From ed30c60150ffda0301eb1f8d30c93cac94de41df Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Mon, 25 Jul 2011 10:38:22 -0400
Subject: [PATCH] Fixed some warnings in the installer.
---
interface/web/client/client_edit.php | 187 ++++++++++++++++++++++++++++++++++++++++------
1 files changed, 160 insertions(+), 27 deletions(-)
diff --git a/interface/web/client/client_edit.php b/interface/web/client/client_edit.php
index 473de4b..4581397 100644
--- a/interface/web/client/client_edit.php
+++ b/interface/web/client/client_edit.php
@@ -1,6 +1,6 @@
<?php
/*
-Copyright (c) 2005, Till Brehm, projektfarm Gmbh
+Copyright (c) 2005 - 2008, Till Brehm, projektfarm Gmbh
All rights reserved.
Redistribution and use in source and binary forms, with or without modification,
@@ -40,43 +40,148 @@
require_once('../../lib/config.inc.php');
require_once('../../lib/app.inc.php');
+require_once('tools.inc.php');
-// Checking module permissions
-if(!stristr($_SESSION["s"]["user"]["modules"],$_SESSION["s"]["module"]["name"])) {
- header("Location: ../index.php");
- exit;
-}
+//* Check permissions for module
+$app->auth->check_module_permissions('client');
// Loading classes
$app->uses('tpl,tform,tform_actions');
$app->load('tform_actions');
class page_action extends tform_actions {
+
+
+ function onShowNew() {
+ global $app, $conf;
+
+ // we will check only users, not admins
+ if($_SESSION["s"]["user"]["typ"] == 'user') {
+
+ // Get the limits of the client
+ $client_group_id = $_SESSION["s"]["user"]["default_group"];
+ $client = $app->db->queryOneRecord("SELECT limit_client FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+
+ // Check if the user may add another website.
+ if($client["limit_client"] >= 0) {
+ $tmp = $app->db->queryOneRecord("SELECT count(client_id) as number FROM client WHERE sys_groupid = $client_group_id");
+ if($tmp["number"] >= $client["limit_client"]) {
+ $app->error($app->tform->wordbook["limit_client_txt"]);
+ }
+ }
+ }
+
+ parent::onShowNew();
+ }
+
+ function onSubmit() {
+ global $app, $conf;
+
+ // we will check only users, not admins
+ if($_SESSION["s"]["user"]["typ"] == 'user' && $this->id == 0) {
+
+ // Get the limits of the client
+ $client_group_id = $_SESSION["s"]["user"]["default_group"];
+ $client = $app->db->queryOneRecord("SELECT limit_client FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+
+ // Check if the user may add another website.
+ if($client["limit_client"] >= 0) {
+ $tmp = $app->db->queryOneRecord("SELECT count(client_id) as number FROM client WHERE sys_groupid = $client_group_id");
+ if($tmp["number"] >= $client["limit_client"]) {
+ $app->error($app->tform->wordbook["limit_client_txt"]);
+ }
+ }
+ }
+
+ parent::onSubmit();
+ }
+
+
+ function onShowEnd() {
+
+ global $app;
+
+ $sql = "SELECT template_id,template_name FROM client_template WHERE template_type = 'a'";
+ $tpls = $app->db->queryAllRecords($sql);
+ $option = '';
+ $tpl = array();
+ foreach($tpls as $item){
+ $option .= '<option value="' . $item['template_id'] . '|' . $item['template_name'] . '">' . $item['template_name'] . '</option>';
+ $tpl[$item['template_id']] = $item['template_name'];
+ }
+ $app->tpl->setVar('tpl_add_select',$option);
+
+ $sql = "SELECT template_additional FROM client WHERE client_id = " . $this->id;
+ $result = $app->db->queryOneRecord($sql);
+ $tplAdd = explode("/", $result['template_additional']);
+ $text = '';
+ foreach($tplAdd as $item){
+ if (trim($item) != ''){
+ if ($text != '') $text .= '<br />';
+ $text .= $tpl[$item];
+ }
+ }
+
+ $app->tpl->setVar('template_additional_list', $text);
+ $app->tpl->setVar('app_module','client');
+
+ parent::onShowEnd();
+
+ }
+
/*
This function is called automatically right after
the data was successful inserted in the database.
