- don't set password via remoting if field is empty

Marius Cramer

2015-08-06 37b29231e47a0c4458dc1c15d98588f16f07e1e2

 interface/web/tools/import_ispconfig.php

@@ -49,6 +49,10 @@
$app->tpl->setVar($wb);

if(isset($_POST['connected'])) {
	
   //* CSRF Check
   $app->auth->csrf_token_check();
	
   $connected = $app->functions->intval($_POST['connected']);
   if($connected == 0) {

@@ -133,6 +137,11 @@
$app->tpl->setVar('msg', $msg);
$app->tpl->setVar('error', $error);

//* SET csrf token
$csrf_token = $app->auth->csrf_token_get('ispconfig_import');
$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);

$app->tpl_defaults();
$app->tpl->pparse();

@@ -143,7 +152,7 @@

   //* Get the user and groupid for the new records
   $sys_groupid = $app->functions->intval($_POST['client_group_id']);
   $tmp = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE default_group = $sys_groupid");
   $tmp = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE default_group = ?", $sys_groupid);
   $sys_userid = $app->functions->intval($tmp['userid']);
   unset($tmp);
   if($sys_groupid == 0) $error .= 'Inavlid groupid<br />';
@@ -159,7 +168,7 @@
   $mail_domain_rec = $client->mail_domain_get($remote_session_id, array('domain' => $mail_domain));
   if(is_array($mail_domain_rec)) {
      $mail_domain_rec = $mail_domain_rec[0];
      $tmp = $app->db->queryOneRecord("SELECT count(domain_id) as number FROM mail_domain WHERE domain = '".$app->db->quote($mail_domain)."'");
      $tmp = $app->db->queryOneRecord("SELECT count(domain_id) as number FROM mail_domain WHERE domain = ?", $mail_domain);
      if($tmp['number'] > 0) $error .= 'Domain '.$mail_domain.' exists already in local database.<br />';
      unset($tmp);

@@ -182,7 +191,7 @@
         $mail_users = $client->mail_user_get($remote_session_id, array('email' => '%@'.$mail_domain));
         if(is_array($mail_users)) {
            foreach($mail_users as $mail_user) {
               $tmp = $app->db->queryOneRecord("SELECT count(mailuser_id) as number FROM mail_user WHERE email = '".$app->db->quote($mail_user['email'])."'");
               $tmp = $app->db->queryOneRecord("SELECT count(mailuser_id) as number FROM mail_user WHERE email = ?", $mail_user['email']);
               if($tmp['number'] == 0) {

                  //* Prepare record
@@ -229,7 +238,7 @@
         $mail_aliases = $client->mail_alias_get($remote_session_id, array('type' => 'alias', 'destination' => '%@'.$mail_domain));
         if(is_array($mail_aliases)) {
            foreach($mail_aliases as $mail_alias) {
               $tmp = $app->db->queryOneRecord("SELECT count(forwarding_id) as number FROM mail_forwarding WHERE `type` = 'alias' AND source = '".$app->db->quote($mail_alias['source'])."' AND destination = '".$app->db->quote($mail_alias['destination'])."'");
               $tmp = $app->db->queryOneRecord("SELECT count(forwarding_id) as number FROM mail_forwarding WHERE `type` = 'alias' AND source = ? AND destination = ?", $mail_alias['source'], $mail_alias['destination']);
               if($tmp['number'] == 0) {
                  $mail_alias['sys_userid'] = $sys_userid;
                  $mail_alias['sys_groupid'] = $sys_groupid;
@@ -250,7 +259,7 @@
         $mail_aliases = $client->mail_alias_get($remote_session_id, array('type' => 'aliasdomain', 'destination' => '@'.$mail_domain));
         if(is_array($mail_aliases)) {
            foreach($mail_aliases as $mail_alias) {
               $tmp = $app->db->queryOneRecord("SELECT count(forwarding_id) as number FROM mail_forwarding WHERE `type` = 'aliasdomain' AND source = '".$app->db->quote($mail_alias['source'])."' AND destination = '".$app->db->quote($mail_alias['destination'])."'");
               $tmp = $app->db->queryOneRecord("SELECT count(forwarding_id) as number FROM mail_forwarding WHERE `type` = 'aliasdomain' AND source = ? AND destination = ?", $mail_alias['source'], $mail_alias['destination']);
               if($tmp['number'] == 0) {
                  $mail_alias['sys_userid'] = $sys_userid;
                  $mail_alias['sys_groupid'] = $sys_groupid;
@@ -271,7 +280,7 @@
         $mail_forwards = $client->mail_forward_get($remote_session_id, array('type' => 'forward', 'source' => '%@'.$mail_domain));
         if(is_array($mail_forwards)) {
            foreach($mail_forwards as $mail_forward) {
               $tmp = $app->db->queryOneRecord("SELECT count(forwarding_id) as number FROM mail_forwarding WHERE `type` = 'forward' AND source = '".$app->db->quote($mail_forward['source'])."' AND destination = '".$app->db->quote($mail_forward['destination'])."'");
               $tmp = $app->db->queryOneRecord("SELECT count(forwarding_id) as number FROM mail_forwarding WHERE `type` = 'forward' AND source = ? AND destination = ?", $mail_forward['source'], $mail_forward['destination']);
               if($tmp['number'] == 0) {
                  $mail_forward['sys_userid'] = $sys_userid;
                  $mail_forward['sys_groupid'] = $sys_groupid;
@@ -292,7 +301,7 @@
         $mail_spamfilters = $client->mail_spamfilter_user_get($remote_session_id, array('email' => '%@'.$mail_domain));
         if(is_array($mail_spamfilters)) {
            foreach($mail_spamfilters as $mail_spamfilter) {
               $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM spamfilter_users WHERE email = '".$app->db->quote($mail_spamfilter['email'])."'");
               $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM spamfilter_users WHERE email = ?", $mail_spamfilter['email']);
               if($tmp['number'] == 0) {
                  $mail_spamfilter['sys_userid'] = $sys_userid;
                  $mail_spamfilter['sys_groupid'] = $sys_groupid;