Newer
Older
/* check if the domain module is used - and check if the selected domain can be used! */
if($app->tform->getCurrentTab() == 'domain') {
if($this->_vhostdomain_type == 'subdomain') {
// Check that domain (the subdomain part) is not empty
if(!preg_match('/^[a-zA-Z0-9].*/',$this->dataRecord['domain'])) {
$app->tform->errorMessage .= $app->tform->lng("subdomain_error_empty")."<br />";
}
}
/* check if the domain module is used - and check if the selected domain can be used! */
$app->uses('ini_parser,getconf');
$settings = $app->getconf->get_global_config('domains');
if ($settings['use_domain_module'] == 'y') {
if($this->_vhostdomain_type == 'subdomain') $domain_check = $app->tools_sites->checkDomainModuleDomain($this->dataRecord['sel_domain']);
else $domain_check = $app->tools_sites->checkDomainModuleDomain($this->dataRecord['domain']);
if(!$domain_check) {
// invalid domain selected
$app->tform->errorMessage .= $app->tform->lng("domain_error_empty")."<br />";
} else {
Sergio
committed
if ($this->_vhostdomain_type == 'domain' &&
($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid']))) {
$this->dataRecord['client_group_id'] = $app->tools_sites->getClientIdForDomain($this->dataRecord['domain']);
}
if($this->_vhostdomain_type == 'subdomain') $this->dataRecord['domain'] = $this->dataRecord['domain'] . '.' . $domain_check;
else $this->dataRecord['domain'] = $domain_check;
} else {
if($this->_vhostdomain_type == 'subdomain') $this->dataRecord["domain"] = $this->dataRecord["domain"].'.'.$parent_domain["domain"];
if($this->_vhostdomain_type != 'domain') {
$this->dataRecord['web_folder'] = strtolower($this->dataRecord['web_folder']);
if(substr($this->dataRecord['web_folder'], 0, 1) === '/') $this->dataRecord['web_folder'] = substr($this->dataRecord['web_folder'], 1);
if(substr($this->dataRecord['web_folder'], -1) === '/') $this->dataRecord['web_folder'] = substr($this->dataRecord['web_folder'], 0, -1);
$forbidden_folders = array('', 'cgi-bin', 'log', 'private', 'ssl', 'tmp', 'webdav');
$check_folder = strtolower($this->dataRecord['web_folder']);
if(substr($check_folder, 0, 1) === '/') $check_folder = substr($check_folder, 1); // strip / at beginning to check against forbidden entries
if(strpos($check_folder, '/') !== false) $check_folder = substr($check_folder, 0, strpos($check_folder, '/')); // get the first part of the path to check it
if(in_array($check_folder, $forbidden_folders)) {
$app->tform->errorMessage .= $app->tform->lng("web_folder_invalid_txt")."<br>";
}
// vhostaliasdomains do not have a quota of their own
$this->dataRecord["hd_quota"] = 0;
}
}
if($_SESSION["s"]["user"]["typ"] != 'admin') {
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
$client = $app->db->queryOneRecord("SELECT limit_traffic_quota, limit_web_domain, limit_web_aliasdomain, limit_web_subdomain, web_servers, parent_client_id, limit_web_quota, client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
$client['web_servers_ids'] = explode(',', $client['web_servers']);
if($client['limit_cgi'] != 'y') $this->dataRecord['cgi'] = 'n';
if($client['limit_ssi'] != 'y') $this->dataRecord['ssi'] = 'n';
if($client['limit_perl'] != 'y') $this->dataRecord['perl'] = 'n';
if($client['limit_ruby'] != 'y') $this->dataRecord['ruby'] = 'n';
if($client['limit_python'] != 'y') $this->dataRecord['python'] = 'n';
if($client['force_suexec'] == 'y') $this->dataRecord['suexec'] = 'y';
if($client['limit_hterror'] != 'y') $this->dataRecord['errordocs'] = 'n';
if($client['limit_wildcard'] != 'y' && $this->dataRecord['subdomain'] == '*') $this->dataRecord['subdomain'] = 'n';
if($client['limit_ssl'] != 'y') $this->dataRecord['ssl'] = 'n';
if($client['limit_ssl_letsencrypt'] != 'y') $this->dataRecord['ssl_letsencrypt'] = 'n';
if($client['limit_directive_snippets'] != 'y') $this->dataRecord['directive_snippets_id'] = 0;
// only generate quota and traffic warnings if value has changed
if($this->id > 0) {
$old_web_values = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $this->id);
} else {
$old_web_values = array();
}
if($this->_vhostdomain_type == 'domain') {
//* ensure that quota value is not 0 when vhost type = domain
if(isset($_POST["hd_quota"]) && $_POST["hd_quota"] == 0) {
$app->tform->errorMessage .= $app->tform->lng("limit_web_quota_not_0_txt")."<br>";
}
//* Check the website quota of the client
if(isset($_POST["hd_quota"]) && $client["limit_web_quota"] >= 0 && $_POST["hd_quota"] != $old_web_values["hd_quota"]) {
$tmp = $app->db->queryOneRecord("SELECT sum(hd_quota) as webquota FROM web_domain WHERE domain_id != ? AND type = 'vhost' AND ".$app->tform->getAuthSQL('u'), $this->id);
