Nemcio/CyberPanel
1
0
Fork 0
mirror of https://github.com/usmannasir/cyberpanel.git synced 2025-11-02 03:16:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

Bug fix to email policy server.

Browse Source
This commit is contained in:
usmannasir
2018-06-30 15:29:56 +05:00
parent fcee682886
commit 27c31b522d
31 changed files with 1584 additions and 895 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
CyberCP/secMiddleware.py Normal file
View File

@@ -0,0 +1,14 @@
from django.conf import settings
from django.shortcuts import HttpResponse
class secMiddleware:
def __init__(self, get_response):
self.get_response = get_response
def __call__(self, request):
if request.method == 'POST':
if request.body.find(';') > -1 or request.body.find('&&') > -1 or request.body.find('|') > -1 or request.body.find('...') > -1:
return HttpResponse('Bad input.')
response = self.get_response(request)
return response

1
CyberCP/settings.py
View File

@@ -70,6 +70,7 @@ MIDDLEWARE = [
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'CyberCP.secMiddleware.secMiddleware'
]
ROOT_URLCONF = 'CyberCP.urls'

112
backup/views.py
View File

@@ -26,11 +26,8 @@ from plogical.mailUtilities import mailUtilities
def loadBackupHome(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
viewStatus = 1
if admin.type == 3:
viewStatus = 0
@@ -79,8 +76,8 @@ def restoreSite(request):
def backupSite(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
try:
admin = Administrator.objects.get(pk=request.session['userID'])
if admin.type == 1:
websites = Websites.objects.all()
@@ -118,15 +115,21 @@ def backupSite(request):
def getCurrentBackups(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
try:
if request.method == 'POST':
data = json.loads(request.body)
backupDomain = data['websiteToBeBacked']
website = Websites.objects.get(domain=backupDomain)
if admin.type != 1:
if website.admin != admin:
dic = {'fetchStatus': 0, 'error_message': "Only administrator can view this page."}
json_data = json.dumps(dic)
return HttpResponse(json_data)
backups = website.backups_set.all()
@@ -166,7 +169,6 @@ def getCurrentBackups(request):
final_json = json.dumps(final_dic)
return HttpResponse(final_json)
def submitBackupCreation(request):
try:
if request.method == 'POST':
@@ -308,8 +310,6 @@ def cancelBackupCreation(request):
final_json = json.dumps({'abortStatus': 1, 'error_message': "None", "status": 0})
return HttpResponse(final_json)
except BaseException,msg:
final_dic = {'abortStatus': 0, 'error_message': str(msg)}
final_json = json.dumps(final_dic)
@@ -324,14 +324,20 @@ def cancelBackupCreation(request):
def deleteBackup(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
try:
if request.method == 'POST':
data = json.loads(request.body)
backupID = data['backupID']
backup = Backups.objects.get(id=backupID)
if admin.type != 1:
if backup.website.admin != admin:
dic = {'deleteStatus': 0, 'error_message': "Only administrator can view this page."}
json_data = json.dumps(dic)
return HttpResponse(json_data)
domainName = backup.website.domain
path = "/home/"+domainName+"/backup/"+backup.fileName+".tar.gz"
@@ -461,9 +467,17 @@ def backupDestinations(request):
def submitDestinationCreation(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
try:
if request.method == 'POST':
if admin.type != 1:
dic = {'destStatus': 0, 'error_message': "Only administrator can view this page."}
json_data = json.dumps(dic)
return HttpResponse(json_data)
destinations = backupUtil.backupUtilities.destinationsPath
data = json.loads(request.body)
@@ -524,9 +538,15 @@ def submitDestinationCreation(request):
def getCurrentBackupDestinations(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
try:
if request.method == 'POST':
if admin.type != 1:
dic = {'fetchStatus': 0, 'error_message': "Only administrator can view this page."}
json_data = json.dumps(dic)
return HttpResponse(json_data)
records = dest.objects.all()
json_data = "["
@@ -566,7 +586,6 @@ def getConnectionStatus(request):
try:
if request.method == 'POST':
data = json.loads(request.body)
ipAddress = data['IPAddress']
@@ -593,9 +612,16 @@ def getConnectionStatus(request):
def deleteDestination(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
try:
if request.method == 'POST':
if admin.type != 1:
dic = {'delStatus': 0, 'error_message': "Only administrator can view this page."}
json_data = json.dumps(dic)
return HttpResponse(json_data)
data = json.loads(request.body)
ipAddress = data['IPAddress']
@@ -680,9 +706,15 @@ def scheduleBackup(request):
def getCurrentBackupSchedules(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
try:
if request.method == 'POST':
if admin.type != 1:
dic = {'fetchStatus': 0, 'error_message': "Only administrator can view this page."}
json_data = json.dumps(dic)
return HttpResponse(json_data)
records = backupSchedules.objects.all()
json_data = "["
@@ -718,12 +750,18 @@ def getCurrentBackupSchedules(request):
def submitBackupSchedule(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
try:
if request.method == 'POST':
data = json.loads(request.body)
backupDest = data['backupDest']
backupFreq = data['backupFreq']
if admin.type != 1:
dic = {'scheduleStatus': 0, 'error_message': "Only administrator can view this page."}
json_data = json.dumps(dic)
return HttpResponse(json_data)
path = "/etc/crontab"
## check if already exists
@@ -922,12 +960,20 @@ def submitBackupSchedule(request):
def scheduleDelete(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
try:
if request.method == 'POST':
if admin.type != 1:
dic = {'delStatus': 0, 'error_message': "Only administrator can view this page."}
json_data = json.dumps(dic)
return HttpResponse(json_data)
data = json.loads(request.body)
backupDest = data['destLoc']
backupFreq = data['frequency']
path = "/etc/crontab"
@@ -1067,8 +1113,15 @@ def remoteBackups(request):
def submitRemoteBackups(request):
try:
userID = request.session['userID']
admin = Administrator.objects.get(pk=userID)
if request.method == 'POST':
if admin.type != 1:
dic = {'status': 0, 'error_message': "Only administrator can view this page."}
json_data = json.dumps(dic)
return HttpResponse(json_data)
data = json.loads(request.body)
ipAddress = data['ipAddress']
password = data['password']
@@ -1191,10 +1244,16 @@ def submitRemoteBackups(request):
def starRemoteTransfer(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
try:
if request.method == 'POST':
data = json.loads(request.body)
if admin.type != 1:
dic = {'remoteTransferStatus': 0, 'error_message': "Only administrator can view this page."}
json_data = json.dumps(dic)
return HttpResponse(json_data)
ipAddress = data['ipAddress']
password = data['password']
accountsToTransfer = data['accountsToTransfer']
@@ -1256,7 +1315,16 @@ def starRemoteTransfer(request):
def getRemoteTransferStatus(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
if request.method == "POST":
if admin.type != 1:
dic = {'remoteTransferStatus': 0, 'error_message': "Only administrator can view this page."}
json_data = json.dumps(dic)
return HttpResponse(json_data)
data = json.loads(request.body)
ipAddress = data['ipAddress']
password = data['password']
@@ -1300,8 +1368,15 @@ def getRemoteTransferStatus(request):
def remoteBackupRestore(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
try:
if request.method == "POST":
if admin.type != 1:
dic = {'remoteRestoreStatus': 0, 'error_message': "Only administrator can view this page."}
json_data = json.dumps(dic)
return HttpResponse(json_data)
data = json.loads(request.body)
backupDir = data['backupDir']
@@ -1337,8 +1412,16 @@ def remoteBackupRestore(request):
def localRestoreStatus(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
if request.method == "POST":
if admin.type != 1:
data_ret = {'remoteTransferStatus': 0, 'error_message': "No such log found", "status": "None",
"complete": 0}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
data = json.loads(request.body)
backupDir = data['backupDir']
@@ -1383,6 +1466,13 @@ def localRestoreStatus(request):
def cancelRemoteBackup(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
if admin.type != 1:
dic = {'cancelStatus': 0, 'error_message': "Only administrator can view this page."}
json_data = json.dumps(dic)
return HttpResponse(json_data)
if request.method == "POST":

2
baseTemplate/templates/baseTemplate/index.html
View File

@@ -302,7 +302,7 @@
<ul>
<li><a href="{% url 'viewProfile' %}" title="{% trans 'View Profile' %}"><span>{% trans "View Profile" %}</span></a></li>
<li id="normalUser"><a href="{% url 'createUser' %}" title="{% trans 'Create New User' %}"><span>{% trans "Create New User" %}</span></a></li>
<li id="normalUserA"><a href="{% url 'modifyUsers' %}" title="{% trans 'Modify User' %}"><span>{% trans "Modify User" %}</span></a></li>
<li><a href="{% url 'modifyUsers' %}" title="{% trans 'Modify User' %}"><span>{% trans "Modify User" %}</span></a></li>
<li id="normalUserB"><a href="{% url 'deleteUser' %}" title="{% trans 'Delete User' %}"><span>{% trans "Delete User" %}</span></a></li>
</ul>

3
cli/cyberPanel.py
View File

@@ -1,10 +1,9 @@
#!/usr/bin/env python2.7
#!/usr/local/CyberCP/bin/python2
import os,sys
sys.path.append('/usr/local/CyberCP')
import django
os.environ.setdefault("DJANGO_SETTINGS_MODULE", "CyberCP.settings")
django.setup()
import argparse
from inspect import stack
from cliLogger import cliLogger as logger
import json

40
databases/views.py
View File

@@ -31,7 +31,7 @@ def createDatabase(request):
try:
val = request.session['userID']
try:
admin = Administrator.objects.get(pk=request.session['userID'])
admin = Administrator.objects.get(pk=val)
if admin.type == 1:
websites = Websites.objects.all()
@@ -72,10 +72,10 @@ def createDatabase(request):
def submitDBCreation(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
try:
if request.method == 'POST':
data = json.loads(request.body)
databaseWebsite = data['databaseWebsite']
dbName = data['dbName']
@@ -83,6 +83,13 @@ def submitDBCreation(request):
dbPassword = data['dbPassword']
webUsername = data['webUserName']
if admin.type != 1:
website = Websites.objects.get(domain=databaseWebsite)
if website.admin != admin:
dic = {'createDBStatus': 0, 'error_message': "Only administrator can view this page."}
json_data = json.dumps(dic)
return HttpResponse(json_data)
dbName = webUsername+"_"+dbName
dbUsername = webUsername+"_"+dbUsername
@@ -112,7 +119,7 @@ def deleteDatabase(request):
val = request.session['userID']
try:
admin = Administrator.objects.get(pk=request.session['userID'])
admin = Administrator.objects.get(pk=val)
if admin.type == 1:
websites = Websites.objects.all()
@@ -152,12 +159,20 @@ def deleteDatabase(request):
def fetchDatabases(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
try:
data = json.loads(request.body)
databaseWebsite = data['databaseWebsite']
if admin.type != 1:
website = Websites.objects.get(domain=databaseWebsite)
if website.admin != admin:
dic = {'fetchStatus': 0, 'error_message': "Only administrator can view this page."}
json_data = json.dumps(dic)
return HttpResponse(json_data)
website = Websites.objects.get(domain=databaseWebsite)
@@ -196,6 +211,7 @@ def fetchDatabases(request):
def submitDatabaseDeletion(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
try:
if request.method == 'POST':
@@ -203,6 +219,12 @@ def submitDatabaseDeletion(request):
data = json.loads(request.body)
dbName = data['dbName']
if admin.type != 1:
db = Databases.objects.get(dbName=dbName)
if db.website.admin != admin:
dic = {'deleteStatus': 0, 'error_message': "Only administrator can view this page."}
json_data = json.dumps(dic)
return HttpResponse(json_data)
result = mysqlUtilities.submitDBDeletion(dbName)
@@ -230,7 +252,7 @@ def listDBs(request):
try:
val = request.session['userID']
try:
admin = Administrator.objects.get(pk=request.session['userID'])
admin = Administrator.objects.get(pk=val)
if admin.type == 1:
websites = Websites.objects.all()
@@ -270,15 +292,21 @@ def listDBs(request):
def changePassword(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
try:
if request.method == 'POST':
data = json.loads(request.body)
userName = data['dbUserName']
dbPassword = data['dbPassword']
if admin.type != 1:
db = Databases.objects.get(dbName=userName)
if db.website.admin != admin:
dic = {'changePasswordStatus': 0, 'error_message': "Only administrator can view this page."}
json_data = json.dumps(dic)
return HttpResponse(json_data)
passFile = "/etc/cyberpanel/mysqlPassword"
f = open(passFile)

