From b283f9c3b2d16e6c29eaf5240607f21c580ce8d2 Mon Sep 17 00:00:00 2001
From: Falko Timme <ft@falkotimme.com>
Date: Wed, 30 Apr 2014 04:26:25 -0400
Subject: [PATCH] - Re-enabled "Remember Password"- function on login screen.
---
interface/web/sites/web_domain_edit.php | 87 ++++++++++++++++++++++++++++++-------------
1 files changed, 61 insertions(+), 26 deletions(-)
diff --git a/interface/web/sites/web_domain_edit.php b/interface/web/sites/web_domain_edit.php
index 11b5f9b..990e8cd 100644
--- a/interface/web/sites/web_domain_edit.php
+++ b/interface/web/sites/web_domain_edit.php
@@ -183,7 +183,7 @@
unset($tmp);
// Fill the client select field
- $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$client['client_id']." ORDER BY sys_group.name";
+ $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$client['client_id']." ORDER BY client.company_name, client.contact_name, sys_group.name";
$records = $app->db->queryAllRecords($sql);
$tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$app->functions->intval($client['client_id']));
$client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';
@@ -313,7 +313,7 @@
unset($ips);
// Fill the client select field
- $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.client_id > 0 ORDER BY sys_group.name";
+ $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.client_id > 0 ORDER BY client.company_name, client.contact_name, sys_group.name";
$clients = $app->db->queryAllRecords($sql);
$client_select = "<option value='0'></option>";
//$tmp_data_record = $app->tform->getDataRecord($this->id);
@@ -518,20 +518,20 @@
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
$client = $app->db->queryOneRecord("SELECT limit_traffic_quota, limit_web_domain, default_webserver, parent_client_id, limit_web_quota, client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
- if($client['limit_cgi'] != 'y') $this->dataRecord['cgi'] = '-';
- if($client['limit_ssi'] != 'y') $this->dataRecord['ssi'] = '-';
- if($client['limit_perl'] != 'y') $this->dataRecord['perl'] = '-';
- if($client['limit_ruby'] != 'y') $this->dataRecord['ruby'] = '-';
- if($client['limit_python'] != 'y') $this->dataRecord['python'] = '-';
+ if($client['limit_cgi'] != 'y') $this->dataRecord['cgi'] = 'n';
+ if($client['limit_ssi'] != 'y') $this->dataRecord['ssi'] = 'n';
+ if($client['limit_perl'] != 'y') $this->dataRecord['perl'] = 'n';
+ if($client['limit_ruby'] != 'y') $this->dataRecord['ruby'] = 'n';
+ if($client['limit_python'] != 'y') $this->dataRecord['python'] = 'n';
if($client['force_suexec'] == 'y') $this->dataRecord['suexec'] = 'y';
- if($client['limit_hterror'] != 'y') $this->dataRecord['errordocs'] = '-';
- if($client['limit_wildcard'] != 'y' && $this->dataRecord['subdomain'] == '*') $this->dataRecord['subdomain'] = '-';
- if($client['limit_ssl'] != 'y') $this->dataRecord['ssl'] = '-';
+ if($client['limit_hterror'] != 'y') $this->dataRecord['errordocs'] = 'n';
+ if($client['limit_wildcard'] != 'y' && $this->dataRecord['subdomain'] == '*') $this->dataRecord['subdomain'] = 'n';
+ if($client['limit_ssl'] != 'y') $this->dataRecord['ssl'] = 'n';
// only generate quota and traffic warnings if value has changed
if($this->id > 0) {
$old_web_values = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($this->id));
- } else {
+ } else {
$old_web_values = array();
}
@@ -611,15 +611,15 @@
$this->dataRecord["server_id"] = $tmp["server_id"];
// set the settings to current if not provided (or cleared due to limits)
- if($this->dataRecord['cgi'] == '-') $this->dataRecord['cgi'] = $tmp['cgi'];
- if($this->dataRecord['ssi'] == '-') $this->dataRecord['ssi'] = $tmp['ssi'];
- if($this->dataRecord['perl'] == '-') $this->dataRecord['perl'] = $tmp['perl'];
- if($this->dataRecord['ruby'] == '-') $this->dataRecord['ruby'] = $tmp['ruby'];
- if($this->dataRecord['python'] == '-') $this->dataRecord['python'] = $tmp['python'];
- if($this->dataRecord['suexec'] == '-') $this->dataRecord['suexec'] = $tmp['suexec'];
- if($this->dataRecord['errordocs'] == '-') $this->dataRecord['errordocs'] = $tmp['errordocs'];
- if($this->dataRecord['subdomain'] == '-') $this->dataRecord['subdomain'] = $tmp['subdomain'];
