JFIFXX    $.' ",#(7),01444'9=82<.342  2!!22222222222222222222222222222222222222222222222222"4 ,PG"Z_4˷kjزZ,F+_z,© zh6٨icfu#ډb_N?wQ5-~I8TK<5oIv-k_U_~bMdӜUHh?]EwQk{_}qFW7HTՑYF?_'ϔ_Ջt=||I 6έ"D/[k9Y8ds|\Ҿp6Ҵ].6znopM[mei$[soᘨ˸ nɜG-ĨUycP3.DBli;hjx7Z^NhN3u{:jx힞#M&jL P@_ P&o89@Sz6t7#Oߋ s}YfTlmrZ)'Nk۞pw\Tȯ?8`Oi{wﭹW[r Q4F׊3m&L=h3z~#\l :F,j@ ʱwQT8"kJO6֚l}R>ډK]y&p}b;N1mr$|7>e@BTM*-iHgD) Em|ؘbҗaҾt4oG*oCNrPQ@z,|?W[0:n,jWiEW$~/hp\?{(0+Y8rΟ+>S-SVN;}s?. w9˟<Mq4Wv'{)01mBVW[8/< %wT^5b)iM pgN&ݝVO~qu9 !J27$O-! :%H ـyΠM=t{!S oK8txA& j0 vF Y|y ~6@c1vOpIg4lODL Rcj_uX63?nkWyf;^*B @~a`Eu+6L.ü>}y}_O6͐:YrGXkGl^w~㒶syIu! W XN7BVO!X2wvGRfT#t/?%8^WaTGcLMI(J1~8?aT ]ASE(*E} 2#I/׍qz^t̔bYz4xt){ OH+(EA&NXTo"XC')}Jzp ~5}^+6wcQ|LpdH}(.|kc4^"Z?ȕ a<L!039C EuCFEwç ;n?*oB8bʝ'#RqfM}7]s2tcS{\icTx;\7KPʇ Z O-~c>"?PEO8@8GQgaՎ󁶠䧘_%#r>1zaebqcPѵn#L =׀t L7`VA{C:ge@w1 Xp3c3ġpM"'-@n4fGB3DJ8[JoߐgK)ƛ$ 83+ 6ʻ SkI*KZlT _`?KQKdB`s}>`*>,*@JdoF*弝O}ks]yߘc1GV<=776qPTtXԀ!9*44Tހ3XΛex46YD  BdemDa\_l,G/֌7Y](xTt^%GE4}bTڹ;Y)BQu>J/J ⮶.XԄjݳ+Ed r5_D1 o Bx΢#<W8R6@gM. drD>(otU@x=~v2 ӣdoBd3eO6㣷ݜ66YQz`S{\P~z m5{J/L1xO\ZFu>ck#&:`$ai>2ΔloF[hlEܺΠk:)` $[69kOw\|8}ބ:񶐕IA1/=2[,!.}gN#ub ~݊}34qdELc$"[qU硬g^%B zrpJru%v\h1Yne`ǥ:gpQM~^Xi `S:V29.PV?Bk AEvw%_9CQwKekPؠ\;Io d{ ߞoc1eP\ `E=@KIRYK2NPlLɀ)&eB+ь( JTx_?EZ }@ 6U뙢طzdWIn` D噥[uV"G&Ú2g}&m?ċ"Om# {ON"SXNeysQ@FnVgdX~nj]J58up~.`r\O,ư0oS _Ml4kv\JSdxSW<AeIX$Iw:Sy›R9Q[,5;@]%u@ *rolbI  +%m:͇ZVủθau,RW33 dJeTYE.Mϧ-oj3+yy^cVO9NV\nd1 !͕_)av;թMlWR1)ElP;yوÏu 3k5Pr6<⒲l!˞*u־n!l:UNW %Chx8vL'X@*)̮ˍ D-M+JUkvK+x8cY?Ԡ~3mo|u@[XeYC\Kpx8oCC&N~3-H MXsu<`~"WL$8ξ3a)|:@m\^`@ҷ)5p+6p%i)P Mngc#0AruzRL+xSS?ʮ}()#tmˇ!0}}y$6Lt;$ʳ{^6{v6ķܰgVcnn ~zx«,2u?cE+ȘH؎%Za)X>uWTzNyosFQƤ$*&LLXL)1" LeOɟ9=:tZcŽY?ӭVwv~,Yrۗ|yGaFC.+ v1fήJ]STBn5sW}y$~z'c 8  ,! pVNSNNqy8z˱A4*'2n<s^ǧ˭PJޮɏUGLJ*#i}K%,)[z21z ?Nin1?TIR#m-1lA`fT5+ܐcq՝ʐ,3f2Uեmab#ŠdQy>\)SLYw#.ʑf ,"+w~N'cO3FN<)j&,- љ֊_zSTǦw>?nU仆Ve0$CdrP m׈eXmVu L.bֹ [Դaզ*\y8Է:Ez\0KqC b̘cөQ=0YsNS.3.Oo:#v7[#߫ 5܎LEr49nCOWlG^0k%;YߝZǓ:S#|}y,/kLd TA(AI$+I3;Y*Z}|ӧOdv..#:nf>>ȶITX 8y"dR|)0=n46ⲑ+ra ~]R̲c?6(q;5% |uj~z8R=XIV=|{vGj\gcqz؋%Mߍ1y#@f^^>N#x#۹6Y~?dfPO{P4Vu1E1J *|%JN`eWuzk M6q t[ gGvWIGu_ft5j"Y:Tɐ*; e54q$C2d} _SL#mYpO.C;cHi#֩%+) ӍƲVSYźg |tj38r|V1#;.SQA[S#`n+$$I P\[@s(EDzP])8G#0B[ىXIIq<9~[Z멜Z⊔IWU&A>P~#dp]9 "cP Md?٥Ifتuk/F9c*9Ǎ:ØFzn*@|Iށ9N3{'['ͬҲ4#}!V Fu,,mTIkv C7vB6kT91*l '~ƞFlU'M ][ΩũJ_{iIn$L jOdxkza۪#EClx˘oVɞljr)/,߬hL#^Lф,íMƁe̩NBLiLq}(q6IçJ$WE$:=#(KBzђ xlx?>Պ+>W,Ly!_DŌlQ![ SJ1ƐY}b,+Loxɓ)=yoh@꥟/Iѭ=Py9 ۍYӘe+pJnϱ?V\SO%(t =?MR[Șd/ nlB7j !;ӥ/[-A>dNsLj ,ɪv=1c.SQO3UƀܽE̻9GϷD7(}Ävӌ\y_0[w <΍>a_[0+LF.޺f>oNTq;y\bՃyjH<|q-eɏ_?_9+PHp$[uxK wMwNی'$Y2=qKBP~Yul:[<F12O5=d]Ysw:ϮEj,_QXz`H1,#II dwrP˂@ZJVy$\y{}^~[:NߌUOdؾe${p>G3cĖlʌ ת[`ϱ-WdgIig2 }s ؤ(%#sS@~3XnRG~\jc3vӍLM[JBTs3}jNʖW;7ç?=XF=-=qߚ#='c7ڑWI(O+=:uxqe2zi+kuGR0&eniT^J~\jyp'dtGsO39* b#Ɋ p[BwsT>d4ۧsnvnU_~,vƜJ1s QIz)(lv8MU=;56Gs#KMP=LvyGd}VwWBF'à ?MHUg2 !p7Qjڴ=ju JnA suMeƆҔ!)'8Ϣٔޝ(Vpצ֖d=ICJǠ{qkԭ߸i@Ku|p=..*+xz[Aqġ#s2aƊRR)*HRsi~a &fMP-KL@ZXy'x{}Zm+:)) IJ-iu ܒH'L(7yGӜq j 6ߌg1go,kرtY?W,pefOQS!K۟cҒA|սj>=⬒˧L[ ߿2JaB~Ru:Q] 0H~]7ƼI(}cq 'ήETq?fabӥvr )o-Q_'ᴎoK;Vo%~OK *bf:-ťIR`B5!RB@ï u ̯e\_U_ gES3QTaxU<~c?*#]MW,[8Oax]1bC|踤Plw5V%){t<d50iXSUm:Z┵i"1^B-PhJ&)O*DcWvM)}Pܗ-q\mmζZ-l@}aE6F@&Sg@ݚM ȹ 4#p\HdYDoH"\..RBHz_/5˘6KhJRPmƶim3,#ccoqa)*PtRmk7xDE\Y閣_X<~)c[[BP6YqS0%_;Àv~| VS؇ 'O0F0\U-d@7SJ*z3nyPOm~P3|Yʉr#CSN@ ƮRN)r"C:: #qbY. 6[2K2uǦHYRQMV G$Q+.>nNHq^ qmMVD+-#*U̒ p욳u:IBmPV@Or[b= 1UE_NmyKbNOU}the`|6֮P>\2PVIDiPO;9rmAHGWS]J*_G+kP2KaZH'KxWMZ%OYDRc+o?qGhmdSoh\D|:WUAQc yTq~^H/#pCZTI1ӏT4"ČZ}`w#*,ʹ 0i課Om*da^gJ݅{le9uF#Tֲ̲ٞC"qߍ ոޑo#XZTp@ o8(jdxw],f`~|,s^f1t|m򸄭/ctr5s79Q4H1꠲BB@l9@C+wpxu£Yc9?`@#omHs2)=2.ljg9$YS%*LRY7Z,*=䷘$armoϰUW.|rufIGwtZwo~5 YյhO+=8fF)W7L9lM̘·Y֘YLf큹pRF99.A "wz=E\Z'a 2Ǚ#;'}G*l^"q+2FQ hjkŦ${ޮ-T٭cf|3#~RJt$b(R(rdx >U b&9,>%E\ Άe$'q't*אެb-|dSBOO$R+H)܎K1m`;J2Y~9Og8=vqD`K[F)k[1m޼cn]skz$@)!I x՝"v9=ZA=`Ɠi :E)`7vI}dYI_ o:obo 3Q&D&2= Ά;>hy.*ⅥSӬ+q&j|UƧ}J0WW< ۋS)jQRjƯrN)Gű4Ѷ(S)Ǣ8iW52No˓ ۍ%5brOnL;n\G=^UdI8$&h'+(cȁ߫klS^cƗjԌEꭔgFȒ@}O*;evWVYJ\]X'5ղkFb 6Ro՜mi Ni>J?lPmU}>_Z&KKqrIDՉ~q3fL:Se>E-G{L6pe,8QIhaXaUA'ʂs+טIjP-y8ۈZ?J$WP Rs]|l(ԓsƊio(S0Y 8T97.WiLc~dxcE|2!XKƘਫ਼$((6~|d9u+qd^389Y6L.I?iIq9)O/뚅OXXVZF[یgQLK1RҖr@v#XlFНyS87kF!AsM^rkpjPDyS$Nqnxҍ!Uf!ehi2m`YI9r6 TFC}/y^Η5d'9A-J>{_l+`A['յϛ#w:݅%X}&PStQ"-\縵/$ƗhXb*yBS;Wջ_mcvt?2}1;qSdd~u:2k52R~z+|HE!)Ǟl7`0<,2*Hl-x^'_TVgZA'j ^2ΪN7t?w x1fIzC-ȖK^q;-WDvT78Z hK(P:Q- 8nZ܃e貾<1YT<,"6{/ ?͟|1:#gW>$dJdB=jf[%rE^il:BxSּ1հ,=*7 fcG#q eh?27,!7x6nLC4x},GeǝtC.vS F43zz\;QYC,6~;RYS/6|25vTimlv& nRh^ejRLGf? ۉҬܦƩ|Ȱ>3!viʯ>vオX3e_1zKȗ\qHS,EW[㺨uch⍸O}a>q6n6N6qN ! 