gitlabFork/ISPConfig3.git - Solinfo Gitblit

- don't set password via remoting if field is empty

Marius Cramer

2015-08-06 37b29231e47a0c4458dc1c15d98588f16f07e1e2

commit \| author \| age
be7d7f	1	<?php
T	2	/*
	3	Copyright (c) 2005 - 2009, Till Brehm, projektfarm Gmbh
	4	All rights reserved.
	5
	6	Redistribution and use in source and binary forms, with or without modification,
	7	are permitted provided that the following conditions are met:
	8
	9	* Redistributions of source code must retain the above copyright notice,
	10	this list of conditions and the following disclaimer.
	11	* Redistributions in binary form must reproduce the above copyright notice,
	12	this list of conditions and the following disclaimer in the documentation
	13	and/or other materials provided with the distribution.
	14	* Neither the name of ISPConfig nor the names of its contributors
	15	may be used to endorse or promote products derived from this software without
	16	specific prior written permission.
	17
	18	THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
	19	ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
	20	WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
	21	IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
	22	INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
	23	BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	24	DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
	25	OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
	26	NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
	27	EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	28	*/
	29
	30
	31	/******************************************
	32	* Begin Form configuration
	33	******************************************/
	34
	35	$tform_def_file = "form/reseller.tform.php";
	36
	37	/******************************************
	38	* End Form configuration
	39	******************************************/
	40
7fe908	41	require_once '../../lib/config.inc.php';
MC	42	require_once '../../lib/app.inc.php';
be7d7f	43
T	44	//* Check permissions for module
	45	$app->auth->check_module_permissions('client');
	46
	47	if($_SESSION["s"]["user"]["typ"] != 'admin') die('Access only for administrators.');
	48
	49	// Loading classes
	50	$app->uses('tpl,tform,tform_actions');
	51	$app->load('tform_actions');
	52
	53	class page_action extends tform_actions {
	54
	55
	56	function onShowNew() {
	57	global $app, $conf;
7fe908	58
be7d7f	59	// we will check only users, not admins
T	60	if($_SESSION["s"]["user"]["typ"] == 'user') {
7fe908	61
be7d7f	62	// Get the limits of the client
604c0c	63	$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
cc7a82	64	$client = $app->db->queryOneRecord("SELECT limit_client FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
7fe908	65
be7d7f	66	// Check if the user may add another website.
T	67	if($client["limit_client"] >= 0) {
cc7a82	68	$tmp = $app->db->queryOneRecord("SELECT count(client_id) as number FROM client WHERE sys_groupid = ?", $client_group_id);
be7d7f	69	if($tmp["number"] >= $client["limit_client"]) {
T	70	$app->error($app->tform->wordbook["limit_client_txt"]);
	71	}
	72	}
	73	}
7fe908	74
be7d7f	75	parent::onShowNew();
T	76	}
7fe908	77
MC	78
be7d7f	79	function onSubmit() {
T	80	global $app, $conf;
7fe908	81
be7d7f	82	// we will check only users, not admins
T	83	if($_SESSION["s"]["user"]["typ"] == 'user' && $this->id == 0) {
7fe908	84
be7d7f	85	// Get the limits of the client
604c0c	86	$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
cc7a82	87	$client = $app->db->queryOneRecord("SELECT limit_client FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
7fe908	88
be7d7f	89	// Check if the user may add another website.
