArgumentException;\n\nclass Fpm\n{\n\n\t/**\n\t * Domain-Data array\n\t *\n\t * @var array\n\t */\n\tprivate $domain = [];\n\n\t/**\n\t * fpm config\n\t *\n\t * @var array\n\t */\n\tprivate $fpm_cfg = [];\n\n\t/**\n\t * Admin-Date cache array\n\t *\n\t * @var array\n\t */\n\tprivate $admin_cache = [];\n\n\t/**\n\t * defines what can be used for pool-config from php.ini\n\t * Mostly taken from http://php.net/manual/en/ini.list.php\n\t *\n\t * @var array\n\t */\n\tprivate $ini = [];\n\n\t/**\n\t * main constructor\n\t */\n\tpublic function __construct($domain)\n\t{\n\t\tif (!isset($domain['fpm_config_id']) || empty($domain['fpm_config_id'])) {\n\t\t\t$domain['fpm_config_id'] = 1;\n\t\t}\n\t\t$this->domain = $domain;\n\t\t$this->readFpmConfig($domain['fpm_config_id']);\n\t\t$this->buildIniMapping();\n\t}\n\n\tprivate function readFpmConfig($fpm_config_id)\n\t{\n\t\t$stmt = Database::prepare(\"SELECT * FROM `\" . TABLE_PANEL_FPMDAEMONS . \"` WHERE `id` = :id\");\n\t\t$this->fpm_cfg = Database::pexecute_first($stmt, [\n\t\t\t'id' => $fpm_config_id\n\t\t]);\n\t}\n\n\tprivate function buildIniMapping()\n\t{\n\t\t$this->ini = [\n\t\t\t'php_flag' => array_map('trim', explode(\"\\n\", Settings::Get('phpfpm.ini_flags'))),\n\t\t\t'php_value' => array_map('trim', explode(\"\\n\", Settings::Get('phpfpm.ini_values'))),\n\t\t\t'php_admin_flag' => array_map('trim', explode(\"\\n\", Settings::Get('phpfpm.ini_admin_flags'))),\n\t\t\t'php_admin_value' => array_map('trim', explode(\"\\n\", Settings::Get('phpfpm.ini_admin_values')))\n\t\t];\n\t}\n\n\t/**\n\t * create a dummy fpm pool config with minimal configuration\n\t * (this is used whenever a config directory is empty but needs at least one pool to startup/restart)\n\t *\n\t * @param string $configdir\n\t */\n\tpublic static function createDummyPool($configdir)\n\t{\n\t\tif (!is_dir($configdir)) {\n\t\t\tFileDir::safe_exec('mkdir -p ' . escapeshellarg($configdir));\n\t\t}\n\t\t$config = FileDir::makeCorrectFile($configdir . '/dummy.conf');\n\t\t$dummy = \"[dummy]\nuser = \" . Settings::Get('system.httpuser') . \"\nlisten = /run/\" . md5($configdir) . \"-fpm.sock\npm = static\npm.max_children = 1\n\";\n\t\tfile_put_contents($config, $dummy);\n\t}\n\n\t/**\n\t * create fpm-pool config\n\t *\n\t * @param array $phpconfig\n\t */\n\tpublic function createConfig($phpconfig)\n\t{\n\t\t$fh = @fopen($this->getConfigFile(), 'w');\n\n\t\tif ($fh) {\n\t\t\tif ($phpconfig['override_fpmconfig'] == 1) {\n\t\t\t\t$this->fpm_cfg['pm'] = $phpconfig['pm'];\n\t\t\t\t$this->fpm_cfg['max_children'] = $phpconfig['max_children'];\n\t\t\t\t$this->fpm_cfg['start_servers'] = $phpconfig['start_servers'];\n\t\t\t\t$this->fpm_cfg['min_spare_servers'] = $phpconfig['min_spare_servers'];\n\t\t\t\t$this->fpm_cfg['max_spare_servers'] = $phpconfig['max_spare_servers'];\n\t\t\t\t$this->fpm_cfg['max_requests'] = $phpconfig['max_requests'];\n\t\t\t\t$this->fpm_cfg['idle_timeout'] = $phpconfig['idle_timeout'];\n\t\t\t\t$this->fpm_cfg['limit_extensions'] = $phpconfig['limit_extensions'];\n\t\t\t}\n\n\t\t\t$fpm_pm = $this->fpm_cfg['pm'];\n\t\t\t$fpm_children = (int)$this->fpm_cfg['max_children'];\n\t\t\t$fpm_start_servers = (int)$this->fpm_cfg['start_servers'];\n\t\t\t$fpm_min_spare_servers = (int)$this->fpm_cfg['min_spare_servers'];\n\t\t\t$fpm_max_spare_servers = (int)$this->fpm_cfg['max_spare_servers'];\n\t\t\t$fpm_requests = (int)$this->fpm_cfg['max_requests'];\n\t\t\t$fpm_process_idle_timeout = (int)$this->fpm_cfg['idle_timeout'];\n\t\t\t$fpm_limit_extensions = $this->fpm_cfg['limit_extensions'];\n\t\t\t$fpm_custom_config = $this->fpm_cfg['custom_config'];\n\n\t\t\tif ($fpm_children == 0) {\n\t\t\t\t$fpm_children = 1;\n\t\t\t}\n\n\t\t\t$fpm_config = ';PHP-FPM configuration for \"' . $this->domain['domain'] . '\" created on ' . date(\"Y.m.d H:i:s\") . \"\\n\";\n\t\t\t$fpm_config .= '[' . $this->domain['domain'] . ']' . \"\\n\";\n\t\t\t$fpm_config .= 'listen = ' . $this->getSocketFile() . \"\\n\";\n\t\t\tif ($this->domain['loginname'] == 'froxlor.panel') {\n\t\t\t\t$fpm_config .= 'listen.owner = ' . $this->domain['guid'] . \"\\n\";\n\t\t\t\t$fpm_config .= 'listen.group = ' . $this->domain['guid'] . \"\\n\";\n\t\t\t} else {\n\t\t\t\t$fpm_config .= 'listen.owner = ' . $this->domain['loginname'] . \"\\n\";\n\t\t\t\t$fpm_config .= 'listen.group = ' . $this->domain['loginname'] . \"\\n\";\n\t\t\t}\n\t\t\t// see #1418 why this is 0660\n\t\t\t$fpm_config .= 'listen.mode = 0660' . \"\\n\";\n\n\t\t\tif ($this->domain['loginname'] == 'froxlor.panel') {\n\t\t\t\t$fpm_config .= 'user = ' . $this->domain['guid'] . \"\\n\";\n\t\t\t\t$fpm_config .= 'group = ' . $this->domain['guid'] . \"\\n\";\n\t\t\t} else {\n\t\t\t\t$fpm_config .= 'user = ' . $this->domain['loginname'] . \"\\n\";\n\t\t\t\t$fpm_config .= 'group = ' . $this->domain['loginname'] . \"\\n\";\n\t\t\t}\n\n\t\t\t$fpm_config .= 'pm = ' . $fpm_pm . \"\\n\";\n\t\t\t$fpm_config .= 'pm.max_children = ' . $fpm_children . \"\\n\";\n\n\t\t\tif ($fpm_pm == 'dynamic') {\n\t\t\t\t// honor max_children\n\t\t\t\tif ($fpm_children < $fpm_min_spare_servers) {\n\t\t\t\t\t$fpm_min_spare_servers = $fpm_children;\n\t\t\t\t}\n\t\t\t\tif ($fpm_children < $fpm_max_spare_servers) {\n\t\t\t\t\t$fpm_max_spare_servers = $fpm_children;\n\t\t\t\t}\n\t\t\t\t// failsafe, refs #955\n\t\t\t\tif ($fpm_start_servers < $fpm_min_spare_servers) {\n\t\t\t\t\t$fpm_start_servers = $fpm_min_spare_servers;\n\t\t\t\t}\n\t\t\t\tif ($fpm_start_servers > $fpm_max_spare_servers) {\n\t\t\t\t\t$fpm_start_servers = $fpm_max_spare_servers;\n\t\t\t\t}\n\t\t\t\t$fpm_config .= 'pm.start_servers = ' . $fpm_start_servers . \"\\n\";\n\t\t\t\t$fpm_config .= 'pm.min_spare_servers = ' . $fpm_min_spare_servers . \"\\n\";\n\t\t\t\t$fpm_config .= 'pm.max_spare_servers = ' . $fpm_max_spare_servers . \"\\n\";\n\t\t\t} elseif ($fpm_pm == 'ondemand') {\n\t\t\t\t$fpm_config .= 'pm.process_idle_timeout = ' . $fpm_process_idle_timeout . \"\\n\";\n\t\t\t}\n\n\t\t\t$fpm_config .= 'pm.max_requests = ' . $fpm_requests . \"\\n\";\n\t\t\t$fpm_config .= 'request_terminate_timeout = ' . $phpconfig['fpm_reqterm'] . \"\\n\";\n\n\t\t\t// possible slowlog configs\n\t\t\tif ($phpconfig['fpm_slowlog'] == '1') {\n\t\t\t\t$this->durationCompare($phpconfig['fpm_reqterm'], $phpconfig['fpm_reqslow']);\n\t\t\t\t$fpm_config .= 'request_slowlog_timeout = ' . $phpconfig['fpm_reqslow'] . \"\\n\";\n\t\t\t\t$slowlog = FileDir::makeCorrectFile(Settings::Get('system.logfiles_directory') . '/' . $this->domain['loginname'] . '-php-slow.log');\n\t\t\t\t$fpm_config .= 'slowlog = ' . $slowlog . \"\\n\";\n\t\t\t\t$fpm_config .= 'catch_workers_output = yes' . \"\\n\";\n\t\t\t}\n\n\t\t\t$fpm_config .= ';chroot = ' . FileDir::makeCorrectDir($this->domain['documentroot']) . \"\\n\";\n\t\t\t$fpm_config .= 'security.limit_extensions = ' . $fpm_limit_extensions . \"\\n\";\n\n\t\t\t$tmpdir = FileDir::makeCorrectDir(Settings::Get('phpfpm.tmpdir') . '/' . $this->domain['loginname'] . '/');\n\t\t\tif (!is_dir($tmpdir)) {\n\t\t\t\t$this->getTempDir();\n\t\t\t}\n\n\t\t\t$env_path = Settings::Get('phpfpm.envpath');\n\t\t\tif (!empty($env_path)) {\n\t\t\t\t$fpm_config .= 'env[PATH] = ' . $env_path . \"\\n\";\n\t\t\t}\n\t\t\t$fpm_config .= 'env[TMP] = ' . $tmpdir . \"\\n\";\n\t\t\t$fpm_config .= 'env[TMPDIR] = ' . $tmpdir . \"\\n\";\n\t\t\t$fpm_config .= 'env[TEMP] = ' . $tmpdir . \"\\n\";\n\n\t\t\t$openbasedir = '';\n\t\t\tif ($this->domain['loginname'] != 'froxlor.panel') {\n\t\t\t\tif ($this->domain['openbasedir'] == '1') {\n\t\t\t\t\t$_phpappendopenbasedir = '';\n\t\t\t\t\t$_custom_openbasedir = explode(':', Settings::Get('phpfpm.peardir'));\n\t\t\t\t\tforeach ($_custom_openbasedir as $cobd) {\n\t\t\t\t\t\t$_phpappendopenbasedir .= Domain::appendOpenBasedirPath($cobd);\n\t\t\t\t\t}\n\n\t\t\t\t\t$_custom_openbasedir = explode(':', Settings::Get('system.phpappendopenbasedir'));\n\t\t\t\t\tforeach ($_custom_openbasedir as $cobd) {\n\t\t\t\t\t\t$_phpappendopenbasedir .= Domain::appendOpenBasedirPath($cobd);\n\t\t\t\t\t}\n\n\t\t\t\t\tif ($this->domain['openbasedir_path'] == '0' && strstr($this->domain['documentroot'], \":\") === false) {\n\t\t\t\t\t\t$openbasedir = Domain::appendOpenBasedirPath($this->domain['documentroot'], true);\n\t\t\t\t\t} else if ($this->domain['openbasedir_path'] == '2' && strpos(dirname($this->domain['documentroot']) . '/', $this->domain['customerroot']) !== false) {\n\t\t\t\t\t\t$openbasedir = Domain::appendOpenBasedirPath(dirname($this->domain['documentroot']) . '/', true);\n\t\t\t\t\t} else {\n\t\t\t\t\t\t$openbasedir = Domain::appendOpenBasedirPath($this->domain['customerroot'], true);\n\t\t\t\t\t}\n\n\t\t\t\t\t$openbasedir .= Domain::appendOpenBasedirPath($this->getTempDir());\n\t\t\t\t\t$openbasedir .= $_phpappendopenbasedir;\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t$fpm_config .= 'php_admin_value[upload_tmp_dir] = ' . FileDir::makeCorrectDir(Settings::Get('phpfpm.tmpdir') . '/' . $this->domain['loginname'] . '/') . \"\\n\";\n\n\t\t\t$admin = $this->getAdminData($this->domain['adminid']);\n\t\t\t$php_ini_variables = [\n\t\t\t\t'SAFE_MODE' => 'Off', // keep this for compatibility, just in case\n\t\t\t\t'PEAR_DIR' => Settings::Get('phpfpm.peardir'),\n\t\t\t\t'TMP_DIR' => $this->getTempDir(),\n\t\t\t\t'CUSTOMER_EMAIL' => $this->domain['email'],\n\t\t\t\t'ADMIN_EMAIL' => $admin['email'],\n\t\t\t\t'DOMAIN' => $this->domain['domain'],\n\t\t\t\t'CUSTOMER' => $this->domain['loginname'],\n\t\t\t\t'ADMIN' => $admin['loginname'],\n\t\t\t\t'OPEN_BASEDIR' => $openbasedir,\n\t\t\t\t'OPEN_BASEDIR_C' => '',\n\t\t\t\t'OPEN_BASEDIR_GLOBAL' => Settings::Get('system.phpappendopenbasedir'),\n\t\t\t\t'DOCUMENT_ROOT' => FileDir::makeCorrectDir($this->domain['documentroot']),\n\t\t\t\t'CUSTOMER_HOMEDIR' => FileDir::makeCorrectDir($this->domain['customerroot'])\n\t\t\t];\n\n\t\t\t$phpini = PhpHelper::replaceVariables($phpconfig['phpsettings'], $php_ini_variables);\n\t\t\t$phpini_array = explode(\"\\n\", $phpini);\n\n\t\t\t$fpm_config .= \"\\n\\n\";\n\t\t\tforeach ($phpini_array as $inisection) {\n\t\t\t\t$is = explode(\"=\", trim($inisection), 2);\n\t\t\t\tif (empty($is[0])) {\n\t\t\t\t\tcontinue;\n\t\t\t\t}\n\t\t\t\tforeach ($this->ini as $sec => $possibles) {\n\t\t\t\t\tif (in_array(trim($is[0]), $possibles)) {\n\t\t\t\t\t\t// check explicitly for open_basedir\n\t\t\t\t\t\tif (trim($is[0]) == 'open_basedir' && $openbasedir == '') {\n\t\t\t\t\t\t\tcontinue;\n\t\t\t\t\t\t}\n\t\t\t\t\t\t$fpm_config .= $sec . '[' . trim($is[0]) . '] = ' . trim($is[1] ?? '') . \"\\n\";\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// now check if 'sendmail_path' has not been set in the custom-php.ini\n\t\t\t// if not we use our fallback-default as usual\n\t\t\tif (strpos($fpm_config, 'php_admin_value[sendmail_path]') === false) {\n\t\t\t\t$fpm_config .= 'php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f postmaster@' . $this->domain['domain'] . \"\\n\";\n\t\t\t}\n\n\t\t\t// check for session.save_path, whether it has been specified by the user, if not, set a default\n\t\t\tif (strpos($fpm_config, 'php_value[session.save_path]') === false && strpos($fpm_config, 'php_admin_value[session.save_path]') === false) {\n\t\t\t\t$fpm_config .= 'php_admin_value[session.save_path] = ' . $this->getTempDir() . \"\\n\";\n\t\t\t}\n\n\t\t\t// append custom phpfpm configuration\n\t\t\tif (!empty($fpm_custom_config)) {\n\t\t\t\t$fpm_config .= \"\\n; Custom Configuration\\n\";\n\t\t\t\t$fpm_config .= PhpHelper::replaceVariables($fpm_custom_config, $php_ini_variables);\n\t\t\t}\n\n\t\t\tfwrite($fh, $fpm_config, strlen($fpm_config));\n\t\t\tfclose($fh);\n\t\t}\n\t}\n\n\t/**\n\t * fpm-config file\n\t *\n\t * @param boolean $createifnotexists\n\t * create the directory if it does not exist\n\t *\n\t * @return string the full path to the file\n\t */\n\tpublic function getConfigFile($createifnotexists = true)\n\t{\n\t\t$configdir = $this->fpm_cfg['config_dir'];\n\t\t$config = FileDir::makeCorrectFile($configdir . '/' . $this->domain['domain'] . '.conf');\n\n\t\tif (!is_dir($configdir) && $createifnotexists) {\n\t\t\tFileDir::safe_exec('mkdir -p ' . escapeshellarg($configdir));\n\t\t}\n\n\t\treturn $config;\n\t}\n\n\t/**\n\t * return path of fpm-socket file\n\t *\n\t * @param boolean $createifnotexists\n\t * create the directory if it does not exist\n\t *\n\t * @return string the full path to the socket\n\t */\n\tpublic function getSocketFile($createifnotexists = true)\n\t{\n\t\t$socketdir = FileDir::makeCorrectDir(Settings::Get('phpfpm.fastcgi_ipcdir'));\n\t\t// add fpm-config-id to filename, so it's unique for the fpm-daemon and doesn't interfere with running configs when reuilding\n\t\t$socket_filename = $socketdir . '/' . $this->domain['fpm_config_id'] . '-' . $this->domain['loginname'] . '-' . $this->domain['domain'] . '-php-fpm.socket';\n\t\tif (strlen($socket_filename) > 100) {\n\t\t\t// respect the unix socket-length limitation\n\t\t\t$socket_filename = $socketdir . '/' . $this->domain['fpm_config_id'] . '-' . $this->domain['loginname'] . '-' . $this->domain['id'] . '-php-fpm.socket';\n\t\t\tif (strlen($socket_filename) > 100) {\n\t\t\t\t// even a long loginname it seems\n\t\t\t\t$socket_filename = $socketdir . '/' . $this->domain['fpm_config_id'] . '-' . $this->domain['guid'] . '-' . $this->domain['id'] . '-php-fpm.socket';\n\t\t\t}\n\t\t}\n\t\t$socket = strtolower(FileDir::makeCorrectFile($socket_filename));\n\n\t\tif (!is_dir($socketdir) && $createifnotexists) {\n\t\t\tFileDir::safe_exec('mkdir -p ' . escapeshellarg($socketdir));\n\t\t\tFileDir::safe_exec('chown -R ' . Settings::Get('system.httpuser') . ':' . Settings::Get('system.httpgroup') . ' ' . escapeshellarg($socketdir));\n\t\t}\n\n\t\treturn $socket;\n\t}\n\n\t/**\n\t * fpm-temp directory\n\t *\n\t * @param boolean $createifnotexists\n\t * create the directory if it does not exist\n\t *\n\t * @return string the directory\n\t */\n\tpublic function getTempDir($createifnotexists = true)\n\t{\n\t\t$tmpdir = FileDir::makeCorrectDir(Settings::Get('phpfpm.tmpdir') . '/' . $this->domain['loginname'] . '/');\n\n\t\tif (!is_dir($tmpdir) && $createifnotexists) {\n\t\t\tFileDir::safe_exec('mkdir -p ' . escapeshellarg($tmpdir));\n\t\t\tFileDir::safe_exec('chown -R ' . $this->domain['guid'] . ':' . $this->domain['guid'] . ' ' . escapeshellarg($tmpdir));\n\t\t\tFileDir::safe_exec('chmod 0750 ' . escapeshellarg($tmpdir));\n\t\t}\n\n\t\treturn $tmpdir;\n\t}\n\n\t/**\n\t * return the admin-data of a specific admin\n\t *\n\t * @param int $adminid\n\t * id of the admin-user\n\t *\n\t * @return array\n\t */\n\tprivate function getAdminData($adminid)\n\t{\n\t\t$adminid = intval($adminid);\n\n\t\tif (!isset($this->admin_cache[$adminid])) {\n\t\t\t$stmt = Database::prepare(\"\n\t\t\t\t\tSELECT `email`, `loginname` FROM `\" . TABLE_PANEL_ADMINS . \"` WHERE `adminid` = :id\");\n\t\t\t$this->admin_cache[$adminid] = Database::pexecute_first($stmt, [\n\t\t\t\t'id' => $adminid\n\t\t\t]);\n\t\t}\n\t\treturn $this->admin_cache[$adminid];\n\t}\n\n\t/**\n\t * this is done via createConfig as php-fpm defines\n\t * the ini-values/flags in its pool-config\n\t *\n\t * @param string $phpconfig\n\t */\n\tpublic function createIniFile($phpconfig)\n\t{\n\t\treturn;\n\t}\n\n\t/**\n\t * fastcgi-fakedirectory directory\n\t *\n\t * @param boolean $createifnotexists\n\t * create the directory if it does not exist\n\t *\n\t * @return string the directory\n\t */\n\tpublic function getAliasConfigDir($createifnotexists = true)\n\t{\n\t\t// ensure default...\n\t\tif (Settings::Get('phpfpm.aliasconfigdir') == null) {\n\t\t\tSettings::Set('phpfpm.aliasconfigdir', '/var/www/php-fpm');\n\t\t}\n\n\t\t$configdir = FileDir::makeCorrectDir(Settings::Get('phpfpm.aliasconfigdir') . '/' . $this->domain['loginname'] . '/' . $this->domain['domain'] . '/');\n\t\tif (!is_dir($configdir) && $createifnotexists) {\n\t\t\tFileDir::safe_exec('mkdir -p ' . escapeshellarg($configdir));\n\t\t\tFileDir::safe_exec('chown ' . $this->domain['guid'] . ':' . $this->domain['guid'] . ' ' . escapeshellarg($configdir));\n\t\t}\n\n\t\treturn $configdir;\n\t}\n\n\t/**\n\t * 'request_slowlog_timeout' can't be greater than 'request_terminate_timeout'\n\t *\n\t * @param $request_terminate_timeout\n\t * @param $request_slowlog_timeout\n\t * @return void\n\t */\n\tprivate function durationCompare(&$request_terminate_timeout, &$request_slowlog_timeout)\n\t{\n\t\t$to_seconds = function ($str) {\n\t\t\tif (!preg_match('/^([0-9]+)([smhd])?$/', $str, $matches)) {\n\t\t\t\tthrow new InvalidArgumentException(\"Invalid format: $str\");\n\t\t\t}\n\t\t\t$value = (int)$matches[1];\n\t\t\t$unit = $matches[2] ?? 's';\n\n\t\t\tswitch ($unit) {\n\t\t\t\tcase 'm':\n\t\t\t\t\treturn $value * 60;\n\t\t\t\tcase 'h':\n\t\t\t\t\treturn $value * 3600;\n\t\t\t\tcase 'd':\n\t\t\t\t\treturn $value * 86400;\n\t\t\t\tdefault:\n\t\t\t\t\treturn $value;\n\t\t\t}\n\t\t};\n\n\t\t$aSec = $to_seconds($request_terminate_timeout);\n\t\t$bSec = $to_seconds($request_slowlog_timeout);\n\n\t\tif ($bSec > $aSec) {\n\t\t\t$request_slowlog_timeout = $request_terminate_timeout;\n\t\t}\n\t}\n}\n" }, { "path": "lib/Froxlor/Cron/Http/Php/PhpInterface.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Cron\\Http\\Php;\n\nuse Froxlor\\Database\\Database;\nuse Froxlor\\Settings;\n\nclass PhpInterface\n{\n\n\t/**\n\t * Domain-Data array\n\t *\n\t * @var array\n\t */\n\tprivate $domain = [];\n\n\t/**\n\t * Interface object\n\t *\n\t * @var object\n\t */\n\tprivate $interface = null;\n\n\t/**\n\t * PHP-Config data array\n\t *\n\t * @var array\n\t */\n\tprivate $php_configs_cache = [];\n\n\t/**\n\t * main constructor\n\t */\n\tpublic function __construct($domain)\n\t{\n\t\t$this->domain = $domain;\n\t\t$this->setInterface();\n\t}\n\n\t/**\n\t * set interface-object by type of\n\t * php-interface: fcgid or php-fpm\n\t * sets private $_interface variable\n\t */\n\tprivate function setInterface()\n\t{\n\t\t// php-fpm\n\t\tif ((int)Settings::Get('phpfpm.enabled') == 1) {\n\t\t\t$this->interface = new Fpm($this->domain);\n\t\t} elseif ((int)Settings::Get('system.mod_fcgid') == 1) {\n\t\t\t$this->interface = new Fcgid($this->domain);\n\t\t}\n\t}\n\n\t/**\n\t * returns the interface-object\n\t * from where we can control it\n\t */\n\tpublic function getInterface()\n\t{\n\t\treturn $this->interface;\n\t}\n\n\t/**\n\t * return the php-configuration from the database\n\t *\n\t * @param int $php_config_id\n\t * id of the php-configuration\n\t *\n\t * @return array\n\t */\n\tpublic function getPhpConfig(int $php_config_id)\n\t{\n\t\t// If domain has no config, we will use the default one.\n\t\tif ($php_config_id == 0) {\n\t\t\t$php_config_id = 1;\n\t\t}\n\n\t\tif (!isset($this->php_configs_cache[$php_config_id])) {\n\t\t\t$stmt = Database::prepare(\"\n\t\t\t\tSELECT * FROM `\" . TABLE_PANEL_PHPCONFIGS . \"` WHERE `id` = :id\n\t\t\t\");\n\t\t\t$this->php_configs_cache[$php_config_id] = Database::pexecute_first($stmt, [\n\t\t\t\t'id' => $php_config_id\n\t\t\t]);\n\t\t\tif ((int)Settings::Get('phpfpm.enabled') == 1) {\n\t\t\t\t$stmt = Database::prepare(\"\n\t\t\t\t\tSELECT * FROM `\" . TABLE_PANEL_FPMDAEMONS . \"` WHERE `id` = :id\n\t\t\t\t\");\n\t\t\t\t$this->php_configs_cache[$php_config_id]['fpm_settings'] = Database::pexecute_first($stmt, [\n\t\t\t\t\t'id' => $this->php_configs_cache[$php_config_id]['fpmsettingid']\n\t\t\t\t]);\n\t\t\t\t// override fpm daemon settings if set in php-config\n\t\t\t\tif ($this->php_configs_cache[$php_config_id]['override_fpmconfig'] == 1) {\n\t\t\t\t\t$this->php_configs_cache[$php_config_id]['fpm_settings']['limit_extensions'] = $this->php_configs_cache[$php_config_id]['limit_extensions'];\n\t\t\t\t\t$this->php_configs_cache[$php_config_id]['fpm_settings']['idle_timeout'] = $this->php_configs_cache[$php_config_id]['idle_timeout'];\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\treturn $this->php_configs_cache[$php_config_id];\n\t}\n}\n" }, { "path": "lib/Froxlor/Cron/Http/Php/index.html", "content": "" }, { "path": "lib/Froxlor/Cron/Http/WebserverBase.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Cron\\Http;\n\nuse Froxlor\\Database\\Database;\nuse Froxlor\\Domain\\Domain;\nuse Froxlor\\Settings;\nuse PDO;\n\nclass WebserverBase\n{\n\n\t/**\n\t * returns an array with all entries required for all\n\t * webserver-vhost-configs\n\t *\n\t * @return array\n\t */\n\tpublic static function getVhostsToCreate()\n\t{\n\t\t$query = \"SELECT `d`.*, `pd`.`domain` AS `parentdomain`, `c`.`loginname`,\n\t\t\t\t`d`.`phpsettingid`, `c`.`adminid`, `c`.`guid`, `c`.`email`,\n\t\t\t\t`c`.`documentroot` AS `customerroot`, `c`.`deactivated` as `customer_deactivated`,\n\t\t\t\t`c`.`phpenabled` AS `phpenabled_customer`,\n\t\t\t\t`d`.`phpenabled` AS `phpenabled_vhost`,\n\t\t\t\t`a`.`email` as `admin_email`\n\t\t\t\tFROM `\" . TABLE_PANEL_DOMAINS . \"` `d`\n\n\t\t\t\tLEFT JOIN `\" . TABLE_PANEL_CUSTOMERS . \"` `c` USING(`customerid`)\n\t\t\t\tLEFT JOIN `\" . TABLE_PANEL_DOMAINS . \"` `pd` ON (`pd`.`id` = `d`.`parentdomainid`)\n\t\t\t\tLEFT JOIN `\" . TABLE_PANEL_ADMINS . \"` `a` ON (`a`.`adminid` = `c`.`adminid`)\n\n\t\t\t\tWHERE `d`.`aliasdomain` IS NULL AND `d`.`email_only` <> '1'\n\t\t\t\tORDER BY `d`.`parentdomainid` DESC, `d`.`iswildcarddomain`, `d`.`domain` ASC;\n\t\t\";\n\n\t\t$result_domains_stmt = Database::query($query);\n\n\t\t// prepare IP statement\n\t\t$ip_stmt = Database::prepare(\"\n\t\t\tSELECT `di`.`id_domain` , `p`.`ssl`, `p`.`ssl_cert_file`, `p`.`ssl_key_file`, `p`.`ssl_ca_file`, `p`.`ssl_cert_chainfile`\n\t\t\tFROM `\" . TABLE_DOMAINTOIP . \"` `di`, `\" . TABLE_PANEL_IPSANDPORTS . \"` `p`\n\t\t\tWHERE `p`.`id` = `di`.`id_ipandports`\n\t\t\tAND `di`.`id_domain` = :domainid\n\t\t\tAND `p`.`ssl` = '1'\n\t\t\");\n\n\t\t// prepare fpm-config select query\n\t\t$fpm_sel_stmt = Database::prepare(\"\n\t\t\tSELECT f.id FROM `\" . TABLE_PANEL_FPMDAEMONS . \"` f\n\t\t\tLEFT JOIN `\" . TABLE_PANEL_PHPCONFIGS . \"` p ON p.fpmsettingid = f.id\n\t\t\tWHERE p.id = :phpconfigid\n\t\t\");\n\n\t\t$domains = [];\n\t\twhile ($domain = $result_domains_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t// set whole domain\n\t\t\t$domains[$domain['domain']] = $domain;\n\t\t\t// set empty-defaults for non-ssl\n\t\t\t$domains[$domain['domain']]['ssl'] = '';\n\t\t\t$domains[$domain['domain']]['ssl_cert_file'] = '';\n\t\t\t$domains[$domain['domain']]['ssl_key_file'] = '';\n\t\t\t$domains[$domain['domain']]['ssl_ca_file'] = '';\n\t\t\t$domains[$domain['domain']]['ssl_cert_chainfile'] = '';\n\n\t\t\t// now, if the domain has an ssl ip/port assigned, get\n\t\t\t// the corresponding information from the db\n\t\t\tif (Domain::domainHasSslIpPort($domain['id'])) {\n\t\t\t\t$ssl_ip = Database::pexecute_first($ip_stmt, [\n\t\t\t\t\t'domainid' => $domain['id']\n\t\t\t\t]);\n\n\t\t\t\t// set ssl info for domain\n\t\t\t\t$domains[$domain['domain']]['ssl'] = '1';\n\t\t\t\t$domains[$domain['domain']]['ssl_cert_file'] = $ssl_ip['ssl_cert_file'];\n\t\t\t\t$domains[$domain['domain']]['ssl_key_file'] = $ssl_ip['ssl_key_file'];\n\t\t\t\t$domains[$domain['domain']]['ssl_ca_file'] = $ssl_ip['ssl_ca_file'];\n\t\t\t\t$domains[$domain['domain']]['ssl_cert_chainfile'] = $ssl_ip['ssl_cert_chainfile'];\n\t\t\t}\n\n\t\t\t// read fpm-config-id if using fpm\n\t\t\tif ((int)Settings::Get('phpfpm.enabled') == 1) {\n\t\t\t\t$fpm_config = Database::pexecute_first($fpm_sel_stmt, [\n\t\t\t\t\t'phpconfigid' => $domain['phpsettingid']\n\t\t\t\t]);\n\t\t\t\tif ($fpm_config) {\n\t\t\t\t\t$domains[$domain['domain']]['fpm_config_id'] = $fpm_config['id'];\n\t\t\t\t} else {\n\t\t\t\t\t// fallback\n\t\t\t\t\t$domains[$domain['domain']]['fpm_config_id'] = 1;\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\treturn $domains;\n\t}\n}\n" }, { "path": "lib/Froxlor/Cron/Http/index.html", "content": "" }, { "path": "lib/Froxlor/Cron/Mail/Rspamd.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Cron\\Mail;\n\nuse Exception;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\FileDir;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\Settings;\n\nclass Rspamd\n{\n\tconst DEFAULT_MARK_LVL = 7.0;\n\tconst DEFAULT_REJECT_LVL = 14.0;\n\n\tprivate string $frx_settings_file = \"\";\n\n\tprotected FroxlorLogger $logger;\n\n\tpublic function __construct(FroxlorLogger $logger)\n\t{\n\t\t$this->logger = $logger;\n\t}\n\n\t/**\n\t * @throws Exception\n\t */\n\tpublic function writeConfigs()\n\t{\n\t\t// tell the world what we are doing\n\t\t$this->logger->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'Task9 started - Rebuilding antispam configuration');\n\n\t\t// get all email addresses\n\t\t$antispam_stmt = Database::prepare(\"\n\t\t\tSELECT email, spam_tag_level, rewrite_subject, spam_kill_level, bypass_spam, policy_greylist, iscatchall\n\t\t\tFROM `\" . TABLE_MAIL_VIRTUAL . \"`\n\t\t\tORDER BY email\n\t\t\");\n\t\tDatabase::pexecute($antispam_stmt);\n\n\t\t$this->frx_settings_file = \"#\\n# Automatically generated file by froxlor. DO NOT EDIT manually as it will be overwritten!\\n# Generated: \" . date('d.m.Y H:i') . \"\\n#\\n\\n\";\n\t\twhile ($email = $antispam_stmt->fetch(\\PDO::FETCH_ASSOC)) {\n\t\t\t$this->generateEmailAddrConfig($email);\n\t\t}\n\n\t\t$antispam_cfg_file = FileDir::makeCorrectFile(Settings::Get('antispam.config_file'));\n\t\tfile_put_contents($antispam_cfg_file, $this->frx_settings_file);\n\t\t$this->logger->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, $antispam_cfg_file . ' written');\n\t\t$this->writeDkimConfigs();\n\t\t$this->reloadDaemon();\n\t\t$this->logger->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'Task9 finished');\n\t}\n\n\t/**\n\t * # local.d/dkim_signing.conf\n\t * try_fallback = true;\n\t * path = \"/var/lib/rspamd/dkim/$domain.$selector.key\";\n\t * selector_map = \"/etc/rspamd/dkim_selectors.map\";\n\t *\n\t * @return void\n\t * @throws Exception\n\t */\n\tpublic function writeDkimConfigs()\n\t{\n\t\t$this->logger->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'Writing DKIM key-pairs');\n\n\t\t$dkim_selector_map = \"\";\n\t\t$result_domains_stmt = Database::query(\"\n\t\t\t\tSELECT `id`, `domain`, `dkim`, `dkim_id`, `dkim_pubkey`, `dkim_privkey`\n\t\t\t\tFROM `\" . TABLE_PANEL_DOMAINS . \"`\n\t\t\t\tWHERE `dkim` = '1'\n\t\t\t\tORDER BY `id` ASC\n\t\t\t\");\n\n\t\twhile ($domain = $result_domains_stmt->fetch(\\PDO::FETCH_ASSOC)) {\n\n\t\t\tif ($domain['dkim_privkey'] == '' || $domain['dkim_pubkey'] == '') {\n\t\t\t\t$max_dkim_id_stmt = Database::query(\"SELECT MAX(`dkim_id`) as `max_dkim_id` FROM `\" . TABLE_PANEL_DOMAINS . \"`\");\n\t\t\t\t$max_dkim_id = $max_dkim_id_stmt->fetch(\\PDO::FETCH_ASSOC);\n\t\t\t\t$domain['dkim_id'] = (int)$max_dkim_id['max_dkim_id'] + 1;\n\n\t\t\t\t$privkey_filename = FileDir::makeCorrectFile('/var/lib/rspamd/dkim/' . $domain['domain'] . '.dkim' . $domain['dkim_id'] . '.key');\n\t\t\t\t$pubkey_filename = FileDir::makeCorrectFile('/var/lib/rspamd/dkim/' . $domain['domain'] . '.dkim' . $domain['dkim_id'] . '.txt');\n\n\t\t\t\t$this->logger->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'Generating DKIM keys for \"' . $domain['domain'] . '\"');\n\t\t\t\t$rsret = [];\n\t\t\t\tFileDir::safe_exec(\n\t\t\t\t\t'rspamadm dkim_keygen -d ' . escapeshellarg($domain['domain']) . ' -k ' . $privkey_filename . ' -s dkim' . $domain['dkim_id'] . ' -b ' . Settings::Get('antispam.dkim_keylength') . ' -o plain > ' . escapeshellarg($pubkey_filename),\n\t\t\t\t\t$rsret,\n\t\t\t\t\t['>']\n\t\t\t\t);\n\t\t\t\tif (!file_exists($privkey_filename) || !file_exists($pubkey_filename)) {\n\t\t\t\t\t$this->logger->logAction(FroxlorLogger::CRON_ACTION, LOG_ERR, 'DKIM Keypair for domain \"' . $domain['domain'] . '\" was not generated successfully.');\n\t\t\t\t\tcontinue;\n\t\t\t\t}\n\t\t\t\t$domain['dkim_privkey'] = file_get_contents($privkey_filename);\n\t\t\t\tFileDir::safe_exec(\"chmod 0640 \" . escapeshellarg($privkey_filename));\n\t\t\t\tFileDir::safe_exec(\"chown _rspamd:_rspamd \" . escapeshellarg($privkey_filename));\n\t\t\t\t$domain['dkim_pubkey'] = file_get_contents($pubkey_filename);\n\t\t\t\tFileDir::safe_exec(\"chmod 0664 \" . escapeshellarg($pubkey_filename));\n\t\t\t\tFileDir::safe_exec(\"chown _rspamd:_rspamd \" . escapeshellarg($pubkey_filename));\n\t\t\t\t$upd_stmt = Database::prepare(\"\n\t\t\t\t\t\tUPDATE `\" . TABLE_PANEL_DOMAINS . \"` SET\n\t\t\t\t\t\t`dkim_id` = :dkimid,\n\t\t\t\t\t\t`dkim_privkey` = :privkey,\n\t\t\t\t\t\t`dkim_pubkey` = :pubkey\n\t\t\t\t\t\tWHERE `id` = :id\n\t\t\t\t\t\");\n\t\t\t\t$upd_data = [\n\t\t\t\t\t'dkimid' => $domain['dkim_id'],\n\t\t\t\t\t'privkey' => $domain['dkim_privkey'],\n\t\t\t\t\t'pubkey' => $domain['dkim_pubkey'],\n\t\t\t\t\t'id' => $domain['id']\n\t\t\t\t];\n\t\t\t\tDatabase::pexecute($upd_stmt, $upd_data);\n\t\t\t} else {\n\t\t\t\t$privkey_filename = FileDir::makeCorrectFile('/var/lib/rspamd/dkim/' . $domain['domain'] . '.dkim' . $domain['dkim_id'] . '.key');\n\t\t\t\t$pubkey_filename = FileDir::makeCorrectFile('/var/lib/rspamd/dkim/' . $domain['domain'] . '.dkim' . $domain['dkim_id'] . '.txt');\n\t\t\t}\n\n\t\t\tif (!file_exists($privkey_filename) && $domain['dkim_privkey'] != '') {\n\t\t\t\tfile_put_contents($privkey_filename, $domain['dkim_privkey']);\n\t\t\t\tFileDir::safe_exec(\"chmod 0640 \" . escapeshellarg($privkey_filename));\n\t\t\t\tFileDir::safe_exec(\"chown _rspamd:_rspamd \" . escapeshellarg($privkey_filename));\n\t\t\t}\n\n\t\t\tif (!file_exists($pubkey_filename) && $domain['dkim_pubkey'] != '') {\n\t\t\t\tfile_put_contents($pubkey_filename, $domain['dkim_pubkey']);\n\t\t\t\tFileDir::safe_exec(\"chmod 0644 \" . escapeshellarg($pubkey_filename));\n\t\t\t\tFileDir::safe_exec(\"chown _rspamd:_rspamd \" . escapeshellarg($pubkey_filename));\n\t\t\t}\n\n\t\t\t$dkim_selector_map .= $domain['domain'] . \" dkim\" . $domain['dkim_id'] . \"\\n\";\n\t\t}\n\n\t\t$dkim_selector_file = FileDir::makeCorrectFile('/etc/rspamd/dkim_selectors.map');\n\t\tfile_put_contents($dkim_selector_file, $dkim_selector_map);\n\t}\n\n\tprivate function generateEmailAddrConfig(array $email): void\n\t{\n\t\t$this->logger->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, 'Generating antispam config for ' . $email['email']);\n\n\t\t$email['spam_tag_level'] = floatval($email['spam_tag_level']);\n\t\t$email['spam_kill_level'] = $email['spam_kill_level'] == -1 ? \"null\" : floatval($email['spam_kill_level']);\n\t\t$email_id = md5($email['email']);\n\n\t\t$this->frx_settings_file .= '# Email: ' . $email['email'] . \"\\n\";\n\t\tforeach (['rcpt', 'from'] as $type) {\n\t\t\t$this->frx_settings_file .= 'frx_' . $email_id . '_' . $type . ' {' . \"\\n\";\n\t\t\t$this->frx_settings_file .= '\tid = \"frx_' . $email_id . '_' . $type . '\";' . \"\\n\";\n\t\t\tif ($email['iscatchall']) {\n\t\t\t\t$this->frx_settings_file .= '\tpriority = low;' . \"\\n\";\n\t\t\t\t$this->frx_settings_file .= '\t' . $type . ' = \"' . substr($email['email'], strpos($email['email'], '@')) . '\";' . \"\\n\";\n\t\t\t} else {\n\t\t\t\t$this->frx_settings_file .= '\tpriority = medium;' . \"\\n\";\n\t\t\t\t$this->frx_settings_file .= '\t' . $type . ' = \"' . $email['email'] . '\";' . \"\\n\";\n\t\t\t}\n\t\t\tif ((int)$email['bypass_spam'] == 1) {\n\t\t\t\t$this->frx_settings_file .= '\twant_spam = yes;' . \"\\n\";\n\t\t\t} else {\n\t\t\t\t$this->frx_settings_file .= '\tapply {' . \"\\n\";\n\t\t\t\t$this->frx_settings_file .= '\t\tactions {' . \"\\n\";\n\t\t\t\t$this->frx_settings_file .= '\t\t\t\"add header\" = ' . $email['spam_tag_level'] . ';' . \"\\n\";\n\t\t\t\tif ((int)$email['rewrite_subject'] == 1) {\n\t\t\t\t\t$this->frx_settings_file .= '\t\t\trewrite_subject = ' . ($email['spam_tag_level'] + 0.01) . ';' . \"\\n\";\n\t\t\t\t}\n\t\t\t\t$this->frx_settings_file .= '\t\t\treject = ' . $email['spam_kill_level'] . ';' . \"\\n\";\n\t\t\t\tif ($type == 'rcpt' && (int)$email['policy_greylist'] == 0) {\n\t\t\t\t\t$this->frx_settings_file .= '\t\t\tgreylist = null;' . \"\\n\";\n\t\t\t\t}\n\t\t\t\t$this->frx_settings_file .= '\t\t}' . \"\\n\";\n\t\t\t\t$this->frx_settings_file .= '\t}' . \"\\n\";\n\t\t\t\tif ($type == 'rcpt' && (int)$email['policy_greylist'] == 0) {\n\t\t\t\t\t$this->frx_settings_file .= '\tsymbols [ \"DONT_GREYLIST\" ]' . \"\\n\";\n\t\t\t\t}\n\t\t\t}\n\t\t\t$this->frx_settings_file .= '}' . \"\\n\";\n\t\t}\n\t\t$this->frx_settings_file .= \"\\n\";\n\t}\n\n\tpublic function reloadDaemon()\n\t{\n\t\t// reload DNS daemon\n\t\t$cmd = Settings::Get('antispam.reload_command');\n\t\t$cmdStatus = 1;\n\t\tFileDir::safe_exec(escapeshellcmd($cmd), $cmdStatus);\n\t\tif ($cmdStatus === 0) {\n\t\t\t$this->logger->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'Antispam daemon reloaded');\n\t\t} else {\n\t\t\t$this->logger->logAction(FroxlorLogger::CRON_ACTION, LOG_ERR, 'Error while running `' . $cmd . '`: exit code (' . $cmdStatus . ') - please check your system logs');\n\t\t}\n\t}\n}\n" }, { "path": "lib/Froxlor/Cron/System/ExportCron.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Cron\\System;\n\nuse Exception;\nuse Froxlor\\Cron\\Forkable;\nuse Froxlor\\Cron\\FroxlorCron;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\FileDir;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\Settings;\n\nclass ExportCron extends FroxlorCron\n{\n\tuse Forkable;\n\n\tpublic static function run()\n\t{\n\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'ExportCron: started - creating customer data export');\n\n\t\t$result_tasks_stmt = Database::query(\"\n\t\t\tSELECT * FROM `\" . TABLE_PANEL_TASKS . \"` WHERE `type` = '20' ORDER BY `id` ASC\n\t\t\");\n\t\t$all_jobs = $result_tasks_stmt->fetchAll();\n\n\t\tif (!empty($all_jobs)) {\n\t\t\tself::runFork([self::class, 'handle'], $all_jobs);\n\t\t}\n\t}\n\n\tpublic static function handle(array $row)\n\t{\n\t\t$del_stmt = Database::prepare(\"DELETE FROM `\" . TABLE_PANEL_TASKS . \"` WHERE `id` = :id\");\n\t\t$cronlog = FroxlorLogger::getInstanceOf();\n\n\t\tif ($row['data'] != '') {\n\t\t\t$row['data'] = json_decode($row['data'], true);\n\t\t}\n\n\t\tif (is_array($row['data'])) {\n\t\t\tif (isset($row['data']['customerid']) && isset($row['data']['loginname']) && isset($row['data']['destdir'])) {\n\t\t\t\t$row['data']['destdir'] = FileDir::makeCorrectDir($row['data']['destdir']);\n\t\t\t\t$customerdocroot = FileDir::makeCorrectDir(Settings::Get('system.documentroot_prefix') . '/' . $row['data']['loginname'] . '/');\n\n\t\t\t\t// create folder if not exists\n\t\t\t\tif (!file_exists($row['data']['destdir']) && $row['data']['destdir'] != '/' && $row['data']['destdir'] != Settings::Get('system.documentroot_prefix') && $row['data']['destdir'] != $customerdocroot) {\n\t\t\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, 'Creating data export destination path for customer: ' . escapeshellarg($row['data']['destdir']));\n\t\t\t\t\tFileDir::safe_exec('mkdir -p ' . escapeshellarg($row['data']['destdir']));\n\t\t\t\t}\n\n\t\t\t\tself::createCustomerExport($row['data'], $customerdocroot, $cronlog);\n\t\t\t}\n\t\t}\n\n\t\t// remove entry\n\t\tDatabase::pexecute($del_stmt, [\n\t\t\t'id' => $row['id']\n\t\t]);\n\t}\n\n\t/**\n\t * depending on the give choice, the customers web-data, email-data and databases are being exported\n\t *\n\t * @param array $data\n\t *\n\t * @return void\n\t *\n\t * @throws Exception\n\t */\n\tprivate static function createCustomerExport($data = null, $customerdocroot = null, &$cronlog = null)\n\t{\n\t\t$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_NOTICE, 'Creating data export for user \"' . $data['loginname'] . '\"');\n\n\t\t// create tmp folder\n\t\t$tmpdir = FileDir::makeCorrectDir($data['destdir'] . '/.tmp/');\n\t\t$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, 'Creating tmp-folder \"' . $tmpdir . '\"');\n\t\t$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, 'shell> mkdir -p ' . escapeshellarg($tmpdir));\n\t\tFileDir::safe_exec('mkdir -p ' . escapeshellarg($tmpdir));\n\t\t$create_export_tar_data = \"\";\n\n\t\t// MySQL databases\n\t\tif ($data['dump_dbs'] == 1) {\n\t\t\t$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, 'Creating mysql-folder \"' . FileDir::makeCorrectDir($tmpdir . '/mysql') . '\"');\n\t\t\t$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, 'shell> mkdir -p ' . escapeshellarg(FileDir::makeCorrectDir($tmpdir . '/mysql')));\n\t\t\tFileDir::safe_exec('mkdir -p ' . escapeshellarg(FileDir::makeCorrectDir($tmpdir . '/mysql')));\n\n\t\t\t// get all customer database-names\n\t\t\t$sel_stmt = Database::prepare(\"SELECT `databasename`, `dbserver` FROM `\" . TABLE_PANEL_DATABASES . \"` WHERE `customerid` = :cid ORDER BY `dbserver`\");\n\t\t\tDatabase::pexecute($sel_stmt, [\n\t\t\t\t'cid' => $data['customerid']\n\t\t\t]);\n\n\t\t\t$has_dbs = false;\n\t\t\t$current_dbserver = -1;\n\n\t\t\t// look for mysqldump\n\t\t\t$section = 'mysqldump';\n\t\t\tif (file_exists(\"/usr/bin/mysqldump\")) {\n\t\t\t\t$mysql_dump = '/usr/bin/mysqldump';\n\t\t\t} elseif (file_exists(\"/usr/local/bin/mysqldump\")) {\n\t\t\t\t$mysql_dump = '/usr/local/bin/mysqldump';\n\t\t\t} elseif (file_exists(\"/usr/bin/mariadb-dump\")) {\n\t\t\t\t$mysql_dump = '/usr/bin/mariadb-dump';\n\t\t\t\t$section = 'mariadb-dump';\n\t\t\t}\n\t\t\tif (!isset($mysql_dump)) {\n\t\t\t\t$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_ERR, 'mysqldump/mariadb-dump executable could not be found. Please install mysql-client/mariadb-client package.');\n\t\t\t} else {\n\n\t\t\t\twhile ($row = $sel_stmt->fetch()) {\n\t\t\t\t\t// Get sql_root data for the specific database-server the database resides on\n\t\t\t\t\tif ($current_dbserver != $row['dbserver']) {\n\t\t\t\t\t\tDatabase::needRoot(true, $row['dbserver']);\n\t\t\t\t\t\tDatabase::needSqlData();\n\t\t\t\t\t\t$sql_root = Database::getSqlData();\n\t\t\t\t\t\tDatabase::needRoot(false);\n\t\t\t\t\t\t// create temporary mysql-defaults file for the connection-credentials/details\n\t\t\t\t\t\t$mysqlcnf_file = tempnam(\"/tmp\", \"frx\");\n\t\t\t\t\t\t$mysqlcnf = \"[\".$section.\"]\\npassword=\" . $sql_root['passwd'] . \"\\nhost=\" . $sql_root['host'] . \"\\n\";\n\t\t\t\t\t\tif (!empty($sql_root['port'])) {\n\t\t\t\t\t\t\t$mysqlcnf .= \"port=\" . $sql_root['port'] . \"\\n\";\n\t\t\t\t\t\t} elseif (!empty($sql_root['socket'])) {\n\t\t\t\t\t\t\t$mysqlcnf .= \"socket=\" . $sql_root['socket'] . \"\\n\";\n\t\t\t\t\t\t}\n\t\t\t\t\t\tfile_put_contents($mysqlcnf_file, $mysqlcnf);\n\t\t\t\t\t}\n\t\t\t\t\t$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, 'shell> '.basename($mysql_dump) . ' -u ' . escapeshellarg($sql_root['user']) . ' -pXXXXX ' . $row['databasename'] . ' > ' . FileDir::makeCorrectFile($tmpdir . '/mysql/' . $row['databasename'] . '_' . date('YmdHi', time()) . '.sql'));\n\t\t\t\t\t$bool_false = false;\n\t\t\t\t\tFileDir::safe_exec($mysql_dump . ' --defaults-file=' . escapeshellarg($mysqlcnf_file) . ' -u ' . escapeshellarg($sql_root['user']) . ' ' . $row['databasename'] . ' > ' . FileDir::makeCorrectFile($tmpdir . '/mysql/' . $row['databasename'] . '_' . date('YmdHi', time()) . '.sql'), $bool_false, [\n\t\t\t\t\t\t'>'\n\t\t\t\t\t]);\n\t\t\t\t\t$has_dbs = true;\n\t\t\t\t\t$current_dbserver = $row['dbserver'];\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tif ($has_dbs) {\n\t\t\t\t$create_export_tar_data .= './mysql ';\n\t\t\t}\n\n\t\t\tif (file_exists($mysqlcnf_file)) {\n\t\t\t\tunlink($mysqlcnf_file);\n\t\t\t}\n\n\t\t\tunset($sql_root);\n\t\t}\n\n\t\t// E-mail data\n\t\tif ($data['dump_mail'] == 1) {\n\t\t\t$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, 'Creating mail-folder \"' . FileDir::makeCorrectDir($tmpdir . '/mail') . '\"');\n\t\t\tFileDir::safe_exec('mkdir -p ' . escapeshellarg(FileDir::makeCorrectDir($tmpdir . '/mail')));\n\n\t\t\t// get all customer mail-accounts\n\t\t\t$sel_stmt = Database::prepare(\"SELECT `homedir`, `maildir` FROM `\" . TABLE_MAIL_USERS . \"` WHERE `customerid` = :cid\");\n\t\t\tDatabase::pexecute($sel_stmt, [\n\t\t\t\t'cid' => $data['customerid']\n\t\t\t]);\n\n\t\t\t$tar_file_list = \"\";\n\t\t\t$mail_homedir = \"\";\n\t\t\twhile ($row = $sel_stmt->fetch()) {\n\t\t\t\t$tar_file_list .= escapeshellarg(\"./\" . $row['maildir']) . \" \";\n\t\t\t\t$mail_homedir = $row['homedir'];\n\t\t\t}\n\n\t\t\tif (!empty($tar_file_list)) {\n\t\t\t\t$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, 'shell> tar cfvz ' . escapeshellarg(FileDir::makeCorrectFile($tmpdir . '/mail/' . $data['loginname'] . '-mail.tar.gz')) . ' -C ' . escapeshellarg($mail_homedir) . ' ' . trim($tar_file_list));\n\t\t\t\tFileDir::safe_exec('tar cfz ' . escapeshellarg(FileDir::makeCorrectFile($tmpdir . '/mail/' . $data['loginname'] . '-mail.tar.gz')) . ' -C ' . escapeshellarg($mail_homedir) . ' ' . trim($tar_file_list));\n\t\t\t\t$create_export_tar_data .= './mail ';\n\t\t\t}\n\t\t}\n\n\t\t// Web data\n\t\tif ($data['dump_web'] == 1) {\n\t\t\t$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, 'Creating web-folder \"' . FileDir::makeCorrectDir($tmpdir . '/web') . '\"');\n\t\t\tFileDir::safe_exec('mkdir -p ' . escapeshellarg(FileDir::makeCorrectDir($tmpdir . '/web')));\n\t\t\t$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, 'shell> tar cfz ' . escapeshellarg(FileDir::makeCorrectFile($tmpdir . '/web/' . $data['loginname'] . '-web.tar.gz')) . ' --exclude=' . escapeshellarg(str_replace($customerdocroot, \"./\", FileDir::makeCorrectFile($tmpdir . '/*'))) . ' --exclude=' . escapeshellarg(str_replace($customerdocroot, \"./\", substr(FileDir::makeCorrectDir($tmpdir), 0, -1))) . ' -C ' . escapeshellarg($customerdocroot) . ' .');\n\t\t\tFileDir::safe_exec('tar cfz ' . escapeshellarg(FileDir::makeCorrectFile($tmpdir . '/web/' . $data['loginname'] . '-web.tar.gz')) . ' --exclude=' . escapeshellarg(str_replace($customerdocroot, \"./\", FileDir::makeCorrectFile($tmpdir . '/*'))) . ' --exclude=' . escapeshellarg(str_replace($customerdocroot, \"./\", substr(FileDir::makeCorrectFile($tmpdir), 0, -1))) . ' -C ' . escapeshellarg($customerdocroot) . ' .');\n\t\t\t$create_export_tar_data .= './web ';\n\t\t}\n\n\t\tif (!empty($create_export_tar_data)) {\n\t\t\t// set owner to customer\n\t\t\t$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, 'shell> chown -R ' . (int)$data['uid'] . ':' . (int)$data['gid'] . ' ' . escapeshellarg($tmpdir));\n\t\t\tFileDir::safe_exec('chown -R ' . (int)$data['uid'] . ':' . (int)$data['gid'] . ' ' . escapeshellarg($tmpdir));\n\t\t\t// create tar-file\n\t\t\t$export_file = FileDir::makeCorrectFile($tmpdir . '/' . $data['loginname'] . '-export_' . date('YmdHi', time()) . '.tar.gz' . (!empty($data['pgp_public_key']) ? '.gpg' : ''));\n\t\t\t$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'Creating export-file \"' . $export_file . '\"');\n\t\t\tif (!empty($data['pgp_public_key'])) {\n\t\t\t\t// pack all archives in tmp-dir to one archive and encrypt it with gpg\n\t\t\t\t$recipient_file = FileDir::makeCorrectFile($tmpdir . '/' . $data['loginname'] . '-recipients.gpg');\n\t\t\t\t$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'Creating recipient-file \"' . $recipient_file . '\"');\n\t\t\t\tfile_put_contents($recipient_file, $data['pgp_public_key']);\n\t\t\t\t$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, 'shell> tar cfz - -C ' . escapeshellarg($tmpdir) . ' ' . trim($create_export_tar_data) . ' | gpg --encrypt --recipient-file ' . escapeshellarg($recipient_file) . ' --output ' . escapeshellarg($export_file) . ' --trust-model always --batch --yes');\n\t\t\t\tFileDir::safe_exec('tar cfz - -C ' . escapeshellarg($tmpdir) . ' ' . trim($create_export_tar_data) . ' | gpg --encrypt --recipient-file ' . escapeshellarg($recipient_file) . ' --output ' . escapeshellarg($export_file) . ' --trust-model always --batch --yes', $return_value, ['|']);\n\t\t\t} else {\n\t\t\t\t// pack all archives in tmp-dir to one archive\n\t\t\t\t$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, 'shell> tar cfz ' . escapeshellarg($export_file) . ' -C ' . escapeshellarg($tmpdir) . ' ' . trim($create_export_tar_data));\n\t\t\t\tFileDir::safe_exec('tar cfz ' . escapeshellarg($export_file) . ' -C ' . escapeshellarg($tmpdir) . ' ' . trim($create_export_tar_data));\n\t\t\t}\n\t\t\t// move to destination directory\n\t\t\t$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, 'shell> mv ' . escapeshellarg($export_file) . ' ' . escapeshellarg($data['destdir']));\n\t\t\tFileDir::safe_exec('mv ' . escapeshellarg($export_file) . ' ' . escapeshellarg($data['destdir']));\n\t\t\t// remove tmp-files\n\t\t\t$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, 'shell> rm -rf ' . escapeshellarg($tmpdir));\n\t\t\tFileDir::safe_exec('rm -rf ' . escapeshellarg($tmpdir));\n\t\t\t// set owner to customer\n\t\t\t$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, 'shell> chown -R ' . (int)$data['uid'] . ':' . (int)$data['gid'] . ' ' . escapeshellarg($data['destdir']));\n\t\t\tif (is_link(rtrim($data['destdir'], '/'))) {\n\t\t\t\t$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_ERR, 'Export destination is a symlink, skipping chown for security: ' . $data['destdir']);\n\t\t\t} else {\n\t\t\t\tFileDir::safe_exec('chown -R ' . (int)$data['uid'] . ':' . (int)$data['gid'] . ' ' . escapeshellarg($data['destdir']));\n\t\t\t}\n\t\t}\n\t}\n}\n" }, { "path": "lib/Froxlor/Cron/System/Extrausers.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Cron\\System;\n\nuse Froxlor\\Customer\\Customer;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\Settings;\nuse Froxlor\\User;\nuse PDO;\n\nclass Extrausers\n{\n\n\tpublic static function generateFiles(&$cronlog)\n\t{\n\t\t// passwd\n\t\t$passwd = '/var/lib/extrausers/passwd';\n\t\t$sql = \"SELECT customerid,username,'x' as password,uid,gid,'Froxlor User' as comment,homedir,shell, login_enabled FROM ftp_users ORDER BY uid, LENGTH(username) ASC\";\n\t\t$users_list = [];\n\t\tself::generateFile($passwd, $sql, $cronlog, $users_list);\n\n\t\t// group\n\t\t$group = '/var/lib/extrausers/group';\n\t\t$sql = \"SELECT groupname,'x' as password,gid,members FROM ftp_groups ORDER BY gid ASC\";\n\t\tself::generateFile($group, $sql, $cronlog, $users_list);\n\n\t\t// shadow\n\t\t$shadow = '/var/lib/extrausers/shadow';\n\t\t$sql = \"SELECT username,password FROM ftp_users ORDER BY gid ASC\";\n\t\tself::generateFile($shadow, $sql, $cronlog);\n\n\t\t// set correct permissions\n\t\t@chmod('/var/lib/extrausers/', 0755);\n\t\t@chmod('/var/lib/extrausers/passwd', 0644);\n\t\t@chmod('/var/lib/extrausers/group', 0644);\n\t\t@chmod('/var/lib/extrausers/shadow', 0640);\n\n\t\tSshKeys::generateFiles($cronlog);\n\t}\n\n\tprivate static function generateFile($file, $query, &$cronlog, &$result_list = null)\n\t{\n\t\t$type = basename($file);\n\t\t$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_NOTICE, 'Creating ' . $type . ' file');\n\n\t\tif (!file_exists($file)) {\n\t\t\t$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_NOTICE, $type . ' file does not yet exist');\n\t\t\t@mkdir(dirname($file), 0750, true);\n\t\t\ttouch($file);\n\t\t}\n\n\t\t$data_sel_stmt = Database::query($query);\n\t\t$data_content = \"\";\n\t\t$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_NOTICE, 'Writing ' . $data_sel_stmt->rowCount() . ' entries to ' . $type . ' file');\n\t\twhile ($u = $data_sel_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\tswitch ($type) {\n\t\t\t\tcase 'passwd':\n\t\t\t\t\t// get user real name\n\t\t\t\t\t$salutation_array = [\n\t\t\t\t\t\t'firstname' => Customer::getCustomerDetail($u['customerid'], 'firstname'),\n\t\t\t\t\t\t'name' => Customer::getCustomerDetail($u['customerid'], 'name'),\n\t\t\t\t\t\t'company' => Customer::getCustomerDetail($u['customerid'], 'company')\n\t\t\t\t\t];\n\t\t\t\t\t$u['comment'] = self::cleanString(User::getCorrectUserSalutation($salutation_array));\n\t\t\t\t\tif ($u['login_enabled'] != 'Y') {\n\t\t\t\t\t\t$u['password'] = '*';\n\t\t\t\t\t\t$u['shell'] = '/bin/false';\n\t\t\t\t\t\t$u['comment'] = 'Locked Froxlor User';\n\t\t\t\t\t}\n\t\t\t\t\tif (Customer::getCustomerDetail($u['customerid'], 'shell_allowed') == '0') {\n\t\t\t\t\t\t$u['shell'] = '/bin/false';\n\t\t\t\t\t}\n\t\t\t\t\t$line = $u['username'] . ':' . $u['password'] . ':' . $u['uid'] . ':' . $u['gid'] . ':' . $u['comment'] . ':' . $u['homedir'] . ':' . $u['shell'] . PHP_EOL;\n\t\t\t\t\tif (is_array($result_list)) {\n\t\t\t\t\t\t$result_list[] = $u['username'];\n\t\t\t\t\t}\n\t\t\t\t\tbreak;\n\t\t\t\tcase 'group':\n\t\t\t\t\t$line = $u['groupname'] . ':' . $u['password'] . ':' . $u['gid'] . ':' . $u['members'] . PHP_EOL;\n\t\t\t\t\tbreak;\n\t\t\t\tcase 'shadow':\n\t\t\t\t\t$line = $u['username'] . ':' . $u['password'] . ':' . floor(time() / 86400 - 1) . ':0:99999:7:::' . PHP_EOL;\n\t\t\t\t\tbreak;\n\t\t\t}\n\t\t\t$data_content .= $line;\n\t\t}\n\n\t\t// check for local group to generate\n\t\tif ($type == 'group' && Settings::Get('system.froxlorusergroup') != '') {\n\t\t\t$guid = intval(Settings::Get('system.froxlorusergroup_gid'));\n\t\t\tif (empty($guid)) {\n\t\t\t\t$guid = intval(Settings::Get('system.lastguid')) + 1;\n\t\t\t\tSettings::Set('system.lastguid', $guid, true);\n\t\t\t\tSettings::Set('system.froxlorusergroup_gid', $guid, true);\n\t\t\t}\n\t\t\t$line = Settings::Get('system.froxlorusergroup') . ':x:' . $guid . ':' . implode(',', $result_list) . PHP_EOL;\n\t\t\t$data_content .= $line;\n\t\t}\n\n\t\tif (file_put_contents($file, $data_content) !== false) {\n\t\t\t$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_NOTICE, 'Succesfully wrote ' . $type . ' file');\n\t\t} else {\n\t\t\t$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_NOTICE, 'Error when writing ' . $type . ' file entries');\n\t\t}\n\t}\n\n\tprivate static function cleanString($string = null)\n\t{\n\t\t$allowed = \"/[^a-z0-9\\\\.\\\\-\\\\_\\\\ ]/i\";\n\t\treturn preg_replace($allowed, \"\", $string);\n\t}\n}\n" }, { "path": "lib/Froxlor/Cron/System/MailboxsizeCron.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Cron\\System;\n\nuse Froxlor\\Cron\\FroxlorCron;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\FileDir;\nuse Froxlor\\FroxlorLogger;\nuse PDO;\n\nclass MailboxsizeCron extends FroxlorCron\n{\n\n\tpublic static function run()\n\t{\n\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_NOTICE, 'calculating mailspace usage');\n\n\t\t$maildirs_stmt = Database::query(\"\n\t\t\tSELECT `id`, CONCAT(`homedir`, `maildir`) AS `maildirpath` FROM `\" . TABLE_MAIL_USERS . \"` ORDER BY `id`\n\t\t\");\n\n\t\t$upd_stmt = Database::prepare(\"\n\t\t\tUPDATE `\" . TABLE_MAIL_USERS . \"` SET `mboxsize` = :size WHERE `id` = :id\n\t\t\");\n\n\t\twhile ($maildir = $maildirs_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t$_maildir = FileDir::makeCorrectDir($maildir['maildirpath']);\n\n\t\t\tif (file_exists($_maildir) && is_dir($_maildir)) {\n\n\t\t\t\t// compute actual maildirsize with `du`\n\t\t\t\t// mail-address allows many special characters, see http://en.wikipedia.org/wiki/Email_address#Local_part\n\t\t\t\t$return = false;\n\t\t\t\t$back = FileDir::safe_exec('du -sk ' . escapeshellarg($_maildir), $return, [\n\t\t\t\t\t'|',\n\t\t\t\t\t'&',\n\t\t\t\t\t'`',\n\t\t\t\t\t'$',\n\t\t\t\t\t'~',\n\t\t\t\t\t'?'\n\t\t\t\t]);\n\t\t\t\tforeach ($back as $backrow) {\n\t\t\t\t\t$emailusage = explode(' ', $backrow);\n\t\t\t\t}\n\t\t\t\t$emailusage = floatval($emailusage['0']);\n\n\t\t\t\t// as freebsd does not have the -b flag for 'du' which gives\n\t\t\t\t// the size in bytes, we use \"-sk\" for all and calculate from KiB\n\t\t\t\t$emailusage *= 1024;\n\n\t\t\t\tunset($back);\n\n\t\t\t\tDatabase::pexecute($upd_stmt, [\n\t\t\t\t\t'size' => $emailusage,\n\t\t\t\t\t'id' => $maildir['id']\n\t\t\t\t]);\n\t\t\t} else {\n\t\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_WARNING, 'maildir ' . $_maildir . ' does not exist');\n\t\t\t}\n\t\t}\n\t}\n}\n" }, { "path": "lib/Froxlor/Cron/System/SshKeys.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Cron\\System;\n\nuse Froxlor\\Database\\Database;\nuse Froxlor\\FileDir;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\Settings;\nuse PDO;\n\nclass SshKeys\n{\n\t/**\n\t * @throws \\Exception\n\t */\n\tpublic static function generateFiles(&$cronlog)\n\t{\n\t\tif (intval(Settings::Get('system.allow_customer_shell')) == 0) {\n\t\t\treturn;\n\t\t}\n\n\t\t// authorized_keys\n\t\t$sel_stmt = Database::prepare(\"\n\t\t\tSELECT id,customerid,username,homedir,uid,gid,shell,login_enabled\n\t\t\tFROM `\" . TABLE_FTP_USERS . \"`\n\t\t\tORDER BY uid, LENGTH(username) ASC\n\t\t\");\n\t\tDatabase::pexecute($sel_stmt);\n\t\t$sshkeys_sel_stmt = Database::prepare(\"\n\t\t\tSELECT `id`, `ssh_pubkey` FROM `\" . TABLE_PANEL_USER_SSHKEYS . \"` WHERE `ftp_user_id` = :fuid AND `customerid` = :cid\n\t\t\");\n\t\twhile ($usr = $sel_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t$userHomeDir = FileDir::makeCorrectDir($usr['homedir'] . '/.ssh', $usr['homedir']);\n\t\t\t$authkeysfile = FileDir::makeCorrectFile($userHomeDir . '/authorized_keys', $usr['homedir']);\n\t\t\t$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_NOTICE, 'Creating file ' . $authkeysfile);\n\t\t\t// remove all entries with 'froxlor:id=...'\n\t\t\tself::removeFroxlorKeys($authkeysfile, $cronlog);\n\t\t\t// get keys\n\t\t\tDatabase::pexecute($sshkeys_sel_stmt, ['fuid' => $usr['id'], 'cid' => $usr['customerid']]);\n\t\t\tif ($sshkeys_sel_stmt->rowCount() > 0) {\n\t\t\t\tif (!file_exists(dirname($authkeysfile))) {\n\t\t\t\t\t@mkdir(dirname($authkeysfile), 0700);\n\t\t\t\t}\n\t\t\t\tif (!file_exists($authkeysfile)) {\n\t\t\t\t\t@touch($authkeysfile);\n\t\t\t\t}\n\n\t\t\t\twhile ($sshkey = $sshkeys_sel_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t\t// normalize: Algo + Base64 part (remove comment)\n\t\t\t\t\t$parts = preg_split('/\\s+/', trim($sshkey['ssh_pubkey']), 3);\n\t\t\t\t\tif (count($parts) < 2) {\n\t\t\t\t\t\t// Invalid public key format\n\t\t\t\t\t\tcontinue;\n\t\t\t\t\t}\n\t\t\t\t\t$normalized = $parts[0] . ' ' . $parts[1];\n\n\t\t\t\t\t// Datei lesen (falls sie schon existiert)\n\t\t\t\t\t$existing = [];\n\t\t\t\t\tif (file_exists($authkeysfile)) {\n\t\t\t\t\t\t$lines = file($authkeysfile, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);\n\t\t\t\t\t\tforeach ($lines as $line) {\n\t\t\t\t\t\t\t$lineParts = preg_split('/\\s+/', trim($line), 3);\n\t\t\t\t\t\t\tif (count($lineParts) >= 2) {\n\t\t\t\t\t\t\t\t$existing[] = $lineParts[0] . ' ' . $lineParts[1];\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\n\t\t\t\t\t// does the key exist already?\n\t\t\t\t\tif (in_array($normalized, $existing, true)) {\n\t\t\t\t\t\t// skip\n\t\t\t\t\t\tcontinue;\n\t\t\t\t\t}\n\n\t\t\t\t\t// add key\n\t\t\t\t\t$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_NOTICE, 'Adding ssh-key for user ' . $usr['username']);\n\t\t\t\t\tfile_put_contents($authkeysfile, trim($sshkey['ssh_pubkey']) . \" froxlor:id=\" . $sshkey['id'] . \"\\n\", FILE_APPEND | LOCK_EX);\n\t\t\t\t}\n\t\t\t}\n\t\t\t@chmod(dirname($authkeysfile), 0700);\n\t\t\t@chown(dirname($authkeysfile), $usr['uid']);\n\t\t\t@chgrp(dirname($authkeysfile), $usr['gid']);\n\t\t\t@chmod($authkeysfile, 0600);\n\t\t\t@chown($authkeysfile, $usr['uid']);\n\t\t\t@chgrp($authkeysfile, $usr['gid']);\n\t\t}\n\t}\n\n\tprivate static function removeFroxlorKeys(string $authFile, &$cronlog): bool\n\t{\n\t\tif (!file_exists($authFile)) {\n\t\t\treturn false;\n\t\t}\n\n\t\t$lines = file($authFile, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);\n\t\t$newLines = [];\n\n\t\tforeach ($lines as $line) {\n\t\t\t// kill whitespaces\n\t\t\t$trim = trim($line);\n\n\t\t\t// if comment 'froxlor:id=' skip line\n\t\t\t$matches = [];\n\t\t\tif (preg_match('/\\bfroxlor:id=(.+)/', $trim, $matches)) {\n\t\t\t\t$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, 'Removing ' . $matches[0]);\n\t\t\t\tcontinue;\n\t\t\t}\n\n\t\t\tif (!empty($trim)) {\n\t\t\t\t$newLines[] = $line;\n\t\t\t}\n\t\t}\n\n\t\t// use LOCK_EX to avoid race\n\t\tif (empty($newLines)) {\n\t\t\t// empty file, we can safely remove it\n\t\t\t@unlink($authFile);\n\t\t} else {\n\t\t\t// keep existing (non-froxlor-managed entries)\n\t\t\tfile_put_contents($authFile, implode(\"\\n\", $newLines) . \"\\n\", LOCK_EX);\n\t\t}\n\t\treturn true;\n\t}\n}\n" }, { "path": "lib/Froxlor/Cron/System/TasksCron.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Cron\\System;\n\nuse Exception;\nuse Froxlor\\Cron\\FroxlorCron;\nuse Froxlor\\Cron\\Http\\ConfigIO;\nuse Froxlor\\Cron\\Http\\HttpConfigBase;\nuse Froxlor\\Cron\\Http\\LetsEncrypt\\AcmeSh;\nuse Froxlor\\Cron\\Mail\\Rspamd;\nuse Froxlor\\Cron\\TaskId;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\Dns\\PowerDNS;\nuse Froxlor\\Domain\\Domain;\nuse Froxlor\\FileDir;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\Settings;\nuse PDO;\n\nclass TasksCron extends FroxlorCron\n{\n\n\t/**\n\t * @throws Exception\n\t */\n\tpublic static function run()\n\t{\n\t\t/**\n\t\t * LOOK INTO TASKS TABLE TO SEE IF THERE ARE ANY UNDONE JOBS\n\t\t */\n\t\tself::$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, \"TasksCron: Searching for tasks to do\");\n\t\t// no type 99 (regenerate cron.d-file) and no type 20 (customer data export)\n\t\t// order by type descending to re-create bind and then webserver at the end\n\t\t$result_tasks_stmt = Database::query(\"\n\t\t\tSELECT `id`, `type`, `data` FROM `\" . TABLE_PANEL_TASKS . \"` WHERE `type` <> '99' AND `type` <> '20' ORDER BY `type` DESC, `id` ASC\n\t\t\");\n\t\t$num_results = Database::num_rows();\n\t\t$resultIDs = [];\n\n\t\twhile ($row = $result_tasks_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t$resultIDs[] = $row['id'];\n\n\t\t\tif ($row['data'] != '') {\n\t\t\t\t$row['data'] = json_decode($row['data'], true);\n\t\t\t}\n\n\t\t\tif ($row['type'] == TaskId::REBUILD_VHOST) {\n\t\t\t\t/**\n\t\t\t\t * TYPE=1 MEANS TO REBUILD APACHE VHOSTS.CONF\n\t\t\t\t */\n\t\t\t\tself::rebuildWebserverConfigs();\n\t\t\t} elseif ($row['type'] == TaskId::CREATE_HOME) {\n\t\t\t\t/**\n\t\t\t\t * TYPE=2 MEANS TO CREATE A NEW HOME AND CHOWN\n\t\t\t\t */\n\t\t\t\tself::createNewHome($row);\n\t\t\t} elseif ($row['type'] == TaskId::REBUILD_DNS && (int)Settings::Get('system.bind_enable') != 0) {\n\t\t\t\t/**\n\t\t\t\t * TYPE=4 MEANS THAT SOMETHING IN THE BIND CONFIG HAS CHANGED.\n\t\t\t\t * REBUILD froxlor_bind.conf IF BIND IS ENABLED\n\t\t\t\t */\n\t\t\t\tself::rebuildDnsConfigs();\n\t\t\t} elseif ($row['type'] == TaskId::CREATE_FTP) {\n\t\t\t\t/**\n\t\t\t\t * TYPE=5 MEANS THAT A NEW FTP-ACCOUNT HAS BEEN CREATED, CREATE THE DIRECTORY\n\t\t\t\t */\n\t\t\t\tself::createNewFtpHome($row);\n\t\t\t} elseif ($row['type'] == TaskId::DELETE_CUSTOMER_FILES) {\n\t\t\t\t/**\n\t\t\t\t * TYPE=6 MEANS THAT A CUSTOMER HAS BEEN DELETED AND THAT WE HAVE TO REMOVE ITS FILES\n\t\t\t\t */\n\t\t\t\tself::deleteCustomerData($row);\n\t\t\t} elseif ($row['type'] == TaskId::DELETE_EMAIL_DATA) {\n\t\t\t\t/**\n\t\t\t\t * TYPE=7 Customer deleted an email account and wants the data to be deleted on the filesystem\n\t\t\t\t */\n\t\t\t\tself::deleteEmailData($row);\n\t\t\t} elseif ($row['type'] == TaskId::DELETE_FTP_DATA) {\n\t\t\t\t/**\n\t\t\t\t * TYPE=8 Customer deleted a ftp account and wants the homedir to be deleted on the filesystem\n\t\t\t\t * refs #293\n\t\t\t\t */\n\t\t\t\tself::deleteFtpData($row);\n\t\t\t} elseif ($row['type'] == TaskId::REBUILD_RSPAMD && (int)Settings::Get('antispam.activated') != 0) {\n\t\t\t\t/**\n\t\t\t\t * TYPE=9 Rebuild antispam config\n\t\t\t\t */\n\t\t\t\tself::rebuildAntiSpamConfigs();\n\t\t\t} elseif ($row['type'] == TaskId::CREATE_QUOTA && (int)Settings::Get('system.diskquota_enabled') != 0) {\n\t\t\t\t/**\n\t\t\t\t * TYPE=10 Set the filesystem - quota\n\t\t\t\t */\n\t\t\t\tself::setFilesystemQuota();\n\t\t\t} elseif ($row['type'] == TaskId::DELETE_DOMAIN_PDNS && Settings::Get('system.dns_server') == 'PowerDNS') {\n\t\t\t\t/**\n\t\t\t\t * TYPE=11 domain has been deleted, remove from pdns database if used\n\t\t\t\t */\n\t\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_NOTICE, \"Removing PowerDNS entries for domain \" . $row['data']['domain']);\n\t\t\t\tPowerDNS::cleanDomainZone($row['data']['domain']);\n\t\t\t} elseif ($row['type'] == TaskId::DELETE_DOMAIN_SSL) {\n\t\t\t\t/**\n\t\t\t\t * TYPE=12 domain has been deleted, remove from acme.sh/let's encrypt directory if used\n\t\t\t\t */\n\t\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_NOTICE, \"Removing Let's Encrypt entries for domain \" . $row['data']['domain']);\n\t\t\t\tDomain::doLetsEncryptCleanUp($row['data']['domain']);\n\t\t\t} elseif ($row['type'] == TaskId::UPDATE_LE_SERVICES) {\n\t\t\t\t/**\n\t\t\t\t * TYPE=13 set configuration for selected services regarding the use of Let's Encrypt certificate\n\t\t\t\t */\n\t\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_NOTICE, \"Updating Let's Encrypt configuration for selected services\");\n\t\t\t\tAcmeSh::renewHookConfigs(FroxlorLogger::getInstanceOf());\n\t\t\t} elseif ($row['type'] == TaskId::REBUILD_NSSUSERS) {\n\t\t\t\t/**\n\t\t\t\t * TYPE=14 regenerate libnss users/groups\n\t\t\t\t */\n\t\t\t\tself::refreshUsers();\n\t\t\t}\n\t\t}\n\n\t\tif ($num_results != 0) {\n\t\t\t$where = [];\n\t\t\t$where_data = [];\n\t\t\tforeach ($resultIDs as $id) {\n\t\t\t\t$where[] = \"`id` = :id_\" . (int)$id;\n\t\t\t\t$where_data['id_' . $id] = $id;\n\t\t\t}\n\t\t\t$where = implode(' OR ', $where);\n\t\t\t$del_stmt = Database::prepare(\"DELETE FROM `\" . TABLE_PANEL_TASKS . \"` WHERE \" . $where);\n\t\t\tDatabase::pexecute($del_stmt, $where_data);\n\t\t\tunset($resultIDs);\n\t\t\tunset($where);\n\t\t}\n\n\t\tDatabase::query(\"UPDATE `\" . TABLE_PANEL_SETTINGS . \"` SET `value` = UNIX_TIMESTAMP() WHERE `settinggroup` = 'system' AND `varname` = 'last_tasks_run';\");\n\t}\n\n\tprivate static function rebuildWebserverConfigs()\n\t{\n\t\tif (Settings::Get('system.webserver') == \"apache2\") {\n\t\t\t$websrv = '\\\\Froxlor\\\\Cron\\\\Http\\\\Apache';\n\t\t\tif (Settings::Get('system.mod_fcgid') == 1 || Settings::Get('phpfpm.enabled') == 1) {\n\t\t\t\t$websrv .= 'Fcgi';\n\t\t\t}\n\t\t} elseif (Settings::Get('system.webserver') == \"nginx\") {\n\t\t\t$websrv = '\\\\Froxlor\\\\Cron\\\\Http\\\\Nginx';\n\t\t\tif (Settings::Get('phpfpm.enabled') == 1) {\n\t\t\t\t$websrv .= 'Fcgi';\n\t\t\t}\n\t\t}\n\n\t\t// get configuration-I/O object\n\t\t$configio = new ConfigIO();\n\t\t// get webserver object\n\t\t$webserver = new $websrv();\n\n\t\tif ($webserver instanceof HttpConfigBase) {\n\t\t\t$webserver->init();\n\t\t\t// clean up old configs\n\t\t\t$configio->cleanUp();\n\t\t\t$webserver->createIpPort();\n\t\t\t$webserver->createVirtualHosts();\n\t\t\t$webserver->createFileDirOptions();\n\t\t\t$webserver->writeConfigs();\n\t\t\t$webserver->createOwnVhostStarter();\n\t\t\t$webserver->reload();\n\t\t} else {\n\t\t\techo \"Please check you Webserver settings\\n\";\n\t\t}\n\n\t\t// if we use php-fpm and have a local user for froxlor, we need to\n\t\t// add the webserver-user to the local-group in order to allow the webserver\n\t\t// to access the fpm-socket\n\t\tif (Settings::Get('phpfpm.enabled') == 1 && function_exists(\"posix_getgrnam\")) {\n\t\t\t// get group info about the local-user's group (e.g. froxlorlocal)\n\t\t\t$groupinfo = posix_getgrnam(Settings::Get('phpfpm.vhost_httpgroup'));\n\t\t\t// check group members\n\t\t\tif (isset($groupinfo['members']) && !in_array(Settings::Get('system.httpuser'), $groupinfo['members'])) {\n\t\t\t\t// webserver has no access, add it\n\t\t\t\tif (FileDir::isFreeBSD()) {\n\t\t\t\t\tFileDir::safe_exec('pw usermod ' . escapeshellarg(Settings::Get('system.httpuser')) . ' -G ' . escapeshellarg(Settings::Get('phpfpm.vhost_httpgroup')));\n\t\t\t\t} else {\n\t\t\t\t\tFileDir::safe_exec('usermod -a -G ' . escapeshellarg(Settings::Get('phpfpm.vhost_httpgroup')) . ' ' . escapeshellarg(Settings::Get('system.httpuser')));\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\t// Tell the Let's Encrypt cron it's okay to generate the certificate and enable the redirect afterwards\n\t\t$upd_stmt = Database::prepare(\"UPDATE `\" . TABLE_PANEL_DOMAINS . \"` SET `ssl_redirect` = '3' WHERE `ssl_redirect` = '2'\");\n\t\tDatabase::pexecute($upd_stmt);\n\t}\n\n\tprivate static function createNewHome($row = null)\n\t{\n\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'TasksCron: Task2 started - create new home');\n\n\t\tif (is_array($row['data'])) {\n\t\t\t// define paths\n\t\t\t$userhomedir = FileDir::makeCorrectDir(Settings::Get('system.documentroot_prefix') . '/' . $row['data']['loginname'] . '/');\n\t\t\t$usermaildir = FileDir::makeCorrectDir(Settings::Get('system.vmail_homedir') . '/' . $row['data']['loginname'] . '/');\n\n\t\t\t// stats directory\n\t\t\t$statsdir = FileDir::makeCorrectDir($userhomedir . '/' . Settings::Get('system.traffictool'));\n\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_NOTICE, 'Running: mkdir -p ' . escapeshellarg($statsdir));\n\t\t\tFileDir::safe_exec('mkdir -p ' . escapeshellarg($statsdir));\n\n\t\t\tforeach (['webalizer', 'awstats', 'goaccess'] as $statstools) {\n\t\t\t\t$statsdir = FileDir::makeCorrectDir($userhomedir . '/' . $statstools);\n\t\t\t\t// in case we changed from the other stats -> remove old\n\t\t\t\tif (Settings::Get('system.traffictool') != $statstools && file_exists($statsdir)) {\n\t\t\t\t\t// (yes i know, the stats are lost - that's why you should not change all the time!)