archive
/
utd-control-panel
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Unsupported scripts and control panel web app for a hosting company
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
Tree: 415764575f
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '415764575f'
${ noResults }
utd-control-panel/www/lib/account.php

account.php 6.3KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192 
  1. <?PHP

  2. 

  3.  require_once('lib/common.php');

  4.  require_once('lib/profiler.php');

  5.  require_once('lib/database.php');

  6. 

  7.  // Check IP bans

  8.  $sql  = 'SELECT ipban_message, ipban_expires FROM ipbans WHERE ipban_ip = \'';

  9.  $sql .= m($_SERVER['REMOTE_ADDR']).'\' AND ipban_expires > '.time();

  10.  $res = mq($sql, __FILE__, __LINE__);

  11.  

  12.  if (mysql_num_rows($res) > 0) {

  13.   if (!defined('FORBIDDEN')) {

  14.    header('Location: '.CP_PATH.'403');

  15.    exit;

  16.   } else {

  17.    $row = mysql_fetch_array($res);

  18.    define('REASON', $row['ipban_message']);

  19.    define('EXPIRES', $row['ipban_expires']);

  20.   }

  21.  }

  22. 

  23.  // Check to see if they're logged in

  24.  if (!isset($_COOKIE['utdsid']) && !defined('NOLOGINREF')) {

  25.   header('Location: '.CP_PATH.'login');

  26.   exit;

  27.  }

  28.  

  29.  // Prune old sessions

  30.  $sql  = 'DELETE FROM sessions WHERE session_last < '.(time()-60*60);

  31.  $sql .= ' OR session_start < '.(time()-60*60*24);

  32.  mq($sql, __FILE__, __LINE__); 

  33. 

  34.  // Select the user's session

  35.  $sql  = 'SELECT user_id, user_pass, user_name, user_admin, user_tac, ';

  36.  $sql .= 'session_spoof FROM sessions NATURAL JOIN users WHERE session_ident ';

  37.  $sql .= '= \''.m($_COOKIE['utdsid']).'\'';

  38. 

  39.  $res = mq($sql, __FILE__, __LINE__);

  40. 

  41.  // Make sure it exists

  42.  if (mysql_num_rows($res) <> 1  && !defined('NOLOGINREF')) {

  43.   header('Location: '.CP_PATH.'login');

  44.   exit;

  45.  } elseif (mysql_num_rows($res) == 1) {

  46.   $row = mysql_fetch_array($res);

  47. 

  48.   // Read the first line of the T&C (the version number)

  49.   $fh = fopen('/home/utd/common/tac.txt','r');

  50.   $tac = trim(fgets($fh));

  51.   fclose($fh);

  52. 

  53.   // Check they've agreed to it

  54.   if ((int)$tac > (int)$row['user_tac'] && !defined('NOTACREF')) {

  55.    header('Location: '.CP_PATH.'tac');

  56.    exit;

  57.   }

  58.   

  59.   // Check to see if it's an admin spoofing a user

  60.   if ($row['session_spoof'] != '0' && $row['user_admin'] == '1') {

  61.    $sql  = 'SELECT user_id, user_pass, user_name, user_admin, user_tac FROM ';

  62.    $sql .= 'users WHERE user_id = '.m($row['session_spoof']);

  63.    $res  = mq($sql, __FILE__, __LINE__);

  64.    define('SPOOF', $row['user_id']);

  65.    $row  = mysql_fetch_array($res);

  66.   }

  67. 

  68.   // Define some nice constants

  69.   define('USER', $row[2]);

  70.   define('PASS', $row[1]);

  71.   define('UID', $row[0]);

  72.   define('TAC', $row[4]);

  73.   if ($row[3] == '1') { define('ADMIN', True); }

  74. 

  75.   // Let's see what packages they have access to

  76.   $sql  = 'SELECT package_type FROM userpackages NATURAL JOIN packages WHERE ';

  77.   $sql .= 'user_id = '.UID.' AND up_active = 1';

  78.   $res  = mq($sql, __FILE__, __LINE__);

  79.   $packages = array('hosting'=>false,'dns'=>false,'backup'=>false,'ssh'=>false);

  80.   while ($row = mysql_fetch_array($res)) {

  81.    $packages[($row['package_type'])] = true;

  82.   }

  83.   foreach ($packages as $key=>$value) {

  84.    define('HAS_'.strtoupper($key),$value);

  85.   }

  86.  }

  87. 

  88.  // Function to change a user's password

  89.  function changePass ($uid, $newpass) {

  90.   $sql = 'SELECT user_name FROM users WHERE user_id = '.m($uid);

  91.   $res = mq($sql, __FILE__, __LINE__);

  92.   $row = mysql_fetch_array($res);

  93.   $uname = $row[0];

  94. 

  95.   $sql  = 'UPDATE users SET user_pass = \''.md5($uname.$newpass).'\' WHERE '; 

  96.   $sql .= 'user_name = \''.m($uname).'\'';

  97.   mq($sql) or mf(__FILE__, __LINE__, $sql);

  98. 

