gitlabFork/ISPConfig3.git - Solinfo Gitblit

			@@ -189,7 +189,7 @@
			$app->uses('getconf');
			$web_config = $app->getconf->get_server_config($conf['server_id'], 'web');
			if ($web_config['CA_path']!='' && !file_exists($web_config['CA_path'].'/openssl.cnf'))
			$app->log("CA path error, file does not exist:".$web_config['CA_path'].'/openssl.conf',LOGLEVEL_ERROR);
			$app->log("CA path error, file does not exist:".$web_config['CA_path'].'/openssl.cnf',LOGLEVEL_ERROR);

			//* Only vhosts can have a ssl cert
			if($data["new"]["type"] != "vhost" && $data["new"]["type"] != "vhostsubdomain") return;
			@@ -336,6 +336,7 @@
			//* Write the key file, if field is empty then import the key into the db
			if(trim($data["new"]["ssl_key"]) != '') {
			$app->system->file_put_contents($key_file2,$data["new"]["ssl_key"]);
			$app->system->chmod($key_file2,0400);
			} else {
			$ssl_key2 = $app->db->quote($app->system->file_get_contents($key_file2));
			/* Update the DB of the (local) Server */
			@@ -551,7 +552,7 @@
			exec('chown --recursive --from='.escapeshellcmd($data['old']['system_user']).':'.escapeshellcmd($data['old']['system_group']).' '.escapeshellcmd($data['new']['system_user']).':'.escapeshellcmd($data['new']['system_group']).' '.$new_dir);

			//* Change the home directory and group of the website user
			$command = 'killall -u '.escapeshellcmd($data['new']['system_user']).' && usermod';
			$command = 'killall -u '.escapeshellcmd($data['new']['system_user']).' ; usermod';
			$command .= ' --home '.escapeshellcmd($data['new']['document_root']);
			$command .= ' --gid '.escapeshellcmd($data['new']['system_group']);
			$command .= ' '.escapeshellcmd($data['new']['system_user']).' 2>/dev/null';
			@@ -740,8 +741,8 @@
			exec('chown -R '.$data['new']['system_user'].':'.$data['new']['system_group'].' '.$error_page_path);
			} // end copy error docs

			// Set the quota for the user
			if($username != '' && $app->system->is_user($username)) {
			// Set the quota for the user, but only for vhosts, not vhostsubdomains
			if($username != '' && $app->system->is_user($username) && $data['new']['type'] == 'vhost') {
			if($data['new']['hd_quota'] > 0) {
			$blocks_soft = $data['new']['hd_quota'] * 1024;
			$blocks_hard = $blocks_soft + 1024;
			@@ -762,6 +763,9 @@
			$this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder);
			}
			}

			//* add the Apache user to the client group if this is a vhost and security level is set to high, no matter if this is an insert or update and regardless of set_folder_permissions_on_update
			if($data['new']['type'] == 'vhost' && $web_config['security_level'] == 20) $app->system->add_user_to_group($groupname, escapeshellcmd($web_config['user']));

			//* If the security level is set to high
			if(($this->action == 'insert' && $data['new']['type'] == 'vhost') or ($web_config['set_folder_permissions_on_update'] == 'y' && $data['new']['type'] == 'vhost')) {
			@@ -805,9 +809,6 @@
			$app->system->server_conf['group_datei'] = $tmp_groupfile;
			unset($tmp_groupfile);
			}

			//* add the Apache user to the client group
			$app->system->add_user_to_group($groupname, escapeshellcmd($web_config['user']));

			//* Chown all default directories
			$app->system->chown($data['new']['document_root'],'root');
			@@ -911,16 +912,31 @@
			if(!stristr($data['new']['custom_php_ini'],'open_basedir') && $data['new']['php'] == 'suphp') {
			$data['new']['custom_php_ini'] .= "\nopen_basedir = '".$data['new']['php_open_basedir']."'\n";
			}

			$fastcgi_config = $app->getconf->get_server_config($conf['server_id'], 'fastcgi');

			if(trim($data['new']['fastcgi_php_version']) != ''){
			list($custom_fastcgi_php_name, $custom_fastcgi_php_executable, $custom_fastcgi_php_ini_dir) = explode(':', trim($data['new']['fastcgi_php_version']));
			if(is_file($custom_fastcgi_php_ini_dir)) $custom_fastcgi_php_ini_dir = dirname($custom_fastcgi_php_ini_dir);
			if(substr($custom_fastcgi_php_ini_dir,-1) == '/') $custom_fastcgi_php_ini_dir = substr($custom_fastcgi_php_ini_dir,0,-1);
			}