T	90	if($client["limit_client"] >= 0) {
cc7a82	91	$tmp = $app->db->queryOneRecord("SELECT count(client_id) as number FROM client WHERE sys_groupid = ?", $client_group_id);
be7d7f	92	if($tmp["number"] >= $client["limit_client"]) {
T	93	$app->error($app->tform->wordbook["limit_client_txt"]);
	94	}
	95	}
	96	}
94c961	97
TB	98	if($this->id != 0) {
2af58c	99	$this->oldTemplatesAssigned = $app->db->queryAllRecords('SELECT * FROM `client_template_assigned` WHERE `client_id` = ?', $this->id);
94c961	100	if(!is_array($this->oldTemplatesAssigned) \|\| count($this->oldTemplatesAssigned) < 1) {
TB	101	// check previous type of storing templates
	102	$tpls = explode('/', $this->oldDataRecord['template_additional']);
	103	$this->oldTemplatesAssigned = array();
	104	foreach($tpls as $item) {
	105	$item = trim($item);
	106	if(!$item) continue;
	107	$this->oldTemplatesAssigned[] = array('assigned_template_id' => 0, 'client_template_id' => $item, 'client_id' => $this->id);
	108	}
	109	unset($tpls);
	110	}
	111	} else {
	112	$this->oldTemplatesAssigned = array();
	113	}
	114
	115	$this->_template_additional = explode('/', $this->dataRecord['template_additional']);
	116	$this->dataRecord['template_additional'] = '';
7fe908	117
be7d7f	118	parent::onSubmit();
T	119	}
	120
	121
	122	function onShowEnd() {
	123
	124	global $app;
	125
8471a3	126	$sql = "SELECT template_id,template_name FROM client_template WHERE template_type = 'a' ORDER BY template_name ASC";
be7d7f	127	$tpls = $app->db->queryAllRecords($sql);
T	128	$option = '';
	129	$tpl = array();
	130	foreach($tpls as $item){
	131	$option .= '<option value="' . $item['template_id'] . '\|' . $item['template_name'] . '">' . $item['template_name'] . '</option>';
	132	$tpl[$item['template_id']] = $item['template_name'];
	133	}
7fe908	134	$app->tpl->setVar('tpl_add_select', $option);
be7d7f	135
7fe908	136	// check for new-style records
2af58c	137	$result = $app->db->queryAllRecords('SELECT assigned_template_id, client_template_id FROM client_template_assigned WHERE client_id = ?', $this->id);
7fe908	138	if($result && count($result) > 0) {
MC	139	// new style
94c961	140	$items = array();
7fe908	141	$text = '';
MC	142	foreach($result as $item){
	143	if (trim($item['client_template_id']) != ''){
	144	if ($text != '') $text .= '';
94c961	145	$text .= '<li rel="' . $item['assigned_template_id'] . '">' . $tpl[$item['client_template_id']];
TB	146	$text .= '<a href="#" class="button icons16 icoDelete"></a>';
	147	$tmp = new stdClass();
	148	$tmp->id = $item['assigned_template_id'];
	149	$tmp->data = '';
	150	$app->plugin->raiseEvent('get_client_template_details', $tmp);
	151	if($tmp->data != '') $text .= '<br /><em>' . $tmp->data . '</em>';
	152
	153	$text .= '</li>';
	154	$items[] = $item['assigned_template_id'] . ':' . $item['client_template_id'];
7fe908	155	}
MC	156	}
94c961	157
TB	158	$tmprec = $app->tform->getHTML(array('template_additional' => implode('/', $items)), $this->active_tab, 'EDIT');
	159	$app->tpl->setVar('template_additional', $tmprec['template_additional']);
	160	unset($tmprec);
7fe908	161	} else {
MC	162	// old style
2af58c	163	$sql = "SELECT template_additional FROM client WHERE client_id = ?";
MC	164	$result = $app->db->queryOneRecord($sql, $this->id);
7fe908	165	$tplAdd = explode("/", $result['template_additional']);
MC	166	$text = '';
	167	foreach($tplAdd as $item){
	168	if (trim($item) != ''){
	169	if ($text != '') $text .= '';
	170	$text .= '<li>' . $tpl[$item]. '<a href="#" class="button icons16 icoDelete"></a></li>';
	171	}
	172	}
	173	}
be7d7f	174
T	175	$app->tpl->setVar('template_additional_list', $text);
94c961	176	$app->tpl->setVar('app_module', 'client');
3d96c5	177
TB	178	//* Set the 'customer no' default value
	179	if($this->id == 0) {
	180	//* get the system config
	181	$app->uses('getconf');
	182	$system_config = $app->getconf->get_global_config();
	183	if($system_config['misc']['customer_no_template'] != '') {
	184
	185	//* Set customer no default
	186	$customer_no = $app->functions->intval($system_config['misc']['customer_no_start']+$system_config['misc']['customer_no_counter']);
	187	$customer_no_string = str_replace('[CUSTOMER_NO]',$customer_no,$system_config['misc']['customer_no_template']);
	188	$app->tpl->setVar('customer_no',$customer_no_string);
	189	}
	190	}
6a8a67	191
be7d7f	192	parent::onShowEnd();
T	193
	194	}
	195
	196	/*
	197	This function is called automatically right after
	198	the data was successful inserted in the database.
