From 1331bb96b4e09adaa1cb6e333695c96cad66d584 Mon Sep 17 00:00:00 2001 From: Ludovic Poujol Date: Fri, 29 Mar 2019 15:55:43 +0100 Subject: [PATCH 001/116] Fix is_multiphp() always returning false --- htdocs/common.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/common.php b/htdocs/common.php index 1e2532f..7ae18b9 100644 --- a/htdocs/common.php +++ b/htdocs/common.php @@ -92,8 +92,8 @@ function load_config_cluster($cluster) { * * @return boolean - True when it's a multi PHP system */ -function is_multiphp() -{ +function is_multiphp() { + global $conf; return array_key_exists('php_versions', $conf) && count($conf['php_versions']) > 1; } From 2aa7a7a5659defe82994957d367a05c2d1182720 Mon Sep 17 00:00:00 2001 From: Ludovic Poujol Date: Fri, 29 Mar 2019 15:56:35 +0100 Subject: [PATCH 002/116] Only display the PHP version change link on multi-php install (Also means the ITK setting doesn't matter and should not be displayed) --- tpl/webadmin.tpl.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/tpl/webadmin.tpl.php b/tpl/webadmin.tpl.php index 3ae37f0..689559a 100755 --- a/tpl/webadmin.tpl.php +++ b/tpl/webadmin.tpl.php @@ -104,8 +104,11 @@ printf(''); printf('Alias - ', $vhost_info['owner']); printf('Servername - ', $vhost_info['owner']); - printf('ITK - ', $vhost_info['owner']); - printf('PHP', $vhost_info['owner']); + if(is_multiphp()) { + printf('PHP', $vhost_info['owner']); + } else { + printf('ITK', $vhost_info['owner']); + } printf(''); } From e0f8d6ade16603b8ec6fbf4c24d9108444897085 Mon Sep 17 00:00:00 2001 From: Ludovic Poujol Date: Fri, 29 Mar 2019 15:58:28 +0100 Subject: [PATCH 003/116] Command fixes in README.md --- README.md | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 3e7e74f..e3d687b 100644 --- a/README.md +++ b/README.md @@ -95,8 +95,8 @@ Puis on installe les paquets PHP 7.3 dans ce conteneur : # lxc-start -n php73 # lxc-attach -n php73 -# apt-get update && apt-get install -y --no-install-recommends wget apt-transport-https ca-certificates -# wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg +# apt-get update && apt-get install -y --no-install-recommends wget apt-transport-https ca-certificates gnupg +# curl https://packages.sury.org/php/apt.gpg | apt-key add # echo "deb https://packages.sury.org/php/ stretch main" > /etc/apt/sources.list.d/sury.list # apt-get update && apt-get install -y --no-install-recommends php7.3 php7.3-fpm php7.3-cli php7.3-curl php7.3-mysql php7.3-pgsql php7.3-ldap php7.3-imap php7.3-gd php-ssh2 php-gettext composer libphp-phpmailer ~~~ @@ -106,7 +106,9 @@ Puis on installe les paquets PHP 7.3 dans ce conteneur : Dans les containers, il faut ajouter le fichier **z-evolinux-defaults.ini** dans le dossier **conf.d** des réglages de PHP FPM et CLI > Pour PHP5 **/etc/php5/fpm/conf.d/z-evolinux-defaults.ini** et **/etc/php5/cli/conf.d/z-evolinux-defaults.ini** +> > Pour PHP7.0 **/etc/php/7.0/fpm/conf.d/z-evolinux-defaults.ini** et **/etc/php/7.0/cli/conf.d/z-evolinux-defaults.ini** +> > Pour PHP7.3 **/etc/php/7.3/fpm/conf.d/z-evolinux-defaults.ini** et **/etc/php/7.3/cli/conf.d/z-evolinux-defaults.ini** ~~~ @@ -156,9 +158,9 @@ Il est nécessaire d'activer le mod proxy pour apache2 si ce n'a pas déjà ét Si vous rencontrez l'erreur "File not found" avec les fichiers php, bien vérifier que le rootfs des conteneurs est en 755 : ~~~ -chmod 755 /var/lib/lxc/php56/rootfs -chmod 755 /var/lib/lxc/php70/rootfs -chmod 755 /var/lib/lxc/php73/rootfs +# chmod 755 /var/lib/lxc/php56/rootfs +# chmod 755 /var/lib/lxc/php70/rootfs +# chmod 755 /var/lib/lxc/php73/rootfs ~~~ #### Email @@ -166,7 +168,7 @@ chmod 755 /var/lib/lxc/php73/rootfs Pour envoyer des mails, on peut installer **ssmtp** qui va forwarder les mails du conteneur vers l'hôte (à faire par conteneur via lxc-attach) : ~~~ -apt install ssmtp +# apt install ssmtp ~~~ Editer **/etc/ssmtp/ssmtp.conf** (remplacer example.com par le hostname complet de votre machine) : From fde162d67908dc82c0ce5a310d4b402e1c395aa0 Mon Sep 17 00:00:00 2001 From: Nicolas Roman Date: Mon, 1 Apr 2019 15:13:28 +0200 Subject: [PATCH 004/116] servername url changed --- htdocs/index.php | 2 +- inc/webadmin-servername.php | 232 ++++++++++++++++---------------- tpl/webadmin-servername.tpl.php | 2 +- tpl/webadmin.tpl.php | 2 +- 4 files changed, 121 insertions(+), 117 deletions(-) diff --git a/htdocs/index.php b/htdocs/index.php index 62d2a65..4d54a5e 100755 --- a/htdocs/index.php +++ b/htdocs/index.php @@ -48,7 +48,7 @@ if (!array_key_exists('auth', $_SESSION) || $_SESSION['auth']!=1) { include_once EVOADMIN_BASE . '../inc/webadmin.php'; -} elseif (preg_match('#^/webadmin/servername/(.*)/?$#', $uri, $params)) { +} elseif (preg_match('#^/webadmin/(.*)/domain/?(edit)?/?(.*)?/$#', $uri, $params)) { include_once EVOADMIN_BASE . '../inc/webadmin-servername.php'; diff --git a/inc/webadmin-servername.php b/inc/webadmin-servername.php index a68d7c2..7779c43 100644 --- a/inc/webadmin-servername.php +++ b/inc/webadmin-servername.php @@ -18,138 +18,132 @@ require_once EVOADMIN_BASE . '../lib/domain.php'; global $conf; -if (isset($_GET['edit']) ) { +if (isset($params[2]) && $params[2] == "edit") { + $redirect_url = "/webadmin/" . $params[1] . "/domain/"; + + if (isset($params[3]) && $params[3] == "") http_redirect($redirect_url); + require_once EVOADMIN_BASE . '../evolibs/Form.php'; include_once EVOADMIN_BASE . '../tpl/header.tpl.php'; include_once EVOADMIN_BASE . '../tpl/menu.tpl.php'; - $form = new FormPage("Modification du ServerName", FALSE); - $form->addField('domain_servername', new DomainInputFormField("ServerName", TRUE), $_GET['edit']); - $form->addField('previous_servername', new DomainInputFormField("", TRUE, TRUE), $_GET['edit']); + $form = new FormPage("Modification du ServerName", FALSE); + $form->addField('domain_servername', new DomainInputFormField("ServerName", TRUE), $params[3]); + $form->addField('previous_servername', new DomainInputFormField("", TRUE, TRUE), $params[3]); - if (!empty($_POST)) { - $form->isCurrentPage(TRUE); - $form->initFields(); - - if ($form->verify(TRUE)) { - // TODO: Adapt the script for cluster mode - if ($conf['cluster']) { - if (is_mcluster_mode()) { - // If the user has not yet selected a cluster, redirect-it to home page. - if (empty($_SESSION['cluster'])) { - http_redirect('/'); - } - $cache = str_replace('%cluster_name%', $_SESSION['cluster'], $conf['cache']); - } - else { - $cache = $conf['cache']; - } - $bdd = new bdd(); - $bdd->open($cache); - - $servername = array ( - 'domain' => htmlspecialchars(basename($_SERVER['REDIRECT_URL'])), - 'servername' => $form->getField('domain_servername')->getValue(), - 'previous_servername' => $form->getField('previous_servername')->getValue(), - ); - - $account_name=$servername['domain']; - $account = $bdd->get_account($account_name); - - - if (sizeof($account) == 0) - die("Anomalie... Contactez votre administrateur."); - - $master = $bdd->get_server_from_roleid($account['id_master']); - $slave = $bdd->get_server_from_roleid($account['id_slave']); - - - if ( $bdd->is_serveralias( $account_name, $serveralias['alias'] ) == 0 ) { - - /* web-add-cluster addalias */ - $exec_cmd = 'web-add-cluster.sh add-alias '.$serveralias['domain'].' '.$serveralias['alias'].' '.$master.' '.$slave; - sudoexec($exec_cmd, $exec_output, $exec_return); - - - - if ($exec_return == 0) { - /* Ajout BDD */ - $bdd->add_serveralias($serveralias); - - domain_add($serveralias['alias'], gethostbyname($master) , false); - - # Si le compte en question est en replication temps - # reel, il faut faire un restart manuel de lsyncd - # pour prendre en compte le nouveau domaine. - if ($account['replication'] == "realtime") { - mail('tech@evolix.fr', "[TAF] Redemarrer lsyncd sur $master", wordwrap('killer tous les processus lsyncd lancé par vmail pour le compte '.$account['name'].' et les relancer (cf. la ligne correspondante à ce compte dans la crontab de vmail).\n', 70)); - } - - print "
"; - printf ('

L\'alias %s du domaine %s a bien été créé

', $serveralias['alias'], $serveralias['domain']); - printf ('

Retour à la liste des alias

', $_SERVER['REDIRECT_URL']); - print "
"; - } else { - print "
"; - printf ('

Echec dans la creation de l\'alias %s du domaine %s

', $serveralias['alias'], $serveralias['domain']); - printf ('

Retour à la liste des alias

', $_SERVER['REDIRECT_URL']); - print "
"; - } - } else { - print "
"; - printf ('

Alias %s du domaine %s deja existant !

', $serveralias['alias'], $serveralias['domain']); - printf ('

Retour à la liste des alias

', $_SERVER['REDIRECT_URL']); - print "
"; + if (!empty($_POST)) { + $form->isCurrentPage(TRUE); + $form->initFields(); + if ($form->verify(TRUE)) { + // TODO: Adapt the script for cluster mode + if ($conf['cluster']) { + if (is_mcluster_mode()) { + // If the user has not yet selected a cluster, redirect-it to home page. + if (empty($_SESSION['cluster'])) { + http_redirect('/'); } + $cache = str_replace('%cluster_name%', $_SESSION['cluster'], $conf['cache']); } else { - $servername = array ( - 'domain' => htmlspecialchars(basename($_SERVER['REDIRECT_URL'])), - 'servername' => $form->getField('domain_servername')->getValue(), - 'previous_servername' => $form->getField('previous_servername')->getValue(), - ); + $cache = $conf['cache']; + } + $bdd = new bdd(); + $bdd->open($cache); - $account_name=$servername['domain']; + $servername = array ( + 'domain' => htmlspecialchars(basename($_SERVER['REDIRECT_URL'])), + 'servername' => $form->getField('domain_servername')->getValue(), + 'previous_servername' => $form->getField('previous_servername')->getValue(), + ); - $is_servername_present = check_occurence_name($servername['servername']); + $account_name=$servername['domain']; + $account = $bdd->get_account($account_name); - if (!$is_servername_present) { - $exec_cmd = 'web-add.sh update-servername ' . $servername['domain'] . ' ' . $servername['servername'] . ' ' . $servername['previous_servername']; - sudoexec($exec_cmd, $exec_output, $exec_return); - if ($exec_return == 0) { - //domain_add($serveralias['alias'], gethostbyname($master) , false); TODO avec l'IP du load balancer - print "
"; - printf ('

Le ServerName %s a bien été modifié

', $servername['servername']); - printf ('

Retour à la liste des ServerNames

', $_SERVER['REDIRECT_URL']); - print "
"; - } - else { - print "
"; - printf ('

Echec dans la modification du ServerName %s

', $servername['servername']); - printf ('

Retour à la liste des ServerNames

', $_SERVER['REDIRECT_URL']); - print "
"; - } + if (sizeof($account) == 0) + die("Anomalie... Contactez votre administrateur."); + + $master = $bdd->get_server_from_roleid($account['id_master']); + $slave = $bdd->get_server_from_roleid($account['id_slave']); + + + if ( $bdd->is_serveralias( $account_name, $serveralias['alias'] ) == 0 ) { + + /* web-add-cluster addalias */ + $exec_cmd = 'web-add-cluster.sh add-alias '.$serveralias['domain'].' '.$serveralias['alias'].' '.$master.' '.$slave; + sudoexec($exec_cmd, $exec_output, $exec_return); + + + + if ($exec_return == 0) { + /* Ajout BDD */ + $bdd->add_serveralias($serveralias); + + domain_add($serveralias['alias'], gethostbyname($master) , false); + + # Si le compte en question est en replication temps + # reel, il faut faire un restart manuel de lsyncd + # pour prendre en compte le nouveau domaine. + if ($account['replication'] == "realtime") { + mail('tech@evolix.fr', "[TAF] Redemarrer lsyncd sur $master", wordwrap('killer tous les processus lsyncd lancé par vmail pour le compte '.$account['name'].' et les relancer (cf. la ligne correspondante à ce compte dans la crontab de vmail).\n', 70)); + } + + print "
"; + printf ('

L\'alias %s du domaine %s a bien été créé

', $serveralias['alias'], $serveralias['domain']); + printf ('

Retour à la liste des alias

', $redirect_url); + print "
"; + } else { + print "
"; + printf ('

Echec dans la creation de l\'alias %s du domaine %s

', $serveralias['alias'], $serveralias['domain']); + printf ('

Retour à la liste des alias

', $redirect_url); + print "
"; } - else { + } else { + print "
"; + printf ('

Alias %s du domaine %s deja existant !

', $serveralias['alias'], $serveralias['domain']); + printf ('

Retour à la liste des alias

', $redirect_url); + print "
"; + + } + } + else { + $servername = array ( + 'domain' => $params[1], + 'servername' => $form->getField('domain_servername')->getValue(), + 'previous_servername' => $form->getField('previous_servername')->getValue(), + ); + + $account_name=$servername['domain']; + + $is_servername_present = check_occurence_name($servername['servername']); + + if (!$is_servername_present) { + $exec_cmd = 'web-add.sh update-servername ' . $servername['domain'] . ' ' . $servername['servername'] . ' ' . $servername['previous_servername']; + sudoexec($exec_cmd, $exec_output, $exec_return); + + if ($exec_return == 0) { + //domain_add($serveralias['alias'], gethostbyname($master) , false); TODO avec l'IP du load balancer + print "
"; + printf ('

Le ServerName %s a bien été modifié

', $servername['servername']); + printf ('

Retour à la liste des ServerNames

', $redirect_url); + print "
"; + } + else { print "
"; printf ('

Echec dans la modification du ServerName %s

', $servername['servername']); - print ('

Le domaine existe déjà dans d\'autres vhosts.'); - printf ('

Retour à la liste des ServerNames

', $_SERVER['REDIRECT_URL']); + printf ('

Retour à la liste des ServerNames

', $redirect_url); print "
"; - } + } + } + else { + print "
"; + printf ('

Echec dans la modification du ServerName %s

', $servername['servername']); + print ('

Le domaine existe déjà dans d\'autres vhosts.'); + printf ('

Retour à la liste des ServerNames

', $redirect_url); + print "
"; } - } else { - print "

Modification du ServerName

"; - print "
"; - print "
"; - print " Modification du ServerName"; - print $form; - print "

"; - print "
"; - print "
"; } } else { print "

Modification du ServerName

"; @@ -160,8 +154,18 @@ if (isset($_GET['edit']) ) { print "

"; print " "; print ""; - } + } else { + print "

Modification du ServerName

"; + print "
"; + print "
"; + print " Modification du ServerName"; + print $form; + print "

"; + print "
"; + print "
"; + + } include_once EVOADMIN_BASE . '../tpl/footer.tpl.php'; diff --git a/tpl/webadmin-servername.tpl.php b/tpl/webadmin-servername.tpl.php index 5e218cb..9766b99 100644 --- a/tpl/webadmin-servername.tpl.php +++ b/tpl/webadmin-servername.tpl.php @@ -35,7 +35,7 @@ printf('%s', $servername_list[$i]); if (is_superadmin()) - printf('Modifier', + printf('Modifier', $domain, $servername_list[$i]); print ''; } ?> diff --git a/tpl/webadmin.tpl.php b/tpl/webadmin.tpl.php index 689559a..6653d2a 100755 --- a/tpl/webadmin.tpl.php +++ b/tpl/webadmin.tpl.php @@ -103,7 +103,7 @@ if (is_superadmin()) { printf(''); printf('Alias - ', $vhost_info['owner']); - printf('Servername - ', $vhost_info['owner']); + printf('Servername - ', $vhost_info['owner']); if(is_multiphp()) { printf('PHP', $vhost_info['owner']); } else { From 99ac46f6717e98bcd2dd9429a2532995064a60e8 Mon Sep 17 00:00:00 2001 From: Nicolas Roman Date: Mon, 1 Apr 2019 15:41:59 +0200 Subject: [PATCH 005/116] itk url changed --- htdocs/index.php | 2 +- inc/webadmin-itk.php | 74 +++++++++++++++++++++------------------- tpl/webadmin-itk.tpl.php | 8 +++-- tpl/webadmin.tpl.php | 2 +- 4 files changed, 46 insertions(+), 40 deletions(-) diff --git a/htdocs/index.php b/htdocs/index.php index 4d54a5e..09bbbe4 100755 --- a/htdocs/index.php +++ b/htdocs/index.php @@ -52,7 +52,7 @@ if (!array_key_exists('auth', $_SESSION) || $_SESSION['auth']!=1) { include_once EVOADMIN_BASE . '../inc/webadmin-servername.php'; -} elseif (preg_match('#^/webadmin/itk/(.*)/?$#', $uri, $params)) { +} elseif (preg_match('#^/webadmin/(.*)/itk/?(enable|disable)?/?(.*)?/$#', $uri, $params)) { include_once EVOADMIN_BASE . '../inc/webadmin-itk.php'; diff --git a/inc/webadmin-itk.php b/inc/webadmin-itk.php index 680c653..40dbb52 100644 --- a/inc/webadmin-itk.php +++ b/inc/webadmin-itk.php @@ -18,58 +18,60 @@ require_once EVOADMIN_BASE . '../lib/domain.php'; global $conf; -if (isset($_GET['enable']) ) { - require_once EVOADMIN_BASE . '../evolibs/Form.php'; +if (isset($params[2]) && $params[2] != "") { + $redirect_url = "/webadmin/" . $params[1] . "/itk/"; + if (isset($params[3]) && $params[3] == "") http_redirect($redirect_url); - include_once EVOADMIN_BASE . '../tpl/header.tpl.php'; - include_once EVOADMIN_BASE . '../tpl/menu.tpl.php'; + if ($params[2] == "enable") { + require_once EVOADMIN_BASE . '../evolibs/Form.php'; + + include_once EVOADMIN_BASE . '../tpl/header.tpl.php'; + include_once EVOADMIN_BASE . '../tpl/menu.tpl.php'; - # TODO: sanitize $_GET - $servername = array ( - 'domain' => htmlspecialchars(basename($_SERVER['REDIRECT_URL'])), - 'servername' => $_GET['enable'] - ); + # TODO: sanitize $_GET + $servername = array ( + 'domain' => $params[1], + 'servername' => $params[3] + ); - $enable_cmd = 'web-add.sh enable-user-itk ' . $servername['servername'] . ' ' . $servername['domain']; + $enable_cmd = 'web-add.sh enable-user-itk ' . $servername['servername'] . ' ' . $servername['domain']; - sudoexec($enable_cmd, $enable_cmd_output, $enable_cmd_return); + sudoexec($enable_cmd, $enable_cmd_output, $enable_cmd_return); - if ($enable_cmd_return == 0) { - print 'Sécurité ITK activée.'; - printf ('

Retour à la gestion ITK

', $_SERVER['REDIRECT_URL']); + if ($enable_cmd_return == 0) { + print 'Sécurité ITK activée.'; + printf ('

Retour à la gestion ITK

', $redirect_url); + } + + include_once EVOADMIN_BASE . '../tpl/footer.tpl.php'; } + elseif ($params[2] == "disable") { + require_once EVOADMIN_BASE . '../evolibs/Form.php'; - include_once EVOADMIN_BASE . '../tpl/footer.tpl.php'; + include_once EVOADMIN_BASE . '../tpl/header.tpl.php'; + include_once EVOADMIN_BASE . '../tpl/menu.tpl.php'; -} -elseif (isset($_GET['disable']) ) { - require_once EVOADMIN_BASE . '../evolibs/Form.php'; + # TODO: sanitize $_GET + $servername = array ( + 'domain' => $params[1], + 'servername' => $params[3] + ); - include_once EVOADMIN_BASE . '../tpl/header.tpl.php'; - include_once EVOADMIN_BASE . '../tpl/menu.tpl.php'; + $disable_cmd = 'web-add.sh disable-user-itk ' . $servername['servername'] . ' ' . $servername['domain']; + sudoexec($disable_cmd, $disable_cmd_output, $disable_cmd_return); - # TODO: sanitize $_GET - $servername = array ( - 'domain' => htmlspecialchars(basename($_SERVER['REDIRECT_URL'])), - 'servername' => $_GET['disable'] - ); + if ($disable_cmd_return == 0) { + print 'Sécurité ITK désactivée'; + printf ('

Retour à la gestion ITK

', $redirect_url); + } - $disable_cmd = 'web-add.sh disable-user-itk ' . $servername['servername'] . ' ' . $servername['domain']; - - sudoexec($disable_cmd, $disable_cmd_output, $disable_cmd_return); - - if ($disable_cmd_return == 0) { - print 'Sécurité ITK désactivée'; - printf ('

Retour à la gestion ITK

', $_SERVER['REDIRECT_URL']); + include_once EVOADMIN_BASE . '../tpl/footer.tpl.php'; } - - include_once EVOADMIN_BASE . '../tpl/footer.tpl.php'; - - } + else { $domain = $params[1]; diff --git a/tpl/webadmin-itk.tpl.php b/tpl/webadmin-itk.tpl.php index 7d1f596..313f947 100644 --- a/tpl/webadmin-itk.tpl.php +++ b/tpl/webadmin-itk.tpl.php @@ -38,14 +38,18 @@ printf('%s', $data_list[$i]['user']); if (is_superadmin()) { - if (strpos($data_list[$i]['user'], 'www') !== false) { $action = ['disable', 'Désactiver']; } else { $action = ['enable', 'Activer']; } - printf(''.$action[1].'', + // AssignUserID not set in the vhost, override previous action + if (empty($data_list[$i]['user'])) { + $action = ["", ""]; + } + + printf(''.$action[1].'', $domain, $action[0], $data_list[$i]['servername']); } print ''; diff --git a/tpl/webadmin.tpl.php b/tpl/webadmin.tpl.php index 6653d2a..58582c0 100755 --- a/tpl/webadmin.tpl.php +++ b/tpl/webadmin.tpl.php @@ -107,7 +107,7 @@ if(is_multiphp()) { printf('PHP', $vhost_info['owner']); } else { - printf('ITK', $vhost_info['owner']); + printf('ITK', $vhost_info['owner']); } printf(''); From 6ef1c9fcf7bc937db230ee3b03ace488b3ab3b34 Mon Sep 17 00:00:00 2001 From: Nicolas Roman Date: Mon, 1 Apr 2019 16:14:48 +0200 Subject: [PATCH 006/116] refactoring webadmin-itk --- inc/webadmin-itk.php | 40 ++++++++++++---------------------------- 1 file changed, 12 insertions(+), 28 deletions(-) diff --git a/inc/webadmin-itk.php b/inc/webadmin-itk.php index 40dbb52..673d46b 100644 --- a/inc/webadmin-itk.php +++ b/inc/webadmin-itk.php @@ -20,21 +20,20 @@ global $conf; if (isset($params[2]) && $params[2] != "") { $redirect_url = "/webadmin/" . $params[1] . "/itk/"; + if (isset($params[3]) && $params[3] == "") http_redirect($redirect_url); + require_once EVOADMIN_BASE . '../evolibs/Form.php'; + + include_once EVOADMIN_BASE . '../tpl/header.tpl.php'; + include_once EVOADMIN_BASE . '../tpl/menu.tpl.php'; + + $servername = array ( + 'domain' => $params[1], + 'servername' => $params[3] + ); + if ($params[2] == "enable") { - require_once EVOADMIN_BASE . '../evolibs/Form.php'; - - include_once EVOADMIN_BASE . '../tpl/header.tpl.php'; - include_once EVOADMIN_BASE . '../tpl/menu.tpl.php'; - - - # TODO: sanitize $_GET - $servername = array ( - 'domain' => $params[1], - 'servername' => $params[3] - ); - $enable_cmd = 'web-add.sh enable-user-itk ' . $servername['servername'] . ' ' . $servername['domain']; sudoexec($enable_cmd, $enable_cmd_output, $enable_cmd_return); @@ -43,22 +42,8 @@ if (isset($params[2]) && $params[2] != "") { print 'Sécurité ITK activée.'; printf ('

Retour à la gestion ITK

', $redirect_url); } - - include_once EVOADMIN_BASE . '../tpl/footer.tpl.php'; } elseif ($params[2] == "disable") { - require_once EVOADMIN_BASE . '../evolibs/Form.php'; - - include_once EVOADMIN_BASE . '../tpl/header.tpl.php'; - include_once EVOADMIN_BASE . '../tpl/menu.tpl.php'; - - - # TODO: sanitize $_GET - $servername = array ( - 'domain' => $params[1], - 'servername' => $params[3] - ); - $disable_cmd = 'web-add.sh disable-user-itk ' . $servername['servername'] . ' ' . $servername['domain']; sudoexec($disable_cmd, $disable_cmd_output, $disable_cmd_return); @@ -67,9 +52,8 @@ if (isset($params[2]) && $params[2] != "") { print 'Sécurité ITK désactivée'; printf ('

Retour à la gestion ITK

', $redirect_url); } - - include_once EVOADMIN_BASE . '../tpl/footer.tpl.php'; } + include_once EVOADMIN_BASE . '../tpl/footer.tpl.php'; } else { From 6d0a456de9b27598b2e2a21b6069a7e51e2d213b Mon Sep 17 00:00:00 2001 From: Nicolas Roman Date: Mon, 1 Apr 2019 17:09:05 +0200 Subject: [PATCH 007/116] alias url changed --- htdocs/index.php | 2 +- inc/webadmin-edit.php | 41 ++++++++++++++++++++++----------------- tpl/webadmin-edit.tpl.php | 21 ++++++++++---------- tpl/webadmin.tpl.php | 2 +- 4 files changed, 35 insertions(+), 31 deletions(-) diff --git a/htdocs/index.php b/htdocs/index.php index 09bbbe4..9f7e73b 100755 --- a/htdocs/index.php +++ b/htdocs/index.php @@ -60,7 +60,7 @@ if (!array_key_exists('auth', $_SESSION) || $_SESSION['auth']!=1) { include_once EVOADMIN_BASE . '../inc/webadmin-php.php'; -} elseif (preg_match('#^/webadmin/edit/(.*)/?$#', $uri, $params)) { +} elseif (preg_match('#^/webadmin/(.*)/alias/?(add|delete)?/?(.*)?/$#', $uri, $params)) { include_once EVOADMIN_BASE . '../inc/webadmin-edit.php'; diff --git a/inc/webadmin-edit.php b/inc/webadmin-edit.php index c8a579f..b52a528 100644 --- a/inc/webadmin-edit.php +++ b/inc/webadmin-edit.php @@ -18,21 +18,24 @@ require_once EVOADMIN_BASE . '../lib/domain.php'; global $conf; -if (isset($_GET['del']) ) { +$redirect_url = "/webadmin/" . $params[1] . "/alias/"; + +if (isset($params[2]) && $params[2] == "delete") { + if (isset($params[3]) && $params[3] == "") http_redirect($redirect_url); include_once EVOADMIN_BASE . '../tpl/header.tpl.php'; include_once EVOADMIN_BASE . '../tpl/menu.tpl.php'; - $alias = htmlspecialchars($_GET['del']); + $alias = $params[3]; - if (isset($_GET['modif']) && ($_GET['modif'] == 'yes')) { + if (isset($_POST["confirm-delete-alias"])) { print "
"; print "

Suppression de $alias...

"; $serveralias = array ( - 'domain' => htmlspecialchars(basename($_SERVER['REDIRECT_URL'])), + 'domain' => $params[1], 'alias' => $alias ); @@ -77,27 +80,29 @@ if (isset($_GET['del']) ) { sudoexec($exec_cmd, $exec_output, $exec_return); if ($exec_return == 0) { printf ('

Alias %s est supprimé.

', $serveralias['alias']); - } else + } else print "

La suppression a échouée. Veuillez contacter votre administrateur.

"; } - printf ('

Retour à la liste des alias

', $_SERVER['REDIRECT_URL']); + printf ('

Retour à la liste des alias

', $redirect_url); print "
"; - } else if ( ! isset($_GET['modif']) ) { + } else { print "
"; + print "
"; print "

Confirmez vous la suppression de $alias ?

"; - printf ('

Confirmer la suppression

', $_SERVER['REDIRECT_URL'], $alias); - printf ('

Retour à la liste des alias

', $_SERVER['REDIRECT_URL']); + print "

"; + print "

"; + print "
"; + printf ('

Retour à la liste des alias

', $redirect_url); print "
"; } include_once EVOADMIN_BASE . '../tpl/footer.tpl.php'; - -} else if (isset($_GET['add']) ) { - +} +elseif (isset($params[2]) && $params[2] == "add") { require_once EVOADMIN_BASE . '../evolibs/Form.php'; include_once EVOADMIN_BASE . '../tpl/header.tpl.php'; @@ -182,7 +187,7 @@ if (isset($_GET['del']) ) { } else { $serveralias = array ( - 'domain' => htmlspecialchars(basename($_SERVER['REDIRECT_URL'])), + 'domain' => $params[1], 'alias' => $form->getField('domain_alias')->getValue(), ); @@ -197,13 +202,13 @@ if (isset($_GET['del']) ) { //domain_add($serveralias['alias'], gethostbyname($master) , false); TODO avec l'IP du load balancer print "
"; printf ('

L\'alias %s du domaine %s a bien été créé

', $serveralias['alias'], $serveralias['domain']); - printf ('

Retour à la liste des alias

', $_SERVER['REDIRECT_URL']); + printf ('

Retour à la liste des alias

', $redirect_url); print "
"; } else { print "
"; printf ('

Echec dans la creation de l\'alias %s du domaine %s

', $serveralias['alias'], $serveralias['domain']); - printf ('

Retour à la liste des alias

', $_SERVER['REDIRECT_URL']); + printf ('

Retour à la liste des alias

', $redirect_url); print "
"; } } @@ -211,7 +216,7 @@ if (isset($_GET['del']) ) { print "
"; printf ('

Echec dans la creation de l\'alias %s du domaine %s

', $serveralias['alias'], $serveralias['domain']); print ('

L\'alias existe dans d\'autres vhosts.'); - printf ('

Retour à la liste des alias

', $_SERVER['REDIRECT_URL']); + printf ('

Retour à la liste des alias

', $redirect_url); print "
"; } } @@ -240,9 +245,9 @@ if (isset($_GET['del']) ) { } include_once EVOADMIN_BASE . '../tpl/footer.tpl.php'; +} - -} else { +else { $domain = $params[1]; $alias_list = array(); diff --git a/tpl/webadmin-edit.tpl.php b/tpl/webadmin-edit.tpl.php index 146dfdc..09826c2 100644 --- a/tpl/webadmin-edit.tpl.php +++ b/tpl/webadmin-edit.tpl.php @@ -15,13 +15,13 @@

Server Alias

- 0) { - if(count($alias_list) > 0) { - if (is_superadmin()) { print "
"; - printf('

Ajouter un alias

', $domain); + printf('

Ajouter un alias

', $domain); print "
"; }?> @@ -35,28 +35,27 @@ - '; printf('http://%s', $alias_list[$i]['alias'], $alias_list[$i]['alias']); - if (is_superadmin()) - printf('Supprimer', + if (is_superadmin()) + printf('Supprimer', $domain, $alias_list[$i]['alias']); print ''; } ?> -Aucun alias existant pour le domaine $domain !

