gitlabFork/ISPConfig3.git - Solinfo Gitblit

parent: 015dffdc | patch | commit | ignore whitespace

Merge remote-tracking branch 'origin/stable-3.0.5'

Marius Cramer

2013-11-20 1a2cbfbf0cd666af05c28c3a7e51de3fb59bdd99

Merge remote-tracking branch 'origin/stable-3.0.5'

Conflicts:
	interface/lib/classes/tform.inc.php
	interface/web/admin/lib/lang/de_directive_snippets.lng
	interface/web/dns/dns_import.php
	interface/web/dns/dns_soa_edit.php
	interface/web/dns/dns_wizard.php
	interface/web/mail/mail_domain_edit.php
	interface/web/sites/database_edit.php
	interface/web/sites/lib/lang/de_web_domain.lng
	interface/web/sites/lib/lang/en_web_domain.lng
	interface/web/sites/web_domain_edit.php
	server/server.php

100 files modified

	interface/lib/classes/aps_crawler.inc.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/lib/classes/aps_guicontroller.inc.php	20 ●●●●● patch \| view \| raw \| blame \| history
	interface/lib/classes/auth.inc.php	7 ●●●●● patch \| view \| raw \| blame \| history
	interface/lib/classes/client_templates.inc.php	12 ●●●●● patch \| view \| raw \| blame \| history
	interface/lib/classes/custom_datasource.inc.php	14 ●●●●● patch \| view \| raw \| blame \| history
	interface/lib/classes/db_mysql.inc.php	13 ●●●●● patch \| view \| raw \| blame \| history
	interface/lib/classes/form.inc.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/lib/classes/plugin_backuplist.inc.php	4 ●●●●● patch \| view \| raw \| blame \| history
	interface/lib/classes/tform.inc.php	5 ●●●●● patch \| view \| raw \| blame \| history
	interface/lib/classes/tform_actions.inc.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/lib/classes/validate_client.inc.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/lib/classes/validate_dns.inc.php	4 ●●●●● patch \| view \| raw \| blame \| history
	interface/lib/classes/validate_domain.inc.php	6 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/admin/lib/lang/de_directive_snippets.lng	1 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/admin/lib/lang/en_directive_snippets.lng	1 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/admin/login_as.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/admin/remote_action_ispcupdate.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/admin/remote_action_osupdate.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/admin/server_edit.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/admin/server_ip_edit.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/admin/server_php_edit.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/admin/software_package_install.php	10 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/admin/software_package_list.php	4 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/admin/software_update_list.php	4 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/admin/system_config_edit.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/admin/templates/directive_snippets_edit.htm	21 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/admin/users_edit.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/client/client_edit.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/client/client_message.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/client/reseller_edit.php	8 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/dashboard/dashlets/limits.php	4 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/dashboard/dashlets/mailquota.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/dashboard/dashlets/quota.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/dns/dns_a_edit.php	6 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/dns/dns_aaaa_edit.php	4 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/dns/dns_alias_edit.php	4 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/dns/dns_cname_edit.php	6 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/dns/dns_hinfo_edit.php	4 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/dns/dns_import.php	18 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/dns/dns_mx_edit.php	8 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/dns/dns_ns_edit.php	4 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/dns/dns_ptr_edit.php	4 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/dns/dns_rp_edit.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/dns/dns_slave_edit.php	8 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/dns/dns_soa_edit.php	4 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/dns/dns_srv_edit.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/dns/dns_txt_edit.php	4 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/dns/dns_wizard.php	18 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/help/faq_list.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/help/support_message_edit.php	6 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/help/support_message_list.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/mail/mail_alias_edit.php	6 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/mail/mail_aliasdomain_edit.php	4 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/mail/mail_blacklist_edit.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/mail/mail_domain_catchall_edit.php	4 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/mail/mail_domain_edit.php	18 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/mail/mail_forward_edit.php	4 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/mail/mail_get_edit.php	4 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/mail/mail_mailinglist_edit.php	16 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/mail/mail_spamfilter_edit.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/mail/mail_transport_edit.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/mail/mail_user_edit.php	12 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/mail/mail_user_filter_edit.php	158 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/mail/mail_user_stats.php	8 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/mail/mail_whitelist_edit.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/mail/spamfilter_blacklist_edit.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/mail/spamfilter_config_edit.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/mail/spamfilter_policy_edit.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/mail/spamfilter_users_edit.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/mail/spamfilter_whitelist_edit.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/mailuser/index.php	4 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/mailuser/mail_user_filter_edit.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/mailuser/mail_user_filter_list.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/mailuser/mail_user_password_edit.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/mailuser/mail_user_spamfilter_edit.php	8 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/sites/ajax_get_json.php	4 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/sites/cron_edit.php	8 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/sites/database_edit.php	20 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/sites/database_user_edit.php	6 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/sites/ftp_user_edit.php	22 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/sites/lib/lang/de_web_domain.lng	1 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/sites/lib/lang/en_web_domain.lng	1 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/sites/shell_user_edit.php	10 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/sites/templates/web_domain_advanced.htm	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/sites/web_aliasdomain_edit.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/sites/web_domain_del.php	4 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/sites/web_domain_edit.php	50 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/sites/web_sites_stats.php	8 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/sites/web_subdomain_edit.php	4 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/sites/web_vhost_subdomain_del.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/sites/web_vhost_subdomain_edit.php	20 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/tools/dns_import_tupa.php	22 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/tools/user_settings.php	10 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/vm/openvz_action.php	4 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/vm/openvz_template_edit.php	8 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/vm/openvz_vm_edit.php	12 ●●●●● patch \| view \| raw \| blame \| history
	server/lib/classes/plugins.inc.php	2 ●●●●● patch \| view \| raw \| blame \| history
	server/plugins-available/nginx_plugin.inc.php	3 ●●●●● patch \| view \| raw \| blame \| history
	server/plugins-available/shelluser_base_plugin.inc.php	22 ●●●●● patch \| view \| raw \| blame \| history
	server/server.php	4 ●●●●● patch \| view \| raw \| blame \| history

 interface/lib/classes/aps_crawler.inc.php

@@ -595,7 +595,7 @@
                foreach($incomplete_pkgs as $incomplete_pkg){
                    $pkg_url = @file_get_contents($this->interface_pkg_dir.'/'.$incomplete_pkg['path'].'/PKG_URL');
                    if($pkg_url != ''){
                        $app->db->datalogUpdate('aps_packages', "package_url = '".$pkg_url."'", 'id', $incomplete_pkg['id']);
                        $app->db->datalogUpdate('aps_packages', "package_url = '".$app->db->quote($pkg_url)."'", 'id', $incomplete_pkg['id']);
                    }
                }
            }

 interface/lib/classes/aps_guicontroller.inc.php

@@ -266,18 +266,18 @@
            unset($tmp);

            // get information if the webserver is a db server, too
            $web_server = $app->db->queryOneRecord("SELECT server_id,server_name,db_server FROM server WHERE server_id  = ".$websrv['server_id']);
            $web_server = $app->db->queryOneRecord("SELECT server_id,server_name,db_server FROM server WHERE server_id  = ".$app->functions->intval($websrv['server_id']));
            if($web_server['db_server'] == 1) {
                // create database on "localhost" (webserver)
                $mysql_db_server_id = $websrv['server_id'];
                $mysql_db_server_id = $app->functions->intval($websrv['server_id']);
                $mysql_db_host = 'localhost';
                $mysql_db_remote_access = 'n';
                $mysql_db_remote_ips = '';
            } else {
                //* get the default database server of the client
                $client = $app->db->queryOneRecord("SELECT default_dbserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ".$websrv['sys_groupid']);
                $client = $app->db->queryOneRecord("SELECT default_dbserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ".$app->functions->intval($websrv['sys_groupid']));
                if(is_array($client) && $client['default_dbserver'] > 0 && $client['default_dbserver'] != $websrv['server_id']) {
                    $mysql_db_server_id =  $client['default_dbserver'];
                    $mysql_db_server_id =  $app->functions->intval($client['default_dbserver']);
                    $dbserver_config = $web_config = $app->getconf->get_server_config($app->functions->intval($mysql_db_server_id), 'server');
                    $mysql_db_host = $dbserver_config['ip_address'];
                    $mysql_db_remote_access = 'y';
@@ -301,13 +301,13 @@

            //* Find a free db name for the app
            for($n = 1; $n <= 1000; $n++) {
                $mysql_db_name = ($dbname_prefix != '' ? $dbname_prefix.'aps'.$n : uniqid('aps'));
                $mysql_db_name = $app->db->quote(($dbname_prefix != '' ? $dbname_prefix.'aps'.$n : uniqid('aps')));
                $tmp = $app->db->queryOneRecord("SELECT count(database_id) as number FROM web_database WHERE database_name = '".$app->db->quote($mysql_db_name)."'");
                if($tmp['number'] == 0) break;
            }
            //* Find a free db username for the app
            for($n = 1; $n <= 1000; $n++) {
                $mysql_db_user = ($dbuser_prefix != '' ? $dbuser_prefix.'aps'.$n : uniqid('aps'));
                $mysql_db_user = $app->db->quote(($dbuser_prefix != '' ? $dbuser_prefix.'aps'.$n : uniqid('aps')));
                $tmp = $app->db->queryOneRecord("SELECT count(database_user_id) as number FROM web_database_user WHERE database_user = '".$app->db->quote($mysql_db_user)."'");
                if($tmp['number'] == 0) break;
            }
@@ -316,12 +316,12 @@

            //* Create the mysql database user
            $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `database_user`, `database_user_prefix`, `database_password`)
                      VALUES( ".$websrv['sys_userid'].", ".$websrv['sys_groupid'].", 'riud', '".$websrv['sys_perm_group']."', '', 0, '$mysql_db_user', '".$app->db->quote($dbuser_prefix) . "', PASSWORD('$mysql_db_password'))";
                      VALUES( ".$app->functions->intval($websrv['sys_userid']).", ".$app->functions->intval($websrv['sys_groupid']).", 'riud', '".$app->functions->intval($websrv['sys_perm_group'])."', '', 0, '$mysql_db_user', '".$app->db->quote($dbuser_prefix) . "', PASSWORD('$mysql_db_password'))";
            $mysql_db_user_id = $app->db->datalogInsert('web_database_user', $insert_data, 'database_user_id');

