From d87f76019fc231ec20d95126a7fee0487e7be5f0 Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Tue, 14 Aug 2012 10:56:20 -0400
Subject: [PATCH] - Added new web folder named private to web folder layout. The folder is intended to store data that shall not be visible in the web directory, it is owned by the user of the web. - Changed ownership of web root directory to root user in all security modes to prevent symlink attacks. - Apache log files are now owned by user root. - Improved functions in system library.
---
server/plugins-available/apache2_plugin.inc.php | 1502 ++++++++++++++++++++++++++++++++++++++++++++++++---------
1 files changed, 1,258 insertions(+), 244 deletions(-)
diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php
index f6161b9..6c72d29 100644
--- a/server/plugins-available/apache2_plugin.inc.php
+++ b/server/plugins-available/apache2_plugin.inc.php
@@ -35,6 +35,7 @@
// private variables
var $action = '';
+ var $ssl_certificate_changed = false;
//* This function is called during ispconfig installation to determine
// if a symlink shall be created for this plugin.
@@ -75,13 +76,38 @@
$app->plugins->registerEvent('webdav_user_insert',$this->plugin_name,'webdav');
$app->plugins->registerEvent('webdav_user_update',$this->plugin_name,'webdav');
$app->plugins->registerEvent('webdav_user_delete',$this->plugin_name,'webdav');
+
+ $app->plugins->registerEvent('client_delete',$this->plugin_name,'client_delete');
+
+ $app->plugins->registerEvent('web_folder_user_insert',$this->plugin_name,'web_folder_user');
+ $app->plugins->registerEvent('web_folder_user_update',$this->plugin_name,'web_folder_user');
+ $app->plugins->registerEvent('web_folder_user_delete',$this->plugin_name,'web_folder_user');
+
+ $app->plugins->registerEvent('web_folder_update',$this->plugin_name,'web_folder_update');
+ $app->plugins->registerEvent('web_folder_delete',$this->plugin_name,'web_folder_delete');
+
+ $app->plugins->registerEvent('ftp_user_delete',$this->plugin_name,'ftp_user_delete');
+
}
// Handle the creation of SSL certificates
function ssl($event_name,$data) {
global $app, $conf;
+
+ $app->uses('system');
- if(!is_dir($data['new']['document_root'].'/ssl')) exec('mkdir -p '.$data['new']['document_root'].'/ssl');
+ // load the server configuration options
+ $app->uses('getconf');
+ $web_config = $app->getconf->get_server_config($conf['server_id'], 'web');
+ if ($web_config['CA_path']!='' && !file_exists($web_config['CA_path'].'/openssl.cnf'))
+ $app->log("CA path error, file does not exist:".$web_config['CA_path'].'/openssl.conf',LOGLEVEL_ERROR);
+
+ //* Only vhosts can have a ssl cert
+ if($data["new"]["type"] != "vhost") return;
+
+ // if(!is_dir($data['new']['document_root'].'/ssl')) exec('mkdir -p '.$data['new']['document_root'].'/ssl');
+ if(!is_dir($data['new']['document_root'].'/ssl')) $app->system->mkdirpath($data['new']['document_root'].'/ssl');
+
$ssl_dir = $data['new']['document_root'].'/ssl';
$domain = $data['new']['ssl_domain'];
$key_file = $ssl_dir.'/'.$domain.'.key.org';
@@ -91,6 +117,15 @@
//* Create a SSL Certificate
if($data['new']['ssl_action'] == 'create') {
+
+ $this->ssl_certificate_changed = true;
+
+ //* Rename files if they exist
+ if(file_exists($key_file)) $app->system->rename($key_file,$key_file.'.bak');
+ if(file_exists($key_file2)) $app->system->rename($key_file2,$key_file2.'.bak');
+ if(file_exists($csr_file)) $app->system->rename($csr_file,$csr_file.'.bak');
+ if(file_exists($crt_file)) $app->system->rename($crt_file,$crt_file.'.bak');
+
$rand_file = $ssl_dir.'/random_file';
$rand_data = md5(uniqid(microtime(),1));
for($i=0; $i<1000; $i++) {
@@ -99,7 +134,7 @@
$rand_data .= md5(uniqid(microtime(),1));
$rand_data .= md5(uniqid(microtime(),1));
}
- file_put_contents($rand_file, $rand_data);
+ $app->system->file_put_contents($rand_file, $rand_data);
$ssl_password = substr(md5(uniqid(microtime(),1)), 0, 15);
@@ -114,11 +149,11 @@
output_password = $ssl_password
[ req_distinguished_name ]
- C = ".$data['new']['ssl_country']."
- ST = ".$data['new']['ssl_state']."
- L = ".$data['new']['ssl_locality']."
- O = ".$data['new']['ssl_organisation']."
- OU = ".$data['new']['ssl_organisation_unit']."
+ C = ".trim($data['new']['ssl_country'])."
+ ST = ".trim($data['new']['ssl_state'])."
+ L = ".trim($data['new']['ssl_locality'])."
+ O = ".trim($data['new']['ssl_organisation'])."
+ OU = ".trim($data['new']['ssl_organisation_unit'])."
CN = $domain
emailAddress = webmaster@".$data['new']['domain']."
@@ -126,7 +161,7 @@
challengePassword = A challenge password";
$ssl_cnf_file = $ssl_dir.'/openssl.conf';
- file_put_contents($ssl_cnf_file,$ssl_cnf);
+ $app->system->file_put_contents($ssl_cnf_file,$ssl_cnf);
$rand_file = escapeshellcmd($rand_file);
$key_file = escapeshellcmd($key_file);
@@ -136,16 +171,30 @@
$config_file = escapeshellcmd($ssl_cnf_file);
$crt_file = escapeshellcmd($crt_file);
- if(is_file($ssl_cnf_file)) {
- exec("openssl genrsa -des3 -rand $rand_file -passout pass:$ssl_password -out $key_file 2048 && openssl req -new -passin pass:$ssl_password -passout pass:$ssl_password -key $key_file -out $csr_file -days $ssl_days -config $config_file && openssl req -x509 -passin pass:$ssl_password -passout pass:$ssl_password -key $key_file -in $csr_file -out $crt_file -days $ssl_days -config $config_file && openssl rsa -passin pass:$ssl_password -in $key_file -out $key_file2");
- $app->log('Creating SSL Cert for: '.$domain,LOGLEVEL_DEBUG);
+ if(is_file($ssl_cnf_file) && !is_link($ssl_cnf_file)) {
+
+ exec("openssl genrsa -des3 -rand $rand_file -passout pass:$ssl_password -out $key_file 2048");
+ exec("openssl req -new -passin pass:$ssl_password -passout pass:$ssl_password -key $key_file -out $csr_file -days $ssl_days -config $config_file");
+ exec("openssl rsa -passin pass:$ssl_password -in $key_file -out $key_file2");
+
+ if(file_exists($web_config['CA_path'].'/openssl.cnf'))
+ {
+ exec("openssl ca -batch -out $crt_file -config ".$web_config['CA_path']."/openssl.cnf -passin pass:".$web_config['CA_pass']." -in $csr_file");
+ $app->log("Creating CA-signed SSL Cert for: $domain",LOGLEVEL_DEBUG);
+ if (filesize($crt_file)==0 || !file_exists($crt_file)) $app->log("CA-Certificate signing failed. openssl ca -out $crt_file -config ".$web_config['CA_path']."/openssl.cnf -passin pass:".$web_config['CA_pass']." -in $csr_file",LOGLEVEL_ERROR);
+ };
+ if (@filesize($crt_file)==0 || !file_exists($crt_file)){
+ exec("openssl req -x509 -passin pass:$ssl_password -passout pass:$ssl_password -key $key_file -in $csr_file -out $crt_file -days $ssl_days -config $config_file ");
+ $app->log("Creating self-signed SSL Cert for: $domain",LOGLEVEL_DEBUG);
+ };
+
}
- exec('chmod 400 '.$key_file2);
- @unlink($config_file);
- @unlink($rand_file);
- $ssl_request = $app->db->quote(file_get_contents($csr_file));
- $ssl_cert = $app->db->quote(file_get_contents($crt_file));
+ $app->system->chmod($key_file2,0400);
+ @$app->system->unlink($config_file);
+ @$app->system->unlink($rand_file);
+ $ssl_request = $app->db->quote($app->system->file_get_contents($csr_file));
+ $ssl_cert = $app->db->quote($app->system->file_get_contents($crt_file));
/* Update the DB of the (local) Server */
$app->db->query("UPDATE web_domain SET ssl_request = '$ssl_request', ssl_cert = '$ssl_cert' WHERE domain = '".$data['new']['domain']."'");
$app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
@@ -156,16 +205,30 @@
//* Save a SSL certificate to disk
if($data["new"]["ssl_action"] == 'save') {
+ $this->ssl_certificate_changed = true;
$ssl_dir = $data["new"]["document_root"]."/ssl";
- $domain = $data["new"]["ssl_domain"];
+ $domain = ($data["new"]["ssl_domain"] != '')?$data["new"]["ssl_domain"]:$data["new"]["domain"];
+ $key_file = $ssl_dir.'/'.$domain.'.key.org';
+ $key_file2 = $ssl_dir.'/'.$domain.'.key';
$csr_file = $ssl_dir.'/'.$domain.".csr";
$crt_file = $ssl_dir.'/'.$domain.".crt";
$bundle_file = $ssl_dir.'/'.$domain.".bundle";
- if(trim($data["new"]["ssl_request"]) != '') file_put_contents($csr_file,$data["new"]["ssl_request"]);
- if(trim($data["new"]["ssl_cert"]) != '') file_put_contents($crt_file,$data["new"]["ssl_cert"]);
- if(trim($data["new"]["ssl_bundle"]) != '') file_put_contents($bundle_file,$data["new"]["ssl_bundle"]);
+
+ //* Backup files
+ if(file_exists($key_file)) $app->system->copy($key_file,$key_file.'~');
+ if(file_exists($key_file2)) $app->system->copy($key_file2,$key_file2.'~');
+ if(file_exists($csr_file)) $app->system->copy($csr_file,$csr_file.'~');
+ if(file_exists($crt_file)) $app->system->copy($crt_file,$crt_file.'~');
+ if(file_exists($bundle_file)) $app->system->copy($bundle_file,$bundle_file.'~');
+
+ //* Write new ssl files
+ if(trim($data["new"]["ssl_request"]) != '') $app->system->file_put_contents($csr_file,$data["new"]["ssl_request"]);
+ if(trim($data["new"]["ssl_cert"]) != '') $app->system->file_put_contents($crt_file,$data["new"]["ssl_cert"]);
+ if(trim($data["new"]["ssl_bundle"]) != '') $app->system->file_put_contents($bundle_file,$data["new"]["ssl_bundle"]);
+
/* Update the DB of the (local) Server */
$app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
+
/* Update also the master-DB of the Server-Farm */
$app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
$app->log('Saving SSL Cert for: '.$domain,LOGLEVEL_DEBUG);
@@ -174,13 +237,18 @@
//* Delete a SSL certificate
if($data['new']['ssl_action'] == 'del') {
$ssl_dir = $data['new']['document_root'].'/ssl';
- $domain = $data['new']['ssl_domain'];
+ $domain = ($data["new"]["ssl_domain"] != '')?$data["new"]["ssl_domain"]:$data["new"]["domain"];
$csr_file = $ssl_dir.'/'.$domain.'.csr';
$crt_file = $ssl_dir.'/'.$domain.'.crt';
$bundle_file = $ssl_dir.'/'.$domain.'.bundle';
- unlink($csr_file);
- unlink($crt_file);
- unlink($bundle_file);
+ if(file_exists($web_config['CA_path'].'/openssl.cnf') && !is_link($web_config['CA_path'].'/openssl.cnf'))
+ {
+ exec("openssl ca -batch -config ".$web_config['CA_path']."/openssl.cnf -passin pass:".$web_config['CA_pass']." -revoke $crt_file");
+ $app->log("Revoking CA-signed SSL Cert for: $domain",LOGLEVEL_DEBUG);
+ };
+ $app->system->unlink($csr_file);
+ $app->system->unlink($crt_file);
+ $app->system->unlink($bundle_file);
/* Update the DB of the (local) Server */
$app->db->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '' WHERE domain = '".$data['new']['domain']."'");
$app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
@@ -189,7 +257,6 @@
$app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
$app->log('Deleting SSL Cert for: '.$domain,LOGLEVEL_DEBUG);
}
-
}
@@ -215,7 +282,7 @@
$old_parent_domain_id = intval($data['old']['parent_domain_id']);
$new_parent_domain_id = intval($data['new']['parent_domain_id']);
- // If the parent_domain_id has been chenged, we will have to update the old site as well.
