| interface/lib/classes/aps_base.inc.php | ●●●●● patch | view | raw | blame | history | |
| interface/lib/classes/aps_crawler.inc.php | ●●●●● patch | view | raw | blame | history | |
| interface/lib/classes/aps_guicontroller.inc.php | ●●●●● patch | view | raw | blame | history | |
| server/lib/classes/aps_base.inc.php | ●●●●● patch | view | raw | blame | history | |
| server/lib/classes/aps_installer.inc.php | ●●●●● patch | view | raw | blame | history |
interface/lib/classes/aps_base.inc.php
@@ -43,9 +43,6 @@ class ApsBase { protected $app = null; protected $db = null; protected $log_prefix = ''; protected $fetch_url = ''; protected $aps_version = ''; @@ -63,9 +60,6 @@ */ public function __construct($app, $log_prefix = 'APS: ', $interface_mode = false) { $this->db = $app->db; $this->app = $app; $this->log_prefix = $log_prefix; $this->interface_mode = $interface_mode; $this->fetch_url = 'apscatalog.com'; interface/lib/classes/aps_crawler.inc.php
@@ -54,6 +54,8 @@ */ private function checkRequirements() { global $app; try { // Check if allow_url_fopen is enabled @@ -77,7 +79,7 @@ } catch(Exception $e) { $this->app->log($this->log_prefix.'Aborting execution because '.$e->getMessage(), LOGLEVEL_ERROR); $app->log($this->log_prefix.'Aborting execution because '.$e->getMessage(), LOGLEVEL_ERROR); return false; } } @@ -213,6 +215,8 @@ */ public function startCrawler() { global $app; try { // Make sure the requirements are given so that this script can execute @@ -220,7 +224,7 @@ if(!$req_ret) return false; // Execute the open task and first fetch all vendors (APS catalog API 1.1, p. 12) $this->app->log($this->log_prefix.'Fetching data from '.$this->fetch_url); $app->log($this->log_prefix.'Fetching data from '.$this->fetch_url); $vendor_page = $this->fetchPage('/all-app/'); //$vendor_page = $this->fetchPage('/'.$this->aps_version.'/'); preg_match_all("/\<a href=\"(.+)\/\" class=\"vendor\"/i", $vendor_page, $matches); @@ -242,7 +246,7 @@ // Get all known apps from the database and the highest known version // Note: A dirty hack is used for numerical sorting of the VARCHAR field Version: +0 -> cast // A longer but typesafe way would be: ORDER BY CAST(REPLACE(Version, '.', '') AS UNSIGNED) DESC $existing_apps = $this->db->queryAllRecords("SELECT * FROM ( $existing_apps = $app->db->queryAllRecords("SELECT * FROM ( SELECT name AS Name, CONCAT(version, '-', CAST(`release` AS CHAR)) AS CurrentVersion FROM aps_packages ORDER BY REPLACE(version, '.', '')+0 DESC, `release` DESC ) as Versions GROUP BY name"); @@ -325,14 +329,14 @@ if(file_exists($old_folder)) $this->removeDirectory($old_folder); /* $this->db->query("UPDATE aps_packages SET package_status = '".PACKAGE_OUTDATED."' WHERE name = '". $this->db->quote($app_name)."' AND CONCAT(version, '-', CAST(`release` AS CHAR)) = '". $this->db->quote($ex_ver)."';"); $app->db->query("UPDATE aps_packages SET package_status = '".PACKAGE_OUTDATED."' WHERE name = '". $app->db->quote($app_name)."' AND CONCAT(version, '-', CAST(`release` AS CHAR)) = '". $app->db->quote($ex_ver)."';"); */ $tmp = $this->db->queryOneRecord("SELECT id FROM aps_packages WHERE name = '". $this->db->quote($app_name)."' AND CONCAT(version, '-', CAST(`release` AS CHAR)) = '". $this->db->quote($ex_ver)."';"); $this->db->datalogUpdate('aps_packages', "package_status = ".PACKAGE_OUTDATED, 'id', $tmp['id']); $tmp = $app->db->queryOneRecord("SELECT id FROM aps_packages WHERE name = '". $app->db->quote($app_name)."' AND CONCAT(version, '-', CAST(`release` AS CHAR)) = '". $app->db->quote($ex_ver)."';"); $app->db->datalogUpdate('aps_packages', "package_status = ".PACKAGE_OUTDATED, 'id', $tmp['id']); unset($tmp); } @@ -446,19 +450,19 @@ if($apps_to_dl_chunks[$i][$j]['filesize'] != 0 && $apps_to_dl_chunks[$i][$j]['filesize'] != filesize($apps_to_dl_chunks[$i][$j]['localtarget'])) { $this->app->log($this->log_prefix.' The filesize of the package "'. $app->log($this->log_prefix.' The filesize of the package "'. $apps_to_dl_chunks[$i][$j]['name'].'" is wrong. Download failure?', LOGLEVEL_WARN); } } } $this->app->log($this->log_prefix.'Processed '.$apps_in_repo. $app->log($this->log_prefix.'Processed '.$apps_in_repo. ' apps from the repo. Downloaded '.$apps_updated. ' updates, '.$apps_downloaded.' new apps'); } catch(Exception $e) { $this->app->log($this->log_prefix.$e->getMessage(), LOGLEVEL_ERROR); $app->log($this->log_prefix.$e->getMessage(), LOGLEVEL_ERROR); return false; } } @@ -472,6 +476,8 @@ */ public function parseFolderToDB() { global $app; try { // This method must be used in server mode @@ -491,14 +497,14 @@ // Get registered packages and mark non-existant packages with an error code to omit the install $existing_packages = array(); $path_query = $this->db->queryAllRecords('SELECT path AS Path FROM aps_packages;'); $path_query = $app->db->queryAllRecords('SELECT path AS Path FROM aps_packages;'); foreach($path_query as $path) $existing_packages[] = $path['Path']; $diff = array_diff($existing_packages, $pkg_list); foreach($diff as $todelete) { /*$this->db->query("UPDATE aps_packages SET package_status = '".PACKAGE_ERROR_NOMETA."' WHERE path = '".