Главная Обзор Помощь
Вход
yosoyhendrix
/
hestiacp
зеркало из https://github.com/hestiacp/hestiacp
1
0
Ответвить 0
Файлы Задачи 0 Вики
Ветка: releases/v1.8
Ветки Метки
hestiacp
/
web
/
edit
/
user
/
index.php

index.php 14 KB
Постоянная ссылка История Исходник

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567 
  1. <?php
    2. 

  2. use function Hestiacp\quoteshellarg\quoteshellarg;
    3. 

  3. 

  4. ob_start();
    5. 

  5. $TAB = "USER";
    6. 

  6. 

  7. // Main include
    8. 

  8. include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
    9. 

  9. 

  10. // Check user argument
    11. 

  11. if (empty($_GET["user"])) {
    12. 

  12. 	header("Location: /list/user/");
    13. 

  13. 	exit();
    14. 

  14. }
    15. 

  15. 

  16. // Edit as someone else?
    17. 

  17. if ($_SESSION["userContext"] === "admin" && !empty($_GET["user"])) {
    18. 

  18. 	$user = $_GET["user"];
    19. 

  19. 	$v_username = $_GET["user"];
    20. 

  20. } else {
    21. 

  21. 	$user = $_SESSION["user"];
    22. 

  22. 	$v_username = $_SESSION["user"];
    23. 

  23. }
    24. 

  24. 

  25. // Prevent other users with admin privileges from editing properties of default 'admin' user
    26. 

  26. if (
    27. 

  27. 	($_SESSION["userContext"] === "admin" && $_SESSION["look"] != "" && $user == "admin") ||
    28. 

  28. 	($_SESSION["userContext"] === "admin" &&
    29. 

  29. 		!isset($_SESSION["look"]) &&
    30. 

  30. 		$user == "admin" &&
    31. 

  31. 		$_SESSION["user"] != "admin")
    32. 

  32. ) {
    33. 

  33. 	header("Location: /list/user/");
    34. 

  34. 	exit();
    35. 

  35. }
    36. 

  36. 

  37. // Check token
    38. 

  38. verify_csrf($_GET);
    39. 

  39. 

  40. // List user
    41. 

  41. exec(HESTIA_CMD . "v-list-user " . quoteshellarg($v_username) . " json", $output, $return_var);
    42. 

  42. check_return_code_redirect($return_var, $output, "/list/user/");
    43. 

  43. 

  44. $data = json_decode(implode("", $output), true);
    45. 

  45. unset($output);
    46. 

  46. 

  47. // Parse user
    48. 

  48. $v_password = "";
    49. 

  49. $v_email = $data[$v_username]["CONTACT"];
    50. 

  50. $v_package = $data[$v_username]["PACKAGE"];
    51. 

  51. $v_language = $data[$v_username]["LANGUAGE"];
    52. 

  52. $v_user_theme = $data[$v_username]["THEME"];
    53. 

  53. $v_sort_order = $data[$v_username]["PREF_UI_SORT"];
    54. 

  54. $v_name = $data[$v_username]["NAME"];
    55. 

  55. $v_shell = $data[$v_username]["SHELL"];
    56. 

  56. $v_twofa = $data[$v_username]["TWOFA"];
    57. 

  57. $v_qrcode = $data[$v_username]["QRCODE"];
    58. 

  58. $v_phpcli = $data[$v_username]["PHPCLI"];
    59. 

  59. $v_role = $data[$v_username]["ROLE"];
    60. 

  60. $v_login_disabled = $data[$v_username]["LOGIN_DISABLED"];
    61. 

  61. $v_login_use_iplist = $data[$v_username]["LOGIN_USE_IPLIST"];
    62. 

  62. $v_login_allowed_ips = $data[$v_username]["LOGIN_ALLOW_IPS"];
    63. 

  63. $v_ns = $data[$v_username]["NS"];
    64. 

  64. $nameservers = explode(",", $v_ns);
    65. 

