Commit 52407705 authored by tbrehm's avatar tbrehm
Browse files

Implemented: FS#899 - Folder protection

parent fbb24acd
......@@ -1557,6 +1557,7 @@ CREATE TABLE IF NOT EXISTS `web_folder_user` (
`sys_perm_user` varchar(5) DEFAULT NULL,
`sys_perm_group` varchar(5) DEFAULT NULL,
`sys_perm_other` varchar(5) DEFAULT NULL,
`server_id` int(11) NOT NULL DEFAULT '0',
`web_folder_id` int(11) NOT NULL DEFAULT '0',
`username` varchar(255) DEFAULT NULL,
`password` varchar(255) DEFAULT NULL,
......
<h2><tmpl_var name="list_head_txt"></h2>
<p><tmpl_var name="list_desc_txt"></p>
<div class="panel panel_server_config">
<div class="pnl_formsarea">
<fieldset class="inlineLabels"><legend>UFW Firewall</legend>
<div class="ctrlHolder">
<p class="label">{tmpl_var name='ufw_enable_txt'}</p>
<div class="multiField">
{tmpl_var name='ufw_enable'}
</div>
</div>
<div class="ctrlHolder">
<p class="label">{tmpl_var name='ufw_manage_builtins_txt'}</p>
<div class="multiField">
{tmpl_var name='ufw_manage_builtins'}
</div>
</div>
<div class="ctrlHolder">
<p class="label">{tmpl_var name='ufw_ipv6_txt'}</p>
<div class="multiField">
{tmpl_var name='ufw_ipv6'}
</div>
</div>
<div class="ctrlHolder">
<label for="ufw_default_input_policy">{tmpl_var name='ufw_default_input_policy_txt'}</label>
<select name="ufw_default_input_policy" id="ufw_default_input_policy" class="selectInput">
{tmpl_var name='ufw_default_input_policy'}
</select>
</div>
<div class="ctrlHolder">
<label for="ufw_default_output_policy">{tmpl_var name='ufw_default_output_policy_txt'}</label>
<select name="ufw_default_output_policy" id="ufw_default_output_policy" class="selectInput">
{tmpl_var name='ufw_default_output_policy'}
</select>
</div>
<div class="ctrlHolder">
<label for="ufw_default_forward_policy">{tmpl_var name='ufw_default_forward_policy_txt'}</label>
<select name="ufw_default_forward_policy" id="ufw_default_forward_policy" class="selectInput">
{tmpl_var name='ufw_default_forward_policy'}
</select>
</div>
<div class="ctrlHolder">
<label for="ufw_default_application_policy">{tmpl_var name='ufw_default_application_policy_txt'}</label>
<select name="ufw_default_application_policy" id="ufw_default_application_policy" class="selectInput">
{tmpl_var name='ufw_default_application_policy'}
</select>
</div>
<div class="ctrlHolder">
<label for="ufw_log_level">{tmpl_var name='ufw_log_level_txt'}</label>
<select name="ufw_log_level" id="ufw_log_level" class="selectInput">
{tmpl_var name='ufw_log_level'}
</select>
</div>
</fieldset>
<input type="hidden" name="id" value="{tmpl_var name='id'}">
<div class="buttonHolder buttons">
<button class="positive iconstxt icoPositive" type="button" value="{tmpl_var name='btn_save_txt'}" onClick="submitForm('pageForm','admin/server_config_edit.php');"><span>{tmpl_var name='btn_save_txt'}</span></button>
<button class="negative iconstxt icoNegative" type="button" value="{tmpl_var name='btn_cancel_txt'}" onClick="loadContent('admin/server_config_list.php');"><span>{tmpl_var name='btn_cancel_txt'}</span></button>
</div>
</div>
</div>
......@@ -131,7 +131,7 @@ class page_action extends tform_actions {
$app->db->query("DELETE FROM sys_user WHERE client_id = $client_id");
// Delete all records (sub-clients, mail, web, etc....) of this client.
$tables = 'client,dns_rr,dns_soa,dns_slave,ftp_user,mail_access,mail_content_filter,mail_domain,mail_forwarding,mail_get,mail_user,mail_user_filter,shell_user,spamfilter_users,support_message,web_database,web_domain,web_traffic';
$tables = 'client,dns_rr,dns_soa,dns_slave,ftp_user,mail_access,mail_content_filter,mail_domain,mail_forwarding,mail_get,mail_user,mail_user_filter,shell_user,spamfilter_users,support_message,web_database,web_domain,web_traffic,web_folder,web_folder_user';
$tables_array = explode(',',$tables);
$client_group_id = intval($client_group['groupid']);
if($client_group_id > 1) {
......
