From 5768a2388aa666f7ee7b34c42f5c18d967a1e412 Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Tue, 30 Oct 2012 10:03:51 -0400
Subject: [PATCH] Fixed: FS#2501 - Check some remote api functions

---
 interface/lib/classes/remoting.inc.php |   63 +++++++++++++------------------
 1 files changed, 26 insertions(+), 37 deletions(-)

diff --git a/interface/lib/classes/remoting.inc.php b/interface/lib/classes/remoting.inc.php
index 0277443..0b2877e 100644
--- a/interface/lib/classes/remoting.inc.php
+++ b/interface/lib/classes/remoting.inc.php
@@ -1130,61 +1130,56 @@
 	public function client_delete_everything($session_id, $client_id)
     {
         global $app, $conf;
+		
 		if(!$this->checkPerm($session_id, 'client_delete_everything')) {
         	$this->server->fault('permission_denied', 'You do not have the permissions to access this function.');
             return false;
 		}
-        $client_id = $app->functions->intval($client_id);
-	$client_group = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = $client_id");
+        
+		$client_id = $app->functions->intval($client_id);
 
-	$tables = 'client,dns_rr,dns_soa,dns_slave,ftp_user,mail_access,mail_content_filter,mail_domain,mail_forwarding,mail_get,mail_user,mail_user_filter,shell_user,spamfilter_users,support_message,web_database,web_database_user,web_domain,web_traffic';
-		$tables_array = explode(',',$tables);
-		$client_group_id = $app->functions->intval($client_group['groupid']);
-		
-		$table_list = array();
-		if($client_group_id > 1) {
-			foreach($tables_array as $table) {
-				if($table != '') {
-					$records = $app->db->queryAllRecords("SELECT * FROM $table WHERE sys_groupid = ".$client_group_id);
-					$number = count($records);
-					if($number > 0) $table_list[] = array('table' => $table."(".$number.")");
-				}
-			}
-		}
-
-
-	if($client_id > 0) {			
-			// remove the group of the client from the resellers group
+		if($client_id > 0) {			
+			//* remove the group of the client from the resellers group
 			$parent_client_id = $app->functions->intval($this->dataRecord['parent_client_id']);
 			$parent_user = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE client_id = $parent_client_id");
 			$client_group = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = $client_id");
 			$app->auth->remove_group_from_user($parent_user['userid'],$client_group['groupid']);
 			
-			// delete the group of the client
+			//* delete the group of the client
 			$app->db->query("DELETE FROM sys_group WHERE client_id = $client_id");
 			
-			// delete the sys user(s) of the client
+			//* delete the sys user(s) of the client
 			$app->db->query("DELETE FROM sys_user WHERE client_id = $client_id");
 			
-			// Delete all records (sub-clients, mail, web, etc....)  of this client.
+			//* Delete all records (sub-clients, mail, web, etc....)  of this client.
 			$tables = 'client,dns_rr,dns_soa,dns_slave,ftp_user,mail_access,mail_content_filter,mail_domain,mail_forwarding,mail_get,mail_user,mail_user_filter,shell_user,spamfilter_users,support_message,web_database,web_database_user,web_domain,web_traffic';
 			$tables_array = explode(',',$tables);
 			$client_group_id = $app->functions->intval($client_group['groupid']);
+			
 			if($client_group_id > 1) {
 				foreach($tables_array as $table) {
 					if($table != '') {
 						$records = $app->db->queryAllRecords("SELECT * FROM $table WHERE sys_groupid = ".$client_group_id);
-						// find the primary ID of the table
+						//* find the primary ID of the table
 						$table_info = $app->db->tableInfo($table);
 						$index_field = '';
 						foreach($table_info as $tmp) {
 							if($tmp['option'] == 'primary') $index_field = $tmp['name'];
 						}
-						// Delete the records
+
+						//* Delete the records
 						if($index_field != '') {
 							if(is_array($records)) {
 								foreach($records as $rec) {
 									$app->db->datalogDelete($table, $index_field, $rec[$index_field]);
+									//* Delete traffic records that dont have a sys_groupid column
+									if($table == 'web_domain') {
+										$app->db->query("DELETE FROM web_traffic WHERE hostname = '".$app->db->quote($rec['domain'])."'");
+									}
+									//* Delete mail_traffic records that dont have a sys_groupid
+									if($table == 'mail_user') {
+										$app->db->query("DELETE FROM mail_traffic WHERE mailuser_id = '".$app->db->quote($rec['mailuser_id'])."'");
+									}
 								}
 							}
 						}
@@ -1193,21 +1188,15 @@
 				}
 			}
 			
-			
-			
 		}
         
-		if (!$this->checkPerm($session_id, 'client_delete'))
-			{
-					$this->server->fault('permission_denied','You do not have the permissions to access this function.');
-					return false;
-			}
-			$affected_rows = $this->deleteQuery('../client/form/client.tform.php',$client_id);
-			
-			// $app->remoting_lib->ispconfig_sysuser_delete($client_id);
+		if (!$this->checkPerm($session_id, 'client_delete')) {
+			$this->server->fault('permission_denied','You do not have the permissions to access this function.');
+			return false;
+		}
+		$affected_rows = $this->deleteQuery('../client/form/client.tform.php',$client_id);
 
-
-        return false;
+        return $affected_rows;
 	}
 	
 	// Website functions ---------------------------------------------------------------------------------------

--
Gitblit v1.9.1