func FtpEditUser(ctx *macaron.Context) string {
hcuser, auth := util.Auth(ctx, "ftpusers")
if !auth {
return "not_authorized"
}
username := util.Query(ctx, "username")
password := util.Query(ctx, "password")
db, _ := util.MySQL()
defer db.Close()
// check if user owns domain
dstmt, _ := db.Prepare("SELECT * FROM `hostcontrol_ftpusers` WHERE `ftpusername`=? and `system_username`=?")
row1, _ := dstmt.Query(username, hcuser.System_username)
defer dstmt.Close()
if !row1.Next() {
return "user_not_found"
}
// set the password
util.Bash("echo " + util.SHSanitize(password) + " | passwd " + util.SHSanitize(username) + " --stdin")
return "success"
}
func MailAddUser(ctx *macaron.Context) string {
hcuser, auth := util.Auth(ctx, "mail")
if !auth {
return "not_authorized"
}
domain := util.Query(ctx, "domain")
if domain == "" {
return "domain_required"
}
username := util.Query(ctx, "username")
if username == "" {
return "username_required"
}
password := util.Query(ctx, "password")
if password == "" {
return "password_required"
}
email_address := username + "@" + domain
db, _ := util.MySQL()
defer db.Close()
// check if user owns domain
dstmt, _ := db.Prepare("SELECT * FROM `hostcontrol`.`mail_domains` WHERE `domain`=? and `system_username`=?")
row1, _ := dstmt.Query(domain, hcuser.System_username)
defer dstmt.Close()
if !row1.Next() {
return "domain_not_found"
}
// make sure email address does not already exist
estmt, _ := db.Prepare("SELECT * FROM `hostcontrol`.`mail_users` WHERE email=? and domain=?")
row2, _ := estmt.Query(email_address, domain)
defer estmt.Close()
if row2.Next() {
return "email_account_exists"
}
xstmt, _ := db.Prepare("INSERT INTO `hostcontrol`.`mail_users` set `email`=?, `password`=ENCRYPT(?), `domain`=?")
_, err := xstmt.Exec(email_address, password, domain)
xstmt.Close()
if err != nil {
return "failed_to_create_domain"
}
return "success"
}
func file_editor(ctx *macaron.Context) string {
hcuser, auth := util.Auth(ctx, "any")
if !auth {
ctx.Redirect("/", 302)
return ""
}
suser, err := user.Lookup(hcuser.System_username)
if err != nil {
return die(ctx, string(err.Error()))
}
selected_object := path.Clean(util.Query(ctx, "path"))
full_object := path.Clean(suser.HomeDir + "/" + selected_object)
// check ownership...
uid, _ := strconv.Atoi(suser.Uid)
gid, _ := strconv.Atoi(suser.Gid)
if !util.ChkPerms(full_object, uid, gid) {
return die(ctx, "You do not have access to object "+full_object)
}
filecontents := util.Query(ctx, "filecontents")
if filecontents != "" {
filecontents = strings.Replace(filecontents, "\r\n", "\n", -1)
ioutil.WriteFile(full_object, []byte(filecontents), 0644)
}
rawcontents, err := ioutil.ReadFile(full_object)
if err != nil {
return die(ctx, string(err.Error()))
}
content := html.EscapeString(string(rawcontents))
var tpl vision.New
tpl.TemplateFile("template/file-editor.tpl")
tpl.Assign("path_up", path.Dir(selected_object))
tpl.Assign("selected_path", selected_object)
tpl.Assign("current_path", full_object)
tpl.Assign("filedata", content)
tpl.Parse("file-editor")
return header(ctx) + tpl.Out() + footer(ctx)
}
func MailDeleteDomain(ctx *macaron.Context) string {
hcuser, auth := util.Auth(ctx, "mail")
if !auth {
return "not_authorized"
}
domain := util.Query(ctx, "domain")
if domain == "" {
return "domain_required"
}
db, _ := util.MySQL()
defer db.Close()
xstmt, _ := db.Prepare("DELETE FROM `hostcontrol`.`mail_domains` WHERE `domain`=? AND `system_username`=?")
