Development

Navigation

← Previous Changeset
Next Changeset →

Changeset 1073

Timestamp:

03/23/08 14:40:46 (6 months ago)

Author:

rats

Message:

Fixed: Warnings and Notices if no Database found or no conection to it
Other small fixes

Files:

trunk/CHANGELOG (modified) (1 diff)
trunk/configs/dists/freebsd/ispcp.conf (modified) (2 diffs)
trunk/configs/dists/freebsd/postfix/main.cf (modified) (2 diffs)
trunk/configs/dists/opensuse/proftpd/proftpd.conf (modified) (2 diffs)
trunk/docs/OpenSuse/opensuse103-packages (modified) (1 diff)
trunk/gui/admin/ip_manage.php (modified) (1 diff)
trunk/gui/include/input-checks.php (modified) (1 diff)
trunk/gui/include/ispcp-config.php (modified) (4 diffs)
trunk/gui/include/ispcp-lib.php (modified) (3 diffs)
trunk/gui/include/sql.php (modified) (3 diffs)
trunk/gui/include/system-message.php (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

trunk/CHANGELOG

r1071	r1073
1	1	ispCP ω 1.0.0 Changelog
2	2	~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	3
	4	2008-03-23 Benedikt Heintel
	5	- GUI:
	6	* Fixed: Warnings and Notices if no Database found or no conection to it
	7
	8	2008-03-22 Benedikt Heintel
	9	- GUI:
	10	* Fixed: Error in input check and IP management
	11	- DISTS:
	12	* Fixed #1130: (FreeBSD) Fix program path in freebsd distro
3	13
4	14	2008-03-22 Christian Hernmarck

trunk/configs/dists/freebsd/ispcp.conf

r1068	r1073
300	300	CMD_HTTPD = /usr/local/sbin/apachectl
301	301
302		CMD_IMAP = /usr/local/etc/rc.d/courier-imap-imapd~~.sh~~
	302	CMD_IMAP = /usr/local/etc/rc.d/courier-imap-imapd
303	303
304	304	CMD_IMAP_SSL = no
…	…
306	306	CMD_MTA = /usr/local/etc/rc.d/postfix
307	307
308		CMD_NAMED = /usr/~~local/etc/named.r~~c
309
310		CMD_POP = /usr/local/etc/rc.d/courier-imap-pop3d~~.sh~~
	308	CMD_NAMED = /usr/sbin/rndc
	309
	310	CMD_POP = /usr/local/etc/rc.d/courier-imap-pop3d
311	311
312	312	CMD_POP_SSL = no

trunk/configs/dists/freebsd/postfix/main.cf

r1059	r1073
20	20
21	21	# Postfix directory settings; These are critical for normal Postfix MTA functionallity
22		command_directory = /usr/sbin
23		daemon_directory = /usr/lib/postfix
24		program_directory = /usr/lib/postfix
	22	command_directory = /usr/local/sbin
	23	daemon_directory = /usr/local/libexec/postfix
	24	program_directory = /usr/local/libexec/postfix
25	25
26	26	# Some common configuration parameters
…	…
33	33
34	34	smtpd_banner = $myhostname ESMTP ispCP {MTA_VERSION} Managed
35		setgid_group = ~~post~~drop
	35	setgid_group = maildrop
36	36
37	37	# Receiving messages parameters

trunk/configs/dists/opensuse/proftpd/proftpd.conf

r1059	r1073
46	46
47	47	DisplayLogin welcome.msg
48		Display~~FirstChdir~~ message
	48	DisplayChdir message
49	49
50	50	ListOptions "-l"
…	…
161	161
162	162	# ispCP SQL Managment
163		# Activate for proftpd >= 1.3
164		#SQLBackend mysql
	163	SQLBackend mysql
165	164	SQLAuthTypes Crypt
166	165	SQLAuthenticate on

