| | |
|---|
| | | unset($tmp_recordid); |
|---|
| | | |
|---|
| | | $querystring = str_replace("{AUTHSQL}",$this->getAuthSQL('r'),$querystring); |
|---|
| | | $querystring = preg_replace_callback('@{AUTHSQL::(.+?)}@', "self::table_auth_sql", $querystring); |
|---|
| | | |
|---|
| | | // Getting the records |
|---|
| | | $tmp_records = $app->db->queryAllRecords($querystring); |
|---|
| | |
|---|
| | | return $values; |
|---|
| | | |
|---|
| | | } |
|---|
| | | |
|---|
| | | function table_auth_sql($matches){ |
|---|
| | | return $this->getAuthSQL('r', $matches[1]); |
|---|
| | | } |
|---|
| | | |
|---|
| | | //* If the parameter 'valuelimit' is set |
|---|
| | | function applyValueLimit($limit,$values) { |
|---|
| | |
|---|
| | | break; |
|---|
| | | |
|---|
| | | case 'PASSWORD': |
|---|
| | | $new_record[$key] = ''; |
|---|
| | | //$new_record[$key] = ''; |
|---|
| | | $new_record[$key] = htmlspecialchars($field['default']); |
|---|
| | | break; |
|---|
| | | |
|---|
| | | case 'CHECKBOX': |
|---|
| | |
|---|
| | | $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n"; |
|---|
| | | } else { |
|---|
| | | $this->errorMessage .= $errmsg."<br />\r\n"; |
|---|
| | | }
|
|---|
| | | }
|
|---|
| | | break;
|
|---|
| | | case 'ISV6PREFIX':
|
|---|
| | | $v6_prefix_ok = 0;
|
|---|
| | | $explode_field_value = explode(':',$field_value);
|
|---|
| | | if ($explode_field_value[count($explode_field_value)-1]=='' && $explode_field_value[count($explode_field_value)-2]=='' ){
|
|---|
| | | if ( count($explode_field_value) <= 9 ) {
|
|---|
| | | if(filter_var(substr($field_value,0,strlen($field_value)-2),FILTER_VALIDATE_IP,FILTER_FLAG_IPV6) or filter_var(substr($field_value,0,strlen($field_value)-2).'::0',FILTER_VALIDATE_IP,FILTER_FLAG_IPV6) or filter_var(substr($field_value,0,strlen($field_value)-2).':0',FILTER_VALIDATE_IP,FILTER_FLAG_IPV6) ) {
|
|---|
| | | $v6_prefix_ok = 1;
|
|---|
| | | }
|
|---|
| | | }
|
|---|
| | | } else { |
|---|
| | | $v6_prefix_ok = 2; |
|---|
| | | }
|
|---|
| | | // check subnet against defined server-ipv6
|
|---|
| | | $sql_v6 = $app->db->queryOneRecord("SELECT ip_address FROM server_ip WHERE ip_type = 'IPv6' AND virtualhost = 'y' LIMIT 0,1");
|
|---|
| | | $sql_v6_explode=explode(':',$sql_v6['ip_address']);
|
|---|
| | | if ( count($sql_v6_explode) < count($explode_field_value) && isset($sql_v6['ip_address']) ) { |
|---|
| | | $v6_prefix_ok = 3; |
|---|
| | | }
|
|---|
| | | if($v6_prefix_ok == 0) { |
|---|
| | | $errmsg = $validator['errmsg']; |
|---|
| | | }
|
|---|
| | | if($v6_prefix_ok == 2) { |
|---|
| | | $errmsg = 'IPv6 Prefix must end with ::'; |
|---|
| | | }
|
|---|
| | | if($v6_prefix_ok == 3) { |
|---|
| | | $errmsg = 'IPv6 Prefix too long (according to Server IP Addresses)'; |
|---|
| | | }
|
|---|
| | | if($v6_prefix_ok <> 1){
|
|---|
| | | $this->errorMessage .= $errmsg."<br />\r\n"; |
|---|
| | | }
|
|---|
| | | break;
|
|---|
| | | case 'ISIPV4':
|
|---|
| | | $vip=1;
|
|---|
| | | if(preg_match("/^[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}$/", $field_value)){
|
|---|
| | | } |
|---|
| | | } |
|---|
| | | break; |
|---|
| | | /* |
|---|
| | | case 'ISV6PREFIX': |
|---|
| | | $v6_prefix_ok = 0; |
|---|
| | | $explode_field_value = explode(':',$field_value); |
|---|
| | | if ($explode_field_value[count($explode_field_value)-1]=='' && $explode_field_value[count($explode_field_value)-2]=='' ){ |
|---|
