2013-08-28 22:47:04 +02:00
< ? php
2013-10-01 20:30:50 +02:00
2013-08-28 22:47:04 +02:00
/**
* File : userpanel_substitutes . php .
* Author : Ulrich Block
* Date : 18.08 . 13
* Time : 13 : 25
* Contact : < ulrich . block @ easy - wi . com >
* Ticket : https :// github . com / easy - wi / developer / issues / 2
*
* This file is part of Easy - WI .
*
* Easy - WI is free software : you can redistribute it and / or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation , either version 3 of the License , or
* ( at your option ) any later version .
*
* Easy - WI is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
*
* You should have received a copy of the GNU General Public License
* along with Easy - WI . If not , see < http :// www . gnu . org / licenses />.
*
* Diese Datei ist Teil von Easy - WI .
*
* Easy - WI ist Freie Software : Sie koennen es unter den Bedingungen
* der GNU General Public License , wie von der Free Software Foundation ,
* Version 3 der Lizenz oder ( nach Ihrer Wahl ) jeder spaeteren
* veroeffentlichten Version , weiterverbreiten und / oder modifizieren .
*
* Easy - WI wird in der Hoffnung , dass es nuetzlich sein wird , aber
* OHNE JEDE GEWAEHELEISTUNG , bereitgestellt ; sogar ohne die implizite
* Gewaehrleistung der MARKTFAEHIGKEIT oder EIGNUNG FUER EINEN BESTIMMTEN ZWECK .
* Siehe die GNU General Public License fuer weitere Details .
*
* Sie sollten eine Kopie der GNU General Public License zusammen mit diesem
* Programm erhalten haben . Wenn nicht , siehe < http :// www . gnu . org / licenses />.
*/
if ( ! isset ( $main ) or $main != 1 or ! isset ( $user_id ) or ! isset ( $user_language ) or ! isset ( $reseller_id ) or isset ( $_SESSION [ 'substitute' ])) {
header ( 'Location: userpanel.php' );
die ;
}
2013-09-27 08:22:09 +02:00
include ( EASYWIDIR . '/stuff/keyphrasefile.php' );
2013-09-29 15:29:58 +02:00
$sprache = getlanguagefile ( 'user' , $user_language , $reseller_id );
2013-08-28 22:47:04 +02:00
if ( $ui -> w ( 'action' , 4 , 'post' ) and ! token ( true )) {
2013-09-29 15:29:58 +02:00
$template_file = $spracheResponse -> token ;
2013-08-28 22:47:04 +02:00
} else if ( $ui -> id ( 'id' , 10 , 'get' ) or $ui -> st ( 'd' , 'get' ) == 'ad' ) {
2013-09-29 15:29:58 +02:00
$template_file = 'userpanel_404.tpl' ;
2013-08-28 22:47:04 +02:00
$id = $ui -> id ( 'id' , 10 , 'get' );
if ( $ui -> st ( 'd' , 'get' ) == 'ad' or $ui -> st ( 'd' , 'get' ) == 'md' ) {
2013-09-29 15:29:58 +02:00
$db = array ();
$gs = array ();
$vo = array ();
$vd = array ();
$vs = array ();
$ro = array ();
$query = $sql -> prepare ( " SELECT `id`,`dbname` FROM `mysql_external_dbs` WHERE `uid`=? AND `resellerid`=? AND `active`='Y' " );
2013-08-28 22:47:04 +02:00
$query -> execute ( array ( $user_id , $reseller_id ));
foreach ( $query -> fetchAll ( PDO :: FETCH_ASSOC ) as $row ) $db [ $row [ 'id' ]] = $row [ 'dbname' ];
2013-09-29 15:29:58 +02:00
$query = $sql -> prepare ( " SELECT `id`,CONCAT(`serverip`,':',`port`) AS `address` FROM `gsswitch` WHERE `userid`=? AND `resellerid`=? AND `active`='Y' " );
2013-08-28 22:47:04 +02:00
