Merci de revenir plus tard."; exit(); } /* */ if (ini_get("safe_mode")) { echo _("SAFE MODE IS ENABLED for the web panel ! It's a bug in your php or apache configuration, please fix it !!"); exit(); } // For people who want to authenticate with HTTP AUTH if (isset($_GET['http_auth'])) $http_auth = strval($_GET['http_auth']); if (isset($http_auth)) { if (empty($_SERVER['PHP_AUTH_USER']) || empty($_SERVER['PHP_AUTH_PW'])) { header('WWW-Authenticate: Basic realm="AlternC Authentication"'); header('HTTP/1.0 401 Unauthorized'); exit(); } } if (!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])) { // Gruiiik $_REQUEST["username"] = $_SERVER['PHP_AUTH_USER']; $_REQUEST["password"] = $_SERVER['PHP_AUTH_PW']; } // proper srand (not using time(), which is what PHP does!) list($usec, $sec) = explode(" ", microtime()); srand($usec * 1000000); $help_baseurl = "http://www.aide-alternc.org/"; /* Server Domain Name */ $host = getenv("HTTP_HOST"); /* Global variables (AlternC configuration) */ require_once(dirname(__FILE__) . "/local.php"); // Define constants from vars of /etc/alternc/local.sh // The you can't choose where is the AlternC Panel define("DEFAULT_PASS_SIZE", 8); define('ALTERNC_MAIL', "$L_ALTERNC_MAIL"); define('ALTERNC_HTML', "$L_ALTERNC_HTML"); if (isset($L_ALTERNC_LOGS_ARCHIVE)) { define('ALTERNC_LOGS_ARCHIVE', "$L_ALTERNC_LOGS_ARCHIVE"); } define('ALTERNC_LOGS', "$L_ALTERNC_LOGS"); define('ALTERNC_PANEL', "/usr/share/alternc/panel"); define('ALTERNC_LOCALES', ALTERNC_PANEL . "/locales"); define('ALTERNC_LOCK_JOBS', '/var/run/alternc/jobs-lock'); define('ALTERNC_LOCK_PANEL', '/var/lib/alternc/panel/nologin.lock'); define('ALTERNC_APACHE2_GEN_TMPL_DIR', '/etc/alternc/templates/apache2/'); define('ALTERNC_VHOST_DIR', "/var/lib/alternc/apache-vhost/"); define('ALTERNC_VHOST_FILE', ALTERNC_VHOST_DIR . "vhosts_all.conf"); define('ALTERNC_VHOST_MANUALCONF', ALTERNC_VHOST_DIR . "manual/"); /* PHPLIB inclusions : */ $root = ALTERNC_PANEL . "/"; require_once($root . "/class/db_mysql.php"); require_once($root . "/class/functions.php"); require_once($root . "/class/variables.php"); // child class of the phplib parent DB class /** * Class for MySQL management in the bureau * * This class heriting from the db class of the phplib manages * the connection to the MySQL database. */ class DB_system extends DB_Sql { var $Host = null; var $Database = null; var $User = null; var $Password = null; /** * Creator */ function DB_system() { global $L_MYSQL_HOST, $L_MYSQL_DATABASE, $L_MYSQL_LOGIN, $L_MYSQL_PWD; $this->Host = $L_MYSQL_HOST; $this->Database = $L_MYSQL_DATABASE; $this->User = $L_MYSQL_LOGIN; $this->Password = $L_MYSQL_PWD; } } $db = new DB_system(); // https: Redirection if not calling https://!fqdn or if https is forced if ((variable_get('force_https', '0', "This variable is set to 0 (default) if users can access the management desktop through HTTP, otherwise we force HTTPS")&&(!isset($_SERVER["HTTPS"])|| ($_SERVER["HTTPS"] != "on"))) ||(isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on" && $host != $L_FQDN)) { // do not redirect if access is not by HTTP(s) if (isset($_SERVER['REQUEST_URI'])) { header("Location: https://$L_FQDN".$_SERVER['REQUEST_URI']); exit; } } // Current User ID = the user whose commands are made on behalf of. $cuid = 0; $classes = array(); /* CLASSES PHP : automatic include : */ foreach (glob($root . "class/m_*.php") as $di) { if (preg_match("#${root}class/m_(.*)\\.php$#", $di, $match)) { // $ $classes[] = $match[1]; require_once($di); } } /* THE DEFAULT CLASSES ARE : dom, ftp, mail, quota, bro, admin, mem, mysql, err, variables */ // Load file for the system class. // Those class will not be build by default. // They may contain forbidden action for the panel, for example: exec, system // or files operations // We can imagine load those class only for command-line scripts. foreach (glob($root . "class/class_system_*.php") as $fcs) { if (is_readable($fcs)) require_once($fcs); } /* Language */ include_once("lang_env.php"); $mem = new m_mem(); $err = new m_err(); $authip = new m_authip(); $hooks = new m_hooks(); /* Check the User identity (if required) */ if (!defined('NOCHECK')) { if (!$mem->checkid()) { if (!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])) { header('WWW-Authenticate: Basic realm="AlternC Authentication"'); header('HTTP/1.0 401 Unauthorized'); exit(); } $error = $err->errstr(); include("$root/admin/index.php"); exit(); } } for ($i = 0; $i < count($classes); $i++) { $name2 = $classes[$i]; if (isset($$name2)) continue; // for already instancied class like mem, err or authip $name1 = "m_" . $name2; $$name2 = new $name1(); } $oldid = intval(isset($_COOKIE['oldid']) ? $_COOKIE['oldid'] : ''); $isinvited = false; if ($admin->enabled) $isinvited = true; if ($oldid && $oldid != $cuid) { $isinvited = true; } // Init some vars variable_get('hosting_tld', '', 'This is a FQDN that designates the main hostname of the service. For example, hosting_tld determines in what TLD the "free" user domain is created. If this is set to "example.com", a checkbox will appear in the user creation dialog requesting the creator if he wants to create the domain "username.example.com".', array('desc' => 'Wanted FQDN', 'type' => 'string')); variable_get('subadmin_restriction', '0', "This variable sets the way the account list works for accounts other than 'admin' (2000). 0 (default) = admin other than admin/2000 can see their own account, but not the other one 1 = admin other than admin/2000 can see any account by clicking the ''show all accounts'' link.", array('desc' => 'Shared access activated?', 'type' => 'boolean')); variable_get('auth_ip_ftp_default_yes', '1', "This variable sets if you want to allow all IP address to access FTP by default. If the user start to define some IP or subnet in the allow list, only those he defined will be allowed.", array('desc' => 'Allow by default?', 'type' => 'boolean'));