Главная Обзор Помощь
Вход
yosoyhendrix
/
hestiacp
зеркало из https://github.com/hestiacp/hestiacp
1
0
Ответвить 0
Файлы Задачи 0 Вики
Дерево: 88eee5e6ae
Ветки Метки
hestiacp
/
web
/
edit
/
user
/
index.php

index.php 15 KB
История Исходник

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588 
  1. <?php
    2. 

  2. use function Hestiacp\quoteshellarg\quoteshellarg;
    3. 

  3. 

  4. ob_start();
    5. 

  5. $TAB = "USER";
    6. 

  6. 

  7. // Main include
    8. 

  8. include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
    9. 

  9. 

  10. // Check user argument
    11. 

  11. if (empty($_GET["user"])) {
    12. 

  12. 	header("Location: /list/user/");
    13. 

  13. 	exit();
    14. 

  14. }
    15. 

  15. 

  16. // Edit as someone else?
    17. 

  17. if ($_SESSION["userContext"] === "admin" && !empty($_GET["user"])) {
    18. 

  18. 	$user = $_GET["user"];
    19. 

  19. 	$v_username = $_GET["user"];
    20. 

  20. } else {
    21. 

  21. 	$user = $_SESSION["user"];
    22. 

  22. 	$v_username = $_SESSION["user"];
    23. 

  23. }
    24. 

  24. 

  25. // Prevent other users with admin privileges from editing properties of default 'admin' user
    26. 

  26. if (
    27. 

  27. 	($_SESSION["userContext"] === "admin" &&
    28. 

  28. 		$_SESSION["look"] != "" &&
    29. 

  29. 		$user == $_SESSION["ROOT_USER"]) ||
    30. 

  30. 	($_SESSION["userContext"] === "admin" &&
    31. 

  31. 		!isset($_SESSION["look"]) &&
    32. 

  32. 		$user == "admin" &&
    33. 

  33. 		$_SESSION["user"] != $_SESSION["ROOT_USER"])
    34. 

  34. ) {
    35. 

  35. 	header("Location: /list/user/");
    36. 

  36. 	exit();
    37. 

  37. }
    38. 

  38. 

  39. // Check token
    40. 

  40. verify_csrf($_GET);
    41. 

  41. 

  42. // List user
    43. 

  43. exec(HESTIA_CMD . "v-list-user " . quoteshellarg($v_username) . " json", $output, $return_var);
    44. 

  44. check_return_code_redirect($return_var, $output, "/list/user/");
    45. 

  45. 

  46. $data = json_decode(implode("", $output), true);
    47. 

  47. unset($output);
    48. 

  48. 

  49. // Parse user
    50. 

  50. $v_password = "";
    51. 

  51. $v_email = $data[$v_username]["CONTACT"];
    52. 

  52. $v_package = $data[$v_username]["PACKAGE"];
    53. 

  53. $v_language = $data[$v_username]["LANGUAGE"];
    54. 

  54. $v_user_theme = $data[$v_username]["THEME"];
    55. 

  55. $v_sort_order = $data[$v_username]["PREF_UI_SORT"];
    56. 

  56. $v_name = $data[$v_username]["NAME"];
    57. 

  57. $v_shell = $data[$v_username]["SHELL"];
    58. 

  58. $v_shell_jail_enabled = $data[$v_username]["SHELL_JAIL_ENABLED"];
    59. 

  59. $v_twofa = $data[$v_username]["TWOFA"];
    60. 

  60. $v_qrcode = $data[$v_username]["QRCODE"];
    61. 

  61. $v_phpcli = $data[$v_username]["PHPCLI"];
    62. 

  62. $v_role = $data[$v_username]["ROLE"];
    63. 

  63. $v_login_disabled = $data[$v_username]["LOGIN_DISABLED"];
    64. 

  64. $v_login_use_iplist = $data[$v_username]["LOGIN_USE_IPLIST"];
    65. 

  65. $v_login_allowed_ips = $data[$v_username]["LOGIN_ALLOW_IPS"];
    66. 

  66. $v_ns = $data[$v_username]["NS"];
    67. 