$webquota = $tmp["webquota"];
$new_web_quota = $app->functions->intval($this->dataRecord["hd_quota"]);
if(($webquota + $new_web_quota > $client["limit_web_quota"]) || ($new_web_quota < 0 && $client["limit_web_quota"] >= 0)) {
$max_free_quota = floor($client["limit_web_quota"] - $webquota);
if($max_free_quota < 0) $max_free_quota = 0;
$app->tform->errorMessage .= $app->tform->lng("limit_web_quota_free_txt").": ".$max_free_quota." MB<br>";
// Set the quota field to the max free space
$this->dataRecord["hd_quota"] = $max_free_quota;
}
unset($tmp);
unset($tmp_quota);
}
}
//* Check the traffic quota of the client
if(isset($_POST["traffic_quota"]) && $client["limit_traffic_quota"] > 0 && $_POST["traffic_quota"] != $old_web_values["traffic_quota"]) {
$tmp = $app->db->queryOneRecord("SELECT sum(traffic_quota) as trafficquota FROM web_domain WHERE domain_id != ? AND ".$app->tform->getAuthSQL('u'), $this->id);
$new_traffic_quota = $app->functions->intval($this->dataRecord["traffic_quota"]);
if(($trafficquota + $new_traffic_quota > $client["limit_traffic_quota"]) || ($new_traffic_quota < 0 && $client["limit_traffic_quota"] >= 0)) {
$max_free_quota = floor($client["limit_traffic_quota"] - $trafficquota);
if($max_free_quota < 0) $max_free_quota = 0;
$app->tform->errorMessage .= $app->tform->lng("limit_traffic_quota_free_txt").": ".$max_free_quota." MB<br>";
// Set the quota field to the max free space
$this->dataRecord["traffic_quota"] = $max_free_quota;
}
unset($tmp);
unset($tmp_quota);
}
if($client['parent_client_id'] > 0) {
// Get the limits of the reseller
$reseller = $app->db->queryOneRecord("SELECT limit_traffic_quota, limit_web_domain, limit_web_aliasdomain, limit_web_subdomain, web_servers, limit_web_quota FROM client WHERE client_id = ?", $client['parent_client_id']);
if($this->_vhostdomain_type == 'domain') {
//* Check the website quota of the client
if(isset($_POST["hd_quota"]) && $reseller["limit_web_quota"] >= 0 && $_POST["hd_quota"] != $old_web_values["hd_quota"]) {
$tmp = $app->db->queryOneRecord("SELECT sum(hd_quota) as webquota FROM web_domain, sys_group, client WHERE web_domain.sys_groupid=sys_group.groupid AND sys_group.client_id=client.client_id AND ? IN (client.parent_client_id, client.client_id) AND domain_id != ? AND type = 'vhost'", $client['parent_client_id'], $this->id);
$webquota = $tmp["webquota"];
$new_web_quota = $app->functions->intval($this->dataRecord["hd_quota"]);
if(($webquota + $new_web_quota > $reseller["limit_web_quota"]) || ($new_web_quota < 0 && $reseller["limit_web_quota"] >= 0)) {
$max_free_quota = floor($reseller["limit_web_quota"] - $webquota);
if($max_free_quota < 0) $max_free_quota = 0;
$app->tform->errorMessage .= $app->tform->lng("limit_web_quota_free_txt").": ".$max_free_quota." MB<br>";
// Set the quota field to the max free space
$this->dataRecord["hd_quota"] = $max_free_quota;
}
unset($tmp);
unset($tmp_quota);
}
}
//* Check the traffic quota of the client
if(isset($_POST["traffic_quota"]) && $reseller["limit_traffic_quota"] > 0 && $_POST["traffic_quota"] != $old_web_values["traffic_quota"]) {
$tmp = $app->db->queryOneRecord("SELECT sum(traffic_quota) as trafficquota FROM web_domain, sys_group, client WHERE web_domain.sys_groupid=sys_group.groupid AND sys_group.client_id=client.client_id AND ? IN (client.parent_client_id, client.client_id) AND domain_id != ? AND type = 'vhost'", $client['parent_client_id'], $this->id);
$new_traffic_quota = $app->functions->intval($this->dataRecord["traffic_quota"]);
if(($trafficquota + $new_traffic_quota > $reseller["limit_traffic_quota"]) || ($new_traffic_quota < 0 && $reseller["limit_traffic_quota"] >= 0)) {
$max_free_quota = floor($reseller["limit_traffic_quota"] - $trafficquota);
if($max_free_quota < 0) $max_free_quota = 0;
$app->tform->errorMessage .= $app->tform->lng("limit_traffic_quota_free_txt").": ".$max_free_quota." MB<br>";
// Set the quota field to the max free space
$this->dataRecord["traffic_quota"] = $max_free_quota;
}
unset($tmp);
unset($tmp_quota);
}
}
// When the record is updated
if($this->id > 0) {
// restore the server ID if the user is not admin and record is edited
$tmp = $app->db->queryOneRecord("SELECT server_id, `system_user`, `system_group`, `web_folder`, `cgi`, `ssi`, `perl`, `ruby`, `python`, `suexec`, `errordocs`, `subdomain`, `ssl`, `ssl_letsencrypt`, `directive_snippets_id` FROM web_domain WHERE domain_id = ?", $this->id);
$this->dataRecord["server_id"] = $tmp["server_id"];
if($this->_vhostdomain_type != 'domain') $this->dataRecord['web_folder'] = $tmp['web_folder']; // cannot be changed!
