diff --git a/.gitignore b/.gitignore index 6e9dadb..7d7f61e 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ conf/config.local.php .vagrant +.idea diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..445ceb9 --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,49 @@ +# Changelog +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/). + +This project does not follow semantic versioning. +The **major** part of the version is the year +The **minor** part changes is the month +The **patch** part changes is incremented if multiple releases happen the same month + +## [Unreleased] + +### Added + +* Prevent op_del to fail and able to remove web account when part of it is already removed + +### Changed + +* Add sendmail_path and open_basedir in LXC PHP pool configs + +### Fixed + +### Removed + +### Security + + +## [23.02] 2023-02-20 + +### Added + +* web : Display web-add.sh version + +### Changed + +* Readme.md : Translated to english. New contribution guidelines and misc information + +### Fixed + +* web-add.sh : Deleting mysql user with DROP USER to stay compatible with MariaDB 10.5+ - #78 +* web-add.sh : Correcting deletion order to avoid dependency issues - #76 + +### Removed + +### Security + + + + diff --git a/INSTALL b/INSTALL deleted file mode 100644 index 92bba47..0000000 --- a/INSTALL +++ /dev/null @@ -1 +0,0 @@ -* Ajouter les autorisations sudo nécessaires diff --git a/README.md b/README.md index 3e7e74f..a96e0be 100644 --- a/README.md +++ b/README.md @@ -1,220 +1,48 @@ -# evoadmin-web +# Evoadmin-web -Panel d'administration de serveur web et scripts shell. +Web interface and management scripts for web hosting Project leader : ? -## Versions +## Versions & Branches - * Stable Wheezy → git checkout wheezy - * Stable Jessie → git checkout jessie - * Stretch → master +The `master` branch is ready for production. +It's compatible with the current Debian version (and few previous ones) + +Code for older Debian releases (Wheezy, Jessie) is archived on separate branches. + +The `unstable` branch contains not sufficiently tested changes that we don't consider ready for production yet. + +### Versions + +* Debian Stretch, Buster, Bullseye → use branch `master` (current stable version) +* Debian Jessie → use branch `jessie` (old, archive branch) +* Debian Wheezy → use branch `wheezy` (old, archive branch) ## Installation -Via ansible avec le role packweb-apache. Le role webapps/evoadmin-web en dépendance se charge de l'installation de l'interface et de ses scripts. +Installation should be done with Ansible. +The role `packweb-apache` will handle all dependencies (Apache, PHP, MariaDB...) installation and configuration. +It will also use the role `webapps/evoadmin-web` to setup the web-interface and management sw -### Manuelle +### Manually TODO +## Contributing -### Activation du mode Multi PHP avec des conteneurs LXC +Contributions are welcome, especially bug fixes. They will be merged in if they are consistent with our conventions and use cases. They might be rejected if they introduce complexity, cover features we don't need or don't fit "style". -Installer les paquets nécessaires : +Before starting anything of importance, we suggest opening an issue to discuss what you'd like to add or change. -~~~ -# apt install lxc debootstrap -~~~ +All modifications should be documented in the CHANGELOG file, to help review releases. We encourage atomic commits and with the CHANGELOG in the same commit. -Modifier la configuration de LXC : +# Workflow -~~~ -# cat /etc/lxc/default.conf +The ideal and most typical workflow is to create a branch, based on the `unstable` branch. The branch should have a descriptive name (a ticket/issue number is great). The branch can be treated as a pull-request or merge-request. It should be propery tested and reviewed before merging into `unstable`. -# Set the default network virtualization method. -lxc.network.type = none +Changes that don't introduce significant changes — or that must go faster that the typical workflow — can be commited directly into `unstable`. -# Mount /home into containers. -lxc.mount.entry = /home home none bind 0 0 +Hotfixes, can be prepared on a new branch, based on `master` or `unstable` (to be decided by the author). When ready, it can be merged back to `master` for immediate deployment and to `unstable` for proper backporting. -# Only one tty is enough. -# This require that you disabled others tty ([2-6]) in systemd. -lxc.tty = 1 - -# Run 64bits containers -lxc.arch = x86_64 - -# Start containers on boot by default -lxc.start.auto = 1 -~~~ - -Dans cette configuration, les containers LXC n'ont pas leur interface réseau virtualisée. Et /home de l'hôte est partagé dans les containers. - -#### PHP 5.6 - -On installe un conteneur Debian Jessie : - -~~~ -# lxc-create --name php56 --template debian --bdev dir --logfile /var/log/lxc/lxc-php56.log --logpriority INFO -- --arch amd64 --release jessie -~~~ - -Puis on installe les paquets PHP 5.6 dans ce conteneur : - -~~~ -# lxc-start -n php56 -# lxc-attach -n php56 apt install php5-fpm php5-cli php5-gd php5-imap php5-ldap php5-mcrypt php5-mysql php5-pgsql php-gettext php5-intl php5-curl php5-ssh2 libphp-phpmailer -~~~ - -#### PHP 7.0 - -On installe un conteneur Debian Stretch : - -~~~ -# lxc-create --name php70 --template debian --bdev dir --logfile /var/log/lxc/lxc-php70.log --logpriority INFO -- --arch amd64 --release stretch -~~~ - -Puis on installe les paquets PHP 7.0 dans ce conteneur : - -~~~ -# lxc-start -n php70 -# lxc-attach -n php70 apt install php-fpm php-cli php-gd php-intl php-imap php-ldap php-mcrypt php-mysql php-pgsql php-gettext php-curl php-ssh2 composer libphp-phpmailer -~~~ - -#### PHP 7.3 - -On installe un conteneur Debian Stretch : - -~~~ -# lxc-create --name php73 --template debian --bdev dir --logfile /var/log/lxc/lxc-php73.log --logpriority INFO -- --arch amd64 --release stretch -~~~ - -Puis on installe les paquets PHP 7.3 dans ce conteneur : - -~~~ -# lxc-start -n php73 -# lxc-attach -n php73 - -# apt-get update && apt-get install -y --no-install-recommends wget apt-transport-https ca-certificates -# wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg -# echo "deb https://packages.sury.org/php/ stretch main" > /etc/apt/sources.list.d/sury.list -# apt-get update && apt-get install -y --no-install-recommends php7.3 php7.3-fpm php7.3-cli php7.3-curl php7.3-mysql php7.3-pgsql php7.3-ldap php7.3-imap php7.3-gd php-ssh2 php-gettext composer libphp-phpmailer -~~~ - -#### Pour toutes les versions de PHP - -Dans les containers, il faut ajouter le fichier **z-evolinux-defaults.ini** dans le dossier **conf.d** des réglages de PHP FPM et CLI - -> Pour PHP5 **/etc/php5/fpm/conf.d/z-evolinux-defaults.ini** et **/etc/php5/cli/conf.d/z-evolinux-defaults.ini** -> Pour PHP7.0 **/etc/php/7.0/fpm/conf.d/z-evolinux-defaults.ini** et **/etc/php/7.0/cli/conf.d/z-evolinux-defaults.ini** -> Pour PHP7.3 **/etc/php/7.3/fpm/conf.d/z-evolinux-defaults.ini** et **/etc/php/7.3/cli/conf.d/z-evolinux-defaults.ini** - -~~~ -[PHP] -short_open_tag = Off -expose_php = Off -display_errors = Off -log_errors = On -html_errors = Off -allow_url_fopen = Off -disable_functions = exec,shell-exec,system,passthru,putenv,popen -~~~ - -Après cela, il faut redémarrer FPM - -~~~ -# lxc-attach -n php56 /etc/init.d/php5-fpm restart -# lxc-attach -n php70 /etc/init.d/php7.0-fpm restart -# lxc-attach -n php73 /etc/init.d/php7.3-fpm restart -~~~ - -Une fois les conteneurs installés, il faut configurer evoadmin-web pour lui indiquer les versions disponibles de PHP dans **/etc/evolinux/web-add.conf** (pour *web-add.sh*) et dans **/home/evoadmin/www/conf/config.local.php** pour l'interface web - -~~~ -# cat /etc/evolinux/web-add.conf -#(...) -PHP_VERSIONS=(56 70 73) -#(...) -~~~ - -~~~ -# cat /home/evoadmin/www/conf/config.local.php -// (...) -$localconf['php_versions'] = array(70, 73); -// (...) -~~~ - -#### Apache - -Il est nécessaire d'activer le mod proxy pour apache2 si ce n'a pas déjà été fait : - -~~~ -# a2enmod proxy_fcgi -# systemctl restart apache2.service -~~~ - -Si vous rencontrez l'erreur "File not found" avec les fichiers php, bien vérifier que le rootfs des conteneurs est en 755 : - -~~~ -chmod 755 /var/lib/lxc/php56/rootfs -chmod 755 /var/lib/lxc/php70/rootfs -chmod 755 /var/lib/lxc/php73/rootfs -~~~ - -#### Email - -Pour envoyer des mails, on peut installer **ssmtp** qui va forwarder les mails du conteneur vers l'hôte (à faire par conteneur via lxc-attach) : - -~~~ -apt install ssmtp -~~~ - -Editer **/etc/ssmtp/ssmtp.conf** (remplacer example.com par le hostname complet de votre machine) : - -~~~ -root=postmaster -mailhub=127.0.0.1 -hostname=example.com -FromLineOverride=YES -~~~ - - -## Méthodes de collaboration - -Lire le fichier GUIDELINES. - -Chaque version stable a le nom de la version Debian dans une branche. (Wheezy, Jessie, …) -On ne touche pas à ces branches, sauf pour corriger un bug critique, -qu'on appellera dans le commit "Hotfix #IDBugRedmine. Description du commit/bug". -Le project leader se charge de merger les futures version (wheezy-dev, jessie-dev, …) -dans la branche stable et de faire un changelog. - -Chaque version de redmine est prévu à l'avance dans la roadmap de Redmine. -Quand une version de développement est terminé (tout les bugs fermés), -on utilisera les tags pour se repérer dans l'historique GIT. -Puis une fois que la version est décrété stable, elle sera mergé dans la branche stable. - -Pour travailler sur une version spécifique, il faut travailler dans la branche "$release". -Voir les branches sur le remote : - -``` -$ git branch -r - origin/jessie-dev - origin/wheezy-dev - origin/wheezy -``` - -Il suffira de « checkout » dessus, et commencer à commiter. Les commits doivent -être nommés "Implement #IDBugRedmine. Description feature." ou -"Fix #IDBugRedmine. Description correction du bug.". - -``` -$ git checkout wheezy-dev -[…] hack hack […] -$ git commit -$ git push -``` - -## Licence - -Evoadmin-web est un projet [Evolix](https://evolix.com) et est distribué sour licence AGPLv3, voir le fichier [LICENSE](LICENSE) pour les détails. +Other workflow are not forbidden, but should be discussed in advance. diff --git a/README.old.md b/README.old.md new file mode 100644 index 0000000..3f483cc --- /dev/null +++ b/README.old.md @@ -0,0 +1,180 @@ + +### Activation du mode Multi PHP avec des conteneurs LXC + +Installer les paquets nécessaires : + +~~~ +# apt install lxc debootstrap +~~~ + +Modifier la configuration de LXC : + +~~~ +# cat /etc/lxc/default.conf + +# Set the default network virtualization method. +lxc.network.type = none + +# Mount /home into containers. +lxc.mount.entry = /home home none bind 0 0 + +# Only one tty is enough. +# This require that you disabled others tty ([2-6]) in systemd. +lxc.tty = 1 + +# Run 64bits containers +lxc.arch = x86_64 + +# Start containers on boot by default +lxc.start.auto = 1 +~~~ + +Dans cette configuration, les containers LXC n'ont pas leur interface réseau virtualisée. Et /home de l'hôte est partagé dans les containers. + +#### PHP 5.6 + +On installe un conteneur Debian Jessie : + +~~~ +# lxc-create --name php56 --template debian --bdev dir --logfile /var/log/lxc/lxc-php56.log --logpriority INFO -- --arch amd64 --release jessie +~~~ + +Puis on installe les paquets PHP 5.6 dans ce conteneur : + +~~~ +# lxc-start -n php56 +# lxc-attach -n php56 apt install php5-fpm php5-cli php5-gd php5-imap php5-ldap php5-mcrypt php5-mysql php5-pgsql php-gettext php5-intl php5-curl php5-ssh2 libphp-phpmailer +~~~ + +#### PHP 7.0 + +On installe un conteneur Debian Stretch : + +~~~ +# lxc-create --name php70 --template debian --bdev dir --logfile /var/log/lxc/lxc-php70.log --logpriority INFO -- --arch amd64 --release stretch +~~~ + +Puis on installe les paquets PHP 7.0 dans ce conteneur : + +~~~ +# lxc-start -n php70 +# lxc-attach -n php70 apt install php-fpm php-cli php-gd php-intl php-imap php-ldap php-mcrypt php-mysql php-pgsql php-gettext php-curl php-ssh2 composer libphp-phpmailer +~~~ + +#### PHP 7.3 + +On installe un conteneur Debian Stretch : + +~~~ +# lxc-create --name php73 --template debian --bdev dir --logfile /var/log/lxc/lxc-php73.log --logpriority INFO -- --arch amd64 --release stretch +~~~ + +Puis on installe les paquets PHP 7.3 dans ce conteneur : + +~~~ +# lxc-start -n php73 +# lxc-attach -n php73 + +# apt-get update && apt-get install -y --no-install-recommends wget apt-transport-https ca-certificates gnupg +# curl https://packages.sury.org/php/apt.gpg | apt-key add +# echo "deb https://packages.sury.org/php/ stretch main" > /etc/apt/sources.list.d/sury.list +# apt-get update && apt-get install -y --no-install-recommends php7.3 php7.3-fpm php7.3-cli php7.3-curl php7.3-mysql php7.3-pgsql php7.3-ldap php7.3-imap php7.3-gd php-ssh2 php-gettext composer libphp-phpmailer +~~~ + +#### Pour toutes les versions de PHP + +Dans les containers, il faut ajouter le fichier **z-evolinux-defaults.ini** dans le dossier **conf.d** des réglages de PHP FPM et CLI + +> Pour PHP5 **/etc/php5/fpm/conf.d/z-evolinux-defaults.ini** et **/etc/php5/cli/conf.d/z-evolinux-defaults.ini** +> +> Pour PHP7.0 **/etc/php/7.0/fpm/conf.d/z-evolinux-defaults.ini** et **/etc/php/7.0/cli/conf.d/z-evolinux-defaults.ini** +> +> Pour PHP7.3 **/etc/php/7.3/fpm/conf.d/z-evolinux-defaults.ini** et **/etc/php/7.3/cli/conf.d/z-evolinux-defaults.ini** + +~~~ +[PHP] +short_open_tag = Off +expose_php = Off +display_errors = Off +log_errors = On +html_errors = Off +allow_url_fopen = Off +disable_functions = exec,shell-exec,system,passthru,putenv,popen +~~~ + +Après cela, il faut redémarrer FPM + +~~~ +# lxc-attach -n php56 /etc/init.d/php5-fpm restart +# lxc-attach -n php70 /etc/init.d/php7.0-fpm restart +# lxc-attach -n php73 /etc/init.d/php7.3-fpm restart +~~~ + +Une fois les conteneurs installés, il faut configurer evoadmin-web pour lui indiquer les versions disponibles de PHP dans **/etc/evolinux/web-add.conf** (pour *web-add.sh*) et dans **/home/evoadmin/www/conf/config.local.php** pour l'interface web + +~~~ +# cat /etc/evolinux/web-add.conf +#(...) +PHP_VERSIONS=(56 70 73) +#(...) +~~~ + +~~~ +# cat /home/evoadmin/www/conf/config.local.php +// (...) +$localconf['php_versions'] = array(70, 73); +// (...) +~~~ + +#### Apache + +Il est nécessaire d'activer le mod proxy pour apache2 si ce n'a pas déjà été fait : + +~~~ +# a2enmod proxy_fcgi +# systemctl restart apache2.service +~~~ + +Si vous rencontrez l'erreur "File not found" avec les fichiers php, bien vérifier que le rootfs des conteneurs est en 755 : + +~~~ +# chmod 755 /var/lib/lxc/php56/rootfs +# chmod 755 /var/lib/lxc/php70/rootfs +# chmod 755 /var/lib/lxc/php73/rootfs +~~~ + +#### Email + +Pour envoyer des mails, on peut installer **ssmtp** qui va forwarder les mails du conteneur vers l'hôte (à faire par conteneur via lxc-attach) : + +Avant d'installer le paquet, il faut ajouter le hostname du conteneur dans **/etc/hosts**, sinon la configuration du paquet retourne une erreur : + +~~~ +127.0.0.1 php70 +~~~ + +~~~ +# apt install ssmtp +~~~ + +Editer **/etc/ssmtp/ssmtp.conf** (remplacer example.com par le hostname complet de votre machine) : + +~~~ +root=postmaster +mailhub=127.0.0.1 +hostname=example.com +FromLineOverride=YES +~~~ + +#### PHP-CLI + + +~~~ +$ cat /usr/local/bin/exec73 +#!