Search
Search
Search
Search
Information
Information
Light
Dark
Open actions menu
Basic upload method
Bypass upload method
Tips!
If you encounter an error (by firewall) while uploading using both methods,
try changing extension of the file before uploading it and rename it right after.
This uploader supports multiple file upload.
Submit
~
scripts
class
File Content:
HRPanel_AISA_Lib.php
<?php class HRPanelAISALib { private $zdbh; private $mail_db; public function __construct() { require('/etc/sentora/panel/cnf/db.php'); require_once('/etc/sentora/panel/dryden/db/driver.class.php'); include_once('/etc/sentora/panel/dryden/debug/logger.class.php'); include_once('/etc/sentora/panel/dryden/runtime/dataobject.class.php'); include_once('/etc/sentora/panel/dryden/runtime/controller.class.php'); include_once('/etc/sentora/panel/dryden/runtime/hook.class.php'); include_once('/etc/sentora/panel/dryden/sys/versions.class.php'); include_once('/etc/sentora/panel/dryden/ctrl/options.class.php'); include_once('/etc/sentora/panel/dryden/fs/director.class.php'); include_once('/etc/sentora/panel/dryden/fs/filehandler.class.php'); include_once('/etc/sentora/panel/inc/dbc.inc.php'); $mailserver_db = ctrl_options::GetSystemOption('mailserver_db'); try { //$this->zdbh = new db_driver("mysql:host=" . $host . ";dbname=" . $dbname . "", $user, $pass); $dsn = "mysql:dbname=$dbname;$ovi_socket_path"; $this->zdbh = new db_driver($dsn, $user, $pass, array(PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES 'utf8'")); $this->zdbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); //$this->mail_db = new db_driver("mysql:host=" . $host . ";dbname=" . $mailserver_db . "", $user, $pass); $dsn = "mysql:dbname=$dbname;$ovi_socket_path"; $this->mail_db = new db_driver($dsn, $user, $pass, array(PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES 'utf8'")); $this->mail_db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); } catch (PDOException $e) { exit(); } } // ******************************************* 01-02-2018 Working Start ******************************************* // public function UpdateDirectory($domain_name,$path) { $domain_name=runtime_sanatizeItem::sanatizeItem(runtime_xss::xssClean($domain_name),'url'); $path=runtime_sanatizeItem::sanatizeItem(runtime_xss::xssClean($path),'string'); $sql = "select * from x_vhosts where vh_name_vc=:domain and vh_deleted_ts IS NULL"; $numrows = $this->zdbh->prepare($sql); $numrows->bindParam(':domain', $domain_name); $numrows->execute(); if ($numrows->rowCount() == 0) { return false; } $path=trim($path,"/"); $path="/".$path; // echo $path; $username=$this->getusernamebasedonDomain($domain_name); if($username === false){ return false; } $sql = $this->zdbh->prepare("UPDATE x_vhosts SET vh_directory_vc=:vh_directory_vc WHERE vh_name_vc=:vh_name_vc AND vh_deleted_ts IS NULL;"); $sql->bindParam(':vh_directory_vc', $path); $sql->bindParam(':vh_name_vc', $domain_name); $sql->execute(); $DomRootDir = ctrl_options::GetSystemOption('hosted_dir') . $username . "/public_html/".ltrim($path,"/"); $DomRootDir=rtrim($DomRootDir,"/"); $OldRootDir = ''; $OldRootDir = shell_exec("cat /etc/sentora/configs/apache/domains/".trim($domain_name).".conf | grep DocumentRoot | awk '{print $2}'"); $OldRootDir = trim(str_replace('\n','',$OldRootDir)); $OldRootDir=rtrim(trim($OldRootDir,'"'),"/"); $OldRootDir = str_replace("/", "\/", $OldRootDir); $OldRootDir = trim(str_replace('"','',$OldRootDir)); $OldRootDir = trim(str_replace('\n','',$OldRootDir)); $DomRootDir = str_replace("/", "\/", $DomRootDir); $DomRootDir = trim(str_replace('"','',$DomRootDir)); $DomRootDir = trim(str_replace('\n','',$DomRootDir)); $chkwrite=shell_exec("sed -i 's/$OldRootDir/$DomRootDir/g' /etc/sentora/configs/apache/domains/".trim($domain_name).".conf"); $ssl_conf_query="SELECT * FROM x_ssl WHERE ssl_doamin='".trim($domain_name)."' AND ssl_delete IS NULL"; $ssl_conf = $this->zdbh->prepare($ssl_conf_query); $ssl_conf->execute(); $ssl_count = $ssl_conf->fetchColumn(); if ($ssl_count > 0) { $chkwrite=shell_exec("sed -i 's/$OldRootDir/$DomRootDir/g' /etc/httpd/conf.d/ssl.conf"); } $mid=$this->getDomainIDBasedONDomain($domain_name); if($mid === false){ return false; } $records_list = ctrl_options::GetSystemOption('Domain_directory_change'); $record_array = explode(',', $records_list); if (!in_array($mid, $record_array)) { if (empty($records_list)) { $records_list .= $mid; } else { $records_list .= ',' . $mid; } $sql = "UPDATE x_settings SET so_value_tx=:newlist WHERE so_name_vc='Domain_directory_change'"; $sql = $this->zdbh->prepare($sql); $sql->bindParam(':newlist', $records_list); $sql->execute(); } $this->SetWriteApacheConfigTrue(); $this->SetCallDaemon(); return UPDATE_VHOST_DIRECTORY_SUCCESS; } public function isIndexFileExists($domain_name) { $full_path=$this->getFullPathOfDomain($domain_name); if(file_exists($full_path."index.html") || file_exists($full_path."index.php") || file_exists($full_path."index.htm")) return INDEX_FILE_EXISTS; else return INDEX_DOES_NOT_EXISTS; } public function getFullPathOfDomain($domain_name) { $username = $this->getusernamebasedonDomain($domain_name); if($username === false){ return false; } $rows = $this->zdbh->prepare("SELECT vh_directory_vc FROM x_vhosts WHERE vh_name_vc='".$domain_name."' AND vh_deleted_ts IS NULL"); $rows->execute(); $dbvals = $rows->fetch(); $path=ltrim($dbvals['vh_directory_vc'],"/"); $vhost_path = rtrim( ctrl_options::GetSystemOption('hosted_dir') . $username . "/public_html/".$path, "/")."/"; return $vhost_path; } public function getDirectoryPathofDomain($domain_name) { $username = $this->getusernamebasedonDomain($domain_name); $rows = $this->zdbh->prepare("SELECT vh_directory_vc FROM x_vhosts WHERE vh_name_vc='".$domain_name."' AND vh_deleted_ts IS NULL"); $rows->execute(); $dbvals = $rows->fetch(); $path=ltrim($dbvals['vh_directory_vc'],"/"); $vhost_path = rtrim("/public_html/".$path, "/")."/"; return $vhost_path; } public function IPPageChange($which_domain) { $get_path=$this->getFullPathOfDomain($which_domain); $rows = $this->zdbh->prepare("UPDATE x_settings set so_value_tx='".$get_path."' where so_name_vc='ipdomain_dir';"); $rows->execute(); $this->SetWriteApacheConfigTrue(); $this->SetCallDaemon(); return IP_DIRECTORY_CHANGE_SUCCESS; } public function getDomainIDBasedONDomain($domain_name) { $rows = $this->zdbh->prepare("SELECT vh_id_pk FROM x_vhosts WHERE vh_name_vc='".