Browse code

XSS in freewvs dirs

Hanno Böck authored on08/12/2019 09:28:18
Showing1 changed files
... ...
@@ -97,7 +97,7 @@ function get_url_for_dir($docroot, $cutoff = '')
97 97
     if ($tmp['ssl'] == 'forward' || $tmp['ssl'] == 'https') {
98 98
         $prefix = 'https://';
99 99
     }
100
-    return $prefix.$tmp['fqdn'].$cutoff;
100
+    return $prefix.$tmp['fqdn'].filter_output_html($cutoff);
101 101
 }
102 102
 
103 103
 
Browse code

do not offer autoupgrade for drupal-7

Bernd Wurst authored on08/05/2019 11:08:03
Showing1 changed files
... ...
@@ -54,7 +54,7 @@ function directory_in_use($directory)
54 54
 function upgradeable($appname, $version)
55 55
 {
56 56
     DEBUG("Is {$appname}-{$version} upgradeable?");
57
-    if ($appname == 'Drupal7') {
57
+    /*if ($appname == 'Drupal7') {
58 58
         DEBUG("found Drupal-7.*!");
59 59
         return 'drupal7';
60 60
     }
... ...
@@ -65,7 +65,8 @@ function upgradeable($appname, $version)
65 65
             return 'drupal7';
66 66
         }
67 67
         DEBUG("Version: ".substr($version, 0, 2));
68
-    } elseif ($appname == 'MediaWiki') {
68
+    } */
69
+    if ($appname == 'MediaWiki') {
69 70
         DEBUG("found MediaWiki");
70 71
         return 'mediawiki';
71 72
     }
Browse code

remove whitespace in empty lines

Hanno authored on26/06/2018 23:36:40
Showing1 changed files
... ...
@@ -104,13 +104,13 @@ function create_webapp_mysqldb($application, $sitename)
104 104
 {
105 105
     // dependet auf das mysql-modul
106 106
     require_once('modules/mysql/include/mysql.php');
107
-  
107
+
108 108
     $username = $_SESSION['userinfo']['username'];
109 109
     $description = "Automatisch erzeugte Datenbank für {$application} ({$sitename})";
110
-  
110
+
111 111
     // zuerst versuchen wir username_webappname. Wenn das nicht klappt, dann wird hochgezählt
112 112
     $handle = $username.'_'.$application;
113
-  
113
+
114 114
     if (validate_mysql_username($handle) && validate_mysql_dbname($handle) && ! (has_mysql_user($handle) || has_mysql_database($handle))) {
115 115
         logger(LOG_INFO, "webapps/include/webapp-installer", "create", "creating db and user »{$handle}«");
116 116
         create_mysql_database($handle, $description);
Browse code

Fix coding style with php-cs-checker, see https://cs.sensiolabs.org/

Hanno authored on26/06/2018 13:58:19
Showing1 changed files
... ...
@@ -8,7 +8,7 @@ Written 2008-2018 by schokokeks.org Hosting, namely
8 8
 
9 9
 To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty.
10 10
 
11
-You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see 
11
+You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see
12 12
 http://creativecommons.org/publicdomain/zero/1.0/
13 13
 
14 14
 Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
... ...
@@ -18,124 +18,120 @@ require_once('inc/base.php');
18 18
 
19 19
 function create_new_webapp($appname, $directory, $url, $data)
20 20
 {
21
-  if (directory_in_use($directory))
22
-    system_failure('Sie haben erst kürzlich eine Anwendung in diesem Verzeichnis installieren lassen. Aus Sicherheitsgründen können Sie in diesem Verzeichnis am selben Tag nicht schon wieder eine Anwendung installieren.');
23
-  $args = array(":username" => $_SESSION['userinfo']['username'],
21
+    if (directory_in_use($directory)) {
22
+        system_failure('Sie haben erst kürzlich eine Anwendung in diesem Verzeichnis installieren lassen. Aus Sicherheitsgründen können Sie in diesem Verzeichnis am selben Tag nicht schon wieder eine Anwendung installieren.');
23
+    }
24
+    $args = array(":username" => $_SESSION['userinfo']['username'],
24 25
                 ":appname" => $appname,
25 26
                 ":dir" => $directory,
26 27
                 ":url" => $url,
27 28
                 ":data" => $data);
28
-  db_query("INSERT INTO vhosts.webapp_installer (appname, directory, url, state, username, data) VALUES (:appname, :dir, :url, 'new', :username, :data)", $args);
29
+    db_query("INSERT INTO vhosts.webapp_installer (appname, directory, url, state, username, data) VALUES (:appname, :dir, :url, 'new', :username, :data)", $args);
29 30
 }
30 31
 
31 32
 
32 33
 function request_update($appname, $directory, $url)
33 34
 {
34
-  if (directory_in_use($directory))
35
-    system_failure('Sie haben erst kürzlich eine Anwendung in diesem Verzeichnis installieren lassen oder ein Update in diesem Verzeichnis angefordert. Bitte warten Sie bis diese Aktion durchgeführt wurde.');
36
-  $args = array(":username" => $_SESSION['userinfo']['username'],
35
+    if (directory_in_use($directory)) {
36
+        system_failure('Sie haben erst kürzlich eine Anwendung in diesem Verzeichnis installieren lassen oder ein Update in diesem Verzeichnis angefordert. Bitte warten Sie bis diese Aktion durchgeführt wurde.');
37
+    }
38
+    $args = array(":username" => $_SESSION['userinfo']['username'],
37 39
                 ":appname" => $appname,
38 40
                 ":dir" => $directory,
39 41
                 ":url" => $url);
40
-  db_query("INSERT INTO vhosts.webapp_installer (appname, directory, url, state, username) VALUES (:appname, :dir, :url, 'old', :username)", $args);
42
+    db_query("INSERT INTO vhosts.webapp_installer (appname, directory, url, state, username) VALUES (:appname, :dir, :url, 'old', :username)", $args);
41 43
 }
42 44
 