  65. if (empty($nameservers[0])) {
    66. 

  66. 	$v_ns1 = "";
    67. 

  67. } else {
    68. 

  68. 	$v_ns1 = $nameservers[0];
    69. 

  69. }
    70. 

  70. if (empty($nameservers[1])) {
    71. 

  71. 	$v_ns2 = "";
    72. 

  72. } else {
    73. 

  73. 	$v_ns2 = $nameservers[1];
    74. 

  74. }
    75. 

  75. if (empty($nameservers[2])) {
    76. 

  76. 	$v_ns3 = "";
    77. 

  77. } else {
    78. 

  78. 	$v_ns3 = $nameservers[2];
    79. 

  79. }
    80. 

  80. if (empty($nameservers[3])) {
    81. 

  81. 	$v_ns4 = "";
    82. 

  82. } else {
    83. 

  83. 	$v_ns4 = $nameservers[3];
    84. 

  84. }
    85. 

  85. if (empty($nameservers[4])) {
    86. 

  86. 	$v_ns5 = "";
    87. 

  87. } else {
    88. 

  88. 	$v_ns5 = $nameservers[4];
    89. 

  89. }
    90. 

  90. if (empty($nameservers[5])) {
    91. 

  91. 	$v_ns6 = "";
    92. 

  92. } else {
    93. 

  93. 	$v_ns6 = $nameservers[5];
    94. 

  94. }
    95. 

  95. if (empty($nameservers[6])) {
    96. 

  96. 	$v_ns7 = "";
    97. 

  97. } else {
    98. 

  98. 	$v_ns7 = $nameservers[6];
    99. 

  99. }
    100. 

  100. if (empty($nameservers[7])) {
    101. 

  101. 	$v_ns8 = "";
    102. 

  102. } else {
    103. 

  103. 	$v_ns8 = $nameservers[7];
    104. 

  104. }
    105. 

  105. 

  106. $v_suspended = $data[$v_username]["SUSPENDED"];
    107. 

  107. if ($v_suspended == "yes") {
    108. 

  108. 	$v_status = "suspended";
    109. 

  109. } else {
    110. 

  110. 	$v_status = "active";
    111. 

  111. }
    112. 

  112. $v_time = $data[$v_username]["TIME"];
    113. 

  113. $v_date = $data[$v_username]["DATE"];
    114. 

  114. 

  115. if (empty($v_phpcli)) {
    116. 

  116. 	$v_phpcli = substr(DEFAULT_PHP_VERSION, 4);
    117. 

  117. }
    118. 

  118. 

  119. // List packages
    120. 

  120. exec(HESTIA_CMD . "v-list-user-packages json", $output, $return_var);
    121. 

  121. $packages = json_decode(implode("", $output), true);
    122. 

  122. unset($output);
    123. 

  123. 

  124. // List languages
    125. 

  125. exec(HESTIA_CMD . "v-list-sys-languages json", $output, $return_var);
    126. 

  126. $language = json_decode(implode("", $output), true);
    127. 

  127. foreach ($language as $lang) {
    128. 

  128. 	$languages[$lang] = translate_json($lang);
    129. 

  129. }
    130. 

  130. asort($languages);
    131. 

  131. unset($output);
    132. 

  132. 

  133. // List themes
    134. 

  134. exec(HESTIA_CMD . "v-list-sys-themes json", $output, $return_var);
    135. 

  135. $themes = json_decode(implode("", $output), true);
    136. 

  136. unset($output);
    137. 

  137. 

  138. // List shells
    139. 

  139. exec(HESTIA_CMD . "v-list-sys-shells json", $output, $return_var);
    140. 

  140. $shells = json_decode(implode("", $output), true);
    141. 

  141. unset($output);
    142. 

  142. 

  143. //List PHP Versions
    144. 

  144. // List supported php versions
    145. 

  145. exec(HESTIA_CMD . "v-list-sys-php json", $output, $return_var);
    146. 