+ // If the parent_domain_id has been changed, we will have to update the old site as well.
if($this->action == 'update' && $data['new']['parent_domain_id'] != $data['old']['parent_domain_id']) {
$tmp = $app->db->queryOneRecord('SELECT * FROM web_domain WHERE domain_id = '.$old_parent_domain_id." AND active = 'y'");
$data['new'] = $tmp;
@@ -251,6 +318,51 @@
$app->log('Websites cannot be owned by the root user or group.',LOGLEVEL_WARN);
return 0;
}
+ if(trim($data['new']['domain']) == '') {
+ $app->log('domain is empty',LOGLEVEL_WARN);
+ return 0;
+ }
+
+ // Create group and user, if not exist
+ $app->uses('system');
+
+ if($web_config['connect_userid_to_webid'] == 'y') {
+ //* Calculate the uid and gid
+ $connect_userid_to_webid_start = ($web_config['connect_userid_to_webid_start'] < 1000)?1000:intval($web_config['connect_userid_to_webid_start']);
+ $fixed_uid_gid = intval($connect_userid_to_webid_start + $data['new']['domain_id']);
+ $fixed_uid_param = '--uid '.$fixed_uid_gid;
+ $fixed_gid_param = '--gid '.$fixed_uid_gid;
+
+ //* Check if a ispconfigend user and group exists and create them
+ if(!$app->system->is_group('ispconfigend')) {
+ exec('groupadd --gid '.($connect_userid_to_webid_start + 10000).' ispconfigend');
+ }
+ if(!$app->system->is_user('ispconfigend')) {
+ exec('useradd -g ispconfigend -d /usr/local/ispconfig --uid '.($connect_userid_to_webid_start + 10000).' ispconfigend');
+ }
+ } else {
+ $fixed_uid_param = '';
+ $fixed_gid_param = '';
+ }
+
+ $groupname = escapeshellcmd($data['new']['system_group']);
+ if($data['new']['system_group'] != '' && !$app->system->is_group($data['new']['system_group'])) {
+ exec('groupadd '.$fixed_gid_param.' '.$groupname);
+ if($apache_chrooted) $this->_exec('chroot '.escapeshellcmd($web_config['website_basedir']).' groupadd '.$groupname);
+ $app->log('Adding the group: '.$groupname,LOGLEVEL_DEBUG);
+ }
+
+ $username = escapeshellcmd($data['new']['system_user']);
+ if($data['new']['system_user'] != '' && !$app->system->is_user($data['new']['system_user'])) {
+ if($web_config['add_web_users_to_sshusers_group'] == 'y') {
+ exec('useradd -d '.escapeshellcmd($data['new']['document_root'])." -g $groupname $fixed_uid_param -G sshusers $username -s /bin/false");
+ if($apache_chrooted) $this->_exec('chroot '.escapeshellcmd($web_config['website_basedir']).' useradd -d '.escapeshellcmd($data['new']['document_root'])." -g $groupname $fixed_uid_param -G sshusers $username -s /bin/false");
+ } else {
+ exec('useradd -d '.escapeshellcmd($data['new']['document_root'])." -g $groupname $fixed_uid_param $username -s /bin/false");
+ if($apache_chrooted) $this->_exec('chroot '.escapeshellcmd($web_config['website_basedir']).' useradd -d '.escapeshellcmd($data['new']['document_root'])." -g $groupname $fixed_uid_param $username -s /bin/false");
+ }
+ $app->log('Adding the user: '.$username,LOGLEVEL_DEBUG);
+ }
//* If the client of the site has been changed, we have a change of the document root
if($this->action == 'update' && $data['new']['document_root'] != $data['old']['document_root']) {
@@ -275,6 +387,9 @@
}
}
}
+
+ //* Remove protection of old folders
+ $app->system->web_folder_protection($data['old']['document_root'],false);
//* Move the site data
$tmp_docroot = explode('/',$data['new']['document_root']);
@@ -285,9 +400,16 @@
unset($tmp_docroot[count($tmp_docroot)-1]);
$old_dir = implode('/',$tmp_docroot);
- exec('rm -rf '.$data['new']['document_root']);
- if(!is_dir($new_dir)) exec('mkdir -p '.$new_dir);
- exec('mv '.$data['old']['document_root'].' '.$new_dir);
+ //* Check if there is already some data in the new docroot and rename it as we need a clean path to move the existing site to the new path
+ if(@is_dir($data['new']['document_root'])) {
+ $app->system->rename($data['new']['document_root'],$data['new']['document_root'].'_bak_'.date('Y_m_d'));
+ $app->log('Renaming existing directory in new docroot location. mv '.$data['new']['document_root'].' '.$data['new']['document_root'].'_bak_'.date('Y_m_d'),LOGLEVEL_DEBUG);
+ }
+
+ //* Create new base directory, if it does not exist yet
+ if(!is_dir($new_dir)) $app->system->mkdirpath($new_dir);
+ //exec('mv '.$data['old']['document_root'].' '.$new_dir);
+ $app->system->rename($data['old']['document_root'],$new_dir);
$app->log('Moving site to new document root: mv '.$data['old']['document_root'].' '.$new_dir,LOGLEVEL_DEBUG);
// Handle the change in php_open_basedir
@@ -311,40 +433,44 @@
//print_r($data);
// Check if the directories are there and create them if necessary.
- if(!is_dir($data['new']['document_root'].'/web')) exec('mkdir -p '.$data['new']['document_root'].'/web');
- if(!is_dir($data['new']['document_root'].'/web/error') and $data['new']['errordocs']) exec('mkdir -p '.$data['new']['document_root'].'/web/error');
+ $app->system->web_folder_protection($data['new']['document_root'],false);
+
+ if(!is_dir($data['new']['document_root'].'/web')) $app->system->mkdirpath($data['new']['document_root'].'/web');
+ if(!is_dir($data['new']['document_root'].'/web/error') and $data['new']['errordocs']) $app->system->mkdirpath($data['new']['document_root'].'/web/error');
//if(!is_dir($data['new']['document_root'].'/log')) exec('mkdir -p '.$data['new']['document_root'].'/log');
- if(!is_dir($data['new']['document_root'].'/ssl')) exec('mkdir -p '.$data['new']['document_root'].'/ssl');
- if(!is_dir($data['new']['document_root'].'/cgi-bin')) exec('mkdir -p '.$data['new']['document_root'].'/cgi-bin');
- if(!is_dir($data['new']['document_root'].'/tmp')) exec('mkdir -p '.$data['new']['document_root'].'/tmp');
-
+ if(!is_dir($data['new']['document_root'].'/ssl')) $app->system->mkdirpath($data['new']['document_root'].'/ssl');
+ if(!is_dir($data['new']['document_root'].'/cgi-bin')) $app->system->mkdirpath($data['new']['document_root'].'/cgi-bin');
+ if(!is_dir($data['new']['document_root'].'/tmp')) $app->system->mkdirpath($data['new']['document_root'].'/tmp');
+ if(!is_dir($data['new']['document_root'].'/webdav')) $app->system->mkdirpath($data['new']['document_root'].'/webdav');
+
+ //* Create the new private directory
+ if(!is_dir($data['new']['document_root'].'/private')) {
+ $app->system->mkdirpath($data['new']['document_root'].'/private');
+ $app->system->chmod($data['new']['document_root'].'/private',0710);
+ $app->system->chown($data['new']['document_root'].'/private',$username);
+ $app->system->chgrp($data['new']['document_root'].'/private',$groupname);
+ }
+
+ $app->system->web_folder_protection($data['new']['document_root'],true);
+
// Remove the symlink for the site, if site is renamed
if($this->action == 'update' && $data['old']['domain'] != '' && $data['new']['domain'] != $data['old']['domain']) {
if(is_dir('/var/log/ispconfig/httpd/'.$data['old']['domain'])) exec('rm -rf /var/log/ispconfig/httpd/'.$data['old']['domain']);
- if(is_link($data['old']['document_root'].'/log')) unlink($data['old']['document_root'].'/log');
+ if(is_link($data['old']['document_root'].'/log')) $app->system->unlink($data['old']['document_root'].'/log');
}
// Create the symlink for the logfiles
- if(!is_dir('/var/log/ispconfig/httpd/'.$data['new']['domain'])) exec('mkdir -p /var/log/ispconfig/httpd/'.$data['new']['domain']);
+ if(!is_dir('/var/log/ispconfig/httpd/'.$data['new']['domain'])) $app->system->mkdirpath('/var/log/ispconfig/httpd/'.$data['new']['domain']);
if(!is_link($data['new']['document_root'].'/log')) {
- exec('ln -s /var/log/ispconfig/httpd/'.$data['new']['domain'].' '.$data['new']['document_root'].'/log');
+// exec("ln -s /var/log/ispconfig/httpd/".$data["new"]["domain"]." ".$data["new"]["document_root"]."/log");
+ if ($web_config["website_symlinks_rel"] == 'y') {
+ $this->create_relative_link("/var/log/ispconfig/httpd/".$data["new"]["domain"], $data["new"]["document_root"]."/log");
+ } else {
+ exec("ln -s /var/log/ispconfig/httpd/".$data["new"]["domain"]." ".$data["new"]["document_root"]."/log");
+ }
+
$app->log('Creating symlink: ln -s /var/log/ispconfig/httpd/'.$data['new']['domain'].' '.$data['new']['document_root'].'/log',LOGLEVEL_DEBUG);
}
- /*
- // Create the symlink for the logfiles
- // This does not work as vlogger cannot log trough symlinks.
- if($this->action == 'update' && $data['old']['domain'] != '' && $data['new']['domain'] != $data['old']['domain']) {
- if(is_dir($data['old']['document_root'].'/log')) exec('rm -rf '.$data['old']['document_root'].'/log');
- if(is_link('/var/log/ispconfig/httpd/'.$data['old']['domain'])) unlink('/var/log/ispconfig/httpd/'.$data['old']['domain']);
- }
-
- // Create the symlink for the logfiles
- if(!is_dir($data['new']['document_root'].'/log')) exec('mkdir -p '.$data['new']['document_root'].'/log');
- if(!is_link('/var/log/ispconfig/httpd/'.$data['new']['domain'])) {
- exec('ln -s '.$data['new']['document_root'].'/log /var/log/ispconfig/httpd/'.$data['new']['domain']);
- $app->log('Creating symlink: ln -s '.$data['new']['document_root'].'/log /var/log/ispconfig/httpd/'.$data['new']['domain'],LOGLEVEL_DEBUG);
- }
- */
// Get the client ID
$client = $app->dbmaster->queryOneRecord('SELECT client_id FROM sys_group WHERE sys_group.groupid = '.intval($data['new']['sys_groupid']));
@@ -379,48 +505,71 @@
if(substr($tmp_symlink, -1, 1) == '/') $tmp_symlink = substr($tmp_symlink, 0, -1);
//* Remove symlink if target folder has been changed.
if($data['old']['document_root'] != '' && $data['old']['document_root'] != $data['new']['document_root'] && is_link($tmp_symlink)) {
- unlink($tmp_symlink);
+ $app->system->unlink($tmp_symlink);
}
// create the symlinks, if not exist
if(!is_link($tmp_symlink)) {
- exec('ln -s '.escapeshellcmd($data['new']['document_root']).'/ '.escapeshellcmd($tmp_symlink));
+// exec("ln -s ".escapeshellcmd($data["new"]["document_root"])."/ ".escapeshellcmd($tmp_symlink));
+ if ($web_config["website_symlinks_rel"] == 'y') {
+ $this->create_relative_link(escapeshellcmd($data["new"]["document_root"]), escapeshellcmd($tmp_symlink));
+ } else {
+ exec("ln -s ".escapeshellcmd($data["new"]["document_root"])."/ ".escapeshellcmd($tmp_symlink));
+ }
+
$app->log('Creating symlink: ln -s '.$data['new']['document_root'].'/ '.$tmp_symlink,LOGLEVEL_DEBUG);
}
}
}
+
+ // Install the Standard or Custom Error, Index and other related files
+ // /usr/local/ispconfig/server/conf is for the standard files
+ // /usr/local/ispconfig/server/conf-custom is for the custom files
+ // setting a local var here
+
+ // normally $conf['templates'] = "/usr/local/ispconfig/server/conf";
+
if($this->action == 'insert' && $data['new']['type'] == 'vhost') {
// Copy the error pages
if($data['new']['errordocs']) {
$error_page_path = escapeshellcmd($data['new']['document_root']).'/web/error/';
- if (file_exists('/usr/local/ispconfig/server/conf-custom/error/'.substr(escapeshellcmd($conf['language']),0,2))) {
- exec('cp /usr/local/ispconfig/server/conf-custom/error/'.substr(escapeshellcmd($conf['language']),0,2).'/* '.$error_page_path);
+ if (file_exists($conf['rootpath'] . '/conf-custom/error/'.substr(escapeshellcmd($conf['language']),0,2))) {
+ exec('cp ' . $conf['rootpath'] . '/conf-custom/error/'.substr(escapeshellcmd($conf['language']),0,2).'/* '.$error_page_path);
}
else {
- if (file_exists('/usr/local/ispconfig/server/conf-custom/error/400.html')) {
- exec('cp /usr/local/ispconfig/server/conf-custom/error/*.html '.$error_page_path);
+ if (file_exists($conf['rootpath'] . '/conf-custom/error/400.html')) {
+ exec('cp '. $conf['rootpath'] . '/conf-custom/error/*.html '.$error_page_path);
}
else {
- exec('cp /usr/local/ispconfig/server/conf/error/'.substr(escapeshellcmd($conf['language']),0,2).'/* '.$error_page_path);
+ exec('cp ' . $conf['rootpath'] . '/conf/error/'.substr(escapeshellcmd($conf['language']),0,2).'/* '.$error_page_path);
}
}
exec('chmod -R a+r '.$error_page_path);
}
- // copy the standard index page
- if (file_exists('/usr/local/ispconfig/server/conf-custom/index/standard_index.html_'.substr(escapeshellcmd($conf['language']),0,2))) {
- exec('cp /usr/local/ispconfig/server/conf-custom/index/standard_index.html_'.substr(escapeshellcmd($conf['language']),0,2).' '.escapeshellcmd($data['new']['document_root']).'/web/index.html');
- }
+ if (file_exists($conf['rootpath'] . '/conf-custom/index/standard_index.html_'.substr(escapeshellcmd($conf['language']),0,2))) {
+ exec('cp ' . $conf['rootpath'] . '/conf-custom/index/standard_index.html_'.substr(escapeshellcmd($conf['language']),0,2).' '.escapeshellcmd($data['new']['document_root']).'/web/index.html');
+
+ if(is_file($conf['rootpath'] . '/conf-custom/index/favicon.ico')) {
+ exec('cp ' . $conf['rootpath'] . '/conf-custom/index/favicon.ico '.escapeshellcmd($data['new']['document_root']).'/web/');
+ }
+ if(is_file($conf['rootpath'] . '/conf-custom/index/robots.txt')) {
+ exec('cp ' . $conf['rootpath'] . '/conf-custom/index/robots.txt '.escapeshellcmd($data['new']['document_root']).'/web/');