$this->db->quote($todelete)."';");*/ $tmp = $this->db->queryOneRecord("SELECT id FROM aps_packages WHERE path = '".$this->db->quote($todelete)."';"); $this->db->datalogUpdate('aps_packages', "package_status = ".PACKAGE_ERROR_NOMETA, 'id', $tmp['id']); /*$app->db->query("UPDATE aps_packages SET package_status = '".PACKAGE_ERROR_NOMETA."' WHERE path = '".$app->db->quote($todelete)."';");*/ $tmp = $app->db->queryOneRecord("SELECT id FROM aps_packages WHERE path = '".$app->db->quote($todelete)."';"); $app->db->datalogUpdate('aps_packages', "package_status = ".PACKAGE_ERROR_NOMETA, 'id', $tmp['id']); unset($tmp); } @@ -510,7 +516,7 @@ $metafile = $this->interface_pkg_dir.'/'.$pkg.'/APP-META.xml'; if(!file_exists($metafile)) { $this->app->log($this->log_prefix.'Cannot read metadata from '.$pkg, LOGLEVEL_ERROR); $app->log($this->log_prefix.'Cannot read metadata from '.$pkg, LOGLEVEL_ERROR); continue; } @@ -527,25 +533,25 @@ $pkg_release = parent::getXPathValue($sxe, 'release'); /* $this->db->query("INSERT INTO `aps_packages` $app->db->query("INSERT INTO `aps_packages` (`path`, `name`, `category`, `version`, `release`, `package_status`) VALUES ('".$this->db->quote($pkg)."', '".$this->db->quote($pkg_name)."', '".$this->db->quote($pkg_category)."', '".$this->db->quote($pkg_version)."', ".$this->db->quote($pkg_release).", ".PACKAGE_ENABLED.");"); ('".$app->db->quote($pkg)."', '".$app->db->quote($pkg_name)."', '".$app->db->quote($pkg_category)."', '".$app->db->quote($pkg_version)."', ".$app->db->quote($pkg_release).", ".PACKAGE_ENABLED.");"); */ $insert_data = "(`path`, `name`, `category`, `version`, `release`, `package_url`, `package_status`) VALUES ('".$this->db->quote($pkg)."', '".$this->db->quote($pkg_name)."', '".$this->db->quote($pkg_category)."', '".$this->db->quote($pkg_version)."', ".$this->db->quote($pkg_release).", '".$this->db->quote($this->app_download_url_list[$pkg])."', ".PACKAGE_ENABLED.");"; ('".$app->db->quote($pkg)."', '".$app->db->quote($pkg_name)."', '".$app->db->quote($pkg_category)."', '".$app->db->quote($pkg_version)."', ".$app->db->quote($pkg_release).", '".$app->db->quote($this->app_download_url_list[$pkg])."', ".PACKAGE_ENABLED.");"; $this->app->db->datalogInsert('aps_packages', $insert_data, 'id'); $app->db->datalogInsert('aps_packages', $insert_data, 'id'); } } catch(Exception $e) { $this->app->log($this->log_prefix.$e->getMessage(), LOGLEVEL_ERROR); $this->app->error($e->getMessage()); $app->log($this->log_prefix.$e->getMessage(), LOGLEVEL_ERROR); $app->error($e->getMessage()); return false; } } interface/lib/classes/aps_guicontroller.inc.php
@@ -87,11 +87,12 @@ */ private function getCustomerIDFromDomain($domain) { global $app; $customerid = 0; $customerdata = $this->db->queryOneRecord("SELECT client_id FROM sys_group, web_domain $customerdata = $app->db->queryOneRecord("SELECT client_id FROM sys_group, web_domain WHERE web_domain.sys_groupid = sys_group.groupid AND web_domain.domain = '".$this->db->quote($domain)."';"); AND web_domain.domain = '".$app->db->quote($domain)."';"); if(!empty($customerdata)) $customerid = $customerdata['client_id']; return $customerid; @@ -106,18 +107,19 @@ */ private function getInstanceDataForDatalog($instanceid) { global $app; $webserver_id = ''; $websrv = $this->db->queryOneRecord("SELECT server_id FROM web_domain $websrv = $app->db->queryOneRecord("SELECT server_id FROM web_domain WHERE domain = (SELECT value FROM aps_instances_settings WHERE name = 'main_domain' AND instance_id = ".$this->db->quote($instanceid).");"); WHERE name = 'main_domain' AND instance_id = ".$app->db->quote($instanceid).");"); // If $websrv is empty, an error has occured. Domain no longer existing? Settings table damaged? // Anyhow, remove this instance record because it's not useful at all if(empty($websrv)) { $this->db->query("DELETE FROM aps_instances WHERE id = ".$this->db->quote($instanceid).";"); $this->db->query("DELETE FROM aps_instances_settings WHERE instance_id = ".$this->db->quote($instanceid).";"); $app->db->query("DELETE FROM aps_instances WHERE id = ".$app->db->quote($instanceid).";"); $app->db->query("DELETE FROM aps_instances_settings WHERE instance_id = ".$app->db->quote($instanceid).";"); } else $webserver_id = $websrv['server_id']; @@ -133,12 +135,14 @@ */ public function getNewestPackageID($id) { global $app; if(preg_match('/^[0-9]+$/', $id) != 1) return 0; $result = $this->db->queryOneRecord("SELECT id, name, $result = $app->db->queryOneRecord("SELECT id, name, CONCAT(version, '-', CAST(`release` AS CHAR)) AS current_version FROM aps_packages WHERE name = (SELECT name FROM aps_packages WHERE id = ".$this->db->quote($id).") WHERE name = (SELECT name FROM aps_packages WHERE id = ".$app->db->quote($id).") ORDER BY REPLACE(version, '.', '')+0 DESC, `release` DESC"); if(!empty($result) && ($id != $result['id'])) return $result['id']; @@ -155,13 +159,15 @@ */ public function isValidPackageID($id, $is_admin = false) { global $app; if(preg_match('/^[0-9]+$/', $id) != 1) return false; $sql_ext = (!