gitlabFork/ISPConfig3.git - Solinfo Gitblit

- don't set password via remoting if field is empty

Marius Cramer

2015-08-06 37b29231e47a0c4458dc1c15d98588f16f07e1e2

commit \| author \| age
532ae5	1	<?php
L	2	/*
	3	Copyright (c) 2005 - 2009, Till Brehm, projektfarm Gmbh
	4	All rights reserved.
	5
	6	Redistribution and use in source and binary forms, with or without modification,
	7	are permitted provided that the following conditions are met:
	8
	9	* Redistributions of source code must retain the above copyright notice,
	10	this list of conditions and the following disclaimer.
	11	* Redistributions in binary form must reproduce the above copyright notice,
	12	this list of conditions and the following disclaimer in the documentation
	13	and/or other materials provided with the distribution.
	14	* Neither the name of ISPConfig nor the names of its contributors
	15	may be used to endorse or promote products derived from this software without
	16	specific prior written permission.
	17
	18	THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
	19	ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
	20	WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
	21	IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
	22	INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
	23	BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	24	DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
	25	OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
	26	NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
	27	EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	28	*/
	29
	30
	31	/******************************************
	32	* Begin Form configuration
	33	******************************************/
	34
	35	$tform_def_file = "form/mail_mailinglist.tform.php";
	36
	37	/******************************************
	38	* End Form configuration
	39	******************************************/
	40
7fe908	41	require_once '../../lib/config.inc.php';
MC	42	require_once '../../lib/app.inc.php';
532ae5	43
L	44	//* Check permissions for module
	45	$app->auth->check_module_permissions('mail');
	46
	47	// Loading classes
	48	$app->uses('tpl,tform,tform_actions');
	49	$app->load('tform_actions');
	50
	51	class page_action extends tform_actions {
7fe908	52
MC	53
532ae5	54	function onShowNew() {
L	55	global $app, $conf;
7fe908	56
532ae5	57	// we will check only users, not admins
L	58	if($_SESSION["s"]["user"]["typ"] == 'user') {
	59	if(!$app->tform->checkClientLimit('limit_mailmailinglist')) {
	60	$app->error($app->tform->wordbook["limit_mailmailinglist_txt"]);
	61	}
	62	if(!$app->tform->checkResellerLimit('limit_mailmailinglist')) {
	63	$app->error('Reseller: '.$app->tform->wordbook["limit_mailmailinglist_txt"]);
	64	}
	65	}
7fe908	66
532ae5	67	parent::onShowNew();
L	68	}
7fe908	69
532ae5	70	function onShowEnd() {
L	71	global $app, $conf;
7fe908	72
532ae5	73	if($_SESSION["s"]["user"]["typ"] == 'admin') {
L	74	// Getting Clients of the user
ca4b71	75	$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.client_id > 0 ORDER BY client.company_name, client.contact_name, sys_group.name";
532ae5	76	$clients = $app->db->queryAllRecords($sql);
L	77	$client_select = '';
	78	if($_SESSION["s"]["user"]["typ"] == 'admin') $client_select .= "<option value='0'></option>";
	79	$tmp_data_record = $app->tform->getDataRecord($this->id);
	80	if(is_array($clients)) {
	81	foreach( $clients as $client) {
	82	$selected = ($client["groupid"] == $tmp_data_record["sys_groupid"])?'SELECTED':'';
615a0a	83	$client_select .= "<option value='$client[groupid]' $selected>$client[contactname]</option>\r\n";
532ae5	84	}
L	85	}
7fe908	86	$app->tpl->setVar("client_group_id", $client_select);
532ae5	87
L	88	} elseif ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
	89
	90	// Get the limits of the client
	91	$client_group_id = $_SESSION["s"]["user"]["default_group"];
2af58c	92	$client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, client.default_mailserver, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ? order by contact_name", $client_group_id);
532ae5	93
L	94	// Fill the client select field
2af58c	95	$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name";
MC	96	$clients = $app->db->queryAllRecords($sql, $client['client_id']);
	97	$tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']);