  67. $nameservers = explode(",", $v_ns);
    68. 

  68. if (empty($nameservers[0])) {
    69. 

  69. 	$v_ns1 = "";
    70. 

  70. } else {
    71. 

  71. 	$v_ns1 = $nameservers[0];
    72. 

  72. }
    73. 

  73. if (empty($nameservers[1])) {
    74. 

  74. 	$v_ns2 = "";
    75. 

  75. } else {
    76. 

  76. 	$v_ns2 = $nameservers[1];
    77. 

  77. }
    78. 

  78. if (empty($nameservers[2])) {
    79. 

  79. 	$v_ns3 = "";
    80. 

  80. } else {
    81. 

  81. 	$v_ns3 = $nameservers[2];
    82. 

  82. }
    83. 

  83. if (empty($nameservers[3])) {
    84. 

  84. 	$v_ns4 = "";
    85. 

  85. } else {
    86. 

  86. 	$v_ns4 = $nameservers[3];
    87. 

  87. }
    88. 

  88. if (empty($nameservers[4])) {
    89. 

  89. 	$v_ns5 = "";
    90. 

  90. } else {
    91. 

  91. 	$v_ns5 = $nameservers[4];
    92. 

  92. }
    93. 

  93. if (empty($nameservers[5])) {
    94. 

  94. 	$v_ns6 = "";
    95. 

  95. } else {
    96. 

  96. 	$v_ns6 = $nameservers[5];
    97. 

  97. }
    98. 

  98. if (empty($nameservers[6])) {
    99. 

  99. 	$v_ns7 = "";
    100. 

  100. } else {
    101. 

  101. 	$v_ns7 = $nameservers[6];
    102. 

  102. }
    103. 

  103. if (empty($nameservers[7])) {
    104. 

  104. 	$v_ns8 = "";
    105. 

  105. } else {
    106. 

  106. 	$v_ns8 = $nameservers[7];
    107. 

  107. }
    108. 

  108. 

  109. $v_suspended = $data[$v_username]["SUSPENDED"];
    110. 

  110. if ($v_suspended == "yes") {
    111. 

  111. 	$v_status = "suspended";
    112. 

  112. } else {
    113. 

  113. 	$v_status = "active";
    114. 

  114. }
    115. 

  115. $v_time = $data[$v_username]["TIME"];
    116. 

  116. $v_date = $data[$v_username]["DATE"];
    117. 

  117. 

  118. if (empty($v_phpcli)) {
    119. 

  119. 	$v_phpcli = substr(DEFAULT_PHP_VERSION, 4);
    120. 

  120. }
    121. 

  121. 

  122. // List packages
    123. 

  123. exec(HESTIA_CMD . "v-list-user-packages json", $output, $return_var);
    124. 

  124. $packages = json_decode(implode("", $output), true);
    125. 

  125. unset($output);
    126. 

  126. 

  127. // List languages
    128. 

  128. exec(HESTIA_CMD . "v-list-sys-languages json", $output, $return_var);
    129. 

  129. $language = json_decode(implode("", $output), true);
    130. 

  130. foreach ($language as $lang) {
    131. 

  131. 	$languages[$lang] = translate_json($lang);
    132. 

  132. }
    133. 

  133. asort($languages);
    134. 

  134. unset($output);
    135. 

  135. 

  136. // List themes
    137. 

  137. exec(HESTIA_CMD . "v-list-sys-themes json", $output, $return_var);
    138. 

  138. $themes = json_decode(implode("", $output), true);
    139. 

  139. unset($output);
    140. 

  140. 

  141. // List shells
    142. 

  142. exec(HESTIA_CMD . "v-list-sys-shells json", $output, $return_var);
    143. 

  143. $shells = json_decode(implode("", $output), true);
    144. 

  144. unset($output);
    145. 

  145. 

  146. //List PHP Versions
    147. 

  147. // List supported php versions
    148. 

  148. exec(HESTIA_CMD . "v-list-sys-php json", $output, $return_var);
    149. 

  149. $php_versions = json_decode(implode("", $output), true);
    150. 

  150. unset($output);
    151. 

  151. 

