From fe9a23f542bc56c1c0b6dc30257418e38ff7bd3a Mon Sep 17 00:00:00 2001
From: ftimme <ft@falkotimme.com>
Date: Sat, 08 Jun 2013 18:57:40 -0400
Subject: [PATCH] - Fixed FS#2936 - Please check and limit username input length.

---
 interface/web/dashboard/dashboard.php |  108 ++++++++++++++++++++++++++++++++++++++++++------------
 1 files changed, 84 insertions(+), 24 deletions(-)

diff --git a/interface/web/dashboard/dashboard.php b/interface/web/dashboard/dashboard.php
index f2d2f4d..b0bb809 100644
--- a/interface/web/dashboard/dashboard.php
+++ b/interface/web/dashboard/dashboard.php
@@ -48,7 +48,14 @@
 /*
  * Let the user welcome
 */
-$welcome = sprintf($wb['welcome_user_txt'], $_SESSION['s']['user']['username']);
+if($_SESSION['s']['user']['typ'] == 'admin') {
+	$name = $_SESSION['s']['user']['username'];
+} else {
+	$tmp = $app->db->queryOneRecord("SELECT contact_name FROM client WHERE username = '".$app->db->quote($_SESSION['s']['user']['username'])."'");
+	$name = $tmp['contact_name'];
+}
+
+$welcome = sprintf($wb['welcome_user_txt'], htmlentities($name, ENT_QUOTES, 'UTF-8'));
 $app->tpl->setVar('welcome_user', $welcome);
 
 
@@ -86,41 +93,94 @@
 */
 $info = array();
 
+if(isset($_SESSION['show_info_msg'])) {
+    $info[] = array('info_msg' => '<p>'.$_SESSION['show_info_msg'].'</p>');
+    unset($_SESSION['show_info_msg']);
+}
+if(isset($_SESSION['show_error_msg'])) {
+    $app->tpl->setloop('error', array(array('error_msg' => '<p>'.$_SESSION['show_error_msg'].'</p>')));
+    unset($_SESSION['show_error_msg']);
+}
+
+
 /*
  * Check the ISPConfig-Version (only for the admin)
 */
 if($_SESSION["s"]["user"]["typ"] == 'admin') {
-	$new_version = @file_get_contents('http://www.ispconfig.org/downloads/ispconfig3_version.txt');
-	$new_version = trim($new_version);
-	if($new_version != ISPC_APP_VERSION) {
-		$info[] = array('info_msg' => 'There is a new Version of ISPConfig 3 available! <a href="http://www.ispconfig.org">See more...</a>');
+	if(!isset($_SESSION['s']['new_ispconfig_version'])) {
+		$new_version = @file_get_contents('http://www.ispconfig.org/downloads/ispconfig3_version.txt');
+		$_SESSION['s']['new_ispconfig_version'] = trim($new_version);
+	}
+	$v1 = ISPC_APP_VERSION;
+	$v2 = $_SESSION['s']['new_ispconfig_version'];
+	$this_version = explode(".",$v1);
+	/*
+	$this_fullversion = (($this_version[0] < 10) ? '0'.$this_version[0] : $this_version[0]) .
+			    ((isset($this_version[1]) && $this_version[1] < 10) ? '0'.$this_version[1] : $this_version[1]) .
+			    ((isset($this_version[2]) && $this_version[2] < 10) ? '0'.$this_version[2] : $this_version[2]) .
+			    ((isset($this_version[3]) && $this_version[3] < 10) ? (($this_version[3] < 1) ? '00' : '0'.$this_version[3]) : @$this_version[3]);
+
+	*/
+	
+	$new_version = explode(".",$v2);
+	/*
+	$new_fullversion =  (($new_version[0] < 10) ? '0'.$new_version[0] : $new_version[0]) .
+			    ((isset($new_version[1]) && $new_version[1] < 10) ? '0'.$new_version[1] : $new_version[1]) .
+			    ((isset($new_version[2]) && $new_version[2] < 10) ? '0'.$new_version[2] : $new_version[2]) .
+			    ((isset($new_version[3]) && $new_version[3] < 10) ? (($new_version[3] < 1) ? '00' : '0'.$new_version[3]) : @$new_version[3]);
+	*/
+	
+	$this_fullversion = str_pad($this_version[0], 2,'0',STR_PAD_LEFT).str_pad($this_version[1], 2,'0',STR_PAD_LEFT).@str_pad($this_version[2], 2,'0',STR_PAD_LEFT).@str_pad($this_version[3], 2,'0',STR_PAD_LEFT);
+	$new_fullversion = str_pad($new_version[0], 2,'0',STR_PAD_LEFT).str_pad($new_version[1], 2,'0',STR_PAD_LEFT).@str_pad($new_version[2], 2,'0',STR_PAD_LEFT).@str_pad($new_version[3], 2,'0',STR_PAD_LEFT);
+	if($new_fullversion > $this_fullversion) {
+		$info[] = array('info_msg' => '<p>There is a new Version of ISPConfig 3 available!</p>' . 
+			'<p>This Version: <b>' . $v1 . '</b></p>' . 
+			'<p>New Version : <b>' . $v2 .  '</b></p>' .
+			'<p><a href="http://www.ispconfig.org/ispconfig-3/download" target="ISPC">See more...</a></p>');
 	}
 }
 
