Development

Navigation

← Previous Changeset
Next Changeset →

Changeset 661

Timestamp:

06/20/07 19:25:46 (1 year ago)

Author:

raphael

Message:

Fixed #410: Undefined subroutine &main::get_file called
Improved security and removed redundant stuff
Fixed #403: Can't remove Mysql database

Files:

trunk/CHANGELOG (modified) (1 diff)
trunk/engine/ispcp-db-keys.pl (modified) (1 diff)
trunk/gui/admin/add_reseller.php (modified) (1 diff)
trunk/gui/admin/add_user.php (modified) (4 diffs)
trunk/gui/admin/admin_log.php (modified) (1 diff)
trunk/gui/admin/ahp.php (modified) (1 diff)
trunk/gui/admin/change_password.php (modified) (1 diff)
trunk/gui/admin/change_personal.php (modified) (1 diff)
trunk/gui/admin/change_status.php (modified) (1 diff)
trunk/gui/admin/change_user_interface.php (modified) (1 diff)
trunk/gui/admin/circular.php (modified) (1 diff)
trunk/gui/admin/custom_menus.php (modified) (1 diff)
trunk/gui/admin/delete_ip.php (modified) (1 diff)
trunk/gui/admin/delete_lang.php (modified) (1 diff)
trunk/gui/admin/delete_ticket.php (modified) (1 diff)
trunk/gui/admin/delete_user.php (modified) (1 diff)
trunk/gui/admin/dhp.php (modified) (1 diff)
trunk/gui/admin/domain_details.php (modified) (1 diff)
trunk/gui/admin/domain_statistics.php (modified) (1 diff)
trunk/gui/admin/edit_reseller.php (modified) (1 diff)
trunk/gui/admin/edit_user.php (modified) (1 diff)
trunk/gui/admin/ehp.php (modified) (1 diff)
trunk/gui/admin/email_setup.php (modified) (1 diff)
trunk/gui/admin/hp.php (modified) (1 diff)
trunk/gui/admin/index.php (modified) (1 diff)
trunk/gui/admin/ip_manage.php (modified) (1 diff)
trunk/gui/admin/ispcp_debugger.php (modified) (1 diff)
trunk/gui/admin/ispcp_updates.php (modified) (1 diff)
trunk/gui/admin/layout.php (modified) (1 diff)
trunk/gui/admin/lostpassword.php (modified) (1 diff)
trunk/gui/admin/manage_reseller_owners.php (modified) (1 diff)
trunk/gui/admin/manage_reseller_users.php (modified) (1 diff)
trunk/gui/admin/manage_sessions.php (modified) (1 diff)
trunk/gui/admin/manage_users.php (modified) (1 diff)
trunk/gui/admin/migration.php (modified) (2 diffs)
trunk/gui/admin/multilanguage.php (modified) (1 diff)
trunk/gui/admin/multilanguage_export.php (modified) (1 diff)
trunk/gui/admin/reseller_statistics.php (modified) (1 diff)
trunk/gui/admin/reseller_user_statistics.php (modified) (1 diff)
trunk/gui/admin/rootkit_log.php (modified) (1 diff)
trunk/gui/admin/server_day_stats.php (modified) (1 diff)
trunk/gui/admin/server_statistic.php (modified) (1 diff)
trunk/gui/admin/server_status.php (modified) (1 diff)
trunk/gui/admin/server_traffic_settings.php (modified) (1 diff)
trunk/gui/admin/servicemode.php (modified) (1 diff)
trunk/gui/admin/settings.php (modified) (1 diff)
trunk/gui/admin/settings_ports.php (modified) (1 diff)
trunk/gui/admin/ss_closed.php (modified) (1 diff)
trunk/gui/admin/support_system.php (modified) (1 diff)
trunk/gui/admin/sysinfo.php (modified) (1 diff)
trunk/gui/admin/view_ticket.php (modified) (1 diff)
trunk/keys/rpl.pl (modified) (3 diffs)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

