Changeset 6525
- Timestamp:
- 08/31/08 16:36:33 (3 months ago)
- Files:
-
- freepbx/branches/2.5/amp_conf/htdocs/admin/common/db_connect.php (modified) (1 diff)
- freepbx/branches/2.5/amp_conf/htdocs/admin/config.php (modified) (6 diffs)
- freepbx/branches/2.5/amp_conf/htdocs/admin/functions.inc.php (modified) (17 diffs)
- freepbx/branches/2.5/amp_conf/htdocs/admin/header.php (modified) (1 diff)
- freepbx/branches/2.5/amp_conf/htdocs/admin/page.modules.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
freepbx/branches/2.5/amp_conf/htdocs/admin/common/db_connect.php
r6484 r6525 72 72 // Now send or delete warning wrt to default passwords: 73 73 // 74 $nt = notifications::create($db); 74 if (!$quietmode) { 75 $nt = notifications::create($db); 75 76 76 if ($amp_conf['AMPDBPASS'] == $amp_conf_defaults['AMPDBPASS'][1]) { 77 $nt->add_warning('core', 'AMPDBPASS', _("Default SQL Password Used"), _("You are using the default SQL password that is widely known, you should set a secure password")); 78 } else { 79 $nt->delete('core', 'AMPDBPASS'); 77 if ($amp_conf['AMPDBPASS'] == $amp_conf_defaults['AMPDBPASS'][1]) { 78 $nt->add_warning('core', 'AMPDBPASS', _("Default SQL Password Used"), _("You are using the default SQL password that is widely known, you should set a secure password")); 79 } else { 80 $nt->delete('core', 'AMPDBPASS'); 81 } 82 83 // Check and increase php memory_limit if needed and if allowed on the system 84 // 85 $current_memory_limit = rtrim(ini_get('memory_limit'),'M'); 86 $proper_memory_limit = '100'; 87 if ($current_memory_limit < $proper_memory_limit) { 88 if (ini_set('memory_limit',$proper_memory_limit.'M') !== false) { 89 $nt->add_notice('core', 'MEMLIMIT', _("Memory Limit Changed"), sprintf(_("Your memory_limit, %sM, is set too low and has been increased to %sM. You may want to change this in you php.ini config file"),$current_memory_limit,$proper_memory_limit)); 90 } else { 91 $nt->add_warning('core', 'MEMERR', _("Low Memory Limit"), sprintf(_("Your memory_limit, %sM, is set too low and may cause problems. FreePBX is not able to change this on your system. You should increase this to %sM in you php.ini config file"),$current_memory_limit,$proper_memory_limit)); 92 } 93 } else { 94 $nt->delete('core', 'MEMLIMIT'); 95 } 96 97 // send error if magic_quotes_gpc is enabled on this system as much of the code base assumes not 98 // 99 if(get_magic_quotes_gpc()) { 100 $nt->add_error('core', 'MQGPC', _("Magic Quotes GPC"), _("You have magic_quotes_gpc enabled in your php.ini, http or .htaccess file which will cause errors in some modules. FreePBX expects this to be off and runs under that assumption")); 101 } else { 102 $nt->delete('core', 'MQGPC'); 103 } 80 104 } 81 82 // Check and increase php memory_limit if needed and if allowed on the system83 //84 $current_memory_limit = rtrim(ini_get('memory_limit'),'M');85 $proper_memory_limit = '100';86 if ($current_memory_limit < $proper_memory_limit) {87 if (ini_set('memory_limit',$proper_memory_limit.'M') !