1AQaq0@"2BRb#Pr3C`Scst$4D%Td ?Na3mCwxAmqmm$4n淿t'C"wzU=D\R+wp+YT&պ@ƃ3ޯ?AﶂaŘ@-Q=9Dռѻ@MVP܅G5fY6# ?0UQ,IX(6ڵ[DIMNލc&υj\XR|,4 jThAe^db#$]wOӪ1y%LYm뭛CUƃߜ}Cy1XνmF8jI]HۺиE@Ii;r8ӭVFՇ| &?3|xBMuSGe=Ӕ#BE5GY!z_eqр/W>|-Ci߇t1ޯќdR3ug=0 5[?#͏qcfH{ ?u=??ǯ}ZzhmΔBFTWPxs}G93 )gGR<>r h$'nchPBjJҧH -N1N?~}-q!=_2hcMlvY%UE@|vM2.Y[|y"EïKZF,ɯ?,q?vM 80jx";9vk+ ֧ ȺU?%vcVmA6Qg^MA}3nl QRNl8kkn'(M7m9وq%ޟ*h$Zk"$9: ?U8Sl,,|ɒxH(ѷGn/Q4PG%Ա8N! &7;eKM749R/%lc>x;>C:th?aKXbheᜋ^$Iհ hr7%F$EFdt5+(M6tÜUU|zW=aTsTgdqPQb'm1{|YXNb P~F^F:k6"j! Ir`1&-$Bevk:y#ywI0x=D4tUPZHڠ底taP6b>xaQ# WeFŮNjpJ* mQN*I-*ȩFg3 5Vʊɮa5FO@{NX?H]31Ri_uѕ 0 F~:60p͈SqX#a5>`o&+<2D: ڝ$nP*)N|yEjF5ټeihyZ >kbHavh-#!Po=@k̆IEN@}Ll?jO߭ʞQ|A07xwt!xfI2?Z<ץTcUj]陎Ltl }5ϓ$,Omˊ;@OjEj(ا,LXLOЦ90O .anA7j4 W_ٓzWjcBy՗+EM)dNg6y1_xp$Lv:9"zpʙ$^JԼ*ϭo=xLj6Ju82AH3$ٕ@=Vv]'qEz;I˼)=ɯx /W(Vp$ mu񶤑OqˎTr㠚xsrGCbypG1ߠw e8$⿄/M{*}W]˷.CK\ުx/$WPwr |i&}{X >$-l?-zglΆ(FhvS*b߲ڡn,|)mrH[a3ר[13o_U3TC$(=)0kgP u^=4 WYCҸ:vQרXàtkm,t*^,}D* "(I9R>``[~Q]#afi6l86:,ssN6j"A4IuQ6E,GnHzSHOuk5$I4ؤQ9@CwpBGv[]uOv0I4\yQѸ~>Z8Taqޣ;za/SI:ܫ_|>=Z8:SUIJ"IY8%b8H:QO6;7ISJҌAά3>cE+&jf$eC+z;V rʺmyeaQf&6ND.:NTvm<- uǝ\MvZYNNT-A>jr!SnO 13Ns%3D@`ܟ 1^c< aɽ̲Xë#w|ycW=9I*H8p^(4՗karOcWtO\ƍR8'KIQ?5>[}yUײ -h=% qThG2)"ו3]!kB*pFDlA,eEiHfPs5H:Փ~H0DتDIhF3c2E9H5zԑʚiX=:mxghd(v׊9iSOd@0ڽ:p5h-t&Xqӕ,ie|7A2O%PEhtjY1wЃ!  ࢽMy7\a@ţJ 4ȻF@o̒?4wx)]P~u57X 9^ܩU;Iꭆ 5 eK27({|Y׎ V\"Z1 Z}(Ǝ"1S_vE30>p; ΝD%xW?W?vo^Vidr[/&>~`9Why;R ;;ɮT?r$g1KACcKl:'3 cﳯ*"t8~l)m+U,z`(>yJ?h>]vЍG*{`;y]IT ;cNUfo¾h/$|NS1S"HVT4uhǜ]v;5͠x'C\SBplh}N ABx%ޭl/Twʽ]D=Kžr㻠l4SO?=k M: cCa#ha)ѐxcsgPiG{+xQI= zԫ+ 8"kñj=|c yCF/*9жh{ ?4o kmQNx;Y4膚aw?6>e]Qr:g,i"ԩA*M7qB?ӕFhV25r[7 Y }LR}*sg+xr2U=*'WSZDW]WǞ<叓{$9Ou4y90-1'*D`c^o?(9uݐ'PI& fJݮ:wSjfP1F:X H9dԯ˝[_54 }*;@ܨ ðynT?ןd#4rGͨH1|-#MrS3G3).᧏3vz֑r$G"`j 1tx0<ƆWh6y6,œGagAyb)hDß_mü gG;evݝnQ C-*oyaMI><]obD":GA-\%LT8c)+y76oQ#*{(F⽕y=rW\p۩cA^e6KʐcVf5$'->ՉN"F"UQ@fGb~#&M=8טJNu9D[̤so~ G9TtW^g5y$bY'سǴ=U-2 #MCt(i lj@Q 5̣i*OsxKf}\M{EV{υƇ);HIfeLȣr2>WIȂ6ik 5YOxȺ>Yf5'|H+98pjn.OyjY~iw'l;s2Y:'lgꥴ)o#'SaaKZ m}`169n"xI *+ }FP"l45'ZgE8?[X7(.Q-*ތL@̲v.5[=t\+CNܛ,gSQnH}*FG16&:t4ُ"Ạ$b |#rsaT ]ӽDP7ո0y)e$ٕvIh'QEAm*HRI=: 4牢) %_iNݧl] NtGHL ɱg<1V,J~ٹ"KQ 9HS9?@kr;we݁]I!{ @G["`J:n]{cAEVʆ#U96j#Ym\qe4hB7Cdv\MNgmAyQL4uLjj9#44tl^}LnR!t±]rh6ٍ>yҏNfU  Fm@8}/ujb9he:AyծwGpΧh5l}3p468)Udc;Us/֔YX1O2uqs`hwgr~{ RmhN؎*q 42*th>#E#HvOq}6e\,Wk#Xb>p}դ3T5†6[@Py*n|'f֧>lư΂̺SU'*qp_SM 'c6m ySʨ;MrƋmKxo,GmPAG:iw9}M(^V$ǒѽ9| aJSQarB;}ٻ֢2%Uc#gNaݕ'v[OY'3L3;,p]@S{lsX'cjwk'a.}}& dP*bK=ɍ!;3ngΊUߴmt'*{,=SzfD Ako~Gaoq_mi}#mPXhύmxǍ΂巿zfQc|kc?WY$_Lvl߶c`?ljݲˏ!V6UЂ(A4y)HpZ_x>eR$/`^'3qˏ-&Q=?CFVR DfV9{8gnh(P"6[D< E~0<@`G6Hгcc cK.5DdB`?XQ2ٿyqo&+1^ DW0ꊩG#QnL3c/x 11[yxპCWCcUĨ80me4.{muI=f0QRls9f9~fǨa"@8ȁQ#cicG$Gr/$W(WV"m7[mAmboD j۳ l^kh׽ # iXnveTka^Y4BNĕ0 !01@Q"2AaPq3BR?@4QT3,㺠W[=JKϞ2r^7vc:9 EߴwS#dIxu:Hp9E! V 2;73|F9Y*ʬFDu&y؟^EAA(ɩ^GV:ݜDy`Jr29ܾ㝉[E;FzxYGUeYC v-txIsםĘqEb+P\ :>iC';k|zرny]#ǿbQw(r|ӹs[D2v-%@;8<a[\o[ϧwI!*0krs)[J9^ʜp1) "/_>o<1AEy^C`x1'ܣnps`lfQ):lb>MejH^?kl3(z:1ŠK&?Q~{ٺhy/[V|6}KbXmn[-75q94dmc^h X5G-}دBޟ |rtMV+]c?-#ڛ^ǂ}LkrOu>-Dry D?:ޞUǜ7V?瓮"#rչģVR;n/_ ؉vݶe5db9/O009G5nWJpA*r9>1.[tsFnQ V 77R]ɫ8_0<՜IFu(v4Fk3E)N:yڮeP`1}$WSJSQNjٺ޵#lј(5=5lǏmoWv-1v,Wmn߀$x_DȬ0¤#QR[Vkzmw"9ZG7'[=Qj8R?zf\a=OU*oBA|G254 p.w7  &ξxGHp B%$gtЏ򤵍zHNuЯ-'40;_3 !01"@AQa2Pq#3BR?ʩcaen^8F<7;EA{EÖ1U/#d1an.1ě0ʾRh|RAo3m3 % 28Q yφHTo7lW>#i`qca m,B-j݋'mR1Ήt>Vps0IbIC.1Rea]H64B>o]($Bma!=?B KǾ+Ծ"nK*+[T#{EJSQs5:U\wĐf3܆&)IԆwE TlrTf6Q|Rh:[K zc֧GC%\_a84HcObiؖV7H )*ģK~Xhչ04?0 E<}3#u? |gS6ꊤ|I#Hڛ աwX97Ŀ%SLy6č|Fa 8b$sקhb9RAu7˨pČ_\*w묦F 4D~f|("mNKiS>$d7SlA/²SL|6N}S˯g]6; #. 403WebShell
403Webshell
Server IP : 173.199.190.172  /  Your IP : 216.73.216.167
Web Server : Apache
System : Linux chs1.nescrow.com.ng 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64
User : oysipaoygov ( 1026)
PHP Version : 5.6.40
Disable Function : exec,passthru,shell_exec,system
MySQL : ON  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : ON
Directory :  /proc/self/root/usr/src/cmc/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /proc/self/root/usr/src/cmc/cmc.cgi
#!/usr/local/cpanel/3rdparty/bin/perl
#WHMADDON:addonupdates:ConfigServer ModSec Control
#ACLS:configserver
###############################################################################
# Copyright 2006-2019, Way to the Web Limited
# URL: http://www.configserver.com
# Email: sales@waytotheweb.com
###############################################################################
## no critic (RequireUseWarnings, ProhibitExplicitReturnUndef, ProhibitMixedBooleanOperators, RequireBriefOpen)
use strict;
use CGI::Carp qw(fatalsToBrowser);