trunk/docs/OpenSuse/opensuse103-packages

r1002 r1073

80 80 php5
81 81 php5-fastcgi
82 php5-ftp
82 83 php5-mbstring
83 84 php5-mcrypt

trunk/gui/admin/ip_manage.php

r1068	r1073
133	133	}
134	134
135		if (!isset($sucess)) {
	135	if (!isset($sucess) && isset($_POST['ip_number_1'])) {
136	136	$tpl->assign(
137	137	array(

trunk/gui/include/input-checks.php

r1068	r1073
150	150	}
151	151
152		if (preg_match($pemitted, $password)) {
	152	if (!empty($permitted) && preg_match($pemitted, $password)) {
153	153	return false;
154	154	}

trunk/gui/include/ispcp-config.php

r1072	r1073
28	28	$cfg_obj = new Config($cfgfile);
29	29
30		/* Status not ok -> Try to get the error and display a message */
	30	// Status not ok -> Try to get the error and display a message
31	31	if ($cfg_obj->status != 'ok') {
32	32	if ($cfg_obj->status == 'err') {
33		/* cannot open ispcp.conf file - we must show warning */
34		print ~~"<center><b><font color=red>Cannot open the ispcp.conf config file !<br><br>Please contact your system administrator</font></b></center>";~~
35		die();
	33	// cannot open ispcp.conf file - we must show warning
	34	print
	35	die("<center><b><font color=red>Cannot open the ispcp.conf config file!<br />Please contact your system administrator</font></b></center>");
36	36	}
37	37
38	38	if (substr($cfg_obj->status, 0, 24) == 'missing config variable:') {
39		/* cannot open ispcp.conf file - we must show warning */
40		print "<center><b><font color=red>config variable " . substr($cfg_obj->status, 25) . " is missing!<br><br>Please contact your system administrator</font></b></center>";
41		die();
	39	// cannot open ispcp.conf file - we must show warning
	40	die("<center><b><font color=red>Config variable " . substr($cfg_obj->status, 25) . " is missing!<br />Please contact your system administrator</font></b></center>");
42	41	}
43	42	}
…	…
45	44	$cfg = $cfg_obj->getValues();
46	45
	46	// this class will parse config file and get all variables avaible in PHP
47	47	class Config {
48		/* this class will parse config file and get all variables avaible in PHP */
	48	// config filename
49	49	var $config_file;
50		/* config filename */
51
52		/* IMPORTANT: any adding & removing of variables in /etc/ispcp/ispcp.conf should also be made here! */
53		var $cfg_values = array(~~/* array with all options from config file - predefined with null */~~
	50
	51	// IMPORTANT: any adding & removing of variables in /etc/ispcp/ispcp.conf should also be made here!
	52	// array with all options from config file - predefined with null
	53	var $cfg_values = array(
54	54	'BuildDate' => null,
55	55	'Version' => null,
…	…
225	225
226	226	function parseFile() {
227		/* open file ... parse it and put it in $cfg_values */
	227	// open file ... parse it and put it in $cfg_values
228	228	@$fd = fopen($this->config_file, 'r');
229	229	if ($fd == false) {
230		~~/* ooops error */~~
231	230	$this->status = 'err';
232	231	return false;
233	232	} while (!feof($fd)) {
234	233	$buffer = fgets($fd, 4096);
235		/* remove spaces */
	234	// remove spaces
236	235	$buffer = ltrim($buffer);
237		if (strlen($buffer) < 3) {
238		/* empty */
239		} else if ($buffer[0] == '#' \|\| $buffer[0] == ';') {
240		/* this is comment */
241		} else if (strpos($buffer, '=') === false) {
242		/* have no = :( */
243		} else {
	236	if (strlen($buffer) > 3 && $buffer[0] != '#' && $buffer[0] != ';' &&
	237	strpos($buffer, '=') !== false) {
244	238	$pair = explode('=', $buffer, 2);
245	239
246		$pair[0] = ltrim($pair[0]);
247		$pair[0] = rtrim($pair[0]);
248
249		$pair[1] = ltrim($pair[1]);
250		$pair[1] = rtrim($pair[1]);
251
252		/* ok we have it :) */
	240	$pair[0] = trim($pair[0]);
	241	$pair[1] = trim($pair[1]);
	242
	243	// ok we have it :)
253	244	$this->cfg_values[$pair[0]] = $pair[1];
254	245	}
…	…
279	270	if (extension_loaded('mcrypt') \|\| @dl('mcrypt.' . PHP_SHLIB_SUFFIX)) {
280	271	$text = @base64_decode($db_pass . "\n");
281		/* Open the cipher */
	272	// Open the cipher
282	273	$td = @mcrypt_module_open ('blowfish', '', 'cbc', '');
283		/* Create key */
	274	// Create key
284	275	$key = $ispcp_db_pass_key;
285		/* Create the IV and determine the keysize length */
	276	// Create the IV and determine the keysize length
286	277	$iv = $ispcp_db_pass_iv;
287	278
288		/* Intialize encryption */
	279	// Intialize encryption
289	280	@mcrypt_generic_init ($td, $key, $iv);
290		/* Decrypt encrypted string */
	281	// Decrypt encrypted string
291	282	$decrypted = @mdecrypt_generic ($td, $text);
292	283	@mcrypt_module_close ($td);
293	284
294		/* Show string */
	285	// Show string
295	286	return trim($decrypted);
296	287	} else {
297		system_message("ERROR: The php-extension 'mcrypt' not loaded !");
	288	system_message("ERROR: The php-extension 'mcrypt' not loaded!");
298	289	die();
299	290	}