$is_admin) ? 'package_status = '.PACKAGE_ENABLED.' AND' : '(package_status = '.PACKAGE_ENABLED.' OR package_status = '.PACKAGE_LOCKED.') AND'; $result = $this->db->queryOneRecord("SELECT id FROM aps_packages WHERE ".$sql_ext." id = ".$this->db->quote($id).";"); $result = $app->db->queryOneRecord("SELECT id FROM aps_packages WHERE ".$sql_ext." id = ".$app->db->quote($id).";"); if(!$result) return false; return true; @@ -177,12 +183,14 @@ */ public function isValidInstanceID($id, $client_id, $is_admin = false) { global $app; if(preg_match('/^[0-9]+$/', $id) != 1) return false; // Only filter if not admin $sql_ext = (!$is_admin) ? 'customer_id = '.$this->db->quote($client_id).' AND' : ''; $sql_ext = (!$is_admin) ? 'customer_id = '.$app->db->quote($client_id).' AND' : ''; $result = $this->db->queryOneRecord('SELECT id FROM aps_instances WHERE '.$sql_ext.' id = '.$this->db->quote($id).';'); $result = $app->db->queryOneRecord('SELECT id FROM aps_instances WHERE '.$sql_ext.' id = '.$app->db->quote($id).';'); if(!$result) return false; return true; @@ -202,15 +210,15 @@ $app->uses('tools_sites'); $webserver_id = 0; $websrv = $this->db->queryOneRecord("SELECT * FROM web_domain WHERE domain = '".$this->db->quote($settings['main_domain'])."';"); $websrv = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain = '".$app->db->quote($settings['main_domain'])."';"); if(!empty($websrv)) $webserver_id = $websrv['server_id']; $customerid = $this->getCustomerIDFromDomain($settings['main_domain']); if(empty($settings) || empty($webserver_id)) return false; //* Get server config of the web server $this->app->uses("getconf"); $web_config = $this->app->getconf->get_server_config($app->functions->intval($websrv["server_id"]),'web'); $app->uses("getconf"); $web_config = $app->getconf->get_server_config($app->functions->intval($websrv["server_id"]),'web'); //* Set mysql mode to php-fcgi and enable suexec in website on apache servers if($web_config['server_type'] == 'apache') { @@ -220,7 +228,7 @@ } //* Create the MySQL database for the application $pkg = $this->db->queryOneRecord('SELECT * FROM aps_packages WHERE id = '.$this->db->quote($packageid).';'); $pkg = $app->db->queryOneRecord('SELECT * FROM aps_packages WHERE id = '.$app->db->quote($packageid).';'); $metafile = $this->interface_pkg_dir.'/'.$pkg['path'].'/APP-META.xml'; $sxe = $this->readInMetaFile($metafile); @@ -283,14 +291,14 @@ } //* Insert new package instance $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `customer_id`, `package_id`, `instance_status`) VALUES (".$websrv['sys_userid'].", ".$websrv['sys_groupid'].", 'riud', '".$websrv['sys_perm_group']."', '', ".$this->db->quote($webserver_id).",".$this->db->quote($customerid).", ".$this->db->quote($packageid).", ".INSTANCE_PENDING.")"; $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `customer_id`, `package_id`, `instance_status`) VALUES (".$websrv['sys_userid'].", ".$websrv['sys_groupid'].", 'riud', '".$websrv['sys_perm_group']."', '', ".$app->db->quote($webserver_id).",".$app->db->quote($customerid).", ".$app->db->quote($packageid).", ".INSTANCE_PENDING.")"; $InstanceID = $app->db->datalogInsert('aps_instances', $insert_data, 'id'); //* Insert all package settings if(is_array($settings)) { foreach($settings as $key => $value) { $insert_data = "(server_id, instance_id, name, value) VALUES (".$this->db->quote($webserver_id).",".$this->db->quote($InstanceID).", '".$this->db->quote($key)."', '".$this->db->quote($value)."')"; $this->db->datalogInsert('aps_instances_settings', $insert_data, 'id'); $insert_data = "(server_id, instance_id, name, value) VALUES (".$app->db->quote($webserver_id).",".$app->db->quote($InstanceID).", '".$app->db->quote($key)."', '".$app->db->quote($value)."')"; $app->db->datalogInsert('aps_instances_settings', $insert_data, 'id'); } } @@ -308,23 +316,23 @@ { global $app; /* $this->db->query("UPDATE aps_instances SET instance_status = ".INSTANCE_REMOVE." WHERE id = ".$instanceid.";"); $app->db->query("UPDATE aps_instances SET instance_status = ".INSTANCE_REMOVE." WHERE id = ".$instanceid.";"); $webserver_id = $this->getInstanceDataForDatalog($instanceid); if($webserver_id == '') return; // Create a sys_datalog entry for deletion $datalog = array('Instance_id' => $instanceid, 'server_id' => $webserver_id); $this->db->datalogSave('aps', 'DELETE', 'id', $instanceid, array(), $datalog); $app->db->datalogSave('aps', 'DELETE', 'id', $instanceid, array(), $datalog); */ $sql = "SELECT web_database.database_id as database_id, web_database.database_user_id as `database_user_id` FROM aps_instances_settings, web_database WHERE aps_instances_settings.value = web_database.database_name AND aps_instances_settings.value = aps_instances_settings.name = 'main_database_name' AND aps_instances_settings.instance_id = ".