From 0a8f0e4ece06642808c1b52d7ea9c4af3ea356a1 Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Mon, 22 Oct 2012 07:18:05 -0400
Subject: [PATCH] Fixed: FS#2362 - client_id from remoting.inc.php functions is ignored

---
 interface/web/client/reseller_edit.php |   52 ++++++++++++++++++++++++++++++++++++++++------------
 1 files changed, 40 insertions(+), 12 deletions(-)

diff --git a/interface/web/client/reseller_edit.php b/interface/web/client/reseller_edit.php
index 44c65be..d482bdb 100644
--- a/interface/web/client/reseller_edit.php
+++ b/interface/web/client/reseller_edit.php
@@ -40,7 +40,6 @@
 
 require_once('../../lib/config.inc.php');
 require_once('../../lib/app.inc.php');
-require_once('tools.inc.php');
 
 //* Check permissions for module
 $app->auth->check_module_permissions('client');
@@ -104,7 +103,7 @@
 
 		global $app;
 
-		$sql = "SELECT template_id,template_name FROM client_template WHERE template_type = 'a'";
+		$sql = "SELECT template_id,template_name FROM client_template WHERE template_type = 'a' ORDER BY template_name ASC";
 		$tpls = $app->db->queryAllRecords($sql);
 		$option = '';
 		$tpl = array();
@@ -138,28 +137,46 @@
 	function onAfterInsert() {
 		global $app, $conf;
 		// Create the group for the reseller
-		$groupid = $app->db->datalogInsert('sys_group', "(name,description,client_id) VALUES ('".mysql_real_escape_string($this->dataRecord["username"])."','',".$this->id.")", 'groupid');
+		$groupid = $app->db->datalogInsert('sys_group', "(name,description,client_id) VALUES ('".$app->db->quote($this->dataRecord["username"])."','',".$this->id.")", 'groupid');
 		$groups = $groupid;
 		
 		$username = $app->db->quote($this->dataRecord["username"]);
 		$password = $app->db->quote($this->dataRecord["password"]);
 		$modules = $conf['interface_modules_enabled'] . ',client';
-		$startmodule = 'client';
+		$startmodule = (stristr($modules,'dashboard'))?'dashboard':'client'; 
 		$usertheme = $app->db->quote($this->dataRecord["usertheme"]);
 		$type = 'user';
 		$active = 1;
 		$language = $app->db->quote($this->dataRecord["language"]);
 		
+		$salt="$1$";
+		$base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
+		for ($n=0;$n<8;$n++) {
+			$salt.=$base64_alphabet[mt_rand(0,63)];
+		}
+		$salt.="$";
+		$password = crypt(stripslashes($password),$salt);
+		
 		// Create the controlpaneluser for the reseller
 		$sql = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id)
-		VALUES ('$username',md5('$password'),'$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,".$this->id.")";
+		VALUES ('$username','$password','$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,".$this->id.")";
 		$app->db->query($sql);
 		
 		//* set the number of clients to 1
 		$app->db->query("UPDATE client SET limit_client = 1 WHERE client_id = ".$this->id);
-
-		/* If there is a client-template, process it */
-		applyClientTemplates($this->id);
+		
+		//* Set the default servers
+		$tmp = $app->db->queryOneRecord('SELECT server_id FROM server WHERE mail_server = 1 LIMIT 0,1');
+		$default_mailserver = $app->functions->intval($tmp['server_id']);
+		$tmp = $app->db->queryOneRecord('SELECT server_id FROM server WHERE web_server = 1 LIMIT 0,1');
+		$default_webserver = $app->functions->intval($tmp['server_id']);
+		$tmp = $app->db->queryOneRecord('SELECT server_id FROM server WHERE dns_server = 1 LIMIT 0,1');
+		$default_dnsserver = $app->functions->intval($tmp['server_id']);
+		$tmp = $app->db->queryOneRecord('SELECT server_id FROM server WHERE db_server = 1 LIMIT 0,1');
+		$default_dbserver = $app->functions->intval($tmp['server_id']);
+		
+		$sql = "UPDATE client SET default_mailserver = $default_mailserver, default_webserver = $default_webserver, default_dnsserver = $default_dnsserver, default_dbserver = $default_dbserver WHERE client_id = ".$this->id;
+		$app->db->query($sql);
 
 		parent::onAfterInsert();
 	}
@@ -188,7 +205,14 @@
 		if($conf['demo_mode'] != true && isset($this->dataRecord["password"]) && $this->dataRecord["password"] != '') {
 			$password = $app->db->quote($this->dataRecord["password"]);
 			$client_id = $this->id;
-			$sql = "UPDATE sys_user SET passwort = md5('$password') WHERE client_id = $client_id";
+			$salt="$1$";
+			$base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
+			for ($n=0;$n<8;$n++) {
+				$salt.=$base64_alphabet[mt_rand(0,63)];
+			}
+			$salt.="$";
+			$password = crypt(stripslashes($password),$salt);
+			$sql = "UPDATE sys_user SET passwort = '$password' WHERE client_id = $client_id";
 			$app->db->query($sql);
 		}
 		
@@ -200,6 +224,13 @@
 			$app->db->query($sql);
 		}
 		
+		// ensure that a reseller is not converted to a client in demo mode when client_id <= 2
+		if($conf['demo_mode'] == true && $this->id <= 2) {
+			if(isset($this->dataRecord["limit_client"]) && $this->dataRecord["limit_client"] != -1) {
+				$app->db->query('UPDATE client set limit_client = -1 WHERE client_id = '.$this->id);
+			}
+		}
+		
 		// reseller status changed
 		if(isset($this->dataRecord["limit_client"]) && $this->dataRecord["limit_client"] != $this->oldDataRecord["limit_client"]) {
 			$modules = $conf['interface_modules_enabled'] . ',client';
@@ -208,9 +239,6 @@
 			$sql = "UPDATE sys_user SET modules = '$modules' WHERE client_id = $client_id";
 			$app->db->query($sql);
 		}
-		/*
-		 *  If there is a client-template, process it */
-		applyClientTemplates($this->id);
 
 		parent::onAfterUpdate();
 	}

--
Gitblit v1.9.1