gitlabFork/ISPConfig3.git - Solinfo Gitblit

			@@ -99,7 +99,7 @@
			$app->uses('getconf');
			$web_config = $app->getconf->get_server_config($conf['server_id'], 'web');
			if ($web_config['CA_path']!='' && !file_exists($web_config['CA_path'].'/openssl.cnf'))
			$app->log("CA path error, file does not exist:".$web_config['CA_path'].'/openssl.conf',LOGLEVEL_ERROR);
			$app->log("CA path error, file does not exist:".$web_config['CA_path'].'/openssl.cnf',LOGLEVEL_ERROR);

			//* Only vhosts can have a ssl cert
			if($data["new"]["type"] != "vhost" && $data["new"]["type"] != "vhostsubdomain") return;
			@@ -243,6 +243,7 @@
			if(trim($data["new"]["ssl_cert"]) != '') $app->system->file_put_contents($crt_file,$data["new"]["ssl_cert"]);
			//if(trim($data["new"]["ssl_bundle"]) != '') $app->system->file_put_contents($bundle_file,$data["new"]["ssl_bundle"]);
			if(trim($data["new"]["ssl_key"]) != '') $app->system->file_put_contents($key_file2,$data["new"]["ssl_key"]);
			$app->system->chmod($key_file2,0400);

			// for nginx, bundle files have to be appended to the certificate file
			if(trim($data["new"]["ssl_bundle"]) != ''){
			@@ -347,7 +348,7 @@
			}

			if($data['new']['document_root'] == '') {
			$app->log('document_root not set',LOGLEVEL_WARN);
			if($data['new']['type'] == 'vhost' \|\| $data['new']['type'] == 'vhostsubdomain') $app->log('document_root not set',LOGLEVEL_WARN);
			return 0;
			}
			if($data['new']['system_user'] == 'root' or $data['new']['system_group'] == 'root') {
			@@ -435,39 +436,43 @@
			}
			}

			//* Move the site data
			$tmp_docroot = explode('/',$data['new']['document_root']);
			unset($tmp_docroot[count($tmp_docroot)-1]);
			$new_dir = implode('/',$tmp_docroot);
			if($data["new"]["type"] != "vhostsubdomain") {
			//* Move the site data
			$tmp_docroot = explode('/',$data['new']['document_root']);
			unset($tmp_docroot[count($tmp_docroot)-1]);
			$new_dir = implode('/',$tmp_docroot);

			$tmp_docroot = explode('/',$data['old']['document_root']);
			unset($tmp_docroot[count($tmp_docroot)-1]);
			$old_dir = implode('/',$tmp_docroot);
			$tmp_docroot = explode('/',$data['old']['document_root']);
			unset($tmp_docroot[count($tmp_docroot)-1]);
			$old_dir = implode('/',$tmp_docroot);

			//* Check if there is already some data in the new docroot and rename it as we need a clean path to move the existing site to the new path
			if(@is_dir($data['new']['document_root'])) {
			$app->system->rename($data['new']['document_root'],$data['new']['document_root'].'_bak_'.date('Y_m_d'));
			$app->log('Renaming existing directory in new docroot location. mv '.$data['new']['document_root'].' '.$data['new']['document_root'].'_bak_'.date('Y_m_d'),LOGLEVEL_DEBUG);
			}
			//* Check if there is already some data in the new docroot and rename it as we need a clean path to move the existing site to the new path
			if(@is_dir($data['new']['document_root'])) {
			$app->system->web_folder_protection($data['new']['document_root'],false);
			$app->system->rename($data['new']['document_root'],$data['new']['document_root'].'_bak_'.date('Y_m_d_H_i_s'));
			$app->log('Renaming existing directory in new docroot location. mv '.$data['new']['document_root'].' '.$data['new']['document_root'].'_bak_'.date('Y_m_d_H_i_s'),LOGLEVEL_DEBUG);
			}

			//* Create new base directory, if it does not exist yet
			if(!is_dir($new_dir)) $app->system->mkdirpath($new_dir);
			exec('mv '.escapeshellarg($data['old']['document_root']).' '.escapeshellarg($new_dir));
			//$app->system->rename($data['old']['document_root'],$new_dir);
			$app->log('Moving site to new document root: mv '.$data['old']['document_root'].' '.$new_dir,LOGLEVEL_DEBUG);
			//* Create new base directory, if it does not exist yet
			if(!is_dir($new_dir)) $app->system->mkdirpath($new_dir);
			$app->system->web_folder_protection($data['old']['document_root'],false);
			exec('mv '.escapeshellarg($data['old']['document_root']).' '.escapeshellarg($new_dir));
			//$app->system->rename($data['old']['document_root'],$new_dir);
			$app->log('Moving site to new document root: mv '.$data['old']['document_root'].' '.$new_dir,LOGLEVEL_DEBUG);