            //* Create the mysql database
            $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `parent_domain_id`, `type`, `database_name`, `database_name_prefix`, `database_user_id`, `database_ro_user_id`, `database_charset`, `remote_access`, `remote_ips`, `backup_copies`, `active`, `backup_interval`)
                      VALUES( ".$websrv['sys_userid'].", ".$websrv['sys_groupid'].", 'riud', '".$websrv['sys_perm_group']."', '', $mysql_db_server_id, ".$websrv['domain_id'].", 'mysql', '$mysql_db_name', '" . $app->db->quote($dbname_prefix) . "', '$mysql_db_user_id', 0, '', '$mysql_db_remote_access', '$mysql_db_remote_ips', ".$websrv['backup_copies'].", 'y', '".$websrv['backup_interval']."')";
                      VALUES( ".$app->functions->intval($websrv['sys_userid']).", ".$app->functions->intval($websrv['sys_groupid']).", 'riud', '".$app->functions->intval($websrv['sys_perm_group'])."', '', $mysql_db_server_id, ".$app->functions->intval($websrv['domain_id']).", 'mysql', '$mysql_db_name', '" . $app->db->quote($dbname_prefix) . "', '$mysql_db_user_id', 0, '', '$mysql_db_remote_access', '$mysql_db_remote_ips', ".$app->functions->intval($websrv['backup_copies']).", 'y', '".$app->functions->intval($websrv['backup_interval'])."')";
            $app->db->datalogInsert('web_database', $insert_data, 'database_id');

            //* Add db details to package settings
@@ -332,7 +332,7 @@
        }

        //* Insert new package instance
        $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `customer_id`, `package_id`, `instance_status`) VALUES (".$websrv['sys_userid'].", ".$websrv['sys_groupid'].", 'riud', '".$websrv['sys_perm_group']."', '', ".$app->db->quote($webserver_id).",".$app->db->quote($customerid).", ".$app->db->quote($packageid).", ".INSTANCE_PENDING.")";
        $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `customer_id`, `package_id`, `instance_status`) VALUES (".$app->functions->intval($websrv['sys_userid']).", ".$app->functions->intval($websrv['sys_groupid']).", 'riud', '".$app->functions->intval($websrv['sys_perm_group'])."', '', ".$app->db->quote($webserver_id).",".$app->db->quote($customerid).", ".$app->db->quote($packageid).", ".INSTANCE_PENDING.")";
        $InstanceID = $app->db->datalogInsert('aps_instances', $insert_data, 'id');

        //* Insert all package settings
@@ -404,7 +404,7 @@
        $app->db->datalogSave('aps', 'INSERT', 'id', $instanceid, array(), $datalog);
        */

        $sql = "SELECT web_database.database_id as database_id FROM aps_instances_settings, web_database WHERE aps_instances_settings.value = web_database.database_name AND aps_instances_settings.value =  aps_instances_settings.name = 'main_database_name' AND aps_instances_settings.instance_id = ".$instanceid." LIMIT 0,1";
        $sql = "SELECT web_database.database_id as database_id FROM aps_instances_settings, web_database WHERE aps_instances_settings.value = web_database.database_name AND aps_instances_settings.value =  aps_instances_settings.name = 'main_database_name' AND aps_instances_settings.instance_id = ".$app->db->quote($instanceid)." LIMIT 0,1";
        $tmp = $app->db->queryOneRecord($sql);
        if($tmp['database_id'] > 0) $app->db->datalogDelete('web_database', 'database_id', $tmp['database_id']);


 interface/lib/classes/auth.inc.php

@@ -33,7 +33,8 @@

    public function get_user_id()
    {
        return $_SESSION['s']['user']['userid'];
        global $app;
        return $app->functions->intval($_SESSION['s']['user']['userid']);
    }

    public function is_admin() {
@@ -80,7 +81,9 @@
    public function get_client_limit($userid, $limitname)
    {
        global $app;

		
        $userid = $app->functions->intval($userid);
		
        // simple query cache
        if($this->client_limits===null)
            $this->client_limits = $app->db->queryOneRecord("SELECT client.* FROM sys_user, client WHERE sys_user.userid = $userid AND sys_user.client_id = client.client_id");

 interface/lib/classes/client_templates.inc.php

@@ -49,7 +49,7 @@

        if($old_style == true) {
            // we have to take care of this in an other way
            $in_db = $app->db->queryAllRecords('SELECT `assigned_template_id`, `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ' . $clientId);
            $in_db = $app->db->queryAllRecords('SELECT `assigned_template_id`, `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ' . $app->functions->intval($clientId));
            if(is_array($in_db) && count($in_db) > 0) {
                foreach($in_db as $item) {
                    if(array_key_exists($item['client_template_id'], $needed_types) == false) $needed_types[$item['client_template_id']] = 0;
@@ -61,24 +61,24 @@
                if($count > 0) {
                    // add new template to client (includes those from old-style without assigned_template_id)
                    for($i = $count; $i > 0; $i--) {
                        $app->db->query('INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (' . $clientId . ', ' . $tpl_id . ')');
                        $app->db->query('INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (' . $app->functions->intval($clientId) . ', ' . $app->functions->intval($tpl_id) . ')');
                    }
                } elseif($count < 0) {
                    // remove old ones
                    for($i = $count; $i < 0; $i++) {
                        $app->db->query('DELETE FROM `client_template_assigned` WHERE client_id = ' . $clientId . ' AND client_template_id = ' . $tpl_id . ' LIMIT 1');
                        $app->db->query('DELETE FROM `client_template_assigned` WHERE client_id = ' . $app->functions->intval($clientId) . ' AND client_template_id = ' . $app->functions->intval($tpl_id) . ' LIMIT 1');
                    }
                }
            }
        } else {
            // we have to take care of this in an other way
            $in_db = $app->db->queryAllRecords('SELECT `assigned_template_id`, `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ' . $clientId);
            $in_db = $app->db->queryAllRecords('SELECT `assigned_template_id`, `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ' . $app->functions->intval($clientId));
            if(is_array($in_db) && count($in_db) > 0) {
                // check which templates were removed from this client
                foreach($in_db as $item) {
                    if(in_array($item['assigned_template_id'], $used_assigned) == false) {
                        // delete this one
                        $app->db->query('DELETE FROM `client_template_assigned` WHERE `assigned_template_id` = ' . $item['assigned_template_id']);
                        $app->db->query('DELETE FROM `client_template_assigned` WHERE `assigned_template_id` = ' . $app->functions->intval($item['assigned_template_id']));
                    }
                }
            }
@@ -86,7 +86,7 @@
            if(count($new_tpl) > 0) {
                foreach($new_tpl as $item) {
                    // add new template to client (includes those from old-style without assigned_template_id)
                    $app->db->query('INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (' . $clientId . ', ' . $item . ')');
                    $app->db->query('INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (' . $app->functions->intval($clientId) . ', ' . $app->functions->intval($item) . ')');
                }
            }
        }

 interface/lib/classes/custom_datasource.inc.php

@@ -46,9 +46,9 @@

        if($_SESSION["s"]["user"]["typ"] == 'user') {
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT default_dnsserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
            $sql = "SELECT server_id,server_name FROM server WHERE server_id = ".$client['default_dnsserver'];
            $sql = "SELECT server_id,server_name FROM server WHERE server_id = ".$app->functions->intval($client['default_dnsserver']);
        } else {
            $sql = "SELECT server_id,server_name FROM server WHERE dns_server = 1 ORDER BY server_name";
        }
@@ -68,9 +68,9 @@

        if($_SESSION["s"]["user"]["typ"] == 'user') {
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT default_slave_dnsserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
            $sql = "SELECT server_id,server_name FROM server WHERE server_id = ".$client['default_slave_dnsserver'];
            $sql = "SELECT server_id,server_name FROM server WHERE server_id = ".$app->functions->intval($client['default_slave_dnsserver']);
        } else {
            $sql = "SELECT server_id,server_name FROM server WHERE dns_server = 1 ORDER BY server_name";
        }
@@ -99,7 +99,7 @@
        }
        if(count($server_ids) == 0) return array();
        $server_ids = implode(',', $server_ids);
        $records = $app->db->queryAllRecords("SELECT web_domain.domain_id, CONCAT(web_domain.domain, ' :: ', server.server_name) AS parent_domain FROM web_domain, server WHERE web_domain.type = 'vhost' AND web_domain.server_id IN (".$server_ids.") AND web_domain.server_id = server.server_id AND ".$app->tform->getAuthSQL('r', 'web_domain')." ORDER BY web_domain.domain");
        $records = $app->db->queryAllRecords("SELECT web_domain.domain_id, CONCAT(web_domain.domain, ' :: ', server.server_name) AS parent_domain FROM web_domain, server WHERE web_domain.type = 'vhost' AND web_domain.server_id IN (".$app->db->quote($server_ids).") AND web_domain.server_id = server.server_id AND ".$app->tform->getAuthSQL('r', 'web_domain')." ORDER BY web_domain.domain");

        $records_new = array();
        if(is_array($records)) {
@@ -158,12 +158,12 @@

        if($_SESSION["s"]["user"]["typ"] == 'user') {
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $sql = "SELECT $server_type as server_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id";
            $client = $app->db->queryOneRecord($sql);
            if($client['server_id'] > 0) {
                //* Select the default server for the client
                $sql = "SELECT server_id,server_name FROM server WHERE server_id = ".$client['server_id'];
                $sql = "SELECT server_id,server_name FROM server WHERE server_id = ".$app->functions->intval($client['server_id']);
            } else {
                //* Not able to find the clients defaults, use this as fallback and add a warning message to the log
                $app->log('Unable to find default server for client in custom_datasource.inc.php', 1);

 interface/lib/classes/db_mysql.inc.php

@@ -284,7 +284,7 @@
        // Insert the server_id, if the record has a server_id
        $server_id = (isset($record_old['server_id']) && $record_old['server_id'] > 0)?$record_old['server_id']:0;
        if(isset($record_new['server_id'])) $server_id = $record_new['server_id'];

        $server_id = intval($server_id);

        if($diff_num > 0) {
            //print_r($diff_num);
@@ -306,6 +306,9 @@
    //** Inserts a record and saves the changes into the datalog
    public function datalogInsert($tablename, $insert_data, $index_field) {
        global $app;
		
        $tablename = $this->quote($tablename);
        $index_field = $this->quote($index_field);

        if(is_array($insert_data)) {
            $key_str = '';
@@ -333,6 +336,10 @@
    //** Updates a record and saves the changes into the datalog
    public function datalogUpdate($tablename, $update_data, $index_field, $index_value, $force_update = false) {
        global $app;
		
