diff --git a/CyberCP/secMiddleware.py b/CyberCP/secMiddleware.py new file mode 100644 index 000000000..27de0fe89 --- /dev/null +++ b/CyberCP/secMiddleware.py @@ -0,0 +1,14 @@ +from django.conf import settings +from django.shortcuts import HttpResponse + +class secMiddleware: + + def __init__(self, get_response): + self.get_response = get_response + + def __call__(self, request): + if request.method == 'POST': + if request.body.find(';') > -1 or request.body.find('&&') > -1 or request.body.find('|') > -1 or request.body.find('...') > -1: + return HttpResponse('Bad input.') + response = self.get_response(request) + return response \ No newline at end of file diff --git a/CyberCP/settings.py b/CyberCP/settings.py index 88ef6d3fd..d0d1f47c9 100644 --- a/CyberCP/settings.py +++ b/CyberCP/settings.py @@ -70,6 +70,7 @@ MIDDLEWARE = [ 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', + 'CyberCP.secMiddleware.secMiddleware' ] ROOT_URLCONF = 'CyberCP.urls' diff --git a/backup/views.py b/backup/views.py index a6ff23531..0872c947a 100644 --- a/backup/views.py +++ b/backup/views.py @@ -26,11 +26,8 @@ from plogical.mailUtilities import mailUtilities def loadBackupHome(request): try: val = request.session['userID'] - admin = Administrator.objects.get(pk=val) - viewStatus = 1 - if admin.type == 3: viewStatus = 0 @@ -79,8 +76,8 @@ def restoreSite(request): def backupSite(request): try: val = request.session['userID'] + admin = Administrator.objects.get(pk=val) try: - admin = Administrator.objects.get(pk=request.session['userID']) if admin.type == 1: websites = Websites.objects.all() @@ -118,15 +115,21 @@ def backupSite(request): def getCurrentBackups(request): try: val = request.session['userID'] + admin = Administrator.objects.get(pk=val) try: if request.method == 'POST': data = json.loads(request.body) backupDomain = data['websiteToBeBacked'] - website = Websites.objects.get(domain=backupDomain) + if admin.type != 1: + if website.admin != admin: + dic = {'fetchStatus': 0, 'error_message': "Only administrator can view this page."} + json_data = json.dumps(dic) + return HttpResponse(json_data) + backups = website.backups_set.all() @@ -166,7 +169,6 @@ def getCurrentBackups(request): final_json = json.dumps(final_dic) return HttpResponse(final_json) - def submitBackupCreation(request): try: if request.method == 'POST': @@ -308,8 +310,6 @@ def cancelBackupCreation(request): final_json = json.dumps({'abortStatus': 1, 'error_message': "None", "status": 0}) return HttpResponse(final_json) - - except BaseException,msg: final_dic = {'abortStatus': 0, 'error_message': str(msg)} final_json = json.dumps(final_dic) @@ -324,14 +324,20 @@ def cancelBackupCreation(request): def deleteBackup(request): try: val = request.session['userID'] + admin = Administrator.objects.get(pk=val) try: if request.method == 'POST': - data = json.loads(request.body) backupID = data['backupID'] - backup = Backups.objects.get(id=backupID) + + if admin.type != 1: + if backup.website.admin != admin: + dic = {'deleteStatus': 0, 'error_message': "Only administrator can view this page."} + json_data = json.dumps(dic) + return HttpResponse(json_data) + domainName = backup.website.domain path = "/home/"+domainName+"/backup/"+backup.fileName+".tar.gz" @@ -461,9 +467,17 @@ def backupDestinations(request): def submitDestinationCreation(request): try: + val = request.session['userID'] + admin = Administrator.objects.get(pk=val) try: if request.method == 'POST': + if admin.type != 1: + dic = {'destStatus': 0, 'error_message': "Only administrator can view this page."} + json_data = json.dumps(dic) + return HttpResponse(json_data) + + destinations = backupUtil.backupUtilities.destinationsPath data = json.loads(request.body) @@ -524,9 +538,15 @@ def submitDestinationCreation(request): def getCurrentBackupDestinations(request): try: val = request.session['userID'] + admin = Administrator.objects.get(pk=val) try: if request.method == 'POST': + if admin.type != 1: + dic = {'fetchStatus': 0, 'error_message': "Only administrator can view this page."} + json_data = json.dumps(dic) + return HttpResponse(json_data) + records = dest.objects.all() json_data = "[" @@ -566,7 +586,6 @@ def getConnectionStatus(request): try: if request.method == 'POST': - data = json.loads(request.body) ipAddress = data['IPAddress'] @@ -593,9 +612,16 @@ def getConnectionStatus(request): def deleteDestination(request): try: + val = request.session['userID'] + admin = Administrator.objects.get(pk=val) try: if request.method == 'POST': + if admin.type != 1: + dic = {'delStatus': 0, 'error_message': "Only administrator can view this page."} + json_data = json.dumps(dic) + return HttpResponse(json_data) + data = json.loads(request.body) ipAddress = data['IPAddress'] @@ -680,9 +706,15 @@ def scheduleBackup(request): def getCurrentBackupSchedules(request): try: val = request.session['userID'] + admin = Administrator.objects.get(pk=val) try: if request.method == 'POST': + if admin.type != 1: + dic = {'fetchStatus': 0, 'error_message': "Only administrator can view this page."} + json_data = json.dumps(dic) + return HttpResponse(json_data) + records = backupSchedules.objects.all() json_data = "[" @@ -718,12 +750,18 @@ def getCurrentBackupSchedules(request): def submitBackupSchedule(request): try: val = request.session['userID'] + admin = Administrator.objects.get(pk=val) try: if request.method == 'POST': data = json.loads(request.body) backupDest = data['backupDest'] backupFreq = data['backupFreq'] + if admin.type != 1: + dic = {'scheduleStatus': 0, 'error_message': "Only administrator can view this page."} + json_data = json.dumps(dic) + return HttpResponse(json_data) + path = "/etc/crontab" ## check if already exists @@ -922,12 +960,20 @@ def submitBackupSchedule(request): def scheduleDelete(request): try: val = request.session['userID'] + admin = Administrator.objects.get(pk=val) try: if request.method == 'POST': + + if admin.type != 1: + dic = {'delStatus': 0, 'error_message': "Only administrator can view this page."} + json_data = json.dumps(dic) + return HttpResponse(json_data) + data = json.loads(request.body) backupDest = data['destLoc'] backupFreq = data['frequency'] + path = "/etc/crontab" @@ -1067,8 +1113,15 @@ def remoteBackups(request): def submitRemoteBackups(request): try: + userID = request.session['userID'] + admin = Administrator.objects.get(pk=userID) if request.method == 'POST': + if admin.type != 1: + dic = {'status': 0, 'error_message': "Only administrator can view this page."} + json_data = json.dumps(dic) + return HttpResponse(json_data) + data = json.loads(request.body) ipAddress = data['ipAddress'] password = data['password'] @@ -1191,10 +1244,16 @@ def submitRemoteBackups(request): def starRemoteTransfer(request): try: val = request.session['userID'] + admin = Administrator.objects.get(pk=val) try: if request.method == 'POST': data = json.loads(request.body) + if admin.type != 1: + dic = {'remoteTransferStatus': 0, 'error_message': "Only administrator can view this page."} + json_data = json.dumps(dic) + return HttpResponse(json_data) + ipAddress = data['ipAddress'] password = data['password'] accountsToTransfer = data['accountsToTransfer'] @@ -1256,7 +1315,16 @@ def starRemoteTransfer(request): def getRemoteTransferStatus(request): try: + val = request.session['userID'] + admin = Administrator.objects.get(pk=val) + if request.method == "POST": + + if admin.type != 1: + dic = {'remoteTransferStatus': 0, 'error_message': "Only administrator can view this page."} + json_data = json.dumps(dic) + return HttpResponse(json_data) + data = json.loads(request.body) ipAddress = data['ipAddress'] password = data['password'] @@ -1300,8 +1368,15 @@ def getRemoteTransferStatus(request): def remoteBackupRestore(request): try: val = request.session['userID'] + admin = Administrator.objects.get(pk=val) try: if request.method == "POST": + + if admin.type != 1: + dic = {'remoteRestoreStatus': 0, 'error_message': "Only administrator can view this page."} + json_data = json.dumps(dic) + return HttpResponse(json_data) + data = json.loads(request.body) backupDir = data['backupDir'] @@ -1337,8 +1412,16 @@ def remoteBackupRestore(request): def localRestoreStatus(request): try: + val = request.session['userID'] + admin = Administrator.objects.get(pk=val) if request.method == "POST": + if admin.type != 1: + data_ret = {'remoteTransferStatus': 0, 'error_message': "No such log found", "status": "None", + "complete": 0} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) + data = json.loads(request.body) backupDir = data['backupDir'] @@ -1383,6 +1466,13 @@ def localRestoreStatus(request): def cancelRemoteBackup(request): try: + val = request.session['userID'] + admin = Administrator.objects.get(pk=val) + + if admin.type != 1: + dic = {'cancelStatus': 0, 'error_message': "Only administrator can view this page."} + json_data = json.dumps(dic) + return HttpResponse(json_data) if request.method == "POST": diff --git a/baseTemplate/templates/baseTemplate/index.html b/baseTemplate/templates/baseTemplate/index.html index 9bcb6b2db..a7fbeedbd 100755 --- a/baseTemplate/templates/baseTemplate/index.html +++ b/baseTemplate/templates/baseTemplate/index.html @@ -302,7 +302,7 @@ diff --git a/cli/cyberPanel.py b/cli/cyberPanel.py index e77e22907..b592bd66d 100755 --- a/cli/cyberPanel.py +++ b/cli/cyberPanel.py @@ -1,10 +1,9 @@ -#!/usr/bin/env python2.7 +#!/usr/local/CyberCP/bin/python2 import os,sys sys.path.append('/usr/local/CyberCP') import django os.environ.setdefault("DJANGO_SETTINGS_MODULE", "CyberCP.settings") django.setup() -import argparse from inspect import stack from cliLogger import cliLogger as logger import json diff --git a/databases/views.py b/databases/views.py index 239d26427..84491f41d 100644 --- a/databases/views.py +++ b/databases/views.py @@ -31,7 +31,7 @@ def createDatabase(request): try: val = request.session['userID'] try: - admin = Administrator.objects.get(pk=request.session['userID']) + admin = Administrator.objects.get(pk=val) if admin.type == 1: websites = Websites.objects.all() @@ -72,10 +72,10 @@ def createDatabase(request): def submitDBCreation(request): try: val = request.session['userID'] + admin = Administrator.objects.get(pk=val) try: if request.method == 'POST': - data = json.loads(request.body) databaseWebsite = data['databaseWebsite'] dbName = data['dbName'] @@ -83,6 +83,13 @@ def submitDBCreation(request): dbPassword = data['dbPassword'] webUsername = data['webUserName'] + if admin.type != 1: + website = Websites.objects.get(domain=databaseWebsite) + if website.admin != admin: + dic = {'createDBStatus': 0, 'error_message': "Only administrator can view this page."} + json_data = json.dumps(dic) + return HttpResponse(json_data) + dbName = webUsername+"_"+dbName dbUsername = webUsername+"_"+dbUsername @@ -112,7 +119,7 @@ def deleteDatabase(request): val = request.session['userID'] try: - admin = Administrator.objects.get(pk=request.session['userID']) + admin = Administrator.objects.get(pk=val) if admin.type == 1: websites = Websites.objects.all() @@ -152,12 +159,20 @@ def deleteDatabase(request): def fetchDatabases(request): try: val = request.session['userID'] + admin = Administrator.objects.get(pk=val) try: data = json.loads(request.body) databaseWebsite = data['databaseWebsite'] + if admin.type != 1: + website = Websites.objects.get(domain=databaseWebsite) + if website.admin != admin: + dic = {'fetchStatus': 0, 'error_message': "Only administrator can view this page."} + json_data = json.dumps(dic) + return HttpResponse(json_data) + website = Websites.objects.get(domain=databaseWebsite) @@ -196,6 +211,7 @@ def fetchDatabases(request): def submitDatabaseDeletion(request): try: val = request.session['userID'] + admin = Administrator.objects.get(pk=val) try: if request.method == 'POST': @@ -203,6 +219,12 @@ def submitDatabaseDeletion(request): data = json.loads(request.body) dbName = data['dbName'] + if admin.type != 1: + db = Databases.objects.get(dbName=dbName) + if db.website.admin != admin: + dic = {'deleteStatus': 0, 'error_message': "Only administrator can view this page."} + json_data = json.dumps(dic) + return HttpResponse(json_data) result = mysqlUtilities.submitDBDeletion(dbName) @@ -230,7 +252,7 @@ def listDBs(request): try: val = request.session['userID'] try: - admin = Administrator.objects.get(pk=request.session['userID']) + admin = Administrator.objects.get(pk=val) if admin.type == 1: websites = Websites.objects.all() @@ -270,15 +292,21 @@ def listDBs(request): def changePassword(request): try: val = request.session['userID'] + admin = Administrator.objects.get(pk=val) try: if request.method == 'POST': - - data = json.loads(request.body) userName = data['dbUserName'] dbPassword = data['dbPassword'] + if admin.type != 1: + db = Databases.objects.get(dbName=userName) + if db.website.admin != admin: + dic = {'changePasswordStatus': 0, 'error_message': "Only administrator can view this page."} + json_data = json.dumps(dic) + return HttpResponse(json_data) + passFile = "/etc/cyberpanel/mysqlPassword" f = open(passFile) diff --git a/dns/views.py b/dns/views.py index 571f6f4d2..82cfa6d46 100644 --- a/dns/views.py +++ b/dns/views.py @@ -10,13 +10,13 @@ import os from loginSystem.views import loadLoginPage from models import Domains,Records from re import match,I,M +from websiteFunctions.models import Websites # Create your views here. def loadDNSHome(request): try: userID = request.session['userID'] - admin = Administrator.objects.get(pk=userID) return render(request,'dns/index.html',{"type":admin.type}) @@ -26,7 +26,6 @@ def loadDNSHome(request): def createNameserver(request): try: userID = request.session['userID'] - admin = Administrator.objects.get(pk=userID) if admin.type == 3: @@ -43,6 +42,12 @@ def NSCreation(request): if request.method == 'POST': admin = Administrator.objects.get(pk=val) + if admin.type != 1: + dic = {'NSCreation': 0, 'error_message': "Only administrator can view this page."} + json_data = json.dumps(dic) + return HttpResponse(json_data) + + data = json.loads(request.body) domainForNS = data['domainForNS'] ns1 = data['ns1'] @@ -196,9 +201,7 @@ def NSCreation(request): def createDNSZone(request): try: userID = request.session['userID'] - admin = Administrator.objects.get(pk=userID) - return render(request,'dns/createDNSZone.html') except KeyError: return redirect(loadLoginPage) @@ -281,14 +284,22 @@ def addDeleteDNSRecords(request): def getCurrentRecordsForDomain(request): try: val = request.session['userID'] + admin = Administrator.objects.get(pk=val) try: if request.method == 'POST': - data = json.loads(request.body) zoneDomain = data['selectedZone'] currentSelection = data['currentSelection'] + if admin.type != 1: + website = Websites.objects.get(domain=zoneDomain) + if website.admin != admin: + dic = {'fetchStatus': 0, 'error_message': "Only administrator can view this page."} + json_data = json.dumps(dic) + return HttpResponse(json_data) + + domain = Domains.objects.get(name=zoneDomain) records = Records.objects.filter(domain_id=domain.id) @@ -357,6 +368,7 @@ def getCurrentRecordsForDomain(request): def addDNSRecord(request): try: val = request.session['userID'] + admin = Administrator.objects.get(pk=val) try: if request.method == 'POST': @@ -366,7 +378,12 @@ def addDNSRecord(request): recordName = data['recordName'] ttl = int(data['ttl']) - #admin = Administrator.objects.get(pk=val) + if admin.type != 1: + website = Websites.objects.get(domain=zoneDomain) + if website.admin != admin: + dic = {'add_status': 0, 'error_message': "Only administrator can view this page."} + json_data = json.dumps(dic) + return HttpResponse(json_data) zone = Domains.objects.get(name=zoneDomain) value = "" @@ -514,6 +531,7 @@ def addDNSRecord(request): def deleteDNSRecord(request): try: val = request.session['userID'] + admin = Administrator.objects.get(pk=val) try: if request.method == 'POST': @@ -521,6 +539,13 @@ def deleteDNSRecord(request): id = data['id'] delRecord = Records.objects.get(id=id) + + if admin.type != 1: + if delRecord.domainOwner.admin != admin: + dic = {'delete_status': 0, 'error_message': "Only administrator can view this page."} + json_data = json.dumps(dic) + return HttpResponse(json_data) + delRecord.delete() final_dic = {'delete_status': 1, 'error_message': "None"} @@ -570,6 +595,7 @@ def deleteDNSZone(request): def submitZoneDeletion(request): try: val = request.session['userID'] + admin = Administrator.objects.get(pk=val) try: if request.method == 'POST': @@ -577,6 +603,13 @@ def submitZoneDeletion(request): zoneDomain = data['zoneDomain'] delZone = Domains.objects.get(name=zoneDomain) + + if admin.type != 1: + if delZone.admin != admin: + dic = {'delete_status': 0, 'error_message': "Only administrator can view this page."} + json_data = json.dumps(dic) + return HttpResponse(json_data) + delZone.delete() final_dic = {'delete_status': 1, 'error_message': "None"} diff --git a/emailPremium/views.py b/emailPremium/views.py index 288234e56..7b5bf0d45 100644 --- a/emailPremium/views.py +++ b/emailPremium/views.py @@ -779,10 +779,15 @@ def installStatusSpamAssassin(request): def fetchSpamAssassinSettings(request): try: val = request.session['userID'] - + admin = Administrator.objects.get(pk=val) try: if request.method == 'POST': + if admin.type != 1: + final_dic = {'fetchStatus': 0, 'error_message': 'Not enough privileges.'