Nemcio/CyberPanel
1
0
Fork 0
mirror of https://github.com/usmannasir/cyberpanel.git synced 2025-10-31 10:26:01 +01:00
Code Issues Packages Projects Releases Wiki Activity

Bug fixes

Browse Source
This commit is contained in:
usmannasir
2018-08-21 13:10:40 +05:00
parent 6c33b38d9f
commit 5c014765db
14 changed files with 437 additions and 555 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
dns/views.py
View File

@@ -652,7 +652,7 @@ def submitZoneDeletion(request):
if currentACL['admin'] == 1:
if delZone.admin != admin:
ACLManager.loadErrorJson()
return ACLManager.loadErrorJson()
delZone.delete()

2
emailPremium/templates/emailPremium/policyServer.html
View File

@@ -27,7 +27,7 @@
<form action="/" id="createPackages" class="form-horizontal bordered-row">
<div class="form-group">
<label class="col-sm-4 control-label">Server Status</label>
<label class="col-sm-4 control-label">{% trans "Server Status" %}</label>
<div class="col-sm-6">
<input type="checkbox" id="policServerStatus" data-toggle="toggle">
</div>

18
filemanager/templates/filemanager/index.html
View File

@@ -697,15 +697,15 @@
<div style="position: absolute;top: 0;left: 0;" id="rightClick" class="card" style="width: 20rem;">
<ul class="list-group list-group-flush">
<a style="border-bottom: 1px solid #007bff;" onclick="return false;" ng-click="showMoveModal()" href="#"><li class="list-group-item"><i class="fa fa-arrows-alt" aria-hidden="true"></i> Move</li></a>
<a style="border-bottom: 1px solid #007bff;" id="downloadOnRight" onclick="return false;" ng-click="downloadFile()" href="#"><li class="list-group-item"><i class="fa fa-download" aria-hidden="true"></i> Download</li></a>
<a style="border-bottom: 1px solid #007bff;" onclick="return false;" ng-click="showCopyModal()" href="#"><li class="list-group-item"><i class="fa fa-files-o" aria-hidden="true"></i> Copy</li></a>
<a style="border-bottom: 1px solid #007bff;" onclick="return false;" ng-click="showRenameModal()" href="#"><li class="list-group-item"><i class="fa fa-file-text-o" aria-hidden="true"></i> Rename</li></a>
<a style="border-bottom: 1px solid #007bff;" onclick="return false;" ng-click="showPermissionsModal()" href="#"><li class="list-group-item"><i class="fa fa-lock" aria-hidden="true"></i> Change Permissions</li></a>
<a style="border-bottom: 1px solid #007bff;" onclick="return false;" ng-click="showDeleteModal()" href="#"><li class="list-group-item"><i class="fa fa-trash" aria-hidden="true"></i> Delete</li></a>
<a style="border-bottom: 1px solid #007bff;" onclick="return false;" ng-click="showCompressionModal()" href="#"><li class="list-group-item"><i class="fa fa-compress" aria-hidden="true"></i> Compress</li></a>
<a style="border-bottom: 1px solid #007bff;" id="extractOnRight" onclick="return false;" ng-click="showExtractionModal()" href="#"><li class="list-group-item"><i class="fa fa-expand" aria-hidden="true"></i> Extract</li></a>
<a style="border-bottom: 1px solid #007bff;" id="editOnRight" onclick="return false;" ng-click="showHTMLEditorModal()" href="#"><li class="list-group-item"><i class="fa fa-pencil-square-o" aria-hidden="true"></i> Edit</li></a>
<a style="border-bottom: 1px solid #007bff;" onclick="return false;" ng-click="showMoveModal()" href="#"><li class="list-group-item"><i class="fa fa-arrows-alt" aria-hidden="true"></i> {% trans "Move" %}</li></a>
<a style="border-bottom: 1px solid #007bff;" id="downloadOnRight" onclick="return false;" ng-click="downloadFile()" href="#"><li class="list-group-item"><i class="fa fa-download" aria-hidden="true"></i> {% trans "Download" %}</li></a>
<a style="border-bottom: 1px solid #007bff;" onclick="return false;" ng-click="showCopyModal()" href="#"><li class="list-group-item"><i class="fa fa-files-o" aria-hidden="true"></i> {% trans "Copy" %}</li></a>
<a style="border-bottom: 1px solid #007bff;" onclick="return false;" ng-click="showRenameModal()" href="#"><li class="list-group-item"><i class="fa fa-file-text-o" aria-hidden="true"></i> {% trans "Rename" %}</li></a>
<a style="border-bottom: 1px solid #007bff;" onclick="return false;" ng-click="showPermissionsModal()" href="#"><li class="list-group-item"><i class="fa fa-lock" aria-hidden="true"></i> {% trans "Change Permissions" %}</li></a>
<a style="border-bottom: 1px solid #007bff;" onclick="return false;" ng-click="showDeleteModal()" href="#"><li class="list-group-item"><i class="fa fa-trash" aria-hidden="true"></i> {% trans "Delete" %}</li></a>
<a style="border-bottom: 1px solid #007bff;" onclick="return false;" ng-click="showCompressionModal()" href="#"><li class="list-group-item"><i class="fa fa-compress" aria-hidden="true"></i> {% trans "Compress" %}</li></a>
<a style="border-bottom: 1px solid #007bff;" id="extractOnRight" onclick="return false;" ng-click="showExtractionModal()" href="#"><li class="list-group-item"><i class="fa fa-expand" aria-hidden="true"></i> {% trans "Extract" %}</li></a>
<a style="border-bottom: 1px solid #007bff;" id="editOnRight" onclick="return false;" ng-click="showHTMLEditorModal()" href="#"><li class="list-group-item"><i class="fa fa-pencil-square-o" aria-hidden="true"></i> {% trans "Edit" %}</li></a>
</ul>
</div>

