bayrepo/hestiacp
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Initial

Browse Source
This commit is contained in:
Alexey Berezhok
2024-03-19 22:05:27 +03:00
commit 346a50856b
1572 changed files with 182163 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

101
web/add/access-key/index.php Normal file
View File

@@ -0,0 +1,101 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
$TAB = "Access Key";
// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Checks if API access is enabled
$api_status =
!empty($_SESSION["API_SYSTEM"]) && is_numeric($_SESSION["API_SYSTEM"])
? $_SESSION["API_SYSTEM"]
: 0;
if (($user_plain == "admin" && $api_status < 1) || ($user_plain != "admin" && $api_status < 2)) {
header("Location: /edit/user/");
exit();
}
// APIs available
exec(HESTIA_CMD . "v-list-apis json", $output, $return_var);
$apis = json_decode(implode("", $output), true);
$apis = array_filter($apis, function ($api) use ($user_plain) {
return $user_plain == "admin" || $api["ROLE"] == "user";
});
ksort($apis);
unset($output);
// Check POST request
if (!empty($_POST["ok"])) {
// Check token
verify_csrf($_POST);
// Validate apis
$apis_selected = !empty($_POST["v_apis"]) && is_array($_POST["v_apis"]) ? $_POST["v_apis"] : [];
$check_invalid_apis = array_filter($apis_selected, function ($selected) use ($apis) {
return !array_key_exists($selected, $apis);
});
if (empty($apis_selected)) {
$errors[] = _("Permissions");
} elseif (count($check_invalid_apis) > 0) {
//$errors[] = sprintf("%d apis not allowed", count($check_invalid_apis));
foreach ($check_invalid_apis as $api_name) {
$errors[] = sprintf("API %s not allowed", $api_name);
}
}
if (!empty($errors[0])) {
foreach ($errors as $i => $error) {
if ($i == 0) {
$error_msg = $error;
} else {
$error_msg = $error_msg . ", " . $error;
}
}
$_SESSION["error_msg"] = sprintf(_('Field "%s" can not be blank.'), $error_msg);
}
// Protect input
$v_apis = quoteshellarg(implode(",", $apis_selected));
$v_comment = quoteshellarg(trim($_POST["v_comment"] ?? ""));
// Add access key
if (empty($_SESSION["error_msg"])) {
exec(
HESTIA_CMD . "v-add-access-key " . $user . " " . $v_apis . " " . $v_comment . " json",
$output,
$return_var,
);
$key_data = json_decode(implode("", $output), true);
check_return_code($return_var, $output);
unset($output);
}
// Flush field values on success
if (empty($_SESSION["error_msg"])) {
$_SESSION["ok_msg"] = htmlify_trans(
sprintf(
_("Access key {%s} has been created successfully."),
htmlentities($key_data["ACCESS_KEY_ID"]),
),
"</code>",
"<code>",
);
unset($apis_selected);
unset($check_invalid_apis);
unset($v_apis);
unset($v_comment);
}
}
// Render
if (empty($key_data)) {
render_page($user, $TAB, "add_access_key");
} else {
render_page($user, $TAB, "list_access_key");
}
// Flush session messages
unset($_SESSION["error_msg"]);
unset($_SESSION["ok_msg"]);

17
web/add/cron/autoupdate/index.php Normal file
View File

@@ -0,0 +1,17 @@
<?php
ob_start();
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check token
verify_csrf($_GET);
if (
($_SESSION["userContext"] === "admin" && $_SESSION["POLICY_SYSTEM_HIDE_SERVICES"] == "no") ||
$_SESSION["user"] == "admin"
) {
exec(HESTIA_CMD . "v-add-cron-hestia-autoupdate", $output, $return_var);
unset($output);
}
header("Location: /list/updates/");
exit();

114
web/add/cron/index.php Normal file
View File

@@ -0,0 +1,114 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
$TAB = "CRON";
// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check POST request
if (!empty($_POST["ok"])) {
// Check token
verify_csrf($_POST);
// Check empty fields
if (!isset($_POST["v_min"]) || $_POST["v_min"] == "") {
$errors[] = _("Minute");
}
if (!isset($_POST["v_hour"]) || $_POST["v_hour"] == "") {
$errors[] = _("Hour");
}
if (!isset($_POST["v_day"]) || $_POST["v_day"] == "") {
$errors[] = _("Day");
}
if (!isset($_POST["v_month"]) || $_POST["v_month"] == "") {
$errors[] = _("Month");
}
if (!isset($_POST["v_wday"]) || $_POST["v_wday"] == "") {
$errors[] = _("Day of Week");
}
if (!isset($_POST["v_cmd"]) || $_POST["v_cmd"] == "") {
$errors[] = _("Command");
}
if (!empty($errors[0])) {
foreach ($errors as $i => $error) {
if ($i == 0) {
$error_msg = $error;
} else {
$error_msg = $error_msg . ", " . $error;
}
}
$_SESSION["error_msg"] = sprintf(_('Field "%s" can not be blank.'), $error_msg);
}
// Protect input
$v_min = quoteshellarg($_POST["v_min"]);
$v_hour = quoteshellarg($_POST["v_hour"]);
$v_day = quoteshellarg($_POST["v_day"]);
$v_month = quoteshellarg($_POST["v_month"]);
$v_wday = quoteshellarg($_POST["v_wday"]);
$v_cmd = quoteshellarg($_POST["v_cmd"]);
// Add cron job
if (empty($_SESSION["error_msg"])) {
exec(
HESTIA_CMD .
"v-add-cron-job " .
$user .
" " .
$v_min .
" " .
$v_hour .
" " .
$v_day .
" " .
$v_month .
" " .
$v_wday .
" " .
$v_cmd,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
}
// Flush field values on success
if (empty($_SESSION["error_msg"])) {
$_SESSION["ok_msg"] = _("Cron job has been created successfully.");
unset($v_min);
unset($v_hour);
unset($v_day);
unset($v_month);
unset($v_wday);
unset($v_cmd);
unset($output);
}
}
if (empty($v_cmd)) {
$v_cmd = "";
}
if (empty($v_month)) {
$v_month = "";
}
if (empty($v_day)) {
$v_day = "";
}
if (empty($v_wday)) {
$v_wday = "";
}
if (empty($v_hour)) {
$v_hour = "";
}
if (empty($v_min)) {
$v_min = "";
}
// Render
render_page($user, $TAB, "add_cron");
// Flush session messages
unset($_SESSION["error_msg"]);
unset($_SESSION["ok_msg"]);

12
web/add/cron/reports/index.php Normal file
View File

@@ -0,0 +1,12 @@
<?php
ob_start();
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check token
verify_csrf($_GET);
exec(HESTIA_CMD . "v-add-cron-reports " . $user, $output, $return_var);
unset($output);
header("Location: /list/cron/");
exit();