$domain_name."' AND vh_deleted_ts IS NULL;"); $rows->execute(); if ($rows->rowCount() != 0) { $dbvals = $rows->fetch(); $vh_id_pk=$dbvals['vh_id_pk']; return $vh_id_pk; }else{ return false; } } public function SetWriteApacheConfigTrue() { $sql = $this->zdbh->prepare("UPDATE x_settings SET so_value_tx='true' WHERE so_name_vc='apache_changed'"); $sql->execute(); } public function createDefaultPagewithIndex($domain_name) { echo "came createDefaultPagewithIndex"; echo $path=$this->getdomainpathfromvhost($domain_name); return $this->createDefaultPage($domain_name,$path); } public function getdomainpathfromvhost($domain_name) { $check_ssl = "SELECT vh_directory_vc FROM x_vhosts WHERE vh_deleted_ts IS NULL AND vh_name_vc='$domain_name'"; $rows = $this->zdbh->prepare( $check_ssl ); $rows->execute(); $dbvals = $rows->fetch(); $username=$dbvals['vh_directory_vc']; return $username; } public function changePermission($domain_name) { $domain_name=runtime_sanatizeItem::sanatizeItem(runtime_xss::xssClean($domain_name),'url'); $sql = "select * from x_vhosts where vh_name_vc=:domain and vh_deleted_ts IS NULL"; $numrows = $this->zdbh->prepare($sql); $numrows->bindParam(':domain', $domain_name); $numrows->execute(); if ($numrows->rowCount() == 0) { return false; } $get_chown_path=shell_exec("whereis chown | awk '{print $2}'"); $get_chown_path=str_replace("\n","",$get_chown_path); $get_chown_path=str_replace('\n',"",$get_chown_path); $get_chmod_path=shell_exec("whereis chmod | awk '{print $2}'"); $get_chmod_path=str_replace("\n","",$get_chmod_path); $get_chmod_path=str_replace('\n',"",$get_chmod_path); $get_find_path=shell_exec("whereis find | awk '{print $2}'"); $get_find_path=str_replace("\n","",$get_find_path); $get_find_path=str_replace('\n',"",$get_find_path); $path=$this->getFullPathOfDomain($domain_name); if($path === false){ return false; } $get_path=rtrim($path."/"); $cmd="$get_chown_path apache. -R $get_path"; shell_exec($cmd); $cmd="$get_find_path $get_path -type f -exec $get_chmod_path 644 {} +"; shell_exec($cmd); $cmd="$get_find_path $get_path -type d -exec $get_chmod_path 755 {} +"; shell_exec($cmd); return DIRECTORY_PERMISSION_CHANGED; } public function createDefaultPage($domain_name,$path) { $username=$this->getusernamebasedonDomain($domain_name); $vhost_path = ctrl_options::GetSystemOption('hosted_dir') . $username . "/public_html/".ltrim($path,"/"); echo "Full Path : $vhost_path"; if ((!file_exists($vhost_path . "/index.html")) && (!file_exists($vhost_path . "/index.php")) && (!file_exists($vhost_path . "/index.htm"))) { fs_director::CreateDirectory($vhost_path); fs_director::SetFileSystemPermissions($vhost_path, 0777); fs_filehandler::CopyFileSafe(ctrl_options::GetSystemOption('static_dir') . "pages/welcome.html", $vhost_path . "/index.html"); fs_director::CreateDirectory($vhost_path . "/_errorpages/"); $errorpages = ctrl_options::GetSystemOption('static_dir') . "/errorpages/"; if (is_dir($errorpages)) { if ($handle = @opendir($errorpages)) { while (($file = @readdir($handle)) !== false) { if ($file != "." && $file != "..") { $page = explode(".", $file); if (!fs_director::CheckForEmptyValue($this->CheckErrorDocument($page[0]))) { fs_filehandler::CopyFile($errorpages . $file, $vhost_path . '/_errorpages/' . $file); } } } closedir($handle); } } return UPDATE_DEFAULT_FILES; } else { return FOLDER_PATH_EXISTS; } } public function CheckErrorDocument($error) { $errordocs = array(100, 101, 102, 200, 201, 202, 203, 204, 205, 206, 207, 300, 301, 302, 303, 304, 305, 306, 307, 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, 418, 419, 420, 421, 422, 423, 424, 425, 426, 500, 501, 502, 503, 504, 505, 506, 507, 508, 509, 510); return in_array($error, $errordocs); } public function isDirExists($domain_name,$path) { $username=$this->getusernamebasedonDomain($domain_name); $vhost_path = ctrl_options::GetSystemOption('hosted_dir') . $username . "/public_html/"; $full_path=$vhost_path.ltrim($path,"/"); // echo $full_path; if(file_exists($full_path) && is_dir($full_path) ) return FOLDER_PATH_EXISTS; else return FOLDER_DOES_NOT_EXISTS; } // ******************************************* 01-02-2018 Working End ******************************************* // public function getRandamSaltOfUser($username) { $rows = $this->zdbh->prepare("SELECT ac_passsalt_vc FROM x_accounts WHERE ac_deleted_ts IS NULL AND ac_user_vc='".$username."'"); $rows->execute(); $dbvals = $rows->fetch(); $username=$dbvals['ac_passsalt_vc']; return $username; } public function UsersAuthentication($username,$password) { require_once("/etc/sentora/panel/dryden/runtime/hash.class.php"); $crypto = new runtime_hash; $crypto->SetPassword($password); $randomsalt = $this->getRandamSaltOfUser($username); $crypto->SetSalt($randomsalt); $secure_password = $crypto->CryptParts($crypto->Crypt())->Hash; $sql = $this->zdbh->prepare("SELECT ac_id_pk from x_accounts WHERE ac_pass_vc =:password AND ac_passsalt_vc=:passsalt AND ac_user_vc=:ac_user_vc AND ac_deleted_ts IS NULL;"); $sql->bindParam(':ac_user_vc', $username); $sql->bindParam(':password', $secure_password); $sql->bindParam(':passsalt', $randomsalt); $sql->execute(); $check_num = $sql->fetchColumn(); if ($check_num > 0) return WHM_AUTHENTICATE_SUCCESS; else return WHM_AUTHENTICATE_FAILURE; } public function ResetPWD($username,$password) { require_once("/etc/sentora/panel/dryden/runtime/hash.class.php"); $crypto = new runtime_hash; $crypto->SetPassword($password); $randomsalt = $crypto->RandomSalt(); echo "randomsalt : ".$randomsalt."\n"; $crypto->SetSalt($randomsalt); $secure_password = $crypto->CryptParts($crypto->Crypt())->Hash; echo "password : ".$password."\n"; echo "secure_password : ".$secure_password."\n"; echo "username : ".$username."\n"; $sql = $this->zdbh->prepare("UPDATE x_accounts SET ac_pass_vc =:password,ac_passsalt_vc=:passsalt WHERE ac_user_vc=:ac_user_vc AND ac_deleted_ts IS NULL;"); $sql->bindParam(':ac_user_vc', $username); $sql->bindParam(':password', $secure_password); $sql->bindParam(':passsalt', $randomsalt); $sql->execute(); if($username == 'zadmin') { $changeInPasswordTXT = $this->ChangeZadminPassinPasswordTXT($password); } return UPDATE_PASSWORD_SUCCESS.":".ctrl_options::GetSystemOption('server_ip'); } public function ChangeZadminPassinPasswordTXT($password) { $password=runtime_xss::xssClean(runtime_sanatizeItem::sanatizeItem($password),'pass'); $file_path = "/root/passwords.txt"; $zadmin_no = shell_exec("grep -ni 'zadmin Password ' $file_path"); $line = explode(":",$zadmin_no); $line_no = $line[0]; $cmd_to_replace = "sed -i '".$line_no."s/.*/zadmin Password : $password/' $file_path"; shell_exec($cmd_to_replace); return true; } public function TrytoRestartLighttpd() { if($this->checkLighttpdStatus() == LIGHTTPD_STATUS_OFF ) { $get_sh_path=shell_exec("whereis sh | awk '{print $2}'"); $get_sh_path=str_replace("\n","",$get_sh_path); $get_sh_path=str_replace('\n',"",$get_sh_path); $cmd = "$get_sh_path ".AISA_CLASS_PATH."restart.sh lighttpd"; shell_exec($cmd); if($this->checkLighttpdStatus() == LIGHTTPD_STATUS_OFF) return LIGHTTPD_RESTART_FAILURE; else return LIGHTTPD_RESTART_SUCCESS; } else { return LIGHTTPD_STATUS_ON; } } public function checkLighttpdStatus() { $url = "http://". ctrl_options::GetSystemOption('server_ip') .":2086/"; $ch = curl_init($url); curl_setopt($ch, CURLOPT_HEADER, true); // we want headers curl_setopt($ch, CURLOPT_NOBODY, true); // we don't need body curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); curl_setopt($ch, CURLOPT_TIMEOUT,10); $output = curl_exec($ch); $httpcode = curl_getinfo($ch, CURLINFO_HTTP_CODE); curl_close($ch); if($httpcode == 200 ) return LIGHTTPD_STATUS_ON; else return LIGHTTPD_STATUS_OFF; } public function isDovecot_DefaultProcessLimit() { $dovecot_conf_path="/etc/dovecot/dovecot.conf"; $get_grep_path=shell_exec("whereis grep | awk '{print $2}'"); $get_grep_path=str_replace("\n","",$get_grep_path); $get_grep_path=str_replace('\n',"",$get_grep_path); $get_cat_path=shell_exec("whereis cat | awk '{print $2}'"); $get_cat_path=str_replace("\n","",$get_cat_path); $get_cat_path=str_replace('\n',"",$get_cat_path); $cmd="$get_cat_path $dovecot_conf_path | $get_grep_path \"default_process_limit\""; $output=""; $output=shell_exec($cmd); if(trim($output) == "" ) return DOVECOT_DEFAULT_VALUE_RETURN; else { $get_value=explode("=",$output); return DOVECOT_SOME_VALUE_IS_CONFIGURED.":".trim($get_value[1]); } } public function IncreaseDovecotProcessLimit($process_limit, $process) { $get_sh_path=shell_exec("whereis sh | awk '{print $2}'"); $get_sh_path=str_replace("\n","",$get_sh_path); $get_sh_path=str_replace('\n',"",$get_sh_path); if($process == 'add') $cmd = "$get_sh_path ".AISA_CLASS_PATH."isAddDovecotProcessLimit.sh $process_limit"; else $cmd = "$get_sh_path ".AISA_CLASS_PATH."isUpdateDovecotProcessLimit.sh $process_limit"; echo "Command for Increase process limit : $cmd \n"; shell_exec($cmd); return DOVECOT_PROCESS_LIMIT_INCREASED; } public function isUserExists($username) { $check_ssl = "SELECT ac_id_pk FROM x_accounts WHERE ac_deleted_ts IS NULL AND ac_user_vc=:ssl_doamin"; $numcheck = $this->zdbh->prepare($check_ssl); $numcheck->bindParam(':ssl_doamin',$username); $numcheck->execute(); $check_num = $numcheck->fetchColumn(); if ($check_num > 0) return CPANEL_USERNAME_EXISTS; else return CPANEL_USERNAME_DOES_NOT_EXISTS; } /* ////////////////////////// Get PackageList //////////////////////////////////////// */ public function GetPackageLists() { $check_ssl = "SELECT pk_id_pk,pk_name_vc FROM x_packages WHERE pk_deleted_ts IS NULL"; $numcheck = $this->zdbh->prepare($check_ssl); $numcheck->execute(); $res=array(); while ($rowgroups = $numcheck->fetch()) { array_push($res, array('packageid' => $rowgroups['pk_id_pk'], 'packagename' => trim(($rowgroups['pk_name_vc'])))); } return json_encode($res); } public function checkDomainAccessforUser($user_name, $domain_name) { echo $domain_name." == ".$user_name."\n"; $rows = $this->zdbh->prepare("select * from x_vhosts where vh_deleted_ts IS NULL AND vh_name_vc= :domain AND vh_acc_fk=(select ac_id_pk from x_accounts where ac_user_vc= :vh_name_vc AND ac_deleted_ts IS NULL)"); $rows->bindParam(':vh_name_vc', $user_name); $rows->bindParam(':domain', $domain_name); $rows->execute(); $returnval=false; $check_num = $rows->fetchColumn(); echo "Check num : ".$check_num."\n"; if ($check_num > 0) { $return = USER_HAVE_ACCESS_FOR_DOMAIN; } else { $return = USER_DONT_HAVE_ACCESS_FOR_DOMAIN; } return $return; } public function checkPackageQuota($user_name, $domain_type) { $sql="select qt_domains_in,qt_subdomains_in,qt_parkeddomains_in from x_quotas where qt_package_fk IN (select ac_package_fk from x_accounts where ac_user_vc='".$user_name."' AND ac_deleted_ts IS NULL)"; $detailrows = $this->zdbh->prepare($sql); $detailrows->execute(); $dbvals = $detailrows->fetch(); if($domain_type == "sub") { if($dbvals['qt_subdomains_in']==-1) { $return = PACKAGE_QUOTA_AVAILABLE; } else { $sql_cnt="SELECT count(*) as subdomaincount from x_vhosts where vh_acc_fk=(select ac_id_pk from x_accounts where ac_user_vc='".$user_name."' AND ac_deleted_ts IS NULL) AND vh_type_in='2' AND vh_deleted_ts IS NULL"; $detailrows_cnt = $this->zdbh->prepare($sql_cnt); $detailrows_cnt->execute(); $dbvals_cnt = $detailrows_cnt->fetch(); if($dbvals['qt_subdomains_in'] > $dbvals_cnt['subdomaincount']) { $return = PACKAGE_QUOTA_AVAILABLE; } else { $return = PACKAGE_QUOTA_NOT_AVAILABLE; } } } else { if($dbvals['qt_domains_in']==-1) { $return = PACKAGE_QUOTA_AVAILABLE; } else { $sql_cnt="SELECT count(*) as addoncount from x_vhosts where vh_acc_fk=(select ac_id_pk from x_accounts where ac_user_vc='".$user_name."' AND ac_deleted_ts IS NULL) AND vh_type_in='1' AND vh_deleted_ts IS NULL"; $detailrows_cnt = $zdbh->prepare($sql_cnt); $detailrows_cnt->execute(); $dbvals_cnt = $detailrows_cnt->fetch(); if($dbvals['qt_domains_in'] > $dbvals_cnt['addoncount']) { $return = PACKAGE_QUOTA_AVAILABLE; } else { $return = PACKAGE_QUOTA_NOT_AVAILABLE; } } } return $return; } /* //////////////// check domain is exists or not ///////////////////////// */ public function isdomainexists($domain_name) { $check_ssl = "SELECT * FROM x_vhosts WHERE vh_deleted_ts IS NULL AND vh_name_vc=:ssl_doamin"; $numcheck = $this->zdbh->prepare($check_ssl); $numcheck->bindParam(':ssl_doamin',$domain_name); $numcheck->execute(); $check_num = $numcheck->fetchColumn(); if ($check_num > 0) return DOMAIN_EXISTS; else return DOMAIN_NOT_EXISTS; } /* //////////////// Get the userid based on the domain ///////////////////////// */ public function getuseridbasedonDomain($domain_name) { $rows = $this->zdbh->prepare("SELECT ac_id_pk FROM x_accounts WHERE ac_id_pk=(SELECT vh_acc_fk FROM x_vhosts WHERE vh_name_vc='".$domain_name."' AND vh_deleted_ts IS NULL);"); $rows->execute(); $dbvals = $rows->fetch(); $username=$dbvals['ac_id_pk']; return $username; } /* //////////////// Get the username based on the domain ///////////////////////// */ public function getusernamebasedonDomain($domain_name) { $rows = $this->zdbh->prepare("SELECT ac_user_vc FROM x_accounts WHERE ac_id_pk=(SELECT vh_acc_fk FROM x_vhosts WHERE vh_name_vc='".$domain_name."' AND vh_deleted_ts IS NULL);"); $rows->execute(); if ($rows->rowCount() != 0) { $dbvals = $rows->fetch(); $username=$dbvals['ac_user_vc']; return $username; }else{ return false; } } public function getuserIdBasedOnDomainName($domain_name) { $rows = $this->zdbh->prepare("SELECT ac_id_pk FROM x_accounts WHERE ac_id_pk=(SELECT vh_acc_fk FROM x_vhosts WHERE vh_name_vc='".$domain_name."' AND vh_deleted_ts IS NULL);"); $rows->execute(); $dbvals = $rows->fetch(); $userid=$dbvals['ac_id_pk']; return $userid; } public function changeAccountDirectory($new_directory, $domain) { $sql1 = "UPDATE x_vhosts SET vh_directory_vc='".$new_directory."' WHERE vh_name_vc = '$domain' AND vh_deleted_ts IS NULL;"; $sql1 = $this->zdbh->prepare($sql1); $sql1->execute(); $this->SetWriteApacheConfigTrue(); $this->SetCallDaemon(); return true; } /* ////////////////////////////////////////////////////// Create Users started Here ////////////////////////////////////// */ public function SetCallDaemon() { $getcwd =__FILE__; $input="DaemonCall\n$getcwd"; $output = ctrl_module::ConnectServerSocket($input,'daemon'); if(!$output){ self::$tryagain=true; return false; } } public function create_account($domainname,$email,$username,$password,$packageid) { require_once("Cpanel_Create_Account.php"); $OBJ_ACC=new Cpanel_Create_Account(); return $OBJ_ACC->create_account($domainname,$email,trim($username),trim($password),$packageid); } public function resetZadminPassword() { $zadmin_password = trim(self::getZadminPassword()); shell_exec("chmod +x /etc/sentora/panel/bin/setzadmin"); $password_change_result = strtolower(trim(preg_replace('/[^a-zA-Z0-9\']/', '',shell_exec("/usr/bin/setzadmin --set $zadmin_password | grep 'Account password' | awk '{print $8}'")))); if($password_change_result == 'updated') { return ZADMIN_PASSWORD_UPDATED.":".