\n\t\t\t\t\tFileDir::safe_exec('rm -rf ' . escapeshellarg($statsdir));\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// maildir\n\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_NOTICE, 'Running: mkdir -p ' . escapeshellarg($usermaildir));\n\t\t\tFileDir::safe_exec('mkdir -p ' . escapeshellarg($usermaildir));\n\n\t\t\t// check if admin of customer has added template for new customer directories\n\t\t\tif ((int)$row['data']['store_defaultindex'] == 1) {\n\t\t\t\tFileDir::storeDefaultIndex($row['data']['loginname'], $userhomedir, FroxlorLogger::getInstanceOf(), true);\n\t\t\t}\n\n\t\t\t// strip of last slash of paths to have correct chown results\n\t\t\t$userhomedir = (substr($userhomedir, 0, -1) == '/') ? substr($userhomedir, 0, -1) : $userhomedir;\n\t\t\t$usermaildir = (substr($usermaildir, 0, -1) == '/') ? substr($usermaildir, 0, -1) : $usermaildir;\n\n\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_NOTICE, 'Running: chown -R ' . (int)$row['data']['uid'] . ':' . (int)$row['data']['gid'] . ' ' . escapeshellarg($userhomedir));\n\t\t\tFileDir::safe_exec('chown -R ' . (int)$row['data']['uid'] . ':' . (int)$row['data']['gid'] . ' ' . escapeshellarg($userhomedir));\n\t\t\t// don't allow others to access the directory (webserver will be the group via libnss-mysql)\n\t\t\tif (Settings::Get('system.mod_fcgid') == 1 || Settings::Get('phpfpm.enabled') == 1) {\n\t\t\t\t// fcgid or fpm\n\t\t\t\tFileDir::safe_exec('chmod 0750 ' . escapeshellarg($userhomedir));\n\t\t\t} else {\n\t\t\t\t// mod_php -> no libnss-mysql -> no webserver-user in group\n\t\t\t\tFileDir::safe_exec('chmod 0755 ' . escapeshellarg($userhomedir));\n\t\t\t}\n\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_NOTICE, 'Running: chown -R ' . (int)Settings::Get('system.vmail_uid') . ':' . (int)Settings::Get('system.vmail_gid') . ' ' . escapeshellarg($usermaildir));\n\t\t\tFileDir::safe_exec('chown -R ' . (int)Settings::Get('system.vmail_uid') . ':' . (int)Settings::Get('system.vmail_gid') . ' ' . escapeshellarg($usermaildir));\n\n\t\t\t// explicitly create files after user has been created to avoid unknown user issues for apache/php-fpm when task#1 runs after this\n\t\t\tself::refreshUsers();\n\t\t}\n\t}\n\n\tprivate static function rebuildDnsConfigs()\n\t{\n\t\t$dnssrv = '\\\\Froxlor\\\\Cron\\\\Dns\\\\' . Settings::Get('system.dns_server');\n\t\t$nameserver = new $dnssrv(FroxlorLogger::getInstanceOf());\n\t\t$nameserver->writeConfigs();\n\t}\n\n\tprivate static function createNewFtpHome($row = null)\n\t{\n\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'Creating new FTP-home');\n\t\t$result_directories_stmt = Database::query(\"\n\t\t\tSELECT `f`.`homedir`, `f`.`uid`, `f`.`gid`, `c`.`documentroot` AS `customerroot`\n\t\t\tFROM `\" . TABLE_FTP_USERS . \"` `f` LEFT JOIN `\" . TABLE_PANEL_CUSTOMERS . \"` `c` USING (`customerid`)\n\t\t\");\n\n\t\twhile ($directory = $result_directories_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\tFileDir::mkDirWithCorrectOwnership($directory['customerroot'], $directory['homedir'], $directory['uid'], $directory['gid']);\n\t\t}\n\t}\n\n\tprivate static function deleteCustomerData($row = null)\n\t{\n\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'TasksCron: Task6 started - deleting customer data');\n\n\t\tif (is_array($row['data'])) {\n\t\t\tif (isset($row['data']['loginname'])) {\n\t\t\t\t// remove homedir\n\t\t\t\t$homedir = FileDir::makeCorrectDir(Settings::Get('system.documentroot_prefix') . '/' . $row['data']['loginname']);\n\n\t\t\t\tif (file_exists($homedir) && $homedir != '/' && $homedir != Settings::Get('system.documentroot_prefix') && substr($homedir, 0, strlen(Settings::Get('system.documentroot_prefix'))) == Settings::Get('system.documentroot_prefix')) {\n\t\t\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_NOTICE, 'Running: rm -rf ' . escapeshellarg($homedir));\n\t\t\t\t\tFileDir::safe_exec('rm -rf ' . escapeshellarg($homedir));\n\t\t\t\t}\n\n\t\t\t\t// remove maildir\n\t\t\t\t$maildir = FileDir::makeCorrectDir(Settings::Get('system.vmail_homedir') . '/' . $row['data']['loginname']);\n\n\t\t\t\tif (file_exists($maildir) && $maildir != '/' && $maildir != Settings::Get('system.vmail_homedir') && substr($maildir, 0, strlen(Settings::Get('system.vmail_homedir'))) == Settings::Get('system.vmail_homedir') && is_dir($maildir) && fileowner($maildir) == Settings::Get('system.vmail_uid') && filegroup($maildir) == Settings::Get('system.vmail_gid')) {\n\t\t\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_NOTICE, 'Running: rm -rf ' . escapeshellarg($maildir));\n\t\t\t\t\t// mail-address allows many special characters, see http://en.wikipedia.org/wiki/Email_address#Local_part\n\t\t\t\t\t$return = false;\n\t\t\t\t\tFileDir::safe_exec('rm -rf ' . escapeshellarg($maildir), $return, [\n\t\t\t\t\t\t'|',\n\t\t\t\t\t\t'&',\n\t\t\t\t\t\t'`',\n\t\t\t\t\t\t'$',\n\t\t\t\t\t\t'?'\n\t\t\t\t\t]);\n\t\t\t\t}\n\n\t\t\t\t// remove tmpdir if it exists\n\t\t\t\t$tmpdir = FileDir::makeCorrectDir(Settings::Get('system.mod_fcgid_tmpdir') . '/' . $row['data']['loginname'] . '/');\n\n\t\t\t\tif (file_exists($tmpdir) && is_dir($tmpdir) && $tmpdir != \"/\" && $tmpdir != Settings::Get('system.mod_fcgid_tmpdir') && substr($tmpdir, 0, strlen(Settings::Get('system.mod_fcgid_tmpdir'))) == Settings::Get('system.mod_fcgid_tmpdir')) {\n\t\t\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_NOTICE, 'Running: rm -rf ' . escapeshellarg($tmpdir));\n\t\t\t\t\tFileDir::safe_exec('rm -rf ' . escapeshellarg($tmpdir));\n\t\t\t\t}\n\n\t\t\t\t// webserver logs\n\t\t\t\t$logsdir = FileDir::makeCorrectFile(Settings::Get('system.logfiles_directory') . '/' . $row['data']['loginname']);\n\n\t\t\t\tif (file_exists(dirname($logsdir)) && $logsdir != '/' && $logsdir != FileDir::makeCorrectDir(Settings::Get('system.logfiles_directory')) && substr($logsdir, 0, strlen(Settings::Get('system.logfiles_directory'))) == Settings::Get('system.logfiles_directory')) {\n\t\t\t\t\t// build up wildcard for webX-{access,error}.log{*}\n\t\t\t\t\t$logsdir .= '-*.log';\n\t\t\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_NOTICE, 'Running: rm -rf ' . FileDir::makeCorrectFile($logsdir));\n\t\t\t\t\tFileDir::safe_exec('rm -f ' . FileDir::makeCorrectFile($logsdir));\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t}\n\n\tprivate static function deleteEmailData($row = null)\n\t{\n\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'TasksCron: Task7 started - deleting customer e-mail data');\n\n\t\tif (is_array($row['data'])) {\n\t\t\tif (isset($row['data']['loginname']) && isset($row['data']['emailpath'])) {\n\t\t\t\t// remove specific maildir\n\t\t\t\t$email_full = $row['data']['emailpath'];\n\t\t\t\tif (empty($email_full)) {\n\t\t\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_ERR, 'FATAL: Task7 asks to delete a email account but emailpath field is empty!');\n\t\t\t\t}\n\n\t\t\t\t$maildir = FileDir::makeCorrectDir($email_full);\n\n\t\t\t\tif ($maildir != '/' && !empty($maildir) && $maildir != Settings::Get('system.vmail_homedir') && substr($maildir, 0, strlen(Settings::Get('system.vmail_homedir'))) == Settings::Get('system.vmail_homedir') && is_dir($maildir) && fileowner($maildir) == Settings::Get('system.vmail_uid') && filegroup($maildir) == Settings::Get('system.vmail_gid')) {\n\t\t\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_NOTICE, 'Running: rm -rf ' . escapeshellarg($maildir));\n\t\t\t\t\t// mail-address allows many special characters, see http://en.wikipedia.org/wiki/Email_address#Local_part\n\t\t\t\t\t$return = false;\n\t\t\t\t\tFileDir::safe_exec('rm -rf ' . escapeshellarg($maildir), $return, [\n\t\t\t\t\t\t'|',\n\t\t\t\t\t\t'&',\n\t\t\t\t\t\t'`',\n\t\t\t\t\t\t'$',\n\t\t\t\t\t\t'~',\n\t\t\t\t\t\t'?'\n\t\t\t\t\t]);\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t}\n\n\tprivate static function deleteFtpData($row = null)\n\t{\n\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'TasksCron: Task8 started - deleting customer ftp homedir');\n\n\t\tif (is_array($row['data'])) {\n\t\t\tif (isset($row['data']['loginname']) && isset($row['data']['homedir'])) {\n\t\t\t\t// remove specific homedir\n\t\t\t\t$ftphomedir = FileDir::makeCorrectDir($row['data']['homedir']);\n\t\t\t\t$customerdocroot = FileDir::makeCorrectDir(Settings::Get('system.documentroot_prefix') . '/' . $row['data']['loginname'] . '/');\n\n\t\t\t\tif (file_exists($ftphomedir) && $ftphomedir != '/' && $ftphomedir != Settings::Get('system.documentroot_prefix') && $ftphomedir != $customerdocroot) {\n\t\t\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_NOTICE, 'Running: rm -rf ' . escapeshellarg($ftphomedir));\n\t\t\t\t\tFileDir::safe_exec('rm -rf ' . escapeshellarg($ftphomedir));\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t}\n\n\tprivate static function setFilesystemQuota()\n\t{\n\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'TasksCron: Task10 started - setting filesystem quota');\n\n\t\t$usedquota = FileDir::getFilesystemQuota();\n\n\t\t// Check whether we really have entries to check\n\t\tif (is_array($usedquota) && count($usedquota) > 0) {\n\t\t\t// Select all customers Froxlor knows about\n\t\t\t$result_stmt = Database::query(\"SELECT `guid`, `loginname`, `diskspace` FROM `\" . TABLE_PANEL_CUSTOMERS . \"`;\");\n\t\t\twhile ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t// We do not want to set a quota for root by accident\n\t\t\t\tif ($row['guid'] != 0) {\n\t\t\t\t\t$used_quota = isset($usedquota[$row['guid']]) ? $usedquota[$row['guid']]['block']['hard'] : 0;\n\t\t\t\t\t// The user has no quota in Froxlor, but on the filesystem\n\t\t\t\t\tif (($row['diskspace'] == 0 || $row['diskspace'] == -1024) && $used_quota != 0) {\n\t\t\t\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_NOTICE, \"Disabling quota for \" . $row['loginname']);\n\t\t\t\t\t\tif (FileDir::isFreeBSD()) {\n\t\t\t\t\t\t\tFileDir::safe_exec(Settings::Get('system.diskquota_quotatool_path') . \" -e \" . escapeshellarg(Settings::Get('system.diskquota_customer_partition')) . \":0:0 \" . $row['guid']);\n\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\tFileDir::safe_exec(Settings::Get('system.diskquota_quotatool_path') . \" -u \" . $row['guid'] . \" -bl 0 -q 0 \" . escapeshellarg(Settings::Get('system.diskquota_customer_partition')));\n\t\t\t\t\t\t}\n\t\t\t\t\t} elseif ($row['diskspace'] != $used_quota && $row['diskspace'] != -1024) {\n\t\t\t\t\t\t// The user quota in Froxlor is different than on the filesystem\n\t\t\t\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_NOTICE, \"Setting quota for \" . $row['loginname'] . \" from \" . $used_quota . \" to \" . $row['diskspace']);\n\t\t\t\t\t\tif (FileDir::isFreeBSD()) {\n\t\t\t\t\t\t\tFileDir::safe_exec(Settings::Get('system.diskquota_quotatool_path') . \" -e \" . escapeshellarg(Settings::Get('system.diskquota_customer_partition')) . \":\" . $row['diskspace'] . \":\" . $row['diskspace'] . \" \" . $row['guid']);\n\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\tFileDir::safe_exec(Settings::Get('system.diskquota_quotatool_path') . \" -u \" . $row['guid'] . \" -bl \" . $row['diskspace'] . \" -q \" . $row['diskspace'] . \" \" . escapeshellarg(Settings::Get('system.diskquota_customer_partition')));\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t}\n\n\t/**\n\t * @throws Exception\n\t */\n\tprivate static function rebuildAntiSpamConfigs()\n\t{\n\t\t$antispam = new Rspamd(FroxlorLogger::getInstanceOf());\n\t\t$antispam->writeConfigs();\n\t}\n\n\tprivate static function refreshUsers()\n\t{\n\t\tif (Settings::Get('system.nssextrausers') == 1) {\n\t\t\t$cronLog = FroxlorLogger::getInstanceOf();\n\t\t\tExtrausers::generateFiles($cronLog);\n\t\t\t// reload crond as shell users might use crontab and the user is only known to crond if reloaded\n\t\t\tFileDir::safe_exec(escapeshellcmd(Settings::Get('system.crondreload')));\n\t\t\treturn;\n\t\t}\n\n\t\t// clear NSCD cache if using fcgid or fpm, #1570 - not needed for nss-extrausers\n\t\tif ((Settings::Get('system.mod_fcgid') == 1 || (int)Settings::Get('phpfpm.enabled') == 1) && Settings::Get('system.nssextrausers') == 0) {\n\t\t\t$false_val = false;\n\t\t\tFileDir::safe_exec('nscd -i passwd 1> /dev/null', $false_val, [\n\t\t\t\t'>'\n\t\t\t]);\n\t\t\tFileDir::safe_exec('nscd -i group 1> /dev/null', $false_val, [\n\t\t\t\t'>'\n\t\t\t]);\n\t\t\t// reload crond as shell users might use crontab and the user is only known to crond if reloaded\n\t\t\tFileDir::safe_exec(escapeshellcmd(Settings::Get('system.crondreload')));\n\t\t}\n\t}\n}\n" }, { "path": "lib/Froxlor/Cron/System/index.html", "content": "" }, { "path": "lib/Froxlor/Cron/TaskId.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Cron;\n\nuse ReflectionClass;\n\nfinal class TaskId\n{\n\t/**\n\t * TYPE=1 MEANS TO REBUILD APACHE VHOSTS.CONF\n\t */\n\tconst REBUILD_VHOST = 1;\n\n\t/**\n\t * TYPE=2 MEANS TO CREATE A NEW HOME AND CHOWN\n\t */\n\tconst CREATE_HOME = 2;\n\n\t/**\n\t * TYPE=4 MEANS THAT SOMETHING IN THE DNS CONFIG HAS CHANGED.\n\t * REBUILD froxlor_bind.conf IF BIND IS ENABLED, UPDATE DKIM KEYS\n\t */\n\tconst REBUILD_DNS = 4;\n\n\t/**\n\t * TYPE=5 MEANS THAT A NEW FTP-ACCOUNT HAS BEEN CREATED, CREATE THE DIRECTORY\n\t */\n\tconst CREATE_FTP = 5;\n\n\t/**\n\t * TYPE=6 MEANS THAT A CUSTOMER HAS BEEN DELETED AND THAT WE HAVE TO REMOVE ITS FILES\n\t */\n\tconst DELETE_CUSTOMER_FILES = 6;\n\n\t/**\n\t * TYPE=7 Customer deleted an email account and wants the data to be deleted on the filesystem\n\t */\n\tconst DELETE_EMAIL_DATA = 7;\n\n\t/**\n\t * TYPE=8 Customer deleted a ftp account and wants the homedir to be deleted on the filesystem\n\t * refs #293\n\t */\n\tconst DELETE_FTP_DATA = 8;\n\n\t/**\n\t * TYPE=9 MEANS THAT SOMETHING ANTISPAM RELATED HAS CHANGED.\n\t * REBUILD froxlor_settings.conf IF ANTISPAM IS ENABLED\n\t */\n\tconst REBUILD_RSPAMD = 9;\n\n\t/**\n\t * TYPE=10 Set the filesystem - quota\n\t */\n\tconst CREATE_QUOTA = 10;\n\n\t/**\n\t * TYPE=11 domain has been deleted, remove from pdns database if used\n\t */\n\tconst DELETE_DOMAIN_PDNS = 11;\n\n\t/**\n\t * TYPE=12 domain has been deleted, remove from acme.sh/let's encrypt directory if used\n\t */\n\tconst DELETE_DOMAIN_SSL = 12;\n\n\t/**\n\t * TYPE=13 set configuration for selected services regarding the use of Let's Encrypt certificate\n\t */\n\tconst UPDATE_LE_SERVICES = 13;\n\n\t/**\n\t * TYPE=14 regenerate libnss users/groups\n\t */\n\tconst REBUILD_NSSUSERS = 14;\n\n\t/**\n\t * TYPE=20 CUSTUMER DATA DUMP\n\t */\n\tconst CREATE_CUSTOMER_DATADUMP = 20;\n\n\t/**\n\t * TYPE=99 REGENERATE CRON\n\t */\n\tconst REBUILD_CRON = 99;\n\n\t/**\n\t * Return if a cron task id is valid\n\t *\n\t * @param int|string $id cron task id (legacy string support)\n\t * @return boolean\n\t */\n\tpublic static function isValid($id)\n\t{\n\t\tstatic $reflContants;\n\t\tif (!is_numeric($id)) {\n\t\t\treturn false;\n\t\t}\n\t\t$numericid = (int)$id;\n\t\tif (!is_array($reflContants)) {\n\t\t\t$reflClass = new ReflectionClass(get_called_class());\n\t\t\t$reflContants = $reflClass->getConstants();\n\t\t}\n\t\treturn in_array($numericid, $reflContants, true);\n\t}\n\n\t/**\n\t * Get constant name by id\n\t *\n\t * @param int|string $id cron task id (legacy string support)\n\t * @return string|false constant name or false if not found\n\t */\n\tpublic static function convertToConstant($id)\n\t{\n\t\tstatic $reflContants;\n\t\tif (!is_numeric($id)) {\n\t\t\treturn false;\n\t\t}\n\t\t$numericid = (int)$id;\n\t\tif (!is_array($reflContants)) {\n\t\t\t$reflClass = new ReflectionClass(get_called_class());\n\t\t\t$reflContants = $reflClass->getConstants();\n\t\t}\n\t\treturn array_search($numericid, $reflContants, true);\n\t}\n}\n" }, { "path": "lib/Froxlor/Cron/Traffic/ReportsCron.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Cron\\Traffic;\n\n/**\n * @author Florian Lippert (2003-2009)\n * @author Froxlor team (2010-)\n */\n\nuse Exception;\nuse Froxlor\\Cron\\FroxlorCron;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\PhpHelper;\nuse Froxlor\\Settings;\nuse Froxlor\\System\\Mailer;\nuse Froxlor\\User;\nuse Froxlor\\Language;\nuse PDO;\n\nclass ReportsCron extends FroxlorCron\n{\n\n\tpublic static function run()\n\t{\n\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'Web- and Traffic-usage reporting started...');\n\t\t$yesterday = time() - (60 * 60 * 24);\n\n\t\t/**\n\t\t * Initialize the mailingsystem\n\t\t */\n\t\t$mail = new Mailer(true);\n\n\t\t// set default language before anything else to\n\t\t// ensure that we can display messages\n\t\tLanguage::setLanguage(Settings::Get('panel.standardlanguage'));\n\n\t\tif ((int)Settings::Get('system.report_trafficmax') > 0) {\n\t\t\t// Warn the customers at xx% traffic-usage\n\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\tSELECT `c`.`customerid`, `c`.`loginname`, `c`.`customernumber`, `c`.`adminid`, `c`.`name`, `c`.`firstname`,\n\t\t\t\t`c`.`company`, `c`.`traffic`, `c`.`email`, `c`.`def_language`,\n\t\t\t\t`a`.`name` AS `adminname`, `a`.`email` AS `adminmail`,\n\t\t\t\t(SELECT SUM(`t`.`http` + `t`.`ftp_up` + `t`.`ftp_down` + `t`.`mail`)\n\t\t\t\tFROM `\" . TABLE_PANEL_TRAFFIC . \"` `t`\n\t\t\t\tWHERE `t`.`customerid` = `c`.`customerid` AND `t`.`year` = :year AND `t`.`month` = :month\n\t\t\t\t) as `traffic_used`\n\t\t\t\tFROM `\" . TABLE_PANEL_CUSTOMERS . \"` AS `c`\n\t\t\t\tLEFT JOIN `\" . TABLE_PANEL_ADMINS . \"` AS `a`\n\t\t\t\tON `a`.`adminid` = `c`.`adminid` WHERE `c`.`reportsent` & 1 = 0\n\t\t\t\");\n\n\t\t\t$result_data = [\n\t\t\t\t'year' => date(\"Y\", $yesterday),\n\t\t\t\t'month' => date(\"m\", $yesterday)\n\t\t\t];\n\t\t\tDatabase::pexecute($result_stmt, $result_data);\n\n\t\t\t$upd_stmt = Database::prepare(\"\n\t\t\t\tUPDATE `\" . TABLE_PANEL_CUSTOMERS . \"` SET `reportsent` = `reportsent` + 1\n\t\t\t\tWHERE `customerid` = :customerid\n\t\t\t\");\n\n\t\t\twhile ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t$row['traffic'] *= 1024;\n\t\t\t\t$row['traffic_used'] *= 1024;\n\t\t\t\tif (isset($row['traffic']) && $row['traffic'] > 0 && $row['traffic_used'] != null && (($row['traffic_used'] * 100) / $row['traffic']) >= (int)Settings::Get('system.report_trafficmax')) {\n\t\t\t\t\t$rep_userinfo = [\n\t\t\t\t\t\t'name' => $row['name'],\n\t\t\t\t\t\t'firstname' => $row['firstname'],\n\t\t\t\t\t\t'company' => $row['company'],\n\t\t\t\t\t\t'loginname' => $row['loginname'],\n\t\t\t\t\t\t'customernumber' => $row['customernumber']\n\t\t\t\t\t];\n\t\t\t\t\t$replace_arr = [\n\t\t\t\t\t\t'SALUTATION' => User::getCorrectUserSalutation($rep_userinfo),\n\t\t\t\t\t\t'NAME' => $rep_userinfo['name'],\n\t\t\t\t\t\t'FIRSTNAME' => $rep_userinfo['firstname'],\n\t\t\t\t\t\t'COMPANY' => $rep_userinfo['company'],\n\t\t\t\t\t\t'USERNAME' => $rep_userinfo['loginname'],\n\t\t\t\t\t\t'CUSTOMER_NO' => $rep_userinfo['customernumber'],\n\t\t\t\t\t\t'TRAFFIC' => PhpHelper::sizeReadable((int)$row['traffic'], null, 'bi'),\n\t\t\t\t\t\t'TRAFFICUSED' => PhpHelper::sizeReadable((int)$row['traffic_used'], null, 'bi'),\n\t\t\t\t\t\t'USAGE_PERCENT' => round(($row['traffic_used'] * 100) / $row['traffic'], 2),\n\t\t\t\t\t\t'MAX_PERCENT' => Settings::Get('system.report_trafficmax')\n\t\t\t\t\t];\n\n\t\t\t\t\t// set target user language\n\t\t\t\t\tLanguage::setLanguage($row['def_language']);\n\n\t\t\t\t\t// Get mail templates from database; the ones from 'admin' are fetched for fallback\n\t\t\t\t\t$result2_stmt = Database::prepare(\"\n\t\t\t\t\t\tSELECT `value` FROM `\" . TABLE_PANEL_TEMPLATES . \"`\n\t\t\t\t\t\tWHERE `adminid` = :adminid\n\t\t\t\t\t\tAND `language` = :lang\n\t\t\t\t\t\tAND `templategroup` = 'mails' AND `varname` = :varname\n\t\t\t\t\t\");\n\t\t\t\t\t$result2_data = [\n\t\t\t\t\t\t'adminid' => $row['adminid'],\n\t\t\t\t\t\t'lang' => $row['def_language'],\n\t\t\t\t\t\t'varname' => 'trafficmaxpercent_subject'\n\t\t\t\t\t];\n\t\t\t\t\t$result2 = Database::pexecute_first($result2_stmt, $result2_data);\n\t\t\t\t\t$mail_subject = html_entity_decode(PhpHelper::replaceVariables((($result2 !== false && $result2['value'] != '') ? $result2['value'] : Language::getTranslation('mails.trafficmaxpercent.subject')), $replace_arr));\n\n\t\t\t\t\t$result2_data['varname'] = 'trafficmaxpercent_mailbody';\n\t\t\t\t\t$result2 = Database::pexecute_first($result2_stmt, $result2_data);\n\t\t\t\t\t$mail_body = html_entity_decode(PhpHelper::replaceVariables((($result2 !== false && $result2['value'] != '') ? $result2['value'] : Language::getTranslation('mails.trafficmaxpercent.mailbody')), $replace_arr));\n\n\t\t\t\t\t$_mailerror = false;\n\t\t\t\t\t$mailerr_msg = \"\";\n\t\t\t\t\ttry {\n\t\t\t\t\t\t$mail->setFrom(Settings::Get('panel.adminmail'), $row['adminname']);\n\t\t\t\t\t\t$mail->clearReplyTos();\n\t\t\t\t\t\t$mail->addReplyTo($row['adminmail'], $row['adminname']);\n\t\t\t\t\t\t$mail->Subject = $mail_subject;\n\t\t\t\t\t\t$mail->AltBody = $mail_body;\n\t\t\t\t\t\t$mail->MsgHTML(nl2br($mail_body));\n\t\t\t\t\t\t$mail->AddAddress($row['email'], $row['firstname'] . ' ' . $row['name']);\n\t\t\t\t\t\t$mail->Send();\n\t\t\t\t\t} catch (\\PHPMailer\\PHPMailer\\Exception $e) {\n\t\t\t\t\t\t$mailerr_msg = $e->errorMessage();\n\t\t\t\t\t\t$_mailerror = true;\n\t\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\t\t$mailerr_msg = $e->getMessage();\n\t\t\t\t\t\t$_mailerror = true;\n\t\t\t\t\t}\n\n\t\t\t\t\tif ($_mailerror) {\n\t\t\t\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_ERR, 'Error sending mail: ' . $mailerr_msg);\n\t\t\t\t\t\techo 'Error sending mail: ' . $mailerr_msg . \"\\n\";\n\t\t\t\t\t}\n\n\t\t\t\t\t$mail->ClearAddresses();\n\t\t\t\t\tDatabase::pexecute($upd_stmt, [\n\t\t\t\t\t\t'customerid' => $row['customerid']\n\t\t\t\t\t]);\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// Warn the admins at xx% traffic-usage\n\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\tSELECT `a`.*,\n\t\t\t\t(SELECT SUM(`t`.`http` + `t`.`ftp_up` + `t`.`ftp_down` + `t`.`mail`)\n\t\t\t\tFROM `\" . TABLE_PANEL_TRAFFIC_ADMINS . \"` `t`\n\t\t\t\tWHERE `t`.`adminid` = `a`.`adminid` AND `t`.`year` = :year AND `t`.`month` = :month\n\t\t\t\t) as `traffic_used_total`\n\t\t\t\tFROM `\" . TABLE_PANEL_ADMINS . \"` `a` WHERE `a`.`reportsent` & 1 = 0\n\t\t\t\");\n\n\t\t\t$result_data = [\n\t\t\t\t'year' => date(\"Y\", $yesterday),\n\t\t\t\t'month' => date(\"m\", $yesterday)\n\t\t\t];\n\t\t\tDatabase::pexecute($result_stmt, $result_data);\n\n\t\t\t$upd_stmt = Database::prepare(\"\n\t\t\t\tUPDATE `\" . TABLE_PANEL_ADMINS . \"` SET `reportsent` = `reportsent` + 1\n\t\t\t\tWHERE `adminid` = :adminid\n\t\t\t\");\n\n\t\t\twhile ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t$row['traffic'] *= 1024;\n\t\t\t\t$row['traffic_used_total'] *= 1024;\n\t\t\t\tif (isset($row['traffic']) && $row['traffic'] > 0 && (($row['traffic_used_total'] * 100) / ($row['traffic'])) >= (int)Settings::Get('system.report_trafficmax')) {\n\t\t\t\t\t$replace_arr = [\n\t\t\t\t\t\t'NAME' => $row['name'],\n\t\t\t\t\t\t'TRAFFIC' => PhpHelper::sizeReadable((int)$row['traffic'], null, 'bi'),\n\t\t\t\t\t\t'TRAFFICUSED' => PhpHelper::sizeReadable((int)$row['traffic_used_total'], null, 'bi'),\n\t\t\t\t\t\t'USAGE_PERCENT' => round(($row['traffic_used_total'] * 100) / $row['traffic'], 2),\n\t\t\t\t\t\t'MAX_PERCENT' => Settings::Get('system.report_trafficmax')\n\t\t\t\t\t];\n\n\t\t\t\t\t// set target user language\n\t\t\t\t\tLanguage::setLanguage($row['def_language']);\n\n\t\t\t\t\t// Get mail templates from database; the ones from 'admin' are fetched for fallback\n\t\t\t\t\t$result2_stmt = Database::prepare(\"\n\t\t\t\t\t\tSELECT `value` FROM `\" . TABLE_PANEL_TEMPLATES . \"`\n\t\t\t\t\t\tWHERE `adminid` = :adminid\n\t\t\t\t\t\tAND `language` = :lang\n\t\t\t\t\t\tAND `templategroup` = 'mails' AND `varname` = :varname\n\t\t\t\t\t\");\n\t\t\t\t\t$result2_data = [\n\t\t\t\t\t\t'adminid' => $row['adminid'],\n\t\t\t\t\t\t'lang' => $row['def_language'],\n\t\t\t\t\t\t'varname' => 'trafficmaxpercent_subject'\n\t\t\t\t\t];\n\t\t\t\t\t$result2 = Database::pexecute_first($result2_stmt, $result2_data);\n\t\t\t\t\t$mail_subject = html_entity_decode(PhpHelper::replaceVariables((($result2 !== false && $result2['value'] != '') ? $result2['value'] : Language::getTranslation('mails.trafficmaxpercent.subject')), $replace_arr));\n\n\t\t\t\t\t$result2_data['varname'] = 'trafficmaxpercent_mailbody';\n\t\t\t\t\t$result2 = Database::pexecute_first($result2_stmt, $result2_data);\n\t\t\t\t\t$mail_body = html_entity_decode(PhpHelper::replaceVariables((($result2 !== false && $result2['value'] != '') ? $result2['value'] : Language::getTranslation('mails.trafficmaxpercent.mailbody')), $replace_arr));\n\n\t\t\t\t\t$_mailerror = false;\n\t\t\t\t\t$mailerr_msg = \"\";\n\t\t\t\t\ttry {\n\t\t\t\t\t\t$mail->SetFrom(Settings::Get('panel.adminmail'), Settings::Get('panel.adminmail_defname'));\n\t\t\t\t\t\t$mail->Subject = $mail_subject;\n\t\t\t\t\t\t$mail->AltBody = $mail_body;\n\t\t\t\t\t\t$mail->MsgHTML(nl2br($mail_body));\n\t\t\t\t\t\t$mail->AddAddress($row['email'], $row['name']);\n\t\t\t\t\t\t$mail->Send();\n\t\t\t\t\t} catch (\\PHPMailer\\PHPMailer\\Exception $e) {\n\t\t\t\t\t\t$mailerr_msg = $e->errorMessage();\n\t\t\t\t\t\t$_mailerror = true;\n\t\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\t\t$mailerr_msg = $e->getMessage();\n\t\t\t\t\t\t$_mailerror = true;\n\t\t\t\t\t}\n\n\t\t\t\t\tif ($_mailerror) {\n\t\t\t\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_ERR, \"Error sending mail: \" . $mailerr_msg);\n\t\t\t\t\t\techo \"Error sending mail: \" . $mailerr_msg . \"\\n\";\n\t\t\t\t\t}\n\n\t\t\t\t\t$mail->ClearAddresses();\n\t\t\t\t\tDatabase::pexecute($upd_stmt, [\n\t\t\t\t\t\t'adminid' => $row['adminid']\n\t\t\t\t\t]);\n\t\t\t\t}\n\n\t\t\t\t// Another month, let's build our report\n\t\t\t\tif (date('d') == '01') {\n\t\t\t\t\t$mail_subject = 'Trafficreport ' . date(\"m/y\", $yesterday) . ' for ' . $row['name'];\n\t\t\t\t\t$mail_body = 'Trafficreport ' . date(\"m/y\", $yesterday) . ' for ' . $row['name'] . \"\\n\";\n\t\t\t\t\t$mail_body .= '---------------------------------------------------------------' . \"\\n\";\n\t\t\t\t\t$mail_body .= 'Loginname Traffic used (Percent) | Traffic available' . \"\\n\";\n\t\t\t\t\t$customers_stmt = Database::prepare(\"\n\t\t\t\t\t\tSELECT `c`.*,\n\t\t\t\t\t\t(SELECT SUM(`t`.`http` + `t`.`ftp_up` + `t`.`ftp_down` + `t`.`mail`)\n\t\t\t\t\t\tFROM `\" . TABLE_PANEL_TRAFFIC . \"` `t`\n\t\t\t\t\t\tWHERE `t`.`customerid` = `c`.`customerid` AND `t`.`year` = :year AND `t`.`month` = :month\n\t\t\t\t\t\t) as `traffic_used_total`\n\t\t\t\t\t\tFROM `\" . TABLE_PANEL_CUSTOMERS . \"` `c` WHERE `c`.`adminid` = :adminid\n\t\t\t\t\t\");\n\t\t\t\t\t$customers_data = [\n\t\t\t\t\t\t'year' => date(\"Y\", $yesterday),\n\t\t\t\t\t\t'month' => date(\"m\", $yesterday),\n\t\t\t\t\t\t'adminid' => $row['adminid']\n\t\t\t\t\t];\n\t\t\t\t\tDatabase::pexecute($customers_stmt, $customers_data);\n\n\t\t\t\t\twhile ($customer = $customers_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t\t\t$customer['traffic'] *= 1024;\n\t\t\t\t\t\t$t = (int) $customer['traffic_used_total'] * 1024;\n\t\t\t\t\t\tif ($customer['traffic'] > 0) {\n\t\t\t\t\t\t\t$p = (($t * 100) / $customer['traffic']);\n\t\t\t\t\t\t\t$tg = (int) $customer['traffic'];\n\t\t\t\t\t\t\t$str = sprintf('%s ( %00.1f %% )', PhpHelper::sizeReadable($t, null, 'bi'), $p);\n\t\t\t\t\t\t\t$mail_body .= sprintf('%-15s', $customer['loginname']) . ' ' . sprintf('%-25s', $str) . ' ' . sprintf('%s', PhpHelper::sizeReadable($tg, null, 'bi')) . \"\\n\";\n\t\t\t\t\t\t} elseif ($customer['traffic'] == 0) {\n\t\t\t\t\t\t\t$str = sprintf('%s ( - )', PhpHelper::sizeReadable($t, null, 'bi'));\n\t\t\t\t\t\t\t$mail_body .= sprintf('%-15s', $customer['loginname']) . ' ' . sprintf('%-25s', $str) . ' ' . '0' . \"\\n\";\n\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t$str = sprintf('%s ( - )', PhpHelper::sizeReadable($t, null, 'bi'));\n\t\t\t\t\t\t\t$mail_body .= sprintf('%-15s', $customer['loginname']) . ' ' . sprintf('%-25s', $str) . ' ' . 'unlimited' . \"\\n\";\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\n\t\t\t\t\t$mail_body .= '---------------------------------------------------------------' . \"\\n\";\n\n\t\t\t\t\t$t = (int) $row['traffic_used_total'];\n\t\t\t\t\tif ($row['traffic'] > 0) {\n\t\t\t\t\t\t$p = (($t * 100) / $row['traffic']);\n\t\t\t\t\t\t$tg = (int) $row['traffic'];\n\t\t\t\t\t\t$str = sprintf('%s ( %00.1f %% )', PhpHelper::sizeReadable($t, null, 'bi'), $p);\n\t\t\t\t\t\t$mail_body .= sprintf('%-15s', $row['loginname']) . ' ' . sprintf('%-25s', $str) . ' ' . sprintf('%s', PhpHelper::sizeReadable($tg, null, 'bi')) . \"\\n\";\n\t\t\t\t\t} elseif ($row['traffic'] == 0) {\n\t\t\t\t\t\t$str = sprintf('%s ( - )', PhpHelper::sizeReadable($t, null, 'bi'));\n\t\t\t\t\t\t$mail_body .= sprintf('%-15s', $row['loginname']) . ' ' . sprintf('%-25s', $str) . ' ' . '0' . \"\\n\";\n\t\t\t\t\t} else {\n\t\t\t\t\t\t$str = sprintf('%s ( - )', PhpHelper::sizeReadable($t, null, 'bi'));\n\t\t\t\t\t\t$mail_body .= sprintf('%-15s', $row['loginname']) . ' ' . sprintf('%-25s', $str) . ' ' . 'unlimited' . \"\\n\";\n\t\t\t\t\t}\n\n\t\t\t\t\t$_mailerror = false;\n\t\t\t\t\t$mailerr_msg = \"\";\n\t\t\t\t\ttry {\n\t\t\t\t\t\t$mail->SetFrom(Settings::Get('panel.adminmail'), Settings::Get('panel.adminmail_defname'));\n\t\t\t\t\t\t$mail->Subject = $mail_subject;\n\t\t\t\t\t\t$mail->Body = $mail_body;\n\t\t\t\t\t\t$mail->MsgHTML(nl2br($mail_body));\n\t\t\t\t\t\t$mail->AddAddress($row['email'], $row['name']);\n\t\t\t\t\t\t$mail->Send();\n\t\t\t\t\t} catch (\\PHPMailer\\PHPMailer\\Exception $e) {\n\t\t\t\t\t\t$mailerr_msg = $e->errorMessage();\n\t\t\t\t\t\t$_mailerror = true;\n\t\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\t\t$mailerr_msg = $e->getMessage();\n\t\t\t\t\t\t$_mailerror = true;\n\t\t\t\t\t}\n\n\t\t\t\t\tif ($_mailerror) {\n\t\t\t\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_ERR, 'Error sending mail: ' . $mailerr_msg);\n\t\t\t\t\t\techo 'Error sending mail: ' . $mailerr_msg . \"\\n\";\n\t\t\t\t\t}\n\n\t\t\t\t\t$mail->ClearAddresses();\n\t\t\t\t}\n\t\t\t}\n\t\t} // trafficmax > 0\n\n\t\t// include diskspace-usage report, #466\n\t\tself::usageDiskspace();\n\n\t\t// Another month, reset the reportstatus\n\t\tif (date('d') == '01') {\n\t\t\tDatabase::query(\"UPDATE `\" . TABLE_PANEL_CUSTOMERS . \"` SET `reportsent` = '0';\");\n\t\t\tDatabase::query(\"UPDATE `\" . TABLE_PANEL_ADMINS . \"` SET `reportsent` = '0';\");\n\t\t}\n\t}\n\n\tprivate static function usageDiskspace()\n\t{\n\t\tif ((int)Settings::Get('system.report_webmax') > 0) {\n\t\t\t/**\n\t\t\t * report about diskusage for customers\n\t\t\t */\n\t\t\t$result_stmt = Database::query(\"\n\t\t\t\tSELECT `c`.`customerid`, `c`.`loginname`, `c`.`customernumber`, `c`.`adminid`, `c`.`name`, `c`.`firstname`,\n\t\t\t\t`c`.`company`, `c`.`diskspace`, `c`.`diskspace_used`, `c`.`email`, `c`.`def_language`,\n\t\t\t\t`a`.`name` AS `adminname`, `a`.`email` AS `adminmail`\n\t\t\t\tFROM `\" . TABLE_PANEL_CUSTOMERS . \"` AS `c`\n\t\t\t LEFT JOIN `\" . TABLE_PANEL_ADMINS . \"` AS `a`\n\t\t\t ON `a`.`adminid` = `c`.`adminid`\n\t\t\t WHERE `c`.`diskspace` > '0' AND `c`.`reportsent` & 2 = 0\n\t\t\t\");\n\n\t\t\t$mail = new Mailer(true);\n\n\t\t\t$upd_stmt = Database::prepare(\"\n\t\t\t\tUPDATE `\" . TABLE_PANEL_CUSTOMERS . \"` SET `reportsent` = `reportsent` + 2\n\t\t\t\tWHERE `customerid` = :customerid\n\t\t\t\");\n\n\t\t\twhile ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t$row['diskspace'] *= 1024;\n\t\t\t\t$row['diskspace_used'] *= 1024;\n\t\t\t\tif (isset($row['diskspace']) && $row['diskspace_used'] != null && $row['diskspace_used'] > 0 && (($row['diskspace_used'] * 100) / $row['diskspace']) >= (int)Settings::Get('system.report_webmax')) {\n\t\t\t\t\t$rep_userinfo = [\n\t\t\t\t\t\t'name' => $row['name'],\n\t\t\t\t\t\t'firstname' => $row['firstname'],\n\t\t\t\t\t\t'company' => $row['company'],\n\t\t\t\t\t\t'loginname' => $row['loginname'],\n\t\t\t\t\t\t'customernumber' => $row['customernumber']\n\t\t\t\t\t];\n\t\t\t\t\t$replace_arr = [\n\t\t\t\t\t\t'SALUTATION' => User::getCorrectUserSalutation($rep_userinfo),\n\t\t\t\t\t\t'NAME' => $rep_userinfo['name'],\n\t\t\t\t\t\t'FIRSTNAME' => $rep_userinfo['firstname'],\n\t\t\t\t\t\t'COMPANY' => $rep_userinfo['company'],\n\t\t\t\t\t\t'USERNAME' => $rep_userinfo['loginname'],\n\t\t\t\t\t\t'CUSTOMER_NO' => $rep_userinfo['customernumber'],\n\t\t\t\t\t\t'DISKAVAILABLE' => PhpHelper::sizeReadable((int)$row['diskspace'], null, 'bi'),\n\t\t\t\t\t\t'DISKUSED' => PhpHelper::sizeReadable((int)$row['diskspace_used'], null, 'bi'),\n\t\t\t\t\t\t'USAGE_PERCENT' => round(($row['diskspace_used'] * 100) / $row['diskspace'], 2),\n\t\t\t\t\t\t'MAX_PERCENT' => Settings::Get('system.report_webmax')\n\t\t\t\t\t];\n\n\t\t\t\t\t// set target user language\n\t\t\t\t\tLanguage::setLanguage($row['def_language']);\n\n\t\t\t\t\t// Get mail templates from database; the ones from 'admin' are fetched for fallback\n\t\t\t\t\t$result2_stmt = Database::prepare(\"\n\t\t\t\t\t\tSELECT `value` FROM `\" . TABLE_PANEL_TEMPLATES . \"`\n\t\t\t\t\t\tWHERE `adminid` = :adminid\n\t\t\t\t\t\tAND `language` = :lang\n\t\t\t\t\t\tAND `templategroup` = 'mails' AND `varname` = :varname\n\t\t\t\t\t\");\n\t\t\t\t\t$result2_data = [\n\t\t\t\t\t\t'adminid' => $row['adminid'],\n\t\t\t\t\t\t'lang' => $row['def_language'],\n\t\t\t\t\t\t'varname' => 'diskmaxpercent_subject'\n\t\t\t\t\t];\n\t\t\t\t\t$result2 = Database::pexecute_first($result2_stmt, $result2_data);\n\t\t\t\t\t$mail_subject = html_entity_decode(PhpHelper::replaceVariables((($result2 !== false && $result2['value'] != '') ? $result2['value'] : Language::getTranslation('mails.diskmaxpercent.subject')), $replace_arr));\n\n\t\t\t\t\t$result2_data['varname'] = 'diskmaxpercent_mailbody';\n\t\t\t\t\t$result2 = Database::pexecute_first($result2_stmt, $result2_data);\n\t\t\t\t\t$mail_body = html_entity_decode(PhpHelper::replaceVariables((($result2 !== false && $result2['value'] != '') ? $result2['value'] : Language::getTranslation('mails.diskmaxpercent.mailbody')), $replace_arr));\n\n\t\t\t\t\t$_mailerror = false;\n\t\t\t\t\t$mailerr_msg = \"\";\n\t\t\t\t\ttry {\n\t\t\t\t\t\t$mail->setFrom(Settings::Get('panel.adminmail'), $row['adminname']);\n\t\t\t\t\t\t$mail->clearReplyTos();\n\t\t\t\t\t\t$mail->addReplyTo($row['adminmail'], $row['adminname']);\n\t\t\t\t\t\t$mail->Subject = $mail_subject;\n\t\t\t\t\t\t$mail->AltBody = $mail_body;\n\t\t\t\t\t\t$mail->MsgHTML(nl2br($mail_body));\n\t\t\t\t\t\t$mail->AddAddress($row['email'], $row['name']);\n\t\t\t\t\t\tif (Settings::Get('system.report_web_bccadmin')) {\n\t\t\t\t\t\t\t$mail->addBCC(Settings::Get('panel.adminmail'), $row['adminname']);\n\t\t\t\t\t\t}\n\t\t\t\t\t\t$mail->Send();\n\t\t\t\t\t} catch (\\PHPMailer\\PHPMailer\\Exception $e) {\n\t\t\t\t\t\t$mailerr_msg = $e->errorMessage();\n\t\t\t\t\t\t$_mailerror = true;\n\t\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\t\t$mailerr_msg = $e->getMessage();\n\t\t\t\t\t\t$_mailerror = true;\n\t\t\t\t\t}\n\n\t\t\t\t\tif ($_mailerror) {\n\t\t\t\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_ERR, \"Error sending mail: \" . $mailerr_msg);\n\t\t\t\t\t\techo \"Error sending mail: \" . $mailerr_msg . \"\\n\";\n\t\t\t\t\t}\n\n\t\t\t\t\t$mail->ClearAddresses();\n\t\t\t\t\tDatabase::pexecute($upd_stmt, [\n\t\t\t\t\t\t'customerid' => $row['customerid']\n\t\t\t\t\t]);\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t/**\n\t\t\t * report about diskusage for admins/reseller\n\t\t\t */\n\t\t\t$result_stmt = Database::query(\"\n\t\t\t\tSELECT `a`.* FROM `\" . TABLE_PANEL_ADMINS . \"` `a` WHERE `a`.`reportsent` & 2 = 0\n\t\t\t\");\n\n\t\t\t$upd_stmt = Database::prepare(\"\n\t\t\t\tUPDATE `\" . TABLE_PANEL_ADMINS . \"` SET `reportsent` = `reportsent` + 2\n\t\t\t\tWHERE `adminid` = :adminid\n\t\t\t\");\n\n\t\t\twhile ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t$row['diskspace'] *= 1024;\n\t\t\t\t$row['diskspace_used'] *= 1024;\n\t\t\t\tif (isset($row['diskspace']) && $row['diskspace_used'] != null && $row['diskspace_used'] > 0 && (($row['diskspace_used'] * 100) / $row['diskspace']) >= (int)Settings::Get('system.report_webmax')) {\n\t\t\t\t\t$replace_arr = [\n\t\t\t\t\t\t'NAME' => $row['name'],\n\t\t\t\t\t\t'DISKAVAILABLE' => PhpHelper::sizeReadable((int)$row['diskspace'], null, 'bi'),\n\t\t\t\t\t\t'DISKUSED' => PhpHelper::sizeReadable((int)$row['diskspace_used'], null, 'bi'),\n\t\t\t\t\t\t'USAGE_PERCENT' => ($row['diskspace_used'] * 100) / $row['diskspace'],\n\t\t\t\t\t\t'MAX_PERCENT' => Settings::Get('system.report_webmax')\n\t\t\t\t\t];\n\n\t\t\t\t\t// set target user language\n\t\t\t\t\tLanguage::setLanguage($row['def_language']);\n\n\t\t\t\t\t// Get mail templates from database; the ones from 'admin' are fetched for fallback\n\t\t\t\t\t$result2_stmt = Database::prepare(\"\n\t\t\t\t\t\tSELECT `value` FROM `\" . TABLE_PANEL_TEMPLATES . \"`\n\t\t\t\t\t\tWHERE `adminid` = :adminid\n\t\t\t\t\t\tAND `language` = :lang\n\t\t\t\t\t\tAND `templategroup` = 'mails' AND `varname` = :varname\n\t\t\t\t\t\");\n\t\t\t\t\t$result2_data = [\n\t\t\t\t\t\t'adminid' => $row['adminid'],\n\t\t\t\t\t\t'lang' => $row['def_language'],\n\t\t\t\t\t\t'varname' => 'diskmaxpercent_subject'\n\t\t\t\t\t];\n\t\t\t\t\t$result2 = Database::pexecute_first($result2_stmt, $result2_data);\n\t\t\t\t\t$mail_subject = html_entity_decode(PhpHelper::replaceVariables((($result2 !== false && $result2['value'] != '') ? $result2['value'] : Language::getTranslation('mails.diskmaxpercent.subject')), $replace_arr));\n\n\t\t\t\t\t$result2_data['varname'] = 'diskmaxpercent_mailbody';\n\t\t\t\t\t$result2 = Database::pexecute_first($result2_stmt, $result2_data);\n\t\t\t\t\t$mail_body = html_entity_decode(PhpHelper::replaceVariables((($result2 !== false && $result2['value'] != '') ? $result2['value'] : Language::getTranslation('mails.diskmaxpercent.mailbody')), $replace_arr));\n\n\t\t\t\t\t$_mailerror = false;\n\t\t\t\t\t$mailerr_msg = \"\";\n\t\t\t\t\ttry {\n\t\t\t\t\t\t$mail->SetFrom(Settings::Get('panel.adminmail'), Settings::Get('panel.adminmail_defname'));\n\t\t\t\t\t\t$mail->Subject = $mail_subject;\n\t\t\t\t\t\t$mail->AltBody = $mail_body;\n\t\t\t\t\t\t$mail->MsgHTML(nl2br($mail_body));\n\t\t\t\t\t\t$mail->AddAddress($row['email'], $row['name']);\n\t\t\t\t\t\t$mail->Send();\n\t\t\t\t\t} catch (\\PHPMailer\\PHPMailer\\Exception $e) {\n\t\t\t\t\t\t$mailerr_msg = $e->errorMessage();\n\t\t\t\t\t\t$_mailerror = true;\n\t\t\t\t\t} catch (Exception $e) {\n\t\t\t\t\t\t$mailerr_msg = $e->getMessage();\n\t\t\t\t\t\t$_mailerror = true;\n\t\t\t\t\t}\n\n\t\t\t\t\tif ($_mailerror) {\n\t\t\t\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_ERR, \"Error sending mail: \" . $mailerr_msg);\n\t\t\t\t\t\techo \"Error sending mail: \" . $mailerr_msg . \"\\n\";\n\t\t\t\t\t}\n\n\t\t\t\t\t$mail->ClearAddresses();\n\t\t\t\t\tDatabase::pexecute($upd_stmt, [\n\t\t\t\t\t\t'adminid' => $row['adminid']\n\t\t\t\t\t]);\n\t\t\t\t}\n\t\t\t}\n\t\t} // webmax > 0\n\t}\n}\n" }, { "path": "lib/Froxlor/Cron/Traffic/TrafficCron.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Cron\\Traffic;\n\n/**\n * @author Florian Lippert (2003-2009)\n * @author Froxlor team (2010-)\n */\n\nuse Froxlor\\Cron\\Forkable;\nuse Froxlor\\Cron\\FroxlorCron;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\FileDir;\nuse Froxlor\\Froxlor;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\Http\\Statistics;\nuse Froxlor\\MailLogParser;\nuse Froxlor\\Settings;\nuse PDO;\n\nclass TrafficCron extends FroxlorCron\n{\n\tuse Forkable;\n\n\tpublic static function run()\n\t{\n\t\tself::runFork([self::class, 'handle'], [true]);\n\t}\n\n\tpublic static function handle()\n\t{\n\t\t/**\n\t\t * TRAFFIC AND DISKUSAGE MEASURE\n\t\t */\n\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'Traffic run started...');\n\t\t$admin_traffic = [];\n\t\t$domainlist = [];\n\t\t$speciallogfile_domainlist = [];\n\t\t$result_domainlist_stmt = Database::query(\"\n\t\t\tSELECT `id`, `domain`, `customerid`, `parentdomainid`, `speciallogfile`\n\t\t\tFROM `\" . TABLE_PANEL_DOMAINS . \"` WHERE `aliasdomain` IS NULL AND `email_only` <> '1';\n\t\t\");\n\n\t\twhile ($row_domainlist = $result_domainlist_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\tif (!isset($domainlist[$row_domainlist['customerid']])) {\n\t\t\t\t$domainlist[$row_domainlist['customerid']] = [];\n\t\t\t}\n\n\t\t\t$domainlist[$row_domainlist['customerid']][$row_domainlist['id']] = $row_domainlist['domain'];\n\n\t\t\tif ($row_domainlist['parentdomainid'] == '0' && $row_domainlist['speciallogfile'] == '1') {\n\t\t\t\tif (!isset($speciallogfile_domainlist[$row_domainlist['customerid']])) {\n\t\t\t\t\t$speciallogfile_domainlist[$row_domainlist['customerid']] = [];\n\t\t\t\t}\n\t\t\t\t$speciallogfile_domainlist[$row_domainlist['customerid']][$row_domainlist['id']] = $row_domainlist['domain'];\n\t\t\t}\n\t\t}\n\n\t\t$mysqlusage_all = [];\n\t\t$databases_stmt = Database::query(\"SELECT * FROM \" . TABLE_PANEL_DATABASES . \" ORDER BY `dbserver`\");\n\t\t$last_dbserver = 0;\n\n\t\t$databases_list = [];\n\t\tDatabase::needRoot(true);\n\t\t$databases_list_result_stmt = Database::query(\"SHOW DATABASES\");\n\t\twhile ($databases_list_row = $databases_list_result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t$databases_list[] = strtolower($databases_list_row['Database']);\n\t\t}\n\n\t\twhile ($row_database = $databases_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\tif ($last_dbserver != $row_database['dbserver']) {\n\t\t\t\tDatabase::needRoot(true, $row_database['dbserver'], true);\n\t\t\t\t$last_dbserver = $row_database['dbserver'];\n\n\t\t\t\t$databases_list = [];\n\t\t\t\t$databases_list_result_stmt = Database::query(\"SHOW DATABASES\");\n\t\t\t\twhile ($databases_list_row = $databases_list_result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t\t$databases_list[] = strtolower($databases_list_row['Database']);\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tif (in_array(strtolower($row_database['databasename']), $databases_list)) {\n\t\t\t\t// sum up data_length and index_length\n\t\t\t\t$mysql_usage_result_stmt = Database::prepare(\"\n\t\t\t\t\tSELECT SUM(data_length + index_length) AS customerusage\n\t\t\t\t\tFROM information_schema.TABLES\n\t\t\t\t\tWHERE table_schema = :database\n\t\t\t\t\tGROUP BY table_schema;\n\t\t\t\t\");\n\t\t\t\t// get the result\n\t\t\t\t$mysql_usage_row = Database::pexecute_first($mysql_usage_result_stmt, [\n\t\t\t\t\t'database' => $row_database['databasename']\n\t\t\t\t]);\n\t\t\t\t// initialize counter for customer\n\t\t\t\tif (!isset($mysqlusage_all[$row_database['customerid']])) {\n\t\t\t\t\t$mysqlusage_all[$row_database['customerid']] = 0;\n\t\t\t\t}\n\t\t\t\t// sum up result\n\t\t\t\tif ($mysql_usage_row) {\n\t\t\t\t\t$mysqlusage_all[$row_database['customerid']] += floatval($mysql_usage_row['customerusage']);\n\t\t\t\t} else {\n\t\t\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_NOTICE, \"Cannot get usage for database \" . $row_database['databasename'] . \".\");\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_WARNING, \"Seems like the database \" . $row_database['databasename'] . \" had been removed manually.\");\n\t\t\t}\n\t\t}\n\n\t\tDatabase::needRoot(false);\n\n\t\t// We are using the file-system quota, this will speed up the diskusage - collection\n\t\tif (Settings::Get('system.diskquota_enabled')) {\n\t\t\t$usedquota = FileDir::getFilesystemQuota();\n\t\t}\n\n\t\t/**\n\t\t * MAIL-Traffic\n\t\t */\n\t\tif (Settings::Get(\"system.mailtraffic_enabled\")) {\n\t\t\t$mailTrafficCalc = new MailLogParser(Settings::Get(\"system.last_traffic_run\"));\n\t\t}\n\n\t\t$result_stmt = Database::query(\"SELECT * FROM `\" . TABLE_PANEL_CUSTOMERS . \"` ORDER BY `customerid` ASC\");\n\n\t\t$currentDate = date(\"Y-m-d\");\n\n\t\t$current_stamp = time();\n\t\t$current_year = date('Y', $current_stamp);\n\t\t$current_month = date('m', $current_stamp);\n\t\t// @todo locale?\n\t\t$current_month_short = date('M', $current_stamp);\n\t\t$current_day = date('d', $current_stamp);\n\n\t\twhile ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t/**\n\t\t\t * HTTP-Traffic\n\t\t\t */\n\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'http traffic for ' . $row['loginname'] . ' started...');\n\t\t\t$httptraffic = 0;\n\n\t\t\tif (isset($domainlist[$row['customerid']]) && is_array($domainlist[$row['customerid']]) && count($domainlist[$row['customerid']]) != 0) {\n\t\t\t\t// Examining which caption to use for default webalizer stats...\n\t\t\t\tif ($row['standardsubdomain'] != '0' && isset($domainlist[$row['customerid']][$row['standardsubdomain']])) {\n\t\t\t\t\t// ... of course we'd prefer to use the standardsubdomain ...\n\t\t\t\t\t$caption = $domainlist[$row['customerid']][$row['standardsubdomain']];\n\t\t\t\t} else {\n\t\t\t\t\t// ... but if there is no standardsubdomain, we have to use the loginname ...\n\t\t\t\t\t$caption = $row['loginname'];\n\n\t\t\t\t\t// ... which results in non-usable links to files in the stats, so let's have a look if we find a domain which is not speciallogfiledomain\n\t\t\t\t\tforeach ($domainlist[$row['customerid']] as $domainid => $domain) {\n\t\t\t\t\t\tif (!isset($speciallogfile_domainlist[$row['customerid']]) || !isset($speciallogfile_domainlist[$row['customerid']][$domainid])) {\n\t\t\t\t\t\t\t$caption = $domain;\n\t\t\t\t\t\t\tbreak;\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\t$httptraffic = 0;\n\t\t\t\treset($domainlist[$row['customerid']]);\n\n\t\t\t\t$statsTool = Settings::Get('system.traffictool');\n\n\t\t\t\tif (isset($speciallogfile_domainlist[$row['customerid']]) && is_array($speciallogfile_domainlist[$row['customerid']]) && count($speciallogfile_domainlist[$row['customerid']]) != 0) {\n\t\t\t\t\treset($speciallogfile_domainlist[$row['customerid']]);\n\t\t\t\t\tif ($statsTool != 'awstats') {\n\t\t\t\t\t\tforeach ($speciallogfile_domainlist[$row['customerid']] as $domainid => $domain) {\n\t\t\t\t\t\t\tif ($statsTool == 'goaccess') {\n\t\t\t\t\t\t\t\t$httptraffic += floatval(self::callGoaccessGetTraffic($row['customerid'], $row['loginname'] . '-' . $domain, $row['documentroot'] . '/goaccess/' . $domain . '/', $domain, ['month' => $current_month_short, 'year' => $current_year], $current_stamp));\n\t\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t\t$httptraffic += floatval(self::callWebalizerGetTraffic($row['loginname'] . '-' . $domain, $row['documentroot'] . '/webalizer/' . $domain . '/', $domain, $domainlist[$row['customerid']]));\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t// kind of a keep-alive-call as this unsets the link which leads to a new connection to the database\n\t\t\t\t\t\t\tDatabase::needRoot();\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\treset($domainlist[$row['customerid']]);\n\n\t\t\t\t// callAwstatsGetTraffic is called ONLY HERE and\n\t\t\t\t// *not* also in the special-logfiles-loop, because the function\n\t\t\t\t// will iterate through all customer-domains and the awstats-configs\n\t\t\t\t// know the logfile-name, #246\n\t\t\t\tif ($statsTool == 'awstats') {\n\t\t\t\t\t$httptraffic += floatval(self::callAwstatsGetTraffic($row['customerid'], $row['documentroot'] . '/awstats/', $domainlist[$row['customerid']], $current_stamp));\n\t\t\t\t} elseif ($statsTool == 'goaccess') {\n\t\t\t\t\t$httptraffic += floatval(self::callGoaccessGetTraffic($row['customerid'], $row['loginname'], $row['documentroot'] . '/goaccess/', $caption, ['month' => $current_month_short, 'year' => $current_year], $current_stamp));\n\t\t\t\t} else {\n\t\t\t\t\t$httptraffic += floatval(self::callWebalizerGetTraffic($row['loginname'], $row['documentroot'] . '/webalizer/', $caption, $domainlist[$row['customerid']]));\n\t\t\t\t}\n\t\t\t\t// kind of a keep-alive-call as this unsets the link which leads to a new connection to the database\n\t\t\t\tDatabase::needRoot();\n\n\t\t\t\t// make the stuff readable for the customer, #258\n\t\t\t\tStatistics::makeChownWithNewStats($row);\n\t\t\t}\n\n\t\t\t/**\n\t\t\t * FTP-Traffic\n\t\t\t */\n\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'ftp traffic for ' . $row['loginname'] . ' started...');\n\t\t\t$ftptraffic_stmt = Database::prepare(\"\n\t\t\t\tSELECT SUM(`up_bytes`) AS `up_bytes_sum`, SUM(`down_bytes`) AS `down_bytes_sum`\n\t\t\t\tFROM `\" . TABLE_FTP_USERS . \"` WHERE `customerid` = :customerid\n\t\t\t\");\n\t\t\t$ftptraffic = Database::pexecute_first($ftptraffic_stmt, [\n\t\t\t\t'customerid' => $row['customerid']\n\t\t\t]);\n\n\t\t\tif (!is_array($ftptraffic)) {\n\t\t\t\t$ftptraffic = [\n\t\t\t\t\t'up_bytes_sum' => 0,\n\t\t\t\t\t'down_bytes_sum' => 0\n\t\t\t\t];\n\t\t\t}\n\n\t\t\t$upd_stmt = Database::prepare(\"\n\t\t\t\tUPDATE `\" . TABLE_FTP_USERS . \"` SET `up_bytes` = '0', `down_bytes` = '0' WHERE `customerid` = :customerid\n\t\t\t\");\n\t\t\tDatabase::pexecute($upd_stmt, [\n\t\t\t\t'customerid' => $row['customerid']\n\t\t\t]);\n\n\t\t\t/**\n\t\t\t * Mail-Traffic\n\t\t\t */\n\t\t\t$mailtraffic = 0;\n\t\t\tif (Settings::Get(\"system.mailtraffic_enabled\")) {\n\t\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'mail traffic usage for ' . $row['loginname'] . \" started...\");\n\n\t\t\t\t$domains_stmt = Database::prepare(\"SELECT domain FROM `\" . TABLE_PANEL_DOMAINS . \"` WHERE `customerid` = :cid\");\n\t\t\t\tDatabase::pexecute($domains_stmt, [\n\t\t\t\t\t\"cid\" => $row['customerid']\n\t\t\t\t]);\n\t\t\t\twhile ($domainRow = $domains_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t\t$domainMailTraffic = $mailTrafficCalc->getDomainTraffic($domainRow[\"domain\"]);\n\t\t\t\t\tif (!is_array($domainMailTraffic)) {\n\t\t\t\t\t\tcontinue;\n\t\t\t\t\t}\n\n\t\t\t\t\tforeach ($domainMailTraffic as $dateTraffic => $dayTraffic) {\n\t\t\t\t\t\t$dayTraffic = floatval($dayTraffic / 1024);\n\n\t\t\t\t\t\t[$year, $month, $day] = explode(\"-\", $dateTraffic);\n\t\t\t\t\t\tif ($dateTraffic == $currentDate) {\n\t\t\t\t\t\t\t$mailtraffic = $dayTraffic;\n\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t// Check if an entry for the given day exists\n\t\t\t\t\t\t\t$stmt = Database::prepare(\"SELECT * FROM `\" . TABLE_PANEL_TRAFFIC . \"`\n\t\t\t\t\t\t\t\tWHERE `customerid` = :cid\n\t\t\t\t\t\t\t\tAND `year` = :year\n\t\t\t\t\t\t\t\tAND `month` = :month\n\t\t\t\t\t\t\t\tAND `day` = :day\n\t\t\t\t\t\t\t\");\n\t\t\t\t\t\t\t$params = [\n\t\t\t\t\t\t\t\t\"cid\" => $row['customerid'],\n\t\t\t\t\t\t\t\t\"year\" => $year,\n\t\t\t\t\t\t\t\t\"month\" => $month,\n\t\t\t\t\t\t\t\t\"day\" => $day\n\t\t\t\t\t\t\t];\n\t\t\t\t\t\t\tDatabase::pexecute($stmt, $params);\n\t\t\t\t\t\t\tif ($stmt->rowCount() > 0) {\n\t\t\t\t\t\t\t\t$updRow = $stmt->fetch(PDO::FETCH_ASSOC);\n\t\t\t\t\t\t\t\t$upd_stmt = Database::prepare(\"UPDATE `\" . TABLE_PANEL_TRAFFIC . \"` SET\n\t\t\t\t\t\t\t\t\t`mail` = :mail\n\t\t\t\t\t\t\t\t\tWHERE `id` = :id\n\t\t\t\t\t\t\t\t\");\n\t\t\t\t\t\t\t\tDatabase::pexecute($upd_stmt, [\n\t\t\t\t\t\t\t\t\t\"mail\" => $updRow['mail'] + $dayTraffic,\n\t\t\t\t\t\t\t\t\t\"id\" => $updRow['id']\n\t\t\t\t\t\t\t\t]);\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t/**\n\t\t\t * Total Traffic\n\t\t\t */\n\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'total traffic for ' . $row['loginname'] . ' started');\n\t\t\t$current_traffic = [];\n\t\t\t$current_traffic['http'] = floatval($httptraffic);\n\t\t\t$current_traffic['ftp_up'] = floatval(($ftptraffic['up_bytes_sum'] / 1024));\n\t\t\t$current_traffic['ftp_down'] = floatval(($ftptraffic['down_bytes_sum'] / 1024));\n\t\t\t$current_traffic['mail'] = floatval($mailtraffic);\n\t\t\t$current_traffic['all'] = $current_traffic['http'] + $current_traffic['ftp_up'] + $current_traffic['ftp_down'] + $current_traffic['mail'];\n\n\t\t\t$ins_data = [\n\t\t\t\t'customerid' => $row['customerid'],\n\t\t\t\t'year' => $current_year,\n\t\t\t\t'month' => $current_month,\n\t\t\t\t'day' => $current_day,\n\t\t\t\t'stamp' => $current_stamp,\n\t\t\t\t'http' => $current_traffic['http'],\n\t\t\t\t'ftp_up' => $current_traffic['ftp_up'],\n\t\t\t\t'ftp_down' => $current_traffic['ftp_down'],\n\t\t\t\t'mail' => $current_traffic['mail']\n\t\t\t];\n\t\t\t$ins_stmt = Database::prepare(\"\n\t\t\t\tINSERT INTO `\" . TABLE_PANEL_TRAFFIC . \"` SET\n\t\t\t\t`customerid` = :customerid,\n\t\t\t\t`year` = :year,\n\t\t\t\t`month` = :month,\n\t\t\t\t`day` = :day,\n\t\t\t\t`stamp` = :stamp,\n\t\t\t\t`http` = :http,\n\t\t\t\t`ftp_up` = :ftp_up,\n\t\t\t\t`ftp_down` = :ftp_down,\n\t\t\t\t`mail` = :mail\n\t\t\t\");\n\t\t\tDatabase::pexecute($ins_stmt, $ins_data);\n\n\t\t\t$sum_month_traffic_stmt = Database::prepare(\"\n\t\t\t\tSELECT SUM(`http`) AS `http`, SUM(`ftp_up`) AS `ftp_up`, SUM(`ftp_down`) AS `ftp_down`, SUM(`mail`) AS `mail`\n\t\t\t\tFROM `\" . TABLE_PANEL_TRAFFIC . \"` WHERE `year` = :year AND `month` = :month AND `customerid` = :customerid\n\t\t\t\");\n\t\t\t$sum_month_traffic = Database::pexecute_first($sum_month_traffic_stmt, [\n\t\t\t\t'year' => $current_year,\n\t\t\t\t'month' => $current_month,\n\t\t\t\t'customerid' => $row['customerid']\n\t\t\t]);\n\t\t\t$sum_month_traffic['all'] = $sum_month_traffic['http'] + $sum_month_traffic['ftp_up'] + $sum_month_traffic['ftp_down'] + $sum_month_traffic['mail'];\n\n\t\t\tif (!isset($admin_traffic[$row['adminid']]) || !is_array($admin_traffic[$row['adminid']])) {\n\t\t\t\t$admin_traffic[$row['adminid']]['http'] = 0;\n\t\t\t\t$admin_traffic[$row['adminid']]['ftp_up'] = 0;\n\t\t\t\t$admin_traffic[$row['adminid']]['ftp_down'] = 0;\n\t\t\t\t$admin_traffic[$row['adminid']]['mail'] = 0;\n\t\t\t\t$admin_traffic[$row['adminid']]['all'] = 0;\n\t\t\t\t$admin_traffic[$row['adminid']]['sum_month'] = 0;\n\t\t\t}\n\n\t\t\t$admin_traffic[$row['adminid']]['http'] += $current_traffic['http'];\n\t\t\t$admin_traffic[$row['adminid']]['ftp_up'] += $current_traffic['ftp_up'];\n\t\t\t$admin_traffic[$row['adminid']]['ftp_down'] += $current_traffic['ftp_down'];\n\t\t\t$admin_traffic[$row['adminid']]['mail'] += $current_traffic['mail'];\n\t\t\t$admin_traffic[$row['adminid']]['all'] += $current_traffic['all'];\n\t\t\t$admin_traffic[$row['adminid']]['sum_month'] += $sum_month_traffic['all'];\n\n\t\t\t/**\n\t\t\t * WebSpace-Usage\n\t\t\t */\n\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'calculating webspace usage for ' . $row['loginname']);\n\t\t\t$webspaceusage = 0;\n\n\t\t\t// Using repquota, it's faster using this tool than using du traversing the complete directory\n\t\t\tif (Settings::Get('system.diskquota_enabled') && isset($usedquota[$row['guid']]['block']['used']) && $usedquota[$row['guid']]['block']['used'] >= 1) {\n\t\t\t\t// We may use the array we created earlier, the used diskspace is stored in [][block][used]\n\t\t\t\t$webspaceusage = floatval($usedquota[$row['guid']]['block']['used']);\n\t\t\t} else {\n\t\t\t\t// Use the old fashioned way with \"du\"\n\t\t\t\tif (file_exists($row['documentroot']) && is_dir($row['documentroot'])) {\n\t\t\t\t\t$back = FileDir::safe_exec('du -sk ' . escapeshellarg($row['documentroot']));\n\t\t\t\t\tforeach ($back as $backrow) {\n\t\t\t\t\t\t$webspaceusage = explode(' ', $backrow);\n\t\t\t\t\t}\n\n\t\t\t\t\t$webspaceusage = floatval($webspaceusage['0']);\n\t\t\t\t\tunset($back);\n\t\t\t\t} else {\n\t\t\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_WARNING, 'documentroot ' . $row['documentroot'] . ' does not exist');\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t/**\n\t\t\t * MailSpace-Usage\n\t\t\t */\n\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'calculating mailspace usage for ' . $row['loginname']);\n\t\t\t$emailusage = 0;\n\n\t\t\t$maildir = FileDir::makeCorrectDir(Settings::Get('system.vmail_homedir') . $row['loginname']);\n\t\t\tif (file_exists($maildir) && is_dir($maildir)) {\n\t\t\t\t$back = FileDir::safe_exec('du -sk ' . escapeshellarg($maildir));\n\t\t\t\tforeach ($back as $backrow) {\n\t\t\t\t\t$emailusage = explode(' ', $backrow);\n\t\t\t\t}\n\n\t\t\t\t$emailusage = floatval($emailusage['0']);\n\t\t\t\tunset($back);\n\t\t\t} else {\n\t\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_WARNING, 'maildir ' . $maildir . ' does not exist');\n\t\t\t}\n\n\t\t\t/**\n\t\t\t * MySQLSpace-Usage\n\t\t\t */\n\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'calculating mysqlspace usage for ' . $row['loginname']);\n\t\t\t$mysqlusage = 0;\n\n\t\t\tif (isset($mysqlusage_all[$row['customerid']])) {\n\t\t\t\t$mysqlusage = floatval($mysqlusage_all[$row['customerid']] / 1024);\n\t\t\t}\n\n\t\t\t$current_diskspace = [];\n\t\t\t$current_diskspace['webspace'] = floatval($webspaceusage);\n\t\t\t$current_diskspace['mail'] = floatval($emailusage);\n\t\t\t$current_diskspace['mysql'] = floatval($mysqlusage);\n\t\t\t$current_diskspace['all'] = $current_diskspace['webspace'] + $current_diskspace['mail'] + $current_diskspace['mysql'];\n\n\t\t\t$ins_data = [\n\t\t\t\t'customerid' => $row['customerid'],\n\t\t\t\t'year' => $current_year,\n\t\t\t\t'month' => $current_month,\n\t\t\t\t'day' => $current_day,\n\t\t\t\t'stamp' => $current_stamp,\n\t\t\t\t'webspace' => $current_diskspace['webspace'],\n\t\t\t\t'mail' => $current_diskspace['mail'],\n\t\t\t\t'mysql' => $current_diskspace['mysql']\n\t\t\t];\n\t\t\t$ins_stmt = Database::prepare(\"\n\t\t\t\tINSERT INTO `\" . TABLE_PANEL_DISKSPACE . \"` SET\n\t\t\t\t`customerid` = :customerid,\n\t\t\t\t`year` = :year,\n\t\t\t\t`month` = :month,\n\t\t\t\t`day` = :day,\n\t\t\t\t`stamp` = :stamp,\n\t\t\t\t`webspace` = :webspace,\n\t\t\t\t`mail` = :mail,\n\t\t\t\t`mysql` = :mysql\n\t\t\t\");\n\t\t\tDatabase::pexecute($ins_stmt, $ins_data);\n\n\t\t\tif (!isset($admin_diskspace[$row['adminid']]) || !is_array($admin_diskspace[$row['adminid']])) {\n\t\t\t\t$admin_diskspace[$row['adminid']] = [];\n\t\t\t\t$admin_diskspace[$row['adminid']]['webspace'] = 0;\n\t\t\t\t$admin_diskspace[$row['adminid']]['mail'] = 0;\n\t\t\t\t$admin_diskspace[$row['adminid']]['mysql'] = 0;\n\t\t\t\t$admin_diskspace[$row['adminid']]['all'] = 0;\n\t\t\t}\n\n\t\t\t$admin_diskspace[$row['adminid']]['webspace'] += $current_diskspace['webspace'];\n\t\t\t$admin_diskspace[$row['adminid']]['mail'] += $current_diskspace['mail'];\n\t\t\t$admin_diskspace[$row['adminid']]['mysql'] += $current_diskspace['mysql'];\n\t\t\t$admin_diskspace[$row['adminid']]['all'] += $current_diskspace['all'];\n\n\t\t\t/**\n\t\t\t * Total Usage\n\t\t\t */\n\t\t\t$diskusage = floatval($webspaceusage + $emailusage + $mysqlusage);\n\n\t\t\t$upd_data = [\n\t\t\t\t'diskspace' => $current_diskspace['all'],\n\t\t\t\t'traffic' => $sum_month_traffic['all'],\n\t\t\t\t'customerid' => $row['customerid']\n\t\t\t];\n\t\t\t$upd_stmt = Database::prepare(\"\n\t\t\t\tUPDATE `\" . TABLE_PANEL_CUSTOMERS . \"` SET\n\t\t\t\t`diskspace_used` = :diskspace,\n\t\t\t\t`traffic_used` = :traffic\n\t\t\t\tWHERE `customerid` = :customerid\n\t\t\t\");\n\t\t\tDatabase::pexecute($upd_stmt, $upd_data);\n\n\t\t\t/**\n\t\t\t * Proftpd Quota\n\t\t\t */\n\t\t\t$upd_data = [\n\t\t\t\t'biu' => ($current_diskspace['all'] * 1024),\n\t\t\t\t'loginname' => $row['loginname'],\n\t\t\t\t'loginnamelike' => $row['loginname'] . Settings::Get('customer.ftpprefix') . \"%\"\n\t\t\t];\n\t\t\t$upd_stmt = Database::prepare(\"\n\t\t\t\tUPDATE `\" . TABLE_FTP_QUOTATALLIES . \"` SET\n\t\t\t\t`bytes_in_used` = :biu WHERE `name` = :loginname OR `name` LIKE :loginnamelike\n\t\t\t\");\n\t\t\tDatabase::pexecute($upd_stmt, $upd_data);\n\n\t\t\t/**\n\t\t\t * Pureftpd Quota\n\t\t\t */\n\t\t\tif (Settings::Get('system.ftpserver') == \"pureftpd\") {\n\t\t\t\t$result_quota_stmt = Database::prepare(\"\n\t\t\t\t\tSELECT homedir FROM `\" . TABLE_FTP_USERS . \"` WHERE customerid = :customerid\n\t\t\t\t\");\n\t\t\t\tDatabase::pexecute($result_quota_stmt, [\n\t\t\t\t\t'customerid' => $row['customerid']\n\t\t\t\t]);\n\n\t\t\t\t// get correct user\n\t\t\t\tif ((Settings::Get('system.mod_fcgid') == 1 || Settings::Get('phpfpm.enabled') == 1) && $row['deactivated'] == '0') {\n\t\t\t\t\t$user = $row['loginname'];\n\t\t\t\t\t$group = $row['loginname'];\n\t\t\t\t} else {\n\t\t\t\t\t$user = $row['guid'];\n\t\t\t\t\t$group = $row['guid'];\n\t\t\t\t}\n\n\t\t\t\twhile ($row_quota = $result_quota_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t\t$quotafile = \"\" . $row_quota['homedir'] . \".ftpquota\";\n\t\t\t\t\t$fh = fopen($quotafile, 'w');\n\t\t\t\t\t$stringdata = \"0 \" . $current_diskspace['all'] * 1024 . \"\";\n\t\t\t\t\tfwrite($fh, $stringdata);\n\t\t\t\t\tfclose($fh);\n\t\t\t\t\tFileDir::safe_exec('chown ' . $user . ':' . $group . ' ' . escapeshellarg($quotafile) . '');\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\t/**\n\t\t * Admin Usage\n\t\t */\n\t\t$result_stmt = Database::query(\"SELECT `adminid` FROM `\" . TABLE_PANEL_ADMINS . \"` ORDER BY `adminid` ASC\");\n\n\t\twhile ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\tif (isset($admin_traffic[$row['adminid']])) {\n\t\t\t\t$ins_data = [\n\t\t\t\t\t'adminid' => $row['adminid'],\n\t\t\t\t\t'year' => $current_year,\n\t\t\t\t\t'month' => $current_month,\n\t\t\t\t\t'day' => $current_day,\n\t\t\t\t\t'stamp' => $current_stamp,\n\t\t\t\t\t'http' => $admin_traffic[$row['adminid']]['http'],\n\t\t\t\t\t'ftp_up' => $admin_traffic[$row['adminid']]['ftp_up'],\n\t\t\t\t\t'ftp_down' => $admin_traffic[$row['adminid']]['ftp_down'],\n\t\t\t\t\t'mail' => $admin_traffic[$row['adminid']]['mail']\n\t\t\t\t];\n\t\t\t\t$ins_stmt = Database::prepare(\"\n\t\t\t\t\tINSERT INTO `\" . TABLE_PANEL_TRAFFIC_ADMINS . \"` SET\n\t\t\t\t\t`adminid` = :adminid,\n\t\t\t\t\t`year` = :year,\n\t\t\t\t\t`month` = :month,\n\t\t\t\t\t`day` = :day,\n\t\t\t\t\t`stamp` = :stamp,\n\t\t\t\t\t`http` = :http,\n\t\t\t\t\t`ftp_up` = :ftp_up,\n\t\t\t\t\t`ftp_down` = :ftp_down,\n\t\t\t\t\t`mail` = :mail\n\t\t\t\t\");\n\t\t\t\tDatabase::pexecute($ins_stmt, $ins_data);\n\n\t\t\t\t$upd_data = [\n\t\t\t\t\t'traffic' => $admin_traffic[$row['adminid']]['sum_month'],\n\t\t\t\t\t'adminid' => $row['adminid']\n\t\t\t\t];\n\t\t\t\t$upd_stmt = Database::prepare(\"\n\t\t\t\t\tUPDATE `\" . TABLE_PANEL_ADMINS . \"` SET\n\t\t\t\t\t`traffic_used` = :traffic\n\t\t\t\t\tWHERE `adminid` = :adminid\n\t\t\t\t\");\n\t\t\t\tDatabase::pexecute($upd_stmt, $upd_data);\n\t\t\t}\n\n\t\t\tif (isset($admin_diskspace[$row['adminid']])) {\n\t\t\t\t$upd_data = [\n\t\t\t\t\t'diskspace' => $admin_diskspace[$row['adminid']]['all'],\n\t\t\t\t\t'adminid' => $row['adminid']\n\t\t\t\t];\n\t\t\t\t$upd_stmt = Database::prepare(\"\n\t\t\t\t\tUPDATE `\" . TABLE_PANEL_ADMINS . \"` SET\n\t\t\t\t\t`diskspace_used` = :diskspace\n\t\t\t\t\tWHERE `adminid` = :adminid\n\t\t\t\t\");\n\t\t\t\tDatabase::pexecute($upd_stmt, $upd_data);\n\t\t\t}\n\t\t}\n\n\t\tDatabase::query(\"UPDATE `\" . TABLE_PANEL_SETTINGS . \"` SET `value` = UNIX_TIMESTAMP() WHERE `settinggroup` = 'system' AND `varname` = 'last_traffic_run'\");\n\t}\n\n\t/**\n\t * Run goaccess to create statistics and return used traffic since last run\n\t *\n\t * @param int $customerid\n\t * @param string $logfile Name of logfile\n\t * @param string $outputdir Place where stats should be build\n\t * @param string $caption Caption for webalizer output\n\t * @param array $monthyear_arr\n\t * @param int $current_stamp\n\t *\n\t * @return int Used traffic\n\t */\n\tprivate static function callGoaccessGetTraffic($customerid, $logfile, $outputdir, $caption, array $monthyear_arr = [], int $current_stamp = 0)\n\t{\n\t\t$returnval = 0;\n\n\t\t$logfile = FileDir::makeCorrectFile(Settings::Get('system.logfiles_directory') . $logfile . '-access.log');\n\t\tif (file_exists($logfile)) {\n\t\t\t$outputdir = FileDir::makeCorrectDir($outputdir);\n\t\t\tif (!file_exists($outputdir)) {\n\t\t\t\tFileDir::safe_exec('mkdir -p ' . escapeshellarg($outputdir));\n\t\t\t}\n\n\t\t\tif (file_exists($outputdir . '.tmp.json')) {\n\t\t\t\t@unlink($outputdir . '.tmp.json');\n\t\t\t}\n\n\t\t\t// goaccess <1.4\n\t\t\t$keep_params = '--keep-db-files --load-from-disk';\n\t\t\t$res = FileDir::safe_exec('goaccess --version');\n\t\t\t$ver_str = array_shift($res);\n\t\t\t$cGoVer = substr($ver_str, strrpos($ver_str, \" \") + 1, -1);\n\t\t\tif (version_compare($cGoVer, '1.4', '>=')) {\n\t\t\t\t// at least 1.4\n\t\t\t\t$keep_params = '--persist --restore';\n\t\t\t}\n\n\t\t\t$format = (Settings::Get('system.logfiles_type') == '2' && Settings::Get('system.webserver') == 'apache2') ? 'VCOMBINED' : 'COMBINED';\n\t\t\t$monthyear = $monthyear_arr['month'] . '/' . $monthyear_arr['year'];\n\t\t\t$return_value = false;\n\t\t\tFileDir::safe_exec(\"grep '\" . $monthyear . \"' \" . escapeshellarg($logfile) . \" | goaccess \" . $keep_params . \" --db-path=\" . escapeshellarg($outputdir) . \" -o \" . escapeshellarg($outputdir . '.tmp.json') . \" -o \" . escapeshellarg($outputdir . 'index.html') . \" --html-report-title=\" . escapeshellarg($caption) . \" --log-format=\" . $format . \" --no-parsing-spinner --no-progress - \", $return_value, ['|']);\n\n\t\t\tif (file_exists($outputdir . '.tmp.json')) {\n\t\t\t\t// need jq here because of potentially LARGE json files\n\t\t\t\t$returnval = FileDir::safe_exec(\"jq -c '.general.bandwidth' \" . escapeshellarg($outputdir . '.tmp.json'));\n\t\t\t\t$returnval = array_shift($returnval);\n\t\t\t\t// return KB as the others two do\n\t\t\t\t$returnval = floatval($returnval / 1024);\n\t\t\t\t@unlink($outputdir . '.tmp.json');\n\t\t\t}\n\t\t}\n\n\t\tif ($returnval > 0) {\n\t\t\t/**\n\t\t\t * now, because this traffic is being saved daily, we have to\n\t\t\t * subtract the values from all the month's values to return\n\t\t\t * a sane value for our panel_traffic and to remain the whole stats\n\t\t\t * (awstats overwrites the customers .html stats-files)\n\t\t\t */\n\t\t\tif ($customerid !== false) {\n\t\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\t\tSELECT SUM(`http`) as `trafficmonth` FROM `\" . TABLE_PANEL_TRAFFIC . \"`\n\t\t\t\t\tWHERE `customerid` = :customerid\n\t\t\t\t\tAND `year` = :year AND `month` = :month\n\t\t\t\t\");\n\t\t\t\t$result_data = [\n\t\t\t\t\t'customerid' => $customerid,\n\t\t\t\t\t'year' => date('Y', $current_stamp),\n\t\t\t\t\t'month' => date('m', $current_stamp)\n\t\t\t\t];\n\t\t\t\t$result = Database::pexecute_first($result_stmt, $result_data);\n\n\t\t\t\tif (is_array($result) && isset($result['trafficmonth'])) {\n\t\t\t\t\t$returnval = ($returnval - floatval($result['trafficmonth']));\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t\treturn $returnval;\n\t}\n\n\t/**\n\t * Function which make webalizer statistics and returns used traffic since last run\n\t *\n\t * @param string $logfile Name of logfile\n\t * @param string $outputdir Place where stats should be build\n\t * @param string $caption Caption for webalizer output\n\t * @param array $usersdomainlist\n\t *\n\t * @return float Used traffic\n\t */\n\tprivate static function callWebalizerGetTraffic($logfile, $outputdir, $caption, array $usersdomainlist = [])\n\t{\n\t\t$returnval = 0;\n\n\t\t$logfile = FileDir::makeCorrectFile(Settings::Get('system.logfiles_directory') . $logfile . '-access.log');\n\t\tif (file_exists($logfile)) {\n\t\t\t$domainargs = '';\n\t\t\tforeach ($usersdomainlist as $domain) {\n\t\t\t\t// hide referer\n\t\t\t\t$domainargs .