| | | if ( count($explode_field_value) <= 9 ) { |
|---|
| | | if(filter_var(substr($field_value,0,strlen($field_value)-2),FILTER_VALIDATE_IP,FILTER_FLAG_IPV6) or filter_var(substr($field_value,0,strlen($field_value)-2).'::0',FILTER_VALIDATE_IP,FILTER_FLAG_IPV6) or filter_var(substr($field_value,0,strlen($field_value)-2).':0',FILTER_VALIDATE_IP,FILTER_FLAG_IPV6) ) { |
|---|
| | | $v6_prefix_ok = 1; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } else { |
|---|
| | | $v6_prefix_ok = 2; |
|---|
| | | } |
|---|
| | | // check subnet against defined server-ipv6 |
|---|
| | | $sql_v6 = $app->db->queryOneRecord("SELECT ip_address FROM server_ip WHERE ip_type = 'IPv6' AND virtualhost = 'y' LIMIT 0,1"); |
|---|
| | | $sql_v6_explode=explode(':',$sql_v6['ip_address']); |
|---|
| | | if ( count($sql_v6_explode) < count($explode_field_value) && isset($sql_v6['ip_address']) ) { |
|---|
| | | $v6_prefix_ok = 3; |
|---|
| | | } |
|---|
| | | if($v6_prefix_ok == 0) { |
|---|
| | | $errmsg = $validator['errmsg']; |
|---|
| | | } |
|---|
| | | if($v6_prefix_ok == 2) { |
|---|
| | | $errmsg = 'IPv6 Prefix must end with ::'; |
|---|
| | | } |
|---|
| | | if($v6_prefix_ok == 3) { |
|---|
| | | $errmsg = 'IPv6 Prefix too long (according to Server IP Addresses)'; |
|---|
| | | } |
|---|
| | | if($v6_prefix_ok <> 1){ |
|---|
| | | $this->errorMessage .= $errmsg."<br />\r\n"; |
|---|
| | | } |
|---|
| | | break; |
|---|
| | | */ |
|---|
| | | case 'ISIPV4': |
|---|
| | | $vip=1; |
|---|
| | | if(preg_match("/^[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}$/", $field_value)){ |
|---|
| | | $groups=explode(".",$field_value); |
|---|
| | | foreach($groups as $group){ |
|---|
| | | if($group<0 OR $group>255) |
|---|
| | |
|---|
| | | } |
|---|
| | | break; |
|---|
| | | case 'ISIP': |
|---|
| | | //* Check if its a IPv4 or IPv6 address |
|---|
| | | if(function_exists('filter_var')) { |
|---|
| | | if(!filter_var($field_value,FILTER_VALIDATE_IP)) { |
|---|
| | | $errmsg = $validator['errmsg']; |
|---|
| | | if(isset($this->wordbook[$errmsg])) { |
|---|
| | | $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n"; |
|---|
| | | } else { |
|---|
| | | $this->errorMessage .= $errmsg."<br />\r\n"; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | if($validator['allowempty'] != 'y') $validator['allowempty'] = 'n'; |
|---|
| | | if($validator['allowempty'] == 'y' && $field_value == '') { |
|---|
| | | //* Do nothing |
|---|
| | | } else { |
|---|
| | | //* Check content with regex, if we use php < 5.2 |
|---|
| | | $ip_ok = 0; |
|---|
| | | if(preg_match("/^(\:\:([a-f0-9]{1,4}\:){0,6}?[a-f0-9]{0,4}|[a-f0-9]{1,4}(\:[a-f0-9]{1,4}){0,6}?\:\:|[a-f0-9]{1,4}(\:[a-f0-9]{1,4}){1,6}?\:\:([a-f0-9]{1,4}\:){1,6}?[a-f0-9]{1,4})(\/\d{1,3})?$/i", $field_value)){ |
|---|
| | | $ip_ok = 1; |
|---|
| | | //* Check if its a IPv4 or IPv6 address |
|---|
| | | if(isset($validator['separator']) && $validator['separator'] != '') { |
|---|
| | | //* When the field may contain several IP addresses, split them by the char defined as separator |
|---|
| | | $field_value_array = explode($validator['separator'],$field_value); |
|---|
| | | } else { |
|---|
| | | $field_value_array[] = $field_value; |
|---|
| | | } |
|---|
| | | if(preg_match("/^[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}$/", $field_value)){ |
|---|
| | | $ip_ok = 1; |
|---|
| | | } |
|---|
| | | if($ip_ok == 0) { |