"; if (is_superadmin()) { print "
"; - printf('

Ajouter un alias

', $domain); + printf('

Ajouter un alias

', $domain); print "
"; } } ?> - diff --git a/tpl/webadmin.tpl.php b/tpl/webadmin.tpl.php index 58582c0..35a5915 100755 --- a/tpl/webadmin.tpl.php +++ b/tpl/webadmin.tpl.php @@ -102,7 +102,7 @@ if (is_superadmin()) { printf(''); - printf('Alias - ', $vhost_info['owner']); + printf('Alias - ', $vhost_info['owner']); printf('Servername - ', $vhost_info['owner']); if(is_multiphp()) { printf('PHP', $vhost_info['owner']); From c9ed53d7dd59cc907f549985458eb0768cf24ec0 Mon Sep 17 00:00:00 2001 From: Nicolas Roman Date: Mon, 1 Apr 2019 18:10:53 +0200 Subject: [PATCH 008/116] php url changed --- htdocs/index.php | 2 +- inc/webadmin-php.php | 4 ++-- tpl/webadmin.tpl.php | 3 ++- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/htdocs/index.php b/htdocs/index.php index 9f7e73b..b1010bb 100755 --- a/htdocs/index.php +++ b/htdocs/index.php @@ -56,7 +56,7 @@ if (!array_key_exists('auth', $_SESSION) || $_SESSION['auth']!=1) { include_once EVOADMIN_BASE . '../inc/webadmin-itk.php'; -} elseif (preg_match('#^/webadmin/php/(.*)/?$#', $uri, $params)) { +} elseif (preg_match('#^/webadmin/(.*)/php/$#', $uri, $params)) { include_once EVOADMIN_BASE . '../inc/webadmin-php.php'; diff --git a/inc/webadmin-php.php b/inc/webadmin-php.php index 6afba03..4eb1eed 100644 --- a/inc/webadmin-php.php +++ b/inc/webadmin-php.php @@ -56,7 +56,7 @@ else { if ($exec_return == 0) { print "
"; - printf ('

La version de PHP bien été modifié

'); + printf ('

La version de PHP a bien été modifiée

'); printf ('

Retour à liste des comptes

'); print "
"; @@ -64,7 +64,7 @@ else { else { print "
"; printf ('

ERREUR

'); - printf ('

Une erreur innatendue s\'est produite

'); + printf ('

Une erreur inattendue s\'est produite

'); if ($conf['debug'] == TRUE) { print '
';
diff --git a/tpl/webadmin.tpl.php b/tpl/webadmin.tpl.php
index 35a5915..192d52c 100755
--- a/tpl/webadmin.tpl.php
+++ b/tpl/webadmin.tpl.php
@@ -95,6 +95,7 @@
             printf('%s', $vhost_info['quota_hard']);
             printf('%s', $vhost_info['occupation']);
           }
+
           if (array_key_exists('php_versions', $conf) && count($conf['php_versions']) > 1) {
             printf('%s', preg_replace("/^(\d)(\d)$/", '\1.\2', $vhost_info['php_version']));
           }
@@ -105,7 +106,7 @@
               printf('Alias - ', $vhost_info['owner']);
               printf('Servername - ', $vhost_info['owner']);
               if(is_multiphp()) {
-                  printf('PHP', $vhost_info['owner']);
+                  printf('PHP', $vhost_info['owner']);
               } else {
                   printf('ITK', $vhost_info['owner']);
               }

From d00ecea96427ff7ed13832e35c0f972c68e80781 Mon Sep 17 00:00:00 2001
From: Ludovic Poujol 
Date: Tue, 2 Apr 2019 15:15:51 +0200
Subject: [PATCH 009/116] web-add.sh - Ensure the FPM pools uses the www-XXX
 user

---
 scripts/web-add.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index df0306e..dc0528f 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -403,7 +403,7 @@ create_www_account() {
         phpfpm_socket_path="/home/${in_login}/php-fpm${php_version}.sock"
         cat </var/lib/lxc/php"${php_version}"/rootfs/${pool_path}/"${in_login}".conf
 [${in_login}]
-user = ${in_login}
+user = www-${in_login}
 group = ${in_login}
 
 listen = ${phpfpm_socket_path}

From 7b5868db38788bd1193b78ed94faeea0c4b8ce72 Mon Sep 17 00:00:00 2001
From: Ludovic Poujol 
Date: Fri, 12 Apr 2019 12:05:07 +0200
Subject: [PATCH 010/116] README.md : Ajout exemple /usr/local/bin/exec73

---
 README.md | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/README.md b/README.md
index e3d687b..7ce8ddc 100644
--- a/README.md
+++ b/README.md
@@ -180,6 +180,20 @@ hostname=example.com
 FromLineOverride=YES
 ~~~
 
+#### PHP-CLI
+
+
+~~~
+$ cat /usr/local/bin/exec73
+#!/bin/bash
+
+php_cmd=$(printf "/usr/bin/php %q" "$@" )
+lxc-attach -n php73 -- su - "$SUDO_USER" -c "$php_cmd"
+~~~
+
+Il faut ensuite s'assurer que ce script peut être exécuté via sudo.
+
+
 
 ## Méthodes de collaboration
 

From d63150c4ce4568c230df89ed0d29f74f41daab5d Mon Sep 17 00:00:00 2001
From: Ludovic Poujol 
Date: Tue, 23 Apr 2019 18:16:07 +0200
Subject: [PATCH 011/116] Add missing escapeshellarg() in account creation

---
 inc/accounts.php | 36 ++++++++++++++++++------------------
 1 file changed, 18 insertions(+), 18 deletions(-)

diff --git a/inc/accounts.php b/inc/accounts.php
index 5c57119..d84da98 100644
--- a/inc/accounts.php
+++ b/inc/accounts.php
@@ -39,17 +39,17 @@ function web_add($form, $admin_mail) {
 
     if(!$form->getField('password_random')->getValue()) {
         $exec_cmd .= sprintf(' -p %s',
-                             $form->getField('password')->getValue());
+                             escapeshellarg($form->getField('password')->getValue()));
     }
 
     /* Ajout des options spécifiques à MySQL si nécessaire */
     if($form->getField('mysql_db')->getValue()) {
         $exec_cmd .= sprintf(' -m %s',
-                             $form->getField('mysql_dbname')->getValue());
+                             escapeshellarg($form->getField('mysql_dbname')->getValue()));
 
         if(!$form->getField('mysql_password_random')->getValue()) {
             $exec_cmd .= sprintf(' -P %s',
-                                $form->getField('mysql_password')->getValue());
+                                escapeshellarg($form->getField('mysql_password')->getValue()));
         }
     }
 
@@ -58,12 +58,12 @@ function web_add($form, $admin_mail) {
     }
 
     if ($conf['quota']) {
-        $exec_cmd .= sprintf(' -q %s:%s', $form->getField('quota_soft')->getValue(), $form->getField('quota_hard')->getValue());
+        $exec_cmd .= sprintf(' -q %s:%s', escapeshellarg($form->getField('quota_soft')->getValue()), escapeshellarg($form->getField('quota_hard')->getValue()));
     }
 
     $exec_cmd .= sprintf(' -l %s %s %s 2>&1', $admin_mail,
-        $form->getField('username')->getValue(), 
-        $form->getField('domain')->getValue());
+        escapeshellarg($form->getField('username')->getValue()),
+        escapeshellarg($form->getField('domain')->getValue()));
 
     //domain_add($form, $_SERVER['SERVER_ADDR'], true);
     sudoexec($exec_cmd, $exec_output, $exec_return);
@@ -72,7 +72,7 @@ function web_add($form, $admin_mail) {
     if ( $form->getField('domain_alias')->getValue() ) {
         $domain_alias = preg_split('/,/', $form->getField('domain_alias')->getValue());
         foreach ( $domain_alias as $domain ) {
-            $exec_cmd = 'web-add.sh add-alias '.$form->getField('username')->getValue().' ';
+            $exec_cmd = 'web-add.sh add-alias '.escapeshellarg($form->getField('username')->getValue()).' ';
             $domain = trim($domain);
             $exec_cmd .= $domain.' '. $server_list;
             sudoexec($exec_cmd, $exec_output, $exec_return);
@@ -97,17 +97,17 @@ function web_add_cluster($form, $admin_mail) {
 
     if(!$form->getField('password_random')->getValue()) {
         $exec_cmd .= sprintf(' -p %s',
-                             $form->getField('password')->getValue());
+                             escapeshellarg($form->getField('password')->getValue()));
     }
 
     /* Ajout des options spécifiques à MySQL si nécessaire */
     if($form->getField('mysql_db')->getValue()) {
         $exec_cmd .= sprintf(' -m %s',
-                             $form->getField('mysql_dbname')->getValue());
+                             escapeshellarg($form->getField('mysql_dbname')->getValue()));
 
         if(!$form->getField('mysql_password_random')->getValue()) {
             $exec_cmd .= sprintf(' -P %s',
-                                $form->getField('mysql_password')->getValue());
+                                escapeshellarg($form->getField('mysql_password')->getValue()));
         }
 
         $account['bdd'] = $form->getField('mysql_dbname')->getValue();
@@ -173,13 +173,13 @@ function web_add_cluster($form, $admin_mail) {
             break;
     }
 
-    $exec_cmd .= sprintf(' -l %s %s %s %s %s %s 2>&1', 
-        $admin_mail,
-        $form->getField('username')->getValue(), 
-        $form->getField('domain')->getValue(),
-        $master,
-        $slave,
-        ($realtime ? 'realtime': 'deferred'));
+    $exec_cmd .= sprintf(' -l %s %s %s %s %s %s 2>&1',
+        escapeshellarg($admin_mail),
+        escapeshellarg($form->getField('username')->getValue()),
+        escapeshellarg($form->getField('domain')->getValue()),
+        escapeshellarg($master),
+        escapeshellarg($slave),
+        escapeshellarg( ($realtime ? 'realtime': 'deferred')) );
 
     //if ($conf['bindadmin'])
     domain_add($form->getField('domain')->getValue(), gethostbyname($master), true, $form->getField('use_gmail_mxs')->getValue());
@@ -189,7 +189,7 @@ function web_add_cluster($form, $admin_mail) {
     if ( $form->getField('domain_alias')->getValue() ) {
         $domain_alias = preg_split('/,/', $form->getField('domain_alias')->getValue());
         foreach ( $domain_alias as $alias ) {
-            $exec_cmd = 'web-add-cluster.sh add-alias '.$form->getField('username')->getValue().' ';
+            $exec_cmd = 'web-add-cluster.sh add-alias '.escapeshellarg($form->getField('username')->getValue()).' ';
             $alias = trim($alias);
             $exec_cmd .= $alias.' '.$master.' '.$slave;
             sudoexec($exec_cmd, $exec_output2, $exec_return2);

From a200ccfdeb65a9224f6de05e95f045a9253f5121 Mon Sep 17 00:00:00 2001
From: Ludovic Poujol 
Date: Tue, 23 Apr 2019 18:16:33 +0200
Subject: [PATCH 012/116] Ensure a password can't contain a "/"

---
 evolibs/Form.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/evolibs/Form.php b/evolibs/Form.php
index f1cdba9..772c572 100644
--- a/evolibs/Form.php
+++ b/evolibs/Form.php
@@ -720,6 +720,11 @@ class PasswordInputFormField extends FormField {
             return FALSE;
         }
 
+        if(!preg_match('#.*[/]+.*#',$this->value)==0){
+            if($set_error) $this->error = 'Votre mot de passe doit contenir le caractère \'/\'';
+            return FALSE;
+        }
+
         return TRUE;
     }
 

From c0fb7a5d74bae1a44cc48dacc981d9c98d2aba40 Mon Sep 17 00:00:00 2001
From: emorino 
Date: Fri, 26 Apr 2019 09:52:05 +0200
Subject: [PATCH 013/116] Ajout configuration /etc/hosts pour install paquet
 ssmtp

---
 README.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/README.md b/README.md
index 7ce8ddc..0afe84f 100644
--- a/README.md
+++ b/README.md
@@ -167,6 +167,12 @@ Si vous rencontrez l'erreur "File not found" avec les fichiers php, bien vérifi
 
 Pour envoyer des mails, on peut installer **ssmtp** qui va forwarder les mails du conteneur vers l'hôte (à faire par conteneur via lxc-attach) :
 
+Avant d'installer le paquet, il faut ajouter le hostname du conteneur dans */etc/hosts*, sinon la configuration du paquet retourne une erreur :
+
+~~~
+127.0.0.1     php70
+~~~
+
 ~~~
 # apt install ssmtp
 ~~~

From a3c67afb2a931761c0bd16e75a5393f49bbd58c2 Mon Sep 17 00:00:00 2001
From: emorino 
Date: Fri, 26 Apr 2019 09:53:10 +0200
Subject: [PATCH 014/116] typo

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 0afe84f..c6e9303 100644
--- a/README.md
+++ b/README.md
@@ -167,7 +167,7 @@ Si vous rencontrez l'erreur "File not found" avec les fichiers php, bien vérifi
 
 Pour envoyer des mails, on peut installer **ssmtp** qui va forwarder les mails du conteneur vers l'hôte (à faire par conteneur via lxc-attach) :
 
-Avant d'installer le paquet, il faut ajouter le hostname du conteneur dans */etc/hosts*, sinon la configuration du paquet retourne une erreur :
+Avant d'installer le paquet, il faut ajouter le hostname du conteneur dans **/etc/hosts**, sinon la configuration du paquet retourne une erreur :
 
 ~~~
 127.0.0.1     php70

From 7a0d307f23d9fdbc3bccbbb9f62a380316e549f9 Mon Sep 17 00:00:00 2001
From: Nicolas Roman 
Date: Thu, 4 Apr 2019 11:52:18 +0200
Subject: [PATCH 015/116] first draft

---
 scripts/web-add.sh | 61 +++++++++++++++++++++++++++++++++++++---------
 1 file changed, 49 insertions(+), 12 deletions(-)

diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index dc0528f..c1c5c62 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -612,19 +612,59 @@ EOT
 }
 
 op_del() {
-    if [ $# -lt 1 ]; then
-        usage
-        exit 1
-    else
+
+    #
+    # Mode interactif
+    #
+
+    if [ $# -eq 0 ]; then
+        echo
+        echo "Suppression d'un compte WEB"
+        echo
+
+        until [ "$login" ]; do
+            echo -n "Entrez le login du compte à supprimer : "
+            read -r tmp
+            login="$tmp"
+        done
+
+        echo -n "Voulez-vous aussi supprimer un compte/base MySQL ? [y|N]"
+        read -r confirm
+
+        if [ "$confirm" = "y" ] || [ "$confirm" = "Y" ]; then
+            echo -n "Entrez le nom de la base de donnees ($login par defaut) : "
+            read -r tmp
+
+            if [ -z "$tmp" ]; then
+                dbname=$login
+            else
+                dbname="$tmp"
+            fi
+        fi
+
+        echo -n "Continuer la suppression du compte $login ? [y/N] : "
+        read -r tmp
+        echo
+        if [ "$tmp" != "y" ] && [ "$tmp" != "Y" ]; then
+            echo "Annulation..."
+            echo
+            exit 1
+        fi
+
+    #
+    # Mode non interactif
+    #
+
+    elif [ $# -gt 0 ] && [ $# -le 2 ]; then
         login=$1
         if [ $# -eq 2 ]; then
             dbname=$2
         fi
+    else
+        usage
+        exit 1
     fi
 
-    echo "Deleting account $login. Continue ?"
-    read -r
-
     set -x
     if [ "$WEB_SERVER" == "apache" ]; then
         userdel www-"$login"
@@ -681,9 +721,6 @@ op_del() {
     set +x
 
     if [ -n "$dbname" ]; then
-        echo "Deleting mysql DATABASE $dbname and mysql user $login. Continue ?"
-        read -r
-
         set -x
         echo "DROP DATABASE $dbname; delete from mysql.user where user='$login' ; FLUSH PRIVILEGES;" | mysql $MYSQL_OPTS
         set +x
@@ -915,7 +952,7 @@ op_checkoccurencename() {
             if [ -r "$configfile" ]; then
                 alias=$(perl -ne 'print "$1 " if /^[[:space:]]*ServerAlias (.*)/' "$configfile" | head -n 1)
                 aliases="$aliases $alias"
-        
+
                 servername=$(awk '/^[[:space:]]*ServerName (.*)/ { print $2 }' "$configfile" | uniq)
                 servernames="$servernames $servername"
             fi
@@ -931,7 +968,7 @@ op_listuseritk() {
     if [ $# -eq 2 ]; then
         domain=${1}
         configfile="$VHOST_PATH/${2}.conf"
-  
+
         sed -n "/$domain/,/<\/VirtualHost>/p" "$configfile" | awk '/AssignUserID/ {print $2}' | uniq
     else
         usage

From ad3c31fb96deb6f2a8a225472c3e56951969784b Mon Sep 17 00:00:00 2001
From: Nicolas Roman 
Date: Fri, 5 Apr 2019 10:49:23 +0200
Subject: [PATCH 016/116] added force-confirm option for del script

---
 scripts/web-add.sh | 66 +++++++++++++++++++++++++++++++++++-----------
 1 file changed, 51 insertions(+), 15 deletions(-)

diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index c1c5c62..37d1948 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -100,12 +100,18 @@ add [ [OPTIONS] LOGIN WWWDOMAIN ]
 
    Example : web-add.sh add -m testdb -r 56 testlogin testdomain.com
 
-del LOGIN [DBNAME]
+del [ [OPTIONS] LOGIN [DBNAME] ]
 
    Delete account and all files related (Apache, Awstats, etc)
    Archive home directory.
    Remove MySQL database only if DBNAME is specified.
 
+   -y
+      Don't ask for confirmation
+
+   Example : web-add.sh del -y testlogin testdatabase
+
+
 list-vhost LOGIN
 
    List Apache vhost for user LOGIN
@@ -642,7 +648,50 @@ op_del() {
             fi
         fi
 
-        echo -n "Continuer la suppression du compte $login ? [y/N] : "
+    #
+    # Mode non interactif
+    #
+
+    else
+        while getopts hy opt; do
+            case "$opt" in
+            y)
+                force_confirm=1
+                ;;
+            h)
+                usage
+                exit 1
+                ;;
+            ?)
+                usage
+                exit 1
+                ;;
+            esac
+        done
+
+        shift $((OPTIND - 1))
+        if [ $# -gt 0 ] && [ $# -le 2 ]; then
+            login=$1
+            if [ $# -eq 2 ]; then
+                dbname=$2
+            fi
+        else
+            usage
+            exit 1
+        fi
+    fi
+
+    echo
+    echo "----------------------------------------------"
+    echo "Nom du compte : $login"
+    if [ "$dbname" ]; then
+        echo "Base de données MySQL : $dbname"
+    fi
+    echo "----------------------------------------------"
+    echo
+
+    if [ -z "$force_confirm" ]; then
+        echo -n "Confirmer la suppression ? [y/N] : "
         read -r tmp
         echo
         if [ "$tmp" != "y" ] && [ "$tmp" != "Y" ]; then
@@ -650,19 +699,6 @@ op_del() {
             echo
             exit 1
         fi
-
-    #
-    # Mode non interactif
-    #
-
-    elif [ $# -gt 0 ] && [ $# -le 2 ]; then
-        login=$1
-        if [ $# -eq 2 ]; then
-            dbname=$2
-        fi
-    else
-        usage
-        exit 1
     fi
 
     set -x

From 6f7fe190462bd25d881f49f9aeeac19714cbfd23 Mon Sep 17 00:00:00 2001
From: Nicolas Roman 
Date: Fri, 5 Apr 2019 15:07:01 +0200
Subject: [PATCH 017/116] added delete webpage

---
 htdocs/inc/js/webadmin.js   |  6 ++++
 htdocs/index.php            |  4 +++
 inc/webadmin-delete.php     | 72 +++++++++++++++++++++++++++++++++++++
 tpl/webadmin-delete.tpl.php | 36 +++++++++++++++++++
 4 files changed, 118 insertions(+)
 create mode 100644 inc/webadmin-delete.php
 create mode 100644 tpl/webadmin-delete.tpl.php

diff --git a/htdocs/inc/js/webadmin.js b/htdocs/inc/js/webadmin.js
index 77bb78f..4a78df5 100644
--- a/htdocs/inc/js/webadmin.js
+++ b/htdocs/inc/js/webadmin.js
@@ -21,6 +21,12 @@ function switch_disabled(name) {
 }
 
 document.observe("dom:loaded", function() {
+    if (document.getElementById('vhost-delete-db') != null) {
+        document.getElementById('vhost-delete-db').onclick = function() {
+            console.log("clicked box");
+            switch_disabled('vhost-dbname');
+        }
+    }
     document.getElementById('password_random').onclick = function() {
         switch_disabled('password');
     }
diff --git a/htdocs/index.php b/htdocs/index.php
index b1010bb..a801e52 100755
--- a/htdocs/index.php
+++ b/htdocs/index.php
@@ -64,6 +64,10 @@ if (!array_key_exists('auth', $_SESSION) || $_SESSION['auth']!=1) {
 
     include_once EVOADMIN_BASE . '../inc/webadmin-edit.php';
 
+} elseif (preg_match('#^/webadmin/(.*)/delete/$#', $uri, $params)) {
+
+    include_once EVOADMIN_BASE . '../inc/webadmin-delete.php';
+
 } elseif (preg_match('#^/webadmin/suppr/(.*)/?$#', $uri, $params)) {
 
     include_once EVOADMIN_BASE . '../inc/webadmin-suppr.php';
diff --git a/inc/webadmin-delete.php b/inc/webadmin-delete.php
new file mode 100644
index 0000000..85b9e03
--- /dev/null
+++ b/inc/webadmin-delete.php
@@ -0,0 +1,72 @@
+
+ * @author Thomas Martin 
+ * @author Sebastien Palma 
+ * @version 1.0
+ */
+
+require_once EVOADMIN_BASE . '../lib/bdd.php';
+require_once EVOADMIN_BASE . '../lib/domain.php';
+
+global $conf;
+
+include_once EVOADMIN_BASE . '../tpl/header.tpl.php';
+include_once EVOADMIN_BASE . '../tpl/menu.tpl.php';
+
+if (isset($_POST['delete-vhost'])) {
+    $domain = $params[1];
+
+    while(true) {
+        // Errors handling
+        if (empty($_POST['vhost-name'])) {
+            print "
Veuillez entrer le nom du compte web à supprimer.
";
+            printf ('
Retour
', $_SERVER['REDIRECT_URL']);
+            break;
+        }
+
+        if ($_POST['vhost-name'] !== $domain) {
+            print "Le nom de compte ne correspond pas.";
+            printf ('
Retour
', $_SERVER['REDIRECT_URL']);
+            break;
+        }
+
+        if (isset($_POST['vhost-delete-db']) && empty($_POST['vhost-dbname'])) {
+            print "Veuillez spécifier un nom de base de données.";
+            printf ('
Retour
', $_SERVER['REDIRECT_URL']);
+            break;
+        }
+
+        // Shell arguments
+        if (!empty($_POST['vhost-dbname']))
+            $exec_cmd = "web-add.sh del -y " . $domain . " " . $_POST['vhost-dbname'];
+        else
+            $exec_cmd = "web-add.sh del -y " . $domain;
+
+        // Execute script
+        sudoexec($exec_cmd, $exec_output, $exec_return);
+
+        // Deal with response code
+        if ($exec_return == 0)
+            print "
Compte supprimé.
";
+        else
+            print "
La suppression a échouée. Veuillez contacter votre administrateur.
";
+
+        break;
+    }
+
+    include_once EVOADMIN_BASE . '../tpl/footer.tpl.php';
+
+} else {
+    include_once EVOADMIN_BASE . '../tpl/webadmin-delete.tpl.php';
+    include_once EVOADMIN_BASE . '../tpl/footer.tpl.php';
+}
+
+?>
diff --git a/tpl/webadmin-delete.tpl.php b/tpl/webadmin-delete.tpl.php
new file mode 100644
index 0000000..58338bc
--- /dev/null
+++ b/tpl/webadmin-delete.tpl.php
@@ -0,0 +1,36 @@
+
+ * @version 1.0
+ */
+
+?>
+
+
Suppression du compte web

+
+

+    

+        

+            
+            
+        

+        

+            
+            
+        

+        

+            
+            
+        

+        

+            
+        

+    

+


From bb17afd5fc3bf10e95eca7073773e880f64ec3a2 Mon Sep 17 00:00:00 2001
From: Nicolas Roman 
Date: Fri, 5 Apr 2019 15:25:01 +0200
Subject: [PATCH 018/116] added delete link

---
 tpl/webadmin-delete.tpl.php | 2 +-
 tpl/webadmin.tpl.php        | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/tpl/webadmin-delete.tpl.php b/tpl/webadmin-delete.tpl.php
index 58338bc..9a0081d 100644
--- a/tpl/webadmin-delete.tpl.php
+++ b/tpl/webadmin-delete.tpl.php
@@ -1,7 +1,7 @@
 ITK', $vhost_info['owner']);
               }
+              printf(' - Supprimer', $vhost_info['owner']);
               printf('');
 
           }

From 1ffa0ef4e78ec725c7c579e56fb610535f915792 Mon Sep 17 00:00:00 2001
From: Nicolas Roman 
Date: Thu, 16 May 2019 10:57:05 +0200
Subject: [PATCH 019/116] normalize title names

---
 inc/webadmin-edit.php           |  8 ++++----
 inc/webadmin-servername.php     |  4 ++--
 tpl/webadmin-edit.tpl.php       |  4 ++--
 tpl/webadmin-itk.tpl.php        |  2 +-
 tpl/webadmin-servername.tpl.php |  6 +++---
 tpl/webadmin.tpl.php            | 10 +++++-----
 6 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/inc/webadmin-edit.php b/inc/webadmin-edit.php
index b52a528..7e63681 100644
--- a/inc/webadmin-edit.php
+++ b/inc/webadmin-edit.php
@@ -222,10 +222,10 @@ elseif (isset($params[2]) && $params[2] == "add") {
                 }
             }
             else {
-              print "
Ajout d'un serveralias
";
+              print "
Ajout d'un alias
";
                     print "
";
                     print "   
";
-                    print "        Ajout d'un serveralias";
+                    print "        Ajout d'un alias";
                     print $form;
                     print "        
";
                     print "     
";
@@ -233,10 +233,10 @@ elseif (isset($params[2]) && $params[2] == "add") {
 
             }
         } else {
-			print "
Ajout d'un serveralias
";
+			print "
Ajout d'un alias
";
             print "";
             print "   
";
-            print "        Ajout d'un serveralias";
+            print "        Ajout d'un alias";
             print $form;
             print "        
";
             print "     
";
diff --git a/inc/webadmin-servername.php b/inc/webadmin-servername.php
index 7779c43..db5b862 100644
--- a/inc/webadmin-servername.php
+++ b/inc/webadmin-servername.php
@@ -146,10 +146,10 @@ if (isset($params[2]) && $params[2] == "edit") {
                 }
             }
         } else {
-          print "
Modification du ServerName
";
+          print "
Modification du Servername
";
           print "";
           print "   
";
-          print "        Modification du ServerName";
+          print "        Modification du Servername";
           print $form;
           print "        
";
           print "     
";
diff --git a/tpl/webadmin-edit.tpl.php b/tpl/webadmin-edit.tpl.php
index 09826c2..4c57bd3 100644
--- a/tpl/webadmin-edit.tpl.php
+++ b/tpl/webadmin-edit.tpl.php
@@ -5,7 +5,7 @@
  *
  * Copyright (c) 2009 Evolix - Tous droits reserves
  *
- * vim: expandtab softtabstop=4 tabstop=4 shiftwidth=4 showtabline=2 
+ * vim: expandtab softtabstop=4 tabstop=4 shiftwidth=4 showtabline=2
  *
  * @author Thomas Martin 
  * @version 1.0
@@ -38,7 +38,7 @@
         ';
-                printf('http://%s',
+                printf('%s',
                     $alias_list[$i]['alias'], $alias_list[$i]['alias']);
                 if (is_superadmin())
                     printf('Supprimer',
diff --git a/tpl/webadmin-itk.tpl.php b/tpl/webadmin-itk.tpl.php
index 313f947..c856703 100644
--- a/tpl/webadmin-itk.tpl.php
+++ b/tpl/webadmin-itk.tpl.php
@@ -22,7 +22,7 @@
     
-           
+           Action';
diff --git a/tpl/webadmin-servername.tpl.php b/tpl/webadmin-servername.tpl.php
index 9766b99..ac53cdd 100644
--- a/tpl/webadmin-servername.tpl.php
+++ b/tpl/webadmin-servername.tpl.php
@@ -13,7 +13,7 @@
 
 ?>
 
-
ServerNames

+
Servernames

-           
+           Action';
            } ?>
@@ -43,7 +43,7 @@
     

         
         
ServerNameServername
            Utilisateur
            
 
 
         

         
ServerNameServername
            

 Aucun ServerName existant pour le domaine $domain !
";
+       print "
Aucun Servername existant pour le domaine $domain !
";
    }
 
 
diff --git a/tpl/webadmin.tpl.php b/tpl/webadmin.tpl.php
index 0fd15c6..5ccba08 100755
--- a/tpl/webadmin.tpl.php
+++ b/tpl/webadmin.tpl.php
@@ -22,9 +22,9 @@
       
       
         Propriétaire';
+            print 'Virtual Host';
         } ?>
-        Domaine
+        Servername
         Alias';
         }
@@ -61,7 +61,7 @@
           if(is_superadmin()) {
             printf('%s', $vhost_info['owner']);
           }
-          printf('http://%s',
+          printf('%s',
                   $vhost_info['server_name'], $vhost_info['server_name']);
 
           if ($conf['cluster']) {
@@ -87,7 +87,7 @@
                   printf('%s', $vhost_info['slave']);
 	  }
 
-          printf('%s', preg_replace('/,/','
',$vhost_info['server_alias']));
+          printf('%s', preg_replace('/,/','
',$vhost_info['server_alias']));
 
           if ($conf['quota']) {
             printf('%s', $vhost_info['size']);
@@ -110,7 +110,7 @@
               } else {
                   printf('ITK', $vhost_info['owner']);
               }
-              printf(' - Supprimer', $vhost_info['owner']);
+              printf('Supprimer', $vhost_info['owner']);
               printf('');
 
           }

From 1ee7221b19ace00688a1f192f87974cebce0bdbc Mon Sep 17 00:00:00 2001
From: Nicolas Roman 
Date: Thu, 16 May 2019 11:19:43 +0200
Subject: [PATCH 020/116] normalize text

---
 inc/webadmin-edit.php           | 12 ++++++------
 tpl/webadmin-servername.tpl.php |  2 +-
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/inc/webadmin-edit.php b/inc/webadmin-edit.php
index 7e63681..7b0d99b 100644
--- a/inc/webadmin-edit.php
+++ b/inc/webadmin-edit.php
@@ -1,11 +1,11 @@
 
  * @author Thomas Martin 
@@ -68,10 +68,10 @@ if (isset($params[2]) && $params[2] == "delete") {
             sudoexec($exec_cmd, $exec_output, $exec_return);
 
             if ($exec_return == 0) {
-                if (! $bdd->del_serveralias($serveralias)) 
+                if (! $bdd->del_serveralias($serveralias))
                     print "
La suppression a échouée. Veuillez contacter votre administrateur.
";
                 printf ('
Alias %s est supprimé.
', $serveralias['alias']);
-            } else 
+            } else
                 print "
La suppression a échouée. Veuillez contacter votre administrateur.
";
 
         }
@@ -134,7 +134,7 @@ elseif (isset($params[2]) && $params[2] == "add") {
                         'domain' => htmlspecialchars(basename($_SERVER['REDIRECT_URL'])),
                         'alias'  => $form->getField('domain_alias')->getValue(),
                     );
-                    
+
                     $account_name=$serveralias['domain'];
                     $account = $bdd->get_account($account_name);
 
@@ -214,7 +214,7 @@ elseif (isset($params[2]) && $params[2] == "add") {
                     }
                     else {
                       print "
";
-                      printf ('
Echec dans la creation de l\'alias %s du domaine %s
', $serveralias['alias'], $serveralias['domain']);
+                      printf ('
Echec dans la creation de l\'alias %s
', $serveralias['alias']);
                       print  ('
L\'alias existe dans d\'autres vhosts.');
                       printf ('
Retour à la liste des alias
', $redirect_url);
                       print "
";
diff --git a/tpl/webadmin-servername.tpl.php b/tpl/webadmin-servername.tpl.php
index ac53cdd..ccd1911 100644
--- a/tpl/webadmin-servername.tpl.php
+++ b/tpl/webadmin-servername.tpl.php
@@ -13,7 +13,7 @@
 
 ?>
 
-
Servernames

+
Servername

 
 
Date: Thu, 16 May 2019 11:55:52 +0200
Subject: [PATCH 021/116] revert multiple virtualhosts mgmt for ITK

---
 inc/webadmin-itk.php     | 60 +++++++++++++++++-----------------------
 scripts/web-add.sh       | 25 ++++++++---------
 tpl/webadmin-itk.tpl.php | 39 +++++++++++---------------
 3 files changed, 52 insertions(+), 72 deletions(-)

diff --git a/inc/webadmin-itk.php b/inc/webadmin-itk.php
index 673d46b..d47a972 100644
--- a/inc/webadmin-itk.php
+++ b/inc/webadmin-itk.php
@@ -18,23 +18,39 @@ require_once EVOADMIN_BASE . '../lib/domain.php';
 
 global $conf;
 
-if (isset($params[2]) && $params[2] != "") {
-    $redirect_url = "/webadmin/" . $params[1] . "/itk/";
+if (isset($_GET['enable']) ) {
+    require_once EVOADMIN_BASE . '../evolibs/Form.php';
+
+    include_once EVOADMIN_BASE . '../tpl/header.tpl.php';
+    include_once EVOADMIN_BASE . '../tpl/menu.tpl.php';
+
+    $servername = array (
+        'domain' => htmlspecialchars(basename($_SERVER['REDIRECT_URL'])),
+    );
+
+    $enable_cmd = 'web-add.sh enable-user-itk ' . $servername['domain'];
 
     if (isset($params[3]) && $params[3] == "") http_redirect($redirect_url);
 
+    if ($enable_cmd_return == 0) {
+      print 'Sécurité ITK activée.';
+      printf ('
Retour à la gestion ITK
', $_SERVER['REDIRECT_URL']);
+    }
+
+    include_once EVOADMIN_BASE . '../tpl/footer.tpl.php';
+
+} elseif (isset($_GET['disable']) ) {
+
     require_once EVOADMIN_BASE . '../evolibs/Form.php';
 
     include_once EVOADMIN_BASE . '../tpl/header.tpl.php';
     include_once EVOADMIN_BASE . '../tpl/menu.tpl.php';
 
     $servername = array (
-        'domain' => $params[1],
-        'servername'  => $params[3]
+        'domain' => htmlspecialchars(basename($_SERVER['REDIRECT_URL'])),
     );
 
-    if ($params[2] == "enable") {
-        $enable_cmd = 'web-add.sh enable-user-itk ' . $servername['servername'] . ' ' . $servername['domain'];
+    $disable_cmd = 'web-add.sh disable-user-itk ' . $servername['domain'];
 
         sudoexec($enable_cmd, $enable_cmd_output, $enable_cmd_return);
 
@@ -46,20 +62,10 @@ if (isset($params[2]) && $params[2] != "") {
     elseif ($params[2] == "disable") {
         $disable_cmd = 'web-add.sh disable-user-itk ' . $servername['servername'] . ' ' . $servername['domain'];
 