= ' -r ' . escapeshellarg($domain);\n\t\t\t}\n\n\t\t\t$outputdir = FileDir::makeCorrectDir($outputdir);\n\t\t\tif (!file_exists($outputdir)) {\n\t\t\t\tFileDir::safe_exec('mkdir -p ' . escapeshellarg($outputdir));\n\t\t\t}\n\n\t\t\tif (file_exists($outputdir . 'webalizer.hist.1')) {\n\t\t\t\t@unlink($outputdir . 'webalizer.hist.1');\n\t\t\t}\n\n\t\t\tif (file_exists($outputdir . 'webalizer.hist') && !file_exists($outputdir . 'webalizer.hist.1')) {\n\t\t\t\tFileDir::safe_exec('cp ' . escapeshellarg($outputdir . 'webalizer.hist') . ' ' . escapeshellarg($outputdir . 'webalizer.hist.1'));\n\t\t\t}\n\n\t\t\t$verbosity = '';\n\t\t\tif (Settings::Get('system.webalizer_quiet') == '1') {\n\t\t\t\t$verbosity = '-q';\n\t\t\t} elseif (Settings::Get('system.webalizer_quiet') == '2') {\n\t\t\t\t$verbosity = '-Q';\n\t\t\t}\n\n\t\t\t$we = '/usr/bin/webalizer';\n\n\t\t\t// FreeBSD uses other paths, #140\n\t\t\tif (!file_exists($we)) {\n\t\t\t\t$we = '/usr/local/bin/webalizer';\n\t\t\t}\n\n\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, \"Running webalizer for domain '\" . $caption . \"'\");\n\t\t\tFileDir::safe_exec($we . ' ' . $verbosity . ' -p -o ' . escapeshellarg($outputdir) . ' -n ' . escapeshellarg($caption) . $domainargs . ' ' . escapeshellarg($logfile));\n\n\t\t\t/**\n\t\t\t * Format of webalizer.hist-files:\n\t\t\t * Month: $webalizer_hist_row['0']\n\t\t\t * Year: $webalizer_hist_row['1']\n\t\t\t * KB: $webalizer_hist_row['5']\n\t\t\t */\n\t\t\t$httptraffic = [];\n\t\t\t$webalizer_hist = @file_get_contents($outputdir . 'webalizer.hist');\n\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, \"Gathering traffic information from '\" . $webalizer_hist . \"'\");\n\n\t\t\t$webalizer_hist_rows = explode(\"\\n\", $webalizer_hist);\n\t\t\tforeach ($webalizer_hist_rows as $webalizer_hist_row) {\n\t\t\t\tif ($webalizer_hist_row != '') {\n\t\t\t\t\t$webalizer_hist_row = explode(' ', $webalizer_hist_row);\n\n\t\t\t\t\tif (isset($webalizer_hist_row['0']) && isset($webalizer_hist_row['1']) && isset($webalizer_hist_row['5'])) {\n\t\t\t\t\t\t$month = intval($webalizer_hist_row['0']);\n\t\t\t\t\t\t$year = intval($webalizer_hist_row['1']);\n\t\t\t\t\t\t$traffic = floatval($webalizer_hist_row['5']);\n\n\t\t\t\t\t\tif (!isset($httptraffic[$year])) {\n\t\t\t\t\t\t\t$httptraffic[$year] = [];\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\t$httptraffic[$year][$month] = $traffic;\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\n\t\t\treset($httptraffic);\n\t\t\t$httptrafficlast = [];\n\t\t\t$webalizer_lasthist = @file_get_contents($outputdir . 'webalizer.hist.1');\n\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, \"Gathering traffic information from '\" . $webalizer_lasthist . \"'\");\n\n\t\t\t$webalizer_lasthist_rows = explode(\"\\n\", $webalizer_lasthist);\n\t\t\tforeach ($webalizer_lasthist_rows as $webalizer_lasthist_row) {\n\t\t\t\tif ($webalizer_lasthist_row != '') {\n\t\t\t\t\t$webalizer_lasthist_row = explode(' ', $webalizer_lasthist_row);\n\n\t\t\t\t\tif (isset($webalizer_lasthist_row['0']) && isset($webalizer_lasthist_row['1']) && isset($webalizer_lasthist_row['5'])) {\n\t\t\t\t\t\t$month = intval($webalizer_lasthist_row['0']);\n\t\t\t\t\t\t$year = intval($webalizer_lasthist_row['1']);\n\t\t\t\t\t\t$traffic = floatval($webalizer_lasthist_row['5']);\n\n\t\t\t\t\t\tif (!isset($httptrafficlast[$year])) {\n\t\t\t\t\t\t\t$httptrafficlast[$year] = [];\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\t$httptrafficlast[$year][$month] = $traffic;\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\n\t\t\treset($httptrafficlast);\n\t\t\tforeach ($httptraffic as $year => $months) {\n\t\t\t\tforeach ($months as $month => $traffic) {\n\t\t\t\t\tif (!isset($httptrafficlast[$year][$month])) {\n\t\t\t\t\t\t$returnval += $traffic;\n\t\t\t\t\t} elseif ($httptrafficlast[$year][$month] < $traffic) {\n\t\t\t\t\t\t$returnval += ($traffic - $httptrafficlast[$year][$month]);\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\treturn floatval($returnval);\n\t}\n\n\tprivate static function callAwstatsGetTraffic($customerid, $outputdir, $usersdomainlist, $current_stamp)\n\t{\n\t\t$returnval = 0;\n\n\t\tforeach ($usersdomainlist as $singledomain) {\n\t\t\t// as we check for the config-model awstats will only parse\n\t\t\t// 'real' domains and no subdomains which are aliases in the\n\t\t\t// model-config-file.\n\t\t\t$returnval += self::awstatsDoSingleDomain($singledomain, $outputdir, $current_stamp);\n\t\t\t// kind of a keep-alive-call as this unsets the link which leads to a new connection to the database\n\t\t\tDatabase::needRoot();\n\t\t}\n\n\t\t/**\n\t\t * as of #124, awstats traffic is saved in bytes instead\n\t\t * of kilobytes (like webalizer does)\n\t\t */\n\t\t$returnval = floatval($returnval / 1024);\n\n\t\t/**\n\t\t * now, because this traffic is being saved daily, we have to\n\t\t * subtract the values from all the month's values to return\n\t\t * a sane value for our panel_traffic and to remain the whole stats\n\t\t * (awstats overwrites the customers .html stats-files)\n\t\t */\n\t\tif ($customerid !== false) {\n\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\tSELECT SUM(`http`) as `trafficmonth` FROM `\" . TABLE_PANEL_TRAFFIC . \"`\n\t\t\t\tWHERE `customerid` = :customerid\n\t\t\t\tAND `year` = :year AND `month` = :month\n\t\t\t\");\n\t\t\t$result_data = [\n\t\t\t\t'customerid' => $customerid,\n\t\t\t\t'year' => date('Y', $current_stamp),\n\t\t\t\t'month' => date('m', $current_stamp)\n\t\t\t];\n\t\t\t$result = Database::pexecute_first($result_stmt, $result_data);\n\n\t\t\tif (is_array($result) && isset($result['trafficmonth'])) {\n\t\t\t\t$returnval = ($returnval - floatval($result['trafficmonth']));\n\t\t\t}\n\t\t}\n\n\t\treturn floatval($returnval);\n\t}\n\n\tprivate static function awstatsDoSingleDomain($domain, $outputdir, $current_stamp)\n\t{\n\t\t$returnval = 0;\n\n\t\t$domainconfig = FileDir::makeCorrectFile(Settings::Get('system.awstats_conf') . '/awstats.' . $domain . '.conf');\n\n\t\tif (file_exists($domainconfig)) {\n\t\t\t$outputdir = FileDir::makeCorrectDir($outputdir . '/' . $domain);\n\t\t\t$staticOutputdir = FileDir::makeCorrectDir($outputdir . '/' . date('Y') . '-' . date('m'));\n\n\t\t\tif (!is_dir($staticOutputdir)) {\n\t\t\t\tFileDir::safe_exec('mkdir -p ' . escapeshellarg($staticOutputdir));\n\t\t\t}\n\n\t\t\t// check for correct path of awstats_buildstaticpages.pl\n\t\t\t$awbsp = FileDir::makeCorrectFile(Settings::Get('system.awstats_path') . '/awstats_buildstaticpages.pl');\n\t\t\t$awprog = FileDir::makeCorrectFile(Settings::Get('system.awstats_awstatspath') . '/awstats.pl');\n\n\t\t\tif (!file_exists($awbsp)) {\n\t\t\t\techo \"WANRING: Necessary awstats_buildstaticpages.pl script could not be found, no traffic is being calculated and no stats are generated. Please check your AWStats-Path setting\";\n\t\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_WARNING, \"Necessary awstats_buildstaticpages.pl script could not be found, no traffic is being calculated and no stats are generated. Please check your AWStats-Path setting\");\n\t\t\t\texit();\n\t\t\t}\n\n\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, \"Running awstats_buildstaticpages.pl for domain '\" . $domain . \"' (Output: '\" . $staticOutputdir . \"')\");\n\t\t\tFileDir::safe_exec($awbsp . ' -awstatsprog=' . escapeshellarg($awprog) . ' -update -month=' . date('m', $current_stamp) . ' -year=' . date('Y', $current_stamp) . ' -config=' . $domain . ' -dir=' . escapeshellarg($staticOutputdir));\n\n\t\t\t// update our awstats index files\n\t\t\tself::awstatsGenerateIndex($domain, $outputdir);\n\n\t\t\t// the default selection is 'current',\n\t\t\t// so link the latest dir to it\n\t\t\t$new_current = FileDir::makeCorrectFile($outputdir . '/current');\n\t\t\tFileDir::safe_exec('ln -fTs ' . escapeshellarg($staticOutputdir) . ' ' . escapeshellarg($new_current));\n\n\t\t\t// statistics file looks like: 'awstats[month][year].[domain].txt'\n\t\t\t$file = FileDir::makeCorrectFile($outputdir . '/awstats' . date('mY', time()) . '.' . $domain . '.txt');\n\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, \"Gathering traffic information from '\" . $file . \"'\");\n\n\t\t\tif (file_exists($file)) {\n\t\t\t\t$content = @file_get_contents($file);\n\t\t\t\tif ($content !== false) {\n\t\t\t\t\t$content_array = explode(\"\\n\", $content);\n\n\t\t\t\t\t$count_bdw = false;\n\t\t\t\t\tforeach ($content_array as $line) {\n\t\t\t\t\t\t// skip empty lines and comments\n\t\t\t\t\t\tif (trim($line) == '' || substr(trim($line), 0, 1) == '#') {\n\t\t\t\t\t\t\tcontinue;\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\t$parts = explode(' ', $line);\n\n\t\t\t\t\t\tif (isset($parts[0]) && strtoupper($parts[0]) == 'BEGIN_DOMAIN') {\n\t\t\t\t\t\t\t$count_bdw = true;\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\tif ($count_bdw) {\n\t\t\t\t\t\t\tif (isset($parts[0]) && strtoupper($parts[0]) == 'END_DOMAIN') {\n\t\t\t\t\t\t\t\t$count_bdw = false;\n\t\t\t\t\t\t\t\tbreak;\n\t\t\t\t\t\t\t} elseif (isset($parts[3])) {\n\t\t\t\t\t\t\t\t$returnval += floatval($parts[3]);\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t\treturn $returnval;\n\t}\n\n\tprivate static function awstatsGenerateIndex($domain, $outputdir)\n\t{\n\t\t// Generation header\n\t\t$header = \"\\n\";\n\n\t\t// Looking for {year}-{month} directories\n\t\t$entries = [];\n\t\tforeach (scandir($outputdir) as $a) {\n\t\t\tif (is_dir(FileDir::makeCorrectDir($outputdir . '/' . $a)) && preg_match('/^[0-9]{4}-[0-9]{2}$/', $a)) {\n\t\t\t\tarray_push($entries, '');\n\t\t\t}\n\t\t}\n\n\t\t// These are the variables we will replace\n\t\t$regex = [\n\t\t\t'/\\{SITE_DOMAIN\\}/',\n\t\t\t'/\\{SELECT_ENTRIES\\}/'\n\t\t];\n\n\t\t$replace = [\n\t\t\t$domain,\n\t\t\timplode($entries)\n\t\t];\n\n\t\t// File names\n\t\t$index_file = Froxlor::getInstallDir() . '/templates/misc/awstats/index.html';\n\t\t$index_file = FileDir::makeCorrectFile($index_file);\n\t\t$nav_file = Froxlor::getInstallDir() . '/templates/misc/awstats/nav.html';\n\t\t$nav_file = FileDir::makeCorrectFile($nav_file);\n\n\t\t// Write the index file\n\t\t// 'index.html' used to be a symlink (ignore errors in case this is the first run and no index.html exists yet)\n\t\t@unlink(FileDir::makeCorrectFile($outputdir . '/' . 'index.html'));\n\n\t\t$awstats_index_file = fopen(FileDir::makeCorrectFile($outputdir . '/' . 'index.html'), 'w');\n\t\t$awstats_index_tpl = fopen($index_file, 'r');\n\n\t\t// Write the header\n\t\tfwrite($awstats_index_file, $header);\n\n\t\t// Write the configuration file\n\t\twhile (($line = fgets($awstats_index_tpl, 4096)) !== false) {\n\t\t\tif (!preg_match('/^#/', $line) && trim($line) != '') {\n\t\t\t\tfwrite($awstats_index_file, preg_replace($regex, $replace, $line));\n\t\t\t}\n\t\t}\n\t\tfclose($awstats_index_file);\n\t\tfclose($awstats_index_tpl);\n\n\t\t// Write the nav file\n\t\t$awstats_nav_file = fopen(FileDir::makeCorrectFile($outputdir . '/' . 'nav.html'), 'w');\n\t\t$awstats_nav_tpl = fopen($nav_file, 'r');\n\n\t\t// Write the header\n\t\tfwrite($awstats_nav_file, $header);\n\n\t\t// Write the configuration file\n\t\twhile (($line = fgets($awstats_nav_tpl, 4096)) !== false) {\n\t\t\tif (!preg_match('/^#/', $line) && trim($line) != '') {\n\t\t\t\tfwrite($awstats_nav_file, preg_replace($regex, $replace, $line));\n\t\t\t}\n\t\t}\n\t\tfclose($awstats_nav_file);\n\t\tfclose($awstats_nav_tpl);\n\n\t\treturn;\n\t}\n}\n" }, { "path": "lib/Froxlor/Cron/Traffic/index.html", "content": "" }, { "path": "lib/Froxlor/Cron/index.html", "content": "" }, { "path": "lib/Froxlor/CurrentUser.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor;\n\nuse Exception;\nuse Froxlor\\Api\\Commands\\Customers;\nuse Froxlor\\Api\\Commands\\SubDomains;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\UI\\Collection;\nuse Froxlor\\UI\\Response;\nuse RobThree\\Auth\\TwoFactorAuthException;\n\n/**\n * Class to manage the current user / session\n */\nclass CurrentUser\n{\n\n\t/**\n\t * returns whether there is an active session\n\t *\n\t * @return bool\n\t */\n\tpublic static function hasSession(): bool\n\t{\n\t\treturn !empty($_SESSION) && !empty($_SESSION['userinfo']);\n\t}\n\n\t/**\n\t * set userinfo field in session\n\t *\n\t * @param string $index\n\t * @param mixed $data\n\t *\n\t * @return boolean\n\t */\n\tpublic static function setField(string $index, $data): bool\n\t{\n\t\t$_SESSION['userinfo'][$index] = $data;\n\t\treturn true;\n\t}\n\n\t/**\n\t * re-read in the user data if a valid session exists\n\t *\n\t * @return bool\n\t * @throws \\Exception\n\t */\n\tpublic static function reReadUserData(): bool\n\t{\n\t\t$table = self::isAdmin() ? TABLE_PANEL_ADMINS : TABLE_PANEL_CUSTOMERS;\n\t\t$userinfo_stmt = Database::prepare(\"\n\t\t\tSELECT * FROM `\" . $table . \"` WHERE `loginname`= :loginname AND `deactivated` = '0'\n\t\t\");\n\t\t$userinfo = Database::pexecute_first($userinfo_stmt, [\n\t\t\t\"loginname\" => self::getField('loginname')\n\t\t]);\n\t\tif ($userinfo) {\n\t\t\t// don't just set the data, we need to merge with current data\n\t\t\t// array_merge is a right-reduction - value existing in getData() will be overwritten with $userinfo,\n\t\t\t// other than the union-operator (+) which would keep the values already existing from getData()\n\t\t\t$newuserinfo = array_merge(self::getData(), $userinfo);\n\t\t\tself::setData($newuserinfo);\n\t\t\treturn true;\n\t\t}\n\t\t// unset / logout\n\t\tunset($_SESSION['userinfo']);\n\t\tself::setData([]);\n\t\treturn false;\n\t}\n\n\t/**\n\t * returns whether user has an adminsession\n\t *\n\t * @return bool\n\t */\n\tpublic static function isAdmin(): bool\n\t{\n\t\treturn (self::getField('adminsession') == 1 && self::getField('adminid') > 0 && empty(self::getField('customerid')));\n\t}\n\n\t/**\n\t * return content of a given field from userinfo-array\n\t *\n\t * @param string $index\n\t *\n\t * @return string|array\n\t */\n\tpublic static function getField(string $index)\n\t{\n\t\treturn $_SESSION['userinfo'][$index] ?? \"\";\n\t}\n\n\t/**\n\t * Return userinfo array\n\t *\n\t * @return array\n\t */\n\tpublic static function getData(): array\n\t{\n\t\treturn $_SESSION['userinfo'] ?? [];\n\t}\n\n\t/**\n\t * set the userinfo data to the session\n\t *\n\t * @param array $data\n\t */\n\tpublic static function setData(array $data = []): void\n\t{\n\t\t$_SESSION['userinfo'] = $data;\n\t}\n\n\t/**\n\t * @param string $resource\n\t * @return bool\n\t * @throws \\Exception\n\t */\n\tpublic static function canAddResource(string $resource): bool\n\t{\n\t\t$addition = true;\n\t\t// special cases\n\t\tif ($resource == 'emails') {\n\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\tSELECT COUNT(`id`) as emaildomains\n\t\t\t\tFROM `\" . TABLE_PANEL_DOMAINS . \"`\n\t\t\t\tWHERE `customerid`= :cid AND `isemaildomain` = '1' AND `deactivated` = '0'\n\t\t\t\");\n\t\t\t$result = Database::pexecute_first($result_stmt, [\n\t\t\t\t\"cid\" => $_SESSION['userinfo']['customerid']\n\t\t\t]);\n\t\t\t$addition = $result['emaildomains'] != 0;\n\t\t} elseif ($resource == 'subdomains') {\n\t\t\tif (Settings::IsInList('panel.customer_hide_options', 'domains')) {\n\t\t\t\t$addition = false;\n\t\t\t} else {\n\t\t\t\t$parentDomainCollection = (new Collection(\n\t\t\t\t\tSubDomains::class,\n\t\t\t\t\t$_SESSION['userinfo'],\n\t\t\t\t\t['sql_search' => [\n\t\t\t\t\t\t'd.parentdomainid' => 0,\n\t\t\t\t\t\t'd.deactivated' => 0,\n\t\t\t\t\t\t'd.id' => ['op' => '<>', 'value' => $_SESSION['userinfo']['standardsubdomain']]\n\t\t\t\t\t]\n\t\t\t\t\t]\n\t\t\t\t));\n\t\t\t\t$addition = $parentDomainCollection->count() != 0;\n\t\t\t}\n\t\t} elseif ($resource == 'domains') {\n\t\t\t$customerCollection = (new Collection(Customers::class, $_SESSION['userinfo']));\n\t\t\t$addition = $customerCollection->count() != 0;\n\t\t}\n\n\t\treturn ($_SESSION['userinfo'][$resource . '_used'] < $_SESSION['userinfo'][$resource] || $_SESSION['userinfo'][$resource] == '-1') && $addition;\n\t}\n\n\t/**\n\t * @throws TwoFactorAuthException\n\t */\n\tpublic static function sendOtpEmail()\n\t{\n\t\tglobal $mail;\n\n\t\tif (self::getField('type_2fa') == 1) {\n\t\t\t// generate code\n\t\t\t$tfa = new FroxlorTwoFactorAuth('Froxlor ' . Settings::Get('system.hostname'));\n\t\t\t$secret = $tfa->createSecret();\n\t\t\t$code = $tfa->getCode($secret);\n\t\t\t// set code for user\n\t\t\t$table = TABLE_PANEL_CUSTOMERS;\n\t\t\t$uid = 'customerid';\n\t\t\tif (self::isAdmin()) {\n\t\t\t\t$table = TABLE_PANEL_ADMINS;\n\t\t\t\t$uid = 'adminid';\n\t\t\t}\n\t\t\t$stmt = Database::prepare(\"UPDATE $table SET `data_2fa` = :d2fa WHERE `$uid` = :uid\");\n\t\t\tDatabase::pexecute($stmt, [\n\t\t\t\t\"d2fa\" => $secret,\n\t\t\t\t\"uid\" => self::getField($uid)\n\t\t\t]);\n\t\t\t// build up & send email\n\t\t\t$_mailerror = false;\n\t\t\t$mailerr_msg = \"\";\n\t\t\t$replace_arr = [\n\t\t\t\t'CODE' => $code\n\t\t\t];\n\t\t\t$mail_body = html_entity_decode(PhpHelper::replaceVariables(lng('mails.2fa.mailbody'), $replace_arr));\n\n\t\t\ttry {\n\t\t\t\t$mail->Subject = lng('mails.2fa.subject');\n\t\t\t\t$mail->AltBody = $mail_body;\n\t\t\t\t$mail->MsgHTML(str_replace(\"\\n\", \"
\", $mail_body));\n\t\t\t\t$mail->AddAddress(self::getField('email'), User::getCorrectUserSalutation(self::getData()));\n\t\t\t\t$mail->Send();\n\t\t\t} catch (\\PHPMailer\\PHPMailer\\Exception $e) {\n\t\t\t\t$mailerr_msg = $e->errorMessage();\n\t\t\t\t$_mailerror = true;\n\t\t\t} catch (Exception $e) {\n\t\t\t\t$mailerr_msg = $e->getMessage();\n\t\t\t\t$_mailerror = true;\n\t\t\t}\n\n\t\t\tif ($_mailerror) {\n\t\t\t\t$rstlog = FroxlorLogger::getInstanceOf([\n\t\t\t\t\t'loginname' => '2fa code-sending'\n\t\t\t\t]);\n\t\t\t\t$rstlog->logAction(FroxlorLogger::ADM_ACTION, LOG_ERR, \"Error sending mail: \" . $mailerr_msg);\n\t\t\t\tResponse::redirectTo('index.php', [\n\t\t\t\t\t'showmessage' => '4',\n\t\t\t\t\t'customermail' => self::getField('email')\n\t\t\t\t]);\n\t\t\t\texit();\n\t\t\t}\n\n\t\t\t$mail->ClearAddresses();\n\t\t}\n\t}\n}\n" }, { "path": "lib/Froxlor/Customer/Customer.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Customer;\n\nuse Froxlor\\Database\\Database;\nuse PDO;\n\nclass Customer\n{\n\n\t/**\n\t * Get value of a specific field from a given customer\n\t *\n\t * @param int $customerid\n\t * @param string $varname\n\t * @return false|mixed\n\t * @throws \\Exception\n\t */\n\tpublic static function getCustomerDetail(int $customerid, string $varname)\n\t{\n\t\t$customer_stmt = Database::prepare(\"\n\t\t\tSELECT `\" . $varname . \"` FROM `\" . TABLE_PANEL_CUSTOMERS . \"` WHERE `customerid` = :customerid\n\t\t\");\n\t\t$customer = Database::pexecute_first($customer_stmt, [\n\t\t\t'customerid' => $customerid\n\t\t]);\n\n\t\tif (isset($customer[$varname])) {\n\t\t\treturn $customer[$varname];\n\t\t}\n\t\treturn false;\n\t}\n\n\t/**\n\t * returns the loginname of a customer by given uid\n\t *\n\t * @param int $uid uid of customer\n\t *\n\t * @return string customers loginname\n\t * @throws \\Exception\n\t */\n\tpublic static function getLoginNameByUid(int $uid)\n\t{\n\t\t$result_stmt = Database::prepare(\"\n\t\t\tSELECT `loginname` FROM `\" . TABLE_PANEL_CUSTOMERS . \"` WHERE `guid` = :guid\n\t\t\");\n\t\t$result = Database::pexecute_first($result_stmt, [\n\t\t\t'guid' => $uid\n\t\t]);\n\n\t\tif ($result && isset($result['loginname'])) {\n\t\t\treturn $result['loginname'];\n\t\t}\n\t\treturn false;\n\t}\n\n\t/**\n\t * Function customerHasPerlEnabled\n\t *\n\t * returns true or false whether perl is\n\t * enabled for the given customer\n\t *\n\t * @param int $cid customer-id\n\t *\n\t * @return bool\n\t * @throws \\Exception\n\t */\n\tpublic static function customerHasPerlEnabled(int $cid = 0)\n\t{\n\t\tif ($cid > 0) {\n\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\tSELECT `perlenabled` FROM `\" . TABLE_PANEL_CUSTOMERS . \"` WHERE `customerid` = :cid\");\n\t\t\t$result = Database::pexecute_first($result_stmt, [\n\t\t\t\t'cid' => $cid\n\t\t\t]);\n\n\t\t\tif ($result && isset($result['perlenabled'])) {\n\t\t\t\treturn (bool)$result['perlenabled'];\n\t\t\t}\n\t\t}\n\t\treturn false;\n\t}\n}\n" }, { "path": "lib/Froxlor/Customer/index.html", "content": "" }, { "path": "lib/Froxlor/Database/Database.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Database;\n\nuse Exception;\nuse Froxlor\\FileDir;\nuse Froxlor\\Froxlor;\nuse Froxlor\\PhpHelper;\nuse Froxlor\\Settings;\nuse Froxlor\\UI\\Panel\\UI;\nuse PDO;\nuse PDOException;\nuse PDOStatement;\n\n/**\n * Class Database\n *\n * Wrapper-class for PHP-PDO\n *\n * @method static PDOStatement prepare($statement, array $driver_options = null) Prepares a statement for execution\n * and returns a statement object\n * @method static PDOStatement query ($statement) Executes an SQL statement, returning a result set as a PDOStatement\n * object\n * @method static string lastInsertId ($name = null) Returns the ID of the last inserted row or sequence value\n * @method static string quote ($string, $parameter_type = null) Quotes a string for use in a query.\n * @method static mixed getAttribute(int $attribute) Retrieve a database connection attribute\n */\nclass Database\n{\n\n\t/**\n\t * current database link\n\t *\n\t * @var object\n\t */\n\tprivate static $link = null;\n\n\t/**\n\t * indicator whether to use root-connection or not\n\t */\n\tprivate static bool $needroot = false;\n\n\t/**\n\t * indicator which database-server we're on (not really used)\n\t */\n\tprivate static int $dbserver = 0;\n\n\t/**\n\t * used database-name\n\t */\n\tprivate static ?string $dbname = null;\n\n\t/**\n\t * sql-access data\n\t */\n\tprivate static bool $needsqldata = false;\n\n\tprivate static $sqldata = null;\n\n\tprivate static bool $need_dbname = true;\n\n\t/**\n\t * Wrapper for PDOStatement::execute, so we can catch the PDOException\n\t * and display the error nicely on the panel - also fetches the\n\t * result from the statement and returns the resulting array\n\t *\n\t * @param PDOStatement $stmt\n\t * @param array|null $params\n\t * (optional)\n\t * @param bool $showerror\n\t * suppress error display (default true)\n\t * @param bool $json_response\n\t *\n\t * @return mixed\n\t * @throws Exception\n\t */\n\tpublic static function pexecute_first(PDOStatement &$stmt, $params = null, bool $showerror = true, bool $json_response = false)\n\t{\n\t\tself::pexecute($stmt, $params, $showerror, $json_response);\n\t\treturn $stmt->fetch(PDO::FETCH_ASSOC);\n\t}\n\n\t/**\n\t * Wrapper for PDOStatement::execute so we can catch the PDOException\n\t * and display the error nicely on the panel\n\t *\n\t * @param PDOStatement $stmt\n\t * @param array|null $params\n\t * (optional)\n\t * @param bool $showerror\n\t * suppress error display (default true)\n\t * @param bool $json_response\n\t *\n\t * @throws Exception\n\t */\n\tpublic static function pexecute(PDOStatement &$stmt, $params = null, bool $showerror = true, bool $json_response = false)\n\t{\n\t\ttry {\n\t\t\t$stmt->execute($params);\n\t\t} catch (PDOException $e) {\n\t\t\tself::showerror($e, $showerror, $json_response, $stmt);\n\t\t}\n\t}\n\n\t/**\n\t * display a nice error if it occurs and log everything\n\t *\n\t * @param PDOException $error\n\t * @param bool $showerror\n\t * if set to false, the error will be logged, but we go on\n\t * @throws Exception\n\t */\n\tprivate static function showerror(Exception $error, bool $showerror = true, bool $json_response = false, ?PDOStatement $stmt = null)\n\t{\n\t\tglobal $userinfo, $theme, $linker;\n\n\t\t$sql = [];\n\t\t$sql_root = [];\n\n\t\t// include userdata.inc.php\n\t\trequire Froxlor::getInstallDir() . \"/lib/userdata.inc.php\";\n\n\t\t// le format\n\t\tif (isset($sql['root_user']) && isset($sql['root_password']) && empty($sql_root)) {\n\t\t\t$sql_root = [\n\t\t\t\t0 => [\n\t\t\t\t\t'caption' => 'Default',\n\t\t\t\t\t'host' => $sql['host'],\n\t\t\t\t\t'socket' => ($sql['socket'] ?? null),\n\t\t\t\t\t'user' => $sql['root_user'],\n\t\t\t\t\t'password' => $sql['root_password']\n\t\t\t\t]\n\t\t\t];\n\t\t\tunset($sql['root_user']);\n\t\t\tunset($sql['root_password']);\n\t\t\t// write new layout so this won't happen again\n\t\t\tself::generateNewUserData($sql, $sql_root);\n\t\t\t// re-read file\n\t\t\trequire Froxlor::getInstallDir() . \"/lib/userdata.inc.php\";\n\t\t}\n\n\t\t$substitutions = [\n\t\t\t$sql['password'] => 'DB_UNPRIV_PWD',\n\t\t];\n\t\tforeach ($sql_root as $sql_root_data) {\n\t\t\t$substitutions[$sql_root_data['password']] = 'DB_ROOT_PWD';\n\t\t}\n\n\t\t// hide username/password in messages\n\t\t$error_message = $error->getMessage();\n\t\t$error_trace = $error->getTraceAsString();\n\t\t// error-message\n\t\t$error_message = self::substitute($error_message, $substitutions);\n\t\t// error-trace\n\t\t$error_trace = self::substitute($error_trace, $substitutions);\n\n\t\tif ($error->getCode() == 2003) {\n\t\t\t$error_message = \"Unable to connect to database. Either the mysql-server is not running or your user/password is wrong.\";\n\t\t\t$error_trace = \"\";\n\t\t}\n\n\t\t/**\n\t\t * log to a file, so we can actually ask people for the error\n\t\t * (no one seems to find the stuff in the syslog)\n\t\t */\n\t\t$sl_dir = FileDir::makeCorrectDir(Froxlor::getInstallDir() . \"/logs/\");\n\t\tif (!file_exists($sl_dir)) {\n\t\t\t@mkdir($sl_dir, 0755);\n\t\t}\n\t\tif (!defined('TRAVIS_CI') || TRAVIS_CI == 0) {\n\t\t\topenlog(\"froxlor\", LOG_PID | LOG_PERROR, LOG_LOCAL0);\n\t\t\tsyslog(LOG_WARNING, str_replace(\"\\n\", \" \", $error_message));\n\t\t\tsyslog(LOG_WARNING, str_replace(\"\\n\", \" \", \"--- DEBUG: \" . $error_trace));\n\t\t\tcloselog();\n\t\t}\n\n\t\t/**\n\t\t * log error for reporting\n\t\t */\n\t\t$errid = self::genUniqueToken();\n\t\t$err_file = FileDir::makeCorrectFile($sl_dir . \"/\" . $errid . \"_sql-error.log\");\n\t\t$errlog = @fopen($err_file, 'w');\n\t\t@fwrite($errlog, \"|CODE \" . $error->getCode() . \"\\n\");\n\t\t@fwrite($errlog, \"|MSG \" . $error_message . \"\\n\");\n\t\t@fwrite($errlog, \"|FILE \" . $error->getFile() . \"\\n\");\n\t\t@fwrite($errlog, \"|LINE \" . $error->getLine() . \"\\n\");\n\t\t@fwrite($errlog, \"|TRACE\\n\" . $error_trace . \"\\n\");\n\t\t@fclose($errlog);\n\n\t\tif (empty($sql['debug'])) {\n\t\t\t$error_trace = '';\n\t\t} elseif (!is_null($stmt)) {\n\t\t\t$error_trace .= \"\\n\\n\" . $stmt->queryString;\n\t\t}\n\n\t\tif ($showerror && $json_response) {\n\t\t\t$exception_message = $error_message;\n\t\t\tif (isset($sql['debug']) && $sql['debug'] == true) {\n\t\t\t\t$exception_message .= \"\\n\\n\" . $error_trace;\n\t\t\t}\n\t\t\tthrow new Exception($exception_message, 500);\n\t\t}\n\n\t\tif ($showerror) {\n\t\t\t// clean up sensitive data\n\t\t\tunset($sql);\n\t\t\tunset($sql_root);\n\n\t\t\tif ((isset($theme) && $theme != '') && !isset($_SERVER['SHELL']) || (isset($_SERVER['SHELL']) && $_SERVER['SHELL'] == '')) {\n\t\t\t\t// if we're not on the shell, output a nice error\n\t\t\t\t$err_report_link = '';\n\t\t\t\tif (is_array($userinfo) && (($userinfo['adminsession'] == '1' && Settings::Get('system.allow_error_report_admin') == '1') || ($userinfo['adminsession'] == '0' && Settings::Get('system.allow_error_report_customer') == '1'))) {\n\t\t\t\t\t$err_report_link = $linker->getLink([\n\t\t\t\t\t\t'section' => 'index',\n\t\t\t\t\t\t'page' => 'send_error_report',\n\t\t\t\t\t\t'errorid' => $errid\n\t\t\t\t\t]);\n\t\t\t\t}\n\t\t\t\t// show\n\t\t\t\tUI::initTwig(true);\n\t\t\t\tUI::twig()->addGlobal('install_mode', '1');\n\t\t\t\tUI::view('misc/dberrornice.html.twig', [\n\t\t\t\t\t'page_title' => 'Database error',\n\t\t\t\t\t'message' => $error_message,\n\t\t\t\t\t'debug' => $error_trace,\n\t\t\t\t\t'report' => $err_report_link\n\t\t\t\t]);\n\t\t\t\tdie();\n\t\t\t}\n\t\t\tdie(\"We are sorry, but a MySQL - error occurred. The administrator may find more information in the syslog\");\n\t\t}\n\t}\n\n\t/**\n\t * Substitutes patterns in content.\n\t *\n\t * @param string $content\n\t * @param array $substitutions\n\t * @param int $minLength\n\t * @return string\n\t */\n\tprivate static function substitute(string $content, array $substitutions, int $minLength = 6): string\n\t{\n\t\t$replacements = [];\n\n\t\tforeach ($substitutions as $search => $replace) {\n\t\t\t$replacements += self::createShiftedSubstitutions($search, $replace, $minLength);\n\t\t}\n\n\t\treturn str_replace(array_keys($replacements), array_values($replacements), $content);\n\t}\n\n\t/**\n\t * Creates substitutions, shifted by length, e.g.\n\t *\n\t * _createShiftedSubstitutions('abcdefgh', 'value', 4):\n\t * array(\n\t * 'abcdefgh' => 'value',\n\t * 'abcdefg' => 'value',\n\t * 'abcdef' => 'value',\n\t * 'abcde' => 'value',\n\t * 'abcd' => 'value',\n\t * )\n\t *\n\t * @param string $search\n\t * @param string $replace\n\t * @param int $minLength\n\t * @return array\n\t */\n\tprivate static function createShiftedSubstitutions(string $search, string $replace, int $minLength): array\n\t{\n\t\t$substitutions = [];\n\t\t$length = strlen($search);\n\n\t\tif ($length > $minLength) {\n\t\t\tfor ($shiftedLength = $length; $shiftedLength >= $minLength; $shiftedLength--) {\n\t\t\t\t$substitutions[substr($search, 0, $shiftedLength)] = $replace;\n\t\t\t}\n\t\t}\n\n\t\treturn $substitutions;\n\t}\n\n\t/**\n\t * generate safe unique token\n\t *\n\t * @param int $length\n\t * @return string\n\t * @throws Exception\n\t */\n\tprivate static function genUniqueToken(int $length = 16): string\n\t{\n\t\tif (intval($length) <= 8) {\n\t\t\t$length = 16;\n\t\t}\n\t\tif (function_exists('random_bytes')) {\n\t\t\treturn bin2hex(random_bytes($length));\n\t\t}\n\t\tif (function_exists('mcrypt_create_iv') && defined('MCRYPT_DEV_URANDOM')) {\n\t\t\treturn bin2hex(mcrypt_create_iv($length, MCRYPT_DEV_URANDOM));\n\t\t}\n\t\tif (function_exists('openssl_random_pseudo_bytes')) {\n\t\t\treturn bin2hex(openssl_random_pseudo_bytes($length));\n\t\t}\n\t\t// if everything else fails, use unsafe fallback\n\t\treturn substr(md5(uniqid(microtime(), 1)), 0, $length);\n\t}\n\n\t/**\n\t * returns the number of found rows of the last select query\n\t *\n\t * @return int\n\t */\n\tpublic static function num_rows(): int\n\t{\n\t\treturn Database::query(\"SELECT FOUND_ROWS()\")->fetchColumn();\n\t}\n\n\t/**\n\t * returns the database-name which is used\n\t *\n\t * @return string\n\t */\n\tpublic static function getDbName(): ?string\n\t{\n\t\treturn self::$dbname;\n\t}\n\n\t/**\n\t * enabled the usage of a root-connection to the database\n\t * Note: must be called *before* any prepare/query/etc.\n\t * and should be called again with 'false'-parameter to resume\n\t * the 'normal' database-connection\n\t *\n\t * @param bool $needroot\n\t * @param int $dbserver optional\n\t * @param bool $need_db\n\t */\n\tpublic static function needRoot(bool $needroot = false, int $dbserver = 0, bool $need_db = true)\n\t{\n\t\t// force re-connecting to the db with corresponding user\n\t\t// and set the $dbserver (mostly to 0 = default)\n\t\tself::setServer($dbserver);\n\t\tself::$needroot = $needroot;\n\t\tself::$need_dbname = $need_db;\n\t}\n\n\t/**\n\t * set the database-server (relevant for root-connection)\n\t *\n\t * @param int $dbserver\n\t */\n\tprivate static function setServer(int $dbserver = 0)\n\t{\n\t\tself::$dbserver = $dbserver;\n\t\tself::$link = null;\n\t}\n\n\t/**\n\t * get the currently used database-server (relevant for root-connection)\n\t */\n\tpublic static function getServer()\n\t{\n\t\treturn self::$dbserver;\n\t}\n\n\t/**\n\t * enable the temporary access to sql-access data\n\t * note: if you want root-sqldata you need to\n\t * call needRoot(true) first.\n\t * Also, this will\n\t * only give you the data ONCE as it disable itself\n\t * after the first access to the data\n\t */\n\tpublic static function needSqlData()\n\t{\n\t\tself::$needsqldata = true;\n\t\tself::$sqldata = [];\n\t\tself::$link = null;\n\t\t// we need a connection here because\n\t\t// if getSqlData() is called RIGHT after\n\t\t// this function and no \"real\" PDO\n\t\t// function was called, getDB() wasn't\n\t\t// involved and no data collected\n\t\tself::getDB();\n\t}\n\n\t/**\n\t * function that will be called on every static call\n\t * which connects to the database if necessary\n\t *\n\t * @return object\n\t * @throws Exception\n\t */\n\tprivate static function getDB()\n\t{\n\t\tif (!extension_loaded('pdo') || !in_array(\"mysql\", PDO::getAvailableDrivers())) {\n\t\t\tself::showerror(new Exception(\"The php PDO extension or PDO-MySQL driver is not available\"));\n\t\t}\n\n\t\t// do we have a connection already?\n\t\tif (self::$link) {\n\t\t\t// return it\n\t\t\treturn self::$link;\n\t\t}\n\n\t\t// include userdata.inc.php\n\t\trequire Froxlor::getInstallDir() . \"/lib/userdata.inc.php\";\n\n\t\t// le format\n\t\tif (isset($sql['root_user']) && isset($sql['root_password']) && (!isset($sql_root) || !is_array($sql_root))) {\n\t\t\t$sql_root = [\n\t\t\t\t0 => [\n\t\t\t\t\t'caption' => 'Default',\n\t\t\t\t\t'host' => $sql['host'],\n\t\t\t\t\t'socket' => ($sql['socket'] ?? null),\n\t\t\t\t\t'user' => $sql['root_user'],\n\t\t\t\t\t'password' => $sql['root_password']\n\t\t\t\t]\n\t\t\t];\n\t\t\tunset($sql['root_user']);\n\t\t\tunset($sql['root_password']);\n\t\t\t// write new layout so this won't happen again\n\t\t\tself::generateNewUserData($sql, $sql_root);\n\t\t\t// re-read file\n\t\t\trequire Froxlor::getInstallDir() . \"/lib/userdata.inc.php\";\n\t\t}\n\n\t\t// either root or unprivileged user\n\t\tif (self::$needroot) {\n\t\t\t$caption = $sql_root[self::$dbserver]['caption'];\n\t\t\t$user = $sql_root[self::$dbserver]['user'];\n\t\t\t$password = $sql_root[self::$dbserver]['password'];\n\t\t\t$host = $sql_root[self::$dbserver]['host'];\n\t\t\t$socket = $sql_root[self::$dbserver]['socket'] ?? null;\n\t\t\t$port = $sql_root[self::$dbserver]['port'] ?? '3306';\n\t\t\t$sslCAFile = $sql_root[self::$dbserver]['ssl']['caFile'] ?? \"\";\n\t\t\t$sslVerifyServerCertificate = $sql_root[self::$dbserver]['ssl']['verifyServerCertificate'] ?? false;\n\t\t} else {\n\t\t\t$caption = 'localhost';\n\t\t\t$user = $sql[\"user\"];\n\t\t\t$password = $sql[\"password\"];\n\t\t\t$host = $sql[\"host\"];\n\t\t\t$socket = $sql['socket'] ?? null;\n\t\t\t$port = $sql['port'] ?? '3306';\n\t\t\t$sslCAFile = $sql['ssl']['caFile'] ?? \"\";\n\t\t\t$sslVerifyServerCertificate = $sql['ssl']['verifyServerCertificate'] ?? false;\n\t\t}\n\n\t\t// save sql-access-data if needed\n\t\tif (self::$needsqldata) {\n\t\t\tself::$sqldata = [\n\t\t\t\t'user' => $user,\n\t\t\t\t'passwd' => $password,\n\t\t\t\t'host' => $host,\n\t\t\t\t'port' => $port,\n\t\t\t\t'socket' => $socket,\n\t\t\t\t'db' => $sql[\"db\"],\n\t\t\t\t'caption' => $caption,\n\t\t\t\t'ssl_ca_file' => $sslCAFile,\n\t\t\t\t'ssl_verify_server_certificate' => $sslVerifyServerCertificate\n\t\t\t];\n\t\t}\n\n\t\t// build up connection string\n\t\t$driver = 'mysql';\n\t\t$dsn = $driver . \":\";\n\t\t$options = [\n\t\t\t'PDO::MYSQL_ATTR_INIT_COMMAND' => 'SET names utf8'\n\t\t];\n\t\t$attributes = [\n\t\t\t'ATTR_ERRMODE' => 'ERRMODE_EXCEPTION'\n\t\t];\n\n\t\t$dbconf[\"dsn\"] = ['charset' => 'utf8'];\n\n\t\tif (self::$need_dbname) {\n\t\t\t$dbconf[\"dsn\"]['dbname'] = $sql[\"db\"];\n\t\t}\n\n\t\tif ($socket != null) {\n\t\t\t$dbconf[\"dsn\"]['unix_socket'] = FileDir::makeCorrectFile($socket);\n\t\t} else {\n\t\t\t$dbconf[\"dsn\"]['host'] = $host;\n\t\t\t$dbconf[\"dsn\"]['port'] = $port;\n\n\t\t\tif (!empty(self::$sqldata['ssl_ca_file'])) {\n\t\t\t\t$options[PDO::MYSQL_ATTR_SSL_CA] = self::$sqldata['ssl_ca_file'];\n\t\t\t\t$options[PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT] = (bool)self::$sqldata['ssl_verify_server_certificate'];\n\t\t\t}\n\t\t}\n\n\t\tself::$dbname = $sql[\"db\"];\n\n\t\t// add options to dsn-string\n\t\tforeach ($dbconf[\"dsn\"] as $k => $v) {\n\t\t\t$dsn .= $k . \"=\" . $v . \";\";\n\t\t}\n\n\t\t// clean up\n\t\tunset($dbconf);\n\n\t\t// try to connect\n\t\ttry {\n\t\t\tself::$link = new PDO($dsn, $user, $password, $options);\n\t\t} catch (PDOException $e) {\n\t\t\tself::showerror($e);\n\t\t}\n\n\t\t// set attributes\n\t\tforeach ($attributes as $k => $v) {\n\t\t\tself::$link->setAttribute(constant(\"PDO::\" . $k), constant(\"PDO::\" . $v));\n\t\t}\n\n\t\t$version_server = self::$link->getAttribute(PDO::ATTR_SERVER_VERSION);\n\t\t$sql_mode = 'NO_ENGINE_SUBSTITUTION';\n\t\tif (version_compare($version_server, '8.0.11', '<')) {\n\t\t\t$sql_mode .= ',NO_AUTO_CREATE_USER';\n\t\t}\n\t\tself::$link->exec('SET sql_mode = \"' . $sql_mode . '\"');\n\n\t\t// return PDO instance\n\t\treturn self::$link;\n\t}\n\n\t/**\n\t * returns the sql-access data as array using indices\n\t * 'user', 'passwd' and 'host'.\n\t * Returns false if not enabled\n\t *\n\t * @return array|bool\n\t */\n\tpublic static function getSqlData()\n\t{\n\t\t$return = false;\n\t\tif (self::$sqldata !== null && is_array(self::$sqldata) && isset(self::$sqldata['user'])) {\n\t\t\t$return = self::$sqldata;\n\t\t\t// automatically disable sql-data\n\t\t\tself::$sqldata = null;\n\t\t\tself::$needsqldata = false;\n\t\t}\n\t\treturn $return;\n\t}\n\n\t/**\n\t * return number of characters that are allowed to use as username\n\t *\n\t * @return int\n\t */\n\tpublic static function getSqlUsernameLength(): int\n\t{\n\t\t// MariaDB supports up to 80 characters but only 64 for databases and as we use the login-name also for\n\t\t// database names, we set the limit to 64 here\n\t\tif (strpos(strtolower(Database::getAttribute(\\PDO::ATTR_SERVER_VERSION)), \"mariadb\") !== false) {\n\t\t\t$mysql_max = 64;\n\t\t} else {\n\t\t\t// MySQL user-names can be up to 32 characters long (16 characters before MySQL 5.7.8).\n\t\t\t$mysql_max = 32;\n\t\t\tif (version_compare(Database::getAttribute(\\PDO::ATTR_SERVER_VERSION), '5.7.8', '<')) {\n\t\t\t\t$mysql_max = 16;\n\t\t\t}\n\t\t}\n\t\treturn $mysql_max;\n\t}\n\n\t/**\n\t * Lets us interact with the PDO-Object by using static\n\t * call like \"Database::function()\"\n\t *\n\t * @param string $name\n\t * @param mixed $args\n\t *\n\t * @return mixed\n\t * @throws Exception\n\t */\n\tpublic static function __callStatic(string $name, $args)\n\t{\n\t\t$callback = [\n\t\t\tself::getDB(),\n\t\t\t$name\n\t\t];\n\t\t$result = null;\n\t\ttry {\n\t\t\t$result = call_user_func_array($callback, $args);\n\t\t} catch (PDOException $e) {\n\t\t\tself::showerror($e);\n\t\t}\n\t\treturn $result;\n\t}\n\n\t/**\n\t * write new userdata.inc.php file\n\t */\n\tprivate static function generateNewUserData(array $sql, array $sql_root)\n\t{\n\t\t$content = PhpHelper::parseArrayToPhpFile(\n\t\t\t['sql' => $sql, 'sql_root' => $sql_root],\n\t\t\t'automatically generated userdata.inc.php for froxlor'\n\t\t);\n\t\tchmod(Froxlor::getInstallDir() . \"/lib/userdata.inc.php\", 0700);\n\t\tfile_put_contents(Froxlor::getInstallDir() . \"/lib/userdata.inc.php\", $content);\n\t\tchmod(Froxlor::getInstallDir() . \"/lib/userdata.inc.php\", 0400);\n\t\tclearstatcache();\n\t\tif (function_exists('opcache_invalidate')) {\n\t\t\t@opcache_invalidate(Froxlor::getInstallDir() . \"/lib/userdata.inc.php\", true);\n\t\t}\n\t}\n}\n" }, { "path": "lib/Froxlor/Database/DbManager.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Database;\n\nuse Exception;\nuse Froxlor\\Database\\Manager\\DbManagerMySQL;\nuse Froxlor\\Froxlor;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\Settings;\nuse PDO;\n\n/**\n * Class DbManager\n *\n * Wrapper-class for database-management like creating\n * and removing databases, users and permissions\n */\nclass DbManager\n{\n\n\t/**\n\t * FroxlorLogger object\n\t *\n\t * @var object\n\t */\n\tprivate $log = null;\n\n\t/**\n\t * Manager object\n\t *\n\t * @var object\n\t */\n\tprivate $manager = null;\n\n\t/**\n\t * main constructor\n\t *\n\t * @param FroxlorLogger $log\n\t */\n\tpublic function __construct($log = null)\n\t{\n\t\t$this->log = $log;\n\t\t$this->setManager();\n\t}\n\n\t/**\n\t * set manager-object by type of\n\t * dbms: mysql only for now\n\t *\n\t * sets private $_manager variable\n\t */\n\tprivate function setManager()\n\t{\n\t\t// TODO read different dbms from settings later\n\t\t$this->manager = new DbManagerMySQL($this->log);\n\t}\n\n\t/**\n\t * function called when the mysql-access-host setting changes\n\t *\n\t * @param array $mysql_access_host_array\n\t *\n\t * @return void\n\t * @throws Exception\n\t */\n\tpublic static function correctMysqlUsers(array $mysql_access_host_array)\n\t{\n\t\t// get all databases for all dbservers\n\t\t$databases = [];\n\t\t$databases_result_stmt = Database::prepare(\"\n\t\t\tSELECT * FROM `\" . TABLE_PANEL_DATABASES . \"`\n\t\t\tORDER BY `dbserver` ASC\n\t\t\");\n\t\tDatabase::pexecute($databases_result_stmt);\n\t\twhile ($databases_row = $databases_result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\tif (!isset($databases[$databases_row['dbserver']])) {\n\t\t\t\t$databases[$databases_row['dbserver']] = [];\n\t\t\t}\n\t\t\t$databases[$databases_row['dbserver']][] = $databases_row['databasename'];\n\t\t}\n\n\t\t$customers_sel = Database::query(\"\n\t\t\tSELECT DISTINCT c.loginname\n\t\t\tFROM `\" . TABLE_PANEL_CUSTOMERS . \"` c\n\t\t\tLEFT JOIN `\" . TABLE_PANEL_DATABASES . \"` d ON c.customerid = d.customerid\n\t\t\tWHERE c.deactivated = '0' AND d.id IS NOT NULL\n\t\t\");\n\t\t$customers = [];\n\t\twhile ($customer = $customers_sel->fetch(\\PDO::FETCH_ASSOC)) {\n\t\t\t$customers[] = $customer['loginname'];\n\t\t}\n\n\t\t$dbservers_stmt = Database::query(\"SELECT DISTINCT `dbserver` FROM `\" . TABLE_PANEL_DATABASES . \"`\");\n\t\twhile ($dbserver = $dbservers_stmt->fetch(PDO::FETCH_ASSOC)) {\n\n\t\t\t// add all customer loginnames to the $databases array for this database-server to correct\n\t\t\t// a possible existing global mysql-user for that customer\n\t\t\tforeach ($customers as $customer) {\n\t\t\t\t$databases[$dbserver['dbserver']][] = $customer;\n\t\t\t}\n\n\t\t\t// require privileged access for target db-server\n\t\t\tDatabase::needRoot(true, $dbserver['dbserver'], false);\n\n\t\t\t$dbm = new DbManager(FroxlorLogger::getInstanceOf());\n\t\t\t$users = $dbm->getManager()->getAllSqlUsers(false);\n\n\t\t\tforeach ($databases[$dbserver['dbserver']] as $username) {\n\t\t\t\tif (isset($users[$username]['hosts']) && is_array($users[$username]['hosts'])) {\n\n\t\t\t\t\tforeach ($mysql_access_host_array as $mysql_access_host) {\n\t\t\t\t\t\t$mysql_access_host = trim($mysql_access_host);\n\n\t\t\t\t\t\tif (!in_array($mysql_access_host, $users[$username]['hosts'])) {\n\t\t\t\t\t\t\t// if this is a new host, use credentials from localhost, which should always exist\n\t\t\t\t\t\t\t$password = [\n\t\t\t\t\t\t\t\t'password' => $users[$username]['hosts']['localhost']['password'],\n\t\t\t\t\t\t\t\t'plugin' => $users[$username]['hosts']['localhost']['plugin']\n\t\t\t\t\t\t\t];\n\t\t\t\t\t\t\t$dbm->getManager()->grantPrivilegesTo($username, $password, $mysql_access_host, true);\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\n\t\t\t\t\tforeach ($users[$username]['hosts'] as $mysql_access_host) {\n\t\t\t\t\t\tif (!in_array($mysql_access_host, $mysql_access_host_array)) {\n\t\t\t\t\t\t\t$dbm->getManager()->deleteUser($username, $mysql_access_host);\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t$dbm->getManager()->flushPrivileges();\n\t\t\tDatabase::needRoot(false);\n\n\t\t\tunset($databases[$dbserver['dbserver']]);\n\t\t}\n\t}\n\n\t/**\n\t * creates a new database and a user with the\n\t * same name with all privileges granted on the db.\n\t * DB-name and user-name are being generated and\n\t * the password for the user will be set\n\t *\n\t * @param ?string $loginname\n\t * @param ?string $password\n\t * @param int $dbserver\n\t * @param int $last_accnumber\n\t * @param ?string $global_user\n\t *\n\t * @return string|bool $username if successful or false of username is equal to the password\n\t * @throws Exception\n\t */\n\tpublic function createDatabase(string $loginname = null, string $password = null, int $dbserver = 0, int $last_accnumber = 0, string $global_user = \"\")\n\t{\n\t\tDatabase::needRoot(true, $dbserver, false);\n\n\t\t// check whether we shall create a random username\n\t\tif (strtoupper(Settings::Get('customer.mysqlprefix')) == 'RANDOM') {\n\t\t\t// get all usernames from db-manager\n\t\t\t$allsqlusers = $this->getManager()->getAllSqlUsers();\n\t\t\t// generate random username\n\t\t\t$username = $loginname . '-' . substr(Froxlor::genSessionId(), 20, 3);\n\t\t\t// check whether it exists on the DBMS\n\t\t\twhile (in_array($username, $allsqlusers)) {\n\t\t\t\t$username = $loginname . '-' . substr(Froxlor::genSessionId(), 20, 3);\n\t\t\t}\n\t\t} elseif (strtoupper(Settings::Get('customer.mysqlprefix')) == 'DBNAME') {\n\t\t\t$username = $loginname;\n\t\t} else {\n\t\t\t$username = $loginname . Settings::Get('customer.mysqlprefix') . (intval($last_accnumber) + 1);\n\t\t}\n\n\t\t// don't use a password that is the same as the username\n\t\tif ($username == $password) {\n\t\t\treturn false;\n\t\t}\n\n\t\t// now create the database itself\n\t\t$this->getManager()->createDatabase($username);\n\n\t\t// and give permission to the user on every access-host we have\n\t\tforeach (array_map('trim', explode(',', Settings::Get('system.mysql_access_host'))) as $mysql_access_host) {\n\t\t\t$this->getManager()->grantPrivilegesTo($username, $password, $mysql_access_host);\n\t\t\tif (!empty($global_user)) {\n\t\t\t\t$this->getManager()->grantCreateToDb($global_user, $username, $mysql_access_host);\n\t\t\t}\n\t\t}\n\n\t\t$this->getManager()->flushPrivileges();\n\t\tDatabase::needRoot();\n\n\t\t$this->log->logAction(FroxlorLogger::USR_ACTION, LOG_INFO, \"created database '\" . $username . \"'\");\n\n\t\treturn $username;\n\t}\n\n\t/**\n\t * returns the manager-object\n\t * from where we can control it\n\t */\n\tpublic function getManager()\n\t{\n\t\treturn $this->manager;\n\t}\n}\n" }, { "path": "lib/Froxlor/Database/IntegrityCheck.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Database;\n\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\Settings;\nuse PDO;\n\nclass IntegrityCheck\n{\n\n\t// Store all available checks\n\tpublic $available = [];\n\n\t// logger object\n\tprivate $log = null;\n\n\t/**\n\t * Constructor\n\t * Parses all available checks into $this->available\n\t */\n\tpublic function __construct()\n\t{\n\t\tglobal $userinfo;\n\t\tif (!isset($userinfo) || !is_array($userinfo)) {\n\t\t\t$userinfo = [\n\t\t\t\t'loginname' => 'integrity-check'\n\t\t\t];\n\t\t}\n\t\t$this->log = FroxlorLogger::getInstanceOf($userinfo);\n\t\t$this->available = get_class_methods($this);\n\t\tunset($this->available[array_search('__construct', $this->available)]);\n\t\tunset($this->available[array_search('checkAll', $this->available)]);\n\t\tunset($this->available[array_search('fixAll', $this->available)]);\n\t\tsort($this->available);\n\t}\n\n\t/**\n\t * Check all occurring integrity problems at once\n\t */\n\tpublic function checkAll()\n\t{\n\t\t$integrityok = true;\n\t\tforeach ($this->available as $check) {\n\t\t\t$integrityok = $this->$check() ? $integrityok : false;\n\t\t}\n\t\treturn $integrityok;\n\t}\n\n\t/**\n\t * Fix all occurring integrity problems at once with default settings\n\t */\n\tpublic function fixAll()\n\t{\n\t\t$integrityok = true;\n\t\tforeach ($this->available as $check) {\n\t\t\t$integrityok = $this->$check(true) ? $integrityok : false;\n\t\t}\n\t\treturn $integrityok;\n\t}\n\n\t/**\n\t * check whether the froxlor database and its tables are in utf-8 character-set\n\t *\n\t * @param bool $fix fix db charset/collation if not utf8\n\t *\n\t * @return bool\n\t * @throws \\Exception\n\t */\n\tpublic function databaseCharset(bool $fix = false): bool\n\t{\n\t\t// get character-set\n\t\t$cs_stmt = Database::prepare('SELECT default_character_set_name FROM information_schema.SCHEMATA WHERE schema_name = :dbname');\n\t\t$resp = Database::pexecute_first($cs_stmt, [\n\t\t\t'dbname' => Database::getDbName()\n\t\t]);\n\t\t$charset = $resp['default_character_set_name'] ?? null;\n\t\tif (!empty($charset) && substr(strtolower($charset), 0, 4) != 'utf8') {\n\t\t\t$this->log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE,\n\t\t\t\t\"database charset seems to be different from UTF-8, integrity-check can fix that\");\n\t\t\tif ($fix) {\n\t\t\t\t// fix database\n\t\t\t\tDatabase::query('ALTER DATABASE `' . Database::getDbName() . '` CHARACTER SET utf8 COLLATE utf8_general_ci');\n\t\t\t\t// fix all tables\n\t\t\t\t$handle = Database::query('SHOW FULL TABLES WHERE Table_type != \"VIEW\"');\n\t\t\t\twhile ($row = $handle->fetch(PDO::FETCH_BOTH)) {\n\t\t\t\t\t$table = $row[0];\n\t\t\t\t\tDatabase::query('ALTER TABLE `' . $table . '` CONVERT TO CHARACTER SET utf8 COLLATE utf8_general_ci;');\n\t\t\t\t}\n\t\t\t\t$this->log->logAction(FroxlorLogger::ADM_ACTION, LOG_WARNING,\n\t\t\t\t\t\"database charset was different from UTF-8, integrity-check fixed that\");\n\t\t\t} else {\n\t\t\t\treturn false;\n\t\t\t}\n\t\t}\n\n\t\tif ($fix) {\n\t\t\treturn $this->databaseCharset();\n\t\t}\n\t\treturn true;\n\t}\n\n\t/**\n\t * Check the integrity of the domain to ip/port - association\n\t *\n\t * @param bool $fix fix everything found directly\n\t *\n\t * @return bool\n\t * @throws \\Exception\n\t */\n\tpublic function domainIpTable(bool $fix = false): bool\n\t{\n\t\t$ips = [];\n\t\t$domains = [];\n\t\t$ipstodomains = [];\n\t\t$admips = [];\n\n\t\tif ($fix) {\n\t\t\t// Prepare insert / delete statement for the fixes\n\t\t\t$del_stmt = Database::prepare(\"\n\t\t\t\tDELETE FROM `\" . TABLE_DOMAINTOIP . \"`\n\t\t\t\tWHERE `id_domain` = :domainid AND `id_ipandports` = :ipandportid \");\n\t\t\t$ins_stmt = Database::prepare(\"\n\t\t\t\tINSERT INTO `\" . TABLE_DOMAINTOIP . \"`\n\t\t\t\tSET `id_domain` = :domainid, `id_ipandports` = :ipandportid \");\n\n\t\t\t// Cache all IPs the admins have assigned\n\t\t\t$adm_stmt = Database::prepare(\"SELECT `adminid`, `ip` FROM `\" . TABLE_PANEL_ADMINS . \"` ORDER BY `adminid` ASC\");\n\t\t\tDatabase::pexecute($adm_stmt);\n\t\t\t$default_ips = explode(',', Settings::Get('system.defaultip'));\n\t\t\t$default_ssl_ips = explode(',', Settings::Get('system.defaultsslip'));\n\t\t\twhile ($row = $adm_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\tif ($row['ip'] < 0 || is_null($row['ip']) || empty($row['ip'])) {\n\t\t\t\t\t// Admin uses default-IP\n\t\t\t\t\t$admips[$row['adminid']] = array_merge($default_ips, $default_ssl_ips);\n\t\t\t\t} else {\n\t\t\t\t\t$admips[$row['adminid']] = [\n\t\t\t\t\t\t$row['ip']\n\t\t\t\t\t];\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\t// Cache all available ip/port - combinations\n\t\t$result_stmt = Database::prepare(\"SELECT `id`, `ip`, `port` FROM `\" . TABLE_PANEL_IPSANDPORTS . \"` ORDER BY `id` ASC\");\n\t\tDatabase::pexecute($result_stmt);\n\t\twhile ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t$ips[$row['id']] = $row['ip'] . ':' . $row['port'];\n\t\t}\n\n\t\t// Cache all configured domains\n\t\t$result_stmt = Database::prepare(\"SELECT `id`, `adminid` FROM `\" . TABLE_PANEL_DOMAINS . \"` ORDER BY `id` ASC\");\n\t\tDatabase::pexecute($result_stmt);\n\t\twhile ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t$domains[$row['id']] = $row['adminid'];\n\t\t}\n\n\t\t// Check if every domain to ip/port - association is valid in TABLE_DOMAINTOIP\n\t\t$result_stmt = Database::prepare(\"SELECT `id_domain`, `id_ipandports` FROM `\" . TABLE_DOMAINTOIP . \"`\");\n\t\tDatabase::pexecute($result_stmt);\n\t\twhile ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\tif (!array_key_exists($row['id_ipandports'], $ips)) {\n\t\t\t\tif ($fix) {\n\t\t\t\t\tDatabase::pexecute($del_stmt, [\n\t\t\t\t\t\t'domainid' => $row['id_domain'],\n\t\t\t\t\t\t'ipandportid' => $row['id_ipandports']\n\t\t\t\t\t]);\n\t\t\t\t\t$this->log->logAction(FroxlorLogger::ADM_ACTION, LOG_WARNING,\n\t\t\t\t\t\t\"found an ip/port-id in domain <> ip table which does not exist, integrity check fixed this\");\n\t\t\t\t} else {\n\t\t\t\t\t$this->log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE,\n\t\t\t\t\t\t\"found an ip/port-id in domain <> ip table which does not exist, integrity check can fix this\");\n\t\t\t\t\treturn false;\n\t\t\t\t}\n\t\t\t}\n\t\t\tif (!array_key_exists($row['id_domain'], $domains)) {\n\t\t\t\tif ($fix) {\n\t\t\t\t\tDatabase::pexecute($del_stmt, [\n\t\t\t\t\t\t'domainid' => $row['id_domain'],\n\t\t\t\t\t\t'ipandportid' => $row['id_ipandports']\n\t\t\t\t\t]);\n\t\t\t\t\t$this->log->logAction(FroxlorLogger::ADM_ACTION, LOG_WARNING,\n\t\t\t\t\t\t\"found a domain-id in domain <> ip table which does not exist, integrity check fixed this\");\n\t\t\t\t} else {\n\t\t\t\t\t$this->log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE,\n\t\t\t\t\t\t\"found a domain-id in domain <> ip table which does not exist, integrity check can fix this\");\n\t\t\t\t\treturn false;\n\t\t\t\t}\n\t\t\t}\n\t\t\t// Save one IP/Port combination per domain, so we know, if one domain is missing an IP\n\t\t\t$ipstodomains[$row['id_domain']] = $row['id_ipandports'];\n\t\t}\n\n\t\t// Check that all domains have at least one IP/Port combination\n\t\tforeach ($domains as $domainid => $adminid) {\n\t\t\tif (!array_key_exists($domainid, $ipstodomains)) {\n\t\t\t\tif ($fix) {\n\t\t\t\t\tforeach ($admips[$adminid] as $defaultip) {\n\t\t\t\t\t\tDatabase::pexecute($ins_stmt, [\n\t\t\t\t\t\t\t'domainid' => $domainid,\n\t\t\t\t\t\t\t'ipandportid' => $defaultip\n\t\t\t\t\t\t]);\n\t\t\t\t\t}\n\t\t\t\t\t$this->log->logAction(FroxlorLogger::ADM_ACTION, LOG_WARNING,\n\t\t\t\t\t\t\"found a domain-id with no entry in domain <> ip table, integrity check fixed this\");\n\t\t\t\t} else {\n\t\t\t\t\t$this->log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE,\n\t\t\t\t\t\t\"found a domain-id with no entry in domain <> ip table, integrity check can fix this\");\n\t\t\t\t\treturn false;\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tif ($fix) {\n\t\t\treturn $this->domainIpTable();\n\t\t}\n\t\treturn true;\n\t}\n\n\t/**\n\t * Check if all subdomains have ssl-redirect = 0 if domain has no ssl-port\n\t *\n\t * @param bool $fix fix everything found directly\n\t *\n\t * @return bool\n\t * @throws \\Exception\n\t */\n\tpublic function subdomainSslRedirect(bool $fix = false): bool\n\t{\n\t\t$ips = [];\n\t\t$parentdomains = [];\n\t\t$subdomains = [];\n\n\t\tif ($fix) {\n\t\t\t// Prepare update statement for the fixes\n\t\t\t$upd_stmt = Database::prepare(\"\n\t\t\t\tUPDATE `\" . TABLE_PANEL_DOMAINS . \"`\n\t\t\t\tSET `ssl_redirect` = 0 WHERE `parentdomainid` = :domainid\");\n\t\t}\n\n\t\t// Cache all ssl ip/port - combinations\n\t\t$result_stmt = Database::prepare(\"SELECT `id`, `ip`, `port` FROM `\" . TABLE_PANEL_IPSANDPORTS . \"` WHERE `ssl` = 1 ORDER BY `id` ASC\");\n\t\tDatabase::pexecute($result_stmt);\n\t\twhile ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t$ips[$row['id']] = $row['ip'] . ':' . $row['port'];\n\t\t}\n\n\t\t// Cache all configured domains\n\t\t$result_stmt = Database::prepare(\"SELECT `id`, `parentdomainid`, `ssl_redirect` FROM `\" . TABLE_PANEL_DOMAINS . \"` ORDER BY `id` ASC\");\n\t\t$ip_stmt = Database::prepare(\"SELECT `id_domain`, `id_ipandports` FROM `\" . TABLE_DOMAINTOIP . \"` WHERE `id_domain` = :domainid\");\n\t\tDatabase::pexecute($result_stmt);\n\t\twhile ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\tif ($row['parentdomainid'] == 0) {\n\t\t\t\t// All parentdomains by default have no ssl - ip/port\n\t\t\t\t$parentdomains[$row['id']] = false;\n\t\t\t\tDatabase::pexecute($ip_stmt, [\n\t\t\t\t\t'domainid' => $row['id']\n\t\t\t\t]);\n\t\t\t\twhile ($iprow = $ip_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t\t// If the parentdomain has an ip/port assigned which we know is SSL enabled, set the parentdomain to \"true\"\n\t\t\t\t\tif (array_key_exists($iprow['id_ipandports'], $ips)) {\n\t\t\t\t\t\t$parentdomains[$row['id']] = true;\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t} elseif ($row['ssl_redirect'] == 1) {\n\t\t\t\t// All subdomains with enabled ssl_redirect enabled are stored\n\t\t\t\tif (!isset($subdomains[$row['parentdomainid']])) {\n\t\t\t\t\t$subdomains[$row['parentdomainid']] = [];\n\t\t\t\t}\n\t\t\t\t$subdomains[$row['parentdomainid']][] = $row['id'];\n\t\t\t}\n\t\t}\n\n\t\t// Check if every parentdomain with enabled ssl_redirect as SSL enabled\n\t\tforeach ($parentdomains as $id => $sslavailable) {\n\t\t\t// This parentdomain has no subdomains\n\t\t\tif (!isset($subdomains[$id])) {\n\t\t\t\tcontinue;\n\t\t\t}\n\t\t\t// This parentdomain has SSL enabled, doesn't matter what status the subdomains have\n\t\t\tif ($sslavailable) {\n\t\t\t\tcontinue;\n\t\t\t}\n\n\t\t\t// At this point only parentdomains reside which have ssl_redirect enabled subdomains\n\t\t\tif ($fix) {\n\t\t\t\t// We make a blanket update to all subdomains of this parentdomain, doesn't matter which one is wrong, all have to be disabled\n\t\t\t\tDatabase::pexecute($upd_stmt, [\n\t\t\t\t\t'domainid' => $id\n\t\t\t\t]);\n\t\t\t\t$this->log->logAction(FroxlorLogger::ADM_ACTION, LOG_WARNING,\n\t\t\t\t\t\"found a subdomain with ssl_redirect=1 but parent-domain has ssl=0, integrity check fixed this\");\n\t\t\t} else {\n\t\t\t\t// It's just the check, let the function fail\n\t\t\t\t$this->log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE,\n\t\t\t\t\t\"found a subdomain with ssl_redirect=1 but parent-domain has ssl=0, integrity check can fix this\");\n\t\t\t\treturn false;\n\t\t\t}\n\t\t}\n\n\t\tif ($fix) {\n\t\t\treturn $this->subdomainSslRedirect();\n\t\t}\n\t\treturn true;\n\t}\n\n\t/**\n\t * Check if all subdomain have letsencrypt = 0 if domain has no ssl-port\n\t *\n\t * @param bool $fix fix everything found directly\n\t *\n\t * @return bool\n\t * @throws \\Exception\n\t */\n\tpublic function subdomainLetsencrypt(bool $fix = false): bool\n\t{\n\t\t$ips = [];\n\t\t$parentdomains = [];\n\t\t$subdomains = [];\n\n\t\tif ($fix) {\n\t\t\t// Prepare update statement for the fixes\n\t\t\t$upd_stmt = Database::prepare(\"\n\t\t\t\tUPDATE `\" . TABLE_PANEL_DOMAINS . \"`\n\t\t\t\tSET `letsencrypt` = 0 WHERE `parentdomainid` = :domainid\");\n\t\t}\n\n\t\t// Cache all ssl ip/port - combinations\n\t\t$result_stmt = Database::prepare(\"SELECT `id`, `ip`, `port` FROM `\" . TABLE_PANEL_IPSANDPORTS . \"` WHERE `ssl` = 1 ORDER BY `id` ASC\");\n\t\tDatabase::pexecute($result_stmt);\n\t\twhile ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t$ips[$row['id']] = $row['ip'] . ':' . $row['port'];\n\t\t}\n\n\t\t// Cache all configured domains\n\t\t$result_stmt = Database::prepare(\"SELECT `id`, `parentdomainid`, `letsencrypt` FROM `\" . TABLE_PANEL_DOMAINS . \"` ORDER BY `id` ASC\");\n\t\t$ip_stmt = Database::prepare(\"SELECT `id_domain`, `id_ipandports` FROM `\" . TABLE_DOMAINTOIP . \"` WHERE `id_domain` = :domainid\");\n\t\tDatabase::pexecute($result_stmt);\n\t\twhile ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\tif ($row['parentdomainid'] == 0) {\n\t\t\t\t// All parentdomains by default have no ssl - ip/port\n\t\t\t\t$parentdomains[$row['id']] = false;\n\t\t\t\tDatabase::pexecute($ip_stmt, [\n\t\t\t\t\t'domainid' => $row['id']\n\t\t\t\t]);\n\t\t\t\twhile ($iprow = $ip_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t\t// If the parentdomain has an ip/port assigned which we know is SSL enabled, set the parentdomain to \"true\"\n\t\t\t\t\tif (array_key_exists($iprow['id_ipandports'], $ips)) {\n\t\t\t\t\t\t$parentdomains[$row['id']] = true;\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t} elseif ($row['letsencrypt'] == 1) {\n\t\t\t\t// All subdomains with enabled letsencrypt enabled are stored\n\t\t\t\tif (!isset($subdomains[$row['parentdomainid']])) {\n\t\t\t\t\t$subdomains[$row['parentdomainid']] = [];\n\t\t\t\t}\n\t\t\t\t$subdomains[$row['parentdomainid']][] = $row['id'];\n\t\t\t}\n\t\t}\n\n\t\t// Check if every parentdomain with enabled letsencrypt as SSL enabled\n\t\tforeach ($parentdomains as $id => $sslavailable) {\n\t\t\t// This parentdomain has no subdomains\n\t\t\tif (!isset($subdomains[$id])) {\n\t\t\t\tcontinue;\n\t\t\t}\n\t\t\t// This parentdomain has SSL enabled, doesn't matter what status the subdomains have\n\t\t\tif ($sslavailable) {\n\t\t\t\tcontinue;\n\t\t\t}\n\n\t\t\t// At this point only parentdomains reside which have letsencrypt enabled subdomains\n\t\t\tif ($fix) {\n\t\t\t\t// We make a blanket update to all subdomains of this parentdomain, doesn't matter which one is wrong, all have to be disabled\n\t\t\t\tDatabase::pexecute($upd_stmt, [\n\t\t\t\t\t'domainid' => $id\n\t\t\t\t]);\n\t\t\t\t$this->log->logAction(FroxlorLogger::ADM_ACTION, LOG_WARNING,\n\t\t\t\t\t\"found a subdomain with letsencrypt=1 but parent-domain has ssl=0, integrity check fixed this\");\n\t\t\t} else {\n\t\t\t\t// It's just the check, let the function fail\n\t\t\t\t$this->log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE,\n\t\t\t\t\t\"found a subdomain with letsencrypt=1 but parent-domain has ssl=0, integrity check can fix this\");\n\t\t\t\treturn false;\n\t\t\t}\n\t\t}\n\n\t\tif ($fix) {\n\t\t\treturn $this->subdomainLetsencrypt();\n\t\t}\n\t\treturn true;\n\t}\n\n\t/**\n\t * check whether the webserveruser is in\n\t * the customers groups when fcgid / php-fpm is used\n\t *\n\t * @param bool $fix fix member/groups\n\t *\n\t * @return bool\n\t * @throws \\Exception\n\t */\n\tpublic function webserverGroupMemberForFcgidPhpFpm(bool $fix = false): bool\n\t{\n\t\tif (Settings::Get('system.mod_fcgid') == 0 && Settings::Get('phpfpm.enabled') == 0) {\n\t\t\treturn true;\n\t\t}\n\n\t\t// get all customers that don't have the webserver-user in their group\n\t\t$cwg_stmt = Database::prepare(\"\n\t SELECT `id` FROM `\" . TABLE_FTP_GROUPS . \"` WHERE NOT FIND_IN_SET(:webserveruser, `members`)\n\t \");\n\t\tDatabase::pexecute($cwg_stmt, [\n\t\t\t'webserveruser' => Settings::Get('system.httpuser')\n\t\t]);\n\n\t\tif ($cwg_stmt->rowCount() > 0) {\n\t\t\t$this->log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE,\n\t\t\t\t\"Customers are missing the webserver-user as group-member, integrity-check can fix that\");\n\t\t\tif ($fix) {\n\t\t\t\t// prepare update statement\n\t\t\t\t$upd_stmt = Database::prepare(\"\n\t UPDATE `\" . TABLE_FTP_GROUPS . \"` SET `members` = CONCAT(`members`, :additionaluser)\n\t WHERE `id` = :id\n\t \");\n\t\t\t\t$upd_data = [\n\t\t\t\t\t'additionaluser' => \",\" . Settings::Get('system.httpuser')\n\t\t\t\t];\n\n\t\t\t\twhile ($cwg_row = $cwg_stmt->fetch()) {\n\t\t\t\t\t$upd_data['id'] = $cwg_row['id'];\n\t\t\t\t\tDatabase::pexecute($upd_stmt, $upd_data);\n\t\t\t\t}\n\t\t\t\t$this->log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE,\n\t\t\t\t\t\"Customers were missing the webserver-user as group-member, integrity-check fixed that\");\n\t\t\t} else {\n\t\t\t\treturn false;\n\t\t\t}\n\t\t}\n\n\t\tif ($fix) {\n\t\t\treturn $this->webserverGroupMemberForFcgidPhpFpm();\n\t\t}\n\t\treturn true;\n\t}\n\n\t/**\n\t * check whether the local froxlor user is in\n\t * the customers groups when fcgid / php-fpm and\n\t * fcgid/fpm in froxlor vhost is used\n\t *\n\t * @param bool $fix fix member/groups\n\t *\n\t * @return bool\n\t * @throws \\Exception\n\t */\n\tpublic function froxlorLocalGroupMemberForFcgidPhpFpm(bool $fix = false): bool\n\t{\n\t\tif (Settings::Get('system.mod_fcgid') == 0 && Settings::Get('phpfpm.enabled') == 0) {\n\t\t\treturn true;\n\t\t}\n\n\t\tif (Settings::get('system.mod_fcgid') == 1) {\n\t\t\tif (Settings::get('system.mod_fcgid_ownvhost') == 0) {\n\t\t\t\treturn true;\n\t\t\t} else {\n\t\t\t\t$localuser = Settings::Get('system.mod_fcgid_httpuser');\n\t\t\t}\n\t\t}\n\n\t\tif (Settings::get('phpfpm.enabled') == 1) {\n\t\t\tif (Settings::get('phpfpm.enabled_ownvhost') == 0) {\n\t\t\t\treturn true;\n\t\t\t} else {\n\t\t\t\t$localuser = Settings::Get('phpfpm.vhost_httpuser');\n\t\t\t}\n\t\t}\n\n\t\t// get all customers that don't have the webserver-user in their group\n\t\t$cwg_stmt = Database::prepare(\"\n\t SELECT `id` FROM `\" . TABLE_FTP_GROUPS . \"` WHERE NOT FIND_IN_SET(:localuser, `members`)\n\t \");\n\t\tDatabase::pexecute($cwg_stmt, [\n\t\t\t'localuser' => $localuser\n\t\t]);\n\n\t\tif ($cwg_stmt->rowCount() > 0) {\n\t\t\t$this->log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE,\n\t\t\t\t\"Customers are missing the local froxlor-user as group-member, integrity-check can fix that\");\n\t\t\tif ($fix) {\n\t\t\t\t// prepare update statement\n\t\t\t\t$upd_stmt = Database::prepare(\"\n\t UPDATE `\" . TABLE_FTP_GROUPS . \"` SET `members` = CONCAT(`members`, :additionaluser)\n\t WHERE `id` = :id\n\t \");\n\t\t\t\t$upd_data = [\n\t\t\t\t\t'additionaluser' => \",\" . $localuser\n\t\t\t\t];\n\n\t\t\t\twhile ($cwg_row = $cwg_stmt->fetch()) {\n\t\t\t\t\t$upd_data['id'] = $cwg_row['id'];\n\t\t\t\t\tDatabase::pexecute($upd_stmt, $upd_data);\n\t\t\t\t}\n\t\t\t\t$this->log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE,\n\t\t\t\t\t\"Customers were missing the local froxlor-user as group-member, integrity-check fixed that\");\n\t\t\t} else {\n\t\t\t\treturn false;\n\t\t\t}\n\t\t}\n\n\t\tif ($fix) {\n\t\t\treturn $this->froxlorLocalGroupMemberForFcgidPhpFpm();\n\t\t}\n\t\treturn true;\n\t}\n}\n" }, { "path": "lib/Froxlor/Database/Manager/DbManagerMySQL.