$instanceid." LIMIT 0,1"; $tmp = $this->db->queryOneRecord($sql); if($tmp['database_id'] > 0) $this->db->datalogDelete('web_database', 'database_id', $tmp['database_id']); $tmp = $app->db->queryOneRecord($sql); if($tmp['database_id'] > 0) $app->db->datalogDelete('web_database', 'database_id', $tmp['database_id']); $database_user = $tmp['database_user_id']; $tmp = $this->db->queryOneRecord("SELECT COUNT(*) as `cnt` FROM `web_database` WHERE `database_user_id` = '" . $app->functions->intval($database_user) . "' OR `database_ro_user_id` = '" . $app->functions->intval($database_user) . "'"); if($tmp['cnt'] < 1) $this->db->datalogDelete('web_database_user', 'database_user_id', $database_user); $tmp = $app->db->queryOneRecord("SELECT COUNT(*) as `cnt` FROM `web_database` WHERE `database_user_id` = '" . $app->functions->intval($database_user) . "' OR `database_ro_user_id` = '" . $app->functions->intval($database_user) . "'"); if($tmp['cnt'] < 1) $app->db->datalogDelete('web_database_user', 'database_user_id', $database_user); $app->db->datalogUpdate('aps_instances', "instance_status = ".INSTANCE_REMOVE, 'id', $instanceid); @@ -338,22 +346,24 @@ */ public function reinstallInstance($instanceid) { global $app; /* $this->db->query("UPDATE aps_instances SET instance_status = ".INSTANCE_INSTALL." WHERE id = ".$instanceid.";"); $app->db->query("UPDATE aps_instances SET instance_status = ".INSTANCE_INSTALL." WHERE id = ".$instanceid.";"); $webserver_id = $this->getInstanceDataForDatalog($instanceid); if($webserver_id == '') return; // Create a sys_datalog entry for re-installation $datalog = array('instance_id' => $instanceid, 'server_id' => $webserver_id); $this->db->datalogSave('aps', 'INSERT', 'id', $instanceid, array(), $datalog); $app->db->datalogSave('aps', 'INSERT', 'id', $instanceid, array(), $datalog); */ $sql = "SELECT web_database.database_id as database_id FROM aps_instances_settings, web_database WHERE aps_instances_settings.value = web_database.database_name AND aps_instances_settings.value = aps_instances_settings.name = 'main_database_name' AND aps_instances_settings.instance_id = ".$instanceid." LIMIT 0,1"; $tmp = $this->db->queryOneRecord($sql); if($tmp['database_id'] > 0) $this->db->datalogDelete('web_database', 'database_id', $tmp['database_id']); $tmp = $app->db->queryOneRecord($sql); if($tmp['database_id'] > 0) $app->db->datalogDelete('web_database', 'database_id', $tmp['database_id']); $this->db->datalogUpdate('aps_instances', "instance_status = ".INSTANCE_INSTALL, 'id', $instanceid); $app->db->datalogUpdate('aps_instances', "instance_status = ".INSTANCE_INSTALL, 'id', $instanceid); } /** @@ -364,7 +374,9 @@ */ public function getPackageSettings($id) { $pkg = $this->db->queryOneRecord('SELECT * FROM aps_packages WHERE id = '.$this->db->quote($id).';'); global $app; $pkg = $app->db->queryOneRecord('SELECT * FROM aps_packages WHERE id = '.$app->db->quote($id).';'); // Load in meta file if existing and register its namespaces $metafile = $this->interface_pkg_dir.'/'.$pkg['path'].'/APP-META.xml'; @@ -460,10 +472,10 @@ // Main domain (obligatory) if(isset($postinput['main_domain'])) { if(!in_array($postinput['main_domain'], $domains)) $error[] = $this->app->lng('error_main_domain'); if(!in_array($postinput['main_domain'], $domains)) $error[] = $app->lng('error_main_domain'); else $input['main_domain'] = $postinput['main_domain']; } else $error[] = $this->app->lng('error_main_domain'); else $error[] = $app->lng('error_main_domain'); // Main location (not obligatory but must be supplied) if(isset($postinput['main_location'])) @@ -478,13 +490,13 @@ $main_location = $this->secureLocation($main_location); // Only allow digits, words, / and - $main_location = preg_replace("/[^\d\w\/\-]/i", "", $main_location); if($userinput && (strlen($main_location) == 0)) $temp_errstr = $this->app->lng('error_inv_main_location'); if($userinput && (strlen($main_location) == 0)) $temp_errstr = $app->lng('error_inv_main_location'); // Find out document_root and make sure no apps are installed twice to one location if(in_array($postinput['main_domain'], $domains)) { $docroot = $this->db->queryOneRecord("SELECT document_root FROM web_domain WHERE domain = '".$this->db->quote($postinput['main_domain'])."';"); $docroot = $app->db->queryOneRecord("SELECT document_root FROM web_domain WHERE domain = '".$app->db->quote($postinput['main_domain'])."';"); $new_path = $docroot['document_root']; if(substr($new_path, -1) != '/') $new_path .= '/'; $new_path .= $main_location; @@ -496,16 +508,16 @@ // and get the corresponding document roots as well as the defined // locations. If an existing doc_root + location matches with the // new one -> error $instance_domains = $this->db->queryAllRecords("SELECT instance_id, s.value AS domain $instance_domains = $app->db->queryAllRecords("SELECT instance_id, s.value AS domain FROM aps_instances AS i, aps_instances_settings AS s WHERE i.id = s.instance_id AND s.name = 'main_domain' AND i.customer_id = '".$this->db->quote($customerid)."';"); AND i.customer_id = '".