gitlabFork/ISPConfig3.git - Solinfo Gitblit

- don't set password via remoting if field is empty

Marius Cramer

2015-08-06 37b29231e47a0c4458dc1c15d98588f16f07e1e2

commit \| author \| age
2dadd2	1	<?php
T	2
	3	/*
	4	Copyright (c) 2007, Till Brehm, projektfarm Gmbh
	5	All rights reserved.
	6
	7	Redistribution and use in source and binary forms, with or without modification,
	8	are permitted provided that the following conditions are met:
	9
bd68aa	10	* Redistributions of source code must retain the above copyright notice,
MC	11	this list of conditions and the following disclaimer.
	12	* Redistributions in binary form must reproduce the above copyright notice,
	13	this list of conditions and the following disclaimer in the documentation
	14	and/or other materials provided with the distribution.
	15	* Neither the name of ISPConfig nor the names of its contributors
	16	may be used to endorse or promote products derived from this software without
	17	specific prior written permission.
2dadd2	18
T	19	THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
	20	ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
	21	WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
	22	IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
	23	INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
	24	BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	25	DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
	26	OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
	27	NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
	28	EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	29	*/
	30
	31	/**
b1a6a5	32	* Formularbehandlung
MC	33	*
	34	* Functions to validate, display and save form values
	35	*
	36	* Database table field definitions
	37	*
	38	* Datatypes:
	39	* - INTEGER (Converts data to int automatically)
	40	* - DOUBLE
	41	* - CURRENCY (Formats digits in currency notation)
	42	* - VARCHAR (No format check)
	43	* - DATE (Date format, converts from and to UNIX timestamps automatically)
	44	*
	45	* Formtype:
	46	* - TEXT (Normal text field)
	47	* - PASSWORD (password field, the content will not be displayed again to the user)
	48	* - SELECT (Option fiield)
	49	* - MULTIPLE (Allows selection of multiple values)
	50	*
	51	* VALUE:
	52	* - Value or array
	53	*
	54	* SEPARATOR
	55	* - separator char used for fileds with multiple values
	56	*
	57	* Hint: The auto increment (ID) filed of the table has not be be definied separately.
	58	*
	59	*/
	60
	61
a0b289	62	global $app;
5bff39	63	$app->load('tform_base');
M	64	class tform extends tform_base {
b1a6a5	65	/*
2332b2	66	This function checks if a user has the parmissions $perm for the data record with the ID $record_id
T	67	If record_id = 0, the the permissions are tested against the defaults of the form file.
	68	*/
7fe908	69
b1a6a5	70	function checkPerm($record_id, $perm) {
MC	71	global $app;
2dadd2	72
35509d	73	$record_id = $app->functions->intval($record_id);
b1a6a5	74	if($record_id > 0) {
2dadd2	75	// Add backticks for incomplete table names.