trunk/gui/include/ispcp-lib.php

r1070	r1073
30	30	//error_reporting(0);
31	31	// setting for development edition - see all error messages
32		error_reporting(E_ALL~~\|E_STRICT~~);
	32	error_reporting(E_ALL);
33	33
34	34	require_once(INCLUDEPATH.'/spGzip.php');
35	35	require_once(INCLUDEPATH.'/class.pTemplate.php');
36	36	require_once(INCLUDEPATH.'/i18n.php');
	37
	38	// Template pathes
	39	$cfg['ROOT_TEMPLATE_PATH'] = 'themes/';
	40	$cfg['USER_INITIAL_THEME'] = 'omega_original';
	41	$cfg['LOGIN_TEMPLATE_PATH'] = $cfg['ROOT_TEMPLATE_PATH'].$cfg['USER_INITIAL_THEME'];
	42	$cfg['ADMIN_TEMPLATE_PATH'] = '../'.$cfg['ROOT_TEMPLATE_PATH'].$cfg['USER_INITIAL_THEME'].'/admin';
	43	$cfg['RESELLER_TEMPLATE_PATH'] = '../'.$cfg['ROOT_TEMPLATE_PATH'].$cfg['USER_INITIAL_THEME'].'/reseller';
	44	$cfg['CLIENT_TEMPLATE_PATH'] = '../'.$cfg['ROOT_TEMPLATE_PATH'].$cfg['USER_INITIAL_THEME'].'/client';
	45	$cfg['IPS_LOGO_PATH'] = '../themes/user_logos';
	46	$cfg['PURCHASE_TEMPLATE_PATH'] = '../'.$cfg['ROOT_TEMPLATE_PATH'].$cfg['USER_INITIAL_THEME'].'/orderpanel';
	47
	48	// Standard Language (if not set)
	49	$cfg['USER_INITIAL_LANG'] = 'lang_English';
	50
37	51	require_once(INCLUDEPATH.'/system-message.php');
38	52	require_once(INCLUDEPATH.'/ispcp-db-keys.php');
…	…
60	74	$cfg['MAX_SQL_USER_LENGTH'] = 16;
61	75	$cfg['MAX_SQL_PASS_LENGTH'] = 32;
62		~~// Template pathes~~
63		~~$cfg['ROOT_TEMPLATE_PATH'] = 'themes/';~~
64		~~$cfg['LOGIN_TEMPLATE_PATH'] = $cfg['ROOT_TEMPLATE_PATH'].$cfg['USER_INITIAL_THEME'];~~
65		~~$cfg['ADMIN_TEMPLATE_PATH'] = '../'.$cfg['ROOT_TEMPLATE_PATH'].$cfg['USER_INITIAL_THEME'].'/admin';~~
66		~~$cfg['RESELLER_TEMPLATE_PATH'] = '../'.$cfg['ROOT_TEMPLATE_PATH'].$cfg['USER_INITIAL_THEME'].'/reseller';~~
67		~~$cfg['CLIENT_TEMPLATE_PATH'] = '../'.$cfg['ROOT_TEMPLATE_PATH'].$cfg['USER_INITIAL_THEME'].'/client';~~
68		~~$cfg['IPS_LOGO_PATH'] = '../themes/user_logos';~~
69		~~$cfg['PURCHASE_TEMPLATE_PATH'] = '../'.$cfg['ROOT_TEMPLATE_PATH'].$cfg['USER_INITIAL_THEME'].'/orderpanel';~~
70	76
71	77	// the following variables are overriden via admin cp
…	…
74	80	// 'reseller' => hosting plans are available only in reseller level
75	81	$cfg['HOSTING_PLANS_LEVEL'] = 'reseller';
76		~~$cfg['USER_INITIAL_LANG'] = 'lang_English';~~
77	82
78	83	// enable or disable supportsystem