615a0a	98	$client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';
532ae5	99	$tmp_data_record = $app->tform->getDataRecord($this->id);
L	100	if(is_array($clients)) {
	101	foreach( $clients as $client) {
	102	$selected = @($client["groupid"] == $tmp_data_record["sys_groupid"])?'SELECTED':'';
615a0a	103	$client_select .= "<option value='$client[groupid]' $selected>$client[contactname]</option>\r\n";
532ae5	104	}
L	105	}
7fe908	106	$app->tpl->setVar("client_group_id", $client_select);
532ae5	107	}
7fe908	108
532ae5	109	// Getting Domains of the user
L	110	$sql = "SELECT domain FROM mail_domain WHERE ".$app->tform->getAuthSQL('r').' ORDER BY domain';
	111	$domains = $app->db->queryAllRecords($sql);
	112	$domain_select = '';
	113	if(is_array($domains)) {
	114	foreach( $domains as $domain) {
	115	$selected = ($domain["domain"] == $this->dataRecord["domain"])?'SELECTED':'';
	116	$domain_select .= "<option value='$domain[domain]' $selected>$domain[domain]</option>\r\n";
	117	}
	118	}
7fe908	119	$app->tpl->setVar("domain_option", $domain_select);
MC	120
532ae5	121	if($this->id > 0) {
L	122	//* we are editing a existing record
	123	$app->tpl->setVar("edit_disabled", 1);
	124	$app->tpl->setVar("listname_value", $this->dataRecord["listname"]);
	125	$app->tpl->setVar("domain_value", $this->dataRecord["domain"]);
	126	$app->tpl->setVar("email_value", $this->dataRecord["email"]);
	127	} else {
	128	$app->tpl->setVar("edit_disabled", 0);
	129	}
7fe908	130
532ae5	131	parent::onShowEnd();
L	132	}
7fe908	133
532ae5	134	function onSubmit() {
L	135	global $app, $conf;
7fe908	136
532ae5	137	if($_SESSION["s"]["user"]["typ"] != 'admin') {
L	138
	139	// Get the limits of the client
3ede53	140	$client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
cc7a82	141	$client = $app->db->queryOneRecord("SELECT limit_mailmailinglist, default_mailserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
7fe908	142
532ae5	143	//* Check if Domain belongs to user
L	144	if(isset($_POST["domain"])) {
2af58c	145	$domain = $app->db->queryOneRecord("SELECT domain FROM mail_domain WHERE domain = ? AND ".$app->tform->getAuthSQL('r'), $this->dataRecord["domain"]);
532ae5	146	if($domain["domain"] != $this->dataRecord["domain"]) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");
L	147	}
	148
	149	// When the record is updated
	150	if($this->id == 0) {
	151	//Check if email is in use
2af58c	152	$check = $app->db->queryOneRecord("SELECT count(source) as number FROM mail_forwarding WHERE source = ?", $this->dataRecord["listname"]."@".$this->dataRecord["domain"]);
532ae5	153	if($check['number'] != 0) {
7fe908	154	$app->error($app->tform->wordbook["email_in_use_txt"]);
532ae5	155	}
7fe908	156
2af58c	157	$check = $app->db->queryOneRecord("SELECT count(email) as number FROM mail_user WHERE email = ?", $this->dataRecord["listname"]."@".$this->dataRecord["domain"]);
532ae5	158	if($check['number'] != 0) {
7fe908	159	$app->error($app->tform->wordbook["email_in_use_txt"]);
532ae5	160	}
7fe908	161
2af58c	162	$check = $app->db->queryOneRecord("SELECT count(mailinglist_id) as number FROM mail_mailinglist WHERE listname = ? AND domain = ?", $this->dataRecord["listname"], $this->dataRecord["domain"]);
532ae5	163	if($check['number'] != 0) {
7fe908	164	$app->error($app->tform->wordbook["email_in_use_txt"]);
532ae5	165	}
7fe908	166
532ae5	167	// Check if the user may add another mail_domain
L	168	if($client["limit_mailmailinglist"] >= 0) {
cc7a82	169	$tmp = $app->db->queryOneRecord("SELECT count(mailinglist_id) as number FROM mail_mailinglist WHERE sys_groupid = ?", $client_group_id);
532ae5	170	if($tmp["number"] >= $client["limit_mailmailinglist"]) {
L	171	$app->error($app->tform->wordbook["limit_mailmailinglist_txt"]);
	172	}
	173	}
	174	}
	175
	176	// Clients may not set the client_group_id, so we unset them if user is not a admin
	177	if(!$app->auth->has_clients($_SESSION['s']['user']['userid'])) unset($this->dataRecord["client_group_id"]);
	178	}
	179
	180	//* make sure that the email domain is lowercase
	181	if(isset($this->dataRecord["domain"])) $this->dataRecord["domain"] = strtolower($this->dataRecord["domain"]);
	182
	183	parent::onSubmit();
	184	}
7fe908	185
532ae5	186	function onBeforeInsert() {
L	187	global $app, $conf;
	188
	189	// Set the server id of the mailinglist = server ID of mail domain.
