From aa78fde6a92f66b84d626e114d8b54a5fb6ece0c Mon Sep 17 00:00:00 2001
From: ftimme <ft@falkotimme.com>
Date: Wed, 14 Nov 2012 07:19:43 -0500
Subject: [PATCH] - Added function for IPv6 prefixes in multiserver mirror setups to nginx plugin.
---
interface/lib/classes/remoting_lib.inc.php | 218 +++++++++++++++++++++++++++++++++++++-----------------
1 files changed, 149 insertions(+), 69 deletions(-)
diff --git a/interface/lib/classes/remoting_lib.inc.php b/interface/lib/classes/remoting_lib.inc.php
index 9e19548..9726b75 100644
--- a/interface/lib/classes/remoting_lib.inc.php
+++ b/interface/lib/classes/remoting_lib.inc.php
@@ -37,39 +37,37 @@
/**
* Formularbehandlung
*
-* Funktionen zur Umwandlung von Formulardaten
-* sowie zum vorbereiten von HTML und SQL
-* Ausgaben
+* Functions to validate, display and save form values
*
-* Tabellendefinition
+* Database table field definitions
*
-* Datentypen:
-* - INTEGER (Wandelt Ausdr�cke in Int um)
+* Datatypes:
+* - INTEGER (Converts data to int automatically)
* - DOUBLE
-* - CURRENCY (Formatiert Zahlen nach W�hrungsnotation)
-* - VARCHAR (kein weiterer Format Check)
-* - DATE (Datumsformat, Timestamp Umwandlung)
+* - CURRENCY (Formats digits in currency notation)
+* - VARCHAR (No format check)
+* - DATE (Date format, converts from and to UNIX timestamps automatically)
*
* Formtype:
-* - TEXT (normales Textfeld)
-* - PASSWORD (Feldinhalt wird nicht angezeigt)
-* - SELECT (Gibt Werte als option Feld aus)
-* - MULTIPLE (Select-Feld mit nehreren Werten)
+* - TEXT (Normal text field)
+* - PASSWORD (password field, the content will not be displayed again to the user)
+* - SELECT (Option fiield)
+* - MULTIPLE (Allows selection of multiple values)
*
* VALUE:
-* - Wert oder Array
+* - Value or array
*
* SEPARATOR
-* - Trennzeichen f�r multiple Felder
+* - separator char used for fileds with multiple values
*
-* Hinweis:
-* Das ID-Feld ist nicht bei den Table Values einzuf�gen.
+* Hint: The auto increment (ID) filed of the table has not be be definied separately.
+*
*/
class remoting_lib {
/**
- * Definition of the database atble (array)
+ * Definition of the database table (array)
* @var tableDef
*/
private $tableDef;
@@ -115,13 +113,14 @@
var $sys_userid;
var $sys_default_group;
var $sys_groups;
+ var $client_id;
//* Load the form definition from file.
function loadFormDef($file) {
global $app,$conf;
- include_once($file);
+ include($file);
$this->formDef = $form;
unset($this->formDef['tabs']);
@@ -138,12 +137,12 @@
}
//* Load the user profile
- function loadUserProfile($client_id = 0) {
+ function loadUserProfile($client_id_param = 0) {
global $app,$conf;
- $client_id = intval($client_id);
+ $this->client_id = $app->functions->intval($client_id_param);
- if($client_id == 0) {
+ if($this->client_id == 0) {
$this->sys_username = 'admin';
$this->sys_userid = 1;
$this->sys_default_group = 1;
@@ -161,7 +160,7 @@
}
}*/
- $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE client_id = $client_id");
+ $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE client_id = $this->client_id");
$this->sys_username = $user['username'];
$this->sys_userid = $user['userid'];
$this->sys_default_group = $user['default_group'];
@@ -176,7 +175,8 @@
/**
- * Converts data in human readable form
+ * Converts the data in the array to human readable format
+ * Datatype conversion e.g. to show the data in lists
*
* @param record
* @return record
@@ -208,13 +208,7 @@
break;
case 'INTEGER':
- //* We use + 0 to force the string to be a number as
- //* intval return value is too limited on 32bit systems
- if(intval($record[$key]) == 2147483647) {
- $new_record[$key] = $record[$key] + 0;
- } else {
- $new_record[$key] = intval($record[$key]);
- }
+ $new_record[$key] = $app->functions->intval($record[$key]);
break;
case 'DOUBLE':
@@ -222,7 +216,7 @@
break;
case 'CURRENCY':
- $new_record[$key] = number_format($record[$key], 2, ',', '');
+ $new_record[$key] = $app->functions->currency_format($record[$key]);
break;
default:
@@ -263,7 +257,7 @@
unset($tmp_recordid);
$querystring = str_replace("{AUTHSQL}",$this->getAuthSQL('r'),$querystring);
-
+
// Getting the records
$tmp_records = $app->db->queryAllRecords($querystring);
if($app->db->errorMessage != '') die($app->db->errorMessage);
@@ -285,7 +279,7 @@
$app->uses($datasource_class);
$values = $app->$datasource_class->$datasource_function($field, $record);
} else {
- $this->errorMessage .= "Custom datasource class or function is empty<br>\r\n";
+ $this->errorMessage .= "Custom datasource class or function is empty<br />\r\n";
}
}
@@ -294,29 +288,39 @@
}
/**
- * Converts the data in a format to store it in the database table
+ /**
+ * Rewrite the record data to be stored in the database
+ * and check values with regular expressions.
