From d87f76019fc231ec20d95126a7fee0487e7be5f0 Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Tue, 14 Aug 2012 10:56:20 -0400
Subject: [PATCH] - Added new web folder named private to web folder layout. The folder is intended to store data that shall not be visible in the web directory, it is owned by the user of the web. - Changed ownership of web root directory to root user in all security modes to prevent symlink attacks. - Apache log files are now owned by user root. - Improved functions in system library.

---
 interface/lib/classes/aps_guicontroller.inc.php |   20 +++++++++++++++++---
 1 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/interface/lib/classes/aps_guicontroller.inc.php b/interface/lib/classes/aps_guicontroller.inc.php
index 0b4038f..8e86437 100644
--- a/interface/lib/classes/aps_guicontroller.inc.php
+++ b/interface/lib/classes/aps_guicontroller.inc.php
@@ -87,7 +87,7 @@
      */
     private function getCustomerIDFromDomain($domain)
     {
-        $customerid = '';
+        $customerid = 0;
         
         $customerdata = $this->db->queryOneRecord("SELECT client_id FROM sys_group, web_domain
             WHERE web_domain.sys_groupid = sys_group.groupid 
@@ -199,12 +199,14 @@
     {
 		global $app;
 		
+		include_once(ISPC_WEB_PATH.'/sites/tools.inc.php');
+		
 		$webserver_id = 0;
         $websrv = $this->db->queryOneRecord("SELECT * FROM web_domain WHERE domain = '".$this->db->quote($settings['main_domain'])."';");
         if(!empty($websrv)) $webserver_id = $websrv['server_id'];
         $customerid = $this->getCustomerIDFromDomain($settings['main_domain']);
         
-        if(empty($settings) || empty($customerid) || empty($webserver_id)) return false;
+        if(empty($settings) || empty($webserver_id)) return false;
 		
 		//* Get server config of the web server
 		$this->app->uses("getconf");
@@ -256,9 +258,11 @@
 				if($tmp['number'] == 0) break;
 			}
 			
+			$mysql_db_password = $settings['main_database_password'];
+			
 			//* Create the mysql database
 			$insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `parent_domain_id`, `type`, `database_name`, `database_user`, `database_password`, `database_charset`, `remote_access`, `remote_ips`, `backup_copies`, `active`, `backup_interval`) 
-					  VALUES( ".$websrv['sys_userid'].", ".$websrv['sys_groupid'].", 'riud', '".$websrv['sys_perm_group']."', '', $mysql_db_server_id, ".$websrv['domain_id'].", 'mysql', '$mysql_db_name', '$mysql_db_user', '$mysql_db_password', '', '$mysql_db_remote_access', '$mysql_db_remote_ips', ".$websrv['backup_copies'].", 'y', '".$websrv['backup_interval']."')";
+					  VALUES( ".$websrv['sys_userid'].", ".$websrv['sys_groupid'].", 'riud', '".$websrv['sys_perm_group']."', '', $mysql_db_server_id, ".$websrv['domain_id'].", 'mysql', '$mysql_db_name', '$mysql_db_user', PASSWORD('$mysql_db_password'), '', '$mysql_db_remote_access', '$mysql_db_remote_ips', ".$websrv['backup_copies'].", 'y', '".$websrv['backup_interval']."')";
 			$app->db->datalogInsert('web_database', $insert_data, 'database_id');
 			
 			//* Add db details to package settings
@@ -302,6 +306,11 @@
         $datalog = array('Instance_id' => $instanceid, 'server_id' => $webserver_id);
         $this->db->datalogSave('aps', 'DELETE', 'id', $instanceid, array(), $datalog);
 		*/
+		
+		$sql = "SELECT web_database.database_id as database_id FROM aps_instances_settings, web_database WHERE aps_instances_settings.value = web_database.database_name AND aps_instances_settings.value =  aps_instances_settings.name = 'main_database_name' AND aps_instances_settings.instance_id = ".$instanceid." LIMIT 0,1";
+		$tmp = $this->db->queryOneRecord($sql);
+		if($tmp['database_id'] > 0) $this->db->datalogDelete('web_database', 'database_id', $tmp['database_id']);
+		
 		$this->db->datalogUpdate('aps_instances', "instance_status = ".INSTANCE_REMOVE, 'id', $instanceid);
     }
     
@@ -323,6 +332,11 @@
         $datalog = array('instance_id' => $instanceid, 'server_id' => $webserver_id);
         $this->db->datalogSave('aps', 'INSERT', 'id', $instanceid, array(), $datalog);
 		*/
+		
+		$sql = "SELECT web_database.database_id as database_id FROM aps_instances_settings, web_database WHERE aps_instances_settings.value = web_database.database_name AND aps_instances_settings.value =  aps_instances_settings.name = 'main_database_name' AND aps_instances_settings.instance_id = ".$instanceid." LIMIT 0,1";
+		$tmp = $this->db->queryOneRecord($sql);
+		if($tmp['database_id'] > 0) $this->db->datalogDelete('web_database', 'database_id', $tmp['database_id']);
+		
 		$this->db->datalogUpdate('aps_instances', "instance_status = ".INSTANCE_INSTALL, 'id', $instanceid);
     }
 

--
Gitblit v1.9.1