+ }
+ if(is_file($conf['rootpath'] . '/conf-custom/index/.htaccess')) {
+ exec('cp ' . $conf['rootpath'] . '/conf-custom/index/.htaccess '.escapeshellcmd($data['new']['document_root']).'/web/');
+ }
+ }
else {
- if (file_exists('/usr/local/ispconfig/server/conf-custom/index/standard_index.html')) {
- exec('cp /usr/local/ispconfig/server/conf-custom/index/standard_index.html '.escapeshellcmd($data['new']['document_root']).'/web/index.html');
+ if (file_exists($conf['rootpath'] . '/conf-custom/index/standard_index.html')) {
+ exec('cp ' . $conf['rootpath'] . '/conf-custom/index/standard_index.html '.escapeshellcmd($data['new']['document_root']).'/web/index.html');
}
else {
- exec('cp /usr/local/ispconfig/server/conf/index/standard_index.html_'.substr(escapeshellcmd($conf['language']),0,2).' '.escapeshellcmd($data['new']['document_root']).'/web/index.html');
- if(is_file('/usr/local/ispconfig/server/conf/index/favicon.ico')) exec('cp /usr/local/ispconfig/server/conf/index/favicon.ico '.escapeshellcmd($data['new']['document_root']).'/web/');
- if(is_file('/usr/local/ispconfig/server/conf/index/robots.txt')) exec('cp /usr/local/ispconfig/server/conf/index/robots.txt '.escapeshellcmd($data['new']['document_root']).'/web/');
- if(is_file('/usr/local/ispconfig/server/conf/index/.htaccess')) exec('cp /usr/local/ispconfig/server/conf/index/.htaccess '.escapeshellcmd($data['new']['document_root']).'/web/');
+ exec('cp ' . $conf['rootpath'] . '/conf/index/standard_index.html_'.substr(escapeshellcmd($conf['language']),0,2).' '.escapeshellcmd($data['new']['document_root']).'/web/index.html');
+ if(is_file($conf['rootpath'] . '/conf/index/favicon.ico')) exec('cp ' . $conf['rootpath'] . '/conf/index/favicon.ico '.escapeshellcmd($data['new']['document_root']).'/web/');
+ if(is_file($conf['rootpath'] . '/conf/index/robots.txt')) exec('cp ' . $conf['rootpath'] . '/conf/index/robots.txt '.escapeshellcmd($data['new']['document_root']).'/web/');
+ if(is_file($conf['rootpath'] . '/conf/index/.htaccess')) exec('cp ' . $conf['rootpath'] . '/conf/index/.htaccess '.escapeshellcmd($data['new']['document_root']).'/web/');
}
}
exec('chmod -R a+r '.escapeshellcmd($data['new']['document_root']).'/web/');
@@ -429,36 +578,20 @@
} elseif ($this->action == 'update' && $data['new']['type'] == 'vhost' && $data['old']['errordocs'] == 0 && $data['new']['errordocs'] == 1) {
$error_page_path = escapeshellcmd($data['new']['document_root']).'/web/error/';
- if (file_exists('/usr/local/ispconfig/server/conf-custom/error/'.substr(escapeshellcmd($conf['language']),0,2))) {
- exec('cp /usr/local/ispconfig/server/conf-custom/error/'.substr(escapeshellcmd($conf['language']),0,2).'/* '.$error_page_path);
+ if (file_exists($conf['rootpath'] . '/conf-custom/error/'.substr(escapeshellcmd($conf['language']),0,2))) {
+ exec('cp ' . $conf['rootpath'] . '/conf-custom/error/'.substr(escapeshellcmd($conf['language']),0,2).'/* '.$error_page_path);
}
else {
- if (file_exists('/usr/local/ispconfig/server/conf-custom/error/400.html')) {
- exec('cp /usr/local/ispconfig/server/conf-custom/error/*.html '.$error_page_path);
+ if (file_exists($conf['rootpath'] . '/conf-custom/error/400.html')) {
+ exec('cp ' . $conf['rootpath'] . '/conf-custom/error/*.html '.$error_page_path);
}
else {
- exec('cp /usr/local/ispconfig/server/conf/error/'.substr(escapeshellcmd($conf['language']),0,2).'/* '.$error_page_path);
+ exec('cp ' . $conf['rootpath'] . '/conf/error/'.substr(escapeshellcmd($conf['language']),0,2).'/* '.$error_page_path);
}
}
exec('chmod -R a+r '.$error_page_path);
+ exec('chown -R '.$data['new']['system_user'].':'.$data['new']['system_group'].' '.$error_page_path);
} // end copy error docs
-
- // Create group and user, if not exist
- $app->uses('system');
-
- $groupname = escapeshellcmd($data['new']['system_group']);
- if($data['new']['system_group'] != '' && !$app->system->is_group($data['new']['system_group'])) {
- exec('groupadd '.$groupname);
- if($apache_chrooted) $this->_exec('chroot '.escapeshellcmd($web_config['website_basedir']).' groupadd '.$groupname);
- $app->log('Adding the group: '.$groupname,LOGLEVEL_DEBUG);
- }
-
- $username = escapeshellcmd($data['new']['system_user']);
- if($data['new']['system_user'] != '' && !$app->system->is_user($data['new']['system_user'])) {
- exec('useradd -d '.escapeshellcmd($data['new']['document_root'])." -g $groupname -G sshusers $username -s /bin/false");
- if($apache_chrooted) $this->_exec('chroot '.escapeshellcmd($web_config['website_basedir']).' useradd -d '.escapeshellcmd($data['new']['document_root'])." -g $groupname -G sshusers $username -s /bin/false");
- $app->log('Adding the user: '.$username,LOGLEVEL_DEBUG);
- }
// Set the quota for the user
if($username != '' && $app->system->is_user($username)) {
@@ -472,86 +605,146 @@
exec('setquota -T -u '.$username.' 604800 604800 -a &> /dev/null');
}
- if($this->action == 'insert') {
+ if($this->action == 'insert' || $data["new"]["system_user"] != $data["old"]["system_user"]) {
// Chown and chmod the directories below the document root
- $this->_exec('chown -R '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']));
+ $this->_exec('chown -R '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']).'/web');
// The document root itself has to be owned by root in normal level and by the web owner in security level 20
if($web_config['security_level'] == 20) {
- $this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']));
+ $this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']).'/web');
} else {
- $this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root']));
+ $this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root']).'/web');
}
}
-
-
//* If the security level is set to high
- if($web_config['security_level'] == 20) {
+ if(($this->action == 'insert' && $data['new']['type'] == 'vhost') or ($web_config['set_folder_permissions_on_update'] == 'y' && $data['new']['type'] == 'vhost')) {
+
+ $app->system->web_folder_protection($data['new']['document_root'],false);
+
+ //* Check if we have the new private folder and create it if nescessary
+ if(!is_dir($data['new']['document_root'].'/private')) $app->system->mkdir($data['new']['document_root'].'/private');
+
+ if($web_config['security_level'] == 20) {
+
+ $app->system->chmod($data['new']['document_root'],0755);
+ $app->system->chmod($data['new']['document_root'].'/web',0710);
+ $app->system->chmod($data['new']['document_root'].'/webdav',0710);
+ $app->system->chmod($data['new']['document_root'].'/private',0710);
+ $app->system->chmod($data['new']['document_root'].'/ssl',0755);
- $this->_exec('chmod 751 '.escapeshellcmd($data['new']['document_root']));
- $this->_exec('chmod 751 '.escapeshellcmd($data['new']['document_root']).'/*');
- $this->_exec('chmod 710 '.escapeshellcmd($data['new']['document_root'].'/web'));
+ // make tmp directory writable for Apache and the website users
+ $app->system->chmod($data['new']['document_root'].'/tmp',0777);
+
+ // Set Log symlink to 755 to make the logs accessible by the FTP user
+ if(realpath($data['new']['document_root'].'/log') == '/var/log/ispconfig/httpd/'.$data['new']['domain'].'/error.log') {
+ $app->system->chmod($data['new']['document_root'].'/log',0755);
+ }
+
+ if($web_config['add_web_users_to_sshusers_group'] == 'y') {
+ $command = 'usermod';
+ $command .= ' --groups sshusers';
+ $command .= ' '.escapeshellcmd($data['new']['system_user']);
+ $this->_exec($command);
+ }
- // make tmp directory writable for Apache and the website users
- $this->_exec('chmod 777 '.escapeshellcmd($data['new']['document_root'].'/tmp'));
+ //* if we have a chrooted Apache environment
+ if($apache_chrooted) {
+ $this->_exec('chroot '.escapeshellcmd($web_config['website_basedir']).' '.$command);
- $command = 'usermod';
- $command .= ' --groups sshusers';
- $command .= ' '.escapeshellcmd($data['new']['system_user']);
- $this->_exec($command);
+ //* add the apache user to the client group in the chroot environment
+ $tmp_groupfile = $app->system->server_conf['group_datei'];
+ $app->system->server_conf['group_datei'] = $web_config['website_basedir'].'/etc/group';
+ $app->system->add_user_to_group($groupname, escapeshellcmd($web_config['user']));
+ $app->system->server_conf['group_datei'] = $tmp_groupfile;
+ unset($tmp_groupfile);
+ }
- //* if we have a chrooted Apache environment
- if($apache_chrooted) {
- $this->_exec('chroot '.escapeshellcmd($web_config['website_basedir']).' '.$command);
-
- //* add the apache user to the client group in the chroot environment
- $tmp_groupfile = $app->system->server_conf['group_datei'];
- $app->system->server_conf['group_datei'] = $web_config['website_basedir'].'/etc/group';
+ //* add the Apache user to the client group
$app->system->add_user_to_group($groupname, escapeshellcmd($web_config['user']));
- $app->system->server_conf['group_datei'] = $tmp_groupfile;
- unset($tmp_groupfile);
+
+ //* Chown all default directories
+ $app->system->chown($data['new']['document_root'],'root');
+ $app->system->chgrp($data['new']['document_root'],'root');
+ $app->system->chown($data['new']['document_root'].'/cgi-bin',$username);
+ $app->system->chgrp($data['new']['document_root'].'/cgi-bin',$groupname);
+ if(realpath($data['new']['document_root'].'/log') == '/var/log/ispconfig/httpd/'.$data['new']['domain'].'/error.log') {
+ $app->system->chown($data['new']['document_root'].'/log','root',false);
+ $app->system->chgrp($data['new']['document_root'].'/log',$groupname,false);
+ }
+ $app->system->chown($data['new']['document_root'].'/ssl','root');
+ $app->system->chgrp($data['new']['document_root'].'/ssl','root');
+ $app->system->chown($data['new']['document_root'].'/tmp',$username);
+ $app->system->chgrp($data['new']['document_root'].'/tmp',$groupname);
+ $app->system->chown($data['new']['document_root'].'/web',$username);
+ $app->system->chgrp($data['new']['document_root'].'/web',$groupname);
+ $app->system->chown($data['new']['document_root'].'/web/error',$username);
+ $app->system->chgrp($data['new']['document_root'].'/web/error',$groupname);
+ $app->system->chown($data['new']['document_root'].'/web/stats',$username);
+ $app->system->chgrp($data['new']['document_root'].'/web/stats',$groupname);
+ $app->system->chown($data['new']['document_root'].'/webdav',$username);
+ $app->system->chgrp($data['new']['document_root'].'/webdav',$groupname);
+ $app->system->chown($data['new']['document_root'].'/private',$username);
+ $app->system->chgrp($data['new']['document_root'].'/private',$groupname);
+
+ // If the security Level is set to medium
+ } else {
+
+ $app->system->chmod($data['new']['document_root'],0755);
+ $app->system->chmod($data['new']['document_root'].'/web',0755);
+ $app->system->chmod($data['new']['document_root'].'/webdav',0755);
+ $app->system->chmod($data['new']['document_root'].'/ssl',0755);
+ $app->system->chmod($data['new']['document_root'].'/cgi-bin',0755);
+ if(realpath($data['new']['document_root'].'/log') == '/var/log/ispconfig/httpd/'.$data['new']['domain'].'/error.log') {
+ $app->system->chmod($data['new']['document_root'].'/log',0755);
+ }
+
+ // make temp directory writable for Apache and the website users
+ $app->system->chmod($data['new']['document_root'].'/tmp',0777);
+
+ $app->system->chown($data['new']['document_root'],'root');
+ $app->system->chgrp($data['new']['document_root'],'root');
+ $app->system->chown($data['new']['document_root'].'/cgi-bin',$username);
+ $app->system->chgrp($data['new']['document_root'].'/cgi-bin',$groupname);
+ if(realpath($data['new']['document_root'].'/log') == '/var/log/ispconfig/httpd/'.$data['new']['domain'].'/error.log') {
+ $app->system->chown($data['new']['document_root'].'/log','root',false);
+ $app->system->chgrp($data['new']['document_root'].'/log','root',false);
+ }
+ $app->system->chown($data['new']['document_root'].'/ssl','root');
+ $app->system->chgrp($data['new']['document_root'].'/ssl','root');
+ $app->system->chown($data['new']['document_root'].'/tmp',$username);
+ $app->system->chgrp($data['new']['document_root'].'/tmp',$groupname);
+ $app->system->chown($data['new']['document_root'].'/web',$username);
+ $app->system->chgrp($data['new']['document_root'].'/web',$groupname);
+ $app->system->chown($data['new']['document_root'].'/web/error',$username);
+ $app->system->chgrp($data['new']['document_root'].'/web/error',$groupname);
+ $app->system->chown($data['new']['document_root'].'/web/stats',$username);
+ $app->system->chgrp($data['new']['document_root'].'/web/stats',$groupname);
+ $app->system->chown($data['new']['document_root'].'/webdav',$username);
+ $app->system->chgrp($data['new']['document_root'].'/webdav',$groupname);
}
-
- //* add the Apache user to the client group
- $app->system->add_user_to_group($groupname, escapeshellcmd($web_config['user']));