			//* Create custom php.ini
			if(trim($data['new']['custom_php_ini']) != '') {
			$has_custom_php_ini = true;
			if(!is_dir($custom_php_ini_dir)) $app->system->mkdir($custom_php_ini_dir);
			if(!is_dir($custom_php_ini_dir)) $app->system->mkdirpath($custom_php_ini_dir);
			$php_ini_content = '';
			if($data['new']['php'] == 'mod') {
			$master_php_ini_path = $web_config['php_ini_path_apache'];
			} else {
			if($data["new"]['php'] == 'fast-cgi' && file_exists($fastcgi_config["fastcgi_phpini_path"])) {
			$master_php_ini_path = $fastcgi_config["fastcgi_phpini_path"];
			if($data["new"]['php'] == 'fast-cgi') {
			if(trim($data['new']['fastcgi_php_version']) != '' && file_exists($custom_fastcgi_php_ini_dir)){
			$master_php_ini_path = $custom_fastcgi_php_ini_dir;
			} elseif(file_exists($fastcgi_config["fastcgi_phpini_path"])){
			$master_php_ini_path = $fastcgi_config["fastcgi_phpini_path"];
			} else {
			$master_php_ini_path = $web_config['php_ini_path_cgi'];
			}
			} else {
			$master_php_ini_path = $web_config['php_ini_path_cgi'];
			}
			@@ -1106,7 +1122,7 @@

			// Rewriting
			if($alias['redirect_type'] != '' && $alias['redirect_path'] != '') {
			if(substr($alias['redirect_path'],-1) != '/' && !preg_match('/^(https?\|\[scheme\]):\/\//', $data['new']['redirect_path'])) $alias['redirect_path'] .= '/';
			if(substr($alias['redirect_path'],-1) != '/' && !preg_match('/^(https?\|\[scheme\]):\/\//', $alias['redirect_path'])) $alias['redirect_path'] .= '/';
			if(substr($alias['redirect_path'],0,8) == '[scheme]'){
			$rewrite_target = 'http'.substr($alias['redirect_path'],8);
			$rewrite_target_ssl = 'https'.substr($alias['redirect_path'],8);
			@@ -1190,7 +1206,6 @@
			*/

			if ($data['new']['php'] == 'fast-cgi') {
			$fastcgi_config = $app->getconf->get_server_config($conf['server_id'], 'fastcgi');

			$fastcgi_starter_path = str_replace('[system_user]',$data['new']['system_user'],$fastcgi_config['fastcgi_starter_path']);
			$fastcgi_starter_path = str_replace('[client_id]',$client_id,$fastcgi_starter_path);
			@@ -1213,8 +1228,6 @@
			// Support for multiple PHP versions (FastCGI)
			if(trim($data['new']['fastcgi_php_version']) != ''){
			$default_fastcgi_php = false;
			list($custom_fastcgi_php_name, $custom_fastcgi_php_executable, $custom_fastcgi_php_ini_dir) = explode(':', trim($data['new']['fastcgi_php_version']));
			if(is_file($custom_fastcgi_php_ini_dir)) $custom_fastcgi_php_ini_dir = dirname($custom_fastcgi_php_ini_dir);
			if(substr($custom_fastcgi_php_ini_dir,-1) != '/') $custom_fastcgi_php_ini_dir .= '/';
			} else {
			$default_fastcgi_php = true;
			@@ -1261,7 +1274,6 @@
			} else {
			//remove the php fastgi starter script if available
			if ($data['old']['php'] == 'fast-cgi') {
			$fastcgi_config = $app->getconf->get_server_config($conf['server_id'], 'fastcgi');
			$fastcgi_starter_path = str_replace('[system_user]',$data['old']['system_user'],$fastcgi_config['fastcgi_starter_path']);
			$fastcgi_starter_path = str_replace('[client_id]',$client_id,$fastcgi_starter_path);
			if($data['old']['type'] == 'vhost') {
			@@ -1341,9 +1353,9 @@

			if (!is_dir($cgi_starter_path)) {
			$app->system->mkdirpath($cgi_starter_path);
			$app->system->chmod($cgi_starter_script,0755);
			$app->system->chown($cgi_starter_script,$data['new']['system_user']);
			$app->system->chgrp($cgi_starter_script,$data['new']['system_group']);
			$app->system->chown($cgi_starter_path,$data['new']['system_user']);
			$app->system->chgrp($cgi_starter_path,$data['new']['system_group']);
			$app->system->chmod($cgi_starter_path,0755);