43 45
 function directory_in_use($directory)
44 46
 {
45
-  $result = db_query("SELECT id FROM vhosts.webapp_installer WHERE (state IN ('new','old') OR DATE(lastchange)=CURDATE()) AND directory=?", array($directory));
46
-  if ($result->rowCount() > 0)
47
-    return true;
48
-  return false;
47
+    $result = db_query("SELECT id FROM vhosts.webapp_installer WHERE (state IN ('new','old') OR DATE(lastchange)=CURDATE()) AND directory=?", array($directory));
48
+    if ($result->rowCount() > 0) {
49
+        return true;
50
+    }
51
+    return false;
49 52
 }
50 53
 
51 54
 function upgradeable($appname, $version)
52 55
 {
53
-  DEBUG("Is {$appname}-{$version} upgradeable?");
54
-  if ($appname == 'Drupal7') 
55
-  {
56
-    DEBUG("found Drupal-7.*!");
57
-    return 'drupal7';
58
-  }
59
-  if ($appname == 'Drupal')
60
-  {
61
-    DEBUG("found Drupal!");
62
-    if (substr($version, 0, 2) == '7.')
63
-    {
64
-      DEBUG("found Drupal-7.*!");
65
-      return 'drupal7';
56
+    DEBUG("Is {$appname}-{$version} upgradeable?");
57
+    if ($appname == 'Drupal7') {
58
+        DEBUG("found Drupal-7.*!");
59
+        return 'drupal7';
66 60
     }
67
-    DEBUG("Version: ".substr($version, 0, 2));
68
-  }
69
-  elseif ($appname == 'MediaWiki')
70
-  {
71
-    DEBUG("found MediaWiki");
72
-    return 'mediawiki';
73
-  }
74
-  /*elseif ($appname == 'owncloud') 
75
-  {
76
-    DEBUG('found OwnCloud');
77
-    return 'owncloud';
78
-  }*/
79
-  DEBUG("found no upgradeable webapp!");
80
-  return NULL;
61
+    if ($appname == 'Drupal') {
62
+        DEBUG("found Drupal!");
63
+        if (substr($version, 0, 2) == '7.') {
64
+            DEBUG("found Drupal-7.*!");
65
+            return 'drupal7';
66
+        }
67
+        DEBUG("Version: ".substr($version, 0, 2));
68
+    } elseif ($appname == 'MediaWiki') {
69
+        DEBUG("found MediaWiki");
70
+        return 'mediawiki';
71
+    }
72
+    /*elseif ($appname == 'owncloud')
73
+    {
74
+      DEBUG('found OwnCloud');
75
+      return 'owncloud';
76
+    }*/
77
+    DEBUG("found no upgradeable webapp!");
78
+    return null;
81 79
 }
82 80
 
83 81
 
84 82
 function get_url_for_dir($docroot, $cutoff = '')
85 83
 {
86
-  if (substr($docroot, -1) == '/')
87
-    $docroot = substr($docroot, 0, -1);
88
-  $result = db_query("SELECT `ssl`, IF(FIND_IN_SET('aliaswww', options), CONCAT('www.',fqdn), fqdn) AS fqdn FROM vhosts.v_vhost WHERE docroot IN (?, ?)", array($docroot, $docroot.'/'));
89
-  if ($result->rowCount() < 1)
90
-  {
91
-    if (!strstr($docroot, '/'))
92
-      return NULL;
93
-    return get_url_for_dir(substr($docroot, 0, strrpos($docroot, '/')), substr($docroot, strrpos($docroot, '/')).$cutoff);
94
-  } 
95
-  $tmp = $result->fetch();
96
-  $prefix = 'http://';
97
-  if ($tmp['ssl'] == 'forward' || $tmp['ssl'] == 'https')
98
-    $prefix = 'https://';
99
-  return $prefix.$tmp['fqdn'].$cutoff;
84
+    if (substr($docroot, -1) == '/') {
85
+        $docroot = substr($docroot, 0, -1);
86
+    }
87
+    $result = db_query("SELECT `ssl`, IF(FIND_IN_SET('aliaswww', options), CONCAT('www.',fqdn), fqdn) AS fqdn FROM vhosts.v_vhost WHERE docroot IN (?, ?)", array($docroot, $docroot.'/'));
88
+    if ($result->rowCount() < 1) {
89
+        if (!strstr($docroot, '/')) {
90
+            return null;
91
+        }
92
+        return get_url_for_dir(substr($docroot, 0, strrpos($docroot, '/')), substr($docroot, strrpos($docroot, '/')).$cutoff);
93
+    }
94
+    $tmp = $result->fetch();
95
+    $prefix = 'http://';
96
+    if ($tmp['ssl'] == 'forward' || $tmp['ssl'] == 'https') {
97
+        $prefix = 'https://';
98
+    }
99
+    return $prefix.$tmp['fqdn'].$cutoff;
100 100
 }
101 101
 
102 102
 
103 103
 function create_webapp_mysqldb($application, $sitename)
104 104
 {
105
-  // dependet auf das mysql-modul
106
-  require_once('modules/mysql/include/mysql.php'); 
105
+    // dependet auf das mysql-modul
106
+    require_once('modules/mysql/include/mysql.php');
107 107
   
108
-  $username = $_SESSION['userinfo']['username'];
109
-  $description = "Automatisch erzeugte Datenbank für {$application} ({$sitename})";
108
+    $username = $_SESSION['userinfo']['username'];
109
+    $description = "Automatisch erzeugte Datenbank für {$application} ({$sitename})";
110 110
   
111
-  // zuerst versuchen wir username_webappname. Wenn das nicht klappt, dann wird hochgezählt
112
-  $handle = $username.'_'.$application;
111
+    // zuerst versuchen wir username_webappname. Wenn das nicht klappt, dann wird hochgezählt
112
+    $handle = $username.'_'.$application;
113 113
   