$query -> execute ( array ( $user_id , $reseller_id ));
foreach ( $query -> fetchAll ( PDO :: FETCH_ASSOC ) as $row ) $gs [ $row [ 'id' ]] = $row [ 'address' ];
2013-09-29 15:29:58 +02:00
$query = $sql -> prepare ( " SELECT `id`,CONCAT(`ip`,':',`port`) AS `address` FROM `voice_server` WHERE `userid`=? AND `resellerid`=? AND `active`='Y' " );
2013-08-28 22:47:04 +02:00
$query -> execute ( array ( $user_id , $reseller_id ));
foreach ( $query -> fetchAll ( PDO :: FETCH_ASSOC ) as $row ) $vo [ $row [ 'id' ]] = $row [ 'address' ];
2013-09-29 15:29:58 +02:00
$query = $sql -> prepare ( " SELECT `dnsID`,`dns` FROM `voice_dns` WHERE `userID`=? AND `resellerID`=? AND `active`='Y' " );
2013-08-28 22:47:04 +02:00
$query -> execute ( array ( $user_id , $reseller_id ));
foreach ( $query -> fetchAll ( PDO :: FETCH_ASSOC ) as $row ) $vd [ $row [ 'dnsID' ]] = $row [ 'dns' ];
2013-09-29 15:29:58 +02:00
$query = $sql -> prepare ( " SELECT `id`,`ip` FROM `virtualcontainer` WHERE `userid`=? AND `resellerid`=? AND `active`='Y' " );
2013-08-28 22:47:04 +02:00
$query -> execute ( array ( $user_id , $reseller_id ));
foreach ( $query -> fetchAll ( PDO :: FETCH_ASSOC ) as $row ) $vs [ $row [ 'id' ]] = $row [ 'ip' ];
2013-09-29 15:29:58 +02:00
$query = $sql -> prepare ( " SELECT `dedicatedID`,`ip` FROM `rootsDedicated` WHERE `userID`=? AND `resellerID`=? AND `active`='Y' " );
2013-08-28 22:47:04 +02:00
$query -> execute ( array ( $user_id , $reseller_id ));
foreach ( $query -> fetchAll ( PDO :: FETCH_ASSOC ) as $row ) $ro [ $row [ 'dedicatedID' ]] = $row [ 'ip' ];
}
if ( ! $ui -> st ( 'action' , 'post' ) and $ui -> st ( 'd' , 'get' ) == 'ad' ) {
$randompass = passwordgenerate ( 10 );
2013-09-29 15:29:58 +02:00
$template_file = 'userpanel_substitutes_add.tpl' ;
2013-08-28 22:47:04 +02:00
} else if ( ! $ui -> st ( 'action' , 'post' ) and $ui -> id ( 'id' , 10 , 'get' ) and ( $ui -> st ( 'd' , 'get' ) == 'md' or $ui -> st ( 'd' , 'get' ) == 'dl' )) {
2013-09-29 15:29:58 +02:00
$query = $sql -> prepare ( " SELECT `loginName`,`active`,`name`,`vname` FROM `userdata_substitutes` WHERE `sID`=? AND `resellerID`=? LIMIT 1 " );
2013-08-28 22:47:04 +02:00
$query -> execute ( array ( $id , $reseller_id ));
foreach ( $query -> fetchAll ( PDO :: FETCH_ASSOC ) as $row ) {
$loginName = $row [ 'loginName' ];
$active = $row [ 'active' ];
$name = $row [ 'name' ];
$vname = $row [ 'vname' ];
2013-09-29 15:29:58 +02:00
$template_file = ( $ui -> st ( 'd' , 'get' ) == 'md' ) ? 'userpanel_substitutes_mod.tpl' : 'userpanel_substitutes_del.tpl' ;
2013-08-28 22:47:04 +02:00
}
if ( $ui -> st ( 'd' , 'get' ) == 'md' ) {
2013-09-29 15:29:58 +02:00
$as = array ();
$query = $sql -> prepare ( " SELECT `oID`,`oType` FROM `userdata_substitutes_servers` WHERE `sID`=? AND `resellerID`=? " );
2013-08-28 22:47:04 +02:00
$query -> execute ( array ( $id , $reseller_id ));
foreach ( $query -> fetchAll ( PDO :: FETCH_ASSOC ) as $row ) {
2013-10-01 20:30:50 +02:00
$as [ $row [ 'oType' ]][ $row [ 'oID' ]] = true ;
2013-08-28 22:47:04 +02:00
}
}