  146. $php_versions = json_decode(implode("", $output), true);
    147. 

  147. unset($output);
    148. 

  148. 

  149. // Check POST request
    150. 

  150. if (!empty($_POST["save"])) {
    151. 

  151. 	// Check token
    152. 

  152. 	verify_csrf($_POST);
    153. 

  153. 

  154. 	// Change password
    155. 

  155. 	if (!empty($_POST["v_password"]) && empty($_SESSION["error_msg"])) {
    156. 

  156. 		// Check password length
    157. 

  157. 		$pw_len = strlen($_POST["v_password"]);
    158. 

  158. 		if (!validate_password($_POST["v_password"])) {
    159. 

  159. 			$_SESSION["error_msg"] = _("Password does not match the minimum requirements.");
    160. 

  160. 		}
    161. 

  161. 		if (empty($_SESSION["error_msg"])) {
    162. 

  162. 			$v_password = tempnam("/tmp", "vst");
    163. 

  163. 			$fp = fopen($v_password, "w");
    164. 

  164. 			fwrite($fp, $_POST["v_password"] . "\n");
    165. 

  165. 			fclose($fp);
    166. 

  166. 			exec(
    167. 

  167. 				HESTIA_CMD .
    168. 

  168. 					"v-change-user-password " .
    169. 

  169. 					quoteshellarg($v_username) .
    170. 

  170. 					" " .
    171. 

  171. 					$v_password,
    172. 

  172. 				$output,
    173. 

  173. 				$return_var,
    174. 

  174. 			);
    175. 

  175. 			check_return_code($return_var, $output);
    176. 

  176. 			unset($output);
    177. 

  177. 			unlink($v_password);
    178. 

  178. 			$v_password = quoteshellarg($_POST["v_password"]);
    179. 

  179. 		}
    180. 

  180. 	}
    181. 

  181. 

  182. 	// Enable twofa
    183. 

  183. 	if (!empty($_POST["v_twofa"]) && empty($v_twofa) && empty($_SESSION["error_msg"])) {
    184. 

  184. 		exec(HESTIA_CMD . "v-add-user-2fa " . quoteshellarg($v_username), $output, $return_var);
    185. 

  185. 		check_return_code($return_var, $output);
    186. 

  186. 		unset($output);
    187. 

  187. 

  188. 		// List user
    189. 

  189. 		exec(
    190. 

  190. 			HESTIA_CMD . "v-list-user " . quoteshellarg($v_username) . " json",
    191. 

  191. 			$output,
    192. 

  192. 			$return_var,
    193. 

  193. 		);
    194. 

  194. 		check_return_code($return_var, $output);
    195. 

  195. 		$data = json_decode(implode("", $output), true);
    196. 

  196. 		unset($output);
    197. 

  197. 

  198. 		// Parse user twofa
    199. 

  199. 		$v_twofa = $data[$v_username]["TWOFA"];
    200. 

  200. 		$v_qrcode = $data[$v_username]["QRCODE"];
    201. 

  201. 	}
    202. 

  202. 

  203. 	// Disable twofa
    204. 

  204. 	if (empty($_POST["v_twofa"]) && !empty($v_twofa) && empty($_SESSION["error_msg"])) {
    205. 

  205. 		exec(HESTIA_CMD . "v-delete-user-2fa " . quoteshellarg($v_username), $output, $return_var);
    206. 

  206. 		check_return_code($return_var, $output);
    207. 

  207. 		unset($output);
    208. 

  208. 		$v_twofa = "";
    209. 

  209. 		$v_qrcode = "";
    210. 

  210. 	}
    211. 

  211. 

  212. 	// Change default sort order
    213. 

  213. 	if ($v_sort_order != $_POST["v_sort_order"] && empty($_SESSION["error_msg"])) {
    214. 

  214. 		$v_sort_order = quoteshellarg($_POST["v_sort_order"]);
    215. 

  215. 		exec(
    216. 

  216. 			HESTIA_CMD .
    217. 

  217. 				"v-change-user-sort-order " .
    218. 

