[enh] finishing the HTTPS preference code

bureau/admin/dom_edit.php

@@ -120,7 +120,6 @@ if (! empty($r['dns_result']) && $r['dns_result'] != '0') {
 <?php if ( $r["dns"] ) { ?>
   <li class="view"><a href="#tabsdom-view" onClick="update_dns_content();"><?php __("View");?></a></li> 
 <?php } //if gesdns ?>
-  <li class="ssl"><a href="#tabsdom-ssl" onClick="update_ssl_content();"><?php __("HTTPS Preferences");?></a></li> 
   <li class="delete"><a href="#tabsdom-delete"><?php __("Delete");?></a></li>
 </ul>
 
@@ -256,7 +255,15 @@ foreach ($problems as $pr => $lm) { // $problems can be empty but can't be null/
   echo "<script type='text/javascript'>$(\"tr[data-fqdn='".$pr."']\").addClass('alert-danger-tr');</script>\n";
 }
 ?>
-</div>
+
+<p>&nbsp;</p>
+<hr />
+<p>
+   <a class="inb ssl" href="dom_sslpref.php?domain=<?php ehe($domain); ?>"><?php __("HTTPS Preferences for this domain");?></a>
+</p>
+
+
+</div> <!-- tabsdom-editsub -->
 
 
 <div id="tabsdom-addsub">

bureau/admin/dom_sslpref.php

@@ -24,25 +24,13 @@
  */
 
 require_once("../class/config.php");
+require_once("head.php");
 
 $fields = array (
 	"domain"    => array ("request", "string", (empty($domain)?"":$domain) ),
 );
 getFields($fields);
 
-?>
-<p class="alert alert-info"><?php __("These parameters are for advanced user who want to choose specific certificate provider. <br />Usually you'd want to click 'edit' in front of a subdomain to choose between HTTP and HTTPS by default."); ?></p>
-<p>
-  <?php __("For each subdomain that may be available through HTTPS, please choose which certificate provider you want to use."); ?>
-<br />
-<?php __("please note that you only see a provider if you have a valid certificate for this domain"); ?>
-</p>
-
-<table class="tlist" id="dom_edit_ssl">
-<thead>
-    <tr><th><?php __("Subdomain"); ?></th><th><?php __("HTTPS Preference"); ?></th></tr>
-</thead>
-<?php
 $dom->lock();
 if (!$r=$dom->get_domain_all($domain)) {
 	$dom->unlock();
@@ -52,6 +40,47 @@ if (!$r=$dom->get_domain_all($domain)) {
 }
 $dom->unlock();
 
+$haserror=false;
+if (count($_POST)) {
+    $dom->lock();
+    // get fields from the posted form:
+    foreach($r["sub"] as $subdomain) {
+        if (isset($_POST["ssl_".$subdomain["id"]])) {
+            if (!$dom->set_subdomain_ssl_provider($subdomain["id"],$_POST["ssl_".$subdomain["id"]])) {
+                $haserror=true;
+            }
+            // errors will be shown below
+        }
+    }
+    $dom->unlock();    
+    if ($haserror) {
+        echo $msg->msg_html_all();
+    } else {
+        header("Location: dom_edit.php?domain=".eue($domain,false));
+    }
+} // post ?
+
+
+
+?>
+<h3><i class="fas fa-globe-africa"></i> <?php printf(_("Manage %s HTTPS preferences"),ehe($domain,false)); ?></h3>
+
+<p class="alert alert-info"><?php __("These parameters are for advanced user who want to choose specific certificate provider. <br />Usually you'd want to click 'edit' in front of a subdomain to choose between HTTP and HTTPS by default."); ?></p>
+<p>
+  <?php __("For each subdomain that may be available through HTTPS, please choose which certificate provider you want to use."); ?>
+<br />
+<?php __("please note that you only see a provider if you have a valid certificate for this domain"); ?>
+</p>
+
+<form action="dom_ssl.inc.php" method="post" name="main" id="main">
+    <input type="hidden" name="domain" value="<?php ehe($domain); ?>" />
+   <?php csrf_get(); ?>
+<table class="tlist" id="dom_edit_ssl">
+<thead>
+    <tr><th><?php __("Subdomain"); ?></th><th><?php __("HTTPS Preference"); ?></th></tr>
+</thead>
+<?php
+
 for($i=0;$i<$r["nsub"];$i++) {
     if (!$r["sub"][$i]["only_dns"]) {
         continue;
@@ -61,7 +90,7 @@ for($i=0;$i<$r["nsub"];$i++) {
 
     echo "<tr>";
     echo "<td>".$fqdn."</td>";
-    echo "<td><select name=\"ssl_".$r["sub"][$i]["name"]."\" id=\"ssl_".$r["sub"][$i]["name"]."\">";
+    echo "<td><select name=\"ssl_".$r["sub"][$i]["id"]."\" id=\"ssl_".$r["sub"][$i]["id"]."\">";
     echo "<option value=\"\">"._("-- no HTTPS certificate provider preference --")."</option>";
     $providers=array();
     foreach($certs as $cert) {
@@ -76,3 +105,18 @@ for($i=0;$i<$r["nsub"];$i++) {
     
