From 9c79079e9cd5c53b61209bed6754ac6c06bbbda2 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Thu, 07 May 2015 07:52:47 -0400
Subject: [PATCH] Backported password generator patch
---
interface/lib/classes/remoting.inc.php | 196 +++++++++++++++++++++++++++++++++++++++++++++---
1 files changed, 182 insertions(+), 14 deletions(-)
diff --git a/interface/lib/classes/remoting.inc.php b/interface/lib/classes/remoting.inc.php
index cc76bc7..b47d9cf 100644
--- a/interface/lib/classes/remoting.inc.php
+++ b/interface/lib/classes/remoting.inc.php
@@ -126,8 +126,11 @@
$session_id = $app->db->quote($session_id);
$sql = "DELETE FROM remote_session WHERE remote_session = '$session_id'";
- $app->db->query($sql);
- return $app->db->affectedRows() == 1;
+ if($app->db->query($sql) != false) {
+ return true;
+ } else {
+ return false;
+ }
}
@@ -136,20 +139,54 @@
@param int session id
@param int server id
@param string section of the config field in the server table. Could be 'web', 'dns', 'mail', 'dns', 'cron', etc
- @author Julio Montoya <gugli100@gmail.com> BeezNest 2010
+ @author Julio Montoya <gugli100@gmail.com> BeezNest 2010, extended by M. Cramer <m.cramer@pixcept.de> 2014
*/
- public function server_get($session_id, $server_id, $section ='') {
+ public function server_get($session_id, $server_id = null, $section ='') {
global $app;
if(!$this->checkPerm($session_id, 'server_get')) {
$this->server->fault('permission_denied', 'You do not have the permissions to access this function.');
return false;
}
- if (!empty($session_id) && !empty($server_id)) {
+ if (!empty($session_id)) {
$app->uses('remoting_lib , getconf');
- $section_config = $app->getconf->get_server_config($server_id, $section);
- return $section_config;
+ if(!empty($server_id)) {
+ $section_config = $app->getconf->get_server_config($server_id, $section);
+ return $section_config;
+ } else {
+ $servers = array();
+ $sql = "SELECT server_id FROM server WHERE 1";
+ $all = $app->db->queryAllRecords($sql);
+ foreach($all as $s) {
+ $servers[$s['server_id']] = $app->getconf->get_server_config($s['server_id'], $section);
+ }
+ unset($all);
+ unset($s);
+ return $servers;
+ }
+ } else {
+ return false;
+ }
+ }
+
+ /**
+ Gets a list of all servers
+ @param int session_id
+ @param int server_name
+ @author Marius Cramer <m.cramer@pixcept.de> 2014
+ */
+ public function server_get_all($session_id)
+ {
+ global $app;
+ if(!$this->checkPerm($session_id, 'server_get')) {
+ $this->server->fault('permission_denied', 'You do not have the permissions to access this function.');
+ return false;
+ }
+ if (!empty($session_id)) {
+ $sql = "SELECT server_id, server_name FROM server WHERE 1";
+ $servers = $app->db->queryAllRecords($sql);
+ return $servers;
} else {
return false;
}
@@ -200,6 +237,69 @@
}
/**
+ * set record permissions in any table
+ * @param string session_id
+ * @param string index_field
+ * @param string index_value
+ * @param array permissions
+ * @author "ispcomm", improved by M. Cramer <m.cramer@pixcept.de>
+ */
+ public function update_record_permissions($tablename, $index_field, $index_value, $permissions) {
+ global $app;
+
+ if(!$this->checkPerm($session_id, 'admin_record_permissions')) {
+ $this->server->fault('permission_denied', 'You do not have the permissions to access this function.');
+ return false;
+ }
+
+ foreach($permissions as $key => $value) { // make sure only sys_ fields are updated
+ switch($key) {
+ case 'sys_userid':
+ // check if userid is valid
+ $check = $app->db->queryOneRecord('SELECT userid FROM sys_user WHERE userid = ' . $app->functions->intval($value));
+ if(!$check || !$check['userid']) {
+ $this->server->fault('invalid parameters', $value . ' is no valid sys_userid.');
+ return false;
+ }
+ $permissions[$key] = $app->functions->intval($value);
+ break;