_, err := xstmt.Exec(domain, hcuser.System_username)
xstmt.Close()
if err != nil {
return "failed_to_delete_domain"
}
os.RemoveAll("/home/vmail/" + domain)
return "success"
}
func MailAddDomain(ctx *macaron.Context) string {
hcuser, auth := util.Auth(ctx, "mail")
if !auth {
return "not_authorized"
}
domain := util.Query(ctx, "domain")
if domain == "" {
return "domain_required"
}
db, _ := util.MySQL()
defer db.Close()
xstmt, _ := db.Prepare("INSERT INTO `hostcontrol`.`mail_domains` set `domain_id`=NULL, `domain`=?, `system_username`=?")
_, err := xstmt.Exec(domain, hcuser.System_username)
xstmt.Close()
if err != nil {
return "failed_to_create_domain"
}
return "success"
}
func addtoken(ctx *macaron.Context) string {
hcuser, auth := util.Auth(ctx, "any")
if !auth {
ctx.Redirect("/", 302)
return ""
}
description := util.Query(ctx, "description")
token := util.MkToken()
db, _ := util.MySQL()
defer db.Close()
xstmt, _ := db.Prepare("INSERT INTO `hostcontrol`.`hostcontrol_user_tokens` set `token`=?, `hostcontrol_id`=?, `description`=?, token_id=null")
_, err := xstmt.Exec(token, hcuser.Hostcontrol_id, description)
xstmt.Close()
if err != nil {
set_error("Failed to create new token.", ctx)
ctx.Redirect("/settings", 302)
return "Failed to create new token."
}
set_error("Created new token.", ctx)
ctx.Redirect("/settings", 302)
return ""
}
func DnsDeleteDomain(ctx *macaron.Context) string {
hcuser, auth := util.Auth(ctx, "dns")
if !auth {
return "not_authorized"
}
domain := util.Query(ctx, "domain")
if domain == "" {
return "domain_required"
}
db, _ := util.MySQL()
defer db.Close()
xstmt, _ := db.Prepare("DELETE FROM `hostcontrol`.`domains` where `name`=? and `account`=?")
_, err := xstmt.Exec(domain, hcuser.System_username)
xstmt.Close()
if err != nil {
return "failed_to_delete_domain"
}
return "success"
}
func SqlDatabasesAdd(ctx *macaron.Context) string {
hcuser, auth := util.Auth(ctx, "databases")
if !auth {
return "not_authorized"
}
db_name := util.Query(ctx, "db_name")
if db_name == "" {
return "db_name_required"
}
db, _ := util.MySQL()
defer db.Close()
// stmt, _ := db.Prepare("CREATE USER ?@'%' IDENTIFIED BY ?;")
// _, err := stmt.Exec(hcuser.System_username + "_" + username, password)
db_name = util.LastResortSanitize(db_name)
db_name = string(hcuser.System_username + "_" + db_name)
stmt, err := db.Prepare("create database " + db_name + "")
if err != nil {
return "bad_characters_used "
}
_, err = stmt.Exec()
if err != nil {
return "failed_to_create_database"
}
stmt.Close()
return "success"
}
func databasegrantdelete(ctx *macaron.Context) string {
status := API("/api/sql/grants/delete", ctx)
db_user := util.Query(ctx, "db_user")
db_name := util.Query(ctx, "db_name")
if status == "success" {
set_error("Removed "+db_user+" from database "+db_name+"!", ctx)
ctx.Redirect("/databases", 302)
return "Removed " + db_user + " from database " + db_name + "!"
}
set_error("Failed to remove "+db_user+" from database "+db_name+"! Error given: "+status, ctx)
ctx.Redirect("/databases", 302)
return "Failed to remove " + db_user + " from database " + db_name + "! Error given: " + status
}
func databasegrantadd(ctx *macaron.Context) string {
status := API("/api/sql/grants/add", ctx)
db_user := util.Query(ctx, "db_user")
db_name := util.Query(ctx, "db_name")
if status == "success" {
set_error("Added "+db_user+" to database "+db_name+" successfully!", ctx)
ctx.Redirect("/databases", 302)
return "Added " + db_user + " to database " + db_name + " successfully!"
}
set_error("Failed to add "+db_user+" to database "+db_name+"! Error given: "+status, ctx)
ctx.Redirect("/databases", 302)
return "Failed to add " + db_user + " to database " + db_name + "! Error given: " + status
}
func mailadduser(ctx *macaron.Context) string {
status := API("/api/mail/users/add", ctx)
username := util.Query(ctx, "username")
domain := util.Query(ctx, "domain")
if status == "success" {
set_error("Added "+username+"@"+domain+" successfully!", ctx)
ctx.Redirect("/mail", 302)
return "did it!"
