From abd69db8130a5d7d772f44c816673275e5c853af Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Sun, 28 Jun 2009 09:34:09 -0400
Subject: [PATCH] Fixed: FS#749 - client can change his domainname.

---
 interface/web/mail/mail_domain_edit.php |   12 +++++++++++-
 interface/web/sites/web_domain_edit.php |   10 ++++++++++
 2 files changed, 21 insertions(+), 1 deletions(-)

diff --git a/interface/web/mail/mail_domain_edit.php b/interface/web/mail/mail_domain_edit.php
index ee16ad6..ce5fbda 100644
--- a/interface/web/mail/mail_domain_edit.php
+++ b/interface/web/mail/mail_domain_edit.php
@@ -221,13 +221,23 @@
 		//* Check if the server has been changed
 		// We do this only for the admin or reseller users, as normal clients can not change the server ID anyway
 		if($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
-			$rec = $app->db->queryOneRecord("SELECT server_id from mail_domain WHERE domain_id = ".$this->id);
+			$rec = $app->db->queryOneRecord("SELECT server_id, domain from mail_domain WHERE domain_id = ".$this->id);
 			if($rec['server_id'] != $this->dataRecord["server_id"]) {
 				//* Add a error message and switch back to old server
 				$app->tform->errorMessage .= $app->lng('The Server can not be changed.');
 				$this->dataRecord["server_id"] = $rec['server_id'];
 			}
 			unset($rec);
+		//* If the user is neither admin nor reseller
+		} else {
+			//* We do not allow users to change a domain which has been created by the admin
+			$rec = $app->db->queryOneRecord("SELECT domain from mail_domain WHERE domain_id = ".$this->id);
+			if($rec['domain'] != $this->dataRecord["domain"] && $app->tform->checkPerm($this->id,'u')) {
+				//* Add a error message and switch back to old server
+				$app->tform->errorMessage .= $app->lng('The Domain can not be changed. Please ask your Administrator if you want to change the domain name.');
+				$this->dataRecord["domain"] = $rec['domain'];
+			}
+			unset($rec);
 		}
 	}
 	
diff --git a/interface/web/sites/web_domain_edit.php b/interface/web/sites/web_domain_edit.php
index d9d210f..e1ec18f 100644
--- a/interface/web/sites/web_domain_edit.php
+++ b/interface/web/sites/web_domain_edit.php
@@ -294,6 +294,16 @@
 				}
 				unset($rec);
 			}
+		//* If the user is neither admin nor reseller
+		} else {
+			//* We do not allow users to change a domain which has been created by the admin
+			$rec = $app->db->queryOneRecord("SELECT domain from web_domain WHERE domain_id = ".$this->id);
+			if(isset($this->dataRecord["domain"]) && $rec['domain'] != $this->dataRecord["domain"] && $app->tform->checkPerm($this->id,'u')) {
+				//* Add a error message and switch back to old server
+				$app->tform->errorMessage .= $app->lng('The Domain can not be changed. Please ask your Administrator if you want to change the domain name.');
+				$this->dataRecord["domain"] = $rec['domain'];
+			}
+			unset($rec);
 		}
 		
 		//* Check that all fields for the SSL cert creation are filled

--
Gitblit v1.9.1