69
filemanager/views.py
View File

@@ -20,43 +20,36 @@ from plogical.acl import ACLManager
def loadFileManagerHome(request,domain):
try:
userID = request.session['userID']
admin = Administrator.objects.get(pk=userID)
if Websites.objects.filter(domain=domain).exists():
admin = Administrator.objects.get(pk=userID)
currentACL = ACLManager.loadedACL(userID)
if currentACL['admin'] == 1:
viewStatus = 1
if admin.type == 3:
viewStatus = 0
return render(request, 'filemanager/index.html', {"viewStatus": viewStatus})
if ACLManager.checkOwnership(domain, admin, currentACL) == 1:
return render(request, 'filemanager/index.html')
else:
website = Websites.objects.get(domain=domain)
if website.admin == admin:
viewStatus = 1
if admin.type == 3:
viewStatus = 0
return render(request, 'filemanager/index.html', {"viewStatus": viewStatus})
else:
return HttpResponse("Domain ownership error.")
return ACLManager.loadError()
else:
return HttpResponse("Domain does not exists.")
except KeyError:
return redirect(loadLoginPage)
def changePermissions(request):
try:
val = request.session['userID']
userID = request.session['userID']
admin = Administrator.objects.get(pk=userID)
try:
data = json.loads(request.body)
domainName = data['domainName']
currentACL = ACLManager.loadedACL(userID)
if ACLManager.checkOwnership(domainName, admin, currentACL) == 1:
pass
else:
return ACLManager.loadErrorJson('permissionsChanged', 0)
website = Websites.objects.get(domain=domainName)
externalApp = website.externalApp
@@ -99,8 +92,6 @@ def downloadFile(request):
except KeyError:
return redirect(loadLoginPage)
def createTemporaryFile(request):
try:
userID = request.session['userID']
@@ -109,32 +100,16 @@ def createTemporaryFile(request):
admin = Administrator.objects.get(pk=userID)
currentACL = ACLManager.loadedACL(userID)
if ACLManager.checkOwnership(domainName, admin, currentACL) == 1:
pass
else:
return ACLManager.loadErrorJson('createTemporaryFile', 0)
## Create file manager entry
if Websites.objects.filter(domain=domainName).exists():
currentACL = ACLManager.loadedACL(userID)
if currentACL['admin'] == 1:
execPath = "sudo python " + virtualHostUtilities.cyberPanel + "/plogical/filemanager.py"
execPath = execPath + " createTemporaryFile --domainName " + domainName
output = subprocess.check_output(shlex.split(execPath))
if output.find("0,") > -1:
data_ret = {'createTemporaryFile': 0, 'error_message': "None"}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
else:
domainRandomSeed = output.rstrip('\n')
data_ret = {'createTemporaryFile': 1, 'error_message': "None", 'domainRandomSeed':domainRandomSeed}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
else:
website = Websites.objects.get(domain=domainName)
if website.admin == admin:
execPath = "sudo python " + virtualHostUtilities.cyberPanel + "/plogical/filemanager.py"
execPath = execPath + " createTemporaryFile --domainName " + domainName
@@ -151,10 +126,6 @@ def createTemporaryFile(request):
data_ret = {'createTemporaryFile': 1, 'error_message': "None", 'domainRandomSeed': domainRandomSeed}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
else:
data_ret = {'createTemporaryFile': 0, 'error_message': "Domain ownership error."}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
except KeyError:
return redirect(loadLoginPage)

1
firewall/static/firewall/firewall.js
View File

@@ -1037,7 +1037,6 @@ app.controller('modSec', function($scope, $http, $timeout, $window) {
if(response.data.installed === 1) {
if (response.data.modsecurity === 1) {
$('#modsecurity_status').bootstrapToggle('on');
}

1
manageServices/views.py
View File

@@ -27,6 +27,7 @@ def managePowerDNS(request):
return ACLManager.loadError()
try:
return render(request, 'manageServices/managePowerDNS.html', {"status": 1})
except BaseException, msg:
logging.CyberCPLogFileWriter.writeToFile(str(msg))
return HttpResponse("See CyberCP main log file.")

1
plogical/CyberCPLogFileWriter.py
View File

@@ -11,6 +11,7 @@ class CyberCPLogFileWriter:
file.writelines("[" + time.strftime(
"%I-%M-%S-%a-%b-%Y") + "] "+ message + "\n")
file.close()
except IOError,msg:
return "Can not write to error file."

18
plogical/acl.py
View File

@@ -369,4 +369,22 @@ class ACLManager:
return domainsList
@staticmethod
def checkOwnership(domain, admin, currentACL):
domainName = Websites.objects.get(domain=domain)
if currentACL['admin'] == 1:
return 1
elif domainName.admin == admin:
return 1
else:
if domainName.admin.owner == admin.pk:
return 1
else:
return 0