2af58c	190	$domain = $app->db->queryOneRecord("SELECT server_id FROM mail_domain WHERE domain = ?", $this->dataRecord["domain"]);
532ae5	191	$this->dataRecord["server_id"] = $domain['server_id'];
L	192	}
7fe908	193
532ae5	194	function onAfterInsert() {
L	195	global $app, $conf;
	196
	197	// make sure that the record belongs to the client group and not the admin group when a dmin inserts it
	198	// also make sure that the user can not delete domain created by a admin
	199	if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) {
65ea2e	200	$client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
2af58c	201	$app->db->query("UPDATE mail_mailinglist SET sys_groupid = ?, sys_perm_group = 'ru' WHERE mailinglist_id = ?", $client_group_id, $this->id);
532ae5	202	}
L	203	if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($this->dataRecord["client_group_id"])) {
65ea2e	204	$client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
2af58c	205	$app->db->query("UPDATE mail_mailinglist SET sys_groupid = ?, sys_perm_group = 'riud' WHERE mailinglist_id = ?", $client_group_id, $this->id);
532ae5	206	}
L	207	}
7fe908	208
532ae5	209	function onBeforeUpdate() {
L	210	global $app, $conf;
7fe908	211
532ae5	212	//* Check if the server has been changed
L	213	// We do this only for the admin or reseller users, as normal clients can not change the server ID anyway
	214	if($_SESSION["s"]["user"]["typ"] == 'admin' \|\| $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
2af58c	215	$rec = $app->db->queryOneRecord("SELECT server_id, domain from mail_mailinglist WHERE mailinglist_id = ?", $this->id);
532ae5	216	$this->dataRecord["server_id"] = $rec['server_id'];
L	217	unset($rec);
	218	//* If the user is neither admin nor reseller
	219	} else {
	220	//* We do not allow users to change a domain which has been created by the admin
2af58c	221	$rec = $app->db->queryOneRecord("SELECT domain from mail_mailinglist WHERE mailinglist_id = ?", $this->id);
7fe908	222	if($rec['domain'] != $this->dataRecord["domain"] && $app->tform->checkPerm($this->id, 'u')) {
532ae5	223	//* Add a error message and switch back to old server
L	224	$app->tform->errorMessage .= $app->lng('The Domain can not be changed. Please ask your Administrator if you want to change the domain name.');
	225	$this->dataRecord["domain"] = $rec['domain'];
	226	}
	227	unset($rec);
	228	}
	229	}
7fe908	230
532ae5	231	function onAfterUpdate() {
L	232	global $app, $conf;
7fe908	233
532ae5	234	// make sure that the record belongs to the clinet group and not the admin group when admin inserts it
L	235	// also make sure that the user can not delete domain created by a admin
	236	if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) {
65ea2e	237	$client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
2af58c	238	$app->db->query("UPDATE mail_mailinglist SET sys_groupid = ?, sys_perm_group = 'ru' WHERE mailinglist_id = ?", $client_group_id, $this->id);
532ae5	239	}
L	240	if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($this->dataRecord["client_group_id"])) {
65ea2e	241	$client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
2af58c	242	$app->db->query("UPDATE mail_mailinglist SET sys_groupid = ?, sys_perm_group = 'riud' WHERE mailinglist_id = ?", $client_group_id, $this->id);
532ae5	243	}
L	244	}
7fe908	245
532ae5	246	}
L	247
	248	$app->tform_actions = new page_action;
	249	$app->tform_actions->onLoad();
	250
	251	?>