From d87f76019fc231ec20d95126a7fee0487e7be5f0 Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Tue, 14 Aug 2012 10:56:20 -0400
Subject: [PATCH] - Added new web folder named private to web folder layout. The folder is intended to store data that shall not be visible in the web directory, it is owned by the user of the web. - Changed ownership of web root directory to root user in all security modes to prevent symlink attacks. - Apache log files are now owned by user root. - Improved functions in system library.

---
 interface/web/vm/openvz_vm_edit.php |  143 ++++++++++++++++++++++++++++++++++++++++++++---
 1 files changed, 132 insertions(+), 11 deletions(-)

diff --git a/interface/web/vm/openvz_vm_edit.php b/interface/web/vm/openvz_vm_edit.php
index 65fbda3..de2f51f 100644
--- a/interface/web/vm/openvz_vm_edit.php
+++ b/interface/web/vm/openvz_vm_edit.php
@@ -50,51 +50,134 @@
 
 class page_action extends tform_actions {
 
+	function onShowNew() {
+		global $app, $conf;
+		
+		// we will check only users, not admins
+		if($_SESSION["s"]["user"]["typ"] == 'user') {
+			if(!$app->tform->checkClientLimit('limit_openvz_vm')) {
+				$app->error($app->tform->wordbook["limit_openvz_vm_txt"]);
+			}
+			if(!$app->tform->checkResellerLimit('limit_openvz_vm')) {
+				$app->error('Reseller: '.$app->tform->wordbook["limit_openvz_vm_txt"]);
+			}
+		}
+		
+		parent::onShowNew();
+	}
+	
 	function onShowEnd() {
 		global $app, $conf;
 
 		//* Client: If the logged in user is not admin and has no sub clients (no rseller)
 		if($_SESSION["s"]["user"]["typ"] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) {
-
+			
+			//* Get the limits of the client
+			$client_group_id = $_SESSION["s"]["user"]["default_group"];
+			$client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, client.limit_openvz_vm_template_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+			
+			//* Fill the template_id field
+			if($client['limit_openvz_vm_template_id'] == 0) {
+				$sql = 'SELECT template_id,template_name FROM openvz_template WHERE 1 ORDER BY template_name';
+			} else {
+				$sql = 'SELECT template_id,template_name FROM openvz_template WHERE template_id = '.$client['limit_openvz_vm_template_id'].' ORDER BY template_name';
+			}
+			$records = $app->db->queryAllRecords($sql);
+			if(is_array($records)) {
+				foreach( $records as $rec) {
+					$selected = @($rec["template_id"] == $this->dataRecord["template_id"])?'SELECTED':'';
+					$template_id_select .= "<option value='$rec[template_id]' $selected>$rec[template_name]</option>\r\n";
+				}
+			}
+			$app->tpl->setVar("template_id_select",$template_id_select);
+			
 			//* Reseller: If the logged in user is not admin and has sub clients (is a rseller)
 		} elseif ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
 			
 			//* Get the limits of the client
 			$client_group_id = $_SESSION["s"]["user"]["default_group"];
-			$client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+			$client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, client.limit_openvz_vm_template_id, CONCAT(client.company_name,' :: ',client.contact_name) as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
 			