}
set_error("Failed to add user. Error given: "+status, ctx)
ctx.Redirect("/mail", 302)
return "Failed to add user. Error given: " + status
}
func MailEditUser(ctx *macaron.Context) string {
hcuser, auth := util.Auth(ctx, "mail")
if !auth {
return "not_authorized"
}
email_address := util.Query(ctx, "email")
if email_address == "" {
return "email_required"
}
password := util.Query(ctx, "password")
if email_address == "" {
return "password_required"
}
strsplt := strings.Split(email_address, "@")
if len(strsplt) != 2 {
return "invalid_email"
}
//username := strsplt[0]
domain := strsplt[1]
db, _ := util.MySQL()
defer db.Close()
// check if user owns domain
dstmt, _ := db.Prepare("SELECT * FROM `hostcontrol`.`mail_domains` WHERE `domain`=? and `system_username`=?")
row1, _ := dstmt.Query(domain, hcuser.System_username)
defer dstmt.Close()
if !row1.Next() {
return "domain_not_found"
}
// update serial for domain
ustmt, _ := db.Prepare("UPDATE `hostcontrol`.`mail_users` SET `password`=ENCRYPT(?) WHERE `email`=?")
ustmt.Exec(password, email_address)
ustmt.Close()
return "success"
}
func SqlGrantsDelete(ctx *macaron.Context) string {
hcuser, auth := util.Auth(ctx, "databases")
if !auth {
return "not_authorized"
}
db_name := util.Query(ctx, "db_name")
if db_name == "" {
return "db_name_required"
}
username := util.Query(ctx, "db_user")
if username == "" {
return "username_required"
}
dbowner := strings.Split(db_name, "_")[0]
userowner := strings.Split(username, "_")[0]
if dbowner != hcuser.System_username || userowner != hcuser.System_username {
return "failed_not_yours"
}
db, _ := util.MySQL()
defer db.Close()
db_name = util.LastResortSanitize(db_name)
username = util.LastResortSanitize(username)
_, err := db.Exec("REVOKE ALL ON " + db_name + ".* FROM '" + username + "'@'%';")
if err != nil {
return "failed_to_delete_grant"
}
return "success"
}
func DeleteWebsite(ctx *macaron.Context) string {
hcuser, auth := util.Auth(ctx, "websites")
if !auth {
return "not_authorized"
}
db, err := util.MySQL()
if err != nil {
return string(err.Error())
}
defer db.Close()
vhost_id := util.Query(ctx, "vhost_id")
stmt, _ := db.Prepare("SELECT * from website_vhosts WHERE vhost_id = ? and system_username=?")
rows, _ := stmt.Query(vhost_id, hcuser.System_username)
stmt.Close()
if rows.Next() {
var vhost_id string
var system_username string
var domain string
var documentroot string
var ipaddr string
var ssl_enabled string
var ssl_certificate string
var ssl_key string
var ssl_ca_certificate string
rows.Scan(&vhost_id, &system_username, &domain, &documentroot, &ipaddr, &ssl_enabled, &ssl_certificate, &ssl_key, &ssl_ca_certificate)
os.RemoveAll("/var/log/httpd/" + hcuser.System_username + "/" + domain + "-error_log")
os.RemoveAll("/var/log/httpd/" + hcuser.System_username + "/" + domain + "-access_log")
os.RemoveAll("/var/log/httpd/" + hcuser.System_username + "/" + domain + "-ssl-error_log")
os.RemoveAll("/var/log/httpd/" + hcuser.System_username + "/" + domain + "-ssl-access_log")
os.RemoveAll("/etc/pki/tls/certs/" + domain + ".crt")
os.RemoveAll("/etc/pki/tls/certs/" + domain + ".ca.crt")
os.RemoveAll("/etc/pki/tls/private/" + domain + ".key")
os.RemoveAll("/etc/httpd/vhosts.d/" + domain + ".conf")
os.RemoveAll("/etc/httpd/vhosts.d/" + domain + ".ssl.conf")
stmt, _ = db.Prepare("delete from website_vhosts where vhost_id=?")