/bin/bash + +php_cmd=$(printf "/usr/bin/php %q" "$@" ) +lxc-attach -n php73 -- su - "$SUDO_USER" -c "$php_cmd" +~~~ + +Il faut ensuite s'assurer que ce script peut être exécuté via sudo. \ No newline at end of file diff --git a/TODO b/TODO deleted file mode 100644 index 99a0091..0000000 --- a/TODO +++ /dev/null @@ -1,7 +0,0 @@ -* Verification des paramètres passés dans le script ftpadmin.sh -* Vérifier lors de la suppression que c'est bien la personne a qui appartient le compte qui lance la commande -* Tableau "sortable" (TableKit ?) -* Mettre en place EvoLog et logger la sortie des scripts -* Validation plus (très) stricte sur les entrées de formulaire -* Listage des comptes utilisateurs -* Total espace disque FTP diff --git a/conf/config.php b/conf/config.php index 146f86d..7366627 100644 --- a/conf/config.php +++ b/conf/config.php @@ -8,36 +8,35 @@ * $Id: config.php 273 2009-05-12 13:54:50Z tmartin $ * vim: expandtab softtabstop=4 tabstop=4 shiftwidth=4 showtabline=2 * - * @author Gregory Colpart - * @author Thomas Martin - * @author Sebastien Palma + * @author Gregory Colpart + * @author Thomas Martin + * @author Sebastien Palma * @version 1.0 */ -// Email pour les notifications $oriconf['admin']['mail'] = 'admin@example.com'; $oriconf['techmail'] = 'jdoe@example.com'; -$oriconf['debug'] = FALSE; +$oriconf['debug'] = false; $oriconf['superadmin'] = array('superadmin'); $oriconf['script_path'] = '/usr/share/scripts/evoadmin'; -$oriconf['cluster'] = FALSE; +$oriconf['cluster'] = false; $oriconf['servers'] = array('servers'); $oriconf['cache'] = '/home/evoadmin/www/cache.sqlite'; $oriconf['known_host'] = '/home/evoadmin/www/known_host'; -$oriconf['ftpadmin'] = FALSE; -$oriconf['bindadmin'] = FALSE; -// Penser à rajouter également les versions de PHP disponibles dans /etc/evolinux/web-add.conf -$oriconf['php_versions'] = array(); -$oriconf['quota'] = FALSE; -$oriconf['dbadmin'] = FALSE; +$oriconf['ftpadmin'] = false; +$oriconf['bindadmin'] = false; +// Warning: Don't forget to add available PHP versions into : /etc/evolinux/web-add.conf +// $oriconf['php_versions'] = array(); +$oriconf['quota'] = false; +$oriconf['dbadmin'] = false; $oriconf['noreplication'] = array('srv00.example.com', 'srv01.example.com', 'srv02.example.com'); $oriconf['postponedreplication'] = array('srv00.example.com', 'srv01.example.com', 'srv02.example.com'); $oriconf['immediatereplication'] = array('srv00.example.com', 'srv01.example.com'); $oriconf['postponedreplication_mode'] = array('1 fois/jour', '3 fois/jour', '1 fois/jour'); -// auth (sha256 hashs) +// Generate password hashes : mkpasswd --method=sha-512 (cli) or with PHP's password_hash() $oriconf['logins'] = array(); -//$oriconf['logins']['foo'] = 'd5d3c723fb82cb0078f399888af78204234535ec2ef3da56710fdd51f90d2477'; -//$oriconf['logins']['bar'] = '7938c84d6e43d1659612a7ea7c1101ed02e52751bb64597a8c20ebaba8ba4303'; +//$oriconf['logins']['foo'] = '$6$X0jqa/ausLSBkj4m$dLMMcPGVxak.aDPo4V/GJLm2d8vU8/QA5LbGTuqXCdxSNYU0kRKBgDl16GAyp0GqXXZ5wwDEJKQ1npgFwiuV81'; +//$oriconf['logins']['bar'] = '$6$Q6233S6mlWAF6p.j$LtzwG02YucozwqjAgSpeldh24Mnz7lBuVSbOQYbKKh9FiUx3tMVl6kJZkmrNdPqeadFXKAYXrqn.gy8KposF5.'; diff --git a/evolibs/Form.php b/evolibs/Form.php index f1cdba9..74aea53 100644 --- a/evolibs/Form.php +++ b/evolibs/Form.php @@ -461,13 +461,13 @@ class AlphaNumericalTextInputFormField extends FormField { class DomainInputFormField extends FormField { protected $mandatory = NULL; - protected $textsize = NULL; + //protected $textsize = NULL; public function __construct($label, $mandatory=TRUE, $hidden=FALSE) { parent::__construct($label); $this->mandatory = $mandatory; $this->hidden = $hidden; - $this->textsize = $textsize; + //$this->textsize = $textsize; } public function verify($set_error) { @@ -491,7 +491,7 @@ class DomainInputFormField extends FormField { else $input .= 'name.'" value="'.htmlspecialchars($this->value,ENT_QUOTES).'"'; - $input .= ' maxlength="'.$this->textsize[1].'" size="'.$this->textsize[0].'" '; + //$input .= ' maxlength="'.$this->textsize[1].'" size="'.$this->textsize[0].'" '; if($this->read_only) { $input .= 'readonly="readonly="'; } if($this->disabled) { $input .= 'disabled="disabled="'; } $input .= '/>'; @@ -516,12 +516,12 @@ class DomainInputFormField extends FormField { class DomainListInputFormField extends FormField { protected $mandatory = NULL; - protected $textsize = NULL; + //protected $textsize = NULL; public function __construct($label, $mandatory=TRUE) { parent::__construct($label); $this->mandatory = $mandatory; - $this->textsize = $textsize; + //$this->textsize = $textsize; } public function verify($set_error) { @@ -547,7 +547,7 @@ class DomainListInputFormField extends FormField { $input = ''; $input .= 'name.'" value="'.htmlspecialchars($this->value,ENT_QUOTES).'"'; - $input .= ' maxlength="'.$this->textsize[1].'" size="'.$this->textsize[0].'" '; + //$input .= ' maxlength="'.$this->textsize[1].'" size="'.$this->textsize[0].'" '; if($this->read_only) { $input .= 'readonly="readonly="'; } if($this->disabled) { $input .= 'disabled="disabled="'; } $input .= '/>'; @@ -720,6 +720,11 @@ class PasswordInputFormField extends FormField { return FALSE; } + if(!preg_match('#.*[/]+.*#',$this->value)==0){ + if($set_error) $this->error = 'Votre mot de passe doit contenir le caractère \'/\''; + return FALSE; + } + return TRUE; } diff --git a/htdocs/inc/css/main.css b/htdocs/inc/css/main.css index 7d1195e..39748c8 100644 --- a/htdocs/inc/css/main.css +++ b/htdocs/inc/css/main.css @@ -30,6 +30,10 @@ h1#top { margin-bottom: 10px; } +h3.form-error { + color: red; +} + div#disclaimer { margin-top: 30px; } @@ -135,6 +139,11 @@ span.form-error { margin-left: 4px; } +span.form-warning { + color: #E84D0C; + margin-left: 4px; +} + span.form-mandatory { color: red; } @@ -163,4 +172,3 @@ form#form-add legend { form#form-add p { text-align: left; } - diff --git a/htdocs/inc/js/webadmin.js b/htdocs/inc/js/webadmin.js index 77bb78f..4a78df5 100644 --- a/htdocs/inc/js/webadmin.js +++ b/htdocs/inc/js/webadmin.js @@ -21,6 +21,12 @@ function switch_disabled(name) { } document.observe("dom:loaded", function() { + if (document.getElementById('vhost-delete-db') != null) { + document.getElementById('vhost-delete-db').onclick = function() { + console.log("clicked box"); + switch_disabled('vhost-dbname'); + } + } document.getElementById('password_random').onclick = function() { switch_disabled('password'); } diff --git a/htdocs/index.php b/htdocs/index.php index 62d2a65..71681f7 100755 --- a/htdocs/index.php +++ b/htdocs/index.php @@ -30,7 +30,7 @@ header('Content-Type: text/html; charset=utf-8'); /** * Requires */ -require_once EVOADMIN_BASE . 'common.php'; +require_once EVOADMIN_BASE . '../inc/common.php'; $uri = $_SERVER['REQUEST_URI']; @@ -48,26 +48,47 @@ if (!array_key_exists('auth', $_SESSION) || $_SESSION['auth']!=1) { include_once EVOADMIN_BASE . '../inc/webadmin.php'; -} elseif (preg_match('#^/webadmin/servername/(.*)/?$#', $uri, $params)) { +} elseif (preg_match('#^/webadmin?#', $uri)) { - include_once EVOADMIN_BASE . '../inc/webadmin-servername.php'; + // Redirect to /webadmin in order to set $_SESSION['non_stanard'] + if (!isset($_SESSION['non_standard'])) + http_redirect('/webadmin'); -} elseif (preg_match('#^/webadmin/itk/(.*)/?$#', $uri, $params)) { + // block the non-standard vhost modification + if (in_array(htmlspecialchars(basename($_SERVER['REDIRECT_URL'])), $_SESSION['non_standard'])) + http_redirect('/webadmin'); - include_once EVOADMIN_BASE . '../inc/webadmin-itk.php'; + if (preg_match('#^/webadmin/(.*)/domain/?(edit)?/?(.*)?/$#', $uri, $params)) { -} elseif (preg_match('#^/webadmin/php/(.*)/?$#', $uri, $params)) { + include_once EVOADMIN_BASE . '../inc/webadmin-servername.php'; - include_once EVOADMIN_BASE . '../inc/webadmin-php.php'; + } elseif (preg_match('#^/webadmin/(.*)/itk/?(enable|disable)?/?(.*)?/$#', $uri, $params)) { -} elseif (preg_match('#^/webadmin/edit/(.*)/?$#', $uri, $params)) { + include_once EVOADMIN_BASE . '../inc/webadmin-itk.php'; - include_once EVOADMIN_BASE . '../inc/webadmin-edit.php'; + } elseif (preg_match('#^/webadmin/(.*)/php/$#', $uri, $params)) { -} elseif (preg_match('#^/webadmin/suppr/(.*)/?$#', $uri, $params)) { + include_once EVOADMIN_BASE . '../inc/webadmin-php.php'; - include_once EVOADMIN_BASE . '../inc/webadmin-suppr.php'; + } elseif (preg_match('#^/webadmin/(.*)/alias/?(add|delete)?/?(.*)?/$#', $uri, $params)) { + include_once EVOADMIN_BASE . '../inc/webadmin-edit.php'; + + } elseif (preg_match('#^/webadmin/delete/(.*)/?$#', $uri, $params)) { + //TODO: fix according to route naming convention + include_once EVOADMIN_BASE . '../inc/webadmin-delete.php'; + + } elseif (preg_match('#^/webadmin/suppr/(.*)/?$#', $uri, $params)) { + + include_once EVOADMIN_BASE . '../inc/webadmin-suppr.php'; + + } elseif (preg_match('#^/webadmin/(.*)/letsencrypt/?$#', $uri, $params)) { + + include_once EVOADMIN_BASE . '../inc/webadmin-letsencrypt.php'; + + } else { + http_redirect('/webadmin'); + } } elseif (is_superadmin() && preg_match('#^/accounts/?#', $uri, $params)) { include_once EVOADMIN_BASE . '../inc/accounts.php'; diff --git a/inc/accounts.php b/inc/accounts.php index 5c57119..95980ab 100644 --- a/inc/accounts.php +++ b/inc/accounts.php @@ -39,31 +39,31 @@ function web_add($form, $admin_mail) { if(!$form->getField('password_random')->getValue()) { $exec_cmd .= sprintf(' -p %s', - $form->getField('password')->getValue()); + escapeshellarg($form->getField('password')->getValue())); } /* Ajout des options spécifiques à MySQL si nécessaire */ if($form->getField('mysql_db')->getValue()) { $exec_cmd .= sprintf(' -m %s', - $form->getField('mysql_dbname')->getValue()); + escapeshellarg($form->getField('mysql_dbname')->getValue())); if(!$form->getField('mysql_password_random')->getValue()) { $exec_cmd .= sprintf(' -P %s', - $form->getField('mysql_password')->getValue()); + escapeshellarg($form->getField('mysql_password')->getValue())); } } - if (array_key_exists('php_versions', $conf) && count($conf['php_versions']) > 1) { + if (array_key_exists('php_versions', $conf) && is_array($conf['php_versions'])) { $exec_cmd .= sprintf(' -r %s', $conf['php_versions'][$form->getField('php_version')->getValue()]); } if ($conf['quota']) { - $exec_cmd .= sprintf(' -q %s:%s', $form->getField('quota_soft')->getValue(), $form->getField('quota_hard')->getValue()); + $exec_cmd .= sprintf(' -q %s:%s', escapeshellarg($form->getField('quota_soft')->getValue()), escapeshellarg($form->getField('quota_hard')->getValue())); } $exec_cmd .= sprintf(' -l %s %s %s 2>&1', $admin_mail, - $form->getField('username')->getValue(), - $form->getField('domain')->getValue()); + escapeshellarg($form->getField('username')->getValue()), + escapeshellarg($form->getField('domain')->getValue())); //domain_add($form, $_SERVER['SERVER_ADDR'], true); sudoexec($exec_cmd, $exec_output, $exec_return); @@ -72,7 +72,7 @@ function web_add($form, $admin_mail) { if ( $form->getField('domain_alias')->getValue() ) { $domain_alias = preg_split('/,/', $form->getField('domain_alias')->getValue()); foreach ( $domain_alias as $domain ) { - $exec_cmd = 'web-add.sh add-alias '.$form->getField('username')->getValue().' '; + $exec_cmd = 'web-add.sh add-alias '.escapeshellarg($form->getField('username')->getValue()).' '; $domain = trim($domain); $exec_cmd .= $domain.' '. $server_list; sudoexec($exec_cmd, $exec_output, $exec_return); @@ -97,17 +97,17 @@ function web_add_cluster($form, $admin_mail) { if(!$form->getField('password_random')->getValue()) { $exec_cmd .= sprintf(' -p %s', - $form->getField('password')->getValue()); + escapeshellarg($form->getField('password')->getValue())); } /* Ajout des options spécifiques à MySQL si nécessaire */ if($form->getField('mysql_db')->getValue()) { $exec_cmd .= sprintf(' -m %s', - $form->getField('mysql_dbname')->getValue()); + escapeshellarg($form->getField('mysql_dbname')->getValue())); if(!$form->getField('mysql_password_random')->getValue()) { $exec_cmd .= sprintf(' -P %s', - $form->getField('mysql_password')->getValue()); + escapeshellarg($form->getField('mysql_password')->getValue())); } $account['bdd'] = $form->getField('mysql_dbname')->getValue(); @@ -173,13 +173,13 @@ function web_add_cluster($form, $admin_mail) { break; } - $exec_cmd .= sprintf(' -l %s %s %s %s %s %s 2>&1', - $admin_mail, - $form->getField('username')->getValue(), - $form->getField('domain')->getValue(), - $master, - $slave, - ($realtime ? 'realtime': 'deferred')); + $exec_cmd .= sprintf(' -l %s %s %s %s %s %s 2>&1', + escapeshellarg($admin_mail), + escapeshellarg($form->getField('username')->getValue()), + escapeshellarg($form->getField('domain')->getValue()), + escapeshellarg($master), + escapeshellarg($slave), + escapeshellarg( ($realtime ? 'realtime': 'deferred')) ); //if ($conf['bindadmin']) domain_add($form->getField('domain')->getValue(), gethostbyname($master), true, $form->getField('use_gmail_mxs')->getValue()); @@ -189,7 +189,7 @@ function web_add_cluster($form, $admin_mail) { if ( $form->getField('domain_alias')->getValue() ) { $domain_alias = preg_split('/,/', $form->getField('domain_alias')->getValue()); foreach ( $domain_alias as $alias ) { - $exec_cmd = 'web-add-cluster.sh add-alias '.$form->getField('username')->getValue().' '; + $exec_cmd = 'web-add-cluster.sh add-alias '.escapeshellarg($form->getField('username')->getValue()).' '; $alias = trim($alias); $exec_cmd .= $alias.' '.$master.' '.$slave; sudoexec($exec_cmd, $exec_output2, $exec_return2); @@ -347,7 +347,7 @@ if ($conf['bindadmin']) { $form->addField('use_gmail_mxs', new CheckboxInputFormField("Utilisation des serveurs Gmail en MX ?", FALSE)); } -if (array_key_exists('php_versions', $conf) && count($conf['php_versions']) > 1) { +if (array_key_exists('php_versions', $conf) && is_array($conf['php_versions'])) { $form->addField('php_version', new SelectFormField("Version de PHP", TRUE, $conf['php_versions'])); } diff --git a/inc/auth.php b/inc/auth.php index 4f709d9..c92dbc6 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -1,43 +1,53 @@ - * @author Thomas Martin - * @author Sebastien Palma + * @author Evolix + * @author Gregory Colpart + * @author Thomas Martin + * @author Sebastien Palma + * @author and others. * @version 1.0 */ -if ((empty($_GET['form']) || $_GET['form']!=1) && !empty($_POST)) { - $username=$_POST['login']; - $password=$_POST['passw']; +if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST)) { + $input_username = $_POST['login']; + $input_password = $_POST['passw']; - if (hash("sha256",$password) == $conf['logins'][$username]) { - $_SESSION['auth']=1; - $_SESSION['user']=$username; - $_SESSION['error']=''; - } else { - $_SESSION['auth']=0; - $_SESSION['user']=''; - $_SESSION['error']=1; - } - http_redirect('/'); + if (isset($conf['logins'][$input_username]) && strlen($conf['logins'][$input_username]) != 64 && password_verify($input_password, $conf['logins'][$input_username]) ) { + $_SESSION['auth'] = true; + $_SESSION['user'] = $input_username; + $_SESSION['user_id'] = posix_getpwnam($input_username) ? posix_getpwnam($input_username)['uid'] : 65534; + $_SESSION['cli_version'] = run_webadd_cmd('version')[0]; + unset($_SESSION['error']); + + } elseif (isset($conf['logins'][$input_username]) && strlen($conf['logins'][$input_username]) == 64 && hash("sha256",$input_password) === $conf['logins'][$input_username]) { + // Compatibility mode for previous installs (sha256) + $_SESSION['auth'] = true; + $_SESSION['user'] = $input_username; + $_SESSION['user_id'] = posix_getpwnam($input_username) ? posix_getpwnam($input_username)['uid'] : 65534; + $_SESSION['cli_version'] = run_webadd_cmd('version')[0]; + unset($_SESSION['error']); + + } else { + $_SESSION['auth'] = false; + $_SESSION['user'] = ''; + $_SESSION['error'] = true; + } + + http_redirect('/'); } else { -if(!empty($_SESSION['error'])) { - $error=$_SESSION['error']; -} - - include_once EVOADMIN_BASE . '../tpl/header.tpl.php'; - include_once EVOADMIN_BASE . '../tpl/auth.tpl.php'; - include_once EVOADMIN_BASE . '../tpl/footer.tpl.php'; + if (!empty($_SESSION['error'])) { + $error = $_SESSION['error']; + unset($_SESSION['error']); + } + + include_once EVOADMIN_BASE . '../tpl/header.tpl.php'; + include_once EVOADMIN_BASE . '../tpl/auth.tpl.php'; + include_once EVOADMIN_BASE . '../tpl/footer.tpl.php'; } - -?> diff --git a/htdocs/common.php b/inc/common.php similarity index 89% rename from htdocs/common.php rename to inc/common.php index 1e2532f..129ae90 100644 --- a/htdocs/common.php +++ b/inc/common.php @@ -1,5 +1,4 @@ 1; } +/** + * Webadd + * + * @return boolean - True when it's a multi PHP system + */ +function run_webadd_cmd($command) { + global $conf; + + $cmd = 'web-add.sh '. $command; + + $data_output = null; + $exec_return = null; + sudoexec($cmd, $data_output, $exec_return); + + + return $data_output; +} + + /** * Includes */ diff --git a/inc/webadmin-delete.php b/inc/webadmin-delete.php new file mode 100644 index 0000000..85b9e03 --- /dev/null +++ b/inc/webadmin-delete.php @@ -0,0 +1,72 @@ + + * @author Thomas Martin + * @author Sebastien Palma + * @version 1.0 + */ + +require_once EVOADMIN_BASE . '../lib/bdd.php'; +require_once EVOADMIN_BASE . '../lib/domain.php'; + +global $conf; + +include_once EVOADMIN_BASE . '../tpl/header.tpl.php'; +include_once EVOADMIN_BASE . '../tpl/menu.tpl.php'; + +if (isset($_POST['delete-vhost'])) { + $domain = $params[1]; + + while(true) { + // Errors handling + if (empty($_POST['vhost-name'])) { + print "

