From c991ed82b95187210f810505dc184559186bf542 Mon Sep 17 00:00:00 2001
From: Jaap Marcus <9754650+jaapmarcus@users.noreply.github.com>
Date: Fri, 10 Sep 2021 11:33:51 +0200
Subject: [PATCH 1/4] Rewrite session token check to prevent juggling
+ Remove /edit/server/theme as is not being used
---
web/add/cron/autoupdate/index.php | 10 +-
web/add/cron/index.php | 40 +-
web/add/cron/reports/index.php | 10 +-
web/add/db/index.php | 86 ++-
web/add/dns/index.php | 97 +--
web/add/firewall/banlist/index.php | 26 +-
web/add/firewall/index.php | 47 +-
web/add/firewall/ipset/index.php | 34 +-
web/add/ip/index.php | 43 +-
web/add/key/index.php | 47 +-
web/add/mail/index.php | 138 ++--
web/add/package/index.php | 5 +-
web/add/user/index.php | 80 ++-
web/add/web/index.php | 379 +++++-----
web/add/webapp/index.php | 50 +-
web/bulk/backup/exclusions/index.php | 10 +-
web/bulk/backup/index.php | 10 +-
web/bulk/cron/index.php | 20 +-
web/bulk/db/index.php | 10 +-
web/bulk/dns/index.php | 16 +-
web/bulk/firewall/banlist/index.php | 14 +-
web/bulk/firewall/index.php | 12 +-
web/bulk/firewall/ipset/index.php | 12 +-
web/bulk/hestia/index.php | 10 +-
web/bulk/ip/index.php | 10 +-
web/bulk/mail/index.php | 14 +-
web/bulk/package/index.php | 10 +-
web/bulk/restore/index.php | 34 +-
web/bulk/service/index.php | 12 +-
web/bulk/user/index.php | 10 +-
web/copy/package/index.php | 18 +-
web/delete/backup/exclusion/index.php | 12 +-
web/delete/backup/index.php | 12 +-
web/delete/cron/autoupdate/index.php | 10 +-
web/delete/cron/index.php | 12 +-
web/delete/cron/reports/index.php | 10 +-
web/delete/db/index.php | 12 +-
web/delete/dns/index.php | 20 +-
web/delete/firewall/banlist/index.php | 14 +-
web/delete/firewall/index.php | 14 +-
web/delete/firewall/ipset/index.php | 14 +-
web/delete/ip/index.php | 13 +-
web/delete/key/index.php | 14 +-
web/delete/log/auth/index.php | 20 +-
web/delete/log/index.php | 12 +-
web/delete/mail/index.php | 20 +-
web/delete/notification/index.php | 20 +-
web/delete/package/index.php | 12 +-
web/delete/user/index.php | 12 +-
web/delete/web/cache/index.php | 12 +-
web/delete/web/index.php | 10 +-
web/download/backup/index.php | 30 +-
web/download/web-log/index.php | 7 +-
web/edit/backup/exclusions/index.php | 29 +-
web/edit/cron/index.php | 18 +-
web/edit/db/index.php | 32 +-
web/edit/dns/index.php | 66 +-
web/edit/firewall/index.php | 65 +-
web/edit/ip/index.php | 46 +-
web/edit/mail/index.php | 279 ++++----
web/edit/package/index.php | 148 ++--
web/edit/server/apache2/index.php | 23 +-
web/edit/server/bind9/index.php | 31 +-
web/edit/server/clamav-daemon/index.php | 23 +-
web/edit/server/cron/index.php | 6 +-
web/edit/server/dovecot/index.php | 121 ++--
web/edit/server/exim/index.php | 23 +-
web/edit/server/exim4/index.php | 23 +-
web/edit/server/fail2ban/index.php | 23 +-
web/edit/server/httpd/index.php | 23 +-
web/edit/server/index.php | 894 +++++++++++++++---------
web/edit/server/mariadb/index.php | 25 +-
web/edit/server/mysql/index.php | 25 +-
web/edit/server/mysqld/index.php | 25 +-
web/edit/server/named/index.php | 23 +-
web/edit/server/nginx/index.php | 25 +-
web/edit/server/php-fpm/index.php | 25 +-
web/edit/server/php/index.php | 25 +-
web/edit/server/php5-fpm/index.php | 25 +-
web/edit/server/postgresql/index.php | 33 +-
web/edit/server/proftpd/index.php | 23 +-
web/edit/server/spamassassin/index.php | 23 +-
web/edit/server/spamd/index.php | 23 +-
web/edit/server/ssh/index.php | 23 +-
web/edit/server/theme/index.php | 58 --
web/edit/server/vsftpd/index.php | 26 +-
web/edit/user/index.php | 190 ++---
web/edit/web/index.php | 598 ++++++++--------
web/generate/ssl/index.php | 40 +-
web/inc/main.php | 174 +++--
web/inc/prevent_csrf.php | 62 +-
web/login/index.php | 7 +-
web/logout/index.php | 6 +-
web/reset/index.php | 10 +-
web/reset2fa/index.php | 5 +-
web/restart/service/index.php | 18 +-
web/restart/system/index.php | 12 +-
web/schedule/backup/index.php | 11 +-
web/schedule/restore/index.php | 34 +-
web/search/index.php | 12 +-
web/start/service/index.php | 18 +-
web/stop/service/index.php | 12 +-
web/suspend/cron/index.php | 12 +-
web/suspend/db/index.php | 12 +-
web/suspend/dns/index.php | 20 +-
web/suspend/firewall/index.php | 14 +-
web/suspend/mail/index.php | 22 +-
web/suspend/user/index.php | 14 +-
web/suspend/web/index.php | 12 +-
web/unsuspend/cron/index.php | 12 +-
web/unsuspend/db/index.php | 12 +-
web/unsuspend/dns/index.php | 24 +-
web/unsuspend/firewall/index.php | 14 +-
web/unsuspend/mail/index.php | 24 +-
web/unsuspend/user/index.php | 14 +-
web/unsuspend/web/index.php | 12 +-
web/update/hestia/index.php | 12 +-
117 files changed, 2874 insertions(+), 2471 deletions(-)
delete mode 100644 web/edit/server/theme/index.php
diff --git a/web/add/cron/autoupdate/index.php b/web/add/cron/autoupdate/index.php
index a114a202ea..03f51e922b 100644
--- a/web/add/cron/autoupdate/index.php
+++ b/web/add/cron/autoupdate/index.php
@@ -1,18 +1,16 @@
$error) {
- if ( $i == 0 ) {
+ if ($i == 0) {
$error_msg = $error;
} else {
$error_msg = $error_msg.", ".$error;
}
}
- $_SESSION['error_msg'] = sprintf(_('Field "%s" can not be blank.'),$error_msg);
+ $_SESSION['error_msg'] = sprintf(_('Field "%s" can not be blank.'), $error_msg);
}
// Protect input
@@ -43,8 +53,8 @@
// Add cron job
if (empty($_SESSION['error_msg'])) {
- exec (HESTIA_CMD."v-add-cron-job ".$user." ".$v_min." ".$v_hour." ".$v_day." ".$v_month." ".$v_wday." ".$v_cmd, $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-add-cron-job ".$user." ".$v_min." ".$v_hour." ".$v_day." ".$v_month." ".$v_wday." ".$v_cmd, $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
}
diff --git a/web/add/cron/reports/index.php b/web/add/cron/reports/index.php
index f1fe7a9d78..06002472f7 100644
--- a/web/add/cron/reports/index.php
+++ b/web/add/cron/reports/index.php
@@ -1,17 +1,15 @@
$error) {
- if ( $i == 0 ) {
+ if ($i == 0) {
$error_msg = $error;
} else {
$error_msg = $error_msg.", ".$error;
}
}
- $_SESSION['error_msg'] = sprintf(_('Field "%s" can not be blank.'),$error_msg);
+ $_SESSION['error_msg'] = sprintf(_('Field "%s" can not be blank.'), $error_msg);
}
// Validate email
@@ -42,7 +52,9 @@
// Check password length
if (empty($_SESSION['error_msg'])) {
- if (!validate_password($_POST['v_password'])) { $_SESSION['error_msg'] = _('Password does not match the minimum requirements');}
+ if (!validate_password($_POST['v_password'])) {
+ $_SESSION['error_msg'] = _('Password does not match the minimum requirements');
+ }
}
// Protect input
@@ -58,12 +70,12 @@
$v_type = escapeshellarg($_POST['v_type']);
$v_charset = escapeshellarg($_POST['v_charset']);
$v_host = escapeshellarg($_POST['v_host']);
- $v_password = tempnam("/tmp","vst");
+ $v_password = tempnam("/tmp", "vst");
$fp = fopen($v_password, "w");
fwrite($fp, $_POST['v_password']."\n");
fclose($fp);
- exec (HESTIA_CMD."v-add-database ".$user." ".$v_database." ".$v_dbuser." ".$v_password." ".$v_type." ".$v_host." ".$v_charset, $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-add-database ".$user." ".$v_database." ".$v_dbuser." ".$v_password." ".$v_type." ".$v_host." ".$v_charset, $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
unlink($v_password);
$v_password = escapeshellarg($_POST['v_password']);
@@ -75,13 +87,27 @@
// Get database manager url
if (empty($_SESSION['error_msg'])) {
list($http_host, $port) = explode(':', $_SERVER["HTTP_HOST"] . ":");
- if ($_POST['v_host'] != 'localhost' ) $http_host = $_POST['v_host'];
- if ($_POST['v_type'] == 'mysql') $db_admin = "phpMyAdmin";
- if ($_POST['v_type'] == 'mysql') $db_admin_link = "http://".$http_host."/phpmyadmin/";
- if (($_POST['v_type'] == 'mysql') && (!empty($_SESSION['DB_PMA_ALIAS']))) $db_admin_link = "http://".$http_host."/".$_SESSION['DB_PMA_ALIAS'];
- if ($_POST['v_type'] == 'pgsql') $db_admin = "phpPgAdmin";
- if ($_POST['v_type'] == 'pgsql') $db_admin_link = "http://".$http_host."/phppgadmin/";
- if (($_POST['v_type'] == 'pgsql') && (!empty($_SESSION['DB_PGA_ALIAS']))) $db_admin_link = "http://".$http_host."/".$_SESSION['DB_PGA_ALIAS'];
+ if ($_POST['v_host'] != 'localhost') {
+ $http_host = $_POST['v_host'];
+ }
+ if ($_POST['v_type'] == 'mysql') {
+ $db_admin = "phpMyAdmin";
+ }
+ if ($_POST['v_type'] == 'mysql') {
+ $db_admin_link = "http://".$http_host."/phpmyadmin/";
+ }
+ if (($_POST['v_type'] == 'mysql') && (!empty($_SESSION['DB_PMA_ALIAS']))) {
+ $db_admin_link = "http://".$http_host."/".$_SESSION['DB_PMA_ALIAS'];
+ }
+ if ($_POST['v_type'] == 'pgsql') {
+ $db_admin = "phpPgAdmin";
+ }
+ if ($_POST['v_type'] == 'pgsql') {
+ $db_admin_link = "http://".$http_host."/phppgadmin/";
+ }
+ if (($_POST['v_type'] == 'pgsql') && (!empty($_SESSION['DB_PGA_ALIAS']))) {
+ $db_admin_link = "http://".$http_host."/".$_SESSION['DB_PGA_ALIAS'];
+ }
}
// Email login credentials
@@ -91,14 +117,14 @@
$hostname = exec('hostname');
$from = "noreply@".$hostname;
$from_name = _('Hestia Control Panel');
- $mailtext = sprintf(_('DATABASE_READY'),$user."_".$_POST['v_database'],$user."_".$_POST['v_dbuser'],$_POST['v_password'],$db_admin_link);
+ $mailtext = sprintf(_('DATABASE_READY'), $user."_".$_POST['v_database'], $user."_".$_POST['v_dbuser'], $_POST['v_password'], $db_admin_link);
send_email($to, $subject, $mailtext, $from, $from_name);
}
// Flush field values on success
if (empty($_SESSION['error_msg'])) {
- $_SESSION['ok_msg'] = sprintf(_('DATABASE_CREATED_OK'),htmlentities($user)."_".htmlentities($_POST['v_database']),htmlentities($user)."_".htmlentities($_POST['v_database']));
- $_SESSION['ok_msg'] .= " / " . sprintf(_('open %s'),$db_admin) . "";
+ $_SESSION['ok_msg'] = sprintf(_('DATABASE_CREATED_OK'), htmlentities($user)."_".htmlentities($_POST['v_database']), htmlentities($user)."_".htmlentities($_POST['v_database']));
+ $_SESSION['ok_msg'] .= " / " . sprintf(_('open %s'), $db_admin) . "";
unset($v_database);
unset($v_dbuser);
unset($v_password);
@@ -114,9 +140,11 @@
$db_types = explode(',', $_SESSION['DB_SYSTEM']);
// List available database servers
-exec (HESTIA_CMD."v-list-database-hosts json", $output, $return_var);
+exec(HESTIA_CMD."v-list-database-hosts json", $output, $return_var);
$db_hosts_tmp1 = json_decode(implode('', $output), true);
-$db_hosts_tmp2 = array_map(function($host){return $host['HOST'];}, $db_hosts_tmp1);
+$db_hosts_tmp2 = array_map(function ($host) {
+ return $host['HOST'];
+}, $db_hosts_tmp1);
$db_hosts = array_values(array_unique($db_hosts_tmp2));
unset($output);
unset($db_hosts_tmp1);
diff --git a/web/add/dns/index.php b/web/add/dns/index.php
index 30910a38e7..4fd970dd48 100644
--- a/web/add/dns/index.php
+++ b/web/add/dns/index.php
@@ -1,5 +1,6 @@
$error) {
- if ( $i == 0 ) {
+ if ($i == 0) {
$error_msg = $error;
} else {
$error_msg = $error_msg.", ".$error;
}
}
- $_SESSION['error_msg'] = sprintf(_('Field "%s" can not be blank.'),$error_msg);
+ $_SESSION['error_msg'] = sprintf(_('Field "%s" can not be blank.'), $error_msg);
}
// Protect input
@@ -50,16 +52,16 @@
// Add dns domain
if (empty($_SESSION['error_msg'])) {
- exec (HESTIA_CMD."v-add-dns-domain ".$user." ".$v_domain." ".escapeshellarg($v_ip)." ".$v_ns1." ".$v_ns2." ".$v_ns3." ".$v_ns4." ".$v_ns5." ".$v_ns6." ".$v_ns7." ".$v_ns8." no", $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-add-dns-domain ".$user." ".$v_domain." ".escapeshellarg($v_ip)." ".$v_ns1." ".$v_ns2." ".$v_ns3." ".$v_ns4." ".$v_ns5." ".$v_ns6." ".$v_ns7." ".$v_ns8." no", $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
}
-
+
// Change domain template
if (($v_template != $_POST['v_template']) && (empty($_SESSION['error_msg']))) {
$v_template = escapeshellarg($_POST['v_template']);
- exec (HESTIA_CMD."v-change-dns-domain-tpl ".$user." ".$v_domain." ".$v_template." 'no'", $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-change-dns-domain-tpl ".$user." ".$v_domain." ".$v_template." 'no'", $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
}
@@ -67,8 +69,8 @@
if (empty($_SESSION['error_msg'])) {
if ((!empty($_POST['v_exp'])) && ($_POST['v_exp'] != date('Y-m-d', strtotime('+1 year')))) {
$v_exp = escapeshellarg($_POST['v_exp']);
- exec (HESTIA_CMD."v-change-dns-domain-exp ".$user." ".$v_domain." ".$v_exp." no", $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-change-dns-domain-exp ".$user." ".$v_domain." ".$v_exp." no", $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
}
}
@@ -77,22 +79,22 @@
if (empty($_SESSION['error_msg'])) {
if ((!empty($_POST['v_ttl'])) && ($_POST['v_ttl'] != '14400') && (empty($_SESSION['error_msg']))) {
$v_ttl = escapeshellarg($_POST['v_ttl']);
- exec (HESTIA_CMD."v-change-dns-domain-ttl ".$user." ".$v_domain." ".$v_ttl." no", $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-change-dns-domain-ttl ".$user." ".$v_domain." ".$v_ttl." no", $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
}
}
// Restart dns server
if (empty($_SESSION['error_msg'])) {
- exec (HESTIA_CMD."v-restart-dns", $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-restart-dns", $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
}
// Flush field values on success
if (empty($_SESSION['error_msg'])) {
- $_SESSION['ok_msg'] = sprintf(_('DNS_DOMAIN_CREATED_OK'),htmlentities($_POST['v_domain']),htmlentities($_POST['v_domain']));
+ $_SESSION['ok_msg'] = sprintf(_('DNS_DOMAIN_CREATED_OK'), htmlentities($_POST['v_domain']), htmlentities($_POST['v_domain']));
unset($v_domain);
}
}
@@ -108,19 +110,27 @@
}
// Check empty fields
- if (empty($_POST['v_domain'])) $errors[] = 'domain';
- if (empty($_POST['v_rec'])) $errors[] = 'record';
- if (empty($_POST['v_type'])) $errors[] = 'type';
- if (empty($_POST['v_val'])) $errors[] = 'value';
+ if (empty($_POST['v_domain'])) {
+ $errors[] = 'domain';
+ }
+ if (empty($_POST['v_rec'])) {
+ $errors[] = 'record';
+ }
+ if (empty($_POST['v_type'])) {
+ $errors[] = 'type';
+ }
+ if (empty($_POST['v_val'])) {
+ $errors[] = 'value';
+ }
if (!empty($errors[0])) {
foreach ($errors as $i => $error) {
- if ( $i == 0 ) {
+ if ($i == 0) {
$error_msg = $error;
} else {
$error_msg = $error_msg.", ".$error;
}
}
- $_SESSION['error_msg'] = sprintf(_('Field "%s" can not be blank.'),$error_msg);
+ $_SESSION['error_msg'] = sprintf(_('Field "%s" can not be blank.'), $error_msg);
}
// Protect input
@@ -132,16 +142,15 @@
$v_ttl = escapeshellarg($_POST['v_ttl']);
// Add dns record
if (empty($_SESSION['error_msg'])) {
- exec (HESTIA_CMD."v-add-dns-record ".$user." ".$v_domain." ".$v_rec." ".$v_type." ".$v_val." ".$v_priority." '' false ".$v_ttl, $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-add-dns-record ".$user." ".$v_domain." ".$v_rec." ".$v_type." ".$v_val." ".$v_priority." '' false ".$v_ttl, $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
-
}
$v_type = $_POST['v_type'];
-
+
// Flush field values on success
if (empty($_SESSION['error_msg'])) {
- $_SESSION['ok_msg'] = sprintf(_('DNS_RECORD_CREATED_OK'),htmlentities($_POST['v_rec']),htmlentities($_POST['v_domain']));
+ $_SESSION['ok_msg'] = sprintf(_('DNS_RECORD_CREATED_OK'), htmlentities($_POST['v_rec']), htmlentities($_POST['v_domain']));
unset($v_domain);
unset($v_rec);
unset($v_val);
@@ -159,17 +168,17 @@
$v_ns7 = str_replace("'", "", $v_ns7);
$v_ns8 = str_replace("'", "", $v_ns8);
-if(empty($v_ip) && count($v_ips) > 0) {
+if (empty($v_ip) && count($v_ips) > 0) {
$ip = array_key_first($v_ips);
- $v_ip = (empty($v_ips[$ip]['NAT'])?$ip:$v_ips[$ip]['NAT']);
+ $v_ip = (empty($v_ips[$ip]['NAT']) ? $ip : $v_ips[$ip]['NAT']);
}
// List dns templates
-exec (HESTIA_CMD."v-list-dns-templates json", $output, $return_var);
+exec(HESTIA_CMD."v-list-dns-templates json", $output, $return_var);
$templates = json_decode(implode('', $output), true);
unset($output);
-exec (HESTIA_CMD."v-list-user ".$user." json", $output, $return_var);
+exec(HESTIA_CMD."v-list-user ".$user." json", $output, $return_var);
$user_config = json_decode(implode('', $output), true);
unset($output);
$v_template = $user_config[$user]['DNS_TEMPLATE'];
@@ -177,10 +186,14 @@
if (empty($_GET['domain'])) {
// Display body for dns domain
- if (empty($v_ttl)) $v_ttl = 14400;
- if (empty($v_exp)) $v_exp = date('Y-m-d', strtotime('+1 year'));
+ if (empty($v_ttl)) {
+ $v_ttl = 14400;
+ }
+ if (empty($v_exp)) {
+ $v_exp = date('Y-m-d', strtotime('+1 year'));
+ }
if (empty($v_ns1)) {
- exec (HESTIA_CMD."v-list-user-ns ".$user." json", $output, $return_var);
+ exec(HESTIA_CMD."v-list-user-ns ".$user." json", $output, $return_var);
$nameservers = json_decode(implode('', $output), true);
$v_ns1 = str_replace("'", "", $nameservers[0]);
$v_ns2 = str_replace("'", "", $nameservers[1]);
@@ -197,8 +210,8 @@
} else {
// Display body for dns record
$v_domain = $_GET['domain'];
- if (empty($v_rec)){
- $v_rec = '@';
+ if (empty($v_rec)) {
+ $v_rec = '@';
}
render_page($user, $TAB, 'add_dns_rec');
}
diff --git a/web/add/firewall/banlist/index.php b/web/add/firewall/banlist/index.php
index c2d8041840..e30b0ae791 100644
--- a/web/add/firewall/banlist/index.php
+++ b/web/add/firewall/banlist/index.php
@@ -1,5 +1,6 @@
$error) {
- if ( $i == 0 ) {
+ if ($i == 0) {
$error_msg = $error;
} else {
$error_msg = $error_msg.", ".$error;
}
}
- $_SESSION['error_msg'] = sprintf(_('Field "%s" can not be blank.'),$error_msg);
+ $_SESSION['error_msg'] = sprintf(_('Field "%s" can not be blank.'), $error_msg);
}
// Protect input
@@ -41,8 +43,8 @@
// Add firewall rule
if (empty($_SESSION['error_msg'])) {
- exec (HESTIA_CMD."v-add-firewall-ban ".$v_ip." ".$v_chain, $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-add-firewall-ban ".$v_ip." ".$v_chain, $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
}
diff --git a/web/add/firewall/index.php b/web/add/firewall/index.php
index db02d843df..c8524ab257 100644
--- a/web/add/firewall/index.php
+++ b/web/add/firewall/index.php
@@ -1,5 +1,6 @@
$value) {
- if(isset($value['SUSPENDED']) && $value['SUSPENDED'] === 'yes') {
+foreach ($data as $key => $value) {
+ if (isset($value['SUSPENDED']) && $value['SUSPENDED'] === 'yes') {
continue;
}
- if(isset($value['IP_VERSION']) && $value['IP_VERSION'] !== 'v4') {
+ if (isset($value['IP_VERSION']) && $value['IP_VERSION'] !== 'v4') {
continue;
}
array_push($ipset_lists, ['name'=>$key]);
@@ -31,31 +32,37 @@
// Check POST request
if (!empty($_POST['ok'])) { // Check token
- if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
- header('location: /login/');
- exit();
- }
+ // Check token
+ verify_csrf($_POST);
// Check empty fields
- if (empty($_POST['v_action'])) $errors[] = _('action');
- if (empty($_POST['v_protocol'])) $errors[] = _('protocol');
- if (empty($_POST['v_port']) && strlen($_POST['v_port']) == 0) $errors[] = _('port');
- if (empty($_POST['v_ip'])) $errors[] = _('ip address');
+ if (empty($_POST['v_action'])) {
+ $errors[] = _('action');
+ }
+ if (empty($_POST['v_protocol'])) {
+ $errors[] = _('protocol');
+ }
+ if (empty($_POST['v_port']) && strlen($_POST['v_port']) == 0) {
+ $errors[] = _('port');
+ }
+ if (empty($_POST['v_ip'])) {
+ $errors[] = _('ip address');
+ }
if (!empty($errors[0])) {
foreach ($errors as $i => $error) {
- if ( $i == 0 ) {
+ if ($i == 0) {
$error_msg = $error;
} else {
$error_msg = $error_msg.", ".$error;
}
}
- $_SESSION['error_msg'] = sprintf(_('Field "%s" can not be blank.'),$error_msg);
+ $_SESSION['error_msg'] = sprintf(_('Field "%s" can not be blank.'), $error_msg);
}
// Protect input
$v_action = escapeshellarg($_POST['v_action']);
$v_protocol = escapeshellarg($_POST['v_protocol']);
- $v_port = str_replace(" ",",", $_POST['v_port']);
+ $v_port = str_replace(" ", ",", $_POST['v_port']);
$v_port = preg_replace('/\,+/', ',', $v_port);
$v_port = trim($v_port, ",");
$v_port = escapeshellarg($v_port);
@@ -64,8 +71,8 @@
// Add firewall rule
if (empty($_SESSION['error_msg'])) {
- exec (HESTIA_CMD."v-add-firewall-rule ".$v_action." ".$v_ip." ".$v_port." ".$v_protocol." ".$v_comment, $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-add-firewall-rule ".$v_action." ".$v_ip." ".$v_port." ".$v_protocol." ".$v_comment, $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
}
diff --git a/web/add/firewall/ipset/index.php b/web/add/firewall/ipset/index.php
index 7f5e6d5060..8b0f574687 100644
--- a/web/add/firewall/ipset/index.php
+++ b/web/add/firewall/ipset/index.php
@@ -1,5 +1,6 @@
$error) {
- if ( $i == 0 ) {
+ if ($i == 0) {
$error_msg = $error;
} else {
$error_msg = $error_msg.", ".$error;
}
}
- $_SESSION['error_msg'] = sprintf(_('Field "%s" can not be blank.'),$error_msg);
+ $_SESSION['error_msg'] = sprintf(_('Field "%s" can not be blank.'), $error_msg);
}
$v_ipname = $_POST['v_ipname'];
@@ -45,8 +51,8 @@
// Add firewall ipset list
if (empty($_SESSION['error_msg'])) {
- exec (HESTIA_CMD."v-add-firewall-ipset ".escapeshellarg($v_ipname)." ".escapeshellarg($v_datasource)." ".escapeshellarg($v_ipver)." ".escapeshellarg($v_autoupdate), $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-add-firewall-ipset ".escapeshellarg($v_ipname)." ".escapeshellarg($v_datasource)." ".escapeshellarg($v_ipver)." ".escapeshellarg($v_autoupdate), $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
}
diff --git a/web/add/ip/index.php b/web/add/ip/index.php
index d78aba7151..310fa8a11b 100644
--- a/web/add/ip/index.php
+++ b/web/add/ip/index.php
@@ -1,5 +1,6 @@
$error) {
- if ( $i == 0 ) {
+ if ($i == 0) {
$error_msg = $error;
} else {
$error_msg = $error_msg.", ".$error;
}
}
- $_SESSION['error_msg'] = sprintf(_('Field "%s" can not be blank.'),$error_msg);
+ $_SESSION['error_msg'] = sprintf(_('Field "%s" can not be blank.'), $error_msg);
}
// Protect input
@@ -53,13 +59,12 @@
} else {
$ip_status = 'dedicated';
$v_dedicated = 'yes';
-
}
// Add IP
if (empty($_SESSION['error_msg'])) {
- exec (HESTIA_CMD."v-add-sys-ip ".$v_ip." ".$v_netmask." ".$v_interface." ".$v_owner." ".escapeshellarg($ip_status)." ".$v_name." ".$v_nat." ".$v_helo, $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-add-sys-ip ".$v_ip." ".$v_netmask." ".$v_interface." ".$v_owner." ".escapeshellarg($ip_status)." ".$v_name." ".$v_nat." ".$v_helo, $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
$v_owner = $_POST['v_owner'];
$v_interface = $_POST['v_interface'];
@@ -67,7 +72,7 @@
// Flush field values on success
if (empty($_SESSION['error_msg'])) {
- $_SESSION['ok_msg'] = sprintf(_('IP_CREATED_OK'),htmlentities($_POST['v_ip']),htmlentities($_POST['v_ip']));
+ $_SESSION['ok_msg'] = sprintf(_('IP_CREATED_OK'), htmlentities($_POST['v_ip']), htmlentities($_POST['v_ip']));
unset($v_ip);
unset($v_netmask);
unset($v_name);
@@ -77,12 +82,12 @@
}
// List network interfaces
-exec (HESTIA_CMD."v-list-sys-interfaces 'json'", $output, $return_var);
+exec(HESTIA_CMD."v-list-sys-interfaces 'json'", $output, $return_var);
$interfaces = json_decode(implode('', $output), true);
unset($output);
// List users
-exec (HESTIA_CMD."v-list-sys-users 'json'", $output, $return_var);
+exec(HESTIA_CMD."v-list-sys-users 'json'", $output, $return_var);
$users = json_decode(implode('', $output), true);
unset($output);
diff --git a/web/add/key/index.php b/web/add/key/index.php
index 0a27d82686..cfa0bec724 100644
--- a/web/add/key/index.php
+++ b/web/add/key/index.php
@@ -1,4 +1,5 @@
$value){
+ foreach ($data as $key => $value) {
$idlist[] = trim($data[$key]['ID']);
$keylist[] = trim($data[$key]['KEY']);
}
-
- $v_key_parts = explode(' ',$_POST['v_key']);
+
+ $v_key_parts = explode(' ', $_POST['v_key']);
$key_id = trim($v_key_parts[2]);
- if($v_key_parts[2] == ''){
+ if ($v_key_parts[2] == '') {
$v_key_parts[2] = md5(time());
$_POST['v_key'] .= ' '.$v_key_parts[2];
}
-
+
//for deleting / revoking key the last part user@domain is used therefore needs to be unique
//maybe consider adding random generated message or even an human read able string set by user?