== false) {88 $nt->add_notice('core', 'MEMLIMIT', _("Memory Limit Changed"), sprintf(_("Your memory_limit, %sM, is set too low and has been increased to %sM. You may want to change this in you php.ini config file"),$current_memory_limit,$proper_memory_limit));89 } else {90 $nt->add_warning('core', 'MEMERR', _("Low Memory Limit"), sprintf(_("Your memory_limit, %sM, is set too low and may cause problems. FreePBX is not able to change this on your system. You should increase this to %sM in you php.ini config file"),$current_memory_limit,$proper_memory_limit));91 }92 } else {93 $nt->delete('core', 'MEMLIMIT');94 }95 96 // send error if magic_quotes_gpc is enabled on this system as much of the code base assumes not97 //98 if(get_magic_quotes_gpc()) {99 $nt->add_error('core', 'MQGPC', _("Magic Quotes GPC"), _("You have magic_quotes_gpc enabled in your php.ini, http or .htaccess file which will cause errors in some modules. FreePBX expects this to be off and runs under that assumption"));100 } else {101 $nt->delete('core', 'MQGPC');102 }freepbx/branches/2.5/amp_conf/htdocs/admin/config.php
r5773 r6525 23 23 $action = isset($_REQUEST['action'])?$_REQUEST['action']:null; 24 24 $quietmode = isset($_REQUEST['quietmode'])?$_REQUEST['quietmode']:''; 25 if (isset($_REQUEST['restrictmods'])) { 26 $restrict_mods = explode('/',$_REQUEST['restrictmods']); 27 $restrict_mods = array_flip($restrict_mods); 28 } else { 29 $restrict_mods = false; 30 } 25 31 26 32 // determine module type to show, default to 'setup' … … 96 102 } 97 103 98 99 module_run_notification_checks(); 104 if (!$quietmode) { 105 module_run_notification_checks(); 106 } 100 107 101 108 $framework_asterisk_running = checkAstMan(); … … 116 123 foreach($active_modules as $key => $module) { 117 124 //include module functions 118 if ( is_file("modules/{$key}/functions.inc.php")) {125 if ((!$restrict_mods || isset($restrict_mods[$key])) && is_file("modules/{$key}/functions.inc.php")) { 119 126 require_once("modules/{$key}/functions.inc.php"); 120 127 } … … 122 129 //create an array of module sections to display 123 130 // stored as [items][$type][$category][$name] = $displayvalue 124 if ( isset($module['items']) && is_array($module['items'])) {131 if (!$quitemode && isset($module['items']) && is_array($module['items'])) { 125 132 // loop through the types 126 133 foreach($module['items'] as $itemKey => $item) { … … 175 182 176 183 // new gui hooks 177 if( is_array($active_modules)){184 if(!$quietmode && is_array($active_modules)){ 178 185 foreach($active_modules as $key => $module) { 186 179 187 if (isset($module['items']) && is_array($module['items'])) { 180 188 foreach($module['items'] as $itemKey => $itemName) { … … 195 203 196 204 // extensions vs device/users ... this is a bad design, but hey, it works 197 if (isset($amp_conf["AMPEXTENSIONS"]) && ($amp_conf["AMPEXTENSIONS"] == "deviceanduser")) { 198 unset($fpbx_menu["extensions"]); 199 } else { 200 unset($fpbx_menu["devices"]); 201 unset($fpbx_menu["users"]); 205 if (!$quietmode) { 206 if (isset($amp_conf["AMPEXTENSIONS"]) && ($amp_conf["AMPEXTENSIONS"] == "deviceanduser")) { 207 unset($fpbx_menu["extensions"]); 208 } else { 209 unset($fpbx_menu["devices"]); 210 unset($fpbx_menu["users"]); 211 } 202 212 } 203 213 freepbx/branches/2.5/amp_conf/htdocs/admin/functions.inc.php
r6506 r6525 169 169 define("NOTIFICATION_TYPE_WARNING" , 500); 170 170 define("NOTIFICATION_TYPE_NOTICE", 600); 171 172 class modulelist { 173 var $_loaded = false; 174 var $module_array = array(); 175 var $_db; 176 177 function &create(&$db) { 178 static $obj; 179 if (!isset($obj)) { 180 $obj = new modulelist($db); 181 } 182 return $obj; 183 } 184 function modulelist(&$db) { 185 $this->_db =& $db; 186 $module_serialized = sql("SELECT `data` FROM `module_xml` WHERE `id` = 'mod_serialized'","getOne"); 187 if (isset($module_serialized) && $module_serialized) { 188 $this->module_array = (unserialize($module_serialized)); 189 $this->_loaded = true; 190 } 191 } 192 function is_loaded() { 193 return $this->_loaded; 194 } 195 function initialize(&$module_list) { 196 $this->module_array = $module_list; 197 $module_serialized = $this->_db->escapeSimple(serialize($this->module_array)); 198 sql("DELETE FROM `module_xml` WHERE `id` = 'mod_serialized'"); 199 sql("INSERT INTO `module_xml` (`id`, `time`, `data`) VALUES ('mod_serialized', '".time()."','".