Implemented: FS#899 - Folder protection

52407705 · tbrehm · fbb24acd · 52407705 · 52407705 · 52407705
Commit 52407705 authored Sep 20, 2011 by tbrehm
--- a/install/sql/ispconfig3.sql
+++ b/install/sql/ispconfig3.sql
@@ -1557,6 +1557,7 @@ CREATE TABLE IF NOT EXISTS `web_folder_user` (
  `sys_perm_user` varchar(5) DEFAULT NULL,
  `sys_perm_group` varchar(5) DEFAULT NULL,
  `sys_perm_other` varchar(5) DEFAULT NULL,
+  `server_id` int(11) NOT NULL DEFAULT '0',
  `web_folder_id` int(11) NOT NULL DEFAULT '0',
  `username` varchar(255) DEFAULT NULL,
  `password` varchar(255) DEFAULT NULL,

--- a/interface/web/admin/templates/server_config_ufw_edit.htm
+++ b/interface/web/admin/templates/server_config_ufw_edit.htm
+<h2><tmpl_var name="list_head_txt"></h2>
+<p><tmpl_var name="list_desc_txt"></p>
+
+<div class="panel panel_server_config">
+
+  <div class="pnl_formsarea">
+    <fieldset class="inlineLabels"><legend>UFW Firewall</legend>
+      <div class="ctrlHolder">
+				<p class="label">{tmpl_var name='ufw_enable_txt'}</p>
+					<div class="multiField">
+						{tmpl_var name='ufw_enable'}
+					</div>
+			</div>
+      <div class="ctrlHolder">
+				<p class="label">{tmpl_var name='ufw_manage_builtins_txt'}</p>
+					<div class="multiField">
+						{tmpl_var name='ufw_manage_builtins'}
+					</div>
+			</div>
+      <div class="ctrlHolder">
+				<p class="label">{tmpl_var name='ufw_ipv6_txt'}</p>
+					<div class="multiField">
+						{tmpl_var name='ufw_ipv6'}
+					</div>
+			</div>
+      <div class="ctrlHolder">
+      	<label for="ufw_default_input_policy">{tmpl_var name='ufw_default_input_policy_txt'}</label>
+        <select name="ufw_default_input_policy" id="ufw_default_input_policy" class="selectInput">
+					{tmpl_var name='ufw_default_input_policy'}
+				</select>
+      </div>
+      <div class="ctrlHolder">
+      	<label for="ufw_default_output_policy">{tmpl_var name='ufw_default_output_policy_txt'}</label>
+        <select name="ufw_default_output_policy" id="ufw_default_output_policy" class="selectInput">
+					{tmpl_var name='ufw_default_output_policy'}
+				</select>
+      </div>
+      <div class="ctrlHolder">
+      	<label for="ufw_default_forward_policy">{tmpl_var name='ufw_default_forward_policy_txt'}</label>
+        <select name="ufw_default_forward_policy" id="ufw_default_forward_policy" class="selectInput">
+					{tmpl_var name='ufw_default_forward_policy'}
+				</select>
+      </div>
+      <div class="ctrlHolder">
+      	<label for="ufw_default_application_policy">{tmpl_var name='ufw_default_application_policy_txt'}</label>
+        <select name="ufw_default_application_policy" id="ufw_default_application_policy" class="selectInput">
+					{tmpl_var name='ufw_default_application_policy'}
+				</select>
+      </div>
+      <div class="ctrlHolder">
+      	<label for="ufw_log_level">{tmpl_var name='ufw_log_level_txt'}</label>
+        <select name="ufw_log_level" id="ufw_log_level" class="selectInput">
+					{tmpl_var name='ufw_log_level'}
+				</select>
+      </div>
+    </fieldset>
+
+    <input type="hidden" name="id" value="{tmpl_var name='id'}">
+
+    <div class="buttonHolder buttons">
+      <button class="positive iconstxt icoPositive" type="button" value="{tmpl_var name='btn_save_txt'}" onClick="submitForm('pageForm','admin/server_config_edit.php');"><span>{tmpl_var name='btn_save_txt'}</span></button>
+      <button class="negative iconstxt icoNegative" type="button" value="{tmpl_var name='btn_cancel_txt'}" onClick="loadContent('admin/server_config_list.php');"><span>{tmpl_var name='btn_cancel_txt'}</span></button>
+    </div>
+  </div>
+  
+</div>
--- a/interface/web/client/client_del.php
+++ b/interface/web/client/client_del.php
@@ -131,7 +131,7 @@ class page_action extends tform_actions {
 			$app->db->query("DELETE FROM sys_user WHERE client_id = $client_id");
 			
 			// Delete all records (sub-clients, mail, web, etc....)  of this client.
