gitlabFork/ISPConfig3.git - Solinfo Gitblit

Fixed: FS#3649 - Resellers can not add domains for their clients in client ...

Till Brehm

2014-08-29 6227d73ec10dc088bf944609ec43011da771cd9c

commit \| author \| age
142907	1	<?php
T	2	/*
	3	Copyright (c) 2010 Till Brehm, projektfarm Gmbh and Oliver Vogel www.muv.com
	4	All rights reserved.
	5
	6	Redistribution and use in source and binary forms, with or without modification,
	7	are permitted provided that the following conditions are met:
	8
	9	* Redistributions of source code must retain the above copyright notice,
	10	this list of conditions and the following disclaimer.
	11	* Redistributions in binary form must reproduce the above copyright notice,
	12	this list of conditions and the following disclaimer in the documentation
	13	and/or other materials provided with the distribution.
	14	* Neither the name of ISPConfig nor the names of its contributors
	15	may be used to endorse or promote products derived from this software without
	16	specific prior written permission.
	17
	18	THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
	19	ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
	20	WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
	21	IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
	22	INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
	23	BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	24	DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
	25	OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
	26	NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
	27	EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	28	*/
	29
	30
	31	/******************************************
	32	* Begin Form configuration
	33	******************************************/
	34
	35	$tform_def_file = "form/domain.tform.php";
	36
	37	/******************************************
	38	* End Form configuration
	39	******************************************/
	40
7fe908	41	require_once '../../lib/config.inc.php';
MC	42	require_once '../../lib/app.inc.php';
142907	43
T	44	//* Check permissions for module
	45	$app->auth->check_module_permissions('client');
	46
	47	// Loading classes
	48	$app->uses('tpl,tform,tform_actions');
	49	$app->load('tform_actions');
	50
	51	//* load language file
	52	$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'.lng';
7fe908	53	include $lng_file;
142907	54
554c40	55
142907	56	class page_action extends tform_actions {
T	57
	58	function onShowNew() {
	59	global $app, $conf, $wb;
	60
	61	// Only admins can add domains, so we don't need any check
	62
	63	$app->tpl->setVar($wb);
	64
	65	parent::onShowNew();
	66	}
	67
	68	function onShowEnd() {
	69	global $app, $conf, $wb;
b4284d	70
TB	71	if($_SESSION["s"]["user"]["typ"] != 'admin' && $this->id == 0) {
	72	if(!$app->tform->checkClientLimit('limit_domainmodule')) {
	73	$app->uses('ini_parser,getconf');
	74	$settings = $app->getconf->get_global_config('domains');
	75	if ($settings['use_domain_module'] == 'y') {
	76	$app->error($settings['new_domain_html']);
	77	}
	78	}
	79	}
142907	80
T	81	if($_SESSION["s"]["user"]["typ"] == 'admin') {
	82	// Getting Clients of the user
332ae5	83	//$sql = "SELECT groupid, name FROM sys_group WHERE client_id > 0 ORDER BY name";
ca4b71	84	$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.client_id > 0 ORDER BY client.company_name, client.contact_name, sys_group.name";
142907	85	$clients = $app->db->queryAllRecords($sql);
T	86	$client_select = '';
	87	if($_SESSION["s"]["user"]["typ"] == 'admin') $client_select .= "<option value='0'></option>";
	88	$tmp_data_record = $app->tform->getDataRecord($this->id);
	89	if(is_array($clients)) {
	90	foreach( $clients as $client) {
	91	$selected = ($client["groupid"] == $tmp_data_record["sys_groupid"])?'SELECTED':'';
	92	$client_select .= "<option value='$client[groupid]' $selected>$client[name]</option>\r\n";
	93	}
	94	}
7fe908	95	$app->tpl->setVar("client_group_id", $client_select);
142907	96
b4284d	97	} else {
TB	98	// Get the limits of the client
	99	$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
	100	$client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