114
-  if (validate_mysql_username($handle) && validate_mysql_dbname($handle) && ! (has_mysql_user($handle) || has_mysql_database($handle)))
115
-  {
116
-    logger(LOG_INFO, "webapps/include/webapp-installer", "create", "creating db and user »{$handle}«");
117
-    create_mysql_database($handle, $description);
118
-    create_mysql_account($handle, $description);
119
-    set_mysql_access($handle, $handle, true);
120
-    $password = random_string(10);
121
-    set_mysql_password($handle, $password);
122
-    return array('dbuser' => $handle, 'dbname' => $handle, 'dbpass' => $password);
123
-  }
114
+    if (validate_mysql_username($handle) && validate_mysql_dbname($handle) && ! (has_mysql_user($handle) || has_mysql_database($handle))) {
115
+        logger(LOG_INFO, "webapps/include/webapp-installer", "create", "creating db and user »{$handle}«");
116
+        create_mysql_database($handle, $description);
117
+        create_mysql_account($handle, $description);
118
+        set_mysql_access($handle, $handle, true);
119
+        $password = random_string(10);
120
+        set_mysql_password($handle, $password);
121
+        return array('dbuser' => $handle, 'dbname' => $handle, 'dbpass' => $password);
122
+    }
124 123
 
125
-  for ($i = 0; $i < 100 ; $i++) {
126
-    $handle = $username.'_'.$i;
127
-    if (validate_mysql_username($handle) && validate_mysql_dbname($handle) && ! (has_mysql_user($handle) || has_mysql_database($handle)))
128
-    {
129
-      logger(LOG_INFO, "webapps/include/webapp-installer", "create", "creating db and user »{$handle}«");
130
-      create_mysql_database($handle, $description);
131
-      create_mysql_account($handle, $description);
132
-      set_mysql_access($handle, $handle, true);
133
-      $password = random_string(10);
134
-      set_mysql_password($handle, $password);
135
-      return array('dbuser' => $handle, 'dbname' => $handle, 'dbpass' => $password);
124
+    for ($i = 0; $i < 100 ; $i++) {
125
+        $handle = $username.'_'.$i;
126
+        if (validate_mysql_username($handle) && validate_mysql_dbname($handle) && ! (has_mysql_user($handle) || has_mysql_database($handle))) {
127
+            logger(LOG_INFO, "webapps/include/webapp-installer", "create", "creating db and user »{$handle}«");
128
+            create_mysql_database($handle, $description);
129
+            create_mysql_account($handle, $description);
130
+            set_mysql_access($handle, $handle, true);
131
+            $password = random_string(10);
132
+            set_mysql_password($handle, $password);
133
+            return array('dbuser' => $handle, 'dbname' => $handle, 'dbpass' => $password);
134
+        }
136 135
     }
137
-  }
138
-  system_failure('Konnte keine Datenbank erzeugen. Bitte melden Sie diesen Umstand den Administratoren!');
136
+    system_failure('Konnte keine Datenbank erzeugen. Bitte melden Sie diesen Umstand den Administratoren!');
139 137
 }
140
-
141
-
Browse code

Copyright year update

Bernd Wurst authored on13/01/2018 06:07:05
Showing1 changed files
... ...
@@ -2,7 +2,7 @@
2 2
 /*
3 3
 This file belongs to the Webinterface of schokokeks.org Hosting
4 4
 
5
-Written 2008-2014 by schokokeks.org Hosting, namely
5
+Written 2008-2018 by schokokeks.org Hosting, namely
6 6
   Bernd Wurst <bernd@schokokeks.org>
7 7
   Hanno Böck <hanno@schokokeks.org>
8 8
 
Browse code

Entferne Drupal-6 aus dem Webap-Upgrader

Bernd Wurst authored on01/03/2016 05:48:17
Showing1 changed files
... ...
@@ -51,11 +51,6 @@ function directory_in_use($directory)
51 51
 function upgradeable($appname, $version)
52 52
 {
53 53
   DEBUG("Is {$appname}-{$version} upgradeable?");
54
-  if ($appname == 'Drupal6') 
55
-  {
56
-    DEBUG("found Drupal-6.*!");
57
-    return 'drupal6';
58
-  }
59 54
   if ($appname == 'Drupal7') 
60 55
   {
61 56
     DEBUG("found Drupal-7.*!");
... ...
@@ -64,16 +59,6 @@ function upgradeable($appname, $version)
64 59
   if ($appname == 'Drupal')
65 60
   {
66 61
     DEBUG("found Drupal!");
67
-    if (substr($version, 0, 2) == '5.')
68
-    {
69
-      DEBUG("found Drupal-5.*!");
70
-      return 'drupal5';
71
-    }
72
-    if (substr($version, 0, 2) == '6.')
73
-    {
74
-      DEBUG("found Drupal-6.*!");
75
-      return 'drupal6';
76
-    }
77 62
     if (substr($version, 0, 2) == '7.')
78 63
     {
79 64
       DEBUG("found Drupal-7.*!");
Browse code

Auto-updater für OwnCloud entfernt. Macht mehr Probleme als er löst

Bernd Wurst authored on08/05/2014 18:22:58
Showing1 changed files
... ...
@@ -86,11 +86,11 @@ function upgradeable($appname, $version)
86 86
     DEBUG("found MediaWiki");
87 87
     return 'mediawiki';
88 88
   }
89
-  elseif ($appname == 'owncloud') 
89
+  /*elseif ($appname == 'owncloud') 
90 90
   {
91 91
     DEBUG('found OwnCloud');
92 92
     return 'owncloud';
93
-  }
93
+  }*/
94 94
   DEBUG("found no upgradeable webapp!");
95 95
   return NULL;
96 96
 }
Browse code

Lizenzinfos in eigenes Modul ausgelagert und Copyright auf 2014 angepasst

Bernd Wurst authored on08/02/2014 05:45:07
Showing1 changed files
... ...
@@ -2,7 +2,7 @@
2 2
 /*
3 3
 This file belongs to the Webinterface of schokokeks.org Hosting
4 4
 
