From 7d52e00a51450bc4a080d4e21b7dda02c0a65191 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Thu, 14 Nov 2013 05:42:06 -0500
Subject: [PATCH] Fixed list sorting
---
interface/lib/classes/remoting_lib.inc.php | 301 ++++++++++++++++++++++++++++++++++---------------
1 files changed, 206 insertions(+), 95 deletions(-)
diff --git a/interface/lib/classes/remoting_lib.inc.php b/interface/lib/classes/remoting_lib.inc.php
index 784b9c4..7ecc663 100644
--- a/interface/lib/classes/remoting_lib.inc.php
+++ b/interface/lib/classes/remoting_lib.inc.php
@@ -37,39 +37,37 @@
/**
* Formularbehandlung
*
-* Funktionen zur Umwandlung von Formulardaten
-* sowie zum vorbereiten von HTML und SQL
-* Ausgaben
+* Functions to validate, display and save form values
*
-* Tabellendefinition
+* Database table field definitions
*
-* Datentypen:
-* - INTEGER (Wandelt Ausdr�cke in Int um)
+* Datatypes:
+* - INTEGER (Converts data to int automatically)
* - DOUBLE
-* - CURRENCY (Formatiert Zahlen nach W�hrungsnotation)
-* - VARCHAR (kein weiterer Format Check)
-* - DATE (Datumsformat, Timestamp Umwandlung)
+* - CURRENCY (Formats digits in currency notation)
+* - VARCHAR (No format check)
+* - DATE (Date format, converts from and to UNIX timestamps automatically)
*
* Formtype:
-* - TEXT (normales Textfeld)
-* - PASSWORD (Feldinhalt wird nicht angezeigt)
-* - SELECT (Gibt Werte als option Feld aus)
-* - MULTIPLE (Select-Feld mit nehreren Werten)
+* - TEXT (Normal text field)
+* - PASSWORD (password field, the content will not be displayed again to the user)
+* - SELECT (Option fiield)
+* - MULTIPLE (Allows selection of multiple values)
*
* VALUE:
-* - Wert oder Array
+* - Value or array
*
* SEPARATOR
-* - Trennzeichen f�r multiple Felder
+* - separator char used for fileds with multiple values
*
-* Hinweis:
-* Das ID-Feld ist nicht bei den Table Values einzuf�gen.
+* Hint: The auto increment (ID) filed of the table has not be be definied separately.
+*
*/
class remoting_lib {
/**
- * Definition of the database atble (array)
+ * Definition of the database table (array)
* @var tableDef
*/
private $tableDef;
@@ -115,6 +113,8 @@
var $sys_userid;
var $sys_default_group;
var $sys_groups;
+ var $client_id;
+ var $dataRecord;
//* Load the form definition from file.
@@ -133,17 +133,19 @@
}
}
unset($form);
+
+ $this->dateformat = $app->lng('conf_format_dateshort');
return true;
}
//* Load the user profile
- function loadUserProfile($client_id = 0) {
+ function loadUserProfile($client_id_param = 0) {
global $app,$conf;
- $client_id = intval($client_id);
+ $this->client_id = $app->functions->intval($client_id_param);
- if($client_id == 0) {
+ if($this->client_id == 0) {
$this->sys_username = 'admin';
$this->sys_userid = 1;
$this->sys_default_group = 1;
@@ -161,7 +163,7 @@
}
}*/
- $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE client_id = $client_id");
+ $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE client_id = $this->client_id");
$this->sys_username = $user['username'];
$this->sys_userid = $user['userid'];
$this->sys_default_group = $user['default_group'];
@@ -176,7 +178,8 @@
/**
- * Converts data in human readable form
+ * Converts the data in the array to human readable format
+ * Datatype conversion e.g. to show the data in lists
*
* @param record
* @return record
@@ -208,13 +211,7 @@
break;
case 'INTEGER':
- //* We use + 0 to force the string to be a number as
- //* intval return value is too limited on 32bit systems
- if(intval($record[$key]) == 2147483647) {