$module_serialized."')"); 200 $this->_loaded = true; 201 } 202 function invalidate() { 203 unset($this->module_array); 204 sql("DELETE FROM `module_xml` WHERE `id` = 'mod_serialized'"); 205 $this->_loaded = false; 206 } 207 } 208 209 171 210 172 211 class notifications { … … 921 960 global $db; 922 961 923 $sql = "SELECT username, password, extension_low, extension_high, deptname, sections FROM ampusers WHERE username = '". addslashes($username)."'";962 $sql = "SELECT username, password, extension_low, extension_high, deptname, sections FROM ampusers WHERE username = '".$db->escapeSimple($username)."'"; 924 963 $results = $db->getAll($sql); 925 964 if(DB::IsError($results)) { … … 1757 1796 function legacy_extensions_del($context,$exten) { 1758 1797 global $db; 1759 $sql = "DELETE FROM extensions WHERE context = '". addslashes($context)."' AND `extension` = '".addslashes($exten)."'";1798 $sql = "DELETE FROM extensions WHERE context = '".$db->escapeSimple($context)."' AND `extension` = '".$db->escapeSimple($exten)."'"; 1760 1799 $result = $db->query($sql); 1761 1800 if(DB::IsError($result)) { … … 1769 1808 function legacy_args_get($exten,$priority,$context) { 1770 1809 global $db; 1771 $sql = "SELECT args FROM extensions WHERE extension = '". addslashes($exten)."' AND priority = '".addslashes($priority)."' AND context = '".addslashes($context)."'";1810 $sql = "SELECT args FROM extensions WHERE extension = '".$db->escapeSimple($exten)."' AND priority = '".$db->escapeSimple($priority)."' AND context = '".$db->escapeSimple($context)."'"; 1772 1811 list($args) = $db->getRow($sql); 1773 1812 return $args; … … 2113 2152 function module_getonlinexml($module = false, $override_xml = false) { // was getModuleXml() 2114 2153 global $amp_conf; 2154 global $db; 2115 2155 2116 2156 global $module_getonlinexml_error; // okay, yeah, this sucks, but there's no other good way to do it without breaking BC … … 2123 2163 */ 2124 2164 2125 $result = sql( 'SELECT * FROM module_xml WHERE id = "xml"','getRow',DB_FETCHMODE_ASSOC);2165 $result = sql("SELECT * FROM module_xml WHERE id = 'xml'",'getRow',DB_FETCHMODE_ASSOC); 2126 2166 $data = $result['data']; 2127 2167 … … 2160 2200 // Compare the download to our current XML to see if anything changed for the notification system. 2161 2201 // 2162 $sql = 'SELECT data FROM module_xml WHERE id = "xml"';2202 $sql = "SELECT data FROM module_xml WHERE id = 'xml'"; 2163 2203 $old_xml = sql($sql, "getOne"); 2164 2204 $got_new = true; 2165 2205 // remove the old xml 2166 sql( 'DELETE FROM module_xml WHERE id = "xml"');2206 sql("DELETE FROM module_xml WHERE id = 'xml'"); 2167 2207 // update the db with the new xml 2168 $data4sql = addslashes($data);2169 sql( 'INSERT INTO module_xml (id,time,data) VALUES ("xml",'.time().',"'.$data4sql.'")');2208 $data4sql = $db->escapeSimple($data); 2209 sql("INSERT INTO module_xml (id,time,data) VALUES ('xml',".time().",'".