Browse code

Update codingstyle according to latest PHP CS Fixer 2.14.2

Hanno authored on28/03/2019 18:56:56
Showing11 changed files
1 1
new file mode 100644
... ...
@@ -0,0 +1,1295 @@
1
+   1) modules/index/certsave.php
2
+      ---------- begin diff ----------
3
+--- Original
4
+@@ @@
5
+     add_clientcert(
6
+-
7
+-      $_SESSION['clientcert_cert'],
8
+-
9
+-      $_SESSION['clientcert_dn'],
10
+-
11
+-      $_SESSION['clientcert_issuer'],
12
+-                 $_SESSION['clientcert_serial'],
13
+-
14
+-      $_SESSION['clientcert_valid_from'],
15
+-
16
+-      $_SESSION['clientcert_valid_until']
17
++        $_SESSION['clientcert_cert'],
18
++        $_SESSION['clientcert_dn'],
19
++        $_SESSION['clientcert_issuer'],
20
++        $_SESSION['clientcert_serial'],
21
++        $_SESSION['clientcert_valid_from'],
22
++        $_SESSION['clientcert_valid_until']
23
+ 
24
+   );
25
+ 
26
+     // Räume session auf
27
+     unset($_SESSION['clientcert_cert']);
28
+     unset($_SESSION['clientcert_dn']);
29
+     unset($_SESSION['clientcert_issuer']);
30
+     unset($_SESSION['clientcert_serial']);
31
+     unset($_SESSION['clientcert_valid_from']);
32
+     unset($_SESSION['clientcert_valid_until']);
33
+     header('Location: cert');
34
+ } elseif ($_GET['action'] == 'delete') {
35
+     $cert = get_cert_by_id($_GET['id']);
36
+     if (! $cert) {
37
+         system_failure('no ID');
38
+     }
39
+     $username = null;
40
+     if ($_SESSION['role'] & ROLE_SYSTEMUSER) {
41
+         $username = $_SESSION['userinfo']['username'];
42
+         if (isset($_SESSION['subuser'])) {
43
+             $username = $_SESSION['subuser'];
44
+         }
45
+     } elseif ($_SESSION['role'] & ROLE_VMAIL_ACCOUNT) {
46
+         $username = $_SESSION['mailaccount'];
47
+     }
48
+     if (! ($cert['username'] == $username)) {
49
+         system_failure('Das Zertifikat ist nicht für Ihren Zugang eingerichtet');
50
+     }
51
+     $sure = user_is_sure();
52
+     if ($sure === null) {
53
+         are_you_sure("action=delete&id={$cert['id']}", filter_input_general("Möchten Sie das Zertifikat »{$cert['dn']}« (Seriennummer {$cert['serial']}, Gültig von {$cert['valid_from']} bis {$cert['valid_until']}) wirklich löschen?"));
54
+     } elseif ($sure === true) {
55
+         delete_clientcert($cert['id']);
56
+         if (! $debugmode) {
57
+             header("Location: cert");
58
+         }
59
+     } elseif ($sure === false) {
60
+         if (! $debugmode) {
61
+             header("Location: cert");
62
+         }
63
+     }
64
+ } else {
65
+     system_failure('Kein Kommando');
66
+ }
67
+ 
68
+
69
+      ----------- end diff -----------
70
+
71
+   2) modules/index/include/x509.php
72
+      ---------- begin diff ----------
73
+--- Original
74
+@@ @@
75
+     db_query(
76
+-      "DELETE FROM system.clientcert WHERE id=:id AND type=:type AND username=:username",
77
+-           array(":id" => $id, ":type" => $type, ":username" => $username)
78
++        "DELETE FROM system.clientcert WHERE id=:id AND type=:type AND username=:username",
79
++        array(":id" => $id, ":type" => $type, ":username" => $username)
80
+   );
81
+ }
82
+ 
83
+
84
+      ----------- end diff -----------
85
+
86
+   3) modules/vhosts/include/vhosts.php
87
+      ---------- begin diff ----------
88
+--- Original
89
+@@ @@
90
+         $domainlist = get_domain_list(
91
+-        $_SESSION['customerinfo']['customerno'],
92
+-                                  $_SESSION['userinfo']['uid']
93
++            $_SESSION['customerinfo']['customerno'],
94
++            $_SESSION['userinfo']['uid']
95
+     );
96
+     }
97
+     $selected = (int) $selected;
98
+ 
99
+     $ret = '<select id="domain" name="domain" size="1" '.$selectattribute.' >';
100
+     $found = false;
101
+     foreach ($domainlist as $dom) {
102
+         $s = '';
103
+         if ($selected == $dom->id) {
104
+             $s = ' selected="selected" ';
105
+             $found = true;
106
+         }
107
+         $ret .= "<option value=\"{$dom->id}\"{$s}>{$dom->fqdn}</option>\n";
108
+     }
109
+     $userdomain = userdomain();
110
+     $ret .= ' <option value="" disabled="disabled">--------------------------------</option>';
111
+     if ($userdomain) {
112
+         $s = ($selected == -1 ? ' selected="selected"' : '');
113
+         $ret .= ' <option value="-1"'.$s.'>'.$_SESSION['userinfo']['username'].'.'.$userdomain['name'].'</option>';
114
+     }
115
+     if ($selected == -2) {
116
+         $s = ($selected == -2 ? ' selected="selected"' : '');
117
+         $ret .= ' <option value="-2"'.$s.'>'.$_SESSION['userinfo']['username'].'.'.config('masterdomain').' (Bitte nicht mehr benutzen!)</option>';
118
+         if ($selected > 0 and ! $found) {
119
+             system_failure("Hier wird eine Domain benutzt, die nicht zu diesem Benutzeraccount gehört. Bearbeiten würde Daten zerstören!");
120
+         }
121
+     }
122
+     $ret .= '</select>';
123
+     return $ret;
124
+ }
125
+ 
126
+ 
127
+ 
128
+ function get_vhost_details($id)
129
+ {
130
+     DEBUG("Lese #{$id}...");
131
+     $id = (int) $id;
132
+     $uid = (int) $_SESSION['userinfo']['uid'];
133
+     $result = db_query("SELECT vh.*,IF(dav.id IS NULL OR dav.type='svn', 0, 1) AS is_dav,IF(dav.id IS NULL OR dav.type='dav', 0, 1) AS is_svn, IF(webapps.id IS NULL, 0, 1) AS is_webapp FROM vhosts.v_vhost AS vh LEFT JOIN vhosts.dav ON (dav.vhost=vh.id) LEFT JOIN vhosts.webapps ON (webapps.vhost = vh.id) WHERE uid=:uid AND vh.id=:id", array(":uid" => $uid, ":id" => $id));
134
+     if ($result->rowCount() != 1) {
135
+         system_failure('Interner Fehler beim Auslesen der Daten');
136
+     }
137
+ 
138
+     $ret = $result->fetch();
139
+ 
140
+     if ($ret['domain_id'] === null) {
141
+         $ret['domain_id'] = -2;
142
+     }
143
+     $ret['cert'] = $ret['certid'];
144
+     $userdomain = userdomain();
145
+     if ($ret['domain_id'] == $userdomain['id']) {
146
+         $user = $_SESSION['userinfo']['username'];
147
+         $ret['domain_id'] = -1;
148
+         if ($ret['hostname'] == $user) {
149
+             $ret['hostname'] = null;
150
+         } elseif (substr($ret['hostname'], -strlen($user), strlen($user)) == $user) {
151
+             $ret['hostname'] = substr($ret['hostname'], 0, -strlen($user)-1); // Punkt mit entfernen!
152
+         } else {
153
+             system_failure('Userdomain ohne Username!');
154
+         }
155
+     }
156
+     if ($ret['hsts'] === null) {
157
+         DEBUG('HSTS: '.$ret['hsts']);
158
+         $ret['hsts'] = -1;
159
+     }
160
+     $ret['server'] = $ret['server_id'];
161
+     DEBUG($ret);
162
+     return $ret;
163
+ }
164
+ 
165
+ 
166
+ function get_aliases($vhost)
167
+ {
168
+     $result = db_query("SELECT id,fqdn,options FROM vhosts.v_alias WHERE vhost=?", array($vhost));
169
+     $ret = array();
170
+     while ($item = $result->fetch()) {
171
+         array_push($ret, $item);
172
+     }
173
+     return $ret;
174
+ }
175
+ 
176
+ 
177
+ 
178
+ function get_all_aliases($vhost)
179
+ {
180
+     //$vhost = get_vhost_details( (int) $vhost );
181
+     $aliases = get_aliases($vhost['id']);
182
+     $ret = array();
183
+     if (strstr($vhost['options'], 'aliaswww')) {
184
+         array_push($ret, array('id' => 'www', 'fqdn' => 'www.'.$vhost['fqdn'], 'options' => (strstr($vhost['options'], 'forwardwww') ? 'forward' : null)));
185
+     }
186
+     foreach ($aliases as $item) {
187
+         array_push($ret, $item);
188
+         if (strstr($item['options'], 'aliaswww')) {
189
+             array_push($ret, array('id' => 'www_'.$item['id'], 'fqdn' => 'www.'.$item['fqdn'], 'options' => (strstr($item['options'], 'forward') ? 'forward' : null)));
190
+         }
191
+     }
192
+     return $ret;
193
+ }
194
+ 
195
+ 
196
+ function list_available_webapps()
197
+ {
198
+     $result = db_query("SELECT id,displayname FROM vhosts.global_webapps");
199
+     $ret = array();
200
+     while ($item = $result->fetch()) {
201
+         array_push($ret, $item);
202
+     }
203
+     return $ret;
204
+ }
205
+ 
206
+ 
207
+ function delete_vhost($id)
208
+ {
209
+     $id = (int) $id;
210
+     if ($id == 0) {
211
+         system_failure("id == 0");
212
+     }
213
+     $vhost = get_vhost_details($id);
214
+     logger(LOG_INFO, 'modules/vhosts/include/vhosts', 'vhosts', 'Removing vhost #'.$id.' ('.$vhost['hostname'].'.'.$vhost['domain'].')');
215
+     db_query("DELETE FROM vhosts.vhost WHERE id=?", array($vhost['id']));
216
+ }
217
+ 
218
+ 
219
+ 
220
+ function make_svn_vhost($id)
221
+ {
222
+     $id = (int) $id;
223
+     if ($id == 0) {
224
+         system_failure("id == 0");
225
+     }
226
+     logger(LOG_INFO, 'modules/vhosts/include/vhosts', 'vhosts', 'Converting vhost #'.$id.' to SVN');
227
+     db_query("REPLACE INTO vhosts.dav (vhost, type) VALUES (?, 'svn')", array($id));