-			$tables = 'client,dns_rr,dns_soa,dns_slave,ftp_user,mail_access,mail_content_filter,mail_domain,mail_forwarding,mail_get,mail_user,mail_user_filter,shell_user,spamfilter_users,support_message,web_database,web_domain,web_traffic';
+			$tables = 'client,dns_rr,dns_soa,dns_slave,ftp_user,mail_access,mail_content_filter,mail_domain,mail_forwarding,mail_get,mail_user,mail_user_filter,shell_user,spamfilter_users,support_message,web_database,web_domain,web_traffic,web_folder,web_folder_user';
 			$tables_array = explode(',',$tables);
 			$client_group_id = intval($client_group['groupid']);
 			if($client_group_id > 1) {

--- a/interface/web/sites/form/web_folder.tform.php
+++ b/interface/web/sites/form/web_folder.tform.php
+<?php
+
+/*
+	Form Definition
+
+	Tabledefinition
+
+	Datatypes:
+	- INTEGER (Forces the input to Int)
+	- DOUBLE
+	- CURRENCY (Formats the values to currency notation)
+	- VARCHAR (no format check, maxlength: 255)
+	- TEXT (no format check)
+	- DATE (Dateformat, automatic conversion to timestamps)
+
+	Formtype:
+	- TEXT (Textfield)
+	- TEXTAREA (Textarea)
+	- PASSWORD (Password textfield, input is not shown when edited)
+	- SELECT (Select option field)
+	- RADIO
+	- CHECKBOX
+	- CHECKBOXARRAY
+	- FILE
+
+	VALUE:
+	- Wert oder Array
+
+	Hint:
+	The ID field of the database table is not part of the datafield definition.
+	The ID field must be always auto incement (int or bigint).
+
+
+*/
+
+$form["title"] 			= "Web Folder";
+$form["description"] 	= "";
+$form["name"] 			= "web_folder";
+$form["action"]			= "web_folder_edit.php";
+$form["db_table"]		= "web_folder";
+$form["db_table_idx"]	= "web_folder_id";
+$form["db_history"]		= "yes";
+$form["tab_default"]	= "folder";
+$form["list_default"]	= "web_folder_list.php";
+$form["auth"]			= 'yes'; // yes / no
+
+$form["auth_preset"]["userid"]  = 0; // 0 = id of the user, > 0 id must match with id of current user
+$form["auth_preset"]["groupid"] = 0; // 0 = default groupid of the user, > 0 id must match with groupid of current user
+$form["auth_preset"]["perm_user"] = 'riud'; //r = read, i = insert, u = update, d = delete
+$form["auth_preset"]["perm_group"] = 'riud'; //r = read, i = insert, u = update, d = delete
+$form["auth_preset"]["perm_other"] = ''; //r = read, i = insert, u = update, d = delete
+
+$form["tabs"]['folder'] = array (
+	'title' 	=> "Folder",
+	'width' 	=> 100,
+	'template' 	=> "templates/web_folder_edit.htm",
+	'fields' 	=> array (
+	##################################
+	# Begin Datatable fields
+	##################################
+		'server_id' => array (
+			'datatype'	=> 'INTEGER',
+			'formtype'	=> 'SELECT',
+			'default'	=> '',
+			'datasource'	=> array ( 	'type'	=> 'SQL',
+										'querystring' => 'SELECT server_id,server_name FROM server WHERE mirror_server_id = 0 AND {AUTHSQL} ORDER BY server_name',
+										'keyfield'=> 'server_id',
+										'valuefield'=> 'server_name'
+									 ),
+			'value'		=> ''
+		),
+		'parent_domain_id' => array (
+			'datatype'	=> 'INTEGER',
+			'formtype'	=> 'SELECT',
+			'default'	=> '',
+			'datasource'	=> array ( 	'type'	=> 'SQL',
+										'querystring' => "SELECT domain_id,domain FROM web_domain WHERE type = 'vhost' AND {AUTHSQL} ORDER BY domain",