use File::Basename;
use File::Path;
use File::Copy;
use File::Find;
use Fcntl qw(:DEFAULT :flock);
use IPC::Open3;

use lib '/usr/local/cpanel';
require Cpanel::Form;
require Cpanel::Config;
require Cpanel::Version::Tiny;
require Whostmgr::ACLS;
require Cpanel::Rlimit;
require Cpanel::Template;
###############################################################################
# start main

our ($images, $myv, $script, $versionfile, %FORM, $downloadserver);

%FORM = Cpanel::Form::parseform();

Whostmgr::ACLS::init_acls();
if (!Whostmgr::ACLS::hasroot()) {
	print "Content-type: text/html\r\n\r\n";
	print "You do not have access to ConfigServer ModSecurity Control.\n";
	exit();
}

Cpanel::Rlimit::set_rlimit_to_infinity();

$script = "cmc.cgi";
$images = "cmc";
$versionfile = "/usr/local/cpanel/whostmgr/docroot/cgi/configserver/cmc/cmcversion.txt";
local $| = 1;

$downloadserver = &getdownloadserver;

my $thisapp = "cmc";
my $reregister;
my $modalstyle;
if ($Cpanel::Version::Tiny::major_version >= 65) {
	if (-e "/usr/local/cpanel/whostmgr/docroot/cgi/configserver/${thisapp}/${thisapp}.conf") {
		sysopen (my $CONF, "/usr/local/cpanel/whostmgr/docroot/cgi/configserver/${thisapp}/${thisapp}.conf", O_RDWR | O_CREAT);
		flock ($CONF, LOCK_EX);
		my @confdata = <$CONF>;
		chomp @confdata;
		for (0..scalar(@confdata)) {
			if ($confdata[$_] =~ /^target=mainFrame/) {
				$confdata[$_] = "target=_self";
				$reregister = 1;
			}
		}
		if ($reregister) {
			seek ($CONF, 0, 0);
			truncate ($CONF, 0);
			foreach (@confdata) {
				print $CONF "$_\n";
			}
			&printcmd("/usr/local/cpanel/bin/register_appconfig","/usr/local/cpanel/whostmgr/docroot/cgi/configserver/${thisapp}/${thisapp}.conf");
			$reregister = "<div class='bs-callout bs-callout-info'><h4>Updated application. The next time you login to WHM this will open within the native WHM main window instead of launching a separate window</h4></div>\n";
		}
		close ($CONF);
	}
}

print "Content-type: text/html\r\n\r\n";
#if ($Cpanel::Version::Tiny::major_version < 65) {$modalstyle = "style='top:120px'"}

our (@files);
open (my $IN, "<", $versionfile) or die $!;
flock ($IN, LOCK_SH);
$myv = <$IN>;
close ($IN);
chomp $myv;

my $bootstrapcss = "<link rel='stylesheet' href='$images/bootstrap/css/bootstrap.min.css'>";
my $jqueryjs = "<script src='$images/jquery.min.js'></script>";
my $bootstrapjs = "<script src='$images/bootstrap/js/bootstrap.min.js'></script>";

my $templatehtml;
my $SCRIPTOUT;
unless ($FORM{action} eq "help") {
	open ($SCRIPTOUT, '>', \$templatehtml);
	select $SCRIPTOUT;

	print <<EOF;
	<!-- $bootstrapcss -->
	<link href='$images/configserver.css' rel='stylesheet' type='text/css'>
	$jqueryjs
	$bootstrapjs
EOF
} else {
	print <<EOF;
<!doctype html>
<html lang='en'>
<head>
	$bootstrapcss
	<link href='$images/configserver.css' rel='stylesheet' type='text/css'>
	$jqueryjs
	$bootstrapjs
</head>
<body>
<div class='container-fluid'>
EOF
}

print <<EOF;
<div id="loader"></div><br />
<div class='panel panel-default'>
<h4><img src='$images/cmc.png' style='padding-left: 10px'> ConfigServer ModSecurity Control - cmc v$myv</h4></div>
EOF
if ($reregister ne "") {print $reregister}

print "<div class='bs-callout bs-callout-warning'><h4>This script creates and rewrites modsec2.whitelist.conf and userdata modsec.conf files</h4>\n";
print "<p>Do not use cmc if you have made manual modifications to these files as they will be removed by cmc</p></div>\n";

my $is_ea4 = 0;
my $apachepath = "/usr/local/apache/conf";
my $modsecpath = "/usr/local/apache/conf";
my $apachebin = "/usr/local/apache/bin/httpd";
my $apachectl = "/usr/local/apache/bin/apachectl";
my $apachelogs = "/usr/local/apache/logs";
if (-e "/usr/local/cpanel/version" and -e "/etc/cpanel/ea4/is_ea4" and -e "/etc/cpanel/ea4/paths.conf") {
	$is_ea4 = 1;
	$apachepath = "/etc/apache2/conf.d";
	$apachebin = "/usr/sbin/httpd";
	$apachectl = "/usr/sbin/apachectl";
	$apachelogs = "/etc/apache2/logs";
	open (my $IN, "<", "/etc/cpanel/ea4/paths.conf");
	flock ($IN, LOCK_SH);
	my @file = <$IN>;
	close ($IN);
	chomp @file;
	foreach my $line (@file) {
		if ($line =~ /^(\s|\#|$)/) {next}
		if ($line !~ /=/) {next}
		my ($name,$value) = split (/=/,$line,2);
		$value =~ s/^\s+//g;
		$value =~ s/\s+$//g;
		if ($name eq "dir_conf") {$apachepath = $value}
		if ($name eq "bin_httpd") {$apachebin = $value}
		if ($name eq "bin_apachectl") {$apachectl = $value}
		if ($name eq "dir_logs") {$apachelogs = $value}
	}
	$modsecpath = $apachepath."/modsec";
}

my $httpv = "2";
my $mypid;
my ($childin, $childout);
$mypid = open3($childin, $childout, $childout, "$apachebin","-v");
my @version = <$childout>;
waitpid ($mypid, 0);
chomp @version;
$version[0] =~ /Apache\/(\d+)\.(\d+)\.(\d+)/;
my $mas = $1;
my $maj = $2;
my $min = $3;
$httpv = "$mas.$maj";

my $stdpath = "$apachepath/userdata/std/2";
my $sslpath = "$apachepath/userdata/ssl/2";
my $oldstdpath;
my $oldsslpath;
if ($httpv eq "2.2") {
	$oldstdpath = $stdpath;
	$oldsslpath = $sslpath;
	$stdpath = "$apachepath/userdata/std/2_2";
	$sslpath = "$apachepath/userdata/ssl/2_2";
}
if ($httpv eq "2.4") {
	$oldstdpath = $stdpath;
	$oldsslpath = $sslpath;
	$stdpath = "$apachepath/userdata/std/2_4";
	$sslpath = "$apachepath/userdata/ssl/2_4";
}

my $truefile;
if ($FORM{template} ne "") {
	my ($tfile, $tdir) = fileparse("$apachepath/$FORM{template}");
	$truefile = "$tdir$tfile";
}

if (($FORM{template} ne "") and ($truefile !~ m[^$apachepath/])) {
	print "[$FORM{template}] is not a valid file";
}
elsif (($FORM{domain} ne "") and ($FORM{domain} !~ /^[a-zA-Z0-9\-\_\.]+$/)) {
	print "[$FORM{domain}] is not a valid domain";
}
elsif (($FORM{user} ne "") and ($FORM{user} !~ /^[a-zA-Z0-9\-\_\.\@\%\+]+$/)) {
	print "[$FORM{user}] is not a valid user";
}
elsif ($FORM{action} eq "upgrade") {
	print "Retrieving new cmc package...\n";
	print "<pre style='white-space:pre-wrap;'>";
	&printcmd("rm -Rfv /usr/src/cmc* ; cd /usr/src ; wget -q https://$downloadserver/cmc.tgz 2>&1");
	print "</pre>";
	if (! -z "/usr/src/cmc.tgz") {
		print "Unpacking new cmc package...\n";
		print "<pre style='white-space:pre-wrap;'>";
		&printcmd("cd /usr/src ; tar -xzf cmc.tgz ; cd cmc ; sh install.sh 2>&1");
		print "</pre>";
		print "Tidying up...\n";
		print "<pre style='white-space:pre-wrap;'>";
		&printcmd("rm -Rfv /usr/src/cmc*");
		print "</pre>";
		print "...All done.\n";
	}

	open (my $IN, "<",$versionfile) or die $!;
	flock ($IN, LOCK_SH);
	$myv = <$IN>;
	close ($IN);
	chomp $myv;

	print "<hr><p><form action='$script' method='post'><input type='submit' class='btn btn-default' value='Return'></form></p>\n";
}
elsif ($FORM{action} eq "ms_list") {
	&modsec;
}
elsif ($FORM{action} eq "ms_config") {
	sysopen (my $IN, "$apachepath/$FORM{template}", O_RDWR | O_CREAT);
	flock ($IN, LOCK_SH);
	my @confdata = <$IN>;
	close ($IN);
	chomp @confdata;

	print "<form action='$script' method='post'>\n";
	print "<input type='hidden' name='action' value='savems_config'>\n";
	print "<input type='hidden' name='template' value='$FORM{template}'>\n";
	print "<fieldset><legend><b>Edit $FORM{template}</b></legend>\n";
	print "<table class='table table-bordered table-striped'>\n";
	print "<tr><td><textarea style='width:100%;' name='formdata' cols='80' rows='40' wrap='off'>\n";
	foreach my $line (@confdata) {
		$line =~ s/\&/\&amp\;/g;
		$line =~ s/>/\&gt\;/g;
		$line =~ s/</\&lt\;/g;
		print $line."\n";
	}
	print "</textarea></td></tr></table></fieldset>\n";
	print "<p class='text-center'><input type='submit' class='btn btn-default' value='Change'></p>\n";
	print "</form>\n";
	print "<hr><p><form action='$script' method='post'><input type='submit' class='btn btn-default' value='Return'></form></p>\n";
}
elsif ($FORM{action} eq "savems_config") {
	$FORM{formdata} =~ s/\r//g;
	sysopen (my $OUT, "$apachepath/$FORM{template}", O_WRONLY | O_CREAT);
	flock ($OUT, LOCK_EX);
	seek ($OUT, 0, 0);
	truncate ($OUT, 0);
	if ($FORM{formdata} !~ /\n$/) {$FORM{formdata} .= "\n"}
	print $OUT $FORM{formdata};
	close ($OUT);

	print "<table class='table table-bordered table-striped'>\n";
	print "<thead><tr><th  style='text-align:left'>ModSecurity save $FORM{template}</th></tr></thead>";
	print "<tr><td>Rebuilding and restarting Apache:<br>";
	print "<pre style='white-space:pre-wrap;'>";
	&printcmd("/usr/local/cpanel/bin/build_apache_conf");
	&printcmd("$apachectl","graceful");
	print "\n..Done</pre>";
	print "</td></tr>\n";
	print "</table>\n";
	print "<hr><p><form action='$script' method='post'><input type='submit' class='btn btn-default' value='Return'></form></p>\n";
}
elsif ($FORM{action} eq "Modify user whitelist") {
	if ($FORM{user}) {
		my %ids;
		my $off = 0;
		if (-d "$stdpath/$FORM{user}/") {
			if (-e "$stdpath/$FORM{user}/modsec.conf") {
				open (my $FH, "<", "$stdpath/$FORM{user}/modsec.conf");
				flock ($FH, LOCK_SH);
				my @data = <$FH>;
				close ($FH);
				chomp @data;
				foreach my $line (@data) {
					if ($line =~ /SecRuleRemoveById\s+(\d*)/) {$ids{$1} = 1}
					if ($line =~ /SecRuleEngine\s+Off/) {$off = 1}
				}
			}
		} else {
			mkpath("$stdpath/$FORM{user}");
		}
		unless (-d "$sslpath/$FORM{user}") {mkpath("$sslpath/$FORM{user}")}
		my @domains;
		open (my $IN, "<","/var/cpanel/users/$FORM{user}");
		flock ($IN, LOCK_SH);
		my @userdata = <$IN>;
		close ($IN);
		chomp @userdata;
		foreach my $line (@userdata) {
			if ($line =~ /^DNS(\d*)=(.*)$/) {
				my $domain = $2;
				$domain =~ s/\s//g;
				push @domains,$domain;
				unless (-d "$stdpath/$FORM{user}/$domain") {
					mkdir ("$stdpath/$FORM{user}/$domain");
				}
				unless (-d "$sslpath/$FORM{user}/$domain") {
					mkdir ("$sslpath/$FORM{user}/$domain");
				}
			}
		}
		@domains = sort @domains;