5
-Written 2008-2013 by schokokeks.org Hosting, namely
5
+Written 2008-2014 by schokokeks.org Hosting, namely
6 6
   Bernd Wurst <bernd@schokokeks.org>
7 7
   Hanno Böck <hanno@schokokeks.org>
8 8
 
Browse code

* Weitere Module auf prepared-statements umgestellt * Warnung beim Aufruf von db_escape_string() und maybe_null() hinzugefügt

Bernd Wurst authored on03/02/2014 16:57:44
Showing1 changed files
... ...
@@ -20,12 +20,12 @@ function create_new_webapp($appname, $directory, $url, $data)
20 20
 {
21 21
   if (directory_in_use($directory))
22 22
     system_failure('Sie haben erst kürzlich eine Anwendung in diesem Verzeichnis installieren lassen. Aus Sicherheitsgründen können Sie in diesem Verzeichnis am selben Tag nicht schon wieder eine Anwendung installieren.');
23
-  $username = db_escape_string($_SESSION['userinfo']['username']);
24
-  $appname = db_escape_string($appname);
25
-  $directory = db_escape_string($directory);
26
-  $url = db_escape_string($url);
27
-  $data = db_escape_string($data);
28
-  db_query("INSERT INTO vhosts.webapp_installer (appname, directory, url, state, username, data) VALUES ('{$appname}', '{$directory}', '{$url}', 'new', '{$username}', '{$data}')");
23
+  $args = array(":username" => $_SESSION['userinfo']['username'],
24
+                ":appname" => $appname,
25
+                ":dir" => $directory,
26
+                ":url" => $url,
27
+                ":data" => $data);
28
+  db_query("INSERT INTO vhosts.webapp_installer (appname, directory, url, state, username, data) VALUES (:appname, :dir, :url, 'new', :username, :data)", $args);
29 29
 }
30 30
 
31 31
 
... ...
@@ -33,17 +33,16 @@ function request_update($appname, $directory, $url)
33 33
 {
34 34
   if (directory_in_use($directory))
35 35
     system_failure('Sie haben erst kürzlich eine Anwendung in diesem Verzeichnis installieren lassen oder ein Update in diesem Verzeichnis angefordert. Bitte warten Sie bis diese Aktion durchgeführt wurde.');
36
-  $username = db_escape_string($_SESSION['userinfo']['username']);
37
-  $appname = db_escape_string($appname);
38
-  $directory = db_escape_string($directory);
39
-  $url = maybe_null(db_escape_string($url));
40
-  db_query("INSERT INTO vhosts.webapp_installer (appname, directory, url, state, username) VALUES ('{$appname}', '{$directory}', {$url}, 'old', '{$username}')");
36
+  $args = array(":username" => $_SESSION['userinfo']['username'],
37
+                ":appname" => $appname,
38
+                ":dir" => $directory,
39
+                ":url" => $url);
40
+  db_query("INSERT INTO vhosts.webapp_installer (appname, directory, url, state, username) VALUES (:appname, :dir, :url, 'old', :username)", $args);
41 41
 }
42 42
 
43 43
 function directory_in_use($directory)
44 44
 {
45
-  $directory = db_escape_string($directory);
46
-  $result = db_query("SELECT id FROM vhosts.webapp_installer WHERE (state IN ('new','old') OR DATE(lastchange)=CURDATE()) AND directory='{$directory}'");
45
+  $result = db_query("SELECT id FROM vhosts.webapp_installer WHERE (state IN ('new','old') OR DATE(lastchange)=CURDATE()) AND directory=?", array($directory));
47 46
   if ($result->rowCount() > 0)
48 47
     return true;
49 48
   return false;
... ...
@@ -101,8 +100,7 @@ function get_url_for_dir($docroot, $cutoff = '')
101 100
 {
102 101
   if (substr($docroot, -1) == '/')
103 102
     $docroot = substr($docroot, 0, -1);
104
-  $docroot = db_escape_string($docroot);
105
-  $result = db_query("SELECT `ssl`, IF(FIND_IN_SET('aliaswww', options), CONCAT('www.',fqdn), fqdn) AS fqdn FROM vhosts.v_vhost WHERE docroot IN ('{$docroot}', '{$docroot}/') LIMIT 1");
103
+  $result = db_query("SELECT `ssl`, IF(FIND_IN_SET('aliaswww', options), CONCAT('www.',fqdn), fqdn) AS fqdn FROM vhosts.v_vhost WHERE docroot IN (?, ?)", array($docroot, $docroot.'/'));
106 104
   if ($result->rowCount() < 1)
107 105
   {
108 106
     if (!strstr($docroot, '/'))
... ...
@@ -122,7 +120,7 @@ function create_webapp_mysqldb($application, $sitename)
122 120
   // dependet auf das mysql-modul
123 121
   require_once('modules/mysql/include/mysql.php'); 
124 122
   
125
-  $username = db_escape_string($_SESSION['userinfo']['username']);
123
+  $username = $_SESSION['userinfo']['username'];
126 124
   $description = "Automatisch erzeugte Datenbank für {$application} ({$sitename})";
127 125
   
128 126
   // zuerst versuchen wir username_webappname. Wenn das nicht klappt, dann wird hochgezählt
Browse code

Umstellung auf PDO-Datenbankverbindung

Bernd Wurst authored on01/02/2014 18:38:23
Showing1 changed files
... ...
@@ -20,11 +20,11 @@ function create_new_webapp($appname, $directory, $url, $data)
20 20
 {
21 21
   if (directory_in_use($directory))
22 22
     system_failure('Sie haben erst kürzlich eine Anwendung in diesem Verzeichnis installieren lassen. Aus Sicherheitsgründen können Sie in diesem Verzeichnis am selben Tag nicht schon wieder eine Anwendung installieren.');
23
-  $username = mysql_real_escape_string($_SESSION['userinfo']['username']);
24
-  $appname = mysql_real_escape_string($appname);
25
-  $directory = mysql_real_escape_string($directory);
26
-  $url = mysql_real_escape_string($url);
27
-  $data = mysql_real_escape_string($data);
23
+  $username = db_escape_string($_SESSION['userinfo']['username']);
24
+  $appname = db_escape_string($appname);
25
+  $directory = db_escape_string($directory);
26
+  $url = db_escape_string($url);
27
+  $data = db_escape_string($data);
28 28
   db_query("INSERT INTO vhosts.webapp_installer (appname, directory, url, state, username, data) VALUES ('{$appname}', '{$directory}', '{$url}', 'new', '{$username}', '{$data}')");
29 29
 }
30 30
 
