GSP/Panel
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Panel/ControlPanel/_agent-linux/EHCP/updateInfo.php

144 lines
4.3 KiB
PHP
Executable file
Raw Blame History

<?php
if (file_exists("config.php")) {
include 'config.php';
} else {
die("config.php must exist within the installation root folder!");
}
include_once 'db_functions.php';
// Updates ftpuser's password
$success = 0;
$errorCount = 0;
if (isset($errors)) {
unset($errors);
}
if (isset($_GET['username'])) {
$ftp_username = $_GET['username'];
}
if (isset($_GET['password'])) {
$arrOfVals = trim($_GET['password']);
}
if (isset($arrOfVals) && !empty($arrOfVals)) {
$arrOfVals = explode("\n", $arrOfVals);
$arrOfVals = array_filter($arrOfVals);
foreach ($arrOfVals as $passIn) {
$passIn = trim($passIn);
// Replace all tabs or spaces
$pattern = '/\s+/';
$passIn = preg_replace($pattern, ' ', $passIn);
$keyAndVal = explode(' ', $passIn);
if (count($keyAndVal) == 2) {
$arr[$keyAndVal[0]] = $keyAndVal[1];
}
if (isset($arr['new_password']) && !empty($arr['new_password'])) {
$ftp_pass = $arr['new_password'];
}
if (isset($arr['Directory']) && !empty($arr['Directory'])) {
$update_dir = $arr['Directory'];
}
if (isset($arr['orig_user']) && !empty($arr['orig_user'])) {
$ftp_old_username = $arr['orig_user'];
}
if (isset($arr['Username']) && !empty($arr['Username'])) {
$ftp_username = $arr['Username'];
}
}
}
if (!isset($ftp_username) || !isset($update_dir)) {
$errorCount++;
$errors[] = "No FTP accounts could be modified! Updated username and homedir were not sent by the panel.";
} else {
if (substr_count($update_dir, '/') < 2) {
$errorCount++;
$errors[] = "In order to prevent security risks, users cannot be granted access to the main directories in the root file system of the server.&nbsp; You must go down two directory levels!&nbsp; Example: /games/user1!";
}
if (stripos($update_dir, "/") === FALSE || stripos($update_dir, "/") != 0) {
$errorCount++;
$errors[] = "You have not chosen a valid directory!";
}
if ($update_dir === "/var/www/" || stripos($update_dir, "/var/www/") !== FALSE) {
$errorCount++;
$errors[] = "You may not create ftp accounts into the protected EHCP directories using this program.&nbsp; Create these accounts using EHCP software.";
}
if (stripos($update_dir, "\\")) {
$errorCount++;
$errors[] = "This is not a Windows machine... use the correct slash character for path...";
}
// If the last character in the path is a slash (/) - Remove it from the string
if (substr_count($update_dir, '/') > 2 && $update_dir[strlen($update_dir) - 1] == "/") {
$end = strlen($update_dir) - 1;
$update_dir = substr($update_dir, 0, $end);
}
if ($errorCount == 0) {
// Security checks
if (isset($ftp_pass)) {
$ftp_password_db = escapeSQLStr($ftp_pass, $connection);
}
$ftp_username_db = escapeSQLStr($ftp_username, $connection);
$SQL = "SELECT * FROM ftpaccounts WHERE ftpusername = '$ftp_username_db'";
$Result = execSQL($SQL, $connection);
if ($Result !== FALSE) {
$count = countSQLResult($Result);
if ($count != 1) {
$errorCount++;
$errors[] = "FTP User " . $ftp_username . " does not exist in the database. Account information cannot be updated";
} else {
// Update user's password data into DB:
$SQL = "UPDATE ftpaccounts SET ";
if (isset($ftp_password_db)) {
$SQL.= "password=password('$ftp_password_db'), ";
}
$SQL.= "homedir='$update_dir' WHERE ftpusername='$ftp_username_db'";
$Result = execSQL($SQL, $connection);
if ($Result !== FALSE) {
$success = 1;
} else {
$errorCount++;
$errors[] = getSQLError($connection);
}
}
} else {
$errorCount++;
$errors[] = getSQLError($connection);
}
}
}
// Log errors
if ($errorCount > 0) {
addToLog($errors);
}
// Return value:
echo $success;
?>
Reference in a new issue View git blame Copy permalink