Skip to content
nginx_plugin.inc.php 105 KiB
Newer Older
Falko Timme's avatar
Falko Timme committed
						$tmp_redirect_path_parts = parse_url($tmp_redirect_path);
						if(substr($tmp_redirect_path_parts['host'],-strlen($data['new']['domain'])) == $data['new']['domain'] && ($tmp_redirect_path_parts['port'] == '80' || $tmp_redirect_path_parts['port'] == '443' || !isset($tmp_redirect_path_parts['port']))){
							if(substr($tmp_redirect_path_parts['path'],-1) == '/') $tmp_redirect_path_parts['path'] = substr($tmp_redirect_path_parts['path'],0,-1);
							if(substr($tmp_redirect_path_parts['path'],0,1) != '/') $tmp_redirect_path_parts['path'] = '/'.$tmp_redirect_path_parts['path'];
							$rewrite_exclude = '(?!'.$tmp_redirect_path_parts['path'].')';
						} else {
							$rewrite_exclude = '(.?)';
						}
						unset($tmp_redirect_path);
						unset($tmp_redirect_path_parts);
					}
					$rewrite_rules[] = array(	'rewrite_domain' 	=> '(^|\.)'.$this->_rewrite_quote($data['new']['domain']),
						'rewrite_type' 		=> ($data['new']['redirect_type'] == 'no')?'':$data['new']['redirect_type'],
Falko Timme's avatar
Falko Timme committed
						'rewrite_target' 	=> $data['new']['redirect_path'],
						'rewrite_exclude'	=> $rewrite_exclude);
Falko Timme's avatar
Falko Timme committed
					break;
Falko Timme's avatar
Falko Timme committed
					if(substr($data['new']['redirect_path'],0,1) == '/'){ // relative path
						$rewrite_exclude = '(?!'.substr($data['new']['redirect_path'],0,-1).')';
					} else { // URL - check if URL is local
						$tmp_redirect_path = $data['new']['redirect_path'];
						if(substr($tmp_redirect_path,0,7) == '$scheme') $tmp_redirect_path = 'http'.substr($tmp_redirect_path,7);
						$tmp_redirect_path_parts = parse_url($tmp_redirect_path);
						if($tmp_redirect_path_parts['host'] == $data['new']['domain'] && ($tmp_redirect_path_parts['port'] == '80' || $tmp_redirect_path_parts['port'] == '443' || !isset($tmp_redirect_path_parts['port']))){
							if(substr($tmp_redirect_path_parts['path'],-1) == '/') $tmp_redirect_path_parts['path'] = substr($tmp_redirect_path_parts['path'],0,-1);
							if(substr($tmp_redirect_path_parts['path'],0,1) != '/') $tmp_redirect_path_parts['path'] = '/'.$tmp_redirect_path_parts['path'];
							$rewrite_exclude = '(?!'.$tmp_redirect_path_parts['path'].')';
						} else {
							$rewrite_exclude = '(.?)';
						}
						unset($tmp_redirect_path);
						unset($tmp_redirect_path_parts);
					}
					$rewrite_rules[] = array(	'rewrite_domain' 	=> '^'.$this->_rewrite_quote($data['new']['domain']),
					'rewrite_type' 		=> ($data['new']['redirect_type'] == 'no')?'':$data['new']['redirect_type'],
Falko Timme's avatar
Falko Timme committed
					'rewrite_target' 	=> $data['new']['redirect_path'],
					'rewrite_exclude'	=> $rewrite_exclude);
		
		$server_alias = array();
		
		// get autoalias
		$auto_alias = $web_config['website_autoalias'];
		if($auto_alias != '') {
			// get the client username
			$client = $app->db->queryOneRecord("SELECT `username` FROM `client` WHERE `client_id` = '" . intval($client_id) . "'");
			$aa_search = array('[client_id]', '[website_id]', '[client_username]', '[website_domain]');
			$aa_replace = array($client_id, $data['new']['domain_id'], $client['username'], $data['new']['domain']);
			$auto_alias = str_replace($aa_search, $aa_replace, $auto_alias);
			unset($client);
			unset($aa_search);
			unset($aa_replace);
			$server_alias[] .= $auto_alias.' ';
		// get alias domains (co-domains and subdomains)
		$aliases = $app->db->queryAllRecords('SELECT * FROM web_domain WHERE parent_domain_id = '.$data['new']['domain_id']." AND active = 'y' AND type != 'vhostsubdomain'");
Falko Timme's avatar
Falko Timme committed
				$server_alias[] = 'www.'.$data['new']['domain'].' ';
Falko Timme's avatar
Falko Timme committed
				$server_alias[] = '*.'.$data['new']['domain'].' ';
				break;
		}
		if(is_array($aliases)) {
			foreach($aliases as $alias) {
				switch($alias['subdomain']) {
					case 'www':
Falko Timme's avatar
Falko Timme committed
						$server_alias[] = 'www.'.$alias['domain'].' '.$alias['domain'].' ';
Falko Timme's avatar
Falko Timme committed
						$server_alias[] = '*.'.$alias['domain'].' '.$alias['domain'].' ';
Falko Timme's avatar
Falko Timme committed
						$server_alias[] = $alias['domain'].' ';
						break;
				}
				$app->log('Add server alias: '.$alias['domain'],LOGLEVEL_DEBUG);
Falko Timme's avatar
Falko Timme committed
				// Rewriting
				if($alias['redirect_type'] != '' && $alias['redirect_path'] != '') {
					if(substr($alias['redirect_path'],-1) != '/') $alias['redirect_path'] .= '/';
Falko Timme's avatar
Falko Timme committed
					if(substr($alias['redirect_path'],0,8) == '[scheme]') $alias['redirect_path'] = '$scheme'.substr($alias['redirect_path'],8);	
Falko Timme's avatar
Falko Timme committed
					/* Disabled the path extension
					if($data['new']['redirect_type'] == 'no' && substr($data['new']['redirect_path'],0,4) != 'http') {
						$data['new']['redirect_path'] = $data['new']['document_root'].'/web'.realpath($data['new']['redirect_path']).'/';
					}
					*/
Falko Timme's avatar
Falko Timme committed
					switch($alias['subdomain']) {
						case 'www':
Falko Timme's avatar
Falko Timme committed
							if(substr($alias['redirect_path'],0,1) == '/'){ // relative path
								$rewrite_exclude = '(?!'.substr($alias['redirect_path'],0,-1).')';
							} else { // URL - check if URL is local
								$tmp_redirect_path = $alias['redirect_path'];
								if(substr($tmp_redirect_path,0,7) == '$scheme') $tmp_redirect_path = 'http'.substr($tmp_redirect_path,7);
								$tmp_redirect_path_parts = parse_url($tmp_redirect_path);
								if($tmp_redirect_path_parts['host'] == $alias['domain'] && ($tmp_redirect_path_parts['port'] == '80' || $tmp_redirect_path_parts['port'] == '443' || !isset($tmp_redirect_path_parts['port']))){
									if(substr($tmp_redirect_path_parts['path'],-1) == '/') $tmp_redirect_path_parts['path'] = substr($tmp_redirect_path_parts['path'],0,-1);
									if(substr($tmp_redirect_path_parts['path'],0,1) != '/') $tmp_redirect_path_parts['path'] = '/'.$tmp_redirect_path_parts['path'];
									$rewrite_exclude = '(?!'.$tmp_redirect_path_parts['path'].')';
								} else {
									$rewrite_exclude = '(.?)';
								}
								unset($tmp_redirect_path);
								unset($tmp_redirect_path_parts);
							}
							$rewrite_rules[] = array(	'rewrite_domain' 	=> '^'.$this->_rewrite_quote($alias['domain']),
								'rewrite_type' 		=> ($alias['redirect_type'] == 'no')?'':$alias['redirect_type'],
Falko Timme's avatar
Falko Timme committed
								'rewrite_target' 	=> $alias['redirect_path'],
								'rewrite_exclude'	=> $rewrite_exclude);
								