45
dns/views.py
View File

@@ -10,13 +10,13 @@ import os
from loginSystem.views import loadLoginPage
from models import Domains,Records
from re import match,I,M
from websiteFunctions.models import Websites
# Create your views here.
def loadDNSHome(request):
try:
userID = request.session['userID']
admin = Administrator.objects.get(pk=userID)
return render(request,'dns/index.html',{"type":admin.type})
@@ -26,7 +26,6 @@ def loadDNSHome(request):
def createNameserver(request):
try:
userID = request.session['userID']
admin = Administrator.objects.get(pk=userID)
if admin.type == 3:
@@ -43,6 +42,12 @@ def NSCreation(request):
if request.method == 'POST':
admin = Administrator.objects.get(pk=val)
if admin.type != 1:
dic = {'NSCreation': 0, 'error_message': "Only administrator can view this page."}
json_data = json.dumps(dic)
return HttpResponse(json_data)
data = json.loads(request.body)
domainForNS = data['domainForNS']
ns1 = data['ns1']
@@ -196,9 +201,7 @@ def NSCreation(request):
def createDNSZone(request):
try:
userID = request.session['userID']
admin = Administrator.objects.get(pk=userID)
return render(request,'dns/createDNSZone.html')
except KeyError:
return redirect(loadLoginPage)
@@ -281,14 +284,22 @@ def addDeleteDNSRecords(request):
def getCurrentRecordsForDomain(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
try:
if request.method == 'POST':
data = json.loads(request.body)
zoneDomain = data['selectedZone']
currentSelection = data['currentSelection']
if admin.type != 1:
website = Websites.objects.get(domain=zoneDomain)
if website.admin != admin:
dic = {'fetchStatus': 0, 'error_message': "Only administrator can view this page."}
json_data = json.dumps(dic)
return HttpResponse(json_data)
domain = Domains.objects.get(name=zoneDomain)
records = Records.objects.filter(domain_id=domain.id)
@@ -357,6 +368,7 @@ def getCurrentRecordsForDomain(request):
def addDNSRecord(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
try:
if request.method == 'POST':
@@ -366,7 +378,12 @@ def addDNSRecord(request):
recordName = data['recordName']
ttl = int(data['ttl'])
#admin = Administrator.objects.get(pk=val)
if admin.type != 1:
website = Websites.objects.get(domain=zoneDomain)
if website.admin != admin:
dic = {'add_status': 0, 'error_message': "Only administrator can view this page."}
json_data = json.dumps(dic)
return HttpResponse(json_data)
zone = Domains.objects.get(name=zoneDomain)
value = ""
@@ -514,6 +531,7 @@ def addDNSRecord(request):
def deleteDNSRecord(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
try:
if request.method == 'POST':
@@ -521,6 +539,13 @@ def deleteDNSRecord(request):
id = data['id']
delRecord = Records.objects.get(id=id)
if admin.type != 1:
if delRecord.domainOwner.admin != admin:
dic = {'delete_status': 0, 'error_message': "Only administrator can view this page."}
json_data = json.dumps(dic)
return HttpResponse(json_data)
delRecord.delete()
final_dic = {'delete_status': 1, 'error_message': "None"}
@@ -570,6 +595,7 @@ def deleteDNSZone(request):
def submitZoneDeletion(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
try:
if request.method == 'POST':
@@ -577,6 +603,13 @@ def submitZoneDeletion(request):
zoneDomain = data['zoneDomain']
delZone = Domains.objects.get(name=zoneDomain)
if admin.type != 1:
if delZone.admin != admin:
dic = {'delete_status': 0, 'error_message': "Only administrator can view this page."}
json_data = json.dumps(dic)
return HttpResponse(json_data)
delZone.delete()
final_dic = {'delete_status': 1, 'error_message': "None"}

17
emailPremium/views.py
View File

@@ -779,10 +779,15 @@ def installStatusSpamAssassin(request):
def fetchSpamAssassinSettings(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
try:
if request.method == 'POST':
if admin.type != 1:
final_dic = {'fetchStatus': 0, 'error_message': 'Not enough privileges.'}
final_json = json.dumps(final_dic)
return HttpResponse(final_json)
report_safe = 0
required_hits = '5.0'
rewrite_header = 'Subject [SPAM]'
@@ -835,7 +840,6 @@ def fetchSpamAssassinSettings(request):
except BaseException,msg:
final_dic = {'fetchStatus': 0, 'error_message': str(msg)}
final_json = json.dumps(final_dic)
return HttpResponse(final_json)
@@ -846,11 +850,10 @@ def fetchSpamAssassinSettings(request):
def saveSpamAssassinConfigurations(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
try:
if request.method == 'POST':
admin = Administrator.objects.get(pk=request.session['userID'])
if admin.type != 1:
dic = {'status': 0, 'error_message': "Only administrator can view this page."}
json_data = json.dumps(dic)
@@ -935,11 +938,10 @@ def emailPolicyServer(request):
def fetchPolicyServerStatus(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
try:
if request.method == 'POST':
admin = Administrator.objects.get(pk=request.session['userID'])
if admin.type != 1:
dic = {'status': 0, 'error_message': "Only administrator can view this page."}
json_data = json.dumps(dic)
@@ -975,11 +977,10 @@ def fetchPolicyServerStatus(request):
def savePolicyServerStatus(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
try:
if request.method == 'POST':
admin = Administrator.objects.get(pk=request.session['userID'])
if admin.type != 1:
dic = {'status': 0, 'error_message': "Only administrator can view this page."}
json_data = json.dumps(dic)

120
firewall/views.py
View File

@@ -41,10 +41,14 @@ def firewallHome(request):
def getCurrentRules(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
try:
if request.method == 'POST':
data = json.loads(request.body)
if admin.type != 1:
final_dic = {'fetchStatus': 0, 'error_message': 'Not enough privileges.'}
final_json = json.dumps(final_dic)
return HttpResponse(final_json)
rules = FirewallRules.objects.all()
@@ -84,9 +88,15 @@ def getCurrentRules(request):
def addRule(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
try:
if request.method == 'POST':
if admin.type != 1:
final_dic = {'add_status': 0, 'error_message': 'Not enough privileges.'}
final_json = json.dumps(final_dic)
return HttpResponse(final_json)
data = json.loads(request.body)
ruleName = data['ruleName']
ruleProtocol = data['ruleProtocol']
@@ -117,9 +127,15 @@ def addRule(request):
def deleteRule(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(val=val)
try:
if request.method == 'POST':
if admin.type != 1:
final_dic = {'delete_status': 0, 'error_message': 'Not enough privileges.'}
final_json = json.dumps(final_dic)
return HttpResponse(final_json)
data = json.loads(request.body)
ruleID = data['id']
ruleProtocol = data['proto']
@@ -149,14 +165,17 @@ def deleteRule(request):
def reloadFirewall(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
try:
if request.method == 'POST':
if admin.type != 1:
final_dic = {'reload_status': 0, 'error_message': 'Not enough privileges.'}
final_json = json.dumps(final_dic)
return HttpResponse(final_json)
command = 'sudo firewall-cmd --reload'
cmd = shlex.split(command)
res = subprocess.call(cmd)
if res == 0:
@@ -184,9 +203,14 @@ def reloadFirewall(request):
def startFirewall(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
try:
if request.method == 'POST':
if admin.type != 1:
final_dic = {'start_status': 0, 'error_message': 'Not enough privileges.'}
final_json = json.dumps(final_dic)
return HttpResponse(final_json)
command = 'sudo systemctl start firewalld'
@@ -219,9 +243,14 @@ def startFirewall(request):
def stopFirewall(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
try:
if request.method == 'POST':
if admin.type != 1:
final_dic = {'stop_status': 0, 'error_message': 'Not enough privileges.'}
final_json = json.dumps(final_dic)
return HttpResponse(final_json)
command = 'sudo systemctl stop firewalld'
@@ -238,9 +267,6 @@ def stopFirewall(request):
final_json = json.dumps(final_dic)
return HttpResponse(final_json)
except BaseException,msg:
final_dic = {'stop_status': 0, 'error_message': str(msg)}
final_json = json.dumps(final_dic)
@@ -254,9 +280,14 @@ def stopFirewall(request):
def firewallStatus(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
try:
if request.method == 'POST':
if admin.type != 1:
final_dic = {'status': 0, 'error_message': 'Not enough privileges.'}
final_json = json.dumps(final_dic)
return HttpResponse(final_json)
status = subprocess.check_output(["systemctl", "status","firewalld"])
@@ -297,11 +328,16 @@ def secureSSH(request):
def getSSHConfigs(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
try:
if request.method == 'POST':
data = json.loads(request.body)
type = data['type']
if admin.type != 1:
final_dic = {'status': 0, 'error_message': 'Not enough privileges.'}
final_json = json.dumps(final_dic)
return HttpResponse(final_json)
if type=="1":
@@ -406,11 +442,17 @@ def getSSHConfigs(request):
def saveSSHConfigs(request):
try:
val = request.session['userID']
admin= Administrator.objects.get(val=val)
try:
if request.method == 'POST':
data = json.loads(request.body)
type = data['type']
if admin.type != 1:
final_dic = {'saveStatus': 0, 'error_message': 'Not enough privileges.'}
final_json = json.dumps(final_dic)
return HttpResponse(final_json)
if type=="1":
@@ -510,11 +552,17 @@ def saveSSHConfigs(request):
def deleteSSHKey(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
try:
if request.method == 'POST':
data = json.loads(request.body)
key = data['key']
if admin.type != 1:
final_dic = {'delete_status': 0, 'error_message': 'Not enough privileges.'}
final_json = json.dumps(final_dic)
return HttpResponse(final_json)
# temp change of permissions
command = 'sudo chown -R cyberpanel:cyberpanel /root'
@@ -568,11 +616,17 @@ def deleteSSHKey(request):
def addSSHKey(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
try:
if request.method == 'POST':
data = json.loads(request.body)
key = data['key']
if admin.type != 1:
final_dic = {'add_status': 0, 'error_message': 'Not enough privileges.'}
final_json = json.dumps(final_dic)
return HttpResponse(final_json)
# temp change of permissions
command = 'sudo chown -R cyberpanel:cyberpanel /root'
@@ -659,7 +713,14 @@ def loadModSecurityHome(request):
def installModSec(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
try:
if admin.type != 1:
final_dic = {'installModSec': 0, 'error_message': 'Not enough privileges.'}
final_json = json.dumps(final_dic)
return HttpResponse(final_json)
thread.start_new_thread(modSec.installModSec, ('Install','modSec'))
final_json = json.dumps({'installModSec': 1, 'error_message': "None"})
return HttpResponse(final_json)
@@ -676,9 +737,16 @@ def installModSec(request):
def installStatusModSec(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
try:
if request.method == 'POST':
if admin.type != 1:
final_dic = {'abort': 1, 'installed': 0, 'error_message': 'Not enough privileges.'}
final_json = json.dumps(final_dic)
return HttpResponse(final_json)
installStatus = unicode(open(modSec.installLogPath, "r").read())
if installStatus.find("[200]")>-1:
@@ -741,10 +809,15 @@ def installStatusModSec(request):
def fetchModSecSettings(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
try:
if request.method == 'POST':
if admin.type != 1:
final_dic = {'fetchStatus': 0, 'installed': 0, 'error_message': 'Not enough privileges.'}
final_json = json.dumps(final_dic)
return HttpResponse(final_json)
modsecurity = 0
SecAuditEngine = 0
SecRuleEngine = 0
@@ -835,9 +908,15 @@ def fetchModSecSettings(request):
def saveModSecConfigurations(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
try:
if request.method == 'POST':
if admin.type != 1:
final_dic = {'saveStatus': 0, 'error_message': 'Not enough privileges.'}
final_json = json.dumps(final_dic)
return HttpResponse(final_json)
data = json.loads(request.body)
modsecurity = data['modsecurity_status']
@@ -919,7 +998,6 @@ def saveModSecConfigurations(request):
def modSecRules(request):
try:
userID = request.session['userID']
admin = Administrator.objects.get(pk=userID)
if admin.type == 3:
@@ -946,7 +1024,6 @@ def modSecRules(request):
def fetchModSecRules(request):
try:
userID = request.session['userID']
admin = Administrator.objects.get(pk=userID)
if admin.type == 3:
@@ -988,9 +1065,15 @@ def fetchModSecRules(request):
def saveModSecRules(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
try:
if request.method == 'POST':
if admin.type != 1:
final_dic = {'saveStatus': 0, 'error_message': 'Not enough privileges.'}
final_json = json.dumps(final_dic)
return HttpResponse(final_json)
data = json.loads(request.body)
newModSecRules = data['modSecRules']
@@ -1063,7 +1146,6 @@ def modSecRulesPacks(request):
def getOWASPAndComodoStatus(request):
try:
userID = request.session['userID']
admin = Administrator.objects.get(pk=userID)
if admin.type == 3:
@@ -1121,9 +1203,15 @@ def getOWASPAndComodoStatus(request):
def installModSecRulesPack(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
try:
if request.method == 'POST':
if admin.type != 1:
final_dic = {'installStatus': 0, 'error_message': 'Not enough privileges.'}
final_json = json.dumps(final_dic)
return HttpResponse(final_json)
data = json.loads(request.body)
packName = data['packName']
@@ -1159,9 +1247,15 @@ def installModSecRulesPack(request):
def getRulesFiles(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
try:
if request.method == 'POST':
if admin.type != 1:
final_dic = {'fetchStatus': 0, 'error_message': 'Not enough privileges.'}
final_json = json.dumps(final_dic)
return HttpResponse(final_json)
data = json.loads(request.body)
packName = data['packName']
@@ -1219,9 +1313,15 @@ def getRulesFiles(request):
def enableDisableRuleFile(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk = val)
try:
if request.method == 'POST':
if admin.type != 1:
final_dic = {'saveStatus': 0, 'error_message': 'Not enough privileges.'}
final_json = json.dumps(final_dic)
return HttpResponse(final_json)
data = json.loads(request.body)
packName = data['packName']