} else if ( $ui -> st ( 'action' , 'post' ) == 'ad' or ( $ui -> st ( 'action' , 'post' ) == 'md' and $ui -> id ( 'id' , 10 , 'get' ))) {
$id = $ui -> id ( 'id' , 10 , 'get' );
if ( $ui -> st ( 'action' , 'post' ) == 'ad' ) {
2013-09-29 15:29:58 +02:00
if ( ! $ui -> names ( 'loginName' , 255 , 'post' ) or ( $rSA [ 'prefix1' ] == 'Y' and $rSA [ 'prefix2' ] != '' and preg_match ( '/^' . $rSA [ 'prefix2' ] . '[0-9]{0,}+$/' , $ui -> names ( 'loginName' , 255 , 'post' )))) $template_file = $spracheResponse -> errorUsername ;
$query = $sql -> prepare ( " SELECT 1 FROM `userdata_substitutes` WHERE `loginName`=? LIMIT 1 " );
2013-08-28 22:47:04 +02:00
$query -> execute ( array ( $ui -> names ( 'loginName' , 255 , 'post' )));
if ( $query -> rowCount () > 0 ) $userError = $spracheResponse -> error_username ;
2013-09-29 15:29:58 +02:00
$query = $sql -> prepare ( " SELECT 1 FROM `userdata` WHERE `cname`=? LIMIT 1 " );
2013-08-28 22:47:04 +02:00
$query -> execute ( array ( $ui -> names ( 'loginName' , 255 , 'post' )));
if ( $query -> rowCount () > 0 ) $userError = $spracheResponse -> error_username ;
if ( isset ( $userError )) {
2013-09-29 15:29:58 +02:00
$template_file = $userError ;
2013-08-28 22:47:04 +02:00
} else {
$salt = md5 ( mt_rand () . date ( 'Y-m-d H:i:s:u' ));
2013-09-29 15:29:58 +02:00
$query = $sql -> prepare ( " INSERT INTO `userdata_substitutes` (`userID`,`active`,`loginName`,`name`,`vname`,`salt`,`passwordHashed`,`resellerID`) VALUES (?,?,?,?,?,?,?,?) " );
2013-08-28 22:47:04 +02:00
$query -> execute ( array ( $user_id , $ui -> active ( 'active' , 'post' ), $ui -> names ( 'loginName' , 255 , 'post' ), $ui -> names ( 'name' , 255 , 'post' ), $ui -> names ( 'vname' , 255 , 'post' ), $salt , createHash ( $ui -> names ( 'loginName' , 255 , 'post' ), $ui -> password ( 'security' , 255 , 'post' ), $salt , $aeskey ), $reseller_id ));
2013-10-01 20:30:50 +02:00
if ( $query -> rowCount () > 0 ) {
$changed = true ;
}
2013-08-28 22:47:04 +02:00
$id = $sql -> lastInsertId ();
}
} else if ( $ui -> st ( 'action' , 'post' ) == 'md' and $ui -> id ( 'id' , 10 , 'get' )) {
if ( $ui -> password ( 'security' , 255 , 'post' ) != '(encrypted)' ) {
$salt = md5 ( mt_rand () . date ( 'Y-m-d H:i:s:u' ));
2013-09-29 15:29:58 +02:00
$query = $sql -> prepare ( " SELECT `loginName` FROM `userdata_substitutes` WHERE `sID`=? AND `resellerID`=? LIMIT 1 " );
2013-08-28 22:47:04 +02:00
$query -> execute ( array ( $id , $reseller_id ));
$loginName = $query -> fetchColumn ();
2013-09-29 15:29:58 +02:00
$query = $sql -> prepare ( " UPDATE `userdata_substitutes` SET `active`=?,`name`=?,`vname`=?,`salt`=?,`passwordHashed`=? WHERE `sID`=? AND `userID`=? AND `resellerID`=? LIMIT 1 " );
2013-08-28 22:47:04 +02:00
$query -> execute ( array ( $ui -> active ( 'active' , 'post' ), $ui -> names ( 'name' , 255 , 'post' ), $ui -> names ( 'vname' , 255 , 'post' ), $salt , createHash ( $loginName , $ui -> password ( 'security' , 255 , 'post' ), $salt , $aeskey ), $id , $user_id , $reseller_id ));
} else {
2013-09-29 15:29:58 +02:00
$query = $sql -> prepare ( " UPDATE `userdata_substitutes` SET `active`=?,`name`=?,`vname`=? WHERE `sID`=? AND `userID`=? AND `resellerID`=? LIMIT 1 " );
