- Modified pages to use a global module aurhentification function

- Changed shell of website linux user to /bin/false

interface/lib/classes/auth.inc.php

@@ -90,6 +90,16 @@ class auth {
 			return false;
 		}
 	}
+	
+	public function check_module_permissions($module) {
+		// Check if the current user has the permissions to access this module
+		if(!stristr($_SESSION["s"]["user"]["modules"],$module)) {
+			header("Location: ../index.php");
+			exit;
+		}
+	}
+	
+	
 }
 
 ?>
\ No newline at end of file

interface/web/admin/dbsync_del.php

@@ -39,11 +39,7 @@ $list_def_file = "list/dbsync.list.php";
 * End Form configuration
 ******************************************/
 
-// Checke Berechtigungen für Modul
-if(!stristr($_SESSION["s"]["user"]["modules"],$_SESSION["s"]["module"]["name"])) {
-	header("Location: ../index.php");
-	exit;
-}
+$app->auth->check_module_permissions('admin');
 
 include_once($list_def_file);
 

interface/web/admin/dbsync_edit.php

@@ -39,11 +39,8 @@ $tform_def_file = "form/dbsync.tform.php";
 * End Form configuration
 ******************************************/
 
-// Checke Berechtigungen für Modul
-if(!stristr($_SESSION["s"]["user"]["modules"],$_SESSION["s"]["module"]["name"])) {
-	header("Location: ../index.php");
-	exit;
-}
+//* Check permissions for module
+$app->auth->check_module_permissions('admin');
 
 // Lade Template
 $app->uses('tpl,tform');

interface/web/admin/dbsync_list.php

@@ -39,11 +39,8 @@ $list_def_file = "list/dbsync.list.php";
 * End Form configuration
 ******************************************/
 
-// Checke Berechtigungen für Modul
-if(!stristr($_SESSION["s"]["user"]["modules"],$_SESSION["s"]["module"]["name"])) {
-	header("Location: ../index.php");
-	exit;
-}
+//* Check permissions for module
+$app->auth->check_module_permissions('admin');
 
 $app->uses('tpl,listform');
 

interface/web/admin/filesync_del.php

@@ -39,11 +39,8 @@ $list_def_file = "list/filesync.list.php";
 * End Form configuration
 ******************************************/
 
-// Checke Berechtigungen für Modul
-if(!stristr($_SESSION["s"]["user"]["modules"],$_SESSION["s"]["module"]["name"])) {
-	header("Location: ../index.php");
-	exit;
-}
+//* Check permissions for module
+$app->auth->check_module_permissions('admin');
 
 include_once($list_def_file);
 

interface/web/admin/filesync_edit.php

@@ -39,11 +39,8 @@ $tform_def_file = "form/filesync.tform.php";
 * End Form configuration
 ******************************************/
 
-// Checke Berechtigungen für Modul
-if(!stristr($_SESSION["s"]["user"]["modules"],$_SESSION["s"]["module"]["name"])) {
-	header("Location: ../index.php");
-	exit;
-}
+//* Check permissions for module
+$app->auth->check_module_permissions('admin');
 
 // Lade Template
 $app->uses('tpl,tform');

interface/web/admin/filesync_list.php

@@ -39,11 +39,8 @@ $list_def_file = "list/filesync.list.php";
 * End Form configuration
 ******************************************/
 
-// Checke Berechtigungen für Modul
-if(!stristr($_SESSION["s"]["user"]["modules"],$_SESSION["s"]["module"]["name"])) {
-	header("Location: ../index.php");
-	exit;
-}
+//* Check permissions for module
+$app->auth->check_module_permissions('admin');
 
 $app->uses('tpl,listform');
 

interface/web/admin/groups_del.php

@@ -42,11 +42,8 @@ $tform_def_file = "form/groups.tform.php";
 require_once('../../lib/config.inc.php');
 require_once('../../lib/app.inc.php');
 
-// Checke Berechtigungen für Modul
-if(!stristr($_SESSION["s"]["user"]["modules"],$_SESSION["s"]["module"]["name"])) {
-	header("Location: ../index.php");
-	exit;
-}
+//* Check permissions for module
+$app->auth->check_module_permissions('admin');
 
 $app->uses("tform_actions");
 $app->tform_actions->onDelete();

interface/web/admin/groups_edit.php

@@ -41,11 +41,8 @@ $tform_def_file = "form/groups.tform.php";
 require_once('../../lib/config.inc.php');
 require_once('../../lib/app.inc.php');
 
