From 391e05cbee6ff84bce60b665be60b4e5f049ee7f Mon Sep 17 00:00:00 2001
From: Falko Timme <ft@falkotimme.com>
Date: Tue, 22 Oct 2013 12:48:51 -0400
Subject: [PATCH] - Display hostname next to IP (where available) in the jQuery IP suggestion box.

---
 interface/web/sites/ajax_get_json.php |   37 ++++++++++++++++++++++++++++++-------
 1 files changed, 30 insertions(+), 7 deletions(-)

diff --git a/interface/web/sites/ajax_get_json.php b/interface/web/sites/ajax_get_json.php
index ba9a32e..9da4513 100644
--- a/interface/web/sites/ajax_get_json.php
+++ b/interface/web/sites/ajax_get_json.php
@@ -34,11 +34,12 @@
 //* Check permissions for module
 $app->auth->check_module_permissions('sites');
 
-$app->uses('getconf');
+$app->uses('getconf,tform');
 
 $server_id = $app->functions->intval($_GET["server_id"]);
 $web_id = $app->functions->intval($_GET["web_id"]);
 $php_type = $_GET["php_type"];
+$client_group_id = $app->functions->intval($_GET['client_group_id']);
 $type = $_GET["type"];
 
 //if($_SESSION["s"]["user"]["typ"] == 'admin') {
@@ -55,7 +56,7 @@
 	
 	if($type == 'getserverid'){
 		$json = '{"serverid":"';
-		$sql = "SELECT server_id FROM web_domain WHERE domain_id = $web_id";
+		$sql = "SELECT server_id FROM web_domain WHERE domain_id = $web_id AND ".$app->tform->getAuthSQL('r');
 		$server = $app->db->queryOneRecord($sql);
 		$json .= $server['server_id'];
 		unset($server);
@@ -69,11 +70,33 @@
 		$web_config = $app->getconf->get_server_config($server_id, 'web');
 		if(!empty($web_config['server_type'])) $server_type = $web_config['server_type'];
 		if($server_type == 'nginx' && $php_type == 'fast-cgi') $php_type = 'php-fpm';
+		$sql_where = '';
+		
+		//* Client: If the logged in user is not admin and has no sub clients (no reseller)
+		if($_SESSION["s"]["user"]["typ"] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) {
+			$sql_where = " AND (client_id = 0 OR client_id = ".$_SESSION["s"]["user"]["client_id"] . ")";
+		//* Reseller: If the logged in user is not admin and has sub clients (is a reseller)
+		} elseif ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
+			$client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE groupid = $client_group_id");
+			//$sql_where = " AND (client_id = 0 OR client_id = ".$_SESSION["s"]["user"]["client_id"];
+			$sql_where = " AND (client_id = 0";
+			if($app->functions->intval($client['client_id']) > 0) $sql_where .= " OR client_id = ".$app->functions->intval($client['client_id']);
+			$sql_where .= ")";
+		//* Admin: If the logged in user is admin
+		} else {
+			//$sql_where = '';
+			$client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE groupid = $client_group_id");
+			//$sql_where = " AND (client_id = 0 OR client_id = ".$_SESSION["s"]["user"]["client_id"];
+			$sql_where = " AND (client_id = 0";
+			if($app->functions->intval($client['client_id']) > 0) $sql_where .= " OR client_id = ".$app->functions->intval($client['client_id']);
+			$sql_where .= ")";
+		}
+		
 		if($php_type == 'php-fpm'){
-			$php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = $server_id");
+			$php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = $server_id".$sql_where);
 		}
 		if($php_type == 'fast-cgi'){
-			$php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fastcgi_binary != '' AND php_fastcgi_ini_dir != '' AND server_id = $server_id");
+			$php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fastcgi_binary != '' AND php_fastcgi_ini_dir != '' AND server_id = $server_id".$sql_where);
 		}
 		$php_select = "";
 		if(is_array($php_records) && !empty($php_records)) {
@@ -93,7 +116,7 @@
 	
 	if($type == 'getphptype'){
 		$json = '{"phptype":"';
-		$sql = "SELECT php FROM web_domain WHERE domain_id = $web_id";
+		$sql = "SELECT php FROM web_domain WHERE domain_id = $web_id AND ".$app->tform->getAuthSQL('r');
 		$php = $app->db->queryOneRecord($sql);
 		$json .= $php['php'];
 		unset($php);
@@ -102,7 +125,7 @@
 	
 	if($type == 'getredirecttype'){
 		$json = '{"redirecttype":"';
-		$sql = "SELECT redirect_type FROM web_domain WHERE domain_id = $web_id";
+		$sql = "SELECT redirect_type FROM web_domain WHERE domain_id = $web_id AND ".$app->tform->getAuthSQL('r');
 		$redirect = $app->db->queryOneRecord($sql);
 		$json .= $redirect['redirect_type'];
 		unset($redirect);
@@ -132,7 +155,7 @@
     if($type == 'getdatabaseusers') {
         $json = '{}';
 		
-		$sql = "SELECT sys_groupid FROM web_domain WHERE domain_id = $web_id";
+		$sql = "SELECT sys_groupid FROM web_domain WHERE domain_id = $web_id AND ".$app->tform->getAuthSQL('r');
         $group = $app->db->queryOneRecord($sql);
         if($group) {
             $sql = "SELECT database_user_id, database_user FROM web_database_user WHERE sys_groupid = '" . $group['sys_groupid'] . "'";

--
Gitblit v1.9.1