-
- $this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']));
-
- /*
- * Workaround for jailkit: If jailkit is enabled for the site, the
- * website root has to be owned by the root user and we have to chmod it to 755 then
- */
-
- //* Check if there is a jailkit user for this site
- $tmp = $app->db->queryOneRecord('SELECT count(shell_user_id) as number FROM shell_user WHERE parent_domain_id = '.$data['new']['domain_id']." AND chroot = 'jailkit'");
- if($tmp['number'] > 0) {
- $this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root']));
- $this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root']));
- }
- unset($tmp);
-
- // If the security Level is set to medium
- } else {
-
- $this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root']));
- $this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root'].'/*'));
- $this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root']));
-
- // make temp directory writable for Apache and the website users
- $this->_exec('chmod 777 '.escapeshellcmd($data['new']['document_root'].'/tmp'));
}
+
+ //* Protect web folders
+ $app->system->web_folder_protection($data['new']['document_root'],true);
- // Change the ownership of the error log to the owner of the website
- if(!@is_file($data['new']['document_root'].'/log/error.log')) exec('touch '.escapeshellcmd($data['new']['document_root']).'/log/error.log');
- $this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']).'/log/error.log');
+ // Change the ownership of the error log to the root user
+ if(!@is_file('/var/log/ispconfig/httpd/'.$data['new']['domain'].'/error.log')) exec('touch '.escapeshellcmd('/var/log/ispconfig/httpd/'.$data['new']['domain'].'/error.log'));
+ $app->system->chown('/var/log/ispconfig/httpd/'.$data['new']['domain'].'/error.log','root');
+ $app->system->chgrp('/var/log/ispconfig/httpd/'.$data['new']['domain'].'/error.log','root');
- //* Write the custom php.ini file, if custom_php_ini filed is not empty
+ //* Write the custom php.ini file, if custom_php_ini fieled is not empty
$custom_php_ini_dir = $web_config['website_basedir'].'/conf/'.$data['new']['system_user'];
- if(!is_dir($web_config['website_basedir'].'/conf')) mkdir($web_config['website_basedir'].'/conf');
+ if(!is_dir($web_config['website_basedir'].'/conf')) $app->system->mkdir($web_config['website_basedir'].'/conf');
+
+ //* add open_basedir restriction to custom php.ini content, required for suphp only
+ if(!stristr($data['new']['custom_php_ini'],'open_basedir') && $data['new']['php'] == 'suphp') {
+ $data['new']['custom_php_ini'] .= "\nopen_basedir = '".$data['new']['php_open_basedir']."'\n";
+ }
+ //* Create custom php.ini
if(trim($data['new']['custom_php_ini']) != '') {
$has_custom_php_ini = true;
- if(!is_dir($custom_php_ini_dir)) mkdir($custom_php_ini_dir);
+ if(!is_dir($custom_php_ini_dir)) $app->system->mkdir($custom_php_ini_dir);
$php_ini_content = '';
if($data['new']['php'] == 'mod') {
$master_php_ini_path = $web_config['php_ini_path_apache'];
@@ -563,13 +756,13 @@
}
}
if($master_php_ini_path != '' && substr($master_php_ini_path,-7) == 'php.ini' && is_file($master_php_ini_path)) {
- $php_ini_content .= file_get_contents($master_php_ini_path)."\n";
+ $php_ini_content .= $app->system->file_get_contents($master_php_ini_path)."\n";
}
- $php_ini_content .= trim($data['new']['custom_php_ini']);
- file_put_contents($custom_php_ini_dir.'/php.ini',$php_ini_content);
+ $php_ini_content .= str_replace("\r",'',trim($data['new']['custom_php_ini']));
+ $app->system->file_put_contents($custom_php_ini_dir.'/php.ini',$php_ini_content);
} else {
$has_custom_php_ini = false;
- if(is_file($custom_php_ini_dir.'/php.ini')) unlink($custom_php_ini_dir.'/php.ini');
+ if(is_file($custom_php_ini_dir.'/php.ini')) $app->system->unlink($custom_php_ini_dir.'/php.ini');
}
@@ -580,6 +773,7 @@
$tpl->newTemplate('vhost.conf.master');
$vhost_data = $data['new'];
+ //unset($vhost_data['ip_address']);
$vhost_data['web_document_root'] = $data['new']['document_root'].'/web';
$vhost_data['web_document_root_www'] = $web_config['website_basedir'].'/'.$data['new']['domain'].'/web';
$vhost_data['web_basedir'] = $web_config['website_basedir'];
@@ -589,6 +783,11 @@
$vhost_data['ssl_domain'] = $data['new']['ssl_domain'];
$vhost_data['has_custom_php_ini'] = $has_custom_php_ini;
$vhost_data['custom_php_ini_dir'] = escapeshellcmd($custom_php_ini_dir);
+
+ // Custom Apache directives
+ // Make sure we only have Unix linebreaks
+ $vhost_data['apache_directives'] = str_replace("\r\n", "\n", $vhost_data['apache_directives']);
+ $vhost_data['apache_directives'] = str_replace("\r", "\n", $vhost_data['apache_directives']);
// Check if a SSL cert exists
$ssl_dir = $data['new']['document_root'].'/ssl';
@@ -597,45 +796,76 @@
$crt_file = $ssl_dir.'/'.$domain.'.crt';
$bundle_file = $ssl_dir.'/'.$domain.'.bundle';
- if($data['new']['ssl'] == 'y' && @is_file($crt_file) && @is_file($key_file)) {
+ /*
+ if($domain!='' && $data['new']['ssl'] == 'y' && @is_file($crt_file) && @is_file($key_file) && (@filesize($crt_file)>0) && (@filesize($key_file)>0)) {
$vhost_data['ssl_enabled'] = 1;
$app->log('Enable SSL for: '.$domain,LOGLEVEL_DEBUG);
} else {
$vhost_data['ssl_enabled'] = 0;
- $app->log('Disable SSL for: '.$domain,LOGLEVEL_DEBUG);
+ $app->log('SSL Disabled. '.$domain,LOGLEVEL_DEBUG);
}
+ */
if(@is_file($bundle_file)) $vhost_data['has_bundle_cert'] = 1;
//$vhost_data['document_root'] = $data['new']['document_root'].'/web';
+
+ // Set SEO Redirect
+ if($data['new']['seo_redirect'] != '' && ($data['new']['subdomain'] == 'www' || $data['new']['subdomain'] == '*')){
+ $vhost_data['seo_redirect_enabled'] = 1;
+ if($data['new']['seo_redirect'] == 'non_www_to_www'){
+ $vhost_data['seo_redirect_origin_domain'] = $data['new']['domain'];
+ $vhost_data['seo_redirect_target_domain'] = 'www.'.$data['new']['domain'];
+ }
+ if($data['new']['seo_redirect'] == 'www_to_non_www'){
+ $vhost_data['seo_redirect_origin_domain'] = 'www.'.$data['new']['domain'];
+ $vhost_data['seo_redirect_target_domain'] = $data['new']['domain'];
+ }
+ } else {
+ $vhost_data['seo_redirect_enabled'] = 0;
+ }
+
$tpl->setVar($vhost_data);
// Rewrite rules
$rewrite_rules = array();
- if($data['new']['redirect_type'] != '') {
+ if($data['new']['redirect_type'] != '' && $data['new']['redirect_path'] != '') {
if(substr($data['new']['redirect_path'],-1) != '/') $data['new']['redirect_path'] .= '/';
+ if(substr($data['new']['redirect_path'],0,8) == '[scheme]'){
+ $rewrite_target = 'http'.substr($data['new']['redirect_path'],8);
+ $rewrite_target_ssl = 'https'.substr($data['new']['redirect_path'],8);
+ } else {
+ $rewrite_target = $data['new']['redirect_path'];
+ $rewrite_target_ssl = $data['new']['redirect_path'];
+ }
/* Disabled path extension
if($data['new']['redirect_type'] == 'no' && substr($data['new']['redirect_path'],0,4) != 'http') {
$data['new']['redirect_path'] = $data['new']['document_root'].'/web'.realpath($data['new']['redirect_path']).'/';
}
*/
- $rewrite_rules[] = array( 'rewrite_domain' => $data['new']['domain'],
- 'rewrite_type' => ($data['new']['redirect_type'] == 'no')?'':'['.$data['new']['redirect_type'].']',
- 'rewrite_target' => $data['new']['redirect_path']);
-
switch($data['new']['subdomain']) {
case 'www':
- $rewrite_rules[] = array( 'rewrite_domain' => 'www.'.$data['new']['domain'],
+ $rewrite_rules[] = array( 'rewrite_domain' => '^'.$data['new']['domain'],
+ 'rewrite_type' => ($data['new']['redirect_type'] == 'no')?'':'['.$data['new']['redirect_type'].']',
+ 'rewrite_target' => $rewrite_target,
+ 'rewrite_target_ssl' => $rewrite_target_ssl);
+ $rewrite_rules[] = array( 'rewrite_domain' => '^www.'.$data['new']['domain'],
'rewrite_type' => ($data['new']['redirect_type'] == 'no')?'':'['.$data['new']['redirect_type'].']',
- 'rewrite_target' => $data['new']['redirect_path']);
+ 'rewrite_target' => $rewrite_target,
+ 'rewrite_target_ssl' => $rewrite_target_ssl);
break;
case '*':
- // TODO
- //$rewrite_rules[] = array( 'rewrite_domain' => '*'.$alias['domain'],
- // 'rewrite_type' => $alias['redirect_type'],
- // 'rewrite_target' => $alias['redirect_path']);
+ $rewrite_rules[] = array( 'rewrite_domain' => '(^|\.)'.$data['new']['domain'],
+ 'rewrite_type' => ($data['new']['redirect_type'] == 'no')?'':'['.$data['new']['redirect_type'].']',
+ 'rewrite_target' => $rewrite_target,
+ 'rewrite_target_ssl' => $rewrite_target_ssl);
break;
+ default:
+ $rewrite_rules[] = array( 'rewrite_domain' => '^'.$data['new']['domain'],
+ 'rewrite_type' => ($data['new']['redirect_type'] == 'no')?'':'['.$data['new']['redirect_type'].']',
+ 'rewrite_target' => $rewrite_target,
+ 'rewrite_target_ssl' => $rewrite_target_ssl);
}
}
@@ -665,28 +895,43 @@
}
$app->log('Add server alias: '.$alias['domain'],LOGLEVEL_DEBUG);
// Rewriting
- if($alias['redirect_type'] != '') {
- if(substr($data['new']['redirect_path'],-1) != '/') $data['new']['redirect_path'] .= '/';
+ if($alias['redirect_type'] != '' && $alias['redirect_path'] != '') {
+ if(substr($alias['redirect_path'],-1) != '/') $alias['redirect_path'] .= '/';
+ if(substr($alias['redirect_path'],0,8) == '[scheme]'){
+ $rewrite_target = 'http'.substr($alias['redirect_path'],8);
+ $rewrite_target_ssl = 'https'.substr($alias['redirect_path'],8);
+ } else {
+ $rewrite_target = $alias['redirect_path'];
+ $rewrite_target_ssl = $alias['redirect_path'];
+ }
/* Disabled the path extension
if($data['new']['redirect_type'] == 'no' && substr($data['new']['redirect_path'],0,4) != 'http') {
$data['new']['redirect_path'] = $data['new']['document_root'].'/web'.realpath($data['new']['redirect_path']).'/';
}
*/
- $rewrite_rules[] = array( 'rewrite_domain' => $alias['domain'],
- 'rewrite_type' => ($alias['redirect_type'] == 'no')?'':'['.$alias['redirect_type'].']',
- 'rewrite_target' => $alias['redirect_path']);
+
switch($alias['subdomain']) {
case 'www':
- $rewrite_rules[] = array( 'rewrite_domain' => 'www.'.$alias['domain'],
+ $rewrite_rules[] = array( 'rewrite_domain' => '^'.$alias['domain'],
+ 'rewrite_type' => ($alias['redirect_type'] == 'no')?'':'['.$alias['redirect_type'].']',
+ 'rewrite_target' => $rewrite_target,
+ 'rewrite_target_ssl' => $rewrite_target_ssl);
+ $rewrite_rules[] = array( 'rewrite_domain' => '^www.'.$alias['domain'],
'rewrite_type' => ($alias['redirect_type'] == 'no')?'':'['.$alias['redirect_type'].']',
- 'rewrite_target' => $alias['redirect_path']);
+ 'rewrite_target' => $rewrite_target,
+ 'rewrite_target_ssl' => $rewrite_target_ssl);
break;
case '*':
- // TODO
- //$rewrite_rules[] = array( 'rewrite_domain' => '*'.$alias['domain'],
- // 'rewrite_type' => $alias['redirect_type'],
- // 'rewrite_target' => $alias['redirect_path']);
+ $rewrite_rules[] = array( 'rewrite_domain' => '(^|\.)'.$alias['domain'],
+ 'rewrite_type' => ($alias['redirect_type'] == 'no')?'':'['.$alias['redirect_type'].']',
+ 'rewrite_target' => $rewrite_target,
+ 'rewrite_target_ssl' => $rewrite_target_ssl);
break;
+ default:
+ $rewrite_rules[] = array( 'rewrite_domain' => '^'.$alias['domain'],
+ 'rewrite_type' => ($alias['redirect_type'] == 'no')?'':'['.$alias['redirect_type'].']',
+ 'rewrite_target' => $rewrite_target,
+ 'rewrite_target_ssl' => $rewrite_target_ssl);
}
}
}
@@ -709,12 +954,13 @@
$tpl->setVar('alias','');
}
- if(count($rewrite_rules) > 0) {
+ if(count($rewrite_rules) > 0 || $vhost_data['seo_redirect_enabled'] > 0) {
$tpl->setVar('rewrite_enabled',1);
} else {
$tpl->setVar('rewrite_enabled',0);
}
- $tpl->setLoop('redirects',$rewrite_rules);
+
+ //$tpl->setLoop('redirects',$rewrite_rules);
/**
* install fast-cgi starter script and add script aliasd config
@@ -730,47 +976,122 @@
$fastcgi_starter_path = str_replace('[client_id]',$client_id,$fastcgi_starter_path);
if (!is_dir($fastcgi_starter_path)) {
- exec('mkdir -p '.escapeshellcmd($fastcgi_starter_path));
+ $app->system->mkdirpath($fastcgi_starter_path);
//exec('chown '.$data['new']['system_user'].':'.$data['new']['system_group'].' '.escapeshellcmd($fastcgi_starter_path));
$app->log('Creating fastcgi starter script directory: '.$fastcgi_starter_path,LOGLEVEL_DEBUG);
}
- exec('chown -R '.$data['new']['system_user'].':'.$data['new']['system_group'].' '.escapeshellcmd($fastcgi_starter_path));
-
+ //exec('chown -R '.$data['new']['system_user'].':'.$data['new']['system_group'].' '.escapeshellcmd($fastcgi_starter_path));
+ $app->system->chown($fastcgi_starter_path,$data['new']['system_user']);
+ $app->system->chgrp($fastcgi_starter_path,$data['new']['system_group']);
+
$fcgi_tpl = new tpl();
$fcgi_tpl->newTemplate('php-fcgi-starter.master');
+
+ // Support for multiple PHP versions (FastCGI)
+ if(trim($data['new']['fastcgi_php_version']) != ''){
+ $default_fastcgi_php = false;
+ list($custom_fastcgi_php_name, $custom_fastcgi_php_executable, $custom_fastcgi_php_ini_dir) = explode(':', trim($data['new']['fastcgi_php_version']));