        $tablename = $this->quote($tablename);
        $index_field = $this->quote($index_field);
        $index_value = $this->quote($index_value);

        $old_rec = $this->queryOneRecord("SELECT * FROM $tablename WHERE $index_field = '$index_value'");

@@ -356,6 +363,10 @@
    //** Deletes a record and saves the changes into the datalog
    public function datalogDelete($tablename, $index_field, $index_value) {
        global $app;
		
        $tablename = $this->quote($tablename);
        $index_field = $this->quote($index_field);
        $index_value = $this->quote($index_value);

        $old_rec = $this->queryOneRecord("SELECT * FROM $tablename WHERE $index_field = '$index_value'");
        $this->query("DELETE FROM $tablename WHERE $index_field = '$index_value'");

 interface/lib/classes/form.inc.php

@@ -1,5 +1,7 @@
<?php

die('Deprecated file: form.inc.php');

/*
Copyright (c) 2007, Till Brehm, projektfarm Gmbh
All rights reserved.

 interface/lib/classes/plugin_backuplist.inc.php

@@ -108,8 +108,8 @@
        }

        //* Get the data
        $web = $app->db->queryOneRecord("SELECT server_id FROM web_domain WHERE domain_id = ".$this->form->id);
        $sql = "SELECT * FROM web_backup WHERE parent_domain_id = ".$this->form->id." AND server_id = ".$web['server_id']." ORDER BY tstamp DESC, backup_type ASC";
        $web = $app->db->queryOneRecord("SELECT server_id FROM web_domain WHERE domain_id = ".$app->functions->intval($this->form->id));
        $sql = "SELECT * FROM web_backup WHERE parent_domain_id = ".$app->functions->intval($this->form->id)." AND server_id = ".$app->functions->intval($web['server_id'])." ORDER BY tstamp DESC, backup_type ASC";
        $records = $app->db->queryAllRecords($sql);

        $bgcolor = "#FFFFFF";

 interface/lib/classes/tform.inc.php

@@ -69,6 +69,7 @@
    function checkPerm($record_id, $perm) {
        global $app;

        $record_id = $app->functions->intval($record_id);
        if($record_id > 0) {
            // Add backticks for incomplete table names.
            if(stristr($this->formDef['db_table'], '.')) {
@@ -163,7 +164,7 @@
        if($limit_name == '') $app->error('Limit name missing in function checkClientLimit.');

        // Get the limits of the client that is currently logged in
        $client_group_id = $_SESSION["s"]["user"]["default_group"];
        $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
        $client = $app->db->queryOneRecord("SELECT $limit_name as number, parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

        // Check if the user may add another item
@@ -185,7 +186,7 @@
        if($limit_name == '') $app->error('Limit name missing in function checkClientLimit.');

        // Get the limits of the client that is currently logged in
        $client_group_id = $_SESSION["s"]["user"]["default_group"];
        $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
        $client = $app->db->queryOneRecord("SELECT parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

        //* If the client belongs to a reseller, we will check against the reseller Limit too

 interface/lib/classes/tform_actions.inc.php

@@ -81,7 +81,7 @@

        // check if the client is locked - he may not change anything, then.
        if(!$app->auth->is_admin()) {
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT client.locked FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ".$app->functions->intval($client_group_id));
            if(is_array($client) && $client['locked'] == 'y') {
                $app->tform->errorMessage .= $app->lng("client_you_are_locked")."<br />";

 interface/lib/classes/validate_client.inc.php

@@ -53,7 +53,7 @@
                }
            }
        } else {
            $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM sys_user WHERE username = '".$app->db->quote($field_value)."' AND client_id != ".$client_id);
            $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM sys_user WHERE username = '".$app->db->quote($field_value)."' AND client_id != ".$app->functions->intval($client_id));
            if($num_rec["number"] > 0) {
                $errmsg = $validator['errmsg'];
                if(isset($app->tform->wordbook[$errmsg])) {

 interface/lib/classes/validate_dns.inc.php

@@ -104,7 +104,7 @@
        }

        if(substr($field, -1) == '.' && $area == 'Name'){
            $soa = $app->db->queryOneRecord("SELECT * FROM soa WHERE id = ".$zoneid);
            $soa = $app->db->queryOneRecord("SELECT * FROM soa WHERE id = ".intval($zoneid));
            if(substr($field, (strlen($field) - strlen($soa['origin']))) != $soa['origin']) $error .= $desc." ".$app->tform->wordbook['error_out_of_zone']."<br>\r\n";
        }

@@ -267,7 +267,7 @@
        global $app, $conf;

        // increase serial
        $serial_date = substr($serial, 0, 8);
        $serial_date = $app->functions->intval(substr($serial, 0, 8));
        $count = $app->functions->intval(substr($serial, 8, 2));
        $current_date = date("Ymd");
        if($serial_date >= $current_date){

 interface/lib/classes/validate_domain.inc.php

@@ -118,7 +118,7 @@

        if($domain['ip_address'] == '' || $domain['ipv6_address'] == ''){
            if($domain['parent_domain_id'] > 0){
                $parent_domain = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$domain['parent_domain_id']);
                $parent_domain = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($domain['parent_domain_id']));
            }
        }

@@ -217,7 +217,7 @@
                    // if alias/subdomain: check IP addresses of parent domain
                    if($check['ip_address'] == '' || $check['ipv6_address'] == ''){
                        if($check['parent_domain_id'] > 0){
                            $check_parent_domain = $app->db->queryOneRecord("SELECT * FROM `web_domain` WHERE `domain_id` = ".$check['parent_domain_id']);
                            $check_parent_domain = $app->db->queryOneRecord("SELECT * FROM `web_domain` WHERE `domain_id` = ".$app->functions->intval($check['parent_domain_id']));
                        }
                    }

@@ -282,7 +282,7 @@

        if($_SESSION["s"]["user"]["typ"] != 'admin') {
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_wildcard FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            if($client["limit_wildcard"] == 'y') return true;

 interface/web/admin/lib/lang/de_directive_snippets.lng

@@ -6,4 +6,5 @@
$wb['active_txt'] = 'Aktiv';
$wb['directive_snippets_name_empty'] = 'Bitte geben Sie einen Namen für den Schnipsel an.';
$wb['directive_snippets_name_error_unique'] = 'Es existiert schon ein Direktiven-Schnipsel mit diesem Namen.';
$wb['variables_txt'] = 'Variablen';
?>

 interface/web/admin/lib/lang/en_directive_snippets.lng

@@ -6,4 +6,5 @@
$wb["active_txt"] = 'Active';
$wb["directive_snippets_name_empty"] = 'Please specify a name for the snippet.';
$wb["directive_snippets_name_error_unique"] = 'There is already a directive snippet with this name.';
$wb['variables_txt'] = 'Variables';
?>

 interface/web/admin/login_as.php

@@ -51,7 +51,7 @@
    $client_id = $app->functions->intval($_GET['cid']);
    $tmp_client = $app->db->queryOneRecord("SELECT username FROM client WHERE client_id = $client_id");
    $tmp_sys_user = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE username = '".$app->db->quote($tmp_client['username'])."'");
    $userId = $tmp_sys_user['userid'];
    $userId = $app->functions->intval($tmp_sys_user['userid']);
    unset($tmp_client);
    unset($tmp_sys_user);
    $backlink = 'client/client_list.php';

 interface/web/admin/remote_action_ispcupdate.php

@@ -81,7 +81,7 @@
    foreach ($servers as $serverId) {
        $sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
            "VALUES (".
            (int)$serverId . ", " .
            $app->functions->intval($serverId) . ", " .
            time() . ", " .
            "'ispc_update', " .
            "'', " .

 interface/web/admin/remote_action_osupdate.php

@@ -76,7 +76,7 @@
    foreach ($servers as $serverId) {
        $sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
            "VALUES (".
            (int)$serverId . ", " .
            $app->functions->intval($serverId) . ", " .
            time() . ", " .
            "'os_update', " .
            "'', " .

 interface/web/admin/server_edit.php

@@ -54,7 +54,7 @@
        global $app, $conf;

        // Getting Servers
        $sql = "SELECT server_id,server_name FROM server WHERE server_id != $this->id ORDER BY server_name";
        $sql = "SELECT server_id,server_name FROM server WHERE server_id != ".$app->functions->intval($this->id)." ORDER BY server_name";
        $mirror_servers = $app->db->queryAllRecords($sql);
        $mirror_server_select = '<option value="0">'.$app->tform->lng('- None -').'</option>';
        if(is_array($mirror_servers)) {

 interface/web/admin/server_ip_edit.php

@@ -56,7 +56,7 @@
        //* Check if the server has been changed
        // We do this only for the admin or reseller users, as normal clients can not change the server ID anyway
        if($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
            $rec = $app->db->queryOneRecord("SELECT server_id from server_ip WHERE server_ip_id = ".$this->id);
            $rec = $app->db->queryOneRecord("SELECT server_id from server_ip WHERE server_ip_id = ".$app->functions->intval($this->id));
            if($rec['server_id'] != $this->dataRecord["server_id"]) {
                //* Add a error message and switch back to old server
                $app->tform->errorMessage .= $app->lng('The Server can not be changed.');

 interface/web/admin/server_php_edit.php

@@ -56,7 +56,7 @@
        //* Check if the server has been changed
        // We do this only for the admin or reseller users, as normal clients can not change the server ID anyway
        if(($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) && isset($this->dataRecord["server_id"])) {
            $rec = $app->db->queryOneRecord("SELECT server_id from server_php WHERE server_php_id = ".$this->id);
            $rec = $app->db->queryOneRecord("SELECT server_id from server_php WHERE server_php_id = ".$app->functions->intval($this->id));
            if($rec['server_id'] != $this->dataRecord["server_id"]) {
                //* Add a error message and switch back to old server
                $app->tform->errorMessage .= $app->lng('The Server can not be changed.');

 interface/web/admin/software_package_install.php

@@ -50,7 +50,7 @@
//* verify the key
if($package['package_installable'] == 'key' && $install_key != '') {

    $repo = $app->db->queryOneRecord("SELECT * FROM software_repo WHERE software_repo_id = ".$package['software_repo_id']);
    $repo = $app->db->queryOneRecord("SELECT * FROM software_repo WHERE software_repo_id = ".$app->db->quote($package['software_repo_id']));

