- changed code to use new method of passing values to datalogUpdate and dat...

Marius Cramer

2015-04-15 3a11d23a2f32a1b9b2ec43429917c000017c5eff

 interface/lib/classes/tform_base.inc.php

@@ -270,6 +270,7 @@
         unset($tmp_recordid);

         $querystring = str_replace("{AUTHSQL}", $this->getAuthSQL('r'), $querystring);
         $querystring = preg_replace_callback('@{AUTHSQL::(.+?)}@', create_function('$matches','global $app; $tmp = $app->tform->getAuthSQL("r", $matches[1]); return $tmp;'), $querystring);

         // Getting the records
         $tmp_records = $app->db->queryAllRecords($querystring);
@@ -311,7 +312,12 @@

   }


   /*
   function table_auth_sql($matches){
      return $this->getAuthSQL('r', $matches[1]);
   }
   */
	
   /**
    * Get the key => value array of a form filled from a datasource definitiom
    *
@@ -341,7 +347,7 @@
            return $values;
         } else {
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client = $app->db->queryOneRecord("SELECT ".$limit_parts[1]." as lm FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
            $client = $app->db->queryOneRecord("SELECT ".$limit_parts[1]." as lm FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
            $allowed = explode(',', $client['lm']);
         }
      }
@@ -353,19 +359,19 @@
         } else {
            //* Get the limits of the client that is currently logged in
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client = $app->db->queryOneRecord("SELECT parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
            $client = $app->db->queryOneRecord("SELECT parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
            //echo "SELECT parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id";
            //* If the client belongs to a reseller, we will check against the reseller Limit too
            if($client['parent_client_id'] != 0) {

               //* first we need to know the groups of this reseller
               $tmp = $app->db->queryOneRecord("SELECT userid, groups FROM sys_user WHERE client_id = ".$client['parent_client_id']);
               $tmp = $app->db->queryOneRecord("SELECT userid, groups FROM sys_user WHERE client_id = ?", $client['parent_client_id']);
               $reseller_groups = $tmp["groups"];
               $reseller_userid = $tmp["userid"];

               // Get the limits of the reseller of the logged in client
               $client_group_id = $_SESSION["s"]["user"]["default_group"];
               $reseller = $app->db->queryOneRecord("SELECT ".$limit_parts[1]." as lm FROM client WHERE client_id = ".$client['parent_client_id']);
               $reseller = $app->db->queryOneRecord("SELECT ".$limit_parts[1]." as lm FROM client WHERE client_id = ?", $client['parent_client_id']);
               $allowed = explode(',', $reseller['lm']);
            } else {
               return $values;
@@ -847,7 +853,7 @@
            if($validator['allowempty'] != 'y') $validator['allowempty'] = 'n';
            if($validator['allowempty'] == 'n' || ($validator['allowempty'] == 'y' && $field_value != '')){
               if($this->action == 'NEW') {
                  $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM ".$escape.$this->formDef['db_table'].$escape. " WHERE $field_name = '".$app->db->quote($field_value)."'");
                  $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM ?? WHERE ?? = ?", $this->formDef['db_table'], $field_name, $field_value);
                  if($num_rec["number"] > 0) {
                     $errmsg = $validator['errmsg'];
                     if(isset($this->wordbook[$errmsg])) {
@@ -857,7 +863,7 @@
                     }
                  }
               } else {
                  $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM ".$escape.$this->formDef['db_table'].$escape. " WHERE $field_name = '".$app->db->quote($field_value)."' AND ".$this->formDef['db_table_idx']." != ".$this->primary_id);
                  $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM ?? WHERE ?? = ? AND ?? != ?", $this->formDef['db_table'], $field_name, $field_value, $this->formDef['db_table_idx'], $this->primary_id);
                  if($num_rec["number"] > 0) {
                     $errmsg = $validator['errmsg'];
                     if(isset($this->wordbook[$errmsg])) {
@@ -941,37 +947,54 @@
               }
            }
            break;
         case 'V6PREFIXEND':
            $explode_field_value = explode(':',$field_value);
//            if ($explode_field_value[count($explode_field_value)-1]=='' && $explode_field_value[count($explode_field_value)-2]=='' ){ }
            if (!$explode_field_value[count($explode_field_value)-1]=='' && $explode_field_value[count($explode_field_value)-2]!='' ) {
               $errmsg = $validator['errmsg'];
               if(isset($this->wordbook[$errmsg])) {
                  $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
               } else {
                  $this->errorMessage .= $errmsg."<br />\r\n";
               }
            }
            break;
         case 'V6PREFIXLENGTH':
            // find shortes ipv6 subnet can`t be longer
            $sql_v6 = $app->db->queryOneRecord("SELECT ip_address FROM server_ip WHERE ip_type = 'IPv6' AND virtualhost = 'y' ORDER BY CHAR_LENGTH(ip_address) ASC LIMIT 0,1;");
            $sql_v6_explode=explode(':',$sql_v6['ip_address']);
            $explode_field_value = explode(':',$field_value);
            if (count($sql_v6_explode) < count($explode_field_value) && isset($sql_v6['ip_address'])) {
               $errmsg = $validator['errmsg'];
               if(isset($this->wordbook[$errmsg])) {
                  $this->errorMessage .= $this->wordbook[$errmsg].$sql_v6[ip_address]."<br />\r\n";
               } else {
                  $this->errorMessage .= $errmsg."<br />\r\n";
               }
            }
            break;
         case 'ISV6PREFIX':
            $v6_prefix_ok = 0;
            $explode_field_value = explode(':', $field_value);
            $v6_prefix_ok=0;
            $explode_field_value = explode(':',$field_value);
            if ($explode_field_value[count($explode_field_value)-1]=='' && $explode_field_value[count($explode_field_value)-2]=='' ){
               if ( count($explode_field_value) <= 9 ) {
                  if(filter_var(substr($field_value, 0, strlen($field_value)-2), FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) or filter_var(substr($field_value, 0, strlen($field_value)-2).'::0', FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) or filter_var(substr($field_value, 0, strlen($field_value)-2).':0', FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) ) {
                  if (filter_var(substr($field_value,0,strlen($field_value)-2),FILTER_VALIDATE_IP,FILTER_FLAG_IPV6) or filter_var(substr($field_value,0,strlen($field_value)-2).'::0',FILTER_VALIDATE_IP,FILTER_FLAG_IPV6) or filter_var(substr($field_value,0,strlen($field_value)-2).':0',FILTER_VALIDATE_IP,FILTER_FLAG_IPV6) ) {
                     $v6_prefix_ok = 1;
                  }
               }
            } else {
               $v6_prefix_ok = 2;
            }
            // check subnet against defined server-ipv6
            $sql_v6 = $app->db->queryOneRecord("SELECT ip_address FROM server_ip WHERE ip_type = 'IPv6' AND virtualhost = 'y' LIMIT 0,1");
            $sql_v6_explode=explode(':', $sql_v6['ip_address']);
            if ( count($sql_v6_explode) < count($explode_field_value) && isset($sql_v6['ip_address']) )  {
               $v6_prefix_ok = 3;
            }
            if($v6_prefix_ok == 0) {
            if($v6_prefix_ok <> 1) {
               $errmsg = $validator['errmsg'];
            }
            if($v6_prefix_ok == 2) {
               $errmsg = 'IPv6 Prefix must end with ::';
            }
            if($v6_prefix_ok == 3) {
               $errmsg = 'IPv6 Prefix too long (according to Server IP Addresses)';
            }
            if($v6_prefix_ok <> 1){
               $this->errorMessage .= $errmsg."<br />\r\n";
               if(isset($this->wordbook[$errmsg])) {
                  $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
               } else {
                  $this->errorMessage .= $errmsg."<br />\r\n";
               }
            }
            break;