+ if(substr($custom_fastcgi_php_ini_dir,-1) != '/') $custom_fastcgi_php_ini_dir .= '/';
+ } else {
+ $default_fastcgi_php = true;
+ }
if($has_custom_php_ini) {
$fcgi_tpl->setVar('php_ini_path',escapeshellcmd($custom_php_ini_dir));
} else {
- $fcgi_tpl->setVar('php_ini_path',escapeshellcmd($fastcgi_config['fastcgi_phpini_path']));
+ if($default_fastcgi_php){
+ $fcgi_tpl->setVar('php_ini_path',escapeshellcmd($fastcgi_config['fastcgi_phpini_path']));
+ } else {
+ $fcgi_tpl->setVar('php_ini_path',escapeshellcmd($custom_fastcgi_php_ini_dir));
+ }
}
$fcgi_tpl->setVar('document_root',escapeshellcmd($data['new']['document_root']));
$fcgi_tpl->setVar('php_fcgi_children',escapeshellcmd($fastcgi_config['fastcgi_children']));
$fcgi_tpl->setVar('php_fcgi_max_requests',escapeshellcmd($fastcgi_config['fastcgi_max_requests']));
- $fcgi_tpl->setVar('php_fcgi_bin',escapeshellcmd($fastcgi_config['fastcgi_bin']));
+ if($default_fastcgi_php){
+ $fcgi_tpl->setVar('php_fcgi_bin',escapeshellcmd($fastcgi_config['fastcgi_bin']));
+ } else {
+ $fcgi_tpl->setVar('php_fcgi_bin',escapeshellcmd($custom_fastcgi_php_executable));
+ }
$fcgi_tpl->setVar('security_level',intval($web_config['security_level']));
$php_open_basedir = ($data['new']['php_open_basedir'] == '')?$data['new']['document_root']:$data['new']['php_open_basedir'];
$fcgi_tpl->setVar('open_basedir', escapeshellcmd($php_open_basedir));
$fcgi_starter_script = escapeshellcmd($fastcgi_starter_path.$fastcgi_config['fastcgi_starter_script']);
- file_put_contents($fcgi_starter_script,$fcgi_tpl->grab());
+ $app->system->file_put_contents($fcgi_starter_script,$fcgi_tpl->grab());
unset($fcgi_tpl);
$app->log('Creating fastcgi starter script: '.$fcgi_starter_script,LOGLEVEL_DEBUG);
-
- exec('chmod 755 '.$fcgi_starter_script);
- exec('chown '.$data['new']['system_user'].':'.$data['new']['system_group'].' '.$fcgi_starter_script);
-
+ $app->system->chmod($fcgi_starter_script,0755);
+ $app->system->chown($fcgi_starter_script,$data['new']['system_user']);
+ $app->system->chgrp($fcgi_starter_script,$data['new']['system_group']);
+
$tpl->setVar('fastcgi_alias',$fastcgi_config['fastcgi_alias']);
$tpl->setVar('fastcgi_starter_path',$fastcgi_starter_path);
$tpl->setVar('fastcgi_starter_script',$fastcgi_config['fastcgi_starter_script']);
+ $tpl->setVar('fastcgi_config_syntax',$fastcgi_config['fastcgi_config_syntax']);
+ } else {
+ //remove the php fastgi starter script if available
+ if ($data['old']['php'] == 'fast-cgi') {
+ $fastcgi_config = $app->getconf->get_server_config($conf['server_id'], 'fastcgi');
+ $fastcgi_starter_path = str_replace('[system_user]',$data['old']['system_user'],$fastcgi_config['fastcgi_starter_path']);
+ $fastcgi_starter_path = str_replace('[client_id]',$client_id,$fastcgi_starter_path);
+ if (is_dir($fastcgi_starter_path)) {
+ exec('rm -rf '.$fastcgi_starter_path);
+ }
+ }
}
+
+ /**
+ * PHP-FPM
+ */
+ // Support for multiple PHP versions
+ if($data['new']['php'] == 'php-fpm'){
+ if(trim($data['new']['fastcgi_php_version']) != ''){
+ $default_php_fpm = false;
+ list($custom_php_fpm_name, $custom_php_fpm_init_script, $custom_php_fpm_ini_dir, $custom_php_fpm_pool_dir) = explode(':', trim($data['new']['fastcgi_php_version']));
+ if(substr($custom_php_fpm_ini_dir,-1) != '/') $custom_php_fpm_ini_dir .= '/';
+ } else {
+ $default_php_fpm = true;
+ }
+ } else {
+ if(trim($data['old']['fastcgi_php_version']) != '' && $data['old']['php'] == 'php-fpm'){
+ $default_php_fpm = false;
+ list($custom_php_fpm_name, $custom_php_fpm_init_script, $custom_php_fpm_ini_dir, $custom_php_fpm_pool_dir) = explode(':', trim($data['old']['fastcgi_php_version']));
+ if(substr($custom_php_fpm_ini_dir,-1) != '/') $custom_php_fpm_ini_dir .= '/';
+ } else {
+ $default_php_fpm = true;
+ }
+ }
+
+ if($default_php_fpm){
+ $pool_dir = escapeshellcmd($web_config['php_fpm_pool_dir']);
+ } else {
+ $pool_dir = $custom_php_fpm_pool_dir;
+ }
+ if(substr($pool_dir,-1) != '/') $pool_dir .= '/';
+ $pool_name = 'web'.$data['new']['domain_id'];
+ $socket_dir = escapeshellcmd($web_config['php_fpm_socket_dir']);
+ if(substr($socket_dir,-1) != '/') $socket_dir .= '/';
+
+ if($data['new']['php_fpm_use_socket'] == 'y'){
+ $use_tcp = 0;
+ $use_socket = 1;
+ } else {
+ $use_tcp = 1;
+ $use_socket = 0;
+ }
+ $tpl->setVar('use_tcp', $use_tcp);
+ $tpl->setVar('use_socket', $use_socket);
+ $fpm_socket = $socket_dir.$pool_name.'.sock';
+ $tpl->setVar('fpm_socket', $fpm_socket);
+ $tpl->setVar('fpm_port', $web_config['php_fpm_start_port'] + $data['new']['domain_id'] - 1);
/**
* install cgi starter script and add script alias to config.
@@ -790,8 +1111,10 @@
$cgi_starter_path = str_replace('[client_id]',$client_id,$cgi_starter_path);
if (!is_dir($cgi_starter_path)) {
- exec('mkdir -p '.escapeshellcmd($cgi_starter_path));
- exec('chown '.$data['new']['system_user'].':'.$data['new']['system_group'].' '.escapeshellcmd($cgi_starter_path));
+ $app->system->mkdirpath($cgi_starter_path);
+ $app->system->chmod($cgi_starter_script,0755);
+ $app->system->chown($cgi_starter_script,$data['new']['system_user']);
+ $app->system->chgrp($cgi_starter_script,$data['new']['system_group']);
$app->log('Creating cgi starter script directory: '.$cgi_starter_path,LOGLEVEL_DEBUG);
}
@@ -817,14 +1140,15 @@
}
$cgi_starter_script = escapeshellcmd($cgi_starter_path.$cgi_config['cgi_starter_script']);
- file_put_contents($cgi_starter_script,$cgi_tpl->grab());
+ $app->system->file_put_contents($cgi_starter_script,$cgi_tpl->grab());
unset($cgi_tpl);
$app->log('Creating cgi starter script: '.$cgi_starter_script,LOGLEVEL_DEBUG);
- exec('chmod 755 '.$cgi_starter_script);
- exec('chown '.$data['new']['system_user'].':'.$data['new']['system_group'].' '.$cgi_starter_script);
+ $app->system->chmod($cgi_starter_script,0755);
+ $app->system->chown($cgi_starter_script,$data['new']['system_user']);
+ $app->system->chgrp($cgi_starter_script,$data['new']['system_group']);
$tpl->setVar('cgi_starter_path',$cgi_starter_path);
$tpl->setVar('cgi_starter_script',$cgi_config['cgi_starter_script']);
@@ -833,10 +1157,58 @@
$vhost_file = escapeshellcmd($web_config['vhost_conf_dir'].'/'.$data['new']['domain'].'.vhost');
//* Make a backup copy of vhost file
- copy($vhost_file,$vhost_file.'~');
+ if(file_exists($vhost_file)) $app->system->copy($vhost_file,$vhost_file.'~');
+
+ //* create empty vhost array
+ $vhosts = array();
+
+ //* Add vhost for ipv4 IP
+ if(count($rewrite_rules) > 0){
+ $vhosts[] = array('ip_address' => $data['new']['ip_address'], 'ssl_enabled' => 0, 'port' => 80, 'redirects' => $rewrite_rules);
+ } else {
+ $vhosts[] = array('ip_address' => $data['new']['ip_address'], 'ssl_enabled' => 0, 'port' => 80);
+ }
+
+ //* Add vhost for ipv4 IP with SSL
+ $ssl_dir = $data['new']['document_root'].'/ssl';
+ $domain = $data['new']['ssl_domain'];
+ $key_file = $ssl_dir.'/'.$domain.'.key';
+ $crt_file = $ssl_dir.'/'.$domain.'.crt';
+
+ if($data['new']['ssl_domain'] != '' && $data['new']['ssl'] == 'y' && @is_file($crt_file) && @is_file($key_file) && (@filesize($crt_file)>0) && (@filesize($key_file)>0)) {
+ if(count($rewrite_rules) > 0){
+ $vhosts[] = array('ip_address' => $data['new']['ip_address'], 'ssl_enabled' => 1, 'port' => '443', 'redirects' => $rewrite_rules);
+ } else {
+ $vhosts[] = array('ip_address' => $data['new']['ip_address'], 'ssl_enabled' => 1, 'port' => '443');
+ }
+ $app->log('Enable SSL for: '.$domain,LOGLEVEL_DEBUG);
+ }
+
+ //* Add vhost for IPv6 IP
+ if($data['new']['ipv6_address'] != '') {
+ if(count($rewrite_rules) > 0){
+ $vhosts[] = array('ip_address' => '['.$data['new']['ipv6_address'].']', 'ssl_enabled' => 0, 'port' => 80, 'redirects' => $rewrite_rules);
+ } else {
+ $vhosts[] = array('ip_address' => '['.$data['new']['ipv6_address'].']', 'ssl_enabled' => 0, 'port' => 80);
+ }
+
+ //* Add vhost for ipv6 IP with SSL
+ if($data['new']['ssl_domain'] != '' && $data['new']['ssl'] == 'y' && @is_file($crt_file) && @is_file($key_file) && (@filesize($crt_file)>0) && (@filesize($key_file)>0)) {
+
+ if(count($rewrite_rules) > 0){
+ $vhosts[] = array('ip_address' => '['.$data['new']['ipv6_address'].']', 'ssl_enabled' => 1, 'port' => '443', 'redirects' => $rewrite_rules);
+ } else {
+ $vhosts[] = array('ip_address' => '['.$data['new']['ipv6_address'].']', 'ssl_enabled' => 1, 'port' => '443');
+ }
+ $app->log('Enable SSL for IPv6: '.$domain,LOGLEVEL_DEBUG);
+ }
+ }
+
+ //* Set the vhost loop
+ $tpl->setLoop('vhosts',$vhosts);
//* Write vhost file
- file_put_contents($vhost_file,$tpl->grab());
+ $app->system->file_put_contents($vhost_file,$tpl->grab());
$app->log('Writing the vhost file: '.$vhost_file,LOGLEVEL_DEBUG);
unset($tpl);
@@ -845,43 +1217,74 @@
*/
$this->_patchVhostWebdav($vhost_file, $data['new']['document_root'] . '/webdav');
- // Set the symlink to enable the vhost
+ //* Set the symlink to enable the vhost
+ //* First we check if there is a old type of symlink and remove it
$vhost_symlink = escapeshellcmd($web_config['vhost_conf_enabled_dir'].'/'.$data['new']['domain'].'.vhost');
+ if(is_link($vhost_symlink)) $app->system->unlink($vhost_symlink);
+
+ //* Remove old or changed symlinks
+ if($data['new']['subdomain'] != $data['old']['subdomain'] or $data['new']['active'] == 'n') {
+ $vhost_symlink = escapeshellcmd($web_config['vhost_conf_enabled_dir'].'/900-'.$data['new']['domain'].'.vhost');
+ if(is_link($vhost_symlink)) {
+ $app->system->unlink($vhost_symlink);
+ $app->log('Removing symlink: '.$vhost_symlink.'->'.$vhost_file,LOGLEVEL_DEBUG);
+ }
+ $vhost_symlink = escapeshellcmd($web_config['vhost_conf_enabled_dir'].'/100-'.$data['new']['domain'].'.vhost');
+ if(is_link($vhost_symlink)) {
+ $app->system->unlink($vhost_symlink);
+ $app->log('Removing symlink: '.$vhost_symlink.'->'.$vhost_file,LOGLEVEL_DEBUG);
+ }
+ }
+
+ //* New symlink
+ if($data['new']['subdomain'] == '*') {
+ $vhost_symlink = escapeshellcmd($web_config['vhost_conf_enabled_dir'].'/900-'.$data['new']['domain'].'.vhost');
+ } else {
+ $vhost_symlink = escapeshellcmd($web_config['vhost_conf_enabled_dir'].'/100-'.$data['new']['domain'].'.vhost');
+ }
if($data['new']['active'] == 'y' && !is_link($vhost_symlink)) {
symlink($vhost_file,$vhost_symlink);
$app->log('Creating symlink: '.$vhost_symlink.'->'.$vhost_file,LOGLEVEL_DEBUG);
}
- // Remove the symlink, if site is inactive
- if($data['new']['active'] == 'n' && is_link($vhost_symlink)) {
- unlink($vhost_symlink);
- $app->log('Removing symlink: '.$vhost_symlink.'->'.$vhost_file,LOGLEVEL_DEBUG);
- }
-
// remove old symlink and vhost file, if domain name of the site has changed
if($this->action == 'update' && $data['old']['domain'] != '' && $data['new']['domain'] != $data['old']['domain']) {
+ $vhost_symlink = escapeshellcmd($web_config['vhost_conf_enabled_dir'].'/900-'.$data['old']['domain'].'.vhost');
+ if(is_link($vhost_symlink)) {
+ $app->system->unlink($vhost_symlink);
+ $app->log('Removing symlink: '.$vhost_symlink.'->'.$vhost_file,LOGLEVEL_DEBUG);
+ }
+ $vhost_symlink = escapeshellcmd($web_config['vhost_conf_enabled_dir'].'/100-'.$data['old']['domain'].'.vhost');
+ if(is_link($vhost_symlink)) {
+ $app->system->unlink($vhost_symlink);
+ $app->log('Removing symlink: '.$vhost_symlink.'->'.$vhost_file,LOGLEVEL_DEBUG);
+ }
$vhost_symlink = escapeshellcmd($web_config['vhost_conf_enabled_dir'].'/'.$data['old']['domain'].'.vhost');
- unlink($vhost_symlink);
- $app->log('Removing symlink: '.$vhost_symlink.'->'.$vhost_file,LOGLEVEL_DEBUG);
+ if(is_link($vhost_symlink)) {
+ $app->system->unlink($vhost_symlink);
+ $app->log('Removing symlink: '.$vhost_symlink.'->'.$vhost_file,LOGLEVEL_DEBUG);
+ }
$vhost_file = escapeshellcmd($web_config['vhost_conf_dir'].'/'.$data['old']['domain'].'.vhost');
- unlink($vhost_file);
+ $app->system->unlink($vhost_file);
$app->log('Removing file: '.$vhost_file,LOGLEVEL_DEBUG);
}
//* Create .htaccess and .htpasswd file for website statistics
if(!is_file($data['new']['document_root'].'/web/stats/.htaccess') or $data['old']['document_root'] != $data['new']['document_root']) {
- if(!is_dir($data['new']['document_root'].'/web/stats')) mkdir($data['new']['document_root'].'/web/stats');
+ if(!is_dir($data['new']['document_root'].'/web/stats')) $app->system->mkdir($data['new']['document_root'].'/web/stats');
$ht_file = "AuthType Basic\nAuthName \"Members Only\"\nAuthUserFile ".$data['new']['document_root']."/.htpasswd_stats\nrequire valid-user";
- file_put_contents($data['new']['document_root'].'/web/stats/.htaccess',$ht_file);
- chmod($data['new']['document_root'].'/web/stats/.htaccess',0755);
+ $app->system->file_put_contents($data['new']['document_root'].'/web/stats/.htaccess',$ht_file);
+ $app->system->chmod($data['new']['document_root'].'/web/stats/.htaccess',0755);
unset($ht_file);
}
if(!is_file($data['new']['document_root'].'/.htpasswd_stats') || $data['new']['stats_password'] != $data['old']['stats_password']) {