-        sudoexec($disable_cmd, $disable_cmd_output, $disable_cmd_return);
-
-        if ($disable_cmd_return == 0) {
-          print 'Sécurité ITK désactivée';
-          printf ('
Retour à la gestion ITK
', $redirect_url);
-        }
-    }
     include_once EVOADMIN_BASE . '../tpl/footer.tpl.php';
-}
-
-else {
 
+} else {
     $domain = $params[1];
-    $data_list = array();
 
     // TODO: adapt for cluster mode
     if ($conf['cluster']) {
@@ -83,33 +89,17 @@ else {
         $alias_list = $bdd->list_serveralias($domain);
     }
     else {
-
-      $cmd = 'web-add.sh list-servername ' . $domain;
-
-	    if(!is_superadmin()) {
-	    	$cmd = sprintf('%s %s', $cmd, $_SESSION['user']);
-	    }
-	    sudoexec($cmd, $data_output, $exec_return);
-
-      # à revérifier (notamment gestion erreurs)
-      if ($exec_return == 0) {
-        foreach($data_output as $data_line) {
-          $cmd_itk = 'web-add.sh list-user-itk ' . $data_line . ' ' . $domain;
+          $cmd_itk = 'web-add.sh list-user-itk ' . $domain;
 
           sudoexec($cmd_itk, $data_output_itk, $exec_return_itk);
 
-          # on prend le premier résultat du tableau, ne fonctionne pas s'il y a plusieurs la même ligne ou des commentaires etc.
-          array_push($data_list, ['servername' => $data_line, 'user' => $data_output_itk[0]]);
-          unset($data_output_itk);  # reset variable pour éviter conflits
-  	    }
-      }
+          $user_itk = $data_output_itk[0];
     }
 
     include_once EVOADMIN_BASE . '../tpl/header.tpl.php';
     include_once EVOADMIN_BASE . '../tpl/menu.tpl.php';
     include_once EVOADMIN_BASE . '../tpl/webadmin-itk.tpl.php';
     include_once EVOADMIN_BASE . '../tpl/footer.tpl.php';
-
 }
 
 ?>
diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index 37d1948..5a560c8 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -1001,23 +1001,21 @@ op_checkoccurencename() {
 }
 
 op_listuseritk() {
-    if [ $# -eq 2 ]; then
-        domain=${1}
-        configfile="$VHOST_PATH/${2}.conf"
+    if [ $# -eq 1 ]; then
+        configfile="$VHOST_PATH/${1}.conf"
 
-        sed -n "/$domain/,/<\/VirtualHost>/p" "$configfile" | awk '/AssignUserID/ {print $2}' | uniq
+        awk '/AssignUserID/ {print $2}' "$configfile" | uniq
     else
         usage
     fi
 }
 
 op_enableuseritk() {
-    if [ $# -eq 2 ]; then
-        domain=${1}
-        configfile="$VHOST_PATH/${2}.conf"
-        group=$(sed -n "/$domain/,/<\/VirtualHost>/p" "$configfile" | awk '/AssignUserID/ {print $3}' | uniq)
+    if [ $# -eq 1 ]; then
+        configfile="$VHOST_PATH/${1}.conf"
+        group=$(awk '/AssignUserID/ {print $3}' "$configfile" | uniq)
 
-        sed -i "/$domain/,/<\/VirtualHost>/ s/^ *AssignUserID $group/    AssignUserID www-$group/" "$configfile" --follow-symlinks
+        sed -i "s/^ *AssignUserID $group/    AssignUserID www-$group/" "$configfile" --follow-symlinks
 
         configtest_out=$(apache2ctl configtest)
         configtest_rc=$?
@@ -1033,12 +1031,11 @@ op_enableuseritk() {
 }
 
 op_disableuseritk() {
-    if [ $# -eq 2 ]; then
-        domain=${1}
-        configfile="$VHOST_PATH"/"${2}".conf
-        group=$(sed -n "/$domain/,/<\/VirtualHost>/p" $configfile | awk '/AssignUserID/ {print $3}' | uniq)
+    if [ $# -eq 1 ]; then
+        configfile="$VHOST_PATH"/"${1}".conf
+        group=$(awk '/AssignUserID/ {print $3}' "$configfile" | uniq)
 
-        sed -i "/$domain/,/<\/VirtualHost>/ s/^ *AssignUserID www-$group/    AssignUserID ${group}/" "$configfile" --follow-symlinks
+        sed -i "s/^ *AssignUserID www-$group/    AssignUserID ${group}/" "$configfile" --follow-symlinks
 
         configtest_out=$(apache2ctl configtest)
         configtest_rc=$?
diff --git a/tpl/webadmin-itk.tpl.php b/tpl/webadmin-itk.tpl.php
index c856703..e5ca180 100644
--- a/tpl/webadmin-itk.tpl.php
+++ b/tpl/webadmin-itk.tpl.php
@@ -17,12 +17,11 @@
 
  0) { ?>
+    if(!empty($user_itk)) { ?>
 
     
-           Action';
@@ -31,29 +30,23 @@
         ';
-                printf('',
-                    $data_list[$i]['servername']);
-                printf('',
-                    $data_list[$i]['user']);
-                if (is_superadmin()) {
-                  if (strpos($data_list[$i]['user'], 'www') !== false) {
-                    $action = ['disable', 'Désactiver'];
-                  } else {
-                    $action = ['enable', 'Activer'];
-                  }
 
-                  // AssignUserID not set in the vhost, override previous action
-                  if (empty($data_list[$i]['user'])) {
-                      $action = ["", ""];
-                  }
+          print '';
+          printf('',
+              $user_itk);
+          if (is_superadmin()) {
 
-                  printf('',
-                          $domain, $action[0], $data_list[$i]['servername']);
-                }
-                print '';
-        } ?>
+            if (strpos($user_itk, 'www') !== false) {
+              $action = ['disable', 'Désactiver'];
+            } else {
+              $action = ['enable', 'Activer'];
+            }
+
+            printf('',
+                    $domain, $action[0]);
+          }
+          print '';
+        ?>
         

         
         
Servername
            Utilisateur
            

         
         
%s%s
%s'.$action[1].'
'.$action[1].'

     

 
Date: Thu, 16 May 2019 12:06:35 +0200
Subject: [PATCH 022/116] normalize add-alias with del-alias

---
 scripts/web-add.sh | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index 5a560c8..3229072 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -866,7 +866,6 @@ op_listvhost() {
         configlist="$VHOST_PATH/*";
     fi
 
-
     for configfile in $configlist; do
         if [ -r "$configfile" ] && echo "$configfile" |grep -qvE "/(000-default|default-ssl|evoadmin)\\.conf$"; then
             servername="$(awk '/^[[:space:]]*ServerName (.*)/ { print $2 }' "$configfile" | head -n 1)"
@@ -896,12 +895,23 @@ op_aliasadd() {
     if [ $# -eq 2 ]; then
         vhost="${1}.conf"
         alias=$2
+        vhost_file="${VHOST_PATH}/${vhost}"
 
-        [ -f $VHOST_PATH/"$vhost" ] && sed -i "/ServerName .*/a \\\tServerAlias $alias" "$VHOST_PATH"/"$vhost" --follow-symlinks
+        if [ -f "${vhost_file}" ]; then
+            sed -i "/ServerName .*/a \\\tServerAlias $alias" "${vhost_file}" --follow-symlinks
+        else
+            echo "VHost file \`${vhost_file}' not found'" >&2
+            return 1
+        fi
 
-        apache2ctl configtest 2>/dev/null
-        /etc/init.d/apache2 force-reload >/dev/null
+        configtest_out=$(apache2ctl configtest)
+        configtest_rc=$?
 
+        if [ "$configtest_rc" = "0" ]; then
+            /etc/init.d/apache2 force-reload >/dev/null
+        else
+            echo $configtest_out >&2
+        fi
     else usage
     fi
 }

From ad452aad6ad30dd851c7bb1654f1e2b7859af649 Mon Sep 17 00:00:00 2001
From: Nicolas Roman 
Date: Thu, 16 May 2019 14:40:30 +0200
Subject: [PATCH 023/116] delete list-servername function

---
 inc/webadmin-servername.php     |  8 +++----
 scripts/web-add.sh              | 41 ++++++---------------------------
 tpl/webadmin-servername.tpl.php | 19 ++++++++-------
 3 files changed, 19 insertions(+), 49 deletions(-)

diff --git a/inc/webadmin-servername.php b/inc/webadmin-servername.php
index db5b862..7141acc 100644
--- a/inc/webadmin-servername.php
+++ b/inc/webadmin-servername.php
@@ -197,17 +197,15 @@ if (isset($params[2]) && $params[2] == "edit") {
         $alias_list = $bdd->list_serveralias($domain);
     }
     else {
-
-      $cmd = 'web-add.sh list-servername ' . $domain;
+      $cmd = 'web-add.sh list-vhost ' . $domain;
 
 	    if(!is_superadmin()) {
 	    	$cmd = sprintf('%s %s', $cmd, $_SESSION['user']);
 	    }
 	    sudoexec($cmd, $data_output, $exec_return);
 
-	    foreach($data_output as $data_line) {
-        array_push($servername_list, $data_line);
-	    }
+      $data_vhost = explode(':', $data_output[0]);
+      $servername = $data_vhost[2];
     }
 
     include_once EVOADMIN_BASE . '../tpl/header.tpl.php';
diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index 3229072..e3d5df9 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -128,30 +128,26 @@ del-alias VHOST ALIAS
 
     Del a ServerAlias from an Apache vhost
 
-list-servername LOGIN
-
-    List ServerName(s) for user LOGIN
-
 update-servername VHOST SERVERNAME OLD_SERVERNAME
 
     Replace the OLD_SERVERNAME with the SERVERNAME for an Apache vhost
-    Also apply to rules
+    Also apply to rewrite rules
 
 check-occurence NAME
 
     List all occurences of NAME in vhosts
 
-list-user-itk DOMAIN LOGIN
+list-user-itk LOGIN
 
-    List the assigned ITK user for the DOMAIN specified
+    List the assigned ITK user for the LOGIN specified
 
-enable-user-itk DOMAIN LOGIN
+enable-user-itk LOGIN
 
-    Enable the assigned ITK user for the DOMAIN specified
+    Enable the assigned ITK user for the LOGIN specified
 
-disable-user-itk DOMAIN LOGIN
+disable-user-itk LOGIN
 
-    Disable the assigned ITK user for the DOMAIN specified
+    Disable the assigned ITK user for the LOGIN specified
 
 setphpversion LOGIN VERSION
 
@@ -828,9 +824,6 @@ arg_processing() {
         del-alias)
             op_aliasdel "$@"
             ;;
-        list-servername)
-            op_listservername "$@"
-            ;;
         update-servername)
             op_servernameupdate "$@"
             ;;
@@ -942,25 +935,6 @@ op_aliasdel() {
     fi
 }
 
-op_listservername() {
-    if [ $# -eq 1 ]; then
-        vhost_file="$VHOST_PATH/${1}.conf";
-
-        if [ -f "${vhost_file}" ]; then
-            servernames=$(awk '/^[[:space:]]*ServerName (.*)/ { print $2 }' "$vhost_file" | uniq)
-
-            for servername in $servernames; do
-                echo "$servername";
-            done
-        else
-            echo "VHost file \`${vhost_file}' not found'" >&2
-            return 1
-        fi
-    else
-        usage
-    fi
-}
-
 op_servernameupdate() {
     if [ $# -eq 3 ]; then
       vhost="${1}.conf"
@@ -968,7 +942,6 @@ op_servernameupdate() {
       old_servername=$3
       vhost_file="${VHOST_PATH}/${vhost}"
 
-      # Remplacement de toutes les directives ServerName, on assume qu'il s'agit du même pour chaque vhost du fichier
       if [ -f "${vhost_file}" ]; then
           sed -i "/^ *ServerName/ s/$old_servername/$servername/g" "${vhost_file}" --follow-symlinks
           sed -i "/^ *RewriteCond/ s/$old_servername/$servername/g" "${vhost_file}" --follow-symlinks
diff --git a/tpl/webadmin-servername.tpl.php b/tpl/webadmin-servername.tpl.php
index ccd1911..50b87d3 100644
--- a/tpl/webadmin-servername.tpl.php
+++ b/tpl/webadmin-servername.tpl.php
@@ -17,7 +17,7 @@
 
  0) { ?>
+    if(!empty($servername)) { ?>
 
     
@@ -30,15 +30,14 @@
         ';
-                printf('',
-                    $servername_list[$i]);
-                if (is_superadmin())
-                    printf('',
-                            $domain, $servername_list[$i]);
-                print '';
-        } ?>
+          print '';
+          printf('',
+              $servername);
+          if (is_superadmin())
+              printf('',
+                      $domain, $servername);
+          print '';
+        ?>
         

         
         
         
%sModifier
%sModifier

     

 
Date: Fri, 17 May 2019 11:53:21 +0200
Subject: [PATCH 024/116] block non-standard vhost modification

---
 htdocs/index.php     | 35 +++++++++++++++++++++++------------
 inc/webadmin.php     | 11 +++++++++++
 scripts/web-add.sh   | 10 +++++++++-
 tpl/webadmin.tpl.php | 16 ++++++++++------
 4 files changed, 53 insertions(+), 19 deletions(-)

diff --git a/htdocs/index.php b/htdocs/index.php
index a801e52..8e951b3 100755
--- a/htdocs/index.php
+++ b/htdocs/index.php
@@ -48,30 +48,41 @@ if (!array_key_exists('auth', $_SESSION) || $_SESSION['auth']!=1) {
 
     include_once EVOADMIN_BASE . '../inc/webadmin.php';
 
-} elseif (preg_match('#^/webadmin/(.*)/domain/?(edit)?/?(.*)?/$#', $uri, $params)) {
+} elseif (preg_match('#^/webadmin?#', $uri)) {
 
-    include_once EVOADMIN_BASE . '../inc/webadmin-servername.php';
+  // Redirect to /webadmin in order to set $_SESSION['non_stanard']
+  if (!isset($_SESSION['non_standard']))
+    http_redirect('/webadmin');
 
-} elseif (preg_match('#^/webadmin/(.*)/itk/?(enable|disable)?/?(.*)?/$#', $uri, $params)) {
+  // block the non-standard vhost modification
+  if (in_array(htmlspecialchars(basename($_SERVER['REDIRECT_URL'])), $_SESSION['non_standard']))
+    http_redirect('/webadmin');
 
-    include_once EVOADMIN_BASE . '../inc/webadmin-itk.php';
+  if (preg_match('#^/webadmin/servername/(.*)/?$#', $uri, $params)) {
 
-} elseif (preg_match('#^/webadmin/(.*)/php/$#', $uri, $params)) {
+      include_once EVOADMIN_BASE . '../inc/webadmin-servername.php';
 
-    include_once EVOADMIN_BASE . '../inc/webadmin-php.php';
+  } elseif (preg_match('#^/webadmin/itk/(.*)/?$#', $uri, $params)) {
 
-} elseif (preg_match('#^/webadmin/(.*)/alias/?(add|delete)?/?(.*)?/$#', $uri, $params)) {
+      include_once EVOADMIN_BASE . '../inc/webadmin-itk.php';
 
-    include_once EVOADMIN_BASE . '../inc/webadmin-edit.php';
+  } elseif (preg_match('#^/webadmin/php/(.*)/?$#', $uri, $params)) {
 
-} elseif (preg_match('#^/webadmin/(.*)/delete/$#', $uri, $params)) {
+      include_once EVOADMIN_BASE . '../inc/webadmin-php.php';
 
-    include_once EVOADMIN_BASE . '../inc/webadmin-delete.php';
+  } elseif (preg_match('#^/webadmin/edit/(.*)/?$#', $uri, $params)) {
 
-} elseif (preg_match('#^/webadmin/suppr/(.*)/?$#', $uri, $params)) {
+      include_once EVOADMIN_BASE . '../inc/webadmin-edit.php';
 
-    include_once EVOADMIN_BASE . '../inc/webadmin-suppr.php';
+  } elseif (preg_match('#^/webadmin/delete/(.*)/?$#', $uri, $params)) {
 
+      include_once EVOADMIN_BASE . '../inc/webadmin-delete.php';
+
+  } elseif (preg_match('#^/webadmin/suppr/(.*)/?$#', $uri, $params)) {
+
+      include_once EVOADMIN_BASE . '../inc/webadmin-suppr.php';
+
+  }
 } elseif (is_superadmin() && preg_match('#^/accounts/?#', $uri, $params)) {
 
     include_once EVOADMIN_BASE . '../inc/accounts.php';
diff --git a/inc/webadmin.php b/inc/webadmin.php
index ad3ec23..bc61a7b 100644
--- a/inc/webadmin.php
+++ b/inc/webadmin.php
@@ -30,6 +30,12 @@ if (!$conf['cluster']) {
 
     /* Récupération de cette liste dans le tableau $vhost_list */
     $vhost_list = array();
+
+    if (!isset($_SESSION['non_standard'])) {
+      $_SESSION['non_standard'] = array();
+    }
+
+
     foreach($data_output as $data_line) {
         $data_split = explode(':', $data_line);
 
@@ -72,6 +78,11 @@ if (!$conf['cluster']) {
             $occupation = "";
         }
 
+        // current vhost isn't standard and thus not manageable by evoadmin-web
+        if (!$data_split[9]) {
+          array_push($_SESSION['non_standard'], $data_split[0]);
+        }
+
         array_push($vhost_list, array(
             'owner'       => $data_split[0],
             'configid'       => $data_split[1],
diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index e3d5df9..b4ca350 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -876,9 +876,17 @@ op_listvhost() {
             else
                 is_enabled=0
             fi
+
+            count_virtualhosts="$(grep "');
-              printf('Alias - ', $vhost_info['owner']);
-              printf('Servername - ', $vhost_info['owner']);
-              if(is_multiphp()) {
-                  printf('PHP', $vhost_info['owner']);
+              if (!in_array($vhost_info['owner'], $_SESSION['non_standard'])) {
+                printf('Alias - ', $vhost_info['owner']);
+                printf('Servername - ', $vhost_info['owner']);
+                if(is_multiphp()) {
+                    printf('PHP - ', $vhost_info['owner']);
+                } else {
+                    printf('ITK - ', $vhost_info['owner']);
+                }
+                printf('Supprimer', $vhost_info['owner']);
               } else {
-                  printf('ITK', $vhost_info['owner']);
+                print 'VirtualHost non standard';
               }
-              printf('Supprimer', $vhost_info['owner']);
               printf('');
 
           }

From 44b4ac2f5e5ae6993ac25373840cee0a927b9f62 Mon Sep 17 00:00:00 2001
From: Nicolas Roman 
Date: Mon, 3 Jun 2019 16:44:14 +0200
Subject: [PATCH 025/116] add .idea folder to gitignore

---
 .gitignore | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.gitignore b/.gitignore
index 6e9dadb..7d7f61e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
 conf/config.local.php
 .vagrant
+.idea

From 634a18d1cb80e8d950c9b1cc3039e41ddafdea9b Mon Sep 17 00:00:00 2001
From: Nicolas Roman 
Date: Wed, 5 Jun 2019 17:20:34 +0200
Subject: [PATCH 026/116] rebase master

---
 htdocs/index.php                |  8 +++---
 inc/webadmin-itk.php            | 49 +++++++++++++--------------------
 inc/webadmin-servername.php     | 20 +++++++-------
 tpl/webadmin-itk.tpl.php        |  2 +-
 tpl/webadmin-servername.tpl.php |  2 +-
 tpl/webadmin.tpl.php            |  8 +++---
 6 files changed, 39 insertions(+), 50 deletions(-)

diff --git a/htdocs/index.php b/htdocs/index.php
index 8e951b3..c2f5ff0 100755
--- a/htdocs/index.php
+++ b/htdocs/index.php
@@ -58,19 +58,19 @@ if (!array_key_exists('auth', $_SESSION) || $_SESSION['auth']!=1) {
   if (in_array(htmlspecialchars(basename($_SERVER['REDIRECT_URL'])), $_SESSION['non_standard']))
     http_redirect('/webadmin');
 
-  if (preg_match('#^/webadmin/servername/(.*)/?$#', $uri, $params)) {
+  if (preg_match('#^/webadmin/(.*)/domain/?(edit)?/?(.*)?/$#', $uri, $params)) {
 
       include_once EVOADMIN_BASE . '../inc/webadmin-servername.php';
 
-  } elseif (preg_match('#^/webadmin/itk/(.*)/?$#', $uri, $params)) {
+  } elseif (preg_match('#^/webadmin/(.*)/itk/?(enable|disable)?/?(.*)?/$#', $uri, $params)) {
 
       include_once EVOADMIN_BASE . '../inc/webadmin-itk.php';
 
-  } elseif (preg_match('#^/webadmin/php/(.*)/?$#', $uri, $params)) {
+  } elseif (preg_match('#^/webadmin/(.*)/php/$#', $uri, $params)) {
 
       include_once EVOADMIN_BASE . '../inc/webadmin-php.php';
 
-  } elseif (preg_match('#^/webadmin/edit/(.*)/?$#', $uri, $params)) {
+  } elseif (preg_match('#^/webadmin/(.*)/alias/?(add|delete)?/?(.*)?/$#', $uri, $params)) {
 
       include_once EVOADMIN_BASE . '../inc/webadmin-edit.php';
 
diff --git a/inc/webadmin-itk.php b/inc/webadmin-itk.php
index d47a972..44a106d 100644
--- a/inc/webadmin-itk.php
+++ b/inc/webadmin-itk.php
@@ -18,28 +18,9 @@ require_once EVOADMIN_BASE . '../lib/domain.php';
 
 global $conf;
 
-if (isset($_GET['enable']) ) {
-    require_once EVOADMIN_BASE . '../evolibs/Form.php';
+if (isset($params[2]) && $params[2] != "") {
 
-    include_once EVOADMIN_BASE . '../tpl/header.tpl.php';
-    include_once EVOADMIN_BASE . '../tpl/menu.tpl.php';
-
-    $servername = array (
-        'domain' => htmlspecialchars(basename($_SERVER['REDIRECT_URL'])),
-    );
-
-    $enable_cmd = 'web-add.sh enable-user-itk ' . $servername['domain'];
-
-    if (isset($params[3]) && $params[3] == "") http_redirect($redirect_url);
-
-    if ($enable_cmd_return == 0) {
-      print 'Sécurité ITK activée.';
-      printf ('
Retour à la gestion ITK
', $_SERVER['REDIRECT_URL']);
-    }
-
-    include_once EVOADMIN_BASE . '../tpl/footer.tpl.php';
-
-} elseif (isset($_GET['disable']) ) {
+    $redirect_url = "/webadmin/" . $params[1] . "/itk/";
 
     require_once EVOADMIN_BASE . '../evolibs/Form.php';
 
@@ -47,23 +28,31 @@ if (isset($_GET['enable']) ) {
     include_once EVOADMIN_BASE . '../tpl/menu.tpl.php';
 
     $servername = array (
-        'domain' => htmlspecialchars(basename($_SERVER['REDIRECT_URL'])),
+        'domain' => $params[1],
     );
 
-    $disable_cmd = 'web-add.sh disable-user-itk ' . $servername['domain'];
+    if ($params[2] == "enable") {
+      $enable_cmd = 'web-add.sh enable-user-itk ' . $servername['domain'];
 
-        sudoexec($enable_cmd, $enable_cmd_output, $enable_cmd_return);
+      sudoexec($enable_cmd, $enable_cmd_output, $enable_cmd_return);
 
-        if ($enable_cmd_return == 0) {
-          print 'Sécurité ITK activée.';
-          printf ('
Retour à la gestion ITK
', $redirect_url);
-        }
+      if ($enable_cmd_return == 0) {
+        print 'Sécurité ITK activée.';
+        printf ('
Retour à la gestion ITK
', $redirect_url);
+      }
     }
     elseif ($params[2] == "disable") {
-        $disable_cmd = 'web-add.sh disable-user-itk ' . $servername['servername'] . ' ' . $servername['domain'];
+      $disable_cmd = 'web-add.sh disable-user-itk ' . $servername['domain'];
+
+      sudoexec($disable_cmd, $disable_cmd_output, $disable_cmd_return);
+
+      if ($disable_cmd_return == 0) {
+        print 'Sécurité ITK désactivée';
+        printf ('
Retour à la gestion ITK
', $redirect_url);
+      }
+    }
 
     include_once EVOADMIN_BASE . '../tpl/footer.tpl.php';
-
 } else {
     $domain = $params[1];
 
diff --git a/inc/webadmin-servername.php b/inc/webadmin-servername.php
index 7141acc..8b58619 100644
--- a/inc/webadmin-servername.php
+++ b/inc/webadmin-servername.php
@@ -28,8 +28,8 @@ if (isset($params[2]) && $params[2] == "edit") {
     include_once EVOADMIN_BASE . '../tpl/header.tpl.php';
     include_once EVOADMIN_BASE . '../tpl/menu.tpl.php';
 
-    $form = new FormPage("Modification du ServerName", FALSE);
-    $form->addField('domain_servername', new DomainInputFormField("ServerName", TRUE), $params[3]);
+    $form = new FormPage("Modification du Servername", FALSE);
+    $form->addField('domain_servername', new DomainInputFormField("Servername", TRUE), $params[3]);
     $form->addField('previous_servername', new DomainInputFormField("", TRUE, TRUE), $params[3]);
 
     if (!empty($_POST)) {
@@ -126,22 +126,22 @@ if (isset($params[2]) && $params[2] == "edit") {
                   if ($exec_return == 0) {
                       //domain_add($serveralias['alias'], gethostbyname($master) , false); TODO avec l'IP du load balancer
                       print "
";
-                      printf ('
Le ServerName %s a bien été modifié
', $servername['servername']);
-                      printf ('
Retour à la liste des ServerNames
', $redirect_url);
+                      printf ('
Le Servername %s a bien été modifié
', $servername['servername']);
+                      printf ('
Retour à la liste des Servernames
', $redirect_url);
                       print "
";
                   }
                   else {
                       print "
";
-                      printf ('
Echec dans la modification du ServerName %s
', $servername['servername']);
-                      printf ('
Retour à la liste des ServerNames
', $redirect_url);
+                      printf ('
Echec dans la modification du Servername %s
', $servername['servername']);
+                      printf ('
Retour à la liste des Servernames
', $redirect_url);
                       print "
";
                   }
                 }
                 else {
                   print "
";
-                  printf ('
Echec dans la modification du ServerName %s
', $servername['servername']);
+                  printf ('
Echec dans la modification du Servername %s
', $servername['servername']);
                   print  ('
Le domaine existe déjà dans d\'autres vhosts.');
-                  printf ('
Retour à la liste des ServerNames
', $redirect_url);
+                  printf ('
Retour à la liste des Servernames
', $redirect_url);
                   print "
";
                 }
             }
@@ -156,10 +156,10 @@ if (isset($params[2]) && $params[2] == "edit") {
           print "";
         }
     } else {
-      print "
Modification du ServerName
";
+      print "
Modification du Servername
";
       print "
";
       print "   
";
-      print "        Modification du ServerName";
+      print "        Modification du Servername";
       print $form;
       print "        
";
       print "     
";
diff --git a/tpl/webadmin-itk.tpl.php b/tpl/webadmin-itk.tpl.php
index e5ca180..5819a3c 100644
--- a/tpl/webadmin-itk.tpl.php
+++ b/tpl/webadmin-itk.tpl.php
@@ -42,7 +42,7 @@
               $action = ['enable', 'Activer'];
             }
 
-            printf(''.$action[1].'',
+            printf(''.$action[1].'',
                     $domain, $action[0]);
           }
           print '';
diff --git a/tpl/webadmin-servername.tpl.php b/tpl/webadmin-servername.tpl.php
index 50b87d3..f712236 100644
--- a/tpl/webadmin-servername.tpl.php
+++ b/tpl/webadmin-servername.tpl.php
@@ -34,7 +34,7 @@
           printf('%s',
               $servername);
           if (is_superadmin())
-              printf('Modifier',
+              printf('Modifier',
                       $domain, $servername);
           print '';
         ?>
diff --git a/tpl/webadmin.tpl.php b/tpl/webadmin.tpl.php
index b138e19..280b6e9 100755
--- a/tpl/webadmin.tpl.php
+++ b/tpl/webadmin.tpl.php
@@ -104,12 +104,12 @@
           if (is_superadmin()) {
               printf('');
               if (!in_array($vhost_info['owner'], $_SESSION['non_standard'])) {
-                printf('Alias - ', $vhost_info['owner']);
-                printf('Servername - ', $vhost_info['owner']);
+                printf('Alias - ', $vhost_info['owner']);
+                printf('Servername - ', $vhost_info['owner']);
                 if(is_multiphp()) {
-                    printf('PHP - ', $vhost_info['owner']);
+                    printf('PHP - ', $vhost_info['owner']);
                 } else {
-                    printf('ITK - ', $vhost_info['owner']);
+                    printf('ITK - ', $vhost_info['owner']);
                 }
                 printf('Supprimer', $vhost_info['owner']);
               } else {

From 4a14333d410a925059a601edcc84523d38dc9986 Mon Sep 17 00:00:00 2001
From: Nicolas Roman 
Date: Thu, 6 Jun 2019 14:51:34 +0200
Subject: [PATCH 027/116] first draft library letsencrypt

---
 lib/letsencrypt.php | 56 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 56 insertions(+)
 create mode 100644 lib/letsencrypt.php

diff --git a/lib/letsencrypt.php b/lib/letsencrypt.php
new file mode 100644
index 0000000..2bf96ac
--- /dev/null
+++ b/lib/letsencrypt.php
@@ -0,0 +1,56 @@
+ $domain) {
+            $curl_handles[$key] = curl_init($domain . self::HTTP_CHALLENGE_URL);
+
+            // setting cURL options
+            curl_setopt($curl_handles[$key], CURLOPT_TIMEOUT, 3);
+            curl_setopt($curl_handles[$key], CURLOPT_HEADER, true);
+            curl_setopt($curl_handles[$key], CURLOPT_NOBODY, true);
+            curl_setopt($curl_handles[$key], CURLOPT_SSL_VERIFYPEER, false);
+            curl_setopt($curl_handles[$key], CURLOPT_FOLLOWLOCATION, true);
+            curl_setopt($curl_handles[$key], CURLOPT_MAXREDIRS, 3);
+            curl_setopt($curl_handles[$key], CURLOPT_REDIR_PROTOCOLS, CURLPROTO_HTTP, CURLPROTO_HTTPS);
+            curl_setopt($curl_handles[$key], CURLOPT_RETURNTRANSFER, true);
+
+            curl_multi_add_handle($curl_multi, $curl_handles[$key]);
+        }
+
+        do {
+            curl_multi_exec($curl_multi, $active);
+        } while ($active);
+
+        foreach ($curl_handles as $curl_handle) {
+            $returned_http_code = curl_getinfo($curl_handle, CURLINFO_HTTP_CODE);
+            $returned_http_url = curl_getinfo($curl_handle, CURLINFO_EFFECTIVE_URL);
+
+            if ($returned_http_code === self::HTTP_OK && strpos($returned_http_url, self::HTTP_CHALLENGE_URL)) {
+                array_push($checked_domains, $returned_http_url);
+            }
+            curl_multi_remove_handle($curl_multi, $curl_handle);
+        }
+        curl_multi_close($curl_multi);
+
+        return $checked_domains;
+    }
+}

From 12b907ea63119d9ec7148eeea30530b39e1b5e20 Mon Sep 17 00:00:00 2001
From: Nicolas Roman 
Date: Thu, 6 Jun 2019 15:41:58 +0200
Subject: [PATCH 028/116] add checkDNSValidity function

---
 lib/letsencrypt.php | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/lib/letsencrypt.php b/lib/letsencrypt.php
index 2bf96ac..38a03a8 100644
--- a/lib/letsencrypt.php
+++ b/lib/letsencrypt.php
@@ -8,6 +8,7 @@ class LetsEncrypt
 {
     const HTTP_OK = 200;
     const HTTP_CHALLENGE_URL = '/.well-known/acme-challenge/';
+
     /**
      * perform a cURL call on the remote resource
      * the cURL call follows redirections and pushes the last valid URL to an array
@@ -45,6 +46,10 @@ class LetsEncrypt
             $returned_http_url = curl_getinfo($curl_handle, CURLINFO_EFFECTIVE_URL);
 
             if ($returned_http_code === self::HTTP_OK && strpos($returned_http_url, self::HTTP_CHALLENGE_URL)) {
+                // retrieve the FQDN
+                $returned_http_url = str_replace(self::HTTP_CHALLENGE_URL, '.', $returned_http_url);
+                $returned_http_url = preg_replace('#^https?://#', '', $returned_http_url);
+
                 array_push($checked_domains, $returned_http_url);
             }
             curl_multi_remove_handle($curl_multi, $curl_handle);
@@ -53,4 +58,27 @@ class LetsEncrypt
 
         return $checked_domains;
     }
+
+    /**
+     * Query the corresponding IP for each domain
+     * @param  Array $domains list of HTTP checked domains
+     * @return Array $valid_dns_domains list of valid domains
+     */
+    public function checkDNSValidity($domains)
+    {
+        $valid_dns_domains = array();
+
+        foreach ($domains as $domain) {
+            $dns_record_ipv4 = dns_get_record($domain, DNS_A);
+            $dns_record_ipv6 = dns_get_record($domain, DNS_AAAA);
+
+            if ($dns_record_ipv4 || $dns_record_ipv6) {
+                // remove the last dot added for the FQDN syntax
+                $domain = rtrim($domain, '.');
+                array_push($valid_dns_domains, $domain);
+            }
+        }
+
+        return $valid_dns_domains;
+    }
 }

From 4cde2338043d197def17ece4b28e14fd5dc77ba9 Mon Sep 17 00:00:00 2001
From: Nicolas Roman 
Date: Thu, 6 Jun 2019 18:15:30 +0200
Subject: [PATCH 029/116] regroup webadmin rules

---
 htdocs/index.php | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/htdocs/index.php b/htdocs/index.php
index c2f5ff0..947c0b1 100755
--- a/htdocs/index.php
+++ b/htdocs/index.php
@@ -75,13 +75,19 @@ if (!array_key_exists('auth', $_SESSION) || $_SESSION['auth']!=1) {
       include_once EVOADMIN_BASE . '../inc/webadmin-edit.php';
 
