| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134 |
- <?php
- // Adds users to the database
- // Variables
- $success = 0;
- if (isset($_GET['username'])) {
- $ftp_username = $_GET['username'];
- }
- if (isset($_GET['password'])) {
- $ftp_pass = $_GET['password'];
- }
- if (isset($_GET['dir'])) {
- $rDir = $_GET['dir'];
- }
- if (isset($errors)) {
- unset($errors);
- }
- if (file_exists("config.php")) {
- include 'config.php';
- } else {
- die("config.php must exist within the installation root folder!");
- }
- include_once 'db_functions.php';
- // Did we properly receive the variables from the OGP agent?
- if (isset($ftp_username) && isset($ftp_pass) && isset($rDir)) {
- // We received all necessary variables. Process what we received.
- $errorCount = 0;
- $errorInstallInt = 0;
- // OGP should be doing this validation... but it's not
-
- // Custom directory validation
-
- if (substr_count($rDir, '/') < 2) {
- $errorCount++;
- $errors[] = "In order to prevent security risks, users cannot be granted access to the main directories in the root file system of the server. You must go down two directory levels! Example: /games/user1!";
- }
-
- if (stripos($rDir, "/") === FALSE || stripos($rDir, "/") != 0) {
- $errorCount++;
- $errors[] = "You have not chosen a valid directory!";
- }
-
- if ($rDir === "/var/www/" || stripos($rDir, "/var/www/") !== FALSE) {
- $errorCount++;
- $errors[] = "You may not create ftp accounts into the protected EHCP directories using this program. Create these accounts using EHCP software.";
- }
-
- if (stripos($rDir, "\\")) {
- $errorCount++;
- $errors[] = "This is not a Windows machine... use the correct slash character for path...";
- }
- // If the last character in the path is a slash (/) - Remove it from the string
-
- if (substr_count($rDir, '/') >= 2 && $rDir[strlen($rDir) - 1] == "/") {
- $end = strlen($rDir) - 2;
- $rDir = substr($rDir, 0, $end);
- }
-
- if ($errorCount == 0) {
- // Security checks
- $ftp_password_db = escapeSQLStr($ftp_pass, $connection);
- $ftp_username_db = escapeSQLStr($ftp_username, $connection);
- $rDir = escapeSQLStr($rDir, $connection);
- $SQL = "SELECT id FROM ftpaccounts WHERE ftpusername = '$ftp_username_db'";
- $Result = execSQL($SQL, $connection);
-
- if ($Result !== FALSE) {
- $count = countSQLResult($Result);
-
- if ($count > 0) {
- $errorCount++;
- $errors[] = "The FTP username supplied already exists! Please enter another unique username!";
- } else {
- // Make sure data enter is unique for homedir
- $SQL = "SELECT id FROM ftpaccounts WHERE homedir = '$rDir'";
- $Result = execSQL($SQL, $connection);
-
- if ($Result !== FALSE) {
- $count = countSQLResult($Result);
- // Insert the data into the
- $SQL = "INSERT INTO ftpaccounts (ftpusername, password, homedir) VALUES ('$ftp_username_db', password('$ftp_password_db'), '$rDir')";
- $Result = execSQL($SQL, $connection);
-
- if ($Result !== FALSE) {
- $success = 1;
- } else {
- $errorCount++;
- $errors[] = getSQLError($connection);
- }
- } else {
- $errorCount++;
- $errors[] = getSQLError($connection);
- }
-
- if ($errorCount > 0 && $success == 0) {
- unset($_POST['createFTP']);
- include 'admin/ftpCreateForm.php';
- }
- }
- } else {
- $errorCount++;
- $errors[] = getSQLError($connection);
- }
- }
- }
- // Log errors
- if ($errorCount > 0) {
- addToLog($errors);
- }
- // Return value:
- echo $success;
- ?>
|