$app->db->quote($customerid)."';"); for($i = 0; $i < count($instance_domains); $i++) { $used_path = ''; $doc_root = $this->db->queryOneRecord("SELECT document_root FROM web_domain WHERE domain = '".$this->db->quote($instance_domains[$i]['domain'])."';"); $doc_root = $app->db->queryOneRecord("SELECT document_root FROM web_domain WHERE domain = '".$app->db->quote($instance_domains[$i]['domain'])."';"); // Probably the domain settings were changed later, so make sure the doc_root // is not empty for further validation @@ -514,34 +526,34 @@ $used_path = $docroot['document_root']; if(substr($used_path, -1) != '/') $used_path .= '/'; $location_for_domain = $this->db->queryOneRecord("SELECT value $location_for_domain = $app->db->queryOneRecord("SELECT value FROM aps_instances_settings WHERE name = 'main_location' AND instance_id = '".$this->db->quote($instance_domains[$i]['instance_id'])."';"); AND instance_id = '".$app->db->quote($instance_domains[$i]['instance_id'])."';"); // The location might be empty but the DB return must not be false! if($location_for_domain) $used_path .= $location_for_domain['value']; if($new_path == $used_path) { $temp_errstr = $this->app->lng('error_used_location'); $temp_errstr = $app->lng('error_used_location'); break; } } } } else $temp_errstr = $this->app->lng('error_main_domain'); else $temp_errstr = $app->lng('error_main_domain'); if($temp_errstr == '') $input['main_location'] = htmlspecialchars($main_location); else $error[] = $temp_errstr; } else $error[] = $this->app->lng('error_no_main_location'); else $error[] = $app->lng('error_no_main_location'); // License (the checkbox must be set) if(isset($pkg_details['License need agree']) && $pkg_details['License need agree'] == 'true') { if(isset($postinput['license']) && $postinput['license'] == 'on') $input['license'] = 'true'; else $error[] = $this->app->lng('error_license_agreement'); else $error[] = $app->lng('error_license_agreement'); } // Database @@ -550,12 +562,12 @@ { if(isset($postinput['main_database_password'])) { if($postinput['main_database_password'] == '') $error[] = $this->app->lng('error_no_database_pw'); if($postinput['main_database_password'] == '') $error[] = $app->lng('error_no_database_pw'); else if(strlen($postinput['main_database_password']) > 8) $input['main_database_password'] = htmlspecialchars($postinput['main_database_password']); else $error[] = $this->app->lng('error_short_database_pw'); else $error[] = $app->lng('error_short_database_pw'); } else $error[] = $this->app->lng('error_no_database_pw'); else $error[] = $app->lng('error_no_database_pw'); } // Validate the package settings @@ -572,36 +584,36 @@ { if($app->functions->intval($setting['SettingMinLength'], true) != 0 && strlen($postinput[$setting_id]) < $app->functions->intval($setting['SettingMinLength'], true)) $temp_errstr = sprintf($this->app->lng('error_short_value_for'), $setting['setting_name']); $temp_errstr = sprintf($app->lng('error_short_value_for'), $setting['setting_name']); if($app->functions->intval($setting['SettingMaxLength'], true) != 0 && strlen($postinput[$setting_id]) > $app->functions->intval($setting['SettingMaxLength'], true)) $temp_errstr = sprintf($this->app->lng('error_long_value_for'), $setting['setting_name']); $temp_errstr = sprintf($app->lng('error_long_value_for'), $setting['setting_name']); if(isset($setting['SettingRegex']) && !preg_match("/".$setting['SettingRegex']."/", $postinput[$setting_id])) $temp_errstr = sprintf($this->app->lng('error_inv_value_for'), $setting['setting_name']); $temp_errstr = sprintf($app->lng('error_inv_value_for'), $setting['setting_name']); } else if($setting['SettingType'] == 'email') { if(filter_var(strtolower($postinput[$setting_id]), FILTER_VALIDATE_EMAIL) === false) $temp_errstr = sprintf($this->app->lng('error_inv_email_for'), $setting['setting_name']); $temp_errstr = sprintf($app->lng('error_inv_email_for'), $setting['setting_name']); } else if($setting['SettingType'] == 'domain-name') { if(!preg_match("^(http|https)\://([a-zA-Z0-9\.\-]+(\:[a-zA-Z0-9\.&%\$\-]+)*@)*((25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|[1-9])\.(25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|[1-9]|0)\.(25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|[1-9]|0)\.(25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|[0-9])|localhost|([a-zA-Z0-9\-]+\.)*[a-zA-Z0-9\-]+\.(com|edu|gov|int|mil|net|org|biz|arpa|info|name|pro|aero|coop|museum|[a-zA-Z]{2}))(\:[0-9]+)*(/($|[a-zA-Z0-9\.\,\?\'\\\+&%\$#\=~_\-]+))*$", $postinput[$setting_id])) $temp_errstr = sprintf($this->app->lng('error_inv_domain_for'), $setting['setting_name']); $temp_errstr = sprintf($app->lng('error_inv_domain_for'), $setting['setting_name']); } else if($setting['SettingType'] == 'integer') { if(filter_var($postinput[$setting_id], FILTER_VALIDATE_INT) === false) $temp_errstr = sprintf($this->app->lng('error_inv_integer_for'), $setting['setting_name']); $temp_errstr = sprintf($app->lng('error_inv_integer_for'), $setting['setting_name']); } else if($setting['SettingType'] == 'float') { if(filter_var($postinput[$setting_id], FILTER_VALIDATE_FLOAT) === false) $temp_errstr = sprintf($this->app->lng('error_inv_float_for'), $setting['setting_name']); $temp_errstr = sprintf($app->lng('error_inv_float_for'), $setting['setting_name']); } else if($setting['SettingType'] == 'boolean') { @@ -618,13 +630,13 @@ if($setting['SettingChoices'][$i]['EnumID'] == $postinput[$setting_id]) $found = true; } if(!