		if ($off) {
			print "<table class='table table-bordered table-striped'>\n";
			print "<thead><tr><th colspan='2'>ModSecurity whitelist for $FORM{user}</th></tr></thead>";
			print "<tr><form action='$script' method='post'><td><input type='hidden' name='action' value='onoff'><input type='hidden' name='user' value='$FORM{user}'><input type='radio' name='choose' checked value='0'>Off <input type='radio' name='choose' value='1'>On</td><td width='100%'><p>You can completely disable ModSecurity for all domains owned by this user by setting this to Off and clicking the <i>Select</i> button:</p><p><input type='submit' class='btn btn-default' value='Select'></td></form></tr>\n";
			print "</table>\n";
		} else {
			print "<table class='table table-bordered table-striped'>\n";
			print "<thead><tr><th colspan='2'>ModSecurity whitelist for $FORM{user}</th></tr></thead>";
			print "<tr><form action='$script' method='post'><td><input type='hidden' name='action' value='onoff'><input type='hidden' name='user' value='$FORM{user}'><input type='radio' name='choose' value='0'>Off <input type='radio' name='choose' value='1' checked>On</td><td width='100%'><p>You can completely disable ModSecurity for all domains owned by this user by setting this to Off and clicking the <i>Select</i> button:</p><p><input type='submit' class='btn btn-default' value='Select'></td></form></tr>\n";
			print "<tr><form action='$script' method='post'><td><input type='hidden' name='action' value='thisuser'><input type='hidden' name='user' value='$FORM{user}'>ModSecurity rule ID list:<br /><textarea style='width:100%;' name='ids' rows='10' cols='10'>";
			foreach my $id (sort keys %ids) {print "$id\n"}
			print "</textarea></td><td width='100%'><p>You can add ModSecurity rule ID numbers that you want to be disabled for all domains owned by this user.</p><p>You should place one ID number per line. When you have clicked the <i>Save whitelist for all $FORM{user} domains</i> button: the relevant lines will be added to:</p><p>$stdpath/$FORM{user}/modsec.conf<br>$sslpath/$FORM{user}/modsec.conf</p><p>Then httpd.conf will be rebuilt and apache will be gracefully restarted.</p><p><input type='submit' class='btn btn-default' value='Save whitelist for all $FORM{user} domains'></td></form></tr>\n";
			print "<tr><form action='$script' method='post'><td><input type='hidden' name='action' value='domain'><input type='hidden' name='user' value='$FORM{user}'><select name='domain' size='10'>";
			foreach my $domain (@domains) {print "<option>$domain</option>\n"}
			print "</select></td><td width='100%'><p>Alternatively, you can disable rules on a per domain basis by selecting a domain and then clicking:</p><p><input type='submit' class='btn btn-default' value='Modify domain whitelist'></td></form></tr>\n";
			print "</table>\n";
		}
	} else {
		print "<p>No user selected<p>\n";
	}
	print "<hr><p><form action='$script' method='post'><input type='submit' class='btn btn-default' value='Return'></form></p>\n";
}
elsif ($FORM{action} eq "onoff") {
	&onoff("$stdpath/$FORM{user}/modsec.conf");
	&onoff("$sslpath/$FORM{user}/modsec.conf");

	print "<table class='table table-bordered table-striped'>\n";
	print "<thead><tr><th  style='text-align:left'>ModSecurity whitelist for $FORM{user}: ";
	if ($FORM{choose}) {
		print "On";
	} else {
		print "Off";
	}
	print "</th></tr></thead>";
	print "<tr><td>Rebuilding and restarting Apache:<br>";
	print "<pre style='white-space:pre-wrap;'>";
	&printcmd("/usr/local/cpanel/bin/build_apache_conf");
	&printcmd("$apachectl","graceful");
	print "\n..Done</pre>";
	print "</td></tr>\n";
	print "<tr><form action='$script' method='post'><td><input type='hidden' name='action' value='Modify user whitelist'><input type='hidden' name='user' value='$FORM{user}'><input type='submit' class='btn btn-default' value='Go back'></td></form></tr>\n";
	print "</table>\n";
	print "<hr><p><form action='$script' method='post'><input type='submit' class='btn btn-default' value='Return'></form></p>\n";
}
elsif ($FORM{action} eq "thisuser") {
	&ids("$stdpath/$FORM{user}/modsec.conf");
	&ids("$sslpath/$FORM{user}/modsec.conf");

	print "<table class='table table-bordered table-striped'>\n";
	print "<thead><tr><th  style='text-align:left'>ModSecurity whitelist for $FORM{user} saved";
	print "</th></tr></thead>";
	print "<tr><td>Rebuilding and restarting Apache:<br>";
	print "<pre style='white-space:pre-wrap;'>";
	&printcmd("/usr/local/cpanel/bin/build_apache_conf");
	&printcmd("$apachectl","graceful");
	print "\n..Done</pre>";
	print "</td></tr>\n";
	print "<tr><form action='$script' method='post'><td><input type='hidden' name='action' value='Modify user whitelist'><input type='hidden' name='user' value='$FORM{user}'><input type='submit' class='btn btn-default' value='Go back'></td></form></tr>\n";
	print "</table>\n";
	print "<hr><p><form action='$script' method='post'><input type='submit' class='btn btn-default' value='Return'></form></p>\n";
}
elsif ($FORM{action} eq "domain") {
	if ($FORM{user} and $FORM{domain}) {
		my %ids;
		my $off = 0;
		if (-d "$stdpath/$FORM{user}/$FORM{domain}/") {
			if (-e "$stdpath/$FORM{user}/$FORM{domain}/modsec.conf") {
				open (my $FH, "<", "$stdpath/$FORM{user}/$FORM{domain}/modsec.conf");
				flock ($FH, LOCK_SH);
				my @data = <$FH>;
				close ($FH);
				chomp @data;
				foreach my $line (@data) {
					if ($line =~ /SecRuleRemoveById\s+(\d*)/) {$ids{$1} = 1}
					if ($line =~ /SecRuleEngine\s+Off/) {$off = 1}
				}
			}
		}
		if ($off) {
			print "<table class='table table-bordered table-striped'>\n";
			print "<thead><tr><th colspan='2'>ModSecurity whitelist for $FORM{domain}</th></tr></thead>";
			print "<tr><form action='$script' method='post'><td><input type='hidden' name='action' value='donoff'><input type='hidden' name='domain' value='$FORM{domain}'><input type='hidden' name='user' value='$FORM{user}'><input type='radio' name='choose' value='0' checked>Off <input type='radio' name='choose' value='1'>On</td><td width='100%'><p>You can completely disable ModSecurity on this domain by setting this to Off and clicking the <i>Select</i> button:</p><p><input type='submit' class='btn btn-default' value='Select'></td></form></tr>\n";
			print "<tr><form action='$script' method='post'><td colspan='2'><input type='hidden' name='action' value='Modify user whitelist'><input type='hidden' name='user' value='$FORM{user}'><input type='submit' class='btn btn-default' value='Go back'></td></form></tr>\n";
			print "</table>\n";
		} else {
			print "<table class='table table-bordered table-striped'>\n";
			print "<thead><tr><th colspan='2'>ModSecurity whitelist for $FORM{domain}</th></tr></thead>";
			print "<tr><form action='$script' method='post'><td><input type='hidden' name='action' value='donoff'><input type='hidden' name='domain' value='$FORM{domain}'><input type='hidden' name='user' value='$FORM{user}'><input type='radio' name='choose' value='0'>Off <input type='radio' name='choose' checked value='1'>On</td><td width='100%'><p>You can completely disable ModSecurity on this domain by setting this to Off and clicking the <i>Select</i> button:</p><p><input type='submit' class='btn btn-default' value='Select'></td></form></tr>\n";
			print "<tr><form action='$script' method='post'><td><input type='hidden' name='action' value='thisdomain'><input type='hidden' name='domain' value='$FORM{domain}'><input type='hidden' name='user' value='$FORM{user}'>ModSecurity rule ID list:<br /><textarea style='width:100%;' name='ids' rows='10' cols='10'>";
			foreach my $id (sort keys %ids) {print "$id\n"}
			print "</textarea></td><td width='100%'><p>You can add ModSecurity rule ID numbers that you want to be disabled for this domain.</p><p>You should place one ID number per line. When you have clicked the <i>Save whitelist for $FORM{domain}</i> button: the relevant lines will be added to:</p><p>$stdpath/$FORM{user}/$FORM{domain}/modsec.conf<br>$sslpath/$FORM{user}/$FORM{domain}/modsec.conf</p><p> Then httpd.conf will be rebuilt and apache will be gracefully restarted.</p><p><input type='submit' class='btn btn-default' value='Save whitelist for $FORM{domain}'></td></form></tr>\n";
			print "<tr><form action='$script' method='post'><td colspan='2'><input type='hidden' name='action' value='Modify user whitelist'><input type='hidden' name='user' value='$FORM{user}'><input type='submit' class='btn btn-default' value='Go back'></td></form></tr>\n";
			print "</table>\n";
		}
	} else {
		print "<p>No domain selected<p>\n";
	}
	print "<hr><p><form action='$script' method='post'><input type='submit' class='btn btn-default' value='Return'></form></p>\n";
}
elsif ($FORM{action} eq "donoff") {
	&onoff("$stdpath/$FORM{user}/$FORM{domain}/modsec.conf");
	&onoff("$sslpath/$FORM{user}/$FORM{domain}/modsec.conf");

	print "<table class='table table-bordered table-striped'>\n";
	print "<thead><tr><th  style='text-align:left'>ModSecurity whitelist for $FORM{domain}: ";
	if ($FORM{choose}) {
		print "On";
	} else {
		print "Off";
	}
	print "</th></tr></thead>";
	print "<tr><td>Rebuilding and restarting Apache:<br>";
	print "<pre style='white-space:pre-wrap;'>";
	&printcmd("/usr/local/cpanel/bin/build_apache_conf");
	&printcmd("$apachectl","graceful");
	print "\n..Done</pre>";
	print "</td></tr>\n";
	print "<tr><form action='$script' method='post'><td><input type='hidden' name='action' value='domain'><input type='hidden' name='domain' value='$FORM{domain}'><input type='hidden' name='user' value='$FORM{user}'><input type='submit' class='btn btn-default' value='Go back'></td></form></tr>\n";
	print "</table>\n";
	print "<hr><p><form action='$script' method='post'><input type='submit' class='btn btn-default' value='Return'></form></p>\n";
}
elsif ($FORM{action} eq "thisdomain") {
	&ids("$stdpath/$FORM{user}/$FORM{domain}/modsec.conf");
	&ids("$sslpath/$FORM{user}/$FORM{domain}/modsec.conf");

