0) { header('Location: /error/'); exit; } } function check_return_code($return_var, $output) { if ($return_var != 0) { $error = implode('
', $output); if (empty($error)) { $error = sprintf(_('Error code:'), $return_var); } $_SESSION['error_msg'] = $error; } } function render_page($user, $TAB, $page) { $__template_dir = dirname(__DIR__) . '/templates/'; $__pages_js_dir = dirname(__DIR__) . '/js/pages/'; // Header include($__template_dir . 'header.html'); // Panel top_panel(empty($_SESSION['look']) ? $_SESSION['user'] : $_SESSION['look'], $TAB); // Extract global variables // I think those variables should be passed via arguments extract($GLOBALS, EXTR_SKIP); // Policies controller @include_once(dirname(__DIR__) . '/inc/policies.php'); // Body include($__template_dir . 'pages/' . $page . '.html'); // Including common js files @include_once(dirname(__DIR__) . '/templates/includes/end_js.html'); // Including page specific js file if (file_exists($__pages_js_dir . $page . '.js')) { echo ''; } // Footer include($__template_dir . 'footer.html'); } // Match $_SESSION['token'] against $_GET['token'] or $_POST['token'] // Usage: verify_csrf($_POST) or verify_csrf($_GET); Use verify_csrf($_POST,true) to return on failure instead of redirect function verify_csrf($method, $return = false) { if ($method['token'] !== $_SESSION['token'] || empty($method['token']) || empty($_SESSION['token'])) { if ($return === true) { return false; } else { header('Location: /login/'); die(); } } else { return true; } } function top_panel($user, $TAB) { global $panel; $command = HESTIA_CMD . 'v-list-user ' . escapeshellarg($user) . " 'json'"; exec($command, $output, $return_var); if ($return_var > 0) { echo 'ERROR: Unable to retrieve account details.
Please log in again.'; destroy_sessions(); header('Location: /login/'); exit; } $panel = json_decode(implode('', $output), true); unset($output); // Log out active sessions for suspended users if (($panel[$user]['SUSPENDED'] === 'yes') && ($_SESSION['POLICY_USER_VIEW_SUSPENDED'] !== 'yes')) { if(empty($_SESSION['look'])){ $_SESSION['error_msg'] = 'You have been logged out. Please log in again.'; destroy_sessions(); header('Location: /login/'); } } // Reset user permissions if changed while logged in if (($panel[$user]['ROLE']) !== ($_SESSION['userContext']) && (!isset($_SESSION['look']))) { unset($_SESSION['userContext']); $_SESSION['userContext'] = $panel[$user]['ROLE']; } // Load user's selected theme and do not change it when impersonting user if ((isset($panel[$user]['THEME'])) && (!isset($_SESSION['look']))) { $_SESSION['userTheme'] = $panel[$user]['THEME']; } // Unset userTheme override variable if POLICY_USER_CHANGE_THEME is set to no if ($_SESSION['POLICY_USER_CHANGE_THEME'] === 'no') { unset($_SESSION['userTheme']); } // Set preferred sort order if (!isset($_SESSION['look'])) { $_SESSION['userSortOrder'] = $panel[$user]['PREF_UI_SORT']; } // Set home location URLs if (($_SESSION['userContext'] === 'admin') && (!isset($_SESSION['look']))) { // Display users list for administrators unless they are impersonating a user account $home_url = '/list/user/'; } else { // Set home location URL based on available package features from account if ($panel[$user]['WEB_DOMAINS'] != '0') { $home_url = '/list/web/'; } elseif ($panel[$user]['DNS_DOMAINS'] != '0') { $home_url = '/list/dns/'; } elseif ($panel[$user]['MAIL_DOMAINS'] != '0') { $home_url = '/list/mail/'; } elseif ($panel[$user]['DATABASES'] != '0') { $home_url = '/list/db/'; } elseif ($panel[$user]['CRON_JOBS'] != '0') { $home_url = '/list/cron/'; } elseif ($panel[$user]['BACKUPS'] != '0') { $home_url = '/list/backups/'; } } include(dirname(__FILE__) . '/../templates/includes/panel.html'); } function translate_date($date) { $date = strtotime($date); return strftime('%d  ', $date) . _(strftime('%b', $date)) . strftime('  %Y', $date); } function humanize_time($usage) { if ($usage > 60) { $usage = $usage / 60; if ($usage > 24) { $usage = $usage / 24; $usage = number_format($usage); return sprintf(ngettext('%d day', '%d days', $usage), $usage); } else { return sprintf(ngettext('%d hour', '%d hours', $usage), $usage); } } else { return sprintf(ngettext('%d minute', '%d minutes', $usage), $usage); } } function humanize_usage_size($usage) { if ($usage > 1024) { $usage = $usage / 1024; if ($usage > 1024) { $usage = $usage / 1024 ; if ($usage > 1024) { $usage = $usage / 1024 ; $usage = number_format($usage, 2); } else { $usage = number_format($usage, 2); } } else { $usage = number_format($usage, 2); } } return $usage; } function humanize_usage_measure($usage) { $measure = 'kb'; if ($usage > 1024) { $usage = $usage / 1024; if ($usage > 1024) { $usage = $usage / 1024 ; $measure = ($usage > 1024) ? 