From d87f76019fc231ec20d95126a7fee0487e7be5f0 Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Tue, 14 Aug 2012 10:56:20 -0400
Subject: [PATCH] - Added new web folder named private to web folder layout. The folder is intended to store data that shall not be visible in the web directory, it is owned by the user of the web. - Changed ownership of web root directory to root user in all security modes to prevent symlink attacks. - Apache log files are now owned by user root. - Improved functions in system library.
---
interface/lib/classes/listform_actions.inc.php | 182 +++++++++++++++++++++++++++++++++++++++------
1 files changed, 156 insertions(+), 26 deletions(-)
diff --git a/interface/lib/classes/listform_actions.inc.php b/interface/lib/classes/listform_actions.inc.php
index cfe880c..8b99abd 100644
--- a/interface/lib/classes/listform_actions.inc.php
+++ b/interface/lib/classes/listform_actions.inc.php
@@ -1,7 +1,7 @@
<?php
/*
-Copyright (c) 2005, Till Brehm, projektfarm Gmbh
+Copyright (c) 2007, Till Brehm, projektfarm Gmbh
All rights reserved.
Redistribution and use in source and binary forms, with or without modification,
@@ -28,29 +28,19 @@
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-/**
-* Action framework for the listform library.
-*
-* @author Till Brehm <t.brehm@scrigo.org>
-* @copyright Copyright © 2005, Till Brehm
-*/
-
class listform_actions {
private $id;
- private $idx_key;
- private $DataRowColor;
- private $SQLExtWhere = '';
- private $SQLOrderBy = '';
+ public $idx_key;
+ public $DataRowColor;
+ public $SQLExtWhere = '';
+ public $SQLOrderBy = '';
public function onLoad()
{
global $app, $conf, $list_def_file;
- //TODO: this is_object checking should be in the $appobject - pedro notes
- if(!@is_object($app->tpl)) $app->uses('tpl');
- if(!@is_object($app->listform)) $app->uses('listform');
- if(!@is_object($app->tform)) $app->uses('tform');
+ $app->uses('tpl,listform,tform');
//* Clear session variable that is used when lists are embedded with the listview plugin
$_SESSION['s']['form']['return_to'] = '';
@@ -65,10 +55,36 @@
$app->tpl->newTemplate("listpage.tpl.htm");
$app->tpl->setInclude('content_tpl','templates/'.$app->listform->listDef["name"].'_list.htm');
+
+ //* Manipulate order by for sorting / Every list has a stored value
+ //* Against notice error
+ if(!isset($_SESSION['search'][$app->listform->listDef["name"].$app->listform->listDef['table']]['order'])){
+ $_SESSION['search'][$app->listform->listDef["name"].$app->listform->listDef['table']]['order'] = '';
+ }
+ if(!empty($_GET['orderby'])){
+ $order = str_replace('tbl_col_','',$_GET['orderby']);
+ //* Check the css class submited value
+ if (preg_match("/^[a-z\_]{1,}$/",$order)) {
+ if($_SESSION['search'][$app->listform->listDef["name"].$app->listform->listDef['table']]['order'] == $order){
+ $_SESSION['search'][$app->listform->listDef["name"].$app->listform->listDef['table']]['order'] = $order.' DESC';
+ } else {
+ $_SESSION['search'][$app->listform->listDef["name"].$app->listform->listDef['table']]['order'] = $order;
+ }
+ }
+ }
+
+ // If a manuel oder by like customers isset the sorting will be infront
+ if(!empty($_SESSION['search'][$app->listform->listDef["name"].$app->listform->listDef['table']]['order'])){