48
ftp/views.py
View File

@@ -27,7 +27,7 @@ def createFTPAccount(request):
try:
val = request.session['userID']
try:
admin = Administrator.objects.get(pk=request.session['userID'])
admin = Administrator.objects.get(pk=val)
if admin.type == 1:
websites = Websites.objects.all()
@@ -75,8 +75,16 @@ def submitFTPCreation(request):
userName = data['ftpUserName']
password = data['ftpPassword']
path = data['path']
domainName = data['ftpDomain']
admin = Administrator.objects.get(id=val)
website = Websites.objects.get(domain=domainName)
if admin.type != 1:
if website.admin != admin:
data_ret = {'creatFTPStatus': 0, 'error_message': 'Not enough privileges.'}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
if len(path) > 0:
pass
@@ -85,7 +93,7 @@ def submitFTPCreation(request):
execPath = "sudo python " + virtualHostUtilities.cyberPanel + "/plogical/ftpUtilities.py"
execPath = execPath + " submitFTPCreation --domainName " + data['ftpDomain'] + " --userName " + userName \
execPath = execPath + " submitFTPCreation --domainName " + domainName + " --userName " + userName \
+ " --password " + password + " --path " + path + " --owner " + admin.userName
@@ -163,6 +171,13 @@ def fetchFTPAccounts(request):
domain = data['ftpDomain']
website = Websites.objects.get(domain=domain)
admin = Administrator.objects.get(id=val)
if admin.type != 1:
if website.admin != admin:
data_ret = {'fetchStatus': 0, 'error_message': 'Not enough privileges.'}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
ftpAccounts = website.users_set.all()
@@ -198,12 +213,21 @@ def fetchFTPAccounts(request):
def submitFTPDelete(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(id=val)
try:
if request.method == 'POST':
data = json.loads(request.body)
ftpUserName = data['ftpUsername']
ftp = Users.objects.get(user=ftpUserName)
if admin.type != 1:
if ftp.domain.admin != admin:
data_ret = {'deleteStatus': 0, 'error_message': 'Not enough privileges.'}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
FTPUtilities.submitFTPDeletion(ftpUserName)
final_json = json.dumps({'deleteStatus': 1, 'error_message': "None"})
@@ -223,7 +247,7 @@ def listFTPAccounts(request):
try:
val = request.session['userID']
try:
admin = Administrator.objects.get(pk=request.session['userID'])
admin = Administrator.objects.get(pk=val)
if admin.type == 1:
websites = Websites.objects.all()
@@ -271,6 +295,13 @@ def getAllFTPAccounts(request):
selectedDomain = data['selectedDomain']
domain = Websites.objects.get(domain=selectedDomain)
admin = Administrator.objects.get(id=val)
if admin.type != 1:
if domain.admin != admin:
data_ret = {'fetchStatus': 0, 'error_message': 'Not enough privileges.'}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
records = Users.objects.filter(domain=domain)
@@ -309,15 +340,22 @@ def getAllFTPAccounts(request):
def changePassword(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(id=val)
try:
if request.method == 'POST':
data = json.loads(request.body)
userName = data['ftpUserName']
password = data['ftpPassword']
ftp = Users.objects.get(user=userName)
if admin.type != 1:
if ftp.domain.admin != admin:
data_ret = {'changePasswordStatus': 0, 'error_message': 'Not enough privileges.'}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
FTPUtilities.changeFTPPassword(userName, password)
data_ret = {'changePasswordStatus': 1, 'error_message': "None"}

4
install/install.py
View File

@@ -2306,10 +2306,14 @@ class preFlightsChecks:
cronFile = open("/etc/crontab", "a")
cronFile.writelines("0 * * * * root python /usr/local/CyberCP/plogical/findBWUsage.py" + "\n")
cronFile.writelines("0 * * * * root /usr/local/CyberCP/postfixSenderPolicy/client.py hourlyCleanup" + "\n")
cronFile.writelines("0 0 1 * * root /usr/local/CyberCP/postfixSenderPolicy/client.py monthlyCleanup" + "\n")
cronFile.close()
command = 'chmod +x /usr/local/CyberCP/plogical/findBWUsage.py'
cmd = shlex.split(command)
command = 'chmod +x /usr/local/CyberCP/postfixSenderPolicy/client.py'
cmd = shlex.split(command)
res = subprocess.call(cmd, stdout=file)

2
loginSystem/views.py
View File

@@ -24,7 +24,6 @@ def verifyLogin(request):
username = "not logged in"
password = ""
try:
if request.method == "POST":
data = json.loads(request.body)
@@ -125,7 +124,6 @@ def loadLoginPage(request):
numberOfAdministrator = Administrator.objects.count()
password = hashPassword.hash_password('1234567')
if numberOfAdministrator == 0:

113
mailServer/views.py
View File

@@ -31,10 +31,10 @@ def createEmailAccount(request):
try:
val = request.session['userID']
try:
admin = Administrator.objects.get(pk=request.session['userID'])
admin = Administrator.objects.get(pk=val)
if admin.type == 1:
websites = admin.websites_set.all()
websites = Websites.objects.all()
else:
websites = Websites.objects.filter(admin=admin)
@@ -56,13 +56,13 @@ def submitEmailCreation(request):
try:
if request.method == 'POST':
val = request.session['userID']
data = json.loads(request.body)
domainName = data['domain']
userName = data['username']
password = data['password']
## Create email entry
execPath = "sudo python " + virtualHostUtilities.cyberPanel + "/plogical/mailUtilities.py"
@@ -97,10 +97,10 @@ def deleteEmailAccount(request):
try:
val = request.session['userID']
try:
admin = Administrator.objects.get(pk=request.session['userID'])
admin = Administrator.objects.get(pk=val)
if admin.type == 1:
websites = admin.websites_set.all()
websites = Websites.objects.all()
else:
websites = Websites.objects.filter(admin=admin)
@@ -121,6 +121,7 @@ def deleteEmailAccount(request):
def getEmailsForDomain(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
try:
if request.method == 'POST':
@@ -134,6 +135,12 @@ def getEmailsForDomain(request):
final_json = json.dumps(final_dic)
return HttpResponse(final_json)
if admin.type != 1:
if domain.domainOwner.admin != admin:
final_dic = {'fetchStatus': 0, 'error_message': "Not enough privileges." }
final_json = json.dumps(final_dic)
return HttpResponse(final_json)
emails = domain.eusers_set.all()
if emails.count() == 0:
@@ -154,14 +161,11 @@ def getEmailsForDomain(request):
json_data = json_data + ',' + json.dumps(dic)
json_data = json_data + ']'
final_dic = {'fetchStatus': 1, 'error_message': "None", "data": json_data}
final_json = json.dumps(final_dic)
return HttpResponse(final_json)
except BaseException,msg:
data_ret = {'fetchStatus': 0, 'error_message': str(msg)}
json_data = json.dumps(data_ret)
@@ -171,24 +175,28 @@ def getEmailsForDomain(request):
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
def submitEmailDeletion(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
try:
if request.method == 'POST':
data = json.loads(request.body)
email = data['email']
emailDB = EUsers.objects.get(email=email)
if admin.type != 1:
if emailDB.emailOwner.domainOwner.admin != admin:
final_dic = {'deleteEmailStatus': 0, 'error_message': "Not enough privileges."}
final_json = json.dumps(final_dic)
return HttpResponse(final_json)
mailUtilities.deleteEmailAccount(email)
data_ret = {'deleteEmailStatus': 1, 'error_message': "None"}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
except BaseException,msg:
data_ret = {'deleteEmailStatus': 0, 'error_message': str(msg)}
json_data = json.dumps(data_ret)
@@ -202,10 +210,10 @@ def emailForwarding(request):
try:
val = request.session['userID']
try:
admin = Administrator.objects.get(pk=request.session['userID'])
admin = Administrator.objects.get(pk=val)
if admin.type == 1:
websites = admin.websites_set.all()
websites = Websites.objects.all()
else:
websites = Websites.objects.filter(admin=admin)
@@ -222,16 +230,24 @@ def emailForwarding(request):
except KeyError:
return redirect(loadLoginPage)
def fetchCurrentForwardings(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
try:
if request.method == 'POST':
data = json.loads(request.body)
emailAddress = data['emailAddress']
emailDB = EUsers.objects.get(email=emailAddress)
if admin.type != 1:
if emailDB.emailOwner.domainOwner.admin != admin:
final_dic = {'fetchStatus': 1, 'error_message': "Not enough privileges."}
final_json = json.dumps(final_dic)
return HttpResponse(final_json)
currentForwardings = Forwardings.objects.filter(source=emailAddress)
json_data = "["
@@ -242,7 +258,7 @@ def fetchCurrentForwardings(request):
continue
dic = {'id': id,
'source': items.source,
'destination':items.destination}
'destination': items.destination}
id = id + 1
@@ -253,14 +269,11 @@ def fetchCurrentForwardings(request):
json_data = json_data + ',' + json.dumps(dic)
json_data = json_data + ']'
final_dic = {'fetchStatus': 1, 'error_message': "None", "data": json_data}
final_json = json.dumps(final_dic)
return HttpResponse(final_json)
except BaseException,msg:
data_ret = {'fetchStatus': 0, 'error_message': str(msg)}
json_data = json.dumps(data_ret)
@@ -286,7 +299,6 @@ def submitForwardDeletion(request):
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
except BaseException,msg:
data_ret = {'deleteForwardingStatus': 0, 'error_message': str(msg)}
json_data = json.dumps(data_ret)
@@ -299,6 +311,7 @@ def submitForwardDeletion(request):
def submitEmailForwardingCreation(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
try:
if request.method == 'POST':
@@ -307,6 +320,14 @@ def submitEmailForwardingCreation(request):
source = data['source']
destination = data['destination']
email = EUsers.objects.get(email=source)
if admin.type != 1:
if email.emailOwner.domainOwner.admin != admin:
final_dic = {'createStatus': 0, 'error_message': "Not enough privileges." }
final_json = json.dumps(final_dic)
return HttpResponse(final_json)
if Forwardings.objects.filter(source=source, destination=destination).count() > 0:
data_ret = {'createStatus': 0, 'error_message': "You have already forwared to this destination."}
json_data = json.dumps(data_ret)
@@ -335,7 +356,6 @@ def submitEmailForwardingCreation(request):
return HttpResponse(json_data)
#######
@@ -346,7 +366,7 @@ def changeEmailAccountPassword(request):
admin = Administrator.objects.get(pk=request.session['userID'])
if admin.type == 1:
websites = admin.websites_set.all()
websites = Websites.objects.all()
else:
websites = Websites.objects.filter(admin=admin)
@@ -367,6 +387,7 @@ def changeEmailAccountPassword(request):
def submitPasswordChange(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
try:
if request.method == 'POST':
data = json.loads(request.body)
@@ -375,10 +396,17 @@ def submitPasswordChange(request):
email = data['email']
password = data['password']
dom = Domains(domain=domain)
emailDB = EUsers(email=email)
emailAcct = EUsers(email=email)
emailAcct.delete()
if admin.type != 1:
if emailDB.emailOwner.domainOwner.admin != admin:
final_dic = {'passChangeStatus': 0, 'error_message': "Not enough privileges." }
final_json = json.dumps(final_dic)
return HttpResponse(final_json)
emailDB.delete()
dom = Domains(domain=domain)
emailAcct = EUsers(emailOwner=dom, email=email, password=password)
emailAcct.save()
@@ -388,7 +416,6 @@ def submitPasswordChange(request):
return HttpResponse(json_data)
except BaseException,msg:
data_ret = {'passChangeStatus': 0, 'error_message': str(msg)}
json_data = json.dumps(data_ret)
@@ -454,12 +481,21 @@ def dkimManager(request):
def fetchDKIMKeys(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
try:
if request.method == 'POST':
data = json.loads(request.body)
domainName = data['domainName']
if admin.type != 1:
website = Websites.objects.get(domain=domainName)
if website.admin != admin:
data_ret = {'fetchStatus': 0, 'keysAvailable': 0, 'error_message': 'Not enough privileges.'}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
try:
path = "/etc/opendkim/keys/" + domainName + "/default.txt"
command = "sudo cat " + path
@@ -489,21 +525,25 @@ def fetchDKIMKeys(request):
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
def generateDKIMKeys(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
try:
if request.method == 'POST':
data = json.loads(request.body)
domainName = data['domainName']
if admin.type != 1:
website = Websites.objects.get(domain=domainName)
if website.admin != admin:
data_ret = {'generateStatus': 0, 'error_message': 'Not enough privileges.'}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
execPath = "sudo python " + virtualHostUtilities.cyberPanel + "/plogical/mailUtilities.py"
execPath = execPath + " generateKeys --domain " + domainName
output = subprocess.check_output(shlex.split(execPath))
if output.find("1,None") > -1:
@@ -547,7 +587,12 @@ def generateDKIMKeys(request):
def installOpenDKIM(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
try:
if admin.type != 1:
final_json = json.dumps({'installOpenDKIM': 0, 'error_message': "Not enough privileges."})
return HttpResponse(final_json)
thread.start_new_thread(mailUtilities.installOpenDKIM, ('Install','openDKIM'))
final_json = json.dumps({'installOpenDKIM': 1, 'error_message': "None"})
return HttpResponse(final_json)
@@ -563,9 +608,15 @@ def installOpenDKIM(request):
def installStatusOpenDKIM(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
try:
if request.method == 'POST':
if admin.type != 1:
final_dic = {'abort': 1, 'installed': 0, 'error_message': 'Not enough privileges.'}
final_json = json.dumps(final_dic)
return HttpResponse(final_json)
command = "sudo cat " + mailUtilities.installLogPath
installStatus = subprocess.check_output(shlex.split(command))

