gitlabFork/ISPConfig3.git - Solinfo Gitblit

			@@ -208,7 +208,13 @@
			break;

			case 'INTEGER':
			$new_record[$key] = intval($record[$key]);
			//* We use + 0 to force the string to be a number as
			//* intval return value is too limited on 32bit systems
			if(intval($record[$key]) == 2147483647) {
			$new_record[$key] = $record[$key] + 0;
			} else {
			$new_record[$key] = intval($record[$key]);
			}
			break;

			case 'DOUBLE':
			@@ -294,7 +300,7 @@
			* @return record
			*/
			function encode($record) {

			global $app;
			if(is_array($record)) {
			foreach($this->formDef['fields'] as $key => $field) {

			@@ -303,14 +309,14 @@
			switch ($field['datatype']) {
			case 'VARCHAR':
			if(!@is_array($record[$key])) {
			$new_record[$key] = (isset($record[$key]))?mysql_real_escape_string($record[$key]):'';
			$new_record[$key] = (isset($record[$key]))?$app->db->quote($record[$key]):'';
			} else {
			$new_record[$key] = implode($field['separator'],$record[$key]);
			}
			break;
			case 'TEXT':
			if(!is_array($record[$key])) {
			$new_record[$key] = mysql_real_escape_string($record[$key]);
			$new_record[$key] = $app->db->quote($record[$key]);
			} else {
			$new_record[$key] = implode($field['separator'],$record[$key]);
			}
			@@ -325,10 +331,18 @@
			break;
			case 'DATE':
			if($record[$key] != '' && $record[$key] != '0000-00-00') {
			list($tag,$monat,$jahr) = explode('.',$record[$key]);
			$new_record[$key] = $jahr.'-'.$monat.'-'.$tag;
			//$tmp = strptime($record[$key],$this->dateformat);
			//$new_record[$key] = ($tmp['tm_year']+1900).'-'.($tmp['tm_mon']+1).'-'.$tmp['tm_mday'];
			if(function_exists('date_parse_from_format')) {
			$date_parts = date_parse_from_format($this->dateformat,$record[$key]);
			//list($tag,$monat,$jahr) = explode('.',$record[$key]);
			$new_record[$key] = $date_parts['year'].'-'.$date_parts['month'].'-'.$date_parts['day'];
			//$tmp = strptime($record[$key],$this->dateformat);
			//$new_record[$key] = ($tmp['tm_year']+1900).'-'.($tmp['tm_mon']+1).'-'.$tmp['tm_mday'];
			} else {
			//$tmp = strptime($record[$key],$this->dateformat);
			//$new_record[$key] = ($tmp['tm_year']+1900).'-'.($tmp['tm_mon']+1).'-'.$tmp['tm_mday'];
			$tmp = strtotime($record[$key]);
			$new_record[$key] = date('Y-m-d',$tmp);
			}
			} else {
			$new_record[$key] = '0000-00-00';
			}
			@@ -339,7 +353,7 @@
			//if($key == 'refresh') die($record[$key]);
			break;
			case 'DOUBLE':
			$new_record[$key] = mysql_real_escape_string($record[$key]);
			$new_record[$key] = $app->db->quote($record[$key]);
			break;
			case 'CURRENCY':
			$new_record[$key] = str_replace(",",".",$record[$key]);
			@@ -398,21 +412,21 @@
			if(!preg_match($validator['regex'], $field_value)) {
			$errmsg = $validator['errmsg'];
			if(isset($this->wordbook[$errmsg])) {
			$this->errorMessage .= $this->wordbook[$errmsg]."<br>\r\n";
			$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
			} else {
			$this->errorMessage .= $errmsg."<br>\r\n";
			$this->errorMessage .= $errmsg."<br />\r\n";
			}
			}
			break;
			case 'UNIQUE':
			if($this->action == 'INSERT') {
			if($this->action == 'NEW') {
			$num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM ".$escape.$this->formDef['db_table'].$escape. " WHERE $field_name = '".$app->db->quote($field_value)."'");
			if($num_rec["number"] > 0) {
			$errmsg = $validator['errmsg'];
			if(isset($this->wordbook[$errmsg])) {
			$this->errorMessage .= $this->wordbook[$errmsg]."<br>\r\n";
			$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
			} else {
			$this->errorMessage .= $errmsg."<br>\r\n";
			$this->errorMessage .= $errmsg."<br />\r\n";
			}
			}
			} else {
			@@ -420,9 +434,9 @@
			if($num_rec["number"] > 0) {
			$errmsg = $validator['errmsg'];
			if(isset($this->wordbook[$errmsg])) {
			$this->errorMessage .= $this->wordbook[$errmsg]."<br>\r\n";
			$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
			} else {
			$this->errorMessage .= $errmsg."<br>\r\n";
			$this->errorMessage .= $errmsg."<br />\r\n";
			}
			}
			}
			@@ -431,42 +445,112 @@
			if(empty($field_value)) {
			$errmsg = $validator['errmsg'];
			if(isset($this->wordbook[$errmsg])) {
			$this->errorMessage .= $this->wordbook[$errmsg]."<br>\r\n";
			$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
			} else {
			$this->errorMessage .= $errmsg."<br>\r\n";
			$this->errorMessage .= $errmsg."<br />\r\n";
			}
			}
			break;
			case 'ISEMAIL':
			if(!preg_match("/^\w+[\w.-]\w+@\w+[\w.-]\w+\.[a-z]{2,10}$/i", $field_value)) {
			if(function_exists('filter_var')) {
			if(!filter_var($field_value, FILTER_VALIDATE_EMAIL)) {
			$errmsg = $validator['errmsg'];
			if(isset($this->wordbook[$errmsg])) {
			$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
			} else {