$data4sql."')"); 2170 2210 } 2171 2211 } … … 2305 2345 * either be one value, or an array of values. 2306 2346 */ 2307 function module_getinfo($module = false, $status = false) { 2347 function module_getinfo($module = false, $status = false, $forceload = false) { 2348 2308 2349 global $amp_conf, $db; 2309 2350 $modules = array(); … … 2321 2362 $sql = 'SELECT * FROM modules WHERE modulename = "'.$module.'"'; 2322 2363 } else { 2323 // initialize list with "builtin" module 2324 $module_list = array('builtin'); 2325 2326 // read modules dir for module names 2327 $dir = opendir($amp_conf['AMPWEBROOT'].'/admin/modules'); 2328 while ($file = readdir($dir)) { 2329 if (($file != ".") && ($file != "..") && ($file != "CVS") && 2330 ($file != ".svn") && ($file != "_cache") && 2331 is_dir($amp_conf['AMPWEBROOT'].'/admin/modules/'.$file)) { 2332 $module_list[] = $file; 2333 } 2334 } 2335 2336 // read the xml for each 2337 foreach ($module_list as $file) { 2338 $xml = _module_readxml($file); 2339 if (!is_null($xml)) { 2340 $modules[$file] = $xml; 2341 // if status is anything else, it will be updated below when we read the db 2342 $modules[$file]['status'] = MODULE_STATUS_NOTINSTALLED; 2343 } 2344 } 2345 closedir($dir); 2346 2347 // query to get everything 2348 $sql = 'SELECT * FROM modules'; 2364 // create the modulelist so it is static and does not need to be recreated 2365 // in subsequent calls 2366 // 2367 $modulelist =& modulelist::create($db); 2368 if ($forceload) { 2369 $modulelist->invalidate(); 2370 } 2371 if (!$modulelist->is_loaded()) { 2372 // initialize list with "builtin" module 2373 $module_list = array('builtin'); 2374 2375 // read modules dir for module names 2376 $dir = opendir($amp_conf['AMPWEBROOT'].'/admin/modules'); 2377 while ($file = readdir($dir)) { 2378 if (($file != ".") && ($file != "..") && ($file != "CVS") && 2379 ($file != ".svn") && ($file != "_cache") && 2380 is_dir($amp_conf['AMPWEBROOT'].'/admin/modules/'.$file)) { 2381 $module_list[] = $file; 2382 } 2383 } 2384 2385 // read the xml for each 2386 foreach ($module_list as $file) { 2387 $xml = _module_readxml($file); 2388 if (!is_null($xml)) { 2389 $modules[$file] = $xml; 2390 // if status is anything else, it will be updated below when we read the db 2391 $modules[$file]['status'] = MODULE_STATUS_NOTINSTALLED; 2392 } 2393 } 2394 closedir($dir); 2395 2396 // query to get everything 2397 $sql = 'SELECT * FROM modules'; 2398 } 2349 2399 } 2350 2400 // determine details about this module from database 2351 2401 // modulename should match the directory name 2352 2402 2353 $results = $db->getAll($sql,DB_FETCHMODE_ASSOC); 2354 if(DB::IsError($results)) { 2355 die_freepbx($results->getMessage()); 2356 } 2357 2358 if (is_array($results)) { 2359 foreach($results as $row) { 2360 if (isset($modules[ $row['modulename'] ])) { 2361 if ($row['enabled'] != 0) { 2403 if ($module || !$modulelist->is_loaded()) { 2404 $results = $db->getAll($sql,DB_FETCHMODE_ASSOC); 2405 if(DB::IsError($results)) { 2406 die_freepbx($results->getMessage()); 2407 } 2408 2409 if (is_array($results)) { 2410 foreach($results as $row) { 2411 if (isset($modules[ $row['modulename'] ])) { 2412 if ($row['enabled'] != 0) { 2362 2413 2363 // check if file and registered versions are the same 2364 // version_compare returns 0 if no difference 2365 if (version_compare_freepbx($row['version'], $modules[ $row['modulename'] ]['version']) == 0) { 2366 $modules[ $row['modulename'] ]['status'] = MODULE_STATUS_ENABLED; 