56
managePHP/views.py
View File

@@ -1764,7 +1764,9 @@ def getExtensionsInformation(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
try:
if admin.type == 1:
if request.method == 'POST':
data = json.loads(request.body)
@@ -1815,6 +1817,9 @@ def getExtensionsInformation(request):
json_data = json_data + ']'
final_json = json.dumps({'fetchStatus': 1, 'error_message': "None", "data": json_data})
return HttpResponse(final_json)
else:
final_json = json.dumps({'fetchStatus': 0, 'error_message': "Not enough privileges."})
return HttpResponse(final_json)
except BaseException,msg:
final_dic = {'fetchStatus': 0, 'error_message': str(msg)}
@@ -1830,7 +1835,9 @@ def getExtensionsInformation(request):
def submitExtensionRequest(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
try:
if admin.type == 1:
if request.method == 'POST':
data = json.loads(request.body)
@@ -1847,6 +1854,9 @@ def submitExtensionRequest(request):
final_json = json.dumps({'extensionRequestStatus': 1, 'error_message': "None"})
return HttpResponse(final_json)
else:
final_json = json.dumps({'extensionRequestStatus': 0, 'error_message': "Not enough privileges."})
return HttpResponse(final_json)
except BaseException,msg:
final_dic = {'extensionRequestStatus': 0, 'error_message': str(msg)}
@@ -1862,9 +1872,10 @@ def submitExtensionRequest(request):
def getRequestStatus(request):
try:
val = request.session['userID']
admin= Administrator.objects.get(pk=val)
try:
if admin.type == 1:
if request.method == 'POST':
data = json.loads(request.body)
size = data['size']
extensionName = data['extensionName']
@@ -1948,6 +1959,12 @@ def getRequestStatus(request):
'size': requestStatusSize})
return HttpResponse(final_json)
else:
final_json = json.dumps({'finished': 0, 'extensionRequestStatus': 0,
'error_message': "Not enough privileges."})
return HttpResponse(final_json)
except BaseException,msg:
final_dic = {'extensionRequestStatus': 0, 'error_message': str(msg)}
@@ -1967,7 +1984,7 @@ def editPHPConfigs(request):
admin = Administrator.objects.get(pk=val)
if admin.type == 3:
return HttpResponse("You don't have enough priviliges to access this page.")
return HttpResponse("You don't have enough privileges to access this page.")
return render(request,'managePHP/editPHPConfig.html')
except KeyError:
@@ -1977,8 +1994,9 @@ def editPHPConfigs(request):
def getCurrentPHPConfig(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
try:
if admin.type == 1:
if request.method == 'POST':
data = json.loads(request.body)
@@ -2051,6 +2069,14 @@ def getCurrentPHPConfig(request):
final_json = json.dumps(final_dic)
return HttpResponse(final_json)
else:
final_dic = {'fetchStatus': 0,
'error_message': 'Not enough privileges.'
}
final_json = json.dumps(final_dic)
return HttpResponse(final_json)
except BaseException,msg:
@@ -2068,8 +2094,9 @@ def getCurrentPHPConfig(request):
def savePHPConfigBasic(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(id=val)
try:
if admin.type == 1:
if request.method == 'POST':
data = json.loads(request.body)
@@ -2140,6 +2167,11 @@ def savePHPConfigBasic(request):
final_json = json.dumps(final_dic)
return HttpResponse(final_json)
else:
final_dic = {'saveStatus': 0, 'error_message': 'Not enough privileges.'}
final_json = json.dumps(final_dic)
return HttpResponse(final_json)
except BaseException,msg:
final_dic = {'saveStatus': 0, 'error_message': str(msg)}
final_json = json.dumps(final_dic)
@@ -2156,8 +2188,9 @@ def savePHPConfigBasic(request):
def getCurrentAdvancedPHPConfig(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(id=val)
try:
if admin.type == 1:
if request.method == 'POST':
data = json.loads(request.body)
@@ -2183,7 +2216,11 @@ def getCurrentAdvancedPHPConfig(request):
configData = open(path, "r").read()
status = {"fetchStatus": 1, "configData": configData}
final_json = json.dumps(status)
return HttpResponse(final_json)
else:
status = {"fetchStatus": 1, "error_message": 'Not enough privileges.'}
final_json = json.dumps(status)
return HttpResponse(final_json)
@@ -2199,6 +2236,9 @@ def getCurrentAdvancedPHPConfig(request):
def savePHPConfigAdvance(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
if admin.type == 1:
if request.method == 'POST':
try:
@@ -2247,11 +2287,15 @@ def savePHPConfigAdvance(request):
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
except BaseException, msg:
data_ret = {'saveStatus': 0, 'error_message': str(msg)}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
else:
data_ret = {'saveStatus': 0, 'error_message': 'Not enough privileges.'}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
except KeyError, msg:
logging.CyberCPLogFileWriter.writeToFile(str(msg) + "[saveConfigsToFile]")
return HttpResponse("Not Logged in as admin")

45
manageSSL/views.py
View File

@@ -21,7 +21,6 @@ import subprocess
def loadSSLHome(request):
try:
val = request.session['userID']
return render(request, 'manageSSL/index.html')
except KeyError:
return redirect(loadLoginPage)
@@ -29,8 +28,7 @@ def loadSSLHome(request):
def manageSSL(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=request.session['userID'])
admin = Administrator.objects.get(pk=val)
if admin.type == 1:
websites = Websites.objects.all()
@@ -67,6 +65,7 @@ def manageSSL(request):
def issueSSL(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
try:
if request.method == 'POST':
@@ -76,15 +75,32 @@ def issueSSL(request):
adminEmail = ""
path = ""
try:
website = ChildDomains.objects.get(domain=virtualHost)
adminEmail = website.master.adminEmail
path = data['path']
if admin.type != 1:
if admin != website.master.admin:
data_ret = {"SSL": 0,
'error_message': 'You do not own this domain.'}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
except:
website = Websites.objects.get(domain=virtualHost)
adminEmail = website.adminEmail
path = "/home/" + virtualHost + "/public_html"
if admin.type != 1:
if admin != website.admin:
data_ret = {"SSL": 0,
'error_message': 'You do not own this website.'}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
## ssl issue
execPath = "sudo python " + virtualHostUtilities.cyberPanel + "/plogical/virtualHostUtilities.py"
@@ -128,7 +144,7 @@ def sslForHostName(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=request.session['userID'])
admin = Administrator.objects.get(pk=val)
if admin.type==1:
pass
@@ -168,14 +184,14 @@ def sslForHostName(request):
def obtainHostNameSSL(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
try:
if admin.type == 1:
if request.method == 'POST':
data = json.loads(request.body)
virtualHost = data['virtualHost']
website = Websites.objects.get(domain=virtualHost)
path = "/home/" + virtualHost + "/public_html"
## ssl issue
@@ -199,6 +215,11 @@ def obtainHostNameSSL(request):
return HttpResponse(json_data)
## ssl issue ends
else:
data_ret = {"SSL": 0,
'error_message': 'Only administrators can issue Hostname SSL.'}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
except BaseException,msg:
data_ret = {"SSL": 0,
@@ -220,7 +241,7 @@ def sslForMailServer(request):
if admin.type==1:
pass
else:
return HttpResponse("You should be admin to issue SSL For Hostname.")
return HttpResponse("You should be admin to issue SSL For Mail Server.")
if admin.type == 1:
websites = Websites.objects.all()
@@ -255,14 +276,14 @@ def sslForMailServer(request):
def obtainMailServerSSL(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
try:
if admin.type == 1:
if request.method == 'POST':
data = json.loads(request.body)
virtualHost = data['virtualHost']
website = Websites.objects.get(domain=virtualHost)
path = "/home/" + virtualHost + "/public_html"
## ssl issue
@@ -285,6 +306,12 @@ def obtainMailServerSSL(request):
return HttpResponse(json_data)
## ssl issue ends
else:
data_ret = {"SSL": 0,
'error_message': 'Only administrators can issue Mail Server SSL.'}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
except BaseException,msg:
data_ret = {"SSL": 0,