trunk/gui/include/sql.php

r993	r1073
1	1	<?php
2	2	/**
3		* ~~ispCP (OMEGA) a Virtual Hosting Control Panel~~
	3	* ispCP ω (OMEGA) a Virtual Hosting Control System
4	4	*
5		* @copyright 2001-2006 by moleSoftware GmbH
6		* @copyright 2006-2007 by ispCP \| http://isp-control.net
7		* @link http://isp-control.net
8		* @author ispCP Team (2007)
9		*
10		* @license
11		* This program is free software; you can redistribute it and/or modify it under
12		* the terms of the MPL General Public License as published by the Free Software
13		* Foundation; either version 1.1 of the License, or (at your option) any later
14		* version.
15		* You should have received a copy of the MPL Mozilla Public License along with
16		* this program; if not, write to the Open Source Initiative (OSI)
17		* http://opensource.org \| osi@opensource.org
18		*
19		**/
	5	* @copyright 2001-2006 by moleSoftware GmbH
	6	* @copyright 2006-2008 by ispCP \| http://isp-control.net
	7	* @version SVN: $ID$
	8	* @link http://isp-control.net
	9	* @author ispCP Team
	10	* @license This program is free software; you can redistribute it and/or modify it under
	11	* the terms of the MPL General Public License as published by the Free Software
	12	* Foundation; either version 1.1 of the License, or (at your option) any later
	13	* version.
	14	* You should have received a copy of the MPL Mozilla Public License along with
	15	* this program; if not, write to the Open Source Initiative (OSI)
	16	* http://opensource.org \| osi@opensource.org
	17	*/
20	18
21		require (INCLUDEPATH.'/adodb/adodb.inc.php');
22
23		require (INCLUDEPATH.'/adodb/adodb-pager.inc.php');
	19	require (INCLUDEPATH . '/adodb/adodb.inc.php');
	20	require (INCLUDEPATH . '/adodb/adodb-pager.inc.php');
24	21
25	22	$cfg['DB_TYPE'] = $cfg['DATABASE_TYPE'];
26
27	23	$cfg['DB_HOST'] = $cfg['DATABASE_HOST'];
28
29	24	$cfg['DB_USER'] = $cfg['DATABASE_USER'];
30
31	25	$cfg['DB_PASS'] = decrypt_db_password($cfg['DATABASE_PASSWORD']);
32
33	26	$cfg['DB_NAME'] = $cfg['DATABASE_NAME'];
34	27
35	28	$sql = &ADONewConnection($cfg['DB_TYPE']);
36	29
37		@$sql ~~-> Connect($cfg['DB_HOST'], $cfg['DB_USER'], $cfg['DB_PASS'], $cfg['DB_NAME']) OR~~
38		system_message('ERROR: Unable to connect to SQL server !<br>SQL returned: '~~.$sql -> ErrorMsg()~~ );
	30	@$sql->Connect($cfg['DB_HOST'], $cfg['DB_USER'], $cfg['DB_PASS'], $cfg['DB_NAME']) or
	31	system_message('ERROR: Unable to connect to SQL server !<br>SQL returned: ' . $sql->ErrorMsg());
39	32
40		/* switch optionally to utf8 based communication with the database */
	33	// switch optionally to utf8 based communication with the database
41	34	if (isset($cfg['DATABASE_UTF8']) && $cfg['DATABASE_UTF8'] == 'yes') {
42		@$sql->Execute("SET NAMES 'utf8'");
	35	@$sql->Execute("SET NAMES 'utf8'");
43	36	}
44	37
45		/* No longer needed */
	38	// No longer needed - unset for safety
46	39	unset($cfg['DB_USER']);
47
48	40	unset($cfg['DB_PASS']);
49		~~/* unset for safety */~~
50	41
51	42	function execute_query (&$sql, $query) {
52		$rs = $sql -> Execute($query);
53		if (!$rs) system_message($sql -> ErrorMsg());
	43	$rs = $sql->Execute($query);
	44	if (!$rs) system_message($sql->ErrorMsg());
54	45	return $rs;
55	46	}
…	…
60	51
61	52	if (!$rs && $failDie) {
62		system_message($sql->ErrorMsg());