							if(substr($alias['redirect_path'],0,1) == '/'){ // relative path
								$rewrite_exclude = '(?!'.substr($alias['redirect_path'],0,-1).')';
							} else { // URL - check if URL is local
								$tmp_redirect_path = $alias['redirect_path'];
								if(substr($tmp_redirect_path,0,7) == '$scheme') $tmp_redirect_path = 'http'.substr($tmp_redirect_path,7);
								$tmp_redirect_path_parts = parse_url($tmp_redirect_path);
								if($tmp_redirect_path_parts['host'] == 'www.'.$alias['domain'] && ($tmp_redirect_path_parts['port'] == '80' || $tmp_redirect_path_parts['port'] == '443' || !isset($tmp_redirect_path_parts['port']))){
									if(substr($tmp_redirect_path_parts['path'],-1) == '/') $tmp_redirect_path_parts['path'] = substr($tmp_redirect_path_parts['path'],0,-1);
									if(substr($tmp_redirect_path_parts['path'],0,1) != '/') $tmp_redirect_path_parts['path'] = '/'.$tmp_redirect_path_parts['path'];
									$rewrite_exclude = '(?!'.$tmp_redirect_path_parts['path'].')';
								} else {
									$rewrite_exclude = '(.?)';
								}
								unset($tmp_redirect_path);
								unset($tmp_redirect_path_parts);
							}
							$rewrite_rules[] = array(	'rewrite_domain' 	=> '^' . $this->_rewrite_quote('www.'.$alias['domain']),
									'rewrite_type' 		=> ($alias['redirect_type'] == 'no')?'':$alias['redirect_type'],
Falko Timme's avatar
Falko Timme committed
									'rewrite_target' 	=> $alias['redirect_path'],
									'rewrite_exclude'	=> $rewrite_exclude);
Falko Timme's avatar
Falko Timme committed
							break;
						case '*':
Falko Timme's avatar
Falko Timme committed
							if(substr($alias['redirect_path'],0,1) == '/'){ // relative path
								$rewrite_exclude = '(?!'.substr($alias['redirect_path'],0,-1).')';
							} else { // URL - check if URL is local
								$tmp_redirect_path = $alias['redirect_path'];
								if(substr($tmp_redirect_path,0,7) == '$scheme') $tmp_redirect_path = 'http'.substr($tmp_redirect_path,7);
								$tmp_redirect_path_parts = parse_url($tmp_redirect_path);
								if(substr($tmp_redirect_path_parts['host'],-strlen($alias['domain'])) == $alias['domain'] && ($tmp_redirect_path_parts['port'] == '80' || $tmp_redirect_path_parts['port'] == '443' || !isset($tmp_redirect_path_parts['port']))){
									if(substr($tmp_redirect_path_parts['path'],-1) == '/') $tmp_redirect_path_parts['path'] = substr($tmp_redirect_path_parts['path'],0,-1);
									if(substr($tmp_redirect_path_parts['path'],0,1) != '/') $tmp_redirect_path_parts['path'] = '/'.$tmp_redirect_path_parts['path'];
									$rewrite_exclude = '(?!'.$tmp_redirect_path_parts['path'].')';
								} else {
									$rewrite_exclude = '(.?)';
								}
								unset($tmp_redirect_path);
								unset($tmp_redirect_path_parts);
							}
							$rewrite_rules[] = array(	'rewrite_domain' 	=> '(^|\.)' . $this->_rewrite_quote($alias['domain']),
								'rewrite_type' 		=> ($alias['redirect_type'] == 'no')?'':$alias['redirect_type'],
Falko Timme's avatar
Falko Timme committed
								'rewrite_target' 	=> $alias['redirect_path'],
								'rewrite_exclude'	=> $rewrite_exclude);
Falko Timme's avatar
Falko Timme committed
							break;
Falko Timme's avatar
Falko Timme committed
							if(substr($alias['redirect_path'],0,1) == '/'){ // relative path
								$rewrite_exclude = '(?!'.substr($alias['redirect_path'],0,-1).')';
							} else { // URL - check if URL is local
								$tmp_redirect_path = $alias['redirect_path'];
								if(substr($tmp_redirect_path,0,7) == '$scheme') $tmp_redirect_path = 'http'.substr($tmp_redirect_path,7);
								$tmp_redirect_path_parts = parse_url($tmp_redirect_path);
								if($tmp_redirect_path_parts['host'] == $alias['domain'] && ($tmp_redirect_path_parts['port'] == '80' || $tmp_redirect_path_parts['port'] == '443' || !isset($tmp_redirect_path_parts['port']))){
									if(substr($tmp_redirect_path_parts['path'],-1) == '/') $tmp_redirect_path_parts['path'] = substr($tmp_redirect_path_parts['path'],0,-1);
									if(substr($tmp_redirect_path_parts['path'],0,1) != '/') $tmp_redirect_path_parts['path'] = '/'.$tmp_redirect_path_parts['path'];
									$rewrite_exclude = '(?!'.$tmp_redirect_path_parts['path'].')';
								} else {
									$rewrite_exclude = '(.?)';
								}
								unset($tmp_redirect_path);
								unset($tmp_redirect_path_parts);
							}
                            if(substr($alias['domain'], 0, 2) === '*.') $domain_rule = '(^|\.)'.$this->_rewrite_quote(substr($alias['domain'], 2));
                            else $domain_rule = '^'.$this->_rewrite_quote($alias['domain']);
							$rewrite_rules[] = array(	'rewrite_domain' 	=> $domain_rule,
							'rewrite_type' 		=> ($alias['redirect_type'] == 'no')?'':$alias['redirect_type'],
Falko Timme's avatar
Falko Timme committed
							'rewrite_target' 	=> $alias['redirect_path'],
							'rewrite_exclude'	=> $rewrite_exclude);
			}
		}

		//* If we have some alias records
		if(count($server_alias) > 0) {
			$server_alias_str = '';
			$n = 0;

			foreach($server_alias as $tmp_alias) {
				$server_alias_str .= $tmp_alias;
			}
			unset($tmp_alias);

			$tpl->setVar('alias',trim($server_alias_str));
		} else {
			$tpl->setVar('alias','');
		}
Falko Timme's avatar
Falko Timme committed

		if(count($rewrite_rules) > 0) {
			$tpl->setLoop('redirects',$rewrite_rules);
Falko Timme's avatar
Falko Timme committed
		}
Falko Timme's avatar
Falko Timme committed
		//* Create basic http auth for website statistics
		$tpl->setVar('stats_auth_passwd_file', $data['new']['document_root']."/.htpasswd_stats");
		