32
packages/views.py
View File

@@ -72,6 +72,7 @@ def deletePacakge(request):
def submitPackage(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
try:
if request.method == 'POST':
data = json.loads(request.body)
@@ -83,14 +84,15 @@ def submitPackage(request):
emails = int(data['emails'])
allowedDomains = int(data['allowedDomains'])
if admin.type == 1:
if packageSpace < 0 or packageBandwidth < 0 or packageDatabases < 0 or ftpAccounts < 0 or emails < 0 or allowedDomains < 0:
data_ret = {'saveStatus': 0, 'error_message': "All values should be positive or 0."}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
admin = Administrator.objects.get(pk=request.session['userID'])
admin = Administrator.objects.get(pk=val)
packageName = admin.userName+"_"+packageName
@@ -102,6 +104,10 @@ def submitPackage(request):
data_ret = {'saveStatus': 1,'error_message': "None"}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
else:
data_ret = {'saveStatus': 0, 'error_message': "Not enough privileges."}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
except BaseException,msg:
data_ret = {'saveStatus': 0, 'error_message': str(msg)}
@@ -115,7 +121,9 @@ def submitPackage(request):
def submitDelete(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
try:
if admin.type == 1:
if request.method == 'POST':
data = json.loads(request.body)
packageName = data['packageName']
@@ -126,6 +134,10 @@ def submitDelete(request):
data_ret = {'deleteStatus': 1,'error_message': "None"}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
else:
data_ret = {'deleteStatus': 0, 'error_message': "Not enough privileges."}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
except BaseException,msg:
data_ret = {'deleteStatus': 0, 'error_message': str(msg)}
@@ -156,7 +168,7 @@ def modifyPackage(request):
packageList.append(items.packageName)
except BaseException,msg:
logging.writeToFile(str(msg))
logging.CyberCPLogFileWriter.writeToFile(str(msg))
return HttpResponse("Please see CyberCP Main Log File")
except KeyError:
@@ -173,7 +185,9 @@ def modifyPackage(request):
def submitModify(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
try:
if admin.type == 1:
if request.method == 'POST':
data = json.loads(request.body)
@@ -191,6 +205,11 @@ def submitModify(request):
"diskSpace":diskSpace,"bandwidth":bandwidth,"ftpAccounts":ftpAccounts,"dataBases":dataBases,"allowedDomains":modifyPack.allowedDomains}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
else:
data_ret = {'modifyStatus': 0, 'error_message': "Not enough privileges."}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
except BaseException,msg:
data_ret = {'modifyStatus': 0, 'error_message': str(msg)}
@@ -205,9 +224,10 @@ def submitModify(request):
def saveChanges(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
try:
if admin.type == 1:
if request.method == 'POST':
data = json.loads(request.body)
packageName = data['packageName']
@@ -229,6 +249,10 @@ def saveChanges(request):
data_ret = {'saveStatus': 1,'error_message': "None"}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
else:
data_ret = {'saveStatus': 0,'error_message': "Not enough privileges."}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
except BaseException,msg:
data_ret = {'saveStatus': 0, 'error_message': str(msg)}

2
plogical/dnsUtilities.py
View File

@@ -1,4 +1,4 @@
#!/usr/bin/env python2.7
#!/usr/local/CyberCP/bin/python2
import os,sys
sys.path.append('/usr/local/CyberCP')
import django

2
plogical/ftpUtilities.py
View File

@@ -1,4 +1,4 @@
#!/usr/bin/env python2.7
#!/usr/local/CyberCP/bin/python2
import os,sys
sys.path.append('/usr/local/CyberCP')
import django

2
plogical/vhost.py
View File

@@ -1,4 +1,4 @@
#!/usr/bin/env python2.7
#!/usr/local/CyberCP/bin/python2
import os
import os.path
import sys

4
plogical/virtualHostUtilities.py
View File

@@ -1,4 +1,4 @@
#!/usr/bin/env python2.7
#!/usr/local/CyberCP/bin/python2
import os
import os.path
import sys
@@ -237,9 +237,7 @@ class virtualHostUtilities:
vhost.addRewriteRules(virtualHost, fileName)
vhostFile = open(fileName, "w")
vhostFile.write(open(tempPath, "r").read())
vhostFile.close()
if os.path.exists(tempPath):

29
postfixSenderPolicy/accept_traffic.py
View File

@@ -1,4 +1,4 @@
#!/usr/bin/env python2.7
#!/usr/local/CyberCP/bin/python2
import os,sys
sys.path.append('/usr/local/CyberCP')
import django
@@ -15,6 +15,7 @@ from cacheManager import cacheManager
limitThreads = multi.BoundedSemaphore(10)
class HandleRequest(multi.Thread):
cleaningPath = '/home/cyberpanel/purgeCache'
def __init__(self, conn):
multi.Thread.__init__(self)
self.connection = conn
@@ -24,24 +25,27 @@ class HandleRequest(multi.Thread):
dataComplete = ""
try:
try:
while True:
# Wait for a connection
if os.path.exists(HandleRequest.cleaningPath):
readFromFile = open(HandleRequest.cleaningPath, 'r')
command = readFromFile.read()
cacheManager.handlePurgeRequest(command)
readFromFile.close()
logging.writeToFile(command + 'nCommand')
os.remove(HandleRequest.cleaningPath)
Data = self.connection.recv(64)
if Data:
if len(Data) < 64:
dataComplete = dataComplete + Data
if dataComplete.find('cyberpanelCleaner') > -1:
logging.writeToFile(dataComplete)
cacheManager.handlePurgeRequest(dataComplete)
else:
self.manageRequest(dataComplete)
dataComplete = ''
else:
dataComplete = dataComplete + Data
else:
self.connection.close()
break
finally:
# Clean up the connection
self.connection.close()
@@ -55,10 +59,9 @@ class HandleRequest(multi.Thread):
for items in completeData:
tempData = items.split('=')
if tempData[0] == 'client_name':
domainName = tempData[1]
elif tempData[0] == 'sender':
if tempData[0] == 'sender':
emailAddress = tempData[1]
domainName = emailAddress.split('@')[1]
elif tempData[0] == 'recipient':
destination = tempData[1]
@@ -81,7 +84,7 @@ class HandleRequest(multi.Thread):
#logging.writeToFile('Email Monthly Used: ' + str(emailObj.monthlyUsed))
if domainObj.limitStatus == 1 and emailObj.limitStatus == 1:
if emailObj.monthlyLimits <= emailObj.monthlyUsed or emailObj.hourlyLimits <= emailObj.hourlyUsed:
if domainObj.monthlyLimits <= domainObj.monthlyLimits or emailObj.monthlyLimits <= emailObj.monthlyUsed or emailObj.hourlyLimits <= emailObj.hourlyUsed:
logging.writeToFile(emailAddress + ' either exceeded monthly or hourly sending limit.')
self.connection.sendall('action=defer_if_permit Service temporarily unavailable\n\n')
else:
@@ -91,6 +94,7 @@ class HandleRequest(multi.Thread):
logEntry.save()
emailObj.monthlyUsed = emailObj.monthlyUsed + 1
emailObj.hourlyUsed = emailObj.hourlyUsed + 1
domainObj.monthlyUsed = domainObj.monthlyUsed + 1
self.connection.sendall('action=dunno\n\n')
else:
email = EUsers.objects.get(email=emailAddress)
@@ -104,5 +108,6 @@ class HandleRequest(multi.Thread):
except BaseException, msg:
logging.writeToFile(completeData)
self.connection.sendall('action=dunno\n\n')
logging.writeToFile(str(msg))

17
postfixSenderPolicy/cacheManager.py
View File

@@ -1,4 +1,4 @@
#!/usr/bin/env python2.7
#!/usr/local/CyberCP/bin/python2
import os,sys
sys.path.append('/usr/local/CyberCP')
import django
@@ -19,7 +19,8 @@ class cacheManager:
domaindb = Domains.objects.get(domain=domain)
dbDomain = DomainLimits.objects.get(domain=domaindb)
totalDomainUsed = 0
dbDomain.monthlyUsed = domainOBJ.monthlyUsed
dbDomain.save()
for email, emailOBJ in domainOBJ.emails.iteritems():
emailID = EUsers.objects.get(email=email)
@@ -27,13 +28,8 @@ class cacheManager:
dbEmail.monthlyUsed = emailOBJ.monthlyUsed
dbEmail.hourlyUsed = emailOBJ.hourlyUsed
totalDomainUsed = totalDomainUsed + emailOBJ.monthlyUsed
dbEmail.save()
dbDomain.monthlyUsed = totalDomainUsed
dbDomain.save()
except BaseException, msg:
logging.writeToFile(str(msg))
@@ -130,6 +126,13 @@ class cacheManager:
for domain, domainOBJ in cacheManager.domains.iteritems():
for email, emailOBJ in domainOBJ.emails.iteritems():
emailID = EUsers.objects.get(email=email)
dbEmail = EmailLimits.objects.get(email=emailID)
dbEmail.hourlyUsed = 0
dbEmail.save()
emailID = EUsers.objects.get(email=email)
dbEmail = EmailLimits.objects.get(email=emailID)

24
postfixSenderPolicy/client.py
View File

@@ -1,29 +1,23 @@
#!/usr/bin/env python2.7
#!/usr/local/CyberCP/bin/python2
import socket
import sys
sys.path.append('/usr/local/CyberCP')
from plogical.CyberCPLogFileWriter import CyberCPLogFileWriter as logging
import argparse
from plogical.mailUtilities import mailUtilities
class cacheClient:
def __init__(self, serverAddr):
self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
self.serverAddr = serverAddr
self.sock.connect(self.serverAddr)
def sendData(self, data):
self.sock.sendall(data)
def __del__(self):
self.sock.close()
cleaningPath = '/home/cyberpanel/purgeCache'
@staticmethod
def handleCachePurgeRequest(command):
try:
serverAddr = ('localhost', 1089)
cachePurger = cacheClient(serverAddr)
cachePurger.sendData(command)
mailUtilities.checkHome()
writeToFile = open(cacheClient.cleaningPath, 'w')
writeToFile.write(command)
writeToFile.close()
except BaseException, msg:
logging.writeToFile(str(msg))

15
postfixSenderPolicy/policyCTRL.py
View File

@@ -1,4 +1,4 @@
#!/usr/bin/env python2.7
#!/usr/local/CyberCP/bin/python2
import subprocess, signal
import shlex
import argparse
@@ -10,6 +10,7 @@ from plogical.CyberCPLogFileWriter import CyberCPLogFileWriter as logging
class policyCTRL:
applicationPath = '/usr/local/CyberCP/postfixSenderPolicy/pid'
cleaningPID = '/usr/local/CyberCP/postfixSenderPolicy/cpid'
def prepareArguments(self):
@@ -27,7 +28,19 @@ class policyCTRL:
subprocess.Popen(shlex.split(command))
def stop(self):
path = policyCTRL.applicationPath
if os.path.exists(path):
pid = open(path, "r").readlines()[0]
try:
os.kill(int(pid), signal.SIGTERM)
except BaseException, msg:
logging.writeToFile(str(msg))
## Cleaning PID
path = policyCTRL.cleaningPID
if os.path.exists(path):
pid = open(path, "r").readlines()[0]
try:
os.kill(int(pid), signal.SIGTERM)

30
postfixSenderPolicy/startServer.py
View File

@@ -1,10 +1,11 @@
#!/usr/bin/env python2.7
#!/usr/local/CyberCP/bin/python2
import os,sys
sys.path.append('/usr/local/CyberCP')
import django
os.environ.setdefault("DJANGO_SETTINGS_MODULE", "CyberCP.settings")
django.setup()
import socket
import os
import accept_traffic as handle
from plogical.CyberCPLogFileWriter import CyberCPLogFileWriter as logging
@@ -13,8 +14,11 @@ from cacheManager import cacheManager
class SetupConn:
cleaningPath = '/home/cyberpanel/purgeCache'
server_address = ('localhost', 1089)
cleaning_server = ('localhost', 1090)
applicationPath = '/usr/local/CyberCP/postfixSenderPolicy/pid'
cleaningServerPID = '/usr/local/CyberCP/postfixSenderPolicy/cpid'
def __init__(self, serv_addr):
@@ -22,32 +26,40 @@ class SetupConn:
self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
def setup_conn(self):
logging.writeToFile('Starting CyberPanel Email Policy Server!')
self.sock.bind(SetupConn.server_address)
self.sock.bind(self.server_addr)
logging.writeToFile('CyberPanel Email Policy Server Successfully started!')
def start_listening(self):
self.sock.listen(1)
self.sock.listen(5)
while True:
# Wait for a connection
logging.writeToFile('Waiting For Connection!')
if os.path.exists(SetupConn.cleaningPath):
readFromFile = open(SetupConn.cleaningPath, 'r')
command = readFromFile.read()
cacheManager.handlePurgeRequest(command)
readFromFile.close()
os.remove(SetupConn.cleaningPath)
connection, client_address = self.sock.accept()
background = handle.HandleRequest(connection)
background.start()
def __del__(self):
self.sock.close()
logging.writeToFile('Closing open connections!')
def Main():
writeToFile = open(SetupConn.applicationPath, 'w')
writeToFile.write(str(os.getpid()))
writeToFile.close()
for sig in (SIGABRT, SIGINT, SIGTERM):
signal(sig, cacheManager.cleanUP)
###
writeToFile = open(SetupConn.applicationPath, 'w')
writeToFile.write(str(os.getpid()))
writeToFile.close()
listenConn = SetupConn(SetupConn.server_address)
listenConn.setup_conn()