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Database\\Manager;\n\nuse Froxlor\\Database\\Database;\nuse Froxlor\\FroxlorLogger;\nuse PDO;\n\n/**\n * Class DbManagerMySQL\n *\n * Explicit class for database-management like creating\n * and removing databases, users and permissions for MySQL\n */\nclass DbManagerMySQL\n{\n\n\t/**\n\t * FroxlorLogger object\n\t *\n\t * @var object\n\t */\n\tprivate $log = null;\n\n\t/**\n\t * main constructor\n\t *\n\t * @param FroxlorLogger|null $log\n\t */\n\tpublic function __construct(&$log = null)\n\t{\n\t\t$this->log = $log;\n\t}\n\n\t/**\n\t * creates a database\n\t *\n\t * @param string|null $dbname\n\t */\n\tpublic function createDatabase(string $dbname = null)\n\t{\n\t\tDatabase::query(\"CREATE DATABASE `\" . $dbname . \"`\");\n\t}\n\n\t/**\n\t * grants access privileges on a database with the same\n\t * username and sets the password for that user the given access_host\n\t *\n\t * @param string $username\n\t * @param string|array $password\n\t * @param ?string $access_host\n\t * @param bool $p_encrypted\n\t * optional, whether the password is encrypted or not, default false\n\t * @param bool $update\n\t * optional, whether to update the password only (not create user)\n\t * @param bool $grant_access_prefix\n\t * optional, whether the given user will have access to all databases starting with the username, default false\n\t * @throws \\Exception\n\t */\n\tpublic function grantPrivilegesTo(string $username, $password, string $access_host = null, bool $p_encrypted = false, bool $update = false, bool $grant_access_prefix = false)\n\t{\n\t\t// this is required for mysql8\n\t\t$pwd_plugin = 'caching_sha2_password';\n\t\tif (is_array($password) && count($password) == 2) {\n\t\t\t$pwd_plugin = $password['plugin'];\n\t\t\t$password = $password['password'];\n\t\t}\n\n\t\tif (!$update) {\n\t\t\t// create user\n\t\t\tif ($p_encrypted) {\n\t\t\t\tif (version_compare(Database::getAttribute(\\PDO::ATTR_SERVER_VERSION), '5.7.0', '<') || version_compare(Database::getAttribute(\\PDO::ATTR_SERVER_VERSION), '10.0.0', '>=')) {\n\t\t\t\t\t$stmt = Database::prepare(\"\n\t\t\t\t\t\tCREATE USER '\" . $username . \"'@'\" . $access_host . \"' IDENTIFIED BY PASSWORD :password\n\t\t\t\t\t\");\n\t\t\t\t} else {\n\t\t\t\t\t$stmt = Database::prepare(\"\n\t\t\t\t\t\tCREATE USER '\" . $username . \"'@'\" . $access_host . \"' IDENTIFIED WITH \" . $pwd_plugin . \" AS :password\n\t\t\t\t\t\");\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\t$stmt = Database::prepare(\"\n\t\t\t\t\tCREATE USER '\" . $username . \"'@'\" . $access_host . \"' IDENTIFIED BY :password\n\t\t\t\t\");\n\t\t\t}\n\t\t\tDatabase::pexecute($stmt, [\n\t\t\t\t\"password\" => $password\n\t\t\t]);\n\t\t\t// grant privileges if not global user\n\t\t\tif (!$grant_access_prefix) {\n\t\t\t\tDatabase::query(\"GRANT ALL ON `\" . str_replace('_', '\\_', $username) . \"`.* TO `\" . $username . \"`@`\" . $access_host . \"`\");\n\t\t\t} else {\n\t\t\t\t// grant explicitly to existing databases\n\t\t\t\t$this->grantCreateToCustomerDbs($username, $access_host);\n\t\t\t}\n\t\t} else {\n\t\t\t// set password\n\t\t\tif (version_compare(Database::getAttribute(\\PDO::ATTR_SERVER_VERSION), '5.7.6', '<') || version_compare(Database::getAttribute(\\PDO::ATTR_SERVER_VERSION), '10.0.0', '>=')) {\n\t\t\t\tif ($p_encrypted) {\n\t\t\t\t\t$stmt = Database::prepare(\"SET PASSWORD FOR :username@:host = :password\");\n\t\t\t\t} else {\n\t\t\t\t\t$stmt = Database::prepare(\"SET PASSWORD FOR :username@:host = PASSWORD(:password)\");\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\tif ($p_encrypted) {\n\t\t\t\t\t$stmt = Database::prepare(\"ALTER USER :username@:host IDENTIFIED WITH \" . $pwd_plugin . \" AS :password\");\n\t\t\t\t} else {\n\t\t\t\t\t$stmt = Database::prepare(\"ALTER USER :username@:host IDENTIFIED BY :password\");\n\t\t\t\t}\n\t\t\t}\n\t\t\tDatabase::pexecute($stmt, [\n\t\t\t\t\"username\" => $username,\n\t\t\t\t\"host\" => $access_host,\n\t\t\t\t\"password\" => $password\n\t\t\t]);\n\t\t}\n\t}\n\n\t/**\n\t * removes the given database from the dbms and also\n\t * takes away any privileges from a user to that db\n\t *\n\t * @param string $dbname\n\t * @param ?string $global_user\n\t * @throws \\Exception\n\t */\n\tpublic function deleteDatabase(string $dbname, string $global_user = \"\")\n\t{\n\t\tif (version_compare(Database::getAttribute(PDO::ATTR_SERVER_VERSION), '5.0.2', '<')) {\n\t\t\t// failsafe if user has been deleted manually (requires MySQL 4.1.2+)\n\t\t\t$stmt = Database::prepare(\"REVOKE ALL PRIVILEGES, GRANT OPTION FROM `\" . $dbname . \"`\");\n\t\t\tDatabase::pexecute($stmt, [], false);\n\t\t}\n\n\t\t$host_res_stmt = Database::prepare(\"\n\t\t\tSELECT `Host` FROM `mysql`.`user` WHERE `User` = :dbname\");\n\t\tDatabase::pexecute($host_res_stmt, [\n\t\t\t'dbname' => $dbname\n\t\t]);\n\n\t\t// as of MySQL 5.0.2 this also revokes privileges. (requires MySQL 4.1.2+)\n\t\tif (version_compare(Database::getAttribute(PDO::ATTR_SERVER_VERSION), '5.7.0', '<')) {\n\t\t\t$drop_stmt = Database::prepare(\"DROP USER :dbname@:host\");\n\t\t} else {\n\t\t\t$drop_stmt = Database::prepare(\"DROP USER IF EXISTS :dbname@:host\");\n\t\t}\n\t\t$rev_stmt = Database::prepare(\"REVOKE ALL PRIVILEGES ON `\" . $dbname . \"`.* FROM :guser@:host;\");\n\t\twhile ($host = $host_res_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\tDatabase::pexecute($drop_stmt, [\n\t\t\t\t'dbname' => $dbname,\n\t\t\t\t'host' => $host['Host']\n\t\t\t], false);\n\n\t\t\tif (!empty($global_user)) {\n\t\t\t\tDatabase::pexecute($rev_stmt, [\n\t\t\t\t\t'guser' => $global_user,\n\t\t\t\t\t'host' => $host['Host']\n\t\t\t\t], false);\n\t\t\t}\n\t\t}\n\n\t\t$drop_stmt = Database::prepare(\"DROP DATABASE IF EXISTS `\" . $dbname . \"`\");\n\t\tDatabase::pexecute($drop_stmt);\n\t}\n\n\t/**\n\t * removes a user from the dbms and revokes all privileges\n\t *\n\t * @param string $username\n\t * @param string $host\n\t * @throws \\Exception\n\t */\n\tpublic function deleteUser(string $username, string $host)\n\t{\n\t\tif ($this->userExistsOnHost($username, $host)) {\n\t\t\tif (version_compare(Database::getAttribute(PDO::ATTR_SERVER_VERSION), '5.0.2', '<')) {\n\t\t\t\t// Revoke privileges (only required for MySQL 4.1.2 - 5.0.1)\n\t\t\t\t$stmt = Database::prepare(\"REVOKE ALL PRIVILEGES ON * . * FROM `\" . $username . \"`@`\" . $host . \"`\");\n\t\t\t\tDatabase::pexecute($stmt);\n\t\t\t}\n\t\t\t// as of MySQL 5.0.2 this also revokes privileges. (requires MySQL 4.1.2+)\n\t\t\tif (version_compare(Database::getAttribute(PDO::ATTR_SERVER_VERSION), '5.7.0', '<')) {\n\t\t\t\t$stmt = Database::prepare(\"DROP USER :username@:host\");\n\t\t\t} else {\n\t\t\t\t$stmt = Database::prepare(\"DROP USER IF EXISTS :username@:host\");\n\t\t\t}\n\t\t\tDatabase::pexecute($stmt, [\n\t\t\t\t\"username\" => $username,\n\t\t\t\t\"host\" => $host\n\t\t\t]);\n\t\t}\n\t}\n\n\t/**\n\t * removes permissions from a user\n\t *\n\t * @param string $username\n\t * @param string $host\n\t * @throws \\Exception\n\t */\n\tpublic function disableUser(string $username, string $host)\n\t{\n\t\t$stmt = Database::prepare('REVOKE ALL PRIVILEGES, GRANT OPTION FROM `' . $username . '`@`' . $host . '`');\n\t\tDatabase::pexecute($stmt, [], false);\n\t}\n\n\t/**\n\t * re-grant permissions to a user\n\t *\n\t * @param string $username\n\t * @param string $host\n\t * @param bool $grant_access_prefix\n\t * @throws \\Exception\n\t */\n\tpublic function enableUser(string $username, string $host, bool $grant_access_prefix = false)\n\t{\n\t\t// check whether user exists to avoid errors\n\t\tif ($this->userExistsOnHost($username, $host)) {\n\t\t\tif (!$grant_access_prefix) {\n\t\t\t\tDatabase::query('GRANT ALL PRIVILEGES ON `' . str_replace('_', '\\_', $username) . '`.* TO `' . $username . '`@`' . $host . '`');\n\t\t\t} else {\n\t\t\t\t$this->grantCreateToCustomerDbs($username, $host);\n\t\t\t}\n\t\t}\n\t}\n\n\t/**\n\t * Check whether a given username exists for the given host\n\t *\n\t * @param string $username\n\t * @param string $host\n\t * @return bool\n\t * @throws \\Exception\n\t */\n\tpublic function userExistsOnHost(string $username, string $host): bool\n\t{\n\t\t$exist_check_stmt = Database::prepare(\"SELECT EXISTS(SELECT 1 FROM mysql.user WHERE user = '\" . $username . \"' AND host = '\" . $host . \"')\");\n\t\t$exist_check = Database::pexecute_first($exist_check_stmt);\n\t\treturn ($exist_check && array_pop($exist_check) == '1');\n\t}\n\n\t/**\n\t * flushes the privileges...pretty obvious eh?\n\t */\n\tpublic function flushPrivileges()\n\t{\n\t\tDatabase::query(\"FLUSH PRIVILEGES\");\n\t}\n\n\t/**\n\t * return an array of all usernames used in that DBMS\n\t *\n\t * @param bool $user_only if false, will be selected from mysql.user and slightly different array will be generated\n\t *\n\t * @return array\n\t * @throws \\Exception\n\t */\n\tpublic function getAllSqlUsers(bool $user_only = true): array\n\t{\n\t\tif (!$user_only) {\n\t\t\t$result_stmt = Database::prepare('SELECT * FROM mysql.user');\n\t\t} else {\n\t\t\t$result_stmt = Database::prepare('SELECT `User` FROM mysql.user');\n\t\t}\n\t\tDatabase::pexecute($result_stmt);\n\t\t$allsqlusers = [];\n\t\twhile ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\tif ($user_only == false) {\n\t\t\t\tif (!isset($allsqlusers[$row['User']]) || !is_array($allsqlusers[$row['User']])) {\n\t\t\t\t\t$allsqlusers[$row['User']] = [\n\t\t\t\t\t\t'hosts' => []\n\t\t\t\t\t];\n\t\t\t\t}\n\t\t\t\t$allsqlusers[$row['User']]['hosts'][$row['Host']] = [\n\t\t\t\t\t'password' => $row['Password'] ?? $row['authentication_string'],\n\t\t\t\t\t'plugin' => $row['plugin'] ?? 'caching_sha2_password',\n\t\t\t\t];\n\t\t\t} else {\n\t\t\t\t$allsqlusers[] = $row['User'];\n\t\t\t}\n\t\t}\n\t\treturn $allsqlusers;\n\t}\n\n\t/**\n\t * grant \"CREATE\" for prefix user to all existing databases of that customer\n\t *\n\t * @param string $username\n\t * @param string $access_host\n\t * @return void\n\t * @throws \\Exception\n\t */\n\tprivate function grantCreateToCustomerDbs(string $username, string $access_host)\n\t{\n\t\t// remember what (possible remote) db-server we're on\n\t\t$currentDbServer = Database::getServer();\n\t\t// use \"unprivileged\" connection\n\t\tDatabase::needRoot();\n\t\t$cus_stmt = Database::prepare(\"SELECT customerid FROM `\" . TABLE_PANEL_CUSTOMERS . \"` WHERE loginname = :username\");\n\t\t$cust = Database::pexecute_first($cus_stmt, ['username' => $username]);\n\t\tif ($cust) {\n\t\t\t$sel_stmt = Database::prepare(\"SELECT databasename FROM `\" . TABLE_PANEL_DATABASES . \"` WHERE `customerid` = :cid AND `dbserver` = :dbserver\");\n\t\t\tDatabase::pexecute($sel_stmt, ['cid' => $cust['customerid'], 'dbserver' => $currentDbServer]);\n\t\t\t// reset to root-connection for used dbserver\n\t\t\tDatabase::needRoot(true, $currentDbServer, false);\n\t\t\twhile ($dbdata = $sel_stmt->fetch(\\PDO::FETCH_ASSOC)) {\n\t\t\t\t$stmt = Database::prepare(\"\n\t\t\t\t\tGRANT ALL ON `\" . str_replace('_', '\\_', $dbdata['databasename']) . \"`.* TO `\" . $username . \"`@`\" . $access_host . \"`\n\t\t\t\t\");\n\t\t\t\tDatabase::pexecute($stmt);\n\t\t\t}\n\t\t}\n\t}\n\n\t/**\n\t * grant \"CREATE\" for prefix user to all existing databases of that customer\n\t *\n\t * @param string $username\n\t * @param string $database\n\t * @param string $access_host\n\t * @return void\n\t * @throws \\Exception\n\t */\n\tpublic function grantCreateToDb(string $username, string $database, string $access_host)\n\t{\n\t\t// only grant permission if the user exists\n\t\tif ($this->userExistsOnHost($username, $access_host)) {\n\t\t\t$stmt = Database::prepare(\"\n\t\t\t\tGRANT ALL ON `\" . str_replace('_', '\\_', $database) . \"`.* TO `\" . $username . \"`@`\" . $access_host . \"`\n\t\t\t\");\n\t\t\tDatabase::pexecute($stmt);\n\t\t}\n\t}\n}\n" }, { "path": "lib/Froxlor/Database/Manager/index.html", "content": "" }, { "path": "lib/Froxlor/Database/index.html", "content": "" }, { "path": "lib/Froxlor/Dns/Dns.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Dns;\n\nuse Froxlor\\Database\\Database;\nuse Froxlor\\Idna\\IdnaWrapper;\nuse Froxlor\\Settings;\nuse Froxlor\\UI\\Response;\nuse PDO;\n\nclass Dns\n{\n\t/**\n\t * @param int $domain_id\n\t * @param string $area\n\t * @param array $userinfo\n\t *\n\t * @return string|void\n\t * @throws \\Exception\n\t */\n\tpublic static function getAllowedDomainEntry(int $domain_id, string $area = 'customer', array $userinfo = [])\n\t{\n\t\t$dom_data = [\n\t\t\t'did' => $domain_id\n\t\t];\n\n\t\t$where_clause = '';\n\t\tif ($area == 'admin') {\n\t\t\tif ((int)$userinfo['customers_see_all'] == 0) {\n\t\t\t\t$where_clause = '`adminid` = :uid AND ';\n\t\t\t\t$dom_data['uid'] = $userinfo['userid'];\n\t\t\t}\n\t\t} else {\n\t\t\t$where_clause = '`customerid` = :uid AND ';\n\t\t\t$dom_data['uid'] = $userinfo['userid'];\n\t\t}\n\n\t\t$dom_stmt = Database::prepare(\"\n\t\t\tSELECT domain, isbinddomain\n\t\t\tFROM `\" . TABLE_PANEL_DOMAINS . \"`\n\t\t\tWHERE \" . $where_clause . \" id = :did\n\t\t\");\n\t\t$domain = Database::pexecute_first($dom_stmt, $dom_data);\n\n\t\tif ($domain) {\n\t\t\tif ($domain['isbinddomain'] != '1') {\n\t\t\t\tResponse::standardError('dns_domain_nodns');\n\t\t\t}\n\t\t\t$idna_convert = new IdnaWrapper();\n\t\t\treturn $idna_convert->decode($domain['domain']);\n\t\t}\n\t\tResponse::standardError('dns_notfoundorallowed');\n\t}\n\n\t/**\n\t * @param int|array $domain_id id of domain or in case of froxlorhostname, a domain-array with the needed data\n\t * @param bool $froxlorhostname\n\t * @param bool $isMainButSubTo\n\t *\n\t * @return DnsZone|void\n\t * @throws \\Exception\n\t */\n\tpublic static function createDomainZone($domain_id, bool $froxlorhostname = false, bool $isMainButSubTo = false)\n\t{\n\t\tif (!$froxlorhostname) {\n\t\t\t// get domain-name\n\t\t\t$dom_stmt = Database::prepare(\"SELECT * FROM `\" . TABLE_PANEL_DOMAINS . \"` WHERE id = :did\");\n\t\t\t$domain = Database::pexecute_first($dom_stmt, [\n\t\t\t\t'did' => $domain_id\n\t\t\t]);\n\t\t} else {\n\t\t\t$domain = $domain_id;\n\t\t}\n\n\t\tif (!isset($domain['isbinddomain']) || $domain['isbinddomain'] != '1') {\n\t\t\treturn;\n\t\t}\n\n\t\t$dom_entries = [];\n\t\tif (!$froxlorhostname) {\n\t\t\t// select all entries\n\t\t\t$sel_stmt = Database::prepare(\"SELECT * FROM `\" . TABLE_DOMAIN_DNS . \"` WHERE domain_id = :did ORDER BY id ASC\");\n\t\t\tDatabase::pexecute($sel_stmt, [\n\t\t\t\t'did' => $domain_id\n\t\t\t]);\n\t\t\t$dom_entries = $sel_stmt->fetchAll(PDO::FETCH_ASSOC);\n\t\t}\n\n\t\t// check for required records\n\t\t$required_entries = [];\n\n\t\tif ($domain['email_only'] == '0') {\n\t\t\tself::addRequiredEntry('@', 'A', $required_entries);\n\t\t\tself::addRequiredEntry('@', 'AAAA', $required_entries);\n\t\t}\n\t\tif (!$isMainButSubTo) {\n\t\t\tself::addRequiredEntry('@', 'NS', $required_entries);\n\t\t}\n\t\tif ($domain['isemaildomain'] == '1') {\n\t\t\tself::addRequiredEntry('@', 'MX', $required_entries);\n\t\t\tif (Settings::Get('system.dns_createmailentry')) {\n\t\t\t\tforeach (['imap', 'pop3', 'mail', 'smtp' ] as $record ) {\n\t\t\t\t\tforeach (['AAAA', 'A' ] as $type ) {\n\t\t\t\t\t\tself::addRequiredEntry($record, $type, $required_entries);\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\t// additional required records by setting\n\t\tif ($domain['email_only'] == '0') {\n\t\t\tif ($domain['iswildcarddomain'] == '1') {\n\t\t\t\tself::addRequiredEntry('*', 'A', $required_entries);\n\t\t\t\tself::addRequiredEntry('*', 'AAAA', $required_entries);\n\t\t\t} elseif ($domain['wwwserveralias'] == '1') {\n\t\t\t\tself::addRequiredEntry('www', 'A', $required_entries);\n\t\t\t\tself::addRequiredEntry('www', 'AAAA', $required_entries);\n\t\t\t}\n\t\t}\n\n\t\tif (!$froxlorhostname) {\n\t\t\t// additional required records for subdomains\n\t\t\t$subdomains_stmt = Database::prepare(\"\n\t\t\t\tSELECT `domain`, `iswildcarddomain`, `wwwserveralias`, `isemaildomain`, `email_only` FROM `\" . TABLE_PANEL_DOMAINS . \"`\n\t\t\t\tWHERE `parentdomainid` = :domainid\n\t\t\t\");\n\t\t\tDatabase::pexecute($subdomains_stmt, [\n\t\t\t\t'domainid' => $domain_id\n\t\t\t]);\n\n\t\t\twhile ($subdomain = $subdomains_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t$sub_record = str_replace('.' . $domain['domain'], '', $subdomain['domain']);\n\t\t\t\t// Listing domains is enough as there currently is no support for choosing\n\t\t\t\t// different ips for a subdomain => use same IPs as toplevel\n\t\t\t\tif ($subdomain['email_only'] == '0') {\n\t\t\t\t\tself::addRequiredEntry($sub_record, 'A', $required_entries);\n\t\t\t\t\tself::addRequiredEntry($sub_record, 'AAAA', $required_entries);\n\n\t\t\t\t\t// Check whether to add a www.-prefix\n\t\t\t\t\tif ($subdomain['iswildcarddomain'] == '1') {\n\t\t\t\t\t\tself::addRequiredEntry('*.' . $sub_record, 'A', $required_entries);\n\t\t\t\t\t\tself::addRequiredEntry('*.' . $sub_record, 'AAAA', $required_entries);\n\t\t\t\t\t} elseif ($subdomain['wwwserveralias'] == '1') {\n\t\t\t\t\t\tself::addRequiredEntry('www.' . $sub_record, 'A', $required_entries);\n\t\t\t\t\t\tself::addRequiredEntry('www.' . $sub_record, 'AAAA', $required_entries);\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\t// check for email ability\n\t\t\t\tif ($subdomain['isemaildomain'] == '1') {\n\t\t\t\t\tif (Settings::Get('spf.use_spf') == '1') {\n\t\t\t\t\t\t// check for SPF content later\n\t\t\t\t\t\tself::addRequiredEntry('@SPF@.' . $sub_record, 'TXT', $required_entries);\n\t\t\t\t\t}\n\t\t\t\t\tif (Settings::Get('dmarc.use_dmarc') == '1') {\n\t\t\t\t\t\t// check for DMARC content later\n\t\t\t\t\t\tself::addRequiredEntry('@DMARC@.' . $sub_record, 'TXT', $required_entries);\n\t\t\t\t\t}\n\t\t\t\t\tif (Settings::Get('antispam.activated') == '1' && $domain['dkim'] == '1') {\n\t\t\t\t\t\t// check for DKIM content later\n\t\t\t\t\t\tself::addRequiredEntry('dkim' . $domain['dkim_id'] . '._domainkey.' . $sub_record, 'TXT', $required_entries);\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\t// additional required records for CAA if activated\n\t\tif (Settings::Get('system.dns_createcaaentry') && Settings::Get('system.use_ssl') == \"1\") {\n\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\tSELECT i.`ip`, i.`port`, i.`ssl`\n\t\t\t\tFROM \" . TABLE_PANEL_IPSANDPORTS . \" i\n\t\t\t\tLEFT JOIN \" . TABLE_DOMAINTOIP . \" dip ON dip.id_ipandports = i.id\n\t\t\t\tWHERE i.ssl = 1 AND dip.id_domain = :domainid\n\t\t\t\");\n\t\t\tDatabase::pexecute($result_stmt, [\n\t\t\t\t'domainid' => $domain['id']\n\t\t\t]);\n\n\t\t\t$ssl_ipandports = [];\n\t\t\twhile ($ssl_ipandport = $result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t$ssl_ipandports[] = $ssl_ipandport;\n\t\t\t}\n\n\t\t\tif (!empty($ssl_ipandports)) {\n\t\t\t\t// check for CAA content later\n\t\t\t\tself::addRequiredEntry('@CAA@', 'CAA', $required_entries);\n\t\t\t}\n\t\t}\n\n\t\t// additional required records for SPF and DKIM if activated\n\t\tif ($domain['isemaildomain'] == '1') {\n\t\t\tif (Settings::Get('spf.use_spf') == '1') {\n\t\t\t\t// check for SPF content later\n\t\t\t\tself::addRequiredEntry('@SPF@', 'TXT', $required_entries);\n\t\t\t}\n\t\t\tif (Settings::Get('dmarc.use_dmarc') == '1') {\n\t\t\t\t// check for DMARC content later\n\t\t\t\tself::addRequiredEntry('@DMARC@', 'TXT', $required_entries);\n\t\t\t}\n\t\t\tif (Settings::Get('antispam.activated') == '1' && $domain['dkim'] == '1') {\n\t\t\t\t// check for DKIM content later\n\t\t\t\tself::addRequiredEntry('dkim' . $domain['dkim_id'] . '._domainkey', 'TXT', $required_entries);\n\t\t\t}\n\t\t}\n\n\t\t$primary_ns = null;\n\t\t$zonerecords = [];\n\n\t\t// now generate all records and unset the required entries we have\n\t\tforeach ($dom_entries as $entry) {\n\t\t\tif (array_key_exists($entry['type'], $required_entries)\n\t\t\t\t&& array_key_exists( md5($entry['record']), $required_entries[$entry['type']])\n\t\t\t) {\n\t\t\t\tunset($required_entries[$entry['type']][md5($entry['record'])]);\n\t\t\t}\n\t\t\tif (Settings::Get('system.dns_createcaaentry') == '1'\n\t\t\t\t&& $entry['type'] == 'CAA'\n\t\t\t\t&& strtolower(substr($entry['content'], 0, 7 )) == '\"v=caa1'\n\t\t\t) {\n\t\t\t\t// unset special CAA required-entry\n\t\t\t\tunset($required_entries[$entry['type']][md5(\"@CAA@\")]);\n\t\t\t}\n\t\t\tif (Settings::Get('spf.use_spf') == '1'\n\t\t\t\t&& $entry['type'] == 'TXT'\n\t\t\t\t&& (strtolower(substr($entry['content'], 0, 7)) == '\"v=spf1' || strtolower(substr($entry['content'], 0, 6)) == 'v=spf1')\n\t\t\t) {\n\t\t\t\t// unset special spf required-entry\n\t\t\t\tif ($entry['record'] == '@') {\n\t\t\t\t\tunset($required_entries[$entry['type']][md5(\"@SPF@\")]);\n\t\t\t\t} else {\n\t\t\t\t\t// subdomain\n\t\t\t\t\tunset($required_entries[$entry['type']][md5(\"@SPF@.\" . $entry['record'])]);\n\t\t\t\t}\n\t\t\t}\n\t\t\tif (Settings::Get('dmarc.use_dmarc') == '1'\n\t\t\t\t&& $entry['type'] == 'TXT'\n\t\t\t\t&& ($entry['record'] == '_dmarc' || substr($entry['record'], 0, 7) == '_dmarc.')\n\t\t\t\t&& (strtolower(substr($entry['content'], 0, 9)) == '\"v=dmarc1' || strtolower(substr($entry['content'], 0, 8)) == 'v=dmarc1')\n\t\t\t) {\n\t\t\t\t// unset special dmarc required-entry\n\t\t\t\tif ($entry['record'] == '_dmarc') {\n\t\t\t\t\tunset($required_entries[$entry['type']][md5(\"@DMARC@\")]);\n\t\t\t\t} else {\n\t\t\t\t\t// subdomain\n\t\t\t\t\tunset($required_entries[$entry['type']][md5(\"@DMARC@\" . substr($entry['record'], 6))]);\n\t\t\t\t}\n\t\t\t}\n\t\t\tif (empty($primary_ns) && $entry['record'] == '@' && $entry['type'] == 'NS') {\n\t\t\t\t// use the first NS entry pertaining to the current domain as primary ns\n\t\t\t\t$primary_ns = $entry['content'];\n\t\t\t}\n\t\t\t// check for CNAME on @, www- or wildcard-Alias and remove A/AAAA record accordingly\n\t\t\tforeach (['@', 'www', '*'] as $crecord) {\n\t\t\t\tif ($entry['type'] == 'CNAME'\n\t\t\t\t\t&& $entry['record'] == '@'\n\t\t\t\t\t&& (array_key_exists(md5($crecord), $required_entries['A']) || array_key_exists(md5($crecord), $required_entries['AAAA']))\n\t\t\t\t) {\n\t\t\t\t\tunset($required_entries['A'][md5($crecord)]);\n\t\t\t\t\tunset($required_entries['AAAA'][md5($crecord)]);\n\t\t\t\t}\n\t\t\t}\n\t\t\t// also allow overriding of auto-generated values (imap,pop3,mail,smtp) if enabled in the settings\n\t\t\tif (Settings::Get('system.dns_createmailentry')) {\n\t\t\t\tforeach (['imap', 'pop3', 'mail', 'smtp'] as $crecord) {\n\t\t\t\t\tif ($entry['type'] == 'CNAME'\n\t\t\t\t\t\t&& $entry['record'] == $crecord\n\t\t\t\t\t\t&& (array_key_exists(md5($crecord), $required_entries['A']) || array_key_exists(md5($crecord), $required_entries['AAAA']))\n\t\t\t\t\t) {\n\t\t\t\t\t\tunset($required_entries['A'][md5($crecord)]);\n\t\t\t\t\t\tunset($required_entries['AAAA'][md5($crecord)]);\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t\t$zonerecords[] = new DnsEntry($entry['record'], $entry['type'], $entry['content'], $entry['prio'] ?? 0, $entry['ttl']);\n\t\t}\n\n\t\t// add missing required entries\n\t\tif (!empty($required_entries)) {\n\t\t\t// A / AAAA records\n\t\t\tif (array_key_exists(\"A\", $required_entries) || array_key_exists(\"AAAA\", $required_entries)) {\n\t\t\t\tif ($froxlorhostname) {\n\t\t\t\t\t// use all available IP's for the froxlor-hostname\n\t\t\t\t\t$result_ip_stmt = Database::prepare(\"\n\t\t\t\t\t\tSELECT `ip` FROM `\" . TABLE_PANEL_IPSANDPORTS . \"` GROUP BY `ip`\n\t\t\t\t\t\");\n\t\t\t\t\tDatabase::pexecute($result_ip_stmt);\n\t\t\t\t} else {\n\t\t\t\t\t$result_ip_stmt = Database::prepare(\"\n\t\t\t\t\t\tSELECT `p`.`ip` AS `ip`\n\t\t\t\t\t\tFROM `\" . TABLE_PANEL_IPSANDPORTS . \"` `p`, `\" . TABLE_DOMAINTOIP . \"` `di`\n\t\t\t\t\t\tWHERE `di`.`id_domain` = :domainid AND `p`.`id` = `di`.`id_ipandports`\n\t\t\t\t\t\tGROUP BY `p`.`ip`;\n\t\t\t\t\t\");\n\t\t\t\t\tDatabase::pexecute($result_ip_stmt, [\n\t\t\t\t\t\t'domainid' => $domain_id\n\t\t\t\t\t]);\n\t\t\t\t}\n\t\t\t\t$all_ips = $result_ip_stmt->fetchAll(PDO::FETCH_ASSOC);\n\n\t\t\t\tforeach ($all_ips as $ip) {\n\t\t\t\t\tforeach ($required_entries as $type => $records) {\n\t\t\t\t\t\tforeach ($records as $record) {\n\t\t\t\t\t\t\tif ($type == 'A' && filter_var($ip['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) !== false) {\n\t\t\t\t\t\t\t\t$zonerecords[] = new DnsEntry($record, 'A', $ip['ip']);\n\t\t\t\t\t\t\t} elseif ($type == 'AAAA' && filter_var($ip['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6 ) !== false) {\n\t\t\t\t\t\t\t\t$zonerecords[] = new DnsEntry($record, 'AAAA', $ip['ip']);\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\tunset($required_entries['A']);\n\t\t\t\tunset($required_entries['AAAA']);\n\t\t\t}\n\n\t\t\t// NS records\n\t\t\tif (array_key_exists(\"NS\", $required_entries)) {\n\t\t\t\tif (Settings::Get('system.nameservers') != '') {\n\t\t\t\t\t$nameservers = explode(',', Settings::Get('system.nameservers'));\n\t\t\t\t\tforeach ($nameservers as $nameserver) {\n\t\t\t\t\t\t$nameserver = trim($nameserver);\n\t\t\t\t\t\t// append dot to hostname\n\t\t\t\t\t\tif (substr($nameserver, -1, 1) != '.') {\n\t\t\t\t\t\t\t$nameserver .= '.';\n\t\t\t\t\t\t}\n\t\t\t\t\t\tforeach ($required_entries as $type => $records) {\n\t\t\t\t\t\t\tif ($type == 'NS') {\n\t\t\t\t\t\t\t\tforeach ($records as $record) {\n\t\t\t\t\t\t\t\t\tif (empty($primary_ns)) {\n\t\t\t\t\t\t\t\t\t\t// use the first NS entry as primary ns\n\t\t\t\t\t\t\t\t\t\t$primary_ns = $nameserver;\n\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t\t$zonerecords[] = new DnsEntry($record, 'NS', $nameserver);\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t\tunset($required_entries['NS']);\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// MX records\n\t\t\tif (array_key_exists(\"MX\", $required_entries)) {\n\t\t\t\tif (Settings::Get('system.mxservers') != '') {\n\t\t\t\t\t$mxservers = explode(',', Settings::Get('system.mxservers'));\n\t\t\t\t\tforeach ($mxservers as $mxserver) {\n\t\t\t\t\t\t$mxserver = trim($mxserver);\n\t\t\t\t\t\tif (substr($mxserver, -1, 1) != '.') {\n\t\t\t\t\t\t\t$mxserver .= '.';\n\t\t\t\t\t\t}\n\t\t\t\t\t\t// split in prio and server\n\t\t\t\t\t\t$mx_details = explode(\" \", $mxserver);\n\t\t\t\t\t\tif (count($mx_details) == 1) {\n\t\t\t\t\t\t\t$mx_details[1] = $mx_details[0];\n\t\t\t\t\t\t\t$mx_details[0] = 10;\n\t\t\t\t\t\t}\n\t\t\t\t\t\tforeach ($required_entries as $type => $records) {\n\t\t\t\t\t\t\tif ($type == 'MX') {\n\t\t\t\t\t\t\t\tforeach ($records as $record) {\n\t\t\t\t\t\t\t\t\t$zonerecords[] = new DnsEntry($record, 'MX', $mx_details[1], $mx_details[0]);\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t\tunset($required_entries['MX']);\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// TXT (SPF and DKIM)\n\t\t\tif (array_key_exists(\"TXT\", $required_entries)) {\n\t\t\t\t$dkim_entries = self::generateDkimEntries($domain);\n\n\t\t\t\tforeach ($required_entries as $type => $records) {\n\t\t\t\t\tif ($type == 'TXT') {\n\t\t\t\t\t\tforeach ($records as $record) {\n\t\t\t\t\t\t\tif ($record == '@SPF@') {\n\t\t\t\t\t\t\t\t// spf for main-domain\n\t\t\t\t\t\t\t\t$txt_content = Settings::Get('spf.spf_entry');\n\t\t\t\t\t\t\t\t$zonerecords[] = new DnsEntry('@', 'TXT', self::encloseTXTContent($txt_content));\n\t\t\t\t\t\t\t} elseif (strlen($record) > 6 && substr($record, 0, 6) == '@SPF@.') {\n\t\t\t\t\t\t\t\t// spf for subdomain\n\t\t\t\t\t\t\t\t$txt_content = Settings::Get('spf.spf_entry');\n\t\t\t\t\t\t\t\t$sub_record = substr($record, 6);\n\t\t\t\t\t\t\t\t$zonerecords[] = new DnsEntry($sub_record, 'TXT', self::encloseTXTContent($txt_content));\n\t\t\t\t\t\t\t} elseif ($record == '@DMARC@') {\n\t\t\t\t\t\t\t\t// dmarc for main-domain\n\t\t\t\t\t\t\t\t$txt_content = Settings::Get('dmarc.dmarc_entry');\n\t\t\t\t\t\t\t\t$zonerecords[] = new DnsEntry('_dmarc', 'TXT', self::encloseTXTContent($txt_content));\n\t\t\t\t\t\t\t} elseif (strlen($record) > 8 && substr($record, 0, 8) == '@DMARC@.') {\n\t\t\t\t\t\t\t\t// dmarc for subdomain\n\t\t\t\t\t\t\t\t$txt_content = Settings::Get('dmarc.dmarc_entry');\n\t\t\t\t\t\t\t\t$sub_record = substr($record, 8);\n\t\t\t\t\t\t\t\t$zonerecords[] = new DnsEntry('_dmarc.' . $sub_record, 'TXT', self::encloseTXTContent($txt_content));\n\t\t\t\t\t\t\t} elseif (!empty($dkim_entries)) {\n\t\t\t\t\t\t\t\t// DKIM entries\n\t\t\t\t\t\t\t\t$dkim_record = 'dkim' . $domain['dkim_id'] . '._domainkey';\n\t\t\t\t\t\t\t\tif ($record == $dkim_record) {\n\t\t\t\t\t\t\t\t\t// dkim for main-domain\n\t\t\t\t\t\t\t\t\t// check for multiline entry\n\t\t\t\t\t\t\t\t\t$multiline = false;\n\t\t\t\t\t\t\t\t\tif (substr($dkim_entries[0], 0, 1) == '(') {\n\t\t\t\t\t\t\t\t\t\t$multiline = true;\n\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t\t$zonerecords[] = new DnsEntry($record, 'TXT', self::encloseTXTContent($dkim_entries[0], $multiline));\n\t\t\t\t\t\t\t\t} elseif (strlen($record) > strlen($dkim_record) && substr($record, 0, strlen($dkim_record) + 1) == $dkim_record . '.') {\n\t\t\t\t\t\t\t\t\t// dkim for subdomain-domain\n\t\t\t\t\t\t\t\t\t// check for multiline entry\n\t\t\t\t\t\t\t\t\t$multiline = false;\n\t\t\t\t\t\t\t\t\tif (substr($dkim_entries[0], 0, 1) == '(') {\n\t\t\t\t\t\t\t\t\t\t$multiline = true;\n\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t\t$zonerecords[] = new DnsEntry($record, 'TXT', self::encloseTXTContent($dkim_entries[0], $multiline));\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// CAA\n\t\t\tif (array_key_exists(\"CAA\", $required_entries)) {\n\t\t\t\tforeach ($required_entries as $type => $records) {\n\t\t\t\t\tif ($type == 'CAA') {\n\t\t\t\t\t\tforeach ($records as $record) {\n\t\t\t\t\t\t\tif ($record == '@CAA@') {\n\t\t\t\t\t\t\t\t$caa_entries = explode(PHP_EOL, Settings::Get('caa.caa_entry'));\n\t\t\t\t\t\t\t\t$caa_domain = \"letsencrypt.org\";\n\t\t\t\t\t\t\t\tif (Settings::Get('system.letsencryptca') == 'buypass' || Settings::Get('system.letsencryptca') == 'buypass_test') {\n\t\t\t\t\t\t\t\t\t$caa_domain = \"buypass.com\";\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\tif ($domain['letsencrypt'] == 1) {\n\t\t\t\t\t\t\t\t\tif (Settings::Get('system.letsencryptca') == 'zerossl') {\n\t\t\t\t\t\t\t\t\t\t$caa_domains = [\n\t\t\t\t\t\t\t\t\t\t\t\"sectigo.com\",\n\t\t\t\t\t\t\t\t\t\t\t\"trust-provider.com\",\n\t\t\t\t\t\t\t\t\t\t\t\"usertrust.com\",\n\t\t\t\t\t\t\t\t\t\t\t\"comodoca.com\",\n\t\t\t\t\t\t\t\t\t\t\t\"comodo.com\"\n\t\t\t\t\t\t\t\t\t\t];\n\t\t\t\t\t\t\t\t\t\tforeach ($caa_domains as $caa_domain) {\n\t\t\t\t\t\t\t\t\t\t\t$le_entry = $domain['iswildcarddomain'] == '1' ? '0 issuewild \"' . $caa_domain . '\"' : '0 issue \"' . $caa_domain . '\"';\n\t\t\t\t\t\t\t\t\t\t\tarray_push($caa_entries, $le_entry);\n\t\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t\t\t\t$le_entry = $domain['iswildcarddomain'] == '1' ? '0 issuewild \"' . $caa_domain . '\"' : '0 issue \"' . $caa_domain . '\"';\n\t\t\t\t\t\t\t\t\t\tarray_push($caa_entries, $le_entry);\n\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\tforeach ($caa_entries as $entry) {\n\t\t\t\t\t\t\t\t\tif (empty($entry)) {\n\t\t\t\t\t\t\t\t\t\tcontinue;\n\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t\t$zonerecords[] = new DnsEntry('@', 'CAA', $entry);\n\t\t\t\t\t\t\t\t\t// additional required records by subdomain setting\n\t\t\t\t\t\t\t\t\tif ($domain['wwwserveralias'] == '1') {\n\t\t\t\t\t\t\t\t\t\t$zonerecords[] = new DnsEntry('www', 'CAA', $entry);\n\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tif (empty($primary_ns)) {\n\t\t\t// TODO log error: no NS given, use system-hostname\n\t\t\t$primary_ns = Settings::Get('system.hostname');\n\t\t}\n\n\t\tif (!$isMainButSubTo) {\n\t\t\t$date = date('Ymd');\n\t\t\t$domain['bindserial'] = (preg_match('/^' . $date . '/', $domain['bindserial']) ? $domain['bindserial'] + 1 : $date . '00');\n\t\t\tif (!$froxlorhostname) {\n\t\t\t\t$upd_stmt = Database::prepare(\"\n\t\t\t\t\tUPDATE `\" . TABLE_PANEL_DOMAINS . \"` SET\n\t\t\t\t\t`bindserial` = :serial\n\t\t\t\t\t WHERE `id` = :id\n\t\t\t\t\");\n\t\t\t\tDatabase::pexecute($upd_stmt, [\n\t\t\t\t\t'serial' => $domain['bindserial'],\n\t\t\t\t\t'id' => $domain['id']\n\t\t\t\t]);\n\t\t\t}\n\n\t\t\t// PowerDNS does not like multi-line-format\n\t\t\t$soa_email = Settings::Get('system.soaemail');\n\t\t\tif ($soa_email == \"\") {\n\t\t\t\t$soa_email = Settings::Get('panel.adminmail');\n\t\t\t}\n\t\t\t$soa_content = $primary_ns . \" \" . self::escapeSoaAdminMail($soa_email) . \" \";\n\t\t\t$soa_content .= $domain['bindserial'] . \" \";\n\t\t\t// TODO for now, dummy time-periods\n\t\t\t$soa_content .= \"3600 900 1209600 1200\";\n\n\t\t\t$soa_record = new DnsEntry('@', 'SOA', $soa_content);\n\t\t\tarray_unshift($zonerecords, $soa_record);\n\t\t}\n\n\t\t$zone = new DnsZone(\n\t\t\t(int)Settings::Get('system.defaultttl'),\n\t\t\t$domain['domain'],\n\t\t\t$domain['bindserial'],\n\t\t\t$zonerecords\n\t\t);\n\n\t\treturn $zone;\n\t}\n\n\t/**\n\t * @param string $record\n\t * @param string $type\n\t * @param array $required\n\t * @return void\n\t */\n\tprivate static function addRequiredEntry(string $record = '@', string $type = 'A', array &$required = [])\n\t{\n\t\tif (!isset($required[$type])) {\n\t\t\t$required[$type] = [];\n\t\t}\n\t\t$required[$type][md5($record)] = $record;\n\t}\n\n\t/**\n\t * @param array $domain\n\t * @return array\n\t */\n\tprivate static function generateDkimEntries(array $domain): array\n\t{\n\t\t$zone_dkim = [];\n\n\t\tif (Settings::Get('antispam.activated') == '1' && $domain['dkim'] == '1' && $domain['dkim_pubkey'] != '') {\n\t\t\t// start\n\t\t\t$dkim_txt = 'v=DKIM1;';\n\t\t\t// key\n\t\t\t$dkim_txt .= 'k=rsa;p=' . trim($domain['dkim_pubkey']) . ';';\n\t\t\t// dkim-entry\n\t\t\t$zone_dkim[] = $dkim_txt;\n\t\t}\n\n\t\treturn $zone_dkim;\n\t}\n\n\t/**\n\t * @param string $txt_content\n\t * @param bool $isMultiLine\n\t * @return string\n\t */\n\tpublic static function encloseTXTContent(string $txt_content, bool $isMultiLine = false): string\n\t{\n\t\t// check that TXT content is enclosed in \" \"\n\t\tif (!$isMultiLine && Settings::Get('system.dns_server') != 'PowerDNS') {\n\t\t\tif (substr($txt_content, 0, 1) != '\"') {\n\t\t\t\t$txt_content = '\"' . $txt_content;\n\t\t\t}\n\t\t\tif (substr($txt_content, -1) != '\"') {\n\t\t\t\t$txt_content .= '\"';\n\t\t\t}\n\t\t}\n\t\tif (Settings::Get('system.dns_server') == 'PowerDNS') {\n\t\t\t// no quotation for PowerDNS\n\t\t\tif (substr($txt_content, 0, 1) == '\"') {\n\t\t\t\t$txt_content = substr($txt_content, 1);\n\t\t\t}\n\t\t\tif (substr($txt_content, -1) == '\"') {\n\t\t\t\t$txt_content = substr($txt_content, 0, -1);\n\t\t\t}\n\t\t}\n\t\treturn $txt_content;\n\t}\n\n\t/**\n\t * @param string $email\n\t * @return string\n\t */\n\tprivate static function escapeSoaAdminMail(string $email): string\n\t{\n\t\t$mail_parts = explode(\"@\", $email);\n\t\treturn str_replace(\".\", \"\\.\", $mail_parts[0]) . \".\" . $mail_parts[1] . \".\";\n\t}\n}\n" }, { "path": "lib/Froxlor/Dns/DnsEntry.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Dns;\n\nuse Froxlor\\Settings;\n\nclass DnsEntry\n{\n\tpublic string $record;\n\tpublic int $ttl;\n\tpublic string $class = 'IN';\n\tpublic string $type;\n\tpublic int $priority;\n\tpublic ?string $content;\n\n\t/**\n\t * @param string $record\n\t * @param string $type\n\t * @param string|null $content\n\t * @param int $prio\n\t * @param int $ttl\n\t * @param string $class\n\t */\n\tpublic function __construct(string $record = '', string $type = 'A', string $content = null, int $prio = 0, int $ttl = 0, string $class = 'IN')\n\t{\n\t\t$this->record = $record;\n\t\t$this->type = $type;\n\t\t$this->content = $content;\n\t\t$this->priority = $prio;\n\t\t$this->ttl = ($ttl <= 0 ? Settings::Get('system.defaultttl') : $ttl);\n\t\t$this->class = $class;\n\t}\n\n\tpublic function __toString()\n\t{\n\t\t$_content = $this->content;\n\t\t// check content length for txt records for bind9 (multiline)\n\t\tif (Settings::Get('system.dns_server') != 'pdns' && $this->type == 'TXT' && strlen($_content) >= 255) {\n\t\t\t// split string\n\t\t\t$_contentlines = str_split($_content, 254);\n\t\t\t// first line\n\t\t\t$_l = array_shift($_contentlines);\n\t\t\t// check for starting quote\n\t\t\tif (substr($_l, 0, 1) == '\"') {\n\t\t\t\t$_l = substr($_l, 1);\n\t\t\t}\n\t\t\t$_content = '(\"' . $_l . '\"' . PHP_EOL;\n\t\t\t$_l = array_pop($_contentlines);\n\t\t\t// check for ending quote\n\t\t\tif (substr($_l, -1) == '\"') {\n\t\t\t\t$_l = substr($_l, 0, -1);\n\t\t\t}\n\t\t\tforeach ($_contentlines as $_cl) {\n\t\t\t\t// lines in between\n\t\t\t\t$_content .= \"\\t\\t\\t\\t\" . '\"' . $_cl . '\"' . PHP_EOL;\n\t\t\t}\n\t\t\t// last line\n\t\t\t$_content .= \"\\t\\t\\t\\t\" . '\"' . $_l . '\")';\n\t\t}\n\t\treturn $this->record . \"\\t\" . $this->ttl . \"\\t\" . $this->class . \"\\t\" . $this->type . \"\\t\" . (($this->priority >= 0 && ($this->type == 'MX' || $this->type == 'SRV')) ? $this->priority . \"\\t\" : \"\") . $_content . PHP_EOL;\n\t}\n}\n" }, { "path": "lib/Froxlor/Dns/DnsZone.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Dns;\n\nuse Froxlor\\Settings;\n\nclass DnsZone\n{\n\tpublic int $ttl;\n\tpublic string $origin;\n\tpublic string $serial;\n\tpublic ?array $records;\n\n\t/**\n\t * @param int $ttl\n\t * @param string $origin\n\t * @param string $serial\n\t * @param array|null $records\n\t */\n\tpublic function __construct(int $ttl = 0, string $origin = '', string $serial = '', array $records = null)\n\t{\n\t\t$this->ttl = ($ttl <= 0 ? Settings::Get('system.defaultttl') : $ttl);\n\t\t$this->origin = $origin;\n\t\t$this->serial = $serial;\n\t\t$this->records = $records;\n\t}\n\n\tpublic function __toString()\n\t{\n\t\t$zone_file = \"\\$TTL \" . $this->ttl . PHP_EOL;\n\t\t$zone_file .= \"\\$ORIGIN \" . $this->origin . \".\" . PHP_EOL;\n\t\tif (!empty($this->records)) {\n\t\t\tforeach ($this->records as $record) {\n\t\t\t\t$zone_file .= (string)$record;\n\t\t\t}\n\t\t}\n\t\treturn $zone_file;\n\t}\n}\n" }, { "path": "lib/Froxlor/Dns/PowerDNS.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Dns;\n\nuse Froxlor\\FileDir;\nuse Froxlor\\Settings;\nuse PDO;\nuse PDOException;\n\nclass PowerDNS\n{\n\tprivate static $pdns_db = null;\n\n\t/**\n\t * remove all records and entries of a given domain\n\t *\n\t * @param string|null $domain\n\t */\n\tpublic static function cleanDomainZone(string $domain = null)\n\t{\n\t\tif (!empty($domain)) {\n\t\t\t$pdns_domains_stmt = self::getDB()->prepare(\"SELECT `id`, `name` FROM `domains` WHERE `name` = :domain\");\n\t\t\t$del_rec_stmt = self::getDB()->prepare(\"DELETE FROM `records` WHERE `domain_id` = :did\");\n\t\t\t$del_meta_stmt = self::getDB()->prepare(\"DELETE FROM `domainmetadata` WHERE `domain_id` = :did\");\n\t\t\t$del_dom_stmt = self::getDB()->prepare(\"DELETE FROM `domains` WHERE `id` = :did\");\n\n\t\t\t$pdns_domains_stmt->execute([\n\t\t\t\t'domain' => $domain\n\t\t\t]);\n\t\t\t$pdns_domain = $pdns_domains_stmt->fetch(PDO::FETCH_ASSOC);\n\n\t\t\t$del_rec_stmt->execute([\n\t\t\t\t'did' => $pdns_domain['id']\n\t\t\t]);\n\t\t\t$del_meta_stmt->execute([\n\t\t\t\t'did' => $pdns_domain['id']\n\t\t\t]);\n\t\t\t$del_dom_stmt->execute([\n\t\t\t\t'did' => $pdns_domain['id']\n\t\t\t]);\n\t\t}\n\t}\n\n\t/**\n\t * get pdo database connection to powerdns database\n\t *\n\t * @return \\PDO\n\t */\n\tpublic static function getDB(): \\PDO\n\t{\n\t\tif (!isset(self::$pdns_db) || !(self::$pdns_db instanceof PDO)) {\n\t\t\tself::connectToPdnsDb();\n\t\t}\n\t\treturn self::$pdns_db;\n\t}\n\n\t/**\n\t * @return void\n\t */\n\tprivate static function connectToPdnsDb()\n\t{\n\t\t// get froxlor pdns config\n\t\t$cf = Settings::Get('system.bindconf_directory') . '/froxlor/pdns_froxlor.conf';\n\t\t$config = FileDir::makeCorrectFile($cf);\n\n\t\tif (!file_exists($config)) {\n\t\t\tdie('PowerDNS configuration file (' . $config . ') not found. Did you go through the configuration templates?' . PHP_EOL);\n\t\t}\n\t\t$lines = file($config);\n\t\t$mysql_data = [];\n\t\tforeach ($lines as $line) {\n\t\t\t$line = trim($line);\n\t\t\tif (strtolower(substr($line, 0, 6)) == 'gmysql') {\n\t\t\t\t$namevalue = explode(\"=\", $line);\n\t\t\t\t$mysql_data[$namevalue[0]] = $namevalue[1];\n\t\t\t}\n\t\t}\n\n\t\t// build up connection string\n\t\t$driver = 'mysql';\n\t\t$dsn = $driver . \":\";\n\t\t$options = [\n\t\t\t'PDO::MYSQL_ATTR_INIT_COMMAND' => 'SET names utf8'\n\t\t];\n\t\t$attributes = [\n\t\t\t'ATTR_ERRMODE' => 'ERRMODE_EXCEPTION'\n\t\t];\n\t\t$dbconf = [];\n\n\t\t$dbconf[\"dsn\"] = [\n\t\t\t'dbname' => $mysql_data[\"gmysql-dbname\"],\n\t\t\t'charset' => 'utf8'\n\t\t];\n\n\t\tif (isset($mysql_data['gmysql-socket']) && !empty($mysql_data['gmysql-socket'])) {\n\t\t\t$dbconf[\"dsn\"]['unix_socket'] = FileDir::makeCorrectFile($mysql_data['gmysql-socket']);\n\t\t} else {\n\t\t\t$dbconf[\"dsn\"]['host'] = $mysql_data['gmysql-host'];\n\t\t\t$dbconf[\"dsn\"]['port'] = $mysql_data['gmysql-port'];\n\n\t\t\tif (!empty($mysql_data['gmysql-ssl-ca-file'])) {\n\t\t\t\t$options[PDO::MYSQL_ATTR_SSL_CA] = $mysql_data['gmysql-ssl-ca-file'];\n\t\t\t\t$options[PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT] = (bool)$mysql_data['gmysql-ssl-verify-server-certificate'];\n\t\t\t}\n\t\t}\n\n\t\t// add options to dsn-string\n\t\tforeach ($dbconf[\"dsn\"] as $k => $v) {\n\t\t\t$dsn .= $k . \"=\" . $v . \";\";\n\t\t}\n\n\t\t// clean up\n\t\tunset($dbconf);\n\n\t\t// try to connect\n\t\ttry {\n\t\t\tself::$pdns_db = new PDO($dsn, $mysql_data['gmysql-user'], $mysql_data['gmysql-password'], $options);\n\t\t} catch (PDOException $e) {\n\t\t\tdie($e->getMessage());\n\t\t}\n\n\t\t// set attributes\n\t\tforeach ($attributes as $k => $v) {\n\t\t\tself::$pdns_db->setAttribute(constant(\"PDO::\" . $k), constant(\"PDO::\" . $v));\n\t\t}\n\n\t\t$version_server = self::$pdns_db->getAttribute(PDO::ATTR_SERVER_VERSION);\n\t\t$sql_mode = 'NO_ENGINE_SUBSTITUTION';\n\t\tif (version_compare($version_server, '8.0.11', '<')) {\n\t\t\t$sql_mode .= ',NO_AUTO_CREATE_USER';\n\t\t}\n\t\tself::$pdns_db->exec('SET sql_mode = \"' . $sql_mode . '\"');\n\t}\n}\n" }, { "path": "lib/Froxlor/Dns/index.html", "content": "" }, { "path": "lib/Froxlor/Domain/Domain.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Domain;\n\nuse Froxlor\\Cron\\Http\\LetsEncrypt\\AcmeSh;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\FileDir;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\Settings;\nuse PDO;\n\nclass Domain\n{\n\n\t/**\n\t * return all ip addresses associated with given domain,\n\t * returns all ips if domain-id = 0 (froxlor.vhost)\n\t *\n\t * @param int $domain_id\n\t * @return array\n\t * @throws \\Exception\n\t */\n\tpublic static function getIpsOfDomain(int $domain_id = 0): array\n\t{\n\t\tif ($domain_id > 0) {\n\t\t\t$sel_stmt = Database::prepare(\"\n\t\t\t\tSELECT i.ip FROM `\" . TABLE_PANEL_IPSANDPORTS . \"` `i`\n\t\t\t\tLEFT JOIN `\" . TABLE_DOMAINTOIP . \"` `dip` ON dip.id_ipandports = i.id\n\t\t\t\tAND dip.id_domain = :domainid\n\t\t\t\tGROUP BY i.ip\n\t\t\t\");\n\t\t\t$sel_param = [\n\t\t\t\t'domainid' => $domain_id\n\t\t\t];\n\t\t} else {\n\t\t\t// assuming froxlor.vhost (id = 0)\n\t\t\t$sel_stmt = Database::prepare(\"\n\t\t\t\tSELECT ip FROM `\" . TABLE_PANEL_IPSANDPORTS . \"`\n\t\t\t\tGROUP BY ip\n\t\t\t\");\n\t\t\t$sel_param = [];\n\t\t}\n\t\tDatabase::pexecute($sel_stmt, $sel_param);\n\t\t$result = [];\n\t\twhile ($ip = $sel_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t$result[] = $ip['ip'];\n\t\t}\n\t\treturn $result;\n\t}\n\n\t/**\n\t * return an array of all enabled redirect-codes\n\t *\n\t * @return array array of enabled redirect-codes\n\t */\n\tpublic static function getRedirectCodesArray(): array\n\t{\n\t\t$sql = \"SELECT * FROM `\" . TABLE_PANEL_REDIRECTCODES . \"` WHERE `enabled` = '1' ORDER BY `id` ASC\";\n\t\t$result_stmt = Database::query($sql);\n\n\t\t$codes = [];\n\t\twhile ($rc = $result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t$codes[] = $rc;\n\t\t}\n\n\t\treturn $codes;\n\t}\n\n\t/**\n\t * returns the redirect-code for a given\n\t * domain-id\n\t *\n\t * @param int $domainid id of the domain\n\t *\n\t * @return string redirect-code\n\t * @throws \\Exception\n\t */\n\tpublic static function getDomainRedirectCode(int $domainid = 0): string\n\t{\n\t\t// get system default\n\t\t$default = '301';\n\t\tif (Settings::Get('customredirect.enabled') == '1') {\n\t\t\t$all_codes = self::getRedirectCodes(false);\n\t\t\t$_default = $all_codes[Settings::Get('customredirect.default')];\n\t\t\t$default = ($_default == '---') ? $default : $_default;\n\t\t}\n\t\t$code = $default;\n\t\tif ($domainid > 0) {\n\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\tSELECT `r`.`code` as `redirect`\n\t\t\t\tFROM `\" . TABLE_PANEL_REDIRECTCODES . \"` `r`, `\" . TABLE_PANEL_DOMAINREDIRECTS . \"` `rc`\n\t\t\t\tWHERE `r`.`id` = `rc`.`rid` and `rc`.`did` = :domainid\n\t\t\t\");\n\t\t\t$result = Database::pexecute_first($result_stmt, [\n\t\t\t\t'domainid' => $domainid\n\t\t\t]);\n\n\t\t\tif (is_array($result) && isset($result['redirect'])) {\n\t\t\t\t$code = ($result['redirect'] == '---') ? $default : $result['redirect'];\n\t\t\t}\n\t\t}\n\t\treturn $code;\n\t}\n\n\t/**\n\t * return an array of all enabled redirect-codes\n\t * for the settings form\n\t *\n\t * @param bool $add_desc optional, default true, add the code-description\n\t *\n\t * @return array array of enabled redirect-codes\n\t */\n\tpublic static function getRedirectCodes(bool $add_desc = true): array\n\t{\n\t\t$sql = \"SELECT * FROM `\" . TABLE_PANEL_REDIRECTCODES . \"` WHERE `enabled` = '1' ORDER BY `id` ASC\";\n\t\t$result_stmt = Database::query($sql);\n\n\t\t$codes = [];\n\t\twhile ($rc = $result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t$codes[$rc['id']] = $rc['code'];\n\t\t\tif ($add_desc) {\n\t\t\t\t$codes[$rc['id']] .= ' (' . lng('redirect_desc.' . $rc['desc']) . ')';\n\t\t\t}\n\t\t}\n\n\t\treturn $codes;\n\t}\n\n\t/**\n\t * returns the redirect-id for a given\n\t * domain-id\n\t *\n\t * @param int $domainid id of the domain\n\t *\n\t * @return int redirect-code-id\n\t * @throws \\Exception\n\t */\n\tpublic static function getDomainRedirectId(int $domainid = 0): int\n\t{\n\t\t$code = 1;\n\t\tif ($domainid > 0) {\n\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\tSELECT `r`.`id` as `redirect`\n\t\t\t\tFROM `\" . TABLE_PANEL_REDIRECTCODES . \"` `r`, `\" . TABLE_PANEL_DOMAINREDIRECTS . \"` `rc`\n\t\t\t\tWHERE `r`.`id` = `rc`.`rid` and `rc`.`did` = :domainid\n\t\t\t\");\n\t\t\t$result = Database::pexecute_first($result_stmt, [\n\t\t\t\t'domainid' => $domainid\n\t\t\t]);\n\n\t\t\tif ($result && isset($result['redirect'])) {\n\t\t\t\t$code = (int)$result['redirect'];\n\t\t\t}\n\t\t}\n\t\treturn $code;\n\t}\n\n\t/**\n\t * adds a redirect-code for a domain\n\t *\n\t * @param int $domainid id of the domain to add the code for\n\t * @param int $redirect selected redirect-id\n\t *\n\t * @return null\n\t * @throws \\Exception\n\t */\n\tpublic static function addRedirectToDomain(int $domainid = 0, int $redirect = 1)\n\t{\n\t\tif ($domainid > 0) {\n\t\t\t$ins_stmt = Database::prepare(\"\n\t\t\t\tINSERT INTO `\" . TABLE_PANEL_DOMAINREDIRECTS . \"` SET `rid` = :rid, `did` = :did\n\t\t\t\");\n\t\t\tDatabase::pexecute($ins_stmt, [\n\t\t\t\t'rid' => $redirect,\n\t\t\t\t'did' => $domainid\n\t\t\t]);\n\t\t}\n\t}\n\n\t/**\n\t * updates the redirect-code of a domain\n\t * if redirect-code is false, nothing happens\n\t *\n\t * @param int $domainid id of the domain to update\n\t * @param int $redirect selected redirect-id\n\t *\n\t * @return null\n\t * @throws \\Exception\n\t */\n\tpublic static function updateRedirectOfDomain(int $domainid = 0, int $redirect = 0)\n\t{\n\t\tif (!$redirect) {\n\t\t\treturn;\n\t\t}\n\n\t\tif ($domainid > 0) {\n\t\t\t$del_stmt = Database::prepare(\"\n\t\t\t\tDELETE FROM `\" . TABLE_PANEL_DOMAINREDIRECTS . \"` WHERE `did` = :domainid\n\t\t\t\");\n\t\t\tDatabase::pexecute($del_stmt, [\n\t\t\t\t'domainid' => $domainid\n\t\t\t]);\n\n\t\t\t$ins_stmt = Database::prepare(\"\n\t\t\t\tINSERT INTO `\" . TABLE_PANEL_DOMAINREDIRECTS . \"` SET `rid` = :rid, `did` = :did\n\t\t\t\");\n\t\t\tDatabase::pexecute($ins_stmt, [\n\t\t\t\t'rid' => $redirect,\n\t\t\t\t'did' => $domainid\n\t\t\t]);\n\t\t}\n\t}\n\n\t/**\n\t * get ids of domains that are main domains but a subdomain of another main domain (for DNS)\n\t *\n\t * @param int $id main-domain to check\n\t *\n\t * @return array\n\t * @throws \\Exception\n\t */\n\tpublic static function getMainSubdomainIds(int $id): array\n\t{\n\t\t$result_stmt = Database::prepare(\"\n\t\t\tSELECT id\n\t\t\tFROM `\" . TABLE_PANEL_DOMAINS . \"`\n\t\t\tWHERE\n\t\t\tisbinddomain = 1 AND\n\t\t\tdomain LIKE CONCAT('%.', ( SELECT d.domain FROM `\" . TABLE_PANEL_DOMAINS . \"` AS d WHERE d.id = :id ))\n\t\t\");\n\t\tDatabase::pexecute($result_stmt, [\n\t\t\t'id' => $id\n\t\t]);\n\t\t$result = [];\n\t\twhile ($entry = $result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t$result[] = $entry['id'];\n\t\t}\n\t\treturn $result;\n\t}\n\n\t/**\n\t * Check whether a given domain has an ssl-ip/port assigned\n\t *\n\t * @param int $domainid\n\t *\n\t * @return bool\n\t * @throws \\Exception\n\t */\n\tpublic static function domainHasSslIpPort(int $domainid): bool\n\t{\n\t\t$result_stmt = Database::prepare(\"\n\t\t\tSELECT `dt`.* FROM `\" . TABLE_DOMAINTOIP . \"` `dt`, `\" . TABLE_PANEL_IPSANDPORTS . \"` `iap`\n\t\t\tWHERE `dt`.`id_ipandports` = `iap`.`id` AND `iap`.`ssl` = '1' AND `dt`.`id_domain` = :domainid;\");\n\t\tDatabase::pexecute($result_stmt, [\n\t\t\t'domainid' => $domainid\n\t\t]);\n\t\t$result = $result_stmt->fetch(PDO::FETCH_ASSOC);\n\n\t\tif ($result && isset($result['id_ipandports'])) {\n\t\t\treturn true;\n\t\t}\n\t\treturn false;\n\t}\n\n\t/**\n\t * returns true or false whether a given domain id\n\t * is the std-subdomain of a customer\n\t *\n\t * @param int $did domain-id\n\t *\n\t * @return bool\n\t * @throws \\Exception\n\t */\n\tpublic static function isCustomerStdSubdomain(int $did): bool\n\t{\n\t\tif ($did > 0) {\n\t\t\t$result_stmt = Database::prepare(\"\n\t\t\t\tSELECT `customerid` FROM `\" . TABLE_PANEL_CUSTOMERS . \"`\n\t\t\t\tWHERE `standardsubdomain` = :did\n\t\t\t\");\n\t\t\t$result = Database::pexecute_first($result_stmt, [\n\t\t\t\t'did' => $did\n\t\t\t]);\n\n\t\t\tif ($result && isset($result['customerid'])) {\n\t\t\t\treturn $result['customerid'] > 0;\n\t\t\t}\n\t\t}\n\t\treturn false;\n\t}\n\n\t/**\n\t * @param int $aliasDestinationDomainID\n\t * @param FroxlorLogger $log\n\t *\n\t * @return void\n\t * @throws \\Exception\n\t */\n\tpublic static function triggerLetsEncryptCSRForAliasDestinationDomain(\n\t\tint $aliasDestinationDomainID,\n\t\tFroxlorLogger $log\n\t) {\n\t\tif ($aliasDestinationDomainID > 0) {\n\t\t\t$log->logAction(\n\t\t\t\tFroxlorLogger::ADM_ACTION,\n\t\t\t\tLOG_INFO,\n\t\t\t\t\"LetsEncrypt CSR triggered for domain ID \" . $aliasDestinationDomainID\n\t\t\t);\n\t\t\t$upd_stmt = Database::prepare(\"UPDATE\n\t\t\t\t\t`\" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . \"`\n\t\t\t\tSET\n\t\t\t\t\t`validtodate` = null\n\t\t\t\tWHERE\n\t\t\t\t\tdomainid = :domainid\n\t\t\t\");\n\t\t\tDatabase::pexecute($upd_stmt, [\n\t\t\t\t'domainid' => $aliasDestinationDomainID\n\t\t\t]);\n\t\t}\n\t}\n\n\t/**\n\t * @param string $domainname\n\t * @return true\n\t */\n\tpublic static function doLetsEncryptCleanUp(string $domainname): bool\n\t{\n\t\t// @ see \\Froxlor\\Cron\\Http\\LetsEncrypt\\AcmeSh.php\n\t\t$acmesh = AcmeSh::getAcmeSh();\n\t\tif (file_exists($acmesh)) {\n\t\t\t$certificate_folder = AcmeSh::getWorkingDirFromEnv($domainname);\n\t\t\t$certificate_ecc_folder = AcmeSh::getWorkingDirFromEnv($domainname, true);\n\t\t\tif (file_exists($certificate_folder) || file_exists($certificate_ecc_folder)) {\n\t\t\t\t$params = \" --remove -d \" . $domainname;\n\t\t\t\tif (file_exists($certificate_ecc_folder)) {\n\t\t\t\t\t$params .= \" --ecc\";\n\t\t\t\t}\n\t\t\t\t// run remove command\n\t\t\t\tFileDir::safe_exec($acmesh . $params);\n\t\t\t\t// remove certificates directory\n\t\t\t\tif (file_exists($certificate_folder)) {\n\t\t\t\t\tFileDir::safe_exec('rm -rf ' . $certificate_folder);\n\t\t\t\t} elseif (file_exists($certificate_ecc_folder)) {\n\t\t\t\t\tFileDir::safe_exec('rm -rf ' . $certificate_ecc_folder);\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t\treturn true;\n\t}\n\n\t/**\n\t * checks give path for security issues\n\t * and returns a string that can be appended\n\t * to a line for an open_basedir directive\n\t *\n\t * @param string $path the path to check and append\n\t * @param bool $first if true, no ':' will be prefixed to the path\n\t *\n\t * @return string\n\t * @throws \\Exception\n\t */\n\tpublic static function appendOpenBasedirPath(string $path = '', bool $first = false): string\n\t{\n\t\tif ($path != '' && $path != '/' && (!preg_match(\"#^/dev#i\", $path) || preg_match(\"#^/dev/urandom#i\",\n\t\t\t\t\t$path)) && !preg_match(\"#^/proc#i\", $path) && !preg_match(\"#^/etc#i\",\n\t\t\t\t$path) && !preg_match(\"#^/sys#i\", $path) && !preg_match(\"#:#\", $path)) {\n\t\t\tif (preg_match(\"#^/dev/urandom#i\", $path)) {\n\t\t\t\t$path = FileDir::makeCorrectFile($path);\n\t\t\t} else {\n\t\t\t\t$path = FileDir::makeCorrectDir($path);\n\t\t\t}\n\n\t\t\t// check for php-version that requires the trailing\n\t\t\t// slash to be removed as it does not allow the usage\n\t\t\t// of the sub-folders within the given folder, fixes #797\n\t\t\tif ((PHP_MINOR_VERSION == 2 && PHP_VERSION_ID >= 50216) || PHP_VERSION_ID >= 50304) {\n\t\t\t\t// check trailing slash\n\t\t\t\tif (substr($path, -1, 1) == '/') {\n\t\t\t\t\t// remove it\n\t\t\t\t\t$path = substr($path, 0, -1);\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tif ($first) {\n\t\t\t\treturn $path;\n\t\t\t}\n\n\t\t\treturn ':' . $path;\n\t\t}\n\t\treturn '';\n\t}\n}\n" }, { "path": "lib/Froxlor/Domain/IpAddr.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Domain;\n\nuse Froxlor\\Database\\Database;\nuse PDO;\n\nclass IpAddr\n{\n\t/**\n\t * @return array\n\t */\n\tpublic static function getIpAddresses(): array\n\t{\n\t\t$result_stmt = Database::query(\"\n\t\t\tSELECT `id`, `ip`, `port` FROM `\" . TABLE_PANEL_IPSANDPORTS . \"` ORDER BY `ip` ASC, `port` ASC\n\t\t\");\n\n\t\t$system_ipaddress_array = [];\n\n\t\twhile ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\tif (!isset($system_ipaddress_array[$row['ip']]) && !in_array($row['ip'], $system_ipaddress_array)) {\n\t\t\t\t$system_ipaddress_array[$row['ip']] = $row['ip'];\n\t\t\t}\n\t\t}\n\n\t\treturn $system_ipaddress_array;\n\t}\n\n\t/**\n\t * @return array\n\t * @throws \\Exception\n\t */\n\tpublic static function getSslIpPortCombinations(): array\n\t{\n\t\treturn [\n\t\t\t\t'' => lng('panel.none_value')\n\t\t\t] + self::getIpPortCombinations(true);\n\t}\n\n\t/**\n\t * @param bool $ssl\n\t * @return array\n\t * @throws \\Exception\n\t */\n\tpublic static function getIpPortCombinations(bool $ssl = false): array\n\t{\n\t\tglobal $userinfo;\n\n\t\t$additional_conditions_params = [];\n\t\t$additional_conditions_array = [];\n\n\t\tif (!empty($userinfo) && $userinfo['ip'] != '-1') {\n\t\t\t$admin_ip_stmt = Database::prepare(\"\n\t\t\t\tSELECT `id`, `ip`, `port` FROM `\" . TABLE_PANEL_IPSANDPORTS . \"` WHERE `id` = IN (:ipid)\n\t\t\t\");\n\t\t\t$myips = implode(\",\", json_decode($userinfo['ip'], true));\n\t\t\tDatabase::pexecute($admin_ip_stmt, [\n\t\t\t\t'ipid' => $myips\n\t\t\t]);\n\t\t\t$additional_conditions_array[] = \"`ip` IN (:adminips)\";\n\t\t\t$additional_conditions_params['adminips'] = $myips;\n\t\t}\n\n\t\tif ($ssl !== null) {\n\t\t\t$additional_conditions_array[] = \"`ssl` = :ssl\";\n\t\t\t$additional_conditions_params['ssl'] = ($ssl === true ? '1' : '0');\n\t\t}\n\n\t\t$additional_conditions = '';\n\t\tif (count($additional_conditions_array) > 0) {\n\t\t\t$additional_conditions = \" WHERE \" . implode(\" AND \", $additional_conditions_array) . \" \";\n\t\t}\n\n\t\t$result_stmt = Database::prepare(\"\n\t\t\tSELECT `id`, `ip`, `port` FROM `\" . TABLE_PANEL_IPSANDPORTS . \"` \" . $additional_conditions . \" ORDER BY `ip` ASC, `port` ASC\n\t\t\");\n\n\t\tDatabase::pexecute($result_stmt, $additional_conditions_params);\n\t\t$system_ipaddress_array = [];\n\n\t\twhile ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\tif (filter_var($row['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {\n\t\t\t\t$row['ip'] = '[' . $row['ip'] . ']';\n\t\t\t}\n\t\t\t$system_ipaddress_array[$row['id']] = $row['ip'] . ':' . $row['port'];\n\t\t}\n\n\t\treturn $system_ipaddress_array;\n\t}\n}\n" }, { "path": "lib/Froxlor/Domain/index.html", "content": "" }, { "path": "lib/Froxlor/ErrorBag.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor;\n\nuse Exception;\n\n/**\n * Class to manage the current user / session\n */\nclass ErrorBag\n{\n\n\t/**\n\t * returns whether there are errors stored\n\t *\n\t * @return bool\n\t */\n\tpublic static function hasErrors(): bool\n\t{\n\t\treturn !empty($_SESSION) && !empty($_SESSION['_errors']);\n\t}\n\n\t/**\n\t * add error\n\t *\n\t * @param string $data\n\t *\n\t * @return void\n\t */\n\tpublic static function addError(string $data): void\n\t{\n\t\tif (!isset($_SESSION['_errors']) || !is_array($_SESSION['_errors'])) {\n\t\t\t$_SESSION['_errors'] = [];\n\t\t}\n\t\t$_SESSION['_errors'][] = $data;\n\t}\n\n\t/**\n\t * Return errors and clear session\n\t *\n\t * @return array\n\t * @throws Exception\n\t */\n\tpublic static function getErrors(): array\n\t{\n\t\t$errors = $_SESSION['_errors'] ?? [];\n\t\tunset($_SESSION['_errors']);\n\t\tif (Settings::Config('display_php_errors')) {\n\t\t\treturn $errors;\n\t\t}\n\t\treturn [];\n\t}\n\n}\n" }, { "path": "lib/Froxlor/FileDir.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor;\n\nuse Exception;\nuse Froxlor\\Customer\\Customer;\nuse Froxlor\\Database\\Database;\nuse PDO;\nuse RecursiveCallbackFilterIterator;\n\nclass FileDir\n{\n\t/**\n\t * Creates a directory below a users homedir and sets all directories,\n\t * which had to be created below with correct Owner/Group\n\t * (Copied from cron_tasks.php:rev1189 as we'll need this more often in future)\n\t *\n\t * @param string $homeDir The homedir of the user\n\t * @param string $dirToCreate The dir which should be created\n\t * @param int $uid The uid of the user\n\t * @param int $gid The gid of the user\n\t * @param bool $placeindex Place standard-index.html into the new folder\n\t * @param bool $allow_notwithinhomedir Allow creating a directory out of the customers docroot\n\t *\n\t * @return bool true if everything went okay, false if something went wrong\n\t * @throws Exception\n\t */\n\tpublic static function mkDirWithCorrectOwnership(\n\t\tstring $homeDir,\n\t\tstring $dirToCreate,\n\t\tint $uid,\n\t\tint $gid,\n\t\tbool $placeindex = false,\n\t\tbool $allow_notwithinhomedir = false\n\t): bool\n\t{\n\t\tif ($homeDir != '' && $dirToCreate != '') {\n\t\t\t$homeDir = self::makeCorrectDir($homeDir);\n\t\t\t$dirToCreate = self::makeCorrectDir($dirToCreate);\n\n\t\t\tif (substr($dirToCreate, 0, strlen($homeDir)) == $homeDir) {\n\t\t\t\t$subdir = substr($dirToCreate, strlen($homeDir) - 1);\n\t\t\t\t$within_homedir = true;\n\t\t\t} else {\n\t\t\t\t$subdir = $dirToCreate;\n\t\t\t\t$within_homedir = false;\n\t\t\t}\n\n\t\t\t$subdir = self::makeCorrectDir($subdir);\n\t\t\t$subdirs = [];\n\n\t\t\tif ($within_homedir || !$allow_notwithinhomedir) {\n\t\t\t\t$subdirlen = strlen($subdir);\n\t\t\t\t$offset = 0;\n\n\t\t\t\twhile ($offset < $subdirlen) {\n\t\t\t\t\t$offset = strpos($subdir, '/', $offset);\n\t\t\t\t\t$subdirelem = substr($subdir, 0, $offset);\n\t\t\t\t\t$offset++;\n\t\t\t\t\tarray_push($subdirs, self::makeCorrectDir($homeDir . $subdirelem));\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\tarray_push($subdirs, $dirToCreate);\n\t\t\t}\n\n\t\t\t$subdirs = array_unique($subdirs);\n\t\t\tsort($subdirs);\n\t\t\tforeach ($subdirs as $sdir) {\n\t\t\t\tif (!is_dir($sdir)) {\n\t\t\t\t\t$sdir = self::makeCorrectDir($sdir);\n\t\t\t\t\tself::safe_exec('mkdir -p ' . escapeshellarg($sdir));\n\t\t\t\t\t// place index\n\t\t\t\t\tif ($placeindex) {\n\t\t\t\t\t\t$loginname = Customer::getLoginNameByUid($uid);\n\t\t\t\t\t\tif ($loginname !== false) {\n\t\t\t\t\t\t\tself::storeDefaultIndex($loginname, $sdir, null);\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t\tself::safe_exec('chown -R ' . (int)$uid . ':' . (int)$gid . ' ' . escapeshellarg($sdir));\n\t\t\t\t}\n\t\t\t}\n\t\t\treturn true;\n\t\t}\n\t\treturn false;\n\t}\n\n\t/**\n\t * Returns a correct/secure dirname, means to add slashes at the beginning and at the end if there weren't\n\t * some. If $fixes_homedir is specified,\n\t *\n\t *\n\t * @param string $dir the path to correct\n\t *\n\t * @return string the corrected path\n\t * @throws Exception\n\t */\n\tpublic static function makeCorrectDir(string $dir, string $fixed_homedir = \"\"): string\n\t{\n\t\tif (strlen($dir) > 0) {\n\t\t\t$dir = trim($dir);\n\t\t\tif (substr($dir, -1, 1) != '/') {\n\t\t\t\t$dir .= '/';\n\t\t\t}\n\t\t\tif (substr($dir, 0, 1) != '/') {\n\t\t\t\t$dir = '/' . $dir;\n\t\t\t}\n\n\t\t\t// if given, check that the target path is within the $fixed_homedir\n\t\t\t// by checking each folder for being a symlink and whether it targets\n\t\t\t// the customers homedir or points outside of it\n\t\t\tif (!empty($fixed_homedir)) {\n\t\t\t\t$to_check = explode(\"/\", substr($dir, strlen($fixed_homedir) + 1), -1);\n\t\t\t\t$check_dir = substr($fixed_homedir, 0, -1);\n\t\t\t\t// Symlink check\n\t\t\t\tforeach ($to_check as $sub_dir) {\n\t\t\t\t\t$check_dir .= '/' . $sub_dir;\n\t\t\t\t\tif (is_link($check_dir)) {\n\t\t\t\t\t\t$original_target = $check_dir;\n\t\t\t\t\t\t$check_dir = readlink($check_dir);\n\t\t\t\t\t\t$link_dir = dirname($original_target);\n\t\t\t\t\t\t// check whether the link is relative or absolute\n\t\t\t\t\t\tif (substr($check_dir, 0, 1) != '/') {\n\t\t\t\t\t\t\t// relative directory, prepend link_dir\n\t\t\t\t\t\t\t$check_dir = $link_dir . '/' . $check_dir;\n\t\t\t\t\t\t}\n\t\t\t\t\t\tif (substr($check_dir, 0, strlen($fixed_homedir)) != $fixed_homedir) {\n\t\t\t\t\t\t\tthrow new Exception(\"Found symlink pointing outside of customer home directory: \" . substr($original_target, strlen($fixed_homedir)));\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\t// check for the path to be within the given homedir\n\t\t\t\tif (substr($dir, 0, strlen($fixed_homedir)) != $fixed_homedir) {\n\t\t\t\t\tthrow new Exception(\"Target path not within the required customer home directory\");\n\t\t\t\t}\n\t\t\t}\n\n\t\t\treturn self::makeSecurePath($dir);\n\t\t}\n\t\tthrow new Exception(\"Cannot validate directory in \" . __FUNCTION__ . \" which is very dangerous.\");\n\t}\n\n\t/**\n\t * Function which returns a secure path, means to remove all multiple dots and slashes\n\t *\n\t * @param string $path the path to secure\n\t *\n\t * @return string the corrected path\n\t */\n\tpublic static function makeSecurePath(string $path): string\n\t{\n\t\t// check for bad characters, some are allowed with escaping,\n\t\t// but we generally don't want them in our directory-names,\n\t\t// thx to aaronmueller for this snippet\n\t\t$badchars = [\n\t\t\t':',\n\t\t\t';',\n\t\t\t'|',\n\t\t\t'&',\n\t\t\t'>',\n\t\t\t'<',\n\t\t\t'`',\n\t\t\t'$',\n\t\t\t'~',\n\t\t\t'?',\n\t\t\t\"\\0\",\n\t\t\t\"\\n\",\n\t\t\t\"\\r\",\n\t\t\t\"\\t\",\n\t\t\t\"\\f\"\n\t\t];\n\t\tforeach ($badchars as $bc) {\n\t\t\t$path = str_replace($bc, \"\", $path);\n\t\t}\n\n\t\t$search = [\n\t\t\t'#/+#',\n\t\t\t'#\\.+#'\n\t\t];\n\t\t$replace = [\n\t\t\t'/',\n\t\t\t'.'\n\t\t];\n\t\t$path = preg_replace($search, $replace, $path);\n\t\t// don't just replace a space with an escaped space\n\t\t// it might be escaped already\n\t\t$path = str_replace(\"\\ \", \" \", $path);\n\t\t$path = str_replace(\" \", \"\\ \", $path);\n\n\t\treturn $path;\n\t}\n\n\t/**\n\t * Wrapper around the exec command.\n\t *\n\t * @param string $exec_string command to be executed\n\t * @param mixed $return_value referenced variable where the output is stored\n\t * @param ?array $allowedChars optional array of allowed characters in path/command\n\t *\n\t * @return array result of exec()\n\t */\n\tpublic static function safe_exec(string $exec_string, &$return_value = false, $allowedChars = null)\n\t{\n\t\t$disallowed = [\n\t\t\t';',\n\t\t\t'|',\n\t\t\t'&',\n\t\t\t'>',\n\t\t\t'<',\n\t\t\t'`',\n\t\t\t'$',\n\t\t\t'~',\n\t\t\t'?'\n\t\t];\n\n\t\t$acheck = false;\n\t\tif ($allowedChars != null && is_array($allowedChars) && count($allowedChars) > 0) {\n\t\t\t$acheck = true;\n\t\t}\n\n\t\tforeach ($disallowed as $dc) {\n\t\t\tif ($acheck && in_array($dc, $allowedChars)) {\n\t\t\t\tcontinue;\n\t\t\t}\n\t\t\t// check for bad signs in execute command\n\t\t\tif (stristr($exec_string, $dc)) {\n\t\t\t\tdie(\"SECURITY CHECK FAILED!\\nThe execute string '\" . $exec_string . \"' is a possible security risk!\\nPlease check your whole server for security problems by hand!\\n\");\n\t\t\t}\n\t\t}\n\n\t\t// execute the command and return output\n\t\t$return = [];\n\n\t\t// -------------------------------------------------------------------------------\n\t\tif ($return_value == false) {\n\t\t\texec($exec_string, $return);\n\t\t} else {\n\t\t\texec($exec_string, $return, $return_value);\n\t\t}\n\n\t\treturn $return;\n\t}\n\n\t/**\n\t * Read unconfigured-domain template from database if exists or fallback to default\n\t *\n\t * @param string $servername\n\t *\n\t * @return string\n\t * @throws Exception\n\t */\n\tpublic static function getUnknownDomainTemplate(string $servername = \"\")\n\t{\n\t\t$result_stmt = Database::prepare(\"\n\t\t\tSELECT * FROM `\" . TABLE_PANEL_TEMPLATES . \"` WHERE `templategroup` = 'files' AND `varname` = 'unconfigured_html'\n\t\t\");\n\t\tDatabase::pexecute($result_stmt);\n\t\tif (Database::num_rows() > 0) {\n\t\t\t$template = $result_stmt->fetch(PDO::FETCH_ASSOC);\n\t\t\t$replace_arr = [\n\t\t\t\t'SERVERNAME' => $servername,\n\t\t\t];\n\t\t\t$tpl_content = PhpHelper::replaceVariables($template['value'], $replace_arr);\n\t\t\t$tpl_ext = $template['file_extension'];\n\t\t} else {\n\t\t\t$tpl_ext = 'html';\n\t\t\t$unconfiguredPath = FileDir::makeCorrectFile(Froxlor::getInstallDir() . '/templates/misc/unconfigured/index.html');\n\t\t\tif (file_exists($unconfiguredPath)) {\n\t\t\t\t$tpl_content = file_get_contents($unconfiguredPath);\n\t\t\t} else {\n\t\t\t\t$tpl_content = lng('admin.templates.unconfigured_content_fallback');\n\t\t\t}\n\t\t}\n\t\t$redirect_file = FileDir::makeCorrectFile(Froxlor::getInstallDir() . '/notice.' . $tpl_ext);\n\t\tfile_put_contents($redirect_file, $tpl_content);\n\t\treturn basename($redirect_file);\n\t}\n\n\t/**\n\t * store the default index-file in a given destination folder\n\t *\n\t * @param string $loginname customers loginname\n\t * @param string $destination path where to create the file\n\t * @param object $logger FroxlorLogger object\n\t * @param bool $force force creation whatever the settings say (needed for task #2, create new user)\n\t *\n\t * @return void\n\t * @throws Exception\n\t */\n\tpublic static function storeDefaultIndex(\n\t\tstring $loginname,\n\t\tstring $destination,\n\t\t $logger = null,\n\t\tbool $force = false\n\t)\n\t{\n\t\tif ($force || (int)Settings::Get('system.store_index_file_subs') == 1) {\n\t\t\t$result_stmt = Database::prepare(\"\n\t\t\tSELECT `t`.