Development

Navigation

← Previous Changeset
Next Changeset →

Changeset 662

Timestamp:

06/20/07 19:33:03 (1 year ago)

Author:

raphael

Message:

Fixed #410: Undefined subroutine &main::get_file called
Improved security and removed redundant stuff
Fixed #403: Can't remove Mysql database

Files:

trunk/gui/client/add_alias.php (modified) (1 diff)
trunk/gui/client/add_ftp_acc.php (modified) (1 diff)
trunk/gui/client/add_mail_acc.php (modified) (1 diff)
trunk/gui/client/add_sql_database.php (modified) (1 diff)
trunk/gui/client/add_subdomain.php (modified) (1 diff)
trunk/gui/client/backup.php (modified) (1 diff)
trunk/gui/client/catchall.php (modified) (1 diff)
trunk/gui/client/change_password.php (modified) (1 diff)
trunk/gui/client/change_personal.php (modified) (1 diff)
trunk/gui/client/change_user_interface.php (modified) (2 diffs)
trunk/gui/client/create_catchall.php (modified) (1 diff)
trunk/gui/client/cronjobs_add.php (modified) (1 diff)
trunk/gui/client/cronjobs_edit.php (modified) (1 diff)
trunk/gui/client/cronjobs_overview.php (modified) (1 diff)
trunk/gui/client/delete_als.php (modified) (1 diff)
trunk/gui/client/delete_catchall.php (modified) (1 diff)
trunk/gui/client/delete_ftp_acc.php (modified) (1 diff)
trunk/gui/client/delete_mail_acc.php (modified) (1 diff)
trunk/gui/client/delete_sql_database.php (modified) (1 diff)
trunk/gui/client/delete_sub.php (modified) (1 diff)
trunk/gui/client/delete_ticket.php (modified) (1 diff)
trunk/gui/client/disable_als_fwd.php (modified) (1 diff)
trunk/gui/client/disable_mail_arsp.php (modified) (1 diff)
trunk/gui/client/domain_statistics.php (modified) (1 diff)
trunk/gui/client/edit_ftp_acc.php (modified) (1 diff)
trunk/gui/client/edit_mail_acc.php (modified) (1 diff)
trunk/gui/client/edit_mail_arsp.php (modified) (1 diff)
trunk/gui/client/email_accounts.php (modified) (1 diff)
trunk/gui/client/enable_als_fwd.php (modified) (1 diff)
trunk/gui/client/enable_mail_arsp.php (modified) (1 diff)
trunk/gui/client/error_edit.php (modified) (2 diffs)
trunk/gui/client/error_pages.php (modified) (1 diff)
trunk/gui/client/ftp_accounts.php (modified) (1 diff)
trunk/gui/client/ftp_choose_dir.php (modified) (1 diff)
trunk/gui/client/index.php (modified) (1 diff)
trunk/gui/client/language.php (modified) (1 diff)
trunk/gui/client/manage_domains.php (modified) (1 diff)
trunk/gui/client/manage_sql.php (modified) (1 diff)
trunk/gui/client/new_ticket.php (modified) (1 diff)
trunk/gui/client/protect_delete.php (modified) (1 diff)
trunk/gui/client/protect_it.php (modified) (1 diff)
trunk/gui/client/protected_areas.php (modified) (1 diff)
trunk/gui/client/puser_assign.php (modified) (1 diff)
trunk/gui/client/puser_assign2.php (modified) (1 diff)
trunk/gui/client/puser_delete.php (modified) (2 diffs)
trunk/gui/client/puser_edit.php (modified) (1 diff)
trunk/gui/client/puser_gadd.php (modified) (1 diff)
trunk/gui/client/puser_gdelete.php (modified) (6 diffs)
trunk/gui/client/puser_manage.php (modified) (1 diff)
trunk/gui/client/puser_uadd.php (modified) (1 diff)
trunk/gui/client/sql_add_user.php (modified) (1 diff)
trunk/gui/client/sql_change_password.php (modified) (1 diff)
trunk/gui/client/sql_delete_user.php (modified) (1 diff)
trunk/gui/client/sql_execute_query.php (modified) (1 diff)
trunk/gui/client/ss_closed.php (modified) (1 diff)
trunk/gui/client/support_system.php (modified) (1 diff)
trunk/gui/client/unprotect_it.php (modified) (1 diff)
trunk/gui/client/update_hp.php (modified) (1 diff)
trunk/gui/client/view_ticket.php (modified) (1 diff)
trunk/gui/client/webtools.php (modified) (1 diff)
trunk/gui/include/client-functions.php (modified) (2 diffs)
trunk/gui/include/ispcp-config.php (modified) (2 diffs)
trunk/gui/include/ispcp-db-keys.php (modified) (1 diff)
trunk/gui/include/ispcp-lib.php (modified) (2 diffs)
trunk/gui/include/login.php (modified) (1 diff)
trunk/gui/include/sql.php (modified) (3 diffs)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