	199	*/
	200	function onAfterInsert() {
3398c2	201	global $app, $conf;
be7d7f	202	// Create the group for the reseller
3a11d2	203	$groupid = $app->db->datalogInsert('sys_group', array("name" => $this->dataRecord["username"], "description" => '', "client_id" => $this->id), 'groupid');
be7d7f	204	$groups = $groupid;
7fe908	205
2af58c	206	$username = $this->dataRecord["username"];
MC	207	$password = $this->dataRecord["password"];
	208	$modules = $conf['interface_modules_enabled'] . ',client';
7fe908	209	$startmodule = (stristr($modules, 'dashboard'))?'dashboard':'client';
2af58c	210	$usertheme = $this->dataRecord["usertheme"];
be7d7f	211	$type = 'user';
T	212	$active = 1;
2af58c	213	$language = $this->dataRecord["language"];
7fe908	214
f5d954	215	$salt="$1$";
T	216	$base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
	217	for ($n=0;$n<8;$n++) {
7fe908	218	$salt.=$base64_alphabet[mt_rand(0, 63)];
f5d954	219	}
T	220	$salt.="$";
7fe908	221	$password = crypt(stripslashes($password), $salt);
MC	222
be7d7f	223	// Create the controlpaneluser for the reseller
T	224	$sql = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id)
2af58c	225	VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
MC	226	$app->db->query($sql, $username, $password, $modules, $startmodule, $usertheme, $type, $active, $language, $groups, $groupid, $this->id);
7fe908	227
be7d7f	228	//* set the number of clients to 1
2af58c	229	$app->db->query("UPDATE client SET limit_client = 1 WHERE client_id = ?", $this->id);
7fe908	230
8cf78b	231	//* Set the default servers
T	232	$tmp = $app->db->queryOneRecord('SELECT server_id FROM server WHERE mail_server = 1 LIMIT 0,1');
65ea2e	233	$default_mailserver = $app->functions->intval($tmp['server_id']);
8cf78b	234	$tmp = $app->db->queryOneRecord('SELECT server_id FROM server WHERE web_server = 1 LIMIT 0,1');
65ea2e	235	$default_webserver = $app->functions->intval($tmp['server_id']);
8cf78b	236	$tmp = $app->db->queryOneRecord('SELECT server_id FROM server WHERE dns_server = 1 LIMIT 0,1');
65ea2e	237	$default_dnsserver = $app->functions->intval($tmp['server_id']);
8cf78b	238	$tmp = $app->db->queryOneRecord('SELECT server_id FROM server WHERE db_server = 1 LIMIT 0,1');
65ea2e	239	$default_dbserver = $app->functions->intval($tmp['server_id']);
7fe908	240
2af58c	241	$sql = "UPDATE client SET default_mailserver = ?, default_webserver = ?, default_dnsserver = ?, default_slave_dnsserver = ?, default_dbserver = ? WHERE client_id = ?";
MC	242	$app->db->query($sql, $default_mailserver, $default_webserver, $default_dnsserver, $default_dnsserver, $default_dbserver, $this->id);
94c961	243
TB	244	if(isset($this->dataRecord['template_master'])) {
	245	$app->uses('client_templates');
	246	$app->client_templates->update_client_templates($this->id, $this->_template_additional);
	247	}
23229c	248
TB	249	if($this->dataRecord['customer_no'] == $this->dataRecord['customer_no_org']) {
	250	//* get the system config
	251	$app->uses('getconf');
	252	$system_config = $app->getconf->get_global_config();
	253	if($system_config['misc']['customer_no_template'] != '') {
	254
	255	//* save new counter value
	256	$system_config['misc']['customer_no_counter']++;
	257	$system_config_str = $app->ini_parser->get_ini_string($system_config);
2af58c	258	$app->db->datalogUpdate('sys_ini', array("config" => $system_config_str), 'sysini_id', 1);
23229c	259
TB	260	}
	261	}
fedbca	262
TB	263	//* Send welcome email
	264	$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
2af58c	265	$sql = "SELECT * FROM client_message_template WHERE template_type = 'welcome' AND sys_groupid = ?";
MC	266	$email_template = $app->db->queryOneRecord($sql, $client_group_id);
fedbca	267	$client = $app->tform->getDataRecord($this->id);
TB	268
	269	if(is_array($email_template) && $client['email'] != '') {
	270	//* Parse client details into message
	271	$message = $email_template['message'];
	272	$subject = $email_template['subject'];
	273	foreach($client as $key => $val) {
	274	switch ($key) {
	275	case 'password':
	276	$message = str_replace('{password}', $this->dataRecord['password'], $message);
	277	$subject = str_replace('{password}', $this->dataRecord['password'], $subject);
	278	break;
	279	case 'gender':
	280	$message = str_replace('{salutation}', $wb['gender_'.$val.'_txt'], $message);
	281	$subject = str_replace('{salutation}', $wb['gender_'.$val.'_txt'], $subject);
	282	break;
	283	default:
	284	$message = str_replace('{'.$key.'}', $val, $message);
	285	$subject = str_replace('{'.$key.'}', $val, $subject);
	286	}
	287	}
	288
	289	//* Get sender address
	290	if($app->auth->is_admin()) {
	291	$app->uses('getconf');
	292	$system_config = $app->getconf->get_global_config();
	293	$from = $system_config['admin_mail'];
	294	} else {
	295	$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
2af58c	296	$reseller = $app->db->queryOneRecord("SELECT client.email FROM sys_group,client WHERE client.client_id = sys_group.client_id and sys_group.groupid = ?", $client_group_id);
fedbca	297	$from = $reseller["email"];
TB	298	}
	299
	300	//* Send the email
	301	$app->functions->mail($client['email'], $subject, $message, $from);
	302	}
be7d7f	303
T	304	parent::onAfterInsert();
	305	}
7fe908	306
MC	307
be7d7f	308	/*
T	309	This function is called automatically right after
	310	the data was successful updated in the database.