$found) $temp_errstr = sprintf($this->app->lng('error_inv_value_for'), $setting['SettingName']); if(!$found) $temp_errstr = sprintf($app->lng('error_inv_value_for'), $setting['SettingName']); } if($temp_errstr == '') $input[$setting_id] = $postinput[$setting_id]; else $error[] = $temp_errstr; } else $error[] = sprintf($this->app->lng('error_no_value_for'), $setting['SettingName']); else $error[] = sprintf($app->lng('error_no_value_for'), $setting['SettingName']); } $ret['input'] = $input; @@ -641,7 +653,9 @@ */ public function getPackageDetails($id) { $pkg = $this->db->queryOneRecord('SELECT * FROM aps_packages WHERE id = '.$this->db->quote($id).';'); global $app; $pkg = $app->db->queryOneRecord('SELECT * FROM aps_packages WHERE id = '.$app->db->quote($id).';'); // Load in meta file if existing and register its namespaces $metafile = $this->interface_pkg_dir.'/'.$pkg['path'].'/APP-META.xml'; server/lib/classes/aps_base.inc.php
@@ -43,9 +43,6 @@ class ApsBase { protected $app = null; protected $db = null; protected $log_prefix = ''; protected $fetch_url = ''; protected $aps_version = ''; @@ -63,9 +60,6 @@ */ public function __construct($app, $log_prefix = 'APS: ', $interface_mode = false) { $this->db = $app->db; $this->app = $app; $this->log_prefix = $log_prefix; $this->interface_mode = $interface_mode; $this->fetch_url = 'apscatalog.com'; server/lib/classes/aps_installer.inc.php
@@ -63,6 +63,7 @@ */ private function checkRequirements() { global $app; try { // Check if exec() is not disabled @@ -76,7 +77,7 @@ } catch(Exception $e) { $this->app->log('Aborting execution because '.$e->getMessage()); $app->log('Aborting execution because '.$e->getMessage()); return false; } } @@ -242,20 +243,22 @@ */ private function prepareLocation($task) { global $app; // Get the domain name to use for the installation // Would be possible in one query too, but we use 2 for easier debugging $main_domain = $this->app->db->queryOneRecord("SELECT value FROM aps_instances_settings WHERE name = 'main_domain' AND instance_id = '".$this->db->quote($task['instance_id'])."';"); $main_domain = $app->db->queryOneRecord("SELECT value FROM aps_instances_settings WHERE name = 'main_domain' AND instance_id = '".$app->db->quote($task['instance_id'])."';"); $this->domain = $main_domain['value']; // Get the document root $domain_res = $this->app->db->queryOneRecord("SELECT document_root FROM web_domain WHERE domain = '".$this->db->quote($this->domain)."';"); $domain_res = $app->db->queryOneRecord("SELECT document_root FROM web_domain WHERE domain = '".$app->db->quote($this->domain)."';"); $this->document_root = $domain_res['document_root']; // Get the sub location $location_res = $this->app->dbmaster->queryOneRecord("SELECT value FROM aps_instances_settings WHERE name = 'main_location' AND instance_id = '".$this->db->quote($task['instance_id'])."';"); $location_res = $app->dbmaster->queryOneRecord("SELECT value FROM aps_instances_settings WHERE name = 'main_location' AND instance_id = '".$app->db->quote($task['instance_id'])."';"); $this->sublocation = $location_res['value']; // Make sure the document_root ends with / @@ -285,6 +288,8 @@ */ private function prepareDatabase($task, $sxe) { global $app; $db_id = parent::getXPathValue($sxe, '//db:id'); if(empty($db_id)) return; // No database needed @@ -292,14 +297,14 @@ // Set the database owner to the domain owner // ISPConfig identifies the owner by the sys_groupid (not sys_userid!) // so sys_userid can be set to any value $perm = $this->app->db->queryOneRecord("SELECT sys_groupid, server_id FROM web_domain $perm = $app->db->queryOneRecord("SELECT sys_groupid, server_id FROM web_domain WHERE domain = '".$this->domain."';"); $task['sys_groupid'] = $perm['sys_groupid']; $serverid = $perm['server_id']; // Get the database prefix and db user prefix $this->app->uses('getconf'); $global_config = $this->app->getconf->get_global_config('sites'); $app->uses('getconf'); $global_config = $app->getconf->get_global_config('sites'); $dbname_prefix = str_replace('[CLIENTID]', '', $global_config['dbname_prefix']); $dbuser_prefix = str_replace('[CLIENTID]', '', $global_config['dbuser_prefix']); $this->dbhost = DB_HOST; // Taken from config.inc.php @@ -307,47 +312,47 @@ $this->newdb_name = $dbname_prefix.$task['CustomerID'].'aps'.$task['InstanceID']; $this->newdb_user = $dbuser_prefix.$task['CustomerID'].'aps'.$task['InstanceID']; $dbpw_res = $this->app->dbmaster->queryOneRecord("SELECT Value FROM aps_instances_settings WHERE Name = 'main_database_password' AND InstanceID = '".$this->db->quote($task['InstanceID'])."';"); $dbpw_res = $app->dbmaster->queryOneRecord("SELECT Value FROM aps_instances_settings WHERE Name = 'main_database_password' AND InstanceID = '".