Veuillez entrer le nom du compte web à supprimer.

"; + printf ('

Retour

', $_SERVER['REDIRECT_URL']); + break; + } + + if ($_POST['vhost-name'] !== $domain) { + print "Le nom de compte ne correspond pas."; + printf ('

Retour

', $_SERVER['REDIRECT_URL']); + break; + } + + if (isset($_POST['vhost-delete-db']) && empty($_POST['vhost-dbname'])) { + print "Veuillez spécifier un nom de base de données."; + printf ('

Retour

', $_SERVER['REDIRECT_URL']); + break; + } + + // Shell arguments + if (!empty($_POST['vhost-dbname'])) + $exec_cmd = "web-add.sh del -y " . $domain . " " . $_POST['vhost-dbname']; + else + $exec_cmd = "web-add.sh del -y " . $domain; + + // Execute script + sudoexec($exec_cmd, $exec_output, $exec_return); + + // Deal with response code + if ($exec_return == 0) + print "

Compte supprimé.

"; + else + print "

La suppression a échouée. Veuillez contacter votre administrateur.

"; + + break; + } + + include_once EVOADMIN_BASE . '../tpl/footer.tpl.php'; + +} else { + include_once EVOADMIN_BASE . '../tpl/webadmin-delete.tpl.php'; + include_once EVOADMIN_BASE . '../tpl/footer.tpl.php'; +} + +?> diff --git a/inc/webadmin-edit.php b/inc/webadmin-edit.php index c8a579f..7b0d99b 100644 --- a/inc/webadmin-edit.php +++ b/inc/webadmin-edit.php @@ -1,11 +1,11 @@ * @author Thomas Martin @@ -18,21 +18,24 @@ require_once EVOADMIN_BASE . '../lib/domain.php'; global $conf; -if (isset($_GET['del']) ) { +$redirect_url = "/webadmin/" . $params[1] . "/alias/"; + +if (isset($params[2]) && $params[2] == "delete") { + if (isset($params[3]) && $params[3] == "") http_redirect($redirect_url); include_once EVOADMIN_BASE . '../tpl/header.tpl.php'; include_once EVOADMIN_BASE . '../tpl/menu.tpl.php'; - $alias = htmlspecialchars($_GET['del']); + $alias = $params[3]; - if (isset($_GET['modif']) && ($_GET['modif'] == 'yes')) { + if (isset($_POST["confirm-delete-alias"])) { print "
"; print "

Suppression de $alias...

"; $serveralias = array ( - 'domain' => htmlspecialchars(basename($_SERVER['REDIRECT_URL'])), + 'domain' => $params[1], 'alias' => $alias ); @@ -65,10 +68,10 @@ if (isset($_GET['del']) ) { sudoexec($exec_cmd, $exec_output, $exec_return); if ($exec_return == 0) { - if (! $bdd->del_serveralias($serveralias)) + if (! $bdd->del_serveralias($serveralias)) print "

La suppression a échouée. Veuillez contacter votre administrateur.

"; printf ('

Alias %s est supprimé.

', $serveralias['alias']); - } else + } else print "

La suppression a échouée. Veuillez contacter votre administrateur.

"; } @@ -77,27 +80,29 @@ if (isset($_GET['del']) ) { sudoexec($exec_cmd, $exec_output, $exec_return); if ($exec_return == 0) { printf ('

Alias %s est supprimé.

', $serveralias['alias']); - } else + } else print "

La suppression a échouée. Veuillez contacter votre administrateur.

"; } - printf ('

Retour à la liste des alias

', $_SERVER['REDIRECT_URL']); + printf ('

Retour à la liste des alias

', $redirect_url); print "
"; - } else if ( ! isset($_GET['modif']) ) { + } else { print "
"; + print "
"; print "

Confirmez vous la suppression de $alias ?