- if(in_array($v_key_parts[2], $idlist)){
+ if (in_array($v_key_parts[2], $idlist)) {
$_SESSION['error_msg'] = _('SSH KEY already exists');
}
- if(in_array($v_key_parts[1], $keylist)){
+ if (in_array($v_key_parts[1], $keylist)) {
$_SESSION['error_msg'] = _('SSH KEY already exists');
}
$v_key = escapeshellarg(trim($_POST['v_key']));
}
}
-
+
if (empty($_SESSION['error_msg'])) {
- exec (HESTIA_CMD."v-add-user-ssh-key ".$user." ".$v_key, $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-add-user-ssh-key ".$user." ".$v_key, $output, $return_var);
+ check_return_code($return_var, $output);
}
unset($output);
// Flush field values on success
if (empty($_SESSION['error_msg'])) {
- $_SESSION['ok_msg'] = _('SSH KEY created');
+ $_SESSION['ok_msg'] = _('SSH KEY created');
}
-
}
render_page($user, $TAB, 'add_key');
// Flush session messages
unset($_SESSION['error_msg']);
-unset($_SESSION['ok_msg']);
\ No newline at end of file
+unset($_SESSION['ok_msg']);
diff --git a/web/add/mail/index.php b/web/add/mail/index.php
index 4866f6eca7..d233ac6386 100644
--- a/web/add/mail/index.php
+++ b/web/add/mail/index.php
@@ -1,4 +1,5 @@
$error) {
- if ( $i == 0 ) {
+ if ($i == 0) {
$error_msg = $error;
} else {
$error_msg = $error_msg.", ".$error;
}
}
- $_SESSION['error_msg'] = sprintf(_('Field "%s" can not be blank.'),$error_msg);
+ $_SESSION['error_msg'] = sprintf(_('Field "%s" can not be blank.'), $error_msg);
}
// Check antispam option
@@ -79,32 +79,32 @@
// Add mail domain
if (empty($_SESSION['error_msg'])) {
- exec (HESTIA_CMD."v-add-mail-domain ".$user." ".$v_domain." ".$v_antispam." ".$v_antivirus." ".$v_dkim, $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-add-mail-domain ".$user." ".$v_domain." ".$v_antispam." ".$v_antivirus." ".$v_dkim, $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
}
-
- if (!empty($_SESSION['IMAP_SYSTEM']) && !empty($_SESSION['WEBMAIL_SYSTEM'])){
+
+ if (!empty($_SESSION['IMAP_SYSTEM']) && !empty($_SESSION['WEBMAIL_SYSTEM'])) {
if (empty($_SESSION['error_msg'])) {
- if (!empty($_POST['v_webmail'])) {
- $v_webmail = escapeshellarg($_POST['v_webmail']);
- exec (HESTIA_CMD."v-add-mail-domain-webmail ".$user." ".$v_domain." ".$v_webmail." yes", $output, $return_var);
- check_return_code($return_var,$output);
- unset($output);
- }
+ if (!empty($_POST['v_webmail'])) {
+ $v_webmail = escapeshellarg($_POST['v_webmail']);
+ exec(HESTIA_CMD."v-add-mail-domain-webmail ".$user." ".$v_domain." ".$v_webmail." yes", $output, $return_var);
+ check_return_code($return_var, $output);
+ unset($output);
+ }
}
}
-
+
if (!empty($_SESSION['IMAP_SYSTEM']) && !empty($_SESSION['WEBMAIL_SYSTEM'])) {
if (empty($_POST['v_webmail'])) {
if (empty($_SESSION['error_msg'])) {
- exec (HESTIA_CMD."v-delete-mail-domain-webmail ".$user." ".$v_domain." yes", $output, $return_var);
- check_return_code($return_var,$output);
- unset($output);
+ exec(HESTIA_CMD."v-delete-mail-domain-webmail ".$user." ".$v_domain." yes", $output, $return_var);
+ check_return_code($return_var, $output);
+ unset($output);
}
}
}
-
+
// Add SMTP Relay Support
if (empty($_SESSION['error_msg'])) {
if (isset($_POST['v_smtp_relay']) && (!empty($_POST['v_smtp_relay_host'])) && (!empty($_POST['v_smtp_relay_user']))) {
@@ -112,7 +112,7 @@
($_POST['v_smtp_relay_user'] != $v_smtp_relay_user) ||
($_POST['v_smtp_relay_port'] != $v_smtp_relay_port)) {
if (!empty($_POST['v_smtp_relay_pass'])) {
- $v_smtp_relay = true;
+ $v_smtp_relay = true;
$v_smtp_relay_host = escapeshellarg($_POST['v_smtp_relay_host']);
$v_smtp_relay_user = escapeshellarg($_POST['v_smtp_relay_user']);
$v_smtp_relay_pass = escapeshellarg($_POST['v_smtp_relay_pass']);
@@ -121,8 +121,8 @@
} else {
$v_smtp_relay_port = '587';
}
- exec (HESTIA_CMD."v-add-mail-domain-smtp-relay ".$user." ".$v_domain." ".$v_smtp_relay_host." ".$v_smtp_relay_user." ".$v_smtp_relay_pass." ".$v_smtp_relay_port, $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-add-mail-domain-smtp-relay ".$user." ".$v_domain." ".$v_smtp_relay_host." ".$v_smtp_relay_user." ".$v_smtp_relay_pass." ".$v_smtp_relay_port, $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
} else {
$_SESSION['error_msg'] = _('SMTP Relay Password is required');
@@ -130,10 +130,10 @@
}
}
}
-
+
// Flush field values on success
if (empty($_SESSION['error_msg'])) {
- $_SESSION['ok_msg'] = sprintf(_('MAIL_DOMAIN_CREATED_OK'),htmlentities($_POST['v_domain']),htmlentities($_POST['v_domain']));
+ $_SESSION['ok_msg'] = sprintf(_('MAIL_DOMAIN_CREATED_OK'), htmlentities($_POST['v_domain']), htmlentities($_POST['v_domain']));
unset($v_domain, $v_webmail);
}
}
@@ -147,8 +147,8 @@
header('location: /login/');
exit();
}
-
-
+
+
// Check antispam option
if (!empty($_POST['v_blackhole'])) {
$v_blackhole = 'yes';
@@ -156,20 +156,26 @@
$v_blackhole = 'no';
}
// Check empty fields
- if (empty($_POST['v_domain'])) $errors[] = _('domain');
- if (empty($_POST['v_account'])) $errors[] = _('account');
+ if (empty($_POST['v_domain'])) {
+ $errors[] = _('domain');
+ }
+ if (empty($_POST['v_account'])) {
+ $errors[] = _('account');
+ }
if ((empty($_POST['v_fwd_only']) && empty($_POST['v_password']))) {
- if (empty($_POST['v_password'])) $errors[] = _('password');
+ if (empty($_POST['v_password'])) {
+ $errors[] = _('password');
+ }
}
if (!empty($errors[0])) {
foreach ($errors as $i => $error) {
- if ( $i == 0 ) {
+ if ($i == 0) {
$error_msg = $error;
} else {
$error_msg = $error_msg.", ".$error;
}
}
- $_SESSION['error_msg'] = sprintf(_('Field "%s" can not be blank.'),$error_msg);
+ $_SESSION['error_msg'] = sprintf(_('Field "%s" can not be blank.'), $error_msg);
}
// Validate email
@@ -178,10 +184,12 @@
$_SESSION['error_msg'] = _('Please enter valid email address.');
}
}
-
+
// Check password length
if (empty($_SESSION['error_msg']) && (empty($_POST['v_fwd_only']))) {
- if (!validate_password($_POST['v_password'])) { $_SESSION['error_msg'] = _('Password does not match the minimum requirements');}
+ if (!validate_password($_POST['v_password'])) {
+ $_SESSION['error_msg'] = _('Password does not match the minimum requirements');
+ }
}
// Protect input
@@ -193,17 +201,21 @@
$v_credentials = $_POST['v_credentials'];
$v_aliases = $_POST['v_aliases'];
$v_fwd = $_POST['v_fwd'];
- if (empty($_POST['v_quota'])) $v_quota = 0;
- if ((!empty($_POST['v_quota'])) || (!empty($_POST['v_aliases'])) || (!empty($_POST['v_fwd'])) ) $v_adv = 'yes';
+ if (empty($_POST['v_quota'])) {
+ $v_quota = 0;
+ }
+ if ((!empty($_POST['v_quota'])) || (!empty($_POST['v_aliases'])) || (!empty($_POST['v_fwd']))) {
+ $v_adv = 'yes';
+ }
// Add Mail Account
if (empty($_SESSION['error_msg'])) {
- $v_password = tempnam("/tmp","vst");
+ $v_password = tempnam("/tmp", "vst");
$fp = fopen($v_password, "w");
fwrite($fp, $_POST['v_password']."\n");
fclose($fp);
- exec (HESTIA_CMD."v-add-mail-account ".$user." ".$v_domain." ".$v_account." ".$v_password." ".$v_quota, $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-add-mail-account ".$user." ".$v_domain." ".$v_account." ".$v_password." ".$v_quota, $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
unlink($v_password);
$v_password = escapeshellarg($_POST['v_password']);
@@ -213,22 +225,22 @@
if ((!empty($_POST['v_aliases'])) && (empty($_SESSION['error_msg']))) {
$valiases = preg_replace("/\n/", " ", $_POST['v_aliases']);
$valiases = preg_replace("/,/", " ", $valiases);
- $valiases = preg_replace('/\s+/', ' ',$valiases);
+ $valiases = preg_replace('/\s+/', ' ', $valiases);
$valiases = trim($valiases);
$aliases = explode(" ", $valiases);
foreach ($aliases as $alias) {
$alias = escapeshellarg($alias);
if (empty($_SESSION['error_msg'])) {
- exec (HESTIA_CMD."v-add-mail-account-alias ".$user." ".$v_domain." ".$v_account." ".$alias, $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-add-mail-account-alias ".$user." ".$v_domain." ".$v_account." ".$alias, $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
}
}
}
- if ((!empty($_POST['v_blackhole'])) && (empty($_SESSION['error_msg']))){
- exec (HESTIA_CMD."v-add-mail-account-forward ".$user." ".$v_domain." ".$v_account." :blackhole:", $output, $return_var);
- check_return_code($return_var,$output);
+ if ((!empty($_POST['v_blackhole'])) && (empty($_SESSION['error_msg']))) {
+ exec(HESTIA_CMD."v-add-mail-account-forward ".$user." ".$v_domain." ".$v_account." :blackhole:", $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
//disable any input in v_fwd
$_POST['v_fwd'] = '';
@@ -237,14 +249,14 @@
if ((!empty($_POST['v_fwd'])) && (empty($_SESSION['error_msg']))) {
$vfwd = preg_replace("/\n/", " ", $_POST['v_fwd']);
$vfwd = preg_replace("/,/", " ", $vfwd);
- $vfwd = preg_replace('/\s+/', ' ',$vfwd);
+ $vfwd = preg_replace('/\s+/', ' ', $vfwd);
$vfwd = trim($vfwd);
$fwd = explode(" ", $vfwd);
foreach ($fwd as $forward) {
$forward = escapeshellarg($forward);
if (empty($_SESSION['error_msg'])) {
- exec (HESTIA_CMD."v-add-mail-account-forward ".$user." ".$v_domain." ".$v_account." ".$forward, $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-add-mail-account-forward ".$user." ".$v_domain." ".$v_account." ".$forward, $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
}
}
@@ -252,8 +264,8 @@
// Add fwd_only flag
if ((!empty($_POST['v_fwd_only'])) && (empty($_SESSION['error_msg']))) {
- exec (HESTIA_CMD."v-add-mail-account-fwd-only ".$user." ".$v_domain." ".$v_account, $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-add-mail-account-fwd-only ".$user." ".$v_domain." ".$v_account, $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
}
@@ -261,7 +273,9 @@
if (empty($_SESSION['error_msg'])) {
list($http_host, $port) = explode(':', $_SERVER["HTTP_HOST"].":");
$webmail = "http://".$hostname."/".$v_webmail_alias."/";
- if (!empty($_SESSION['WEBMAIL_ALIAS'])) $webmail = $_SESSION['WEBMAIL_ALIAS'];
+ if (!empty($_SESSION['WEBMAIL_ALIAS'])) {
+ $webmail = $_SESSION['WEBMAIL_ALIAS'];
+ }
}
// Email login credentials
@@ -277,7 +291,7 @@
// Flush field values on success
if (empty($_SESSION['error_msg'])) {
- $_SESSION['ok_msg'] = sprintf(_('MAIL_ACCOUNT_CREATED_OK'),htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST['v_domain']),htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST['v_domain']));
+ $_SESSION['ok_msg'] = sprintf(_('MAIL_ACCOUNT_CREATED_OK'), htmlentities(strtolower($_POST['v_account'])), htmlentities($_POST['v_domain']), htmlentities(strtolower($_POST['v_account'])), htmlentities($_POST['v_domain']));
unset($v_account);
unset($v_password);
unset($v_aliases);
@@ -289,9 +303,9 @@
// Render page
if (empty($_GET['domain'])) {
// Display body for mail domain
- if( !empty($_POST['v_webmail']) ){
+ if (!empty($_POST['v_webmail'])) {
$v_webmail = $_POST['v_webmail'];
- }else{
+ } else {
//default is always roundcube unless it hasn't been installed. Then picks the first one in order
$v_webmail = 'roundcube';
}
diff --git a/web/add/package/index.php b/web/add/package/index.php
index 9cbc65a937..e24fcfeec9 100644
--- a/web/add/package/index.php
+++ b/web/add/package/index.php
@@ -17,10 +17,7 @@
if (!empty($_POST['ok'])) {
// Check token
- if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
- header('location: /login/');
- exit();
- }
+ verify_csrf($_POST);
// Check empty fields
if (empty($_POST['v_package'])) {
diff --git a/web/add/user/index.php b/web/add/user/index.php
index dfde44adcf..a9b12563d8 100644
--- a/web/add/user/index.php
+++ b/web/add/user/index.php
@@ -1,5 +1,6 @@
$error) {
- if ( $i == 0 ) {
+ if ($i == 0) {
$error_msg = $error;
} else {
$error_msg = $error_msg.", ".$error;
}
}
- $_SESSION['error_msg'] = sprintf(_('Field "%s" can not be blank.'),$error_msg);
+ $_SESSION['error_msg'] = sprintf(_('Field "%s" can not be blank.'), $error_msg);
}
// Validate email
@@ -45,7 +53,9 @@
// Check password length
if (empty($_SESSION['error_msg'])) {
- if (!validate_password($_POST['v_password'])) { $_SESSION['error_msg'] = _('Password does not match the minimum requirements'); }
+ if (!validate_password($_POST['v_password'])) {
+ $_SESSION['error_msg'] = _('Password does not match the minimum requirements');
+ }
}
// Protect input
@@ -59,12 +69,12 @@
// Add user
if (empty($_SESSION['error_msg'])) {
- $v_password = tempnam("/tmp","vst");
+ $v_password = tempnam("/tmp", "vst");
$fp = fopen($v_password, "w");
fwrite($fp, $_POST['v_password']."\n");
fclose($fp);
- exec (HESTIA_CMD."v-add-user ".$v_username." ".$v_password." ".$v_email." ".$v_package." ".$v_name, $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-add-user ".$v_username." ".$v_password." ".$v_email." ".$v_package." ".$v_name, $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
unlink($v_password);
$v_password = escapeshellarg($_POST['v_password']);
@@ -72,25 +82,29 @@
// Set language
if (empty($_SESSION['error_msg'])) {
- exec (HESTIA_CMD."v-change-user-language ".$v_username." ".$v_language, $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-change-user-language ".$v_username." ".$v_language, $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
}
// Set Role
if (empty($_SESSION['error_msg'])) {
$v_role = escapeshellarg($_POST['v_role']);
- exec (HESTIA_CMD."v-change-user-role ".$v_username." ".$v_role, $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-change-user-role ".$v_username." ".$v_role, $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
}
// Set login restriction
if (empty($_SESSION['error_msg'])) {
if ($_POST['v_login_disabled']) {
- if ($_POST['v_login_disabled'] == 'on') { $_POST['v_login_disabled'] = 'yes'; } else { $_POST['v_login_disabled'] = 'no'; }
- exec (HESTIA_CMD."v-change-user-config-value ".$v_username." LOGIN_DISABLED ".escapeshellarg($_POST['v_login_disabled']), $output, $return_var);
- check_return_code($return_var,$output);
+ if ($_POST['v_login_disabled'] == 'on') {
+ $_POST['v_login_disabled'] = 'yes';
+ } else {
+ $_POST['v_login_disabled'] = 'no';
+ }
+ exec(HESTIA_CMD."v-change-user-config-value ".$v_username." LOGIN_DISABLED ".escapeshellarg($_POST['v_login_disabled']), $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
}
}
@@ -98,9 +112,9 @@
// Send email to the new user
if ((empty($_SESSION['error_msg'])) && (!empty($v_notify))) {
$to = $_POST['v_notify'];
- // send email in "users" language
+ // send email in "users" language
putenv("LANGUAGE=".$_POST['v_language']);
-
+
$subject = _("Welcome to Hestia Control Panel");
$hostname = exec('hostname');
unset($output);
@@ -108,19 +122,19 @@
$from_name = _('Hestia Control Panel');
if (!empty($_POST['v_name'])) {
- $mailtext = sprintf(_('GREETINGS_GORDON'),$_POST['v_name'])."\r\n";
+ $mailtext = sprintf(_('GREETINGS_GORDON'), $_POST['v_name'])."\r\n";
} else {
$mailtext = _('GREETINGS')."\r\n";
}
-
- $mailtext .= sprintf(_('ACCOUNT_READY'),$_SERVER['HTTP_HOST'],$_POST['v_username'],$_POST['v_password']);
+
+ $mailtext .= sprintf(_('ACCOUNT_READY'), $_SERVER['HTTP_HOST'], $_POST['v_username'], $_POST['v_password']);
send_email($to, $subject, $mailtext, $from, $from_name, $_POST['name']);
putenv("LANGUAGE=".detect_user_language());
}
// Flush field values on success
if (empty($_SESSION['error_msg'])) {
- $_SESSION['ok_msg'] = sprintf(_('USER_CREATED_OK'),htmlentities($_POST['v_username']),htmlentities($_POST['v_username']));
+ $_SESSION['ok_msg'] = sprintf(_('USER_CREATED_OK'), htmlentities($_POST['v_username']), htmlentities($_POST['v_username']));
$_SESSION['ok_msg'] .= " / " . _('login as') ." ".htmlentities($_POST['v_username']). "";
unset($v_username);
unset($v_password);
@@ -132,15 +146,15 @@
// List hosting packages
-exec (HESTIA_CMD."v-list-user-packages json", $output, $return_var);
+exec(HESTIA_CMD."v-list-user-packages json", $output, $return_var);
check_error($return_var);
$data = json_decode(implode('', $output), true);
unset($output);
// List languages
-exec (HESTIA_CMD."v-list-sys-languages json", $output, $return_var);
+exec(HESTIA_CMD."v-list-sys-languages json", $output, $return_var);
$language = json_decode(implode('', $output), true);
-foreach($language as $lang){
+foreach ($language as $lang) {
$languages[$lang] = translate_json($lang);
}
asort($languages);
diff --git a/web/add/web/index.php b/web/add/web/index.php
index 02ac8bfe57..a7da60c290 100644
--- a/web/add/web/index.php
+++ b/web/add/web/index.php
@@ -1,5 +1,6 @@
$error) {
- if ( $i == 0 ) {
+ if ($i == 0) {
$error_msg = $error;
} else {
$error_msg = $error_msg.", ".$error;
}
}
- $_SESSION['error_msg'] = sprintf(_('Field "%s" can not be blank.'),$error_msg);
+ $_SESSION['error_msg'] = sprintf(_('Field "%s" can not be blank.'), $error_msg);
}
// Check stats password length
if ((!empty($v_stats)) && (empty($_SESSION['error_msg']))) {
if (!empty($_POST['v_stats_user'])) {
$pw_len = strlen($_POST['v_stats_password']);
- if ($pw_len < 6 ) $_SESSION['error_msg'] = _('Password is too short.',$error_msg);
+ if ($pw_len < 6) {
+ $_SESSION['error_msg'] = _('Password is too short.', $error_msg);
+ }
}
}
@@ -46,11 +54,11 @@
// Define domain ip address
$v_ip = escapeshellarg($_POST['v_ip']);
- // Using public IP instead of internal IP when creating DNS
+ // Using public IP instead of internal IP when creating DNS
// Gets public IP from 'v-list-user-ips' command (that reads /hestia/data/ips/ip), precisely from 'NAT' field
$v_public_ip = $v_ip;
$v_clean_ip = $_POST['v_ip']; // clean_ip = IP without quotas
- exec (HESTIA_CMD."v-list-user-ips ".$user." json", $output, $return_var);
+ exec(HESTIA_CMD."v-list-user-ips ".$user." json", $output, $return_var);
$ips = json_decode(implode('', $output), true);
unset($output);
if (isset($ips[$v_clean_ip]) && isset($ips[$v_clean_ip]['NAT']) && trim($ips[$v_clean_ip]['NAT'])!='') {
@@ -67,9 +75,11 @@
$aliases_arr = explode(",", $aliases);
$aliases_arr = array_unique($aliases_arr);
$aliases_arr = array_filter($aliases_arr);
- $aliases = implode(",",$aliases_arr);
+ $aliases = implode(",", $aliases_arr);
$aliases = escapeshellarg($aliases);
- if (empty($_POST['v_aliases'])) $aliases = 'none';
+ if (empty($_POST['v_aliases'])) {
+ $aliases = 'none';
+ }
// Define proxy extensions
$v_proxy_ext = $_POST['v_proxy_ext'];
@@ -80,7 +90,7 @@
$proxy_ext_arr = explode(",", $proxy_ext);
$proxy_ext_arr = array_unique($proxy_ext_arr);
$proxy_ext_arr = array_filter($proxy_ext_arr);
- $proxy_ext = implode(",",$proxy_ext_arr);
+ $proxy_ext = implode(",", $proxy_ext_arr);
$proxy_ext = escapeshellarg($proxy_ext);
// Define other options
@@ -97,49 +107,77 @@
$v_custom_doc_domain = $_POST['v-custom-doc-domain'];
$v_custom_doc_folder = $_POST['v-custom-doc-folder'];
$v_custom_doc_root_prepath = '/home/'.$user.'/web/';
-
+
$v_ftp = $_POST['v_ftp'];
$v_ftp_user = $_POST['v_ftp_user'];
$v_ftp_password = $_POST['v_ftp_password'];
$v_ftp_email = $_POST['v_ftp_email'];
- if (!empty($v_domain)) $v_ftp_user_prepath .= $v_domain;
+ if (!empty($v_domain)) {
+ $v_ftp_user_prepath .= $v_domain;
+ }
- exec (HESTIA_CMD."v-list-user ".$user." json", $output, $return_var);
+ exec(HESTIA_CMD."v-list-user ".$user." json", $output, $return_var);
$user_config = json_decode(implode('', $output), true);
unset($output);
-
+
$v_template = $user_config[$user]['TEMPLATE'];
$v_backend_template = $user_config[$user]['BACKEND_TEMPLATE'];
$v_proxy_template = $user_config[$user]['PROXY_TEMPLATE'];
-
+
// Set advanced option checkmark
- if (!empty($_POST['v_proxy'])) $v_adv = 'yes'; $v_proxy = "yes";
- if (!empty($_POST['v_ftp'])) $v_adv = 'yes';
- if ($_POST['v_proxy_ext'] != $v_proxy_ext) $v_adv = 'yes';
- if ((!empty($_POST['v_aliases'])) && ($_POST['v_aliases'] != 'www.'.$_POST['v_domain'])) $v_adv = 'yes';
- if ((!empty($_POST['v_ssl'])) || (!empty($_POST['v_elog']))) $v_adv = 'yes';
- if ((!empty($_POST['v_ssl_crt'])) || (!empty($_POST['v_ssl_key']))) $v_adv = 'yes';
- if ((!empty($_POST['v_ssl_ca'])) || ($_POST['v_stats'] != 'none')) $v_adv = 'yes';
- if ((!empty($_POST['v_letsencrypt']))) $v_adv = 'yes';
- if (!empty($_POST['v_custom_doc_root_check'])){$v_adv = 'yes'; $v_custom_doc_root = 1; }
-
+ if (!empty($_POST['v_proxy'])) {
+ $v_adv = 'yes';
+ }
+ $v_proxy = "yes";
+ if (!empty($_POST['v_ftp'])) {
+ $v_adv = 'yes';
+ }
+ if ($_POST['v_proxy_ext'] != $v_proxy_ext) {
+ $v_adv = 'yes';
+ }
+ if ((!empty($_POST['v_aliases'])) && ($_POST['v_aliases'] != 'www.'.$_POST['v_domain'])) {
+ $v_adv = 'yes';
+ }
+ if ((!empty($_POST['v_ssl'])) || (!empty($_POST['v_elog']))) {
+ $v_adv = 'yes';
+ }
+ if ((!empty($_POST['v_ssl_crt'])) || (!empty($_POST['v_ssl_key']))) {
+ $v_adv = 'yes';
+ }
+ if ((!empty($_POST['v_ssl_ca'])) || ($_POST['v_stats'] != 'none')) {
+ $v_adv = 'yes';
+ }
+ if ((!empty($_POST['v_letsencrypt']))) {
+ $v_adv = 'yes';
+ }
+ if (!empty($_POST['v_custom_doc_root_check'])) {
+ $v_adv = 'yes';
+ $v_custom_doc_root = 1;
+ }
+
// Check advanced features
- if (empty($_POST['v_dns'])) $v_dns = 'off';
- if (empty($_POST['v_mail'])) $v_mail = 'off';
- if (empty($_POST['v_proxy'])) $v_proxy = 'off';
+ if (empty($_POST['v_dns'])) {
+ $v_dns = 'off';
+ }
+ if (empty($_POST['v_mail'])) {
+ $v_mail = 'off';
+ }
+ if (empty($_POST['v_proxy'])) {
+ $v_proxy = 'off';
+ }
// Add web domain
if (empty($_SESSION['error_msg'])) {
- exec (HESTIA_CMD."v-add-web-domain ".$user." ".escapeshellarg($v_domain)." ".$v_ip." 'yes' ".$aliases." ".$proxy_ext, $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-add-web-domain ".$user." ".escapeshellarg($v_domain)." ".$v_ip." 'yes' ".$aliases." ".$proxy_ext, $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
$domain_added = empty($_SESSION['error_msg']);
}
// Add DNS domain
if (($_POST['v_dns'] == 'on') && (empty($_SESSION['error_msg']))) {
- exec (HESTIA_CMD."v-add-dns-domain ".$user." ".escapeshellarg($v_domain)." ".$v_public_ip." '' '' '' '' '' '' '' '' 'no'", $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-add-dns-domain ".$user." ".escapeshellarg($v_domain)." ".$v_public_ip." '' '' '' '' '' '' '' '' 'no'", $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
}
@@ -148,8 +186,8 @@
foreach ($aliases_arr as $alias) {
if ($alias != "www.".$v_domain) {
$alias = escapeshellarg($alias);
- exec (HESTIA_CMD."v-add-dns-on-web-alias ".$user." ".$alias." ".$v_ip." 'no'", $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-add-dns-on-web-alias ".$user." ".$alias." ".$v_ip." 'no'", $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
}
}
@@ -157,178 +195,184 @@
// Add mail domain
if (($_POST['v_mail'] == 'on') && (empty($_SESSION['error_msg']))) {
- exec (HESTIA_CMD."v-add-mail-domain ".$user." ".escapeshellarg($v_domain), $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-add-mail-domain ".$user." ".escapeshellarg($v_domain), $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
}
// Delete proxy support
if ((!empty($_SESSION['PROXY_SYSTEM'])) && ($_POST['v_proxy'] == 'off') && (empty($_SESSION['error_msg']))) {
$ext = escapeshellarg($ext);
- exec (HESTIA_CMD."v-delete-web-domain-proxy ".$user." ".escapeshellarg($v_domain)." 'no'", $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-delete-web-domain-proxy ".$user." ".escapeshellarg($v_domain)." 'no'", $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
$restart_web = 'yes';
}
-
+
// Change template
if (($v_template != $_POST['v_template']) && (empty($_SESSION['error_msg']))) {
- exec (HESTIA_CMD."v-change-web-domain-tpl ".$user." ".escapeshellarg($v_domain)." ".escapeshellarg($_POST['v_template'])." 'no'", $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-change-web-domain-tpl ".$user." ".escapeshellarg($v_domain)." ".escapeshellarg($_POST['v_template'])." 'no'", $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
$restart_web = 'yes';
}
// Change backend template
- if ((!empty($_SESSION['WEB_BACKEND'])) && ( $v_backend_template != $_POST['v_backend_template']) && (empty($_SESSION['error_msg']))) {
+ if ((!empty($_SESSION['WEB_BACKEND'])) && ($v_backend_template != $_POST['v_backend_template']) && (empty($_SESSION['error_msg']))) {
$v_backend_template = $_POST['v_backend_template'];
- exec (HESTIA_CMD."v-change-web-domain-backend-tpl ".$user." ".escapeshellarg($v_domain)." ".escapeshellarg($v_backend_template), $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-change-web-domain-backend-tpl ".$user." ".escapeshellarg($v_domain)." ".escapeshellarg($v_backend_template), $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
}
// Change proxy template / Update extension list
- if ((!empty($_SESSION['PROXY_SYSTEM'])) && (!empty($v_proxy)) && (!empty($_POST['v_proxy'])) && (empty($_SESSION['error_msg'])) ) {
+ if ((!empty($_SESSION['PROXY_SYSTEM'])) && (!empty($v_proxy)) && (!empty($_POST['v_proxy'])) && (empty($_SESSION['error_msg']))) {
$ext = preg_replace("/\n/", " ", $_POST['v_proxy_ext']);
$ext = preg_replace("/,/", " ", $ext);
- $ext = preg_replace('/\s+/', ' ',$ext);
+ $ext = preg_replace('/\s+/', ' ', $ext);