$this->dataRecord['system_user'] = $tmp['system_user'];
$this->dataRecord['system_group'] = $tmp['system_group'];
// set the settings to current if not provided (or cleared due to limits)
if($this->dataRecord['cgi'] == 'n') $this->dataRecord['cgi'] = $tmp['cgi'];
if($this->dataRecord['ssi'] == 'n') $this->dataRecord['ssi'] = $tmp['ssi'];
if($this->dataRecord['perl'] == 'n') $this->dataRecord['perl'] = $tmp['perl'];
if($this->dataRecord['ruby'] == 'n') $this->dataRecord['ruby'] = $tmp['ruby'];
if($this->dataRecord['python'] == 'n') $this->dataRecord['python'] = $tmp['python'];
if($this->dataRecord['suexec'] == 'n') $this->dataRecord['suexec'] = $tmp['suexec'];
if($this->dataRecord['errordocs'] == 'n') $this->dataRecord['errordocs'] = $tmp['errordocs'];
if($this->dataRecord['subdomain'] == 'n') $this->dataRecord['subdomain'] = $tmp['subdomain'];
if($this->dataRecord['ssl'] == 'n') $this->dataRecord['ssl'] = $tmp['ssl'];
if($this->dataRecord['ssl_letsencrypt'] == 'n') $this->dataRecord['ssl_letsencrypt'] = $tmp['ssl_letsencrypt'];
if($this->dataRecord['directive_snippets_id'] == 0) $this->dataRecord['directive_snippets_id'] = $tmp['directive_snippets_id'];
unset($tmp);
// When the record is inserted
} else {
if($this->_vhostdomain_type == 'domain') {
//* display an error if chosen server is not allowed for this client
if (!is_array($client['web_servers_ids']) || !in_array($this->dataRecord['server_id'], $client['web_servers_ids'])) {
$app->error($app->tform->wordbook['server_chosen_not_ok']);
}
// Check if the user may add another web_domain
if($this->_vhostdomain_type == 'domain' && $client["limit_web_domain"] >= 0) {
$tmp = $app->db->queryOneRecord("SELECT count(domain_id) as number FROM web_domain WHERE sys_groupid = ? and type = 'vhost'", $client_group_id);
if($tmp["number"] >= $client["limit_web_domain"]) {
$app->error($app->tform->wordbook["limit_web_domain_txt"]);
}
} elseif($this->_vhostdomain_type == 'aliasdomain' && $client["limit_web_aliasdomain"] >= 0) {
$tmp = $app->db->queryOneRecord("SELECT count(domain_id) as number FROM web_domain WHERE sys_groupid = ? and (type = 'alias' OR type = 'vhostalias')", $client_group_id);
if($tmp["number"] >= $client["limit_web_aliasdomain"]) {
$app->error($app->tform->wordbook["limit_web_aliasdomain_txt"]);
}
} elseif($this->_vhostdomain_type == 'subdomain' && $client["limit_web_subdomain"] >= 0) {
$tmp = $app->db->queryOneRecord("SELECT count(domain_id) as number FROM web_domain WHERE sys_groupid = ? and (type = 'subdomain' OR type = 'vhostsubdomain')", $client_group_id);
if($tmp["number"] >= $client["limit_web_subdomain"]) {
$app->error($app->tform->wordbook["limit_web_subdomain_txt"]);
}
}
}
// Clients may not set the client_group_id, so we unset them if user is not a admin and the client is not a reseller
if(!$app->auth->has_clients($_SESSION['s']['user']['userid'])) unset($this->dataRecord["client_group_id"]);
}
//* make sure that the domain is lowercase
if(isset($this->dataRecord["domain"])) $this->dataRecord["domain"] = strtolower($this->dataRecord["domain"]);
//* get the server config for this server
$app->uses("getconf");
if($this->id > 0){
$web_rec = $app->tform->getDataRecord($this->id);
$server_id = $web_rec["server_id"];
} else {
// Get the first server ID