    $client = new SoapClient(null, array('location' => $repo['repo_url'],
            'uri'      => $repo['repo_url']));
@@ -62,7 +62,7 @@
        $message_err = 'Verification of the key failed.';
    } else {
        // Store the verified key into the database
        $app->db->datalogUpdate('software_package', "package_key = '$install_key'", 'package_id', $package['package_id']);
        $app->db->datalogUpdate('software_package', "package_key = '".$app->db->quote($install_key)."'", 'package_id', $package['package_id']);
    }
} else {
    $message_ok = 'Please enter the software key for the package.';
@@ -70,7 +70,7 @@

//* Install packages, if all requirements are fullfilled.
if($install_server_id > 0 && $package_name != '' && ($package['package_installable'] == 'yes' || $install_key_verified == true)) {
    $sql = "SELECT software_update_id, package_name, update_title FROM software_update WHERE type = 'full' AND package_name = '$package_name' ORDER BY v1 DESC, v2 DESC, v3 DESC, v4 DESC LIMIT 0,1";
    $sql = "SELECT software_update_id, package_name, update_title FROM software_update WHERE type = 'full' AND package_name = '".$app->db->quote($package_name)."' ORDER BY v1 DESC, v2 DESC, v3 DESC, v4 DESC LIMIT 0,1";
    $tmp = $app->db->queryOneRecord($sql);
    $software_update_id = $tmp['software_update_id'];

@@ -118,7 +118,7 @@
            $app->db->datalogUpdate('software_package', "package_config = '".$app->db->quote($package_config_str)."'", 'package_id', $package['package_id']);

            $sql = "INSERT INTO `remote_user` (`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `remote_username`, `remote_password`, `remote_functions`) VALUES
                    (1, 1, 'riud', 'riud', '', '$remote_user', '$remote_password_md5', '$remote_functions');";
                    (1, 1, 'riud', 'riud', '', '".$app->db->quote($remote_user)."', '".$app->db->quote($remote_password_md5)."', '".$app->db->quote($remote_functions)."');";

            $app->db->query($sql);

@@ -127,7 +127,7 @@
    }

    //* Add the record to start the install process
    $insert_data = "(package_name, server_id, software_update_id, status) VALUES ('$package_name', '$install_server_id', '$software_update_id','installing')";
    $insert_data = "(package_name, server_id, software_update_id, status) VALUES ('".$app->db->quote($package_name)."', '".$app->db->quote($install_server_id)."', '".$app->db->quote($software_update_id)."','installing')";
    $app->db->datalogInsert('software_update_inst', $insert_data, 'software_update_inst_id');
    $message_ok = 'Starting package installation '."<a href=\"#\" onclick=\"submitForm('pageForm','admin/software_package_list.php');\">".$app->lng('next')."</a>";


 interface/web/admin/software_package_list.php

@@ -49,7 +49,7 @@
        if(is_array($packages)) {
            foreach($packages as $p) {
                $package_name = $app->db->quote($p['name']);
                $tmp = $app->db->queryOneRecord("SELECT package_id FROM software_package WHERE package_name = '$package_name'");
                $tmp = $app->db->queryOneRecord("SELECT package_id FROM software_package WHERE package_name = '".$app->db->quote($package_name)."'");

                $package_title = $app->db->quote($p['title']);
                $package_description = $app->db->quote($p['description']);
@@ -150,7 +150,7 @@
    foreach($packages as $key => $p) {
        $installed_txt = '';
        foreach($servers as $s) {
            $inst = $app->db->queryOneRecord("SELECT * FROM software_update, software_update_inst WHERE software_update_inst.software_update_id = software_update.software_update_id AND software_update_inst.package_name = '".addslashes($p["package_name"])."' AND server_id = '".$s["server_id"]."'");
            $inst = $app->db->queryOneRecord("SELECT * FROM software_update, software_update_inst WHERE software_update_inst.software_update_id = software_update.software_update_id AND software_update_inst.package_name = '".$app->db->quote($p["package_name"])."' AND server_id = '".$app->functions->intval($s["server_id"])."'");
            $version = $inst['v1'].'.'.$inst['v2'].'.'.$inst['v3'].'.'.$inst['v4'];

            if($inst['status'] == 'installed') {

 interface/web/admin/software_update_list.php

@@ -161,11 +161,11 @@
    foreach($installed_packages as $ip) {

        // Get version number of the latest installed version
        $sql = "SELECT v1, v2, v3, v4 FROM software_update, software_update_inst WHERE software_update.software_update_id = software_update_inst.software_update_id AND server_id = ".$server_id." ORDER BY v1 DESC , v2 DESC , v3 DESC , v4 DESC LIMIT 0,1";
        $sql = "SELECT v1, v2, v3, v4 FROM software_update, software_update_inst WHERE software_update.software_update_id = software_update_inst.software_update_id AND server_id = ".$app->functions->intval($server_id)." ORDER BY v1 DESC , v2 DESC , v3 DESC , v4 DESC LIMIT 0,1";
        $lu = $app->db->queryOneRecord($sql);

        // Get all installable updates
        $sql = "SELECT * FROM software_update WHERE v1 >= $lu[v1] AND v2 >= $lu[v2] AND v3 >= $lu[v3] AND v4 >= $lu[v4] AND package_name = '$ip[package_name]' ORDER BY v1 DESC , v2 DESC , v3 DESC , v4 DESC";
        $sql = "SELECT * FROM software_update WHERE v1 >= ".$app->functions->intval($lu['v1'])." AND v2 >= ".$app->functions->intval($lu['v2'])." AND v3 >= ".$app->functions->intval($lu['v3'])." AND v4 >= ".$app->functions->intval($lu['v4'])." AND package_name = '".$app->db->quote($ip['package_name'])."' ORDER BY v1 DESC , v2 DESC , v3 DESC , v4 DESC";
        $updates = $app->db->queryAllRecords($sql);
        //die($sql);


 interface/web/admin/system_config_edit.php

@@ -178,7 +178,7 @@
        if($server_config_array['misc']['maintenance_mode'] == 'y'){
            //print_r($_SESSION);
            //echo $_SESSION['s']['id'];
            $app->db->query("DELETE FROM sys_session WHERE session_id != '".$_SESSION['s']['id']."'");
            $app->db->query("DELETE FROM sys_session WHERE session_id != '".$app->db->quote($_SESSION['s']['id'])."'");
        }
    }


 interface/web/admin/templates/directive_snippets_edit.htm

@@ -17,7 +17,7 @@
            </div>
            <div class="ctrlHolder">
                <label for="snippet">{tmpl_var name='snippet_txt'}</label>
                <textarea name="snippet" id="snippet" rows='10' cols='50' style="width:400px;">{tmpl_var name='snippet'}</textarea>
                <textarea name="snippet" id="snippet" rows='10' cols='50' style="width:400px;">{tmpl_var name='snippet'}</textarea><div class="nginx"> &nbsp; {tmpl_var name='variables_txt'}: <a href="javascript:void(0);" class="addPlaceholder">{DOCROOT}</a>, <a href="javascript:void(0);" class="addPlaceholder">{FASTCGIPASS}</a></div>
            </div>
            <div class="ctrlHolder">
                <p class="label">{tmpl_var name='active_txt'}</p>
@@ -35,4 +35,21 @@
        </div>
    </div>
  
</div>
</div>
<script language="JavaScript" type="text/javascript">
		
    if(jQuery('#type').val() == 'nginx'){
        jQuery('.nginx:hidden').show();
    } else {
        jQuery('.nginx:visible').hide();
    }
    
    jQuery('#type').change(function(){
        if(jQuery(this).val() == 'nginx'){
            jQuery('.nginx:hidden').show();
        } else {
            jQuery('.nginx:visible').hide();
        }
    });
			
</script>

 interface/web/admin/users_edit.php

@@ -77,7 +77,7 @@
        global $app, $conf;

        $client = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE userid = ".$this->id);
        $client_id = $client['client_id'];
        $client_id = $app->functions->intval($client['client_id']);
        $username = $app->db->quote($this->dataRecord["username"]);
        $old_username = $app->db->quote($this->oldDataRecord['username']);


 interface/web/client/client_edit.php

@@ -58,7 +58,7 @@
        if($_SESSION["s"]["user"]["typ"] == 'user') {

            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_client FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another website.

 interface/web/client/client_message.php

@@ -65,7 +65,7 @@
                $tmp_client_ids = explode(',', $circle['client_ids']);
                $where = array();
                foreach($tmp_client_ids as $tmp_client_id){
                    $where[] = 'client_id = '.$tmp_client_id;
                    $where[] = 'client_id = '.$app->functions->intval($tmp_client_id);
                }
                if(!empty($where)) $where_clause = ' AND ('.implode(' OR ', $where).')';
                $sql = "SELECT * FROM client WHERE email != ''".$where_clause;

 interface/web/client/reseller_edit.php

@@ -60,7 +60,7 @@
        if($_SESSION["s"]["user"]["typ"] == 'user') {

            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_client FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another website.
@@ -83,7 +83,7 @@
        if($_SESSION["s"]["user"]["typ"] == 'user' && $this->id == 0) {

            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_client FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another website.
@@ -156,7 +156,7 @@

        $username = $app->db->quote($this->dataRecord["username"]);
        $password = $app->db->quote($this->dataRecord["password"]);
        $modules = $conf['interface_modules_enabled'] . ',client';
        $modules = $app->db->quote($conf['interface_modules_enabled'] . ',client');
        $startmodule = (stristr($modules, 'dashboard'))?'dashboard':'client';
        $usertheme = $app->db->quote($this->dataRecord["usertheme"]);
        $type = 'user';
@@ -247,7 +247,7 @@

        // reseller status changed
        if(isset($this->dataRecord["limit_client"]) && $this->dataRecord["limit_client"] != $this->oldDataRecord["limit_client"]) {
            $modules = $conf['interface_modules_enabled'] . ',client';
            $modules = $app->db->quote($conf['interface_modules_enabled'] . ',client');
            $modules = $app->db->quote($modules);
            $client_id = $this->id;
            $sql = "UPDATE sys_user SET modules = '$modules' WHERE client_id = $client_id";

 interface/web/dashboard/dashlets/limits.php

@@ -127,7 +127,7 @@
        $tpl->setVar('is_admin', $user_is_admin);

        if($user_is_admin == false) {
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT * FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
        }

@@ -157,7 +157,7 @@
    function _get_limit_usage($limit) {
        global $app;