- $new_record[$key] = $record[$key] + 0;
- } else {
- $new_record[$key] = intval($record[$key]);
- }
+ $new_record[$key] = $app->functions->intval($record[$key]);
break;
case 'DOUBLE':
@@ -222,7 +219,7 @@
break;
case 'CURRENCY':
- $new_record[$key] = number_format($record[$key], 2, ',', '');
+ $new_record[$key] = $app->functions->currency_format($record[$key]);
break;
default:
@@ -263,7 +260,7 @@
unset($tmp_recordid);
$querystring = str_replace("{AUTHSQL}",$this->getAuthSQL('r'),$querystring);
-
+
// Getting the records
$tmp_records = $app->db->queryAllRecords($querystring);
if($app->db->errorMessage != '') die($app->db->errorMessage);
@@ -285,7 +282,7 @@
$app->uses($datasource_class);
$values = $app->$datasource_class->$datasource_function($field, $record);
} else {
- $this->errorMessage .= "Custom datasource class or function is empty<br>\r\n";
+ $this->errorMessage .= "Custom datasource class or function is empty<br />\r\n";
}
}
@@ -294,29 +291,39 @@
}
/**
- * Converts the data in a format to store it in the database table
+ /**
+ * Rewrite the record data to be stored in the database
+ * and check values with regular expressions.
*
* @param record = Datensatz als Array
* @return record
*/
- function encode($record) {
+ function encode($record,$dbencode = true) {
global $app;
if(is_array($record)) {
foreach($this->formDef['fields'] as $key => $field) {
- if(isset($field['validators']) && is_array($field['validators'])) $this->validateField($key, (isset($record[$key]))?$record[$key]:'', $field['validators']);
+ //* Apply filter to record value
+ if(isset($field['filters']) && is_array($field['filters'])) {
+ $record[$key] = $this->filterField($key, (isset($record[$key]))?$record[$key]:'', $field['filters'], 'SAVE');
+ }
+
+ //* Validate record value
+ if(isset($field['validators']) && is_array($field['validators'])) {
+ $this->validateField($key, (isset($record[$key]))?$record[$key]:'', $field['validators']);
+ }
switch ($field['datatype']) {
case 'VARCHAR':
if(!@is_array($record[$key])) {
- $new_record[$key] = (isset($record[$key]))?$app->db->quote($record[$key]):'';
+ $new_record[$key] = (isset($record[$key]))?$record[$key]:'';
} else {
$new_record[$key] = implode($field['separator'],$record[$key]);
}
break;
case 'TEXT':
if(!is_array($record[$key])) {
- $new_record[$key] = $app->db->quote($record[$key]);
+ $new_record[$key] = $record[$key];
} else {
$new_record[$key] = implode($field['separator'],$record[$key]);
}
@@ -348,12 +355,12 @@
}
break;
case 'INTEGER':
- $new_record[$key] = (isset($record[$key]))?intval($record[$key]):0;
+ $new_record[$key] = (isset($record[$key]))?$app->functions->intval($record[$key]):0;
//if($new_record[$key] != $record[$key]) $new_record[$key] = $field['default'];
//if($key == 'refresh') die($record[$key]);
break;
case 'DOUBLE':
- $new_record[$key] = $app->db->quote($record[$key]);
+ $new_record[$key] = $record[$key];
break;
case 'CURRENCY':
$new_record[$key] = str_replace(",",".",$record[$key]);
@@ -381,11 +388,54 @@
$this->errorMessage .= $errmsg."\r\n";
}
}
-
-
+
+ //* Add slashes to all records, when we encode data which shall be inserted into mysql.
+ if($dbencode == true) $new_record[$key] = $app->db->quote($new_record[$key]);
}
}
+ if(isset($record['_ispconfig_pw_crypted'])) $new_record['_ispconfig_pw_crypted'] = $record['_ispconfig_pw_crypted']; // this one is not in form definitions!
return $new_record;
+ }
+
+ /**
+ * process the filters for a given field.