"; - printf ('

Confirmer la suppression

', $_SERVER['REDIRECT_URL'], $alias); - printf ('

Retour à la liste des alias

', $_SERVER['REDIRECT_URL']); + print "

"; + print "

"; + print "
"; + printf ('

Retour à la liste des alias

', $redirect_url); print "
"; } include_once EVOADMIN_BASE . '../tpl/footer.tpl.php'; - -} else if (isset($_GET['add']) ) { - +} +elseif (isset($params[2]) && $params[2] == "add") { require_once EVOADMIN_BASE . '../evolibs/Form.php'; include_once EVOADMIN_BASE . '../tpl/header.tpl.php'; @@ -129,7 +134,7 @@ if (isset($_GET['del']) ) { 'domain' => htmlspecialchars(basename($_SERVER['REDIRECT_URL'])), 'alias' => $form->getField('domain_alias')->getValue(), ); - + $account_name=$serveralias['domain']; $account = $bdd->get_account($account_name); @@ -182,7 +187,7 @@ if (isset($_GET['del']) ) { } else { $serveralias = array ( - 'domain' => htmlspecialchars(basename($_SERVER['REDIRECT_URL'])), + 'domain' => $params[1], 'alias' => $form->getField('domain_alias')->getValue(), ); @@ -197,30 +202,30 @@ if (isset($_GET['del']) ) { //domain_add($serveralias['alias'], gethostbyname($master) , false); TODO avec l'IP du load balancer print "
"; printf ('

L\'alias %s du domaine %s a bien été créé

', $serveralias['alias'], $serveralias['domain']); - printf ('

Retour à la liste des alias

', $_SERVER['REDIRECT_URL']); + printf ('

Retour à la liste des alias

', $redirect_url); print "
"; } else { print "
"; printf ('

Echec dans la creation de l\'alias %s du domaine %s

', $serveralias['alias'], $serveralias['domain']); - printf ('

Retour à la liste des alias

', $_SERVER['REDIRECT_URL']); + printf ('

Retour à la liste des alias

', $redirect_url); print "
"; } } else { print "
"; - printf ('

Echec dans la creation de l\'alias %s du domaine %s

', $serveralias['alias'], $serveralias['domain']); + printf ('

Echec dans la creation de l\'alias %s

', $serveralias['alias']); print ('

L\'alias existe dans d\'autres vhosts.'); - printf ('

Retour à la liste des alias

', $_SERVER['REDIRECT_URL']); + printf ('

Retour à la liste des alias

', $redirect_url); print "
"; } } } else { - print "

Ajout d'un serveralias

"; + print "

Ajout d'un alias

"; print "
"; print "
"; - print " Ajout d'un serveralias"; + print " Ajout d'un alias"; print $form; print "

"; print "
"; @@ -228,10 +233,10 @@ if (isset($_GET['del']) ) { } } else { - print "

Ajout d'un serveralias

"; + print "

Ajout d'un alias

"; print ""; print "
"; - print " Ajout d'un serveralias"; + print " Ajout d'un alias"; print $form; print "

"; print "
"; @@ -240,9 +245,9 @@ if (isset($_GET['del']) ) { } include_once EVOADMIN_BASE . '../tpl/footer.tpl.php'; +} - -} else { +else { $domain = $params[1]; $alias_list = array(); diff --git a/inc/webadmin-itk.php b/inc/webadmin-itk.php index 680c653..44a106d 100644 --- a/inc/webadmin-itk.php +++ b/inc/webadmin-itk.php @@ -18,62 +18,43 @@ require_once EVOADMIN_BASE . '../lib/domain.php'; global $conf; -if (isset($_GET['enable']) ) { +if (isset($params[2]) && $params[2] != "") { + + $redirect_url = "/webadmin/" . $params[1] . "/itk/"; + require_once EVOADMIN_BASE . '../evolibs/Form.php'; include_once EVOADMIN_BASE . '../tpl/header.tpl.php'; include_once EVOADMIN_BASE . '../tpl/menu.tpl.php'; - - # TODO: sanitize $_GET $servername = array ( - 'domain' => htmlspecialchars(basename($_SERVER['REDIRECT_URL'])), - 'servername' => $_GET['enable'] + 'domain' => $params[1], ); - $enable_cmd = 'web-add.sh enable-user-itk ' . $servername['servername'] . ' ' . $servername['domain']; + if ($params[2] == "enable") { + $enable_cmd = 'web-add.sh enable-user-itk ' . $servername['domain']; - sudoexec($enable_cmd, $enable_cmd_output, $enable_cmd_return); + sudoexec($enable_cmd, $enable_cmd_output, $enable_cmd_return); - if ($enable_cmd_return == 0) { - print 'Sécurité ITK activée.'; - printf ('

Retour à la gestion ITK

', $_SERVER['REDIRECT_URL']); + if ($enable_cmd_return == 0) { + print 'Sécurité ITK activée.'; + printf ('

Retour à la gestion ITK

', $redirect_url); + } + } + elseif ($params[2] == "disable") { + $disable_cmd = 'web-add.sh disable-user-itk ' . $servername['domain']; + + sudoexec($disable_cmd, $disable_cmd_output, $disable_cmd_return); + + if ($disable_cmd_return == 0) { + print 'Sécurité ITK désactivée'; + printf ('

Retour à la gestion ITK

', $redirect_url); + } } include_once EVOADMIN_BASE . '../tpl/footer.tpl.php'; - - -} -elseif (isset($_GET['disable']) ) { - require_once EVOADMIN_BASE . '../evolibs/Form.php'; - - include_once EVOADMIN_BASE . '../tpl/header.tpl.php'; - include_once EVOADMIN_BASE . '../tpl/menu.tpl.php'; - - - # TODO: sanitize $_GET - $servername = array ( - 'domain' => htmlspecialchars(basename($_SERVER['REDIRECT_URL'])), - 'servername' => $_GET['disable'] - ); - - $disable_cmd = 'web-add.sh disable-user-itk ' . $servername['servername'] . ' ' . $servername['domain']; - - sudoexec($disable_cmd, $disable_cmd_output, $disable_cmd_return); - - if ($disable_cmd_return == 0) { - print 'Sécurité ITK désactivée'; - printf ('

Retour à la gestion ITK

', $_SERVER['REDIRECT_URL']); - } - - include_once EVOADMIN_BASE . '../tpl/footer.tpl.php'; - - -} -else { - +} else { $domain = $params[1]; - $data_list = array(); // TODO: adapt for cluster mode if ($conf['cluster']) { @@ -97,33 +78,17 @@ else { $alias_list = $bdd->list_serveralias($domain); } else { - - $cmd = 'web-add.sh list-servername ' . $domain; - - if(!is_superadmin()) { - $cmd = sprintf('%s %s', $cmd, $_SESSION['user']); - } - sudoexec($cmd, $data_output, $exec_return); - - # à revérifier (notamment gestion erreurs) - if ($exec_return == 0) { - foreach($data_output as $data_line) { - $cmd_itk = 'web-add.sh list-user-itk ' . $data_line . ' ' . $domain; + $cmd_itk = 'web-add.sh list-user-itk ' . $domain; sudoexec($cmd_itk, $data_output_itk, $exec_return_itk); - # on prend le premier résultat du tableau, ne fonctionne pas s'il y a plusieurs la même ligne ou des commentaires etc. - array_push($data_list, ['servername' => $data_line, 'user' => $data_output_itk[0]]); - unset($data_output_itk); # reset variable pour éviter conflits - } - } + $user_itk = $data_output_itk[0]; } include_once EVOADMIN_BASE . '../tpl/header.tpl.php'; include_once EVOADMIN_BASE . '../tpl/menu.tpl.php'; include_once EVOADMIN_BASE . '../tpl/webadmin-itk.tpl.php'; include_once EVOADMIN_BASE . '../tpl/footer.tpl.php'; - } ?> diff --git a/inc/webadmin-letsencrypt.php b/inc/webadmin-letsencrypt.php new file mode 100644 index 0000000..c3363fd --- /dev/null +++ b/inc/webadmin-letsencrypt.php @@ -0,0 +1,168 @@ +checkRemoteResourceAvailability($_SESSION['letsencrypt-domains'][0]); + + if (!$isRemoteResourceAvailable) { + $errorMessage = "Erreur : Le challenge HTTP a échoué.
+ Merci de vérifier que le dossier /.well-known/evoacme-challenge/ est accessible."; + break; + } + + // check DNS + $valid_domains = $letsencrypt->checkDNSValidity($_SESSION['letsencrypt-domains']); + + $failed_domains = array_diff($_SESSION['letsencrypt-domains'], $valid_domains); + if (!empty($failed_domains)) { + $errorMessage = "Erreur : La vérification DNS a échoué.
+ Merci de vérifier les enregistrements de type A et AAAA pour les domaine(s) suivant(s) :"; + break; + } + + // make csr + $isCsrGenerated = $letsencrypt->makeCsr($params[1], $_SESSION['letsencrypt-domains']); + + if (!$isCsrGenerated) { + $errorMessage = "Erreur : La génération de demande de certificat a échoué.
+ Merci de contacter un administrateur pour continuer."; + break; + } + + // evoacme TEST + $testGenerateCert = $letsencrypt->generateSSLCertificate($params[1]); + + if (!$testGenerateCert) { + $errorMessage = "Erreur : La génération de certificat en mode TEST a échoué.
+ Merci de contacter un administrateur pour continuer."; + break; + } + + // evoacme + $generateCert = $letsencrypt->generateSSLCertificate($params[1], false); + + if (!$generateCert) { + $errorMessage = "Erreur : La génération de certificat a échoué.
+ Merci de contacter un administrateur pour continuer."; + break; + } + + break; + } +} else { + $validUntil = ''; + + while(true) { + // check domains list + if (empty($_SESSION['letsencrypt-domains'])) { + $errorMessage = "Erreur : la liste des domaines est vide."; + break; + } + + // check if evoacme is installed + $binaries_installed = $letsencrypt->isEvoacmeInstalled(); + if (!$binaries_installed) { + $errorMessage = "Erreur : les binaires Evoacme ne sont pas installés. + Veuillez contacter un administrateur."; + break; + } + + // Check existing SSL certificate + $domainsIncluded = array(); + foreach ($_SESSION['letsencrypt-domains'] as $domain) { + $existingSSLCertificate = $letsencrypt->getCertificate($domain); + // if no certificate is present (false returned) for this domain, go to the next domain + if (is_bool($existingSSLCertificate)) { + continue; + } + $parsedCertificate = $letsencrypt->parseCertificate($existingSSLCertificate); + + // check if LE is the certificate issuer + $isIssuerValid = $letsencrypt->isCertIssuedByLetsEncrypt($parsedCertificate["issuer"]); + if (!$isIssuerValid) { + $errorMessage = "Erreur : le certificat existant n'est pas géré par Let's Encrypt."; + break 2; // break the foreach and the while + } + + // check wether the certificate is valid or expired + + $isCertValid = $letsencrypt->isCertValid($parsedCertificate["validUntil"]); + if (!$isCertValid && !isset($_POST['force_renew'])) { + $warningMessage = "Attention : le certificat existant n'est plus valide. + Souhaitez-vous le renouveller ?"; + break 2; + } else { + $validUntil = date("d/m/Y", $parsedCertificate["validUntil"]); + } + + // check if the domain is already in the certificate + $isDomainIncluded = $letsencrypt->isDomainIncludedInCert($domain, $parsedCertificate["includedDomains"]); + if ($isDomainIncluded) { + array_push($domainsIncluded, $domain); + continue; // break only the current foreach iteration + } + } + + // contains all the domains included in the existing certificate + if (!empty($domainsIncluded) && !isset($_POST['force_renew'])) { + $domainsNotIncluded = array_diff($_SESSION['letsencrypt-domains'], $domainsIncluded); + + if (empty($domainsNotIncluded)) { + $errorMessage = "Le certificat existant couvre déjà tous les domaines jusqu'au " . $validUntil . "."; + break; + } + + $warningMessage = "Attention : le certificat existant couvre déjà le(s) domaine(s) jusqu'au " . $validUntil . " :
"; + + foreach ($domainsIncluded as $domainIncluded) { + $warningMessage .= $domainIncluded . "
"; + } + + $warningMessage .= "
En confirmant le renouvellement, vous allez ajouter :
"; + + foreach ($domainsNotIncluded as $domainNotIncluded) { + $warningMessage .= $domainNotIncluded . "
"; + } + + break; + } + + break; + } +} + +include_once EVOADMIN_BASE . '../tpl/webadmin-letsencrypt.tpl.php'; +include_once EVOADMIN_BASE . '../tpl/footer.tpl.php'; diff --git a/inc/webadmin-php.php b/inc/webadmin-php.php index 6afba03..4eb1eed 100644 --- a/inc/webadmin-php.php +++ b/inc/webadmin-php.php @@ -56,7 +56,7 @@ else { if ($exec_return == 0) { print "
"; - printf ('

La version de PHP bien été modifié

'); + printf ('

La version de PHP a bien été modifiée

'); printf ('

Retour à liste des comptes

'); print "
"; @@ -64,7 +64,7 @@ else { else { print "
"; printf ('

ERREUR

'); - printf ('

Une erreur innatendue s\'est produite

'); + printf ('

Une erreur inattendue s\'est produite

'); if ($conf['debug'] == TRUE) { print '
';
diff --git a/inc/webadmin-servername.php b/inc/webadmin-servername.php
index a68d7c2..8b58619 100644
--- a/inc/webadmin-servername.php
+++ b/inc/webadmin-servername.php
@@ -18,150 +18,154 @@ require_once EVOADMIN_BASE . '../lib/domain.php';
 
 global $conf;
 
-if (isset($_GET['edit']) ) {
+if (isset($params[2]) && $params[2] == "edit") {
+    $redirect_url = "/webadmin/" . $params[1] . "/domain/";
+
+    if (isset($params[3]) && $params[3] == "") http_redirect($redirect_url);
+
     require_once EVOADMIN_BASE . '../evolibs/Form.php';
 
     include_once EVOADMIN_BASE . '../tpl/header.tpl.php';
     include_once EVOADMIN_BASE . '../tpl/menu.tpl.php';
 
