Merge remote-tracking branch 'origin/unstable' into bind-add-ng-fix-regex

This commit is contained in:
Mathieu Trossevin 2023-11-17 15:00:56 +01:00
commit 28a16a24cf
Signed by: mtrossevin
GPG key ID: D1DBB7EA828374E9
34 changed files with 1620 additions and 729 deletions

1
.gitignore vendored
View file

@ -1,2 +1,3 @@
conf/config.local.php
.vagrant
.idea

49
CHANGELOG.md Normal file
View file

@ -0,0 +1,49 @@
# Changelog
All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).
This project does not follow semantic versioning.
The **major** part of the version is the year
The **minor** part changes is the month
The **patch** part changes is incremented if multiple releases happen the same month
## [Unreleased]
### Added
* Prevent op_del to fail and able to remove web account when part of it is already removed
### Changed
* Add sendmail_path and open_basedir in LXC PHP pool configs
### Fixed
### Removed
### Security
## [23.02] 2023-02-20
### Added
* web : Display web-add.sh version
### Changed
* Readme.md : Translated to english. New contribution guidelines and misc information
### Fixed
* web-add.sh : Deleting mysql user with DROP USER to stay compatible with MariaDB 10.5+ - #78
* web-add.sh : Correcting deletion order to avoid dependency issues - #76
### Removed
### Security

View file

@ -1 +0,0 @@
* Ajouter les autorisations sudo nécessaires

228
README.md
View file

@ -1,220 +1,48 @@
# evoadmin-web
# Evoadmin-web
Panel d'administration de serveur web et scripts shell.
Web interface and management scripts for web hosting
Project leader : ?
## Versions
## Versions & Branches
* Stable Wheezy → git checkout wheezy
* Stable Jessie → git checkout jessie
* Stretch → master
The `master` branch is ready for production.
It's compatible with the current Debian version (and few previous ones)
Code for older Debian releases (Wheezy, Jessie) is archived on separate branches.
The `unstable` branch contains not sufficiently tested changes that we don't consider ready for production yet.
### Versions
* Debian Stretch, Buster, Bullseye → use branch `master` (current stable version)
* Debian Jessie → use branch `jessie` (old, archive branch)
* Debian Wheezy → use branch `wheezy` (old, archive branch)
## Installation
Via ansible avec le role packweb-apache. Le role webapps/evoadmin-web en dépendance se charge de l'installation de l'interface et de ses scripts.
Installation should be done with Ansible.
The role `packweb-apache` will handle all dependencies (Apache, PHP, MariaDB...) installation and configuration.
It will also use the role `webapps/evoadmin-web` to setup the web-interface and management sw
### Manuelle
### Manually
TODO
## Contributing
### Activation du mode Multi PHP avec des conteneurs LXC
Contributions are welcome, especially bug fixes. They will be merged in if they are consistent with our conventions and use cases. They might be rejected if they introduce complexity, cover features we don't need or don't fit "style".
Installer les paquets nécessaires :
Before starting anything of importance, we suggest opening an issue to discuss what you'd like to add or change.
~~~
# apt install lxc debootstrap
~~~
All modifications should be documented in the CHANGELOG file, to help review releases. We encourage atomic commits and with the CHANGELOG in the same commit.
Modifier la configuration de LXC :
# Workflow
~~~
# cat /etc/lxc/default.conf
The ideal and most typical workflow is to create a branch, based on the `unstable` branch. The branch should have a descriptive name (a ticket/issue number is great). The branch can be treated as a pull-request or merge-request. It should be propery tested and reviewed before merging into `unstable`.
# Set the default network virtualization method.
lxc.network.type = none
Changes that don't introduce significant changes — or that must go faster that the typical workflow — can be commited directly into `unstable`.
# Mount /home into containers.
lxc.mount.entry = /home home none bind 0 0
Hotfixes, can be prepared on a new branch, based on `master` or `unstable` (to be decided by the author). When ready, it can be merged back to `master` for immediate deployment and to `unstable` for proper backporting.
# Only one tty is enough.
# This require that you disabled others tty ([2-6]) in systemd.
lxc.tty = 1
# Run 64bits containers
lxc.arch = x86_64
# Start containers on boot by default
lxc.start.auto = 1
~~~
Dans cette configuration, les containers LXC n'ont pas leur interface réseau virtualisée. Et /home de l'hôte est partagé dans les containers.
#### PHP 5.6
On installe un conteneur Debian Jessie :
~~~
# lxc-create --name php56 --template debian --bdev dir --logfile /var/log/lxc/lxc-php56.log --logpriority INFO -- --arch amd64 --release jessie
~~~
Puis on installe les paquets PHP 5.6 dans ce conteneur :
~~~