362
plogical/applicationInstaller.py
View File

@@ -71,6 +71,41 @@ class ApplicationInstaller(multi.Thread):
except BaseException, msg:
logging.writeToFile( str(msg) + ' [ApplicationInstaller.installGit]')
def dbCreation(self, tempStatusPath, website):
try:
dbName = randomPassword.generate_pass()
dbUser = dbName
dbPassword = randomPassword.generate_pass()
## DB Creation
if Databases.objects.filter(dbName=dbName).exists() or Databases.objects.filter(
dbUser=dbUser).exists():
statusFile = open(tempStatusPath, 'w')
statusFile.writelines(
"This database or user is already taken." + " [404]")
statusFile.close()
return 0
result = mysqlUtilities.createDatabase(dbName, dbUser, dbPassword)
if result == 1:
pass
else:
statusFile = open(tempStatusPath, 'w')
statusFile.writelines(
"Not able to create database." + " [404]")
statusFile.close()
return 0
db = Databases(website=website, dbName=dbName, dbUser=dbUser)
db.save()
return dbName, dbUser, dbPassword
except BaseException, msg:
logging.writeToFile(str(msg) + '[ApplicationInstallerdbCreation]')
def installWordPress(self):
try:
@@ -83,6 +118,7 @@ class ApplicationInstaller(multi.Thread):
adminPassword = self.extraArgs['adminPassword']
adminEmail = self.extraArgs['adminEmail']
FNULL = open(os.devnull, 'w')
### Check WP CLI
@@ -101,31 +137,38 @@ class ApplicationInstaller(multi.Thread):
statusFile.writelines('Setting up paths,0')
statusFile.close()
finalPath = ''
try:
website = ChildDomains.objects.get(domain=domainName)
externalApp = website.master.externalApp
if admin.type != 1:
if website.master.admin != admin:
if home == '0':
path = self.extraArgs['path']
finalPath = website.path.rstrip('/') + "/" + path + "/"
else:
finalPath = website.path
if website.master.package.dataBases > website.master.databases_set.all().count():
pass
else:
statusFile = open(tempStatusPath, 'w')
statusFile.writelines("You do not own this website." + " [404]")
statusFile.writelines(
"Maximum database limit reached for this website." + " [404]")
statusFile.close()
return 0
statusFile = open(tempStatusPath, 'w')
statusFile.writelines('Setting up Database,20')
statusFile.close()
dbName, dbUser, dbPassword = self.dbCreation(tempStatusPath, website.master)
except:
website = Websites.objects.get(domain=domainName)
externalApp = website.externalApp
if admin.type != 1:
if website.admin != admin:
statusFile = open(tempStatusPath, 'w')
statusFile.writelines("You do not own this website." + " [404]")
statusFile.close()
return 0
finalPath = ""
if home == '0':
path = self.extraArgs['path']
finalPath = "/home/" + domainName + "/public_html/" + path + "/"
@@ -133,6 +176,21 @@ class ApplicationInstaller(multi.Thread):
finalPath = "/home/" + domainName + "/public_html/"
if website.package.dataBases > website.databases_set.all().count():
pass
else:
statusFile = open(tempStatusPath, 'w')
statusFile.writelines(
"Maximum database limit reached for this website." + " [404]")
statusFile.close()
return 0
statusFile = open(tempStatusPath, 'w')
statusFile.writelines('Setting up Database,20')
statusFile.close()
dbName, dbUser, dbPassword = self.dbCreation(tempStatusPath, website)
## Security Check
if finalPath.find("..") > -1:
@@ -141,8 +199,6 @@ class ApplicationInstaller(multi.Thread):
statusFile.close()
return 0
FNULL = open(os.devnull, 'w')
if not os.path.exists(finalPath):
command = 'sudo mkdir -p ' + finalPath
subprocess.call(shlex.split(command))
@@ -169,52 +225,6 @@ class ApplicationInstaller(multi.Thread):
return 0
## DB Creation
statusFile = open(tempStatusPath, 'w')
statusFile.writelines('Setting up Database,20')
statusFile.close()
dbName = randomPassword.generate_pass()
dbUser = dbName
dbPassword = randomPassword.generate_pass()
## DB Creation
if website.package.dataBases > website.databases_set.all().count():
pass
else:
statusFile = open(tempStatusPath, 'w')
statusFile.writelines(
"Maximum database limit reached for this website." + " [404]")
statusFile.close()
return 0
if Databases.objects.filter(dbName=dbName).exists() or Databases.objects.filter(
dbUser=dbUser).exists():
statusFile = open(tempStatusPath, 'w')
statusFile.writelines(
"This database or user is already taken." + " [404]")
statusFile.close()
return 0
result = mysqlUtilities.createDatabase(dbName, dbUser, dbPassword)
if result == 1:
pass
else:
statusFile = open(tempStatusPath, 'w')
statusFile.writelines(
"Not able to create database." + " [404]")
statusFile.close()
return 0
db = Databases(website=website, dbName=dbName, dbUser=dbUser)
db.save()
####
statusFile = open(tempStatusPath, 'w')
@@ -261,14 +271,10 @@ class ApplicationInstaller(multi.Thread):
##
command = "sudo chown -R " + externalApp + ":" + externalApp + " " + "/home/" + domainName + "/public_html/"
command = "sudo chown -R " + externalApp + ":" + externalApp + " " + finalPath
cmd = shlex.split(command)
res = subprocess.call(cmd, stdout=FNULL, stderr=subprocess.STDOUT)
vhost.addRewriteRules(domainName)
installUtilities.reStartLiteSpeed()
statusFile = open(tempStatusPath, 'w')
statusFile.writelines("Successfully Installed. [200]")
statusFile.close()
@@ -277,23 +283,11 @@ class ApplicationInstaller(multi.Thread):
except BaseException, msg:
# remove the downloaded files
try:
command = "sudo rm -rf " + finalPath
cmd = shlex.split(command)
res = subprocess.call(cmd, stdout=FNULL, stderr=subprocess.STDOUT)
except BaseException, msg:
logging.writeToFile(str(msg) + " [installWordPress]")