$ext = trim($ext);
$ext = str_replace(' ', ", ", $ext);
- if (( $v_proxy_template != $_POST['v_proxy_template']) || ($v_proxy_ext != $ext)) {
+ if (($v_proxy_template != $_POST['v_proxy_template']) || ($v_proxy_ext != $ext)) {
$ext = str_replace(', ', ",", $ext);
- if (!empty($_POST['v_proxy_template'])) $v_proxy_template = $_POST['v_proxy_template'];
- exec (HESTIA_CMD."v-change-web-domain-proxy-tpl ".$user." ".escapeshellarg($v_domain)." ".escapeshellarg($v_proxy_template)." ".escapeshellarg($ext)." 'no'", $output, $return_var);
- check_return_code($return_var,$output);
+ if (!empty($_POST['v_proxy_template'])) {
+ $v_proxy_template = $_POST['v_proxy_template'];
+ }
+ exec(HESTIA_CMD."v-change-web-domain-proxy-tpl ".$user." ".escapeshellarg($v_domain)." ".escapeshellarg($v_proxy_template)." ".escapeshellarg($ext)." 'no'", $output, $return_var);
+ check_return_code($return_var, $output);
$v_proxy_ext = str_replace(',', ', ', $ext);
unset($output);
$restart_proxy = 'yes';
}
}
-
+
// Add Lets Encrypt support
- if ((!empty($_POST['v_letsencrypt'])) && (empty($_SESSION['error_msg']))) {
- exec (HESTIA_CMD."v-schedule-letsencrypt-domain ".$user." ".escapeshellarg($v_domain), $output, $return_var);
- check_return_code($return_var,$output);
+ if ((!empty($_POST['v_letsencrypt'])) && (empty($_SESSION['error_msg']))) {
+ exec(HESTIA_CMD."v-schedule-letsencrypt-domain ".$user." ".escapeshellarg($v_domain), $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
-
- if(!empty($_POST['v_ssl_forcessl']) && $_POST['v_ssl_forcessl'] = 'yes'){
- exec (HESTIA_CMD."v-add-web-domain-ssl-preset ".$user." ".escapeshellarg($v_domain)." 'yes'", $output, $return_var);
- check_return_code($return_var,$output);
- unset ($output);
- }
-
- } else {
+
+ if (!empty($_POST['v_ssl_forcessl']) && $_POST['v_ssl_forcessl'] = 'yes') {
+ exec(HESTIA_CMD."v-add-web-domain-ssl-preset ".$user." ".escapeshellarg($v_domain)." 'yes'", $output, $return_var);
+ check_return_code($return_var, $output);
+ unset($output);
+ }
+ } else {
// Add SSL certificates only if Lets Encrypt is off
- if ((!empty($_POST['v_ssl'])) && (empty($_SESSION['error_msg']))) {
- exec ('mktemp -d', $output, $return_var);
- $tmpdir = $output[0];
- unset($output);
-
- // Save certificate
- if (!empty($_POST['v_ssl_crt'])) {
- $fp = fopen($tmpdir."/".$_POST['v_domain'].".crt", 'w');
- fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_crt']));
- fwrite($fp, "\n");
- fclose($fp);
- }
-
- // Save private key
- if (!empty($_POST['v_ssl_key'])) {
- $fp = fopen($tmpdir."/".$_POST['v_domain'].".key", 'w');
- fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_key']));
- fwrite($fp, "\n");
- fclose($fp);
- }
-
- // Save CA bundle
- if (!empty($_POST['v_ssl_ca'])) {
- $fp = fopen($tmpdir."/".$_POST['v_domain'].".ca", 'w');
- fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_ca']));
- fwrite($fp, "\n");
- fclose($fp);
- }
-
- $v_ssl_home = escapeshellarg($_POST['v_ssl_home']);
- exec (HESTIA_CMD."v-add-web-domain-ssl ".$user." ".escapeshellarg($v_domain)." ".$tmpdir." ".$v_ssl_home." 'no'", $output, $return_var);
- check_return_code($return_var,$output);
- unset($output);
-
- if(!empty($_POST['v_ssl_forcessl']) && $_POST['v_ssl_forcessl'] = 'yes'){
- exec (HESTIA_CMD."v-add-web-domain-ssl-force ".$user." ".escapeshellarg($v_domain), $output, $return_var);
- check_return_code($return_var,$output);
- unset ($output);
- }
+ if ((!empty($_POST['v_ssl'])) && (empty($_SESSION['error_msg']))) {
+ exec('mktemp -d', $output, $return_var);
+ $tmpdir = $output[0];
+ unset($output);
+
+ // Save certificate
+ if (!empty($_POST['v_ssl_crt'])) {
+ $fp = fopen($tmpdir."/".$_POST['v_domain'].".crt", 'w');
+ fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_crt']));
+ fwrite($fp, "\n");
+ fclose($fp);
+ }
+
+ // Save private key
+ if (!empty($_POST['v_ssl_key'])) {
+ $fp = fopen($tmpdir."/".$_POST['v_domain'].".key", 'w');
+ fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_key']));
+ fwrite($fp, "\n");
+ fclose($fp);
+ }
+
+ // Save CA bundle
+ if (!empty($_POST['v_ssl_ca'])) {
+ $fp = fopen($tmpdir."/".$_POST['v_domain'].".ca", 'w');
+ fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_ca']));
+ fwrite($fp, "\n");
+ fclose($fp);
+ }
+
+ $v_ssl_home = escapeshellarg($_POST['v_ssl_home']);
+ exec(HESTIA_CMD."v-add-web-domain-ssl ".$user." ".escapeshellarg($v_domain)." ".$tmpdir." ".$v_ssl_home." 'no'", $output, $return_var);
+ check_return_code($return_var, $output);
+ unset($output);
+
+ if (!empty($_POST['v_ssl_forcessl']) && $_POST['v_ssl_forcessl'] = 'yes') {
+ exec(HESTIA_CMD."v-add-web-domain-ssl-force ".$user." ".escapeshellarg($v_domain), $output, $return_var);
+ check_return_code($return_var, $output);
+ unset($output);
+ }
// Cleanup certificate tempfiles
- if (!empty($_POST['v_ssl_crt'])) unlink($tmpdir."/".$v_domain.".crt");
- if (!empty($_POST['v_ssl_key'])) unlink($tmpdir."/".$v_domain.".key");
- if (!empty($_POST['v_ssl_ca'])) unlink($tmpdir."/".$v_domain.".ca");
+ if (!empty($_POST['v_ssl_crt'])) {
+ unlink($tmpdir."/".$v_domain.".crt");
+ }
+ if (!empty($_POST['v_ssl_key'])) {
+ unlink($tmpdir."/".$v_domain.".key");
+ }
+ if (!empty($_POST['v_ssl_ca'])) {
+ unlink($tmpdir."/".$v_domain.".ca");
+ }
rmdir($tmpdir);
- }
- }
+ }
+ }
// Add web stats
- if ((!empty($_POST['v_stats'])) && ($_POST['v_stats'] != 'none' ) && (empty($_SESSION['error_msg']))) {
+ if ((!empty($_POST['v_stats'])) && ($_POST['v_stats'] != 'none') && (empty($_SESSION['error_msg']))) {
$v_stats = escapeshellarg($_POST['v_stats']);
- exec (HESTIA_CMD."v-add-web-domain-stats ".$user." ".escapeshellarg($v_domain)." ".$v_stats, $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-add-web-domain-stats ".$user." ".escapeshellarg($v_domain)." ".$v_stats, $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
}
// Add web stats password
if ((!empty($_POST['v_stats_user'])) && (empty($_SESSION['error_msg']))) {
$v_stats_user = escapeshellarg($_POST['v_stats_user']);
- $v_stats_password = tempnam("/tmp","vst");
+ $v_stats_password = tempnam("/tmp", "vst");
$fp = fopen($v_stats_password, "w");
fwrite($fp, $_POST['v_stats_password']."\n");
fclose($fp);
- exec (HESTIA_CMD."v-add-web-domain-stats-user ".$user." ".escapeshellarg($v_domain)." ".$v_stats_user." ".$v_stats_password, $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-add-web-domain-stats-user ".$user." ".escapeshellarg($v_domain)." ".$v_stats_user." ".$v_stats_password, $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
unlink($v_stats_password);
$v_stats_password = escapeshellarg($_POST['v_stats_password']);
}
-
- if ( !empty($_POST['v-custom-doc-domain']) && !empty($_POST['v_custom_doc_root_check']) && $v_custom_doc_root_prepath.$v_custom_doc_domain.'/public_html'.$v_custom_doc_folder != $v_custom_doc_root){
- if($_POST['v-custom-doc-domain'] == $v_domain && empty($_POST['v-custom-doc-folder'])){
- }else{
+ if (!empty($_POST['v-custom-doc-domain']) && !empty($_POST['v_custom_doc_root_check']) && $v_custom_doc_root_prepath.$v_custom_doc_domain.'/public_html'.$v_custom_doc_folder != $v_custom_doc_root) {
+ if ($_POST['v-custom-doc-domain'] == $v_domain && empty($_POST['v-custom-doc-folder'])) {
+ } else {
$v_custom_doc_domain = escapeshellarg($_POST['v-custom-doc-domain']);
- if(substr($_POST['v-custom-doc-folder'], -1) == '/'){
- $v_custom_doc_folder = escapeshellarg(substr($_POST['v-custom-doc-folder'],0,-1));
- }else{
- $v_custom_doc_folder = escapeshellarg($_POST['v-custom-doc-folder']);
+ if (substr($_POST['v-custom-doc-folder'], -1) == '/') {
+ $v_custom_doc_folder = escapeshellarg(substr($_POST['v-custom-doc-folder'], 0, -1));
+ } else {
+ $v_custom_doc_folder = escapeshellarg($_POST['v-custom-doc-folder']);
}
$v_custom_doc_folder = escapeshellarg($_POST['v-custom-doc-folder']);
$v_domain = escapeshellarg(trim($_POST['v_domain']));
-
- exec(HESTIA_CMD."v-change-web-domain-docroot ".$user." ".$v_domain." ".$v_custom_doc_domain." ".$v_custom_doc_folder." yes", $output, $return_var);
- check_return_code($return_var,$output);
- unset($output);
- $v_custom_doc_root = 1;
+
+ exec(HESTIA_CMD."v-change-web-domain-docroot ".$user." ".$v_domain." ".$v_custom_doc_domain." ".$v_custom_doc_folder." yes", $output, $return_var);
+ check_return_code($return_var, $output);
+ unset($output);
+ $v_custom_doc_root = 1;
}
- }else{
+ } else {
unset($v_custom_doc_root);
- }
-
+ }
+
// Restart DNS server
if (($_POST['v_dns'] == 'on') && (empty($_SESSION['error_msg']))) {
- exec (HESTIA_CMD."v-restart-dns", $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-restart-dns", $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
}
// Restart web server
if (empty($_SESSION['error_msg'])) {
- exec (HESTIA_CMD."v-restart-web", $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-restart-web", $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
}
// Restart proxy server
if ((!empty($_SESSION['PROXY_SYSTEM'])) && ($_POST['v_proxy'] == 'on') && (empty($_SESSION['error_msg']))) {
- exec (HESTIA_CMD."v-restart-proxy", $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-restart-proxy", $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
}
@@ -337,18 +381,24 @@
$v_ftp_users_updated = array();
foreach ($_POST['v_ftp_user'] as $i => $v_ftp_user_data) {
if ($v_ftp_user_data['is_new'] == 1) {
- if ((!empty($v_ftp_user_data['v_ftp_email'])) && (!filter_var($v_ftp_user_data['v_ftp_email'], FILTER_VALIDATE_EMAIL))) $_SESSION['error_msg'] = _('Please enter valid email address.');
- if (empty($v_ftp_user_data['v_ftp_user'])) $errors[] = 'ftp user';
- if (empty($v_ftp_user_data['v_ftp_password'])) $errors[] = 'ftp user password';
+ if ((!empty($v_ftp_user_data['v_ftp_email'])) && (!filter_var($v_ftp_user_data['v_ftp_email'], FILTER_VALIDATE_EMAIL))) {
+ $_SESSION['error_msg'] = _('Please enter valid email address.');
+ }
+ if (empty($v_ftp_user_data['v_ftp_user'])) {
+ $errors[] = 'ftp user';
+ }
+ if (empty($v_ftp_user_data['v_ftp_password'])) {
+ $errors[] = 'ftp user password';
+ }
if (!empty($errors[0])) {
foreach ($errors as $i => $error) {
- if ( $i == 0 ) {
+ if ($i == 0) {
$error_msg = $error;
} else {
$error_msg = $error_msg.", ".$error;
}
}
- $_SESSION['error_msg'] = sprintf(_('Field "%s" can not be blank.'),$error_msg);
+ $_SESSION['error_msg'] = sprintf(_('Field "%s" can not be blank.'), $error_msg);
}
// Validate email
@@ -360,7 +410,9 @@
if ((!empty($v_ftp_user_data['v_ftp']))) {
if (!empty($v_ftp_user_data['v_ftp_user'])) {
$pw_len = strlen($v_ftp_user_data['v_ftp_password']);
- if ($pw_len < 6 ) $_SESSION['error_msg'] = _('Password is too short.',$error_msg);
+ if ($pw_len < 6) {
+ $_SESSION['error_msg'] = _('Password is too short.', $error_msg);
+ }
}
}
@@ -370,12 +422,12 @@
$v_ftp_user = escapeshellarg($v_ftp_user_data['v_ftp_user']);
if ($domain_added) {
$v_ftp_path = escapeshellarg(trim($v_ftp_user_data['v_ftp_path']));
- $v_ftp_password = tempnam("/tmp","vst");
+ $v_ftp_password = tempnam("/tmp", "vst");
$fp = fopen($v_ftp_password, "w");
fwrite($fp, $v_ftp_user_data['v_ftp_password']."\n");
fclose($fp);
- exec (HESTIA_CMD."v-add-web-domain-ftp ".$user." ".escapeshellarg($v_domain)." ".$v_ftp_user." ".$v_ftp_password . " " . $v_ftp_path, $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-add-web-domain-ftp ".$user." ".escapeshellarg($v_domain)." ".$v_ftp_user." ".$v_ftp_password . " " . $v_ftp_path, $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
unlink($v_ftp_password);
if ((!empty($v_ftp_user_data['v_ftp_email'])) && (empty($_SESSION['error_msg']))) {
@@ -383,7 +435,7 @@
$subject = _("FTP login credentials");
$from = "noreply@".$v_domain;
$from_name = _('Hestia Control Panel');
- $mailtext = sprintf(_('FTP_ACCOUNT_READY'),$v_domain,$user,$v_ftp_user_data['v_ftp_user'],$v_ftp_user_data['v_ftp_password']);
+ $mailtext = sprintf(_('FTP_ACCOUNT_READY'), $v_domain, $user, $v_ftp_user_data['v_ftp_user'], $v_ftp_user_data['v_ftp_password']);
send_email($to, $subject, $mailtext, $from, $from_name);
unset($v_ftp_email);
}
@@ -412,7 +464,7 @@
}
if (!empty($_SESSION['error_msg']) && $domain_added) {
- $_SESSION['ok_msg'] = sprintf(_('WEB_DOMAIN_CREATED_OK'),htmlentities($v_domain),htmlentities($v_domain));
+ $_SESSION['ok_msg'] = sprintf(_('WEB_DOMAIN_CREATED_OK'), htmlentities($v_domain), htmlentities($v_domain));
$_SESSION['flash_error_msg'] = $_SESSION['error_msg'];
$url = '/edit/web/?domain='.strtolower(preg_replace("/^www\./i", "", $v_domain));
header('Location: ' . $url);
@@ -422,7 +474,7 @@
// Flush field values on success
if (empty($_SESSION['error_msg'])) {
- $_SESSION['ok_msg'] = sprintf(_('WEB_DOMAIN_CREATED_OK'),htmlentities($v_domain),htmlentities($v_domain));
+ $_SESSION['ok_msg'] = sprintf(_('WEB_DOMAIN_CREATED_OK'), htmlentities($v_domain), htmlentities($v_domain));
unset($v_domain);
unset($v_aliases);
unset($v_ssl);
@@ -440,24 +492,24 @@
$v_ftp_email = $panel[$user]['CONTACT'];
$v_custom_doc_root_prepath = '/home/'.$user.'/web/';
-if( $_POST['v_ssl_forcessl'] != 'no' ){
+if ($_POST['v_ssl_forcessl'] != 'no') {
$v_ssl_forcessl = 'yes';
-}else{
+} else {
$v_ssl_forcessl = 'no';
}
// List user package
-exec (HESTIA_CMD."v-list-user ".$user." json", $output, $return_var);
+exec(HESTIA_CMD."v-list-user ".$user." json", $output, $return_var);
$user_config = json_decode(implode('', $output), true);
unset($output);
// List web templates and set default values
-exec (HESTIA_CMD."v-list-web-templates json", $output, $return_var);
+exec(HESTIA_CMD."v-list-web-templates json", $output, $return_var);
$templates = json_decode(implode('', $output), true);
unset($output);
$v_template = (!empty($_POST['v_template'])) ? $_POST['v_template'] : $user_config[$user]['WEB_TEMPLATE'];
// List backend templates
if (!empty($_SESSION['WEB_BACKEND'])) {
- exec (HESTIA_CMD."v-list-web-templates-backend json", $output, $return_var);
+ exec(HESTIA_CMD."v-list-web-templates-backend json", $output, $return_var);
$backend_templates = json_decode(implode('', $output), true);
unset($output);
$v_backend_template = (!empty($_POST['v_backend_template'])) ? $_POST['v_backend_template'] : $user_config[$user]['BACKEND_TEMPLATE'];
@@ -465,25 +517,24 @@
// List proxy templates
if (!empty($_SESSION['PROXY_SYSTEM'])) {
- exec (HESTIA_CMD."v-list-web-templates-proxy json", $output, $return_var);
+ exec(HESTIA_CMD."v-list-web-templates-proxy json", $output, $return_var);
$proxy_templates = json_decode(implode('', $output), true);
unset($output);
$v_proxy_template = (!empty($_POST['v_proxy_template'])) ? $_POST['v_proxy_template'] : $user_config[$user]['PROXY_TEMPLATE'];
-
}
// List IP addresses
-exec (HESTIA_CMD."v-list-user-ips ".$user." json", $output, $return_var);
+exec(HESTIA_CMD."v-list-user-ips ".$user." json", $output, $return_var);
$ips = json_decode(implode('', $output), true);
unset($output);
// List web stat engines
-exec (HESTIA_CMD."v-list-web-stats json", $output, $return_var);
+exec(HESTIA_CMD."v-list-web-stats json", $output, $return_var);
$stats = json_decode(implode('', $output), true);
unset($output);
-// Get all user domains
-exec (HESTIA_CMD."v-list-web-domains ".escapeshellarg($user)." json", $output, $return_var);
+// Get all user domains
+exec(HESTIA_CMD."v-list-web-domains ".escapeshellarg($user)." json", $output, $return_var);
$user_domains = json_decode(implode('', $output), true);
$user_domains = array_keys($user_domains);
unset($output);
diff --git a/web/add/webapp/index.php b/web/add/webapp/index.php
index 3e33b8a77d..d32153d6ec 100644
--- a/web/add/webapp/index.php
+++ b/web/add/webapp/index.php
@@ -1,4 +1,5 @@
info();
- if ($info['enabled'] != true){
- $_SESSION['error_msg'] = sprintf(_('%s installer missing'),$app);
- }else{
+ if ($info['enabled'] != true) {
+ $_SESSION['error_msg'] = sprintf(_('%s installer missing'), $app);
+ } else {
$installer = new \Hestia\WebApp\AppWizard($app_installer, $v_domain, $hestia);
$GLOBALS['WebappInstaller'] = $installer;
}
@@ -52,51 +53,48 @@
exit();
}
} else {
- $_SESSION['error_msg'] = sprintf(_('%s installer missing'),$app);
+ $_SESSION['error_msg'] = sprintf(_('%s installer missing'), $app);
}
}
// Check POST request
-if (!empty($_POST['ok']) && !empty($app) ) {
+if (!empty($_POST['ok']) && !empty($app)) {
// Check token
- if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
- header('location: /login/');
- exit();
- }
+ verify_csrf($_POST);
if ($installer) {
- try{
- if (!$installer->execute($_POST)){
+ try {
+ if (!$installer->execute($_POST)) {
$result = $installer->getStatus();
- if(!empty($result))
+ if (!empty($result)) {
$_SESSION['error_msg'] = implode(PHP_EOL, $result);
+ }
} else {
- $_SESSION['ok_msg'] = sprintf(_('%s App was installed succesfully!'),htmlspecialchars($app));
+ $_SESSION['ok_msg'] = sprintf(_('%s App was installed succesfully!'), htmlspecialchars($app));
header('Location: /add/webapp/?domain=' . $v_domain);
exit();
}
} catch (Exception $e) {
- $_SESSION['error_msg'] = $e->getMessage();
- header('Location: /add/webapp/?app='.rawurlencode($app).'&domain=' . $v_domain);
- exit();
+ $_SESSION['error_msg'] = $e->getMessage();
+ header('Location: /add/webapp/?app='.rawurlencode($app).'&domain=' . $v_domain);
+ exit();
}
}
}
-if(!empty($installer)) {
+if (!empty($installer)) {
render_page($user, $TAB, 'setup_webapp');
} else {
$appInstallers = glob(__DIR__.'/../../src/app/WebApp/Installers/*/*.php');
$v_web_apps = array();
- foreach($appInstallers as $app){
+ foreach ($appInstallers as $app) {
$hestia = new \Hestia\System\HestiaApp();
- if( preg_match('/Installers\/([a-zA-Z][a-zA-Z0,9].*)\/([a-zA-Z][a-zA-Z0,9].*).php/', $app, $matches)){
- if ($matches[1] != "Resources"){
+ if (preg_match('/Installers\/([a-zA-Z][a-zA-Z0,9].*)\/([a-zA-Z][a-zA-Z0,9].*).php/', $app, $matches)) {
+ if ($matches[1] != "Resources") {
$app_installer_class = '\Hestia\WebApp\Installers\\'.$matches[1].'\\' . $matches[1] . 'Setup';
$app_installer = new $app_installer_class($v_domain, $hestia);
$v_web_apps[] = $app_installer -> info();
-
}
}
}
diff --git a/web/bulk/backup/exclusions/index.php b/web/bulk/backup/exclusions/index.php
index b9f270f3f3..192ce6382e 100644
--- a/web/bulk/backup/exclusions/index.php
+++ b/web/bulk/backup/exclusions/index.php
@@ -1,6 +1,7 @@
', $output);
- if (empty($error)) $error = 'Error: unable to copy package.';
- $_SESSION['error_msg'] = $error;
+ if (empty($error)) {
+ $error = 'Error: unable to copy package.';
+ }
+ $_SESSION['error_msg'] = $error;
}
unset($output);
}
diff --git a/web/delete/backup/exclusion/index.php b/web/delete/backup/exclusion/index.php
index 54db872746..80737d9ad4 100644
--- a/web/delete/backup/exclusion/index.php
+++ b/web/delete/backup/exclusion/index.php
@@ -1,6 +1,7 @@
', $output);
if (empty($_SESSION['error_msg'])) {
$_SESSION['error_msg'] = _('Error: Hestia did not return any output.');
- }
+ }
}
unset($output);
header("Location: /list/backup/");
exit;
-
-}else{
+} else {
if ($_SESSION['userContext'] === 'admin') {
header('Content-type: application/gzip');
- header("Content-Disposition: attachment; filename=\"".$backup."\";" );
+ header("Content-Disposition: attachment; filename=\"".$backup."\";");
header("X-Accel-Redirect: /backup/" . $backup);
}
- if ((!empty($_SESSION['user'])) && ($_SESSION['userContext'] != 'admin') ) {
+ if ((!empty($_SESSION['user'])) && ($_SESSION['userContext'] != 'admin')) {
if (strpos($backup, $user.'.') === 0) {
header('Content-type: application/gzip');
- header("Content-Disposition: attachment; filename=\"".$backup."\";" );
+ header("Content-Disposition: attachment; filename=\"".$backup."\";");
header("X-Accel-Redirect: /backup/" . $backup);
}
}
-}
\ No newline at end of file
+}
diff --git a/web/download/web-log/index.php b/web/download/web-log/index.php
index 8af6d35f8a..6de6d649fd 100644
--- a/web/download/web-log/index.php
+++ b/web/download/web-log/index.php
@@ -4,10 +4,9 @@
error_reporting(null);
session_start();
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
-if ((!$_GET['token']) || ($_SESSION['token'] != $_GET['token'])) {
- header('location: /list/user/');
- exit();
-}
+
+// Check token
+verify_csrf($_GET);
$v_domain = $_GET['domain'];
$v_domain = escapeshellarg($_GET['domain']);
diff --git a/web/edit/backup/exclusions/index.php b/web/edit/backup/exclusions/index.php
index 8cbab334df..d030c4dc13 100644
--- a/web/edit/backup/exclusions/index.php
+++ b/web/edit/backup/exclusions/index.php
@@ -1,6 +1,7 @@
$value) {
- if (!empty($value)){
+ if (!empty($value)) {
$v_web .= $key . ":" . str_replace(",", ":", $value) . "\n";
} else {
$v_web .= $key . "\n";
@@ -29,7 +30,7 @@
// Parse dns
foreach ($data['DNS'] as $key => $value) {
- if (!empty($value)){
+ if (!empty($value)) {
$v_dns .= $key . ":" . $value. "\n";
} else {
$v_dns .= $key . "\n";
@@ -38,7 +39,7 @@
// Parse mail
foreach ($data['MAIL'] as $key => $value) {
- if (!empty($value)){
+ if (!empty($value)) {
$v_mail .= $key . ":" . $value. "\n";
} else {
$v_mail .= $key . "\n";
@@ -47,7 +48,7 @@
// Parse databases
foreach ($data['DB'] as $key => $value) {
- if (!empty($value)){
+ if (!empty($value)) {
$v_db .= $key . ":" . $value. "\n";
} else {
$v_db .= $key . "\n";
@@ -56,7 +57,7 @@
// Parse user directories
foreach ($data['USER'] as $key => $value) {
- if (!empty($value)){
+ if (!empty($value)) {
$v_userdir .= $key . ":" . $value. "\n";
} else {
$v_userdir .= $key . "\n";
@@ -65,12 +66,8 @@
// Check POST request
if (!empty($_POST['save'])) {
-
// Check token
- if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
- header('location: /login/');
- exit();
- }
+ verify_csrf($_POST);
$v_web = $_POST['v_web'];
$v_web_tmp = str_replace("\r\n", ",", $_POST['v_web']);
@@ -103,7 +100,7 @@
$v_userdir_tmp = "USER=" . escapeshellarg($v_userdir_tmp);
// Create temporary exeption list on a filesystem
- exec ('mktemp', $mktemp_output, $return_var);
+ exec('mktemp', $mktemp_output, $return_var);
$tmp = $mktemp_output[0];
$fp = fopen($tmp, 'w');
fwrite($fp, $v_web_tmp . "\n" . $v_dns_tmp . "\n" . $v_mail_tmp . "\n" . $v_db_tmp . "\n" . $v_userdir_tmp . "\n");
@@ -111,8 +108,8 @@
unset($mktemp_output);
// Save changes
- exec (HESTIA_CMD."v-update-user-backup-exclusions ".$user." ".$tmp, $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-update-user-backup-exclusions ".$user." ".$tmp, $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
// Set success message
diff --git a/web/edit/cron/index.php b/web/edit/cron/index.php
index 587992482b..38bb04e7ee 100644
--- a/web/edit/cron/index.php
+++ b/web/edit/cron/index.php
@@ -1,6 +1,7 @@
$value) {
- if(isset($value['SUSPENDED']) && $value['SUSPENDED'] === 'yes') {
+foreach ($data as $key => $value) {
+ if (isset($value['SUSPENDED']) && $value['SUSPENDED'] === 'yes') {
continue;
}
- if(isset($value['IP_VERSION']) && $value['IP_VERSION'] !== 'v4') {
+ if (isset($value['IP_VERSION']) && $value['IP_VERSION'] !== 'v4') {
continue;
}
array_push($ipset_lists, ['name'=>$key]);
@@ -62,59 +63,65 @@
if (!empty($_POST['save'])) {
// Check token
- if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
- header('location: /login/');
- exit();
- }
+ verify_csrf($_POST);
+
// Check empty fields
- if (empty($_POST['v_action'])) $errors[] = _('action');
- if (empty($_POST['v_protocol'])) $errors[] = _('protocol');
- if (empty($_POST['v_port']) && strlen($_POST['v_port']) == 0) $errors[] = _('port');
- if (empty($_POST['v_ip'])) $errors[] = _('ip address');
+ if (empty($_POST['v_action'])) {
+ $errors[] = _('action');
+ }
+ if (empty($_POST['v_protocol'])) {
+ $errors[] = _('protocol');
+ }
+ if (empty($_POST['v_port']) && strlen($_POST['v_port']) == 0) {
+ $errors[] = _('port');
+ }
+ if (empty($_POST['v_ip'])) {
+ $errors[] = _('ip address');
+ }
if (!empty($errors[0])) {
foreach ($errors as $i => $error) {
- if ( $i == 0 ) {
+ if ($i == 0) {
$error_msg = $error;
} else {
$error_msg = $error_msg.", ".$error;
}
}
- $_SESSION['error_msg'] = sprintf(_('Field "%s" can not be blank.'),$error_msg);
+ $_SESSION['error_msg'] = sprintf(_('Field "%s" can not be blank.'), $error_msg);
}
if (empty($_SESSION['error_msg'])) {
$v_rule = escapeshellarg($_GET['rule']);
$v_action = escapeshellarg($_POST['v_action']);
$v_protocol = escapeshellarg($_POST['v_protocol']);
- $v_port = str_replace(" ",",", $_POST['v_port']);
+ $v_port = str_replace(" ", ",", $_POST['v_port']);
$v_port = preg_replace('/\,+/', ',', $v_port);
$v_port = trim($v_port, ",");
$v_port = escapeshellarg($v_port);
$v_ip = escapeshellarg($_POST['v_ip']);
$v_comment = escapeshellarg($_POST['v_comment']);
-
+
// Change Status
- exec (HESTIA_CMD."v-change-firewall-rule ".$v_rule." ".$v_action." ".$v_ip." ".$v_port." ".$v_protocol." ".$v_comment, $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-change-firewall-rule ".$v_rule." ".$v_action." ".$v_ip." ".$v_port." ".$v_protocol." ".$v_comment, $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
