- Added security check script. - Create md5 sums of all files at install an...

Till Brehm

2014-08-14 1ed92e187ae2dfb51f5f2d62c290a85f93b6dc21

 interface/lib/classes/validate_client.inc.php

@@ -1,7 +1,7 @@
<?php

/*
Copyright (c) 2007, Till Brehm, Falko Timme, projektfarm Gmbh
Copyright (c) 2007, Till Brehm, projektfarm Gmbh
All rights reserved.

Redistribution and use in source and binary forms, with or without modification,
@@ -28,39 +28,75 @@
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/


class validate_client {
	

   /*
      Validator function to check if a username is unique.
   */
   function username_unique($field_name, $field_value, $validator) {
      global $app;
		
      if($app->tform->action == 'NEW') {
           $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM sys_user WHERE username = '".$app->db->quote($field_value)."'");
               if($num_rec["number"] > 0) {
                   $errmsg = $validator['errmsg'];
               if(isset($this->wordbook[$errmsg])) {
                       return $app->tform->wordbook[$errmsg]."<br>\r\n";
               } else {
                  return $errmsg."<br>\r\n";
               }
                }
        } else {
           $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM sys_user WHERE username = '".$app->db->quote($field_value)."' AND client_id != ".$app->tform->primary_id);

      if(isset($app->remoting_lib->primary_id)) {
         $client_id = $app->remoting_lib->primary_id;
      } else {
         $client_id = $app->tform->primary_id;
      }

      if($client_id == 0) {
         $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM sys_user WHERE username = '".$app->db->quote($field_value)."'");
         if($num_rec["number"] > 0) {
               $errmsg = $validator['errmsg'];
                if(isset($app->tform->wordbook[$errmsg])) {
                   return $app->tform->wordbook[$errmsg]."<br>\r\n";
            $errmsg = $validator['errmsg'];
            if(isset($app->tform->wordbook[$errmsg])) {
               return $app->tform->wordbook[$errmsg]."<br>\r\n";
            } else {
               return $errmsg."<br>\r\n";
            }
         }
      } else {
         $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM sys_user WHERE username = '".$app->db->quote($field_value)."' AND client_id != ".$app->functions->intval($client_id));
         if($num_rec["number"] > 0) {
            $errmsg = $validator['errmsg'];
            if(isset($app->tform->wordbook[$errmsg])) {
               return $app->tform->wordbook[$errmsg]."<br>\r\n";
            } else {
               return $errmsg."<br>\r\n";
            }
         }
      }
   }
	
	
	
	
}

   function username_collision($field_name, $field_value, $validator) {
      global $app;

      if(isset($app->remoting_lib->primary_id)) {
         $client_id = $app->remoting_lib->primary_id;
      } else {
         $client_id = $app->tform->primary_id;
      }

      $app->uses('getconf');
      $global_config = $app->getconf->get_global_config('sites');

      if((trim($field_value) == 'web' || preg_match('/^web[0-9]/', $field_value)) &&
         ($global_config['ftpuser_prefix'] == '[CLIENTNAME]' ||
            $global_config['ftpuser_prefix'] == '' ||
            $global_config['shelluser_prefix'] == '[CLIENTNAME]' ||
            $global_config['shelluser_prefix'] == '' ) &&
         $global_config['client_username_web_check_disabled'] == 'n') {
         $errmsg = $validator['errmsg'];
         if(isset($app->tform->wordbook[$errmsg])) {
            return $app->tform->wordbook[$errmsg]."<br>\r\n";
         } else {
            return $errmsg."<br>\r\n";
         }
      }




   }




}