$zadmin_password; } else { return ZADMIN_PASSWORD_COULDNOT_UPDATED; } } public function getZadminPassword() { $zadmin_password = shell_exec("cat /root/passwords.txt | grep 'zadmin Password' | awk '{print $4}'"); return $zadmin_password; } public function printDownTime() { $down_time_reboot_result = Array(); //$down_time_result = shell_exec("last | egrep 'crash|reboot'"); $down_time_reboot_result = trim(shell_exec('last | grep "reboot" | awk \'{print $6" "$7" "$8}\'')); $down_time_reboot_result = explode("\n", $down_time_reboot_result); //$down_time_reboot_log = self::printDownTimeLog($down_time_reboot_result); $down_time_crash_result = trim(shell_exec('last | grep "crash" | awk \'{print $5" "$6" "$7}\'')); $down_time_crash_result = explode("\n", $down_time_crash_result); $downtime = array("reboot_result"=>$down_time_reboot_result, "crash_result"=>$down_time_crash_result); //$down_time_crash_log = self::printDownTimeLog($down_time_crash_result); $down_time_log = self::printDownTimeLog($downtime); $down_time_log = trim($down_time_log); echo "Down Time error log : $down_time_log \n"; if($down_time_log) { return DOWN_TIME_LOG."==>".$down_time_log; } else { return NO_DOWN_TIME; } } public function printDownTimeLog($down_time_result) { $down_time_log = null; foreach($down_time_result as $downtime) { foreach ($downtime as $downlog) { $down_time_log .= shell_exec('cat /var/log/messages | grep "'.$downlog.'"')."\n"; } } return $down_time_log; } public function isExistsInstallScreen($screen_name) { $get_screen_path=shell_exec("whereis screen | awk '{print $2}'"); $get_screen_path=str_replace("\n","",$get_screen_path); $get_screen_path=str_replace('\n',"",$get_screen_path); $get_grep_path=shell_exec("whereis grep | awk '{print $2}'"); $get_grep_path=str_replace("\n","",$get_grep_path); $get_grep_path=str_replace('\n',"",$get_grep_path); $cmd = "$get_screen_path -list | $get_grep_path \"$screen_name\""; $output=""; $output=shell_exec($cmd); if(trim($output) == "" ) return SCREEN_NOT_EXISTS; else return SCREEN_EXISTS; } public function checkAnySslInstalled() { $sql = "SELECT * FROM x_ssl WHERE ssl_delete is NULL"; $sql = $this->zdbh->prepare($sql); $sql->execute(); $check_ssl_install = $sql->rowCount(); return $check_ssl_install; } public function isSSLExists($domain_name) { $domain_certbot = shell_exec("grep -ni 'Certificate Name' /var/log/letsencrypt/sslrenew.log | cut -d':' -f1,3"); $line_cerbot = array_filter(explode("\n",$domain_certbot)); if(count($line_cerbot) > 0) { foreach ($line_cerbot as $cerbot) { $cerbot_arr = explode(":",$cerbot); $expiry_line_number = $cerbot_arr[0]+2; $domain_from_cerbot = trim($cerbot_arr[1]); if($domain_name == $domain_from_cerbot) { $cmd_for_get_expiry = "head -$expiry_line_number /var/log/letsencrypt/sslrenew.log | tail -1"; $expiry_out = trim(shell_exec($cmd_for_get_expiry)); if(stristr($expiry_out, "EXPIRED")) { return SSL_EXPIRED; } return SSL_NOT_EXPIRED; } } } return SSL_DOES_NOT_EXISTS; } public function getAllDomainsForTLS() { $check_ssl_install = $this->checkAnySslInstalled(); if($check_ssl_install) { $sql = "SELECT vh_name_vc FROM x_vhosts WHERE vh_deleted_ts is NULL"; $sql = $this->zdbh->prepare($sql); $sql->execute(); $all_domains = ""; while($rows = $sql->fetch()) { $all_domains .= $rows['vh_name_vc']." "; } $all_domains = rtrim($all_domains); $ssl_installed_status = SSL_INSTALLED."=>".$all_domains; } else { $ssl_installed_status = SSL_NOT_INSTALLED; } return $ssl_installed_status; } public function installTls() { $domain_data = $this->getAllDomainsForTLS(); $domain_data_arr = explode("=>",$domain_data); $res_code = $domain_data_arr[0]; if($res_code != SSL_NOT_INSTALLED) { $domain_names = $domain_data_arr[1]; $screen_name = "install_AISA_TLS"; if( $this->isExistsInstallScreen($screen_name) == SCREEN_NOT_EXISTS ) { $get_screen_path=shell_exec("whereis screen | awk '{print $2}'"); $get_screen_path=str_replace("\n","",$get_screen_path); $get_screen_path=str_replace('\n',"",$get_screen_path); $sh_path = shell_exec("whereis sh | awk '{print $2}'"); $sh_path = str_replace("\n","",$sh_path); $sh_path = str_replace('\n',"",$sh_path); $cmd = "$sh_path /scripts/tls.sh install $domain_names"; echo "$get_screen_path -d -m -S $screen_name $sh_path -c '$cmd' \n"; shell_exec("$get_screen_path -d -m -S $screen_name $sh_path -c '$cmd'"); $installation_status = TLS_INSTALLATION_PROGRESS."=>".$domain_names; } else { $installation_status = TLS_SCREEN_ALREADY_EXIST; } } else { $installation_status = NEED_TO_INSTALL_SSL; } return $installation_status; } public function checkStrength($password) { $strength = "0"; if (strlen($password) < 6) { return 'Short'; } if (strlen($password) > 7) { $strength += 1; } if( preg_match( '/[^A-Za-z0-9]+/', $password)) { $strength += 1; } if (preg_match_all('/^\S*(?=\S{8,})(?=\S*[a-z])(?=\S*[A-Z])(?=\S*[\d])\S*$/',$password)) { $strength += 1; } if (preg_match_all('/^(?=\S{8,})(?=\S*[a-z])(?=\S*[A-Z])(?=\S*[\d])\S*$/',$password)) { $strength += 1; } if ($strength <2 ) { return 'Weak'; } else if ($strength == 2 ) { return 'Good'; } else { return 'Strong'; } } public function Emailpasswordreset($dom,$email,$password) { $numrows = $this->zdbh->prepare("SELECT COUNT(*) FROM x_mailboxes WHERE mb_address_vc='".$email."'"); $numrows->bindParam(':mb_address_vc', $email); $numrows->execute(); $result = $numrows->fetch(); if($result[0] > 0) { $mailserver_db = ctrl_options::GetSystemOption('mailserver_db'); include('/etc/sentora/panel/cnf/db.php'); $z_db_user = $user; $z_db_pass = $pass; try { //$mail_db = new db_driver("mysql:host=" . $host . ";dbname=" . $mailserver_db . "", $z_db_user, $z_db_pass); $dsn = "mysql:dbname=$mailserver_db;$ovi_socket_path"; $mail_db = new db_driver($dsn, $user, $pass, array(PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES 'utf8'")); $mail_db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); } catch (PDOException $e) { echo $e; } $numrowss = $mail_db->prepare("SELECT * FROM mailbox WHERE username=:email"); $numrowss->bindParam(':email', $email); $numrowss->execute(); $resultt = $numrowss->fetch(); if($resultt > 0) { $pass_check = $this->checkStrength($password); if($pass_check == "Short") { $return = "Short"; return $return; } elseif ($pass_check == "Weak") { $return = "Weak"; return $return; } else { $numrows = $mail_db->prepare("UPDATE mailbox SET password=:newpass WHERE username=:email"); $newpass = '{PLAIN-MD5}' . md5($password); $numrows->bindParam(':newpass', $newpass); $numrows->bindParam(':email', $email); $numrows->execute(); $return = "password_updated"; return $return; } }else { $return = "incorrect_email"; return $return; } } else { $return = "incorrect_email"; return $return; } } public function emailattach($dom,$email,$password) { echo "Within email attach function"; $numrows = $this->zdbh->prepare("SELECT COUNT(*) FROM x_mailboxes WHERE mb_address_vc='".$email."'"); $numrows->bindParam(':mb_address_vc', $email); $numrows->execute(); $result = $numrows->fetch(); if($result[0] > 0) { $mailserver_db = ctrl_options::GetSystemOption('mailserver_db'); include('/etc/sentora/panel/cnf/db.php'); $z_db_user = $user; $z_db_pass = $pass; try { // $mail_db = new db_driver("mysql:host=" . $host . ";dbname=" . $mailserver_db . "", $z_db_user, $z_db_pass); $dsn = "mysql:dbname=$mailserver_db;$ovi_socket_path"; $mail_db = new db_driver($dsn, $user, $pass, array(PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES 'utf8'")); $mail_db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); } catch (PDOException $e) { echo $e; } $numrows = $mail_db->prepare("SELECT * FROM mailbox WHERE username=:email"); $numrows->bindParam(':email', $email); $numrows->execute(); $result = $numrows->fetch(); $mail_password = '{PLAIN-MD5}' . md5($password); if($result['password'] == $mail_password) { $cmd_exe = shell_exec("/usr/bin/sh /root/scripts/aisa/class/emailattach.sh"); $sql1 = "Update x_php_config set x_value='1',x_old_value='1' WHERE x_clearname='x_update_flag'"; $sql1 = $this->zdbh->prepare($sql1); $sql1->execute(); $sql = "SELECT * FROM x_php_config"; $sql = $this->zdbh->prepare($sql); $sql->execute(); while($res = $sql->fetch()) { if($res['x_clearname']=="file_uploads") { $file_uploads = $res['x_value']; $sql1 = "Update x_php_config set x_value='".