  152. // Check POST request
    153. 

  153. if (!empty($_POST["save"])) {
    154. 

  154. 	// Check token
    155. 

  155. 	verify_csrf($_POST);
    156. 

  156. 

  157. 	// Change password
    158. 

  158. 	if (!empty($_POST["v_password"]) && empty($_SESSION["error_msg"])) {
    159. 

  159. 		// Check password length
    160. 

  160. 		$pw_len = strlen($_POST["v_password"]);
    161. 

  161. 		if (!validate_password($_POST["v_password"])) {
    162. 

  162. 			$_SESSION["error_msg"] = _("Password does not match the minimum requirements.");
    163. 

  163. 		}
    164. 

  164. 		if (empty($_SESSION["error_msg"])) {
    165. 

  165. 			$v_password = tempnam("/tmp", "vst");
    166. 

  166. 			$fp = fopen($v_password, "w");
    167. 

  167. 			fwrite($fp, $_POST["v_password"] . "\n");
    168. 

  168. 			fclose($fp);
    169. 

  169. 			exec(
    170. 

  170. 				HESTIA_CMD .
    171. 

  171. 					"v-change-user-password " .
    172. 

  172. 					quoteshellarg($v_username) .
    173. 

  173. 					" " .
    174. 

  174. 					$v_password,
    175. 

  175. 				$output,
    176. 

  176. 				$return_var,
    177. 

  177. 			);
    178. 

  178. 			check_return_code($return_var, $output);
    179. 

  179. 			unset($output);
    180. 

  180. 			unlink($v_password);
    181. 

  181. 			$v_password = quoteshellarg($_POST["v_password"]);
    182. 

  182. 		}
    183. 

  183. 	}
    184. 

  184. 

  185. 	// Enable twofa
    186. 

  186. 	if (!empty($_POST["v_twofa"]) && empty($v_twofa) && empty($_SESSION["error_msg"])) {
    187. 

  187. 		exec(HESTIA_CMD . "v-add-user-2fa " . quoteshellarg($v_username), $output, $return_var);
    188. 

  188. 		check_return_code($return_var, $output);
    189. 

  189. 		unset($output);
    190. 

  190. 

  191. 		// List user
    192. 

  192. 		exec(
    193. 

  193. 			HESTIA_CMD . "v-list-user " . quoteshellarg($v_username) . " json",
    194. 

  194. 			$output,
    195. 

  195. 			$return_var,
    196. 

  196. 		);
    197. 

  197. 		check_return_code($return_var, $output);
    198. 

  198. 		$data = json_decode(implode("", $output), true);
    199. 

  199. 		unset($output);
    200. 

  200. 

  201. 		// Parse user twofa
    202. 

  202. 		$v_twofa = $data[$v_username]["TWOFA"];
    203. 

  203. 		$v_qrcode = $data[$v_username]["QRCODE"];
    204. 

  204. 	}
    205. 

  205. 

  206. 	// Disable twofa
    207. 

  207. 	if (empty($_POST["v_twofa"]) && !empty($v_twofa) && empty($_SESSION["error_msg"])) {
    208. 

  208. 		exec(HESTIA_CMD . "v-delete-user-2fa " . quoteshellarg($v_username), $output, $return_var);
    209. 

  209. 		check_return_code($return_var, $output);
    210. 

  210. 		unset($output);
    211. 

  211. 		$v_twofa = "";
    212. 

  212. 		$v_qrcode = "";
    213. 

  213. 	}
    214. 

  214. 

  215. 	// Change default sort order
    216. 

  216. 	if ($v_sort_order != $_POST["v_sort_order"] && empty($_SESSION["error_msg"])) {
    217. 

  217. 		$v_sort_order = quoteshellarg($_POST["v_sort_order"]);
    218. 

  218. 		exec(
    219. 

  219. 			HESTIA_CMD .
    220. 

  220. 				"v-change-user-sort-order " .
    221. 

  221. 				quoteshellarg($v_username) .
    222. 

  222. 				" " .
    223. 

  223. 				$v_sort_order,
    224. 

  224. 			$output,
    225. 

