From dd0130670fe3cab4c7e2c1ab4f3bf0d2b2d512b0 Mon Sep 17 00:00:00 2001
From: Denny Bortfeldt <denny@bortfeldt.net>
Date: Mon, 27 Jun 2016 18:02:16 -0400
Subject: [PATCH] When uploading a logo which is smaller than the current ispconfig one, then the logo will be on the left side of the header. In my opinion it will look better when it's centered. You could vote about it ;)

---
 interface/web/admin/users_edit.php |   59 ++++++++++++++++++++++++++++++++++-------------------------
 1 files changed, 34 insertions(+), 25 deletions(-)

diff --git a/interface/web/admin/users_edit.php b/interface/web/admin/users_edit.php
index d94ef61..e391964 100644
--- a/interface/web/admin/users_edit.php
+++ b/interface/web/admin/users_edit.php
@@ -52,10 +52,18 @@
 
 	function onBeforeInsert() {
 		global $app, $conf;
+		
+		//* Security settings check
+		if(isset($this->dataRecord['typ']) && $this->dataRecord['typ'][0] == 'admin') {
+			$app->auth->check_security_permissions('admin_allow_new_admin');
+		}
 
 		if(!in_array($this->dataRecord['startmodule'], $this->dataRecord['modules'])) {
 			$app->tform->errorMessage .= $app->tform->wordbook['startmodule_err'];
 		}
+		
+		
+		
 	}
 
 	function onBeforeUpdate() {
@@ -63,10 +71,22 @@
 
 		if($conf['demo_mode'] == true && $_REQUEST['id'] <= 3) $app->error('This function is disabled in demo mode.');
 
+		//* Security settings check
+		if(isset($this->dataRecord['typ']) && $this->dataRecord['typ'][0] == 'admin') {
+			$app->auth->check_security_permissions('admin_allow_new_admin');
+		}
+
 		if(@is_array($this->dataRecord['modules']) && !in_array($this->dataRecord['startmodule'], $this->dataRecord['modules'])) {
 			$app->tform->errorMessage .= $app->tform->wordbook['startmodule_err'];
 		}
+		
 		$this->oldDataRecord = $app->tform->getDataRecord($this->id);
+		
+		//* A user that belongs to a client record (client or reseller) may not have typ admin
+		if(isset($this->dataRecord['typ']) && $this->dataRecord['typ'][0] == 'admin'  && $this->oldDataRecord['client_id'] > 0) {
+			$app->tform->errorMessage .= $app->tform->wordbook['client_not_admin_err'];
+		}
+		
 	}
 
 	/*
@@ -76,23 +96,23 @@
 	function onAfterUpdate() {
 		global $app, $conf;
 
-		$client = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE userid = ".$this->id);
-		$client_id = $client['client_id'];
-		$username = $app->db->quote($this->dataRecord["username"]);
-		$old_username = $app->db->quote($this->oldDataRecord['username']);
+		$client = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE userid = ?", $this->id);
+		$client_id = $app->functions->intval($client['client_id']);
+		$username = $this->dataRecord["username"];
+		$old_username = $this->oldDataRecord['username'];
 
 		// username changed
 		if(isset($conf['demo_mode']) && $conf['demo_mode'] != true && isset($this->dataRecord['username']) && $this->dataRecord['username'] != '' && $this->oldDataRecord['username'] != $this->dataRecord['username']) {
-			$sql = "UPDATE client SET username = '$username' WHERE client_id = $client_id AND username = '$old_username'";
-			$app->db->query($sql);
-			$tmp = $app->db->queryOneRecord("SELECT * FROM sys_group WHERE client_id = $client_id");
-			$app->db->datalogUpdate("sys_group", "name = '$username'", 'groupid', $tmp['groupid']);
+			$sql = "UPDATE client SET username = ? WHERE client_id = ? AND username = ?";
+			$app->db->query($sql, $username, $client_id, $old_username);
+			$tmp = $app->db->queryOneRecord("SELECT * FROM sys_group WHERE client_id = ?", $client_id);
+			$app->db->datalogUpdate("sys_group", array("name" => $username), 'groupid', $tmp['groupid']);
 			unset($tmp);
 		}
 
 		// password changed
 		if(isset($conf['demo_mode']) && $conf['demo_mode'] != true && isset($this->dataRecord["passwort"]) && $this->dataRecord["passwort"] != '') {
-			$password = $app->db->quote($this->dataRecord["passwort"]);
+			$password = $this->dataRecord["passwort"];
 			$salt="$1$";
 			$base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
 			for ($n=0;$n<8;$n++) {
@@ -100,28 +120,17 @@
 			}
 			$salt.="$";
 			$password = crypt(stripslashes($password), $salt);
-			$sql = "UPDATE client SET password = '$password' WHERE client_id = $client_id AND username = '$username'";
-			$app->db->query($sql);
+			$sql = "UPDATE client SET password = ? WHERE client_id = ? AND username = ?";
+			$app->db->query($sql, $password, $client_id, $username);
 		}
 
 		// language changed
 		if(isset($conf['demo_mode']) && $conf['demo_mode'] != true && isset($this->dataRecord['language']) && $this->dataRecord['language'] != '' && $this->oldDataRecord['language'] != $this->dataRecord['language']) {
-			$language = $app->db->quote($this->dataRecord["language"]);
-			$sql = "UPDATE client SET language = '$language' WHERE client_id = $client_id AND username = '$username'";
-			$app->db->query($sql);
+			$language = $this->dataRecord["language"];
+			$sql = "UPDATE client SET language = ? WHERE client_id = ? AND username = ?";
+			$app->db->query($sql, $language, $client_id, $username);
 		}
 
-		// reseller status changed
-		/*
-		if(isset($this->dataRecord["limit_client"]) && $this->dataRecord["limit_client"] != $this->oldDataRecord["limit_client"]) {
-			$modules = $conf['interface_modules_enabled'];
-			if($this->dataRecord["limit_client"] > 0) $modules .= ',client';
-			$modules = $app->db->quote($modules);
-			$client_id = $this->id;
-			$sql = "UPDATE sys_user SET modules = '$modules' WHERE client_id = $client_id";
-			$app->db->query($sql);
-		}
-		*/
 		parent::onAfterUpdate();
 	}
 

--
Gitblit v1.9.1