$app->db->quote($task['InstanceID'])."';"); $newdb_pw = $dbpw_res['Value']; // In any case delete an existing database (install and removal procedure) $this->db->query('DROP DATABASE IF EXISTS `'.$this->db->quote($this->newdb_name).'`;'); $app->db->query('DROP DATABASE IF EXISTS `'.$app->db->quote($this->newdb_name).'`;'); // Delete an already existing database with this name $this->app->dbmaster->query("DELETE FROM web_database WHERE database_name = '".$this->db->quote($this->newdb_name)."';"); $app->dbmaster->query("DELETE FROM web_database WHERE database_name = '".$app->db->quote($this->newdb_name)."';"); // Create the new database and assign it to a user if($this->handle_type == 'install') { $this->db->query('CREATE DATABASE IF NOT EXISTS `'.$this->db->quote($this->newdb_name).'`;'); $this->db->query('GRANT ALL PRIVILEGES ON '.$this->db->quote($this->newdb_name).'.* TO '.$this->db->quote($this->newdb_user).'@'.$this->db->quote($this->dbhost).' IDENTIFIED BY \'password\';'); $this->db->query('SET PASSWORD FOR '.$this->db->quote($this->newdb_user).'@'.$this->db->quote($this->dbhost).' = PASSWORD(\''.$newdb_pw.'\');'); $this->db->query('FLUSH PRIVILEGES;'); $app->db->query('CREATE DATABASE IF NOT EXISTS `'.$app->db->quote($this->newdb_name).'`;'); $app->db->query('GRANT ALL PRIVILEGES ON '.$app->db->quote($this->newdb_name).'.* TO '.$app->db->quote($this->newdb_user).'@'.$app->db->quote($this->dbhost).' IDENTIFIED BY \'password\';'); $app->db->query('SET PASSWORD FOR '.$app->db->quote($this->newdb_user).'@'.$app->db->quote($this->dbhost).' = PASSWORD(\''.$newdb_pw.'\');'); $app->db->query('FLUSH PRIVILEGES;'); // Add the new database to the customer databases // Assumes: charset = utf8 $this->app->dbmaster->query('INSERT INTO web_database (sys_userid, sys_groupid, sys_perm_user, sys_perm_group, sys_perm_other, server_id, $app->dbmaster->query('INSERT INTO web_database (sys_userid, sys_groupid, sys_perm_user, sys_perm_group, sys_perm_other, server_id, type, database_name, database_user, database_password, database_charset, remote_access, remote_ips, active) VALUES ('.$task['sys_userid'].', '.$task['sys_groupid'].', "'.$task['sys_perm_user'].'", "'.$task['sys_perm_group'].'", "'.$task['sys_perm_other'].'", '.$this->db->quote($serverid).', "mysql", "'.$this->db->quote($this->newdb_name).'", "'.$this->db->quote($this->newdb_user).'", "'.$this->db->quote($newdb_pw).'", "utf8", "n", "", "y");'); "'.$task['sys_perm_other'].'", '.$app->db->quote($serverid).', "mysql", "'.$app->db->quote($this->newdb_name).'", "'.$app->db->quote($this->newdb_user).'", "'.$app->db->quote($newdb_pw).'", "utf8", "n", "", "y");'); } */ $mysqlver_res = $this->app->db->queryOneRecord('SELECT VERSION() as ver;'); $mysqlver_res = $app->db->queryOneRecord('SELECT VERSION() as ver;'); $mysqlver = $mysqlver_res['ver']; $tmp = $this->app->dbmaster->queryOneRecord("SELECT value FROM aps_instances_settings WHERE name = 'main_database_password' AND instance_id = '".$this->db->quote($task['instance_id'])."';"); $tmp = $app->dbmaster->queryOneRecord("SELECT value FROM aps_instances_settings WHERE name = 'main_database_password' AND instance_id = '".$app->db->quote($task['instance_id'])."';"); $newdb_pw = $tmp['value']; $tmp = $this->app->dbmaster->queryOneRecord("SELECT value FROM aps_instances_settings WHERE name = 'main_database_host' AND instance_id = '".$this->db->quote($task['instance_id'])."';"); $tmp = $app->dbmaster->queryOneRecord("SELECT value FROM aps_instances_settings WHERE name = 'main_database_host' AND instance_id = '".$app->db->quote($task['instance_id'])."';"); $newdb_host = $tmp['value']; $tmp = $this->app->dbmaster->queryOneRecord("SELECT value FROM aps_instances_settings WHERE name = 'main_database_name' AND instance_id = '".$this->db->quote($task['instance_id'])."';"); $tmp = $app->dbmaster->queryOneRecord("SELECT value FROM aps_instances_settings WHERE name = 'main_database_name' AND instance_id = '".$app->db->quote($task['instance_id'])."';"); $newdb_name = $tmp['value']; $tmp = $this->app->dbmaster->queryOneRecord("SELECT value FROM aps_instances_settings WHERE name = 'main_database_login' AND instance_id = '".$this->db->quote($task['instance_id'])."';"); $tmp = $app->dbmaster->queryOneRecord("SELECT value FROM aps_instances_settings WHERE name = 'main_database_login' AND instance_id = '".$app->db->quote($task['instance_id'])."';"); $newdb_login = $tmp['value']; $this->putenv[] = 'DB_'.$db_id.'_TYPE=mysql'; @@ -368,6 +373,8 @@ */ private function prepareFiles($task, $sxe) { global $app; // Basically set the mapping for APS version 1.0, if not available -> newer way $mapping = $sxe->mapping; $mapping_path = $sxe->mapping['path']; @@ -409,10 +416,10 @@ $this->processMappings($mapping, $mapping_url, $this->local_installpath); // Set the appropriate file owner $main_domain = $this->app->db->queryOneRecord("SELECT value FROM aps_instances_settings WHERE name = 'main_domain' AND instance_id = '".