+ *
+ * @param field_name = Name of the field
+ * @param field_value = value of the field
+ * @param filters = Array of filters
+ * @param filter_event = 'SAVE'or 'SHOW'
+ * @return record
+ */
+
+ function filterField($field_name, $field_value, $filters, $filter_event) {
+
+ global $app;
+ $returnval = $field_value;
+
+ //* Loop trough all filters
+ foreach($filters as $filter) {
+ if($filter['event'] == $filter_event) {
+ switch ($filter['type']) {
+ case 'TOLOWER':
+ $returnval = strtolower($field_value);
+ break;
+ case 'TOUPPER':
+ $returnval = strtoupper($field_value);
+ break;
+ case 'IDNTOASCII':
+ $returnval = $app->functions->idn_encode($field_value);
+ break;
+ case 'IDNTOUTF8':
+ $returnval = $app->functions->idn_decode($field_value);
+ break;
+ default:
+ $this->errorMessage .= "Unknown Filter: ".$filter['type'];
+ break;
+ }
+ }
+ }
+
+ return $returnval;
}
/**
@@ -419,7 +469,9 @@
}
break;
case 'UNIQUE':
- if($this->action == 'NEW') {
+ if($validator['allowempty'] != 'y') $validator['allowempty'] = 'n';
+ if($validator['allowempty'] == 'n' || ($validator['allowempty'] == 'y' && $field_value != '')){
+ if($this->action == 'NEW') {
$num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM ".$escape.$this->formDef['db_table'].$escape. " WHERE $field_name = '".$app->db->quote($field_value)."'");
if($num_rec["number"] > 0) {
$errmsg = $validator['errmsg'];
@@ -429,7 +481,7 @@
$this->errorMessage .= $errmsg."<br />\r\n";
}
}
- } else {
+ } else {
$num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM ".$escape.$this->formDef['db_table'].$escape. " WHERE $field_name = '".$app->db->quote($field_value)."' AND ".$this->formDef['db_table_idx']." != ".$this->primary_id);
if($num_rec["number"] > 0) {
$errmsg = $validator['errmsg'];
@@ -439,7 +491,8 @@
$this->errorMessage .= $errmsg."<br />\r\n";
}
}
- }
+ }
+ }
break;
case 'NOTEMPTY':
if(empty($field_value)) {
@@ -453,7 +506,7 @@
break;
case 'ISEMAIL':
if(function_exists('filter_var')) {
- if(!filter_var($field_value, FILTER_VALIDATE_EMAIL)) {
+ if(filter_var($field_value, FILTER_VALIDATE_EMAIL) === false) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
@@ -474,16 +527,16 @@
break;
case 'ISINT':
if(function_exists('filter_var')) {
- if($vield_value != '' && filter_var($field_value, FILTER_VALIDATE_INT) === false) {
+ if($field_value != '' && filter_var($field_value, FILTER_VALIDATE_INT) === false) {
$errmsg = $validator['errmsg'];
- if(isset($this->wordbook[$errmsg])) {
+ if(isset($this->wordbook[$errmsg])) {
$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
} else {
$this->errorMessage .= $errmsg."<br />\r\n";
}
}
} else {
- $tmpval = intval($field_value);
+ $tmpval = $app->functions->intval($field_value);
if($tmpval === 0 and !empty($field_value)) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
@@ -523,34 +576,68 @@
}
break;
case 'ISIP':
- //* Check if its a IPv4 or IPv6 address
- if(function_exists('filter_var')) {
- if(!filter_var($field_value,FILTER_VALIDATE_IP)) {
- $errmsg = $validator['errmsg'];
- if(isset($this->wordbook[$errmsg])) {
- $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
- } else {
- $this->errorMessage .= $errmsg."<br />\r\n";
- }
- }
+ if($validator['allowempty'] != 'y') $validator['allowempty'] = 'n';
+ if($validator['allowempty'] == 'y' && $field_value == '') {
+ //* Do nothing
} else {
- //* Check content with regex, if we use php < 5.2
- $ip_ok = 0;
- if(preg_match("/^(\:\:([a-f0-9]{1,4}\:){0,6}?[a-f0-9]{0,4}|[a-f0-9]{1,4}(\:[a-f0-9]{1,4}){0,6}?\:\:|[a-f0-9]{1,4}(\:[a-f0-9]{1,4}){1,6}?\:\:([a-f0-9]{1,4}\:){1,6}?[a-f0-9]{1,4})(\/\d{1,3})?$/i", $field_value)){
- $ip_ok = 1;
+ //* Check if its a IPv4 or IPv6 address
+ if(isset($validator['separator']) && $validator['separator'] != '') {
+ //* When the field may contain several IP addresses, split them by the char defined as separator
+ $field_value_array = explode($validator['separator'],$field_value);
+ } else {
+ $field_value_array[] = $field_value;
}
- if(preg_match("/^[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}$/", $field_value)){
- $ip_ok = 1;
- }
- if($ip_ok == 0) {
- $errmsg = $validator['errmsg'];
- if(isset($this->wordbook[$errmsg])) {
- $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
+ foreach($field_value_array as $field_value) {
+ if(function_exists('filter_var')) {
+ if(!filter_var($field_value,FILTER_VALIDATE_IP)) {
+ $errmsg = $validator['errmsg'];
+ if(isset($this->wordbook[$errmsg])) {
+ $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
+ } else {
+ $this->errorMessage .= $errmsg."<br />\r\n";
+ }
+ }
} else {
- $this->errorMessage .= $errmsg."<br />\r\n";
+ //* Check content with regex, if we use php < 5.2
+ $ip_ok = 0;
+ if(preg_match("/^(\:\:([a-f0-9]{1,4}\:){0,6}?[a-f0-9]{0,4}|[a-f0-9]{1,4}(\:[a-f0-9]{1,4}){0,6}?\:\:|[a-f0-9]{1,4}(\:[a-f0-9]{1,4}){1,6}?\:\:([a-f0-9]{1,4}\:){1,6}?[a-f0-9]{1,4})(\/\d{1,3})?$/i", $field_value)){
+ $ip_ok = 1;
+ }
+ if(preg_match("/^[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}$/", $field_value)){
+ $ip_ok = 1;
+ }
+ if($ip_ok == 0) {
+ $errmsg = $validator['errmsg'];
+ if(isset($this->wordbook[$errmsg])) {
+ $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
+ } else {
+ $this->errorMessage .= $errmsg."<br />\r\n";
+ }
+ }
}
}
}
+ break;
+ case 'RANGE':
+ //* Checks if the value is within the given range or above / below a value
+ //* Range examples: < 10 = ":10", between 2 and 10 = "2:10", above 5 = "5:".
+ $range_parts = explode(':',trim($validator['range']));
+ $ok = true;
+ if($range_parts[0] != '' && $field_value < $range_parts[0]) {
+ $ok = false;
+ }
+ if($range_parts[1] != '' && $field_value > $range_parts[1]) {
+ $ok = false;
+ }
+ if($ok != true) {
+ $errmsg = $validator['errmsg'];
+ if(isset($this->wordbook[$errmsg])) {
+ $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
+ } else {
+ $this->errorMessage .= $errmsg."<br />\r\n";
+ }
+ }
+ unset($range_parts);
break;
case 'CUSTOM':
// Calls a custom class to validate this record
@@ -588,15 +675,16 @@
$this->action = $action;
$this->primary_id = $primary_id;
+ $this->dataRecord = $record;
- $record = $this->encode($record,$tab);
+ $record = $this->encode($record,true);
$sql_insert_key = '';
$sql_insert_val = '';
$sql_update = '';
- if(!is_array($this->formDef)) $app->error("No form definition found.");
+ if(!is_array($this->formDef)) $app->error("Form definition not found.");
- // gehe durch alle Felder des Tabs
+ // go trough all fields of the tab
if(is_array($record)) {
foreach($this->formDef['fields'] as $key => $field) {
// Wenn es kein leeres Passwortfeld ist
@@ -605,17 +693,20 @@
if($action == "INSERT") {
if($field['formtype'] == 'PASSWORD') {
$sql_insert_key .= "`$key`, ";
- if($field['encryption'] == 'CRYPT') {
+ if ((isset($field['encryption']) && $field['encryption'] == 'CLEARTEXT') || (isset($record['_ispconfig_pw_crypted']) && $record['_ispconfig_pw_crypted'] == 1)) {
+ $sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
+ } elseif(isset($field['encryption']) && $field['encryption'] == 'CRYPT') {
$record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
- } elseif ($field['encryption'] == 'MYSQL') {