        $sql = "SELECT count(sys_userid) as number FROM ".$limit['db_table']." WHERE ";
        $sql = "SELECT count(sys_userid) as number FROM ".$app->db->quote($limit['db_table'])." WHERE ";
        if($limit['db_where'] != '') $sql .= $limit['db_where']." AND ";
        $sql .= $app->tform->getAuthSQL('r');
        $rec = $app->db->queryOneRecord($sql);

 interface/web/dashboard/dashlets/mailquota.php

@@ -31,7 +31,7 @@
        }
        //print_r($monitor_data);
        if($_SESSION["s"]["user"]["typ"] != 'admin'){
            $sql_where = " AND sys_groupid = ".$_SESSION['s']['user']['default_group'];
            $sql_where = " AND sys_groupid = ".intval($_SESSION['s']['user']['default_group']);
        }

        $has_mailquota = false;

 interface/web/dashboard/dashlets/quota.php

@@ -25,7 +25,7 @@
        }
        //print_r($monitor_data);
        if($_SESSION["s"]["user"]["typ"] != 'admin'){
            $sql_where = " AND sys_groupid = ".$_SESSION['s']['user']['default_group'];
            $sql_where = " AND sys_groupid = ".$app->functions->intval($_SESSION['s']['user']['default_group']);
        }

        $has_quota = false;

 interface/web/dns/dns_a_edit.php

@@ -57,7 +57,7 @@
        if($_SESSION["s"]["user"]["typ"] == 'user') {

            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another mailbox.
@@ -84,7 +84,7 @@
        // Check the client limits, if user is not the admin
        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another mailbox.
@@ -97,7 +97,7 @@
        } // end if user is not admin

        //* Check for duplicates where IP and hostname are the same
        $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE (type = 'A' AND name = '".$this->dataRecord["name"]."' AND zone = '".$this->dataRecord["zone"]."' and data = '".$this->dataRecord["data"]."' and id != ".$this->id.") OR (type = 'CNAME' AND name = '".$this->dataRecord["name"]."' AND zone = '".$this->dataRecord["zone"]."' and id != ".$this->id.")");
        $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE (type = 'A' AND name = '".$app->db->quote($this->dataRecord["name"])."' AND zone = '".$app->db->quote($this->dataRecord["zone"])."' and data = '".$app->db->quote($this->dataRecord["data"])."' and id != ".$this->id.") OR (type = 'CNAME' AND name = '".$app->db->quote($this->dataRecord["name"])."' AND zone = '".$app->db->quote($this->dataRecord["zone"])."' and id != ".$this->id.")");
        if($tmp['number'] > 0) $app->tform->errorMessage .= $app->tform->lng("data_error_duplicate")."<br>";
        unset($tmp);


 interface/web/dns/dns_aaaa_edit.php

@@ -84,7 +84,7 @@
        // Check the client limits, if user is not the admin
        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another mailbox.
@@ -113,7 +113,7 @@

        //* Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record
        $soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));
        $app->db->datalogUpdate('dns_rr', "sys_groupid = ".$soa['sys_groupid'], 'id', $this->id);
        $app->db->datalogUpdate('dns_rr', "sys_groupid = ".intval($soa['sys_groupid']), 'id', $this->id);

        //* Update the serial number of the SOA record
        $soa_id = $app->functions->intval($_POST["zone"]);

 interface/web/dns/dns_alias_edit.php

@@ -57,7 +57,7 @@
        if($_SESSION["s"]["user"]["typ"] == 'user') {

            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another mailbox.
@@ -84,7 +84,7 @@
        // Check the client limits, if user is not the admin
        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another mailbox.

 interface/web/dns/dns_cname_edit.php

@@ -57,7 +57,7 @@
        if($_SESSION["s"]["user"]["typ"] == 'user') {

            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another mailbox.
@@ -84,7 +84,7 @@
        // Check the client limits, if user is not the admin
        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another mailbox.
@@ -97,7 +97,7 @@
        } // end if user is not admin

        //* Check for duplicates where IP and hostname are the same
        $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE (type = 'A' AND name = '".$this->dataRecord["name"]."' AND zone = '".$this->dataRecord["zone"]."' and id != ".$this->id.") OR (type = 'CNAME' AND name = '".$this->dataRecord["name"]."' AND zone = '".$this->dataRecord["zone"]."' and id != ".$this->id.")");
        $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE (type = 'A' AND name = '".$app->db->quote($this->dataRecord["name"])."' AND zone = '".$app->db->quote($this->dataRecord["zone"])."' and id != ".$this->id.") OR (type = 'CNAME' AND name = '".$app->db->quote($this->dataRecord["name"])."' AND zone = '".$app->db->quote($this->dataRecord["zone"])."' and id != ".$this->id.")");
        if($tmp['number'] > 0) $app->tform->errorMessage .= $app->tform->lng("data_error_duplicate")."<br>";
        unset($tmp);


 interface/web/dns/dns_hinfo_edit.php

@@ -57,7 +57,7 @@
        if($_SESSION["s"]["user"]["typ"] == 'user') {

            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another mailbox.
@@ -84,7 +84,7 @@
        // Check the client limits, if user is not the admin
        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another mailbox.

 interface/web/dns/dns_import.php

@@ -52,12 +52,10 @@
if (isset($_POST['server_id'])) {
    $server_id = $app->functions->intval($_POST['server_id']);
    $post_server_id = true;
}
else if (isset($_POST['server_id_value'])) {
        $server_id = $app->functions->intval($_POST['server_id_value']);
        $post_server_id = true;
    }
else {
} elseif (isset($_POST['server_id_value'])) {
    $server_id = $app->functions->intval($_POST['server_id_value']);
    $post_server_id = true;
} else {
    $server_id = 1;
    $post_server_id = false;
}
@@ -106,14 +104,14 @@
if ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSION['s']['user']['userid'])) {

    // Get the limits of the client
    $client_group_id = $_SESSION["s"]["user"]["default_group"];
    $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
    $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


    // load the list of clients
    $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$client['client_id'];
    $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".intval($client['client_id']);
    $clients = $app->db->queryAllRecords($sql);
    $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$client['client_id']);
    $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".intval($client['client_id']));
    $client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';
    if(is_array($clients)) {
        foreach( $clients as $client) {
@@ -681,7 +679,7 @@
            foreach($dns_rr as $rr)
            {
                $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `zone`, `name`, `type`, `data`, `aux`, `ttl`, `active`) VALUES
                ('$sys_userid', '$sys_groupid', 'riud', 'riud', '', '$server_id', '$dns_soa_id', '$rr[name]', '$rr[type]', '$rr[data]', '$rr[aux]', '$rr[ttl]', 'Y')";
                ('$sys_userid', '$sys_groupid', 'riud', 'riud', '', '$server_id', '$dns_soa_id', '".$app->db->quote($rr['name'])."', '".$app->db->quote($rr['type'])."', '".$app->db->quote($rr['data'])."', '".$app->db->quote($rr['aux'])."', '".$app->db->quote($rr['ttl'])."', 'Y')";
                $dns_rr_id = $app->db->datalogInsert('dns_rr', $insert_data, 'id');
            }
        }

 interface/web/dns/dns_mx_edit.php

@@ -57,7 +57,7 @@
        if($_SESSION["s"]["user"]["typ"] == 'user') {

            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another mailbox.
@@ -84,7 +84,7 @@
        // Check the client limits, if user is not the admin
        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another mailbox.
@@ -112,7 +112,7 @@
        global $app, $conf;

        // Check if record is existing already
        $duplicate_mx = $app->db->queryOneRecord("SELECT * FROM dns_rr WHERE zone = ".$app->functions->intval($this->dataRecord["zone"])." AND name = '".$this->dataRecord["name"]."' AND type = '".$this->dataRecord["type"]."' AND data = '".$this->dataRecord["data"]."' AND ".$app->tform->getAuthSQL('r'));
        $duplicate_mx = $app->db->queryOneRecord("SELECT * FROM dns_rr WHERE zone = ".$app->functions->intval($this->dataRecord["zone"])." AND name = '".$app->db->quote($this->dataRecord["name"])."' AND type = '".$app->db->quote($this->dataRecord["type"])."' AND data = '".$app->db->quote($this->dataRecord["data"])."' AND ".$app->tform->getAuthSQL('r'));

        if(is_array($duplicate_mx) && !empty($duplicate_mx)) $app->error($app->tform->wordbook["duplicate_mx_record_txt"]);

@@ -123,7 +123,7 @@
        global $app, $conf;

        // Check if record is existing already
        $duplicate_mx = $app->db->queryOneRecord("SELECT * FROM dns_rr WHERE zone = ".$app->functions->intval($this->dataRecord["zone"])." AND name = '".$this->dataRecord["name"]."' AND type = '".$this->dataRecord["type"]."' AND data = '".$this->dataRecord["data"]."' AND id != ".$app->functions->intval($this->dataRecord["id"])." AND ".$app->tform->getAuthSQL('r'));
        $duplicate_mx = $app->db->queryOneRecord("SELECT * FROM dns_rr WHERE zone = ".$app->functions->intval($this->dataRecord["zone"])." AND name = '".$app->db->quote($this->dataRecord["name"])."' AND type = '".$app->db->quote($this->dataRecord["type"])."' AND data = '".$app->db->quote($this->dataRecord["data"])."' AND id != ".$app->functions->intval($this->dataRecord["id"])." AND ".$app->tform->getAuthSQL('r'));

        if(is_array($duplicate_mx) && !empty($duplicate_mx)) $app->error($app->tform->wordbook["duplicate_mx_record_txt"]);


 interface/web/dns/dns_ns_edit.php

@@ -57,7 +57,7 @@
        if($_SESSION["s"]["user"]["typ"] == 'user') {

            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another mailbox.
@@ -84,7 +84,7 @@
        // Check the client limits, if user is not the admin
        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another mailbox.

 interface/web/dns/dns_ptr_edit.php

@@ -57,7 +57,7 @@
        if($_SESSION["s"]["user"]["typ"] == 'user') {

            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another mailbox.
@@ -84,7 +84,7 @@
        // Check the client limits, if user is not the admin
        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another mailbox.

 interface/web/dns/dns_rp_edit.php

@@ -84,7 +84,7 @@
        // Check the client limits, if user is not the admin
        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another mailbox.

 interface/web/dns/dns_slave_edit.php

@@ -87,7 +87,7 @@
        } else if($app->auth->has_clients($_SESSION['s']['user']['userid'])) {

                // Get the limits of the client
                $client_group_id = $_SESSION["s"]["user"]["default_group"];
                $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
                $client = $app->db->queryOneRecord("SELECT client.client_id, sys_group.name, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