		// Create basic http auth for other directories
		$basic_auth_locations = $this->_create_web_folder_auth_configuration($data['new']);
		if(is_array($basic_auth_locations) && !empty($basic_auth_locations)) $tpl->setLoop('basic_auth_locations', $basic_auth_locations);
Falko Timme's avatar
Falko Timme committed
		$vhost_file = escapeshellcmd($web_config['nginx_vhost_conf_dir'].'/'.$data['new']['domain'].'.vhost');
Falko Timme's avatar
Falko Timme committed
		if(file_exists($vhost_file)) copy($vhost_file,$vhost_file.'~');
		$app->system->file_put_contents($vhost_file,$this->nginx_merge_locations($tpl->grab()));
		$app->log('Writing the vhost file: '.$vhost_file,LOGLEVEL_DEBUG);
		unset($tpl);

Falko Timme's avatar
Falko Timme committed
		//* Set the symlink to enable the vhost
		//* First we check if there is a old type of symlink and remove it
		$vhost_symlink = escapeshellcmd($web_config['nginx_vhost_conf_enabled_dir'].'/'.$data['new']['domain'].'.vhost');
		if(is_link($vhost_symlink)) unlink($vhost_symlink);
		
		//* Remove old or changed symlinks
		if($data['new']['subdomain'] != $data['old']['subdomain'] or $data['new']['active'] == 'n') {
			$vhost_symlink = escapeshellcmd($web_config['nginx_vhost_conf_enabled_dir'].'/900-'.$data['new']['domain'].'.vhost');
			if(is_link($vhost_symlink)) {
				$app->system->unlink($vhost_symlink);
Falko Timme's avatar
Falko Timme committed
				$app->log('Removing symlink: '.$vhost_symlink.'->'.$vhost_file,LOGLEVEL_DEBUG);
			}
			$vhost_symlink = escapeshellcmd($web_config['nginx_vhost_conf_enabled_dir'].'/100-'.$data['new']['domain'].'.vhost');
			if(is_link($vhost_symlink)) {
				$app->system->unlink($vhost_symlink);
Falko Timme's avatar
Falko Timme committed
				$app->log('Removing symlink: '.$vhost_symlink.'->'.$vhost_file,LOGLEVEL_DEBUG);
			}
		}
		
		//* New symlink
		if($data['new']['subdomain'] == '*') {
			$vhost_symlink = escapeshellcmd($web_config['nginx_vhost_conf_enabled_dir'].'/900-'.$data['new']['domain'].'.vhost');
		} else {
			$vhost_symlink = escapeshellcmd($web_config['nginx_vhost_conf_enabled_dir'].'/100-'.$data['new']['domain'].'.vhost');
		}
		if($data['new']['active'] == 'y' && !is_link($vhost_symlink)) {
			symlink($vhost_file,$vhost_symlink);
			$app->log('Creating symlink: '.$vhost_symlink.'->'.$vhost_file,LOGLEVEL_DEBUG);
		}

		// remove old symlink and vhost file, if domain name of the site has changed
		if($this->action == 'update' && $data['old']['domain'] != '' && $data['new']['domain'] != $data['old']['domain']) {
Falko Timme's avatar
Falko Timme committed
			$vhost_symlink = escapeshellcmd($web_config['nginx_vhost_conf_enabled_dir'].'/900-'.$data['old']['domain'].'.vhost');
			if(is_link($vhost_symlink)) {
				$app->system->unlink($vhost_symlink);
Falko Timme's avatar
Falko Timme committed
				$app->log('Removing symlink: '.$vhost_symlink.'->'.$vhost_file,LOGLEVEL_DEBUG);
			}
			$vhost_symlink = escapeshellcmd($web_config['nginx_vhost_conf_enabled_dir'].'/100-'.$data['old']['domain'].'.vhost');
			if(is_link($vhost_symlink)) {
				$app->system->unlink($vhost_symlink);
Falko Timme's avatar
Falko Timme committed
				$app->log('Removing symlink: '.$vhost_symlink.'->'.$vhost_file,LOGLEVEL_DEBUG);
			}
			$vhost_symlink = escapeshellcmd($web_config['nginx_vhost_conf_enabled_dir'].'/'.$data['old']['domain'].'.vhost');
			if(is_link($vhost_symlink)) {
				$app->system->unlink($vhost_symlink);
				$app->log('Removing symlink: '.$vhost_symlink.'->'.$vhost_file,LOGLEVEL_DEBUG);
			}
Falko Timme's avatar
Falko Timme committed
			$vhost_file = escapeshellcmd($web_config['nginx_vhost_conf_dir'].'/'.$data['old']['domain'].'.vhost');
			$app->system->unlink($vhost_file);
			$app->log('Removing file: '.$vhost_file,LOGLEVEL_DEBUG);
		}
		
Falko Timme's avatar
Falko Timme committed
		// create password file for stats directory
		if(!is_file($data['new']['document_root'].'/.htpasswd_stats') || $data['new']['stats_password'] != $data['old']['stats_password']) {
			if(trim($data['new']['stats_password']) != '') {
				$htp_file = 'admin:'.trim($data['new']['stats_password']);
				$app->system->file_put_contents($data['new']['document_root'].'/.htpasswd_stats',$htp_file);
				$app->system->chmod($data['new']['document_root'].'/.htpasswd_stats',0755);
Falko Timme's avatar
Falko Timme committed
				unset($htp_file);
			}
		}
		
		//* Create awstats configuration
		if($data['new']['stats_type'] == 'awstats' && ($data['new']['type'] == 'vhost' || $data['new']['type'] == 'vhostsubdomain')) {
Falko Timme's avatar
Falko Timme committed
			$this->awstats_update($data,$web_config);
		}
		
		$this->php_fpm_pool_update($data,$web_config,$pool_dir,$pool_name,$socket_dir);
Falko Timme's avatar
Falko Timme committed
		if($web_config['check_apache_config'] == 'y') {
			//* Test if nginx starts with the new configuration file
			$nginx_online_status_before_restart = $this->_checkTcp('localhost',80);
			$app->log('nginx status is: '.$nginx_online_status_before_restart,LOGLEVEL_DEBUG);

			$app->services->restartService('httpd','restart');
Falko Timme's avatar
Falko Timme committed
			// wait a few seconds, before we test the apache status again
			sleep(2);
		