+ if(empty($this->SQLOrderBy)){
+ $this->SQLOrderBy = "ORDER BY ".$_SESSION['search'][$app->listform->listDef["name"].$app->listform->listDef['table']]['order'];
+ } else {
+ $this->SQLOrderBy = str_replace("ORDER BY ","ORDER BY ".$_SESSION['search'][$app->listform->listDef["name"].$app->listform->listDef['table']]['order'].', ',$this->SQLOrderBy);
+ }
+ }
+
// Getting Datasets from DB
$records = $app->db->queryAllRecords($this->getQueryString());
-
$this->DataRowColor = "#FFFFFF";
$records_new = '';
@@ -86,7 +102,7 @@
}
- private function prepareDataRow($rec)
+ public function prepareDataRow($rec)
{
global $app;
@@ -97,10 +113,17 @@
$rec['bgcolor'] = $this->DataRowColor;
//* substitute value for select fields
- foreach($app->listform->listDef['item'] as $field) {
- $key = $field['field'];
- if(isset($field['formtype']) && $field['formtype'] == 'SELECT') {
- $rec[$key] = $field['value'][$rec[$key]];
+ if(is_array($app->listform->listDef['item']) && count($app->listform->listDef['item']) > 0) {
+ foreach($app->listform->listDef['item'] as $field) {
+ $key = $field['field'];
+ if(isset($field['formtype']) && $field['formtype'] == 'SELECT') {
+ if(strtolower($rec[$key]) == 'y' or strtolower($rec[$key]) == 'n') {
+ // Set a additional image variable for bolean fields
+ $rec['_'.$key.'_'] = (strtolower($rec[$key]) == 'y')?'x16/tick_circle.png':'x16/cross_circle.png';
+ }
+ //* substitute value for select field
+ $rec[$key] = @$field['value'][$rec[$key]];
+ }
}
}
@@ -134,18 +157,125 @@
$limit_sql = $app->listform->getPagingSQL($sql_where);
$app->tpl->setVar('paging',$app->listform->pagingHTML);
- return 'SELECT * FROM '.$app->listform->listDef['table']." WHERE $sql_where $order_by_sql $limit_sql";
+ $extselect = '';
+ $join = '';
+ if(!empty($_SESSION['search'][$app->listform->listDef["name"].$app->listform->listDef['table']]['order'])){
+ $order = str_replace(' DESC','',$_SESSION['search'][$app->listform->listDef["name"].$app->listform->listDef['table']]['order']);
+ if($order == 'server_id' && $app->listform->listDef['table'] != 'server'){
+ $join .= ' LEFT JOIN server as s ON '.$app->listform->listDef['table'].'.server_id = s.server_id ';
+ $order_by_sql = str_replace('server_id','s.server_name',$order_by_sql);
+ } elseif($order == 'client_id' && $app->listform->listDef['table'] != 'client'){
+ $join .= ' LEFT JOIN client as c ON '.$app->listform->listDef['table'].'.client_id = c.client_id ';
+ $order_by_sql = str_replace('client_id','c.contact_name',$order_by_sql);
+ } elseif($order == 'parent_domain_id'){
+ $join .= ' LEFT JOIN web_domain as wd ON '.$app->listform->listDef['table'].'.parent_domain_id = wd.domain_id ';
+ $order_by_sql = str_replace('parent_domain_id','wd.domain',$order_by_sql);
+ $sql_where = str_replace('type',$app->listform->listDef['table'].'.type',$sql_where);
+ } elseif($order == 'sys_groupid'){
+ $join .= ' LEFT JOIN sys_group as sg ON '.$app->listform->listDef['table'].'.sys_groupid = sg.groupid ';
+ $order_by_sql = str_replace('sys_groupid','sg.name',$order_by_sql);
+ } elseif($order == 'rid'){
+ $join .= ' LEFT JOIN spamfilter_users as su ON '.$app->listform->listDef['table'].'.rid = su.id ';