			$this->errorMessage .= $errmsg."<br />\r\n";
			}
			}
			} else {
			if(!preg_match("/^\w+[\w\.\-\+]\w{0,}@\w+[\w.-]\w+\.[a-zA-Z0-9\-]{2,30}$/i", $field_value)) {
			$errmsg = $validator['errmsg'];
			if(isset($this->wordbook[$errmsg])) {
			$this->errorMessage .= $this->wordbook[$errmsg]."<br>\r\n";
			$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
			} else {
			$this->errorMessage .= $errmsg."<br>\r\n";
			$this->errorMessage .= $errmsg."<br />\r\n";
			}
			}
			}
			break;
			case 'ISINT':
			if(function_exists('filter_var')) {
			if(!filter_var($field_value, FILTER_VALIDATE_INT)) {
			$errmsg = $validator['errmsg'];
			if(isset($this->wordbook[$errmsg])) {
			$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
			} else {
			$this->errorMessage .= $errmsg."<br />\r\n";
			}
			}
			} else {
			$tmpval = intval($field_value);
			if($tmpval === 0 and !empty($field_value)) {
			$errmsg = $validator['errmsg'];
			if(isset($this->wordbook[$errmsg])) {
			$this->errorMessage .= $this->wordbook[$errmsg]."<br>\r\n";
			$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
			} else {
			$this->errorMessage .= $errmsg."<br>\r\n";
			$this->errorMessage .= $errmsg."<br />\r\n";
			}
			}
			}
			break;
			case 'ISPOSITIVE':
			if(!is_numeric($field_value) \|\| $field_value <= 0){
			$errmsg = $validator['errmsg'];
			if(isset($this->wordbook[$errmsg])) {
			$this->errorMessage .= $this->wordbook[$errmsg]."<br>\r\n";
			$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
			} else {
			$this->errorMessage .= $errmsg."<br>\r\n";
			$this->errorMessage .= $errmsg."<br />\r\n";
			}
			}
			break;
			case 'ISIPV4':
			$vip=1;
			if(preg_match("/^[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}$/", $field_value)){
			$groups=explode(".",$field_value);
			foreach($groups as $group){
			if($group<0 OR $group>255)
			$vip=0;
			}
			}else{$vip=0;}
			if($vip==0) {
			$errmsg = $validator['errmsg'];
			if(isset($this->wordbook[$errmsg])) {
			$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
			} else {
			$this->errorMessage .= $errmsg."<br />\r\n";
			}
			}
			break;
			case 'ISIP':
			//* Check if its a IPv4 or IPv6 address
			if(function_exists('filter_var')) {
			if(!filter_var($field_value,FILTER_VALIDATE_IP)) {
			$errmsg = $validator['errmsg'];
			if(isset($this->wordbook[$errmsg])) {
			$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
			} else {
			$this->errorMessage .= $errmsg."<br />\r\n";
			}
			}
			} else {
			//* Check content with regex, if we use php < 5.2
			$ip_ok = 0;
			if(preg_match("/^(\:\:([a-f0-9]{1,4}\:){0,6}?[a-f0-9]{0,4}\|[a-f0-9]{1,4}(\:[a-f0-9]{1,4}){0,6}?\:\:\|[a-f0-9]{1,4}(\:[a-f0-9]{1,4}){1,6}?\:\:([a-f0-9]{1,4}\:){1,6}?[a-f0-9]{1,4})(\/\d{1,3})?$/i", $field_value)){
			$ip_ok = 1;
			}
			if(preg_match("/^[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}$/", $field_value)){
			$ip_ok = 1;
			}
			if($ip_ok == 0) {
			$errmsg = $validator['errmsg'];
			if(isset($this->wordbook[$errmsg])) {
			$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
			} else {
			$this->errorMessage .= $errmsg."<br />\r\n";
			}
			}
			}
			break;
			case 'CUSTOM':
			// Calls a custom class to validate this record
			@@ -476,7 +560,7 @@
			$app->uses($validator_class);
			$this->errorMessage .= $app->$validator_class->$validator_function($field_name, $field_value, $validator);
			} else {
			$this->errorMessage .= "Custom validator class or function is empty<br>\r\n";
			$this->errorMessage .= "Custom validator class or function is empty<br />\r\n";
			}
			break;
			default:
			@@ -522,19 +606,16 @@
			if($field['formtype'] == 'PASSWORD') {
			$sql_insert_key .= "`$key`, ";
			if($field['encryption'] == 'CRYPT') {
			$salt="$1$";
			$base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
			for ($n=0;$n<8;$n++) {
			//$salt.=chr(mt_rand(64,126));
			$salt.=$base64_alphabet[mt_rand(0,63)];
			}
			$salt.="$";
			// $salt = substr(md5(time()),0,2);
			$record[$key] = crypt($record[$key],$salt);
			$record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
			$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
			} elseif ($field['encryption'] == 'MYSQL') {
			$sql_insert_val .= "PASSWORD('".$app->db->quote($record[$key])."'), ";
			} elseif ($field['encryption'] == 'CLEARTEXT') {
			$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
			} else {
			$record[$key] = md5($record[$key]);
			$record[$key] = md5(stripslashes($record[$key]));
			$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
			}
			$sql_insert_val .= "'".$record[$key]."', ";
			} elseif ($field['formtype'] == 'CHECKBOX') {
			$sql_insert_key .= "`$key`, ";
			if($record[$key] == '') {
			@@ -549,21 +630,19 @@
			$sql_insert_val .= "'".$record[$key]."', ";
			}
			} else {