- if($this->dataRecord['ssl'] == '-') $this->dataRecord['ssl'] = $tmp['ssl'];
+ if($this->dataRecord['cgi'] == 'n') $this->dataRecord['cgi'] = $tmp['cgi'];
+ if($this->dataRecord['ssi'] == 'n') $this->dataRecord['ssi'] = $tmp['ssi'];
+ if($this->dataRecord['perl'] == 'n') $this->dataRecord['perl'] = $tmp['perl'];
+ if($this->dataRecord['ruby'] == 'n') $this->dataRecord['ruby'] = $tmp['ruby'];
+ if($this->dataRecord['python'] == 'n') $this->dataRecord['python'] = $tmp['python'];
+ if($this->dataRecord['suexec'] == 'n') $this->dataRecord['suexec'] = $tmp['suexec'];
+ if($this->dataRecord['errordocs'] == 'n') $this->dataRecord['errordocs'] = $tmp['errordocs'];
+ if($this->dataRecord['subdomain'] == 'n') $this->dataRecord['subdomain'] = $tmp['subdomain'];
+ if($this->dataRecord['ssl'] == 'n') $this->dataRecord['ssl'] = $tmp['ssl'];
unset($tmp);
// When the record is inserted
@@ -691,6 +691,9 @@
if(trim($rewrite_rule_line) == '') continue;
// rewrite
if(preg_match('@^\s*rewrite\s+(^/)?\S+(\$)?\s+\S+(\s+(last|break|redirect|permanent|))?\s*;\s*$@', $rewrite_rule_line)) continue;
+ if(preg_match('@^\s*rewrite\s+(^/)?(\'[^\']+\'|"[^"]+")+(\$)?\s+(\'[^\']+\'|"[^"]+")+(\s+(last|break|redirect|permanent|))?\s*;\s*$@', $rewrite_rule_line)) continue;
+ if(preg_match('@^\s*rewrite\s+(^/)?(\'[^\']+\'|"[^"]+")+(\$)?\s+\S+(\s+(last|break|redirect|permanent|))?\s*;\s*$@', $rewrite_rule_line)) continue;
+ if(preg_match('@^\s*rewrite\s+(^/)?\S+(\$)?\s+(\'[^\']+\'|"[^"]+")+(\s+(last|break|redirect|permanent|))?\s*;\s*$@', $rewrite_rule_line)) continue;
// if
if(preg_match('@^\s*if\s+\(\s*\$\S+(\s+(\!?(=|~|~\*))\s+(\S+|\".+\"))?\s*\)\s*\{\s*$@', $rewrite_rule_line)){
$if_level += 1;
@@ -724,6 +727,35 @@
if(!$rewrites_are_valid || $if_level != 0){
$app->tform->errorMessage .= $app->tform->lng("invalid_rewrite_rules_txt").'<br>';
+ }
+ }
+
+ // check custom php.ini settings
+ if(isset($this->dataRecord['custom_php_ini']) && trim($this->dataRecord['custom_php_ini']) != '') {
+ $custom_php_ini_settings = trim($this->dataRecord['custom_php_ini']);
+ $custom_php_ini_settings_are_valid = true;
+ // Make sure we only have Unix linebreaks
+ $custom_php_ini_settings = str_replace("\r\n", "\n", $custom_php_ini_settings);
+ $custom_php_ini_settings = str_replace("\r", "\n", $custom_php_ini_settings);
+ $custom_php_ini_settings_lines = explode("\n", $custom_php_ini_settings);
+ if(is_array($custom_php_ini_settings_lines) && !empty($custom_php_ini_settings_lines)){
+ foreach($custom_php_ini_settings_lines as $custom_php_ini_settings_line){
+ if(trim($custom_php_ini_settings_line) == '') continue;
+ if(substr(trim($custom_php_ini_settings_line),0,1) == ';') continue;
+ // empty value
+ if(preg_match('@^\s*;*\s*[a-zA-Z0-9._]*\s*=\s*;*\s*$@', $custom_php_ini_settings_line)) continue;
+ // value inside ""
+ if(preg_match('@^\s*;*\s*[a-zA-Z0-9._]*\s*=\s*".*"\s*;*\s*$@', $custom_php_ini_settings_line)) continue;
+ // value inside ''
+ if(preg_match('@^\s*;*\s*[a-zA-Z0-9._]*\s*=\s*\'.*\'\s*;*\s*$@', $custom_php_ini_settings_line)) continue;
+ // everything else
+ if(preg_match('@^\s*;*\s*[a-zA-Z0-9._]*\s*=\s*[-a-zA-Z0-9~&=_\@/,.#\s]*\s*;*\s*$@', $custom_php_ini_settings_line)) continue;
+ $custom_php_ini_settings_are_valid = false;
+ break;
+ }
+ }
+ if(!$custom_php_ini_settings_are_valid){
+ $app->tform->errorMessage .= $app->tform->lng("invalid_custom_php_ini_settings_txt").'<br>';
}
}
@@ -871,6 +903,9 @@
$client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = ".$app->functions->intval($client_group_id));
$client_id = $app->functions->intval($client["client_id"]);
}
+
+ $tmp = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE default_group = $client_group_id");
+ $client_user_id = $app->functions->intval(($tmp['userid'] > 0)?$tmp['userid']:1);
if(($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) && isset($this->dataRecord["client_group_id"]) && $this->dataRecord["client_group_id"] != $this->oldDataRecord["sys_groupid"]) {
// Set the values for document_root, system_user and system_group
@@ -883,14 +918,14 @@
$document_root = str_replace("[client_idhash_4]", $this->id_hash($client_id, 4), $document_root);
$document_root = $app->db->quote($document_root);
