Merge branch 'mergebranch' into 'master'

Feature merge



See merge request !256

Author: Marius Burkard

install/install.php

@@ -246,6 +246,8 @@
 
 if($install_mode == 'standard') {
 
+	$inst->dbmaster = $inst->db;
+	
 	//* Create the MySQL database
 	$inst->configure_database();
 
@@ -500,6 +502,9 @@
 		$inst->install_crontab();
 	} else swriteln('[ERROR] Cron not found');
 
+	swriteln('Detect IP addresses');
+	$inst->detect_ips();
+
 	swriteln('Restarting services ...');
 	if($conf['mysql']['installed'] == true && $conf['mysql']['init_script'] != '') system($inst->getinitcommand($conf['mysql']['init_script'], 'restart').' >/dev/null 2>&1');
 	if($conf['postfix']['installed'] == true && $conf['postfix']['init_script'] != '') system($inst->getinitcommand($conf['postfix']['init_script'], 'restart'));
@@ -696,6 +701,9 @@
 		swriteln('Configuring Pureftpd');
 		$inst->configure_pureftpd();
 	}
+	
+	swriteln('Detect IP addresses');
+	$inst->detect_ips();
 
 	//** Configure DNS
 	if(strtolower($inst->simple_query('Configure DNS Server', array('y', 'n'), 'y','configure_dns')) == 'y') {
@@ -866,6 +874,9 @@
 		if($conf['nginx']['php_fpm_init_script'] != '') system($inst->getinitcommand($conf['nginx']['php_fpm_init_script'], 'reload'));
 		if($conf['nginx']['init_script'] != '') system($inst->getinitcommand($conf['nginx']['init_script'], 'reload'));
 	}
+	
+	swriteln('Detect IP addresses');
+	$inst->detect_ips();
 
 
 

install/lib/installer_base.lib.php

@@ -371,6 +371,84 @@ public function add_database_server_record() {
 
 
 	}
+	
+	public function detect_ips(){
+		global $conf;
+
+		exec("ip addr show | awk '/global/ { print $2 }' | cut -d '/' -f 1", $output, $retval);
+		
+		if($retval == 0){
+			if(is_array($output) && !empty($output)){
+				foreach($output as $line){
+					$line = trim($line);
+					$ip_type = '';
+					if (filter_var($line, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
+						$ip_type = 'IPv4';
+					}
+					if (filter_var($line, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
+						$ip_type = 'IPv6';
+					}
+					if($ip_type == '') continue;
+					if($this->db->dbHost != $this->dbmaster->dbHost){
+						$this->dbmaster->query('INSERT INTO server_ip (
+							sys_userid, sys_groupid, sys_perm_user, sys_perm_group,
+							sys_perm_other, server_id, client_id, ip_type, ip_address,
+							virtualhost, virtualhost_port
+						) VALUES (
+							1,
+							1,
+							"riud",
+							"riud",
+							"",
+							?,
+							0,
+							?,
+							?,
+							"y",
+							"80,443"
+						)', $conf['server_id'], $ip_type, $line);
+						$server_ip_id = $this->dbmaster->insertID();
+						$this->db->query('INSERT INTO server_ip (
+							server_php_id, sys_userid, sys_groupid, sys_perm_user, sys_perm_group,
+							sys_perm_other, server_id, client_id, ip_type, ip_address,
+							virtualhost, virtualhost_port
+						) VALUES (
+							?,
+							1,
+							1,
+							"riud",
+							"riud",
+							"",
+							?,
+							0,
+							?,
+							?,
+							"y",
+							"80,443"
+						)', $server_ip_id, $conf['server_id'], $ip_type, $line);
+					} else {
+						$this->db->query('INSERT INTO server_ip (
+							sys_userid, sys_groupid, sys_perm_user, sys_perm_group,
+							sys_perm_other, server_id, client_id, ip_type, ip_address,
+							virtualhost, virtualhost_port
+						) VALUES (
+							1,
+							1,
+							"riud",
+							"riud",
+							"",
+							?,
+							0,
+							?,
+							?,
+							"y",
+							"80,443"
+						)', $conf['server_id'], $ip_type, $line);
+					}
+				}
+			}
+		}
+	}
 