b1a6a5	76	if(stristr($this->formDef['db_table'], '.')) {
05beae	77	$escape = '';
MC	78	} else {
	79	$escape = '`';
	80	}
	81
2af58c	82	$sql = "SELECT ?? FROM ?? WHERE ?? = ? AND ".$this->getAuthSQL($perm);
MC	83	if($record = $app->db->queryOneRecord($sql, $this->formDef['db_table_idx'], $this->formDef['db_table'], $this->formDef['db_table_idx'], $record_id)) {
2dadd2	84	return true;
T	85	} else {
	86	return false;
	87	}
b1a6a5	88	} else {
MC	89	$result = false;
	90	if(@$this->formDef["auth_preset"]["userid"] == $_SESSION["s"]["user"]["userid"] && stristr($perm, $this->formDef["auth_preset"]["perm_user"])) $result = true;
	91	if(@$this->formDef["auth_preset"]["groupid"] == $_SESSION["s"]["user"]["groupid"] && stristr($perm, $this->formDef["auth_preset"]["perm_group"])) $result = true;
	92	if(@stristr($this->formDef["auth_preset"]["perm_other"], $perm)) $result = true;
	93
	94	// if preset == 0, everyone can insert a record of this type
	95	if($this->formDef["auth_preset"]["userid"] == 0 and $this->formDef["auth_preset"]["groupid"] == 0 and (@stristr($this->formDef["auth_preset"]["perm_user"], $perm) or @stristr($this->formDef["auth_preset"]["perm_group"], $perm))) $result = true;
	96
	97	return $result;
	98
05beae	99	}
MC	100
b1a6a5	101	}
05beae	102
b1a6a5	103	function getNextTab() {
MC	104	// Which tab is shown
	105	if($this->errorMessage == '') {
	106	// If there is no error
	107	if(isset($_REQUEST["next_tab"]) && $_REQUEST["next_tab"] != '') {
	108	// If the next tab is known
	109	$active_tab = $_REQUEST["next_tab"];
2dadd2	110	} else {
b1a6a5	111	// else use the default tab
MC	112	$active_tab = $this->formDef['tab_default'];
2dadd2	113	}
b1a6a5	114	} else {
MC	115	// Show the same tab again in case of an error
	116	$active_tab = $_SESSION["s"]["form"]["tab"];
2dadd2	117	}
05beae	118
b1a6a5	119	return $active_tab;
MC	120	}
05beae	121
b1a6a5	122	function getCurrentTab() {
MC	123	return $_SESSION["s"]["form"]["tab"];
	124	}
05beae	125
b1a6a5	126	function isReadonlyTab($tab, $primary_id) {
MC	127	global $app, $conf;
	128
	129	// Add backticks for incomplete table names.
	130	if(stristr($this->formDef['db_table'], '.')) {
	131	$escape = '';
	132	} else {
	133	$escape = '`';
	134	}
	135
2af58c	136	$sql = "SELECT sys_userid FROM ?? WHERE ?? = ?";
MC	137	$record = $app->db->queryOneRecord($sql, $this->formDef['db_table'], $this->formDef['db_table_idx'], $primary_id);
b1a6a5	138
MC	139	// return true if the readonly flag of the form is set and the current loggedin user is not the owner of the record.
	140	if(isset($this->formDef['tabs'][$tab]['readonly']) && $this->formDef['tabs'][$tab]['readonly'] == true && $record['sys_userid'] != $_SESSION["s"]["user"]["userid"]) {
	141	return true;
	142	} else {
	143	return false;
	144	}
	145	}
	146
	147
	148	// translation function for forms, tries the form wordbook first and if this fails, it tries the global wordbook
	149	function lng($msg) {
	150	global $app, $conf;
	151
	152	if(isset($this->wordbook[$msg])) {
	153	return $this->wordbook[$msg];
	154	} else {
	155	return $app->lng($msg);
	156	}
	157
	158	}
	159
	160	function checkClientLimit($limit_name, $sql_where = '') {
	161	global $app;
	162
	163	$check_passed = true;
	164	if($limit_name == '') $app->error('Limit name missing in function checkClientLimit.');
	165
	166	// Get the limits of the client that is currently logged in
35509d	167	$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