228
+     db_query("DELETE FROM vhosts.webapps WHERE vhost=?", array($id));
229
+ }
230
+ 
231
+ function make_dav_vhost($id)
232
+ {
233
+     $id = (int) $id;
234
+     if ($id == 0) {
235
+         system_failure("id == 0");
236
+     }
237
+     logger(LOG_INFO, 'modules/vhosts/include/vhosts', 'vhosts', 'Converting vhost #'.$id.' to WebDAV');
238
+     db_query("REPLACE INTO vhosts.dav (vhost, type, options) VALUES (?, 'dav', 'nouserfile')", array($id));
239
+     db_query("DELETE FROM vhosts.webapps WHERE vhost=?", array($id));
240
+ }
241
+ 
242
+ function make_regular_vhost($id)
243
+ {
244
+     $id = (int) $id;
245
+     if ($id == 0) {
246
+         system_failure("id == 0");
247
+     }
248
+     logger(LOG_INFO, 'modules/vhosts/include/vhosts', 'vhosts', 'Converting vhost #'.$id.' to regular');
249
+     db_query("DELETE FROM vhosts.dav WHERE vhost=?", array($id));
250
+     db_query("DELETE FROM vhosts.webapps WHERE vhost=?", array($id));
251
+ }
252
+ 
253
+ 
254
+ function make_webapp_vhost($id, $webapp)
255
+ {
256
+     $id = (int) $id;
257
+     $webapp = (int) $webapp;
258
+     if ($id == 0) {
259
+         system_failure("id == 0");
260
+     }
261
+     $result = db_query("SELECT displayname FROM vhosts.global_webapps WHERE id=?", array($webapp));
262
+     if ($result->rowCount() == 0) {
263
+         system_failure("webapp-id invalid");
264
+     }
265
+     $webapp_name = $result->fetch(PDO::FETCH_OBJ)->displayname;
266
+     logger(LOG_INFO, 'modules/vhosts/include/vhosts', 'vhosts', 'Setting up webapp '.$webapp_name.' on vhost #'.$id);
267
+     db_query("REPLACE INTO vhosts.webapps (vhost, webapp) VALUES (?, ?)", array($id, $webapp));
268
+     mail('webapps-setup@schokokeks.org', 'setup', 'setup');
269
+ }
270
+ 
271
+ 
272
+ function check_hostname_collision($hostname, $domain)
273
+ {
274
+     $uid = (int) $_SESSION['userinfo']['uid'];
275
+     # Neuer vhost => Prüfe Duplikat
276
+     $args = array(":hostname" => $hostname, ":domain" => $domain, ":uid" => $uid);
277
+     $domaincheck = "domain=:domain";
278
+     if ($domain == -1) {
279
+         $userdomain = userdomain();
280
+         if ($hostname) {
281
+             $hostname .= ".".$_SESSION['userinfo']['username'];
282
+         }
283
+         $args[":domain"] = $userdomain['id'];
284
+     }
285
+     if ($domain == -2) {
286
+         unset($args[":domain"]);
287
+         $domaincheck = "domain IS NULL";
288
+     }
289
+     $hostnamecheck = "hostname=:hostname";
290
+     if (! $hostname) {
291
+         $hostnamecheck = "hostname IS NULL";
292
+         unset($args[":hostname"]);
293
+     }
294
+     $result = db_query("SELECT id FROM vhosts.vhost WHERE {$hostnamecheck} AND {$domaincheck} AND user=:uid", $args);
295
+     if ($result->rowCount() > 0) {
296
+         system_failure('Eine Konfiguration mit diesem Namen gibt es bereits.');
297
+     }
298
+     if ($domain <= -1) {
299
+         return ;
300
+     }
301
+     unset($args[":uid"]);
302
+     $result = db_query("SELECT id, vhost FROM vhosts.v_alias WHERE {$hostnamecheck} AND {$domaincheck}", $args);
303
+     if ($result->rowCount() > 0) {
304
+         $data = $result->fetch();
305
+         $vh = get_vhost_details($data['vhost']);
306
+         system_failure('Dieser Hostname ist bereits als Alias für »'.$vh['fqdn'].'« eingerichtet');
307
+     }
308
+ }
309
+ 
310
+ function save_vhost($vhost)
311
+ {
312
+     if (! is_array($vhost)) {
313
+         system_failure('$vhost kein array!');
314
+     }
315
+     $id = (int) $vhost['id'];
316
+     $hostname = $vhost['hostname'];
317
+     $domain = (int) $vhost['domain_id'];
318
+     if ($domain == 0) {
319
+         system_failure('$domain == 0');
320
+     }
321
+     if ($vhost['domain_id'] == -2) {
322
+         $domain = null;
323
+     }
324
+     if ($id == 0) {
325
+         check_hostname_collision($vhost['hostname'], $vhost['domain_id']);
326
+     }
327
+     $hsts = (int) $vhost['hsts'];
328
+     if ($hsts < 0) {
329
+         $hsts = null;
330
+     }
331
+     $suexec_user = null;
332
+ 
333
+     $available_suexec = available_suexec_users();
334
+     foreach ($available_suexec as $u) {
335
+         if ($u['uid'] == $vhost['suexec_user']) {
336
+             $suexec_user = $u['uid'];
337
+         }
338
+     }
339
+ 
340
+     $server = null;
341
+     $available_servers = additional_servers();
342
+     if (in_array($vhost['server'], $available_servers)) {
343
+         $server = (int) $vhost['server'];
344
+     }
345
+     if ($server == my_server_id()) {
346
+         $server = null;
347
+     }
348
+ 
349
+     if ($vhost['is_svn']) {
350
+         if (! $vhost['options']) {
351
+             $vhost['options']='nodocroot';
352
+         } else {
353
+             $vhost['options'].=",nodocroot";
354
+         }
355
+     }
356
+ 
357
+     $cert = null;
358
+     $certs = user_certs();
359
+     foreach ($certs as $c) {
360
+         if ($c['id'] == $vhost['cert']) {
361
+             $cert = $c['id'];
362
+         }
363
+     }
364
+ 
365
+     $ipv4 = null;
366
+     $ipv4_avail = user_ipaddrs();
367
+     if (in_array($vhost['ipv4'], $ipv4_avail)) {
368
+         $ipv4 = $vhost['ipv4'];
369
+     }
370
+ 
371
+     $autoipv6 = 1;
372
+     if ($vhost['autoipv6'] == 0 ||  $vhost['autoipv6'] == 2) {
373
+         $autoipv6 = $vhost['autoipv6'];
374
+     }
375
+ 
376
+     if (!($vhost['ssl'] == 'forward' || $vhost['ssl'] == 'http' ||
377
+         $vhost['ssl'] == 'https')) {
378
+         $vhost['ssl'] = null;
379
+     }
380
+ 
381
+     $args = array(":hostname" => ($hostname ? $hostname : null),
382
+                 ":domain" => $domain,
383
+                 ":docroot" => ($vhost['docroot'] ? $vhost['docroot'] : null),
384
+                 ":php" => $vhost['php'],
385
+                 ":cgi" => ($vhost['cgi'] == 1 ? 1 : 0),
386
+                 ":ssl" => $vhost['ssl'],
387
+                 ":hsts" => $hsts,
388
+                 ":suexec_user" => $suexec_user,
389
+                 ":server" => $server,
390
+                 ":logtype" => ($vhost['logtype'] ? $vhost['logtype'] : null),
391
+                 ":errorlog" => (int) $vhost['errorlog'],
392
+                 ":cert" => $cert,
393
+                 ":ipv4" => $ipv4,
394
+                 ":autoipv6" => $autoipv6,
395
+                 ":options" => $vhost['options'],
396
+                 ":stats" => ($vhost['stats'] ? $vhost['stats'] : null),
397
+                 ":id" => $id);
398
+     if ($id != 0) {
399
+         logger(LOG_INFO, 'modules/vhosts/include/vhosts', 'vhosts', 'Updating vhost #'.$id.' ('.$vhost['hostname'].'.'.$vhost['domain'].')');
400
+         db_query("UPDATE vhosts.vhost SET hostname=:hostname, domain=:domain, docroot=:docroot, php=:php, cgi=:cgi, `ssl`=:ssl, hsts=:hsts, `suexec_user`=:suexec_user, `server`=:server, logtype=:logtype, errorlog=:errorlog, certid=:cert, ipv4=:ipv4, autoipv6=:autoipv6, options=:options, stats=:stats WHERE id=:id", $args);
401
+     } else {
402
+         $args[":user"] = $_SESSION['userinfo']['uid'];
403
+         unset($args[":id"]);
404
+         logger(LOG_INFO, 'modules/vhosts/include/vhosts', 'vhosts', 'Creating vhost '.$vhost['hostname'].'.'.$vhost['domain'].'');
405
+         $result = db_query("INSERT INTO vhosts.vhost (user, hostname, domain, docroot, php, cgi, `ssl`, hsts, `suexec_user`, `server`, logtype, errorlog, certid, ipv4, autoipv6, options, stats) VALUES ".
406
+                        "(:user, :hostname, :domain, :docroot, :php, :cgi, :ssl, :hsts, :suexec_user, :server, :logtype, :errorlog, :cert, :ipv4, :autoipv6, :options, :stats)", $args, true);
407
+         $id = db_insert_id();
408
+     }
409
+     $oldvhost = get_vhost_details($id);
410
+     /*
411
+       these vars may be 0 or 1.
412
+       So newval > oldval means that it has been switched on yet.
413
+     */
414
+     if ($vhost['is_dav'] > $oldvhost['is_dav']) {
415
+         make_dav_vhost($id);
416
+     } elseif ($vhost['is_svn'] > $oldvhost['is_svn']) {
417
+         make_svn_vhost($id);
418
+     } elseif ($vhost['is_webapp'] > $oldvhost['is_webapp']) {
419
+         make_webapp_vhost($id, $vhost['webapp_id']);
420
+     } elseif ($vhost['is_dav'] == 0 && $vhost['is_svn'] == 0 && $vhost['is_webapp'] == 0) {
421
+         make_regular_vhost($id);
422
+     }
423
+ }
424
+ 
425
+ 
426
+ function get_alias_details($id)
427
+ {
428
+     $id = (int) $id;
429
+     $uid = (int) $_SESSION['userinfo']['uid'];
430
+     $result = db_query("SELECT * FROM vhosts.v_alias WHERE id=?", array($id));
431
+ 
432
+     if ($result->rowCount() != 1) {
433
+         system_failure('Interner Fehler beim Auslesen der Alias-Daten');
434
+     }
435
+ 
436
+     $alias = $result->fetch();
437
+ 
438
+     if ($alias['domain_id'] == null) {
439
+         $alias['domain_id'] = -1;
440
+     }
441
+ 
442