			$app->log('Creating cgi starter script directory: '.$cgi_starter_path,LOGLEVEL_DEBUG);
			}
			@@ -1407,9 +1419,15 @@
			if($data['new']['ssl_domain'] != '' && $data['new']['ssl'] == 'y' && @is_file($crt_file) && @is_file($key_file) && (@filesize($crt_file)>0) && (@filesize($key_file)>0)) {
			$tmp_vhost_arr = array('ip_address' => $data['new']['ip_address'], 'ssl_enabled' => 1, 'port' => '443');
			if(count($rewrite_rules) > 0) $tmp_vhost_arr = $tmp_vhost_arr + array('redirects' => $rewrite_rules);
			if(count($alias_seo_redirects) > 0) $tmp_vhost_arr = $tmp_vhost_arr + array('alias_seo_redirects' => $alias_seo_redirects);
			$ipv4_ssl_alias_seo_redirects = $alias_seo_redirects;
			if(is_array($ipv4_ssl_alias_seo_redirects) && !empty($ipv4_ssl_alias_seo_redirects)){
			for($i=0;$i<count($ipv4_ssl_alias_seo_redirects);$i++){
			$ipv4_ssl_alias_seo_redirects[$i]['ssl_enabled'] = 1;
			}
			}
			if(count($ipv4_ssl_alias_seo_redirects) > 0) $tmp_vhost_arr = $tmp_vhost_arr + array('alias_seo_redirects' => $ipv4_ssl_alias_seo_redirects);
			$vhosts[] = $tmp_vhost_arr;
			unset($tmp_vhost_arr);
			unset($tmp_vhost_arr, $ipv4_ssl_alias_seo_redirects);
			$app->log('Enable SSL for: '.$domain,LOGLEVEL_DEBUG);
			}

			@@ -1437,9 +1455,15 @@
			if($data['new']['ssl_domain'] != '' && $data['new']['ssl'] == 'y' && @is_file($crt_file) && @is_file($key_file) && (@filesize($crt_file)>0) && (@filesize($key_file)>0)) {
			$tmp_vhost_arr = array('ip_address' => '['.$data['new']['ipv6_address'].']', 'ssl_enabled' => 1, 'port' => '443');
			if(count($rewrite_rules) > 0) $tmp_vhost_arr = $tmp_vhost_arr + array('redirects' => $rewrite_rules);
			if(count($alias_seo_redirects) > 0) $tmp_vhost_arr = $tmp_vhost_arr + array('alias_seo_redirects' => $alias_seo_redirects);
			$ipv6_ssl_alias_seo_redirects = $alias_seo_redirects;
			if(is_array($ipv6_ssl_alias_seo_redirects) && !empty($ipv6_ssl_alias_seo_redirects)){
			for($i=0;$i<count($ipv6_ssl_alias_seo_redirects);$i++){
			$ipv6_ssl_alias_seo_redirects[$i]['ssl_enabled'] = 1;
			}
			}
			if(count($ipv6_ssl_alias_seo_redirects) > 0) $tmp_vhost_arr = $tmp_vhost_arr + array('alias_seo_redirects' => $ipv6_ssl_alias_seo_redirects);
			$vhosts[] = $tmp_vhost_arr;
			unset($tmp_vhost_arr);
			unset($tmp_vhost_arr, $ipv6_ssl_alias_seo_redirects);
			$app->log('Enable SSL for IPv6: '.$domain,LOGLEVEL_DEBUG);
			}
			}
			@@ -1510,13 +1534,13 @@
			}