	101
	102	// Fill the client select field
ca4b71	103	$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$client['client_id']." ORDER BY client.company_name, client.contact_name, sys_group.name";
b4284d	104	//die($sql);
TB	105	$records = $app->db->queryAllRecords($sql);
	106	$tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$app->functions->intval($client['client_id']));
	107	$client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';
	108	//$tmp_data_record = $app->tform->getDataRecord($this->id);
	109	if(is_array($records)) {
	110	$selected_client_group_id = 0; // needed to get list of PHP versions
	111	foreach( $records as $rec) {
	112	if(is_array($this->dataRecord) && ($rec["groupid"] == $this->dataRecord['client_group_id'] \|\| $rec["groupid"] == $this->dataRecord['sys_groupid']) && !$selected_client_group_id) $selected_client_group_id = $rec["groupid"];
	113	$selected = @(is_array($this->dataRecord) && ($rec["groupid"] == $this->dataRecord['client_group_id'] \|\| $rec["groupid"] == $this->dataRecord['sys_groupid']))?'SELECTED':'';
	114	if($selected == 'SELECTED') $selected_client_group_id = $rec["groupid"];
	115	$client_select .= "<option value='$rec[groupid]' $selected>$rec[contactname]</option>\r\n";
	116	}
	117	}
	118	$app->tpl->setVar("client_group_id", $client_select);
142907	119	}
T	120
	121	if($this->id > 0) {
	122	//* we are editing a existing record
	123	$app->tpl->setVar("edit_disabled", 1);
	124	} else {
	125	$app->tpl->setVar("edit_disabled", 0);
	126	}
	127
	128	$app->tpl->setVar($wb);
	129
	130	parent::onShowEnd();
	131	}
	132
	133	function onSubmit() {
	134	global $app, $conf, $wb;
	135
	136	if($_SESSION["s"]["user"]["typ"] == 'admin') {
	137	if ($this->id == 0) {
	138	/*
	139	* We create a new record
	140	*/
	141	// Check if the user is empty
	142	if(isset($this->dataRecord['client_group_id']) && $this->dataRecord['client_group_id'] == 0) {
	143	$app->tform->errorMessage .= $wb['error_client_group_id_empty'];
	144	}
	145	//* make sure that the domain is lowercase
	146	if(isset($this->dataRecord["domain"])) $this->dataRecord["domain"] = strtolower($this->dataRecord["domain"]);
	147	}
	148	else {
	149	/*
	150	* We edit a existing one, but there is nothing to edit
	151	*/
	152	$this->dataRecord = $app->tform->getDataRecord($this->id);
	153	}
b4284d	154	} elseif ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
TB	155	if ($this->id == 0) {
	156	/*
	157	* We create a new record
	158	*/
	159	// Check if the user is empty
	160	if(isset($this->dataRecord['client_group_id']) && $this->dataRecord['client_group_id'] == 0) {
	161	$app->tform->errorMessage .= $wb['error_client_group_id_empty'];
	162	}
	163	//* make sure that the domain is lowercase
	164	if(isset($this->dataRecord["domain"])) $this->dataRecord["domain"] = strtolower($this->dataRecord["domain"]);
	165	}
	166	else {
	167	/*
	168	* We edit a existing one, but there is nothing to edit
	169	*/
	170	$this->dataRecord = $app->tform->getDataRecord($this->id);
	171	}
142907	172	} else {
T	173	if($this->id > 0) {
	174	/*
	175	* Clients may not edit anything, so we reset the old data
	176	*/
	177	$this->dataRecord = $app->tform->getDataRecord($this->id);
	178	} else {
	179	/*
	180	* clients may not create a new domain
	181	*/
	182	$app->error($wb['error_client_can_not_add_domain']);
	183	}
	184	}
	185
	186	$app->tpl->setVar($wb);
	187
	188	parent::onSubmit();
	189	}
	190
	191	function onAfterInsert() {
	192	global $app, $conf;
	193
	194	// make sure that the record belongs to the client group and not the admin group when admin inserts it
	195	// also make sure that the user can not delete domain created by a admin
6227d7	196	if(($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) \|\| ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSION['s']['user']['userid']))) {
65ea2e	197	$client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
142907	198	$app->db->query("UPDATE domain SET sys_groupid = $client_group_id, sys_perm_group = 'ru' WHERE domain_id = ".$this->id);
T	199	}
	200	}
7fe908	201
142907	202	}
T	203
	204	$page = new page_action;
	205	$page->onLoad();
	206
7fe908	207	?>