+     /* Das bewirkt, dass nur die eigenen Aliase gesehen werden können */
443
+     get_vhost_details((int) $alias['vhost']);
444
+ 
445
+     return $alias;
446
+ }
447
+ 
448
+ 
449
+ function delete_alias($id)
450
+ {
451
+     $id = (int) $id;
452
+     $alias = get_alias_details($id);
453
+ 
454
+     logger(LOG_INFO, 'modules/vhosts/include/vhosts', 'aliases', 'Removing alias #'.$id.' ('.$alias['hostname'].'.'.$alias['domain'].')');
455
+     db_query("DELETE FROM vhosts.alias WHERE id=?", array($id));
456
+ }
457
+ 
458
+ function save_alias($alias)
459
+ {
460
+     if (! is_array($alias)) {
461
+         system_failure('$alias kein array!');
462
+     }
463
+     $id = (isset($alias['id']) ? (int) $alias['id'] : 0);
464
+     $domain = (int) $alias['domain_id'];
465
+     if ($domain == 0) {
466
+         system_failure('$domain == 0');
467
+     }
468
+     if ($alias['domain_id'] == -2) {
469
+         $domain = null;
470
+     }
471
+     $vhost = get_vhost_details((int) $alias['vhost']);
472
+     if (! $alias['hostname']) {
473
+         $alias['hostname'] = null;
474
+     }
475
+     $args = array(":hostname" => $alias['hostname'],
476
+                 ":domain" => $domain,
477
+                 ":vhost" => $vhost['id'],
478
+                 ":options" => $alias['options'],
479
+                 ":id" => $id);
480
+     if ($id == 0) {
481
+         unset($args[":id"]);
482
+         logger(LOG_INFO, 'modules/vhosts/include/vhosts', 'aliases', 'Creating alias '.$alias['hostname'].'.'.$alias['domain'].' for VHost '.$vhost['id']);
483
+         db_query("INSERT INTO vhosts.alias (hostname, domain, vhost, options) VALUES (:hostname, :domain, :vhost, :options)", $args, true);
484
+     } else {
485
+         unset($args[":vhost"]);
486
+         logger(LOG_INFO, 'modules/vhosts/include/vhosts', 'aliases', 'Updating alias #'.$id.' ('.$alias['hostname'].'.'.$alias['domain'].')');
487
+         db_query("UPDATE vhosts.alias SET hostname=:hostname, domain=:domain, options=:options WHERE id=:id", $args, true);
488
+     }
489
+ }
490
+ 
491
+ 
492
+ function available_suexec_users()
493
+ {
494
+     $uid = (int) $_SESSION['userinfo']['uid'];
495
+     $result = db_query("SELECT uid, username FROM vhosts.available_users LEFT JOIN vhosts.v_useraccounts ON (uid = suexec_user) WHERE mainuser=?", array($uid));
496
+     $ret = array();
497
+     while ($i = $result->fetch()) {
498
+         $ret[] = $i;
499
+     }
500
+     DEBUG('available suexec-users:');
501
+     DEBUG($ret);
502
+     return $ret;
503
+ }
504
+ 
505
+ 
506
+ function user_ipaddrs()
507
+ {
508
+     $uid = (int) $_SESSION['userinfo']['uid'];
509
+     $result = db_query("SELECT ipaddr FROM vhosts.ipaddr_available WHERE uid=?", array($uid));
510
+     $ret = array();
511
+     while ($i = $result->fetch()) {
512
+         $ret[] = $i['ipaddr'];
513
+     }
514
+     DEBUG($ret);
515
+     return $ret;
516
+ }
517
+ 
518
+
519
+      ----------- end diff -----------
520
+
521
+   4) modules/vhosts/include/certs.php
522
+      ---------- begin diff ----------
523
+--- Original
524
+@@ @@
525
+     db_query(
526
+-      "INSERT INTO vhosts.certs (uid, subject, cn, san, valid_from, valid_until, chain, cert, `key`) VALUES (:uid, :subject, :cn, :san, :valid_from, :valid_until, :chain, :cert, :key)",
527
++        "INSERT INTO vhosts.certs (uid, subject, cn, san, valid_from, valid_until, chain, cert, `key`) VALUES (:uid, :subject, :cn, :san, :valid_from, :valid_until, :chain, :cert, :key)",
528
+@@ @@
529
+     db_query(
530
+-      "INSERT INTO vhosts.csr (uid, hostname, san, bits, `replace`, csr, `key`) VALUES (:uid, :cn, :san, :bits, :replace, :csr, :key)",
531
+-           array(":uid" => $uid, ":cn" => $cn, ":san" => $san, ":bits" => $bits,
532
++        "INSERT INTO vhosts.csr (uid, hostname, san, bits, `replace`, csr, `key`) VALUES (:uid, :cn, :san, :bits, :replace, :csr, :key)",
533
++        array(":uid" => $uid, ":cn" => $cn, ":san" => $san, ":bits" => $bits,
534
+                  ":replace" => $replace, ":csr" => $csr, ":key" => $key)
535
+   );
536
+     $id = db_insert_id();
537
+     return $id;
538
+ }
539
+ 
540
+
541
+      ----------- end diff -----------
542
+
543
+   5) modules/domains/include/domains.php
544
+      ---------- begin diff ----------
545
+--- Original
546
+@@ @@
547
+         "UPDATE kundendaten.domains SET status='pretransfer', dns=1 WHERE id=? AND kunde=?",
548
+-            array($domain, $cid)
549
++        array($domain, $cid)
550
+@@ @@
551
+         "UPDATE kundendaten.domains SET status='prereg', dns=1 WHERE id=? AND kunde=?",
552
+-            array($domain, $cid)
553
++        array($domain, $cid)
554
+     );
555
+ }
556
+ 
557
+ 
558
+ function insert_domain_external($domain, $dns = false, $mail = true)
559
+ {
560
+     $cid = (int) $_SESSION['customerinfo']['customerno'];
561
+     $uid = (int) $_SESSION['userinfo']['uid'];
562
+     require_once("domainapi.php");
563
+     $info = api_domain_available($domain);
564
+     if (in_array($info['status'], array('nameContainsForbiddenCharacter', 'suffixDoesNotExist'))) {
565
+         system_failure("Diese Domain scheint ungültig zu sein!");
566
+     }
567
+     $tld = $info['domainSuffix'];
568
+     $domainname = str_replace(".$tld", "", $info['domainNameUnicode']);
569
+     logger(LOG_WARNING, 'modules/domains/include/domains', 'domains', 'Inserting external domain '.$info['domainNameUnicode']." DNS:{$dns} / Mail:{$mail}");
570
+ 
571
+     db_query("INSERT INTO kundendaten.domains (status, kunde, useraccount, domainname, tld, billing, provider, dns, mail, mailserver_lock) VALUES 
572
+         ('external', ?, ?, ?, ?, 'external', 'other', 0, ?, 1)", array($cid, $uid, $domainname, $tld, ($mail ? 'auto' : 'none')));
573
+     $id = db_insert_id();
574
+     if ($dns) {
575
+         db_query("UPDATE kundendaten.domains SET dns=1 WHERE id=?", array($id));
576
+     }
577
+     if ($mail) {
578
+         $vmailserver = (int) $_SESSION['userinfo']['server'];
579
+         db_query("INSERT INTO mail.virtual_mail_domains (domain, server) VALUES (?, ?)", array($id, $vmailserver));
580
+     }
581
+     return $id;
582
+ }
583
+ 
584
+ function delete_domain($id)
585
+ {
586
+     $cid = (int) $_SESSION['customerinfo']['customerno'];
587
+     logger(LOG_WARNING, 'modules/domains/include/domains', 'domains', 'Deleting domain '.$id);
588
+     db_query("DELETE FROM kundendaten.domains WHERE id=? AND kunde=?", array($id, $cid));
589
+ }
590
+ 
591
+
592
+      ----------- end diff -----------
593
+
594
+   6) modules/dns/include/dnsinclude.php
595
+      ---------- begin diff ----------
596
+--- Original
597
+@@ @@
598
+     db_query(
599
+-      "INSERT INTO dns.dyndns (uid, handle, password, sshkey) VALUES ".
600
++        "INSERT INTO dns.dyndns (uid, handle, password, sshkey) VALUES ".
601
+            "(:uid, :handle, :pwhash, :sshkey)",
602
+-           array(":uid" => $uid, ":handle" => $handle, ":pwhash" => $pwhash, ":sshkey" => $sshkey)
603
++        array(":uid" => $uid, ":handle" => $handle, ":pwhash" => $pwhash, ":sshkey" => $sshkey)
604
+@@ @@
605
+         db_query(
606
+-        "UPDATE dns.custom_records SET hostname=:newhostname WHERE ".
607
++            "UPDATE dns.custom_records SET hostname=:newhostname WHERE ".
608
+              "hostname=:oldhostname AND domain=:dom AND dyndns=:dyndns AND ip IS NULL",
609
+-             array(":dom" => $masterdomain->id, ":newhostname" => filter_input_hostname($handle).'.'.$_SESSION['userinfo']['username'],
610
++            array(":dom" => $masterdomain->id, ":newhostname" => filter_input_hostname($handle).'.'.$_SESSION['userinfo']['username'],
611
+                    ":oldhostname" => $oldaccount['handle'].'.'.$_SESSION['userinfo']['username'],  ":dyndns" => $id)
612
+     );
613
+     }
614
+ 
615
+     $args = array(":handle" => $handle, ":sshkey" => $sshkey, ":id" => $id);
616
+     $pwhash = null;
617
+     if ($password_http && $password_http != '************') {
618
+         $args[":pwhash"] = "{SHA}".base64_encode(sha1($password_http, true));
619
+         db_query("UPDATE dns.dyndns SET handle=:handle, password=:pwhash, sshkey=:sshkey WHERE id=:id", $args);
620
+     } else {
621
+         db_query("UPDATE dns.dyndns SET handle=:handle, sshkey=:sshkey WHERE id=:id", $args);
622
+     }
623
+     logger(LOG_INFO, "modules/dns/include/dnsinclude", "dyndns", "edited account »{$id}«");
624
+ }
625
+ 
626
+ 
627
+ function delete_dyndns_account($id)
628
+ {
629
+     $id = (int) $id;
630
+ 
631
+     db_query("DELETE FROM dns.dyndns WHERE id=?", array($id));
632
+     logger(LOG_INFO, "modules/dns/include/dnsinclude", "dyndns", "deleted account »{$id}«");
633
+ }
634
+ 
635
+ 
636
+ function get_dyndns_records($id)
637
+ {
638
+     $id = (int) $id;
639
+     $result = db_query("SELECT hostname, domain, type, ttl, lastchange, id FROM dns.custom_records WHERE dyndns=?", array($id));