-// Checking module permissions
-if(!stristr($_SESSION["s"]["user"]["modules"],$_SESSION["s"]["module"]["name"])) {
-	header("Location: ../index.php");
-	exit;
-}
+//* Check permissions for module
+$app->auth->check_module_permissions('admin');
 
 // Loading classes
 $app->uses('tpl,tform,tform_actions');

interface/web/admin/groups_list.php

@@ -41,11 +41,8 @@ $list_def_file = "list/groups.list.php";
 * End Form configuration
 ******************************************/
 
-// Checking module permissions
-if(!stristr($_SESSION["s"]["user"]["modules"],$_SESSION["s"]["module"]["name"])) {
-	header("Location: ../index.php");
-	exit;
-}
+//* Check permissions for module
+$app->auth->check_module_permissions('admin');
 
 $app->uses('listform_actions');
 $app->listform_actions->onLoad();

interface/web/admin/language_add.php

@@ -30,11 +30,8 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 require_once('../../lib/config.inc.php');
 require_once('../../lib/app.inc.php');
 
-// Checking permissions for the module
-if(!stristr($_SESSION['s']['user']['modules'],'admin')) {
-	header('Location: ../index.php');
-	exit;
-}
+//* Check permissions for module
+$app->auth->check_module_permissions('admin');
 
 //* This is only allowed for administrators
 if(!$app->auth->is_admin()) die('only allowed for administrators.');

interface/web/admin/language_edit.php

@@ -30,11 +30,8 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 require_once('../../lib/config.inc.php');
 require_once('../../lib/app.inc.php');
 
-// Checking permissions for the module
-if(!stristr($_SESSION['s']['user']['modules'],'admin')) {
-	header('Location: ../index.php');
-	exit;
-}
+//* Check permissions for module
+$app->auth->check_module_permissions('admin');
 
 //* This is only allowed for administrators
 if(!$app->auth->is_admin()) die('only allowed for administrators.');

interface/web/admin/language_export.php

@@ -30,11 +30,8 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 require_once('../../lib/config.inc.php');
 require_once('../../lib/app.inc.php');
 
-// Checking permissions for the module
-if(!stristr($_SESSION['s']['user']['modules'],'admin')) {
-	header('Location: ../index.php');
-	exit;
-}
+//* Check permissions for module
+$app->auth->check_module_permissions('admin');
 
 //* This is only allowed for administrators
 if(!$app->auth->is_admin()) die('only allowed for administrators.');

interface/web/admin/language_import.php

@@ -30,11 +30,8 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 require_once('../../lib/config.inc.php');
 require_once('../../lib/app.inc.php');
 
-// Checking permissions for the module
-if(!stristr($_SESSION['s']['user']['modules'],'admin')) {
-	header('Location: ../index.php');
-	exit;
-}
+//* Check permissions for module
+$app->auth->check_module_permissions('admin');
 
 //* This is only allowed for administrators
 if(!$app->auth->is_admin()) die('only allowed for administrators.');

interface/web/admin/language_list.php

@@ -30,11 +30,8 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 require_once('../../lib/config.inc.php');
 require_once('../../lib/app.inc.php');
 
-// Checking permissions for the module
-if(!stristr($_SESSION['s']['user']['modules'],'admin')) {
-	header('Location: ../index.php');
-	exit;
-}
+//* Check permissions for module
+$app->auth->check_module_permissions('admin');
 
 //* This is only allowed for administrators
 if(!$app->auth->is_admin()) die('only allowed for administrators.');

interface/web/admin/server_del.php

-<?php
-
-/*
-Copyright (c) 2005, Till Brehm, projektfarm Gmbh
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without modification,
-are permitted provided that the following conditions are met:
-
-    * Redistributions of source code must retain the above copyright notice,
-      this list of conditions and the following disclaimer.
-    * Redistributions in binary form must reproduce the above copyright notice,
-      this list of conditions and the following disclaimer in the documentation
-      and/or other materials provided with the distribution.
-    * Neither the name of ISPConfig nor the names of its contributors
-      may be used to endorse or promote products derived from this software without
-      specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
-IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
-INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
-BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
-OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
-NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
-EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-*/
-
-/******************************************
-* Begin Form configuration
-******************************************/
-
-$list_def_file = "list/server.list.php";
-$tform_def_file = "form/server.tform.php";
-
-/******************************************
-* End Form configuration
-******************************************/
-
-require_once('../../lib/config.inc.php');
-require_once('../../lib/app.inc.php');
-
-// Checke Berechtigungen für Modul
-if(!stristr($_SESSION["s"]["user"]["modules"],$_SESSION["s"]["module"]["name"])) {
-	header("Location: ../index.php");
-	exit;
-}
-
-$app->uses("tform_actions");
-$app->tform_actions->onDelete();
-
+<?php
+
+/*
+Copyright (c) 2005, Till Brehm, projektfarm Gmbh
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * Neither the name of ISPConfig nor the names of its contributors
+      may be used to endorse or promote products derived from this software without
+      specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+/******************************************
+* Begin Form configuration
+******************************************/
+
+$list_def_file = "list/server.list.php";
+$tform_def_file = "form/server.tform.php";
+
+/******************************************
+* End Form configuration
+******************************************/
+
+require_once('../../lib/config.inc.php');
+require_once('../../lib/app.inc.php');
+
+//* Check permissions for module
+$app->auth->check_module_permissions('admin');
+
+$app->uses("tform_actions");
+$app->tform_actions->onDelete();
+
 ?>
\ No newline at end of file