# lxc-start -n php56
# lxc-attach -n php56 apt install php5-fpm php5-cli php5-gd php5-imap php5-ldap php5-mcrypt php5-mysql php5-pgsql php-gettext php5-intl php5-curl php5-ssh2 libphp-phpmailer
~~~
#### PHP 7.0
On installe un conteneur Debian Stretch :
~~~
# lxc-create --name php70 --template debian --bdev dir --logfile /var/log/lxc/lxc-php70.log --logpriority INFO -- --arch amd64 --release stretch
~~~
Puis on installe les paquets PHP 7.0 dans ce conteneur :
~~~
# lxc-start -n php70
# lxc-attach -n php70 apt install php-fpm php-cli php-gd php-intl php-imap php-ldap php-mcrypt php-mysql php-pgsql php-gettext php-curl php-ssh2 composer libphp-phpmailer
~~~
#### PHP 7.3
On installe un conteneur Debian Stretch :
~~~
# lxc-create --name php73 --template debian --bdev dir --logfile /var/log/lxc/lxc-php73.log --logpriority INFO -- --arch amd64 --release stretch
~~~
Puis on installe les paquets PHP 7.3 dans ce conteneur :
~~~
# lxc-start -n php73
# lxc-attach -n php73
# apt-get update && apt-get install -y --no-install-recommends wget apt-transport-https ca-certificates
# wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
# echo "deb https://packages.sury.org/php/ stretch main" > /etc/apt/sources.list.d/sury.list
# apt-get update && apt-get install -y --no-install-recommends php7.3 php7.3-fpm php7.3-cli php7.3-curl php7.3-mysql php7.3-pgsql php7.3-ldap php7.3-imap php7.3-gd php-ssh2 php-gettext composer libphp-phpmailer
~~~
#### Pour toutes les versions de PHP
Dans les containers, il faut ajouter le fichier **z-evolinux-defaults.ini** dans le dossier **conf.d** des réglages de PHP FPM et CLI
> Pour PHP5 **/etc/php5/fpm/conf.d/z-evolinux-defaults.ini** et **/etc/php5/cli/conf.d/z-evolinux-defaults.ini**
> Pour PHP7.0 **/etc/php/7.0/fpm/conf.d/z-evolinux-defaults.ini** et **/etc/php/7.0/cli/conf.d/z-evolinux-defaults.ini**
> Pour PHP7.3 **/etc/php/7.3/fpm/conf.d/z-evolinux-defaults.ini** et **/etc/php/7.3/cli/conf.d/z-evolinux-defaults.ini**
~~~
[PHP]
short_open_tag = Off
expose_php = Off
display_errors = Off
log_errors = On
html_errors = Off
allow_url_fopen = Off
disable_functions = exec,shell-exec,system,passthru,putenv,popen
~~~
Après cela, il faut redémarrer FPM
~~~
# lxc-attach -n php56 /etc/init.d/php5-fpm restart
# lxc-attach -n php70 /etc/init.d/php7.0-fpm restart
# lxc-attach -n php73 /etc/init.d/php7.3-fpm restart
~~~
Une fois les conteneurs installés, il faut configurer evoadmin-web pour lui indiquer les versions disponibles de PHP dans **/etc/evolinux/web-add.conf** (pour *web-add.sh*) et dans **/home/evoadmin/www/conf/config.local.php** pour l'interface web
~~~
# cat /etc/evolinux/web-add.conf
#(...)
PHP_VERSIONS=(56 70 73)
#(...)
~~~
~~~
# cat /home/evoadmin/www/conf/config.local.php
// (...)
$localconf['php_versions'] = array(70, 73);
// (...)
~~~
#### Apache
Il est nécessaire d'activer le mod proxy pour apache2 si ce n'a pas déjà été fait :
~~~
# a2enmod proxy_fcgi
# systemctl restart apache2.service
~~~
Si vous rencontrez l'erreur "File not found" avec les fichiers php, bien vérifier que le rootfs des conteneurs est en 755 :
~~~
chmod 755 /var/lib/lxc/php56/rootfs
chmod 755 /var/lib/lxc/php70/rootfs
chmod 755 /var/lib/lxc/php73/rootfs
~~~
#### Email
Pour envoyer des mails, on peut installer **ssmtp** qui va forwarder les mails du conteneur vers l'hôte (à faire par conteneur via lxc-attach) :
~~~
apt install ssmtp
~~~
Editer **/etc/ssmtp/ssmtp.conf** (remplacer example.com par le hostname complet de votre machine) :
~~~
root=postmaster
mailhub=127.0.0.1
hostname=example.com
FromLineOverride=YES
~~~
## Méthodes de collaboration
Lire le fichier GUIDELINES.
Chaque version stable a le nom de la version Debian dans une branche. (Wheezy, Jessie, …)
On ne touche pas à ces branches, sauf pour corriger un bug critique,
qu'on appellera dans le commit "Hotfix #IDBugRedmine. Description du commit/bug".
Le project leader se charge de merger les futures version (wheezy-dev, jessie-dev, …)
dans la branche stable et de faire un changelog.
Chaque version de redmine est prévu à l'avance dans la roadmap de Redmine.
Quand une version de développement est terminé (tout les bugs fermés),
on utilisera les tags pour se repérer dans l'historique GIT.
Puis une fois que la version est décrété stable, elle sera mergé dans la branche stable.
Pour travailler sur une version spécifique, il faut travailler dans la branche "$release".
Voir les branches sur le remote :
```
$ git branch -r
origin/jessie-dev
origin/wheezy-dev
origin/wheezy
```
Il suffira de « checkout » dessus, et commencer à commiter. Les commits doivent
être nommés "Implement #IDBugRedmine. Description feature." ou
"Fix #IDBugRedmine. Description correction du bug.".
```
$ git checkout wheezy-dev
[…] hack hack […]
$ git commit
$ git push
```
## Licence
Evoadmin-web est un projet [Evolix](https://evolix.com) et est distribué sour licence AGPLv3, voir le fichier [LICENSE](LICENSE) pour les détails.
Other workflow are not forbidden, but should be discussed in advance.

