From 7990f8881b085279269d35cf9dd2787b88ae1c08 Mon Sep 17 00:00:00 2001
From: mcramer <m.cramer@pixcept.de>
Date: Tue, 27 Nov 2012 14:47:43 -0500
Subject: [PATCH] Bugfix: _ispconfig_pw_crypted was ignored (stripped off in encoding method)
---
interface/web/client/client_edit.php | 68 +++++++++++++++++++---------------
1 files changed, 38 insertions(+), 30 deletions(-)
diff --git a/interface/web/client/client_edit.php b/interface/web/client/client_edit.php
index a42be33..6f7cf53 100644
--- a/interface/web/client/client_edit.php
+++ b/interface/web/client/client_edit.php
@@ -1,6 +1,6 @@
<?php
/*
-Copyright (c) 2005 - 2008, Till Brehm, projektfarm Gmbh
+Copyright (c) 2005 - 2012, Till Brehm, projektfarm Gmbh, ISPConfig UG
All rights reserved.
Redistribution and use in source and binary forms, with or without modification,
@@ -40,7 +40,6 @@
require_once('../../lib/config.inc.php');
require_once('../../lib/app.inc.php');
-require_once('tools.inc.php');
//* Check permissions for module
$app->auth->check_module_permissions('client');
@@ -97,12 +96,11 @@
parent::onSubmit();
}
-
function onShowEnd() {
global $app;
- $sql = "SELECT template_id,template_name FROM client_template WHERE template_type = 'a'";
+ $sql = "SELECT template_id,template_name FROM client_template WHERE template_type = 'a' ORDER BY template_name ASC";
$tpls = $app->db->queryAllRecords($sql);
$option = '';
$tpl = array();
@@ -118,8 +116,8 @@
$text = '';
foreach($tplAdd as $item){
if (trim($item) != ''){
- if ($text != '') $text .= '<br />';
- $text .= $tpl[$item];
+ if ($text != '') $text .= '';
+ $text .= '<li>' . $tpl[$item]. '</li>';
}
}
@@ -137,43 +135,51 @@
function onAfterInsert() {
global $app, $conf;
// Create the group for the client
- $groupid = $app->db->datalogInsert('sys_group', "(name,description,client_id) VALUES ('".mysql_real_escape_string($this->dataRecord["username"])."','',".$this->id.")", 'groupid');
+ $groupid = $app->db->datalogInsert('sys_group', "(name,description,client_id) VALUES ('".$app->db->quote($this->dataRecord["username"])."','',".$this->id.")", 'groupid');
$groups = $groupid;
$username = $app->db->quote($this->dataRecord["username"]);
$password = $app->db->quote($this->dataRecord["password"]);
$modules = $conf['interface_modules_enabled'];
- if($this->dataRecord["limit_client"] > 0) $modules .= ',client';
+ if(isset($this->dataRecord["limit_client"]) && $this->dataRecord["limit_client"] > 0) $modules .= ',client';
$startmodule = (stristr($modules,'dashboard'))?'dashboard':'client';
$usertheme = $app->db->quote($this->dataRecord["usertheme"]);
$type = 'user';
$active = 1;
$language = $app->db->quote($this->dataRecord["language"]);
+ $password = $app->auth->crypt_password($password);
+ // Create the controlpaneluser for the client
//Generate ssh-rsa-keys
exec('ssh-keygen -t rsa -C '.$username.'-rsa-key-'.time().' -f /tmp/id_rsa -N ""');
-
- $privatekey = file_get_contents('/tmp/id_rsa');
- $publickey = file_get_contents('/tmp/id_rsa.pub');
-
+ $app->db->query("UPDATE client SET created_at = ".time().", id_rsa = '".$app->db->quote(@file_get_contents('/tmp/id_rsa'))."', ssh_rsa = '".$app->db->quote(@file_get_contents('/tmp/id_rsa.pub'))."' WHERE client_id = ".$this->id);
exec('rm -f /tmp/id_rsa /tmp/id_rsa.pub');
-
+
// Create the controlpaneluser for the client
- $sql = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id,id_rsa,ssh_rsa)
- VALUES ('$username',md5('$password'),'$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,".$this->id.",'$privatekey','$publickey')";
+ $sql = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id)
+ VALUES ('$username','$password','$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,".$this->id.")";
$app->db->query($sql);
//* If the user who inserted the client is a reseller (not admin), we will have to add this new client group
//* to his groups, so he can administrate the records of this client.