*
* @param record = Datensatz als Array
* @return record
*/
- function encode($record) {
+ function encode($record,$dbencode = true) {
global $app;
if(is_array($record)) {
foreach($this->formDef['fields'] as $key => $field) {
- if(isset($field['validators']) && is_array($field['validators'])) $this->validateField($key, (isset($record[$key]))?$record[$key]:'', $field['validators']);
+ //* Apply filter to record value
+ if(isset($field['filters']) && is_array($field['filters'])) {
+ $record[$key] = $this->filterField($key, (isset($record[$key]))?$record[$key]:'', $field['filters'], 'SAVE');
+ }
+
+ //* Validate record value
+ if(isset($field['validators']) && is_array($field['validators'])) {
+ $this->validateField($key, (isset($record[$key]))?$record[$key]:'', $field['validators']);
+ }
switch ($field['datatype']) {
case 'VARCHAR':
if(!@is_array($record[$key])) {
- $new_record[$key] = (isset($record[$key]))?$app->db->quote($record[$key]):'';
+ $new_record[$key] = (isset($record[$key]))?$record[$key]:'';
} else {
$new_record[$key] = implode($field['separator'],$record[$key]);
}
break;
case 'TEXT':
if(!is_array($record[$key])) {
- $new_record[$key] = $app->db->quote($record[$key]);
+ $new_record[$key] = $record[$key];
} else {
$new_record[$key] = implode($field['separator'],$record[$key]);
}
@@ -348,12 +352,12 @@
}
break;
case 'INTEGER':
- $new_record[$key] = (isset($record[$key]))?intval($record[$key]):0;
+ $new_record[$key] = (isset($record[$key]))?$app->functions->intval($record[$key]):0;
//if($new_record[$key] != $record[$key]) $new_record[$key] = $field['default'];
//if($key == 'refresh') die($record[$key]);
break;
case 'DOUBLE':
- $new_record[$key] = $app->db->quote($record[$key]);
+ $new_record[$key] = $record[$key];
break;
case 'CURRENCY':
$new_record[$key] = str_replace(",",".",$record[$key]);
@@ -381,11 +385,53 @@
$this->errorMessage .= $errmsg."\r\n";
}
}
-
-
+
+ //* Add slashes to all records, when we encode data which shall be inserted into mysql.
+ if($dbencode == true) $new_record[$key] = $app->db->quote($new_record[$key]);
}
}
return $new_record;
+ }
+
+ /**
+ * process the filters for a given field.