-
+
$v_rule = $_GET['v_rule'];
$v_action = $_POST['v_action'];
$v_protocol = $_POST['v_protocol'];
- $v_port = str_replace(" ",",", $_POST['v_port']);
+ $v_port = str_replace(" ", ",", $_POST['v_port']);
$v_port = preg_replace('/\,+/', ',', $v_port);
$v_port = trim($v_port, ",");
$v_ip = $_POST['v_ip'];
$v_comment = $_POST['v_comment'];
-
+
// Set success message
if (empty($_SESSION['error_msg'])) {
$_SESSION['ok_msg'] = _('Changes has been saved.');
}
- }else{
+ } else {
$v_rule = $_GET['v_rule'];
$v_action = $_POST['v_action'];
$v_protocol = $_POST['v_protocol'];
- $v_port = str_replace(" ",",", $_POST['v_port']);
+ $v_port = str_replace(" ", ",", $_POST['v_port']);
$v_port = preg_replace('/\,+/', ',', $v_port);
$v_port = trim($v_port, ",");
$v_ip = $_POST['v_ip'];
diff --git a/web/edit/ip/index.php b/web/edit/ip/index.php
index a72a467463..2c6c6aff3f 100644
--- a/web/edit/ip/index.php
+++ b/web/edit/ip/index.php
@@ -1,5 +1,6 @@
$error) {
- if ( $i == 0 ) {
+ if ($i == 0) {
$error_msg = $error;
} else {
$error_msg = $error_msg.", ".$error;
}
}
- $_SESSION['error_msg'] = _('Field "%s" can not be blank.',$error_msg);
+ $_SESSION['error_msg'] = _('Field "%s" can not be blank.', $error_msg);
} else {
- exec ('mktemp -d', $mktemp_output, $return_var);
+ exec('mktemp -d', $mktemp_output, $return_var);
$tmpdir = $mktemp_output[0];
// Certificate
@@ -378,14 +386,14 @@
fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_ca']));
fclose($fp);
}
- exec (HESTIA_CMD."v-add-mail-domain-ssl ".$user." ".escapeshellarg($v_domain)." ".$tmpdir." 'no'", $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-add-mail-domain-ssl ".$user." ".escapeshellarg($v_domain)." ".$tmpdir." 'no'", $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
$v_ssl = 'yes';
$restart_web = 'yes';
$restart_proxy = 'yes';
- exec (HESTIA_CMD."v-list-mail-domain-ssl ".$user." ".escapeshellarg($v_domain)." json", $output, $return_var);
+ exec(HESTIA_CMD."v-list-mail-domain-ssl ".$user." ".escapeshellarg($v_domain)." json", $output, $return_var);
$ssl_str = json_decode(implode('', $output), true);
unset($output);
$v_ssl_crt = $ssl_str[$v_domain]['CRT'];
@@ -400,22 +408,28 @@
$v_ssl_issuer = $ssl_str[$v_domain]['ISSUER'];
// Cleanup certificate tempfiles
- if (!empty($_POST['v_ssl_crt'])) unlink($tmpdir."/".$v_domain.".crt");
- if (!empty($_POST['v_ssl_key'])) unlink($tmpdir."/".$v_domain.".key");
- if (!empty($_POST['v_ssl_ca'])) unlink($tmpdir."/".$v_domain.".ca");
+ if (!empty($_POST['v_ssl_crt'])) {
+ unlink($tmpdir."/".$v_domain.".crt");
+ }
+ if (!empty($_POST['v_ssl_key'])) {
+ unlink($tmpdir."/".$v_domain.".key");
+ }
+ if (!empty($_POST['v_ssl_ca'])) {
+ unlink($tmpdir."/".$v_domain.".ca");
+ }
rmdir($tmpdir);
}
}
// Add SMTP Relay Support
if (empty($_SESSION['error_msg'])) {
- if (isset($_POST['v_smtp_relay']) && (!empty($_POST['v_smtp_relay_host'])) && (!empty($_POST['v_smtp_relay_user']))) {
+ if (isset($_POST['v_smtp_relay']) && (!empty($_POST['v_smtp_relay_host'])) && (!empty($_POST['v_smtp_relay_user']))) {
if (($_POST['v_smtp_relay_host'] != $v_smtp_relay_host) ||
($_POST['v_smtp_relay_user'] != $v_smtp_relay_user) ||
($_POST['v_smtp_relay_port'] != $v_smtp_relay_port) ||
(!empty($_POST['v_smtp_relay_pass']))) {
if (!empty($_POST['v_smtp_relay_pass'])) {
- $v_smtp_relay = true;
+ $v_smtp_relay = true;
$v_smtp_relay_host = escapeshellarg($_POST['v_smtp_relay_host']);
$v_smtp_relay_user = escapeshellarg($_POST['v_smtp_relay_user']);
$v_smtp_relay_pass = escapeshellarg($_POST['v_smtp_relay_pass']);
@@ -424,9 +438,9 @@
} else {
$v_smtp_relay_port = '587';
}
- exec (HESTIA_CMD."v-add-mail-domain-smtp-relay ".$v_username." ".escapeshellarg($v_domain)." ".$v_smtp_relay_host." ".$v_smtp_relay_user." ".$v_smtp_relay_pass." ".$v_smtp_relay_port, $output, $return_var);
- check_return_code($return_var,$output);
- unset($output);
+ exec(HESTIA_CMD."v-add-mail-domain-smtp-relay ".$v_username." ".escapeshellarg($v_domain)." ".$v_smtp_relay_host." ".$v_smtp_relay_user." ".$v_smtp_relay_pass." ".$v_smtp_relay_port, $output, $return_var);
+ check_return_code($return_var, $output);
+ unset($output);
} else {
$_SESSION['error_msg'] = _('SMTP Relay Password is required');
}
@@ -435,8 +449,8 @@
if ((!isset($_POST['v_smtp_relay'])) && ($v_smtp_relay == true)) {
$v_smtp_relay = false;
$v_smtp_relay_host = $v_smtp_relay_user = $v_smtp_relay_pass = $v_smtp_relay_port = '';
- exec (HESTIA_CMD."v-delete-mail-domain-smtp-relay ".$v_username." ".escapeshellarg($v_domain), $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-delete-mail-domain-smtp-relay ".$v_username." ".escapeshellarg($v_domain), $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
}
}
@@ -451,10 +465,7 @@
if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (!empty($_GET['account']))) {
// Check token
- if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
- header('location: /login/');
- exit();
- }
+ verify_csrf($_POST);
// Validate email
if ((!empty($_POST['v_send_email'])) && (empty($_SESSION['error_msg']))) {
@@ -464,7 +475,7 @@
}
$v_domain = $_POST['v_domain'];
- if(!in_array($v_domain, $user_domains)) {
+ if (!in_array($v_domain, $user_domains)) {
check_return_code(3, ["Unknown domain"]);
}
@@ -474,15 +485,15 @@
// Change password
if ((!empty($_POST['v_password'])) && (empty($_SESSION['error_msg']))) {
- if (!validate_password($_POST['v_password'])) {
+ if (!validate_password($_POST['v_password'])) {
$_SESSION['error_msg'] = _('Password does not match the minimum requirements');
- }else{
- $v_password = tempnam("/tmp","vst");
+ } else {
+ $v_password = tempnam("/tmp", "vst");
$fp = fopen($v_password, "w");
fwrite($fp, $_POST['v_password']."\n");
fclose($fp);
- exec (HESTIA_CMD."v-change-mail-account-password ".$v_username." ".escapeshellarg($v_domain)." ".escapeshellarg($v_account)." ".$v_password, $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-change-mail-account-password ".$v_username." ".escapeshellarg($v_domain)." ".escapeshellarg($v_account)." ".$v_password, $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
unlink($v_password);
$v_password = escapeshellarg($_POST['v_password']);
@@ -496,8 +507,8 @@
} else {
$v_quota = escapeshellarg($_POST['v_quota']);
}
- exec (HESTIA_CMD."v-change-mail-account-quota ".$v_username." ".escapeshellarg($v_domain)." ".escapeshellarg($v_account)." ".$v_quota, $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-change-mail-account-quota ".$v_username." ".escapeshellarg($v_domain)." ".escapeshellarg($v_account)." ".$v_quota, $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
}
@@ -505,63 +516,63 @@
if (empty($_SESSION['error_msg'])) {
$waliases = preg_replace("/\n/", " ", $_POST['v_aliases']);
$waliases = preg_replace("/,/", " ", $waliases);
- $waliases = preg_replace('/\s+/', ' ',$waliases);
+ $waliases = preg_replace('/\s+/', ' ', $waliases);
$waliases = trim($waliases);
$aliases = explode(" ", $waliases);
$v_aliases = str_replace(' ', "\n", $waliases);
$result = array_diff($valiases, $aliases);
foreach ($result as $alias) {
if ((empty($_SESSION['error_msg'])) && (!empty($alias))) {
- exec (HESTIA_CMD."v-delete-mail-account-alias ".$v_username." ".escapeshellarg($v_domain)." ".escapeshellarg($v_account)." ".escapeshellarg($alias), $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-delete-mail-account-alias ".$v_username." ".escapeshellarg($v_domain)." ".escapeshellarg($v_account)." ".escapeshellarg($alias), $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
}
}
$result = array_diff($aliases, $valiases);
foreach ($result as $alias) {
if ((empty($_SESSION['error_msg'])) && (!empty($alias))) {
- exec (HESTIA_CMD."v-add-mail-account-alias ".$v_username." ".escapeshellarg($v_domain)." ".escapeshellarg($v_account)." ".escapeshellarg($alias), $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-add-mail-account-alias ".$v_username." ".escapeshellarg($v_domain)." ".escapeshellarg($v_account)." ".escapeshellarg($alias), $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
}
}
}
- // Change forwarders to :blackhole:
+ // Change forwarders to :blackhole:
if (empty($_SESSION['error_msg']) && !empty($_POST['v_blackhole'])) {
foreach ($vfwd as $forward) {
if ((empty($_SESSION['error_msg'])) && (!empty($forward))) {
- exec (HESTIA_CMD."v-delete-mail-account-forward ".$v_username." ".escapeshellarg($v_domain)." ".escapeshellarg($v_account)." ".escapeshellarg($forward), $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-delete-mail-account-forward ".$v_username." ".escapeshellarg($v_domain)." ".escapeshellarg($v_account)." ".escapeshellarg($forward), $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
}
- exec (HESTIA_CMD."v-add-mail-account-forward ".$v_username." ".escapeshellarg($v_domain)." ".escapeshellarg($v_account)." :blackhole:", $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-add-mail-account-forward ".$v_username." ".escapeshellarg($v_domain)." ".escapeshellarg($v_account)." :blackhole:", $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
$v_fwd = '';
$v_blackhole = "yes";
- }
+ }
}
// Change forwarders
if (empty($_SESSION['error_msg']) && empty($_POST['v_blackhole'])) {
$wfwd = preg_replace("/\n/", " ", $_POST['v_fwd']);
$wfwd = preg_replace("/,/", " ", $wfwd);
- $wfwd = preg_replace('/\s+/', ' ',$wfwd);
+ $wfwd = preg_replace('/\s+/', ' ', $wfwd);
$wfwd = trim($wfwd);
$fwd = explode(" ", $wfwd);
$v_fwd = str_replace(' ', "\n", $wfwd);
$result = array_diff($vfwd, $fwd);
foreach ($result as $forward) {
if ((empty($_SESSION['error_msg'])) && (!empty($forward))) {
- exec (HESTIA_CMD."v-delete-mail-account-forward ".$v_username." ".escapeshellarg($v_domain)." ".escapeshellarg($v_account)." ".escapeshellarg($forward), $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-delete-mail-account-forward ".$v_username." ".escapeshellarg($v_domain)." ".escapeshellarg($v_account)." ".escapeshellarg($forward), $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
}
}
$result = array_diff($fwd, $vfwd);
foreach ($result as $forward) {
if ((empty($_SESSION['error_msg'])) && (!empty($forward))) {
- exec (HESTIA_CMD."v-add-mail-account-forward ".$v_username." ".escapeshellarg($v_domain)." ".escapeshellarg($v_account)." ".escapeshellarg($forward), $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-add-mail-account-forward ".$v_username." ".escapeshellarg($v_domain)." ".escapeshellarg($v_account)." ".escapeshellarg($forward), $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
}
}
@@ -570,24 +581,24 @@
// Delete FWD_ONLY flag
if (($v_fwd_only == 'yes') && (empty($_POST['v_fwd_only'])) && (empty($_SESSION['error_msg']))) {
- exec (HESTIA_CMD."v-delete-mail-account-fwd-only ".$v_username." ".escapeshellarg($v_domain)." ".escapeshellarg($v_account), $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-delete-mail-account-fwd-only ".$v_username." ".escapeshellarg($v_domain)." ".escapeshellarg($v_account), $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
$v_fwd_only = '';
}
// Add FWD_ONLY flag
if (($v_fwd_only != 'yes') && (!empty($_POST['v_fwd_only'])) && (empty($_SESSION['error_msg']))) {
- exec (HESTIA_CMD."v-add-mail-account-fwd-only ".$v_username." ".escapeshellarg($v_domain)." ".escapeshellarg($v_account), $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-add-mail-account-fwd-only ".$v_username." ".escapeshellarg($v_domain)." ".escapeshellarg($v_account), $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
$v_fwd_only = 'yes';
}
// Delete autoreply
if (($v_autoreply == 'yes') && (empty($_POST['v_autoreply'])) && (empty($_SESSION['error_msg']))) {
- exec (HESTIA_CMD."v-delete-mail-account-autoreply ".$v_username." ".escapeshellarg($v_domain)." ".escapeshellarg($v_account), $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-delete-mail-account-autoreply ".$v_username." ".escapeshellarg($v_domain)." ".escapeshellarg($v_account), $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
$v_autoreply = 'no';
$v_autoreply_message = '';
@@ -595,11 +606,11 @@
// Add autoreply
if ((!empty($_POST['v_autoreply'])) && (empty($_SESSION['error_msg']))) {
- if ( $v_autoreply_message != str_replace("\r\n", "\n", $_POST['v_autoreply_message'])) {
+ if ($v_autoreply_message != str_replace("\r\n", "\n", $_POST['v_autoreply_message'])) {
$v_autoreply_message = str_replace("\r\n", "\n", $_POST['v_autoreply_message']);
$v_autoreply_message = escapeshellarg($v_autoreply_message);
- exec (HESTIA_CMD."v-add-mail-account-autoreply ".$v_username." ".escapeshellarg($v_domain)." ".escapeshellarg($v_account)." ".$v_autoreply_message, $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-add-mail-account-autoreply ".$v_username." ".escapeshellarg($v_domain)." ".escapeshellarg($v_account)." ".$v_autoreply_message, $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
$v_autoreply = 'yes';
$v_autoreply_message = $_POST['v_autoreply_message'];
@@ -625,7 +636,7 @@
// Render page
-if (empty($_GET['account'])) {
+if (empty($_GET['account'])) {
// Display body for mail domain
render_page($user, $TAB, 'edit_mail');
} else {
diff --git a/web/edit/package/index.php b/web/edit/package/index.php
index 3b0fd6eba0..1511d5d93d 100644
--- a/web/edit/package/index.php
+++ b/web/edit/package/index.php
@@ -1,5 +1,6 @@
$error) {
- if ( $i == 0 ) {
+ if ($i == 0) {
$error_msg = $error;
} else {
$error_msg = $error_msg.", ".$error;
}
}
- $_SESSION['error_msg'] = _('Field "%s" can not be blank.',$error_msg);
+ $_SESSION['error_msg'] = _('Field "%s" can not be blank.', $error_msg);
}
// Protect input
@@ -175,18 +211,30 @@
$v_ns7 = trim($_POST['v_ns7'], '.');
$v_ns8 = trim($_POST['v_ns8'], '.');
$v_ns = $v_ns1.",".$v_ns2;
- if (!empty($v_ns3)) $v_ns .= ",".$v_ns3;
- if (!empty($v_ns4)) $v_ns .= ",".$v_ns4;
- if (!empty($v_ns5)) $v_ns .= ",".$v_ns5;
- if (!empty($v_ns6)) $v_ns .= ",".$v_ns6;
- if (!empty($v_ns7)) $v_ns .= ",".$v_ns7;
- if (!empty($v_ns8)) $v_ns .= ",".$v_ns8;
+ if (!empty($v_ns3)) {
+ $v_ns .= ",".$v_ns3;
+ }
+ if (!empty($v_ns4)) {
+ $v_ns .= ",".$v_ns4;
+ }
+ if (!empty($v_ns5)) {
+ $v_ns .= ",".$v_ns5;
+ }
+ if (!empty($v_ns6)) {
+ $v_ns .= ",".$v_ns6;
+ }
+ if (!empty($v_ns7)) {
+ $v_ns .= ",".$v_ns7;
+ }
+ if (!empty($v_ns8)) {
+ $v_ns .= ",".$v_ns8;
+ }
$v_ns = escapeshellarg($v_ns);
$v_time = escapeshellarg(date('H:i:s'));
$v_date = escapeshellarg(date('Y-m-d'));
// Create temprorary directory
- exec ('mktemp -d', $output, $return_var);
+ exec('mktemp -d', $output, $return_var);
$tmpdir = $output[0];
unset($output);
@@ -215,22 +263,22 @@
fclose($fp);
// Save changes
- exec (HESTIA_CMD."v-add-user-package ".$tmpdir." ".$v_package." 'yes'", $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-add-user-package ".$tmpdir." ".$v_package." 'yes'", $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
// Remove temporary dir
- exec ('rm -rf '.$tmpdir, $output, $return_var);
+ exec('rm -rf '.$tmpdir, $output, $return_var);
unset($output);
// Propogate new package
- exec (HESTIA_CMD."v-update-user-package ".$v_package." 'json'", $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-update-user-package ".$v_package." 'json'", $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
-
- if($v_package_new != $v_package){
- exec (HESTIA_CMD."v-rename-user-package " . $v_package . " " . $v_package_new, $output, $return_var);
- check_return_code($return_var,$output);
+
+ if ($v_package_new != $v_package) {
+ exec(HESTIA_CMD."v-rename-user-package " . $v_package . " " . $v_package_new, $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
}
// Set success message
diff --git a/web/edit/server/apache2/index.php b/web/edit/server/apache2/index.php
index a590ce0195..b34c752c3b 100644
--- a/web/edit/server/apache2/index.php
+++ b/web/edit/server/apache2/index.php
@@ -1,12 +1,13 @@
$php_version,
- "tpl" => strtoupper(str_replace('.', '_', $php_version)),
- "version" => str_ireplace('php-', '', $php_version),
- "usedby" => [],
- "installed" => false,
- "protected" => false,
- ];
+ "name" => $php_version,
+ "tpl" => strtoupper(str_replace('.', '_', $php_version)),
+ "version" => str_ireplace('php-', '', $php_version),
+ "usedby" => [],
+ "installed" => false,
+ "protected" => false,
+ ];
if (in_array($phpinfo->tpl, $backend_templates)) {
$phpinfo->installed = true;
@@ -73,18 +102,20 @@
if (array_key_exists($phpinfo->tpl, $backends_active)) {
// Prevent used php version to be removed
- if($phpinfo->installed)
+ if ($phpinfo->installed) {
$phpinfo->protected = true;
+ }
$phpinfo->usedby = $backends_active[$phpinfo->tpl];
}
if ($phpinfo->name == DEFAULT_PHP_VERSION) {
// Prevent default php version to be removed
- if ($phpinfo->installed)
+ if ($phpinfo->installed) {
$phpinfo->protected = true;
+ }
if (!empty($backends_active['default'])) {
- $phpinfo->usedby = array_merge_recursive($phpinfo->usedby,$backends_active['default'] );
+ $phpinfo->usedby = array_merge_recursive($phpinfo->usedby, $backends_active['default']);
}
}
@@ -92,7 +123,7 @@
}, $v_php_versions);
// List languages
-exec (HESTIA_CMD."v-list-sys-languages json", $output, $return_var);
+exec(HESTIA_CMD."v-list-sys-languages json", $output, $return_var);
$language = json_decode(implode('', $output), true);
foreach ($language as $lang) {
$languages[$lang] = translate_json($lang);
@@ -101,12 +132,12 @@
unset($output);
// List themes
-exec (HESTIA_CMD."v-list-sys-themes json", $output, $return_var);
+exec(HESTIA_CMD."v-list-sys-themes json", $output, $return_var);
$theme = json_decode(implode('', $output), true);
unset($output);
// List dns cluster hosts
-exec (HESTIA_CMD."v-list-remote-dns-hosts json", $output, $return_var);
+exec(HESTIA_CMD."v-list-remote-dns-hosts json", $output, $return_var);
$dns_cluster = json_decode(implode('', $output), true);
unset($output);
if (is_array($dns_cluster)) {
@@ -116,37 +147,55 @@
}
// List smtp relay settings
-if (!empty($_SESSION['SMTP_RELAY'])) $v_smtp_relay = $_SESSION['SMTP_RELAY'];
-if (!empty($_SESSION['SMTP_RELAY_HOST'])) $v_smtp_relay_host = $_SESSION['SMTP_RELAY_HOST'];
-if (!empty($_SESSION['SMTP_RELAY_PORT'])) $v_smtp_relay_port = $_SESSION['SMTP_RELAY_PORT'];
-if (!empty($_SESSION['SMTP_RELAY_USER'])) $v_smtp_relay_user = $_SESSION['SMTP_RELAY_USER'];
+if (!empty($_SESSION['SMTP_RELAY'])) {
+ $v_smtp_relay = $_SESSION['SMTP_RELAY'];
+}
+if (!empty($_SESSION['SMTP_RELAY_HOST'])) {
+ $v_smtp_relay_host = $_SESSION['SMTP_RELAY_HOST'];
+}
+if (!empty($_SESSION['SMTP_RELAY_PORT'])) {
+ $v_smtp_relay_port = $_SESSION['SMTP_RELAY_PORT'];
+}
+if (!empty($_SESSION['SMTP_RELAY_USER'])) {
+ $v_smtp_relay_user = $_SESSION['SMTP_RELAY_USER'];
+}
// List Database hosts
-exec (HESTIA_CMD."v-list-database-hosts json", $output, $return_var);
+exec(HESTIA_CMD."v-list-database-hosts json", $output, $return_var);
$db_hosts = json_decode(implode('', $output), true);
unset($output);
-$v_mysql_hosts = array_values(array_filter($db_hosts, function($host){return $host['TYPE'] === 'mysql';}));
+$v_mysql_hosts = array_values(array_filter($db_hosts, function ($host) {
+ return $host['TYPE'] === 'mysql';
+}));
$v_mysql = count($v_mysql_hosts) ? 'yes' : 'no';
-$v_pgsql_hosts = array_values(array_filter($db_hosts, function($host){return $host['TYPE'] === 'pgsql';}));
+$v_pgsql_hosts = array_values(array_filter($db_hosts, function ($host) {
+ return $host['TYPE'] === 'pgsql';
+}));
$v_pgsql = count($v_pgsql_hosts) ? 'yes' : 'no';
unset($db_hosts);
// List backup settings
$v_backup_dir = "/backup";
-if (!empty($_SESSION['BACKUP'])) $v_backup_dir = $_SESSION['BACKUP'];
+if (!empty($_SESSION['BACKUP'])) {
+ $v_backup_dir = $_SESSION['BACKUP'];
+}
$v_backup_gzip = '5';
-if (!empty($_SESSION['BACKUP_GZIP'])) $v_backup_gzip = $_SESSION['BACKUP_GZIP'];
+if (!empty($_SESSION['BACKUP_GZIP'])) {
+ $v_backup_gzip = $_SESSION['BACKUP_GZIP'];
+}
$v_backup_mode = 'gzip';
-if (!empty($_SESSION['BACKUP_MODE'])) $v_backup_mode = $_SESSION['BACKUP_MODE'];
-$backup_types = explode(",",$_SESSION['BACKUP_SYSTEM']);
+if (!empty($_SESSION['BACKUP_MODE'])) {
+ $v_backup_mode = $_SESSION['BACKUP_MODE'];
+}
+$backup_types = explode(",", $_SESSION['BACKUP_SYSTEM']);
foreach ($backup_types as $backup_type) {
if ($backup_type == 'local') {
$v_backup = 'yes';
} else {
- exec (HESTIA_CMD."v-list-backup-host ".escapeshellarg($backup_type)." json", $output, $return_var);
+ exec(HESTIA_CMD."v-list-backup-host ".escapeshellarg($backup_type)." json", $output, $return_var);
$v_remote_backup = json_decode(implode('', $output), true);
unset($output);
- if (in_array($backup_type , array('ftp','sftp'))) {
+ if (in_array($backup_type, array('ftp','sftp'))) {
$v_backup_host = $v_remote_backup[$backup_type]['HOST'];
$v_backup_type = $v_remote_backup[$backup_type]['TYPE'];
$v_backup_username = $v_remote_backup[$backup_type]['USERNAME'];
@@ -154,7 +203,7 @@
$v_backup_port = $v_remote_backup[$backup_type]['PORT'];
$v_backup_bpath = $v_remote_backup[$backup_type]['BPATH'];
$v_backup_remote_adv = "yes";
- } else if ( in_array($backup_type , array('b2')) ) {
+ } elseif (in_array($backup_type, array('b2'))) {
$v_backup_bucket = $v_remote_backup[$backup_type]['BUCKET'];
$v_backup_type = $v_remote_backup[$backup_type]['TYPE'];
$v_backup_application_id = $v_remote_backup[$backup_type]['B2_KEY_ID'];
@@ -165,7 +214,7 @@
}
// List ssl certificate info
-exec (HESTIA_CMD."v-list-sys-hestia-ssl json", $output, $return_var);
+exec(HESTIA_CMD."v-list-sys-hestia-ssl json", $output, $return_var);
$ssl_str = json_decode(implode('', $output), true);
unset($output);
$v_ssl_crt = $ssl_str['HESTIA']['CRT'];
@@ -183,41 +232,39 @@
if (!empty($_POST['save'])) {
$require_refresh = false;
// Check token
- if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
- header('location: /login/');
- exit();
- }
+ verify_csrf($_POST);
// Change hostname
if ((!empty($_POST['v_hostname'])) && ($v_hostname != $_POST['v_hostname'])) {
- exec (HESTIA_CMD."v-change-sys-hostname ".escapeshellarg($_POST['v_hostname']), $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-change-sys-hostname ".escapeshellarg($_POST['v_hostname']), $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
$v_hostname = $_POST['v_hostname'];
}
// Install/remove php versions
if (empty($_SESSION['error_msg'])) {
- if(!empty($v_php_versions)) {
+ if (!empty($v_php_versions)) {
$post_php = $_POST['v_php_versions'];
- array_map(function($php_version) use ($post_php) {
-
+ array_map(function ($php_version) use ($post_php) {
if (array_key_exists($php_version->tpl, $post_php)) {
if (!$php_version->installed) {
- exec (HESTIA_CMD . "v-add-web-php " . escapeshellarg($php_version->version), $output, $return_var);
+ exec(HESTIA_CMD . "v-add-web-php " . escapeshellarg($php_version->version), $output, $return_var);
check_return_code($return_var, $output);
unset($output);
- if(empty($_SESSION['error_msg']))
+ if (empty($_SESSION['error_msg'])) {
$php_version->installed = true;
+ }
}
} else {
if ($php_version->installed && !$php_version->protected) {
- exec (HESTIA_CMD . "v-delete-web-php " . escapeshellarg($php_version->version), $output, $return_var);
+ exec(HESTIA_CMD . "v-delete-web-php " . escapeshellarg($php_version->version), $output, $return_var);
check_return_code($return_var, $output);
unset($output);
- if (empty($_SESSION['error_msg']))
+ if (empty($_SESSION['error_msg'])) {
$php_version->installed = false;
+ }
}
}
@@ -230,23 +277,49 @@
if (empty($_SESSION['error_msg'])) {
if (!empty($_POST['v_timezone'])) {
$v_tz = $_POST['v_timezone'];
- if ($v_tz == 'UTC' ) $v_tz = 'Etc/UTC';
- if ($v_tz == 'HAST' ) $v_tz = 'Pacific/Honolulu';
- if ($v_tz == 'HADT' ) $v_tz = 'US/Aleutian';
- if ($v_tz == 'AKST' ) $v_tz = 'Etc/GMT+9';
- if ($v_tz == 'AKDT' ) $v_tz = 'America/Anchorage';
- if ($v_tz == 'PST' ) $v_tz = 'America/Dawson_Creek';
- if ($v_tz == 'PDT' ) $v_tz = 'PST8PDT';
- if ($v_tz == 'MDT' ) $v_tz = 'MST7MDT';
- if ($v_tz == 'CST' ) $v_tz = 'Canada/Saskatchewan';
- if ($v_tz == 'CDT' ) $v_tz = 'CST6CDT';
- if ($v_tz == 'EDT' ) $v_tz = 'EST5EDT';
- if ($v_tz == 'AST' ) $v_tz = 'America/Puerto_Rico';
- if ($v_tz == 'ADT' ) $v_tz = 'America/Halifax';
+ if ($v_tz == 'UTC') {
+ $v_tz = 'Etc/UTC';
+ }
+ if ($v_tz == 'HAST') {
+ $v_tz = 'Pacific/Honolulu';
+ }
+ if ($v_tz == 'HADT') {
+ $v_tz = 'US/Aleutian';
+ }
+ if ($v_tz == 'AKST') {
+ $v_tz = 'Etc/GMT+9';
+ }
+ if ($v_tz == 'AKDT') {
+ $v_tz = 'America/Anchorage';
+ }
+ if ($v_tz == 'PST') {
+ $v_tz = 'America/Dawson_Creek';
+ }
+ if ($v_tz == 'PDT') {
+ $v_tz = 'PST8PDT';
+ }
+ if ($v_tz == 'MDT') {
+ $v_tz = 'MST7MDT';
+ }
+ if ($v_tz == 'CST') {
+ $v_tz = 'Canada/Saskatchewan';
+ }
+ if ($v_tz == 'CDT') {
+ $v_tz = 'CST6CDT';