			//* Create .htaccess and .htpasswd file for website statistics
			if(!is_file($data['new']['document_root'].'/' . $web_folder . '/stats/.htaccess') or $data['old']['document_root'] != $data['new']['document_root']) {
			if(!is_dir($data['new']['document_root'].'/' . $web_folder . '/stats')) $app->system->mkdir($data['new']['document_root'].'/' . $web_folder . '/stats');
			$ht_file = "AuthType Basic\nAuthName \"Members Only\"\nAuthUserFile ".$data['new']['document_root']."/web/stats/.htpasswd_stats\nrequire valid-user";
			$app->system->file_put_contents($data['new']['document_root'].'/' . $web_folder . '/stats/.htaccess',$ht_file);
			$app->system->chmod($data['new']['document_root'].'/' . $web_folder . '/stats/.htaccess',0755);
			unset($ht_file);
			}
			//if(!is_file($data['new']['document_root'].'/' . $web_folder . '/stats/.htaccess') or $data['old']['document_root'] != $data['new']['document_root']) {
			if(!is_dir($data['new']['document_root'].'/' . $web_folder . '/stats')) $app->system->mkdir($data['new']['document_root'].'/' . $web_folder . '/stats');
			$ht_file = "AuthType Basic\nAuthName \"Members Only\"\nAuthUserFile ".$data['new']['document_root']."/web/stats/.htpasswd_stats\nrequire valid-user";
			$app->system->file_put_contents($data['new']['document_root'].'/' . $web_folder . '/stats/.htaccess',$ht_file);
			$app->system->chmod($data['new']['document_root'].'/' . $web_folder . '/stats/.htaccess',0755);
			unset($ht_file);
			//}

			if(!is_file($data['new']['document_root'].'/web/stats/.htpasswd_stats') \|\| $data['new']['stats_password'] != $data['old']['stats_password']) {
			if(trim($data['new']['stats_password']) != '') {
			@@ -1541,7 +1565,8 @@
			$apache_online_status_before_restart = $this->_checkTcp('localhost',80);
			$app->log('Apache status is: '.$apache_online_status_before_restart,LOGLEVEL_DEBUG);

			$app->services->restartService('httpd','restart');
			$retval = $app->services->restartService('httpd','restart'); // $retval['retval'] is 0 on success and > 0 on failure
			$app->log('Apache restart return value is: '.$retval['retval'],LOGLEVEL_DEBUG);

			// wait a few seconds, before we test the apache status again
			$apache_online_status_after_restart = false;
			@@ -1553,8 +1578,41 @@
			}
			//* Check if apache restarted successfully if it was online before
			$app->log('Apache online status after restart is: '.$apache_online_status_after_restart,LOGLEVEL_DEBUG);
			if($apache_online_status_before_restart && !$apache_online_status_after_restart) {
			$app->log('Apache did not restart after the configuration change for website '.$data['new']['domain'].' Reverting the configuration. Saved non-working config as '.$vhost_file.'.err',LOGLEVEL_WARN);
			if($apache_online_status_before_restart && !$apache_online_status_after_restart \|\| $retval['retval'] > 0) {
			$app->log('Apache did not restart after the configuration change for website '.$data['new']['domain'].'. Reverting the configuration. Saved non-working config as '.$vhost_file.'.err',LOGLEVEL_WARN);
			if(is_array($retval['output']) && !empty($retval['output'])){
			$app->log('Reason for Apache restart failure: '.implode("\n", $retval['output']),LOGLEVEL_WARN);
			} else {
			// if no output is given, check again
			$webserver_binary = '';
			exec('which apache2', $webserver_check_output, $webserver_check_retval);
			if($webserver_check_retval == 0){
			$webserver_binary = 'apache2';
			} else {
			unset($webserver_check_output, $webserver_check_retval);
			exec('which httpd2', $webserver_check_output, $webserver_check_retval);
			if($webserver_check_retval == 0){
			$webserver_binary = 'httpd2';
			} else {
			unset($webserver_check_output, $webserver_check_retval);
			exec('which httpd', $webserver_check_output, $webserver_check_retval);
			if($webserver_check_retval == 0){
			$webserver_binary = 'httpd';
			} else {
			unset($webserver_check_output, $webserver_check_retval);
			exec('which apache', $webserver_check_output, $webserver_check_retval);
			if($webserver_check_retval == 0){
			$webserver_binary = 'apache';
			}
			}
			}
			}
			if($webserver_binary != ''){
			exec($webserver_binary.' -t 2>&1', $tmp_output, $tmp_retval);
			if($tmp_retval > 0 && is_array($tmp_output) && !empty($tmp_output)) $app->log('Reason for Apache restart failure: '.implode("\n", $tmp_output),LOGLEVEL_WARN);
			unset($tmp_output, $tmp_retval);
			}
			}
			$app->system->copy($vhost_file,$vhost_file.'.err');
			if(is_file($vhost_file.'~')) {
			//* Copy back the last backup file
			@@ -1641,6 +1699,7 @@
			$app->uses('getconf');
			$app->uses('system');
			$web_config = $app->getconf->get_server_config($conf['server_id'], 'web');
			$fastcgi_config = $app->getconf->get_server_config($conf['server_id'], 'fastcgi');