                // Fill the client select field
@@ -122,7 +122,7 @@

        if($_SESSION["s"]["user"]["typ"] != 'admin') {
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_dns_slave_zone, default_slave_dnsserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // When the record is updated
@@ -150,7 +150,7 @@
        if(strlen($this->dataRecord["origin"]) > 0 && substr($this->dataRecord["origin"], -1, 1) != '.') $this->dataRecord["origin"] .= '.';

        //* Check if a primary zone with the same name already exists
        $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_soa WHERE origin = \"".$this->dataRecord["origin"]."\" AND server_id= \"".$this->dataRecord["server_id"]."\"");
        $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_soa WHERE origin = \"".$app->db->quote($this->dataRecord["origin"])."\" AND server_id= \"".$app->db->quote($this->dataRecord["server_id"])."\"");
        if($tmp["number"] > 0) {
            $app->error($app->tform->wordbook["origin_error_unique"]);
        }
@@ -162,7 +162,7 @@
        global $app, $conf;

        // Check if record is existing already
        $duplicate_slave = $app->db->queryOneRecord("SELECT * FROM dns_slave WHERE origin = '".$this->dataRecord["origin"]."' AND server_id = ".$app->functions->intval($this->dataRecord["server_id"])." AND ".$app->tform->getAuthSQL('r'));
        $duplicate_slave = $app->db->queryOneRecord("SELECT * FROM dns_slave WHERE origin = '".$app->db->quote($this->dataRecord["origin"])."' AND server_id = ".$app->functions->intval($this->dataRecord["server_id"])." AND ".$app->tform->getAuthSQL('r'));

        if(is_array($duplicate_slave) && !empty($duplicate_slave)) $app->error($app->tform->wordbook["origin_error_unique"]);


 interface/web/dns/dns_soa_edit.php

@@ -97,7 +97,7 @@
        } else if($app->auth->has_clients($_SESSION['s']['user']['userid'])) {

                // Get the limits of the client
                $client_group_id = $_SESSION["s"]["user"]["default_group"];
                $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
                $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

                // Fill the client select field
@@ -212,7 +212,7 @@
    $this->dataRecord["also_notify"] = preg_replace('/\s+/', '', $this->dataRecord["also_notify"]);

    //* Check if a secondary zone with the same name already exists
    $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_slave WHERE origin = \"".$this->dataRecord["origin"]."\" AND server_id = \"".$this->dataRecord["server_id"]."\"");
    $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_slave WHERE origin = ? AND server_id = ?", $this->dataRecord["origin"], $this->dataRecord["server_id"]);
    if($tmp["number"] > 0) {
        $app->error($app->tform->wordbook["origin_error_unique"]);
    }

 interface/web/dns/dns_srv_edit.php

@@ -57,7 +57,7 @@
        if($_SESSION["s"]["user"]["typ"] == 'user') {

            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another mailbox.

 interface/web/dns/dns_txt_edit.php

@@ -57,7 +57,7 @@
        if($_SESSION["s"]["user"]["typ"] == 'user') {

            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another mailbox.
@@ -84,7 +84,7 @@
        // Check the client limits, if user is not the admin
        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another mailbox.

 interface/web/dns/dns_wizard.php

@@ -49,12 +49,10 @@
if (isset($_POST['server_id'])) {
    $server_id = $app->functions->intval($_POST['server_id']);
    $post_server_id = true;
}
else if (isset($_POST['server_id_value'])) {
        $server_id = $app->functions->intval($_POST['server_id_value']);
        $post_server_id = true;
    }
else {
} elseif (isset($_POST['server_id_value'])) {
    $server_id = $app->functions->intval($_POST['server_id_value']);
    $post_server_id = true;
} else {
    $server_id = 1;
    $post_server_id = false;
}
@@ -102,14 +100,14 @@
if ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSION['s']['user']['userid'])) {

    // Get the limits of the client
    $client_group_id = $_SESSION["s"]["user"]["default_group"];
    $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
    $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


    // load the list of clients
    $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$client['client_id'];
    $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$app->functions->intval($client['client_id']);
    $clients = $app->db->queryAllRecords($sql);
    $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$client['client_id']);
    $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$app->functions->intval($client['client_id']));
    $client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';
    if(is_array($clients)) {
        foreach( $clients as $client) {
@@ -149,7 +147,7 @@

}

$template_record = $app->db->queryOneRecord("SELECT * FROM dns_template WHERE template_id = '$template_id'");
$template_record = $app->db->queryOneRecord("SELECT * FROM dns_template WHERE template_id = '".$app->functions->intval($template_id)."'");
$fields = explode(',', $template_record['fields']);
if(is_array($fields)) {
    foreach($fields as $field) {

 interface/web/help/faq_list.php

@@ -18,7 +18,7 @@
// Optional limit
$hf_section = 0;
if(isset($_GET['hfs_id']))
    $hf_section = preg_replace("/[^0-9]/", "", $_GET['hfs_id']);
    $hf_section = $app->functions->intval(preg_replace("/[^0-9]/", "", $_GET['hfs_id']));

// if section id is not specified in the url, choose the first existing section
if(!$hf_section)

 interface/web/help/support_message_edit.php

@@ -33,7 +33,7 @@

        //* Get recipient email address
        if($this->dataRecord['recipient_id'] > 1){
            $sql = "SELECT client.email FROM sys_user, client WHERE sys_user.userid = ".$this->dataRecord['recipient_id']." AND sys_user.client_id = client.client_id";
            $sql = "SELECT client.email FROM sys_user, client WHERE sys_user.userid = ".$app->functions->intval($this->dataRecord['recipient_id'])." AND sys_user.client_id = client.client_id";
            $client = $app->db->queryOneRecord($sql);
            $recipient_email = $client['email'];
        } else {
@@ -44,7 +44,7 @@

        //* Get sender email address
        if($this->dataRecord['sender_id'] > 1){
            $sql = "SELECT client.email FROM sys_user, client WHERE sys_user.userid = ".$this->dataRecord['sender_id']." AND sys_user.client_id = client.client_id";
            $sql = "SELECT client.email FROM sys_user, client WHERE sys_user.userid = ".$app->functions->intval($this->dataRecord['sender_id'])." AND sys_user.client_id = client.client_id";
            $client = $app->db->queryOneRecord($sql);
            $sender_email = $client['email'];
        } else {
@@ -113,7 +113,7 @@
        global $app, $conf;

        if($_SESSION['s']['user']['typ'] == 'admin') {
            $app->db->query("UPDATE support_message SET sys_userid = ".$this->dataRecord['recipient_id']." WHERE support_message_id = ".$this->id);
            $app->db->query("UPDATE support_message SET sys_userid = ".$app->functions->intval($this->dataRecord['recipient_id'])." WHERE support_message_id = ".$this->id);
        }

    }

 interface/web/help/support_message_list.php

@@ -12,7 +12,7 @@
$app->uses('listform_actions');

//* Optional limit
$app->listform_actions->SQLExtWhere = "support_message.recipient_id = ".$_SESSION['s']['user']['userid'];
$app->listform_actions->SQLExtWhere = "support_message.recipient_id = ".$app->functions->intval($_SESSION['s']['user']['userid']);

//* Start the form rendering and action ahndling
$app->listform_actions->onLoad();

 interface/web/mail/mail_alias_edit.php

@@ -107,7 +107,7 @@
        // Check the client limits, if user is not the admin
        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_mailalias FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another mailbox.
@@ -124,7 +124,7 @@
        // compose the email field
        $this->dataRecord["source"] = $_POST["email_local_part"]."@".$app->functions->idn_encode($_POST["email_domain"]);
        // Set the server id of the mailbox = server ID of mail domain.
        $this->dataRecord["server_id"] = $domain["server_id"];
        $this->dataRecord["server_id"] = $app->functions->intval($domain["server_id"]);

        unset($this->dataRecord["email_local_part"]);
        unset($this->dataRecord["email_domain"]);
@@ -150,7 +150,7 @@
        global $app;

        $domain = $app->db->queryOneRecord("SELECT sys_groupid FROM mail_domain WHERE domain = '".$app->db->quote($app->functions->idn_encode($_POST["email_domain"]))."' AND ".$app->tform->getAuthSQL('r'));
        $app->db->query("update mail_forwarding SET sys_groupid = ".$domain['sys_groupid']." WHERE forwarding_id = ".$this->id);
        $app->db->query("update mail_forwarding SET sys_groupid = ".$app->functions->intval($domain['sys_groupid'])." WHERE forwarding_id = ".$this->id);

    }


 interface/web/mail/mail_aliasdomain_edit.php

@@ -120,7 +120,7 @@
        $this->dataRecord["source"] = "@".$app->db->quote($this->dataRecord["source"]);
        $this->dataRecord["destination"] = "@".$app->db->quote($this->dataRecord["destination"]);
        // Set the server id of the mailbox = server ID of mail domain.
        $this->dataRecord["server_id"] = $domain["server_id"];
        $this->dataRecord["server_id"] = $app->functions->intval($domain["server_id"]);

        parent::onSubmit();
    }
@@ -129,7 +129,7 @@
        global $app;

        $domain = $app->db->queryOneRecord("SELECT sys_groupid FROM mail_domain WHERE domain = '".$app->db->quote($app->functions->idn_encode($_POST["destination"]))."' AND ".$app->tform->getAuthSQL('r'));
        $app->db->query("update mail_forwarding SET sys_groupid = ".$domain['sys_groupid']." WHERE forwarding_id = ".$this->id);
        $app->db->query("update mail_forwarding SET sys_groupid = ".$app->functions->intval($domain['sys_groupid'])." WHERE forwarding_id = ".$this->id);

    }


 interface/web/mail/mail_blacklist_edit.php

@@ -89,7 +89,7 @@
        // Check the client limits, if user is not the admin
        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_mailfilter FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another mailbox.

 interface/web/mail/mail_domain_catchall_edit.php

@@ -100,7 +100,7 @@
        // Check the client limits, if user is not the admin
        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_mailcatchall FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another catchall
@@ -128,7 +128,7 @@
        global $app;

        $domain = $app->db->queryOneRecord("SELECT sys_groupid FROM mail_domain WHERE domain = '".$app->db->quote($app->functions->idn_encode($_POST["email_domain"]))."' AND ".$app->tform->getAuthSQL('r'));
        $app->db->query("update mail_forwarding SET sys_groupid = ".$domain['sys_groupid']." WHERE forwarding_id = ".$this->id);
        $app->db->query("update mail_forwarding SET sys_groupid = ".$app->functions->intval($domain['sys_groupid'])." WHERE forwarding_id = ".$this->id);