`value`, `t`.`file_extension`, `c`.`email` AS `customer_email`, `a`.`email` AS `admin_email`, `c`.`loginname` AS `customer_login`, `a`.`loginname` AS `admin_login`\n\t\t\tFROM `\" . TABLE_PANEL_CUSTOMERS . \"` AS `c` INNER JOIN `\" . TABLE_PANEL_ADMINS . \"` AS `a`\n\t\t\tON `c`.`adminid` = `a`.`adminid`\n\t\t\tINNER JOIN `\" . TABLE_PANEL_TEMPLATES . \"` AS `t`\n\t\t\tON `a`.`adminid` = `t`.`adminid`\n\t\t\tWHERE `varname` = 'index_html' AND `c`.`loginname` = :loginname\");\n\t\t\tDatabase::pexecute($result_stmt, [\n\t\t\t\t'loginname' => $loginname\n\t\t\t]);\n\n\t\t\tif (Database::num_rows() > 0) {\n\t\t\t\t$template = $result_stmt->fetch(PDO::FETCH_ASSOC);\n\n\t\t\t\t$replace_arr = [\n\t\t\t\t\t'SERVERNAME' => Settings::Get('system.hostname'),\n\t\t\t\t\t'CUSTOMER' => $template['customer_login'],\n\t\t\t\t\t'ADMIN' => $template['admin_login'],\n\t\t\t\t\t'CUSTOMER_EMAIL' => $template['customer_email'],\n\t\t\t\t\t'ADMIN_EMAIL' => $template['admin_email']\n\t\t\t\t];\n\n\t\t\t\t// replaceVariables\n\t\t\t\t$htmlcontent = PhpHelper::replaceVariables($template['value'], $replace_arr);\n\t\t\t\t$indexhtmlpath = self::makeCorrectFile($destination . '/index.' . $template['file_extension']);\n\t\t\t\t$index_html_handler = fopen($indexhtmlpath, 'w');\n\t\t\t\tfwrite($index_html_handler, $htmlcontent);\n\t\t\t\tfclose($index_html_handler);\n\t\t\t\tif ($logger !== null) {\n\t\t\t\t\t$logger->logAction(\n\t\t\t\t\t\tFroxlorLogger::CRON_ACTION,\n\t\t\t\t\t\tLOG_NOTICE,\n\t\t\t\t\t\t'Creating \\'index.' . $template['file_extension'] . '\\' for Customer \\'' . $template['customer_login'] . '\\' based on template in directory ' . escapeshellarg($indexhtmlpath)\n\t\t\t\t\t);\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\t$destination = self::makeCorrectDir($destination);\n\t\t\t\tif ($logger !== null) {\n\t\t\t\t\t$logger->logAction(\n\t\t\t\t\t\tFroxlorLogger::CRON_ACTION,\n\t\t\t\t\t\tLOG_NOTICE,\n\t\t\t\t\t\t'Running: cp -a ' . Froxlor::getInstallDir() . '/templates/misc/standardcustomer/* ' . escapeshellarg($destination)\n\t\t\t\t\t);\n\t\t\t\t}\n\t\t\t\tself::safe_exec('cp -a ' . Froxlor::getInstallDir() . '/templates/misc/standardcustomer/* ' . escapeshellarg($destination));\n\t\t\t}\n\t\t}\n\t}\n\n\t/**\n\t * Function which returns a correct filename, means to add a slash at the beginning if there wasn't one\n\t *\n\t * @param string $filename the filename\n\t * @param string $fixed_homedir whether to check that the given file is within the fixed home-directory\n\t *\n\t * @return string the corrected filename\n\t * @throws Exception\n\t */\n\tpublic static function makeCorrectFile(string $filename, string $fixed_homedir = \"\"): string\n\t{\n\t\tif (trim($filename) == '') {\n\t\t\t$error = 'Given filename for function ' . __FUNCTION__ . ' is empty.' . \"\\n\";\n\t\t\t$error .= 'This is very dangerous and should not happen.' . \"\\n\";\n\t\t\t$error .= 'Please inform the Froxlor team about this issue so they can fix it.';\n\t\t\techo $error;\n\t\t\t// so we can see WHERE this happened\n\t\t\tdebug_print_backtrace();\n\t\t\tdie();\n\t\t}\n\n\t\tif (substr($filename, 0, 1) != '/') {\n\t\t\t$filename = '/' . $filename;\n\t\t}\n\n\t\t$filename = FileDir::makeCorrectDir(dirname($filename)) . '/' . basename($filename);\n\n\t\t// if given, check that the target file is within the $fixed_homedir\n\t\t// by checking each folder and the file for being a symlink and whether it targets\n\t\t// the customers homedir or points outside of it\n\t\tif (!empty($fixed_homedir)) {\n\t\t\t$to_check = explode(\"/\", substr($filename, strlen(self::makeCorrectDir($fixed_homedir))), -1);\n\t\t\t$check_dir = substr($fixed_homedir, -1) == '/' ? substr($fixed_homedir, 0, -1) : $fixed_homedir;\n\t\t\t// Symlink check\n\t\t\tforeach ($to_check as $sub_dir) {\n\t\t\t\t$check_dir .= '/' . $sub_dir;\n\t\t\t\tif (is_link($check_dir)) {\n\t\t\t\t\t$original_target = $check_dir;\n\t\t\t\t\t$check_dir = readlink($check_dir);\n\t\t\t\t\t$link_dir = dirname($original_target);\n\t\t\t\t\t// check whether the link is relative or absolute\n\t\t\t\t\tif (substr($check_dir, 0, 1) != '/') {\n\t\t\t\t\t\t// relative directory, prepend link_dir\n\t\t\t\t\t\t$check_dir = $link_dir . '/' . $check_dir;\n\t\t\t\t\t}\n\t\t\t\t\tif (substr($check_dir, 0, strlen($fixed_homedir)) != $fixed_homedir) {\n\t\t\t\t\t\tthrow new Exception(\"Found symlink pointing outside of customer home directory: \" . substr($original_target, strlen($fixed_homedir)));\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t\t// check for the path to be within the given homedir\n\t\t\tif (substr($filename, 0, strlen($fixed_homedir)) != $fixed_homedir) {\n\t\t\t\tthrow new Exception(\"Target path/file not within the required customer home directory\");\n\t\t\t}\n\t\t\t// check whether file is symlink itself\n\t\t\tif (is_link($filename)) {\n\t\t\t\t$filename = readlink($filename);\n\t\t\t\t$check_dir = FileDir::makeCorrectDir(dirname($filename), $fixed_homedir);\n\t\t\t\tif (substr($check_dir, 0, strlen($fixed_homedir)) != $fixed_homedir) {\n\t\t\t\t\tthrow new Exception(\"Found symlink pointing outside of customer home directory: \" . substr($filename, strlen($fixed_homedir)));\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\treturn self::makeSecurePath($filename);\n\t}\n\n\t/**\n\t * checks a directory against disallowed paths which could\n\t * lead to a damaged system if you use them\n\t *\n\t * @param string|null $path\n\t *\n\t * @return bool\n\t * @throws Exception\n\t */\n\tpublic static function checkDisallowedPaths(string $path): bool\n\t{\n\t\t/*\n\t\t * disallow base-directories and /\n\t\t */\n\t\t$disallowed_values = [\n\t\t\t\"/\",\n\t\t\t\"/bin/\",\n\t\t\t\"/boot/\",\n\t\t\t\"/dev/\",\n\t\t\t\"/etc/\",\n\t\t\t\"/home/\",\n\t\t\t\"/lib/\",\n\t\t\t\"/lib32/\",\n\t\t\t\"/lib64/\",\n\t\t\t\"/opt/\",\n\t\t\t\"/proc/\",\n\t\t\t\"/root/\",\n\t\t\t\"/run/\",\n\t\t\t\"/sbin/\",\n\t\t\t\"/sys/\",\n\t\t\t\"/tmp/\",\n\t\t\t\"/usr/\",\n\t\t\t\"/var/\"\n\t\t];\n\n\t\t$path = self::makeCorrectDir($path);\n\n\t\t// check if it's a disallowed path\n\t\tif (in_array($path, $disallowed_values)) {\n\t\t\treturn false;\n\t\t}\n\t\treturn true;\n\t}\n\n\t/**\n\t * Function which returns a correct destination for Postfix Virtual Table\n\t *\n\t * @param string $destination The destinations\n\t *\n\t * @return string the corrected destinations\n\t */\n\tpublic static function makeCorrectDestination(string $destination): string\n\t{\n\t\t$search = '/ +/';\n\t\t$replace = ' ';\n\t\t$destination = preg_replace($search, $replace, $destination);\n\n\t\tif (substr($destination, 0, 1) == ' ') {\n\t\t\t$destination = substr($destination, 1);\n\t\t}\n\n\t\tif (substr($destination, -1, 1) == ' ') {\n\t\t\t$destination = substr($destination, 0, strlen($destination) - 1);\n\t\t}\n\n\t\treturn $destination;\n\t}\n\n\t/**\n\t * Returns a valid html tag for the chosen $fieldType for paths\n\t *\n\t * @param string $path The path to start searching in\n\t * @param int $uid The uid which must match the found directories\n\t * @param int $gid The gid which must match the found directories\n\t * @param string $value the value for the input-field\n\t * @param bool $dom\n\t *\n\t * @return array\n\t *\n\t * @throws Exception\n\t * @author Manuel Bernhardt \n\t * @author Martin Burchert \n\t */\n\tpublic static function makePathfield(string $path, int $uid, int $gid, string $value = '', bool $dom = false): array\n\t{\n\t\t$value = str_replace($path, '', $value);\n\t\t$field = [];\n\n\t\t// path is given without starting slash\n\t\t// but dirList holds the paths with starting slash,\n\t\t// so we just add one here to get the correct\n\t\t// default path selected, #225\n\t\tif (substr($value, 0, 1) != '/' && !$dom) {\n\t\t\t$value = '/' . $value;\n\t\t}\n\n\t\t$fieldType = strtolower(Settings::Get('panel.pathedit'));\n\n\t\tif ($fieldType == 'manual') {\n\t\t\t$field = [\n\t\t\t\t'type' => 'text',\n\t\t\t\t'value' => htmlspecialchars($value)\n\t\t\t];\n\t\t} elseif ($fieldType == 'dropdown') {\n\t\t\t$dirList = self::findDirs($path, $uid, $gid);\n\t\t\tnatcasesort($dirList);\n\n\t\t\tif (sizeof($dirList) > 0) {\n\t\t\t\t$_field = [];\n\t\t\t\tforeach ($dirList as $dir) {\n\t\t\t\t\tif (strpos($dir, $path) === 0) {\n\t\t\t\t\t\t$dir = substr($dir, strlen($path));\n\t\t\t\t\t\t// docroot cut off of current directory == empty -> directory is the docroot\n\t\t\t\t\t\tif (empty($dir)) {\n\t\t\t\t\t\t\t$dir = '/';\n\t\t\t\t\t\t}\n\t\t\t\t\t\t$dir = self::makeCorrectDir($dir);\n\t\t\t\t\t}\n\t\t\t\t\t$_field[$dir] = $dir;\n\t\t\t\t}\n\t\t\t\t$field = [\n\t\t\t\t\t'type' => 'select',\n\t\t\t\t\t'select_var' => $_field,\n\t\t\t\t\t'selected' => $value,\n\t\t\t\t\t'value' => $value\n\t\t\t\t];\n\t\t\t} else {\n\t\t\t\t$field = [\n\t\t\t\t\t'type' => 'hidden',\n\t\t\t\t\t'value' => '/',\n\t\t\t\t\t'note' => lng('panel.dirsmissing')\n\t\t\t\t];\n\t\t\t}\n\t\t}\n\n\t\treturn $field;\n\t}\n\n\t/**\n\t * Returns an array of found directories\n\t *\n\t * This function checks every found directory if they match either $uid or $gid, if they do\n\t * the found directory is valid. It uses recursive-iterators to find subdirectories.\n\t *\n\t * @param string $path the path to start searching in\n\t * @param int $uid the uid which must match the found directories\n\t * @param int $gid the gid which must match the found directories\n\t *\n\t * @return array Array of found valid paths\n\t * @throws Exception\n\t */\n\tprivate static function findDirs(string $path, int $uid, int $gid): array\n\t{\n\t\t$_fileList = [];\n\t\t$path = self::makeCorrectDir($path);\n\n\t\t// valid directory?\n\t\tif (is_dir($path)) {\n\t\t\t// Will exclude everything under these directories\n\t\t\t$exclude = [\n\t\t\t\t'awstats',\n\t\t\t\t'webalizer',\n\t\t\t\t'goaccess'\n\t\t\t];\n\n\t\t\t/**\n\t\t\t *\n\t\t\t * @param SplFileInfo $file\n\t\t\t * @param mixed $key\n\t\t\t * @param RecursiveCallbackFilterIterator $iterator\n\t\t\t * @return bool True if you need to recurse or if the item is acceptable\n\t\t\t */\n\t\t\t$filter = function ($file, $key, $iterator) use ($exclude) {\n\t\t\t\tif (in_array($file->getFilename(), $exclude)) {\n\t\t\t\t\treturn false;\n\t\t\t\t} elseif (substr($file->getFilename(), 0, 1) == '.') {\n\t\t\t\t\t// also hide hidden folders\n\t\t\t\t\treturn false;\n\t\t\t\t}\n\t\t\t\treturn true;\n\t\t\t};\n\n\t\t\t// create RecursiveIteratorIterator\n\t\t\t$its = new \\RecursiveIteratorIterator(\n\t\t\t\tnew \\RecursiveCallbackFilterIterator(\n\t\t\t\t\tnew \\RecursiveDirectoryIterator($path, \\RecursiveDirectoryIterator::SKIP_DOTS),\n\t\t\t\t\t$filter\n\t\t\t\t),\n\t\t\t\t\\RecursiveIteratorIterator::SELF_FIRST,\n\t\t\t\t\\RecursiveIteratorIterator::CATCH_GET_CHILD\n\t\t\t);\n\t\t\t// we can limit the recursion-depth, but will it be helpful or\n\t\t\t// will people start asking \"why do I only see 2 subdirectories, i want to use /a/b/c\"\n\t\t\t// let's keep this in mind and see whether it will be useful\n\t\t\t$its->setMaxDepth(2);\n\n\t\t\t// check every file\n\t\t\tforeach ($its as $fullFileName => $it) {\n\t\t\t\tif ($it->isDir() && (fileowner($fullFileName) == $uid || filegroup($fullFileName) == $gid)) {\n\t\t\t\t\t$_fileList[] = self::makeCorrectDir($fullFileName);\n\t\t\t\t}\n\t\t\t}\n\t\t\t$_fileList[] = $path;\n\t\t}\n\n\t\treturn array_unique($_fileList);\n\t}\n\n\t/**\n\t * set the immutable flag for a file\n\t *\n\t * @param string $filename the file to set the flag for\n\t *\n\t * @return void\n\t */\n\tpublic static function setImmutable(string $filename)\n\t{\n\t\tself::safe_exec(self::getImmutableFunction(false) . escapeshellarg($filename));\n\t}\n\n\t/**\n\t * internal function to check whether\n\t * to use chattr (Linux) or chflags (FreeBSD)\n\t *\n\t * @param bool $remove whether to use +i|schg (false) or -i|noschg (true)\n\t *\n\t * @return string functionname + parameter (not the file)\n\t */\n\tprivate static function getImmutableFunction(bool $remove = false): string\n\t{\n\t\tif (self::isFreeBSD()) {\n\t\t\t// FreeBSD style\n\t\t\treturn 'chflags ' . (($remove === true) ? 'noschg ' : 'schg ');\n\t\t} else {\n\t\t\t// Linux style\n\t\t\treturn 'chattr ' . (($remove === true) ? '-i ' : '+i ');\n\t\t}\n\t}\n\n\t/**\n\t * check if the system is FreeBSD (if exact)\n\t * or BSD-based (NetBSD, OpenBSD, etc.\n\t * if exact = false [default])\n\t *\n\t * @param bool $exact whether to check explicitly for FreeBSD or *BSD\n\t *\n\t * @return bool\n\t */\n\tpublic static function isFreeBSD(bool $exact = false): bool\n\t{\n\t\tif (($exact && PHP_OS == 'FreeBSD') || (!$exact && stristr(PHP_OS, 'BSD'))) {\n\t\t\treturn true;\n\t\t}\n\t\treturn false;\n\t}\n\n\t/**\n\t * removes the immutable flag for a file\n\t *\n\t * @param string $filename the file to set the flag for\n\t *\n\t * @return void\n\t */\n\tpublic static function removeImmutable(string $filename)\n\t{\n\t\tFileDir::safe_exec(self::getImmutableFunction(true) . escapeshellarg($filename));\n\t}\n\n\t/**\n\t *\n\t * @return array|false\n\t */\n\tpublic static function getFilesystemQuota()\n\t{\n\t\t// enabled at all?\n\t\tif (Settings::Get('system.diskquota_enabled')) {\n\t\t\t// set linux defaults\n\t\t\t$repquota_params = \"-np\";\n\t\t\t// $quota_line_regex = \"/^#([0-9]+)\\s*[+-]{2}\\s*(\\d+)\\s*(\\d+)\\s*(\\d+)\\s*(\\d+)\\s*(\\d+)\\s*(\\d+)\\s*(\\d+)\\s*(\\d+)/i\";\n\t\t\t$quota_line_regex = \"/^#([0-9]+)\\s+[+-]{2}\\s+(\\d+)\\s+(\\d+)\\s+(\\d+)\\s+(\\d+)\\s+(\\d+)\\s+(\\d+)\\s+(\\d+)\\s+(\\d+)/i\";\n\n\t\t\t// check for freebsd - which needs other values\n\t\t\tif (self::isFreeBSD()) {\n\t\t\t\t$repquota_params = \"-nu\";\n\t\t\t\t$quota_line_regex = \"/^([0-9]+)\\s+[+-]{2}\\s+(\\d+)\\s+(\\d+)\\s+(\\d+)\\s+(\\S+)\\s+(\\d+)\\s+(\\d+)\\s+(\\d+)\\s+(\\S+)/i\";\n\t\t\t}\n\n\t\t\t// Fetch all quota in the desired partition\n\t\t\t$repquota = [];\n\t\t\texec(\n\t\t\t\tSettings::Get('system.diskquota_repquota_path') . \" \" . $repquota_params . \" \" . escapeshellarg(Settings::Get('system.diskquota_customer_partition')),\n\t\t\t\t$repquota\n\t\t\t);\n\n\t\t\t$usedquota = [];\n\t\t\tforeach ($repquota as $tmpquota) {\n\t\t\t\t$matches = null;\n\t\t\t\t// Let's see if the line matches a quota - line\n\t\t\t\tif (preg_match($quota_line_regex, $tmpquota, $matches)) {\n\t\t\t\t\t// It matches - put it into an array with userid as key (for easy lookup later)\n\t\t\t\t\t$usedquota[$matches[1]] = [\n\t\t\t\t\t\t'block' => [\n\t\t\t\t\t\t\t'used' => $matches[2],\n\t\t\t\t\t\t\t'soft' => $matches[3],\n\t\t\t\t\t\t\t'hard' => $matches[4],\n\t\t\t\t\t\t\t'grace' => (self::isFreeBSD() ? '0' : $matches[5])\n\t\t\t\t\t\t],\n\t\t\t\t\t\t'file' => [\n\t\t\t\t\t\t\t'used' => $matches[6],\n\t\t\t\t\t\t\t'soft' => $matches[7],\n\t\t\t\t\t\t\t'hard' => $matches[8],\n\t\t\t\t\t\t\t'grace' => (self::isFreeBSD() ? '0' : $matches[9])\n\t\t\t\t\t\t]\n\t\t\t\t\t];\n\t\t\t\t}\n\t\t\t}\n\n\t\t\treturn $usedquota;\n\t\t}\n\t\treturn false;\n\t}\n}\n" }, { "path": "lib/Froxlor/Froxlor.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor;\n\nuse Froxlor\\Database\\Database;\n\nfinal class Froxlor\n{\n\n\t// Main version variable\n\tconst VERSION = '2.3.7';\n\n\t// Database version (YYYYMMDDC where C is a daily counter)\n\tconst DBVERSION = '202603100';\n\n\t// Distribution branding-tag (used for Debian etc.)\n\tconst BRANDING = '';\n\n\tconst DOCS_URL = 'https://docs.froxlor.org';\n\n\t/**\n\t * return path to where froxlor is installed, e.g.\n\t * /var/www/froxlor/\n\t *\n\t * @return string\n\t */\n\tpublic static function getInstallDir(): string\n\t{\n\t\treturn dirname(__DIR__, 2) . '/';\n\t}\n\n\tpublic static function getDocsUrl(): string\n\t{\n\t\tif (preg_match('/(.+)-(dev|beta|rc)\\d+$/', self::VERSION)) {\n\t\t\treturn self::DOCS_URL . '/dev/';\n\t\t}\n\t\treturn self::DOCS_URL . '/v' . self::getShortVersion() . '/';\n\t}\n\n\t/**\n\t * return basic version\n\t *\n\t * @return string\n\t */\n\tpublic static function getVersion(): string\n\t{\n\t\treturn self::VERSION;\n\t}\n\n\t/**\n\t * return short basic version\n\t *\n\t * @return string\n\t */\n\tpublic static function getShortVersion(): string\n\t{\n\t\treturn explode(\".\", self::VERSION)[0] . '.' . explode(\".\", self::VERSION)[1];\n\t}\n\n\t/**\n\t * return version + branding and database-version\n\t *\n\t * @return string\n\t */\n\tpublic static function getVersionString(): string\n\t{\n\t\treturn self::getFullVersion() . ' (' . self::DBVERSION . ')';\n\t}\n\n\t/**\n\t * return version + branding\n\t *\n\t * @return string\n\t */\n\tpublic static function getFullVersion(): string\n\t{\n\t\treturn self::VERSION . self::BRANDING;\n\t}\n\n\t/**\n\t * Function hasUpdates\n\t *\n\t * checks if a given version is not equal the current one\n\t *\n\t * @param string $to_check version to check, if empty current version is used\n\t *\n\t * @return bool true if version to check does not match, else false\n\t */\n\tpublic static function hasUpdates(string $to_check = ''): bool\n\t{\n\t\tif (empty($to_check)) {\n\t\t\t$to_check = self::VERSION;\n\t\t}\n\t\tif (Settings::Get('panel.version') == null || Settings::Get('panel.version') != $to_check) {\n\t\t\treturn true;\n\t\t}\n\t\treturn false;\n\t}\n\n\t/**\n\t * Function hasDbUpdates\n\t *\n\t * checks if a given database-version is not equal the current one\n\t *\n\t * @param string $to_check version to check, if empty current dbversion is used\n\t *\n\t * @return bool true if version to check does not match, else false\n\t */\n\tpublic static function hasDbUpdates(string $to_check = ''): bool\n\t{\n\t\tif (empty($to_check)) {\n\t\t\t$to_check = self::DBVERSION;\n\t\t}\n\t\tif (Settings::Get('panel.db_version') == null || Settings::Get('panel.db_version') != $to_check) {\n\t\t\treturn true;\n\t\t}\n\t\treturn false;\n\t}\n\n\t/**\n\t * Function isDatabaseVersion\n\t *\n\t * checks if a given database-version is the current one\n\t *\n\t * @param string $to_check version to check\n\t *\n\t * @return bool true if version to check matches, else false\n\t */\n\tpublic static function isDatabaseVersion(string $to_check): bool\n\t{\n\t\tif (Settings::Get('panel.frontend') == 'froxlor' && Settings::Get('panel.db_version') == $to_check) {\n\t\t\treturn true;\n\t\t}\n\t\treturn false;\n\t}\n\n\t/**\n\t * Function updateToDbVersion\n\t *\n\t * updates the panel.version field\n\t * to the given value (no checks here!)\n\t *\n\t * @param string $new_version new-version\n\t *\n\t * @return bool true on success, else false\n\t * @throws \\Exception\n\t */\n\tpublic static function updateToDbVersion(string $new_version): bool\n\t{\n\t\tif ($new_version != '') {\n\t\t\t$upd_stmt = Database::prepare(\"\n\t\t\t\tUPDATE `\" . TABLE_PANEL_SETTINGS . \"` SET `value` = :newversion\n\t\t\t\tWHERE `settinggroup` = 'panel' AND `varname` = 'db_version'\");\n\t\t\tDatabase::pexecute($upd_stmt, [\n\t\t\t\t'newversion' => $new_version\n\t\t\t]);\n\t\t\tSettings::Set('panel.db_version', $new_version);\n\t\t\treturn true;\n\t\t}\n\t\treturn false;\n\t}\n\n\t/**\n\t * Function updateToVersion\n\t *\n\t * updates the panel.version field\n\t * to the given value (no checks here!)\n\t *\n\t * @param string $new_version new-version\n\t *\n\t * @return bool true on success, else false\n\t * @throws \\Exception\n\t */\n\tpublic static function updateToVersion(string $new_version): bool\n\t{\n\t\tif ($new_version != '') {\n\t\t\t$upd_stmt = Database::prepare(\"\n\t\t\t\tUPDATE `\" . TABLE_PANEL_SETTINGS . \"` SET `value` = :newversion\n\t\t\t\tWHERE `settinggroup` = 'panel' AND `varname` = 'version'\");\n\t\t\tDatabase::pexecute($upd_stmt, [\n\t\t\t\t'newversion' => $new_version\n\t\t\t]);\n\t\t\tSettings::Set('panel.version', $new_version);\n\t\t\treturn true;\n\t\t}\n\t\treturn false;\n\t}\n\n\t/**\n\t * Function isFroxlor\n\t *\n\t * checks if the panel is froxlor\n\t *\n\t * @return bool true if panel is froxlor, else false\n\t */\n\tpublic static function isFroxlor(): bool\n\t{\n\t\tif (Settings::Get('panel.frontend') !== null && Settings::Get('panel.frontend') == 'froxlor') {\n\t\t\treturn true;\n\t\t}\n\t\treturn false;\n\t}\n\n\t/**\n\t * Function isFroxlorVersion\n\t *\n\t * checks if a given version is the\n\t * current one (and panel is froxlor)\n\t *\n\t * @param string $to_check version to check\n\t *\n\t * @return bool true if version to check matches, else false\n\t */\n\tpublic static function isFroxlorVersion(string $to_check): bool\n\t{\n\t\tif (Settings::Get('panel.frontend') == 'froxlor' && Settings::Get('panel.version') == $to_check) {\n\t\t\treturn true;\n\t\t}\n\t\treturn false;\n\t}\n\n\t/**\n\t * generate safe unique session id\n\t *\n\t * @param int $length\n\t * @return string\n\t * @throws \\Exception\n\t */\n\tpublic static function genSessionId(int $length = 16): string\n\t{\n\t\tif ($length <= 8) {\n\t\t\t$length = 16;\n\t\t}\n\t\tif (function_exists('random_bytes')) {\n\t\t\treturn bin2hex(random_bytes($length));\n\t\t}\n\t\tif (function_exists('mcrypt_create_iv') && defined('MCRYPT_DEV_URANDOM')) {\n\t\t\treturn bin2hex(mcrypt_create_iv($length, MCRYPT_DEV_URANDOM));\n\t\t}\n\t\tif (function_exists('openssl_random_pseudo_bytes')) {\n\t\t\treturn bin2hex(openssl_random_pseudo_bytes($length));\n\t\t}\n\t\t// if everything else fails, use unsafe fallback\n\t\treturn md5(uniqid(microtime(), 1));\n\t}\n\n\t/**\n\t * compare of froxlor versions\n\t *\n\t * @param string $a\n\t * @param string $b\n\t *\n\t * @return int 0 if equal, 1 if a>b and -1 if b>a\n\t */\n\tpublic static function versionCompare2(string $a, string $b): int\n\t{\n\t\t// split version into pieces and remove trailing .0\n\t\t$a = explode(\".\", $a);\n\t\t$b = explode(\".\", $b);\n\n\t\tself::parseVersionArray($a);\n\t\tself::parseVersionArray($b);\n\n\t\twhile (count($a) != count($b)) {\n\t\t\tif (count($a) < count($b)) {\n\t\t\t\t$a[] = '0';\n\t\t\t} elseif (count($b) < count($a)) {\n\t\t\t\t$b[] = '0';\n\t\t\t}\n\t\t}\n\n\t\tforeach ($a as $depth => $aVal) {\n\t\t\t// iterate over each piece of A\n\t\t\tif (isset($b[$depth])) {\n\t\t\t\t// if B matches A to this depth, compare the values\n\t\t\t\tif ($aVal > $b[$depth]) {\n\t\t\t\t\treturn 1; // A > B\n\t\t\t\t} elseif ($aVal < $b[$depth]) {\n\t\t\t\t\treturn -1; // B > A\n\t\t\t\t}\n\t\t\t\t// an equal result is inconclusive at this point\n\t\t\t} else {\n\t\t\t\t// if B does not match A to this depth, then A comes after B in sort order\n\t\t\t\treturn 1; // so A > B\n\t\t\t}\n\t\t}\n\t\t// at this point, we know that to the depth that A and B extend to, they are equivalent.\n\t\t// either the loop ended because A is shorter than B, or both are equal.\n\t\treturn (count($a) < count($b)) ? -1 : 0;\n\t}\n\n\t/**\n\t * @param array|null $arr\n\t * @return void\n\t */\n\tprivate static function parseVersionArray(?array &$arr)\n\t{\n\t\t// -dev or -beta or -rc ?\n\t\tif (stripos($arr[count($arr) - 1], '-') !== false) {\n\t\t\t$x = explode(\"-\", $arr[count($arr) - 1]);\n\t\t\t$arr[count($arr) - 1] = $x[0];\n\t\t\tif (stripos($x[1], 'rc') !== false) {\n\t\t\t\t$arr[] = '-1';\n\t\t\t\t$arr[] = '2'; // dev < beta < rc\n\t\t\t\t// number of rc\n\t\t\t\t$arr[] = substr($x[1], 2);\n\t\t\t} else {\n\t\t\t\tif (stripos($x[1], 'beta') !== false) {\n\t\t\t\t\t$arr[] = '-1';\n\t\t\t\t\t$arr[] = '1'; // dev < beta < rc\n\t\t\t\t\t// number of beta\n\t\t\t\t\t$arr[] = substr($x[1], 3);\n\t\t\t\t} else {\n\t\t\t\t\tif (stripos($x[1], 'dev') !== false) {\n\t\t\t\t\t\t$arr[] = '-1';\n\t\t\t\t\t\t$arr[] = '0'; // dev < beta < rc\n\t\t\t\t\t\t// number of dev\n\t\t\t\t\t\t$arr[] = substr($x[1], 3);\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t}\n}\n" }, { "path": "lib/Froxlor/FroxlorLogger.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor;\n\nuse Froxlor\\System\\MysqlHandler;\nuse Monolog\\Handler\\StreamHandler;\nuse Monolog\\Handler\\SyslogHandler;\nuse Monolog\\Logger;\n\n/**\n * Class FroxlorLogger\n */\nclass FroxlorLogger\n{\n\n\tconst USR_ACTION = '10';\n\tconst RES_ACTION = '20';\n\tconst ADM_ACTION = '30';\n\tconst CRON_ACTION = '40';\n\tconst LOGIN_ACTION = '50';\n\tconst LOG_ERROR = '99';\n\t/**\n\t * current \\Monolog\\Logger object\n\t *\n\t * @var ?Logger\n\t */\n\tprivate static ?Logger $ml = null;\n\t/**\n\t * LogTypes Array\n\t *\n\t * @var ?array\n\t */\n\tprivate static ?array $logtypes = null;\n\t/**\n\t * whether to output log-messages to STDOUT (cron)\n\t *\n\t * @var bool\n\t */\n\tprivate static bool $crondebug_flag = false;\n\t/**\n\t * user info of logged-in user\n\t *\n\t * @var array\n\t */\n\tprivate static array $userinfo = [];\n\t/**\n\t * whether the logger object has already been initialized\n\t *\n\t * @var bool\n\t */\n\tprivate static bool $is_initialized = false;\n\n\t/**\n\t * Class constructor.\n\t *\n\t * @param array $userinfo\n\t *\n\t * @throws \\Exception\n\t */\n\tprotected function __construct(array $userinfo = [])\n\t{\n\t\t$this->initMonolog();\n\t\tself::$userinfo = $userinfo;\n\t\tself::$logtypes = [];\n\n\t\tif ((Settings::Get('logger.logtypes') == null || Settings::Get('logger.logtypes') == '') && (Settings::Get('logger.enabled') !== null && Settings::Get('logger.enabled'))) {\n\t\t\tself::$logtypes[0] = 'syslog';\n\t\t\tself::$logtypes[1] = 'mysql';\n\t\t} else {\n\t\t\tif (Settings::Get('logger.logtypes') !== null && Settings::Get('logger.logtypes') != '') {\n\t\t\t\tself::$logtypes = explode(',', Settings::Get('logger.logtypes'));\n\t\t\t} else {\n\t\t\t\tself::$logtypes = null;\n\t\t\t}\n\t\t}\n\n\t\tif (self::$is_initialized == false) {\n\t\t\tforeach (self::$logtypes as $logger) {\n\t\t\t\tswitch ($logger) {\n\t\t\t\t\tcase 'syslog':\n\t\t\t\t\t\tself::$ml->pushHandler(new SyslogHandler('froxlor', LOG_USER, Logger::DEBUG));\n\t\t\t\t\t\tbreak;\n\t\t\t\t\tcase 'file':\n\t\t\t\t\t\t$setings_logfile = Settings::Get('logger.logfile');\n\t\t\t\t\t\tif (empty($setings_logfile)) {\n\t\t\t\t\t\t\tSettings::Set('logger.logfile', 'froxlor.log');\n\t\t\t\t\t\t}\n\t\t\t\t\t\t$logger_logfile = FileDir::makeCorrectFile(Froxlor::getInstallDir() . '/logs/' . Settings::Get('logger.logfile'));\n\t\t\t\t\t\t// is_writable needs an existing file to check if it's actually writable\n\t\t\t\t\t\tif (!@touch($logger_logfile) || !is_writable($logger_logfile)) {\n\t\t\t\t\t\t\t// not writable in our own directory? Skip\n\t\t\t\t\t\t\tbreak;\n\t\t\t\t\t\t}\n\t\t\t\t\t\tself::$ml->pushHandler(new StreamHandler($logger_logfile, Logger::DEBUG));\n\t\t\t\t\t\tbreak;\n\t\t\t\t\tcase 'mysql':\n\t\t\t\t\t\tself::$ml->pushHandler(new MysqlHandler(Logger::DEBUG));\n\t\t\t\t\t\tbreak;\n\t\t\t\t}\n\t\t\t}\n\t\t\tself::$is_initialized = true;\n\t\t}\n\t}\n\n\t/**\n\t * initiate monolog object\n\t *\n\t * @return Logger\n\t */\n\tprivate function initMonolog()\n\t{\n\t\tif (empty(self::$ml)) {\n\t\t\t// get Theme object\n\t\t\tself::$ml = new Logger('froxlor');\n\t\t}\n\t\treturn self::$ml;\n\t}\n\n\t/**\n\t * return FroxlorLogger instance\n\t *\n\t * @param array $userinfo\n\t *\n\t * @return FroxlorLogger\n\t * @throws \\Exception\n\t */\n\tpublic static function getInstanceOf(array $userinfo = [])\n\t{\n\t\tif (empty($userinfo)) {\n\t\t\t$userinfo = [\n\t\t\t\t'loginname' => 'system'\n\t\t\t];\n\t\t}\n\t\treturn new FroxlorLogger($userinfo);\n\t}\n\n\t/**\n\t * logs a given text to all enabled logger-facilities\n\t *\n\t * @param int $action\n\t * @param int $type\n\t * @param ?string $text\n\t */\n\tpublic function logAction($action = FroxlorLogger::USR_ACTION, int $type = LOG_NOTICE, ?string $text = null)\n\t{\n\t\t// not logging normal stuff if not set to \"paranoid\" logging\n\t\tif (!self::$crondebug_flag && Settings::Get('logger.severity') == '1' && $type > LOG_NOTICE) {\n\t\t\treturn;\n\t\t}\n\n\t\tif (empty(self::$ml)) {\n\t\t\t$this->initMonolog();\n\t\t}\n\n\t\t// clean log-text\n\t\t$text = preg_replace(\"/[^\\w @#\\\"':.,()\\[\\]+\\-_\\/\\\\\\!]/i\", \"_\", $text);\n\n\t\tif (self::$crondebug_flag || ($action == FroxlorLogger::CRON_ACTION && $type <= LOG_WARNING)) {\n\t\t\techo \"[\" . $this->getLogLevelDesc($type) . \"] \" . $text . PHP_EOL;\n\t\t}\n\n\t\t// warnings, errors and critical messages WILL be logged\n\t\tif (Settings::Get('logger.log_cron') == '0' && $action == FroxlorLogger::CRON_ACTION && $type > LOG_WARNING) {\n\t\t\treturn;\n\t\t}\n\n\t\t$logExtra = [\n\t\t\t'source' => $this->getActionTypeDesc($action),\n\t\t\t'action' => $action,\n\t\t\t'user' => self::$userinfo['loginname']\n\t\t];\n\n\t\tswitch ($type) {\n\t\t\tcase LOG_DEBUG:\n\t\t\t\tself::$ml->addDebug($text, $logExtra);\n\t\t\t\tbreak;\n\t\t\tcase LOG_INFO:\n\t\t\t\tself::$ml->addInfo($text, $logExtra);\n\t\t\t\tbreak;\n\t\t\tcase LOG_NOTICE:\n\t\t\t\tself::$ml->addNotice($text, $logExtra);\n\t\t\t\tbreak;\n\t\t\tcase LOG_WARNING:\n\t\t\t\tself::$ml->addWarning($text, $logExtra);\n\t\t\t\tbreak;\n\t\t\tcase LOG_ERR:\n\t\t\t\tself::$ml->addError($text, $logExtra);\n\t\t\t\tbreak;\n\t\t\tdefault:\n\t\t\t\tself::$ml->addDebug($text, $logExtra);\n\t\t}\n\t}\n\n\t/**\n\t * @param int $type\n\t * @return string\n\t */\n\tpublic function getLogLevelDesc(int $type): string\n\t{\n\t\tswitch ($type) {\n\t\t\tcase LOG_INFO:\n\t\t\t\t$_type = 'information';\n\t\t\t\tbreak;\n\t\t\tcase LOG_NOTICE:\n\t\t\t\t$_type = 'notice';\n\t\t\t\tbreak;\n\t\t\tcase LOG_WARNING:\n\t\t\t\t$_type = 'warning';\n\t\t\t\tbreak;\n\t\t\tcase LOG_ERR:\n\t\t\t\t$_type = 'error';\n\t\t\t\tbreak;\n\t\t\tcase LOG_CRIT:\n\t\t\t\t$_type = 'critical';\n\t\t\t\tbreak;\n\t\t\tcase LOG_DEBUG:\n\t\t\t\t$_type = 'debug';\n\t\t\t\tbreak;\n\t\t\tdefault:\n\t\t\t\t$_type = 'unknown';\n\t\t\t\tbreak;\n\t\t}\n\t\treturn $_type;\n\t}\n\n\t/**\n\t * @param $action\n\t * @return string\n\t */\n\tprivate function getActionTypeDesc($action): string\n\t{\n\t\tswitch ($action) {\n\t\t\tcase FroxlorLogger::USR_ACTION:\n\t\t\t\t$_action = 'user';\n\t\t\t\tbreak;\n\t\t\tcase FroxlorLogger::ADM_ACTION:\n\t\t\t\t$_action = 'admin';\n\t\t\t\tbreak;\n\t\t\tcase FroxlorLogger::RES_ACTION:\n\t\t\t\t$_action = 'reseller';\n\t\t\t\tbreak;\n\t\t\tcase FroxlorLogger::CRON_ACTION:\n\t\t\t\t$_action = 'cron';\n\t\t\t\tbreak;\n\t\t\tcase FroxlorLogger::LOGIN_ACTION:\n\t\t\t\t$_action = 'login';\n\t\t\t\tbreak;\n\t\t\tdefault:\n\t\t\t\t$_action = 'unknown';\n\t\t\t\tbreak;\n\t\t}\n\t\treturn $_action;\n\t}\n\n\t/**\n\t * Set whether to log cron-runs\n\t *\n\t * @param int $cronlog\n\t *\n\t * @return int\n\t */\n\tpublic function setCronLog(int $cronlog = 0): int\n\t{\n\t\tif ($cronlog < 0 || $cronlog > 2) {\n\t\t\t$cronlog = 0;\n\t\t}\n\t\tSettings::Set('logger.log_cron', $cronlog);\n\t\treturn $cronlog;\n\t}\n\n\t/**\n\t * setter for crondebug-flag\n\t *\n\t * @param bool $flag\n\t *\n\t * @return void\n\t */\n\tpublic function setCronDebugFlag(bool $flag = false)\n\t{\n\t\tself::$crondebug_flag = $flag;\n\t}\n}\n" }, { "path": "lib/Froxlor/FroxlorTwoFactorAuth.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor;\n\nuse RobThree\\Auth\\TwoFactorAuth;\n\nclass FroxlorTwoFactorAuth extends TwoFactorAuth\n{\n}\n" }, { "path": "lib/Froxlor/Http/Directory.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Http;\n\nuse Froxlor\\Database\\Database;\nuse Froxlor\\FileDir;\n\n/**\n * Class frxDirectory handles directory actions and gives information\n * about a given directory in connections with its usage in froxlor\n */\nclass Directory\n{\n\n\t/**\n\t * directory string\n\t *\n\t * @var string\n\t */\n\tprivate $dir = null;\n\n\t/**\n\t * class constructor, optionally set directory\n\t *\n\t * @param string $dir\n\t */\n\tpublic function __construct(?string $dir = null)\n\t{\n\t\t$this->dir = $dir;\n\t}\n\n\t/**\n\t * check whether the directory has options set in panel_htaccess\n\t *\n\t * @return bool\n\t */\n\tpublic function hasUserOptions(): bool\n\t{\n\t\t$uo_stmt = Database::prepare(\"\n\t\t\tSELECT COUNT(`id`) as `usropts` FROM `\" . TABLE_PANEL_HTACCESS . \"` WHERE `path` = :dir\n\t\t\");\n\t\t$uo_res = Database::pexecute_first($uo_stmt, [\n\t\t\t'dir' => FileDir::makeCorrectDir($this->dir)\n\t\t]);\n\t\tif ($uo_res && isset($uo_res['usropts'])) {\n\t\t\treturn $uo_res['usropts'] > 0;\n\t\t}\n\t\treturn false;\n\t}\n\n\t/**\n\t * check whether the directory is protected using panel_htpasswd\n\t *\n\t * @return bool\n\t */\n\tpublic function isUserProtected(): bool\n\t{\n\t\t$up_stmt = Database::prepare(\"\n\t\t\tSELECT COUNT(`id`) as `usrprot` FROM `\" . TABLE_PANEL_HTPASSWDS . \"` WHERE `path` = :dir\n\t\t\");\n\t\t$up_res = Database::pexecute_first($up_stmt, [\n\t\t\t'dir' => FileDir::makeCorrectDir($this->dir)\n\t\t]);\n\t\tif ($up_res && isset($up_res['usrprot'])) {\n\t\t\treturn $up_res['usrprot'] > 0;\n\t\t}\n\t\treturn false;\n\t}\n\n\t/**\n\t * Checks if a given directory is valid for multiple configurations\n\t * or should rather be used as a single file\n\t *\n\t * @param bool $ifexists also check whether file/dir exists\n\t *\n\t * @return bool true if usable as dir, false otherwise\n\t */\n\tpublic function isConfigDir(bool $ifexists = false): bool\n\t{\n\t\tif (is_null($this->dir)) {\n\t\t\ttrigger_error(__CLASS__ . '::' . __FUNCTION__ . ' has been called with a null value', E_USER_WARNING);\n\t\t\treturn false;\n\t\t}\n\n\t\tif (file_exists($this->dir)) {\n\t\t\tif (is_dir($this->dir)) {\n\t\t\t\t$returnval = true;\n\t\t\t} else {\n\t\t\t\t$returnval = false;\n\t\t\t}\n\t\t} else {\n\t\t\tif (!$ifexists) {\n\t\t\t\tif (substr($this->dir, -1) == '/') {\n\t\t\t\t\t$returnval = true;\n\t\t\t\t} else {\n\t\t\t\t\t$returnval = false;\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\t$returnval = false;\n\t\t\t}\n\t\t}\n\t\treturn $returnval;\n\t}\n}\n" }, { "path": "lib/Froxlor/Http/HttpClient.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Http;\n\nuse Exception;\nuse Froxlor\\Froxlor;\n\nclass HttpClient\n{\n\t/**\n\t * Executes simple GET request\n\t *\n\t * @param string $url\n\t * @param bool $follow_location\n\t * @param int $timeout\n\t *\n\t * @return bool|string\n\t * @throws Exception\n\t */\n\tpublic static function urlGet(string $url, bool $follow_location = true, int $timeout = 10)\n\t{\n\t\t$ch = curl_init();\n\t\tcurl_setopt($ch, CURLOPT_URL, $url);\n\t\tcurl_setopt($ch, CURLOPT_USERAGENT, 'Froxlor/' . Froxlor::getVersion());\n\t\tif ($follow_location) {\n\t\t\tcurl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);\n\t\t}\n\t\tcurl_setopt($ch, CURLOPT_TIMEOUT, (int)$timeout);\n\t\tcurl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);\n\t\t$output = curl_exec($ch);\n\t\tif ($output === false) {\n\t\t\t$e = curl_error($ch);\n\t\t\tthrow new Exception(\"Curl error: \" . $e);\n\t\t}\n\t\treturn $output;\n\t}\n\n\t/**\n\t * Downloads and stores a file from an url\n\t *\n\t * @param string $url\n\t * @param string $target\n\t *\n\t * @return bool|string\n\t * @throws Exception\n\t */\n\tpublic static function fileGet(string $url, string $target)\n\t{\n\t\t$fh = fopen($target, 'w');\n\t\t$ch = curl_init();\n\t\tcurl_setopt($ch, CURLOPT_URL, $url);\n\t\tcurl_setopt($ch, CURLOPT_USERAGENT, 'Froxlor/' . Froxlor::getVersion());\n\t\tcurl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);\n\t\tcurl_setopt($ch, CURLOPT_TIMEOUT, 50);\n\t\t// give curl the file pointer so that it can write to it\n\t\tcurl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);\n\t\tcurl_setopt($ch, CURLOPT_FILE, $fh);\n\t\t$output = curl_exec($ch);\n\t\tif ($output === false) {\n\t\t\t$e = curl_error($ch);\n\t\t\tthrow new Exception(\"Curl error: \" . $e);\n\t\t}\n\t\treturn $output;\n\t}\n}\n" }, { "path": "lib/Froxlor/Http/PhpConfig.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Http;\n\nuse Froxlor\\Database\\Database;\nuse PDO;\n\nclass PhpConfig\n{\n\n\t/**\n\t * returns an array of existing php-configurations\n\t * in our database for the settings-array\n\t *\n\t * @return array\n\t */\n\tpublic static function getPhpConfigs(): array\n\t{\n\t\t$configs_array = [];\n\n\t\t// check if table exists because this is used in a preconfig\n\t\t// where the tables possibly does not exist yet\n\t\t$results = Database::query(\"SHOW TABLES LIKE '\" . TABLE_PANEL_PHPCONFIGS . \"'\");\n\t\tif (!$results) {\n\t\t\t$configs_array[1] = 'Default php.ini';\n\t\t} else {\n\t\t\t// get all configs\n\t\t\t$result_stmt = Database::query(\"SELECT * FROM `\" . TABLE_PANEL_PHPCONFIGS . \"`\");\n\t\t\twhile ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\tif (!isset($configs_array[$row['id']]) && !in_array($row['id'], $configs_array)) {\n\t\t\t\t\t$configs_array[$row['id']] = html_entity_decode($row['description']);\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t\treturn $configs_array;\n\t}\n}\n" }, { "path": "lib/Froxlor/Http/RateLimiter.php", "content": " $reset) {\n\t\t\t$remaining = self::$limit_per_interval;\n\t\t\t$reset = self::$reset_time;\n\t\t}\n\n\t\t// If we've hit the limit, return an error\n\t\tif ($remaining <= 0) {\n\t\t\theader('HTTP/1.1 429 Too Many Requests');\n\t\t\theader(\"Retry-After: $reset\");\n\t\t\tUI::twig()->addGlobal('install_mode', '1');\n\t\t\techo UI::twig()->render('Froxlor/misc/ratelimithint.html.twig', [\n\t\t\t\t'retry' => $reset,\n\t\t\t\t'installdir' => Froxlor::getInstallDir()\n\t\t\t]);\n\t\t\tdie();\n\t\t}\n\n\t\t// Decrement the remaining requests and update the headers\n\t\t$remaining--;\n\t\t$_SESSION['HTTP_X_RATELIMIT_REMAINING'] = $remaining;\n\t\t$_SESSION['HTTP_X_RATELIMIT_RESET'] = $reset;\n\n\t\theader(\"X-RateLimit-Limit: \" . self::$limit_per_interval);\n\t\theader(\"X-RateLimit-Remaining: \" . $remaining);\n\t\theader(\"X-RateLimit-Reset: \" . $reset);\n\t}\n}\n" }, { "path": "lib/Froxlor/Http/Statistics.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Http;\n\nuse Froxlor\\FileDir;\nuse Froxlor\\Froxlor;\nuse Froxlor\\Settings;\n\nclass Statistics\n{\n\n\t/**\n\t * Create or modify the AWStats configuration file for the given domain.\n\t * Modified by Berend Dekens to allow custom configurations.\n\t *\n\t * @param string $logFile\n\t * @param string $siteDomain\n\t * @param string $hostAliases\n\t * @param string $customerDocroot\n\t * @param array $domain_data\n\t *\n\t * @return null\n\t * @throws \\Exception\n\t */\n\tpublic static function createAWStatsConf(\n\t\tstring $logFile,\n\t\tstring $siteDomain,\n\t\tstring $hostAliases,\n\t\tstring $customerDocroot,\n\t\tarray $domain_data = []\n\t) {\n\t\t// Generation header\n\t\t$header = \"## GENERATED BY FROXLOR\\n\";\n\t\t$header2 = \"## Do not remove the line above! This tells Froxlor to update this configuration\\n## If you wish to manually change this configuration file, remove the first line to make sure Froxlor won't rebuild this file\\n## Generated for domain {SITE_DOMAIN} on \" . date('l dS \\of F Y h:i:s A') . \"\\n\";\n\n\t\t$awstats_dir = FileDir::makeCorrectDir($customerDocroot . '/awstats/' . $siteDomain . '/');\n\t\tif (!is_dir($awstats_dir)) {\n\t\t\tFileDir::safe_exec('mkdir -p ' . escapeshellarg($awstats_dir));\n\t\t}\n\t\t// chown created folder, #258\n\t\tself::makeChownWithNewStats($domain_data);\n\n\t\t// weird but could happen...\n\t\tif (!is_dir(Settings::Get('system.awstats_conf'))) {\n\t\t\tFileDir::safe_exec('mkdir -p ' . escapeshellarg(Settings::Get('system.awstats_conf')));\n\t\t}\n\n\t\t$logformat = Settings::Get('system.awstats_logformat');\n\t\tif (!is_numeric($logformat)) {\n\t\t\t// if LogFormat is NOT numeric (e.g. 1,2,3,4), we quote it.\n\t\t\t// 1-4 are pre-defined formats by awstats which must not be quoted to work properly. So if\n\t\t\t// it is not a integer, it is something customized and we simply quote it.\n\t\t\t// Only escaping double-quote should be fine, as we only put the whole string under double-quote.\n\t\t\t$logformat = '\"' . str_replace('\"', '\\\"', Settings::Get('system.awstats_logformat')) . '\"';\n\t\t}\n\n\t\t// These are the variables we will replace\n\t\t$regex = [\n\t\t\t'/\\{LOG_FILE\\}/',\n\t\t\t'/\\{SITE_DOMAIN\\}/',\n\t\t\t'/\\{HOST_ALIASES\\}/',\n\t\t\t'/\\{CUSTOMER_DOCROOT\\}/',\n\t\t\t'/\\{AWSTATS_CONF\\}/',\n\t\t\t'/\\{AWSTATS_LOGFORMAT\\}/'\n\t\t];\n\t\t$replace = [\n\t\t\tFileDir::makeCorrectFile($logFile),\n\t\t\t$siteDomain,\n\t\t\t$hostAliases,\n\t\t\t$awstats_dir,\n\t\t\tFileDir::makeCorrectDir(Settings::Get('system.awstats_conf')),\n\t\t\t$logformat\n\t\t];\n\n\t\t// File names\n\t\t$domain_file = FileDir::makeCorrectFile(Settings::Get('system.awstats_conf') . '/awstats.' . $siteDomain . '.conf');\n\t\t$model_file = Froxlor::getInstallDir() . '/templates/misc/awstats/awstats.froxlor.model.conf';\n\t\t$model_file = FileDir::makeCorrectFile($model_file);\n\n\t\t// Test if the file exists\n\t\tif (file_exists($domain_file)) {\n\t\t\t// Check for the generated header - if this is a manual modification we won't update\n\t\t\t$awstats_domain_conf = fopen($domain_file, 'r');\n\n\t\t\tif (fgets($awstats_domain_conf, strlen($header)) != $header) {\n\t\t\t\tfclose($awstats_domain_conf);\n\t\t\t\treturn;\n\t\t\t}\n\n\t\t\t// Close the file\n\t\t\tfclose($awstats_domain_conf);\n\t\t}\n\n\t\t$awstats_domain_conf = fopen($domain_file, 'w');\n\t\t$awstats_model_conf = fopen($model_file, 'r');\n\n\t\t// Write the header\n\t\tfwrite($awstats_domain_conf, $header);\n\t\tfwrite($awstats_domain_conf, preg_replace($regex, $replace, $header2));\n\n\t\t// Write the configuration file\n\t\twhile (($line = fgets($awstats_model_conf, 4096)) !== false) {\n\t\t\tif (!preg_match('/^#/', $line) && trim($line) != '') {\n\t\t\t\tfwrite($awstats_domain_conf, preg_replace($regex, $replace, $line));\n\t\t\t}\n\t\t}\n\n\t\tfclose($awstats_domain_conf);\n\t\tfclose($awstats_model_conf);\n\t}\n\n\t/**\n\t * chowns stats-tools folder, either with webserver-user or\n\t * if fcgid/php-fpm is used, the customers name, #258\n\t *\n\t * @param array $row array of panel_customers\n\t *\n\t * @return void\n\t * @throws \\Exception\n\t */\n\tpublic static function makeChownWithNewStats(array $row)\n\t{\n\t\t// get correct user\n\t\tif ((Settings::Get('system.mod_fcgid') == '1' || Settings::Get('phpfpm.enabled') == '1') && isset($row['deactivated']) && $row['deactivated'] == '0') {\n\t\t\t$user = $row['loginname'];\n\t\t\t$group = $row['loginname'];\n\t\t} else {\n\t\t\t$user = $row['guid'];\n\t\t\t$group = $row['guid'];\n\t\t}\n\n\t\t// get correct directory\n\t\t$dir = $row['documentroot'] . '/' . Settings::Get('system.traffictool') . '/';\n\n\t\t// only run chown if directory exists\n\t\tif (file_exists($dir)) {\n\t\t\t// run chown\n\t\t\tFileDir::safe_exec('chown -R ' . escapeshellarg($user) . ':' . escapeshellarg($group) . ' ' . escapeshellarg(FileDir::makeCorrectDir($dir)));\n\t\t}\n\t}\n}\n" }, { "path": "lib/Froxlor/Http/index.html", "content": "" }, { "path": "lib/Froxlor/Idna/IdnaWrapper.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Idna;\n\nuse Algo26\\IdnaConvert\\IdnaConvert;\nuse InvalidArgumentException;\n\n/**\n * Class for wrapping a specific idna conversion class and offering a standard interface\n *\n * @author Michael Duergner (2003-2009)\n */\nclass IdnaWrapper\n{\n\n\t/**\n\t * idna converter we use\n\t *\n\t * @var object\n\t */\n\tprivate $idna_converter;\n\n\t/**\n\t * Class constructor.\n\t * Creates a new idna converter\n\t */\n\tpublic function __construct()\n\t{\n\t\t// Instantiate it\n\t\t$this->idna_converter = new IdnaConvert();\n\t}\n\n\t/**\n\t * Encode a domain name, an email address or a list of one of both.\n\t *\n\t * @param string $to_encode May be either a single domain name, e single email address or a list of one\n\t * separated either by ',', ';' or ' '.\n\t *\n\t * @return string Returns either a single domain name, a single email address or a list of one of\n\t * both separated by the same string as the input.\n\t */\n\tpublic function encode(string $to_encode): string\n\t{\n\t\t$to_encode = $this->isUtf8($to_encode) ? $to_encode : mb_convert_encoding($to_encode, 'UTF-8');\n\t\ttry {\n\t\t\treturn $this->idna_converter->encode($to_encode);\n\t\t} catch (InvalidArgumentException $iae) {\n\t\t\tif ($iae->getCode() == 100) {\n\t\t\t\treturn $to_encode;\n\t\t\t}\n\t\t\tthrow $iae;\n\t\t}\n\t}\n\n\t/**\n\t * check whether a string is utf-8 encoded or not\n\t *\n\t * @param string $string\n\t *\n\t * @return boolean\n\t */\n\tprivate function isUtf8(string $string)\n\t{\n\t\tif (function_exists(\"mb_detect_encoding\")) {\n\t\t\tif (mb_detect_encoding($string, 'UTF-8, ISO-8859-1') === 'UTF-8') {\n\t\t\t\treturn true;\n\t\t\t}\n\t\t\treturn false;\n\t\t}\n\t\t$strlen = strlen($string);\n\t\tfor ($i = 0; $i < $strlen; $i++) {\n\t\t\t$ord = ord($string[$i]);\n\t\t\tif ($ord < 0x80) {\n\t\t\t\tcontinue; // 0bbbbbbb\n\t\t\t} elseif (($ord & 0xE0) === 0xC0 && $ord > 0xC1) {\n\t\t\t\t$n = 1; // 110bbbbb (exkl C0-C1)\n\t\t\t} elseif (($ord & 0xF0) === 0xE0) {\n\t\t\t\t$n = 2; // 1110bbbb\n\t\t\t} elseif (($ord & 0xF8) === 0xF0 && $ord < 0xF5) {\n\t\t\t\t$n = 3; // 11110bbb (exkl F5-FF)\n\t\t\t} else {\n\t\t\t\t// ungültiges UTF-8-Zeichen\n\t\t\t\treturn false;\n\t\t\t}\n\t\t\t// $n Folgebytes? // 10bbbbbb\n\t\t\tfor ($c = 0; $c < $n; $c++) {\n\t\t\t\tif (++$i === $strlen || (ord($string[$i]) & 0xC0) !== 0x80) {\n\t\t\t\t\t// ungültiges UTF-8-Zeichen\n\t\t\t\t\treturn false;\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t\t// kein ungültiges UTF-8-Zeichen gefunden\n\t\treturn true;\n\t}\n\n\t/**\n\t * Decode a domain name, an email address or a list of one of both.\n\t *\n\t * @param string $to_decode May be either a single domain name, e single email address or a list of one\n\t * separated either by ',', ';' or ' '.\n\t *\n\t * @return string Returns either a single domain name, a single email address or a list of one of\n\t * both separated by the same string as the input.\n\t */\n\tpublic function decode(string $to_decode): string\n\t{\n\t\treturn $this->idna_converter->decode($to_decode);\n\t}\n}\n" }, { "path": "lib/Froxlor/Idna/index.html", "content": "" }, { "path": "lib/Froxlor/Install/AutoUpdate.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Install;\n\nuse Exception;\nuse ZipArchive;\nuse Froxlor\\Froxlor;\nuse Froxlor\\Settings;\nuse Froxlor\\Http\\HttpClient;\n\nclass AutoUpdate\n{\n\t// define update-uri\n\tconst UPDATE_URI = \"https://version.froxlor.org/froxlor/api/v2/\";\n\tconst RELEASE_URI = \"https://autoupdate.froxlor.org/froxlor-{version}.zip\";\n\tconst CHECKSUM_URI = \"https://autoupdate.froxlor.org/froxlor-{version}.zip.sha256\";\n\n\tconst ERR_NOZIPEXT = 2;\n\tconst ERR_COULDNOTSTORE = 4;\n\tconst ERR_ZIPNOTFOUND = 7;\n\tconst ERR_COULDNOTEXTRACT = 8;\n\tconst ERR_CHKSUM_MISMATCH = 9;\n\tconst ERR_MINPHP = 10;\n\n\tprivate static $latestversion = \"\";\n\n\tprivate static $lasterror = \"\";\n\n\t/**\n\t * returns status about whether there is a newer version\n\t *\n\t * 0 = no new version available\n\t * 1 = new version available\n\t * -1 = remote error message\n\t * >1 = local error message\n\t *\n\t * @return int\n\t */\n\tpublic static function checkVersion(): int\n\t{\n\t\t$result = self::checkPrerequisites();\n\n\t\tif ($result == 0) {\n\t\t\ttry {\n\t\t\t\t$channel = '';\n\t\t\t\tif (Settings::Get('system.update_channel') == 'testing') {\n\t\t\t\t\t$channel = '/testing';\n\t\t\t\t} elseif (Settings::Get('system.update_channel') == 'nightly') {\n\t\t\t\t\tif (empty(Froxlor::BRANDING) || substr(Froxlor::BRANDING, 0, 1) == '-') {\n\t\t\t\t\t\t$channel = '/nightly.0000000';\n\t\t\t\t\t} else {\n\t\t\t\t\t\t$channel = '/' . substr(Froxlor::BRANDING, 1);\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\t$latestversion = HttpClient::urlGet(self::UPDATE_URI . Froxlor::VERSION . $channel, true, 3);\n\t\t\t} catch (Exception $e) {\n\t\t\t\tself::$lasterror = \"Version-check currently unavailable, please try again later\";\n\t\t\t\treturn -1;\n\t\t\t}\n\n\t\t\tself::$latestversion = json_decode($latestversion, true);\n\n\t\t\tif (self::$latestversion) {\n\t\t\t\tif (!empty(self::$latestversion['error']) && self::$latestversion['error']) {\n\t\t\t\t\t$result = -1;\n\t\t\t\t\tself::$lasterror = self::$latestversion['message'];\n\t\t\t\t} elseif (isset(self::$latestversion['has_latest']) && self::$latestversion['has_latest'] == false) {\n\t\t\t\t\t$result = 1;\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t\treturn $result;\n\t}\n\n\tpublic static function downloadZip(string $newversion)\n\t{\n\t\t// define files to get\n\t\t$toLoad = str_replace('{version}', $newversion, self::RELEASE_URI);\n\t\t$toCheck = str_replace('{version}', $newversion, self::CHECKSUM_URI);\n\n\t\t// check for local destination folder\n\t\tif (!is_dir(Froxlor::getInstallDir() . '/updates/')) {\n\t\t\tmkdir(Froxlor::getInstallDir() . '/updates/');\n\t\t}\n\n\t\t// name archive\n\t\t$localArchive = Froxlor::getInstallDir() . '/updates/' . basename($toLoad);\n\n\t\t// remove old archive\n\t\tif (file_exists($localArchive)) {\n\t\t\t@unlink($localArchive);\n\t\t}\n\n\t\t// get archive data\n\t\ttry {\n\t\t\tHttpClient::fileGet($toLoad, $localArchive);\n\t\t} catch (Exception $e) {\n\t\t\treturn self::ERR_COULDNOTSTORE;\n\t\t}\n\n\t\t// validate the integrity of the downloaded file\n\t\t$_shouldsum = HttpClient::urlGet($toCheck);\n\t\tif (!empty($_shouldsum)) {\n\t\t\t$_t = explode(\" \", $_shouldsum);\n\t\t\t$shouldsum = $_t[0];\n\t\t} else {\n\t\t\t$shouldsum = null;\n\t\t}\n\t\t$filesum = hash_file('sha256', $localArchive);\n\n\t\tif ($filesum != $shouldsum) {\n\t\t\treturn self::ERR_CHKSUM_MISMATCH;\n\t\t}\n\n\t\treturn basename($localArchive);\n\t}\n\n\tpublic static function extractZip(string $localArchive): int\n\t{\n\t\tif (!file_exists($localArchive)) {\n\t\t\treturn self::ERR_ZIPNOTFOUND;\n\t\t}\n\t\t// decompress from zip\n\t\t$zip = new ZipArchive();\n\t\t$res = $zip->open($localArchive);\n\t\tif ($res === true) {\n\t\t\t$zip->extractTo(Froxlor::getInstallDir());\n\t\t\t$zip->close();\n\t\t\t// success - remove unused archive\n\t\t\t@unlink($localArchive);\n\t\t\t// reset cached version check\n\t\t\tSettings::Set('system.updatecheck_data', '');\n\t\t\t// wait a bit before we redirect to be sure\n\t\t\tsleep(3);\n\t\t\treturn 0;\n\t\t}\n\t\treturn self::ERR_COULDNOTEXTRACT;\n\t}\n\n\tprivate static function checkPrerequisites(): int\n\t{\n\t\tif (!extension_loaded('zip')) {\n\t\t\treturn self::ERR_NOZIPEXT;\n\t\t}\n\t\tif (version_compare(\"7.4.0\", PHP_VERSION, \">=\")) {\n\t\t\treturn self::ERR_MINPHP;\n\t\t}\n\t\treturn 0;\n\t}\n\n\tpublic static function getLastError(): string\n\t{\n\t\treturn self::$lasterror ?? \"\";\n\t}\n\n\tpublic static function getFromResult(string $index)\n\t{\n\t\treturn self::$latestversion[$index] ?? \"\";\n\t}\n}\n" }, { "path": "lib/Froxlor/Install/Install/Core.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Install\\Install;\n\nuse Exception;\nuse Froxlor\\Config\\ConfigParser;\nuse Froxlor\\FileDir;\nuse Froxlor\\Froxlor;\nuse Froxlor\\PhpHelper;\nuse PDO;\nuse PDOException;\nuse PDOStatement;\n\n/**\n * Installation of the froxlor core database and set settings.\n */\nclass Core\n{\n\tprotected array $validatedData;\n\n\tpublic function __construct(array $validatedData)\n\t{\n\t\t$this->validatedData = $validatedData;\n\t}\n\n\t/**\n\t * no missing fields or data -> perform actual install\n\t *\n\t * @return void\n\t * @throws Exception\n\t */\n\tpublic function doInstall(bool $create_ud_str = true)\n\t{\n\t\t$options = [\n\t\t\t'PDO::MYSQL_ATTR_INIT_COMMAND' => 'SET names utf8'\n\t\t];\n\n\t\tif (!empty($this->validatedData['mysql_ssl_ca_file'])) {\n\t\t\t$options[PDO::MYSQL_ATTR_SSL_CA] = $this->validatedData['mysql_ssl_ca_file'];\n\t\t\t$options[PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT] = (bool)$this->validatedData['mysql_ssl_verify_server_certificate'];\n\t\t}\n\n\t\t$dsn = \"mysql:host=\" . $this->validatedData['mysql_host'] . \";\";\n\t\ttry {\n\t\t\t$db_root = new PDO($dsn, $this->validatedData['mysql_root_user'], $this->validatedData['mysql_root_pass'], $options);\n\t\t} catch (PDOException $e) {\n\t\t\t// login failed; try to log in without passwd\n\t\t\ttry {\n\t\t\t\t$db_root = new PDO($dsn, $this->validatedData['mysql_root_user'], '', $options);\n\t\t\t\t// set the given password\n\t\t\t\t$passwd_stmt = $db_root->prepare(\"\n\t\t\t\t\tSET PASSWORD = PASSWORD(:passwd)\n\t\t\t\t\");\n\t\t\t\t$passwd_stmt->execute([\n\t\t\t\t\t'passwd' => $this->validatedData['mysql_root_pass']\n\t\t\t\t]);\n\t\t\t} catch (PDOException $e) {\n\t\t\t\t// login has failed; with and without password\n\t\t\t\tthrow new Exception(lng('install.errors.privileged_sql_connection_failed'), 0, $e);\n\t\t\t}\n\t\t}\n\n\t\t$version_server = $db_root->getAttribute(PDO::ATTR_SERVER_VERSION);\n\t\t$sql_mode = 'NO_ENGINE_SUBSTITUTION';\n\t\tif (version_compare($version_server, '8.0.11', '<')) {\n\t\t\t$sql_mode .= ',NO_AUTO_CREATE_USER';\n\t\t}\n\t\t$db_root->exec('SET sql_mode = \"' . $sql_mode . '\"');\n\n\t\t// ok, if we are here, the database connection is up and running\n\t\t// check for existing pdo and create backup if so\n\t\t$this->backupExistingDatabase($db_root);\n\t\t// create unprivileged user and the database itself\n\t\t$this->createDatabaseAndUser($db_root);\n\t\t// importing data to new database\n\t\t$this->importDatabaseData();\n\n\t\t// create DB object for new database\n\t\t$options = [\n\t\t\t'PDO::MYSQL_ATTR_INIT_COMMAND' => 'SET names utf8'\n\t\t];\n\n\t\tif (!empty($this->validatedData['mysql_ssl_ca_file']) && isset($this->validatedData['mysql_ssl_verify_server_certificate'])) {\n\t\t\t$options[PDO::MYSQL_ATTR_SSL_CA] = $this->validatedData['mysql_ssl_ca_file'];\n\t\t\t$options[PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT] = (bool)$this->validatedData['mysql_ssl_verify_server_certificate'];\n\t\t}\n\n\t\t$pdo = $this->getUnprivilegedPdo();\n\n\t\t// change settings accordingly\n\t\t$this->doSettings($pdo);\n\t\t// create entries\n\t\t$this->doDataEntries($pdo);\n\t\t// create JSON array for config-services\n\t\t$this->createJsonArray($pdo);\n\t\tif ($create_ud_str) {\n\t\t\t$this->createUserdataParamStr();\n\t\t}\n\t}\n\n\t/**\n\t * @throws Exception\n\t */\n\tpublic function getUnprivilegedPdo(): PDO\n\t{\n\t\t$options = [\n\t\t\t'PDO::MYSQL_ATTR_INIT_COMMAND' => 'SET names utf8'\n\t\t];\n\n\t\tif (!empty($this->validatedData['mysql_ssl_ca_file'])) {\n\t\t\t$options[PDO::MYSQL_ATTR_SSL_CA] = $this->validatedData['mysql_ssl_ca_file'];\n\t\t\t$options[PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT] = (bool)$this->validatedData['mysql_ssl_verify_server_certificate'];\n\t\t}\n\n\t\t$dsn = \"mysql:host=\" . $this->validatedData['mysql_host'] . \";dbname=\" . $this->validatedData['mysql_database'] . \";\";\n\t\ttry {\n\t\t\t$pdo = new PDO($dsn, $this->validatedData['mysql_unprivileged_user'], $this->validatedData['mysql_unprivileged_pass'], $options);\n\t\t\t$version_server = $pdo->getAttribute(PDO::ATTR_SERVER_VERSION);\n\t\t\t$sql_mode = 'NO_ENGINE_SUBSTITUTION';\n\t\t\tif (version_compare($version_server, '8.0.11', '<')) {\n\t\t\t\t$sql_mode .= ',NO_AUTO_CREATE_USER';\n\t\t\t}\n\t\t\t$pdo->exec('SET sql_mode = \"' . $sql_mode . '\"');\n\t\t\treturn $pdo;\n\t\t} catch (PDOException $e) {\n\t\t\tthrow new Exception(lng('install.errors.unexpected_database_error', [$e->getMessage()]), 0, $e);\n\t\t}\n\t}\n\n\t/**\n\t * Check if an old database exists and back it up if necessary\n\t *\n\t * @param object $db_root\n\t * @return void\n\t * @throws Exception\n\t */\n\tprivate function backupExistingDatabase(object &$db_root)\n\t{\n\t\t// check for existing of former database\n\t\t$stmt = $db_root->prepare(\"SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA WHERE SCHEMA_NAME = :database\");\n\t\t$stmt->execute([\n\t\t\t'database' => $this->validatedData['mysql_database']\n\t\t]);\n\t\t$rows = $db_root->query(\"SELECT FOUND_ROWS()\")->fetchColumn();\n\n\t\t// backup tables if exist\n\t\tif ($rows > 0) {\n\t\t\tif (!$this->validatedData['mysql_force_create']) {\n\t\t\t\tthrow new Exception(lng('install.errors.database_already_exiting'));\n\t\t\t}\n\n\t\t\t// create temporary backup-filename\n\t\t\t$filename = \"/tmp/froxlor_backup_\" . date('YmdHi') . \".sql\";\n\n\t\t\t// look for mysqldump\n\t\t\t$section = 'mysqldump';\n\t\t\tif (file_exists(\"/usr/bin/mysqldump\")) {\n\t\t\t\t$mysql_dump = '/usr/bin/mysqldump';\n\t\t\t} elseif (file_exists(\"/usr/local/bin/mysqldump\")) {\n\t\t\t\t$mysql_dump = '/usr/local/bin/mysqldump';\n\t\t\t} elseif (file_exists(\"/usr/bin/mariadb-dump\")) {\n\t\t\t\t$mysql_dump = '/usr/bin/mariadb-dump';\n\t\t\t\t$section = 'mariadb-dump';\n\t\t\t}\n\n\t\t\t// create temporary .cnf file\n\t\t\t$cnffilename = \"/tmp/froxlor_dump.cnf\";\n\t\t\t$dumpcnf = \"[\".$section.\"]\" . PHP_EOL . \"password=\\\"\" . $this->validatedData['mysql_root_pass'] . \"\\\"\" . PHP_EOL;\n\t\t\tfile_put_contents($cnffilename, $dumpcnf);\n\n\t\t\t// make the backup\n\t\t\tif (isset($mysql_dump)) {\n\t\t\t\t$command = $mysql_dump . \" --defaults-extra-file=\" . $cnffilename . \" \" . escapeshellarg($this->validatedData['mysql_database']) . \" -u \" . escapeshellarg($this->validatedData['mysql_root_user']) . \" --result-file=\" . $filename;\n\t\t\t\t$output = [];\n\t\t\t\texec($command, $output);\n\t\t\t\t@unlink($cnffilename);\n\t\t\t\tif (stristr(implode(\" \", $output), \"error\")) {\n\t\t\t\t\tthrow new Exception(lng('install.errors.mysqldump_backup_failed'));\n\t\t\t\t} elseif (!file_exists($filename)) {\n\t\t\t\t\tthrow new Exception(lng('install.errors.sql_backup_file_missing'));\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\tthrow new Exception(lng('install.errors.backup_binary_missing'));\n\t\t\t}\n\t\t}\n\t}\n\n\t/**\n\t * Create database and database-user\n\t *\n\t * @param object $db_root\n\t * @return void\n\t * @throws Exception\n\t */\n\tprivate function createDatabaseAndUser(object &$db_root)\n\t{\n\t\t$this->validatedData['mysql_access_host'] = $this->validatedData['mysql_host'];\n\n\t\t// so first we have to delete the database and\n\t\t// the user given for the unpriv-user if they exit\n\t\t$del_stmt = $db_root->prepare(\"DELETE FROM `mysql`.`user` WHERE `User` = :user AND `Host` = :accesshost\");\n\t\t$del_stmt->execute([\n\t\t\t'user' => $this->validatedData['mysql_unprivileged_user'],\n\t\t\t'accesshost' => $this->validatedData['mysql_access_host']\n\t\t]);\n\n\t\t$del_stmt = $db_root->prepare(\"DELETE FROM `mysql`.`db` WHERE `User` = :user AND `Host` = :accesshost\");\n\t\t$del_stmt->execute([\n\t\t\t'user' => $this->validatedData['mysql_unprivileged_user'],\n\t\t\t'accesshost' => $this->validatedData['mysql_access_host']\n\t\t]);\n\n\t\t$del_stmt = $db_root->prepare(\"DELETE FROM `mysql`.`tables_priv` WHERE `User` = :user AND `Host` =:accesshost\");\n\t\t$del_stmt->execute([\n\t\t\t'user' => $this->validatedData['mysql_unprivileged_user'],\n\t\t\t'accesshost' => $this->validatedData['mysql_access_host']\n\t\t]);\n\n\t\t$del_stmt = $db_root->prepare(\"DELETE FROM `mysql`.`columns_priv` WHERE `User` = :user AND `Host` = :accesshost\");\n\t\t$del_stmt->execute([\n\t\t\t'user' => $this->validatedData['mysql_unprivileged_user'],\n\t\t\t'accesshost' => $this->validatedData['mysql_access_host']\n\t\t]);\n\n\t\t$del_stmt = $db_root->prepare(\"DROP DATABASE IF EXISTS `\" . str_replace('`', '', $this->validatedData['mysql_database']) . \"`;\");\n\t\t$del_stmt->execute();\n\n\t\t$db_root->query(\"FLUSH PRIVILEGES;\");\n\n\t\t// we have to create a new user and database for the froxlor unprivileged mysql access\n\t\t$ins_stmt = $db_root->prepare(\"CREATE DATABASE `\" . str_replace('`', '', $this->validatedData['mysql_database']) . \"` CHARACTER SET=utf8 COLLATE=utf8_general_ci\");\n\t\t$ins_stmt->execute();\n\n\n\t\t$mysql_access_host_array = array_map('trim', explode(',', $this->validatedData['mysql_access_host']));\n\n\t\tif (in_array('127.0.0.1', $mysql_access_host_array) && !in_array('localhost', $mysql_access_host_array)) {\n\t\t\t$mysql_access_host_array[] = 'localhost';\n\t\t}\n\t\tif (!in_array('127.0.0.1', $mysql_access_host_array) && in_array('localhost', $mysql_access_host_array)) {\n\t\t\t$mysql_access_host_array[] = '127.0.0.1';\n\t\t}\n\t\tif (!empty($this->validatedData['serveripv4']) && !in_array($this->validatedData['serveripv4'], $mysql_access_host_array)) {\n\t\t\t$mysql_access_host_array[] = $this->validatedData['serveripv4'];\n\t\t}\n\t\tif (!empty($this->validatedData['serveripv6']) && !in_array($this->validatedData['serveripv6'], $mysql_access_host_array)) {\n\t\t\t$mysql_access_host_array[] = $this->validatedData['serveripv6'];\n\t\t}\n\t\t$mysql_access_host_array = array_unique($mysql_access_host_array);\n\n\t\tforeach ($mysql_access_host_array as $mysql_access_host) {\n\t\t\t$this->grantDbPrivilegesTo($db_root, $this->validatedData['mysql_database'], $this->validatedData['mysql_unprivileged_user'], $this->validatedData['mysql_unprivileged_pass'], $mysql_access_host);\n\t\t}\n\n\t\t$db_root->query(\"FLUSH PRIVILEGES;\");\n\t\t$this->validatedData['mysql_access_host'] = implode(',', $mysql_access_host_array);\n\t}\n\n\t/**\n\t * Grant privileges to given user.\n\t *\n\t * @param $db_root\n\t * @param $database\n\t * @param $username\n\t * @param $password\n\t * @param $access_host\n\t * @return void\n\t * @throws Exception\n\t */\n\tprivate function grantDbPrivilegesTo(&$db_root, $database, $username, $password, $access_host)\n\t{\n\t\tif ($this->validatedData['mysql_force_create']) {\n\t\t\ttry {\n\t\t\t\t// try to drop the user, but ignore exceptions as the mysql-access-hosts might\n\t\t\t\t// have changed and we would try to drop a non-existing user\n\t\t\t\t$drop_stmt = $db_root->prepare(\"DROP USER :username@:host\");\n\t\t\t\t$drop_stmt->execute([\n\t\t\t\t\t\"username\" => $username,\n\t\t\t\t\t\"host\" => $access_host\n\t\t\t\t]);\n\t\t\t} catch (PDOException $e) {\n\t\t\t\t/* continue */\n\t\t\t}\n\t\t}\n\t\tif (version_compare($db_root->getAttribute(PDO::ATTR_SERVER_VERSION), '8.0.11', '>=')) {\n\t\t\t// mariadb & mysql8\n\t\t\t// create user\n\t\t\t$stmt = $db_root->prepare(\"CREATE USER '\" . $username . \"'@'\" . $access_host . \"' IDENTIFIED BY :password\");\n\t\t\t$stmt->execute([\n\t\t\t\t\"password\" => $password\n\t\t\t]);\n\t\t\t// grant privileges\n\t\t\t$stmt = $db_root->prepare(\"GRANT ALL ON `\" . $database . \"`.* TO :username@:host\");\n\t\t\t$stmt->execute([\n\t\t\t\t\"username\" => $username,\n\t\t\t\t\"host\" => $access_host\n\t\t\t]);\n\t\t} else {\n\t\t\t// grant privileges\n\t\t\t$stmt = $db_root->prepare(\"GRANT ALL PRIVILEGES ON `\" . $database . \"`.* TO :username@:host IDENTIFIED BY :password\");\n\t\t\t$stmt->execute([\n\t\t\t\t\"username\" => $username,\n\t\t\t\t\"host\" => $access_host,\n\t\t\t\t\"password\" => $password\n\t\t\t]);\n\t\t}\n\t}\n\n\t/**\n\t * Import froxlor.sql into database\n\t *\n\t * @return void\n\t * @throws Exception\n\t */\n\tprivate function importDatabaseData()\n\t{\n\t\ttry {\n\t\t\t$pdo = $this->getUnprivilegedPdo();\n\t\t} catch (PDOException $e) {\n\t\t\tthrow new Exception(lng('install.errors.unprivileged_sql_connection_failed'));\n\t\t}\n\n\t\t// actually import data\n\t\ttry {\n\t\t\t$froxlorSQL = include dirname(__FILE__, 5) . '/install/froxlor.sql.php';\n\n\t\t\t$pdo->query($froxlorSQL);\n\t\t} catch (PDOException $e) {\n\t\t\tthrow new Exception(lng('install.errors.sql_import_failed', [$e->getMessage()]), 0, $e);\n\t\t}\n\t}\n\n\t/**\n\t * change settings according to users input\n\t *\n\t * @param object $db_user\n\t * @return void\n\t * @throws Exception\n\t */\n\tprivate function doSettings(object &$db_user)\n\t{\n\t\t$upd_stmt = $db_user->prepare(\"\n\t\t\tUPDATE `\" . TABLE_PANEL_SETTINGS . \"` SET `value` = :value\n\t\t\tWHERE `settinggroup` = :group AND `varname` = :varname\n\t\t\");\n\n\t\t$mainip = !empty($this->validatedData['serveripv6']) ? $this->validatedData['serveripv6'] : $this->validatedData['serveripv4'];\n\n\t\tif ($this->validatedData['use_admin_email_as_sender'] == '1') {\n\t\t\t$adminmail_value = $this->validatedData['admin_email'];\n\t\t} elseif ($this->validatedData['use_admin_email_as_sender'] == '0' && !empty($this->validatedData['sender_email'])) {\n\t\t\t$adminmail_value = $this->validatedData['sender_email'];\n\t\t} else {\n\t\t\t$adminmail_value = 'admin@' . $this->validatedData['servername'];\n\t\t}\n\t\t$this->updateSetting($upd_stmt, $adminmail_value, 'panel', 'adminmail');\n\t\t$this->updateSetting($upd_stmt, $mainip, 'system', 'ipaddress');\n\t\tif ($this->validatedData['use_ssl']) {\n\t\t\t$this->updateSetting($upd_stmt, 1, 'system', 'use_ssl');\n\t\t\t$this->updateSetting($upd_stmt, 1, 'system', 'leenabled');\n\t\t\t$this->updateSetting($upd_stmt, 1, 'system', 'le_froxlor_enabled');\n\t\t}\n\t\t$this->updateSetting($upd_stmt, strtolower($this->validatedData['servername']), 'system', 'hostname');\n\t\t$this->updateSetting($upd_stmt, 'en', 'panel', 'standardlanguage'); // TODO: set language\n\t\t$this->updateSetting($upd_stmt, $this->validatedData['mysql_access_host'], 'system', 'mysql_access_host');\n\t\t$this->updateSetting($upd_stmt, $this->validatedData['webserver'], 'system', 'webserver');\n\t\t$this->updateSetting($upd_stmt, $this->validatedData['httpuser'], 'system', 'httpuser');\n\t\t$this->updateSetting($upd_stmt, $this->validatedData['httpgroup'], 'system', 'httpgroup');\n\t\t$this->updateSetting($upd_stmt, $this->validatedData['distribution'], 'system', 'distribution');\n\n\t\t// necessary changes for webservers != apache2\n\t\tif ($this->validatedData['webserver'] == \"apache24\") {\n\t\t\t$this->updateSetting($upd_stmt, 'apache2', 'system', 'webserver');\n\t\t\t$this->updateSetting($upd_stmt, '1', 'system', 'apache24');\n\t\t} elseif ($this->validatedData['webserver'] == \"nginx\") {\n\t\t\t$this->updateSetting($upd_stmt, '/var/run/', 'phpfpm', 'fastcgi_ipcdir');\n\t\t\t$this->updateSetting($upd_stmt, 'error', 'system', 'errorlog_level');\n\t\t}\n\n\t\t$distros = glob(FileDir::makeCorrectDir(Froxlor::getInstallDir() . '/lib/configfiles/') . '*.xml');\n\t\tforeach ($distros as $_distribution) {\n\t\t\tif ($this->validatedData['distribution'] == str_replace(\".xml\", \"\", strtolower(basename($_distribution)))) {\n\t\t\t\t$dist = new ConfigParser($_distribution);\n\t\t\t\t$defaults = $dist->getDefaults();\n\t\t\t\tif (!empty($defaults)) {\n\t\t\t\t\tforeach ($defaults as $property) {\n\t\t\t\t\t\tif (!isset($property->attributes()->for) || (isset($property->attributes()->for) && $property->attributes()->for == $this->validatedData['webserver'])) {\n\t\t\t\t\t\t\t$this->updateSetting($upd_stmt, $property->attributes()->value, $property->attributes()->settinggroup, $property->attributes()->varname);\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\t$this->updateSetting($upd_stmt, $this->validatedData['activate_newsfeed'], 'admin', 'show_news_feed');\n\t\t$this->updateSetting($upd_stmt, dirname(__FILE__, 5), 'system', 'letsencryptchallengepath');\n\t\t$this->updateSetting($upd_stmt, dirname(__FILE__, 5) . '/templates/misc/deactivated/', 'system', 'deactivateddocroot');\n\n\t\t// insert the lastcronrun to be the installation date\n\t\t$this->updateSetting($upd_stmt, time(), 'system', 'lastcronrun');\n\n\t\t// set settings according to selected php-backend\n\t\tif ($this->validatedData['webserver_backend'] == 'php-fpm') {\n\t\t\t$this->updateSetting($upd_stmt, '1', 'phpfpm', 'enabled');\n\t\t\t$this->updateSetting($upd_stmt, '1', 'phpfpm', 'enabled_ownvhost');\n\t\t} elseif ($this->validatedData['webserver_backend'] == 'fcgid') {\n\t\t\t$this->updateSetting($upd_stmt, '1', 'system', 'mod_fcgid');\n\t\t\t$this->updateSetting($upd_stmt, '1', 'system', 'mod_fcgid_ownvhost');\n\t\t}\n\n\t\t// check currently used php version and set values of fpm/fcgid accordingly\n\t\tif (defined('PHP_MAJOR_VERSION') && defined('PHP_MINOR_VERSION')) {\n\t\t\t// php-fpm\n\t\t\t$reload = \"service php\" . PHP_MAJOR_VERSION . \".