   } elseif (preg_match('#^/webadmin/delete/(.*)/?$#', $uri, $params)) {
-
+      //TODO: fix according to route naming convention
       include_once EVOADMIN_BASE . '../inc/webadmin-delete.php';
 
   } elseif (preg_match('#^/webadmin/suppr/(.*)/?$#', $uri, $params)) {
 
       include_once EVOADMIN_BASE . '../inc/webadmin-suppr.php';
 
+  } elseif (preg_match('#^/webadmin/(.*)/letsencrypt/?(check)?/?$#', $uri, $params)) {
+
+      include_once EVOADMIN_BASE . '../inc/webadmin-letsencrypt.php';
+
+  } else {
+      http_redirect('/webadmin');
   }
 } elseif (is_superadmin() && preg_match('#^/accounts/?#', $uri, $params)) {
 

From 2193307e14785e85a69bb73ec03ee91842a5300f Mon Sep 17 00:00:00 2001
From: Nicolas Roman 
Date: Thu, 6 Jun 2019 18:16:52 +0200
Subject: [PATCH 030/116] first draft webadmin-letsencrypt.php

---
 inc/webadmin-letsencrypt.php | 66 ++++++++++++++++++++++++++++++++++++
 1 file changed, 66 insertions(+)
 create mode 100644 inc/webadmin-letsencrypt.php

diff --git a/inc/webadmin-letsencrypt.php b/inc/webadmin-letsencrypt.php
new file mode 100644
index 0000000..4c1e4ab
--- /dev/null
+++ b/inc/webadmin-letsencrypt.php
@@ -0,0 +1,66 @@
+checkRemoteResourceAvailability($_SESSION['letsencrypt-domains']);
+    $failed_domains_http = array_diff($_SESSION['letsencrypt-domains'], $checked_domains);
+
+    # debug à améliorer
+    echo '
The following domain(s) failed the HTTP challenge
';
+    foreach ($failed_domains_http as $failed_domain) {
+        echo $failed_domain . '
';
+    }
+
+    // check DNS
+    if (!empty($checked_domains)) {
+        $valid_domains = $letsencrypt->checkDNSValidity($checked_domains);
+        $failed_domains_dns = array_diff($checked_domains, $valid_domains);
+
+        # debug à améliorer
+        echo '
The following domain(s) failed the DNS check
';
+        foreach ($failed_domains_dns as $failed_domain) {
+            echo $failed_domain . '
';
+        }
+    }
+
+    include_once EVOADMIN_BASE . '../tpl/footer.tpl.php';
+} else {
+    include_once EVOADMIN_BASE . '../tpl/header.tpl.php';
+    include_once EVOADMIN_BASE . '../tpl/menu.tpl.php';
+    include_once EVOADMIN_BASE . '../tpl/webadmin-letsencrypt.tpl.php';
+    include_once EVOADMIN_BASE . '../tpl/footer.tpl.php';
+}

From 6b8128e861ed4e3c707c7b896d4e69a638c083d2 Mon Sep 17 00:00:00 2001
From: Nicolas Roman 
Date: Thu, 6 Jun 2019 18:18:09 +0200
Subject: [PATCH 031/116] move FQDN syntax to checkDNSValidity function

---
 lib/letsencrypt.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/lib/letsencrypt.php b/lib/letsencrypt.php
index 38a03a8..8ad886a 100644
--- a/lib/letsencrypt.php
+++ b/lib/letsencrypt.php
@@ -46,8 +46,7 @@ class LetsEncrypt
             $returned_http_url = curl_getinfo($curl_handle, CURLINFO_EFFECTIVE_URL);
 
             if ($returned_http_code === self::HTTP_OK && strpos($returned_http_url, self::HTTP_CHALLENGE_URL)) {
-                // retrieve the FQDN
-                $returned_http_url = str_replace(self::HTTP_CHALLENGE_URL, '.', $returned_http_url);
+                $returned_http_url = str_replace(self::HTTP_CHALLENGE_URL, '', $returned_http_url);
                 $returned_http_url = preg_replace('#^https?://#', '', $returned_http_url);
 
                 array_push($checked_domains, $returned_http_url);
@@ -69,6 +68,8 @@ class LetsEncrypt
         $valid_dns_domains = array();
 
         foreach ($domains as $domain) {
+            //FQDN syntax
+            $domain .= '.';
             $dns_record_ipv4 = dns_get_record($domain, DNS_A);
             $dns_record_ipv6 = dns_get_record($domain, DNS_AAAA);
 

From 2fff30a6588fce203a9412ad7540bc3b824dbd8a Mon Sep 17 00:00:00 2001
From: Nicolas Roman 
Date: Thu, 6 Jun 2019 18:20:27 +0200
Subject: [PATCH 032/116] first draft webadmin-letsencrypt tpl

---
 tpl/webadmin-letsencrypt.tpl.php | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 tpl/webadmin-letsencrypt.tpl.php

diff --git a/tpl/webadmin-letsencrypt.tpl.php b/tpl/webadmin-letsencrypt.tpl.php
new file mode 100644
index 0000000..0800a31
--- /dev/null
+++ b/tpl/webadmin-letsencrypt.tpl.php
@@ -0,0 +1,20 @@
+
Gestion Let's Encrypt

+
+ 0) {
+    ?>
+
+
Liste des domaines à intégrer dans le certificat : 

+
    
+    ' . $domain . '';
+    }
+    ?>
+

+
+
+    Aucun domaine.
";
+}

From b44a70f089af1eeff814792b7c91a0f973c38d89 Mon Sep 17 00:00:00 2001
From: Nicolas Roman 
Date: Fri, 7 Jun 2019 10:43:45 +0200
Subject: [PATCH 033/116] fix CURLOPT_REDIR_PROTOCOLS values

---
 lib/letsencrypt.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/letsencrypt.php b/lib/letsencrypt.php
index 8ad886a..8450394 100644
--- a/lib/letsencrypt.php
+++ b/lib/letsencrypt.php
@@ -31,7 +31,7 @@ class LetsEncrypt
             curl_setopt($curl_handles[$key], CURLOPT_SSL_VERIFYPEER, false);
             curl_setopt($curl_handles[$key], CURLOPT_FOLLOWLOCATION, true);
             curl_setopt($curl_handles[$key], CURLOPT_MAXREDIRS, 3);
-            curl_setopt($curl_handles[$key], CURLOPT_REDIR_PROTOCOLS, CURLPROTO_HTTP, CURLPROTO_HTTPS);
+            curl_setopt($curl_handles[$key], CURLOPT_REDIR_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS);
             curl_setopt($curl_handles[$key], CURLOPT_RETURNTRANSFER, true);
 
             curl_multi_add_handle($curl_multi, $curl_handles[$key]);

From 4a137ae821b3d3f274dc71477dc6709d33112892 Mon Sep 17 00:00:00 2001
From: Nicolas Roman 
Date: Fri, 7 Jun 2019 11:46:01 +0200
Subject: [PATCH 034/116] add h3 error styling

---
 htdocs/inc/css/main.css | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/htdocs/inc/css/main.css b/htdocs/inc/css/main.css
index 7d1195e..47bdd6c 100644
--- a/htdocs/inc/css/main.css
+++ b/htdocs/inc/css/main.css
@@ -30,6 +30,10 @@ h1#top {
     margin-bottom: 10px;
 }
 
+h3.form-error {
+    color: red;
+}
+
 div#disclaimer {
    margin-top: 30px;
 }
@@ -163,4 +167,3 @@ form#form-add legend {
 form#form-add p {
     text-align: left;
 }
-

From 58dda79c6aa8d4af6f9d6689aef501666b748eda Mon Sep 17 00:00:00 2001
From: Nicolas Roman 
Date: Fri, 7 Jun 2019 11:46:29 +0200
Subject: [PATCH 035/116] add letsencrypt link in webadmin page

---
 htdocs/index.php     | 2 +-
 tpl/webadmin.tpl.php | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/htdocs/index.php b/htdocs/index.php
index 947c0b1..5e90a4e 100755
--- a/htdocs/index.php
+++ b/htdocs/index.php
@@ -82,7 +82,7 @@ if (!array_key_exists('auth', $_SESSION) || $_SESSION['auth']!=1) {
 
       include_once EVOADMIN_BASE . '../inc/webadmin-suppr.php';
 
-  } elseif (preg_match('#^/webadmin/(.*)/letsencrypt/?(check)?/?$#', $uri, $params)) {
+  } elseif (preg_match('#^/webadmin/(.*)/letsencrypt/?$#', $uri, $params)) {
 
       include_once EVOADMIN_BASE . '../inc/webadmin-letsencrypt.php';
 
diff --git a/tpl/webadmin.tpl.php b/tpl/webadmin.tpl.php
index 280b6e9..98b02c8 100755
--- a/tpl/webadmin.tpl.php
+++ b/tpl/webadmin.tpl.php
@@ -111,6 +111,7 @@
                 } else {
                     printf('ITK - ', $vhost_info['owner']);
                 }
+                printf('Let\'s Encrypt - ', $vhost_info['owner']);
                 printf('Supprimer', $vhost_info['owner']);
               } else {
                 print 'VirtualHost non standard';

From 320a229d4f5738cf18a08a1069e8852e45f2ef01 Mon Sep 17 00:00:00 2001
From: Nicolas Roman 
Date: Fri, 7 Jun 2019 11:49:11 +0200
Subject: [PATCH 036/116] separate view and controller logic

---
 inc/webadmin-letsencrypt.php     | 31 +++++--------------
 tpl/webadmin-letsencrypt.tpl.php | 52 ++++++++++++++++++++++++--------
 2 files changed, 47 insertions(+), 36 deletions(-)

diff --git a/inc/webadmin-letsencrypt.php b/inc/webadmin-letsencrypt.php
index 4c1e4ab..a0ba620 100644
--- a/inc/webadmin-letsencrypt.php
+++ b/inc/webadmin-letsencrypt.php
@@ -29,38 +29,23 @@ if (!isset($_SESSION['lestencrypt-domains']) || empty($_SESSION['letsencrypt-dom
     $_SESSION['letsencrypt-domains'] = $domains;
 }
 
-if (isset($params[2]) && $params[2] == "check") {
-    include_once EVOADMIN_BASE . '../tpl/header.tpl.php';
-    include_once EVOADMIN_BASE . '../tpl/menu.tpl.php';
+include_once EVOADMIN_BASE . '../tpl/header.tpl.php';
+include_once EVOADMIN_BASE . '../tpl/menu.tpl.php';
 
+if (isset($_POST['submit'])) {
     $letsencrypt = new letsencryt();
 
     // check HTTP
     $checked_domains = $letsencrypt->checkRemoteResourceAvailability($_SESSION['letsencrypt-domains']);
     $failed_domains_http = array_diff($_SESSION['letsencrypt-domains'], $checked_domains);
 
-    # debug à améliorer
-    echo '
The following domain(s) failed the HTTP challenge
';
-    foreach ($failed_domains_http as $failed_domain) {
-        echo $failed_domain . '
';
-    }
-
-    // check DNS
-    if (!empty($checked_domains)) {
+    if (empty($failed_domains_http) && !empty($checked_domains)) {
+        // check DNS
         $valid_domains = $letsencrypt->checkDNSValidity($checked_domains);
         $failed_domains_dns = array_diff($checked_domains, $valid_domains);
-
-        # debug à améliorer
-        echo '
The following domain(s) failed the DNS check
';
-        foreach ($failed_domains_dns as $failed_domain) {
-            echo $failed_domain . '
';
-        }
     }
-
-    include_once EVOADMIN_BASE . '../tpl/footer.tpl.php';
 } else {
-    include_once EVOADMIN_BASE . '../tpl/header.tpl.php';
-    include_once EVOADMIN_BASE . '../tpl/menu.tpl.php';
-    include_once EVOADMIN_BASE . '../tpl/webadmin-letsencrypt.tpl.php';
-    include_once EVOADMIN_BASE . '../tpl/footer.tpl.php';
+    // page de base
 }
+include_once EVOADMIN_BASE . '../tpl/webadmin-letsencrypt.tpl.php';
+include_once EVOADMIN_BASE . '../tpl/footer.tpl.php';
diff --git a/tpl/webadmin-letsencrypt.tpl.php b/tpl/webadmin-letsencrypt.tpl.php
index 0800a31..0b3bc43 100644
--- a/tpl/webadmin-letsencrypt.tpl.php
+++ b/tpl/webadmin-letsencrypt.tpl.php
@@ -1,20 +1,46 @@
 
Gestion Let's Encrypt

 
  0) {
-    ?>
+if (isset($_POST['submit'])) {
+    if (count($failed_domains_http) > 0) {
+        echo '
Erreur HTTP
';
 
-
Liste des domaines à intégrer dans le certificat : 

-
    
-    ' . $domain . '';
+        echo '
    ';
+        echo 'Le challenge HTTP a échoué pour le(s) domaine(s) ci-dessous.
+              Merci de vérifier que le dossier /.well-known/acme-challenge/ est accessible.';
+        echo '
    ';
+
+        echo '
    ';
+        foreach ($failed_domains_http as $failed_domain) {
+            echo $failed_domain . "
    ";
+        }
+        echo '
    ';
+    } elseif (count($failed_domains_dns) > 0) {
+        echo '
    Erreur DNS
    ';
+
+        echo '
    ';
+        echo 'La vérification DNS a échoué pour les domaines ci-dessous.
+              Merci de vérifier les enregistrements de type A et AAAA.';
+        echo '
    ';
+
+        foreach ($failed_domains_dns as $failed_domain) {
+            echo $failed_domain . "
    ";
+        }
+    } else {
+        echo "all checks succeeded";
     }
-    ?>
-

-
-
-    Aucun domaine.
";
+    echo "
Les domaines suivants seront intégrés au certificat : 
";
+    if (count($_SESSION['letsencrypt-domains']) > 0) {
+        echo '
';
+        foreach ($_SESSION['letsencrypt-domains'] as $domain) {
+            echo $domain . '
';
+        }
+        echo '
';
+        ?>
+        
+            

+        
+        
Date: Fri, 7 Jun 2019 14:10:07 +0200
Subject: [PATCH 037/116] add manage-http-challenge-file function

---
 scripts/web-add.sh | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index b4ca350..27b874c 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -156,6 +156,11 @@ setphpversion LOGIN VERSION
 setquota LOGIN QUOTA_SOFT:QUOTA_HARD
 
     Change quotas for LOGIN
+
+manage-http-challenge-file [CREATE | DELETE]
+
+    Create or delete a dummy file for the Let's Encrypt HTTP challenge
+    The default directory is /var/lib/letsencrypt/.well-known/
 EOT
 }
 
@@ -845,6 +850,9 @@ arg_processing() {
         setquota)
             op_setquota "$@"
             ;;
+        manage-http-challenge-file)
+            op_managehttpchallengefile "$@"
+            ;;
         *)
             usage
             ;;
@@ -852,6 +860,22 @@ arg_processing() {
     fi
 }
 
+op_managehttpchallengefile() {
+    if [ $# -eq 1 ]; then
+        file="/var/lib/letsencrypt/.well-known/123456789"
+        action=${1};
+
+        if [ "$action" = "create" ]; then
+            touch "$file"
+            chmod 755 "$file"
+        elif [ "$action" = "delete" ]; then
+            rm "$file"
+        else usage
+        fi
+    else usage
+    fi
+}
+
 op_listvhost() {
     if [ $# -eq 1 ]; then
         configlist="$VHOST_PATH/${1}.conf";

From bd6d70fbfe7ce36205f5d5f7b11f6389d73bfc10 Mon Sep 17 00:00:00 2001
From: Nicolas Roman 
Date: Fri, 7 Jun 2019 15:22:42 +0200
Subject: [PATCH 038/116] change http challenge filename

---
 scripts/web-add.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index 27b874c..05fdada 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -862,7 +862,7 @@ arg_processing() {
 
 op_managehttpchallengefile() {
     if [ $# -eq 1 ]; then
-        file="/var/lib/letsencrypt/.well-known/123456789"
+        file="/var/lib/letsencrypt/.well-known/acme-challenge"
         action=${1};
 
         if [ "$action" = "create" ]; then

From f6cfe14cdcd1d4b9b654ca75e561ca79a1a66721 Mon Sep 17 00:00:00 2001
From: Nicolas Roman 
Date: Fri, 7 Jun 2019 15:23:39 +0200
Subject: [PATCH 039/116] add createFileHttpChallenge and
 deleteFileHttpChallenge functions

---
 lib/letsencrypt.php | 24 +++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/lib/letsencrypt.php b/lib/letsencrypt.php
index 8450394..7b5c41a 100644
--- a/lib/letsencrypt.php
+++ b/lib/letsencrypt.php
@@ -7,7 +7,25 @@ namespace lib;
 class LetsEncrypt
 {
     const HTTP_OK = 200;
-    const HTTP_CHALLENGE_URL = '/.well-known/acme-challenge/';
+    const HTTP_CHALLENGE_URL = '/.well-known/acme-challenge';
+
+    /**
+     * create the file used to test the HTTP challenge
+     */
+    private function createFileHttpChallenge()
+    {
+        $cmd = 'web-add.sh manage-http-challenge-file create';
+        sudoexec($cmd, $data_output, $exec_return);
+    }
+
+    /**
+     * delete the file used to test the HTTP challenge
+     */
+    private function deleteFileHttpChallenge()
+    {
+        $cmd = 'web-add.sh manage-http-challenge-file delete';
+        sudoexec($cmd, $data_output, $exec_return);
+    }
 
     /**
      * perform a cURL call on the remote resource
@@ -17,6 +35,8 @@ class LetsEncrypt
      */
     public function checkRemoteResourceAvailability($domains)
     {
+        $this->createFileHttpChallenge();
+
         $curl_multi = curl_multi_init();
         $curl_handles = array();
         $checked_domains = array();
@@ -55,6 +75,8 @@ class LetsEncrypt
         }
         curl_multi_close($curl_multi);
 
+        $this->deleteFileHttpChallenge();
+
         return $checked_domains;
     }
 

From 15faf3dfdc7f168adbdfacc76539f9b1993734b4 Mon Sep 17 00:00:00 2001
From: Nicolas Roman 
Date: Fri, 7 Jun 2019 15:24:38 +0200
Subject: [PATCH 040/116] add isEvoacmeInstalled function

---
 lib/letsencrypt.php | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/lib/letsencrypt.php b/lib/letsencrypt.php
index 7b5c41a..d640d01 100644
--- a/lib/letsencrypt.php
+++ b/lib/letsencrypt.php
@@ -104,4 +104,20 @@ class LetsEncrypt
 
         return $valid_dns_domains;
     }
+
+    /**
+     * check the presence of make-csr and evoacme binaries
+     * @return boolean
+     */
+    public function isEvoacmeInstalled()
+    {
+        $output_make_csr = shell_exec("which make-csr");
+        $output_evoacme = shell_exec("which evoacme");
+
+        if (empty($output_make_csr) || empty($output_evoacme)) {
+            return false;
+        }
+
+        return true;
+    }
 }

From d7f0a5e36c0f3cf4bce1696102ea298af9c3b0c8 Mon Sep 17 00:00:00 2001
From: Nicolas Roman 
Date: Fri, 7 Jun 2019 15:25:15 +0200
Subject: [PATCH 041/116] change error handling for let's encrypt checks

---
 inc/webadmin-letsencrypt.php     | 40 ++++++++++++++++++++++++++------
 tpl/webadmin-letsencrypt.tpl.php | 32 +++++++------------------
 2 files changed, 42 insertions(+), 30 deletions(-)

diff --git a/inc/webadmin-letsencrypt.php b/inc/webadmin-letsencrypt.php
index a0ba620..2d78300 100644
--- a/inc/webadmin-letsencrypt.php
+++ b/inc/webadmin-letsencrypt.php
@@ -34,18 +34,44 @@ include_once EVOADMIN_BASE . '../tpl/menu.tpl.php';
 
 if (isset($_POST['submit'])) {
     $letsencrypt = new letsencryt();
+    $error_message = '';
 
-    // check HTTP
-    $checked_domains = $letsencrypt->checkRemoteResourceAvailability($_SESSION['letsencrypt-domains']);
-    $failed_domains_http = array_diff($_SESSION['letsencrypt-domains'], $checked_domains);
+    while (true) {
+        // check domains list
+        if (empty($_SESSION['letsencrypt-domains'])) {
+            $error_message = "Erreur : la liste des domaines est vide.";
+            break;
+        }
+
+        // check if evoacme is installed
+        $binaries_installed = $letsencrypt->isEvoacmeInstalled();
+        if (!$binaries_installed) {
+            $error_message = "Erreur : les binaires Evoacme ne sont pas installés.
+                              Veuillez contacter un administrateur.";
+            break;
+        }
+
+        // check HTTP
+        $checked_domains = $letsencrypt->checkRemoteResourceAvailability($_SESSION['letsencrypt-domains']);
+        $failed_domains = array_diff($_SESSION['letsencrypt-domains'], $checked_domains);
+        if (!empty($failed_domains)) {
+            $error_message = "Erreur : Le challenge HTTP a échoué pour le(s) domaine(s) ci-dessous.
+                              Merci de vérifier que le dossier /.well-known/ est accessible.";
+            break;
+        }
 
-    if (empty($failed_domains_http) && !empty($checked_domains)) {
         // check DNS
         $valid_domains = $letsencrypt->checkDNSValidity($checked_domains);
-        $failed_domains_dns = array_diff($checked_domains, $valid_domains);
+        $failed_domains = array_diff($checked_domains, $valid_domains);
+        if (!empty($failed_domains)) {
+            $error_message = "Erreur : La vérification DNS a échoué pour les domaines ci-dessous.
+                              Merci de vérifier les enregistrements de type A et AAAA.";
+            break;
+        }
+
+        break;
     }
-} else {
-    // page de base
 }
+
 include_once EVOADMIN_BASE . '../tpl/webadmin-letsencrypt.tpl.php';
 include_once EVOADMIN_BASE . '../tpl/footer.tpl.php';
diff --git a/tpl/webadmin-letsencrypt.tpl.php b/tpl/webadmin-letsencrypt.tpl.php
index 0b3bc43..39a833c 100644
--- a/tpl/webadmin-letsencrypt.tpl.php
+++ b/tpl/webadmin-letsencrypt.tpl.php
@@ -2,32 +2,18 @@
 
  0) {
-        echo '
Erreur HTTP
';
+    if (!empty($error_message)) {
+        echo '' . $error_message . '';
 
-        echo '
';
-        echo 'Le challenge HTTP a échoué pour le(s) domaine(s) ci-dessous.
-              Merci de vérifier que le dossier /.well-known/acme-challenge/ est accessible.';
-        echo '
';
-
-        echo '
';
-        foreach ($failed_domains_http as $failed_domain) {
-            echo $failed_domain . "
";
-        }
-        echo '
';
-    } elseif (count($failed_domains_dns) > 0) {
-        echo '
Erreur DNS
';
-
-        echo '
';
-        echo 'La vérification DNS a échoué pour les domaines ci-dessous.
-              Merci de vérifier les enregistrements de type A et AAAA.';
-        echo '
';
-
-        foreach ($failed_domains_dns as $failed_domain) {
-            echo $failed_domain . "
";
+        if (count($failed_domains) > 0) {
+            echo '
';
+            foreach ($failed_domains as $failed_domain) {
+                echo $failed_domain . "
";
+            }
+            echo '
';
         }
     } else {
-        echo "all checks succeeded";
+        echo 'checks succeeded.';
     }
 } else {
     echo "
Les domaines suivants seront intégrés au certificat : 
";

From 2737edbc11117ff9a5ad6c8471fb8eead47a28da Mon Sep 17 00:00:00 2001
From: Nicolas Roman 
Date: Fri, 7 Jun 2019 15:25:34 +0200
Subject: [PATCH 042/116] update let's encrypt button name

---
 tpl/webadmin-letsencrypt.tpl.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tpl/webadmin-letsencrypt.tpl.php b/tpl/webadmin-letsencrypt.tpl.php
index 39a833c..d95698e 100644
--- a/tpl/webadmin-letsencrypt.tpl.php
+++ b/tpl/webadmin-letsencrypt.tpl.php
@@ -25,7 +25,7 @@ if (isset($_POST['submit'])) {
         echo '
';
         ?>
         

-            

+            

         

         
Date: Wed, 3 Jul 2019 18:18:27 +0200
Subject: [PATCH 043/116] retrieve SSL cert and parse it, check the issuer, the
 expiration date and the SAN

---
 lib/letsencrypt.php | 64 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 64 insertions(+)

diff --git a/lib/letsencrypt.php b/lib/letsencrypt.php
index d640d01..2862320 100644
--- a/lib/letsencrypt.php
+++ b/lib/letsencrypt.php
@@ -120,4 +120,68 @@ class LetsEncrypt
 
         return true;
     }
+
+    /**
+     * Retrieve the SSL certificate from the URL
+     * @param  string $url
+     * @return Array|false $cont list of parameters of the certificate, or false
+     */
+    public function getCertificate($url)
+    {
+        $stream = stream_context_create(array("ssl" => array("capture_peer_cert" => true)));
+        $read = fopen($url, "rb", false, $stream);
+        $cont = stream_context_get_params($read);
+
+        return $cont;
+    }
+
+    /**
+     * Parse the certificat arguments and extract data
+     * @param  Array $certificateParameters certificat arguments
+     * @return Array $infosCert contains only the issuer, domains and expiration date
+     */
+    public function parseCertificate($certificateParameters)
+    {
+        $infosCert = array();
+        $parsedParameters = openssl_x509_parse($certificateParameters["options"]["ssl"]["peer_certificate"]);
+        $issuer = $parsedParameters["issuer"]["O"];
+        $includedDomains = $parsedParameters["extensions"]["subjectAltName"];
+        $validUntil = $parsedParameters["validTo_time_t"];
+
+        array_push($infosCert, $issuer);
+        array_push($infosCert, $includedDomains);
+        array_push($infosCert, $validUntil);
+
+        return $infosCert;
+    }
+
+    /**
+     * Check wether the certificat is issued by Let's Encrypt or not
+     * @param  string  $issuer name of the certificat issuer
+     * @return boolean
+     */
+    public function isCertIssuedByLetsEncrypt($issuer)
+    {
+        return ($issuer === "Let's Encrypt") ? true : false;
+    }
+
+    /**
+     * Check wether the certificat is valid or not
+     * @param  string  $timestampCertValidUntil certificat expiration date in timestamp
+     * @return boolean
+     */
+    public function isCertValid($timestampCertValidUntil)
+    {
+        $currentDate = time();
+
+        return ($timestampCertValidUntil > $currentDate) ? true : false;
+    }
+
+    public function isDomainIncludedInCert($domainRequested, $san)
+    {
+        $san = preg_replace('/DNS:| DNS:/', '', $san);
+        $sanArray = explode(',', $san);
+
+        return (in_array($domainRequested, $sanArray)) ? true : false;
+    }
 }

From 3b9a53425331fe996abb3ccd01ab038532696674 Mon Sep 17 00:00:00 2001
From: Nicolas Roman 
Date: Thu, 4 Jul 2019 15:51:58 +0200
Subject: [PATCH 044/116] filter empty items from session variable of domains

---
 inc/webadmin-letsencrypt.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inc/webadmin-letsencrypt.php b/inc/webadmin-letsencrypt.php
index 2d78300..f8450a7 100644
--- a/inc/webadmin-letsencrypt.php
+++ b/inc/webadmin-letsencrypt.php
@@ -26,7 +26,7 @@ if (!isset($_SESSION['lestencrypt-domains']) || empty($_SESSION['letsencrypt-dom
         array_push($domains, $alias);
     }
 
-    $_SESSION['letsencrypt-domains'] = $domains;
+    $_SESSION['letsencrypt-domains'] = array_filter($domains);
 }
 
 include_once EVOADMIN_BASE . '../tpl/header.tpl.php';

From 43318dc09a9f988553fb0a88cc266f510f4e69b3 Mon Sep 17 00:00:00 2001
From: Nicolas Roman 
Date: Thu, 4 Jul 2019 15:52:55 +0200
Subject: [PATCH 045/116] add https prefix to getCertificate method

---
 lib/letsencrypt.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/letsencrypt.php b/lib/letsencrypt.php
index 2862320..2550d0a 100644
--- a/lib/letsencrypt.php
+++ b/lib/letsencrypt.php
@@ -123,13 +123,13 @@ class LetsEncrypt
 
     /**
      * Retrieve the SSL certificate from the URL
-     * @param  string $url
+     * @param  string $domain
      * @return Array|false $cont list of parameters of the certificate, or false
      */
-    public function getCertificate($url)
+    public function getCertificate($domain)
     {
         $stream = stream_context_create(array("ssl" => array("capture_peer_cert" => true)));
-        $read = fopen($url, "rb", false, $stream);
+        $read = fopen("https://" . $domain , "rb", false, $stream);
         $cont = stream_context_get_params($read);
 
         return $cont;

From 1fc8a3e322414502d50d6ae13f490ef9b1d24dd9 Mon Sep 17 00:00:00 2001
From: Nicolas Roman 
Date: Thu, 4 Jul 2019 15:53:35 +0200
Subject: [PATCH 046/116] add keys to return array for parseCertificate method

---
 lib/letsencrypt.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/letsencrypt.php b/lib/letsencrypt.php
index 2550d0a..cd0ca65 100644
--- a/lib/letsencrypt.php
+++ b/lib/letsencrypt.php
@@ -148,9 +148,9 @@ class LetsEncrypt
         $includedDomains = $parsedParameters["extensions"]["subjectAltName"];
         $validUntil = $parsedParameters["validTo_time_t"];
 
-        array_push($infosCert, $issuer);
-        array_push($infosCert, $includedDomains);
-        array_push($infosCert, $validUntil);
+        $infosCert["issuer"] = $issuer;
+        $infosCert["includedDomains"] = $includedDomains;
+        $infosCert["validUntil"] = $validUntil;
 
         return $infosCert;
     }

From c4a6b1f069ea5769bfd5dfb25a1ed721f646613d Mon Sep 17 00:00:00 2001
From: Nicolas Roman 
Date: Thu, 4 Jul 2019 15:55:10 +0200
Subject: [PATCH 047/116] errors handling for SSL check with the issuer,
 validity date and included domains

---
 inc/webadmin-letsencrypt.php | 58 ++++++++++++++++++++++++++++++++----
 1 file changed, 53 insertions(+), 5 deletions(-)

diff --git a/inc/webadmin-letsencrypt.php b/inc/webadmin-letsencrypt.php
index f8450a7..dec4b55 100644
--- a/inc/webadmin-letsencrypt.php
+++ b/inc/webadmin-letsencrypt.php
@@ -34,28 +34,76 @@ include_once EVOADMIN_BASE . '../tpl/menu.tpl.php';
 
 if (isset($_POST['submit'])) {
     $letsencrypt = new letsencryt();
-    $error_message = '';
+    $errorMessage = '';
+    $warningMessage = '';
 
     while (true) {
         // check domains list
         if (empty($_SESSION['letsencrypt-domains'])) {
-            $error_message = "Erreur : la liste des domaines est vide.";
+            $errorMessage = "Erreur : la liste des domaines est vide.";
             break;
         }
 
         // check if evoacme is installed
         $binaries_installed = $letsencrypt->isEvoacmeInstalled();
         if (!$binaries_installed) {
-            $error_message = "Erreur : les binaires Evoacme ne sont pas installés.
+            $errorMessage = "Erreur : les binaires Evoacme ne sont pas installés.
                               Veuillez contacter un administrateur.";
             break;
         }
 
+        // Check existing SSL certificate
+        $domainsIncluded = array();
+        foreach ($_SESSION['letsencrypt-domains'] as $domain) {
+            $existingSSLCertificate = $letsencrypt->getCertificate($domain);
+            if (is_bool($existingSSLCertificate)) {
+                continue;
+            }
+            $parsedCertificate = $letsencrypt->parseCertificate($existingSSLCertificate);
+
+            // check if LE is the certificate issuer
+            $isIssuerValid = $letsencrypt->isCertIssuedByLetsEncrypt($parsedCertificate["issuer"]);
+            if (!$isIssuerValid) {
+                $errorMessage = "Erreur : le certificat existant n'est pas géré par Let's Encrypt.";
+                break 2; // break the foreach and the while
+            }
+
+            // check if the domain is already in the certificate
+            $isDomainIncluded = $letsencrypt->isDomainIncludedInCert($domain, $parsedCertificate["includedDomains"]);
+            if ($isDomainIncluded) {
+                array_push($domainsIncluded, $domain);
+                continue; // break only the current foreach iteration
+            }
+
+            // check wether the certificate is valid or expired
+            $isCertValid = $letsencrypt->isCertValid($parsedCertificate["validUntil"]);
+            if (!$îsCertValid) {
+                $warningMessage = "Attention : le certificat existant n'est plus valide.
+                                 Souhaitez-vous le renouveller ?";
+                break 2;
+            }
+        }
+
+        // contains all the domains included in the existing certificate
+        if (!empty($domainsIncluded)) {
+            $domainsNotIncluded = array_diff($_SESSION['letsencrypt-domains'], $domainsIncluded);
+
+            if (empty($domainsNotIncluded)) {
+                $errorMessage = "Erreur : le certificat existant couvre déjà tous les domaines.";
+                break;
+            }
+
+            $warningMessage = "Attention : le certificat existant couvre déjà certains domaines.
+                             Souhaitez-vous le renouveller ?";
+
+            break;
+        }
+
         // check HTTP
         $checked_domains = $letsencrypt->checkRemoteResourceAvailability($_SESSION['letsencrypt-domains']);
         $failed_domains = array_diff($_SESSION['letsencrypt-domains'], $checked_domains);
         if (!empty($failed_domains)) {
-            $error_message = "Erreur : Le challenge HTTP a échoué pour le(s) domaine(s) ci-dessous.
+            $errorMessage = "Erreur : Le challenge HTTP a échoué pour le(s) domaine(s) ci-dessous.
                               Merci de vérifier que le dossier /.well-known/ est accessible.";
             break;
         }
@@ -64,7 +112,7 @@ if (isset($_POST['submit'])) {
         $valid_domains = $letsencrypt->checkDNSValidity($checked_domains);
         $failed_domains = array_diff($checked_domains, $valid_domains);
         if (!empty($failed_domains)) {
-            $error_message = "Erreur : La vérification DNS a échoué pour les domaines ci-dessous.
+            $errorMessage = "Erreur : La vérification DNS a échoué pour les domaines ci-dessous.
                               Merci de vérifier les enregistrements de type A et AAAA.";
             break;
         }