+										'keyfield'=> 'domain_id',
+										'valuefield'=> 'domain'
+									 ),
+			'value'		=> ''
+		),
+		'path' => array (
+			'datatype'	=> 'VARCHAR',
+			'formtype'	=> 'TEXT',
+			'validators'	=> array ( 	0 => array (	'type'	=> 'REGEX',
+														'regex' => '/^[\w\.\-\_\/]{0,255}$/',
+														'errmsg'=> 'path_error_regex'),
+									),
+			'default'	=> '/',
+			'value'		=> '',
+			'width'		=> '30',
+			'maxlength'	=> '255'
+		),
+		'active' => array (
+			'datatype'	=> 'VARCHAR',
+			'formtype'	=> 'CHECKBOX',
+			'default'	=> 'y',
+			'value'		=> array(0 => 'n',1 => 'y')
+		),
+	##################################
+	# ENDE Datatable fields
+	##################################
+	)
+);
+
+
+
+
+?>
\ No newline at end of file
--- a/interface/web/sites/form/web_folder_user.tform.php
+++ b/interface/web/sites/form/web_folder_user.tform.php
+<?php
+
+/*
+	Form Definition
+
+	Tabledefinition
+
+	Datatypes:
+	- INTEGER (Forces the input to Int)
+	- DOUBLE
+	- CURRENCY (Formats the values to currency notation)
+	- VARCHAR (no format check, maxlength: 255)
+	- TEXT (no format check)
+	- DATE (Dateformat, automatic conversion to timestamps)
+
+	Formtype:
+	- TEXT (Textfield)
+	- TEXTAREA (Textarea)
+	- PASSWORD (Password textfield, input is not shown when edited)
+	- SELECT (Select option field)
+	- RADIO
+	- CHECKBOX
+	- CHECKBOXARRAY
+	- FILE
+
+	VALUE:
+	- Wert oder Array
+
+	Hint:
+	The ID field of the database table is not part of the datafield definition.
+	The ID field must be always auto incement (int or bigint).
+
+
+*/
+
+$form["title"] 			= "Web folder user";
+$form["description"] 	= "";
+$form["name"] 			= "web_folder_user";
+$form["action"]			= "web_folder_user_edit.php";
+$form["db_table"]		= "web_folder_user";
+$form["db_table_idx"]	= "web_folder_user_id";
+$form["db_history"]		= "yes";
+$form["tab_default"]	= "user";
+$form["list_default"]	= "web_folder_user_list.php";
+$form["auth"]			= 'yes'; // yes / no
+
+$form["auth_preset"]["userid"]  = 0; // 0 = id of the user, > 0 id must match with id of current user
+$form["auth_preset"]["groupid"] = 0; // 0 = default groupid of the user, > 0 id must match with groupid of current user
+$form["auth_preset"]["perm_user"] = 'riud'; //r = read, i = insert, u = update, d = delete
+$form["auth_preset"]["perm_group"] = 'riud'; //r = read, i = insert, u = update, d = delete
+$form["auth_preset"]["perm_other"] = ''; //r = read, i = insert, u = update, d = delete
+
+$form["tabs"]['user'] = array (
+	'title' 	=> "Folder",
+	'width' 	=> 100,
+	'template' 	=> "templates/web_folder_user_edit.htm",
+	'fields' 	=> array (
+	##################################
+	# Begin Datatable fields
+	##################################
+		'server_id' => array (
+			'datatype'	=> 'INTEGER',
+			'formtype'	=> 'SELECT',
+			'default'	=> '',
+			'datasource'	=> array ( 	'type'	=> 'SQL',
+										'querystring' => 'SELECT server_id,server_name FROM server WHERE mirror_server_id = 0 AND {AUTHSQL} ORDER BY server_name',
+										'keyfield'=> 'server_id',
+										'valuefield'=> 'server_name'
+									 ),
+			'value'		=> ''
+		),
