bayrepo/hestiacp
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Initial

Browse Source
This commit is contained in:
Alexey Berezhok
2024-03-19 22:05:27 +03:00
commit 346a50856b
1572 changed files with 182163 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

101
web/add/access-key/index.php Normal file
View File

@@ -0,0 +1,101 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
$TAB = "Access Key";
// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Checks if API access is enabled
$api_status =
!empty($_SESSION["API_SYSTEM"]) && is_numeric($_SESSION["API_SYSTEM"])
? $_SESSION["API_SYSTEM"]
: 0;
if (($user_plain == "admin" && $api_status < 1) || ($user_plain != "admin" && $api_status < 2)) {
header("Location: /edit/user/");
exit();
}
// APIs available
exec(HESTIA_CMD . "v-list-apis json", $output, $return_var);
$apis = json_decode(implode("", $output), true);
$apis = array_filter($apis, function ($api) use ($user_plain) {
return $user_plain == "admin" || $api["ROLE"] == "user";
});
ksort($apis);
unset($output);
// Check POST request
if (!empty($_POST["ok"])) {
// Check token
verify_csrf($_POST);
// Validate apis
$apis_selected = !empty($_POST["v_apis"]) && is_array($_POST["v_apis"]) ? $_POST["v_apis"] : [];
$check_invalid_apis = array_filter($apis_selected, function ($selected) use ($apis) {
return !array_key_exists($selected, $apis);
});
if (empty($apis_selected)) {
$errors[] = _("Permissions");
} elseif (count($check_invalid_apis) > 0) {
//$errors[] = sprintf("%d apis not allowed", count($check_invalid_apis));
foreach ($check_invalid_apis as $api_name) {
$errors[] = sprintf("API %s not allowed", $api_name);
}
}
if (!empty($errors[0])) {
foreach ($errors as $i => $error) {
if ($i == 0) {
$error_msg = $error;
} else {
$error_msg = $error_msg . ", " . $error;
}
}
$_SESSION["error_msg"] = sprintf(_('Field "%s" can not be blank.'), $error_msg);
}
// Protect input
$v_apis = quoteshellarg(implode(",", $apis_selected));
$v_comment = quoteshellarg(trim($_POST["v_comment"] ?? ""));
// Add access key
if (empty($_SESSION["error_msg"])) {
exec(
HESTIA_CMD . "v-add-access-key " . $user . " " . $v_apis . " " . $v_comment . " json",
$output,
$return_var,
);
$key_data = json_decode(implode("", $output), true);
check_return_code($return_var, $output);
unset($output);
}
// Flush field values on success
if (empty($_SESSION["error_msg"])) {
$_SESSION["ok_msg"] = htmlify_trans(
sprintf(
_("Access key {%s} has been created successfully."),
htmlentities($key_data["ACCESS_KEY_ID"]),
),
"</code>",
"<code>",
);
unset($apis_selected);
unset($check_invalid_apis);
unset($v_apis);
unset($v_comment);
}
}
// Render
if (empty($key_data)) {
render_page($user, $TAB, "add_access_key");
} else {
render_page($user, $TAB, "list_access_key");
}
// Flush session messages
unset($_SESSION["error_msg"]);
unset($_SESSION["ok_msg"]);

17
web/add/cron/autoupdate/index.php Normal file
View File

@@ -0,0 +1,17 @@
<?php
ob_start();
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check token
verify_csrf($_GET);
if (
($_SESSION["userContext"] === "admin" && $_SESSION["POLICY_SYSTEM_HIDE_SERVICES"] == "no") ||
$_SESSION["user"] == "admin"
) {
exec(HESTIA_CMD . "v-add-cron-hestia-autoupdate", $output, $return_var);
unset($output);
}
header("Location: /list/updates/");
exit();

114
web/add/cron/index.php Normal file
View File

@@ -0,0 +1,114 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
$TAB = "CRON";
// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check POST request
if (!empty($_POST["ok"])) {
// Check token
verify_csrf($_POST);
// Check empty fields
if (!isset($_POST["v_min"]) || $_POST["v_min"] == "") {
$errors[] = _("Minute");
}
if (!isset($_POST["v_hour"]) || $_POST["v_hour"] == "") {
$errors[] = _("Hour");
}
if (!isset($_POST["v_day"]) || $_POST["v_day"] == "") {
$errors[] = _("Day");
}
if (!isset($_POST["v_month"]) || $_POST["v_month"] == "") {
$errors[] = _("Month");
}
if (!isset($_POST["v_wday"]) || $_POST["v_wday"] == "") {
$errors[] = _("Day of Week");
}
if (!isset($_POST["v_cmd"]) || $_POST["v_cmd"] == "") {
$errors[] = _("Command");
}
if (!empty($errors[0])) {
foreach ($errors as $i => $error) {
if ($i == 0) {
$error_msg = $error;
} else {
$error_msg = $error_msg . ", " . $error;
}
}
$_SESSION["error_msg"] = sprintf(_('Field "%s" can not be blank.'), $error_msg);
}
// Protect input
$v_min = quoteshellarg($_POST["v_min"]);
$v_hour = quoteshellarg($_POST["v_hour"]);
$v_day = quoteshellarg($_POST["v_day"]);
$v_month = quoteshellarg($_POST["v_month"]);
$v_wday = quoteshellarg($_POST["v_wday"]);
$v_cmd = quoteshellarg($_POST["v_cmd"]);
// Add cron job
if (empty($_SESSION["error_msg"])) {
exec(
HESTIA_CMD .
"v-add-cron-job " .
$user .
" " .
$v_min .
" " .
$v_hour .
" " .
$v_day .
" " .
$v_month .
" " .
$v_wday .
" " .
$v_cmd,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
}
// Flush field values on success
if (empty($_SESSION["error_msg"])) {
$_SESSION["ok_msg"] = _("Cron job has been created successfully.");
unset($v_min);
unset($v_hour);
unset($v_day);
unset($v_month);
unset($v_wday);
unset($v_cmd);
unset($output);
}
}
if (empty($v_cmd)) {
$v_cmd = "";
}
if (empty($v_month)) {
$v_month = "";
}
if (empty($v_day)) {
$v_day = "";
}
if (empty($v_wday)) {
$v_wday = "";
}
if (empty($v_hour)) {
$v_hour = "";
}
if (empty($v_min)) {
$v_min = "";
}
// Render
render_page($user, $TAB, "add_cron");
// Flush session messages
unset($_SESSION["error_msg"]);
unset($_SESSION["ok_msg"]);

12
web/add/cron/reports/index.php Normal file
View File

@@ -0,0 +1,12 @@
<?php
ob_start();
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check token
verify_csrf($_GET);
exec(HESTIA_CMD . "v-add-cron-reports " . $user, $output, $return_var);
unset($output);
header("Location: /list/cron/");
exit();

248
web/add/db/index.php Normal file
View File

@@ -0,0 +1,248 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
$TAB = "DB";
// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check POST request
if (!empty($_POST["ok"])) {
// Check token
verify_csrf($_POST);
// Check empty fields
if (empty($_POST["v_database"])) {
$errors[] = _("Database");
}
if (empty($_POST["v_dbuser"])) {
$errors[] = _("Username");
}
if (empty($_POST["v_password"])) {
$errors[] = _("Password");
}
if (empty($_POST["v_type"])) {
$errors[] = _("Type");
}
if (empty($_POST["v_host"])) {
$errors[] = _("Host");
}
if (empty($_POST["v_charset"])) {
$errors[] = _("Charset");
}
if (!empty($errors[0])) {
foreach ($errors as $i => $error) {
if ($i == 0) {
$error_msg = $error;
} else {
$error_msg = $error_msg . ", " . $error;
}
}
$_SESSION["error_msg"] = sprintf(_('Field "%s" can not be blank.'), $error_msg);
}
// Validate email
if (!empty($_POST["v_db_email"]) && empty($_SESSION["error_msg"])) {
if (!filter_var($_POST["v_db_email"], FILTER_VALIDATE_EMAIL)) {
$_SESSION["error_msg"] = _("Please enter a valid email address.");
}
}
// Check password length
if (empty($_SESSION["error_msg"])) {
if (!validate_password($_POST["v_password"])) {
$_SESSION["error_msg"] = _("Password does not match the minimum requirements.");
}
}
// Protect input
$v_database = quoteshellarg($_POST["v_database"]);
$v_dbuser = quoteshellarg($_POST["v_dbuser"]);
$v_type = $_POST["v_type"];
$v_charset = $_POST["v_charset"];
$v_host = $_POST["v_host"];
$v_db_email = $_POST["v_db_email"];
// Add database
if (empty($_SESSION["error_msg"])) {
$v_type = quoteshellarg($_POST["v_type"]);
$v_charset = quoteshellarg($_POST["v_charset"]);
$v_host = quoteshellarg($_POST["v_host"]);
$v_password = tempnam("/tmp", "vst");
$fp = fopen($v_password, "w");
fwrite($fp, $_POST["v_password"] . "\n");
fclose($fp);
exec(
HESTIA_CMD .
"v-add-database " .
$user .
" " .
$v_database .
" " .
$v_dbuser .
" " .
$v_password .
" " .
$v_type .
" " .
$v_host .
" " .
$v_charset,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
unlink($v_password);
$v_password = quoteshellarg($_POST["v_password"]);
$v_type = $_POST["v_type"];
$v_host = $_POST["v_host"];
$v_charset = $_POST["v_charset"];
}
// Get database manager url
if (empty($_SESSION["error_msg"])) {
[$http_host, $port] = explode(":", $_SERVER["HTTP_HOST"] . ":");
if ($_POST["v_host"] != "localhost") {
$http_host = $_POST["v_host"];
}
if ($_POST["v_type"] == "mysql") {
$db_admin = "phpMyAdmin";
}
if ($_POST["v_type"] == "mysql") {
$db_admin_link = "https://" . $http_host . "/phpmyadmin/";
}
if ($_POST["v_type"] == "mysql" && !empty($_SESSION["DB_PMA_ALIAS"])) {
$db_admin_link = "https://" . $http_host . "/" . $_SESSION["DB_PMA_ALIAS"];
}
if ($_POST["v_type"] == "pgsql") {
$db_admin = "phpPgAdmin";
}
if ($_POST["v_type"] == "pgsql") {
$db_admin_link = "https://" . $http_host . "/phppgadmin/";
}
if ($_POST["v_type"] == "pgsql" && !empty($_SESSION["DB_PGA_ALIAS"])) {
$db_admin_link = "https://" . $http_host . "/" . $_SESSION["DB_PGA_ALIAS"];
}
}
// Email login credentials
if (!empty($v_db_email) && empty($_SESSION["error_msg"])) {
$to = $v_db_email;
$template = get_email_template("database_credentials", $_SESSION["language"]);
if (!empty($template)) {
preg_match("/<subject>(.*?)<\/subject>/si", $template, $matches);
$subject = $matches[1];
$subject = str_replace(
["{{hostname}}", "{{appname}}", "{{dabase}}", "{{dbuser}}"],
[
get_hostname(),
$_SESSION["APP_NAME"],
$user_plain . "_" . $_POST["v_database"],
$user_plain . "_" . $_POST["v_dbuser"],
],
$subject,
);
$template = str_replace($matches[0], "", $template);
} else {
$template = _(
"Database has been created.\n" .
"\n" .
"Database: {{database}}\n" .
"Username: {{username}}\n" .
"Password: {{password}}\n" .
"SQL Manager: {{dbadmin}}\n" .
"\n" .
"Best regards,\n" .
"\n" .
"--\n" .
"{{appname}}",
);
}
if (empty($subject)) {
$subject = str_replace(
["{{subject}}", "{{hostname}}", "{{appname}}"],
[
sprintf(
_("Database Credentials: %s"),
$user_plain . "_" . $_POST["v_database"],
),
get_hostname(),
$_SESSION["APP_NAME"],
],
$_SESSION["SUBJECT_EMAIL"],
);
}
$hostname = get_hostname();
$from = !empty($_SESSION["FROM_EMAIL"]) ? $_SESSION["FROM_EMAIL"] : "noreply@" . $hostname;
$from_name = !empty($_SESSION["FROM_NAME"])
? $_SESSION["FROM_NAME"]
: $_SESSION["APP_NAME"];
$mailtext = translate_email($template, [
"database" => htmlentities($user_plain . "_" . $_POST["v_database"]),
"username" => htmlentities($user_plain . "_" . $_POST["v_dbuser"]),
"password" => htmlentities($_POST["v_password"]),
"dbadmin" => $db_admin_link,
"appname" => $_SESSION["APP_NAME"],
]);
send_email($to, $subject, $mailtext, $from, $from_name);
}
// Flush field values on success
if (empty($_SESSION["error_msg"])) {
$_SESSION["ok_msg"] = htmlify_trans(
sprintf(
_("Database {%s} has been created successfully. / {Open %s}"),
htmlentities($user_plain) . "_" . htmlentities($_POST["v_database"]),
htmlentities($user_plain) . "_" . htmlentities($_POST["v_database"]),
),
"</a>",
'<a href="/edit/db/?database=' .
htmlentities($user_plain) .
"_" .
htmlentities($_POST["v_database"]) .
'">',
'<a href="' . $db_admin_link . '" target="_blank">',
);
unset($v_database);
unset($v_dbuser);
unset($v_password);
unset($v_type);
unset($v_charset);
}
}
// Get user email
$v_db_email = "";
if (empty($v_database)) {
$v_database = "";
}
if (empty($v_dbuser)) {
$v_dbuser = "";
}
// List avaiable database types
$db_types = explode(",", $_SESSION["DB_SYSTEM"]);
// List available database servers
exec(HESTIA_CMD . "v-list-database-hosts json", $output, $return_var);
$db_hosts_tmp1 = json_decode(implode("", $output), true);
$db_hosts_tmp2 = array_map(function ($host) {
return $host["HOST"];
}, $db_hosts_tmp1);
$db_hosts = array_values(array_unique($db_hosts_tmp2));
unset($output);
unset($db_hosts_tmp1);
unset($db_hosts_tmp2);
$accept = $_GET["accept"] ?? "";
render_page($user, $TAB, "add_db");
// Flush session messages
unset($_SESSION["error_msg"]);
unset($_SESSION["ok_msg"]);

406
web/add/dns/index.php Normal file
View File

@@ -0,0 +1,406 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
$TAB = "DNS";
// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// List ip addresses
exec(HESTIA_CMD . "v-list-user-ips " . $user . " json", $output, $return_var);
$v_ips = json_decode(implode("", $output), true);
unset($output);
// Check POST request for dns domain
if (!empty($_POST["ok"])) {
// Check token
verify_csrf($_POST);
// Check empty fields
if (empty($_POST["v_domain"])) {
$errors[] = _("Domain");
}
if (empty($_POST["v_ip"])) {
$errors[] = _("IP Address");
}
if (!empty($errors[0])) {
foreach ($errors as $i => $error) {
if ($i == 0) {
$error_msg = $error;
} else {
$error_msg = $error_msg . ", " . $error;
}
}
$_SESSION["error_msg"] = sprintf(_('Field "%s" can not be blank.'), $error_msg);
}
// Protect input
$v_domain = preg_replace("/^www./i", "", $_POST["v_domain"]);
$v_domain = quoteshellarg($v_domain);
$v_domain = strtolower($v_domain);
$v_ip = $_POST["v_ip"];
// Change NameServers
if (empty($_POST["v_ns1"])) {
$_POST["v_ns1"] = "";
}
if (empty($_POST["v_ns2"])) {
$_POST["v_ns2"] = "";
}
if (empty($_POST["v_ns3"])) {
$_POST["v_ns3"] = "";
}
if (empty($_POST["v_ns4"])) {
$_POST["v_ns4"] = "";
}
if (empty($_POST["v_ns5"])) {
$_POST["v_ns5"] = "";
}
if (empty($_POST["v_ns6"])) {
$_POST["v_ns6"] = "";
}
if (empty($_POST["v_ns7"])) {
$_POST["v_ns7"] = "";
}
if (empty($_POST["v_ns8"])) {
$_POST["v_ns8"] = "";
}
if (empty($_POST["v_dnssec"])) {
$_POST["v_dnssec"] = "no";
}
$v_ns1 = quoteshellarg($_POST["v_ns1"]);
$v_ns2 = quoteshellarg($_POST["v_ns2"]);
$v_ns3 = quoteshellarg($_POST["v_ns3"]);
$v_ns4 = quoteshellarg($_POST["v_ns4"]);
$v_ns5 = quoteshellarg($_POST["v_ns5"]);
$v_ns6 = quoteshellarg($_POST["v_ns6"]);
$v_ns7 = quoteshellarg($_POST["v_ns7"]);
$v_ns8 = quoteshellarg($_POST["v_ns8"]);
$v_dnssec = quoteshellarg($_POST["v_dnssec"]);
// Add dns domain
if (empty($_SESSION["error_msg"])) {
exec(
HESTIA_CMD .
"v-add-dns-domain " .
$user .
" " .
$v_domain .
" " .
quoteshellarg($v_ip) .
" " .
$v_ns1 .
" " .
$v_ns2 .
" " .
$v_ns3 .
" " .
$v_ns4 .
" " .
$v_ns5 .
" " .
$v_ns6 .
" " .
$v_ns7 .
" " .
$v_ns8 .
" no " .
$v_dnssec,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
}
exec(HESTIA_CMD . "v-list-user " . $user . " json", $output, $return_var);
$user_config = json_decode(implode("", $output), true);
unset($output);
$v_template = $user_config[$user_plain]["DNS_TEMPLATE"];
if (
$v_template != $_POST["v_template"] &&
!empty($_POST["v_template"]) &&
empty($_SESSION["error_msg"])
) {
$v_template = quoteshellarg($_POST["v_template"]);
exec(
HESTIA_CMD .
"v-change-dns-domain-tpl " .
$user .
" " .
$v_domain .
" " .
$v_template .
" 'no'",
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
}
// Set expiration date
if (empty($_SESSION["error_msg"])) {
if (!empty($_POST["v_exp"]) && $_POST["v_exp"] != date("Y-m-d", strtotime("+1 year"))) {
$v_exp = quoteshellarg($_POST["v_exp"]);
exec(
HESTIA_CMD .
"v-change-dns-domain-exp " .
$user .
" " .
$v_domain .
" " .
$v_exp .
" no",
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
}
}
// Set ttl
if (empty($_SESSION["error_msg"])) {
if (
!empty($_POST["v_ttl"]) &&
$_POST["v_ttl"] != "14400" &&
empty($_SESSION["error_msg"])
) {
$v_ttl = quoteshellarg($_POST["v_ttl"]);
exec(
HESTIA_CMD .
"v-change-dns-domain-ttl " .
$user .
" " .
$v_domain .
" " .
$v_ttl .
" no",
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
}
}
// Restart dns server
if (empty($_SESSION["error_msg"])) {
exec(HESTIA_CMD . "v-restart-dns", $output, $return_var);
check_return_code($return_var, $output);
unset($output);
}
// Flush field values on success
if (empty($_SESSION["error_msg"])) {
$_SESSION["ok_msg"] = htmlify_trans(
sprintf(
_("DNS zone {%s} has been created successfully."),
htmlentities($_POST["v_domain"]),
),
"</a>",
'<a href="/edit/dns/?domain=' . htmlentities($_POST["v_domain"]) . '">',
);
unset($v_domain);
}
}
// Check POST request for dns record
if (!empty($_POST["ok_rec"])) {
// Check token
if (!isset($_POST["token"]) || $_SESSION["token"] != $_POST["token"]) {
header("location: /login/");
exit();
}
// Check empty fields
if (empty($_POST["v_domain"])) {
$errors[] = _("Domain");
}
if (empty($_POST["v_rec"])) {
$errors[] = _("Record");
}
if (empty($_POST["v_type"])) {
$errors[] = _("Type");
}
if (empty($_POST["v_val"])) {
$errors[] = _("IP or Value");
}
if (!empty($errors[0])) {
foreach ($errors as $i => $error) {
if ($i == 0) {
$error_msg = $error;
} else {
$error_msg = $error_msg . ", " . $error;
}
}
$_SESSION["error_msg"] = sprintf(_('Field "%s" can not be blank.'), $error_msg);
}
// Protect input
$v_domain = quoteshellarg($_POST["v_domain"]);
$v_rec = quoteshellarg($_POST["v_rec"]);
$v_type = quoteshellarg($_POST["v_type"]);
$v_val = quoteshellarg($_POST["v_val"]);
$v_priority = quoteshellarg($_POST["v_priority"]);
$v_ttl = quoteshellarg($_POST["v_ttl"]);
// Add dns record
if (empty($_SESSION["error_msg"])) {
exec(
HESTIA_CMD .
"v-add-dns-record " .
$user .
" " .
$v_domain .
" " .
$v_rec .
" " .
$v_type .
" " .
$v_val .
" " .
$v_priority .
" '' yes " .
$v_ttl,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
}
$v_type = $_POST["v_type"];
// Flush field values on success
if (empty($_SESSION["error_msg"])) {
$_SESSION["ok_msg"] = htmlify_trans(
sprintf(
_("Record {%s.%s} has been created successfully."),
htmlentities($_POST["v_rec"]),
htmlentities($_POST["v_domain"]),
),
"</code>",
"<code>",
);
unset($v_domain);
unset($v_rec);
unset($v_val);
unset($v_priority);
unset($v_dnssec);
}
}
if (empty($v_ns1)) {
$v_ns1 = "";
}
if (empty($v_ns2)) {
$v_ns2 = "";
}
if (empty($v_ns3)) {
$v_ns3 = "";
}
if (empty($v_ns4)) {
$v_ns4 = "";
}
if (empty($v_ns5)) {
$v_ns5 = "";
}
if (empty($v_ns6)) {
$v_ns6 = "";
}
if (empty($v_ns7)) {
$v_ns7 = "";
}
if (empty($v_ns8)) {
$v_ns8 = "";
}
$v_ns1 = str_replace("'", "", $v_ns1);
$v_ns2 = str_replace("'", "", $v_ns2);
$v_ns3 = str_replace("'", "", $v_ns3);
$v_ns4 = str_replace("'", "", $v_ns4);
$v_ns5 = str_replace("'", "", $v_ns5);
$v_ns6 = str_replace("'", "", $v_ns6);
$v_ns7 = str_replace("'", "", $v_ns7);
$v_ns8 = str_replace("'", "", $v_ns8);
if (empty($v_ip) && count($v_ips) > 0) {
$ip = array_key_first($v_ips);
$v_ip = empty($v_ips[$ip]["NAT"]) ? $ip : $v_ips[$ip]["NAT"];
}
// List dns templates
exec(HESTIA_CMD . "v-list-dns-templates json", $output, $return_var);
$templates = json_decode(implode("", $output), true);
unset($output);
exec(HESTIA_CMD . "v-list-user " . $user . " json", $output, $return_var);
$user_config = json_decode(implode("", $output), true);
unset($output);
$v_template = $user_config[$user_plain]["DNS_TEMPLATE"];
if (empty($_GET["domain"])) {
// Display body for dns domain
if (empty($v_domain)) {
$v_domain = "";
}
if (empty($v_ttl)) {
$v_ttl = 14400;
}
if (empty($v_exp)) {
$v_exp = date("Y-m-d", strtotime("+1 year"));
}
if (empty($v_dnssec)) {
$v_dnssec = "";
}
if (empty($v_ns1)) {
exec(HESTIA_CMD . "v-list-user-ns " . $user . " json", $output, $return_var);
$nameservers = json_decode(implode("", $output), true);
for ($i = 0; $i < 8; $i++) {
if (empty($nameservers[$i])) {
$nameservers[$i] = "";
}
}
$v_ns1 = str_replace("'", "", $nameservers[0]);
$v_ns2 = str_replace("'", "", $nameservers[1]);
$v_ns3 = str_replace("'", "", $nameservers[2]);
$v_ns4 = str_replace("'", "", $nameservers[3]);
$v_ns5 = str_replace("'", "", $nameservers[4]);
$v_ns6 = str_replace("'", "", $nameservers[5]);
$v_ns7 = str_replace("'", "", $nameservers[6]);
$v_ns8 = str_replace("'", "", $nameservers[7]);
unset($output);
}
$accept = $_GET["accept"] ?? "";
render_page($user, $TAB, "add_dns");
} else {
// Display body for dns record
$v_domain = $_GET["domain"];
if (empty($v_rec)) {
$v_rec = "@";
}
if (empty($v_type)) {
$v_type = "";
}
if (empty($v_val)) {
$v_val = "";
}
if (empty($v_priority)) {
$v_priority = "";
}
if (empty($v_ttl)) {
$v_ttl = "";
}
if (empty($v_dnssec)) {
$v_dnssec = "";
}
$accept = $_GET["accept"] ?? "";
render_page($user, $TAB, "add_dns_rec");
}
// Flush session messages
unset($_SESSION["error_msg"]);
unset($_SESSION["ok_msg"]);

69
web/add/firewall/banlist/index.php Normal file
View File

@@ -0,0 +1,69 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
$TAB = "FIREWALL";
// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check user
if ($_SESSION["userContext"] != "admin") {
header("Location: /list/user");
exit();
}
// Check POST request
if (!empty($_POST["ok"])) {
// Check token
verify_csrf($_POST);
// Check empty fields
if (empty($_POST["v_chain"])) {
$errors[] = _("Banlist");
}
if (empty($_POST["v_ip"])) {
$errors[] = _("IP Address");
}
if (!empty($errors[0])) {
foreach ($errors as $i => $error) {
if ($i == 0) {
$error_msg = $error;
} else {
$error_msg = $error_msg . ", " . $error;
}
}
$_SESSION["error_msg"] = sprintf(_('Field "%s" can not be blank.'), $error_msg);
}
// Protect input
$v_chain = quoteshellarg($_POST["v_chain"]);
$v_ip = quoteshellarg($_POST["v_ip"]);
// Add firewall rule
if (empty($_SESSION["error_msg"])) {
exec(HESTIA_CMD . "v-add-firewall-ban " . $v_ip . " " . $v_chain, $output, $return_var);
check_return_code($return_var, $output);
unset($output);
}
// Flush field values on success
if (empty($_SESSION["error_msg"])) {
$_SESSION["ok_msg"] = _("IP address has been banned successfully.");
unset($v_chain);
unset($v_ip);
}
}
if (empty($v_ip)) {
$v_ip = "";
}
if (empty($v_chain)) {
$v_chain = "";
}
// Render
render_page($user, $TAB, "add_firewall_banlist");
// Flush session messages
unset($_SESSION["error_msg"]);
unset($_SESSION["ok_msg"]);

125
web/add/firewall/index.php Normal file
View File

@@ -0,0 +1,125 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
$TAB = "FIREWALL";
// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check user
if ($_SESSION["userContext"] != "admin") {
header("Location: /list/user");
exit();
}
// Get ipset lists
exec(HESTIA_CMD . "v-list-firewall-ipset 'json'", $output, $return_var);
check_return_code($return_var, $output);
$data = json_decode(implode("", $output), true);
unset($output);
$ipset_lists = [];
foreach ($data as $key => $value) {
if (isset($value["SUSPENDED"]) && $value["SUSPENDED"] === "yes") {
continue;
}
if (isset($value["IP_VERSION"]) && $value["IP_VERSION"] !== "v4") {
continue;
}
array_push($ipset_lists, ["name" => $key]);
}
$ipset_lists_json = json_encode($ipset_lists);
// Check POST request
if (!empty($_POST["ok"])) {
// Check token
// Check token
verify_csrf($_POST);
// Check empty fields
if (empty($_POST["v_action"])) {
$errors[] = _("Action");
}
if (empty($_POST["v_protocol"])) {
$errors[] = _("Protocol");
}
if (empty($_POST["v_port"]) && strlen($_POST["v_port"]) == 0) {
$errors[] = _("Port");
}
if (empty($_POST["v_ip"])) {
$errors[] = _("IP Address");
}
if (!empty($errors[0])) {
foreach ($errors as $i => $error) {
if ($i == 0) {
$error_msg = $error;
} else {
$error_msg = $error_msg . ", " . $error;
}
}
$_SESSION["error_msg"] = sprintf(_('Field "%s" can not be blank.'), $error_msg);
}
// Protect input
$v_action = quoteshellarg($_POST["v_action"]);
$v_protocol = quoteshellarg($_POST["v_protocol"]);
$v_port = str_replace(" ", ",", $_POST["v_port"]);
$v_port = preg_replace("/\,+/", ",", $v_port);
$v_port = trim($v_port, ",");
$v_port = quoteshellarg($v_port);
$v_ip = quoteshellarg($_POST["v_ip"]);
$v_comment = quoteshellarg($_POST["v_comment"]);
// Add firewall rule
if (empty($_SESSION["error_msg"])) {
exec(
HESTIA_CMD .
"v-add-firewall-rule " .
$v_action .
" " .
$v_ip .
" " .
$v_port .
" " .
$v_protocol .
" " .
$v_comment,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
}
// Flush field values on success
if (empty($_SESSION["error_msg"])) {
$_SESSION["ok_msg"] = _("Rule has been created successfully.");
unset($v_port);
unset($v_ip);
unset($v_comment);
}
}
if (empty($v_action)) {
$v_action = "";
}
if (empty($v_protocol)) {
$v_protocol = "";
}
if (empty($v_port)) {
$v_port = "";
}
if (empty($v_ip)) {
$v_ip = "";
}
if (empty($v_comment)) {
$v_comment = "";
}
// Render
render_page($user, $TAB, "add_firewall");
// Flush session messages
unset($_SESSION["error_msg"]);
unset($_SESSION["ok_msg"]);

90
web/add/firewall/ipset/index.php Normal file
View File

@@ -0,0 +1,90 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
$TAB = "FIREWALL";
// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check user
if ($_SESSION["userContext"] != "admin") {
header("Location: /list/user");
exit();
}
// Check POST request
if (!empty($_POST["ok"])) {
// Check token
verify_csrf($_POST);
// Check empty fields
if (empty($_POST["v_ipname"])) {
$errors[] = _("Name");
}
if (empty($_POST["v_datasource"])) {
$errors[] = _("Data Source");
}
if (empty($_POST["v_ipver"])) {
$errors[] = _("IP Version");
}
if (empty($_POST["v_autoupdate"])) {
$errors[] = _("Auto Update");
}
if (!empty($errors[0])) {
foreach ($errors as $i => $error) {
if ($i == 0) {
$error_msg = $error;
} else {
$error_msg = $error_msg . ", " . $error;
}
}
$_SESSION["error_msg"] = sprintf(_('Field "%s" can not be blank.'), $error_msg);
}
$v_ipname = $_POST["v_ipname"];
$v_datasource = $_POST["v_datasource"];
$v_ipver = $_POST["v_ipver"];
$v_autoupdate = $_POST["v_autoupdate"];
// Add firewall ipset list
if (empty($_SESSION["error_msg"])) {
exec(
HESTIA_CMD .
"v-add-firewall-ipset " .
quoteshellarg($v_ipname) .
" " .
quoteshellarg($v_datasource) .
" " .
quoteshellarg($v_ipver) .
" " .
quoteshellarg($v_autoupdate),
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
}
// Flush field values on success
if (empty($_SESSION["error_msg"])) {
$_SESSION["ok_msg"] = _("IP list has been created successfully.");
}
}
if (empty($v_ipname)) {
$v_ipname = "";
}
if (empty($v_datasource)) {
$v_datasource = "";
}
if (empty($v_ipver)) {
$v_ipver = "";
}
// Render
render_page($user, $TAB, "add_firewall_ipset");
// Flush session messages
unset($_SESSION["error_msg"]);
unset($_SESSION["ok_msg"]);