  218. 				quoteshellarg($v_username) .
    219. 

  219. 				" " .
    220. 

  220. 				$v_sort_order,
    221. 

  221. 			$output,
    222. 

  222. 			$return_var,
    223. 

  223. 		);
    224. 

  224. 		check_return_code($return_var, $output);
    225. 

  225. 		unset($_SESSION["userSortOrder"]);
    226. 

  226. 		$_SESSION["userSortOrder"] = $v_sort_order;
    227. 

  227. 		unset($output);
    228. 

  228. 	}
    229. 

  229. 

  230. 	// Update Control Panel login disabled status (admin only)
    231. 

  231. 	if (empty($_SESSION["error_msg"])) {
    232. 

  232. 		if (empty($_POST["v_login_disabled"])) {
    233. 

  233. 			$_POST["v_login_disabled"] = "";
    234. 

  234. 		}
    235. 

  235. 		if ($_POST["v_login_disabled"] != $v_login_disabled) {
    236. 

  236. 			if ($_POST["v_login_disabled"] == "on") {
    237. 

  237. 				$_POST["v_login_disabled"] = "yes";
    238. 

  238. 			} else {
    239. 

  239. 				$_POST["v_login_disabled"] = "no";
    240. 

  240. 			}
    241. 

  241. 			exec(
    242. 

  242. 				HESTIA_CMD .
    243. 

  243. 					"v-change-user-config-value " .
    244. 

  244. 					quoteshellarg($v_username) .
    245. 

  245. 					" LOGIN_DISABLED " .
    246. 

  246. 					quoteshellarg($_POST["v_login_disabled"]),
    247. 

  247. 				$output,
    248. 

  248. 				$return_var,
    249. 

  249. 			);
    250. 

  250. 			check_return_code($return_var, $output);
    251. 

  251. 			$data[$user]["LOGIN_DISABLED"] = $_POST["v_login_disabled"];
    252. 

  252. 			unset($output);
    253. 

  253. 		}
    254. 

  254. 	}
    255. 

  255. 

  256. 	// Update IP whitelist option
    257. 

  257. 	if (empty($_SESSION["error_msg"])) {
    258. 

  258. 		if (empty($_POST["v_login_use_iplist"])) {
    259. 

  259. 			$_POST["v_login_use_iplist"] = "";
    260. 

  260. 		}
    261. 

  261. 		if ($_POST["v_login_use_iplist"] != $v_login_use_iplist) {
    262. 

  262. 			if ($_POST["v_login_use_iplist"] == "on") {
    263. 

  263. 				$_POST["v_login_use_iplist"] = "yes";
    264. 

  264. 			} else {
    265. 

  265. 				$_POST["v_login_use_iplist"] = "no";
    266. 

  266. 			}
    267. 

  267. 			exec(
    268. 

  268. 				HESTIA_CMD .
    269. 

  269. 					"v-change-user-config-value " .
    270. 

  270. 					quoteshellarg($v_username) .
    271. 

  271. 					" LOGIN_USE_IPLIST " .
    272. 

  272. 					quoteshellarg($_POST["v_login_use_iplist"]),
    273. 

  273. 				$output,
    274. 

  274. 				$return_var,
    275. 

  275. 			);
    276. 

  276. 			if ($_POST["v_login_use_iplist"] === "no") {
    277. 

  277. 				exec(
    278. 

  278. 					HESTIA_CMD .
    279. 

  279. 						"v-change-user-config-value " .
    280. 

  280. 						quoteshellarg($v_username) .
    281. 

  281. 						" LOGIN_ALLOW_IPS ''",
    282. 

  282. 					$output,
    283. 

  283. 					$return_var,
    284. 

  284. 				);
    285. 

  285. 				$v_login_allowed_ips = "";
    286. 

  286. 			} else {
    287. 

  287. 				exec(
    288. 

  288. 					HESTIA_CMD .
    289. 

  289. 						"v-change-user-config-value " .
    290. 