$tmp = $app->db->queryOneRecord("SELECT server_id FROM server WHERE web_server = 1 ORDER BY server_name LIMIT 0,1");
$server_id = intval($tmp['server_id']);
}
$web_config = $app->getconf->get_server_config($app->functions->intval(isset($this->dataRecord["server_id"]) ? $this->dataRecord["server_id"] : $server_id), 'web');
//* Check for duplicate ssl certs per IP if SNI is disabled
if(isset($this->dataRecord['ssl']) && $this->dataRecord['ssl'] == 'y' && $web_config['enable_sni'] != 'y') {
$sql = "SELECT count(domain_id) as number FROM web_domain WHERE `ssl` = 'y' AND ip_address = ? and domain_id != ?";
$tmp = $app->db->queryOneRecord($sql, $this->dataRecord['ip_address'], $this->id);
if($tmp['number'] > 0) $app->tform->errorMessage .= $app->tform->lng("error_no_sni_txt");
}
// Check if pm.max_children >= pm.max_spare_servers >= pm.start_servers >= pm.min_spare_servers > 0
if(isset($this->dataRecord['pm_max_children']) && $this->dataRecord['pm'] == 'dynamic') {
if($app->functions->intval($this->dataRecord['pm_max_children'], true) >= $app->functions->intval($this->dataRecord['pm_max_spare_servers'], true) && $app->functions->intval($this->dataRecord['pm_max_spare_servers'], true) >= $app->functions->intval($this->dataRecord['pm_start_servers'], true) && $app->functions->intval($this->dataRecord['pm_start_servers'], true) >= $app->functions->intval($this->dataRecord['pm_min_spare_servers'], true) && $app->functions->intval($this->dataRecord['pm_min_spare_servers'], true) > 0){
} else {
$app->tform->errorMessage .= $app->tform->lng("error_php_fpm_pm_settings_txt").'<br>';
}
}
// Check rewrite rules
$server_type = $web_config['server_type'];
if($server_type == 'nginx' && isset($this->dataRecord['rewrite_rules']) && trim($this->dataRecord['rewrite_rules']) != '') {
$rewrite_rules = trim($this->dataRecord['rewrite_rules']);
$rewrites_are_valid = true;
// use this counter to make sure all curly brackets are properly closed
$if_level = 0;
// Make sure we only have Unix linebreaks
$rewrite_rules = str_replace("\r\n", "\n", $rewrite_rules);
$rewrite_rules = str_replace("\r", "\n", $rewrite_rules);
$rewrite_rule_lines = explode("\n", $rewrite_rules);
if(is_array($rewrite_rule_lines) && !empty($rewrite_rule_lines)){
foreach($rewrite_rule_lines as $rewrite_rule_line){
if(substr(ltrim($rewrite_rule_line), 0, 1) == '#') continue;
// empty lines
if(trim($rewrite_rule_line) == '') continue;
// rewrite
if(preg_match('@^\s*rewrite\s+(^/)?\S+(\$)?\s+\S+(\s+(last|break|redirect|permanent|))?\s*;\s*$@', $rewrite_rule_line)) continue;
Falko Timme
committed
if(preg_match('@^\s*rewrite\s+(^/)?(\'[^\']+\'|"[^"]+")+(\$)?\s+(\'[^\']+\'|"[^"]+")+(\s+(last|break|redirect|permanent|))?\s*;\s*$@', $rewrite_rule_line)) continue;
if(preg_match('@^\s*rewrite\s+(^/)?(\'[^\']+\'|"[^"]+")+(\$)?\s+\S+(\s+(last|break|redirect|permanent|))?\s*;\s*$@', $rewrite_rule_line)) continue;
if(preg_match('@^\s*rewrite\s+(^/)?\S+(\$)?\s+(\'[^\']+\'|"[^"]+")+(\s+(last|break|redirect|permanent|))?\s*;\s*$@', $rewrite_rule_line)) continue;
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
// if
if(preg_match('@^\s*if\s+\(\s*\$\S+(\s+(\!?(=|~|~\*))\s+(\S+|\".+\"))?\s*\)\s*\{\s*$@', $rewrite_rule_line)){
$if_level += 1;
continue;
}
// if - check for files, directories, etc.