142
web/add/ip/index.php Normal file
View File

@@ -0,0 +1,142 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
$TAB = "IP";
// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check user
if ($_SESSION["userContext"] != "admin") {
header("Location: /list/user");
exit();
}
// Check POST request
if (!empty($_POST["ok"])) {
/// Check token
verify_csrf($_POST);
// Check empty fields
if (empty($_POST["v_ip"])) {
$errors[] = _("IP Address");
}
if (empty($_POST["v_netmask"])) {
$errors[] = _("Netmask");
}
if (empty($_POST["v_interface"])) {
$errors[] = _("Interface");
}
if (empty($_POST["v_owner"])) {
$errors[] = _("Assigned User");
}
if (!empty($errors[0])) {
foreach ($errors as $i => $error) {
if ($i == 0) {
$error_msg = $error;
} else {
$error_msg = $error_msg . ", " . $error;
}
}
$_SESSION["error_msg"] = sprintf(_('Field "%s" can not be blank.'), $error_msg);
}
// Protect input
$v_ip = quoteshellarg($_POST["v_ip"]);
$v_netmask = quoteshellarg($_POST["v_netmask"]);
$v_name = quoteshellarg($_POST["v_name"]);
$v_nat = quoteshellarg($_POST["v_nat"]);
$v_interface = quoteshellarg($_POST["v_interface"]);
$v_owner = quoteshellarg($_POST["v_owner"]);
$v_shared = $_POST["v_shared"];
// Check shared checkmark
if ($v_shared == "on") {
$ip_status = "shared";
} else {
$ip_status = "dedicated";
$v_dedicated = "yes";
}
// Add IP
if (empty($_SESSION["error_msg"])) {
exec(
HESTIA_CMD .
"v-add-sys-ip " .
$v_ip .
" " .
$v_netmask .
" " .
$v_interface .
" " .
$v_owner .
" " .
quoteshellarg($ip_status) .
" " .
$v_name .
" " .
$v_nat,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
$v_owner = $_POST["v_owner"];
$v_interface = $_POST["v_interface"];
}
// Flush field values on success
if (empty($_SESSION["error_msg"])) {
$_SESSION["ok_msg"] = htmlify_trans(
sprintf(
_("IP address {%s} has been created successfully."),
htmlentities($_POST["v_ip"]),
),
"</a>",
'<a href="/edit/ip/?ip=' . htmlentities($_POST["v_ip"]) . '">',
);
unset($v_ip);
unset($v_netmask);
unset($v_name);
unset($v_nat);
}
}
// List network interfaces
exec(HESTIA_CMD . "v-list-sys-interfaces 'json'", $output, $return_var);
$interfaces = json_decode(implode("", $output), true);
unset($output);
// List users
exec(HESTIA_CMD . "v-list-sys-users 'json'", $output, $return_var);
$users = json_decode(implode("", $output), true);
unset($output);
if (empty($v_ip)) {
$v_ip = "";
}
if (empty($v_netmask)) {
$v_netmask = "";
}
if (empty($v_name)) {
$v_name = "";
}
if (empty($v_nat)) {
$v_nat = "";
}
if (empty($v_interface)) {
$v_interface = "";
}
if (empty($ip_status)) {
$ip_status = "";
}
if (empty($v_owner)) {
$v_owner = "";
}
// Render
render_page($user, $TAB, "add_ip");
// Flush session messages
unset($_SESSION["error_msg"]);
unset($_SESSION["ok_msg"]);

83
web/add/key/index.php Normal file
View File

@@ -0,0 +1,83 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
$TAB = "USER";
// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check POST request
if (!empty($_POST["ok"])) {
// Check token
verify_csrf($_POST);
// Check empty fields
if (empty($_POST["v_key"])) {
$errors[] = _("SSH Key");
}
if (!empty($errors[0])) {
foreach ($errors as $i => $error) {
if ($i == 0) {
$error_msg = $error;
} else {
$error_msg = $error_msg . ", " . $error;
}
}
$_SESSION["error_msg"] = sprintf(_('Field "%s" can not be blank.'), $error_msg);
}
if ($_SESSION["userContext"] === "admin" && !empty($_GET["user"])) {
$user = quoteshellarg($_GET["user"]);
}
if (empty($_SESSION["error_msg"])) {
if ($_POST) {
//key if key already exists
exec(HESTIA_CMD . "v-list-user-ssh-key " . $user . " json", $output, $return_var);
$data = json_decode(implode("", $output), true);
unset($output);
$keylist = [];
$idlist = [];
foreach ($data as $key => $value) {
$idlist[] = trim($data[$key]["ID"]);
$keylist[] = trim($data[$key]["KEY"]);
}
$v_key_parts = explode(" ", $_POST["v_key"]);
$key_id = trim($v_key_parts[2]);
if ($v_key_parts[2] == "") {
$v_key_parts[2] = md5(time());
$_POST["v_key"] .= " " . $v_key_parts[2];
}
//for deleting / revoking key the last part user@domain is used therefore needs to be unique
//maybe consider adding random generated message or even an human read able string set by user?
if (in_array($v_key_parts[2], $idlist)) {
$_SESSION["error_msg"] = _("SSH Key already exists.");
}
if (in_array($v_key_parts[1], $keylist)) {
$_SESSION["error_msg"] = _("SSH Key already exists.");
}
$v_key = quoteshellarg(trim($_POST["v_key"]));
}
}
if (empty($_SESSION["error_msg"])) {
exec(HESTIA_CMD . "v-add-user-ssh-key " . $user . " " . $v_key, $output, $return_var);
check_return_code($return_var, $output);
}
unset($output);
// Flush field values on success
if (empty($_SESSION["error_msg"])) {
$_SESSION["ok_msg"] = _("SSH Key has been created successfully.");
}
}
if (empty($v_key)) {
$v_key = "";
}
render_page($user, $TAB, "add_key");
// Flush session messages
unset($_SESSION["error_msg"]);
unset($_SESSION["ok_msg"]);

593
web/add/mail/index.php Normal file
View File

@@ -0,0 +1,593 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
$TAB = "MAIL";
// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
exec(HESTIA_CMD . "v-list-sys-webmail json", $output, $return_var);
$webmail_clients = json_decode(implode("", $output), true);
unset($output);
if (!empty($_GET["domain"])) {
$v_domain = $_GET["domain"];
}
if (!empty($v_domain)) {
// Set webmail alias
exec(
HESTIA_CMD . "v-list-mail-domain " . $user . " " . quoteshellarg($v_domain) . " json",
$output,
$return_var,
);
if ($return_var > 0) {
check_return_code_redirect($return_var, $output, "/list/mail/");
}
$data = json_decode(implode("", $output), true);
unset($output);
$v_webmail_alias = $data[$v_domain]["WEBMAIL_ALIAS"];
}
// Check POST request for mail domain
if (!empty($_POST["ok"])) {
// Check token
verify_csrf($_POST);
// Check empty fields
if (empty($_POST["v_domain"])) {
$errors[] = _("Domain");
}
if (!empty($errors[0])) {
foreach ($errors as $i => $error) {
if ($i == 0) {
$error_msg = $error;
} else {
$error_msg = $error_msg . ", " . $error;
}
}
$_SESSION["error_msg"] = sprintf(_('Field "%s" can not be blank.'), $error_msg);
}
// Check antispam option
if (!empty($_POST["v_antispam"])) {
$v_antispam = "yes";
} else {
$v_antispam = "no";
}
// Check antivirus option
if (!empty($_POST["v_antivirus"])) {
$v_antivirus = "yes";
} else {
$v_antivirus = "no";
}
// Check dkim option
if (!empty($_POST["v_dkim"])) {
$v_dkim = "yes";
} else {
$v_dkim = "no";
}
// Set domain name to lowercase and remove www prefix
$v_domain = preg_replace("/^www./i", "", $_POST["v_domain"]);
$v_domain = quoteshellarg($v_domain);
$v_domain = strtolower($v_domain);
// Add mail domain
if (empty($_SESSION["error_msg"])) {
exec(
HESTIA_CMD .
"v-add-mail-domain " .
$user .
" " .
$v_domain .
" " .
$v_antispam .
" " .
$v_antivirus .
" " .
$v_dkim,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
}
if (!empty($_POST["v_reject"]) && $v_antispam == "yes") {
exec(
HESTIA_CMD . "v-add-mail-domain-reject " . $user . " " . $v_domain . " yes",
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
}
if (!empty($_SESSION["IMAP_SYSTEM"]) && !empty($_SESSION["WEBMAIL_SYSTEM"])) {
if (empty($_SESSION["error_msg"])) {
if (!empty($_POST["v_webmail"])) {
$v_webmail = quoteshellarg($_POST["v_webmail"]);
exec(
HESTIA_CMD .
"v-add-mail-domain-webmail " .
$user .
" " .
$v_domain .
" " .
$v_webmail .
" yes",
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
}
}
}
if (!empty($_SESSION["IMAP_SYSTEM"]) && !empty($_SESSION["WEBMAIL_SYSTEM"])) {
if (empty($_POST["v_webmail"])) {
if (empty($_SESSION["error_msg"])) {
exec(
HESTIA_CMD . "v-delete-mail-domain-webmail " . $user . " " . $v_domain . " yes",
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
}
}
}
// Add SMTP Relay Support
if (empty($_SESSION["error_msg"])) {
if (isset($_POST["v_smtp_relay"]) && !empty($_POST["v_smtp_relay_host"])) {
if (
$_POST["v_smtp_relay_host"] != $v_smtp_relay_host ||
$_POST["v_smtp_relay_user"] != $v_smtp_relay_user ||
$_POST["v_smtp_relay_port"] != $v_smtp_relay_port
) {
$v_smtp_relay = true;
$v_smtp_relay_host = quoteshellarg($_POST["v_smtp_relay_host"]);
$v_smtp_relay_user = quoteshellarg($_POST["v_smtp_relay_user"]);
$v_smtp_relay_pass = quoteshellarg($_POST["v_smtp_relay_pass"]);
if (!empty($_POST["v_smtp_relay_port"])) {
$v_smtp_relay_port = quoteshellarg($_POST["v_smtp_relay_port"]);
} else {
$v_smtp_relay_port = "587";
}
exec(
HESTIA_CMD .
"v-add-mail-domain-smtp-relay " .
$user .
" " .
$v_domain .
" " .
$v_smtp_relay_host .
" " .
$v_smtp_relay_user .
" " .
$v_smtp_relay_pass .
" " .
$v_smtp_relay_port,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
}
}
}
// Flush field values on success
if (empty($_SESSION["error_msg"])) {
$_SESSION["ok_msg"] = htmlify_trans(
sprintf(
_("Mail domain {%s} has been created successfully."),
htmlentities($_POST["v_domain"]),
),
"</a>",
'<a href="/list/mail/?domain=' . htmlentities($_POST["v_domain"]) . '">',
);
unset($v_domain, $v_webmail);
}
}
// Check POST request for mail account
if (!empty($_POST["ok_acc"])) {
// Check token
if (!isset($_POST["token"]) || $_SESSION["token"] != $_POST["token"]) {
header("location: /login/");
exit();
}
// Check antispam option
if (!empty($_POST["v_blackhole"])) {
$v_blackhole = "yes";
} else {
$v_blackhole = "no";
}
// Check empty fields
if (empty($_POST["v_domain"])) {
$errors[] = _("Domain");
}
if (empty($_POST["v_account"])) {
$errors[] = _("Account");
}
if (empty($_POST["v_fwd_only"]) && empty($_POST["v_password"])) {
if (empty($_POST["v_password"])) {
$errors[] = _("Password");
}
}
if (!empty($errors[0])) {
foreach ($errors as $i => $error) {
if ($i == 0) {
$error_msg = $error;
} else {
$error_msg = $error_msg . ", " . $error;
}
}
$_SESSION["error_msg"] = sprintf(_('Field "%s" can not be blank.'), $error_msg);
}
// Validate email
if (!empty($_POST["v_send_email"]) && empty($_SESSION["error_msg"])) {
if (!filter_var($_POST["v_send_email"], FILTER_VALIDATE_EMAIL)) {
$_SESSION["error_msg"] = _("Please enter a valid email address.");
}
}
// Check password length
if (empty($_SESSION["error_msg"]) && empty($_POST["v_fwd_only"])) {
if (!validate_password($_POST["v_password"])) {
$_SESSION["error_msg"] = _("Password does not match the minimum requirements.");
}
}
// Protect input
$v_domain = quoteshellarg($_POST["v_domain"]);
$v_domain = strtolower($v_domain);
$v_account = quoteshellarg($_POST["v_account"]);
$v_quota = quoteshellarg($_POST["v_quota"]);
$v_send_email = $_POST["v_send_email"];
$v_aliases = $_POST["v_aliases"];
$v_fwd = $_POST["v_fwd"];
if (empty($_POST["v_quota"])) {
$v_quota = 0;
}
if (!empty($_POST["v_quota"]) || !empty($_POST["v_aliases"]) || !empty($_POST["v_fwd"])) {
$v_adv = "yes";
}
// Add Mail Account
if (empty($_SESSION["error_msg"])) {
$v_password = tempnam("/tmp", "vst");
$fp = fopen($v_password, "w");
fwrite($fp, $_POST["v_password"] . "\n");
fclose($fp);
exec(
HESTIA_CMD .
"v-add-mail-account " .
$user .
" " .
$v_domain .
" " .
$v_account .
" " .
$v_password .
" " .
$v_quota,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
unlink($v_password);
$v_password = quoteshellarg($_POST["v_password"]);
}
// Add Aliases
if (!empty($_POST["v_aliases"]) && empty($_SESSION["error_msg"])) {
$valiases = preg_replace("/\n/", " ", $_POST["v_aliases"]);
$valiases = preg_replace("/,/", " ", $valiases);
$valiases = preg_replace("/\s+/", " ", $valiases);
$valiases = trim($valiases);
$aliases = explode(" ", $valiases);
foreach ($aliases as $alias) {
$alias = quoteshellarg($alias);
if (empty($_SESSION["error_msg"])) {
exec(
HESTIA_CMD .
"v-add-mail-account-alias " .
$user .
" " .
$v_domain .
" " .
$v_account .
" " .
$alias,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
}
}
}
if (!empty($_POST["v_blackhole"]) && empty($_SESSION["error_msg"])) {
exec(
HESTIA_CMD .
"v-add-mail-account-forward " .
$user .
" " .
$v_domain .
" " .
$v_account .
" :blackhole:",
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
//disable any input in v_fwd
$_POST["v_fwd"] = "";
}
// Add Forwarders
if (!empty($_POST["v_fwd"]) && empty($_SESSION["error_msg"])) {
$vfwd = preg_replace("/\n/", " ", $_POST["v_fwd"]);
$vfwd = preg_replace("/,/", " ", $vfwd);
$vfwd = preg_replace("/\s+/", " ", $vfwd);
$vfwd = trim($vfwd);
$fwd = explode(" ", $vfwd);
foreach ($fwd as $forward) {
$forward = quoteshellarg($forward);
if (empty($_SESSION["error_msg"])) {
exec(
HESTIA_CMD .
"v-add-mail-account-forward " .
$user .
" " .
$v_domain .
" " .
$v_account .
" " .
$forward,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
}
}
}
// Add fwd_only flag
if (!empty($_POST["v_fwd_only"]) && empty($_SESSION["error_msg"])) {
exec(
HESTIA_CMD .
"v-add-mail-account-fwd-only " .
$user .
" " .
$v_domain .
" " .
$v_account,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
}
// Add fwd_only flag
if (
!empty($_POST["v_rate"]) &&
empty($_SESSION["error_msg"]) &&
$_SESSION["userContext"] == "admin"
) {
$v_rate = quoteshellarg($_POST["v_rate"]);
exec(
HESTIA_CMD .
"v-change-mail-account-rate-limit " .
$user .
" " .
$v_domain .
" " .
$v_account .
" " .
$v_rate,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
}
// Get webmail url
if (empty($_SESSION["error_msg"])) {
[$hostname, $port] = explode(":", $_SERVER["HTTP_HOST"] . ":");
$webmail = "http://" . $hostname . "/" . $v_webmail_alias . "/";
if (!empty($_SESSION["WEBMAIL_ALIAS"])) {
$webmail = $_SESSION["WEBMAIL_ALIAS"];
}
}
// Email login credentials
if (!empty($_POST["v_send_email"]) && empty($_SESSION["error_msg"])) {
$to = $_POST["v_send_email"];
$template = get_email_template("email_credentials", $_SESSION["language"]);
if (!empty($template)) {
preg_match("/<subject>(.*?)<\/subject>/si", $template, $matches);
$subject = $matches[1];
$subject = str_replace(
["{{hostname}}", "{{appname}}", "{{account}}", "{{domain}}"],
[
get_hostname(),
$_SESSION["APP_NAME"],
htmlentities(strtolower($_POST["v_account"])),
htmlentities($_POST["v_domain"]),
],
$subject,
);
$template = str_replace($matches[0], "", $template);
} else {
$template = _(
"Mail account has been created.\n" .
"\n" .
"Common Account Settings:\n" .
"Username: {{account}}@{{domain}}\n" .
"Password: {{password}}\n" .
"Webmail: {{webmail}}\n" .
"Hostname: {{hostname}}\n" .
"\n" .
"IMAP Settings\n" .
"Authentication: Normal Password\n" .
"SSL/TLS: Port 993\n" .
"STARTTLS: Port 143\n" .
"No encryption: Port 143\n" .
"\n" .
"POP3 Settings\n" .
"Authentication: Normal Password\n" .
"SSL/TLS: Port 995\n" .
"STARTTLS: Port 110\n" .
"No encryption: Port 110\n" .
"\n" .
"SMTP Settings\n" .
"Authentication: Normal Password\n" .
"SSL/TLS: Port 465\n" .
"STARTTLS: Port 587\n" .
"No encryption: Port 25\n" .
"\n" .
"Best regards,\n" .
"\n" .
"--\n" .
"{{appname}}",
);
}
if (empty($subject)) {
$subject = str_replace(
["{{subject}}", "{{hostname}}", "{{appname}}"],
[
sprintf(
_("Email Credentials: %s@%s"),
htmlentities(strtolower($_POST["v_account"])),
htmlentities($_POST["v_domain"]),
),
get_hostname(),
$_SESSION["APP_NAME"],
],
$_SESSION["SUBJECT_EMAIL"],
);
}
$hostname = get_hostname();
$from = !empty($_SESSION["FROM_EMAIL"]) ? $_SESSION["FROM_EMAIL"] : "noreply@" . $hostname;
$from_name = !empty($_SESSION["FROM_NAME"])
? $_SESSION["FROM_NAME"]
: $_SESSION["APP_NAME"];
$mailtext = translate_email($template, [
"domain" => htmlentities($_POST["v_domain"]),
"account" => htmlentities(strtolower($_POST["v_account"])),
"password" => htmlentities($_POST["v_password"]),
"webmail" => $webmail . "." . htmlentities($_POST["v_domain"]),
"hostname" => "mail." . htmlentities($_POST["v_domain"]),
"appname" => $_SESSION["APP_NAME"],
]);
send_email($to, $subject, $mailtext, $from, $from_name);
}
// Flush field values on success
if (empty($_SESSION["error_msg"])) {
$_SESSION["ok_msg"] = htmlify_trans(
sprintf(
_("Mail account {%s@%s} has been created successfully."),
htmlentities(strtolower($_POST["v_account"])),
htmlentities($_POST["v_domain"]),
),
"</a>",
'<a href="/edit/mail/?account=' .
htmlentities(strtolower($_POST["v_account"])) .
"&domain=" .
htmlentities($_POST["v_domain"]) .
'">',
);
unset($v_account);
unset($v_password);
unset($v_aliases);
unset($v_fwd);
unset($v_quota);
}
}
// Render page
if (empty($_GET["domain"])) {
// Display body for mail domain
if (!empty($_POST["v_webmail"])) {
$v_webmail = $_POST["v_webmail"];
} else {
//default is always roundcube unless it hasn't been installed. Then picks the first one in order
$v_webmail = "roundcube";
}
if (empty($_GET["accept"])) {
$_GET["accept"] = false;
}
if (empty($v_domain)) {
$v_domain = "";
}
if (empty($v_smtp_relay)) {
$v_smtp_relay = "";
}
if (empty($v_smtp_relay_user)) {
$v_smtp_relay_user = "";
}
if (empty($v_smtp_relay_password)) {
$v_smtp_relay_password = "";
}
if (empty($v_smtp_relay_host)) {
$v_smtp_relay_host = "";
}
if (empty($v_smtp_relay_port)) {
$v_smtp_relay_port = "";
}
$accept = $_GET["accept"] ?? "";
render_page($user, $TAB, "add_mail");
} else {
// Display body for mail account
if (empty($v_account)) {
$v_account = "";
}
if (empty($v_quota)) {
$v_quota = "";
}
if (empty($v_rate)) {
$v_rate = "";
}
if (empty($v_blackhole)) {
$v_blackhole = "";
}
if (empty($v_fwd_only)) {
$v_fwd_only = "";
}
if (empty($v_aliases)) {
$v_aliases = "";
}
if (empty($v_send_email)) {
$v_send_email = "";
}
if (empty($v_fwd)) {
$v_fwd = "";
}
$v_domain = $_GET["domain"];
render_page($user, $TAB, "add_mail_acc");
}
// Flush session messages
unset($_SESSION["error_msg"]);
unset($_SESSION["ok_msg"]);

326
web/add/package/index.php Normal file
View File

@@ -0,0 +1,326 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
$TAB = "PACKAGE";
// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check user
if ($_SESSION["userContext"] != "admin") {
header("Location: /list/user");
exit();
}
// Check POST request
if (!empty($_POST["ok"])) {
// Check token
verify_csrf($_POST);
// Check empty fields
if (empty($_POST["v_package"])) {
$errors[] = _("Package");
}
if (empty($_POST["v_web_template"])) {
$errors[] = _("Web Template");
}
if (!empty($_SESSION["WEB_BACKEND"])) {
if (empty($_POST["v_backend_template"])) {
$errors[] = _("Backend Template");
}
} else {
# When modphp is enabled
$_POST["v_backend_template"] = "";
}
if (!empty($_SESSION["PROXY_SYSTEM"])) {
if (empty($_POST["v_proxy_template"])) {
$errors[] = _("Proxy Template");
}
} else {
# when nginx only is enabled
$_POST["v_proxy_template"] = "default";
}
if (empty($_POST["v_dns_template"])) {
$errors[] = _("DNS Template");
}
if (empty($_POST["v_shell"])) {
$errrors[] = _("Shell");
}
if (!isset($_POST["v_web_domains"])) {
$errors[] = _("Web Domains");
}
if (!isset($_POST["v_web_aliases"])) {
$errors[] = _("Web Aliases");
}
if (!isset($_POST["v_dns_domains"])) {
$errors[] = _("DNS Zones");
}
if (!isset($_POST["v_dns_records"])) {
$errors[] = _("DNS Records");
}
if (!isset($_POST["v_mail_domains"])) {
$errors[] = _("Mail Domains");
}
if (!isset($_POST["v_mail_accounts"])) {
$errors[] = _("Mail Accounts");
}
if (!isset($_POST["v_databases"])) {
$errors[] = _("Databases");
}
if (!isset($_POST["v_cron_jobs"])) {
$errors[] = _("Cron Jobs");
}
if (!isset($_POST["v_backups"])) {
$errors[] = _("Backups");
}
if (!isset($_POST["v_disk_quota"])) {
$errors[] = _("Quota");
}
if (!isset($_POST["v_bandwidth"])) {
$errors[] = _("Bandwidth");
}
if (!isset($_POST["v_ratelimit"])) {
$errors[] = _("Rate Limit");
}
// Check if name server entries are blank if DNS server is installed
if (isset($_SESSION["DNS_SYSTEM"]) && !empty($_SESSION["DNS_SYSTEM"])) {
if (empty($_POST["v_ns1"])) {
$errors[] = _("Nameserver 1");
}
if (empty($_POST["v_ns2"])) {
$errors[] = _("Nameserver 2");
}
}
if (!empty($errors[0])) {
foreach ($errors as $i => $error) {
if ($i == 0) {
$error_msg = $error;
} else {
$error_msg = $error_msg . ", " . $error;
}
}
$_SESSION["error_msg"] = sprintf(_('Field "%s" can not be blank.'), $error_msg);
}
// Protect input
$v_package = quoteshellarg($_POST["v_package"]);
$v_web_template = quoteshellarg($_POST["v_web_template"]);
$v_backend_template = quoteshellarg($_POST["v_backend_template"]);
$v_proxy_template = quoteshellarg($_POST["v_proxy_template"]);
$v_dns_template = quoteshellarg($_POST["v_dns_template"]);
$v_shell = quoteshellarg($_POST["v_shell"]);
$v_web_domains = quoteshellarg($_POST["v_web_domains"]);
$v_web_aliases = quoteshellarg($_POST["v_web_aliases"]);
$v_dns_domains = quoteshellarg($_POST["v_dns_domains"]);
$v_dns_records = quoteshellarg($_POST["v_dns_records"]);
$v_mail_domains = quoteshellarg($_POST["v_mail_domains"]);
$v_mail_accounts = quoteshellarg($_POST["v_mail_accounts"]);
$v_databases = quoteshellarg($_POST["v_databases"]);
$v_cron_jobs = quoteshellarg($_POST["v_cron_jobs"]);
$v_backups = quoteshellarg($_POST["v_backups"]);
$v_disk_quota = quoteshellarg($_POST["v_disk_quota"]);
$v_bandwidth = quoteshellarg($_POST["v_bandwidth"]);
$v_ratelimit = quoteshellarg($_POST["v_ratelimit"]);
$v_ns1 = !empty($_POST["v_ns1"]) ? trim($_POST["v_ns1"], ".") : "";
$v_ns2 = !empty($_POST["v_ns2"]) ? trim($_POST["v_ns2"], ".") : "";
$v_ns3 = !empty($_POST["v_ns3"]) ? trim($_POST["v_ns3"], ".") : "";
$v_ns4 = !empty($_POST["v_ns4"]) ? trim($_POST["v_ns4"], ".") : "";
$v_ns5 = !empty($_POST["v_ns5"]) ? trim($_POST["v_ns5"], ".") : "";
$v_ns6 = !empty($_POST["v_ns6"]) ? trim($_POST["v_ns6"], ".") : "";
$v_ns7 = !empty($_POST["v_ns7"]) ? trim($_POST["v_ns7"], ".") : "";
$v_ns8 = !empty($_POST["v_ns8"]) ? trim($_POST["v_ns8"], ".") : "";
$v_ns = $v_ns1 . "," . $v_ns2;
if (!empty($v_ns3)) {
$v_ns .= "," . $v_ns3;
}
if (!empty($v_ns4)) {
$v_ns .= "," . $v_ns4;
}
if (!empty($v_ns5)) {
$v_ns .= "," . $v_ns5;
}
if (!empty($v_ns6)) {
$v_ns .= "," . $v_ns6;
}
if (!empty($v_ns7)) {
$v_ns .= "," . $v_ns7;
}
if (!empty($v_ns8)) {
$v_ns .= "," . $v_ns8;
}
$v_ns = quoteshellarg($v_ns);
$v_time = quoteshellarg(date("H:i:s"));
$v_date = quoteshellarg(date("Y-m-d"));
// Create package file
if (empty($_SESSION["error_msg"])) {
$pkg = "WEB_TEMPLATE=" . $v_web_template . "\n";
if (!empty($_SESSION["WEB_BACKEND"])) {
$pkg .= "BACKEND_TEMPLATE=" . $v_backend_template . "\n";
}
if (!empty($_SESSION["PROXY_SYSTEM"])) {
$pkg .= "PROXY_TEMPLATE=" . $v_proxy_template . "\n";
}
$pkg .= "DNS_TEMPLATE=" . $v_dns_template . "\n";
$pkg .= "WEB_DOMAINS=" . $v_web_domains . "\n";
$pkg .= "WEB_ALIASES=" . $v_web_aliases . "\n";
$pkg .= "DNS_DOMAINS=" . $v_dns_domains . "\n";
$pkg .= "DNS_RECORDS=" . $v_dns_records . "\n";
$pkg .= "MAIL_DOMAINS=" . $v_mail_domains . "\n";
$pkg .= "MAIL_ACCOUNTS=" . $v_mail_accounts . "\n";
$pkg .= "DATABASES=" . $v_databases . "\n";
$pkg .= "CRON_JOBS=" . $v_cron_jobs . "\n";
$pkg .= "DISK_QUOTA=" . $v_disk_quota . "\n";
$pkg .= "BANDWIDTH=" . $v_bandwidth . "\n";
$pkg .= "RATE_LIMIT=" . $v_ratelimit . "\n";
$pkg .= "NS=" . $v_ns . "\n";
$pkg .= "SHELL=" . $v_shell . "\n";
$pkg .= "BACKUPS=" . $v_backups . "\n";
$pkg .= "TIME=" . $v_time . "\n";
$pkg .= "DATE=" . $v_date . "\n";
$tmpfile = tempnam("/tmp/", "hst_");
$fp = fopen($tmpfile, "w");
fwrite($fp, $pkg);
exec(
HESTIA_CMD . "v-add-user-package " . $tmpfile . " " . $v_package,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
fclose($fp);
unlink($tmpfile);
}
// Flush field values on success
if (empty($_SESSION["error_msg"])) {
$_SESSION["ok_msg"] = htmlify_trans(
sprintf(
_("Package {%s} has been created successfully."),
htmlentities($_POST["v_package"]),
),
"</a>",
'<a href="/edit/package/?package=' . htmlentities($_POST["v_package"]) . '">',
);
unset($v_package);
}
}
// List web temmplates
exec(HESTIA_CMD . "v-list-web-templates json", $output, $return_var);
$web_templates = json_decode(implode("", $output), true);
unset($output);
// List web templates for backend
if (!empty($_SESSION["WEB_BACKEND"])) {
exec(HESTIA_CMD . "v-list-web-templates-backend json", $output, $return_var);
$backend_templates = json_decode(implode("", $output), true);
unset($output);
}
// List web templates for proxy
if (!empty($_SESSION["PROXY_SYSTEM"])) {
exec(HESTIA_CMD . "v-list-web-templates-proxy json", $output, $return_var);
$proxy_templates = json_decode(implode("", $output), true);
unset($output);
}
// List DNS templates
exec(HESTIA_CMD . "v-list-dns-templates json", $output, $return_var);
$dns_templates = json_decode(implode("", $output), true);
unset($output);
// List system shells
exec(HESTIA_CMD . "v-list-sys-shells json", $output, $return_var);
$shells = json_decode(implode("", $output), true);
unset($output);
// Set default values
if (empty($v_package)) {
$v_package = "";
}
if (empty($v_web_template)) {
$v_web_template = "default";
}
if (empty($v_backend_template)) {
$v_backend_template = "default";
}
if (empty($v_proxy_template)) {
$v_proxy_template = "default";
}
if (empty($v_dns_template)) {
$v_dns_template = "default";
}
if (empty($v_shell)) {
$v_shell = "nologin";
}
if (empty($v_web_domains)) {
$v_web_domains = "'1'";
}
if (empty($v_web_aliases)) {
$v_web_aliases = "'5'";
}
if (empty($v_dns_domains)) {
$v_dns_domains = "'1'";
}
if (empty($v_dns_records)) {
$v_dns_records = "'unlimited'";
}
if (empty($v_mail_domains)) {
$v_mail_domains = "'1'";
}
if (empty($v_mail_accounts)) {
$v_mail_accounts = "'5'";
}
if (empty($v_databases)) {
$v_databases = "'1'";
}
if (empty($v_cron_jobs)) {
$v_cron_jobs = "'1'";
}
if (empty($v_backups)) {
$v_backups = "'1'";
}
if (empty($v_disk_quota)) {
$v_disk_quota = "'1000'";
}
if (empty($v_bandwidth)) {
$v_bandwidth = "'1000'";
}
if (empty($v_ratelimit)) {
$v_ratelimit = "'200'";
}
if (empty($v_ns1)) {
$v_ns1 = "ns1.example.tld";
}
if (empty($v_ns2)) {
$v_ns2 = "ns2.example.tld";
}
if (empty($v_ns3)) {
$v_ns3 = "";
}
if (empty($v_ns4)) {
$v_ns4 = "";
}
if (empty($v_ns5)) {
$v_ns5 = "";
}
if (empty($v_ns6)) {
$v_ns6 = "";
}
if (empty($v_ns7)) {
$v_ns7 = "";
}
if (empty($v_ns8)) {
$v_ns8 = "";
}
// Render page
render_page($user, $TAB, "add_package");
// Flush session messages
unset($_SESSION["error_msg"]);
unset($_SESSION["ok_msg"]);