From 3ab7a010779c05f1420ed0b28423f76dd4bfa3aa Mon Sep 17 00:00:00 2001
From: Nicolas Roman 
Date: Thu, 4 Jul 2019 15:55:38 +0200
Subject: [PATCH 048/116] new warning rule with orange color for span element

---
 htdocs/inc/css/main.css | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/htdocs/inc/css/main.css b/htdocs/inc/css/main.css
index 47bdd6c..39748c8 100644
--- a/htdocs/inc/css/main.css
+++ b/htdocs/inc/css/main.css
@@ -139,6 +139,11 @@ span.form-error {
     margin-left: 4px;
 }
 
+span.form-warning {
+    color: #E84D0C;
+    margin-left: 4px;
+}
+
 span.form-mandatory {
     color: red;
 }

From 1cf62beb552e2daa270260d80f19e58ed7e47493 Mon Sep 17 00:00:00 2001
From: Nicolas Roman 
Date: Thu, 4 Jul 2019 18:00:59 +0200
Subject: [PATCH 049/116] retrieve the correct aliases and servername from a
 specified vhost

---
 inc/webadmin-letsencrypt.php | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/inc/webadmin-letsencrypt.php b/inc/webadmin-letsencrypt.php
index dec4b55..2859aab 100644
--- a/inc/webadmin-letsencrypt.php
+++ b/inc/webadmin-letsencrypt.php
@@ -7,11 +7,7 @@ use lib\LetsEncrypt as letsencryt;
 // store domain and aliases in session
 if (!isset($_SESSION['lestencrypt-domains']) || empty($_SESSION['letsencrypt-domains'])) {
     $domain = $params[1];
-    $cmd = 'web-add.sh list-vhost';
-
-    if (!is_superadmin()) {
-        $cmd = sprintf('%s %s', $cmd, $domain);
-    }
+    $cmd = 'web-add.sh list-vhost ' . $domain;
 
     sudoexec($cmd, $data_output, $exec_return);
 

From 1b4231e1a93588c0d6255b77fa2c064da1962fca Mon Sep 17 00:00:00 2001
From: Nicolas Roman 
Date: Tue, 9 Jul 2019 18:07:47 +0200
Subject: [PATCH 050/116] make-csr function and confirmation button when
 warning is displayed

---
 inc/webadmin-letsencrypt.php     | 23 ++++++---
 lib/letsencrypt.php              | 89 +++++++++++++++++---------------
 scripts/web-add.sh               | 36 +++++++++++--
 tpl/webadmin-letsencrypt.tpl.php | 18 +++++--
 4 files changed, 110 insertions(+), 56 deletions(-)

diff --git a/inc/webadmin-letsencrypt.php b/inc/webadmin-letsencrypt.php
index 2859aab..ff85b37 100644
--- a/inc/webadmin-letsencrypt.php
+++ b/inc/webadmin-letsencrypt.php
@@ -52,6 +52,7 @@ if (isset($_POST['submit'])) {
         $domainsIncluded = array();
         foreach ($_SESSION['letsencrypt-domains'] as $domain) {
             $existingSSLCertificate = $letsencrypt->getCertificate($domain);
+            // if no certificate is present (false returned) for this domain, go to the next domain
             if (is_bool($existingSSLCertificate)) {
                 continue;
             }
@@ -73,7 +74,7 @@ if (isset($_POST['submit'])) {
 
             // check wether the certificate is valid or expired
             $isCertValid = $letsencrypt->isCertValid($parsedCertificate["validUntil"]);
-            if (!$îsCertValid) {
+            if (!$îsCertValid && !isset($_POST['force_renew'])) {
                 $warningMessage = "Attention : le certificat existant n'est plus valide.
                                  Souhaitez-vous le renouveller ?";
                 break 2;
@@ -81,7 +82,7 @@ if (isset($_POST['submit'])) {
         }
 
         // contains all the domains included in the existing certificate
-        if (!empty($domainsIncluded)) {
+        if (!empty($domainsIncluded) && !isset($_POST['force_renew'])) {
             $domainsNotIncluded = array_diff($_SESSION['letsencrypt-domains'], $domainsIncluded);
 
             if (empty($domainsNotIncluded)) {
@@ -96,11 +97,11 @@ if (isset($_POST['submit'])) {
         }
 
         // check HTTP
-        $checked_domains = $letsencrypt->checkRemoteResourceAvailability($_SESSION['letsencrypt-domains']);
-        $failed_domains = array_diff($_SESSION['letsencrypt-domains'], $checked_domains);
-        if (!empty($failed_domains)) {
-            $errorMessage = "Erreur : Le challenge HTTP a échoué pour le(s) domaine(s) ci-dessous.
-                              Merci de vérifier que le dossier /.well-known/ est accessible.";
+        $isRemoteResourceAvailable = $letsencrypt->checkRemoteResourceAvailability($_SESSION['letsencrypt-domains'][0]);
+
+        if (!$isRemoteResourceAvailable) {
+            $errorMessage = "Erreur : Le challenge HTTP a échoué.

+                              Merci de vérifier que le dossier /.well-known/evoacme-challenge/ est accessible.";
             break;
         }
 
@@ -115,6 +116,14 @@ if (isset($_POST['submit'])) {
 
         break;
     }
+
+    // make csr
+    $isCsrGenerated = $letsencrypt->makeCsr($params[1], $_SESSION['letsencrypt-domains']);
+
+    // evoacme TEST ou DRY RUN
+    // evoacme
+    // modifier configuration vhosts
+    // reload service web
 }
 
 include_once EVOADMIN_BASE . '../tpl/webadmin-letsencrypt.tpl.php';
diff --git a/lib/letsencrypt.php b/lib/letsencrypt.php
index cd0ca65..b355505 100644
--- a/lib/letsencrypt.php
+++ b/lib/letsencrypt.php
@@ -7,7 +7,7 @@ namespace lib;
 class LetsEncrypt
 {
     const HTTP_OK = 200;
-    const HTTP_CHALLENGE_URL = '/.well-known/acme-challenge';
+    const HTTP_CHALLENGE_URL = '/.well-known/acme-challenge/testfile';
 
     /**
      * create the file used to test the HTTP challenge
@@ -28,56 +28,63 @@ class LetsEncrypt
     }
 
     /**
-     * perform a cURL call on the remote resource
-     * the cURL call follows redirections and pushes the last valid URL to an array
-     * @param  Array  $domains list of domains
-     * @return Array  $checked_domains list of checked domains
+     * generate a CSR
+     * @param  string $vhost
+     * @param  Array $domains
+     * @return boolean
      */
-    public function checkRemoteResourceAvailability($domains)
+    public function makeCsr($vhost, $domains)
+    {
+        $domains = implode(' ', $domains);
+        $cmd = 'web-add.sh generate-csr ' . $vhost . ' ' . "$domains";
+
+        sudoexec($cmd ,$data_output, $exec_return);
+
+        if ($exec_return == 0) {
+            return true;
+        }
+
+        return false;
+    }
+
+    /**
+     * perform a cURL call on the remote resource
+     * the cURL call follows redirections
+     * @param  Array  $domains list of domains
+     * @return boolean
+     */
+    public function checkRemoteResourceAvailability($domain)
     {
         $this->createFileHttpChallenge();
 
-        $curl_multi = curl_multi_init();
-        $curl_handles = array();
-        $checked_domains = array();
+        $curl_handler = curl_init();
 
-        foreach ($domains as $key => $domain) {
-            $curl_handles[$key] = curl_init($domain . self::HTTP_CHALLENGE_URL);
+        // setting cURL options
+        curl_setopt($curl_handler, CURLOPT_URL, $domain . self::HTTP_CHALLENGE_URL);
+        curl_setopt($curl_handler, CURLOPT_TIMEOUT, 3);
+        curl_setopt($curl_handler, CURLOPT_HEADER, true);
+        curl_setopt($curl_handler, CURLOPT_NOBODY, true);
+        curl_setopt($curl_handler, CURLOPT_SSL_VERIFYPEER, false);
+        curl_setopt($curl_handler, CURLOPT_FOLLOWLOCATION, true);
+        curl_setopt($curl_handler, CURLOPT_MAXREDIRS, 3);
+        curl_setopt($curl_handler, CURLOPT_REDIR_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS);
+        curl_setopt($curl_handler, CURLOPT_RETURNTRANSFER, true);
 
-            // setting cURL options
-            curl_setopt($curl_handles[$key], CURLOPT_TIMEOUT, 3);
-            curl_setopt($curl_handles[$key], CURLOPT_HEADER, true);
-            curl_setopt($curl_handles[$key], CURLOPT_NOBODY, true);
-            curl_setopt($curl_handles[$key], CURLOPT_SSL_VERIFYPEER, false);
-            curl_setopt($curl_handles[$key], CURLOPT_FOLLOWLOCATION, true);
-            curl_setopt($curl_handles[$key], CURLOPT_MAXREDIRS, 3);
-            curl_setopt($curl_handles[$key], CURLOPT_REDIR_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS);
-            curl_setopt($curl_handles[$key], CURLOPT_RETURNTRANSFER, true);
+        curl_exec($curl_handler);
 
-            curl_multi_add_handle($curl_multi, $curl_handles[$key]);
-        }
-
-        do {
-            curl_multi_exec($curl_multi, $active);
-        } while ($active);
-
-        foreach ($curl_handles as $curl_handle) {
-            $returned_http_code = curl_getinfo($curl_handle, CURLINFO_HTTP_CODE);
-            $returned_http_url = curl_getinfo($curl_handle, CURLINFO_EFFECTIVE_URL);
-
-            if ($returned_http_code === self::HTTP_OK && strpos($returned_http_url, self::HTTP_CHALLENGE_URL)) {
-                $returned_http_url = str_replace(self::HTTP_CHALLENGE_URL, '', $returned_http_url);
-                $returned_http_url = preg_replace('#^https?://#', '', $returned_http_url);
-
-                array_push($checked_domains, $returned_http_url);
-            }
-            curl_multi_remove_handle($curl_multi, $curl_handle);
-        }
-        curl_multi_close($curl_multi);
+        $returned_http_code = curl_getinfo($curl_handler, CURLINFO_HTTP_CODE);
+        $returned_http_url = curl_getinfo($curl_handler, CURLINFO_EFFECTIVE_URL);
 
         $this->deleteFileHttpChallenge();
 
-        return $checked_domains;
+        if ($returned_http_code === self::HTTP_OK && strpos($returned_http_url, self::HTTP_CHALLENGE_URL)) {
+            $returned_http_url = str_replace(self::HTTP_CHALLENGE_URL, '', $returned_http_url);
+            $returned_http_url = preg_replace('#^https?://#', '', $returned_http_url);
+
+            return true;
+        }
+
+        return false;
     }
 
     /**
diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index 05fdada..bd4571b 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -853,6 +853,9 @@ arg_processing() {
         manage-http-challenge-file)
             op_managehttpchallengefile "$@"
             ;;
+        generate-csr)
+            op_makecsr "$@"
+            ;;
         *)
             usage
             ;;
@@ -860,16 +863,41 @@ arg_processing() {
     fi
 }
 
+op_makecsr() {
+    if [ $# -gt 1 ]; then
+        vhost="$1"
+        domains=""
+
+        # remove the first argument to keep only the domains
+        shift 1
+
+        for domain in "$@"; do
+            domains="${domains:+${domains} }${domain}"
+        done
+
+        # pipe the domains to make-csr because we don't have STDIN
+        echo "$domains" | make-csr "$vhost"
+    else usage
+    fi
+}
+
 op_managehttpchallengefile() {
     if [ $# -eq 1 ]; then
-        file="/var/lib/letsencrypt/.well-known/acme-challenge"
+        folder="/var/lib/letsencrypt/.well-known/acme-challenge"
+        file="testfile"
+
         action=${1};
 
         if [ "$action" = "create" ]; then
-            touch "$file"
-            chmod 755 "$file"
+            if [ ! -d "$folder" ]; then
+                mkdir "$folder"
+            fi
+            if [ ! -f "$folder/$file" ]; then
+                touch "$folder/$file"
+            fi
+            chmod -R 755 "$folder"
         elif [ "$action" = "delete" ]; then
-            rm "$file"
+            rm -r "$folder"
         else usage
         fi
     else usage
diff --git a/tpl/webadmin-letsencrypt.tpl.php b/tpl/webadmin-letsencrypt.tpl.php
index d95698e..9d7c881 100644
--- a/tpl/webadmin-letsencrypt.tpl.php
+++ b/tpl/webadmin-letsencrypt.tpl.php
@@ -2,8 +2,8 @@
 
 ' . $error_message . '';
+    if (!empty($errorMessage)) {
+        echo '' . $errorMessage . '';
 
         if (count($failed_domains) > 0) {
             echo '
';
@@ -12,8 +12,18 @@ if (isset($_POST['submit'])) {
             }
             echo '
';
         }
+    } elseif (!empty($warningMessage)) {
+        echo '' . $warningMessage . ''; ?>
+        

+            

+                
+                
+            

+        

+        Les domaines suivants seront intégrés au certificat : 
";
@@ -24,7 +34,7 @@ if (isset($_POST['submit'])) {
         }
         echo '
';
         ?>
-        

+        
             

         

         
Date: Wed, 10 Jul 2019 16:56:13 +0200
Subject: [PATCH 051/116] check if the domain IP correspond to the server IP

---
 lib/letsencrypt.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/letsencrypt.php b/lib/letsencrypt.php
index b355505..8040441 100644
--- a/lib/letsencrypt.php
+++ b/lib/letsencrypt.php
@@ -95,6 +95,7 @@ class LetsEncrypt
     public function checkDNSValidity($domains)
     {
         $valid_dns_domains = array();
+        $serverIP = exec("ip route get 1 | sed -n 's/^.*src \([0-9.]*\) .*$/\\1/p'");
 
         foreach ($domains as $domain) {
             //FQDN syntax
@@ -102,7 +103,7 @@ class LetsEncrypt
             $dns_record_ipv4 = dns_get_record($domain, DNS_A);
             $dns_record_ipv6 = dns_get_record($domain, DNS_AAAA);
 
-            if ($dns_record_ipv4 || $dns_record_ipv6) {
+            if ($dns_record_ipv4[0]['ip'] === $serverIP || $dns_record_ipv6[0]['ip'] === $serverIP) {
                 // remove the last dot added for the FQDN syntax
                 $domain = rtrim($domain, '.');
                 array_push($valid_dns_domains, $domain);

From 37e5ca6484ab6dd61746a6e049150e23c18be806 Mon Sep 17 00:00:00 2001
From: Nicolas Roman 
Date: Wed, 10 Jul 2019 16:56:50 +0200
Subject: [PATCH 052/116] generate-ssl-certificate and update-ssl-configuration
 methods for web-add.sh

---
 scripts/web-add.sh | 52 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 52 insertions(+)

diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index bd4571b..2c9c9e6 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -161,6 +161,20 @@ manage-http-challenge-file [CREATE | DELETE]
 
     Create or delete a dummy file for the Let's Encrypt HTTP challenge
     The default directory is /var/lib/letsencrypt/.well-known/
+
+generate-csr LOGIN DOMAINS
+
+    Generate the request for the Let's Encrypt certificate
+
+generate-ssl-certificate LOGIN [TRUE | FALSE]
+
+    Generate the Let's Encrypt certificate
+    Run in TEST mode if TRUE
+
+update-ssl-vhost-configuration LOGIN
+
+    Add the 443 port to the vhost configuration and reload the service
+    
 EOT
 }
 
@@ -856,6 +870,12 @@ arg_processing() {
         generate-csr)
             op_makecsr "$@"
             ;;
+        generate-ssl-certificate)
+            op_generatesslcertificate "$@"
+            ;;
+        update-ssl-vhost-configuration)
+            op_updatesslvhost "$@"
+            ;;
         *)
             usage
             ;;
@@ -881,6 +901,38 @@ op_makecsr() {
     fi
 }
 
+op_generatesslcertificate() {
+    if [ $# -gt 1 ]; then
+        vhost="$1"
+        test_mode="$2"
+
+        if [ "$test_mode" = "false" ]; then
+            evoacme "$vhost"
+        else
+            TEST=1 evoacme "$vhost"
+        fi
+    else usage
+    fi
+}
+
+op_updatesslvhost() {
+    if [ $# -eq 1 ]; then
+        vhostfile="/etc/apache2/sites-enabled/$1.conf"
+
+        sed -i "s/:80>/:80 *:443>/" "$vhostfile"
+
+        configtest_out=$(apache2ctl configtest)
+        configtest_rc=$?
+
+        if [ "$configtest_rc" = "0" ]; then
+            /etc/init.d/apache2 force-reload >/dev/null
+        else
+            echo $configtest_out >&2
+        fi
+    else usage
+    fi
+}
+
 op_managehttpchallengefile() {
     if [ $# -eq 1 ]; then
         folder="/var/lib/letsencrypt/.well-known/acme-challenge"

From 839efa6fe90bd43f19c78b90427c9650e427a3cc Mon Sep 17 00:00:00 2001
From: Nicolas Roman 
Date: Wed, 10 Jul 2019 16:57:34 +0200
Subject: [PATCH 053/116] generateSSLCertificate and setSSLPortVhost methods
 added

---
 inc/webadmin-letsencrypt.php | 53 ++++++++++++++++++++++++++++--------
 lib/letsencrypt.php          | 39 +++++++++++++++++++++++++-
 2 files changed, 79 insertions(+), 13 deletions(-)

diff --git a/inc/webadmin-letsencrypt.php b/inc/webadmin-letsencrypt.php
index ff85b37..598eb01 100644
--- a/inc/webadmin-letsencrypt.php
+++ b/inc/webadmin-letsencrypt.php
@@ -106,24 +106,53 @@ if (isset($_POST['submit'])) {
         }
 
         // check DNS
-        $valid_domains = $letsencrypt->checkDNSValidity($checked_domains);
-        $failed_domains = array_diff($checked_domains, $valid_domains);
+        $valid_domains = $letsencrypt->checkDNSValidity($_SESSION['letsencrypt-domains']);
+
+        $failed_domains = array_diff($_SESSION['letsencrypt-domains'], $valid_domains);
         if (!empty($failed_domains)) {
-            $errorMessage = "Erreur : La vérification DNS a échoué pour les domaines ci-dessous.
-                              Merci de vérifier les enregistrements de type A et AAAA.";
+            $errorMessage = "Erreur : La vérification DNS a échoué.

+                              Merci de vérifier les enregistrements de type A et AAAA pour les domaine(s) suivant(s) :";
+            break;
+        }
+
+        // make csr
+        $isCsrGenerated = $letsencrypt->makeCsr($params[1], $_SESSION['letsencrypt-domains']);
+
+        if (!$isCsrGenerated) {
+            $errorMessage = "Erreur : La génération de demande de certificat a échoué.

+                              Merci de contacter un administrateur pour continuer.";
+            break;
+        }
+
+        // evoacme TEST
+        $testGenerateCert = $letsencrypt->generateSSLCertificate($params[1]);
+
+        if (!$testGenerateCert) {
+            $errorMessage = "Erreur : La génération de certificat en mode TEST a échoué.

+                              Merci de contacter un administrateur pour continuer.";
+            break;
+        }
+
+        // evoacme
+        // $generateCert = $letsencrypt->generateSSLCertificate($params[1], false);
+        $generateCert = $letsencrypt->generateSSLCertificate($params[1]);
+
+        if (!$generateCert) {
+            $errorMessage = "Erreur : La génération de certificat a échoué.

+                              Merci de contacter un administrateur pour continuer.";
+            break;
+        }
+
+        $updatedVhostConfig = $letsencrypt->setSSLPortVhost($params[1]);
+
+        if (!$updatedVhostConfig) {
+            $errorMessage = "Erreur : La modification de la configuration de l'hôte virtuel a échoué.

+                              Merci de contacter un administrateur pour continuer.";
             break;
         }
 
         break;
     }
-
-    // make csr
-    $isCsrGenerated = $letsencrypt->makeCsr($params[1], $_SESSION['letsencrypt-domains']);
-
-    // evoacme TEST ou DRY RUN
-    // evoacme
-    // modifier configuration vhosts
-    // reload service web
 }
 
 include_once EVOADMIN_BASE . '../tpl/webadmin-letsencrypt.tpl.php';
diff --git a/lib/letsencrypt.php b/lib/letsencrypt.php
index 8040441..82e11b4 100644
--- a/lib/letsencrypt.php
+++ b/lib/letsencrypt.php
@@ -38,7 +38,44 @@ class LetsEncrypt
         $domains = implode(' ', $domains);
         $cmd = 'web-add.sh generate-csr ' . $vhost . ' ' . "$domains";
 
-        sudoexec($cmd ,$data_output, $exec_return);
+        sudoexec($cmd, $data_output, $exec_return);
+
+        if ($exec_return == 0) {
+            return true;
+        }
+
+        return false;
+    }
+
+    /**
+     * Generate a SSL certificate
+     * @param  string  $vhost
+     * @param  boolean $test  generate in TEST mode or not
+     * @return boolean
+     */
+    public function generateSSLCertificate($vhost, $test = true)
+    {
+        $cmd = 'web-add.sh generate-ssl-certificate ' . $vhost . ' ' . ($test ? "true" : "false");
+
+        sudoexec($cmd, $data_output, $exec_return);
+
+        if ($exec_return == 0) {
+            return true;
+        }
+
+        return false;
+    }
+
+    /**
+     * add the 443 port to the vhost configuration
+     * @param string $vhost
+     * @return boolean
+     */
+    public function setSSLPortVhost($vhost)
+    {
+        $cmd = 'web-add.sh update-ssl-vhost-configuration ' . $vhost;
+
+        sudoexec($cmd, $data_output, $exec_return);
 
         if ($exec_return == 0) {
             return true;

From 8fe671097d2ba6201df3b9295f7120fb1a0cc35f Mon Sep 17 00:00:00 2001
From: Nicolas Roman 
Date: Wed, 10 Jul 2019 16:59:36 +0200
Subject: [PATCH 054/116] tweak success message for cert installation

---
 lib/letsencrypt.php              | 2 +-
 tpl/webadmin-letsencrypt.tpl.php | 3 +--
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/lib/letsencrypt.php b/lib/letsencrypt.php
index 82e11b4..86cade5 100644
--- a/lib/letsencrypt.php
+++ b/lib/letsencrypt.php
@@ -174,7 +174,7 @@ class LetsEncrypt
     public function getCertificate($domain)
     {
         $stream = stream_context_create(array("ssl" => array("capture_peer_cert" => true)));
-        $read = fopen("https://" . $domain , "rb", false, $stream);
+        $read = fopen("https://" . $domain, "rb", false, $stream);
         $cont = stream_context_get_params($read);
 
         return $cont;
diff --git a/tpl/webadmin-letsencrypt.tpl.php b/tpl/webadmin-letsencrypt.tpl.php
index 9d7c881..641820e 100644
--- a/tpl/webadmin-letsencrypt.tpl.php
+++ b/tpl/webadmin-letsencrypt.tpl.php
@@ -21,9 +21,8 @@ if (isset($_POST['submit'])) {
             

         
         Les domaines suivants seront intégrés au certificat : 
";

From 27b449fd98b49d3bcac13b72d9f882bd5acdf664 Mon Sep 17 00:00:00 2001
From: Nicolas Roman 
Date: Thu, 11 Jul 2019 14:19:09 +0200
Subject: [PATCH 055/116] check that the non_standard domain is not already in
 the session variable

---
 inc/webadmin.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inc/webadmin.php b/inc/webadmin.php
index bc61a7b..6e91a93 100644
--- a/inc/webadmin.php
+++ b/inc/webadmin.php
@@ -79,7 +79,7 @@ if (!$conf['cluster']) {
         }
 
         // current vhost isn't standard and thus not manageable by evoadmin-web
-        if (!$data_split[9]) {
+        if (!$data_split[9] && (!in_array($data_split[0], $_SESSION['non_standard']))) {
           array_push($_SESSION['non_standard'], $data_split[0]);
         }
 

From 78d0293b440947593bbfa34f100885928768f411 Mon Sep 17 00:00:00 2001
From: Nicolas Roman 
Date: Thu, 11 Jul 2019 15:24:17 +0200
Subject: [PATCH 056/116] create the acme-challenge subfolder correctly for the
 HTTP challenge

---
 scripts/web-add.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index 2c9c9e6..43f4437 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -942,7 +942,7 @@ op_managehttpchallengefile() {
 
         if [ "$action" = "create" ]; then
             if [ ! -d "$folder" ]; then
-                mkdir "$folder"
+                mkdir -p "$folder"
             fi
             if [ ! -f "$folder/$file" ]; then
                 touch "$folder/$file"

From 4eaf3ad6d1d4c9133a72e90fd539318233f87744 Mon Sep 17 00:00:00 2001
From: Nicolas Roman 
Date: Thu, 11 Jul 2019 16:54:21 +0200
Subject: [PATCH 057/116] fix acme-challenge subfolder creation

---
 scripts/web-add.sh | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index 43f4437..d16c47e 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -935,17 +935,17 @@ op_updatesslvhost() {
 
 op_managehttpchallengefile() {
     if [ $# -eq 1 ]; then
-        folder="/var/lib/letsencrypt/.well-known/acme-challenge"
+        folder="/var/lib/letsencrypt/.well-known"
         file="testfile"
 
         action=${1};
 
         if [ "$action" = "create" ]; then
             if [ ! -d "$folder" ]; then
-                mkdir -p "$folder"
+                mkdir -p "$folder/acme-challenge"
             fi
-            if [ ! -f "$folder/$file" ]; then
-                touch "$folder/$file"
+            if [ ! -f "$folder/acme-challenge/$file" ]; then
+                touch "$folder/acme-challenge/$file"
             fi
             chmod -R 755 "$folder"
         elif [ "$action" = "delete" ]; then

From c218aebaaefad7dbcdb58f5f9b1a1e82e5ec229b Mon Sep 17 00:00:00 2001
From: Nicolas Roman 
Date: Mon, 15 Jul 2019 17:06:50 +0200
Subject: [PATCH 058/116] bugfixes for the evoacme part

---
 inc/webadmin-letsencrypt.php | 3 +--
 scripts/web-add.sh           | 4 ++--
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/inc/webadmin-letsencrypt.php b/inc/webadmin-letsencrypt.php
index 598eb01..9237b23 100644
--- a/inc/webadmin-letsencrypt.php
+++ b/inc/webadmin-letsencrypt.php
@@ -134,8 +134,7 @@ if (isset($_POST['submit'])) {
         }
 
         // evoacme
-        // $generateCert = $letsencrypt->generateSSLCertificate($params[1], false);
-        $generateCert = $letsencrypt->generateSSLCertificate($params[1]);
+        $generateCert = $letsencrypt->generateSSLCertificate($params[1], false);
 
         if (!$generateCert) {
             $errorMessage = "Erreur : La génération de certificat a échoué.

diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index d16c47e..9c81165 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -909,7 +909,7 @@ op_generatesslcertificate() {
         if [ "$test_mode" = "false" ]; then
             evoacme "$vhost"
         else
-            TEST=1 evoacme "$vhost"
+            DRY_RUN=1 evoacme "$vhost"
         fi
     else usage
     fi
@@ -917,7 +917,7 @@ op_generatesslcertificate() {
 
 op_updatesslvhost() {
     if [ $# -eq 1 ]; then
-        vhostfile="/etc/apache2/sites-enabled/$1.conf"
+        vhostfile="/etc/apache2/sites-available/$1.conf"
 
         sed -i "s/:80>/:80 *:443>/" "$vhostfile"
 

From 283f76540af1bddebb18a45b7bc8ba06c7ad2d9a Mon Sep 17 00:00:00 2001
From: Nicolas Roman 
Date: Mon, 15 Jul 2019 17:08:47 +0200
Subject: [PATCH 059/116] uses stream_socket_client instead of fopen

---
 lib/letsencrypt.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/letsencrypt.php b/lib/letsencrypt.php
index 86cade5..99de7f9 100644
--- a/lib/letsencrypt.php
+++ b/lib/letsencrypt.php
@@ -174,9 +174,9 @@ class LetsEncrypt
     public function getCertificate($domain)
     {
         $stream = stream_context_create(array("ssl" => array("capture_peer_cert" => true)));
-        $read = fopen("https://" . $domain, "rb", false, $stream);
+        $read = stream_socket_client("ssl://" . $domain . ":443", $errno, $errstr, 10, STREAM_CLIENT_CONNECT, $stream);
         $cont = stream_context_get_params($read);
-
+        
         return $cont;
     }
 

From 7d026c907b2191260f302e3b2d3a21e405b85eed Mon Sep 17 00:00:00 2001
From: Nicolas Roman 
Date: Mon, 15 Jul 2019 17:44:41 +0200
Subject: [PATCH 060/116] add optional SSL configuration by default in vhost

---
 scripts/vhost | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/scripts/vhost b/scripts/vhost
index 6ec1cc4..0b2b0d1 100644
--- a/scripts/vhost
+++ b/scripts/vhost
@@ -7,6 +7,9 @@
     # Repertoire principal
     DocumentRoot HOME_DIR/XXX/www/
 
+    # SSL
+    IncludeOptional /etc/apache2/ssl/XXX.conf
+    
     # Propriete du repertoire
     
         #Options +Indexes +SymLinksIfOwnerMatch

From c5c1648a58636b94f0b624af8810267b257b9aa9 Mon Sep 17 00:00:00 2001
From: Nicolas Roman 
Date: Wed, 17 Jul 2019 15:38:59 +0200
Subject: [PATCH 061/116] delete previous cert if it already exists before
 invoking evoacme

---
 scripts/web-add.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index 9c81165..9c174a4 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -907,6 +907,9 @@ op_generatesslcertificate() {
         test_mode="$2"
 
         if [ "$test_mode" = "false" ]; then
+            if [ -L /etc/letsencrypt/$vhost/live ]; then
+                rm /etc/letsencrypt/$vhost/live
+            fi
             evoacme "$vhost"
         else
             DRY_RUN=1 evoacme "$vhost"

From 4b5a020993519b54db6e7bdcb9fa22c5b53522cb Mon Sep 17 00:00:00 2001
From: Nicolas Roman 
Date: Wed, 17 Jul 2019 17:11:52 +0200
Subject: [PATCH 062/116] port 443 by default in vhost template

---
 scripts/vhost | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/vhost b/scripts/vhost
index 0b2b0d1..970807f 100644
--- a/scripts/vhost
+++ b/scripts/vhost
@@ -1,4 +1,4 @@
-
+
 
     # FQDN principal
     ServerName SERVERNAME

From f3fa182dc713fd3c3b5f43a1f8d70ce70543c15a Mon Sep 17 00:00:00 2001
From: Nicolas Roman 
Date: Wed, 17 Jul 2019 17:20:32 +0200
Subject: [PATCH 063/116] delete methods updating the vhost after cert
 installation is completed

---
 inc/webadmin-letsencrypt.php |  8 --------
 lib/letsencrypt.php          | 18 ------------------
 scripts/web-add.sh           | 25 -------------------------
 3 files changed, 51 deletions(-)

diff --git a/inc/webadmin-letsencrypt.php b/inc/webadmin-letsencrypt.php
index 9237b23..b33bf87 100644
--- a/inc/webadmin-letsencrypt.php
+++ b/inc/webadmin-letsencrypt.php
@@ -142,14 +142,6 @@ if (isset($_POST['submit'])) {
             break;
         }
 
-        $updatedVhostConfig = $letsencrypt->setSSLPortVhost($params[1]);
-
-        if (!$updatedVhostConfig) {
-            $errorMessage = "Erreur : La modification de la configuration de l'hôte virtuel a échoué.