} + final_json = json.dumps(final_dic) + return HttpResponse(final_json) + report_safe = 0 required_hits = '5.0' rewrite_header = 'Subject [SPAM]' @@ -835,7 +840,6 @@ def fetchSpamAssassinSettings(request): except BaseException,msg: final_dic = {'fetchStatus': 0, 'error_message': str(msg)} final_json = json.dumps(final_dic) - return HttpResponse(final_json) @@ -846,11 +850,10 @@ def fetchSpamAssassinSettings(request): def saveSpamAssassinConfigurations(request): try: val = request.session['userID'] + admin = Administrator.objects.get(pk=val) try: if request.method == 'POST': - admin = Administrator.objects.get(pk=request.session['userID']) - if admin.type != 1: dic = {'status': 0, 'error_message': "Only administrator can view this page."} json_data = json.dumps(dic) @@ -935,11 +938,10 @@ def emailPolicyServer(request): def fetchPolicyServerStatus(request): try: val = request.session['userID'] + admin = Administrator.objects.get(pk=val) try: if request.method == 'POST': - admin = Administrator.objects.get(pk=request.session['userID']) - if admin.type != 1: dic = {'status': 0, 'error_message': "Only administrator can view this page."} json_data = json.dumps(dic) @@ -975,11 +977,10 @@ def fetchPolicyServerStatus(request): def savePolicyServerStatus(request): try: val = request.session['userID'] + admin = Administrator.objects.get(pk=val) try: if request.method == 'POST': - admin = Administrator.objects.get(pk=request.session['userID']) - if admin.type != 1: dic = {'status': 0, 'error_message': "Only administrator can view this page."} json_data = json.dumps(dic) diff --git a/firewall/views.py b/firewall/views.py index a963954b7..38cc58f62 100644 --- a/firewall/views.py +++ b/firewall/views.py @@ -41,10 +41,14 @@ def firewallHome(request): def getCurrentRules(request): try: val = request.session['userID'] + admin = Administrator.objects.get(pk=val) try: if request.method == 'POST': - data = json.loads(request.body) + if admin.type != 1: + final_dic = {'fetchStatus': 0, 'error_message': 'Not enough privileges.'} + final_json = json.dumps(final_dic) + return HttpResponse(final_json) rules = FirewallRules.objects.all() @@ -84,9 +88,15 @@ def getCurrentRules(request): def addRule(request): try: val = request.session['userID'] + admin = Administrator.objects.get(pk=val) try: if request.method == 'POST': + if admin.type != 1: + final_dic = {'add_status': 0, 'error_message': 'Not enough privileges.'} + final_json = json.dumps(final_dic) + return HttpResponse(final_json) + data = json.loads(request.body) ruleName = data['ruleName'] ruleProtocol = data['ruleProtocol'] @@ -117,9 +127,15 @@ def addRule(request): def deleteRule(request): try: val = request.session['userID'] + admin = Administrator.objects.get(val=val) try: if request.method == 'POST': + if admin.type != 1: + final_dic = {'delete_status': 0, 'error_message': 'Not enough privileges.'} + final_json = json.dumps(final_dic) + return HttpResponse(final_json) + data = json.loads(request.body) ruleID = data['id'] ruleProtocol = data['proto'] @@ -149,14 +165,17 @@ def deleteRule(request): def reloadFirewall(request): try: val = request.session['userID'] + admin = Administrator.objects.get(pk=val) try: if request.method == 'POST': + if admin.type != 1: + final_dic = {'reload_status': 0, 'error_message': 'Not enough privileges.'} + final_json = json.dumps(final_dic) + return HttpResponse(final_json) command = 'sudo firewall-cmd --reload' - cmd = shlex.split(command) - res = subprocess.call(cmd) if res == 0: @@ -184,9 +203,14 @@ def reloadFirewall(request): def startFirewall(request): try: val = request.session['userID'] + admin = Administrator.objects.get(pk=val) try: if request.method == 'POST': + if admin.type != 1: + final_dic = {'start_status': 0, 'error_message': 'Not enough privileges.'} + final_json = json.dumps(final_dic) + return HttpResponse(final_json) command = 'sudo systemctl start firewalld' @@ -219,9 +243,14 @@ def startFirewall(request): def stopFirewall(request): try: val = request.session['userID'] + admin = Administrator.objects.get(pk=val) try: if request.method == 'POST': + if admin.type != 1: + final_dic = {'stop_status': 0, 'error_message': 'Not enough privileges.'} + final_json = json.dumps(final_dic) + return HttpResponse(final_json) command = 'sudo systemctl stop firewalld' @@ -238,9 +267,6 @@ def stopFirewall(request): final_json = json.dumps(final_dic) return HttpResponse(final_json) - - - except BaseException,msg: final_dic = {'stop_status': 0, 'error_message': str(msg)} final_json = json.dumps(final_dic) @@ -254,9 +280,14 @@ def stopFirewall(request): def firewallStatus(request): try: val = request.session['userID'] + admin = Administrator.objects.get(pk=val) try: if request.method == 'POST': + if admin.type != 1: + final_dic = {'status': 0, 'error_message': 'Not enough privileges.'} + final_json = json.dumps(final_dic) + return HttpResponse(final_json) status = subprocess.check_output(["systemctl", "status","firewalld"]) @@ -297,11 +328,16 @@ def secureSSH(request): def getSSHConfigs(request): try: val = request.session['userID'] + admin = Administrator.objects.get(pk=val) try: if request.method == 'POST': data = json.loads(request.body) type = data['type'] + if admin.type != 1: + final_dic = {'status': 0, 'error_message': 'Not enough privileges.'} + final_json = json.dumps(final_dic) + return HttpResponse(final_json) if type=="1": @@ -406,11 +442,17 @@ def getSSHConfigs(request): def saveSSHConfigs(request): try: val = request.session['userID'] + admin= Administrator.objects.get(val=val) try: if request.method == 'POST': data = json.loads(request.body) type = data['type'] + if admin.type != 1: + final_dic = {'saveStatus': 0, 'error_message': 'Not enough privileges.'} + final_json = json.dumps(final_dic) + return HttpResponse(final_json) + if type=="1": @@ -510,11 +552,17 @@ def saveSSHConfigs(request): def deleteSSHKey(request): try: val = request.session['userID'] + admin = Administrator.objects.get(pk=val) try: if request.method == 'POST': data = json.loads(request.body) key = data['key'] + if admin.type != 1: + final_dic = {'delete_status': 0, 'error_message': 'Not enough privileges.'} + final_json = json.dumps(final_dic) + return HttpResponse(final_json) + # temp change of permissions command = 'sudo chown -R cyberpanel:cyberpanel /root' @@ -568,11 +616,17 @@ def deleteSSHKey(request): def addSSHKey(request): try: val = request.session['userID'] + admin = Administrator.objects.get(pk=val) try: if request.method == 'POST': data = json.loads(request.body) key = data['key'] + if admin.type != 1: + final_dic = {'add_status': 0, 'error_message': 'Not enough privileges.'} + final_json = json.dumps(final_dic) + return HttpResponse(final_json) + # temp change of permissions command = 'sudo chown -R cyberpanel:cyberpanel /root' @@ -659,7 +713,14 @@ def loadModSecurityHome(request): def installModSec(request): try: val = request.session['userID'] + admin = Administrator.objects.get(pk=val) try: + + if admin.type != 1: + final_dic = {'installModSec': 0, 'error_message': 'Not enough privileges.'} + final_json = json.dumps(final_dic) + return HttpResponse(final_json) + thread.start_new_thread(modSec.installModSec, ('Install','modSec')) final_json = json.dumps({'installModSec': 1, 'error_message': "None"}) return HttpResponse(final_json) @@ -676,9 +737,16 @@ def installModSec(request): def installStatusModSec(request): try: val = request.session['userID'] + admin = Administrator.objects.get(pk=val) try: if request.method == 'POST': + if admin.type != 1: + final_dic = {'abort': 1, 'installed': 0, 'error_message': 'Not enough privileges.'} + final_json = json.dumps(final_dic) + return HttpResponse(final_json) + + installStatus = unicode(open(modSec.installLogPath, "r").read()) if installStatus.find("[200]")>-1: @@ -741,10 +809,15 @@ def installStatusModSec(request): def fetchModSecSettings(request): try: val = request.session['userID'] - + admin = Administrator.objects.get(pk=val) try: if request.method == 'POST': + if admin.type != 1: + final_dic = {'fetchStatus': 0, 'installed': 0, 'error_message': 'Not enough privileges.'} + final_json = json.dumps(final_dic) + return HttpResponse(final_json) + modsecurity = 0 SecAuditEngine = 0 SecRuleEngine = 0 @@ -835,9 +908,15 @@ def fetchModSecSettings(request): def saveModSecConfigurations(request): try: val = request.session['userID'] + admin = Administrator.objects.get(pk=val) try: if request.method == 'POST': + if admin.type != 1: + final_dic = {'saveStatus': 0, 'error_message': 'Not enough privileges.'} + final_json = json.dumps(final_dic) + return HttpResponse(final_json) + data = json.loads(request.body) modsecurity = data['modsecurity_status'] @@ -919,7 +998,6 @@ def saveModSecConfigurations(request): def modSecRules(request): try: userID = request.session['userID'] - admin = Administrator.objects.get(pk=userID) if admin.type == 3: @@ -946,7 +1024,6 @@ def modSecRules(request): def fetchModSecRules(request): try: userID = request.session['userID'] - admin = Administrator.objects.get(pk=userID) if admin.type == 3: @@ -988,9 +1065,15 @@ def fetchModSecRules(request): def saveModSecRules(request): try: val = request.session['userID'] + admin = Administrator.objects.get(pk=val) try: if request.method == 'POST': + if admin.type != 1: + final_dic = {'saveStatus': 0, 'error_message': 'Not enough privileges.'} + final_json = json.dumps(final_dic) + return HttpResponse(final_json) + data = json.loads(request.body) newModSecRules = data['modSecRules'] @@ -1063,7 +1146,6 @@ def modSecRulesPacks(request): def getOWASPAndComodoStatus(request): try: userID = request.session['userID'] - admin = Administrator.objects.get(pk=userID) if admin.type == 3: @@ -1121,9 +1203,15 @@ def getOWASPAndComodoStatus(request): def installModSecRulesPack(request): try: val = request.session['userID'] + admin = Administrator.objects.get(pk=val) try: if request.method == 'POST': + if admin.type != 1: + final_dic = {'installStatus': 0, 'error_message': 'Not enough privileges.'} + final_json = json.dumps(final_dic) + return HttpResponse(final_json) + data = json.loads(request.body) packName = data['packName'] @@ -1159,9 +1247,15 @@ def installModSecRulesPack(request): def getRulesFiles(request): try: val = request.session['userID'] + admin = Administrator.objects.get(pk=val) try: if request.method == 'POST': + if admin.type != 1: + final_dic = {'fetchStatus': 0, 'error_message': 'Not enough privileges.'} + final_json = json.dumps(final_dic) + return HttpResponse(final_json) + data = json.loads(request.body) packName = data['packName'] @@ -1219,9 +1313,15 @@ def getRulesFiles(request): def enableDisableRuleFile(request): try: val = request.session['userID'] + admin = Administrator.objects.get(pk = val) try: if request.method == 'POST': + if admin.type != 1: + final_dic = {'saveStatus': 0, 'error_message': 'Not enough privileges.'} + final_json = json.dumps(final_dic) + return HttpResponse(final_json) + data = json.loads(request.body) packName = data['packName'] diff --git a/ftp/views.py b/ftp/views.py index 76ae485d9..562a17fa0 100644 --- a/ftp/views.py +++ b/ftp/views.py @@ -27,7 +27,7 @@ def createFTPAccount(request): try: val = request.session['userID'] try: - admin = Administrator.objects.get(pk=request.session['userID']) + admin = Administrator.objects.get(pk=val) if admin.type == 1: websites = Websites.objects.all() @@ -75,8 +75,16 @@ def submitFTPCreation(request): userName = data['ftpUserName'] password = data['ftpPassword'] path = data['path'] + domainName = data['ftpDomain'] admin = Administrator.objects.get(id=val) + website = Websites.objects.get(domain=domainName) + + if admin.type != 1: + if website.admin != admin: + data_ret = {'creatFTPStatus': 0, 'error_message': 'Not enough privileges.'} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) if len(path) > 0: pass @@ -85,7 +93,7 @@ def submitFTPCreation(request): execPath = "sudo python " + virtualHostUtilities.cyberPanel + "/plogical/ftpUtilities.py" - execPath = execPath + " submitFTPCreation --domainName " + data['ftpDomain'] + " --userName " + userName \ + execPath = execPath + " submitFTPCreation --domainName " + domainName + " --userName " + userName \ + " --password " + password + " --path " + path + " --owner " + admin.userName @@ -163,6 +171,13 @@ def fetchFTPAccounts(request): domain = data['ftpDomain'] website = Websites.objects.get(domain=domain) + admin = Administrator.objects.get(id=val) + + if admin.type != 1: + if website.admin != admin: + data_ret = {'fetchStatus': 0, 'error_message': 'Not enough privileges.'} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) ftpAccounts = website.users_set.all() @@ -198,12 +213,21 @@ def fetchFTPAccounts(request): def submitFTPDelete(request): try: val = request.session['userID'] + admin = Administrator.objects.get(id=val) try: if request.method == 'POST': data = json.loads(request.body) ftpUserName = data['ftpUsername'] + ftp = Users.objects.get(user=ftpUserName) + + if admin.type != 1: + if ftp.domain.admin != admin: + data_ret = {'deleteStatus': 0, 'error_message': 'Not enough privileges.'} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) + FTPUtilities.submitFTPDeletion(ftpUserName) final_json = json.dumps({'deleteStatus': 1, 'error_message': "None"}) @@ -223,7 +247,7 @@ def listFTPAccounts(request): try: val = request.session['userID'] try: - admin = Administrator.objects.get(pk=request.session['userID']) + admin = Administrator.objects.get(pk=val) if admin.type == 1: websites = Websites.objects.all() @@ -271,6 +295,13 @@ def getAllFTPAccounts(request): selectedDomain = data['selectedDomain'] domain = Websites.objects.get(domain=selectedDomain) + admin = Administrator.objects.get(id=val) + + if admin.type != 1: + if domain.admin != admin: + data_ret = {'fetchStatus': 0, 'error_message': 'Not enough privileges.'} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) records = Users.objects.filter(domain=domain) @@ -309,15 +340,22 @@ def getAllFTPAccounts(request): def changePassword(request): try: val = request.session['userID'] + admin = Administrator.objects.get(id=val) try: if request.method == 'POST': - - data = json.loads(request.body) userName = data['ftpUserName'] password = data['ftpPassword'] + ftp = Users.objects.get(user=userName) + + if admin.type != 1: + if ftp.domain.admin != admin: + data_ret = {'changePasswordStatus': 0, 'error_message': 'Not enough privileges.'} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) + FTPUtilities.changeFTPPassword(userName, password) data_ret = {'changePasswordStatus': 1, 'error_message': "None"} diff --git a/install/install.py b/install/install.py index 265d7195c..aac5428b6 100644 --- a/install/install.py +++ b/install/install.py @@ -2306,10 +2306,14 @@ class preFlightsChecks: cronFile = open("/etc/crontab", "a") cronFile.writelines("0 * * * * root python /usr/local/CyberCP/plogical/findBWUsage.py" + "\n") + cronFile.writelines("0 * * * * root /usr/local/CyberCP/postfixSenderPolicy/client.py hourlyCleanup" + "\n") + cronFile.writelines("0 0 1 * * root /usr/local/CyberCP/postfixSenderPolicy/client.py monthlyCleanup" + "\n") cronFile.close() command = 'chmod +x /usr/local/CyberCP/plogical/findBWUsage.py' + cmd = shlex.split(command) + command = 'chmod +x /usr/local/CyberCP/postfixSenderPolicy/client.py' cmd = shlex.split(command) res = subprocess.call(cmd, stdout=file) diff --git a/loginSystem/views.py b/loginSystem/views.py index 96d8a2af7..e1bd6f2b4 100644 --- a/loginSystem/views.py +++ b/loginSystem/views.py @@ -24,7 +24,6 @@ def verifyLogin(request): username = "not logged in" password = "" - try: if request.method == "POST": data = json.loads(request.body) @@ -125,7 +124,6 @@ def loadLoginPage(request): numberOfAdministrator = Administrator.objects.count() - password = hashPassword.hash_password('1234567') if numberOfAdministrator == 0: diff --git a/mailServer/views.py b/mailServer/views.py index 26e0b7447..e74e89d9f 100644 --- a/mailServer/views.py +++ b/mailServer/views.py @@ -31,10 +31,10 @@ def createEmailAccount(request): try: val = request.session['userID'] try: - admin = Administrator.objects.get(pk=request.session['userID']) + admin = Administrator.objects.get(pk=val) if admin.type == 1: - websites = admin.websites_set.all() + websites = Websites.objects.all() else: websites = Websites.objects.filter(admin=admin) @@ -56,13 +56,13 @@ def submitEmailCreation(request): try: if request.method == 'POST': + val = request.session['userID'] + data = json.loads(request.body) domainName = data['domain'] userName = data['username'] password = data['password'] - - ## Create email entry execPath = "sudo python " + virtualHostUtilities.cyberPanel + "/plogical/mailUtilities.py" @@ -97,10 +97,10 @@ def deleteEmailAccount(request): try: val = request.session['userID'] try: - admin = Administrator.objects.get(pk=request.session['userID']) + admin = Administrator.objects.get(pk=val) if admin.type == 1: - websites = admin.websites_set.all() + websites = Websites.objects.all() else: websites = Websites.objects.filter(admin=admin) @@ -121,6 +121,7 @@ def deleteEmailAccount(request): def getEmailsForDomain(request): try: val = request.session['userID'] + admin = Administrator.objects.get(pk=val) try: if request.method == 'POST': @@ -134,6 +135,12 @@ def getEmailsForDomain(request): final_json = json.dumps(final_dic) return HttpResponse(final_json) + if admin.type != 1: + if domain.domainOwner.admin != admin: + final_dic = {'fetchStatus': 0, 'error_message': "Not enough privileges." } + final_json = json.dumps(final_dic) + return HttpResponse(final_json) + emails = domain.eusers_set.all() if emails.count() == 0: @@ -154,14 +161,11 @@ def getEmailsForDomain(request): json_data = json_data + ',' + json.dumps(dic) json_data = json_data + ']' - final_dic = {'fetchStatus': 1, 'error_message': "None", "data": json_data} - final_json = json.dumps(final_dic) return HttpResponse(final_json) - except BaseException,msg: data_ret = {'fetchStatus': 0, 'error_message': str(msg)} json_data = json.dumps(data_ret) @@ -171,24 +175,28 @@ def getEmailsForDomain(request): json_data = json.dumps(data_ret) return HttpResponse(json_data) - def submitEmailDeletion(request): try: val = request.session['userID'] + admin = Administrator.objects.get(pk=val) try: if request.method == 'POST': data = json.loads(request.body) email = data['email'] + emailDB = EUsers.objects.get(email=email) + + if admin.type != 1: + if emailDB.emailOwner.domainOwner.admin != admin: + final_dic = {'deleteEmailStatus': 0, 'error_message': "Not enough privileges."