285
web/add/user/index.php Normal file
View File

@@ -0,0 +1,285 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
$TAB = "USER";
// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check user
if ($_SESSION["userContext"] != "admin") {
header("Location: /list/user");
exit();
}
// Check POST request
if (!empty($_POST["ok"])) {
// Check token
verify_csrf($_POST);
// Check empty fields
if (empty($_POST["v_username"])) {
$errors[] = _("Username");
}
if (empty($_POST["v_password"])) {
$errors[] = _("Password");
}
if (empty($_POST["v_package"])) {
$errrors[] = _("Package");
}
if (empty($_POST["v_email"])) {
$errors[] = _("Email");
}
if (empty($_POST["v_name"])) {
$errors[] = _("Contact Name");
}
if (!empty($errors)) {
foreach ($errors as $i => $error) {
if ($i == 0) {
$error_msg = $error;
} else {
$error_msg = $error_msg . ", " . $error;
}
}
$_SESSION["error_msg"] = sprintf(_('Field "%s" can not be blank.'), $error_msg);
}
// Validate email
if (empty($_SESSION["error_msg"]) && !filter_var($_POST["v_email"], FILTER_VALIDATE_EMAIL)) {
$_SESSION["error_msg"] = _("Please enter a valid email address.");
}
// Check password length
if (empty($_SESSION["error_msg"])) {
if (!validate_password($_POST["v_password"])) {
$_SESSION["error_msg"] = _("Password does not match the minimum requirements.");
}
}
// Protect input
$v_username = quoteshellarg($_POST["v_username"]);
$v_email = quoteshellarg($_POST["v_email"]);
$v_package = quoteshellarg($_POST["v_package"]);
$v_language = quoteshellarg($_POST["v_language"]);
$v_name = quoteshellarg($_POST["v_name"]);
$v_notify = $_POST["v_notify"];
// Add user
if (empty($_SESSION["error_msg"])) {
$v_password = tempnam("/tmp", "vst");
$fp = fopen($v_password, "w");
fwrite($fp, $_POST["v_password"] . "\n");
fclose($fp);
exec(
HESTIA_CMD .
"v-add-user " .
$v_username .
" " .
$v_password .
" " .
$v_email .
" " .
$v_package .
" " .
$v_name,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
unlink($v_password);
$v_password = quoteshellarg($_POST["v_password"]);
}
// Set language
if (empty($_SESSION["error_msg"])) {
exec(
HESTIA_CMD . "v-change-user-language " . $v_username . " " . $v_language,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
}
// Set Role
if (empty($_SESSION["error_msg"])) {
$v_role = quoteshellarg($_POST["v_role"]);
exec(
HESTIA_CMD . "v-change-user-role " . $v_username . " " . $v_role,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
}
// Set login restriction
if (empty($_SESSION["error_msg"])) {
if (!empty($_POST["v_login_disabled"])) {
$_POST["v_login_disabled"] = "yes";
exec(
HESTIA_CMD .
"v-change-user-config-value " .
$v_username .
" LOGIN_DISABLED " .
quoteshellarg($_POST["v_login_disabled"]),
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
}
}
// Send email to the new user
if (empty($_SESSION["error_msg"]) && !empty($v_notify)) {
$to = $_POST["v_notify"];
// send email in "users" language
putenv("LANGUAGE=" . $_POST["v_language"]);
$name = empty($_POST["v_name"]) ? $_POST["v_username"] : $_POST["v_name"];
$template = get_email_template("account_ready", $v_language);
if (!empty($template)) {
preg_match("/<subject>(.*?)<\/subject>/si", $template, $matches);
$subject = $matches[1];
$subject = str_replace(
["{{hostname}}", "{{appname}}", "{{user}}", "{{name}}"],
[get_hostname(), $_SESSION["APP_NAME"], $_POST["v_username"], $name],
$subject,
);
$template = str_replace($matches[0], "", $template);
} else {
$template = _(
"Hello {{name}},\n" .
"\n" .
"Your account has been created and ready to use.\n" .
"\n" .
"https://{{hostname}}/login/\n" .
"Username: {{user}}\n" .
"Password: {{password}}\n" .
"\n" .
"Best regards,\n" .
"\n" .
"--\n" .
"{{appname}}",
);
}
if (empty($subject)) {
$subject = str_replace(
["{{subject}}", "{{hostname}}", "{{appname}}"],
[
sprintf(_("Welcome to %s"), $_SESSION["APP_NAME"]),
get_hostname(),
$_SESSION["APP_NAME"],
],
$_SESSION["SUBJECT_EMAIL"],
);
}
$hostname = get_hostname();
$from = !empty($_SESSION["FROM_EMAIL"]) ? $_SESSION["FROM_EMAIL"] : "noreply@" . $hostname;
$from_name = !empty($_SESSION["FROM_NAME"])
? $_SESSION["FROM_NAME"]
: $_SESSION["APP_NAME"];
if ($hostname) {
$host = preg_replace("/(\[?[^]]*\]?):([0-9]{1,5})$/", "$1", $_SERVER["HTTP_HOST"]);
if ($host == $hostname) {
$port_is_defined = preg_match("/\[?[^]]*\]?:[0-9]{1,5}$/", $_SERVER["HTTP_HOST"]);
if ($port_is_defined) {
$port =
":" .
preg_replace("/(\[?[^]]*\]?):([0-9]{1,5})$/", "$2", $_SERVER["HTTP_HOST"]);
} else {
$port = "";
}
} else {
$port = ":" . $_SERVER["SERVER_PORT"];
}
$hostname = $hostname . $port;
} else {
$hostname = $_SERVER["HTTP_HOST"];
}
$mailtext = translate_email($template, [
"name" => htmlentities($name),
"user" => htmlentities($_POST["v_username"]),
"password" => htmlentities($_POST["v_password"]),
"hostname" => htmlentities($hostname),
"appname" => $_SESSION["APP_NAME"],
]);
send_email($to, $subject, $mailtext, $from, $from_name, $name);
putenv("LANGUAGE=" . detect_user_language());
}
// Flush field values on success
if (empty($_SESSION["error_msg"])) {
$_SESSION["ok_msg"] = htmlify_trans(
sprintf(
_("User {%s} has been created successfully. / {Log in as %s}"),
htmlentities($_POST["v_username"]),
htmlentities($_POST["v_username"]),
),
"</a>",
'<a href="/edit/user/?user=' . htmlentities($_POST["v_username"]) . '">',
'<a href="/login/?loginas=' .
htmlentities($_POST["v_username"]) .
"&token=" .
htmlentities($_SESSION["token"]) .
'">',
);
unset($v_username);
unset($v_password);
unset($v_email);
unset($v_name);
unset($v_notify);
}
}
// List hosting packages
exec(HESTIA_CMD . "v-list-user-packages json", $output, $return_var);
check_error($return_var);
$data = json_decode(implode("", $output), true);
unset($output);
// List languages
exec(HESTIA_CMD . "v-list-sys-languages json", $output, $return_var);
$language = json_decode(implode("", $output), true);
foreach ($language as $lang) {
$languages[$lang] = translate_json($lang);
}
asort($languages);
if (empty($v_username)) {
$v_username = "";
}
if (empty($v_name)) {
$v_name = "";
}
if (empty($v_email)) {
$v_email = "";
}
if (empty($v_password)) {
$v_password = "";
}
if (empty($v_login_disabled)) {
$v_login_disabled = "";
}
if (empty($v_role)) {
$v_role = "";
}
if (empty($v_notify)) {
$v_notify = "";
}
// Render page
render_page($user, $TAB, "add_user");
// Flush session messages
unset($_SESSION["error_msg"]);
unset($_SESSION["ok_msg"]);

190
web/add/web/index.php Normal file
View File

@@ -0,0 +1,190 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
$TAB = "WEB";
// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check POST request
if (!empty($_POST["ok"])) {
// Check token
verify_csrf($_POST);
// Check for empty fields
if (empty($_POST["v_domain"])) {
$errors[] = _("Domain");
}
if (empty($_POST["v_ip"])) {
$errors[] = _("IP Address");
}
if (!empty($errors[0])) {
foreach ($errors as $i => $error) {
if ($i == 0) {
$error_msg = $error;
} else {
$error_msg = $error_msg . ", " . $error;
}
}
$_SESSION["error_msg"] = sprintf(_('Field "%s" can not be blank.'), $error_msg);
}
// Set domain to lowercase and remove www prefix
$v_domain = preg_replace("/^www\./i", "", $_POST["v_domain"]);
$v_domain = strtolower($v_domain);
// Define domain ip address
$v_ip = quoteshellarg($_POST["v_ip"]);
// Using public IP instead of internal IP when creating DNS
// Gets public IP from 'v-list-user-ips' command (that reads /hestia/data/ips/ip), precisely from 'NAT' field
$v_public_ip = $v_ip;
$v_clean_ip = $_POST["v_ip"]; // clean_ip = IP without quotas
exec(HESTIA_CMD . "v-list-user-ips " . $user . " json", $output, $return_var);
$ips = json_decode(implode("", $output), true);
unset($output);
if (
isset($ips[$v_clean_ip]) &&
isset($ips[$v_clean_ip]["NAT"]) &&
trim($ips[$v_clean_ip]["NAT"]) != ""
) {
$v_public_ip = trim($ips[$v_clean_ip]["NAT"]);
$v_public_ip = quoteshellarg($v_public_ip);
}
// Define domain aliases
$v_aliases = "";
// Define proxy extensions
$_POST["v_proxy_ext"] = "";
exec(HESTIA_CMD . "v-list-user " . $user . " json", $output, $return_var);
$user_config = json_decode(implode("", $output), true);
unset($output);
$v_template = $user_config[$user_plain]["WEB_TEMPLATE"];
$v_backend_template = $user_config[$user_plain]["BACKEND_TEMPLATE"];
$v_proxy_template = $user_config[$user_plain]["PROXY_TEMPLATE"];
// Add web domain
if (empty($_SESSION["error_msg"])) {
exec(
HESTIA_CMD .
"v-add-web-domain " .
$user .
" " .
quoteshellarg($v_domain) .
" " .
$v_ip .
" 'yes'",
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
$domain_added = empty($_SESSION["error_msg"]);
}
if (empty($_POST["v_dns"])) {
$_POST["v_dns"] = "no";
}
if (empty($_POST["v_mail"])) {
$_POST["v_mail"] = "no";
}
// Add DNS domain
if ($_POST["v_dns"] == "on" && empty($_SESSION["error_msg"])) {
exec(
HESTIA_CMD .
"v-add-dns-domain " .
$user .
" " .
quoteshellarg($v_domain) .
" " .
$v_public_ip .
" '' '' '' '' '' '' '' '' 'no'",
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
}
// Add mail domain
if ($_POST["v_mail"] == "on" && empty($_SESSION["error_msg"])) {
exec(
HESTIA_CMD . "v-add-mail-domain " . $user . " " . quoteshellarg($v_domain),
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
}
// Flush field values on success
if (empty($_SESSION["error_msg"])) {
$_SESSION["ok_msg"] = htmlify_trans(
sprintf(_("Domain {%s} has been created successfully."), htmlentities($v_domain)),
"</a>",
'<a href="/edit/web/?domain=' . htmlentities($v_domain) . '">',
);
unset($v_domain);
unset($v_aliases);
}
}
// Define user variables
$v_aliases = "";
// List user package
exec(HESTIA_CMD . "v-list-user " . $user . " json", $output, $return_var);
$user_config = json_decode(implode("", $output), true);
unset($output);
// List web templates and set default values
exec(HESTIA_CMD . "v-list-web-templates json", $output, $return_var);
$templates = json_decode(implode("", $output), true);
unset($output);
$v_template = !empty($_POST["v_template"])
? $_POST["v_template"]
: $user_config[$user_plain]["WEB_TEMPLATE"];
// List backend templates
if (!empty($_SESSION["WEB_BACKEND"])) {
exec(HESTIA_CMD . "v-list-web-templates-backend json", $output, $return_var);
$backend_templates = json_decode(implode("", $output), true);
unset($output);
$v_backend_template = !empty($_POST["v_backend_template"])
? $_POST["v_backend_template"]
: $user_config[$user_plain]["BACKEND_TEMPLATE"];
}
// List proxy templates
if (!empty($_SESSION["PROXY_SYSTEM"])) {
exec(HESTIA_CMD . "v-list-web-templates-proxy json", $output, $return_var);
$proxy_templates = json_decode(implode("", $output), true);
unset($output);
$v_proxy_template = !empty($_POST["v_proxy_template"])
? $_POST["v_proxy_template"]
: $user_config[$user_plain]["PROXY_TEMPLATE"];
}
// List IP addresses
exec(HESTIA_CMD . "v-list-user-ips " . $user . " json", $output, $return_var);
$ips = json_decode(implode("", $output), true);
unset($output);
// Get all user domains
exec(HESTIA_CMD . "v-list-web-domains " . $user . " json", $output, $return_var);
$user_domains = json_decode(implode("", $output), true);
$user_domains = array_keys($user_domains);
unset($output);
$accept = $_GET["accept"] ?? "";
$v_domain = $_POST["domain"] ?? "";
// Render page
render_page($user, $TAB, "add_web");
// Flush session messages
unset($_SESSION["error_msg"]);
unset($_SESSION["ok_msg"]);

146
web/add/webapp/index.php Normal file
View File

@@ -0,0 +1,146 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
$TAB = "WEB";
// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
require_once $_SERVER["DOCUMENT_ROOT"] . "/src/init.php";
// Check domain argument
if (empty($_GET["domain"])) {
header("Location: /list/web/");
exit();
}
// Edit as someone else?
if ($_SESSION["user"] == "admin" && !empty($_GET["user"])) {
$user = quoteshellarg($_GET["user"]);
}
// Check if domain belongs to the user
$v_domain = $_GET["domain"];
exec(
HESTIA_CMD . "v-list-web-domain " . $user . " " . quoteshellarg($v_domain) . " json",
$output,
$return_var,
);
if ($return_var > 0) {
check_return_code_redirect($return_var, $output, "/list/web/");
}
unset($output);
exec(HESTIA_CMD . "v-list-sys-php json", $output, $return_var);
$php_versions = json_decode(implode("", $output), true);
unset($output);
// Check GET request
if (!empty($_GET["app"])) {
$app = basename($_GET["app"]);
$hestia = new \Hestia\System\HestiaApp();
$app_installer_class = "\Hestia\WebApp\Installers\\" . $app . "\\" . $app . "Setup";
if (class_exists($app_installer_class)) {
try {
$app_installer = new $app_installer_class($v_domain, $hestia);
$info = $app_installer->info();
foreach ($php_versions as $version) {
if (in_array($version, $info["php_support"])) {
$supported = true;
$supported_versions[] = $version;
}
}
if ($supported) {
$info["enabled"] = true;
} else {
$info["enabled"] = false;
$_SESSION["error_msg"] = sprintf(
_("Unable to install %s, %s is not available."),
$app,
"PHP-" . end($info["php_support"]),
);
}
if ($info["enabled"] == true) {
$installer = new \Hestia\WebApp\AppWizard($app_installer, $v_domain, $hestia);
$GLOBALS["WebappInstaller"] = $installer;
}
} catch (Exception $e) {
$_SESSION["error_msg"] = $e->getMessage();
header("Location: /add/webapp/?domain=" . $v_domain);
exit();
}
} else {
$_SESSION["error_msg"] = sprintf(_("%s installer missing."), $app);
}
}
// Check POST request
if (!empty($_POST["ok"]) && !empty($app)) {
// Check token
verify_csrf($_POST);
if ($installer) {
try {
if (!$installer->execute($_POST)) {
$result = $installer->getStatus();
if (!empty($result)) {
$_SESSION["error_msg"] = implode(PHP_EOL, $result);
}
} else {
$_SESSION["ok_msg"] = sprintf(
_("%s installed successfully."),
htmlspecialchars($app),
);
header("Location: /add/webapp/?domain=" . $v_domain);
exit();
}
} catch (Exception $e) {
$_SESSION["error_msg"] = $e->getMessage();
header("Location: /add/webapp/?app=" . rawurlencode($app) . "&domain=" . $v_domain);
exit();
}
}
}
if (!empty($installer)) {
render_page($user, $TAB, "setup_webapp");
} else {
$appInstallers = glob(__DIR__ . "/../../src/app/WebApp/Installers/*/*.php");
$v_web_apps = [];
foreach ($appInstallers as $app) {
$hestia = new \Hestia\System\HestiaApp();
if (
preg_match(
"/Installers\/([a-zA-Z][a-zA-Z0,9].*)\/([a-zA-Z][a-zA-Z0,9].*).php/",
$app,
$matches,
)
) {
if ($matches[1] != "Resources") {
$app_installer_class =
"\Hestia\WebApp\Installers\\" . $matches[1] . "\\" . $matches[1] . "Setup";
$app_installer = new $app_installer_class($v_domain, $hestia);
$appInstallerInfo = $app_installer->info();
$supported = false;
$supported_versions = [];
foreach ($php_versions as $version) {
if (in_array($version, $appInstallerInfo["php_support"])) {
$supported = true;
$supported_versions[] = $version;
}
}
if ($supported) {
$appInstallerInfo["enabled"] = true;
} else {
$appInstallerInfo["enabled"] = false;
}
$v_web_apps[] = $appInstallerInfo;
}
}
}
render_page($user, $TAB, "list_webapps");
}
// Flush session messages
unset($_SESSION["error_msg"]);
unset($_SESSION["ok_msg"]);

383
web/api/index.php Normal file
View File

@@ -0,0 +1,383 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
try {
require_once "../inc/vendor/autoload.php";
} catch (Throwable $ex) {
$errstr =
"Unable to load required libraries. Please run v-add-sys-dependencies in command line. Error: " .
$ex->getMessage();
trigger_error($errstr);
echo $errstr;
exit(1);
}
//die("Error: Disabled");
define("HESTIA_DIR_BIN", "/usr/local/hestia/bin/");
define("HESTIA_CMD", "/usr/bin/sudo /usr/local/hestia/bin/");
include $_SERVER["DOCUMENT_ROOT"] . "/inc/helpers.php";
/**
* Displays the error message, checks the proper code and saves a log if needed.
*
* @param int $exit_code
* @param string $message
* @param bool $add_log
* @param string $user
* @return void
*/
function api_error($exit_code, $message, $hst_return, bool $add_log = false, $user = "system") {
$message = trim(is_array($message) ? implode("\n", $message) : $message);
// Add log
if ($add_log) {
$v_real_user_ip = get_real_user_ip();
hst_add_history_log("[$v_real_user_ip] $message", "API", "Error", $user);
}
// Print the message with http_code and exit_code
$http_code = $exit_code >= 100 ? $exit_code : exit_code_to_http_code($exit_code);
header("Hestia-Exit-Code: $exit_code");
http_response_code($http_code);
if ($hst_return == "code") {
echo $exit_code;
} else {
echo !preg_match("/^Error:/", $message) ? "Error: $message" : $message;
}
exit();
}
/**
* Legacy connection format using hash or user and password.
*
* @param array{user: string?, pass: string?, hash?: string, cmd: string, arg1?: string, arg2?: string, arg3?: string, arg4?: string, arg5?: string, arg6?: string, arg7?: string, arg8?: string, arg9?: string, returncode?: string} $request_data
* @return void
* @return void
*/
function api_legacy(array $request_data) {
$hst_return = ($request_data["returncode"] ?? "no") === "yes" ? "code" : "data";
exec(HESTIA_CMD . "v-list-sys-config json", $output, $return_var);
$settings = json_decode(implode("", $output), true);
unset($output);
if ($settings["config"]["API"] != "yes") {
echo "Error: API has been disabled";
api_error(E_DISABLED, "Error: API Disabled", $hst_return);
}
if ($settings["config"]["API_ALLOWED_IP"] != "allow-all") {
$ip_list = explode(",", $settings["config"]["API_ALLOWED_IP"]);
$ip_list[] = "";
if (!in_array(get_real_user_ip(), $ip_list)) {
api_error(E_FORBIDDEN, "Error: IP is not allowed to connect with API", $hst_return);
}
}
//This exists, so native JSON can be used without the repeating the code twice, so future code changes are easier and don't need to be replicated twice
// Authentication
if (empty($request_data["hash"])) {
if ($request_data["user"] != "admin") {
api_error(E_FORBIDDEN, "Error: authentication failed", $hst_return);
}
$password = $request_data["password"];
if (!isset($password)) {
api_error(E_PASSWORD, "Error: authentication failed", $hst_return);
}
$v_ip = quoteshellarg(get_real_user_ip());
unset($output);
exec(HESTIA_CMD . "v-get-user-salt admin " . $v_ip . " json", $output, $return_var);
$pam = json_decode(implode("", $output), true);
$salt = $pam["admin"]["SALT"];
$method = $pam["admin"]["METHOD"];
if ($method == "md5") {
$hash = crypt($password, '$1$' . $salt . '$');
}
if ($method == "sha-512") {
$hash = crypt($password, '$6$rounds=5000$' . $salt . '$');
$hash = str_replace('$rounds=5000', "", $hash);
}
if ($method == "yescrypt") {
$fp = tmpfile();
$v_password = stream_get_meta_data($fp)["uri"];
fwrite($fp, $password . "\n");
unset($output);
exec(
HESTIA_CMD .
'v-check-user-password "admin" ' .
quoteshellarg($v_password) .
" " .
$v_ip .
" yes",
$output,
$return_var,
);
$hash = $output[0];
fclose($fp);
unset($output, $fp, $v_password);
}
if ($method == "des") {
$hash = crypt($password, $salt);
}
// Send hash via tmp file
$v_hash = exec("mktemp -p /tmp");
$fp = fopen($v_hash, "w");
fwrite($fp, $hash . "\n");
fclose($fp);
// Check user hash
exec(HESTIA_CMD . "v-check-user-hash admin " . $v_hash . " " . $v_ip, $output, $return_var);
unset($output);
// Remove tmp file
unlink($v_hash);
// Check API answer
if ($return_var > 0) {
api_error(E_PASSWORD, "Error: authentication failed", $hst_return);
}
} else {
$key = "/usr/local/hestia/data/keys/" . basename($request_data["hash"]);
$v_ip = quoteshellarg(get_real_user_ip());
exec(
HESTIA_CMD . "v-check-api-key " . quoteshellarg($key) . " " . $v_ip,
$output,
$return_var,
);
unset($output);
// Check API answer
if ($return_var > 0) {
api_error(E_PASSWORD, "Error: authentication failed", $hst_return);
}
}
$hst_cmd = trim($request_data["cmd"] ?? "");
$hst_cmd_args = [];
for ($i = 1; $i <= 9; $i++) {
if (isset($request_data["arg{$i}"])) {
$hst_cmd_args["arg{$i}"] = trim($request_data["arg{$i}"]);
}
}
if (empty($hst_cmd)) {
api_error(E_INVALID, "Command not provided", $hst_return);
} elseif (!preg_match('/^[a-zA-Z0-9_-]+$/', $hst_cmd)) {
api_error(E_INVALID, "$hst_cmd command invalid", $hst_return);
}
// Check command
if ($hst_cmd == "v-make-tmp-file") {
// Used in DNS Cluster
$fp = fopen("/tmp/" . basename(escapeshellcmd($hst_cmd_args["arg2"])), "w");
fwrite($fp, $hst_cmd_args["arg1"] . "\n");
fclose($fp);
$return_var = 0;
} else {
// Prepare command
$cmdquery = HESTIA_CMD . escapeshellcmd($hst_cmd);
// Prepare arguments
foreach ($hst_cmd_args as $cmd_arg) {
$cmdquery .= " " . quoteshellarg($cmd_arg);
}
// Run cmd query
exec($cmdquery, $output, $cmd_exit_code);
}
if (!empty($hst_return) && $hst_return == "code") {
echo $cmd_exit_code;
} else {
if ($return_var == 0 && empty($output)) {
echo "OK";
} else {
echo implode("\n", $output) . "\n";
}
}
exit();
}
/**
* Connection using access key.
*
* @param array{access_key: string, secret_key: string, cmd: string, arg1?: string, arg2?: string, arg3?: string, arg4?: string, arg5?: string, arg6?: string, arg7?: string, arg8?: string, arg9?: string, returncode?: string} $request_data
* @return void
*/
function api_connection(array $request_data) {
$hst_return = ($request_data["returncode"] ?? "no") === "yes" ? "code" : "data";
$v_real_user_ip = get_real_user_ip();
exec(HESTIA_CMD . "v-list-sys-config json", $output, $return_var);
$settings = json_decode(implode("", $output), true);
unset($output, $return_var);
// Get the status of api
$api_status =
!empty($settings["config"]["API_SYSTEM"]) && is_numeric($settings["config"]["API_SYSTEM"])
? $settings["config"]["API_SYSTEM"]
: 0;
if ($api_status == 0) {
// Check if API is disabled for all users
api_error(E_DISABLED, "API has been disabled", $hst_return);
}
// Check if API access is enabled for the user
if ($settings["config"]["API_ALLOWED_IP"] != "allow-all") {
$ip_list = explode(",", $settings["config"]["API_ALLOWED_IP"]);
$ip_list[] = "";
if (!in_array($v_real_user_ip, $ip_list) && !in_array("0.0.0.0", $ip_list)) {
api_error(E_FORBIDDEN, "IP is not allowed to connect with API", $hst_return);
}
}
// Get POST Params
$hst_access_key_id = trim($request_data["access_key"] ?? "");
$hst_secret_access_key = trim($request_data["secret_key"] ?? "");
$hst_cmd = trim($request_data["cmd"] ?? "");
$hst_cmd_args = [];
for ($i = 1; $i <= 9; $i++) {
if (isset($request_data["arg{$i}"])) {
$hst_cmd_args["arg{$i}"] = trim($request_data["arg{$i}"]);
}
}
if (empty($hst_cmd)) {
api_error(E_INVALID, "Command not provided", $hst_return);
} elseif (!preg_match('/^[a-zA-Z0-9_-]+$/', $hst_cmd)) {
api_error(E_INVALID, "$hst_cmd command invalid", $hst_return);
}
if (empty($hst_access_key_id) || empty($hst_secret_access_key)) {
api_error(E_PASSWORD, "Authentication failed", $hst_return);
}
// Authenticates the key and checks permission to run the script
exec(
HESTIA_CMD .
"v-check-access-key " .
quoteshellarg($hst_access_key_id) .
" " .
quoteshellarg($hst_secret_access_key) .
" " .
quoteshellarg($hst_cmd) .
" " .
quoteshellarg($v_real_user_ip) .
" json",
$output,
$return_var,
);
if ($return_var > 0) {
//api_error($return_var, "Key $hst_access_key_id - authentication failed", $hst_return);
api_error($return_var, $output, $hst_return);
}
$key_data = json_decode(implode("", $output), true) ?? [];
unset($output, $return_var);
$key_user = $key_data["USER"];
$user_arg_position =
isset($key_data["USER_ARG_POSITION"]) && is_numeric($key_data["USER_ARG_POSITION"])
? $key_data["USER_ARG_POSITION"]
: -1;
# Check if API access is enabled for nonadmin users
if ($key_user != "admin" && $api_status < 2) {
api_error(E_API_DISABLED, "API has been disabled", $hst_return);
}
// Checks if the value entered in the "user" argument matches the user of the key
if (
$key_user != "admin" &&
$user_arg_position > 0 &&
$hst_cmd_args["arg{$user_arg_position}"] != $key_user
) {
api_error(
E_FORBIDDEN,
"Key $hst_access_key_id - the \"user\" argument doesn\'t match the key\'s user",
$hst_return,
);
}
// Prepare command
$cmdquery = HESTIA_CMD . escapeshellcmd($hst_cmd);
// Prepare arguments
foreach ($hst_cmd_args as $cmd_arg) {
$cmdquery .= " " . quoteshellarg($cmd_arg);
}
# v-make-temp files is manodory other wise some functions will break
if ($hst_cmd == "v-make-tmp-file") {
$fp = fopen("/tmp/" . basename($hst_cmd_args["arg2"]), "w");
fwrite($fp, $hst_cmd_args["arg1"] . "\n");
fclose($fp);
$cmd_exit_code = 0;
} else {
// Run cmd query
exec($cmdquery, $output, $cmd_exit_code);
$cmd_output = trim(implode("\n", $output));
unset($output);
}
header("Hestia-Exit-Code: $cmd_exit_code");
if ($hst_return == "code") {
echo $cmd_exit_code;
} else {
if ($cmd_exit_code > 0) {
http_response_code(exit_code_to_http_code($cmd_exit_code));
} else {
http_response_code(!empty($cmd_output) ? 200 : 204);
if (!empty($cmd_output) && json_decode($cmd_output, true)) {
header("Content-Type: application/json; charset=utf-8");
}
}
echo $cmd_output;
}
exit();
}
// Get request data
if (isset($_POST["access_key"]) || isset($_POST["user"]) || isset($_POST["hash"])) {
$request_data = $_POST;
} elseif (($json_data = json_decode(file_get_contents("php://input"), true)) != null) {
$request_data = $json_data;
} else {
api_error(
405,
"Error: data received is null or invalid, check https://hestiacp.com/docs/server-administration/rest-api.html",
"",
);
}
// Try to get access key in the hash
if (
!isset($request_data["access_key"]) &&
isset($request_data["hash"]) &&
substr_count($request_data["hash"], ":") == 1
) {
$hash_parts = explode(":", $request_data["hash"]);
if (strlen($hash_parts[0]) == 20 && strlen($hash_parts[1]) == 40) {
$request_data["access_key"] = $hash_parts[0];
$request_data["secret_key"] = $hash_parts[1];
unset($request_data["hash"]);
}
}
// Check data format
if (isset($request_data["access_key"]) && isset($request_data["secret_key"])) {
api_connection($request_data);
} elseif (isset($request_data["user"]) || isset($request_data["hash"])) {
api_legacy($request_data);
} else {
api_error(
405,
"Error: data received is null or invalid, check https://hestiacp.com/docs/server-administration/rest-api.html",
"",
);
}

61
web/bulk/access-key/index.php Normal file
View File

@@ -0,0 +1,61 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check token
verify_csrf($_POST);
if ($_SESSION["userContext"] === "admin" && !empty($_GET["user"])) {
$user = quoteshellarg($_GET["user"]);
$user_plain = $_GET["user"];
}
// Checks if API access is enabled
$api_status =
!empty($_SESSION["API_SYSTEM"]) && is_numeric($_SESSION["API_SYSTEM"])
? $_SESSION["API_SYSTEM"]
: 0;
if (($user_plain == "admin" && $api_status < 1) || ($user_plain != "admin" && $api_status < 2)) {
header("Location: /edit/user/");
exit();
}
if (empty($_POST["key"])) {
header("Location: /list/access-key/");
exit();
}
if (empty($_POST["action"])) {
header("Location: /list/access-key/");
exit();
}
$key = $_POST["key"];
$action = $_POST["action"];
switch ($action) {
case "delete":
$cmd = "v-delete-access-key";
break;
default:
header("Location: /list/access-key/");
exit();
}
foreach ($key as $value) {
$v_key = quoteshellarg(trim($value));
// Key data
exec(HESTIA_CMD . "v-list-access-key " . $v_key . " json", $output, $return_var);
$key_data = json_decode(implode("", $output), true);
unset($output);
if (!empty($key_data) && $key_data["USER"] == $user_plain) {
exec(HESTIA_CMD . $cmd . " " . $v_key, $output, $return_var);
unset($output);
}
}
header("Location: /list/access-key/");

36
web/bulk/backup/index.php Normal file
View File

@@ -0,0 +1,36 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
if (empty($_POST["backup"])) {
header("Location: /list/backup/");
exit();
}
if (empty($_POST["action"])) {
header("Location: /list/backup/");
exit();
}
$backup = $_POST["backup"];
$action = $_POST["action"];
// Check token
verify_csrf($_POST);
switch ($action) {
case "delete":
$cmd = "v-delete-user-backup";
break;
default:
header("Location: /list/backup/");
exit();
}
foreach ($backup as $value) {
$value = quoteshellarg($value);
exec(HESTIA_CMD . $cmd . " " . $user . " " . $value, $output, $return_var);
}
header("Location: /list/backup/");