640
+     $data = array();
641
+     while ($entry = $result->fetch()) {
642
+         $dom = new Domain((int) $entry['domain']);
643
+         if ($dom->fqdn != config('masterdomain') && $dom->fqdn != config('user_vhosts_domain')) {
644
+             $dom->ensure_userdomain();
645
+         }
646
+         $entry['fqdn'] = $entry['hostname'].'.'.$dom->fqdn;
647
+         if (! $entry['hostname']) {
648
+             $entry['fqdn'] = $dom->fqdn;
649
+         }
650
+         array_push($data, $entry);
651
+     }
652
+     DEBUG($data);
653
+     return $data;
654
+ }
655
+ 
656
+ $valid_record_types = array('a', 'aaaa', 'mx', 'ns', 'spf', 'txt', 'cname', 'ptr', 'srv', 'raw', 'sshfp', 'caa');
657
+ 
658
+ 
659
+ function blank_dns_record($type)
660
+ {
661
+     global $valid_record_types;
662
+     if (!in_array(strtolower($type), $valid_record_types)) {
663
+         system_failure('invalid type: '.$type);
664
+     }
665
+     $rec = array('hostname' => null,
666
+                'domain' => 0,
667
+                'type' => strtolower($type),
668
+                'ttl' => 3600,
669
+                'ip' => null,
670
+                'dyndns' => null,
671
+                'data' => null,
672
+                'spec' => null);
673
+     if (strtolower($type) == 'mx') {
674
+         $rec['data'] = config('default_mx');
675
+         $rec['spec'] = '5';
676
+     }
677
+     return $rec;
678
+ }
679
+ 
680
+ function get_dns_record($id)
681
+ {
682
+     $id = (int) $id;
683
+     $result = db_query("SELECT hostname, domain, type, ip, dyndns, spec, data, ttl FROM dns.custom_records WHERE id=?", array($id));
684
+     if ($result->rowCount() != 1) {
685
+         system_failure('illegal ID');
686
+     }
687
+     $data = $result->fetch();
688
+     $dom = new Domain((int) $data['domain']);
689
+     $dom->ensure_userdomain();
690
+     DEBUG($data);
691
+     return $data;
692
+ }
693
+ 
694
+ 
695
+ function get_domain_records($dom)
696
+ {
697
+     $dom = (int) $dom;
698
+     $result = db_query("SELECT hostname, domain, type, ip, dyndns, spec, data, ttl, id FROM dns.custom_records WHERE domain=?", array($dom));
699
+     $data = array();
700
+     while ($entry = $result->fetch()) {
701
+         $dom = new Domain((int) $entry['domain']);
702
+         $dom->ensure_userdomain();
703
+         $entry['fqdn'] = $entry['hostname'].'.'.$dom->fqdn;
704
+         if (! $entry['hostname']) {
705
+             $entry['fqdn'] = $dom->fqdn;
706
+         }
707
+         array_push($data, $entry);
708
+     }
709
+     DEBUG($data);
710
+     return $data;
711
+ }
712
+ 
713
+ function get_domain_auto_records($domainname)
714
+ {
715
+     $result = db_query("SELECT hostname, domain, CONCAT_WS('.', hostname, domain) AS fqdn, type, ip, spec, data, ttl FROM dns.tmp_autorecords WHERE domain=?", array($domainname));
716
+     $data = array();
717
+     while ($entry = $result->fetch()) {
718
+         array_push($data, $entry);
719
+     }
720
+     DEBUG($data);
721
+     return $data;
722
+ }
723
+ 
724
+ 
725
+ $implemented_record_types = array('a', 'aaaa', 'mx', 'spf', 'txt', 'cname', 'ptr', 'srv', 'ns', 'sshfp', 'caa');
726
+ 
727
+ function save_dns_record($id, $record)
728
+ {
729
+     global $valid_record_types;
730
+     global $implemented_record_types;
731
+     $record['type'] = strtolower($record['type']);
732
+     if (!in_array($record['type'], $valid_record_types)) {
733
+         system_failure('invalid type: '.$record['type']);
734
+     }
735
+     if (!in_array($record['type'], $implemented_record_types)) {
736
+         system_failure('record type '.$record['type'].' not implemented at the moment.');
737
+     }
738
+     $dom = new Domain((int) $record['domain']);
739
+     $dom->ensure_userdomain();
740
+     if (! $dom->id) {
741
+         system_failure('invalid domain');
742
+     }
743
+     if ($record['hostname'] == '') {
744
+         $record['hostname'] = null;
745
+     }
746
+     verify_input_hostname($record['hostname'], true);
747
+     verify_input_recorddata($record['data']);
748
+     if ($record['ttl'] &&  (int) $record['ttl'] < 1) {
749
+         system_failure('Fehler bei TTL');
750
+     }
751
+     switch ($record['type']) {
752
+     case 'a':
753
+       if ($record['dyndns']) {
754
+           get_dyndns_account($record['dyndns']);
755
+           $record['ip'] = null;
756
+       } else {
757
+           verify_input_ipv4($record['ip']);
758
+           $record['data'] = null;
759
+           $record['spec'] = null;
760
+       }
761
+       break;
762
+     case 'aaaa':
763
+       if ($record['dyndns']) {
764
+           get_dyndns_account($record['dyndns']);
765
+           $record['ip'] = null;
766
+       } else {
767
+           $record['dyndns'] = null;
768
+           verify_input_ipv6($record['ip']);
769
+           $record['data'] = null;
770
+           $record['spec'] = null;
771
+       }
772
+       break;
773
+     case 'mx':
774
+       $record['dyndns'] = null;
775
+       $record['spec'] = (int) $record['spec'];
776
+       if ($record['spec'] < 0) {
777
+           system_failure("invalid priority");
778
+       }
779
+       verify_input_hostname($record['data']);
780
+       if (! $record['data']) {
781
+           system_failure('MX hostname missing');
782
+       }
783
+       $record['ip'] = null;
784
+       break;
785
+     case 'ptr':
786
+     case 'ns':
787
+       if (!$record['hostname']) {
788
+           system_failure("Die angestrebte Konfiguration wird nicht funktionieren, Speichern wurde daher verweigert.");
789
+       }
790
+       // no break
791
+     case 'cname':
792
+       $record['dyndns'] = null;
793
+       $record['spec'] = null;
794
+       $record['ip'] = null;
795
+       verify_input_hostname($record['data']);
796
+       if (! $record['data']) {
797
+           system_failure('destination host missing');
798
+       }
799
+       break;
800
+ 
801
+     case 'spf':
802
+     case 'txt':
803
+       $record['dyndns'] = null;
804
+       $record['spec'] = null;
805
+       $record['ip'] = null;
806
+       if (! $record['data']) {
807
+           system_failure('text entry missing');
808
+       }
809
+       break;
810
+ 
811
+     case 'sshfp':
812
+       $record['dyndns'] = null;
813
+       $record['spec'] = max((int) $record['spec'], 1);
814
+       $record['ip'] = null;
815
+       if (! $record['data']) {
816
+           system_failure('text entry missing');
817
+       }
818
+       break;
819
+ 
820
+     case 'caa':
821
+       $record['dyndns'] = null;
822
+       $record['ip'] = null;
823
+       if (! $record['data']) {
824
+           system_failure('text entry missing');
825
+       }
826
+       break;
827
+ 
828
+     case 'srv':
829
+       system_failure('not implemented yet');
830
+       // no break
831
+     default:
832
+       system_failure('Not implemented');
833
+   }
834
+     $id = (int) $id;
835
+     $args = array(":domain" => $dom->id,
836
+                 ":hostname" => $record['hostname'],
837
+                 ":type" => $record['type'],
838
+                 ":ttl" => ($record['ttl'] == 0 ? null : (int) $record['ttl']),
839
+                 ":ip" => $record['ip'],
840
+                 ":dyndns" => $record['dyndns'],
841
+                 ":data" => $record['data'],
842
+                 ":spec" => $record['spec']);
843
+     if ($id) {
844
+         $args[":id"] = $id;
845
+         db_query("UPDATE dns.custom_records SET hostname=:hostname, domain=:domain, type=:type, ttl=:ttl, ip=:ip, dyndns=:dyndns, data=:data, spec=:spec WHERE id=:id", $args);
846
+     } else {
847
+         db_query("INSERT INTO dns.custom_records (hostname, domain, type, ttl, ip, dyndns, data, spec) VALUES (:hostname, :domain, :type, :ttl, :ip, :dyndns, :data, :spec)", $args);
848
+     }
849
+ }
850
+ 
851
+ 
852
+ function delete_dns_record($id)
853
+ {
854
+     $id = (int) $id;
855
+     // Diese Funktion prüft, ob der Eintrag einer eigenen Domain gehört
856
+     $record = get_dns_record($id);
857
+     db_query("DELETE FROM dns.custom_records WHERE id=?", array($id));
858
+ }
859
+ 
860
+ 
861
+ function convert_from_autorecords($domainid)
862
+ {
863
+     $dom = new Domain((int) $domainid);
864
+     $dom->ensure_userdomain();
865
+     $dom = $dom->id;
866
+ 
867
+     db_query("INSERT IGNORE INTO dns.custom_records SELECT r.id, r.lastchange, type, d.id, hostname, ip, NULL AS dyndns, data, spec, ttl FROM dns.v_tmptable_allrecords AS r INNER JOIN dns.v_domains AS d ON (d.name=r.domain) WHERE d.id=?", array($dom));
868
+     disable_autorecords($dom);
869
+     db_query("UPDATE dns.dnsstatus SET status='outdated'");
870
+     warning("Die automatischen Einträge werden in Kürze abgeschaltet, bitte haben Sie einen Moment Geduld.");
871
+ }
872
+ 
873
+ 
874
+ function enable_autorecords($domainid)
875
+ {
876