<?php
/*
Form Definition
Tabledefinition
Datatypes:
- INTEGER (Forces the input to Int)
- DOUBLE
- CURRENCY (Formats the values to currency notation)
- VARCHAR (no format check, maxlength: 255)
- TEXT (no format check)
- DATE (Dateformat, automatic conversion to timestamps)
Formtype:
- TEXT (Textfield)
- TEXTAREA (Textarea)
- PASSWORD (Password textfield, input is not shown when edited)
- SELECT (Select option field)
- RADIO
- CHECKBOX
- CHECKBOXARRAY
- FILE
VALUE:
- Wert oder Array
Hint:
The ID field of the database table is not part of the datafield definition.
The ID field must be always auto incement (int or bigint).
*/
$form["title"] = "Web Folder";
$form["description"] = "";
$form["name"] = "web_folder";
$form["action"] = "web_folder_edit.php";
$form["db_table"] = "web_folder";
$form["db_table_idx"] = "web_folder_id";
$form["db_history"] = "yes";
$form["tab_default"] = "folder";
$form["list_default"] = "web_folder_list.php";
$form["auth"] = 'yes'; // yes / no
$form["auth_preset"]["userid"] = 0; // 0 = id of the user, > 0 id must match with id of current user
$form["auth_preset"]["groupid"] = 0; // 0 = default groupid of the user, > 0 id must match with groupid of current user
$form["auth_preset"]["perm_user"] = 'riud'; //r = read, i = insert, u = update, d = delete
$form["auth_preset"]["perm_group"] = 'riud'; //r = read, i = insert, u = update, d = delete
$form["auth_preset"]["perm_other"] = ''; //r = read, i = insert, u = update, d = delete
$form["tabs"]['folder'] = array (
'title' => "Folder",
'width' => 100,
'template' => "templates/web_folder_edit.htm",
'fields' => array (
##################################
# Begin Datatable fields
##################################
'server_id' => array (
'datatype' => 'INTEGER',
'formtype' => 'SELECT',
'default' => '',
'datasource' => array ( 'type' => 'SQL',
'querystring' => 'SELECT server_id,server_name FROM server WHERE mirror_server_id = 0 AND {AUTHSQL} ORDER BY server_name',
'keyfield'=> 'server_id',
'valuefield'=> 'server_name'
),
'value' => ''
),
'parent_domain_id' => array (
'datatype' => 'INTEGER',
'formtype' => 'SELECT',
'default' => '',
'datasource' => array ( 'type' => 'SQL',
'querystring' => "SELECT domain_id,domain FROM web_domain WHERE type = 'vhost' AND {AUTHSQL} ORDER BY domain",
'keyfield'=> 'domain_id',
'valuefield'=> 'domain'
),
'value' => ''
),
'path' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'validators' => array ( 0 => array ( 'type' => 'REGEX',
'regex' => '/^[\w\.\-\_\/]{0,255}$/',
'errmsg'=> 'path_error_regex'),
),
'default' => '/',
'value' => '',
'width' => '30',
'maxlength' => '255'
),
'active' => array (
'datatype' => 'VARCHAR',
'formtype' => 'CHECKBOX',
'default' => 'y',
'value' => array(0 => 'n',1 => 'y')
),
##################################
# ENDE Datatable fields
##################################
)
);
?>
\ No newline at end of file
<?php
/*
Form Definition
Tabledefinition
Datatypes:
- INTEGER (Forces the input to Int)
- DOUBLE
- CURRENCY (Formats the values to currency notation)
- VARCHAR (no format check, maxlength: 255)
- TEXT (no format check)
- DATE (Dateformat, automatic conversion to timestamps)
Formtype:
- TEXT (Textfield)
- TEXTAREA (Textarea)
- PASSWORD (Password textfield, input is not shown when edited)
- SELECT (Select option field)
- RADIO
- CHECKBOX
- CHECKBOXARRAY
- FILE
VALUE:
- Wert oder Array
Hint:
The ID field of the database table is not part of the datafield definition.
The ID field must be always auto incement (int or bigint).