	print "<table class='table table-bordered table-striped'>\n";
	print "<thead><tr><th  style='text-align:left'>ModSecurity whitelist for $FORM{domain} saved";
	print "</th></tr></thead>";
	print "<tr><td>Rebuilding and restarting Apache:<br>";
	print "<pre style='white-space:pre-wrap;'>";
	&printcmd("/usr/local/cpanel/bin/build_apache_conf");
	&printcmd("$apachectl","graceful");
	print "\n..Done</pre>";
	print "</td></tr>\n";
	print "<tr><form action='$script' method='post'><td><input type='hidden' name='action' value='domain'><input type='hidden' name='domain' value='$FORM{domain}'><input type='hidden' name='user' value='$FORM{user}'><input type='submit' class='btn btn-default' value='Go back'></td></form></tr>\n";
	print "</table>\n";
	print "<hr><p><form action='$script' method='post'><input type='submit' class='btn btn-default' value='Return'></form></p>\n";
}
elsif ($FORM{action} eq "gonoff") {
	&onoff("$apachepath/modsec2.whitelist.conf");

	print "<table class='table table-bordered table-striped'>\n";
	print "<thead><tr><th  style='text-align:left'>ModSecurity global whitelist: ";
	if ($FORM{choose}) {
		print "On";
	} else {
		print "Off";
	}
	print "</th></tr></thead>";
	print "<tr><td>Restarting Apache:<br>";
	print "<pre style='white-space:pre-wrap;'>";
	&printcmd("$apachectl","graceful");
	print "\n..Done</pre>";
	print "</td></tr>\n";
	print "</table>\n";
	print "<hr><p><form action='$script' method='post'><input type='submit' class='btn btn-default' value='Return'></form></p>\n";
}
elsif ($FORM{action} eq "dironoff") {
	my $file = "$apachepath/modsec2.whitelist.conf";
	open (my $FH, "<", $file);
	flock ($FH, LOCK_SH);
	my @data = <$FH>;
	close ($FH);
	chomp @data;
	my $start = 0;
	my $done = 0;
	my $directorymatch = quotemeta($FORM{directorymatch});
	open (my $OUT, ">", $file);
	flock ($OUT, LOCK_EX);
	print $OUT "<IfModule mod_security2.c>\n";
	foreach my $line (@data) {
		if ($line =~ /^\s*<IfModule mod_security2\.c>/) {next}
		if ($line =~ /^\s*<\/IfModule>/) {next}
		if ($line =~ /<DirectoryMatch\s+\'$directorymatch\'>/) {$start = 1}
		if ($start and $line =~ /SecRuleEngine\s/) {next}
		if ($line =~ /<\/DirectoryMatch>/ and $start) {
			$start = 0;
			if ($FORM{choose}) {
			} else {
				print $OUT "\tSecRuleEngine Off\n";
			}
			$done = 1;
		}
		print $OUT "$line\n";
	}
	unless ($done) {
		print $OUT "<DirectoryMatch \'$FORM{directorymatch}\'>\n";
		if ($FORM{choose}) {
		} else {
			print $OUT "\tSecRuleEngine Off\n";
		}
		print $OUT "</DirectoryMatch>\n";
	}
	print $OUT "</IfModule>\n";
	close ($OUT);

	print "<table class='table table-bordered table-striped'>\n";
	print "<thead><tr><th  style='text-align:left'>ModSecurity DirectoryMatch ($FORM{directorymatch}) whitelist: ";
	if ($FORM{choose}) {
		print "On";
	} else {
		print "Off";
	}
	print "</th></tr></thead>";
	print "<tr><td>Restarting Apache:<br>";
	print "<pre style='white-space:pre-wrap;'>";
	&printcmd("$apachectl","graceful");
	print "\n..Done</pre>";
	print "</td></tr>\n";
	print "</table>\n";
	print "<hr><p><form action='$script' method='post'><input type='submit' class='btn btn-default' value='Return'></form></p>\n";
}
elsif ($FORM{action} eq "global") {
	&ids("$apachepath/modsec2.whitelist.conf");

	print "<table class='table table-bordered table-striped'>\n";
	print "<thead><tr><th  style='text-align:left'>ModSecurity global whitelist saved";
	print "</th></tr></thead>";
	print "<tr><td>Restarting Apache:<br>";
	print "<pre style='white-space:pre-wrap;'>";
	&printcmd("$apachectl","graceful");
	print "\n..Done</pre>";
	print "</td></tr>\n";
	print "</table>\n";
	print "<hr><p><form action='$script' method='post'><input type='submit' class='btn btn-default' value='Return'></form></p>\n";
}
elsif ($FORM{action} eq "thisdirectorymatch") {
	my $file = "$apachepath/modsec2.whitelist.conf";
	my @ids = split(/\n|\r/,$FORM{ids});
	chomp @ids;
	open (my $FH, "<", $file);
	flock ($FH, LOCK_SH);
	my @data = <$FH>;
	close ($FH);
	chomp @data;
	my $start = 0;
	my $done = 0;
	my $directorymatch = quotemeta($FORM{directorymatch});
	open (my $OUT, ">", $file);
	flock ($OUT, LOCK_EX);
	print $OUT "<IfModule mod_security2.c>\n";
	foreach my $line (@data) {
		if ($line =~ /^\s*<IfModule mod_security2\.c>/) {next}
		if ($line =~ /^\s*<\/IfModule>/) {next}
		if ($line =~ /<\/DirectoryMatch>/ and $start) {
			$start = 0;
			foreach my $id (@ids) {
				if ($id =~ /^\d+$/) {print $OUT "\tSecRuleRemoveById $id\n"}
			}
			$done = 1;
		}
		if ($start) {next}
		if ($line =~ /<DirectoryMatch\s+\'$directorymatch\'>/) {$start = 1}
		print $OUT "$line\n";
	}
	unless ($done) {
		print $OUT "<DirectoryMatch \'$FORM{directorymatch}\'>\n";
		foreach my $id (@ids) {
			if ($id =~ /^\d+$/) {print $OUT "\tSecRuleRemoveById $id\n"}
		}
		print $OUT "</DirectoryMatch>\n";
	}
	print $OUT "</IfModule>\n";
	close ($OUT);

	print "<table class='table table-bordered table-striped'>\n";
	print "<thead><tr><th  style='text-align:left'>ModSecurity DirectoryMatch ($FORM{directorymatch}) whitelist saved";
	print "</th></tr></thead>";
	print "<tr><td>Restarting Apache:<br>";
	print "<pre style='white-space:pre-wrap;'>";
	&printcmd("$apachectl","graceful");
	print "\n..Done</pre>";
	print "</td></tr>\n";
	print "</table>\n";
	print "<hr><p><form action='$script' method='post'><input type='submit' class='btn btn-default' value='Return'></form></p>\n";
}
elsif ($FORM{action} eq "Remove DirectoryMatch") {
	my $file = "$apachepath/modsec2.whitelist.conf";
	my @ids = split(/\n|\r/,$FORM{ids});
	chomp @ids;
	open (my $FH, "<", $file);
	flock ($FH, LOCK_SH);
	my @data = <$FH>;
	close ($FH);
	chomp @data;
	my $start = 0;
	my $done = 0;
	my $directorymatch = quotemeta($FORM{directorymatch});
	open (my $OUT, ">", $file);
	flock ($OUT, LOCK_EX);
	print $OUT "<IfModule mod_security2.c>\n";
	foreach my $line (@data) {
		if ($line =~ /^\s*<IfModule mod_security2\.c>/) {next}
		if ($line =~ /^\s*<\/IfModule>/) {next}
		if ($line =~ /<\/DirectoryMatch>/ and $start) {next}
		if ($start) {next}
		if ($line =~ /<DirectoryMatch\s+\'$directorymatch\'>/) {
			$start = 1;
			next;
		}
		print $OUT "$line\n";
	}
	print $OUT "</IfModule>\n";
	close ($OUT);

	print "<table class='table table-bordered table-striped'>\n";
	print "<thead><tr><th  style='text-align:left'>ModSecurity DirectoryMatch ($FORM{directorymatch}) whitelist removed";
	print "</th></tr></thead>";
	print "<tr><td>Restarting Apache:<br>";
	print "<pre style='white-space:pre-wrap;'>";
	&printcmd("$apachectl","graceful");
	print "\n..Done</pre>";
	print "</td></tr>\n";
	print "</table>\n";
	print "<hr><p><form action='$script' method='post'><input type='submit' class='btn btn-default' value='Return'></form></p>\n";
}
elsif ($FORM{action} eq "Modify by DirectoryMatch") {
	if ($FORM{directorymatch} eq "" or $FORM{directorymatch} eq "New DirectoryMatch") {
		print "<table class='table table-bordered table-striped'>\n";
		print "<thead><tr><th colspan='2'>ModSecurity DirectoryMatch whitelist</th></tr></thead>";
		print "<tr><form action='$script' method='post'><td><input type='hidden' name='action' value='Modify by DirectoryMatch'><input type='text' name='directorymatch' value='' size='50'></td><td width='100%'><p>Add a DirectoryMatch <a href='http://httpd.apache.org/docs/2.2/mod/core.html#directorymatch' target='_blank'>Apache directive</a> (do not use quotes). This should be a regular expression. Examples:<br>^/home/someuser/public_html/ignore/me/index\\.php<br>^/home/someuser/public_html/ignore/path/</br>/wp-admin/index\\.php</p><p><input type='submit' class='btn btn-default' value='Add DirectoryMatch'></td></form></tr>\n";
		print "</table>\n";
	} else {
		my %ids;
		my $off = 0;
		if (-e "$apachepath/modsec2.whitelist.conf") {
			open (my $FH, "<", "$apachepath/modsec2.whitelist.conf");
			flock ($FH, LOCK_SH);
			my @data = <$FH>;
			close ($FH);
			chomp @data;
			my $start = 0;
			my $directorymatch = quotemeta($FORM{directorymatch});
			foreach my $line (@data) {
				if ($line =~ /<DirectoryMatch\s+\'$directorymatch\'>/) {$start = 1}
				if ($start and $line =~ /SecRuleRemoveById\s+(\d*)/) {$ids{$1} = 1}
				if ($start and $line =~ /SecRuleEngine\s+Off/) {$off = 1}
				if ($line =~ /<\/DirectoryMatch>/) {$start = 0}
			}
		}