 	public function grant_master_database_rights($verbose = false) {
 		global $conf;

install/sql/ispconfig3.sql

@@ -257,6 +257,9 @@ CREATE TABLE `client` (
   `customer_no_counter` int(11) NOT NULL DEFAULT '0',
   `added_date` date NOT NULL DEFAULT '0000-00-00',
   `added_by` varchar(255) DEFAULT NULL,
+  `validation_status` enum('accept','review','reject') NOT NULL DEFAULT 'accept',
+  `risk_score` int(10) unsigned NOT NULL DEFAULT '0',
+  `activation_code` varchar(10) NOT NULL DEFAULT '',
   PRIMARY KEY (`client_id`)
 ) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
 
@@ -455,6 +458,7 @@ CREATE TABLE IF NOT EXISTS `directive_snippets` (
   `customer_viewable` ENUM('n','y') NOT NULL DEFAULT 'n',
   `required_php_snippets` varchar(255) NOT NULL DEFAULT '',
   `active` enum('n','y') NOT NULL DEFAULT 'y',
+  `master_directive_snippets_id` int(11) unsigned NOT NULL DEFAULT '0',
   PRIMARY KEY (`directive_snippets_id`)
 ) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
 
@@ -1946,6 +1950,7 @@ CREATE TABLE `web_domain` (
   `enable_pagespeed` ENUM('y','n') NOT NULL DEFAULT 'n',
   `http_port` int(11) unsigned NOT NULL DEFAULT '80',
   `https_port` int(11) unsigned NOT NULL DEFAULT '443',
+  `folder_directive_snippets` text NOT NULL,
   PRIMARY KEY  (`domain_id`),
   UNIQUE KEY `serverdomain` (  `server_id` , `ip_address`,  `domain` )
 ) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;

install/tpl/server.ini.master

@@ -18,6 +18,7 @@ admin_notify_events=1
 backup_dir=/var/backup
 backup_dir_is_mount=n
 backup_mode=rootgz
+backup_time=0:00
 backup_delete=n
 monit_url=
 monit_user=
@@ -46,7 +47,7 @@ relayhost_password=
 mailbox_size_limit=0
 message_size_limit=0
 mailbox_quota_stats=y
-realtime_blackhole_list=
+realtime_blackhole_list=zen.spamhaus.org
 overquota_notify_admin=y
 overquota_notify_client=y
 overquota_notify_freq=7
@@ -78,7 +79,6 @@ apps_vhost_ip=_default_
 apps_vhost_servername=
 php_open_basedir=[website_path]/web:[website_path]/private:[website_path]/tmp:/var/www/[website_domain]/web:/srv/www/[website_domain]/web:/usr/share/php5:/usr/share/php:/tmp:/usr/share/phpmyadmin:/etc/phpmyadmin:/var/lib/phpmyadmin
 htaccess_allow_override=All
-enable_spdy=y
 awstats_conf_dir=/etc/awstats
 awstats_data_dir=/var/lib/awstats
 awstats_pl=/usr/lib/cgi-bin/awstats.pl
@@ -131,7 +131,7 @@ fastcgi_config_syntax=1
 [jailkit]
 jailkit_chroot_home=/home/[username]
 jailkit_chroot_app_sections=basicshell editors extendedshell netutils ssh sftp scp groups jk_lsh
-jailkit_chroot_app_programs=/usr/bin/groups /usr/bin/id /usr/bin/dircolors /usr/bin/lesspipe /usr/bin/basename /usr/bin/dirname /usr/bin/nano /usr/bin/pico /usr/bin/mysql /usr/bin/mysqldump /usr/bin/git /usr/bin/git-receive-pack /usr/bin/git-upload-pack /usr/bin/unzip /usr/bin/zip /bin/tar /bin/rm /usr/bin/patch
+jailkit_chroot_app_programs=/usr/bin/groups /usr/bin/id /usr/bin/dircolors /usr/bin/lesspipe /usr/bin/basename /usr/bin/dirname /usr/bin/nano /usr/bin/pico /usr/bin/mysql /usr/bin/mysqldump /usr/bin/git /usr/bin/git-receive-pack /usr/bin/git-upload-pack /usr/bin/unzip /usr/bin/zip /bin/tar /bin/rm /usr/bin/patch /usr/bin/which /usr/lib/x86_64-linux-gnu/libmemcached.so.11 /usr/lib/x86_64-linux-gnu/libmemcachedutil.so.2 /usr/lib/x86_64-linux-gnu/libMagickWand-6.Q16.so.2 /opt/php-5.6.8/bin/php /opt/php-5.6.8/include /opt/php-5.6.8/lib
 jailkit_chroot_cron_programs=/usr/bin/php /usr/bin/perl /usr/share/perl /usr/share/php
 
