From a7cb2b0250c17405cd52649be7aa5ed463e7078d Mon Sep 17 00:00:00 2001
From: nveid <nveid@ispconfig3>
Date: Sat, 17 Dec 2011 15:52:35 -0500
Subject: [PATCH] Reversed the logic one place in the mysql client plugin
---
interface/lib/classes/remoting.inc.php | 238 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++--
1 files changed, 228 insertions(+), 10 deletions(-)
diff --git a/interface/lib/classes/remoting.inc.php b/interface/lib/classes/remoting.inc.php
index 2ff7a41..318b268 100644
--- a/interface/lib/classes/remoting.inc.php
+++ b/interface/lib/classes/remoting.inc.php
@@ -1342,6 +1342,23 @@
$this->server->fault('permission_denied', 'You do not have the permissions to access this function.');
return false;
}
+
+ if(!isset($params['client_group_id']) or (isset($params['client_group_id']) && empty($params['client_group_id']))) {
+ $rec = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".intval($client_id));
+ $params['client_group_id'] = $rec['groupid'];
+ }
+
+ //* Set a few params to "not empty" values which get overwritten by the sites_web_domain_plugin
+ if($params['document_root'] == '') $params['document_root'] = '-';
+ if($params['system_user'] == '') $params['system_user'] = '-';
+ if($params['system_group'] == '') $params['system_group'] = '-';
+
+ //* Set a few defaults for nginx servers
+ if($params['pm_max_children'] == '') $params['pm_max_children'] = 1;
+ if($params['pm_start_servers'] == '') $params['pm_start_servers'] = 1;
+ if($params['pm_min_spare_servers'] == '') $params['pm_min_spare_servers'] = 1;
+ if($params['pm_max_spare_servers'] == '') $params['pm_max_spare_servers'] = 1;
+
$domain_id = $this->insertQuery('../sites/form/web_domain.tform.php',$client_id,$params, 'sites:web_domain:on_after_insert');
if ($readonly === true)
$app->db->query("UPDATE web_domain SET `sys_userid` = '1' WHERE domain_id = ".$domain_id);
@@ -1355,6 +1372,13 @@
$this->server->fault('permission_denied', 'You do not have the permissions to access this function.');
return false;
}
+
+ //* Set a few defaults for nginx servers
+ if($params['pm_max_children'] == '') $params['pm_max_children'] = 1;
+ if($params['pm_start_servers'] == '') $params['pm_start_servers'] = 1;
+ if($params['pm_min_spare_servers'] == '') $params['pm_min_spare_servers'] = 1;
+ if($params['pm_max_spare_servers'] == '') $params['pm_max_spare_servers'] = 1;
+
$affected_rows = $this->updateQuery('../sites/form/web_domain.tform.php',$client_id,$primary_id,$params);
return $affected_rows;
}
@@ -2127,28 +2151,33 @@
if(isset($params['template_master']) and $params['template_master'] > 0)
{
$template=$app->db->queryOneRecord("SELECT * FROM client_template WHERE template_id=".intval($params['template_master']));
- $params=array_merge($params,$template);
+ if(is_array($template)) $params=array_merge($params,$template);
}
//* Get the SQL query
$sql = $app->remoting_lib->getSQL($params,'INSERT',0);
+ $app->db->query($sql);
+
if($app->remoting_lib->errorMessage != '') {
$this->server->fault('data_processing_error', $app->remoting_lib->errorMessage);
return false;
}
- $app->db->query($sql);
+ $insert_id = $app->db->insertID();
+
+ $this->id = $insert_id;
+ $this->dataRecord = $params;
$app->plugin->raiseEvent('client:client:on_after_insert',$this);
+ /*
if($app->db->errorMessage != '') {
$this->server->fault('database_error', $app->db->errorMessage . ' '.$sql);
return false;
}
+ */
-
-
- $insert_id = $app->db->insertID();
+
//$app->uses('tform');
//* Save changes to Datalog
if($app->remoting_lib->formDef["db_history"] == 'yes') {
@@ -2303,6 +2332,7 @@
