gitlabFork/ISPConfig3.git - Solinfo Gitblit

			@@ -44,9 +44,9 @@
			* Tabellendefinition
			*
			* Datentypen:
			* - INTEGER (Wandelt Ausdrücke in Int um)
			* - INTEGER (Wandelt Ausdr�cke in Int um)
			* - DOUBLE
			* - CURRENCY (Formatiert Zahlen nach Währungsnotation)
			* - CURRENCY (Formatiert Zahlen nach W�hrungsnotation)
			* - VARCHAR (kein weiterer Format Check)
			* - DATE (Datumsformat, Timestamp Umwandlung)
			*
			@@ -60,10 +60,10 @@
			* - Wert oder Array
			*
			* SEPARATOR
			* - Trennzeichen für multiple Felder
			* - Trennzeichen f�r multiple Felder
			*
			* Hinweis:
			* Das ID-Feld ist nicht bei den Table Values einzufügen.
			* Das ID-Feld ist nicht bei den Table Values einzuf�gen.
			*/

			class remoting_lib {
			@@ -121,7 +121,7 @@
			function loadFormDef($file) {
			global $app,$conf;

			include_once($file);
			include($file);

			$this->formDef = $form;
			unset($this->formDef['tabs']);
			@@ -208,7 +208,13 @@
			break;

			case 'INTEGER':
			$new_record[$key] = intval($record[$key]);
			//* We use + 0 to force the string to be a number as
			//* intval return value is too limited on 32bit systems
			if(intval($record[$key]) == 2147483647) {
			$new_record[$key] = $record[$key] + 0;
			} else {
			$new_record[$key] = intval($record[$key]);
			}
			break;

			case 'DOUBLE':
			@@ -294,7 +300,7 @@
			* @return record
			*/
			function encode($record) {

			global $app;
			if(is_array($record)) {
			foreach($this->formDef['fields'] as $key => $field) {