trunk/gui/client/add_alias.php

r645	r662
18	18	**/
19	19
20		~~includ~~e '../include/ispcp-lib.php';
21
22		check_login();
	20	require '../include/ispcp-lib.php';
	21
	22	check_login(__FILE__);
23	23
24	24	$tpl = new pTemplate();

trunk/gui/client/add_ftp_acc.php

r645	r662
18	18	**/
19	19
20		~~includ~~e '../include/ispcp-lib.php';
	20	require '../include/ispcp-lib.php';
21	21	require '../include/vfs.php';
22	22
23		check_login();
	23	check_login(__FILE__);
24	24
25	25	$tpl = new pTemplate();

trunk/gui/client/add_mail_acc.php

r645	r662
18	18	**/
19	19
20		~~includ~~e '../include/ispcp-lib.php';
21
22		check_login();
	20	require '../include/ispcp-lib.php';
	21
	22	check_login(__FILE__);
23	23
24	24	$tpl = new pTemplate();

trunk/gui/client/add_sql_database.php

r645	r662
18	18	**/
19	19
20		~~includ~~e '../include/ispcp-lib.php';
21
22		check_login();
	20	require '../include/ispcp-lib.php';
	21
	22	check_login(__FILE__);
23	23
24	24	$tpl = new pTemplate();

trunk/gui/client/add_subdomain.php

r655	r662
19	19
20	20
21		~~includ~~e '../include/ispcp-lib.php';
22
23		check_login();
	21	require '../include/ispcp-lib.php';
	22
	23	check_login(__FILE__);
24	24
25	25	$tpl = new pTemplate();

trunk/gui/client/backup.php

r645	r662
19	19
20	20
21		~~includ~~e '../include/ispcp-lib.php';
	21	require '../include/ispcp-lib.php';
22	22
23		check_login();
	23	check_login(__FILE__);
24	24
25	25	$tpl = new pTemplate();

trunk/gui/client/catchall.php

r645	r662
19	19
20	20
21		~~includ~~e '../include/ispcp-lib.php';
22
23		check_login();
	21	require '../include/ispcp-lib.php';
	22
	23	check_login(__FILE__);
24	24
25	25	$tpl = new pTemplate();

trunk/gui/client/change_password.php

r645	r662
19	19
20	20
21		~~includ~~e '../include/ispcp-lib.php';
	21	require '../include/ispcp-lib.php';
22	22
23		check_login();
	23	check_login(__FILE__);
24	24
25	25	$tpl = new pTemplate();

trunk/gui/client/change_personal.php

r645	r662
94	94	}
95	95
96		~~includ~~e '../include/ispcp-lib.php';
	96	require '../include/ispcp-lib.php';
97	97
98		check_login();
	98	check_login(__FILE__);
99	99
100	100	$tpl = new pTemplate();