$file_uploads."',x_old_value='".$res['x_value']."' WHERE x_clearname='file_uploads'"; $sql1 = $this->zdbh->prepare($sql1); $sql1->execute(); } if($res['x_clearname']=="max_execution_time") { $max_execution_time = $res['x_value']; $sql1 = "Update x_php_config set x_value='".$max_execution_time."',x_old_value='".$res['x_value']."' WHERE x_clearname='max_execution_time'"; $sql1 = $this->zdbh->prepare($sql1); $sql1->execute(); } if($res['x_clearname']=="max_input_time") { $max_input_time = $res['x_value']; $sql1 = "Update x_php_config set x_value='".$max_input_time."',x_old_value='".$res['x_value']."' WHERE x_clearname='max_input_time'"; $sql1 = $this->zdbh->prepare($sql1); $sql1->execute(); } if($res['x_clearname']=="memory_limit") { $memory_limit= "1024M"; $sql1 = "Update x_php_config set x_value='".$memory_limit."',x_old_value='".$res['x_value']."' WHERE x_clearname='memory_limit'"; $sql1 = $this->zdbh->prepare($sql1); $sql1->execute(); } if($res['x_clearname']=="session_save_path") { $session_save_path = $res['x_value']; $sql1 = "Update x_php_config set x_value='".$session_save_path."',x_old_value='".$res['x_value']."' WHERE x_clearname='session_save_path'"; $sql1 = $this->zdbh->prepare($sql1); $sql1->execute(); } if($res['x_clearname']=="upload_max_filesize") { $upload_max_filesize= "1024M"; $sql1 = "Update x_php_config set x_value='".$upload_max_filesize."',x_old_value='".$res['x_value']."' WHERE x_clearname='upload_max_filesize'"; $sql1 = $this->zdbh->prepare($sql1); $sql1->execute(); } if($res['x_clearname']=="post_max_size") { $post_max_size= "1024M"; $sql1 = "Update x_php_config set x_value='".$post_max_size."',x_old_value='".$res['x_value']."' WHERE x_clearname='post_max_size'"; $sql1 = $this->zdbh->prepare($sql1); $sql1->execute(); } } $sql = $this->zdbh->prepare("UPDATE x_settings SET so_value_tx='true' WHERE so_name_vc='apache_changed'"); $sql->execute(); $sql = $this->zdbh->prepare("Update x_varnish set x_isactive=0"); $sql->execute(); $sql9 = $this->zdbh->prepare("SELECT * FROM x_php_config WHERE x_clearname='file_uploads'"); $sql9->execute(); $res9 = $sql9->fetch(); $file_uploads = $res9['x_value']; $sql8 = $this->zdbh->prepare("SELECT * FROM x_php_config WHERE x_clearname='file_uploads'"); $sql8->execute(); $res8 = $sql8->fetch(); $max_execution_time = $res8['x_value']; $sql7 = $this->zdbh->prepare("SELECT * FROM x_php_config WHERE x_clearname='file_uploads'"); $sql7->execute(); $res7 = $sql7->fetch(); $max_input_time = $res7['x_value']; $memory_limit= "1024M"; $upload_max_filesize= "1024M"; $post_max_size= "1024M"; $cmd_exe_config = shell_exec("/usr/bin/sh /scripts/phpconfig.sh $file_uploads $max_execution_time $max_input_time $memory_limit $upload_max_filesize $post_max_size"); $cmd_exece = shell_exec("/usr/bin/sh /root/scripts/aisa/class/emailattachinas.sh"); $return = "done"; return $return; } else { $return = "incorrect_password"; return $return; } } else { $return = "incorrect_mailid"; return $return; } } public function checkProftpdMysqlExist() { $proftpd_path = shell_exec("whereis proftpd | awk '{print $4}'"); $proftpd_path = trim($proftpd_path)."/mod_sql_mysql.so"; if(file_exists($proftpd_path)) { return true; } else { $output = shell_exec("yum -y install proftpd-mysql"); return false; } } public function CheckProftpdAndPort($ip_address) { $ver_cmd = " eval rpm -qa \*-release | grep -Ei 'oracle|redhat|centos' | cut -d'-' -f3"; $ver_d = shell_exec($ver_cmd); $return = $this->checkProftpdMysqlExist(); // Proftpd Mysql is Not installed, after install it if($return == false) { if($ver_d == 7) { $rscmd = "systemctl restart proftpd"; } else { $rscmd = "service proftpd restart"; } $pro_cmd_exe = shell_exec($rscmd); } $n_port = 21; $proftpd_ins_check_cmd = "yum list installed | grep -Fi 'proftpd' "; $proftpd_ins_cmd_res = shell_exec($proftpd_ins_check_cmd); $proftpd_ins_cmd_res1 = trim($proftpd_ins_cmd_res); if($proftpd_ins_cmd_res1 !=" " && !empty($proftpd_ins_cmd_res1)) { $ftp_again=0; checkftpagain: $get_service = $this->CheckRunningServiceBasedOnPort(21,"proftpd"); if($get_service==-1) { if($ftp_again==0) { $rscmd =""; if($ver_d == 7) { $rscmd = "systemctl restart proftpd"; } else { $rscmd = "service proftpd restart"; } $pro_cmd_exe = shell_exec($rscmd); $ftp_again=1; goto checkftpagain; }else { $reply_msg=PROFTPD_NOT_RUNNING_SERVER; } } else if($get_service==1) { $reply_msg = PROFTPD_INSTALLED; } else { $reply_msg=PROFTPD_PORT_MISMATCH.":".$get_service; } /* $proftpd_cmd = "eval service proftpd status | grep 'Active:' | cut -d':' -f2" ; $proftpd_res = shell_exec($proftpd_cmd); $proftpd_res1 = trim($proftpd_res); $proftpd_res2 = explode(" ",$proftpd_res1); $pro_status = strtolower($proftpd_res2[0]); if($pro_status == "inactive") { $proftpd_status = 0; $rscmd =""; if($ver_d == 7) { $rscmd = "systemctl restart proftpd"; } else { $rscmd = "service proftpd restart"; } $pro_cmd_exe = shell_exec($rscmd); } $get_service = $this->CheckRunningServiceBasedOnPort(21,"proftpd"); echo "Service test : ".$get_service."\n\n\n"; $con1 = @fsockopen($ip_address, $n_port); $get_service = $this->CheckRunningServiceBasedOnPort(21,"proftpd"); echo "Service test 1: ".$get_service."\n\n\n"; if (!is_resource($con1)) { fclose($con1); } else { echo "PORT 21 is not enable so enabling it. \n"; $get_sh_path=shell_exec("whereis bash | awk '{print $2}'"); $get_sh_path=str_replace("\n","",$get_sh_path); $get_sh_path=str_replace('\n',"",$get_sh_path); $tcp_in = "$get_sh_path /root/scripts/aisa/class/csf_port_enable_tcpin.sh 21"; $tcp_out = "$get_sh_path /root/scripts/aisa/class/csf_port_enable_tcpout.sh 21"; echo "command for enable in TCPIN : $tcp_in, TCPOUT: $tcp_out \n"; shell_exec($tcp_in); shell_exec($tcp_out); } shell_exec("/usr/bin/bash ftp/passiveftp.sh"); $get_service = $this->CheckRunningServiceBasedOnPort(21,"proftpd"); if($get_service==-1) $reply_msg=PROFTPD_NOT_RUNNING_SERVER; else if($get_service==1) $reply_msg = PROFTPD_INSTALLED; else $reply_msg=PROFTPD_PORT_MISMATCH.":".$get_service; */ } else { echo "\nProftpd is not installed\n"; $reply_msg = PROFTPD_NOT_INSTALLED; } return $reply_msg; } public function checkConfigPwdIsCorrect() { $pro_db_file_path="/etc/proftpd.conf"; $pro_sh = shell_exec("grep 'SQLConnectInfo' $pro_db_file_path "); $strg = explode(" ",trim($pro_sh)); $final_array=array(); $final_array=array_filter($strg); $getpassword=end($final_array); if($this->DBConnection(FTP_DEFAULT_HOST_NAME,FTP_DEFAULT_DB_NAME,FTP_DEFAULT_USER_NAME,trim($getpassword))) { return PROFTPD_CONFIG_PASSWORD_CORRECT; } else { return PROFTPD_CONFIG_PASSWORD_WRONG; } } public function DBConnection($hostname,$dbname,$user,$password) { $mysqli = new mysqli($hostname, $user, $password, $dbname); if ($mysqli->connect_errno) { return false; } /* check if server is alive */ if ($mysqli->ping()) { $mysqli->close(); return true; } else { $mysqli->close(); return false; } return true; } public function verify_ftp_password ($user, $pass, $dom) { $conn = ftp_connect($dom, 21); if ($conn == FALSE) return FTP_CONNECT_FAILED ; $result = ftp_login($conn, $user, $pass); if ((!