			@@ -303,14 +309,14 @@
			switch ($field['datatype']) {
			case 'VARCHAR':
			if(!@is_array($record[$key])) {
			$new_record[$key] = (isset($record[$key]))?mysql_real_escape_string($record[$key]):'';
			$new_record[$key] = (isset($record[$key]))?$app->db->quote($record[$key]):'';
			} else {
			$new_record[$key] = implode($field['separator'],$record[$key]);
			}
			break;
			case 'TEXT':
			if(!is_array($record[$key])) {
			$new_record[$key] = mysql_real_escape_string($record[$key]);
			$new_record[$key] = $app->db->quote($record[$key]);
			} else {
			$new_record[$key] = implode($field['separator'],$record[$key]);
			}
			@@ -347,7 +353,7 @@
			//if($key == 'refresh') die($record[$key]);
			break;
			case 'DOUBLE':
			$new_record[$key] = mysql_real_escape_string($record[$key]);
			$new_record[$key] = $app->db->quote($record[$key]);
			break;
			case 'CURRENCY':
			$new_record[$key] = str_replace(",",".",$record[$key]);
			@@ -406,21 +412,21 @@
			if(!preg_match($validator['regex'], $field_value)) {
			$errmsg = $validator['errmsg'];
			if(isset($this->wordbook[$errmsg])) {
			$this->errorMessage .= $this->wordbook[$errmsg]."<br>\r\n";
			$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
			} else {
			$this->errorMessage .= $errmsg."<br>\r\n";
			$this->errorMessage .= $errmsg."<br />\r\n";
			}
			}
			break;
			case 'UNIQUE':
			if($this->action == 'INSERT') {
			if($this->action == 'NEW') {
			$num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM ".$escape.$this->formDef['db_table'].$escape. " WHERE $field_name = '".$app->db->quote($field_value)."'");
			if($num_rec["number"] > 0) {
			$errmsg = $validator['errmsg'];
			if(isset($this->wordbook[$errmsg])) {
			$this->errorMessage .= $this->wordbook[$errmsg]."<br>\r\n";
			$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
			} else {
			$this->errorMessage .= $errmsg."<br>\r\n";
			$this->errorMessage .= $errmsg."<br />\r\n";
			}
			}
			} else {
			@@ -428,9 +434,9 @@
			if($num_rec["number"] > 0) {
			$errmsg = $validator['errmsg'];
			if(isset($this->wordbook[$errmsg])) {
			$this->errorMessage .= $this->wordbook[$errmsg]."<br>\r\n";
			$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
			} else {
			$this->errorMessage .= $errmsg."<br>\r\n";
			$this->errorMessage .= $errmsg."<br />\r\n";
			}
			}
			}
			@@ -439,42 +445,112 @@
			if(empty($field_value)) {
			$errmsg = $validator['errmsg'];
			if(isset($this->wordbook[$errmsg])) {
			$this->errorMessage .= $this->wordbook[$errmsg]."<br>\r\n";
			$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
			} else {
			$this->errorMessage .= $errmsg."<br>\r\n";
			$this->errorMessage .= $errmsg."<br />\r\n";
			}
			}
			break;
			case 'ISEMAIL':
			if(!preg_match("/^\w+[\w.-]\w+@\w+[\w.-]\w+\.[a-z]{2,10}$/i", $field_value)) {
			if(function_exists('filter_var')) {
			if(!filter_var($field_value, FILTER_VALIDATE_EMAIL)) {
			$errmsg = $validator['errmsg'];
			if(isset($this->wordbook[$errmsg])) {
			$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
			} else {
			$this->errorMessage .= $errmsg."<br />\r\n";
			}
			}
			} else {
			if(!preg_match("/^\w+[\w\.\-\+]\w{0,}@\w+[\w.-]\w+\.[a-zA-Z0-9\-]{2,30}$/i", $field_value)) {
			$errmsg = $validator['errmsg'];
			if(isset($this->wordbook[$errmsg])) {
			$this->errorMessage .= $this->wordbook[$errmsg]."<br>\r\n";
			$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
			} else {
			$this->errorMessage .= $errmsg."<br>\r\n";
			$this->errorMessage .= $errmsg."<br />\r\n";
			}
			}
			}
			break;
			case 'ISINT':
			if(function_exists('filter_var')) {
			if($vield_value != '' && filter_var($field_value, FILTER_VALIDATE_INT) === false) {
			$errmsg = $validator['errmsg'];
			if(isset($this->wordbook[$errmsg])) {
			$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
			} else {
			$this->errorMessage .= $errmsg."<br />\r\n";
			}
			}
			} else {
			$tmpval = intval($field_value);
			if($tmpval === 0 and !empty($field_value)) {
			$errmsg = $validator['errmsg'];
			if(isset($this->wordbook[$errmsg])) {
			$this->errorMessage .= $this->wordbook[$errmsg]."<br>\r\n";
			$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
			} else {
			$this->errorMessage .= $errmsg."<br>\r\n";
			$this->errorMessage .= $errmsg."<br />\r\n";
			}
			}
			}
			break;
			case 'ISPOSITIVE':
			if(!is_numeric($field_value) \|\| $field_value <= 0){
			$errmsg = $validator['errmsg'];
			if(isset($this->wordbook[$errmsg])) {
			$this->errorMessage .= $this->wordbook[$errmsg]."<br>\r\n";
			$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
			} else {
			$this->errorMessage .= $errmsg."<br>\r\n";
			$this->errorMessage .= $errmsg."<br />\r\n";
			}
			}
			break;
			case 'ISIPV4':
			$vip=1;
			if(preg_match("/^[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}$/", $field_value)){
			$groups=explode(".",$field_value);
			foreach($groups as $group){
			if($group<0 OR $group>255)
			$vip=0;
			}
			}else{$vip=0;}
			if($vip==0) {
			$errmsg = $validator['errmsg'];
			if(isset($this->wordbook[$errmsg])) {
			$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
			} else {
			$this->errorMessage .= $errmsg."<br />\r\n";
			}
			}
			break;
			case 'ISIP':
			//* Check if its a IPv4 or IPv6 address
			if(function_exists('filter_var')) {
			if(!filter_var($field_value,FILTER_VALIDATE_IP)) {
			$errmsg = $validator['errmsg'];
			if(isset($this->wordbook[$errmsg])) {
			$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
			} else {
			$this->errorMessage .= $errmsg."<br />\r\n";
			}
			}
			} else {
			//* Check content with regex, if we use php < 5.2
			$ip_ok = 0;
			if(preg_match("/^(\:\:([a-f0-9]{1,4}\:){0,6}?[a-f0-9]{0,4}\|[a-f0-9]{1,4}(\:[a-f0-9]{1,4}){0,6}?\:\:\|[a-f0-9]{1,4}(\:[a-f0-9]{1,4}){1,6}?\:\:([a-f0-9]{1,4}\:){1,6}?[a-f0-9]{1,4})(\/\d{1,3})?$/i", $field_value)){
			$ip_ok = 1;
			}
			if(preg_match("/^[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}$/", $field_value)){
			$ip_ok = 1;
			}
			if($ip_ok == 0) {
			$errmsg = $validator['errmsg'];
			if(isset($this->wordbook[$errmsg])) {
			$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
			} else {
			$this->errorMessage .= $errmsg."<br />\r\n";
			}
			}
			}
			break;
			case 'CUSTOM':
			// Calls a custom class to validate this record
			@@ -484,7 +560,7 @@
			$app->uses($validator_class);
			$this->errorMessage .= $app->$validator_class->$validator_function($field_name, $field_value, $validator);
			} else {
			$this->errorMessage .= "Custom validator class or function is empty<br>\r\n";
			$this->errorMessage .= "Custom validator class or function is empty<br />\r\n";
			}
			break;
			default:
			@@ -530,19 +606,16 @@
			if($field['formtype'] == 'PASSWORD') {
			$sql_insert_key .= "`$key`, ";
			if($field['encryption'] == 'CRYPT') {
			$salt="$1$";
			$base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
			for ($n=0;$n<8;$n++) {
			//$salt.=chr(mt_rand(64,126));
			$salt.=$base64_alphabet[mt_rand(0,63)];
			}
			$salt.="$";
			// $salt = substr(md5(time()),0,2);
			$record[$key] = crypt($record[$key],$salt);
			$record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
			$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
			} elseif ($field['encryption'] == 'MYSQL') {
			$sql_insert_val .= "PASSWORD('".$app->db->quote($record[$key])."'), ";
			} elseif ($field['encryption'] == 'CLEARTEXT') {
			$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
			} else {
			$record[$key] = md5($record[$key]);
			$record[$key] = md5(stripslashes($record[$key]));
			$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
			}
			$sql_insert_val .= "'".$record[$key]."', ";
			} elseif ($field['formtype'] == 'CHECKBOX') {
			$sql_insert_key .= "`$key`, ";
			if($record[$key] == '') {
			@@ -557,21 +630,19 @@
			$sql_insert_val .= "'".$record[$key]."', ";
			}
			} else {