FNULL = open(os.devnull, 'w')
homeDir = "/home/" + domainName + "/public_html"
if not os.path.exists(homeDir):
FNULL = open(os.devnull, 'w')
command = 'sudo mkdir ' + homeDir
subprocess.call(shlex.split(command))
command = "sudo chown -R " + externalApp + ":" + externalApp + " " + homeDir
cmd = shlex.split(command)
@@ -325,9 +319,7 @@ class ApplicationInstaller(multi.Thread):
password = self.extraArgs['password']
tempStatusPath = self.extraArgs['tempStatusPath']
### Check WP CLI
FNULL = open(os.devnull, 'w')
## Open Status File
@@ -335,37 +327,57 @@ class ApplicationInstaller(multi.Thread):
statusFile.writelines('Setting up paths,0')
statusFile.close()
finalPath = ''
try:
website = ChildDomains.objects.get(domain=domainName)
externalApp = website.master.externalApp
if admin.type != 1:
if website.master.admin != admin:
if home == '0':
path = self.extraArgs['path']
finalPath = website.path.rstrip('/') + "/" + path + "/"
else:
finalPath = website.path + "/"
if website.master.package.dataBases > website.master.databases_set.all().count():
pass
else:
statusFile = open(tempStatusPath, 'w')
statusFile.writelines("You do not own this website." + " [404]")
statusFile.writelines(
"Maximum database limit reached for this website." + " [404]")
statusFile.close()
return 0
statusFile = open(tempStatusPath, 'w')
statusFile.writelines('Setting up Database,20')
statusFile.close()
dbName, dbUser, dbPassword = self.dbCreation(tempStatusPath, website.master)
except:
website = Websites.objects.get(domain=domainName)
externalApp = website.externalApp
if admin.type != 1:
if website.admin != admin:
statusFile = open(tempStatusPath, 'w')
statusFile.writelines("You do not own this website." + " [404]")
statusFile.close()
return 0
finalPath = ""
if home == '0':
path = self.extraArgs['path']
finalPath = "/home/" + domainName + "/public_html/" + path + "/"
else:
finalPath = "/home/" + domainName + "/public_html/"
if website.package.dataBases > website.databases_set.all().count():
pass
else:
statusFile = open(tempStatusPath, 'w')
statusFile.writelines(
"Maximum database limit reached for this website." + " [404]")
statusFile.close()
return 0
statusFile = open(tempStatusPath, 'w')
statusFile.writelines('Setting up Database,20')
statusFile.close()
dbName, dbUser, dbPassword = self.dbCreation(tempStatusPath, website)
## Security Check
@@ -375,8 +387,6 @@ class ApplicationInstaller(multi.Thread):
statusFile.close()
return 0
FNULL = open(os.devnull, 'w')
if not os.path.exists(finalPath):
command = 'sudo mkdir -p ' + finalPath
subprocess.call(shlex.split(command))
@@ -402,53 +412,6 @@ class ApplicationInstaller(multi.Thread):
statusFile.close()
return 0
## DB Creation
statusFile = open(tempStatusPath, 'w')
statusFile.writelines('Setting up Database,20')
statusFile.close()
dbName = randomPassword.generate_pass()
dbUser = dbName
dbPassword = randomPassword.generate_pass()
## DB Creation
if website.package.dataBases > website.databases_set.all().count():
pass
else:
statusFile = open(tempStatusPath, 'w')
statusFile.writelines(
"Maximum database limit reached for this website." + " [404]")
statusFile.close()
return 0
if Databases.objects.filter(dbName=dbName).exists() or Databases.objects.filter(
dbUser=dbUser).exists():
statusFile = open(tempStatusPath, 'w')
statusFile.writelines(
"This database or user is already taken." + " [404]")
statusFile.close()
return 0
result = mysqlUtilities.createDatabase(dbName, dbUser, dbPassword)
if result == 1:
pass
else:
statusFile = open(tempStatusPath, 'w')
statusFile.writelines(
"Not able to create database." + " [404]")
statusFile.close()
return 0
db = Databases(website=website, dbName=dbName, dbUser=dbUser)
db.save()
####
statusFile = open(tempStatusPath, 'w')
@@ -488,12 +451,12 @@ class ApplicationInstaller(multi.Thread):
##
command = "sudo rm -rf" + finalPath + "install"
command = "sudo rm -rf " + finalPath + "install"
subprocess.call(shlex.split(command))
##
command = "sudo chown -R " + externalApp + ":" + externalApp + " " + "/home/" + domainName + "/public_html/"
command = "sudo chown -R " + externalApp + ":" + externalApp + " " + finalPath
cmd = shlex.split(command)
res = subprocess.call(cmd, stdout=FNULL, stderr=subprocess.STDOUT)
@@ -501,10 +464,6 @@ class ApplicationInstaller(multi.Thread):
cmd = shlex.split(command)
res = subprocess.call(cmd, stdout=FNULL, stderr=subprocess.STDOUT)
vhost.addRewriteRules(domainName)
installUtilities.reStartLiteSpeed()
statusFile = open(tempStatusPath, 'w')
statusFile.writelines("Successfully Installed. [200]")
statusFile.close()
@@ -513,24 +472,10 @@ class ApplicationInstaller(multi.Thread):
except BaseException, msg:
# remove the downloaded files
try:
command = "sudo rm -rf " + finalPath
cmd = shlex.split(command)
res = subprocess.call(cmd, stdout=FNULL, stderr=subprocess.STDOUT)
except BaseException, msg:
logging.writeToFile(str(msg) + " [installWordPress]")
homeDir = "/home/" + domainName + "/public_html"
if not os.path.exists(homeDir):
FNULL = open(os.devnull, 'w')
command = 'sudo mkdir ' + homeDir
subprocess.call(shlex.split(command))
command = "sudo chown -R " + externalApp + ":" + externalApp + " " + homeDir
cmd = shlex.split(command)
res = subprocess.call(cmd, stdout=FNULL, stderr=subprocess.STDOUT)
@@ -561,9 +506,6 @@ class ApplicationInstaller(multi.Thread):
statusFile.writelines('Checking if GIT installed..,0')
statusFile.close()