			//* Check if nginx restarted successfully if it was online before
			$nginx_online_status_after_restart = $this->_checkTcp('localhost',80);
			$app->log('nginx online status after restart is: '.$nginx_online_status_after_restart,LOGLEVEL_DEBUG);
			if($nginx_online_status_before_restart && !$nginx_online_status_after_restart) {
				$app->log('nginx did not restart after the configuration change for website '.$data['new']['domain'].' Reverting the configuration. Saved non-working config as '.$vhost_file.'.err',LOGLEVEL_WARN);
				$app->system->copy($vhost_file,$vhost_file.'.err');
				if(is_file($vhost_file.'~')) {
					//* Copy back the last backup file
					$app->system->copy($vhost_file.'~',$vhost_file);
				} else {
					//* There is no backup file, so we create a empty vhost file with a warning message inside
					$app->system->file_put_contents($vhost_file,"# nginx did not start after modifying this vhost file.\n# Please check file $vhost_file.err for syntax errors.");
				
				if($this->ssl_certificate_changed === true) {

					$ssl_dir = $data['new']['document_root'].'/ssl';
					$domain = $data['new']['ssl_domain'];
					$key_file = $ssl_dir.'/'.$domain.'.key.org';
					$key_file2 = $ssl_dir.'/'.$domain.'.key';
					$csr_file = $ssl_dir.'/'.$domain.'.csr';
					$crt_file = $ssl_dir.'/'.$domain.'.crt';
					//$bundle_file = $ssl_dir.'/'.$domain.'.bundle';
					
					//* Backup the files that might have caused the error
					if(is_file($key_file)) $app->system->copy($key_file,$key_file.'.err');
					if(is_file($key_file2)) $app->system->copy($key_file2,$key_file2.'.err');
					if(is_file($csr_file)) $app->system->copy($csr_file,$csr_file.'.err');
					if(is_file($crt_file)) $app->system->copy($crt_file,$crt_file.'.err');
					//if(is_file($bundle_file)) $app->system->copy($bundle_file,$bundle_file.'.err');
					
					//* Restore the ~ backup files
					if(is_file($key_file.'~')) $app->system->copy($key_file.'~',$key_file);
					if(is_file($key_file2.'~')) $app->system->copy($key_file2.'~',$key_file2);
					if(is_file($crt_file.'~')) $app->system->copy($crt_file.'~',$crt_file);
					if(is_file($csr_file.'~')) $app->system->copy($csr_file.'~',$csr_file);
					//if(is_file($bundle_file.'~')) $app->system->copy($bundle_file.'~',$bundle_file);
					
					$app->log('nginx did not restart after the configuration change for website '.$data['new']['domain'].' Reverting the SSL configuration. Saved non-working SSL files with .err extension.',LOGLEVEL_WARN);
				}
				
Falko Timme's avatar
Falko Timme committed
				$app->services->restartService('httpd','restart');
			}
		} else {
			//* We do not check the nginx config after changes (is faster)
			if($nginx_chrooted) {
				$app->services->restartServiceDelayed('httpd','reload');
			} else {
				// request a httpd reload when all records have been processed
				$app->services->restartServiceDelayed('httpd','reload');
			}
		}
		
		//* The vhost is written and apache has been restarted, so we 
		// can reset the ssl changed var to false and cleanup some files
		$this->ssl_certificate_changed = false;
		
		$ssl_dir = $data['new']['document_root'].'/ssl';
		$domain = $data['new']['ssl_domain'];
		$key_file = $ssl_dir.'/'.$domain.'.key.org';
		$key_file2 = $ssl_dir.'/'.$domain.'.key';
		$csr_file = $ssl_dir.'/'.$domain.'.csr';
		$crt_file = $ssl_dir.'/'.$domain.'.crt';
		//$bundle_file = $ssl_dir.'/'.$domain.'.bundle';
		
		if(@is_file($key_file.'~')) $app->system->unlink($key_file.'~');
		if(@is_file($key2_file.'~')) $app->system->unlink($key2_file.'~');
		if(@is_file($crt_file.'~')) $app->system->unlink($crt_file.'~');
		if(@is_file($csr_file.'~')) $app->system->unlink($csr_file.'~');
		//if(@is_file($bundle_file.'~')) $app->system->unlink($bundle_file.'~');
		
		// Remove the backup copy of the config file.
		if(@is_file($vhost_file.'~')) $app->system->unlink($vhost_file.'~');

		//* Unset action to clean it for next processed vhost.
		$this->action = '';

	}

	function delete($event_name,$data) {
		global $app, $conf;

		// load the server configuration options
		$app->uses('getconf');
Falko Timme's avatar
Falko Timme committed
		$web_config = $app->getconf->get_server_config($conf['server_id'], 'web');
		
		$app->system->web_folder_protection($data['old']['document_root'],false);
Falko Timme's avatar
Falko Timme committed
		//* Check if this is a chrooted setup
		if($web_config['website_basedir'] != '' && @is_file($web_config['website_basedir'].'/etc/passwd')) {
			$nginx_chrooted = true;
Falko Timme's avatar
Falko Timme committed
		} else {
			$nginx_chrooted = false;
Falko Timme's avatar
Falko Timme committed
		}
		
		//* Remove the mounts
		$log_folder = 'log';
        $web_folder = '';
        if($data['old']['type'] == 'vhostsubdomain') {
            $tmp = $app->db->queryOneRecord('SELECT `domain`,`document_root` FROM web_domain WHERE domain_id = '.intval($data['old']['parent_domain_id']));
            $subdomain_host = preg_replace('/^(.*)\.' . preg_quote($tmp['domain'], '/') . '$/', '$1', $data['old']['domain']);
            if($subdomain_host == '') $subdomain_host = 'web'.$data['old']['domain_id'];
            $web_folder = $data['old']['web_folder'];
            $log_folder .= '/' . $subdomain_host;
            unset($tmp);
		}
        
		exec('umount '.escapeshellarg($data['old']['document_root'].'/'.$log_folder));
		
		//* remove mountpoint from fstab
		$fstab_line = '/var/log/ispconfig/httpd/'.$data['old']['domain'].' '.$data['old']['document_root'].'/'.$log_folder.'    none    bind    0 0';
		$app->system->removeLine('/etc/fstab',$fstab_line);
		if($data['old']['type'] != 'vhost' && $data['old']['type'] != 'vhostsubdomain' && $data['old']['parent_domain_id'] > 0) {
Falko Timme's avatar
Falko Timme committed
			//* This is a alias domain or subdomain, so we have to update the website instead
			$parent_domain_id = intval($data['old']['parent_domain_id']);
			$tmp = $app->db->queryOneRecord('SELECT * FROM web_domain WHERE domain_id = '.$parent_domain_id." AND active = 'y'");
			$data['new'] = $tmp;
			$data['old'] = $tmp;
			$this->action = 'update';
			// just run the update function
			$this->update($event_name,$data);
Falko Timme's avatar
Falko Timme committed
		} else {
			// Deleting the vhost file, symlink and the data directory			
Falko Timme's avatar
Falko Timme committed
			$vhost_file = escapeshellcmd($web_config['nginx_vhost_conf_dir'].'/'.$data['old']['domain'].'.vhost');
			
			$vhost_symlink = escapeshellcmd($web_config['nginx_vhost_conf_enabled_dir'].'/'.$data['old']['domain'].'.vhost');
			if(is_link($vhost_symlink)){
				$app->system->unlink($vhost_symlink);
				$app->log('Removing symlink: '.$vhost_symlink.'->'.$vhost_file,LOGLEVEL_DEBUG);
			}
			$vhost_symlink = escapeshellcmd($web_config['nginx_vhost_conf_enabled_dir'].'/900-'.$data['old']['domain'].'.vhost');
			if(is_link($vhost_symlink)){
				$app->system->unlink($vhost_symlink);
				$app->log('Removing symlink: '.$vhost_symlink.'->'.$vhost_file,LOGLEVEL_DEBUG);
			}
			$vhost_symlink = escapeshellcmd($web_config['nginx_vhost_conf_enabled_dir'].'/100-'.$data['old']['domain'].'.vhost');
			if(is_link($vhost_symlink)){
				$app->system->unlink($vhost_symlink);
				$app->log('Removing symlink: '.$vhost_symlink.'->'.$vhost_file,LOGLEVEL_DEBUG);
			}
			