 $app->tpl->setloop('info', $info);
 
-/*
- * Show all modules, the user is allowed to use
-*/
-$modules = explode(',', $_SESSION['s']['user']['modules']);
-$mod = array();
-if(is_array($modules)) {
-	foreach($modules as $mt) {
-		if(is_file('../' . $mt . '/lib/module.conf.php')) {
-			if(!preg_match("/^[a-z]{2,20}$/i", $mt)) die('module name contains unallowed chars.');
-			include_once('../' . $mt.'/lib/module.conf.php');
-			/* We don't want to show the dashboard */
-			if ($mt != 'dashboard') {
-				$mod[] = array(	'modules_title' 	=> $app->lng($module['title']),
-						'modules_startpage'	=> $module['startpage'],
-						'modules_name'  	=> $module['name']);
-			}
-		}
+/* Load the dashlets*/
+$dashlet_list = array();
+$handle = @opendir(ISPC_WEB_PATH.'/dashboard/dashlets'); 
+while ($file = @readdir ($handle)) { 
+    if ($file != '.' && $file != '..' && !is_dir($file)) {
+        $dashlet_name = substr($file,0,-4);
+		$dashlet_class = 'dashlet_'.$dashlet_name;
+		include_once(ISPC_WEB_PATH.'/dashboard/dashlets/'.$file);
+		$dashlet_list[$dashlet_name] = new $dashlet_class;
 	}
-
-	$app->tpl->setloop('modules', $mod);
 }
 
+
+/* Which dashlets in which column */
+/******************************************************************************/
+$leftcol_dashlets = array('modules','invoices');
+$rightcol_dashlets = array('limits');
+/******************************************************************************/
+
+
+/* Fill the left column */
+$leftcol = array();
+foreach($leftcol_dashlets as $name) {
+	if(isset($dashlet_list[$name])) {
+		$leftcol[]['content'] = $dashlet_list[$name]->show();
+	}
+}
+$app->tpl->setloop('leftcol', $leftcol);
+
+/* Fill the right columnn */
+$rightcol = array();
+foreach($rightcol_dashlets as $name) {
+	if(isset($dashlet_list[$name])) {
+		$rightcol[]['content'] = $dashlet_list[$name]->show();
+	}
+}
+$app->tpl->setloop('rightcol', $rightcol);
+
+
 //* Do Output
 $app->tpl->pparse();
 

--
Gitblit v1.9.1