if(preg_match('@^\s*if\s+\(\s*\!?-(f|d|e|x)\s+\S+\s*\)\s*\{\s*$@', $rewrite_rule_line)){
$if_level += 1;
continue;
}
// break
if(preg_match('@^\s*break\s*;\s*$@', $rewrite_rule_line)){
continue;
}
// return code [ text ]
if(preg_match('@^\s*return\s+\d\d\d.*;\s*$@', $rewrite_rule_line)) continue;
// return code URL
// return URL
if(preg_match('@^\s*return(\s+\d\d\d)?\s+(http|https|ftp)\://([a-zA-Z0-9\.\-]+(\:[a-zA-Z0-9\.&%\$\-]+)*\@)*((25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|[1-9])\.(25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|[1-9]|0)\.(25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|[1-9]|0)\.(25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|[0-9])|localhost|([a-zA-Z0-9\-]+\.)*[a-zA-Z0-9\-]+\.(com|edu|gov|int|mil|net|org|biz|arpa|info|name|pro|aero|coop|museum|[a-zA-Z]{2}))(\:[0-9]+)*(/($|[a-zA-Z0-9\.\,\?\'\\\+&%\$#\=~_\-]+))*\s*;\s*$@', $rewrite_rule_line)) continue;
// set
if(preg_match('@^\s*set\s+\$\S+\s+\S+\s*;\s*$@', $rewrite_rule_line)) continue;
// closing curly bracket
if(trim($rewrite_rule_line) == '}'){
$if_level -= 1;
continue;
}
$rewrites_are_valid = false;
break;
}
}
if(!$rewrites_are_valid || $if_level != 0){
$app->tform->errorMessage .= $app->tform->lng("invalid_rewrite_rules_txt").'<br>';
}
}
// check custom php.ini settings
if(isset($this->dataRecord['custom_php_ini']) && trim($this->dataRecord['custom_php_ini']) != '') {
$custom_php_ini_settings = trim($this->dataRecord['custom_php_ini']);
$custom_php_ini_settings_are_valid = true;
// Make sure we only have Unix linebreaks
$custom_php_ini_settings = str_replace("\r\n", "\n", $custom_php_ini_settings);
$custom_php_ini_settings = str_replace("\r", "\n", $custom_php_ini_settings);
$custom_php_ini_settings_lines = explode("\n", $custom_php_ini_settings);
if(is_array($custom_php_ini_settings_lines) && !empty($custom_php_ini_settings_lines)){
foreach($custom_php_ini_settings_lines as $custom_php_ini_settings_line){
if(trim($custom_php_ini_settings_line) == '') continue;
if(substr(trim($custom_php_ini_settings_line),0,1) == ';') continue;
// empty value
if(preg_match('@^\s*;*\s*[a-zA-Z0-9._]*\s*=\s*;*\s*$@', $custom_php_ini_settings_line)) continue;
// value inside ""
if(preg_match('@^\s*;*\s*[a-zA-Z0-9._]*\s*=\s*".*"\s*;*\s*$@', $custom_php_ini_settings_line)) continue;
// value inside ''
if(preg_match('@^\s*;*\s*[a-zA-Z0-9._]*\s*=\s*\'.*\'\s*;*\s*$@', $custom_php_ini_settings_line)) continue;
// everything else
if(preg_match('@^\s*;*\s*[a-zA-Z0-9._]*\s*=\s*[-a-zA-Z0-9~&=_\@/,.#\{\}\s\|]*\s*;*\s*$@', $custom_php_ini_settings_line)) continue;
$custom_php_ini_settings_are_valid = false;
break;
}
}
if(!$custom_php_ini_settings_are_valid){
$app->tform->errorMessage .= $app->tform->lng("invalid_custom_php_ini_settings_txt").'<br>';
}
}
if($web_config['enable_spdy'] === 'n') {
unset($app->tform->formDef["tabs"]['ssl']['fields']['enable_spdy']);
}
Florian Schaal
committed
// if($this->dataRecord["directive_snippets_id"] < 1) $this->dataRecord["enable_pagespeed"] = 'n';
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
//print_r($_POST['folder_directive_snippets']);
//print_r($_POST['folder_directive_snippets_id']);
if(isset($_POST['folder_directive_snippets'])){
$this->dataRecord['folder_directive_snippets'] = '';
if(is_array($_POST['folder_directive_snippets']) && !empty($_POST['folder_directive_snippets'])){
$existing_directive_snippets_folders = array();
foreach($_POST['folder_directive_snippets'] as $folder_directive_snippet){
$folder_directive_snippet['folder'] = trim($folder_directive_snippet['folder']);
if($folder_directive_snippet['folder'] != '' && intval($folder_directive_snippet['snippets_id']) > 0){
if(substr($folder_directive_snippet['folder'], -1) != '/') $folder_directive_snippet['folder'] .= '/';
if(substr($folder_directive_snippet['folder'], 0, 1) == '/') $folder_directive_snippet['folder'] = substr($folder_directive_snippet['folder'], 1);
if(in_array($folder_directive_snippet['folder'], $existing_directive_snippets_folders)){
$app->tform->errorMessage .= $app->tform->lng("config_for_folder_exists_already_txt").'<br>';
} else {
$existing_directive_snippets_folders[] = $folder_directive_snippet['folder'];
}
$this->dataRecord['folder_directive_snippets'] .= $folder_directive_snippet['folder'].':'.intval($folder_directive_snippet['snippets_id'])."\n";