248
web/add/db/index.php Normal file
View File

@@ -0,0 +1,248 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
$TAB = "DB";
// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check POST request
if (!empty($_POST["ok"])) {
// Check token
verify_csrf($_POST);
// Check empty fields
if (empty($_POST["v_database"])) {
$errors[] = _("Database");
}
if (empty($_POST["v_dbuser"])) {
$errors[] = _("Username");
}
if (empty($_POST["v_password"])) {
$errors[] = _("Password");
}
if (empty($_POST["v_type"])) {
$errors[] = _("Type");
}
if (empty($_POST["v_host"])) {
$errors[] = _("Host");
}
if (empty($_POST["v_charset"])) {
$errors[] = _("Charset");
}
if (!empty($errors[0])) {
foreach ($errors as $i => $error) {
if ($i == 0) {
$error_msg = $error;
} else {
$error_msg = $error_msg . ", " . $error;
}
}
$_SESSION["error_msg"] = sprintf(_('Field "%s" can not be blank.'), $error_msg);
}
// Validate email
if (!empty($_POST["v_db_email"]) && empty($_SESSION["error_msg"])) {
if (!filter_var($_POST["v_db_email"], FILTER_VALIDATE_EMAIL)) {
$_SESSION["error_msg"] = _("Please enter a valid email address.");
}
}
// Check password length
if (empty($_SESSION["error_msg"])) {
if (!validate_password($_POST["v_password"])) {
$_SESSION["error_msg"] = _("Password does not match the minimum requirements.");
}
}
// Protect input
$v_database = quoteshellarg($_POST["v_database"]);
$v_dbuser = quoteshellarg($_POST["v_dbuser"]);
$v_type = $_POST["v_type"];
$v_charset = $_POST["v_charset"];
$v_host = $_POST["v_host"];
$v_db_email = $_POST["v_db_email"];
// Add database
if (empty($_SESSION["error_msg"])) {
$v_type = quoteshellarg($_POST["v_type"]);
$v_charset = quoteshellarg($_POST["v_charset"]);
$v_host = quoteshellarg($_POST["v_host"]);
$v_password = tempnam("/tmp", "vst");
$fp = fopen($v_password, "w");
fwrite($fp, $_POST["v_password"] . "\n");
fclose($fp);
exec(
HESTIA_CMD .
"v-add-database " .
$user .
" " .
$v_database .
" " .
$v_dbuser .
" " .
$v_password .
" " .
$v_type .
" " .
$v_host .
" " .
$v_charset,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
unlink($v_password);
$v_password = quoteshellarg($_POST["v_password"]);
$v_type = $_POST["v_type"];
$v_host = $_POST["v_host"];
$v_charset = $_POST["v_charset"];
}
// Get database manager url
if (empty($_SESSION["error_msg"])) {
[$http_host, $port] = explode(":", $_SERVER["HTTP_HOST"] . ":");
if ($_POST["v_host"] != "localhost") {
$http_host = $_POST["v_host"];
}
if ($_POST["v_type"] == "mysql") {
$db_admin = "phpMyAdmin";
}
if ($_POST["v_type"] == "mysql") {
$db_admin_link = "https://" . $http_host . "/phpmyadmin/";
}
if ($_POST["v_type"] == "mysql" && !empty($_SESSION["DB_PMA_ALIAS"])) {
$db_admin_link = "https://" . $http_host . "/" . $_SESSION["DB_PMA_ALIAS"];
}
if ($_POST["v_type"] == "pgsql") {
$db_admin = "phpPgAdmin";
}
if ($_POST["v_type"] == "pgsql") {
$db_admin_link = "https://" . $http_host . "/phppgadmin/";
}
if ($_POST["v_type"] == "pgsql" && !empty($_SESSION["DB_PGA_ALIAS"])) {
$db_admin_link = "https://" . $http_host . "/" . $_SESSION["DB_PGA_ALIAS"];
}
}
// Email login credentials
if (!empty($v_db_email) && empty($_SESSION["error_msg"])) {
$to = $v_db_email;
$template = get_email_template("database_credentials", $_SESSION["language"]);
if (!empty($template)) {
preg_match("/<subject>(.*?)<\/subject>/si", $template, $matches);
$subject = $matches[1];
$subject = str_replace(
["{{hostname}}", "{{appname}}", "{{dabase}}", "{{dbuser}}"],
[
get_hostname(),
$_SESSION["APP_NAME"],
$user_plain . "_" . $_POST["v_database"],
$user_plain . "_" . $_POST["v_dbuser"],
],
$subject,
);
$template = str_replace($matches[0], "", $template);
} else {
$template = _(
"Database has been created.\n" .
"\n" .
"Database: {{database}}\n" .
"Username: {{username}}\n" .
"Password: {{password}}\n" .
"SQL Manager: {{dbadmin}}\n" .
"\n" .
"Best regards,\n" .
"\n" .
"--\n" .
"{{appname}}",
);
}
if (empty($subject)) {
$subject = str_replace(
["{{subject}}", "{{hostname}}", "{{appname}}"],
[
sprintf(
_("Database Credentials: %s"),
$user_plain . "_" . $_POST["v_database"],
),
get_hostname(),
$_SESSION["APP_NAME"],
],
$_SESSION["SUBJECT_EMAIL"],
);
}
$hostname = get_hostname();
$from = !empty($_SESSION["FROM_EMAIL"]) ? $_SESSION["FROM_EMAIL"] : "noreply@" . $hostname;
$from_name = !empty($_SESSION["FROM_NAME"])
? $_SESSION["FROM_NAME"]
: $_SESSION["APP_NAME"];
$mailtext = translate_email($template, [
"database" => htmlentities($user_plain . "_" . $_POST["v_database"]),
"username" => htmlentities($user_plain . "_" . $_POST["v_dbuser"]),
"password" => htmlentities($_POST["v_password"]),
"dbadmin" => $db_admin_link,
"appname" => $_SESSION["APP_NAME"],
]);
send_email($to, $subject, $mailtext, $from, $from_name);
}
// Flush field values on success
if (empty($_SESSION["error_msg"])) {
$_SESSION["ok_msg"] = htmlify_trans(
sprintf(
_("Database {%s} has been created successfully. / {Open %s}"),
htmlentities($user_plain) . "_" . htmlentities($_POST["v_database"]),
htmlentities($user_plain) . "_" . htmlentities($_POST["v_database"]),
),
"</a>",
'<a href="/edit/db/?database=' .
htmlentities($user_plain) .
"_" .
htmlentities($_POST["v_database"]) .
'">',
'<a href="' . $db_admin_link . '" target="_blank">',
);
unset($v_database);
unset($v_dbuser);
unset($v_password);
unset($v_type);
unset($v_charset);
}
}
// Get user email
$v_db_email = "";
if (empty($v_database)) {
$v_database = "";
}
if (empty($v_dbuser)) {
$v_dbuser = "";
}
// List avaiable database types
$db_types = explode(",", $_SESSION["DB_SYSTEM"]);
// List available database servers
exec(HESTIA_CMD . "v-list-database-hosts json", $output, $return_var);
$db_hosts_tmp1 = json_decode(implode("", $output), true);
$db_hosts_tmp2 = array_map(function ($host) {
return $host["HOST"];
}, $db_hosts_tmp1);
$db_hosts = array_values(array_unique($db_hosts_tmp2));
unset($output);
unset($db_hosts_tmp1);
unset($db_hosts_tmp2);
$accept = $_GET["accept"] ?? "";
render_page($user, $TAB, "add_db");
// Flush session messages
unset($_SESSION["error_msg"]);
unset($_SESSION["ok_msg"]);

406
web/add/dns/index.php Normal file
View File

@@ -0,0 +1,406 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
$TAB = "DNS";
// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// List ip addresses
exec(HESTIA_CMD . "v-list-user-ips " . $user . " json", $output, $return_var);
$v_ips = json_decode(implode("", $output), true);
unset($output);
// Check POST request for dns domain
if (!empty($_POST["ok"])) {
// Check token
verify_csrf($_POST);
// Check empty fields
if (empty($_POST["v_domain"])) {
$errors[] = _("Domain");
}
if (empty($_POST["v_ip"])) {
$errors[] = _("IP Address");
}
if (!empty($errors[0])) {
foreach ($errors as $i => $error) {
if ($i == 0) {
$error_msg = $error;
} else {
$error_msg = $error_msg . ", " . $error;
}
}
$_SESSION["error_msg"] = sprintf(_('Field "%s" can not be blank.'), $error_msg);
}
// Protect input
$v_domain = preg_replace("/^www./i", "", $_POST["v_domain"]);
$v_domain = quoteshellarg($v_domain);
$v_domain = strtolower($v_domain);
$v_ip = $_POST["v_ip"];
// Change NameServers
if (empty($_POST["v_ns1"])) {
$_POST["v_ns1"] = "";
}
if (empty($_POST["v_ns2"])) {
$_POST["v_ns2"] = "";
}
if (empty($_POST["v_ns3"])) {
$_POST["v_ns3"] = "";
}
if (empty($_POST["v_ns4"])) {
$_POST["v_ns4"] = "";
}
if (empty($_POST["v_ns5"])) {
$_POST["v_ns5"] = "";
}
if (empty($_POST["v_ns6"])) {
$_POST["v_ns6"] = "";
}
if (empty($_POST["v_ns7"])) {
$_POST["v_ns7"] = "";
}
if (empty($_POST["v_ns8"])) {
$_POST["v_ns8"] = "";
}
if (empty($_POST["v_dnssec"])) {
$_POST["v_dnssec"] = "no";
}
$v_ns1 = quoteshellarg($_POST["v_ns1"]);
$v_ns2 = quoteshellarg($_POST["v_ns2"]);
$v_ns3 = quoteshellarg($_POST["v_ns3"]);
$v_ns4 = quoteshellarg($_POST["v_ns4"]);
$v_ns5 = quoteshellarg($_POST["v_ns5"]);
$v_ns6 = quoteshellarg($_POST["v_ns6"]);
$v_ns7 = quoteshellarg($_POST["v_ns7"]);
$v_ns8 = quoteshellarg($_POST["v_ns8"]);
$v_dnssec = quoteshellarg($_POST["v_dnssec"]);
// Add dns domain
if (empty($_SESSION["error_msg"])) {
exec(
HESTIA_CMD .
"v-add-dns-domain " .
$user .
" " .
$v_domain .
" " .
quoteshellarg($v_ip) .
" " .
$v_ns1 .
" " .
$v_ns2 .
" " .
$v_ns3 .
" " .
$v_ns4 .
" " .
$v_ns5 .
" " .
$v_ns6 .
" " .
$v_ns7 .
" " .
$v_ns8 .
" no " .
$v_dnssec,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
}
exec(HESTIA_CMD . "v-list-user " . $user . " json", $output, $return_var);
$user_config = json_decode(implode("", $output), true);
unset($output);
$v_template = $user_config[$user_plain]["DNS_TEMPLATE"];
if (
$v_template != $_POST["v_template"] &&
!empty($_POST["v_template"]) &&
empty($_SESSION["error_msg"])
) {
$v_template = quoteshellarg($_POST["v_template"]);
exec(
HESTIA_CMD .
"v-change-dns-domain-tpl " .
$user .
" " .
$v_domain .
" " .
$v_template .
" 'no'",
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
}
// Set expiration date
if (empty($_SESSION["error_msg"])) {
if (!empty($_POST["v_exp"]) && $_POST["v_exp"] != date("Y-m-d", strtotime("+1 year"))) {
$v_exp = quoteshellarg($_POST["v_exp"]);
exec(
HESTIA_CMD .
"v-change-dns-domain-exp " .
$user .
" " .
$v_domain .
" " .
$v_exp .
" no",
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
}
}
// Set ttl
if (empty($_SESSION["error_msg"])) {
if (
!empty($_POST["v_ttl"]) &&
$_POST["v_ttl"] != "14400" &&
empty($_SESSION["error_msg"])
) {
$v_ttl = quoteshellarg($_POST["v_ttl"]);
exec(
HESTIA_CMD .
"v-change-dns-domain-ttl " .
$user .
" " .
$v_domain .
" " .
$v_ttl .
" no",
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
}
}
// Restart dns server
if (empty($_SESSION["error_msg"])) {
exec(HESTIA_CMD . "v-restart-dns", $output, $return_var);
check_return_code($return_var, $output);
unset($output);
}
// Flush field values on success
if (empty($_SESSION["error_msg"])) {
$_SESSION["ok_msg"] = htmlify_trans(
sprintf(
_("DNS zone {%s} has been created successfully."),
htmlentities($_POST["v_domain"]),
),
"</a>",
'<a href="/edit/dns/?domain=' . htmlentities($_POST["v_domain"]) . '">',
);
unset($v_domain);
}
}
// Check POST request for dns record
if (!empty($_POST["ok_rec"])) {
// Check token
if (!isset($_POST["token"]) || $_SESSION["token"] != $_POST["token"]) {
header("location: /login/");
exit();
}
// Check empty fields
if (empty($_POST["v_domain"])) {
$errors[] = _("Domain");
}
if (empty($_POST["v_rec"])) {
$errors[] = _("Record");
}
if (empty($_POST["v_type"])) {
$errors[] = _("Type");
}
if (empty($_POST["v_val"])) {
$errors[] = _("IP or Value");
}
if (!empty($errors[0])) {
foreach ($errors as $i => $error) {
if ($i == 0) {
$error_msg = $error;
} else {
$error_msg = $error_msg . ", " . $error;
}
}
$_SESSION["error_msg"] = sprintf(_('Field "%s" can not be blank.'), $error_msg);
}
// Protect input
$v_domain = quoteshellarg($_POST["v_domain"]);
$v_rec = quoteshellarg($_POST["v_rec"]);
$v_type = quoteshellarg($_POST["v_type"]);
$v_val = quoteshellarg($_POST["v_val"]);
$v_priority = quoteshellarg($_POST["v_priority"]);
$v_ttl = quoteshellarg($_POST["v_ttl"]);
// Add dns record
if (empty($_SESSION["error_msg"])) {
exec(
HESTIA_CMD .
"v-add-dns-record " .
$user .
" " .
$v_domain .
" " .
$v_rec .
" " .
$v_type .
" " .
$v_val .
" " .
$v_priority .
" '' yes " .
$v_ttl,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
}
$v_type = $_POST["v_type"];
// Flush field values on success
if (empty($_SESSION["error_msg"])) {
$_SESSION["ok_msg"] = htmlify_trans(
sprintf(
_("Record {%s.%s} has been created successfully."),
htmlentities($_POST["v_rec"]),
htmlentities($_POST["v_domain"]),
),
"</code>",
"<code>",
);
unset($v_domain);
unset($v_rec);
unset($v_val);
unset($v_priority);
unset($v_dnssec);
}
}
if (empty($v_ns1)) {
$v_ns1 = "";
}
if (empty($v_ns2)) {
$v_ns2 = "";
}
if (empty($v_ns3)) {
$v_ns3 = "";
}
if (empty($v_ns4)) {
$v_ns4 = "";
}
if (empty($v_ns5)) {
$v_ns5 = "";
}
if (empty($v_ns6)) {
$v_ns6 = "";
}
if (empty($v_ns7)) {
$v_ns7 = "";
}
if (empty($v_ns8)) {
$v_ns8 = "";
}
$v_ns1 = str_replace("'", "", $v_ns1);
$v_ns2 = str_replace("'", "", $v_ns2);
$v_ns3 = str_replace("'", "", $v_ns3);
$v_ns4 = str_replace("'", "", $v_ns4);
$v_ns5 = str_replace("'", "", $v_ns5);
$v_ns6 = str_replace("'", "", $v_ns6);
$v_ns7 = str_replace("'", "", $v_ns7);
$v_ns8 = str_replace("'", "", $v_ns8);
if (empty($v_ip) && count($v_ips) > 0) {
$ip = array_key_first($v_ips);
$v_ip = empty($v_ips[$ip]["NAT"]) ? $ip : $v_ips[$ip]["NAT"];
}
// List dns templates
exec(HESTIA_CMD . "v-list-dns-templates json", $output, $return_var);
$templates = json_decode(implode("", $output), true);
unset($output);
exec(HESTIA_CMD . "v-list-user " . $user . " json", $output, $return_var);
$user_config = json_decode(implode("", $output), true);
unset($output);
$v_template = $user_config[$user_plain]["DNS_TEMPLATE"];
if (empty($_GET["domain"])) {
// Display body for dns domain
if (empty($v_domain)) {
$v_domain = "";
}
if (empty($v_ttl)) {
$v_ttl = 14400;
}
if (empty($v_exp)) {
$v_exp = date("Y-m-d", strtotime("+1 year"));
}
if (empty($v_dnssec)) {
$v_dnssec = "";
}
if (empty($v_ns1)) {
exec(HESTIA_CMD . "v-list-user-ns " . $user . " json", $output, $return_var);
$nameservers = json_decode(implode("", $output), true);
for ($i = 0; $i < 8; $i++) {
if (empty($nameservers[$i])) {
$nameservers[$i] = "";
}
}
$v_ns1 = str_replace("'", "", $nameservers[0]);
$v_ns2 = str_replace("'", "", $nameservers[1]);
$v_ns3 = str_replace("'", "", $nameservers[2]);
$v_ns4 = str_replace("'", "", $nameservers[3]);
$v_ns5 = str_replace("'", "", $nameservers[4]);
$v_ns6 = str_replace("'", "", $nameservers[5]);
$v_ns7 = str_replace("'", "", $nameservers[6]);
$v_ns8 = str_replace("'", "", $nameservers[7]);
unset($output);
}
$accept = $_GET["accept"] ?? "";
render_page($user, $TAB, "add_dns");
} else {
// Display body for dns record
$v_domain = $_GET["domain"];
if (empty($v_rec)) {
$v_rec = "@";
}
if (empty($v_type)) {
$v_type = "";
}
if (empty($v_val)) {
$v_val = "";
}
if (empty($v_priority)) {
$v_priority = "";
}
if (empty($v_ttl)) {
$v_ttl = "";
}
if (empty($v_dnssec)) {
$v_dnssec = "";
}
$accept = $_GET["accept"] ?? "";
render_page($user, $TAB, "add_dns_rec");
}
// Flush session messages
unset($_SESSION["error_msg"]);
unset($_SESSION["ok_msg"]);