90
web/bulk/cron/index.php Normal file
View File

@@ -0,0 +1,90 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check token
verify_csrf($_POST);
if (empty($_POST["job"])) {
header("Location: /list/cron/");
exit();
}
$job = $_POST["job"];
if (empty($_POST["action"])) {
header("Location: /list/cron/");
exit();
}
$action = $_POST["action"];
if ($_SESSION["userContext"] === "admin") {
switch ($action) {
case "delete":
$cmd = "v-delete-cron-job";
break;
case "suspend":
$cmd = "v-suspend-cron-job";
break;
case "unsuspend":
$cmd = "v-unsuspend-cron-job";
break;
case "delete-cron-reports":
$cmd = "v-delete-cron-reports";
exec(HESTIA_CMD . $cmd . " " . $user, $output, $return_var);
$_SESSION["error_msg"] = _("Cron job email reporting has been successfully disabled.");
unset($output);
header("Location: /list/cron/");
exit();
break;
case "add-cron-reports":
$cmd = "v-add-cron-reports";
exec(HESTIA_CMD . $cmd . " " . $user, $output, $return_var);
$_SESSION["error_msg"] = _("Cron job email reporting has been successfully enabled.");
unset($output);
header("Location: /list/cron/");
exit();
break;
default:
header("Location: /list/cron/");
exit();
}
} else {
switch ($action) {
case "delete":
$cmd = "v-delete-cron-job";
break;
case "delete-cron-reports":
$cmd = "v-delete-cron-reports";
exec(HESTIA_CMD . $cmd . " " . $user, $output, $return_var);
$_SESSION["error_msg"] = _("Cron job email reporting has been successfully disabled.");
unset($output);
header("Location: /list/cron/");
exit();
break;
case "add-cron-reports":
$cmd = "v-add-cron-reports";
exec(HESTIA_CMD . $cmd . " " . $user, $output, $return_var);
$_SESSION["error_msg"] = _("Cron job email reporting has been successfully enabled.");
unset($output);
header("Location: /list/cron/");
exit();
break;
default:
header("Location: /list/cron/");
exit();
}
}
foreach ($job as $value) {
$value = quoteshellarg($value);
exec(HESTIA_CMD . $cmd . " " . $user . " " . $value . " no", $output, $return_var);
$restart = "yes";
}
if (!empty($restart)) {
exec(HESTIA_CMD . "v-restart-cron", $output, $return_var);
}
header("Location: /list/cron/");

63
web/bulk/db/index.php Normal file
View File

@@ -0,0 +1,63 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check token
verify_csrf($_POST);
if (empty($_POST["database"])) {
header("Location: /list/db/");
exit();
}
if (empty($_POST["action"])) {
header("Location: /list/db/");
exit();
}
$database = $_POST["database"];
$action = $_POST["action"];
if ($_SESSION["userContext"] === "admin") {
switch ($action) {
case "rebuild":
$cmd = "v-rebuild-database";
break;
case "delete":
$cmd = "v-delete-database";
break;
case "suspend":
$cmd = "v-suspend-database";
break;
case "unsuspend":
$cmd = "v-unsuspend-database";
break;
default:
header("Location: /list/db/");
exit();
}
} else {
switch ($action) {
case "delete":
$cmd = "v-delete-database";
break;
case "suspend":
$cmd = "v-suspend-database";
break;
case "unsuspend":
$cmd = "v-unsuspend-database";
break;
default:
header("Location: /list/db/");
exit();
}
}
foreach ($database as $value) {
$value = quoteshellarg($value);
exec(HESTIA_CMD . $cmd . " " . $user . " " . $value, $output, $return_var);
}
header("Location: /list/db/");

121
web/bulk/dns/index.php Normal file
View File

@@ -0,0 +1,121 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check token
verify_csrf($_POST);
if (empty($_POST["domain"])) {
header("Location: /list/dns/");
exit();
}
if (empty($_POST["action"])) {
header("Location: /list/dns/");
exit();
}
$domain = $_POST["domain"];
if (empty($_POST["record"])) {
$record = "";
} else {
$record = $_POST["record"];
}
$action = $_POST["action"];
if ($_SESSION["userContext"] === "admin") {
if (empty($_POST["record"])) {
switch ($action) {
case "rebuild":
$cmd = "v-rebuild-dns-domain";
break;
case "delete":
$cmd = "v-delete-dns-domain";
break;
case "suspend":
$cmd = "v-suspend-dns-domain";
break;
case "unsuspend":
$cmd = "v-unsuspend-dns-domain";
break;
default:
header("Location: /list/dns/");
exit();
}
} else {
switch ($action) {
case "delete":
$cmd = "v-delete-dns-record";
break;
case "suspend":
$cmd = "v-suspend-dns-record";
break;
case "unsuspend":
$cmd = "v-unsuspend-dns-record";
break;
default:
header("Location: /list/dns/?domain=" . $domain);
exit();
}
}
} else {
if (empty($_POST["record"])) {
switch ($action) {
case "delete":
$cmd = "v-delete-dns-domain";
break;
default:
header("Location: /list/dns/");
exit();
}
} else {
switch ($action) {
case "delete":
$cmd = "v-delete-dns-record";
break;
default:
header("Location: /list/dns/?domain=" . $domain);
exit();
}
}
}
if (empty($_POST["record"])) {
if (is_array($_POST["domain"])) {
foreach ($domain as $value) {
// DNS
$value = quoteshellarg($value);
exec(HESTIA_CMD . $cmd . " " . $user . " " . $value . " no", $output, $return_var);
$restart = "yes";
}
} else {
header("Location: /list/dns/?domain=" . $domain);
}
} else {
foreach ($record as $value) {
// DNS Record
$value = quoteshellarg($value);
$dom = quoteshellarg($domain);
exec(
HESTIA_CMD . $cmd . " " . $user . " " . $dom . " " . $value . " no",
$output,
$return_var,
);
$restart = "yes";
}
}
if (!empty($restart)) {
exec(HESTIA_CMD . "v-restart-dns", $output, $return_var);
}
if (empty($_POST["record"])) {
header("Location: /list/dns/");
exit();
} else {
header("Location: /list/dns/?domain=" . $domain);
exit();
}

46
web/bulk/firewall/banlist/index.php Normal file
View File

@@ -0,0 +1,46 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check token
verify_csrf($_POST);
// Check user
if ($_SESSION["userContext"] != "admin") {
header("Location: /list/user");
exit();
}
if (empty($_POST["ipchain"])) {
header("Location: /list/firewall/banlist/");
exit();
}
if (empty($_POST["action"])) {
header("Location: /list/firewall/banlist/");
exit();
}
$ipchain = $_POST["ipchain"];
$action = $_POST["action"];
switch ($action) {
case "delete":
$cmd = "v-delete-firewall-ban";
break;
default:
header("Location: /list/firewall/banlist/");
exit();
}
foreach ($ipchain as $value) {
[$ip, $chain] = explode(":", $value);
$v_ip = quoteshellarg($ip);
$v_chain = quoteshellarg($chain);
exec(HESTIA_CMD . $cmd . " " . $v_ip . " " . $v_chain, $output, $return_var);
}
header("Location: /list/firewall/banlist");

51
web/bulk/firewall/index.php Normal file
View File

@@ -0,0 +1,51 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check token
verify_csrf($_POST);
// Check user
if ($_SESSION["userContext"] != "admin") {
header("Location: /list/user");
exit();
}
if (empty($_POST["rule"])) {
header("Location: /list/firewall/");
exit();
}
if (empty($_POST["action"])) {
header("Location: /list/firewall/");
exit();
}
$rule = $_POST["rule"];
$action = $_POST["action"];
switch ($action) {
case "delete":
$cmd = "v-delete-firewall-rule";
break;
case "suspend":
$cmd = "v-suspend-firewall-rule";
break;
case "unsuspend":
$cmd = "v-unsuspend-firewall-rule";
break;
default:
header("Location: /list/firewall/");
exit();
}
foreach ($rule as $value) {
$value = quoteshellarg($value);
exec(HESTIA_CMD . $cmd . " " . $value, $output, $return_var);
$restart = "yes";
}
header("Location: /list/firewall/");

43
web/bulk/firewall/ipset/index.php Normal file
View File

@@ -0,0 +1,43 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check token
verify_csrf($_POST);
// Check user
if ($_SESSION["userContext"] != "admin") {
header("Location: /list/user");
exit();
}
if (empty($_POST["setname"])) {
header("Location: /list/firewall/ipset/");
exit();
}
if (empty($_POST["action"])) {
header("Location: /list/firewall/ipset/");
exit();
}
$setname = $_POST["setname"];
$action = $_POST["action"];
switch ($action) {
case "delete":
$cmd = "v-delete-firewall-ipset";
break;
default:
header("Location: /list/firewall/ipset/");
exit();
}
foreach ($setname as $value) {
$v_name = quoteshellarg($value);
exec(HESTIA_CMD . $cmd . " " . $v_name, $output, $return_var);
}
header("Location: /list/firewall/ipset/");

47
web/bulk/ip/index.php Normal file
View File

@@ -0,0 +1,47 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check token
verify_csrf($_POST);
if (empty($_POST["ip"])) {
header("Location: /list/ip");
exit();
}
if (empty($_POST["action"])) {
header("Location: /list/ip");
exit();
}
$ip = $_POST["ip"];
$action = $_POST["action"];
if ($_SESSION["userContext"] === "admin") {
switch ($action) {
case "reread IP":
exec(HESTIA_CMD . "v-update-sys-ip", $output, $return_var);
header("Location: /list/ip/");
exit();
break;
case "delete":
$cmd = "v-delete-sys-ip";
break;
default:
header("Location: /list/ip/");
exit();
}
} else {
header("Location: /list/ip/");
exit();
}
foreach ($ip as $value) {
$value = quoteshellarg($value);
exec(HESTIA_CMD . $cmd . " " . $value, $output, $return_var);
}
header("Location: /list/ip/");

125
web/bulk/mail/index.php Normal file
View File

@@ -0,0 +1,125 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check token
verify_csrf($_POST);
if (empty($_POST["domain"])) {
header("Location: /list/mail");
exit();
}
if (empty($_POST["action"])) {
header("Location: /list/mail");
exit();
}
$domain = $_POST["domain"];
if (empty($_POST["account"])) {
$account = "";
} else {
$account = $_POST["account"];
}
$action = $_POST["action"];
if ($_SESSION["userContext"] === "admin") {
if (empty($_POST["account"])) {
switch ($action) {
case "rebuild":
$cmd = "v-rebuild-mail-domain";
break;
case "delete":
$cmd = "v-delete-mail-domain";
break;
case "suspend":
$cmd = "v-suspend-mail-domain";
break;
case "unsuspend":
$cmd = "v-unsuspend-mail-domain";
break;
default:
header("Location: /list/mail/");
exit();
}
} else {
switch ($_POST["account"]) {
case "delete":
$cmd = "v-delete-mail-account";
break;
case "suspend":
$cmd = "v-suspend-mail-account";
break;
case "unsuspend":
$cmd = "v-unsuspend-mail-account";
break;
default:
header("Location: /list/mail/?domain=" . $domain);
exit();
}
}
} else {
if (empty($_POST["account"])) {
switch ($action) {
case "delete":
$cmd = "v-delete-mail-domain";
break;
case "suspend":
$cmd = "v-suspend-mail-domain";
break;
case "unsuspend":
$cmd = "v-unsuspend-mail-domain";
break;
default:
header("Location: /list/mail/");
exit();
}
} else {
switch ($_POST["account"]) {
case "delete":
$cmd = "v-delete-mail-account";
break;
case "suspend":
$cmd = "v-suspend-mail-account";
break;
case "unsuspend":
$cmd = "v-unsuspend-mail-account";
break;
default:
header("Location: /list/mail/?domain=" . $domain);
exit();
}
}
}
if (empty($_POST["account"])) {
if (is_array($domain)) {
foreach ($domain as $value) {
// Mail
$value = quoteshellarg($value);
exec(HESTIA_CMD . $cmd . " " . $user . " " . $value, $output, $return_var);
$restart = "yes";
}
} else {
header("Location: /list/mail/?domain=" . $domain);
exit();
}
} else {
foreach ($account as $value) {
// Mail Account
$value = quoteshellarg($value);
$dom = quoteshellarg($domain);
exec(HESTIA_CMD . $cmd . " " . $user . " " . $dom . " " . $value, $output, $return_var);
$restart = "yes";
}
}
if (empty($account)) {
header("Location: /list/mail/");
exit();
} else {
header("Location: /list/mail/?domain=" . $domain);
exit();
}

43
web/bulk/package/index.php Normal file
View File

@@ -0,0 +1,43 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check token
verify_csrf($_POST);
if (empty($_POST["package"])) {
header("Location: /list/package");
exit();
}
if (empty($_POST["action"])) {
header("Location: /list/package");
exit();
}
$package = $_POST["package"];
$action = $_POST["action"];
if ($_SESSION["userContext"] === "admin") {
switch ($action) {
case "delete":
$cmd = "v-delete-user-package";
break;
default:
header("Location: /list/package/");
exit();
}
} else {
header("Location: /list/package/");
exit();
}
foreach ($package as $value) {
$value = quoteshellarg($value);
exec(HESTIA_CMD . $cmd . " " . $value, $output, $return_var);
$restart = "yes";
}
header("Location: /list/package/");

88
web/bulk/restore/index.php Normal file
View File

@@ -0,0 +1,88 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check token
verify_csrf($_POST);
if (empty($_POST["backup"])) {
header("Location: /list/backup/");
exit();
}
if (empty($_POST["action"])) {
header("Location: /list/backup");
exit();
}
$action = $_POST["action"];
$backup = quoteshellarg($_POST["backup"]);
$web = "no";
$dns = "no";
$mail = "no";
$db = "no";
$cron = "no";
$udir = "no";
if (!empty($_POST["web"])) {
$web = quoteshellarg(implode(",", $_POST["web"]));
}
if (!empty($_POST["dns"])) {
$dns = quoteshellarg(implode(",", $_POST["dns"]));
}
if (!empty($_POST["mail"])) {
$mail = quoteshellarg(implode(",", $_POST["mail"]));
}
if (!empty($_POST["db"])) {
$db = quoteshellarg(implode(",", $_POST["db"]));
}
if (!empty($_POST["cron"])) {
$cron = "yes";
}
if (!empty($_POST["udir"])) {
$udir = quoteshellarg(implode(",", $_POST["udir"]));
}
if ($action == "restore") {
exec(
HESTIA_CMD .
"v-schedule-user-restore " .
$user .
" " .
$backup .
" " .
$web .
" " .
$dns .
" " .
$mail .
" " .
$db .
" " .
$cron .
" " .
$udir,
$output,
$return_var,
);
if ($return_var == 0) {
$_SESSION["error_msg"] = _(
"Task has been added to the queue. You will receive an email notification when your restore has been completed.",
);
} else {
$_SESSION["error_msg"] = implode("<br>", $output);
if (empty($_SESSION["error_msg"])) {
$_SESSION["error_msg"] = _("Error: Hestia did not return any output.");
}
if ($return_var == 4) {
$_SESSION["error_msg"] = _(
"An existing restoration task is already running. Please wait for it to finish before launching it again.",
);
}
}
}
header("Location: /list/backup/?backup=" . $_POST["backup"]);

53
web/bulk/service/index.php Normal file
View File

@@ -0,0 +1,53 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check token
verify_csrf($_POST);
if (empty($_POST["service"])) {
header("Location: /list/server/");
exit();
}
if (empty($_POST["action"])) {
header("Location: /list/server/");
exit();
}
$service = $_POST["service"];
$action = $_POST["action"];
if ($_SESSION["userContext"] === "admin") {
switch ($action) {
case "stop":
$cmd = "v-stop-service";
break;
case "start":
$cmd = "v-start-service";
break;
case "restart":
$cmd = "v-restart-service";
break;
default:
header("Location: /list/server/");
exit();
}
if (!empty($_POST["system"]) && $action == "restart") {
$_SESSION["error_srv"] = _("The system is going down for reboot NOW!");
exec(HESTIA_CMD . "v-restart-system yes", $output, $return_var);
unset($output);
header("Location: /list/server/");
exit();
}
foreach ($service as $value) {
$value = quoteshellarg($value);
exec(HESTIA_CMD . $cmd . " " . $value, $output, $return_var);
}
}
header("Location: /list/server/");

85
web/bulk/user/index.php Normal file
View File

@@ -0,0 +1,85 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check token
verify_csrf($_POST);
if (empty($_POST["user"])) {
header("Location: /list/user");
exit();
}
if (empty($_POST["action"])) {
header("Location: /list/user");
exit();
}
$user = $_POST["user"];
$action = $_POST["action"];
if ($_SESSION["userContext"] === "admin") {
switch ($action) {
case "delete":
$cmd = "v-delete-user";
$restart = "no";
break;
case "suspend":
$cmd = "v-suspend-user";
$restart = "no";
break;
case "unsuspend":
$cmd = "v-unsuspend-user";
$restart = "no";
break;
case "update counters":
$cmd = "v-update-user-counters";
break;
case "rebuild":
$cmd = "v-rebuild-all";
$restart = "no";
break;
case "rebuild user":
$cmd = "v-rebuild-user";
$restart = "no";
break;
case "rebuild web":
$cmd = "v-rebuild-web-domains";
$restart = "no";
break;
case "rebuild dns":
$cmd = "v-rebuild-dns-domains";
$restart = "no";
break;
case "rebuild mail":
$cmd = "v-rebuild-mail-domains";
break;
case "rebuild db":
$cmd = "v-rebuild-databases";
break;
case "rebuild cron":
$cmd = "v-rebuild-cron-jobs";
break;
default:
header("Location: /list/user/");
exit();
}
} else {
switch ($action) {
case "update counters":
$cmd = "v-update-user-counters";
break;
default:
header("Location: /list/user/");
exit();
}
}
foreach ($user as $value) {
$value = quoteshellarg($value);
exec(HESTIA_CMD . $cmd . " " . $value . " " . $restart, $output, $return_var);
$changes = "yes";
}
header("Location: /list/user/");

71
web/bulk/web/index.php Normal file
View File

@@ -0,0 +1,71 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check token
verify_csrf($_POST);
if (empty($_POST["domain"])) {
header("Location: /list/web/");
exit();
}
if (empty($_POST["action"])) {
header("Location: /list/web");
exit();
}
$domain = $_POST["domain"];
$action = $_POST["action"];
if ($_SESSION["userContext"] === "admin") {
switch ($action) {
case "delete":
$cmd = "v-delete-web-domain";
break;
case "rebuild":
$cmd = "v-rebuild-web-domain";
break;
case "suspend":
$cmd = "v-suspend-web-domain";
break;
case "unsuspend":
$cmd = "v-unsuspend-web-domain";
break;
default:
header("Location: /list/web/");
exit();
}
} else {
switch ($action) {
case "delete":
$cmd = "v-delete-web-domain";
break;
case "suspend":
$cmd = "v-suspend-web-domain";
break;
case "unsuspend":
$cmd = "v-unsuspend-web-domain";
break;
default:
header("Location: /list/web/");
exit();
}
}
foreach ($domain as $value) {
$value = quoteshellarg($value);
exec(HESTIA_CMD . $cmd . " " . $user . " " . $value . " no", $output, $return_var);
$restart = "yes";
}
if (isset($restart)) {
exec(HESTIA_CMD . "v-restart-web", $output, $return_var);
exec(HESTIA_CMD . "v-restart-proxy", $output, $return_var);
exec(HESTIA_CMD . "v-restart-dns", $output, $return_var);
exec(HESTIA_CMD . "v-restart-web-backend", $output, $return_var);
}
header("Location: /list/web/");

42
web/copy/package/index.php Normal file
View File

@@ -0,0 +1,42 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check token
verify_csrf($_GET);
// Check user
if ($_SESSION["userContext"] != "admin") {
header("Location: /list/user");
exit();
}
// Check package argument
if (empty($_GET["package"])) {
header("Location: /list/package/");
exit();
}
if ($_SESSION["userContext"] === "admin") {
if (!empty($_GET["package"])) {
$v_package = quoteshellarg($_GET["package"]);
exec(
HESTIA_CMD . "v-copy-user-package " . $v_package . " " . $v_package . "-copy",
$output,
$return_var,
);
}
if ($return_var != 0) {
$_SESSION["error_msg"] = implode("<br>", $output);
if (empty($_SESSION["error_msg"])) {
$_SESSION["error_msg"] = _("Error: unable to copy package.");
}
}
unset($output);
}
header("Location: /list/package/");
exit();

127
web/css/src/base.css Normal file
View File

@@ -0,0 +1,127 @@
/* Base
========================================================================== */
html {
height: 100%;
box-sizing: border-box;
font-family: sans-serif;
scroll-behavior: smooth;
}
*,
*::before,
*::after {
box-sizing: inherit;
}
[x-cloak] {
display: none !important;
}
html,
input,
textarea,
select,
button {
-webkit-font-smoothing: antialiased;
-moz-osx-font-smoothing: grayscale;
}
body {
font-family: var(--font-family);
font-size: 0.85rem;
line-height: 1.5;
height: 100%;
color: var(--color-text);
background-color: var(--color-background);
}
a {
color: var(--color-text-link);
text-decoration: none;
&:hover {
color: var(--color-text-link-hover);
}
}
p,
pre {
margin: 0;
}
h1,
.u-text-H1,
h2,
.u-text-H2,
h3,
.u-text-H3 {
color: var(--color-text-heading);
font-weight: 500;
margin: 0;
}
h1,
.u-text-H1 {
font-size: 1.4rem;
}
h2,
.u-text-H2 {
font-size: 1.2rem;
}
h3,
.u-text-H3 {
font-size: 1rem;
}
ol,
ul {
list-style: none;
margin: 0;
padding: 0;
}
button {
cursor: pointer;
line-height: inherit;
}
img {
vertical-align: middle;
}
table {
width: 100%;
border-collapse: collapse;
border-spacing: 0;
}
textarea {
resize: vertical;
min-height: 60px;
}
fieldset {
border: 0;
margin: 0;
padding: 0;
}
dialog {
position: fixed;
padding: 0;
&::backdrop {
background-color: rgb(0 0 0 / 50%);
}
}
summary {
list-style: none;
&::-webkit-details-marker {
display: none;
}
}

76
web/css/src/dependencies/animate.css vendored Normal file
View File

@@ -0,0 +1,76 @@
/*
* Some parts of Animate.css v4.1.1
*/
:root {
--animate-duration: 1s;
--animate-delay: 1s;
--animate-repeat: 1;
}
.animate__animated {
animation-duration: 1s;
animation-duration: var(--animate-duration);
animation-fill-mode: both;
&.animate__delay-1s {
animation-delay: 1s;
animation-delay: var(--animate-delay);
}
}
.animate__fadeIn {
animation-name: fadeIn;
}
@keyframes fadeIn {
from {
opacity: 0;
}
to {
opacity: 1;
}
}
.animate__zoomIn {
animation-name: zoomIn;
}
@keyframes zoomIn {
from {
opacity: 0;
transform: scale3d(0.3, 0.3, 0.3);
}
50% {
opacity: 1;
}
}
.animate__swing {
transform-origin: top center;
animation-name: swing;
}
@keyframes swing {
20% {
transform: rotate3d(0, 0, 1, 15deg);
}
40% {
transform: rotate3d(0, 0, 1, -10deg);
}
60% {
transform: rotate3d(0, 0, 1, 5deg);
}
80% {
transform: rotate3d(0, 0, 1, -5deg);
}
to {
transform: rotate3d(0, 0, 1, 0deg);
}
}

126
web/css/src/fonts.css Normal file
View File

@@ -0,0 +1,126 @@
/* Exo primary font
========================================================================== */
/* exo-300 - latin */
@font-face {
font-family: Exo;
font-style: normal;
font-weight: 300;
src: local("Exo Light"), local("Exo-Light"),
url("/webfonts/exo-v20-latin-300.woff2") format("woff2"),
url("/webfonts/exo-v20-latin-300.woff") format("woff");
font-display: swap;
}
/* exo-300italic - latin */
@font-face {
font-family: Exo;
font-style: italic;
font-weight: 300;
src: local("Exo Light Italic"), local("Exo-LightItalic"),
url("/webfonts/exo-v20-latin-300italic.woff2") format("woff2"),
url("/webfonts/exo-v20-latin-300italic.woff") format("woff");
font-display: swap;
}
/* exo-regular - latin */
@font-face {
font-family: Exo;
font-style: normal;
font-weight: 400;
src: local("Exo Regular"), local("Exo-Regular"),
url("/webfonts/exo-v20-latin-regular.woff2") format("woff2"),
url("/webfonts/exo-v20-latin-regular.woff") format("woff");
font-display: swap;
}
/* exo-italic - latin */
@font-face {
font-family: Exo;
font-style: italic;
font-weight: 400;
src: local("Exo Italic"), local("Exo-Italic"),
url("/webfonts/exo-v20-latin-italic.woff2") format("woff2"),
url("/webfonts/exo-v20-latin-italic.woff") format("woff");
font-display: swap;
}
/* exo-500 - latin */
@font-face {
font-family: Exo;
font-style: normal;
font-weight: 500;
src: local("Exo Medium"), local("Exo-Medium"),
url("/webfonts/exo-v20-latin-500.woff2") format("woff2"),
url("/webfonts/exo-v20-latin-500.woff") format("woff");
font-display: swap;
}
/* exo-500italic - latin */
@font-face {
font-family: Exo;
font-style: italic;
font-weight: 500;
src: local("Exo Medium Italic"), local("Exo-MediumItalic"),
url("/webfonts/exo-v20-latin-500italic.woff2") format("woff2"),
url("/webfonts/exo-v20-latin-500italic.woff") format("woff");
font-display: swap;
}
/* exo-600 - latin */
@font-face {
font-family: Exo;
font-style: normal;
font-weight: 600;
src: local("Exo SemiBold"), local("Exo-SemiBold"),
url("/webfonts/exo-v20-latin-600.woff2") format("woff2"),
url("/webfonts/exo-v20-latin-600.woff") format("woff");
font-display: swap;
}
/* exo-600italic - latin */
@font-face {
font-family: Exo;
font-style: italic;
font-weight: 600;
src: local("Exo SemiBold Italic"), local("Exo-SemiBoldItalic"),
url("/webfonts/exo-v20-latin-600italic.woff2") format("woff2"),
url("/webfonts/exo-v20-latin-600italic.woff") format("woff");
font-display: swap;
}
/* exo-700 - latin */
@font-face {
font-family: Exo;
font-style: normal;
font-weight: 700;
src: local("Exo Bold"), local("Exo-Bold"),
url("/webfonts/exo-v20-latin-700.woff2") format("woff2"),
url("/webfonts/exo-v20-latin-700.woff") format("woff");
font-display: swap;
}
/* exo-700italic - latin */
@font-face {
font-family: Exo;
font-style: italic;
font-weight: 700;
src: local("Exo Bold Italic"), local("Exo-BoldItalic"),
url("/webfonts/exo-v20-latin-700italic.woff2") format("woff2"),
url("/webfonts/exo-v20-latin-700italic.woff") format("woff");
font-display: swap;
}
/* Inconsolata console font
========================================================================== */
/* inconsolata-regular - latin */
@font-face {
font-family: Inconsolata;
font-style: normal;
font-weight: 400;
src: local("Inconsolata Regular"), local("Inconsolata-Regular"),
url("/webfonts/inconsolata-regular.woff2") format("woff2"),
url("/webfonts/inconsolata-regular.woff") format("woff");
font-display: swap;
}

6
web/css/src/media_queries.css Normal file
View File

@@ -0,0 +1,6 @@
/* Custom media queries
========================================================================== */
@custom-media --viewport-small (min-width: 480px);
@custom-media --viewport-medium (min-width: 768px);
@custom-media --viewport-large (min-width: 1024px);