			$app->system->unlink($vhost_file);
			$app->log('Removing vhost file: '.$vhost_file,LOGLEVEL_DEBUG);
            if($data['old']['type'] == 'vhost' || $data['old']['type'] == 'vhostsubdomain') {
                $docroot = escapeshellcmd($data['old']['document_root']);
                if($docroot != '' && !stristr($docroot,'..')) {
                    if($data['old']['type'] == 'vhost') exec('rm -rf '.$docroot);
mcramer's avatar
mcramer committed
                    elseif(!stristr($data['old']['web_folder'], '..')) exec('rm -rf '.$docroot.'/'.$web_folder);
                //remove the php fastgi starter script if available
                if ($data['old']['php'] == 'fast-cgi') {
					$this->php_fpm_pool_delete($data,$web_config);
                    $fastcgi_starter_path = str_replace('[system_user]',$data['old']['system_user'],$web_config['fastcgi_starter_path']);
                    if($data['old']['type'] == 'vhost') {
                        if (is_dir($fastcgi_starter_path)) {
                            exec('rm -rf '.$fastcgi_starter_path);
                        }
                    } else {
                        $fcgi_starter_script = $fastcgi_starter_path.$web_config['fastcgi_starter_script'].'_web'.$data['old']['domain_id'];
                        if (file_exists($fcgi_starter_script)) {
                            exec('rm -f '.$fcgi_starter_script);
                        }
                    }
                }
                
                // remove PHP-FPM pool
                if ($data['old']['php'] == 'php-fpm') {
                    $this->php_fpm_pool_delete($data,$web_config);
                }
                //remove the php cgi starter script if available
                if ($data['old']['php'] == 'cgi') {
                    // TODO: fetch the date from the server-settings
                    $web_config['cgi_starter_path'] = $web_config['website_basedir'].'/php-cgi-scripts/[system_user]/';

                    $cgi_starter_path = str_replace('[system_user]',$data['old']['system_user'],$web_config['cgi_starter_path']);
                    if($data['old']['type'] == 'vhost') {
                        if (is_dir($cgi_starter_path)) {
                            exec('rm -rf '.$cgi_starter_path);
                        }
                    } else {
                        $cgi_starter_script = $cgi_starter_path.'php-cgi-starter_web'.$data['old']['domain_id'];
                        if (file_exists($cgi_starter_script)) {
                            exec('rm -f '.$cgi_starter_script);
                        }
                    }
                }
            
                $app->log('Removing website: '.$docroot,LOGLEVEL_DEBUG);

                // Delete the symlinks for the sites
                $client = $app->db->queryOneRecord('SELECT client_id FROM sys_group WHERE sys_group.groupid = '.intval($data['old']['sys_groupid']));
                $client_id = intval($client['client_id']);
                unset($client);
                $tmp_symlinks_array = explode(':',$web_config['website_symlinks']);
                if(is_array($tmp_symlinks_array)) {
                    foreach($tmp_symlinks_array as $tmp_symlink) {
                        $tmp_symlink = str_replace('[client_id]',$client_id,$tmp_symlink);
                        $tmp_symlink = str_replace('[website_domain]',$data['old']['domain'],$tmp_symlink);
                        // Remove trailing slash
                        if(substr($tmp_symlink, -1, 1) == '/') $tmp_symlink = substr($tmp_symlink, 0, -1);
                        // create the symlinks, if not exist
                        if(is_link($tmp_symlink)) {
                            $app->system->unlink($tmp_symlink);
                            $app->log('Removing symlink: '.$tmp_symlink,LOGLEVEL_DEBUG);
                        }
                    }
                }
                // end removing symlinks
            } else {
                // vhost subdomain
            }
            // Delete the log file directory
            $vhost_logfile_dir = escapeshellcmd('/var/log/ispconfig/httpd/'.$data['old']['domain']);
            if($data['old']['domain'] != '' && !stristr($vhost_logfile_dir,'..')) exec('rm -rf '.$vhost_logfile_dir);
            $app->log('Removing website logfile directory: '.$vhost_logfile_dir,LOGLEVEL_DEBUG);
            
            if($data['old']['type'] == 'vhost') {
                //delete the web user
                $command = 'userdel';
                $command .= ' '.$data['old']['system_user'];
                exec($command);
                if($nginx_chrooted) $this->_exec('chroot '.escapeshellcmd($web_config['website_basedir']).' '.$command);
                
            }
            
            //* Remove the awstats configuration file
            if($data['old']['stats_type'] == 'awstats') {
                $this->awstats_delete($data,$web_config);
Falko Timme's avatar
Falko Timme committed
			}
			$app->services->restartServiceDelayed('httpd','reload');
		
		
		if($data['old']['type'] != 'vhost') $app->system->web_folder_protection($data['old']['document_root'],true);
Falko Timme's avatar
Falko Timme committed
	//* This function is called when a IP on the server is inserted, updated or deleted
	function server_ip($event_name,$data) {
	//* Create or update the .htaccess folder protection
	function web_folder_user($event_name,$data) {
		global $app, $conf;

		$app->uses('system');
		
		if($event_name == 'web_folder_user_delete') {
			$folder_id = $data['old']['web_folder_id'];
		} else {
			$folder_id = $data['new']['web_folder_id'];
		}
		
		$folder = $app->db->queryOneRecord("SELECT * FROM web_folder WHERE web_folder_id = ".intval($folder_id));
		$website = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".intval($folder['parent_domain_id']));
		
		if(!is_array($folder) or !is_array($website)) {
			$app->log('Not able to retrieve folder or website record.',LOGLEVEL_DEBUG);
			return false;
		}
		
        $web_folder = 'web';
        if($website['type'] == 'vhostsubdomain') $web_folder = $website['web_folder'];
        
		//* Get the folder path.
		if(substr($folder['path'],0,1) == '/') $folder['path'] = substr($folder['path'],1);
		if(substr($folder['path'],-1) == '/') $folder['path'] = substr($folder['path'],0,-1);
		$folder_path = escapeshellcmd($website['document_root'].'/' . $web_folder . '/'.$folder['path']);
		if(substr($folder_path,-1) != '/') $folder_path .= '/';
		
		//* Check if the resulting path is inside the docroot
		if(stristr($folder_path,'..') || stristr($folder_path,'./') || stristr($folder_path,'\\')) {
			$app->log('Folder path "'.$folder_path.'" contains .. or ./.',LOGLEVEL_DEBUG);
			return false;
		}
		
		//* Create the folder path, if it does not exist
		if(!is_dir($folder_path)) {
			$app->system->mkdirpath($folder_path);
			$app->system->chown($folder_path,$website['system_user']);
			$app->system->chgrp($folder_path,$website['system_group']);
		