69
web/add/firewall/banlist/index.php Normal file
View File

@@ -0,0 +1,69 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
$TAB = "FIREWALL";
// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check user
if ($_SESSION["userContext"] != "admin") {
header("Location: /list/user");
exit();
}
// Check POST request
if (!empty($_POST["ok"])) {
// Check token
verify_csrf($_POST);
// Check empty fields
if (empty($_POST["v_chain"])) {
$errors[] = _("Banlist");
}
if (empty($_POST["v_ip"])) {
$errors[] = _("IP Address");
}
if (!empty($errors[0])) {
foreach ($errors as $i => $error) {
if ($i == 0) {
$error_msg = $error;
} else {
$error_msg = $error_msg . ", " . $error;
}
}
$_SESSION["error_msg"] = sprintf(_('Field "%s" can not be blank.'), $error_msg);
}
// Protect input
$v_chain = quoteshellarg($_POST["v_chain"]);
$v_ip = quoteshellarg($_POST["v_ip"]);
// Add firewall rule
if (empty($_SESSION["error_msg"])) {
exec(HESTIA_CMD . "v-add-firewall-ban " . $v_ip . " " . $v_chain, $output, $return_var);
check_return_code($return_var, $output);
unset($output);
}
// Flush field values on success
if (empty($_SESSION["error_msg"])) {
$_SESSION["ok_msg"] = _("IP address has been banned successfully.");
unset($v_chain);
unset($v_ip);
}
}
if (empty($v_ip)) {
$v_ip = "";
}
if (empty($v_chain)) {
$v_chain = "";
}
// Render
render_page($user, $TAB, "add_firewall_banlist");
// Flush session messages
unset($_SESSION["error_msg"]);
unset($_SESSION["ok_msg"]);

125
web/add/firewall/index.php Normal file
View File

@@ -0,0 +1,125 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
$TAB = "FIREWALL";
// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check user
if ($_SESSION["userContext"] != "admin") {
header("Location: /list/user");
exit();
}
// Get ipset lists
exec(HESTIA_CMD . "v-list-firewall-ipset 'json'", $output, $return_var);
check_return_code($return_var, $output);
$data = json_decode(implode("", $output), true);
unset($output);
$ipset_lists = [];
foreach ($data as $key => $value) {
if (isset($value["SUSPENDED"]) && $value["SUSPENDED"] === "yes") {
continue;
}
if (isset($value["IP_VERSION"]) && $value["IP_VERSION"] !== "v4") {
continue;
}
array_push($ipset_lists, ["name" => $key]);
}
$ipset_lists_json = json_encode($ipset_lists);
// Check POST request
if (!empty($_POST["ok"])) {
// Check token
// Check token
verify_csrf($_POST);
// Check empty fields
if (empty($_POST["v_action"])) {
$errors[] = _("Action");
}
if (empty($_POST["v_protocol"])) {
$errors[] = _("Protocol");
}
if (empty($_POST["v_port"]) && strlen($_POST["v_port"]) == 0) {
$errors[] = _("Port");
}
if (empty($_POST["v_ip"])) {
$errors[] = _("IP Address");
}
if (!empty($errors[0])) {
foreach ($errors as $i => $error) {
if ($i == 0) {
$error_msg = $error;
} else {
$error_msg = $error_msg . ", " . $error;
}
}
$_SESSION["error_msg"] = sprintf(_('Field "%s" can not be blank.'), $error_msg);
}
// Protect input
$v_action = quoteshellarg($_POST["v_action"]);
$v_protocol = quoteshellarg($_POST["v_protocol"]);
$v_port = str_replace(" ", ",", $_POST["v_port"]);
$v_port = preg_replace("/\,+/", ",", $v_port);
$v_port = trim($v_port, ",");
$v_port = quoteshellarg($v_port);
$v_ip = quoteshellarg($_POST["v_ip"]);
$v_comment = quoteshellarg($_POST["v_comment"]);
// Add firewall rule
if (empty($_SESSION["error_msg"])) {
exec(
HESTIA_CMD .
"v-add-firewall-rule " .
$v_action .
" " .
$v_ip .
" " .
$v_port .
" " .
$v_protocol .
" " .
$v_comment,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
}
// Flush field values on success
if (empty($_SESSION["error_msg"])) {
$_SESSION["ok_msg"] = _("Rule has been created successfully.");
unset($v_port);
unset($v_ip);
unset($v_comment);
}
}
if (empty($v_action)) {
$v_action = "";
}
if (empty($v_protocol)) {
$v_protocol = "";
}
if (empty($v_port)) {
$v_port = "";
}
if (empty($v_ip)) {
$v_ip = "";
}
if (empty($v_comment)) {
$v_comment = "";
}
// Render
render_page($user, $TAB, "add_firewall");
// Flush session messages
unset($_SESSION["error_msg"]);
unset($_SESSION["ok_msg"]);

90
web/add/firewall/ipset/index.php Normal file
View File

@@ -0,0 +1,90 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
$TAB = "FIREWALL";
// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check user
if ($_SESSION["userContext"] != "admin") {
header("Location: /list/user");
exit();
}
// Check POST request
if (!empty($_POST["ok"])) {
// Check token
verify_csrf($_POST);
// Check empty fields
if (empty($_POST["v_ipname"])) {
$errors[] = _("Name");
}
if (empty($_POST["v_datasource"])) {
$errors[] = _("Data Source");
}
if (empty($_POST["v_ipver"])) {
$errors[] = _("IP Version");
}
if (empty($_POST["v_autoupdate"])) {
$errors[] = _("Auto Update");
}
if (!empty($errors[0])) {
foreach ($errors as $i => $error) {
if ($i == 0) {
$error_msg = $error;
} else {
$error_msg = $error_msg . ", " . $error;
}
}
$_SESSION["error_msg"] = sprintf(_('Field "%s" can not be blank.'), $error_msg);
}
$v_ipname = $_POST["v_ipname"];
$v_datasource = $_POST["v_datasource"];
$v_ipver = $_POST["v_ipver"];
$v_autoupdate = $_POST["v_autoupdate"];
// Add firewall ipset list
if (empty($_SESSION["error_msg"])) {
exec(
HESTIA_CMD .
"v-add-firewall-ipset " .
quoteshellarg($v_ipname) .
" " .
quoteshellarg($v_datasource) .
" " .
quoteshellarg($v_ipver) .
" " .
quoteshellarg($v_autoupdate),
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
}
// Flush field values on success
if (empty($_SESSION["error_msg"])) {
$_SESSION["ok_msg"] = _("IP list has been created successfully.");
}
}
if (empty($v_ipname)) {
$v_ipname = "";
}
if (empty($v_datasource)) {
$v_datasource = "";
}
if (empty($v_ipver)) {
$v_ipver = "";
}
// Render
render_page($user, $TAB, "add_firewall_ipset");
// Flush session messages
unset($_SESSION["error_msg"]);
unset($_SESSION["ok_msg"]);