+ $order_by_sql = str_replace('rid','su.email',$order_by_sql);
+ } elseif($order == 'policy_id'){
+ $join .= ' LEFT JOIN spamfilter_policy as sp ON '.$app->listform->listDef['table'].'.policy_id = sp.id ';
+ $order_by_sql = str_replace('policy_id','sp.policy_name',$order_by_sql);
+ } elseif($order == 'web_folder_id'){
+ $join .= ' LEFT JOIN web_folder as wf ON '.$app->listform->listDef['table'].'.web_folder_id = wf.web_folder_id ';
+ $order_by_sql = str_replace('web_folder_id','wf.path',$order_by_sql);
+ } elseif($order == 'ostemplate_id' && $app->listform->listDef['table'] != 'openvz_ostemplate'){
+ $join .= ' LEFT JOIN openvz_ostemplate as oo ON '.$app->listform->listDef['table'].'.ostemplate_id = oo.ostemplate_id ';
+ $order_by_sql = str_replace('ostemplate_id','oo.template_name',$order_by_sql);
+ } elseif($order == 'template_id' && $app->listform->listDef['table'] != 'openvz_template'){
+ $join .= ' LEFT JOIN openvz_template as ot ON '.$app->listform->listDef['table'].'.template_id = ot.template_id ';
+ $order_by_sql = str_replace('template_id','ot.template_name',$order_by_sql);
+ } elseif($order == 'sender_id' && $app->listform->listDef['table'] != 'sys_user'){
+ $join .= ' LEFT JOIN sys_user as su ON '.$app->listform->listDef['table'].'.sender_id = su.userid ';
+ $order_by_sql = str_replace('sender_id','su.username',$order_by_sql);
+ } elseif($order == 'web_traffic_last_month'){
+ $tmp_year = date('Y',mktime(0, 0, 0, date("m")-1, date("d"), date("Y")));
+ $tmp_month = date('m',mktime(0, 0, 0, date("m")-1, date("d"), date("Y")));
+ $extselect .= ', SUM(wt.traffic_bytes) as calctraffic';
+ $join .= ' INNER JOIN web_traffic as wt ON '.$app->listform->listDef['table'].'.domain = wt.hostname ';
+ $sql_where .= " AND YEAR(wt.traffic_date) = '$tmp_year' AND MONTH(wt.traffic_date) = '$tmp_month'";
+ $order_by_sql = str_replace('web_traffic_last_month','calctraffic',$order_by_sql);
+ $order_by_sql = "GROUP BY domain ".$order_by_sql;
+ } elseif($order == 'web_traffic_this_month'){
+ $tmp_year = date('Y');
+ $tmp_month = date('m');
+ $extselect .= ', SUM(wt.traffic_bytes) as calctraffic';
+ $join .= ' INNER JOIN web_traffic as wt ON '.$app->listform->listDef['table'].'.domain = wt.hostname ';
+ $sql_where .= " AND YEAR(wt.traffic_date) = '$tmp_year' AND MONTH(wt.traffic_date) = '$tmp_month'";
+ $order_by_sql = str_replace('web_traffic_this_month','calctraffic',$order_by_sql);
+ $order_by_sql = "GROUP BY domain ".$order_by_sql;
+ } elseif($order == 'web_traffic_last_year'){
+ $tmp_year = date('Y',mktime(0, 0, 0, date("m")-1, date("d"), date("Y")));
+ $extselect .= ', SUM(wt.traffic_bytes) as calctraffic';
+ $join .= ' INNER JOIN web_traffic as wt ON '.$app->listform->listDef['table'].'.domain = wt.hostname ';
+ $sql_where .= " AND YEAR(wt.traffic_date) = '$tmp_year'";
+ $order_by_sql = str_replace('web_traffic_last_year','calctraffic',$order_by_sql);
+ $order_by_sql = "GROUP BY domain ".$order_by_sql;
+ } elseif($order == 'web_traffic_this_year'){
+ $tmp_year = date('Y');
+ $extselect .= ', SUM(wt.traffic_bytes) as calctraffic';
+ $join .= ' INNER JOIN web_traffic as wt ON '.$app->listform->listDef['table'].'.domain = wt.hostname ';
+ $sql_where .= " AND YEAR(wt.traffic_date) = '$tmp_year'";