2af58c	168	$client = $app->db->queryOneRecord("SELECT ?? as number, parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $limit_name, $client_group_id);
b1a6a5	169
MC	170	// Check if the user may add another item
	171	if($client["number"] >= 0) {
2af58c	172	$sql = "SELECT count(??) as number FROM ?? WHERE ".$this->getAuthSQL('u');
b1a6a5	173	if($sql_where != '') $sql .= ' and '.$sql_where;
2af58c	174	$tmp = $app->db->queryOneRecord($sql, $this->formDef['db_table_idx'], $this->formDef['db_table']);
b1a6a5	175	if($tmp["number"] >= $client["number"]) $check_passed = false;
MC	176	}
	177
	178	return $check_passed;
	179	}
	180
	181	function checkResellerLimit($limit_name, $sql_where = '') {
	182	global $app;
	183
	184	$check_passed = true;
	185	if($limit_name == '') $app->error('Limit name missing in function checkClientLimit.');
	186
	187	// Get the limits of the client that is currently logged in
35509d	188	$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
cc7a82	189	$client = $app->db->queryOneRecord("SELECT parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
b1a6a5	190
MC	191	//* If the client belongs to a reseller, we will check against the reseller Limit too
	192	if($client['parent_client_id'] != 0) {
	193
	194	//* first we need to know the groups of this reseller
2af58c	195	$tmp = $app->db->queryOneRecord("SELECT userid, groups FROM sys_user WHERE client_id = ?", $client['parent_client_id']);
b1a6a5	196	$reseller_groups = $tmp["groups"];
MC	197	$reseller_userid = $tmp["userid"];
	198
	199	// Get the limits of the reseller of the logged in client
3cebc3	200	$client_group_id = $_SESSION["s"]["user"]["default_group"];
2af58c	201	$reseller = $app->db->queryOneRecord("SELECT $limit_name as number FROM client WHERE client_id = ?", $client['parent_client_id']);
05beae	202
3cebc3	203	// Check if the user may add another item
b1a6a5	204	if($reseller["number"] >= 0) {
2af58c	205	$sql = "SELECT count(??) as number FROM ?? WHERE (sys_groupid IN ? or sys_userid = ?)";
3cebc3	206	if($sql_where != '') $sql .= ' and '.$sql_where;
2af58c	207	$tmp = $app->db->queryOneRecord($sql, $this->formDef['db_table_idx'], $this->formDef['db_table'], explode(',', $reseller_groups), $reseller_userid);
b1a6a5	208	if($tmp["number"] >= $reseller["number"]) $check_passed = false;
3cebc3	209	}
T	210	}
05beae	211
b1a6a5	212	return $check_passed;
MC	213	}
05beae	214
b1a6a5	215	//* get the difference record of two arrays
MC	216	function getDiffRecord($record_old, $record_new) {
05beae	217
b1a6a5	218	if(is_array($record_new) && count($record_new) > 0) {
11b3da	219	foreach($record_new as $key => $val) {
T	220	if(@$record_old[$key] != $val) {
	221	// Record has changed
b1a6a5	222	$diffrec[$key] = array( 'old' => @$record_old[$key],
MC	223	'new' => $val);
11b3da	224	}
b1a6a5	225	}
MC	226	} elseif(is_array($record_old)) {
	227	foreach($record_old as $key => $val) {
	228	if($record_new[$key] != $val) {
	229	// Record has changed
	230	$diffrec[$key] = array( 'new' => $record_new[$key],
	231	'old' => $val);
11b3da	232	}
b1a6a5	233	}
MC	234	}
	235	return $diffrec;
05beae	236
b1a6a5	237	}
MC	238
	239
	240	/**
	241	* Generate HTML for DATETIME fields.
	242	*
	243	* @access private
	244	* @param string $form_element Name of the form element.
	245	* @param string $default_value Selected value for fields.
	246	* @param bool $display_secons Include seconds selection.