			// Handle the change in php_open_basedir
			$data['new']['php_open_basedir'] = str_replace($data['old']['document_root'],$data['new']['document_root'],$data['old']['php_open_basedir']);
			// Handle the change in php_open_basedir
			$data['new']['php_open_basedir'] = str_replace($data['old']['document_root'],$data['new']['document_root'],$data['old']['php_open_basedir']);

			//* Change the owner of the website files to the new website owner
			exec('chown --recursive --from='.escapeshellcmd($data['old']['system_user']).':'.escapeshellcmd($data['old']['system_group']).' '.escapeshellcmd($data['new']['system_user']).':'.escapeshellcmd($data['new']['system_group']).' '.$new_dir);
			//* Change the owner of the website files to the new website owner
			exec('chown --recursive --from='.escapeshellcmd($data['old']['system_user']).':'.escapeshellcmd($data['old']['system_group']).' '.escapeshellcmd($data['new']['system_user']).':'.escapeshellcmd($data['new']['system_group']).' '.$new_dir);

			//* Change the home directory and group of the website user
			$command = 'usermod';
			$command .= ' --home '.escapeshellcmd($data['new']['document_root']);
			$command .= ' --gid '.escapeshellcmd($data['new']['system_group']);
			$command .= ' '.escapeshellcmd($data['new']['system_user']);
			exec($command);
			//* Change the home directory and group of the website user
			$command = 'killall -u '.escapeshellcmd($data['new']['system_user']).' ; usermod';
			$command .= ' --home '.escapeshellcmd($data['new']['document_root']);
			$command .= ' --gid '.escapeshellcmd($data['new']['system_group']);
			$command .= ' '.escapeshellcmd($data['new']['system_user']).' 2>/dev/null';
			exec($command);
			}

			if($nginx_chrooted) $this->_exec('chroot '.escapeshellcmd($web_config['website_basedir']).' '.$command);

			@@ -651,8 +656,8 @@
			exec('chown -R '.$data['new']['system_user'].':'.$data['new']['system_group'].' '.$error_page_path);
			} // end copy error docs

			// Set the quota for the user
			if($username != '' && $app->system->is_user($username)) {
			// Set the quota for the user, but only for vhosts, not vhostsubdomains
			if($username != '' && $app->system->is_user($username) && $data['new']['type'] == 'vhost') {
			if($data['new']['hd_quota'] > 0) {
			$blocks_soft = $data['new']['hd_quota'] * 1024;
			$blocks_hard = $blocks_soft + 1024;
			@@ -674,6 +679,9 @@
			}
			}

			//* add the nginx user to the client group if this is a vhost and security level is set to high, no matter if this is an insert or update and regardless of set_folder_permissions_on_update
			if($data['new']['type'] == 'vhost' && $web_config['security_level'] == 20) $app->system->add_user_to_group($groupname, escapeshellcmd($web_config['nginx_user']));

			//* If the security level is set to high
			if(($this->action == 'insert' && $data['new']['type'] == 'vhost') or ($web_config['set_folder_permissions_on_update'] == 'y' && $data['new']['type'] == 'vhost')) {

			@@ -701,7 +709,7 @@
			if($web_config['add_web_users_to_sshusers_group'] == 'y') {
			$command = 'usermod';
			$command .= ' --groups sshusers';
			$command .= ' '.escapeshellcmd($data['new']['system_user']);
			$command .= ' '.escapeshellcmd($data['new']['system_user']).' 2>/dev/null';
			$this->_exec($command);
			}

			@@ -712,13 +720,10 @@
			//* add the nginx user to the client group in the chroot environment
			$tmp_groupfile = $app->system->server_conf['group_datei'];
			$app->system->server_conf['group_datei'] = $web_config['website_basedir'].'/etc/group';
			$app->system->add_user_to_group($groupname, escapeshellcmd($web_config['user']));
			$app->system->add_user_to_group($groupname, escapeshellcmd($web_config['nginx_user']));
			$app->system->server_conf['group_datei'] = $tmp_groupfile;
			unset($tmp_groupfile);
			}

			//* add the nginx user to the client group
			$app->system->add_user_to_group($groupname, escapeshellcmd($web_config['nginx_user']));