if(trim($data['new']['stats_password']) != '') {
$htp_file = 'admin:'.trim($data['new']['stats_password']);
- file_put_contents($data['new']['document_root'].'/.htpasswd_stats',$htp_file);
- chmod($data['new']['document_root'].'/.htpasswd_stats',0755);
+ $app->system->web_folder_protection($data['new']['document_root'],false);
+ $app->system->file_put_contents($data['new']['document_root'].'/.htpasswd_stats',$htp_file);
+ $app->system->web_folder_protection($data['new']['document_root'],true);
+ $app->system->chmod($data['new']['document_root'].'/.htpasswd_stats',0755);
unset($htp_file);
}
}
@@ -890,6 +1293,8 @@
if($data['new']['stats_type'] == 'awstats' && $data['new']['type'] == 'vhost') {
$this->awstats_update($data,$web_config);
}
+
+ $this->php_fpm_pool_update($data,$web_config,$pool_dir,$pool_name,$socket_dir);
if($web_config['check_apache_config'] == 'y') {
//* Test if apache starts with the new configuration file
@@ -906,8 +1311,41 @@
$app->log('Apache online status after restart is: '.$apache_online_status_after_restart,LOGLEVEL_DEBUG);
if($apache_online_status_before_restart && !$apache_online_status_after_restart) {
$app->log('Apache did not restart after the configuration change for website '.$data['new']['domain'].' Reverting the configuration. Saved non-working config as '.$vhost_file.'.err',LOGLEVEL_WARN);
- copy($vhost_file,$vhost_file.'.err');
- copy($vhost_file.'~',$vhost_file);
+ $app->system->copy($vhost_file,$vhost_file.'.err');
+ if(is_file($vhost_file.'~')) {
+ //* Copy back the last backup file
+ $app->system->copy($vhost_file.'~',$vhost_file);
+ } else {
+ //* There is no backup file, so we create a empty vhost file with a warning message inside
+ $app->system->file_put_contents($vhost_file,"# Apache did not start after modifying this vhost file.\n# Please check file $vhost_file.err for syntax errors.");
+ }
+ if($this->ssl_certificate_changed === true) {
+
+ $ssl_dir = $data['new']['document_root'].'/ssl';
+ $domain = $data['new']['ssl_domain'];
+ $key_file = $ssl_dir.'/'.$domain.'.key.org';
+ $key_file2 = $ssl_dir.'/'.$domain.'.key';
+ $csr_file = $ssl_dir.'/'.$domain.'.csr';
+ $crt_file = $ssl_dir.'/'.$domain.'.crt';
+ $bundle_file = $ssl_dir.'/'.$domain.'.bundle';
+
+ //* Backup the files that might have caused the error
+ if(is_file($key_file)) $app->system->copy($key_file,$key_file.'.err');
+ if(is_file($key_file2)) $app->system->copy($key_file2,$key_file2.'.err');
+ if(is_file($csr_file)) $app->system->copy($csr_file,$csr_file.'.err');
+ if(is_file($crt_file)) $app->system->copy($crt_file,$crt_file.'.err');
+ if(is_file($bundle_file)) $app->system->copy($bundle_file,$bundle_file.'.err');
+
+ //* Restore the ~ backup files
+ if(is_file($key_file.'~')) $app->system->copy($key_file.'~',$key_file);
+ if(is_file($key_file2.'~')) $app->system->copy($key_file2.'~',$key_file2);
+ if(is_file($crt_file.'~')) $app->system->copy($crt_file.'~',$crt_file);
+ if(is_file($csr_file.'~')) $app->system->copy($csr_file.'~',$csr_file);
+ if(is_file($bundle_file.'~')) $app->system->copy($bundle_file.'~',$bundle_file);
+
+ $app->log('Apache did not restart after the configuration change for website '.$data['new']['domain'].' Reverting the SSL configuration. Saved non-working SSL files with .err extension.',LOGLEVEL_WARN);
+ }
+
$app->services->restartService('httpd','restart');
}
} else {
@@ -920,9 +1358,26 @@
}
}
- // Remove the backup copy of the config file.
- if(@is_file($vhost_file.'~')) unlink($vhost_file.'~');
+ //* The vhost is written and apache has been restarted, so we
+ // can reset the ssl changed var to false and cleanup some files
+ $this->ssl_certificate_changed = false;
+ $ssl_dir = $data['new']['document_root'].'/ssl';
+ $domain = $data['new']['ssl_domain'];
+ $key_file = $ssl_dir.'/'.$domain.'.key.org';
+ $key_file2 = $ssl_dir.'/'.$domain.'.key';
+ $csr_file = $ssl_dir.'/'.$domain.'.csr';
+ $crt_file = $ssl_dir.'/'.$domain.'.crt';
+ $bundle_file = $ssl_dir.'/'.$domain.'.bundle';
+
+ if(@is_file($key_file.'~')) $app->system->unlink($key_file.'~');
+ if(@is_file($key2_file.'~')) $app->system->unlink($key2_file.'~');
+ if(@is_file($crt_file.'~')) $app->system->unlink($crt_file.'~');
+ if(@is_file($csr_file.'~')) $app->system->unlink($csr_file.'~');
+ if(@is_file($bundle_file.'~')) $app->system->unlink($bundle_file.'~');
+
+ // Remove the backup copy of the config file.
+ if(@is_file($vhost_file.'~')) $app->system->unlink($vhost_file.'~');
//* Unset action to clean it for next processed vhost.
$this->action = '';
@@ -934,7 +1389,10 @@
// load the server configuration options
$app->uses('getconf');
+ $app->uses('system');
$web_config = $app->getconf->get_server_config($conf['server_id'], 'web');
+
+ $app->system->web_folder_protection($data['new']['document_root'],false);
//* Check if this is a chrooted setup
if($web_config['website_basedir'] != '' && @is_file($web_config['website_basedir'].'/etc/passwd')) {
@@ -956,12 +1414,25 @@
} else {
//* This is a website
// Deleting the vhost file, symlink and the data directory
- $vhost_symlink = escapeshellcmd($web_config['vhost_conf_enabled_dir'].'/'.$data['old']['domain'].'.vhost');
- unlink($vhost_symlink);
- $app->log('Removing symlink: '.$vhost_symlink.'->'.$vhost_file,LOGLEVEL_DEBUG);
-
$vhost_file = escapeshellcmd($web_config['vhost_conf_dir'].'/'.$data['old']['domain'].'.vhost');
- unlink($vhost_file);
+
+ $vhost_symlink = escapeshellcmd($web_config['vhost_conf_enabled_dir'].'/'.$data['old']['domain'].'.vhost');
+ if(is_link($vhost_symlink)){
+ $app->system->unlink($vhost_symlink);
+ $app->log('Removing symlink: '.$vhost_symlink.'->'.$vhost_file,LOGLEVEL_DEBUG);
+ }
+ $vhost_symlink = escapeshellcmd($web_config['vhost_conf_enabled_dir'].'/900-'.$data['old']['domain'].'.vhost');
+ if(is_link($vhost_symlink)){
+ $app->system->unlink($vhost_symlink);
+ $app->log('Removing symlink: '.$vhost_symlink.'->'.$vhost_file,LOGLEVEL_DEBUG);
+ }
+ $vhost_symlink = escapeshellcmd($web_config['vhost_conf_enabled_dir'].'/100-'.$data['old']['domain'].'.vhost');
+ if(is_link($vhost_symlink)){
+ $app->system->unlink($vhost_symlink);
+ $app->log('Removing symlink: '.$vhost_symlink.'->'.$vhost_file,LOGLEVEL_DEBUG);
+ }
+
+ $app->system->unlink($vhost_file);
$app->log('Removing vhost file: '.$vhost_file,LOGLEVEL_DEBUG);
$docroot = escapeshellcmd($data['old']['document_root']);
@@ -974,6 +1445,11 @@
if (is_dir($fastcgi_starter_path)) {
exec('rm -rf '.$fastcgi_starter_path);
}
+ }
+
+ // remove PHP-FPM pool
+ if ($data['old']['php'] == 'php-fpm') {
+ $this->php_fpm_pool_delete($data,$web_config);
}
//remove the php cgi starter script if available
@@ -1002,7 +1478,7 @@
if(substr($tmp_symlink, -1, 1) == '/') $tmp_symlink = substr($tmp_symlink, 0, -1);
// create the symlinks, if not exist
if(is_link($tmp_symlink)) {
- unlink($tmp_symlink);
+ $app->system->unlink($tmp_symlink);
$app->log('Removing symlink: '.$tmp_symlink,LOGLEVEL_DEBUG);
}
}
@@ -1024,6 +1500,13 @@
if($data['old']['stats_type'] == 'awstats') {
$this->awstats_delete($data,$web_config);
}
+
+ if($apache_chrooted) {
+ $app->services->restartServiceDelayed('httpd','restart');
+ } else {
+ // request a httpd reload when all records have been processed
+ $app->services->restartServiceDelayed('httpd','reload');
+ }
}
}
@@ -1041,17 +1524,258 @@
$tpl = new tpl();
$tpl->newTemplate('apache_ispconfig.conf.master');
$records = $app->db->queryAllRecords('SELECT * FROM server_ip WHERE server_id = '.$conf['server_id']." AND virtualhost = 'y'");
-
- if(count($records) > 0) {
- $tpl->setLoop('ip_adresses',$records);
+
+ $records_out= array();
+ if(is_array($records)) {
+ foreach($records as $rec) {
+ if($rec['ip_type'] == 'IPv6') {
+ $ip_address = '['.$rec['ip_address'].']';
+ } else {
+ $ip_address = $rec['ip_address'];
+ }
+ $ports = explode(',',$rec['virtualhost_port']);
+ if(is_array($ports)) {
+ foreach($ports as $port) {
+ $port = intval($port);
+ if($port > 0 && $port < 65536 && $ip_address != '') {
+ $records_out[] = array('ip_address' => $ip_address, 'port' => $port);
+ }
+ }
+ }
+ }
+ }
+
+
+ if(count($records_out) > 0) {
+ $tpl->setLoop('ip_adresses',$records_out);
}
$vhost_file = escapeshellcmd($web_config['vhost_conf_dir'].'/ispconfig.conf');
- file_put_contents($vhost_file,$tpl->grab());
+ $app->system->file_put_contents($vhost_file,$tpl->grab());
$app->log('Writing the conf file: '.$vhost_file,LOGLEVEL_DEBUG);
unset($tpl);
}
+
+ //* Create or update the .htaccess folder protection
+ function web_folder_user($event_name,$data) {
+ global $app, $conf;
+
+ $app->uses('system');
+
+ if($event_name == 'web_folder_user_delete') {
+ $folder_id = $data['old']['web_folder_id'];
+ } else {
+ $folder_id = $data['new']['web_folder_id'];
+ }
+
+ $folder = $app->db->queryOneRecord("SELECT * FROM web_folder WHERE web_folder_id = ".intval($folder_id));
+ $website = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".intval($folder['parent_domain_id']));
+
+ if(!is_array($folder) or !is_array($website)) {
+ $app->log('Not able to retrieve folder or website record.',LOGLEVEL_DEBUG);
+ return false;
+ }
+
+ //* Get the folder path.
+ if(substr($folder['path'],0,1) == '/') $folder['path'] = substr($folder['path'],1);
+ if(substr($folder['path'],-1) == '/') $folder['path'] = substr($folder['path'],0,-1);
+ $folder_path = escapeshellcmd($website['document_root'].'/web/'.$folder['path']);
+ if(substr($folder_path,-1) != '/') $folder_path .= '/';
+
+ //* Check if the resulting path is inside the docroot
+ if(stristr($folder_path,'..') || stristr($folder_path,'./') || stristr($folder_path,'\\')) {
+ $app->log('Folder path "'.$folder_path.'" contains .. or ./.',LOGLEVEL_DEBUG);
+ return false;
+ }
+
+ //* Create the folder path, if it does not exist
+ if(!is_dir($folder_path)) {
+ $app->system->mkdirpath($folder_path);
+ $app->system->chown($folder_path,$website['system_user']);
+ $app->system->chgrp($folder_path,$website['system_group']);
+ }
+
+ //* Create empty .htpasswd file, if it does not exist
+ if(!is_file($folder_path.'.htpasswd')) {
+ touch($folder_path.'.htpasswd');
+ $app->system->chmod($folder_path.'.htpasswd',0755);
+ $app->system->chown($folder_path.'.htpasswd',$website['system_user']);
+ $app->system->chgrp($folder_path.'.htpasswd',$website['system_group']);
+ $app->log('Created file '.$folder_path.'.htpasswd',LOGLEVEL_DEBUG);
+ }
+
+ /*
+ $auth_users = $app->db->queryAllRecords("SELECT * FROM web_folder_user WHERE active = 'y' AND web_folder_id = ".intval($folder_id));
+ $htpasswd_content = '';
+ if(is_array($auth_users) && !empty($auth_users)){
+ foreach($auth_users as $auth_user){
+ $htpasswd_content .= $auth_user['username'].':'.$auth_user['password']."\n";
+ }
+ }
+ $htpasswd_content = trim($htpasswd_content);
+ @file_put_contents($folder_path.'.htpasswd', $htpasswd_content);
+ $app->log('Changed .htpasswd file: '.$folder_path.'.htpasswd',LOGLEVEL_DEBUG);
+ */
+
+ if(($data['new']['username'] != $data['old']['username'] || $data['new']['active'] == 'n') && $data['old']['username'] != '') {
+ $app->system->removeLine($folder_path.'.htpasswd',$data['old']['username'].':');
+ $app->log('Removed user: '.$data['old']['username'],LOGLEVEL_DEBUG);
+ }
+
+ //* Add or remove the user from .htpasswd file
+ if($event_name == 'web_folder_user_delete') {
+ $app->system->removeLine($folder_path.'.htpasswd',$data['old']['username'].':');
+ $app->log('Removed user: '.$data['old']['username'],LOGLEVEL_DEBUG);
+ } else {
+ if($data['new']['active'] == 'y') {
+ $app->system->replaceLine($folder_path.'.htpasswd',$data['new']['username'].':',$data['new']['username'].':'.$data['new']['password'],0,1);
+ $app->log('Added or updated user: '.$data['new']['username'],LOGLEVEL_DEBUG);
+ }
+ }
+
+
+ //* Create the .htaccess file
+ //if(!is_file($folder_path.'.htaccess')) {
+ $ht_file = "AuthType Basic\nAuthName \"Members Only\"\nAuthUserFile ".$folder_path.".htpasswd\nrequire valid-user";
+ $app->system->file_put_contents($folder_path.'.htaccess',$ht_file);
+ $app->system->chmod($folder_path.'.htaccess',0755);
+ $app->system->chown($folder_path.'.htaccess',$website['system_user']);
+ $app->system->chgrp($folder_path.'.htaccess',$website['system_group']);
+ $app->log('Created file '.$folder_path.'.htaccess',LOGLEVEL_DEBUG);
+ //}
+
+ }
+
+ //* Remove .htaccess and .htpasswd file, when folder protection is removed
+ function web_folder_delete($event_name,$data) {
+ global $app, $conf;
+
+ $folder_id = $data['old']['web_folder_id'];
+
+ $folder = $data['old'];
+ $website = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".intval($folder['parent_domain_id']));
+
+ if(!is_array($folder) or !is_array($website)) {
+ $app->log('Not able to retrieve folder or website record.',LOGLEVEL_DEBUG);
+ return false;
+ }
+
+ //* Get the folder path.