  290. 						quoteshellarg($v_username) .
    291. 

  291. 						" LOGIN_ALLOW_IPS " .
    292. 

  292. 						quoteshellarg($_POST["v_login_allowed_ips"]),
    293. 

  293. 					$output,
    294. 

  294. 					$return_var,
    295. 

  295. 				);
    296. 

  296. 				unset($v_login_allowed_ips);
    297. 

  297. 				$v_login_allowed_ips = $_POST["v_login_allowed_ips"];
    298. 

  298. 			}
    299. 

  299. 			check_return_code($return_var, $output);
    300. 

  300. 			$data[$user]["LOGIN_USE_IPLIST"] = $_POST["v_login_use_iplist"];
    301. 

  301. 			unset($output);
    302. 

  302. 		}
    303. 

  303. 	}
    304. 

  304. 

  305. 	if ($_SESSION["userContext"] === "admin") {
    306. 

  306. 		// Change package (admin only)
    307. 

  307. 		if (
    308. 

  308. 			$v_package != $_POST["v_package"] &&
    309. 

  309. 			$_SESSION["userContext"] === "admin" &&
    310. 

  310. 			empty($_SESSION["error_msg"])
    311. 

  311. 		) {
    312. 

  312. 			$v_package = quoteshellarg($_POST["v_package"]);
    313. 

  313. 			exec(
    314. 

  314. 				HESTIA_CMD .
    315. 

  315. 					"v-change-user-package " .
    316. 

  316. 					quoteshellarg($v_username) .
    317. 

  317. 					" " .
    318. 

  318. 					$v_package,
    319. 

  319. 				$output,
    320. 

  320. 				$return_var,
    321. 

  321. 			);
    322. 

  322. 			check_return_code($return_var, $output);
    323. 

  323. 			unset($output);
    324. 

  324. 		}
    325. 

  325. 

  326. 		// Change phpcli (admin only)
    327. 

  327. 		if (
    328. 

  328. 			$v_phpcli != $_POST["v_phpcli"] &&
    329. 

  329. 			$_SESSION["userContext"] === "admin" &&
    330. 

  330. 			empty($_SESSION["error_msg"])
    331. 

  331. 		) {
    332. 

  332. 			$v_phpcli = quoteshellarg($_POST["v_phpcli"]);
    333. 

  333. 			exec(
    334. 

  334. 				HESTIA_CMD .
    335. 

  335. 					"v-change-user-php-cli " .
    336. 

  336. 					quoteshellarg($v_username) .
    337. 

  337. 					" " .
    338. 

  338. 					$v_phpcli,
    339. 

  339. 				$output,
    340. 

  340. 				$return_var,
    341. 

  341. 			);
    342. 

  342. 			check_return_code($return_var, $output);
    343. 

  343. 			unset($output);
    344. 

  344. 		}
    345. 

  345. 

  346. 		$_POST["v_role"] = $_POST["v_role"] ?? "";
    347. 

  347. 

  348. 		if (
    349. 

  349. 			$v_role != $_POST["v_role"] &&
    350. 

  350. 			$_SESSION["userContext"] === "admin" &&
    351. 

  351. 			$v_username != "admin" &&
    352. 

  352. 			empty($_SESSION["error_msg"])
    353. 

  353. 		) {
    354. 

  354. 			if (!empty($_POST["v_role"])) {
    355. 

  355. 				$v_role = quoteshellarg($_POST["v_role"]);
    356. 

  356. 				exec(
    357. 

  357. 					HESTIA_CMD . "v-change-user-role " . quoteshellarg($v_username) . " " . $v_role,
    358. 

  358. 					$output,
    359. 

  359. 					$return_var,
    360. 

  360. 				);
    361. 

  361. 				check_return_code($return_var, $output);
    362. 

  362. 				unset($output);
    363. 

  363. 				$v_role = $_POST["v_role"];
    364. 

  364. 			}
    365. 