- $sql_insert_val .= "PASSWORD('".$app->db->quote($record[$key])."'), ";
- } elseif ($field['encryption'] == 'CLEARTEXT') {
+ } elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') {
+ $tmp = $app->db->queryOneRecord("SELECT PASSWORD('".$app->db->quote(stripslashes($record[$key]))."') as `crypted`");
+ $record[$key] = $tmp['crypted'];
$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
} else {
$record[$key] = md5(stripslashes($record[$key]));
$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
}
+
} elseif ($field['formtype'] == 'CHECKBOX') {
$sql_insert_key .= "`$key`, ";
if($record[$key] == '') {
@@ -630,19 +721,21 @@
$sql_insert_val .= "'".$record[$key]."', ";
}
} else {
-
if($field['formtype'] == 'PASSWORD') {
- if(isset($field['encryption']) && $field['encryption'] == 'CRYPT') {
+ if ((isset($field['encryption']) && $field['encryption'] == 'CLEARTEXT') || (isset($record['_ispconfig_pw_crypted']) && $record['_ispconfig_pw_crypted'] == 1)) {
+ $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
+ } elseif(isset($field['encryption']) && $field['encryption'] == 'CRYPT') {
$record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
} elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') {
- $sql_update .= "`$key` = PASSWORD('".$app->db->quote($record[$key])."'), ";
- } elseif (isset($field['encryption']) && $field['encryption'] == 'CLEARTEXT') {
+ $tmp = $app->db->queryOneRecord("SELECT PASSWORD('".$app->db->quote(stripslashes($record[$key]))."') as `crypted`");
+ $record[$key] = $tmp['crypted'];
$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
- } else {
+ } else {
$record[$key] = md5(stripslashes($record[$key]));
$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
}
+
} elseif ($field['formtype'] == 'CHECKBOX') {
if($record[$key] == '') {
// if a checkbox is not set, we set it to the unchecked value
@@ -664,7 +757,7 @@
}
-
+ // Add backticks for incomplete table names
if(stristr($this->formDef['db_table'],'.')) {
$escape = '';
} else {
@@ -674,7 +767,7 @@
if($action == "INSERT") {
if($this->formDef['auth'] == 'yes') {
- // Setze User und Gruppe
+ // Set user and group
$sql_insert_key .= "`sys_userid`, ";
$sql_insert_val .= ($this->formDef["auth_preset"]["userid"] > 0)?"'".$this->formDef["auth_preset"]["userid"]."', ":"'".$this->sys_userid."', ";
$sql_insert_key .= "`sys_groupid`, ";
@@ -691,7 +784,12 @@
$sql = "INSERT INTO ".$escape.$this->formDef['db_table'].$escape." ($sql_insert_key) VALUES ($sql_insert_val)";
} else {
if($primary_id != 0) {
- $sql_update = substr($sql_update,0,-2);
+ // update client permissions only if client_id > 0
+ if($this->formDef['auth'] == 'yes' && $this->client_id > 0) {
+ $sql_update .= '`sys_userid` = '.$this->sys_userid.', ';
+ $sql_update .= '`sys_groupid` = '.$this->sys_default_group.', ';
+ }
+ $sql_update = substr($sql_update,0,-2);
$sql = "UPDATE ".$escape.$this->formDef['db_table'].$escape." SET ".$sql_update." WHERE ".$this->formDef['db_table_idx']." = ".$primary_id;
if($sql_ext_where != '') $sql .= " and ".$sql_ext_where;
} else {
@@ -721,19 +819,26 @@
if(@is_numeric($primary_id)) {
$sql = "SELECT * FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$this->formDef['db_table_idx']." = ".$primary_id;
return $app->db->queryOneRecord($sql);
- } elseif (@is_array($primary_id)) {
- $sql_where = '';
+ } elseif (@is_array($primary_id) || @is_object($primary_id)) {
+ if(@is_object($primary_id)) $primary_id = get_object_vars($primary_id); // do not use cast (array)xxx because it returns private and protected properties!