		if ($off) {
			print "<table class='table table-bordered table-striped'>\n";
			print "<thead><tr><th colspan='2'>ModSecurity whitelist for DirectoryMatch: $FORM{directorymatch}</th></tr></thead>";
			print "<tr><form action='$script' method='post'><td><input type='hidden' name='action' value='dironoff'><input type='hidden' name='directorymatch' value='$FORM{directorymatch}'><input type='radio' name='choose' checked value='0'>Off <input type='radio' name='choose' value='1'>On</td><td width='100%'><p>You can completely disable ModSecurity for this DirectoryMatch by setting this to Off and clicking the <i>Select</i> button:</p><p><input type='submit' class='btn btn-default' value='Select'></td></form></tr>\n";
			print "</table>\n";
		} else {
			print "<table class='table table-bordered table-striped'>\n";
			print "<thead><tr><th colspan='2'>ModSecurity whitelist for DirectoryMatch: $FORM{directorymatch}</th></tr></thead>";
			print "<tr><form action='$script' method='post'><td><input type='hidden' name='action' value='dironoff'><input type='hidden' name='directorymatch' value='$FORM{directorymatch}'><input type='radio' name='choose' value='0'>Off <input type='radio' name='choose' value='1' checked>On</td><td width='100%'><p>You can completely disable ModSecurity for this DirectoryMatch by setting this to Off and clicking the <i>Select</i> button:</p><p><input type='submit' class='btn btn-default' value='Select'></td></form></tr>\n";
			print "<tr><form action='$script' method='post'><td><input type='hidden' name='action' value='thisdirectorymatch'><input type='hidden' name='directorymatch' value='$FORM{directorymatch}'>ModSecurity rule ID list:<br /><textarea style='width:100%;' name='ids' rows='10' cols='10'>";
			foreach my $id (sort keys %ids) {print "$id\n"}
			print "</textarea></td><td width='100%'><p>You can add ModSecurity rule ID numbers that you want to be disabled for this DirectoryMatch.</p><p>You should place one ID number per line. When you have clicked the <i>Save Whitelist</i> button:</p><p>Then apache will be gracefully restarted.</p><p><input type='submit' class='btn btn-default' value='Save Whitelist'></td></form></tr>\n";
			print "<tr><form action='$script' method='post'><td colspan='2'><input type='submit' class='btn btn-default' value='Go back'></td></form></tr>\n";
			print "</table>\n";
		}
	}
	print "<p><form action='$script' method='post'><input type='submit' class='btn btn-default' value='Remove DirectoryMatch' name='action'><input type='hidden' name='directorymatch' value='$FORM{directorymatch}'></form></p>\n";
	print "<hr><p><form action='$script' method='post'><input type='submit' class='btn btn-default' value='Return'></form></p>\n";
}
elsif ($FORM{action} eq "map") {
	print "<table class='table table-bordered table-striped'>\n";
	&showmap;
	print "</table>\n";
	print "<p class='bs-callout bs-callout-info'>Note: Only users or domain with a modsec.conf containing cmc exceptions will be listed here</p>\n";
	print "<hr><p><form action='$script' method='post'><input type='submit' class='btn btn-default' value='Return'></form></p>\n";
}
elsif ($FORM{action} eq "help") {
	print "<table class='table table-bordered table-striped'>\n";
	print "<thead><tr><th  style='text-align:left'>ConfigServer ModSecurity Help</th></tr></thead>";
	print "<tr><td>";
	print <<EOH;
<p>This utility allows you to:
<ul>
<li>Disable ModSecurity rules that have unique ID numbers on a global, per cPanel user or per hosted domain level.</li>
<li>Disable ModSecurity entirely, also on a global, per cPanel user or per hosted domain level.</li>
<li>Edit files containing ModSecurity configuration settings in $apachepath</li>
<li>View the latest ModSecurity log entries</li>
</ul>
</p>
<p>The requirements for this utility are:
<ul>
<li>Apache v2+</li>
<li>ModSecurity v2.5+ installed via Easyapache</li>
<li>A set of ModSecurity rules each of which uses a unique ID</li>
<li>ModSecurity logging that uses "SecAuditLogParts A...Z"</li>
</ul>
</p>
<p>ModSecurity logs will be detected in the following order, the last found being the one that will be used. If the wrong logs are being shown the other logs should be removed:
<ul>
<li>$apachelogs/audit_log</li>
<li>$apachelogs/modsec_audit.log</li>
<li>$apachelogs/modsec_audit/ (used under mod_ruid2 and mpm_itk)</li>
</ul>
</p>
<p>This utility uses concepts explained in <u><a href="https://documentation.cpanel.net/display/EA4/Modify+Apache+Virtual+Hosts+with+Include+Files" target="_blank">this</a></u> section of the cPanel documentation.<p>
EOH
	print "</td></tr>\n";
	print "</table>\n";
}
else {
	my @modsecfiles;
	my @modsecdirfiles;

	my %ids;
	my @alt;
	my $off = 0;
	if (-e "$apachepath/modsec2.whitelist.conf") {
		open (my $FH, "<", "$apachepath/modsec2.whitelist.conf");
		flock ($FH, LOCK_SH);
		my @data = <$FH>;
		close ($FH);
		chomp @data;
		my $start = 0;
		foreach my $line (@data) {
			if ($line =~ /<DirectoryMatch\s+'(.*)'>/) {push @alt,$1; $start = 1}
			if (!$start and $line =~ /SecRuleRemoveById\s+(\d*)/) {$ids{$1} = 1}
			if (!$start and $line =~ /SecRuleEngine\s+Off/) {$off = 1}
			if ($line =~ /^\s*(<\/DirectoryMatch>)/) {$start = 0}
		}
	} else {
		open (my $FH,">","$apachepath/modsec2.whitelist.conf");
		flock ($FH, LOCK_SH);
		print $FH "\# ConfigServer ModSecurity whitelist file\n";
		close ($FH);
	}

	sysopen (my $FH, "$modsecpath/modsec2.user.conf", O_RDWR | O_CREAT);
	flock ($FH, LOCK_EX);
	my @data = <$FH>;
	chomp @data;
	if ($is_ea4) {
		if (grep {$_ =~ /^\s*Include\s+$apachepath\/modsec2\.whitelist\.conf/} @data) {
			seek ($FH, 0, 0);
			truncate ($FH, 0);
			foreach my $line (@data) {
				if ($line =~ /^\s*Include\s+$apachepath\/modsec2\.whitelist\.conf/) {next}
				if ($line =~ /^\# ConfigServer ModSecurity whitelist file/) {next}
				print $FH "$line\n";
			}
			print "<p>Removing modsec2.whitelist.conf in modsec2.user.conf (not needed in EA4) and gracefully restarting Apache...";
			&printcmd("$apachectl","graceful");
			print "Done</p>\n";
		}
	} else {
		unless ($data[-1] =~ /^\s*Include\s+$apachepath\/modsec2\.whitelist\.conf/) {
			seek ($FH, 0, 0);
			truncate ($FH, 0);
			foreach my $line (@data) {
				if ($line =~ /^\s*Include\s+$apachepath\/modsec2\.whitelist\.conf/) {next}
				if ($line =~ /^\# ConfigServer ModSecurity whitelist file/) {next}
				print $FH "$line\n";
			}
			print $FH "Include $apachepath/modsec2.whitelist.conf\n";
			print "<p>Adding/Relocating modsec2.whitelist.conf in modsec2.user.conf and gracefully restarting Apache...";
			&printcmd("$apachectl","graceful");
			print "Done</p>\n";
		}
	}
	close ($FH);

	opendir (DIR, "$apachepath/");
	while (my $file = readdir (DIR)) {
		if ($file =~ /^(mod_sec|modsec).*\.conf$/i) {
			push @modsecfiles, $file;
		}
		if (-d "$apachepath/$file" and ($file =~ /^(mod_sec|modsec)/i)) {
			opendir (MODDIR, "$apachepath/$file");
			while (my $modfile = readdir (MODDIR)) {
				if ($modfile =~ /^\.|\.\.$/) {next}
				push @modsecdirfiles, "$file/$modfile";
			}
			closedir (MODDIR);
		}
	}
	closedir (DIR);
	@modsecfiles = sort @modsecfiles;
	@modsecdirfiles = sort @modsecdirfiles;

	my @users;
	my %domains;
	opendir (DIR, "/var/cpanel/users") or die $!;
	while (my $user = readdir (DIR)) {
		if ($user =~ /^\./) {next}
		my (undef,undef,undef,undef,undef,undef,undef,$homedir,undef,undef) = getpwnam($user); 
		$homedir =~ /(.*)/;
		$homedir = $1;
		if ($homedir eq "") {next}
		if (not -d "$homedir") {next}
		open (my $IN, "<","/var/cpanel/users/$user");
		flock ($IN, LOCK_SH);
		my @userdata = <$IN>;
		close ($IN);
		chomp @userdata;
		my $domain;
		foreach my $line (@userdata) {
			if ($line =~ /^DNS=(.*)/) {
				$domains{$user} = $1;
				last;
			}
		}
		push (@users, $user);
	}
	closedir (DIR);
	@users = sort @users;

	print "<table class='table table-bordered table-striped'>\n";
	print "<thead><tr><th colspan='2'>ConfigServer ModSecurity Control <a class='btn btn-info modalButton' data-toggle='modal' data-src='$script?action=help' data-height='500px' data-width='100%' data-target='#myModal' title='Help' target='_blank'>Help</a></th></tr></thead>\n";

	if ($off) {
		print "<tr><form action='$script' method='post'><td><input type='hidden' name='action' value='gonoff'><input type='hidden' name='user' value='$FORM{user}'><input type='radio' name='choose' checked value='0'>Off <input type='radio' name='choose' value='1'>On</td><td width='100%'><p>You can completely disable ModSecurity on the server by setting this to Off and clicking the <i>Select</i> button:</p><p><input type='submit' class='btn btn-default' value='Select'></td></form></tr>\n";
	} else {
		print "<tr><form action='$script' method='post'><td><input type='hidden' name='action' value='gonoff'><input type='hidden' name='user' value='$FORM{user}'><input type='radio' name='choose' value='0'>Off <input type='radio' name='choose' checked value='1'>On</td><td width='100%'><p>You can completely disable ModSecurity on the server by setting this to Off and clicking the <i>Select</i> button:</p><p><input type='submit' class='btn btn-default' value='Select'></td></form></tr>\n";
		print "<tr><form action='$script' method='post'><td><input type='hidden' name='action' value='global'><input type='hidden' name='domain' value='$FORM{domain}'><input type='hidden' name='user' value='$FORM{user}'>ModSecurity rule ID list:<br /><textarea style='width:100%;' name='ids' rows='10' cols='10'>";
		foreach my $id (sort keys %ids) {print "$id\n"}
		print "</textarea></td><td width='100%'><p>You can add ModSecurity rule ID numbers that you want to be globally disabled.</p>\n";
		print "<p class='bs-callout bs-callout-info'>You should place one ID number per line. When you have clicked the <i>Save global whitelist</i> button: the relevant lines will be added to $apachepath/modsec2.whitelist.conf which has already been added to the top of $modsecpath/modsec2.user.conf. Then httpd.conf will be rebuilt and apache will be gracefully restarted.</p><p><input type='submit' class='btn btn-default' value='Save global whitelist'></td></form></tr>\n";
		print "<tr><form action='$script' method='post'><td><select name='user' size='10'>";
		foreach my $user (@users) {print "<option value='$user'>$user ($domains{$user})</option>\n"}
		print "</select></td><td width='100%'><p>Alternatively, you can disable rules on a per cPanel account or per domain basis by selecting a user and then clicking:</p><p><input type='submit' class='btn btn-default' name='action' value='Modify user whitelist'></td></form></tr>\n";
		print "<tr><form action='$script' method='post'><td><select name='directorymatch' size='10'>";
		print "<option>New DirectoryMatch</option>\n<option disabled>____________</option>\n";
		foreach my $directorymatch (@alt) {print "<option value='$directorymatch'>$directorymatch</option>\n"}
		print "</select></td><td width='100%'><p>You can disable rules by DirectoryMatch (e.g. ^/home/someuser/public_html/ignore/some/path/)</p><p><input type='submit' class='btn btn-default' name='action' value='Modify by DirectoryMatch'></td></form></tr>\n";
		print "<tr><form action='$script' method='post'><td><input type='hidden' name='action' value='map'>Display cmc user/domain configuration map</td><td width='100%'><input type='submit' class='btn btn-default' value='Show Map'></td></form></tr>\n";
	}
	print "</table><br>\n";