  99.   $sql  = 'SET PASSWORD FOR \''.m($uname).'\'@\'localhost\' = PASSWORD(\'';

  100.   $sql .= md5($uname.$newpass).'\')';

  101.   $l = mysql_connect('localhost', 'root', 'mysql32159');;

  102.   mysql_select_db('admin', $l);

  103.   mq($sql,$l) or mf(__FILE__, __LINE__, $sql);

  104.   mysql_close($l);

  105.   $_redodb = true; require('/home/utd/control/lib/database.php'); unset($_redodb);

  106. 

  107.   $sql  = 'INSERT INTO actions (user_id, action_type, action_value) VALUES (';

  108.   $sql .= m($uid).', \'pass\', \''.m($newpass).'\')';

  109.   mq($sql) or mf(__FILE__, __LINE__, $sql);

  110.  }

  111. 

  112.  function addUser ($username, $email, $pass, $tac, $slots = 1) {

  113.   if (!ctype_digit($slots) || $slots < 1 || $slots > 3) {

  114.    $slots = 1;

  115.   }

  116. 

  117.   $sql  = 'INSERT INTO users (user_name, user_pass, user_email, user_tac, ';

  118.   $sql .= 'band_total, hdd_total) VALUES (\''.m($username).'\', \'invalid\'';

  119.   $sql .= ', \''.m($email).'\', '.((int)$tac).', '.(50000000000*$slots).', ';

  120.   $sql .= (3500000000*$slots).')';

  121.   mq($sql) or mf(__FILE__, __LINE__, $sql);

  122.   $uid = mysql_insert_id();

  123. 

  124.   $sql  = 'GRANT USAGE ON *.* TO \''.m($username).'\'@\'localhost\' IDENTIFIED';

  125.   $sql .= 'BY \'dummypass123445\'';

  126.   $l = mysql_connect('localhost', 'root', 'mysql32159');;

  127.   mysql_select_db('admin', $l);

  128.   mq($sql,$l) or mf(__FILE__, __LINE__, $sql);

  129.   mysql_close($l);

  130.   $_redodb = true; require('/home/utd/control/lib/database.php'); unset($_redodb);

  131. 

  132.   $fqdn = m($username.'.utd-hosting.com');

  133. 

  134.   $sql  = 'INSERT INTO domains (user_id, domain_name, domain_enabled, domain_parent) VALUES (';

  135.   $sql .= (int)$uid.', \''.$fqdn.'\', 1, 16)';

  136.   mq($sql) or mf(__FILE__, __LINE__, $sql);

  137.   $domain = mysql_insert_id();

  138. 

  139.   $docroot = m('/home/'.$username.'/public_html');

  140.   $sql  = 'INSERT INTO sites (user_id, site_name, site_docroot, ';

  141.   $sql .= 'site_curdocroot) VALUES ('.(int)$uid.', \''.$fqdn;

  142.   $sql .= '\', \''.$docroot.'\', \''.$docroot.'\')';

  143.   mq($sql) or mf(__FILE__, __LINE__, $sql);

  144.   $site = mysql_insert_id();

  145. 

  146.   $sql  = 'INSERT INTO records (domain_id, record_type, record_value) VALUES (';

  147.   $sql .= (int)$domain.', \'UTD\', \''.(int)$site.'\')';

  148.   mq($sql) or mf(__FILE__, __LINE__, $sql);

  149. 

  150.   $sql  = 'INSERT INTO billing (bill_due, user_id, bill_paid, bill_amount) ';

  151.   $sql .= ' VALUES ('.time().', '.(int)$uid.', 1, '.(3500*$slots).')';

  152.   mq($sql) or mf(__FILE__, __LINE__, $sql);

  153. 

  154.   $sql  = 'INSERT INTO actions (user_id, action_type, action_value) VALUES (';

  155.   $sql .= (int)$uid.', \'create\', \'...\')';

  156.   mq($sql) or mf(__FILE__, __LINE__, $sql);

  157. 

  158.   changePass($uid, $pass);

  159.  }

  160. 

  161.  // Returns true if $pass is complex enough, or an error message if not

  162.  function validPass ($pass) {

  163.   if (preg_match('/[a-z]/',$pass)) {

  164.    if (preg_match('/[A-Z]/',$pass)) {

  165.     if (preg_match('/[0-9]/', $pass)) {

  166.      if (strlen($pass) < 5 || strlen($pass) > 20) {

  167.       return 'Please ensure your password is 5-20 characters long';

  168.      } else {

  169.       return true;

  170.      }

  171.     } else {

  172.      return 'Please ensure your password includes some numbers';

  173.     }

  174.    } else {

  175.     return 'Please ensure your password includes some uppercase letters';

  176.    }

  177.   } else {

  178.    return 'Please ensure your password includes some lowercase letters';

  179.   }

  180.  }

  181. 

  182.  function checkAccess($conditions) {

  183.   if ($conditions !== true) {

  184.    define('REASON', 'Insufficient access'); 

  185.    require('403.php');

  186.    exit(); 

  187.   }

  188.  }

  189.  

  190.  define('LIB_ACCOUNT', true);

  191. 

  192. ?>