*/
function onAfterInsert() {
- global $app;
+ global $app, $conf;
// Create the group for the client
- $sql = "INSERT INTO sys_group (name,description,client_id) VALUES ('".addslashes($this->dataRecord["username"])."','',".$this->id.")";
- $app->db->query($sql);
- $groupid = $app->db->insertID();
+ $groupid = $app->db->datalogInsert('sys_group', "(name,description,client_id) VALUES ('".mysql_real_escape_string($this->dataRecord["username"])."','',".$this->id.")", 'groupid');
+ $groups = $groupid;
- $username = addslashes($this->dataRecord["username"]);
- $password = addslashes($this->dataRecord["password"]);
- $modules = 'mail,sites,dns';
- $startmodule = 'mail';
- $usertheme = addslashes($this->dataRecord["usertheme"]);
+ $username = $app->db->quote($this->dataRecord["username"]);
+ $password = $app->db->quote($this->dataRecord["password"]);
+ $modules = $conf['interface_modules_enabled'];
+ if($this->dataRecord["limit_client"] > 0) $modules .= ',client';
+ $startmodule = (stristr($modules,'dashboard'))?'dashboard':'client';
+ $usertheme = $app->db->quote($this->dataRecord["usertheme"]);
$type = 'user';
$active = 1;
- $language = addslashes($this->dataRecord["language"]);
+ $language = $app->db->quote($this->dataRecord["language"]);
+
+ $salt="$1$";
+ $base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
+ for ($n=0;$n<8;$n++) {
+ $salt.=$base64_alphabet[mt_rand(0,63)];
+ }
+ $salt.="$";
+ $password = crypt(stripslashes($password),$salt);
+
+ // Create the controlpaneluser for the client
+ //Generate ssh-rsa-keys
+ exec('ssh-keygen -t rsa -C '.$username.'-rsa-key-'.time().' -f /tmp/id_rsa -N ""');
+ $app->db->query("UPDATE client SET created_at = ".time().", id_rsa = '".$app->db->quote(@file_get_contents('/tmp/id_rsa'))."', ssh_rsa = '".$app->db->quote(@file_get_contents('/tmp/id_rsa.pub'))."' WHERE client_id = ".$this->id);
+ exec('rm -f /tmp/id_rsa /tmp/id_rsa.pub');
// Create the controlpaneluser for the client
$sql = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id)
- VALUES ('$username',md5('$password'),'$modules','$startmodule','$usertheme','$type','$active','$language',$groupid,$groupid,".$this->id.")";
+ VALUES ('$username','$password','$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,".$this->id.")";
$app->db->query($sql);
+
+ //* If the user who inserted the client is a reseller (not admin), we will have to add this new client group
+ //* to his groups, so he can administrate the records of this client.
+ if($_SESSION['s']['user']['typ'] == 'user') {
+ $app->auth->add_group_to_user($_SESSION['s']['user']['userid'],$groupid);
+ $app->db->query("UPDATE client SET parent_client_id = ".intval($_SESSION['s']['user']['client_id'])." WHERE client_id = ".$this->id);
+ }
+
+
+
+ /* If there is a client-template, process it */
+ applyClientTemplates($this->id);
+
+ parent::onAfterInsert();
}
@@ -88,31 +193,59 @@
global $app;
// username changed
- if(isset($app->tform->diffrec['username'])) {
- $username = addslashes($this->dataRecord["username"]);
+ if($conf['demo_mode'] != true && isset($this->dataRecord['username']) && $this->dataRecord['username'] != '' && $this->oldDataRecord['username'] != $this->dataRecord['username']) {
+ $username = $app->db->quote($this->dataRecord["username"]);
$client_id = $this->id;
$sql = "UPDATE sys_user SET username = '$username' WHERE client_id = $client_id";
$app->db->query($sql);
- $sql = "UPDATE sys_group SET name = '$username' WHERE client_id = $client_id";
- $app->db->query($sql);
+
+ $tmp = $app->db->queryOneRecord("SELECT * FROM sys_group WHERE client_id = $client_id");
+ $app->db->datalogUpdate("sys_group", "name = '$username'", 'groupid', $tmp['groupid']);
+ unset($tmp);
}
// password changed
- if($this->dataRecord["password"] != '') {
- $password = addslashes($this->dataRecord["password"]);
+ if($conf['demo_mode'] != true && isset($this->dataRecord["password"]) && $this->dataRecord["password"] != '') {
+ $password = $app->db->quote($this->dataRecord["password"]);
+ $salt="$1$";
+ $base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
+ for ($n=0;$n<8;$n++) {
+ $salt.=$base64_alphabet[mt_rand(0,63)];
+ }
+ $salt.="$";
+ $password = crypt(stripslashes($password),$salt);
$client_id = $this->id;
- $sql = "UPDATE sys_user SET passwort = md5('$password') WHERE client_id = $client_id";
+ $sql = "UPDATE sys_user SET passwort = '$password' WHERE client_id = $client_id";
$app->db->query($sql);
}
+ // language changed
+ if($conf['demo_mode'] != true && isset($this->dataRecord['language']) && $this->dataRecord['language'] != '' && $this->oldDataRecord['language'] != $this->dataRecord['language']) {
+ $language = $app->db->quote($this->dataRecord["language"]);
+ $client_id = $this->id;
+ $sql = "UPDATE sys_user SET language = '$language' WHERE client_id = $client_id";
+ $app->db->query($sql);
+ }
+ // reseller status changed
+ if(isset($this->dataRecord["limit_client"]) && $this->dataRecord["limit_client"] != $this->oldDataRecord["limit_client"]) {
+ $modules = $conf['interface_modules_enabled'];
+ if($this->dataRecord["limit_client"] > 0) $modules .= ',client';
+ $modules = $app->db->quote($modules);
+ $client_id = $this->id;
+ $sql = "UPDATE sys_user SET modules = '$modules' WHERE client_id = $client_id";
+ $app->db->query($sql);
+ }
+ /*
+ * If there is a client-template, process it */
+ applyClientTemplates($this->id);
+
+ parent::onAfterUpdate();
}
-
-
}
$page = new page_action;
$page->onLoad();
-?>
\ No newline at end of file
+?>
--
Gitblit v1.9.1