			if($field['formtype'] == 'PASSWORD') {
			if($field['encryption'] == 'CRYPT') {
			$salt="$1$";
			$base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
			for ($n=0;$n<8;$n++) {
			//$salt.=chr(mt_rand(64,126));
			$salt.=$base64_alphabet[mt_rand(0,63)];
			}
			$salt.="$";
			// $salt = substr(md5(time()),0,2);
			$record[$key] = crypt($record[$key],$salt);
			if(isset($field['encryption']) && $field['encryption'] == 'CRYPT') {
			$record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
			$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
			} elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') {
			$sql_update .= "`$key` = PASSWORD('".$app->db->quote($record[$key])."'), ";
			} elseif (isset($field['encryption']) && $field['encryption'] == 'CLEARTEXT') {
			$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
			} else {
			$record[$key] = md5($record[$key]);
			$record[$key] = md5(stripslashes($record[$key]));
			$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
			}
			$sql_update .= "`$key` = '".$record[$key]."', ";
			} elseif ($field['formtype'] == 'CHECKBOX') {
			if($record[$key] == '') {
			// if a checkbox is not set, we set it to the unchecked value
			@@ -647,7 +726,11 @@
			foreach($primary_id as $key => $val) {
			$key = $app->db->quote($key);
			$val = $app->db->quote($val);
			$sql_where .= "$key = '$val' AND ";
			if(stristr($val,'%')) {
			$sql_where .= "$key like '$val' AND ";
			} else {
			$sql_where .= "$key = '$val' AND ";
			}
			}
			$sql_where = substr($sql_where,0,-5);
			$sql = "SELECT * FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$sql_where;
			@@ -685,17 +768,20 @@
			$language = $app->db->quote($params["language"]);
			$groupid = $app->db->datalogInsert('sys_group', "(name,description,client_id) VALUES ('$username','','$insert_id')", 'groupid');
			$groups = $groupid;
			$password = $app->auth->crypt_password(stripslashes($password));
			$sql1 = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id)
			VALUES ('$username',md5('$password'),'$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,$insert_id)";
			VALUES ('$username','$password','$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,$insert_id)";
			$app->db->query($sql1);
			}

			function ispconfig_sysuser_update($params,$client_id){
			global $app;
			$username = $app->db->quote($params["username"]);
			$password = $app->db->quote($params["password"]);
			$clear_password = $app->db->quote($params["password"]);
			$client_id = intval($client_id);
			$sql = "UPDATE sys_user set username = '$username', passwort = md5('$password') WHERE client_id = $client_id";
			$password = $app->auth->crypt_password(stripslashes($clear_password));
			if ($clear_password) $pwstring = ", passwort = '$password'"; else $pwstring ="" ;
			$sql = "UPDATE sys_user set username = '$username' $pwstring WHERE client_id = $client_id";
			$app->db->query($sql);
			}

			@@ -704,6 +790,8 @@
			$client_id = intval($client_id);
			$sql = "DELETE FROM sys_user WHERE client_id = $client_id";
			$app->db->query($sql);
			$sql = "DELETE FROM sys_group WHERE client_id = $client_id";
			$app->db->query($sql);
			}

			function datalogSave($action,$primary_id, $record_old, $record_new) {