}
if(!preg_match('@^((?!(.*\.\.)|(.*\./)|(.*//))[^/][\w/_\.\-]{1,100})?$@', $folder_directive_snippet['folder'])) $app->tform->errorMessage .= $app->tform->lng("web_folder_error_regex").'<br>';
}
}
$this->dataRecord['folder_directive_snippets'] = trim($this->dataRecord['folder_directive_snippets']);
}
Till Brehm
committed
// Check custom PHP version
if(isset($this->dataRecord['fastcgi_php_version']) && $this->dataRecord['fastcgi_php_version'] != '') {
// Check php-fpm mode
if($this->dataRecord['php'] == 'php-fpm'){
$tmp = $app->db->queryOneRecord("SELECT * FROM server_php WHERE active = 'y' AND CONCAT(name,':',php_fpm_init_script,':',php_fpm_ini_dir,':',php_fpm_pool_dir) = '".$app->db->quote($this->dataRecord['fastcgi_php_version'])."'");
Till Brehm
committed
if(is_array($tmp)) {
$this->dataRecord['fastcgi_php_version'] = $tmp['name'].':'.$tmp['php_fpm_init_script'].':'.$tmp['php_fpm_ini_dir'].':'.$tmp['php_fpm_pool_dir'];
} else {
$this->dataRecord['fastcgi_php_version'] = '';
}
unset($tmp);
// Check fast-cgi mode
} elseif($this->dataRecord['php'] == 'fast-cgi') {
$tmp = $app->db->queryOneRecord("SELECT * FROM server_php WHERE active = 'y' AND CONCAT(name,':',php_fastcgi_binary,':',php_fastcgi_ini_dir) = '".$app->db->quote($this->dataRecord['fastcgi_php_version'])."'");
Till Brehm
committed
if(is_array($tmp)) {
$this->dataRecord['fastcgi_php_version'] = $tmp['name'].':'.$tmp['php_fastcgi_binary'].':'.$tmp['php_fastcgi_ini_dir'];
} else {
$this->dataRecord['fastcgi_php_version'] = '';
}
unset($tmp);
} else {
// Other PHP modes do not have custom versions, so we force the value to be empty
$this->dataRecord['fastcgi_php_version'] = '';
}
}
function onBeforeInsert() {
global $app, $conf;
// Letsencrypt can not be activated before the website has been created
// So we deactivate it here and add a datalog update in onAfterInsert
if(isset($this->dataRecord['ssl_letsencrypt']) && $this->dataRecord['ssl_letsencrypt'] == 'y' && isset($this->dataRecord['ssl']) && $this->dataRecord['ssl'] == 'y') {
// Disable letsencrypt and ssl temporarily
$this->dataRecord['ssl_letsencrypt'] = 'n';
$this->dataRecord['ssl'] = 'n';
// Prevent that the datalog history gets written
$app->tform->formDef['db_history'] = 'no';
// Set variable that we check in onAfterInsert
$this->_letsencrypt_on_insert = true;
}
}
function onAfterInsert() {
global $app, $conf;
// make sure that the record belongs to the clinet group and not the admin group when admin inserts it
// also make sure that the user can not delete domain created by a admin
if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) {
$client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
$app->db->query("UPDATE web_domain SET sys_groupid = ?, sys_perm_group = 'ru' WHERE domain_id = ?", $client_group_id, $this->id);
}
if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($this->dataRecord["client_group_id"])) {
$client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
$app->db->query("UPDATE web_domain SET sys_groupid = ?, sys_perm_group = 'riud' WHERE domain_id = ?", $client_group_id, $this->id);
}
// Get configuration for the web system
$app->uses("getconf");
$web_rec = $app->tform->getDataRecord($this->id);
$web_config = $app->getconf->get_server_config($app->functions->intval($web_rec["server_id"]), 'web');
// get global log retention value as default for web log retention
$server_config = $app->getconf->get_server_config($app->functions->intval($web_rec["server_id"]), 'server');
if($server_config['log_retention'] > 0) {
$log_retention = $server_config['log_retention'];
} else {
$log_retention = 10;
}
// Get default value for chrooted PHP-FPM
$php_fpm_chroot = 'n';
if (!empty($web_config['php_fpm_default_chroot'])) {
$php_fpm_chroot = $web_config['php_fpm_default_chroot'];
}
if($this->_vhostdomain_type == 'domain') {
$document_root = str_replace("[website_id]", $this->id, $web_config["website_path"]);
$document_root = str_replace("[website_idhash_1]", $this->id_hash($page_form->id, 1), $document_root);
$document_root = str_replace("[website_idhash_2]", $this->id_hash($page_form->id, 1), $document_root);
$document_root = str_replace("[website_idhash_3]", $this->id_hash($page_form->id, 1), $document_root);