+ *
+ * @param field_name = Name of the field
+ * @param field_value = value of the field
+ * @param filters = Array of filters
+ * @param filter_event = 'SAVE'or 'SHOW'
+ * @return record
+ */
+
+ function filterField($field_name, $field_value, $filters, $filter_event) {
+
+ global $app;
+ $returnval = $field_value;
+
+ //* Loop trough all filters
+ foreach($filters as $filter) {
+ if($filter['event'] == $filter_event) {
+ switch ($filter['type']) {
+ case 'TOLOWER':
+ $returnval = strtolower($field_value);
+ break;
+ case 'TOUPPER':
+ $returnval = strtoupper($field_value);
+ break;
+ case 'IDNTOASCII':
+ $returnval = $app->functions->idn_encode($field_value);
+ break;
+ case 'IDNTOUTF8':
+ $returnval = $app->functions->idn_decode($field_value);
+ break;
+ default:
+ $this->errorMessage .= "Unknown Filter: ".$filter['type'];
+ break;
+ }
+ }
+ }
+
+ return $returnval;
}
/**
@@ -453,7 +499,7 @@
break;
case 'ISEMAIL':
if(function_exists('filter_var')) {
- if(!filter_var($field_value, FILTER_VALIDATE_EMAIL)) {
+ if(filter_var($field_value, FILTER_VALIDATE_EMAIL) === false) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
@@ -474,16 +520,16 @@
break;
case 'ISINT':
if(function_exists('filter_var')) {
- if(!filter_var($field_value, FILTER_VALIDATE_INT)) {
+ if($field_value != '' && filter_var($field_value, FILTER_VALIDATE_INT) === false) {
$errmsg = $validator['errmsg'];
- if(isset($this->wordbook[$errmsg])) {
+ if(isset($this->wordbook[$errmsg])) {
$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
} else {
$this->errorMessage .= $errmsg."<br />\r\n";
}
}
} else {
- $tmpval = intval($field_value);
+ $tmpval = $app->functions->intval($field_value);
if($tmpval === 0 and !empty($field_value)) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
@@ -552,6 +598,27 @@
}
}
break;
+ case 'RANGE':
+ //* Checks if the value is within the given range or above / below a value
+ //* Range examples: < 10 = ":10", between 2 and 10 = "2:10", above 5 = "5:".
+ $range_parts = explode(':',trim($validator['range']));
+ $ok = true;
+ if($range_parts[0] != '' && $field_value < $range_parts[0]) {
+ $ok = false;
+ }
+ if($range_parts[1] != '' && $field_value > $range_parts[1]) {
+ $ok = false;
+ }
+ if($ok != true) {
+ $errmsg = $validator['errmsg'];
+ if(isset($this->wordbook[$errmsg])) {
+ $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
+ } else {
+ $this->errorMessage .= $errmsg."<br />\r\n";
+ }
+ }
+ unset($range_parts);
+ break;
case 'CUSTOM':
// Calls a custom class to validate this record
if($validator['class'] != '' and $validator['function'] != '') {
@@ -589,14 +656,14 @@
$this->action = $action;
$this->primary_id = $primary_id;
- $record = $this->encode($record,$tab);
+ $record = $this->encode($record,true);
$sql_insert_key = '';
$sql_insert_val = '';
$sql_update = '';
- if(!is_array($this->formDef)) $app->error("No form definition found.");
+ if(!is_array($this->formDef)) $app->error("Form definition not found.");
- // gehe durch alle Felder des Tabs
+ // go trough all fields of the tab
if(is_array($record)) {
foreach($this->formDef['fields'] as $key => $field) {
// Wenn es kein leeres Passwortfeld ist
@@ -605,17 +672,18 @@
if($action == "INSERT") {
if($field['formtype'] == 'PASSWORD') {
$sql_insert_key .= "`$key`, ";
- if($field['encryption'] == 'CRYPT') {
+ if ((isset($field['encryption']) && $field['encryption'] == 'CLEARTEXT') || (isset($record['_ispconfig_pw_crypted']) && $record['_ispconfig_pw_crypted'] == 1)) {
+ $sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
+ } elseif(isset($field['encryption']) && $field['encryption'] == 'CRYPT') {
$record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
- } elseif ($field['encryption'] == 'MYSQL') {
+ } elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') {
$sql_insert_val .= "PASSWORD('".$app->db->quote($record[$key])."'), ";
- } elseif ($field['encryption'] == 'CLEARTEXT') {
- $sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
} else {
$record[$key] = md5(stripslashes($record[$key]));
$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
}
+
} elseif ($field['formtype'] == 'CHECKBOX') {
$sql_insert_key .= "`$key`, ";
if($record[$key] == '') {