  225. 			$return_var,
    226. 

  226. 		);
    227. 

  227. 		check_return_code($return_var, $output);
    228. 

  228. 		unset($_SESSION["userSortOrder"]);
    229. 

  229. 		$_SESSION["userSortOrder"] = $v_sort_order;
    230. 

  230. 		unset($output);
    231. 

  231. 	}
    232. 

  232. 

  233. 	// Update Control Panel login disabled status (admin only)
    234. 

  234. 	if (empty($_SESSION["error_msg"])) {
    235. 

  235. 		if (empty($_POST["v_login_disabled"])) {
    236. 

  236. 			$_POST["v_login_disabled"] = "";
    237. 

  237. 		}
    238. 

  238. 		if ($_POST["v_login_disabled"] != $v_login_disabled) {
    239. 

  239. 			if ($_POST["v_login_disabled"] == "on") {
    240. 

  240. 				$_POST["v_login_disabled"] = "yes";
    241. 

  241. 			} else {
    242. 

  242. 				$_POST["v_login_disabled"] = "no";
    243. 

  243. 			}
    244. 

  244. 			exec(
    245. 

  245. 				HESTIA_CMD .
    246. 

  246. 					"v-change-user-config-value " .
    247. 

  247. 					quoteshellarg($v_username) .
    248. 

  248. 					" LOGIN_DISABLED " .
    249. 

  249. 					quoteshellarg($_POST["v_login_disabled"]),
    250. 

  250. 				$output,
    251. 

  251. 				$return_var,
    252. 

  252. 			);
    253. 

  253. 			check_return_code($return_var, $output);
    254. 

  254. 			$data[$user]["LOGIN_DISABLED"] = $_POST["v_login_disabled"];
    255. 

  255. 			unset($output);
    256. 

  256. 		}
    257. 

  257. 	}
    258. 

  258. 

  259. 	// Update IP whitelist option
    260. 

  260. 	if (empty($_SESSION["error_msg"])) {
    261. 

  261. 		if (empty($_POST["v_login_use_iplist"])) {
    262. 

  262. 			$_POST["v_login_use_iplist"] = "";
    263. 

  263. 		}
    264. 

  264. 		if ($_POST["v_login_use_iplist"] != $v_login_use_iplist) {
    265. 

  265. 			if ($_POST["v_login_use_iplist"] == "on") {
    266. 

  266. 				$_POST["v_login_use_iplist"] = "yes";
    267. 

  267. 			} else {
    268. 

  268. 				$_POST["v_login_use_iplist"] = "no";
    269. 

  269. 			}
    270. 

  270. 			exec(
    271. 

  271. 				HESTIA_CMD .
    272. 

  272. 					"v-change-user-config-value " .
    273. 

  273. 					quoteshellarg($v_username) .
    274. 

  274. 					" LOGIN_USE_IPLIST " .
    275. 

  275. 					quoteshellarg($_POST["v_login_use_iplist"]),
    276. 

  276. 				$output,
    277. 

  277. 				$return_var,
    278. 

  278. 			);
    279. 

  279. 			if ($_POST["v_login_use_iplist"] === "no") {
    280. 

  280. 				exec(
    281. 

  281. 					HESTIA_CMD .
    282. 

  282. 						"v-change-user-config-value " .
    283. 

  283. 						quoteshellarg($v_username) .
    284. 

  284. 						" LOGIN_ALLOW_IPS ''",
    285. 

  285. 					$output,
    286. 

  286. 					$return_var,
    287. 

  287. 				);
    288. 

  288. 				$v_login_allowed_ips = "";
    289. 

  289. 			} else {
    290. 

  290. 				exec(
    291. 

  291. 					HESTIA_CMD .
    292. 

  292. 						"v-change-user-config-value " .
    293. 

  293. 						quoteshellarg($v_username) .
    294. 

  294. 						" LOGIN_ALLOW_IPS " .
    295. 

  295. 						quoteshellarg($_POST["v_login_allowed_ips"]),
    296. 

  296. 					$output,
    297. 

  297. 					$return_var,
    298. 

  298. 				);
    299. 