			//* Chown all default directories
			$app->system->chown($data['new']['document_root'],'root');
			@@ -827,7 +832,7 @@
			if(!is_dir($web_config['website_basedir'].'/conf')) mkdir($web_config['website_basedir'].'/conf');
			if(trim($data['new']['custom_php_ini']) != '') {
			$has_custom_php_ini = true;
			if(!is_dir($custom_php_ini_dir)) $app->system->mkdir($custom_php_ini_dir);
			if(!is_dir($custom_php_ini_dir)) $app->system->mkdirpath($custom_php_ini_dir);
			$php_ini_content = '';
			if($data['new']['php'] == 'mod') {
			$master_php_ini_path = $web_config['php_ini_path_apache'];
			@@ -933,6 +938,20 @@

			// backwards compatibility; since ISPConfig 3.0.5, the PHP mode for nginx is called 'php-fpm' instead of 'fast-cgi'. The following line makes sure that old web sites that have 'fast-cgi' in the database still get PHP-FPM support.
			if($vhost_data['php'] == 'fast-cgi') $vhost_data['php'] = 'php-fpm';

			// Custom rewrite rules
			$final_rewrite_rules = array();
			$custom_rewrite_rules = $data['new']['rewrite_rules'];
			// Make sure we only have Unix linebreaks
			$custom_rewrite_rules = str_replace("\r\n", "\n", $custom_rewrite_rules);
			$custom_rewrite_rules = str_replace("\r", "\n", $custom_rewrite_rules);
			$custom_rewrite_rule_lines = explode("\n", $custom_rewrite_rules);
			if(is_array($custom_rewrite_rule_lines) && !empty($custom_rewrite_rule_lines)){
			foreach($custom_rewrite_rule_lines as $custom_rewrite_rule_line){
			$final_rewrite_rules[] = array('rewrite_rule' => $custom_rewrite_rule_line);
			}
			}
			$tpl->setLoop('rewrite_rules', $final_rewrite_rules);

			// Custom nginx directives
			$final_nginx_directives = array();
			@@ -1521,7 +1540,8 @@
			$nginx_online_status_before_restart = $this->_checkTcp('localhost',80);
			$app->log('nginx status is: '.$nginx_online_status_before_restart,LOGLEVEL_DEBUG);

			$app->services->restartService('httpd','restart');
			$retval = $app->services->restartService('httpd','restart'); // $retval['retval'] is 0 on success and > 0 on failure
			$app->log('nginx restart return value is: '.$retval['retval'],LOGLEVEL_DEBUG);

			// wait a few seconds, before we test the apache status again
			sleep(2);
			@@ -1529,9 +1549,10 @@
			//* Check if nginx restarted successfully if it was online before
			$nginx_online_status_after_restart = $this->_checkTcp('localhost',80);
			$app->log('nginx online status after restart is: '.$nginx_online_status_after_restart,LOGLEVEL_DEBUG);
			if($nginx_online_status_before_restart && !$nginx_online_status_after_restart) {
			$app->log('nginx did not restart after the configuration change for website '.$data['new']['domain'].' Reverting the configuration. Saved non-working config as '.$vhost_file.'.err',LOGLEVEL_WARN);
			if($nginx_online_status_before_restart && !$nginx_online_status_after_restart \|\| $retval['retval'] > 0) {
			$app->log('nginx did not restart after the configuration change for website '.$data['new']['domain'].'. Reverting the configuration. Saved non-working config as '.$vhost_file.'.err',LOGLEVEL_WARN);
			$app->system->copy($vhost_file,$vhost_file.'.err');
			if(is_array($retval['output']) && !empty($retval['output'])) $app->log('Reason for nginx restart failure: '.implode("\n", $retval['output']),LOGLEVEL_WARN);
			if(is_file($vhost_file.'~')) {
			//* Copy back the last backup file
			$app->system->copy($vhost_file.'~',$vhost_file);
			@@ -1577,12 +1598,7 @@
			}
			} else {
			//* We do not check the nginx config after changes (is faster)
			if($nginx_chrooted) {
			$app->services->restartServiceDelayed('httpd','reload');
			} else {
			// request a httpd reload when all records have been processed
			$app->services->restartServiceDelayed('httpd','reload');
			}
			$app->services->restartServiceDelayed('httpd','reload');
			}

			//* The vhost is written and apache has been restarted, so we
			@@ -1619,7 +1635,7 @@
			$app->uses('system');
			$web_config = $app->getconf->get_server_config($conf['server_id'], 'web');