@@ -631,16 +699,18 @@
}
} else {
if($field['formtype'] == 'PASSWORD') {
- if($field['encryption'] == 'CRYPT') {
+ if ((isset($field['encryption']) && $field['encryption'] == 'CLEARTEXT') || (isset($record['_ispconfig_pw_crypted']) && $record['_ispconfig_pw_crypted'] == 1)) {
+ $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
+ } elseif(isset($field['encryption']) && $field['encryption'] == 'CRYPT') {
$record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
- } elseif ($field['encryption'] == 'MYSQL') {
- $sql_insert_val .= "PASSWORD('".$app->db->quote($record[$key])."'), ";
- } elseif ($field['encryption'] == 'CLEARTEXT') {
- $sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
- } else {
- $record[$key] = md5($record[$key]);
+ $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
+ } elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') {
+ $sql_update .= "`$key` = PASSWORD('".$app->db->quote($record[$key])."'), ";
+ } else {
+ $record[$key] = md5(stripslashes($record[$key]));
+ $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
}
- $sql_update .= "`$key` = '".$record[$key]."', ";
+
} elseif ($field['formtype'] == 'CHECKBOX') {
if($record[$key] == '') {
// if a checkbox is not set, we set it to the unchecked value
@@ -662,7 +732,7 @@
}
-
+ // Add backticks for incomplete table names
if(stristr($this->formDef['db_table'],'.')) {
$escape = '';
} else {
@@ -672,7 +742,7 @@
if($action == "INSERT") {
if($this->formDef['auth'] == 'yes') {
- // Setze User und Gruppe
+ // Set user and group
$sql_insert_key .= "`sys_userid`, ";
$sql_insert_val .= ($this->formDef["auth_preset"]["userid"] > 0)?"'".$this->formDef["auth_preset"]["userid"]."', ":"'".$this->sys_userid."', ";
$sql_insert_key .= "`sys_groupid`, ";
@@ -689,7 +759,12 @@
$sql = "INSERT INTO ".$escape.$this->formDef['db_table'].$escape." ($sql_insert_key) VALUES ($sql_insert_val)";
} else {
if($primary_id != 0) {
- $sql_update = substr($sql_update,0,-2);
+ // update client permissions only if client_id > 0
+ if($this->formDef['auth'] == 'yes' && $this->client_id > 0) {
+ $sql_update .= '`sys_userid` = '.$this->sys_userid.', ';
+ $sql_update .= '`sys_groupid` = '.$this->sys_default_group.', ';
+ }
+ $sql_update = substr($sql_update,0,-2);
$sql = "UPDATE ".$escape.$this->formDef['db_table'].$escape." SET ".$sql_update." WHERE ".$this->formDef['db_table_idx']." = ".$primary_id;
if($sql_ext_where != '') $sql .= " and ".$sql_ext_where;
} else {
@@ -750,6 +825,10 @@
} else {
$modules = $app->db->quote($params['modules']);
}
+ if(isset($params['limit_client']) && $params['limit_client'] > 0) {
+ $modules .= ',client';
+ }
+
if(!isset($params['startmodule'])) {
$startmodule = 'dashboard';
} else {
@@ -762,7 +841,7 @@
$usertheme = $app->db->quote($params["usertheme"]);
$type = 'user';
$active = 1;
- $insert_id = intval($insert_id);
+ $insert_id = $app->functions->intval($insert_id);
$language = $app->db->quote($params["language"]);
$groupid = $app->db->datalogInsert('sys_group', "(name,description,client_id) VALUES ('$username','','$insert_id')", 'groupid');
$groups = $groupid;
@@ -776,7 +855,7 @@
global $app;
$username = $app->db->quote($params["username"]);
$clear_password = $app->db->quote($params["password"]);
- $client_id = intval($client_id);
+ $client_id = $app->functions->intval($client_id);
$password = $app->auth->crypt_password(stripslashes($clear_password));
if ($clear_password) $pwstring = ", passwort = '$password'"; else $pwstring ="" ;
$sql = "UPDATE sys_user set username = '$username' $pwstring WHERE client_id = $client_id";
@@ -785,7 +864,7 @@
function ispconfig_sysuser_delete($client_id){
global $app;
- $client_id = intval($client_id);
+ $client_id = $app->functions->intval($client_id);
$sql = "DELETE FROM sys_user WHERE client_id = $client_id";
$app->db->query($sql);
$sql = "DELETE FROM sys_group WHERE client_id = $client_id";
@@ -797,8 +876,9 @@
$app->db->datalogSave($this->formDef['db_table'], $action, $this->formDef['db_table_idx'], $primary_id, $record_old, $record_new);
return true;
+
/*
-
+ // Add backticks for incomplete table names.
if(stristr($this->formDef['db_table'],'.')) {
$escape = '';
} else {
--
Gitblit v1.9.1