  299. 				unset($v_login_allowed_ips);
    300. 

  300. 				$v_login_allowed_ips = $_POST["v_login_allowed_ips"];
    301. 

  301. 			}
    302. 

  302. 			check_return_code($return_var, $output);
    303. 

  303. 			$data[$user]["LOGIN_USE_IPLIST"] = $_POST["v_login_use_iplist"];
    304. 

  304. 			unset($output);
    305. 

  305. 		}
    306. 

  306. 	}
    307. 

  307. 

  308. 	if ($_SESSION["userContext"] === "admin") {
    309. 

  309. 		// Change package (admin only)
    310. 

  310. 		if (
    311. 

  311. 			$v_package != $_POST["v_package"] &&
    312. 

  312. 			$_SESSION["userContext"] === "admin" &&
    313. 

  313. 			empty($_SESSION["error_msg"])
    314. 

  314. 		) {
    315. 

  315. 			$v_package = quoteshellarg($_POST["v_package"]);
    316. 

  316. 			exec(
    317. 

  317. 				HESTIA_CMD .
    318. 

  318. 					"v-change-user-package " .
    319. 

  319. 					quoteshellarg($v_username) .
    320. 

  320. 					" " .
    321. 

  321. 					$v_package,
    322. 

  322. 				$output,
    323. 

  323. 				$return_var,
    324. 

  324. 			);
    325. 

  325. 			check_return_code($return_var, $output);
    326. 

  326. 			unset($output);
    327. 

  327. 		}
    328. 

  328. 

  329. 		// Change phpcli (admin only)
    330. 

  330. 		if (
    331. 

  331. 			$v_phpcli != $_POST["v_phpcli"] &&
    332. 

  332. 			$_SESSION["userContext"] === "admin" &&
    333. 

  333. 			empty($_SESSION["error_msg"])
    334. 

  334. 		) {
    335. 

  335. 			$v_phpcli = quoteshellarg($_POST["v_phpcli"]);
    336. 

  336. 			exec(
    337. 

  337. 				HESTIA_CMD .
    338. 

  338. 					"v-change-user-php-cli " .
    339. 

  339. 					quoteshellarg($v_username) .
    340. 

  340. 					" " .
    341. 

  341. 					$v_phpcli,
    342. 

  342. 				$output,
    343. 

  343. 				$return_var,
    344. 

  344. 			);
    345. 

  345. 			check_return_code($return_var, $output);
    346. 

  346. 			unset($output);
    347. 

  347. 		}
    348. 

  348. 

  349. 		$_POST["v_role"] = $_POST["v_role"] ?? "";
    350. 

  350. 

  351. 		if (
    352. 

  352. 			$v_role != $_POST["v_role"] &&
    353. 

  353. 			$_SESSION["userContext"] === "admin" &&
    354. 

  354. 			$v_username != "admin" &&
    355. 

  355. 			empty($_SESSION["error_msg"])
    356. 

  356. 		) {
    357. 

  357. 			if (!empty($_POST["v_role"])) {
    358. 

  358. 				$v_role = quoteshellarg($_POST["v_role"]);
    359. 

  359. 				exec(
    360. 

  360. 					HESTIA_CMD . "v-change-user-role " . quoteshellarg($v_username) . " " . $v_role,
    361. 

  361. 					$output,
    362. 

  362. 					$return_var,
    363. 

  363. 				);
    364. 

  364. 				check_return_code($return_var, $output);
    365. 

  365. 				unset($output);
    366. 

  366. 				$v_role = $_POST["v_role"];
    367. 

  367. 			}
    368. 

  368. 		}
    369. 

  369. 		// Change shell (admin only)
    370. 

  370. 		if (!empty($_POST["v_shell"])) {
    371. 

  371. 			if (empty($_POST["v_shell_jail_enabled"])) {
    372. 

  372. 				$_POST["v_shell_jail_enabled"] = "no";
    373. 

  373. 			}
    374. 

  374. 

  375. 			if (
    376. 

  376. 				in_array($_POST["v_shell"], ["nologin", "rssh"]) &&
    377. 

  377. 				$_POST["v_shell_jail_enabled"] == "yes"
    378. 