29
serverLogs/views.py
View File

@@ -17,6 +17,9 @@ from plogical.virtualHostUtilities import virtualHostUtilities
def logsHome(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
if admin.type == 3:
return HttpResponse("You don't have enough privileges to access this page.")
except KeyError:
return redirect(loadLoginPage)
@@ -29,10 +32,8 @@ def accessLogs(request):
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
if admin.type == 3:
return HttpResponse("You don't have enough priviliges to access this page.")
return HttpResponse("You don't have enough privileges to access this page.")
return render(request,'serverLogs/accessLogs.html')
@@ -48,7 +49,7 @@ def errorLogs(request):
admin = Administrator.objects.get(pk=val)
if admin.type == 3:
return HttpResponse("You don't have enough priviliges to access this page.")
return HttpResponse("You don't have enough privileges to access this page.")
return render(request,'serverLogs/errorLogs.html')
@@ -64,7 +65,7 @@ def ftplogs(request):
admin = Administrator.objects.get(pk=val)
if admin.type == 3:
return HttpResponse("You don't have enough priviliges to access this page.")
return HttpResponse("You don't have enough privileges to access this page.")
return render(request,'serverLogs/ftplogs.html')
@@ -80,7 +81,7 @@ def emailLogs(request):
admin = Administrator.objects.get(pk=val)
if admin.type == 3:
return HttpResponse("You don't have enough priviliges to access this page.")
return HttpResponse("You don't have enough privileges to access this page.")
return render(request,'serverLogs/emailLogs.html')
@@ -96,7 +97,7 @@ def modSecAuditLogs(request):
admin = Administrator.objects.get(pk=val)
if admin.type == 3:
return HttpResponse("You don't have enough priviliges to access this page.")
return HttpResponse("You don't have enough privileges to access this page.")
return render(request,'serverLogs/modSecAuditLog.html')
@@ -110,6 +111,9 @@ def getLogsFromFile(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(id=val)
if admin.type == 1:
data = json.loads(request.body)
type = data['type']
@@ -130,10 +134,13 @@ def getLogsFromFile(request):
fewLinesOfLogFile = subprocess.check_output(shlex.split(command))
status = {"logstatus":1,"logsdata":fewLinesOfLogFile}
final_json = json.dumps(status)
return HttpResponse(final_json)
else:
status = {"logstatus": 0, 'error': "You don't have enough privileges to access this page."}
final_json = json.dumps(status)
return HttpResponse(final_json)
except KeyError, msg:
@@ -144,7 +151,9 @@ def getLogsFromFile(request):
def clearLogFile(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
try:
if admin.type == 1:
if request.method == 'POST':
data = json.loads(request.body)
@@ -165,6 +174,10 @@ def clearLogFile(request):
data_ret = {'cleanStatus': 0, 'error_message': output}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
else:
data_ret = {'cleanStatus': 0, 'error_message': 'Not enough privileges.'}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
except BaseException,msg:
data_ret = {'cleanStatus': 0, 'error_message': str(msg)}

23
serverStatus/views.py
View File

@@ -57,9 +57,6 @@ def litespeedStatus(request):
else:
loadedModules.append(items)
except subprocess.CalledProcessError,msg:
logging.CyberCPLogFileWriter.writeToFile(str(msg) + "[litespeedStatus]")
return render(request,"serverStatus/litespeedStatus.html",{"processList":processList,"liteSpeedVersionStatus":"For some reaons not able to load version details, see CyberCP main log file."})
@@ -121,7 +118,7 @@ def cyberCPMainLogFile(request):
admin = Administrator.objects.get(pk=val)
if admin.type == 3:
return HttpResponse("You don't have enough priviliges to access this page.")
return HttpResponse("You don't have enough privileges to access this page.")
return render(request,'serverStatus/cybercpmainlogfile.html')
@@ -131,23 +128,23 @@ def cyberCPMainLogFile(request):
return redirect(loadLoginPage)
def getFurtherDataFromLogFile(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
if admin.type == 1:
fewLinesOfLogFile = logging.CyberCPLogFileWriter.readLastNFiles(50,logging.CyberCPLogFileWriter.fileName)
fewLinesOfLogFile = str(fewLinesOfLogFile)
status = {"logstatus":1,"logsdata":fewLinesOfLogFile}
status = {"logstatus": 1, "logsdata": fewLinesOfLogFile}
final_json = json.dumps(status)
return HttpResponse(final_json)
else:
status = {"logstatus": 0,'error':"You don't have enough privilege to view logs."}
final_json = json.dumps(status)
return HttpResponse(final_json)
except KeyError, msg:
status = {"logstatus":0,"error":"Could not fetch data from log file, please see CyberCP main log file through command line."}
@@ -268,7 +265,7 @@ def servicesAction(request):
admin = Administrator.objects.get(pk=val)
if admin.type == 3:
final = {'serviceAction': 0, "error_message": "Not enough privilege"}
final = {'serviceAction': 0, "error_message": "Not enough privileges."}
final_json = json.dumps(final)
return HttpResponse(final_json)

33
tuning/views.py
View File

@@ -18,11 +18,9 @@ import shlex
def loadTuningHome(request):
try:
userID = request.session['userID']
admin = Administrator.objects.get(pk=userID)
if admin.type == 3:
return HttpResponse("You don't have enough priviliges to access this page.")
return HttpResponse("You don't have enough privileges to access this page.")
return render(request,'tuning/index.html',{})
except KeyError:
return redirect(loadLoginPage)
@@ -35,7 +33,7 @@ def liteSpeedTuning(request):
admin = Administrator.objects.get(pk=userID)
if admin.type == 3:
return HttpResponse("You don't have enough priviliges to access this page.")
return HttpResponse("You don't have enough privileges to access this page.")
return render(request,'tuning/liteSpeedTuning.html',{})
except KeyError:
return redirect(loadLoginPage)
@@ -48,7 +46,7 @@ def phpTuning(request):
admin = Administrator.objects.get(pk=userID)
if admin.type == 3:
return HttpResponse("You don't have enough priviliges to access this page.")
return HttpResponse("You don't have enough privileges to access this page.")
admin = Administrator.objects.get(pk=request.session['userID'])
@@ -68,18 +66,19 @@ def phpTuning(request):
return redirect(loadLoginPage)
def tuneLitespeed(request):
try:
val = request.session['userID']
try:
admin = Administrator.objects.get(pk=val)
if admin.type == 1:
if request.method == 'POST':
data = json.loads(request.body)
status = data['status']
if status=="fetch":
json_data = json.dumps(tuning.fetchTuningDetails())
@@ -128,8 +127,6 @@ def tuneLitespeed(request):
execPath = execPath + " saveTuningDetails --maxConn " + maxConn + " --maxSSLConn " + maxSSLConn + " --connTime " + connTime + " --keepAlive " + keepAlive + " --inMemCache '" + inMemCache + "' --gzipCompression " + gzipCompression
output = subprocess.check_output(shlex.split(execPath))
if output.find("1,None") > -1:
@@ -141,7 +138,10 @@ def tuneLitespeed(request):
final_json = json.dumps(data_ret)
return HttpResponse(final_json)
else:
data_ret = {'fetch_status': 0, 'error_message': "You don't have enough privileges.", 'tuneStatus': 0}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
except BaseException,msg:
data_ret = {'fetch_status': 0, 'error_message': str(msg), 'tuneStatus': 0}
@@ -149,7 +149,7 @@ def tuneLitespeed(request):
return HttpResponse(json_data)
except KeyError:
data_ret = {'tuneStatus': 0, 'error_message': "not logged in as admin",'fetch_status': 0}
data_ret = {'fetch_status': 0, 'error_message': "not logged in as admin",'fetch_status': 0}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
@@ -157,9 +157,9 @@ def tuneLitespeed(request):
def tunePHP(request):
try:
val = request.session['userID']
try:
admin = Administrator.objects.get(pk=val)
if admin.type == 1:
if request.method == 'POST':
data = json.loads(request.body)
status = data['status']
@@ -167,8 +167,6 @@ def tunePHP(request):
if status=="fetch":
json_data = json.dumps(tuning.fetchPHPDetails(domainSelection))
data_ret = {'fetch_status': 1, 'error_message': "None","tuning_data":json_data,'tuneStatus': 0}
@@ -203,6 +201,11 @@ def tunePHP(request):
logging.CyberCPLogFileWriter.writeToFile(output + " [tunePHP]]")
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
else:
data_ret = {'fetch_status': 0, 'error_message': "You don't have enough privileges.", 'tuneStatus': 0}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
except BaseException,msg:

13
userManagment/templates/userManagment/modifyUser.html
View File

@@ -77,6 +77,19 @@
<div class="current-pack">{% trans "Currently:" %} {$ currentAccountType $}</div>
</div>
{% else %}
<div ng-hide="accountTypeView" class="form-group">
<label class="col-sm-3 control-label">{% trans "Account Type" %}</label>
<div class="col-sm-6">
<select ng-change="showLimitsBox()" ng-model="accountType" class="form-control">
<option>Normal User</option>
</select>
</div>
<div class="current-pack">{% trans "Currently:" %} {$ currentAccountType $}</div>
</div>
{% endif %}

37
userManagment/views.py
View File

@@ -50,9 +50,6 @@ def viewProfile(request):
else:
AdminData['type'] = "User"
return render(request, 'userManagment/userProfile.html',AdminData)
except KeyError:
return redirect(loadLoginPage)
@@ -65,7 +62,7 @@ def createUser(request):
admin = Administrator.objects.get(pk=userID)
if admin.type == 3:
return HttpResponse("You don't have enough priviliges to access this page.")
return HttpResponse("You don't have enough privileges to access this page.")
try:
adminType = admin.type
@@ -80,7 +77,6 @@ def createUser(request):
return redirect(loadLoginPage)
def submitUserCreation(request):
try:
val = request.session['userID']
@@ -196,29 +192,26 @@ def modifyUsers(request):
userID = request.session['userID']
admin = Administrator.objects.get(pk=userID)
if admin.type == 3:
return HttpResponse("You don't have enough priviliges to access this page.")
adminNames = []
if admin.type == 1:
admins = Administrator.objects.all()
adminNames = []
adminType = 1
for items in admins:
adminNames.append(items.userName)
else:
elif admin.type == 2:
admins = Administrator.objects.filter(owner=admin.pk)
adminNames = []
adminType = 2
for items in admins:
adminNames.append(items.userName)
else:
adminType = 3
adminNames.append(admin.userName)
return render(request, 'userManagment/modifyUser.html',{"acctNames":adminNames,"adminType":adminType})
except KeyError:
return redirect(loadLoginPage)
def fetchUserDetails(request):
try:
val = request.session['userID']
@@ -271,7 +264,6 @@ def fetchUserDetails(request):
return HttpResponse(json_data)
def saveModifications(request):
try:
val = request.session['userID']
@@ -284,11 +276,18 @@ def saveModifications(request):
lastName = data['lastName']
email = data['email']
admin = Administrator.objects.get(pk=val)
user = Administrator.objects.get(userName=accountUsername)
password = hashPassword.hash_password(data['password'])
if admin.type != 1:
if admin != user:
data_ret = {'saveStatus': 1, 'error_message': 'Not enough privileges'}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
if user.type == 1:
userAccountsLimit = 0
websitesLimit = 0
@@ -371,7 +370,7 @@ def deleteUser(request):
admin = Administrator.objects.get(pk=userID)
if admin.type == 3:
return HttpResponse("You don't have enough priviliges to access this page.")
return HttpResponse("You don't have enough privileges to access this page.")
if admin.type == 1:
admins = Administrator.objects.all()
@@ -398,13 +397,19 @@ def submitUserDeletion(request):
data = json.loads(request.body)
accountUsername = data['accountUsername']
admin = Administrator.objects.get(pk=val)
if admin.type == 1:
user = Administrator.objects.get(userName=accountUsername)
user.delete()
data_ret = {'deleteStatus': 1, 'error_message': 'None'}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
else:
data_ret = {'deleteStatus': 1, 'error_message': 'Not enough privileges'}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)