180
README.old.md Normal file
View file

@ -0,0 +1,180 @@
### Activation du mode Multi PHP avec des conteneurs LXC
Installer les paquets nécessaires :
~~~
# apt install lxc debootstrap
~~~
Modifier la configuration de LXC :
~~~
# cat /etc/lxc/default.conf
# Set the default network virtualization method.
lxc.network.type = none
# Mount /home into containers.
lxc.mount.entry = /home home none bind 0 0
# Only one tty is enough.
# This require that you disabled others tty ([2-6]) in systemd.
lxc.tty = 1
# Run 64bits containers
lxc.arch = x86_64
# Start containers on boot by default
lxc.start.auto = 1
~~~
Dans cette configuration, les containers LXC n'ont pas leur interface réseau virtualisée. Et /home de l'hôte est partagé dans les containers.
#### PHP 5.6
On installe un conteneur Debian Jessie :
~~~
# lxc-create --name php56 --template debian --bdev dir --logfile /var/log/lxc/lxc-php56.log --logpriority INFO -- --arch amd64 --release jessie
~~~
Puis on installe les paquets PHP 5.6 dans ce conteneur :
~~~
# lxc-start -n php56
# lxc-attach -n php56 apt install php5-fpm php5-cli php5-gd php5-imap php5-ldap php5-mcrypt php5-mysql php5-pgsql php-gettext php5-intl php5-curl php5-ssh2 libphp-phpmailer
~~~
#### PHP 7.0
On installe un conteneur Debian Stretch :
~~~
# lxc-create --name php70 --template debian --bdev dir --logfile /var/log/lxc/lxc-php70.log --logpriority INFO -- --arch amd64 --release stretch
~~~
Puis on installe les paquets PHP 7.0 dans ce conteneur :
~~~
# lxc-start -n php70
# lxc-attach -n php70 apt install php-fpm php-cli php-gd php-intl php-imap php-ldap php-mcrypt php-mysql php-pgsql php-gettext php-curl php-ssh2 composer libphp-phpmailer
~~~
#### PHP 7.3
On installe un conteneur Debian Stretch :
~~~
# lxc-create --name php73 --template debian --bdev dir --logfile /var/log/lxc/lxc-php73.log --logpriority INFO -- --arch amd64 --release stretch
~~~
Puis on installe les paquets PHP 7.3 dans ce conteneur :
~~~
# lxc-start -n php73
# lxc-attach -n php73
# apt-get update && apt-get install -y --no-install-recommends wget apt-transport-https ca-certificates gnupg
# curl https://packages.sury.org/php/apt.gpg | apt-key add
# echo "deb https://packages.sury.org/php/ stretch main" > /etc/apt/sources.list.d/sury.list
# apt-get update && apt-get install -y --no-install-recommends php7.3 php7.3-fpm php7.3-cli php7.3-curl php7.3-mysql php7.3-pgsql php7.3-ldap php7.3-imap php7.3-gd php-ssh2 php-gettext composer libphp-phpmailer
~~~
#### Pour toutes les versions de PHP
Dans les containers, il faut ajouter le fichier **z-evolinux-defaults.ini** dans le dossier **conf.d** des réglages de PHP FPM et CLI
> Pour PHP5 **/etc/php5/fpm/conf.d/z-evolinux-defaults.ini** et **/etc/php5/cli/conf.d/z-evolinux-defaults.ini**
>
> Pour PHP7.0 **/etc/php/7.0/fpm/conf.d/z-evolinux-defaults.ini** et **/etc/php/7.0/cli/conf.d/z-evolinux-defaults.ini**
>
> Pour PHP7.3 **/etc/php/7.3/fpm/conf.d/z-evolinux-defaults.ini** et **/etc/php/7.3/cli/conf.d/z-evolinux-defaults.ini**
~~~
[PHP]
short_open_tag = Off
expose_php = Off
display_errors = Off
log_errors = On
html_errors = Off
allow_url_fopen = Off
disable_functions = exec,shell-exec,system,passthru,putenv,popen
~~~
Après cela, il faut redémarrer FPM
~~~
# lxc-attach -n php56 /etc/init.d/php5-fpm restart
# lxc-attach -n php70 /etc/init.d/php7.0-fpm restart
# lxc-attach -n php73 /etc/init.d/php7.3-fpm restart
~~~
Une fois les conteneurs installés, il faut configurer evoadmin-web pour lui indiquer les versions disponibles de PHP dans **/etc/evolinux/web-add.conf** (pour *web-add.sh*) et dans **/home/evoadmin/www/conf/config.local.php** pour l'interface web
~~~
# cat /etc/evolinux/web-add.conf
#(...)
PHP_VERSIONS=(56 70 73)
#(...)
~~~
~~~
# cat /home/evoadmin/www/conf/config.local.php
// (...)
$localconf['php_versions'] = array(70, 73);
// (...)
~~~
#### Apache
Il est nécessaire d'activer le mod proxy pour apache2 si ce n'a pas déjà été fait :
~~~
# a2enmod proxy_fcgi
# systemctl restart apache2.service
~~~
Si vous rencontrez l'erreur "File not found" avec les fichiers php, bien vérifier que le rootfs des conteneurs est en 755 :
~~~
# chmod 755 /var/lib/lxc/php56/rootfs
# chmod 755 /var/lib/lxc/php70/rootfs
# chmod 755 /var/lib/lxc/php73/rootfs
~~~
#### Email
Pour envoyer des mails, on peut installer **ssmtp** qui va forwarder les mails du conteneur vers l'hôte (à faire par conteneur via lxc-attach) :
Avant d'installer le paquet, il faut ajouter le hostname du conteneur dans **/etc/hosts**, sinon la configuration du paquet retourne une erreur :
~~~
127.0.0.1 php70
~~~
~~~
# apt install ssmtp
~~~
Editer **/etc/ssmtp/ssmtp.conf** (remplacer example.com par le hostname complet de votre machine) :
~~~
root=postmaster
mailhub=127.0.0.1
hostname=example.com
FromLineOverride=YES
~~~
#### PHP-CLI
~~~
$ cat /usr/local/bin/exec73
#!/bin/bash
php_cmd=$(printf "/usr/bin/php %q" "$@" )
lxc-attach -n php73 -- su - "$SUDO_USER" -c "$php_cmd"
~~~
Il faut ensuite s'assurer que ce script peut être exécuté via sudo.

7
TODO
View file

@ -1,7 +0,0 @@
* Verification des paramètres passés dans le script ftpadmin.sh
* Vérifier lors de la suppression que c'est bien la personne a qui appartient le compte qui lance la commande
* Tableau "sortable" (TableKit ?)
* Mettre en place EvoLog et logger la sortie des scripts
* Validation plus (très) stricte sur les entrées de formulaire
* Listage des comptes utilisateurs
* Total espace disque FTP

View file

@ -8,36 +8,35 @@
* $Id: config.php 273 2009-05-12 13:54:50Z tmartin $
* vim: expandtab softtabstop=4 tabstop=4 shiftwidth=4 showtabline=2
*
* @author Gregory Colpart <reg@evolix.fr>
* @author Thomas Martin <tmartin@evolix.fr>
* @author Sebastien Palma <spalma@evolix.fr>
* @author Gregory Colpart <reg@evolix.fr>
* @author Thomas Martin <tmartin@evolix.fr>
* @author Sebastien Palma <spalma@evolix.fr>
* @version 1.0
*/
// Email pour les notifications
$oriconf['admin']['mail'] = 'admin@example.com';
$oriconf['techmail'] = 'jdoe@example.com';
$oriconf['debug'] = FALSE;
$oriconf['debug'] = false;
$oriconf['superadmin'] = array('superadmin');
$oriconf['script_path'] = '/usr/share/scripts/evoadmin';
$oriconf['cluster'] = FALSE;
$oriconf['cluster'] = false;
$oriconf['servers'] = array('servers');
$oriconf['cache'] = '/home/evoadmin/www/cache.sqlite';
$oriconf['known_host'] = '/home/evoadmin/www/known_host';
$oriconf['ftpadmin'] = FALSE;
$oriconf['bindadmin'] = FALSE;
// Penser à rajouter également les versions de PHP disponibles dans /etc/evolinux/web-add.conf
$oriconf['php_versions'] = array();
$oriconf['quota'] = FALSE;
$oriconf['dbadmin'] = FALSE;
$oriconf['ftpadmin'] = false;
$oriconf['bindadmin'] = false;
// Warning: Don't forget to add available PHP versions into : /etc/evolinux/web-add.conf
// $oriconf['php_versions'] = array();
$oriconf['quota'] = false;
$oriconf['dbadmin'] = false;
$oriconf['noreplication'] = array('srv00.example.com', 'srv01.example.com', 'srv02.example.com');
$oriconf['postponedreplication'] = array('srv00.example.com', 'srv01.example.com', 'srv02.example.com');
$oriconf['immediatereplication'] = array('srv00.example.com', 'srv01.example.com');
$oriconf['postponedreplication_mode'] = array('1 fois/jour', '3 fois/jour', '1 fois/jour');
// auth (sha256 hashs)
// Generate password hashes : mkpasswd --method=sha-512 (cli) or with PHP's password_hash()
$oriconf['logins'] = array();
//$oriconf['logins']['foo'] = 'd5d3c723fb82cb0078f399888af78204234535ec2ef3da56710fdd51f90d2477';
//$oriconf['logins']['bar'] = '7938c84d6e43d1659612a7ea7c1101ed02e52751bb64597a8c20ebaba8ba4303';
//$oriconf['logins']['foo'] = '$6$X0jqa/ausLSBkj4m$dLMMcPGVxak.aDPo4V/GJLm2d8vU8/QA5LbGTuqXCdxSNYU0kRKBgDl16GAyp0GqXXZ5wwDEJKQ1npgFwiuV81';
//$oriconf['logins']['bar'] = '$6$Q6233S6mlWAF6p.j$LtzwG02YucozwqjAgSpeldh24Mnz7lBuVSbOQYbKKh9FiUx3tMVl6kJZkmrNdPqeadFXKAYXrqn.gy8KposF5.';