+ $order_by_sql = str_replace('web_traffic_this_year','calctraffic',$order_by_sql);
+ $order_by_sql = "GROUP BY domain ".$order_by_sql;
+ } elseif($order == 'mail_traffic_last_month'){
+ $tmp_date = date('Y-m',mktime(0, 0, 0, date("m")-1, date("d"), date("Y")));
+ $join .= ' INNER JOIN mail_traffic as mt ON '.$app->listform->listDef['table'].'.mailuser_id = mt.mailuser_id ';
+ $sql_where .= " AND mt.month like '$tmp_date%'";
+ $order_by_sql = str_replace('mail_traffic_last_month','traffic',$order_by_sql);
+ } elseif($order == 'mail_traffic_this_month'){
+ $tmp_date = date('Y-m');
+ $join .= ' INNER JOIN mail_traffic as mt ON '.$app->listform->listDef['table'].'.mailuser_id = mt.mailuser_id ';
+ $sql_where .= " AND mt.month like '$tmp_date%'";
+ $order_by_sql = str_replace('mail_traffic_this_month','traffic',$order_by_sql);
+ } elseif($order == 'mail_traffic_last_year'){
+ $tmp_date = date('Y',mktime(0, 0, 0, date("m")-1, date("d"), date("Y")));
+ $extselect .= ', SUM(mt.traffic) as calctraffic';
+ $join .= ' INNER JOIN mail_traffic as mt ON '.$app->listform->listDef['table'].'.mailuser_id = mt.mailuser_id ';
+ $sql_where .= " AND mt.month like '$tmp_date%'";;
+ $order_by_sql = str_replace('mail_traffic_last_year','calctraffic',$order_by_sql);
+ $order_by_sql = "GROUP BY mailuser_id ".$order_by_sql;
+ } elseif($order == 'mail_traffic_this_year'){
+ $tmp_date = date('Y');
+ $extselect .= ', SUM(mt.traffic) as calctraffic';
+ $join .= ' INNER JOIN mail_traffic as mt ON '.$app->listform->listDef['table'].'.mailuser_id = mt.mailuser_id ';
+ $sql_where .= " AND mt.month like '$tmp_date%'";
+ $order_by_sql = str_replace('mail_traffic_this_year','calctraffic',$order_by_sql);
+ $order_by_sql = "GROUP BY mailuser_id ".$order_by_sql;
+ }
+ }
+ return 'SELECT '.$app->listform->listDef['table'].'.*'.$extselect.' FROM '.$app->listform->listDef['table']."$join WHERE $sql_where $order_by_sql $limit_sql";
}
- private function onShow()
+ public function onShow()
{
global $app;
- //* Set Language File
- $lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_'.$app->listform->listDef['name'].'_list.lng';
+ //* Set global Language File
+ $lng_file = ISPC_LIB_PATH.'/lang/'.$_SESSION['s']['language'].'.lng';
+ if(!file_exists($lng_file))
+ $lng_file = ISPC_LIB_PATH.'/lang/en.lng';
include($lng_file);
$app->tpl->setVar($wb);
+
+ //* Limit each page
+ $limits = array('5'=>'5','15'=>'15','25'=>'25','50'=>'50','100'=>'100','999999999' => 'all');
+
+ //* create options and set selected, if default -> 15 is selected
+
+ $options = '';
+ foreach($limits as $key => $val){
+ $options .= '<option value="'.$key.'" '.(isset($_SESSION['search']['limit']) && $_SESSION['search']['limit'] == $key ? 'selected="selected"':'' ).(!isset($_SESSION['search']['limit']) && $key == '15' ? 'selected="selected"':'').'>'.$val.'</option>';
+ }
+ $app->tpl->setVar('search_limit','<select name="search_limit" class="search_limit">'.$options.'</select>');
+
+ $app->tpl->setVar('toolsarea_head_txt',$app->lng('toolsarea_head_txt'));
+ $app->tpl->setVar($app->listform->wordbook);
$app->tpl->setVar('form_action', $app->listform->listDef['file']);
//* Parse the templates and send output to the browser
--
Gitblit v1.9.1