... ...
@@ -33,18 +33,18 @@ function request_update($appname, $directory, $url)
33 33
 {
34 34
   if (directory_in_use($directory))
35 35
     system_failure('Sie haben erst kürzlich eine Anwendung in diesem Verzeichnis installieren lassen oder ein Update in diesem Verzeichnis angefordert. Bitte warten Sie bis diese Aktion durchgeführt wurde.');
36
-  $username = mysql_real_escape_string($_SESSION['userinfo']['username']);
37
-  $appname = mysql_real_escape_string($appname);
38
-  $directory = mysql_real_escape_string($directory);
39
-  $url = maybe_null(mysql_real_escape_string($url));
36
+  $username = db_escape_string($_SESSION['userinfo']['username']);
37
+  $appname = db_escape_string($appname);
38
+  $directory = db_escape_string($directory);
39
+  $url = maybe_null(db_escape_string($url));
40 40
   db_query("INSERT INTO vhosts.webapp_installer (appname, directory, url, state, username) VALUES ('{$appname}', '{$directory}', {$url}, 'old', '{$username}')");
41 41
 }
42 42
 
43 43
 function directory_in_use($directory)
44 44
 {
45
-  $directory = mysql_real_escape_string($directory);
45
+  $directory = db_escape_string($directory);
46 46
   $result = db_query("SELECT id FROM vhosts.webapp_installer WHERE (state IN ('new','old') OR DATE(lastchange)=CURDATE()) AND directory='{$directory}'");
47
-  if (mysql_num_rows($result) > 0)
47
+  if ($result->rowCount() > 0)
48 48
     return true;
49 49
   return false;
50 50
 }
... ...
@@ -101,15 +101,15 @@ function get_url_for_dir($docroot, $cutoff = '')
101 101
 {
102 102
   if (substr($docroot, -1) == '/')
103 103
     $docroot = substr($docroot, 0, -1);
104
-  $docroot = mysql_real_escape_string($docroot);
104
+  $docroot = db_escape_string($docroot);
105 105
   $result = db_query("SELECT `ssl`, IF(FIND_IN_SET('aliaswww', options), CONCAT('www.',fqdn), fqdn) AS fqdn FROM vhosts.v_vhost WHERE docroot IN ('{$docroot}', '{$docroot}/') LIMIT 1");
106
-  if (mysql_num_rows($result) < 1)
106
+  if ($result->rowCount() < 1)
107 107
   {
108 108
     if (!strstr($docroot, '/'))
109 109
       return NULL;
110 110
     return get_url_for_dir(substr($docroot, 0, strrpos($docroot, '/')), substr($docroot, strrpos($docroot, '/')).$cutoff);
111 111
   } 
112
-  $tmp = mysql_fetch_assoc($result);
112
+  $tmp = $result->fetch();
113 113
   $prefix = 'http://';
114 114
   if ($tmp['ssl'] == 'forward' || $tmp['ssl'] == 'https')
115 115
     $prefix = 'https://';
... ...
@@ -122,7 +122,7 @@ function create_webapp_mysqldb($application, $sitename)
122 122
   // dependet auf das mysql-modul
123 123
   require_once('modules/mysql/include/mysql.php'); 
124 124
   
125
-  $username = mysql_real_escape_string($_SESSION['userinfo']['username']);
125
+  $username = db_escape_string($_SESSION['userinfo']['username']);
126 126
   $description = "Automatisch erzeugte Datenbank für {$application} ({$sitename})";
127 127
   
128 128
   // zuerst versuchen wir username_webappname. Wenn das nicht klappt, dann wird hochgezählt
Browse code

Updated copyright notice (2012 => 2013)

Bernd Wurst authored on19/01/2013 10:49:50
Showing1 changed files
... ...
@@ -2,7 +2,7 @@
2 2
 /*
3 3
 This file belongs to the Webinterface of schokokeks.org Hosting
4 4
 
5
-Written 2008-2012 by schokokeks.org Hosting, namely
5
+Written 2008-2013 by schokokeks.org Hosting, namely
6 6
   Bernd Wurst <bernd@schokokeks.org>
7 7
   Hanno Böck <hanno@schokokeks.org>
8 8
 
Browse code

Drupal-7 ist auch upgrade-fähig

Bernd Wurst authored on24/12/2012 06:38:43
Showing1 changed files
... ...
@@ -54,8 +54,14 @@ function upgradeable($appname, $version)
54 54
   DEBUG("Is {$appname}-{$version} upgradeable?");
55 55
   if ($appname == 'Drupal6') 
56 56
   {
57
+    DEBUG("found Drupal-6.*!");
57 58
     return 'drupal6';
58 59
   }
60
+  if ($appname == 'Drupal7') 
61
+  {
62
+    DEBUG("found Drupal-7.*!");
63
+    return 'drupal7';
64
+  }
59 65
   if ($appname == 'Drupal')
60 66
   {
61 67
     DEBUG("found Drupal!");
Browse code

Es gibt jetzt einen Auto-Updater für OwnCloud

Bernd Wurst authored on11/12/2012 05:24:35
Showing1 changed files
... ...
@@ -81,6 +81,11 @@ function upgradeable($appname, $version)
81 81
     DEBUG("found MediaWiki");
82 82
     return 'mediawiki';
83 83
   }
84
+  elseif ($appname == 'owncloud') 
85
+  {
86
+    DEBUG('found OwnCloud');
87
+    return 'owncloud';
88
+  }
84 89
   DEBUG("found no upgradeable webapp!");
85 90
   return NULL;
86 91
 }
Browse code