$this->db->quote($task['instance_id'])."';"); $owner_res = $this->db->queryOneRecord("SELECT system_user, system_group FROM web_domain WHERE domain = '".$this->db->quote($main_domain['value'])."';"); $main_domain = $app->db->queryOneRecord("SELECT value FROM aps_instances_settings WHERE name = 'main_domain' AND instance_id = '".$app->db->quote($task['instance_id'])."';"); $owner_res = $app->db->queryOneRecord("SELECT system_user, system_group FROM web_domain WHERE domain = '".$app->db->quote($main_domain['value'])."';"); $this->file_owner_user = $owner_res['system_user']; $this->file_owner_group = $owner_res['system_group']; exec('chown -R '.$this->file_owner_user.':'.$this->file_owner_group.' '.escapeshellarg($this->local_installpath)); @@ -420,9 +427,9 @@ } catch(Exception $e) { $this->app->dbmaster->query('UPDATE aps_instances SET instance_status = "'.INSTANCE_ERROR.'" WHERE id = "'.$this->db->quote($task['instance_id']).'";'); $this->app->log($e->getMessage()); $app->dbmaster->query('UPDATE aps_instances SET instance_status = "'.INSTANCE_ERROR.'" WHERE id = "'.$app->db->quote($task['instance_id']).'";'); $app->log($e->getMessage()); return false; } @@ -436,8 +443,10 @@ */ private function prepareUserInputData($task) { $userdata = $this->app->dbmaster->queryAllRecords("SELECT name, value FROM aps_instances_settings WHERE instance_id = '".$this->db->quote($task['instance_id'])."';"); global $app; $userdata = $app->dbmaster->queryAllRecords("SELECT name, value FROM aps_instances_settings WHERE instance_id = '".$app->db->quote($task['instance_id'])."';"); if(empty($userdata)) return false; foreach($userdata as $data) @@ -510,6 +519,8 @@ */ private function doInstallation($task, $sxe) { global $app; try { // Check if the install directory exists @@ -546,15 +557,15 @@ // The install succeeded, chown newly created files too exec('chown -R '.$this->file_owner_user.':'.$this->file_owner_group.' '.escapeshellarg($this->local_installpath)); $this->app->dbmaster->query('UPDATE aps_instances SET instance_status = "'.INSTANCE_SUCCESS.'" WHERE id = "'.$this->db->quote($task['instance_id']).'";'); $app->dbmaster->query('UPDATE aps_instances SET instance_status = "'.INSTANCE_SUCCESS.'" WHERE id = "'.$app->db->quote($task['instance_id']).'";'); } } catch(Exception $e) { $this->app->dbmaster->query('UPDATE aps_instances SET instance_status = "'.INSTANCE_ERROR.'" WHERE id = "'.$this->db->quote($task['instance_id']).'";'); $this->app->log($e->getMessage()); $app->dbmaster->query('UPDATE aps_instances SET instance_status = "'.INSTANCE_ERROR.'" WHERE id = "'.$app->db->quote($task['instance_id']).'";'); $app->log($e->getMessage()); return false; } @@ -581,18 +592,20 @@ */ public function installHandler($instanceid, $type) { global $app; // Set the given handle type, currently supported: install, delete if($type == 'install' || $type == 'delete') $this->handle_type = $type; else return false; // Get all instance metadata /* $task = $this->app->db->queryOneRecord("SELECT * FROM aps_instances AS i $task = $app->db->queryOneRecord("SELECT * FROM aps_instances AS i INNER JOIN aps_packages AS p ON i.package_id = p.id INNER JOIN client AS c ON i.customer_id = c.client_id WHERE i.id = ".$instanceid.";"); */ $task = $this->app->db->queryOneRecord("SELECT * FROM aps_instances AS i $task = $app->db->queryOneRecord("SELECT * FROM aps_instances AS i INNER JOIN aps_packages AS p ON i.package_id = p.id WHERE i.id = ".$instanceid.";"); if(!$task) return false; // formerly: throw new Exception('The InstanceID doesn\'t exist.'); @@ -609,7 +622,7 @@ curl_setopt($ch, CURLOPT_TIMEOUT, 0); curl_setopt($ch, CURLOPT_FAILONERROR, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); if(curl_exec($ch) === false) $this->app->log(curl_error ($ch),LOGLEVEL_DEBUG); if(curl_exec($ch) === false) $app->log(curl_error ($ch),LOGLEVEL_DEBUG); fclose($fh); curl_close($ch); } @@ -631,9 +644,9 @@ // Check if the meta file is existing if(!$metafile) { $this->app->dbmaster->query('UPDATE aps_instances SET instance_status = "'.INSTANCE_ERROR.'" WHERE id = "'.$this->db->quote($task['instance_id']).'";'); $this->app->log('Unable to find the meta data file of package '.$task['path']); $app->dbmaster->query('UPDATE aps_instances SET instance_status = "'.INSTANCE_ERROR.'" WHERE id = "'.$app->db->quote($task['instance_id']).'";'); $app->log('Unable to find the meta data file of package '.$task['path']); return false; } @@ -665,8 +678,8 @@ // Finally delete the instance entry + settings if($this->handle_type == 'delete') { $this->app->dbmaster->query('DELETE FROM aps_instances WHERE id = "'.$this->db->quote($task['instance_id']).'";'); $this->app->dbmaster->query('DELETE FROM aps_instances_settings WHERE instance_id = "'.$this->db->quote($task['instance_id']).'";'); $app->dbmaster->query('DELETE FROM aps_instances WHERE id = "'.$app->db->quote($task['instance_id']).'";'); $app->dbmaster->query('DELETE FROM aps_instances_settings WHERE instance_id = "'.$app->db->quote($task['instance_id']).'";'); } unset($sxe);