- $sql = "UPDATE web_domain SET system_user = '$system_user', system_group = '$system_group', document_root = '$document_root' WHERE domain_id = ".$this->id;
+ $sql = "UPDATE web_domain SET sys_userid = '$client_user_id' ,system_user = '$system_user', system_group = '$system_group', document_root = '$document_root' WHERE domain_id = ".$this->id;
//$sql = "UPDATE web_domain SET system_user = '$system_user', system_group = '$system_group' WHERE domain_id = ".$this->id;
$app->db->query($sql);
// Update the FTP user(s) too
$records = $app->db->queryAllRecords("SELECT ftp_user_id FROM ftp_user WHERE parent_domain_id = ".$this->id);
foreach($records as $rec) {
- $app->db->datalogUpdate('ftp_user', "sys_userid = '".$app->functions->intval($web_rec['sys_userid'])."', sys_groupid = '".$app->functions->intval($web_rec['sys_groupid'])."', uid = '$system_user', gid = '$system_group', dir = '$document_root'", 'ftp_user_id', $app->functions->intval($rec['ftp_user_id']));
+ $app->db->datalogUpdate('ftp_user', "sys_userid = '".$app->functions->intval($client_user_id)."', sys_groupid = '".$app->functions->intval($web_rec['sys_groupid'])."', uid = '$system_user', gid = '$system_group', dir = '$document_root'", 'ftp_user_id', $app->functions->intval($rec['ftp_user_id']));
}
unset($records);
unset($rec);
@@ -898,7 +933,7 @@
// Update the Shell user(s) too
$records = $app->db->queryAllRecords("SELECT shell_user_id FROM shell_user WHERE parent_domain_id = ".$this->id);
foreach($records as $rec) {
- $app->db->datalogUpdate('shell_user', "sys_userid = '".$web_rec['sys_userid']."', sys_groupid = '".$web_rec['sys_groupid']."', puser = '$system_user', pgroup = '$system_group', dir = '$document_root'", 'shell_user_id', $app->functions->intval($rec['shell_user_id']));
+ $app->db->datalogUpdate('shell_user', "sys_userid = '".$client_user_id."', sys_groupid = '".$web_rec['sys_groupid']."', puser = '$system_user', pgroup = '$system_group', dir = '$document_root'", 'shell_user_id', $app->functions->intval($rec['shell_user_id']));
}
unset($records);
unset($rec);
@@ -906,7 +941,7 @@
//* Update all subdomains and alias domains
$records = $app->db->queryAllRecords("SELECT domain_id, `domain`, `type`, `web_folder` FROM web_domain WHERE parent_domain_id = ".$this->id);
foreach($records as $rec) {
- $update_columns = "sys_userid = '".$web_rec['sys_userid']."', sys_groupid = '".$web_rec['sys_groupid']."'";
+ $update_columns = "sys_userid = '".$client_user_id."', sys_groupid = '".$web_rec['sys_groupid']."'";
if($rec['type'] == 'vhostsubdomain') {
$php_open_basedir = str_replace("[website_path]/web", $document_root.'/'.$rec['web_folder'], $web_config["php_open_basedir"]);
$php_open_basedir = str_replace("[website_domain]/web", $rec['domain'].'/'.$rec['web_folder'], $php_open_basedir);
@@ -923,7 +958,7 @@
//* Update all databases
$records = $app->db->queryAllRecords("SELECT database_id FROM web_database WHERE parent_domain_id = ".$this->id);
foreach($records as $rec) {
- $app->db->datalogUpdate('web_database', "sys_userid = '".$app->functions->intval($web_rec['sys_userid'])."', sys_groupid = '".$app->functions->intval($web_rec['sys_groupid'])."'", 'database_id', $app->functions->intval($rec['database_id']));
+ $app->db->datalogUpdate('web_database', "sys_userid = '".$app->functions->intval($client_user_id)."', sys_groupid = '".$app->functions->intval($web_rec['sys_groupid'])."'", 'database_id', $app->functions->intval($rec['database_id']));
}
unset($records);
unset($rec);
@@ -980,7 +1015,7 @@
//* Change database backup options when web backup options have been changed
if(isset($this->dataRecord['backup_interval']) && ($this->dataRecord['backup_interval'] != $this->oldDataRecord['backup_interval'] || $this->dataRecord['backup_copies'] != $this->oldDataRecord['backup_copies'])) {
//* Update all databases
- $backup_interval = $app->functions->intval($this->dataRecord['backup_interval']);
+ $backup_interval = $app->db->quote($this->dataRecord['backup_interval']);
$backup_copies = $app->functions->intval($this->dataRecord['backup_copies']);
$records = $app->db->queryAllRecords("SELECT database_id FROM web_database WHERE parent_domain_id = ".$this->id);
foreach($records as $rec) {
--
Gitblit v1.9.1