			$app->system->web_folder_protection($data['old']['document_root'],false);
			if($data['old']['type'] == 'vhost' \|\| $data['old']['type'] == 'vhostsubdomain') $app->system->web_folder_protection($data['old']['document_root'],false);

			//* Check if this is a chrooted setup
			if($web_config['website_basedir'] != '' && @is_file($web_config['website_basedir'].'/etc/passwd')) {
			@@ -1633,18 +1649,73 @@
			$web_folder = '';
			if($data['old']['type'] == 'vhostsubdomain') {
			$tmp = $app->db->queryOneRecord('SELECT `domain`,`document_root` FROM web_domain WHERE domain_id = '.intval($data['old']['parent_domain_id']));
			$subdomain_host = preg_replace('/^(.*)\.' . preg_quote($tmp['domain'], '/') . '$/', '$1', $data['old']['domain']);
			if($subdomain_host == '') $subdomain_host = 'web'.$data['old']['domain_id'];
			$web_folder = $data['old']['web_folder'];
			$log_folder .= '/' . $subdomain_host;
			if($tmp['domain'] != ''){
			$subdomain_host = preg_replace('/^(.*)\.' . preg_quote($tmp['domain'], '/') . '$/', '$1', $data['old']['domain']);
			} else {
			// get log folder from /etc/fstab
			/*
			$bind_mounts = $app->system->file_get_contents('/etc/fstab');
			$bind_mount_lines = explode("\n", $bind_mounts);
			if(is_array($bind_mount_lines) && !empty($bind_mount_lines)){
			foreach($bind_mount_lines as $bind_mount_line){
			$bind_mount_line = preg_replace('/\s+/', ' ', $bind_mount_line);
			$bind_mount_parts = explode(' ', $bind_mount_line);
			if(is_array($bind_mount_parts) && !empty($bind_mount_parts)){
			if($bind_mount_parts[0] == '/var/log/ispconfig/httpd/'.$data['old']['domain'] && $bind_mount_parts[2] == 'none' && strpos($bind_mount_parts[3], 'bind') !== false){
			$subdomain_host = str_replace($data['old']['document_root'].'/log/', '', $bind_mount_parts[1]);
			}
			}
			}
			}
			*/
			// we are deleting the parent domain, so we can delete everything in the log directory
			$subdomain_hosts = array();
			$files = array_diff(scandir($data['old']['document_root'].'/'.$log_folder), array('.','..'));
			if(is_array($files) && !empty($files)){
			foreach($files as $file){
			if(is_dir($data['old']['document_root'].'/'.$log_folder.'/'.$file)){
			$subdomain_hosts[] = $file;
			}
			}
			}
			}
			if(is_array($subdomain_hosts) && !empty($subdomain_hosts)){
			$log_folders = array();
			foreach($subdomain_hosts as $subdomain_host){
			$log_folders[] = $log_folder.'/'.$subdomain_host;
			}
			} else {
			if($subdomain_host == '') $subdomain_host = 'web'.$data['old']['domain_id'];
			$log_folder .= '/' . $subdomain_host;
			}
			$web_folder = $data['old']['web_folder'];
			unset($tmp);
			unset($subdomain_hosts);
			}

			exec('umount '.escapeshellarg($data['old']['document_root'].'/'.$log_folder));
			if($data['old']['type'] == 'vhost' \|\| $data['old']['type'] == 'vhostsubdomain'){
			if(is_array($log_folders) && !empty($log_folders)){
			foreach($log_folders as $log_folder){
			//if($app->system->is_mounted($data['old']['document_root'].'/'.$log_folder)) exec('umount '.escapeshellarg($data['old']['document_root'].'/'.$log_folder));
			exec('umount '.escapeshellarg($data['old']['document_root'].'/'.$log_folder).' 2>/dev/null');
			}
			} else {
			//if($app->system->is_mounted($data['old']['document_root'].'/'.$log_folder)) exec('umount '.escapeshellarg($data['old']['document_root'].'/'.$log_folder));
			exec('umount '.escapeshellarg($data['old']['document_root'].'/'.$log_folder).' 2>/dev/null');
			}
			}