	53	system_message($sql->ErrorMsg());
63	54	}
64	55
…	…
67	58
68	59	function quoteIdentifier($identifier) {
69		global $sql;
	60	global $sql;
70	61
71		$identifier = str_replace($sql->nameQuote, '\\' . $sql->nameQuote, $identifier);
	62	$identifier = str_replace($sql->nameQuote, '\\' . $sql->nameQuote, $identifier);
72	63
73		return $sql->nameQuote . $identifier . $sql->nameQuote;
	64	return $sql->nameQuote . $identifier . $sql->nameQuote;
74	65	}
75	66
76	67	function match_sqlinjection($value, &$matches) {
77		$matches = array();
78		return (preg_match("/((DELETE)\|(INSERT)\|(UPDATE)\|(ALTER)\|(CREATE)\|( TABLE)\|(DROP))\s[A-Za-z0-9 ]{0,200}(\s(FROM)\|(INTO)\|(TABLE)\s)/i", $value, $matches)>0);
	68	$matches = array();
	69	return (preg_match("/((DELETE)\|(INSERT)\|(UPDATE)\|(ALTER)\|(CREATE)\|( TABLE)\|(DROP))\s[A-Za-z0-9 ]{0,200}(\s(FROM)\|(INTO)\|(TABLE)\s)/i", $value, $matches) > 0);
79	70	}
80	71
81	72	function check_query($exclude = array()) {
82		$matches = null;
	73	$matches = null;
83	74
84		if (phpversion() <= '4.2.2') { //why? _ REQUEST was introduced in 4.1.0, not 4.2.2
85		die('ERROR: Your PHP version is older than 4.2.2!');
86		}
	75	if (phpversion() <= '4.2.2') {
	76	$message = "Your PHP version is older than 4.2.2!";
	77	write_log($message);
	78	system_message($message);
	79	die('ERROR: Your PHP version is older than 4.2.2!');
	80	}
87	81
88		if (!is_array($exclude)) {
89		$exclude = array($exclude);
90		}
	82	if (!is_array($exclude)) {
	83	$exclude = array($exclude);
	84	}
91	85
92		foreach($_REQUEST as $key => $value) {
	86	foreach($_REQUEST as $key => $value) {
	87	if (in_array($key, $exclude)) {
	88	continue;
	89	}
93	90
94		if (in_array($key, $exclude)) {
95		continue;
96		}
	91	if (!is_array($value)) {
	92	if (match_sqlinjection($value, $matches)) {
	93	$message = "Possible SQL injection detected: $key=>$value. <b>${matches[0]}</b>. Script terminated.";
	94	write_log($message);
	95	system_message($message);
	96	die('<b>WARNING</b>: Possible SQL injection detected. Script terminated.');
	97	}
	98	} else {
	99	foreach($value as $skey => $svalue) {
	100	if (!is_array($svalue)) {
	101	if (match_sqlinjection($svalue, $matches)) {
	102	$message = "Possible SQL injection detected: $skey=>$svalue <b>${matches[0]}</b>. Script terminated.";
	103	write_log($message);
	104	system_message($message);
	105	die('<b>WARNING</b>: Possible SQL injection detected. Script terminated.');
	106	}
	107	}
	108	}
	109	}
	110	}
	111	}
97	112
98		~~if (!is_array($value)) {~~
99		~~if (match_sqlinjection($value, $matches)) {~~
100		~~$message = "Possible SQL injection detected: $key=>$value. <b>${matches[0]}</b>. Script terminated.";~~
101		~~write_log($message);~~
102		~~system_message($message);~~
103		~~die('<b>WARNING</b>: Possible SQL injection detected. Script terminated.');~~
104		}
105		~~} else {~~
106		~~foreach($value as $skey=>$svalue) {~~
107		~~if (!is_array($svalue)) {~~
108		~~if (match_sqlinjection($svalue, $matches)) {~~
109		~~$message = "Possible SQL injection detected: $skey=>$svalue <b>${matches[0]}</b>. Script terminated.";~~
110		~~write_log($message);~~
111		~~system_message($message);~~
112		~~die('<b>WARNING</b>: Possible SQL injection detected. Script terminated.');~~
113		}
114		}
115		}
116		}
117		}
118		}
119	113	?>