810
web/css/src/themes/dark.css Normal file
View File

@@ -0,0 +1,810 @@
/*
Theme Name: Dark
Author: Kristan Kenney (@kristankenney)
Website: www.hestiacp.com
*/
@import url("../media_queries");
:root {
--color-text: #cdcdcd;
--color-text-link: #4fabe9;
--color-text-link-hover: #ff3478;
--color-text-heading: #e8e8e8;
--color-background: #282828;
--alert-border-color: #212121;
/* Alerts */
--alert-danger-color: #d13535;
/* Icons */
--icon-color-purple: #c364ff;
--icon-color-maroon: #ff3478;
--icon-color-green: #37cf39;
--icon-color-blue: #0092f4;
/* Charts */
--chart-label-color: #cdcdcd;
--chart-grid-color: #434343;
}
/* Top bar
========================================================================== */
.top-bar {
background: #454545;
border-bottom: 1px solid #505050;
box-shadow: 0 8px 15px rgb(0 0 0 / 25%);
}
.top-bar-usage-inner {
color: #909090;
}
.top-bar-usage-item {
color: #cacaca;
& .fas {
color: #909090;
}
}
.top-bar-notifications-panel {
background-color: rgb(50 50 50 / 99%);
@media (--viewport-small) {
border-color: #404040;
}
}
.top-bar-notifications-empty {
color: #dadada;
& .fas {
color: #dadada;
}
}
.top-bar-notification-item {
text-shadow: 0 1px rgb(0 0 0 / 50%);
color: #dadada;
border-bottom-color: #282828;
&.unseen .top-bar-notification-title {
color: #fff;
}
}
.top-bar-notification-delete {
& .fas {
color: #ff3478;
}
}
.top-bar-notifications-delete-all {
border-top-color: #282828;
}
.top-bar-menu-panel {
background-color: #454545;
}
.top-bar-menu-link {
&:hover {
color: #dadada;
text-shadow: 1px 1px rgb(0 0 0 / 50%);
background: linear-gradient(
to bottom,
rgb(15 15 15 / 60%) 0%,
rgb(45 45 45 / 75%) 30%,
rgb(60 60 60 / 100%) 95%
);
box-shadow: none;
}
&:active {
background: linear-gradient(
to bottom,
rgb(15 15 15 / 70%) 0%,
rgb(45 45 45 / 85%) 30%,
rgb(50 50 50 / 100%) 95%
);
color: #fff;
text-shadow: 0 -1px 1px rgb(0 0 0 / 50%);
}
&.active {
color: #dadada;
background: linear-gradient(
to bottom,
rgb(15 15 15 / 60%) 0%,
rgb(45 45 45 / 75%) 30%,
rgb(60 60 60 / 100%) 95%
);
text-shadow: 0 1px rgb(0 0 0 / 50%);
border-left-color: #353535;
border-right-color: #353535;
}
}
.top-bar-menu-link-logout {
color: #e7e7e7;
}
/* Main menu
========================================================================== */
.main-menu-toggle {
&:hover {
& .main-menu-toggle-label {
color: #d7d7d7;
}
}
& .fas {
color: #d7d7d7;
}
}
.main-menu-toggle-label {
color: #bcbcbc;
}
.main-menu-list {
border-top-color: #454545;
}
.main-menu-item-link {
&:hover {
& .main-menu-item-label {
color: #d7d7d7;
}
}
&.active {
& .main-menu-item-label {
color: #c36;
& .fas {
color: #d7d7d7;
}
}
}
@media (--viewport-medium) {
border-bottom-color: #282828;
&:hover {
border-bottom-color: #d7d7d7;
}
&.active {
border-bottom-color: #c36;
}
}
}
.main-menu-item-label {
font-weight: 500;
color: #bcbcbc;
& .fas {
color: #707070;
}
}
/* Toolbar
========================================================================== */
.toolbar {
border-color: #454545;
background-color: #282828;
&.active {
box-shadow: 0 4px 6px rgb(0 0 0 / 25%);
}
& .form-select {
border-color: #454545;
background-color: #212121;
&:hover {
background-color: #212121;
}
}
& .form-control {
border-color: #454545;
background-color: #212121;
&:hover {
background-color: #212121;
border-right-color: #0090ff;
}
&:focus {
border-right-color: #0080df;
}
}
}
.toolbar-sorting-toggle {
&:hover {
color: #aaa;
& span {
color: #aaa;
}
}
}
.toolbar-sorting-menu {
background-color: rgb(40 40 40 / 95%);
box-shadow: 0 2px 16px 0 rgb(20 20 20 / 65%);
border-color: rgb(90 90 90 / 100%);
& li {
border-bottom: 1px solid #454545;
color: #dadada;
}
& span {
&:hover {
color: #fff;
background: linear-gradient(
to bottom,
rgb(25 25 25 / 60%) 0%,
rgb(55 55 55 / 75%) 30%,
rgb(70 70 70 / 100%) 95%
);
text-shadow: 0 -1px 1px rgb(0 0 0 / 50%);
box-shadow: inset 0 0 1px rgb(0 0 0 / 40%), inset -1px -1px 4px rgb(40 40 40 / 40%);
}
&:active,
&:focus {
background: linear-gradient(
to bottom,
rgb(35 35 35 / 60%) 0%,
rgb(65 65 65 / 75%) 30%,
rgb(80 80 80 / 100%) 95%
);
color: #fff;
text-shadow: 0 -1px 1px rgb(0 0 0 / 50%);
box-shadow: inset 0 0 1px rgb(0 0 0 / 40%), inset -1px -1px 4px rgb(40 40 40 / 40%);
}
&.active {
color: #fff;
background: linear-gradient(
to bottom,
rgb(15 15 15 / 60%) 0%,
rgb(45 45 45 / 75%) 30%,
rgb(60 60 60 / 100%) 95%
);
background-color: #454545;
text-shadow: 0 1px rgb(0 0 0 / 80%);
}
}
}
.toolbar-input-submit {
border-color: #454545;
background-color: #424242;
text-shadow: 1px 1px rgb(0 0 0 / 90%);
box-shadow: 0 1px 1px rgb(0 0 0 / 40%);
color: #cacaca;
&:hover {
color: #09f;
background-color: #454545;
}
&:active {
color: #0074c2;
text-shadow: 0 -1px rgb(255 255 255 / 20%);
box-shadow: inset 1px 1px 0 rgb(0 0 0 / 20%);
}
}
.toolbar-link {
color: #dadada;
&.selected {
color: #ff3478;
}
&:hover {
color: #ff3478;
}
}
/* Cards
========================================================================== */
.card {
background-color: #454545;
border-color: #606060;
box-shadow: 0 1px 4px rgb(0 0 0 / 20%), inset 0 0 60px rgb(0 0 0 / 25%);
}
.card-content {
color: #fafafa;
text-shadow: 0 1px rgb(0 0 0 / 95%);
}
/* Server summary component
========================================================================== */
.server-summary-icon {
color: #707070;
}
/* Panel component
========================================================================== */
.panel {
background-color: #454545;
border-color: #606060;
box-shadow: 0 1px 4px rgb(0 0 0 / 35%);
}
/* Collapse component
========================================================================== */
.collapse-header {
background: #454545;
border-color: #505050;
text-shadow: 0 1px rgb(0 0 0 / 40%);
box-shadow: inset 0 0 2px rgb(0 0 0 / 50%), 0 2px 6px rgb(0 0 0 / 40%);
color: #fff;
}
/* Units table
========================================================================== */
.units-table-header {
@media (--viewport-large) {
background: #404040;
box-shadow: none;
text-shadow: 0 1px rgb(0 0 0 / 95%);
border-color: #212121;
}
}
.units-table-row {
border-color: #282828;
background-color: #303030;
&.selected {
background-color: #454545;
box-shadow: none;
}
&.disabled {
color: #606060;
background-color: #252525;
&.selected {
color: #333;
background-color: #454545;
}
}
&.focus {
background-color: #353535;
}
@media (--viewport-large) {
&:hover {
background-color: #353535;
border-color: #282828;
box-shadow: none;
}
&.selected {
border-left-color: #212121;
border-right-color: #212121;
&:hover {
background-color: #555;
}
}
&.disabled {
&:hover {
background-color: #252525;
}
&.selected:hover {
color: #333;
background-color: #454545;
}
}
}
}
.units-table-cell {
& a {
color: #fafafa;
&:hover {
color: #fafafa;
}
}
}
.units-table-row-action-link {
border-color: #454545;
background-color: #282828;
@media (--viewport-large) {
background-color: transparent;
}
}
.units-table-badge {
@media (--viewport-large) {
color: #dadada;
border-color: #212121;
box-shadow: 0 1px 2px rgb(70 70 70 / 50%), inset 0 2px 2px rgb(0 0 0 / 65%);
text-shadow: 0 1px rgb(0 0 0 / 70%);
background-color: #252525;
}
}
/* Statistics
========================================================================== */
.stats-item {
border-bottom-color: #404040;
@media (--viewport-large) {
&:hover {
background-color: #353535;
border-left-color: #353535;
border-right-color: #353535;
box-shadow: 0 2px 10px rgb(0 0 0 / 20%);
}
}
}
.stats-item-header-title {
color: #eee;
}
.stats-item-summary-title {
border-bottom-color: #585858;
}
/* Forms
========================================================================== */
.form-label,
.form-check label {
color: #d4d4d4;
}
.form-control {
background-color: #454545;
border-color: #606060;
color: #d4d4d4;
box-shadow: 0 1px 4px rgb(0 0 0 / 35%);
&:hover {
border-color: #0090ff;
background-color: #494949;
}
&:focus {
background-color: #222;
border-color: #0080df;
color: #fff;
box-shadow: 0 1px 6px rgb(0 52 91 / 75%);
}
&.list-editor:focus {
background-color: #222;
box-shadow: none;
}
}
.form-select {
background-color: #454545;
border-color: #606060;
color: #d4d4d4;
text-shadow: 0 0 0 #d4d4d4;
box-shadow: 0 1px 4px rgb(0 0 0 / 35%);
&:hover {
border-color: #0090ff;
background-color: #494949;
}
&:focus {
background-color: #222;
border-color: #0080df;
color: #fff;
box-shadow: 0 1px 6px rgb(0 52 91 / 75%);
}
}
.form-control:disabled,
.form-select:disabled {
background-color: #303030;
text-shadow: 1px 1px rgb(0 0 0 / 30%);
color: #acacac;
border-color: #606060;
&:hover {
border-color: #606060;
}
}
.form-link {
color: #09f;
}
.form-link-danger {
&:hover {
background-color: #ff3478;
}
&:active {
background-color: #be1f54;
}
}
.unlimited-toggle {
& .fas {
color: #d4d4d4;
}
}
.hint {
color: #a2a2a2;
}
.section-title {
border-bottom-color: #484848;
}
/* Buttons
========================================================================== */
.button {
color: #eee;
text-shadow: 0 1px 1px rgb(0 0 0 / 35%);
font-weight: 400;
border-color: #707070;
background: #303030;
background: linear-gradient(
0deg,
rgb(48 48 48 / 100%) 0%,
rgb(53 53 53 / 100%) 35%,
rgb(69 69 69 / 100%) 100%
);
box-shadow: 0 1px 4px rgb(0 0 0 / 20%), inset 0 0 1px rgb(20 20 20 / 100%),
inset 0 0 3px rgb(0 0 0 / 50%);
&:hover {
color: #fff;
text-shadow: 1px 1px rgb(0 0 0 / 25%);
border-color: #0098ff;
background: linear-gradient(
0deg,
rgb(58 58 58 / 100%) 0%,
rgb(68 68 68 / 100%) 35%,
rgb(79 79 79 / 100%) 100%
);
background-color: #454545;
box-shadow: 0 1px 3px rgb(0 0 0 / 35%), inset 0 0 1px rgb(0 0 0 / 100%),
inset 0 0 3px rgb(0 0 0 / 65%);
}
&:active {
color: #d4d4d4;
text-shadow: 0 -1px 1px rgb(0 0 0 / 55%);
border-color: #0066b4;
background: linear-gradient(
0deg,
rgb(69 69 69 / 100%) 0%,
rgb(53 53 53 / 100%) 35%,
rgb(48 48 48 / 100%) 100%
);
box-shadow: 0 1px 3px rgb(0 0 0 / 30%), inset 0 0 1px rgb(0 0 0 / 100%),
inset -1px -1px 4px rgb(30 30 30 / 40%);
}
}
.button-secondary {
border-color: #454545;
background-color: #343434;
background: linear-gradient(
0deg,
rgb(48 48 48 / 100%) 0%,
rgb(53 53 53 / 100%) 100%,
rgb(69 69 69 / 100%) 100%
);
&:hover {
background-color: #343434;
background: linear-gradient(
0deg,
rgb(48 48 48 / 100%) 0%,
rgb(53 53 53 / 100%) 100%,
rgb(69 69 69 / 100%) 100%
);
}
}
.button-danger {
&:hover {
background: rgb(133 0 0);
background: linear-gradient(0deg, rgb(133 0 0 / 100%) 0%, rgb(203 0 0 / 100%) 100%);
color: #fff;
text-shadow: 0 1px rgb(0 0 0 / 45%);
border-color: rgb(170 0 0);
}
&:active,
&:focus {
background: rgb(133 0 0);
background: linear-gradient(180deg, rgb(133 0 0 / 100%) 0%, rgb(203 0 0 / 100%) 100%);
color: #4d0000;
text-shadow: 0 -1px 1px rgb(255 255 255 / 30%);
border-color: rgb(251 71 51);
}
}
/* Login
========================================================================== */
.body-login,
.body-reset {
background: #303030;
background: radial-gradient(circle, rgb(77 77 77 / 100%) 0%, rgb(31 31 31 / 100%) 100%);
}
.login {
& .error {
color: #f864fa;
}
@media (--viewport-small) {
background-color: #282828;
box-shadow: 0 8px 25px rgb(0 0 0 / 30%), inset 0 0 2px rgb(0 0 0 / 25%);
& .form-label {
color: #fff;
}
}
}
.login-title {
color: #fff;
}
.login-form-link {
color: #eee;
text-transform: initial;
font-weight: 400;
&:hover {
color: #ff3478;
}
}
.qr-code {
border: 1px solid #3b3b3b;
box-shadow: 0 1px 4px rgb(0 0 0 / 35%);
}
.console-output {
color: #dadada;
}
/* Spinner
========================================================================== */
.spinner-overlay {
& .fas {
box-shadow: 0 8px 25px rgb(0 0 0 / 90%);
}
}
/* Icon component
========================================================================== */
.icon-highlight {
color: #dadada;
&:hover {
color: #dadada;
}
}
.icon-dim {
color: #808080;
text-shadow: 1px 1px rgb(0 0 0 / 30%);
}
/* Modals
========================================================================== */
.modal {
background-color: #2c2c2c;
border-color: rgb(80 80 80 / 97%);
box-shadow: inset 0 1px 3px rgb(0 0 0 / 25%), 0 8px 25px rgb(0 0 0 / 90%);
}
.modal-title {
color: #f12569;
}
.modal-message {
color: #dadada;
}
.modal-options {
border-top: 1px solid #404040;
}
/* Shortcuts modal
========================================================================== */
.shortcuts {
background-color: #2c2c2c;
border-color: #404040;
box-shadow: 0 8px 25px rgb(0 0 0 / 90%);
}
.shortcuts-header {
border-bottom: 1px solid #353535;
}
/* Tabs component
========================================================================== */
.tabs {
box-shadow: 0 1px 4px rgb(0 0 0 / 25%);
border-color: #606060;
background-color: #454545;
}
.tabs-item {
color: #cacaca;
&:hover,
&[aria-selected="true"] {
color: #ff3478;
}
}
/* App footer
========================================================================== */
.app-footer {
color: #cdcdcd;
border-color: #454545;
}
/* Inline alerts
========================================================================== */
.inline-alert-success {
& a {
color: #fff;
&:hover {
color: #ff3478;
}
}
}
/* Debug panel
========================================================================== */
.debug-panel-content {
background-color: #282828;
}

2530
web/css/src/themes/default.css Normal file
View File

File diff suppressed because it is too large Load Diff

186
web/css/src/themes/flat.css Normal file
View File

@@ -0,0 +1,186 @@
/*
Theme Name: Flat
Author: Robert Zollner (@Lupul)
Website: www.hestiacp.com
*/
@import url("../media_queries");
:root {
/* Alerts */
--alert-box-shadow: none;
--alert-text-shadow: none;
}
/* Top bar
========================================================================== */
.top-bar {
box-shadow: none;
background: #5070a6;
}
.top-bar-usage-inner {
text-shadow: none;
}
.top-bar-notifications-panel {
@media (--viewport-small) {
box-shadow: none;
border-color: #ccc;
}
}
.top-bar-menu-link {
text-shadow: none;
&:hover,
&:active {
background: #fff;
box-shadow: none;
}
&.active {
background: #fff;
}
}
/* Toolbar
========================================================================== */
.toolbar-sorting-menu {
box-shadow: none;
border-color: #ccc;
background-color: #fff;
}
/* Units table
========================================================================== */
.units-table-row {
@media (--viewport-large) {
&:hover {
box-shadow: none;
}
}
}
.units-table-cell {
& a {
color: #5f7eb3;
&:hover {
color: #5f7eb3;
}
}
}
.units-table-badge {
@media (--viewport-large) {
box-shadow: none;
}
}
/* Statistics
========================================================================== */
.stats-item {
@media (--viewport-large) {
&:hover {
box-shadow: none;
}
}
}
/* Spinner
========================================================================== */
.spinner-overlay {
& .fas {
box-shadow: 0 2px 11px 0 rgb(0 0 0 / 50%);
}
}
/* Collapse component
========================================================================== */
.collapse-header {
background: #fafafa;
box-shadow: none;
}
/* Forms
========================================================================== */
.form-control,
.form-select {
box-shadow: none;
}
/* Buttons
========================================================================== */
.button {
box-shadow: none;
background: linear-gradient(to bottom, rgb(235 243 249 / 100%) 0%, rgb(223 235 245 / 100%) 100%);
&:hover {
color: #6986b7;
box-shadow: none;
background: linear-gradient(
to bottom,
rgb(241 248 253 / 100%) 0%,
rgb(227 240 251 / 100%) 100%
);
}
&:active {
box-shadow: none;
background: linear-gradient(
to bottom,
rgb(210 232 250 / 100%) 0%,
rgb(194 224 248 / 100%) 100%
);
}
}
.button-secondary {
box-shadow: none;
background: linear-gradient(to bottom, rgb(250 250 250 / 100%) 0%, rgb(241 241 241 / 100%) 100%);
}
.button-danger {
&:hover {
background: #fcd3cf;
color: #f4301a;
border-color: #f27e71;
}
&:active {
background: #a91200;
color: #fff;
border-color: #f4301a;
}
}
/* Modals
========================================================================== */
.modal {
box-shadow: 0 2px 11px 0 rgb(0 0 0 / 50%);
}
/* Login
========================================================================== */
.body-login,
.body-reset {
background: #5f7eb3;
}
.login {
@media (--viewport-small) {
background-color: rgb(255 255 255 / 80%);
box-shadow: 0 2px 10px rgb(0 0 0 / 30%), inset 0 0 2px rgb(255 255 255 / 100%);
}
}

459
web/css/src/themes/vestia.css Normal file
View File

@@ -0,0 +1,459 @@
/*
Theme Name: Vestia
Author: Kristan Kenney (@kristankenney)
Website: www.hestiacp.com
*/
@import url("../media_queries");
:root {
--animate-duration: 0s;
--font-family: "Arial", system-ui;
--color-text-link: #444;
--color-text-link-hover: #ff791f;
/* Alerts */
--alert-box-shadow: none;
--alert-text-shadow: none;
}
h1 {
font-weight: 600;
}
/* Top bar
========================================================================== */
.top-bar {
box-shadow: none;
background: #5d5d5d;
}
.top-bar-notifications-panel {
@media (--viewport-small) {
box-shadow: 0 2px 10px 0 rgb(0 0 0 / 25%);
border-color: #ccc;
border-bottom-left-radius: 2px;
border-bottom-right-radius: 2px;
}
}
.top-bar-notification-item {
&.unseen .top-bar-notification-title {
color: #111;
}
}
.top-bar-notification-delete {
& .fas {
color: #ff6701;
}
}
.top-bar-menu-panel {
background-color: #5d5d5d;
}
.top-bar-menu-link {
&:hover,
&:active {
color: #fff;
background: #f79b44;
box-shadow: none;
text-shadow: none;
transition: none;
}
&.active {
color: #ff6701;
background: #fff;
}
}
/* Main menu
========================================================================== */
.main-menu-item-link {
&:hover {
& .main-menu-item-label {
color: #ff791f;
}
}
&.active {
& .main-menu-item-label {
color: #ff791f;
}
}
& .fas {
display: none;
}
@media (--viewport-medium) {
text-align: left;
&:hover {
border-bottom-color: #ff791f;
}
&.active {
border-bottom-color: #ff791f;
}
}
}
.main-menu-item-label {
font-size: 0.9rem;
}
/* Toolbar
========================================================================== */
.toolbar {
& .form-control {
&:hover {
border-right-color: #e95e00;
}
&:focus {
border-right-color: #e95e00;
}
}
}
.toolbar-sorting-menu {
box-shadow: none;
border-color: #ccc;
background-color: #fff;
& span {
&:hover {
color: #ff6701;
background: none;
}
&.active {
background: none;
font-weight: bold;
color: #ff6701;
}
}
}
.toolbar-input-submit {
background-color: #cacaca;
border-radius: 0;
color: #fff;
text-shadow: 0 1px 2px rgb(0 0 0 / 35%);
&:hover {
color: #777;
background-color: #cacaca;
text-shadow: 0 1px 2px rgb(255 255 255 / 45%);
}
&:active {
text-shadow: none;
color: #a9cc06;
}
}
.toolbar-buttons {
& .button {
border-color: transparent;
color: #fff;
text-transform: uppercase;
text-shadow: 0 1px 2px rgb(0 0 0 / 40%);
background: #a0c105;
background-color: #a0c105;
&:hover {
border-color: transparent;
color: #fff;
background: #a9cc06;
background-color: #a9cc06;
text-shadow: 0 1px 2px rgb(0 0 0 / 30%);
}
}
& .button-danger:hover {
color: #f4301a;
text-shadow: none;
}
& .button-back {
color: #326b9b;
background: none;
text-shadow: none;
text-transform: none;
font-size: 0.9rem;
border: none;
&:hover {
color: #367ac1;
background: none;
text-shadow: none;
text-transform: none;
}
&:active {
color: #ff6701;
background: none;
text-shadow: none;
text-transform: none;
}
}
}
/* Units table
========================================================================== */
.units-table-row {
@media (--viewport-large) {
&:hover {
box-shadow: none;
}
}
}
.units-table-cell {
& a:hover {
color: #ff6701;
}
}
.units-table-badge {
@media (--viewport-large) {
border-color: #eaeaea;
box-shadow: none;
border-radius: 4px;
}
}
/* Statistics
========================================================================== */
.stats-item {
@media (--viewport-large) {
&:hover {
box-shadow: none;
}
}
}
/* Spinner
========================================================================== */
.spinner-overlay {
& .fas {
box-shadow: 0 2px 11px 0 rgb(0 0 0 / 50%);
}
}
/* Buttons
========================================================================== */
.button {
border-color: transparent;
color: #fff;
text-shadow: 0 1px 2px rgb(0 0 0 / 40%);
text-transform: uppercase;
font-weight: 600;
padding-top: 6px;
padding-bottom: 6px;
background: #a0c105;
background-color: #a0c105;
border-radius: 2px;
box-shadow: none;
&:hover {
border-color: transparent;
color: #fff;
background: #a9cc06;
background-color: #a9cc06;
text-shadow: 0 1px 2px rgb(0 0 0 / 30%);
transition: none;
box-shadow: none;
}
&:active {
border-color: transparent;
color: #fff;
background: #809c00;
background-color: #809c00;
text-shadow: 0 0 2px rgb(0 0 0 / 20%);
box-shadow: none;
}
& .fas {
display: none;
}
}
.button-secondary {
color: var(--color-text-link);
text-shadow: none;
text-transform: none;
border-color: #bbb;
background: #fff;
&:hover {
color: #326b9b;
text-shadow: none;
border-color: #bbb;
background: #f5f5f5;
}
&:active {
color: #326b9b;
text-shadow: none;
border-color: #aaa;
background: #f5f5f5;
}
}
.button-danger:hover {
color: #f4301a;
text-shadow: none;
}
.button-floating {
& .fas {
display: block;
}
}
/* Modals
========================================================================== */
.modal {
box-shadow: 0 2px 11px 0 rgb(0 0 0 / 50%);
}
.modal-title {
color: #111;
}
.modal-message {
color: #333;
}
/* Forms
========================================================================== */
.form-control,
.form-select {
box-shadow: none;
border-radius: 0;
&:hover {
border-color: #e95e00;
}
}
.form-control:focus {
border-color: #ff6701;
background-color: #fff4ed;
color: #333;
}
.form-select:focus {
border-color: #ff6701;
color: #333;
}
.password-meter {
margin-left: 0;
margin-right: 0;
border-radius: 0;
box-shadow: none;
}
/* Shortcuts panel
========================================================================== */
.shortcuts {
border-color: #111;
border-radius: 2px;
box-shadow: 0 3px 12px rgb(0 0 0 / 80%);
}
.shortcuts-title,
.shortcuts .key {
color: #b5da0b;
}
/* Panel component
========================================================================== */
.panel {
box-shadow: none;
border-radius: 0;
}
/* Collapse component
========================================================================== */
.collapse-header {
background: #fafafa;
box-shadow: none;
color: #444;
&:hover {
color: #ff791f;
}
& .fas {
display: none;
}
}
/* Tabs component
========================================================================== */
.tabs {
border-radius: 0;
box-shadow: none;
}
.tabs-item {
color: #777;
&:hover,
&[aria-selected="true"] {
color: #ff6701;
}
&:active {
color: #e95e00;
}
}
/* Login
========================================================================== */
.body-login,
.body-reset {
background: #ededed;
}
.login {
& .form-label {
color: #4b4b4b;
}
@media (--viewport-small) {
background-color: rgb(255 255 255 / 100%);
box-shadow: 0 2px 5px rgb(0 0 0 / 30%), inset 0 0 2px rgb(255 255 255);
border-radius: 0;
}
}
.login-title {
color: #4b4b4b;
}
.login-form-link {
color: #326b9b;
}

192
web/css/src/utilities.css Normal file
View File

@@ -0,0 +1,192 @@
/* Utilities
========================================================================== */
.u-block {
display: block !important;
}
.u-hidden {
display: none !important;
}
.u-hidden-visually {
border: 0 !important;
clip: rect(1px, 1px, 1px, 1px) !important;
height: 1px !important;
overflow: hidden !important;
padding: 0 !important;
position: absolute !important;
width: 1px !important;
}
.u-noselect {
user-select: none !important;
}
.u-text-right {
text-align: right !important;
}
.u-text-center {
text-align: center !important;
}
.u-text-center-desktop {
@media (--viewport-large) {
text-align: center !important;
}
}
.u-text-small {
font-size: 0.75rem !important;
}
.u-text-bold {
font-weight: bold !important;
}
.u-text-truncate {
overflow: hidden !important;
text-overflow: ellipsis !important;
white-space: nowrap !important;
}
.u-text-break {
word-break: break-word !important;
}
.u-text-no-wrap {
white-space: nowrap !important;
}
.u-overflow {
overflow: auto !important;
}
.u-mt15 {
margin-top: 15px !important;
}
.u-mt10 {
margin-top: 10px !important;
}
.u-mt20 {
margin-top: 20px !important;
}
.u-ml5 {
margin-left: 5px !important;
}
.u-ml10 {
margin-left: 10px !important;
}
.u-mr5 {
margin-right: 5px !important;
}
.u-mr10 {
margin-right: 10px !important;
}
.u-mb5 {
margin-bottom: 5px !important;
}
.u-mb10 {
margin-bottom: 10px !important;
}
.u-mb20 {
margin-bottom: 20px !important;
}
.u-mb40 {
margin-bottom: 40px !important;
}
.u-pt10 {
padding-top: 10px !important;
}
.u-pl30 {
padding-left: 30px !important;
}
.u-pr30 {
padding-right: 30px !important;
}
.u-pos-relative {
position: relative !important;
}
.u-width-full {
width: 100% !important;
}
.u-min-height100 {
min-height: 100px !important;
}
.u-min-height300 {
min-height: 300px !important;
}
.u-min-height600 {
min-height: 600px !important;
}
.u-max-width200 {
max-width: 200px !important;
}
.u-max-width300 {
max-width: 300px !important;
}
.u-max-height300 {
max-height: 300px !important;
}
.u-side-by-side {
display: flex !important;
justify-content: space-between !important;
align-items: center !important;
}
.u-list-bulleted {
list-style: disc !important;
padding-left: 40px !important;
}
.u-allow-resize {
min-width: 100% !important;
resize: both !important;
}
.u-unstyled-button {
border: 0 !important;
padding: 0 !important;
background-color: transparent !important;
}
.u-console {
font-family: var(--font-family-monospace) !important;
white-space: pre !important;
line-height: 1.2 !important;
}
.u-hide-tablet {
@media (--viewport-medium) {
display: none !important;
}
}
.u-hide-desktop {
@media (--viewport-large) {
display: none !important;
}
}

50
web/delete/access-key/index.php Normal file
View File

@@ -0,0 +1,50 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check token
verify_csrf($_GET);
if ($_SESSION["userContext"] === "admin" && !empty($_GET["user"])) {
$user = quoteshellarg($_GET["user"]);
$user_plain = $_GET["user"];
}
// Checks if API access is enabled
$api_status =
!empty($_SESSION["API_SYSTEM"]) && is_numeric($_SESSION["API_SYSTEM"])
? $_SESSION["API_SYSTEM"]
: 0;
if (($user_plain == "admin" && $api_status < 1) || ($user_plain != "admin" && $api_status < 2)) {
header("Location: /edit/user/");
exit();
}
if (!empty($_GET["key"])) {
$v_key = quoteshellarg(trim($_GET["key"]));
// Key data
exec(HESTIA_CMD . "v-list-access-key " . $v_key . " json", $output, $return_var);
$key_data = json_decode(implode("", $output), true);
unset($output);
if (empty($key_data) || $key_data["USER"] != $user_plain) {
header("Location: /list/access-key/");
exit();
}
exec(HESTIA_CMD . "v-delete-access-key " . $v_key, $output, $return_var);
check_return_code($return_var, $output);
unset($output);
}
$back = $_SESSION["back"];
if (!empty($back)) {
header("Location: " . $back);
exit();
}
header("Location: /list/key/");
exit();

32
web/delete/backup/exclusion/index.php Normal file
View File

@@ -0,0 +1,32 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
if ($_SESSION["userContext"] === "admin" && !empty($_GET["user"])) {
$user = quoteshellarg($_GET["user"]);
}
// Check token
verify_csrf($_GET);
if (!empty($_GET["system"])) {
$v_system = quoteshellarg($_GET["system"]);
exec(
HESTIA_CMD . "v-delete-user-backup-exclusions " . $user . " " . $v_system,
$output,
$return_var,
);
}
check_return_code($return_var, $output);
unset($output);
$back = $_SESSION["back"];
if (!empty($back)) {
header("Location: " . $back);
exit();
}
header("Location: /list/backup/exclusions/");
exit();

28
web/delete/backup/index.php Normal file
View File

@@ -0,0 +1,28 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
if ($_SESSION["userContext"] === "admin" && !empty($_GET["user"])) {
$user = quoteshellarg($_GET["user"]);
}
// Check token
verify_csrf($_GET);
if (!empty($_GET["backup"])) {
$v_backup = quoteshellarg($_GET["backup"]);
exec(HESTIA_CMD . "v-delete-user-backup " . $user . " " . $v_backup, $output, $return_var);
}
check_return_code($return_var, $output);
unset($output);
$back = $_SESSION["back"];
if (!empty($back)) {
header("Location: " . $back);
exit();
}
header("Location: /list/backup/");
exit();

18
web/delete/cron/autoupdate/index.php Normal file
View File

@@ -0,0 +1,18 @@
<?php
ob_start();
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check token
verify_csrf($_GET);
if (
($_SESSION["userContext"] === "admin" && $_SESSION["POLICY_SYSTEM_HIDE_SERVICES"] == "no") ||
$_SESSION["user"] == "admin"
) {
exec(HESTIA_CMD . "v-delete-cron-hestia-autoupdate", $output, $return_var);
unset($output);
}
header("Location: /list/updates/");
exit();

29
web/delete/cron/index.php Normal file
View File

@@ -0,0 +1,29 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
if ($_SESSION["userContext"] === "admin" && !empty($_GET["user"])) {
$user = quoteshellarg($_GET["user"]);
}
// Check token
verify_csrf($_GET);
if (!empty($_GET["job"])) {
$v_username = quoteshellarg($user);
$v_job = quoteshellarg($_GET["job"]);
exec(HESTIA_CMD . "v-delete-cron-job " . $user . " " . $v_job, $output, $return_var);
}
check_return_code($return_var, $output);
unset($output);
$back = $_SESSION["back"];
if (!empty($back)) {
header("Location: " . $back);
exit();
}
header("Location: /list/cron/");
exit();

13
web/delete/cron/reports/index.php Normal file
View File

@@ -0,0 +1,13 @@
<?php
ob_start();
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check token
verify_csrf($_GET);
exec(HESTIA_CMD . "v-delete-cron-reports " . $user, $output, $return_var);
unset($output);
header("Location: /list/cron/");
exit();

28
web/delete/db/index.php Normal file
View File

@@ -0,0 +1,28 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
if ($_SESSION["userContext"] === "admin" && !empty($_GET["user"])) {
$user = quoteshellarg($_GET["user"]);
}
// Check token
verify_csrf($_GET);
if (!empty($_GET["database"])) {
$v_database = quoteshellarg($_GET["database"]);
exec(HESTIA_CMD . "v-delete-database " . $user . " " . $v_database, $output, $return_var);
}
check_return_code($return_var, $output);
unset($output);
$back = $_SESSION["back"];
if (!empty($back)) {
header("Location: " . $back);
exit();
}
header("Location: /list/db/");
exit();

63
web/delete/dns/index.php Normal file
View File

@@ -0,0 +1,63 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Delete as someone else?
if ($_SESSION["userContext"] === "admin" && !empty($_GET["user"])) {
$user = quoteshellarg($_GET["user"]);
}
// Check token
verify_csrf($_GET);
// DNS domain
if (!empty($_GET["domain"]) && empty($_GET["record_id"])) {
$v_domain = quoteshellarg($_GET["domain"]);
exec(HESTIA_CMD . "v-delete-dns-domain " . $user . " " . $v_domain, $output, $return_var);
check_return_code($return_var, $output);
unset($output);
$back = $_SESSION["back"];
if (!empty($back)) {
header("Location: " . $back);
exit();
}
header("Location: /list/dns/");
exit();
}
// DNS record
if (!empty($_GET["domain"]) && !empty($_GET["record_id"])) {
$v_domain = quoteshellarg($_GET["domain"]);
$v_record_id = quoteshellarg($_GET["record_id"]);
exec(
HESTIA_CMD . "v-delete-dns-record " . $user . " " . $v_domain . " " . $v_record_id,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
$back = $_SESSION["back"];
if (!empty($back)) {
header("Location: " . $back);
exit();
}
if ($return_var > 0) {
header("Location: /list/dns/");
exit();
} else {
header("Location: /list/dns/?domain=" . $_GET["domain"]);
exit();
}
}
$back = $_SESSION["back"];
if (!empty($back)) {
header("Location: " . $back);
exit();
}
header("Location: /list/dns/");
exit();

32
web/delete/firewall/banlist/index.php Normal file
View File

@@ -0,0 +1,32 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check user
if ($_SESSION["userContext"] != "admin") {
header("Location: /list/user");
exit();
}
// Check token
verify_csrf($_GET);
if (!empty($_GET["ip"]) && !empty($_GET["chain"])) {
$v_ip = quoteshellarg($_GET["ip"]);
$v_chain = quoteshellarg($_GET["chain"]);
exec(HESTIA_CMD . "v-delete-firewall-ban " . $v_ip . " " . $v_chain, $output, $return_var);
}
check_return_code($return_var, $output);
unset($output);
$back = $_SESSION["back"];
if (!empty($back)) {
header("Location: " . $back);
exit();
}
header("Location: /list/firewall/banlist/");
exit();

31
web/delete/firewall/index.php Normal file
View File

@@ -0,0 +1,31 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check user
if ($_SESSION["userContext"] != "admin") {
header("Location: /list/user");
exit();
}
// Check token
verify_csrf($_GET);
if (!empty($_GET["rule"])) {
$v_rule = quoteshellarg($_GET["rule"]);
exec(HESTIA_CMD . "v-delete-firewall-rule " . $v_rule, $output, $return_var);
}
check_return_code($return_var, $output);
unset($output);
$back = $_SESSION["back"];
if (!empty($back)) {
header("Location: " . $back);
exit();
}
header("Location: /list/firewall/");
exit();

35
web/delete/firewall/ipset/index.php Normal file
View File

@@ -0,0 +1,35 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check user
if ($_SESSION["userContext"] != "admin") {
header("Location: /list/user");
exit();
}
// Check token
verify_csrf($_GET);
if (!empty($_GET["listname"])) {
$v_listname = $_GET["listname"];
exec(
HESTIA_CMD . "v-delete-firewall-ipset " . quoteshellarg($v_listname),
$output,
$return_var,
);
}
check_return_code($return_var, $output);
unset($output);
$back = $_SESSION["back"];
if (!empty($back)) {
header("Location: " . $back);
exit();
}
header("Location: /list/firewall/ipset/");
exit();

26
web/delete/ip/index.php Normal file
View File

@@ -0,0 +1,26 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check token
verify_csrf($_GET);
if ($_SESSION["userContext"] === "admin") {
if (!empty($_GET["ip"])) {
$v_ip = quoteshellarg($_GET["ip"]);
exec(HESTIA_CMD . "v-delete-sys-ip " . $v_ip, $output, $return_var);
}
check_return_code($return_var, $output);
unset($output);
}
$back = $_SESSION["back"];
if (!empty($back)) {
header("Location: " . $back);
exit();
}
header("Location: /list/ip/");
exit();

29
web/delete/key/index.php Normal file
View File

@@ -0,0 +1,29 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check token
verify_csrf($_GET);
if ($_SESSION["userContext"] === "admin" && !empty($_GET["user"])) {
$user = quoteshellarg($_GET["user"]);
}
if (!empty($_GET["key"])) {
$v_key = quoteshellarg(trim($_GET["key"]));
exec(HESTIA_CMD . "v-delete-user-ssh-key " . $user . " " . $v_key, $output, $return_var);
check_return_code($return_var, $output);
}
unset($output);
//die();
$back = $_SESSION["back"];
if (!empty($back)) {
header("Location: " . $back);
exit();
}
header("Location: /list/key/");
exit();

60
web/delete/log/auth/index.php Normal file
View File

@@ -0,0 +1,60 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check token
verify_csrf($_GET);
// Check if administrator is viewing system log (currently 'admin' user)
if ($_SESSION["userContext"] === "admin" && isset($_GET["user"])) {
$user = quoteshellarg($_GET["user"]);
$token = $_SESSION["token"];
}
// Clear log
exec(HESTIA_CMD . "v-delete-user-auth-log " . $user, $output, $return_var);
check_return_code($return_var, $output);
unset($output);
$ip = $_SERVER["REMOTE_ADDR"];
if (isset($_SERVER["HTTP_CF_CONNECTING_IP"])) {
if (!empty($_SERVER["HTTP_CF_CONNECTING_IP"])) {
$ip = $_SERVER["HTTP_CF_CONNECTING_IP"];
}
}
$v_ip = quoteshellarg($ip);
$user_agent = $_SERVER["HTTP_USER_AGENT"];
$v_user_agent = quoteshellarg($user_agent);
$v_session_id = quoteshellarg($_SESSION["token"]);
// Add current user session back to log unless impersonating another user
if (!isset($_SESSION["look"])) {
exec(
HESTIA_CMD .
"v-log-user-login " .
$user .
" " .
$v_ip .
" success " .
$v_session_id .
" " .
$v_user_agent,
$output,
$return_var,
);
}
// Flush session messages
unset($_SESSION["error_msg"]);
unset($_SESSION["ok_msg"]);
// Set correct page reload target
if ($_SESSION["userContext"] === "admin" && !empty($_GET["user"])) {
header("Location: /list/log/auth/?user=" . $_GET["user"] . "&token=$token");
} else {
header("Location: /list/log/auth/");
}
exit();

39
web/delete/log/index.php Normal file
View File

@@ -0,0 +1,39 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check token
verify_csrf($_GET);
// Check if administrator is viewing system log (currently 'admin' user)
if ($_SESSION["userContext"] === "admin" && !empty($_GET["user"])) {
$user = quoteshellarg($_GET["user"]);
$token = $_SESSION["token"];
}
// Clear log
exec(HESTIA_CMD . "v-delete-user-log " . $user, $output, $return_var);
check_return_code($return_var, $output);
unset($output);
if ($return_var > 0) {
header("Location: /list/log/");
} else {
// Set correct page reload target
if ($_SESSION["userContext"] === "admin" && !empty($_GET["user"])) {
if ($_GET["user"] != "system") {
header("Location: /list/log/?user=" . $_GET["user"] . "&token=$token");
} else {
header("Location: /list/log/?user=system&token=$token");
}
} else {
header("Location: /list/log/");
}
}
// Flush session messages
unset($_SESSION["error_msg"]);
unset($_SESSION["ok_msg"]);
exit();

65
web/delete/mail/index.php Normal file
View File

@@ -0,0 +1,65 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Delete as someone else?
if ($_SESSION["userContext"] === "admin" && !empty($_GET["user"])) {
$user = quoteshellarg($user);
}
// Check token
verify_csrf($_GET);
// Mail domain
if (!empty($_GET["domain"]) && empty($_GET["account"])) {
$v_username = quoteshellarg($user);
$v_domain = quoteshellarg($_GET["domain"]);
exec(HESTIA_CMD . "v-delete-mail-domain " . $user . " " . $v_domain, $output, $return_var);
check_return_code($return_var, $output);
unset($output);
$back = $_SESSION["back"];
if ($return_var > 0) {
header("Location: /list/mail/");
}
if (!empty($back)) {
header("Location: " . $back);
exit();
}
header("Location: /list/mail/");
exit();
}
// Mail account
if (!empty($_GET["domain"]) && !empty($_GET["account"])) {
$v_domain = quoteshellarg($_GET["domain"]);
$v_account = quoteshellarg($_GET["account"]);
exec(
HESTIA_CMD . "v-delete-mail-account " . $user . " " . $v_domain . " " . $v_account,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
if ($return_var > 0) {
header("Location: /list/mail/");
} else {
$back = $_SESSION["back"];
if (!empty($back)) {
header("Location: " . $back);
exit();
}
header("Location: /list/mail/?domain=" . $_GET["domain"]);
exit();
}
}
$back = $_SESSION["back"];
if (!empty($back)) {
header("Location: " . $back);
exit();
}
header("Location: /list/mail/");
exit();

41
web/delete/notification/index.php Normal file
View File

@@ -0,0 +1,41 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check token
verify_csrf($_GET);
if ($_GET["delete"] == 1) {
if (empty($_GET["notification_id"])) {
exec(HESTIA_CMD . "v-delete-user-notification " . $user . " all", $output, $return_var);
} else {
$v_id = quoteshellarg((int) $_GET["notification_id"]);
exec(
HESTIA_CMD . "v-delete-user-notification " . $user . " " . $v_id,
$output,
$return_var,
);
}
check_return_code($return_var, $output);
unset($output);
} else {
if (empty($_GET["notification_id"])) {
exec(
HESTIA_CMD . "v-acknowledge-user-notification " . $user . " all",
$output,
$return_var,
);
} else {
$v_id = quoteshellarg((int) $_GET["notification_id"]);
exec(
HESTIA_CMD . "v-acknowledge-user-notification " . $user . " " . $v_id,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
}
}
exit();

32
web/delete/package/index.php Normal file
View File

@@ -0,0 +1,32 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check token
verify_csrf($_GET);
// Prevent editing of default package
if ($_GET["package"] === "default") {
header("Location: /list/package/");
exit();
}
if ($_SESSION["userContext"] === "admin") {
if (!empty($_GET["package"])) {
$v_package = quoteshellarg($_GET["package"]);
exec(HESTIA_CMD . "v-delete-user-package " . $v_package, $output, $return_var);
}
check_return_code($return_var, $output);
unset($output);
}
$back = $_SESSION["back"];
if (!empty($back)) {
header("Location: " . $back);
exit();
}
header("Location: /list/package/");
exit();

27
web/delete/user/index.php Normal file
View File

@@ -0,0 +1,27 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check token
verify_csrf($_GET);
if ($_SESSION["userContext"] === "admin") {
if (!empty($_GET["user"])) {
$v_username = quoteshellarg($_GET["user"]);
exec(HESTIA_CMD . "v-delete-user " . $v_username, $output, $return_var);
}
check_return_code($return_var, $output);
unset($_SESSION["look"]);
unset($output);
}
$back = $_SESSION["back"];
if (!empty($back)) {
header("Location: " . $back);
exit();
}
header("Location: /list/user/");
exit();

22
web/delete/web/cache/index.php vendored Normal file
View File

@@ -0,0 +1,22 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check token
verify_csrf($_GET);
// Delete as someone else?
if ($_SESSION["userContext"] === "admin" && !empty($_GET["user"])) {
$user = quoteshellarg($_GET["user"]);
}
if (!empty($_GET["domain"])) {
$v_domain = quoteshellarg($_GET["domain"]);
exec(HESTIA_CMD . "v-purge-nginx-cache " . $user . " " . $v_domain, $output, $return_var);
check_return_code($return_var, $output);
}
$_SESSION["ok_msg"] = _("NGINX cache has been purged successfully.");
header("Location: /edit/web/?domain=" . $_GET["domain"]);
exit();

33
web/delete/web/index.php Normal file
View File

@@ -0,0 +1,33 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check token
verify_csrf($_GET);
// Delete as someone else?
if ($_SESSION["userContext"] === "admin" && !empty($_GET["user"])) {
$user = quoteshellarg($user);
}
if (!empty($_GET["domain"])) {
$v_domain = quoteshellarg($_GET["domain"]);
exec(
HESTIA_CMD . "v-delete-web-domain " . $user . " " . $v_domain . " 'yes'",
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
}
$back = $_SESSION["back"];
if (!empty($back)) {
header("Location: " . $back);
exit();
}
header("Location: /list/web/");
exit();

44
web/download/backup/index.php Normal file
View File

@@ -0,0 +1,44 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check token
verify_csrf($_GET);
$backup = $_GET["backup"];
if (!file_exists("/backup/" . $backup)) {
$backup = quoteshellarg($_GET["backup"]);
exec(
HESTIA_CMD . "v-schedule-user-backup-download " . $user . " " . $backup,
$output,
$return_var,
);
if ($return_var == 0) {
$_SESSION["error_msg"] = _("Download of remote backup file has been scheduled.");
} else {
$_SESSION["error_msg"] = implode("<br>", $output);
if (empty($_SESSION["error_msg"])) {
$_SESSION["error_msg"] = _("Error: Hestia did not return any output.");
}
}
unset($output);
header("Location: /list/backup/");
exit();
} else {
if ($_SESSION["userContext"] === "admin") {
header("Content-type: application/gzip");
header("Content-Disposition: attachment; filename=\"" . $backup . "\";");
header("X-Accel-Redirect: /backup/" . $backup);
}
if (!empty($_SESSION["user"]) && $_SESSION["userContext"] != "admin") {
if (strpos($backup, $_SESSION["user"] . ".") === 0) {
header("Content-type: application/gzip");
header("Content-Disposition: attachment; filename=\"" . $backup . "\";");
header("X-Accel-Redirect: /backup/" . $backup);
}
}
}

18
web/download/database/index.php Normal file
View File

@@ -0,0 +1,18 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check token
verify_csrf($_GET);
$database = quoteshellarg($_GET["database"]);
exec(HESTIA_CMD . "v-dump-database " . $user . " " . $database . " file", $output, $return_var);
if ($return_var == 0) {
header("Content-type: application/sql");
header("Content-Disposition: attachment; filename=" . $output[0]);
header("X-Accel-Redirect: " . $output[1]);
}

18
web/download/site/index.php Normal file
View File

@@ -0,0 +1,18 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check token
verify_csrf($_GET);
$site = quoteshellarg($_GET["site"]);
exec(HESTIA_CMD . "v-dump-site " . $user . " " . $site . " full", $output, $return_var);
if ($return_var == 0) {
header("Content-type: application/zip");
header("Content-Disposition: attachment; filename=" . $output[0]);
header("X-Accel-Redirect: " . $output[1]);
}

42
web/download/web-log/index.php Normal file
View File

@@ -0,0 +1,42 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check token
verify_csrf($_GET);
if ($_GET["type"] == "access") {
$type = "access";
}
if ($_GET["type"] == "error") {
$type = "error";
}
header("Cache-Control: public");
header("Content-Description: File Transfer");
header("Content-Disposition: attachment; filename=" . $_GET["domain"] . "." . $type . "-log.txt");
header("Content-Type: application/octet-stream; ");
header("Content-Transfer-Encoding: binary");
$v_domain = $_GET["domain"];
if ($_GET["type"] == "access") {
$type = "access";
}
if ($_GET["type"] == "error") {
$type = "error";
}
$cmd = implode(" ", [
"/usr/bin/sudo " . quoteshellarg(HESTIA_DIR_BIN . "v-list-web-domain-" . $type . "log"),
// $user is already shell-escaped
$user,
quoteshellarg($v_domain),
"5000",
]);
passthru($cmd, $return_var);
if ($return_var != 0) {
$errstr = "Internal server error: command returned non-zero: {$return_var}: {$cmd}";
echo $errstr;
throw new Exception($errstr); // make sure it ends up in an errorlog somewhere
}

133
web/edit/backup/exclusions/index.php Normal file
View File

@@ -0,0 +1,133 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
$TAB = "BACKUP";
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Edit as someone else?
if ($_SESSION["userContext"] === "admin" && !empty($_GET["user"])) {
$user = quoteshellarg($_GET["user"]);
}
// List backup exclustions
exec(HESTIA_CMD . "v-list-user-backup-exclusions " . $user . " 'json'", $output, $return_var);
check_return_code($return_var, $output);
$data = json_decode(implode("", $output), true);
unset($output);
$v_web = $v_mail = $v_db = $v_userdir = "";
// Parse web
$v_username = $user;
foreach ($data["WEB"] as $key => $value) {
if (!empty($value)) {
$v_web .= $key . ":" . str_replace(",", ":", $value) . "\n";
} else {
$v_web .= $key . "\n";
}
}
// Parse mail
foreach ($data["MAIL"] as $key => $value) {
if (!empty($value)) {
$v_mail .= $key . ":" . $value . "\n";
} else {
$v_mail .= $key . "\n";
}
}
// Parse databases
foreach ($data["DB"] as $key => $value) {
if (!empty($value)) {
$v_db .= $key . ":" . $value . "\n";
} else {
$v_db .= $key . "\n";
}
}
// Parse user directories
foreach ($data["USER"] as $key => $value) {
if (!empty($value)) {
$v_userdir .= $key . ":" . $value . "\n";
} else {
$v_userdir .= $key . "\n";
}
}
// Check POST request
if (!empty($_POST["save"])) {
// Check token
verify_csrf($_POST);
$v_web = $_POST["v_web"] ?? "";
$v_web_tmp = str_replace("\r\n", ",", $_POST["v_web"]);
$v_web_tmp = rtrim($v_web_tmp, ",");
$v_web_tmp = "WEB=" . quoteshellarg($v_web_tmp);
$v_dns = $_POST["v_dns"] ?? "";
$v_dns_tmp = str_replace("\r\n", ",", $_POST["v_dns"]);
$v_dns_tmp = rtrim($v_dns_tmp, ",");
$v_dns_tmp = "DNS=" . quoteshellarg($v_dns_tmp);
$v_mail = $_POST["v_mail"] ?? "";
$v_mail_tmp = str_replace("\r\n", ",", $_POST["v_mail"]);
$v_mail_tmp = rtrim($v_mail_tmp, ",");
$v_mail_tmp = "MAIL=" . quoteshellarg($v_mail_tmp);
$v_db = $_POST["v_db"] ?? "";
$v_db_tmp = str_replace("\r\n", ",", $_POST["v_db"]);
$v_db_tmp = rtrim($v_db_tmp, ",");
$v_db_tmp = "DB=" . quoteshellarg($v_db_tmp);
$v_cron = $_POST["v_cron"] ?? "";
$v_cron_tmp = str_replace("\r\n", ",", $_POST["v_cron"]);
$v_cron_tmp = rtrim($v_cron_tmp, ",");
$v_cron_tmp = "CRON=" . quoteshellarg($v_cron_tmp);
$v_userdir = $_POST["v_userdir"] ?? "";
$v_userdir_tmp = str_replace("\r\n", ",", $_POST["v_userdir"]);
$v_userdir_tmp = rtrim($v_userdir_tmp, ",");
$v_userdir_tmp = "USER=" . quoteshellarg($v_userdir_tmp);
// Create temporary exeption list on a filesystem
exec("mktemp", $mktemp_output, $return_var);
$tmp = $mktemp_output[0];
$fp = fopen($tmp, "w");
fwrite(
$fp,
$v_web_tmp .
"\n" .
$v_dns_tmp .
"\n" .
$v_mail_tmp .
"\n" .
$v_db_tmp .
"\n" .
$v_userdir_tmp .
"\n",
);
fclose($fp);
unset($mktemp_output);
// Save changes
exec(
HESTIA_CMD . "v-update-user-backup-exclusions " . $user . " " . $tmp,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
// Set success message
if (empty($_SESSION["error_msg"])) {
$_SESSION["ok_msg"] = _("Changes have been saved.");
}
}
// Render page
render_page($user, $TAB, "edit_backup_exclusions");
// Flush session messages
unset($_SESSION["error_msg"]);
unset($_SESSION["ok_msg"]);

98
web/edit/cron/index.php Normal file
View File

@@ -0,0 +1,98 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
$TAB = "CRON";
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Edit as someone else?
if ($_SESSION["userContext"] === "admin" && !empty($_GET["user"])) {
$user = quoteshellarg($_GET["user"]);
}
// Check job id
if (empty($_GET["job"])) {
header("Location: /list/cron/");
exit();
}
// List cron job
$v_job = quoteshellarg($_GET["job"]);
exec(HESTIA_CMD . "v-list-cron-job " . $user . " " . $v_job . " 'json'", $output, $return_var);
check_return_code_redirect($return_var, $output, "/list/cron/");
$data = json_decode(implode("", $output), true);
unset($output);
// Parse cron job
$v_username = $user;
$v_job = $_GET["job"];
$v_min = $data[$v_job]["MIN"];
$v_hour = $data[$v_job]["HOUR"];
$v_day = $data[$v_job]["DAY"];
$v_month = $data[$v_job]["MONTH"];
$v_wday = $data[$v_job]["WDAY"];
$v_cmd = $data[$v_job]["CMD"];
$v_date = $data[$v_job]["DATE"];
$v_time = $data[$v_job]["TIME"];
$v_suspended = $data[$v_job]["SUSPENDED"];
if ($v_suspended == "yes") {
$v_status = "suspended";
} else {
$v_status = "active";
}
// Check POST request
if (!empty($_POST["save"])) {
// Check token
verify_csrf($_POST);
$v_username = $user;
$v_job = quoteshellarg($_GET["job"]);
$v_min = quoteshellarg($_POST["v_min"]);
$v_hour = quoteshellarg($_POST["v_hour"]);
$v_day = quoteshellarg($_POST["v_day"]);
$v_month = quoteshellarg($_POST["v_month"]);
$v_wday = quoteshellarg($_POST["v_wday"]);
$v_cmd = quoteshellarg($_POST["v_cmd"]);
// Save changes
exec(
HESTIA_CMD .
"v-change-cron-job " .
$user .
" " .
$v_job .
" " .
$v_min .
" " .
$v_hour .
" " .
$v_day .
" " .
$v_month .
" " .
$v_wday .
" " .
$v_cmd,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
$v_cmd = $_POST["v_cmd"];
// Set success message
if (empty($_SESSION["error_msg"])) {
$_SESSION["ok_msg"] = _("Changes have been saved.");
}
}
// Render page
render_page($user, $TAB, "edit_cron");
// Flush session messages
unset($_SESSION["error_msg"]);
unset($_SESSION["ok_msg"]);

114
web/edit/db/index.php Normal file
View File

@@ -0,0 +1,114 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
$TAB = "DB";
// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check database id
if (empty($_GET["database"])) {
header("Location: /list/db/");
exit();
}
// Edit as someone else?
if ($_SESSION["userContext"] === "admin" && !empty($_GET["user"])) {
$user = quoteshellarg($_GET["user"]);
$user_plain = htmlentities($_GET["user"]);
}
// List datbase
$v_database = $_GET["database"];
exec(
HESTIA_CMD . "v-list-database " . $user . " " . quoteshellarg($v_database) . " 'json'",
$output,
$return_var,
);
check_return_code_redirect($return_var, $output, "/list/db/");
$data = json_decode(implode("", $output), true);
unset($output);
// Parse database
$v_username = $user;
$v_dbuser = preg_replace("/^" . $user_plain . "_/", "", $data[$v_database]["DBUSER"]);
$v_password = "";
$v_host = $data[$v_database]["HOST"];
$v_type = $data[$v_database]["TYPE"];
$v_charset = $data[$v_database]["CHARSET"];
$v_date = $data[$v_database]["DATE"];
$v_time = $data[$v_database]["TIME"];
$v_suspended = $data[$v_database]["SUSPENDED"];
if ($v_suspended == "yes") {
$v_status = "suspended";
} else {
$v_status = "active";
}
// Check POST request
if (!empty($_POST["save"])) {
$v_username = $user;
// Check token
verify_csrf($_POST);
// Change database user
if ($v_dbuser != $_POST["v_dbuser"] && empty($_SESSION["error_msg"])) {
$cmd = implode(" ", [
HESTIA_CMD . "v-change-database-user",
// $user is already shell-quoted
$user,
quoteshellarg($v_database),
quoteshellarg($_POST["v_dbuser"]),
]);
exec($cmd, $output, $return_var);
check_return_code($return_var, $output);
unset($output);
}
// Change database password
if (!empty($_POST["v_password"]) && empty($_SESSION["error_msg"])) {
if (!validate_password($_POST["v_password"])) {
$_SESSION["error_msg"] = _("Password does not match the minimum requirements.");
} else {
$v_password = tempnam("/tmp", "vst");
$fp = fopen($v_password, "w");
fwrite($fp, $_POST["v_password"] . "\n");
fclose($fp);
exec(
HESTIA_CMD .
"v-change-database-password " .
$user .
" " .
quoteshellarg($v_database) .
" " .
$v_password,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
unlink($v_password);
$v_password = quoteshellarg($_POST["v_password"]);
}
}
// Set success message
if (empty($_SESSION["error_msg"])) {
$_SESSION["ok_msg"] = _("Changes have been saved.");
}
// if the mysql username was changed, render_page() below will render with the OLD mysql username,
// to prvent that, make the browser refresh the page.
http_response_code(303);
header("Location: " . $_SERVER["REQUEST_URI"]);
die();
}
// Render page
render_page($user, $TAB, "edit_db");
// Flush session messages
unset($_SESSION["error_msg"]);
unset($_SESSION["ok_msg"]);

355
web/edit/dns/index.php Normal file
View File

@@ -0,0 +1,355 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
$TAB = "DNS";
// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check domain name
if (empty($_GET["domain"])) {
header("Location: /list/dns/");
exit();
}
// Edit as someone else?
if ($_SESSION["userContext"] === "admin" && !empty($_GET["user"])) {
$user = quoteshellarg($_GET["user"]);
$user_plain = htmlentities($_GET["user"]);
}
// List ip addresses
exec(HESTIA_CMD . "v-list-user-ips " . $user . " json", $output, $return_var);
$v_ips = json_decode(implode("", $output), true);
unset($output);
// List dns domain
if (!empty($_GET["domain"]) && empty($_GET["record_id"])) {
$v_domain = quoteshellarg($_GET["domain"]);
exec(
HESTIA_CMD . "v-list-dns-domain " . $user . " " . $v_domain . " json",
$output,
$return_var,
);
check_return_code_redirect($return_var, $output, "/list/dns/");
$data = json_decode(implode("", $output), true);
unset($output);
// Parse dns domain
$v_username = $user;
$v_domain = $_GET["domain"];
$v_ip = $data[$v_domain]["IP"];
$v_template = $data[$v_domain]["TPL"];
$v_ttl = $data[$v_domain]["TTL"];
$v_dnssec = $data[$v_domain]["DNSSEC"];
$v_exp = $data[$v_domain]["EXP"];
$v_soa = $data[$v_domain]["SOA"];
$v_date = $data[$v_domain]["DATE"];
$v_time = $data[$v_domain]["TIME"];
$v_suspended = $data[$v_domain]["SUSPENDED"];
if ($v_suspended == "yes") {
$v_status = "suspended";
} else {
$v_status = "active";
}
// List dns templates
exec(HESTIA_CMD . "v-list-dns-templates json", $output, $return_var);
$templates = json_decode(implode("", $output), true);
unset($output);
}
// List dns record
if (!empty($_GET["domain"]) && !empty($_GET["record_id"])) {
$v_domain = quoteshellarg($_GET["domain"]);
$v_record_id = quoteshellarg($_GET["record_id"]);
exec(
HESTIA_CMD . "v-list-dns-records " . $user . " " . $v_domain . " 'json'",
$output,
$return_var,
);
check_return_code_redirect($return_var, $output, "/list/dns/");
$data = json_decode(implode("", $output), true);
unset($output);
// Parse dns record
$v_username = $user;
$v_domain = $_GET["domain"];
$v_record_id = $_GET["record_id"];
$v_rec = $data[$v_record_id]["RECORD"];
$v_type = $data[$v_record_id]["TYPE"];
$v_val = $data[$v_record_id]["VALUE"];
$v_priority = $data[$v_record_id]["PRIORITY"];
$v_suspended = $data[$v_record_id]["SUSPENDED"];
if ($v_suspended == "yes") {
$v_status = "suspended";
} else {
$v_status = "active";
}
$v_date = $data[$v_record_id]["DATE"];
$v_time = $data[$v_record_id]["TIME"];
$v_ttl = $data[$v_record_id]["TTL"];
}
// Check POST request for dns domain
if (!empty($_POST["save"]) && !empty($_GET["domain"]) && empty($_GET["record_id"])) {
$v_domain = quoteshellarg($_POST["v_domain"]);
// Check token
verify_csrf($_POST);
// Change domain IP
if ($v_ip != $_POST["v_ip"] && empty($_SESSION["error_msg"])) {
$v_ip = quoteshellarg($_POST["v_ip"]);
exec(
HESTIA_CMD .
"v-change-dns-domain-ip " .
$user .
" " .
$v_domain .
" " .
$v_ip .
" 'no'",
$output,
$return_var,
);
check_return_code($return_var, $output);
$restart_dns = "yes";
unset($output);
}
// Change domain template
if ($v_template != $_POST["v_template"] && empty($_SESSION["error_msg"])) {
$v_template = quoteshellarg($_POST["v_template"]);
exec(
HESTIA_CMD .
"v-change-dns-domain-tpl " .
$user .
" " .
$v_domain .
" " .
$v_template .
" 'no'",
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
$restart_dns = "yes";
}
// Change SOA record
if ($v_soa != $_POST["v_soa"] && empty($_SESSION["error_msg"])) {
$v_soa = quoteshellarg($_POST["v_soa"]);
exec(
HESTIA_CMD .
"v-change-dns-domain-soa " .
$user .
" " .
$v_domain .
" " .
$v_soa .
" 'no'",
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
$restart_dns = "yes";
}
// Change expiration date
if ($v_exp != $_POST["v_exp"] && empty($_SESSION["error_msg"])) {
$v_exp = quoteshellarg($_POST["v_exp"]);
exec(
HESTIA_CMD .
"v-change-dns-domain-exp " .
$user .
" " .
$v_domain .
" " .
$v_exp .
" 'no'",
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
}
// Change domain ttl
if ($v_ttl != $_POST["v_ttl"] && empty($_SESSION["error_msg"])) {
$v_ttl = quoteshellarg($_POST["v_ttl"]);
exec(
HESTIA_CMD .
"v-change-dns-domain-ttl " .
$user .
" " .
$v_domain .
" " .
$v_ttl .
" 'no'",
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
$restart_dns = "yes";
}
// Change domain dnssec
if ($_POST["v_dnssec"] == "" && $v_dnssec == "yes" && empty($_SESSION["error_msg"])) {
exec(
HESTIA_CMD . "v-change-dns-domain-dnssec " . $user . " " . $v_domain . " 'no'",
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
$v_dnssec = "no";
$restart_dns = "yes";
}
// Change domain dnssec
if ($_POST["v_dnssec"] == "yes" && $v_dnssec !== "yes" && empty($_SESSION["error_msg"])) {
exec(
HESTIA_CMD . "v-change-dns-domain-dnssec " . $user . " " . $v_domain . " 'yes'",
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
$v_dnssec = "yes";
$restart_dns = "yes";
}
// Restart dns server
if (!empty($restart_dns) && empty($_SESSION["error_msg"])) {
exec(HESTIA_CMD . "v-restart-dns", $output, $return_var);
check_return_code($return_var, $output);
unset($output);
}
// Set success message
if (empty($_SESSION["error_msg"])) {
$_SESSION["ok_msg"] = _("Changes have been saved.");
}
// Restart dns server
if (empty($_SESSION["error_msg"])) {
exec(HESTIA_CMD . "v-restart-dns", $output, $return_var);
check_return_code($return_var, $output);
unset($output);
}
}
// Check POST request for dns record
if (!empty($_POST["save"]) && !empty($_GET["domain"]) && !empty($_GET["record_id"])) {
// Check token
verify_csrf($_POST);
// Protect input
$v_domain = quoteshellarg($_POST["v_domain"]);
$v_record_id = quoteshellarg($_POST["v_record_id"]);
// Change dns record
if (
$v_rec != $_POST["v_rec"] ||
$v_type != $_POST["v_type"] ||
$v_val != $_POST["v_val"] ||
$v_priority != $_POST["v_priority"] ||
($v_ttl != $_POST["v_ttl"] && empty($_SESSION["error_msg"]))
) {
$v_rec = quoteshellarg($_POST["v_rec"]);
$v_type = quoteshellarg($_POST["v_type"]);
$v_val = quoteshellarg($_POST["v_val"]);
$v_priority = quoteshellarg($_POST["v_priority"]);
$v_ttl = quoteshellarg($_POST["v_ttl"]);
exec(
HESTIA_CMD .
"v-change-dns-record " .
$user .
" " .
$v_domain .
" " .
$v_record_id .
" " .
$v_rec .
" " .
$v_type .
" " .
$v_val .
" " .
$v_priority .
" yes " .
$v_ttl,
$output,
$return_var,
);
check_return_code($return_var, $output);
$v_rec = $_POST["v_rec"];
$v_type = $_POST["v_type"];
$v_val = $_POST["v_val"];
unset($output);
$restart_dns = "yes";
}
// Change dns record id
if ($_GET["record_id"] != $_POST["v_record_id"] && empty($_SESSION["error_msg"])) {
$v_old_record_id = quoteshellarg($_GET["record_id"]);
exec(
HESTIA_CMD .
"v-change-dns-record-id " .
$user .
" " .
$v_domain .
" " .
$v_old_record_id .
" " .
$v_record_id,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
$restart_dns = "yes";
}
// Restart dns server
if (!empty($restart_dns) && empty($_SESSION["error_msg"])) {
exec(HESTIA_CMD . "v-restart-dns", $output, $return_var);
check_return_code($return_var, $output);
unset($output);
}
// Set success message
if (empty($_SESSION["error_msg"])) {
$_SESSION["ok_msg"] = _("Changes have been saved.");
}
// Change url if record id was changed
if (empty($_SESSION["error_msg"]) && $_GET["record_id"] != $_POST["v_record_id"]) {
header(
"Location: /edit/dns/?domain=" .
$_GET["domain"] .
"&record_id=" .
$_POST["v_record_id"],
);
exit();
}
}
// Render page
if (empty($_GET["record_id"])) {
// Display body for dns domain
render_page($user, $TAB, "edit_dns");
} else {
if (empty($data[$_GET["record_id"]])) {
header("Location: /list/dns/");
$_SESSION["error_msg"] = _("Error: unknown record ID.");
}
// Display body for dns record
render_page($user, $TAB, "edit_dns_rec");
}
// Flush session messages
unset($_SESSION["error_msg"]);
unset($_SESSION["ok_msg"]);

153
web/edit/firewall/index.php Normal file
View File

@@ -0,0 +1,153 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
$TAB = "FIREWALL";
// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check user
if ($_SESSION["userContext"] != "admin") {
header("Location: /list/user");
exit();
}
// Check ip argument
if (empty($_GET["rule"])) {
header("Location: /list/firewall/");
exit();
}
// List rule
$v_rule = quoteshellarg($_GET["rule"]);
exec(HESTIA_CMD . "v-list-firewall-rule " . $v_rule . " 'json'", $output, $return_var);
check_return_code_redirect($return_var, $output, "/list/firewall");
$data = json_decode(implode("", $output), true);
unset($output);
// Parse rule
$v_rule = $_GET["rule"];
$v_action = $data[$v_rule]["ACTION"];
$v_protocol = $data[$v_rule]["PROTOCOL"];
$v_port = $data[$v_rule]["PORT"];
$v_ip = $data[$v_rule]["IP"];
$v_comment = $data[$v_rule]["COMMENT"];
$v_date = $data[$v_rule]["DATE"];
$v_time = $data[$v_rule]["TIME"];
$v_suspended = $data[$v_rule]["SUSPENDED"];
if ($v_suspended == "yes") {
$v_status = "suspended";
} else {
$v_status = "active";
}
// Get ipset lists
exec(HESTIA_CMD . "v-list-firewall-ipset 'json'", $output, $return_var);
check_return_code($return_var, $output);
$data = json_decode(implode("", $output), true);
unset($output);
$ipset_lists = [];
foreach ($data as $key => $value) {
if (isset($value["SUSPENDED"]) && $value["SUSPENDED"] === "yes") {
continue;
}
if (isset($value["IP_VERSION"]) && $value["IP_VERSION"] !== "v4") {
continue;
}
array_push($ipset_lists, ["name" => $key]);
}
$ipset_lists_json = json_encode($ipset_lists);
// Check POST request
if (!empty($_POST["save"])) {
// Check token
verify_csrf($_POST);
// Check empty fields
if (empty($_POST["v_action"])) {
$errors[] = _("Action");
}
if (empty($_POST["v_protocol"])) {
$errors[] = _("Protocol");
}
if (empty($_POST["v_port"]) && strlen($_POST["v_port"]) == 0) {
$errors[] = _("Port");
}
if (empty($_POST["v_ip"])) {
$errors[] = _("IP Address");
}
if (!empty($errors[0])) {
foreach ($errors as $i => $error) {
if ($i == 0) {
$error_msg = $error;
} else {
$error_msg = $error_msg . ", " . $error;
}
}
$_SESSION["error_msg"] = sprintf(_('Field "%s" can not be blank.'), $error_msg);
}
if (empty($_SESSION["error_msg"])) {
$v_rule = quoteshellarg($_GET["rule"]);
$v_action = quoteshellarg($_POST["v_action"]);
$v_protocol = quoteshellarg($_POST["v_protocol"]);
$v_port = str_replace(" ", ",", $_POST["v_port"]);
$v_port = preg_replace("/\,+/", ",", $v_port);
$v_port = trim($v_port, ",");
$v_port = quoteshellarg($v_port);
$v_ip = quoteshellarg($_POST["v_ip"]);
$v_comment = quoteshellarg($_POST["v_comment"]);
// Change Status
exec(
HESTIA_CMD .
"v-change-firewall-rule " .
$v_rule .
" " .
$v_action .
" " .
$v_ip .
" " .
$v_port .
" " .
$v_protocol .
" " .
$v_comment,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
$v_rule = $_GET["v_rule"];
$v_action = $_POST["v_action"];
$v_protocol = $_POST["v_protocol"];
$v_port = str_replace(" ", ",", $_POST["v_port"]);
$v_port = preg_replace("/\,+/", ",", $v_port);
$v_port = trim($v_port, ",");
$v_ip = $_POST["v_ip"];
$v_comment = $_POST["v_comment"];
// Set success message
if (empty($_SESSION["error_msg"])) {
$_SESSION["ok_msg"] = _("Changes have been saved.");
}
} else {
$v_rule = $_GET["v_rule"];
$v_action = $_POST["v_action"];
$v_protocol = $_POST["v_protocol"];
$v_port = str_replace(" ", ",", $_POST["v_port"]);
$v_port = preg_replace("/\,+/", ",", $v_port);
$v_port = trim($v_port, ",");
$v_ip = $_POST["v_ip"];
$v_comment = $_POST["v_comment"];
}
}
// Render page
render_page($user, $TAB, "edit_firewall");
// Flush session messages
unset($_SESSION["error_msg"]);
unset($_SESSION["ok_msg"]);

106
web/edit/ip/index.php Normal file
View File

@@ -0,0 +1,106 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
$TAB = "IP";
// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check user
if ($_SESSION["userContext"] != "admin") {
header("Location: /list/user");
exit();
}
// Check ip argument
if (empty($_GET["ip"])) {
header("Location: /list/ip/");
exit();
}
// List ip
$v_ip = quoteshellarg($_GET["ip"]);
exec(HESTIA_CMD . "v-list-sys-ip " . $v_ip . " 'json'", $output, $return_var);
check_return_code_redirect($return_var, $output, "/list/ip");
$data = json_decode(implode("", $output), true);
unset($output);
// Parse ip
$v_username = $user;
$v_ip = $_GET["ip"];
$v_netmask = $data[$v_ip]["NETMASK"];
$v_interface = $data[$v_ip]["INTERFACE"];
$v_name = $data[$v_ip]["NAME"];
$v_nat = $data[$v_ip]["NAT"];
$v_ipstatus = $data[$v_ip]["STATUS"];
if ($v_ipstatus == "dedicated") {
$v_dedicated = "yes";
}
$v_owner = $data[$v_ip]["OWNER"];
$v_date = $data[$v_ip]["DATE"];
$v_time = $data[$v_ip]["TIME"];
// List users
exec(HESTIA_CMD . "v-list-sys-users 'json'", $output, $return_var);
$users = json_decode(implode("", $output), true);
unset($output);
// Check POST request
if (!empty($_POST["save"])) {
// Check token
verify_csrf($_POST);
$v_ip = quoteshellarg($_POST["v_ip"]);
// Change Status
if ($v_ipstatus == "shared" && empty($_POST["v_shared"]) && empty($_SESSION["error_msg"])) {
exec(HESTIA_CMD . "v-change-sys-ip-status " . $v_ip . " 'dedicated'", $output, $return_var);
check_return_code($return_var, $output);
unset($output);
$v_dedicated = "yes";
}
if ($v_ipstatus == "dedicated" && !empty($_POST["v_shared"]) && empty($_SESSION["error_msg"])) {
exec(HESTIA_CMD . "v-change-sys-ip-status " . $v_ip . " 'shared'", $output, $return_var);
check_return_code($return_var, $output);
unset($output);
unset($v_dedicated);
}
// Change owner
if ($v_owner != $_POST["v_owner"] && empty($_SESSION["error_msg"])) {
$v_owner = quoteshellarg($_POST["v_owner"]);
exec(HESTIA_CMD . "v-change-sys-ip-owner " . $v_ip . " " . $v_owner, $output, $return_var);
check_return_code($return_var, $output);
$v_owner = $_POST["v_owner"];
unset($output);
}
// Change associated domain
if ($v_name != $_POST["v_name"] && empty($_SESSION["error_msg"])) {
$v_name = quoteshellarg($_POST["v_name"]);
exec(HESTIA_CMD . "v-change-sys-ip-name " . $v_ip . " " . $v_name, $output, $return_var);
check_return_code($return_var, $output);
unset($output);
}
// Change NAT address
if ($v_nat != $_POST["v_nat"] && empty($_SESSION["error_msg"])) {
$v_nat = quoteshellarg($_POST["v_nat"]);
exec(HESTIA_CMD . "v-change-sys-ip-nat " . $v_ip . " " . $v_nat, $output, $return_var);
check_return_code($return_var, $output);
unset($output);
}
// Set success message
if (empty($_SESSION["error_msg"])) {
$_SESSION["ok_msg"] = _("Changes have been saved.");
}
}
// Render page
render_page($user, $TAB, "edit_ip");
// Flush session messages
unset($_SESSION["error_msg"]);
unset($_SESSION["ok_msg"]);

1181
web/edit/mail/index.php Normal file
View File

File diff suppressed because it is too large Load Diff

336
web/edit/package/index.php Normal file
View File

@@ -0,0 +1,336 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
$TAB = "PACKAGE";
// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check user
if ($_SESSION["userContext"] != "admin") {
header("Location: /list/user");
exit();
}
// Check package argument
if (empty($_GET["package"])) {
header("Location: /list/package/");
exit();
}
// Prevent editing of system package
if ($_GET["package"] === "system") {
header("Location: /list/package/");
exit();
}
// List package
$v_package = quoteshellarg($_GET["package"]);
exec(HESTIA_CMD . "v-list-user-package " . $v_package . " 'json'", $output, $return_var);
check_return_code_redirect($return_var, $output, "/list/package/");
$data = json_decode(implode("", $output), true);
unset($output);
// Parse package
$v_package = $_GET["package"];
$v_package_new = $_GET["package"];
$v_web_template = $data[$v_package]["WEB_TEMPLATE"];
$v_backend_template = $data[$v_package]["BACKEND_TEMPLATE"];
$v_proxy_template = $data[$v_package]["PROXY_TEMPLATE"];
$v_dns_template = $data[$v_package]["DNS_TEMPLATE"];
$v_web_domains = $data[$v_package]["WEB_DOMAINS"];
$v_web_aliases = $data[$v_package]["WEB_ALIASES"];
$v_dns_domains = $data[$v_package]["DNS_DOMAINS"];
$v_dns_records = $data[$v_package]["DNS_RECORDS"];
$v_mail_domains = $data[$v_package]["MAIL_DOMAINS"];
$v_mail_accounts = $data[$v_package]["MAIL_ACCOUNTS"];
$v_ratelimit = $data[$v_package]["RATE_LIMIT"];
$v_databases = $data[$v_package]["DATABASES"];
$v_cron_jobs = $data[$v_package]["CRON_JOBS"];
$v_disk_quota = $data[$v_package]["DISK_QUOTA"];
$v_bandwidth = $data[$v_package]["BANDWIDTH"];
$v_shell = $data[$v_package]["SHELL"];
$v_ns = $data[$v_package]["NS"];
$nameservers = explode(",", $v_ns);
if (empty($nameservers[0])) {
$v_ns1 = "";
} else {
$v_ns1 = $nameservers[0];
}
if (empty($nameservers[1])) {
$v_ns2 = "";
} else {
$v_ns2 = $nameservers[1];
}
if (empty($nameservers[2])) {
$v_ns3 = "";
} else {
$v_ns3 = $nameservers[2];
}
if (empty($nameservers[3])) {
$v_ns4 = "";
} else {
$v_ns4 = $nameservers[3];
}
if (empty($nameservers[4])) {
$v_ns5 = "";
} else {
$v_ns5 = $nameservers[4];
}
if (empty($nameservers[5])) {
$v_ns6 = "";
} else {
$v_ns6 = $nameservers[5];
}
if (empty($nameservers[6])) {
$v_ns7 = "";
} else {
$v_ns7 = $nameservers[6];
}
if (empty($nameservers[7])) {
$v_ns8 = "";
} else {
$v_ns8 = $nameservers[7];
}
$v_backups = $data[$v_package]["BACKUPS"];
$v_date = $data[$v_package]["DATE"];
$v_time = $data[$v_package]["TIME"];
$v_status = "active";
// List web templates
exec(HESTIA_CMD . "v-list-web-templates json", $output, $return_var);
$web_templates = json_decode(implode("", $output), true);
unset($output);
// List backend templates
if (!empty($_SESSION["WEB_BACKEND"])) {
exec(HESTIA_CMD . "v-list-web-templates-backend json", $output, $return_var);
$backend_templates = json_decode(implode("", $output), true);
unset($output);
}
// List proxy templates
if (!empty($_SESSION["PROXY_SYSTEM"])) {
exec(HESTIA_CMD . "v-list-web-templates-proxy json", $output, $return_var);
$proxy_templates = json_decode(implode("", $output), true);
unset($output);
}
// List dns templates
exec(HESTIA_CMD . "v-list-dns-templates json", $output, $return_var);
$dns_templates = json_decode(implode("", $output), true);
unset($output);
// List shels
exec(HESTIA_CMD . "v-list-sys-shells json", $output, $return_var);
$shells = json_decode(implode("", $output), true);
unset($output);
// Check POST request
if (!empty($_POST["save"])) {
// Check token
verify_csrf($_POST);
// Check empty fields
if (empty($_POST["v_package"])) {
$errors[] = _("Package");
}
if (empty($_POST["v_web_template"])) {
$errors[] = _("Web Template");
}
if (!empty($_SESSION["WEB_BACKEND"])) {
if (empty($_POST["v_backend_template"])) {
$errors[] = _("Backend Template");
}
}
if (!empty($_SESSION["PROXY_SYSTEM"])) {
if (empty($_POST["v_proxy_template"])) {
$errors[] = _("Proxy Template");
}
}
if (empty($_POST["v_dns_template"])) {
$errors[] = _("DNS Template");
}
if (empty($_POST["v_shell"])) {
$errrors[] = _("Shell");
}
if (!isset($_POST["v_web_domains"])) {
$errors[] = _("Web Domains");
}
if (!isset($_POST["v_web_aliases"])) {
$errors[] = _("Web Aliases");
}
if (!isset($_POST["v_dns_domains"])) {
$errors[] = _("DNS Zones");
}
if (!isset($_POST["v_dns_records"])) {
$errors[] = _("DNS Records");
}
if (!isset($_POST["v_mail_domains"])) {
$errors[] = _("Mail Domains");
}
if (!isset($_POST["v_mail_accounts"])) {
$errors[] = _("Mail Accounts");
}
if (!isset($_POST["v_ratelimit"])) {
$errors[] = _("Rate Limit");
}
if (!isset($_POST["v_databases"])) {
$errors[] = _("Databases");
}
if (!isset($_POST["v_cron_jobs"])) {
$errors[] = _("Cron Jobs");
}
if (!isset($_POST["v_backups"])) {
$errors[] = _("Backups");
}
if (!isset($_POST["v_disk_quota"])) {
$errors[] = _("Quota");
}
if (!isset($_POST["v_bandwidth"])) {
$errors[] = _("Bandwidth");
}
// Check if name server entries are blank if DNS server is installed
if (isset($_SESSION["DNS_SYSTEM"]) && !empty($_SESSION["DNS_SYSTEM"])) {
if (empty($_POST["v_ns1"])) {
$errors[] = _("Nameserver 1");
}
if (empty($_POST["v_ns2"])) {
$errors[] = _("Nameserver 2");
}
}
if (!empty($errors[0])) {
foreach ($errors as $i => $error) {
if ($i == 0) {
$error_msg = $error;
} else {
$error_msg = $error_msg . ", " . $error;
}
}
$_SESSION["error_msg"] = sprintf(_('Field "%s" can not be blank.'), $error_msg);
}
// Protect input
$v_package = quoteshellarg($_POST["v_package"]);
$v_package_new = quoteshellarg($_POST["v_package_new"]);
$v_web_template = quoteshellarg($_POST["v_web_template"]);
if (!empty($_SESSION["WEB_BACKEND"])) {
$v_backend_template = quoteshellarg($_POST["v_backend_template"]);
}
if (!empty($_SESSION["PROXY_SYSTEM"])) {
$v_proxy_template = quoteshellarg($_POST["v_proxy_template"]);
}
$v_dns_template = quoteshellarg($_POST["v_dns_template"]);
if (!empty($_POST["v_shell"])) {
$v_shell = quoteshellarg($_POST["v_shell"]);
} else {
$v_shell = "nologin";
}
$v_web_domains = quoteshellarg($_POST["v_web_domains"]);
$v_web_aliases = quoteshellarg($_POST["v_web_aliases"]);
$v_dns_domains = quoteshellarg($_POST["v_dns_domains"]);
$v_dns_records = quoteshellarg($_POST["v_dns_records"]);
$v_mail_domains = quoteshellarg($_POST["v_mail_domains"]);
$v_mail_accounts = quoteshellarg($_POST["v_mail_accounts"]);
$v_ratelimit = quoteshellarg($_POST["v_ratelimit"]);
$v_databases = quoteshellarg($_POST["v_databases"]);
$v_cron_jobs = quoteshellarg($_POST["v_cron_jobs"]);
$v_backups = quoteshellarg($_POST["v_backups"]);
$v_disk_quota = quoteshellarg($_POST["v_disk_quota"]);
$v_bandwidth = quoteshellarg($_POST["v_bandwidth"]);
$v_ns1 = !empty($_POST["v_ns1"]) ? trim($_POST["v_ns1"], ".") : "";
$v_ns2 = !empty($_POST["v_ns2"]) ? trim($_POST["v_ns2"], ".") : "";
$v_ns3 = !empty($_POST["v_ns3"]) ? trim($_POST["v_ns3"], ".") : "";
$v_ns4 = !empty($_POST["v_ns4"]) ? trim($_POST["v_ns4"], ".") : "";
$v_ns5 = !empty($_POST["v_ns5"]) ? trim($_POST["v_ns5"], ".") : "";
$v_ns6 = !empty($_POST["v_ns6"]) ? trim($_POST["v_ns6"], ".") : "";
$v_ns7 = !empty($_POST["v_ns7"]) ? trim($_POST["v_ns7"], ".") : "";
$v_ns8 = !empty($_POST["v_ns8"]) ? trim($_POST["v_ns8"], ".") : "";
$v_ns = $v_ns1 . "," . $v_ns2;
if (!empty($v_ns3)) {
$v_ns .= "," . $v_ns3;
}
if (!empty($v_ns4)) {
$v_ns .= "," . $v_ns4;
}
if (!empty($v_ns5)) {
$v_ns .= "," . $v_ns5;
}
if (!empty($v_ns6)) {
$v_ns .= "," . $v_ns6;
}
if (!empty($v_ns7)) {
$v_ns .= "," . $v_ns7;
}
if (!empty($v_ns8)) {
$v_ns .= "," . $v_ns8;
}
$v_ns = quoteshellarg($v_ns);
$v_time = quoteshellarg(date("H:i:s"));
$v_date = quoteshellarg(date("Y-m-d"));
// Save package file on a fs
$pkg = "WEB_TEMPLATE=" . $v_web_template . "\n";
$pkg .= "BACKEND_TEMPLATE=" . $v_backend_template . "\n";
$pkg .= "PROXY_TEMPLATE=" . $v_proxy_template . "\n";
$pkg .= "DNS_TEMPLATE=" . $v_dns_template . "\n";
$pkg .= "WEB_DOMAINS=" . $v_web_domains . "\n";
$pkg .= "WEB_ALIASES=" . $v_web_aliases . "\n";
$pkg .= "DNS_DOMAINS=" . $v_dns_domains . "\n";
$pkg .= "DNS_RECORDS=" . $v_dns_records . "\n";
$pkg .= "MAIL_DOMAINS=" . $v_mail_domains . "\n";
$pkg .= "MAIL_ACCOUNTS=" . $v_mail_accounts . "\n";
$pkg .= "RATE_LIMIT=" . $v_ratelimit . "\n";
$pkg .= "DATABASES=" . $v_databases . "\n";
$pkg .= "CRON_JOBS=" . $v_cron_jobs . "\n";
$pkg .= "DISK_QUOTA=" . $v_disk_quota . "\n";
$pkg .= "BANDWIDTH=" . $v_bandwidth . "\n";
$pkg .= "NS=" . $v_ns . "\n";
$pkg .= "SHELL=" . $v_shell . "\n";
$pkg .= "BACKUPS=" . $v_backups . "\n";
$pkg .= "TIME=" . $v_time . "\n";
$pkg .= "DATE=" . $v_date . "\n";
$tmpfile = tempnam("/tmp/", "hst_");
$fp = fopen($tmpfile, "w");
fwrite($fp, $pkg);
exec(
HESTIA_CMD . "v-add-user-package " . $tmpfile . " " . $v_package . " yes",
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
fclose($fp);
unlink($tmpfile);
// Propagate new package
exec(HESTIA_CMD . "v-update-user-package " . $v_package . " 'json'", $output, $return_var);
check_return_code($return_var, $output);
unset($output);
if ($v_package_new != $v_package) {
exec(
HESTIA_CMD . "v-rename-user-package " . $v_package . " " . $v_package_new,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
}
// Set success message
if (empty($_SESSION["error_msg"])) {
$_SESSION["ok_msg"] = _("Changes have been saved.");
}
}
// Render page
render_page($user, $TAB, "edit_package");
// Flush session messages
unset($_SESSION["error_msg"]);
unset($_SESSION["ok_msg"]);

59
web/edit/server/apache2/index.php Normal file
View File

@@ -0,0 +1,59 @@
<?php
$TAB = "SERVER";
// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check user
if ($_SESSION["userContext"] != "admin") {
header("Location: /list/user");
exit();
}
// Check POST request
if (!empty($_POST["save"])) {
// Check token
verify_csrf($_POST);
// Set restart flag
$v_restart = "yes";
if (empty($_POST["v_restart"])) {
$v_restart = "no";
}
// Update config
if (!empty($_POST["v_config"])) {
exec("mktemp", $mktemp_output, $return_var);
$new_conf = $mktemp_output[0];
$fp = fopen($new_conf, "w");
fwrite($fp, str_replace("\r\n", "\n", $_POST["v_config"]));
fclose($fp);
exec(
HESTIA_CMD . "v-change-sys-service-config " . $new_conf . " apache2 " . $v_restart,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
unlink($new_conf);
}
// Set success message
if (empty($_SESSION["error_msg"])) {
$_SESSION["ok_msg"] = _("Changes have been saved.");
}
}
$v_config_path = "/etc/apache2/apache2.conf";
$v_service_name = strtoupper("apache2");
// Read config
$v_config = shell_exec(HESTIA_CMD . "v-open-fs-config " . $v_config_path);
// Render page
render_page($user, $TAB, "edit_server_httpd");
// Flush session messages
unset($_SESSION["error_msg"]);
unset($_SESSION["ok_msg"]);

78
web/edit/server/bind9/index.php Normal file
View File

@@ -0,0 +1,78 @@
<?php
$TAB = "SERVER";
// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check user
if ($_SESSION["userContext"] != "admin") {
header("Location: /list/user");
exit();
}
// Check POST request
if (!empty($_POST["save"])) {
// Check token
verify_csrf($_POST);
// Set restart flag
$v_restart = "yes";
if (empty($_POST["v_restart"])) {
$v_restart = "no";
}
// Update options
if (!empty($_POST["v_options"])) {
exec("mktemp", $mktemp_output, $return_var);
$new_conf = $mktemp_output[0];
$fp = fopen($new_conf, "w");
fwrite($fp, str_replace("\r\n", "\n", $_POST["v_options"]));
fclose($fp);
exec(
HESTIA_CMD . "v-change-sys-service-config " . $new_conf . " bind9-opt " . $v_restart,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
unlink($new_conf);
}
// Update config
if (empty($_SESSION["error_msg"]) && !empty($_POST["v_config"])) {
exec("mktemp", $mktemp_output, $return_var);
$new_conf = $mktemp_output[0];
$fp = fopen($new_conf, "w");
fwrite($fp, str_replace("\r\n", "\n", $_POST["v_config"]));
fclose($fp);
exec(
HESTIA_CMD . "v-change-sys-service-config " . $new_conf . " bind9 " . $v_restart,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
unlink($new_conf);
}
// Set success message
if (empty($_SESSION["error_msg"])) {
$_SESSION["ok_msg"] = _("Changes have been saved.");
}
}
$v_options_path = "/etc/bind/named.conf.options";
$v_config_path = "/etc/bind/named.conf";
$v_service_name = strtoupper("bind9");
// Read config
$v_options = shell_exec(HESTIA_CMD . "v-open-fs-config " . $v_options_path);
$v_config = shell_exec(HESTIA_CMD . "v-open-fs-config " . $v_config_path);
// Render page
render_page($user, $TAB, "edit_server_bind9");
// Flush session messages
unset($_SESSION["error_msg"]);
unset($_SESSION["ok_msg"]);

59
web/edit/server/clamav-daemon/index.php Normal file
View File

@@ -0,0 +1,59 @@
<?php
$TAB = "SERVER";
// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check user
if ($_SESSION["userContext"] != "admin") {
header("Location: /list/user");
exit();
}
// Check POST request
if (!empty($_POST["save"])) {
// Check token
verify_csrf($_POST);
// Set restart flag
$v_restart = "yes";
if (empty($_POST["v_restart"])) {
$v_restart = "no";
}
// Update config
if (!empty($_POST["v_config"])) {
exec("mktemp", $mktemp_output, $return_var);
$new_conf = $mktemp_output[0];
$fp = fopen($new_conf, "w");
fwrite($fp, str_replace("\r\n", "\n", $_POST["v_config"]));
fclose($fp);
exec(
HESTIA_CMD . "v-change-sys-service-config " . $new_conf . " clamd " . $v_restart,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
unlink($new_conf);
}
// Set success message
if (empty($_SESSION["error_msg"])) {
$_SESSION["ok_msg"] = _("Changes have been saved.");
}
}
$v_config_path = shell_exec(HESTIA_CMD . "v-list-sys-clamd-config plain");
$v_service_name = strtoupper("clamav");
// Read config
$v_config = shell_exec(HESTIA_CMD . "v-open-fs-config " . $v_config_path);
// Render page
render_page($user, $TAB, "edit_server_service");
// Flush session messages
unset($_SESSION["error_msg"]);
unset($_SESSION["ok_msg"]);

31
web/edit/server/cron/index.php Normal file
View File

@@ -0,0 +1,31 @@
<?php
$TAB = "SERVER";
// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check user
if ($_SESSION["userContext"] != "admin") {
header("Location: /list/user");
exit();
}
// Check POST request
if (!empty($_POST["save"])) {
// Set success message
$_SESSION["ok_msg"] = _("Info (read-only mode): Crontab can only be edited via SSH.");
}
$v_config_path = "/etc/crontab";
$v_service_name = strtoupper("cron");
// Read config
$v_config = shell_exec(HESTIA_CMD . "v-open-fs-config " . $v_config_path);
// Render page
render_page($user, $TAB, "edit_server_service");
// Flush session messages
unset($_SESSION["error_msg"]);
unset($_SESSION["ok_msg"]);

31
web/edit/server/crond/index.php Normal file
View File

@@ -0,0 +1,31 @@
<?php
$TAB = "SERVER";
// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check user
if ($_SESSION["userContext"] != "admin") {
header("Location: /list/user");
exit();
}
// Check POST request
if (!empty($_POST["save"])) {
// Set success message
$_SESSION["ok_msg"] = _("Info (read-only mode): Crontab can only be edited via SSH.");
}
$v_config_path = "/etc/crontab";
$v_service_name = strtoupper("cron");
// Read config
$v_config = shell_exec(HESTIA_CMD . "v-open-fs-config " . $v_config_path);
// Render page
render_page($user, $TAB, "edit_server_service");
// Flush session messages
unset($_SESSION["error_msg"]);
unset($_SESSION["ok_msg"]);

232
web/edit/server/dovecot/index.php Normal file
View File

@@ -0,0 +1,232 @@
<?php
$TAB = "SERVER";
// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check user
if ($_SESSION["userContext"] != "admin") {
header("Location: /list/user");
exit();
}
// Check POST request
if (!empty($_POST["save"])) {
// Check token
verify_csrf($_POST);
// Set restart flag
$v_restart = "yes";
if (empty($_POST["v_restart"])) {
$v_restart = "no";
}
// Update config
if (!empty($_POST["v_config"])) {
exec("mktemp", $mktemp_output, $return_var);
$new_conf = $mktemp_output[0];
$fp = fopen($new_conf, "w");
fwrite($fp, str_replace("\r\n", "\n", $_POST["v_config"]));
fclose($fp);
exec(
HESTIA_CMD . "v-change-sys-service-config " . $new_conf . " dovecot " . $v_restart,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
unlink($new_conf);
}
// Update config1
if (empty($_SESSION["error_msg"]) && !empty($_POST["v_config1"])) {
exec("mktemp", $mktemp_output, $return_var);
$new_conf = $mktemp_output[0];
$fp = fopen($new_conf, "w");
fwrite($fp, str_replace("\r\n", "\n", $_POST["v_config1"]));
fclose($fp);
exec(
HESTIA_CMD . "v-change-sys-service-config " . $new_conf . " dovecot-1 " . $v_restart,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
unlink($new_conf);
}
// Update config2
if (empty($_SESSION["error_msg"]) && !empty($_POST["v_config2"])) {
exec("mktemp", $mktemp_output, $return_var);
$new_conf = $mktemp_output[0];
$fp = fopen($new_conf, "w");
fwrite($fp, str_replace("\r\n", "\n", $_POST["v_config2"]));
fclose($fp);
exec(
HESTIA_CMD . "v-change-sys-service-config " . $new_conf . " dovecot-2 " . $v_restart,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
unlink($new_conf);
}
// Update config3
if (empty($_SESSION["error_msg"]) && !empty($_POST["v_config3"])) {
exec("mktemp", $mktemp_output, $return_var);
$new_conf = $mktemp_output[0];
$fp = fopen($new_conf, "w");
fwrite($fp, str_replace("\r\n", "\n", $_POST["v_config3"]));
fclose($fp);
exec(
HESTIA_CMD . "v-change-sys-service-config " . $new_conf . " dovecot-3 " . $v_restart,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
unlink($new_conf);
}
// Update config4
if (empty($_SESSION["error_msg"]) && !empty($_POST["v_config4"])) {
exec("mktemp", $mktemp_output, $return_var);
$new_conf = $mktemp_output[0];
$fp = fopen($new_conf, "w");
fwrite($fp, str_replace("\r\n", "\n", $_POST["v_config4"]));
fclose($fp);
exec(
HESTIA_CMD . "v-change-sys-service-config " . $new_conf . " dovecot-4 " . $v_restart,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
unlink($new_conf);
}
// Update config5
if (empty($_SESSION["error_msg"]) && !empty($_POST["v_config5"])) {
exec("mktemp", $mktemp_output, $return_var);
$new_conf = $mktemp_output[0];
$fp = fopen($new_conf, "w");
fwrite($fp, str_replace("\r\n", "\n", $_POST["v_config5"]));
fclose($fp);
exec(
HESTIA_CMD . "v-change-sys-service-config " . $new_conf . " dovecot-5 " . $v_restart,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
unlink($new_conf);
}
// Update config6
if (empty($_SESSION["error_msg"]) && !empty($_POST["v_config6"])) {
exec("mktemp", $mktemp_output, $return_var);
$new_conf = $mktemp_output[0];
$fp = fopen($new_conf, "w");
fwrite($fp, str_replace("\r\n", "\n", $_POST["v_config6"]));
fclose($fp);
exec(
HESTIA_CMD . "v-change-sys-service-config " . $new_conf . " dovecot-6 " . $v_restart,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
unlink($new_conf);
}
// Update config7
if (empty($_SESSION["error_msg"]) && !empty($_POST["v_config7"])) {
exec("mktemp", $mktemp_output, $return_var);
$new_conf = $mktemp_output[0];
$fp = fopen($new_conf, "w");
fwrite($fp, str_replace("\r\n", "\n", $_POST["v_config7"]));
fclose($fp);
exec(
HESTIA_CMD . "v-change-sys-service-config " . $new_conf . " dovecot-7 " . $v_restart,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
unlink($new_conf);
}
// Update config8
if (empty($_SESSION["error_msg"]) && !empty($_POST["v_config8"])) {
exec("mktemp", $mktemp_output, $return_var);
$new_conf = $mktemp_output[0];
$fp = fopen($new_conf, "w");
fwrite($fp, str_replace("\r\n", "\n", $_POST["v_config8"]));
fclose($fp);
exec(
HESTIA_CMD . "v-change-sys-service-config " . $new_conf . " dovecot-8 " . $v_restart,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
unlink($new_conf);
}
// Set success message
if (empty($_SESSION["error_msg"])) {
$_SESSION["ok_msg"] = _("Changes have been saved.");
}
}
// List config
exec(HESTIA_CMD . "v-list-sys-dovecot-config json", $output, $return_var);
$data = json_decode(implode("", $output), true);
unset($output);
$v_config_path = $data["CONFIG"]["config_path"];
$v_config_path1 = $data["CONFIG"]["config_path1"];
$v_config_path2 = $data["CONFIG"]["config_path2"];
$v_config_path3 = $data["CONFIG"]["config_path3"];
$v_config_path4 = $data["CONFIG"]["config_path4"];
$v_config_path5 = $data["CONFIG"]["config_path5"];
$v_config_path6 = $data["CONFIG"]["config_path6"];
$v_config_path7 = $data["CONFIG"]["config_path7"];
$v_config_path8 = $data["CONFIG"]["config_path8"];
$v_service_name = strtoupper("dovecot");
// Read config
$v_config = shell_exec(HESTIA_CMD . "v-open-fs-config " . $v_config_path);
if (!empty($v_config_path1)) {
$v_config1 = shell_exec(HESTIA_CMD . "v-open-fs-config " . $v_config_path1);
}
if (!empty($v_config_path2)) {
$v_config2 = shell_exec(HESTIA_CMD . "v-open-fs-config " . $v_config_path2);
}
if (!empty($v_config_path3)) {
$v_config3 = shell_exec(HESTIA_CMD . "v-open-fs-config " . $v_config_path3);
}
if (!empty($v_config_path4)) {
$v_config4 = shell_exec(HESTIA_CMD . "v-open-fs-config " . $v_config_path4);
}
if (!empty($v_config_path5)) {
$v_config5 = shell_exec(HESTIA_CMD . "v-open-fs-config " . $v_config_path5);
}
if (!empty($v_config_path6)) {
$v_config6 = shell_exec(HESTIA_CMD . "v-open-fs-config " . $v_config_path6);
}
if (!empty($v_config_path7)) {
$v_config7 = shell_exec(HESTIA_CMD . "v-open-fs-config " . $v_config_path7);
}
if (!empty($v_config_path8)) {
$v_config8 = shell_exec(HESTIA_CMD . "v-open-fs-config " . $v_config_path8);
}
// Render page
render_page($user, $TAB, "edit_server_dovecot");
// Flush session messages
unset($_SESSION["error_msg"]);
unset($_SESSION["ok_msg"]);

59
web/edit/server/exim/index.php Normal file
View File

@@ -0,0 +1,59 @@
<?php
$TAB = "SERVER";
// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check user
if ($_SESSION["userContext"] != "admin") {
header("Location: /list/user");
exit();
}
// Check POST request
if (!empty($_POST["save"])) {
// Check token
verify_csrf($_POST);
// Set restart flag
$v_restart = "yes";
if (empty($_POST["v_restart"])) {
$v_restart = "no";
}
// Update config
if (!empty($_POST["v_config"])) {
exec("mktemp", $mktemp_output, $return_var);
$new_conf = $mktemp_output[0];
$fp = fopen($new_conf, "w");
fwrite($fp, str_replace("\r\n", "\n", $_POST["v_config"]));
fclose($fp);
exec(
HESTIA_CMD . "v-change-sys-service-config " . $new_conf . " exim " . $v_restart,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
unlink($new_conf);
}
// Set success message
if (empty($_SESSION["error_msg"])) {
$_SESSION["ok_msg"] = _("Changes have been saved.");
}
}
$v_config_path = "/etc/exim/exim.conf";
$v_service_name = strtoupper("exim");
// Read config
$v_config = shell_exec(HESTIA_CMD . "v-open-fs-config " . $v_config_path);
// Render page
render_page($user, $TAB, "edit_server_service");
// Flush session messages
unset($_SESSION["error_msg"]);
unset($_SESSION["ok_msg"]);

59
web/edit/server/exim4/index.php Normal file
View File

@@ -0,0 +1,59 @@
<?php
$TAB = "SERVER";
// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check user
if ($_SESSION["userContext"] != "admin") {
header("Location: /list/user");
exit();
}
// Check POST request
if (!empty($_POST["save"])) {
// Check token
verify_csrf($_POST);
// Set restart flag
$v_restart = "yes";
if (empty($_POST["v_restart"])) {
$v_restart = "no";
}
// Update config
if (!empty($_POST["v_config"])) {
exec("mktemp", $mktemp_output, $return_var);
$new_conf = $mktemp_output[0];
$fp = fopen($new_conf, "w");
fwrite($fp, str_replace("\r\n", "\n", $_POST["v_config"]));
fclose($fp);
exec(
HESTIA_CMD . "v-change-sys-service-config " . $new_conf . " exim4 " . $v_restart,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
unlink($new_conf);
}
// Set success message
if (empty($_SESSION["error_msg"])) {
$_SESSION["ok_msg"] = _("Changes have been saved.");
}
}
$v_config_path = "/etc/exim4/exim4.conf.template";
$v_service_name = strtoupper("exim");
// Read config
$v_config = shell_exec(HESTIA_CMD . "v-open-fs-config " . $v_config_path);
// Render page
render_page($user, $TAB, "edit_server_service");
// Flush session messages
unset($_SESSION["error_msg"]);
unset($_SESSION["ok_msg"]);

59
web/edit/server/fail2ban/index.php Normal file
View File

@@ -0,0 +1,59 @@
<?php
$TAB = "SERVER";
// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check user
if ($_SESSION["userContext"] != "admin") {
header("Location: /list/user");
exit();
}
// Check POST request
if (!empty($_POST["save"])) {
// Check token
verify_csrf($_POST);
// Set restart flag
$v_restart = "yes";
if (empty($_POST["v_restart"])) {
$v_restart = "no";
}
// Update config
if (!empty($_POST["v_config"])) {
exec("mktemp", $mktemp_output, $return_var);
$new_conf = $mktemp_output[0];
$fp = fopen($new_conf, "w");
fwrite($fp, str_replace("\r\n", "\n", $_POST["v_config"]));
fclose($fp);
exec(
HESTIA_CMD . "v-change-sys-service-config " . $new_conf . " fail2ban " . $v_restart,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
unlink($new_conf);
}
// Set success message
if (empty($_SESSION["error_msg"])) {
$_SESSION["ok_msg"] = _("Changes have been saved.");
}
}
$v_config_path = "/etc/fail2ban/jail.local";
$v_service_name = strtoupper("fail2ban");
// Read config
$v_config = shell_exec(HESTIA_CMD . "v-open-fs-config " . $v_config_path);
// Render page
render_page($user, $TAB, "edit_server_service");
// Flush session messages
unset($_SESSION["error_msg"]);
unset($_SESSION["ok_msg"]);

59
web/edit/server/httpd/index.php Normal file
View File

@@ -0,0 +1,59 @@
<?php
$TAB = "SERVER";
// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check user
if ($_SESSION["userContext"] != "admin") {
header("Location: /list/user");
exit();
}
// Check POST request
if (!empty($_POST["save"])) {
// Check token
verify_csrf($_POST);
// Set restart flag
$v_restart = "yes";
if (empty($_POST["v_restart"])) {
$v_restart = "no";
}
// Update config
if (!empty($_POST["v_config"])) {
exec("mktemp", $mktemp_output, $return_var);
$new_conf = $mktemp_output[0];
$fp = fopen($new_conf, "w");
fwrite($fp, str_replace("\r\n", "\n", $_POST["v_config"]));
fclose($fp);
exec(
HESTIA_CMD . "v-change-sys-service-config " . $new_conf . " httpd " . $v_restart,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
unlink($new_conf);
}
// Set success message
if (empty($_SESSION["error_msg"])) {
$_SESSION["ok_msg"] = _("Changes have been saved.");
}
}
$v_config_path = "/etc/httpd/conf/httpd.conf";
$v_service_name = strtoupper("httpd");
// Read config
$v_config = shell_exec(HESTIA_CMD . "v-open-fs-config " . $v_config_path);
// Render page
render_page($user, $TAB, "edit_server_httpd");
// Flush session messages
unset($_SESSION["error_msg"]);
unset($_SESSION["ok_msg"]);

1748
web/edit/server/index.php Normal file
View File

File diff suppressed because it is too large Load Diff

9
web/edit/server/iptables/index.php Normal file
View File

@@ -0,0 +1,9 @@
<?php
$TAB = "SERVER";
// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check user
header("Location: /list/firewall");
exit();

68
web/edit/server/mariadb/index.php Normal file
View File

@@ -0,0 +1,68 @@
<?php
$TAB = "SERVER";
// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check user
if ($_SESSION["userContext"] != "admin") {
header("Location: /list/user");
exit();
}
// Check POST request
if (!empty($_POST["save"])) {
// Check token
verify_csrf($_POST);
// Set restart flag
$v_restart = "yes";
if (empty($_POST["v_restart"])) {
$v_restart = "no";
}
// Update config
if (!empty($_POST["v_config"])) {
exec("mktemp", $mktemp_output, $return_var);
$new_conf = $mktemp_output[0];
$fp = fopen($new_conf, "w");
fwrite($fp, str_replace("\r\n", "\n", $_POST["v_config"]));
fclose($fp);
exec(
HESTIA_CMD . "v-change-sys-service-config " . $new_conf . " mariadb " . $v_restart,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
unlink($new_conf);
}
// Set success message
if (empty($_SESSION["error_msg"])) {
$_SESSION["ok_msg"] = _("Changes have been saved.");
}
}
// List config
exec(HESTIA_CMD . "v-list-sys-mysql-config json", $output, $return_var);
$data = json_decode(implode("", $output), true);
unset($output);
$v_max_user_connections = $data["CONFIG"]["max_user_connections"];
$v_max_connections = $data["CONFIG"]["max_connections"];
$v_wait_timeout = $data["CONFIG"]["wait_timeout"];
$v_interactive_timeout = $data["CONFIG"]["interactive_timeout"];
$v_max_allowed_packet = $data["CONFIG"]["max_allowed_packet"];
$v_config_path = $data["CONFIG"]["config_path"];
$v_service_name = strtoupper("mariadb");
# Read config
$v_config = shell_exec(HESTIA_CMD . "v-open-fs-config " . $v_config_path);
// Render page
render_page($user, $TAB, "edit_server_mysql");
// Flush session messages
unset($_SESSION["error_msg"]);
unset($_SESSION["ok_msg"]);

68
web/edit/server/mysql/index.php Normal file
View File

@@ -0,0 +1,68 @@
<?php
$TAB = "SERVER";
// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check user
if ($_SESSION["userContext"] != "admin") {
header("Location: /list/user");
exit();
}
// Check POST request
if (!empty($_POST["save"])) {
// Check token
verify_csrf($_POST);
// Set restart flag
$v_restart = "yes";
if (empty($_POST["v_restart"])) {
$v_restart = "no";
}
// Update config
if (!empty($_POST["v_config"])) {
exec("mktemp", $mktemp_output, $return_var);
$new_conf = $mktemp_output[0];
$fp = fopen($new_conf, "w");
fwrite($fp, str_replace("\r\n", "\n", $_POST["v_config"]));
fclose($fp);
exec(
HESTIA_CMD . "v-change-sys-service-config " . $new_conf . " mysql " . $v_restart,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
unlink($new_conf);
}
// Set success message
if (empty($_SESSION["error_msg"])) {
$_SESSION["ok_msg"] = _("Changes have been saved.");
}
}
// List config
exec(HESTIA_CMD . "v-list-sys-mysql-config json", $output, $return_var);
$data = json_decode(implode("", $output), true);
unset($output);
$v_max_user_connections = $data["CONFIG"]["max_user_connections"];
$v_max_connections = $data["CONFIG"]["max_connections"];
$v_wait_timeout = $data["CONFIG"]["wait_timeout"];
$v_interactive_timeout = $data["CONFIG"]["interactive_timeout"];
$v_max_allowed_packet = $data["CONFIG"]["max_allowed_packet"];
$v_config_path = $data["CONFIG"]["config_path"];
$v_service_name = strtoupper("mysql");
# Read config
$v_config = shell_exec(HESTIA_CMD . "v-open-fs-config " . $v_config_path);
// Render page
render_page($user, $TAB, "edit_server_mysql");
// Flush session messages
unset($_SESSION["error_msg"]);
unset($_SESSION["ok_msg"]);

68
web/edit/server/mysqld/index.php Normal file
View File

@@ -0,0 +1,68 @@
<?php
$TAB = "SERVER";
// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check user
if ($_SESSION["userContext"] != "admin") {
header("Location: /list/user");
exit();
}
// Check POST request
if (!empty($_POST["save"])) {
// Check token
verify_csrf($_POST);
// Set restart flag
$v_restart = "yes";
if (empty($_POST["v_restart"])) {
$v_restart = "no";
}
// Update config
if (!empty($_POST["v_config"])) {
exec("mktemp", $mktemp_output, $return_var);
$new_conf = $mktemp_output[0];
$fp = fopen($new_conf, "w");
fwrite($fp, str_replace("\r\n", "\n", $_POST["v_config"]));
fclose($fp);
exec(
HESTIA_CMD . "v-change-sys-service-config " . $new_conf . " mysqld " . $v_restart,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
unlink($new_conf);
}
// Set success message
if (empty($_SESSION["error_msg"])) {
$_SESSION["ok_msg"] = _("Changes have been saved.");
}
}
// List config
exec(HESTIA_CMD . "v-list-sys-mysql-config json", $output, $return_var);
$data = json_decode(implode("", $output), true);
unset($output);
$v_max_user_connections = $data["CONFIG"]["max_user_connections"];
$v_max_connections = $data["CONFIG"]["max_connections"];
$v_wait_timeout = $data["CONFIG"]["wait_timeout"];
$v_interactive_timeout = $data["CONFIG"]["interactive_timeout"];
$v_max_allowed_packet = $data["CONFIG"]["max_allowed_packet"];
$v_config_path = $data["CONFIG"]["config_path"];
$v_service_name = strtoupper("mysql");
# Read config
$v_config = shell_exec(HESTIA_CMD . "v-open-fs-config " . $v_config_path);
// Render page
render_page($user, $TAB, "edit_server_mysql");
// Flush session messages
unset($_SESSION["error_msg"]);
unset($_SESSION["ok_msg"]);

59
web/edit/server/named/index.php Normal file
View File

@@ -0,0 +1,59 @@
<?php
$TAB = "SERVER";
// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check user
if ($_SESSION["userContext"] != "admin") {
header("Location: /list/user");
exit();
}
// Check POST request
if (!empty($_POST["save"])) {
// Check token
verify_csrf($_POST);
// Set restart flag
$v_restart = "yes";
if (empty($_POST["v_restart"])) {
$v_restart = "no";
}
// Update config
if (!empty($_POST["v_config"])) {
exec("mktemp", $mktemp_output, $return_var);
$new_conf = $mktemp_output[0];
$fp = fopen($new_conf, "w");
fwrite($fp, str_replace("\r\n", "\n", $_POST["v_config"]));
fclose($fp);
exec(
HESTIA_CMD . "v-change-sys-service-config " . $new_conf . " named " . $v_restart,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
unlink($new_conf);
}
// Set success message
if (empty($_SESSION["error_msg"])) {
$_SESSION["ok_msg"] = _("Changes have been saved.");
}
}
$v_config_path = "/etc/named.conf";
$v_service_name = strtoupper("named");
// Read config
$v_config = shell_exec(HESTIA_CMD . "v-open-fs-config " . $v_config_path);
// Render page
render_page($user, $TAB, "edit_server_service");
// Flush session messages
unset($_SESSION["error_msg"]);
unset($_SESSION["ok_msg"]);

73
web/edit/server/nginx/index.php Normal file
View File

@@ -0,0 +1,73 @@
<?php
$TAB = "SERVER";
// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check user
if ($_SESSION["userContext"] != "admin") {
header("Location: /list/user");
exit();
}
// Check POST request
if (!empty($_POST["save"])) {
// Check token
verify_csrf($_POST);
// Set restart flag
$v_restart = "yes";
if (empty($_POST["v_restart"])) {
$v_restart = "no";
}
// Update config
if (!empty($_POST["v_config"])) {
exec("mktemp", $mktemp_output, $return_var);
$new_conf = $mktemp_output[0];
$fp = fopen($new_conf, "w");
fwrite($fp, str_replace("\r\n", "\n", $_POST["v_config"]));
fclose($fp);
exec(
HESTIA_CMD . "v-change-sys-service-config " . $new_conf . " nginx " . $v_restart,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
unlink($new_conf);
}
// Set success message
if (empty($_SESSION["error_msg"])) {
$_SESSION["ok_msg"] = _("Changes have been saved.");
}
}
// List config
exec(HESTIA_CMD . "v-list-sys-nginx-config json", $output, $return_var);
$data = json_decode(implode("", $output), true);
unset($output);
$v_worker_processes = $data["CONFIG"]["worker_processes"];
$v_worker_connections = $data["CONFIG"]["worker_connections"];
$v_send_timeout = $data["CONFIG"]["send_timeout"];
$v_proxy_connect_timeout = $data["CONFIG"]["proxy_connect_timeout"];
$v_proxy_send_timeout = $data["CONFIG"]["proxy_send_timeout"];
$v_proxy_read_timeout = $data["CONFIG"]["proxy_read_timeout"];
$v_client_max_body_size = $data["CONFIG"]["client_max_body_size"];
$v_gzip = $data["CONFIG"]["gzip"];
$v_gzip_comp_level = $data["CONFIG"]["gzip_comp_level"];
$v_charset = $data["CONFIG"]["charset"];
$v_config_path = $data["CONFIG"]["config_path"];
$v_service_name = strtoupper("nginx");
// Read config
$v_config = shell_exec(HESTIA_CMD . "v-open-fs-config " . $v_config_path);
// Render page
render_page($user, $TAB, "edit_server_nginx");
// Flush session messages
unset($_SESSION["error_msg"]);
unset($_SESSION["ok_msg"]);

69
web/edit/server/php-fpm/index.php Normal file
View File

@@ -0,0 +1,69 @@
<?php
$TAB = "SERVER";
// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check user
if ($_SESSION["userContext"] != "admin") {
header("Location: /list/user");
exit();
}
// Check POST request
if (!empty($_POST["save"])) {
// Check token
verify_csrf($_POST);
// Set restart flag
$v_restart = "yes";
if (empty($_POST["v_restart"])) {
$v_restart = "no";
}
// Update config
if (!empty($_POST["v_config"])) {
exec("mktemp", $mktemp_output, $return_var);
$new_conf = $mktemp_output[0];
$fp = fopen($new_conf, "w");
fwrite($fp, str_replace("\r\n", "\n", $_POST["v_config"]));
fclose($fp);
exec(
HESTIA_CMD . "v-change-sys-service-config " . $new_conf . " php " . $v_restart,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
unlink($new_conf);
}
// Set success message
if (empty($_SESSION["error_msg"])) {
$_SESSION["ok_msg"] = _("Changes have been saved.");
}
}
// List config
exec(HESTIA_CMD . "v-list-sys-php-config json", $output, $return_var);
$data = json_decode(implode("", $output), true);
unset($output);
$v_memory_limit = $data["CONFIG"]["memory_limit"];
$v_max_execution_time = $data["CONFIG"]["max_execution_time"];
$v_max_input_time = $data["CONFIG"]["max_input_time"];
$v_upload_max_filesize = $data["CONFIG"]["upload_max_filesize"];
$v_post_max_size = $data["CONFIG"]["post_max_size"];
$v_display_errors = $data["CONFIG"]["display_errors"];
$v_error_reporting = $data["CONFIG"]["error_reporting"];
$v_config_path = $data["CONFIG"]["config_path"];
# Read config
$v_config = shell_exec(HESTIA_CMD . "v-open-fs-config " . $v_config_path);
// Render page
render_page($user, $TAB, "edit_server_php");
// Flush session messages
unset($_SESSION["error_msg"]);
unset($_SESSION["ok_msg"]);

69
web/edit/server/php/index.php Normal file
View File

@@ -0,0 +1,69 @@
<?php
$TAB = "SERVER";
// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check user
if ($_SESSION["userContext"] != "admin") {
header("Location: /list/user");
exit();
}
// Check POST request
if (!empty($_POST["save"])) {
// Check token
verify_csrf($_POST);
// Set restart flag
$v_restart = "yes";
if (empty($_POST["v_restart"])) {
$v_restart = "no";
}
// Update config
if (!empty($_POST["v_config"])) {
exec("mktemp", $mktemp_output, $return_var);
$new_conf = $mktemp_output[0];
$fp = fopen($new_conf, "w");
fwrite($fp, str_replace("\r\n", "\n", $_POST["v_config"]));
fclose($fp);
exec(
HESTIA_CMD . "v-change-sys-service-config " . $new_conf . " php " . $v_restart,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
unlink($new_conf);
}
// Set success message
if (empty($_SESSION["error_msg"])) {
$_SESSION["ok_msg"] = _("Changes have been saved.");
}
}
// List config
exec(HESTIA_CMD . "v-list-sys-php-config json", $output, $return_var);
$data = json_decode(implode("", $output), true);
unset($output);
$v_memory_limit = $data["CONFIG"]["memory_limit"];
$v_max_execution_time = $data["CONFIG"]["max_execution_time"];
$v_max_input_time = $data["CONFIG"]["max_input_time"];
$v_upload_max_filesize = $data["CONFIG"]["upload_max_filesize"];
$v_post_max_size = $data["CONFIG"]["post_max_size"];
$v_display_errors = $data["CONFIG"]["display_errors"];
$v_error_reporting = $data["CONFIG"]["error_reporting"];
$v_config_path = $data["CONFIG"]["config_path"];
# Read config
$v_config = shell_exec(HESTIA_CMD . "v-open-fs-config " . $v_config_path);
// Render page
render_page($user, $TAB, "edit_server_php");
// Flush session messages
unset($_SESSION["error_msg"]);
unset($_SESSION["ok_msg"]);

69
web/edit/server/php5-fpm/index.php Normal file
View File

@@ -0,0 +1,69 @@
<?php
$TAB = "SERVER";
// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check user
if ($_SESSION["userContext"] != "admin") {
header("Location: /list/user");
exit();
}
// Check POST request
if (!empty($_POST["save"])) {
// Check token
verify_csrf($_POST);
// Set restart flag
$v_restart = "yes";
if (empty($_POST["v_restart"])) {
$v_restart = "no";
}
// Update config
if (!empty($_POST["v_config"])) {
exec("mktemp", $mktemp_output, $return_var);
$new_conf = $mktemp_output[0];
$fp = fopen($new_conf, "w");
fwrite($fp, str_replace("\r\n", "\n", $_POST["v_config"]));
fclose($fp);
exec(
HESTIA_CMD . "v-change-sys-service-config " . $new_conf . " php " . $v_restart,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
unlink($new_conf);
}
// Set success message
if (empty($_SESSION["error_msg"])) {
$_SESSION["ok_msg"] = _("Changes have been saved.");
}
}
// List config
exec(HESTIA_CMD . "v-list-sys-php-config json", $output, $return_var);
$data = json_decode(implode("", $output), true);
unset($output);
$v_memory_limit = $data["CONFIG"]["memory_limit"];
$v_max_execution_time = $data["CONFIG"]["max_execution_time"];
$v_max_input_time = $data["CONFIG"]["max_input_time"];
$v_upload_max_filesize = $data["CONFIG"]["upload_max_filesize"];
$v_post_max_size = $data["CONFIG"]["post_max_size"];
$v_display_errors = $data["CONFIG"]["display_errors"];
$v_error_reporting = $data["CONFIG"]["error_reporting"];
$v_config_path = $data["CONFIG"]["config_path"];
# Read config
$v_config = shell_exec(HESTIA_CMD . "v-open-fs-config " . $v_config_path);
// Render page
render_page($user, $TAB, "edit_server_php");
// Flush session messages
unset($_SESSION["error_msg"]);
unset($_SESSION["ok_msg"]);

87
web/edit/server/postgresql/index.php Normal file
View File

@@ -0,0 +1,87 @@
<?php
$TAB = "SERVER";
// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check user
if ($_SESSION["userContext"] != "admin") {
header("Location: /list/user");
exit();
}
// Check POST request
if (!empty($_POST["save"])) {
// Check token
verify_csrf($_POST);
// Set restart flag
$v_restart = "yes";
if (empty($_POST["v_restart"])) {
$v_restart = "no";
}
// Update option
if (!empty($_POST["v_options"])) {
exec("mktemp", $mktemp_output, $return_var);
$new_conf = $mktemp_output[0];
$fp = fopen($new_conf, "w");
fwrite($fp, str_replace("\r\n", "\n", $_POST["v_options"]));
fclose($fp);
exec(
HESTIA_CMD .
"v-change-sys-service-config " .
$new_conf .
" postgresql-hba " .
$v_restart,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
unlink($new_conf);
}
// Update config
if (empty($_SESSION["error_msg"]) && !empty($_POST["v_config"])) {
exec("mktemp", $mktemp_output, $return_var);
$new_conf = $mktemp_output[0];
$fp = fopen($new_conf, "w");
fwrite($fp, str_replace("\r\n", "\n", $_POST["v_config"]));
fclose($fp);
exec(
HESTIA_CMD . "v-change-sys-service-config " . $new_conf . " postgresql " . $v_restart,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
unlink($new_conf);
}
// Set success message
if (empty($_SESSION["error_msg"])) {
$_SESSION["ok_msg"] = _("Changes have been saved.");
}
}
// List config
exec(HESTIA_CMD . "v-list-sys-pgsql-config json", $output, $return_var);
$data = json_decode(implode("", $output), true);
unset($output);
$v_options_path = $data["CONFIG"]["pg_hba_path"];
$v_config_path = $data["CONFIG"]["config_path"];
$v_service_name = strtoupper("postgresql");
// Read config
$v_options = shell_exec(HESTIA_CMD . "v-open-fs-config " . $v_options_path);
$v_config = shell_exec(HESTIA_CMD . "v-open-fs-config " . $v_config_path);
// Render page
render_page($user, $TAB, "edit_server_pgsql");
// Flush session messages
unset($_SESSION["error_msg"]);
unset($_SESSION["ok_msg"]);

59
web/edit/server/proftpd/index.php Normal file
View File

@@ -0,0 +1,59 @@
<?php
$TAB = "SERVER";
// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check user
if ($_SESSION["userContext"] != "admin") {
header("Location: /list/user");
exit();
}
// Check POST request
if (!empty($_POST["save"])) {
// Check token
verify_csrf($_POST);
// Set restart flag
$v_restart = "yes";
if (empty($_POST["v_restart"])) {
$v_restart = "no";
}
// Update config
if (!empty($_POST["v_config"])) {
exec("mktemp", $mktemp_output, $return_var);
$new_conf = $mktemp_output[0];
$fp = fopen($new_conf, "w");
fwrite($fp, str_replace("\r\n", "\n", $_POST["v_config"]));
fclose($fp);
exec(
HESTIA_CMD . "v-change-sys-service-config " . $new_conf . " proftpd " . $v_restart,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
unlink($new_conf);
}
// Set success message
if (empty($_SESSION["error_msg"])) {
$_SESSION["ok_msg"] = _("Changes have been saved.");
}
}
$v_config_path = shell_exec(HESTIA_CMD . "v-list-sys-proftpd-config plain");
$v_service_name = strtoupper("proftpd");
// Read config
$v_config = shell_exec(HESTIA_CMD . "v-open-fs-config " . $v_config_path);
// Render page
render_page($user, $TAB, "edit_server_service");
// Flush session messages
unset($_SESSION["error_msg"]);
unset($_SESSION["ok_msg"]);

59
web/edit/server/spamassassin/index.php Normal file
View File

@@ -0,0 +1,59 @@
<?php
$TAB = "SERVER";
// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check user
if ($_SESSION["userContext"] != "admin") {
header("Location: /list/user");
exit();
}
// Check POST request
if (!empty($_POST["save"])) {
// Check token
verify_csrf($_POST);
// Set restart flag
$v_restart = "yes";
if (empty($_POST["v_restart"])) {
$v_restart = "no";
}
// Update config
if (!empty($_POST["v_config"])) {
exec("mktemp", $mktemp_output, $return_var);
$new_conf = $mktemp_output[0];
$fp = fopen($new_conf, "w");
fwrite($fp, str_replace("\r\n", "\n", $_POST["v_config"]));
fclose($fp);
exec(
HESTIA_CMD . "v-change-sys-service-config " . $new_conf . " spamassassin " . $v_restart,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
unlink($new_conf);
}
// Set success message
if (empty($_SESSION["error_msg"])) {
$_SESSION["ok_msg"] = _("Changes have been saved.");
}
}
$v_config_path = shell_exec(HESTIA_CMD . "v-list-sys-spamd-config plain");
$v_service_name = strtoupper("spamassassin");
// Read config
$v_config = shell_exec(HESTIA_CMD . "v-open-fs-config " . $v_config_path);
// Render page
render_page($user, $TAB, "edit_server_service");
// Flush session messages
unset($_SESSION["error_msg"]);
unset($_SESSION["ok_msg"]);

59
web/edit/server/spamd/index.php Normal file
View File

@@ -0,0 +1,59 @@
<?php
$TAB = "SERVER";
// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check user
if ($_SESSION["userContext"] != "admin") {
header("Location: /list/user");
exit();
}
// Check POST request
if (!empty($_POST["save"])) {
// Check token
verify_csrf($_POST);
// Set restart flag
$v_restart = "yes";
if (empty($_POST["v_restart"])) {
$v_restart = "no";
}
// Update config
if (!empty($_POST["v_config"])) {
exec("mktemp", $mktemp_output, $return_var);
$new_conf = $mktemp_output[0];
$fp = fopen($new_conf, "w");
fwrite($fp, str_replace("\r\n", "\n", $_POST["v_config"]));
fclose($fp);
exec(
HESTIA_CMD . "v-change-sys-service-config " . $new_conf . " spamd " . $v_restart,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
unlink($new_conf);
}
// Set success message
if (empty($_SESSION["error_msg"])) {
$_SESSION["ok_msg"] = _("Changes have been saved.");
}
}
$v_config_path = shell_exec(HESTIA_CMD . "v-list-sys-spamd-config plain");
$v_service_name = strtoupper("spamassassin");
// Read config
$v_config = shell_exec(HESTIA_CMD . "v-open-fs-config " . $v_config_path);
// Render page
render_page($user, $TAB, "edit_server_service");
// Flush session messages
unset($_SESSION["error_msg"]);
unset($_SESSION["ok_msg"]);

59
web/edit/server/ssh/index.php Normal file
View File

@@ -0,0 +1,59 @@
<?php
$TAB = "SERVER";
// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check user
if ($_SESSION["userContext"] != "admin") {
header("Location: /list/user");
exit();
}
// Check POST request
if (!empty($_POST["save"])) {
// Check token
verify_csrf($_POST);
// Set restart flag
$v_restart = "yes";
if (empty($_POST["v_restart"])) {
$v_restart = "no";
}
// Update config
if (!empty($_POST["v_config"])) {
exec("mktemp", $mktemp_output, $return_var);
$new_conf = $mktemp_output[0];
$fp = fopen($new_conf, "w");
fwrite($fp, str_replace("\r\n", "\n", $_POST["v_config"]));
fclose($fp);
exec(
HESTIA_CMD . "v-change-sys-service-config " . $new_conf . " ssh " . $v_restart,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
unlink($new_conf);
}
// Set success message
if (empty($_SESSION["error_msg"])) {
$_SESSION["ok_msg"] = _("Changes have been saved.");
}
}
$v_config_path = "/etc/ssh/sshd_config";
$v_service_name = strtoupper("ssh");
// Read config
$v_config = shell_exec(HESTIA_CMD . "v-open-fs-config " . $v_config_path);
// Render page
render_page($user, $TAB, "edit_server_service");
// Flush session messages
unset($_SESSION["error_msg"]);
unset($_SESSION["ok_msg"]);

Some files were not shown because too many files have changed in this diff Show More