-        $form = new FormPage("Modification du ServerName", FALSE);
-        $form->addField('domain_servername', new DomainInputFormField("ServerName", TRUE), $_GET['edit']);
-        $form->addField('previous_servername', new DomainInputFormField("", TRUE, TRUE), $_GET['edit']);
+    $form = new FormPage("Modification du Servername", FALSE);
+    $form->addField('domain_servername', new DomainInputFormField("Servername", TRUE), $params[3]);
+    $form->addField('previous_servername', new DomainInputFormField("", TRUE, TRUE), $params[3]);
 
-        if (!empty($_POST)) {
-            $form->isCurrentPage(TRUE);
-            $form->initFields();
-
-            if ($form->verify(TRUE)) {
-                // TODO: Adapt the script for cluster mode
-                if ($conf['cluster']) {
-                    if (is_mcluster_mode()) {
-                        // If the user has not yet selected a cluster, redirect-it to home page.
-                        if (empty($_SESSION['cluster'])) {
-                            http_redirect('/');
-                        }
-                        $cache = str_replace('%cluster_name%', $_SESSION['cluster'], $conf['cache']);
-                    }
-                    else {
-                        $cache = $conf['cache'];
-                    }
-                    $bdd = new bdd();
-                    $bdd->open($cache);
-
-                    $servername = array (
-                        'domain' => htmlspecialchars(basename($_SERVER['REDIRECT_URL'])),
-                        'servername' => $form->getField('domain_servername')->getValue(),
-                        'previous_servername' => $form->getField('previous_servername')->getValue(),
-                    );
-
-                    $account_name=$servername['domain'];
-                    $account = $bdd->get_account($account_name);
-
-
-                    if (sizeof($account) == 0)
-                        die("Anomalie... Contactez votre administrateur.");
-
-                    $master = $bdd->get_server_from_roleid($account['id_master']);
-                    $slave = $bdd->get_server_from_roleid($account['id_slave']);
-
-
-                    if ( $bdd->is_serveralias( $account_name, $serveralias['alias'] ) == 0  ) {
-
-                        /* web-add-cluster addalias */
-                        $exec_cmd = 'web-add-cluster.sh add-alias '.$serveralias['domain'].' '.$serveralias['alias'].' '.$master.' '.$slave;
-                        sudoexec($exec_cmd, $exec_output, $exec_return);
-
-
-
-                        if ($exec_return == 0) {
-                            /* Ajout BDD */
-                            $bdd->add_serveralias($serveralias);
-
-                            domain_add($serveralias['alias'], gethostbyname($master) , false);
-
-                            # Si le compte en question est en replication temps
-                            # reel, il faut faire un restart manuel de lsyncd
-                            # pour prendre en compte le nouveau domaine.
-                            if ($account['replication'] == "realtime") {
-                                mail('tech@evolix.fr', "[TAF] Redemarrer lsyncd sur $master", wordwrap('killer tous les processus lsyncd lancé par vmail pour le compte '.$account['name'].' et les relancer (cf. la ligne correspondante à ce compte dans la crontab de vmail).\n', 70));
-                            }
-
-                            print "
";
-                            printf ('
L\'alias %s du domaine %s a bien été créé
', $serveralias['alias'], $serveralias['domain']);
-                            printf ('
Retour à la liste des alias
', $_SERVER['REDIRECT_URL']);
-                            print "
";
-                        } else {
-                            print "
";
-                            printf ('
Echec dans la creation de l\'alias %s du domaine %s
', $serveralias['alias'], $serveralias['domain']);
-                            printf ('
Retour à la liste des alias
', $_SERVER['REDIRECT_URL']);
-                            print "
";
-                        }
-                    } else {
-                        print "
";
-                        printf ('
Alias %s du domaine %s deja existant !
', $serveralias['alias'], $serveralias['domain']);
-                        printf ('
Retour à la liste des alias
', $_SERVER['REDIRECT_URL']);
-                        print "
";
+    if (!empty($_POST)) {
+        $form->isCurrentPage(TRUE);
+        $form->initFields();
 
+        if ($form->verify(TRUE)) {
+            // TODO: Adapt the script for cluster mode
+            if ($conf['cluster']) {
+                if (is_mcluster_mode()) {
+                    // If the user has not yet selected a cluster, redirect-it to home page.
+                    if (empty($_SESSION['cluster'])) {
+                        http_redirect('/');
                     }
+                    $cache = str_replace('%cluster_name%', $_SESSION['cluster'], $conf['cache']);
                 }
                 else {
-                    $servername = array (
-                        'domain' => htmlspecialchars(basename($_SERVER['REDIRECT_URL'])),
-                        'servername'  => $form->getField('domain_servername')->getValue(),
-                        'previous_servername' => $form->getField('previous_servername')->getValue(),
-                    );
-
-                    $account_name=$servername['domain'];
-
-                    $is_servername_present = check_occurence_name($servername['servername']);
-
-                    if (!$is_servername_present) {
-                      $exec_cmd = 'web-add.sh update-servername ' . $servername['domain'] . ' ' . $servername['servername'] . ' ' . $servername['previous_servername'];
-                      sudoexec($exec_cmd, $exec_output, $exec_return);
-
-                      if ($exec_return == 0) {
-                          //domain_add($serveralias['alias'], gethostbyname($master) , false); TODO avec l'IP du load balancer
-                          print "
";
-                          printf ('
Le ServerName %s a bien été modifié
', $servername['servername']);
-                          printf ('
Retour à la liste des ServerNames
', $_SERVER['REDIRECT_URL']);
-                          print "
";
-                      }
-                      else {
-                          print "
";
-                          printf ('
Echec dans la modification du ServerName %s
', $servername['servername']);
-                          printf ('
Retour à la liste des ServerNames
', $_SERVER['REDIRECT_URL']);
-                          print "
";
-                      }
-                    }
-                    else {
-                      print "
";
-                      printf ('
Echec dans la modification du ServerName %s
', $servername['servername']);
-                      print  ('
Le domaine existe déjà dans d\'autres vhosts.');
-                      printf ('
Retour à la liste des ServerNames
', $_SERVER['REDIRECT_URL']);
-                      print "
";
-                    }
+                    $cache = $conf['cache'];
+                }
+                $bdd = new bdd();
+                $bdd->open($cache);
+
+                $servername = array (
+                    'domain' => htmlspecialchars(basename($_SERVER['REDIRECT_URL'])),
+                    'servername' => $form->getField('domain_servername')->getValue(),
+                    'previous_servername' => $form->getField('previous_servername')->getValue(),
+                );
+
+                $account_name=$servername['domain'];
+                $account = $bdd->get_account($account_name);
+
+
+                if (sizeof($account) == 0)
+                    die("Anomalie... Contactez votre administrateur.");
+
+                $master = $bdd->get_server_from_roleid($account['id_master']);
+                $slave = $bdd->get_server_from_roleid($account['id_slave']);
+
+
+                if ( $bdd->is_serveralias( $account_name, $serveralias['alias'] ) == 0  ) {
+
+                    /* web-add-cluster addalias */
+                    $exec_cmd = 'web-add-cluster.sh add-alias '.$serveralias['domain'].' '.$serveralias['alias'].' '.$master.' '.$slave;
+                    sudoexec($exec_cmd, $exec_output, $exec_return);
+
+
+
+                    if ($exec_return == 0) {
+                        /* Ajout BDD */
+                        $bdd->add_serveralias($serveralias);
+
+                        domain_add($serveralias['alias'], gethostbyname($master) , false);
+
+                        # Si le compte en question est en replication temps
+                        # reel, il faut faire un restart manuel de lsyncd
+                        # pour prendre en compte le nouveau domaine.
+                        if ($account['replication'] == "realtime") {
+                            mail('tech@evolix.fr', "[TAF] Redemarrer lsyncd sur $master", wordwrap('killer tous les processus lsyncd lancé par vmail pour le compte '.$account['name'].' et les relancer (cf. la ligne correspondante à ce compte dans la crontab de vmail).\n', 70));
+                        }
+
+                        print "
";
+                        printf ('
L\'alias %s du domaine %s a bien été créé
', $serveralias['alias'], $serveralias['domain']);
+                        printf ('
Retour à la liste des alias
', $redirect_url);
+                        print "
";
+                    } else {
+                        print "
";
+                        printf ('
Echec dans la creation de l\'alias %s du domaine %s
', $serveralias['alias'], $serveralias['domain']);
+                        printf ('
Retour à la liste des alias
', $redirect_url);
+                        print "
";
+                    }
+                } else {
+                    print "
";
+                    printf ('
Alias %s du domaine %s deja existant !
', $serveralias['alias'], $serveralias['domain']);
+                    printf ('
Retour à la liste des alias
', $redirect_url);
+                    print "
";
+
+                }
+            }
+            else {
+                $servername = array (
+                    'domain' => $params[1],
+                    'servername'  => $form->getField('domain_servername')->getValue(),
+                    'previous_servername' => $form->getField('previous_servername')->getValue(),
+                );
+
+                $account_name=$servername['domain'];
+
+                $is_servername_present = check_occurence_name($servername['servername']);
+
+                if (!$is_servername_present) {
+                  $exec_cmd = 'web-add.sh update-servername ' . $servername['domain'] . ' ' . $servername['servername'] . ' ' . $servername['previous_servername'];
+                  sudoexec($exec_cmd, $exec_output, $exec_return);
+
+                  if ($exec_return == 0) {
+                      //domain_add($serveralias['alias'], gethostbyname($master) , false); TODO avec l'IP du load balancer
+                      print "
";
+                      printf ('
Le Servername %s a bien été modifié
', $servername['servername']);
+                      printf ('
Retour à la liste des Servernames
', $redirect_url);
+                      print "
";
+                  }
+                  else {
+                      print "
";
+                      printf ('
Echec dans la modification du Servername %s
', $servername['servername']);
+                      printf ('
Retour à la liste des Servernames
', $redirect_url);
+                      print "
";
+                  }
+                }
+                else {
+                  print "
";
+                  printf ('
Echec dans la modification du Servername %s
', $servername['servername']);
+                  print  ('
Le domaine existe déjà dans d\'autres vhosts.');
+                  printf ('
Retour à la liste des Servernames
', $redirect_url);
+                  print "
";
                 }
-            } else {
-              print "
Modification du ServerName
";
-              print "";
-              print "   
";
-              print "        Modification du ServerName";
-              print $form;
-              print "        
";
-              print "     
";
-              print "";
             }
         } else {
-          print "
Modification du ServerName
";
+          print "
Modification du Servername
";
           print "
";
           print "   
";
-          print "        Modification du ServerName";
+          print "        Modification du Servername";
           print $form;
           print "        
";
           print "     
";
           print "
";
-
         }
+    } else {
+      print "
Modification du Servername
";
+      print "
";
+      print "   
";
+      print "        Modification du Servername";
+      print $form;
+      print "        
";
+      print "     
";
+      print "
";
+
+    }
 
     include_once EVOADMIN_BASE . '../tpl/footer.tpl.php';
 
@@ -193,17 +197,15 @@ if (isset($_GET['edit']) ) {
         $alias_list = $bdd->list_serveralias($domain);
     }
     else {
-
-      $cmd = 'web-add.sh list-servername ' . $domain;
+      $cmd = 'web-add.sh list-vhost ' . $domain;
 
 	    if(!is_superadmin()) {
 	    	$cmd = sprintf('%s %s', $cmd, $_SESSION['user']);
 	    }
 	    sudoexec($cmd, $data_output, $exec_return);
 
-	    foreach($data_output as $data_line) {
-        array_push($servername_list, $data_line);
-	    }
+      $data_vhost = explode(':', $data_output[0]);
+      $servername = $data_vhost[2];
     }
 
     include_once EVOADMIN_BASE . '../tpl/header.tpl.php';
diff --git a/inc/webadmin.php b/inc/webadmin.php
index ad3ec23..6e91a93 100644
--- a/inc/webadmin.php
+++ b/inc/webadmin.php
@@ -30,6 +30,12 @@ if (!$conf['cluster']) {
 
     /* Récupération de cette liste dans le tableau $vhost_list */
     $vhost_list = array();
+
+    if (!isset($_SESSION['non_standard'])) {
+      $_SESSION['non_standard'] = array();
+    }
+
+
     foreach($data_output as $data_line) {
         $data_split = explode(':', $data_line);
 
@@ -72,6 +78,11 @@ if (!$conf['cluster']) {
             $occupation = "";
         }
 