trunk/CHANGELOG

r660	r661
10	10	\| * gui: disable stats-alias in client menu \|
11	11	\_________________________________________________________________/
	12
	13	2007-06-19 Raphael Geissert
	14	- INSTALLATION:
	15	* Fixed #410: Undefined subroutine &main::get_file called
	16	- GUI:
	17	* Improved security and removed redundant stuff
	18	* Fixed #403: Can't remove Mysql database
12	19
13	20	2007-06-18 Raphael Geissert

trunk/engine/ispcp-db-keys.pl

r659	r661
1	1
2		$main::db_pass_key = '{~~KEY~~}';
	2	$main::db_pass_key = '{XXXXXXXXXXXXXXKEYXXXXXXXXXXXXX}';
3	3
4		$main::db_pass_iv = '{IV}';
	4	$main::db_pass_iv = '{XXIVXX}';
5	5
6	6	return 1;

trunk/gui/admin/add_reseller.php

r653	r661
18	18	**/
19	19
20		~~includ~~e '../include/ispcp-lib.php';
21
22		check_login();
	20	require '../include/ispcp-lib.php';
	21
	22	check_login(__FILE__);
23	23
24	24	$tpl = new pTemplate();

trunk/gui/admin/add_user.php

r645	r661
18	18	**/
19	19
20		~~includ~~e '../include/ispcp-lib.php';
21
22		check_login();
	20	require '../include/ispcp-lib.php';
	21
	22	check_login(__FILE__);
23	23
24	24	$tpl = new pTemplate();
…	…
28	28	$tpl -> define_dynamic('page_message', 'page');
29	29
30		~~global $cfg;~~
31	30	$theme_color = $cfg['USER_INITIAL_THEME'];
32	31
…	…
215	214	global $sql;
216	215
217		$username= clean_input($_POST['username']);
	216	if (chk_username($_POST['username'])) {
	217
	218	set_page_message( tr("Incorrect username range or syntax!"));
	219
	220	return false;
	221	}
	222	if (chk_password($_POST['pass'])) {
	223
	224	set_page_message( tr("Incorrect password range or syntax!"));
	225
	226	return false;
	227	}
	228	if ($_POST['pass'] != $_POST['pass_rep']) {
	229
	230	set_page_message( tr("Entered passwords does not match!"));
	231
	232	return false;
	233	}
	234	if (chk_email($_POST['email'])) {
	235
	236	set_page_message( tr("Incorrect email range or syntax!"));
	237
	238	return false;
	239	}
218	240
219	241	$query = <<<SQL_QUERY
…	…
227	249	SQL_QUERY;
228	250
229		$rs = exec_query($sql, $query, array($username));
	251
	252	$username = clean_input($_POST['username']);
	253
	254	$rs = exec_query($sql, $query, array($username));
230	255
231	256	if($rs -> RecordCount() != 0){
232	257
233	258	set_page_message(tr('This user name already exist!'));
234
235		~~return false;~~
236		}
237		~~if (chk_username($_POST['username'])) {~~
238
239		~~set_page_message( tr("Incorrect username range or syntax!"));~~
240
241		~~return false;~~
242		}
243		~~if (chk_password($_POST['pass'])) {~~
244
245		~~set_page_message( tr("Incorrect password range or syntax!"));~~
246
247		~~return false;~~
248		}
249		~~if ($_POST['pass'] != $_POST['pass_rep']) {~~
250
251		~~set_page_message( tr("Entered passwords does not match!"));~~
252
253		~~return false;~~
254		}
255		~~if (chk_email($_POST['email'])) {~~
256
257		~~set_page_message( tr("Incorrect email range or syntax!"));~~
258	259
259	260	return false;

trunk/gui/admin/admin_log.php

r645	r661
19	19
20	20
21		~~includ~~e '../include/ispcp-lib.php';
22
23		check_login();
	21	require '../include/ispcp-lib.php';
	22
	23	check_login(__FILE__);
24	24
25	25	$tpl = new pTemplate();

trunk/gui/admin/ahp.php

r653	r661
19	19
20	20
21		~~includ~~e '../include/ispcp-lib.php';
22
23		check_login();
	21	require '../include/ispcp-lib.php';
	22
	23	check_login(__FILE__);
24	24
25	25	if ($cfg['HOSTING_PLANS_LEVEL'] != strtolower('admin')) {