			if($data['old']['type'] == 'vhost' \|\| $data['old']['type'] == 'vhostsubdomain') $app->system->web_folder_protection($data['old']['document_root'],false);

			@@ -1703,10 +1762,12 @@
			if($data['old']['type'] == 'vhost' \|\| $data['old']['type'] == 'vhostsubdomain'){
			if(is_array($log_folders) && !empty($log_folders)){
			foreach($log_folders as $log_folder){
			if($app->system->is_mounted($data['old']['document_root'].'/'.$log_folder)) exec('umount '.escapeshellarg($data['old']['document_root'].'/'.$log_folder));
			//if($app->system->is_mounted($data['old']['document_root'].'/'.$log_folder)) exec('umount '.escapeshellarg($data['old']['document_root'].'/'.$log_folder));
			exec('umount '.escapeshellarg($data['old']['document_root'].'/'.$log_folder).' 2>/dev/null');
			}
			} else {
			if($app->system->is_mounted($data['old']['document_root'].'/'.$log_folder)) exec('umount '.escapeshellarg($data['old']['document_root'].'/'.$log_folder));
			//if($app->system->is_mounted($data['old']['document_root'].'/'.$log_folder)) exec('umount '.escapeshellarg($data['old']['document_root'].'/'.$log_folder));
			exec('umount '.escapeshellarg($data['old']['document_root'].'/'.$log_folder).' 2>/dev/null');
			}
			}

			@@ -1820,13 +1881,13 @@

			//remove the php fastgi starter script if available
			if ($data['old']['php'] == 'fast-cgi') {
			$fastcgi_starter_path = str_replace('[system_user]',$data['old']['system_user'],$web_config['fastcgi_starter_path']);
			$fastcgi_starter_path = str_replace('[system_user]',$data['old']['system_user'],$fastcgi_config['fastcgi_starter_path']);
			if($data['old']['type'] == 'vhost') {
			if (is_dir($fastcgi_starter_path)) {
			exec('rm -rf '.$fastcgi_starter_path);
			}
			} else {
			$fcgi_starter_script = $fastcgi_starter_path.$web_config['fastcgi_starter_script'].'_web'.$data['old']['domain_id'];
			$fcgi_starter_script = $fastcgi_starter_path.$fastcgi_config['fastcgi_starter_script'].'_web'.$data['old']['domain_id'];
			if (file_exists($fcgi_starter_script)) {
			exec('rm -f '.$fcgi_starter_script);
			}
			@@ -1886,7 +1947,7 @@

			if($data['old']['type'] == 'vhost') {
			//delete the web user
			$command = 'killall -u '.escapeshellcmd($data['old']['system_user']).' && userdel';
			$command = 'killall -u '.escapeshellcmd($data['old']['system_user']).' ; userdel';
			$command .= ' '.escapeshellcmd($data['old']['system_user']);
			exec($command);
			if($apache_chrooted) $this->_exec('chroot '.escapeshellcmd($web_config['website_basedir']).' '.$command);
			@@ -2829,8 +2890,10 @@
			$app->log('Removed client directory: '.$client_dir,LOGLEVEL_DEBUG);
			}

			$this->_exec('groupdel client'.$client_id);
			$app->log('Removed group client'.$client_id,LOGLEVEL_DEBUG);
			if($app->system->is_group('client'.$client_id)){
			$this->_exec('groupdel client'.$client_id);
			$app->log('Removed group client'.$client_id,LOGLEVEL_DEBUG);
			}
			}

			}