View file

@ -461,13 +461,13 @@ class AlphaNumericalTextInputFormField extends FormField {
class DomainInputFormField extends FormField {
protected $mandatory = NULL;
protected $textsize = NULL;
//protected $textsize = NULL;
public function __construct($label, $mandatory=TRUE, $hidden=FALSE) {
parent::__construct($label);
$this->mandatory = $mandatory;
$this->hidden = $hidden;
$this->textsize = $textsize;
//$this->textsize = $textsize;
}
public function verify($set_error) {
@ -491,7 +491,7 @@ class DomainInputFormField extends FormField {
else
$input .= '<input type="text" id="'.$this->name.'"';
$input .= ' name="'.$this->name.'" value="'.htmlspecialchars($this->value,ENT_QUOTES).'"';
$input .= ' maxlength="'.$this->textsize[1].'" size="'.$this->textsize[0].'" ';
//$input .= ' maxlength="'.$this->textsize[1].'" size="'.$this->textsize[0].'" ';
if($this->read_only) { $input .= 'readonly="readonly="'; }
if($this->disabled) { $input .= 'disabled="disabled="'; }
$input .= '/>';
@ -516,12 +516,12 @@ class DomainInputFormField extends FormField {
class DomainListInputFormField extends FormField {
protected $mandatory = NULL;
protected $textsize = NULL;
//protected $textsize = NULL;
public function __construct($label, $mandatory=TRUE) {
parent::__construct($label);
$this->mandatory = $mandatory;
$this->textsize = $textsize;
//$this->textsize = $textsize;
}
public function verify($set_error) {
@ -547,7 +547,7 @@ class DomainListInputFormField extends FormField {
$input = '';
$input .= '<input type="text" id="'.$this->name.'"';
$input .= ' name="'.$this->name.'" value="'.htmlspecialchars($this->value,ENT_QUOTES).'"';
$input .= ' maxlength="'.$this->textsize[1].'" size="'.$this->textsize[0].'" ';
//$input .= ' maxlength="'.$this->textsize[1].'" size="'.$this->textsize[0].'" ';
if($this->read_only) { $input .= 'readonly="readonly="'; }
if($this->disabled) { $input .= 'disabled="disabled="'; }
$input .= '/>';
@ -720,6 +720,11 @@ class PasswordInputFormField extends FormField {
return FALSE;
}
if(!preg_match('#.*[/]+.*#',$this->value)==0){
if($set_error) $this->error = 'Votre mot de passe doit contenir le caractère \'/\'';
return FALSE;
}
return TRUE;
}

View file

@ -30,6 +30,10 @@ h1#top {
margin-bottom: 10px;
}
h3.form-error {
color: red;
}
div#disclaimer {
margin-top: 30px;
}
@ -135,6 +139,11 @@ span.form-error {
margin-left: 4px;
}
span.form-warning {
color: #E84D0C;
margin-left: 4px;
}
span.form-mandatory {
color: red;
}
@ -163,4 +172,3 @@ form#form-add legend {
form#form-add p {
text-align: left;
}

View file

@ -21,6 +21,12 @@ function switch_disabled(name) {
}
document.observe("dom:loaded", function() {
if (document.getElementById('vhost-delete-db') != null) {
document.getElementById('vhost-delete-db').onclick = function() {
console.log("clicked box");
switch_disabled('vhost-dbname');
}
}
document.getElementById('password_random').onclick = function() {
switch_disabled('password');
}

View file

@ -30,7 +30,7 @@ header('Content-Type: text/html; charset=utf-8');
/**
* Requires
*/
require_once EVOADMIN_BASE . 'common.php';
require_once EVOADMIN_BASE . '../inc/common.php';
$uri = $_SERVER['REQUEST_URI'];
@ -48,26 +48,47 @@ if (!array_key_exists('auth', $_SESSION) || $_SESSION['auth']!=1) {
include_once EVOADMIN_BASE . '../inc/webadmin.php';
} elseif (preg_match('#^/webadmin/servername/(.*)/?$#', $uri, $params)) {
} elseif (preg_match('#^/webadmin?#', $uri)) {
include_once EVOADMIN_BASE . '../inc/webadmin-servername.php';
// Redirect to /webadmin in order to set $_SESSION['non_stanard']
if (!isset($_SESSION['non_standard']))
http_redirect('/webadmin');
} elseif (preg_match('#^/webadmin/itk/(.*)/?$#', $uri, $params)) {
// block the non-standard vhost modification
if (in_array(htmlspecialchars(basename($_SERVER['REDIRECT_URL'])), $_SESSION['non_standard']))
http_redirect('/webadmin');
include_once EVOADMIN_BASE . '../inc/webadmin-itk.php';
if (preg_match('#^/webadmin/(.*)/domain/?(edit)?/?(.*)?/$#', $uri, $params)) {
} elseif (preg_match('#^/webadmin/php/(.*)/?$#', $uri, $params)) {
include_once EVOADMIN_BASE . '../inc/webadmin-servername.php';
include_once EVOADMIN_BASE . '../inc/webadmin-php.php';
} elseif (preg_match('#^/webadmin/(.*)/itk/?(enable|disable)?/?(.*)?/$#', $uri, $params)) {
} elseif (preg_match('#^/webadmin/edit/(.*)/?$#', $uri, $params)) {
include_once EVOADMIN_BASE . '../inc/webadmin-itk.php';
include_once EVOADMIN_BASE . '../inc/webadmin-edit.php';
} elseif (preg_match('#^/webadmin/(.*)/php/$#', $uri, $params)) {
} elseif (preg_match('#^/webadmin/suppr/(.*)/?$#', $uri, $params)) {
include_once EVOADMIN_BASE . '../inc/webadmin-php.php';
include_once EVOADMIN_BASE . '../inc/webadmin-suppr.php';
} elseif (preg_match('#^/webadmin/(.*)/alias/?(add|delete)?/?(.*)?/$#', $uri, $params)) {
include_once EVOADMIN_BASE . '../inc/webadmin-edit.php';
} elseif (preg_match('#^/webadmin/delete/(.*)/?$#', $uri, $params)) {
//TODO: fix according to route naming convention
include_once EVOADMIN_BASE . '../inc/webadmin-delete.php';
} elseif (preg_match('#^/webadmin/suppr/(.*)/?$#', $uri, $params)) {
include_once EVOADMIN_BASE . '../inc/webadmin-suppr.php';
} elseif (preg_match('#^/webadmin/(.*)/letsencrypt/?$#', $uri, $params)) {
include_once EVOADMIN_BASE . '../inc/webadmin-letsencrypt.php';
} else {
http_redirect('/webadmin');
}
} elseif (is_superadmin() && preg_match('#^/accounts/?#', $uri, $params)) {
include_once EVOADMIN_BASE . '../inc/accounts.php';