trunk/gui/admin/change_password.php

r645	r661
20	20
21	21
22		~~includ~~e '../include/ispcp-lib.php';
	22	require '../include/ispcp-lib.php';
23	23
24		check_login();
	24	check_login(__FILE__);
25	25
26	26	$tpl = new pTemplate();

trunk/gui/admin/change_personal.php

r645	r661
114	114	}
115	115
116		~~includ~~e '../include/ispcp-lib.php';
	116	require '../include/ispcp-lib.php';
117	117
118		check_login();
	118	check_login(__FILE__);
119	119
120	120	$tpl = new pTemplate();

trunk/gui/admin/change_status.php

r474	r661
20	20
21	21
22		~~includ~~e '../include/ispcp-lib.php';
	22	require '../include/ispcp-lib.php';
23	23
24		check_login();
	24	check_login(__FILE__);
25	25
26	26

trunk/gui/admin/change_user_interface.php

r474	r661
20	20
21	21
22		~~includ~~e '../include/ispcp-lib.php';
	22	require '../include/ispcp-lib.php';
23	23
24		check_login();
	24	check_login(__FILE__);
25	25
26	26

trunk/gui/admin/circular.php

r649 r661

22 22 require '../include/ispcp-lib.php';
23 23
24 check_login();
24 check_login(__FILE__);
25 25
26 26 $tpl = new pTemplate();

trunk/gui/admin/custom_menus.php

r645	r661
291	291	// end site functions
292	292
293		~~includ~~e '../include/ispcp-lib.php';
294
295		check_login();
	293	require '../include/ispcp-lib.php';
	294
	295	check_login(__FILE__);
296	296
297	297	$tpl = new pTemplate();

trunk/gui/admin/delete_ip.php

r649	r661
19	19
20	20
21		~~includ~~e '../include/ispcp-lib.php';
	21	require '../include/ispcp-lib.php';
22	22
23		check_login();
	23	check_login(__FILE__);
24	24
25	25	/* do we have a proper delete_id ? */

trunk/gui/admin/delete_lang.php

r474	r661
20	20
21	21
22		~~includ~~e '../include/ispcp-lib.php';
	22	require '../include/ispcp-lib.php';
23	23
24		check_login();
	24	check_login(__FILE__);
25	25
26	26	/* do we have a proper delete_id ? */

trunk/gui/admin/delete_ticket.php

r474	r661
20	20
21	21
22		~~includ~~e '../include/ispcp-lib.php';
	22	require '../include/ispcp-lib.php';
23	23
24		check_login();
	24	check_login(__FILE__);
25	25
26	26	if (isset($_GET['ticket_id']) && $_GET['ticket_id'] !== '') {

trunk/gui/admin/delete_user.php

r653	r661
18	18	**/
19	19
20		~~includ~~e '../include/ispcp-lib.php';
	20	require '../include/ispcp-lib.php';
21	21
22		check_login();
	22	check_login(__FILE__);
23	23
24	24	/* do we have a proper delete_id ? */

trunk/gui/admin/dhp.php

r474	r661
18	18	**/
19	19
20		~~includ~~e '../include/ispcp-lib.php';
	20	require '../include/ispcp-lib.php';
21	21
22		check_login();
	22	check_login(__FILE__);
23	23
24	24	global $cfg;

trunk/gui/admin/domain_details.php

r645	r661
18	18	**/
19	19
20		~~includ~~e '../include/ispcp-lib.php';
21
22		check_login();
	20	require '../include/ispcp-lib.php';
	21
	22	check_login(__FILE__);
23	23
24	24	$tpl = new pTemplate();

trunk/gui/admin/domain_statistics.php

r645	r661
19	19
20	20
21		~~includ~~e '../include/ispcp-lib.php';
22
23		check_login();
	21	require '../include/ispcp-lib.php';
	22
	23	check_login(__FILE__);
24	24
25	25	$tpl = new pTemplate();

trunk/gui/admin/edit_reseller.php

r653	r661
20	20
21	21
22		~~includ~~e '../include/ispcp-lib.php';
23
24		check_login();
	22	require '../include/ispcp-lib.php';
	23
	24	check_login(__FILE__);
25	25
26	26	if (isset($_GET['edit_id'])) {