+ }
+ if ($v_tz == 'EDT') {
+ $v_tz = 'EST5EDT';
+ }
+ if ($v_tz == 'AST') {
+ $v_tz = 'America/Puerto_Rico';
+ }
+ if ($v_tz == 'ADT') {
+ $v_tz = 'America/Halifax';
+ }
if ($v_timezone != $v_tz) {
- exec (HESTIA_CMD."v-change-sys-timezone ".escapeshellarg($v_tz), $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-change-sys-timezone ".escapeshellarg($v_tz), $output, $return_var);
+ check_return_code($return_var, $output);
$v_timezone = $v_tz;
unset($output);
}
@@ -257,71 +330,90 @@
if (empty($_SESSION['error_msg'])) {
if ((!empty($_POST['v_language'])) && ($_SESSION['LANGUAGE'] != $_POST['v_language'])) {
if (isset($_POST['v_language_update'])) {
- exec (HESTIA_CMD."v-change-sys-language ".escapeshellarg($_POST['v_language'])." yes", $output, $return_var);
- if (empty($_SESSION['error_msg'])) $_SESSION['LANGUAGE'] = $_POST['v_language'];
+ exec(HESTIA_CMD."v-change-sys-language ".escapeshellarg($_POST['v_language'])." yes", $output, $return_var);
+ if (empty($_SESSION['error_msg'])) {
+ $_SESSION['LANGUAGE'] = $_POST['v_language'];
+ }
}
- exec (HESTIA_CMD."v-change-sys-language ".escapeshellarg($_POST['v_language']), $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-change-sys-language ".escapeshellarg($_POST['v_language']), $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
- if (empty($_SESSION['error_msg'])) $_SESSION['LANGUAGE'] = $_POST['v_language'];
-
+ if (empty($_SESSION['error_msg'])) {
+ $_SESSION['LANGUAGE'] = $_POST['v_language'];
+ }
}
}
// Update theme
if (empty($_SESSION['error_msg'])) {
if ($_POST['v_theme'] != $_SESSION['THEME']) {
- exec (HESTIA_CMD."v-change-sys-config-value THEME ".escapeshellarg($_POST['v_theme']), $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-change-sys-config-value THEME ".escapeshellarg($_POST['v_theme']), $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
}
}
- // Update debug mode status
+ // Update debug mode status
if (empty($_SESSION['error_msg'])) {
- if ($_POST['v_debug_mode'] == 'on') { $_POST['v_debug_mode'] = 'true'; } else { $_POST['v_debug_mode'] = 'false'; }
+ if ($_POST['v_debug_mode'] == 'on') {
+ $_POST['v_debug_mode'] = 'true';
+ } else {
+ $_POST['v_debug_mode'] = 'false';
+ }
if ($_POST['v_debug_mode'] != $_SESSION['DEBUG_MODE']) {
- exec (HESTIA_CMD."v-change-sys-config-value DEBUG_MODE ".escapeshellarg($_POST['v_debug_mode']), $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-change-sys-config-value DEBUG_MODE ".escapeshellarg($_POST['v_debug_mode']), $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
$v_debug_mode_adv = 'yes';
}
}
- // Enable/Disable Quick App Installer
+ // Enable/Disable Quick App Installer
if (empty($_SESSION['error_msg'])) {
if ($_POST['v_plugin_app_installer'] != $_SESSION['PLUGIN_APP_INSTALLER']) {
- if ($_POST['v_plugin_app_installer'] == 'true') { $_POST['v_plugin_app_installer'] = 'true'; } else { $_POST['v_plugin_app_installer'] = 'false'; }
- exec (HESTIA_CMD."v-change-sys-config-value PLUGIN_APP_INSTALLER ".escapeshellarg($_POST['v_plugin_app_installer']), $output, $return_var);
- check_return_code($return_var,$output);
+ if ($_POST['v_plugin_app_installer'] == 'true') {
+ $_POST['v_plugin_app_installer'] = 'true';
+ } else {
+ $_POST['v_plugin_app_installer'] = 'false';
+ }
+ exec(HESTIA_CMD."v-change-sys-config-value PLUGIN_APP_INSTALLER ".escapeshellarg($_POST['v_plugin_app_installer']), $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
}
}
// Update experimental features status
if (empty($_SESSION['error_msg'])) {
- if ($_POST['v_experimental_features'] == 'on') { $_POST['v_experimental_features'] = 'true'; } else { $_POST['v_experimental_features'] = 'false'; }
+ if ($_POST['v_experimental_features'] == 'on') {
+ $_POST['v_experimental_features'] = 'true';
+ } else {
+ $_POST['v_experimental_features'] = 'false';
+ }
if ($_POST['v_experimental_features'] != $_SESSION['POLICY_SYSTEM_ENABLE_BACON']) {
- exec (HESTIA_CMD."v-change-sys-config-value POLICY_SYSTEM_ENABLE_BACON ".escapeshellarg($_POST['v_experimental_features']), $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-change-sys-config-value POLICY_SYSTEM_ENABLE_BACON ".escapeshellarg($_POST['v_experimental_features']), $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
$v_debug_mode_adv = 'yes';
}
}
- // Set File Manager support
+ // Set File Manager support
if (empty($_SESSION['error_msg'])) {
if ((!empty($_POST['v_filemanager'])) && ($_SESSION['FILE_MANAGER'] != $_POST['v_filemanager'])) {
if ($_POST['v_filemanager'] == 'true') {
- exec (HESTIA_CMD."v-add-sys-filemanager", $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-add-sys-filemanager", $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
- if (empty($_SESSION['error_msg'])) $_SESSION['FILE_MANAGER'] = 'true';
+ if (empty($_SESSION['error_msg'])) {
+ $_SESSION['FILE_MANAGER'] = 'true';
+ }
} else {
- exec (HESTIA_CMD."v-delete-sys-filemanager", $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-delete-sys-filemanager", $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
- if (empty($_SESSION['error_msg'])) $_SESSION['FILE_MANAGER'] = 'false';
+ if (empty($_SESSION['error_msg'])) {
+ $_SESSION['FILE_MANAGER'] = 'false';
+ }
}
}
}
@@ -329,15 +421,19 @@
if (empty($_SESSION['error_msg'])) {
if (!empty($_POST['v_phpmyadmin_key'])) {
if ($_POST['v_phpmyadmin_key'] == 'yes' && $_SESSION['PHPMYADMIN_KEY'] == '') {
- exec (HESTIA_CMD."v-add-sys-pma-sso quiet", $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-add-sys-pma-sso quiet", $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
- if (empty($_SESSION['error_msg'])) $_SESSION['PHPMYADMIN_KEY'] != "";
- } else if ($_POST['v_phpmyadmin_key'] == 'no' && $_SESSION['PHPMYADMIN_KEY'] != '') {
- exec (HESTIA_CMD."v-delete-sys-pma-sso quiet", $output, $return_var);
- check_return_code($return_var,$output);
+ if (empty($_SESSION['error_msg'])) {
+ $_SESSION['PHPMYADMIN_KEY'] != "";
+ }
+ } elseif ($_POST['v_phpmyadmin_key'] == 'no' && $_SESSION['PHPMYADMIN_KEY'] != '') {
+ exec(HESTIA_CMD."v-delete-sys-pma-sso quiet", $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
- if (empty($_SESSION['error_msg'])) $_SESSION['PHPMYADMIN_KEY'] = '';
+ if (empty($_SESSION['error_msg'])) {
+ $_SESSION['PHPMYADMIN_KEY'] = '';
+ }
}
}
}
@@ -346,34 +442,46 @@
if (empty($_SESSION['error_msg'])) {
if ((!empty($_POST['v_quota'])) && ($_SESSION['DISK_QUOTA'] != $_POST['v_quota'])) {
if ($_POST['v_quota'] == 'yes') {
- exec (HESTIA_CMD."v-add-sys-quota", $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-add-sys-quota", $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
- if (empty($_SESSION['error_msg'])) $_SESSION['DISK_QUOTA'] = 'yes';
+ if (empty($_SESSION['error_msg'])) {
+ $_SESSION['DISK_QUOTA'] = 'yes';
+ }
} else {
- exec (HESTIA_CMD."v-delete-sys-quota", $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-delete-sys-quota", $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
- if (empty($_SESSION['error_msg'])) $_SESSION['DISK_QUOTA'] = 'no';
+ if (empty($_SESSION['error_msg'])) {
+ $_SESSION['DISK_QUOTA'] = 'no';
+ }
}
}
}
// Set firewall support
if (empty($_SESSION['error_msg'])) {
- if ($_SESSION['FIREWALL_SYSTEM'] == 'iptables') $v_firewall = 'yes';
- if ($_SESSION['FIREWALL_SYSTEM'] != 'iptables') $v_firewall = 'no';
+ if ($_SESSION['FIREWALL_SYSTEM'] == 'iptables') {
+ $v_firewall = 'yes';
+ }
+ if ($_SESSION['FIREWALL_SYSTEM'] != 'iptables') {
+ $v_firewall = 'no';
+ }
if ((!empty($_POST['v_firewall'])) && ($v_firewall != $_POST['v_firewall'])) {
if ($_POST['v_firewall'] == 'yes') {
- exec (HESTIA_CMD."v-add-sys-firewall", $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-add-sys-firewall", $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
- if (empty($_SESSION['error_msg'])) $_SESSION['FIREWALL_SYSTEM'] = 'iptables';
+ if (empty($_SESSION['error_msg'])) {
+ $_SESSION['FIREWALL_SYSTEM'] = 'iptables';
+ }
} else {
- exec (HESTIA_CMD."v-delete-sys-firewall", $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-delete-sys-firewall", $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
- if (empty($_SESSION['error_msg'])) $_SESSION['FIREWALL_SYSTEM'] = '';
+ if (empty($_SESSION['error_msg'])) {
+ $_SESSION['FIREWALL_SYSTEM'] = '';
+ }
}
}
}
@@ -381,8 +489,8 @@
// Update mysql pasword
if (empty($_SESSION['error_msg'])) {
if (!empty($_POST['v_mysql_password'])) {
- exec (HESTIA_CMD."v-change-database-host-password mysql localhost root ".escapeshellarg($_POST['v_mysql_password']), $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-change-database-host-password mysql localhost root ".escapeshellarg($_POST['v_mysql_password']), $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
$v_db_adv = 'yes';
}
@@ -391,8 +499,8 @@
// Update webmail url
if (empty($_SESSION['error_msg'])) {
if ($_POST['v_webmail_alias'] != $_SESSION['WEBMAIL_ALIAS']) {
- exec (HESTIA_CMD."v-change-sys-webmail ".escapeshellarg($_POST['v_webmail_alias']), $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-change-sys-webmail ".escapeshellarg($_POST['v_webmail_alias']), $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
$v_mail_adv = 'yes';
}
@@ -402,11 +510,11 @@
if (empty($_SESSION['error_msg'])) {
if (isset($_POST['v_smtp_relay']) && (!empty($_POST['v_smtp_relay_host'])) && (!empty($_POST['v_smtp_relay_user']))) {
if (($_POST['v_smtp_relay_host'] != $v_smtp_relay_host) ||
- ($_POST['v_smtp_relay_user'] != $v_smtp_relay_user) ||
- ($_POST['v_smtp_relay_port'] != $v_smtp_relay_port) ||
- (!empty($_POST['v_smtp_relay_pass']))) {
- if (!empty($_POST['v_smtp_relay_pass'])) {
- $v_smtp_relay = true;
+ ($_POST['v_smtp_relay_user'] != $v_smtp_relay_user) ||
+ ($_POST['v_smtp_relay_port'] != $v_smtp_relay_port) ||
+ (!empty($_POST['v_smtp_relay_pass']))) {
+ if (!empty($_POST['v_smtp_relay_pass'])) {
+ $v_smtp_relay = true;
$v_smtp_relay_host = escapeshellarg($_POST['v_smtp_relay_host']);
$v_smtp_relay_user = escapeshellarg($_POST['v_smtp_relay_user']);
$v_smtp_relay_pass = escapeshellarg($_POST['v_smtp_relay_pass']);
@@ -415,8 +523,8 @@
} else {
$v_smtp_relay_port = '587';
}
- exec (HESTIA_CMD."v-add-sys-smtp-relay ".$v_smtp_relay_host." ".$v_smtp_relay_user." ".$v_smtp_relay_pass." ".$v_smtp_relay_port, $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-add-sys-smtp-relay ".$v_smtp_relay_host." ".$v_smtp_relay_user." ".$v_smtp_relay_pass." ".$v_smtp_relay_port, $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
} else {
$_SESSION['error_msg'] = _('SMTP Relay Password is required');
@@ -426,8 +534,8 @@
if ((!isset($_POST['v_smtp_relay'])) && ($v_smtp_relay == true)) {
$v_smtp_relay = false;
$v_smtp_relay_host = $v_smtp_relay_user = $v_smtp_relay_pass = $v_smtp_relay_port = '';
- exec (HESTIA_CMD."v-delete-sys-smtp-relay", $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-delete-sys-smtp-relay", $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
}
}
@@ -435,8 +543,8 @@
// Update phpMyAdmin url
if (empty($_SESSION['error_msg'])) {
if ($_POST['v_mysql_url'] != $_SESSION['DB_PMA_ALIAS']) {
- exec (HESTIA_CMD."v-change-sys-db-alias pma ".escapeshellarg($_POST['v_mysql_url']), $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-change-sys-db-alias pma ".escapeshellarg($_POST['v_mysql_url']), $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
$v_db_adv = 'yes';
}
@@ -445,8 +553,8 @@
// Update phpPgAdmin url
if (empty($_SESSION['error_msg'])) {
if ($_POST['v_pgsql_url'] != $_SESSION['DB_PGA_ALIAS']) {
- exec (HESTIA_CMD."v-change-sys-db-alias pga ".escapeshellarg($_POST['v_pgsql_url']), $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-change-sys-db-alias pga ".escapeshellarg($_POST['v_pgsql_url']), $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
$v_db_adv = 'yes';
}
@@ -455,8 +563,8 @@
// Update release branch
if (empty($_SESSION['error_msg'])) {
if ($_POST['v_release_branch'] != $_SESSION['RELEASE_BRANCH']) {
- exec (HESTIA_CMD."v-change-sys-release ".escapeshellarg($_POST['v_release_branch']), $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-change-sys-release ".escapeshellarg($_POST['v_release_branch']), $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
$v_release_adv = 'yes';
}
@@ -464,11 +572,19 @@
// Update send notification setting
if (empty($_SESSION['error_msg'])) {
- if ( $_SESSION['UPGRADE_SEND_EMAIL'] == 'true' ){ $ugrade_send_mail = 'on'; }else{ $ugrade_send_mail = ''; }
- if ( $_POST['v_upgrade_send_notification_email'] != $ugrade_send_mail ) {
- if ($_POST['v_upgrade_send_notification_email'] == 'on') { $_POST['v_upgrade_send_notification_email'] = 'true'; } else { $_POST['v_upgrade_send_notification_email'] = 'false'; }
- exec (HESTIA_CMD."v-change-sys-config-value UPGRADE_SEND_EMAIL ".escapeshellarg($_POST['v_upgrade_send_notification_email']), $output, $return_var);
- check_return_code($return_var,$output);
+ if ($_SESSION['UPGRADE_SEND_EMAIL'] == 'true') {
+ $ugrade_send_mail = 'on';
+ } else {
+ $ugrade_send_mail = '';
+ }
+ if ($_POST['v_upgrade_send_notification_email'] != $ugrade_send_mail) {
+ if ($_POST['v_upgrade_send_notification_email'] == 'on') {
+ $_POST['v_upgrade_send_notification_email'] = 'true';
+ } else {
+ $_POST['v_upgrade_send_notification_email'] = 'false';
+ }
+ exec(HESTIA_CMD."v-change-sys-config-value UPGRADE_SEND_EMAIL ".escapeshellarg($_POST['v_upgrade_send_notification_email']), $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
$v_upgrade_notification_adv = 'yes';
}
@@ -476,11 +592,19 @@
// Update send log by email setting
if (empty($_SESSION['error_msg'])) {
- if ( $_SESSION['UPGRADE_SEND_EMAIL_LOG'] == 'true' ){ $send_email_log = 'on'; }else{ $send_email_log = ''; }
- if ( $_POST['v_upgrade_send_email_log'] != $send_email_log ) {
- if ($_POST['v_upgrade_send_email_log'] == 'on') { $_POST['v_upgrade_send_email_log'] = 'true'; } else { $_POST['v_upgrade_send_email_log'] = 'false'; }
- exec (HESTIA_CMD."v-change-sys-config-value UPGRADE_SEND_EMAIL_LOG ".escapeshellarg($_POST['v_upgrade_send_email_log']), $output, $return_var);
- check_return_code($return_var,$output);
+ if ($_SESSION['UPGRADE_SEND_EMAIL_LOG'] == 'true') {
+ $send_email_log = 'on';
+ } else {
+ $send_email_log = '';
+ }
+ if ($_POST['v_upgrade_send_email_log'] != $send_email_log) {
+ if ($_POST['v_upgrade_send_email_log'] == 'on') {
+ $_POST['v_upgrade_send_email_log'] = 'true';
+ } else {
+ $_POST['v_upgrade_send_email_log'] = 'false';
+ }
+ exec(HESTIA_CMD."v-change-sys-config-value UPGRADE_SEND_EMAIL_LOG ".escapeshellarg($_POST['v_upgrade_send_email_log']), $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
$v_upgrade_send_log_adv = 'yes';
}
@@ -488,74 +612,85 @@
// Disable local backup
if (empty($_SESSION['error_msg'])) {
- if (($_POST['v_backup'] == 'no') && ($v_backup == 'yes' )) {
- exec (HESTIA_CMD."v-delete-backup-host local", $output, $return_var);
- check_return_code($return_var,$output);
+ if (($_POST['v_backup'] == 'no') && ($v_backup == 'yes')) {
+ exec(HESTIA_CMD."v-delete-backup-host local", $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
- if (empty($_SESSION['error_msg'])) $v_backup = 'no';
+ if (empty($_SESSION['error_msg'])) {
+ $v_backup = 'no';
+ }
$v_backup_adv = 'yes';
}
}
// Enable local backups
if (empty($_SESSION['error_msg'])) {
- if (($_POST['v_backup'] == 'yes') && ($v_backup != 'yes' )) {
- exec (HESTIA_CMD."v-add-backup-host local", $output, $return_var);
- check_return_code($return_var,$output);
+ if (($_POST['v_backup'] == 'yes') && ($v_backup != 'yes')) {
+ exec(HESTIA_CMD."v-add-backup-host local", $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
- if (empty($_SESSION['error_msg'])) $v_backup = 'yes';
+ if (empty($_SESSION['error_msg'])) {
+ $v_backup = 'yes';
+ }
$v_backup_adv = 'yes';
}
}
// Change backup gzip level
if (empty($_SESSION['error_msg'])) {
- if ($_POST['v_backup_gzip'] != $v_backup_gzip ) {
- if ( $_POST['v_backup_mode'] == 'gzip' ){
+ if ($_POST['v_backup_gzip'] != $v_backup_gzip) {
+ if ($_POST['v_backup_mode'] == 'gzip') {
$_POST['v_backup_gzip'] = 9;
}
- exec (HESTIA_CMD."v-change-sys-config-value BACKUP_GZIP ".escapeshellarg($_POST['v_backup_gzip']), $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-change-sys-config-value BACKUP_GZIP ".escapeshellarg($_POST['v_backup_gzip']), $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
- if (empty($_SESSION['error_msg'])) $v_backup_gzip = $_POST['v_backup_gzip'];
+ if (empty($_SESSION['error_msg'])) {
+ $v_backup_gzip = $_POST['v_backup_gzip'];
+ }
$v_backup_adv = 'yes';
}
}
// Change backup mode
if (empty($_SESSION['error_msg'])) {
- if ($_POST['v_backup_mode'] != $v_backup_mode ) {
- exec (HESTIA_CMD."v-change-sys-config-value BACKUP_MODE ".escapeshellarg($_POST['v_backup_mode']), $output, $return_var);
- check_return_code($return_var,$output);
+ if ($_POST['v_backup_mode'] != $v_backup_mode) {
+ exec(HESTIA_CMD."v-change-sys-config-value BACKUP_MODE ".escapeshellarg($_POST['v_backup_mode']), $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
- if (empty($_SESSION['error_msg'])) $v_backup_mode = $_POST['v_backup_mode'];
+ if (empty($_SESSION['error_msg'])) {
+ $v_backup_mode = $_POST['v_backup_mode'];
+ }
$v_backup_adv = 'yes';
- if ( $_POST['v_backup_mode'] == 'gzip' ){
+ if ($_POST['v_backup_mode'] == 'gzip') {
$_POST['v_backup_gzip'] = 9;
- if (empty($_SESSION['error_msg'])) $v_backup_gzip = $_POST['v_backup_gzip'];
- exec (HESTIA_CMD."v-change-sys-config-value BACKUP_GZIP ".escapeshellarg($_POST['v_backup_gzip']), $output, $return_var);
+ if (empty($_SESSION['error_msg'])) {
+ $v_backup_gzip = $_POST['v_backup_gzip'];
+ }
+ exec(HESTIA_CMD."v-change-sys-config-value BACKUP_GZIP ".escapeshellarg($_POST['v_backup_gzip']), $output, $return_var);
}
-
}
}
// Change backup path
if (empty($_SESSION['error_msg'])) {
- if ($_POST['v_backup_dir'] != $v_backup_dir ) {
+ if ($_POST['v_backup_dir'] != $v_backup_dir) {
/*
- See #1655
+ See #1655
exec (HESTIA_CMD."v-change-sys-config-value BACKUP ".escapeshellarg($_POST['v_backup_dir']), $output, $return_var);
check_return_code($return_var,$output);
unset($output);
*/
- if (empty($_SESSION['error_msg'])) $v_backup_dir = $_POST['v_backup_dir'];
+ if (empty($_SESSION['error_msg'])) {
+ $v_backup_dir = $_POST['v_backup_dir'];
+ }
#$v_backup_adv = 'yes';
}
}
-
+
// Add remote backup host
if (empty($_SESSION['error_msg'])) {
- if ((empty($v_backup_host) && empty($v_backup_bucket) && ((!empty($_POST['v_backup_host'])) || !empty($_POST['v_backup_bucket']))) ) {
+ if ((empty($v_backup_host) && empty($v_backup_bucket) && ((!empty($_POST['v_backup_host'])) || !empty($_POST['v_backup_bucket'])))) {
if (in_array($_POST['v_backup_type'], array('ftp','sftp'))) {
$v_backup_host = escapeshellarg($_POST['v_backup_host']);
$v_backup_port = escapeshellarg($_POST['v_backup_port']);
@@ -563,29 +698,47 @@
$v_backup_username = escapeshellarg($_POST['v_backup_username']);
$v_backup_password = escapeshellcmd($_POST['v_backup_password']);
$v_backup_bpath = escapeshellarg($_POST['v_backup_bpath']);
- exec (HESTIA_CMD."v-add-backup-host ". $v_backup_type ." ". $v_backup_host ." ". $v_backup_username ." ". $v_backup_password ." ". $v_backup_bpath." ".$v_backup_port, $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-add-backup-host ". $v_backup_type ." ". $v_backup_host ." ". $v_backup_username ." ". $v_backup_password ." ". $v_backup_bpath." ".$v_backup_port, $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
- if (empty($_SESSION['error_msg'])) $v_backup_host = $_POST['v_backup_host'];
- if (empty($_SESSION['error_msg'])) $v_backup_type = $_POST['v_backup_type'];
- if (empty($_SESSION['error_msg'])) $v_backup_username = $_POST['v_backup_username'];
- if (empty($_SESSION['error_msg'])) $v_backup_password = $_POST['v_backup_password'];
- if (empty($_SESSION['error_msg'])) $v_backup_bpath = $_POST['v_backup_bpath'];
- if (empty($_SESSION['error_msg'])) $v_backup_port = $_POST['v_backup_port'];
+ if (empty($_SESSION['error_msg'])) {
+ $v_backup_host = $_POST['v_backup_host'];
+ }
+ if (empty($_SESSION['error_msg'])) {
+ $v_backup_type = $_POST['v_backup_type'];
+ }
+ if (empty($_SESSION['error_msg'])) {
+ $v_backup_username = $_POST['v_backup_username'];
+ }
+ if (empty($_SESSION['error_msg'])) {
+ $v_backup_password = $_POST['v_backup_password'];
+ }
+ if (empty($_SESSION['error_msg'])) {
+ $v_backup_bpath = $_POST['v_backup_bpath'];
+ }
+ if (empty($_SESSION['error_msg'])) {
+ $v_backup_port = $_POST['v_backup_port'];
+ }
$v_backup_new = 'yes';
$v_backup_adv = 'yes';
$v_backup_remote_adv = 'yes';
- } else if (in_array($_POST['v_backup_type'], array('b2'))) {
+ } elseif (in_array($_POST['v_backup_type'], array('b2'))) {
$v_backup_type = escapeshellarg($_POST['v_backup_type']);
$v_backup_bucket = escapeshellarg($_POST['v_backup_bucket']);
$v_backup_application_id = escapeshellarg($_POST['v_backup_application_id']);
$v_backup_application_key = escapeshellarg($_POST['v_backup_application_key']);
- exec (HESTIA_CMD."v-add-backup-host ". $v_backup_type ." ". $v_backup_bucket ." ". $v_backup_application_id ." ". $v_backup_application_key, $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-add-backup-host ". $v_backup_type ." ". $v_backup_bucket ." ". $v_backup_application_id ." ". $v_backup_application_key, $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
- if (empty($_SESSION['error_msg'])) $v_backup_bucket = escapeshellarg($_POST['v_backup_bucket']);
- if (empty($_SESSION['error_msg'])) $v_backup_application_id = escapeshellarg($_POST['v_backup_application_id']);
- if (empty($_SESSION['error_msg'])) $v_backup_application_key = escapeshellarg($_POST['v_backup_application_key']);
+ if (empty($_SESSION['error_msg'])) {
+ $v_backup_bucket = escapeshellarg($_POST['v_backup_bucket']);
+ }
+ if (empty($_SESSION['error_msg'])) {
+ $v_backup_application_id = escapeshellarg($_POST['v_backup_application_id']);
+ }
+ if (empty($_SESSION['error_msg'])) {
+ $v_backup_application_key = escapeshellarg($_POST['v_backup_application_key']);
+ }
$v_backup_new = 'yes';
$v_backup_adv = 'yes';
$v_backup_remote_adv = 'yes';
@@ -596,7 +749,7 @@
// Change remote backup host type
if (empty($_SESSION['error_msg'])) {
if ((!empty($_POST['v_backup_host'])) && ($_POST['v_backup_type'] != $v_backup_type)) {
- exec (HESTIA_CMD."v-delete-backup-host " . escapeshellarg($v_backup_type) , $output, $return_var);
+ exec(HESTIA_CMD."v-delete-backup-host " . escapeshellarg($v_backup_type), $output, $return_var);
unset($output);
if (in_array($_POST['v_backup_type'], array('ftp','sftp'))) {
$v_backup_host = escapeshellarg($_POST['v_backup_host']);
@@ -605,28 +758,46 @@
$v_backup_username = escapeshellarg($_POST['v_backup_username']);
$v_backup_password = escapeshellcmd($_POST['v_backup_password']);
$v_backup_bpath = escapeshellarg($_POST['v_backup_bpath']);
- exec (HESTIA_CMD."v-add-backup-host ". $v_backup_type ." ". $v_backup_host ." ". $v_backup_username ." ". $v_backup_password ." ". $v_backup_bpath." ".$v_backup_port, $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-add-backup-host ". $v_backup_type ." ". $v_backup_host ." ". $v_backup_username ." ". $v_backup_password ." ". $v_backup_bpath." ".$v_backup_port, $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
- if (empty($_SESSION['error_msg'])) $v_backup_host = $_POST['v_backup_host'];
- if (empty($_SESSION['error_msg'])) $v_backup_type = $_POST['v_backup_type'];
- if (empty($_SESSION['error_msg'])) $v_backup_username = $_POST['v_backup_username'];
- if (empty($_SESSION['error_msg'])) $v_backup_password = $_POST['v_backup_password'];
- if (empty($_SESSION['error_msg'])) $v_backup_bpath = $_POST['v_backup_bpath'];
- if (empty($_SESSION['error_msg'])) $v_backup_port = $_POST['v_backup_port'];
+ if (empty($_SESSION['error_msg'])) {
+ $v_backup_host = $_POST['v_backup_host'];
+ }
+ if (empty($_SESSION['error_msg'])) {
+ $v_backup_type = $_POST['v_backup_type'];
+ }
+ if (empty($_SESSION['error_msg'])) {
+ $v_backup_username = $_POST['v_backup_username'];
+ }
+ if (empty($_SESSION['error_msg'])) {
+ $v_backup_password = $_POST['v_backup_password'];
+ }
+ if (empty($_SESSION['error_msg'])) {
+ $v_backup_bpath = $_POST['v_backup_bpath'];
+ }
+ if (empty($_SESSION['error_msg'])) {
+ $v_backup_port = $_POST['v_backup_port'];
+ }
$v_backup_adv = 'yes';
$v_backup_remote_adv = 'yes';
- } else if(in_array($_POST['v_backup_type'], array('b2'))) {
+ } elseif (in_array($_POST['v_backup_type'], array('b2'))) {
$v_backup_bucket = escapeshellarg($_POST['v_backup_bucket']);
$v_backup_application_id = escapeshellarg($_POST['v_backup_application_id']);
$v_backup_application_key = escapeshellarg($_POST['v_backup_application_key']);
- exec (HESTIA_CMD."v-add-backup-host ". $v_backup_type ." ". $v_backup_bucket ." ". $v_backup_application_id ." ". $v_backup_application_key, $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-add-backup-host ". $v_backup_type ." ". $v_backup_bucket ." ". $v_backup_application_id ." ". $v_backup_application_key, $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
$v_backup_type = escapeshellarg($_POST['v_backup_type']);
- if (empty($_SESSION['error_msg'])) $v_backup_bucket = escapeshellarg($_POST['v_backup_bucket']);
- if (empty($_SESSION['error_msg'])) $v_backup_application_id = escapeshellarg($_POST['v_backup_application_id']);
- if (empty($_SESSION['error_msg'])) $v_backup_application_key = escapeshellarg($_POST['v_backup_application_key']);
+ if (empty($_SESSION['error_msg'])) {
+ $v_backup_bucket = escapeshellarg($_POST['v_backup_bucket']);
+ }
+ if (empty($_SESSION['error_msg'])) {
+ $v_backup_application_id = escapeshellarg($_POST['v_backup_application_id']);
+ }
+ if (empty($_SESSION['error_msg'])) {
+ $v_backup_application_key = escapeshellarg($_POST['v_backup_application_key']);
+ }
$v_backup_adv = 'yes';
$v_backup_remote_adv = 'yes';
}
@@ -644,33 +815,51 @@
$v_backup_username = escapeshellarg($_POST['v_backup_username']);
$v_backup_password = escapeshellcmd($_POST['v_backup_password']);
$v_backup_bpath = escapeshellarg($_POST['v_backup_bpath']);
- exec (HESTIA_CMD."v-add-backup-host ". $v_backup_type ." ". $v_backup_host ." ". $v_backup_username ." ". $v_backup_password ." ". $v_backup_bpath." ".$v_backup_port, $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-add-backup-host ". $v_backup_type ." ". $v_backup_host ." ". $v_backup_username ." ". $v_backup_password ." ". $v_backup_bpath." ".$v_backup_port, $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
- if (empty($_SESSION['error_msg'])) $v_backup_host = $_POST['v_backup_host'];
- if (empty($_SESSION['error_msg'])) $v_backup_type = $_POST['v_backup_type'];
- if (empty($_SESSION['error_msg'])) $v_backup_username = $_POST['v_backup_username'];
- if (empty($_SESSION['error_msg'])) $v_backup_password = $_POST['v_backup_password'];
- if (empty($_SESSION['error_msg'])) $v_backup_bpath = $_POST['v_backup_bpath'];
- if (empty($_SESSION['error_msg'])) $v_backup_port = $_POST['v_backup_port'];
+ if (empty($_SESSION['error_msg'])) {
+ $v_backup_host = $_POST['v_backup_host'];
+ }
+ if (empty($_SESSION['error_msg'])) {
+ $v_backup_type = $_POST['v_backup_type'];
+ }
+ if (empty($_SESSION['error_msg'])) {
+ $v_backup_username = $_POST['v_backup_username'];
+ }
+ if (empty($_SESSION['error_msg'])) {
+ $v_backup_password = $_POST['v_backup_password'];
+ }
+ if (empty($_SESSION['error_msg'])) {
+ $v_backup_bpath = $_POST['v_backup_bpath'];
+ }
+ if (empty($_SESSION['error_msg'])) {
+ $v_backup_port = $_POST['v_backup_port'];
+ }
$v_backup_adv = 'yes';
$v_backup_remote_adv = 'yes';
}
- } else if(in_array($_POST['v_backup_type'], array('b2'))) {
+ } elseif (in_array($_POST['v_backup_type'], array('b2'))) {
if (($_POST['v_backup_bucket'] != $v_backup_bucket) || ($_POST['v_backup_application_key'] != $v_backup_application_key) || ($_POST['v_backup_application_id'] != $v_backup_application_id)) {
$v_backup_type = escapeshellarg($_POST['v_backup_type']);
$v_backup_bucket = escapeshellarg($_POST['v_backup_bucket']);
$v_backup_application_id = escapeshellarg($_POST['v_backup_application_id']);
$v_backup_application_key = escapeshellarg($_POST['v_backup_application_key']);
- exec (HESTIA_CMD."v-add-backup-host ". $v_backup_type ." ". $v_backup_bucket ." ". $v_backup_application_id ." ". $v_backup_application_key, $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-add-backup-host ". $v_backup_type ." ". $v_backup_bucket ." ". $v_backup_application_id ." ". $v_backup_application_key, $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
- if (empty($_SESSION['error_msg'])) $v_backup_bucket = escapeshellarg($_POST['v_backup_bucket']);
- if (empty($_SESSION['error_msg'])) $v_backup_application_id = escapeshellarg($_POST['v_backup_application_id']);
- if (empty($_SESSION['error_msg'])) $v_backup_application_key = escapeshellarg($_POST['v_backup_application_key']);
+ if (empty($_SESSION['error_msg'])) {
+ $v_backup_bucket = escapeshellarg($_POST['v_backup_bucket']);
+ }
+ if (empty($_SESSION['error_msg'])) {
+ $v_backup_application_id = escapeshellarg($_POST['v_backup_application_id']);
+ }
+ if (empty($_SESSION['error_msg'])) {
+ $v_backup_application_key = escapeshellarg($_POST['v_backup_application_key']);
+ }
$v_backup_adv = 'yes';
$v_backup_remote_adv = 'yes';
- }
+ }
}
}
}
@@ -678,17 +867,33 @@
// Delete remote backup host
if (empty($_SESSION['error_msg'])) {
if (empty($_POST['v_backup_remote_adv']) && isset($v_backup_remote_adv)) {
- exec (HESTIA_CMD."v-delete-backup-host ".escapeshellarg($v_backup_type), $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-delete-backup-host ".escapeshellarg($v_backup_type), $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
- if (empty($_SESSION['error_msg'])) $v_backup_host = '';
- if (empty($_SESSION['error_msg'])) $v_backup_type = '';
- if (empty($_SESSION['error_msg'])) $v_backup_username = '';
- if (empty($_SESSION['error_msg'])) $v_backup_password = '';
- if (empty($_SESSION['error_msg'])) $v_backup_bpath = '';
- if (empty($_SESSION['error_msg'])) $v_backup_bucket = '';
- if (empty($_SESSION['error_msg'])) $v_backup_application_id = '';
- if (empty($_SESSION['error_msg'])) $v_backup_application_key = '';
+ if (empty($_SESSION['error_msg'])) {
+ $v_backup_host = '';
+ }
+ if (empty($_SESSION['error_msg'])) {
+ $v_backup_type = '';
+ }
+ if (empty($_SESSION['error_msg'])) {
+ $v_backup_username = '';
+ }
+ if (empty($_SESSION['error_msg'])) {
+ $v_backup_password = '';
+ }
+ if (empty($_SESSION['error_msg'])) {
+ $v_backup_bpath = '';
+ }
+ if (empty($_SESSION['error_msg'])) {
+ $v_backup_bucket = '';
+ }
+ if (empty($_SESSION['error_msg'])) {
+ $v_backup_application_id = '';
+ }
+ if (empty($_SESSION['error_msg'])) {
+ $v_backup_application_key = '';
+ }
$v_backup_adv = '';
$v_backup_remote_adv = '';
}
@@ -697,36 +902,42 @@
// Change INACTIVE_SESSION_TIMEOUT
if (empty($_SESSION['error_msg'])) {
if ($_POST['v_inactive_session_timeout'] != $_SESSION['INACTIVE_SESSION_TIMEOUT']) {
- if($_POST['v_inactive_session_timeout'] < 1){
- $_SESSION['error_msg'] = _('Inactive session timeout can not lower than 1 minute');
- }else{
- exec (HESTIA_CMD."v-change-sys-config-value INACTIVE_SESSION_TIMEOUT ".escapeshellarg($_POST['v_inactive_session_timeout']), $output, $return_var);
- check_return_code($return_var,$output);
- unset($output);
- if (empty($_SESSION['error_msg'])) $v_inactive_session_timeout = $_POST['v_inactive_session_timeout'];
+ if ($_POST['v_inactive_session_timeout'] < 1) {
+ $_SESSION['error_msg'] = _('Inactive session timeout can not lower than 1 minute');
+ } else {
+ exec(HESTIA_CMD."v-change-sys-config-value INACTIVE_SESSION_TIMEOUT ".escapeshellarg($_POST['v_inactive_session_timeout']), $output, $return_var);
+ check_return_code($return_var, $output);
+ unset($output);
+ if (empty($_SESSION['error_msg'])) {
+ $v_inactive_session_timeout = $_POST['v_inactive_session_timeout'];
+ }
}
$v_security_adv = 'yes';
}
}
-
- // Change POLICY_CSRF_STRICTNESS
+
+ // Change POLICY_CSRF_STRICTNESS
if (empty($_SESSION['error_msg'])) {
if ($_POST['v_policy_csrf_strictness'] != $_SESSION['POLICY_CSRF_STRICTNESS']) {
- exec (HESTIA_CMD."v-change-sys-config-value POLICY_CSRF_STRICTNESS ".escapeshellarg($_POST['v_policy_csrf_strictness']), $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-change-sys-config-value POLICY_CSRF_STRICTNESS ".escapeshellarg($_POST['v_policy_csrf_strictness']), $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
- if (empty($_SESSION['error_msg'])) $v_policy_csrf_strictness = $_POST['v_inactive_session_timeout'];
+ if (empty($_SESSION['error_msg'])) {
+ $v_policy_csrf_strictness = $_POST['v_inactive_session_timeout'];
+ }
$v_security_adv = 'yes';
}
}
-
+
// Change ENFORCE_SUBDOMAIN_OWNERSHIP
if (empty($_SESSION['error_msg'])) {
if ($_POST['v_enforce_subdomain_ownership'] != $_SESSION['ENFORCE_SUBDOMAIN_OWNERSHIP']) {
- exec (HESTIA_CMD."v-change-sys-config-value ENFORCE_SUBDOMAIN_OWNERSHIP ".escapeshellarg($_POST['v_enforce_subdomain_ownership']), $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-change-sys-config-value ENFORCE_SUBDOMAIN_OWNERSHIP ".escapeshellarg($_POST['v_enforce_subdomain_ownership']), $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
- if (empty($_SESSION['error_msg'])) $v_enforce_subdomain_ownership = $_POST['v_enforce_subdomain_ownership'];
+ if (empty($_SESSION['error_msg'])) {
+ $v_enforce_subdomain_ownership = $_POST['v_enforce_subdomain_ownership'];
+ }
$v_security_adv = 'yes';
}
}
@@ -734,10 +945,12 @@
// Change POLICY_USER_EDIT_DETAILS
if (empty($_SESSION['error_msg'])) {
if ($_POST['v_policy_user_edit_details'] != $_SESSION['POLICY_USER_EDIT_DETAILS']) {
- exec (HESTIA_CMD."v-change-sys-config-value POLICY_USER_EDIT_DETAILS ".escapeshellarg($_POST['v_policy_user_edit_details']), $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-change-sys-config-value POLICY_USER_EDIT_DETAILS ".escapeshellarg($_POST['v_policy_user_edit_details']), $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
- if (empty($_SESSION['error_msg'])) $v_policy_user_edit_details = $_POST['v_policy_user_edit_details'];
+ if (empty($_SESSION['error_msg'])) {
+ $v_policy_user_edit_details = $_POST['v_policy_user_edit_details'];
+ }
$v_security_adv = 'yes';
}
}
@@ -745,10 +958,12 @@
// Change POLICY_USER_EDIT_WEB_TEMPLATES
if (empty($_SESSION['error_msg'])) {
if ($_POST['v_policy_user_edit_web_templates'] != $_SESSION['POLICY_USER_EDIT_WEB_TEMPLATES']) {
- exec (HESTIA_CMD."v-change-sys-config-value POLICY_USER_EDIT_WEB_TEMPLATES ".escapeshellarg($_POST['v_policy_user_edit_web_templates']), $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-change-sys-config-value POLICY_USER_EDIT_WEB_TEMPLATES ".escapeshellarg($_POST['v_policy_user_edit_web_templates']), $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
- if (empty($_SESSION['error_msg'])) $v_policy_user_edit_details = $_POST['v_policy_user_edit_web_templates'];
+ if (empty($_SESSION['error_msg'])) {
+ $v_policy_user_edit_details = $_POST['v_policy_user_edit_web_templates'];
+ }
$v_security_adv = 'yes';
}
}
@@ -756,10 +971,12 @@
// Change POLICY_USER_EDIT_DNS_TEMPLATES
if (empty($_SESSION['error_msg'])) {
if ($_POST['v_policy_user_edit_dns_templates'] != $_SESSION['POLICY_USER_EDIT_DNS_TEMPLATES']) {
- exec (HESTIA_CMD."v-change-sys-config-value POLICY_USER_EDIT_DNS_TEMPLATES ".escapeshellarg($_POST['v_policy_user_edit_dns_templates']), $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-change-sys-config-value POLICY_USER_EDIT_DNS_TEMPLATES ".escapeshellarg($_POST['v_policy_user_edit_dns_templates']), $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
- if (empty($_SESSION['error_msg'])) $v_policy_user_edit_details = $_POST['v_policy_user_edit_dns_templates'];
+ if (empty($_SESSION['error_msg'])) {
+ $v_policy_user_edit_details = $_POST['v_policy_user_edit_dns_templates'];
+ }
$v_security_adv = 'yes';
}
}
@@ -767,10 +984,12 @@
// Change POLICY_USER_VIEW_LOGS
if (empty($_SESSION['error_msg'])) {
if ($_POST['v_policy_user_view_logs'] != $_SESSION['POLICY_USER_VIEW_LOGS']) {
- exec (HESTIA_CMD."v-change-sys-config-value POLICY_USER_VIEW_LOGS ".escapeshellarg($_POST['v_policy_user_view_logs']), $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-change-sys-config-value POLICY_USER_VIEW_LOGS ".escapeshellarg($_POST['v_policy_user_view_logs']), $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
- if (empty($_SESSION['error_msg'])) $v_policy_user_view_logs = $_POST['v_policy_user_view_logs'];
+ if (empty($_SESSION['error_msg'])) {
+ $v_policy_user_view_logs = $_POST['v_policy_user_view_logs'];
+ }
$v_security_adv = 'yes';
}
}
@@ -778,10 +997,12 @@
// Change POLICY_USER_DELETE_LOGS
if (empty($_SESSION['error_msg'])) {
if ($_POST['v_policy_user_delete_logs'] != $_SESSION['POLICY_USER_DELETE_LOGS']) {
- exec (HESTIA_CMD."v-change-sys-config-value POLICY_USER_DELETE_LOGS ".escapeshellarg($_POST['v_policy_user_delete_logs']), $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-change-sys-config-value POLICY_USER_DELETE_LOGS ".escapeshellarg($_POST['v_policy_user_delete_logs']), $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
- if (empty($_SESSION['error_msg'])) $v_policy_user_delete_logs = $_POST['v_policy_user_delete_logs'];
+ if (empty($_SESSION['error_msg'])) {
+ $v_policy_user_delete_logs = $_POST['v_policy_user_delete_logs'];
+ }
$v_security_adv = 'yes';
}
}
@@ -789,10 +1010,12 @@
// Change POLICY_SYSTEM_PASSWORD_RESET
if (empty($_SESSION['error_msg'])) {
if ($_POST['v_policy_system_password_reset'] != $_SESSION['POLICY_SYSTEM_PASSWORD_RESET']) {
- exec (HESTIA_CMD."v-change-sys-config-value POLICY_SYSTEM_PASSWORD_RESET ".escapeshellarg($_POST['v_policy_system_password_reset']), $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-change-sys-config-value POLICY_SYSTEM_PASSWORD_RESET ".escapeshellarg($_POST['v_policy_system_password_reset']), $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
- if (empty($_SESSION['error_msg'])) $v_policy_system_password_reset = $_POST['v_policy_system_password_reset'];
+ if (empty($_SESSION['error_msg'])) {
+ $v_policy_system_password_reset = $_POST['v_policy_system_password_reset'];
+ }
$v_security_adv = 'yes';
}
}
@@ -800,10 +1023,12 @@
// Change POLICY_SYSTEM_PROTECTED_ADMIN
if (empty($_SESSION['error_msg'])) {
if ($_POST['v_policy_system_protected_admin'] != $_SESSION['POLICY_SYSTEM_PROTECTED_ADMIN']) {
- exec (HESTIA_CMD."v-change-sys-config-value POLICY_SYSTEM_PROTECTED_ADMIN ".escapeshellarg($_POST['v_policy_system_protected_admin']), $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-change-sys-config-value POLICY_SYSTEM_PROTECTED_ADMIN ".escapeshellarg($_POST['v_policy_system_protected_admin']), $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
- if (empty($_SESSION['error_msg'])) $v_policy_system_protected_admin = $_POST['v_policy_system_protected_admin'];
+ if (empty($_SESSION['error_msg'])) {
+ $v_policy_system_protected_admin = $_POST['v_policy_system_protected_admin'];
+ }
$v_security_adv = 'yes';
}
}
@@ -811,37 +1036,48 @@
// Change POLICY_USER_VIEW_SUSPENDED
if (empty($_SESSION['error_msg'])) {
if ($_POST['v_policy_user_view_suspended'] != $_SESSION['POLICY_USER_VIEW_SUSPENDED'] && !empty($_SESSION['POLICY_USER_VIEW_SUSPENDED'])) {
- exec (HESTIA_CMD."v-change-sys-config-value POLICY_USER_VIEW_SUSPENDED ".escapeshellarg($_POST['v_policy_user_view_suspended']), $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-change-sys-config-value POLICY_USER_VIEW_SUSPENDED ".escapeshellarg($_POST['v_policy_user_view_suspended']), $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
- if (empty($_SESSION['error_msg'])) $v_policy_system_hide_admin = $_POST['v_policy_user_view_suspended'];
+ if (empty($_SESSION['error_msg'])) {
+ $v_policy_system_hide_admin = $_POST['v_policy_user_view_suspended'];
+ }
$v_security_adv = 'yes';
}
}
// Change POLICY_USER_CHANGE_THEME
if (empty($_SESSION['error_msg'])) {
- if ($_POST['v_policy_user_change_theme'] == 'on') { $_POST['v_policy_user_change_theme'] = 'no'; } else { $_POST['v_policy_user_change_theme'] = 'yes'; } {
- if ($_POST['v_policy_user_change_theme'] != $_SESSION['POLICY_USER_CHANGE_THEME']) {
- exec (HESTIA_CMD."v-change-sys-config-value POLICY_USER_CHANGE_THEME ".escapeshellarg($_POST['v_policy_user_change_theme']), $output, $return_var);
- check_return_code($return_var,$output);
- unset($output);
- if ($_POST['v_policy_user_change_theme']) {
- unset ($_SESSION['userTheme']);
- $require_refresh = true;
- }
- if (empty($_SESSION['error_msg'])) $v_policy_user_change_theme = $_POST['v_policy_user_change_theme'];
- }
+ if ($_POST['v_policy_user_change_theme'] == 'on') {
+ $_POST['v_policy_user_change_theme'] = 'no';
+ } else {
+ $_POST['v_policy_user_change_theme'] = 'yes';
}
+ {
+ if ($_POST['v_policy_user_change_theme'] != $_SESSION['POLICY_USER_CHANGE_THEME']) {
+ exec(HESTIA_CMD."v-change-sys-config-value POLICY_USER_CHANGE_THEME ".escapeshellarg($_POST['v_policy_user_change_theme']), $output, $return_var);
+ check_return_code($return_var, $output);
+ unset($output);
+ if ($_POST['v_policy_user_change_theme']) {
+ unset($_SESSION['userTheme']);
+ $require_refresh = true;
+ }
+ if (empty($_SESSION['error_msg'])) {
+ $v_policy_user_change_theme = $_POST['v_policy_user_change_theme'];
+ }
+ }
+ }
}
// Change POLICY_SYSTEM_HIDE_ADMIN
if (empty($_SESSION['error_msg'])) {
if ($_POST['v_policy_system_hide_admin'] != $_SESSION['POLICY_SYSTEM_HIDE_ADMIN']) {
- exec (HESTIA_CMD."v-change-sys-config-value POLICY_SYSTEM_HIDE_ADMIN ".escapeshellarg($_POST['v_policy_system_hide_admin']), $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-change-sys-config-value POLICY_SYSTEM_HIDE_ADMIN ".escapeshellarg($_POST['v_policy_system_hide_admin']), $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
- if (empty($_SESSION['error_msg'])) $v_policy_system_hide_admin = $_POST['v_policy_system_hide_admin'];
+ if (empty($_SESSION['error_msg'])) {
+ $v_policy_system_hide_admin = $_POST['v_policy_system_hide_admin'];
+ }
$v_security_adv = 'yes';
}
}
@@ -850,10 +1086,12 @@
// Change POLICY_SYSTEM_HIDE_SERVICES
if (empty($_SESSION['error_msg'])) {
if ($_POST['v_policy_system_hide_services'] != $_SESSION['POLICY_SYSTEM_HIDE_SERVICES']) {
- exec (HESTIA_CMD."v-change-sys-config-value POLICY_SYSTEM_HIDE_SERVICES ".escapeshellarg($_POST['v_policy_system_hide_services']), $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-change-sys-config-value POLICY_SYSTEM_HIDE_SERVICES ".escapeshellarg($_POST['v_policy_system_hide_services']), $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
- if (empty($_SESSION['error_msg'])) $v_policy_system_hide_services = $_POST['v_policy_system_hide_services'];
+ if (empty($_SESSION['error_msg'])) {
+ $v_policy_system_hide_services = $_POST['v_policy_system_hide_services'];
+ }
$v_security_adv = 'yes';
}
}
@@ -861,60 +1099,66 @@
// Change login style
if (empty($_SESSION['error_msg'])) {
if ($_POST['v_login_style'] != $_SESSION['LOGIN_STYLE']) {
- exec (HESTIA_CMD."v-change-sys-config-value LOGIN_STYLE ".escapeshellarg($_POST['v_login_style']), $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-change-sys-config-value LOGIN_STYLE ".escapeshellarg($_POST['v_login_style']), $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
- if (empty($_SESSION['error_msg'])) $v_login_style = $_POST['v_login_style'];
+ if (empty($_SESSION['error_msg'])) {
+ $v_login_style = $_POST['v_login_style'];
+ }
$v_security_adv = 'yes';
}
}
-
+
if (empty($_SESSION['error_msg'])) {
if ($_POST['v_api_allowed_ip'] != $_SESSION['API_ALLOWED_IP']) {
$ips = array();
- foreach(explode("\n",$_POST['v_api_allowed_ip']) as $ip){
+ foreach (explode("\n", $_POST['v_api_allowed_ip']) as $ip) {
if ($ip != "allow-all") {
- if(filter_var(trim($ip), FILTER_VALIDATE_IP)){
+ if (filter_var(trim($ip), FILTER_VALIDATE_IP)) {
$ips[] = trim($ip);
}
- }else{
+ } else {
$ips[] = trim($ip);
}
}
- if(implode(',',$ips) != $_SESSION['API_ALLOWED_IP']){
- exec (HESTIA_CMD."v-change-sys-config-value API_ALLOWED_IP ".escapeshellarg(implode(',',$ips)), $output, $return_var);
- check_return_code($return_var,$output);
- unset($output);
- if (empty($_SESSION['error_msg'])) $v_login_style = $_POST['v_api_allowed_ip'];
+ if (implode(',', $ips) != $_SESSION['API_ALLOWED_IP']) {
+ exec(HESTIA_CMD."v-change-sys-config-value API_ALLOWED_IP ".escapeshellarg(implode(',', $ips)), $output, $return_var);
+ check_return_code($return_var, $output);
+ unset($output);
+ if (empty($_SESSION['error_msg'])) {
+ $v_login_style = $_POST['v_api_allowed_ip'];
+ }
$v_security_adv = 'yes';
}
}
}
-
+
if (empty($_SESSION['error_msg'])) {
if ($_POST['v_api'] != $_SESSION['API']) {
$api_status = 'disable';
- if ($_POST['v_api'] == 'yes'){
+ if ($_POST['v_api'] == 'yes') {
$api_status = 'enable';
}
- exec (HESTIA_CMD."v-change-sys-api ".escapeshellarg($api_status), $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-change-sys-api ".escapeshellarg($api_status), $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
- if (empty($_SESSION['error_msg'])) $v_login_style = $_POST['v_api'];
+ if (empty($_SESSION['error_msg'])) {
+ $v_login_style = $_POST['v_api'];
+ }
$v_security_adv = 'yes';
}
}
// Update SSL certificate
if ((!empty($_POST['v_ssl_crt'])) && (empty($_SESSION['error_msg']))) {
- if (($v_ssl_crt != str_replace("\r\n", "\n", $_POST['v_ssl_crt'])) || ($v_ssl_key != str_replace("\r\n", "\n", $_POST['v_ssl_key']))) {
- exec ('mktemp -d', $mktemp_output, $return_var);
+ if (($v_ssl_crt != str_replace("\r\n", "\n", $_POST['v_ssl_crt'])) || ($v_ssl_key != str_replace("\r\n", "\n", $_POST['v_ssl_key']))) {
+ exec('mktemp -d', $mktemp_output, $return_var);
$tmpdir = $mktemp_output[0];
// Certificate
if (!empty($_POST['v_ssl_crt'])) {
$fp = fopen($tmpdir."/certificate.crt", 'w');
- fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_crt']));
+ fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_crt']));
fwrite($fp, "\n");
fclose($fp);
}
@@ -927,12 +1171,12 @@
fclose($fp);
}
- exec (HESTIA_CMD."v-change-sys-hestia-ssl ".$tmpdir, $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-change-sys-hestia-ssl ".$tmpdir, $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
// List ssl certificate info
- exec (HESTIA_CMD."v-list-sys-hestia-ssl json", $output, $return_var);
+ exec(HESTIA_CMD."v-list-sys-hestia-ssl json", $output, $return_var);
$ssl_str = json_decode(implode('', $output), true);
unset($output);
$v_ssl_crt = $ssl_str['HESTIA']['CRT'];
@@ -947,8 +1191,12 @@
$v_ssl_issuer = $ssl_str['HESTIA']['ISSUER'];
// Cleanup certificate tempfiles
- if (file_exists($tmpdir . '/certificate.crt')) unlink($tmpdir . '/certificate.crt');
- if (file_exists($tmpdir . '/certificate.key')) unlink($tmpdir . '/certificate.key');
+ if (file_exists($tmpdir . '/certificate.crt')) {
+ unlink($tmpdir . '/certificate.crt');
+ }
+ if (file_exists($tmpdir . '/certificate.key')) {
+ unlink($tmpdir . '/certificate.key');
+ }
rmdir($tmpdir);
}
}
@@ -957,16 +1205,16 @@
if (empty($_SESSION['error_msg'])) {
$_SESSION['ok_msg'] = _('Changes has been saved.');
}
- if ($require_refresh == true){
+ if ($require_refresh == true) {
$refresh = $_SERVER['REQUEST_URI'];
$_SESSION['ok_msg'] = _('Changes has been saved.');
header("Location: $refresh");
die();
}
}
-
+
// Check system configuration
-exec (HESTIA_CMD . "v-list-sys-config json", $output, $return_var);
+exec(HESTIA_CMD . "v-list-sys-config json", $output, $return_var);
$data = json_decode(implode('', $output), true);
unset($output);
diff --git a/web/edit/server/mariadb/index.php b/web/edit/server/mariadb/index.php
index 5eb4975bcc..9b21d8745d 100644
--- a/web/edit/server/mariadb/index.php
+++ b/web/edit/server/mariadb/index.php
@@ -1,12 +1,13 @@
$error) {
- if ( $i == 0 ) {
+ if ($i == 0) {
$error_msg = $error;
} else {
$error_msg = $error_msg.", ".$error;
}
}
- $_SESSION['error_msg'] = _('Field "%s" can not be blank.',$error_msg);
+ $_SESSION['error_msg'] = _('Field "%s" can not be blank.', $error_msg);
} else {
- exec ('mktemp -d', $mktemp_output, $return_var);
+ exec('mktemp -d', $mktemp_output, $return_var);
$tmpdir = $mktemp_output[0];
// Certificate
@@ -565,14 +584,14 @@
fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_ca']));
fclose($fp);
}
- exec (HESTIA_CMD."v-add-web-domain-ssl ".$user." ".escapeshellarg($v_domain)." ".$tmpdir." ".$v_ssl_home." 'no'", $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-add-web-domain-ssl ".$user." ".escapeshellarg($v_domain)." ".$tmpdir." ".$v_ssl_home." 'no'", $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
$v_ssl = 'yes';
$restart_web = 'yes';
$restart_proxy = 'yes';
- exec (HESTIA_CMD."v-list-web-domain-ssl ".$user." ".escapeshellarg($v_domain)." json", $output, $return_var);
+ exec(HESTIA_CMD."v-list-web-domain-ssl ".$user." ".escapeshellarg($v_domain)." json", $output, $return_var);
$ssl_str = json_decode(implode('', $output), true);
unset($output);
$v_ssl_crt = $ssl_str[$v_domain]['CRT'];
@@ -587,17 +606,23 @@
$v_ssl_issuer = $ssl_str[$v_domain]['ISSUER'];
// Cleanup certificate tempfiles
- if (!empty($_POST['v_ssl_crt'])) unlink($tmpdir."/".$v_domain.".crt");
- if (!empty($_POST['v_ssl_key'])) unlink($tmpdir."/".$v_domain.".key");
- if (!empty($_POST['v_ssl_ca'])) unlink($tmpdir."/".$v_domain.".ca");
+ if (!empty($_POST['v_ssl_crt'])) {
+ unlink($tmpdir."/".$v_domain.".crt");
+ }
+ if (!empty($_POST['v_ssl_key'])) {
+ unlink($tmpdir."/".$v_domain.".key");
+ }
+ if (!empty($_POST['v_ssl_ca'])) {