protected function checkPerm($session_id, $function_name)
{
+ global $app;
$dobre=array();
$session = $this->getSession($session_id);
if(!$session){
@@ -2310,7 +2340,11 @@
}
$dobre= str_replace(';',',',$session['remote_functions']);
- return in_array($function_name, explode(',', $dobre) );
+ $check = in_array($function_name, explode(',', $dobre) );
+ if(!$check) {
+ $app->log("REMOTE-LIB DENY: ".$session_id ." /". $function_name, LOGLEVEL_WARN);
+ }
+ return $check;
}
@@ -2423,6 +2457,26 @@
return false;
}
}
+ /**
+ * Get All client_id's from database
+ * @param int session_id
+ * @return Array of all client_id's
+ */
+ public function client_get_all($session_id) {
+ global $app;
+ if(!$this->checkPerm($session_id, 'client_get_all')) {
+ $this->server->fault('permission_denied', 'You do not have the permissions to access this function.');
+ return false;
+ }
+ $result = $app->db->queryAllRecords("SELECT client_id FROM client WHERE 1");
+ if(!$result) {
+ return false;
+ }
+ foreach( $result as $record) {
+ $rarrary[] = $record['client_id'];
+ }
+ return $rarrary;
+ }
/**
* Changes client password
@@ -2500,13 +2554,13 @@
public function sites_database_get_all_by_user($session_id, $client_id)
{
global $app;
- if(!$this->checkPerm($session_id, 'sites_database_get_all_by_user')) {
+ if(!$this->checkPerm($session_id, 'sites_database_get')) {
$this->server->fault('permission_denied', 'You do not have the permissions to access this function.');
return false;
}
$client_id = intval($client_id);
- $sql = "SELECT database_id, database_name, database_user, database_password FROM web_database WHERE sys_userid = $client_id ";
- $all = $app->db->queryAllRecords($sql);
+ $sql = "SELECT d.database_id, d.database_name, d.database_user, d.database_password FROM web_database d INNER JOIN sys_user s on(d.sys_groupid = s.default_group) WHERE client_id = $client_id";
+ $all = $app->db->queryAllRecords($sql);
return $all;
}
@@ -2793,6 +2847,26 @@
return $app->remoting_lib->getDataRecord($vm_id);
}
+ //* Get OpenVZ list
+ public function openvz_vm_get_by_client($session_id, $client_id)
+ {
+ global $app;
+
+ if(!$this->checkPerm($session_id, 'vm_openvz')) {
+ $this->server->fault('permission_denied', 'You do not have the permissions to access this function.');
+ return false;
+ }
+
+ if (!empty($client_id)) {
+ $client_id = intval($client_id);
+ $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = $client_id");
+ $sql = "SELECT * FROM openvz_vm WHERE sys_groupid = ".intval($tmp['groupid']);
+ $result = $app->db->queryAllRecords($sql);
+ return $result;
+ }
+ return false;
+ }
+
//* Add a openvz vm record
public function openvz_vm_add($session_id, $client_id, $params)
{
@@ -2905,11 +2979,155 @@
return $affected_rows;
}
+ //* Start VM
+ public function openvz_vm_start($session_id, $vm_id)
+ {
+ global $app;
+
+ if(!$this->checkPerm($session_id, 'vm_openvz')) {
+ $this->server->fault('permission_denied', 'You do not have the permissions to access this function.');
+ return false;
+ }
+
+ $app->uses('remoting_lib');
+ $app->remoting_lib->loadFormDef('../vm/form/openvz_vm.tform.php');
+ $vm = $app->remoting_lib->getDataRecord($vm_id);
+
+ if(!is_array($vm)) {
+ $this->server->fault('action_pending', 'No VM with this ID available.');
+ return false;
+ }
+
+ if($vm['active'] == 'n') {
+ $this->server->fault('action_pending', 'VM is not in active state.');
+ return false;
+ }
+
+ $action = 'openvz_start_vm';
+
+ $tmp = $app->db->queryOneRecord("SELECT count(action_id) as actions FROM sys_remoteaction
+ WHERE server_id = '".$vm['server_id']."'