View file

@ -39,31 +39,31 @@ function web_add($form, $admin_mail) {
if(!$form->getField('password_random')->getValue()) {
$exec_cmd .= sprintf(' -p %s',
$form->getField('password')->getValue());
escapeshellarg($form->getField('password')->getValue()));
}
/* Ajout des options spécifiques à MySQL si nécessaire */
if($form->getField('mysql_db')->getValue()) {
$exec_cmd .= sprintf(' -m %s',
$form->getField('mysql_dbname')->getValue());
escapeshellarg($form->getField('mysql_dbname')->getValue()));
if(!$form->getField('mysql_password_random')->getValue()) {
$exec_cmd .= sprintf(' -P %s',
$form->getField('mysql_password')->getValue());
escapeshellarg($form->getField('mysql_password')->getValue()));
}
}
if (array_key_exists('php_versions', $conf) && count($conf['php_versions']) > 1) {
if (array_key_exists('php_versions', $conf) && is_array($conf['php_versions'])) {
$exec_cmd .= sprintf(' -r %s', $conf['php_versions'][$form->getField('php_version')->getValue()]);
}
if ($conf['quota']) {
$exec_cmd .= sprintf(' -q %s:%s', $form->getField('quota_soft')->getValue(), $form->getField('quota_hard')->getValue());
$exec_cmd .= sprintf(' -q %s:%s', escapeshellarg($form->getField('quota_soft')->getValue()), escapeshellarg($form->getField('quota_hard')->getValue()));
}
$exec_cmd .= sprintf(' -l %s %s %s 2>&1', $admin_mail,
$form->getField('username')->getValue(),
$form->getField('domain')->getValue());
escapeshellarg($form->getField('username')->getValue()),
escapeshellarg($form->getField('domain')->getValue()));
//domain_add($form, $_SERVER['SERVER_ADDR'], true);
sudoexec($exec_cmd, $exec_output, $exec_return);
@ -72,7 +72,7 @@ function web_add($form, $admin_mail) {
if ( $form->getField('domain_alias')->getValue() ) {
$domain_alias = preg_split('/,/', $form->getField('domain_alias')->getValue());
foreach ( $domain_alias as $domain ) {
$exec_cmd = 'web-add.sh add-alias '.$form->getField('username')->getValue().' ';
$exec_cmd = 'web-add.sh add-alias '.escapeshellarg($form->getField('username')->getValue()).' ';
$domain = trim($domain);
$exec_cmd .= $domain.' '. $server_list;
sudoexec($exec_cmd, $exec_output, $exec_return);
@ -97,17 +97,17 @@ function web_add_cluster($form, $admin_mail) {
if(!$form->getField('password_random')->getValue()) {
$exec_cmd .= sprintf(' -p %s',
$form->getField('password')->getValue());
escapeshellarg($form->getField('password')->getValue()));
}
/* Ajout des options spécifiques à MySQL si nécessaire */
if($form->getField('mysql_db')->getValue()) {
$exec_cmd .= sprintf(' -m %s',
$form->getField('mysql_dbname')->getValue());
escapeshellarg($form->getField('mysql_dbname')->getValue()));
if(!$form->getField('mysql_password_random')->getValue()) {
$exec_cmd .= sprintf(' -P %s',
$form->getField('mysql_password')->getValue());
escapeshellarg($form->getField('mysql_password')->getValue()));
}
$account['bdd'] = $form->getField('mysql_dbname')->getValue();
@ -173,13 +173,13 @@ function web_add_cluster($form, $admin_mail) {
break;
}
$exec_cmd .= sprintf(' -l %s %s %s %s %s %s 2>&1',
$admin_mail,
$form->getField('username')->getValue(),
$form->getField('domain')->getValue(),
$master,
$slave,
($realtime ? 'realtime': 'deferred'));
$exec_cmd .= sprintf(' -l %s %s %s %s %s %s 2>&1',
escapeshellarg($admin_mail),
escapeshellarg($form->getField('username')->getValue()),
escapeshellarg($form->getField('domain')->getValue()),
escapeshellarg($master),
escapeshellarg($slave),
escapeshellarg( ($realtime ? 'realtime': 'deferred')) );
//if ($conf['bindadmin'])
domain_add($form->getField('domain')->getValue(), gethostbyname($master), true, $form->getField('use_gmail_mxs')->getValue());
@ -189,7 +189,7 @@ function web_add_cluster($form, $admin_mail) {
if ( $form->getField('domain_alias')->getValue() ) {
$domain_alias = preg_split('/,/', $form->getField('domain_alias')->getValue());
foreach ( $domain_alias as $alias ) {
$exec_cmd = 'web-add-cluster.sh add-alias '.$form->getField('username')->getValue().' ';
$exec_cmd = 'web-add-cluster.sh add-alias '.escapeshellarg($form->getField('username')->getValue()).' ';
$alias = trim($alias);
$exec_cmd .= $alias.' '.$master.' '.$slave;
sudoexec($exec_cmd, $exec_output2, $exec_return2);
@ -347,7 +347,7 @@ if ($conf['bindadmin']) {
$form->addField('use_gmail_mxs', new CheckboxInputFormField("Utilisation des serveurs Gmail en MX&nbsp;?", FALSE));
}
if (array_key_exists('php_versions', $conf) && count($conf['php_versions']) > 1) {
if (array_key_exists('php_versions', $conf) && is_array($conf['php_versions'])) {
$form->addField('php_version', new SelectFormField("Version de PHP", TRUE, $conf['php_versions']));
}