trunk/gui/client/change_user_interface.php

r474	r662
19	19
20	20
21		~~includ~~e '../include/ispcp-lib.php';
	21	require '../include/ispcp-lib.php';
22	22
23		check_login();
	23	check_login(__FILE__);
24	24
25	25	// lets back to admin or reseller interfase - am i admin/reseller or what ? :-)
…	…
30	30
31	31	$from_id = $_SESSION['user_id'];
32
	32
33	33	$to_id = $_SESSION['logged_from_id'];
34	34
35	35	// SESSIONS are OK -> so lets go back
36	36	$dest = change_user_interface($from_id, $to_id);
37
	37
38	38	if ($dest == false){
39
	39
40	40	//dumpass - don't try to change your interface
41	41	header('Location: index.php');
42	42	die();
43
	43
44	44	} else {
45		// ------------------------------------------
46		// ------------------------------------------
	45	// ------------------------------------------
	46	// ------------------------------------------
47	47	if (isset($_SESSION['logged_from']))
48
	48
49	49	unset($_SESSION['logged_from']);
50
	50
51	51	if (isset($_SESSION['logged_from_id']))
52
	52
53	53	unset($_SESSION['logged_from_id']);
54		// ------------------------------------------
	54	// ------------------------------------------
55	55	// ------------------------------------------
56	56	if (isset($GLOBALS['logged_from']))
57
	57
58	58	unset($GLOBALS['logged_from']);
59
	59
60	60	if (isset($GLOBALS['logged_from_id']))
61
	61
62	62	unset($GLOBALS['logged_from_id']);
63		~~// ------------------------------------------~~
64	63	// ------------------------------------------
65
	64	// ------------------------------------------
	65
66	66	header("Location: $dest");
67
	67
68	68	}
69	69	die();

trunk/gui/client/create_catchall.php

r645	r662
19	19
20	20
21		~~includ~~e '../include/ispcp-lib.php';
22
23		check_login();
	21	require '../include/ispcp-lib.php';
	22
	23	check_login(__FILE__);
24	24
25	25	$tpl = new pTemplate();

trunk/gui/client/cronjobs_add.php

r645	r662
19	19
20	20
21		~~includ~~e '../include/ispcp-lib.php';
	21	require '../include/ispcp-lib.php';
22	22
23		check_login();
	23	check_login(__FILE__);
24	24
25	25	$tpl = new pTemplate();

trunk/gui/client/cronjobs_edit.php

r645	r662
19	19
20	20
21		~~includ~~e '../include/ispcp-lib.php';
	21	require '../include/ispcp-lib.php';
22	22
23		check_login();
	23	check_login(__FILE__);
24	24
25	25	$tpl = new pTemplate();

trunk/gui/client/cronjobs_overview.php

r645	r662
20	20
21	21
22		~~includ~~e '../include/ispcp-lib.php';
	22	require '../include/ispcp-lib.php';
23	23
24		check_login();
	24	check_login(__FILE__);
25	25
26	26	$tpl = new pTemplate();

trunk/gui/client/delete_als.php

r474	r662
18	18	**/
19	19
20		~~includ~~e '../include/ispcp-lib.php';
	20	require '../include/ispcp-lib.php';
21	21
22		check_login();
	22	check_login(__FILE__);
23	23
24	24	if (isset($_GET['id']) && $_GET['id'] !== '') {

trunk/gui/client/delete_catchall.php

r474	r662
20	20
21	21
22		~~includ~~e '../include/ispcp-lib.php';
	22	require '../include/ispcp-lib.php';
23	23
24		check_login();
	24	check_login(__FILE__);
25	25
26	26	if (isset($_GET['id']) && $_GET['id'] !== '') {

trunk/gui/client/delete_ftp_acc.php

r653	r662
20	20
21	21
22		~~includ~~e '../include/ispcp-lib.php';
	22	require '../include/ispcp-lib.php';
23	23
24		check_login();
	24	check_login(__FILE__);
25	25
26	26	if (isset($_GET['id']) && $_GET['id'] !== '') {

trunk/gui/client/delete_mail_acc.php

r474	r662
19	19
20	20
21		~~includ~~e '../include/ispcp-lib.php';
	21	require '../include/ispcp-lib.php';
22	22
23		check_login();
	23	check_login(__FILE__);
24	24
25	25	if (isset($_GET['id']) && $_GET['id'] !== '') {

