From c86da31b33c57df2e2cc611bf088be70830bcd0c Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Sun, 21 Mar 2010 07:05:13 -0400
Subject: [PATCH] Fixed: FS#1111 - Delete an 'in use' template should be blocked
---
interface/lib/classes/remoting_lib.inc.php | 90 ++++++++++++++++++++++++++++-----------------
1 files changed, 56 insertions(+), 34 deletions(-)
diff --git a/interface/lib/classes/remoting_lib.inc.php b/interface/lib/classes/remoting_lib.inc.php
index 71b09fc..26153c4 100644
--- a/interface/lib/classes/remoting_lib.inc.php
+++ b/interface/lib/classes/remoting_lib.inc.php
@@ -140,36 +140,37 @@
//* Load the user profile
function loadUserProfile($client_id = 0) {
global $app,$conf;
-
+
$client_id = intval($client_id);
-
+
if($client_id == 0) {
- $this->sys_username = 'admin';
- $this->sys_userid = 1;
- $this->sys_default_group = 1;
- $this->sys_groups = 1;
+ $this->sys_username = 'admin';
+ $this->sys_userid = 1;
+ $this->sys_default_group = 1;
+ $this->sys_groups = 1;
+ $_SESSION["s"]["user"]["typ"] = 'admin';
} else {
- //* Load the client data
- $client = $app->db->queryOneRecord("SELECT username FROM client WHERE client_id = $client_id");
- if($client["username"] == '') {
- $this->errorMessage .= 'No client with ID $client_id found.';
- return false;
- }
- //* load system user
- $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE username = '".$app->db->quote($client["username"])."'");
+ //* load system user - try with sysuser and before with userid (workarrond)
+ /*
+ $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE sysuser_id = $client_id");
if(empty($user["userid"])) {
- $this->errorMessage .= 'No user with the username '.$client['username'].' found.';
- return false;
- }
- $this->sys_username = $user['username'];
- $this->sys_userid = $user['userid'];
- $this->sys_default_group = $user['default_group'];
- $this->sys_groups = $user['groups'];
+ $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE userid = $client_id");
+ if(empty($user["userid"])) {
+ $this->errorMessage .= "No sysuser with the ID $client_id found.";
+ return false;
+ }
+ }*/
+
+ $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE client_id = $client_id");
+ $this->sys_username = $user['username'];
+ $this->sys_userid = $user['userid'];
+ $this->sys_default_group = $user['default_group'];
+ $this->sys_groups = $user['groups'];
+ $_SESSION["s"]["user"]["typ"] = $user['typ'];
}
-
- return true;
-
- }
+
+ return true;
+ }
/**
@@ -373,7 +374,7 @@
}
break;
case 'UNIQUE':
- if($this->action == 'NEW') {
+ if($this->action == 'INSERT') {
$num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM ".$escape.$this->formDef['db_table'].$escape. " WHERE $field_name = '".$app->db->quote($field_value)."'");
if($num_rec["number"] > 0) {
$errmsg = $validator['errmsg'];
@@ -491,8 +492,10 @@
$sql_insert_key .= "`$key`, ";
if($field['encryption'] == 'CRYPT') {
$salt="$1$";
+ $base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
for ($n=0;$n<8;$n++) {
- $salt.=chr(mt_rand(64,126));
+ //$salt.=chr(mt_rand(64,126));
+ $salt.=$base64_alphabet[mt_rand(0,63)];
}
$salt.="$";
// $salt = substr(md5(time()),0,2);
@@ -518,8 +521,10 @@
if($field['formtype'] == 'PASSWORD') {
if($field['encryption'] == 'CRYPT') {
$salt="$1$";
+ $base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
for ($n=0;$n<8;$n++) {
- $salt.=chr(mt_rand(64,126));
+ //$salt.=chr(mt_rand(64,126));
+ $salt.=$base64_alphabet[mt_rand(0,63)];
}
$salt.="$";
// $salt = substr(md5(time()),0,2);
@@ -615,7 +620,7 @@
}
$sql_where = substr($sql_where,0,-5);
$sql = "SELECT * FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$sql_where;
- return $app->db->queryOneRecord($sql);
+ return $app->db->queryAllRecords($sql);
} else {
$this->errorMessage = 'The ID must be either an integer or an array.';
return array();
@@ -624,22 +629,39 @@
}
- function dodaj_usera($params,$insert_id){
+ function ispconfig_sysuser_add($params,$insert_id){
global $app,$sql1;
- $username = $params["username"];
- $password = $params["password"];
+ $username = $app->db->quote($params["username"]);
+ $password = $app->db->quote($params["password"]);
$modules = 'mail,sites,dns,tools';
$startmodule = 'mail';
- $usertheme = $params["usertheme"];
+ $usertheme = $app->db->quote($params["usertheme"]);
$type = 'user';
$active = 1;
- $language = $params["language"];
+ $insert_id = intval($insert_id);
+ $language = $app->db->quote($params["language"]);
$groupid = $app->db->datalogInsert('sys_group', "(name,description,client_id) VALUES ('$username','','$insert_id')", 'groupid');
$groups = $groupid;
$sql1 = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id)
VALUES ('$username',md5('$password'),'$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,$insert_id)";
$app->db->query($sql1);
}
+
+ function ispconfig_sysuser_update($params,$client_id){
+ global $app;
+ $username = $app->db->quote($params["username"]);
+ $password = $app->db->quote($params["password"]);
+ $client_id = intval($client_id);
+ $sql = "UPDATE sys_user set username = '$username', passwort = md5('$password') WHERE client_id = $client_id";
+ $app->db->query($sql);
+ }
+
+ function ispconfig_sysuser_delete($client_id){
+ global $app;
+ $client_id = intval($client_id);
+ $sql = "DELETE FROM sys_user WHERE client_id = $client_id";
+ $app->db->query($sql);
+ }
function datalogSave($action,$primary_id, $record_old, $record_new) {
global $app,$conf;
--
Gitblit v1.9.1