$conn) || (!$result)) { return FTP_LOGIN_FAILED ; } else { ftp_close($conn); return FTP_LOGIN_SUCCESS ; } } public function getFTPHomeDirectory($user_name) { $rows = $this->zdbh->prepare("SELECT ft_directory_vc FROM x_ftpaccounts WHERE ft_user_vc='".$user_name."' AND ft_deleted_ts IS NULL;"); $rows->execute(); if ($rows->rowCount() != 0) { $dbvals = $rows->fetch(); $username=$dbvals['ft_directory_vc']; return $username; }else{ return false; } } public function CheckRunningServiceBasedOnPort($port,$service_name) { $port=runtime_sanatizeItem::sanatizeItem(runtime_xss::xssClean($port),'int'); $get_lsof_path=shell_exec("whereis lsof | awk '{print $2}'"); $get_lsof_path=str_replace("\n","",$get_lsof_path); $get_lsof_path=str_replace('\n',"",$get_lsof_path); $cmd = "$get_lsof_path -i tcp:$port | awk 'END{print $1}'"; $cmd = trim($cmd); $getservice = shell_exec($cmd); #$get_array=explode("\n",$get_getservice); #$getservice=$get_array[count($get_array)-1]; echo "Result of $cmd : ".$getservice."\n"; $getservice=str_replace("\n","",$getservice); echo $getservice=str_replace('\n',"",$getservice); if($getservice=="") return -1; else if($getservice==$service_name) return 1; else return $getservice; } public function stopService($servicename) { $services_allowed = array("httpd", "mysqld", "varnish", "nginx", "tomcat", "proftpd", "postfix", "dovecot", "csf", "crond", "lfd", "named"); if (!in_array($servicename,$services_allowed)){ return false; } if ((double) sys_versions::ShowApacheVersion() < 2.3) { shell_exec("/usr/sbin/service $servicename stop"); } else { $update_servicename=$servicename.".service"; shell_exec("/bin/systemctl stop $update_servicename"); } $proftpd_cmd = "eval service $servicename status | grep 'Active:' | cut -d':' -f2" ; $proftpd_res = shell_exec($proftpd_cmd); $proftpd_res1 = trim($proftpd_res); $proftpd_res2 = explode(" ",$proftpd_res1); $pro_status = strtolower($proftpd_res2[0]); if($pro_status == "inactive") return true; else return false; } public function restartservice($servicename) { $services_allowed = array("httpd", "mysqld", "varnish", "nginx", "tomcat", "proftpd", "postfix", "dovecot", "csf", "crond", "lfd", "named"); if (!in_array($servicename,$services_allowed)){ return false; } if ((double) sys_versions::ShowApacheVersion() < 2.3) { shell_exec("/usr/sbin/service $servicename restart"); } else { $update_servicename=$servicename.".service"; shell_exec("/bin/systemctl restart $update_servicename"); } $proftpd_cmd = "eval service $servicename status | grep 'Active:' | cut -d':' -f2" ; $proftpd_res = shell_exec($proftpd_cmd); $proftpd_res1 = trim($proftpd_res); $proftpd_res2 = explode(" ",$proftpd_res1); $pro_status = strtolower($proftpd_res2[0]); if($pro_status == "inactive") return false; else return true; } public function checkFTPLoginCredentialsincore($ftp_user,$ftp_pass,$domain_name, $case_arg) { echo "Check FTP details in table \n"; $check_ftp= "SELECT * FROM x_ftpaccounts WHERE ft_deleted_ts IS NULL AND ft_user_vc=:ft_user_vc"; $numcheck = $this->zdbh->prepare($check_ftp); $numcheck->bindParam(':ft_user_vc',$ftp_user); $numcheck->execute(); $check_num = $numcheck->fetchColumn(); if ($check_num > 0) { echo "User exists in x_ftpaccounts so check password \n"; $check_ftp_pwd= "SELECT * FROM x_ftpaccounts WHERE ft_deleted_ts IS NULL AND ft_user_vc=:ft_user_vc AND ft_password_vc=:ft_password_vc"; $numcheck_pwd = $this->zdbh->prepare($check_ftp_pwd); $numcheck_pwd->bindParam(':ft_user_vc',$ftp_user); $numcheck_pwd->bindParam(':ft_password_vc',$ftp_pass); $numcheck_pwd->execute(); $check_num_pwd = $numcheck_pwd->fetchColumn(); if($check_num_pwd > 0 ) { echo "User and password exists in x_ftpaccounts table \n"; // return FTP_LOGIN_DETAIL_CORRECT; $ftp_db = ctrl_options::GetSystemOption('ftp_db'); include('/etc/sentora/panel/cnf/db.php'); $z_db_user = $user; $z_db_pass = $pass; try { // $ftp_db = new db_driver("mysql:host=" . $host . ";dbname=$ftp_db", $z_db_user, $z_db_pass); $dsn = "mysql:dbname=$ftp_db;$ovi_socket_path"; $ftp_db = new db_driver($dsn, $user, $pass, array(PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES 'utf8'")); $ftp_db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); } catch (PDOException $e) { } $sql = $ftp_db->prepare("select * from ftpuser where userid=:userid"); $sql->bindParam(':userid', $ftp_user); $sql->execute(); $check_num_sql = $sql->fetchColumn(); if($check_num_sql > 0) { echo "User exists in ftpuser table\n"; $sql1 = $ftp_db->prepare("select * from ftpuser where userid=:userid AND passwd=:passwd"); $sql1->bindParam(':userid', $ftp_user); $sql1->bindParam(':passwd', $ftp_pass); $sql1->execute(); $check_num_sql1 = $sql1->fetchColumn(); if($check_num_sql1 > 0) { if($case_arg == 'validate') { echo "User and password in ftpuser table\n"; $return = FTP_LOGIN_DETAIL_CORRECT; } else if($case_arg == 'create' || $case_arg == 'create_for_migration') { $return = FTP_USER_ALREADY_EXISTS; } } else { if($case_arg == 'validate') { echo "Password is not matched in ftpuser table \n"; $this->UpdateFTPUseronFTPDB($ftp_user,$ftp_pass); $return = FTP_LOGIN_DETAIL_UPDATED; } else if($case_arg == 'create' || $case_arg == 'create_for_migration') { $return = FTP_USER_ALREADY_EXISTS; } } } else { echo "User does not exists in ftpuser table \n"; $homedirectory_to_use= $this->getFTPHomeDirectory($ftp_user); $acc_user_name=$this->getusernamebasedonDomain($domain_name); $homedir = ctrl_options::GetSystemOption('hosted_dir') . $acc_user_name. $homedirectory_to_use . ""; $this->AddFTPUseronFTPDB($ftp_user,$ftp_pass,$homedir); $return = FTP_LOGIN_DETAIL_UPDATED; } } else { if($case_arg == 'validate') { echo "Password is not matched in x_ftpaccounts table \n"; $return = FTP_PASSWORD_IS_WRONG; } else if($case_arg == 'create' || $case_arg == 'create_for_migration') { $return = FTP_USER_ALREADY_EXISTS; } } } else { echo "User not found in x_ftpaccounts table \n"; $homedirectory_to_use = $this->getFTPHomeDirectory($ftp_user); $acc_user_name = $this->getusernamebasedonDomain($domain_name); $userid = $this->getuserIdBasedOnDomainName($domain_name); $homedir = ctrl_options::GetSystemOption('hosted_dir') . $acc_user_name. $homedirectory_to_use . ""; $this->AddFTPUserFTPAccountsTable($ftp_user, $ftp_pass, $acc_user_name, $userid); $this->AddFTPUseronFTPDB($ftp_user,$ftp_pass,$homedir); $return = FTP_LOGIN_DETAIL_UPDATED; } if($return == FTP_LOGIN_DETAIL_UPDATED) { echo "Password Updated or account created in ftpuser table\n"; if($case_arg == 'create_for_migration') $domain_name = ctrl_options::GetSystemOption('server_ip');; $return_ftp_check = $this->verify_ftp_password($ftp_user, $ftp_pass, $domain_name); echo "Checking FTP connection : $return_ftp_check\n"; if($return_ftp_check == FTP_LOGIN_FAILED) { $return = FTP_LOGIN_FAILED; } else if($return_ftp_check == FTP_CONNECT_FAILED) { $return = FTP_CONNECT_FAILED; } else { $return = FTP_LOGIN_DETAIL_UPDATED; } } return $return; } public function enableBackupMX($domain) { $backupmx=1; if( $this->checkDomainExistsinPostfixDomain($domain) == DOMAIN_EXISTS_IN_POSTFIX ) { $sql = $this->mail_db->prepare("UPDATE domain SET backupmx=".