} + final_json = json.dumps(final_dic) + return HttpResponse(final_json) mailUtilities.deleteEmailAccount(email) - data_ret = {'deleteEmailStatus': 1, 'error_message': "None"} json_data = json.dumps(data_ret) return HttpResponse(json_data) - - except BaseException,msg: data_ret = {'deleteEmailStatus': 0, 'error_message': str(msg)} json_data = json.dumps(data_ret) @@ -202,10 +210,10 @@ def emailForwarding(request): try: val = request.session['userID'] try: - admin = Administrator.objects.get(pk=request.session['userID']) + admin = Administrator.objects.get(pk=val) if admin.type == 1: - websites = admin.websites_set.all() + websites = Websites.objects.all() else: websites = Websites.objects.filter(admin=admin) @@ -222,16 +230,24 @@ def emailForwarding(request): except KeyError: return redirect(loadLoginPage) - def fetchCurrentForwardings(request): try: val = request.session['userID'] + admin = Administrator.objects.get(pk=val) try: if request.method == 'POST': data = json.loads(request.body) emailAddress = data['emailAddress'] + emailDB = EUsers.objects.get(email=emailAddress) + + if admin.type != 1: + if emailDB.emailOwner.domainOwner.admin != admin: + final_dic = {'fetchStatus': 1, 'error_message': "Not enough privileges."} + final_json = json.dumps(final_dic) + return HttpResponse(final_json) + currentForwardings = Forwardings.objects.filter(source=emailAddress) json_data = "[" @@ -242,7 +258,7 @@ def fetchCurrentForwardings(request): continue dic = {'id': id, 'source': items.source, - 'destination':items.destination} + 'destination': items.destination} id = id + 1 @@ -253,14 +269,11 @@ def fetchCurrentForwardings(request): json_data = json_data + ',' + json.dumps(dic) json_data = json_data + ']' - final_dic = {'fetchStatus': 1, 'error_message': "None", "data": json_data} - final_json = json.dumps(final_dic) return HttpResponse(final_json) - except BaseException,msg: data_ret = {'fetchStatus': 0, 'error_message': str(msg)} json_data = json.dumps(data_ret) @@ -286,7 +299,6 @@ def submitForwardDeletion(request): json_data = json.dumps(data_ret) return HttpResponse(json_data) - except BaseException,msg: data_ret = {'deleteForwardingStatus': 0, 'error_message': str(msg)} json_data = json.dumps(data_ret) @@ -299,6 +311,7 @@ def submitForwardDeletion(request): def submitEmailForwardingCreation(request): try: val = request.session['userID'] + admin = Administrator.objects.get(pk=val) try: if request.method == 'POST': @@ -307,6 +320,14 @@ def submitEmailForwardingCreation(request): source = data['source'] destination = data['destination'] + email = EUsers.objects.get(email=source) + + if admin.type != 1: + if email.emailOwner.domainOwner.admin != admin: + final_dic = {'createStatus': 0, 'error_message': "Not enough privileges." } + final_json = json.dumps(final_dic) + return HttpResponse(final_json) + if Forwardings.objects.filter(source=source, destination=destination).count() > 0: data_ret = {'createStatus': 0, 'error_message': "You have already forwared to this destination."} json_data = json.dumps(data_ret) @@ -335,7 +356,6 @@ def submitEmailForwardingCreation(request): return HttpResponse(json_data) - ####### @@ -346,7 +366,7 @@ def changeEmailAccountPassword(request): admin = Administrator.objects.get(pk=request.session['userID']) if admin.type == 1: - websites = admin.websites_set.all() + websites = Websites.objects.all() else: websites = Websites.objects.filter(admin=admin) @@ -367,6 +387,7 @@ def changeEmailAccountPassword(request): def submitPasswordChange(request): try: val = request.session['userID'] + admin = Administrator.objects.get(pk=val) try: if request.method == 'POST': data = json.loads(request.body) @@ -375,10 +396,17 @@ def submitPasswordChange(request): email = data['email'] password = data['password'] - dom = Domains(domain=domain) + emailDB = EUsers(email=email) - emailAcct = EUsers(email=email) - emailAcct.delete() + if admin.type != 1: + if emailDB.emailOwner.domainOwner.admin != admin: + final_dic = {'passChangeStatus': 0, 'error_message': "Not enough privileges." } + final_json = json.dumps(final_dic) + return HttpResponse(final_json) + + emailDB.delete() + + dom = Domains(domain=domain) emailAcct = EUsers(emailOwner=dom, email=email, password=password) emailAcct.save() @@ -388,7 +416,6 @@ def submitPasswordChange(request): return HttpResponse(json_data) - except BaseException,msg: data_ret = {'passChangeStatus': 0, 'error_message': str(msg)} json_data = json.dumps(data_ret) @@ -454,12 +481,21 @@ def dkimManager(request): def fetchDKIMKeys(request): try: val = request.session['userID'] + admin = Administrator.objects.get(pk=val) try: if request.method == 'POST': data = json.loads(request.body) domainName = data['domainName'] + if admin.type != 1: + website = Websites.objects.get(domain=domainName) + if website.admin != admin: + data_ret = {'fetchStatus': 0, 'keysAvailable': 0, 'error_message': 'Not enough privileges.'} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) + + try: path = "/etc/opendkim/keys/" + domainName + "/default.txt" command = "sudo cat " + path @@ -489,21 +525,25 @@ def fetchDKIMKeys(request): json_data = json.dumps(data_ret) return HttpResponse(json_data) - def generateDKIMKeys(request): try: val = request.session['userID'] + admin = Administrator.objects.get(pk=val) try: if request.method == 'POST': data = json.loads(request.body) - domainName = data['domainName'] + if admin.type != 1: + website = Websites.objects.get(domain=domainName) + if website.admin != admin: + data_ret = {'generateStatus': 0, 'error_message': 'Not enough privileges.'} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) + execPath = "sudo python " + virtualHostUtilities.cyberPanel + "/plogical/mailUtilities.py" - execPath = execPath + " generateKeys --domain " + domainName - output = subprocess.check_output(shlex.split(execPath)) if output.find("1,None") > -1: @@ -547,7 +587,12 @@ def generateDKIMKeys(request): def installOpenDKIM(request): try: val = request.session['userID'] + admin = Administrator.objects.get(pk=val) try: + if admin.type != 1: + final_json = json.dumps({'installOpenDKIM': 0, 'error_message': "Not enough privileges."}) + return HttpResponse(final_json) + thread.start_new_thread(mailUtilities.installOpenDKIM, ('Install','openDKIM')) final_json = json.dumps({'installOpenDKIM': 1, 'error_message': "None"}) return HttpResponse(final_json) @@ -563,9 +608,15 @@ def installOpenDKIM(request): def installStatusOpenDKIM(request): try: val = request.session['userID'] + admin = Administrator.objects.get(pk=val) try: if request.method == 'POST': + if admin.type != 1: + final_dic = {'abort': 1, 'installed': 0, 'error_message': 'Not enough privileges.'} + final_json = json.dumps(final_dic) + return HttpResponse(final_json) + command = "sudo cat " + mailUtilities.installLogPath installStatus = subprocess.check_output(shlex.split(command)) diff --git a/managePHP/views.py b/managePHP/views.py index 366af0ad4..02d74a294 100644 --- a/managePHP/views.py +++ b/managePHP/views.py @@ -1764,56 +1764,61 @@ def getExtensionsInformation(request): try: val = request.session['userID'] + admin = Administrator.objects.get(pk=val) try: - if request.method == 'POST': + if admin.type == 1: + if request.method == 'POST': - data = json.loads(request.body) - phpVers = data['phpSelection'] + data = json.loads(request.body) + phpVers = data['phpSelection'] - if phpVers == "PHP 5.3": - phpVers = "php53" - elif phpVers == "PHP 5.4": - phpVers = "php54" - elif phpVers == "PHP 5.5": - phpVers = "php55" - elif phpVers == "PHP 5.6": - phpVers = "php56" - elif phpVers == "PHP 7.0": - phpVers = "php70" - elif phpVers == "PHP 7.1": - phpVers = "php71" - elif phpVers == "PHP 7.2": - phpVers = "php72" + if phpVers == "PHP 5.3": + phpVers = "php53" + elif phpVers == "PHP 5.4": + phpVers = "php54" + elif phpVers == "PHP 5.5": + phpVers = "php55" + elif phpVers == "PHP 5.6": + phpVers = "php56" + elif phpVers == "PHP 7.0": + phpVers = "php70" + elif phpVers == "PHP 7.1": + phpVers = "php71" + elif phpVers == "PHP 7.2": + phpVers = "php72" - php = PHP.objects.get(phpVers=phpVers) + php = PHP.objects.get(phpVers=phpVers) - records = php.installedpackages_set.all() + records = php.installedpackages_set.all() - json_data = "[" - checker = 0 + json_data = "[" + checker = 0 - for items in records: + for items in records: - if items.status == 0: - status = "Not-Installed" - else: - status = "Installed" + if items.status == 0: + status = "Not-Installed" + else: + status = "Installed" - dic = {'id': items.id, - 'phpVers': items.phpVers.phpVers, - 'extensionName': items.extensionName, - 'description': items.description, - 'status': status - } + dic = {'id': items.id, + 'phpVers': items.phpVers.phpVers, + 'extensionName': items.extensionName, + 'description': items.description, + 'status': status + } - if checker == 0: - json_data = json_data + json.dumps(dic) - checker = 1 - else: - json_data = json_data + ',' + json.dumps(dic) + if checker == 0: + json_data = json_data + json.dumps(dic) + checker = 1 + else: + json_data = json_data + ',' + json.dumps(dic) - json_data = json_data + ']' - final_json = json.dumps({'fetchStatus': 1, 'error_message': "None", "data": json_data}) + json_data = json_data + ']' + final_json = json.dumps({'fetchStatus': 1, 'error_message': "None", "data": json_data}) + return HttpResponse(final_json) + else: + final_json = json.dumps({'fetchStatus': 0, 'error_message': "Not enough privileges."}) return HttpResponse(final_json) except BaseException,msg: @@ -1830,22 +1835,27 @@ def getExtensionsInformation(request): def submitExtensionRequest(request): try: val = request.session['userID'] + admin = Administrator.objects.get(pk=val) try: - if request.method == 'POST': + if admin.type == 1: + if request.method == 'POST': - data = json.loads(request.body) - extensionName = data['extensionName'] - type = data['type'] + data = json.loads(request.body) + extensionName = data['extensionName'] + type = data['type'] - if type=="install": - phpUtilities.initiateInstall(extensionName) + if type=="install": + phpUtilities.initiateInstall(extensionName) - else: - phpUtilities.initiateRemoval(extensionName) + else: + phpUtilities.initiateRemoval(extensionName) - final_json = json.dumps({'extensionRequestStatus': 1, 'error_message': "None"}) + final_json = json.dumps({'extensionRequestStatus': 1, 'error_message': "None"}) + return HttpResponse(final_json) + else: + final_json = json.dumps({'extensionRequestStatus': 0, 'error_message': "Not enough privileges."}) return HttpResponse(final_json) except BaseException,msg: @@ -1862,91 +1872,98 @@ def submitExtensionRequest(request): def getRequestStatus(request): try: val = request.session['userID'] + admin= Administrator.objects.get(pk=val) try: - if request.method == 'POST': - - data = json.loads(request.body) - size = data['size'] - extensionName = data['extensionName'] + if admin.type == 1: + if request.method == 'POST': + data = json.loads(request.body) + size = data['size'] + extensionName = data['extensionName'] - requestStatus = unicode(open(phpUtilities.installLogPath, "r").read()) - requestStatusSize = len(requestStatus) + requestStatus = unicode(open(phpUtilities.installLogPath, "r").read()) + requestStatusSize = len(requestStatus) - if requestStatus.find("PHP Extension Installed")>-1: - if subprocess.check_output(["yum", "list", "installed"]).find(extensionName) > -1: - ext = installedPackages.objects.get(extensionName=extensionName) - ext.status = 1 - ext.save() + if requestStatus.find("PHP Extension Installed")>-1: + if subprocess.check_output(["yum", "list", "installed"]).find(extensionName) > -1: + ext = installedPackages.objects.get(extensionName=extensionName) + ext.status = 1 + ext.save() + else: + ext = installedPackages.objects.get(extensionName=extensionName) + ext.status = 0 + ext.save() + + + installUtilities.reStartLiteSpeed() + final_json = json.dumps({'finished': 1, 'extensionRequestStatus': 1, + 'error_message': "None", + 'requestStatus': requestStatus, + 'size': requestStatusSize}) + return HttpResponse(final_json) + elif requestStatus.find("Can not be installed") > -1: + + if subprocess.check_output(["yum", "list", "installed"]).find(extensionName) > -1: + ext = installedPackages.objects.get(extensionName=extensionName) + ext.status = 1 + ext.save() + else: + ext = installedPackages.objects.get(extensionName=extensionName) + ext.status = 0 + ext.save() + + installUtilities.reStartLiteSpeed() + final_json = json.dumps({'finished': 1, 'extensionRequestStatus': 1, + 'error_message': "None", + 'requestStatus': requestStatus, + 'size': requestStatusSize}) + return HttpResponse(final_json) + elif requestStatus.find("Can not un-install Extension") > -1: + + if subprocess.check_output(["yum", "list", "installed"]).find(extensionName) > -1: + ext = installedPackages.objects.get(extensionName=extensionName) + ext.status = 1 + ext.save() + else: + ext = installedPackages.objects.get(extensionName=extensionName) + ext.status = 0 + ext.save() + + installUtilities.reStartLiteSpeed() + final_json = json.dumps({'finished': 1, 'extensionRequestStatus': 1, + 'error_message': "None", + 'requestStatus': requestStatus, + 'size': requestStatusSize}) + return HttpResponse(final_json) + elif requestStatus.find("PHP Extension Removed") > -1: + + if subprocess.check_output(["yum", "list", "installed"]).find(extensionName) > -1: + ext = installedPackages.objects.get(extensionName=extensionName) + ext.status = 1 + ext.save() + else: + ext = installedPackages.objects.get(extensionName=extensionName) + ext.status = 0 + ext.save() + + installUtilities.reStartLiteSpeed() + final_json = json.dumps({'finished': 1, 'extensionRequestStatus': 1, + 'error_message': "None", + 'requestStatus': requestStatus, + 'size': requestStatusSize}) + return HttpResponse(final_json) else: - ext = installedPackages.objects.get(extensionName=extensionName) - ext.status = 0 - ext.save() + final_json = json.dumps({'finished': 0, 'extensionRequestStatus': 1, + 'error_message': "None", + 'requestStatus': requestStatus, + 'size': requestStatusSize}) + return HttpResponse(final_json) + else: + final_json = json.dumps({'finished': 0, 'extensionRequestStatus': 0, + 'error_message': "Not enough privileges."}) + return HttpResponse(final_json) - installUtilities.reStartLiteSpeed() - final_json = json.dumps({'finished': 1, 'extensionRequestStatus': 1, - 'error_message': "None", - 'requestStatus': requestStatus, - 'size': requestStatusSize}) - return HttpResponse(final_json) - elif requestStatus.find("Can not be installed") > -1: - - if subprocess.check_output(["yum", "list", "installed"]).find(extensionName) > -1: - ext = installedPackages.objects.get(extensionName=extensionName) - ext.status = 1 - ext.save() - else: - ext = installedPackages.objects.get(extensionName=extensionName) - ext.status = 0 - ext.save() - - installUtilities.reStartLiteSpeed() - final_json = json.dumps({'finished': 1, 'extensionRequestStatus': 1, - 'error_message': "None", - 'requestStatus': requestStatus, - 'size': requestStatusSize}) - return HttpResponse(final_json) - elif requestStatus.find("Can not un-install Extension") > -1: - - if subprocess.check_output(["yum", "list", "installed"]).find(extensionName) > -1: - ext = installedPackages.objects.get(extensionName=extensionName) - ext.status = 1 - ext.save() - else: - ext = installedPackages.objects.get(extensionName=extensionName) - ext.status = 0 - ext.save() - - installUtilities.reStartLiteSpeed() - final_json = json.dumps({'finished': 1, 'extensionRequestStatus': 1, - 'error_message': "None", - 'requestStatus': requestStatus, - 'size': requestStatusSize}) - return HttpResponse(final_json) - elif requestStatus.find("PHP Extension Removed") > -1: - - if subprocess.check_output(["yum", "list", "installed"]).find(extensionName) > -1: - ext = installedPackages.objects.get(extensionName=extensionName) - ext.status = 1 - ext.save() - else: - ext = installedPackages.objects.get(extensionName=extensionName) - ext.status = 0 - ext.save() - - installUtilities.reStartLiteSpeed() - final_json = json.dumps({'finished': 1, 'extensionRequestStatus': 1, - 'error_message': "None", - 'requestStatus': requestStatus, - 'size': requestStatusSize}) - return HttpResponse(final_json) - else: - final_json = json.dumps({'finished': 0, 'extensionRequestStatus': 1, - 'error_message': "None", - 'requestStatus': requestStatus, - 'size': requestStatusSize}) - return HttpResponse(final_json) except BaseException,msg: @@ -1967,7 +1984,7 @@ def editPHPConfigs(request): admin = Administrator.objects.get(pk=val) if admin.type == 3: - return HttpResponse("You don't have enough priviliges to access this page.") + return HttpResponse("You don't have enough privileges to access this page.") return render(request,'managePHP/editPHPConfig.html') except KeyError: @@ -1977,77 +1994,86 @@ def editPHPConfigs(request): def getCurrentPHPConfig(request): try: val = request.session['userID'] - + admin = Administrator.objects.get(pk=val) try: - if request.method == 'POST': + if admin.type == 1: + if request.method == 'POST': - data = json.loads(request.body) - phpVers = data['phpSelection'] + data = json.loads(request.body) + phpVers = data['phpSelection'] - if phpVers == "PHP 5.3": - phpVers = "php53" - elif phpVers == "PHP 5.4": - phpVers = "php54" - elif phpVers == "PHP 5.5": - phpVers = "php55" - elif phpVers == "PHP 5.6": - phpVers = "php56" - elif phpVers == "PHP 7.0": - phpVers = "php70" - elif phpVers == "PHP 7.1": - phpVers = "php71" - elif phpVers == "PHP 7.2": - phpVers = "php72" + if phpVers == "PHP 5.3": + phpVers = "php53" + elif phpVers == "PHP 5.4": + phpVers = "php54" + elif phpVers == "PHP 5.5": + phpVers = "php55" + elif phpVers == "PHP 5.6": + phpVers = "php56" + elif phpVers == "PHP 7.0": + phpVers = "php70" + elif phpVers == "PHP 7.1": + phpVers = "php71" + elif phpVers == "PHP 7.2": + phpVers = "php72" - path = "/usr/local/lsws/ls"+phpVers+"/etc/php.ini" + path = "/usr/local/lsws/ls"+phpVers+"/etc/php.ini" - allow_url_fopen = "0" - display_errors = "0" - file_uploads = "0" - allow_url_include = "0" - memory_limit = "" - max_execution_time = "" - upload_max_filesize = "" - max_input_time = "" + allow_url_fopen = "0" + display_errors = "0" + file_uploads = "0" + allow_url_include = "0" + memory_limit = "" + max_execution_time = "" + upload_max_filesize = "" + max_input_time = "" - data = open(path,'r').readlines() + data = open(path,'r').readlines() - for items in data: - if items.find("allow_url_fopen")>-1 and items.find("=")>-1: - if items.find("On") > -1: - allow_url_fopen = "1" - if items.find("display_errors")>-1 and items.find("=")>-1: - if items.find("On") > -1: - display_errors = "1" - if items.find("file_uploads")>-1 and items.find("=")>-1: - if items.find("On") > -1: - file_uploads = "1" - if items.find("allow_url_include")>-1 and items.find("=")>-1: - if items.find("On") > -1: - allow_url_include = "1" - if items.find("memory_limit")>-1 and items.find("=")>-1: - memory_limit = re.findall(r"[A-Za-z0-9_]+", items)[1] - if items.find("max_execution_time")>-1 and items.find("=")>-1: - max_execution_time = re.findall(r"[A-Za-z0-9_]+", items)[1] - if items.find("upload_max_filesize")>-1 and items.find("=")>-1: - upload_max_filesize = re.findall(r"[A-Za-z0-9_]+", items)[1] - if items.find("max_input_time")>-1 and items.find("=")>-1: - max_input_time = re.findall(r"[A-Za-z0-9_]+", items)[1] - if items.find("post_max_size") > -1 and items.find("=") > -1: - post_max_size = re.findall(r"[A-Za-z0-9_]+", items)[1] + for items in data: + if items.find("allow_url_fopen")>-1 and items.find("=")>-1: + if items.find("On") > -1: + allow_url_fopen = "1" + if items.find("display_errors")>-1 and items.find("=")>-1: + if items.find("On") > -1: + display_errors = "1" + if items.find("file_uploads")>-1 and items.find("=")>-1: + if items.find("On") > -1: + file_uploads = "1" + if items.find("allow_url_include")>-1 and items.find("=")>-1: + if items.find("On") > -1: + allow_url_include = "1" + if items.find("memory_limit")>-1 and items.find("=")>-1: + memory_limit = re.findall(r"[A-Za-z0-9_]+", items)[1] + if items.find("max_execution_time")>-1 and items.find("=")>-1: + max_execution_time = re.findall(r"[A-Za-z0-9_]+", items)[1] + if items.find("upload_max_filesize")>-1 and items.find("=")>-1: + upload_max_filesize = re.findall(r"[A-Za-z0-9_]+", items)[1] + if items.find("max_input_time")>-1 and items.find("=")>-1: + max_input_time = re.findall(r"[A-Za-z0-9_]+", items)[1] + if items.find("post_max_size") > -1 and items.find("=") > -1: + post_max_size = re.findall(r"[A-Za-z0-9_]+", items)[1] - final_dic = {'fetchStatus': 1, - 'allow_url_fopen': allow_url_fopen, - 'display_errors': display_errors, - 'file_uploads': file_uploads, - 'allow_url_include': allow_url_include, - 'memory_limit': memory_limit, - 'max_execution_time': max_execution_time, - 'upload_max_filesize': upload_max_filesize, - 'max_input_time': max_input_time, - 'post_max_size':post_max_size} + final_dic = {'fetchStatus': 1, + 'allow_url_fopen': allow_url_fopen, + 'display_errors': display_errors, + 'file_uploads': file_uploads, + 'allow_url_include': allow_url_include, + 'memory_limit': memory_limit, + 'max_execution_time': max_execution_time, + 'upload_max_filesize': upload_max_filesize, + 'max_input_time': max_input_time, + 'post_max_size':post_max_size} + + final_json = json.dumps(final_dic) + + return HttpResponse(final_json) + else: + final_dic = {'fetchStatus': 0, + 'error_message': 'Not enough privileges.' + } final_json = json.dumps(final_dic) @@ -2068,77 +2094,83 @@ def getCurrentPHPConfig(request): def savePHPConfigBasic(request): try: val = request.session['userID'] - + admin = Administrator.objects.get(id=val) try: - if request.method == 'POST': + if admin.type == 1: + if request.method == 'POST': - data = json.loads(request.body) - phpVers = data['phpSelection'] - allow_url_fopen = data['allow_url_fopen'] - display_errors = data['display_errors'] - file_uploads = data['file_uploads'] - allow_url_include = data['allow_url_include'] - memory_limit = data['memory_limit'] - max_execution_time = data['max_execution_time'] - upload_max_filesize = data['upload_max_filesize'] - max_input_time = data['max_input_time'] - post_max_size = data['post_max_size'] + data = json.loads(request.body) + phpVers = data['phpSelection'] + allow_url_fopen = data['allow_url_fopen'] + display_errors = data['display_errors'] + file_uploads = data['file_uploads'] + allow_url_include = data['allow_url_include'] + memory_limit = data['memory_limit'] + max_execution_time = data['max_execution_time'] + upload_max_filesize = data['upload_max_filesize'] + max_input_time = data['max_input_time'] + post_max_size = data['post_max_size'] - if allow_url_fopen == True: - allow_url_fopen = "allow_url_fopen = On" - else: - allow_url_fopen = "allow_url_fopen = Off" + if allow_url_fopen == True: + allow_url_fopen = "allow_url_fopen = On" + else: + allow_url_fopen = "allow_url_fopen = Off" - if display_errors == True: - display_errors = "display_errors = On" - else: - display_errors = "display_errors = Off" + if display_errors == True: + display_errors = "display_errors = On" + else: + display_errors = "display_errors = Off" - if file_uploads == True: - file_uploads = "file_uploads = On" - else: - file_uploads = "file_uploads = Off" + if file_uploads == True: + file_uploads = "file_uploads = On" + else: + file_uploads = "file_uploads = Off" - if allow_url_include == True: - allow_url_include = "allow_url_include = On" - else: - allow_url_include = "allow_url_include = Off" + if allow_url_include == True: + allow_url_include = "allow_url_include = On" + else: + allow_url_include = "allow_url_include = Off" - if phpVers == "PHP 5.3": - phpVers = "php53" - elif phpVers == "PHP 5.4": - phpVers = "php54" - elif phpVers == "PHP 5.5": - phpVers = "php55" - elif phpVers == "PHP 5.6": - phpVers = "php56" - elif phpVers == "PHP 7.0": - phpVers = "php70" - elif phpVers == "PHP 7.1": - phpVers = "php71" - elif phpVers == "PHP 7.2": - phpVers = "php72" + if phpVers == "PHP 5.3": + phpVers = "php53" + elif phpVers == "PHP 5.4": + phpVers = "php54" + elif phpVers == "PHP 5.5": + phpVers = "php55" + elif phpVers == "PHP 5.6": + phpVers = "php56" + elif phpVers == "PHP 7.0": + phpVers = "php70" + elif phpVers == "PHP 7.1": + phpVers = "php71" + elif phpVers == "PHP 7.2": + phpVers = "php72" - ## + ## - execPath = "sudo python " + virtualHostUtilities.cyberPanel + "/plogical/phpUtilities.py" + execPath = "sudo python " + virtualHostUtilities.cyberPanel + "/plogical/phpUtilities.py" - execPath = execPath + " savePHPConfigBasic --phpVers " + phpVers + " --allow_url_fopen '" + allow_url_fopen + "' --display_errors '" + display_errors + "' --file_uploads '" + file_uploads + "' --allow_url_include '" + allow_url_include + "' --memory_limit " + memory_limit+ " --max_execution_time " + max_execution_time + " --upload_max_filesize " + upload_max_filesize + " --max_input_time " + max_input_time + " --post_max_size " + post_max_size + execPath = execPath + " savePHPConfigBasic --phpVers " + phpVers + " --allow_url_fopen '" + allow_url_fopen + "' --display_errors '" + display_errors + "' --file_uploads '" + file_uploads + "' --allow_url_include '" + allow_url_include + "' --memory_limit " + memory_limit+ " --max_execution_time " + max_execution_time + " --upload_max_filesize " + upload_max_filesize + " --max_input_time " + max_input_time + " --post_max_size " + post_max_size - output = subprocess.check_output(shlex.split(execPath)) + output = subprocess.check_output(shlex.split(execPath)) - if output.find("1,None") > -1: - data_ret = {'saveStatus': 1} - final_json = json.dumps(data_ret) - return HttpResponse(final_json) - else: - final_dic = {'saveStatus': 0, 'error_message': output} - final_json = json.dumps(final_dic) - return HttpResponse(final_json) + if output.find("1,None") > -1: + data_ret = {'saveStatus': 1} + final_json = json.dumps(data_ret) + return HttpResponse(final_json) + else: + final_dic = {'saveStatus': 0, 'error_message': output} + final_json = json.dumps(final_dic) + return HttpResponse(final_json) + + else: + final_dic = {'saveStatus': 0, 'error_message': 'Not enough privileges.'} + final_json = json.dumps(final_dic) + return HttpResponse(final_json) except BaseException,msg: final_dic = {'saveStatus': 0, 'error_message': str(msg)} @@ -2156,34 +2188,39 @@ def savePHPConfigBasic(request): def getCurrentAdvancedPHPConfig(request): try: val = request.session['userID'] - + admin = Administrator.objects.get(id=val) try: - if request.method == 'POST': + if admin.type == 1: + if request.method == 'POST': - data = json.loads(request.body) - phpVers = data['phpSelection'] + data = json.loads(request.body) + phpVers = data['phpSelection'] - if phpVers == "PHP 5.3": - phpVers = "php53" - elif phpVers == "PHP 5.4": - phpVers = "php54" - elif phpVers == "PHP 5.5": - phpVers = "php55" - elif phpVers == "PHP 5.6": - phpVers = "php56" - elif phpVers == "PHP 7.0": - phpVers = "php70" - elif phpVers == "PHP 7.1": - phpVers = "php71" - elif phpVers == "PHP 7.2": - phpVers = "php72" + if phpVers == "PHP 5.3": + phpVers = "php53" + elif phpVers == "PHP 5.4": + phpVers = "php54" + elif phpVers == "PHP 5.5": + phpVers = "php55" + elif phpVers == "PHP 5.6": + phpVers = "php56" + elif phpVers == "PHP 7.0": + phpVers = "php70" + elif phpVers == "PHP 7.1": + phpVers = "php71" + elif phpVers == "PHP 7.2": + phpVers = "php72" - path = "/usr/local/lsws/ls"+phpVers+"/etc/php.ini" + path = "/usr/local/lsws/ls"+phpVers+"/etc/php.ini" - configData = open(path, "r").read() + configData = open(path, "r").read() - status = {"fetchStatus": 1, "configData": configData} + status = {"fetchStatus": 1, "configData": configData} + final_json = json.dumps(status) + return HttpResponse(final_json) + else: + status = {"fetchStatus": 1, "error_message": 'Not enough privileges.'} final_json = json.dumps(status) return HttpResponse(final_json) @@ -2199,59 +2236,66 @@ def getCurrentAdvancedPHPConfig(request): def savePHPConfigAdvance(request): try: val = request.session['userID'] + admin = Administrator.objects.get(pk=val) - if request.method == 'POST': - try: - data = json.loads(request.body) - phpVers = data['phpSelection'] + if admin.type == 1: - if phpVers == "PHP 5.3": - phpVers = "php53" - elif phpVers == "PHP 5.4": - phpVers = "php54" - elif phpVers == "PHP 5.5": - phpVers = "php55" - elif phpVers == "PHP 5.6": - phpVers = "php56" - elif phpVers == "PHP 7.0": - phpVers = "php70" - elif phpVers == "PHP 7.1": - phpVers = "php71" - elif phpVers == "PHP 7.2": - phpVers = "php72" + if request.method == 'POST': + try: + data = json.loads(request.body) + phpVers = data['phpSelection'] - path = "/usr/local/lsws/ls" + phpVers + "/etc/php.ini" + if phpVers == "PHP 5.3": + phpVers = "php53" + elif phpVers == "PHP 5.4": + phpVers = "php54" + elif phpVers == "PHP 5.5": + phpVers = "php55" + elif phpVers == "PHP 5.6": + phpVers = "php56" + elif phpVers == "PHP 7.0": + phpVers = "php70" + elif phpVers == "PHP 7.1": + phpVers = "php71" + elif phpVers == "PHP 7.2": + phpVers = "php72" - tempPath = "/home/cyberpanel/" + str(randint(1000, 9999)) + path = "/usr/local/lsws/ls" + phpVers + "/etc/php.ini" - vhost = open(tempPath, "w") + tempPath = "/home/cyberpanel/" + str(randint(1000, 9999)) - vhost.write(data['configData']) + vhost = open(tempPath, "w") - vhost.close() + vhost.write(data['configData']) - execPath = "sudo python " + virtualHostUtilities.cyberPanel + "/plogical/phpUtilities.py" + vhost.close() - execPath = execPath + " savePHPConfigAdvance --phpVers " + path + " --tempPath " + tempPath + execPath = "sudo python " + virtualHostUtilities.cyberPanel + "/plogical/phpUtilities.py" + + execPath = execPath + " savePHPConfigAdvance --phpVers " + path + " --tempPath " + tempPath - output = subprocess.check_output(shlex.split(execPath)) + output = subprocess.check_output(shlex.split(execPath)) - if output.find("1,None") > -1: - status = {"saveStatus": 1, "configData": data['configData']} - final_json = json.dumps(status) - return HttpResponse(final_json) - else: - data_ret = {'saveStatus': 0, 'error_message': output} + if output.find("1,None") > -1: + status = {"saveStatus": 1, "configData": data['configData']} + final_json = json.dumps(status) + return HttpResponse(final_json) + else: + data_ret = {'saveStatus': 0, 'error_message': output} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) + + except BaseException, msg: + data_ret = {'saveStatus': 0, 'error_message': str(msg)} json_data = json.dumps(data_ret) return HttpResponse(json_data) + else: + data_ret = {'saveStatus': 0, 'error_message': 'Not enough privileges.'} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) - - except BaseException, msg: - data_ret = {'saveStatus': 0, 'error_message': str(msg)} - json_data = json.dumps(data_ret) - return HttpResponse(json_data) except KeyError, msg: logging.CyberCPLogFileWriter.writeToFile(str(msg) + "[saveConfigsToFile]") return HttpResponse("Not Logged in as admin") \ No newline at end of file diff --git a/manageSSL/views.py b/manageSSL/views.py index ddf023903..797838d7b 100644 --- a/manageSSL/views.py +++ b/manageSSL/views.py @@ -21,7 +21,6 @@ import subprocess def loadSSLHome(request): try: val = request.session['userID'] - return render(request, 'manageSSL/index.html') except KeyError: return redirect(loadLoginPage) @@ -29,8 +28,7 @@ def loadSSLHome(request): def manageSSL(request): try: val = request.session['userID'] - - admin = Administrator.objects.get(pk=request.session['userID']) + admin = Administrator.objects.get(pk=val) if admin.type == 1: websites = Websites.objects.all() @@ -67,6 +65,7 @@ def manageSSL(request): def issueSSL(request): try: val = request.session['userID'] + admin = Administrator.objects.get(pk=val) try: if request.method == 'POST': @@ -76,15 +75,32 @@ def issueSSL(request): adminEmail = "" path = "" + try: website = ChildDomains.objects.get(domain=virtualHost) adminEmail = website.master.adminEmail path = data['path'] + + if admin.type != 1: + if admin != website.master.admin: + data_ret = {"SSL": 0, + 'error_message': 'You do not own this domain.'} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) + except: website = Websites.objects.get(domain=virtualHost) adminEmail = website.adminEmail path = "/home/" + virtualHost + "/public_html" + if admin.type != 1: + if admin != website.admin: + data_ret = {"SSL": 0, + 'error_message': 'You do not own this website.'} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) + + ## ssl issue execPath = "sudo python " + virtualHostUtilities.cyberPanel + "/plogical/virtualHostUtilities.py" @@ -128,7 +144,7 @@ def sslForHostName(request): try: val = request.session['userID'] - admin = Administrator.objects.get(pk=request.session['userID']) + admin = Administrator.objects.get(pk=val) if admin.type==1: pass @@ -168,37 +184,42 @@ def sslForHostName(request): def obtainHostNameSSL(request): try: val = request.session['userID'] + admin = Administrator.objects.get(pk=val) try: - if request.method == 'POST': + if admin.type == 1: + if request.method == 'POST': - data = json.loads(request.body) - virtualHost = data['virtualHost'] + data = json.loads(request.body) + virtualHost = data['virtualHost'] - website = Websites.objects.get(domain=virtualHost) + path = "/home/" + virtualHost + "/public_html" - path = "/home/" + virtualHost + "/public_html" + ## ssl issue - ## ssl issue + execPath = "sudo python " + virtualHostUtilities.cyberPanel + "/plogical/virtualHostUtilities.py" - execPath = "sudo python " + virtualHostUtilities.cyberPanel + "/plogical/virtualHostUtilities.py" - - execPath = execPath + " issueSSLForHostName --virtualHostName " + virtualHost + " --path " + path + execPath = execPath + " issueSSLForHostName --virtualHostName " + virtualHost + " --path " + path - output = subprocess.check_output(shlex.split(execPath)) + output = subprocess.check_output(shlex.split(execPath)) - if output.find("1,None") > -1: - data_ret = {"SSL": 1, - 'error_message': "None"} - json_data = json.dumps(data_ret) - return HttpResponse(json_data) - else: - data_ret = {"SSL": 0, - 'error_message': output} - json_data = json.dumps(data_ret) - return HttpResponse(json_data) + if output.find("1,None") > -1: + data_ret = {"SSL": 1, + 'error_message': "None"} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) + else: + data_ret = {"SSL": 0, + 'error_message': output} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) - ## ssl issue ends + ## ssl issue ends + else: + data_ret = {"SSL": 0, + 'error_message': 'Only administrators can issue Hostname SSL.'} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) except BaseException,msg: data_ret = {"SSL": 0, @@ -220,7 +241,7 @@ def sslForMailServer(request): if admin.type==1: pass else: - return HttpResponse("You should be admin to issue SSL For Hostname.") + return HttpResponse("You should be admin to issue SSL For Mail Server.") if admin.type == 1: websites = Websites.objects.all() @@ -255,36 +276,42 @@ def sslForMailServer(request): def obtainMailServerSSL(request): try: val = request.session['userID'] + admin = Administrator.objects.get(pk=val) try: - if request.method == 'POST': + if admin.type == 1: + if request.method == 'POST': - data = json.loads(request.body) - virtualHost = data['virtualHost'] + data = json.loads(request.body) + virtualHost = data['virtualHost'] - website = Websites.objects.get(domain=virtualHost) + path = "/home/" + virtualHost + "/public_html" - path = "/home/" + virtualHost + "/public_html" + ## ssl issue - ## ssl issue + execPath = "sudo python " + virtualHostUtilities.cyberPanel + "/plogical/virtualHostUtilities.py" - execPath = "sudo python " + virtualHostUtilities.cyberPanel + "/plogical/virtualHostUtilities.py" + execPath = execPath + " issueSSLForMailServer --virtualHostName " + virtualHost + " --path " + path - execPath = execPath + " issueSSLForMailServer --virtualHostName " + virtualHost + " --path " + path + output = subprocess.check_output(shlex.split(execPath)) - output = subprocess.check_output(shlex.split(execPath)) + if output.find("1,None") > -1: + data_ret = {"SSL": 1, + 'error_message': "None"} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) + else: + data_ret = {"SSL": 0, + 'error_message': output} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) - if output.find("1,None") > -1: - data_ret = {"SSL": 1, - 'error_message': "None"} - json_data = json.dumps(data_ret) - return HttpResponse(json_data) + ## ssl issue ends else: data_ret = {"SSL": 0, - 'error_message': output} + 'error_message': 'Only administrators can issue Mail Server SSL.'} json_data = json.dumps(data_ret) return HttpResponse(json_data) - ## ssl issue ends except BaseException,msg: data_ret = {"SSL": 0, diff --git a/packages/views.py b/packages/views.py index c205a5dd0..648b7cf24 100644 --- a/packages/views.py +++ b/packages/views.py @@ -72,6 +72,7 @@ def deletePacakge(request): def submitPackage(request): try: val = request.session['userID'] + admin = Administrator.objects.get(pk=val) try: if request.method == 'POST': data = json.loads(request.body) @@ -83,25 +84,30 @@ def submitPackage(request): emails = int(data['emails']) allowedDomains = int(data['allowedDomains']) - if packageSpace < 0 or packageBandwidth < 0 or packageDatabases < 0 or ftpAccounts < 0 or emails < 0 or allowedDomains < 0: - data_ret = {'saveStatus': 0, 'error_message': "All values should be positive or 0."} + if admin.type == 1: + + if packageSpace < 0 or packageBandwidth < 0 or packageDatabases < 0 or ftpAccounts < 0 or emails < 0 or allowedDomains < 0: + data_ret = {'saveStatus': 0, 'error_message': "All values should be positive or 0."} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) + + + admin = Administrator.objects.get(pk=val) + + packageName = admin.userName+"_"+packageName + + package = Package(admin=admin, packageName=packageName, diskSpace=packageSpace, + bandwidth=packageBandwidth, ftpAccounts=ftpAccounts, dataBases=packageDatabases,emailAccounts=emails,allowedDomains=allowedDomains) + + package.save() + + data_ret = {'saveStatus': 1,'error_message': "None"} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) + else: + data_ret = {'saveStatus': 0, 'error_message': "Not enough privileges."} json_data = json.dumps(data_ret) return HttpResponse(json_data) - - - - admin = Administrator.objects.get(pk=request.session['userID']) - - packageName = admin.userName+"_"+packageName - - package = Package(admin=admin, packageName=packageName, diskSpace=packageSpace, - bandwidth=packageBandwidth, ftpAccounts=ftpAccounts, dataBases=packageDatabases,emailAccounts=emails,allowedDomains=allowedDomains) - - package.save() - - data_ret = {'saveStatus': 1,'error_message': "None"} - json_data = json.dumps(data_ret) - return HttpResponse(json_data) except BaseException,msg: data_ret = {'saveStatus': 0, 'error_message': str(msg)} @@ -115,15 +121,21 @@ def submitPackage(request): def submitDelete(request): try: val = request.session['userID'] + admin = Administrator.objects.get(pk=val) try: - if request.method == 'POST': - data = json.loads(request.body) - packageName = data['packageName'] + if admin.type == 1: + if request.method == 'POST': + data = json.loads(request.body) + packageName = data['packageName'] - delPackage = Package.objects.get(packageName=packageName) - delPackage.delete() + delPackage = Package.objects.get(packageName=packageName) + delPackage.delete() - data_ret = {'deleteStatus': 1,'error_message': "None"} + data_ret = {'deleteStatus': 1,'error_message': "None"} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) + else: + data_ret = {'deleteStatus': 0, 'error_message': "Not enough privileges."} json_data = json.dumps(data_ret) return HttpResponse(json_data) @@ -156,7 +168,7 @@ def modifyPackage(request): packageList.append(items.packageName) except BaseException,msg: - logging.writeToFile(str(msg)) + logging.CyberCPLogFileWriter.writeToFile(str(msg)) return HttpResponse("Please see CyberCP Main Log File") except KeyError: @@ -173,25 +185,32 @@ def modifyPackage(request): def submitModify(request): try: val = request.session['userID'] + admin = Administrator.objects.get(pk=val) try: - if request.method == 'POST': + if admin.type == 1: + if request.method == 'POST': - data = json.loads(request.body) - packageName = data['packageName'] + data = json.loads(request.body) + packageName = data['packageName'] - modifyPack = Package.objects.get(packageName=packageName) + modifyPack = Package.objects.get(packageName=packageName) - diskSpace = modifyPack.diskSpace - bandwidth = modifyPack.bandwidth - ftpAccounts = modifyPack.ftpAccounts - dataBases = modifyPack.dataBases - emails = modifyPack.emailAccounts + diskSpace = modifyPack.diskSpace + bandwidth = modifyPack.bandwidth + ftpAccounts = modifyPack.ftpAccounts + dataBases = modifyPack.dataBases + emails = modifyPack.emailAccounts - data_ret = {'emails':emails,'modifyStatus': 1,'error_message': "None", - "diskSpace":diskSpace,"bandwidth":bandwidth,"ftpAccounts":ftpAccounts,"dataBases":dataBases,"allowedDomains":modifyPack.allowedDomains} + data_ret = {'emails':emails,'modifyStatus': 1,'error_message': "None", + "diskSpace":diskSpace,"bandwidth":bandwidth,"ftpAccounts":ftpAccounts,"dataBases":dataBases,"allowedDomains":modifyPack.allowedDomains} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) + else: + data_ret = {'modifyStatus': 0, 'error_message': "Not enough privileges."} json_data = json.dumps(data_ret) return HttpResponse(json_data) + except BaseException,msg: data_ret = {'modifyStatus': 0, 'error_message': str(msg)} json_data = json.dumps(data_ret) @@ -205,28 +224,33 @@ def submitModify(request): def saveChanges(request): try: val = request.session['userID'] + admin = Administrator.objects.get(pk=val) try: - if request.method == 'POST': + if admin.type == 1: + if request.method == 'POST': + data = json.loads(request.body) + packageName = data['packageName'] - data = json.loads(request.body) - packageName = data['packageName'] + if data['diskSpace'] < 0 or data['bandwidth'] < 0 or data['ftpAccounts'] < 0 or data['dataBases'] < 0 or data['emails'] < 0 or data['allowedDomains'] < 0: + data_ret = {'saveStatus': 0, 'error_message': "All values should be positive or 0."} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) - if data['diskSpace'] < 0 or data['bandwidth'] < 0 or data['ftpAccounts'] < 0 or data['dataBases'] < 0 or data['emails'] < 0 or data['allowedDomains'] < 0: - data_ret = {'saveStatus': 0, 'error_message': "All values should be positive or 0."} + modifyPack = Package.objects.get(packageName=packageName) + + modifyPack.diskSpace = data['diskSpace'] + modifyPack.bandwidth = data['bandwidth'] + modifyPack.ftpAccounts = data['ftpAccounts'] + modifyPack.dataBases = data['dataBases'] + modifyPack.emailAccounts = data['emails'] + modifyPack.allowedDomains = data['allowedDomains'] + modifyPack.save() + + data_ret = {'saveStatus': 1,'error_message': "None"} json_data = json.dumps(data_ret) return HttpResponse(json_data) - - modifyPack = Package.objects.get(packageName=packageName) - - modifyPack.diskSpace = data['diskSpace'] - modifyPack.bandwidth = data['bandwidth'] - modifyPack.ftpAccounts = data['ftpAccounts'] - modifyPack.dataBases = data['dataBases'] - modifyPack.emailAccounts = data['emails'] - modifyPack.allowedDomains = data['allowedDomains'] - modifyPack.save() - - data_ret = {'saveStatus': 1,'error_message': "None"} + else: + data_ret = {'saveStatus': 0,'error_message': "Not enough privileges."} json_data = json.dumps(data_ret) return HttpResponse(json_data) diff --git a/plogical/dnsUtilities.py b/plogical/dnsUtilities.py index 735720ecb..82ec4e2ec 100644 --- a/plogical/dnsUtilities.py +++ b/plogical/dnsUtilities.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python2.7 +#!/usr/local/CyberCP/bin/python2 import os,sys sys.path.append('/usr/local/CyberCP') import django diff --git a/plogical/ftpUtilities.py b/plogical/ftpUtilities.py index 136db5bbb..53bbddf1d 100644 --- a/plogical/ftpUtilities.py +++ b/plogical/ftpUtilities.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python2.7 +#!/usr/local/CyberCP/bin/python2 import os,sys sys.path.append('/usr/local/CyberCP') import django diff --git a/plogical/vhost.py b/plogical/vhost.py index aac54fce5..e120f88c7 100644 --- a/plogical/vhost.py +++ b/plogical/vhost.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python2.7 +#!/usr/local/CyberCP/bin/python2 import os import os.path import sys diff --git a/plogical/virtualHostUtilities.py b/plogical/virtualHostUtilities.py index 25e4ae4dd..583db3566 100644 --- a/plogical/virtualHostUtilities.py +++ b/plogical/virtualHostUtilities.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python2.7 +#!/usr/local/CyberCP/bin/python2 import os import os.path import sys @@ -237,9 +237,7 @@ class virtualHostUtilities: vhost.addRewriteRules(virtualHost, fileName) vhostFile = open(fileName, "w") - vhostFile.write(open(tempPath, "r").read()) - vhostFile.close() if os.path.exists(tempPath): diff --git a/postfixSenderPolicy/accept_traffic.py b/postfixSenderPolicy/accept_traffic.py index 9f164ff94..96cd5f4ee 100755 --- a/postfixSenderPolicy/accept_traffic.py +++ b/postfixSenderPolicy/accept_traffic.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python2.7 +#!/usr/local/CyberCP/bin/python2 import os,sys sys.path.append('/usr/local/CyberCP') import django @@ -15,6 +15,7 @@ from cacheManager import cacheManager limitThreads = multi.BoundedSemaphore(10) class HandleRequest(multi.Thread): + cleaningPath = '/home/cyberpanel/purgeCache' def __init__(self, conn): multi.Thread.__init__(self) self.connection = conn @@ -24,24 +25,27 @@ class HandleRequest(multi.Thread): dataComplete = "" try: try: - while True: + # Wait for a connection + if os.path.exists(HandleRequest.cleaningPath): + readFromFile = open(HandleRequest.cleaningPath, 'r') + command = readFromFile.read() + cacheManager.handlePurgeRequest(command) + readFromFile.close() + logging.writeToFile(command + 'nCommand') + os.remove(HandleRequest.cleaningPath) + Data = self.connection.recv(64) if Data: if len(Data) < 64: dataComplete = dataComplete + Data - - if dataComplete.find('cyberpanelCleaner') > -1: - logging.writeToFile(dataComplete) - cacheManager.handlePurgeRequest(dataComplete) - else: - self.manageRequest(dataComplete) - + self.manageRequest(dataComplete) dataComplete = '' else: dataComplete = dataComplete + Data else: self.connection.close() + break finally: # Clean up the connection self.connection.close() @@ -55,10 +59,9 @@ class HandleRequest(multi.Thread): for items in completeData: tempData = items.split('=') - if tempData[0] == 'client_name': - domainName = tempData[1] - elif tempData[0] == 'sender': + if tempData[0] == 'sender': emailAddress = tempData[1] + domainName = emailAddress.split('@')[1] elif tempData[0] == 'recipient': destination = tempData[1] @@ -81,7 +84,7 @@ class HandleRequest(multi.Thread): #logging.writeToFile('Email Monthly Used: ' + str(emailObj.monthlyUsed)) if domainObj.limitStatus == 1 and emailObj.limitStatus == 1: - if emailObj.monthlyLimits <= emailObj.monthlyUsed or emailObj.hourlyLimits <= emailObj.hourlyUsed: + if domainObj.monthlyLimits <= domainObj.monthlyLimits or emailObj.monthlyLimits <= emailObj.monthlyUsed or emailObj.hourlyLimits <= emailObj.hourlyUsed: logging.writeToFile(emailAddress + ' either exceeded monthly or hourly sending limit.') self.connection.sendall('action=defer_if_permit Service temporarily unavailable\n\n') else: @@ -91,6 +94,7 @@ class HandleRequest(multi.Thread): logEntry.save() emailObj.monthlyUsed = emailObj.monthlyUsed + 1 emailObj.hourlyUsed = emailObj.hourlyUsed + 1 + domainObj.monthlyUsed = domainObj.monthlyUsed + 1 self.connection.sendall('action=dunno\n\n') else: email = EUsers.objects.get(email=emailAddress) @@ -104,5 +108,6 @@ class HandleRequest(multi.Thread): except BaseException, msg: + logging.writeToFile(completeData) self.connection.sendall('action=dunno\n\n') logging.writeToFile(str(msg)) diff --git a/postfixSenderPolicy/cacheManager.py b/postfixSenderPolicy/cacheManager.py index a0bb00edd..239d33884 100755 --- a/postfixSenderPolicy/cacheManager.py +++ b/postfixSenderPolicy/cacheManager.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python2.7 +#!/usr/local/CyberCP/bin/python2 import os,sys sys.path.append('/usr/local/CyberCP') import django @@ -19,7 +19,8 @@ class cacheManager: domaindb = Domains.objects.get(domain=domain) dbDomain = DomainLimits.objects.get(domain=domaindb) - totalDomainUsed = 0 + dbDomain.monthlyUsed = domainOBJ.monthlyUsed + dbDomain.save() for email, emailOBJ in domainOBJ.emails.iteritems(): emailID = EUsers.objects.get(email=email) @@ -27,13 +28,8 @@ class cacheManager: dbEmail.monthlyUsed = emailOBJ.monthlyUsed dbEmail.hourlyUsed = emailOBJ.hourlyUsed - - totalDomainUsed = totalDomainUsed + emailOBJ.monthlyUsed dbEmail.save() - dbDomain.monthlyUsed = totalDomainUsed - dbDomain.save() - except BaseException, msg: logging.writeToFile(str(msg)) @@ -130,6 +126,13 @@ class cacheManager: for domain, domainOBJ in cacheManager.domains.iteritems(): for email, emailOBJ in domainOBJ.emails.iteritems(): + + emailID = EUsers.objects.get(email=email) + dbEmail = EmailLimits.objects.get(email=emailID) + + dbEmail.hourlyUsed = 0 + dbEmail.save() + emailID = EUsers.objects.get(email=email) dbEmail = EmailLimits.objects.get(email=emailID) diff --git a/postfixSenderPolicy/client.py b/postfixSenderPolicy/client.py index 98763768d..76b331964 100755 --- a/postfixSenderPolicy/client.py +++ b/postfixSenderPolicy/client.py @@ -1,29 +1,23 @@ -#!/usr/bin/env python2.7 +#!/usr/local/CyberCP/bin/python2 import socket import sys sys.path.append('/usr/local/CyberCP') from plogical.CyberCPLogFileWriter import CyberCPLogFileWriter as logging import argparse +from plogical.mailUtilities import mailUtilities class cacheClient: - def __init__(self, serverAddr): - self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) - self.serverAddr = serverAddr - self.sock.connect(self.serverAddr) - - def sendData(self, data): - self.sock.sendall(data) - - def __del__(self): - self.sock.close() - + cleaningPath = '/home/cyberpanel/purgeCache' @staticmethod def handleCachePurgeRequest(command): try: - serverAddr = ('localhost', 1089) - cachePurger = cacheClient(serverAddr) - cachePurger.sendData(command) + mailUtilities.checkHome() + + writeToFile = open(cacheClient.cleaningPath, 'w') + writeToFile.write(command) + writeToFile.close() + except BaseException, msg: logging.writeToFile(str(msg)) diff --git a/postfixSenderPolicy/policyCTRL.py b/postfixSenderPolicy/policyCTRL.py index d80a9fda1..e778adcb2 100755 --- a/postfixSenderPolicy/policyCTRL.py +++ b/postfixSenderPolicy/policyCTRL.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python2.7 +#!/usr/local/CyberCP/bin/python2 import subprocess, signal import shlex import argparse @@ -10,6 +10,7 @@ from plogical.CyberCPLogFileWriter import CyberCPLogFileWriter as logging class policyCTRL: applicationPath = '/usr/local/CyberCP/postfixSenderPolicy/pid' + cleaningPID = '/usr/local/CyberCP/postfixSenderPolicy/cpid' def prepareArguments(self): @@ -27,12 +28,24 @@ class policyCTRL: subprocess.Popen(shlex.split(command)) def stop(self): + path = policyCTRL.applicationPath - pid = open(path, "r").readlines()[0] - try: - os.kill(int(pid), signal.SIGTERM) - except BaseException, msg: - logging.writeToFile(str(msg)) + if os.path.exists(path): + + pid = open(path, "r").readlines()[0] + try: + os.kill(int(pid), signal.SIGTERM) + except BaseException, msg: + logging.writeToFile(str(msg)) + + ## Cleaning PID + path = policyCTRL.cleaningPID + if os.path.exists(path): + pid = open(path, "r").readlines()[0] + try: + os.kill(int(pid), signal.SIGTERM) + except BaseException, msg: + logging.writeToFile(str(msg)) diff --git a/postfixSenderPolicy/startServer.py b/postfixSenderPolicy/startServer.py index ed4156ef9..ca5eac8c2 100755 --- a/postfixSenderPolicy/startServer.py +++ b/postfixSenderPolicy/startServer.py @@ -1,10 +1,11 @@ -#!/usr/bin/env python2.7 +#!