  378. 			) {
    379. 

  379. 				$_SESSION["error_msg"] = _(
    380. 

  380. 					"Cannot combine nologin and rssh shell with jailed shell.",
    381. 

  381. 				);
    382. 

  382. 			}
    383. 

  383. 

  384. 			if (
    385. 

  385. 				($v_shell != $_POST["v_shell"] ||
    386. 

  386. 					$v_shell_jail_enabled != $_POST["v_shell_jail_enabled"]) &&
    387. 

  387. 				$_SESSION["userContext"] === "admin" &&
    388. 

  388. 				empty($_SESSION["error_msg"])
    389. 

  389. 			) {
    390. 

  390. 				$v_shell = quoteshellarg($_POST["v_shell"]);
    391. 

  391. 				$v_shell_jail_enabled = quoteshellarg($_POST["v_shell_jail_enabled"]);
    392. 

  392. 

  393. 				exec(
    394. 

  394. 					HESTIA_CMD .
    395. 

  395. 						"v-change-user-shell " .
    396. 

  396. 						quoteshellarg($v_username) .
    397. 

  397. 						" " .
    398. 

  398. 						$v_shell .
    399. 

  399. 						" " .
    400. 

  400. 						$v_shell_jail_enabled,
    401. 

  401. 					$output,
    402. 

  402. 					$return_var,
    403. 

  403. 				);
    404. 

  404. 				check_return_code($return_var, $output);
    405. 

  405. 				unset($output);
    406. 

  406. 			}
    407. 

  407. 		}
    408. 

  408. 	}
    409. 

  409. 	// Change language
    410. 

  410. 	if ($v_language != $_POST["v_language"] && empty($_SESSION["error_msg"])) {
    411. 

  411. 		$v_language = quoteshellarg($_POST["v_language"]);
    412. 

  412. 		exec(
    413. 

  413. 			HESTIA_CMD . "v-change-user-language " . quoteshellarg($v_username) . " " . $v_language,
    414. 

  414. 			$output,
    415. 

  415. 			$return_var,
    416. 

  416. 		);
    417. 

  417. 		check_return_code($return_var, $output);
    418. 

  418. 		if (empty($_SESSION["error_msg"])) {
    419. 

  419. 			if ($_GET["user"] == $_SESSION["user"]) {
    420. 

  420. 				unset($_SESSION["language"]);
    421. 

  421. 				$_SESSION["language"] = $_POST["v_language"];
    422. 

  422. 				$refresh = $_SERVER["REQUEST_URI"];
    423. 

  423. 				header("Location: $refresh");
    424. 

  424. 			}
    425. 

  425. 		}
    426. 

  426. 		unset($output);
    427. 

  427. 	}
    428. 

  428. 

  429. 	// Change contact email
    430. 

  430. 	if ($v_email != $_POST["v_email"] && empty($_SESSION["error_msg"])) {
    431. 

  431. 		if (!filter_var($_POST["v_email"], FILTER_VALIDATE_EMAIL)) {
    432. 

  432. 			$_SESSION["error_msg"] = _("Please enter a valid email address.");
    433. 

  433. 		} else {
    434. 

  434. 			$v_email = quoteshellarg($_POST["v_email"]);
    435. 

  435. 			exec(
    436. 

  436. 				HESTIA_CMD . "v-change-user-contact " . quoteshellarg($v_username) . " " . $v_email,
    437. 

  437. 				$output,
    438. 

  438. 				$return_var,
    439. 

  439. 			);
    440. 

  440. 			check_return_code($return_var, $output);
    441. 

  441. 			unset($output);
    442. 

  442. 		}
    443. 

  443. 	}
    444. 

  444. 

  445. 	// Change full name
    446. 

  446. 	if ($v_name != $_POST["v_name"]) {
    447. 

  447. 		if (empty($_POST["v_name"])) {
    448. 

  448. 			$_SESSION["error_msg"] = _("Please enter a valid contact name.");
    449. 

  449. 		} else {
    450. 

  450. 			$v_name = quoteshellarg($_POST["v_name"]);
    451. 