2414 // check if file and registered versions are the same 2415 // version_compare returns 0 if no difference 2416 if (version_compare_freepbx($row['version'], $modules[ $row['modulename'] ]['version']) == 0) { 2417 $modules[ $row['modulename'] ]['status'] = MODULE_STATUS_ENABLED; 2418 } else { 2419 $modules[ $row['modulename'] ]['status'] = MODULE_STATUS_NEEDUPGRADE; 2420 } 2421 2367 2422 } else { 2368 $modules[ $row['modulename'] ]['status'] = MODULE_STATUS_ NEEDUPGRADE;2423 $modules[ $row['modulename'] ]['status'] = MODULE_STATUS_DISABLED; 2369 2424 } 2370 2371 2425 } else { 2372 $modules[ $row['modulename'] ]['status'] = MODULE_STATUS_DISABLED; 2426 // no directory for this db entry 2427 $modules[ $row['modulename'] ]['status'] = MODULE_STATUS_BROKEN; 2373 2428 } 2374 } else { 2375 // no directory for this db entry 2376 $modules[ $row['modulename'] ]['status'] = MODULE_STATUS_BROKEN; 2377 } 2378 $modules[ $row['modulename'] ]['dbversion'] = $row['version']; 2379 } 2380 } 2381 2382 // "builtin" module is always enabled 2383 $modules['builtin']['status'] = MODULE_STATUS_ENABLED; 2384 2385 if ($status !== false) { 2429 $modules[ $row['modulename'] ]['dbversion'] = $row['version']; 2430 } 2431 } 2432 2433 // "builtin" module is always enabled 2434 $modules['builtin']['status'] = MODULE_STATUS_ENABLED; 2435 } 2436 if (!$module && !$modulelist->is_loaded()) { 2437 $modulelist->initialize($modules); 2438 } 2439 2440 if ($status === false) { 2441 if (!$module) { 2442 return $modulelist->module_array; 2443 } else { 2444 return $modules; 2445 } 2446 } else { 2447 if (!$module) { 2448 $modules = $modulelist->module_array; 2449 } 2386 2450 if (!is_array($status)) { 2387 2451 // make a one element array so we can use in_array below 2388 2452 $status = array($status); 2389 2453 } 2390 2391 2454 foreach (array_keys($modules) as $name) { 2392 2455 if (!in_array($modules[$name]['status'], $status)) { … … 2395 2458 } 2396 2459 } 2397 } 2398 2399 return $modules; 2460 return $modules; 2461 } 2400 2462 } 2401 2463 … … 2985 3047 $new_id = $results[0]; 2986 3048 $new_id ++; 2987 $sql = "INSERT INTO modules (id,modulename, version,enabled) values ('".$new_id."','". addslashes($modules[$modulename]['rawname'])."','".addslashes($modules[$modulename]['version'])."','0' );";3049 $sql = "INSERT INTO modules (id,modulename, version,enabled) values ('".$new_id."','".$db->escapeSimple($modules[$modulename]['rawname'])."','".$db->escapeSimple($modules[$modulename]['version'])."','0' );"; 2988 3050 break; 2989 3051 2990 3052 default: 2991 $sql = "INSERT INTO modules (modulename, version, enabled) values ('". addslashes($modules[$modulename]['rawname'])."','".addslashes($modules[$modulename]['version'])."', 1);";3053 $sql = "INSERT INTO modules (modulename, version, enabled) values ('".$db->escapeSimple($modules[$modulename]['rawname'])."','".$db->escapeSimple($modules[$modulename]['version'])."', 1);"; 2992 3054 break; 2993 3055 } 2994 3056 } else { 2995 3057 // just need to update the version 2996 $sql = "UPDATE modules SET version='". addslashes($modules[$modulename]['version'])."' WHERE modulename = '".addslashes($modules[$modulename]['rawname'])."'";3058 $sql = "UPDATE modules SET version='".$db->escapeSimple($modules[$modulename]['version'])."' WHERE modulename = '".