+ if(substr($folder['path'],0,1) == '/') $folder['path'] = substr($folder['path'],1);
+ if(substr($folder['path'],-1) == '/') $folder['path'] = substr($folder['path'],0,-1);
+ $folder_path = realpath($website['document_root'].'/web/'.$folder['path']);
+ if(substr($folder_path,-1) != '/') $folder_path .= '/';
+
+ //* Check if the resulting path is inside the docroot
+ if(substr($folder_path,0,strlen($website['document_root'])) != $website['document_root']) {
+ $app->log('Folder path is outside of docroot.',LOGLEVEL_DEBUG);
+ return false;
+ }
+
+ //* Remove .htpasswd file
+ if(is_file($folder_path.'.htpasswd')) {
+ $app->system->unlink($folder_path.'.htpasswd');
+ $app->log('Removed file '.$folder_path.'.htpasswd',LOGLEVEL_DEBUG);
+ }
+
+ //* Remove .htaccess file
+ if(is_file($folder_path.'.htaccess')) {
+ $app->system->unlink($folder_path.'.htaccess');
+ $app->log('Removed file '.$folder_path.'.htaccess',LOGLEVEL_DEBUG);
+ }
+ }
+
+ //* Update folder protection, when path has been changed
+ function web_folder_update($event_name,$data) {
+ global $app, $conf;
+
+ $website = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".intval($data['new']['parent_domain_id']));
+
+ if(!is_array($website)) {
+ $app->log('Not able to retrieve folder or website record.',LOGLEVEL_DEBUG);
+ return false;
+ }
+
+ //* Get the folder path.
+ if(substr($data['old']['path'],0,1) == '/') $data['old']['path'] = substr($data['old']['path'],1);
+ if(substr($data['old']['path'],-1) == '/') $data['old']['path'] = substr($data['old']['path'],0,-1);
+ $old_folder_path = realpath($website['document_root'].'/web/'.$data['old']['path']);
+ if(substr($old_folder_path,-1) != '/') $old_folder_path .= '/';
+
+ if(substr($data['new']['path'],0,1) == '/') $data['new']['path'] = substr($data['new']['path'],1);
+ if(substr($data['new']['path'],-1) == '/') $data['new']['path'] = substr($data['new']['path'],0,-1);
+ $new_folder_path = escapeshellcmd($website['document_root'].'/web/'.$data['new']['path']);
+ if(substr($new_folder_path,-1) != '/') $new_folder_path .= '/';
+
+ //* Check if the resulting path is inside the docroot
+ if(stristr($new_folder_path,'..') || stristr($new_folder_path,'./') || stristr($new_folder_path,'\\')) {
+ $app->log('Folder path "'.$new_folder_path.'" contains .. or ./.',LOGLEVEL_DEBUG);
+ return false;
+ }
+ if(stristr($old_folder_path,'..') || stristr($old_folder_path,'./') || stristr($old_folder_path,'\\')) {
+ $app->log('Folder path "'.$old_folder_path.'" contains .. or ./.',LOGLEVEL_DEBUG);
+ return false;
+ }
+
+ //* Check if the resulting path is inside the docroot
+ if(substr($old_folder_path,0,strlen($website['document_root'])) != $website['document_root']) {
+ $app->log('Old folder path '.$old_folder_path.' is outside of docroot.',LOGLEVEL_DEBUG);
+ return false;
+ }
+ if(substr($new_folder_path,0,strlen($website['document_root'])) != $website['document_root']) {
+ $app->log('New folder path '.$new_folder_path.' is outside of docroot.',LOGLEVEL_DEBUG);
+ return false;
+ }
+
+ //* Create the folder path, if it does not exist
+ if(!is_dir($new_folder_path)) $app->system->mkdirpath($new_folder_path);
+
+ if($data['old']['path'] != $data['new']['path']) {
+
+
+ //* move .htpasswd file
+ if(is_file($old_folder_path.'.htpasswd')) {
+ $app->system->rename($old_folder_path.'.htpasswd',$new_folder_path.'.htpasswd');
+ $app->log('Moved file '.$old_folder_path.'.htpasswd to '.$new_folder_path.'.htpasswd',LOGLEVEL_DEBUG);
+ }
+
+ //* delete old .htaccess file
+ if(is_file($old_folder_path.'.htaccess')) {
+ $app->system->unlink($old_folder_path.'.htaccess');
+ $app->log('Deleted file '.$old_folder_path.'.htaccess',LOGLEVEL_DEBUG);
+ }
+
+ }
+
+ //* Create the .htaccess file
+ if($data['new']['active'] == 'y') {
+ $ht_file = "AuthType Basic\nAuthName \"Members Only\"\nAuthUserFile ".$new_folder_path.".htpasswd\nrequire valid-user";
+ $app->system->file_put_contents($new_folder_path.'.htaccess',$ht_file);
+ $app->system->chmod($new_folder_path.'.htpasswd',0755);
+ $app->system->chown($folder_path.'.htpasswd',$website['system_user']);
+ $app->system->chgrp($folder_path.'.htpasswd',$website['system_group']);
+ $app->log('Created file '.$new_folder_path.'.htpasswd',LOGLEVEL_DEBUG);
+ }
+
+ //* Remove .htaccess file
+ if($data['new']['active'] == 'n' && is_file($new_folder_path.'.htaccess')) {
+ $app->system->unlink($new_folder_path.'.htaccess');
+ $app->log('Removed file '.$new_folder_path.'.htaccess',LOGLEVEL_DEBUG);
+ }
+
+
+ }
+
+ public function ftp_user_delete($event_name,$data) {
+ global $app, $conf;
+
+ $ftpquota_file = $data['old']['dir'].'/.ftpquota';
+ if(file_exists($ftpquota_file)) $app->system->unlink($ftpquota_file);
+
+ }
+
+
/**
* This function is called when a Webdav-User is inserted, updated or deleted.
@@ -1079,6 +1803,7 @@
$domain = $sitedata['domain'];
$user = $sitedata['system_user'];
$group = $sitedata['system_group'];
+ $webdav_user_dir = $documentRoot . '/webdav/' . $data['new']['dir'];
/* Check if this is a chrooted setup */
if($web_config['website_basedir'] != '' && @is_file($web_config['website_basedir'].'/etc/passwd')) {
@@ -1087,38 +1812,56 @@
} else {
$apache_chrooted = false;
}
+
+ //* We dont want to have relative paths here
+ if(stristr($webdav_user_dir,'..') || stristr($webdav_user_dir,'./')) {
+ $app->log('Folder path '.$webdav_user_dir.' contains ./ or .. '.$documentRoot,LOGLEVEL_WARN);
+ return false;
+ }
+
+ //* Check if the resulting path exists if yes, if it is inside the docroot
+ if(is_dir($webdav_user_dir) && substr(realpath($webdav_user_dir),0,strlen($documentRoot)) != $documentRoot) {
+ $app->log('Folder path '.$webdav_user_dir.' is outside of docroot '.$documentRoot,LOGLEVEL_WARN);
+ return false;
+ }
/*
* First the webdav-root - folder has to exist
*/
- if(!is_dir($documentRoot . '/webdav/' . $data['new']['dir'])) {
- $app->log('Webdav User directory '.$documentRoot.'/webdav/'.$data['new']['dir'].' does not exist. Creating it now.',LOGLEVEL_DEBUG);
- exec('mkdir -p '.escapeshellcmd($documentRoot . '/webdav/' . $data['new']['dir']));
+ if(!is_dir($webdav_user_dir)) {
+ $app->log('Webdav User directory '.$webdav_user_dir.' does not exist. Creating it now.',LOGLEVEL_DEBUG);
+ $app->system->mkdirpath($webdav_user_dir);
}
/*
* The webdav - Root needs the group/user as owner and the apache as read and write
*/
- $this->_exec('chown ' . $user . ':' . $group . ' ' . escapeshellcmd($documentRoot . '/webdav/'));
- $this->_exec('chmod 770 ' . escapeshellcmd($documentRoot . '/webdav/'));
+ //$this->_exec('chown ' . $user . ':' . $group . ' ' . escapeshellcmd($documentRoot . '/webdav/'));
+ //$this->_exec('chmod 770 ' . escapeshellcmd($documentRoot . '/webdav/'));
+ $app->system->chown($documentRoot . '/webdav',$user);
+ $app->system->chgrp($documentRoot . '/webdav',$group);
+ $app->system->chmod($documentRoot . '/webdav',0770);
/*
* The webdav folder (not the webdav-root!) needs the same (not in ONE step, because the
* pwd-files are owned by root)
*/
- $this->_exec('chown ' . $user . ':' . $group . ' ' . escapeshellcmd($documentRoot . '/webdav/'. $data['new']['dir'] . ' -R'));
- $this->_exec('chmod 770 ' . escapeshellcmd($documentRoot . '/webdav/' . $data['new']['dir'] . ' -R'));
+ //$this->_exec('chown ' . $user . ':' . $group . ' ' . escapeshellcmd($webdav_user_dir.' -R'));
+ //$this->_exec('chmod 770 ' . escapeshellcmd($webdav_user_dir.' -R'));
+ $app->system->chown($webdav_user_dir,$user);
+ $app->system->chgrp($webdav_user_dir,$group);
+ $app->system->chmod($webdav_user_dir,0770);
/*
* if the user is active, we have to write/update the password - file
* if the user is inactive, we have to inactivate the user by removing the user from the file
*/
if ($data['new']['active'] == 'y') {
- $this->_writeHtDigestFile( $documentRoot . '/webdav/' . $data['new']['dir'] . '.htdigest', $data['new']['username'], $data['new']['dir'], $data['new']['password']);
+ $this->_writeHtDigestFile( $webdav_user_dir . '.htdigest', $data['new']['username'], $data['new']['dir'], $data['new']['password']);
}
else {
/* empty pwd removes the user! */
- $this->_writeHtDigestFile( $documentRoot . '/webdav/' . $data['new']['dir'] . '.htdigest', $data['new']['username'], $data['new']['dir'], '');
+ $this->_writeHtDigestFile( $webdav_user_dir . '.htdigest', $data['new']['username'], $data['new']['dir'], '');
}
/*
@@ -1183,7 +1926,7 @@
*/
private function _writeHtDigestFile($filename, $username, $authname, $pwdhash ) {
$changed = false;
- if(is_file($filename)) {
+ if(is_file($filename) && !is_link($filename)) {
$in = fopen($filename, 'r');
$output = '';
/*
@@ -1219,9 +1962,9 @@
* Now lets write the new file
*/
if(trim($output) == '') {
- unlink($filename);
+ $app->system->unlink($filename);
} else {
- file_put_contents($filename, $output);
+ $app->system->file_put_contents($filename, $output);
}
}
@@ -1234,6 +1977,7 @@
* @param string $webdavRoot The root of the webdav-folder
*/
private function _patchVhostWebdav($fileName, $webdavRoot) {
+ global $app;
$in = fopen($fileName, 'r');
$output = '';
$inWebdavSection = false;
@@ -1259,7 +2003,7 @@
$files = @scandir($webdavRoot);
if(is_array($files)) {
foreach($files as $file) {
- if (substr($file, strlen($file) - strlen('.htdigest')) == '.htdigest') {
+ if (substr($file, strlen($file) - strlen('.htdigest')) == '.htdigest' && preg_match("[a-zA-Z0-9\-_\.]",$file)) {
/*
* found a htdigest - file, so add it to webdav
*/
@@ -1270,6 +2014,7 @@
$output .= " Alias /webdav/" . $fn . ' ' . $webdavRoot . '/' . $fn . "\n";
$output .= " <Location /webdav/" . $fn . ">\n";
$output .= " DAV On\n";
+ $output .= ' BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On'."\n";
$output .= " AuthType Digest\n";
$output .= " AuthName \"" . $fn . "\"\n";
$output .= " AuthUserFile " . $webdavRoot . '/' . $file . "\n";
@@ -1304,7 +2049,7 @@
/*
* Now lets write the new file
*/
- file_put_contents($fileName, $output);
+ $app->system->file_put_contents($fileName, $output);
}
@@ -1314,9 +2059,10 @@
$awstats_conf_dir = $web_config['awstats_conf_dir'];
+ if(!is_dir($data['new']['document_root']."/web/stats/")) mkdir($data['new']['document_root']."/web/stats");
if(!@is_file($awstats_conf_dir.'/awstats.'.$data['new']['domain'].'.conf') || ($data['old']['domain'] != '' && $data['new']['domain'] != $data['old']['domain'])) {
if ( @is_file($awstats_conf_dir.'/awstats.'.$data['old']['domain'].'.conf') ) {
- unlink($awstats_conf_dir.'/awstats.'.$data['old']['domain'].'.conf');
+ $app->system->unlink($awstats_conf_dir.'/awstats.'.$data['old']['domain'].'.conf');
}
$content = '';
@@ -1325,9 +2071,12 @@
$content .= "SiteDomain=\"".$data['new']['domain']."\"\n";
$content .= "HostAliases=\"www.".$data['new']['domain']." localhost 127.0.0.1\"\n";
- file_put_contents($awstats_conf_dir.'/awstats.'.$data['new']['domain'].'.conf',$content);
+ $app->system->file_put_contents($awstats_conf_dir.'/awstats.'.$data['new']['domain'].'.conf',$content);
$app->log('Created AWStats config file: '.$awstats_conf_dir.'/awstats.'.$data['new']['domain'].'.conf',LOGLEVEL_DEBUG);
}
+
+ if(is_file($data['new']['document_root']."/web/stats/index.html")) $app->system->unlink($data['new']['document_root']."/web/stats/index.html");