$document_root = str_replace("[website_idhash_4]", $this->id_hash($page_form->id, 1), $document_root);
// get the ID of the client
if($_SESSION["s"]["user"]["typ"] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) {
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
$client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = ?", $client_group_id);
$client_id = $app->functions->intval($client["client_id"]);
} else {
//$client_id = $app->functions->intval($this->dataRecord["client_group_id"]);
$client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = ?", $this->dataRecord["client_group_id"]);
$client_id = $app->functions->intval($client["client_id"]);
}
// Set the values for document_root, system_user and system_group
$system_user = 'web'.$this->id;
$system_group = 'client'.$client_id;
$document_root = str_replace("[client_id]", $client_id, $document_root);
$document_root = str_replace("[client_idhash_1]", $this->id_hash($client_id, 1), $document_root);
$document_root = str_replace("[client_idhash_2]", $this->id_hash($client_id, 2), $document_root);
$document_root = str_replace("[client_idhash_3]", $this->id_hash($client_id, 3), $document_root);
$document_root = str_replace("[client_idhash_4]", $this->id_hash($client_id, 4), $document_root);
$document_root = $document_root;
$php_open_basedir = str_replace("[website_path]", $document_root, $web_config["php_open_basedir"]);
$php_open_basedir = str_replace("[website_domain]", $web_rec['domain'], $php_open_basedir);
$htaccess_allow_override = $web_config["htaccess_allow_override"];
$added_by = $_SESSION['s']['user']['username'];
$sql = "UPDATE web_domain SET system_user = ?, system_group = ?, document_root = ?, allow_override = ?, php_open_basedir = ?, added_date = CURDATE(), added_by = ?, log_retention = ?, php_fpm_chroot = ? WHERE domain_id = ?";
$app->db->query($sql, $system_user, $system_group, $document_root, $htaccess_allow_override, $php_open_basedir, $added_by, $log_retention, $php_fpm_chroot, $this->id);
} else {
// Set the values for document_root, system_user and system_group
$system_user = $this->parent_domain_record['system_user'];
$system_group = $this->parent_domain_record['system_group'];
$document_root = $this->parent_domain_record['document_root'];
$php_open_basedir = str_replace("[website_path]/web", $document_root.'/'.$web_rec['web_folder'], $web_config["php_open_basedir"]);
$php_open_basedir = str_replace("[website_domain]/web", $web_rec['domain'].'/'.$web_rec['web_folder'], $php_open_basedir);
$php_open_basedir = str_replace("[website_path]", $document_root, $php_open_basedir);
$php_open_basedir = str_replace("[website_domain]", $web_rec['domain'], $php_open_basedir);
$htaccess_allow_override = $this->parent_domain_record['allow_override'];
$added_by = $_SESSION['s']['user']['username'];
$sql = "UPDATE web_domain SET sys_groupid = ?, system_user = ?, system_group = ?, document_root = ?, allow_override = ?, php_open_basedir = ?, added_date = CURDATE(), added_by = ?, log_retention = ?, php_fpm_chroot = ? WHERE domain_id = ?";
$app->db->query($sql, $this->parent_domain_record['sys_groupid'], $system_user, $system_group, $document_root, $htaccess_allow_override, $php_open_basedir, $added_by, $log_retention, $php_fpm_chroot, $this->id);
if(isset($this->dataRecord['folder_directive_snippets'])) $app->db->query("UPDATE web_domain SET folder_directive_snippets = ? WHERE domain_id = ?", $this->dataRecord['folder_directive_snippets'], $this->id);
// Add a datalog insert without letsencrypt and then an update with letsencrypt enabled (see also onBeforeInsert)
if($this->_letsencrypt_on_insert == true) {
$new_data_record = $app->tform->getDataRecord($this->id);
$app->tform->datalogSave('INSERT', $this->id, array(), $new_data_record);
$new_data_record['ssl_letsencrypt'] = 'y';
$new_data_record['ssl'] = 'y';
$app->db->datalogUpdate('web_domain', $new_data_record, 'domain_id', $this->id);
}
}
function onBeforeUpdate () {
global $app, $conf;
if($this->_vhostdomain_type == 'domain') {
//* Check if the server has been changed
// We do this only for the admin or reseller users, as normal clients can not change the server ID anyway
if($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
if (isset($this->dataRecord["server_id"])) {
$rec = $app->db->queryOneRecord("SELECT server_id from web_domain WHERE domain_id = ?", $this->id);