		//* Create empty .htpasswd file, if it does not exist
		if(!is_file($folder_path.'.htpasswd')) {
			touch($folder_path.'.htpasswd');
			$app->system->chmod($folder_path.'.htpasswd',0755);
			$app->system->chown($folder_path.'.htpasswd',$website['system_user']);
			$app->system->chgrp($folder_path.'.htpasswd',$website['system_group']);
			$app->log('Created file '.$folder_path.'.htpasswd',LOGLEVEL_DEBUG);
		}
		
		/*
		$auth_users = $app->db->queryAllRecords("SELECT * FROM web_folder_user WHERE active = 'y' AND web_folder_id = ".intval($folder_id));
		$htpasswd_content = '';
		if(is_array($auth_users) && !empty($auth_users)){
			foreach($auth_users as $auth_user){
				$htpasswd_content .= $auth_user['username'].':'.$auth_user['password']."\n";
			}
		}
		$htpasswd_content = trim($htpasswd_content);
		@file_put_contents($folder_path.'.htpasswd', $htpasswd_content);
		$app->log('Changed .htpasswd file: '.$folder_path.'.htpasswd',LOGLEVEL_DEBUG);
		*/
		
		if(($data['new']['username'] != $data['old']['username'] || $data['new']['active'] == 'n') && $data['old']['username'] != '') {
			$app->system->removeLine($folder_path.'.htpasswd',$data['old']['username'].':');
			$app->log('Removed user: '.$data['old']['username'],LOGLEVEL_DEBUG);
		}
		
		//* Add or remove the user from .htpasswd file
		if($event_name == 'web_folder_user_delete') {
			$app->system->removeLine($folder_path.'.htpasswd',$data['old']['username'].':');
			$app->log('Removed user: '.$data['old']['username'],LOGLEVEL_DEBUG);
		} else {
			if($data['new']['active'] == 'y') {
				$app->system->replaceLine($folder_path.'.htpasswd',$data['new']['username'].':',$data['new']['username'].':'.$data['new']['password'],0,1);
				$app->log('Added or updated user: '.$data['new']['username'],LOGLEVEL_DEBUG);
			}
		}
		
		// write basic auth configuration to vhost file because nginx does not support .htaccess
		$webdata['new'] = $webdata['old'] = $website;
		$this->update('web_domain_update', $webdata);
	}
	
	//* Remove .htpasswd file, when folder protection is removed
	function web_folder_delete($event_name,$data) {
		global $app, $conf;
		
		$folder_id = $data['old']['web_folder_id'];
		
		$folder = $data['old'];
		$website = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".intval($folder['parent_domain_id']));
		
		if(!is_array($folder) or !is_array($website)) {
			$app->log('Not able to retrieve folder or website record.',LOGLEVEL_DEBUG);
			return false;
		}
		
        $web_folder = 'web';
        if($website['type'] == 'vhostsubdomain') $web_folder = $website['web_folder'];
        
		//* Get the folder path.
		if(substr($folder['path'],0,1) == '/') $folder['path'] = substr($folder['path'],1);
		if(substr($folder['path'],-1) == '/') $folder['path'] = substr($folder['path'],0,-1);
		$folder_path = realpath($website['document_root'].'/' . $web_folder . '/'.$folder['path']);
		if(substr($folder_path,-1) != '/') $folder_path .= '/';
		
		//* Check if the resulting path is inside the docroot
		if(substr($folder_path,0,strlen($website['document_root'])) != $website['document_root']) {
			$app->log('Folder path is outside of docroot.',LOGLEVEL_DEBUG);
			return false;
		}
		
		//* Remove .htpasswd file
		if(is_file($folder_path.'.htpasswd')) {
			$app->system->unlink($folder_path.'.htpasswd');
			$app->log('Removed file '.$folder_path.'.htpasswd',LOGLEVEL_DEBUG);
		}
		
		// write basic auth configuration to vhost file because nginx does not support .htaccess
		$webdata['new'] = $webdata['old'] = $website;
		$this->update('web_domain_update', $webdata);
	}
	
	//* Update folder protection, when path has been changed
	function web_folder_update($event_name,$data) {
		global $app, $conf;
		
		$website = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".intval($data['new']['parent_domain_id']));
	
		if(!is_array($website)) {
			$app->log('Not able to retrieve folder or website record.',LOGLEVEL_DEBUG);
			return false;
		}
		
        $web_folder = 'web';
        if($website['type'] == 'vhostsubdomain') $web_folder = $website['web_folder'];
        
		//* Get the folder path.
		if(substr($data['old']['path'],0,1) == '/') $data['old']['path'] = substr($data['old']['path'],1);
		if(substr($data['old']['path'],-1) == '/') $data['old']['path'] = substr($data['old']['path'],0,-1);
		$old_folder_path = realpath($website['document_root'].'/' . $web_folder . '/'.$data['old']['path']);
		if(substr($old_folder_path,-1) != '/') $old_folder_path .= '/';
			
		if(substr($data['new']['path'],0,1) == '/') $data['new']['path'] = substr($data['new']['path'],1);
		if(substr($data['new']['path'],-1) == '/') $data['new']['path'] = substr($data['new']['path'],0,-1);
		$new_folder_path = escapeshellcmd($website['document_root'].'/' . $web_folder . '/'.$data['new']['path']);
		if(substr($new_folder_path,-1) != '/') $new_folder_path .= '/';
		
		//* Check if the resulting path is inside the docroot
		if(stristr($new_folder_path,'..') || stristr($new_folder_path,'./') || stristr($new_folder_path,'\\')) {
			$app->log('Folder path "'.$new_folder_path.'" contains .. or ./.',LOGLEVEL_DEBUG);
			return false;
		}
		if(stristr($old_folder_path,'..') || stristr($old_folder_path,'./') || stristr($old_folder_path,'\\')) {
			$app->log('Folder path "'.$old_folder_path.'" contains .. or ./.',LOGLEVEL_DEBUG);
			return false;
		}
		
		//* Check if the resulting path is inside the docroot
		if(substr($old_folder_path,0,strlen($website['document_root'])) != $website['document_root']) {
			$app->log('Old folder path '.$old_folder_path.' is outside of docroot.',LOGLEVEL_DEBUG);
			return false;
		}
		if(substr($new_folder_path,0,strlen($website['document_root'])) != $website['document_root']) {
			$app->log('New folder path '.$new_folder_path.' is outside of docroot.',LOGLEVEL_DEBUG);
			return false;
		}
			
		//* Create the folder path, if it does not exist
		if(!is_dir($new_folder_path)) $app->system->mkdirpath($new_folder_path);
		
		if($data['old']['path'] != $data['new']['path']) {

		
			//* move .htpasswd file
			if(is_file($old_folder_path.'.htpasswd')) {
				$app->system->rename($old_folder_path.'.htpasswd',$new_folder_path.'.htpasswd');
				$app->log('Moved file '.$old_folder_path.'.htpasswd to '.$new_folder_path.'.htpasswd',LOGLEVEL_DEBUG);
			}
		