-                              Merci de contacter un administrateur pour continuer.";
-            break;
-        }
-
         break;
     }
 }
diff --git a/lib/letsencrypt.php b/lib/letsencrypt.php
index 99de7f9..8c0d2d4 100644
--- a/lib/letsencrypt.php
+++ b/lib/letsencrypt.php
@@ -66,24 +66,6 @@ class LetsEncrypt
         return false;
     }
 
-    /**
-     * add the 443 port to the vhost configuration
-     * @param string $vhost
-     * @return boolean
-     */
-    public function setSSLPortVhost($vhost)
-    {
-        $cmd = 'web-add.sh update-ssl-vhost-configuration ' . $vhost;
-
-        sudoexec($cmd, $data_output, $exec_return);
-
-        if ($exec_return == 0) {
-            return true;
-        }
-
-        return false;
-    }
-
     /**
      * perform a cURL call on the remote resource
      * the cURL call follows redirections
diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index 9c174a4..933c214 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -171,10 +171,6 @@ generate-ssl-certificate LOGIN [TRUE | FALSE]
     Generate the Let's Encrypt certificate
     Run in TEST mode if TRUE
 
-update-ssl-vhost-configuration LOGIN
-
-    Add the 443 port to the vhost configuration and reload the service
-    
 EOT
 }
 
@@ -873,9 +869,6 @@ arg_processing() {
         generate-ssl-certificate)
             op_generatesslcertificate "$@"
             ;;
-        update-ssl-vhost-configuration)
-            op_updatesslvhost "$@"
-            ;;
         *)
             usage
             ;;
@@ -918,24 +911,6 @@ op_generatesslcertificate() {
     fi
 }
 
-op_updatesslvhost() {
-    if [ $# -eq 1 ]; then
-        vhostfile="/etc/apache2/sites-available/$1.conf"
-
-        sed -i "s/:80>/:80 *:443>/" "$vhostfile"
-
-        configtest_out=$(apache2ctl configtest)
-        configtest_rc=$?
-
-        if [ "$configtest_rc" = "0" ]; then
-            /etc/init.d/apache2 force-reload >/dev/null
-        else
-            echo $configtest_out >&2
-        fi
-    else usage
-    fi
-}
-
 op_managehttpchallengefile() {
     if [ $# -eq 1 ]; then
         folder="/var/lib/letsencrypt/.well-known"

From b339ca0fb9526b0ef4a96afb51b616adacce68f6 Mon Sep 17 00:00:00 2001
From: Nicolas Roman 
Date: Fri, 19 Jul 2019 14:38:24 +0200
Subject: [PATCH 064/116] display included and non included domain(s) before
 the cert renew

---
 inc/webadmin-letsencrypt.php | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/inc/webadmin-letsencrypt.php b/inc/webadmin-letsencrypt.php
index b33bf87..dce6864 100644
--- a/inc/webadmin-letsencrypt.php
+++ b/inc/webadmin-letsencrypt.php
@@ -90,8 +90,18 @@ if (isset($_POST['submit'])) {
                 break;
             }
 
-            $warningMessage = "Attention : le certificat existant couvre déjà certains domaines.
-                             Souhaitez-vous le renouveller ?";
+            $warningMessage = "Attention : le certificat existant couvre déjà le(s) domaine(s) :
";
+
+            foreach ($domainsIncluded as $domainIncluded) {
+                $warningMessage .= $domainIncluded . "
";
+            }
+
+            $warningMessage .= "
En confirmant le renouvellement, vous allez ajouter :
";
+
+            foreach ($domainsNotIncluded as $domainNotIncluded) {
+                $warningMessage .= $domainNotIncluded . "
";
+            }
+
 
             break;
         }

From 5cd4cff029ad02365be62a904074eadc6632a7d9 Mon Sep 17 00:00:00 2001
From: Nicolas Roman 
Date: Wed, 24 Jul 2019 16:25:16 +0200
Subject: [PATCH 065/116] remove matching letsencrypt folder when deleting an
 account

---
 scripts/web-add.sh | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index 933c214..876209a 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -765,6 +765,11 @@ op_del() {
         sed -i.bak "/-config=$login/d" /etc/cron.d/awstats
         nginx -t
     fi
+
+    if [ -d /etc/letsencrypt/"$login" ]; then
+        rm -r /etc/letsencrypt/"$login"
+    fi
+
     set +x
 
     if [ -n "$dbname" ]; then

From 3736f7ec328bd781d9ef9647a38bf219c20b03a2 Mon Sep 17 00:00:00 2001
From: Nicolas Roman 
Date: Thu, 25 Jul 2019 11:37:57 +0200
Subject: [PATCH 066/116] display expiration date of cert and included domains
 directly when clicking the letsencrypt link

---
 inc/webadmin-letsencrypt.php     | 158 ++++++++++++++++---------------
 tpl/webadmin-letsencrypt.tpl.php |  42 +++++---
 2 files changed, 109 insertions(+), 91 deletions(-)

diff --git a/inc/webadmin-letsencrypt.php b/inc/webadmin-letsencrypt.php
index dce6864..b17959b 100644
--- a/inc/webadmin-letsencrypt.php
+++ b/inc/webadmin-letsencrypt.php
@@ -28,84 +28,12 @@ if (!isset($_SESSION['lestencrypt-domains']) || empty($_SESSION['letsencrypt-dom
 include_once EVOADMIN_BASE . '../tpl/header.tpl.php';
 include_once EVOADMIN_BASE . '../tpl/menu.tpl.php';
 
+$letsencrypt = new letsencryt();
+$errorMessage = '';
+$warningMessage = '';
+
 if (isset($_POST['submit'])) {
-    $letsencrypt = new letsencryt();
-    $errorMessage = '';
-    $warningMessage = '';
-
     while (true) {
-        // check domains list
-        if (empty($_SESSION['letsencrypt-domains'])) {
-            $errorMessage = "Erreur : la liste des domaines est vide.";
-            break;
-        }
-
-        // check if evoacme is installed
-        $binaries_installed = $letsencrypt->isEvoacmeInstalled();
-        if (!$binaries_installed) {
-            $errorMessage = "Erreur : les binaires Evoacme ne sont pas installés.
-                              Veuillez contacter un administrateur.";
-            break;
-        }
-
-        // Check existing SSL certificate
-        $domainsIncluded = array();
-        foreach ($_SESSION['letsencrypt-domains'] as $domain) {
-            $existingSSLCertificate = $letsencrypt->getCertificate($domain);
-            // if no certificate is present (false returned) for this domain, go to the next domain
-            if (is_bool($existingSSLCertificate)) {
-                continue;
-            }
-            $parsedCertificate = $letsencrypt->parseCertificate($existingSSLCertificate);
-
-            // check if LE is the certificate issuer
-            $isIssuerValid = $letsencrypt->isCertIssuedByLetsEncrypt($parsedCertificate["issuer"]);
-            if (!$isIssuerValid) {
-                $errorMessage = "Erreur : le certificat existant n'est pas géré par Let's Encrypt.";
-                break 2; // break the foreach and the while
-            }
-
-            // check if the domain is already in the certificate
-            $isDomainIncluded = $letsencrypt->isDomainIncludedInCert($domain, $parsedCertificate["includedDomains"]);
-            if ($isDomainIncluded) {
-                array_push($domainsIncluded, $domain);
-                continue; // break only the current foreach iteration
-            }
-
-            // check wether the certificate is valid or expired
-            $isCertValid = $letsencrypt->isCertValid($parsedCertificate["validUntil"]);
-            if (!$îsCertValid && !isset($_POST['force_renew'])) {
-                $warningMessage = "Attention : le certificat existant n'est plus valide.
-                                 Souhaitez-vous le renouveller ?";
-                break 2;
-            }
-        }
-
-        // contains all the domains included in the existing certificate
-        if (!empty($domainsIncluded) && !isset($_POST['force_renew'])) {
-            $domainsNotIncluded = array_diff($_SESSION['letsencrypt-domains'], $domainsIncluded);
-
-            if (empty($domainsNotIncluded)) {
-                $errorMessage = "Erreur : le certificat existant couvre déjà tous les domaines.";
-                break;
-            }
-
-            $warningMessage = "Attention : le certificat existant couvre déjà le(s) domaine(s) :
";
-
-            foreach ($domainsIncluded as $domainIncluded) {
-                $warningMessage .= $domainIncluded . "
";
-            }
-
-            $warningMessage .= "
En confirmant le renouvellement, vous allez ajouter :
";
-
-            foreach ($domainsNotIncluded as $domainNotIncluded) {
-                $warningMessage .= $domainNotIncluded . "
";
-            }
-
-
-            break;
-        }
-
         // check HTTP
         $isRemoteResourceAvailable = $letsencrypt->checkRemoteResourceAvailability($_SESSION['letsencrypt-domains'][0]);
 
@@ -154,6 +82,84 @@ if (isset($_POST['submit'])) {
 
         break;
     }
+} else {
+    $validUntil = '';
+
+    while(true) {
+        // check domains list
+        if (empty($_SESSION['letsencrypt-domains'])) {
+            $errorMessage = "Erreur : la liste des domaines est vide.";
+            break;
+        }
+
+        // check if evoacme is installed
+        $binaries_installed = $letsencrypt->isEvoacmeInstalled();
+        if (!$binaries_installed) {
+            $errorMessage = "Erreur : les binaires Evoacme ne sont pas installés.
+                              Veuillez contacter un administrateur.";
+            break;
+        }
+
+        // Check existing SSL certificate
+        $domainsIncluded = array();
+        foreach ($_SESSION['letsencrypt-domains'] as $domain) {
+            $existingSSLCertificate = $letsencrypt->getCertificate($domain);
+            // if no certificate is present (false returned) for this domain, go to the next domain
+            if (is_bool($existingSSLCertificate)) {
+                continue;
+            }
+            $parsedCertificate = $letsencrypt->parseCertificate($existingSSLCertificate);
+
+            // check if LE is the certificate issuer
+            $isIssuerValid = $letsencrypt->isCertIssuedByLetsEncrypt($parsedCertificate["issuer"]);
+            if (!$isIssuerValid) {
+                $errorMessage = "Erreur : le certificat existant n'est pas géré par Let's Encrypt.";
+                break 2; // break the foreach and the while
+            }
+
+            // check wether the certificate is valid or expired
+
+            $isCertValid = $letsencrypt->isCertValid($parsedCertificate["validUntil"]);
+            if (!$isCertValid && !isset($_POST['force_renew'])) {
+                $warningMessage = "Attention : le certificat existant n'est plus valide.
+                                 Souhaitez-vous le renouveller ?";
+                break 2;
+            } else {
+                $validUntil = date("d/m/Y", $parsedCertificate["validUntil"]);
+            }
+
+            // check if the domain is already in the certificate
+            $isDomainIncluded = $letsencrypt->isDomainIncludedInCert($domain, $parsedCertificate["includedDomains"]);
+            if ($isDomainIncluded) {
+                array_push($domainsIncluded, $domain);
+                continue; // break only the current foreach iteration
+            }
+        }
+
+        // contains all the domains included in the existing certificate
+        if (!empty($domainsIncluded) && !isset($_POST['force_renew'])) {
+            $domainsNotIncluded = array_diff($_SESSION['letsencrypt-domains'], $domainsIncluded);
+
+            if (empty($domainsNotIncluded)) {
+                $errorMessage = "Le certificat existant couvre déjà tous les domaines jusqu'au " . $validUntil . ".";
+                break;
+            }
+
+            $warningMessage = "Attention : le certificat existant couvre déjà le(s) domaine(s) jusqu'au " . $validUntil . " :
";
+
+            foreach ($domainsIncluded as $domainIncluded) {
+                $warningMessage .= $domainIncluded . "
";
+            }
+
+            $warningMessage .= "
En confirmant le renouvellement, vous allez ajouter :
";
+
+            foreach ($domainsNotIncluded as $domainNotIncluded) {
+                $warningMessage .= $domainNotIncluded . "
";
+            }
+
+            break;
+        }
+    }
 }
 
 include_once EVOADMIN_BASE . '../tpl/webadmin-letsencrypt.tpl.php';
diff --git a/tpl/webadmin-letsencrypt.tpl.php b/tpl/webadmin-letsencrypt.tpl.php
index 641820e..266ae2d 100644
--- a/tpl/webadmin-letsencrypt.tpl.php
+++ b/tpl/webadmin-letsencrypt.tpl.php
@@ -2,6 +2,20 @@
 
 ' . $errorMessage . '';
+
+        if (count($failed_domains) > 0) {
+            echo '
';
+            foreach ($failed_domains as $failed_domain) {
+                echo $failed_domain . "
";
+            }
+            echo '
';
+        }
+    } else {
+        echo "Votre certificat SSL a bien été installé !";
+    }
+} else {
     if (!empty($errorMessage)) {
         echo '' . $errorMessage . '';
 
@@ -17,25 +31,23 @@ if (isset($_POST['submit'])) {
         

             

                 
-                
+                
             

         

         Les domaines suivants seront intégrés au certificat : 
";
-    if (count($_SESSION['letsencrypt-domains']) > 0) {
-        echo '
';
-        foreach ($_SESSION['letsencrypt-domains'] as $domain) {
-            echo $domain . '
';
+        echo "
Les domaines suivants seront intégrés au certificat : 
";
+        if (count($_SESSION['letsencrypt-domains']) > 0) {
+            echo '
';
+            foreach ($_SESSION['letsencrypt-domains'] as $domain) {
+                echo $domain . '
';
+            }
+            echo '
';
+            ?>
+            

+                

+            

+            ';
-        ?>
-        

-            

-        

-        
Date: Wed, 21 Aug 2019 12:05:37 +0200
Subject: [PATCH 067/116] Fix IncludeOptional that can throw syntax errors in
 some cases.

With Apache < 2.4.30, IncludeOptional will throw syntax errors if the
file designated without any pattern globbing is absent.
We circumvent that with a silly pattern.
---
 scripts/vhost      | 7 ++++---
 scripts/web-add.sh | 3 +++
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/scripts/vhost b/scripts/vhost
index 970807f..d5b8f4a 100644
--- a/scripts/vhost
+++ b/scripts/vhost
@@ -8,8 +8,10 @@
     DocumentRoot HOME_DIR/XXX/www/
 
     # SSL
-    IncludeOptional /etc/apache2/ssl/XXX.conf
-    
+    # Apache < 2.4.30 (Jessie, Stretch) va générer une erreur si le fichier
+    # désigné sans regex n'existe pas. On contourne ça avec [f] à place de f
+    IncludeOptional /etc/apache2/ssl/XXX.con[f]
+
     # Propriete du repertoire
     
         #Options +Indexes +SymLinksIfOwnerMatch
@@ -67,4 +69,3 @@
     #php_value default_charset ISO-8859-15
     php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f www-XXX"
     php_admin_value open_basedir "/usr/share/php:HOME_DIR/XXX:/tmp"
-
diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index 876209a..811314d 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -438,6 +438,9 @@ EOT
 
     random=$RANDOM
     if [ "$WEB_SERVER" == "apache" ]; then
+        # On s'assure que /etc/apache2/ssl pour le IncludeOptional de la conf
+        mkdir -p /etc/apache2/ssl
+
         vhostfile="/etc/apache2/sites-available/${in_login}.conf"
         sed -e "s/XXX/$in_login/g ; s/SERVERNAME/$in_wwwdomain/ ; s/RANDOM/$random/ ; s#HOME_DIR#$HOME_DIR#" < $TPL_VHOST > "$vhostfile"
 

From 9523fff65810bf8e6f987076fcc47d7f392d2aa1 Mon Sep 17 00:00:00 2001
From: Ludovic Poujol 
Date: Mon, 26 Aug 2019 11:20:44 +0200
Subject: [PATCH 068/116] Fix op_checkoccurencename() in web-add.sh

Ensure that we can add foo.net while having www.foo.net somewhere in out
config files
---
 scripts/web-add.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index 811314d..3d778d0 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -1075,7 +1075,7 @@ op_checkoccurencename() {
             fi
         done
 
-        echo "$servernames" "$aliases" | grep -w "$name"
+        echo "$servernames" "$aliases" | grep -wE "\s$name"
     else
         usage
     fi

From 6438732ea4712bc721457dd31d46beb69b0d2908 Mon Sep 17 00:00:00 2001
From: Ludovic Poujol 
Date: Fri, 6 Sep 2019 16:26:14 +0200
Subject: [PATCH 069/116] Add missing break....

---
 inc/webadmin-letsencrypt.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/inc/webadmin-letsencrypt.php b/inc/webadmin-letsencrypt.php
index b17959b..c3363fd 100644
--- a/inc/webadmin-letsencrypt.php
+++ b/inc/webadmin-letsencrypt.php
@@ -159,6 +159,8 @@ if (isset($_POST['submit'])) {
 
             break;
         }
+
+        break;
     }
 }
 

From 283d0bccad8a875d0c6120ae5cf0532d99c3180f Mon Sep 17 00:00:00 2001
From: Ludovic Poujol 
Date: Wed, 2 Oct 2019 17:40:01 +0200
Subject: [PATCH 070/116] Fix op_checkoccurencename() in web-add.sh (again)

I had it wrong in 9523fff65810bf8e6f987076fcc47d7f392d2aa1 :/
---
 scripts/web-add.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index 3d778d0..e2b449c 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -1075,7 +1075,7 @@ op_checkoccurencename() {
             fi
         done
 
-        echo "$servernames" "$aliases" | grep -wE "\s$name"
+        echo "$servernames" "$aliases" | grep -E "\b$name"
     else
         usage
     fi

From 234ac67634701d0a6be0ccaaefa7f2cefa8400be Mon Sep 17 00:00:00 2001
From: Ludovic Poujol 
Date: Mon, 14 Oct 2019 10:21:05 +0200
Subject: [PATCH 071/116] Fix op_checkoccurencename() in web-add.sh (again)

I had it wrong (again) in 283d0bccad8a875d0c6120ae5cf0532d99c3180f :-(

https://www.youtube.com/watch?v=TMy6X5cQul8
---
 scripts/web-add.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index e2b449c..ac637a6 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -1075,7 +1075,7 @@ op_checkoccurencename() {
             fi
         done
 
-        echo "$servernames" "$aliases" | grep -E "\b$name"
+        echo "$servernames" "$aliases" | grep -E "(^|\s)$name(\s|$)"
     else
         usage
     fi

From e2acb4e9d1730bb1e3c4b32fd4a1c3755a49e76b Mon Sep 17 00:00:00 2001
From: Ludovic Poujol 
Date: Wed, 10 Feb 2021 15:21:04 +0100
Subject: [PATCH 072/116] web-add.sh - Add .conf at the config name for
 a2ensite/a2dissite

Fixes #70
---
 scripts/web-add.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index ac637a6..cd8ca96 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -466,7 +466,7 @@ EOT
             sed -i -e "s/^\\(.*\\)#\\(ServerAlias\\).*$/\\1\\2 $subweb/" "$vhostfile"
         fi
 
-        a2ensite "$in_login" >/dev/null
+        a2ensite "${in_login}.conf" >/dev/null
 
         step_ok "Configuration d'Apache"
 
@@ -741,7 +741,7 @@ op_del() {
     fi
 
     if [ "$WEB_SERVER" == "apache" ]; then
-        a2dissite "$login"
+        a2dissite "${login}.conf"
         rm /etc/apache2/sites-available/"$login.conf"
         rm /etc/awstats/awstats."$login.conf"
         sed -i.bak "/-config=$login /d" /etc/cron.d/awstats
@@ -1351,7 +1351,7 @@ op_checkvhosts() {
     do
 		vhost_name=$(basename "$ln_path")
 		fix_conf="mv $ln_path $VHOST_PATH/$vhost_name"
-		fix_ln="a2ensite $vhost_name"
+		fix_ln="a2ensite ${vhost_name}.conf"
 
 		if [[ -z "$apply" ]]; then
 			echo "Suggested fixes for $vhost_name:"

From 2906ba47f1827e49922329bad7d2cd6144dc6074 Mon Sep 17 00:00:00 2001
From: Ludovic Poujol 
Date: Mon, 22 Feb 2021 16:12:21 +0100
Subject: [PATCH 073/116] Add (random) status path php

---
 scripts/web-add.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index cd8ca96..cbf7e0d 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -426,6 +426,8 @@ group = ${in_login}
 listen = ${phpfpm_socket_path}
 listen.owner = ${in_login}
 listen.group = ${in_login}
+
+pm.status_path = /evolinux_fpm_status-$(apg -Mncl -n1 -m32)
 pm = ondemand
 pm.max_children = 10
 pm.process_idle_timeout = 10s

From 4f8b0b19fe896c6614f9f3bbbbfad494075543b0 Mon Sep 17 00:00:00 2001
From: Ludovic Poujol 
Date: Mon, 22 Feb 2021 16:22:31 +0100
Subject: [PATCH 074/116] generate longer password by default

---
 scripts/web-add.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index cbf7e0d..e86371b 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -187,7 +187,7 @@ EOT
 }
 
 gen_random_passwd() {
-    apg -c /dev/urandom -n1 -E oOlL10\&\\\/\"\'
+    apg -c /dev/urandom -MNCL -n1 -m18  -E oOlL10
 }
 
 validate_login() {

From 7499f0222e93d5f0acfa7f0be6369cbd67a8ebe6 Mon Sep 17 00:00:00 2001
From: Ludovic Poujol 
Date: Tue, 23 Feb 2021 11:07:29 +0100
Subject: [PATCH 075/116] Reorder lines in template fpm config for better
 readability

---
 scripts/web-add.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index e86371b..5f51ec2 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -427,10 +427,11 @@ listen = ${phpfpm_socket_path}
 listen.owner = ${in_login}
 listen.group = ${in_login}
 
-pm.status_path = /evolinux_fpm_status-$(apg -Mncl -n1 -m32)
 pm = ondemand
+pm.status_path = /evolinux_fpm_status-$(apg -Mncl -n1 -m32)
 pm.max_children = 10
 pm.process_idle_timeout = 10s
+
 php_admin_value[error_log] = /home/${in_login}/log/php.log
 EOT
         step_ok "Création du pool FPM ${php_version}"

From 372b00101d7c98056c290ad229ef866dbf679ec8 Mon Sep 17 00:00:00 2001
From: Tristan PILAT 
Date: Thu, 15 Apr 2021 11:11:55 +0200
Subject: [PATCH 076/116] web-add.sh script now handles php 7.4 containers

---
 scripts/web-add.sh | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index 5f51ec2..6150828 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -414,6 +414,8 @@ create_www_account() {
             pool_path="/etc/php/7.0/fpm/pool.d/"
         elif [ "$php_version" = "73" ]; then
             pool_path="/etc/php/7.3/fpm/pool.d/"
+        elif [ "$php_version" = "74" ]; then
+            pool_path="/etc/php/7.4/fpm/pool.d/"
         else
             pool_path="/etc/php5/fpm/pool.d/"
         fi
@@ -581,6 +583,9 @@ EOT
             elif [ "$php_version" = "73" ]; then
                 initscript_path="/etc/init.d/php7.3-fpm"
                 binary="php-fpm7.3"
+            elif [ "$php_version" = "74" ]; then
+                initscript_path="/etc/init.d/php7.4-fpm"
+                binary="php-fpm7.4"
             else
                 initscript_path="/etc/init.d/php5-fpm"
                 binary="php5-fpm"
@@ -756,6 +761,9 @@ op_del() {
             elif [ "$php_version" = "73" ]; then
                 phpfpm_dir="/etc/php/7.3/fpm/pool.d/"
                 initscript_path="/etc/init.d/php7.3-fpm"
+            elif [ "$php_version" = "74" ]; then
+                phpfpm_dir="/etc/php/7.4/fpm/pool.d/"
+                initscript_path="/etc/init.d/php7.4-fpm"
             else
                 phpfpm_dir="/etc/php5/fpm/pool.d/"
                 initscript_path="/etc/init.d/php5-fpm"

From ae304980302dfb1c3b55b367343f17a6eb4b15d6 Mon Sep 17 00:00:00 2001
From: Ludovic Poujol 
Date: Wed, 28 Apr 2021 16:21:29 +0200
Subject: [PATCH 077/116] set a uid for the user at login for ftp filtering

---
 inc/auth.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/inc/auth.php b/inc/auth.php
index 4f709d9..4e55b2d 100644
--- a/inc/auth.php
+++ b/inc/auth.php
@@ -20,6 +20,7 @@ if ((empty($_GET['form']) || $_GET['form']!=1) && !empty($_POST)) {
   if (hash("sha256",$password) == $conf['logins'][$username]) {
     $_SESSION['auth']=1;
     $_SESSION['user']=$username;
+    $_SESSION['user_id'] = posix_getpwnam($username) ? posix_getpwnam($username)['uid'] : 65534;
     $_SESSION['error']='';
   } else {
     $_SESSION['auth']=0;

From e3dc97d6d4b2e262cd046d83790268799842645f Mon Sep 17 00:00:00 2001
From: Brice Waegeneire 
Date: Wed, 22 Sep 2021 10:31:49 +0200
Subject: [PATCH 078/116] delete users even though it has some processes
 running

---
 scripts/web-add-nginx.sh | 2 +-
 scripts/web-add.sh       | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/scripts/web-add-nginx.sh b/scripts/web-add-nginx.sh
index 21e1972..a89f3e3 100755
--- a/scripts/web-add-nginx.sh
+++ b/scripts/web-add-nginx.sh
@@ -388,7 +388,7 @@ op_del() {
 
         set -x
         deluser www-data $login
-        userdel $login
+        userdel -f $login
         groupdel $login
         sed -i.bak "/^$login:/d" /etc/aliases
 
diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index 6150828..a4461b4 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -725,9 +725,9 @@ op_del() {
 
     set -x
     if [ "$WEB_SERVER" == "apache" ]; then
-        userdel www-"$login"
+        userdel -f www-"$login"
     fi
-    userdel "$login"
+    userdel -f "$login"
     for php_version in "${PHP_VERSIONS[@]}"; do
         lxc-attach -n php"${php_version}" -- userdel -f www-"$login"
         lxc-attach -n php"${php_version}" -- userdel -f "$login"

From 360929ee96b68022ee44529e64522b2b5eb79c89 Mon Sep 17 00:00:00 2001
From: Brice Waegeneire 
Date: Tue, 5 Oct 2021 10:06:14 +0200
Subject: [PATCH 079/116] web-add.sh script now handles php 8.0 containers

---
 scripts/web-add.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index a4461b4..7370546 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -764,6 +764,9 @@ op_del() {
             elif [ "$php_version" = "74" ]; then
                 phpfpm_dir="/etc/php/7.4/fpm/pool.d/"
                 initscript_path="/etc/init.d/php7.4-fpm"
+            elif [ "$php_version" = "80" ]; then
+                phpfpm_dir="/etc/php/8.0/fpm/pool.d/"
+                initscript_path="/etc/init.d/php8.0-fpm"
             else
                 phpfpm_dir="/etc/php5/fpm/pool.d/"
                 initscript_path="/etc/init.d/php5-fpm"

From 0709747a1ebd61c6d101167831774571b25cdd68 Mon Sep 17 00:00:00 2001
From: Brice Waegeneire 
Date: Tue, 5 Oct 2021 10:13:12 +0200
Subject: [PATCH 080/116] web-add.sh script now handles php 8.0 containers

---
 scripts/web-add.sh | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index 7370546..e71da64 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -416,6 +416,8 @@ create_www_account() {
             pool_path="/etc/php/7.3/fpm/pool.d/"
         elif [ "$php_version" = "74" ]; then
             pool_path="/etc/php/7.4/fpm/pool.d/"
+        elif [ "$php_version" = "80" ]; then
+            pool_path="/etc/php/8.0/fpm/pool.d/"
         else
             pool_path="/etc/php5/fpm/pool.d/"
         fi
@@ -586,6 +588,9 @@ EOT
             elif [ "$php_version" = "74" ]; then
                 initscript_path="/etc/init.d/php7.4-fpm"
                 binary="php-fpm7.4"
+            elif [ "$php_version" = "80" ]; then
+                initscript_path="/etc/init.d/php8.0-fpm"
+                binary="php-fpm8.0"
             else
                 initscript_path="/etc/init.d/php5-fpm"
                 binary="php5-fpm"

From 5cd6a6f0463b153c2e190bceca3ab5de61df9b62 Mon Sep 17 00:00:00 2001
From: "William Hirigoyen (Evolix)" 
Date: Thu, 2 Dec 2021 10:16:12 +0100
Subject: [PATCH 081/116] Test if user www-login exists before deleting (else,
 the deletion fails)

---
 scripts/web-add.sh | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index e71da64..5647f71 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -730,11 +730,15 @@ op_del() {
 
     set -x
     if [ "$WEB_SERVER" == "apache" ]; then
-        userdel -f www-"$login"
+        if id www-"$login" &> /dev/null; then
+            userdel -f www-"$login"
+        fi
     fi
     userdel -f "$login"
     for php_version in "${PHP_VERSIONS[@]}"; do
-        lxc-attach -n php"${php_version}" -- userdel -f www-"$login"
+        if lxc-attach -n php"${php_version}" -- id www-"$login" &> /dev/null; then
+            lxc-attach -n php"${php_version}" -- userdel -f www-"$login"
+        fi
         lxc-attach -n php"${php_version}" -- userdel -f "$login"
     done
     sed -i.bak "/^$login:/d" /etc/aliases

From d6c39be117defbe549bc4a3fd28eeb92531e27be Mon Sep 17 00:00:00 2001
From: "William Hirigoyen (Evolix)" 
Date: Thu, 23 Dec 2021 15:51:55 +0100
Subject: [PATCH 082/116] =?UTF-8?q?#62716=20:=20Corrections=20et=20am?=
 =?UTF-8?q?=C3=A9liorations=20ftpadmin.sh?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 scripts/ftpadmin.sh | 42 ++++++++++++++++++++++--------------------
 1 file changed, 22 insertions(+), 20 deletions(-)

diff --git a/scripts/ftpadmin.sh b/scripts/ftpadmin.sh
index 064a00f..bc71876 100755
--- a/scripts/ftpadmin.sh
+++ b/scripts/ftpadmin.sh
@@ -59,30 +59,32 @@ log_msg() {
 
 get_user_login_by_UID() {
     uid=$1
-    grep "$uid" /etc/passwd | awk -F : "{if (\$3==$uid) print \$1}"
+    grep "$uid" /etc/passwd | awk -F : '{if ($3==$uid) print $1}'
 }
 
 list_accounts_by_UID() {
-  uid=$1
+    uid=$1
+  
+    # Remove # and empty lines
+    ftp_users=$(grep -v -E '^[[:blank:]]*(#.*)*$' "$VPASSWD_PATH")
 
-  while IFS=$'\n' read -r line;
-  do
-     line_uid="$(echo "$line" | cut -d":" -f3)"
-
-     if [[ ! "$uid" ]] ||  [[ "$line_uid" == "$uid" ]]; then
-       username="$(get_user_login_by_UID "$line_uid")"
-       account="$(echo "$line" | cut -d":" -f1)"
-       path="$(echo "$line" | cut -d":" -f6)"
-       size="$(du -s "$path" | cut -f 1)"
-       #modif="$(cat $path/.lastmodified)"
-       # Passage en minuscule ?
-       #account="$(echo $account | tr '[A-Z]' '[a-z]')"
-       #path="$(echo $path | tr '[A-Z]' '[a-z]')"
-
-       echo "$username:$account:$path:$size${modif:+:$modif}"
-       
-     fi
-  done < "$VPASSWD_PATH"
+    for line in $ftp_users; do
+        line_uid="$(echo "$line" | cut -d":" -f3)"
+    
+        if [[ ! "$uid" ]] || [[ "$line_uid" == "$uid" ]]; then
+            username=$(get_user_login_by_UID "$line_uid")
+            account=$(echo "$line" | cut -d":" -f1)
+            path=$(echo "$line" | cut -d":" -f6)
+            size="inconnue"
+            # Check output of daily "du" cron job
+            # (set by ansible-roles/packweb-apache/tasks/main.yml)
+            if [ -r "$path/.size" ]; then
+                size=$(cat "$path/.size")
+            fi
+            #modif="$(cat $path/.lastmodified)"
+            echo "$username:$account:$path:$size${modif:+:$modif}"
+        fi
+    done
 }
 
 add_account() {

From ef5bbbeba75f46903e2e69402983c556d2f9bffb Mon Sep 17 00:00:00 2001
From: Ludovic Poujol 
Date: Thu, 17 Feb 2022 10:40:00 +0100
Subject: [PATCH 083/116] Fix behaviour when there is only one php version

closes #74
---
 inc/accounts.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/inc/accounts.php b/inc/accounts.php
index d84da98..95980ab 100644
--- a/inc/accounts.php
+++ b/inc/accounts.php
@@ -53,7 +53,7 @@ function web_add($form, $admin_mail) {
         }
     }
 
-    if (array_key_exists('php_versions', $conf) && count($conf['php_versions']) > 1) {
+    if (array_key_exists('php_versions', $conf) && is_array($conf['php_versions'])) {
         $exec_cmd .= sprintf(' -r %s', $conf['php_versions'][$form->getField('php_version')->getValue()]);
     }
 
@@ -347,7 +347,7 @@ if ($conf['bindadmin']) {
     $form->addField('use_gmail_mxs', new CheckboxInputFormField("Utilisation des serveurs Gmail en MX ?", FALSE));
 }
 
-if (array_key_exists('php_versions', $conf) && count($conf['php_versions']) > 1) {
+if (array_key_exists('php_versions', $conf) && is_array($conf['php_versions'])) {
     $form->addField('php_version', new SelectFormField("Version de PHP", TRUE, $conf['php_versions']));
 }
 

From f2f115608aff56e03236114f79e3d7de2a8eda21 Mon Sep 17 00:00:00 2001
From: Ludovic Poujol 
Date: Thu, 17 Feb 2022 11:12:55 +0100
Subject: [PATCH 084/116] Dump & remove user crontab on account deletion

closes #37
---
 scripts/web-add.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index 5647f71..2023000 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -729,6 +729,10 @@ op_del() {
     fi
 
     set -x
+    # Crontab dump needs to be done **before** user deletion
+    crontab -l -u "$login" &> /home/$login/crontab-$(date '+%Y%m%d-%H%M%S').bak
+    crontab -r -u "$login"
+
     if [ "$WEB_SERVER" == "apache" ]; then
         if id www-"$login" &> /dev/null; then
             userdel -f www-"$login"

From d63046b22700ebf6b6383852175592e9a8ec3959 Mon Sep 17 00:00:00 2001
From: Brice Waegeneire 
Date: Tue, 22 Feb 2022 15:16:22 +0100
Subject: [PATCH 085/116] Add support for php8.1

---
 scripts/web-add.sh | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index 2023000..9eb47ea 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -418,6 +418,8 @@ create_www_account() {
             pool_path="/etc/php/7.4/fpm/pool.d/"
         elif [ "$php_version" = "80" ]; then
             pool_path="/etc/php/8.0/fpm/pool.d/"
+        elif [ "$php_version" = "81" ]; then
+            pool_path="/etc/php/8.1/fpm/pool.d/"
         else
             pool_path="/etc/php5/fpm/pool.d/"
         fi
@@ -591,6 +593,9 @@ EOT
             elif [ "$php_version" = "80" ]; then
                 initscript_path="/etc/init.d/php8.0-fpm"
                 binary="php-fpm8.0"
+            elif [ "$php_version" = "81" ]; then
+                initscript_path="/etc/init.d/php8.1-fpm"
+                binary="php-fpm8.1"
             else
                 initscript_path="/etc/init.d/php5-fpm"
                 binary="php5-fpm"
@@ -780,6 +785,9 @@ op_del() {
             elif [ "$php_version" = "80" ]; then
                 phpfpm_dir="/etc/php/8.0/fpm/pool.d/"
                 initscript_path="/etc/init.d/php8.0-fpm"
+            elif [ "$php_version" = "81" ]; then
+                phpfpm_dir="/etc/php/8.1/fpm/pool.d/"
+                initscript_path="/etc/init.d/php8.1-fpm"
             else
                 phpfpm_dir="/etc/php5/fpm/pool.d/"
                 initscript_path="/etc/init.d/php5-fpm"

From 93629b51fb07694469f468981e3545b9a898b03e Mon Sep 17 00:00:00 2001
From: "William Hirigoyen (Evolix)" 
Date: Wed, 11 May 2022 14:39:00 +0200
Subject: [PATCH 086/116] Fix bug introduced in f2f115608a (op del fails when
 user has no crontab)

