From 33e2c95c69b405f36caf9013ff9a256e6edf9500 Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Mon, 11 Feb 2013 08:15:44 -0500
Subject: [PATCH] - htpasswd_stats file was not readable for apache user.
---
interface/lib/classes/remoting.inc.php | 218 ++++++++++++++++++++++++++++++++++++++++++------------
1 files changed, 169 insertions(+), 49 deletions(-)
diff --git a/interface/lib/classes/remoting.inc.php b/interface/lib/classes/remoting.inc.php
index 6cf9133..ed7c3ed 100644
--- a/interface/lib/classes/remoting.inc.php
+++ b/interface/lib/classes/remoting.inc.php
@@ -244,6 +244,55 @@
return $affected_rows;
}
+ //* Get alias details
+ public function mail_aliasdomain_get($session_id, $primary_id)
+ {
+ global $app;
+
+ if(!$this->checkPerm($session_id, 'mail_aliasdomain_get')) {
+ $this->server->fault('permission_denied', 'You do not have the permissions to access this function.');
+ return false;
+ }
+ $app->uses('remoting_lib');
+ $app->remoting_lib->loadFormDef('../mail/form/mail_aliasdomain.tform.php');
+ return $app->remoting_lib->getDataRecord($primary_id);
+ }
+
+ //* aliasy email
+ public function mail_aliasdomain_add($session_id, $client_id, $params)
+ {
+ if (!$this->checkPerm($session_id, 'mail_aliasdomain_add'))
+ {
+ $this->server->fault('permission_denied','You do not have the permissions to access this function.');
+ return false;
+ }
+ $affected_rows = $this->insertQuery('../mail/form/mail_aliasdomain.tform.php', $client_id, $params);
+ return $affected_rows;
+ }
+
+
+ public function mail_aliasdomain_update($session_id, $client_id, $primary_id, $params)
+ {
+ if (!$this->checkPerm($session_id, 'mail_aliasdomain_update'))
+ {
+ $this->server->fault('permission_denied','You do not have the permissions to access this function.');
+ return false;
+ }
+ $affected_rows = $this->updateQuery('../mail/form/mail_aliasdomain.tform.php', $client_id, $primary_id, $params);
+ return $affected_rows;
+ }
+
+ public function mail_aliasdomain_delete($session_id, $primary_id)
+ {
+ if (!$this->checkPerm($session_id, 'mail_aliasdomain_delete'))
+ {
+ $this->server->fault('permission_denied','You do not have the permissions to access this function.');
+ return false;
+ }
+ $affected_rows = $this->deleteQuery('../mail/form/mail_aliasdomain.tform.php', $primary_id);
+ return $affected_rows;
+ }
+
//* Get mail mailinglist details
public function mail_mailinglist_get($session_id, $primary_id)
{
@@ -306,30 +355,52 @@
}
- //* dodanie uzytkownika email
+ //* Add mail domain
public function mail_user_add($session_id, $client_id, $params){
+ global $app;
+
if (!$this->checkPerm($session_id, 'mail_user_add')){
$this->server->fault('permission_denied','You do not have the permissions to access this function.');
return false;
}
+
+ //* Check if mail domain exists
+ $email_parts = explode('@',$params['email']);
+ $tmp = $app->db->queryOneRecord("SELECT domain FROM mail_domain WHERE domain = '".$app->db->quote($email_parts[1])."'");
+ if($tmp['domain'] != $email_parts[1]) {
+ $this->server->fault('mail_domain_does_not_exist','Mail domain - '.$email_parts[1].' - does not exist.');
+ return false;
+ }
+
$affected_rows = $this->insertQuery('../mail/form/mail_user.tform.php', $client_id, $params);
return $affected_rows;
}
- //* edycja uzytkownika email
+ //* Update mail user
public function mail_user_update($session_id, $client_id, $primary_id, $params)
{
+ global $app;
+
if (!$this->checkPerm($session_id, 'mail_user_update'))
{
$this->server->fault('permission_denied','You do not have the permissions to access this function.');
return false;
}
+
+ //* Check if mail domain exists
+ $email_parts = explode('@',$params['email']);
+ $tmp = $app->db->queryOneRecord("SELECT domain FROM mail_domain WHERE domain = '".$app->db->quote($email_parts[1])."'");
+ if($tmp['domain'] != $email_parts[1]) {
+ $this->server->fault('mail_domain_does_not_exist','Mail domain - '.$email_parts[1].' - does not exist.');
+ return false;
+ }
+
$affected_rows = $this->updateQuery('../mail/form/mail_user.tform.php', $client_id, $primary_id, $params);
return $affected_rows;
}
- //*usuniecie uzytkownika emial
+ //* Delete mail user
public function mail_user_delete($session_id, $primary_id)