+		'web_folder_id' => array (
+			'datatype'	=> 'INTEGER',
+			'formtype'	=> 'SELECT',
+			'default'	=> '',
+			'datasource'	=> array ( 	'type'	=> 'SQL',
+										'querystring' => "Select concat(web_domain.domain,' ',web_folder.path) as name, web_folder.web_folder_id from web_domain, web_folder WHERE web_domain.domain_id = web_folder.parent_domain_id AND {AUTHSQL} ORDER BY web_domain.domain",
+										'keyfield'=> 'web_folder_id',
+										'valuefield'=> 'name'
+									 ),
+			'validators'	=> array ( 	0 => array (	'type'	=> 'NOTEMPTY',
+														'errmsg'=> 'folder_error_empty'),
+									),
+			'value'		=> ''
+		),
+		'username' => array (
+			'datatype'	=> 'VARCHAR',
+			'formtype'	=> 'TEXT',
+			'validators'	=> array ( 	0 => array (	'type'	=> 'REGEX',
+														'regex' => '/^[\w\.\-]{0,64}$/',
+														'errmsg'=> 'username_error_regex'),
+									),
+			'default'	=> '',
+			'value'		=> '',
+			'width'		=> '30',
+			'maxlength'	=> '255'
+		),
+		'password' => array (
+			'datatype'	=> 'VARCHAR',
+			'formtype'	=> 'PASSWORD',
+			'encryption' => 'CRYPT',
+			'default'	=> '',
+			'value'		=> '',
+			'width'		=> '30',
+			'maxlength'	=> '255'
+		),
+		'active' => array (
+			'datatype'	=> 'VARCHAR',
+			'formtype'	=> 'CHECKBOX',
+			'default'	=> 'y',
+			'value'		=> array(0 => 'n',1 => 'y')
+		),
+	##################################
+	# ENDE Datatable fields
+	##################################
+	)
+);
+
+
+
+
+?>
\ No newline at end of file
--- a/interface/web/sites/lib/lang/en_web_folder.lng
+++ b/interface/web/sites/lib/lang/en_web_folder.lng
+<?php
+$wb["server_id_txt"] = 'Server';
+$wb["parent_domain_id_txt"] = 'Website';
+$wb["path_txt"] = 'Path';
+$wb["active_txt"] = 'Active';
+$wb["path_error_regex"] = 'Invalid folder path.';
+?>
\ No newline at end of file
--- a/interface/web/sites/lib/lang/en_web_folder_list.lng
+++ b/interface/web/sites/lib/lang/en_web_folder_list.lng
+<?php
+$wb["list_head_txt"] = 'Folder';
+$wb["active_txt"] = 'Active';
+$wb["server_id_txt"] = 'Server';
+$wb["parent_domain_id_txt"] = 'Website';
+$wb["path_txt"] = 'Path';
+?>
\ No newline at end of file
--- a/interface/web/sites/lib/lang/en_web_folder_user.lng
+++ b/interface/web/sites/lib/lang/en_web_folder_user.lng
+<?php
+$wb["web_folder_id_txt"] = 'Folder';
+$wb["username_txt"] = 'Username';
+$wb["password_txt"] = 'Password';
+$wb["active_txt"] = 'Active';
+$wb["folder_error_empty"] = 'No web folder selecetd.';
+?>
\ No newline at end of file
--- a/interface/web/sites/lib/lang/en_web_folder_user_list.lng
+++ b/interface/web/sites/lib/lang/en_web_folder_user_list.lng
+<?php
+$wb["list_head_txt"] = 'Folder User';
+$wb["active_txt"] = 'Active';
+$wb["web_folder_id_txt"] = 'Folder';
+$wb["username_txt"] = 'Username';
+?>
\ No newline at end of file
--- a/interface/web/sites/lib/module.conf.php
+++ b/interface/web/sites/lib/module.conf.php
@@ -116,6 +116,26 @@ if($app->auth->get_client_limit($userid,'webdav_user') != 0)
 			'items'	=> $items);
 }

+/*
+ *	Web folder menu
+ */
+	$items=array();
+	
+	$items[] = array( 'title' 	=> "Folder",
+			'target' 	=> 'content',
+			'link'	=> 'sites/web_folder_list.php',
+			'html_id' => 'web_folder_list');