View file

@ -1,43 +1,53 @@
<?php
/**
* Authentification page
* Authentification controler
*
* Copyright (c) 2009 Evolix - Tous droits reserves
* Copyright (c) 2009-2022 Evolix - Tous droits reserves
*
* vim: expandtab softtabstop=4 tabstop=4 shiftwidth=4 showtabline=2
*
* @author Gregory Colpart <reg@evolix.fr>
* @author Thomas Martin <tmartin@evolix.fr>
* @author Sebastien Palma <spalma@evolix.fr>
* @author Evolix <info@evolix.fr>
* @author Gregory Colpart <reg@evolix.fr>
* @author Thomas Martin <tmartin@evolix.fr>
* @author Sebastien Palma <spalma@evolix.fr>
* @author and others.
* @version 1.0
*/
if ((empty($_GET['form']) || $_GET['form']!=1) && !empty($_POST)) {
$username=$_POST['login'];
$password=$_POST['passw'];
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST)) {
$input_username = $_POST['login'];
$input_password = $_POST['passw'];
if (hash("sha256",$password) == $conf['logins'][$username]) {
$_SESSION['auth']=1;
$_SESSION['user']=$username;
$_SESSION['error']='';
} else {
$_SESSION['auth']=0;
$_SESSION['user']='';
$_SESSION['error']=1;
}
http_redirect('/');
if (isset($conf['logins'][$input_username]) && strlen($conf['logins'][$input_username]) != 64 && password_verify($input_password, $conf['logins'][$input_username]) ) {
$_SESSION['auth'] = true;
$_SESSION['user'] = $input_username;
$_SESSION['user_id'] = posix_getpwnam($input_username) ? posix_getpwnam($input_username)['uid'] : 65534;
$_SESSION['cli_version'] = run_webadd_cmd('version')[0];
unset($_SESSION['error']);
} elseif (isset($conf['logins'][$input_username]) && strlen($conf['logins'][$input_username]) == 64 && hash("sha256",$input_password) === $conf['logins'][$input_username]) {
// Compatibility mode for previous installs (sha256)
$_SESSION['auth'] = true;
$_SESSION['user'] = $input_username;
$_SESSION['user_id'] = posix_getpwnam($input_username) ? posix_getpwnam($input_username)['uid'] : 65534;
$_SESSION['cli_version'] = run_webadd_cmd('version')[0];
unset($_SESSION['error']);
} else {
$_SESSION['auth'] = false;
$_SESSION['user'] = '';
$_SESSION['error'] = true;
}
http_redirect('/');
} else {
if(!empty($_SESSION['error'])) {
$error=$_SESSION['error'];
}
include_once EVOADMIN_BASE . '../tpl/header.tpl.php';
include_once EVOADMIN_BASE . '../tpl/auth.tpl.php';
include_once EVOADMIN_BASE . '../tpl/footer.tpl.php';
if (!empty($_SESSION['error'])) {
$error = $_SESSION['error'];
unset($_SESSION['error']);
}
include_once EVOADMIN_BASE . '../tpl/header.tpl.php';
include_once EVOADMIN_BASE . '../tpl/auth.tpl.php';
include_once EVOADMIN_BASE . '../tpl/footer.tpl.php';
}
?>

View file

@ -1,5 +1,4 @@
<?php
/**
* file included in every PHP file
*
@ -92,11 +91,30 @@ function load_config_cluster($cluster) {
*
* @return boolean - True when it's a multi PHP system
*/
function is_multiphp()
{
function is_multiphp() {
global $conf;
return array_key_exists('php_versions', $conf) && count($conf['php_versions']) > 1;
}
/**
* Webadd
*
* @return boolean - True when it's a multi PHP system
*/
function run_webadd_cmd($command) {
global $conf;
$cmd = 'web-add.sh '. $command;
$data_output = null;
$exec_return = null;
sudoexec($cmd, $data_output, $exec_return);
return $data_output;
}
/**
* Includes
*/

72
inc/webadmin-delete.php Normal file
View file

@ -0,0 +1,72 @@
<?php
/**
* Apache VirtualHost Management Page
*
* Copyright (c) 2009 Evolix - Tous droits reserves
*
* vim: expandtab softtabstop=4 tabstop=4 shiftwidth=4 showtabline=2
*
* @author Gregory Colpart <reg@evolix.fr>
* @author Thomas Martin <tmartin@evolix.fr>
* @author Sebastien Palma <spalma@evolix.fr>
* @version 1.0
*/
require_once EVOADMIN_BASE . '../lib/bdd.php';
require_once EVOADMIN_BASE . '../lib/domain.php';
global $conf;
include_once EVOADMIN_BASE . '../tpl/header.tpl.php';
include_once EVOADMIN_BASE . '../tpl/menu.tpl.php';
if (isset($_POST['delete-vhost'])) {
$domain = $params[1];
while(true) {
// Errors handling
if (empty($_POST['vhost-name'])) {
print "<p>Veuillez entrer le nom du compte web à supprimer.</p>";
printf ('<p><a href="%s">Retour</a></p>', $_SERVER['REDIRECT_URL']);
break;
}
if ($_POST['vhost-name'] !== $domain) {
print "Le nom de compte ne correspond pas.";
printf ('<p><a href="%s">Retour</a></p>', $_SERVER['REDIRECT_URL']);
break;
}
if (isset($_POST['vhost-delete-db']) && empty($_POST['vhost-dbname'])) {
print "Veuillez spécifier un nom de base de données.";
printf ('<p><a href="%s">Retour</a></p>', $_SERVER['REDIRECT_URL']);
break;
}
// Shell arguments
if (!empty($_POST['vhost-dbname']))
$exec_cmd = "web-add.sh del -y " . $domain . " " . $_POST['vhost-dbname'];
else
$exec_cmd = "web-add.sh del -y " . $domain;
// Execute script
sudoexec($exec_cmd, $exec_output, $exec_return);
// Deal with response code
if ($exec_return == 0)
print "<p>Compte supprimé.</p>";
else
print "<p>La suppression a échouée. Veuillez contacter votre administrateur.</p>";
break;
}
include_once EVOADMIN_BASE . '../tpl/footer.tpl.php';
} else {
include_once EVOADMIN_BASE . '../tpl/webadmin-delete.tpl.php';
include_once EVOADMIN_BASE . '../tpl/footer.tpl.php';
}
?>