    }


 interface/web/mail/mail_domain_edit.php

@@ -97,9 +97,9 @@
            unset($tmp);

            // Fill the client select field
            $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$client['client_id']." ORDER BY sys_group.name";
            $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$app->functions->intval($client['client_id'])." ORDER BY sys_group.name";
            $clients = $app->db->queryAllRecords($sql);
            $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$client['client_id']);
            $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$app->functions->intval($client['client_id']));
            $client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';
            //$tmp_data_record = $app->tform->getDataRecord($this->id);
            if(is_array($clients)) {
@@ -175,7 +175,7 @@


        // Get the spamfilter policys for the user
        $tmp_user = $app->db->queryOneRecord("SELECT policy_id FROM spamfilter_users WHERE email = '@".$this->dataRecord["domain"]."'");
        $tmp_user = $app->db->queryOneRecord("SELECT policy_id FROM spamfilter_users WHERE email = '@".$app->db->quote($this->dataRecord["domain"])."'");
        $sql = "SELECT id, policy_name FROM spamfilter_policy WHERE ".$app->tform->getAuthSQL('r');
        $policys = $app->db->queryAllRecords($sql);
        $policy_select = "<option value='0'>".$app->tform->wordbook["no_policy"]."</option>";
@@ -219,8 +219,8 @@

        if($_SESSION["s"]["user"]["typ"] != 'admin') {
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client = $app->db->queryOneRecord("SELECT limit_maildomain, mail_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_maildomain, default_mailserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
            // When the record is updated
            if($this->id > 0) {
                // restore the server ID if the user is not admin and record is edited
@@ -280,7 +280,7 @@
                $tmp_domain = $app->db->queryOneRecord("SELECT sys_groupid FROM mail_domain WHERE domain_id = ".$this->id);
                // We create a new record
                $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `priority`, `policy_id`, `email`, `fullname`, `local`)
                        VALUES (".$_SESSION["s"]["user"]["userid"].", ".$tmp_domain["sys_groupid"].", 'riud', 'riud', '', ".$this->dataRecord["server_id"].", 5, ".$policy_id.", '@".$app->db->quote($this->dataRecord["domain"])."', '@".$app->db->quote($this->dataRecord["domain"])."', 'Y')";
                        VALUES (".$_SESSION["s"]["user"]["userid"].", ".$app->functions->intval($tmp_domain["sys_groupid"]).", 'riud', 'riud', '', ".$app->functions->intval($this->dataRecord["server_id"]).", 5, ".$app->functions->intval($policy_id).", '@".$app->db->quote($this->dataRecord["domain"])."', '@".$app->db->quote($this->dataRecord["domain"])."', 'Y')";
                $app->db->datalogInsert('spamfilter_users', $insert_data, 'id');
                unset($tmp_domain);
            }
@@ -344,7 +344,7 @@
                $tmp_domain = $app->db->queryOneRecord("SELECT sys_groupid FROM mail_domain WHERE domain_id = ".$this->id);
                // We create a new record
                $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `priority`, `policy_id`, `email`, `fullname`, `local`)
                        VALUES (".$_SESSION["s"]["user"]["userid"].", ".$tmp_domain["sys_groupid"].", 'riud', 'riud', '', ".$this->dataRecord["server_id"].", 5, ".$policy_id.", '@".$app->db->quote($this->dataRecord["domain"])."', '@".$app->db->quote($this->dataRecord["domain"])."', 'Y')";
                        VALUES (".$_SESSION["s"]["user"]["userid"].", ".$tmp_domain["sys_groupid"].", 'riud', 'riud', '', ".$app->functions->intval($this->dataRecord["server_id"]).", 5, ".$app->functions->intval($policy_id).", '@".$app->db->quote($this->dataRecord["domain"])."', '@".$app->db->quote($this->dataRecord["domain"])."', 'Y')";
                $app->db->datalogInsert('spamfilter_users', $insert_data, 'id');
                unset($tmp_domain);
            }
@@ -361,9 +361,9 @@

            //* Update the mailboxes
            $mailusers = $app->db->queryAllRecords("SELECT * FROM mail_user WHERE email like '%@".$app->db->quote($this->oldDataRecord['domain'])."'");
            $sys_groupid = (isset($this->dataRecord['client_group_id']))?$this->dataRecord['client_group_id']:$this->oldDataRecord['sys_groupid'];
            $sys_groupid = $app->functions->intval((isset($this->dataRecord['client_group_id']))?$this->dataRecord['client_group_id']:$this->oldDataRecord['sys_groupid']);
            $tmp = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE default_group = $client_group_id");
            $client_user_id = ($tmp['userid'] > 0)?$tmp['userid']:1;
            $client_user_id = $app->functions->intval(($tmp['userid'] > 0)?$tmp['userid']:1);
            if(is_array($mailusers)) {
                foreach($mailusers as $rec) {
                    // setting Maildir, Homedir, UID and GID

 interface/web/mail/mail_forward_edit.php

@@ -99,7 +99,7 @@
        // Check the client limits, if user is not the admin
        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_mailforward FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another mailbox.
@@ -132,7 +132,7 @@
        global $app;

        $domain = $app->db->queryOneRecord("SELECT sys_groupid FROM mail_domain WHERE domain = '".$app->db->quote($app->functions->idn_encode($_POST["email_domain"]))."' AND ".$app->tform->getAuthSQL('r'));
        $app->db->query("update mail_forwarding SET sys_groupid = ".$domain['sys_groupid']." WHERE forwarding_id = ".$this->id);
        $app->db->query("update mail_forwarding SET sys_groupid = ".$app->functions->intval($domain['sys_groupid'])." WHERE forwarding_id = ".$this->id);

    }


 interface/web/mail/mail_get_edit.php

@@ -78,7 +78,7 @@
        // Check the client limits, if user is not the admin
        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_fetchmail FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another transport.
@@ -109,7 +109,7 @@
        global $app;

        $tmp = $app->db->queryOneRecord("SELECT sys_groupid FROM mail_user WHERE email = '".$app->db->quote($this->dataRecord["destination"])."'");
        $app->db->query("update mail_get SET sys_groupid = ".$tmp['sys_groupid']." WHERE mailget_id = ".$this->id);
        $app->db->query("update mail_get SET sys_groupid = ".$app->functions->intval($tmp['sys_groupid'])." WHERE mailget_id = ".$this->id);

    }


 interface/web/mail/mail_mailinglist_edit.php

@@ -92,9 +92,9 @@
            $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, client.default_mailserver, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id order by contact_name");

            // Fill the client select field
            $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$client['client_id']." ORDER BY sys_group.name";
            $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".intval($client['client_id'])." ORDER BY sys_group.name";
            $clients = $app->db->queryAllRecords($sql);
            $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$client['client_id']);
            $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".intval($client['client_id']));
            $client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';
            $tmp_data_record = $app->tform->getDataRecord($this->id);
            if(is_array($clients)) {
@@ -137,29 +137,29 @@
        if($_SESSION["s"]["user"]["typ"] != 'admin') {

            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_mailmailinglist, default_mailserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            //* Check if Domain belongs to user
            if(isset($_POST["domain"])) {
                $domain = $app->db->queryOneRecord("SELECT domain FROM mail_domain WHERE domain = '".$this->dataRecord["domain"]."' AND ".$app->tform->getAuthSQL('r'));
                $domain = $app->db->queryOneRecord("SELECT domain FROM mail_domain WHERE domain = '".$app->db->quote($this->dataRecord["domain"])."' AND ".$app->tform->getAuthSQL('r'));
                if($domain["domain"] != $this->dataRecord["domain"]) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");
            }

            // When the record is updated
            if($this->id == 0) {
                //Check if email is in use
                $check = $app->db->queryOneRecord("SELECT count(source) as number FROM mail_forwarding WHERE source = '".$this->dataRecord["listname"]."@".$this->dataRecord["domain"]."'");
                $check = $app->db->queryOneRecord("SELECT count(source) as number FROM mail_forwarding WHERE source = '".$app->db->quote($this->dataRecord["listname"])."@".$app->db->quote($this->dataRecord["domain"])."'");
                if($check['number'] != 0) {
                    $app->error($app->tform->wordbook["email_in_use_txt"]);
                }

                $check = $app->db->queryOneRecord("SELECT count(email) as number FROM mail_user WHERE email = '".$this->dataRecord["listname"]."@".$this->dataRecord["domain"]."'");
                $check = $app->db->queryOneRecord("SELECT count(email) as number FROM mail_user WHERE email = '".$app->db->quote($this->dataRecord["listname"])."@".$app->db->quote($this->dataRecord["domain"])."'");
                if($check['number'] != 0) {
                    $app->error($app->tform->wordbook["email_in_use_txt"]);
                }

                $check = $app->db->queryOneRecord("SELECT count(mailinglist_id) as number FROM mail_mailinglist WHERE listname = '".$this->dataRecord["listname"]."' AND domain = '".$this->dataRecord["domain"]."'");
                $check = $app->db->queryOneRecord("SELECT count(mailinglist_id) as number FROM mail_mailinglist WHERE listname = '".$app->db->quote($this->dataRecord["listname"])."' AND domain = '".$app->db->quote($this->dataRecord["domain"])."'");
                if($check['number'] != 0) {
                    $app->error($app->tform->wordbook["email_in_use_txt"]);
                }
@@ -187,7 +187,7 @@
        global $app, $conf;

        // Set the server id of the mailinglist = server ID of mail domain.
        $domain = $app->db->queryOneRecord("SELECT server_id FROM mail_domain WHERE domain = '".$this->dataRecord["domain"]."'");
        $domain = $app->db->queryOneRecord("SELECT server_id FROM mail_domain WHERE domain = '".$app->db->quote($this->dataRecord["domain"])."'");
        $this->dataRecord["server_id"] = $domain['server_id'];
    }


 interface/web/mail/mail_spamfilter_edit.php

@@ -76,7 +76,7 @@
        }

        // Changing maildir to mailbox_id
        $sql = "SELECT mailbox_id FROM mail_box WHERE maildir = '".$this->dataRecord["spam_redirect_maildir"]."' AND ".$app->tform->getAuthSQL('r');
        $sql = "SELECT mailbox_id FROM mail_box WHERE maildir = '".$app->db->quote($this->dataRecord["spam_redirect_maildir"])."' AND ".$app->tform->getAuthSQL('r');
        $mailbox = $app->db->queryOneRecord($sql);
        $this->dataRecord["spam_redirect_maildir"] = $mailbox["mailbox_id"];


 interface/web/mail/mail_transport_edit.php

@@ -133,7 +133,7 @@
        // Check the client limits, if user is not the admin
        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_mailrouting FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another transport.