+ unlink($tmpdir."/".$v_domain.".ca");
+ }
rmdir($tmpdir);
}
}
-
+
// Add Force SSL
if ((!empty($_POST['v_ssl_forcessl'])) && (!empty($_POST['v_ssl'])) && (empty($_SESSION['error_msg']))) {
- exec (HESTIA_CMD."v-add-web-domain-ssl-force ".$user." ".escapeshellarg($v_domain), $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-add-web-domain-ssl-force ".$user." ".escapeshellarg($v_domain), $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
$v_ssl_forcessl = 'yes';
$restart_web = 'yes';
@@ -606,18 +631,18 @@
// Add SSL HSTS
if ((!empty($_POST['v_ssl_hsts'])) && (!empty($_POST['v_ssl'])) && (empty($_SESSION['error_msg']))) {
- exec (HESTIA_CMD."v-add-web-domain-ssl-hsts ".$user." ".escapeshellarg($v_domain), $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-add-web-domain-ssl-hsts ".$user." ".escapeshellarg($v_domain), $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
$v_ssl_hsts = 'yes';
$restart_web = 'yes';
$restart_proxy = 'yes';
}
-
+
// Delete Force SSL
- if (( $v_ssl_forcessl == 'yes' ) && (empty($_POST['v_ssl_forcessl'])) && (empty($_SESSION['error_msg']))) {
- exec (HESTIA_CMD."v-delete-web-domain-ssl-force ".$user." ".escapeshellarg($v_domain), $output, $return_var);
- check_return_code($return_var,$output);
+ if (($v_ssl_forcessl == 'yes') && (empty($_POST['v_ssl_forcessl'])) && (empty($_SESSION['error_msg']))) {
+ exec(HESTIA_CMD."v-delete-web-domain-ssl-force ".$user." ".escapeshellarg($v_domain), $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
$v_ssl_forcessl = 'no';
$restart_web = 'yes';
@@ -625,9 +650,9 @@
}
// Delete SSL HSTS
- if (( $v_ssl_hsts == 'yes' ) && (empty($_POST['v_ssl_hsts'])) && (empty($_SESSION['error_msg']))) {
- exec (HESTIA_CMD."v-delete-web-domain-ssl-hsts ".$user." ".escapeshellarg($v_domain), $output, $return_var);
- check_return_code($return_var,$output);
+ if (($v_ssl_hsts == 'yes') && (empty($_POST['v_ssl_hsts'])) && (empty($_SESSION['error_msg']))) {
+ exec(HESTIA_CMD."v-delete-web-domain-ssl-hsts ".$user." ".escapeshellarg($v_domain), $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
$v_ssl_hsts = 'no';
$restart_web = 'yes';
@@ -636,8 +661,8 @@
// Delete web stats
if ((!empty($v_stats)) && ($_POST['v_stats'] == 'none') && (empty($_SESSION['error_msg']))) {
- exec (HESTIA_CMD."v-delete-web-domain-stats ".$v_username." ".escapeshellarg($v_domain), $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-delete-web-domain-stats ".$v_username." ".escapeshellarg($v_domain), $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
$v_stats = '';
}
@@ -645,23 +670,23 @@
// Change web stats engine
if ((!empty($v_stats)) && ($_POST['v_stats'] != $v_stats) && (empty($_SESSION['error_msg']))) {
$v_stats = escapeshellarg($_POST['v_stats']);
- exec (HESTIA_CMD."v-change-web-domain-stats ".$v_username." ".escapeshellarg($v_domain)." ".$v_stats, $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-change-web-domain-stats ".$v_username." ".escapeshellarg($v_domain)." ".$v_stats, $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
}
// Add web stats
if ((empty($v_stats)) && ($_POST['v_stats'] != 'none') && (empty($_SESSION['error_msg']))) {
$v_stats = escapeshellarg($_POST['v_stats']);
- exec (HESTIA_CMD."v-add-web-domain-stats ".$v_username." ".escapeshellarg($v_domain)." ".$v_stats, $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-add-web-domain-stats ".$v_username." ".escapeshellarg($v_domain)." ".$v_stats, $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
}
// Delete web stats authorization
if ((!empty($v_stats_user)) && (empty($_POST['v_stats_auth'])) && (empty($_SESSION['error_msg']))) {
- exec (HESTIA_CMD."v-delete-web-domain-stats-user ".$v_username." ".escapeshellarg($v_domain), $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-delete-web-domain-stats-user ".$v_username." ".escapeshellarg($v_domain), $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
$v_stats_user = '';
$v_stats_password = '';
@@ -669,24 +694,26 @@
// Change web stats user or password
if ((empty($v_stats_user)) && (!empty($_POST['v_stats_auth'])) && (empty($_SESSION['error_msg']))) {
- if (empty($_POST['v_stats_user'])) $errors[] = _('stats username');
+ if (empty($_POST['v_stats_user'])) {
+ $errors[] = _('stats username');
+ }
if (!empty($errors[0])) {
foreach ($errors as $i => $error) {
- if ( $i == 0 ) {
+ if ($i == 0) {
$error_msg = $error;
} else {
$error_msg = $error_msg.", ".$error;
}
}
- $_SESSION['error_msg'] = _('Field "%s" can not be blank.',$error_msg);
+ $_SESSION['error_msg'] = _('Field "%s" can not be blank.', $error_msg);
} else {
$v_stats_user = escapeshellarg($_POST['v_stats_user']);
- $v_stats_password = tempnam("/tmp","vst");
+ $v_stats_password = tempnam("/tmp", "vst");
$fp = fopen($v_stats_password, "w");
fwrite($fp, $_POST['v_stats_password']."\n");
fclose($fp);
- exec (HESTIA_CMD."v-add-web-domain-stats-user ".$v_username." ".escapeshellarg($v_domain)." ".$v_stats_user." ".$v_stats_password, $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-add-web-domain-stats-user ".$v_username." ".escapeshellarg($v_domain)." ".$v_stats_user." ".$v_stats_password, $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
unlink($v_stats_password);
$v_stats_password = escapeshellarg($_POST['v_stats_password']);
@@ -695,25 +722,27 @@
// Add web stats authorization
if ((!empty($v_stats_user)) && (!empty($_POST['v_stats_auth'])) && (empty($_SESSION['error_msg']))) {
- if (empty($_POST['v_stats_user'])) $errors[] = _('stats user');
+ if (empty($_POST['v_stats_user'])) {
+ $errors[] = _('stats user');
+ }
if (!empty($errors[0])) {
foreach ($errors as $i => $error) {
- if ( $i == 0 ) {
+ if ($i == 0) {
$error_msg = $error;
} else {
$error_msg = $error_msg.", ".$error;
}
}
- $_SESSION['error_msg'] = _('Field "%s" can not be blank.',$error_msg);
+ $_SESSION['error_msg'] = _('Field "%s" can not be blank.', $error_msg);
}
if (($v_stats_user != $_POST['v_stats_user']) || (!empty($_POST['v_stats_password'])) && (empty($_SESSION['error_msg']))) {
$v_stats_user = escapeshellarg($_POST['v_stats_user']);
- $v_stats_password = tempnam("/tmp","vst");
+ $v_stats_password = tempnam("/tmp", "vst");
$fp = fopen($v_stats_password, "w");
fwrite($fp, $_POST['v_stats_password']."\n");
fclose($fp);
- exec (HESTIA_CMD."v-add-web-domain-stats-user ".$v_username." ".escapeshellarg($v_domain)." ".$v_stats_user." ".$v_stats_password, $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-add-web-domain-stats-user ".$v_username." ".escapeshellarg($v_domain)." ".$v_stats_user." ".$v_stats_password, $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
unlink($v_stats_password);
$v_stats_password = escapeshellarg($_POST['v_stats_password']);
@@ -730,17 +759,21 @@
$v_ftp_user_data['v_ftp_user'] = preg_replace("/^".$user."_/i", "", $v_ftp_user_data['v_ftp_user']);
if ($v_ftp_user_data['is_new'] == 1 && !empty($_POST['v_ftp'])) {
- if ((!empty($v_ftp_user_data['v_ftp_email'])) && (!filter_var($v_ftp_user_data['v_ftp_email'], FILTER_VALIDATE_EMAIL))) $_SESSION['error_msg'] = _('Please enter valid email address.');
- if (empty($v_ftp_user_data['v_ftp_user'])) $errors[] = 'ftp user';
+ if ((!empty($v_ftp_user_data['v_ftp_email'])) && (!filter_var($v_ftp_user_data['v_ftp_email'], FILTER_VALIDATE_EMAIL))) {
+ $_SESSION['error_msg'] = _('Please enter valid email address.');
+ }
+ if (empty($v_ftp_user_data['v_ftp_user'])) {
+ $errors[] = 'ftp user';
+ }
if (!empty($errors[0])) {
foreach ($errors as $i => $error) {
- if ( $i == 0 ) {
+ if ($i == 0) {
$error_msg = $error;
} else {
$error_msg = $error_msg.", ".$error;
}
}
- $_SESSION['error_msg'] = _('Field "%s" can not be blank.',$error_msg);
+ $_SESSION['error_msg'] = _('Field "%s" can not be blank.', $error_msg);
}
// Add ftp account
@@ -749,19 +782,19 @@
$v_ftp_user = escapeshellarg($v_ftp_username);
$v_ftp_path = escapeshellarg(trim($v_ftp_user_data['v_ftp_path']));
if (empty($_SESSION['error_msg'])) {
- $v_ftp_password = tempnam("/tmp","vst");
+ $v_ftp_password = tempnam("/tmp", "vst");
$fp = fopen($v_ftp_password, "w");
fwrite($fp, $v_ftp_user_data['v_ftp_password']."\n");
fclose($fp);
- exec (HESTIA_CMD."v-add-web-domain-ftp ".$v_username." ".escapeshellarg($v_domain)." ".$v_ftp_user." ".$v_ftp_password . " " . $v_ftp_path, $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-add-web-domain-ftp ".$v_username." ".escapeshellarg($v_domain)." ".$v_ftp_user." ".$v_ftp_password . " " . $v_ftp_path, $output, $return_var);
+ check_return_code($return_var, $output);
if ((!empty($v_ftp_user_data['v_ftp_email'])) && (empty($_SESSION['error_msg']))) {
$to = $v_ftp_user_data['v_ftp_email'];
$subject = _("FTP login credentials");
$hostname = exec('hostname');
$from = "noreply@".$hostname;
$from_name = _('Hestia Control Panel');
- $mailtext = sprintf(_('FTP_ACCOUNT_READY'),escapeshellarg($_GET['domain']),$user,$v_ftp_username,$v_ftp_user_data['v_ftp_password']);
+ $mailtext = sprintf(_('FTP_ACCOUNT_READY'), escapeshellarg($_GET['domain']), $user, $v_ftp_username, $v_ftp_user_data['v_ftp_password']);
send_email($to, $subject, $mailtext, $from, $from_name);
unset($v_ftp_email);
}
@@ -773,8 +806,7 @@
if ($return_var == 0) {
$v_ftp_password = "";
$v_ftp_user_data['is_new'] = 0;
- }
- else {
+ } else {
$v_ftp_user_data['is_new'] = 1;
}
@@ -793,42 +825,44 @@
// Delete FTP account
if ($v_ftp_user_data['delete'] == 1) {
$v_ftp_username = $user . '_' . $v_ftp_user_data['v_ftp_user'];
- exec (HESTIA_CMD."v-delete-web-domain-ftp ".$v_username." ".escapeshellarg($v_domain)." ".$v_ftp_username, $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-delete-web-domain-ftp ".$v_username." ".escapeshellarg($v_domain)." ".$v_ftp_username, $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
continue;
}
if (!empty($_POST['v_ftp'])) {
- if (empty($v_ftp_user_data['v_ftp_user'])) $errors[] = _('ftp user');
+ if (empty($v_ftp_user_data['v_ftp_user'])) {
+ $errors[] = _('ftp user');
+ }
if (!empty($errors[0])) {
foreach ($errors as $i => $error) {
- if ( $i == 0 ) {
+ if ($i == 0) {
$error_msg = $error;
} else {
$error_msg = $error_msg.", ".$error;
}
}
- $_SESSION['error_msg'] = _('Field "%s" can not be blank.',$error_msg);
+ $_SESSION['error_msg'] = _('Field "%s" can not be blank.', $error_msg);
}
// Change FTP account path
$v_ftp_username_for_emailing = $v_ftp_user_data['v_ftp_user'];
$v_ftp_username = $user . '_' . $v_ftp_user_data['v_ftp_user']; //preg_replace("/^".$user."_/", "", $v_ftp_user_data['v_ftp_user']);
$v_ftp_username = escapeshellarg($v_ftp_username);
- $v_ftp_path = escapeshellarg(trim($v_ftp_user_data['v_ftp_path']));
- if(escapeshellarg(trim($v_ftp_user_data['v_ftp_path_prev'])) != $v_ftp_path) {
- exec (HESTIA_CMD."v-change-web-domain-ftp-path ".$v_username." ".escapeshellarg($v_domain)." ".$v_ftp_username." ".$v_ftp_path, $output, $return_var);
- }
+ $v_ftp_path = escapeshellarg(trim($v_ftp_user_data['v_ftp_path']));
+ if (escapeshellarg(trim($v_ftp_user_data['v_ftp_path_prev'])) != $v_ftp_path) {
+ exec(HESTIA_CMD."v-change-web-domain-ftp-path ".$v_username." ".escapeshellarg($v_domain)." ".$v_ftp_username." ".$v_ftp_path, $output, $return_var);
+ }
// Change FTP account password
if (!empty($v_ftp_user_data['v_ftp_password'])) {
- $v_ftp_password = tempnam("/tmp","vst");
+ $v_ftp_password = tempnam("/tmp", "vst");
$fp = fopen($v_ftp_password, "w");
fwrite($fp, $v_ftp_user_data['v_ftp_password']."\n");
fclose($fp);
- exec (HESTIA_CMD."v-change-web-domain-ftp-password ".$v_username." ".escapeshellarg($v_domain)." ".$v_ftp_username." ".$v_ftp_password, $output, $return_var);
+ exec(HESTIA_CMD."v-change-web-domain-ftp-password ".$v_username." ".escapeshellarg($v_domain)." ".$v_ftp_username." ".$v_ftp_password, $output, $return_var);
unlink($v_ftp_password);
$to = $v_ftp_user_data['v_ftp_email'];
@@ -836,7 +870,7 @@
$hostname = exec('hostname');
$from = "noreply@".$hostname;
$from_name = _('Hestia Control Panel');
- $mailtext = _('FTP_ACCOUNT_READY',escapeshellarg($_GET['domain']),$user,$v_ftp_username_for_emailing,$v_ftp_user_data['v_ftp_password']);
+ $mailtext = _('FTP_ACCOUNT_READY', escapeshellarg($_GET['domain']), $user, $v_ftp_username_for_emailing, $v_ftp_user_data['v_ftp_password']);
send_email($to, $subject, $mailtext, $from, $from_name);
unset($v_ftp_email);
}
@@ -854,92 +888,89 @@
}
}
}
- //custom docoot with check box disabled
- if( !empty($v_custom_doc_root) && empty($_POST['v_custom_doc_root_check']) ){
- exec(HESTIA_CMD."v-change-web-domain-docroot ".$v_username." ".escapeshellarg($v_domain)." default", $output, $return_var);
- check_return_code($return_var,$output);
- unset($output);
+ //custom docoot with check box disabled
+ if (!empty($v_custom_doc_root) && empty($_POST['v_custom_doc_root_check'])) {
+ exec(HESTIA_CMD."v-change-web-domain-docroot ".$v_username." ".escapeshellarg($v_domain)." default", $output, $return_var);
+ check_return_code($return_var, $output);
+ unset($output);
unset($_POST['v-custom-doc-domain'], $_POST['v-custom-doc-folder']);
$restart_web = 'yes';
- $restart_proxy = 'yes';
+ $restart_proxy = 'yes';
}
- if ( !empty($_POST['v-custom-doc-domain']) && !empty($_POST['v_custom_doc_root_check']) && $v_custom_doc_root_prepath.$v_custom_doc_domain.'/public_html'.$v_custom_doc_folder != $v_custom_doc_root){
- if($_POST['v-custom-doc-domain'] == $v_domain && empty($_POST['v-custom-doc-folder'])){
- exec(HESTIA_CMD."v-change-web-domain-docroot ".$v_username." ".escapeshellarg($v_domain)." default", $output, $return_var);
- check_return_code($return_var,$output);
- unset($output);
- }else{
- $v_custom_doc_folder = escapeshellarg(rtrim($_POST['v-custom-doc-folder'],'/'));
+ if (!empty($_POST['v-custom-doc-domain']) && !empty($_POST['v_custom_doc_root_check']) && $v_custom_doc_root_prepath.$v_custom_doc_domain.'/public_html'.$v_custom_doc_folder != $v_custom_doc_root) {
+ if ($_POST['v-custom-doc-domain'] == $v_domain && empty($_POST['v-custom-doc-folder'])) {
+ exec(HESTIA_CMD."v-change-web-domain-docroot ".$v_username." ".escapeshellarg($v_domain)." default", $output, $return_var);
+ check_return_code($return_var, $output);
+ unset($output);
+ } else {
+ $v_custom_doc_folder = escapeshellarg(rtrim($_POST['v-custom-doc-folder'], '/'));
$v_custom_doc_domain = escapeshellarg($_POST['v-custom-doc-domain']);
-
- exec(HESTIA_CMD."v-change-web-domain-docroot ".$v_username." ".escapeshellarg($v_domain)." ".$v_custom_doc_domain." ".$v_custom_doc_folder ." yes", $output, $return_var);
- check_return_code($return_var,$output);
- unset($output);
- $v_custom_doc_root = 1;
-
+
+ exec(HESTIA_CMD."v-change-web-domain-docroot ".$v_username." ".escapeshellarg($v_domain)." ".$v_custom_doc_domain." ".$v_custom_doc_folder ." yes", $output, $return_var);
+ check_return_code($return_var, $output);
+ unset($output);
+ $v_custom_doc_root = 1;
}
$restart_web = 'yes';
$restart_proxy = 'yes';
- }else{
+ } else {
unset($v_custom_doc_root);
- }
-
- if ( !empty($v_redirect) && empty($_POST['v-redirect-checkbox']) ) {
- exec(HESTIA_CMD."v-delete-web-domain-redirect ".$v_username." ".escapeshellarg($v_domain), $output, $return_var);
- check_return_code($return_var,$output);
- unset($output);
+ }
+
+ if (!empty($v_redirect) && empty($_POST['v-redirect-checkbox'])) {
+ exec(HESTIA_CMD."v-delete-web-domain-redirect ".$v_username." ".escapeshellarg($v_domain), $output, $return_var);
+ check_return_code($return_var, $output);
+ unset($output);
unset($_POST['v-redirect']);
$restart_web = 'yes';
$restart_proxy = 'yes';
}
-
- if (!empty($_POST['v-redirect']) && !empty($_POST['v-redirect-checkbox']) ){
- if (empty($v_redirect)){
- if ($_POST['v-redirect'] == 'custom' && empty($_POST['v-redirect-custom'])){
- }else{
- if($_POST['v-redirect'] == 'custom'){
+
+ if (!empty($_POST['v-redirect']) && !empty($_POST['v-redirect-checkbox'])) {
+ if (empty($v_redirect)) {
+ if ($_POST['v-redirect'] == 'custom' && empty($_POST['v-redirect-custom'])) {
+ } else {
+ if ($_POST['v-redirect'] == 'custom') {
$_POST['v-redirect'] = $_POST['v-redirect-custom'];
}
- exec(HESTIA_CMD."v-add-web-domain-redirect ".$v_username." ".escapeshellarg($v_domain)." ".escapeshellarg($_POST['v-redirect'])." ".escapeshellarg($_POST['v-redirect-code']), $output, $return_var);
- check_return_code($return_var,$output);
- unset($output);
- $restart_web = 'yes';
- $restart_proxy = 'yes';
+ exec(HESTIA_CMD."v-add-web-domain-redirect ".$v_username." ".escapeshellarg($v_domain)." ".escapeshellarg($_POST['v-redirect'])." ".escapeshellarg($_POST['v-redirect-code']), $output, $return_var);
+ check_return_code($return_var, $output);
+ unset($output);
+ $restart_web = 'yes';
+ $restart_proxy = 'yes';
+ }
+ } else {
+ if ($_POST['v-redirect'] == 'custom') {
+ $_POST['v-redirect'] = $_POST['v-redirect-custom'];
+ }
+ if ($_POST['v-redirect'] != $v_redirect || $_POST['v-redirect-code'] != $v_redirect_code) {
+ exec(HESTIA_CMD."v-add-web-domain-redirect ".$v_username." ".escapeshellarg($v_domain)." ".escapeshellarg($_POST['v-redirect'])." ".escapeshellarg($_POST['v-redirect-code']), $output, $return_var);
+ check_return_code($return_var, $output);
+ unset($output);
+ $restart_web = 'yes';
+ $restart_proxy = 'yes';
}
-
- }else {
- if ($_POST['v-redirect'] == 'custom') {
- $_POST['v-redirect'] = $_POST['v-redirect-custom'];
- }
- if ( $_POST['v-redirect'] != $v_redirect || $_POST['v-redirect-code'] != $v_redirect_code ) {
- exec(HESTIA_CMD."v-add-web-domain-redirect ".$v_username." ".escapeshellarg($v_domain)." ".escapeshellarg($_POST['v-redirect'])." ".escapeshellarg($_POST['v-redirect-code']), $output, $return_var);
- check_return_code($return_var,$output);
- unset($output);
- $restart_web = 'yes';
- $restart_proxy = 'yes';
- }
}
-
}
// Restart web server
if (!empty($restart_web) && (empty($_SESSION['error_msg']))) {
- exec (HESTIA_CMD."v-restart-web", $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-restart-web", $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
}
// Restart proxy server
if ((!empty($_SESSION['PROXY_SYSTEM'])) && !empty($restart_proxy) && (empty($_SESSION['error_msg']))) {
- exec (HESTIA_CMD."v-restart-proxy", $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-restart-proxy", $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
}
// Restart dns server
if (!empty($restart_dns) && (empty($_SESSION['error_msg']))) {
- exec (HESTIA_CMD."v-restart-dns", $output, $return_var);
- check_return_code($return_var,$output);
+ exec(HESTIA_CMD."v-restart-dns", $output, $return_var);
+ check_return_code($return_var, $output);
unset($output);
}
@@ -949,7 +980,6 @@
header("Location: /edit/web/?domain=" . $v_domain);
exit();
}
-
}
diff --git a/web/generate/ssl/index.php b/web/generate/ssl/index.php
index 3ff577d9a9..dcf0d5eb1e 100644
--- a/web/generate/ssl/index.php
+++ b/web/generate/ssl/index.php
@@ -1,5 +1,6 @@
$error) {
- if ( $i == 0 ) {
+ if ($i == 0) {
$error_msg = $error;
} else {
$error_msg = $error_msg.", ".$error;
}
}
- $_SESSION['error_msg'] = sprintf(_('Field "%s" can not be blank.'),$error_msg);
+ $_SESSION['error_msg'] = sprintf(_('Field "%s" can not be blank.'), $error_msg);
render_page($user, $TAB, 'generate_ssl');
unset($_SESSION['error_msg']);
exit;
@@ -66,7 +74,7 @@
$v_domain = escapeshellarg($_POST['v_domain']);
$waliases = preg_replace("/\n/", " ", $_POST['v_aliases']);
$waliases = preg_replace("/,/", " ", $waliases);
-$waliases = preg_replace('/\s+/', ' ',$waliases);
+$waliases = preg_replace('/\s+/', ' ', $waliases);
$waliases = trim($waliases);
$aliases = explode(" ", $waliases);
$v_aliases = escapeshellarg(str_replace(' ', "\n", $waliases));
@@ -77,7 +85,7 @@
$v_locality = escapeshellarg($_POST['v_locality']);
$v_org = escapeshellarg($_POST['v_org']);
-exec (HESTIA_CMD."v-generate-ssl-cert ".$v_domain." ".$v_email." ".$v_country." ".$v_state." ".$v_locality." ".$v_org." IT '".$v_aliases."' json", $output, $return_var);
+exec(HESTIA_CMD."v-generate-ssl-cert ".$v_domain." ".$v_email." ".$v_country." ".$v_state." ".$v_locality." ".$v_org." IT '".$v_aliases."' json", $output, $return_var);
// Revert to raw values
$v_domain = $_POST['v_domain'];
$v_email = $_POST['v_email'];
@@ -89,7 +97,9 @@
// Check return code
if ($return_var != 0) {
$error = implode('
', $output);
- if (empty($error)) $error = sprintf(_('Error code:'),$return_var);
+ if (empty($error)) {
+ $error = sprintf(_('Error code:'), $return_var);
+ }
$_SESSION['error_msg'] = $error;
render_page($user, $TAB, 'generate_ssl');
unset($_SESSION['error_msg']);
diff --git a/web/inc/main.php b/web/inc/main.php
index 87f0ec352d..78874d856d 100644
--- a/web/inc/main.php
+++ b/web/inc/main.php
@@ -11,9 +11,9 @@
define('HESTIA_CMD', '/usr/bin/sudo /usr/local/hestia/bin/');
if ($_SESSION['RELEASE_BRANCH'] == 'release' && $_SESSION['DEBUG_MODE'] == 'false') {
- define('JS_LATEST_UPDATE','v=' . $_SESSION['VERSION']);
-}else{
- define('JS_LATEST_UPDATE','r=' . time());
+ define('JS_LATEST_UPDATE', 'v=' . $_SESSION['VERSION']);
+} else {
+ define('JS_LATEST_UPDATE', 'r=' . time());
}
define('DEFAULT_PHP_VERSION', 'php-' . exec('php -r "echo (float)phpversion();"'));
@@ -22,7 +22,8 @@
require_once(dirname(__FILE__) . '/prevent_csrf.php');
-function destroy_sessions(){
+function destroy_sessions()
+{
unset($_SESSION);
session_unset();
session_destroy();
@@ -50,7 +51,7 @@ function destroy_sessions(){
}
if (isset($_SERVER['HTTP_CF_CONNECTING_IP'])) {
if (!empty($_SERVER['HTTP_CF_CONNECTING_IP'])) {
- $user_combined_ip = $_SERVER['HTTP_CF_CONNECTING_IP'];
+ $user_combined_ip = $_SERVER['HTTP_CF_CONNECTING_IP'];
}
}
@@ -59,7 +60,7 @@ function destroy_sessions(){
}
// Checking user to use session from the same IP he has been logged in
-if ($_SESSION['user_combined_ip'] != $user_combined_ip && $_SERVER['REMOTE_ADDR'] != '127.0.0.1'){
+if ($_SESSION['user_combined_ip'] != $user_combined_ip && $_SERVER['REMOTE_ADDR'] != '127.0.0.1') {
$v_user = escapeshellarg($_SESSION['user']);
$v_session_id = escapeshellarg($_SESSION['token']);
exec(HESTIA_CMD . 'v-log-user-logout ' . $v_user . ' ' . $v_session_id, $output, $return_var);
@@ -85,14 +86,14 @@ function destroy_sessions(){
// Generate CSRF Token
if (isset($_SESSION['user'])) {
- if (!isset($_SESSION['token'])){
+ if (!isset($_SESSION['token'])) {
$token = bin2hex(file_get_contents('/dev/urandom', false, null, 0, 16));
$_SESSION['token'] = $token;
}
}
-if (!defined('NO_AUTH_REQUIRED')){
- if (empty($_SESSION['LAST_ACTIVITY']) || empty($_SESSION['INACTIVE_SESSION_TIMEOUT'])){
+if (!defined('NO_AUTH_REQUIRED')) {
+ if (empty($_SESSION['LAST_ACTIVITY']) || empty($_SESSION['INACTIVE_SESSION_TIMEOUT'])) {
destroy_sessions();
header('Location: /login/');
} elseif ($_SESSION['INACTIVE_SESSION_TIMEOUT'] * 60 + $_SESSION['LAST_ACTIVITY'] < time()) {
@@ -117,22 +118,27 @@ function destroy_sessions(){
require_once(dirname(__FILE__) . '/i18n.php');
-function check_error($return_var) {
- if ( $return_var > 0 ) {
+function check_error($return_var)
+{
+ if ($return_var > 0) {
header('Location: /error/');
exit;
}
}
-function check_return_code($return_var,$output) {
+function check_return_code($return_var, $output)
+{
if ($return_var != 0) {
$error = implode('
', $output);
- if (empty($error)) $error = sprintf(_('Error code:'), $return_var);
+ if (empty($error)) {
+ $error = sprintf(_('Error code:'), $return_var);
+ }
$_SESSION['error_msg'] = $error;
}
}
-function render_page($user, $TAB, $page) {
+function render_page($user, $TAB, $page)
+{
$__template_dir = dirname(__DIR__) . '/templates/';
$__pages_js_dir = dirname(__DIR__) . '/js/pages/';
@@ -155,18 +161,37 @@ function render_page($user, $TAB, $page) {
// Including common js files
@include_once(dirname(__DIR__) . '/templates/includes/end_js.html');
// Including page specific js file
- if(file_exists($__pages_js_dir . $page . '.js'))
- echo '';
+ if (file_exists($__pages_js_dir . $page . '.js')) {
+ echo '';
+ }
// Footer
include($__template_dir . 'footer.html');
}
-function top_panel($user, $TAB) {
+// Match $_SESSION['token'] against $_GET['token'] or $_POST['token']
+// Usage: verify_csrf($_POST) or verify_csrf($_GET); Use verify_csrf($_POST,true) to return on failure instead of redirect
+function verify_csrf($method, $return = false)
+{
+ if ($method['token'] !== $_SESSION['token'] || empty($method['token'] || empty($_SESSION['token'])) {
+ if ($return === true) {
+ return false;
+ } else {
+ header('Location: /login/');
+ die();
+ }
+ } else {
+ return true;
+ }
+ }
+}
+
+function top_panel($user, $TAB)
+{
global $panel;
$command = HESTIA_CMD . 'v-list-user ' . escapeshellarg($user) . " 'json'";
- exec ($command, $output, $return_var);
- if ( $return_var > 0 ) {
+ exec($command, $output, $return_var);
+ if ($return_var > 0) {
echo 'ERROR: Unable to retrieve account details.