+ $app->system->copy("/usr/local/ispconfig/server/conf/awstats_index.php.master",$data['new']['document_root']."/web/stats/index.php");
}
//* Delete the awstats configuration file
@@ -1337,9 +2086,249 @@
$awstats_conf_dir = $web_config['awstats_conf_dir'];
if ( @is_file($awstats_conf_dir.'/awstats.'.$data['old']['domain'].'.conf') ) {
- unlink($awstats_conf_dir.'/awstats.'.$data['old']['domain'].'.conf');
+ $app->system->unlink($awstats_conf_dir.'/awstats.'.$data['old']['domain'].'.conf');
$app->log('Removed AWStats config file: '.$awstats_conf_dir.'/awstats.'.$data['old']['domain'].'.conf',LOGLEVEL_DEBUG);
}
+ }
+
+ //* Update the PHP-FPM pool configuration file
+ private function php_fpm_pool_update ($data,$web_config,$pool_dir,$pool_name,$socket_dir) {
+ global $app, $conf;
+ //$reload = false;
+
+ if($data['new']['php'] == 'php-fpm'){
+ if(trim($data['new']['fastcgi_php_version']) != ''){
+ $default_php_fpm = false;
+ list($custom_php_fpm_name, $custom_php_fpm_init_script, $custom_php_fpm_ini_dir, $custom_php_fpm_pool_dir) = explode(':', trim($data['new']['fastcgi_php_version']));
+ if(substr($custom_php_fpm_ini_dir,-1) != '/') $custom_php_fpm_ini_dir .= '/';
+ } else {
+ $default_php_fpm = true;
+ }
+ } else {
+ if(trim($data['old']['fastcgi_php_version']) != '' && $data['old']['php'] == 'php-fpm'){
+ $default_php_fpm = false;
+ list($custom_php_fpm_name, $custom_php_fpm_init_script, $custom_php_fpm_ini_dir, $custom_php_fpm_pool_dir) = explode(':', trim($data['old']['fastcgi_php_version']));
+ if(substr($custom_php_fpm_ini_dir,-1) != '/') $custom_php_fpm_ini_dir .= '/';
+ } else {
+ $default_php_fpm = true;
+ }
+ }
+
+ $app->uses("getconf");
+ $web_config = $app->getconf->get_server_config($conf["server_id"], 'web');
+
+ if($data['new']['php'] != 'php-fpm'){
+ if(@is_file($pool_dir.$pool_name.'.conf')){
+ $app->system->unlink($pool_dir.$pool_name.'.conf');
+ //$reload = true;
+ }
+ if($data['old']['php'] == 'php-fpm'){
+ if(!$default_php_fpm){
+ $app->services->restartService('php-fpm','reload:'.$custom_php_fpm_init_script);
+ } else {
+ $app->services->restartService('php-fpm','reload:'.$conf['init_scripts'].'/'.$web_config['php_fpm_init_script']);
+ }
+ }
+ //if($reload == true) $app->services->restartService('php-fpm','reload');
+ return;
+ }
+
+ $app->load('tpl');
+ $tpl = new tpl();
+ $tpl->newTemplate('php_fpm_pool.conf.master');
+
+ if($data['new']['php_fpm_use_socket'] == 'y'){
+ $use_tcp = 0;
+ $use_socket = 1;
+ if(!is_dir($socket_dir)) $app->system->mkdirpath($socket_dir);
+ } else {
+ $use_tcp = 1;
+ $use_socket = 0;
+ }
+ $tpl->setVar('use_tcp', $use_tcp);
+ $tpl->setVar('use_socket', $use_socket);
+
+ $fpm_socket = $socket_dir.$pool_name.'.sock';
+ $tpl->setVar('fpm_socket', $fpm_socket);
+
+ $tpl->setVar('fpm_pool', $pool_name);
+ $tpl->setVar('fpm_port', $web_config['php_fpm_start_port'] + $data['new']['domain_id'] - 1);
+ $tpl->setVar('fpm_user', $data['new']['system_user']);
+ $tpl->setVar('fpm_group', $data['new']['system_group']);
+ $tpl->setVar('pm', $data['new']['pm']);
+ $tpl->setVar('pm_max_children', $data['new']['pm_max_children']);
+ $tpl->setVar('pm_start_servers', $data['new']['pm_start_servers']);
+ $tpl->setVar('pm_min_spare_servers', $data['new']['pm_min_spare_servers']);
+ $tpl->setVar('pm_max_spare_servers', $data['new']['pm_max_spare_servers']);
+ $tpl->setVar('pm_process_idle_timeout', $data['new']['pm_process_idle_timeout']);
+ $tpl->setVar('pm_max_requests', $data['new']['pm_max_requests']);
+ $tpl->setVar('document_root', $data['new']['document_root']);
+ $tpl->setVar('security_level',$web_config['security_level']);
+ $php_open_basedir = ($data['new']['php_open_basedir'] == '')?escapeshellcmd($data['new']['document_root']):escapeshellcmd($data['new']['php_open_basedir']);
+ $tpl->setVar('php_open_basedir', $php_open_basedir);
+ if($php_open_basedir != ''){
+ $tpl->setVar('enable_php_open_basedir', '');
+ } else {
+ $tpl->setVar('enable_php_open_basedir', ';');
+ }
+
+ // Custom php.ini settings
+ $final_php_ini_settings = array();
+ $custom_php_ini_settings = trim($data['new']['custom_php_ini']);
+ if($custom_php_ini_settings != ''){
+ // Make sure we only have Unix linebreaks
+ $custom_php_ini_settings = str_replace("\r\n", "\n", $custom_php_ini_settings);
+ $custom_php_ini_settings = str_replace("\r", "\n", $custom_php_ini_settings);
+ $ini_settings = explode("\n", $custom_php_ini_settings);
+ if(is_array($ini_settings) && !empty($ini_settings)){
+ foreach($ini_settings as $ini_setting){
+ list($key, $value) = explode('=', $ini_setting);
+ if($value){
+ $value = escapeshellcmd(trim($value));
+ $key = escapeshellcmd(trim($key));
+ switch (strtolower($value)) {
+ case '0':
+ // PHP-FPM might complain about invalid boolean value if you use 0
+ $value = 'off';
+ case '1':
+ case 'on':
+ case 'off':
+ case 'true':
+ case 'false':
+ case 'yes':
+ case 'no':
+ $final_php_ini_settings[] = array('ini_setting' => 'php_admin_flag['.$key.'] = '.$value);
+ break;
+ default:
+ $final_php_ini_settings[] = array('ini_setting' => 'php_admin_value['.$key.'] = '.$value);
+ }
+ }
+ }
+ }
+ }
+
+ $tpl->setLoop('custom_php_ini_settings', $final_php_ini_settings);
+
+ $app->system->file_put_contents($pool_dir.$pool_name.'.conf',$tpl->grab());
+ $app->log('Writing the PHP-FPM config file: '.$pool_dir.$pool_name.'.conf',LOGLEVEL_DEBUG);
+ unset($tpl);
+
+ // delete pool in all other PHP versions
+ $default_pool_dir = escapeshellcmd($web_config['php_fpm_pool_dir']);
+ if(substr($default_pool_dir,-1) != '/') $default_pool_dir .= '/';
+ if($default_pool_dir != $pool_dir){
+ if ( @is_file($default_pool_dir.$pool_name.'.conf') ) {
+ $app->system->unlink($default_pool_dir.$pool_name.'.conf');
+ $app->log('Removed PHP-FPM config file: '.$default_pool_dir.$pool_name.'.conf',LOGLEVEL_DEBUG);
+ $app->services->restartService('php-fpm','reload:'.$conf['init_scripts'].'/'.$web_config['php_fpm_init_script']);
+ }
+ }
+ $php_versions = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = ".$conf["server_id"]);
+ if(is_array($php_versions) && !empty($php_versions)){
+ foreach($php_versions as $php_version){
+ if(substr($php_version['php_fpm_pool_dir'],-1) != '/') $php_version['php_fpm_pool_dir'] .= '/';
+ if($php_version['php_fpm_pool_dir'] != $pool_dir){
+ if ( @is_file($php_version['php_fpm_pool_dir'].$pool_name.'.conf') ) {
+ $app->system->unlink($php_version['php_fpm_pool_dir'].$pool_name.'.conf');
+ $app->log('Removed PHP-FPM config file: '.$php_version['php_fpm_pool_dir'].$pool_name.'.conf',LOGLEVEL_DEBUG);
+ $app->services->restartService('php-fpm','reload:'.$php_version['php_fpm_init_script']);
+ }
+ }
+ }
+ }
+ // Reload current PHP-FPM after all others
+ sleep(1);
+ if(!$default_php_fpm){
+ $app->services->restartService('php-fpm','reload:'.$custom_php_fpm_init_script);
+ } else {
+ $app->services->restartService('php-fpm','reload:'.$conf['init_scripts'].'/'.$web_config['php_fpm_init_script']);
+ }
+
+ //$reload = true;
+
+ //if($reload == true) $app->services->restartService('php-fpm','reload');
+ }
+
+ //* Delete the PHP-FPM pool configuration file
+ private function php_fpm_pool_delete ($data,$web_config) {
+ global $app, $conf;
+
+ if(trim($data['old']['fastcgi_php_version']) != '' && $data['old']['php'] == 'php-fpm'){
+ $default_php_fpm = false;
+ list($custom_php_fpm_name, $custom_php_fpm_init_script, $custom_php_fpm_ini_dir, $custom_php_fpm_pool_dir) = explode(':', trim($data['old']['fastcgi_php_version']));
+ if(substr($custom_php_fpm_ini_dir,-1) != '/') $custom_php_fpm_ini_dir .= '/';
+ } else {
+ $default_php_fpm = true;
+ }
+
+ if($default_php_fpm){
+ $pool_dir = escapeshellcmd($web_config['php_fpm_pool_dir']);
+ } else {
+ $pool_dir = $custom_php_fpm_pool_dir;
+ }
+
+ if(substr($pool_dir,-1) != '/') $pool_dir .= '/';
+ $pool_name = 'web'.$data['old']['domain_id'];
+
+ if ( @is_file($pool_dir.$pool_name.'.conf') ) {
+ $app->system->unlink($pool_dir.$pool_name.'.conf');
+ $app->log('Removed PHP-FPM config file: '.$pool_dir.$pool_name.'.conf',LOGLEVEL_DEBUG);
+
+ //$app->services->restartService('php-fpm','reload');
+ }
+
+ // delete pool in all other PHP versions
+ $default_pool_dir = escapeshellcmd($web_config['php_fpm_pool_dir']);
+ if(substr($default_pool_dir,-1) != '/') $default_pool_dir .= '/';
+ if($default_pool_dir != $pool_dir){
+ if ( @is_file($default_pool_dir.$pool_name.'.conf') ) {
+ $app->system->unlink($default_pool_dir.$pool_name.'.conf');
+ $app->log('Removed PHP-FPM config file: '.$default_pool_dir.$pool_name.'.conf',LOGLEVEL_DEBUG);
+ $app->services->restartService('php-fpm','reload:'.$conf['init_scripts'].'/'.$web_config['php_fpm_init_script']);
+ }
+ }
+ $php_versions = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = ".$data['old']['server_id']);
+ if(is_array($php_versions) && !empty($php_versions)){
+ foreach($php_versions as $php_version){
+ if(substr($php_version['php_fpm_pool_dir'],-1) != '/') $php_version['php_fpm_pool_dir'] .= '/';
+ if($php_version['php_fpm_pool_dir'] != $pool_dir){
+ if ( @is_file($php_version['php_fpm_pool_dir'].$pool_name.'.conf') ) {
+ $app->system->unlink($php_version['php_fpm_pool_dir'].$pool_name.'.conf');
+ $app->log('Removed PHP-FPM config file: '.$php_version['php_fpm_pool_dir'].$pool_name.'.conf',LOGLEVEL_DEBUG);
+ $app->services->restartService('php-fpm','reload:'.$php_version['php_fpm_init_script']);
+ }
+ }
+ }
+ }
+
+ // Reload current PHP-FPM after all others
+ sleep(1);
+ if(!$default_php_fpm){
+ $app->services->restartService('php-fpm','reload:'.$custom_php_fpm_init_script);
+ } else {
+ $app->services->restartService('php-fpm','reload:'.$conf['init_scripts'].'/'.$web_config['php_fpm_init_script']);
+ }
+ }
+
+ function client_delete($event_name,$data) {
+ global $app, $conf;
+
+ $app->uses("getconf");
+ $web_config = $app->getconf->get_server_config($conf["server_id"], 'web');
+
+ $client_id = intval($data['old']['client_id']);
+ if($client_id > 0) {
+
+ $client_dir = $web_config['website_basedir'].'/clients/client'.$client_id;
+ if(is_dir($client_dir) && !stristr($client_dir,'..')) {
+ @rmdir($client_dir);
+ $app->log('Removed client directory: '.$client_dir,LOGLEVEL_DEBUG);
+ }
+
+ $this->_exec('groupdel client'.$client_id);
+ $app->log('Removed group client'.$client_id,LOGLEVEL_DEBUG);
+ }
+
}
//* Wrapper for exec function for easier debugging
@@ -1361,6 +2350,31 @@
}
}
+ public function create_relative_link($f, $t) {
+ // $from already exists
+ $from = realpath($f);
+
+ // realpath requires the traced file to exist - so, lets touch it first, then remove
+ @$app->system->unlink($t); touch($t);
+ $to = realpath($t);
+ @$app->system->unlink($t);
+
+ // Remove from the left side matching path elements from $from and $to
+ // and get path elements counts
+ $a1 = explode('/', $from); $a2 = explode('/', $to);
+ for ($c = 0; $a1[$c] == $a2[$c]; $c++) {
+ unset($a1[$c]); unset($a2[$c]);
+ }
+ $cfrom = implode('/', $a1);
+
+ // Check if a path is fully a subpath of another - no way to create symlink in the case
+ if (count($a1) == 0 || count($a2) == 0) return false;
+
+ // Add ($cnt_to-1) number of "../" elements to left side of $cfrom
+ for ($c = 0; $c < (count($a2)-1); $c++) { $cfrom = '../'.$cfrom; }
+
+ return symlink($cfrom, $to);
+ }
} // end class
--
Gitblit v1.9.1