\" . PHP_MINOR_VERSION . \"-fpm restart\";\n\t\t\t$config_dir = \"/etc/php/\" . PHP_MAJOR_VERSION . \".\" . PHP_MINOR_VERSION . \"/fpm/pool.d/\";\n\t\t\t// fcgid\n\t\t\tif ($this->validatedData['distribution'] == 'bookworm' || $this->validatedData['distribution'] == 'trixie') {\n\t\t\t\t$binary = \"/usr/bin/php-cgi\" . PHP_MAJOR_VERSION . \".\" . PHP_MINOR_VERSION;\n\t\t\t} else {\n\t\t\t\t$binary = \"/usr/bin/php\" . PHP_MAJOR_VERSION . \".\" . PHP_MINOR_VERSION . \"-cgi\";\n\t\t\t}\n\t\t\t$db_user->query(\"UPDATE `\" . TABLE_PANEL_FPMDAEMONS . \"` SET `reload_cmd` = '\" . $reload . \"', `config_dir` = '\" . $config_dir . \"' WHERE `id` ='1';\");\n\t\t\t$db_user->query(\"UPDATE `\" . TABLE_PANEL_PHPCONFIGS . \"` SET `binary` = '\" . $binary . \"';\");\n\t\t}\n\n\t\tif ($this->validatedData['use_ssl']) {\n\t\t\t// enable let's encrypt cron\n\t\t\t$db_user->query(\"UPDATE `\" . TABLE_PANEL_CRONRUNS . \"` SET `isactive` = '1' WHERE `module` = 'froxlor/letsencrypt';\");\n\t\t}\n\n\t\t// set specific times for some crons (traffic only at night, etc.)\n\t\t$timestamp = mktime(0, 0, 0, date('m', time()), date('d', time()), date('Y', time()));\n\t\t$db_user->query(\"UPDATE `\" . TABLE_PANEL_CRONRUNS . \"` SET `lastrun` = '\" . $timestamp . \"' WHERE `cronfile` ='cron_traffic';\");\n\n\t\t// insert task 99 to generate a correct cron.d-file automatically\n\t\t$db_user->query(\"INSERT INTO `\" . TABLE_PANEL_TASKS . \"` SET `type` = '99';\");\n\t}\n\n\t/**\n\t * execute prepared statement to update settings\n\t *\n\t * @param PDOStatement|null $stmt\n\t * @param string|null $group\n\t * @param string|null $varname\n\t * @param string|null $value\n\t */\n\tprivate function updateSetting(PDOStatement &$stmt = null, string $value = null, string $group = null, string $varname = null)\n\t{\n\t\t$stmt->execute([\n\t\t\t'group' => $group,\n\t\t\t'varname' => $varname,\n\t\t\t'value' => $value\n\t\t]);\n\t}\n\n\t/**\n\t * create corresponding entries in froxlor database\n\t *\n\t * @param $db_user\n\t * @return void\n\t */\n\tprivate function doDataEntries(&$db_user)\n\t{\n\t\t// lets insert the default ip and port\n\t\t$stmt = $db_user->prepare(\"\n\t\t\tINSERT INTO `\" . TABLE_PANEL_IPSANDPORTS . \"` SET\n\t\t\t`ip`= :serverip,\n\t\t\t`port` = :serverport,\n\t\t\t`namevirtualhost_statement` = :nvh,\n\t\t\t`vhostcontainer` = '1',\n\t\t\t`vhostcontainer_servername_statement` = '1',\n\t\t\t`ssl` = :ssl\n\t\t\");\n\t\t$nvh = $this->validatedData['webserver'] == 'apache2' ? '1' : '0';\n\t\t$defaultip = false;\n\t\tif (!empty($this->validatedData['serveripv6'])) {\n\t\t\t$stmt->execute([\n\t\t\t\t'nvh' => $nvh,\n\t\t\t\t'serverip' => $this->validatedData['serveripv6'],\n\t\t\t\t'serverport' => 80,\n\t\t\t\t'ssl' => 0\n\t\t\t]);\n\t\t\t$defaultip = $db_user->lastInsertId();\n\t\t}\n\t\tif (!empty($this->validatedData['serveripv4'])) {\n\t\t\t$stmt->execute([\n\t\t\t\t'nvh' => $nvh,\n\t\t\t\t'serverip' => $this->validatedData['serveripv4'],\n\t\t\t\t'serverport' => 80,\n\t\t\t\t'ssl' => 0\n\t\t\t]);\n\t\t\t$lastinsert = $db_user->lastInsertId();\n\t\t\t$defaultip = $defaultip != false ? $defaultip . ',' . $lastinsert : $lastinsert;\n\t\t}\n\n\t\t$defaultsslip = false;\n\t\tif ($this->validatedData['use_ssl']) {\n\t\t\tif (!empty($this->validatedData['serveripv6'])) {\n\t\t\t\t$stmt->execute([\n\t\t\t\t\t'nvh' => $this->validatedData['webserver'] == 'apache2' ? '1' : '0',\n\t\t\t\t\t'serverip' => $this->validatedData['serveripv6'],\n\t\t\t\t\t'serverport' => 443,\n\t\t\t\t\t'ssl' => 1\n\t\t\t\t]);\n\t\t\t\t$defaultsslip = $db_user->lastInsertId();\n\t\t\t}\n\t\t\tif (!empty($this->validatedData['serveripv4'])) {\n\t\t\t\t$stmt->execute([\n\t\t\t\t\t'nvh' => $this->validatedData['webserver'] == 'apache2' ? '1' : '0',\n\t\t\t\t\t'serverip' => $this->validatedData['serveripv4'],\n\t\t\t\t\t'serverport' => 443,\n\t\t\t\t\t'ssl' => 1\n\t\t\t\t]);\n\t\t\t\t$lastinsert = $db_user->lastInsertId();\n\t\t\t\t$defaultsslip = $defaultsslip != false ? $defaultsslip . ',' . $lastinsert : $lastinsert;\n\t\t\t}\n\t\t}\n\n\t\t// insert the defaultip\n\t\t$upd_stmt = $db_user->prepare(\"\n\t\t\tUPDATE `\" . TABLE_PANEL_SETTINGS . \"` SET\n\t\t\t`value` = :defaultip\n\t\t\tWHERE `settinggroup` = 'system' AND `varname` = :defipfld\n\t\t\");\n\t\t$upd_stmt->execute([\n\t\t\t'defaultip' => $defaultip,\n\t\t\t'defipfld' => 'defaultip'\n\t\t]);\n\n\t\tif ($defaultsslip) {\n\t\t\t$upd_stmt->execute([\n\t\t\t\t'defaultip' => $defaultsslip,\n\t\t\t\t'defipfld' => 'defaultsslip'\n\t\t\t]);\n\t\t}\n\n\t\t// last but not least create the main admin\n\t\t$ins_data = [\n\t\t\t'loginname' => $this->validatedData['admin_user'],\n\t\t\t'password' => password_hash($this->validatedData['admin_pass'], PASSWORD_DEFAULT),\n\t\t\t'adminname' => $this->validatedData['admin_name'],\n\t\t\t'email' => $this->validatedData['admin_email'],\n\t\t\t'deflang' => 'en' // TODO: set language\n\t\t];\n\t\t$ins_stmt = $db_user->prepare(\"\n\t\t\tINSERT INTO `\" . TABLE_PANEL_ADMINS . \"` SET\n\t\t\t`loginname` = :loginname,\n\t\t\t`password` = :password,\n\t\t\t`name` = :adminname,\n\t\t\t`email` = :email,\n\t\t\t`def_language` = :deflang,\n\t\t\t`api_allowed` = 1,\n\t\t\t`customers` = -1,\n\t\t\t`customers_see_all` = 1,\n\t\t\t`caneditphpsettings` = 1,\n\t\t\t`domains` = -1,\n\t\t\t`change_serversettings` = 1,\n\t\t\t`diskspace` = -1024,\n\t\t\t`mysqls` = -1,\n\t\t\t`emails` = -1,\n\t\t\t`email_accounts` = -1,\n\t\t\t`email_forwarders` = -1,\n\t\t\t`email_quota` = -1,\n\t\t\t`ftps` = -1,\n\t\t\t`subdomains` = -1,\n\t\t\t`traffic` = -1048576\n\t\t\");\n\n\t\t$ins_stmt->execute($ins_data);\n\t}\n\n\t/**\n\t * Create userdata.inc.php file\n\t *\n\t * @return void\n\t * @throws Exception\n\t */\n\tpublic function createUserdataConf()\n\t{\n\t\t$userdata = [\n\t\t\t'sql' => [\n\t\t\t\t'debug' => false,\n\t\t\t\t'host' => $this->validatedData['mysql_host'],\n\t\t\t\t'user' => $this->validatedData['mysql_unprivileged_user'],\n\t\t\t\t'password' => $this->validatedData['mysql_unprivileged_pass'],\n\t\t\t\t'db' => $this->validatedData['mysql_database'],\n\t\t\t],\n\t\t\t'sql_root' => [\n\t\t\t\t'0' => [\n\t\t\t\t\t'caption' => 'Default',\n\t\t\t\t\t'host' => $this->validatedData['mysql_host'],\n\t\t\t\t\t'user' => $this->validatedData['mysql_root_user'],\n\t\t\t\t\t'password' => $this->validatedData['mysql_root_pass'],\n\t\t\t\t]\n\t\t\t]\n\t\t];\n\n\t\t// enable sql ssl in userdata for unprivileged and root db user\n\t\tif (!empty($this->validatedData['mysql_ssl_ca_file']) && isset($this->validatedData['mysql_ssl_verify_server_certificate'])) {\n\t\t\t$userdata['sql']['ssl'] = [\n\t\t\t\t'caFile' => $this->validatedData['mysql_ssl_ca_file'],\n\t\t\t\t'verifyServerCertificate' => (bool)$this->validatedData['mysql_ssl_verify_server_certificate'],\n\t\t\t];\n\t\t\t$userdata['sql_root']['0']['ssl'] = [\n\t\t\t\t'caFile' => $this->validatedData['mysql_ssl_ca_file'],\n\t\t\t\t'verifyServerCertificate' => (bool)$this->validatedData['mysql_ssl_verify_server_certificate'],\n\t\t\t];\n\t\t}\n\n\t\t// test if we can store the userdata.inc.php in ../lib\n\t\t$umask = @umask(077);\n\t\t$userdata = PhpHelper::parseArrayToPhpFile($userdata);\n\t\t$userdata_file = dirname(__FILE__, 5) . '/lib/userdata.inc.php';\n\t\tif (@touch($userdata_file) && @is_writable($userdata_file)) {\n\t\t\t$fp = @fopen($userdata_file, 'w');\n\t\t\t@fputs($fp, $userdata, strlen($userdata));\n\t\t\t@fclose($fp);\n\t\t} else {\n\t\t\t@unlink($userdata_file);\n\t\t\t// try creating it in a temporary file\n\t\t\t$temp_file = @tempnam(sys_get_temp_dir(), 'fx');\n\t\t\tif ($temp_file) {\n\t\t\t\t$fp = @fopen($temp_file, 'w');\n\t\t\t\t@fputs($fp, $userdata, strlen($userdata));\n\t\t\t\t@fclose($fp);\n\t\t\t} else {\n\t\t\t\tthrow new Exception(lng('install.errors.creating_configfile_failed'));\n\t\t\t}\n\t\t}\n\t\t@umask($umask);\n\t}\n\n\tprivate function createJsonArray(&$db_user)\n\t{\n\t\t// use traffic analyzer and ftpserver from settings as we could define defaults in the lib/configfiles/*.xml templates\n\t\t// which can be useful for third-party package-maintainer (e.g. other distros) to have more control\n\t\t// over the installation defaults (less hardcoded values)\n\t\t$custom_dependency = $db_user->query(\"\n\t\t\tSELECT `varname`, `value` FROM `\" . TABLE_PANEL_SETTINGS . \"`\n\t\t\tWHERE `settinggroup` = 'system' AND (`varname` = 'traffictool' OR `varname` = 'ftpserver')\n\t\t\");\n\t\t$cd_result = $custom_dependency->fetchAll(\\PDO::FETCH_KEY_PAIR);\n\t\t$system_params = [\"cron\", \"libnssextrausers\", \"logrotate\"];\n\t\tif (isset($cd_result['traffictool'])) {\n\t\t\t$system_params[] = $cd_result['traffictool'];\n\t\t}\n\t\tif ($this->validatedData['webserver_backend'] == 'php-fpm') {\n\t\t\t$system_params[] = 'php-fpm';\n\t\t} elseif ($this->validatedData['webserver_backend'] == 'fcgid') {\n\t\t\t$system_params[] = 'fcgid';\n\t\t}\n\t\t$json_params = [\n\t\t\t'distro' => $this->validatedData['distribution'],\n\t\t\t'dns' => 'x',\n\t\t\t'http' => $this->validatedData['webserver'],\n\t\t\t'smtp' => 'postfix_dovecot',\n\t\t\t'mail' => 'dovecot_postfix2',\n\t\t\t'antispam' => 'rspamd',\n\t\t\t'ftp' => $cd_result['ftpserver'] ?? 'x',\n\t\t\t'system' => $system_params\n\t\t];\n\t\t$_SESSION['installation']['json_params'] = json_encode($json_params);\n\t}\n\n\tprivate function createUserdataParamStr()\n\t{\n\t\t$req_fields = [\n\t\t\t'mysql_host',\n\t\t\t'mysql_unprivileged_user',\n\t\t\t'mysql_unprivileged_pass',\n\t\t\t'mysql_database',\n\t\t\t'mysql_root_user',\n\t\t\t'mysql_root_pass',\n\t\t\t'mysql_ssl_ca_file',\n\t\t\t'mysql_ssl_verify_server_certificate'\n\t\t];\n\t\t$json_params = [];\n\t\tforeach ($req_fields as $field) {\n\t\t\t$json_params[$field] = $this->validatedData[$field] ?? \"\";\n\t\t}\n\t\t$_SESSION['installation']['ud_str'] = base64_encode(json_encode($json_params));\n\t}\n}\n" }, { "path": "lib/Froxlor/Install/Install.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Install;\n\nuse Exception;\nuse Froxlor\\Config\\ConfigParser;\nuse Froxlor\\Froxlor;\nuse Froxlor\\Install\\Install\\Core;\nuse Froxlor\\System\\Cronjob;\nuse Froxlor\\System\\IPTools;\nuse Froxlor\\UI\\Panel\\UI;\nuse Froxlor\\UI\\Request;\nuse Froxlor\\Validate\\Validate;\nuse PDO;\n\nclass Install\n{\n\tpublic $currentStep;\n\tpublic $extendedView;\n\tpublic $maxSteps;\n\tpublic $phpVersion;\n\tpublic $formfield;\n\tpublic array $suggestions = [];\n\tpublic array $criticals = [];\n\tpublic array $loadedExtensions;\n\tpublic array $supportedOS = [];\n\tpublic array $webserverBackend = [\n\t\t'php-fpm' => 'PHP-FPM',\n\t\t'fcgid' => 'FCGID (apache2 only)',\n\t\t'mod_php' => 'mod_php (not recommended)',\n\t];\n\n\tpublic function __construct(array $cliData = [])\n\t{\n\t\t// set actual php version and extensions\n\t\t$this->phpVersion = phpversion();\n\t\t$this->loadedExtensions = get_loaded_extensions();\n\n\t\t// get all supported OS\n\t\t// show list of available distro's\n\t\t$distros = glob(dirname(__DIR__, 3) . '/lib/configfiles/*.xml');\n\t\t$distributions_select[''] = '-';\n\t\tif (in_array('xml', $this->loadedExtensions)) {\n\t\t\t// read in all the distros\n\t\t\tforeach ($distros as $distribution) {\n\t\t\t\t// get configparser object\n\t\t\t\t$dist = new ConfigParser($distribution);\n\t\t\t\t// store in tmp array\n\t\t\t\t$this->supportedOS[str_replace(\".xml\", \"\", strtolower(basename($distribution)))] = $dist->getCompleteDistroName();\n\t\t\t}\n\t\t\t// sort by distribution name\n\t\t\tasort($this->supportedOS);\n\t\t}\n\n\t\t// guess distribution and webserver to preselect in formfield\n\t\t$webserverBackend = $this->webserverBackend;\n\t\t$supportedOS = $this->supportedOS;\n\t\t$guessedDistribution = $this->guessDistribution();\n\t\t$guessedWebserver = $this->guessWebserver();\n\n\t\t// set formfield, so we can get the fields and steps etc.\n\t\t$this->formfield = require dirname(__DIR__, 3) . '/lib/formfields/install/formfield.install.php';\n\n\t\t// set actual step\n\t\t$this->currentStep = $cliData['step'] ?? Request::any('step', 0);\n\t\t$this->extendedView = $cliData['extended'] ?? Request::any('extended', 0);\n\t\t$this->maxSteps = count($this->formfield['install']['sections']);\n\n\t\tif (empty($cliData)) {\n\t\t\t// set global variables\n\t\t\tUI::twig()->addGlobal('install_mode', true);\n\t\t\tUI::twig()->addGlobal('basehref', '../');\n\n\t\t\t// unset session if user goes back to step 0\n\t\t\tif (isset($_SESSION['installation']) && $this->currentStep == 0) {\n\t\t\t\tunset($_SESSION['installation']);\n\t\t\t}\n\n\t\t\t// check for url manipulation or wrong step\n\t\t\tif ((isset($_SESSION['installation']['stepCompleted']) && $this->currentStep > $_SESSION['installation']['stepCompleted'])\n\t\t\t\t|| (!isset($_SESSION['installation']['stepCompleted']) && $this->currentStep > 0)\n\t\t\t) {\n\t\t\t\t$this->currentStep = isset($_SESSION['installation']['stepCompleted']) ? $_SESSION['installation']['stepCompleted'] + 1 : 1;\n\t\t\t}\n\t\t}\n\t}\n\n\t/**\n\t * @return void\n\t * @throws Exception\n\t */\n\tpublic function handle(): void\n\t{\n\t\t// handle form data\n\t\tif (!is_null(Request::any('submit')) && $this->currentStep) {\n\t\t\ttry {\n\t\t\t\t$this->handleFormData($this->formfield['install']);\n\t\t\t} catch (Exception $e) {\n\t\t\t\t$error = $e->getMessage();\n\t\t\t}\n\t\t}\n\n\t\t// load template\n\t\tUI::twigBuffer('/install/index.html.twig', [\n\t\t\t'setup' => [\n\t\t\t\t'step' => $this->currentStep,\n\t\t\t\t'max_steps' => $this->maxSteps,\n\t\t\t],\n\t\t\t'preflight' => $this->checkRequirements(),\n\t\t\t'page' => [\n\t\t\t\t'title' => 'Database',\n\t\t\t\t'description' => 'Test',\n\t\t\t],\n\t\t\t'section' => $this->formfield['install']['sections']['step' . $this->currentStep] ?? [],\n\t\t\t'error' => $error ?? null,\n\t\t\t'extended' => $this->extendedView,\n\t\t\t'csrf_token' => Froxlor::genSessionId(20),\n\t\t]);\n\n\t\t// output view\n\t\tUI::twigOutputBuffer();\n\t}\n\n\t/**\n\t * @throws Exception\n\t */\n\tprivate function handleFormData(array $formfield): void\n\t{\n\t\t// handle current step\n\t\tif ($this->currentStep <= $this->maxSteps) {\n\t\t\t// Validate user data\n\t\t\t$validatedData = $this->validateRequest($formfield['sections']['step' . $this->currentStep]['fields']);\n\t\t\tif ($this->currentStep == 1) {\n\t\t\t\t// Check database connection\n\t\t\t\t$this->checkDatabase($validatedData);\n\t\t\t} elseif ($this->currentStep == 2) {\n\t\t\t\t// Check validity of admin user data\n\t\t\t\t$this->checkAdminUser($validatedData);\n\t\t\t} elseif ($this->currentStep == 3) {\n\t\t\t\t// Check validity of system data\n\t\t\t\t$this->checkSystem($validatedData);\n\t\t\t}\n\t\t\t$validatedData['stepCompleted'] = ($this->currentStep < $this->maxSteps) ? $this->currentStep : ($this->maxSteps - 1);\n\t\t\t// Store validated data for later use\n\t\t\t$_SESSION['installation'] = array_merge($_SESSION['installation'] ?? [], $validatedData);\n\t\t}\n\n\t\t// also handle completion of installation if it's the step before the last step\n\t\tif ($this->currentStep == ($this->maxSteps - 1)) {\n\t\t\t$core = new Core($_SESSION['installation']);\n\t\t\t$core->doInstall();\n\t\t}\n\n\t\t// redirect user to home if the installation is done\n\t\tif ($this->currentStep == $this->maxSteps) {\n\t\t\t// check setting for \"panel.is_configured\" whether user has\n\t\t\t// run the config-services script (or checked the manual mode)\n\t\t\tif ($this->checkInstallStateFinished()) {\n\t\t\t\theader('Location: ../');\n\t\t\t\treturn;\n\t\t\t}\n\t\t\tthrow new Exception(lng('install.errors.notyetconfigured'));\n\t\t}\n\n\t\t// redirect to next step\n\t\theader('Location: ?step=' . ($this->currentStep + 1));\n\t}\n\n\tprivate function checkInstallStateFinished(): bool\n\t{\n\t\t$core = new Core($_SESSION['installation']);\n\t\tif (isset($_SESSION['installation']['manual_config']) && (int)$_SESSION['installation']['manual_config'] == 1) {\n\t\t\t$core->createUserdataConf();\n\t\t\treturn true;\n\t\t}\n\t\t$pdo = $core->getUnprivilegedPdo();\n\t\t$stmt = $pdo->prepare(\"SELECT `value` FROM `panel_settings` WHERE `settinggroup` = 'panel' AND `varname` = 'is_configured'\");\n\t\t$stmt->execute();\n\t\t$result = $stmt->fetch(PDO::FETCH_ASSOC);\n\t\tif ($result && (int)$result['value'] == 1) {\n\t\t\t$core->createUserdataConf();\n\t\t\treturn true;\n\t\t}\n\t\treturn false;\n\t}\n\n\t/**\n\t * @return array\n\t */\n\tpublic function checkRequirements(): array\n\t{\n\t\t// check whether we can read the userdata file\n\t\tif (!@touch(dirname(__DIR__, 2) . '/.~writecheck')) {\n\t\t\t// get possible owner\n\t\t\t$posixusername = posix_getpwuid(posix_getuid())['name'];\n\t\t\t$posixgroup = posix_getgrgid(posix_getgid())['name'];\n\t\t\t$this->criticals['wrong_ownership'] = ['user' => $posixusername, 'group' => $posixgroup];\n\t\t} else {\n\t\t\t@unlink(dirname(__DIR__, 2) . '/.~writecheck');\n\t\t}\n\n\t\t// check for required extensions\n\t\tforeach (Requirements::REQUIRED_EXTENSIONS as $requiredExtension) {\n\t\t\tif (in_array($requiredExtension, $this->loadedExtensions)) {\n\t\t\t\tcontinue;\n\t\t\t}\n\t\t\t$this->criticals['missing_extensions'][] = $requiredExtension;\n\t\t}\n\n\t\t// check for suggested extensions\n\t\tforeach (Requirements::SUGGESTED_EXTENSIONS as $suggestedExtension) {\n\t\t\tif (in_array($suggestedExtension, $this->loadedExtensions)) {\n\t\t\t\tcontinue;\n\t\t\t}\n\t\t\t$this->suggestions['missing_extensions'][] = $suggestedExtension;\n\t\t}\n\n\t\treturn [\n\t\t\t'text' => $this->getInformationText(),\n\t\t\t'suggestions' => $this->suggestions,\n\t\t\t'criticals' => $this->criticals,\n\t\t];\n\t}\n\n\t/**\n\t * @return string\n\t */\n\tprivate function getInformationText(): string\n\t{\n\t\tif (version_compare(Requirements::REQUIRED_VERSION, PHP_VERSION, \"<\")) {\n\t\t\t$text = lng('install.phpinfosuccess', [$this->phpVersion]);\n\t\t} else {\n\t\t\t$text = lng('install.phpinfowarn', [Requirements::REQUIRED_VERSION]);\n\t\t\t$this->criticals[] = lng('install.phpinfoupdate', [$this->phpVersion, Requirements::REQUIRED_VERSION]);\n\t\t}\n\t\treturn $text;\n\t}\n\n\t/**\n\t * @throws Exception\n\t */\n\tprivate function validateRequest(array $fields): array\n\t{\n\t\t$attributes = [];\n\t\tforeach ($fields as $name => $field) {\n\t\t\t$attributes[$name] = $this->validateAttribute(Request::any($name), $field);\n\t\t\tif (isset($field['next_to'])) {\n\t\t\t\t$attributes = array_merge($attributes, $this->validateRequest($field['next_to']));\n\t\t\t}\n\t\t}\n\t\treturn $attributes;\n\t}\n\n\t/**\n\t * @return mixed\n\t * @throws Exception\n\t */\n\tprivate function validateAttribute($attribute, array $field)\n\t{\n\t\t// TODO: do validations\n\t\tif (isset($field['mandatory']) && $field['mandatory'] && empty($attribute)) {\n\t\t\tthrow new Exception(lng('install.errors.mandatory_field_not_set', [$field['label']]));\n\t\t}\n\t\treturn $attribute;\n\t}\n\n\t/**\n\t * @throws Exception\n\t */\n\tpublic function checkSystem(array $validatedData): void\n\t{\n\t\t$serveripv4 = $validatedData['serveripv4'] ?? '';\n\t\t$serveripv6 = $validatedData['serveripv6'] ?? '';\n\t\t$servername = $validatedData['servername'] ?? '';\n\t\t$httpuser = $validatedData['httpuser'] ?? 'www-data';\n\t\t$httpgroup = $validatedData['httpgroup'] ?? 'www-data';\n\n\t\tif (empty($serveripv4) && empty($serveripv6)) {\n\t\t\tthrow new Exception(lng('install.errors.nov4andnov6ip'));\n\t\t} elseif (!empty($serveripv4) && (!Validate::validate_ip2($serveripv4, true, '', false, true) || IPTools::is_ipv6($serveripv4))) {\n\t\t\tthrow new Exception(lng('error.invalidip', [$serveripv4]));\n\t\t} elseif (!empty($serveripv6) && (!Validate::validate_ip2($serveripv6, true, '', false, true) || !IPTools::is_ipv6($serveripv6))) {\n\t\t\tthrow new Exception(lng('error.invalidip', [$serveripv6]));\n\t\t} elseif (!Validate::validateDomain($servername)) {\n\t\t\tthrow new Exception(lng('install.errors.servernameneedstobevalid'));\n\t\t} elseif (posix_getpwnam($httpuser) === false) {\n\t\t\tthrow new Exception(lng('install.errors.websrvuserdoesnotexist'));\n\t\t} elseif (posix_getgrnam($httpgroup) === false) {\n\t\t\tthrow new Exception(lng('install.errors.websrvgrpdoesnotexist'));\n\t\t}\n\t}\n\n\t/**\n\t * @throws Exception\n\t */\n\tpublic function checkAdminUser(array $validatedData): void\n\t{\n\t\t$name = $validatedData['admin_name'] ?? 'Administrator';\n\t\t$loginname = $validatedData['admin_user'] ?? '';\n\t\t$email = $validatedData['admin_email'] ?? '';\n\t\t$password = $validatedData['admin_pass'] ?? '';\n\t\t$password_confirm = $validatedData['admin_pass_confirm'] ?? '';\n\t\t$useadminmailassender = $validatedData['use_admin_email_as_sender'] ?? '1';\n\t\t$senderemail = $validatedData['sender_email'] ?? '';\n\n\t\tif (!preg_match('/^[^\\r\\n\\t\\f\\0]*$/D', $name)) {\n\t\t\tthrow new Exception(lng('error.stringformaterror', ['admin_name']));\n\t\t} elseif (empty(trim($loginname)) || !preg_match('/^[a-z][a-z0-9]+$/Di', $loginname)) {\n\t\t\tthrow new Exception(lng('error.loginnameiswrong', [$loginname]));\n\t\t} elseif (empty(trim($email)) || !Validate::validateEmail($email)) {\n\t\t\tthrow new Exception(lng('error.emailiswrong', [$email]));\n\t\t} elseif ((int)$useadminmailassender == 0 && !empty(trim($senderemail)) && !Validate::validateEmail($senderemail)) {\n\t\t\tthrow new Exception(lng('error.emailiswrong', [$senderemail]));\n\t\t} elseif (empty($password) || $password != $password_confirm) {\n\t\t\tthrow new Exception(lng('error.newpasswordconfirmerror'));\n\t\t} elseif ($password == $loginname) {\n\t\t\tthrow new Exception(lng('error.passwordshouldnotbeusername'));\n\t\t}\n\t}\n\n\t/**\n\t * @throws Exception\n\t */\n\tpublic function checkDatabase(array $validatedData): void\n\t{\n\t\t$dsn = sprintf('mysql:host=%s;charset=utf8', $validatedData['mysql_host']);\n\t\t$pdo = new \\PDO($dsn, $validatedData['mysql_root_user'], $validatedData['mysql_root_pass']);\n\n\t\t// check if the database already exist\n\t\t$stmt = $pdo->prepare('SHOW DATABASES LIKE ?');\n\t\t$stmt->execute([\n\t\t\t$validatedData['mysql_database']\n\t\t]);\n\t\t$hasDatabase = $stmt->fetch();\n\t\tif ($hasDatabase && !$validatedData['mysql_force_create']) {\n\t\t\tthrow new Exception(lng('install.errors.databaseexists'));\n\t\t}\n\n\t\t// check if we can create a new database\n\t\t$testDatabase = uniqid('froxlor_tmp_');\n\t\tif ($pdo->exec('CREATE DATABASE IF NOT EXISTS ' . $testDatabase . ';') === false) {\n\t\t\tthrow new Exception(lng('install.errors.unabletocreatedb'));\n\t\t}\n\t\tif ($pdo->exec('DROP DATABASE IF EXISTS ' . $testDatabase . ';') === false) {\n\t\t\tthrow new Exception(lng('install.errors.unabletodropdb'));\n\t\t}\n\n\t\t// check if the user already exist\n\t\t$stmt = $pdo->prepare(\"SELECT `User` FROM `mysql`.`user` WHERE `User` = ?\");\n\t\t$stmt->execute([$validatedData['mysql_unprivileged_user']]);\n\t\tif ($stmt->rowCount() && !$validatedData['mysql_force_create']) {\n\t\t\tthrow new Exception(lng('install.errors.mysqlusernameexists'));\n\t\t}\n\n\t\t// check if we can create a new user\n\t\t$testUser = uniqid('froxlor_tmp_');\n\t\t$stmt = $pdo->prepare('CREATE USER ?@? IDENTIFIED BY ?');\n\t\tif ($stmt->execute([$testUser, $validatedData['mysql_host'], uniqid()]) === false) {\n\t\t\tthrow new Exception(lng('install.errors.unabletocreateuser'));\n\t\t}\n\t\t$stmt = $pdo->prepare('DROP USER ?@?');\n\t\tif ($stmt->execute([$testUser, $validatedData['mysql_host']]) === false) {\n\t\t\tthrow new Exception(lng('install.errors.unabletodropuser'));\n\t\t}\n\t\tif ($pdo->prepare('FLUSH PRIVILEGES')->execute() === false) {\n\t\t\tthrow new Exception(lng('install.errors.unabletoflushprivs'));\n\t\t}\n\t}\n\n\tprivate function guessWebserver(): ?string\n\t{\n\t\tif (strtoupper(@php_sapi_name()) == \"APACHE2HANDLER\" || stristr($_SERVER['SERVER_SOFTWARE'], \"apache\")) {\n\t\t\treturn 'apache24';\n\t\t} elseif (substr(strtoupper(@php_sapi_name()), 0, 8) == \"NGINX\" || stristr($_SERVER['SERVER_SOFTWARE'], \"nginx\")) {\n\t\t\treturn 'nginx';\n\t\t}\n\t\treturn null;\n\t}\n\n\tprivate function guessDistribution(): ?string\n\t{\n\t\treturn Cronjob::checkCurrentDistro(true);\n\t}\n}\n" }, { "path": "lib/Froxlor/Install/Preconfig.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Install;\n\nuse Froxlor\\Froxlor;\nuse Froxlor\\Settings;\n\nclass Preconfig\n{\n\tprivate $preconfig_data = [];\n\n\t/**\n\t * returns whether there are preconfig items in an update\n\t *\n\t * @return bool\n\t */\n\tpublic function hasPreConfig(): bool\n\t{\n\t\treturn count($this->preconfig_data) > 0;\n\t}\n\n\t/**\n\t * return all collected preconfig data\n\t *\n\t * @return array\n\t */\n\tpublic function getData(): array\n\t{\n\t\treturn $this->preconfig_data;\n\t}\n\n\t/**\n\t * adds an preconfig result-array to the preconfig-data\n\t *\n\t * @param array $array\n\t *\n\t * @return void\n\t */\n\tpublic function addToPreConfig(array $array)\n\t{\n\t\tif (isset($array['title']) && isset($array['fields']) && count($array['fields']) > 0) {\n\t\t\t$this->preconfig_data[] = $array;\n\t\t}\n\t}\n\n\t/**\n\t * read in all preconfig files and build up data-array for admin_updates\n\t */\n\tpublic function __construct()\n\t{\n\t\t$preconfigs = glob(Froxlor::getInstallDir() . '/install/updates/preconfig/*.php');\n\n\t\tif (!empty($preconfigs)) {\n\t\t\t$current_version = Settings::Get('panel.version');\n\t\t\t$current_db_version = Settings::Get('panel.db_version');\n\t\t\tif (empty($current_db_version)) {\n\t\t\t\t$current_db_version = \"0\";\n\t\t\t}\n\t\t\tforeach (array_reverse($preconfigs) as $preconfig_file) {\n\t\t\t\t$pconf = include $preconfig_file;\n\t\t\t\t$this->addToPreConfig($pconf);\n\t\t\t}\n\t\t}\n\t}\n\n\t/**\n\t * Function getPreConfig\n\t *\n\t * outputs various form-field-arrays before the update process\n\t * can be continued (asks for agreement whatever is being asked)\n\t *\n\t * @param bool $no_check\n\t * @return array\n\t */\n\tpublic static function getPreConfig(bool $no_check = false): array\n\t{\n\t\t$preconfig = new self();\n\n\t\tif ($preconfig->hasPreConfig()) {\n\t\t\tif (!$no_check) {\n\t\t\t\t$agree = [\n\t\t\t\t\t'title' => 'Check',\n\t\t\t\t\t'fields' => [\n\t\t\t\t\t\t'update_changesagreed' => ['mandatory' => true, 'type' => 'checkrequired', 'value' => 1, 'label' => 'I have read the update notifications above and I am aware of the changes made to my system.'],\n\t\t\t\t\t\t'update_preconfig' => ['type' => 'hidden', 'value' => 1]\n\t\t\t\t\t]\n\t\t\t\t];\n\t\t\t\t$preconfig->addToPreConfig($agree);\n\t\t\t}\n\t\t\treturn $preconfig->getData();\n\t\t}\n\t\treturn [];\n\t}\n}\n" }, { "path": "lib/Froxlor/Install/Requirements.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Install;\n\nuse Froxlor\\FileDir;\nuse Froxlor\\Froxlor;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\Settings;\n\nclass Update\n{\n\tprivate static $update_tasks = [];\n\n\tprivate static $task_counter = 0;\n\n\t/**\n\t * Function showUpdateStep\n\t *\n\t * stores and logs the current update progress\n\t *\n\t * @param string $task\n\t * @param bool $needs_status (if false, a linebreak will be added)\n\t *\n\t * @return void\n\t */\n\tpublic static function showUpdateStep(string $task, bool $needs_status = true)\n\t{\n\t\tset_time_limit(30);\n\n\t\t// output\n\t\tself::$update_tasks[self::$task_counter] = ['title' => $task, 'result' => 0];\n\n\t\tif (!$needs_status) {\n\t\t\tself::$task_counter++;\n\t\t}\n\n\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::ADM_ACTION, \\LOG_WARNING, $task);\n\t}\n\n\t/**\n\t * Function lastStepStatus\n\t *\n\t * outputs status of the last update-step\n\t *\n\t * @param int $status (0 = success, 1 = warning, 2 = failure)\n\t * @param string $message\n\t * @param string $additional_info\n\t *\n\t * @return void\n\t */\n\tpublic static function lastStepStatus(int $status = -1, string $message = 'OK', string $additional_info = '')\n\t{\n\t\tself::$update_tasks[self::$task_counter]['result_txt'] = $message;\n\t\tself::$update_tasks[self::$task_counter]['result_desc'] = $additional_info;\n\n\t\tswitch ($status) {\n\t\t\tcase 0:\n\t\t\t\tbreak;\n\t\t\tcase 1:\n\t\t\t\tself::$update_tasks[self::$task_counter]['result'] = 2;\n\t\t\t\tbreak;\n\t\t\tcase 2:\n\t\t\t\tself::$update_tasks[self::$task_counter]['result'] = 1;\n\t\t\t\tbreak;\n\t\t\tdefault:\n\t\t\t\tself::$update_tasks[self::$task_counter]['result'] = -1;\n\t\t\t\tbreak;\n\t\t}\n\n\t\tself::$task_counter++;\n\n\t\tif ($status == -1 || $status == 2) {\n\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::ADM_ACTION, \\LOG_WARNING, 'Attention - last update task failed!!!');\n\t\t} elseif ($status == 0 || $status == 1) {\n\t\t\tFroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::ADM_ACTION, \\LOG_WARNING, 'Success');\n\t\t}\n\t}\n\n\tpublic static function versionInUpdate($current_version, $version_to_check)\n\t{\n\t\tif (!Froxlor::isFroxlor()) {\n\t\t\treturn true;\n\t\t}\n\n\t\treturn Froxlor::versionCompare2($current_version, $version_to_check) == -1;\n\t}\n\n\tpublic static function storeUpdateCheckData(array $response)\n\t{\n\t\t$data = [\n\t\t\t'ts' => time(),\n\t\t\t'channel' => Settings::Get('system.update_channel'),\n\t\t\t'data' => $response\n\t\t];\n\t\tSettings::Set('system.updatecheck_data', json_encode($data));\n\t}\n\n\tpublic static function getUpdateCheckData()\n\t{\n\t\t$uc_data = Settings::Get('system.updatecheck_data');\n\t\tif (!empty($uc_data)) {\n\t\t\t$data = json_decode($uc_data, true);\n\t\t\treturn $data;\n\t\t}\n\t\treturn null;\n\t}\n\n\tpublic static function getUpdateTasks(): array\n\t{\n\t\treturn self::$update_tasks;\n\t}\n\n\tpublic static function getTaskCounter(): int\n\t{\n\t\treturn self::$task_counter;\n\t}\n\n\tpublic static function cleanOldFiles(array $to_clean)\n\t{\n\t\tself::showUpdateStep(\"Cleaning up old files\");\n\t\t$disabled = explode(',', ini_get('disable_functions'));\n\t\t$exec_allowed = !in_array('exec', $disabled);\n\t\t$del_list = \"\";\n\t\tforeach ($to_clean as $filedir) {\n\t\t\t$complete_filedir = Froxlor::getInstallDir() . $filedir;\n\t\t\tif (file_exists($complete_filedir)) {\n\t\t\t\tif ($exec_allowed) {\n\t\t\t\t\tFileDir::safe_exec(\"rm -rf \" . escapeshellarg($complete_filedir));\n\t\t\t\t} else {\n\t\t\t\t\t$del_list .= \"rm -rf \" . escapeshellarg($complete_filedir) . PHP_EOL;\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t\tif ($exec_allowed) {\n\t\t\tself::lastStepStatus(0);\n\t\t} else {\n\t\t\tif (empty($del_list)) {\n\t\t\t\t// none of the files existed\n\t\t\t\tself::lastStepStatus(0);\n\t\t\t} else {\n\t\t\t\tself::lastStepStatus(\n\t\t\t\t\t1,\n\t\t\t\t\t'manual commands needed',\n\t\t\t\t\t'Please run the following commands manually:
' . $del_list . '
'\n\t\t\t\t);\n\t\t\t}\n\t\t}\n\t}\n}\n" }, { "path": "lib/Froxlor/Language.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor;\n\nuse RecursiveArrayIterator;\nuse RecursiveIteratorIterator;\n\nclass Language\n{\n\tprotected static ?array $lng = null;\n\tprotected static string $defaultLanguage = 'en';\n\tprotected static ?string $requestedLanguage = null;\n\n\t/**\n\t * @return array\n\t */\n\tpublic static function getLanguages(): array\n\t{\n\t\t$languages = [];\n\t\t$directory = dirname(__DIR__, 2) . '/lng';\n\n\t\tforeach (array_diff(scandir($directory), ['..', '.', 'index.html']) as $language) {\n\t\t\t$iso = explode('.', $language)[0];\n\t\t\t$languages[$iso] = self::getTranslation('languages.' . $iso);\n\t\t}\n\n\t\treturn $languages;\n\t}\n\n\tpublic static function getTranslation(string $identifier, array $arguments = [])\n\t{\n\t\t// initialize\n\t\tif (is_null(self::$lng)) {\n\t\t\t// load fallback language\n\t\t\tself::$lng = self::loadLanguage(self::$defaultLanguage);\n\n\t\t\t// load user requested language\n\t\t\tif (self::$requestedLanguage) {\n\t\t\t\tself::$lng = array_merge(self::$lng, self::loadLanguage(self::$requestedLanguage));\n\t\t\t}\n\n\t\t\t// load fallback from browser if nothing requested\n\t\t\t$iso = trim(substr(strtok(strtok(($_SERVER['HTTP_ACCEPT_LANGUAGE'] ?? 'en'), ','), ';'), 0, 5));\n\t\t\tif (!self::$requestedLanguage && strlen($iso) == 2 && $iso !== self::$defaultLanguage) {\n\t\t\t\tself::$lng = array_merge(self::$lng, self::loadLanguage($iso));\n\t\t\t}\n\t\t}\n\n\t\t// shortcut for identifier with => [title, description]\n\t\tif (!isset(self::$lng[$identifier]) && isset(self::$lng[$identifier . '.title'])) {\n\t\t\treturn [\n\t\t\t\t'title' => vsprintf(self::$lng[$identifier . '.title'] ?? $identifier, $arguments),\n\t\t\t\t'description' => vsprintf(self::$lng[$identifier . '.description'] ?? $identifier, $arguments),\n\t\t\t];\n\t\t}\n\t\t// search by identifier\n\t\treturn vsprintf(self::$lng[$identifier] ?? $identifier, $arguments);\n\t}\n\n\t/**\n\t * @TODO: Possible iso: de, de-DE, de-AT (fallback to de)\n\t *\n\t * @param $iso\n\t * @return array\n\t */\n\tprivate static function loadLanguage($iso): array\n\t{\n\t\t// Reject path traversal attempts\n\t\tif ($iso !== basename($iso) || str_contains($iso, '..')) {\n\t\t\treturn [];\n\t\t}\n\t\t$languageFile = dirname(__DIR__, 2) . sprintf('/lng/%s.lng.php', $iso);\n\n\t\tif (!file_exists($languageFile)) {\n\t\t\treturn [];\n\t\t}\n\n\t\t// load default language\n\t\t$lng = require $languageFile;\n\n\t\t// multidimensional array to dot notation keys\n\t\t$reItIt = new RecursiveIteratorIterator(new RecursiveArrayIterator($lng));\n\t\t$result = [];\n\t\tforeach ($reItIt as $leafValue) {\n\t\t\t$keys = [];\n\t\t\tforeach (range(0, $reItIt->getDepth()) as $depth) {\n\t\t\t\t$keys[] = $reItIt->getSubIterator($depth)->key();\n\t\t\t}\n\t\t\t$result[join('.', $keys)] = $leafValue;\n\t\t}\n\n\t\treturn $result;\n\t}\n\n\tpublic static function setDefaultLanguage(string $string)\n\t{\n\t\tself::$defaultLanguage = $string;\n\t}\n\n\tpublic static function setLanguage(string $string)\n\t{\n\t\tself::$requestedLanguage = $string;\n\t\tself::$lng = null;\n\t}\n}\n" }, { "path": "lib/Froxlor/MailLogParser.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor;\n\nuse Exception;\nuse Froxlor\\Database\\Database;\nuse PDO;\n\nclass MailLogParser\n{\n\tprivate $startTime;\n\tprivate $domainTraffic = [];\n\tprivate $myDomains = [];\n\tprivate $mails = [];\n\n\t/**\n\t * constructor\n\t *\n\t * @param\n\t * string logFile\n\t * @param\n\t * int startTime\n\t * @param\n\t * string logFileExim\n\t */\n\tpublic function __construct($startTime = 0)\n\t{\n\t\t$this->startTime = $startTime;\n\n\t\t// Get all domains from Database\n\t\t$stmt = Database::prepare(\"SELECT domain FROM `\" . TABLE_PANEL_DOMAINS . \"`\");\n\t\tDatabase::pexecute($stmt, []);\n\t\twhile ($domain_row = $stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t$this->myDomains[] = $domain_row[\"domain\"];\n\t\t}\n\n\t\t// Parse MTA traffic\n\t\tif (Settings::Get(\"system.mtaserver\") == \"postfix\") {\n\t\t\t$this->parsePostfixLog(Settings::Get(\"system.mtalog\"));\n\t\t\t$this->parsePostfixLog(Settings::Get(\"system.mtalog\") . \".1\");\n\t\t} elseif (Settings::Get(\"system.mtaserver\") == \"exim4\") {\n\t\t\t$this->parseExim4Log(Settings::Get(\"system.mtalog\"));\n\t\t}\n\n\t\t// Parse MDA traffic\n\t\tif (Settings::Get(\"system.mdaserver\") == \"dovecot\") {\n\t\t\t$this->parseDovecotLog(Settings::Get(\"system.mdalog\"));\n\t\t\t$this->parseDovecotLog(Settings::Get(\"system.mdalog\") . \".1\");\n\t\t} elseif (Settings::Get(\"system.mdaserver\") == \"courier\") {\n\t\t\t$this->parseCourierLog(Settings::Get(\"system.mdalog\"));\n\t\t\t$this->parseCourierLog(Settings::Get(\"system.mdalog\") . \".1\");\n\t\t}\n\t}\n\n\t/**\n\t * parsePostfixLog\n\t * parses the traffic from a postfix logfile\n\t *\n\t * @param string $logFile\n\t * logFile\n\t */\n\tprivate function parsePostfixLog($logFile)\n\t{\n\t\t// Check if file exists\n\t\tif (!file_exists($logFile)) {\n\t\t\treturn false;\n\t\t}\n\n\t\t// Open the log file\n\t\ttry {\n\t\t\t$file_handle = fopen($logFile, \"r\");\n\t\t\tif (!$file_handle) {\n\t\t\t\tthrow new Exception(\"Could not open the file!\");\n\t\t\t}\n\t\t} catch (Exception $e) {\n\t\t\techo \"Error (File: \" . $e->getFile() . \", line \" . $e->getLine() . \"): \" . $e->getMessage();\n\t\t\treturn false;\n\t\t}\n\n\t\twhile (!feof($file_handle)) {\n\t\t\tunset($matches);\n\t\t\t$line = fgets($file_handle);\n\n\t\t\tif (strpos($line, 'postfix') === false) {\n\t\t\t\tcontinue;\n\t\t\t}\n\n\t\t\t$timestamp = $this->getLogTimestamp($line);\n\t\t\tif ($this->startTime < $timestamp) {\n\t\t\t\tif (preg_match(\"/postfix\\/qmgr.*(?::|\\])\\s([A-Z\\d]+).*from=?, size=(\\d+),/\", $line, $matches)) {\n\t\t\t\t\t// Postfix from\n\t\t\t\t\t$this->mails[$matches[1]] = [\n\t\t\t\t\t\t\"domainFrom\" => strtolower($matches[2]),\n\t\t\t\t\t\t\"size\" => $matches[3]\n\t\t\t\t\t];\n\t\t\t\t} elseif (preg_match(\"/postfix\\/(?:pipe|smtp|lmtp).*(?::|\\])\\s([A-Z\\d]+).*to=?,/\", $line, $matches)) {\n\t\t\t\t\t// Postfix to\n\t\t\t\t\tif (array_key_exists($matches[1], $this->mails)) {\n\t\t\t\t\t\t$this->mails[$matches[1]][\"domainTo\"] = strtolower($matches[2]);\n\n\t\t\t\t\t\t// Only mails from/to outside the system should be added\n\t\t\t\t\t\t$mail = $this->mails[$matches[1]];\n\t\t\t\t\t\tif (in_array($mail[\"domainFrom\"], $this->myDomains) || in_array($mail[\"domainTo\"], $this->myDomains)) {\n\t\t\t\t\t\t\t// Outgoing traffic\n\t\t\t\t\t\t\tif (array_key_exists(\"domainFrom\", $mail)) {\n\t\t\t\t\t\t\t\t$this->addDomainTraffic($mail[\"domainFrom\"], $mail[\"size\"], $timestamp);\n\t\t\t\t\t\t\t}\n\n\t\t\t\t\t\t\t// Incoming traffic\n\t\t\t\t\t\t\tif (array_key_exists(\"domainTo\", $mail) && in_array($mail[\"domainTo\"], $this->myDomains)) {\n\t\t\t\t\t\t\t\t$this->addDomainTraffic($mail[\"domainTo\"], $mail[\"size\"], $timestamp);\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t\tunset($mail);\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t\tfclose($file_handle);\n\t\treturn true;\n\t}\n\n\t/**\n\t * getLogTimestamp\n\t *\n\t * @param\n\t * string line\n\t * return int\n\t */\n\tprivate function getLogTimestamp($line)\n\t{\n\t\t$matches = null;\n\t\tif (preg_match(\"/((?:[A-Z]{3}\\s{1,2}\\d{1,2}|\\d{4}-\\d{2}-\\d{2}).\\d{2}:\\d{2}:\\d{2})/i\", $line, $matches)) {\n\t\t\t$timestamp = strtotime($matches[1]);\n\t\t\tif ($timestamp > ($this->startTime + 60 * 60 * 24)) {\n\t\t\t\treturn strtotime($matches[1] . \" -1 year\");\n\t\t\t} else {\n\t\t\t\treturn strtotime($matches[1]);\n\t\t\t}\n\t\t} else {\n\t\t\treturn 0;\n\t\t}\n\t}\n\n\t/**\n\t * _addDomainTraffic\n\t * adds the traffic to the domain array if we own the domain\n\t *\n\t * @param\n\t * string domain\n\t * @param\n\t * int traffic\n\t */\n\tprivate function addDomainTraffic($domain, $traffic, $timestamp)\n\t{\n\t\t$date = date(\"Y-m-d\", $timestamp);\n\t\tif (in_array($domain, $this->myDomains)) {\n\t\t\tif (array_key_exists($domain, $this->domainTraffic) && array_key_exists($date, $this->domainTraffic[$domain])) {\n\t\t\t\t$this->domainTraffic[$domain][$date] += (int)$traffic;\n\t\t\t} else {\n\t\t\t\tif (!array_key_exists($domain, $this->domainTraffic)) {\n\t\t\t\t\t$this->domainTraffic[$domain] = [];\n\t\t\t\t}\n\t\t\t\t$this->domainTraffic[$domain][$date] = (int)$traffic;\n\t\t\t}\n\t\t}\n\t}\n\n\t/**\n\t * parseExim4Log\n\t * parses the smtp traffic from a exim4 logfile\n\t *\n\t * @param string $logFile\n\t * logFile\n\t */\n\tprivate function parseExim4Log($logFile)\n\t{\n\t\t// Check if file exists\n\t\tif (!file_exists($logFile)) {\n\t\t\treturn false;\n\t\t}\n\n\t\t// Open the log file\n\t\ttry {\n\t\t\t$file_handle = fopen($logFile, \"r\");\n\t\t\tif (!$file_handle) {\n\t\t\t\tthrow new Exception(\"Could not open the file!\");\n\t\t\t}\n\t\t} catch (Exception $e) {\n\t\t\techo \"Error (File: \" . $e->getFile() . \", line \" . $e->getLine() . \"): \" . $e->getMessage();\n\t\t\treturn false;\n\t\t}\n\n\t\twhile (!feof($file_handle)) {\n\t\t\tunset($matches);\n\t\t\t$line = fgets($file_handle);\n\n\t\t\t$timestamp = $this->getLogTimestamp($line);\n\t\t\tif ($this->startTime < $timestamp) {\n\t\t\t\tif (preg_match(\"/<= .*@([a-z0-9.\\-]+) .*S=(\\d+)/i\", $line, $matches)) {\n\t\t\t\t\t// Outgoing traffic\n\t\t\t\t\t$this->addDomainTraffic($matches[1], $matches[2], $timestamp);\n\t\t\t\t} elseif (preg_match(\"/=> .*? .*S=(\\d+)/i\", $line, $matches)) {\n\t\t\t\t\t// Incoming traffic\n\t\t\t\t\t$this->addDomainTraffic($matches[1], $matches[2], $timestamp);\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t\tfclose($file_handle);\n\t\treturn true;\n\t}\n\n\t/**\n\t * parseDovecotLog\n\t * parses the dovecot imap/pop3 traffic from logfile\n\t *\n\t * @param string $logFile\n\t * logFile\n\t */\n\tprivate function parseDovecotLog($logFile)\n\t{\n\t\t// Check if file exists\n\t\tif (!file_exists($logFile)) {\n\t\t\treturn false;\n\t\t}\n\n\t\t// Open the log file\n\t\ttry {\n\t\t\t$file_handle = fopen($logFile, \"r\");\n\t\t\tif (!$file_handle) {\n\t\t\t\tthrow new Exception(\"Could not open the file!\");\n\t\t\t}\n\t\t} catch (Exception $e) {\n\t\t\techo \"Error (File: \" . $e->getFile() . \", line \" . $e->getLine() . \"): \" . $e->getMessage();\n\t\t\treturn false;\n\t\t}\n\n\t\twhile (!feof($file_handle)) {\n\t\t\tunset($matches);\n\t\t\t$line = fgets($file_handle);\n\n\t\t\tif (strpos($line, 'dovecot') === false) {\n\t\t\t\tcontinue;\n\t\t\t}\n\n\t\t\t$timestamp = $this->getLogTimestamp($line);\n\t\t\tif ($this->startTime < $timestamp) {\n\t\t\t\tif (preg_match(\"/dovecot.*(?::|\\]) imap\\(.*@([a-z0-9\\.\\-]+)\\)(<\\d+><[a-z0-9+\\/=]+>)?:.*(?:in=(\\d+) out=(\\d+)|bytes=(\\d+)\\/(\\d+))/i\", $line, $matches)) {\n\t\t\t\t\t// Dovecot IMAP\n\t\t\t\t\t$this->addDomainTraffic($matches[1], (int)$matches[3] + (int)$matches[4], $timestamp);\n\t\t\t\t} elseif (preg_match(\"/dovecot.*(?::|\\]) pop3\\(.*@([a-z0-9\\.\\-]+)\\)(<\\d+><[a-z0-9+\\/=]+>)?:.*in=(\\d+).*out=(\\d+)/i\", $line, $matches)) {\n\t\t\t\t\t// Dovecot POP3\n\t\t\t\t\t$this->addDomainTraffic($matches[1], (int)$matches[3] + (int)$matches[4], $timestamp);\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t\tfclose($file_handle);\n\t\treturn true;\n\t}\n\n\t/**\n\t * parseCourierLog\n\t * parses the dovecot imap/pop3 traffic from logfile\n\t *\n\t * @param string $logFile\n\t * logFile\n\t */\n\tprivate function parseCourierLog($logFile)\n\t{\n\t\t// Check if file exists\n\t\tif (!file_exists($logFile)) {\n\t\t\treturn false;\n\t\t}\n\n\t\t// Open the log file\n\t\ttry {\n\t\t\t$file_handle = fopen($logFile, \"r\");\n\t\t\tif (!$file_handle) {\n\t\t\t\tthrow new Exception(\"Could not open the file!\");\n\t\t\t}\n\t\t} catch (Exception $e) {\n\t\t\techo \"Error (File: \" . $e->getFile() . \", line \" . $e->getLine() . \"): \" . $e->getMessage();\n\t\t\treturn false;\n\t\t}\n\n\t\twhile (!feof($file_handle)) {\n\t\t\tunset($matches);\n\t\t\t$line = fgets($file_handle);\n\n\t\t\t$timestamp = $this->getLogTimestamp($line);\n\t\t\tif ($this->startTime < $timestamp) {\n\t\t\t\tif (preg_match(\"/(?:imapd|pop3d)(?:-ssl)?.*(?::|\\]).*user=.*@([a-z0-9\\.\\-]+),.*rcvd=(\\d+), sent=(\\d+),/i\", $line, $matches)) {\n\t\t\t\t\t// Courier IMAP & POP3\n\t\t\t\t\t$this->addDomainTraffic($matches[1], (int)$matches[2] + (int)$matches[3], $timestamp);\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t\tfclose($file_handle);\n\t\treturn true;\n\t}\n\n\t/**\n\t * getDomainTraffic\n\t * returns the traffic of a given domain or 0 if the domain has no traffic\n\t *\n\t * @param\n\t * string domain\n\t * return array\n\t */\n\tpublic function getDomainTraffic($domain)\n\t{\n\t\tif (array_key_exists($domain, $this->domainTraffic)) {\n\t\t\treturn $this->domainTraffic[$domain];\n\t\t} else {\n\t\t\treturn 0;\n\t\t}\n\t}\n}\n" }, { "path": "lib/Froxlor/PhpHelper.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor;\n\nuse Exception;\nuse Froxlor\\UI\\Panel\\UI;\nuse Net_DNS2_Exception;\nuse Net_DNS2_Resolver;\nuse Throwable;\nuse voku\\helper\\AntiXSS;\n\nclass PhpHelper\n{\n\t/**\n\t * Wrapper around htmlentities to handle arrays, with the advantage that you\n\t * can select which fields should be handled by htmlentities\n\t *\n\t * @param array|string $subject The subject array\n\t * @param array|string $fields The fields which should be checked for, separated by spaces\n\t * @param int $quote_style See php documentation about this\n\t * @param string $charset See php documentation about this\n\t *\n\t * @return array|string The string or an array with htmlentities converted strings\n\t * @author Florian Lippert (2003-2009)\n\t */\n\tpublic static function htmlentitiesArray($subject, $fields = '', $quote_style = ENT_QUOTES, $charset = 'UTF-8')\n\t{\n\t\tif (is_array($subject)) {\n\t\t\tif (!is_array($fields)) {\n\t\t\t\t$fields = self::arrayTrim(explode(' ', $fields));\n\t\t\t}\n\n\t\t\tforeach ($subject as $field => $value) {\n\t\t\t\tif ((!is_array($fields) || empty($fields)) || (in_array($field, $fields))) {\n\t\t\t\t\t// Just call ourselve to manage multi-dimensional arrays\n\t\t\t\t\t$subject[$field] = self::htmlentitiesArray($value, $fields, $quote_style, $charset);\n\t\t\t\t}\n\t\t\t}\n\t\t} else {\n\t\t\t$subject = empty($subject) ? \"\" : htmlentities($subject, $quote_style, $charset);\n\t\t}\n\n\t\treturn $subject;\n\t}\n\n\t/**\n\t * Returns array with all empty-values removed\n\t *\n\t * @param array $source The array to trim\n\t * @return array The trim'med array\n\t */\n\tpublic static function arrayTrim(array $source): array\n\t{\n\t\t$source = array_map('trim', $source);\n\t\treturn array_filter($source, function ($value) {\n\t\t\treturn $value !== '';\n\t\t});\n\t}\n\n\t/**\n\t * froxlor php error handler\n\t *\n\t * @param int $errno\n\t * @param string $errstr\n\t * @param string $errfile\n\t * @param int $errline\n\t *\n\t * @return void|boolean\n\t */\n\tpublic static function phpErrHandler($errno, $errstr, $errfile, $errline)\n\t{\n\t\tif (!(error_reporting() & $errno)) {\n\t\t\t// This error code is not included in error_reporting\n\t\t\treturn;\n\t\t}\n\n\t\tif (!isset($_SERVER['SHELL']) || (isset($_SERVER['SHELL']) && $_SERVER['SHELL'] == '')) {\n\t\t\t// prevent possible file-path-disclosure\n\t\t\t$errfile = str_replace(Froxlor::getInstallDir(), \"\", $errfile);\n\t\t\t// build alert\n\t\t\t$type = 'danger';\n\t\t\tif ($errno == E_NOTICE || $errno == E_DEPRECATED || $errno == E_STRICT) {\n\t\t\t\t$type = 'info';\n\t\t\t} elseif ($errno = E_WARNING) {\n\t\t\t\t$type = 'warning';\n\t\t\t}\n\t\t\t$err_display = '
';\n\t\t\t$err_display .= '#' . $errno . ' ' . $errstr . '
';\n\t\t\t$err_display .= $errfile . ':' . $errline;\n\t\t\t// later depended on whether to show or now\n\t\t\t$err_display .= '

';\n\t\t\t$debug = debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS);\n\t\t\tforeach ($debug as $dline) {\n\t\t\t\t$err_display .= $dline['function'] . '() called at [' . str_replace(Froxlor::getInstallDir(), '',\n\t\t\t\t\t\t($dline['file'] ?? 'unknown')) . ':' . ($dline['line'] ?? 0) . ']
';\n\t\t\t}\n\t\t\t$err_display .= '

';\n\t\t\t// end later\n\t\t\t$err_display .= '
';\n\t\t\t// set errors to session\n\t\t\tErrorBag::addError($err_display);\n\t\t\t// return true to ignore php standard error-handler\n\t\t\treturn true;\n\t\t}\n\n\t\t// of on shell, use the php standard error-handler\n\t\treturn false;\n\t}\n\n\t/**\n\t * @param Throwable $exception\n\t * @return void\n\t */\n\tpublic static function phpExceptionHandler(Throwable $exception)\n\t{\n\t\tif (!isset($_SERVER['SHELL']) || $_SERVER['SHELL'] == '') {\n\t\t\t// show\n\t\t\tUI::initTwig(true);\n\t\t\tUI::twig()->addGlobal('install_mode', '1');\n\t\t\tUI::view('misc/alert_nosession.html.twig', [\n\t\t\t\t'page_title' => 'Uncaught exception',\n\t\t\t\t'heading' => 'Uncaught exception',\n\t\t\t\t'type' => 'danger',\n\t\t\t\t'alert_msg' => $exception->getCode() . ' ' . $exception->getMessage(),\n\t\t\t\t'alert_info' => $exception->getTraceAsString()\n\t\t\t]);\n\t\t\tdie();\n\t\t}\n\t}\n\n\t/**\n\t * @param ...$configdirs\n\t * @return array|null\n\t */\n\tpublic static function loadConfigArrayDir(...$configdirs)\n\t{\n\t\tif (count($configdirs) <= 0) {\n\t\t\treturn null;\n\t\t}\n\n\t\t$data = [];\n\t\t$data_files = [];\n\t\t$has_data = false;\n\n\t\tforeach ($configdirs as $data_dirname) {\n\t\t\tif (is_dir($data_dirname)) {\n\t\t\t\t$data_dirhandle = opendir($data_dirname);\n\t\t\t\twhile (false !== ($data_filename = readdir($data_dirhandle))) {\n\t\t\t\t\tif ($data_filename != '.'\n\t\t\t\t\t\t&& $data_filename != '..'\n\t\t\t\t\t\t&& $data_filename != ''\n\t\t\t\t\t\t&& substr($data_filename, -4) == '.php'\n\t\t\t\t\t) {\n\t\t\t\t\t\t$data_files[] = $data_dirname . $data_filename;\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\t$has_data = true;\n\t\t\t}\n\t\t}\n\n\t\tif ($has_data) {\n\t\t\tsort($data_files);\n\t\t\tforeach ($data_files as $data_filename) {\n\t\t\t\t$data = array_merge_recursive($data, include $data_filename);\n\t\t\t}\n\t\t}\n\n\t\treturn $data;\n\t}\n\n\t/**\n\t * ipv6 aware gethostbynamel function\n\t *\n\t * @param string $host\n\t * @param boolean $try_a default true\n\t * @param string|null $nameserver set additional resolver nameserver to use (e.g. 1.1.1.1)\n\t * @return bool|array\n\t */\n\tpublic static function gethostbynamel6(string $host, bool $try_a = true, ?string $nameserver = null)\n\t{\n\t\t$ips = [];\n\n\t\ttry {\n\t\t\t// set the default nameservers to use, use the system default if none are provided\n\t\t\t$resolver = new Net_DNS2_Resolver($nameserver ? ['nameservers' => [$nameserver]] : []);\n\n\t\t\t// get all ip addresses from the A record and normalize them\n\t\t\tif ($try_a) {\n\t\t\t\ttry {\n\t\t\t\t\t$answer = $resolver->query($host, 'A')->answer;\n\t\t\t\t\tforeach ($answer as $rr) {\n\t\t\t\t\t\tif ($rr instanceof \\Net_DNS2_RR_A) {\n\t\t\t\t\t\t\t$ips[] = inet_ntop(inet_pton($rr->address));\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t} catch (Net_DNS2_Exception $e) {\n\t\t\t\t\t// we can't do anything here, just continue\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// get all ip addresses from the AAAA record and normalize them\n\t\t\ttry {\n\t\t\t\t$answer = $resolver->query($host, 'AAAA')->answer;\n\t\t\t\tforeach ($answer as $rr) {\n\t\t\t\t\tif ($rr instanceof \\Net_DNS2_RR_AAAA) {\n\t\t\t\t\t\t$ips[] = inet_ntop(inet_pton($rr->address));\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t} catch (Net_DNS2_Exception $e) {\n\t\t\t\t// we can't do anything here, just continue\n\t\t\t}\n\t\t} catch (Net_DNS2_Exception $e) {\n\t\t\t// fallback to php's dns_get_record if Net_DNS2 has no resolver available, but this may cause\n\t\t\t// problems if the system's dns is not configured correctly; for example, the acme pre-check\n\t\t\t// will fail because some providers put a local ip in /etc/hosts\n\n\t\t\t// get all ip addresses from the A record and normalize them\n\t\t\tif ($try_a) {\n\t\t\t\t$answer = @dns_get_record($host, DNS_A);\n\t\t\t\tforeach ($answer as $rr) {\n\t\t\t\t\t$ips[] = inet_ntop(inet_pton($rr['ip']));\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// get all ip addresses from the AAAA record and normalize them\n\t\t\t$answer = @dns_get_record($host, DNS_AAAA);\n\t\t\tforeach ($answer as $rr) {\n\t\t\t\t$ips[] = inet_ntop(inet_pton($rr['ipv6']));\n\t\t\t}\n\t\t}\n\n\t\treturn count($ips) > 0 ? $ips : false;\n\t}\n\n\t/**\n\t * Function randomStr\n\t *\n\t * generate a pseudo-random string of bytes\n\t *\n\t * @param int $length\n\t * @return string\n\t * @throws Exception\n\t */\n\tpublic static function randomStr(int $length): string\n\t{\n\t\tif (function_exists('openssl_random_pseudo_bytes')) {\n\t\t\treturn openssl_random_pseudo_bytes($length);\n\t\t}\n\t\treturn random_bytes($length);\n\t}\n\n\t/**\n\t * Return human-readable sizes\n\t *\n\t * @param int $size size in bytes\n\t * @param ?string $max maximum unit\n\t * @param string $system 'si' for SI, 'bi' for binary prefixes\n\t * @param string $retstring string-format\n\t *\n\t * @return string\n\t */\n\tpublic static function sizeReadable(\n\t\t$size,\n\t\t?string $max = '',\n\t\tstring $system = 'si',\n\t\tstring $retstring = '%01.2f %s'\n\t): string\n\t{\n\t\t// Pick units\n\t\t$systems = [\n\t\t\t'si' => [\n\t\t\t\t'prefix' => [\n\t\t\t\t\t'B',\n\t\t\t\t\t'KB',\n\t\t\t\t\t'MB',\n\t\t\t\t\t'GB',\n\t\t\t\t\t'TB',\n\t\t\t\t\t'PB'\n\t\t\t\t],\n\t\t\t\t'size' => 1000\n\t\t\t],\n\t\t\t'bi' => [\n\t\t\t\t'prefix' => [\n\t\t\t\t\t'B',\n\t\t\t\t\t'KiB',\n\t\t\t\t\t'MiB',\n\t\t\t\t\t'GiB',\n\t\t\t\t\t'TiB',\n\t\t\t\t\t'PiB'\n\t\t\t\t],\n\t\t\t\t'size' => 1024\n\t\t\t]\n\t\t];\n\t\t$sys = $systems[$system] ?? $systems['si'];\n\n\t\t// Max unit to display\n\t\t$depth = count($sys['prefix']) - 1;\n\t\tif ($max && false !== $d = array_search($max, $sys['prefix'])) {\n\t\t\t$depth = $d;\n\t\t}\n\t\t// Loop\n\t\t$i = 0;\n\t\twhile ($size >= $sys['size'] && $i < $depth) {\n\t\t\t$size /= $sys['size'];\n\t\t\t$i++;\n\t\t}\n\n\t\treturn sprintf($retstring, $size, $sys['prefix'][$i]);\n\t}\n\n\t/**\n\t * Replaces all occurrences of variables defined in the second argument\n\t * in the first argument with their values.\n\t *\n\t * @param string $text The string that should be searched for variables\n\t * @param array $vars The array containing the variables with their values\n\t *\n\t * @return string The submitted string with the variables replaced.\n\t */\n\tpublic static function replaceVariables(string $text, array $vars): string\n\t{\n\t\t$pattern = \"/\\{([a-zA-Z0-9\\-_]+)\\}/\";\n\t\t$matches = [];\n\n\t\tif (count($vars) > 0 && preg_match_all($pattern, $text, $matches)) {\n\t\t\tfor ($i = 0; $i < count($matches[1]); $i++) {\n\t\t\t\t$current = $matches[1][$i];\n\n\t\t\t\tif (isset($vars[$current])) {\n\t\t\t\t\t$var = $vars[$current];\n\t\t\t\t\t$text = str_replace(\"{\" . $current . \"}\", $var, $text);\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\treturn str_replace('\\n', \"\\n\", $text);\n\t}\n\n\t/**\n\t * @param string $needle\n\t * @param array $haystack\n\t * @param array $keys\n\t * @param string $currentKey\n\t * @return true\n\t */\n\tpublic static function recursive_array_search(\n\t\tstring $needle,\n\t\tarray $haystack,\n\t\tarray &$keys = [],\n\t\tstring $currentKey = ''\n\t): bool\n\t{\n\t\tforeach ($haystack as $key => $value) {\n\t\t\tif (empty($value)) {\n\t\t\t\tcontinue;\n\t\t\t}\n\t\t\t$pathkey = empty($currentKey) ? $key : $currentKey . '.' . $key;\n\t\t\tif (is_array($value)) {\n\t\t\t\tself::recursive_array_search($needle, $value, $keys, $pathkey);\n\t\t\t} else {\n\t\t\t\tif (stripos($value, $needle) !== false) {\n\t\t\t\t\t$keys[] = $pathkey;\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t\treturn true;\n\t}\n\n\t/**\n\t * function to check a super-global passed by reference,\n\t * so it gets automatically updated\n\t *\n\t * @param array $global\n\t * @param AntiXSS $antiXss\n\t */\n\tpublic static function cleanGlobal(array &$global, AntiXSS &$antiXss)\n\t{\n\t\t$ignored_fields = [\n\t\t\t'system_default_vhostconf',\n\t\t\t'system_default_sslvhostconf',\n\t\t\t'system_apache_globaldiropt',\n\t\t\t'specialsettings',\n\t\t\t'ssl_specialsettings',\n\t\t\t'default_vhostconf_domain',\n\t\t\t'ssl_default_vhostconf_domain',\n\t\t\t'filecontent',\n\t\t\t'admin_password',\n\t\t\t'password',\n\t\t\t'new_customer_password',\n\t\t\t'privileged_password',\n\t\t\t'email_password',\n\t\t\t'directory_password',\n\t\t\t'ftp_password',\n\t\t\t'mysql_password',\n\t\t\t'mysql_root_pass',\n\t\t\t'mysql_unprivileged_pass',\n\t\t\t'admin_pass',\n\t\t\t'admin_pass_confirm',\n\t\t\t'panel_password_special_char',\n\t\t\t'old_password',\n\t\t\t'new_password',\n\t\t\t'new_password_confirm',\n\t\t];\n\t\tif (!empty($global)) {\n\t\t\t$tmp = $global;\n\t\t\tforeach ($tmp as $index => $value) {\n\t\t\t\tif (!in_array($index, $ignored_fields)) {\n\t\t\t\t\t$global[$index] = $antiXss->xss_clean($value);\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t}\n\n\t/**\n\t * Generate php file from array.\n\t *\n\t * @param array $array\n\t * @param string|null $comment\n\t * @param bool $asReturn\n\t * @return string\n\t */\n\tpublic static function parseArrayToPhpFile(array $array, ?string $comment = null, bool $asReturn = false): string\n\t{\n\t\t$str = sprintf(\" $arr) {\n\t\t\t$str .= sprintf(\"\\$%s = %s;\\n\", $var, rtrim(self::parseArrayToString($arr), \"\\n,\"));\n\t\t}\n\t\treturn $str;\n\t}\n\n\t/**\n\t * Parse array to array string.\n\t *\n\t * @param array $array\n\t * @param ?string $key\n\t * @param int $depth\n\t * @return string\n\t */\n\tpublic static function parseArrayToString(array $array, ?string $key = null, int $depth = 1): string\n\t{\n\t\t$str = '';\n\t\tif (!is_null($key)) {\n\t\t\t$str .= self::tabPrefix(($depth - 1), \"'{$key}' => [\\n\");\n\t\t} else {\n\t\t\t$str .= self::tabPrefix(($depth - 1), \"[\\n\");\n\t\t}\n\t\tforeach ($array as $key => $value) {\n\t\t\tif (!is_array($value)) {\n\t\t\t\tif (is_bool($value)) {\n\t\t\t\t\t$str .= self::tabPrefix($depth, sprintf(\"'%s' => %s,\\n\", $key, $value ? 'true' : 'false'));\n\t\t\t\t} elseif (is_int($value)) {\n\t\t\t\t\t$str .= self::tabPrefix($depth, \"'{$key}' => $value,\\n\");\n\t\t\t\t} else {\n\t\t\t\t\tif ($key == 'password') {\n\t\t\t\t\t\t// special case for passwords (nowdoc)\n\t\t\t\t\t\t$str .= self::tabPrefix($depth, \"'{$key}' => <<<'EOT'\\n{$value}\\nEOT,\\n\");\n\t\t\t\t\t} else {\n\t\t\t\t\t\t// escape backslashes first, then single quotes:\n\t\t\t\t\t\t$escaped = str_replace(['\\\\', \"'\"], ['\\\\\\\\', \"\\\\'\"], $value);\n\t\t\t\t\t\t$str .= self::tabPrefix($depth, \"'{$key}' => '{$escaped}',\\n\");\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\t$str .= self::parseArrayToString($value, $key, ($depth + 1));\n\t\t\t}\n\t\t}\n\t\t$str .= self::tabPrefix(($depth - 1), \"],\\n\");\n\t\treturn $str;\n\t}\n\n\t/**\n\t * Apply tabs with given depth to string.\n\t *\n\t * @param int $depth\n\t * @param string $str\n\t * @return string\n\t */\n\tprivate static function tabPrefix(int $depth, string $str = ''): string\n\t{\n\t\t$tab = '';\n\t\tfor ($i = 1; $i <= $depth; $i++) {\n\t\t\t$tab .= \"\\t\";\n\t\t}\n\t\treturn $tab . $str;\n\t}\n\n\tpublic static function array_merge_recursive_distinct(array &$array1, array &$array2)\n\t{\n\t\t$merged = $array1;\n\t\tforeach ($array2 as $key => &$value) {\n\t\t\tif (is_array($value) && isset($merged[$key]) && is_array($merged[$key])) {\n\t\t\t\t$merged[$key] = self::array_merge_recursive_distinct($merged[$key], $value);\n\t\t\t} else {\n\t\t\t\t$merged[$key] = $value;\n\t\t\t}\n\t\t}\n\t\treturn $merged;\n\t}\n}\n" }, { "path": "lib/Froxlor/SImExporter.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor;\n\nuse Exception;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\UI\\Form;\nuse Froxlor\\Validate\\Validate;\nuse PDO;\n\n/**\n * Class SImExporter\n *\n * Import/Export settings to JSON\n */\nclass SImExporter\n{\n\t/**\n\t * settings which are not being exported\n\t *\n\t * @var array\n\t */\n\tprivate static $no_export = [\n\t\t'panel.adminmail',\n\t\t'admin.show_news_feed',\n\t\t'system.lastaccountnumber',\n\t\t'system.lastguid',\n\t\t'system.ipaddress',\n\t\t'system.last_traffic_run',\n\t\t'system.hostname',\n\t\t'system.mysql_access_host',\n\t\t'system.lastcronrun',\n\t\t'system.defaultip',\n\t\t'system.defaultsslip',\n\t\t'system.last_tasks_run',\n\t\t'system.last_archive_run',\n\t\t'system.leprivatekey',\n\t\t'system.lepublickey',\n\t\t'system.updatecheck_data',\n\t];\n\n\tpublic static function export()\n\t{\n\t\t$settings_definitions = [];\n\t\tforeach (PhpHelper::loadConfigArrayDir(Froxlor::getInstallDir() . '/actions/admin/settings/')['groups'] as $group) {\n\t\t\tforeach ($group['fields'] as $field) {\n\t\t\t\t$settings_definitions[$field['settinggroup']][$field['varname']] = $field;\n\t\t\t}\n\t\t}\n\n\t\t$result_stmt = Database::query(\"\n\t\t\tSELECT * FROM `\" . TABLE_PANEL_SETTINGS . \"` ORDER BY `settingid` ASC\n\t\t\");\n\t\t$_data = [];\n\t\twhile ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t$index = $row['settinggroup'] . \".\" . $row['varname'];\n\t\t\tif (!in_array($index, self::$no_export)) {\n\t\t\t\t$_data[$index] = $row['value'];\n\t\t\t}\n\n\t\t\tif (array_key_exists($row['settinggroup'], $settings_definitions) && array_key_exists($row['varname'],\n\t\t\t\t\t$settings_definitions[$row['settinggroup']])) {\n\t\t\t\t// Export image file\n\t\t\t\tif ($settings_definitions[$row['settinggroup']][$row['varname']]['type'] === \"image\") {\n\t\t\t\t\tif ($row['value'] === \"\") {\n\t\t\t\t\t\tcontinue;\n\t\t\t\t\t}\n\n\t\t\t\t\t$_data[$index . '.image_data'] = base64_encode(file_get_contents(explode('?', $row['value'],\n\t\t\t\t\t\t2)[0]));\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\t// add checksum for validation\n\t\t$_data['_sha'] = sha1(var_export($_data, true));\n\t\t$_export = json_encode($_data, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES);\n\t\tif (!$_export) {\n\t\t\tthrow new Exception(\"Error exporting settings: \" . json_last_error_msg());\n\t\t}\n\n\t\treturn $_export;\n\t}\n\n\tpublic static function import($json_str = null)\n\t{\n\t\t// decode data\n\t\t$_data = json_decode($json_str, true);\n\t\tif ($_data) {\n\t\t\t// get validity check data\n\t\t\t$_sha = isset($_data['_sha']) ? $_data['_sha'] : false;\n\t\t\t$_version = isset($_data['panel.version']) ? $_data['panel.version'] : false;\n\t\t\t$_dbversion = isset($_data['panel.db_version']) ? $_data['panel.db_version'] : false;\n\t\t\t// check if we have everything we need\n\t\t\tif (!$_sha || !$_version || !$_dbversion) {\n\t\t\t\tthrow new Exception(\"Invalid froxlor settings data. Unable to import.\");\n\t\t\t}\n\t\t\t// validate import file\n\t\t\tunset($_data['_sha']);\n\t\t\t// compare\n\t\t\tif ($_sha != sha1(var_export($_data, true))) {\n\t\t\t\tthrow new Exception(\"SHA check of import data failed. Unable to import.\");\n\t\t\t}\n\t\t\t// do not import version info - but we need that to possibly update settings\n\t\t\t// when there were changes in the variable-name or similar\n\t\t\tunset($_data['panel.version']);\n\t\t\tunset($_data['panel.db_version']);\n\t\t\t// validate we got ssl enabled ips when ssl is enabled\n\t\t\t// otherwise deactivate it\n\t\t\tif ($_data['system.use_ssl'] == 1) {\n\t\t\t\t$result_ssl_ipsandports_stmt = Database::prepare(\"\n\t\t\t\t\tSELECT COUNT(*) as count_ssl_ip FROM `\" . TABLE_PANEL_IPSANDPORTS . \"` WHERE `ssl`='1'\n\t\t\t\t\");\n\t\t\t\t$result = Database::pexecute_first($result_ssl_ipsandports_stmt);\n\t\t\t\tif ($result['count_ssl_ip'] <= 0) {\n\t\t\t\t\t// no ssl-ip -> deactivate\n\t\t\t\t\t$_data['system.use_ssl'] = 0;\n\t\t\t\t\t// deactivate other ssl-related settings\n\t\t\t\t\t$_data['system.leenabled'] = 0;\n\t\t\t\t\t$_data['system.le_froxlor_enabled'] = 0;\n\t\t\t\t\t$_data['system.le_froxlor_redirect'] = 0;\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t$form_data = [];\n\t\t\t$image_data = [];\n\t\t\t// read in all current settings\n\t\t\t$current_settings = Settings::getAll();\n\t\t\tforeach ($current_settings as $setting_group => $setting) {\n\t\t\t\tforeach ($setting as $varname => $value) {\n\t\t\t\t\t// set all group/varname:values which are not in the import file\n\t\t\t\t\tif (!array_key_exists($setting_group . '.' . $varname, $_data)) {\n\t\t\t\t\t\t$_data[$setting_group . '.' . $varname] = $value;\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t\t// re-format the array-key for Form::processForm\n\t\t\tforeach ($_data as $key => $value) {\n\t\t\t\t$index_split = explode('.', $key, 3);\n\t\t\t\tif (!isset($current_settings[$index_split[0]][$index_split[1]])) {\n\t\t\t\t\tcontinue;\n\t\t\t\t}\n\t\t\t\tif (isset($index_split[2]) && $index_split[2] === 'image_data' && !empty($_data[$index_split[0] . '.' . $index_split[1]])) {\n\t\t\t\t\t$image_data[$key] = $value;\n\t\t\t\t} else {\n\t\t\t\t\t$form_data[str_replace(\".