Please log in again.';
destroy_sessions();
header('Location: /login/');
@@ -189,10 +214,10 @@ function top_panel($user, $TAB) {
}
// Load user's selected theme and do not change it when impersonting user
- if ( (isset($panel[$user]['THEME'])) && (!isset($_SESSION['look']) )) {
+ if ((isset($panel[$user]['THEME'])) && (!isset($_SESSION['look']))) {
$_SESSION['userTheme'] = $panel[$user]['THEME'];
}
-
+
// Unset userTheme override variable if POLICY_USER_CHANGE_THEME is set to no
if ($_SESSION['POLICY_USER_CHANGE_THEME'] === 'no') {
unset($_SESSION['userTheme']);
@@ -202,7 +227,7 @@ function top_panel($user, $TAB) {
if (!isset($_SESSION['look'])) {
$_SESSION['userSortOrder'] = $panel[$user]['PREF_UI_SORT'];
}
-
+
// Set home location URLs
if (($_SESSION['userContext'] === 'admin') && (!isset($_SESSION['look']))) {
// Display users list for administrators unless they are impersonating a user account
@@ -227,18 +252,20 @@ function top_panel($user, $TAB) {
include(dirname(__FILE__) . '/../templates/includes/panel.html');
}
-function translate_date($date){
+function translate_date($date)
+{
$date = strtotime($date);
return strftime('%d ', $date) . _(strftime('%b', $date)) . strftime(' %Y', $date);
}
-function humanize_time($usage) {
- if ( $usage > 60 ) {
+function humanize_time($usage)
+{
+ if ($usage > 60) {
$usage = $usage / 60;
- if ( $usage > 24 ) {
- $usage = $usage / 24;
- $usage = number_format($usage);
- return sprintf(ngettext('%d day', '%d days', $usage), $usage);
+ if ($usage > 24) {
+ $usage = $usage / 24;
+ $usage = number_format($usage);
+ return sprintf(ngettext('%d day', '%d days', $usage), $usage);
} else {
return sprintf(ngettext('%d hour', '%d hours', $usage), $usage);
}
@@ -247,12 +274,13 @@ function humanize_time($usage) {
}
}
-function humanize_usage_size($usage) {
- if ( $usage > 1024 ) {
+function humanize_usage_size($usage)
+{
+ if ($usage > 1024) {
$usage = $usage / 1024;
- if ( $usage > 1024 ) {
+ if ($usage > 1024) {
$usage = $usage / 1024 ;
- if ( $usage > 1024 ) {
+ if ($usage > 1024) {
$usage = $usage / 1024 ;
$usage = number_format($usage, 2);
} else {
@@ -265,13 +293,14 @@ function humanize_usage_size($usage) {
return $usage;
}
-function humanize_usage_measure($usage) {
+function humanize_usage_measure($usage)
+{
$measure = 'kb';
- if ( $usage > 1024 ) {
+ if ($usage > 1024) {
$usage = $usage / 1024;
- if ( $usage > 1024 ) {
- $usage = $usage / 1024 ;
- $measure = ( $usage > 1024 ) ? 'pb' : 'tb';
+ if ($usage > 1024) {
+ $usage = $usage / 1024 ;
+ $measure = ($usage > 1024) ? 'pb' : 'tb';
} else {
$measure = 'gb';
}
@@ -281,25 +310,31 @@ function humanize_usage_measure($usage) {
return $measure;
}
-function get_percentage($used,$total) {
- if (!isset($total)) $total = 0;
- if (!isset($used)) $used = 0;
- if ( $total == 0 ) {
+function get_percentage($used, $total)
+{
+ if (!isset($total)) {
+ $total = 0;
+ }
+ if (!isset($used)) {
+ $used = 0;
+ }
+ if ($total == 0) {
$percent = 0;
} else {
$percent = $used / $total;
$percent = $percent * 100;
$percent = number_format($percent, 0, '', '');
- if ( $percent < 0 ) {
+ if ($percent < 0) {
$percent = 0;
- } elseif ( $percent > 100 ) {
+ } elseif ($percent > 100) {
$percent = 100;
}
}
return $percent;
}
-function send_email($to, $subject, $mailtext, $from, $from_name, $to_name = '') {
+function send_email($to, $subject, $mailtext, $from, $from_name, $to_name = '')
+{
$mail = new PHPMailer();
if (isset($_SESSION['USE_SERVER_SMTP']) && $_SESSION['USE_SERVER_SMTP'] == "true") {
@@ -308,7 +343,7 @@ function send_email($to, $subject, $mailtext, $from, $from_name, $to_name = '')
$mail->IsSMTP();
$mail->Mailer = "smtp";
$mail->SMTPDebug = 0;
- $mail->SMTPAuth = TRUE;
+ $mail->SMTPAuth = true;
$mail->SMTPSecure = $_SESSION['SERVER_SMTP_SECURITY'];
$mail->Port = $_SESSION['SERVER_SMTP_PORT'];
$mail->Host = $_SESSION['SERVER_SMTP_HOST'];
@@ -318,9 +353,9 @@ function send_email($to, $subject, $mailtext, $from, $from_name, $to_name = '')
$mail->IsHTML(true);
$mail->ClearReplyTos();
- if (empty($to_name)){
+ if (empty($to_name)) {
$mail->AddAddress($to);
- }else{
+ } else {
$mail->AddAddress($to, $to_name);
}
$mail->SetFrom($from, $from_name);
@@ -333,20 +368,21 @@ function send_email($to, $subject, $mailtext, $from, $from_name, $to_name = '')
$mail->Send();
}
-function list_timezones() {
- foreach(['AKST', 'AKDT', 'PST', 'PDT', 'MST', 'MDT', 'CST', 'CDT', 'EST', 'EDT', 'AST', 'ADT'] as $timezone) {
+function list_timezones()
+{
+ foreach (['AKST', 'AKDT', 'PST', 'PDT', 'MST', 'MDT', 'CST', 'CDT', 'EST', 'EDT', 'AST', 'ADT'] as $timezone) {
$tz = new DateTimeZone($timezone);
- $timezone_offsets[$timezone] = $tz->getOffset(new DateTime);
+ $timezone_offsets[$timezone] = $tz->getOffset(new DateTime());
}
-
- foreach(DateTimeZone::listIdentifiers() as $timezone) {
+
+ foreach (DateTimeZone::listIdentifiers() as $timezone) {
$tz = new DateTimeZone($timezone);
- $timezone_offsets[$timezone] = $tz->getOffset(new DateTime);
+ $timezone_offsets[$timezone] = $tz->getOffset(new DateTime());
}
- foreach($timezone_offsets as $timezone => $offset) {
+ foreach ($timezone_offsets as $timezone => $offset) {
$offset_prefix = $offset < 0 ? '-' : '+';
- $offset_formatted = gmdate( 'H:i', abs($offset) );
+ $offset_formatted = gmdate('H:i', abs($offset));
$pretty_offset = "UTC${offset_prefix}${offset_formatted}";
$t = new DateTimeZone($timezone);
$c = new DateTime(null, $t);
@@ -370,18 +406,22 @@ function list_timezones() {
*
* @return string
*/
-function is_it_mysql_or_mariadb() {
- exec (HESTIA_CMD . 'v-list-sys-services json', $output, $return_var);
+function is_it_mysql_or_mariadb()
+{
+ exec(HESTIA_CMD . 'v-list-sys-services json', $output, $return_var);
$data = json_decode(implode('', $output), true);
unset($output);
$mysqltype = 'mysql';
- if (isset($data['mariadb'])) $mysqltype = 'mariadb';
+ if (isset($data['mariadb'])) {
+ $mysqltype = 'mariadb';
+ }
return $mysqltype;
}
-function load_hestia_config() {
+function load_hestia_config()
+{
// Check system configuration
- exec (HESTIA_CMD . "v-list-sys-config json", $output, $return_var);
+ exec(HESTIA_CMD . "v-list-sys-config json", $output, $return_var);
$data = json_decode(implode('', $output), true);
$sys_arr = $data['config'];
foreach ($sys_arr as $key => $value) {
@@ -394,14 +434,15 @@ function load_hestia_config() {
*
* @return array
*/
-function backendtpl_with_webdomains() {
- exec (HESTIA_CMD . 'v-list-users json', $output, $return_var);
+function backendtpl_with_webdomains()
+{
+ exec(HESTIA_CMD . 'v-list-users json', $output, $return_var);
$users = json_decode(implode('', $output), true);
unset($output);
$backend_list=[];
foreach ($users as $user => $user_details) {
- exec (HESTIA_CMD . 'v-list-web-domains '. escapeshellarg($user) . ' json', $output, $return_var);
+ exec(HESTIA_CMD . 'v-list-web-domains '. escapeshellarg($user) . ' json', $output, $return_var);
$domains = json_decode(implode('', $output), true);
unset($output);
@@ -419,6 +460,7 @@ function backendtpl_with_webdomains() {
*
* @return int; 1 / 0
*/
-function validate_password($password){
+function validate_password($password)
+{
return preg_match('/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(.){8,}$/', $password);
-}
+}
\ No newline at end of file
diff --git a/web/inc/prevent_csrf.php b/web/inc/prevent_csrf.php
index ff7c549095..8b74376861 100644
--- a/web/inc/prevent_csrf.php
+++ b/web/inc/prevent_csrf.php
@@ -1,30 +1,41 @@
= $_SESSION['POLICY_CSRF_STRICTNESS']) {
return true;
- }else{
+ } else {
echo "Potential use CSRF detected
\n".
"Please disable any plugins/add-ons inside your browser or contact your system administrator. If you are the system administrator you can run v-change-sys-config-value 'POLICY_CSRF_STRICTNESS' '0' as root to disable this check.
".
"
If you folowed a bookmark or an static link please click here";
die();
}
}
- function prevent_post_csrf(){
- if ($_SERVER['REQUEST_METHOD']=='POST') {
- $hostname = explode( ':', $_SERVER['HTTP_HOST']);
+ function prevent_post_csrf()
+ {
+ if ($_SERVER['REQUEST_METHOD']==='POST') {
+ $hostname = explode(':', $_SERVER['HTTP_HOST']);
$port=$hostname[1];
$hostname=$hostname[0];
- if (strpos($_SERVER['HTTP_ORIGIN'],gethostname()) !== false && in_array($port, array('443',$_SERVER['SERVER_PORT'])) ) {
+ if (strpos($_SERVER['HTTP_ORIGIN'], gethostname()) !== false && in_array($port, array('443',$_SERVER['SERVER_PORT']))) {
return checkStrictness(2);
- }else{
- if (strpos($_SERVER['HTTP_ORIGIN'],$hostname) !== false && in_array($port, array('443',$_SERVER['SERVER_PORT'])) ){
+ } else {
+ if (strpos($_SERVER['HTTP_ORIGIN'], $hostname) !== false && in_array($port, array('443',$_SERVER['SERVER_PORT']))) {
return checkStrictness(1);
} else {
return checkStrictness(0);
@@ -32,20 +43,21 @@ function prevent_post_csrf(){
}
}
}
-
- function prevent_get_csrf(){
- if ($_SERVER['REQUEST_METHOD']=='GET') {
- $hostname = explode( ':', $_SERVER['HTTP_HOST']);
+
+ function prevent_get_csrf()
+ {
+ if ($_SERVER['REQUEST_METHOD']==='GET') {
+ $hostname = explode(':', $_SERVER['HTTP_HOST']);
$port=$hostname[1];
$hostname=$hostname[0];
//list of possible entries route and these should never be blocked
- if (in_array($_SERVER['DOCUMENT_URI'], array('/list/user/index.php', '/login/index.php','/list/web/index.php','/list/dns/index.php','/list/mail/index.php','/list/db/index.php','/list/cron/index.php','/list/backup/index.php','/reset/index.php'))){
+ if (in_array($_SERVER['DOCUMENT_URI'], array('/list/user/index.php', '/login/index.php','/list/web/index.php','/list/dns/index.php','/list/mail/index.php','/list/db/index.php','/list/cron/index.php','/list/backup/index.php','/reset/index.php'))) {
return true;
}
- if (strpos($_SERVER['HTTP_REFERER'],gethostname()) !== false && in_array($port, array('443',$_SERVER['SERVER_PORT'])) ) {
+ if (strpos($_SERVER['HTTP_REFERER'], gethostname()) !== false && in_array($port, array('443',$_SERVER['SERVER_PORT']))) {
return checkStrictness(2);
- }else{
- if (strpos($_SERVER['HTTP_REFERER'],$hostname) !== false && in_array($port, array('443',$_SERVER['SERVER_PORT'])) ){
+ } else {
+ if (strpos($_SERVER['HTTP_REFERER'], $hostname) !== false && in_array($port, array('443',$_SERVER['SERVER_PORT']))) {
return checkStrictness(1);
} else {
return checkStrictness(0);
@@ -53,8 +65,8 @@ function prevent_get_csrf(){
}
}
}
-
- if ( $check_csrf == true){
+
+ if ($check_csrf == true) {
prevent_post_csrf();
prevent_get_csrf();
- }
\ No newline at end of file
+ }
diff --git a/web/login/index.php b/web/login/index.php
index debc1add9f..1f5213b715 100644
--- a/web/login/index.php
+++ b/web/login/index.php
@@ -21,10 +21,7 @@
// Allow administrators to view and manipulate contents of other user accounts
if (($_SESSION['userContext'] === 'admin') && (!empty($_GET['loginas']))) {
// Ensure token is passed and matches before granting user impersonation access
- if ((!$_GET['token']) || ($_SESSION['token'] != $_GET['token'])) {
- header('location: /list/user/');
- exit();
- } else {
+ if (verify_csrf($_GET)) {
$v_user = escapeshellarg($_GET['loginas']);
$v_impersonator = escapeshellarg($_SESSION['user']);
exec(HESTIA_CMD . "v-list-user ".$v_user." json", $output, $return_var);
@@ -90,7 +87,7 @@
function authenticate_user($user, $password, $twofa = '')
{
unset($_SESSION['login']);
- if (isset($_SESSION['token']) && isset($_POST['token']) && $_POST['token'] == $_SESSION['token']) {
+ if (verify_csrf($_POST, true)) {
$v_user = escapeshellarg($user);
$ip = $_SERVER['REMOTE_ADDR'];
$user_agent = $_SERVER['HTTP_USER_AGENT'];
diff --git a/web/logout/index.php b/web/logout/index.php
index 20c4855414..6c38ccac35 100644
--- a/web/logout/index.php
+++ b/web/logout/index.php
@@ -4,10 +4,8 @@
// Main include
include($_SERVER['DOCUMENT_ROOT'] . '/inc/main.php');
-if ((!$_GET['token']) || ($_SESSION['token'] != $_GET['token'])) {
- header('location: /list/user/');
- exit();
-}
+// Check token
+verify_csrf($_POST);
if (!empty($_SESSION['look'])) {
$v_user = escapeshellarg($_SESSION['look']);
diff --git a/web/reset/index.php b/web/reset/index.php
index 3deac64cfa..e52a190034 100644
--- a/web/reset/index.php
+++ b/web/reset/index.php
@@ -12,9 +12,8 @@
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
if ((!empty($_POST['user'])) && (empty($_POST['code']))) {
- if ($_POST['token'] != $_SESSION['token']) {
- header('Location: /');
- }
+ // Check token
+ verify_csrf($_POST);
$v_user = escapeshellarg($_POST['user']);
$user = $_POST['user'];
$email = $_POST['email'];
@@ -61,9 +60,8 @@
}
if ((!empty($_POST['user'])) && (!empty($_POST['code'])) && (!empty($_POST['password']))) {
- if ($_POST['token'] != $_SESSION['token']) {
- header('Location: /');
- }
+ // Check token
+ verify_csrf($_POST);
if ($_POST['password'] == $_POST['password_confirm']) {
$v_user = escapeshellarg($_POST['user']);
$user = $_POST['user'];
diff --git a/web/reset2fa/index.php b/web/reset2fa/index.php
index 69bcc3805c..576d6fb0dc 100644
--- a/web/reset2fa/index.php
+++ b/web/reset2fa/index.php
@@ -13,9 +13,8 @@
//Check values
if (!empty($_POST['user']) && !empty($_POST['twofa'])) {
- if ($_POST['token'] != $_SESSION['token']) {
- header('Location: /');
- }
+ // Check token
+ verify_csrf($_POST);
$error = true;
$v_user = escapeshellarg($_POST['user']);
$user = $_POST['user'];
diff --git a/web/restart/service/index.php b/web/restart/service/index.php
index 23c052432a..27bd1a822a 100644
--- a/web/restart/service/index.php
+++ b/web/restart/service/index.php
@@ -1,29 +1,29 @@
', $output);
- if (empty($error)) $error = _('Restart "%s" failed',$v_service);
- $_SESSION['error_msg'] = $error;
+ if (empty($error)) {
+ $error = _('Restart "%s" failed', $v_service);
+ }
+ $_SESSION['error_msg'] = $error;
}
unset($output);
}
diff --git a/web/restart/system/index.php b/web/restart/system/index.php
index 04de90c40f..73c6ad25c2 100644
--- a/web/restart/system/index.php
+++ b/web/restart/system/index.php
@@ -1,18 +1,16 @@
', $output);
- if (empty($error)) $error = _('Start "%s" failed',$v_service);;
- $_SESSION['error_srv'] = $error;
+ if (empty($error)) {
+ $error = _('Start "%s" failed', $v_service);
+ };
+ $_SESSION['error_srv'] = $error;
}
unset($output);
}
diff --git a/web/stop/service/index.php b/web/stop/service/index.php
index 1756df9b3d..8637a735d4 100644
--- a/web/stop/service/index.php
+++ b/web/stop/service/index.php
@@ -1,23 +1,21 @@
', $output);
- if (empty($error)) $error = _('Error: Hestia did not return any output.');
+ if (empty($error)) {
+ $error = _('Error: Hestia did not return any output.');
+ }
$_SESSION['error_msg'] = $error;
}
unset($output);
@@ -32,14 +32,16 @@
}
// DNS record
-if ((!empty($_GET['domain'])) && (!empty($_GET['record_id']))) {
+if ((!empty($_GET['domain'])) && (!empty($_GET['record_id']))) {
$v_username = escapeshellarg($user);
$v_domain = escapeshellarg($_GET['domain']);
$v_record_id = escapeshellarg($_GET['record_id']);
- exec (HESTIA_CMD."v-unsuspend-dns-record ".$v_username." ".$v_domain." ".$v_record_id, $output, $return_var);
+ exec(HESTIA_CMD."v-unsuspend-dns-record ".$v_username." ".$v_domain." ".$v_record_id, $output, $return_var);
if ($return_var != 0) {
$error = implode('
', $output);
- if (empty($error)) $error = _('Error: Hestia did not return any output.');
+ if (empty($error)) {
+ $error = _('Error: Hestia did not return any output.');
+ }
$_SESSION['error_msg'] = $error;
}
unset($output);
diff --git a/web/unsuspend/firewall/index.php b/web/unsuspend/firewall/index.php
index 92d404b7c4..88192694d7 100644
--- a/web/unsuspend/firewall/index.php
+++ b/web/unsuspend/firewall/index.php
@@ -1,27 +1,25 @@
', $output);
- if (empty($error)) $error = _('Error: Hestia did not return any output.');
+ if (empty($error)) {
+ $error = _('Error: Hestia did not return any output.');
+ }
$_SESSION['error_msg'] = $error;
}
unset($output);
@@ -32,14 +32,16 @@
}
// Mail account
-if ((!empty($_GET['domain'])) && (!empty($_GET['account']))) {
+if ((!empty($_GET['domain'])) && (!empty($_GET['account']))) {
$v_username = escapeshellarg($user);
$v_domain = escapeshellarg($_GET['domain']);
$v_account = escapeshellarg($_GET['account']);
- exec (HESTIA_CMD."v-unsuspend-mail-account ".$v_username." ".$v_domain." ".$v_account, $output, $return_var);
+ exec(HESTIA_CMD."v-unsuspend-mail-account ".$v_username." ".$v_domain." ".$v_account, $output, $return_var);
if ($return_var != 0) {
$error = implode('
', $output);
- if (empty($error)) $error = _('Error: Hestia did not return any output.');
+ if (empty($error)) {
+ $error = _('Error: Hestia did not return any output.');
+ }
$_SESSION['error_msg'] = $error;
}
unset($output);
diff --git a/web/unsuspend/user/index.php b/web/unsuspend/user/index.php
index 232abe8eba..bc9fc2a687 100644
--- a/web/unsuspend/user/index.php
+++ b/web/unsuspend/user/index.php
@@ -1,28 +1,26 @@
', $output);
if (empty($error)) {
- $error = sprintf(_('Error: %s update failed',$v_pkg));
+ $error = sprintf(_('Error: %s update failed', $v_pkg));
$_SESSION['error_msg'] = $error;
}
}
From cb462e729dcb0ea8cbd52ecf776319da61eaa022 Mon Sep 17 00:00:00 2001
From: Jaap Marcus <9754650+jaapmarcus@users.noreply.github.com>
Date: Fri, 10 Sep 2021 11:45:49 +0200
Subject: [PATCH 2/4] Fix php error + add remove script for /edit/server/theme
---
install/upgrade/versions/1.4.13.sh | 5 +++++
web/inc/main.php | 2 +-
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/install/upgrade/versions/1.4.13.sh b/install/upgrade/versions/1.4.13.sh
index cebeb2c2fe..08dbf05f05 100644
--- a/install/upgrade/versions/1.4.13.sh
+++ b/install/upgrade/versions/1.4.13.sh
@@ -48,3 +48,8 @@ fi
if [ -d "$HESTIA/web/edit/file/" ]; then
rm -fr $HESTIA/web/edit/file/
fi
+
+# Not used any more
+if [ -d "$HESTIA/web/edit/server/theme/" ]; then
+ rm -fr $HESTIA/web/edit/server/theme/
+fi
diff --git a/web/inc/main.php b/web/inc/main.php
index 78874d856d..73a899d0a7 100644
--- a/web/inc/main.php
+++ b/web/inc/main.php
@@ -173,7 +173,7 @@ function render_page($user, $TAB, $page)
// Usage: verify_csrf($_POST) or verify_csrf($_GET); Use verify_csrf($_POST,true) to return on failure instead of redirect
function verify_csrf($method, $return = false)
{
- if ($method['token'] !== $_SESSION['token'] || empty($method['token'] || empty($_SESSION['token'])) {
+ if ($method['token'] !== $_SESSION['token'] || empty($method['token']) || empty($_SESSION['token'])) {
if ($return === true) {
return false;
} else {
From 3fec4353b3d834640d10e2ee38fe70e8f436460c Mon Sep 17 00:00:00 2001
From: Jaap Marcus <9754650+jaapmarcus@users.noreply.github.com>
Date: Fri, 10 Sep 2021 11:56:04 +0200
Subject: [PATCH 3/4] Fix if else statement
---
web/inc/main.php | 13 ++++++-------
1 file changed, 6 insertions(+), 7 deletions(-)
diff --git a/web/inc/main.php b/web/inc/main.php
index 73a899d0a7..62068dbe57 100644
--- a/web/inc/main.php
+++ b/web/inc/main.php
@@ -175,14 +175,13 @@ function verify_csrf($method, $return = false)
{
if ($method['token'] !== $_SESSION['token'] || empty($method['token']) || empty($_SESSION['token'])) {
if ($return === true) {
- return false;
- } else {
- header('Location: /login/');
- die();
- }
+ return false;
} else {
- return true;
+ header('Location: /login/');
+ die();
}
+ } else {
+ return true;
}
}
@@ -463,4 +462,4 @@ function backendtpl_with_webdomains()
function validate_password($password)
{
return preg_match('/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(.){8,}$/', $password);
-}
\ No newline at end of file
+}
From 2d4295c81555b096e8bf76c85ba3904e36cb925d Mon Sep 17 00:00:00 2001
From: Jaap Marcus <9754650+jaapmarcus@users.noreply.github.com>
Date: Fri, 10 Sep 2021 14:41:54 +0200
Subject: [PATCH 4/4] Fix bug on logout page
Ue HESTIA_CMD every where instead
Remove rand()
---
web/logout/index.php | 2 +-
web/reset/index.php | 14 +++++---------
2 files changed, 6 insertions(+), 10 deletions(-)
diff --git a/web/logout/index.php b/web/logout/index.php
index 6c38ccac35..60551e33b3 100644
--- a/web/logout/index.php
+++ b/web/logout/index.php
@@ -5,7 +5,7 @@
// Main include
include($_SERVER['DOCUMENT_ROOT'] . '/inc/main.php');
// Check token
-verify_csrf($_POST);
+verify_csrf($_GET);
if (!empty($_SESSION['look'])) {
$v_user = escapeshellarg($_SESSION['look']);
diff --git a/web/reset/index.php b/web/reset/index.php
index e52a190034..5954fa53d3 100644
--- a/web/reset/index.php
+++ b/web/reset/index.php
@@ -22,14 +22,13 @@
if ($return_var == 0) {
$data = json_decode(implode('', $output), true);
if ($email == $data[$user]['CONTACT']) {
- //genrate new rkey
- $rkey = substr(password_hash(rand(0, 10), PASSWORD_DEFAULT), 5, 12);
+ $rkey = substr(password_hash("", PASSWORD_DEFAULT), 8, 12);
$hash = password_hash($rkey, PASSWORD_DEFAULT);
$v_rkey = tempnam("/tmp", "vst");
$fp = fopen($v_rkey, "w");
fwrite($fp, $hash."\n");
fclose($fp);
- exec("/usr/bin/sudo /usr/local/hestia/bin/v-change-user-rkey ".$v_user." ".$v_rkey."", $output, $return_var);
+ exec(HESTIA_CMD . "v-change-user-rkey ".$v_user." ".$v_rkey."", $output, $return_var);
unset($output);
unlink($v_rkey);
$name = $data[$user]['NAME'];
@@ -65,21 +64,19 @@
if ($_POST['password'] == $_POST['password_confirm']) {
$v_user = escapeshellarg($_POST['user']);
$user = $_POST['user'];
- $cmd="/usr/bin/sudo /usr/local/hestia/bin/v-list-user";
- exec($cmd." ".$v_user." json", $output, $return_var);
+ exec(HESTIA_CMD . "v-list-user ".$v_user." json", $output, $return_var);
if ($return_var == 0) {
$data = json_decode(implode('', $output), true);
$rkey = $data[$user]['RKEY'];
if (password_verify($_POST['code'], $rkey)) {
unset($output);
- exec("/usr/bin/sudo /usr/local/hestia/bin/v-get-user-value ".$v_user." RKEYEXP", $output, $return_var);
+ exec(HESTIA_CMD . "v-get-user-value ".$v_user." RKEYEXP", $output, $return_var);
if ($output[0] > time() - 900) {
$v_password = tempnam("/tmp", "vst");
$fp = fopen($v_password, "w");
fwrite($fp, $_POST['password']."\n");
fclose($fp);
- $cmd="/usr/bin/sudo /usr/local/hestia/bin/v-change-user-password";
- exec($cmd." ".$v_user." ".$v_password, $output, $return_var);
+ exec(HESTIA_CMD . "v-change-user-password ".$v_user." ".$v_password, $output, $return_var);
unlink($v_password);
if ($return_var > 0) {
sleep(5);
@@ -102,7 +99,6 @@
} else {
sleep(5);
$ERROR = ""._('Invalid username or code')."";
- exec(HESTIA_CMD . 'v-log-user-login ' . $v_user . ' ' . $v_ip . ' failed ' . $v_session_id . ' ' . $v_user_agent .' yes "Invalid Username or Code"', $output, $return_var);
}
} else {
$ERROR = ""._('Passwords not match')."";