/usr/local/CyberCP/bin/python2 import os,sys sys.path.append('/usr/local/CyberCP') import django os.environ.setdefault("DJANGO_SETTINGS_MODULE", "CyberCP.settings") django.setup() import socket + import os import accept_traffic as handle from plogical.CyberCPLogFileWriter import CyberCPLogFileWriter as logging @@ -13,8 +14,11 @@ from cacheManager import cacheManager class SetupConn: + cleaningPath = '/home/cyberpanel/purgeCache' server_address = ('localhost', 1089) + cleaning_server = ('localhost', 1090) applicationPath = '/usr/local/CyberCP/postfixSenderPolicy/pid' + cleaningServerPID = '/usr/local/CyberCP/postfixSenderPolicy/cpid' def __init__(self, serv_addr): @@ -22,32 +26,40 @@ class SetupConn: self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) def setup_conn(self): - logging.writeToFile('Starting CyberPanel Email Policy Server!') - self.sock.bind(SetupConn.server_address) + self.sock.bind(self.server_addr) logging.writeToFile('CyberPanel Email Policy Server Successfully started!') def start_listening(self): - self.sock.listen(1) + self.sock.listen(5) while True: # Wait for a connection - logging.writeToFile('Waiting For Connection!') + if os.path.exists(SetupConn.cleaningPath): + readFromFile = open(SetupConn.cleaningPath, 'r') + command = readFromFile.read() + cacheManager.handlePurgeRequest(command) + readFromFile.close() + os.remove(SetupConn.cleaningPath) + connection, client_address = self.sock.accept() background = handle.HandleRequest(connection) background.start() + + def __del__(self): self.sock.close() logging.writeToFile('Closing open connections!') - def Main(): - writeToFile = open(SetupConn.applicationPath, 'w') - writeToFile.write(str(os.getpid())) - writeToFile.close() for sig in (SIGABRT, SIGINT, SIGTERM): signal(sig, cacheManager.cleanUP) + ### + + writeToFile = open(SetupConn.applicationPath, 'w') + writeToFile.write(str(os.getpid())) + writeToFile.close() listenConn = SetupConn(SetupConn.server_address) listenConn.setup_conn() diff --git a/serverLogs/views.py b/serverLogs/views.py index 046f47562..4258e3528 100644 --- a/serverLogs/views.py +++ b/serverLogs/views.py @@ -17,6 +17,9 @@ from plogical.virtualHostUtilities import virtualHostUtilities def logsHome(request): try: val = request.session['userID'] + admin = Administrator.objects.get(pk=val) + if admin.type == 3: + return HttpResponse("You don't have enough privileges to access this page.") except KeyError: return redirect(loadLoginPage) @@ -29,10 +32,8 @@ def accessLogs(request): val = request.session['userID'] admin = Administrator.objects.get(pk=val) - if admin.type == 3: - return HttpResponse("You don't have enough priviliges to access this page.") - + return HttpResponse("You don't have enough privileges to access this page.") return render(request,'serverLogs/accessLogs.html') @@ -48,7 +49,7 @@ def errorLogs(request): admin = Administrator.objects.get(pk=val) if admin.type == 3: - return HttpResponse("You don't have enough priviliges to access this page.") + return HttpResponse("You don't have enough privileges to access this page.") return render(request,'serverLogs/errorLogs.html') @@ -64,7 +65,7 @@ def ftplogs(request): admin = Administrator.objects.get(pk=val) if admin.type == 3: - return HttpResponse("You don't have enough priviliges to access this page.") + return HttpResponse("You don't have enough privileges to access this page.") return render(request,'serverLogs/ftplogs.html') @@ -80,7 +81,7 @@ def emailLogs(request): admin = Administrator.objects.get(pk=val) if admin.type == 3: - return HttpResponse("You don't have enough priviliges to access this page.") + return HttpResponse("You don't have enough privileges to access this page.") return render(request,'serverLogs/emailLogs.html') @@ -96,7 +97,7 @@ def modSecAuditLogs(request): admin = Administrator.objects.get(pk=val) if admin.type == 3: - return HttpResponse("You don't have enough priviliges to access this page.") + return HttpResponse("You don't have enough privileges to access this page.") return render(request,'serverLogs/modSecAuditLog.html') @@ -110,30 +111,36 @@ def getLogsFromFile(request): try: val = request.session['userID'] - data = json.loads(request.body) - type = data['type'] + admin = Administrator.objects.get(id=val) - if type=="access": - fileName = installUtilities.Server_root_path+"/logs/access.log" - elif type=="error": - fileName = installUtilities.Server_root_path + "/logs/error.log" - elif type=="email": - fileName="/var/log/maillog" - elif type=="ftp": - fileName="/var/log/messages" - elif type == "modSec": - fileName = "/usr/local/lsws/logs/auditmodsec.log" + if admin.type == 1: + data = json.loads(request.body) + type = data['type'] + + if type=="access": + fileName = installUtilities.Server_root_path+"/logs/access.log" + elif type=="error": + fileName = installUtilities.Server_root_path + "/logs/error.log" + elif type=="email": + fileName="/var/log/maillog" + elif type=="ftp": + fileName="/var/log/messages" + elif type == "modSec": + fileName = "/usr/local/lsws/logs/auditmodsec.log" - command = "sudo tail -50 " + fileName + command = "sudo tail -50 " + fileName - fewLinesOfLogFile = subprocess.check_output(shlex.split(command)) + fewLinesOfLogFile = subprocess.check_output(shlex.split(command)) - status = {"logstatus":1,"logsdata":fewLinesOfLogFile} - - final_json = json.dumps(status) - return HttpResponse(final_json) + status = {"logstatus":1,"logsdata":fewLinesOfLogFile} + final_json = json.dumps(status) + return HttpResponse(final_json) + else: + status = {"logstatus": 0, 'error': "You don't have enough privileges to access this page."} + final_json = json.dumps(status) + return HttpResponse(final_json) except KeyError, msg: @@ -144,27 +151,33 @@ def getLogsFromFile(request): def clearLogFile(request): try: val = request.session['userID'] + admin = Administrator.objects.get(pk=val) try: - if request.method == 'POST': + if admin.type == 1: + if request.method == 'POST': - data = json.loads(request.body) + data = json.loads(request.body) - fileName = data['fileName'] + fileName = data['fileName'] - execPath = "sudo python " + virtualHostUtilities.cyberPanel + "/plogical/serverLogs.py" + execPath = "sudo python " + virtualHostUtilities.cyberPanel + "/plogical/serverLogs.py" - execPath = execPath + " cleanLogFile --fileName " + fileName + execPath = execPath + " cleanLogFile --fileName " + fileName - output = subprocess.check_output(shlex.split(execPath)) + output = subprocess.check_output(shlex.split(execPath)) - if output.find("1,None") > -1: - data_ret = {'cleanStatus': 1, 'error_message': "None"} - json_data = json.dumps(data_ret) - return HttpResponse(json_data) - else: - data_ret = {'cleanStatus': 0, 'error_message': output} - json_data = json.dumps(data_ret) - return HttpResponse(json_data) + if output.find("1,None") > -1: + data_ret = {'cleanStatus': 1, 'error_message': "None"} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) + else: + data_ret = {'cleanStatus': 0, 'error_message': output} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) + else: + data_ret = {'cleanStatus': 0, 'error_message': 'Not enough privileges.'} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) except BaseException,msg: data_ret = {'cleanStatus': 0, 'error_message': str(msg)} diff --git a/serverStatus/views.py b/serverStatus/views.py index fdc92b164..d387d26e0 100644 --- a/serverStatus/views.py +++ b/serverStatus/views.py @@ -57,9 +57,6 @@ def litespeedStatus(request): else: loadedModules.append(items) - - - except subprocess.CalledProcessError,msg: logging.CyberCPLogFileWriter.writeToFile(str(msg) + "[litespeedStatus]") return render(request,"serverStatus/litespeedStatus.html",{"processList":processList,"liteSpeedVersionStatus":"For some reaons not able to load version details, see CyberCP main log file."}) @@ -121,7 +118,7 @@ def cyberCPMainLogFile(request): admin = Administrator.objects.get(pk=val) if admin.type == 3: - return HttpResponse("You don't have enough priviliges to access this page.") + return HttpResponse("You don't have enough privileges to access this page.") return render(request,'serverStatus/cybercpmainlogfile.html') @@ -131,23 +128,23 @@ def cyberCPMainLogFile(request): return redirect(loadLoginPage) - - def getFurtherDataFromLogFile(request): try: val = request.session['userID'] + admin = Administrator.objects.get(pk=val) - fewLinesOfLogFile = logging.CyberCPLogFileWriter.readLastNFiles(50,logging.CyberCPLogFileWriter.fileName) - - fewLinesOfLogFile = str(fewLinesOfLogFile) - - - status = {"logstatus":1,"logsdata":fewLinesOfLogFile} - - final_json = json.dumps(status) - return HttpResponse(final_json) + if admin.type == 1: + fewLinesOfLogFile = logging.CyberCPLogFileWriter.readLastNFiles(50,logging.CyberCPLogFileWriter.fileName) + fewLinesOfLogFile = str(fewLinesOfLogFile) + status = {"logstatus": 1, "logsdata": fewLinesOfLogFile} + final_json = json.dumps(status) + return HttpResponse(final_json) + else: + status = {"logstatus": 0,'error':"You don't have enough privilege to view logs."} + final_json = json.dumps(status) + return HttpResponse(final_json) except KeyError, msg: status = {"logstatus":0,"error":"Could not fetch data from log file, please see CyberCP main log file through command line."} @@ -268,7 +265,7 @@ def servicesAction(request): admin = Administrator.objects.get(pk=val) if admin.type == 3: - final = {'serviceAction': 0, "error_message": "Not enough privilege"} + final = {'serviceAction': 0, "error_message": "Not enough privileges."} final_json = json.dumps(final) return HttpResponse(final_json) diff --git a/tuning/views.py b/tuning/views.py index 2d6786850..521372b70 100644 --- a/tuning/views.py +++ b/tuning/views.py @@ -18,11 +18,9 @@ import shlex def loadTuningHome(request): try: userID = request.session['userID'] - admin = Administrator.objects.get(pk=userID) - if admin.type == 3: - return HttpResponse("You don't have enough priviliges to access this page.") + return HttpResponse("You don't have enough privileges to access this page.") return render(request,'tuning/index.html',{}) except KeyError: return redirect(loadLoginPage) @@ -35,7 +33,7 @@ def liteSpeedTuning(request): admin = Administrator.objects.get(pk=userID) if admin.type == 3: - return HttpResponse("You don't have enough priviliges to access this page.") + return HttpResponse("You don't have enough privileges to access this page.") return render(request,'tuning/liteSpeedTuning.html',{}) except KeyError: return redirect(loadLoginPage) @@ -48,7 +46,7 @@ def phpTuning(request): admin = Administrator.objects.get(pk=userID) if admin.type == 3: - return HttpResponse("You don't have enough priviliges to access this page.") + return HttpResponse("You don't have enough privileges to access this page.") admin = Administrator.objects.get(pk=request.session['userID']) @@ -68,80 +66,82 @@ def phpTuning(request): return redirect(loadLoginPage) - def tuneLitespeed(request): try: val = request.session['userID'] - try: + admin = Administrator.objects.get(pk=val) - if request.method == 'POST': - data = json.loads(request.body) - status = data['status'] + if admin.type == 1: + if request.method == 'POST': + data = json.loads(request.body) + status = data['status'] - if status=="fetch": - json_data = json.dumps(tuning.fetchTuningDetails()) + if status=="fetch": - data_ret = {'fetch_status': 1, 'error_message': "None","tuning_data":json_data,'tuneStatus': 0} + json_data = json.dumps(tuning.fetchTuningDetails()) - final_json = json.dumps(data_ret) - return HttpResponse(final_json) + data_ret = {'fetch_status': 1, 'error_message': "None","tuning_data":json_data,'tuneStatus': 0} - else: - if not data['maxConn']: - data_ret = {'fetch_status': 1, 'error_message': "Provide Max Connections", 'tuneStatus': 0} final_json = json.dumps(data_ret) return HttpResponse(final_json) - if not data['maxSSLConn']: - data_ret = {'fetch_status': 1, 'error_message': "Provide Max SSL Connections", 'tuneStatus': 0} - final_json = json.dumps(data_ret) - return HttpResponse(final_json) - - if not data['keepAlive']: - data_ret = {'fetch_status': 1, 'error_message': "Provide Keep Alive", 'tuneStatus': 0} - final_json = json.dumps(data_ret) - return HttpResponse(final_json) - - if not data['inMemCache']: - data_ret = {'fetch_status': 1, 'error_message': "Provide Cache Size in memory", 'tuneStatus': 0} - final_json = json.dumps(data_ret) - return HttpResponse(final_json) - - - if not data['gzipCompression']: - data_ret = {'fetch_status': 1, 'error_message': "Provide Enable GZIP Compression", 'tuneStatus': 0} - final_json = json.dumps(data_ret) - return HttpResponse(final_json) - - - maxConn = data['maxConn'] - maxSSLConn = data['maxSSLConn'] - connTime = data['connTime'] - keepAlive = data['keepAlive'] - inMemCache = data['inMemCache'] - gzipCompression = data['gzipCompression'] - - execPath = "sudo python " + virtualHostUtilities.cyberPanel + "/plogical/tuning.py" - - execPath = execPath + " saveTuningDetails --maxConn " + maxConn + " --maxSSLConn " + maxSSLConn + " --connTime " + connTime + " --keepAlive " + keepAlive + " --inMemCache '" + inMemCache + "' --gzipCompression " + gzipCompression - - - - output = subprocess.check_output(shlex.split(execPath)) - - if output.find("1,None") > -1: - data_ret = {'fetch_status': 1, 'error_message': "None", 'tuneStatus': 1} - final_json = json.dumps(data_ret) - return HttpResponse(final_json) else: - data_ret = {'fetch_status': 1, 'error_message': "None", 'tuneStatus': 0} - final_json = json.dumps(data_ret) - return HttpResponse(final_json) + if not data['maxConn']: + data_ret = {'fetch_status': 1, 'error_message': "Provide Max Connections", 'tuneStatus': 0} + final_json = json.dumps(data_ret) + return HttpResponse(final_json) + + if not data['maxSSLConn']: + data_ret = {'fetch_status': 1, 'error_message': "Provide Max SSL Connections", 'tuneStatus': 0} + final_json = json.dumps(data_ret) + return HttpResponse(final_json) + + if not data['keepAlive']: + data_ret = {'fetch_status': 1, 'error_message': "Provide Keep Alive", 'tuneStatus': 0} + final_json = json.dumps(data_ret) + return HttpResponse(final_json) + + if not data['inMemCache']: + data_ret = {'fetch_status': 1, 'error_message': "Provide Cache Size in memory", 'tuneStatus': 0} + final_json = json.dumps(data_ret) + return HttpResponse(final_json) + if not data['gzipCompression']: + data_ret = {'fetch_status': 1, 'error_message': "Provide Enable GZIP Compression", 'tuneStatus': 0} + final_json = json.dumps(data_ret) + return HttpResponse(final_json) + + + maxConn = data['maxConn'] + maxSSLConn = data['maxSSLConn'] + connTime = data['connTime'] + keepAlive = data['keepAlive'] + inMemCache = data['inMemCache'] + gzipCompression = data['gzipCompression'] + + execPath = "sudo python " + virtualHostUtilities.cyberPanel + "/plogical/tuning.py" + + execPath = execPath + " saveTuningDetails --maxConn " + maxConn + " --maxSSLConn " + maxSSLConn + " --connTime " + connTime + " --keepAlive " + keepAlive + " --inMemCache '" + inMemCache + "' --gzipCompression " + gzipCompression + + output = subprocess.check_output(shlex.split(execPath)) + + if output.find("1,None") > -1: + data_ret = {'fetch_status': 1, 'error_message': "None", 'tuneStatus': 1} + final_json = json.dumps(data_ret) + return HttpResponse(final_json) + else: + data_ret = {'fetch_status': 1, 'error_message': "None", 'tuneStatus': 0} + final_json = json.dumps(data_ret) + return HttpResponse(final_json) + + else: + data_ret = {'fetch_status': 0, 'error_message': "You don't have enough privileges.", 'tuneStatus': 0} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) except BaseException,msg: data_ret = {'fetch_status': 0, 'error_message': str(msg), 'tuneStatus': 0} @@ -149,7 +149,7 @@ def tuneLitespeed(request): return HttpResponse(json_data) except KeyError: - data_ret = {'tuneStatus': 0, 'error_message': "not logged in as admin",'fetch_status': 0} + data_ret = {'fetch_status': 0, 'error_message': "not logged in as admin",'fetch_status': 0} json_data = json.dumps(data_ret) return HttpResponse(json_data) @@ -157,52 +157,55 @@ def tuneLitespeed(request): def tunePHP(request): try: val = request.session['userID'] - try: + admin = Administrator.objects.get(pk=val) + if admin.type == 1: + if request.method == 'POST': + data = json.loads(request.body) + status = data['status'] + domainSelection = str(data['domainSelection']) - if request.method == 'POST': - data = json.loads(request.body) - status = data['status'] - domainSelection = str(data['domainSelection']) + if status=="fetch": - if status=="fetch": + json_data = json.dumps(tuning.fetchPHPDetails(domainSelection)) + data_ret = {'fetch_status': 1, 'error_message': "None","tuning_data":json_data,'tuneStatus': 0} - - json_data = json.dumps(tuning.fetchPHPDetails(domainSelection)) - - data_ret = {'fetch_status': 1, 'error_message': "None","tuning_data":json_data,'tuneStatus': 0} - - final_json = json.dumps(data_ret) - - return HttpResponse(final_json) - - else: - initTimeout = str(data['initTimeout']) - maxConns = str(data['maxConns']) - memSoftLimit = data['memSoftLimit'] - memHardLimit = data['memHardLimit'] - procSoftLimit = str(data['procSoftLimit']) - procHardLimit = str(data['procHardLimit']) - persistConn = data['persistConn'] - - execPath = "sudo python " + virtualHostUtilities.cyberPanel + "/plogical/tuning.py" - - execPath = execPath + " tunePHP --virtualHost " + domainSelection +" --initTimeout " + initTimeout + " --maxConns " + maxConns + " --memSoftLimit " + memSoftLimit + " --memHardLimit '" + memHardLimit + "' --procSoftLimit " + procSoftLimit + " --procHardLimit " + procHardLimit + " --persistConn " + persistConn - - - - output = subprocess.check_output(shlex.split(execPath)) - - if output.find("1,None") > -1: - data_ret = {'tuneStatus': 1,'fetch_status': 0, 'error_message': "None"} final_json = json.dumps(data_ret) + return HttpResponse(final_json) + else: - data_ret = {'fetch_status': 0, 'error_message': output, 'tuneStatus': 0} - logging.CyberCPLogFileWriter.writeToFile(output + " [tunePHP]]") - json_data = json.dumps(data_ret) - return HttpResponse(json_data) + initTimeout = str(data['initTimeout']) + maxConns = str(data['maxConns']) + memSoftLimit = data['memSoftLimit'] + memHardLimit = data['memHardLimit'] + procSoftLimit = str(data['procSoftLimit']) + procHardLimit = str(data['procHardLimit']) + persistConn = data['persistConn'] + + execPath = "sudo python " + virtualHostUtilities.cyberPanel + "/plogical/tuning.py" + + execPath = execPath + " tunePHP --virtualHost " + domainSelection +" --initTimeout " + initTimeout + " --maxConns " + maxConns + " --memSoftLimit " + memSoftLimit + " --memHardLimit '" + memHardLimit + "' --procSoftLimit " + procSoftLimit + " --procHardLimit " + procHardLimit + " --persistConn " + persistConn + + + + output = subprocess.check_output(shlex.split(execPath)) + + if output.find("1,None") > -1: + data_ret = {'tuneStatus': 1,'fetch_status': 0, 'error_message': "None"} + final_json = json.dumps(data_ret) + return HttpResponse(final_json) + else: + data_ret = {'fetch_status': 0, 'error_message': output, 'tuneStatus': 0} + logging.CyberCPLogFileWriter.writeToFile(output + " [tunePHP]]") + json_data = json.dumps(data_ret) + return HttpResponse(json_data) + else: + data_ret = {'fetch_status': 0, 'error_message': "You don't have enough privileges.", 'tuneStatus': 0} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) + except BaseException,msg: diff --git a/userManagment/templates/userManagment/modifyUser.html b/userManagment/templates/userManagment/modifyUser.html index dfa8999b8..5e04891c7 100644 --- a/userManagment/templates/userManagment/modifyUser.html +++ b/userManagment/templates/userManagment/modifyUser.html @@ -65,11 +65,24 @@ {% if adminType == 1 %} -