stmt.Exec(vhost_id)
stmt.Close()
} else {
return "domain_not_found"
}
util.Bash("systemctl reload httpd")
return "success"
}
func Deleteuser(ctx *macaron.Context) string {
hcuser, auth := util.Auth(ctx, "sysusers")
if !auth {
return "not_authorized"
}
username := util.Query(ctx, "username")
if username == "" || username == "root" {
return "username_required"
}
db, _ := util.MySQL()
defer db.Close()
// check if user actually owns child
if !util.ChkPaternity(hcuser.System_username, username) {
return "failed_ownership_check"
}
users := make(map[string]map[string]string)
users = util.Getusers(username, users, db)
for _, subuser := range users {
cleanupuserdata(subuser["system_username"], ctx)
// delete the user and homedir
util.Cmd("userdel", []string{subuser["system_username"], "-f", "-r"})
// remove the user
stmt, _ := db.Prepare("delete from hostcontrol_users where system_username=?")
stmt.Exec(subuser["system_username"])
stmt.Close()
}
cleanupuserdata(username, ctx)
// delete the user and homedir
util.Cmd("userdel", []string{username, "-f", "-r"})
// make sure user was delete
_, lookup_err2 := user.Lookup(username)
if lookup_err2 == nil {
return "failed_to_delete_user"
}
// remove the user
stmt, _ := db.Prepare("delete from hostcontrol_users where system_username=?")
stmt.Exec(username)
stmt.Close()
return "success"
}
func updatesettings(ctx *macaron.Context) string {
hcuser, auth := util.Auth(ctx, "any")
if !auth {
ctx.Redirect("/", 302)
return ""
}
password := util.Query(ctx, "password")
new_password := util.Query(ctx, "new_password")
new_password_verify := util.Query(ctx, "new_password_verify")
if password == "" || new_password == "" || new_password_verify == "" {
set_error("Failed to update settings. Error given: missing a password field", ctx)
ctx.Redirect("/settings", 302)
return ""
}
if new_password != new_password_verify {
set_error("Failed to update settings. Error given: new passwords don't match", ctx)
ctx.Redirect("/settings", 302)
return ""
}
if !chklogin(hcuser.System_username, password) {
set_error("Failed to update settings. Error given: current password incorrect", ctx)
ctx.Redirect("/settings", 302)
return ""
}
chpassword(hcuser.System_username, new_password)
set_error("Settings updated successfully.", ctx)
ctx.Redirect("/settings", 302)
return ""
}
func SqlUsersEdit(ctx *macaron.Context) string {
hcuser, auth := util.Auth(ctx, "databases")
if !auth {
return "not_authorized"
}
username := util.Query(ctx, "db_user")
password := util.Query(ctx, "password")
owner := strings.Split(username, "_")[0]
if username == "" {
return "db_user_required"
}
if password == "" {
return "password_required"
}
if owner != hcuser.System_username {
return "failed_not_yours"
}
db, _ := util.MySQL()
defer db.Close()
db_user := util.LastResortSanitize(username)
password = util.LastResortSanitize(password)
_, err := db.Exec("SET PASSWORD FOR '" + db_user + "' = PASSWORD('" + password + "');")
if err != nil {
return "bad_characters_used "
}
return "success"
}
func maildeletedomain(ctx *macaron.Context) string {
status := API("/api/mail/domain/delete", ctx)
domainname := util.Query(ctx, "domain")
if status == "success" {
set_error("Deleted "+domainname+" successfully!", ctx)
ctx.Redirect("/mail", 302)
return "did it!"
}
set_error("Failed to delete domain. Error given: "+status, ctx)
ctx.Redirect("/mail", 302)
return "Failed to delete domain. Error given: " + status
}
func mailedituser(ctx *macaron.Context) string {
status := API("/api/mail/users/edit", ctx)
email := util.Query(ctx, "email")
if status == "success" {
set_error("Updated "+email+" successfully!", ctx)
ctx.Redirect("/mail", 302)
return "did it!"
}
set_error("Failed to update "+email+". Error given: "+status, ctx)
ctx.Redirect("/mail", 302)
return "Failed to update user. Error given: " + status
}
func databaseusersedit(ctx *macaron.Context) string {
status := API("/api/sql/users/edit", ctx)
db_user := util.Query(ctx, "db_user")
if status == "success" {
set_error("Modified "+db_user+" successfully!", ctx)
ctx.Redirect("/databases", 302)
return "Modified " + db_user + " successfully!"