trunk/gui/admin/edit_user.php

r645	r661
20	20
21	21
22		~~includ~~e '../include/ispcp-lib.php';
23
24		check_login();
	22	require '../include/ispcp-lib.php';
	23
	24	check_login(__FILE__);
25	25
26	26	if (isset($_GET['edit_id'])) {

trunk/gui/admin/ehp.php

r653	r661
20	20
21	21
22		~~includ~~e '../include/ispcp-lib.php';
23
24		check_login();
	22	require '../include/ispcp-lib.php';
	23
	24	check_login(__FILE__);
25	25
26	26	if ($cfg['HOSTING_PLANS_LEVEL'] != strtolower('admin')) {

trunk/gui/admin/email_setup.php

r645	r661
20	20
21	21
22		~~includ~~e '../include/ispcp-lib.php';
	22	require '../include/ispcp-lib.php';
23	23
24		check_login();
	24	check_login(__FILE__);
25	25
26	26	$tpl = new pTemplate();

trunk/gui/admin/hp.php

r645	r661
21	21
22	22	// Begin page line
23		~~includ~~e '../include/ispcp-lib.php';
	23	require '../include/ispcp-lib.php';
24	24
25		check_login();
	25	check_login(__FILE__);
26	26
27	27	if ($cfg['HOSTING_PLANS_LEVEL'] != strtolower('admin')) {

trunk/gui/admin/index.php

r649	r661
20	20
21	21
22		~~includ~~e '../include/ispcp-lib.php';
23
24		check_login();
	22	require '../include/ispcp-lib.php';
	23
	24	check_login(__FILE__);
25	25
26	26	global $cfg;

trunk/gui/admin/ip_manage.php

r645	r661
19	19
20	20
21		~~includ~~e '../include/ispcp-lib.php';
22
23		check_login();
	21	require '../include/ispcp-lib.php';
	22
	23	check_login(__FILE__);
24	24
25	25	$tpl = new pTemplate();

trunk/gui/admin/ispcp_debugger.php

r645	r661
453	453	/* END system functions */
454	454
455		~~includ~~e '../include/ispcp-lib.php';
456
457		check_login();
	455	require '../include/ispcp-lib.php';
	456
	457	check_login(__FILE__);
458	458
459	459	$tpl = new pTemplate();

trunk/gui/admin/ispcp_updates.php

r649	r661
18	18	**/
19	19
20		~~includ~~e '../include/ispcp-lib.php';
	20	require '../include/ispcp-lib.php';
21	21
22		check_login();
	22	check_login(__FILE__);
23	23
24	24	/* BEGIN common functions */

trunk/gui/admin/layout.php

r653	r661
18	18	**/
19	19
20		~~includ~~e '../include/ispcp-lib.php';
21
22		check_login();
	20	require '../include/ispcp-lib.php';
	21
	22	check_login(__FILE__);
23	23
24	24	function save_layout(&$sql) {

trunk/gui/admin/lostpassword.php

r645	r661
18	18	**/
19	19
20		~~includ~~e '../include/ispcp-lib.php';
	20	require '../include/ispcp-lib.php';
21	21
22		check_login();
	22	check_login(__FILE__);
23	23
24	24	$tpl = new pTemplate();

trunk/gui/admin/manage_reseller_owners.php

r645	r661
19	19
20	20
21		~~includ~~e '../include/ispcp-lib.php';
22
23		check_login();
	21	require '../include/ispcp-lib.php';
	22
	23	check_login(__FILE__);
24	24
25	25	$tpl = new pTemplate();

trunk/gui/admin/manage_reseller_users.php

r645	r661
18	18	**/
19	19
20		~~includ~~e '../include/ispcp-lib.php';
21
22		check_login();
	20	require '../include/ispcp-lib.php';
	21
	22	check_login(__FILE__);
23	23
24	24	$tpl = new pTemplate();

trunk/gui/admin/manage_sessions.php

r645	r661
19	19
20	20
21		~~includ~~e '../include/ispcp-lib.php';
	21	require '../include/ispcp-lib.php';
22	22
23		check_login();
	23	check_login(__FILE__);
24	24
25	25	$tpl = new pTemplate();