         case 'ISIPV4':
            $vip=1;
            if(preg_match("/^[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}$/", $field_value)){
@@ -1085,6 +1108,7 @@
    * @param primary_id
    * @return record
    */
    /* TODO: check for double quoting */
   protected function _getSQL($record, $tab, $action = 'INSERT', $primary_id = 0, $sql_ext_where = '', $api = false) {

      global $app;
@@ -1116,7 +1140,7 @@
                        $record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
                        $sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
                     } elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') {
                        $tmp = $app->db->queryOneRecord("SELECT PASSWORD('".$app->db->quote(stripslashes($record[$key]))."') as `crypted`");
                        $tmp = $app->db->queryOneRecord("SELECT PASSWORD(?) as `crypted`", stripslashes($record[$key]));
                        $record[$key] = $tmp['crypted'];
                        $sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
                     } else {
@@ -1144,7 +1168,7 @@
                        $record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
                        $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
                     } elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') {
                        $tmp = $app->db->queryOneRecord("SELECT PASSWORD('".$app->db->quote(stripslashes($record[$key]))."') as `crypted`");
                        $tmp = $app->db->queryOneRecord("SELECT PASSWORD(?) as `crypted`", stripslashes($record[$key]));
                        $record[$key] = $tmp['crypted'];
                        $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
                     } else {
@@ -1336,8 +1360,8 @@
   function getDataRecord($primary_id) {
      global $app;
      $escape = '`';
      $sql = "SELECT * FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$this->formDef['db_table_idx']." = ".$primary_id." AND ".$this->getAuthSQL('r', $this->formDef['db_table']);
      return $app->db->queryOneRecord($sql);
      $sql = "SELECT * FROM ?? WHERE ?? = ? AND ".$this->getAuthSQL('r', $this->formDef['db_table']);
      return $app->db->queryOneRecord($sql, $this->formDef['db_table'], $this->formDef['db_table_idx'], $primary_id);
   }


@@ -1349,7 +1373,7 @@
   }

   function getAuthSQL($perm, $table = '') {
      if($_SESSION["s"]["user"]["typ"] == 'admin') {
      if($_SESSION["s"]["user"]["typ"] == 'admin' || $_SESSION['s']['user']['mailuser_id'] > 0) {
         return '1';
      } else {
         if ($table != ''){