2013-08-28 22:47:04 +02:00
$query -> execute ( array ( $ui -> active ( 'active' , 'post' ), $ui -> names ( 'name' , 255 , 'post' ), $ui -> names ( 'vname' , 255 , 'post' ), $id , $user_id , $reseller_id ));
}
2013-10-01 20:30:50 +02:00
if ( $query -> rowCount () > 0 ) {
$changed = true ;
}
2013-08-28 22:47:04 +02:00
}
if ( $id ) {
2013-09-29 15:29:58 +02:00
$query = $sql -> prepare ( " SELECT `oID`,`oType` FROM `userdata_substitutes_servers` WHERE `sID`=? AND `resellerID`=? " );
$query2 = $sql -> prepare ( " DELETE FROM `userdata_substitutes_servers` WHERE `oType`=? AND `oID`=? AND `sID`=? AND `resellerID`=? " );
2013-08-28 22:47:04 +02:00
$query -> execute ( array ( $id , $reseller_id ));
foreach ( $query -> fetchAll ( PDO :: FETCH_ASSOC ) as $row ) {
if ( ! $ui -> id ( $row [ 'oType' ], 10 , 'post' ) or ! in_array ( $row [ 'oID' ],( array ) $ui -> id ( $row [ 'oType' ], 10 , 'post' ))) {
$query2 -> execute ( array ( $row [ 'oType' ], $row [ 'oID' ], $id , $reseller_id ));
2013-10-01 20:30:50 +02:00
if ( $query2 -> rowCount () > 0 ) {
$changed = true ;
}
2013-08-28 22:47:04 +02:00
}
}
foreach ( array ( 'gs' , 'db' , 'vo' , 'vd' , 'vs' , 'ro' ) as $v ) {
if ( $ui -> id ( $v , 10 , 'post' )) {
2013-09-29 15:29:58 +02:00
$query = $sql -> prepare ( " INSERT INTO `userdata_substitutes_servers` (`sID`,`oType`,`oID`,`resellerID`) VALUES (?,?,?,?) ON DUPLICATE KEY UPDATE `sID`=`sID` " );
2013-08-28 22:47:04 +02:00
foreach ( $ui -> id ( $v , 10 , 'post' ) as $oID ) $query -> execute ( array ( $id , $v , $oID , $reseller_id ));
2013-10-01 20:30:50 +02:00
if ( $query -> rowCount () > 0 ) $changed = true ;
2013-08-28 22:47:04 +02:00
}
}
2013-09-29 15:29:58 +02:00
$template_file = ( isset ( $changed )) ? $spracheResponse -> table_add : $spracheResponse -> error_table ;
2013-08-28 22:47:04 +02:00
}
} else if ( $ui -> st ( 'action' , 'post' ) == 'dl' and $ui -> id ( 'id' , 10 , 'get' )) {
2013-09-29 15:29:58 +02:00
$query = $sql -> prepare ( " DELETE FROM `userdata_substitutes` WHERE `sID`=? AND `resellerID`=? LIMIT 1 " );
2013-08-28 22:47:04 +02:00
$query -> execute ( array ( $id , $reseller_id ));
2013-09-29 15:29:58 +02:00
$template_file = ( $query -> rowCount () > 0 ) ? $spracheResponse -> table_del : $spracheResponse -> notFound ;
$query = $sql -> prepare ( " DELETE o.* FROM `userdata_substitutes_servers` o LEFT JOIN `userdata_substitutes` s ON o.`sID`=s.`sID` WHERE s.`sID` IS NULL " );
2013-08-28 22:47:04 +02:00
$query -> execute ();
}
} else {
2013-09-29 15:29:58 +02:00
$table = array ();
$query = $sql -> prepare ( " SELECT `sID`,`loginName`,`active` FROM `userdata_substitutes` WHERE `userID`=? AND `resellerID`=? " );
2013-08-28 22:47:04 +02:00
$query -> execute ( array ( $user_id , $reseller_id ));
foreach ( $query -> fetchAll ( PDO :: FETCH_ASSOC ) as $row ) {
$table [] = array ( 'id' => $row [ 'sID' ], 'loginName' => $row [ 'loginName' ], 'active' => $row [ 'active' ]);
}
2013-09-29 15:29:58 +02:00
$template_file = 'userpanel_substitutes_list.tpl' ;
2013-08-28 22:47:04 +02:00
}