+ case 'sys_groupid':
+ // check if groupid is valid
+ $check = $app->db->queryOneRecord('SELECT groupid FROM sys_group WHERE groupid = ' . $app->functions->intval($value));
+ if(!$check || !$check['groupid']) {
+ $this->server->fault('invalid parameters', $value . ' is no valid sys_groupid.');
+ return false;
+ }
+ $permissions[$key] = $app->functions->intval($value);
+ break;
+ case 'sys_perm_user':
+ case 'sys_perm_group':
+ // check if permissions are valid
+ $value = strtolower($value);
+ if(!preg_match('/^[riud]+$/', $value)) {
+ $this->server->fault('invalid parameters', $value . ' is no valid permission string.');
+ return false;
+ }
+
+ $newvalue = '';
+ if(strpos($value, 'r') !== false) $newvalue .= 'r';
+ if(strpos($value, 'i') !== false) $newvalue .= 'i';
+ if(strpos($value, 'u') !== false) $newvalue .= 'u';
+ if(strpos($value, 'd') !== false) $newvalue .= 'd';
+ $permissions[$key] = $newvalue;
+ unset($newvalue);
+
+ break;
+ default:
+ $this->server->fault('invalid parameters', 'Only sys_userid, sys_groupid, sys_perm_user and sys_perm_group parameters can be changed with this function.');
+ break;
+ }
+ }
+
+ return $app->db->datalogUpdate( $tablename, $permissions, $index_field, $index_value ) ;
+ }
+
+ /**
Gets the ISPconfig version of the server
@param int session_id
@author Sascha Bay <info@space2place.de> TheCry 2013
@@ -231,6 +331,20 @@
return $all;
}
+ //* Get server ips
+ public function server_ip_get($session_id, $primary_id)
+ {
+ global $app;
+
+ if(!$this->checkPerm($session_id, 'server_ip_get')) {
+ $this->server->fault('permission_denied', 'You do not have the permissions to access this function.');
+ return false;
+ }
+ $app->uses('remoting_lib');
+ $app->remoting_lib->loadFormDef('../admin/form/server_ip.tform.php');
+ return $app->remoting_lib->getDataRecord($primary_id);
+ }
+
//* Add a IP address record
public function server_ip_add($session_id, $client_id, $params)
{
@@ -1301,13 +1415,30 @@
public function client_add($session_id, $reseller_id, $params)
{
+ global $app;
+
if (!$this->checkPerm($session_id, 'client_add'))
{
$this->server->fault('permission_denied', 'You do not have the permissions to access this function.');
return false;
}
if(!isset($params['parent_client_id']) || $params['parent_client_id'] == 0) $params['parent_client_id'] = $reseller_id;
- $affected_rows = $this->klientadd('../client/form/' . (isset($params['limit_client']) && $params['limit_client'] > 0 ? 'reseller' : 'client') . '.tform.php', $reseller_id, $params);
+
+ if($params['parent_client_id']) {
+ // check if this one is reseller
+ $check = $app->db->queryOneRecord('SELECT `limit_client` FROM `client` WHERE `client_id` = ' . intval($params['parent_client_id']));
+ if($check['limit_client'] == 0) {
+ $this->server->fault('Invalid reseller', 'Selected client is not a reseller.');
+ return false;
+ }
+
+ if(isset($params['limit_client']) && $params['limit_client'] != 0) {
+ $this->server->fault('Invalid reseller', 'Reseller cannot be client of another reseller.');
+ return false;
+ }
+ }
+
+ $affected_rows = $this->klientadd('../client/form/' . (isset($params['limit_client']) && $params['limit_client'] != 0 ? 'reseller' : 'client') . '.tform.php', $reseller_id, $params);
return $affected_rows;
}
@@ -1323,8 +1454,24 @@
}
$app->uses('remoting_lib');
- $app->remoting_lib->loadFormDef('../client/form/' . (isset($params['limit_client']) && $params['limit_client'] > 0 ? 'reseller' : 'client') . '.tform.php');
+ $app->remoting_lib->loadFormDef('../client/form/' . (isset($params['limit_client']) && $params['limit_client'] != 0 ? 'reseller' : 'client') . '.tform.php');
$old_rec = $app->remoting_lib->getDataRecord($client_id);
+
+ if(!isset($params['parent_client_id']) || $params['parent_client_id'] == 0) $params['parent_client_id'] = $reseller_id;