|---|
| | | $errmsg = $validator['errmsg']; |
|---|
| | | if(isset($this->wordbook[$errmsg])) { |
|---|
| | | $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n"; |
|---|
| | | foreach($field_value_array as $field_value) { |
|---|
| | | $field_value = trim($field_value); |
|---|
| | | if(function_exists('filter_var')) { |
|---|
| | | if(!filter_var($field_value,FILTER_VALIDATE_IP)) { |
|---|
| | | $errmsg = $validator['errmsg']; |
|---|
| | | if(isset($this->wordbook[$errmsg])) { |
|---|
| | | $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n"; |
|---|
| | | } else { |
|---|
| | | $this->errorMessage .= $errmsg."<br />\r\n"; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } else { |
|---|
| | | $this->errorMessage .= $errmsg."<br />\r\n"; |
|---|
| | | //* Check content with regex, if we use php < 5.2 |
|---|
| | | $ip_ok = 0; |
|---|
| | | if(preg_match("/^(\:\:([a-f0-9]{1,4}\:){0,6}?[a-f0-9]{0,4}|[a-f0-9]{1,4}(\:[a-f0-9]{1,4}){0,6}?\:\:|[a-f0-9]{1,4}(\:[a-f0-9]{1,4}){1,6}?\:\:([a-f0-9]{1,4}\:){1,6}?[a-f0-9]{1,4})(\/\d{1,3})?$/i", $field_value)){ |
|---|
| | | $ip_ok = 1; |
|---|
| | | } |
|---|
| | | if(preg_match("/^[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}$/", $field_value)){ |
|---|
| | | $ip_ok = 1; |
|---|
| | | } |
|---|
| | | if($ip_ok == 0) { |
|---|
| | | $errmsg = $validator['errmsg']; |
|---|
| | | if(isset($this->wordbook[$errmsg])) { |
|---|
| | | $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n"; |
|---|
| | | } else { |
|---|
| | | $this->errorMessage .= $errmsg."<br />\r\n"; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| | |
|---|
| | | $record[$key] = $app->auth->crypt_password(stripslashes($record[$key])); |
|---|
| | | $sql_insert_val .= "'".$app->db->quote($record[$key])."', "; |
|---|
| | | } elseif ($field['encryption'] == 'MYSQL') { |
|---|
| | | $sql_insert_val .= "PASSWORD('".$app->db->quote($record[$key])."'), "; |
|---|
| | | $tmp = $app->db->queryOneRecord("SELECT PASSWORD('".$app->db->quote(stripslashes($record[$key]))."') as `crypted`"); |
|---|
| | | $record[$key] = $tmp['crypted']; |
|---|
| | | $sql_insert_val .= "'".$app->db->quote($record[$key])."', "; |
|---|
| | | } elseif ($field['encryption'] == 'CLEARTEXT') { |
|---|
| | | $sql_insert_val .= "'".$app->db->quote($record[$key])."', "; |
|---|
| | | } else { |
|---|
| | |
|---|
| | | $record[$key] = $app->auth->crypt_password(stripslashes($record[$key])); |
|---|
| | | $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', "; |
|---|
| | | } elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') { |
|---|
| | | $sql_update .= "`$key` = PASSWORD('".$app->db->quote($record[$key])."'), "; |
|---|
| | | $tmp = $app->db->queryOneRecord("SELECT PASSWORD('".$app->db->quote(stripslashes($record[$key]))."') as `crypted`"); |
|---|
| | | $record[$key] = $tmp['crypted']; |
|---|
| | | $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', "; |
|---|
| | | } elseif (isset($field['encryption']) && $field['encryption'] == 'CLEARTEXT') { |
|---|
| | | $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', "; |
|---|
| | | } else { |
|---|
| | |
|---|
| | | function getDataRecord($primary_id) { |
|---|
| | | global $app; |
|---|
| | | $escape = '`'; |
|---|
| | | $sql = "SELECT * FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$this->formDef['db_table_idx']." = ".$primary_id; |
|---|