if($rec['server_id'] != $this->dataRecord["server_id"]) {
//* Add a error message and switch back to old server
$app->tform->errorMessage .= $app->lng('The Server can not be changed.');
$this->dataRecord["server_id"] = $rec['server_id'];
}
unset($rec);
}
//* If the user is neither admin nor reseller
} else {
//* We do not allow users to change a domain which has been created by the admin
$rec = $app->db->queryOneRecord("SELECT sys_perm_group, domain, ip_address, ipv6_address from web_domain WHERE domain_id = ?", $this->id);
if(isset($this->dataRecord["domain"]) && $rec['domain'] != $this->dataRecord["domain"] && !$app->tform->checkPerm($this->id, 'u')) {
//* Add a error message and switch back to old server
$app->tform->errorMessage .= $app->lng('The Domain can not be changed. Please ask your Administrator if you want to change the domain name.');
$this->dataRecord["domain"] = $rec['domain'];
}
if(isset($this->dataRecord["ip_address"]) && $rec['ip_address'] != $this->dataRecord["ip_address"] && $rec['sys_perm_group'] != 'riud') {
Florian Schaal
committed
//* Add a error message and switch back to old server
$app->tform->errorMessage .= $app->lng('The IP can not be changed. Please ask your Administrator if you want to change the IPv4-Address.');
$this->dataRecord["ip_address"] = $rec['ip_address'];
}
if(isset($this->dataRecord["ipv6_address"]) && $rec['ipv6_address'] != $this->dataRecord["ipv6_address"] && $rec['sys_perm_group'] != 'riud') {
Florian Schaal
committed
//* Add a error message and switch back to old server
$app->tform->errorMessage .= $app->lng('The IP can not be changed. Please ask your Administrator if you want to change the IPv6-Address.');
$this->dataRecord["ipv6_address"] = $rec['ipv6_address'];
}
unset($rec);
}
}
//* Check that all fields for the SSL cert creation are filled
if(isset($this->dataRecord['ssl_action']) && $this->dataRecord['ssl_action'] == 'create') {
if($this->dataRecord['ssl_country'] == '') $app->tform->errorMessage .= $app->tform->lng('error_ssl_country_empty').'<br />';
}
if(isset($this->dataRecord['ssl_action']) && $this->dataRecord['ssl_action'] == 'save') {
if(trim($this->dataRecord['ssl_cert']) == '') $app->tform->errorMessage .= $app->tform->lng('error_ssl_cert_empty').'<br />';
}
}
function onAfterUpdate() {
global $app, $conf;
if(isset($this->dataRecord['folder_directive_snippets'])) $app->db->query("UPDATE web_domain SET folder_directive_snippets = ? WHERE domain_id = ?", $this->dataRecord['folder_directive_snippets'], $this->id);
}
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
function validateDefaultFastcgiPhpVersion() {
global $app;
// If PHP is not enabled, we don't need to validate the default PHP version
if (empty($this->dataRecord['php']) || 'no' === $this->dataRecord['php']) {
return;
}
// If the default PHP version is not hidden, we don't need to do any additional validation
$app->uses('getconf');
$web_config = $app->getconf->get_server_config($this->dataRecord['server_id'], 'web');
if (empty($web_config['php_default_hide']) || 'n' === $web_config['php_default_hide']) {
return;
}
// The default PHP version is indicated by an empty string, so if the default PHP version is hidden
// then an empty string is not a valid PHP version.
if (empty($this->dataRecord['fastcgi_php_version'])) {
$app->tform->errorMessage .= sprintf('%s<br>', $app->tform->lng('fastcgi_php_version_invalid_txt'));
return;
}
// If the default PHP version is now hidden but this vhost was using it, we don't want to implicitly
// switch the user to some random Additional PHP version. So we show a warning instead.
$old_fastcgi_php_version = null;
if ($this->id > 0) {
$existing = $app->db->queryOneRecord('SELECT fastcgi_php_version FROM web_domain WHERE domain_id = ?', $this->id);
$old_fastcgi_php_version = $existing['fastcgi_php_version'];
}
if ('' === $old_fastcgi_php_version) {
// Warning was already shown, user confirmed the new PHP version
if (!empty($_POST['fastcgi_php_version_default_hidden_warning_confirmed'])) {
return;
}
$app->tform->errorMessage .= sprintf('%s<br>', $app->tform->lng('fastcgi_php_version_default_hidden_warning_txt'));
$app->tpl->setVar('fastcgi_php_version_default_hidden_warning_confirmed', 1);
}
}
}
$page = new page_action;
$page->onLoad();