Added license tags for CC0, README and COPYING

Bernd Wurst authored on11/03/2012 15:40:04
Showing1 changed files
... ...
@@ -1,4 +1,18 @@
1 1
 <?php
2
+/*
3
+This file belongs to the Webinterface of schokokeks.org Hosting
4
+
5
+Written 2008-2012 by schokokeks.org Hosting, namely
6
+  Bernd Wurst <bernd@schokokeks.org>
7
+  Hanno Böck <hanno@schokokeks.org>
8
+
9
+To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty.
10
+
11
+You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see 
12
+http://creativecommons.org/publicdomain/zero/1.0/
13
+
14
+Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
15
+*/
2 16
 
3 17
 require_once('inc/base.php');
4 18
 
Browse code

Erkenne »Druapl6«

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@2168 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on03/02/2012 06:04:03
Showing1 changed files
... ...
@@ -38,6 +38,10 @@ function directory_in_use($directory)
38 38
 function upgradeable($appname, $version)
39 39
 {
40 40
   DEBUG("Is {$appname}-{$version} upgradeable?");
41
+  if ($appname == 'Drupal6') 
42
+  {
43
+    return 'drupal6';
44
+  }
41 45
   if ($appname == 'Drupal')
42 46
   {
43 47
     DEBUG("found Drupal!");
Browse code

Drupal-7 kann auch per Auto-Updater aktualisiert werden

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@1903 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on13/01/2011 15:53:05
Showing1 changed files
... ...
@@ -51,6 +51,11 @@ function upgradeable($appname, $version)
51 51
       DEBUG("found Drupal-6.*!");
52 52
       return 'drupal6';
53 53
     }
54
+    if (substr($version, 0, 2) == '7.')
55
+    {
56
+      DEBUG("found Drupal-7.*!");
57
+      return 'drupal7';
58
+    }
54 59
     DEBUG("Version: ".substr($version, 0, 2));
55 60
   }
56 61
   elseif ($appname == 'MediaWiki')
Browse code

erlaube automatisches upgrade für drupal5

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@1507 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on20/11/2009 09:54:46
Showing1 changed files
... ...
@@ -41,6 +41,11 @@ function upgradeable($appname, $version)
41 41
   if ($appname == 'Drupal')
42 42
   {
43 43
     DEBUG("found Drupal!");
44
+    if (substr($version, 0, 2) == '5.')
45
+    {
46
+      DEBUG("found Drupal-5.*!");
47
+      return 'drupal5';
48
+    }
44 49
     if (substr($version, 0, 2) == '6.')
45 50
     {
46 51
       DEBUG("found Drupal-6.*!");
Browse code

stringlänge mit strlen und nicht mit count messen

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@1467 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on14/09/2009 18:28:25
Showing1 changed files
... ...
@@ -91,6 +91,7 @@ function create_webapp_mysqldb($application, $sitename)
91 91
   
92 92
   if (validate_mysql_username($handle) && validate_mysql_dbname($handle) && ! (has_mysql_user($handle) || has_mysql_database($handle)))
93 93
   {
94
+    logger(LOG_INFO, "webapps/include/webapp-installer", "create", "creating db and user »{$handle}«");
94 95
     create_mysql_database($handle, $description);
95 96
     create_mysql_account($handle, $description);
96 97
     set_mysql_access($handle, $handle, true);
... ...
@@ -103,6 +104,7 @@ function create_webapp_mysqldb($application, $sitename)
103 104
     $handle = $username.'_'.$i;
104 105
     if (validate_mysql_username($handle) && validate_mysql_dbname($handle) && ! (has_mysql_user($handle) || has_mysql_database($handle)))
105 106
     {
107
+      logger(LOG_INFO, "webapps/include/webapp-installer", "create", "creating db and user »{$handle}«");
106 108
       create_mysql_database($handle, $description);
107 109
       create_mysql_account($handle, $description);
108 110
       set_mysql_access($handle, $handle, true);
Browse code

Bugfixes beim Webapp-installer

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@1414 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on16/07/2009 09:17:07
Showing1 changed files
... ...
@@ -5,13 +5,13 @@ require_once('inc/base.php');
5 5
 function create_new_webapp($appname, $directory, $url, $data)
6 6
 {
7 7
   if (directory_in_use($directory))
8
-    system_failure('Sie haben erst kürzlich eine Anwendung in diesem Verzeichnis installieren lassen. Die Installation ist noch nicht beendet.');
8
+    system_failure('Sie haben erst kürzlich eine Anwendung in diesem Verzeichnis installieren lassen. Aus Sicherheitsgründen können Sie in diesem Verzeichnis am selben Tag nicht schon wieder eine Anwendung installieren.');
9 9
   $username = mysql_real_escape_string($_SESSION['userinfo']['username']);
10 10
   $appname = mysql_real_escape_string($appname);
11 11
   $directory = mysql_real_escape_string($directory);
12 12
   $url = mysql_real_escape_string($url);
13 13
   $data = mysql_real_escape_string($data);
14
-  db_query("INSERT INTO vhosts.webapp_installer VALUES (NULL, '{$appname}', '{$directory}', '{$url}', 'new', '{$username}', '{$data}')");
14
+  db_query("INSERT INTO vhosts.webapp_installer (appname, directory, url, state, username, data) VALUES ('{$appname}', '{$directory}', '{$url}', 'new', '{$username}', '{$data}')");
15 15
 }
16 16
 
17 17
 
... ...
@@ -23,13 +23,13 @@ function request_update($appname, $directory, $url)
23 23
   $appname = mysql_real_escape_string($appname);
24 24
   $directory = mysql_real_escape_string($directory);
25 25
   $url = maybe_null(mysql_real_escape_string($url));
26
-  db_query("INSERT INTO vhosts.webapp_installer VALUES (NULL, '{$appname}', '{$directory}', {$url}, 'old', '{$username}', NULL)");
26
+  db_query("INSERT INTO vhosts.webapp_installer (appname, directory, url, state, username) VALUES ('{$appname}', '{$directory}', {$url}, 'old', '{$username}')");
27 27
 }
28 28
 