+     $dom = new Domain((int) $domainid);
877
+     $dom->ensure_userdomain();
878
+     $dom = $dom->id;
879
+ 
880
+     db_query("UPDATE kundendaten.domains SET autodns=1 WHERE id=?", array($dom));
881
+     db_query("DELETE FROM dns.custom_records WHERE type='ns' AND domain=? AND hostname IS NULL", array($dom));
882
+     warning("Die automatischen Einträge werden in Kürze aktiviert, bitte haben Sie einen Moment Geduld.");
883
+ }
884
+ 
885
+ function disable_autorecords($domainid)
886
+ {
887
+     $dom = new Domain((int) $domainid);
888
+     $dom->ensure_userdomain();
889
+     $dom = $dom->id;
890
+ 
891
+     db_query("UPDATE kundendaten.domains SET autodns=0 WHERE id=?", array($dom));
892
+ }
893
+ 
894
+ 
895
+ function domain_is_maildomain($domain)
896
+ {
897
+     $domain = (int) $domain;
898
+     $result = db_query("SELECT mail FROM kundendaten.domains WHERE id=?", array($domain));
899
+     $dom = $result->fetch();
900
+     return ($dom['mail'] != 'none');
901
+ }
902
+ 
903
+ 
904
+ $own_ns = array();
905
+ 
906
+ function own_ns()
907
+ {
908
+     global $own_ns;
909
+ 
910
+     if (count($own_ns) < 1) {
911
+         $auth = dns_get_record(config('masterdomain'), DNS_NS);
912
+         foreach ($auth as $ns) {
913
+             $own_ns[] = $ns['target'];
914
+         }
915
+     }
916
+ 
917
+     return $own_ns;
918
+ }
919
+ 
920
+ 
921
+ $tld_ns = array();
922
+ 
923
+ function check_dns($domainname, $tld)
924
+ {
925
+     global $tld_ns;
926
+     $domain=idn_to_ascii($domainname.".".$tld, 0, INTL_IDNA_VARIANT_UTS46);
927
+ 
928
+     if (! isset($tld_ns[$tld])) {
929
+         $resp = shell_exec('dig @a.root-servers.net. +noall +authority -t ns '.$tld.'.');
930
+         $line = explode("\n", $resp, 2)[0];
931
+         $NS = preg_replace("/^.*\\sIN\\s+NS\\s+(\\S+)$/", '\1', $line);
932
+         $tld_ns[$tld] = $NS;
933
+     }
934
+ 
935
+     $resp = shell_exec('dig @'.$tld_ns[$tld].' +noall +authority -t ns '.$domain.'.');
936
+     $line = explode("\n", $resp, 2)[0];
937
+     if (preg_match('/^.*\\sIN\\s+NS\\s+/', $line) === 0) {
938
+         return "NXDOMAIN";
939
+     }
940
+     $NS = preg_replace("/^.*\\sIN\\s+NS\\s+(\\S+).$/", '\1', $line);
941
+ 
942
+     $own_ns = own_ns();
943
+ 
944
+     if (in_array($NS, $own_ns)) {
945
+         return true;
946
+     }
947
+     return $NS;
948
+ }
949
+ 
950
+ function remove_from_dns($dom)
951
+ {
952
+     $domains = get_domain_list($_SESSION['customerinfo']['customerno'], $_SESSION['userinfo']['uid']);
953
+     $current = null;
954
+     foreach ($domains as $d) {
955
+         if ($d->id == $dom && $d->dns == 1) {
956
+             $current = $d;
957
+             break;
958
+         }
959
+     }
960
+     if (! $current) {
961
+         system_failure("Domain nicht gefunden!");
962
+     }
963
+     db_query("UPDATE kundendaten.domains SET dns=0 WHERE id=?", array($current->id));
964
+ }
965
+ 
966
+ function add_to_dns($dom)
967
+ {
968
+     $domains = get_domain_list($_SESSION['customerinfo']['customerno'], $_SESSION['userinfo']['uid']);
969
+     $current = null;
970
+     foreach ($domains as $d) {
971
+         if ($d->id == $dom && $d->dns == 0) {
972
+             $current = $d;
973
+             break;
974
+         }
975
+     }
976
+     if (! $current) {
977
+         system_failure("Domain nicht gefunden!");
978
+     }
979
+     db_query("UPDATE kundendaten.domains SET dns=1, autodns=1 WHERE id=?", array($current->id));
980
+ }
981
+ 
982
+
983
+      ----------- end diff -----------
984
+
985
+   7) modules/invoice/include/invoice.php
986
+      ---------- begin diff ----------
987
+--- Original
988
+@@ @@
989
+     db_query(
990
+-      "INSERT INTO kundendaten.sepamandat (mandatsreferenz, glaeubiger_id, kunde, erteilt, medium, gueltig_ab, kontoinhaber, adresse, iban, bic, bankname) VALUES (:referenz, :glaeubiger_id, :cid, :today, 'online', :gueltig_ab, :name, :adresse, :iban, :bic, :bankname)",
991
+-          array(":referenz" => $referenz, ":glaeubiger_id" => $glaeubiger_id, ":cid" => $cid,
992
++        "INSERT INTO kundendaten.sepamandat (mandatsreferenz, glaeubiger_id, kunde, erteilt, medium, gueltig_ab, kontoinhaber, adresse, iban, bic, bankname) VALUES (:referenz, :glaeubiger_id, :cid, :today, 'online', :gueltig_ab, :name, :adresse, :iban, :bic, :bankname)",
993
++        array(":referenz" => $referenz, ":glaeubiger_id" => $glaeubiger_id, ":cid" => $cid,
994
+                 ":today" => $today, ":gueltig_ab" => $gueltig_ab, ":name" => $name, ":adresse" => $adresse,
995
+                 ":iban" => $iban, ":bic" => $bic, ":bankname" => $bankname)
996
+   );
997
+ }
998
+ 
999
+ 
1000
+ 
1001
+ function get_bank_info($iban)
1002
+ {
1003
+     if (strlen($iban) != 22 || substr($iban, 0, 2) != 'DE') {
1004
+         // Geht nur bei deutschen IBANs
1005
+         echo 'Fehler!';
1006
+         echo '$iban = '.$iban;
1007
+         echo 'strlen($iban): '.strlen($iban);
1008
+         echo 'substr($iban, 0, 2): '.substr($iban, 0, 2);
1009
+         return null;
1010
+     }
1011
+     $blz = substr($iban, 4, 8);
1012
+     // FIXME: Liste der BLZs muss vorhanden sein!
1013
+     $bankinfofile = dirname(__FILE__).'/bankinfo.txt';
1014
+     $f = file($bankinfofile);
1015
+     $match = '';
1016
+     foreach ($f as $line) {
1017
+         if (substr($line, 0, 9) == $blz.'1') {
1018
+             $match = $line;
1019
+             break;
1020
+         }
1021
+     }
1022
+     $bank = array();
1023
+     $bank['name'] = iconv('latin1', 'utf8', chop(substr($match, 9, 58)));
1024
+     $bank['bic'] = chop(substr($match, 139, 11));
1025
+     return $bank;
1026
+ }
1027
+ 
1028
+ 
1029
+ function find_iban($blz, $kto)
1030
+ {
1031
+     $iban = sprintf('DE00%08s%010s', $blz, $kto);
1032
+     $iban = iban_set_checksum($iban);
1033
+     return $iban;
1034
+ }
1035
+ 
1036
+ 
1037
+ function get_customerquota()
1038
+ {
1039
+     $cid = (int) $_SESSION['customerinfo']['customerno'];
1040
+     $result = db_query("SELECT quota FROM system.customerquota WHERE cid=:cid", array(":cid" => $cid));
1041
+     $data = $result->fetch();
1042
+     return $data["quota"];
1043
+ }
1044
+ 
1045
+ function save_more_storage($items, $storage)
1046
+ {
1047
+     $cid = (int) $_SESSION['customerinfo']['customerno'];
1048
+ 
1049
+     $queries = array();
1050
+ 
1051
+     if ($storage < 1024 || $storage > 10240) {
1052
+         input_error('Speicherplatz nicht im erwarteten Bereich');
1053
+     }
1054
+     $oldcustomerquota = get_customerquota();
1055
+     if ($oldcustomerquota > 102400) {
1056
+         # Über 100 GB soll die Automatik nichts machen
1057
+         system_failure("Ihr Speicherplatz kann über diese Funktion nicht weiter erhöht werden. Bitte wenden Sie sich an die Administratoren.");
1058
+     }
1059
+     $result = db_query("SELECT quota FROM system.customerquota WHERE cid=:cid AND lastchange > CURDATE()", array(":cid" => $cid));
1060
+     if ($result->rowcount() > 0) {
1061
+         system_failure("Ihr Speicherplatz wurde heute bereits verändert. Sie können dies nur einmal am Tag machen.");
1062
+     }
1063
+ 
1064
+     $queries[] = array("UPDATE system.customerquota SET quota=quota+:storage WHERE cid=:cid", array(":storage" => $storage, ":cid" => $cid));
1065
+ 
1066
+     foreach ($items as $data) {
1067
+         if ($data['anzahl'] == 0) {
1068
+             continue;
1069
+         }
1070
+         $data['kunde'] = $cid;
1071
+         $data['notizen'] = 'Bestellt via Webinterface';
1072
+         if (!isset($data['anzahl']) ||
1073
+         !isset($data['beschreibung']) ||
1074
+         !isset($data['datum']) ||
1075
+         !array_key_exists('kuendigungsdatum', $data) ||
1076
+         !isset($data['betrag']) ||
1077
+         !isset($data['monate'])) {
1078
+             DEBUG($data);
1079
+             input_error("Ungültige Daten");
1080
+             return;
1081
+         }
1082
+ 
1083
+         $param = array();
1084
+         foreach ($data as $k => $v) {
1085
+             $param[':'.$k] = $v;
1086
+         }
1087
+ 
1088
+         $queries[] = array("INSERT INTO kundendaten.leistungen (kunde,periodisch,beschreibung,datum,kuendigungsdatum,betrag,brutto,monate,anzahl,notizen) VALUES ".
1089
+                        "(:kunde,1,:beschreibung,:datum,:kuendigungsdatum,:betrag,:brutto,:monate,:anzahl,:notizen)", $param);
1090
+     }
1091
+ 
1092
+     if (count($queries) < 2) {
1093
+         system_failure("irgendwas stimmt jetzt nicht");
1094
+     }
1095
+ 
1096
+     foreach ($queries as $q) {
1097
+         db_query($q[0], $q[1]);
1098
+     }
1099
+     $allstorage = $oldcustomerquota+$storage;
1100
+     $emailaddr = $_SESSION['customerinfo']['email'];
1101
