ISPConfig3 devel
blame | history | patch | commit | commitdiff | ignore whitespace
mcramer
2013-01-07 f1f72ff9ddcfdeda9c05251ef410ff1dec238405 
 interface/lib/classes/remoting_lib.inc.php


@@ -113,6 +113,8 @@


      var $sys_userid;


      var $sys_default_group;


      var $sys_groups;


      var $client_id;


      var $dataRecord;




      


      //* Load the form definition from file.


@@ -136,12 +138,12 @@


        }


      


      //* Load the user profile


      function loadUserProfile($client_id = 0) {


      function loadUserProfile($client_id_param = 0) {


         global $app,$conf;




         $client_id = $app->functions->intval($client_id);


         $this->client_id = $app->functions->intval($client_id_param);


            


         if($client_id == 0) {


         if($this->client_id == 0) {


            $this->sys_username         = 'admin';


            $this->sys_userid            = 1;


            $this->sys_default_group     = 1;


@@ -159,7 +161,7 @@


                  }


            }*/


            


            $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE client_id = $client_id");


            $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE client_id = $this->client_id");


            $this->sys_username         = $user['username'];


            $this->sys_userid            = $user['userid'];


            $this->sys_default_group     = $user['default_group'];


@@ -389,6 +391,7 @@


                        if($dbencode == true) $new_record[$key] = $app->db->quote($new_record[$key]);


                        }


                }


                if(isset($record['_ispconfig_pw_crypted'])) $new_record['_ispconfig_pw_crypted'] = $record['_ispconfig_pw_crypted']; // this one is not in form definitions!


                return $new_record;


        }


      


@@ -654,6 +657,7 @@




                $this->action = $action;


                $this->primary_id = $primary_id;


            $this->dataRecord = $record;




                $record = $this->encode($record,true);


                $sql_insert_key = '';


@@ -671,12 +675,14 @@


                                        if($action == "INSERT") {


                                                if($field['formtype'] == 'PASSWORD') {


                                                        $sql_insert_key .= "`$key`, ";


                                                        if($field['encryption'] == 'CRYPT') {


                                          if ((isset($field['encryption']) && $field['encryption'] == 'CLEARTEXT') || (isset($record['_ispconfig_pw_crypted']) && $record['_ispconfig_pw_crypted'] == 1)) {


                                                $sql_insert_val .= "'".$app->db->quote($record[$key])."', ";


                                                        } elseif(isset($field['encryption']) && $field['encryption'] == 'CRYPT') {


                                                $record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));


                                                $sql_insert_val .= "'".$app->db->quote($record[$key])."', ";


                                          } elseif ($field['encryption'] == 'MYSQL') {


                                                $sql_insert_val .= "PASSWORD('".$app->db->quote($record[$key])."'), ";


                                          } elseif ($field['encryption'] == 'CLEARTEXT') {


                                          } elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') {


                                                $tmp = $app->db->queryOneRecord("SELECT PASSWORD('".$app->db->quote(stripslashes($record[$key]))."') as `crypted`");


                                                $record[$key] = $tmp['crypted'];


                                                $sql_insert_val .= "'".$app->db->quote($record[$key])."', ";


                                                        } else {


                                                                $record[$key] = md5(stripslashes($record[$key]));


@@ -698,14 +704,16 @@


                                                }


                                        } else {


                                                if($field['formtype'] == 'PASSWORD') {


                                          if(isset($field['encryption']) && $field['encryption'] == 'CRYPT') {


                                          if ((isset($field['encryption']) && $field['encryption'] == 'CLEARTEXT') || (isset($record['_ispconfig_pw_crypted']) && $record['_ispconfig_pw_crypted'] == 1)) {


                                                $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";


                                                        } elseif(isset($field['encryption']) && $field['encryption'] == 'CRYPT') {


                                                                $record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));


                                                $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";


                                          } elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') {


                                                $sql_update .= "`$key` = PASSWORD('".$app->db->quote($record[$key])."'), ";


                                          } elseif (isset($field['encryption']) && $field['encryption'] == 'CLEARTEXT') {


                                                $tmp = $app->db->queryOneRecord("SELECT PASSWORD('".$app->db->quote(stripslashes($record[$key]))."') as `crypted`");


                                                $record[$key] = $tmp['crypted'];


                                                $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";


                                                        } else {


                                          } else {


                                                                $record[$key] = md5(stripslashes($record[$key]));


                                                $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";


                                                        }


@@ -758,7 +766,12 @@


                        $sql = "INSERT INTO ".$escape.$this->formDef['db_table'].$escape." ($sql_insert_key) VALUES ($sql_insert_val)";


                } else {


                        if($primary_id != 0) {


                                $sql_update = substr($sql_update,0,-2);


                                // update client permissions only if client_id > 0


                        if($this->formDef['auth'] == 'yes' && $this->client_id > 0) {


                           $sql_update .= '`sys_userid` = '.$this->sys_userid.', ';


                           $sql_update .= '`sys_groupid` = '.$this->sys_default_group.', ';


                        }


                        $sql_update = substr($sql_update,0,-2);


                                $sql = "UPDATE ".$escape.$this->formDef['db_table'].$escape." SET ".$sql_update." WHERE ".$this->formDef['db_table_idx']." = ".$primary_id;


                                if($sql_ext_where != '') $sql .= " and ".$sql_ext_where;


                        } else {


@@ -819,6 +832,10 @@


         } else {


            $modules = $app->db->quote($params['modules']);


         }


         if(isset($params['limit_client']) && $params['limit_client'] > 0) {


            $modules .= ',client';


         }


			


         if(!isset($params['startmodule'])) {         


            $startmodule = 'dashboard';


         } else {                  


@@ -835,7 +852,7 @@


         $language = $app->db->quote($params["language"]);


         $groupid = $app->db->datalogInsert('sys_group', "(name,description,client_id) VALUES ('$username','','$insert_id')", 'groupid');


         $groups = $groupid;


         $password = $app->auth->crypt_password(stripslashes($password));


         if(!isset($params['_ispconfig_pw_crypted']) || $params['_ispconfig_pw_crypted'] != 1) $password = $app->auth->crypt_password(stripslashes($password));


         $sql1 = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id)


         VALUES ('$username','$password','$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,$insert_id)";


         $app->db->query($sql1);


@@ -846,7 +863,8 @@


         $username = $app->db->quote($params["username"]);


         $clear_password = $app->db->quote($params["password"]);


         $client_id = $app->functions->intval($client_id);


         $password = $app->auth->crypt_password(stripslashes($clear_password));


         if(!isset($params['_ispconfig_pw_crypted']) || $params['_ispconfig_pw_crypted'] != 1) $password = $app->auth->crypt_password(stripslashes($clear_password));


            else $password = $clear_password;


         if ($clear_password) $pwstring = ", passwort = '$password'"; else $pwstring ="" ;


         $sql = "UPDATE sys_user set username = '$username' $pwstring WHERE client_id = $client_id";


         $app->db->query($sql);