trunk/gui/client/delete_sql_database.php

r474	r662
19	19
20	20
21		~~includ~~e '../include/ispcp-lib.php';
	21	require '../include/ispcp-lib.php';
22	22
23		check_login();
	23	check_login(__FILE__);
24	24
25	25	if (isset($_GET['id'])) {

trunk/gui/client/delete_sub.php

r474	r662
18	18	**/
19	19
20		~~includ~~e '../include/ispcp-lib.php';
	20	require '../include/ispcp-lib.php';
21	21
22		check_login();
	22	check_login(__FILE__);
23	23
24	24	if (isset($_GET['id']) && $_GET['id'] !== '') {

trunk/gui/client/delete_ticket.php

r474	r662
19	19
20	20
21		~~includ~~e '../include/ispcp-lib.php';
	21	require '../include/ispcp-lib.php';
22	22
23		check_login();
	23	check_login(__FILE__);
24	24
25	25	if (isset($_GET['ticket_id']) && $_GET['ticket_id'] !== '') {

trunk/gui/client/disable_als_fwd.php

r474	r662
20	20
21	21
22		~~includ~~e '../include/ispcp-lib.php';
	22	require '../include/ispcp-lib.php';
23	23
24		check_login();
	24	check_login(__FILE__);
25	25
26	26	if (isset($_GET['id']) && $_GET['id'] !== '') {

trunk/gui/client/disable_mail_arsp.php

r474	r662
19	19
20	20
21		~~includ~~e '../include/ispcp-lib.php';
	21	require '../include/ispcp-lib.php';
22	22
23		check_login();
	23	check_login(__FILE__);
24	24
25	25	function check_email_user(&$sql) {

trunk/gui/client/domain_statistics.php

r645	r662
19	19
20	20
21		~~includ~~e '../include/ispcp-lib.php';
22
23		check_login();
	21	require '../include/ispcp-lib.php';
	22
	23	check_login(__FILE__);
24	24
25	25	$tpl = new pTemplate();

trunk/gui/client/edit_ftp_acc.php

r653	r662
18	18	**/
19	19
20		~~includ~~e '../include/ispcp-lib.php';
21
22		check_login();
	20	require '../include/ispcp-lib.php';
	21
	22	check_login(__FILE__);
23	23
24	24	if (isset($_GET['id'])) {

trunk/gui/client/edit_mail_acc.php

r645	r662
19	19
20	20
21		~~includ~~e '../include/ispcp-lib.php';
22
23		check_login();
	21	require '../include/ispcp-lib.php';
	22
	23	check_login(__FILE__);
24	24
25	25	$tpl = new pTemplate();

trunk/gui/client/edit_mail_arsp.php

r645	r662
20	20
21	21
22		~~includ~~e '../include/ispcp-lib.php';
	22	require '../include/ispcp-lib.php';
23	23
24		check_login();
	24	check_login(__FILE__);
25	25
26	26	$tpl = new pTemplate();

trunk/gui/client/email_accounts.php

r660	r662
19	19
20	20
21		~~includ~~e '../include/ispcp-lib.php';
22
23		check_login();
	21	require '../include/ispcp-lib.php';
	22
	23	check_login(__FILE__);
24	24
25	25	$tpl = new pTemplate();

trunk/gui/client/enable_als_fwd.php

r645	r662
20	20
21	21
22		~~includ~~e '../include/ispcp-lib.php';
23
24		check_login();
	22	require '../include/ispcp-lib.php';
	23
	24	check_login(__FILE__);
25	25
26	26	$tpl = new pTemplate();

trunk/gui/client/enable_mail_arsp.php

r645	r662
19	19
20	20
21		~~includ~~e '../include/ispcp-lib.php';
	21	require '../include/ispcp-lib.php';
22	22
23		check_login();
	23	check_login(__FILE__);
24	24
25	25	$tpl = new pTemplate();