 [vlogger]

interface/lib/classes/functions.inc.php

@@ -390,7 +390,45 @@ public function getimagesizefromstring($string){
 			return getimagesizefromstring($string);
 		}		
 	}
+	
+	public function password($minLength = 10, $special = false){
+		global $app;
+	
+		$iteration = 0;
+		$password = "";
+		$maxLength = $minLength + 5;
+		$length = $this->getRandomInt($minLength, $maxLength);
+
+		while($iteration < $length){
+			$randomNumber = (floor(((mt_rand() / mt_getrandmax()) * 100)) % 94) + 33;
+			if(!$special){
+				if (($randomNumber >=33) && ($randomNumber <=47)) { continue; }
+				if (($randomNumber >=58) && ($randomNumber <=64)) { continue; }
+				if (($randomNumber >=91) && ($randomNumber <=96)) { continue; }
+				if (($randomNumber >=123) && ($randomNumber <=126)) { continue; }
+			}
+			$iteration++;
+			$password .= chr($randomNumber);
+		}
+		$app->uses('validate_password');
+		if($app->validate_password->password_check('', $password, '') !== false) $password = $this->password($minLength, $special);
+		return $password;
+	}
 
+	public function getRandomInt($min, $max){
+		return floor((mt_rand() / mt_getrandmax()) * ($max - $min + 1)) + $min;
+	}
+	
+	public function generate_customer_no(){
+		global $app;
+		// generate customer no.
+		$customer_no = mt_rand(100000, 999999);
+		while($app->db->queryOneRecord("SELECT client_id FROM client WHERE customer_no = ?", $customer_no)) {
+			$customer_no = mt_rand(100000, 999999);
+		}
+		
+		return $customer_no;
+	}
 }
 
 ?>

interface/lib/classes/listform.inc.php

@@ -257,10 +257,23 @@ public function getSearchSQL($sql_where = '')
 						$searchval = $year.'-'.$month.'-'.$day;
 					}
 				}
+				
+				if($i['datatype'] == 'BOOLEAN' && $searchval != ''){
+					if (!function_exists('boolval')) {
+						$searchval = (bool) $searchval;
+						if($searchval === true){
+							$searchval = 'TRUE';
+						} else {
+							$searchval = 'FALSE';
+						}
+					} else {
+						$searchval = boolval($searchval)? 'TRUE' : 'FALSE';
+					}
+				}
 
 				// if($_REQUEST[$search_prefix.$field] != '') $sql_where .= " $field ".$i["op"]." '".$i["prefix"].$_REQUEST[$search_prefix.$field].$i["suffix"]."' and";
 				if(isset($searchval) && $searchval != ''){
-					$sql_where .= " ".($table != ''? $table.'.' : $this->listDef['table'].'.')."$field ".$i['op']." '".$app->db->quote($i['prefix'].$searchval.$i['suffix'])."' and";
+					$sql_where .= " ".($table != ''? $table.'.' : $this->listDef['table'].'.')."$field ".$i['op']." ".($i['datatype'] == 'BOOLEAN'? "" : "'").$app->db->quote($i['prefix'].$searchval.$i['suffix']).($i['datatype'] == 'BOOLEAN'? "" : "'")." and";
 				}
 			}
 		}
@@ -384,7 +397,7 @@ public function getPagingHTML($vars)
 		if(isset($vars['show_page_back']) && $vars['show_page_back'] == 1){
 			$content .= '<li><a href="#" data-load-content="'.$vars['list_file'].'?page=0'.$vars['page_params'].'" aria-label="First">
 			<span aria-hidden="true">&laquo;</span></a></li>';
-			$content .= '<li><a href="#" data-load-content='.$vars['list_file'].'?page='.$vars['last_page'].$vars['page_params'].'" aria-label="Previous">
+			$content .= '<li><a href="#" data-load-content="'.$vars['list_file'].'?page='.$vars['last_page'].$vars['page_params'].'" aria-label="Previous">
 			<span aria-hidden="true">&lsaquo;</span></a></li>';
 		}
 		$prev = -1;
@@ -501,6 +514,14 @@ public function decode($record)
 					case 'CURRENCY':
 						$record[$key] = $app->functions->currency_format($record[$key]);
 						break;
+						
+					case 'BOOLEAN':
+						if (!function_exists('boolval')) {
+							$record[$key] = (bool) $record[$key];
+						} else {
+							$record[$key] = boolval($record[$key]);
+						}
+						break;
 