{
if (!$this->checkPerm($session_id, 'mail_user_delete'))
@@ -410,11 +481,21 @@
//* aliasy email
public function mail_alias_add($session_id, $client_id, $params)
{
+ global $app;
+
if (!$this->checkPerm($session_id, 'mail_alias_add'))
{
$this->server->fault('permission_denied','You do not have the permissions to access this function.');
return false;
}
+
+ //* Check if there is no active mailbox with this address
+ $tmp = $app->db->queryOneRecord("SELECT count(mailuser_id) as number FROM mail_user WHERE postfix = 'y' AND email = '".$app->db->quote($params["source"])."'");
+ if($tmp['number'] > 0) {
+ $this->server->fault('duplicate','There is already a mailbox with this email address.');
+ }
+ unset($tmp);
+
$affected_rows = $this->insertQuery('../mail/form/mail_alias.tform.php', $client_id, $params);
return $affected_rows;
}
@@ -422,13 +503,23 @@
public function mail_alias_update($session_id, $client_id, $primary_id, $params)
{
- if (!$this->checkPerm($session_id, 'mail_alias_update'))
- {
- $this->server->fault('permission_denied','You do not have the permissions to access this function.');
- return false;
- }
- $affected_rows = $this->updateQuery('../mail/form/mail_alias.tform.php', $client_id, $primary_id, $params);
- return $affected_rows;
+ global $app;
+
+ if (!$this->checkPerm($session_id, 'mail_alias_update'))
+ {
+ $this->server->fault('permission_denied','You do not have the permissions to access this function.');
+ return false;
+ }
+
+ //* Check if there is no active mailbox with this address
+ $tmp = $app->db->queryOneRecord("SELECT count(mailuser_id) as number FROM mail_user WHERE postfix = 'y' AND email = '".$app->db->quote($params["source"])."'");
+ if($tmp['number'] > 0) {
+ $this->server->fault('duplicate','There is already a mailbox with this email address.');
+ }
+ unset($tmp);
+
+ $affected_rows = $this->updateQuery('../mail/form/mail_alias.tform.php', $client_id, $primary_id, $params);
+ return $affected_rows;
}
public function mail_alias_delete($session_id, $primary_id)
@@ -1108,61 +1199,56 @@
public function client_delete_everything($session_id, $client_id)
{
global $app, $conf;
+
if(!$this->checkPerm($session_id, 'client_delete_everything')) {
$this->server->fault('permission_denied', 'You do not have the permissions to access this function.');
return false;
}
- $client_id = $app->functions->intval($client_id);
- $client_group = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = $client_id");
+
+ $client_id = $app->functions->intval($client_id);
- $tables = 'client,dns_rr,dns_soa,dns_slave,ftp_user,mail_access,mail_content_filter,mail_domain,mail_forwarding,mail_get,mail_user,mail_user_filter,shell_user,spamfilter_users,support_message,web_database,web_database_user,web_domain,web_traffic';
- $tables_array = explode(',',$tables);
- $client_group_id = $app->functions->intval($client_group['groupid']);
-
- $table_list = array();
- if($client_group_id > 1) {
- foreach($tables_array as $table) {
- if($table != '') {
- $records = $app->db->queryAllRecords("SELECT * FROM $table WHERE sys_groupid = ".$client_group_id);
- $number = count($records);
- if($number > 0) $table_list[] = array('table' => $table."(".$number.")");
- }
- }
- }
-
-
- if($client_id > 0) {
- // remove the group of the client from the resellers group
+ if($client_id > 0) {
+ //* remove the group of the client from the resellers group
$parent_client_id = $app->functions->intval($this->dataRecord['parent_client_id']);
$parent_user = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE client_id = $parent_client_id");
$client_group = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = $client_id");
$app->auth->remove_group_from_user($parent_user['userid'],$client_group['groupid']);
- // delete the group of the client
+ //* delete the group of the client
$app->db->query("DELETE FROM sys_group WHERE client_id = $client_id");
- // delete the sys user(s) of the client
+ //* delete the sys user(s) of the client
$app->db->query("DELETE FROM sys_user WHERE client_id = $client_id");
- // Delete all records (sub-clients, mail, web, etc....) of this client.
+ //* Delete all records (sub-clients, mail, web, etc....) of this client.