+	
+	$items[] = array( 'title' 	=> "Folder users",
+			'target' 	=> 'content',
+			'link'	=> 'sites/web_folder_user_list.php',
+			'html_id' => 'web_folder_user_list');
+	
+	$module["nav"][] = array(	'title'	=> 'Folder protection',
+			'open' 	=> 1,
+			'items'	=> $items);
+
+
 /*
    Cron menu
 */
@@ -153,18 +173,6 @@ $module['nav'][] = array(   'title' => 'Statistics',



-// clean up
-unset($items);
-
-$items[] = array( 'title' 	=> "Rewrite Rules",
-				  'target' 	=> 'content',
-				  'link'	=> 'sites/proxy_reverse_list.php');
-
-
-$module["nav"][] = array(	'title'	=> 'Reverse Proxy',
-							'open' 	=> 1,
-							'items'	=> $items);
-
 // clean up
 unset($items);


--- a/interface/web/sites/list/web_folder.list.php
+++ b/interface/web/sites/list/web_folder.list.php
+<?php
+
+/*
+	Datatypes:
+	- INTEGER
+	- DOUBLE
+	- CURRENCY
+	- VARCHAR
+	- TEXT
+	- DATE
+*/
+
+
+
+// Name of the list
+$liste["name"] 				= "web_folder";
+
+// Database table
+$liste["table"] 			= "web_folder";
+
+// Index index field of the database table
+$liste["table_idx"]			= "web_folder_id";
+
+// Search Field Prefix
+$liste["search_prefix"] 	= "search_";
+
+// Records per page
+$liste["records_per_page"] 	= "15";
+
+// Script File of the list
+$liste["file"]				= "web_folder_list.php";
+
+// Script file of the edit form
+$liste["edit_file"]			= "web_folder_edit.php";
+
+// Script File of the delete script
+$liste["delete_file"]		= "web_folder_del.php";
+
+// Paging Template
+$liste["paging_tpl"]		= "templates/paging.tpl.htm";
+
+// Enable auth
+$liste["auth"]				= "yes";
+
+
+/*****************************************************
+* Suchfelder
+*****************************************************/
+
+
+$liste["item"][] = array(	'field'		=> "active",
+							'datatype'	=> "VARCHAR",
+							'formtype'	=> "SELECT",
+							'op'		=> "=",
+							'prefix'	=> "",
+							'suffix'	=> "",
+							'width'		=> "",
+							'value'		=> array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>",'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));
+
+
+$liste["item"][] = array(	'field'		=> "server_id",
+							'datatype'	=> "VARCHAR",
+							'formtype'	=> "SELECT",
+							'op'		=> "like",
+							'prefix'	=> "%",
+							'suffix'	=> "%",
+							'datasource'	=> array ( 	'type'	=> 'SQL',
+														'querystring' => 'SELECT server_id,server_name FROM server WHERE {AUTHSQL} ORDER BY server_name',
+														'keyfield'=> 'server_id',
+														'valuefield'=> 'server_name'
+									 				  ),
+							'width'		=> "",
+							'value'		=> "");
+
+$liste["item"][] = array(	'field'		=> "parent_domain_id",
+							'datatype'	=> "VARCHAR",
+							'formtype'	=> "SELECT",
+							'op'		=> "=",
+							'prefix'	=> "",
+							'suffix'	=> "",
+							'datasource'	=> array ( 	'type'	=> 'SQL',
+										'querystring' => "SELECT domain_id,domain FROM web_domain WHERE type = 'vhost' AND {AUTHSQL} ORDER BY domain",
+										'keyfield'=> 'domain_id',
+										'valuefield'=> 'domain'
+									 ),
+							'width'		=> "",
+							'value'		=> "");
+
+$liste["item"][] = array(	'field'		=> "path",
+							'datatype'	=> "VARCHAR",
+							'formtype'	=> "TEXT",