+ AND action_type = '$action'
+ AND action_param = '".$vm['veid']."'
+ AND action_state = 'pending'");
+
+ if($tmp['actions'] > 0) {
+ $this->server->fault('action_pending', 'There is already a action pending for this VM.');
+ return false;
+ } else {
+ $sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
+ "VALUES (".
+ (int)$vm['server_id'] . ", ".
+ time() . ", ".
+ "'".$action."', ".
+ $vm['veid'].", ".
+ "'pending', ".
+ "''".
+ ")";
+ $app->db->query($sql);
+ }
+ }
+ //* Stop VM
+ public function openvz_vm_stop($session_id, $vm_id)
+ {
+ global $app;
+
+ if(!$this->checkPerm($session_id, 'vm_openvz')) {
+ $this->server->fault('permission_denied', 'You do not have the permissions to access this function.');
+ return false;
+ }
+
+ $app->uses('remoting_lib');
+ $app->remoting_lib->loadFormDef('../vm/form/openvz_vm.tform.php');
+ $vm = $app->remoting_lib->getDataRecord($vm_id);
+
+ if(!is_array($vm)) {
+ $this->server->fault('action_pending', 'No VM with this ID available.');
+ return false;
+ }
+
+ if($vm['active'] == 'n') {
+ $this->server->fault('action_pending', 'VM is not in active state.');
+ return false;
+ }
+
+ $action = 'openvz_stop_vm';
+
+ $tmp = $app->db->queryOneRecord("SELECT count(action_id) as actions FROM sys_remoteaction
+ WHERE server_id = '".$vm['server_id']."'
+ AND action_type = '$action'
+ AND action_param = '".$vm['veid']."'
+ AND action_state = 'pending'");
+
+ if($tmp['actions'] > 0) {
+ $this->server->fault('action_pending', 'There is already a action pending for this VM.');
+ return false;
+ } else {
+ $sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
+ "VALUES (".
+ (int)$vm['server_id'] . ", ".
+ time() . ", ".
+ "'".$action."', ".
+ $vm['veid'].", ".
+ "'pending', ".
+ "''".
+ ")";
+ $app->db->query($sql);
+ }
+ }
+ //* Restart VM
+ public function openvz_vm_restart($session_id, $vm_id)
+ {
+ global $app;
+
+ if(!$this->checkPerm($session_id, 'vm_openvz')) {
+ $this->server->fault('permission_denied', 'You do not have the permissions to access this function.');
+ return false;
+ }
+
+ $app->uses('remoting_lib');
+ $app->remoting_lib->loadFormDef('../vm/form/openvz_vm.tform.php');
+ $vm = $app->remoting_lib->getDataRecord($vm_id);
+
+ if(!is_array($vm)) {
+ $this->server->fault('action_pending', 'No VM with this ID available.');
+ return false;
+ }
+
+ if($vm['active'] == 'n') {
+ $this->server->fault('action_pending', 'VM is not in active state.');
+ return false;
+ }
+
+ $action = 'openvz_restart_vm';
+
+ $tmp = $app->db->queryOneRecord("SELECT count(action_id) as actions FROM sys_remoteaction
+ WHERE server_id = '".$vm['server_id']."'
+ AND action_type = '$action'
+ AND action_param = '".$vm['veid']."'
+ AND action_state = 'pending'");
+
+ if($tmp['actions'] > 0) {
+ $this->server->fault('action_pending', 'There is already a action pending for this VM.');
+ return false;
+ } else {
+ $sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
+ "VALUES (".
+ (int)$vm['server_id'] . ", ".
+ time() . ", ".
+ "'".$action."', ".
+ $vm['veid'].", ".
+ "'pending', ".
+ "''".
+ ")";
+ $app->db->query($sql);
+ }
+ }
}
-?>
\ No newline at end of file
+?>
--
Gitblit v1.9.1