}
set_error("Failed to update "+db_user+"! Error given: "+status, ctx)
ctx.Redirect("/databases", 302)
return "Failed to update " + db_user + "! Error given: " + status
}
func adddomain(ctx *macaron.Context) string {
status := API("/api/dns/domain/add", ctx)
domainname := util.Query(ctx, "domain")
if status == "success" {
set_error("Added "+domainname+" successfully!", ctx)
ctx.Redirect("/dns", 302)
return "did it!"
}
set_error("Failed to add domain. Error given: "+status, ctx)
ctx.Redirect("/websites", 302)
return "Failed to add domain. Error given: " + status
}
func sslupdate(ctx *macaron.Context) string {
status := API("/api/web/domain/sslmanage", ctx)
vhost_id := util.Query(ctx, "vhost_id")
if status == "success" {
set_error("Updated SSL settings successfully!", ctx)
ctx.Redirect("/websites/sslmanager?vhost_id="+vhost_id, 302)
return "did it!"
}
set_error("Failed to add domain. Error given: "+status, ctx)
ctx.Redirect("/websites/sslmanager?vhost_id="+vhost_id, 302)
return "Failed to update SSL for domain. Error given: " + status
}
func databasedelete(ctx *macaron.Context) string {
status := API("/api/sql/databases/delete", ctx)
db_name := util.Query(ctx, "db_name")
if status == "success" {
set_error("Deleted "+db_name+" successfully!", ctx)
ctx.Redirect("/databases", 302)
return "Deleted " + db_name + " successfully!"
}
set_error("Failed to delete "+db_name+"! Error given: "+status, ctx)
ctx.Redirect("/databases", 302)
return "Failed to delete " + db_name + "! Error given: " + status
}
func ftpuserdelete(ctx *macaron.Context) string {
status := API("/api/ftpusers/delete", ctx)
username := util.Query(ctx, "ftpuser")
if status == "success" {
set_error("Deleted "+username+" successfully!", ctx)
ctx.Redirect("/ftpusers", 302)
return "did it!"
}
set_error("Failed to delete user. Error given: "+status, ctx)
ctx.Redirect("/ftpusers", 302)
return "Failed to add user. Error given: " + status
}
func sslmanager(ctx *macaron.Context) string {
_, auth := util.Auth(ctx, "websites")
if !auth {
ctx.Redirect("/", 302)
return ""
}
vhost_id := util.Query(ctx, "vhost_id")
var tpl vision.New
tpl.TemplateFile("template/websites.sslmanager.tpl")
websites := API("/api/web/domain/list", ctx)
domains := make(map[string]map[string]string)
json.Unmarshal([]byte(websites), &domains)
found := false
for _, domain := range domains {
if domain["vhost_id"] == vhost_id {
tpl.Assign("vhost_id", domain["vhost_id"])
tpl.Assign("system_username", domain["system_username"])
tpl.Assign("domain", domain["domain"])
tpl.Assign("documentroot", domain["documentroot"])
tpl.Assign("ipaddr", domain["ipaddr"])
tpl.Assign("ssl_certificate", domain["ssl_certificate"])
tpl.Assign("ssl_key", domain["ssl_key"])
tpl.Assign("ssl_ca_certificate", domain["ssl_ca_certificate"])
if domain["ssl_enabled"] == "Y" {
tpl.Assign("ssl_enabled", "checked")
} else {
tpl.Assign("ssl_enabled", "")
}
found = true
}
}
if !found {
set_error("Failed to find requested domain.", ctx)
ctx.Redirect("/websites", 302)
return ""
}
tpl.Parse("sslmanager")
return header(ctx) + tpl.Out() + footer(ctx)
}
// This will return RHEL7 for the server API test. Note that all functions need to be prefixed with DISTRO TAG.
func SqlGrantsList(ctx *macaron.Context) string {
hcuser, auth := util.Auth(ctx, "databases")
if !auth {
return "not_authorized"
}
db_name := util.Query(ctx, "db_name")
if db_name == "" {
return "db_name_required"
}
owner := strings.Split(db_name, "_")[0]
if owner != hcuser.System_username {
return "failed_not_yours"
}
db, _ := util.MySQL()
defer db.Close()
stmt, _ := db.Prepare("select user from mysql.db where db=?")