+ $sql_offset = 0;
+ $sql_limit = 0;
+ $sql_where = '';
foreach($primary_id as $key => $val) {
$key = $app->db->quote($key);
$val = $app->db->quote($val);
- if(stristr($val,'%')) {
+ if($key == '#OFFSET#') $sql_offset = $app->functions->intval($val);
+ elseif($key == '#LIMIT#') $sql_limit = $app->functions->intval($val);
+ elseif(stristr($val,'%')) {
$sql_where .= "$key like '$val' AND ";
} else {
$sql_where .= "$key = '$val' AND ";
}
}
$sql_where = substr($sql_where,0,-5);
+ if($sql_where == '') $sql_where = '1';
$sql = "SELECT * FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$sql_where;
+ if($sql_offset >= 0 && $sql_limit > 0) $sql .= ' LIMIT ' . $sql_offset . ',' . $sql_limit;
return $app->db->queryAllRecords($sql);
} else {
$this->errorMessage = 'The ID must be either an integer or an array.';
@@ -752,6 +857,10 @@
} else {
$modules = $app->db->quote($params['modules']);
}
+ if(isset($params['limit_client']) && $params['limit_client'] > 0) {
+ $modules .= ',client';
+ }
+
if(!isset($params['startmodule'])) {
$startmodule = 'dashboard';
} else {
@@ -764,11 +873,11 @@
$usertheme = $app->db->quote($params["usertheme"]);
$type = 'user';
$active = 1;
- $insert_id = intval($insert_id);
+ $insert_id = $app->functions->intval($insert_id);
$language = $app->db->quote($params["language"]);
$groupid = $app->db->datalogInsert('sys_group', "(name,description,client_id) VALUES ('$username','','$insert_id')", 'groupid');
$groups = $groupid;
- $password = $app->auth->crypt_password(stripslashes($password));
+ if(!isset($params['_ispconfig_pw_crypted']) || $params['_ispconfig_pw_crypted'] != 1) $password = $app->auth->crypt_password(stripslashes($password));
$sql1 = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id)
VALUES ('$username','$password','$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,$insert_id)";
$app->db->query($sql1);
@@ -778,8 +887,9 @@
global $app;
$username = $app->db->quote($params["username"]);
$clear_password = $app->db->quote($params["password"]);
- $client_id = intval($client_id);
- $password = $app->auth->crypt_password(stripslashes($clear_password));
+ $client_id = $app->functions->intval($client_id);
+ if(!isset($params['_ispconfig_pw_crypted']) || $params['_ispconfig_pw_crypted'] != 1) $password = $app->auth->crypt_password(stripslashes($clear_password));
+ else $password = $clear_password;
if ($clear_password) $pwstring = ", passwort = '$password'"; else $pwstring ="" ;
$sql = "UPDATE sys_user set username = '$username' $pwstring WHERE client_id = $client_id";
$app->db->query($sql);
@@ -787,7 +897,7 @@
function ispconfig_sysuser_delete($client_id){
global $app;
- $client_id = intval($client_id);
+ $client_id = $app->functions->intval($client_id);
$sql = "DELETE FROM sys_user WHERE client_id = $client_id";
$app->db->query($sql);
$sql = "DELETE FROM sys_group WHERE client_id = $client_id";
@@ -799,8 +909,9 @@
$app->db->datalogSave($this->formDef['db_table'], $action, $this->formDef['db_table_idx'], $primary_id, $record_old, $record_new);
return true;
+
/*
-
+ // Add backticks for incomplete table names.
if(stristr($this->formDef['db_table'],'.')) {
$escape = '';
} else {
--
Gitblit v1.9.1