	247	* @return string HTML
	248	*/
	249	function _getDateTimeHTML($form_element, $default_value, $display_seconds=false)
	250	{
eebe76	251	$_datetime = ($default_value && $default_value != '0000-00-00 00:00:00' ? strtotime($default_value) : false);
b1a6a5	252	$_showdate = ($_datetime === false) ? false : true;
MC	253
	254	$dselect = array('day', 'month', 'year', 'hour', 'minute');
	255	if ($display_seconds === true) {
	256	$dselect[] = 'second';
11b3da	257	}
43e5b6	258
MC	259	$tmp_dt = strtr($this->datetimeformat,array('d' => 'dd', 'm' => 'mm', 'Y' => 'yyyy', 'y' => 'yy', 'H' => 'hh', 'h' => 'HH', 'i' => 'ii')) . ($display_seconds ? ':ss' : '');
05beae	260
b1a6a5	261	$out = '';
43e5b6	262
MC	263	return '<input type="text" class="form-control" name="' . $form_element . '" value="' . ($_showdate ? date($this->datetimeformat . ($display_seconds ? ':s' : ''), $_datetime) : '') . '" data-input-element="datetime" data-date-format="' . $tmp_dt . '" />';
	264	/*
b1a6a5	265	foreach ($dselect as $dt_element)
75ae20	266	{
b1a6a5	267	$dt_options = array();
MC	268	$dt_space = 1;
2dadd2	269
b1a6a5	270	switch ($dt_element) {
MC	271	case 'day':
	272	for ($i = 1; $i <= 31; $i++) {
	273	$dt_options[] = array('name' => sprintf('%02d', $i),
	274	'value' => sprintf('%d', $i));
75ae20	275	}
b1a6a5	276	$selected_value = date('d', $_datetime);
MC	277	break;
05beae	278
b1a6a5	279	case 'month':
MC	280	for ($i = 1; $i <= 12; $i++) {
	281	$dt_options[] = array('name' => strftime('%b', mktime(0, 0, 0, $i, 1, 2000)),
	282	'value' => strftime('%m', mktime(0, 0, 0, $i, 1, 2000)));
	283	}
	284	$selected_value = date('n', $_datetime);
	285	break;
	286
	287	case 'year':
	288	$start_year = strftime("%Y");
	289	$years = range((int)$start_year, (int)($start_year+3));
	290
	291	foreach ($years as $year) {
	292	$dt_options[] = array('name' => $year,
	293	'value' => $year);
	294	}
	295	$selected_value = date('Y', $_datetime);
	296	$dt_space = 2;
	297	break;
	298
	299	case 'hour':
	300	foreach(range(0, 23) as $hour) {
	301	$dt_options[] = array('name' => sprintf('%02d', $hour),
	302	'value' => sprintf('%d', $hour));
	303	}
	304	$selected_value = date('G', $_datetime);
	305	break;
	306
	307	case 'minute':
	308	foreach(range(0, 59) as $minute) {
	309	if (($minute % 5) == 0) {
	310	$dt_options[] = array('name' => sprintf('%02d', $minute),
	311	'value' => sprintf('%d', $minute));
75ae20	312	}
W	313	}
b1a6a5	314	$selected_value = (int)floor(date('i', $_datetime));
MC	315	break;
05beae	316
b1a6a5	317	case 'second':
MC	318	foreach(range(0, 59) as $second) {
	319	$dt_options[] = array('name' => sprintf('%02d', $second),
	320	'value' => sprintf('%d', $second));
	321	}
	322	$selected_value = (int)floor(date('s', $_datetime));
	323	break;
75ae20	324	}
43e5b6	325
b1a6a5	326	$out .= "<select name=\"".$form_element."[$dt_element]\" id=\"".$form_element."_$dt_element\" class=\"selectInput\" style=\"width: auto; float: none;\">";
MC	327	if (!$_showdate) {
	328	$out .= "<option value=\"-\" selected=\"selected\">--</option>" . PHP_EOL;
	329	} else {
	330	$out .= "<option value=\"-\">--</option>" . PHP_EOL;
	331	}
	332
	333	foreach ($dt_options as $dt_opt) {
	334	if ( $_showdate && ($selected_value == $dt_opt['value']) ) {
	335	$out .= "<option value=\"{$dt_opt['value']}\" selected=\"selected\">{$dt_opt['name']}</option>" . PHP_EOL;
	336	} else {
	337	$out .= "<option value=\"{$dt_opt['value']}\">{$dt_opt['name']}</option>" . PHP_EOL;
	338	}
	339	}
	340
	341	$out .= '</select>' . str_repeat(' ', $dt_space);
75ae20	342	}
b1a6a5	343
43e5b6	344	return $out;*/
b1a6a5	345	}
MC	346
2dadd2	347	}
T	348
d7ef36	349	?>