+     $message = "Hallo,\n\nsoeben wurde im Webinterface von ".config('company_name')." eine Bestellung über zusätzlichen Speicherplatz ausgeführt.\nSollten Sie diese Bestellung nicht getätigt haben, antworten Sie bitte auf diese E-Mail um unseren Support zu erreichen.\n\nBei dieser Bestellung wurden {$storage} MB zusätzlicher Speicherplatz bestellt. Ihnen stehen ab sofort insgesamt {$allstorage} MB zur Verfügung.\n\nIhre Kundennummer: {$_SESSION['customerinfo']['customerno']} ({$_SESSION['customerinfo']['name']})\n";
1102
+     mail($emailaddr, 'Auftragsbestätigung: Mehr Speicherplatz bei schokokeks.org', $message, "X-schokokeks-org-message: notify\nFrom: ".config('company_name').' <'.config('adminmail').">\nBcc: ".config('adminmail')."\nMIME-Version: 1.0\nContent-Type: text/plain; charset=UTF-8\n");
1103
+ }
1104
+ 
1105
+
1106
+      ----------- end diff -----------
1107
+
1108
+   8) themes/default/page.tpl.php
1109
+      ---------- begin diff ----------
1110
+--- Original
1111
+@@ @@
1112
+ 
1113
+-<?php 
1114
++<?php
1115
+@@ @@
1116
+ 
1117
+-<?php 
1118
++<?php
1119
+ if ($headline) {
1120
+     echo "<h3 class=\"headline\">$headline</h3>";
1121
+ }
1122
+ ?>
1123
+ 
1124
+ <?php echo $content; ?>
1125
+ 
1126
+ <?php if ($footnotes) {
1127
+     echo '<div class="footnotes">';
1128
+     foreach ($footnotes as $num => $explaination) {
1129
+         echo '<p>'.str_repeat('*', $num+1).': '.$explaination.'</p>';
1130
+     }
1131
+     echo '</div>';
1132
+ } ?>
1133
+ </div>
1134
+ <div class="foot">
1135
+ <p>Sollten Sie auf dieser Administrations-Oberfläche ein Problem entdecken oder Hilfe benötigen, schreiben Sie bitte eine einfache eMail an <a href="mailto:root@schokokeks.org">root@schokokeks.org</a>. Unser <a href="https://schokokeks.org/kontakt">Impressum</a> finden Sie auf der <a href="https://schokokeks.org/">öffentlichen Seite</a>. Lizenzinformationen zu diesem Webinterface und verwendeten Rechten finden Sie <a href="<?php echo $BASE_PATH; ?>go/about/about">indem Sie hier klicken</a>.</p>
1136
+ 
1137
+ </div>
1138
+ 
1139
+ 
1140
+ </body>
1141
+ </html>
1142
+ 
1143
+
1144
+      ----------- end diff -----------
1145
+
1146
+   9) themes/default/page-webmailtotp-login.tpl.php
1147
+      ---------- begin diff ----------
1148
+--- Original
1149
+@@ @@
1150
+ 
1151
+-<?php 
1152
++<?php
1153
+ if ($title) {
1154
+     echo "<title>$title - Administration</title>";
1155
+ } else {
1156
+     echo "<title>Administration</title>";
1157
+ }
1158
+ ?>
1159
+ <link rel="stylesheet" href="<?php echo $THEME_PATH; ?>style.css" type="text/css" media="screen" title="Normal" />
1160
+ <link rel="shortcut icon" href="<?php echo $THEME_PATH; ?>favicon.ico" type="image/x-icon" />
1161
+ <?php echo $html_header; ?>
1162
+ </head>
1163
+ 
1164
+ <body onload="javascript:document.getElementById('code').focus();">
1165
+ <div><a href="#content" style="display: none;">Zum Inhalt</a></div>
1166
+ 
1167
+ <div class="menu">
1168
+ <a href="<?php echo $BASE_PATH; ?>"><img src="<?php echo $THEME_PATH; ?>images/schokokeks.png" width="190" height="141" alt="schokokeks.org Hosting" /></a>
1169
+ 
1170
+ <?php echo $menu; ?>
1171
+ 
1172
+ <?php echo $userinfo; ?>
1173
+ 
1174
+ </div>
1175
+ 
1176
+ <div class="content">
1177
+ <a id="content" style="display: none"> </a>
1178
+ 
1179
+ <?php
1180
+ if ($messages) {
1181
+     echo $messages;
1182
+ }
1183
+ ?>
1184
+ 
1185
+ <h3 class="headline">Sicherheits-Code</h3>
1186
+ <p>Ihr Zugang ist mit Zwei-Faktor-Anmeldung geschützt. Sie müssen daher jetzt noch den aktuellsten Code Ihres TOTP-Geräts eingeben.</p>
1187
+ <form action="" method="post">
1188
+ <p><label for="code" class="login_label">Google-Authenticator-Code:</label> <input type="text" id="code" name="webinterface_totpcode" size="20" /></p>
1189
+ <p><span class="login_label">&#160;</span> <input type="submit" value="Prüfen" /></p>
1190
+ </form>
1191
+ 
1192
+ </div>
1193
+ 
1194
+ <div class="foot">
1195
+ <p>Sollten Sie auf dieser Administrations-Oberfläche ein Problem entdecken oder Hilfe benötigen, schreiben Sie bitte eine einfache eMail an <a href="mailto:root@schokokeks.org">root@schokokeks.org</a>. Unser <a href="https://schokokeks.org/kontakt">Impressum</a> finden Sie auf der <a href="https://schokokeks.org/">öffentlichen Seite</a>. Lizenzinformationen zu diesem Webinterface und verwendeten Rechten finden Sie <a href="../../images/about.php">indem Sie hier klicken</a>.</p>
1196
+ 
1197
+ </div>
1198
+ 
1199
+ 
1200
+ </body>
1201
+ </html>
1202
+ 
1203
+
1204
+      ----------- end diff -----------
1205
+
1206
+  10) themes/default/page-login.tpl.php
1207
+      ---------- begin diff ----------
1208
+--- Original
1209
+@@ @@
1210
+ 
1211
+-<?php 
1212
++<?php
1213
+ if ($title) {
1214
+     echo "<title>$title - Administration</title>";
1215
+ } else {
1216
+     echo "<title>Administration</title>";
1217
+ }
1218
+ ?>
1219
+ <link rel="stylesheet" href="<?php echo $THEME_PATH; ?>style.css" type="text/css" media="screen" title="Normal" />
1220
+ <link rel="shortcut icon" href="<?php echo $THEME_PATH; ?>favicon.ico" type="image/x-icon" />
1221
+ <?php echo $html_header; ?>
1222
+ <script type="text/javascript" src="<?php echo $THEME_PATH; ?>script.js"></script>
1223
+ </head>
1224
+ 
1225
+ <body onload="javascript:document.getElementById('username').focus();">
1226
+ <div><a href="#content" style="display: none;">Zum Inhalt</a></div>
1227
+ 
1228
+ <a href="javascript:void(0);" class="menuicon" id="showmenu" onclick="showMenu()"><img src="<?php echo $THEME_PATH; ?>images/bars.svg"><span id="showmenutext">Menü</span></a>
1229
+ <a href="<?php echo $BASE_PATH; ?>" class="logo"><img src="<?php echo $THEME_PATH; ?>images/schokokeks.png" width="190" height="141" alt="schokokeks.org Hosting" /></a>
1230
+ <div class="sidebar" id="sidebar">
1231
+ 
1232
+ <div class="menu">
1233
+ <?php echo $menu; ?>
1234
+ </div>
1235
+ <div class="userinfo">
1236
+ <?php echo $userinfo; ?>
1237
+ </div>
1238
+ </div>
1239
+ 
1240
+ <div class="content">
1241
+ <a id="content" style="display: none"> </a>
1242
+ 
1243
+ <?php
1244
+ if ($messages) {
1245
+     echo $messages;
1246
+ }
1247
+ ?>
1248
+ 
1249
+ <h3 class="headline">schokokeks.org Hosting Webinterface</h3>
1250
+ <p>Auf dieser Seite können Sie diverse Einstellungen Ihres Accounts auf schokokeks.org Hosting festlegen. Sofern Sie noch kein Kunde von schokokeks.org Hosting sind, können Sie diese Seite nicht benutzen. Besuchen Sie in diesem Fall bitte unsere <a href="https://schokokeks.org">öffentliche Seite</a>.</p>
1251
+ <form action="" method="post">
1252
+ <p class="login_field"><label for="username" class="login_label">Benutzername oder E-Mail-Adresse:</label> <input type="text" id="username" name="webinterface_username" size="30" /></p>
1253
+ <p class="login_field"><label for="password" class="login_label">Passwort:</label> <input type="password" id="password" name="webinterface_password" size="30" /></p>
1254
+ <p><span class="login_label">&#160;</span> <input type="submit" value="Anmelden" /></p>
1255
+ </form>
1256
+ <p>Sie können sich hier mit Ihrem System-Benutzernamen, Ihrer E-Mail-Adresse oder Ihrer Kundennummer (jeweils mit zugehörigem Passwort) anmelden. Je nach gewählten Daten erhalten Sie unterschiedliche Zugriffsrechte.</p>
1257
+ <?php /* <p>Sollten Sie Ihr Benutzer-Passwort nicht mehr kennen, wenden Sie sich bitte an den Support. Passwörter für E-Mail-Konten kann der Eigentümer des Benutzeraccounts neu setzen.</p> */ ?>
1258
+ <p><a href="<?php echo $BASE_PATH; ?>go/index/lost_password">Sollten Sie Ihr Kunden-Passwort nicht mehr kennen, klicken Sie bitte hier.</a> Passwörter für E-Mail-Konten kann der Eigentümer des Benutzeraccounts neu setzen.</p>
1259
+ 
1260
+ <p><em><a href="../../certlogin/?destination=go/<?php echo $go; ?>"  >Mit einem Client-Zertifikat anmelden</a></em> (<a href="../../go/index/certinfo"  >Wie geht das?</a>)</p>
1261
+ 
1262
+ 
1263
+ <?php if ($footnotes) {
1264
+     echo '<div class="footnotes">';
1265
+     foreach ($footnotes as $num => $explaination) {
1266
+         echo '<p>'.str_repeat('*', $num+1).': '.$explaination.'</p>';
1267
+     }
1268
+     echo '</div>';
1269
+ } ?>
1270
+ </div>
1271
+ 
1272
+ <div class="foot">
1273
+ <p>Sollten Sie auf dieser Administrations-Oberfläche ein Problem entdecken oder Hilfe benötigen, schreiben Sie bitte eine einfache eMail an <a href="mailto:root@schokokeks.org">root@schokokeks.org</a>. Unser <a href="https://schokokeks.org/kontakt">Impressum</a> finden Sie auf der <a href="https://schokokeks.org/">öffentlichen Seite</a>. Lizenzinformationen zu diesem Webinterface und verwendeten Rechten finden Sie <a href="../../images/about.php">indem Sie hier klicken</a>.</p>
1274
+ 
1275
+ </div>
1276
+ 
1277
+ 
1278
+ </body>
1279
+ </html>
1280
+ 
1281
+
1282
+      ----------- end diff -----------
1283
+
1284
+
1285
+Checked all files in 0.260 seconds, 14.000 MB memory used
... ...
@@ -76,9 +76,9 @@ function create_dyndns_account($handle, $password_http, $sshkey)
76 76
     }
77 77
 