+
+ if($params['parent_client_id']) {
+ // check if this one is reseller
+ $check = $app->db->queryOneRecord('SELECT `limit_client` FROM `client` WHERE `client_id` = ' . intval($params['parent_client_id']));
+ if($check['limit_client'] == 0) {
+ $this->server->fault('Invalid reseller', 'Selected client is not a reseller.');
+ return false;
+ }
+
+ if(isset($params['limit_client']) && $params['limit_client'] != 0) {
+ $this->server->fault('Invalid reseller', 'Reseller cannot be client of another reseller.');
+ return false;
+ }
+ }
// we need the previuos templates assigned here
$this->oldTemplatesAssigned = $app->db->queryAllRecords('SELECT * FROM `client_template_assigned` WHERE `client_id` = ' . $client_id);
@@ -1348,8 +1495,7 @@
}
- if(!isset($params['parent_client_id']) || $params['parent_client_id'] == 0) $params['parent_client_id'] = $reseller_id;
- $affected_rows = $this->updateQuery('../client/form/' . (isset($params['limit_client']) && $params['limit_client'] > 0 ? 'reseller' : 'client') . '.tform.php', $reseller_id, $client_id, $params, 'client:' . ($reseller_id ? 'reseller' : 'client') . ':on_after_update');
+ $affected_rows = $this->updateQuery('../client/form/' . (isset($params['limit_client']) && $params['limit_client'] != 0 ? 'reseller' : 'client') . '.tform.php', $reseller_id, $client_id, $params, 'client:' . ($params['parent_client_id'] ? 'reseller' : 'client') . ':on_after_update');
$app->remoting_lib->ispconfig_sysuser_update($params, $client_id);
@@ -1649,7 +1795,18 @@
$this->dataRecord = $params;
$app->sites_database_plugin->processDatabaseInsert($this);
- return $this->insertQueryExecute($sql, $params);
+ $retval = $this->insertQueryExecute($sql, $params);
+
+ // set correct values for backup_interval and backup_copies
+ if(isset($params['backup_interval']) || isset($params['backup_copies'])){
+ $sql_set = array();
+ if(isset($params['backup_interval'])) $sql_set[] = "backup_interval = '".$app->db->quote($params['backup_interval'])."'";
+ if(isset($params['backup_copies'])) $sql_set[] = "backup_copies = ".$app->functions->intval($params['backup_copies']);
+ //$app->db->query("UPDATE web_database SET ".implode(', ', $sql_set)." WHERE database_id = ".$retval);
+ $this->updateQueryExecute("UPDATE web_database SET ".implode(', ', $sql_set)." WHERE database_id = ".$retval, $retval, $params);
+ }
+
+ return $retval;
}
return false;
@@ -1672,7 +1829,18 @@
$this->id = $primary_id;
$this->dataRecord = $params;
$app->sites_database_plugin->processDatabaseUpdate($this);
- return $this->updateQueryExecute($sql, $primary_id, $params);
+ $retval = $this->updateQueryExecute($sql, $primary_id, $params);
+
+ // set correct values for backup_interval and backup_copies
+ if(isset($params['backup_interval']) || isset($params['backup_copies'])){
+ $sql_set = array();
+ if(isset($params['backup_interval'])) $sql_set[] = "backup_interval = '".$app->db->quote($params['backup_interval'])."'";
+ if(isset($params['backup_copies'])) $sql_set[] = "backup_copies = ".$app->functions->intval($params['backup_copies']);
+ //$app->db->query("UPDATE web_database SET ".implode(', ', $sql_set)." WHERE database_id = ".$primary_id);
+ $this->updateQueryExecute("UPDATE web_database SET ".implode(', ', $sql_set)." WHERE database_id = ".$primary_id, $primary_id, $params);
+ }
+
+ return $retval;
}
return false;
@@ -3059,7 +3227,7 @@
$this->id = $insert_id;
$this->dataRecord = $params;
- $app->plugin->raiseEvent('client:' . (isset($params['limit_client']) && $params['limit_client'] > 0 ? 'reseller' : 'client') . ':on_after_insert', $this);
+ $app->plugin->raiseEvent('client:' . (isset($params['limit_client']) && $params['limit_client'] != 0 ? 'reseller' : 'client') . ':on_after_insert', $this);
/*
if($app->db->errorMessage != '') {
--
Gitblit v1.9.1