 }
 
+?>
+<tr><td></td>
+<td>
+<p>
+<button type="submit" class="inb ok" name="go"><?php __("Set my HTTPS certificate preferences"); ?></button>
+<button type="button" class="inb cancel" name="cancel" onclick="document.location='dom_edit.php?domain=<?php eue($domain); ?>';"><?php __("Cancel"); ?></button>
+</p>
+</td></tr>
+</table>
+</form>
+
+
+<?php
+require_once("foot.php");
+?>

bureau/class/functions.php

@@ -634,43 +634,46 @@ function eoption($values, $cur, $onedim = false) {
 
 /**
  * Echo the HTMLSpecialChars version of a value.
+ * (or return it if display=false
  * Must be called when pre-filling fields values in forms such as : 
  * <input type="text" name="toto" value="<?php ehe($toto); ?>" />
  * Use the charset of the current language for transcription
  * 
  * @global string $charset
  * @param string $str
- * @param boolean $affiche
+ * @param boolean $display
  * @return string
  */
-function ehe($str, $affiche = TRUE) {
+function ehe($str, $display = TRUE) {
     global $charset;
-    $retour = htmlspecialchars($str, ENT_QUOTES|ENT_SUBSTITUTE, $charset);
+    $quoted = htmlspecialchars($str, ENT_QUOTES|ENT_SUBSTITUTE, $charset);
-    if ($affiche) {
+    if ($display) {
-        echo $retour;
+        echo $quoted;
     }
-    return $retour;
+    return $quoted;
 }
 
 
+
 /**
  * Echo the URLENCODED version of a value.
+ * (or return it if display=false)
  * Must be called when pre-filling fields values in URLS such as : 
  * document.location='logs_tail.php?file=<?php eue($file); ?>
  * Use the charset of the current language for transcription
  * 
  * @global string $charset
  * @param string $str
- * @param boolean $affiche
+ * @param boolean $display
  * @return string
  */
-function eue($str, $affiche = TRUE) {
+function eue($str, $display = TRUE) {
     global $charset;
-    $retour = urlencode($str);
+    $quoted = urlencode($str);
-    if ($affiche) {
+    if ($display) {
-        echo $retour;
+        echo $quoted;
     }
-    return $retour;
+    return $quoted;
 }
 
 

bureau/class/m_dom.php

@@ -1389,6 +1389,45 @@ class m_dom {
     }
 
 
+    /**
+     * set the HTTPS preference for a subdomain.
+     * @param integer the sub_domain_id (will be checked against the user ID identity)
+     * @param string the provider (if not empty, will be checked against an existing certificate for this subdomain)
+     * @return boolean true if the preference has been set
+     */
+    function set_sub_domain_ssl_provider($sub_domain_id,$provider) { 
+        global $db, $msg, $cuid, $ssl;
+        $msg->log("dom", "set_sub_domain_ssl_provider", $sub_domain_id." / ".$provider)
+        // Locked ?
+        if (!$this->islocked) {
+            $msg->raise("ERROR", "dom", _("--- Program error --- No lock on the domains!"));
+            return false;
+        }
+        $db->query("SELECT * FROM sub_domaines WHERE id=?",array($sub_domain_id));
+        if (!$db->next_record() || $db->Record["compte"]!=$cuid) {
+            $msg->raise("ERROR", "dom", _("Subdomain not found"));
+            return false;
+        }
+        $fqdn=$db->Record["sub"].(($db->Record["sub"])?".":"").$db->Record["domaine"];
+        $certs = $ssl->get_valid_certs($fqdn);
+        $provider=strtolower(trim($provider));
+        if ($provider) {
+            $found=false;
+            foreach($certs as $cert) {
+                if ($cert["provider"]==$provider) {
+                    $found=true;
+                }
+            }
+            if (!$found) {
+                $msg->raise("ERROR", "dom", _("No certificate found for this provider and this subdomain"));
+                return false;
+            }
+        }
+        $db->query("UPDATE sub_domaines SET provider=? WHERE id=?",array($provider,$sub_domain_id));
+        return true;
+    }
+
+    
     /**
      * Modifier les information du sous-domaine demandé.
      *