\", \"_\", $key)] = $value;\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// store new data\n\t\t\t$settings_data = PhpHelper::loadConfigArrayDir(Froxlor::getInstallDir() . '/actions/admin/settings/');\n\t\t\tSettings::loadSettingsInto($settings_data);\n\n\t\t\tif (Form::processForm($settings_data, $form_data, [], null, true)) {\n\t\t\t\t// save to DB\n\t\t\t\tSettings::Flush();\n\n\t\t\t\t// Process image_data and save it\n\t\t\t\tif (count($image_data) > 0) {\n\t\t\t\t\tforeach ($image_data as $index => $value) {\n\t\t\t\t\t\t$index_split = explode('.', $index, 3);\n\t\t\t\t\t\t$path = Froxlor::getInstallDir() . '/img/';\n\t\t\t\t\t\tif (!is_dir($path) && !mkdir($path, 0775)) {\n\t\t\t\t\t\t\tthrow new Exception(\"img directory does not exist and cannot be created\");\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\t// Make sure we can write to the upload directory\n\t\t\t\t\t\tif (!is_writable($path)) {\n\t\t\t\t\t\t\tif (!chmod($path, 0775)) {\n\t\t\t\t\t\t\t\tthrow new Exception(\"Cannot write to img directory\");\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\tif (Validate::validateBase64Image($value)) {\n\t\t\t\t\t\t\t$img_data = base64_decode($value);\n\t\t\t\t\t\t\t$img_filename = explode('?', $_data[$index_split[0] . '.' . $index_split[1]], 2)[0];\n\n\t\t\t\t\t\t\t$spl = explode('.', $img_filename);\n\t\t\t\t\t\t\t$file_extension = strtolower(array_pop($spl));\n\t\t\t\t\t\t\tunset($spl);\n\n\t\t\t\t\t\t\tif (!in_array($file_extension, [\n\t\t\t\t\t\t\t\t'jpeg',\n\t\t\t\t\t\t\t\t'jpg',\n\t\t\t\t\t\t\t\t'png',\n\t\t\t\t\t\t\t\t'gif'\n\t\t\t\t\t\t\t])) {\n\t\t\t\t\t\t\t\tthrow new Exception(\"Invalid file-extension, use one of: jpeg, jpg, png, gif\");\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t$img_filename = 'img/' . bin2hex(random_bytes(16)) . '.' . $file_extension;\n\t\t\t\t\t\t\tfile_put_contents(Froxlor::getInstallDir() . '/' . $img_filename, $img_data);\n\t\t\t\t\t\t\t$img_index = $index_split[0].'.'.$index_split[1];\n\t\t\t\t\t\t\tSettings::Set($img_index, $img_filename . '?v=' . time());\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\t// all good\n\t\t\t\treturn true;\n\t\t\t} else {\n\t\t\t\tthrow new Exception(\"Importing settings failed\");\n\t\t\t}\n\t\t}\n\t\tthrow new Exception(\"Invalid JSON data: \" . json_last_error_msg());\n\t}\n}\n" }, { "path": "lib/Froxlor/Settings/FroxlorVhostSettings.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Settings;\n\nuse Froxlor\\Database\\Database;\n\nclass FroxlorVhostSettings\n{\n\n\t/**\n\t * @param bool $need_ssl\n\t *\n\t * @return bool\n\t * @throws \\Exception\n\t */\n\tpublic static function hasVhostContainerEnabled(bool $need_ssl = false): bool\n\t{\n\t\t$sel_stmt = Database::prepare(\"SELECT COUNT(*) as vcentries FROM `\" . TABLE_PANEL_IPSANDPORTS . \"` WHERE `vhostcontainer`= '1'\" . ($need_ssl ? \" AND `ssl` = '1'\" : \"\"));\n\t\t$result = Database::pexecute_first($sel_stmt);\n\t\tif ($result) {\n\t\t\treturn $result['vcentries'] > 0;\n\t\t}\n\t\treturn false;\n\t}\n}\n" }, { "path": "lib/Froxlor/Settings/Store.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Settings;\n\nuse Exception;\nuse Froxlor\\Cron\\TaskId;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\Database\\DbManager;\nuse Froxlor\\FileDir;\nuse Froxlor\\Froxlor;\nuse Froxlor\\Idna\\IdnaWrapper;\nuse Froxlor\\PhpHelper;\nuse Froxlor\\Settings;\nuse Froxlor\\System\\Cronjob;\nuse Froxlor\\System\\IPTools;\nuse Froxlor\\UI\\Request;\nuse Froxlor\\Validate\\Validate;\nuse PDO;\n\nclass Store\n{\n\n\tpublic static function storeSettingClearCertificates($fieldname, $fielddata, $newfieldvalue)\n\t{\n\t\t$returnvalue = self::storeSettingField($fieldname, $fielddata, $newfieldvalue);\n\n\t\tif ($returnvalue !== false\n\t\t\t&& is_array($fielddata)\n\t\t\t&& isset($fielddata['settinggroup'])\n\t\t\t&& $fielddata['settinggroup'] == 'system'\n\t\t\t&& isset($fielddata['varname'])\n\t\t) {\n\t\t\tif ($fielddata['varname'] == 'le_froxlor_enabled' && $newfieldvalue == '0') {\n\t\t\t\tDatabase::query(\"\n\t\t\t\t\tDELETE FROM `\" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . \"` WHERE `domainid` = '0'\n\t\t\t\t\");\n\t\t\t} elseif ($fielddata['varname'] == 'froxloraliases' && $newfieldvalue != $fielddata['value']) {\n\t\t\t\tDatabase::query(\"\n\t\t\t\t\tUPDATE `\" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . \"` SET `validtodate`= NULL WHERE `domainid` = '0'\n\t\t\t\t\");\n\t\t\t}\n\t\t}\n\n\t\treturn $returnvalue;\n\t}\n\n\tpublic static function storeSettingField($fieldname, $fielddata, $newfieldvalue)\n\t{\n\t\tif (is_array($fielddata) && isset($fielddata['settinggroup']) && $fielddata['settinggroup'] != '' && isset($fielddata['varname']) && $fielddata['varname'] != '') {\n\t\t\tif (Settings::Set($fielddata['settinggroup'] . '.' . $fielddata['varname'], $newfieldvalue) !== false) {\n\t\t\t\t/*\n\t\t\t\t * when fielddata[cronmodule] is set, this means enable/disable a cronjob\n\t\t\t\t */\n\t\t\t\tif (isset($fielddata['cronmodule']) && $fielddata['cronmodule'] != '') {\n\t\t\t\t\tCronjob::toggleCronStatus($fielddata['cronmodule'], $newfieldvalue);\n\t\t\t\t}\n\n\t\t\t\t/*\n\t\t\t\t * satisfy dependencies\n\t\t\t\t */\n\t\t\t\tif (isset($fielddata['dependency']) && is_array($fielddata['dependency'])) {\n\t\t\t\t\tif ((int)$fielddata['dependency']['onlyif'] == (int)$newfieldvalue) {\n\t\t\t\t\t\tself::storeSettingField($fielddata['dependency']['fieldname'], $fielddata['dependency']['fielddata'], $newfieldvalue);\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\treturn [\n\t\t\t\t\t$fielddata['settinggroup'] . '.' . $fielddata['varname'] => $newfieldvalue\n\t\t\t\t];\n\t\t\t} else {\n\t\t\t\treturn false;\n\t\t\t}\n\t\t} else {\n\t\t\treturn false;\n\t\t}\n\t}\n\n\tpublic static function storeSettingDefaultIp($fieldname, $fielddata, $newfieldvalue)\n\t{\n\t\t$defaultips_old = Settings::Get('system.defaultip');\n\n\t\t$returnvalue = self::storeSettingField($fieldname, $fielddata, $newfieldvalue);\n\n\t\tif ($returnvalue !== false && is_array($fielddata) && isset($fielddata['settinggroup']) && $fielddata['settinggroup'] == 'system' && isset($fielddata['varname']) && $fielddata['varname'] == 'defaultip') {\n\t\t\tself::updateStdSubdomainDefaultIp($newfieldvalue, $defaultips_old);\n\t\t}\n\n\t\treturn $returnvalue;\n\t}\n\n\tprivate static function updateStdSubdomainDefaultIp($newfieldvalue, $defaultips_old)\n\t{\n\t\t// update standard-subdomain of customer if exists\n\t\t$customerstddomains_result_stmt = Database::prepare(\"\n\t\t\tSELECT `standardsubdomain` FROM `\" . TABLE_PANEL_CUSTOMERS . \"` WHERE `standardsubdomain` <> '0'\n\t\t\");\n\t\tDatabase::pexecute($customerstddomains_result_stmt);\n\n\t\t$ids = [];\n\t\twhile ($customerstddomains_row = $customerstddomains_result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t$ids[] = (int)$customerstddomains_row['standardsubdomain'];\n\t\t}\n\n\t\tif (count($ids) > 0) {\n\n\t\t\tif (!empty($defaultips_old)) {\n\t\t\t\t// Delete the existing mappings linking to default IPs\n\t\t\t\t$del_stmt = Database::prepare(\"\n\t\t\t\t\tDELETE FROM `\" . TABLE_DOMAINTOIP . \"`\n\t\t\t\t\tWHERE `id_domain` IN (\" . implode(', ', $ids) . \")\n\t\t\t\t\tAND `id_ipandports` IN (\" . $defaultips_old . \")\n\t\t\t\t\");\n\t\t\t\tDatabase::pexecute($del_stmt);\n\t\t\t}\n\n\t\t\t$defaultips_new = !empty($newfieldvalue) ? explode(\",\", $newfieldvalue) : [];\n\t\t\tif (count($defaultips_new) > 0) {\n\n\t\t\t\t// Insert the new mappings\n\t\t\t\t$ins_stmt = Database::prepare(\"\n\t\t\t\t\tINSERT INTO `\" . TABLE_DOMAINTOIP . \"`\n\t\t\t\t\tSET `id_domain` = :domainid, `id_ipandports` = :ipandportid\n\t\t\t\t\");\n\n\t\t\t\tforeach ($ids as $id) {\n\t\t\t\t\tforeach ($defaultips_new as $defaultip_new) {\n\t\t\t\t\t\tDatabase::pexecute($ins_stmt, [\n\t\t\t\t\t\t\t'domainid' => $id,\n\t\t\t\t\t\t\t'ipandportid' => $defaultip_new\n\t\t\t\t\t\t]);\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t}\n\n\tpublic static function storeSettingDefaultSslIp($fieldname, $fielddata, $newfieldvalue)\n\t{\n\t\t$defaultips_old = Settings::Get('system.defaultsslip');\n\n\t\tself::cleanIpSelection($defaultips_old);\n\t\tself::cleanIpSelection($newfieldvalue);\n\n\t\t$returnvalue = self::storeSettingField($fieldname, $fielddata, $newfieldvalue);\n\n\t\tif ($returnvalue !== false && is_array($fielddata) && isset($fielddata['settinggroup']) && $fielddata['settinggroup'] == 'system' && isset($fielddata['varname']) && $fielddata['varname'] == 'defaultsslip') {\n\t\t\tself::updateStdSubdomainDefaultIp($newfieldvalue, $defaultips_old);\n\t\t}\n\n\t\treturn $returnvalue;\n\t}\n\n\tprivate static function cleanIpSelection(&$selection)\n\t{\n\t\t$selection_arr = array_filter(explode(',', $selection), function ($value) {\n\t\t\treturn !empty($value);\n\t\t});\n\t\t$selection = implode(\",\", $selection_arr);\n\t}\n\n\t/**\n\t * updates the setting for the default panel-theme\n\t * and also the user themes (customers and admins) if\n\t * the changing of themes is disallowed for them\n\t *\n\t * @param string $fieldname\n\t * @param array $fielddata\n\t * @param mixed $newfieldvalue\n\t *\n\t * @return boolean|array\n\t */\n\tpublic static function storeSettingDefaultTheme($fieldname, $fielddata, $newfieldvalue)\n\t{\n\t\t// first save the setting itself\n\t\t$returnvalue = self::storeSettingField($fieldname, $fielddata, $newfieldvalue);\n\n\t\tif ($returnvalue !== false && is_array($fielddata) && isset($fielddata['settinggroup']) && $fielddata['settinggroup'] == 'panel' && isset($fielddata['varname']) && $fielddata['varname'] == 'default_theme') {\n\t\t\t// now, if changing themes is disabled we manually set\n\t\t\t// the new theme (customers and admin, depending on settings)\n\t\t\tif (Settings::Get('panel.allow_theme_change_customer') == '0') {\n\t\t\t\t$upd_stmt = Database::prepare(\"\n\t\t\t\t\tUPDATE `\" . TABLE_PANEL_CUSTOMERS . \"` SET `theme` = :theme\n\t\t\t\t\");\n\t\t\t\tDatabase::pexecute($upd_stmt, [\n\t\t\t\t\t'theme' => $newfieldvalue\n\t\t\t\t]);\n\t\t\t}\n\t\t\tif (Settings::Get('panel.allow_theme_change_admin') == '0') {\n\t\t\t\t$upd_stmt = Database::prepare(\"\n\t\t\t\t\tUPDATE `\" . TABLE_PANEL_ADMINS . \"` SET `theme` = :theme\n\t\t\t\t\");\n\t\t\t\tDatabase::pexecute($upd_stmt, [\n\t\t\t\t\t'theme' => $newfieldvalue\n\t\t\t\t]);\n\t\t\t}\n\t\t}\n\n\t\treturn $returnvalue;\n\t}\n\n\tpublic static function storeSettingFieldInsertBindTask($fieldname, $fielddata, $newfieldvalue)\n\t{\n\t\t// first save the setting itself\n\t\t$returnvalue = self::storeSettingField($fieldname, $fielddata, $newfieldvalue);\n\n\t\tif ($returnvalue !== false) {\n\t\t\tCronjob::inserttask(TaskId::REBUILD_DNS);\n\t\t}\n\t\treturn $returnvalue;\n\t}\n\n\tpublic static function storeSettingFieldInsertAntispamTask($fieldname, $fielddata, $newfieldvalue)\n\t{\n\t\t// first save the setting itself\n\t\t$returnvalue = self::storeSettingField($fieldname, $fielddata, $newfieldvalue);\n\n\t\tif ($returnvalue !== false) {\n\t\t\tCronjob::inserttask(TaskId::REBUILD_RSPAMD);\n\t\t}\n\t\treturn $returnvalue;\n\t}\n\n\tpublic static function storeSettingFieldInsertUpdateServicesTask($fieldname, $fielddata, $newfieldvalue)\n\t{\n\t\t// first save the setting itself\n\t\t$returnvalue = self::storeSettingField($fieldname, $fielddata, $newfieldvalue);\n\n\t\tif ($returnvalue !== false) {\n\t\t\tCronjob::inserttask(TaskId::UPDATE_LE_SERVICES);\n\t\t}\n\t\treturn $returnvalue;\n\t}\n\n\tpublic static function storeSettingHostname($fieldname, $fielddata, $newfieldvalue)\n\t{\n\t\t$returnvalue = self::storeSettingField($fieldname, $fielddata, $newfieldvalue);\n\n\t\tif ($returnvalue !== false && is_array($fielddata) && isset($fielddata['settinggroup']) && $fielddata['settinggroup'] == 'system' && isset($fielddata['varname']) && ($fielddata['varname'] == 'hostname' || $fielddata['varname'] == 'stdsubdomain')) {\n\t\t\t$idna_convert = new IdnaWrapper();\n\t\t\t$newfieldvalue = $idna_convert->encode($newfieldvalue);\n\n\t\t\tif (($fielddata['varname'] == 'hostname' && Settings::Get('system.stdsubdomain') == '') || $fielddata['varname'] == 'stdsubdomain') {\n\t\t\t\tif ($fielddata['varname'] == 'stdsubdomain' && $newfieldvalue == '') {\n\t\t\t\t\t// clear field, reset stdsubdomain to system-hostname\n\t\t\t\t\t$oldhost = $idna_convert->encode(Settings::Get('system.stdsubdomain'));\n\t\t\t\t\t$newhost = $idna_convert->encode(Settings::Get('system.hostname'));\n\t\t\t\t} elseif ($fielddata['varname'] == 'stdsubdomain' && Settings::Get('system.stdsubdomain') == '') {\n\t\t\t\t\t// former std-subdomain was system-hostname\n\t\t\t\t\t$oldhost = $idna_convert->encode(Settings::Get('system.hostname'));\n\t\t\t\t\t$newhost = $newfieldvalue;\n\t\t\t\t} elseif ($fielddata['varname'] == 'stdsubdomain') {\n\t\t\t\t\t// std-subdomain just changed\n\t\t\t\t\t$oldhost = $idna_convert->encode(Settings::Get('system.stdsubdomain'));\n\t\t\t\t\t$newhost = $newfieldvalue;\n\t\t\t\t} elseif ($fielddata['varname'] == 'hostname' && Settings::Get('system.stdsubdomain') == '') {\n\t\t\t\t\t// system-hostname has changed and no system-stdsubdomain is not set\n\t\t\t\t\t$oldhost = $idna_convert->encode(Settings::Get('system.hostname'));\n\t\t\t\t\t$newhost = $newfieldvalue;\n\t\t\t\t}\n\n\t\t\t\t$customerstddomains_result_stmt = Database::prepare(\"\n\t\t\t\t\tSELECT `standardsubdomain` FROM `\" . TABLE_PANEL_CUSTOMERS . \"` WHERE `standardsubdomain` <> '0'\n\t\t\t\t\");\n\t\t\t\tDatabase::pexecute($customerstddomains_result_stmt);\n\n\t\t\t\t$ids = [];\n\n\t\t\t\twhile ($customerstddomains_row = $customerstddomains_result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t\t\t$ids[] = (int)$customerstddomains_row['standardsubdomain'];\n\t\t\t\t}\n\n\t\t\t\tif (count($ids) > 0) {\n\t\t\t\t\t$upd_stmt = Database::prepare(\"\n\t\t\t\t\t\tUPDATE `\" . TABLE_PANEL_DOMAINS . \"` SET\n\t\t\t\t\t\t`domain` = REPLACE(`domain`, :host, :newval)\n\t\t\t\t\t\tWHERE `id` IN ('\" . implode(', ', $ids) . \"')\n\t\t\t\t\t\");\n\t\t\t\t\tDatabase::pexecute($upd_stmt, [\n\t\t\t\t\t\t'host' => $oldhost,\n\t\t\t\t\t\t'newval' => $newhost\n\t\t\t\t\t]);\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\treturn $returnvalue;\n\t}\n\n\tpublic static function storeSettingIpAddress($fieldname, $fielddata, $newfieldvalue)\n\t{\n\t\t$returnvalue = self::storeSettingField($fieldname, $fielddata, $newfieldvalue);\n\n\t\tif ($returnvalue !== false && is_array($fielddata) && isset($fielddata['settinggroup']) && $fielddata['settinggroup'] == 'system' && isset($fielddata['varname']) && $fielddata['varname'] == 'ipaddress') {\n\t\t\t$mysql_access_host_array = array_map('trim', explode(',', Settings::Get('system.mysql_access_host')));\n\t\t\t$mysql_access_host_array[] = $newfieldvalue;\n\t\t\t$mysql_access_host_array = array_unique(PhpHelper::arrayTrim($mysql_access_host_array));\n\t\t\tDbManager::correctMysqlUsers($mysql_access_host_array);\n\t\t\t$mysql_access_host = implode(',', $mysql_access_host_array);\n\t\t\tSettings::Set('system.mysql_access_host', $mysql_access_host);\n\t\t}\n\n\t\treturn $returnvalue;\n\t}\n\n\tpublic static function storeSettingMysqlAccessHost($fieldname, $fielddata, $newfieldvalue)\n\t{\n\t\t$ips = $newfieldvalue;\n\t\t// Convert cidr to netmask for mysql, if needed be\n\t\tif (strpos($ips, ',') !== false) {\n\t\t\t$ips = explode(',', $ips);\n\t\t}\n\t\tif (is_array($ips) && count($ips) > 0) {\n\t\t\t$newfieldvalue = [];\n\t\t\tforeach ($ips as $ip) {\n\t\t\t\t$org_ip = $ip;\n\t\t\t\t$ip_cidr = explode(\"/\", $ip);\n\t\t\t\tif (count($ip_cidr) === 2) {\n\t\t\t\t\t$ip = $ip_cidr[0];\n\t\t\t\t\tif (strlen($ip_cidr[1]) <= 2) {\n\t\t\t\t\t\t$ip_cidr[1] = IPTools::cidr2NetmaskAddr($org_ip);\n\t\t\t\t\t}\n\t\t\t\t\t$newfieldvalue[] = $ip . '/' . $ip_cidr[1];\n\t\t\t\t} else {\n\t\t\t\t\t$newfieldvalue[] = $org_ip;\n\t\t\t\t}\n\t\t\t}\n\t\t\t$newfieldvalue = implode(',', $newfieldvalue);\n\t\t}\n\t\t$returnvalue = self::storeSettingField($fieldname, $fielddata, $newfieldvalue);\n\n\t\tif ($returnvalue !== false && is_array($fielddata) && isset($fielddata['settinggroup']) && $fielddata['settinggroup'] == 'system' && isset($fielddata['varname']) && $fielddata['varname'] == 'mysql_access_host') {\n\t\t\t$mysql_access_host_array = array_map('trim', explode(',', $newfieldvalue));\n\n\t\t\tif (in_array('127.0.0.1', $mysql_access_host_array) && !in_array('localhost', $mysql_access_host_array)) {\n\t\t\t\t$mysql_access_host_array[] = 'localhost';\n\t\t\t}\n\n\t\t\tif (!in_array('127.0.0.1', $mysql_access_host_array) && in_array('localhost', $mysql_access_host_array)) {\n\t\t\t\t$mysql_access_host_array[] = '127.0.0.1';\n\t\t\t}\n\n\t\t\t// be aware that ipv6 addresses are enclosed in [ ] when passed here\n\t\t\t$mysql_access_host_array = array_map([\n\t\t\t\t'\\\\Froxlor\\\\Settings\\\\Store',\n\t\t\t\t'cleanMySQLAccessHost'\n\t\t\t], $mysql_access_host_array);\n\n\t\t\t$mysql_access_host_array = array_unique(PhpHelper::arrayTrim($mysql_access_host_array));\n\t\t\t$newfieldvalue = implode(',', $mysql_access_host_array);\n\t\t\tDbManager::correctMysqlUsers($mysql_access_host_array);\n\t\t\t$mysql_access_host = implode(',', $mysql_access_host_array);\n\t\t\tSettings::Set('system.mysql_access_host', $mysql_access_host);\n\t\t}\n\n\t\treturn $returnvalue;\n\t}\n\n\tpublic static function storeSettingResetCatchall($fieldname, $fielddata, $newfieldvalue)\n\t{\n\t\t$returnvalue = self::storeSettingField($fieldname, $fielddata, $newfieldvalue);\n\n\t\tif ($returnvalue !== false && is_array($fielddata) && isset($fielddata['settinggroup']) && $fielddata['settinggroup'] == 'catchall' && isset($fielddata['varname']) && $fielddata['varname'] == 'catchall_enabled' && $newfieldvalue == '0') {\n\t\t\tDatabase::query(\"\n\t\t\t\tUPDATE `\" . TABLE_MAIL_VIRTUAL . \"` SET `iscatchall` = '0' WHERE `iscatchall` = '1'\n\t\t\t\");\n\t\t}\n\n\t\treturn $returnvalue;\n\t}\n\n\t/**\n\t * Whenever the webserver- / FCGID- or FPM-user gets updated\n\t * we need to update ftp_groups accordingly\n\t */\n\tpublic static function storeSettingWebserverFcgidFpmUser($fieldname, $fielddata, $newfieldvalue)\n\t{\n\t\tif (is_array($fielddata) && isset($fielddata['settinggroup']) && isset($fielddata['varname'])) {\n\t\t\t$update_user = null;\n\n\t\t\t// webserver\n\t\t\tif ($fielddata['settinggroup'] == 'system' && $fielddata['varname'] == 'httpuser') {\n\t\t\t\t$update_user = Settings::Get('system.httpuser');\n\t\t\t}\n\n\t\t\t// fcgid\n\t\t\tif ($fielddata['settinggroup'] == 'system' && $fielddata['varname'] == 'mod_fcgid_httpuser') {\n\t\t\t\t$update_user = Settings::Get('system.mod_fcgid_httpuser');\n\t\t\t}\n\n\t\t\t// webserver\n\t\t\tif ($fielddata['settinggroup'] == 'phpfpm' && $fielddata['varname'] == 'vhost_httpuser') {\n\t\t\t\t$update_user = Settings::Get('phpfpm.vhost_httpuser');\n\t\t\t}\n\n\t\t\t$returnvalue = self::storeSettingField($fieldname, $fielddata, $newfieldvalue);\n\n\t\t\tif ($returnvalue !== false) {\n\t\t\t\t/**\n\t\t\t\t * only update if anything changed\n\t\t\t\t */\n\t\t\t\tif ($update_user != null && $newfieldvalue != $update_user) {\n\t\t\t\t\t$upd_stmt = Database::prepare(\"UPDATE `\" . TABLE_FTP_GROUPS . \"` SET `members` = REPLACE(`members`, :olduser, :newuser)\");\n\t\t\t\t\tDatabase::pexecute($upd_stmt, [\n\t\t\t\t\t\t'olduser' => $update_user,\n\t\t\t\t\t\t'newuser' => $newfieldvalue\n\t\t\t\t\t]);\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\treturn $returnvalue;\n\t}\n\n\tpublic static function storeSettingImage($fieldname, $fielddata)\n\t{\n\t\tif (isset($fielddata['settinggroup'], $fielddata['varname']) && is_array($fielddata) && $fielddata['settinggroup'] !== '' && $fielddata['varname'] !== '') {\n\t\t\t$save_to = null;\n\t\t\t$path = Froxlor::getInstallDir() . '/img/';\n\t\t\t$path = FileDir::makeCorrectDir($path);\n\n\t\t\t// New file?\n\t\t\tif (isset($_FILES[$fieldname]) && $_FILES[$fieldname]['tmp_name']) {\n\t\t\t\t// Make sure upload directory exists\n\t\t\t\tif (!is_dir($path) && !mkdir($path, 0775)) {\n\t\t\t\t\tthrow new Exception(\"img directory does not exist and cannot be created\");\n\t\t\t\t}\n\n\t\t\t\t// Make sure we can write to the upload directory\n\t\t\t\tif (!is_writable($path)) {\n\t\t\t\t\tif (!chmod($path, 0775)) {\n\t\t\t\t\t\tthrow new Exception(\"Cannot write to img directory\");\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\t// Make sure mime-type matches an image\n\t\t\t\t$image_content = file_get_contents($_FILES[$fieldname]['tmp_name']);\n\t\t\t\t$value = base64_encode($image_content);\n\t\t\t\tif (Validate::validateBase64Image($value)) {\n\t\t\t\t\t$img_filename = $_FILES[$fieldname]['name'];\n\n\t\t\t\t\t$spl = explode('.', $img_filename);\n\t\t\t\t\t$file_extension = strtolower(array_pop($spl));\n\t\t\t\t\tunset($spl);\n\n\t\t\t\t\tif (!in_array($file_extension, [\n\t\t\t\t\t\t'jpeg',\n\t\t\t\t\t\t'jpg',\n\t\t\t\t\t\t'png',\n\t\t\t\t\t\t'gif'\n\t\t\t\t\t])) {\n\t\t\t\t\t\tthrow new Exception(\"Invalid file-extension, use one of: jpeg, jpg, png, gif\");\n\t\t\t\t\t}\n\t\t\t\t\t$filename = bin2hex(random_bytes(16)) . '.' . $file_extension;\n\t\t\t\t\t// Move file\n\t\t\t\t\tif (!move_uploaded_file($_FILES[$fieldname]['tmp_name'], $path . $filename)) {\n\t\t\t\t\t\tthrow new Exception(\"Unable to save image to img folder\");\n\t\t\t\t\t}\n\t\t\t\t\t$save_to = 'img/' . $filename . '?v=' . time();\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// Delete file?\n\t\t\tif ($fielddata['value'] !== \"\" && array_key_exists($fieldname . '_delete', $_POST) && Request::post($fieldname . '_delete')) {\n\t\t\t\t@unlink(Froxlor::getInstallDir() . '/' . explode('?', $fielddata['value'], 2)[0]);\n\t\t\t\t$save_to = '';\n\t\t\t}\n\n\t\t\t// Nothing changed\n\t\t\tif ($save_to === null) {\n\t\t\t\treturn [\n\t\t\t\t\t$fielddata['settinggroup'] . '.' . $fielddata['varname'] => $fielddata['value']\n\t\t\t\t];\n\t\t\t}\n\n\t\t\tif (Settings::Set($fielddata['settinggroup'] . '.' . $fielddata['varname'], $save_to) === false) {\n\t\t\t\treturn false;\n\t\t\t}\n\n\t\t\treturn [\n\t\t\t\t$fielddata['settinggroup'] . '.' . $fielddata['varname'] => $save_to\n\t\t\t];\n\t\t}\n\n\t\treturn false;\n\t}\n\n\tprivate static function cleanMySQLAccessHost($value)\n\t{\n\t\tif (substr($value, 0, 1) == '[' && substr($value, -1) == ']') {\n\t\t\treturn substr($value, 1, -1);\n\t\t}\n\t\treturn $value;\n\t}\n\n\tpublic static function storeSettingUpdateTrafficTool($fieldname, $fielddata, $newfieldvalue)\n\t{\n\t\t$returnvalue = self::storeSettingField($fieldname, $fielddata, $newfieldvalue);\n\n\t\tif ($returnvalue !== false && is_array($fielddata) && isset($fielddata['settinggroup']) && $fielddata['settinggroup'] == 'system' && isset($fielddata['varname']) && $fielddata['varname'] == 'traffictool' && $newfieldvalue != $fielddata['value']) {\n\t\t\t$oldpath = '/' . $fielddata['value'] . '/';\n\t\t\t$newpath = '/' . $newfieldvalue . '/';\n\t\t\t$sel_stmt = Database::prepare(\"SELECT * FROM `\" . TABLE_PANEL_HTPASSWDS . \"` WHERE `path` LIKE :oldpath\");\n\t\t\t$upd_stmt = Database::prepare(\"\n\t\t\t\tUPDATE `\" . TABLE_PANEL_HTPASSWDS . \"` SET `path` = :newpath WHERE `id` = :id\n\t\t\t\");\n\t\t\tDatabase::pexecute($sel_stmt, [\n\t\t\t\t'oldpath' => '%' . $oldpath\n\t\t\t]);\n\t\t\twhile ($entry = $sel_stmt->fetch(\\PDO::FETCH_ASSOC)) {\n\t\t\t\t$full_path = str_replace($oldpath, $newpath, $entry['path']);\n\t\t\t\t$eid = (int)$entry['id'];\n\t\t\t\tDatabase::pexecute($upd_stmt, [\n\t\t\t\t\t'newpath' => $full_path,\n\t\t\t\t\t'id' => $eid\n\t\t\t\t]);\n\t\t\t}\n\t\t}\n\n\t\treturn $returnvalue;\n\t}\n}\n" }, { "path": "lib/Froxlor/Settings/index.html", "content": "" }, { "path": "lib/Froxlor/Settings.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor;\n\nuse Exception;\nuse Froxlor\\Database\\Database;\nuse PDO;\nuse PDOStatement;\n\n/**\n * Class Settings\n *\n * Interaction with settings from the db\n */\nclass Settings\n{\n\t/**\n\t * settings data\n\t *\n\t * @var array\n\t */\n\tprivate static $data = null;\n\n\t/**\n\t * local config overrides\n\t *\n\t * @var array\n\t */\n\tprivate static $conf = null;\n\n\t/**\n\t * changed and unsaved settings data\n\t *\n\t * @var array\n\t */\n\tprivate static $updatedata = null;\n\n\t/**\n\t * prepared statement for updating the\n\t * settings table\n\t *\n\t * @var PDOStatement\n\t */\n\tprivate static $updstmt = null;\n\n\t/**\n\t * tests if a setting-value that i s a comma separated list contains an entry\n\t *\n\t * @param string $setting\n\t * a group and a varname separated by a dot (group.varname)\n\t * @param string $entry\n\t * the entry that is expected to be in the list\n\t *\n\t * @return boolean true, if the list contains $entry\n\t */\n\tpublic static function IsInList($setting = null, $entry = null)\n\t{\n\t\tself::init();\n\t\t$svalue = self::Get($setting);\n\t\tif ($svalue == null) {\n\t\t\treturn false;\n\t\t}\n\t\t$slist = explode(\",\", $svalue);\n\t\treturn in_array($entry, $slist);\n\t}\n\n\t/**\n\t * private constructor, reads in all settings\n\t */\n\tprivate static function init()\n\t{\n\t\tif (empty(self::$data)) {\n\t\t\tself::readSettings();\n\t\t\tself::readConfig();\n\t\t\tself::$updatedata = [];\n\n\t\t\t// prepare statement\n\t\t\tself::$updstmt = Database::prepare(\"\n\t\t\t\tUPDATE `\" . TABLE_PANEL_SETTINGS . \"` SET `value` = :value\n\t\t\t\tWHERE `settinggroup` = :group AND `varname` = :varname\n\t\t\t\");\n\t\t}\n\t}\n\n\t/**\n\t * Read in all settings from the database\n\t * and set the internal $_data array\n\t */\n\tprivate static function readSettings()\n\t{\n\t\t$result_stmt = Database::query(\"\n\t\t\tSELECT `settingid`, `settinggroup`, `varname`, `value`\n\t\t\tFROM `\" . TABLE_PANEL_SETTINGS . \"`\n\t\t\");\n\t\tself::$data = [];\n\t\twhile ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\tself::$data[$row['settinggroup']][$row['varname']] = $row['value'];\n\t\t}\n\t\treturn true;\n\t}\n\n\t/**\n\t * Read in all config overrides from\n\t * config/config.inc.php\n\t */\n\tprivate static function readConfig()\n\t{\n\t\t// set defaults\n\t\tself::$conf = [\n\t\t\t'enable_webupdate' => false,\n\t\t\t'disable_otp_security_check' => false,\n\t\t\t'display_php_errors' => false,\n\t\t];\n\n\t\t$configfile = Froxlor::getInstallDir() . '/lib/config.inc.php';\n\t\tif (@file_exists($configfile) && is_readable($configfile)) {\n\t\t\tself::$conf = array_merge(self::$conf, include $configfile);\n\t\t}\n\t\treturn true;\n\t}\n\n\t/**\n\t * return a setting-value by its group and varname\n\t *\n\t * @param string $setting\n\t * a group and a varname separated by a dot (group.varname)\n\t *\n\t * @return mixed\n\t */\n\tpublic static function Get($setting = null)\n\t{\n\t\tself::init();\n\t\t$sstr = explode(\".\", $setting);\n\t\t// no separator - do'h\n\t\tif (!isset($sstr[1])) {\n\t\t\treturn null;\n\t\t}\n\t\t$result = null;\n\t\tif (isset(self::$data[$sstr[0]][$sstr[1]])) {\n\t\t\t$result = self::$data[$sstr[0]][$sstr[1]];\n\t\t}\n\t\treturn $result;\n\t}\n\n\t/**\n\t * update a setting / set a new value\n\t *\n\t * @param string $setting\n\t * a group and a varname separated by a dot (group.varname)\n\t * @param string $value\n\t * @param boolean $instant_save\n\t *\n\t * @return bool\n\t */\n\tpublic static function Set($setting = null, $value = null, $instant_save = true)\n\t{\n\t\tself::init();\n\t\t// check whether the setting exists\n\t\tif (self::Get($setting) !== null) {\n\t\t\t// set new value in array\n\t\t\t$sstr = explode(\".\", $setting);\n\t\t\tif (!isset($sstr[1])) {\n\t\t\t\treturn false;\n\t\t\t}\n\t\t\tself::$data[$sstr[0]][$sstr[1]] = $value;\n\t\t\t// should we store to db instantly?\n\t\t\tif ($instant_save) {\n\t\t\t\tself::storeSetting($sstr[0], $sstr[1], $value);\n\t\t\t} else {\n\t\t\t\t// set temporary data for usage\n\t\t\t\tif (!isset(self::$data[$sstr[0]]) || !is_array(self::$data[$sstr[0]])) {\n\t\t\t\t\tself::$data[$sstr[0]] = [];\n\t\t\t\t}\n\t\t\t\tself::$data[$sstr[0]][$sstr[1]] = $value;\n\t\t\t\t// set update-data when invoking Flush()\n\t\t\t\tif (!isset(self::$updatedata[$sstr[0]]) || !is_array(self::$updatedata[$sstr[0]])) {\n\t\t\t\t\tself::$updatedata[$sstr[0]] = [];\n\t\t\t\t}\n\t\t\t\tself::$updatedata[$sstr[0]][$sstr[1]] = $value;\n\t\t\t}\n\t\t\treturn true;\n\t\t}\n\t\treturn false;\n\t}\n\n\t/**\n\t * update a value in the database\n\t *\n\t * @param string $group\n\t * @param string $varname\n\t * @param string $value\n\t */\n\tprivate static function storeSetting($group = null, $varname = null, $value = null)\n\t{\n\t\t$upd_data = [\n\t\t\t'group' => $group,\n\t\t\t'varname' => $varname,\n\t\t\t'value' => $value\n\t\t];\n\t\tDatabase::pexecute(self::$updstmt, $upd_data);\n\t}\n\n\t/**\n\t * add a new setting to the database (mainly used in updater)\n\t *\n\t * @param string $setting\n\t * a group and a varname separated by a dot (group.varname)\n\t * @param string $value\n\t *\n\t * @return boolean\n\t */\n\tpublic static function AddNew($setting = null, $value = null)\n\t{\n\t\tself::init();\n\t\t// first check if it doesn't exist\n\t\tif (self::Get($setting) === null) {\n\t\t\t// validate parameter\n\t\t\t$sstr = explode(\".\", $setting);\n\t\t\tif (!isset($sstr[1])) {\n\t\t\t\treturn false;\n\t\t\t}\n\t\t\t// prepare statement\n\t\t\t$ins_stmt = Database::prepare(\"\n\t\t\t\t\tINSERT INTO `\" . TABLE_PANEL_SETTINGS . \"` SET\n\t\t\t\t\t`settinggroup` = :group,\n\t\t\t\t\t`varname` = :varname,\n\t\t\t\t\t`value` = :value\n\t\t\t\t\t\");\n\t\t\t$ins_data = [\n\t\t\t\t'group' => $sstr[0],\n\t\t\t\t'varname' => $sstr[1],\n\t\t\t\t'value' => $value\n\t\t\t];\n\t\t\tDatabase::pexecute($ins_stmt, $ins_data);\n\t\t\t// also set new value to internal array and make it available\n\t\t\tself::$data[$sstr[0]][$sstr[1]] = $value;\n\t\t\treturn true;\n\t\t}\n\t\treturn false;\n\t}\n\n\t/**\n\t * Store all un-saved changes to the database and\n\t * re-read in all settings\n\t */\n\tpublic static function Flush()\n\t{\n\t\tself::init();\n\t\tif (is_array(self::$updatedata) && count(self::$updatedata) > 0) {\n\t\t\t// save all un-saved changes to the settings\n\t\t\tforeach (self::$updatedata as $group => $vargroup) {\n\t\t\t\tforeach ($vargroup as $varname => $value) {\n\t\t\t\t\tself::storeSetting($group, $varname, $value);\n\t\t\t\t}\n\t\t\t}\n\t\t\t// now empty the array\n\t\t\tself::$updatedata = [];\n\t\t\t// re-read in all settings\n\t\t\treturn self::readSettings();\n\t\t}\n\t\treturn false;\n\t}\n\n\t/**\n\t * forget all un-saved changes to settings\n\t */\n\tpublic static function Stash()\n\t{\n\t\tself::init();\n\t\t// empty update array\n\t\tself::$updatedata = [];\n\t\t// re-read in all settings\n\t\treturn self::readSettings();\n\t}\n\n\tpublic static function loadSettingsInto(&$settings_data)\n\t{\n\t\tif (is_array($settings_data) && isset($settings_data['groups']) && is_array($settings_data['groups'])) {\n\t\t\t// prepare for use in for-loop\n\t\t\t$row_stmt = Database::prepare(\"\n\t\t\t\tSELECT `settinggroup`, `varname`, `value`\n\t\t\t\tFROM `\" . TABLE_PANEL_SETTINGS . \"`\n\t\t\t\tWHERE `settinggroup` = :group AND `varname` = :varname\n\t\t\t\");\n\n\t\t\tforeach ($settings_data['groups'] as $settings_part => $settings_part_details) {\n\t\t\t\tif (is_array($settings_part_details) && isset($settings_part_details['fields']) && is_array($settings_part_details['fields'])) {\n\t\t\t\t\tforeach ($settings_part_details['fields'] as $field_name => $field_details) {\n\t\t\t\t\t\tif (isset($field_details['settinggroup']) && isset($field_details['varname']) && isset($field_details['default'])) {\n\t\t\t\t\t\t\t// execute prepared statement\n\t\t\t\t\t\t\t$row = Database::pexecute_first($row_stmt, [\n\t\t\t\t\t\t\t\t'group' => $field_details['settinggroup'],\n\t\t\t\t\t\t\t\t'varname' => $field_details['varname']\n\t\t\t\t\t\t\t]);\n\n\t\t\t\t\t\t\tif (!empty($row)) {\n\t\t\t\t\t\t\t\t$varvalue = $row['value'];\n\t\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t\t$varvalue = $field_details['default'];\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t$varvalue = false;\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\t$settings_data['groups'][$settings_part]['fields'][$field_name]['value'] = $varvalue;\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t}\n\n\tpublic static function refreshState(): void\n\t{\n\t\tself::$data = null;\n\t\tself::init();\n\t}\n\n\tpublic static function getAll(): array\n\t{\n\t\tself::init();\n\t\treturn self::$data;\n\t}\n\n\t/**\n\t * get value from config by identifier\n\t * @throws Exception\n\t */\n\tpublic static function Config(string $config)\n\t{\n\t\tself::init();\n\t\t$result = self::$conf[$config] ?? null;\n\t\tif (is_null($result)) {\n\t\t\tthrow new Exception('Unknown local config name \"' . $config . '\"');\n\t\t}\n\t\treturn $result;\n\t}\n}\n" }, { "path": "lib/Froxlor/System/Cronjob.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\System;\n\nuse Exception;\nuse Froxlor\\Cron\\TaskId;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\FileDir;\nuse Froxlor\\FroxlorLogger;\nuse Froxlor\\Settings;\nuse PDO;\n\nclass Cronjob\n{\n\n\t/**\n\t * Function checkLastGuid\n\t *\n\t * Checks if the system's last guid is not higher than the one saved\n\t * in froxlor's database. If it's higher, froxlor needs to\n\t * set its last guid to this one to avoid conflicts with libnss-users\n\t *\n\t * @return null\n\t */\n\tpublic static function checkLastGuid()\n\t{\n\t\t$mylog = FroxlorLogger::getInstanceOf();\n\n\t\t$group_lines = [];\n\t\t$group_guids = [];\n\t\t$update_to_guid = 0;\n\n\t\t$froxlor_guid = 0;\n\t\t$result_stmt = Database::query(\"SELECT MAX(`guid`) as `fguid` FROM `\" . TABLE_PANEL_CUSTOMERS . \"`\");\n\t\t$result = $result_stmt->fetch(PDO::FETCH_ASSOC);\n\t\t$froxlor_guid = $result['fguid'];\n\n\t\t// possibly no customers yet or f*cked up lastguid settings\n\t\tif ($froxlor_guid < Settings::Get('system.lastguid')) {\n\t\t\t$froxlor_guid = Settings::Get('system.lastguid');\n\t\t}\n\n\t\t$g_file = '/etc/group';\n\n\t\tif (file_exists($g_file)) {\n\t\t\tif (is_readable($g_file)) {\n\t\t\t\tif (true == ($groups = file_get_contents($g_file))) {\n\t\t\t\t\t$group_lines = explode(\"\\n\", $groups);\n\n\t\t\t\t\tforeach ($group_lines as $group) {\n\t\t\t\t\t\t$group_guids[] = explode(\":\", $group);\n\t\t\t\t\t}\n\n\t\t\t\t\tforeach ($group_guids as $group) {\n\t\t\t\t\t\t/**\n\t\t\t\t\t\t * nogroup | nobody have very high guids\n\t\t\t\t\t\t * ignore them\n\t\t\t\t\t\t */\n\t\t\t\t\t\tif ($group[0] == 'nogroup' || $group[0] == 'nobody') {\n\t\t\t\t\t\t\tcontinue;\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\t$guid = isset($group[2]) ? (int)$group[2] : 0;\n\n\t\t\t\t\t\tif ($guid > $update_to_guid) {\n\t\t\t\t\t\t\t$update_to_guid = $guid;\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\n\t\t\t\t\t// if it's lower, then froxlor's highest guid is the last\n\t\t\t\t\tif ($update_to_guid < $froxlor_guid) {\n\t\t\t\t\t\t$update_to_guid = $froxlor_guid;\n\t\t\t\t\t} elseif ($update_to_guid == $froxlor_guid) {\n\t\t\t\t\t\t// if it's equal, that means we already have a collision\n\t\t\t\t\t\t// to ensure it won't happen again, increase the guid by one\n\t\t\t\t\t\t$update_to_guid = (int)$update_to_guid++;\n\t\t\t\t\t}\n\n\t\t\t\t\t// now check if it differs from our settings\n\t\t\t\t\tif ($update_to_guid != Settings::Get('system.lastguid')) {\n\t\t\t\t\t\t$mylog->logAction(FroxlorLogger::CRON_ACTION, LOG_NOTICE,\n\t\t\t\t\t\t\t'Updating froxlor last guid to ' . $update_to_guid);\n\t\t\t\t\t\tSettings::Set('system.lastguid', $update_to_guid);\n\t\t\t\t\t}\n\t\t\t\t} else {\n\t\t\t\t\t$mylog->logAction(FroxlorLogger::CRON_ACTION, LOG_NOTICE,\n\t\t\t\t\t\t'File /etc/group not readable; cannot check for latest guid');\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\t$mylog->logAction(FroxlorLogger::CRON_ACTION, LOG_NOTICE,\n\t\t\t\t\t'File /etc/group not readable; cannot check for latest guid');\n\t\t\t}\n\t\t} else {\n\t\t\t$mylog->logAction(FroxlorLogger::CRON_ACTION, LOG_NOTICE,\n\t\t\t\t'File /etc/group does not exist; cannot check for latest guid');\n\t\t}\n\t}\n\n\tpublic static function checkCurrentDistro(bool $is_install = false): string\n\t{\n\t\t// set default os.\n\t\tif ($is_install) {\n\t\t\t$distro = \"trixie\";\n\t\t} else {\n\t\t\t$distro = Settings::Get('system.distribution');\n\t\t}\n\n\t\t// read os-release\n\t\tif (@file_exists('/etc/os-release') && is_readable('/etc/os-release')) {\n\t\t\tif (function_exists('parse_ini_file')) {\n\t\t\t\t$os_dist = parse_ini_file('/etc/os-release', false);\n\t\t\t} else {\n\t\t\t\t$osrf = explode(\"\\n\", file_get_contents('/etc/os-release'));\n\t\t\t\tforeach ($osrf as $line) {\n\t\t\t\t\t$osrfline = explode(\"=\", $line);\n\t\t\t\t\tif ($osrfline[0] == 'VERSION_CODENAME') {\n\t\t\t\t\t\t$os_dist['VERSION_CODENAME'] = $osrfline[1];\n\t\t\t\t\t} elseif ($osrfline[0] == 'ID') {\n\t\t\t\t\t\t$os_dist['ID'] = $osrfline[1];\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t\t$distro = strtolower($os_dist['VERSION_CODENAME'] ?? ($os_dist['ID'] ?? $distro));\n\t\t}\n\n\t\tif (!$is_install && $distro != Settings::Get('system.distribution') && Settings::Get('system.distro_mismatch') != '2') {\n\t\t\tSettings::Set('system.distro_mismatch', '1');\n\t\t}\n\n\t\treturn $distro;\n\t}\n\n\t/**\n\t * @throws Exception\n\t */\n\tpublic static function checkLocalUserGroupMembership(): bool\n\t{\n\t\tif ((int)Settings::Get('phpfpm.enabled') == 1) {\n\t\t\t$username = Settings::Get('phpfpm.vhost_httpuser');\n\t\t} elseif ((int)Settings::Get('system.mod_fcgid') == 1) {\n\t\t\t$username = Settings::Get('system.mod_fcgid_httpuser');\n\t\t} else {\n\t\t\t$username = Settings::Get('system.httpuser');\n\t\t}\n\t\t$user = posix_getpwnam($username);\n\t\t$group = posix_getgrnam(Settings::Get('system.httpgroup'));\n\n\t\t$mylog = FroxlorLogger::getInstanceOf();\n\t\tif (!$user || !$group) {\n\t\t\t$mylog->logAction(\n\t\t\t\tFroxlorLogger::CRON_ACTION,\n\t\t\t\tLOG_NOTICE,\n\t\t\t\t'Either local froxlor user or webserver-group could not be found/read. Please check settings.'\n\t\t\t);\n\t\t\treturn false;\n\t\t}\n\n\t\t// primary group?\n\t\tif ($user['gid'] === $group['gid']) {\n\t\t\treturn true;\n\t\t}\n\n\t\t// supplementary groups?\n\t\tif (in_array($username, $group['members'])) {\n\t\t\treturn true;\n\t\t}\n\n\t\t// not yet in group, add it\n\t\t$mylog->logAction(\n\t\t\tFroxlorLogger::CRON_ACTION,\n\t\t\tLOG_NOTICE,\n\t\t\t'Local froxlor user not in webserver-group. Adding user \"' . $username . '\" to group \"' . Settings::Get('system.httpgroup') . '\"'\n\t\t);\n\t\tFileDir::safe_exec('usermod -aG ' . escapeshellarg(Settings::Get('system.httpgroup')) . ' ' . escapeshellarg($username));\n\t\treturn true;\n\t}\n\n\t/**\n\t * Inserts a task into the PANEL_TASKS-Table\n\t *\n\t * @param int $type Type of task\n\t * @param string $params Parameter (possible to pass multiple times)\n\t *\n\t * @throws Exception\n\t * @author Froxlor team (2010-)\n\t */\n\tpublic static function inserttask(int $type, ...$params)\n\t{\n\t\t// prepare the insert-statement\n\t\t$ins_stmt = Database::prepare(\"\n\t\t\tINSERT INTO `\" . TABLE_PANEL_TASKS . \"` SET `type` = :type, `data` = :data\n\t\t\");\n\n\t\tif ($type == TaskId::REBUILD_VHOST || $type == TaskId::REBUILD_DNS || $type == TaskId::CREATE_FTP || $type == TaskId::REBUILD_RSPAMD || $type == TaskId::CREATE_QUOTA || $type == TaskId::REBUILD_CRON || $type == TaskId::UPDATE_LE_SERVICES || $type == TaskId::REBUILD_NSSUSERS) {\n\t\t\t// 4 = bind -> if bind disabled -> no task\n\t\t\tif ($type == TaskId::REBUILD_DNS && Settings::Get('system.bind_enable') == '0') {\n\t\t\t\treturn;\n\t\t\t}\n\t\t\t// 9 = rspamd -> if antispam disabled -> no task\n\t\t\tif ($type == TaskId::REBUILD_RSPAMD && Settings::Get('antispam.activated') == '0') {\n\t\t\t\treturn;\n\t\t\t}\n\t\t\t// 10 = quota -> if quota disabled -> no task\n\t\t\tif ($type == TaskId::CREATE_QUOTA && Settings::Get('system.diskquota_enabled') == '0') {\n\t\t\t\treturn;\n\t\t\t}\n\t\t\t// 13 = let's encrypt for services -> if services empty = no task\n\t\t\tif ($type == TaskId::UPDATE_LE_SERVICES && (Settings::Get('system.le_froxlor_enabled') == '0' || Settings::Get('system.le_renew_services') == '')) {\n\t\t\t\treturn;\n\t\t\t}\n\n\t\t\t// delete previously inserted tasks if they are the same as we only need ONE\n\t\t\t$del_stmt = Database::prepare(\"\n\t\t\t\tDELETE FROM `\" . TABLE_PANEL_TASKS . \"` WHERE `type` = :type\n\t\t\t\");\n\t\t\tDatabase::pexecute($del_stmt, [\n\t\t\t\t'type' => $type\n\t\t\t]);\n\n\t\t\t// insert the new task\n\t\t\tDatabase::pexecute($ins_stmt, [\n\t\t\t\t'type' => $type,\n\t\t\t\t'data' => ''\n\t\t\t]);\n\t\t} elseif ($type == TaskId::CREATE_HOME && count($params) == 4 && $params[0] != '' && $params[1] != '' && $params[2] != '' && ($params[3] == 0 || $params[3] == 1)) {\n\t\t\t$data = [];\n\t\t\t$data['loginname'] = $params[0];\n\t\t\t$data['uid'] = $params[1];\n\t\t\t$data['gid'] = $params[2];\n\t\t\t$data['store_defaultindex'] = $params[3];\n\t\t\t$data = json_encode($data);\n\t\t\tDatabase::pexecute($ins_stmt, [\n\t\t\t\t'type' => TaskId::CREATE_HOME,\n\t\t\t\t'data' => $data\n\t\t\t]);\n\t\t} elseif ($type == TaskId::DELETE_CUSTOMER_FILES && isset($params[0]) && $params[0] != '') {\n\t\t\t$data = [];\n\t\t\t$data['loginname'] = $params[0];\n\t\t\t$data = json_encode($data);\n\t\t\tDatabase::pexecute($ins_stmt, [\n\t\t\t\t'type' => TaskId::DELETE_CUSTOMER_FILES,\n\t\t\t\t'data' => $data\n\t\t\t]);\n\t\t} elseif ($type == TaskId::DELETE_EMAIL_DATA && count($params) == 2 && $params[0] != '' && $params[1] != '') {\n\t\t\t$data = [];\n\t\t\t$data['loginname'] = $params[0];\n\t\t\t$data['emailpath'] = $params[1];\n\t\t\t$data = json_encode($data);\n\t\t\tDatabase::pexecute($ins_stmt, [\n\t\t\t\t'type' => TaskId::DELETE_EMAIL_DATA,\n\t\t\t\t'data' => $data\n\t\t\t]);\n\t\t} elseif ($type == TaskId::DELETE_FTP_DATA && count($params) == 2 && $params[0] != '' && $params[1] != '') {\n\t\t\t$data = [];\n\t\t\t$data['loginname'] = $params[0];\n\t\t\t$data['homedir'] = $params[1];\n\t\t\t$data = json_encode($data);\n\t\t\tDatabase::pexecute($ins_stmt, [\n\t\t\t\t'type' => TaskId::DELETE_FTP_DATA,\n\t\t\t\t'data' => $data\n\t\t\t]);\n\t\t} elseif ($type == TaskId::DELETE_DOMAIN_PDNS && isset($params[0]) && $params[0] != '' && Settings::Get('system.bind_enable') == '1' && Settings::Get('system.dns_server') == 'PowerDNS') {\n\t\t\t// -> if bind disabled or dns-server not PowerDNS -> no task\n\t\t\t$data = [];\n\t\t\t$data['domain'] = $params[0];\n\t\t\t$data = json_encode($data);\n\t\t\tDatabase::pexecute($ins_stmt, [\n\t\t\t\t'type' => TaskId::DELETE_DOMAIN_PDNS,\n\t\t\t\t'data' => $data\n\t\t\t]);\n\t\t} elseif ($type == TaskId::DELETE_DOMAIN_SSL && isset($params[0]) && $params[0] != '') {\n\t\t\t$data = [];\n\t\t\t$data['domain'] = $params[0];\n\t\t\t$data = json_encode($data);\n\t\t\tDatabase::pexecute($ins_stmt, [\n\t\t\t\t'type' => TaskId::DELETE_DOMAIN_SSL,\n\t\t\t\t'data' => $data\n\t\t\t]);\n\t\t} elseif ($type == TaskId::CREATE_CUSTOMER_DATADUMP && isset($params[0]) && is_array($params[0])) {\n\t\t\t$data = json_encode($params[0]);\n\t\t\tDatabase::pexecute($ins_stmt, [\n\t\t\t\t'type' => TaskId::CREATE_CUSTOMER_DATADUMP,\n\t\t\t\t'data' => $data\n\t\t\t]);\n\t\t}\n\t}\n\n\t/**\n\t * returns an array of all cronjobs and when they last were executed\n\t *\n\t * @return array\n\t */\n\tpublic static function getCronjobsLastRun(): array\n\t{\n\t\t$query = \"SELECT `lastrun`, `desc_lng_key` FROM `\" . TABLE_PANEL_CRONRUNS . \"` WHERE `isactive` = '1' ORDER BY `cronfile` ASC\";\n\t\t$result = Database::query($query);\n\n\t\t$cronjobs_last_run = [];\n\t\twhile ($row = $result->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t$cronjobs_last_run[] = [\n\t\t\t\t'title' => lng('crondesc.' . $row['desc_lng_key']),\n\t\t\t\t'lastrun' => $row['lastrun']\n\t\t\t];\n\t\t}\n\t\treturn $cronjobs_last_run;\n\t}\n\n\t/**\n\t * @param string $module\n\t * @param int $isactive\n\t * @return void\n\t * @throws Exception\n\t */\n\tpublic static function toggleCronStatus(string $module, int $isactive = 0)\n\t{\n\t\tif ($isactive != 1) {\n\t\t\t$isactive = 0;\n\t\t}\n\n\t\t$upd_stmt = Database::prepare(\"\n\t\t\tUPDATE `\" . TABLE_PANEL_CRONRUNS . \"` SET `isactive` = :active WHERE `module` = :module\n\t\t\");\n\t\tDatabase::pexecute($upd_stmt, [\n\t\t\t'active' => $isactive,\n\t\t\t'module' => $module\n\t\t]);\n\t}\n\n\t/**\n\t * returns an array of tasks that are queued to be run by the cronjob\n\t *\n\t * @return array\n\t */\n\tpublic static function getOutstandingTasks(): array\n\t{\n\t\t$query = \"SELECT * FROM `\" . TABLE_PANEL_TASKS . \"` ORDER BY `type` ASC\";\n\t\t$result = Database::query($query);\n\n\t\t$tasks = [];\n\t\twhile ($row = $result->fetch(PDO::FETCH_ASSOC)) {\n\t\t\tif ($row['data'] != '') {\n\t\t\t\t$row['data'] = json_decode($row['data'], true);\n\t\t\t}\n\n\t\t\t$task_id = $row['type'];\n\t\t\tif (TaskId::isValid($task_id)) {\n\t\t\t\t$task_constname = TaskId::convertToConstant($task_id);\n\t\t\t\t$lngParams = [];\n\t\t\t\tif (is_array($row['data'])) {\n\t\t\t\t\t// task includes loginname\n\t\t\t\t\tif (isset($row['data']['loginname'])) {\n\t\t\t\t\t\t$lngParams = [$row['data']['loginname']];\n\t\t\t\t\t}\n\t\t\t\t\t// task includes domain data\n\t\t\t\t\tif (isset($row['data']['domain'])) {\n\t\t\t\t\t\t$lngParams = [$row['data']['domain']];\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\t$task = [\n\t\t\t\t\t'desc' => lng('tasks.' . $task_constname, $lngParams)\n\t\t\t\t];\n\t\t\t} else {\n\t\t\t\t// unknown\n\t\t\t\t$task = ['desc' => \"ERROR: Unknown task type '\" . $row['type'] . \"'\"];\n\t\t\t}\n\n\t\t\t$tasks[] = $task;\n\t\t}\n\n\t\tif (empty($tasks)) {\n\t\t\t$tasks = [['desc' => lng('tasks.noneoutstanding')]];\n\t\t}\n\n\t\treturn $tasks;\n\t}\n\n\t/**\n\t * Send notification to system admin via email\n\t *\n\t * @param string $message\n\t * @param string $subject\n\t *\n\t * @return void\n\t */\n\tpublic static function notifyMailToAdmin(string $message, string $subject = \"[froxlor] Important notice\")\n\t{\n\t\t$mail = new Mailer(true);\n\t\t$mailerror = false;\n\t\t$mailerr_msg = \"\";\n\t\ttry {\n\t\t\t$mail->Subject = $subject;\n\t\t\t$mail->AltBody = $message;\n\t\t\t$mail->MsgHTML(nl2br($message));\n\t\t\t$mail->AddAddress(Settings::Get('panel.adminmail'), Settings::Get('panel.adminmail_defname'));\n\t\t\t$mail->Send();\n\t\t} catch (\\PHPMailer\\PHPMailer\\Exception $e) {\n\t\t\t$mailerr_msg = $e->errorMessage();\n\t\t\t$mailerror = true;\n\t\t} catch (Exception $e) {\n\t\t\t$mailerr_msg = $e->getMessage();\n\t\t\t$mailerror = true;\n\t\t}\n\n\t\t$mail->ClearAddresses();\n\n\t\tif ($mailerror) {\n\t\t\techo 'Error sending mail: ' . $mailerr_msg . \"\\n\";\n\t\t}\n\t}\n\n\t/**\n\t * @param string $cronname\n\t * @return void\n\t * @throws Exception\n\t */\n\tpublic static function updateLastRunOfCron(string $cronname)\n\t{\n\t\t$upd_stmt = Database::prepare(\"\n\t\t\tUPDATE `\" . TABLE_PANEL_CRONRUNS . \"` SET `lastrun` = UNIX_TIMESTAMP() WHERE `cronfile` = :cron;\n\t\t\");\n\t\tDatabase::pexecute($upd_stmt, [\n\t\t\t'cron' => $cronname\n\t\t]);\n\t}\n}\n" }, { "path": "lib/Froxlor/System/Crypt.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\System;\n\nuse Froxlor\\Database\\Database;\nuse Froxlor\\Froxlor;\nuse Froxlor\\Settings;\nuse Froxlor\\Validate\\Validate;\n\nclass Crypt\n{\n\n\t/**\n\t * Generates a random password\n\t *\n\t * @param int $length optional, will be read from settings if not given\n\t * @param bool $isSalt optional, default false, do not include special characters\n\t *\n\t * @return string\n\t */\n\tpublic static function generatePassword(int $length = 0, bool $isSalt = false): string\n\t{\n\t\t$alpha_lower = 'abcdefghijklmnopqrstuvwxyz';\n\t\t$alpha_upper = strtoupper($alpha_lower);\n\t\t$numeric = '0123456789';\n\t\t$special = Settings::Get('panel.password_special_char');\n\t\tif (empty($length)) {\n\t\t\t$length = Settings::Get('panel.password_min_length') > 3 ? Settings::Get('panel.password_min_length') : 10;\n\t\t}\n\n\t\t$pw = self::specialShuffle($alpha_lower);\n\t\t$n = floor(($length) / 4);\n\n\t\tif (Settings::Get('panel.password_alpha_upper')) {\n\t\t\t$pw .= mb_substr(self::specialShuffle($alpha_upper), 0, $n);\n\t\t}\n\n\t\tif (Settings::Get('panel.password_numeric')) {\n\t\t\t$pw .= mb_substr(self::specialShuffle($numeric), 0, $n);\n\t\t}\n\n\t\tif (Settings::Get('panel.password_special_char_required') && !$isSalt) {\n\t\t\t$pw .= mb_substr(self::specialShuffle($special), 0, $n);\n\t\t}\n\n\t\t$pw = mb_substr($pw, -$length);\n\n\t\treturn self::specialShuffle($pw);\n\t}\n\n\t/**\n\t * multibyte-character safe shuffle function\n\t *\n\t * @param string $str\n\t *\n\t * @return string\n\t */\n\tprivate static function specialShuffle(string $str): string\n\t{\n\t\t$len = mb_strlen($str);\n\t\t$sploded = [];\n\t\twhile ($len-- > 0) {\n\t\t\t$sploded[] = mb_substr($str, $len, 1);\n\t\t}\n\t\tshuffle($sploded);\n\t\treturn join('', $sploded);\n\t}\n\n\t/**\n\t * return an array of available hashes\n\t *\n\t * @return array\n\t */\n\tpublic static function getAvailablePasswordHashes(): array\n\t{\n\t\t// get available pwd-hases\n\t\t$available_pwdhashes = [\n\t\t\tPASSWORD_DEFAULT => lng('serversettings.systemdefault')\n\t\t];\n\t\tif (defined('PASSWORD_BCRYPT')) {\n\t\t\t$available_pwdhashes[PASSWORD_BCRYPT] = 'Bcrypt/Blowfish' . (PASSWORD_DEFAULT == PASSWORD_BCRYPT ? ' (' . lng('serversettings.systemdefault') . ')' : '');\n\t\t}\n\t\tif (defined('PASSWORD_ARGON2I')) {\n\t\t\t$available_pwdhashes[PASSWORD_ARGON2I] = 'Argon2i' . (PASSWORD_DEFAULT == PASSWORD_ARGON2I ? ' (' . lng('serversettings.systemdefault') . ')' : '');\n\t\t}\n\t\tif (defined('PASSWORD_ARGON2ID')) {\n\t\t\t$available_pwdhashes[PASSWORD_ARGON2ID] = 'Argon2id' . (PASSWORD_DEFAULT == PASSWORD_ARGON2ID ? ' (' . lng('serversettings.systemdefault') . ')' : '');\n\t\t}\n\n\t\treturn $available_pwdhashes;\n\t}\n\n\t/**\n\t * Function validatePassword\n\t *\n\t * if password-min-length is set in settings\n\t * we check against the length, if not matched\n\t * an error message will be output and 'exit' is called\n\t *\n\t * @param string $password the password to validate\n\t * @param bool $json_response\n\t *\n\t * @return string either the password or an errormessage+exit\n\t */\n\tpublic static function validatePassword(string $password, bool $json_response = false): string\n\t{\n\t\tif (Settings::Get('panel.password_min_length') > 0) {\n\t\t\t$password = Validate::validate($password, Settings::Get('panel.password_min_length'),\n\t\t\t\t'/^.{' . (int)Settings::Get('panel.password_min_length') . ',}$/D', 'notrequiredpasswordlength', [],\n\t\t\t\t$json_response);\n\t\t}\n\n\t\tif (Settings::Get('panel.password_regex') != '') {\n\t\t\t$password = Validate::validate($password, Settings::Get('panel.password_regex'),\n\t\t\t\tSettings::Get('panel.password_regex'), 'notrequiredpasswordcomplexity', [], $json_response);\n\t\t} else {\n\t\t\tif (Settings::Get('panel.password_alpha_lower')) {\n\t\t\t\t$password = Validate::validate($password, '/.*[a-z]+.*/', '/.*[a-z]+.*/',\n\t\t\t\t\t'notrequiredpasswordcomplexity', [], $json_response);\n\t\t\t}\n\t\t\tif (Settings::Get('panel.password_alpha_upper')) {\n\t\t\t\t$password = Validate::validate($password, '/.*[A-Z]+.*/', '/.*[A-Z]+.*/',\n\t\t\t\t\t'notrequiredpasswordcomplexity', [], $json_response);\n\t\t\t}\n\t\t\tif (Settings::Get('panel.password_numeric')) {\n\t\t\t\t$password = Validate::validate($password, '/.*[0-9]+.*/', '/.*[0-9]+.*/',\n\t\t\t\t\t'notrequiredpasswordcomplexity', [], $json_response);\n\t\t\t}\n\t\t\tif (Settings::Get('panel.password_special_char_required')) {\n\t\t\t\t$password = Validate::validate($password,\n\t\t\t\t\t'/.*[' . preg_quote(Settings::Get('panel.password_special_char'), '/') . ']+.*/',\n\t\t\t\t\t'/.*[' . preg_quote(Settings::Get('panel.password_special_char'), '/') . ']+.*/',\n\t\t\t\t\t'notrequiredpasswordcomplexity', [], $json_response);\n\t\t\t}\n\t\t}\n\n\t\treturn $password;\n\t}\n\n\t/**\n\t * Function validatePasswordLogin\n\t *\n\t * compare user password-hash with given user-password\n\t * and check if they are the same\n\t * additionally it updates the hash if the system settings changed\n\t * or if the very old md5() sum is used\n\t *\n\t * @param array $userinfo user-data from table\n\t * @param string $password the password to validate\n\t * @param string $table either panel_customers or panel_admins\n\t * @param string $uid user-id-field in $table\n\t *\n\t * @return bool\n\t * @throws \\Exception\n\t */\n\tpublic static function validatePasswordLogin(\n\t\tarray $userinfo,\n\t\tstring $password,\n\t\tstring $table = 'panel_customers',\n\t\tstring $uid = 'customerid'\n\t): bool {\n\t\t$algo = Settings::Get('system.passwordcryptfunc') !== null ? Settings::Get('system.passwordcryptfunc') : PASSWORD_DEFAULT;\n\t\tif (is_numeric($algo)) {\n\t\t\t// old setting format\n\t\t\t$algo = PASSWORD_DEFAULT;\n\t\t\tSettings::Set('system.passwordcryptfunc', $algo);\n\t\t}\n\t\t$pwd_hash = $userinfo['password'];\n\n\t\t$update_hash = false;\n\t\t$pwd_check = \"\";\n\t\t// check for good'ole md5\n\t\tif (strlen($pwd_hash) == 32 && ctype_xdigit($pwd_hash)) {\n\t\t\t$pwd_check = md5($password);\n\t\t\t$update_hash = true;\n\t\t}\n\n\t\tif ($pwd_hash === $pwd_check || password_verify($password, $pwd_hash)) {\n\t\t\t// check for update of hash (only if our database is ready to handle the bigger string)\n\t\t\t$is_ready = Froxlor::versionCompare2(\"0.9.33\", Froxlor::getVersion()) <= 0;\n\t\t\tif ((password_needs_rehash($pwd_hash, $algo) || $update_hash) && $is_ready) {\n\t\t\t\t$upd_stmt = Database::prepare(\"\n\t\t\t\t\tUPDATE \" . $table . \" SET `password` = :newpasswd WHERE `\" . $uid . \"` = :uid\n\t\t\t\t\");\n\t\t\t\t$params = [\n\t\t\t\t\t'newpasswd' => self::makeCryptPassword($password),\n\t\t\t\t\t'uid' => $userinfo[$uid]\n\t\t\t\t];\n\t\t\t\tDatabase::pexecute($upd_stmt, $params);\n\t\t\t}\n\t\t\treturn true;\n\t\t}\n\t\treturn false;\n\t}\n\n\t/**\n\t * Make encrypted password from clear text password\n\t *\n\t * @param string $password Password to be encrypted\n\t * @param bool $htpasswd optional whether to generate a bcrypt password for directory protection\n\t * @param bool $ftpd optional generates sha256 password strings for proftpd/pureftpd\n\t *\n\t * @return string encrypted password\n\t */\n\tpublic static function makeCryptPassword(string $password, bool $htpasswd = false, bool $ftpd = false): string\n\t{\n\t\tif ($htpasswd || $ftpd) {\n\t\t\tif ($ftpd) {\n\t\t\t\t// sha256 compatible for proftpd and pure-ftpd\n\t\t\t\treturn crypt($password, '$5$' . self::generatePassword(16, true) . '$');\n\t\t\t}\n\t\t\t// bcrypt hash for dir-protection\n\t\t\treturn password_hash($password, PASSWORD_BCRYPT);\n\t\t}\n\t\t// crypt using the specified crypt-algorithm or system default\n\t\t$algo = Settings::Get('system.passwordcryptfunc') !== null ? Settings::Get('system.passwordcryptfunc') : PASSWORD_DEFAULT;\n\t\treturn password_hash($password, $algo);\n\t}\n\n\t/**\n\t * creates a self-signed ECC-certificate for the froxlor-vhost\n\t * and sets the content to the corresponding files set in the\n\t * settings for ssl-certificate-file and ssl-certificate-key\n\t *\n\t * @return void\n\t */\n\tpublic static function createSelfSignedCertificate()\n\t{\n\t\t// validate that we have file names in the settings\n\t\t$certFile = Settings::Get('system.ssl_cert_file');\n\t\t$keyFile = Settings::Get('system.ssl_key_file');\n\t\tif (empty($certFile)) {\n\t\t\t$certFile = '/etc/ssl/froxlor_selfsigned.pem';\n\t\t\tSettings::Set('system.ssl_cert_file', $certFile);\n\t\t}\n\t\tif (empty($keyFile)) {\n\t\t\t$keyFile = '/etc/ssl/froxlor_selfsigned.key';\n\t\t\tSettings::Set('system.ssl_key_file', $keyFile);\n\t\t}\n\n\t\t// certificate info\n\t\t$dn = [\n\t\t\t\"countryName\" => \"DE\",\n\t\t\t\"stateOrProvinceName\" => \"Hessen\",\n\t\t\t\"localityName\" => \"Frankfurt am Main\",\n\t\t\t\"organizationName\" => \"froxlor\",\n\t\t\t\"organizationalUnitName\" => \"froxlor Server Management Panel\",\n\t\t\t\"commonName\" => Settings::Get('system.hostname'),\n\t\t\t\"emailAddress\" => Settings::Get('panel.adminmail')\n\t\t];\n\t\t// create private key\n\t\t$privkey = openssl_pkey_new([\n\t\t\t\"private_key_type\" => OPENSSL_KEYTYPE_EC,\n\t\t\t\"curve_name\" => 'prime256v1',\n\t\t]);\n\t\t// create signing request\n\t\t$csr = openssl_csr_new($dn, $privkey, array('digest_alg' => 'sha384'));\n\t\t// sign csr\n\t\t$x509 = openssl_csr_sign($csr, null, $privkey, 365, array('digest_alg' => 'sha384'));\n\t\t// export to files\n\t\topenssl_x509_export_to_file($x509, $certFile);\n\t\topenssl_pkey_export_to_file($privkey, $keyFile);\n\t}\n}\n" }, { "path": "lib/Froxlor/System/IPTools.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\System;\n\nclass IPTools\n{\n\n\t/**\n\t * Converts CIDR to a netmask address\n\t *\n\t * @thx to https://stackoverflow.com/a/5711080/3020926\n\t * @param string $cidr\n\t *\n\t * @return string\n\t */\n\tpublic static function cidr2NetmaskAddr(string $cidr): string\n\t{\n\t\t$ta = substr($cidr, strpos($cidr, '/') + 1) * 1;\n\t\t$netmask = str_split(str_pad(str_pad('', $ta, '1'), 32, '0'), 8);\n\n\t\tforeach ($netmask as &$element) {\n\t\t\t$element = bindec($element);\n\t\t}\n\n\t\treturn implode('.', $netmask);\n\t}\n\n\t/**\n\t * Checks whether the given $ip is in range of given ip/cidr range\n\t *\n\t * @param array $ip_cidr 0 => ip, 1 => netmask in decimal, e.g. [0 => '123.123.123.123', 1 => 24]\n\t * @param string $ip ip-address to check\n\t *\n\t * @return bool\n\t */\n\tpublic static function ip_in_range(array $ip_cidr, string $ip): bool\n\t{\n\t\t$netip = $ip_cidr[0];\n\t\tif (self::is_ipv6($netip)) {\n\t\t\treturn self::ipv6_in_range($ip_cidr, $ip);\n\t\t}\n\t\t$netmask = $ip_cidr[1];\n\t\t$range_decimal = ip2long($netip);\n\t\t$ip_decimal = ip2long($ip);\n\t\t$wildcard_decimal = pow(2, (32 - $netmask)) - 1;\n\t\t$netmask_decimal = ~$wildcard_decimal;\n\t\treturn (($ip_decimal & $netmask_decimal) == ($range_decimal & $netmask_decimal));\n\t}\n\n\t/**\n\t * Checks if an $address (IP) is IPv6\n\t *\n\t * @param string $address\n\t *\n\t * @return string|bool ip address on success, false on failure\n\t */\n\tpublic static function is_ipv6(string $address)\n\t{\n\t\treturn filter_var($address, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6);\n\t}\n\n\t/**\n\t * Checks whether the given ipv6 $ip is in range of given ip/cidr range\n\t *\n\t * @param array $ip_cidr 0 => ip, 1 => netmask in decimal, e.g. [0 => '123:123::1', 1 => 64]\n\t * @param string $ip ip-address to check\n\t *\n\t * @return bool\n\t */\n\tprivate static function ipv6_in_range(array $ip_cidr, string $ip): bool\n\t{\n\t\t$in_range = false;\n\n\t\t$size = 128 - $ip_cidr[1];\n\t\tif ($size == 0) {\n\t\t\treturn inet_ntop(inet_pton($ip_cidr[0])) == inet_ntop(inet_pton($ip));\n\t\t}\n\t\t$addr = gmp_init('0x' . str_replace(':', '', self::inet6_expand($ip_cidr[0])));\n\t\t$mask = gmp_init('0x' . str_replace(':', '', self::inet6_expand(self::inet6_prefix_to_mask($ip_cidr[1]))));\n\t\t$prefix = gmp_and($addr, $mask);\n\t\t$start = gmp_strval(gmp_add($prefix, '0x1'), 16);\n\t\t$end = '0b';\n\t\tfor ($i = 0; $i < $size; $i++) {\n\t\t\t$end .= '1';\n\t\t}\n\t\t$end = gmp_strval(gmp_add($prefix, gmp_init($end)), 16);\n\t\t$start_result = '';\n\t\tfor ($i = 0; $i < 8; $i++) {\n\t\t\t$start_result .= substr($start, $i * 4, 4);\n\t\t\tif ($i != 7) {\n\t\t\t\t$start_result .= ':';\n\t\t\t}\n\t\t}\n\t\t$end_result = '';\n\t\tfor ($i = 0; $i < 8; $i++) {\n\t\t\t$end_result .= substr($end, $i * 4, 4);\n\t\t\tif ($i != 7) {\n\t\t\t\t$end_result .= ':';\n\t\t\t}\n\t\t}\n\n\t\t$first = self::ip2long6($start_result);\n\t\t$last = self::ip2long6($end_result);\n\t\t$ip = self::ip2long6($ip);\n\n\t\t$in_range = ($ip >= $first && $ip <= $last);\n\t\treturn $in_range;\n\t}\n\n\t/**\n\t * @param string $addr\n\t * @return false|string\n\t */\n\tprivate static function inet6_expand(string $addr)\n\t{\n\t\t// Check if there are segments missing, insert if necessary\n\t\tif (strpos($addr, '::') !== false) {\n\t\t\t$part = explode('::', $addr);\n\t\t\t$part[0] = explode(':', $part[0]);\n\t\t\t$part[1] = explode(':', $part[1]);\n\t\t\t$missing = [];\n\t\t\tfor ($i = 0; $i < (8 - (count($part[0]) + count($part[1]))); $i++) {\n\t\t\t\t$missing[] = '0000';\n\t\t\t}\n\t\t\t$missing = array_merge($part[0], $missing);\n\t\t\t$part = array_merge($missing, $part[1]);\n\t\t} else {\n\t\t\t$part = explode(\":\", $addr);\n\t\t}\n\t\t// Pad each segment until it has 4 digits\n\t\tforeach ($part as &$p) {\n\t\t\twhile (strlen($p) < 4) {\n\t\t\t\t$p = '0' . $p;\n\t\t\t}\n\t\t}\n\t\tunset($p);\n\t\t// Join segments\n\t\t$result = implode(':', $part);\n\t\t// Quick check to make sure the length is as expected\n\t\tif (strlen($result) == 39) {\n\t\t\treturn $result;\n\t\t} else {\n\t\t\treturn false;\n\t\t}\n\t}\n\n\t/**\n\t * @param int $prefix\n\t * @return false|string\n\t */\n\tprivate static function inet6_prefix_to_mask(int $prefix)\n\t{\n\t\t/* Make sure the prefix is a number between 1 and 127 (inclusive) */\n\t\tif ($prefix < 0 || $prefix > 128) {\n\t\t\treturn false;\n\t\t}\n\t\t$mask = '0b';\n\t\t$mask .= str_repeat('1', $prefix);\n\t\tfor ($i = strlen($mask) - 2; $i < 128; $i++) {\n\t\t\t$mask .= '0';\n\t\t}\n\t\t$mask = gmp_strval(gmp_init($mask), 16);\n\t\t$result = '';\n\t\tfor ($i = 0; $i < 8; $i++) {\n\t\t\t$result .= substr($mask, $i * 4, 4);\n\t\t\tif ($i != 7) {\n\t\t\t\t$result .= ':';\n\t\t\t}\n\t\t} // for\n\t\treturn inet_ntop(inet_pton($result));\n\t}\n\n\t/**\n\t * @param string $ip\n\t * @return string\n\t */\n\tprivate static function ip2long6(string $ip): string\n\t{\n\t\t$ip_n = inet_pton($ip);\n\t\t$bits = 15; // 16 x 8 bit = 128bit\n\t\t$ipv6long = '';\n\t\twhile ($bits >= 0) {\n\t\t\t$bin = sprintf(\"%08b\", (ord($ip_n[$bits])));\n\t\t\t$ipv6long = $bin . $ipv6long;\n\t\t\t$bits--;\n\t\t}\n\t\treturn gmp_strval(gmp_init($ipv6long, 2), 10);\n\t}\n}\n" }, { "path": "lib/Froxlor/System/Mailer.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\System;\n\nuse Froxlor\\Settings;\nuse PHPMailer\\PHPMailer\\Exception;\nuse PHPMailer\\PHPMailer\\PHPMailer;\n\nclass Mailer extends PHPMailer\n{\n\n\t/**\n\t * class constructor\n\t *\n\t * @param bool $exceptions whether to throw exceptions or not\n\t *\n\t * @throws Exception\n\t */\n\tpublic function __construct(bool $exceptions = false)\n\t{\n\t\tparent::__construct($exceptions);\n\t\t$this->CharSet = \"UTF-8\";\n\n\t\tif (Settings::Get('system.mail_use_smtp')) {\n\t\t\t$this->isSMTP();\n\t\t\t$this->Host = Settings::Get('system.mail_smtp_host');\n\t\t\t$this->SMTPAuth = Settings::Get('system.mail_smtp_auth') == '1';\n\t\t\t$this->Username = Settings::Get('system.mail_smtp_user');\n\t\t\t$this->Password = Settings::Get('system.mail_smtp_passwd');\n\t\t\tif (Settings::Get('system.mail_smtp_usetls')) {\n\t\t\t\t$this->SMTPSecure = 'tls';\n\t\t\t} else {\n\t\t\t\t$this->SMTPAutoTLS = false;\n\t\t\t}\n\t\t\t$this->Port = Settings::Get('system.mail_smtp_port');\n\t\t}\n\n\t\t/**\n\t\t * use froxlor's email-validation\n\t\t */\n\t\tself::$validator = [\n\t\t\t'\\Froxlor\\\\Validate\\\\Validate',\n\t\t\t'validateEmail'\n\t\t];\n\n\t\tif (self::ValidateAddress(Settings::Get('panel.adminmail')) !== false) {\n\t\t\t// set return-to address and custom sender-name, see #76\n\t\t\t$this->setFrom(Settings::Get('panel.adminmail'), Settings::Get('panel.adminmail_defname'));\n\t\t\tif (Settings::Get('panel.adminmail_return') != '') {\n\t\t\t\t$this->addReplyTo(Settings::Get('panel.adminmail_return'), Settings::Get('panel.adminmail_defname'));\n\t\t\t}\n\t\t}\n\t}\n}\n" }, { "path": "lib/Froxlor/System/Markdown.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\System;\n\nuse League\\CommonMark\\Exception\\CommonMarkException;\nuse League\\CommonMark\\GithubFlavoredMarkdownConverter;\n\nclass Markdown\n{\n\n\tprivate static $converter = null;\n\n\tpublic static function converter(): ?GithubFlavoredMarkdownConverter\n\t{\n\t\tif (is_null(self::$converter)) {\n\t\t\tself::$converter = new GithubFlavoredMarkdownConverter([\n\t\t\t\t'html_input' => 'strip',\n\t\t\t\t'allow_unsafe_links' => false,\n\t\t\t]);\n\t\t}\n\t\treturn self::$converter;\n\t}\n\n\tpublic static function cleanCustomNotes(string $note = \"\"): string\n\t{\n\t\tif (!empty($note)) {\n\t\t\ttry {\n\t\t\t\t$note = self::converter()->convert($note)->getContent();\n\t\t\t} catch (CommonMarkException $e) {\n\t\t\t\t$note = \"\";\n\t\t\t}\n\t\t}\n\t\treturn $note;\n\t}\n}\n" }, { "path": "lib/Froxlor/System/MysqlHandler.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\System;\n\nuse Froxlor\\Database\\Database;\nuse Monolog\\Handler\\AbstractProcessingHandler;\nuse Monolog\\Logger;\n\nclass MysqlHandler extends AbstractProcessingHandler\n{\n\n\tprotected static array $froxlorLevels = [\n\t\tLogger::DEBUG => LOG_DEBUG,\n\t\tLogger::INFO => LOG_INFO,\n\t\tLogger::NOTICE => LOG_NOTICE,\n\t\tLogger::WARNING => LOG_WARNING,\n\t\tLogger::ERROR => LOG_ERR,\n\t\tLogger::CRITICAL => LOG_ERR,\n\t\tLogger::ALERT => LOG_ERR,\n\t\tLogger::EMERGENCY => LOG_ERR\n\t];\n\tprotected $pdoStatement = null;\n\n\t/**\n\t * Constructor\n\t *\n\t * @param bool|int $level Debug level which this handler should store\n\t * @param bool $bubble\n\t */\n\tpublic function __construct($level = Logger::DEBUG, bool $bubble = true)\n\t{\n\t\tparent::__construct($level, $bubble);\n\t}\n\n\t/**\n\t * Writes the record down to the log\n\t *\n\t * @param array $record\n\t * @return void\n\t */\n\tprotected function write(array $record)\n\t{\n\t\t$this->insert([\n\t\t\t':message' => $record['message'],\n\t\t\t':contextUser' => ($record['context']['user'] ?? 'unknown'),\n\t\t\t':contextAction' => ($record['context']['action'] ?? '0'),\n\t\t\t':level' => self::$froxlorLevels[$record['level']],\n\t\t\t':datetime' => $record['datetime']->format('U')\n\t\t]);\n\t}\n\n\t/**\n\t * Insert the data to the logger table\n\t *\n\t * @param array $data\n\t * @return bool\n\t */\n\tprotected function insert(array $data): bool\n\t{\n\t\tif ($this->pdoStatement === null) {\n\t\t\t$sql = \"INSERT INTO `panel_syslog` SET `text` = :message, `user` = :contextUser, `action` = :contextAction, `type` = :level, `date` = :datetime\";\n\t\t\t$this->pdoStatement = Database::prepare($sql);\n\t\t}\n\t\treturn $this->pdoStatement->execute($data);\n\t}\n}\n" }, { "path": "lib/Froxlor/System/index.html", "content": "" }, { "path": "lib/Froxlor/Traffic/Traffic.