trunk/gui/include/system-message.php

r776	r1073
1	1	<?php
2	2	/**
3		* ~~ispCP (OMEGA) - Virtual Hosting Control System \| Omega Version~~
	3	* ispCP ω (OMEGA) a Virtual Hosting Control System
4	4	*
5		* @copyright 2001-2006 by moleSoftware GmbH
6		* @copyright 2006-2007 by ispCP \| http://isp-control.net
7		* @link http://isp-control.net
8		* @author ispCP Team (2007)
	5	* @copyright 2001-2006 by moleSoftware GmbH
	6	* @copyright 2006-2008 by ispCP \| http://isp-control.net
	7	* @version SVN: $ID$
	8	* @link http://isp-control.net
	9	* @author ispCP Team
9	10	*
10		* @license
11		* This program is free software; you can redistribute it and/or modify it under
12		* the terms of the MPL General Public License as published by the Free Software
13		* Foundation; either version 1.1 of the License, or (at your option) any later
14		* version.
15		* You should have received a copy of the MPL Mozilla Public License along with
16		* this program; if not, write to the Open Source Initiative (OSI)
17		* http://opensource.org \| osi@opensource.org
18		*
19		**/
	11	* @license
	12	* This program is free software; you can redistribute it and/or modify it under
	13	* the terms of the MPL General Public License as published by the Free Software
	14	* Foundation; either version 1.1 of the License, or (at your option) any later
	15	* version.
	16	* You should have received a copy of the MPL Mozilla Public License along with
	17	* this program; if not, write to the Open Source Initiative (OSI)
	18	* http://opensource.org \| osi@opensource.org
	19	*/
	20
	21	check_login(__FILE__);
20	22
21	23	function system_message($msg) {
…	…
23	25
24	26	if (isset($_SESSION['user_theme'])) {
25
26	27	$theme_color = $_SESSION['user_theme'];
27
28	28	} else {
29
30	29	$theme_color = $cfg['USER_INITIAL_THEME'];
31
32	30	}
33	31

Development

Navigation

Changeset 1073

Legend:

Download in other formats: