From ed48b460605daef5d07d0ce15406926f022a5931 Mon Sep 17 00:00:00 2001 From: Matthew Saunders Brown Date: Fri, 30 Aug 2024 14:01:15 -0700 Subject: [PATCH] changes to make vhost mapping work properly --- panel/classes/Panel/Login.php | 4 +- panel/classes/Panel/Vhost/UsersEdit.php | 34 +++++++++-- panel/classes/Panel/Vhost/Vhosts.php | 31 +++++++--- panel/config/maps-vhost.ini | 6 +- panel/index.php | 22 +++++-- panel/ui/header.html | 75 +++++++++++++----------- panel/ui/vhost/users-edit.html | 18 ++++++ panel/ui/vhost/vhosts-vhost.html | 78 ++++++++++++++----------- 8 files changed, 176 insertions(+), 92 deletions(-) diff --git a/panel/classes/Panel/Login.php b/panel/classes/Panel/Login.php index 383e5b0..abef0a9 100644 --- a/panel/classes/Panel/Login.php +++ b/panel/classes/Panel/Login.php @@ -133,6 +133,7 @@ class Login extends \Panel { /* user authenticated, check if they own requested domain */ if ($domain_array = $f3->call('\Panel::vGet', array("vhost-get.sh -u $username -d $domain -c", FALSE))) { $f3->set('SESSION.expiration', time() + $f3->get('TIMEOUT')); + $f3->set('SESSION.vhostusername', $username); $f3->reroute('/'); } else { /* user does not own domain, check if user is a vpanel admin */ @@ -142,8 +143,7 @@ class Login extends \Panel { $f3->reroute('/'); } else { /* user does not own domain, and is not a vpanel admin */ - $messages[] = "User validated, but does not have admin privileges for $domain."; - $messages[] = "Please try another username."; + $messages[] = "Invalid user. Please try another username."; $f3->set('SESSION.messages', $messages); echo \Template::instance()->render('login.html'); } diff --git a/panel/classes/Panel/Vhost/UsersEdit.php b/panel/classes/Panel/Vhost/UsersEdit.php index f4ae891..366c0ec 100644 --- a/panel/classes/Panel/Vhost/UsersEdit.php +++ b/panel/classes/Panel/Vhost/UsersEdit.php @@ -15,6 +15,26 @@ class UsersEdit extends \Panel\Vhost { parent::beforeRoute($f3); $username = $f3->get('PARAMS.username'); + + /* exta auth checks if logged in via vhost mapping */ + if ($f3->get('NAV.mapping') == 'vhost') { + if ($f3->exists('SESSION.vhostusername')) { + /* vhostusername indicates vhost user login */ + $vhostusername = $f3->get('SESSION.vhostusername'); + if ($username != $vhostusername) { + /* trying to edit wrong username, redirect back home */ + $messages[] = "Unauthorized request."; + $f3->set('SESSION.messages', $messages); + $f3->reroute("/"); + } + } else { + /* SESSION.vhostusername not set. Something went wrong, redirect back home */ + $messages[] = "Error verifying system user for domain $domain, can not edit."; + $f3->set('SESSION.messages', $messages); + $f3->reroute("/"); + } + } + if ($user_array = $f3->call('\Panel::vGet', array("vhost-user-get.sh -u $username -c -v", FALSE))) { if ($user_array[0]['passwd'] == "") { $user_array[0]['passwd'] = '(unavailable)'; @@ -56,7 +76,7 @@ class UsersEdit extends \Panel\Vhost { } else { $password = escapeshellarg($password); if ($f3->get('WRITEUSERINFO') == '1') { - exec("/usr/local/bin/vhost-user-mod.sh -u $username -p $password -w", $output, $result_code); + exec("/usr/local/bin/vhost-user-mod.sh -u $username -p $password -w 1", $output, $result_code); } else { exec("/usr/local/bin/vhost-user-mod.sh -u $username -p $password", $output, $result_code); } @@ -69,7 +89,6 @@ class UsersEdit extends \Panel\Vhost { } elseif ($action == 'jail') { exec("/usr/local/bin/vhost-user-jail.sh -u $username >/dev/null 2>/dev/null &", $output, $result_code); $messages[] = "User is being jailed. Note: Setting up the jail environment takes about a minute to complete and is run in the background now."; - $f3->reroute("/Users/$username"); } elseif ($action == 'fpmmax') { $fpmmax = $_POST['fpmmax']; exec("/usr/local/bin/vhost-user-mod.sh -u $username -x $fpmmax", $output, $result_code); @@ -83,8 +102,15 @@ class UsersEdit extends \Panel\Vhost { } $f3->set('SESSION.messages', $messages); - $f3->reroute("/Users/$username"); - + if ($f3->get('NAV.mapping') == 'vhost') { + if (isset($result_code) && $result_code == 0) { + $f3->reroute("/"); + } else { + $f3->reroute("/Users/$username/Edit"); + } + } else { + $f3->reroute("/Users/$username"); + } // /* run mod command here */ // $mbox = $f3->get('PARAMS.mbox'); diff --git a/panel/classes/Panel/Vhost/Vhosts.php b/panel/classes/Panel/Vhost/Vhosts.php index ac1a982..1f5aed0 100644 --- a/panel/classes/Panel/Vhost/Vhosts.php +++ b/panel/classes/Panel/Vhost/Vhosts.php @@ -17,8 +17,23 @@ class Vhosts extends \Panel\Vhost { parent::beforeRoute($f3); if ($f3->exists('PARAMS.vhost')) { + /* got here via vpanel link */ $vhost = $f3->get('PARAMS.vhost'); - if ($vhost_array = $f3->call('\Panel::vGet', array("vhost-get.sh -d $vhost -c", FALSE))) { + $vhost_get_cmd = "vhost-get.sh -d $vhost -c"; + } elseif ($f3->get('NAV.mapping') == 'vhost') { + /* got here via vhost page */ + if ($f3->exists('SESSION.domain') && $f3->exists('SESSION.vhostusername')) { + /* SESSION.domain should be set for all vhost logins */ + $vhost = $f3->get('SESSION.domain'); + $vhostusername = $f3->get('SESSION.vhostusername'); + $vhost_get_cmd = "vhost-get.sh -d $vhost -u $vhostusername -c"; + } else { + /* should never get here, throw a 500 error to prevent further processing */ + $f3->error(500); + } + } + if (isset($vhost_get_cmd)) { + if ($vhost_array = $f3->call('\Panel::vGet', array("$vhost_get_cmd", FALSE))) { $f3->set('vhost_array', $vhost_array[0]); /* get cert info */ if ($f3->call('\Panel::verifyCertificateExists', $vhost)) { @@ -82,15 +97,13 @@ class Vhosts extends \Panel\Vhost { static function get($f3) { if ($f3->exists('PARAMS.vhost')) { - - // $vhost_array = $f3->get('vhost_array'); - - /* convert data for frontend display */ - // nothing to convert - - // $f3->set('vhost_array', $vhost_array); - $vhost = $f3->get('PARAMS.vhost'); + } elseif ($f3->exists('SESSION.domain')) { + $vhost = $f3->get('SESSION.domain'); + } + + if (isset($vhost)) { + $f3->set('page_header', "Details for $vhost"); echo \Template::instance()->render('vhost/vhosts-vhost.html'); diff --git a/panel/config/maps-vhost.ini b/panel/config/maps-vhost.ini index 534530e..3f64254 100644 --- a/panel/config/maps-vhost.ini +++ b/panel/config/maps-vhost.ini @@ -8,8 +8,4 @@ / [sync] = Panel\Vhost\Vhosts /Login [sync] = Panel\Login /Logout [sync] = Panel\Logout -/Websites [sync] = Panel\Vhost\Vhosts -/Websites/Add [sync] = Panel\Vhost\VhostsAdd -/Websites/@vhost [sync] = Panel\Vhost\Vhosts -/Websites/@vhost/Edit [sync] = Panel\Vhost\VhostsEdit -/Websites/@vhost/Delete [sync] = Panel\Vhost\VhostsDelete +/Users/@username/Edit [sync] = Panel\Vhost\UsersEdit diff --git a/panel/index.php b/panel/index.php index fe2ecf7..3f0812d 100644 --- a/panel/index.php +++ b/panel/index.php @@ -26,6 +26,13 @@ if ($f3->get('HOST') == $f3->get('NAV.hostname')) { if ($f3->exists('SESSION.domain')) { $f3->clear('SESSION.domain'); } + if ($f3->exists('SESSION.vhostusername')) { + $f3->clear('SESSION.vhostusername'); + } + /* load DNS mapping, if enabled */ + if ($f3->get('VDNSADMIN') == '1') { + $f3->config("config/maps-vdns.ini"); + } } elseif (preg_match('/^mail\./i', $f3->get('HOST'))) { $mapping = 'vmail'; $domain = preg_replace('/^mail\./i', '', $f3->get('HOST')); @@ -34,15 +41,20 @@ if ($f3->get('HOST') == $f3->get('NAV.hostname')) { $mapping = 'vhost'; $domain = preg_replace('/^www\./i', '', $f3->get('HOST')); $f3->set('SESSION.domain', $domain); + /* vhostusername is not set when logging in to vhost admin as vpanel user or via ADMIN IP */ + if (!$f3->exists('SESSION.vhostusername')) { + if ($vhost_array = $f3->call('\Panel::vGet', array("vhost-get.sh -d $domain -c", FALSE))) { + $vhostusername = $vhost_array[0]['username']; + $f3->set('SESSION.vhostusername', $vhostusername); + } else { + $messages[] = "System error verifying system user for domain $domain. Please contact support for further assistance."; + $f3->set('SESSION.messages', $messages); + } + } } $f3->set('NAV.mapping', $mapping); $f3->config("config/maps-$mapping.ini"); -/* load DNS mapping, if enabled */ -if ($f3->get('VDNSADMIN') == '1') { - $f3->config("config/maps-vdns.ini"); -} - /* custom error page */ $f3->set('ONERROR',function($f3){ echo \Template::instance()->render('error.html'); diff --git a/panel/ui/header.html b/panel/ui/header.html index da832d2..7eb0f38 100644 --- a/panel/ui/header.html +++ b/panel/ui/header.html @@ -26,43 +26,52 @@

{{@PACKAGE}}

- + +

{{@page_header}}

 diff --git a/panel/ui/vhost/users-edit.html b/panel/ui/vhost/users-edit.html index ec67f9c..4f87ec1 100644 --- a/panel/ui/vhost/users-edit.html +++ b/panel/ui/vhost/users-edit.html @@ -26,6 +26,7 @@ Passwords 15 or more characters long do not have any complexity requirements.

+

@@ -173,4 +174,21 @@ Passwords 15 or more characters long do not have any complexity requirements.

+ + + + +

+ +

+ PHP Workers for {{ @user_array.username }}: {{ @user_array.fpmmax }} +

+ PHP Workers is maximum number of PHP processes that this user can have running at one time. Any website(s) installed for this user will be limited by this. +

+ This can not be changed here, contact tech support if you think you need more PHP workers.
+
+ +

+
+ diff --git a/panel/ui/vhost/vhosts-vhost.html b/panel/ui/vhost/vhosts-vhost.html index b16a1e6..529ce88 100644 --- a/panel/ui/vhost/vhosts-vhost.html +++ b/panel/ui/vhost/vhosts-vhost.html @@ -1,5 +1,7 @@ + + @@ -21,6 +23,8 @@

+ +
Website
@@ -30,10 +34,14 @@ - + + + +
System User
{{ @vhost_array.username }} {{ @users_array.fpmmax }}Edit UserChange PasswordEdit User
+

@@ -42,50 +50,52 @@ Certificate Expiration Secured Hostnames - Action + Action {{ @cert_array.common }} {{ @cert_array.end }} {{ @cert_array.alternative | raw }} - Delete + Delete

-
- - - You need a Security Certificate. Click Here to add one now. - - - You need a Security Certificate for {{ @vhost_array.virtualhost }}. -
- Before you can add one you must make the DNS change listed below. Once that's completed come back here and this message will change to an option to create a Security Certificate. -
- Note that after you add DNS records it can take some time for the changes to propagate and show up here. -

- - - - - - - -
{{ @dnsinfo.a.status }} A Record for {{ @vhost_array.virtualhost }}
Type:A
Host:{{ @vhost_array.virtualhost }}
Value:{{ @dnsinfo.server_addr }}
TTL:3600 (or default)
This should be the only A record for {{ @vhost_array.virtualhost }}.
-

- - - - - - - -
Verify CNAME Record for www.{{ @vhost_array.virtualhost }}
Type:CNAME
Host:www.{{ @vhost_array.virtualhost }}
Value:{{ @vhost_array.virtualhost }}
TTL:3600 (or default)
This should be the only record for www.{{ @vhost_array.virtualhost }}.
Note this admin did not check for this record, it may already exist.
- + +
+ + + You need a Security Certificate. Click Here to add one now. + + + You need a Security Certificate for {{ @vhost_array.virtualhost }}. +
+ Before you can add one you must make the DNS change listed below. Once that's completed come back here and this message will change to an option to create a Security Certificate. +
+ Note that after you add DNS records it can take some time for the changes to propagate and show up here. +

+ + + + + + + +
{{ @dnsinfo.a.status }} A Record for {{ @vhost_array.virtualhost }}
Type:A
Host:{{ @vhost_array.virtualhost }}
Value:{{ @dnsinfo.server_addr }}
TTL:3600 (or default)
This should be the only A record for {{ @vhost_array.virtualhost }}.
+

+ + + + + + + +
Verify CNAME Record for www.{{ @vhost_array.virtualhost }}
Type:CNAME
Host:www.{{ @vhost_array.virtualhost }}
Value:{{ @vhost_array.virtualhost }}
TTL:3600 (or default)
This should be the only record for www.{{ @vhost_array.virtualhost }}.
Note this admin did not check for this record, it may already exist.
+ + +
-