finalPath = "/home/" + domainName + "/public_html/"
### Check git
try:
@@ -596,24 +538,12 @@ class ApplicationInstaller(multi.Thread):
try:
website = ChildDomains.objects.get(domain=domainName)
externalApp = website.master.externalApp
if admin.type != 1:
if website.master.admin != admin:
statusFile = open(tempStatusPath, 'w')
statusFile.writelines("You do not own this website." + " [404]")
statusFile.close()
return 0
finalPath = website.path
except:
website = Websites.objects.get(domain=domainName)
externalApp = website.externalApp
if admin.type != 1:
if website.admin != admin:
statusFile = open(tempStatusPath, 'w')
statusFile.writelines("You do not own this website." + " [404]")
statusFile.close()
return 0
finalPath = "/home/" + domainName + "/public_html/"
## Security Check
@@ -703,13 +633,20 @@ class ApplicationInstaller(multi.Thread):
try:
domain = self.extraArgs['domain']
try:
website = Websites.objects.get(domain=domain)
finalPath = "/home/" + domain + "/public_html/"
except:
childDomain = ChildDomains.objects.get(domain=domain)
finalPath = childDomain.path
path = '/home/cyberpanel/' + domain + '.git'
if not os.path.exists(path):
logging.writeToFile('Git is not setup for this website.')
return 0
command = 'sudo GIT_SSH_COMMAND="ssh -i /root/.ssh/cyberpanel -o StrictHostKeyChecking=no" git -C /home/' + domain + '/public_html/ pull'
command = 'sudo GIT_SSH_COMMAND="ssh -i /root/.ssh/cyberpanel -o StrictHostKeyChecking=no" git -C ' + finalPath + ' pull'
subprocess.check_output(shlex.split(command))
website = Websites.objects.get(domain=domain)
@@ -717,7 +654,7 @@ class ApplicationInstaller(multi.Thread):
##
command = "sudo chown -R " + externalApp + ":" + externalApp + " " + '/home/' + domain + '/public_html/'
command = "sudo chown -R " + externalApp + ":" + externalApp + " " + finalPath
cmd = shlex.split(command)
subprocess.call(cmd)
@@ -737,30 +674,28 @@ class ApplicationInstaller(multi.Thread):
website = ChildDomains.objects.get(domain=domain)
externalApp = website.master.externalApp
if admin.type != 1:
if website.master.admin != admin:
logging.writeToFile("You do not own this website, detach failed. [404]")
return 0
except:
website = Websites.objects.get(domain=domain)
externalApp = website.externalApp
if admin.type != 1:
if website.admin != admin:
logging.writeToFile("You do not own this website, detach failed. [404]")
return 0
try:
website = Websites.objects.get(domain=domain)
finalPath = "/home/" + domain + "/public_html/"
except:
childDomain = ChildDomains.objects.get(domain=domain)
finalPath = childDomain.path
command = 'sudo rm -rf /home/' + domain + '/public_html'
command = 'sudo rm -rf ' + finalPath
subprocess.check_output(shlex.split(command))
command = 'sudo mkdir /home/' + domain + '/public_html'
command = 'sudo mkdir ' + finalPath
subprocess.check_output(shlex.split(command))
##
command = "sudo chown -R " + externalApp + ":" + externalApp + " " + '/home/' + domain + '/public_html'
command = "sudo chown -R " + externalApp + ":" + externalApp + " " + finalPath
cmd = shlex.split(command)
subprocess.call(cmd)
@@ -926,10 +861,8 @@ class ApplicationInstaller(multi.Thread):
shutil.rmtree(finalPath + "installation")
command = "chown -R " + virtualHostUser + ":" + virtualHostUser + " " + "/home/" + domainName + "/public_html/"
command = "sudo chown -R " + virtualHostUser + ":" + virtualHostUser + " " + finalPath
cmd = shlex.split(command)
res = subprocess.call(cmd, stdout=FNULL, stderr=subprocess.STDOUT)
vhost.addRewriteRules(domainName)
@@ -943,20 +876,21 @@ class ApplicationInstaller(multi.Thread):
except BaseException, msg:
# remove the downloaded files
try:
shutil.rmtree(finalPath)
except:
logging.writeToFile("shutil.rmtree(finalPath)")
homeDir = "/home/" + domainName + "/public_html"
if not os.path.exists(homeDir):
FNULL = open(os.devnull, 'w')
os.mkdir(homeDir)
command = "chown -R " + virtualHostUser + ":" + virtualHostUser + " " + homeDir
command = "sudo chown -R " + virtualHostUser + ":" + virtualHostUser + " " + homeDir
cmd = shlex.split(command)
res = subprocess.call(cmd, stdout=FNULL, stderr=subprocess.STDOUT)
try:
mysqlUtilities.deleteDatabase(dbName, dbUser)
db = Databases.objects.get(dbName=dbName)
db.delete()
except:
pass
statusFile = open(tempStatusPath, 'w')
statusFile.writelines(str(msg) + " [404]")
statusFile.close()
@@ -968,24 +902,16 @@ class ApplicationInstaller(multi.Thread):
githubBranch = self.extraArgs['githubBranch']
admin = self.extraArgs['admin']
try:
website = ChildDomains.objects.get(domain=domainName)
if admin.type != 1:
if website.master.admin != admin:
logging.writeToFile("You do not own this website, failed to change branch. [404]")
return 0
except:
website = Websites.objects.get(domain=domainName)
if admin.type != 1:
if website.admin != admin:
logging.writeToFile("You do not own this website, failed to change branch. [404]")
return 0
finalPath = "/home/" + domainName + "/public_html/"
except:
childDomain = ChildDomains.objects.get(domain=domainName)
finalPath = childDomain.path
try:
command = 'sudo GIT_SSH_COMMAND="ssh -i /root/.ssh/cyberpanel -o StrictHostKeyChecking=no" git -C /home/' + domainName + '/public_html/ checkout -b' + githubBranch
command = 'sudo GIT_SSH_COMMAND="ssh -i /root/.ssh/cyberpanel -o StrictHostKeyChecking=no" git -C ' + finalPath + ' checkout -b ' + githubBranch
subprocess.check_output(shlex.split(command))
except subprocess.CalledProcessError, msg:

6
plogical/modSec.py
View File

@@ -11,7 +11,7 @@ from mailUtilities import mailUtilities
class modSec:
installLogPath = "/home/cyberpanel/modSecInstallLog"
tempRulesFile = "/home/cyberpanel/tempModSecRules"
mirrorPath = "mirror.cyberpanel.net"
mirrorPath = "cyberpanel.net"
@staticmethod
@@ -450,10 +450,6 @@ modsecurity_rules_file /usr/local/lsws/conf/modsec/owasp/rules/RESPONSE-999-EXCL
print "0," + str(msg)
def main():
parser = argparse.ArgumentParser(description='CyberPanel Installer')

271
plogical/upgrade.py
View File

@@ -12,6 +12,7 @@ import requests
import json
import time
from baseTemplate.models import version
from CyberCP import settings
class Upgrade:
logPath = "/usr/local/lscp/logs/upgradeLog"
@@ -32,7 +33,7 @@ class Upgrade:
r = requests.get(url, verify=True)
data = json.loads(r.text)
version_number = str(data['version'])
version_build = str(0)
version_build = str(data['build'])
return (version_number + "." + version_build + ".tar.gz")
except BaseException, msg:
Upgrade.stdOut(str(msg) + ' [downloadLink]')
@@ -41,6 +42,7 @@ class Upgrade:
@staticmethod
def setupVirtualEnv():
try:
Upgrade.stdOut('Setting up virtual enviroment for CyberPanel.')
##
count = 0
while (1):
@@ -114,7 +116,7 @@ class Upgrade:
Upgrade.stdOut(
"Trying to install project dependant modules, trying again, try number: " + str(count))
if count == 3:
Upgrade.InstallLog.writeToFile(
Upgrade.stdOut(
"Failed to install project dependant modules! [setupVirtualEnv]")
break
else:
@@ -124,8 +126,12 @@ class Upgrade:
command = "systemctl stop gunicorn.socket"
res = subprocess.call(shlex.split(command))
command = "virtualenv --system-site-packages /usr/local/CyberCP"
res = subprocess.call(shlex.split(command))
Upgrade.stdOut('Virtual enviroment for CyberPanel successfully installed.')
except OSError, msg:
Upgrade.stdOut(str(msg) + " [setupVirtualEnv]")
os._exit(0)
@@ -196,7 +202,6 @@ WantedBy=multi-user.target"""
Upgrade.stdOut(str(msg) + " [updateGunicornConf]")
os._exit(0)
@staticmethod
def fileManager():
## Copy File manager files
@@ -239,27 +244,16 @@ WantedBy=multi-user.target"""
@staticmethod
def setupCLI():
try:
count = 0
while (1):
command = "ln -s /usr/local/CyberCP/cli/cyberPanel.py /usr/bin/cyberpanel"
res = subprocess.call(shlex.split(command))
if res == 1:
count = count + 1
Upgrade.stdOut(
"Trying to setup CLI, trying again, try number: " + str(count))
if count == 3:
Upgrade.stdOut(
"Failed to setup CLI! [setupCLI]")
break
else:
Upgrade.stdOut("CLI setup successfull!")
break
command = "chmod +x /usr/local/CyberCP/cli/cyberPanel.py"
res = subprocess.call(shlex.split(command))
except OSError, msg:
command = "chmod +x /usr/local/CyberCP/cli/cyberPanel.py"
res = subprocess.call(shlex.split(command))
Upgrade.stdOut(str(msg) + " [setupCLI]")
return 0
@@ -313,52 +307,49 @@ WantedBy=multi-user.target"""
cwd = os.getcwd()
os.chdir('/usr/local/CyberCP')
try:
##
command = "python manage.py makemigrations loginSystem"
res = subprocess.call(shlex.split(command))
command = "echo 'CREATE TABLE `loginSystem_acl` (`id` integer AUTO_INCREMENT NOT NULL PRIMARY KEY, `name` varchar(50) NOT NULL UNIQUE, `adminStatus` integer NOT NULL, `versionManagement` integer NOT NULL, `createNewUser` integer NOT NULL, `deleteUser` integer NOT NULL, `resellerCenter` integer NOT NULL, `changeUserACL` integer NOT NULL, `createWebsite` integer NOT NULL, `modifyWebsite` integer NOT NULL, `suspendWebsite` integer NOT NULL, `deleteWebsite` integer NOT NULL, `createPackage` integer NOT NULL, `deletePackage` integer NOT NULL, `modifyPackage` integer NOT NULL, `createDatabase` integer NOT NULL, `deleteDatabase` integer NOT NULL, `listDatabases` integer NOT NULL, `createNameServer` integer NOT NULL, `createDNSZone` integer NOT NULL, `deleteZone` integer NOT NULL, `addDeleteRecords` integer NOT NULL, `createEmail` integer NOT NULL, `deleteEmail` integer NOT NULL, `emailForwarding` integer NOT NULL, `changeEmailPassword` integer NOT NULL, `dkimManager` integer NOT NULL, `createFTPAccount` integer NOT NULL, `deleteFTPAccount` integer NOT NULL, `listFTPAccounts` integer NOT NULL, `createBackup` integer NOT NULL, `restoreBackup` integer NOT NULL, `addDeleteDestinations` integer NOT NULL, `scheDuleBackups` integer NOT NULL, `remoteBackups` integer NOT NULL, `manageSSL` integer NOT NULL, `hostnameSSL` integer NOT NULL, `mailServerSSL` integer NOT NULL);' | python manage.py dbshell"
subprocess.check_output(command, shell=True)
command = "python manage.py migrate loginSystem"
res = subprocess.call(shlex.split(command))
except:
pass
command = "echo 'ALTER TABLE loginSystem_administrator ADD acl_id integer;' | python manage.py dbshell"
subprocess.call(command, shell=True)
from loginSystem.models import Administrator, ACL
command = "echo 'ALTER TABLE loginSystem_administrator ADD FOREIGN KEY (acl_id) REFERENCES loginSystem_acl(id);' | python manage.py dbshell"
subprocess.check_output(command, shell=True)
adminACL = ACL(name='admin', adminStatus=1)
adminACL.save()
dbName = settings.DATABASES['default']['NAME']
dbUser = settings.DATABASES['default']['USER']
password = settings.DATABASES['default']['PASSWORD']
host = settings.DATABASES['default']['HOST']
port = settings.DATABASES['default']['PORT']
## Reseller ACL
if len(port) == 0:
port = '3306'
resellerACL = ACL(name='reseller',
createNewUser=1,
deleteUser=1,
createWebsite=1,
resellerCenter=1,
modifyWebsite=1,
suspendWebsite=1,
deleteWebsite=1,
createPackage=1,
deletePackage=1,
modifyPackage=1,
createNameServer=1,
restoreBackup=1,
)
resellerACL.save()
passwordCMD = "use " + dbName+";insert into loginSystem_acl (id, name, adminStatus) values (1,'admin',1);"
command = 'sudo mysql --host=' + host + ' --port=' + port + ' -u ' + dbUser + ' -p' + password + ' -e "' + passwordCMD + '"'
cmd = shlex.split(command)
subprocess.call(cmd)
## User ACL
userACL = ACL(name='user')
userACL.save()
passwordCMD = "use " + dbName + ";insert into loginSystem_acl (id, name, adminStatus, createNewUser, deleteUser, createWebsite, resellerCenter, modifyWebsite, suspendWebsite, deleteWebsite, createPackage, deletePackage, modifyPackage, createNameServer, restoreBackup) values (2,'reseller',0,1,1,1,1,1,1,1,1,1,1,1,1);"
command = 'sudo mysql --host=' + host + ' --port=' + port + ' -u ' + dbUser + ' -p' + password + ' -e "' + passwordCMD + '"'
cmd = shlex.split(command)
subprocess.call(cmd)
allUsers = Administrator.objects.all()
passwordCMD = "use " + dbName + ";insert into loginSystem_acl (id, name) values (3,'user');"
command = 'sudo mysql --host=' + host + ' --port=' + port + ' -u ' + dbUser + ' -p' + password + ' -e "' + passwordCMD + '"'