 			
 			//* Fill the client select field
-			$sql = "SELECT groupid, name FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$client['client_id']." ORDER BY name";
+			$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(client.company_name,' :: ',client.contact_name) as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$client['client_id']." ORDER BY sys_group.name";
 			$records = $app->db->queryAllRecords($sql);
 			$tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$client['client_id']);
-			$client_select = '<option value="'.$tmp['groupid'].'">'.$client['contact_name'].'</option>';
-			$tmp_data_record = $app->tform->getDataRecord($this->id);
+			$client_select = '<option value="'.$tmp['groupid'].'">'.$client['name'].' :: '.$client['contactname'].'</option>';
+			//$tmp_data_record = $app->tform->getDataRecord($this->id);
 			if(is_array($records)) {
 				foreach( $records as $rec) {
-					$selected = @($rec["groupid"] == $tmp_data_record["sys_groupid"])?'SELECTED':'';
-					$client_select .= "<option value='$rec[groupid]' $selected>$rec[name]</option>\r\n";
+					$selected = @(is_array($this->dataRecord) && ($client["groupid"] == $this->dataRecord['client_group_id'] || $client["groupid"] == $this->dataRecord['sys_groupid']))?'SELECTED':'';
+					$client_select .= "<option value='$rec[groupid]' $selected>$rec[name] :: $rec[contactname]</option>\r\n";
 				}
 			}
 			$app->tpl->setVar("client_group_id",$client_select);
+			
+			//* Fill the template_id field
+			if($client['limit_openvz_vm_template_id'] == 0) {
+				$sql = 'SELECT template_id,template_name FROM openvz_template WHERE 1 ORDER BY template_name';
+			} else {
+				$sql = 'SELECT template_id,template_name FROM openvz_template WHERE template_id = '.$client['limit_openvz_vm_template_id'].' ORDER BY template_name';
+			}
+			$records = $app->db->queryAllRecords($sql);
+			if(is_array($records)) {
+				foreach( $records as $rec) {
+					$selected = @($rec["template_id"] == $this->dataRecord["template_id"])?'SELECTED':'';
+					$template_id_select .= "<option value='$rec[template_id]' $selected>$rec[template_name]</option>\r\n";
+				}
+			}
+			$app->tpl->setVar("template_id_select",$template_id_select);
 
 			//* Admin: If the logged in user is admin
 		} else {
 
 			//* Fill the client select field
-			$sql = "SELECT groupid, name FROM sys_group WHERE client_id > 0 ORDER BY name";
+			$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(client.company_name,' :: ',client.contact_name) as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.client_id > 0 ORDER BY sys_group.name";
 			$clients = $app->db->queryAllRecords($sql);
 			$client_select = "<option value='0'></option>";
-			$tmp_data_record = $app->tform->getDataRecord($this->id);
+			//$tmp_data_record = $app->tform->getDataRecord($this->id);
 			if(is_array($clients)) {
 				foreach( $clients as $client) {
-					$selected = @($client["groupid"] == $tmp_data_record["sys_groupid"])?'SELECTED':'';
-					$client_select .= "<option value='$client[groupid]' $selected>$client[name]</option>\r\n";
+					$selected = @(is_array($this->dataRecord) && ($client["groupid"] == $this->dataRecord['client_group_id'] || $client["groupid"] == $this->dataRecord['sys_groupid']))?'SELECTED':'';
+					$client_select .= "<option value='$client[groupid]' $selected>$client[name] :: $client[contactname]</option>\r\n";
 				}
 			}
 			$app->tpl->setVar("client_group_id",$client_select);
+			
+			//* Fill the template_id field
+			$sql = 'SELECT template_id,template_name FROM openvz_template WHERE 1 ORDER BY template_name';
+			$records = $app->db->queryAllRecords($sql);
+			if(is_array($records)) {
+				$template_id_select='';
+				foreach( $records as $rec) {
+					$selected = @($rec["template_id"] == $this->dataRecord["template_id"])?'SELECTED':'';
+					$template_id_select .= "<option value='$rec[template_id]' $selected>$rec[template_name]</option>\r\n";
+				}
+			}
+			$app->tpl->setVar("template_id_select",$template_id_select);
 
 		}
+		
+		//* Fill the IPv4 select field with the IP addresses that are allowed for this client
+		//$sql = "SELECT ip_address FROM server_ip WHERE server_id = ".$client['default_webserver']." AND ip_type = 'IPv4' AND (client_id = 0 OR client_id=".$_SESSION['s']['user']['client_id'].")";
+		if(isset($this->dataRecord["server_id"])) {
+			$vm_server_id = intval($this->dataRecord["server_id"]);
+		} else {
+			$tmp = $app->db->queryOneRecord('SELECT server_id FROM server WHERE vserver_server = 1 AND mirror_server_id = 0 ORDER BY server_name LIMIT 0,1');
+			$vm_server_id = $tmp['server_id'];
+		}
+		$sql = "SELECT ip_address FROM openvz_ip WHERE reserved = 'n' AND (vm_id = 0 or vm_id = '".$this->id."') AND server_id = ".$vm_server_id." ORDER BY ip_address";
+		$ips = $app->db->queryAllRecords($sql);
+		$ip_select = "";
+		if(is_array($ips)) {
+			foreach( $ips as $ip) {
+				$selected = ($ip["ip_address"] == $this->dataRecord["ip_address"])?'SELECTED':'';
+				$ip_select .= "<option value='$ip[ip_address]' $selected>$ip[ip_address]</option>\r\n";
+			}
+		}
+		$app->tpl->setVar("ip_address",$ip_select);
+		unset($tmp);
+		unset($ips);
 		