		}

		// write basic auth configuration to vhost file because nginx does not support .htaccess
		$webdata['new'] = $webdata['old'] = $website;
		$this->update('web_domain_update', $webdata);
	}
	
	function _create_web_folder_auth_configuration($website){
		global $app, $conf;
		//* Create the domain.auth file which is included in the vhost configuration file
		$app->uses('getconf');
		$web_config = $app->getconf->get_server_config($conf['server_id'], 'web');
		$basic_auth_file = escapeshellcmd($web_config['nginx_vhost_conf_dir'].'/'.$website['domain'].'.auth');
		//$app->load('tpl');
		//$tpl = new tpl();
		//$tpl->newTemplate('nginx_http_authentication.auth.master');
		$website_auth_locations = $app->db->queryAllRecords("SELECT * FROM web_folder WHERE active = 'y' AND parent_domain_id = ".intval($website['domain_id']));
		$basic_auth_locations = array();
		if(is_array($website_auth_locations) && !empty($website_auth_locations)){
			foreach($website_auth_locations as $website_auth_location){
				if(substr($website_auth_location['path'],0,1) == '/') $website_auth_location['path'] = substr($website_auth_location['path'],1);
				if(substr($website_auth_location['path'],-1) == '/') $website_auth_location['path'] = substr($website_auth_location['path'],0,-1);
				if($website_auth_location['path'] != ''){
					$website_auth_location['path'] .= '/';
				}
				$basic_auth_locations[] = array('htpasswd_location' => '/'.$website_auth_location['path'],
												'htpasswd_path' => $website['document_root'].'/' . ($website['type'] == 'vhostsubdomain' ? $website['web_folder'] : 'web') . '/'.$website_auth_location['path']);
			}
		}
		return $basic_auth_locations;
		//$tpl->setLoop('basic_auth_locations', $basic_auth_locations);
		//file_put_contents($basic_auth_file,$tpl->grab());
		//$app->log('Writing the http basic authentication file: '.$basic_auth_file,LOGLEVEL_DEBUG);
		//unset($tpl);
		//$app->services->restartServiceDelayed('httpd','reload');
	}
	
Falko Timme's avatar
Falko Timme committed
	//* Update the awstats configuration file
	private function awstats_update ($data,$web_config) {
		global $app;
		
        $web_folder = $data['new']['web_folder'];
        if($data['new']['type'] == 'vhost') $web_folder = 'web';
Falko Timme's avatar
Falko Timme committed
		$awstats_conf_dir = $web_config['awstats_conf_dir'];
		
		if(!is_dir($data['new']['document_root']."/" . $web_folder . "/stats/")) mkdir($data['new']['document_root']."/" . $web_folder . "/stats");
Falko Timme's avatar
Falko Timme committed
		if(!@is_file($awstats_conf_dir.'/awstats.'.$data['new']['domain'].'.conf') || ($data['old']['domain'] != '' && $data['new']['domain'] != $data['old']['domain'])) {
			if ( @is_file($awstats_conf_dir.'/awstats.'.$data['old']['domain'].'.conf') ) {
				$app->system->unlink($awstats_conf_dir.'/awstats.'.$data['old']['domain'].'.conf');
Falko Timme's avatar
Falko Timme committed
			}
			
			$content = '';
			$content .= "Include \"".$awstats_conf_dir."/awstats.conf\"\n";
			$content .= "LogFile=\"/var/log/ispconfig/httpd/".$data['new']['domain']."/access.log\"\n";
			$content .= "SiteDomain=\"".$data['new']['domain']."\"\n";
			$content .= "HostAliases=\"www.".$data['new']['domain']."  localhost 127.0.0.1\"\n";
			
			$app->system->file_put_contents($awstats_conf_dir.'/awstats.'.$data['new']['domain'].'.conf',$content);
Falko Timme's avatar
Falko Timme committed
			$app->log('Created AWStats config file: '.$awstats_conf_dir.'/awstats.'.$data['new']['domain'].'.conf',LOGLEVEL_DEBUG);
		}
		if(is_file($data['new']['document_root']."/" . $web_folder . "/stats/index.html")) $app->system->unlink($data['new']['document_root']."/" . $web_folder . "/stats/index.html");
		if(file_exists("/usr/local/ispconfig/server/conf-custom/awstats_index.php.master")) {
			$app->system->copy("/usr/local/ispconfig/server/conf-custom/awstats_index.php.master",$data['new']['document_root']."/" . $web_folder . "/stats/index.php");
		} else {
			$app->system->copy("/usr/local/ispconfig/server/conf/awstats_index.php.master",$data['new']['document_root']."/" . $web_folder . "/stats/index.php");
		}
Falko Timme's avatar
Falko Timme committed
	}
	
	//* Delete the awstats configuration file
	private function awstats_delete ($data,$web_config) {
		global $app;
		
		$awstats_conf_dir = $web_config['awstats_conf_dir'];
Falko Timme's avatar
Falko Timme committed
		if ( @is_file($awstats_conf_dir.'/awstats.'.$data['old']['domain'].'.conf') ) {
			$app->system->unlink($awstats_conf_dir.'/awstats.'.$data['old']['domain'].'.conf');
Falko Timme's avatar
Falko Timme committed
			$app->log('Removed AWStats config file: '.$awstats_conf_dir.'/awstats.'.$data['old']['domain'].'.conf',LOGLEVEL_DEBUG);
		}
	//* Update the PHP-FPM pool configuration file
	private function php_fpm_pool_update ($data,$web_config,$pool_dir,$pool_name,$socket_dir) {
		global $app, $conf;
		if(trim($data['new']['fastcgi_php_version']) != ''){
			$default_php_fpm = false;
			list($custom_php_fpm_name, $custom_php_fpm_init_script, $custom_php_fpm_ini_dir, $custom_php_fpm_pool_dir) = explode(':', trim($data['new']['fastcgi_php_version']));
			if(substr($custom_php_fpm_ini_dir,-1) != '/') $custom_php_fpm_ini_dir .= '/';
		} else {
			$default_php_fpm = true;
		}
		*/
		if($data['new']['php'] != 'no'){
			if(trim($data['new']['fastcgi_php_version']) != ''){
				$default_php_fpm = false;
				list($custom_php_fpm_name, $custom_php_fpm_init_script, $custom_php_fpm_ini_dir, $custom_php_fpm_pool_dir) = explode(':', trim($data['new']['fastcgi_php_version']));
				if(substr($custom_php_fpm_ini_dir,-1) != '/') $custom_php_fpm_ini_dir .= '/';
			} else {
				$default_php_fpm = true;
			}
		} else {
			if(trim($data['old']['fastcgi_php_version']) != '' && $data['old']['php'] != 'no'){
				$default_php_fpm = false;
				list($custom_php_fpm_name, $custom_php_fpm_init_script, $custom_php_fpm_ini_dir, $custom_php_fpm_pool_dir) = explode(':', trim($data['old']['fastcgi_php_version']));
				if(substr($custom_php_fpm_ini_dir,-1) != '/') $custom_php_fpm_ini_dir .= '/';
			} else {
				$default_php_fpm = true;
			}
		}
		$app->uses("getconf");
		$web_config = $app->getconf->get_server_config($conf["server_id"], 'web');
		
		if($data['new']['php'] == 'no'){
			if(@is_file($pool_dir.$pool_name.'.conf')){
				$app->system->unlink($pool_dir.$pool_name.'.conf');
				//$reload = true;
			if($data['old']['php'] != 'no'){
				if(!$default_php_fpm){
					$app->services->restartService('php-fpm','reload:'.$custom_php_fpm_init_script);
				} else {
					$app->services->restartService('php-fpm','reload:'.$conf['init_scripts'].'/'.$web_config['php_fpm_init_script']);
				}
			}
		$app->load('tpl');
		$tpl = new tpl();
		$tpl->newTemplate('php_fpm_pool.conf.master');

		if($data['new']['php_fpm_use_socket'] == 'y'){
			$use_tcp = 0;
			$use_socket = 1;
			if(!is_dir($socket_dir)) $app->system->mkdirpath($socket_dir);
			$use_tcp = 1;
			$use_socket = 0;
		}
		$tpl->setVar('use_tcp', $use_tcp);
		$tpl->setVar('use_socket', $use_socket);
			