  365. 		}
    366. 

  366. 		// Change shell (admin only)
    367. 

  367. 		if (!empty($_POST["v_shell"])) {
    368. 

  368. 			if (
    369. 

  369. 				$v_shell != $_POST["v_shell"] &&
    370. 

  370. 				$_SESSION["userContext"] === "admin" &&
    371. 

  371. 				empty($_SESSION["error_msg"])
    372. 

  372. 			) {
    373. 

  373. 				$v_shell = quoteshellarg($_POST["v_shell"]);
    374. 

  374. 				exec(
    375. 

  375. 					HESTIA_CMD .
    376. 

  376. 						"v-change-user-shell " .
    377. 

  377. 						quoteshellarg($v_username) .
    378. 

  378. 						" " .
    379. 

  379. 						$v_shell,
    380. 

  380. 					$output,
    381. 

  381. 					$return_var,
    382. 

  382. 				);
    383. 

  383. 				check_return_code($return_var, $output);
    384. 

  384. 				unset($output);
    385. 

  385. 			}
    386. 

  386. 		}
    387. 

  387. 	}
    388. 

  388. 	// Change language
    389. 

  389. 	if ($v_language != $_POST["v_language"] && empty($_SESSION["error_msg"])) {
    390. 

  390. 		$v_language = quoteshellarg($_POST["v_language"]);
    391. 

  391. 		exec(
    392. 

  392. 			HESTIA_CMD . "v-change-user-language " . quoteshellarg($v_username) . " " . $v_language,
    393. 

  393. 			$output,
    394. 

  394. 			$return_var,
    395. 

  395. 		);
    396. 

  396. 		check_return_code($return_var, $output);
    397. 

  397. 		if (empty($_SESSION["error_msg"])) {
    398. 

  398. 			if ($_GET["user"] == $_SESSION["user"]) {
    399. 

  399. 				unset($_SESSION["language"]);
    400. 

  400. 				$_SESSION["language"] = $_POST["v_language"];
    401. 

  401. 				$refresh = $_SERVER["REQUEST_URI"];
    402. 

  402. 				header("Location: $refresh");
    403. 

  403. 			}
    404. 

  404. 		}
    405. 

  405. 		unset($output);
    406. 

  406. 	}
    407. 

  407. 

  408. 	// Change contact email
    409. 

  409. 	if ($v_email != $_POST["v_email"] && empty($_SESSION["error_msg"])) {
    410. 

  410. 		if (!filter_var($_POST["v_email"], FILTER_VALIDATE_EMAIL)) {
    411. 

  411. 			$_SESSION["error_msg"] = _("Please enter a valid email address.");
    412. 

  412. 		} else {
    413. 

  413. 			$v_email = quoteshellarg($_POST["v_email"]);
    414. 

  414. 			exec(
    415. 

  415. 				HESTIA_CMD . "v-change-user-contact " . quoteshellarg($v_username) . " " . $v_email,
    416. 

  416. 				$output,
    417. 

  417. 				$return_var,
    418. 

  418. 			);
    419. 

  419. 			check_return_code($return_var, $output);
    420. 

  420. 			unset($output);
    421. 

  421. 		}
    422. 

  422. 	}
    423. 

  423. 

  424. 	// Change full name
    425. 

  425. 	if ($v_name != $_POST["v_name"]) {
    426. 

  426. 		if (empty($_POST["v_name"])) {
    427. 

  427. 			$_SESSION["error_msg"] = _("Please enter a valid contact name.");
    428. 

  428. 		} else {
    429. 

  429. 			$v_name = quoteshellarg($_POST["v_name"]);
    430. 

  430. 			exec(
    431. 

  431. 				HESTIA_CMD . "v-change-user-name " . quoteshellarg($v_username) . " " . $v_name,
    432. 

  432. 				$output,
    433. 

  433. 				$return_var,
    434. 

  434. 			);
    435. 

  435. 			check_return_code($return_var, $output);
    436. 