78 78
     db_query(
79
-      "INSERT INTO dns.dyndns (uid, handle, password, sshkey) VALUES ".
79
+        "INSERT INTO dns.dyndns (uid, handle, password, sshkey) VALUES ".
80 80
            "(:uid, :handle, :pwhash, :sshkey)",
81
-           array(":uid" => $uid, ":handle" => $handle, ":pwhash" => $pwhash, ":sshkey" => $sshkey)
81
+        array(":uid" => $uid, ":handle" => $handle, ":pwhash" => $pwhash, ":sshkey" => $sshkey)
82 82
   );
83 83
     $dyndns_id = db_insert_id();
84 84
     //$masterdomain = new Domain(config('masterdomain'));
... ...
@@ -103,9 +103,9 @@ function edit_dyndns_account($id, $handle, $password_http, $sshkey)
103 103
     if ($oldaccount['handle'] != $handle) {
104 104
         $masterdomain = new Domain(config('masterdomain'));
105 105
         db_query(
106
-        "UPDATE dns.custom_records SET hostname=:newhostname WHERE ".
106
+            "UPDATE dns.custom_records SET hostname=:newhostname WHERE ".
107 107
              "hostname=:oldhostname AND domain=:dom AND dyndns=:dyndns AND ip IS NULL",
108
-             array(":dom" => $masterdomain->id, ":newhostname" => filter_input_hostname($handle).'.'.$_SESSION['userinfo']['username'],
108
+            array(":dom" => $masterdomain->id, ":newhostname" => filter_input_hostname($handle).'.'.$_SESSION['userinfo']['username'],
109 109
                    ":oldhostname" => $oldaccount['handle'].'.'.$_SESSION['userinfo']['username'],  ":dyndns" => $id)
110 110
     );
111 111
     }
... ...
@@ -282,7 +282,7 @@ function set_domain_pretransfer($domain)
282 282
     $domain = (int) $domain;
283 283
     db_query(
284 284
         "UPDATE kundendaten.domains SET status='pretransfer', dns=1 WHERE id=? AND kunde=?",
285
-            array($domain, $cid)
285
+        array($domain, $cid)
286 286
     );
287 287
 }
288 288
 