	311	*/
	312	function onAfterUpdate() {
3398c2	313	global $app, $conf;
7fe908	314
be7d7f	315	// username changed
bfcdef	316	if(isset($conf['demo_mode']) && $conf['demo_mode'] != true && isset($this->dataRecord['username']) && $this->dataRecord['username'] != '' && $this->oldDataRecord['username'] != $this->dataRecord['username']) {
2af58c	317	$username = $this->dataRecord["username"];
be7d7f	318	$client_id = $this->id;
2af58c	319	$sql = "UPDATE sys_user SET username = ? WHERE client_id = ?";
MC	320	$app->db->query($sql, $username, $client_id);
7fe908	321
2af58c	322	$tmp = $app->db->queryOneRecord("SELECT * FROM sys_group WHERE client_id = ?", $client_id);
MC	323	$app->db->datalogUpdate("sys_group", array("name" => $username), 'groupid', $tmp['groupid']);
be7d7f	324	unset($tmp);
T	325	}
7fe908	326
be7d7f	327	// password changed
bfcdef	328	if(isset($conf['demo_mode']) && $conf['demo_mode'] != true && isset($this->dataRecord["password"]) && $this->dataRecord["password"] != '') {
2af58c	329	$password = $this->dataRecord["password"];
be7d7f	330	$client_id = $this->id;
f5d954	331	$salt="$1$";
T	332	$base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
	333	for ($n=0;$n<8;$n++) {
7fe908	334	$salt.=$base64_alphabet[mt_rand(0, 63)];
f5d954	335	}
T	336	$salt.="$";
7fe908	337	$password = crypt(stripslashes($password), $salt);
2af58c	338	$sql = "UPDATE sys_user SET passwort = ? WHERE client_id = ?";
MC	339	$app->db->query($sql, $password, $client_id);
be7d7f	340	}
7fe908	341
cab924	342	// language changed
bfcdef	343	if(isset($conf['demo_mode']) && $conf['demo_mode'] != true && isset($this->dataRecord['language']) && $this->dataRecord['language'] != '' && $this->oldDataRecord['language'] != $this->dataRecord['language']) {
2af58c	344	$language = $this->dataRecord["language"];
cab924	345	$client_id = $this->id;
2af58c	346	$sql = "UPDATE sys_user SET language = ? WHERE client_id = ?";
MC	347	$app->db->query($sql, $language, $client_id);
cab924	348	}
7fe908	349
66bc13	350	// ensure that a reseller is not converted to a client in demo mode when client_id <= 2
bfcdef	351	if(isset($conf['demo_mode']) && $conf['demo_mode'] == true && $this->id <= 2) {
66bc13	352	if(isset($this->dataRecord["limit_client"]) && $this->dataRecord["limit_client"] != -1) {
2af58c	353	$app->db->query('UPDATE client set limit_client = -1 WHERE client_id = ?', $this->id);
66bc13	354	}
T	355	}
7fe908	356
be7d7f	357	// reseller status changed
T	358	if(isset($this->dataRecord["limit_client"]) && $this->dataRecord["limit_client"] != $this->oldDataRecord["limit_client"]) {
2af58c	359	$modules = $conf['interface_modules_enabled'] . ',client';
MC	360	$modules = $modules;
be7d7f	361	$client_id = $this->id;
2af58c	362	$sql = "UPDATE sys_user SET modules = ? WHERE client_id = ?";
MC	363	$app->db->query($sql, $modules, $client_id);
be7d7f	364	}
94c961	365
TB	366	if(isset($this->dataRecord['template_master'])) {
	367	$app->uses('client_templates');
	368	$app->client_templates->update_client_templates($this->id, $this->_template_additional);
	369	}
be7d7f	370
T	371	parent::onAfterUpdate();
	372	}
7fe908	373
be7d7f	374	}
T	375
	376	$page = new page_action;
	377	$page->onLoad();
	378
7fe908	379	?>