From 9edea9976bd605071e0694a90d704266c0b7e0f9 Mon Sep 17 00:00:00 2001
From: Till Brehm <tbrehm@ispconfig.org>
Date: Thu, 14 Aug 2014 11:30:03 -0400
Subject: [PATCH] - Added warning in the interface when a path for a shelluser is set that is outside of the website docroot. - Added security settings feature to allow the root user of a server to control most aspects of whet the admin user of the controlpanel is allowed to do in system settings. This is especially useful for managed severs where the ispconfig admin user and the root user of the server are different persons.
---
interface/web/admin/system_config_edit.php | 156 ++++++++++++++++++++++++++++++++++++++++++++--------
1 files changed, 132 insertions(+), 24 deletions(-)
diff --git a/interface/web/admin/system_config_edit.php b/interface/web/admin/system_config_edit.php
index 62ffef5..7d872fa 100644
--- a/interface/web/admin/system_config_edit.php
+++ b/interface/web/admin/system_config_edit.php
@@ -1,6 +1,6 @@
<?php
/*
-Copyright (c) 2008, Till Brehm, projektfarm Gmbh
+Copyright (c) 2008-2010, Till Brehm, projektfarm Gmbh
All rights reserved.
Redistribution and use in source and binary forms, with or without modification,
@@ -38,60 +38,168 @@
* End Form configuration
******************************************/
-require_once('../../lib/config.inc.php');
-require_once('../../lib/app.inc.php');
+require_once '../../lib/config.inc.php';
+require_once '../../lib/app.inc.php';
//* Check permissions for module
$app->auth->check_module_permissions('admin');
+$app->auth->check_security_permissions('admin_allow_system_config');
// Loading classes
$app->uses('tpl,tform,tform_actions');
$app->load('tform_actions');
class page_action extends tform_actions {
-
+
+ //var $_js_changed = false;
+
function onShowEdit() {
global $app, $conf;
-
+
if($_SESSION["s"]["user"]["typ"] != 'admin') die('This function needs admin priveliges');
-
+
if($app->tform->errorMessage == '') {
$app->uses('ini_parser,getconf');
-
+
$section = $this->active_tab;
$server_id = $this->id;
-
+
$this->dataRecord = $app->getconf->get_global_config($section);
+ if ($section == 'domains'){
+ if (isset($this->dataRecord['use_domain_module'])){
+ $_SESSION['use_domain_module_old_value'] = $this->dataRecord['use_domain_module'];
+ }
+ }
}
-
- $record = $app->tform->getHTML($this->dataRecord, $this->active_tab,'EDIT');
-
+
+ $record = $app->tform->getHTML($this->dataRecord, $this->active_tab, 'EDIT');
+
$record['warning'] = $app->tform->lng('warning');
$record['id'] = $this->id;
$app->tpl->setVar($record);
}
-
- function onUpdateSave($sql) {
+
+ function onShowEnd() {
+ global $app, $conf;
+
+ // available dashlets
+ $available_dashlets_txt = '';
+ $handle = @opendir(ISPC_WEB_PATH.'/dashboard/dashlets');
+ while ($file = @readdir($handle)) {
+ if ($file != '.' && $file != '..' && !is_dir($file)) {
+ $available_dashlets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.substr($file, 0, -4).']<pre class="addPlaceholderContent" style="display:none;">['.substr($file, 0, -4).'],</pre></a> ';
+ }
+ }
+
+ if($available_dashlets_txt == '') $available_dashlets_txt = '------';
+ $app->tpl->setVar("available_dashlets_txt", $available_dashlets_txt);
+
+ parent::onShowEnd();
+ }
+
+ function onSubmit() {
global $app;
-
+
+ $app->uses('ini_parser,getconf');
+
+ $section = $app->tform->getCurrentTab();
+
+ $server_config_array = $app->getconf->get_global_config();
+ $new_config = $app->tform->encode($this->dataRecord, $section);
+ if($section == 'mail') {
+ if($new_config['smtp_pass'] == '') $new_config['smtp_pass'] = $server_config_array['smtp_pass'];
+ if($new_config['smtp_enabled'] == 'y' && ($new_config['admin_mail'] == '' || $new_config['admin_name'] == '')) {
+ $app->tform->errorMessage .= $app->tform->lng("smtp_missing_admin_mail_txt");
+ }
+ }
+
+ parent::onSubmit();
+ }
+
+ function onUpdateSave($sql) {
+ global $app, $conf;