			//* remove mountpoint from fstab
			$fstab_line = '/var/log/ispconfig/httpd/'.$data['old']['domain'].' '.$data['old']['document_root'].'/'.$log_folder.' none bind';
			$app->system->removeLine('/etc/fstab',$fstab_line);
			if(is_array($log_folders) && !empty($log_folders)){
			foreach($log_folders as $log_folder){
			$fstab_line = '/var/log/ispconfig/httpd/'.$data['old']['domain'].' '.$data['old']['document_root'].'/'.$log_folder.' none bind';
			$app->system->removeLine('/etc/fstab',$fstab_line);
			}
			} else {
			$fstab_line = '/var/log/ispconfig/httpd/'.$data['old']['domain'].' '.$data['old']['document_root'].'/'.$log_folder.' none bind';
			$app->system->removeLine('/etc/fstab',$fstab_line);
			}
			unset($log_folders);

			if($data['old']['type'] != 'vhost' && $data['old']['type'] != 'vhostsubdomain' && $data['old']['parent_domain_id'] > 0) {
			//* This is a alias domain or subdomain, so we have to update the website instead
			@@ -1810,11 +1881,11 @@
			$vhost_logfile_dir = escapeshellcmd('/var/log/ispconfig/httpd/'.$data['old']['domain']);
			if($data['old']['domain'] != '' && !stristr($vhost_logfile_dir,'..')) exec('rm -rf '.$vhost_logfile_dir);
			$app->log('Removing website logfile directory: '.$vhost_logfile_dir,LOGLEVEL_DEBUG);


			if($data['old']['type'] == 'vhost') {
			//delete the web user
			$command = 'userdel';
			$command .= ' '.$data['old']['system_user'];
			$command = 'killall -u '.escapeshellcmd($data['old']['system_user']).' ; userdel';
			$command .= ' '.escapeshellcmd($data['old']['system_user']);
			exec($command);
			if($nginx_chrooted) $this->_exec('chroot '.escapeshellcmd($web_config['website_basedir']).' '.$command);

			@@ -2324,6 +2395,15 @@
			}
			}

			private function nginx_replace($matches){
			$location = 'location'.($matches[1] != '' ? ' '.$matches[1] : '').' '.$matches[2].' '.$matches[3];
			if($matches[4] == '##merge##' \|\| $matches[7] == '##merge##') $location .= ' ##merge##';
			$location .= "\n";
			$location .= $matches[5]."\n";
			$location .= $matches[6];
			return $location;
			}

			private function nginx_merge_locations($vhost_conf){

			$lines = explode("\n", $vhost_conf);
			@@ -2332,7 +2412,14 @@
			if(is_array($lines) && !empty($lines)){
			$linecount = sizeof($lines);
			for($h=0;$h<$linecount;$h++){
			// remove comments
			if(substr(trim($lines[$h]),0,1) == '#'){
			unset($lines[$h]);
			continue;
			}

			$lines[$h] = rtrim($lines[$h]);
			/*
			if(substr(ltrim($lines[$h]), 0, 8) == 'location' && strpos($lines[$h], '{') !== false && strpos($lines[$h], ';') !== false){
			$lines[$h] = str_replace("{", "{\n", $lines[$h]);
			$lines[$h] = str_replace(";", ";\n", $lines[$h]);
			@@ -2348,6 +2435,9 @@
			$lines[$h] = substr($lines[$h],0,strpos($lines[$h], '{')).' ##merge##'.substr($lines[$h],strpos($lines[$h], '{')+1);
			}
			}
			*/
			$pattern = '/^[^\S\n]location[^\S\n]+(?:(.+)[^\S\n]+)?(.+)[^\S\n](\{)[^\S\n](##merge##)?[^\S\n](.+)[^\S\n](\})[^\S\n](##merge##)?[^\S\n]*$/';
			$lines[$h] = preg_replace_callback($pattern, array($this, 'nginx_replace') ,$lines[$h]);
			}
			}
			$vhost_conf = implode("\n", $lines);
			@@ -2439,12 +2529,25 @@

			$client_dir = $web_config['website_basedir'].'/clients/client'.$client_id;
			if(is_dir($client_dir) && !stristr($client_dir,'..')) {
			// remove symlinks from $client_dir
			$files = array_diff(scandir($client_dir), array('.','..'));
			if(is_array($files) && !empty($files)){
			foreach($files as $file){
			if(is_link($client_dir.'/'.$file)){
			unlink($client_dir.'/'.$file);
			$app->log('Removed symlink: '.$client_dir.'/'.$file,LOGLEVEL_DEBUG);
			}
			}
			}

			@rmdir($client_dir);
			$app->log('Removed client directory: '.$client_dir,LOGLEVEL_DEBUG);
			}

			$this->_exec('groupdel client'.$client_id);
			$app->log('Removed group client'.$client_id,LOGLEVEL_DEBUG);
			if($app->system->is_group('client'.$client_id)){
			$this->_exec('groupdel client'.$client_id);
			$app->log('Removed group client'.$client_id,LOGLEVEL_DEBUG);
			}
			}

			}