| | | $sql = "SELECT * FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$this->formDef['db_table_idx']." = ".$primary_id." AND ".$this->getAuthSQL('r',$this->formDef['db_table']); |
|---|
| | | return $app->db->queryOneRecord($sql); |
|---|
| | | } |
|---|
| | | |
|---|
| | |
|---|
| | | |
|---|
| | | $app->db->datalogSave($this->formDef['db_table'], $action, $this->formDef['db_table_idx'], $primary_id, $record_old, $record_new); |
|---|
| | | return true; |
|---|
| | | |
|---|
| | | /* |
|---|
| | | // Add backticks for incomplete table names. |
|---|
| | | if(stristr($this->formDef['db_table'],'.')) { |
|---|
| | | $escape = ''; |
|---|
| | | } else { |
|---|
| | | $escape = '`'; |
|---|
| | | } |
|---|
| | | |
|---|
| | | $this->diffrec = array(); |
|---|
| | | |
|---|
| | | // Full diff records for ISPConfig, they have a different format then the simple diffrec |
|---|
| | | $diffrec_full = array(); |
|---|
| | | |
|---|
| | | if(is_array($record_old) && count($record_old) > 0) { |
|---|
| | | foreach($record_old as $key => $val) { |
|---|
| | | //if(isset($record_new[$key]) && $record_new[$key] != $val) { |
|---|
| | | if(!isset($record_new[$key]) || $record_new[$key] != $val) { |
|---|
| | | // Record has changed |
|---|
| | | $diffrec_full['old'][$key] = $val; |
|---|
| | | $diffrec_full['new'][$key] = $record_new[$key]; |
|---|
| | | $this->diffrec[$key] = array( 'new' => $record_new[$key], |
|---|
| | | 'old' => $val); |
|---|
| | | } else { |
|---|
| | | $diffrec_full['old'][$key] = $val; |
|---|
| | | $diffrec_full['new'][$key] = $val; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } elseif(is_array($record_new)) { |
|---|
| | | foreach($record_new as $key => $val) { |
|---|
| | | if(isset($record_new[$key]) && $record_old[$key] != $val) { |
|---|
| | | // Record has changed |
|---|
| | | $diffrec_full['new'][$key] = $val; |
|---|
| | | $diffrec_full['old'][$key] = $record_old[$key]; |
|---|
| | | $this->diffrec[$key] = array( 'old' => @$record_old[$key], |
|---|
| | | 'new' => $val); |
|---|
| | | } else { |
|---|
| | | $diffrec_full['new'][$key] = $val; |
|---|
| | | $diffrec_full['old'][$key] = $val; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | //$this->diffrec = $diffrec; |
|---|
| | | // Insert the server_id, if the record has a server_id |
|---|
| | | $server_id = (isset($record_old["server_id"]) && $record_old["server_id"] > 0)?$record_old["server_id"]:0; |
|---|
| | | if(isset($record_new["server_id"])) $server_id = $record_new["server_id"]; |
|---|
| | | |
|---|
| | | if(count($this->diffrec) > 0) { |
|---|
| | | $diffstr = addslashes(serialize($diffrec_full)); |
|---|
| | | $username = $app->db->quote($_SESSION["s"]["user"]["username"]); |
|---|
| | | $dbidx = $this->formDef['db_table_idx'].":".$primary_id; |
|---|
| | | // $action = ($action == 'INSERT')?'i':'u'; |
|---|
| | | |
|---|
| | | if($action == 'INSERT') $action = 'i'; |
|---|
| | | if($action == 'UPDATE') $action = 'u'; |
|---|
| | | if($action == 'DELETE') $action = 'd'; |
|---|
| | | $sql = "INSERT INTO sys_datalog (dbtable,dbidx,server_id,action,tstamp,user,data) VALUES ('".$this->formDef['db_table']."','$dbidx','$server_id','$action','".time()."','$username','$diffstr')"; |
|---|
| | | $app->db->query($sql); |
|---|
| | | } |
|---|
| | | |
|---|
| | | return true; |
|---|
| | | */ |
|---|
| | | |
|---|
| | | } |
|---|
| | | |
|---|
| | | function getAuthSQL($perm, $table = '') { |
|---|