'pb' : 'tb'; } else { $measure = 'gb'; } } else { $measure = 'mb'; } return $measure; } function get_percentage($used, $total) { if (!isset($total)) { $total = 0; } if (!isset($used)) { $used = 0; } if ($total == 0) { $percent = 0; } else { $percent = $used / $total; $percent = $percent * 100; $percent = number_format($percent, 0, '', ''); if ($percent < 0) { $percent = 0; } elseif ($percent > 100) { $percent = 100; } } return $percent; } function send_email($to, $subject, $mailtext, $from, $from_name, $to_name = '') { $mail = new PHPMailer(); if (isset($_SESSION['USE_SERVER_SMTP']) && $_SESSION['USE_SERVER_SMTP'] == "true") { $from = $_SESSION['SERVER_SMTP_ADDR']; $mail->IsSMTP(); $mail->Mailer = "smtp"; $mail->SMTPDebug = 0; $mail->SMTPAuth = true; $mail->SMTPSecure = $_SESSION['SERVER_SMTP_SECURITY']; $mail->Port = $_SESSION['SERVER_SMTP_PORT']; $mail->Host = $_SESSION['SERVER_SMTP_HOST']; $mail->Username = $_SESSION['SERVER_SMTP_USER']; $mail->Password = $_SESSION['SERVER_SMTP_PASSWD']; } $mail->IsHTML(true); $mail->ClearReplyTos(); if (empty($to_name)) { $mail->AddAddress($to); } else { $mail->AddAddress($to, $to_name); } $mail->SetFrom($from, $from_name); $mail->CharSet = "utf-8"; $mail->Subject = $subject; $content = $mailtext; $content = nl2br($content); $mail->MsgHTML($content); $mail->Send(); } function list_timezones() { foreach (['AKST', 'AKDT', 'PST', 'PDT', 'MST', 'MDT', 'CST', 'CDT', 'EST', 'EDT', 'AST', 'ADT'] as $timezone) { $tz = new DateTimeZone($timezone); $timezone_offsets[$timezone] = $tz->getOffset(new DateTime()); } foreach (DateTimeZone::listIdentifiers() as $timezone) { $tz = new DateTimeZone($timezone); $timezone_offsets[$timezone] = $tz->getOffset(new DateTime()); } foreach ($timezone_offsets as $timezone => $offset) { $offset_prefix = $offset < 0 ? '-' : '+'; $offset_formatted = gmdate('H:i', abs($offset)); $pretty_offset = "UTC${offset_prefix}${offset_formatted}"; $t = new DateTimeZone($timezone); $c = new DateTime(null, $t); $current_time = $c->format('H:i:s'); $timezone_list[$timezone] = "$timezone [ $current_time ] ${pretty_offset}"; } return $timezone_list; } /** * A function that tells is it MySQL installed on the system, or it is MariaDB. * * Explaination: * $_SESSION['DB_SYSTEM'] has 'mysql' value even if MariaDB is installed, so you can't figure out is it really MySQL or it's MariaDB. * So, this function will make it clear. * * If MySQL is installed, function will return 'mysql' as a string. * If MariaDB is installed, function will return 'mariadb' as a string. * * Hint: if you want to check if PostgreSQL is installed - check value of $_SESSION['DB_SYSTEM'] * * @return string */ function is_it_mysql_or_mariadb() { exec(HESTIA_CMD . 'v-list-sys-services json', $output, $return_var); $data = json_decode(implode('', $output), true); unset($output); $mysqltype = 'mysql'; if (isset($data['mariadb'])) { $mysqltype = 'mariadb'; } return $mysqltype; } function load_hestia_config() { // Check system configuration exec(HESTIA_CMD . "v-list-sys-config json", $output, $return_var); $data = json_decode(implode('', $output), true); $sys_arr = $data['config']; foreach ($sys_arr as $key => $value) { $_SESSION[$key] = $value; } } /** * Returns the list of all web domains from all users grouped by Backend Template used and owner * * @return array */ function backendtpl_with_webdomains() { exec(HESTIA_CMD . 'v-list-users json', $output, $return_var); $users = json_decode(implode('', $output), true); unset($output); $backend_list=[]; foreach ($users as $user => $user_details) { exec(HESTIA_CMD . 'v-list-web-domains '. escapeshellarg($user) . ' json', $output, $return_var); $domains = json_decode(implode('', $output), true); unset($output); foreach ($domains as $domain => $domain_details) { if (!empty($domain_details['BACKEND'])) { $backend = $domain_details['BACKEND']; $backend_list[$backend][$user][] = $domain; } } } return $backend_list; } /** * Check if password is valid * * @return int; 1 / 0 */ function validate_password($password) { return preg_match('/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(.){8,}$/', $password); }