trunk/gui/client/error_edit.php

r645	r662
19	19
20	20	require '../include/vfs.php';
21		~~includ~~e '../include/ispcp-lib.php';
	21	require '../include/ispcp-lib.php';
22	22
23	23	function gen_error_page_data(&$tpl, &$sql, $user_id, $eid)
…	…
41	41
42	42
43		~~includ~~e '../include/ispcp-lib.php';
	43	require '../include/ispcp-lib.php';
44	44
45		check_login();
	45	check_login(__FILE__);
46	46
47	47	$tpl = new pTemplate();

trunk/gui/client/error_pages.php

r645	r662
41	41	}
42	42
43		~~includ~~e '../include/ispcp-lib.php';
	43	require '../include/ispcp-lib.php';
44	44
45		check_login();
	45	check_login(__FILE__);
46	46
47	47	$tpl = new pTemplate();

trunk/gui/client/ftp_accounts.php

r645	r662
19	19
20	20
21		~~includ~~e '../include/ispcp-lib.php';
22
23		check_login();
	21	require '../include/ispcp-lib.php';
	22
	23	check_login(__FILE__);
24	24
25	25	$tpl = new pTemplate();

trunk/gui/client/ftp_choose_dir.php

r660	r662
19	19
20	20	require '../include/vfs.php';
21		~~includ~~e '../include/ispcp-lib.php';
	21	require '../include/ispcp-lib.php';
22	22
23		check_login();
	23	check_login(__FILE__);
24	24
25	25	$tpl = new pTemplate();

trunk/gui/client/index.php

r645	r662
273	273	}
274	274
275		~~includ~~e '../include/ispcp-lib.php';
276
277		check_login();
	275	require '../include/ispcp-lib.php';
	276
	277	check_login(__FILE__);
278	278
279	279	$tpl = new pTemplate();

trunk/gui/client/language.php

r645	r662
18	18	**/
19	19
20		~~includ~~e '../include/ispcp-lib.php';
	20	require '../include/ispcp-lib.php';
21	21
22		check_login();
	22	check_login(__FILE__);
23	23
24	24	$tpl = new pTemplate();

trunk/gui/client/manage_domains.php

r645	r662
19	19
20	20
21		~~includ~~e '../include/ispcp-lib.php';
22
23		check_login();
	21	require '../include/ispcp-lib.php';
	22
	23	check_login(__FILE__);
24	24
25	25	$tpl = new pTemplate();

trunk/gui/client/manage_sql.php

r645	r662
19	19
20	20
21		~~includ~~e '../include/ispcp-lib.php';
	21	require '../include/ispcp-lib.php';
22	22
23		check_login();
	23	check_login(__FILE__);
24	24
25	25	$tpl = new pTemplate();

trunk/gui/client/new_ticket.php

r645	r662
20	20
21	21
22		~~includ~~e '../include/ispcp-lib.php';
	22	require '../include/ispcp-lib.php';
23	23
24		check_login();
	24	check_login(__FILE__);
25	25
26	26	$tpl = new pTemplate();

trunk/gui/client/protect_delete.php

r474	r662
17	17	* http://opensource.org \| osi@opensource.org
18	18	**/
19
20		~~include '../include/ispcp-lib.php';~~
21	19
22		check_login();
	20	require '../include/ispcp-lib.php';
	21
	22	check_login(__FILE__);
23	23
24	24	if (isset($_GET['id']) && $_GET['id'] !== '') {

trunk/gui/client/protect_it.php

r645	r662
18	18	**/
19	19
20		~~includ~~e '../include/ispcp-lib.php';
	20	require '../include/ispcp-lib.php';
21	21	require '../include/vfs.php';
22	22
23		check_login();
	23	check_login(__FILE__);
24	24
25	25	$tpl = new pTemplate();

trunk/gui/client/protected_areas.php

r645	r662
20	20
21	21
22		~~includ~~e '../include/ispcp-lib.php';
	22	require '../include/ispcp-lib.php';
23	23
24		check_login();
	24	check_login(__FILE__);
25	25
26	26	$tpl = new pTemplate();

trunk/gui/client/puser_assign.php

r645	r662
20	20
21	21
22		~~includ~~e '../include/ispcp-lib.php';
23
24		check_login();
	22	require '../include/ispcp-lib.php';
	23
	24	check_login(__FILE__);
25	25
26	26	$tpl = new pTemplate();