  451. 			exec(
    452. 

  452. 				HESTIA_CMD . "v-change-user-name " . quoteshellarg($v_username) . " " . $v_name,
    453. 

  453. 				$output,
    454. 

  454. 				$return_var,
    455. 

  455. 			);
    456. 

  456. 			check_return_code($return_var, $output);
    457. 

  457. 			unset($output);
    458. 

  458. 			$v_name = $_POST["v_name"];
    459. 

  459. 		}
    460. 

  460. 	}
    461. 

  461. 

  462. 	// Update theme
    463. 

  463. 	if (empty($_SESSION["error_msg"])) {
    464. 

  464. 		if (empty($_SESSION["userTheme"])) {
    465. 

  465. 			$_SESSION["userTheme"] = "";
    466. 

  466. 		}
    467. 

  467. 		if ($_POST["v_user_theme"] != $_SESSION["userTheme"]) {
    468. 

  468. 			exec(
    469. 

  469. 				HESTIA_CMD .
    470. 

  470. 					"v-change-user-theme " .
    471. 

  471. 					quoteshellarg($v_username) .
    472. 

  472. 					" " .
    473. 

  473. 					quoteshellarg($_POST["v_user_theme"]),
    474. 

  474. 				$output,
    475. 

  475. 				$return_var,
    476. 

  476. 			);
    477. 

  477. 			check_return_code($return_var, $output);
    478. 

  478. 			unset($output);
    479. 

  479. 			$v_user_theme = $_POST["v_user_theme"];
    480. 

  480. 			if ($_SESSION["user"] === $v_username) {
    481. 

  481. 				unset($_SESSION["userTheme"]);
    482. 

  482. 				$_SESSION["userTheme"] = $v_user_theme;
    483. 

  483. 			}
    484. 

  484. 		}
    485. 

  485. 	}
    486. 

  486. 

  487. 	if (!empty($_SESSION["DNS_SYSTEM"])) {
    488. 

  488. 		if ($_SESSION["userContext"] === "admin") {
    489. 

  489. 			// Change NameServers
    490. 

  490. 			if (empty($_POST["v_ns1"])) {
    491. 

  491. 				$_POST["v_ns1"] = "";
    492. 

  492. 			}
    493. 

  493. 			if (empty($_POST["v_ns2"])) {
    494. 

  494. 				$_POST["v_ns2"] = "";
    495. 

  495. 			}
    496. 

  496. 			if (empty($_POST["v_ns3"])) {
    497. 

  497. 				$_POST["v_ns3"] = "";
    498. 

  498. 			}
    499. 

  499. 			if (empty($_POST["v_ns4"])) {
    500. 

  500. 				$_POST["v_ns4"] = "";
    501. 

  501. 			}
    502. 

  502. 			if (empty($_POST["v_ns5"])) {
    503. 

  503. 				$_POST["v_ns5"] = "";
    504. 

  504. 			}
    505. 

  505. 			if (empty($_POST["v_ns6"])) {
    506. 

  506. 				$_POST["v_ns6"] = "";
    507. 

  507. 			}
    508. 

  508. 			if (empty($_POST["v_ns7"])) {
    509. 

  509. 				$_POST["v_ns7"] = "";
    510. 

  510. 			}
    511. 

  511. 			if (empty($_POST["v_ns8"])) {
    512. 

  512. 				$_POST["v_ns8"] = "";
    513. 

  513. 			}
    514. 

  514. 

  515. 			if (
    516. 

  516. 				$v_ns1 != $_POST["v_ns1"] ||
    517. 

  517. 				$v_ns2 != $_POST["v_ns2"] ||
    518. 

  518. 				$v_ns3 != $_POST["v_ns3"] ||
    519. 

  519. 				$v_ns4 != $_POST["v_ns4"] ||
    520. 

  520. 				$v_ns5 != $_POST["v_ns5"] ||
    521. 

  521. 				$v_ns6 != $_POST["v_ns6"] ||
    522. 

  522. 				$v_ns7 != $_POST["v_ns7"] ||
    523. 

  523. 				($v_ns8 != $_POST["v_ns8"] &&
    524. 