29 29
 function directory_in_use($directory)
30 30
 {
31 31
   $directory = mysql_real_escape_string($directory);
32
-  $result = db_query("SELECT id FROM vhosts.webapp_installer WHERE state IN ('new','old') AND directory='{$directory}'");
32
+  $result = db_query("SELECT id FROM vhosts.webapp_installer WHERE (state IN ('new','old') OR DATE(lastchange)=CURDATE()) AND directory='{$directory}'");
33 33
   if (mysql_num_rows($result) > 0)
34 34
     return true;
35 35
   return false;
... ...
@@ -48,6 +48,11 @@ function upgradeable($appname, $version)
48 48
     }
49 49
     DEBUG("Version: ".substr($version, 0, 2));
50 50
   }
51
+  elseif ($appname == 'MediaWiki')
52
+  {
53
+    DEBUG("found MediaWiki");
54
+    return 'mediawiki';
55
+  }
51 56
   DEBUG("found no upgradeable webapp!");
52 57
   return NULL;
53 58
 }
... ...
@@ -98,8 +103,8 @@ function create_webapp_mysqldb($application, $sitename)
98 103
     $handle = $username.'_'.$i;
99 104
     if (validate_mysql_username($handle) && validate_mysql_dbname($handle) && ! (has_mysql_user($handle) || has_mysql_database($handle)))
100 105
     {
101
-      create_mysql_database($handle);
102
-      create_mysql_account($handle);
106
+      create_mysql_database($handle, $description);
107
+      create_mysql_account($handle, $description);
103 108
       set_mysql_access($handle, $handle, true);
104 109
       $password = random_string(10);
105 110
       set_mysql_password($handle, $password);
Browse code

Doppelte webapp-installer-task verhindern

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@1375 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on18/05/2009 16:14:29
Showing1 changed files
... ...
@@ -4,6 +4,8 @@ require_once('inc/base.php');
4 4
 
5 5
 function create_new_webapp($appname, $directory, $url, $data)
6 6
 {
7
+  if (directory_in_use($directory))
8
+    system_failure('Sie haben erst kürzlich eine Anwendung in diesem Verzeichnis installieren lassen. Die Installation ist noch nicht beendet.');
7 9
   $username = mysql_real_escape_string($_SESSION['userinfo']['username']);
8 10
   $appname = mysql_real_escape_string($appname);
9 11
   $directory = mysql_real_escape_string($directory);
... ...
@@ -15,6 +17,8 @@ function create_new_webapp($appname, $directory, $url, $data)
15 17
 
16 18
 function request_update($appname, $directory, $url)
17 19
 {
20
+  if (directory_in_use($directory))
21
+    system_failure('Sie haben erst kürzlich eine Anwendung in diesem Verzeichnis installieren lassen oder ein Update in diesem Verzeichnis angefordert. Bitte warten Sie bis diese Aktion durchgeführt wurde.');
18 22
   $username = mysql_real_escape_string($_SESSION['userinfo']['username']);
19 23
   $appname = mysql_real_escape_string($appname);
20 24
   $directory = mysql_real_escape_string($directory);
... ...
@@ -22,6 +26,14 @@ function request_update($appname, $directory, $url)
22 26
   db_query("INSERT INTO vhosts.webapp_installer VALUES (NULL, '{$appname}', '{$directory}', {$url}, 'old', '{$username}', NULL)");
23 27
 }
24 28
 
29
+function directory_in_use($directory)
30
+{
31
+  $directory = mysql_real_escape_string($directory);
32
+  $result = db_query("SELECT id FROM vhosts.webapp_installer WHERE state IN ('new','old') AND directory='{$directory}'");
33
+  if (mysql_num_rows($result) > 0)
34
+    return true;
35
+  return false;
36
+}
25 37
 
26 38
 function upgradeable($appname, $version)
27 39
 {
Browse code

Frage Datenbank-Kürzel nicht mehr ab sondern erzeuge es autoamtisch

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@1310 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on19/03/2009 08:17:31
Showing1 changed files
... ...
@@ -61,32 +61,40 @@ function get_url_for_dir($docroot, $cutoff = '')
61 61
 }
62 62
 
63 63
 
64
-function create_webapp_mysqldb($handle)
64
+function create_webapp_mysqldb($application, $sitename)
65 65
 {
66 66
   // dependet auf das mysql-modul
67 67
   require_once('modules/mysql/include/mysql.php'); 
68 68
   
69 69
   $username = mysql_real_escape_string($_SESSION['userinfo']['username']);
70
-  if ($handle == '')
71
-    input_error('Kein Datenbank-Handle angegeben');
72
-  $handle = $username.'_'.$handle;
70
+  $description = "Automatisch erzeugte Datenbank für {$application} ({$sitename})";
73 71
   
74
-  if (! validate_mysql_username($handle))
72
+  // zuerst versuchen wir username_webappname. Wenn das nicht klappt, dann wird hochgezählt
73
+  $handle = $username.'_'.$application;
74
+  
75
+  if (validate_mysql_username($handle) && validate_mysql_dbname($handle) && ! (has_mysql_user($handle) || has_mysql_database($handle)))
75 76
   {
76
-    system_failure('Ungültiges MySQL-Handle');
77
+    create_mysql_database($handle, $description);
78
+    create_mysql_account($handle, $description);
79
+    set_mysql_access($handle, $handle, true);
80
+    $password = random_string(10);
81
+    set_mysql_password($handle, $password);
82
+    return array('dbuser' => $handle, 'dbname' => $handle, 'dbpass' => $password);
77 83
   }
78 84
 
