From 2cb1563f63386b35a69e460051aa9b4a2851d104 Mon Sep 17 00:00:00 2001
From: ftimme <ft@falkotimme.com>
Date: Wed, 30 May 2012 07:30:44 -0400
Subject: [PATCH] - Added (clickable) placeholders to client messaging function. - Added check so that the client password isn't inserted into the message (for security reasons).
---
interface/web/client/reseller_edit.php | 65 ++++++++++++++++++++++++++------
1 files changed, 53 insertions(+), 12 deletions(-)
diff --git a/interface/web/client/reseller_edit.php b/interface/web/client/reseller_edit.php
index bbbdd39..485c604 100644
--- a/interface/web/client/reseller_edit.php
+++ b/interface/web/client/reseller_edit.php
@@ -136,28 +136,48 @@
the data was successful inserted in the database.
*/
function onAfterInsert() {
- global $app;
+ global $app, $conf;
// Create the group for the reseller
- $groupid = $app->db->datalogInsert('sys_group', "(name,description,client_id) VALUES ('".mysql_real_escape_string($this->dataRecord["username"])."','',".$this->id.")", 'groupid');
+ $groupid = $app->db->datalogInsert('sys_group', "(name,description,client_id) VALUES ('".$app->db->quote($this->dataRecord["username"])."','',".$this->id.")", 'groupid');
$groups = $groupid;
$username = $app->db->quote($this->dataRecord["username"]);
$password = $app->db->quote($this->dataRecord["password"]);
- $modules = ISPC_INTERFACE_MODULES_ENABLED;
- if($this->dataRecord["limit_client"] > 0) $modules .= ',client';
- $startmodule = 'mail';
+ $modules = $conf['interface_modules_enabled'] . ',client';
+ $startmodule = (stristr($modules,'dashboard'))?'dashboard':'client';
$usertheme = $app->db->quote($this->dataRecord["usertheme"]);
$type = 'user';
$active = 1;
$language = $app->db->quote($this->dataRecord["language"]);
+ $salt="$1$";
+ $base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
+ for ($n=0;$n<8;$n++) {
+ $salt.=$base64_alphabet[mt_rand(0,63)];
+ }
+ $salt.="$";
+ $password = crypt(stripslashes($password),$salt);
+
// Create the controlpaneluser for the reseller
$sql = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id)
- VALUES ('$username',md5('$password'),'$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,".$this->id.")";
+ VALUES ('$username','$password','$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,".$this->id.")";
$app->db->query($sql);
//* set the number of clients to 1
$app->db->query("UPDATE client SET limit_client = 1 WHERE client_id = ".$this->id);
+
+ //* Set the default servers
+ $tmp = $app->db->queryOneRecord('SELECT server_id FROM server WHERE mail_server = 1 LIMIT 0,1');
+ $default_mailserver = intval($tmp['server_id']);
+ $tmp = $app->db->queryOneRecord('SELECT server_id FROM server WHERE web_server = 1 LIMIT 0,1');
+ $default_webserver = intval($tmp['server_id']);
+ $tmp = $app->db->queryOneRecord('SELECT server_id FROM server WHERE dns_server = 1 LIMIT 0,1');
+ $default_dnsserver = intval($tmp['server_id']);
+ $tmp = $app->db->queryOneRecord('SELECT server_id FROM server WHERE db_server = 1 LIMIT 0,1');
+ $default_dbserver = intval($tmp['server_id']);
+
+ $sql = "UPDATE client SET default_mailserver = $default_mailserver, default_webserver = $default_webserver, default_dnsserver = $default_dnsserver, default_dbserver = $default_dbserver WHERE client_id = ".$this->id;
+ $app->db->query($sql);
/* If there is a client-template, process it */
applyClientTemplates($this->id);
@@ -171,10 +191,10 @@
the data was successful updated in the database.
*/
function onAfterUpdate() {
- global $app;
+ global $app, $conf;
// username changed
- if(isset($this->dataRecord['username']) && $this->dataRecord['username'] != '' && $this->oldDataRecord['username'] != $this->dataRecord['username']) {
+ if($conf['demo_mode'] != true && isset($this->dataRecord['username']) && $this->dataRecord['username'] != '' && $this->oldDataRecord['username'] != $this->dataRecord['username']) {
$username = $app->db->quote($this->dataRecord["username"]);
$client_id = $this->id;
$sql = "UPDATE sys_user SET username = '$username' WHERE client_id = $client_id";
@@ -186,17 +206,38 @@
}
// password changed
- if(isset($this->dataRecord["password"]) && $this->dataRecord["password"] != '') {
+ if($conf['demo_mode'] != true && isset($this->dataRecord["password"]) && $this->dataRecord["password"] != '') {
$password = $app->db->quote($this->dataRecord["password"]);
$client_id = $this->id;
- $sql = "UPDATE sys_user SET passwort = md5('$password') WHERE client_id = $client_id";
+ $salt="$1$";
+ $base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
+ for ($n=0;$n<8;$n++) {
+ $salt.=$base64_alphabet[mt_rand(0,63)];
+ }
+ $salt.="$";
+ $password = crypt(stripslashes($password),$salt);
+ $sql = "UPDATE sys_user SET passwort = '$password' WHERE client_id = $client_id";
$app->db->query($sql);
+ }
+
+ // language changed
+ if($conf['demo_mode'] != true && isset($this->dataRecord['language']) && $this->dataRecord['language'] != '' && $this->oldDataRecord['language'] != $this->dataRecord['language']) {
+ $language = $app->db->quote($this->dataRecord["language"]);
+ $client_id = $this->id;
+ $sql = "UPDATE sys_user SET language = '$language' WHERE client_id = $client_id";
+ $app->db->query($sql);
+ }
+
+ // ensure that a reseller is not converted to a client in demo mode when client_id <= 2
+ if($conf['demo_mode'] == true && $this->id <= 2) {
+ if(isset($this->dataRecord["limit_client"]) && $this->dataRecord["limit_client"] != -1) {
+ $app->db->query('UPDATE client set limit_client = -1 WHERE client_id = '.$this->id);
+ }
}
// reseller status changed
if(isset($this->dataRecord["limit_client"]) && $this->dataRecord["limit_client"] != $this->oldDataRecord["limit_client"]) {
- $modules = ISPC_INTERFACE_MODULES_ENABLED;
- if($this->dataRecord["limit_client"] > 0) $modules .= ',client';
+ $modules = $conf['interface_modules_enabled'] . ',client';
$modules = $app->db->quote($modules);
$client_id = $this->id;
$sql = "UPDATE sys_user SET modules = '$modules' WHERE client_id = $client_id";
--
Gitblit v1.9.1