if($_SESSION['s']['user']['typ'] == 'user') {
$app->auth->add_group_to_user($_SESSION['s']['user']['userid'],$groupid);
- $app->db->query("UPDATE client SET parent_client_id = ".intval($_SESSION['s']['user']['client_id'])." WHERE client_id = ".$this->id);
+ $app->db->query("UPDATE client SET parent_client_id = ".$app->functions->intval($_SESSION['s']['user']['client_id'])." WHERE client_id = ".$this->id);
}
- $app->db->query("UPDATE client SET created_at = ".time()." WHERE client_id = ".$this->id);
-
- /* If there is a client-template, process it */
- applyClientTemplates($this->id);
+ //* Set the default servers
+ $tmp = $app->db->queryOneRecord('SELECT server_id FROM server WHERE mail_server = 1 AND mirror_server_id = 0 LIMIT 0,1');
+ $default_mailserver = $app->functions->intval($tmp['server_id']);
+ $tmp = $app->db->queryOneRecord('SELECT server_id FROM server WHERE web_server = 1 AND mirror_server_id = 0 LIMIT 0,1');
+ $default_webserver = $app->functions->intval($tmp['server_id']);
+ $tmp = $app->db->queryOneRecord('SELECT server_id FROM server WHERE dns_server = 1 AND mirror_server_id = 0 LIMIT 0,1');
+ $default_dnsserver = $app->functions->intval($tmp['server_id']);
+ $tmp = $app->db->queryOneRecord('SELECT server_id FROM server WHERE db_server = 1 AND mirror_server_id = 0 LIMIT 0,1');
+ $default_dbserver = $app->functions->intval($tmp['server_id']);
+
+ $sql = "UPDATE client SET default_mailserver = $default_mailserver, default_webserver = $default_webserver, default_dnsserver = $default_dnsserver, default_dbserver = $default_dbserver WHERE client_id = ".$this->id;
+ $app->db->query($sql);
+
parent::onAfterInsert();
}
@@ -184,10 +190,9 @@
the data was successful updated in the database.
*/
function onAfterUpdate() {
- global $app;
-
+ global $app, $conf;
// username changed
- if($conf['demo_mode'] != true && isset($this->dataRecord['username']) && $this->dataRecord['username'] != '' && $this->oldDataRecord['username'] != $this->dataRecord['username']) {
+ if(isset($conf['demo_mode']) && $conf['demo_mode'] != true && isset($this->dataRecord['username']) && $this->dataRecord['username'] != '' && $this->oldDataRecord['username'] != $this->dataRecord['username']) {
$username = $app->db->quote($this->dataRecord["username"]);
$client_id = $this->id;
$sql = "UPDATE sys_user SET username = '$username' WHERE client_id = $client_id";
@@ -199,15 +204,22 @@
}
// password changed
- if($conf['demo_mode'] != true && isset($this->dataRecord["password"]) && $this->dataRecord["password"] != '') {
+ if(isset($conf['demo_mode']) && $conf['demo_mode'] != true && isset($this->dataRecord["password"]) && $this->dataRecord["password"] != '') {
$password = $app->db->quote($this->dataRecord["password"]);
+ $salt="$1$";
+ $base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
+ for ($n=0;$n<8;$n++) {
+ $salt.=$base64_alphabet[mt_rand(0,63)];
+ }
+ $salt.="$";
+ $password = crypt(stripslashes($password),$salt);
$client_id = $this->id;
- $sql = "UPDATE sys_user SET passwort = md5('$password') WHERE client_id = $client_id";
+ $sql = "UPDATE sys_user SET passwort = '$password' WHERE client_id = $client_id";
$app->db->query($sql);
}
// language changed
- if($conf['demo_mode'] != true && isset($this->dataRecord['language']) && $this->dataRecord['language'] != '' && $this->oldDataRecord['language'] != $this->dataRecord['language']) {
+ if(isset($conf['demo_mode']) && $conf['demo_mode'] != true && isset($this->dataRecord['language']) && $this->dataRecord['language'] != '' && $this->oldDataRecord['language'] != $this->dataRecord['language']) {
$language = $app->db->quote($this->dataRecord["language"]);
$client_id = $this->id;
$sql = "UPDATE sys_user SET language = '$language' WHERE client_id = $client_id";
@@ -224,10 +236,6 @@
$app->db->query($sql);
}
- /*
- * If there is a client-template, process it */
- applyClientTemplates($this->id);
-
parent::onAfterUpdate();
}
}
--
Gitblit v1.9.1