142
web/add/ip/index.php Normal file
View File

@@ -0,0 +1,142 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
$TAB = "IP";
// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check user
if ($_SESSION["userContext"] != "admin") {
header("Location: /list/user");
exit();
}
// Check POST request
if (!empty($_POST["ok"])) {
/// Check token
verify_csrf($_POST);
// Check empty fields
if (empty($_POST["v_ip"])) {
$errors[] = _("IP Address");
}
if (empty($_POST["v_netmask"])) {
$errors[] = _("Netmask");
}
if (empty($_POST["v_interface"])) {
$errors[] = _("Interface");
}
if (empty($_POST["v_owner"])) {
$errors[] = _("Assigned User");
}
if (!empty($errors[0])) {
foreach ($errors as $i => $error) {
if ($i == 0) {
$error_msg = $error;
} else {
$error_msg = $error_msg . ", " . $error;
}
}
$_SESSION["error_msg"] = sprintf(_('Field "%s" can not be blank.'), $error_msg);
}
// Protect input
$v_ip = quoteshellarg($_POST["v_ip"]);
$v_netmask = quoteshellarg($_POST["v_netmask"]);
$v_name = quoteshellarg($_POST["v_name"]);
$v_nat = quoteshellarg($_POST["v_nat"]);
$v_interface = quoteshellarg($_POST["v_interface"]);
$v_owner = quoteshellarg($_POST["v_owner"]);
$v_shared = $_POST["v_shared"];
// Check shared checkmark
if ($v_shared == "on") {
$ip_status = "shared";
} else {
$ip_status = "dedicated";
$v_dedicated = "yes";
}
// Add IP
if (empty($_SESSION["error_msg"])) {
exec(
HESTIA_CMD .
"v-add-sys-ip " .
$v_ip .
" " .
$v_netmask .
" " .
$v_interface .
" " .
$v_owner .
" " .
quoteshellarg($ip_status) .
" " .
$v_name .
" " .
$v_nat,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
$v_owner = $_POST["v_owner"];
$v_interface = $_POST["v_interface"];
}
// Flush field values on success
if (empty($_SESSION["error_msg"])) {
$_SESSION["ok_msg"] = htmlify_trans(
sprintf(
_("IP address {%s} has been created successfully."),
htmlentities($_POST["v_ip"]),
),
"</a>",
'<a href="/edit/ip/?ip=' . htmlentities($_POST["v_ip"]) . '">',
);
unset($v_ip);
unset($v_netmask);
unset($v_name);
unset($v_nat);
}
}
// List network interfaces
exec(HESTIA_CMD . "v-list-sys-interfaces 'json'", $output, $return_var);
$interfaces = json_decode(implode("", $output), true);
unset($output);
// List users
exec(HESTIA_CMD . "v-list-sys-users 'json'", $output, $return_var);
$users = json_decode(implode("", $output), true);
unset($output);
if (empty($v_ip)) {
$v_ip = "";
}
if (empty($v_netmask)) {
$v_netmask = "";
}
if (empty($v_name)) {
$v_name = "";
}
if (empty($v_nat)) {
$v_nat = "";
}
if (empty($v_interface)) {
$v_interface = "";
}
if (empty($ip_status)) {
$ip_status = "";
}
if (empty($v_owner)) {
$v_owner = "";
}
// Render
render_page($user, $TAB, "add_ip");
// Flush session messages
unset($_SESSION["error_msg"]);
unset($_SESSION["ok_msg"]);

83
web/add/key/index.php Normal file
View File

@@ -0,0 +1,83 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
$TAB = "USER";
// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check POST request
if (!empty($_POST["ok"])) {
// Check token
verify_csrf($_POST);
// Check empty fields
if (empty($_POST["v_key"])) {
$errors[] = _("SSH Key");
}
if (!empty($errors[0])) {
foreach ($errors as $i => $error) {
if ($i == 0) {
$error_msg = $error;
} else {
$error_msg = $error_msg . ", " . $error;
}
}
$_SESSION["error_msg"] = sprintf(_('Field "%s" can not be blank.'), $error_msg);
}
if ($_SESSION["userContext"] === "admin" && !empty($_GET["user"])) {
$user = quoteshellarg($_GET["user"]);
}
if (empty($_SESSION["error_msg"])) {
if ($_POST) {
//key if key already exists
exec(HESTIA_CMD . "v-list-user-ssh-key " . $user . " json", $output, $return_var);
$data = json_decode(implode("", $output), true);
unset($output);
$keylist = [];
$idlist = [];
foreach ($data as $key => $value) {
$idlist[] = trim($data[$key]["ID"]);
$keylist[] = trim($data[$key]["KEY"]);
}
$v_key_parts = explode(" ", $_POST["v_key"]);
$key_id = trim($v_key_parts[2]);
if ($v_key_parts[2] == "") {
$v_key_parts[2] = md5(time());
$_POST["v_key"] .= " " . $v_key_parts[2];
}
//for deleting / revoking key the last part user@domain is used therefore needs to be unique
//maybe consider adding random generated message or even an human read able string set by user?
if (in_array($v_key_parts[2], $idlist)) {
$_SESSION["error_msg"] = _("SSH Key already exists.");
}
if (in_array($v_key_parts[1], $keylist)) {
$_SESSION["error_msg"] = _("SSH Key already exists.");
}
$v_key = quoteshellarg(trim($_POST["v_key"]));
}
}
if (empty($_SESSION["error_msg"])) {
exec(HESTIA_CMD . "v-add-user-ssh-key " . $user . " " . $v_key, $output, $return_var);
check_return_code($return_var, $output);
}
unset($output);
// Flush field values on success
if (empty($_SESSION["error_msg"])) {
$_SESSION["ok_msg"] = _("SSH Key has been created successfully.");
}
}
if (empty($v_key)) {
$v_key = "";
}
render_page($user, $TAB, "add_key");
// Flush session messages
unset($_SESSION["error_msg"]);
unset($_SESSION["ok_msg"]);

593
web/add/mail/index.php Normal file
View File

@@ -0,0 +1,593 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
$TAB = "MAIL";
// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
exec(HESTIA_CMD . "v-list-sys-webmail json", $output, $return_var);
$webmail_clients = json_decode(implode("", $output), true);
unset($output);
if (!empty($_GET["domain"])) {
$v_domain = $_GET["domain"];
}
if (!empty($v_domain)) {
// Set webmail alias
exec(
HESTIA_CMD . "v-list-mail-domain " . $user . " " . quoteshellarg($v_domain) . " json",
$output,
$return_var,
);
if ($return_var > 0) {
check_return_code_redirect($return_var, $output, "/list/mail/");
}
$data = json_decode(implode("", $output), true);
unset($output);
$v_webmail_alias = $data[$v_domain]["WEBMAIL_ALIAS"];
}
// Check POST request for mail domain
if (!empty($_POST["ok"])) {
// Check token
verify_csrf($_POST);
// Check empty fields
if (empty($_POST["v_domain"])) {
$errors[] = _("Domain");
}
if (!empty($errors[0])) {
foreach ($errors as $i => $error) {
if ($i == 0) {
$error_msg = $error;
} else {
$error_msg = $error_msg . ", " . $error;
}
}
$_SESSION["error_msg"] = sprintf(_('Field "%s" can not be blank.'), $error_msg);
}
// Check antispam option
if (!empty($_POST["v_antispam"])) {
$v_antispam = "yes";
} else {
$v_antispam = "no";
}
// Check antivirus option
if (!empty($_POST["v_antivirus"])) {
$v_antivirus = "yes";
} else {
$v_antivirus = "no";
}
// Check dkim option
if (!empty($_POST["v_dkim"])) {
$v_dkim = "yes";
} else {
$v_dkim = "no";
}
// Set domain name to lowercase and remove www prefix
$v_domain = preg_replace("/^www./i", "", $_POST["v_domain"]);
$v_domain = quoteshellarg($v_domain);
$v_domain = strtolower($v_domain);
// Add mail domain
if (empty($_SESSION["error_msg"])) {
exec(
HESTIA_CMD .
"v-add-mail-domain " .
$user .
" " .
$v_domain .
" " .
$v_antispam .
" " .
$v_antivirus .
" " .
$v_dkim,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
}
if (!empty($_POST["v_reject"]) && $v_antispam == "yes") {
exec(
HESTIA_CMD . "v-add-mail-domain-reject " . $user . " " . $v_domain . " yes",
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
}
if (!empty($_SESSION["IMAP_SYSTEM"]) && !empty($_SESSION["WEBMAIL_SYSTEM"])) {
if (empty($_SESSION["error_msg"])) {
if (!empty($_POST["v_webmail"])) {
$v_webmail = quoteshellarg($_POST["v_webmail"]);
exec(
HESTIA_CMD .
"v-add-mail-domain-webmail " .
$user .
" " .
$v_domain .
" " .
$v_webmail .
" yes",
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
}
}
}
if (!empty($_SESSION["IMAP_SYSTEM"]) && !empty($_SESSION["WEBMAIL_SYSTEM"])) {
if (empty($_POST["v_webmail"])) {
if (empty($_SESSION["error_msg"])) {
exec(
HESTIA_CMD . "v-delete-mail-domain-webmail " . $user . " " . $v_domain . " yes",
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
}
}
}
// Add SMTP Relay Support
if (empty($_SESSION["error_msg"])) {
if (isset($_POST["v_smtp_relay"]) && !empty($_POST["v_smtp_relay_host"])) {
if (
$_POST["v_smtp_relay_host"] != $v_smtp_relay_host ||
$_POST["v_smtp_relay_user"] != $v_smtp_relay_user ||
$_POST["v_smtp_relay_port"] != $v_smtp_relay_port
) {
$v_smtp_relay = true;
$v_smtp_relay_host = quoteshellarg($_POST["v_smtp_relay_host"]);
$v_smtp_relay_user = quoteshellarg($_POST["v_smtp_relay_user"]);
$v_smtp_relay_pass = quoteshellarg($_POST["v_smtp_relay_pass"]);
if (!empty($_POST["v_smtp_relay_port"])) {
$v_smtp_relay_port = quoteshellarg($_POST["v_smtp_relay_port"]);
} else {
$v_smtp_relay_port = "587";
}
exec(
HESTIA_CMD .
"v-add-mail-domain-smtp-relay " .
$user .
" " .
$v_domain .
" " .
$v_smtp_relay_host .
" " .
$v_smtp_relay_user .
" " .
$v_smtp_relay_pass .
" " .
$v_smtp_relay_port,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
}
}
}
// Flush field values on success
if (empty($_SESSION["error_msg"])) {
$_SESSION["ok_msg"] = htmlify_trans(
sprintf(
_("Mail domain {%s} has been created successfully."),
htmlentities($_POST["v_domain"]),
),
"</a>",
'<a href="/list/mail/?domain=' . htmlentities($_POST["v_domain"]) . '">',
);
unset($v_domain, $v_webmail);
}
}
// Check POST request for mail account
if (!empty($_POST["ok_acc"])) {
// Check token
if (!isset($_POST["token"]) || $_SESSION["token"] != $_POST["token"]) {
header("location: /login/");
exit();
}
// Check antispam option
if (!empty($_POST["v_blackhole"])) {
$v_blackhole = "yes";
} else {
$v_blackhole = "no";
}
// Check empty fields
if (empty($_POST["v_domain"])) {
$errors[] = _("Domain");
}
if (empty($_POST["v_account"])) {
$errors[] = _("Account");
}
if (empty($_POST["v_fwd_only"]) && empty($_POST["v_password"])) {
if (empty($_POST["v_password"])) {
$errors[] = _("Password");
}
}
if (!empty($errors[0])) {
foreach ($errors as $i => $error) {
if ($i == 0) {
$error_msg = $error;
} else {
$error_msg = $error_msg . ", " . $error;
}
}
$_SESSION["error_msg"] = sprintf(_('Field "%s" can not be blank.'), $error_msg);
}
// Validate email
if (!empty($_POST["v_send_email"]) && empty($_SESSION["error_msg"])) {
if (!filter_var($_POST["v_send_email"], FILTER_VALIDATE_EMAIL)) {
$_SESSION["error_msg"] = _("Please enter a valid email address.");
}
}
// Check password length
if (empty($_SESSION["error_msg"]) && empty($_POST["v_fwd_only"])) {
if (!validate_password($_POST["v_password"])) {
$_SESSION["error_msg"] = _("Password does not match the minimum requirements.");
}
}
// Protect input
$v_domain = quoteshellarg($_POST["v_domain"]);
$v_domain = strtolower($v_domain);
$v_account = quoteshellarg($_POST["v_account"]);
$v_quota = quoteshellarg($_POST["v_quota"]);
$v_send_email = $_POST["v_send_email"];
$v_aliases = $_POST["v_aliases"];
$v_fwd = $_POST["v_fwd"];
if (empty($_POST["v_quota"])) {
$v_quota = 0;
}
if (!empty($_POST["v_quota"]) || !empty($_POST["v_aliases"]) || !empty($_POST["v_fwd"])) {
$v_adv = "yes";
}
// Add Mail Account
if (empty($_SESSION["error_msg"])) {
$v_password = tempnam("/tmp", "vst");
$fp = fopen($v_password, "w");
fwrite($fp, $_POST["v_password"] . "\n");
fclose($fp);
exec(
HESTIA_CMD .
"v-add-mail-account " .
$user .
" " .
$v_domain .
" " .
$v_account .
" " .
$v_password .
" " .
$v_quota,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
unlink($v_password);
$v_password = quoteshellarg($_POST["v_password"]);
}
// Add Aliases
if (!empty($_POST["v_aliases"]) && empty($_SESSION["error_msg"])) {
$valiases = preg_replace("/\n/", " ", $_POST["v_aliases"]);
$valiases = preg_replace("/,/", " ", $valiases);
$valiases = preg_replace("/\s+/", " ", $valiases);
$valiases = trim($valiases);
$aliases = explode(" ", $valiases);
foreach ($aliases as $alias) {
$alias = quoteshellarg($alias);
if (empty($_SESSION["error_msg"])) {
exec(
HESTIA_CMD .
"v-add-mail-account-alias " .
$user .
" " .
$v_domain .
" " .
$v_account .
" " .
$alias,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
}
}
}
if (!empty($_POST["v_blackhole"]) && empty($_SESSION["error_msg"])) {
exec(
HESTIA_CMD .
"v-add-mail-account-forward " .
$user .
" " .
$v_domain .
" " .
$v_account .
" :blackhole:",
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
//disable any input in v_fwd
$_POST["v_fwd"] = "";
}
// Add Forwarders
if (!empty($_POST["v_fwd"]) && empty($_SESSION["error_msg"])) {
$vfwd = preg_replace("/\n/", " ", $_POST["v_fwd"]);
$vfwd = preg_replace("/,/", " ", $vfwd);
$vfwd = preg_replace("/\s+/", " ", $vfwd);
$vfwd = trim($vfwd);
$fwd = explode(" ", $vfwd);
foreach ($fwd as $forward) {
$forward = quoteshellarg($forward);
if (empty($_SESSION["error_msg"])) {
exec(
HESTIA_CMD .
"v-add-mail-account-forward " .
$user .
" " .
$v_domain .
" " .
$v_account .
" " .
$forward,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
}
}
}
// Add fwd_only flag
if (!empty($_POST["v_fwd_only"]) && empty($_SESSION["error_msg"])) {
exec(
HESTIA_CMD .
"v-add-mail-account-fwd-only " .
$user .
" " .
$v_domain .
" " .
$v_account,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
}
// Add fwd_only flag
if (
!empty($_POST["v_rate"]) &&
empty($_SESSION["error_msg"]) &&
$_SESSION["userContext"] == "admin"
) {
$v_rate = quoteshellarg($_POST["v_rate"]);
exec(
HESTIA_CMD .
"v-change-mail-account-rate-limit " .
$user .
" " .
$v_domain .
" " .
$v_account .
" " .
$v_rate,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
}
// Get webmail url
if (empty($_SESSION["error_msg"])) {
[$hostname, $port] = explode(":", $_SERVER["HTTP_HOST"] . ":");
$webmail = "http://" . $hostname . "/" . $v_webmail_alias . "/";
if (!empty($_SESSION["WEBMAIL_ALIAS"])) {
$webmail = $_SESSION["WEBMAIL_ALIAS"];
}
}
// Email login credentials
if (!empty($_POST["v_send_email"]) && empty($_SESSION["error_msg"])) {
$to = $_POST["v_send_email"];
$template = get_email_template("email_credentials", $_SESSION["language"]);
if (!empty($template)) {
preg_match("/<subject>(.*?)<\/subject>/si", $template, $matches);
$subject = $matches[1];
$subject = str_replace(
["{{hostname}}", "{{appname}}", "{{account}}", "{{domain}}"],
[
get_hostname(),
$_SESSION["APP_NAME"],
htmlentities(strtolower($_POST["v_account"])),
htmlentities($_POST["v_domain"]),
],
$subject,
);
$template = str_replace($matches[0], "", $template);
} else {
$template = _(
"Mail account has been created.\n" .
"\n" .
"Common Account Settings:\n" .
"Username: {{account}}@{{domain}}\n" .
"Password: {{password}}\n" .
"Webmail: {{webmail}}\n" .
"Hostname: {{hostname}}\n" .
"\n" .
"IMAP Settings\n" .
"Authentication: Normal Password\n" .
"SSL/TLS: Port 993\n" .
"STARTTLS: Port 143\n" .
"No encryption: Port 143\n" .
"\n" .
"POP3 Settings\n" .
"Authentication: Normal Password\n" .
"SSL/TLS: Port 995\n" .
"STARTTLS: Port 110\n" .
"No encryption: Port 110\n" .
"\n" .
"SMTP Settings\n" .
"Authentication: Normal Password\n" .
"SSL/TLS: Port 465\n" .
"STARTTLS: Port 587\n" .
"No encryption: Port 25\n" .
"\n" .
"Best regards,\n" .
"\n" .
"--\n" .
"{{appname}}",
);
}
if (empty($subject)) {
$subject = str_replace(
["{{subject}}", "{{hostname}}", "{{appname}}"],
[
sprintf(
_("Email Credentials: %s@%s"),
htmlentities(strtolower($_POST["v_account"])),
htmlentities($_POST["v_domain"]),
),
get_hostname(),
$_SESSION["APP_NAME"],
],
$_SESSION["SUBJECT_EMAIL"],
);
}
$hostname = get_hostname();
$from = !empty($_SESSION["FROM_EMAIL"]) ? $_SESSION["FROM_EMAIL"] : "noreply@" . $hostname;
$from_name = !empty($_SESSION["FROM_NAME"])
? $_SESSION["FROM_NAME"]
: $_SESSION["APP_NAME"];
$mailtext = translate_email($template, [
"domain" => htmlentities($_POST["v_domain"]),
"account" => htmlentities(strtolower($_POST["v_account"])),
"password" => htmlentities($_POST["v_password"]),
"webmail" => $webmail . "." . htmlentities($_POST["v_domain"]),
"hostname" => "mail." . htmlentities($_POST["v_domain"]),
"appname" => $_SESSION["APP_NAME"],
]);
send_email($to, $subject, $mailtext, $from, $from_name);
}
// Flush field values on success
if (empty($_SESSION["error_msg"])) {
$_SESSION["ok_msg"] = htmlify_trans(
sprintf(
_("Mail account {%s@%s} has been created successfully."),
htmlentities(strtolower($_POST["v_account"])),
htmlentities($_POST["v_domain"]),
),
"</a>",
'<a href="/edit/mail/?account=' .
htmlentities(strtolower($_POST["v_account"])) .
"&domain=" .
htmlentities($_POST["v_domain"]) .
'">',
);
unset($v_account);
unset($v_password);
unset($v_aliases);
unset($v_fwd);
unset($v_quota);
}
}
// Render page
if (empty($_GET["domain"])) {
// Display body for mail domain
if (!empty($_POST["v_webmail"])) {
$v_webmail = $_POST["v_webmail"];
} else {
//default is always roundcube unless it hasn't been installed. Then picks the first one in order
$v_webmail = "roundcube";
}
if (empty($_GET["accept"])) {
$_GET["accept"] = false;
}
if (empty($v_domain)) {
$v_domain = "";
}
if (empty($v_smtp_relay)) {
$v_smtp_relay = "";
}
if (empty($v_smtp_relay_user)) {
$v_smtp_relay_user = "";
}
if (empty($v_smtp_relay_password)) {
$v_smtp_relay_password = "";
}
if (empty($v_smtp_relay_host)) {
$v_smtp_relay_host = "";
}
if (empty($v_smtp_relay_port)) {
$v_smtp_relay_port = "";
}
$accept = $_GET["accept"] ?? "";
render_page($user, $TAB, "add_mail");
} else {
// Display body for mail account
if (empty($v_account)) {
$v_account = "";
}
if (empty($v_quota)) {
$v_quota = "";
}
if (empty($v_rate)) {
$v_rate = "";
}
if (empty($v_blackhole)) {
$v_blackhole = "";
}
if (empty($v_fwd_only)) {
$v_fwd_only = "";
}
if (empty($v_aliases)) {
$v_aliases = "";
}
if (empty($v_send_email)) {
$v_send_email = "";
}
if (empty($v_fwd)) {
$v_fwd = "";
}
$v_domain = $_GET["domain"];
render_page($user, $TAB, "add_mail_acc");
}
// Flush session messages
unset($_SESSION["error_msg"]);
unset($_SESSION["ok_msg"]);

326
web/add/package/index.php Normal file
View File

@@ -0,0 +1,326 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
$TAB = "PACKAGE";
// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check user
if ($_SESSION["userContext"] != "admin") {
header("Location: /list/user");
exit();
}
// Check POST request
if (!empty($_POST["ok"])) {
// Check token
verify_csrf($_POST);
// Check empty fields
if (empty($_POST["v_package"])) {
$errors[] = _("Package");
}
if (empty($_POST["v_web_template"])) {
$errors[] = _("Web Template");
}
if (!empty($_SESSION["WEB_BACKEND"])) {
if (empty($_POST["v_backend_template"])) {
$errors[] = _("Backend Template");
}
} else {
# When modphp is enabled
$_POST["v_backend_template"] = "";
}
if (!empty($_SESSION["PROXY_SYSTEM"])) {
if (empty($_POST["v_proxy_template"])) {
$errors[] = _("Proxy Template");
}
} else {
# when nginx only is enabled
$_POST["v_proxy_template"] = "default";
}
if (empty($_POST["v_dns_template"])) {
$errors[] = _("DNS Template");
}
if (empty($_POST["v_shell"])) {
$errrors[] = _("Shell");
}
if (!isset($_POST["v_web_domains"])) {
$errors[] = _("Web Domains");
}
if (!isset($_POST["v_web_aliases"])) {
$errors[] = _("Web Aliases");
}
if (!isset($_POST["v_dns_domains"])) {
$errors[] = _("DNS Zones");
}
if (!isset($_POST["v_dns_records"])) {
$errors[] = _("DNS Records");
}
if (!isset($_POST["v_mail_domains"])) {
$errors[] = _("Mail Domains");
}
if (!isset($_POST["v_mail_accounts"])) {
$errors[] = _("Mail Accounts");
}
if (!isset($_POST["v_databases"])) {
$errors[] = _("Databases");
}
if (!isset($_POST["v_cron_jobs"])) {
$errors[] = _("Cron Jobs");
}
if (!isset($_POST["v_backups"])) {
$errors[] = _("Backups");
}
if (!isset($_POST["v_disk_quota"])) {
$errors[] = _("Quota");
}
if (!isset($_POST["v_bandwidth"])) {
$errors[] = _("Bandwidth");
}
if (!isset($_POST["v_ratelimit"])) {
$errors[] = _("Rate Limit");
}
// Check if name server entries are blank if DNS server is installed
if (isset($_SESSION["DNS_SYSTEM"]) && !empty($_SESSION["DNS_SYSTEM"])) {
if (empty($_POST["v_ns1"])) {
$errors[] = _("Nameserver 1");
}
if (empty($_POST["v_ns2"])) {
$errors[] = _("Nameserver 2");
}
}
if (!empty($errors[0])) {
foreach ($errors as $i => $error) {
if ($i == 0) {
$error_msg = $error;
} else {
$error_msg = $error_msg . ", " . $error;
}
}
$_SESSION["error_msg"] = sprintf(_('Field "%s" can not be blank.'), $error_msg);
}
// Protect input
$v_package = quoteshellarg($_POST["v_package"]);
$v_web_template = quoteshellarg($_POST["v_web_template"]);
$v_backend_template = quoteshellarg($_POST["v_backend_template"]);
$v_proxy_template = quoteshellarg($_POST["v_proxy_template"]);
$v_dns_template = quoteshellarg($_POST["v_dns_template"]);
$v_shell = quoteshellarg($_POST["v_shell"]);
$v_web_domains = quoteshellarg($_POST["v_web_domains"]);
$v_web_aliases = quoteshellarg($_POST["v_web_aliases"]);
$v_dns_domains = quoteshellarg($_POST["v_dns_domains"]);
$v_dns_records = quoteshellarg($_POST["v_dns_records"]);
$v_mail_domains = quoteshellarg($_POST["v_mail_domains"]);
$v_mail_accounts = quoteshellarg($_POST["v_mail_accounts"]);
$v_databases = quoteshellarg($_POST["v_databases"]);
$v_cron_jobs = quoteshellarg($_POST["v_cron_jobs"]);
$v_backups = quoteshellarg($_POST["v_backups"]);
$v_disk_quota = quoteshellarg($_POST["v_disk_quota"]);
$v_bandwidth = quoteshellarg($_POST["v_bandwidth"]);
$v_ratelimit = quoteshellarg($_POST["v_ratelimit"]);
$v_ns1 = !empty($_POST["v_ns1"]) ? trim($_POST["v_ns1"], ".") : "";
$v_ns2 = !empty($_POST["v_ns2"]) ? trim($_POST["v_ns2"], ".") : "";
$v_ns3 = !empty($_POST["v_ns3"]) ? trim($_POST["v_ns3"], ".") : "";
$v_ns4 = !empty($_POST["v_ns4"]) ? trim($_POST["v_ns4"], ".") : "";
$v_ns5 = !empty($_POST["v_ns5"]) ? trim($_POST["v_ns5"], ".") : "";
$v_ns6 = !empty($_POST["v_ns6"]) ? trim($_POST["v_ns6"], ".") : "";
$v_ns7 = !empty($_POST["v_ns7"]) ? trim($_POST["v_ns7"], ".") : "";
$v_ns8 = !empty($_POST["v_ns8"]) ? trim($_POST["v_ns8"], ".") : "";
$v_ns = $v_ns1 . "," . $v_ns2;
if (!empty($v_ns3)) {
$v_ns .= "," . $v_ns3;
}
if (!empty($v_ns4)) {
$v_ns .= "," . $v_ns4;
}
if (!empty($v_ns5)) {
$v_ns .= "," . $v_ns5;
}
if (!empty($v_ns6)) {
$v_ns .= "," . $v_ns6;
}
if (!empty($v_ns7)) {
$v_ns .= "," . $v_ns7;
}
if (!empty($v_ns8)) {
$v_ns .= "," . $v_ns8;
}
$v_ns = quoteshellarg($v_ns);
$v_time = quoteshellarg(date("H:i:s"));
$v_date = quoteshellarg(date("Y-m-d"));
// Create package file
if (empty($_SESSION["error_msg"])) {
$pkg = "WEB_TEMPLATE=" . $v_web_template . "\n";
if (!empty($_SESSION["WEB_BACKEND"])) {
$pkg .= "BACKEND_TEMPLATE=" . $v_backend_template . "\n";
}
if (!empty($_SESSION["PROXY_SYSTEM"])) {
$pkg .= "PROXY_TEMPLATE=" . $v_proxy_template . "\n";
}
$pkg .= "DNS_TEMPLATE=" . $v_dns_template . "\n";
$pkg .= "WEB_DOMAINS=" . $v_web_domains . "\n";
$pkg .= "WEB_ALIASES=" . $v_web_aliases . "\n";
$pkg .= "DNS_DOMAINS=" . $v_dns_domains . "\n";
$pkg .= "DNS_RECORDS=" . $v_dns_records . "\n";
$pkg .= "MAIL_DOMAINS=" . $v_mail_domains . "\n";
$pkg .= "MAIL_ACCOUNTS=" . $v_mail_accounts . "\n";
$pkg .= "DATABASES=" . $v_databases . "\n";
$pkg .= "CRON_JOBS=" . $v_cron_jobs . "\n";
$pkg .= "DISK_QUOTA=" . $v_disk_quota . "\n";
$pkg .= "BANDWIDTH=" . $v_bandwidth . "\n";
$pkg .= "RATE_LIMIT=" . $v_ratelimit . "\n";
$pkg .= "NS=" . $v_ns . "\n";
$pkg .= "SHELL=" . $v_shell . "\n";
$pkg .= "BACKUPS=" . $v_backups . "\n";
$pkg .= "TIME=" . $v_time . "\n";
$pkg .= "DATE=" . $v_date . "\n";
$tmpfile = tempnam("/tmp/", "hst_");
$fp = fopen($tmpfile, "w");
fwrite($fp, $pkg);
exec(
HESTIA_CMD . "v-add-user-package " . $tmpfile . " " . $v_package,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
fclose($fp);
unlink($tmpfile);
}
// Flush field values on success
if (empty($_SESSION["error_msg"])) {
$_SESSION["ok_msg"] = htmlify_trans(
sprintf(
_("Package {%s} has been created successfully."),
htmlentities($_POST["v_package"]),
),
"</a>",
'<a href="/edit/package/?package=' . htmlentities($_POST["v_package"]) . '">',
);
unset($v_package);
}
}
// List web temmplates
exec(HESTIA_CMD . "v-list-web-templates json", $output, $return_var);
$web_templates = json_decode(implode("", $output), true);
unset($output);
// List web templates for backend
if (!empty($_SESSION["WEB_BACKEND"])) {
exec(HESTIA_CMD . "v-list-web-templates-backend json", $output, $return_var);
$backend_templates = json_decode(implode("", $output), true);
unset($output);
}
// List web templates for proxy
if (!empty($_SESSION["PROXY_SYSTEM"])) {
exec(HESTIA_CMD . "v-list-web-templates-proxy json", $output, $return_var);
$proxy_templates = json_decode(implode("", $output), true);
unset($output);
}
// List DNS templates
exec(HESTIA_CMD . "v-list-dns-templates json", $output, $return_var);
$dns_templates = json_decode(implode("", $output), true);
unset($output);
// List system shells
exec(HESTIA_CMD . "v-list-sys-shells json", $output, $return_var);
$shells = json_decode(implode("", $output), true);
unset($output);
// Set default values
if (empty($v_package)) {
$v_package = "";
}
if (empty($v_web_template)) {
$v_web_template = "default";
}
if (empty($v_backend_template)) {
$v_backend_template = "default";
}
if (empty($v_proxy_template)) {
$v_proxy_template = "default";
}
if (empty($v_dns_template)) {
$v_dns_template = "default";
}
if (empty($v_shell)) {
$v_shell = "nologin";
}
if (empty($v_web_domains)) {
$v_web_domains = "'1'";
}
if (empty($v_web_aliases)) {
$v_web_aliases = "'5'";
}
if (empty($v_dns_domains)) {
$v_dns_domains = "'1'";
}
if (empty($v_dns_records)) {
$v_dns_records = "'unlimited'";
}
if (empty($v_mail_domains)) {
$v_mail_domains = "'1'";
}
if (empty($v_mail_accounts)) {
$v_mail_accounts = "'5'";
}
if (empty($v_databases)) {
$v_databases = "'1'";
}
if (empty($v_cron_jobs)) {
$v_cron_jobs = "'1'";
}
if (empty($v_backups)) {
$v_backups = "'1'";
}
if (empty($v_disk_quota)) {
$v_disk_quota = "'1000'";
}
if (empty($v_bandwidth)) {
$v_bandwidth = "'1000'";
}
if (empty($v_ratelimit)) {
$v_ratelimit = "'200'";
}
if (empty($v_ns1)) {
$v_ns1 = "ns1.example.tld";
}
if (empty($v_ns2)) {
$v_ns2 = "ns2.example.tld";
}
if (empty($v_ns3)) {
$v_ns3 = "";
}
if (empty($v_ns4)) {
$v_ns4 = "";
}
if (empty($v_ns5)) {
$v_ns5 = "";
}
if (empty($v_ns6)) {
$v_ns6 = "";
}
if (empty($v_ns7)) {
$v_ns7 = "";
}
if (empty($v_ns8)) {
$v_ns8 = "";
}
// Render page
render_page($user, $TAB, "add_package");
// Flush session messages
unset($_SESSION["error_msg"]);
unset($_SESSION["ok_msg"]);

285
web/add/user/index.php Normal file
View File

@@ -0,0 +1,285 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
$TAB = "USER";
// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check user
if ($_SESSION["userContext"] != "admin") {
header("Location: /list/user");
exit();
}
// Check POST request
if (!empty($_POST["ok"])) {
// Check token
verify_csrf($_POST);
// Check empty fields
if (empty($_POST["v_username"])) {
$errors[] = _("Username");
}
if (empty($_POST["v_password"])) {
$errors[] = _("Password");
}
if (empty($_POST["v_package"])) {
$errrors[] = _("Package");
}
if (empty($_POST["v_email"])) {
$errors[] = _("Email");
}
if (empty($_POST["v_name"])) {
$errors[] = _("Contact Name");
}
if (!empty($errors)) {
foreach ($errors as $i => $error) {
if ($i == 0) {
$error_msg = $error;
} else {
$error_msg = $error_msg . ", " . $error;
}
}
$_SESSION["error_msg"] = sprintf(_('Field "%s" can not be blank.'), $error_msg);
}
// Validate email
if (empty($_SESSION["error_msg"]) && !filter_var($_POST["v_email"], FILTER_VALIDATE_EMAIL)) {
$_SESSION["error_msg"] = _("Please enter a valid email address.");
}
// Check password length
if (empty($_SESSION["error_msg"])) {
if (!validate_password($_POST["v_password"])) {
$_SESSION["error_msg"] = _("Password does not match the minimum requirements.");
}
}
// Protect input
$v_username = quoteshellarg($_POST["v_username"]);
$v_email = quoteshellarg($_POST["v_email"]);
$v_package = quoteshellarg($_POST["v_package"]);
$v_language = quoteshellarg($_POST["v_language"]);
$v_name = quoteshellarg($_POST["v_name"]);
$v_notify = $_POST["v_notify"];
// Add user
if (empty($_SESSION["error_msg"])) {
$v_password = tempnam("/tmp", "vst");
$fp = fopen($v_password, "w");
fwrite($fp, $_POST["v_password"] . "\n");
fclose($fp);
exec(
HESTIA_CMD .
"v-add-user " .
$v_username .
" " .
$v_password .
" " .
$v_email .
" " .
$v_package .
" " .
$v_name,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
unlink($v_password);
$v_password = quoteshellarg($_POST["v_password"]);
}
// Set language
if (empty($_SESSION["error_msg"])) {
exec(
HESTIA_CMD . "v-change-user-language " . $v_username . " " . $v_language,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
}
// Set Role
if (empty($_SESSION["error_msg"])) {
$v_role = quoteshellarg($_POST["v_role"]);
exec(
HESTIA_CMD . "v-change-user-role " . $v_username . " " . $v_role,
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
}
// Set login restriction
if (empty($_SESSION["error_msg"])) {
if (!empty($_POST["v_login_disabled"])) {
$_POST["v_login_disabled"] = "yes";
exec(
HESTIA_CMD .
"v-change-user-config-value " .
$v_username .
" LOGIN_DISABLED " .
quoteshellarg($_POST["v_login_disabled"]),
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
}
}
// Send email to the new user
if (empty($_SESSION["error_msg"]) && !empty($v_notify)) {
$to = $_POST["v_notify"];
// send email in "users" language
putenv("LANGUAGE=" . $_POST["v_language"]);
$name = empty($_POST["v_name"]) ? $_POST["v_username"] : $_POST["v_name"];
$template = get_email_template("account_ready", $v_language);
if (!empty($template)) {
preg_match("/<subject>(.*?)<\/subject>/si", $template, $matches);
$subject = $matches[1];
$subject = str_replace(
["{{hostname}}", "{{appname}}", "{{user}}", "{{name}}"],
[get_hostname(), $_SESSION["APP_NAME"], $_POST["v_username"], $name],
$subject,
);
$template = str_replace($matches[0], "", $template);
} else {
$template = _(
"Hello {{name}},\n" .
"\n" .
"Your account has been created and ready to use.\n" .
"\n" .
"https://{{hostname}}/login/\n" .
"Username: {{user}}\n" .
"Password: {{password}}\n" .
"\n" .
"Best regards,\n" .
"\n" .
"--\n" .
"{{appname}}",
);
}
if (empty($subject)) {
$subject = str_replace(
["{{subject}}", "{{hostname}}", "{{appname}}"],
[
sprintf(_("Welcome to %s"), $_SESSION["APP_NAME"]),
get_hostname(),
$_SESSION["APP_NAME"],
],
$_SESSION["SUBJECT_EMAIL"],
);
}
$hostname = get_hostname();
$from = !empty($_SESSION["FROM_EMAIL"]) ? $_SESSION["FROM_EMAIL"] : "noreply@" . $hostname;
$from_name = !empty($_SESSION["FROM_NAME"])
? $_SESSION["FROM_NAME"]
: $_SESSION["APP_NAME"];
if ($hostname) {
$host = preg_replace("/(\[?[^]]*\]?):([0-9]{1,5})$/", "$1", $_SERVER["HTTP_HOST"]);
if ($host == $hostname) {
$port_is_defined = preg_match("/\[?[^]]*\]?:[0-9]{1,5}$/", $_SERVER["HTTP_HOST"]);
if ($port_is_defined) {
$port =
":" .
preg_replace("/(\[?[^]]*\]?):([0-9]{1,5})$/", "$2", $_SERVER["HTTP_HOST"]);
} else {
$port = "";
}
} else {
$port = ":" . $_SERVER["SERVER_PORT"];
}
$hostname = $hostname . $port;
} else {
$hostname = $_SERVER["HTTP_HOST"];
}
$mailtext = translate_email($template, [
"name" => htmlentities($name),
"user" => htmlentities($_POST["v_username"]),
"password" => htmlentities($_POST["v_password"]),
"hostname" => htmlentities($hostname),
"appname" => $_SESSION["APP_NAME"],
]);
send_email($to, $subject, $mailtext, $from, $from_name, $name);
putenv("LANGUAGE=" . detect_user_language());
}
// Flush field values on success
if (empty($_SESSION["error_msg"])) {
$_SESSION["ok_msg"] = htmlify_trans(
sprintf(
_("User {%s} has been created successfully. / {Log in as %s}"),
htmlentities($_POST["v_username"]),
htmlentities($_POST["v_username"]),
),
"</a>",
'<a href="/edit/user/?user=' . htmlentities($_POST["v_username"]) . '">',
'<a href="/login/?loginas=' .
htmlentities($_POST["v_username"]) .
"&token=" .
htmlentities($_SESSION["token"]) .
'">',
);
unset($v_username);
unset($v_password);
unset($v_email);
unset($v_name);
unset($v_notify);
}
}
// List hosting packages
exec(HESTIA_CMD . "v-list-user-packages json", $output, $return_var);
check_error($return_var);
$data = json_decode(implode("", $output), true);
unset($output);
// List languages
exec(HESTIA_CMD . "v-list-sys-languages json", $output, $return_var);
$language = json_decode(implode("", $output), true);
foreach ($language as $lang) {
$languages[$lang] = translate_json($lang);
}
asort($languages);
if (empty($v_username)) {
$v_username = "";
}
if (empty($v_name)) {
$v_name = "";
}
if (empty($v_email)) {
$v_email = "";
}
if (empty($v_password)) {
$v_password = "";
}
if (empty($v_login_disabled)) {
$v_login_disabled = "";
}
if (empty($v_role)) {
$v_role = "";
}
if (empty($v_notify)) {
$v_notify = "";
}
// Render page
render_page($user, $TAB, "add_user");
// Flush session messages
unset($_SESSION["error_msg"]);
unset($_SESSION["ok_msg"]);

190
web/add/web/index.php Normal file
View File

@@ -0,0 +1,190 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
$TAB = "WEB";
// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
// Check POST request
if (!empty($_POST["ok"])) {
// Check token
verify_csrf($_POST);
// Check for empty fields
if (empty($_POST["v_domain"])) {
$errors[] = _("Domain");
}
if (empty($_POST["v_ip"])) {
$errors[] = _("IP Address");
}
if (!empty($errors[0])) {
foreach ($errors as $i => $error) {
if ($i == 0) {
$error_msg = $error;
} else {
$error_msg = $error_msg . ", " . $error;
}
}
$_SESSION["error_msg"] = sprintf(_('Field "%s" can not be blank.'), $error_msg);
}
// Set domain to lowercase and remove www prefix
$v_domain = preg_replace("/^www\./i", "", $_POST["v_domain"]);
$v_domain = strtolower($v_domain);
// Define domain ip address
$v_ip = quoteshellarg($_POST["v_ip"]);
// Using public IP instead of internal IP when creating DNS
// Gets public IP from 'v-list-user-ips' command (that reads /hestia/data/ips/ip), precisely from 'NAT' field
$v_public_ip = $v_ip;
$v_clean_ip = $_POST["v_ip"]; // clean_ip = IP without quotas
exec(HESTIA_CMD . "v-list-user-ips " . $user . " json", $output, $return_var);
$ips = json_decode(implode("", $output), true);
unset($output);
if (
isset($ips[$v_clean_ip]) &&
isset($ips[$v_clean_ip]["NAT"]) &&
trim($ips[$v_clean_ip]["NAT"]) != ""
) {
$v_public_ip = trim($ips[$v_clean_ip]["NAT"]);
$v_public_ip = quoteshellarg($v_public_ip);
}
// Define domain aliases
$v_aliases = "";
// Define proxy extensions
$_POST["v_proxy_ext"] = "";
exec(HESTIA_CMD . "v-list-user " . $user . " json", $output, $return_var);
$user_config = json_decode(implode("", $output), true);
unset($output);
$v_template = $user_config[$user_plain]["WEB_TEMPLATE"];
$v_backend_template = $user_config[$user_plain]["BACKEND_TEMPLATE"];
$v_proxy_template = $user_config[$user_plain]["PROXY_TEMPLATE"];
// Add web domain
if (empty($_SESSION["error_msg"])) {
exec(
HESTIA_CMD .
"v-add-web-domain " .
$user .
" " .
quoteshellarg($v_domain) .
" " .
$v_ip .
" 'yes'",
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
$domain_added = empty($_SESSION["error_msg"]);
}
if (empty($_POST["v_dns"])) {
$_POST["v_dns"] = "no";
}
if (empty($_POST["v_mail"])) {
$_POST["v_mail"] = "no";
}
// Add DNS domain
if ($_POST["v_dns"] == "on" && empty($_SESSION["error_msg"])) {
exec(
HESTIA_CMD .
"v-add-dns-domain " .
$user .
" " .
quoteshellarg($v_domain) .
" " .
$v_public_ip .
" '' '' '' '' '' '' '' '' 'no'",
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
}
// Add mail domain
if ($_POST["v_mail"] == "on" && empty($_SESSION["error_msg"])) {
exec(
HESTIA_CMD . "v-add-mail-domain " . $user . " " . quoteshellarg($v_domain),
$output,
$return_var,
);
check_return_code($return_var, $output);
unset($output);
}
// Flush field values on success
if (empty($_SESSION["error_msg"])) {
$_SESSION["ok_msg"] = htmlify_trans(
sprintf(_("Domain {%s} has been created successfully."), htmlentities($v_domain)),
"</a>",
'<a href="/edit/web/?domain=' . htmlentities($v_domain) . '">',
);
unset($v_domain);
unset($v_aliases);
}
}
// Define user variables
$v_aliases = "";
// List user package
exec(HESTIA_CMD . "v-list-user " . $user . " json", $output, $return_var);
$user_config = json_decode(implode("", $output), true);
unset($output);
// List web templates and set default values
exec(HESTIA_CMD . "v-list-web-templates json", $output, $return_var);
$templates = json_decode(implode("", $output), true);
unset($output);
$v_template = !empty($_POST["v_template"])
? $_POST["v_template"]
: $user_config[$user_plain]["WEB_TEMPLATE"];
// List backend templates
if (!empty($_SESSION["WEB_BACKEND"])) {
exec(HESTIA_CMD . "v-list-web-templates-backend json", $output, $return_var);
$backend_templates = json_decode(implode("", $output), true);
unset($output);
$v_backend_template = !empty($_POST["v_backend_template"])
? $_POST["v_backend_template"]
: $user_config[$user_plain]["BACKEND_TEMPLATE"];
}
// List proxy templates
if (!empty($_SESSION["PROXY_SYSTEM"])) {
exec(HESTIA_CMD . "v-list-web-templates-proxy json", $output, $return_var);
$proxy_templates = json_decode(implode("", $output), true);
unset($output);
$v_proxy_template = !empty($_POST["v_proxy_template"])
? $_POST["v_proxy_template"]
: $user_config[$user_plain]["PROXY_TEMPLATE"];
}
// List IP addresses
exec(HESTIA_CMD . "v-list-user-ips " . $user . " json", $output, $return_var);
$ips = json_decode(implode("", $output), true);
unset($output);
// Get all user domains
exec(HESTIA_CMD . "v-list-web-domains " . $user . " json", $output, $return_var);
$user_domains = json_decode(implode("", $output), true);
$user_domains = array_keys($user_domains);
unset($output);
$accept = $_GET["accept"] ?? "";
$v_domain = $_POST["domain"] ?? "";
// Render page
render_page($user, $TAB, "add_web");
// Flush session messages
unset($_SESSION["error_msg"]);
unset($_SESSION["ok_msg"]);

146
web/add/webapp/index.php Normal file
View File

@@ -0,0 +1,146 @@
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;
ob_start();
$TAB = "WEB";
// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
require_once $_SERVER["DOCUMENT_ROOT"] . "/src/init.php";
// Check domain argument
if (empty($_GET["domain"])) {
header("Location: /list/web/");
exit();
}
// Edit as someone else?
if ($_SESSION["user"] == "admin" && !empty($_GET["user"])) {
$user = quoteshellarg($_GET["user"]);
}
// Check if domain belongs to the user
$v_domain = $_GET["domain"];
exec(
HESTIA_CMD . "v-list-web-domain " . $user . " " . quoteshellarg($v_domain) . " json",
$output,
$return_var,
);
if ($return_var > 0) {
check_return_code_redirect($return_var, $output, "/list/web/");
}
unset($output);
exec(HESTIA_CMD . "v-list-sys-php json", $output, $return_var);
$php_versions = json_decode(implode("", $output), true);
unset($output);
// Check GET request
if (!empty($_GET["app"])) {
$app = basename($_GET["app"]);
$hestia = new \Hestia\System\HestiaApp();
$app_installer_class = "\Hestia\WebApp\Installers\\" . $app . "\\" . $app . "Setup";
if (class_exists($app_installer_class)) {
try {
$app_installer = new $app_installer_class($v_domain, $hestia);
$info = $app_installer->info();
foreach ($php_versions as $version) {
if (in_array($version, $info["php_support"])) {
$supported = true;
$supported_versions[] = $version;
}
}
if ($supported) {
$info["enabled"] = true;
} else {
$info["enabled"] = false;
$_SESSION["error_msg"] = sprintf(
_("Unable to install %s, %s is not available."),
$app,
"PHP-" . end($info["php_support"]),
);
}
if ($info["enabled"] == true) {
$installer = new \Hestia\WebApp\AppWizard($app_installer, $v_domain, $hestia);
$GLOBALS["WebappInstaller"] = $installer;
}
} catch (Exception $e) {
$_SESSION["error_msg"] = $e->getMessage();
header("Location: /add/webapp/?domain=" . $v_domain);
exit();
}
} else {
$_SESSION["error_msg"] = sprintf(_("%s installer missing."), $app);
}
}
// Check POST request
if (!empty($_POST["ok"]) && !empty($app)) {
// Check token
verify_csrf($_POST);
if ($installer) {
try {
if (!$installer->execute($_POST)) {
$result = $installer->getStatus();
if (!empty($result)) {
$_SESSION["error_msg"] = implode(PHP_EOL, $result);
}
} else {
$_SESSION["ok_msg"] = sprintf(
_("%s installed successfully."),
htmlspecialchars($app),
);
header("Location: /add/webapp/?domain=" . $v_domain);
exit();
}
} catch (Exception $e) {
$_SESSION["error_msg"] = $e->getMessage();
header("Location: /add/webapp/?app=" . rawurlencode($app) . "&domain=" . $v_domain);
exit();
}
}
}
if (!empty($installer)) {
render_page($user, $TAB, "setup_webapp");
} else {
$appInstallers = glob(__DIR__ . "/../../src/app/WebApp/Installers/*/*.php");
$v_web_apps = [];
foreach ($appInstallers as $app) {
$hestia = new \Hestia\System\HestiaApp();
if (
preg_match(
"/Installers\/([a-zA-Z][a-zA-Z0,9].*)\/([a-zA-Z][a-zA-Z0,9].*).php/",
$app,
$matches,
)
) {
if ($matches[1] != "Resources") {
$app_installer_class =
"\Hestia\WebApp\Installers\\" . $matches[1] . "\\" . $matches[1] . "Setup";
$app_installer = new $app_installer_class($v_domain, $hestia);
$appInstallerInfo = $app_installer->info();
$supported = false;
$supported_versions = [];
foreach ($php_versions as $version) {
if (in_array($version, $appInstallerInfo["php_support"])) {
$supported = true;
$supported_versions[] = $version;
}
}
if ($supported) {
$appInstallerInfo["enabled"] = true;
} else {
$appInstallerInfo["enabled"] = false;
}
$v_web_apps[] = $appInstallerInfo;
}
}
}
render_page($user, $TAB, "list_webapps");
}
// Flush session messages
unset($_SESSION["error_msg"]);
unset($_SESSION["ok_msg"]);