391
websiteFunctions/views.py
View File

@@ -31,9 +31,7 @@ from plogical.mailUtilities import mailUtilities
def loadWebsitesHome(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
return render(request,'websiteFunctions/index.html',{"type":admin.type})
except KeyError:
return redirect(loadLoginPage)
@@ -42,35 +40,38 @@ def createWebsite(request):
try:
val = request.session['userID']
try:
admin = Administrator.objects.get(pk=request.session['userID'])
packages = admin.package_set.all()
packagesName = []
admin = Administrator.objects.get(pk=val)
if admin.type == 3:
final = {'error': 1, "error_message": "Not enough privilege"}
final_json = json.dumps(final)
return HttpResponse(final_json)
return HttpResponse("Not enough privileges.")
packagesName = []
adminNames = []
if admin.type == 1:
admins = Administrator.objects.all()
for items in admins:
adminNames.append(items.userName)
packages = Package.objects.all()
for items in packages:
packagesName.append(items.packageName)
else:
admins = Administrator.objects.filter(owner=admin.pk)
adminNames.append(admin.userName)
for items in admins:
adminNames.append(items.userName)
packages = admin.package_set.all()
for items in packages:
packagesName.append(items.packageName)
if admin.type == 1:
admins = Administrator.objects.all()
adminNames = []
for items in admins:
adminNames.append(items.userName)
else:
admins = Administrator.objects.filter(owner=admin.pk)
adminNames = []
adminNames.append(admin.userName)
for items in admins:
adminNames.append(items.userName)
Data = {'packageList': packagesName,"owernList":adminNames}
return render(request, 'websiteFunctions/createWebsite.html', Data)
except BaseException, msg:
logging.CyberCPLogFileWriter.writeToFile(str(msg))
@@ -83,10 +84,10 @@ def modifyWebsite(request):
try:
val = request.session['userID']
try:
admin = Administrator.objects.get(pk=request.session['userID'])
admin = Administrator.objects.get(pk=val)
if admin.type == 3:
final = {'error': 1, "error_message": "Not enough privilege"}
final = {'error': 1, "error_message": "Not enough privileges."}
final_json = json.dumps(final)
return HttpResponse(final_json)
@@ -128,12 +129,10 @@ def deleteWebsite(request):
try:
val = request.session['userID']
try:
admin = Administrator.objects.get(pk=request.session['userID'])
admin = Administrator.objects.get(pk=val)
if admin.type == 3:
final = {'error': 1, "error_message": "Not enough privilege"}
final_json = json.dumps(final)
return HttpResponse(final_json)
return HttpResponse('Not enough privileges.')
if admin.type == 1:
websites = Websites.objects.all()
@@ -173,7 +172,10 @@ def siteState(request):
try:
val = request.session['userID']
try:
admin = Administrator.objects.get(pk=request.session['userID'])
admin = Administrator.objects.get(pk=val)
if admin.type == 3:
return HttpResponse('Not enough privileges.')
if admin.type == 1:
websites = Websites.objects.all()
@@ -211,7 +213,8 @@ def siteState(request):
def submitWebsiteCreation(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
if request.method == 'POST':
data = json.loads(request.body)
@@ -226,11 +229,7 @@ def submitWebsiteCreation(request):
####### Limitations check
admin = Administrator.objects.get(userName=websiteOwner)
if admin.type == 1:
pass
else:
if admin.type != 1:
data_ret = {"existsStatus": 0, 'createWebSiteStatus': 0,
'error_message': "Only administrators are allowed to create websites."}
json_data = json.dumps(data_ret)
@@ -301,6 +300,9 @@ def submitDomainCreation(request):
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
if admin.type != 1:
data['openBasedir'] = 1
execPath = "sudo python " + virtualHostUtilities.cyberPanel + "/plogical/virtualHostUtilities.py"
execPath = execPath + " createDomain --masterDomain " + masterDomain + " --virtualHostName " + domain + \
@@ -331,12 +333,17 @@ def fetchDomains(request):
try:
if request.method == 'POST':
data = json.loads(request.body)
masterDomain = data['masterDomain']
admin = Administrator.objects.get(pk=val)
master = Websites.objects.get(domain=masterDomain)
if admin.type != 1:
if master.admin != admin:
final_json = json.dumps({'fetchStatus': 0, 'error_message': "You do not own this website."})
return HttpResponse(final_json)
childDomains = master.childdomains_set.all()
json_data = "["
@@ -355,9 +362,8 @@ def fetchDomains(request):
else:
json_data = json_data + ',' + json.dumps(dic)
json_data = json_data + ']'
final_json = json.dumps({'fetchStatus': 1, 'error_message': "None","data":json_data})
final_json = json.dumps({'fetchStatus': 1, 'error_message': "None", "data": json_data})
return HttpResponse(final_json)
except BaseException,msg:
@@ -373,11 +379,9 @@ def fetchDomains(request):
def listWebsites(request):
try:
val = request.session['userID']
try:
admin = Administrator.objects.get(pk=request.session['userID'])
admin = Administrator.objects.get(pk=val)
if admin.type == 1:
websites = Websites.objects.all()
else:
@@ -410,10 +414,9 @@ def listWebsites(request):
def getFurtherAccounts(request):
try:
val = request.session['userID']
try:
admin = Administrator.objects.get(pk=request.session['userID'])
admin = Administrator.objects.get(pk=val)
if request.method == 'POST':
try:
@@ -484,6 +487,10 @@ def submitWebsiteDeletion(request):
data = json.loads(request.body)
websiteName = data['websiteName']
admin = Administrator.objects.get(pk=val)
if admin.type == 1:
numberOfWebsites = str(Websites.objects.count()+ChildDomains.objects.count())
## Deleting master domain
@@ -499,6 +506,10 @@ def submitWebsiteDeletion(request):
data_ret = {'websiteDeleteStatus': 1,'error_message': "None"}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
else:
data_ret = {'websiteDeleteStatus': 0, 'error_message': "Only administrators can delete websites."}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
except BaseException,msg:
@@ -519,6 +530,10 @@ def submitDomainDeletion(request):
data = json.loads(request.body)
websiteName = data['websiteName']
childDomain = ChildDomains.objects.get(domain=websiteName)
admin = Administrator.objects.get(pk=val)
if childDomain.master.admin == admin:
execPath = "sudo python " + virtualHostUtilities.cyberPanel + "/plogical/virtualHostUtilities.py"
execPath = execPath + " deleteDomain --virtualHostName " + websiteName
@@ -528,6 +543,10 @@ def submitDomainDeletion(request):
data_ret = {'websiteDeleteStatus': 1,'error_message': "None"}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
else:
data_ret = {'websiteDeleteStatus': 0, 'error_message': "You can not delete this child domain, as master domain is not owned by logged in user."}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
except BaseException,msg:
data_ret = {'websiteDeleteStatus': 0, 'error_message': str(msg)}
@@ -548,8 +567,9 @@ def submitWebsiteStatus(request):
state = data['state']
website = Websites.objects.get(domain=websiteName)
admin = Administrator.objects.get(pk=val)
if admin.type == 1:
if state == "Suspend":
confPath = virtualHostUtilities.Server_root + "/conf/vhosts/" + websiteName
command = "sudo mv " + confPath + " " + confPath + "-suspended"
@@ -571,11 +591,15 @@ def submitWebsiteStatus(request):
website.save()
data_ret = {'websiteStatus': 1,'error_message': "None"}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
else:
data_ret = {'websiteStatus': 0, 'error_message': "Only administrators can suspend websites."}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
except BaseException,msg:
@@ -594,18 +618,15 @@ def submitWebsiteModify(request):
if request.method == 'POST':
admin = Administrator.objects.get(pk=request.session['userID'])
admin = Administrator.objects.get(pk=val)
if admin.type == 1:
packs = Package.objects.all()
else:
packs = Package.objects.filter(admin=admin)
if admin.type == 1:
admins = Administrator.objects.all()
else:
admins = Administrator.objects.filter(owner=admin.pk)
data_ret = {'modifyStatus': 0, 'error_message': "Only administrator can see modification data."}
final_json = json.dumps(data_ret)
return HttpResponse(final_json)
## Get packs name
@@ -679,10 +700,18 @@ def saveWebsiteChanges(request):
package = data['packForWeb']
email = data['email']
phpVersion = data['phpVersion']
admin = data['admin']
newUser = data['admin']
## php changes
admin = Administrator.objects.get(pk=val)
if admin.type!=1:
data_ret = {'saveStatus': 0, 'error_message': 'Only administrator can make changes to websites.'}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
confPath = virtualHostUtilities.Server_root + "/conf/vhosts/" + domain
completePathToConfigFile = confPath + "/vhost.conf"
@@ -701,7 +730,7 @@ def saveWebsiteChanges(request):
## php changes ends
newOwner = Administrator.objects.get(userName=admin)
newOwner = Administrator.objects.get(userName=newUser)
modifyWeb = Websites.objects.get(domain=domain)
webpack = Package.objects.get(packageName=package)
@@ -728,13 +757,12 @@ def saveWebsiteChanges(request):
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
def domain(request,domain):
def domain(request, domain):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
if Websites.objects.filter(domain=domain).exists():
if admin.type == 1:
website = Websites.objects.get(domain=domain)
@@ -819,17 +847,15 @@ def domain(request,domain):
{"error": 1, "domain": "You do not own this domain."})
else:
return render(request, 'websiteFunctions/website.html', {"error":1,"domain": "This domain does not exists"})
return render(request, 'websiteFunctions/website.html', {"error":1,"domain": "This domain does not exists."})
except KeyError:
return redirect(loadLoginPage)
def launchChild(request,domain, childDomain):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
if ChildDomains.objects.filter(domain=childDomain).exists():
if admin.type == 1:
website = Websites.objects.get(domain=domain)
@@ -921,11 +947,21 @@ def launchChild(request,domain, childDomain):
return redirect(loadLoginPage)
def getDataFromLogFile(request):
try:
val = request.session['userID']
data = json.loads(request.body)
logType = data['logType']
virtualHost = data['virtualHost']
page = data['page']
admin = Administrator.objects.get(pk=val)
website = Websites.objects.get(domain=virtualHost)
if admin.type != 1:
if website.admin != admin:
final_json = json.dumps({'logstatus': 0, 'error_message': "You do not own this website."})
return HttpResponse(final_json)
if logType == 1:
fileName = "/home/" + virtualHost + "/logs/" + virtualHost + ".access_log"
else:
@@ -933,13 +969,10 @@ def getDataFromLogFile(request):
## get Logs
execPath = "sudo python " + virtualHostUtilities.cyberPanel + "/plogical/virtualHostUtilities.py"
execPath = execPath + " getAccessLogs --path " + fileName + " --page " + str(page)
output = subprocess.check_output(shlex.split(execPath))
if output.find("1,None") > -1:
@@ -978,28 +1011,40 @@ def getDataFromLogFile(request):
json_data = json_data + ',' + json.dumps(dic)
json_data = json_data + ']'
final_json = json.dumps({'logstatus': 1, 'error_message': "None", "data": json_data})
return HttpResponse(final_json)
##
except KeyError,msg:
data_ret = {'logstatus': 0, 'error_message': str(msg)}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
def fetchErrorLogs(request):
try:
val = request.session['userID']
data = json.loads(request.body)
virtualHost = data['virtualHost']
page = data['page']
admin = Administrator.objects.get(pk=val)
website = Websites.objects.get(domain=virtualHost)
if admin.type != 1:
if website.admin != admin:
final_json = json.dumps({'logstatus': 0, 'error_message': "You do not own this website."})
return HttpResponse(final_json)
fileName = "/home/" + virtualHost + "/logs/" + virtualHost + ".error_log"
## get Logs
execPath = "sudo python " + virtualHostUtilities.cyberPanel + "/plogical/virtualHostUtilities.py"
execPath = execPath + " getErrorLogs --path " + fileName + " --page " + str(page)
output = subprocess.check_output(shlex.split(execPath))
if output.find("1,None") > -1:
@@ -1042,13 +1087,31 @@ def installWordpress(request):
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
admin = Administrator.objects.get(pk=val)
try:
website = ChildDomains.objects.get(domain=domainName)
externalApp = website.master.externalApp
if admin.type != 1:
if website.master.admin != admin:
data_ret = {'installStatus': 0,
'error_message': "You do not own this website!"}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
except:
website = Websites.objects.get(domain=domainName)
externalApp = website.externalApp
if admin.type != 1:
if website.admin != admin:
data_ret = {'installStatus': 0,
'error_message': "You do not own this website!"}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
## DB Creation
dbName = randomPassword.generate_pass()
@@ -1151,13 +1214,29 @@ def installJoomla(request):
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
admin = Administrator.objects.get(pk=val)
try:
website = ChildDomains.objects.get(domain=domainName)
externalApp = website.master.externalApp
if admin.type != 1:
if website.master.admin != admin:
data_ret = {'installStatus': 0,
'error_message': "You do not own this website!"}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
except:
website = Websites.objects.get(domain=domainName)
externalApp = website.externalApp
if admin.type != 1:
if website.admin != admin:
data_ret = {'installStatus': 0,
'error_message': "You do not own this website!"}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
## DB Creation
@@ -1245,11 +1324,26 @@ def getDataFromConfigFile(request):
data = json.loads(request.body)
virtualHost = data['virtualHost']
admin = Administrator.objects.get(pk=val)
try:
if admin.type != 1:
childDom = ChildDomains.objects.get(domain=virtualHost)
if childDom.master.admin != admin:
data_ret = {'configstatus': 0, 'error_message': 'You do not own this website.'}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
except:
if admin.type != 1:
website = Websites.objects.get(domain=virtualHost)
if website.admin != admin:
data_ret = {'configstatus': 0, 'error_message': 'You do not own this website.'}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
filePath = installUtilities.Server_root_path + "/conf/vhosts/"+virtualHost+"/vhost.conf"
filePath = installUtilities.Server_root_path + "/conf/vhosts/" + virtualHost + "/vhost.conf"
configData = open(filePath,"r").read()
configData = open(filePath, "r").read()
if len(configData) == 0:
status = {"configstatus": 0, "error_message": "Configuration file is currently empty!"}
@@ -1257,10 +1351,7 @@ def getDataFromConfigFile(request):
final_json = json.dumps(status)
return HttpResponse(final_json)
status = {"configstatus":1,"configData":configData}
status = {"configstatus": 1, "configData": configData}
final_json = json.dumps(status)
return HttpResponse(final_json)
@@ -1269,8 +1360,6 @@ def getDataFromConfigFile(request):
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
except KeyError, msg:
status = {"configstatus":0,"error":"Could not fetch data from log file, please see CyberCP main log file through command line."}
logging.CyberCPLogFileWriter.writeToFile(str(msg) + "[getDataFromConfigFile]")
@@ -1285,6 +1374,13 @@ def saveConfigsToFile(request):
data = json.loads(request.body)
virtualHost = data['virtualHost']
admin = Administrator.objects.get(pk=val)
if admin.type != 1:
data_ret = {'configstatus': 0, 'error_message': 'Only Administrators can make changes to vhost conf.'}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
## writing data temporary to file
mailUtilities.checkHome()
@@ -1343,7 +1439,25 @@ def getRewriteRules(request):
data = json.loads(request.body)
virtualHost = data['virtualHost']
filePath = "/home/"+virtualHost+"/public_html/.htaccess"
admin = Administrator.objects.get(pk=val)
try:
childDom = ChildDomains.objects.get(domain=virtualHost)
if admin.type != 1:
if childDom.master.admin != admin:
data_ret = {'rewriteStatus': 0, 'error_message': 'You do not own this website.'}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
filePath = childDom.path + '/.htaccess'
except:
website = Websites.objects.get(domain=virtualHost)
if admin.type != 1:
if website.admin != admin:
data_ret = {'rewriteStatus': 0, 'error_message': 'You do not own this website.'}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
filePath = "/home/" + virtualHost + "/public_html/.htaccess"
try:
rewriteRules = open(filePath,"r").read()
@@ -1387,35 +1501,48 @@ def saveRewriteRules(request):
## writing data temporary to file
mailUtilities.checkHome()
tempPath = "/home/cyberpanel/" + str(randint(1000, 9999))
vhost = open(tempPath, "w")
vhost.write(data['rewriteRules'])
vhost.close()
## writing data temporary to file
admin = Administrator.objects.get(pk=val)
try:
childDomain = ChildDomains.objects.get(domain=virtualHost)
filePath = childDomain.path + '/.htaccess'
if admin.type != 1:
if childDomain.master.admin != admin:
data_ret = {'rewriteStatus': 0, 'error_message': 'You do not own this website.'}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
except:
filePath = "/home/" + virtualHost + "/public_html/.htaccess"
if admin.type != 1:
website = Websites.objects.get(domain=virtualHost)
if website.admin != admin:
data_ret = {'rewriteStatus': 0, 'error_message': 'You do not own this website.'}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
## save configuration data
execPath = "sudo python " + virtualHostUtilities.cyberPanel + "/plogical/virtualHostUtilities.py"
execPath = execPath + " saveRewriteRules --virtualHostName "+ virtualHost + " --path " + filePath + " --tempPath " + tempPath
output = subprocess.check_output(shlex.split(execPath))
if output.find("1,None") > -1:
pass
status = {"rewriteStatus": 1, 'error_message': output}
final_json = json.dumps(status)
return HttpResponse(final_json)
else:
data_ret = {'rewriteStatus': 0, 'error_message': output}
json_data = json.dumps(data_ret)
@@ -1423,11 +1550,6 @@ def saveRewriteRules(request):
## save configuration data ends
status = {"rewriteStatus":1}
final_json = json.dumps(status)
return HttpResponse(final_json)
except BaseException, msg:
data_ret = {'rewriteStatus': 0, 'error_message': str(msg)}
json_data = json.dumps(data_ret)
@@ -1448,34 +1570,43 @@ def saveSSL(request):
data = json.loads(request.body)
domain = data['virtualHost']
admin = Administrator.objects.get(pk=val)
try:
website = ChildDomains.objects.get(domain=domain)
if admin.type != 1:
if website.master.admin != admin:
data_ret = {'changePHP': 0, 'error_message': 'You do not own this website.'}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
except:
website = Websites.objects.get(domain=domain)
if admin.type != 1:
if website.admin != admin:
data_ret = {'changePHP': 0, 'error_message': 'You do not own this website.'}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
mailUtilities.checkHome()
## writing data temporary to file
tempKeyPath = "/home/cyberpanel/" + str(randint(1000, 9999))
vhost = open(tempKeyPath, "w")
vhost.write(data['key'])
vhost.close()
tempCertPath = "/home/cyberpanel/" + str(randint(1000, 9999))
vhost = open(tempCertPath, "w")
vhost.write(data['cert'])
vhost.close()
## writing data temporary to file
pathToStoreSSL = virtualHostUtilities.Server_root + "/conf/vhosts/" + "SSL-" + domain
website = Websites.objects.get(domain=domain)
if website.ssl == 0:
## save configuration data
@@ -1507,8 +1638,6 @@ def saveSSL(request):
execPath = execPath + " saveSSL --virtualHostName " + domain + " --path " + pathToStoreSSL + " --tempKeyPath " + tempKeyPath + " --tempCertPath " + tempCertPath + " --sslCheck 1"
output = subprocess.check_output(shlex.split(execPath))
if output.find("1,None") > -1:
@@ -1531,11 +1660,13 @@ def saveSSL(request):
logging.CyberCPLogFileWriter.writeToFile(str(msg) + " [Can not create directory to stroe SSL [saveSSL]]")
data_ret = {'sslStatus': 0, 'error_message': str(msg)}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
except KeyError,msg:
logging.CyberCPLogFileWriter.writeToFile(str(msg) + " [Can not create directory to stroe SSL [saveSSL]]")
data_ret = {'sslStatus': 0, 'error_message': str(msg)}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
def changePHP(request):
try:
@@ -1547,6 +1678,23 @@ def changePHP(request):
childDomain = data['childDomain']
phpVersion = data['phpSelection']
admin = Administrator.objects.get(pk=val)
try:
if admin.type != 1:
childDom = ChildDomains.objects.get(domain=childDomain)
if childDom.master.admin != admin:
data_ret = {'changePHP': 0, 'error_message': 'You do not own this website.'}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
except:
if admin.type != 1:
website = Websites.objects.get(domain=childDomain)
if website.admin != admin:
data_ret = {'changePHP': 0, 'error_message': 'You do not own this website.'}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
confPath = virtualHostUtilities.Server_root + "/conf/vhosts/" + childDomain
completePathToConfigFile = confPath + "/vhost.conf"
@@ -2055,7 +2203,13 @@ def domainAlias(request,domain):
try:
val = request.session['userID']
try:
admin = Administrator.objects.get(pk=request.session['userID'])
admin = Administrator.objects.get(pk=val)
if admin.type != 1:
website = Websites.objects.get(domain=domain)
if website.admin != admin:
raise BaseException('You do not own this website.')
confPath = os.path.join(virtualHostUtilities.Server_root, "conf/httpd_config.conf")
@@ -2102,6 +2256,7 @@ def domainAlias(request,domain):
def submitAliasCreation(request):
try:
val = request.session['userID']
if request.method == 'POST':
data = json.loads(request.body)
@@ -2110,7 +2265,13 @@ def submitAliasCreation(request):
aliasDomain = data['aliasDomain']
ssl = data['ssl']
admin = Administrator.objects.get(pk=request.session['userID'])
admin = Administrator.objects.get(pk=val)
if admin.type != 1:
website = Websites.objects.get(domain=masterDomain)
if website.admin != admin:
data_ret = {'createAliasStatus': 0, 'error_message': 'You do not own this website.'}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
sslpath = "/home/" + masterDomain + "/public_html"
@@ -2145,6 +2306,7 @@ def submitAliasCreation(request):
def issueAliasSSL(request):
try:
val = request.session['userID']
if request.method == 'POST':
data = json.loads(request.body)
@@ -2152,7 +2314,13 @@ def issueAliasSSL(request):
masterDomain = data['masterDomain']
aliasDomain = data['aliasDomain']
admin = Administrator.objects.get(pk=request.session['userID'])
admin = Administrator.objects.get(pk=val)
if admin.type != 1:
website = Websites.objects.get(domain=masterDomain)
if website.admin != admin:
data_ret = {'sslStatus': 0, 'error_message': 'You do not own this website.'}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
sslpath = "/home/" + masterDomain + "/public_html"
@@ -2189,6 +2357,7 @@ def issueAliasSSL(request):
def delateAlias(request):
try:
val = request.session['userID']
if request.method == 'POST':
data = json.loads(request.body)
@@ -2196,7 +2365,13 @@ def delateAlias(request):
masterDomain = data['masterDomain']
aliasDomain = data['aliasDomain']
admin = Administrator.objects.get(pk=request.session['userID'])
admin = Administrator.objects.get(pk=val)
if admin.type != 1:
website = Websites.objects.get(domain=masterDomain)
if website.admin != admin:
data_ret = {'deleteAlias': 0, 'error_message': 'You do not own this website.'}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
sslpath = "/home/" + masterDomain + "/public_html"
@@ -2218,8 +2393,6 @@ def delateAlias(request):
## Create Configurations ends here
data_ret = {'deleteAlias': 1, 'error_message': "None", "existsStatus": 0}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
@@ -2241,6 +2414,14 @@ def changeOpenBasedir(request):
domainName = data['domainName']
openBasedirValue = data['openBasedirValue']
admin = Administrator.objects.get(id=val)
if admin.type != 1:
data_ret = {'changeOpenBasedir': 0, 'error_message': 'Only Administrators can change open_basedir value.'}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
execPath = "sudo python " + virtualHostUtilities.cyberPanel + "/plogical/virtualHostUtilities.py"
execPath = execPath + " changeOpenBasedir --virtualHostName '" + domainName + "' --openBasedirValue " + openBasedirValue