trunk/gui/admin/manage_users.php

r645	r661
20	20
21	21
22		~~includ~~e '../include/ispcp-lib.php';
	22	require '../include/ispcp-lib.php';
23	23
24		check_login();
	24	check_login(__FILE__);
25	25
26	26	$tpl = new pTemplate();

trunk/gui/admin/migration.php

r474	r661
18	18	**/
19	19
20		~~includ~~e '../include/ispcp-lib.php';
	20	require '../include/ispcp-lib.php';
21	21
22		check_login();
	22	check_login(__FILE__);
23	23
24	24	$query = <<<SQL_QUERY
…	…
84	84
85	85	$rs = execute_query($sql, $query);
86		print "Emails updated";
	86	print "Emails updated";
87	87
88	88

trunk/gui/admin/multilanguage.php

r660	r661
18	18	**/
19	19
20		~~includ~~e '../include/ispcp-lib.php';
21
22		check_login();
	20	require '../include/ispcp-lib.php';
	21
	22	check_login(__FILE__);
23	23
24	24	$tpl = new pTemplate();

trunk/gui/admin/multilanguage_export.php

r650	r661
18	18	**/
19	19
20		~~includ~~e '../include/ispcp-lib.php';
	20	require '../include/ispcp-lib.php';
21	21
22	22	// Security
23		check_login();
	23	check_login(__FILE__);
24	24
25	25	if (isset($_GET['export_lang']) && $_GET['export_lang'] !== ''){

trunk/gui/admin/reseller_statistics.php

r645	r661
19	19
20	20
21		~~includ~~e '../include/ispcp-lib.php';
22
23		check_login();
	21	require '../include/ispcp-lib.php';
	22
	23	check_login(__FILE__);
24	24
25	25	$tpl = new pTemplate();

trunk/gui/admin/reseller_user_statistics.php

r645	r661
19	19
20	20
21		~~includ~~e '../include/ispcp-lib.php';
22
23		check_login();
	21	require '../include/ispcp-lib.php';
	22
	23	check_login(__FILE__);
24	24
25	25	$tpl = new pTemplate();

trunk/gui/admin/rootkit_log.php

r649	r661
18	18	**/
19	19
20		~~includ~~e '../include/ispcp-lib.php';
	20	require '../include/ispcp-lib.php';
21	21
22		check_login();
	22	check_login(__FILE__);
23	23
24	24	$tpl = new pTemplate();

trunk/gui/admin/server_day_stats.php

r645	r661
20	20
21	21
22		~~includ~~e '../include/ispcp-lib.php';
23
24		check_login();
	22	require '../include/ispcp-lib.php';
	23
	24	check_login(__FILE__);
25	25
26	26	$tpl = new pTemplate();

trunk/gui/admin/server_statistic.php

r645	r661
20	20
21	21
22		~~includ~~e '../include/ispcp-lib.php';
23
24		check_login();
	22	require '../include/ispcp-lib.php';
	23
	24	check_login(__FILE__);
25	25
26	26	$tpl = new pTemplate();

trunk/gui/admin/server_status.php

r645	r661
18	18	**/
19	19
20		~~includ~~e '../include/ispcp-lib.php';
21
22		check_login();
	20	require '../include/ispcp-lib.php';
	21
	22	check_login(__FILE__);
23	23
24	24	$tpl = new pTemplate();

trunk/gui/admin/server_traffic_settings.php

r645	r661
19	19
20	20
21		~~includ~~e '../include/ispcp-lib.php';
	21	require '../include/ispcp-lib.php';
22	22
23		check_login();
	23	check_login(__FILE__);
24	24
25	25	$tpl = new pTemplate();

trunk/gui/admin/servicemode.php

r645	r661
18	18	**/
19	19
20		~~includ~~e '../include/ispcp-lib.php';
	20	require '../include/ispcp-lib.php';
21	21
22		check_login();
	22	check_login(__FILE__);
23	23
24	24	$tpl = new pTemplate();