*/
$form["title"] = "Web folder user";
$form["description"] = "";
$form["name"] = "web_folder_user";
$form["action"] = "web_folder_user_edit.php";
$form["db_table"] = "web_folder_user";
$form["db_table_idx"] = "web_folder_user_id";
$form["db_history"] = "yes";
$form["tab_default"] = "user";
$form["list_default"] = "web_folder_user_list.php";
$form["auth"] = 'yes'; // yes / no
$form["auth_preset"]["userid"] = 0; // 0 = id of the user, > 0 id must match with id of current user
$form["auth_preset"]["groupid"] = 0; // 0 = default groupid of the user, > 0 id must match with groupid of current user
$form["auth_preset"]["perm_user"] = 'riud'; //r = read, i = insert, u = update, d = delete
$form["auth_preset"]["perm_group"] = 'riud'; //r = read, i = insert, u = update, d = delete
$form["auth_preset"]["perm_other"] = ''; //r = read, i = insert, u = update, d = delete
$form["tabs"]['user'] = array (
'title' => "Folder",
'width' => 100,
'template' => "templates/web_folder_user_edit.htm",
'fields' => array (
##################################
# Begin Datatable fields
##################################
'server_id' => array (
'datatype' => 'INTEGER',
'formtype' => 'SELECT',
'default' => '',
'datasource' => array ( 'type' => 'SQL',
'querystring' => 'SELECT server_id,server_name FROM server WHERE mirror_server_id = 0 AND {AUTHSQL} ORDER BY server_name',
'keyfield'=> 'server_id',
'valuefield'=> 'server_name'
),
'value' => ''
),
'web_folder_id' => array (
'datatype' => 'INTEGER',
'formtype' => 'SELECT',
'default' => '',
'datasource' => array ( 'type' => 'SQL',
'querystring' => "Select concat(web_domain.domain,' ',web_folder.path) as name, web_folder.web_folder_id from web_domain, web_folder WHERE web_domain.domain_id = web_folder.parent_domain_id AND {AUTHSQL} ORDER BY web_domain.domain",
'keyfield'=> 'web_folder_id',
'valuefield'=> 'name'
),
'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
'errmsg'=> 'folder_error_empty'),
),
'value' => ''
),
'username' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'validators' => array ( 0 => array ( 'type' => 'REGEX',
'regex' => '/^[\w\.\-]{0,64}$/',
'errmsg'=> 'username_error_regex'),
),
'default' => '',
'value' => '',
'width' => '30',
'maxlength' => '255'
),
'password' => array (
'datatype' => 'VARCHAR',
'formtype' => 'PASSWORD',
'encryption' => 'CRYPT',
'default' => '',
'value' => '',
'width' => '30',
'maxlength' => '255'
),
'active' => array (
'datatype' => 'VARCHAR',
'formtype' => 'CHECKBOX',
'default' => 'y',
'value' => array(0 => 'n',1 => 'y')
),
##################################
# ENDE Datatable fields
##################################
)
);
?>
\ No newline at end of file
<?php
$wb["server_id_txt"] = 'Server';
$wb["parent_domain_id_txt"] = 'Website';
$wb["path_txt"] = 'Path';
$wb["active_txt"] = 'Active';
$wb["path_error_regex"] = 'Invalid folder path.';
?>
\ No newline at end of file
<?php
$wb["list_head_txt"] = 'Folder';
$wb["active_txt"] = 'Active';
$wb["server_id_txt"] = 'Server';
$wb["parent_domain_id_txt"] = 'Website';
$wb["path_txt"] = 'Path';
?>
\ No newline at end of file
<?php
$wb["web_folder_id_txt"] = 'Folder';
$wb["username_txt"] = 'Username';
$wb["password_txt"] = 'Password';
$wb["active_txt"] = 'Active';
$wb["folder_error_empty"] = 'No web folder selecetd.';
?>
\ No newline at end of file
<?php
$wb["list_head_txt"] = 'Folder User';
$wb["active_txt"] = 'Active';
$wb["web_folder_id_txt"] = 'Folder';
$wb["username_txt"] = 'Username';
?>
\ No newline at end of file
......@@ -116,6 +116,26 @@ if($app->auth->get_client_limit($userid,'webdav_user') != 0)
'items' => $items);
}
/*
* Web folder menu
*/
$items=array();
$items[] = array( 'title' => "Folder",
'target' => 'content',
'link' => 'sites/web_folder_list.php',
'html_id' => 'web_folder_list');
$items[] = array( 'title' => "Folder users",
'target' => 'content',
'link' => 'sites/web_folder_user_list.php',
'html_id' => 'web_folder_user_list');
$module["nav"][] = array( 'title' => 'Folder protection',
'open' => 1,
'items' => $items);
/*
Cron menu
*/
......@@ -153,18 +173,6 @@ $module['nav'][] = array( 'title' => 'Statistics',
// clean up
unset($items);
$items[] = array( 'title' => "Rewrite Rules",
'target' => 'content',
'link' => 'sites/proxy_reverse_list.php');
$module["nav"][] = array( 'title' => 'Reverse Proxy',
'open' => 1,
'items' => $items);
// clean up
unset($items);
......
