forked from hestiacp/hestiacp
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathindex.php
More file actions
125 lines (107 loc) · 3.08 KB
/
index.php
File metadata and controls
125 lines (107 loc) · 3.08 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
<?php
$TAB = 'WEB';
// Main include
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Prepare values
if (!empty($_GET['domain'])) {
$v_domain = $_GET['domain'];
} else {
$v_domain = 'example.ltd';
}
$v_email = '';
$v_country = 'US';
$v_state = 'California';
$v_locality = 'San Francisco';
$v_org = 'MyCompany LLC';
$v_org_unit = 'IT';
// Back uri
$_SESSION['back'] = '';
// Check POST
if (!isset($_POST['generate'])) {
render_page($user, $TAB, 'generate_ssl');
exit;
}
// Check token
verify_csrf($_POST);
// Check input
if (empty($_POST['v_domain'])) {
$errors[] = _('Domain');
}
if (empty($_POST['v_country'])) {
$errors[] = _('Country');
}
if (empty($_POST['v_state'])) {
$errors[] = _('State');
}
if (empty($_POST['v_locality'])) {
$errors[] = _('City');
}
if (empty($_POST['v_org'])) {
$errors[] = _('Organization');
}
$v_domain = $_POST['v_domain'];
$v_aliases = $_POST['v_aliases'];
$v_email = $_POST['v_email'];
$v_country = $_POST['v_country'];
$v_state = $_POST['v_state'];
$v_locality = $_POST['v_locality'];
$v_org = $_POST['v_org'];
// Check for errors
if (!empty($errors[0])) {
foreach ($errors as $i => $error) {
if ($i == 0) {
$error_msg = $error;
} else {
$error_msg = $error_msg.", ".$error;
}
}
$_SESSION['error_msg'] = sprintf(_('Field "%s" can not be blank.'), $error_msg);
render_page($user, $TAB, 'generate_ssl');
unset($_SESSION['error_msg']);
exit;
}
// Protect input
$v_domain = escapeshellarg($_POST['v_domain']);
$waliases = preg_replace("/\n/", " ", $_POST['v_aliases']);
$waliases = preg_replace("/,/", " ", $waliases);
$waliases = preg_replace('/\s+/', ' ', $waliases);
$waliases = trim($waliases);
$aliases = explode(" ", $waliases);
$v_aliases = escapeshellarg(str_replace(' ', "\n", $waliases));
$v_email = escapeshellarg($_POST['v_email']);
$v_country = escapeshellarg($_POST['v_country']);
$v_state = escapeshellarg($_POST['v_state']);
$v_locality = escapeshellarg($_POST['v_locality']);
$v_org = escapeshellarg($_POST['v_org']);
exec(HESTIA_CMD."v-generate-ssl-cert ".$v_domain." ".$v_email." ".$v_country." ".$v_state." ".$v_locality." ".$v_org." IT ".$v_aliases." json", $output, $return_var);
// Revert to raw values
$v_domain = $_POST['v_domain'];
$v_email = $_POST['v_email'];
$v_country = $_POST['v_country'];
$v_state = $_POST['v_state'];
$v_locality = $_POST['v_locality'];
$v_org = $_POST['v_org'];
// Check return code
if ($return_var != 0) {
$error = implode('<br>', $output);
if (empty($error)) {
$error = sprintf(_('Error code:'), $return_var);
}
$_SESSION['error_msg'] = $error;
render_page($user, $TAB, 'generate_ssl');
unset($_SESSION['error_msg']);
exit;
}
// OK message
$_SESSION['ok_msg'] = _('SSL_GENERATED_OK');
// Parse output
$data = json_decode(implode('', $output), true);
unset($output);
$v_crt = $data[$v_domain]['CRT'];
$v_key = $data[$v_domain]['KEY'];
$v_csr = $data[$v_domain]['CSR'];
// Back uri
$_SESSION['back'] = $_SERVER['REQUEST_URI'];
// Render page
render_page($user, $TAB, 'list_ssl');
unset($_SESSION['ok_msg']);