rows, err := stmt.Query(db_name)
if err != nil {
return "bad_characters_used "
}
stmt.Close()
var data []string
for rows.Next() {
var db_user string
rows.Scan(&db_user)
data = append(data, db_user)
}
output, err := json.Marshal(data)
if err != nil {
return "json_out_failed: " + string(err.Error())
}
return string(output)
}
func deletetoken(ctx *macaron.Context) string {
hcuser, auth := util.Auth(ctx, "any")
if !auth {
ctx.Redirect("/", 302)
return ""
}
token := util.Query(ctx, "token")
db, _ := util.MySQL()
defer db.Close()
ustmt, _ := db.Prepare("DELETE FROM `hostcontrol`.`hostcontrol_user_tokens` WHERE `token`=? and hostcontrol_id=?")
ustmt.Exec(token, hcuser.Hostcontrol_id)
ustmt.Close()
set_error("Token deleted.", ctx)
ctx.Redirect("/settings", 302)
return ""
}
func sudo(ctx *macaron.Context) string {
hcuser, auth := util.Auth(ctx, "sysusers")
if !auth {
ctx.Redirect("/", 302)
return ""
}
username := util.Query(ctx, "username")
if !util.ChkPaternity(hcuser.System_username, username) {
set_error("Failed to sudo to "+username+"!", ctx)
ctx.Redirect("/users", 302)
return "failed!"
}
ctx.SetCookie("sudo", username, 864000)
set_error("You are now logged in as "+username+"! Clicking logout will switch back to "+hcuser.System_username+".", ctx)
ctx.Redirect("/dashboard", 302)
return "success"
}
func MailUserDelete(ctx *macaron.Context) string {
hcuser, auth := util.Auth(ctx, "mail")
if !auth {
return "not_authorized"
}
email_address := util.Query(ctx, "email")
if email_address == "" {
return "email_required"
}
strsplt := strings.Split(email_address, "@")
if len(strsplt) != 2 {
return "invalid_email"
}
username := strsplt[0]
domain := strsplt[1]
db, _ := util.MySQL()
defer db.Close()
// check if user owns domain
dstmt, _ := db.Prepare("SELECT * FROM `hostcontrol`.`mail_domains` WHERE `domain`=? and `system_username`=?")
row1, _ := dstmt.Query(domain, hcuser.System_username)
defer dstmt.Close()
if !row1.Next() {
return "domain_not_found"
}
os.RemoveAll("/home/vmail/" + domain + "/" + username)
// update serial for domain
ustmt, _ := db.Prepare("DELETE FROM `hostcontrol`.`mail_users` WHERE `email`=?")
ustmt.Exec(email_address)
ustmt.Close()
return "success"
}
func DnsAddDomain(ctx *macaron.Context) string {
hcuser, auth := util.Auth(ctx, "dns")
if !auth {
return "not_authorized"
}
timestamp := strconv.FormatInt(time.Now().Unix(), 10)
domain := util.Query(ctx, "domain")
if domain == "" {
return "domain_required"
}
db, err := util.MySQL()
defer db.Close()
xstmt, _ := db.Prepare("INSERT INTO `hostcontrol`.`domains` set `id`=NULL, `name`=?, `master`=NULL, `last_check`=NULL, `type`='NATIVE', `notified_serial`=?, `account`=?")
res, err := xstmt.Exec(domain, timestamp, hcuser.System_username)
xstmt.Close()
if err != nil {
return "failed_to_create_domain"
}
inserted_id, err := res.LastInsertId()
if err != nil {
return "failed_to_create_domain"
}
ystmt, _ := db.Prepare("INSERT INTO `hostcontrol`.`records` set `id`=NULL, `domain_id`=?, `name`=?, `type`='SOA', `content`=?, `ttl`='86400', `prio`='0', `change_date`=?, `disabled`='0', `ordername`='0', `auth`='1'")
_, yerr := ystmt.Exec(inserted_id, domain, "localhost webmaster@localhost 1", timestamp)
ystmt.Close()
if yerr != nil {
return "failed_to_create_soa"
}
return "success"
}