+
+ +
+ +
+
{% trans "Currently:" %} {$ currentAccountType $}
+
+ + {% else %} + +
diff --git a/userManagment/views.py b/userManagment/views.py index 0f2fb73d2..9123a2882 100644 --- a/userManagment/views.py +++ b/userManagment/views.py @@ -50,9 +50,6 @@ def viewProfile(request): else: AdminData['type'] = "User" - - - return render(request, 'userManagment/userProfile.html',AdminData) except KeyError: return redirect(loadLoginPage) @@ -65,7 +62,7 @@ def createUser(request): admin = Administrator.objects.get(pk=userID) if admin.type == 3: - return HttpResponse("You don't have enough priviliges to access this page.") + return HttpResponse("You don't have enough privileges to access this page.") try: adminType = admin.type @@ -80,7 +77,6 @@ def createUser(request): return redirect(loadLoginPage) - def submitUserCreation(request): try: val = request.session['userID'] @@ -196,29 +192,26 @@ def modifyUsers(request): userID = request.session['userID'] admin = Administrator.objects.get(pk=userID) - - if admin.type == 3: - return HttpResponse("You don't have enough priviliges to access this page.") + adminNames = [] if admin.type == 1: admins = Administrator.objects.all() - adminNames = [] adminType = 1 for items in admins: adminNames.append(items.userName) - else: + elif admin.type == 2: admins = Administrator.objects.filter(owner=admin.pk) - adminNames = [] adminType = 2 for items in admins: adminNames.append(items.userName) + else: + adminType = 3 + adminNames.append(admin.userName) return render(request, 'userManagment/modifyUser.html',{"acctNames":adminNames,"adminType":adminType}) except KeyError: return redirect(loadLoginPage) - - def fetchUserDetails(request): try: val = request.session['userID'] @@ -271,7 +264,6 @@ def fetchUserDetails(request): return HttpResponse(json_data) - def saveModifications(request): try: val = request.session['userID'] @@ -284,11 +276,18 @@ def saveModifications(request): lastName = data['lastName'] email = data['email'] - + admin = Administrator.objects.get(pk=val) user = Administrator.objects.get(userName=accountUsername) password = hashPassword.hash_password(data['password']) + if admin.type != 1: + if admin != user: + data_ret = {'saveStatus': 1, 'error_message': 'Not enough privileges'} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) + + if user.type == 1: userAccountsLimit = 0 websitesLimit = 0 @@ -371,7 +370,7 @@ def deleteUser(request): admin = Administrator.objects.get(pk=userID) if admin.type == 3: - return HttpResponse("You don't have enough priviliges to access this page.") + return HttpResponse("You don't have enough privileges to access this page.") if admin.type == 1: admins = Administrator.objects.all() @@ -398,13 +397,19 @@ def submitUserDeletion(request): data = json.loads(request.body) accountUsername = data['accountUsername'] + admin = Administrator.objects.get(pk=val) - user = Administrator.objects.get(userName=accountUsername) - user.delete() + if admin.type == 1: + user = Administrator.objects.get(userName=accountUsername) + user.delete() - data_ret = {'deleteStatus': 1, 'error_message': 'None'} - json_data = json.dumps(data_ret) - return HttpResponse(json_data) + data_ret = {'deleteStatus': 1, 'error_message': 'None'} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) + else: + data_ret = {'deleteStatus': 1, 'error_message': 'Not enough privileges'} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) diff --git a/websiteFunctions/views.py b/websiteFunctions/views.py index 4da7fff69..c4577bf8e 100644 --- a/websiteFunctions/views.py +++ b/websiteFunctions/views.py @@ -31,9 +31,7 @@ from plogical.mailUtilities import mailUtilities def loadWebsitesHome(request): try: val = request.session['userID'] - admin = Administrator.objects.get(pk=val) - return render(request,'websiteFunctions/index.html',{"type":admin.type}) except KeyError: return redirect(loadLoginPage) @@ -42,35 +40,38 @@ def createWebsite(request): try: val = request.session['userID'] try: - admin = Administrator.objects.get(pk=request.session['userID']) - packages = admin.package_set.all() - packagesName = [] + admin = Administrator.objects.get(pk=val) if admin.type == 3: - final = {'error': 1, "error_message": "Not enough privilege"} - final_json = json.dumps(final) - return HttpResponse(final_json) + return HttpResponse("Not enough privileges.") - - for items in packages: - packagesName.append(items.packageName) + packagesName = [] + adminNames = [] if admin.type == 1: admins = Administrator.objects.all() - adminNames = [] + for items in admins: adminNames.append(items.userName) + + packages = Package.objects.all() + + for items in packages: + packagesName.append(items.packageName) else: admins = Administrator.objects.filter(owner=admin.pk) - adminNames = [] adminNames.append(admin.userName) + for items in admins: adminNames.append(items.userName) + packages = admin.package_set.all() + + for items in packages: + packagesName.append(items.packageName) + Data = {'packageList': packagesName,"owernList":adminNames} - - return render(request, 'websiteFunctions/createWebsite.html', Data) except BaseException, msg: logging.CyberCPLogFileWriter.writeToFile(str(msg)) @@ -83,10 +84,10 @@ def modifyWebsite(request): try: val = request.session['userID'] try: - admin = Administrator.objects.get(pk=request.session['userID']) + admin = Administrator.objects.get(pk=val) if admin.type == 3: - final = {'error': 1, "error_message": "Not enough privilege"} + final = {'error': 1, "error_message": "Not enough privileges."} final_json = json.dumps(final) return HttpResponse(final_json) @@ -128,12 +129,10 @@ def deleteWebsite(request): try: val = request.session['userID'] try: - admin = Administrator.objects.get(pk=request.session['userID']) + admin = Administrator.objects.get(pk=val) if admin.type == 3: - final = {'error': 1, "error_message": "Not enough privilege"} - final_json = json.dumps(final) - return HttpResponse(final_json) + return HttpResponse('Not enough privileges.') if admin.type == 1: websites = Websites.objects.all() @@ -173,7 +172,10 @@ def siteState(request): try: val = request.session['userID'] try: - admin = Administrator.objects.get(pk=request.session['userID']) + admin = Administrator.objects.get(pk=val) + + if admin.type == 3: + return HttpResponse('Not enough privileges.') if admin.type == 1: websites = Websites.objects.all() @@ -211,7 +213,8 @@ def siteState(request): def submitWebsiteCreation(request): try: - + val = request.session['userID'] + admin = Administrator.objects.get(pk=val) if request.method == 'POST': data = json.loads(request.body) @@ -226,11 +229,7 @@ def submitWebsiteCreation(request): ####### Limitations check - admin = Administrator.objects.get(userName=websiteOwner) - - if admin.type == 1: - pass - else: + if admin.type != 1: data_ret = {"existsStatus": 0, 'createWebSiteStatus': 0, 'error_message': "Only administrators are allowed to create websites."} json_data = json.dumps(data_ret) @@ -301,6 +300,9 @@ def submitDomainCreation(request): val = request.session['userID'] admin = Administrator.objects.get(pk=val) + if admin.type != 1: + data['openBasedir'] = 1 + execPath = "sudo python " + virtualHostUtilities.cyberPanel + "/plogical/virtualHostUtilities.py" execPath = execPath + " createDomain --masterDomain " + masterDomain + " --virtualHostName " + domain + \ @@ -331,12 +333,17 @@ def fetchDomains(request): try: if request.method == 'POST': - data = json.loads(request.body) masterDomain = data['masterDomain'] + admin = Administrator.objects.get(pk=val) master = Websites.objects.get(domain=masterDomain) + if admin.type != 1: + if master.admin != admin: + final_json = json.dumps({'fetchStatus': 0, 'error_message': "You do not own this website."}) + return HttpResponse(final_json) + childDomains = master.childdomains_set.all() json_data = "[" @@ -344,10 +351,10 @@ def fetchDomains(request): for items in childDomains: dic = { - 'childDomain': items.domain, - 'path': items.path, - 'childLunch': '/websites/' + masterDomain + '/' + items.domain - } + 'childDomain': items.domain, + 'path': items.path, + 'childLunch': '/websites/' + masterDomain + '/' + items.domain + } if checker == 0: json_data = json_data + json.dumps(dic) @@ -355,9 +362,8 @@ def fetchDomains(request): else: json_data = json_data + ',' + json.dumps(dic) - json_data = json_data + ']' - final_json = json.dumps({'fetchStatus': 1, 'error_message': "None","data":json_data}) + final_json = json.dumps({'fetchStatus': 1, 'error_message': "None", "data": json_data}) return HttpResponse(final_json) except BaseException,msg: @@ -373,11 +379,9 @@ def fetchDomains(request): def listWebsites(request): try: val = request.session['userID'] - try: - admin = Administrator.objects.get(pk=request.session['userID']) - + admin = Administrator.objects.get(pk=val) if admin.type == 1: websites = Websites.objects.all() else: @@ -410,10 +414,9 @@ def listWebsites(request): def getFurtherAccounts(request): try: val = request.session['userID'] - try: - admin = Administrator.objects.get(pk=request.session['userID']) + admin = Administrator.objects.get(pk=val) if request.method == 'POST': try: @@ -484,21 +487,29 @@ def submitWebsiteDeletion(request): data = json.loads(request.body) websiteName = data['websiteName'] - numberOfWebsites = str(Websites.objects.count()+ChildDomains.objects.count()) + admin = Administrator.objects.get(pk=val) - ## Deleting master domain + if admin.type == 1: - execPath = "sudo python " + virtualHostUtilities.cyberPanel + "/plogical/virtualHostUtilities.py" + numberOfWebsites = str(Websites.objects.count()+ChildDomains.objects.count()) - execPath = execPath + " deleteVirtualHostConfigurations --virtualHostName " + websiteName + \ - " --numberOfSites " + numberOfWebsites + ## Deleting master domain - subprocess.check_output(shlex.split(execPath)) + execPath = "sudo python " + virtualHostUtilities.cyberPanel + "/plogical/virtualHostUtilities.py" + + execPath = execPath + " deleteVirtualHostConfigurations --virtualHostName " + websiteName + \ + " --numberOfSites " + numberOfWebsites + + subprocess.check_output(shlex.split(execPath)) - data_ret = {'websiteDeleteStatus': 1,'error_message': "None"} - json_data = json.dumps(data_ret) - return HttpResponse(json_data) + data_ret = {'websiteDeleteStatus': 1,'error_message': "None"} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) + else: + data_ret = {'websiteDeleteStatus': 0, 'error_message': "Only administrators can delete websites."} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) except BaseException,msg: @@ -519,15 +530,23 @@ def submitDomainDeletion(request): data = json.loads(request.body) websiteName = data['websiteName'] - execPath = "sudo python " + virtualHostUtilities.cyberPanel + "/plogical/virtualHostUtilities.py" + childDomain = ChildDomains.objects.get(domain=websiteName) + admin = Administrator.objects.get(pk=val) - execPath = execPath + " deleteDomain --virtualHostName " + websiteName + if childDomain.master.admin == admin: + execPath = "sudo python " + virtualHostUtilities.cyberPanel + "/plogical/virtualHostUtilities.py" - subprocess.check_output(shlex.split(execPath)) + execPath = execPath + " deleteDomain --virtualHostName " + websiteName - data_ret = {'websiteDeleteStatus': 1,'error_message': "None"} - json_data = json.dumps(data_ret) - return HttpResponse(json_data) + subprocess.check_output(shlex.split(execPath)) + + data_ret = {'websiteDeleteStatus': 1,'error_message': "None"} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) + else: + data_ret = {'websiteDeleteStatus': 0, 'error_message': "You can not delete this child domain, as master domain is not owned by logged in user."} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) except BaseException,msg: data_ret = {'websiteDeleteStatus': 0, 'error_message': str(msg)} @@ -548,33 +567,38 @@ def submitWebsiteStatus(request): state = data['state'] website = Websites.objects.get(domain=websiteName) + admin = Administrator.objects.get(pk=val) + if admin.type == 1: + if state == "Suspend": + confPath = virtualHostUtilities.Server_root + "/conf/vhosts/" + websiteName + command = "sudo mv " + confPath + " " + confPath + "-suspended" + subprocess.call(shlex.split(command)) + installUtilities.reStartLiteSpeed() + website.state = 0 + else: + confPath = virtualHostUtilities.Server_root + "/conf/vhosts/" + websiteName + + command = "sudo mv " + confPath + "-suspended" + " " + confPath + subprocess.call(shlex.split(command)) + + command = "chown -R " + "lsadm" + ":" + "lsadm" + " " + confPath + cmd = shlex.split(command) + subprocess.call(cmd) + + installUtilities.reStartLiteSpeed() + website.state = 1 + + website.save() + + data_ret = {'websiteStatus': 1,'error_message': "None"} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) - if state == "Suspend": - confPath = virtualHostUtilities.Server_root + "/conf/vhosts/" + websiteName - command = "sudo mv " + confPath + " " + confPath + "-suspended" - subprocess.call(shlex.split(command)) - installUtilities.reStartLiteSpeed() - website.state = 0 else: - confPath = virtualHostUtilities.Server_root + "/conf/vhosts/" + websiteName - - command = "sudo mv " + confPath + "-suspended" + " " + confPath - subprocess.call(shlex.split(command)) - - command = "chown -R " + "lsadm" + ":" + "lsadm" + " " + confPath - cmd = shlex.split(command) - subprocess.call(cmd) - - installUtilities.reStartLiteSpeed() - website.state = 1 - - website.save() - - - data_ret = {'websiteStatus': 1,'error_message': "None"} - json_data = json.dumps(data_ret) - return HttpResponse(json_data) + data_ret = {'websiteStatus': 0, 'error_message': "Only administrators can suspend websites."} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) except BaseException,msg: @@ -594,18 +618,15 @@ def submitWebsiteModify(request): if request.method == 'POST': - admin = Administrator.objects.get(pk=request.session['userID']) + admin = Administrator.objects.get(pk=val) if admin.type == 1: packs = Package.objects.all() - else: - packs = Package.objects.filter(admin=admin) - - if admin.type == 1: admins = Administrator.objects.all() else: - admins = Administrator.objects.filter(owner=admin.pk) - + data_ret = {'modifyStatus': 0, 'error_message': "Only administrator can see modification data."} + final_json = json.dumps(data_ret) + return HttpResponse(final_json) ## Get packs name @@ -679,10 +700,18 @@ def saveWebsiteChanges(request): package = data['packForWeb'] email = data['email'] phpVersion = data['phpVersion'] - admin = data['admin'] + newUser = data['admin'] ## php changes + admin = Administrator.objects.get(pk=val) + + if admin.type!=1: + data_ret = {'saveStatus': 0, 'error_message': 'Only administrator can make changes to websites.'} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) + + confPath = virtualHostUtilities.Server_root + "/conf/vhosts/" + domain completePathToConfigFile = confPath + "/vhost.conf" @@ -701,7 +730,7 @@ def saveWebsiteChanges(request): ## php changes ends - newOwner = Administrator.objects.get(userName=admin) + newOwner = Administrator.objects.get(userName=newUser) modifyWeb = Websites.objects.get(domain=domain) webpack = Package.objects.get(packageName=package) @@ -728,13 +757,12 @@ def saveWebsiteChanges(request): json_data = json.dumps(data_ret) return HttpResponse(json_data) -def domain(request,domain): +def domain(request, domain): try: val = request.session['userID'] admin = Administrator.objects.get(pk=val) - if Websites.objects.filter(domain=domain).exists(): if admin.type == 1: website = Websites.objects.get(domain=domain) @@ -819,17 +847,15 @@ def domain(request,domain): {"error": 1, "domain": "You do not own this domain."