		$fpm_socket = $socket_dir.$pool_name.'.sock';
		$tpl->setVar('fpm_socket', $fpm_socket);
			
		$tpl->setVar('fpm_pool', $pool_name);
		$tpl->setVar('fpm_port', $web_config['php_fpm_start_port'] + $data['new']['domain_id'] - 1);
		$tpl->setVar('fpm_user', $data['new']['system_user']);
		$tpl->setVar('fpm_group', $data['new']['system_group']);
		$tpl->setVar('pm', $data['new']['pm']);
		$tpl->setVar('pm_max_children', $data['new']['pm_max_children']);
		$tpl->setVar('pm_start_servers', $data['new']['pm_start_servers']);
		$tpl->setVar('pm_min_spare_servers', $data['new']['pm_min_spare_servers']);
		$tpl->setVar('pm_max_spare_servers', $data['new']['pm_max_spare_servers']);
		$tpl->setVar('pm_process_idle_timeout', $data['new']['pm_process_idle_timeout']);
		$tpl->setVar('pm_max_requests', $data['new']['pm_max_requests']);
		$tpl->setVar('document_root', $data['new']['document_root']);
		$tpl->setVar('security_level',$web_config['security_level']);
		$php_open_basedir = ($data['new']['php_open_basedir'] == '')?escapeshellcmd($data['new']['document_root']):escapeshellcmd($data['new']['php_open_basedir']);
		$tpl->setVar('php_open_basedir', $php_open_basedir);
		if($php_open_basedir != ''){
			$tpl->setVar('enable_php_open_basedir', '');
		} else {
			$tpl->setVar('enable_php_open_basedir', ';');
		}
		// Custom php.ini settings
		$final_php_ini_settings = array();
		$custom_php_ini_settings = trim($data['new']['custom_php_ini']);
		if($custom_php_ini_settings != ''){
			// Make sure we only have Unix linebreaks
			$custom_php_ini_settings = str_replace("\r\n", "\n", $custom_php_ini_settings);
			$custom_php_ini_settings = str_replace("\r", "\n", $custom_php_ini_settings);
			$ini_settings = explode("\n", $custom_php_ini_settings);
			if(is_array($ini_settings) && !empty($ini_settings)){
				foreach($ini_settings as $ini_setting){
					$ini_setting = trim($ini_setting);
					if(substr($ini_setting,0,1) == ';') continue;
					if(substr($ini_setting,0,1) == '#') continue;
					if(substr($ini_setting,0,2) == '//') continue;
					list($key, $value) = explode('=', $ini_setting);
					if($value){
						$value = trim($value);
						$key = trim($key);
						switch (strtolower($value)) {
							case '0':
								// PHP-FPM might complain about invalid boolean value if you use 0
								$value = 'off';
							case '1':
							case 'on':
							case 'off':
							case 'true':
							case 'false':
							case 'yes':
							case 'no':
								$final_php_ini_settings[] = array('ini_setting' => 'php_admin_flag['.$key.'] = '.$value);
								break;
							default:
								$final_php_ini_settings[] = array('ini_setting' => 'php_admin_value['.$key.'] = '.$value);
		$tpl->setLoop('custom_php_ini_settings', $final_php_ini_settings);
		$app->system->file_put_contents($pool_dir.$pool_name.'.conf',$tpl->grab());
		$app->log('Writing the PHP-FPM config file: '.$pool_dir.$pool_name.'.conf',LOGLEVEL_DEBUG);
		unset($tpl);
		
		// delete pool in all other PHP versions
		$default_pool_dir = escapeshellcmd($web_config['php_fpm_pool_dir']);
		if(substr($default_pool_dir,-1) != '/') $default_pool_dir .= '/';
		if($default_pool_dir != $pool_dir){
			if ( @is_file($default_pool_dir.$pool_name.'.conf') ) {
					$app->system->unlink($default_pool_dir.$pool_name.'.conf');
					$app->log('Removed PHP-FPM config file: '.$default_pool_dir.$pool_name.'.conf',LOGLEVEL_DEBUG);
					$app->services->restartService('php-fpm','reload:'.$conf['init_scripts'].'/'.$web_config['php_fpm_init_script']);
			}
		}
		$php_versions = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = ".$conf["server_id"]);
		if(is_array($php_versions) && !empty($php_versions)){
			foreach($php_versions as $php_version){
				if(substr($php_version['php_fpm_pool_dir'],-1) != '/') $php_version['php_fpm_pool_dir'] .= '/';
				if($php_version['php_fpm_pool_dir'] != $pool_dir){
					if ( @is_file($php_version['php_fpm_pool_dir'].$pool_name.'.conf') ) {
						$app->system->unlink($php_version['php_fpm_pool_dir'].$pool_name.'.conf');
						$app->log('Removed PHP-FPM config file: '.$php_version['php_fpm_pool_dir'].$pool_name.'.conf',LOGLEVEL_DEBUG);
						$app->services->restartService('php-fpm','reload:'.$php_version['php_fpm_init_script']);
			$app->services->restartService('php-fpm','reload:'.$custom_php_fpm_init_script);
		} else {
			$app->services->restartService('php-fpm','reload:'.$conf['init_scripts'].'/'.$web_config['php_fpm_init_script']);
	}
	
	//* Delete the PHP-FPM pool configuration file
	private function php_fpm_pool_delete ($data,$web_config) {
		if(trim($data['old']['fastcgi_php_version']) != '' && $data['old']['php'] != 'no'){
			$default_php_fpm = false;
			list($custom_php_fpm_name, $custom_php_fpm_init_script, $custom_php_fpm_ini_dir, $custom_php_fpm_pool_dir) = explode(':', trim($data['old']['fastcgi_php_version']));
			if(substr($custom_php_fpm_ini_dir,-1) != '/') $custom_php_fpm_ini_dir .= '/';
		} else {
			$default_php_fpm = true;
		}
		
		if($default_php_fpm){
			$pool_dir = escapeshellcmd($web_config['php_fpm_pool_dir']);
		} else {
			$pool_dir = $custom_php_fpm_pool_dir;
		}
		if(substr($pool_dir,-1) != '/') $pool_dir .= '/';
		$pool_name = 'web'.$data['old']['domain_id'];
		if ( @is_file($pool_dir.$pool_name.'.conf') ) {
			$app->system->unlink($pool_dir.$pool_name.'.conf');