79
-  if (has_mysql_user($handle) || has_mysql_database($handle))
80
-  {
81
-    system_failure('Eine Datenbank oder einen Datenbank-Benutzer mit diesem Namen gibt es bereits!');
85
+  for ($i = 0; $i < 100 ; $i++) {
86
+    $handle = $username.'_'.$i;
87
+    if (validate_mysql_username($handle) && validate_mysql_dbname($handle) && ! (has_mysql_user($handle) || has_mysql_database($handle)))
88
+    {
89
+      create_mysql_database($handle);
90
+      create_mysql_account($handle);
91
+      set_mysql_access($handle, $handle, true);
92
+      $password = random_string(10);
93
+      set_mysql_password($handle, $password);
94
+      return array('dbuser' => $handle, 'dbname' => $handle, 'dbpass' => $password);
95
+    }
82 96
   }
83
-
84
-  create_mysql_database($handle);
85
-  create_mysql_account($handle);
86
-  set_mysql_access($handle, $handle, true);
87
-  $password = random_string(10);
88
-  set_mysql_password($handle, $password);
89
-  return $password; 
97
+  system_failure('Konnte keine Datenbank erzeugen. Bitte melden Sie diesen Umstand den Administratoren!');
90 98
 }
91 99
 
92 100
 
Browse code

* alle internen Links sinnvoll (und gleichartig!) encoden * Automatischer Upgrader für Drupal funktioniert jetzt

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@1301 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on07/03/2009 14:48:53
Showing1 changed files
... ...
@@ -13,6 +13,54 @@ function create_new_webapp($appname, $directory, $url, $data)
13 13
 }
14 14
 
15 15
 
16
+function request_update($appname, $directory, $url)
17
+{
18
+  $username = mysql_real_escape_string($_SESSION['userinfo']['username']);
19
+  $appname = mysql_real_escape_string($appname);
20
+  $directory = mysql_real_escape_string($directory);
21
+  $url = maybe_null(mysql_real_escape_string($url));
22
+  db_query("INSERT INTO vhosts.webapp_installer VALUES (NULL, '{$appname}', '{$directory}', {$url}, 'old', '{$username}', NULL)");
23
+}
24
+
25
+
26
+function upgradeable($appname, $version)
27
+{
28
+  DEBUG("Is {$appname}-{$version} upgradeable?");
29
+  if ($appname == 'Drupal')
30
+  {
31
+    DEBUG("found Drupal!");
32
+    if (substr($version, 0, 2) == '6.')
33
+    {
34
+      DEBUG("found Drupal-6.*!");
35
+      return 'drupal6';
36
+    }
37
+    DEBUG("Version: ".substr($version, 0, 2));
38
+  }
39
+  DEBUG("found no upgradeable webapp!");
40
+  return NULL;
41
+}
42
+
43
+
44
+function get_url_for_dir($docroot, $cutoff = '')
45
+{
46
+  if (substr($docroot, -1) == '/')
47
+    $docroot = substr($docroot, 0, -1);
48
+  $docroot = mysql_real_escape_string($docroot);
49
+  $result = db_query("SELECT `ssl`, IF(FIND_IN_SET('aliaswww', options), CONCAT('www.',fqdn), fqdn) AS fqdn FROM vhosts.v_vhost WHERE docroot IN ('{$docroot}', '{$docroot}/') LIMIT 1");
50
+  if (mysql_num_rows($result) < 1)
51
+  {
52
+    if (!strstr($docroot, '/'))
53
+      return NULL;
54
+    return get_url_for_dir(substr($docroot, 0, strrpos($docroot, '/')), substr($docroot, strrpos($docroot, '/')).$cutoff);
55
+  } 
56
+  $tmp = mysql_fetch_assoc($result);
57
+  $prefix = 'http://';
58
+  if ($tmp['ssl'] == 'forward' || $tmp['ssl'] == 'https')
59
+    $prefix = 'https://';
60
+  return $prefix.$tmp['fqdn'].$cutoff;
61
+}
62
+
63
+
16 64
 function create_webapp_mysqldb($handle)
17 65
 {
18 66
   // dependet auf das mysql-modul
Browse code

Webapp-Installer, erste Version die funktioniert

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@1276 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on28/02/2009 12:14:27
Showing1 changed files
1 1
new file mode 100644
... ...
@@ -0,0 +1,44 @@
1
+<?php
2
+
3
+require_once('inc/base.php');
4
+
5
+function create_new_webapp($appname, $directory, $url, $data)
6
+{
7
+  $username = mysql_real_escape_string($_SESSION['userinfo']['username']);
8
+  $appname = mysql_real_escape_string($appname);
9
+  $directory = mysql_real_escape_string($directory);
10
+  $url = mysql_real_escape_string($url);
11
+  $data = mysql_real_escape_string($data);
12
+  db_query("INSERT INTO vhosts.webapp_installer VALUES (NULL, '{$appname}', '{$directory}', '{$url}', 'new', '{$username}', '{$data}')");
13
+}
14
+
15
+
16
+function create_webapp_mysqldb($handle)
17
+{
18
+  // dependet auf das mysql-modul
19
+  require_once('modules/mysql/include/mysql.php'); 
20
+  
21
+  $username = mysql_real_escape_string($_SESSION['userinfo']['username']);
22
+  if ($handle == '')
23
+    input_error('Kein Datenbank-Handle angegeben');
24
+  $handle = $username.'_'.$handle;
25
+  
26
+  if (! validate_mysql_username($handle))
27
+  {
28
+    system_failure('Ungültiges MySQL-Handle');
29
+  }
30
+
31
+  if (has_mysql_user($handle) || has_mysql_database($handle))
32
+  {
33
+    system_failure('Eine Datenbank oder einen Datenbank-Benutzer mit diesem Namen gibt es bereits!');
34
+  }
35
+
36
+  create_mysql_database($handle);
37
+  create_mysql_account($handle);
38
+  set_mysql_access($handle, $handle, true);
39
+  $password = random_string(10);
40
+  set_mysql_password($handle, $password);
41
+  return $password; 
42
+}
43
+
44
+