... ...
@@ -295,7 +295,7 @@ function set_domain_prereg($domain)
295 295
     $domain = (int) $domain;
296 296
     db_query(
297 297
         "UPDATE kundendaten.domains SET status='prereg', dns=1 WHERE id=? AND kunde=?",
298
-            array($domain, $cid)
298
+        array($domain, $cid)
299 299
     );
300 300
 }
301 301
 
... ...
@@ -27,17 +27,12 @@ if ($_GET['action'] == 'new') {
27 27
     }
28 28
 
29 29
     add_clientcert(
30
-
31
-      $_SESSION['clientcert_cert'],
32
-
33
-      $_SESSION['clientcert_dn'],
34
-
35
-      $_SESSION['clientcert_issuer'],
36
-                 $_SESSION['clientcert_serial'],
37
-
38
-      $_SESSION['clientcert_valid_from'],
39
-
40
-      $_SESSION['clientcert_valid_until']
30
+        $_SESSION['clientcert_cert'],
31
+        $_SESSION['clientcert_dn'],
32
+        $_SESSION['clientcert_issuer'],
33
+        $_SESSION['clientcert_serial'],
34
+        $_SESSION['clientcert_valid_from'],
35
+        $_SESSION['clientcert_valid_until']
41 36
 
42 37
   );
43 38
 
... ...
@@ -134,7 +134,7 @@ function delete_clientcert($id)
134 134
         system_failure('cannot get type or username of login');
135 135
     }
136 136
     db_query(
137
-      "DELETE FROM system.clientcert WHERE id=:id AND type=:type AND username=:username",
138
-           array(":id" => $id, ":type" => $type, ":username" => $username)
137
+        "DELETE FROM system.clientcert WHERE id=:id AND type=:type AND username=:username",
138
+        array(":id" => $id, ":type" => $type, ":username" => $username)
139 139
   );
140 140
 }
... ...
@@ -247,8 +247,8 @@ function sepamandat($name, $adresse, $iban, $bankname, $bic, $gueltig_ab)
247 247
 
248 248
     $today = date('Y-m-d');
249 249
     db_query(
250
-      "INSERT INTO kundendaten.sepamandat (mandatsreferenz, glaeubiger_id, kunde, erteilt, medium, gueltig_ab, kontoinhaber, adresse, iban, bic, bankname) VALUES (:referenz, :glaeubiger_id, :cid, :today, 'online', :gueltig_ab, :name, :adresse, :iban, :bic, :bankname)",
251
-          array(":referenz" => $referenz, ":glaeubiger_id" => $glaeubiger_id, ":cid" => $cid,
250
+        "INSERT INTO kundendaten.sepamandat (mandatsreferenz, glaeubiger_id, kunde, erteilt, medium, gueltig_ab, kontoinhaber, adresse, iban, bic, bankname) VALUES (:referenz, :glaeubiger_id, :cid, :today, 'online', :gueltig_ab, :name, :adresse, :iban, :bic, :bankname)",
251
+        array(":referenz" => $referenz, ":glaeubiger_id" => $glaeubiger_id, ":cid" => $cid,
252 252
                 ":today" => $today, ":gueltig_ab" => $gueltig_ab, ":name" => $name, ":adresse" => $adresse,
253 253
                 ":iban" => $iban, ":bic" => $bic, ":bankname" => $bankname)
254 254
   );
... ...
@@ -225,7 +225,7 @@ function save_cert($info, $cert, $key)
225 225
     $uid = (int) $_SESSION['userinfo']['uid'];
226 226
 
227 227
     db_query(
228
-      "INSERT INTO vhosts.certs (uid, subject, cn, san, valid_from, valid_until, chain, cert, `key`) VALUES (:uid, :subject, :cn, :san, :valid_from, :valid_until, :chain, :cert, :key)",
228
+        "INSERT INTO vhosts.certs (uid, subject, cn, san, valid_from, valid_until, chain, cert, `key`) VALUES (:uid, :subject, :cn, :san, :valid_from, :valid_until, :chain, :cert, :key)",
229 229
         array(":uid" => $uid, ":subject" => filter_input_general($info['subject']), ":cn" => filter_input_general($info['cn']), ":san" => $info['san'], ":valid_from" => $info['valid_from'],
230 230
               ":valid_until" => $info['valid_until'], ":chain" => get_chain($cert), ":cert" => $cert, ":key" => $key)
231 231
   );
... ...
@@ -372,8 +372,8 @@ function save_csr($cn, $bits, $replace=null)
372 372
 
373 373
     $uid = (int) $_SESSION['userinfo']['uid'];
374 374
     db_query(
375
-      "INSERT INTO vhosts.csr (uid, hostname, san, bits, `replace`, csr, `key`) VALUES (:uid, :cn, :san, :bits, :replace, :csr, :key)",
376
-           array(":uid" => $uid, ":cn" => $cn, ":san" => $san, ":bits" => $bits,
375
+        "INSERT INTO vhosts.csr (uid, hostname, san, bits, `replace`, csr, `key`) VALUES (:uid, :cn, :san, :bits, :replace, :csr, :key)",
376
+        array(":uid" => $uid, ":cn" => $cn, ":san" => $san, ":bits" => $bits,
377 377
                  ":replace" => $replace, ":csr" => $csr, ":key" => $key)
378 378
   );
379 379
     $id = db_insert_id();
... ...
@@ -191,8 +191,8 @@ function domainselect($selected = null, $selectattribute = '')
191 191
     global $domainlist, $config;
192 192
     if ($domainlist == null) {
193 193
         $domainlist = get_domain_list(
194
-        $_SESSION['customerinfo']['customerno'],
195
-                                  $_SESSION['userinfo']['uid']
194
+            $_SESSION['customerinfo']['customerno'],
195
+            $_SESSION['userinfo']['uid']
196 196
     );
197 197
     }
198 198
     $selected = (int) $selected;
... ...
@@ -19,7 +19,7 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r
19 19
 
20 20
 <meta name="viewport" content="width=device-width, initial-scale=1.0">
21 21
 
22
-<?php 
22
+<?php
23 23
 if ($title) {
24 24
     echo "<title>$title - Administration</title>";
25 25
 } else {
... ...
@@ -20,7 +20,7 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r
20 20
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="de">
21 21
 <head>
22 22
 
23
-<?php 
23
+<?php
24 24
 if ($title) {
25 25
     echo "<title>$title - Administration</title>";
26 26
 } else {
... ...
@@ -19,7 +19,7 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r
19 19
 
20 20
 <meta name="viewport" content="width=device-width, initial-scale=1.0">
21 21
 
22
-<?php 
22
+<?php
23 23
 if ($title) {
24 24
     echo "<title>$title - Administration</title>";
25 25
 } else {
... ...
@@ -56,7 +56,7 @@ if ($messages) {
56 56
 }
57 57
 ?>
58 58
 
59
-<?php 
59
+<?php
60 60
 if ($headline) {
61 61
     echo "<h3 class=\"headline\">$headline</h3>";
62 62
 }