View file

@ -1,11 +1,11 @@
<?php
/**
* Apache VirtualHost Management Page
* Apache VirtualHost Management Page
*
* Copyright (c) 2009 Evolix - Tous droits reserves
*
* vim: expandtab softtabstop=4 tabstop=4 shiftwidth=4 showtabline=2
* vim: expandtab softtabstop=4 tabstop=4 shiftwidth=4 showtabline=2
*
* @author Gregory Colpart <reg@evolix.fr>
* @author Thomas Martin <tmartin@evolix.fr>
@ -18,21 +18,24 @@ require_once EVOADMIN_BASE . '../lib/domain.php';
global $conf;
if (isset($_GET['del']) ) {
$redirect_url = "/webadmin/" . $params[1] . "/alias/";
if (isset($params[2]) && $params[2] == "delete") {
if (isset($params[3]) && $params[3] == "") http_redirect($redirect_url);
include_once EVOADMIN_BASE . '../tpl/header.tpl.php';
include_once EVOADMIN_BASE . '../tpl/menu.tpl.php';
$alias = htmlspecialchars($_GET['del']);
$alias = $params[3];
if (isset($_GET['modif']) && ($_GET['modif'] == 'yes')) {
if (isset($_POST["confirm-delete-alias"])) {
print "<center>";
print "<p>Suppression de $alias...</p>";
$serveralias = array (
'domain' => htmlspecialchars(basename($_SERVER['REDIRECT_URL'])),
'domain' => $params[1],
'alias' => $alias
);
@ -65,10 +68,10 @@ if (isset($_GET['del']) ) {
sudoexec($exec_cmd, $exec_output, $exec_return);
if ($exec_return == 0) {
if (! $bdd->del_serveralias($serveralias))
if (! $bdd->del_serveralias($serveralias))
print "<p>La suppression a échouée. Veuillez contacter votre administrateur.</p>";
printf ('<p>Alias %s est supprimé.</p>', $serveralias['alias']);
} else
} else
print "<p>La suppression a échouée. Veuillez contacter votre administrateur.</p>";
}
@ -77,27 +80,29 @@ if (isset($_GET['del']) ) {
sudoexec($exec_cmd, $exec_output, $exec_return);
if ($exec_return == 0) {
printf ('<p>Alias %s est supprimé.</p>', $serveralias['alias']);
} else
} else
print "<p>La suppression a échouée. Veuillez contacter votre administrateur.</p>";
}
printf ('<p><a href="%s">Retour à la liste des alias</a></p>', $_SERVER['REDIRECT_URL']);
printf ('<p><a href="%s">Retour à la liste des alias</a></p>', $redirect_url);
print "</center>";
} else if ( ! isset($_GET['modif']) ) {
} else {
print "<center>";
print "<form name=\"form-confirm-delete-alias\" id=\"form-confirm-delete-alias\" action=\"\" method=\"POST\">";
print "<p>Confirmez vous la suppression de $alias ?</p>";
printf ('<p><a href="%s?del=%s&modif=yes">Confirmer la suppression</a></p>', $_SERVER['REDIRECT_URL'], $alias);
printf ('<p><a href="%s">Retour à la liste des alias</a></p>', $_SERVER['REDIRECT_URL']);
print " <p><input type=\"hidden\" name=\"confirm-delete-alias\" value=\"confirm\">";
print " <p><input type=\"submit\" value=\"Confirmer la suppression\"/ style=\"margin-left:0px;\"></p>";
print "</form>";
printf ('<p><a href="%s">Retour à la liste des alias</a></p>', $redirect_url);
print "</center>";
}
include_once EVOADMIN_BASE . '../tpl/footer.tpl.php';
} else if (isset($_GET['add']) ) {
}
elseif (isset($params[2]) && $params[2] == "add") {
require_once EVOADMIN_BASE . '../evolibs/Form.php';
include_once EVOADMIN_BASE . '../tpl/header.tpl.php';
@ -129,7 +134,7 @@ if (isset($_GET['del']) ) {
'domain' => htmlspecialchars(basename($_SERVER['REDIRECT_URL'])),
'alias' => $form->getField('domain_alias')->getValue(),
);
$account_name=$serveralias['domain'];
$account = $bdd->get_account($account_name);
@ -182,7 +187,7 @@ if (isset($_GET['del']) ) {
}
else {
$serveralias = array (
'domain' => htmlspecialchars(basename($_SERVER['REDIRECT_URL'])),
'domain' => $params[1],
'alias' => $form->getField('domain_alias')->getValue(),
);
@ -197,30 +202,30 @@ if (isset($_GET['del']) ) {
//domain_add($serveralias['alias'], gethostbyname($master) , false); TODO avec l'IP du load balancer
print "<center>";
printf ('<p>L\'alias %s du domaine %s a bien été créé</p>', $serveralias['alias'], $serveralias['domain']);
printf ('<p><a href="%s">Retour à la liste des alias</a></p>', $_SERVER['REDIRECT_URL']);
printf ('<p><a href="%s">Retour à la liste des alias</a></p>', $redirect_url);
print "</center>";
}
else {
print "<center>";
printf ('<p>Echec dans la creation de l\'alias %s du domaine %s</p>', $serveralias['alias'], $serveralias['domain']);
printf ('<p><a href="%s">Retour à la liste des alias</a></p>', $_SERVER['REDIRECT_URL']);
printf ('<p><a href="%s">Retour à la liste des alias</a></p>', $redirect_url);
print "</center>";
}
}
else {
print "<center>";
printf ('<p>Echec dans la creation de l\'alias %s du domaine %s</p>', $serveralias['alias'], $serveralias['domain']);
printf ('<p>Echec dans la creation de l\'alias %s</p>', $serveralias['alias']);
print ('<p>L\'alias existe dans d\'autres vhosts.');
printf ('<p><a href="%s">Retour à la liste des alias</a></p>', $_SERVER['REDIRECT_URL']);
printf ('<p><a href="%s">Retour à la liste des alias</a></p>', $redirect_url);
print "</center>";
}
}
}
else {
print "<h2>Ajout d'un serveralias</h2><hr>";
print "<h2>Ajout d'un alias</h2><hr>";
print "<form name=\"form-add\" id=\"form-add\" action=\"\" method=\"POST\">";
print " <fieldset>";
print " <legend>Ajout d'un serveralias</legend>";
print " <legend>Ajout d'un alias</legend>";
print $form;
print " <p><input type=\"submit\" value=\"Créer\"/></p>";
print " </fieldset>";
@ -228,10 +233,10 @@ if (isset($_GET['del']) ) {
}
} else {
print "<h2>Ajout d'un serveralias</h2><hr>";
print "<h2>Ajout d'un alias</h2><hr>";
print "<form name=\"form-add\" id=\"form-add\" action=\"\" method=\"POST\">";
print " <fieldset>";
print " <legend>Ajout d'un serveralias</legend>";
print " <legend>Ajout d'un alias</legend>";
print $form;
print " <p><input type=\"submit\" value=\"Créer\"/></p>";
print " </fieldset>";
@ -240,9 +245,9 @@ if (isset($_GET['del']) ) {
}
include_once EVOADMIN_BASE . '../tpl/footer.tpl.php';
}
} else {
else {
$domain = $params[1];
$alias_list = array();