}) else: - return render(request, 'websiteFunctions/website.html', {"error":1,"domain": "This domain does not exists"}) + return render(request, 'websiteFunctions/website.html', {"error":1,"domain": "This domain does not exists."}) except KeyError: return redirect(loadLoginPage) def launchChild(request,domain, childDomain): try: val = request.session['userID'] - admin = Administrator.objects.get(pk=val) - if ChildDomains.objects.filter(domain=childDomain).exists(): if admin.type == 1: website = Websites.objects.get(domain=domain) @@ -921,85 +947,104 @@ def launchChild(request,domain, childDomain): return redirect(loadLoginPage) def getDataFromLogFile(request): - data = json.loads(request.body) - logType = data['logType'] - virtualHost = data['virtualHost'] - page = data['page'] + try: + val = request.session['userID'] + data = json.loads(request.body) + logType = data['logType'] + virtualHost = data['virtualHost'] + page = data['page'] - if logType == 1: - fileName = "/home/" + virtualHost + "/logs/" + virtualHost + ".access_log" - else: - fileName = "/home/" + virtualHost + "/logs/" + virtualHost + ".error_log" + admin = Administrator.objects.get(pk=val) + website = Websites.objects.get(domain=virtualHost) - ## get Logs + if admin.type != 1: + if website.admin != admin: + final_json = json.dumps({'logstatus': 0, 'error_message': "You do not own this website."}) + return HttpResponse(final_json) + + if logType == 1: + fileName = "/home/" + virtualHost + "/logs/" + virtualHost + ".access_log" + else: + fileName = "/home/" + virtualHost + "/logs/" + virtualHost + ".error_log" + + ## get Logs + + execPath = "sudo python " + virtualHostUtilities.cyberPanel + "/plogical/virtualHostUtilities.py" + + execPath = execPath + " getAccessLogs --path " + fileName + " --page " + str(page) + + output = subprocess.check_output(shlex.split(execPath)) + + if output.find("1,None") > -1: + final_json = json.dumps( + {'logstatus': 0, 'error_message': "Not able to fetch logs, see CyberPanel main log file!"}) + return HttpResponse(final_json) + + ## get log ends here. - execPath = "sudo python " + virtualHostUtilities.cyberPanel + "/plogical/virtualHostUtilities.py" + data = output.split("\n") - execPath = execPath + " getAccessLogs --path " + fileName + " --page " + str(page) + json_data = "[" + checker = 0 + for items in reversed(data): + if len(items) > 10: + logData = items.split(" ") + domain = logData[0].strip('"') + ipAddress = logData[1] + time = (logData[4]).strip("[").strip("]") + resource = logData[7].strip('"') + size = logData[10].replace('"', '') + dic = {'domain': domain, + 'ipAddress': ipAddress, + 'time': time, + 'resource': resource, + 'size': size, + } - output = subprocess.check_output(shlex.split(execPath)) + if checker == 0: + json_data = json_data + json.dumps(dic) + checker = 1 + else: + json_data = json_data + ',' + json.dumps(dic) - if output.find("1,None") > -1: - final_json = json.dumps( - {'logstatus': 0, 'error_message': "Not able to fetch logs, see CyberPanel main log file!"}) + json_data = json_data + ']' + final_json = json.dumps({'logstatus': 1, 'error_message': "None", "data": json_data}) return HttpResponse(final_json) - ## get log ends here. + ## - - data = output.split("\n") - - json_data = "[" - checker = 0 - - for items in reversed(data): - if len(items) > 10: - logData = items.split(" ") - domain = logData[0].strip('"') - ipAddress = logData[1] - time = (logData[4]).strip("[").strip("]") - resource = logData[7].strip('"') - size = logData[10].replace('"', '') - - dic = {'domain': domain, - 'ipAddress': ipAddress, - 'time': time, - 'resource': resource, - 'size': size, - } - - if checker == 0: - json_data = json_data + json.dumps(dic) - checker = 1 - else: - json_data = json_data + ',' + json.dumps(dic) - - json_data = json_data + ']' - - - final_json = json.dumps({'logstatus': 1, 'error_message': "None", "data": json_data}) - return HttpResponse(final_json) + except KeyError,msg: + data_ret = {'logstatus': 0, 'error_message': str(msg)} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) def fetchErrorLogs(request): try: + val = request.session['userID'] + data = json.loads(request.body) virtualHost = data['virtualHost'] page = data['page'] + admin = Administrator.objects.get(pk=val) + website = Websites.objects.get(domain=virtualHost) + + if admin.type != 1: + if website.admin != admin: + final_json = json.dumps({'logstatus': 0, 'error_message': "You do not own this website."}) + return HttpResponse(final_json) + fileName = "/home/" + virtualHost + "/logs/" + virtualHost + ".error_log" ## get Logs - execPath = "sudo python " + virtualHostUtilities.cyberPanel + "/plogical/virtualHostUtilities.py" execPath = execPath + " getErrorLogs --path " + fileName + " --page " + str(page) - - output = subprocess.check_output(shlex.split(execPath)) if output.find("1,None") > -1: @@ -1042,13 +1087,31 @@ def installWordpress(request): json_data = json.dumps(data_ret) return HttpResponse(json_data) + admin = Administrator.objects.get(pk=val) + try: website = ChildDomains.objects.get(domain=domainName) externalApp = website.master.externalApp + + if admin.type != 1: + if website.master.admin != admin: + data_ret = {'installStatus': 0, + 'error_message': "You do not own this website!"} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) + except: website = Websites.objects.get(domain=domainName) externalApp = website.externalApp + if admin.type != 1: + if website.admin != admin: + data_ret = {'installStatus': 0, + 'error_message': "You do not own this website!"} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) + + ## DB Creation dbName = randomPassword.generate_pass() @@ -1151,13 +1214,29 @@ def installJoomla(request): json_data = json.dumps(data_ret) return HttpResponse(json_data) + admin = Administrator.objects.get(pk=val) + try: website = ChildDomains.objects.get(domain=domainName) externalApp = website.master.externalApp + + if admin.type != 1: + if website.master.admin != admin: + data_ret = {'installStatus': 0, + 'error_message': "You do not own this website!"} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) except: website = Websites.objects.get(domain=domainName) externalApp = website.externalApp + if admin.type != 1: + if website.admin != admin: + data_ret = {'installStatus': 0, + 'error_message': "You do not own this website!"} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) + ## DB Creation @@ -1245,11 +1324,26 @@ def getDataFromConfigFile(request): data = json.loads(request.body) virtualHost = data['virtualHost'] + admin = Administrator.objects.get(pk=val) + try: + if admin.type != 1: + childDom = ChildDomains.objects.get(domain=virtualHost) + if childDom.master.admin != admin: + data_ret = {'configstatus': 0, 'error_message': 'You do not own this website.'} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) + except: + if admin.type != 1: + website = Websites.objects.get(domain=virtualHost) + if website.admin != admin: + data_ret = {'configstatus': 0, 'error_message': 'You do not own this website.'} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) - filePath = installUtilities.Server_root_path + "/conf/vhosts/"+virtualHost+"/vhost.conf" + filePath = installUtilities.Server_root_path + "/conf/vhosts/" + virtualHost + "/vhost.conf" - configData = open(filePath,"r").read() + configData = open(filePath, "r").read() if len(configData) == 0: status = {"configstatus": 0, "error_message": "Configuration file is currently empty!"} @@ -1257,10 +1351,7 @@ def getDataFromConfigFile(request): final_json = json.dumps(status) return HttpResponse(final_json) - - - status = {"configstatus":1,"configData":configData} - + status = {"configstatus": 1, "configData": configData} final_json = json.dumps(status) return HttpResponse(final_json) @@ -1269,8 +1360,6 @@ def getDataFromConfigFile(request): json_data = json.dumps(data_ret) return HttpResponse(json_data) - - except KeyError, msg: status = {"configstatus":0,"error":"Could not fetch data from log file, please see CyberCP main log file through command line."} logging.CyberCPLogFileWriter.writeToFile(str(msg) + "[getDataFromConfigFile]") @@ -1285,6 +1374,13 @@ def saveConfigsToFile(request): data = json.loads(request.body) virtualHost = data['virtualHost'] + admin = Administrator.objects.get(pk=val) + + if admin.type != 1: + data_ret = {'configstatus': 0, 'error_message': 'Only Administrators can make changes to vhost conf.'} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) + ## writing data temporary to file mailUtilities.checkHome() @@ -1343,7 +1439,25 @@ def getRewriteRules(request): data = json.loads(request.body) virtualHost = data['virtualHost'] - filePath = "/home/"+virtualHost+"/public_html/.htaccess" + admin = Administrator.objects.get(pk=val) + + try: + childDom = ChildDomains.objects.get(domain=virtualHost) + if admin.type != 1: + if childDom.master.admin != admin: + data_ret = {'rewriteStatus': 0, 'error_message': 'You do not own this website.'} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) + filePath = childDom.path + '/.htaccess' + + except: + website = Websites.objects.get(domain=virtualHost) + if admin.type != 1: + if website.admin != admin: + data_ret = {'rewriteStatus': 0, 'error_message': 'You do not own this website.'} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) + filePath = "/home/" + virtualHost + "/public_html/.htaccess" try: rewriteRules = open(filePath,"r").read() @@ -1387,35 +1501,48 @@ def saveRewriteRules(request): ## writing data temporary to file mailUtilities.checkHome() - tempPath = "/home/cyberpanel/" + str(randint(1000, 9999)) - vhost = open(tempPath, "w") - vhost.write(data['rewriteRules']) - vhost.close() ## writing data temporary to file + admin = Administrator.objects.get(pk=val) + try: childDomain = ChildDomains.objects.get(domain=virtualHost) filePath = childDomain.path + '/.htaccess' + + if admin.type != 1: + if childDomain.master.admin != admin: + data_ret = {'rewriteStatus': 0, 'error_message': 'You do not own this website.'} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) + except: filePath = "/home/" + virtualHost + "/public_html/.htaccess" + if admin.type != 1: + website = Websites.objects.get(domain=virtualHost) + if website.admin != admin: + data_ret = {'rewriteStatus': 0, 'error_message': 'You do not own this website.'} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) + + ## save configuration data execPath = "sudo python " + virtualHostUtilities.cyberPanel + "/plogical/virtualHostUtilities.py" execPath = execPath + " saveRewriteRules --virtualHostName "+ virtualHost + " --path " + filePath + " --tempPath " + tempPath - - output = subprocess.check_output(shlex.split(execPath)) if output.find("1,None") > -1: - pass + status = {"rewriteStatus": 1, 'error_message': output} + final_json = json.dumps(status) + return HttpResponse(final_json) else: data_ret = {'rewriteStatus': 0, 'error_message': output} json_data = json.dumps(data_ret) @@ -1423,11 +1550,6 @@ def saveRewriteRules(request): ## save configuration data ends - status = {"rewriteStatus":1} - - final_json = json.dumps(status) - return HttpResponse(final_json) - except BaseException, msg: data_ret = {'rewriteStatus': 0, 'error_message': str(msg)} json_data = json.dumps(data_ret) @@ -1448,34 +1570,43 @@ def saveSSL(request): data = json.loads(request.body) domain = data['virtualHost'] + admin = Administrator.objects.get(pk=val) + + try: + website = ChildDomains.objects.get(domain=domain) + if admin.type != 1: + + if website.master.admin != admin: + data_ret = {'changePHP': 0, 'error_message': 'You do not own this website.'} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) + except: + website = Websites.objects.get(domain=domain) + if admin.type != 1: + if website.admin != admin: + data_ret = {'changePHP': 0, 'error_message': 'You do not own this website.'} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) + mailUtilities.checkHome() ## writing data temporary to file tempKeyPath = "/home/cyberpanel/" + str(randint(1000, 9999)) - vhost = open(tempKeyPath, "w") - vhost.write(data['key']) - vhost.close() tempCertPath = "/home/cyberpanel/" + str(randint(1000, 9999)) - vhost = open(tempCertPath, "w") - vhost.write(data['cert']) - vhost.close() ## writing data temporary to file pathToStoreSSL = virtualHostUtilities.Server_root + "/conf/vhosts/" + "SSL-" + domain - website = Websites.objects.get(domain=domain) - - if website.ssl == 0: ## save configuration data @@ -1507,8 +1638,6 @@ def saveSSL(request): execPath = execPath + " saveSSL --virtualHostName " + domain + " --path " + pathToStoreSSL + " --tempKeyPath " + tempKeyPath + " --tempCertPath " + tempCertPath + " --sslCheck 1" - - output = subprocess.check_output(shlex.split(execPath)) if output.find("1,None") > -1: @@ -1531,11 +1660,13 @@ def saveSSL(request): logging.CyberCPLogFileWriter.writeToFile(str(msg) + " [Can not create directory to stroe SSL [saveSSL]]") data_ret = {'sslStatus': 0, 'error_message': str(msg)} json_data = json.dumps(data_ret) + return HttpResponse(json_data) except KeyError,msg: logging.CyberCPLogFileWriter.writeToFile(str(msg) + " [Can not create directory to stroe SSL [saveSSL]]") data_ret = {'sslStatus': 0, 'error_message': str(msg)} json_data = json.dumps(data_ret) + return HttpResponse(json_data) def changePHP(request): try: @@ -1547,6 +1678,23 @@ def changePHP(request): childDomain = data['childDomain'] phpVersion = data['phpSelection'] + admin = Administrator.objects.get(pk=val) + + try: + if admin.type != 1: + childDom = ChildDomains.objects.get(domain=childDomain) + if childDom.master.admin != admin: + data_ret = {'changePHP': 0, 'error_message': 'You do not own this website.'} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) + except: + if admin.type != 1: + website = Websites.objects.get(domain=childDomain) + if website.admin != admin: + data_ret = {'changePHP': 0, 'error_message': 'You do not own this website.'} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) + confPath = virtualHostUtilities.Server_root + "/conf/vhosts/" + childDomain completePathToConfigFile = confPath + "/vhost.conf" @@ -2055,7 +2203,13 @@ def domainAlias(request,domain): try: val = request.session['userID'] try: - admin = Administrator.objects.get(pk=request.session['userID']) + + admin = Administrator.objects.get(pk=val) + + if admin.type != 1: + website = Websites.objects.get(domain=domain) + if website.admin != admin: + raise BaseException('You do not own this website.') confPath = os.path.join(virtualHostUtilities.Server_root, "conf/httpd_config.conf") @@ -2102,6 +2256,7 @@ def domainAlias(request,domain): def submitAliasCreation(request): try: + val = request.session['userID'] if request.method == 'POST': data = json.loads(request.body) @@ -2110,7 +2265,13 @@ def submitAliasCreation(request): aliasDomain = data['aliasDomain'] ssl = data['ssl'] - admin = Administrator.objects.get(pk=request.session['userID']) + admin = Administrator.objects.get(pk=val) + if admin.type != 1: + website = Websites.objects.get(domain=masterDomain) + if website.admin != admin: + data_ret = {'createAliasStatus': 0, 'error_message': 'You do not own this website.'} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) sslpath = "/home/" + masterDomain + "/public_html" @@ -2145,6 +2306,7 @@ def submitAliasCreation(request): def issueAliasSSL(request): try: + val = request.session['userID'] if request.method == 'POST': data = json.loads(request.body) @@ -2152,7 +2314,13 @@ def issueAliasSSL(request): masterDomain = data['masterDomain'] aliasDomain = data['aliasDomain'] - admin = Administrator.objects.get(pk=request.session['userID']) + admin = Administrator.objects.get(pk=val) + if admin.type != 1: + website = Websites.objects.get(domain=masterDomain) + if website.admin != admin: + data_ret = {'sslStatus': 0, 'error_message': 'You do not own this website.'} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) sslpath = "/home/" + masterDomain + "/public_html" @@ -2189,6 +2357,7 @@ def issueAliasSSL(request): def delateAlias(request): try: + val = request.session['userID'] if request.method == 'POST': data = json.loads(request.body) @@ -2196,7 +2365,13 @@ def delateAlias(request): masterDomain = data['masterDomain'] aliasDomain = data['aliasDomain'] - admin = Administrator.objects.get(pk=request.session['userID']) + admin = Administrator.objects.get(pk=val) + if admin.type != 1: + website = Websites.objects.get(domain=masterDomain) + if website.admin != admin: + data_ret = {'deleteAlias': 0, 'error_message': 'You do not own this website.'} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) sslpath = "/home/" + masterDomain + "/public_html" @@ -2218,8 +2393,6 @@ def delateAlias(request): ## Create Configurations ends here - - data_ret = {'deleteAlias': 1, 'error_message': "None", "existsStatus": 0} json_data = json.dumps(data_ret) return HttpResponse(json_data) @@ -2241,6 +2414,14 @@ def changeOpenBasedir(request): domainName = data['domainName'] openBasedirValue = data['openBasedirValue'] + admin = Administrator.objects.get(id=val) + + if admin.type != 1: + data_ret = {'changeOpenBasedir': 0, 'error_message': 'Only Administrators can change open_basedir value.'} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) + + execPath = "sudo python " + virtualHostUtilities.cyberPanel + "/plogical/virtualHostUtilities.py" execPath = execPath + " changeOpenBasedir --virtualHostName '" + domainName + "' --openBasedirValue " + openBasedirValue