  524. 					empty($_SESSION["error_msg"] && !empty($_POST["v_ns1"]) && $_POST["v_ns2"]))
    525. 

  525. 			) {
    526. 

  526. 				$v_ns1 = quoteshellarg($_POST["v_ns1"]);
    527. 

  527. 				$v_ns2 = quoteshellarg($_POST["v_ns2"]);
    528. 

  528. 				$v_ns3 = quoteshellarg($_POST["v_ns3"]);
    529. 

  529. 				$v_ns4 = quoteshellarg($_POST["v_ns4"]);
    530. 

  530. 				$v_ns5 = quoteshellarg($_POST["v_ns5"]);
    531. 

  531. 				$v_ns6 = quoteshellarg($_POST["v_ns6"]);
    532. 

  532. 				$v_ns7 = quoteshellarg($_POST["v_ns7"]);
    533. 

  533. 				$v_ns8 = quoteshellarg($_POST["v_ns8"]);
    534. 

  534. 

  535. 				$ns_cmd =
    536. 

  536. 					HESTIA_CMD .
    537. 

  537. 					"v-change-user-ns " .
    538. 

  538. 					quoteshellarg($v_username) .
    539. 

  539. 					" " .
    540. 

  540. 					$v_ns1 .
    541. 

  541. 					" " .
    542. 

  542. 					$v_ns2;
    543. 

  543. 				if (!empty($_POST["v_ns3"])) {
    544. 

  544. 					$ns_cmd = $ns_cmd . " " . $v_ns3;
    545. 

  545. 				}
    546. 

  546. 				if (!empty($_POST["v_ns4"])) {
    547. 

  547. 					$ns_cmd = $ns_cmd . " " . $v_ns4;
    548. 

  548. 				}
    549. 

  549. 				if (!empty($_POST["v_ns5"])) {
    550. 

  550. 					$ns_cmd = $ns_cmd . " " . $v_ns5;
    551. 

  551. 				}
    552. 

  552. 				if (!empty($_POST["v_ns6"])) {
    553. 

  553. 					$ns_cmd = $ns_cmd . " " . $v_ns6;
    554. 

  554. 				}
    555. 

  555. 				if (!empty($_POST["v_ns7"])) {
    556. 

  556. 					$ns_cmd = $ns_cmd . " " . $v_ns7;
    557. 

  557. 				}
    558. 

  558. 				if (!empty($_POST["v_ns8"])) {
    559. 

  559. 					$ns_cmd = $ns_cmd . " " . $v_ns8;
    560. 

  560. 				}
    561. 

  561. 				exec($ns_cmd, $output, $return_var);
    562. 

  562. 				check_return_code($return_var, $output);
    563. 

  563. 				unset($output);
    564. 

  564. 

  565. 				$v_ns1 = str_replace("'", "", $v_ns1);
    566. 

  566. 				$v_ns2 = str_replace("'", "", $v_ns2);
    567. 

  567. 				$v_ns3 = str_replace("'", "", $v_ns3);
    568. 

  568. 				$v_ns4 = str_replace("'", "", $v_ns4);
    569. 

  569. 				$v_ns5 = str_replace("'", "", $v_ns5);
    570. 

  570. 				$v_ns6 = str_replace("'", "", $v_ns6);
    571. 

  571. 				$v_ns7 = str_replace("'", "", $v_ns7);
    572. 

  572. 				$v_ns8 = str_replace("'", "", $v_ns8);
    573. 

  573. 			}
    574. 

  574. 		}
    575. 

  575. 	}
    576. 

  576. 

  577. 	// Set success message
    578. 

  578. 	if (empty($_SESSION["error_msg"])) {
    579. 

  579. 		$_SESSION["ok_msg"] = _("Changes have been saved.");
    580. 

  580. 	}
    581. 

  581. }
    582. 

  582. 

  583. // Render page
    584. 

  584. render_page($user, $TAB, "edit_user");
    585. 

  585. 

  586. // Flush session messages
    587. 

  587. unset($_SESSION["error_msg"]);
    588. 

  588. unset($_SESSION["ok_msg"]);
    589.