cmd = shlex.split(command)
subprocess.call(cmd)
for items in allUsers:
passwordCMD = "use " + dbName + ";UPDATE loginSystem_administrator SET acl_id = 3;"
command = 'sudo mysql --host=' + host + ' --port=' + port + ' -u ' + dbUser + ' -p' + password + ' -e "' + passwordCMD + '"'
cmd = shlex.split(command)
subprocess.call(cmd)
if items.userName == 'admin':
items.acl = adminACL
else:
items.acl = userACL
passwordCMD = "use " + dbName + ";UPDATE loginSystem_administrator SET acl_id = 1 where userName = 'admin';"
command = 'sudo mysql --host=' + host + ' --port=' + port + ' -u ' + dbUser + ' -p' + password + ' -e "' + passwordCMD + '"'
cmd = shlex.split(command)
subprocess.call(cmd)
os.chdir(cwd)
@@ -367,38 +358,42 @@ WantedBy=multi-user.target"""
os._exit(0)
@staticmethod
def upgrade():
def mailServerMigrations():
try:
os.chdir('/usr/local/CyberCP')
os.chdir("/usr/local")
command = "echo 'ALTER TABLE e_forwardings DROP PRIMARY KEY;ALTER TABLE e_forwardings ADD id INT AUTO_INCREMENT PRIMARY KEY;' | python manage.py dbshell"
res = subprocess.check_output(command, shell=True)
command = "python manage.py makemigrations emailPremium"
res = subprocess.call(shlex.split(command))
## Current Version
command = "python manage.py migrate emailPremium"
res = subprocess.call(shlex.split(command))
except:
pass
Version = version.objects.get(pk=1)
@staticmethod
def enableServices():
try:
servicePath = '/home/cyberpanel/powerdns'
writeToFile = open(servicePath, 'w+')
writeToFile.close()
if Version.currentVersion == '1.7' and Version.build == 0:
Upgrade.stdOut('You can not upgrade to v1.7.1 via automatic upgrade.')
os._exit(0)
servicePath = '/home/cyberpanel/postfix'
writeToFile = open(servicePath, 'w+')
writeToFile.close()
##
servicePath = '/home/cyberpanel/pureftpd'
writeToFile = open(servicePath, 'w+')
writeToFile.close()
versionNumbring = Upgrade.downloadLink()
if os.path.exists('/usr/local/CyberPanel.' + versionNumbring):
os.remove('/usr/local/CyberPanel.' + versionNumbring)
if float(Version.currentVersion) < 1.6:
Upgrade.stdOut('Upgrades works for version 1.6 onwards.')
os._exit(0)
## RC Check
rcCheck = 1
if os.path.exists('/usr/local/CyberCP/postfixSenderPolicy'):
rcCheck = 0
except:
pass
@staticmethod
def downloadAndUpgrade(Version, versionNumbring):
try:
## Download latest version.
count = 0
@@ -421,7 +416,7 @@ WantedBy=multi-user.target"""
Upgrade.stdOut("Backing up settings file.")
shutil.copy("/usr/local/CyberCP/CyberCP/settings.py","/usr/local/settings.py")
shutil.copy("/usr/local/CyberCP/CyberCP/settings.py", "/usr/local/settings.py")
Upgrade.stdOut("Settings file backed up.")
@@ -447,7 +442,6 @@ WantedBy=multi-user.target"""
Upgrade.stdOut('Restoring settings file!')
data = open("/usr/local/settings.py", 'r').readlines()
writeToFile = open("/usr/local/CyberCP/CyberCP/settings.py", 'w')
@@ -470,13 +464,16 @@ WantedBy=multi-user.target"""
## Upgrade File Manager
Upgrade.fileManager()
except:
pass
## Install TLDExtract
count = 1
@staticmethod
def installTLDExtract():
try:
count = 0
while (1):
command = "pip install tldextract"
res = subprocess.call(shlex.split(command))
if res == 1:
@@ -485,90 +482,68 @@ WantedBy=multi-user.target"""
"Trying to install tldextract, trying again, try number: " + str(count))
if count == 3:
Upgrade.stdOut(
"Failed to install tldextract! [upgrade]")
os._exit(0)
"Failed to install tldextract! [installTLDExtract]")
else:
Upgrade.stdOut("tldextract successfully installed! [pip]")
Upgrade.stdOut("tldextract successfully installed! [pip]")
break
except OSError, msg:
Upgrade.stdOut(str(msg) + " [installTLDExtract]")
return 0
@staticmethod
def upgrade():
## Install dnspython
os.chdir("/usr/local")
#command = "pip install dnspython"
#subprocess.call(shlex.split(command))
## Current Version
Version = version.objects.get(pk=1)
## MailServer Model Changes
if Version.currentVersion == '1.6' and rcCheck :
os.chdir('/usr/local/CyberCP')
count = 1
while (1):
command = "echo 'ALTER TABLE e_forwardings DROP PRIMARY KEY;ALTER TABLE e_forwardings ADD id INT AUTO_INCREMENT PRIMARY KEY;' | python manage.py dbshell"
res = subprocess.check_output(command, shell=True)
if res == 1:
count = count + 1
Upgrade.stdOut(
"Trying to patch database for email forwarding, trying again, try number: " + str(count))
if count == 3:
Upgrade.stdOut(
"Failed to patch database for email forwarding! [upgrade]")
os._exit(0)
else:
Upgrade.stdOut("Database successfully patched for email forwarding!")
break
count = 1
while (1):
command = "python manage.py makemigrations emailPremium"
command = "systemctl stop gunicorn.socket"
res = subprocess.call(shlex.split(command))
if res == 1:
count = count + 1
Upgrade.stdOut(
"Trying to setup migration file for email limits, trying again, try number: " + str(count))
if count == 3:
Upgrade.stdOut(
"Failed to setup migration file for email limits! [upgrade]")
os._exit(0)
else:
Upgrade.stdOut("Migrations file for email limits successfully prepared!")
break
count = 1
while (1):
command = "python manage.py migrate emailPremium"
command = "systemctl stop lscpd"
res = subprocess.call(shlex.split(command))
if res == 1:
count = count + 1
Upgrade.stdOut(
"Trying to execute migration file for email limits, trying again, try number: " + str(count))
if count == 3:
Upgrade.stdOut(
"Failed to execute migration file for email limits! [upgrade]")
##
versionNumbring = Upgrade.downloadLink()
if os.path.exists('/usr/local/CyberPanel.' + versionNumbring):
os.remove('/usr/local/CyberPanel.' + versionNumbring)
if float(Version.currentVersion) < 1.6:
Upgrade.stdOut('Upgrades works for version 1.6 onwards.')
os._exit(0)
else:
Upgrade.stdOut("Migrations file for email limits successfully executed!")
break
##
Upgrade.downloadAndUpgrade(Version, versionNumbring)
##
Upgrade.installTLDExtract()
##
Upgrade.mailServerMigrations()
##
Upgrade.stdOut('Setting up virtual enviroment for CyberPanel.')
Upgrade.setupVirtualEnv()
Upgrade.stdOut('Virtual enviroment for CyberPanel successfully installed.')
if Version.currentVersion == '1.6':
Upgrade.updateGunicornConf()
command = 'systemctl restart gunicorn.socket'
subprocess.call(shlex.split(command))
##
#if Version.currentVersion == '1.7' and Version.build == 0:
# Upgrade.applyLoginSystemMigrations()
if Version.currentVersion == '1.7' and Version.build == 0:
Upgrade.applyLoginSystemMigrations()
Upgrade.enableServices()
## Upgrade OpenLiteSpeed
@@ -580,6 +555,8 @@ WantedBy=multi-user.target"""
Upgrade.upgradeVersion()
command = "systemctl start lscpd"
res = subprocess.call(shlex.split(command))
Upgrade.stdOut("Upgrade Completed.")