---
 scripts/web-add.sh | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index 9eb47ea..1e1ea00 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -735,8 +735,10 @@ op_del() {
 
     set -x
     # Crontab dump needs to be done **before** user deletion
-    crontab -l -u "$login" &> /home/$login/crontab-$(date '+%Y%m%d-%H%M%S').bak
-    crontab -r -u "$login"
+    if crontab -l -u "$login"; then
+        crontab -l -u "$login" &> /home/$login/crontab-$(date '+%Y%m%d-%H%M%S').bak
+        crontab -r -u "$login"
+    fi
 
     if [ "$WEB_SERVER" == "apache" ]; then
         if id www-"$login" &> /dev/null; then

From 96ffc58cc4f083b9355384b1a0c0ec4938c264e5 Mon Sep 17 00:00:00 2001
From: Ludovic Poujol 
Date: Fri, 1 Jul 2022 16:13:49 +0200
Subject: [PATCH 087/116] Clear some warnings about undefined vars

---
 evolibs/Form.php | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/evolibs/Form.php b/evolibs/Form.php
index 772c572..74aea53 100644
--- a/evolibs/Form.php
+++ b/evolibs/Form.php
@@ -461,13 +461,13 @@ class AlphaNumericalTextInputFormField extends FormField {
 
 class DomainInputFormField extends FormField {
     protected $mandatory = NULL;
-    protected $textsize = NULL;
+    //protected $textsize = NULL;
 
     public function __construct($label, $mandatory=TRUE, $hidden=FALSE) {
         parent::__construct($label);
         $this->mandatory = $mandatory;
         $this->hidden = $hidden;
-        $this->textsize = $textsize;
+        //$this->textsize = $textsize;
     }
 
     public function verify($set_error) {
@@ -491,7 +491,7 @@ class DomainInputFormField extends FormField {
         else
           $input .= 'name.'" value="'.htmlspecialchars($this->value,ENT_QUOTES).'"';
-        $input .= ' maxlength="'.$this->textsize[1].'" size="'.$this->textsize[0].'" ';
+        //$input .= ' maxlength="'.$this->textsize[1].'" size="'.$this->textsize[0].'" ';
         if($this->read_only) { $input .= 'readonly="readonly="'; }
         if($this->disabled) { $input .= 'disabled="disabled="'; }
         $input .= '/>';
@@ -516,12 +516,12 @@ class DomainInputFormField extends FormField {
 
 class DomainListInputFormField extends FormField {
     protected $mandatory = NULL;
-    protected $textsize = NULL;
+    //protected $textsize = NULL;
 
     public function __construct($label, $mandatory=TRUE) {
         parent::__construct($label);
         $this->mandatory = $mandatory;
-        $this->textsize = $textsize;
+        //$this->textsize = $textsize;
     }
 
     public function verify($set_error) {
@@ -547,7 +547,7 @@ class DomainListInputFormField extends FormField {
         $input = '';
         $input .= 'name.'" value="'.htmlspecialchars($this->value,ENT_QUOTES).'"';
-        $input .= ' maxlength="'.$this->textsize[1].'" size="'.$this->textsize[0].'" ';
+        //$input .= ' maxlength="'.$this->textsize[1].'" size="'.$this->textsize[0].'" ';
         if($this->read_only) { $input .= 'readonly="readonly="'; }
         if($this->disabled) { $input .= 'disabled="disabled="'; }
         $input .= '/>';

From 143af653572e3aefa52ff248d02b657209a07849 Mon Sep 17 00:00:00 2001
From: Ludovic Poujol 
Date: Mon, 4 Jul 2022 14:34:41 +0200
Subject: [PATCH 088/116] Hotfix for web interface to behave correctly

---
 conf/config.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/conf/config.php b/conf/config.php
index 146f86d..19e17c5 100644
--- a/conf/config.php
+++ b/conf/config.php
@@ -28,7 +28,7 @@ $oriconf['known_host'] = '/home/evoadmin/www/known_host';
 $oriconf['ftpadmin'] = FALSE;
 $oriconf['bindadmin'] = FALSE;
 // Penser à rajouter également les versions de PHP disponibles dans /etc/evolinux/web-add.conf
-$oriconf['php_versions'] = array();
+// $oriconf['php_versions'] = array();
 $oriconf['quota'] = FALSE;
 $oriconf['dbadmin'] = FALSE;
 

From d746aa445ee8ccedb40b610b5b70a8b7947c6d40 Mon Sep 17 00:00:00 2001
From: Ludovic Poujol 
Date: Tue, 5 Jul 2022 11:25:37 +0200
Subject: [PATCH 089/116] Change in the login mechanism

Now use passwords hashed & salted. Validate with PHP's password_verify() function

Password hashes can be generated with :
* mkpasswd --method=sha-512
* PHP's password_hash()
---
 conf/config.php  | 27 ++++++++++-----------
 inc/auth.php     | 62 +++++++++++++++++++++++------------------------
 tpl/auth.tpl.php | 63 +++++++++++++++++++++++++-----------------------
 3 files changed, 77 insertions(+), 75 deletions(-)

diff --git a/conf/config.php b/conf/config.php
index 19e17c5..7366627 100644
--- a/conf/config.php
+++ b/conf/config.php
@@ -8,36 +8,35 @@
  * $Id: config.php 273 2009-05-12 13:54:50Z tmartin $
  * vim: expandtab softtabstop=4 tabstop=4 shiftwidth=4 showtabline=2
  *
- * @author Gregory Colpart 
- * @author Thomas Martin 
- * @author Sebastien Palma 
+ * @author  Gregory Colpart 
+ * @author  Thomas Martin 
+ * @author  Sebastien Palma 
  * @version 1.0
  */
 
 
-// Email pour les notifications
 $oriconf['admin']['mail'] = 'admin@example.com';
 $oriconf['techmail'] = 'jdoe@example.com';
-$oriconf['debug'] = FALSE;
+$oriconf['debug'] = false;
 $oriconf['superadmin'] = array('superadmin');
 $oriconf['script_path'] = '/usr/share/scripts/evoadmin';
-$oriconf['cluster'] = FALSE;
+$oriconf['cluster'] = false;
 $oriconf['servers'] = array('servers');
 $oriconf['cache'] = '/home/evoadmin/www/cache.sqlite';
 $oriconf['known_host'] = '/home/evoadmin/www/known_host';
-$oriconf['ftpadmin'] = FALSE;
-$oriconf['bindadmin'] = FALSE;
-// Penser à rajouter également les versions de PHP disponibles dans /etc/evolinux/web-add.conf
+$oriconf['ftpadmin'] = false;
+$oriconf['bindadmin'] = false;
+// Warning: Don't forget to add available PHP versions into : /etc/evolinux/web-add.conf
 // $oriconf['php_versions'] = array();
-$oriconf['quota'] = FALSE;
-$oriconf['dbadmin'] = FALSE;
+$oriconf['quota'] = false;
+$oriconf['dbadmin'] = false;
 
 $oriconf['noreplication'] = array('srv00.example.com', 'srv01.example.com', 'srv02.example.com');
 $oriconf['postponedreplication'] = array('srv00.example.com', 'srv01.example.com', 'srv02.example.com');
 $oriconf['immediatereplication'] = array('srv00.example.com', 'srv01.example.com');
 $oriconf['postponedreplication_mode'] = array('1 fois/jour', '3 fois/jour', '1 fois/jour');
 
-// auth (sha256 hashs)
+// Generate password hashes : mkpasswd --method=sha-512 (cli) or with PHP's password_hash()
 $oriconf['logins'] = array();
-//$oriconf['logins']['foo'] = 'd5d3c723fb82cb0078f399888af78204234535ec2ef3da56710fdd51f90d2477';
-//$oriconf['logins']['bar'] = '7938c84d6e43d1659612a7ea7c1101ed02e52751bb64597a8c20ebaba8ba4303';
+//$oriconf['logins']['foo'] = '$6$X0jqa/ausLSBkj4m$dLMMcPGVxak.aDPo4V/GJLm2d8vU8/QA5LbGTuqXCdxSNYU0kRKBgDl16GAyp0GqXXZ5wwDEJKQ1npgFwiuV81';
+//$oriconf['logins']['bar'] = '$6$Q6233S6mlWAF6p.j$LtzwG02YucozwqjAgSpeldh24Mnz7lBuVSbOQYbKKh9FiUx3tMVl6kJZkmrNdPqeadFXKAYXrqn.gy8KposF5.';
diff --git a/inc/auth.php b/inc/auth.php
index 4e55b2d..51ee5a4 100644
--- a/inc/auth.php
+++ b/inc/auth.php
@@ -1,44 +1,44 @@
 
- * @author Thomas Martin 
- * @author Sebastien Palma 
+ * @author  Evolix 
+ * @author  Gregory Colpart 
+ * @author  Thomas Martin 
+ * @author  Sebastien Palma 
+ * @author  and others.
  * @version 1.0
  */
 
-if ((empty($_GET['form']) || $_GET['form']!=1) && !empty($_POST)) {
-  $username=$_POST['login'];
-  $password=$_POST['passw'];
+if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST)) {
+    $input_username = $_POST['login'];
+    $input_password = $_POST['passw'];
 
-  if (hash("sha256",$password) == $conf['logins'][$username]) {
-    $_SESSION['auth']=1;
-    $_SESSION['user']=$username;
-    $_SESSION['user_id'] = posix_getpwnam($username) ? posix_getpwnam($username)['uid'] : 65534;
-    $_SESSION['error']='';
-  } else {
-    $_SESSION['auth']=0;
-    $_SESSION['user']='';
-    $_SESSION['error']=1;
-  }
-  http_redirect('/'); 
+    if (isset($conf['logins'][$input_username]) && password_verify($input_password, $conf['logins'][$input_username]) ) {
+        $_SESSION['auth'] = true;
+        $_SESSION['user'] = $input_username;
+        $_SESSION['user_id'] = posix_getpwnam($input_username) ? posix_getpwnam($input_username)['uid'] : 65534;
+        unset($_SESSION['error']);
+
+    } else {
+        $_SESSION['auth'] = false;
+        $_SESSION['user'] = '';
+        $_SESSION['error'] = true;
+    }
+
+    http_redirect('/'); 
 
 } else {
 
-if(!empty($_SESSION['error'])) {
-  $error=$_SESSION['error'];
-}
-  
-  include_once EVOADMIN_BASE . '../tpl/header.tpl.php';
-  include_once EVOADMIN_BASE . '../tpl/auth.tpl.php';
-  include_once EVOADMIN_BASE . '../tpl/footer.tpl.php';
+    if (!empty($_SESSION['error'])) {
+        $error = $_SESSION['error'];
+        unset($_SESSION['error']);
+    }
+    
+    include_once EVOADMIN_BASE . '../tpl/header.tpl.php';
+    include_once EVOADMIN_BASE . '../tpl/auth.tpl.php';
+    include_once EVOADMIN_BASE . '../tpl/footer.tpl.php';
 
 } 
-
-?>
diff --git a/tpl/auth.tpl.php b/tpl/auth.tpl.php
index dceb185..76c27c1 100644
--- a/tpl/auth.tpl.php
+++ b/tpl/auth.tpl.php
@@ -1,43 +1,46 @@
 
- * @author Thomas Martin 
- * @author Sebastien Palma 
+ * @author  Evolix 
+ * @author  Gregory Colpart 
+ * @author  Thomas Martin 
+ * @author  Sebastien Palma 
+ * @author  and others.
  * @version 1.0
  */
 
 ?>
 
-


+
Evoadmin : Connexion

+
 

 
-  
-    
-    
-  
-  
-    
-    
-  
-  
-    
-    
-  
-  
-  
-    
-  
-  
+    
+        
+        
+    
+    
+        
+        
+    
+    
+        
+        
+    
+    
+    
+        
+    
+        
Utilisateur :  
Mot de passe :  
 
Identifiants invalides. Veuillez ré-essayer
Utilisateur :  
Mot de passe :  
 

+            Identifiants invalides. 
+            Veuillez ré-essayer
+        

 

 


From 66ceacd918dbaddb2936f2cfadce96eaa9c5e062 Mon Sep 17 00:00:00 2001
From: Ludovic Poujol 
Date: Thu, 7 Jul 2022 11:22:47 +0200
Subject: [PATCH 090/116] Make the change on the login mechanism compatible
 with old configurations

---
 inc/auth.php | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/inc/auth.php b/inc/auth.php
index 51ee5a4..791bca1 100644
--- a/inc/auth.php
+++ b/inc/auth.php
@@ -16,7 +16,14 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST)) {
     $input_username = $_POST['login'];
     $input_password = $_POST['passw'];
 
-    if (isset($conf['logins'][$input_username]) && password_verify($input_password, $conf['logins'][$input_username]) ) {
+    if (isset($conf['logins'][$input_username]) && strlen($conf['logins'][$input_username]) != 64 && password_verify($input_password, $conf['logins'][$input_username]) ) {
+        $_SESSION['auth'] = true;
+        $_SESSION['user'] = $input_username;
+        $_SESSION['user_id'] = posix_getpwnam($input_username) ? posix_getpwnam($input_username)['uid'] : 65534;
+        unset($_SESSION['error']);
+
+    } elseif (isset($conf['logins'][$input_username]) && strlen($conf['logins'][$input_username]) == 64 && hash("sha256",$input_password) === $conf['logins'][$input_username]) {
+        // Compatibility mode for previous installs (sha256)
         $_SESSION['auth'] = true;
         $_SESSION['user'] = $input_username;
         $_SESSION['user_id'] = posix_getpwnam($input_username) ? posix_getpwnam($input_username)['uid'] : 65534;

From fb78d2a9ed52f3ccb7580872567379f141b10f84 Mon Sep 17 00:00:00 2001
From: David Prevot 
Date: Tue, 19 Jul 2022 14:18:04 +0200
Subject: [PATCH 091/116] web-add generate-ssl-certificate: FALSE option should
 match documented case

---
 scripts/web-add.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index 1e1ea00..ac452d7 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -944,7 +944,7 @@ op_generatesslcertificate() {
         vhost="$1"
         test_mode="$2"
 
-        if [ "$test_mode" = "false" ]; then
+        if [ "$test_mode" = "FALSE" ]; then
             if [ -L /etc/letsencrypt/$vhost/live ]; then
                 rm /etc/letsencrypt/$vhost/live
             fi

From 2301b0cba5bf8db3d47a3cdef2e276f51589a0ea Mon Sep 17 00:00:00 2001
From: David Prevot 
Date: Tue, 19 Jul 2022 14:24:33 +0200
Subject: [PATCH 092/116] web-add generate-ssl-certificate: improve FALSE
 option documentation

---
 scripts/web-add.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index ac452d7..db39499 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -166,10 +166,10 @@ generate-csr LOGIN DOMAINS
 
     Generate the request for the Let's Encrypt certificate
 
-generate-ssl-certificate LOGIN [TRUE | FALSE]
+generate-ssl-certificate LOGIN [FALSE]
 
     Generate the Let's Encrypt certificate
-    Run in TEST mode if TRUE
+    Run in TEST mode unless FALSE
 
 EOT
 }

From e257ee242b5c9219c9eac42c26d1b77018ed11df Mon Sep 17 00:00:00 2001
From: David Prevot 
Date: Tue, 19 Jul 2022 16:39:17 +0200
Subject: [PATCH 093/116] web-add generate-ssl-certificate: false option should
 be documented as is

As fb78d2a9ed, but the other way around: update only the documentation
instead of the code, so that existing use does not change.
---
 scripts/web-add.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index db39499..3ba2c67 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -166,10 +166,10 @@ generate-csr LOGIN DOMAINS
 
     Generate the request for the Let's Encrypt certificate
 
-generate-ssl-certificate LOGIN [FALSE]
+generate-ssl-certificate LOGIN [false]
 
     Generate the Let's Encrypt certificate
-    Run in TEST mode unless FALSE
+    Run in TEST mode unless "false" is used
 
 EOT
 }
@@ -944,7 +944,7 @@ op_generatesslcertificate() {
         vhost="$1"
         test_mode="$2"
 
-        if [ "$test_mode" = "FALSE" ]; then
+        if [ "$test_mode" = "false" ]; then
             if [ -L /etc/letsencrypt/$vhost/live ]; then
                 rm /etc/letsencrypt/$vhost/live
             fi

From 9913579bb08f053cedbdaf3476bce0ac17e76e82 Mon Sep 17 00:00:00 2001
From: William Hirigoyen 
Date: Mon, 31 Oct 2022 14:40:19 +0100
Subject: [PATCH 094/116] Fix drop database when contains dash

---
 scripts/web-add.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index 3ba2c67..503abcb 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -814,7 +814,7 @@ op_del() {
 
     if [ -n "$dbname" ]; then
         set -x
-        echo "DROP DATABASE $dbname; delete from mysql.user where user='$login' ; FLUSH PRIVILEGES;" | mysql $MYSQL_OPTS
+        echo "DROP DATABASE \`$dbname\`; delete from mysql.user where user=\`$login\`; FLUSH PRIVILEGES;" | mysql $MYSQL_OPTS
         set +x
     fi
 }

From 67d0c45d79e63dc34f23edda08ac0aff620c8b0f Mon Sep 17 00:00:00 2001
From: William Hirigoyen 
Date: Tue, 8 Nov 2022 17:30:05 +0100
Subject: [PATCH 095/116] Fix bug introduced in 9913579bb0 (MariaDB does not
 support backtics in where clause).

---
 scripts/web-add.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index 503abcb..2d413de 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -814,7 +814,7 @@ op_del() {
 
     if [ -n "$dbname" ]; then
         set -x
-        echo "DROP DATABASE \`$dbname\`; delete from mysql.user where user=\`$login\`; FLUSH PRIVILEGES;" | mysql $MYSQL_OPTS
+        echo "DROP DATABASE \`$dbname\`; delete from mysql.user where user='$login'; FLUSH PRIVILEGES;" | mysql $MYSQL_OPTS
         set +x
     fi
 }

From f65dd98bb10434a4cdebb69ab620deb921f951e5 Mon Sep 17 00:00:00 2001
From: Ludovic Poujol 
Date: Thu, 7 Jul 2022 11:57:03 +0200
Subject: [PATCH 096/116] Web-add.sh: Add a version number (+ command to fetch
 it)

---
 scripts/web-add.sh | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index 2d413de..832dacc 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -14,6 +14,7 @@
 
 set -e
 
+VERSION="22.07"
 HOME="/root"
 CONTACT_MAIL="jdoe@example.org"
 WWWBOUNCE_MAIL="jdoe@example.org"
@@ -58,6 +59,7 @@ config_file="/etc/evolinux/web-add.conf"
 usage() {
     cat <&2
 
+Evoadmin web tooling - Version $VERSION
 Usage: $0 COMMAND [ARG]
 
 add [ [OPTIONS] LOGIN WWWDOMAIN ]
@@ -171,6 +173,10 @@ generate-ssl-certificate LOGIN [false]
     Generate the Let's Encrypt certificate
     Run in TEST mode unless "false" is used
 
+version 
+
+    Obtain the script version
+
 EOT
 }
 
@@ -914,6 +920,9 @@ arg_processing() {
         generate-ssl-certificate)
             op_generatesslcertificate "$@"
             ;;
+        version)
+            op_version "$@"
+            ;;
         *)
             usage
             ;;
@@ -1402,5 +1411,10 @@ op_checkvhosts() {
 	done
 }
 
+# Return web-add.sh version
+op_version(){
+    echo "$VERSION"
+}
+
 # Point d'entrée
 arg_processing "$@"

From ebb4f1c20ca289f375cd4631b9cfe225fc8097d4 Mon Sep 17 00:00:00 2001
From: Ludovic Poujol 
Date: Mon, 21 Nov 2022 17:15:47 +0100
Subject: [PATCH 097/116] ftpadmin.sh - Correction regression listing des
 comptes introduite par d6c39be117defbe549bc4a3fd28eeb92531e27be

---
 scripts/ftpadmin.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/ftpadmin.sh b/scripts/ftpadmin.sh
index bc71876..612bd49 100755
--- a/scripts/ftpadmin.sh
+++ b/scripts/ftpadmin.sh
@@ -59,7 +59,7 @@ log_msg() {
 
 get_user_login_by_UID() {
     uid=$1
-    grep "$uid" /etc/passwd | awk -F : '{if ($3==$uid) print $1}'
+    grep "$uid" /etc/passwd | awk -F : "{if (\$3==$uid) print \$1}"
 }
 
 list_accounts_by_UID() {

From 68799f7e5f03d8ca4fc8f0c67e50e5838ddfb1a8 Mon Sep 17 00:00:00 2001
From: Ludovic Poujol 
Date: Mon, 21 Nov 2022 17:25:19 +0100
Subject: [PATCH 098/116] Correction bug suppression compte

---
 scripts/ftpadmin.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/ftpadmin.sh b/scripts/ftpadmin.sh
index 612bd49..e99888c 100755
--- a/scripts/ftpadmin.sh
+++ b/scripts/ftpadmin.sh
@@ -121,7 +121,7 @@ delete_account() {
 
   account_name=$1
 
-  ftpasswd --passwd --file=$VPASSWD_PATH --name="$account_name" --uid=9999 --gid=9999 --home=/dev/null --shell=/dev/null --delete-user
+  ftpasswd --passwd --file=$VPASSWD_PATH --name="$account_name" --delete-user
   log_msg "Suppression du compte $account_name"
 }
 

From ad68e298dd144c193689497ad66baed69b573d49 Mon Sep 17 00:00:00 2001
From: William Hirigoyen 
Date: Fri, 9 Dec 2022 15:30:11 +0100
Subject: [PATCH 099/116] =?UTF-8?q?V=C3=A9rCheck=20chars=20[:/]=20are=20no?=
 =?UTF-8?q?t=20in=20the=20domain=20name=20(in=20case=20of=20confusion=20wi?=
 =?UTF-8?q?th=20URL)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 scripts/web-add.sh | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index 832dacc..443fecc 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -236,6 +236,15 @@ validate_wwwdomain() {
         in_error "Le nom de domaine est obligatoire"
         return 1
     fi
+    case "$wwwdomain" in
+        *'/'*)
+            in_error "Le caractère / n'est pas autorisé. Avez-vous confondu nom de domaine (example.com) et URL (https://example.com) ?"
+            return 1;;
+        *':'*)
+            in_error "Le caractère : n'est pas autorisé. Avez-vous confondu nom de domaine (example.com) et URL (https://example.com) ?"
+            return 1;;
+    esac
+
     return 0
 }
 

From 77f5076c88037b6d35480d5d42b1219778f31bb0 Mon Sep 17 00:00:00 2001
From: Ludovic Poujol 
Date: Wed, 15 Feb 2023 11:35:21 +0100
Subject: [PATCH 100/116] Move common.php outside of the DocumentRoot

---
 htdocs/index.php           |  2 +-
 {htdocs => inc}/common.php | 20 +++++++++++++++++++-
 2 files changed, 20 insertions(+), 2 deletions(-)
 rename {htdocs => inc}/common.php (90%)

diff --git a/htdocs/index.php b/htdocs/index.php
index 5e90a4e..71681f7 100755
--- a/htdocs/index.php
+++ b/htdocs/index.php
@@ -30,7 +30,7 @@ header('Content-Type: text/html; charset=utf-8');
 /**
  * Requires
  */
-require_once EVOADMIN_BASE . 'common.php';
+require_once EVOADMIN_BASE . '../inc/common.php';
 
 
 $uri = $_SERVER['REQUEST_URI'];
diff --git a/htdocs/common.php b/inc/common.php
similarity index 90%
rename from htdocs/common.php
rename to inc/common.php
index 7ae18b9..129ae90 100644
--- a/htdocs/common.php
+++ b/inc/common.php
@@ -1,5 +1,4 @@
  1;
 }
 
+/**
+ *  Webadd
+ *
+ * @return boolean - True when it's a multi PHP system
+ */
+function run_webadd_cmd($command) {
+    global $conf;
+
+    $cmd = 'web-add.sh '. $command;
+
+    $data_output = null;
+    $exec_return = null;
+    sudoexec($cmd, $data_output, $exec_return);
+
+
+    return $data_output;
+}
+
+
 /**
  * Includes
  */

From 66c159a6251c5c06525709ca2db90142754a52dc Mon Sep 17 00:00:00 2001
From: Ludovic Poujol 
Date: Wed, 15 Feb 2023 11:36:25 +0100
Subject: [PATCH 101/116] Display the web-add.sh version

---
 inc/auth.php       | 2 ++
 tpl/header.tpl.php | 6 +++---
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/inc/auth.php b/inc/auth.php
index 791bca1..c92dbc6 100644
--- a/inc/auth.php
+++ b/inc/auth.php
@@ -20,6 +20,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST)) {
         $_SESSION['auth'] = true;
         $_SESSION['user'] = $input_username;
         $_SESSION['user_id'] = posix_getpwnam($input_username) ? posix_getpwnam($input_username)['uid'] : 65534;
+        $_SESSION['cli_version'] = run_webadd_cmd('version')[0];
         unset($_SESSION['error']);
 
     } elseif (isset($conf['logins'][$input_username]) && strlen($conf['logins'][$input_username]) == 64 && hash("sha256",$input_password) === $conf['logins'][$input_username]) {
@@ -27,6 +28,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST)) {
         $_SESSION['auth'] = true;
         $_SESSION['user'] = $input_username;
         $_SESSION['user_id'] = posix_getpwnam($input_username) ? posix_getpwnam($input_username)['uid'] : 65534;
+        $_SESSION['cli_version'] = run_webadd_cmd('version')[0];
         unset($_SESSION['error']);
 
     } else {
diff --git a/tpl/header.tpl.php b/tpl/header.tpl.php
index 85a81f7..e1e6fab 100644
--- a/tpl/header.tpl.php
+++ b/tpl/header.tpl.php
@@ -21,7 +21,7 @@
 
 
 
-EvoAdmin - Powered by Evolix
+Evoadmin-web - Powered by Evolix
 
 
 
@@ -31,10 +31,10 @@
 
 
 

-    
EvoAdmin
+    
Evoadmin-web
         
Date: Wed, 15 Feb 2023 12:04:59 +0100
Subject: [PATCH 102/116] Account deletion > Use mysql "DROP USER"

Instead of messing directly with mysql internal tables
Closes #78
---
 scripts/web-add.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index 443fecc..cb6ccea 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -829,7 +829,7 @@ op_del() {
 
     if [ -n "$dbname" ]; then
         set -x
-        echo "DROP DATABASE \`$dbname\`; delete from mysql.user where user='$login'; FLUSH PRIVILEGES;" | mysql $MYSQL_OPTS
+        echo "DROP DATABASE \`$dbname\`; DROP USER \`$login\`@localhost; FLUSH PRIVILEGES;" | mysql $MYSQL_OPTS
         set +x
     fi
 }

From 63dfa3af99e3bbaa728c362c9d3bf3a8cff29a01 Mon Sep 17 00:00:00 2001
From: Ludovic Poujol 
Date: Mon, 20 Feb 2023 10:34:41 +0100
Subject: [PATCH 103/116] web-add.sh > Correct deletion order

Closes #76
---
 scripts/web-add.sh | 72 +++++++++++++++++++++++++---------------------
 1 file changed, 39 insertions(+), 33 deletions(-)

diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index cb6ccea..36439f0 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -748,6 +748,7 @@ op_del() {
         fi
     fi
 
+
     set -x
     # Crontab dump needs to be done **before** user deletion
     if crontab -l -u "$login"; then
@@ -755,40 +756,13 @@ op_del() {
         crontab -r -u "$login"
     fi
 
-    if [ "$WEB_SERVER" == "apache" ]; then
-        if id www-"$login" &> /dev/null; then
-            userdel -f www-"$login"
-        fi
-    fi
-    userdel -f "$login"
-    for php_version in "${PHP_VERSIONS[@]}"; do
-        if lxc-attach -n php"${php_version}" -- id www-"$login" &> /dev/null; then
-            lxc-attach -n php"${php_version}" -- userdel -f www-"$login"
-        fi
-        lxc-attach -n php"${php_version}" -- userdel -f "$login"
-    done
-    sed -i.bak "/^$login:/d" /etc/aliases
-    if [ "$WEB_SERVER" == "apache" ]; then
-        sed -i.bak "/^www-$login:/d" /etc/aliases
-    fi
-
-    if grep -qE '^AllowUsers' /etc/ssh/sshd_config; then
-        sed -i "s/^AllowUsers .*/& $in_login/" /etc/ssh/sshd_config
-        /etc/init.d/ssh reload
-    fi
-
-    if [ -d "$HOME_DIR/$login" ]; then
-        mv -i $HOME_DIR/"$login" $HOME_DIR/"$login"."$(date '+%Y%m%d-%H%M%S')".bak
-    else
-        echo "warning : $HOME_DIR/$login does not exist"
-    fi
-
+    # Deactivate web vhost (apache or nginx)
     if [ "$WEB_SERVER" == "apache" ]; then
         a2dissite "${login}.conf"
         rm /etc/apache2/sites-available/"$login.conf"
-        rm /etc/awstats/awstats."$login.conf"
-        sed -i.bak "/-config=$login /d" /etc/cron.d/awstats
+
         apache2ctl configtest
+
         for php_version in "${PHP_VERSIONS[@]}"; do
             if [ "$php_version" = "70" ]; then
                 phpfpm_dir="/etc/php/7.0/fpm/pool.d/"
@@ -812,15 +786,47 @@ op_del() {
             rm /var/lib/lxc/php"${php_version}"/rootfs/${phpfpm_dir}/"${login}".conf
             lxc-attach -n php"${php_version}" -- $initscript_path restart >/dev/null
         done
-    elif [ "$WEB_SERVER" == "nginx" ]; then
 
+    elif [ "$WEB_SERVER" == "nginx" ]; then
         rm /etc/nginx/sites-{available,enabled}/"$login"
-        rm /etc/awstats/awstats."$login.conf"
         rm /etc/munin/plugins/phpfpm_"${in_login}"*
-        sed -i.bak "/-config=$login/d" /etc/cron.d/awstats
         nginx -t
     fi
 
+    rm /etc/awstats/awstats."$login.conf"
+    sed -i.bak "/-config=$login /d" /etc/cron.d/awstats
+
+    if [ "$WEB_SERVER" == "apache" ]; then
+        if id www-"$login" &> /dev/null; then
+            userdel -f www-"$login"
+        fi
+
+        for php_version in "${PHP_VERSIONS[@]}"; do
+            if lxc-attach -n php"${php_version}" -- id www-"$login" &> /dev/null; then
+                lxc-attach -n php"${php_version}" -- userdel -f www-"$login"
+            fi
+            lxc-attach -n php"${php_version}" -- userdel -f "$login"
+        done
+    fi
+
+    userdel -f "$login"
+
+    sed -i.bak "/^$login:/d" /etc/aliases
+    if [ "$WEB_SERVER" == "apache" ]; then
+        sed -i.bak "/^www-$login:/d" /etc/aliases
+    fi
+
+    if grep -qE '^AllowUsers' /etc/ssh/sshd_config; then
+        sed -i "s/^AllowUsers .*/& $in_login/" /etc/ssh/sshd_config
+        /etc/init.d/ssh reload
+    fi
+
+    if [ -d "$HOME_DIR/$login" ]; then
+        mv -i $HOME_DIR/"$login" $HOME_DIR/"$login"."$(date '+%Y%m%d-%H%M%S')".bak
+    else
+        echo "warning : $HOME_DIR/$login does not exist"
+    fi
+
     if [ -d /etc/letsencrypt/"$login" ]; then
         rm -r /etc/letsencrypt/"$login"
     fi

From fbc48755b0b75eb8163b698f73e16184ec8c9a4d Mon Sep 17 00:00:00 2001
From: Ludovic Poujol 
Date: Mon, 20 Feb 2023 10:44:43 +0100
Subject: [PATCH 104/116] Introducing a changelog (filled with 2023 changes)

---
 CHANGELOG.md | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 CHANGELOG.md

diff --git a/CHANGELOG.md b/CHANGELOG.md
new file mode 100644
index 0000000..5fade96
--- /dev/null
+++ b/CHANGELOG.md
@@ -0,0 +1,28 @@
+# Changelog
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).
+
+This project does not follow semantic versioning.
+The **major** part of the version is the year
+The **minor** part changes is the month
+The **patch** part changes is incremented if multiple releases happen the same month
+
+## [Unreleased]
+
+### Added
+
+* web : Display web-add.sh version
+
+### Changed
+
+### Fixed
+
+* web-add.sh : Deleting mysql user with DROP USER to stay compatible with MariaDB 10.5+ - #78
+* web-add.sh : Correcting deletion order to avoid dependency issues - #76
+
+### Removed
+
+### Security
+
+

From d2365e133b202cf9dc8032c38461f22358ca43b0 Mon Sep 17 00:00:00 2001
From: Ludovic Poujol 
Date: Mon, 20 Feb 2023 11:19:08 +0100
Subject: [PATCH 105/116] Big update of projet reame

Translated to english, changed contribution guidelines (same as ansible-roles)
Removed old TODO/INSTALL file
---
 CHANGELOG.md  |   2 +
 INSTALL       |   1 -
 README.md     | 250 ++++++--------------------------------------------
 README.old.md | 180 ++++++++++++++++++++++++++++++++++++
 TODO          |   7 --
 5 files changed, 210 insertions(+), 230 deletions(-)
 delete mode 100644 INSTALL
 create mode 100644 README.old.md
 delete mode 100644 TODO

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5fade96..0f26c16 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -16,6 +16,8 @@ The **patch** part changes is incremented if multiple releases happen the same m
 
 ### Changed
 
+* Readme.md : Translated to english. New contribution guidelines and misc information
+
 ### Fixed
 
 * web-add.sh : Deleting mysql user with DROP USER to stay compatible with MariaDB 10.5+ - #78
diff --git a/INSTALL b/INSTALL
deleted file mode 100644
index 92bba47..0000000
--- a/INSTALL
+++ /dev/null
@@ -1 +0,0 @@
-* Ajouter les autorisations sudo nécessaires
diff --git a/README.md b/README.md
index c6e9303..a96e0be 100644
--- a/README.md
+++ b/README.md
@@ -1,242 +1,48 @@
-# evoadmin-web
+# Evoadmin-web
 
-Panel d'administration de serveur web et scripts shell.
+Web interface and management scripts for web hosting
 
 Project leader : ?
 