View file

@ -18,62 +18,43 @@ require_once EVOADMIN_BASE . '../lib/domain.php';
global $conf;
if (isset($_GET['enable']) ) {
if (isset($params[2]) && $params[2] != "") {
$redirect_url = "/webadmin/" . $params[1] . "/itk/";
require_once EVOADMIN_BASE . '../evolibs/Form.php';
include_once EVOADMIN_BASE . '../tpl/header.tpl.php';
include_once EVOADMIN_BASE . '../tpl/menu.tpl.php';
# TODO: sanitize $_GET
$servername = array (
'domain' => htmlspecialchars(basename($_SERVER['REDIRECT_URL'])),
'servername' => $_GET['enable']
'domain' => $params[1],
);
$enable_cmd = 'web-add.sh enable-user-itk ' . $servername['servername'] . ' ' . $servername['domain'];
if ($params[2] == "enable") {
$enable_cmd = 'web-add.sh enable-user-itk ' . $servername['domain'];
sudoexec($enable_cmd, $enable_cmd_output, $enable_cmd_return);
sudoexec($enable_cmd, $enable_cmd_output, $enable_cmd_return);
if ($enable_cmd_return == 0) {
print 'Sécurité ITK activée.';
printf ('<p><a href="%s">Retour à la gestion ITK</a></p>', $_SERVER['REDIRECT_URL']);
if ($enable_cmd_return == 0) {
print 'Sécurité ITK activée.';
printf ('<p><a href="%s">Retour à la gestion ITK</a></p>', $redirect_url);
}
}
elseif ($params[2] == "disable") {
$disable_cmd = 'web-add.sh disable-user-itk ' . $servername['domain'];
sudoexec($disable_cmd, $disable_cmd_output, $disable_cmd_return);
if ($disable_cmd_return == 0) {
print 'Sécurité ITK désactivée';
printf ('<p><a href="%s">Retour à la gestion ITK</a></p>', $redirect_url);
}
}
include_once EVOADMIN_BASE . '../tpl/footer.tpl.php';
}
elseif (isset($_GET['disable']) ) {
require_once EVOADMIN_BASE . '../evolibs/Form.php';
include_once EVOADMIN_BASE . '../tpl/header.tpl.php';
include_once EVOADMIN_BASE . '../tpl/menu.tpl.php';
# TODO: sanitize $_GET
$servername = array (
'domain' => htmlspecialchars(basename($_SERVER['REDIRECT_URL'])),
'servername' => $_GET['disable']
);
$disable_cmd = 'web-add.sh disable-user-itk ' . $servername['servername'] . ' ' . $servername['domain'];
sudoexec($disable_cmd, $disable_cmd_output, $disable_cmd_return);
if ($disable_cmd_return == 0) {
print 'Sécurité ITK désactivée';
printf ('<p><a href="%s">Retour à la gestion ITK</a></p>', $_SERVER['REDIRECT_URL']);
}
include_once EVOADMIN_BASE . '../tpl/footer.tpl.php';
}
else {
} else {
$domain = $params[1];
$data_list = array();
// TODO: adapt for cluster mode
if ($conf['cluster']) {
@ -97,33 +78,17 @@ else {
$alias_list = $bdd->list_serveralias($domain);
}
else {
$cmd = 'web-add.sh list-servername ' . $domain;
if(!is_superadmin()) {
$cmd = sprintf('%s %s', $cmd, $_SESSION['user']);
}
sudoexec($cmd, $data_output, $exec_return);
# à revérifier (notamment gestion erreurs)
if ($exec_return == 0) {
foreach($data_output as $data_line) {
$cmd_itk = 'web-add.sh list-user-itk ' . $data_line . ' ' . $domain;
$cmd_itk = 'web-add.sh list-user-itk ' . $domain;
sudoexec($cmd_itk, $data_output_itk, $exec_return_itk);
# on prend le premier résultat du tableau, ne fonctionne pas s'il y a plusieurs la même ligne ou des commentaires etc.
array_push($data_list, ['servername' => $data_line, 'user' => $data_output_itk[0]]);
unset($data_output_itk); # reset variable pour éviter conflits
}
}
$user_itk = $data_output_itk[0];
}
include_once EVOADMIN_BASE . '../tpl/header.tpl.php';
include_once EVOADMIN_BASE . '../tpl/menu.tpl.php';
include_once EVOADMIN_BASE . '../tpl/webadmin-itk.tpl.php';
include_once EVOADMIN_BASE . '../tpl/footer.tpl.php';
}
?>

View file

@ -0,0 +1,168 @@
<?php
require_once EVOADMIN_BASE . '../lib/letsencrypt.php';
use lib\LetsEncrypt as letsencryt;
// store domain and aliases in session
if (!isset($_SESSION['lestencrypt-domains']) || empty($_SESSION['letsencrypt-domains'])) {
$domain = $params[1];
$cmd = 'web-add.sh list-vhost ' . $domain;
sudoexec($cmd, $data_output, $exec_return);
$data_split = explode(':', $data_output[0]);
$aliases = explode(',', $data_split[3]);
$domains = array();
// store domain and aliases
array_push($domains, $data_split[2]);
foreach ($aliases as $alias) {
array_push($domains, $alias);
}
$_SESSION['letsencrypt-domains'] = array_filter($domains);
}
include_once EVOADMIN_BASE . '../tpl/header.tpl.php';
include_once EVOADMIN_BASE . '../tpl/menu.tpl.php';
$letsencrypt = new letsencryt();
$errorMessage = '';
$warningMessage = '';
if (isset($_POST['submit'])) {
while (true) {
// check HTTP
$isRemoteResourceAvailable = $letsencrypt->checkRemoteResourceAvailability($_SESSION['letsencrypt-domains'][0]);
if (!$isRemoteResourceAvailable) {
$errorMessage = "Erreur : Le challenge HTTP a échoué.<br>
Merci de vérifier que le dossier <code>/.well-known/evoacme-challenge/</code> est accessible.";
break;
}
// check DNS
$valid_domains = $letsencrypt->checkDNSValidity($_SESSION['letsencrypt-domains']);
$failed_domains = array_diff($_SESSION['letsencrypt-domains'], $valid_domains);
if (!empty($failed_domains)) {
$errorMessage = "Erreur : La vérification DNS a échoué.<br>
Merci de vérifier les enregistrements de type A et AAAA pour les domaine(s) suivant(s) :";
break;
}
// make csr
$isCsrGenerated = $letsencrypt->makeCsr($params[1], $_SESSION['letsencrypt-domains']);
if (!$isCsrGenerated) {
$errorMessage = "Erreur : La génération de demande de certificat a échoué.<br>
Merci de contacter un administrateur pour continuer.";
break;
}
// evoacme TEST
$testGenerateCert = $letsencrypt->generateSSLCertificate($params[1]);
if (!$testGenerateCert) {
$errorMessage = "Erreur : La génération de certificat en mode TEST a échoué.<br>
Merci de contacter un administrateur pour continuer.";
break;
}
// evoacme
$generateCert = $letsencrypt->generateSSLCertificate($params[1], false);
if (!$generateCert) {
$errorMessage = "Erreur : La génération de certificat a échoué.<br>
Merci de contacter un administrateur pour continuer.";
break;
}
break;
}
} else {
$validUntil = '';
while(true) {
// check domains list
if (empty($_SESSION['letsencrypt-domains'])) {
$errorMessage = "Erreur : la liste des domaines est vide.";
break;
}
// check if evoacme is installed
$binaries_installed = $letsencrypt->isEvoacmeInstalled();
if (!$binaries_installed) {
$errorMessage = "Erreur : les binaires Evoacme ne sont pas installés.
Veuillez contacter un administrateur.";
break;
}
// Check existing SSL certificate
$domainsIncluded = array();