+							'op'		=> "like",
+							'prefix'	=> "%",
+							'suffix'	=> "%",
+							'width'		=> "",
+							'value'		=> "");
+
+
+?>
\ No newline at end of file
--- a/interface/web/sites/list/web_folder_user.list.php
+++ b/interface/web/sites/list/web_folder_user.list.php
+<?php
+
+/*
+	Datatypes:
+	- INTEGER
+	- DOUBLE
+	- CURRENCY
+	- VARCHAR
+	- TEXT
+	- DATE
+*/
+
+
+
+// Name of the list
+$liste["name"] 				= "web_folder_user";
+
+// Database table
+$liste["table"] 			= "web_folder_user";
+
+// Index index field of the database table
+$liste["table_idx"]			= "web_folder_user_id";
+
+// Search Field Prefix
+$liste["search_prefix"] 	= "search_";
+
+// Records per page
+$liste["records_per_page"] 	= "15";
+
+// Script File of the list
+$liste["file"]				= "web_folder_user_list.php";
+
+// Script file of the edit form
+$liste["edit_file"]			= "web_folder_user_edit.php";
+
+// Script File of the delete script
+$liste["delete_file"]		= "web_folder_user_del.php";
+
+// Paging Template
+$liste["paging_tpl"]		= "templates/paging.tpl.htm";
+
+// Enable auth
+$liste["auth"]				= "yes";
+
+
+/*****************************************************
+* Suchfelder
+*****************************************************/
+
+
+$liste["item"][] = array(	'field'		=> "active",
+							'datatype'	=> "VARCHAR",
+							'formtype'	=> "SELECT",
+							'op'		=> "=",
+							'prefix'	=> "",
+							'suffix'	=> "",
+							'width'		=> "",
+							'value'		=> array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>",'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));
+
+
+$liste["item"][] = array(	'field'		=> "web_folder_id",
+							'datatype'	=> "VARCHAR",
+							'formtype'	=> "SELECT",
+							'op'		=> "=",
+							'prefix'	=> "",
+							'suffix'	=> "",
+							'datasource'	=> array ( 	'type'	=> 'SQL',
+										'querystring' => "Select concat(web_domain.domain,' ',web_folder.path) as name, web_folder.web_folder_id from web_domain, web_folder WHERE web_domain.domain_id = web_folder.parent_domain_id AND {AUTHSQL} ORDER BY web_domain.domain",
+										'keyfield'=> 'web_folder_id',
+										'valuefield'=> 'name'
+									 ),
+							'width'		=> "",
+							'value'		=> "");
+
+$liste["item"][] = array(	'field'		=> "username",
+							'datatype'	=> "VARCHAR",
+							'formtype'	=> "TEXT",
+							'op'		=> "like",
+							'prefix'	=> "%",
+							'suffix'	=> "%",
+							'width'		=> "",
+							'value'		=> "");
+
+
+?>
\ No newline at end of file
--- a/interface/web/sites/templates/web_folder_edit.htm
+++ b/interface/web/sites/templates/web_folder_edit.htm
+<h2><tmpl_var name="list_head_txt"></h2>
+<p><tmpl_var name="list_desc_txt"></p>
+
+<div class="panel panel_web_folder">
+
+  <div class="pnl_formsarea">
+    <fieldset class="inlineLabels"><legend>Folder</legend>
+      <div class="ctrlHolder">
+      	<label for="parent_domain_id">{tmpl_var name='parent_domain_id_txt'}</label>
+        <select name="parent_domain_id" id="parent_domain_id" class="selectInput">
+					{tmpl_var name='parent_domain_id'}
+				</select>
+      </div>
+      <div class="ctrlHolder">
+      	<label for="path">{tmpl_var name='path_txt'}</label>