From 9c79079e9cd5c53b61209bed6754ac6c06bbbda2 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Thu, 07 May 2015 07:52:47 -0400
Subject: [PATCH] Backported password generator patch

---
 interface/lib/classes/remoting.inc.php |   58 ++++++++++++++++++++++++++++++++++++++--------------------
 1 files changed, 38 insertions(+), 20 deletions(-)

diff --git a/interface/lib/classes/remoting.inc.php b/interface/lib/classes/remoting.inc.php
index 9dd5dc7..b47d9cf 100644
--- a/interface/lib/classes/remoting.inc.php
+++ b/interface/lib/classes/remoting.inc.php
@@ -331,7 +331,7 @@
 		return $all;
 	}
 
-	//* Get server ip
+	//* Get server ips
 	public function server_ip_get($session_id, $primary_id)
 	{
 		global $app;
@@ -343,20 +343,6 @@
 		$app->uses('remoting_lib');
 		$app->remoting_lib->loadFormDef('../admin/form/server_ip.tform.php');
 		return $app->remoting_lib->getDataRecord($primary_id);
-	}
-	
-	//* Get all server ips
-	public function server_ip_get_by_server_id($session_id, $server_id)
-	{
-		global $app;
-
-		if(!$this->checkPerm($session_id, 'server_ip_get_by_server_id')) {
-			$this->server->fault('permission_denied', 'You do not have the permissions to access this function.');
-			return false;
-		}
-		$sql = "SELECT * FROM server_ip WHERE server_id  = $server_id";
-		$all = $app->db->queryAllRecords($sql);
-		return $all;
 	}
 	
 	//* Add a IP address record
@@ -1429,13 +1415,30 @@
 
 	public function client_add($session_id, $reseller_id, $params)
 	{
+		global $app;
+		
 		if (!$this->checkPerm($session_id, 'client_add'))
 		{
 			$this->server->fault('permission_denied', 'You do not have the permissions to access this function.');
 			return false;
 		}
 		if(!isset($params['parent_client_id']) || $params['parent_client_id'] == 0) $params['parent_client_id'] = $reseller_id;
-		$affected_rows = $this->klientadd('../client/form/' . (isset($params['limit_client']) && $params['limit_client'] > 0 ? 'reseller' : 'client') . '.tform.php', $reseller_id, $params);
+		
+		if($params['parent_client_id']) {
+			// check if this one is reseller
+			$check = $app->db->queryOneRecord('SELECT `limit_client` FROM `client` WHERE `client_id` = ' . intval($params['parent_client_id']));
+			if($check['limit_client'] == 0) {
+				$this->server->fault('Invalid reseller', 'Selected client is not a reseller.');
+				return false;
+			}
+			
+			if(isset($params['limit_client']) && $params['limit_client'] != 0) {
+				$this->server->fault('Invalid reseller', 'Reseller cannot be client of another reseller.');
+				return false;
+			}
+		}
+		
+		$affected_rows = $this->klientadd('../client/form/' . (isset($params['limit_client']) && $params['limit_client'] != 0 ? 'reseller' : 'client') . '.tform.php', $reseller_id, $params);
 		return $affected_rows;
 
 	}
@@ -1451,8 +1454,24 @@
 		}
 
 		$app->uses('remoting_lib');
-		$app->remoting_lib->loadFormDef('../client/form/' . (isset($params['limit_client']) && $params['limit_client'] > 0 ? 'reseller' : 'client') . '.tform.php');
+		$app->remoting_lib->loadFormDef('../client/form/' . (isset($params['limit_client']) && $params['limit_client'] != 0 ? 'reseller' : 'client') . '.tform.php');
 		$old_rec = $app->remoting_lib->getDataRecord($client_id);
+
+		if(!isset($params['parent_client_id']) || $params['parent_client_id'] == 0) $params['parent_client_id'] = $reseller_id;
+
+		if($params['parent_client_id']) {
+			// check if this one is reseller
+			$check = $app->db->queryOneRecord('SELECT `limit_client` FROM `client` WHERE `client_id` = ' . intval($params['parent_client_id']));
+			if($check['limit_client'] == 0) {
+				$this->server->fault('Invalid reseller', 'Selected client is not a reseller.');
+				return false;
+			}
+			
+			if(isset($params['limit_client']) && $params['limit_client'] != 0) {
+				$this->server->fault('Invalid reseller', 'Reseller cannot be client of another reseller.');
+				return false;
+			}
+		}
 
 		// we need the previuos templates assigned here
 		$this->oldTemplatesAssigned = $app->db->queryAllRecords('SELECT * FROM `client_template_assigned` WHERE `client_id` = ' . $client_id);
@@ -1476,8 +1495,7 @@
 		}
 
 
-		if(!isset($params['parent_client_id']) || $params['parent_client_id'] == 0) $params['parent_client_id'] = $reseller_id;
-		$affected_rows = $this->updateQuery('../client/form/' . (isset($params['limit_client']) && $params['limit_client'] > 0 ? 'reseller' : 'client') . '.tform.php', $reseller_id, $client_id, $params, 'client:' . ($reseller_id ? 'reseller' : 'client') . ':on_after_update');
+		$affected_rows = $this->updateQuery('../client/form/' . (isset($params['limit_client']) && $params['limit_client'] != 0 ? 'reseller' : 'client') . '.tform.php', $reseller_id, $client_id, $params, 'client:' . ($params['parent_client_id'] ? 'reseller' : 'client') . ':on_after_update');
 
 		$app->remoting_lib->ispconfig_sysuser_update($params, $client_id);
 
@@ -3209,7 +3227,7 @@
 		$this->id = $insert_id;
 		$this->dataRecord = $params;
 
-		$app->plugin->raiseEvent('client:' . (isset($params['limit_client']) && $params['limit_client'] > 0 ? 'reseller' : 'client') . ':on_after_insert', $this);
+		$app->plugin->raiseEvent('client:' . (isset($params['limit_client']) && $params['limit_client'] != 0 ? 'reseller' : 'client') . ':on_after_insert', $this);
 
 		/*
 		if($app->db->errorMessage != '') {

--
Gitblit v1.9.1