<?php
/*
Datatypes:
- INTEGER
- DOUBLE
- CURRENCY
- VARCHAR
- TEXT
- DATE
*/
// Name of the list
$liste["name"] = "web_folder";
// Database table
$liste["table"] = "web_folder";
// Index index field of the database table
$liste["table_idx"] = "web_folder_id";
// Search Field Prefix
$liste["search_prefix"] = "search_";
// Records per page
$liste["records_per_page"] = "15";
// Script File of the list
$liste["file"] = "web_folder_list.php";
// Script file of the edit form
$liste["edit_file"] = "web_folder_edit.php";
// Script File of the delete script
$liste["delete_file"] = "web_folder_del.php";
// Paging Template
$liste["paging_tpl"] = "templates/paging.tpl.htm";
// Enable auth
$liste["auth"] = "yes";
/*****************************************************
* Suchfelder
*****************************************************/
$liste["item"][] = array( 'field' => "active",
'datatype' => "VARCHAR",
'formtype' => "SELECT",
'op' => "=",
'prefix' => "",
'suffix' => "",
'width' => "",
'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>",'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));
$liste["item"][] = array( 'field' => "server_id",
'datatype' => "VARCHAR",
'formtype' => "SELECT",
'op' => "like",
'prefix' => "%",
'suffix' => "%",
'datasource' => array ( 'type' => 'SQL',
'querystring' => 'SELECT server_id,server_name FROM server WHERE {AUTHSQL} ORDER BY server_name',
'keyfield'=> 'server_id',
'valuefield'=> 'server_name'
),
'width' => "",
'value' => "");
$liste["item"][] = array( 'field' => "parent_domain_id",
'datatype' => "VARCHAR",
'formtype' => "SELECT",
'op' => "=",
'prefix' => "",
'suffix' => "",
'datasource' => array ( 'type' => 'SQL',
'querystring' => "SELECT domain_id,domain FROM web_domain WHERE type = 'vhost' AND {AUTHSQL} ORDER BY domain",
'keyfield'=> 'domain_id',
'valuefield'=> 'domain'
),
'width' => "",
'value' => "");
$liste["item"][] = array( 'field' => "path",
'datatype' => "VARCHAR",
'formtype' => "TEXT",
'op' => "like",
'prefix' => "%",
'suffix' => "%",
'width' => "",
'value' => "");
?>
\ No newline at end of file
<?php
/*
Datatypes:
- INTEGER
- DOUBLE
- CURRENCY
- VARCHAR
- TEXT
- DATE
*/
// Name of the list
$liste["name"] = "web_folder_user";
// Database table
$liste["table"] = "web_folder_user";
// Index index field of the database table
$liste["table_idx"] = "web_folder_user_id";
// Search Field Prefix
$liste["search_prefix"] = "search_";
// Records per page
$liste["records_per_page"] = "15";
// Script File of the list
$liste["file"] = "web_folder_user_list.php";
// Script file of the edit form
$liste["edit_file"] = "web_folder_user_edit.php";
// Script File of the delete script
$liste["delete_file"] = "web_folder_user_del.php";
// Paging Template
$liste["paging_tpl"] = "templates/paging.tpl.htm";
// Enable auth
$liste["auth"] = "yes";
/*****************************************************
* Suchfelder
*****************************************************/
$liste["item"][] = array( 'field' => "active",
'datatype' => "VARCHAR",
'formtype' => "SELECT",
'op' => "=",
'prefix' => "",
'suffix' => "",
'width' => "",
'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>",'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));
$liste["item"][] = array( 'field' => "web_folder_id",
'datatype' => "VARCHAR",
'formtype' => "SELECT",
'op' => "=",
'prefix' => "",
'suffix' => "",
'datasource' => array ( 'type' => 'SQL',
'querystring' => "Select concat(web_domain.domain,' ',web_folder.path) as name, web_folder.web_folder_id from web_domain, web_folder WHERE web_domain.domain_id = web_folder.parent_domain_id AND {AUTHSQL} ORDER BY web_domain.domain",
'keyfield'=> 'web_folder_id',
'valuefield'=> 'name'
),
'width' => "",
'value' => "");
$liste["item"][] = array( 'field' => "username",
'datatype' => "VARCHAR",
'formtype' => "TEXT",
'op' => "like",
'prefix' => "%",
'suffix' => "%",
'width' => "",
'value' => "");
?>
\ No newline at end of file
<h2><tmpl_var name="list_head_txt"></h2>
<p><tmpl_var name="list_desc_txt"></p>
<div class="panel panel_web_folder">