-## Versions
+## Versions & Branches
 
- * Stable Wheezy → git checkout wheezy
- * Stable Jessie → git checkout jessie
- * Stretch → master
+The `master` branch is ready for production. 
+It's compatible with the current Debian version (and few previous ones)
+
+Code for older Debian releases (Wheezy, Jessie) is archived on separate branches.
+
+The `unstable` branch contains not sufficiently tested changes that we don't consider ready for production yet.
+
+### Versions 
+
+* Debian Stretch, Buster, Bullseye → use branch `master` (current stable version)
+* Debian Jessie → use branch `jessie` (old, archive branch)
+* Debian Wheezy → use branch `wheezy` (old, archive branch)
 
 ## Installation
 
-Via ansible avec le role packweb-apache. Le role webapps/evoadmin-web en dépendance se charge de l'installation de l'interface et de ses scripts.
+Installation should be done with Ansible. 
+The role `packweb-apache` will handle all dependencies (Apache, PHP, MariaDB...) installation and configuration.
+It will also use the role `webapps/evoadmin-web` to setup the web-interface and management sw
 
-### Manuelle
+### Manually
 
 TODO
 
+## Contributing
 
-### Activation du mode Multi PHP avec des conteneurs LXC
+Contributions are welcome, especially bug fixes. They will be merged in if they are consistent with our conventions and use cases. They might be rejected if they introduce complexity, cover features we don't need or don't fit "style".
 
-Installer les paquets nécessaires :
+Before starting anything of importance, we suggest opening an issue to discuss what you'd like to add or change.
 
-~~~
-# apt install lxc debootstrap
-~~~
+All modifications should be documented in the CHANGELOG file, to help review releases. We encourage atomic commits and with the CHANGELOG in the same commit.
 
-Modifier la configuration de LXC :
+# Workflow
 
-~~~
-# cat /etc/lxc/default.conf
+The ideal and most typical workflow is to create a branch, based on the `unstable` branch. The branch should have a descriptive name (a ticket/issue number is great). The branch can be treated as a pull-request or merge-request. It should be propery tested and reviewed before merging into `unstable`.
 
-# Set the default network virtualization method.
-lxc.network.type = none
+Changes that don't introduce significant changes — or that must go faster that the typical workflow — can be commited directly into `unstable`.
 
-# Mount /home into containers.
-lxc.mount.entry = /home home none bind 0 0
+Hotfixes, can be prepared on a new branch, based on `master` or `unstable` (to be decided by the author). When ready, it can be merged back to `master` for immediate deployment and to `unstable` for proper backporting.
 
-# Only one tty is enough.
-# This require that you disabled others tty ([2-6]) in systemd.
-lxc.tty = 1
-
-# Run 64bits containers
-lxc.arch = x86_64
-
-# Start containers on boot by default
-lxc.start.auto = 1
-~~~
-
-Dans cette configuration, les containers LXC n'ont pas leur interface réseau virtualisée. Et /home de l'hôte est partagé dans les containers.
-
-#### PHP 5.6
-
-On installe un conteneur Debian Jessie :
-
-~~~
-# lxc-create --name php56 --template debian --bdev dir --logfile /var/log/lxc/lxc-php56.log --logpriority INFO -- --arch amd64 --release jessie
-~~~
-
-Puis on installe les paquets PHP 5.6 dans ce conteneur :
-
-~~~
-# lxc-start -n php56
-# lxc-attach -n php56 apt install php5-fpm php5-cli php5-gd php5-imap php5-ldap php5-mcrypt php5-mysql php5-pgsql php-gettext php5-intl php5-curl php5-ssh2 libphp-phpmailer
-~~~
-
-#### PHP 7.0
-
-On installe un conteneur Debian Stretch :
-
-~~~
-# lxc-create --name php70 --template debian --bdev dir --logfile /var/log/lxc/lxc-php70.log --logpriority INFO -- --arch amd64 --release stretch
-~~~
-
-Puis on installe les paquets PHP 7.0 dans ce conteneur :
-
-~~~
-# lxc-start -n php70
-# lxc-attach -n php70 apt install php-fpm php-cli php-gd php-intl php-imap php-ldap php-mcrypt php-mysql php-pgsql php-gettext php-curl php-ssh2 composer libphp-phpmailer
-~~~
-
-#### PHP 7.3
-
-On installe un conteneur Debian Stretch :
-
-~~~
-# lxc-create --name php73 --template debian --bdev dir --logfile /var/log/lxc/lxc-php73.log --logpriority INFO -- --arch amd64 --release stretch
-~~~
-
-Puis on installe les paquets PHP 7.3 dans ce conteneur :
-
-~~~
-# lxc-start -n php73
-# lxc-attach -n php73
-
-# apt-get update && apt-get install -y --no-install-recommends wget apt-transport-https ca-certificates gnupg
-# curl https://packages.sury.org/php/apt.gpg | apt-key add
-# echo "deb https://packages.sury.org/php/ stretch main" > /etc/apt/sources.list.d/sury.list
-# apt-get update && apt-get install -y --no-install-recommends php7.3 php7.3-fpm php7.3-cli php7.3-curl php7.3-mysql php7.3-pgsql php7.3-ldap php7.3-imap php7.3-gd php-ssh2 php-gettext composer libphp-phpmailer
-~~~
-
-#### Pour toutes les versions de PHP
-
-Dans les containers, il faut ajouter le fichier **z-evolinux-defaults.ini** dans le dossier **conf.d** des réglages de PHP FPM et CLI
-
-> Pour PHP5 **/etc/php5/fpm/conf.d/z-evolinux-defaults.ini** et  **/etc/php5/cli/conf.d/z-evolinux-defaults.ini**
->
-> Pour PHP7.0  **/etc/php/7.0/fpm/conf.d/z-evolinux-defaults.ini** et  **/etc/php/7.0/cli/conf.d/z-evolinux-defaults.ini**
->
-> Pour PHP7.3  **/etc/php/7.3/fpm/conf.d/z-evolinux-defaults.ini** et **/etc/php/7.3/cli/conf.d/z-evolinux-defaults.ini**
-
-~~~
-[PHP]
-short_open_tag = Off
-expose_php = Off
-display_errors = Off
-log_errors = On
-html_errors = Off
-allow_url_fopen = Off
-disable_functions = exec,shell-exec,system,passthru,putenv,popen
-~~~
-
-Après cela, il faut redémarrer FPM
-
-~~~
-# lxc-attach -n php56 /etc/init.d/php5-fpm restart
-# lxc-attach -n php70 /etc/init.d/php7.0-fpm restart
-# lxc-attach -n php73 /etc/init.d/php7.3-fpm restart
-~~~
-
-Une fois les conteneurs installés, il faut configurer evoadmin-web pour lui indiquer les versions disponibles de PHP dans **/etc/evolinux/web-add.conf** (pour *web-add.sh*) et dans  **/home/evoadmin/www/conf/config.local.php** pour l'interface web
-
-~~~
-# cat /etc/evolinux/web-add.conf
-#(...)
-PHP_VERSIONS=(56 70 73)
-#(...)
-~~~
-
-~~~
-# cat /home/evoadmin/www/conf/config.local.php
-// (...)
-$localconf['php_versions'] = array(70, 73);
-// (...)
-~~~
-
-#### Apache
-
-Il est nécessaire d'activer le mod proxy pour apache2 si ce n'a pas déjà été fait :
-
-~~~
-# a2enmod proxy_fcgi
-# systemctl restart apache2.service
-~~~
-
-Si vous rencontrez l'erreur "File not found" avec les fichiers php, bien vérifier que le rootfs des conteneurs est en 755 :
-
-~~~
-# chmod 755 /var/lib/lxc/php56/rootfs
-# chmod 755 /var/lib/lxc/php70/rootfs
-# chmod 755 /var/lib/lxc/php73/rootfs
-~~~
-
-#### Email
-
-Pour envoyer des mails, on peut installer **ssmtp** qui va forwarder les mails du conteneur vers l'hôte (à faire par conteneur via lxc-attach) :
-
-Avant d'installer le paquet, il faut ajouter le hostname du conteneur dans **/etc/hosts**, sinon la configuration du paquet retourne une erreur :
-
-~~~
-127.0.0.1     php70
-~~~
-
-~~~
-# apt install ssmtp
-~~~
-
-Editer **/etc/ssmtp/ssmtp.conf** (remplacer example.com par le hostname complet de votre machine) :
-
-~~~
-root=postmaster
-mailhub=127.0.0.1
-hostname=example.com
-FromLineOverride=YES
-~~~
-
-#### PHP-CLI
-
-
-~~~
-$ cat /usr/local/bin/exec73
-#!/bin/bash
-
-php_cmd=$(printf "/usr/bin/php %q" "$@" )
-lxc-attach -n php73 -- su - "$SUDO_USER" -c "$php_cmd"
-~~~
-
-Il faut ensuite s'assurer que ce script peut être exécuté via sudo.
-
-
-
-## Méthodes de collaboration
-
-Lire le fichier GUIDELINES.
-
-Chaque version stable a le nom de la version Debian dans une branche. (Wheezy, Jessie, …)
-On ne touche pas à ces branches, sauf pour corriger un bug critique,
-qu'on appellera dans le commit "Hotfix #IDBugRedmine. Description du commit/bug".
-Le project leader se charge de merger les futures version (wheezy-dev, jessie-dev, …)
-dans la branche stable et de faire un changelog.
-
-Chaque version de redmine est prévu à l'avance dans la roadmap de Redmine.
-Quand une version de développement est terminé (tout les bugs fermés),
-on utilisera les tags pour se repérer dans l'historique GIT.
-Puis une fois que la version est décrété stable, elle sera mergé dans la branche stable.
-
-Pour travailler sur une version spécifique, il faut travailler dans la branche "$release".
-Voir les branches sur le remote :
-
-```
-$ git branch -r
-  origin/jessie-dev
-  origin/wheezy-dev
-  origin/wheezy
-```
-
-Il suffira de « checkout » dessus, et commencer à commiter. Les commits doivent
-être nommés "Implement #IDBugRedmine. Description feature." ou
-"Fix #IDBugRedmine. Description correction du bug.".
-
-```
-$ git checkout wheezy-dev
-[…] hack hack […]
-$ git commit
-$ git push
-```
-
-## Licence
-
-Evoadmin-web est un projet [Evolix](https://evolix.com) et est distribué sour licence AGPLv3, voir le fichier [LICENSE](LICENSE) pour les détails.
+Other workflow are not forbidden, but should be discussed in advance.
diff --git a/README.old.md b/README.old.md
new file mode 100644
index 0000000..3f483cc
--- /dev/null
+++ b/README.old.md
@@ -0,0 +1,180 @@
+
+### Activation du mode Multi PHP avec des conteneurs LXC
+
+Installer les paquets nécessaires :
+
+~~~
+# apt install lxc debootstrap
+~~~
+
+Modifier la configuration de LXC :
+
+~~~
+# cat /etc/lxc/default.conf
+
+# Set the default network virtualization method.
+lxc.network.type = none
+
+# Mount /home into containers.
+lxc.mount.entry = /home home none bind 0 0
+
+# Only one tty is enough.
+# This require that you disabled others tty ([2-6]) in systemd.
+lxc.tty = 1
+
+# Run 64bits containers
+lxc.arch = x86_64
+
+# Start containers on boot by default
+lxc.start.auto = 1
+~~~
+
+Dans cette configuration, les containers LXC n'ont pas leur interface réseau virtualisée. Et /home de l'hôte est partagé dans les containers.
+
+#### PHP 5.6
+
+On installe un conteneur Debian Jessie :
+
+~~~
+# lxc-create --name php56 --template debian --bdev dir --logfile /var/log/lxc/lxc-php56.log --logpriority INFO -- --arch amd64 --release jessie
+~~~
+
+Puis on installe les paquets PHP 5.6 dans ce conteneur :
+
+~~~
+# lxc-start -n php56
+# lxc-attach -n php56 apt install php5-fpm php5-cli php5-gd php5-imap php5-ldap php5-mcrypt php5-mysql php5-pgsql php-gettext php5-intl php5-curl php5-ssh2 libphp-phpmailer
+~~~
+
+#### PHP 7.0
+
+On installe un conteneur Debian Stretch :
+
+~~~
+# lxc-create --name php70 --template debian --bdev dir --logfile /var/log/lxc/lxc-php70.log --logpriority INFO -- --arch amd64 --release stretch
+~~~
+
+Puis on installe les paquets PHP 7.0 dans ce conteneur :
+
+~~~
+# lxc-start -n php70
+# lxc-attach -n php70 apt install php-fpm php-cli php-gd php-intl php-imap php-ldap php-mcrypt php-mysql php-pgsql php-gettext php-curl php-ssh2 composer libphp-phpmailer
+~~~
+
+#### PHP 7.3
+
+On installe un conteneur Debian Stretch :
+
+~~~
+# lxc-create --name php73 --template debian --bdev dir --logfile /var/log/lxc/lxc-php73.log --logpriority INFO -- --arch amd64 --release stretch
+~~~
+
+Puis on installe les paquets PHP 7.3 dans ce conteneur :
+
+~~~
+# lxc-start -n php73
+# lxc-attach -n php73
+
+# apt-get update && apt-get install -y --no-install-recommends wget apt-transport-https ca-certificates gnupg
+# curl https://packages.sury.org/php/apt.gpg | apt-key add
+# echo "deb https://packages.sury.org/php/ stretch main" > /etc/apt/sources.list.d/sury.list
+# apt-get update && apt-get install -y --no-install-recommends php7.3 php7.3-fpm php7.3-cli php7.3-curl php7.3-mysql php7.3-pgsql php7.3-ldap php7.3-imap php7.3-gd php-ssh2 php-gettext composer libphp-phpmailer
+~~~
+
+#### Pour toutes les versions de PHP
+
+Dans les containers, il faut ajouter le fichier **z-evolinux-defaults.ini** dans le dossier **conf.d** des réglages de PHP FPM et CLI
+
+> Pour PHP5 **/etc/php5/fpm/conf.d/z-evolinux-defaults.ini** et  **/etc/php5/cli/conf.d/z-evolinux-defaults.ini**
+>
+> Pour PHP7.0  **/etc/php/7.0/fpm/conf.d/z-evolinux-defaults.ini** et  **/etc/php/7.0/cli/conf.d/z-evolinux-defaults.ini**
+>
+> Pour PHP7.3  **/etc/php/7.3/fpm/conf.d/z-evolinux-defaults.ini** et **/etc/php/7.3/cli/conf.d/z-evolinux-defaults.ini**
+
+~~~
+[PHP]
+short_open_tag = Off
+expose_php = Off
+display_errors = Off
+log_errors = On
+html_errors = Off
+allow_url_fopen = Off
+disable_functions = exec,shell-exec,system,passthru,putenv,popen
+~~~
+
+Après cela, il faut redémarrer FPM
+
+~~~
+# lxc-attach -n php56 /etc/init.d/php5-fpm restart
+# lxc-attach -n php70 /etc/init.d/php7.0-fpm restart
+# lxc-attach -n php73 /etc/init.d/php7.3-fpm restart
+~~~
+
+Une fois les conteneurs installés, il faut configurer evoadmin-web pour lui indiquer les versions disponibles de PHP dans **/etc/evolinux/web-add.conf** (pour *web-add.sh*) et dans  **/home/evoadmin/www/conf/config.local.php** pour l'interface web
+
+~~~
+# cat /etc/evolinux/web-add.conf
+#(...)
+PHP_VERSIONS=(56 70 73)
+#(...)
+~~~
+
+~~~
+# cat /home/evoadmin/www/conf/config.local.php
+// (...)
+$localconf['php_versions'] = array(70, 73);
+// (...)
+~~~
+
+#### Apache
+
+Il est nécessaire d'activer le mod proxy pour apache2 si ce n'a pas déjà été fait :
+
+~~~
+# a2enmod proxy_fcgi
+# systemctl restart apache2.service
+~~~
+
+Si vous rencontrez l'erreur "File not found" avec les fichiers php, bien vérifier que le rootfs des conteneurs est en 755 :
+
+~~~
+# chmod 755 /var/lib/lxc/php56/rootfs
+# chmod 755 /var/lib/lxc/php70/rootfs
+# chmod 755 /var/lib/lxc/php73/rootfs
+~~~
+
+#### Email
+
+Pour envoyer des mails, on peut installer **ssmtp** qui va forwarder les mails du conteneur vers l'hôte (à faire par conteneur via lxc-attach) :
+
+Avant d'installer le paquet, il faut ajouter le hostname du conteneur dans **/etc/hosts**, sinon la configuration du paquet retourne une erreur :
+
+~~~
+127.0.0.1     php70
+~~~
+
+~~~
+# apt install ssmtp
+~~~
+
+Editer **/etc/ssmtp/ssmtp.conf** (remplacer example.com par le hostname complet de votre machine) :
+
+~~~
+root=postmaster
+mailhub=127.0.0.1
+hostname=example.com
+FromLineOverride=YES
+~~~
+
+#### PHP-CLI
+
+
+~~~
+$ cat /usr/local/bin/exec73
+#!/bin/bash
+
+php_cmd=$(printf "/usr/bin/php %q" "$@" )
+lxc-attach -n php73 -- su - "$SUDO_USER" -c "$php_cmd"
+~~~
+
+Il faut ensuite s'assurer que ce script peut être exécuté via sudo.
\ No newline at end of file
diff --git a/TODO b/TODO
deleted file mode 100644
index 99a0091..0000000
--- a/TODO
+++ /dev/null
@@ -1,7 +0,0 @@
-* Verification des paramètres passés dans le script ftpadmin.sh
-* Vérifier lors de la suppression que c'est bien la personne a qui appartient le compte qui lance la commande
-* Tableau "sortable" (TableKit ?)
-* Mettre en place EvoLog et logger la sortie des scripts
-* Validation plus (très) stricte sur les entrées de formulaire
-* Listage des comptes utilisateurs
-* Total espace disque FTP

From f77ce6e590fb69d1b970705f22243b74808c1970 Mon Sep 17 00:00:00 2001
From: Ludovic Poujol 
Date: Mon, 20 Feb 2023 11:52:13 +0100
Subject: [PATCH 106/116] Release 23.02

---
 CHANGELOG.md       | 15 +++++++++++++++
 scripts/web-add.sh |  2 +-
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0f26c16..3fb25fd 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,6 +12,19 @@ The **patch** part changes is incremented if multiple releases happen the same m
 
 ### Added
 
+### Changed
+
+### Fixed
+
+### Removed
+
+### Security
+
+
+## [23.02] 2023-02-20
+
+### Added
+
 * web : Display web-add.sh version
 
 ### Changed
@@ -28,3 +41,5 @@ The **patch** part changes is incremented if multiple releases happen the same m
 ### Security
 
 
+
+
diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index 36439f0..5b076d8 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -14,7 +14,7 @@
 
 set -e
 
-VERSION="22.07"
+VERSION="23.02"
 HOME="/root"
 CONTACT_MAIL="jdoe@example.org"
 WWWBOUNCE_MAIL="jdoe@example.org"

From a7f718c073bf6af2d36ef795da02305f6170ab42 Mon Sep 17 00:00:00 2001
From: Brice Waegeneire 
Date: Fri, 31 Mar 2023 13:06:32 +0200
Subject: [PATCH 107/116] Add support for php8.2

---
 scripts/web-add.sh | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index 5b076d8..ae1a152 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -435,6 +435,8 @@ create_www_account() {
             pool_path="/etc/php/8.0/fpm/pool.d/"
         elif [ "$php_version" = "81" ]; then
             pool_path="/etc/php/8.1/fpm/pool.d/"
+        elif [ "$php_version" = "82" ]; then
+            pool_path="/etc/php/8.2/fpm/pool.d/"
         else
             pool_path="/etc/php5/fpm/pool.d/"
         fi
@@ -611,6 +613,9 @@ EOT
             elif [ "$php_version" = "81" ]; then
                 initscript_path="/etc/init.d/php8.1-fpm"
                 binary="php-fpm8.1"
+            elif [ "$php_version" = "82" ]; then
+                initscript_path="/etc/init.d/php8.2-fpm"
+                binary="php-fpm8.2"
             else
                 initscript_path="/etc/init.d/php5-fpm"
                 binary="php5-fpm"
@@ -779,6 +784,9 @@ op_del() {
             elif [ "$php_version" = "81" ]; then
                 phpfpm_dir="/etc/php/8.1/fpm/pool.d/"
                 initscript_path="/etc/init.d/php8.1-fpm"
+            elif [ "$php_version" = "82" ]; then
+                phpfpm_dir="/etc/php/8.2/fpm/pool.d/"
+                initscript_path="/etc/init.d/php8.2-fpm"
             else
                 phpfpm_dir="/etc/php5/fpm/pool.d/"
                 initscript_path="/etc/init.d/php5-fpm"

From 2e8619e5e6982b26b028005700cd4c55c8601e7d Mon Sep 17 00:00:00 2001
From: William Hirigoyen 
Date: Wed, 8 Nov 2023 12:03:14 +0100
Subject: [PATCH 108/116] Add sendmail_path and open_basedir in LXC PHP pool
 configs

---
 CHANGELOG.md       | 2 ++
 scripts/web-add.sh | 3 +++
 2 files changed, 5 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3fb25fd..0a0592b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -14,6 +14,8 @@ The **patch** part changes is incremented if multiple releases happen the same m
 
 ### Changed
 
+* Add sendmail_path and open_basedir in LXC PHP pool configs
+
 ### Fixed
 
 ### Removed
diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index ae1a152..f1703e7 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -23,6 +23,7 @@ LOCAL_SCRIPT="$SCRIPTS_PATH/web-add.local.sh"
 PRE_LOCAL_SCRIPT="$SCRIPTS_PATH/web-add.pre-local.sh"
 TPL_AWSTATS="$SCRIPTS_PATH/awstats.XXX.conf"
 SSH_GROUP="evolinux-ssh"
+HOST="$(hostname -s)"
 
 # Set to nginx if you use nginx and not apache
 WEB_SERVER="apache"
@@ -456,6 +457,8 @@ pm.max_children = 10
 pm.process_idle_timeout = 10s
 
 php_admin_value[error_log] = /home/${in_login}/log/php.log
+php_admin_value[sendmail_path] = "/usr/sbin/sendmail -t -i -f www-${in_login}@${HOST}"
+php_admin_value[open_basedir] = "/usr/share/php:/home/${in_login}:/tmp"
 EOT
         step_ok "Création du pool FPM ${php_version}"
     done

From 72e39f297e5cb9c4900f94db11e23d41745497e2 Mon Sep 17 00:00:00 2001
From: William Hirigoyen 
Date: Thu, 9 Nov 2023 11:31:16 +0100
Subject: [PATCH 109/116] Prevent op_del to fail and able to remove web account
 when part of it is already removed

---
 CHANGELOG.md       |  2 ++
 scripts/web-add.sh | 20 ++++++++++----------
 2 files changed, 12 insertions(+), 10 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0a0592b..445ceb9 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,6 +12,8 @@ The **patch** part changes is incremented if multiple releases happen the same m
 
 ### Added
 
+* Prevent op_del to fail and able to remove web account when part of it is already removed
+
 ### Changed
 
 * Add sendmail_path and open_basedir in LXC PHP pool configs
diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index f1703e7..210d07f 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -766,8 +766,8 @@ op_del() {
 
     # Deactivate web vhost (apache or nginx)
     if [ "$WEB_SERVER" == "apache" ]; then
-        a2dissite "${login}.conf"
-        rm /etc/apache2/sites-available/"$login.conf"
+        a2dissite "${login}.conf" || true
+        rm -f /etc/apache2/sites-available/"$login.conf"
 
         apache2ctl configtest
 
@@ -794,33 +794,33 @@ op_del() {
                 phpfpm_dir="/etc/php5/fpm/pool.d/"
                 initscript_path="/etc/init.d/php5-fpm"
             fi
-            rm /var/lib/lxc/php"${php_version}"/rootfs/${phpfpm_dir}/"${login}".conf
+            rm -f /var/lib/lxc/php"${php_version}"/rootfs/${phpfpm_dir}/"${login}".conf
             lxc-attach -n php"${php_version}" -- $initscript_path restart >/dev/null
         done
 
     elif [ "$WEB_SERVER" == "nginx" ]; then
-        rm /etc/nginx/sites-{available,enabled}/"$login"
-        rm /etc/munin/plugins/phpfpm_"${in_login}"*
+        rm -f /etc/nginx/sites-{available,enabled}/"$login"
+        rm -f /etc/munin/plugins/phpfpm_"${in_login}"*
         nginx -t
     fi
 
-    rm /etc/awstats/awstats."$login.conf"
+    rm -f /etc/awstats/awstats."$login.conf"
     sed -i.bak "/-config=$login /d" /etc/cron.d/awstats
 
     if [ "$WEB_SERVER" == "apache" ]; then
         if id www-"$login" &> /dev/null; then
-            userdel -f www-"$login"
+            userdel -f www-"$login" || true
         fi
 
         for php_version in "${PHP_VERSIONS[@]}"; do
             if lxc-attach -n php"${php_version}" -- id www-"$login" &> /dev/null; then
-                lxc-attach -n php"${php_version}" -- userdel -f www-"$login"
+                lxc-attach -n php"${php_version}" -- userdel -f www-"$login" || true
             fi
-            lxc-attach -n php"${php_version}" -- userdel -f "$login"
+            lxc-attach -n php"${php_version}" -- userdel -f "$login" || true
         done
     fi
 
-    userdel -f "$login"
+    userdel -f "$login" || true
 
     sed -i.bak "/^$login:/d" /etc/aliases
     if [ "$WEB_SERVER" == "apache" ]; then

From 7d8704cd257b32ca4fb1306ec139d53e16742678 Mon Sep 17 00:00:00 2001
From: William Hirigoyen 
Date: Thu, 9 Nov 2023 12:01:14 +0100
Subject: [PATCH 110/116] Fix sendmail_path hostname (missing domain / FQDN)

---
 CHANGELOG.md       | 2 ++
 scripts/web-add.sh | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 445ceb9..5265f29 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -20,6 +20,8 @@ The **patch** part changes is incremented if multiple releases happen the same m
 
 ### Fixed
 
+* Fix sendmail_path hostname (missing domain / FQDN)
+
 ### Removed
 
 ### Security
diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index 210d07f..2230071 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -23,7 +23,7 @@ LOCAL_SCRIPT="$SCRIPTS_PATH/web-add.local.sh"
 PRE_LOCAL_SCRIPT="$SCRIPTS_PATH/web-add.pre-local.sh"
 TPL_AWSTATS="$SCRIPTS_PATH/awstats.XXX.conf"
 SSH_GROUP="evolinux-ssh"
-HOST="$(hostname -s)"
+HOST="$(hostname -f)"
 
 # Set to nginx if you use nginx and not apache
 WEB_SERVER="apache"

From 2fd65724f7f316c79b9d376af5ebcb06956963e9 Mon Sep 17 00:00:00 2001
From: William Hirigoyen 
Date: Thu, 9 Nov 2023 17:08:39 +0100
Subject: [PATCH 111/116] Fix missing ITK admin link for multi PHP

---
 CHANGELOG.md         | 2 ++
 tpl/webadmin.tpl.php | 5 +++--
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5265f29..7eb54c9 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,4 +1,5 @@
 # Changelog
+
 All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).
@@ -21,6 +22,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
 ### Fixed
 
 * Fix sendmail_path hostname (missing domain / FQDN)
+* Fix missing ITK admin link for multi PHP
 
 ### Removed
 
diff --git a/tpl/webadmin.tpl.php b/tpl/webadmin.tpl.php
index 98b02c8..9861b6c 100755
--- a/tpl/webadmin.tpl.php
+++ b/tpl/webadmin.tpl.php
@@ -108,8 +108,9 @@
                 printf('Servername - ', $vhost_info['owner']);
                 if(is_multiphp()) {
                     printf('PHP - ', $vhost_info['owner']);
-                } else {
-                    printf('ITK - ', $vhost_info['owner']);
+                }
+
+                printf('ITK - ', $vhost_info['owner']);
                 }
                 printf('Let\'s Encrypt - ', $vhost_info['owner']);
                 printf('Supprimer', $vhost_info['owner']);

From c385c102c5fc7de0fe0799b4744803e929ac13fe Mon Sep 17 00:00:00 2001
From: William Hirigoyen 
Date: Thu, 9 Nov 2023 17:21:33 +0100
Subject: [PATCH 112/116] Remove extra }

---
 tpl/webadmin.tpl.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tpl/webadmin.tpl.php b/tpl/webadmin.tpl.php
index 9861b6c..2ca4563 100755
--- a/tpl/webadmin.tpl.php
+++ b/tpl/webadmin.tpl.php
@@ -111,7 +111,7 @@
                 }
 
                 printf('ITK - ', $vhost_info['owner']);
-                }
+
                 printf('Let\'s Encrypt - ', $vhost_info['owner']);
                 printf('Supprimer', $vhost_info['owner']);
               } else {

From 964f710897c51a5294427c1cfd1699a594581043 Mon Sep 17 00:00:00 2001
From: William Hirigoyen 
Date: Fri, 10 Nov 2023 10:49:16 +0100
Subject: [PATCH 113/116] Revert "Remove extra }"

This reverts commit c385c102c5fc7de0fe0799b4744803e929ac13fe.
---
 tpl/webadmin.tpl.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tpl/webadmin.tpl.php b/tpl/webadmin.tpl.php
index 2ca4563..9861b6c 100755
--- a/tpl/webadmin.tpl.php
+++ b/tpl/webadmin.tpl.php
@@ -111,7 +111,7 @@
                 }
 
                 printf('ITK - ', $vhost_info['owner']);
-
+                }
                 printf('Let\'s Encrypt - ', $vhost_info['owner']);
                 printf('Supprimer', $vhost_info['owner']);
               } else {

From f5fe462248d8debbb11bf00ab4b1d357c67c75ca Mon Sep 17 00:00:00 2001
From: William Hirigoyen 
Date: Fri, 10 Nov 2023 10:49:29 +0100
Subject: [PATCH 114/116] Revert "Fix missing ITK admin link for multi PHP"

This reverts commit 2fd65724f7f316c79b9d376af5ebcb06956963e9.
---
 CHANGELOG.md         | 2 --
 tpl/webadmin.tpl.php | 5 ++---
 2 files changed, 2 insertions(+), 5 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7eb54c9..5265f29 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,4 @@
 # Changelog
-
 All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).
@@ -22,7 +21,6 @@ The **patch** part changes is incremented if multiple releases happen the same m
 ### Fixed
 
 * Fix sendmail_path hostname (missing domain / FQDN)
-* Fix missing ITK admin link for multi PHP
 
 ### Removed
 
diff --git a/tpl/webadmin.tpl.php b/tpl/webadmin.tpl.php
index 9861b6c..98b02c8 100755
--- a/tpl/webadmin.tpl.php
+++ b/tpl/webadmin.tpl.php
@@ -108,9 +108,8 @@
                 printf('Servername - ', $vhost_info['owner']);
                 if(is_multiphp()) {
                     printf('PHP - ', $vhost_info['owner']);
-                }
-
-                printf('ITK - ', $vhost_info['owner']);
+                } else {
+                    printf('ITK - ', $vhost_info['owner']);
                 }
                 printf('Let\'s Encrypt - ', $vhost_info['owner']);
                 printf('Supprimer', $vhost_info['owner']);

From 8e15676d0519613a84474dd0e6fba110015a60ec Mon Sep 17 00:00:00 2001
From: William Hirigoyen 
Date: Fri, 10 Nov 2023 11:11:52 +0100
Subject: [PATCH 115/116] Improve op_del improvement

---
 scripts/web-add.sh | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index 2230071..224b2b1 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -766,7 +766,9 @@ op_del() {
 
     # Deactivate web vhost (apache or nginx)
     if [ "$WEB_SERVER" == "apache" ]; then
-        a2dissite "${login}.conf" || true
+        if a2query -s test12 >/dev/null 2&>1; then
+            a2dissite "${login}.conf"
+        fi
         rm -f /etc/apache2/sites-available/"$login.conf"
 
         apache2ctl configtest
@@ -809,18 +811,22 @@ op_del() {
 
     if [ "$WEB_SERVER" == "apache" ]; then
         if id www-"$login" &> /dev/null; then
-            userdel -f www-"$login" || true
+            userdel -f www-"$login"
         fi
 
         for php_version in "${PHP_VERSIONS[@]}"; do
-            if lxc-attach -n php"${php_version}" -- id www-"$login" &> /dev/null; then
-                lxc-attach -n php"${php_version}" -- userdel -f www-"$login" || true
+            if lxc-attach -n php"${php_version}" -- getent passwd www-"$login" &> /dev/null; then
+                lxc-attach -n php"${php_version}" -- userdel -f www-"$login"
+            fi
+            if lxc-attach -n php"${php_version}" -- getent passwd "$login" &> /dev/null; then
+                lxc-attach -n php"${php_version}" -- userdel -f "$login"
             fi
-            lxc-attach -n php"${php_version}" -- userdel -f "$login" || true
         done
     fi
 
-    userdel -f "$login" || true
+    if getent passwd "$login" &> /dev/null; then
+        userdel -f "$login"
+    fi
 
     sed -i.bak "/^$login:/d" /etc/aliases
     if [ "$WEB_SERVER" == "apache" ]; then

From 0dfb19faea4ed59741f8fbdba3be305ef1592647 Mon Sep 17 00:00:00 2001
From: William Hirigoyen 
Date: Mon, 13 Nov 2023 14:29:55 +0100
Subject: [PATCH 116/116] Remove undue commit

---
 CHANGELOG.md | 2 --
 1 file changed, 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5265f29..445ceb9 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -20,8 +20,6 @@ The **patch** part changes is incremented if multiple releases happen the same m
 
 ### Fixed
 
-* Fix sendmail_path hostname (missing domain / FQDN)
-
 ### Removed
 
 ### Security