interface/web/admin/server_edit.php

-<?php
-/*
-Copyright (c) 2005, Till Brehm, projektfarm Gmbh
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without modification,
-are permitted provided that the following conditions are met:
-
-    * Redistributions of source code must retain the above copyright notice,
-      this list of conditions and the following disclaimer.
-    * Redistributions in binary form must reproduce the above copyright notice,
-      this list of conditions and the following disclaimer in the documentation
-      and/or other materials provided with the distribution.
-    * Neither the name of ISPConfig nor the names of its contributors
-      may be used to endorse or promote products derived from this software without
-      specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
-IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
-INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
-BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
-OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
-NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
-EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-*/
-
-
-/******************************************
-* Begin Form configuration
-******************************************/
-
-$tform_def_file = "form/server.tform.php";
-
-/******************************************
-* End Form configuration
-******************************************/
-
-require_once('../../lib/config.inc.php');
-require_once('../../lib/app.inc.php');
-
-// Checking module permissions
-if(!stristr($_SESSION["s"]["user"]["modules"],$_SESSION["s"]["module"]["name"])) {
-	header("Location: ../index.php");
-	exit;
-}
-
-// Loading classes
-$app->uses('tpl,tform,tform_actions');
-
-// let tform_actions handle the page
-$app->tform_actions->onLoad();
-
+<?php
+/*
+Copyright (c) 2005, Till Brehm, projektfarm Gmbh
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * Neither the name of ISPConfig nor the names of its contributors
+      may be used to endorse or promote products derived from this software without
+      specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+
+/******************************************
+* Begin Form configuration
+******************************************/
+
+$tform_def_file = "form/server.tform.php";
+
+/******************************************
+* End Form configuration
+******************************************/
+
+require_once('../../lib/config.inc.php');
+require_once('../../lib/app.inc.php');
+
+//* Check permissions for module
+$app->auth->check_module_permissions('admin');
+
+// Loading classes
+$app->uses('tpl,tform,tform_actions');
+
+// let tform_actions handle the page
+$app->tform_actions->onLoad();
+
 ?>
\ No newline at end of file

interface/web/admin/server_ip_del.php

@@ -42,11 +42,8 @@ $tform_def_file = "form/server_ip.tform.php";
 require_once('../../lib/config.inc.php');
 require_once('../../lib/app.inc.php');
 
-// Checke Berechtigungen für Modul
-if(!stristr($_SESSION["s"]["user"]["modules"],'admin')) {
-	header("Location: ../index.php");
-	exit;
-}
+//* Check permissions for module
+$app->auth->check_module_permissions('admin');
 
 $app->uses("tform_actions");
 $app->tform_actions->onDelete();

interface/web/admin/server_ip_edit.php

@@ -41,11 +41,8 @@ $tform_def_file = "form/server_ip.tform.php";
 require_once('../../lib/config.inc.php');
 require_once('../../lib/app.inc.php');
 
-// Checking module permissions
-if(!stristr($_SESSION["s"]["user"]["modules"],'admin')) {
-	header("Location: ../index.php");
-	exit;
-}
+//* Check permissions for module
+$app->auth->check_module_permissions('admin');
 
 // Loading classes
 $app->uses('tpl,tform,tform_actions');

interface/web/admin/server_ip_list.php

@@ -41,11 +41,8 @@ $list_def_file = "list/server_ip.list.php";
 * End Form configuration
 ******************************************/
 
-// Checking module permissions
-if(!stristr($_SESSION["s"]["user"]["modules"],'admin')) {
-	header("Location: ../index.php");
-	exit;
-}
+//* Check permissions for module
+$app->auth->check_module_permissions('admin');
 
 $app->uses('listform_actions');
 $app->listform_actions->onLoad();