+        // current vhost isn't standard and thus not manageable by evoadmin-web
+        if (!$data_split[9] && (!in_array($data_split[0], $_SESSION['non_standard']))) {
+          array_push($_SESSION['non_standard'], $data_split[0]);
+        }
+
         array_push($vhost_list, array(
             'owner'       => $data_split[0],
             'configid'       => $data_split[1],
diff --git a/lib/letsencrypt.php b/lib/letsencrypt.php
new file mode 100644
index 0000000..8c0d2d4
--- /dev/null
+++ b/lib/letsencrypt.php
@@ -0,0 +1,214 @@
+createFileHttpChallenge();
+
+        $curl_handler = curl_init();
+
+        // setting cURL options
+        curl_setopt($curl_handler, CURLOPT_URL, $domain . self::HTTP_CHALLENGE_URL);
+        curl_setopt($curl_handler, CURLOPT_TIMEOUT, 3);
+        curl_setopt($curl_handler, CURLOPT_HEADER, true);
+        curl_setopt($curl_handler, CURLOPT_NOBODY, true);
+        curl_setopt($curl_handler, CURLOPT_SSL_VERIFYPEER, false);
+        curl_setopt($curl_handler, CURLOPT_FOLLOWLOCATION, true);
+        curl_setopt($curl_handler, CURLOPT_MAXREDIRS, 3);
+        curl_setopt($curl_handler, CURLOPT_REDIR_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS);
+        curl_setopt($curl_handler, CURLOPT_RETURNTRANSFER, true);
+
+        curl_exec($curl_handler);
+
+        $returned_http_code = curl_getinfo($curl_handler, CURLINFO_HTTP_CODE);
+        $returned_http_url = curl_getinfo($curl_handler, CURLINFO_EFFECTIVE_URL);
+
+        $this->deleteFileHttpChallenge();
+
+        if ($returned_http_code === self::HTTP_OK && strpos($returned_http_url, self::HTTP_CHALLENGE_URL)) {
+            $returned_http_url = str_replace(self::HTTP_CHALLENGE_URL, '', $returned_http_url);
+            $returned_http_url = preg_replace('#^https?://#', '', $returned_http_url);
+
+            return true;
+        }
+
+        return false;
+    }
+
+    /**
+     * Query the corresponding IP for each domain
+     * @param  Array $domains list of HTTP checked domains
+     * @return Array $valid_dns_domains list of valid domains
+     */
+    public function checkDNSValidity($domains)
+    {
+        $valid_dns_domains = array();
+        $serverIP = exec("ip route get 1 | sed -n 's/^.*src \([0-9.]*\) .*$/\\1/p'");
+
+        foreach ($domains as $domain) {
+            //FQDN syntax
+            $domain .= '.';
+            $dns_record_ipv4 = dns_get_record($domain, DNS_A);
+            $dns_record_ipv6 = dns_get_record($domain, DNS_AAAA);
+
+            if ($dns_record_ipv4[0]['ip'] === $serverIP || $dns_record_ipv6[0]['ip'] === $serverIP) {
+                // remove the last dot added for the FQDN syntax
+                $domain = rtrim($domain, '.');
+                array_push($valid_dns_domains, $domain);
+            }
+        }
+
+        return $valid_dns_domains;
+    }
+
+    /**
+     * check the presence of make-csr and evoacme binaries
+     * @return boolean
+     */
+    public function isEvoacmeInstalled()
+    {
+        $output_make_csr = shell_exec("which make-csr");
+        $output_evoacme = shell_exec("which evoacme");
+
+        if (empty($output_make_csr) || empty($output_evoacme)) {
+            return false;
+        }
+
+        return true;
+    }
+
+    /**
+     * Retrieve the SSL certificate from the URL
+     * @param  string $domain
+     * @return Array|false $cont list of parameters of the certificate, or false
+     */
+    public function getCertificate($domain)
+    {
+        $stream = stream_context_create(array("ssl" => array("capture_peer_cert" => true)));
+        $read = stream_socket_client("ssl://" . $domain . ":443", $errno, $errstr, 10, STREAM_CLIENT_CONNECT, $stream);
+        $cont = stream_context_get_params($read);
+        
+        return $cont;
+    }
+
+    /**
+     * Parse the certificat arguments and extract data
+     * @param  Array $certificateParameters certificat arguments
+     * @return Array $infosCert contains only the issuer, domains and expiration date
+     */
+    public function parseCertificate($certificateParameters)
+    {
+        $infosCert = array();
+        $parsedParameters = openssl_x509_parse($certificateParameters["options"]["ssl"]["peer_certificate"]);
+        $issuer = $parsedParameters["issuer"]["O"];
+        $includedDomains = $parsedParameters["extensions"]["subjectAltName"];
+        $validUntil = $parsedParameters["validTo_time_t"];
+
+        $infosCert["issuer"] = $issuer;
+        $infosCert["includedDomains"] = $includedDomains;
+        $infosCert["validUntil"] = $validUntil;
+
+        return $infosCert;
+    }
+
+    /**
+     * Check wether the certificat is issued by Let's Encrypt or not
+     * @param  string  $issuer name of the certificat issuer
+     * @return boolean
+     */
+    public function isCertIssuedByLetsEncrypt($issuer)
+    {
+        return ($issuer === "Let's Encrypt") ? true : false;
+    }
+
+    /**
+     * Check wether the certificat is valid or not
+     * @param  string  $timestampCertValidUntil certificat expiration date in timestamp
+     * @return boolean
+     */
+    public function isCertValid($timestampCertValidUntil)
+    {
+        $currentDate = time();
+
+        return ($timestampCertValidUntil > $currentDate) ? true : false;
+    }
+
+    public function isDomainIncludedInCert($domainRequested, $san)
+    {
+        $san = preg_replace('/DNS:| DNS:/', '', $san);
+        $sanArray = explode(',', $san);
+
+        return (in_array($domainRequested, $sanArray)) ? true : false;
+    }
+}
diff --git a/scripts/ftpadmin.sh b/scripts/ftpadmin.sh
index 064a00f..e99888c 100755
--- a/scripts/ftpadmin.sh
+++ b/scripts/ftpadmin.sh
@@ -63,26 +63,28 @@ get_user_login_by_UID() {
 }
 
 list_accounts_by_UID() {
-  uid=$1
+    uid=$1
+  
+    # Remove # and empty lines
+    ftp_users=$(grep -v -E '^[[:blank:]]*(#.*)*$' "$VPASSWD_PATH")
 
-  while IFS=$'\n' read -r line;
-  do
-     line_uid="$(echo "$line" | cut -d":" -f3)"
-
-     if [[ ! "$uid" ]] ||  [[ "$line_uid" == "$uid" ]]; then
-       username="$(get_user_login_by_UID "$line_uid")"
-       account="$(echo "$line" | cut -d":" -f1)"
-       path="$(echo "$line" | cut -d":" -f6)"
-       size="$(du -s "$path" | cut -f 1)"
-       #modif="$(cat $path/.lastmodified)"
-       # Passage en minuscule ?
-       #account="$(echo $account | tr '[A-Z]' '[a-z]')"
-       #path="$(echo $path | tr '[A-Z]' '[a-z]')"
-
-       echo "$username:$account:$path:$size${modif:+:$modif}"
-       
-     fi
-  done < "$VPASSWD_PATH"
+    for line in $ftp_users; do
+        line_uid="$(echo "$line" | cut -d":" -f3)"
+    
+        if [[ ! "$uid" ]] || [[ "$line_uid" == "$uid" ]]; then
+            username=$(get_user_login_by_UID "$line_uid")
+            account=$(echo "$line" | cut -d":" -f1)
+            path=$(echo "$line" | cut -d":" -f6)
+            size="inconnue"
+            # Check output of daily "du" cron job
+            # (set by ansible-roles/packweb-apache/tasks/main.yml)
+            if [ -r "$path/.size" ]; then
+                size=$(cat "$path/.size")
+            fi
+            #modif="$(cat $path/.lastmodified)"
+            echo "$username:$account:$path:$size${modif:+:$modif}"
+        fi
+    done
 }
 
 add_account() {
@@ -119,7 +121,7 @@ delete_account() {
 
   account_name=$1
 
-  ftpasswd --passwd --file=$VPASSWD_PATH --name="$account_name" --uid=9999 --gid=9999 --home=/dev/null --shell=/dev/null --delete-user
+  ftpasswd --passwd --file=$VPASSWD_PATH --name="$account_name" --delete-user
   log_msg "Suppression du compte $account_name"
 }
 
diff --git a/scripts/vhost b/scripts/vhost
index 6ec1cc4..d5b8f4a 100644
--- a/scripts/vhost
+++ b/scripts/vhost
@@ -1,4 +1,4 @@
-
+
 
     # FQDN principal
     ServerName SERVERNAME
@@ -7,6 +7,11 @@
     # Repertoire principal
     DocumentRoot HOME_DIR/XXX/www/
 
+    # SSL
+    # Apache < 2.4.30 (Jessie, Stretch) va générer une erreur si le fichier
+    # désigné sans regex n'existe pas. On contourne ça avec [f] à place de f
+    IncludeOptional /etc/apache2/ssl/XXX.con[f]
+
     # Propriete du repertoire
     
         #Options +Indexes +SymLinksIfOwnerMatch
@@ -64,4 +69,3 @@
     #php_value default_charset ISO-8859-15
     php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f www-XXX"
     php_admin_value open_basedir "/usr/share/php:HOME_DIR/XXX:/tmp"
-
diff --git a/scripts/web-add-nginx.sh b/scripts/web-add-nginx.sh
index 21e1972..a89f3e3 100755
--- a/scripts/web-add-nginx.sh
+++ b/scripts/web-add-nginx.sh
@@ -388,7 +388,7 @@ op_del() {
 
         set -x
         deluser www-data $login
-        userdel $login
+        userdel -f $login
         groupdel $login
         sed -i.bak "/^$login:/d" /etc/aliases
 
diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index df0306e..224b2b1 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -14,6 +14,7 @@
 
 set -e
 
+VERSION="23.02"
 HOME="/root"
 CONTACT_MAIL="jdoe@example.org"
 WWWBOUNCE_MAIL="jdoe@example.org"
@@ -22,6 +23,7 @@ LOCAL_SCRIPT="$SCRIPTS_PATH/web-add.local.sh"
 PRE_LOCAL_SCRIPT="$SCRIPTS_PATH/web-add.pre-local.sh"
 TPL_AWSTATS="$SCRIPTS_PATH/awstats.XXX.conf"
 SSH_GROUP="evolinux-ssh"
+HOST="$(hostname -f)"
 
 # Set to nginx if you use nginx and not apache
 WEB_SERVER="apache"
@@ -58,6 +60,7 @@ config_file="/etc/evolinux/web-add.conf"
 usage() {
     cat <&2
 
+Evoadmin web tooling - Version $VERSION
 Usage: $0 COMMAND [ARG]
 
 add [ [OPTIONS] LOGIN WWWDOMAIN ]
@@ -100,12 +103,18 @@ add [ [OPTIONS] LOGIN WWWDOMAIN ]
 
    Example : web-add.sh add -m testdb -r 56 testlogin testdomain.com
 
-del LOGIN [DBNAME]
+del [ [OPTIONS] LOGIN [DBNAME] ]
 
    Delete account and all files related (Apache, Awstats, etc)
    Archive home directory.
    Remove MySQL database only if DBNAME is specified.
 
+   -y
+      Don't ask for confirmation
+
+   Example : web-add.sh del -y testlogin testdatabase
+
+
 list-vhost LOGIN
 
    List Apache vhost for user LOGIN
@@ -122,30 +131,26 @@ del-alias VHOST ALIAS
 
     Del a ServerAlias from an Apache vhost
 
-list-servername LOGIN
-
-    List ServerName(s) for user LOGIN
-
 update-servername VHOST SERVERNAME OLD_SERVERNAME
 
     Replace the OLD_SERVERNAME with the SERVERNAME for an Apache vhost
-    Also apply to rules
+    Also apply to rewrite rules
 
 check-occurence NAME
 
     List all occurences of NAME in vhosts
 
-list-user-itk DOMAIN LOGIN
+list-user-itk LOGIN
 
-    List the assigned ITK user for the DOMAIN specified
+    List the assigned ITK user for the LOGIN specified
 
-enable-user-itk DOMAIN LOGIN
+enable-user-itk LOGIN
 
-    Enable the assigned ITK user for the DOMAIN specified
+    Enable the assigned ITK user for the LOGIN specified
 
-disable-user-itk DOMAIN LOGIN
+disable-user-itk LOGIN
 
-    Disable the assigned ITK user for the DOMAIN specified
+    Disable the assigned ITK user for the LOGIN specified
 
 setphpversion LOGIN VERSION
 
@@ -154,6 +159,25 @@ setphpversion LOGIN VERSION
 setquota LOGIN QUOTA_SOFT:QUOTA_HARD
 
     Change quotas for LOGIN
+
+manage-http-challenge-file [CREATE | DELETE]
+
+    Create or delete a dummy file for the Let's Encrypt HTTP challenge
+    The default directory is /var/lib/letsencrypt/.well-known/
+
+generate-csr LOGIN DOMAINS
+
+    Generate the request for the Let's Encrypt certificate
+
+generate-ssl-certificate LOGIN [false]
+
+    Generate the Let's Encrypt certificate
+    Run in TEST mode unless "false" is used
+
+version 
+
+    Obtain the script version
+
 EOT
 }
 
@@ -170,7 +194,7 @@ EOT
 }
 
 gen_random_passwd() {
-    apg -c /dev/urandom -n1 -E oOlL10\&\\\/\"\'
+    apg -c /dev/urandom -MNCL -n1 -m18  -E oOlL10
 }
 
 validate_login() {
@@ -213,6 +237,15 @@ validate_wwwdomain() {
         in_error "Le nom de domaine est obligatoire"
         return 1
     fi
+    case "$wwwdomain" in
+        *'/'*)
+            in_error "Le caractère / n'est pas autorisé. Avez-vous confondu nom de domaine (example.com) et URL (https://example.com) ?"
+            return 1;;
+        *':'*)
+            in_error "Le caractère : n'est pas autorisé. Avez-vous confondu nom de domaine (example.com) et URL (https://example.com) ?"
+            return 1;;
+    esac
+
     return 0
 }
 
@@ -397,22 +430,35 @@ create_www_account() {
             pool_path="/etc/php/7.0/fpm/pool.d/"
         elif [ "$php_version" = "73" ]; then
             pool_path="/etc/php/7.3/fpm/pool.d/"
+        elif [ "$php_version" = "74" ]; then
+            pool_path="/etc/php/7.4/fpm/pool.d/"
+        elif [ "$php_version" = "80" ]; then
+            pool_path="/etc/php/8.0/fpm/pool.d/"
+        elif [ "$php_version" = "81" ]; then
+            pool_path="/etc/php/8.1/fpm/pool.d/"
+        elif [ "$php_version" = "82" ]; then
+            pool_path="/etc/php/8.2/fpm/pool.d/"
         else
             pool_path="/etc/php5/fpm/pool.d/"
         fi
         phpfpm_socket_path="/home/${in_login}/php-fpm${php_version}.sock"
         cat </var/lib/lxc/php"${php_version}"/rootfs/${pool_path}/"${in_login}".conf
 [${in_login}]
-user = ${in_login}
+user = www-${in_login}
 group = ${in_login}
 
 listen = ${phpfpm_socket_path}
 listen.owner = ${in_login}
 listen.group = ${in_login}
+
 pm = ondemand
+pm.status_path = /evolinux_fpm_status-$(apg -Mncl -n1 -m32)
 pm.max_children = 10
 pm.process_idle_timeout = 10s
+
 php_admin_value[error_log] = /home/${in_login}/log/php.log
+php_admin_value[sendmail_path] = "/usr/sbin/sendmail -t -i -f www-${in_login}@${HOST}"
+php_admin_value[open_basedir] = "/usr/share/php:/home/${in_login}:/tmp"
 EOT
         step_ok "Création du pool FPM ${php_version}"
     done
@@ -421,6 +467,9 @@ EOT
 
     random=$RANDOM
     if [ "$WEB_SERVER" == "apache" ]; then
+        # On s'assure que /etc/apache2/ssl pour le IncludeOptional de la conf
+        mkdir -p /etc/apache2/ssl
+
         vhostfile="/etc/apache2/sites-available/${in_login}.conf"
         sed -e "s/XXX/$in_login/g ; s/SERVERNAME/$in_wwwdomain/ ; s/RANDOM/$random/ ; s#HOME_DIR#$HOME_DIR#" < $TPL_VHOST > "$vhostfile"
 
