From ec09b18c9c44f85ceb6d9e7588a03a221cd1193f Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Fri, 12 Dec 2008 05:47:05 -0500
Subject: [PATCH] Disallow server changes for existing records in mail_domain_edit.php
---
interface/web/sites/ftp_user_edit.php | 46 ++++++++++++++++++++++++++++++++++++++++------
1 files changed, 40 insertions(+), 6 deletions(-)
diff --git a/interface/web/sites/ftp_user_edit.php b/interface/web/sites/ftp_user_edit.php
index 4c90855..3452935 100644
--- a/interface/web/sites/ftp_user_edit.php
+++ b/interface/web/sites/ftp_user_edit.php
@@ -41,11 +41,8 @@
require_once('../../lib/config.inc.php');
require_once('../../lib/app.inc.php');
-// Checking module permissions
-if(!stristr($_SESSION["s"]["user"]["modules"],'sites')) {
- header("Location: ../index.php");
- exit;
-}
+//* Check permissions for module
+$app->auth->check_module_permissions('sites');
// Loading classes
$app->uses('tpl,tform,tform_actions');
@@ -53,6 +50,39 @@
class page_action extends tform_actions {
+ function onShowNew() {
+ global $app, $conf;
+
+ // we will check only users, not admins
+ if($_SESSION["s"]["user"]["typ"] == 'user') {
+
+ // Get the limits of the client
+ $client_group_id = $_SESSION["s"]["user"]["default_group"];
+ $client = $app->db->queryOneRecord("SELECT limit_ftp_user FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+
+ // Check if the user may add another ftp user.
+ if($client["limit_ftp_user"] >= 0) {
+ $tmp = $app->db->queryOneRecord("SELECT count(ftp_user_id) as number FROM ftp_user WHERE sys_groupid = $client_group_id");
+ if($tmp["number"] >= $client["limit_ftp_user"]) {
+ $app->error($app->tform->wordbook["limit_ftp_user_txt"]);
+ }
+ }
+ }
+
+ parent::onShowNew();
+ }
+
+ function onSubmit() {
+ global $app, $conf;
+
+ // Get the record of the parent domain
+ $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".intval(@$this->dataRecord["parent_domain_id"]));
+
+ // Set a few fixed values
+ $this->dataRecord["server_id"] = $parent_domain["server_id"];
+
+ parent::onSubmit();
+ }
function onAfterInsert() {
global $app, $conf;
@@ -63,9 +93,13 @@
$uid = $web["system_user"];
$gid = $web["system_group"];
- $sql = "UPDATE ftp_user SET server_id = $server_id, dir = '$dir', uid = '$uid', gid = '$gid' WHERE ftp_user_id = ".$this->id;
+ // The FTP user shall be owned by the same group then the website
+ $sys_groupid = $web['sys_groupid'];
+
+ $sql = "UPDATE ftp_user SET server_id = $server_id, dir = '$dir', uid = '$uid', gid = '$gid', sys_groupid = '$sys_groupid' WHERE ftp_user_id = ".$this->id;
$app->db->query($sql);
+
}
function onAfterUpdate() {
--
Gitblit v1.9.1