  436. 			unset($output);
    437. 

  437. 			$v_name = $_POST["v_name"];
    438. 

  438. 		}
    439. 

  439. 	}
    440. 

  440. 

  441. 	// Update theme
    442. 

  442. 	if (empty($_SESSION["error_msg"])) {
    443. 

  443. 		if (empty($_SESSION["userTheme"])) {
    444. 

  444. 			$_SESSION["userTheme"] = "";
    445. 

  445. 		}
    446. 

  446. 		if ($_POST["v_user_theme"] != $_SESSION["userTheme"]) {
    447. 

  447. 			exec(
    448. 

  448. 				HESTIA_CMD .
    449. 

  449. 					"v-change-user-theme " .
    450. 

  450. 					quoteshellarg($v_username) .
    451. 

  451. 					" " .
    452. 

  452. 					quoteshellarg($_POST["v_user_theme"]),
    453. 

  453. 				$output,
    454. 

  454. 				$return_var,
    455. 

  455. 			);
    456. 

  456. 			check_return_code($return_var, $output);
    457. 

  457. 			unset($output);
    458. 

  458. 			$v_user_theme = $_POST["v_user_theme"];
    459. 

  459. 			if ($_SESSION["user"] === $v_username) {
    460. 

  460. 				unset($_SESSION["userTheme"]);
    461. 

  461. 				$_SESSION["userTheme"] = $v_user_theme;
    462. 

  462. 			}
    463. 

  463. 		}
    464. 

  464. 	}
    465. 

  465. 

  466. 	if (!empty($_SESSION["DNS_SYSTEM"])) {
    467. 

  467. 		if ($_SESSION["userContext"] === "admin") {
    468. 

  468. 			// Change NameServers
    469. 

  469. 			if (empty($_POST["v_ns1"])) {
    470. 

  470. 				$_POST["v_ns1"] = "";
    471. 

  471. 			}
    472. 

  472. 			if (empty($_POST["v_ns2"])) {
    473. 

  473. 				$_POST["v_ns2"] = "";
    474. 

  474. 			}
    475. 

  475. 			if (empty($_POST["v_ns3"])) {
    476. 

  476. 				$_POST["v_ns3"] = "";
    477. 

  477. 			}
    478. 

  478. 			if (empty($_POST["v_ns4"])) {
    479. 

  479. 				$_POST["v_ns4"] = "";
    480. 

  480. 			}
    481. 

  481. 			if (empty($_POST["v_ns5"])) {
    482. 

  482. 				$_POST["v_ns5"] = "";
    483. 

  483. 			}
    484. 

  484. 			if (empty($_POST["v_ns6"])) {
    485. 

  485. 				$_POST["v_ns6"] = "";
    486. 

  486. 			}
    487. 

  487. 			if (empty($_POST["v_ns7"])) {
    488. 

  488. 				$_POST["v_ns7"] = "";
    489. 

  489. 			}
    490. 

  490. 			if (empty($_POST["v_ns8"])) {
    491. 

  491. 				$_POST["v_ns8"] = "";
    492. 

  492. 			}
    493. 

  493. 

  494. 			if (
    495. 

  495. 				$v_ns1 != $_POST["v_ns1"] ||
    496. 

  496. 				$v_ns2 != $_POST["v_ns2"] ||
    497. 

  497. 				$v_ns3 != $_POST["v_ns3"] ||
    498. 

  498. 				$v_ns4 != $_POST["v_ns4"] ||
    499. 

  499. 				$v_ns5 != $_POST["v_ns5"] ||
    500. 

  500. 				$v_ns6 != $_POST["v_ns6"] ||
    501. 

  501. 				$v_ns7 != $_POST["v_ns7"] ||
    502. 

  502. 				($v_ns8 != $_POST["v_ns8"] &&
    503. 

  503. 					empty($_SESSION["error_msg"] && !empty($_POST["v_ns1"]) && $_POST["v_ns2"]))
    504. 