@@ -446,7 +495,7 @@ EOT
             sed -i -e "s/^\\(.*\\)#\\(ServerAlias\\).*$/\\1\\2 $subweb/" "$vhostfile"
         fi
 
-        a2ensite "$in_login" >/dev/null
+        a2ensite "${in_login}.conf" >/dev/null
 
         step_ok "Configuration d'Apache"
 
@@ -558,6 +607,18 @@ EOT
             elif [ "$php_version" = "73" ]; then
                 initscript_path="/etc/init.d/php7.3-fpm"
                 binary="php-fpm7.3"
+            elif [ "$php_version" = "74" ]; then
+                initscript_path="/etc/init.d/php7.4-fpm"
+                binary="php-fpm7.4"
+            elif [ "$php_version" = "80" ]; then
+                initscript_path="/etc/init.d/php8.0-fpm"
+                binary="php-fpm8.0"
+            elif [ "$php_version" = "81" ]; then
+                initscript_path="/etc/init.d/php8.1-fpm"
+                binary="php-fpm8.1"
+            elif [ "$php_version" = "82" ]; then
+                initscript_path="/etc/init.d/php8.2-fpm"
+                binary="php-fpm8.2"
             else
                 initscript_path="/etc/init.d/php5-fpm"
                 binary="php5-fpm"
@@ -612,28 +673,161 @@ EOT
 }
 
 op_del() {
-    if [ $# -lt 1 ]; then
-        usage
-        exit 1
+
+    #
+    # Mode interactif
+    #
+
+    if [ $# -eq 0 ]; then
+        echo
+        echo "Suppression d'un compte WEB"
+        echo
+
+        until [ "$login" ]; do
+            echo -n "Entrez le login du compte à supprimer : "
+            read -r tmp
+            login="$tmp"
+        done
+
+        echo -n "Voulez-vous aussi supprimer un compte/base MySQL ? [y|N]"
+        read -r confirm
+
+        if [ "$confirm" = "y" ] || [ "$confirm" = "Y" ]; then
+            echo -n "Entrez le nom de la base de donnees ($login par defaut) : "
+            read -r tmp
+
+            if [ -z "$tmp" ]; then
+                dbname=$login
+            else
+                dbname="$tmp"
+            fi
+        fi
+
+    #
+    # Mode non interactif
+    #
+
     else
-        login=$1
-        if [ $# -eq 2 ]; then
-            dbname=$2
+        while getopts hy opt; do
+            case "$opt" in
+            y)
+                force_confirm=1
+                ;;
+            h)
+                usage
+                exit 1
+                ;;
+            ?)
+                usage
+                exit 1
+                ;;
+            esac
+        done
+
+        shift $((OPTIND - 1))
+        if [ $# -gt 0 ] && [ $# -le 2 ]; then
+            login=$1
+            if [ $# -eq 2 ]; then
+                dbname=$2
+            fi
+        else
+            usage
+            exit 1
+        fi
+    fi
+
+    echo
+    echo "----------------------------------------------"
+    echo "Nom du compte : $login"
+    if [ "$dbname" ]; then
+        echo "Base de données MySQL : $dbname"
+    fi
+    echo "----------------------------------------------"
+    echo
+
+    if [ -z "$force_confirm" ]; then
+        echo -n "Confirmer la suppression ? [y/N] : "
+        read -r tmp
+        echo
+        if [ "$tmp" != "y" ] && [ "$tmp" != "Y" ]; then
+            echo "Annulation..."
+            echo
+            exit 1
         fi
     fi
 
-    echo "Deleting account $login. Continue ?"
-    read -r
 
     set -x
-    if [ "$WEB_SERVER" == "apache" ]; then
-        userdel www-"$login"
+    # Crontab dump needs to be done **before** user deletion
+    if crontab -l -u "$login"; then
+        crontab -l -u "$login" &> /home/$login/crontab-$(date '+%Y%m%d-%H%M%S').bak
+        crontab -r -u "$login"
     fi
-    userdel "$login"
-    for php_version in "${PHP_VERSIONS[@]}"; do
-        lxc-attach -n php"${php_version}" -- userdel -f www-"$login"
-        lxc-attach -n php"${php_version}" -- userdel -f "$login"
-    done
+
+    # Deactivate web vhost (apache or nginx)
+    if [ "$WEB_SERVER" == "apache" ]; then
+        if a2query -s test12 >/dev/null 2&>1; then
+            a2dissite "${login}.conf"
+        fi
+        rm -f /etc/apache2/sites-available/"$login.conf"
+
+        apache2ctl configtest
+
+        for php_version in "${PHP_VERSIONS[@]}"; do
+            if [ "$php_version" = "70" ]; then
+                phpfpm_dir="/etc/php/7.0/fpm/pool.d/"
+                initscript_path="/etc/init.d/php7.0-fpm"
+            elif [ "$php_version" = "73" ]; then
+                phpfpm_dir="/etc/php/7.3/fpm/pool.d/"
+                initscript_path="/etc/init.d/php7.3-fpm"
+            elif [ "$php_version" = "74" ]; then
+                phpfpm_dir="/etc/php/7.4/fpm/pool.d/"
+                initscript_path="/etc/init.d/php7.4-fpm"
+            elif [ "$php_version" = "80" ]; then
+                phpfpm_dir="/etc/php/8.0/fpm/pool.d/"
+                initscript_path="/etc/init.d/php8.0-fpm"
+            elif [ "$php_version" = "81" ]; then
+                phpfpm_dir="/etc/php/8.1/fpm/pool.d/"
+                initscript_path="/etc/init.d/php8.1-fpm"
+            elif [ "$php_version" = "82" ]; then
+                phpfpm_dir="/etc/php/8.2/fpm/pool.d/"
+                initscript_path="/etc/init.d/php8.2-fpm"
+            else
+                phpfpm_dir="/etc/php5/fpm/pool.d/"
+                initscript_path="/etc/init.d/php5-fpm"
+            fi
+            rm -f /var/lib/lxc/php"${php_version}"/rootfs/${phpfpm_dir}/"${login}".conf
+            lxc-attach -n php"${php_version}" -- $initscript_path restart >/dev/null
+        done
+
+    elif [ "$WEB_SERVER" == "nginx" ]; then
+        rm -f /etc/nginx/sites-{available,enabled}/"$login"
+        rm -f /etc/munin/plugins/phpfpm_"${in_login}"*
+        nginx -t
+    fi
+
+    rm -f /etc/awstats/awstats."$login.conf"
+    sed -i.bak "/-config=$login /d" /etc/cron.d/awstats
+
+    if [ "$WEB_SERVER" == "apache" ]; then
+        if id www-"$login" &> /dev/null; then
+            userdel -f www-"$login"
+        fi
+
+        for php_version in "${PHP_VERSIONS[@]}"; do
+            if lxc-attach -n php"${php_version}" -- getent passwd www-"$login" &> /dev/null; then
+                lxc-attach -n php"${php_version}" -- userdel -f www-"$login"
+            fi
+            if lxc-attach -n php"${php_version}" -- getent passwd "$login" &> /dev/null; then
+                lxc-attach -n php"${php_version}" -- userdel -f "$login"
+            fi
+        done
+    fi
+
+    if getent passwd "$login" &> /dev/null; then
+        userdel -f "$login"
+    fi
+
     sed -i.bak "/^$login:/d" /etc/aliases
     if [ "$WEB_SERVER" == "apache" ]; then
         sed -i.bak "/^www-$login:/d" /etc/aliases
@@ -650,42 +844,15 @@ op_del() {
         echo "warning : $HOME_DIR/$login does not exist"
     fi
 
-    if [ "$WEB_SERVER" == "apache" ]; then
-        a2dissite "$login"
-        rm /etc/apache2/sites-available/"$login.conf"
-        rm /etc/awstats/awstats."$login.conf"
-        sed -i.bak "/-config=$login /d" /etc/cron.d/awstats
-        apache2ctl configtest
-        for php_version in "${PHP_VERSIONS[@]}"; do
-            if [ "$php_version" = "70" ]; then
-                phpfpm_dir="/etc/php/7.0/fpm/pool.d/"
-                initscript_path="/etc/init.d/php7.0-fpm"
-            elif [ "$php_version" = "73" ]; then
-                phpfpm_dir="/etc/php/7.3/fpm/pool.d/"
-                initscript_path="/etc/init.d/php7.3-fpm"
-            else
-                phpfpm_dir="/etc/php5/fpm/pool.d/"
-                initscript_path="/etc/init.d/php5-fpm"
-            fi
-            rm /var/lib/lxc/php"${php_version}"/rootfs/${phpfpm_dir}/"${login}".conf
-            lxc-attach -n php"${php_version}" -- $initscript_path restart >/dev/null
-        done
-    elif [ "$WEB_SERVER" == "nginx" ]; then
-
-        rm /etc/nginx/sites-{available,enabled}/"$login"
-        rm /etc/awstats/awstats."$login.conf"
-        rm /etc/munin/plugins/phpfpm_"${in_login}"*
-        sed -i.bak "/-config=$login/d" /etc/cron.d/awstats
-        nginx -t
+    if [ -d /etc/letsencrypt/"$login" ]; then
+        rm -r /etc/letsencrypt/"$login"
     fi
+
     set +x
 
     if [ -n "$dbname" ]; then
-        echo "Deleting mysql DATABASE $dbname and mysql user $login. Continue ?"
-        read -r
-
         set -x
-        echo "DROP DATABASE $dbname; delete from mysql.user where user='$login' ; FLUSH PRIVILEGES;" | mysql $MYSQL_OPTS
+        echo "DROP DATABASE \`$dbname\`; DROP USER \`$login\`@localhost; FLUSH PRIVILEGES;" | mysql $MYSQL_OPTS
         set +x
     fi
 }
@@ -755,9 +922,6 @@ arg_processing() {
         del-alias)
             op_aliasdel "$@"
             ;;
-        list-servername)
-            op_listservername "$@"
-            ;;
         update-servername)
             op_servernameupdate "$@"
             ;;
@@ -779,6 +943,18 @@ arg_processing() {
         setquota)
             op_setquota "$@"
             ;;
+        manage-http-challenge-file)
+            op_managehttpchallengefile "$@"
+            ;;
+        generate-csr)
+            op_makecsr "$@"
+            ;;
+        generate-ssl-certificate)
+            op_generatesslcertificate "$@"
+            ;;
+        version)
+            op_version "$@"
+            ;;
         *)
             usage
             ;;
@@ -786,6 +962,64 @@ arg_processing() {
     fi
 }
 
+op_makecsr() {
+    if [ $# -gt 1 ]; then
+        vhost="$1"
+        domains=""
+
+        # remove the first argument to keep only the domains
+        shift 1
+
+        for domain in "$@"; do
+            domains="${domains:+${domains} }${domain}"
+        done
+
+        # pipe the domains to make-csr because we don't have STDIN
+        echo "$domains" | make-csr "$vhost"
+    else usage
+    fi
+}
+
+op_generatesslcertificate() {
+    if [ $# -gt 1 ]; then
+        vhost="$1"
+        test_mode="$2"
+
+        if [ "$test_mode" = "false" ]; then
+            if [ -L /etc/letsencrypt/$vhost/live ]; then
+                rm /etc/letsencrypt/$vhost/live
+            fi
+            evoacme "$vhost"
+        else
+            DRY_RUN=1 evoacme "$vhost"
+        fi
+    else usage
+    fi
+}
+
+op_managehttpchallengefile() {
+    if [ $# -eq 1 ]; then
+        folder="/var/lib/letsencrypt/.well-known"
+        file="testfile"
+
+        action=${1};
+
+        if [ "$action" = "create" ]; then
+            if [ ! -d "$folder" ]; then
+                mkdir -p "$folder/acme-challenge"
+            fi
+            if [ ! -f "$folder/acme-challenge/$file" ]; then
+                touch "$folder/acme-challenge/$file"
+            fi
+            chmod -R 755 "$folder"
+        elif [ "$action" = "delete" ]; then
+            rm -r "$folder"
+        else usage
+        fi
+    else usage
+    fi
+}
+
 op_listvhost() {
     if [ $# -eq 1 ]; then
         configlist="$VHOST_PATH/${1}.conf";
@@ -793,7 +1027,6 @@ op_listvhost() {
         configlist="$VHOST_PATH/*";
     fi
 
-
     for configfile in $configlist; do
         if [ -r "$configfile" ] && echo "$configfile" |grep -qvE "/(000-default|default-ssl|evoadmin)\\.conf$"; then
             servername="$(awk '/^[[:space:]]*ServerName (.*)/ { print $2 }' "$configfile" | head -n 1)"
@@ -811,9 +1044,17 @@ op_listvhost() {
             else
                 is_enabled=0
             fi
+
+            count_virtualhosts="$(grep "&2
+            return 1
+        fi
 
-        apache2ctl configtest 2>/dev/null
-        /etc/init.d/apache2 force-reload >/dev/null
+        configtest_out=$(apache2ctl configtest)
+        configtest_rc=$?
 