$db->escapeSimple($modules[$modulename]['rawname'])."'"; 2997 3059 } 2998 3060 … … 3003 3065 } 3004 3066 3005 // module is now installed & enabled 3067 // module is now installed & enabled, invalidate the modulelist class since it is now stale 3068 $modulelist =& modulelist::create($db); 3069 $modulelist->invalidate(); 3006 3070 3007 3071 // edit the notification table to list any remaining upgrades available or clear … … 3073 3137 } 3074 3138 3075 $sql = "DELETE FROM modules WHERE modulename = '". addslashes($modulename)."'";3139 $sql = "DELETE FROM modules WHERE modulename = '".$db->escapeSimple($modulename)."'"; 3076 3140 $results = $db->query($sql); 3077 3141 if(DB::IsError($results)) { … … 3128 3192 function _module_setenabled($modulename, $enabled) { 3129 3193 global $db; 3130 $sql = 'UPDATE modules SET enabled = '.($enabled ? '1' : '0').' WHERE modulename = "'. addslashes($modulename).'"';3194 $sql = 'UPDATE modules SET enabled = '.($enabled ? '1' : '0').' WHERE modulename = "'.$db->escapeSimple($modulename).'"'; 3131 3195 $results = $db->query($sql); 3132 3196 if(DB::IsError($results)) { 3133 3197 die_freepbx($results->getMessage()); 3134 3198 } 3199 $modulelist =& modulelist::create($db); 3200 $modulelist->invalidate(); 3135 3201 } 3136 3202 … … 3237 3303 global $db; 3238 3304 3239 $sql = "SELECT version FROM modules WHERE modulename = '". addslashes($modname)."'";3305 $sql = "SELECT version FROM modules WHERE modulename = '".$db->escapeSimple($modname)."'"; 3240 3306 $results = $db->getRow($sql,DB_FETCHMODE_ASSOC); 3241 3307 if (isset($results['version'])) … … 3323 3389 */ 3324 3390 function module_get_annoucements() { 3391 global $db; 3325 3392 $firstinstall=false; 3326 3393 $type=null; … … 3341 3408 // save the hash so we remeber this is a first time install 3342 3409 // 3343 $data4sql = addslashes($installid);3344 sql( 'INSERT INTO module_xml (id,time,data) VALUES ("installid",'.time().',"'.$data4sql.'")');3345 $data4sql = addslashes($type);3346 sql( 'INSERT INTO module_xml (id,time,data) VALUES ("type",'.time().',"'.$data4sql.'")');3410 $data4sql = $db->escapeSimple($installid); 3411 sql("INSERT INTO module_xml (id,time,data) VALUES ('installid',".time().",'".$data4sql."')"); 3412 $data4sql = $db->escapeSimple($type); 3413 sql("INSERT INTO module_xml (id,time,data) VALUES ('type',".time().",'".$data4sql."')"); 3347 3414 3348 3415 // Not a first time so save the queried hash and check if there is a type set freepbx/branches/2.5/amp_conf/htdocs/admin/header.php
r5912 r6525 129 129 130 130 // default password check 131 $nt = notifications::create($db); 132 if ($amp_conf['AMPMGRPASS'] == $amp_conf_defaults['AMPMGRPASS'][1]) { 133 $nt->add_warning('core', 'AMPMGRPASS', _("Default Asterisk Manager Password Used"), _("You are using the default Asterisk Manager password that is widely known, you should set a secure password")); 134 } else { 135 $nt->delete('core', 'AMPMGRPASS'); 131 if (!$quietmode) { 132 $nt = notifications::create($db); 133 if ($amp_conf['AMPMGRPASS'] == $amp_conf_defaults['AMPMGRPASS'][1]) { 134 $nt->add_warning('core', 'AMPMGRPASS', _("Default Asterisk Manager Password Used"), _("You are using the default Asterisk Manager password that is widely known, you should set a secure password")); 135 } else { 136 $nt->delete('core', 'AMPMGRPASS'); 137 } 136 138 } 137 139 freepbx/branches/2.5/amp_conf/htdocs/admin/page.modules.php
r6341 r6525 157 157 158 158 159 $modules_local = module_getinfo( );159 $modules_local = module_getinfo(false,false,true); 160 160 161 161 if ($online) {