32
static/firewall/firewall.js
View File

@@ -985,10 +985,15 @@ app.controller('modSec', function($scope, $http, $timeout, $window) {
///// ModSec configs
var modsecurity_status = false;
var SecAuditEngine = false;
var SecRuleEngine = false;
$('#modsecurity_status').change(function() {
modsecurity_status = $(this).prop('checked');
});
$('#SecAuditEngine').change(function() {
SecAuditEngine = $(this).prop('checked');
});
@@ -1003,6 +1008,7 @@ app.controller('modSec', function($scope, $http, $timeout, $window) {
$scope.modsecLoading = false;
$('#modsecurity_status').bootstrapToggle('off');
$('#SecAuditEngine').bootstrapToggle('off');
$('#SecRuleEngine').bootstrapToggle('off');
@@ -1031,6 +1037,9 @@ app.controller('modSec', function($scope, $http, $timeout, $window) {
if(response.data.installed === 1) {
if (response.data.modsecurity === 1) {
$('#modsecurity_status').bootstrapToggle('on');
}
if (response.data.SecAuditEngine === 1) {
$('#SecAuditEngine').bootstrapToggle('on');
}
@@ -1073,12 +1082,13 @@ app.controller('modSec', function($scope, $http, $timeout, $window) {
url = "/firewall/saveModSecConfigurations";
var data = {
modsecurity_status:modsecurity_status,
SecAuditEngine:SecAuditEngine,
SecRuleEngine:SecRuleEngine,
SecDebugLogLevel:$scope.SecDebugLogLevel,
SecAuditLogParts:$scope.SecAuditLogParts,
SecAuditLogRelevantStatus:$scope.SecAuditLogRelevantStatus,
SecAuditLogType:$scope.SecAuditLogType
SecAuditLogType:$scope.SecAuditLogType,
};
var config = {
@@ -1483,6 +1493,8 @@ app.controller('modSecRulesPack', function($scope, $http, $timeout, $window) {
$scope.modsecLoading = false;
url = "/firewall/enableDisableRuleFile";
var data = {
@@ -1516,12 +1528,6 @@ app.controller('modSecRulesPack', function($scope, $http, $timeout, $window) {
$scope.installationFailed = true;
$scope.installationSuccess = false;
new PNotify({
title: 'Success!',
text: 'Changes successfully applied.',
type:'success'
});
$scope.fetchRulesFile(packName);
}else{
@@ -1534,12 +1540,6 @@ app.controller('modSecRulesPack', function($scope, $http, $timeout, $window) {
$scope.installationFailed = false;
$scope.installationSuccess = true;
new PNotify({
title: 'Error!',
text: response.data.error_message,
type:'error'
});
$scope.errorMessage = response.data.error_message;
}
@@ -1553,12 +1553,6 @@ app.controller('modSecRulesPack', function($scope, $http, $timeout, $window) {
$scope.couldNotConnect = false;
$scope.installationFailed = true;
$scope.installationSuccess = true;
new PNotify({
title: 'Error!',
text: 'Could not connect to server, please refresh this page.',
type:'error'
});
}
}

6
userManagment/views.py
View File

@@ -393,7 +393,7 @@ def createACLFunc(request):
finalResponse = { 'status': 1}
else:
finalResponse = ACLManager.loadErrorJson()
return ACLManager.loadErrorJson()
json_data = json.dumps(finalResponse)
return HttpResponse(json_data)
@@ -431,7 +431,7 @@ def deleteACLFunc(request):
else:
finalResponse = {'status': 0, 'errorMesssage' : 'This ACL is currently in used by existing users.'}
else:
finalResponse = ACLManager.loadErrorJson()
return ACLManager.loadErrorJson()
json_data = json.dumps(finalResponse)
return HttpResponse(json_data)
@@ -535,7 +535,7 @@ def fetchACLDetails(request):
finalResponse['status'] = 1
else:
finalResponse = ACLManager.loadErrorJson()
return ACLManager.loadErrorJson()
json_data = json.dumps(finalResponse)
return HttpResponse(json_data)

1
websiteFunctions/views.py
View File

@@ -1866,7 +1866,6 @@ def installWordpressStatus(request):
try:
val = request.session['userID']
admin = Administrator.objects.get(pk=val)
if request.method == 'POST':
try:
data = json.loads(request.body)