$tables = 'client,dns_rr,dns_soa,dns_slave,ftp_user,mail_access,mail_content_filter,mail_domain,mail_forwarding,mail_get,mail_user,mail_user_filter,shell_user,spamfilter_users,support_message,web_database,web_database_user,web_domain,web_traffic';
$tables_array = explode(',',$tables);
$client_group_id = $app->functions->intval($client_group['groupid']);
+
if($client_group_id > 1) {
foreach($tables_array as $table) {
if($table != '') {
$records = $app->db->queryAllRecords("SELECT * FROM $table WHERE sys_groupid = ".$client_group_id);
- // find the primary ID of the table
+ //* find the primary ID of the table
$table_info = $app->db->tableInfo($table);
$index_field = '';
foreach($table_info as $tmp) {
if($tmp['option'] == 'primary') $index_field = $tmp['name'];
}
- // Delete the records
+
+ //* Delete the records
if($index_field != '') {
if(is_array($records)) {
foreach($records as $rec) {
$app->db->datalogDelete($table, $index_field, $rec[$index_field]);
+ //* Delete traffic records that dont have a sys_groupid column
+ if($table == 'web_domain') {
+ $app->db->query("DELETE FROM web_traffic WHERE hostname = '".$app->db->quote($rec['domain'])."'");
+ }
+ //* Delete mail_traffic records that dont have a sys_groupid
+ if($table == 'mail_user') {
+ $app->db->query("DELETE FROM mail_traffic WHERE mailuser_id = '".$app->db->quote($rec['mailuser_id'])."'");
+ }
}
}
}
@@ -1171,21 +1257,15 @@
}
}
-
-
}
- if (!$this->checkPerm($session_id, 'client_delete'))
- {
- $this->server->fault('permission_denied','You do not have the permissions to access this function.');
- return false;
- }
- $affected_rows = $this->deleteQuery('../client/form/client.tform.php',$client_id);
-
- // $app->remoting_lib->ispconfig_sysuser_delete($client_id);
+ if (!$this->checkPerm($session_id, 'client_delete')) {
+ $this->server->fault('permission_denied','You do not have the permissions to access this function.');
+ return false;
+ }
+ $affected_rows = $this->deleteQuery('../client/form/client.tform.php',$client_id);
-
- return false;
+ return $affected_rows;
}
// Website functions ---------------------------------------------------------------------------------------
@@ -1259,6 +1339,13 @@
if(!$this->checkPerm($session_id, 'sites_database_add')) {
$this->server->fault('permission_denied', 'You do not have the permissions to access this function.');
+ return false;
+ }
+
+ //* Check for duplicates
+ $tmp = $app->db->queryOneRecord("SELECT count(database_id) as dbnum FROM web_database WHERE database_name = '".$app->db->quote($params['database_name'])."' AND server_id = '".intval($params["server_id"])."'");
+ if($tmp['dbnum'] > 0) {
+ $this->server->fault('database_name_error_unique', 'There is already a database with that name on the same server.');
return false;
}
@@ -1345,23 +1432,56 @@
//* Update a record
public function sites_database_user_update($session_id, $client_id, $primary_id, $params)
{
+ global $app;
+
if(!$this->checkPerm($session_id, 'sites_database_user_update')) {
$this->server->fault('permission_denied', 'You do not have the permissions to access this function.');
return false;
}
+ $app->uses('remoting_lib');
+ $app->remoting_lib->loadFormDef('../sites/form/database_user.tform.php');
+ $old_rec = $app->remoting_lib->getDataRecord($primary_id);
- return $this->updateQuery('../sites/form/database_user.tform.php', $client_id, $primary_id, $params);
+ $result = $this->updateQuery('../sites/form/database_user.tform.php', $client_id, $primary_id, $params);
+
+ $new_rec = $app->remoting_lib->getDataRecord($primary_id);
+
+ $records = $app->db->queryAllRecords("SELECT DISTINCT server_id FROM web_database WHERE database_user_id = '".$app->functions->intval($primary_id)."' UNION SELECT DISTINCT server_id FROM web_database WHERE database_ro_user_id = '".$app->functions->intval($primary_id)."'");
+ foreach($records as $rec) {
+ $tmp_rec = $new_rec;
+ $tmp_rec['server_id'] = $rec['server_id'];
+ $app->remoting_lib->datalogSave('UPDATE', $primary_id, $old_rec, $tmp_rec);
+ }
+ unset($new_rec);
+ unset($old_rec);
+ unset($records);
+
+ return $result;
}
//* Delete a record
public function sites_database_user_delete($session_id, $primary_id)
{
+ global $app;
+
if(!$this->checkPerm($session_id, 'sites_database_user_delete')) {
$this->server->fault('permission_denied', 'You do not have the permissions to access this function.');
return false;
}
+ $app->db->datalogDelete('web_database_user', 'database_user_id', $primary_id);
$affected_rows = $this->deleteQuery('../sites/form/database_user.tform.php',$primary_id);
+
+ $records = $app->db->queryAllRecords("SELECT database_id FROM web_database WHERE database_user_id = '".$app->functions->intval($primary_id)."'");
+ foreach($records as $rec) {
+ $app->db->datalogUpdate('web_database','database_user_id=NULL','database_id', $rec['database_id']);
+
+ }
+ $records = $app->db->queryAllRecords("SELECT database_id FROM web_database WHERE database_ro_user_id = '".$app->functions->intval($primary_id)."'");
+ foreach($records as $rec) {
+ $app->db->datalogUpdate('web_database','database_ro_user_id=NULL','database_id', $rec['database_id']);
+ }
+
return $affected_rows;
}
@@ -2647,7 +2767,7 @@
$this->id = $insert_id;
$this->dataRecord = $params;
- $app->plugin->raiseEvent('client:' . ($reseller_id ? 'reseller' : 'client') . ':on_after_insert',$this);
+ $app->plugin->raiseEvent('client:' . (isset($params['limit_client']) && $params['limit_client'] > 0 ? 'reseller' : 'client') . ':on_after_insert',$this);
/*
if($app->db->errorMessage != '') {
--
Gitblit v1.9.1