+
if($_SESSION["s"]["user"]["typ"] != 'admin') die('This function needs admin priveliges');
$app->uses('ini_parser,getconf');
-
+
$section = $app->tform->getCurrentTab();
- $server_id = $this->id;
-
- $server_config_array = $app->getconf->get_global_config($server_id);
- $server_config_array[$section] = $app->tform->encode($this->dataRecord,$section);
+
+ $server_config_array = $app->getconf->get_global_config();
+
+ foreach($app->tform->formDef['tabs'][$section]['fields'] as $key => $field) {
+ if ($field['formtype'] == 'CHECKBOX') {
+ if($this->dataRecord[$key] == '') {
+ // if a checkbox is not set, we set it to the unchecked value
+ $this->dataRecord[$key] = $field['value'][0];
+ }
+ }
+ }
+
+ /*
+ if((isset($this->dataRecord['use_loadindicator']) && $this->dataRecord['use_loadindicator'] != $server_config_array[$section]['use_loadindicator']) || (isset($this->dataRecord['use_combobox']) && $this->dataRecord['use_combobox'] != $server_config_array[$section]['use_combobox'])){
+ $this->_js_changed = true;
+ }
+ */
+
+ $new_config = $app->tform->encode($this->dataRecord, $section);
+ if($section == 'sites' && $new_config['vhost_subdomains'] != 'y' && $server_config_array['sites']['vhost_subdomains'] == 'y') {
+ // check for existing vhost subdomains, if found the mode cannot be disabled
+ $check = $app->db->queryOneRecord("SELECT COUNT(*) as `cnt` FROM `web_domain` WHERE `type` = 'vhostsubdomain'");
+ if($check['cnt'] > 0) {
+ $new_config['vhost_subdomains'] = 'y';
+ }
+ } elseif($section == 'mail') {
+ if($new_config['smtp_pass'] == '') $new_config['smtp_pass'] = $server_config_array['mail']['smtp_pass'];
+ } elseif($section == 'misc' && $new_config['session_timeout'] != $server_config_array['misc']['session_timeout']) {
+ $app->conf('interface', 'session_timeout', intval($new_config['session_timeout']));
+ }
+ $server_config_array[$section] = $new_config;
$server_config_str = $app->ini_parser->get_ini_string($server_config_array);
-
- $sql = "UPDATE sys_ini SET config = '".$app->db->quote($server_config_str)."' WHERE sysini_id = 1";
- $app->db->query($sql);
+
+ //$sql = "UPDATE sys_ini SET config = '".$app->db->quote($server_config_str)."' WHERE sysini_id = 1";
+ //if($conf['demo_mode'] != true) $app->db->query($sql);
+ if($conf['demo_mode'] != true) $app->db->datalogUpdate('sys_ini', "config = '".$app->db->quote($server_config_str)."'", 'sysini_id', 1);
+
+ /*
+ * If we should use the domain-module, we have to insert all existing domains into the table
+ * (only the first time!)
+ */
+ if (($section == 'domains') &&
+ ($_SESSION['use_domain_module_old_value'] == '') &&
+ ($server_config_array['domains']['use_domain_module'] == 'y')){
+ $sql = "REPLACE INTO domain (sys_userid, sys_groupid, sys_perm_user, sys_perm_group, sys_perm_other, domain ) " .
+ "SELECT sys_userid, sys_groupid, sys_perm_user, sys_perm_group, sys_perm_other, domain " .
+ "FROM mail_domain";
+ $app->db->query($sql);
+ $sql = "REPLACE INTO domain (sys_userid, sys_groupid, sys_perm_user, sys_perm_group, sys_perm_other, domain ) " .
+ "SELECT sys_userid, sys_groupid, sys_perm_user, sys_perm_group, sys_perm_other, domain " .
+ "FROM web_domain WHERE type NOT IN ('subdomain','vhostsubdomain')";
+ $app->db->query($sql);
+ }
+
+ // Maintenance mode
+ if($server_config_array['misc']['maintenance_mode'] == 'y'){
+ //print_r($_SESSION);
+ //echo $_SESSION['s']['id'];
+ $app->db->query("DELETE FROM sys_session WHERE session_id != '".$app->db->quote($_SESSION['s']['id'])."'");
+ }
}
-
+
+ /*
+ function onAfterUpdate() {
+ if($this->_js_changed == true) {
+ // not the best way, but it works
+ header('Content-Type: text/html');
+ print '<script type="text/javascript">document.location.reload(true);</script>';
+ exit;
+ }
+ }
+ */
+
}
$app->tform_actions = new page_action;
$app->tform_actions->onLoad();
-?>
\ No newline at end of file
+?>
--
Gitblit v1.9.1