			if($field['formtype'] == 'PASSWORD') {
			if($field['encryption'] == 'CRYPT') {
			$salt="$1$";
			$base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
			for ($n=0;$n<8;$n++) {
			//$salt.=chr(mt_rand(64,126));
			$salt.=$base64_alphabet[mt_rand(0,63)];
			}
			$salt.="$";
			// $salt = substr(md5(time()),0,2);
			$record[$key] = crypt($record[$key],$salt);
			if(isset($field['encryption']) && $field['encryption'] == 'CRYPT') {
			$record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
			$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
			} elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') {
			$sql_update .= "`$key` = PASSWORD('".$app->db->quote($record[$key])."'), ";
			} elseif (isset($field['encryption']) && $field['encryption'] == 'CLEARTEXT') {
			$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
			} else {
			$record[$key] = md5($record[$key]);
			$record[$key] = md5(stripslashes($record[$key]));
			$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
			}
			$sql_update .= "`$key` = '".$record[$key]."', ";
			} elseif ($field['formtype'] == 'CHECKBOX') {
			if($record[$key] == '') {
			// if a checkbox is not set, we set it to the unchecked value
			@@ -655,7 +726,11 @@
			foreach($primary_id as $key => $val) {
			$key = $app->db->quote($key);
			$val = $app->db->quote($val);
			$sql_where .= "$key = '$val' AND ";
			if(stristr($val,'%')) {
			$sql_where .= "$key like '$val' AND ";
			} else {
			$sql_where .= "$key = '$val' AND ";
			}
			}
			$sql_where = substr($sql_where,0,-5);
			$sql = "SELECT * FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$sql_where;
			@@ -693,14 +768,7 @@
			$language = $app->db->quote($params["language"]);
			$groupid = $app->db->datalogInsert('sys_group', "(name,description,client_id) VALUES ('$username','','$insert_id')", 'groupid');
			$groups = $groupid;

			$salt="$1$";
			$base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
			for ($n=0;$n<8;$n++) {
			$salt.=$base64_alphabet[mt_rand(0,63)];
			}
			$salt.="$";
			$password = crypt(stripslashes($password),$salt);
			$password = $app->auth->crypt_password(stripslashes($password));
			$sql1 = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id)
			VALUES ('$username','$password','$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,$insert_id)";
			$app->db->query($sql1);
			@@ -711,13 +779,7 @@
			$username = $app->db->quote($params["username"]);
			$clear_password = $app->db->quote($params["password"]);
			$client_id = intval($client_id);
			$salt="$1$";
			$base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
			for ($n=0;$n<8;$n++) {
			$salt.=$base64_alphabet[mt_rand(0,63)];
			}
			$salt.="$";
			$password = crypt(stripslashes($clear_password),$salt);
			$password = $app->auth->crypt_password(stripslashes($clear_password));
			if ($clear_password) $pwstring = ", passwort = '$password'"; else $pwstring ="" ;
			$sql = "UPDATE sys_user set username = '$username' $pwstring WHERE client_id = $client_id";
			$app->db->query($sql);