 					default:
 						$record[$key] = htmlentities(stripslashes($record[$key]), ENT_QUOTES, $conf["html_content_encoding"]);
@@ -564,6 +585,14 @@ public function encode($record)
 				case 'CURRENCY':
 					$record[$key] = str_replace(',', '.', $record[$key]);
 					break;
+				
+				case 'BOOLEAN':
+					if (!function_exists('boolval')) {
+						$record[$key] = (bool) $record[$key];
+					} else {
+						$record[$key] = boolval($record[$key]);
+					}
+					break;
 				}
 			}
 		}

interface/lib/classes/remote.d/client.inc.php

@@ -526,22 +526,24 @@ public function client_get_all($session_id) {
 	 * @param int  client id
 	 * @param string new password
 	 * @return bool true if success
-	 * @author Julio Montoya <gugli100@gmail.com> BeezNest 2010
 	 *
 	 */
 	public function client_change_password($session_id, $client_id, $new_password) {
 		global $app;
 
+		$app->uses('auth');
+
 		if(!$this->checkPerm($session_id, 'client_change_password')) {
 			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
 			return false;
 		}
-		$client_id = $app->functions->intval($client_id);
+
 		$client = $app->db->queryOneRecord("SELECT client_id FROM client WHERE client_id = ?", $client_id);
 		if($client['client_id'] > 0) {
-			$sql = "UPDATE client SET password = md5(?) 	WHERE client_id = ?";
+			$new_password = $app->auth->crypt_password($new_password);
+			$sql = "UPDATE client SET password = ? 	WHERE client_id = ?";
 			$app->db->query($sql, $new_password, $client_id);
-			$sql = "UPDATE sys_user SET passwort = md5(?) 	WHERE client_id = ?";
+			$sql = "UPDATE sys_user SET passwort = ? 	WHERE client_id = ?";
 			$app->db->query($sql, $new_password, $client_id);
 			return true;
 		} else {
@@ -681,7 +683,6 @@ public function client_login_get($session_id,$username,$password,$remote_ip = ''
 
 		return $returnval;
 	}
-
 }
 
 ?>

interface/lib/classes/tform_base.inc.php

@@ -878,6 +878,9 @@ function filterField($field_name, $field_value, $filters, $filter_event) {
 				case 'TRIM':
 					$returnval = trim($returnval);
 					break;
+				case 'NOWHITESPACE':
+					$returnval = preg_replace('/\s+/', '', $returnval);
+					break;
 				default:
 					$this->errorMessage .= "Unknown Filter: ".$filter['type'];
 					break;

interface/lib/classes/validate_password.inc.php

@@ -33,6 +33,7 @@ class validate_password {
 
 	private function _get_password_strength($password) {
 		$length = strlen($password);
+		
 		$points = 0;
 		if ($length < 5) {
 			return 1;
@@ -53,7 +54,7 @@ private function _get_password_strength($password) {
 			$different += 1;
 		}
 
-		if (preg_match('/[`~!@#$%^&*()_+|\\=-\[\]}{\';:\/?.>,<" ]/', $password)) {
+		if (preg_match('/[`~!@#$%^&*()_+|\\=\-\[\]}{\';:\/?.>,<" ]/', $password)) {
 			$points += 1;
 			$different += 1;
 		}