$backupmx." WHERE domain='".$domain."' AND active=1"); $sql->execute(); } else { $sql = $this->mail_db->prepare("INSERT INTO domain ( domain,description,aliases,mailboxes,maxquota,quota,transport,backupmx,created,modified,active) VALUES (:domain,'',0,0,0,0,'',1,NOW(),NOW(),'1')"); $sql->bindParam(':domain', $domain); $sql->execute(); } return REMOTE_MAIL_EXCHANGE_UPDATED; } public function AddFTPUserFTPAccountsTable($ftp_user, $ftp_pass, $acc_user_name, $user_id) { $acc_user_name = "/".$acc_user_name; include('/etc/sentora/panel/cnf/db.php'); $z_db_user = $user; $z_db_pass = $pass; try { // $ftp_db = new db_driver("mysql:host=" . $host . ";dbname=$dbname", $z_db_user, $z_db_pass); $dsn = "mysql:dbname=$dbname;$ovi_socket_path"; $ftp_db = new db_driver($dsn, $user, $pass, array(PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES 'utf8'")); $ftp_db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); } catch (PDOException $e) { } $time = microtime(true); echo "$ftp_user, $acc_user_name, $ftp_pass, $user_id, $time\n"; $sql = $ftp_db->prepare("INSERT INTO x_ftpaccounts (ft_acc_fk,ft_user_vc,ft_directory_vc,ft_access_vc,ft_password_vc,ft_created_ts) VALUES (:userid, :username, :account_username, 'RW',:password,:time);"); $sql->bindParam(':username', $ftp_user); $sql->bindParam(':account_username', $acc_user_name); $sql->bindParam(':password', $ftp_pass); $sql->bindParam(':userid', $user_id); $sql->bindParam(':time', $time); print_r($sql); $sql->execute(); return true; } public function AddFTPUseronFTPDB($ftp_username,$ftp_passwd,$homedir) { $ftp_db = ctrl_options::GetSystemOption('ftp_db'); echo "Create FTP User : $ftp_username, $ftp_passwd, $homedir\n"; include('/etc/sentora/panel/cnf/db.php'); $z_db_user = $user; $z_db_pass = $pass; try { // $ftp_db = new db_driver("mysql:host=" . $host . ";dbname=$ftp_db", $z_db_user, $z_db_pass); $dsn = "mysql:dbname=$ftp_db;$ovi_socket_path"; $ftp_db = new db_driver($dsn, $user, $pass, array(PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES 'utf8'")); $ftp_db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); } catch (PDOException $e) { } $sql = $ftp_db->prepare("INSERT INTO ftpquotalimits (name, quota_type, per_session, limit_type, bytes_in_avail, bytes_out_avail, bytes_xfer_avail, files_in_avail, files_out_avail, files_xfer_avail) VALUES (:username, 'user', 'true', 'hard', 0, 0, 0, 0, 0, 0);"); $sql->bindParam(':username', $ftp_username); $sql->execute(); $sql = $ftp_db->prepare("INSERT INTO ftpuser (userid, passwd, homedir, shell, count) VALUES (:username, :password, :homedir, '/sbin/nologin', 0);"); $sql->bindParam(':username', $ftp_username); $sql->bindParam(':password', $ftp_passwd); $sql->bindParam(':homedir', $homedir); $sql->execute(); return true; } public function UpdateFTPUseronFTPDB($ftp_username,$ftp_password) { $ftp_db = ctrl_options::GetSystemOption('ftp_db'); include('/etc/sentora/panel/cnf/db.php'); $z_db_user = $user; $z_db_pass = $pass; try { // $ftp_db = new db_driver("mysql:host=" . $host . ";dbname=$ftp_db", $z_db_user, $z_db_pass); $dsn = "mysql:dbname=$ftp_db;$ovi_socket_path"; $ftp_db = new db_driver($dsn, $user, $pass, array(PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES 'utf8'")); $ftp_db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); } catch (PDOException $e) { } $sql = $ftp_db->prepare("UPDATE ftpuser SET passwd=:password WHERE userid=:username"); $sql->bindParam(':username', $ftp_username); $sql->bindParam(':password', $ftp_password); $sql->execute(); return true; } public function UpdateFTPPasswordonCore($ftp_username,$ftp_password) { $update_ftp_pass = "UPDATE x_ftpaccounts SET ft_password_vc=:ft_password_vc WHERE ft_deleted_ts IS NULL AND ft_user_vc=:ft_user_vc"; $pwd = $this->zdbh->prepare($update_ftp_pass); $pwd->bindParam(':ft_user_vc',$ftp_username); $pwd->bindParam(':ft_password_vc',$ftp_password); $pwd->execute(); return true; } public function checkDomainExistsinPostfixDomain($domain) { echo $sql = "SELECT count(*) FROM domain WHERE domain='".$domain."' AND active=1"; $numcheck = $this->mail_db->prepare($sql); $numcheck->execute(); $check_num = $numcheck->fetchColumn(); if ($check_num > 0) $return = DOMAIN_EXISTS_IN_POSTFIX; else $return = DOMAIN_NOT_EXISTS_IN_POSTFIX; echo "Get value : $return " ; return $return; } public function disableBackupMx($domain) { $backupmx=0; if( $this->checkDomainExistsinPostfixDomain($domain) == DOMAIN_EXISTS_IN_POSTFIX ) { $sql = $this->mail_db->prepare("UPDATE domain SET backupmx=".$backupmx." WHERE domain='".$domain."' AND active=1"); } else { $sql = $this->mail_db->prepare("INSERT INTO domain ( domain,description,aliases,mailboxes,maxquota,quota,transport,backupmx,created,modified,active) VALUES (:domain,'',0,0,0,0,'',0,NOW(),NOW(),'1')"); $sql->bindParam(':domain', $domain); } $sql->execute(); return LOCAL_MAIL_EXCHANGE_UPDATED; } public function switchVarnishToApache() { $sql = "UPDATE x_varnish SET x_varnish='Off', x_isactive=0, x_lastupdate=".time(); $sql = $this->zdbh->prepare($sql); $sss = $sql->execute(); $rows_updated = $sql->rowCount(); if($rows_updated) { $chkconfig = shell_exec('whereis chkconfig'); $chkconfig = trim($chkconfig); shell_exec($chkconfig.' varnish off'); $this->SetWriteApacheConfigTrue(); $this->SetCallDaemon(); $return = SWITCHED_TO_APACHE_FROM_VARNISH_SUCCESSFULLY; } else { $return = CANNOT_SWITCH_TO_APACHE_FROM_VARNISH; } return $return; } public function switchApacheToVarnish() { $sql = "UPDATE x_varnish SET x_varnish='On', x_isactive=0, x_lastupdate=".time(); $sql = $this->zdbh->prepare($sql); $sss = $sql->execute(); $rows_updated = $sql->rowCount(); if($rows_updated) { $chkconfig = shell_exec('whereis chkconfig'); $chkconfig = trim($chkconfig); shell_exec($chkconfig.' varnish on'); $this->SetWriteApacheConfigTrue(); $this->SetCallDaemon(); $return = SWITCHED_TO_VARNISH_FROM_APACHE_SUCCESSFULLY; } else { $return = CANNOT_SWITCH_TO_VARNISH_FROM_APACHE; } return $return; } public function enablePortIn($port_no) { $port_no=runtime_sanatizeItem::sanatizeItem(runtime_xss::xssClean($port_no),'int'); $get_sh_path=shell_exec("whereis bash | awk '{print $2}'"); $get_sh_path=str_replace("\n","",$get_sh_path); $get_sh_path=str_replace('\n',"",$get_sh_path); $tcp_in = "$get_sh_path /root/scripts/aisa/class/csf_port_enable_tcpin.sh $port_no"; shell_exec($tcp_in); return true; } public function enablePortOut($port_no) { $port_no=runtime_sanatizeItem::sanatizeItem(runtime_xss::xssClean($port_no),'int'); $get_sh_path=shell_exec("whereis bash | awk '{print $2}'"); $get_sh_path=str_replace("\n","",$get_sh_path); $get_sh_path=str_replace('\n',"",$get_sh_path); $tcp_out = "$get_sh_path /root/scripts/aisa/class/csf_port_enable_tcpout.sh $port_no"; shell_exec($tcp_out); return true; } public function migrateFromcPanel($backup_file_name, $dom, $ftp_user) { $dom=runtime_sanatizeItem::sanatizeItem(runtime_xss::xssClean($dom),'url'); $sql = "select * from x_vhosts where vh_name_vc=:domain and vh_deleted_ts IS NULL"; $numrows = $this->zdbh->prepare($sql); $numrows->bindParam(':domain', $dom); $numrows->execute(); if ($numrows->rowCount() == 0) { return false; } $acc_user_name = $this->getusernamebasedonDomain($dom); if($acc_user_name === false){ return false; } $homedirectory_to_use= $this->getFTPHomeDirectory($ftp_user); if($homedirectory_to_use === false){ return false; } $backup_path = $homedirectory_to_use."