 		if($this->id > 0) {
 			//* we are editing a existing record
@@ -105,6 +188,44 @@
 			$app->tpl->setVar("edit_disabled", 0);
 		}
 
+		// Datepicker
+		$date_format = $app->lng('conf_format_dateshort');
+		$trans = array("d" => "dd", "m" => "mm", "Y" => "yy");
+		$date_format = strtr($date_format, $trans);
+		$app->tpl->setVar("date_format", $date_format);		
+		
+		$app->tpl->setVar("daynamesmin_su", $app->lng('daynamesmin_su'));
+		$app->tpl->setVar("daynamesmin_mo", $app->lng('daynamesmin_mo'));
+		$app->tpl->setVar("daynamesmin_tu", $app->lng('daynamesmin_tu'));
+		$app->tpl->setVar("daynamesmin_we", $app->lng('daynamesmin_we'));
+		$app->tpl->setVar("daynamesmin_th", $app->lng('daynamesmin_th'));
+		$app->tpl->setVar("daynamesmin_fr", $app->lng('daynamesmin_fr'));
+		$app->tpl->setVar("daynamesmin_sa", $app->lng('daynamesmin_sa'));
+		
+		$app->tpl->setVar("daynames_sunday", $app->lng('daynames_sunday'));
+		$app->tpl->setVar("daynames_monday", $app->lng('daynames_monday'));
+		$app->tpl->setVar("daynames_tuesday", $app->lng('daynames_tuesday'));
+		$app->tpl->setVar("daynames_wednesday", $app->lng('daynames_wednesday'));
+		$app->tpl->setVar("daynames_thursday", $app->lng('daynames_thursday'));
+		$app->tpl->setVar("daynames_friday", $app->lng('daynames_friday'));
+		$app->tpl->setVar("daynames_saturday", $app->lng('daynames_saturday'));
+		
+		$app->tpl->setVar("monthnamesshort_jan", $app->lng('monthnamesshort_jan'));
+		$app->tpl->setVar("monthnamesshort_feb", $app->lng('monthnamesshort_feb'));
+		$app->tpl->setVar("monthnamesshort_mar", $app->lng('monthnamesshort_mar'));
+		$app->tpl->setVar("monthnamesshort_apr", $app->lng('monthnamesshort_apr'));
+		$app->tpl->setVar("monthnamesshort_may", $app->lng('monthnamesshort_may'));
+		$app->tpl->setVar("monthnamesshort_jun", $app->lng('monthnamesshort_jun'));
+		$app->tpl->setVar("monthnamesshort_jul", $app->lng('monthnamesshort_jul'));
+		$app->tpl->setVar("monthnamesshort_aug", $app->lng('monthnamesshort_aug'));
+		$app->tpl->setVar("monthnamesshort_sep", $app->lng('monthnamesshort_sep'));
+		$app->tpl->setVar("monthnamesshort_oct", $app->lng('monthnamesshort_oct'));
+		$app->tpl->setVar("monthnamesshort_nov", $app->lng('monthnamesshort_nov'));
+		$app->tpl->setVar("monthnamesshort_dec", $app->lng('monthnamesshort_dec'));		
+		
+		$app->tpl->setVar("datepicker_nextText", $app->lng('datepicker_nextText'));
+		$app->tpl->setVar("datepicker_prevText", $app->lng('datepicker_prevText'));
+		
 		parent::onShowEnd();
 	}
 

--
Gitblit v1.9.1