trunk/gui/admin/settings.php

r645	r661
18	18	**/
19	19
20		~~includ~~e '../include/ispcp-lib.php';
	20	require '../include/ispcp-lib.php';
21	21
22		check_login();
	22	check_login(__FILE__);
23	23
24	24	$tpl = new pTemplate();

trunk/gui/admin/settings_ports.php

r645	r661
18	18	**/
19	19
20		~~includ~~e '../include/ispcp-lib.php';
21
22		check_login();
	20	require '../include/ispcp-lib.php';
	21
	22	check_login(__FILE__);
23	23
24	24	$tpl = new pTemplate();

trunk/gui/admin/ss_closed.php

r645	r661
18	18	**/
19	19
20		~~includ~~e '../include/ispcp-lib.php';
21
22		check_login();
	20	require '../include/ispcp-lib.php';
	21
	22	check_login(__FILE__);
23	23
24	24	if (!$cfg['ISPCP_SUPPORT_SYSTEM']) {

trunk/gui/admin/support_system.php

r645	r661
18	18	**/
19	19
20		~~includ~~e '../include/ispcp-lib.php';
21
22		check_login();
	20	require '../include/ispcp-lib.php';
	21
	22	check_login(__FILE__);
23	23
24	24	if (!$cfg['ISPCP_SUPPORT_SYSTEM']) {

trunk/gui/admin/sysinfo.php

r645	r661
46	46
47	47
48		~~includ~~e '../include/ispcp-lib.php';
49
50		check_login();
	48	require '../include/ispcp-lib.php';
	49
	50	check_login(__FILE__);
51	51
52	52	$tpl = new pTemplate();

trunk/gui/admin/view_ticket.php

r649	r661
19	19
20	20
21		~~includ~~e '../include/ispcp-lib.php';
22
23		check_login();
	21	require '../include/ispcp-lib.php';
	22
	23	check_login(__FILE__);
24	24
25	25	if (!$cfg['ISPCP_SUPPORT_SYSTEM']) {

trunk/keys/rpl.pl

r660	r661
1	1	#!/usr/bin/perl
	2
	3	use FindBin;
	4
	5	use lib "$FindBin::Bin/../engine";
	6	require 'ispcp_common_code.pl';
2	7
3	8	use strict;
…	…
22	27
23	28	my %tag_hash = (
24		'{~~KEY~~}' => $key,
25		'{IV}' => $iv
	29	'{XXXXXXXXXXXXXXKEYXXXXXXXXXXXXX}' => $key,
	30	'{XXIVXX}' => $iv
26	31	);
27	32
…	…
56	61
57	62	return $rs if ($rs != 0);
58
59
60		~~sub gen_sys_rand_num {~~
61
62		~~my ($len) = @_;~~
63
64		~~if (!defined($len) \|\| ($len eq '')) {~~
65
66		~~print STDERR "gen_sys_rand_num() ERROR: Undefined input data, len: \|$len\| !";~~
67
68		~~return (-1, '');~~
69
70		}
71
72		~~if (0 >= $len ) {~~
73
74		~~print STDERR "gen_sys_rand_num() ERROR: Input data length '$len' is zero or negative !";~~
75
76		~~return (-1, '');~~
77
78		}
79
80		~~my $rs = open(F, '<', '/dev/random');~~
81
82		~~if (!defined($rs)) {~~
83
84		~~print STDERR "gen_sys_rand_num() ERROR: Couldn't open the pseudo-random characters generator";~~
85
86		~~return (-1, '');~~
87
88		}
89
90		~~my ($i, $rdata, $rc, $rci) = (0, undef, undef, undef);~~
91
92		~~while ($i < $len) {~~
93
94		~~read(F, $rc, 1);~~
95
96		~~$rci = ord($rc);~~
97
98		~~next if ($rci <= 32 \|\| $rci >= 125 \|\| $rci == 92 );~~
99
100		~~$rdata .= $rc;~~
101		~~$rc = undef;~~
102		~~$i++;~~
103
104		}
105
106		~~close(F);~~
107
108		~~return (0, $rdata);~~
109
110		}

Development

Navigation

Changeset 661

Legend:

Download in other formats: