탐색 도움말
로그인
yosoyhendrix
/
OGP-Agent-Linux
의 미러 https://github.com/OpenGamePanel/OGP-Agent-Linux
1
0
포크 0
파일 이슈 0 위키
트리: 9ce6ed21f6
브랜치 태그
OGP-Agent-Linux
/
EHCP
/
updateInfo.php

updateInfo.php 4.4 KB
히스토리 Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142 
  1. <?php
    2. 

  2. 

  3. if (file_exists("config.php")) {
    4. 

  4.     include 'config.php';
    5. 

  5. } else {
    6. 

  6.     die("config.php must exist within the installation root folder!");
    7. 

  7. }
    8. 

  8. 

  9. // Updates ftpuser's password
    10. 

  10. $success = 0;
    11. 

  11. $errorCount = 0;
    12. 

  12. 

  13. if (isset($errors)) {
    14. 

  14.     unset($errors);
    15. 

  15. }
    16. 

  16. 

  17. if (isset($_GET['username'])) {
    18. 

  18.     $ftp_username = $_GET['username'];
    19. 

  19. }
    20. 

  20. 

  21. if (isset($_GET['password'])) {
    22. 

  22.     $arrOfVals = trim($_GET['password']);
    23. 

  23. }
    24. 

  24. 

  25. if (isset($arrOfVals) && !empty($arrOfVals)) {
    26. 

  26.     $arrOfVals = explode("\n", $arrOfVals);
    27. 

  27.     $arrOfVals = array_filter($arrOfVals);
    28. 

  28.     
    29. 

  29.     foreach ($arrOfVals as $passIn) {
    30. 

  30.         $passIn = trim($passIn);
    31. 

  31. 

  32.         // Replace all tabs or spaces
    33. 

  33.         $pattern = '/\s+/';
    34. 

  34.         $passIn = preg_replace($pattern, ' ', $passIn);
    35. 

  35.         $keyAndVal = explode(' ', $passIn);
    36. 

  36.         
    37. 

  37.         if (count($keyAndVal) == 2) {
    38. 

  38.             $arr[$keyAndVal[0]] = $keyAndVal[1];
    39. 

  39.         }
    40. 

  40.         
    41. 

  41.         if (isset($arr['new_password']) && !empty($arr['new_password'])) {
    42. 

  42.             $ftp_pass = $arr['new_password'];
    43. 

  43.         }
    44. 

  44.         
    45. 

  45.         if (isset($arr['Directory']) && !empty($arr['Directory'])) {
    46. 

  46.             $update_dir = $arr['Directory'];
    47. 

  47.         }
    48. 

  48.         
    49. 

  49.         if (isset($arr['orig_user']) && !empty($arr['orig_user'])) {
    50. 

  50.             $ftp_old_username = $arr['orig_user'];
    51. 

  51.         }
    52. 

  52.         
    53. 

  53.         if (isset($arr['Username']) && !empty($arr['Username'])) {
    54. 

  54.             $ftp_username = $arr['Username'];
    55. 

  55.         }
    56. 

  56.     }
    57. 

  57. }
    58. 

  58. 

  59. if (!isset($ftp_username) || !isset($update_dir)) {
    60. 

  60.     $errorCount++;
    61. 

  61.     $errors[] = "No FTP accounts could be modified! Updated username and homedir were not sent by the panel.";
    62. 

  62. } else {
    63. 

  63.     
    64. 

  64.     if (substr_count($update_dir, '/') < 2) {
    65. 

  65.         $errorCount++;
    66. 

  66.         $errors[] = "In order to prevent security risks, users cannot be granted access to the main directories in the root file system of the server.&nbsp; You must go down two directory levels!&nbsp; Example:  /games/user1!";
    67. 

  67.     }
    68. 

  68.     
    69. 

  69.     if (stripos($update_dir, "/") === FALSE || stripos($update_dir, "/") != 0) {
    70. 

  70.         $errorCount++;
    71. 

  71.         $errors[] = "You have not chosen a valid directory!";
    72. 

  72.     }
    73. 

  73.     
    74. 

  74.     if ($update_dir === "/var/www/" || stripos($update_dir, "/var/www/") !== FALSE) {
    75. 

  75.         $errorCount++;
    76. 

  76.         $errors[] = "You may not create ftp accounts into the protected EHCP directories using this program.&nbsp; Create these accounts using EHCP software.";
    77. 

  77.     }
    78. 

  78.     
    79. 

  79.     if (stripos($update_dir, "\\")) {
    80. 

  80.         $errorCount++;
    81. 

  81.         $errors[] = "This is not a Windows machine... use the correct slash character for path...";
    82. 

  82.     }
    83. 

  83. 

  84.     // If the last character in the path is a slash (/) - Remove it from the string
    85. 

  85.     
    86. 

  86.     if (substr_count($update_dir, '/') > 2 && $update_dir[strlen($update_dir) - 1] == "/") {
    87. 

  87.         $end = strlen($update_dir) - 2;
    88. 

  88.         $update_dir = substr($update_dir, 0, $end);
    89. 

  89.     }
    90. 

  90.     
    91. 

  91.     if ($errorCount == 0) {
    92. 

  92. 

  93.         // Security checks
    94. 

  94.         
    95. 

  95.         if (isset($ftp_pass)) {
    96. 

  96.             $ftp_password_db = mysql_real_escape_string($ftp_pass);
    97. 

  97.         }
    98. 

  98.         $ftp_username_db = mysql_real_escape_string($ftp_username);
    99. 

  99.         $SQL = "SELECT * FROM ftpaccounts WHERE ftpusername = '$ftp_username_db'";
    100. 

  100.         $Result = mysql_query($SQL, $connection);
    101. 

  101.         
    102. 

  102.         if ($Result !== FALSE) {
    103. 

  103.             $count = mysql_num_rows($Result);
    104. 

  104.             
    105. 

  105.             if ($count != 1) {
    106. 

  106.                 $errorCount++;
    107. 

  107.                 $errors[] = "FTP User " . $ftp_username . " does not exist in the database. Account information cannot be updated";
    108. 

  108.             } else {
    109. 

  109. 

  110.                 // Update user's password data into DB:
    111. 

  111.                 $SQL = "UPDATE ftpaccounts SET ";
    112. 

  112.                 
    113. 

  113.                 if (isset($ftp_password_db)) {
    114. 

  114.                     $SQL.= "password=password('$ftp_password_db'), ";
    115. 

  115.                 }
    116. 

  116.                 $SQL.= "homedir='$update_dir' WHERE ftpusername='$ftp_username_db'";
    117. 

  117.                 $Result = mysql_query($SQL, $connection);
    118. 

  118.                 
    119. 

  119.                 if ($Result !== FALSE) {
    120. 

  120.                     $success = 1;
    121. 

  121.                 } else {
    122. 

  122.                     $errorCount++;
    123. 

  123.                     $errors[] = "Error code " . mysql_errno($connection) . ": " . mysql_error($connection);
    124. 

  124.                 }
    125. 

  125.             }
    126. 

  126.         } else {
    127. 

  127.             $errorCount++;
    128. 

  128.             $errors[] = "Error code " . mysql_errno($connection) . ": " . mysql_error($connection);
    129. 

  129.         }
    130. 

  130.     }
    131. 

  131. }
    132. 

  132. 

  133. // Log errors
    134. 

  134. 

  135. if ($errorCount > 0) {
    136. 

  136.     addToLog($errors);
    137. 

  137. }
    138. 

  138. 

  139. // Return value:
    140. 

  140. echo $success;
    141. 

  141. 

  142. ?>
    143.