/backups" ; $full_file_path = $backup_path."/".$backup_file_name; $get_screen_path=shell_exec("whereis screen | awk '{print $2}'"); $get_screen_path=str_replace("\n","",$get_screen_path); $get_screen_path=str_replace('\n',"",$get_screen_path); $get_php_path=shell_exec("whereis php | awk '{print $2}'"); $get_php_path=trim(str_replace("\n","",$get_php_path)); $cmd="$get_php_path /etc/sentora/panel/restoreclient.php $backup_file_name $acc_user_name"; $cmd = trim($cmd); echo "Command for run restore : $cmd\n"; $get_sh_path=shell_exec("whereis bash | awk '{print $2}'"); $get_sh_path=str_replace("\n","",$get_sh_path); $get_sh_path=str_replace('\n',"",$get_sh_path); echo "$get_screen_path -d -m -S VPSMigration_$acc_user_name $get_sh_path -c ' $cmd '\n"; shell_exec("$get_screen_path -d -m -S VPSMigration_$acc_user_name $get_sh_path -c ' $cmd '"); return "restored"; } public function ShowingDiskSpaceExceeded($domain_name) { $domain_name=runtime_sanatizeItem::sanatizeItem(runtime_xss::xssClean($domain_name),'url'); $sql = "select * from x_vhosts where vh_name_vc=:domain and vh_deleted_ts IS NULL"; $numrows = $this->zdbh->prepare($sql); $numrows->bindParam(':domain', $domain_name); $numrows->execute(); if ($numrows->rowCount() == 0) { return false; } $time = microtime(true); $cmd_for_hold_conf = "mv /etc/sentora/configs/apache/domains/$domain_name.conf /etc/sentora/configs/apache/domains/".$domain_name."_conf_back_".$time."_aisa"; echo "Command for apache domain conf file hold $cmd_for_hold_conf\n"; shell_exec($cmd_for_hold_conf); $this->SetWriteApacheConfigTrue(); $this->SetCallDaemon(); return DEFAULT_DOMAIN_CONF_FILE_REGENERATED; } public function isNginx() { $rows = $this->zdbh->prepare(" SELECT * FROM x_varnish where x_id='1';"); $rows->execute(); $dbvals = $rows->fetch(); $version=strtolower(trim($dbvals['x_nginx'])); if( $version=="off") return false; else return true; } public function InstallSSLTableInsertion($domain) { $uid = $this->getuseridbasedonDomain($domain); $server_ip = ctrl_options::GetSystemOption('server_ip'); $wwwdomain = 'www.'.$domain; $www_ip = gethostbyname($wwwdomain); if($www_ip !="" && $www_ip == $server_ip) { $wwwoption = "with"; } else { $wwwoption = "without"; } $sql = $this->zdbh->prepare("SELECT ac_email_vc FROM x_accounts WHERE ac_id_pk=:id AND ac_deleted_ts IS NULL"); $sql->bindParam(':id', $uid); $sql->execute(); $row = $sql->fetch(); $email = $row['ac_email_vc']; $time = time(); $sql = $this->zdbh->prepare("INSERT INTO x_ssl (userid, ssl_email, ssl_doamin, ssl_created, ssl_status,ssl_www) VALUES ($uid, '".$email."','".$domain."','".$time."', 0, '".$wwwoption."')"); $sql->execute(); return $wwwoption; } public function SSLRenew($domain_name) { $sql = $this->zdbh->prepare("SELECT ssl_doamin,ssl_www FROM x_ssl WHERE ssl_doamin=:ssl_doamin"); $sql->bindParam(':ssl_doamin', $domain_name); $sql->execute(); $row = $sql->fetch(); $domain = $row['ssl_doamin']; $www = $row['ssl_www']; if($www == "") { $www = 0; } /*==============================Socket==============================*/ $getcwd =__FILE__; $input="renewalSSL\n$domain\n$www\n$getcwd"; $output = ctrl_module::ConnectServerSocket($input); if(!$output){ self::$tryagain=true; return false; } return SSL_RENEW_SUCCESSFULLY; } public function checkWPAdminPostFilePathBlockedinModSecurity($domain_name, $url_path) { $domain_user = $this->getusernamebasedonDomain($domain_name); $return = $this->findModSecurityBlockedIdsAndUnblock($domain_name, $domain_user, $url_path); return $return; } public function findModSecurityBlockedIdsAndUnblock($domain_name, $domain_user, $url) { $domain_name=runtime_sanatizeItem::sanatizeItem(runtime_xss::xssClean($domain_name),'url'); $sql = "select * from x_vhosts where vh_name_vc=:domain and vh_deleted_ts IS NULL"; $numrows = $this->zdbh->prepare($sql); $numrows->bindParam(':domain', $domain_name); $numrows->execute(); if ($numrows->rowCount() == 0) { return false; } $sql = "select * from x_accounts where ac_user_vc=:username and ac_deleted_ts IS NULL"; $numrows = $conn->prepare($sql); $numrows->bindParam(':username', $domain_user); $numrows->execute(); if ($numrows->rowCount() == 0) { return false; } $log_file_name = "/var/sentora/logs/domains/$domain_user/$domain_name-error.log"; $mod_ids_check_res = $this->getModSecurityIdsBlockedofURLPath($domain_name, $domain_user, $url); echo "Response of getModSecurityIdsBlockedofURLPath : ".$mod_ids_check_res."\n"; if($mod_ids_check_res == THIS_URL_PATH_NOT_BLOCKED_BY_MOD_SECURITY) { return THIS_URL_PATH_NOT_BLOCKED_BY_MOD_SECURITY; } $mod_blocked_ids = explode(" ", $mod_ids_check_res); $values = "<FilesMatch \"/\">\n"; foreach($mod_blocked_ids as $id) { $values .= "SecRuleRemoveById ".$id."\n"; } $values .= '</FilesMatch>'; echo $values."\n"; shell_exec("echo '$values' >> /etc/sentora/configs/apache/httpd.conf;"); $time = microtime(true); $cmd_for_rename_error_log = "mv ".$log_file_name." ".$log_file_name."_aisa_backup_".$time; echo "Move Log to Backup : $cmd_for_rename_error_log\n"; shell_exec($cmd_for_rename_error_log); $create_log_file = "touch $log_file_name"; echo "Create Log file : $create_log_file\n"; shell_exec($create_log_file); shell_exec("service httpd reload"); return URL_PATH_BLOCKED_BY_MOD_SECURITY_SON_ENABLED." ".$log_file_name."_aisa_backup_".$time; } public function getModSecurityIdsBlockedofURLPath($domain_name, $domain_user, $url) { $domain_name=runtime_sanatizeItem::sanatizeItem(runtime_xss::xssClean($domain_name),'url'); $sql = "select * from x_vhosts where vh_name_vc=:domain and vh_deleted_ts IS NULL"; $numrows = $this->zdbh->prepare($sql); $numrows->bindParam(':domain', $domain_name); $numrows->execute(); if ($numrows->rowCount() == 0) { return false; } $sql = "select * from x_accounts where ac_user_vc=:username and ac_deleted_ts IS NULL"; $numrows = $conn->prepare($sql); $numrows->bindParam(':username', $domain_user); $numrows->execute(); if ($numrows->rowCount() == 0) { return false; } $log_file_name = "/var/sentora/logs/domains/$domain_user/$domain_name-error.log"; echo $log_file_name."\n"; $url_file_path = parse_url($url); $path = $url_file_path['path']; $path = str_replace("/","\/",$path); $cmd_for_get_mod_errors = "grep '$path' $log_file_name | grep 'ModSecurity' | grep 'id \"'"; echo "Command for get mod errors : $cmd_for_get_mod_errors\n"; $mod_errors = shell_exec($cmd_for_get_mod_errors); $mod_errors = trim($mod_errors); $mod_data_arra = explode("\n", $mod_errors); $ids = array(); $mod_data_arra = array_filter($mod_data_arra); $mod_data_arra = array_unique($mod_data_arra); if(count($mod_data_arra) == 0) { return THIS_URL_PATH_NOT_BLOCKED_BY_MOD_SECURITY; } foreach($mod_data_arra as $values) { $id = trim(get_string_between_words($values, '[id "', '"]')); if($id) array_push($ids, $id); } $ids = array_filter($ids); $ids = array_unique($ids); if(count($ids) > 0) { $return = implode(" ",$ids); return $return; } else { return THIS_URL_PATH_NOT_BLOCKED_BY_MOD_SECURITY; } } } ?>
Edit
Download
Unzip
Chmod
Delete