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\Traffic;\n\nuse Froxlor\\Api\\Commands\\Customers;\nuse Froxlor\\Api\\Commands\\Traffic as TrafficAPI;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\UI\\Collection;\n\nclass Traffic\n{\n\t/**\n\t * @param array $userinfo\n\t * @param ?string $range\n\t * @return array\n\t * @throws \\Exception\n\t */\n\tpublic static function getCustomerStats(array $userinfo, string $range = null, bool $overview = false): array\n\t{\n\t\t$trafficCollectionObj = (new Collection(TrafficAPI::class, $userinfo,\n\t\t\tself::getParamsByRange($range, ['customer_traffic' => true])));\n\t\tif (($userinfo['adminsession'] ?? 0) == 1) {\n\t\t\t$trafficCollectionObj->has('customer', Customers::class, 'customerid', 'customerid');\n\t\t}\n\t\t$trafficCollection = $trafficCollectionObj->get();\n\n\t\t// build stats for each user\n\t\t$users = [];\n\t\t$years = [];\n\t\t$months = [];\n\t\t$days = [];\n\t\tforeach ($trafficCollection['data']['list'] as $item) {\n\t\t\t$http = $item['http'];\n\t\t\t$ftp = ($item['ftp_up'] + $item['ftp_down']);\n\t\t\t$mail = $item['mail'];\n\t\t\t$total = $http + $ftp + $mail;\n\n\t\t\tif (empty($users[$item['customerid']])) {\n\t\t\t\t$users[$item['customerid']] = [\n\t\t\t\t\t'total' => 0.00,\n\t\t\t\t\t'http' => 0.00,\n\t\t\t\t\t'ftp' => 0.00,\n\t\t\t\t\t'mail' => 0.00,\n\t\t\t\t];\n\t\t\t}\n\n\t\t\t// per user total\n\t\t\tif (($userinfo['adminsession'] ?? 0) == 1) {\n\t\t\t\t$users[$item['customerid']]['loginname'] = $item['customer']['loginname'];\n\t\t\t}\n\t\t\t$users[$item['customerid']]['total'] += $total;\n\t\t\t$users[$item['customerid']]['http'] += $http;\n\t\t\t$users[$item['customerid']]['ftp'] += $ftp;\n\t\t\t$users[$item['customerid']]['mail'] += $mail;\n\t\t\tif (!$overview) {\n\t\t\t\tif (empty($years[$item['year']])) {\n\t\t\t\t\t$years[$item['year']] = [\n\t\t\t\t\t\t'total' => 0.00,\n\t\t\t\t\t\t'http' => 0.00,\n\t\t\t\t\t\t'ftp' => 0.00,\n\t\t\t\t\t\t'mail' => 0.00,\n\t\t\t\t\t];\n\t\t\t\t}\n\t\t\t\tif (empty($months[$item['month'] . '/' . $item['year']])) {\n\t\t\t\t\t$months[$item['month'] . '/' . $item['year']] = [\n\t\t\t\t\t\t'total' => 0.00,\n\t\t\t\t\t\t'http' => 0.00,\n\t\t\t\t\t\t'ftp' => 0.00,\n\t\t\t\t\t\t'mail' => 0.00,\n\t\t\t\t\t];\n\t\t\t\t}\n\t\t\t\tif (empty($days[$item['day'] . '.' . $item['month'] . '.' . $item['year']])) {\n\t\t\t\t\t$days[$item['day'] . '.' . $item['month'] . '.' . $item['year']] = [\n\t\t\t\t\t\t'total' => 0.00,\n\t\t\t\t\t\t'http' => 0.00,\n\t\t\t\t\t\t'ftp' => 0.00,\n\t\t\t\t\t\t'mail' => 0.00,\n\t\t\t\t\t];\n\t\t\t\t}\n\t\t\t\t// per year\n\t\t\t\t$years[$item['year']]['total'] += $total;\n\t\t\t\t$years[$item['year']]['http'] += $http;\n\t\t\t\t$years[$item['year']]['ftp'] += $ftp;\n\t\t\t\t$years[$item['year']]['mail'] += $mail;\n\t\t\t\t// per month\n\t\t\t\t$months[$item['month'] . '/' . $item['year']]['total'] += $total;\n\t\t\t\t$months[$item['month'] . '/' . $item['year']]['http'] += $http;\n\t\t\t\t$months[$item['month'] . '/' . $item['year']]['ftp'] += $ftp;\n\t\t\t\t$months[$item['month'] . '/' . $item['year']]['mail'] += $mail;\n\t\t\t\t// per day\n\t\t\t\t$days[$item['day'] . '.' . $item['month'] . '.' . $item['year']]['total'] += $total;\n\t\t\t\t$days[$item['day'] . '.' . $item['month'] . '.' . $item['year']]['http'] += $http;\n\t\t\t\t$days[$item['day'] . '.' . $item['month'] . '.' . $item['year']]['ftp'] += $ftp;\n\t\t\t\t$days[$item['day'] . '.' . $item['month'] . '.' . $item['year']]['mail'] += $mail;\n\t\t\t}\n\t\t}\n\n\t\t// calculate overview for given range from users\n\t\t$metrics = [\n\t\t\t'total' => 0.00,\n\t\t\t'http' => 0.00,\n\t\t\t'ftp' => 0.00,\n\t\t\t'mail' => 0.00,\n\t\t];\n\t\tforeach ($users as $user) {\n\t\t\t$metrics['total'] += $user['total'];\n\t\t\t$metrics['http'] += $user['http'];\n\t\t\t$metrics['ftp'] += $user['ftp'];\n\t\t\t$metrics['mail'] += $user['mail'];\n\t\t}\n\n\t\t$years_avail = [];\n\t\tif (!$overview) {\n\t\t\t// get all possible years for filter\n\t\t\t$sel_stmt = Database::prepare(\"SELECT DISTINCT year FROM `\" . TABLE_PANEL_TRAFFIC . \"` WHERE 1 ORDER BY `year` DESC\");\n\t\t\tDatabase::pexecute($sel_stmt);\n\t\t\t$years_avail = $sel_stmt->fetchAll(\\PDO::FETCH_ASSOC);\n\t\t}\n\n\t\t// sort users by total traffic\n\t\tuasort($users, function ($user_a, $user_b) {\n\t\t\tif ($user_a['total'] == $user_b['total']) {\n\t\t\t\treturn 0;\n\t\t\t}\n\t\t\treturn ($user_a['total'] < $user_b['total']) ? 1 : -1;\n\t\t});\n\n\t\treturn [\n\t\t\t'metrics' => $metrics,\n\t\t\t'users' => $users,\n\t\t\t'years' => $years,\n\t\t\t'months' => $months,\n\t\t\t'days' => $days,\n\t\t\t'range' => $range,\n\t\t\t'years_avail' => $years_avail\n\t\t];\n\t}\n\n\t/**\n\t * @param ?string $range\n\t * @param array $params\n\t * @return array\n\t * @throws \\Exception\n\t */\n\tprivate static function getParamsByRange(string $range = null, array $params = []): array\n\t{\n\t\t$dateParams = [];\n\n\t\tif (preg_match(\"/year:([0-9]{4})/\", $range, $matches)) {\n\t\t\t$dateParams = ['year' => $matches[1]];\n\t\t} elseif (preg_match(\"/months:([1-9]([0-9]+)?)/\", $range, $matches)) {\n\t\t\t$dt = (new \\DateTime())->sub(new \\DateInterval('P' . $matches[1] . 'M'))->format('U');\n\t\t\t$dateParams = ['date_from' => $dt];\n\t\t} elseif (preg_match(\"/days:([1-9]([0-9]+)?)/\", $range, $matches)) {\n\t\t\t$dt = (new \\DateTime())->sub(new \\DateInterval('P' . $matches[1] . 'D'))->format('U');\n\t\t\t$dateParams = ['date_from' => $dt];\n\t\t} elseif (preg_match(\"/hours:([1-9]([0-9]+)?)/\", $range, $matches)) {\n\t\t\t$dt = (new \\DateTime())->sub(new \\DateInterval('PT' . $matches[1] . 'H'))->format('U');\n\t\t\t$dateParams = ['date_from' => $dt];\n\t\t} elseif (preg_match(\"/currentmonth/\", $range, $matches)) {\n\t\t\t$dt = (new \\DateTime(\"first day of this month\"))->setTime(0, 0, 0, 1)->format('U');\n\t\t\t$dateParams = ['date_from' => $dt];\n\t\t} elseif (preg_match(\"/currentyear/\", $range, $matches)) {\n\t\t\t$dt = \\DateTime::createFromFormat(\"d.m.Y\", '01.01.' . date('Y'))->setTime(0, 0, 0, 1)->format('U');\n\t\t\t$dateParams = ['date_from' => $dt];\n\t\t}\n\n\t\treturn array_merge($dateParams, $params);\n\t}\n}\n" }, { "path": "lib/Froxlor/Traffic/index.html", "content": "" }, { "path": "lib/Froxlor/UI/Callbacks/Admin.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\UI\\Callbacks;\n\nuse Froxlor\\UI\\Panel\\UI;\n\nclass Admin\n{\n\tpublic static function canChangeServerSettings(array $attributes)\n\t{\n\t\treturn (bool)UI::getCurrentUser()['change_serversettings'];\n\t}\n\n\tpublic static function isNotMe(array $attributes)\n\t{\n\t\treturn (UI::getCurrentUser()['adminid'] != $attributes['fields']['adminid']);\n\t}\n}\n" }, { "path": "lib/Froxlor/UI/Callbacks/Customer.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\UI\\Callbacks;\n\nuse Froxlor\\Settings;\nuse Froxlor\\System\\Markdown;\n\nclass Customer\n{\n\tpublic static function isLocked(array $attributes): bool\n\t{\n\t\treturn $attributes['fields']['loginfail_count'] >= Settings::Get('login.maxloginattempts')\n\t\t\t&& $attributes['fields']['lastlogin_fail'] > (time() - Settings::Get('login.deactivatetime'));\n\t}\n\n\tpublic static function hasNote(array $attributes): bool\n\t{\n\t\t$cleanNote = Markdown::cleanCustomNotes($attributes['fields']['custom_notes'] ?? \"\");\n\t\treturn !empty($cleanNote);\n\t}\n}\n" }, { "path": "lib/Froxlor/UI/Callbacks/Dns.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\UI\\Callbacks;\n\nclass Dns\n{\n\tpublic static function prio(array $attributes): string\n\t{\n\t\treturn ($attributes['fields']['prio'] <= 0\n\t\t\t&& $attributes['fields']['type'] != 'MX'\n\t\t\t&& $attributes['fields']['type'] != 'SRV') ? '' : $attributes['data'];\n\t}\n}\n" }, { "path": "lib/Froxlor/UI/Callbacks/Domain.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\UI\\Callbacks;\n\nuse Froxlor\\CurrentUser;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\Domain\\Domain as DDomain;\nuse Froxlor\\FileDir;\nuse Froxlor\\Settings;\nuse Froxlor\\UI\\Panel\\UI;\n\nclass Domain\n{\n\tpublic static function domainEditLink(array $attributes): array\n\t{\n\t\t$linker = UI::getLinker();\n\t\treturn [\n\t\t\t'macro' => 'link',\n\t\t\t'data' => [\n\t\t\t\t'text' => $attributes['data'],\n\t\t\t\t'href' => $linker->getLink([\n\t\t\t\t\t'section' => 'domains',\n\t\t\t\t\t'page' => 'domains',\n\t\t\t\t\t'action' => 'edit',\n\t\t\t\t\t'id' => $attributes['fields']['id'],\n\t\t\t\t]),\n\t\t\t\t'target' => '_blank'\n\t\t\t]\n\t\t];\n\t}\n\n\tpublic static function domainWithCustomerLink(array $attributes): string\n\t{\n\t\t$linker = UI::getLinker();\n\t\t$result = '' . $attributes['data'] . '';\n\t\tif ((int)UI::getCurrentUser()['adminsession'] == 1 && $attributes['fields']['customerid']) {\n\t\t\t$result .= ' (getLink([\n\t\t\t\t\t'section' => 'customers',\n\t\t\t\t\t'page' => 'customers',\n\t\t\t\t\t'action' => 'su',\n\t\t\t\t\t'sort' => $attributes['fields']['loginname'],\n\t\t\t\t\t'id' => $attributes['fields']['customerid'],\n\t\t\t\t]) . '\">' . $attributes['fields']['loginname'] . ')';\n\t\t}\n\t\treturn $result;\n\t}\n\n\tpublic static function domainTarget(array $attributes)\n\t{\n\t\tif (empty($attributes['fields']['aliasdomain'])) {\n\t\t\tif ($attributes['fields']['deactivated']) {\n\t\t\t\treturn lng('admin.deactivated');\n\t\t\t}\n\t\t\tif ($attributes['fields']['email_only']) {\n\t\t\t\treturn lng('domains.email_only');\n\t\t\t}\n\t\t\t// path or redirect\n\t\t\tif (preg_match('/^https?\\:\\/\\//', $attributes['fields']['documentroot'])) {\n\t\t\t\treturn [\n\t\t\t\t\t'macro' => 'link',\n\t\t\t\t\t'data' => [\n\t\t\t\t\t\t'text' => $attributes['fields']['documentroot'],\n\t\t\t\t\t\t'href' => $attributes['fields']['documentroot'],\n\t\t\t\t\t\t'target' => '_blank'\n\t\t\t\t\t]\n\t\t\t\t];\n\t\t\t} else {\n\t\t\t\t// show docroot nicely\n\t\t\t\tif (strpos($attributes['fields']['documentroot'], UI::getCurrentUser()['documentroot']) === 0) {\n\t\t\t\t\t$attributes['fields']['documentroot'] = FileDir::makeCorrectDir(str_replace(UI::getCurrentUser()['documentroot'], \"/\", $attributes['fields']['documentroot']));\n\t\t\t\t}\n\t\t\t\treturn $attributes['fields']['documentroot'];\n\t\t\t}\n\t\t}\n\t\treturn lng('domains.aliasdomain') . ' ' . $attributes['fields']['aliasdomain'];\n\t}\n\n\tpublic static function domainExternalLinkInfo(array $attributes): string\n\t{\n\t\t$result = '';\n\t\tif ($attributes['fields']['parentdomainid'] != 0) {\n\t\t\t$result = '';\n\t\t}\n\t\t$result .= '' . $attributes['data'] . '';\n\t\t// check for statistics if parentdomainid==0 to show stats-link for customers\n\t\tif ((int)UI::getCurrentUser()['adminsession'] == 0\n\t\t\t&& $attributes['fields']['parentdomainid'] == 0\n\t\t\t&& $attributes['fields']['deactivated'] == 0\n\t\t\t&& !$attributes['fields']['email_only']\n\t\t\t&& preg_match('/^https?:\\/\\/(.*)/i', $attributes['fields']['documentroot']) == false\n\t\t) {\n\t\t\t$statsapp = Settings::Get('system.traffictool');\n\t\t\t$result .= ' ';\n\t\t}\n\t\tif ($attributes['fields']['registration_date'] != '') {\n\t\t\t$result .= '
' . lng('domains.registration_date') . ': ' . $attributes['fields']['registration_date'] . '';\n\t\t}\n\t\tif ($attributes['fields']['termination_date'] != '') {\n\t\t\t$result .= '
' . lng('domains.termination_date_overview') . ': ' . $attributes['fields']['termination_date'] . '';\n\t\t}\n\t\treturn $result;\n\t}\n\n\tpublic static function canEdit(array $attributes): bool\n\t{\n\t\treturn $attributes['fields']['caneditdomain'] && !$attributes['fields']['deactivated'];\n\t}\n\n\tpublic static function canViewLogs(array $attributes): bool\n\t{\n\t\tif ((int)$attributes['fields']['email_only'] == 0 && !$attributes['fields']['deactivated']) {\n\t\t\tif ((int)UI::getCurrentUser()['adminsession'] == 0 && (bool)UI::getCurrentUser()['logviewenabled']) {\n\t\t\t\treturn true;\n\t\t\t} elseif ((int)UI::getCurrentUser()['adminsession'] == 1) {\n\t\t\t\treturn true;\n\t\t\t}\n\t\t}\n\t\treturn false;\n\t}\n\n\tpublic static function canDelete(array $attributes): bool\n\t{\n\t\treturn $attributes['fields']['parentdomainid'] != '0'\n\t\t\t&& empty($attributes['fields']['domainaliasid']);\n\t}\n\n\tpublic static function adminCanDelete(array $attributes): bool\n\t{\n\t\treturn $attributes['fields']['id'] != Settings::Get('system.hostname_id')\n\t\t\t&& empty($attributes['fields']['domainaliasid'])\n\t\t\t&& $attributes['fields']['standardsubdomain'] != $attributes['fields']['id'];\n\t}\n\n\tpublic static function canEditDNS(array $attributes): bool\n\t{\n\t\treturn $attributes['fields']['isbinddomain'] == '1'\n\t\t\t&& UI::getCurrentUser()['dnsenabled'] == '1'\n\t\t\t&& $attributes['fields']['caneditdomain'] == '1'\n\t\t\t&& Settings::Get('system.bind_enable') == '1'\n\t\t\t&& Settings::Get('system.dnsenabled') == '1'\n\t\t\t&& !$attributes['fields']['deactivated'];\n\t}\n\n\tpublic static function adminCanEditDNS(array $attributes): bool\n\t{\n\t\treturn $attributes['fields']['isbinddomain'] == '1'\n\t\t\t&& Settings::Get('system.bind_enable') == '1'\n\t\t\t&& Settings::Get('system.dnsenabled') == '1';\n\t}\n\n\tpublic static function hasLetsEncryptActivated(array $attributes): bool\n\t{\n\t\treturn ((bool)$attributes['fields']['letsencrypt'] && (int)$attributes['fields']['email_only'] == 0);\n\t}\n\n\t/**\n\t * @throws \\Exception\n\t */\n\tpublic static function canEditSSL(array $attributes): bool\n\t{\n\t\tif (Settings::Get('system.use_ssl') == '1'\n\t\t\t&& DDomain::domainHasSslIpPort($attributes['fields']['id'])\n\t\t\t&& (CurrentUser::isAdmin() || (!CurrentUser::isAdmin() && (int)$attributes['fields']['caneditdomain'] == 1))\n\t\t\t&& (int)$attributes['fields']['letsencrypt'] == 0\n\t\t\t&& !(int)$attributes['fields']['email_only']\n\t\t\t&& !$attributes['fields']['deactivated']\n\t\t) {\n\t\t\treturn true;\n\t\t}\n\t\treturn false;\n\t}\n\n\tpublic static function canEditAlias(array $attributes): bool\n\t{\n\t\treturn !empty($attributes['fields']['domainaliasid']);\n\t}\n\n\tpublic static function isAssigned(array $attributes): bool\n\t{\n\t\treturn ($attributes['fields']['parentdomainid'] == 0 && empty($attributes['fields']['domainaliasid']));\n\t}\n\n\tpublic static function editSSLButtons(array $attributes): array\n\t{\n\t\t$result = [\n\t\t\t'icon' => 'fa-solid fa-shield',\n\t\t\t'title' => lng('panel.ssleditor'),\n\t\t\t'href' => [\n\t\t\t\t'section' => 'domains',\n\t\t\t\t'page' => 'domainssleditor',\n\t\t\t\t'action' => 'view',\n\t\t\t\t'id' => ':id'\n\t\t\t],\n\t\t];\n\n\t\tif ($attributes['fields']['domain_hascert'] == 1) {\n\t\t\t// specified certificate for domain\n\t\t\t$result['icon'] .= ' text-success';\n\t\t} elseif ($attributes['fields']['domain_hascert'] == 2) {\n\t\t\t// shared certificates (e.g. subdomain of domain where certificate is specified)\n\t\t\t$result['icon'] .= ' text-warning';\n\t\t\t$result['title'] .= \"\\n\" . lng('panel.ssleditor_infoshared');\n\t\t} elseif ($attributes['fields']['domain_hascert'] == 0) {\n\t\t\t// no certificate specified, using global fallbacks (IPs and Ports or if empty SSL settings)\n\t\t\t$result['icon'] .= ' text-danger';\n\t\t\t$result['title'] .= \"\\n\" . lng('panel.ssleditor_infoglobal');\n\t\t}\n\n\t\t$result['visible'] = [Domain::class, 'canEditSSL'];\n\n\t\treturn $result;\n\t}\n\n\tpublic static function listIPs(array $attributes): string\n\t{\n\t\tif (!empty($attributes['fields']['ipsandports'])) {\n\t\t\t$iplist = \"\";\n\t\t\tforeach ($attributes['fields']['ipsandports'] as $ipport) {\n\t\t\t\t$iplist .= $ipport['ip'] . ':' . $ipport['port'] . '
';\n\t\t\t}\n\t\t\treturn $iplist;\n\t\t}\n\t\treturn lng('panel.listing_empty');\n\t}\n\n\t/**\n\t * @throws \\Exception\n\t */\n\tpublic static function getPhpConfigName(array $attributes): string\n\t{\n\t\t$sel_stmt = Database::prepare(\"SELECT `description` FROM `\" . TABLE_PANEL_PHPCONFIGS . \"` WHERE `id` = :id\");\n\t\t$phpconfig = Database::pexecute_first($sel_stmt, ['id' => $attributes['data']]);\n\t\tif ((int)UI::getCurrentUser()['adminsession'] == 1) {\n\t\t\t$linker = UI::getLinker();\n\t\t\t$result = 'getLink([\n\t\t\t\t\t'section' => 'phpsettings',\n\t\t\t\t\t'page' => 'overview',\n\t\t\t\t\t'searchfield' => 'c.id',\n\t\t\t\t\t'searchtext' => $attributes['data'],\n\t\t\t\t]) . '\">' . $phpconfig['description'] . '';\n\t\t} else {\n\t\t\t$result = $phpconfig['description'];\n\t\t}\n\t\treturn $result;\n\t}\n}\n" }, { "path": "lib/Froxlor/UI/Callbacks/Email.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\UI\\Callbacks;\n\nuse Froxlor\\PhpHelper;\nuse Froxlor\\Settings;\n\nclass Email\n{\n\tpublic static function account(array $attributes)\n\t{\n\t\treturn [\n\t\t\t'macro' => 'booleanWithInfo',\n\t\t\t'data' => [\n\t\t\t\t'checked' => $attributes['data'] != 0,\n\t\t\t\t'info' => $attributes['data'] != 0 ? PhpHelper::sizeReadable($attributes['fields']['mboxsize'], 'GiB', 'bi', '%01.' . (int)Settings::Get('panel.decimal_places') . 'f %s') : ''\n\t\t\t]\n\t\t];\n\t}\n\n\tpublic static function forwarderList(array $attributes)\n\t{\n\t\t$forwarders = explode(\" \", $attributes['data']);\n\t\tif (($key = array_search($attributes['fields']['email_full'], $forwarders)) !== false) {\n\t\t\tunset($forwarders[$key]);\n\t\t}\n\t\tif (count($forwarders) > 0) {\n\t\t\treturn implode(\"
\", $forwarders);\n\t\t}\n\t\treturn \"\";\n\t}\n}\n" }, { "path": "lib/Froxlor/UI/Callbacks/Ftp.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\UI\\Callbacks;\n\nuse Froxlor\\FileDir;\nuse Froxlor\\UI\\Panel\\UI;\n\nclass Ftp\n{\n\tpublic static function pathRelative(array $attributes): string\n\t{\n\t\tif (strpos($attributes['data'], UI::getCurrentUser()['documentroot']) === 0) {\n\t\t\t$attributes['data'] = str_replace(UI::getCurrentUser()['documentroot'], \"/\", $attributes['data']);\n\t\t}\n\t\t$attributes['data'] = FileDir::makeCorrectDir($attributes['data']);\n\n\t\treturn $attributes['data'];\n\t}\n}\n" }, { "path": "lib/Froxlor/UI/Callbacks/Impersonate.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\UI\\Callbacks;\n\nuse Froxlor\\UI\\Panel\\UI;\n\nclass Impersonate\n{\n\tpublic static function apiAdminCustomerLink(array $attributes)\n\t{\n\t\t// my own key\n\t\t$isMyKey = false;\n\t\tif ($attributes['fields']['adminid'] == UI::getCurrentUser()['adminid']\n\t\t\t&& ((AREA == 'admin' && $attributes['fields']['customerid'] == 0)\n\t\t\t\t|| (AREA == 'customer' && $attributes['fields']['customerid'] == UI::getCurrentUser()['customerid'])\n\t\t\t)\n\t\t) {\n\t\t\t// this is mine\n\t\t\t$isMyKey = true;\n\t\t}\n\n\t\t$adminCustomerLink = \"\";\n\t\tif (AREA == 'admin') {\n\t\t\tif ($isMyKey) {\n\t\t\t\t$adminCustomerLink = $attributes['fields']['adminname'];\n\t\t\t} else {\n\t\t\t\tif (empty($attributes['fields']['customerid'])) {\n\t\t\t\t\t$adminCustomerLink = self::admin($attributes);\n\t\t\t\t} else {\n\t\t\t\t\t$attributes['data'] = $attributes['fields']['loginname'];\n\t\t\t\t\t$adminCustomerLink = self::customer($attributes);\n\t\t\t\t}\n\t\t\t}\n\t\t} else {\n\t\t\t// customer do not need links\n\t\t\t$adminCustomerLink = $attributes['fields']['loginname'];\n\t\t}\n\n\t\treturn $adminCustomerLink;\n\t}\n\n\tpublic static function admin(array $attributes)\n\t{\n\t\tif (UI::getCurrentUser()['adminid'] != $attributes['fields']['adminid']) {\n\t\t\t$linker = UI::getLinker();\n\t\t\treturn [\n\t\t\t\t'macro' => 'link',\n\t\t\t\t'data' => [\n\t\t\t\t\t'text' => $attributes['data'],\n\t\t\t\t\t'href' => $linker->getLink([\n\t\t\t\t\t\t'section' => 'admins',\n\t\t\t\t\t\t'page' => 'admins',\n\t\t\t\t\t\t'action' => 'su',\n\t\t\t\t\t\t'id' => $attributes['fields']['adminid'],\n\t\t\t\t\t]),\n\t\t\t\t]\n\t\t\t];\n\t\t}\n\t\treturn $attributes['data'];\n\t}\n\n\tpublic static function customer(array $attributes): array\n\t{\n\t\t$linker = UI::getLinker();\n\t\treturn [\n\t\t\t'macro' => 'link',\n\t\t\t'data' => [\n\t\t\t\t'text' => $attributes['data'],\n\t\t\t\t'href' => $linker->getLink([\n\t\t\t\t\t'section' => 'customers',\n\t\t\t\t\t'page' => 'customers',\n\t\t\t\t\t'action' => 'su',\n\t\t\t\t\t'sort' => $attributes['fields']['loginname'],\n\t\t\t\t\t'id' => $attributes['fields']['customerid'],\n\t\t\t\t]),\n\t\t\t]\n\t\t];\n\t}\n}\n" }, { "path": "lib/Froxlor/UI/Callbacks/Mysql.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\UI\\Callbacks;\n\nuse Froxlor\\Database\\Database;\n\nclass Mysql\n{\n\tpublic static function dbserver(array $attributes): string\n\t{\n\t\t// get sql-root access data\n\t\tDatabase::needRoot(true, (int)$attributes['data'], false);\n\t\tDatabase::needSqlData();\n\t\t$sql_root = Database::getSqlData();\n\t\tDatabase::needRoot(false);\n\n\t\treturn $sql_root['caption'] . '
' . $sql_root['host'] . '';\n\t}\n}\n" }, { "path": "lib/Froxlor/UI/Callbacks/PHPConf.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\UI\\Callbacks;\n\nuse Froxlor\\Settings;\nuse Froxlor\\Idna\\IdnaWrapper;\nuse Froxlor\\UI\\Panel\\UI;\n\nclass PHPConf\n{\n\tpublic static function domainList(array $attributes): string\n\t{\n\t\t$idna = new IdnaWrapper;\n\t\t$domains = \"\";\n\t\t$subdomains_count = count($attributes['fields']['subdomains']);\n\t\tforeach ($attributes['fields']['domains'] as $configdomain) {\n\t\t\t$domains .= $idna->decode($configdomain) . \"
\";\n\t\t}\n\t\tif ($subdomains_count == 0 && empty($domains)) {\n\t\t\t$domains = lng('admin.phpsettings.notused');\n\t\t} else {\n\t\t\tif (Settings::Get('panel.phpconfigs_hidesubdomains') == '1') {\n\t\t\t\t$domains .= !empty($subdomains_count) ? ((!empty($domains) ? '+ ' : '') . $subdomains_count . ' ' . lng('customer.subdomains')) : '';\n\t\t\t} else {\n\t\t\t\tforeach ($attributes['fields']['subdomains'] as $configdomain) {\n\t\t\t\t\t$domains .= $idna->decode($configdomain) . \"
\";\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\treturn $domains;\n\t}\n\n\tpublic static function configsList(array $attributes)\n\t{\n\t\t$configs = \"\";\n\t\tforeach ($attributes['fields']['configs'] as $configused) {\n\t\t\t$configs .= $configused . \"
\";\n\t\t}\n\t\treturn $configs;\n\t}\n\n\tpublic static function isNotDefault(array $attributes)\n\t{\n\t\tif (UI::getCurrentUser()['change_serversettings']) {\n\t\t\treturn $attributes['fields']['id'] != 1;\n\t\t}\n\t\treturn false;\n\t}\n\n\tpublic static function fpmConfLink(array $attributes)\n\t{\n\t\tif (UI::getCurrentUser()['change_serversettings']) {\n\t\t\t$linker = UI::getLinker();\n\t\t\treturn [\n\t\t\t\t'macro' => 'link',\n\t\t\t\t'data' => [\n\t\t\t\t\t'text' => $attributes['data'],\n\t\t\t\t\t'href' => $linker->getLink([\n\t\t\t\t\t\t'section' => 'phpsettings',\n\t\t\t\t\t\t'page' => 'fpmdaemons',\n\t\t\t\t\t\t'searchfield' => 'id',\n\t\t\t\t\t\t'searchtext' => $attributes['fields']['fpmsettingid'],\n\t\t\t\t\t]),\n\t\t\t\t]\n\t\t\t];\n\t\t}\n\t\treturn $attributes['data'];\n\t}\n}\n" }, { "path": "lib/Froxlor/UI/Callbacks/ProgressBar.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\UI\\Callbacks;\n\nuse Exception;\nuse Froxlor\\Traffic\\Traffic;\nuse Froxlor\\PhpHelper;\nuse Froxlor\\Settings;\nuse Froxlor\\UI\\Response;\n\nclass ProgressBar\n{\n\t/**\n\t * get progressbar data for used diskspace\n\t *\n\t * @param array $attributes\n\t * @return array\n\t */\n\tpublic static function diskspace(array $attributes): array\n\t{\n\t\t$infotext = null;\n\t\tif (isset($attributes['fields']['webspace_used']) && isset($attributes['fields']['mailspace_used']) && isset($attributes['fields']['dbspace_used'])) {\n\t\t\t$infotext = lng('panel.used') . ':' . PHP_EOL;\n\t\t\t$infotext .= 'web: ' . PhpHelper::sizeReadable($attributes['fields']['webspace_used'] * 1024, null, 'bi') . PHP_EOL;\n\t\t\t$infotext .= 'mail: ' . PhpHelper::sizeReadable($attributes['fields']['mailspace_used'] * 1024, null, 'bi') . PHP_EOL;\n\t\t\t$infotext .= 'mysql: ' . PhpHelper::sizeReadable($attributes['fields']['dbspace_used'] * 1024, null, 'bi');\n\t\t}\n\n\t\treturn self::pbData('diskspace', $attributes['fields'], 1024, (int)Settings::Get('system.report_webmax'), $infotext);\n\t}\n\n\t/**\n\t * do needed calculations\n\t */\n\tprivate static function pbData(string $field, array $attributes, int $size_factor = 1024, int $report_max = 90, $infotext = null): array\n\t{\n\t\t$percent = 0;\n\t\t$style = 'bg-primary';\n\t\t$text = PhpHelper::sizeReadable($attributes[$field . '_used'] * $size_factor, null, 'bi') . ' / ' . lng('panel.unlimited');\n\t\tif ((int)$attributes[$field] >= 0) {\n\t\t\tif (($attributes[$field] / 100) * $report_max < $attributes[$field . '_used']) {\n\t\t\t\t$style = 'bg-danger';\n\t\t\t} elseif (($attributes[$field] / 100) * ($report_max - 15) < $attributes[$field . '_used']) {\n\t\t\t\t$style = 'bg-warning';\n\t\t\t}\n\t\t\t$percent = round(($attributes[$field . '_used'] * 100) / ($attributes[$field] == 0 ? 1 : $attributes[$field]), 0);\n\t\t\tif ($percent > 100) {\n\t\t\t\t$percent = 100;\n\t\t\t}\n\t\t\t$text = PhpHelper::sizeReadable($attributes[$field . '_used'] * $size_factor, null, 'bi') . ' / ' . PhpHelper::sizeReadable($attributes[$field] * $size_factor, null, 'bi');\n\t\t}\n\n\t\treturn [\n\t\t\t'macro' => 'progressbar',\n\t\t\t'data' => [\n\t\t\t\t'percent' => $percent,\n\t\t\t\t'style' => $style,\n\t\t\t\t'text' => $text,\n\t\t\t\t'infotext' => $infotext\n\t\t\t]\n\t\t];\n\t}\n\n\t/**\n\t * get progressbar data for traffic\n\t *\n\t * @param array $attributes ['fields']\n\t * @return array\n\t */\n\tpublic static function traffic(array $attributes): array\n\t{\n\t\t$skip_customer_traffic = false;\n\t\ttry {\n\t\t\t$attributes['fields']['deactivated'] = 0;\n\t\t\t$result = Traffic::getCustomerStats($attributes['fields'], 'currentmonth', true);\n\t\t} catch (Exception $e) {\n\t\t\tif ($e->getCode() === 405) {\n\t\t\t\t$skip_customer_traffic = true;\n\t\t\t} else {\n\t\t\t\tResponse::dynamicError($e->getMessage());\n\t\t\t}\n\t\t}\n\t\t$infotext = null;\n\t\tif (isset($result['metrics']['http']) && !$skip_customer_traffic) {\n\t\t\t$infotext = lng('panel.used') . ':' . PHP_EOL;\n\t\t\t$infotext .= 'http: ' . PhpHelper::sizeReadable($result['metrics']['http'], null, 'bi') . PHP_EOL;\n\t\t\t$infotext .= 'ftp: ' . PhpHelper::sizeReadable($result['metrics']['ftp'], null, 'bi') . PHP_EOL;\n\t\t\t$infotext .= 'mail: ' . PhpHelper::sizeReadable($result['metrics']['mail'], null, 'bi');\n\t\t}\n\t\treturn self::pbData('traffic', $attributes['fields'], 1024, (int)Settings::Get('system.report_trafficmax'), $infotext);\n\t}\n\n\t/**\n\t * get progressbar data for traffic for the admin overview\n\t * (key is to set 'adminsession' for the admin-users so the traffic-API selects\n\t * the correct customer data for the corresponsing admin/reseller)\n\t *\n\t * @param array $attributes ['fields']\n\t * @return array\n\t */\n\tpublic static function traffic_admins(array $attributes): array\n\t{\n\t\t$attributes['fields']['adminsession'] = 1;\n\t\treturn self::traffic($attributes);\n\t}\n}\n" }, { "path": "lib/Froxlor/UI/Callbacks/SSLCertificate.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\UI\\Callbacks;\n\nclass SSLCertificate\n{\n\tpublic static function domainWithSan(array $attributes): array\n\t{\n\t\treturn [\n\t\t\t'macro' => 'domainWithSan',\n\t\t\t'data' => [\n\t\t\t\t'domain' => $attributes['data'],\n\t\t\t\t'san' => implode(', ', $attributes['fields']['san'] ?? []),\n\t\t\t]\n\t\t];\n\t}\n\n\tpublic static function canEditSSL(array $attributes): bool\n\t{\n\t\tif ((int)$attributes['fields']['domainid'] > 0\n\t\t\t&& (int)$attributes['fields']['letsencrypt'] == 0\n\t\t) {\n\t\t\treturn true;\n\t\t}\n\t\treturn false;\n\t}\n\n\tpublic static function isNotLetsEncrypt(array $attributes): bool\n\t{\n\t\treturn (int)$attributes['fields']['letsencrypt'] == 0;\n\t}\n}\n" }, { "path": "lib/Froxlor/UI/Callbacks/Style.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\UI\\Callbacks;\n\nuse Froxlor\\CurrentUser;\nuse Froxlor\\Settings;\n\nclass Style\n{\n\tpublic static function deactivated(array $attributes): string\n\t{\n\t\treturn $attributes['fields']['deactivated'] ? 'table-danger' : '';\n\t}\n\n\tpublic static function loginDisabled(array $attributes): string\n\t{\n\t\treturn $attributes['fields']['login_enabled'] == 'N' ? 'table-danger' : '';\n\t}\n\n\tpublic static function resultIntegrityBad(array $attributes): string\n\t{\n\t\treturn $attributes['fields']['result'] ? '' : 'table-warning';\n\t}\n\n\tpublic static function invalidApiKey(array $attributes): string\n\t{\n\t\t// check whether the api key is not valid anymore\n\t\t$isValid = true;\n\t\tif ($attributes['fields']['valid_until'] >= 0) {\n\t\t\tif ($attributes['fields']['valid_until'] < time()) {\n\t\t\t\t$isValid = false;\n\t\t\t}\n\t\t}\n\t\treturn $isValid ? '' : 'table-danger';\n\t}\n\n\tpublic static function resultDomainTerminatedOrDeactivated(array $attributes): string\n\t{\n\t\t$termination_date = str_replace(\"0000-00-00\", \"\", $attributes['fields']['termination_date'] ?? '');\n\t\t$termination_css = '';\n\t\tif (!empty($termination_date)) {\n\t\t\t$cdate = strtotime($termination_date . \" 23:59:59\");\n\t\t\t$today = time();\n\t\t\t$termination_css = 'table-warning';\n\t\t\tif ($cdate < $today) {\n\t\t\t\t$termination_css = 'table-danger';\n\t\t\t}\n\t\t}\n\t\t$deactivated = $attributes['fields']['deactivated'] || (CurrentUser::isAdmin() && $attributes['fields']['customer_deactivated']);\n\t\treturn $deactivated ? 'table-info' : $termination_css;\n\t}\n\n\tpublic static function resultCustomerLockedOrDeactivated(array $attributes): string\n\t{\n\t\t$row_css = '';\n\t\tif ((int)$attributes['fields']['deactivated'] == 1) {\n\t\t\t$row_css = 'table-info';\n\t\t} elseif ($attributes['fields']['loginfail_count'] >= Settings::Get('login.maxloginattempts')\n\t\t\t&& $attributes['fields']['lastlogin_fail'] > (time() - Settings::Get('login.deactivatetime'))\n\t\t) {\n\t\t\t$row_css = 'table-warning';\n\t\t}\n\n\t\treturn $row_css;\n\t}\n\n\tpublic static function diskspaceWarning(array $attributes): string\n\t{\n\t\treturn self::getWarningStyle('diskspace', $attributes['fields'], (int)Settings::Get('system.report_webmax'));\n\t}\n\n\tprivate static function getWarningStyle(string $field, array $attributes, int $report_max = 90): string\n\t{\n\t\t$style = '';\n\t\tif ((int)$attributes[$field] >= 0) {\n\t\t\tif (($attributes[$field] / 100) * $report_max < $attributes[$field . '_used']) {\n\t\t\t\t$style = 'table-danger';\n\t\t\t} elseif (($attributes[$field] / 100) * ($report_max - 15) < $attributes[$field . '_used']) {\n\t\t\t\t$style = 'table-warning';\n\t\t\t}\n\t\t}\n\t\treturn $style;\n\t}\n\n\tpublic static function trafficWarning(array $attributes): string\n\t{\n\t\treturn self::getWarningStyle('traffic', $attributes['fields'], (int)Settings::Get('system.report_trafficmax'));\n\t}\n}\n" }, { "path": "lib/Froxlor/UI/Callbacks/SysLog.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\UI\\Callbacks;\n\nuse Froxlor\\FroxlorLogger;\n\nclass SysLog\n{\n\n\tpublic static function typeDescription(array $attributes): string\n\t{\n\t\treturn FroxlorLogger::getInstanceOf()->getLogLevelDesc($attributes['data']);\n\t}\n}\n" }, { "path": "lib/Froxlor/UI/Callbacks/Text.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\UI\\Callbacks;\n\nuse Froxlor\\CurrentUser;\nuse Froxlor\\Database\\Database;\nuse Froxlor\\Froxlor;\nuse Froxlor\\PhpHelper;\nuse Froxlor\\System\\Markdown;\nuse Froxlor\\UI\\Panel\\UI;\nuse Froxlor\\User;\nuse PDO;\n\nclass Text\n{\n\tpublic static function boolean(array $attributes): array\n\t{\n\t\treturn [\n\t\t\t'macro' => 'boolean',\n\t\t\t'data' => (bool)$attributes['data']\n\t\t];\n\t}\n\n\tpublic static function yesno(array $attributes): array\n\t{\n\t\treturn [\n\t\t\t'macro' => 'boolean',\n\t\t\t'data' => $attributes['data'] == 'Y'\n\t\t];\n\t}\n\n\tpublic static function type2fa(array $attributes): array\n\t{\n\t\treturn [\n\t\t\t'macro' => 'type2fa',\n\t\t\t'data' => (int)$attributes['data']\n\t\t];\n\t}\n\n\tpublic static function customerfullname(array $attributes): string\n\t{\n\t\treturn User::getCorrectFullUserDetails($attributes['fields'], true);\n\t}\n\n\tpublic static function size(array $attributes): string\n\t{\n\t\treturn PhpHelper::sizeReadable($attributes['data'], null, 'bi');\n\t}\n\n\tpublic static function timestamp(array $attributes): string\n\t{\n\t\treturn (int)$attributes['data'] > 0 ? date('d.m.Y H:i', (int)$attributes['data']) : lng('panel.never');\n\t}\n\n\tpublic static function timestampUntil(array $attributes): string\n\t{\n\t\treturn (int)$attributes['data'] > 0 ? date('d.m.Y H:i', (int)$attributes['data']) : lng('panel.unlimited');\n\t}\n\n\tpublic static function crondesc(array $attributes): string\n\t{\n\t\treturn lng('crondesc.' . $attributes['data']);\n\t}\n\n\tpublic static function shorten(array $attributes): string\n\t{\n\t\treturn substr($attributes['data'], 0, 20) . '...';\n\t}\n\n\tpublic static function wordwrap(array $attributes): string\n\t{\n\t\treturn wordwrap($attributes['data'], 100, '
', true);\n\t}\n\n\tpublic static function customerNoteDetailModal(array $attributes): array\n\t{\n\t\t$note = $attributes['fields']['custom_notes'] ?? '';\n\t\t$key = $attributes['fields']['customerid'] ?? $attributes['fields']['adminid'];\n\t\treturn [\n\t\t\t'entry' => $key,\n\t\t\t'id' => 'cnModal' . $key,\n\t\t\t'title' => lng('usersettings.custom_notes.title') . ': ' . ($attributes['fields']['loginname'] ?? $attributes['fields']['adminname']),\n\t\t\t'body' => nl2br(Markdown::cleanCustomNotes($note))\n\t\t];\n\t}\n\n\tpublic static function apikeyDetailModal(array $attributes): array\n\t{\n\t\t$linker = UI::getLinker();\n\t\t$result = $attributes['fields'];\n\t\t$apikey_data = include Froxlor::getInstallDir() . '/lib/formfields/formfield.api_key.php';\n\n\t\t$body = UI::twig()->render(UI::validateThemeTemplate('/user/inline-form.html.twig'), [\n\t\t\t'formaction' => $linker->getLink(['section' => 'index', 'page' => 'apikeys']),\n\t\t\t'formdata' => $apikey_data['apikey'],\n\t\t\t'editid' => $attributes['fields']['id']\n\t\t]);\n\t\treturn [\n\t\t\t'entry' => $attributes['fields']['id'],\n\t\t\t'id' => 'akModal' . $attributes['fields']['id'],\n\t\t\t'title' => 'API-key ' . ($attributes['fields']['loginname'] ?? $attributes['fields']['adminname']),\n\t\t\t'action' => 'apikeys',\n\t\t\t'body' => $body\n\t\t];\n\t}\n\n\tpublic static function domainDuplicateModal(array $attributes): array\n\t{\n\t\t$linker = UI::getLinker();\n\t\t$result = $attributes['fields'];\n\n\t\t$customers = [\n\t\t\t0 => lng('panel.please_choose')\n\t\t];\n\t\t$result_customers_stmt = Database::prepare(\"\n\t\t\tSELECT `customerid`, `loginname`, `name`, `firstname`, `company`\n\t\t\tFROM `\" . TABLE_PANEL_CUSTOMERS . \"` \" . (CurrentUser::getField('customers_see_all') ? '' : \" WHERE `adminid` = :adminid \") . \"\n\t\t\tORDER BY COALESCE(NULLIF(`name`,''), `company`) ASC\n\t\t\");\n\t\t$params = [];\n\t\tif (CurrentUser::getField('customers_see_all') == '0') {\n\t\t\t$params['adminid'] = CurrentUser::getField('adminid');\n\t\t}\n\t\tDatabase::pexecute($result_customers_stmt, $params);\n\n\t\twhile ($row_customer = $result_customers_stmt->fetch(PDO::FETCH_ASSOC)) {\n\t\t\t$customers[$row_customer['customerid']] = User::getCorrectFullUserDetails($row_customer) . ' (' . $row_customer['loginname'] . ')';\n\t\t}\n\n\t\t$domdup_data = include Froxlor::getInstallDir() . '/lib/formfields/admin/domains/formfield.domains_duplicate.php';\n\n\t\t$body = UI::twig()->render(UI::validateThemeTemplate('/user/inline-form.html.twig'), [\n\t\t\t'formaction' => $linker->getLink(['section' => 'domains', 'page' => 'domains', 'action' => 'duplicate']),\n\t\t\t'formdata' => $domdup_data['domain_duplicate'],\n\t\t\t'editid' => $attributes['fields']['id'],\n\t\t\t'nosubmit' => 0\n\t\t]);\n\t\treturn [\n\t\t\t'entry' => $attributes['fields']['id'],\n\t\t\t'id' => 'ddModal' . $attributes['fields']['id'],\n\t\t\t'title' => lng('admin.domain_duplicate_named', [$attributes['fields']['domain']]),\n\t\t\t'action' => 'duplicate',\n\t\t\t'body' => $body\n\t\t];\n\t}\n}\n" }, { "path": "lib/Froxlor/UI/Callbacks/index.html", "content": "" }, { "path": "lib/Froxlor/UI/Collection.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\UI;\n\nuse Froxlor\\Settings;\n\nclass Collection\n{\n\tprivate string $class;\n\tprivate array $has = [];\n\tprivate array $params;\n\tprivate array $userinfo;\n\tprivate ?Pagination $pagination = null;\n\tprivate bool $internal = false;\n\n\tpublic function __construct(string $class, array $userInfo, array $params = [])\n\t{\n\t\t$this->class = $class;\n\t\t$this->params = $params;\n\t\t$this->userinfo = $userInfo;\n\t}\n\n\tpublic function getList(): array\n\t{\n\t\treturn $this->getData()['list'];\n\t}\n\n\tpublic function getData(): array\n\t{\n\t\treturn $this->get()['data'];\n\t}\n\n\tpublic function get(): array\n\t{\n\t\t$result = $this->getListing($this->class, $this->params);\n\n\t\t// check if the api result contains any items (not the overall listingCount as we might be in a search-resultset)\n\t\tif (count($result)) {\n\t\t\tforeach ($this->has as $has) {\n\t\t\t\t$attributes = $this->getListing($has['class'], $has['params']);\n\n\t\t\t\tforeach ($result['data']['list'] as $key => $item) {\n\t\t\t\t\tforeach ($attributes['data']['list'] as $list) {\n\t\t\t\t\t\tif ($item[$has['parentKey']] == $list[$has['childKey']]) {\n\t\t\t\t\t\t\t$result['data']['list'][$key][$has['column']] = $list;\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\t// attach pagination if available\n\t\tif ($this->pagination) {\n\t\t\t$result = array_merge($result, $this->pagination->getApiResponseParams());\n\t\t}\n\n\t\treturn $result;\n\t}\n\n\tprivate function getListing($class, $params): array\n\t{\n\t\treturn json_decode($class::getLocal($this->userinfo, $params, $this->internal)->listing(), true);\n\t}\n\n\tpublic function getJson(): string\n\t{\n\t\treturn json_encode($this->get());\n\t}\n\n\tpublic function has(string $column, string $class, string $parentKey = 'id', string $childKey = 'id', array $params = []): Collection\n\t{\n\t\t$this->has[] = [\n\t\t\t'column' => $column,\n\t\t\t'class' => $class,\n\t\t\t'parentKey' => $parentKey,\n\t\t\t'childKey' => $childKey,\n\t\t\t'params' => $params\n\t\t];\n\n\t\treturn $this;\n\t}\n\n\tpublic function addParam(array $keyval): Collection\n\t{\n\t\t$this->params = array_merge($this->params, $keyval);\n\n\t\treturn $this;\n\t}\n\n\tpublic function withPagination(array $columns, array $default_sorting = [], array $pagination_additional_params = []): Collection\n\t{\n\t\t// Get only searchable columns\n\t\t$sortableColumns = [];\n\t\tforeach ($columns as $key => $column) {\n\t\t\tif (!isset($column['sortable']) || (isset($column['sortable']) && $column['sortable'])) {\n\t\t\t\t$sortableColumns[$key] = $column;\n\t\t\t}\n\t\t}\n\n\t\t// Prepare pagination\n\t\t$this->pagination = new Pagination($sortableColumns, $this->count(), (int)Settings::Get('panel.paging'), $default_sorting, $pagination_additional_params);\n\t\t$this->params = array_merge($this->params, $this->pagination->getApiCommandParams());\n\t\t$this->pagination->setEntries($this->count(true));\n\t\treturn $this;\n\t}\n\n\tpublic function count(bool $with_pagination = false): int\n\t{\n\t\tif ($with_pagination) {\n\t\t\t$this->params = array_merge($this->params, $this->pagination->getApiCommandParams());\n\t\t}\n\t\treturn json_decode($this->class::getLocal($this->userinfo, $this->params, $this->internal)->listingCount(), true)['data'];\n\t}\n\n\tpublic function getPagination(): ?Pagination\n\t{\n\t\treturn $this->pagination;\n\t}\n\n\tpublic function setInternal(bool $internal): Collection {\n\t\t$this->internal = $internal;\n\t\treturn $this;\n\t}\n}\n" }, { "path": "lib/Froxlor/UI/Data.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\UI;\n\nclass Data\n{\n\n\tpublic static function getFormFieldDataEmail($fieldname, $fielddata, $input)\n\t{\n\t\treturn self::getFormFieldDataText($fieldname, $fielddata, $input);\n\t}\n\n\tpublic static function getFormFieldDataText($fieldname, $fielddata, $input)\n\t{\n\t\tif (isset($input[$fieldname])) {\n\t\t\t$newfieldvalue = str_replace(\"\\r\\n\", \"\\n\", $input[$fieldname]);\n\t\t} else {\n\t\t\t$newfieldvalue = $fielddata['default'];\n\t\t}\n\n\t\treturn $newfieldvalue;\n\t}\n\n\tpublic static function getFormFieldDataUrl($fieldname, $fielddata, $input)\n\t{\n\t\treturn self::getFormFieldDataText($fieldname, $fielddata, $input);\n\t}\n\n\tpublic static function getFormFieldDataSelect($fieldname, $fielddata, $input)\n\t{\n\t\tif (isset($input[$fieldname])) {\n\t\t\t$newfieldvalue = $input[$fieldname];\n\t\t} else {\n\t\t\t$newfieldvalue = $fielddata['default'];\n\t\t}\n\n\t\tif (is_array($newfieldvalue)) {\n\t\t\t$newfieldvalue = implode(',', $newfieldvalue);\n\t\t}\n\n\t\treturn $newfieldvalue;\n\t}\n\n\tpublic static function getFormFieldDataNumber($fieldname, $fielddata, $input)\n\t{\n\t\tif (isset($input[$fieldname])) {\n\t\t\t$newfieldvalue = (int)$input[$fieldname];\n\t\t} else {\n\t\t\t$newfieldvalue = (int)$fielddata['default'];\n\t\t}\n\n\t\treturn $newfieldvalue;\n\t}\n\n\tpublic static function getFormFieldDataCheckbox($fieldname, $fielddata, $input)\n\t{\n\t\tif (isset($input[$fieldname]) && ($input[$fieldname] === '1' || $input[$fieldname] === 1 || $input[$fieldname] === true || strtolower($input[$fieldname]) === 'yes' || strtolower($input[$fieldname]) === 'ja')) {\n\t\t\t$newfieldvalue = '1';\n\t\t} else {\n\t\t\t$newfieldvalue = '0';\n\t\t}\n\n\t\treturn $newfieldvalue;\n\t}\n\n\tpublic static function getFormFieldDataImage($fieldname, $fielddata, $input)\n\t{\n\t\t// We always make the system think we have new data to trigger the save function where we actually check everything\n\t\treturn time();\n\t}\n\n\tpublic static function manipulateFormFieldDataDate($fieldname, $fielddata, $newfieldvalue)\n\t{\n\t\tif (isset($fielddata['date_timestamp']) && $fielddata['date_timestamp'] === true) {\n\t\t\t$newfieldvalue = strtotime($newfieldvalue);\n\t\t}\n\n\t\treturn $newfieldvalue;\n\t}\n}\n" }, { "path": "lib/Froxlor/UI/Form.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\UI;\n\nuse Froxlor\\CurrentUser;\nuse Froxlor\\FroxlorTwoFactorAuth;\nuse Froxlor\\Settings;\nuse Froxlor\\Validate\\Check;\n\nclass Form\n{\n\tpublic static function buildForm(array $form, string $part = ''): array\n\t{\n\t\t$fields = [];\n\n\t\tif (\\Froxlor\\Validate\\Form::validateFormDefinition($form)) {\n\t\t\tforeach ($form['groups'] as $groupname => $groupdetails) {\n\t\t\t\t// check for advanced mode sections\n\t\t\t\tif (isset($groupdetails['advanced_mode']) && $groupdetails['advanced_mode'] && (int)Settings::Get('panel.settings_mode') == 0) {\n\t\t\t\t\tcontinue;\n\t\t\t\t}\n\t\t\t\t// show overview\n\t\t\t\tif ($part == '' || $part == 'all') {\n\t\t\t\t\tif (isset($groupdetails['title']) && $groupdetails['title'] != '') {\n\t\t\t\t\t\t$fields[] = self::getFormOverviewGroupOutput($groupname, $groupdetails);\n\t\t\t\t\t}\n\t\t\t\t} elseif ($part != '' && $groupname == $part) {\n\t\t\t\t\t// only show one section\n\t\t\t\t\t/**\n\t\t\t\t\t * this part checks for the 'websrv_avail' entry in the settings-array\n\t\t\t\t\t * if found, we check if the current webserver is in the array.\n\t\t\t\t\t * If this\n\t\t\t\t\t * is not the case, we change the setting type to \"hidden\", #502\n\t\t\t\t\t */\n\t\t\t\t\t$do_show = true;\n\t\t\t\t\tif (isset($groupdetails['websrv_avail']) && is_array($groupdetails['websrv_avail'])) {\n\t\t\t\t\t\t$websrv = Settings::Get('system.webserver');\n\t\t\t\t\t\tif (!in_array($websrv, $groupdetails['websrv_avail'])) {\n\t\t\t\t\t\t\t$do_show = false;\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\n\t\t\t\t\t// visible = Settings::Get('phpfpm.enabled') for example would result in false if not enabled\n\t\t\t\t\t// and therefore not shown as intended. Only check if do_show is still true as it might\n\t\t\t\t\t// be false due to websrv_avail\n\t\t\t\t\tif (isset($groupdetails['visible']) && $do_show) {\n\t\t\t\t\t\t$do_show = $groupdetails['visible'];\n\t\t\t\t\t}\n\n\t\t\t\t\t$fields['_group'] = [\n\t\t\t\t\t\t'title' => $groupdetails['title'] ?? 'unknown group',\n\t\t\t\t\t\t'do_show' => $do_show\n\t\t\t\t\t];\n\n\t\t\t\t\tif (\\Froxlor\\Validate\\Form::validateFieldDefinition($groupdetails)) {\n\t\t\t\t\t\t// Collect form field output\n\t\t\t\t\t\tforeach ($groupdetails['fields'] as $fieldname => $fielddetails) {\n\t\t\t\t\t\t\t// check for advanced mode sections\n\t\t\t\t\t\t\tif (isset($fielddetails['advanced_mode']) && $fielddetails['advanced_mode'] && (int)Settings::Get('panel.settings_mode') == 0) {\n\t\t\t\t\t\t\t\tcontinue;\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t$fields[$fieldname] = self::getFormFieldOutput($fieldname, $fielddetails);\n\t\t\t\t\t\t\t$fields[$fieldname] = array_merge($fields[$fieldname], self::prefetchFormFieldData($fieldname, $fielddetails));\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\treturn $fields;\n\t}\n\n\tpublic static function getFormOverviewGroupOutput($groupname, $groupdetails)\n\t{\n\t\t$activated = true;\n\t\tif (isset($groupdetails['fields'])) {\n\t\t\tforeach ($groupdetails['fields'] as $fielddetails) {\n\t\t\t\tif (isset($fielddetails['overview_option']) && $fielddetails['overview_option'] == true) {\n\t\t\t\t\tif ($fielddetails['type'] != 'checkbox') {\n\t\t\t\t\t\t// throw exception here as this is most likely an internal issue\n\t\t\t\t\t\t// if we messed up the arrays\n\t\t\t\t\t\tResponse::standardError('overviewsettingoptionisnotavalidfield', '', true);\n\t\t\t\t\t}\n\t\t\t\t\t$activated = (int)Settings::Get($fielddetails['settinggroup'] . '.' . $fielddetails['varname']);\n\t\t\t\t\tbreak;\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\t$item = [\n\t\t\t'title' => $groupdetails['title'],\n\t\t\t'icon' => $groupdetails['icon'] ?? 'fa-solid fa-circle-question',\n\t\t\t'part' => $groupname,\n\t\t\t'activated' => $activated\n\t\t];\n\n\t\t/**\n\t\t * this part checks for the 'websrv_avail' entry in the settings\n\t\t * if found, we check if the current webserver is in the array.\n\t\t * If this is not the case, we change the setting type to \"hidden\", #502\n\t\t */\n\t\tif (isset($groupdetails['websrv_avail']) && is_array($groupdetails['websrv_avail'])) {\n\t\t\t$websrv = Settings::Get('system.webserver');\n\t\t\tif (!in_array($websrv, $groupdetails['websrv_avail'])) {\n\t\t\t\t$item['info'] = lng('serversettings.option_unavailable_websrv', [implode(\", \", $groupdetails['websrv_avail'])]);\n\t\t\t\t$item['visible'] = false;\n\t\t\t}\n\t\t}\n\n\t\treturn $item;\n\t}\n\n\tpublic static function getFormFieldOutput($fieldname, $fielddata): array\n\t{\n\t\t$returnvalue = [];\n\t\tif (is_array($fielddata) && isset($fielddata['type']) && $fielddata['type'] != '') {\n\t\t\tif (!isset($fielddata['value'])) {\n\t\t\t\tif (isset($fielddata['default'])) {\n\t\t\t\t\t$fielddata['value'] = $fielddata['default'];\n\t\t\t\t} else {\n\t\t\t\t\t$fielddata['value'] = null;\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// set value according to type\n\t\t\tswitch ($fielddata['type']) {\n\t\t\t\tcase 'select':\n\t\t\t\t\t$fielddata['selected'] = $fielddata['value'];\n\t\t\t\t\tunset($fielddata['value']);\n\t\t\t\t\tif (isset($fielddata['select_mode']) && $fielddata['select_mode'] == 'multiple') {\n\t\t\t\t\t\t$fielddata['selected'] = array_flip(explode(\",\", $fielddata['selected']));\n\t\t\t\t\t}\n\t\t\t\t\tbreak;\n\t\t\t\tcase 'checkbox':\n\t\t\t\t\t$fielddata['checked'] = (bool)$fielddata['value'];\n\t\t\t\t\t$fielddata['value'] = 1;\n\t\t\t\t\tbreak;\n\t\t\t}\n\n\t\t\t/**\n\t\t\t * this part checks for the 'websrv_avail' entry in the settings-array\n\t\t\t * if found, we check if the current webserver is in the array.\n\t\t\t * If this\n\t\t\t * is not the case, we change the setting type to \"hidden\", #502\n\t\t\t */\n\t\t\t$do_show = true;\n\t\t\tif (isset($fielddata['websrv_avail']) && is_array($fielddata['websrv_avail'])) {\n\t\t\t\t$websrv = Settings::Get('system.webserver');\n\t\t\t\tif (!in_array($websrv, $fielddata['websrv_avail'])) {\n\t\t\t\t\t$do_show = false;\n\t\t\t\t\t$fielddata['note'] = lng('serversettings.option_unavailable_websrv', [implode(\", \", $fielddata['websrv_avail'])]);\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// visible = Settings::Get('phpfpm.enabled') for example would result in false if not enabled\n\t\t\t// and therefore not shown as intended. Only check if do_show is still true as it might\n\t\t\t// be false due to websrv_avail\n\t\t\tif (isset($fielddata['visible']) && $do_show) {\n\t\t\t\t$do_show = $fielddata['visible'];\n\t\t\t\tif (!$do_show) {\n\t\t\t\t\t$fielddata['note'] = lng('serversettings.option_unavailable');\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// OTP security validation for sensitive settings\n\t\t\tif (!Settings::Config('disable_otp_security_check') && isset($fielddata['required_otp']) && $do_show) {\n\t\t\t\t$otp_enabled_system = (bool)Settings::Get('2fa.enabled');\n\t\t\t\t$otp_enabled_user = (int)CurrentUser::getField('type_2fa') != 0;\n\t\t\t\t$do_show = !$fielddata['required_otp'] || ($otp_enabled_system && $otp_enabled_user);\n\t\t\t\tif (!$do_show) {\n\t\t\t\t\t$fielddata['note'] = lng('serversettings.option_requires_otp');\n\t\t\t\t\tif (!$otp_enabled_system) {\n\t\t\t\t\t\t$fielddata['disabled'] = true;\n\t\t\t\t\t\t$fielddata['note'] .= '
' . lng('2fa.2fa_not_activated');\n\t\t\t\t\t} elseif (!$otp_enabled_user) {\n\t\t\t\t\t\t$fielddata['disabled'] = true;\n\t\t\t\t\t\t$fielddata['note'] .= '
' . lng('2fa.2fa_not_activated_for_user');\n\t\t\t\t\t}\n\t\t\t\t\t// show field in any case\n\t\t\t\t\t$do_show = true;\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tif (!$do_show) {\n\t\t\t\t$fielddata['visible'] = false;\n\t\t\t}\n\n\t\t\t$returnvalue = $fielddata;\n\t\t}\n\t\treturn $returnvalue;\n\t}\n\n\tpublic static function prefetchFormFieldData($fieldname, $fielddata)\n\t{\n\t\t$returnvalue = [];\n\t\tif (is_array($fielddata) && isset($fielddata['type']) && $fielddata['type'] == 'select') {\n\t\t\tif ((empty($fielddata['select_var']) || !is_array($fielddata['select_var'])) && (isset($fielddata['option_options_method']))\n\t\t\t) {\n\t\t\t\t$returnvalue['select_var'] = call_user_func($fielddata['option_options_method']);\n\t\t\t}\n\t\t}\n\t\treturn $returnvalue;\n\t}\n\n\tpublic static function processForm(&$form, &$input, $url_params = [], $part = null, bool $settings_all = false, $settings_part = null, bool $only_enabledisable = false)\n\t{\n\t\tif (\\Froxlor\\Validate\\Form::validateFormDefinition($form)) {\n\t\t\t$submitted_fields = [];\n\t\t\t$changed_fields = [];\n\t\t\t$saved_fields = [];\n\n\t\t\tforeach ($form['groups'] as $groupname => $groupdetails) {\n\t\t\t\tif (($settings_part && $part == $groupname) || $settings_all || $only_enabledisable) {\n\t\t\t\t\tif (\\Froxlor\\Validate\\Form::validateFieldDefinition($groupdetails)) {\n\t\t\t\t\t\t// Prefetch form fields\n\t\t\t\t\t\tforeach ($groupdetails['fields'] as $fieldname => $fielddetails) {\n\t\t\t\t\t\t\tif (!$only_enabledisable || isset($fielddetails['overview_option'])) {\n\t\t\t\t\t\t\t\t$groupdetails['fields'][$fieldname] = array_merge($fielddetails, self::prefetchFormFieldData($fieldname, $fielddetails));\n\t\t\t\t\t\t\t\t$form['groups'][$groupname]['fields'][$fieldname] = $groupdetails['fields'][$fieldname];\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tforeach ($form['groups'] as $groupname => $groupdetails) {\n\t\t\t\tif (($settings_part && $part == $groupname) || $settings_all || $only_enabledisable) {\n\t\t\t\t\tif (\\Froxlor\\Validate\\Form::validateFieldDefinition($groupdetails)) {\n\t\t\t\t\t\t// Validate fields\n\t\t\t\t\t\tforeach ($groupdetails['fields'] as $fieldname => $fielddetails) {\n\t\t\t\t\t\t\tif (((isset($fielddetails['visible']) && $fielddetails['visible']) || !isset($fielddetails['visible'])) && (!$only_enabledisable || ($only_enabledisable && isset($fielddetails['overview_option'])))) {\n\t\t\t\t\t\t\t\t$newfieldvalue = self::getFormFieldData($fieldname, $fielddetails, $input);\n\t\t\t\t\t\t\t\tif ($newfieldvalue != $fielddetails['value']) {\n\t\t\t\t\t\t\t\t\tif (($error = \\Froxlor\\Validate\\Form::validateFormField($fieldname, $fielddetails, $newfieldvalue)) !== true) {\n\t\t\t\t\t\t\t\t\t\tResponse::standardError($error, $fieldname);\n\t\t\t\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t\t\t\t$changed_fields[$fieldname] = $newfieldvalue;\n\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t}\n\n\t\t\t\t\t\t\t\t$submitted_fields[$fieldname] = $newfieldvalue;\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tforeach ($form['groups'] as $groupname => $groupdetails) {\n\t\t\t\tif (($settings_part && $part == $groupname) || $settings_all || $only_enabledisable) {\n\t\t\t\t\tif (\\Froxlor\\Validate\\Form::validateFieldDefinition($groupdetails)) {\n\t\t\t\t\t\t// Check fields for plausibility\n\t\t\t\t\t\tforeach ($groupdetails['fields'] as $fieldname => $fielddetails) {\n\t\t\t\t\t\t\tif (!isset($submitted_fields[$fieldname])) {\n\t\t\t\t\t\t\t\t// skip unset fields due to unavailability for this system/settings-set\n\t\t\t\t\t\t\t\tcontinue;\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\tif (!$only_enabledisable || ($only_enabledisable && isset($fielddetails['overview_option']))) {\n\t\t\t\t\t\t\t\tif (($plausibility_check = self::checkPlausibilityFormField($fieldname, $fielddetails, $submitted_fields[$fieldname], $submitted_fields)) !== false) {\n\t\t\t\t\t\t\t\t\tif (is_array($plausibility_check) && isset($plausibility_check[0])) {\n\t\t\t\t\t\t\t\t\t\tif ($plausibility_check[0] == Check::FORMFIELDS_PLAUSIBILITY_CHECK_OK) {\n\t\t\t\t\t\t\t\t\t\t\t// Nothing to do here, everything's okay\n\t\t\t\t\t\t\t\t\t\t} elseif ($plausibility_check[0] == Check::FORMFIELDS_PLAUSIBILITY_CHECK_ERROR) {\n\t\t\t\t\t\t\t\t\t\t\tunset($plausibility_check[0]);\n\t\t\t\t\t\t\t\t\t\t\t$error = $plausibility_check[1];\n\t\t\t\t\t\t\t\t\t\t\tunset($plausibility_check[1]);\n\t\t\t\t\t\t\t\t\t\t\t$targetname = implode(' ', $plausibility_check);\n\t\t\t\t\t\t\t\t\t\t\tResponse::standardError($error, $targetname);\n\t\t\t\t\t\t\t\t\t\t} elseif ($plausibility_check[0] == Check::FORMFIELDS_PLAUSIBILITY_CHECK_QUESTION) {\n\t\t\t\t\t\t\t\t\t\t\tunset($plausibility_check[0]);\n\t\t\t\t\t\t\t\t\t\t\t$question = $plausibility_check[1];\n\t\t\t\t\t\t\t\t\t\t\tunset($plausibility_check[1]);\n\t\t\t\t\t\t\t\t\t\t\t$targetname = implode(' ', $plausibility_check);\n\t\t\t\t\t\t\t\t\t\t\tif (!isset($input[$question])) {\n\t\t\t\t\t\t\t\t\t\t\t\tif (is_array($url_params) && isset($url_params['filename'])) {\n\t\t\t\t\t\t\t\t\t\t\t\t\t$filename = $url_params['filename'];\n\t\t\t\t\t\t\t\t\t\t\t\t\tunset($url_params['filename']);\n\t\t\t\t\t\t\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t\t\t\t\t\t\t$filename = '';\n\t\t\t\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t\t\t\t\tHTML::askYesNo($question, $filename, array_merge($url_params, $submitted_fields, [\n\t\t\t\t\t\t\t\t\t\t\t\t\t$question => $question\n\t\t\t\t\t\t\t\t\t\t\t\t]), $targetname);\n\t\t\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t\t\t\t\tResponse::standardError('plausibilitychecknotunderstood');\n\t\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\tif (!Settings::Config('disable_otp_security_check') && isset($fielddetails['required_otp']) && isset($changed_fields[$fieldname])) {\n\t\t\t\t\t\t\t\t\t$otp_enabled_system = (bool)Settings::Get('2fa.enabled');\n\t\t\t\t\t\t\t\t\t$otp_enabled_user = (int)CurrentUser::getField('type_2fa') != 0;\n\t\t\t\t\t\t\t\t\t$do_update = !$fielddetails['required_otp'] || ($otp_enabled_system && $otp_enabled_user);\n\t\t\t\t\t\t\t\t\tif ($do_update) {\n\t\t\t\t\t\t\t\t\t\t// setting that requires OTP verification\n\t\t\t\t\t\t\t\t\t\tif (empty($input['otp_verification'])) {\n\t\t\t\t\t\t\t\t\t\t\t// in case email 2fa is enabled, send it now\n\t\t\t\t\t\t\t\t\t\t\tCurrentUser::sendOtpEmail();\n\t\t\t\t\t\t\t\t\t\t\t// build up form\n\t\t\t\t\t\t\t\t\t\t\tif (is_array($url_params) && isset($url_params['filename'])) {\n\t\t\t\t\t\t\t\t\t\t\t\t$filename = $url_params['filename'];\n\t\t\t\t\t\t\t\t\t\t\t\tunset($url_params['filename']);\n\t\t\t\t\t\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t\t\t\t\t\t$filename = '';\n\t\t\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t\t\t\tHTML::askOTP('please_enter_otp', $filename, array_merge($url_params, $submitted_fields));\n\t\t\t\t\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t\t\t\t\t// validate given OTP code\n\t\t\t\t\t\t\t\t\t\t\t$code = trim($input['otp_verification']);\n\t\t\t\t\t\t\t\t\t\t\t$tfa = new FroxlorTwoFactorAuth('Froxlor ' . Settings::Get('system.hostname'));\n\t\t\t\t\t\t\t\t\t\t\t$result = $tfa->verifyCode(CurrentUser::getField('data_2fa'), $code, 3);\n\t\t\t\t\t\t\t\t\t\t\tif (!$result) {\n\t\t\t\t\t\t\t\t\t\t\t\tResponse::standardError('otpnotvalidated');\n\t\t\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t\t\t\t// do not update this setting\n\t\t\t\t\t\t\t\t\t\tunset($changed_fields[$fieldname]);\n\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t}\n\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tforeach ($form['groups'] as $groupname => $groupdetails) {\n\t\t\t\tif (($settings_part && $part == $groupname) || $settings_all || $only_enabledisable) {\n\t\t\t\t\tif (\\Froxlor\\Validate\\Form::validateFieldDefinition($groupdetails)) {\n\t\t\t\t\t\t// Save fields\n\t\t\t\t\t\tforeach ($groupdetails['fields'] as $fieldname => $fielddetails) {\n\t\t\t\t\t\t\tif (!$only_enabledisable || (isset($fielddetails['overview_option']))) {\n\t\t\t\t\t\t\t\tif (isset($changed_fields[$fieldname])) {\n\t\t\t\t\t\t\t\t\tif (($saved_field = self::saveFormField($fieldname, $fielddetails, self::manipulateFormFieldData($fieldname, $fielddetails, $changed_fields[$fieldname]))) !== false) {\n\t\t\t\t\t\t\t\t\t\t$saved_fields = array_merge($saved_fields, $saved_field);\n\t\t\t\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t\t\t\tResponse::standardError('errorwhensaving', $fieldname);\n\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// Save form\n\t\t\treturn self::saveForm($form, $saved_fields);\n\t\t}\n\t\treturn false;\n\t}\n\n\tpublic static function getFormFieldData($fieldname, $fielddata, &$input)\n\t{\n\t\tif (is_array($fielddata) && isset($fielddata['type']) && $fielddata['type'] != '' && method_exists('\\\\Froxlor\\\\UI\\\\Data', 'getFormFieldData' . ucfirst($fielddata['type']))) {\n\t\t\t$newfieldvalue = call_user_func([\n\t\t\t\t'\\\\Froxlor\\\\UI\\\\Data',\n\t\t\t\t'getFormFieldData' . ucfirst($fielddata['type'])\n\t\t\t], $fieldname, $fielddata, $input);\n\t\t} else {\n\t\t\tif (isset($input[$fieldname])) {\n\t\t\t\t$newfieldvalue = $input[$fieldname];\n\t\t\t} elseif (isset($fielddata['default'])) {\n\t\t\t\t$newfieldvalue = $fielddata['default'];\n\t\t\t} else {\n\t\t\t\t$newfieldvalue = false;\n\t\t\t}\n\t\t}\n\n\t\treturn trim($newfieldvalue);\n\t}\n\n\tpublic static function checkPlausibilityFormField($fieldname, $fielddata, $newfieldvalue, $allnewfieldvalues)\n\t{\n\t\t$returnvalue = '';\n\t\tif (is_array($fielddata) && isset($fielddata['plausibility_check_method']) && $fielddata['plausibility_check_method'] != '' && method_exists($fielddata['plausibility_check_method'][0], $fielddata['plausibility_check_method'][1])) {\n\t\t\t$returnvalue = call_user_func($fielddata['plausibility_check_method'], $fieldname, $fielddata, $newfieldvalue, $allnewfieldvalues);\n\t\t} else {\n\t\t\t$returnvalue = false;\n\t\t}\n\t\treturn $returnvalue;\n\t}\n\n\tpublic static function saveFormField($fieldname, $fielddata, $newfieldvalue)\n\t{\n\t\t$returnvalue = '';\n\t\tif (is_array($fielddata) && isset($fielddata['save_method']) && $fielddata['save_method'] != '') {\n\t\t\t$returnvalue = call_user_func([\n\t\t\t\t'\\\\Froxlor\\\\Settings\\\\Store',\n\t\t\t\t$fielddata['save_method']\n\t\t\t], $fieldname, $fielddata, $newfieldvalue);\n\t\t} elseif (is_array($fielddata) && !isset($fielddata['save_method'])) {\n\t\t\t$returnvalue = [];\n\t\t} else {\n\t\t\t$returnvalue = false;\n\t\t}\n\t\treturn $returnvalue;\n\t}\n\n\tpublic static function manipulateFormFieldData($fieldname, $fielddata, $newfieldvalue)\n\t{\n\t\tif (is_array($fielddata) && isset($fielddata['type']) && $fielddata['type'] != '' && method_exists('\\\\Froxlor\\\\UI\\\\Data', 'manipulateFormFieldData' . ucfirst($fielddata['type']))) {\n\t\t\t$newfieldvalue = call_user_func([\n\t\t\t\t'\\\\Froxlor\\\\UI\\\\Data',\n\t\t\t\t'manipulateFormFieldData' . ucfirst($fielddata['type'])\n\t\t\t], $fieldname, $fielddata, $newfieldvalue);\n\t\t}\n\n\t\treturn $newfieldvalue;\n\t}\n\n\tpublic static function saveForm($fielddata, $newfieldvalue)\n\t{\n\t\t$returnvalue = '';\n\t\tif (is_array($fielddata) && isset($fielddata['save_method']) && $fielddata['save_method'] != '') {\n\t\t\t$returnvalue = call_user_func([\n\t\t\t\t'\\\\Froxlor\\\\Settings\\\\Store',\n\t\t\t\t$fielddata['save_method']\n\t\t\t], $fielddata, $newfieldvalue);\n\t\t} elseif (is_array($fielddata) && !isset($fielddata['save_method'])) {\n\t\t\t$returnvalue = true;\n\t\t} else {\n\t\t\t$returnvalue = false;\n\t\t}\n\t\treturn $returnvalue;\n\t}\n}\n" }, { "path": "lib/Froxlor/UI/HTML.php", "content": "\n * @license https://files.froxlor.org/misc/COPYING.txt GPLv2\n */\n\nnamespace Froxlor\\UI;\n\nuse Froxlor\\Settings;\n\nclass HTML\n{\n\n\t/**\n\t * Build Navigation Sidebar\n\t *\n\t * @param array $navigation data\n\t * @param array $userinfo the userinfo of the user\n\t *\n\t * @return array the content of the navigation bar according to user-permissions\n\t */\n\tpublic static function buildNavigation(array $navigation, array $userinfo)\n\t{\n\t\t$returnvalue = [];\n\n\t\t// sanitize user-given input (url-manipulation)\n\t\t$req_page = Request::get('page');\n\t\tif (!empty($req_page) && is_array($req_page)) {\n\t\t\t$req_page = (string)array_shift($req_page);\n\t\t}\n\t\t// need to preserve this\n\t\t$_GET['page'] = $req_page;\n\n\t\t$req_action = Request::get('action');\n\t\tif (!empty($req_action) && is_array($req_action)) {\n\t\t\t$req_action = (string)array_shift($req_action);\n\t\t}\n\t\t// need to preserve this\n\t\t$_GET['action'] = $req_action;\n\n\t\tforeach ($navigation as $box) {\n\t\t\tif ((!isset($box['show_element']) || $box['show_element'] === true) && (!isset($box['required_resources']) || $box['required_resources'] == '' || (isset($userinfo[$box['required_resources']]) && ((int)$userinfo[$box['required_resources']] > 0 || $userinfo[$box['required_resources']] == '-1')))) {\n\t\t\t\t$navigation_links = [];\n\t\t\t\t$box_active = false;\n\t\t\t\tif (isset($box['url']) && $box['url'] == basename($_SERVER[\"SCRIPT_FILENAME\"])) {\n\t\t\t\t\t$box_active = true;\n\t\t\t\t}\n\t\t\t\tforeach ($box['elements'] as $element) {\n\t\t\t\t\tif ((!isset($element['show_element']) || $element['show_element'] === true) && (!isset($element['required_resources']) || $element['required_resources'] == '' || (isset($userinfo[$element['required_resources']]) && ((int)$userinfo[$element['required_resources']] > 0 || $userinfo[$element['required_resources']] == '-1')))) {\n\t\t\t\t\t\t$target = '';\n\t\t\t\t\t\t$active = false;\n\t\t\t\t\t\t$navurl = '#';\n\t\t\t\t\t\tif (isset($element['url']) && trim($element['url']) != '') {\n\t\t\t\t\t\t\tif (isset($element['new_window']) && $element['new_window'] == true) {\n\t\t\t\t\t\t\t\t$target = ' target=\"_blank\"';\n\t\t\t\t\t\t\t}\n\n\t\t\t\t\t\t\tif (\n\t\t\t\t\t\t\t\t((empty($req_page) && substr_count($element['url'], \"page=\") == 0) || (!empty($req_page) && substr_count($element['url'], \"page=\" . $req_page) > 0))\n\t\t\t\t\t\t\t\t&& substr_count($element['url'], basename($_SERVER[\"SCRIPT_FILENAME\"])) > 0\n\t\t\t\t\t\t\t) {\n\t\t\t\t\t\t\t\t$active = true;\n\t\t\t\t\t\t\t\t$box_active = true;\n\t\t\t\t\t\t\t}\n\n\t\t\t\t\t\t\t$navurl = htmlspecialchars($element['url']);\n\t\t\t\t\t\t\t$navlabel = $element['label'];\n\t\t\t\t\t\t\t$icon = $element['icon'] ?? null;\n\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t$navlabel = $element['label'];\n\t\t\t\t\t\t\t$icon = $element['icon'] ?? null;\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\t$navigation_links[] = [\n\t\t\t\t\t\t\t'url' => $navurl,\n\t\t\t\t\t\t\t'target' => $target,\n\t\t\t\t\t\t\t'active' => $active,\n\t\t\t\t\t\t\t'label' => $navlabel,\n\t\t\t\t\t\t\t'icon' => $icon,\n\t\t\t\t\t\t\t'add_shortlink' => $element['add_shortlink'] ?? null,\n\t\t\t\t\t\t\t'is_external' => $element['is_external'] ?? false,\n\t\t\t\t\t\t];\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\tif (!empty($navigation_links)) {\n\t\t\t\t\t$target = '';\n\t\t\t\t\tif (isset($box['url']) && trim($box['url']) != '') {\n\t\t\t\t\t\tif (isset($box['new_window']) && $box['new_window'] == true) {\n\t\t\t\t\t\t\t$target = ' target=\"_blank\"';\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\t$navurl = htmlspecialchars($box['url']);\n\t\t\t\t\t\t$navlabel = $box['label'];\n\t\t\t\t\t\t$icon = $box['icon'] ?? null;\n\t\t\t\t\t} else {\n\t\t\t\t\t\t$navurl = \"#\";\n\t\t\t\t\t\t$navlabel = $box['label'];\n\t\t\t\t\t\t$icon = $box['icon'] ?? null;\n\t\t\t\t\t}\n\n\t\t\t\t\t$returnvalue[] = [\n\t\t\t\t\t\t'url' => $navurl,\n\t\t\t\t\t\t'target' => $target,\n\t\t\t\t\t\t'label' => $navlabel,\n\t\t\t\t\t\t'icon' => $icon,\n\t\t\t\t\t\t'items' => $navigation_links,\n\t\t\t\t\t\t'active' => ((int)Settings::Get('panel.menu_collapsed') == 0 ? 1 : $box_active)\n\t\t\t\t\t];\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\treturn $returnvalue;\n\t}\n\n\t/**\n\t * Return HTML Code for an option within a