	print "<table class='table table-bordered table-striped'>\n";
	print "<thead><tr><th colspan='2'>ConfigServer ModSecurity Tools</th></tr></thead>";
	print "<tr><form action='$script' method='post'><td><input type='hidden' name='action' value='ms_list'><input type='submit' class='btn btn-default' value='ModSecurity Log'></td><td width='100%'>View the last <input type='text' name='lines' value='20' size='3'> entries in the ModSecurity log file and <input type='checkbox' name='refresh' value='1'> auto-refresh the log view\n";
	print "<p class='bs-callout bs-callout-info'>Note: If your audit_log file is very large it may take some time to process it.</p></td></form></tr>\n";
	print "<tr><form action='$script' method='post'><td><input type='hidden' name='action' value='ms_config'><select name='template' size='10'>\n";
	foreach my $file (@modsecfiles,@modsecdirfiles) {
		if (-f "$apachepath/$file") {print "<option>$file</option>\n"}
	}
	print "</select></td><td width='100%'><p>Edit files containing ModSecurity configuration settings in $apachepath/. After a file has been edited httpd.conf will be rebuilt and apache gracefully restarted.</p><p class='bs-callout bs-callout-info'>Note: Files or directories must be prefixed modsec* or mod_sec* to be detected.</p><p><input type='submit' class='btn btn-default' value='Edit'></td></form></tr>\n";
	print "</table><br>\n";

	print "<table class='table table-bordered table-striped'>\n";
	my ($status, $text) = &urlget("https://$downloadserver/cmc/cmcversion.txt");
	my $actv = $text;
	my $up = 0;

	print "<thead><tr><th colspan='2'>Upgrade</th></tr></thead>";
	if ($actv ne "") {
		if ($actv =~ /^[\d\.]*$/) {
			if ($actv > $myv) {
				print "<tr><form action='$script' method='post'><td><input type='hidden' name='action' value='upgrade'><input type='submit' class='btn btn-default' value='Upgrade cmc'></td><td width='100%'><b>A new version of cmc (v$actv) is available. Upgrading will retain your settings<br><a href='https://$downloadserver/cmc/changelog.txt' target='_blank'>View ChangeLog</a></b></td></form></tr>\n";
			} else {
				print "<tr><td colspan='2'>You appear to be running the latest version of cmc. An Upgrade button will appear here if a new version becomes available</td></tr>\n";
			}
			$up = 1;
		}
	}
	unless ($up) {
		print "<tr><td colspan='2'>Failed to determine the latest version of cmc. An Upgrade button will appear here if new version is detected</td></tr>\n";
	}
	print "</table><br>\n";
	print  "<div class='modal fade' id='myModal' tabindex='-1' role='dialog' aria-labelledby='myModalLabel' aria-hidden='true' data-backdrop='false' style='background-color: rgba(0, 0, 0, 0.5)'>\n";
	print "<div class='modal-dialog modal-lg' $modalstyle>\n";
	print  "<div class='modal-content'>\n";
	print  "<div class='modal-body'>\n";
	print  "<iframe frameborder='0'></iframe>\n";
	print  "</div>\n";
	print  "<div class='modal-footer text-center'>\n";
	print  "<button type='button' id='ModalClose' class='btn btn-default' data-dismiss='modal'>Close</button>\n";
	print  "</div>\n";
	print  "</div><!-- /.modal-content -->\n";
	print  "</div><!-- /.modal-dialog -->\n";
	print  "</div><!-- /.modal -->\n";
	print  "<script>\n";
	print  "\$('a.modalButton').on('click', function(e) {\n";
	print  "var src = \$(this).attr('data-src');\n";
	print  "var height = \$(this).attr('data-height') || 500;\n";
	print  "var width = \$(this).attr('data-width') || 400;\n";
	print  "\$('#myModal iframe').attr({'src':src,\n";
	print  "'height': height,\n";
	print  "'width': width});\n";
	print  "});\n";
	print "\$('.modal').click(function(event){\n";
	print "  \$(event.target).modal('hide')\n";
	print "});\n";
	print  "</script>\n";
}

print "<pre style='white-space:pre-wrap;'>cmc: v$myv</pre>";
print "<p>&copy;2009-2019, <a href='http://www.configserver.com' target='_blank'>ConfigServer Services</a> (Way to the Web Limited)</p>\n";
print <<EOF;
<script>
	\$("#loader").hide();
	\$("#docs-link").hide();
</script>
EOF
unless ($FORM{action} eq "help") {
	close $SCRIPTOUT;
	select STDOUT;
	Cpanel::Template::process_template(
		'whostmgr',
		{
			"template_file" => "${thisapp}.tmpl",
			"${thisapp}_output" => $templatehtml,
			"print"         => 1,
		}
	);
} else {
	print "</div>\n";
	print "</body>\n";
	print "</html>\n";
}

# end main
###############################################################################
# start showmap
sub showmap {
	if (-e "$apachepath/modsec2.whitelist.conf") {
		my %ids;
		open (my $FH, "<", "$apachepath/modsec2.whitelist.conf");
		flock ($FH, LOCK_SH);
		my @data = <$FH>;
		close ($FH);
		chomp @data;
		my $start = 0;
		foreach my $line (@data) {
			if ($line =~ /^\s*(<LocationMatch\s+\.\*>)|(# Start cmc block)/) {$start = 1}
			if ($start and $line =~ /SecRuleRemoveById\s+(\d*)/) {$ids{$1} = 1}
			if ($line =~ /^\s*(<\/LocationMatch>)|(# End cmc block)/) {$start = 0}
		}
		if (%ids) {
			print "<tr><td colspan='3'><b>Global Disabled ID:";
			foreach my $id (sort keys %ids) {print " $id"}
			print "</b></td></tr>\n";
		}
	}
	foreach my $userdir (glob "$stdpath/*") {
		if (-d $userdir) {
			my ($user, $filedir) = fileparse($userdir);
			unless (-f "/var/cpanel/users/$user") {next}
			my $off = 0;
			if (-f "$userdir/modsec.conf") {
				my $start = 0;
				my %ids;
				open (my $FH, "<", "$userdir/modsec.conf");
				flock ($FH, LOCK_SH);
				my @data = <$FH>;
				close ($FH);
				chomp @data;
				foreach my $line (@data) {
					if ($line =~ /^\s*(<LocationMatch\s+\.\*>)|(# Start cmc block)/) {$start = 1}
					if ($start and $line =~ /SecRuleRemoveById\s+(\d*)/) {$ids{$1} = 1}
					if ($start and $line =~ /SecRuleEngine\s+Off/) {$off = 1}
					if ($line =~ /^\s*(<\/LocationMatch>)|(# End cmc block)/) {$start = 0}
				}
				if ($off) {
					print "<tr><td>$user</td><td  style='text-align:left'><b>ModSecurity disabled</b><td width='100%'>&nbsp</td></tr>\n";
				}
				elsif (%ids) {
					print "<tr><td>$user</td><td  style='text-align:left'>ModSecurity enabled<td width='100%'>&nbsp</td></tr>\n";
					print "<tr><td>&nbsp;</td><td  style='text-align:left'><b>User Disabled ID:";
					foreach my $id (keys %ids) {print " $id"}
					print "</b><td width='100%'>&nbsp</td></tr>\n";
				}
			}
			unless ($off) {
				foreach my $domaindir (glob "$userdir/*") {
					if (-d $domaindir) {
						my ($domain, $filedir) = fileparse($domaindir);
						if (-f "$domaindir/modsec.conf") {
							my $start = 0;
							my $off = 0;
							my %ids;
							open (my $FH, "<", "$domaindir/modsec.conf");
							flock ($FH, LOCK_SH);
							my @data = <$FH>;
							close ($FH);
							chomp @data;
							foreach my $line (@data) {
								if ($line =~ /^\s*(<LocationMatch\s+\.\*>)|(# Start cmc block)/) {$start = 1}
								if ($start and $line =~ /SecRuleRemoveById\s+(\d*)/) {$ids{$1} = 1}
								if ($start and $line =~ /SecRuleEngine\s+Off/) {$off = 1}
								if ($line =~ /^\s*(<\/LocationMatch>)|(# End cmc block)/) {$start = 0}
							}
							if ($off) {
								print "<tr><td>&nbsp;</td><td>$domain</td><td width='100%'  style='text-align:left'><b>ModSecurity disabled</b></td></tr>\n";
							}
							elsif (%ids) {
								print "<tr><td>&nbsp;</td><td>$domain</td><td width='100%'  style='text-align:left'><b>Domain Disabled ID:";
								foreach my $id (sort keys %ids) {print " $id"}
								print "</b></td></tr>\n";
							}
						}
					}
				}
			}
		}
	}
	return;
}
# end showmap
###############################################################################
sub wanted {
	if (-f $File::Find::name) {push @files,$File::Find::name}
	return;
}
###############################################################################
sub modsec {
	my $start = 0;
	my $entry;
	my @requests;
	my $log = "$apachelogs/modsec_audit.log";
	my $ruid2_itk = 0;

	my ($childin, $childout);
	my $mypid = open3($childin, $childout, $childout, $apachebin,"-M");
	my @modules = <$childout>;
	waitpid ($mypid, 0);
	chomp @modules;
	if (my @ls = grep {$_ =~ /ruid2_module|mpm_itk_module/} @modules) {
		$ruid2_itk = 1;
		$log = "$apachelogs/modsec_audit/*";
	}

	if ($ruid2_itk) {
		print "<h3>Displaying logs from <code>$apachelogs/modsec_audit/</code></h3>\n";
		find(\&wanted, "$apachelogs/modsec_audit");
		@files = sort { -M $a <=> -M $b } @files;
		@files = reverse @files;
		foreach my $log (@files) {
			sysopen (my $IN, $log, O_RDWR | O_CREAT);
			flock ($IN, LOCK_SH);
			while (my $line = <$IN>) {
				chomp $line;
				if ($line =~ /^\=\=(\w*)\=*$/) {
					$start = $1;
					$entry = "";
				}
				elsif ($line =~ /^\-\-(\w*)\-A\-\-$/) {
					$start = $1;
					$entry = "";
				}
				elsif ($line =~ /^\-\-$start\-\-$/ and $start) {
					push @requests, $entry;
					$start = 0;
					$entry = "";
				}
				elsif ($line =~ /^\-\-$start-Z\-\-$/ and $start) {
					push @requests, $entry;
					$start = 0;
					$entry = "";
				}
				elsif ($start) {
					$entry .= "$line\n";
				}
			}
			close ($IN);
		}
	} else {
		print "<h3>Displaying logs from <code>$log</code></h3>\n";
		sysopen (my $IN, $log, O_RDWR | O_CREAT);
		flock ($IN, LOCK_SH);
		while (my $line = <$IN>) {
			chomp $line;
			if ($line =~ /^\=\=(\w*)\=*$/) {
				$start = $1;
				$entry = "";
			}
			elsif ($line =~ /^\-\-(\w*)\-A\-\-$/) {
				$start = $1;
				$entry = "";
			}
			elsif ($line =~ /^\-\-$start\-\-$/ and $start) {
				push @requests, $entry;
				$start = 0;
				$entry = "";
			}
			elsif ($line =~ /^\-\-$start-Z\-\-$/ and $start) {
				push @requests, $entry;
				$start = 0;
				$entry = "";
			}
			elsif ($start) {
				$entry .= "$line\n";
			}
		}
		close ($IN);
	}
	if ($FORM{refresh}) {
print <<EOF;
<script language="JavaScript">

//Refresh page script- By Brett Taylor (glutnix\@yahoo.com.au)
//Modified by Dynamic Drive for NS4, NS6+
//Visit http://www.dynamicdrive.com for this script