  504. 			) {
    505. 

  505. 				$v_ns1 = quoteshellarg($_POST["v_ns1"]);
    506. 

  506. 				$v_ns2 = quoteshellarg($_POST["v_ns2"]);
    507. 

  507. 				$v_ns3 = quoteshellarg($_POST["v_ns3"]);
    508. 

  508. 				$v_ns4 = quoteshellarg($_POST["v_ns4"]);
    509. 

  509. 				$v_ns5 = quoteshellarg($_POST["v_ns5"]);
    510. 

  510. 				$v_ns6 = quoteshellarg($_POST["v_ns6"]);
    511. 

  511. 				$v_ns7 = quoteshellarg($_POST["v_ns7"]);
    512. 

  512. 				$v_ns8 = quoteshellarg($_POST["v_ns8"]);
    513. 

  513. 

  514. 				$ns_cmd =
    515. 

  515. 					HESTIA_CMD .
    516. 

  516. 					"v-change-user-ns " .
    517. 

  517. 					quoteshellarg($v_username) .
    518. 

  518. 					" " .
    519. 

  519. 					$v_ns1 .
    520. 

  520. 					" " .
    521. 

  521. 					$v_ns2;
    522. 

  522. 				if (!empty($_POST["v_ns3"])) {
    523. 

  523. 					$ns_cmd = $ns_cmd . " " . $v_ns3;
    524. 

  524. 				}
    525. 

  525. 				if (!empty($_POST["v_ns4"])) {
    526. 

  526. 					$ns_cmd = $ns_cmd . " " . $v_ns4;
    527. 

  527. 				}
    528. 

  528. 				if (!empty($_POST["v_ns5"])) {
    529. 

  529. 					$ns_cmd = $ns_cmd . " " . $v_ns5;
    530. 

  530. 				}
    531. 

  531. 				if (!empty($_POST["v_ns6"])) {
    532. 

  532. 					$ns_cmd = $ns_cmd . " " . $v_ns6;
    533. 

  533. 				}
    534. 

  534. 				if (!empty($_POST["v_ns7"])) {
    535. 

  535. 					$ns_cmd = $ns_cmd . " " . $v_ns7;
    536. 

  536. 				}
    537. 

  537. 				if (!empty($_POST["v_ns8"])) {
    538. 

  538. 					$ns_cmd = $ns_cmd . " " . $v_ns8;
    539. 

  539. 				}
    540. 

  540. 				exec($ns_cmd, $output, $return_var);
    541. 

  541. 				check_return_code($return_var, $output);
    542. 

  542. 				unset($output);
    543. 

  543. 

  544. 				$v_ns1 = str_replace("'", "", $v_ns1);
    545. 

  545. 				$v_ns2 = str_replace("'", "", $v_ns2);
    546. 

  546. 				$v_ns3 = str_replace("'", "", $v_ns3);
    547. 

  547. 				$v_ns4 = str_replace("'", "", $v_ns4);
    548. 

  548. 				$v_ns5 = str_replace("'", "", $v_ns5);
    549. 

  549. 				$v_ns6 = str_replace("'", "", $v_ns6);
    550. 

  550. 				$v_ns7 = str_replace("'", "", $v_ns7);
    551. 

  551. 				$v_ns8 = str_replace("'", "", $v_ns8);
    552. 

  552. 			}
    553. 

  553. 		}
    554. 

  554. 	}
    555. 

  555. 

  556. 	// Set success message
    557. 

  557. 	if (empty($_SESSION["error_msg"])) {
    558. 

  558. 		$_SESSION["ok_msg"] = _("Changes have been saved.");
    559. 

  559. 	}
    560. 

  560. }
    561. 

  561. 

  562. // Render page
    563. 

  563. render_page($user, $TAB, "edit_user");
    564. 

  564. 

  565. // Flush session messages
    566. 

  566. unset($_SESSION["error_msg"]);
    567. 

  567. unset($_SESSION["ok_msg"]);
    568.