+        if [ "$configtest_rc" = "0" ]; then
+            /etc/init.d/apache2 force-reload >/dev/null
+        else
+            echo $configtest_out >&2
+        fi
     else usage
     fi
 }
@@ -859,25 +1111,6 @@ op_aliasdel() {
     fi
 }
 
-op_listservername() {
-    if [ $# -eq 1 ]; then
-        vhost_file="$VHOST_PATH/${1}.conf";
-
-        if [ -f "${vhost_file}" ]; then
-            servernames=$(awk '/^[[:space:]]*ServerName (.*)/ { print $2 }' "$vhost_file" | uniq)
-
-            for servername in $servernames; do
-                echo "$servername";
-            done
-        else
-            echo "VHost file \`${vhost_file}' not found'" >&2
-            return 1
-        fi
-    else
-        usage
-    fi
-}
-
 op_servernameupdate() {
     if [ $# -eq 3 ]; then
       vhost="${1}.conf"
@@ -885,7 +1118,6 @@ op_servernameupdate() {
       old_servername=$3
       vhost_file="${VHOST_PATH}/${vhost}"
 
-      # Remplacement de toutes les directives ServerName, on assume qu'il s'agit du même pour chaque vhost du fichier
       if [ -f "${vhost_file}" ]; then
           sed -i "/^ *ServerName/ s/$old_servername/$servername/g" "${vhost_file}" --follow-symlinks
           sed -i "/^ *RewriteCond/ s/$old_servername/$servername/g" "${vhost_file}" --follow-symlinks
@@ -915,36 +1147,34 @@ op_checkoccurencename() {
             if [ -r "$configfile" ]; then
                 alias=$(perl -ne 'print "$1 " if /^[[:space:]]*ServerAlias (.*)/' "$configfile" | head -n 1)
                 aliases="$aliases $alias"
-        
+
                 servername=$(awk '/^[[:space:]]*ServerName (.*)/ { print $2 }' "$configfile" | uniq)
                 servernames="$servernames $servername"
             fi
         done
 
-        echo "$servernames" "$aliases" | grep -w "$name"
+        echo "$servernames" "$aliases" | grep -E "(^|\s)$name(\s|$)"
     else
         usage
     fi
 }
 
 op_listuseritk() {
-    if [ $# -eq 2 ]; then
-        domain=${1}
-        configfile="$VHOST_PATH/${2}.conf"
-  
-        sed -n "/$domain/,/<\/VirtualHost>/p" "$configfile" | awk '/AssignUserID/ {print $2}' | uniq
+    if [ $# -eq 1 ]; then
+        configfile="$VHOST_PATH/${1}.conf"
+
+        awk '/AssignUserID/ {print $2}' "$configfile" | uniq
     else
         usage
     fi
 }
 
 op_enableuseritk() {
-    if [ $# -eq 2 ]; then
-        domain=${1}
-        configfile="$VHOST_PATH/${2}.conf"
-        group=$(sed -n "/$domain/,/<\/VirtualHost>/p" "$configfile" | awk '/AssignUserID/ {print $3}' | uniq)
+    if [ $# -eq 1 ]; then
+        configfile="$VHOST_PATH/${1}.conf"
+        group=$(awk '/AssignUserID/ {print $3}' "$configfile" | uniq)
 
-        sed -i "/$domain/,/<\/VirtualHost>/ s/^ *AssignUserID $group/    AssignUserID www-$group/" "$configfile" --follow-symlinks
+        sed -i "s/^ *AssignUserID $group/    AssignUserID www-$group/" "$configfile" --follow-symlinks
 
         configtest_out=$(apache2ctl configtest)
         configtest_rc=$?
@@ -960,12 +1190,11 @@ op_enableuseritk() {
 }
 
 op_disableuseritk() {
-    if [ $# -eq 2 ]; then
-        domain=${1}
-        configfile="$VHOST_PATH"/"${2}".conf
-        group=$(sed -n "/$domain/,/<\/VirtualHost>/p" $configfile | awk '/AssignUserID/ {print $3}' | uniq)
+    if [ $# -eq 1 ]; then
+        configfile="$VHOST_PATH"/"${1}".conf
+        group=$(awk '/AssignUserID/ {print $3}' "$configfile" | uniq)
 
-        sed -i "/$domain/,/<\/VirtualHost>/ s/^ *AssignUserID www-$group/    AssignUserID ${group}/" "$configfile" --follow-symlinks
+        sed -i "s/^ *AssignUserID www-$group/    AssignUserID ${group}/" "$configfile" --follow-symlinks
 
         configtest_out=$(apache2ctl configtest)
         configtest_rc=$?
@@ -1200,7 +1429,7 @@ op_checkvhosts() {
     do
 		vhost_name=$(basename "$ln_path")
 		fix_conf="mv $ln_path $VHOST_PATH/$vhost_name"
-		fix_ln="a2ensite $vhost_name"
+		fix_ln="a2ensite ${vhost_name}.conf"
 
 		if [[ -z "$apply" ]]; then
 			echo "Suggested fixes for $vhost_name:"
@@ -1214,5 +1443,10 @@ op_checkvhosts() {
 	done
 }
 
+# Return web-add.sh version
+op_version(){
+    echo "$VERSION"
+}
+
 # Point d'entrée
 arg_processing "$@"
diff --git a/tpl/auth.tpl.php b/tpl/auth.tpl.php
index dceb185..76c27c1 100644
--- a/tpl/auth.tpl.php
+++ b/tpl/auth.tpl.php
@@ -1,43 +1,46 @@
 
- * @author Thomas Martin 
- * @author Sebastien Palma 
+ * @author  Evolix 
+ * @author  Gregory Colpart 
+ * @author  Thomas Martin 
+ * @author  Sebastien Palma 
+ * @author  and others.
  * @version 1.0
  */
 
 ?>
 
-


+
Evoadmin : Connexion

+
 

 
-  
-    
-    
-  
-  
-    
-    
-  
-  
-    
-    
-  
-  
-  
-    
-  
-  
+    
+        
+        
+    
+    
+        
+        
+    
+    
+        
+        
+    
+    
+    
+        
+    
+        
Utilisateur :  
Mot de passe :  
 
Identifiants invalides. Veuillez ré-essayer
Utilisateur :  
Mot de passe :  
 

+            Identifiants invalides. 
+            Veuillez ré-essayer
+        

 

 

diff --git a/tpl/header.tpl.php b/tpl/header.tpl.php
index 85a81f7..e1e6fab 100644
--- a/tpl/header.tpl.php
+++ b/tpl/header.tpl.php
@@ -21,7 +21,7 @@
 
 
 
-EvoAdmin - Powered by Evolix
+Evoadmin-web - Powered by Evolix
 
 
 
@@ -31,10 +31,10 @@
 
 
 

-    
EvoAdmin
+    
Evoadmin-web
         
+ * @version 1.0
+ */
+
+?>
+
+
Suppression du compte web

+
+

+    

+        

+            
+            
+        

+        

+            
+            
+        

+        

+            
+            
+        

+        

+            
+        

+    

+

diff --git a/tpl/webadmin-edit.tpl.php b/tpl/webadmin-edit.tpl.php
index 146dfdc..4c57bd3 100644
--- a/tpl/webadmin-edit.tpl.php
+++ b/tpl/webadmin-edit.tpl.php
@@ -5,7 +5,7 @@
  *
  * Copyright (c) 2009 Evolix - Tous droits reserves
  *
- * vim: expandtab softtabstop=4 tabstop=4 shiftwidth=4 showtabline=2 
+ * vim: expandtab softtabstop=4 tabstop=4 shiftwidth=4 showtabline=2
  *
  * @author Thomas Martin 
  * @version 1.0
@@ -15,13 +15,13 @@
 
 
Server Alias

 
- 0) {
 
-    if(count($alias_list) > 0) { 
-        
         if (is_superadmin()) {
             print "
";
-            printf('
Ajouter un alias
', $domain);
+            printf('
Ajouter un alias
', $domain);
             print "
";
         }?>
 
@@ -35,28 +35,27 @@
         
         
         
-        ';
-                printf('http://%s',
+                printf('%s',
                     $alias_list[$i]['alias'], $alias_list[$i]['alias']);
-                if (is_superadmin()) 
-                    printf('Supprimer', 
+                if (is_superadmin())
+                    printf('Supprimer',
                             $domain, $alias_list[$i]['alias']);
                 print '';
         } ?>
         
     
-Aucun alias existant pour le domaine $domain !
";
         if (is_superadmin()) {
             print "
";
-            printf('
Ajouter un alias
', $domain);
+            printf('
Ajouter un alias
', $domain);
             print "
";
         }
    }
 
 
 ?>
-
diff --git a/tpl/webadmin-itk.tpl.php b/tpl/webadmin-itk.tpl.php
index 7d1f596..5819a3c 100644
--- a/tpl/webadmin-itk.tpl.php
+++ b/tpl/webadmin-itk.tpl.php
@@ -17,12 +17,11 @@
 
  0) { ?>
+    if(!empty($user_itk)) { ?>
 
     
-           Action';
@@ -31,25 +30,23 @@
         ';
-                printf('',
-                    $data_list[$i]['servername']);
-                printf('',
-                    $data_list[$i]['user']);
-                if (is_superadmin()) {
 
-                  if (strpos($data_list[$i]['user'], 'www') !== false) {
-                    $action = ['disable', 'Désactiver'];
-                  } else {
-                    $action = ['enable', 'Activer'];
-                  }
+          print '';
+          printf('',
+              $user_itk);
+          if (is_superadmin()) {
 
-                  printf('',
-                          $domain, $action[0], $data_list[$i]['servername']);
-                }
-                print '';
-        } ?>
+            if (strpos($user_itk, 'www') !== false) {
+              $action = ['disable', 'Désactiver'];
+            } else {
+              $action = ['enable', 'Activer'];
+            }
+
+            printf('',
+                    $domain, $action[0]);
+          }
+          print '';
+        ?>
         

         
         
ServerName
            Utilisateur
            

         
         
%s%s
%s'.$action[1].'
'.$action[1].'

     

 Gestion Let's Encrypt
+
+' . $errorMessage . '';
+
+        if (count($failed_domains) > 0) {
+            echo '
';
+            foreach ($failed_domains as $failed_domain) {
+                echo $failed_domain . "
";
+            }
+            echo '
';
+        }
+    } else {
+        echo "Votre certificat SSL a bien été installé !";
+    }
+} else {
+    if (!empty($errorMessage)) {
+        echo '' . $errorMessage . '';
+
+        if (count($failed_domains) > 0) {
+            echo '
';
+            foreach ($failed_domains as $failed_domain) {
+                echo $failed_domain . "
";
+            }
+            echo '
';
+        }
+    } elseif (!empty($warningMessage)) {
+        echo '' . $warningMessage . ''; ?>
+        

+            

+                
+                
+            

+        

+        Les domaines suivants seront intégrés au certificat : 
";
+        if (count($_SESSION['letsencrypt-domains']) > 0) {
+            echo '
';
+            foreach ($_SESSION['letsencrypt-domains'] as $domain) {
+                echo $domain . '
';
+            }
+            echo '
';
+            ?>
+            

+                

+            

+            
 
-
ServerNames

+
Servername

 
  0) { ?>
+    if(!empty($servername)) { ?>
 
     
-           
+           Action';
            } ?>
@@ -30,20 +30,19 @@
         ';
-                printf('',
-                    $servername_list[$i]);
-                if (is_superadmin())
-                    printf('',
-                            $domain, $servername_list[$i]);
-                print '';
-        } ?>
+          print '';
+          printf('',
+              $servername);
+          if (is_superadmin())
+              printf('',
+                      $domain, $servername);
+          print '';
+        ?>
         

         
         
ServerNameServername
            

         
         
%sModifier
%sModifier

     

 Aucun ServerName existant pour le domaine $domain !
";
+       print "
Aucun Servername existant pour le domaine $domain !
";
    }
 
 
diff --git a/tpl/webadmin.tpl.php b/tpl/webadmin.tpl.php
index 3ae37f0..98b02c8 100755
--- a/tpl/webadmin.tpl.php
+++ b/tpl/webadmin.tpl.php
@@ -22,9 +22,9 @@
       
       
         Propriétaire';
+            print 'Virtual Host';
         } ?>
-        Domaine
+        Servername
         Alias';
         }
@@ -61,7 +61,7 @@
           if(is_superadmin()) {
             printf('%s', $vhost_info['owner']);
           }
-          printf('http://%s',
+          printf('%s',
                   $vhost_info['server_name'], $vhost_info['server_name']);
 
           if ($conf['cluster']) {
@@ -87,7 +87,7 @@
                   printf('%s', $vhost_info['slave']);
 	  }
 
-          printf('%s', preg_replace('/,/','
',$vhost_info['server_alias']));
+          printf('%s', preg_replace('/,/','
',$vhost_info['server_alias']));
 
           if ($conf['quota']) {
             printf('%s', $vhost_info['size']);
@@ -95,6 +95,7 @@
             printf('%s', $vhost_info['quota_hard']);
             printf('%s', $vhost_info['occupation']);
           }
+
           if (array_key_exists('php_versions', $conf) && count($conf['php_versions']) > 1) {
             printf('%s', preg_replace("/^(\d)(\d)$/", '\1.\2', $vhost_info['php_version']));
           }
@@ -102,10 +103,19 @@
 
           if (is_superadmin()) {
               printf('');
-              printf('Alias - ', $vhost_info['owner']);
-              printf('Servername - ', $vhost_info['owner']);
-              printf('ITK - ', $vhost_info['owner']);
-              printf('PHP', $vhost_info['owner']);
+              if (!in_array($vhost_info['owner'], $_SESSION['non_standard'])) {
+                printf('Alias - ', $vhost_info['owner']);
+                printf('Servername - ', $vhost_info['owner']);
+                if(is_multiphp()) {
+                    printf('PHP - ', $vhost_info['owner']);
+                } else {
+                    printf('ITK - ', $vhost_info['owner']);
+                }
+                printf('Let\'s Encrypt - ', $vhost_info['owner']);
+                printf('Supprimer', $vhost_info['owner']);
+              } else {
+                print 'VirtualHost non standard';
+              }
               printf('');
 
           }