//configure refresh interval (in seconds)
var countDownInterval=10;
//configure width of displayed text, in px (applicable only in NS4)
var c_reloadwidth=200
var page_url = "$script?action=ms_list&lines=$FORM{lines}&refresh=$FORM{refresh}";
</script>


<ilayer id="c_reload" width=&{c_reloadwidth}; ><layer id="c_reload2" width=&{c_reloadwidth}; left=0 top=0></layer></ilayer>

<script>

var countDownTime=countDownInterval+1;
function countDown(){
countDownTime--;
if (countDownTime <0){
countDownTime=countDownInterval;
clearTimeout(counter);
window.location.href=page_url;
return
}
if (document.all) //if IE 4+
document.all.countDownText.innerText = countDownTime+" ";
else if (document.getElementById) //else if NS6+
document.getElementById("countDownText").innerHTML=countDownTime+" "
else if (document.layers){ //CHANGE TEXT BELOW TO YOUR OWN
document.c_reload.document.c_reload2.document.write('<p>This page will <b><u><a href="javascript:window.location.href=page_url">refresh</a></u></b> in <b id="countDownText">'+countDownTime+' </b> seconds</p>')
document.c_reload.document.c_reload2.document.close ()
}
counter=setTimeout("countDown()", 1000);
}

function startit(){
if (document.all||document.getElementById) //CHANGE TEXT BELOW TO YOUR OWN
document.write('<p>This page will <b><u><a href="javascript:window.location.href=page_url">refresh</a></u></b> in <b id="countDownText">'+countDownTime+' </b> seconds</p>')
countDown()
}

if (document.all||document.getElementById)
startit()
else
window.onload=startit

</script>
EOF
	}

	if (@requests > 0) {
		my $start = 0;
		if ($FORM{lines} < @requests) {$start = @requests - $FORM{lines}}
		my $divcnt = 0;
		my $expcnt = @requests - $start;

		print "<style>.submenu {display:none;}</style>\n";
		print "<table class='table table-bordered table-striped'>\n";
		print "<thead><tr><th colspan='4'>ConfigServer ModSecurity Log Entries\n";
		print "<button type='button' class='btn btn-primary glyphicon glyphicon-resize-vertical pull-right' onClick='\$(\".submenu\").toggle();'></button>\n";
		print "</th></tr></thead>\n";
		print "<tr><td>Domain</td><td>Source IP</td><td>Rule ID</td><td width='100%'>Date Stamp</td></tr>\n";
		for (my $x = @requests -1; $x > $start - 1; $x--) {
			$divcnt++;
			$requests[$x] =~ s/\&/\&amp\;/g;
			$requests[$x] =~ s/>/\&gt\;/g;
			$requests[$x] =~ s/</\&lt\;/g;
			my @lines = split(/\n/,$requests[$x]);
			my @data = split(/\s/,$lines[0],8);
			my $span = "<button type='button' class='btn btn-primary glyphicon glyphicon-resize-vertical pull-right' onClick='\$(\"#s$divcnt\").toggle();'></button>";

			my $host;
			my $id;
			if (my @ls = grep {$_ =~ /^Host: /} @lines) {
				if ($ls[0] =~ /^Host: (.*)$/) {$host = $1}
			}
			if ($host eq "") {$host = $data[5]}

			if (my @ls = grep {$_ =~ /\s\[id \"\d+\"\]\s/} @lines) {
				if ($ls[0] =~ /\s\[id \"(\d+)\"\]\s/) {$id = $1}
			}
			if ($id eq "") {$id = "unknown"}

			print "<tr><td><b>$host</b></td><td>$data[3]</td><td><b>$id</b></td><td>$data[0] $data[1] $span</td></tr>\n";

			my $entry = "<div class='submenu' id='s$divcnt'><p>\n";
			my $modsec = "";
			for (my $y = 0;$y < @lines;$y++) {
				if ($lines[$y] =~ /^mod_security-message: (.*)$/) {$modsec = $1}
				if ($lines[$y] =~ /^Message: (.*)$/) {$modsec = $1}
				$lines[$y] =~ s/^([\w\-\_]*):/<b>$1:<\/b>/;
				$entry .= &splitlines($lines[$y])."<br>\n";
				if ($y > 200) {
					$entry .= "... [truncated to 200 lines see audit_log for full entry] ...<br>\n";
					last;
				}
			}
			$entry .= "</p></div>\n";
			if ($modsec =~ /\w*\.\s(.*)$/) {$modsec = $1}
			$modsec = &splitlines($modsec);
			print "<tr><td colspan='4'>$modsec$entry</td></tr>\n";
		}
		print "</table>\n";
	} else {
		print "<p>No entries found in $log</p>\n";
	}
	print "<hr><p><form action='$script' method='post'><input type='submit' class='btn btn-default' value='Return'></form></p>\n";
	return;
}
###############################################################################
# start printcmd
sub printcmd {
	my @command = @_;
	my ($childin, $childout);
	my $pid = open3($childin, $childout, $childout, @command);
	while (<$childout>) {print $_}
	waitpid ($pid, 0);
	return;
}
# end printcmd
###############################################################################
# start onoff
sub onoff {
	my $file = shift;

	open (my $FH, "<", $file);
	flock ($FH, LOCK_SH);
	my @data = <$FH>;
	close ($FH);
	chomp @data;

	my $start = 0;
	my $dmstart = 0;
	open (my $OUT, ">", $file);
	flock ($OUT, LOCK_EX);
	print $OUT "# Do not modify this file directly as it will be overwritten by cmc\n";
	print $OUT "<IfModule mod_security2.c>\n";

	unless ($FORM{choose}) {print $OUT "SecRuleEngine Off\n"}
	
	foreach my $line (@data) {
		if ($line =~ /^\#/) {next}
		if ($line =~ /^\s*<IfModule/) {$start = 1; next}
		if ($line =~ /^\s*<\/IfModule/) {$start = 0; last}
		if ($line =~ /^\s*<DirectoryMatch/) {$dmstart = 1}
		if ($line =~ /^\s*<\/DirectoryMatch/) {$dmstart = 0}
		if (!$dmstart and $line =~ /^\s*SecRuleEngine/) {next}
		if ($start) {print $OUT $line."\n";}
	}
	print $OUT "</IfModule>\n";

	close ($OUT);

	return;
}
# end onoff
###############################################################################
# start ids
sub ids {
	my $file = shift;
	my @ids = split(/\n|\r/,$FORM{ids});
	chomp @ids;

	open (my $FH, "<", $file);
	flock ($FH, LOCK_SH);
	my @data = <$FH>;
	close ($FH);
	chomp @data;

	my $start = 0;
	open (my $OUT, ">", $file);
	flock ($OUT, LOCK_EX);
	print $OUT "# Do not modify this file directly as it will be overwritten by cmc\n";
	print $OUT "<IfModule mod_security2.c>\n";
	
	foreach my $line (@data) {
		if ($line =~ /^\s*<DirectoryMatch/) {$start = 1}
		if ($start) {print $OUT $line."\n";}
		if ($line =~ /^\s*<\/DirectoryMatch/) {$start = 0}
	}
	
	foreach my $id (@ids) {
		if ($id =~ /^\d+$/) {print $OUT "SecRuleRemoveById $id\n"}
	}
	
	print $OUT "<LocationMatch .*>\n";
	foreach my $id (@ids) {
		if ($id =~ /^\d+$/) {print $OUT "\tSecRuleRemoveById $id\n"}
	}
	print $OUT "</LocationMatch>\n";
	
	print $OUT "</IfModule>\n";
	close ($OUT);

	return;
}
# end ids
###############################################################################
# start splitlines
sub splitlines {
	my $line = shift;
	my $cnt = 0;
	my $newline;
	for (my $x = 0;$x < length($line) ;$x++) {
		if ($cnt > 120) {
			$cnt = 0;
			$newline .= "<WBR>";
		}
		my $letter = substr($line,$x,1);
		if ($letter =~ /\s/) {
			$cnt = 0;
		} else {
			$cnt++;
		}
		$newline .= $letter;
	}

	return $newline;
}
# end splitlines
###############################################################################

###############################################################################
# start urlget (v1.3)
#
# Examples:
#my ($status, $text) = &urlget("http://prdownloads.sourceforge.net/clamav/clamav-0.92.tar.gz","/tmp/clam.tgz");
#if ($status) {print "Oops: $text\n"}
#
#my ($status, $text) = &urlget("http://www.configserver.com/free/msfeversion.txt");
#if ($status) {print "Oops: $text\n"} else {print "Version: $text\n"}
#
sub urlget {
	my $url = shift;
	my $file = shift;
	my $status = 0;
	my $timeout = 1200;
	local $SIG{PIPE} = 'IGNORE';

	use LWP::UserAgent;
	my $ua = LWP::UserAgent->new;
	$ua->timeout(30);
	my $req = HTTP::Request->new(GET => $url);
	my $res;
	my $text;

	($status, $text) = eval {
		local $SIG{__DIE__} = undef;
		local $SIG{'ALRM'} = sub {die "Download timeout after $timeout seconds"};
		alarm($timeout);
		if ($file) {
			local $|=1;
			my $expected_length;
			my $bytes_received = 0;
			my $per = 0;
			my $oldper = 0;
			open (my $OUT, ">", "$file\.tmp") or return (1, "Unable to open $file\.tmp: $!");
			flock ($OUT, LOCK_EX);
			binmode ($OUT);
			print "...0\%\n";
			$res = $ua->request($req,
				sub {
				my($chunk, $res) = @_;
				$bytes_received += length($chunk);
				unless (defined $expected_length) {$expected_length = $res->content_length || 0}
				if ($expected_length) {
					my $per = int(100 * $bytes_received / $expected_length);
					if ((int($per / 5) == $per / 5) and ($per != $oldper)) {
						print "...$per\%\n";
						$oldper = $per;
					}
				} else {
					print ".";
				}
				print $OUT $chunk;
			});
			close ($OUT);
			print "\n";
		} else {
			$res = $ua->request($req);
		}
		alarm(0);
		if ($res->is_success) {
			if ($file) {
				rename ("$file\.tmp","$file") or return (1, "Unable to rename $file\.tmp to $file: $!");
				return (0, $file);
			} else {
				return (0, $res->content);
			}
		} else {
			return (1, "Unable to download: ".$res->message);
		}
	};
	alarm(0);
	if ($@) {
		return (1, $@);
	}
	if ($text) {
		return ($status,$text);
	} else {
		return (1, "Download timeout after $timeout seconds");
	}
}
# end urlget
###############################################################################
## start getdownloadserver
sub getdownloadserver {
	my @servers;
	my $downloadservers = "/usr/local/cpanel/whostmgr/docroot/cgi/configserver/cmc/downloadservers";
	my $chosen;
	if (-e $downloadservers) {
		open (my $DOWNLOAD, "<", $downloadservers);
		flock ($DOWNLOAD, LOCK_SH);
		my @data = <$DOWNLOAD>;
		close ($DOWNLOAD);
		chomp @data;
		foreach my $line (@data) {
			if ($line =~ /^download/) {push @servers, $line}
		}
##		foreach my $line (slurp($downloadservers)) {
##			$line =~ s/$cleanreg//g;
##			if ($line =~ /^download/) {push @servers, $line}
##		}
		$chosen = $servers[rand @servers];
	}
	if ($chosen eq "") {$chosen = "download.configserver.com"}
	return $chosen;
}
## end getdownloadserver
###############################################################################

1;

Youez - 2016 - github.com/yon3zu
LinuXploit