trunk/gui/client/puser_assign2.php

r645	r662
18	18	**/
19	19
20		~~includ~~e '../include/ispcp-lib.php';
21
22		check_login();
	20	require '../include/ispcp-lib.php';
	21
	22	check_login(__FILE__);
23	23
24	24	$tpl = new pTemplate();

trunk/gui/client/puser_delete.php

r474	r662
20	20
21	21
22		~~includ~~e '../include/ispcp-lib.php';
	22	require '../include/ispcp-lib.php';
23	23
24		check_login();
	24	check_login(__FILE__);
25	25
26	26	$dmn_id = get_user_domain_id($sql, $_SESSION['user_id']);
…	…
53	53	update
54	54	htaccess_users
55		set
56		status = ?
57		where
	55	set
	56	status = ?
	57	where
58	58	id = ?
59	59	and

trunk/gui/client/puser_edit.php

r645	r662
19	19
20	20
21		~~includ~~e '../include/ispcp-lib.php';
22
23		check_login();
	21	require '../include/ispcp-lib.php';
	22
	23	check_login(__FILE__);
24	24
25	25	$tpl = new pTemplate();

trunk/gui/client/puser_gadd.php

r645	r662
20	20
21	21
22		~~includ~~e '../include/ispcp-lib.php';
	22	require '../include/ispcp-lib.php';
23	23
24		check_login();
	24	check_login(__FILE__);
25	25
26	26	$tpl = new pTemplate();

trunk/gui/client/puser_gdelete.php

r474	r662
19	19
20	20
21		~~includ~~e '../include/ispcp-lib.php';
	21	require '../include/ispcp-lib.php';
22	22
23		check_login();
	23	check_login(__FILE__);
24	24
25	25	$dmn_id = get_user_domain_id($sql, $_SESSION['user_id']);
…	…
37	37
38	38	$query = <<<SQL_QUERY
39		update
	39	update
40	40	htaccess_groups
41	41	set
42	42	status = ?
43		where
	43	where
44	44	id = ?
45	45	and
…	…
69	69	for ($i = 0; $i < count($grp_id_splited); $i++) {
70	70	//Does this group affect some htaccess ?
71		if ($grp_id_splited[$i] == $group_id) {
72		//oh -> our group was used in htaccess
73		if (count($grp_id_splited) < 2 && count($grp_id_splited) > 0){
74		$status = $cfg['ITEM_DELETE_STATUS'];
75		} else {
	71	if ($grp_id_splited[$i] == $group_id) {
	72	//oh -> our group was used in htaccess
	73	if (count($grp_id_splited) < 2 && count($grp_id_splited) > 0){
	74	$status = $cfg['ITEM_DELETE_STATUS'];
	75	} else {
76	76	$grp_id = preg_replace("/$group_id/", "", "$grp_id");
77	77	$grp_id = preg_replace("/,,/", ",", "$grp_id");
…	…
91	91
92	92	$rs_update = exec_query($sql, $update_query, array($grp_id, $status, $ht_id));
93
94		}
95
	93
	94	}
	95
96	96
97	97	}
…	…
99	99	$rs -> MoveNext();
100	100	}
101
	101
102	102	//we like to have our changes honoured to make group-deletion even without htaccess - relation possible!
103	103	$status = $cfg['ITEM_CHANGE_STATUS'];
…	…
108	108	status = ?
109	109	where
110		dmn_id = ?
111		and
	110	dmn_id = ?
	111	and
112	112	status NOT like 'delete'
113	113	SQL_QUERY;
114		$rs = exec_query($sql, $query, array($status, $dmn_id));
115
	114	$rs = exec_query($sql, $query, array($status, $dmn_id));
	115
116	116
117	117	check_for_lock_file();

trunk/gui/client/puser_manage.php

r645 r662

19 19
20 20
21 ~~includ~~e '../include/ispcp-lib.php';
22
23 check_login();
21 require '../include/ispcp-lib.php';
22