 interface/web/mail/mail_user_edit.php

@@ -92,7 +92,7 @@
        unset($domain_select);

        // Get the spamfilter policys for the user
        $tmp_user = $app->db->queryOneRecord("SELECT policy_id FROM spamfilter_users WHERE email = '".$this->dataRecord["email"]."'");
        $tmp_user = $app->db->queryOneRecord("SELECT policy_id FROM spamfilter_users WHERE email = '".$app->db->quote($this->dataRecord["email"])."'");
        $sql = "SELECT id, policy_name FROM spamfilter_policy WHERE ".$app->tform->getAuthSQL('r');
        $policys = $app->db->queryAllRecords($sql);
        $policy_select = "<option value='0'>".$app->tform->lng("no_policy")."</option>";
@@ -152,7 +152,7 @@
        //* Check the client limits, if user is not the admin
        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_mailbox, limit_mailquota FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


@@ -234,7 +234,7 @@

        // Set the domain owner as mailbox owner
        $domain = $app->db->queryOneRecord("SELECT sys_groupid, server_id FROM mail_domain WHERE domain = '".$app->db->quote($app->functions->idn_encode($_POST["email_domain"]))."' AND ".$app->tform->getAuthSQL('r'));
        $app->db->query("UPDATE mail_user SET sys_groupid = ".$domain["sys_groupid"]." WHERE mailuser_id = ".$this->id);
        $app->db->query("UPDATE mail_user SET sys_groupid = ".$app->functions->intval($domain["sys_groupid"])." WHERE mailuser_id = ".$this->id);

        // Spamfilter policy
        $policy_id = $app->functions->intval($this->dataRecord["policy"]);
@@ -246,7 +246,7 @@
            } else {
                // We create a new record
                $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `priority`, `policy_id`, `email`, `fullname`, `local`)
                        VALUES (".$_SESSION["s"]["user"]["userid"].", ".$domain["sys_groupid"].", 'riud', 'riud', '', ".$domain["server_id"].", 10, ".$policy_id.", '".$app->db->quote($this->dataRecord["email"])."', '".$app->db->quote($this->dataRecord["email"])."', 'Y')";
                        VALUES (".$app->functions->intval($_SESSION["s"]["user"]["userid"]).", ".$app->functions->intval($domain["sys_groupid"]).", 'riud', 'riud', '', ".$app->functions->intval($domain["server_id"]).", 10, ".$app->functions->intval($policy_id).", '".$app->db->quote($this->dataRecord["email"])."', '".$app->db->quote($this->dataRecord["email"])."', 'Y')";
                $app->db->datalogInsert('spamfilter_users', $insert_data, 'id');
            }
        }  // endif spamfilter policy
@@ -270,7 +270,7 @@
        // Set the domain owner as mailbox owner
        if(isset($_POST["email_domain"])) {
            $domain = $app->db->queryOneRecord("SELECT sys_groupid, server_id FROM mail_domain WHERE domain = '".$app->db->quote($app->functions->idn_encode($_POST["email_domain"]))."' AND ".$app->tform->getAuthSQL('r'));
            $app->db->query("UPDATE mail_user SET sys_groupid = ".$domain["sys_groupid"]." WHERE mailuser_id = ".$this->id);
            $app->db->query("UPDATE mail_user SET sys_groupid = ".$app->functions->intval($domain["sys_groupid"])." WHERE mailuser_id = ".$this->id);

            // Spamfilter policy
            $policy_id = $app->functions->intval($this->dataRecord["policy"]);
@@ -282,7 +282,7 @@
                } else {
                    // We create a new record
                    $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `priority`, `policy_id`, `email`, `fullname`, `local`)
                            VALUES (".$_SESSION["s"]["user"]["userid"].", ".$domain["sys_groupid"].", 'riud', 'riud', '', ".$domain["server_id"].", 10, ".$policy_id.", '".$app->db->quote($this->dataRecord["email"])."', '".$app->db->quote($this->dataRecord["email"])."', 'Y')";
                            VALUES (".$app->functions->intval($_SESSION["s"]["user"]["userid"]).", ".$app->functions->intval($domain["sys_groupid"]).", 'riud', 'riud', '', ".$app->functions->intval($domain["server_id"]).", 10, ".$app->functions->intval($policy_id).", '".$app->db->quote($this->dataRecord["email"])."', '".$app->db->quote($this->dataRecord["email"])."', 'Y')";
                    $app->db->datalogInsert('spamfilter_users', $insert_data, 'id');
                }
            }else {

 interface/web/mail/mail_user_filter_edit.php

@@ -84,7 +84,7 @@
        // Check the client limits, if user is not the admin
        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_mailfilter FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another filter
@@ -99,162 +99,6 @@

        parent::onSubmit();
    }

    /*
    function onAfterInsert() {
        global $app, $conf;

        $this->onAfterUpdate();

        $app->db->query("UPDATE mail_user_filter SET sys_groupid = ".$mailuser['sys_groupid']." WHERE filter_id = ".$this->id);
    }

    function onAfterUpdate() {
        global $app, $conf;

        $mailuser = $app->db->queryOneRecord("SELECT custom_mailfilter FROM mail_user WHERE mailuser_id = ".$this->dataRecord["mailuser_id"]);
        $skip = false;
        $lines = explode("\n",$mailuser['custom_mailfilter']);
        $out = '';
        $found = false;

        foreach($lines as $line) {
            $line = rtrim($line);
            if($line == '### BEGIN FILTER_ID:'.$this->id) {
                $skip = true;
                $found = true;
            }
            if($skip == false && $line != '') $out .= $line ."\n";
            if($line == '### END FILTER_ID:'.$this->id) {
                $out .= $this->getRule();
                $skip = false;
            }
        }

        // We did not found our rule, so we add it now as first rule.
        if($found == false) {
            $new_rule = $this->getRule();
            $out = $new_rule . $out;
        }

        $out = $app->db->quote($out);
        $app->db->datalogUpdate('mail_user', "custom_mailfilter = '$out'", 'mailuser_id', $this->dataRecord["mailuser_id"]);

    }

    function getRule() {

        global $app,$conf;

        $app->uses("getconf");
        $mailuser_rec = $app->db->queryOneRecord("SELECT server_id FROM mail_user WHERE mailuser_id = ".$app->functions->intval($this->dataRecord["mailuser_id"]));
        $mail_config = $app->getconf->get_server_config($app->functions->intval($mailuser_rec["server_id"]),'mail');

        if($mail_config['mail_filter_syntax'] == 'sieve') {

            // #######################################################
            // Filter in Sieve Syntax
            // #######################################################

            $content = '';
            $content .= '### BEGIN FILTER_ID:'.$this->id."\n";

            //$content .= 'require ["fileinto", "regex", "vacation"];'."\n";

            $content .= 'if header :regex    ["'.strtolower($this->dataRecord["source"]).'"] ["';

            $searchterm = preg_quote($this->dataRecord["searchterm"]);

            if($this->dataRecord["op"] == 'contains') {
                $content .= ".*".$searchterm;
            } elseif ($this->dataRecord["op"] == 'is') {
                $content .= $searchterm."$";
            } elseif ($this->dataRecord["op"] == 'begins') {
                $content .= " ".$searchterm."";
            } elseif ($this->dataRecord["op"] == 'ends') {
                $content .= ".*".$searchterm."$";
            }

            $content .= '"] {'."\n";

            if($this->dataRecord["action"] == 'move') {
                $content .= '    fileinto "'.$this->dataRecord["target"].'";' . "\n";
            } else {
                $content .= "    discard;\n";
            }

            $content .= "    stop;\n}\n";

            $content .= '### END FILTER_ID:'.$this->id."\n";

        } else {

            // #######################################################
            // Filter in Maildrop Syntax
            // #######################################################
            $content = '';
            $content .= '### BEGIN FILTER_ID:'.$this->id."\n";

            $TargetNoQuotes = $this->dataRecord["target"];
            $TargetQuotes = "\"$TargetNoQuotes\"";

            $TestChDirNoQuotes = '$DEFAULT/.'.$TargetNoQuotes;
            $TestChDirQuotes = "\"$TestChDirNoQuotes\"";

            $MailDirMakeNoQuotes = $TargetQuotes.' $DEFAULT';

            $EchoTargetFinal = $TargetNoQuotes;


            if($this->dataRecord["action"] == 'move') {

            $content .= "
`test -e ".$TestChDirQuotes." && exit 1 || exit 0`
if ( ".'$RETURNCODE'." != 1 )
{
    `maildirmake -f $MailDirMakeNoQuotes`
    `chmod -R 0700 ".$TestChDirQuotes."`
    `echo \"INBOX.$EchoTargetFinal\" >> ".'$DEFAULT'."/courierimapsubscribed`
}
";
            }

            $content .= "if (/^".$this->dataRecord["source"].":";

            $searchterm = preg_quote($this->dataRecord["searchterm"]);

            if($this->dataRecord["op"] == 'contains') {
                $content .= ".*".$searchterm."/:h)\n";
            } elseif ($this->dataRecord["op"] == 'is') {
                $content .= $searchterm."$/:h)\n";
            } elseif ($this->dataRecord["op"] == 'begins') {
                $content .= " ".$searchterm."/:h)\n";
            } elseif ($this->dataRecord["op"] == 'ends') {
                $content .= ".*".$searchterm."$/:h)\n";
            }

            $content .= "{\n";
            $content .= "exception {\n";

            if($this->dataRecord["action"] == 'move') {
                $content .= 'ID' . "$this->id" . 'EndFolder = "$DEFAULT/.' . $this->dataRecord['target'] . '/"' . "\n";
                $content .= "to ". '$ID' . "$this->id" . 'EndFolder' . "\n";
            } else {
                $content .= "to /dev/null\n";
            }

            $content .= "}\n";
            $content .= "}\n";

            //}

            $content .= '### END FILTER_ID:'.$this->id."\n";

        }

        return $content;
    }
    */

}


 interface/web/mail/mail_user_stats.php

@@ -32,22 +32,22 @@
        //* Set the statistics colums
        //** Traffic of the current month
        $tmp_date = date('Y-m');
        $tmp_rec = $app->db->queryOneRecord("SELECT traffic as t FROM mail_traffic WHERE mailuser_id = ".$rec['mailuser_id']." AND month = '$tmp_date'");
        $tmp_rec = $app->db->queryOneRecord("SELECT traffic as t FROM mail_traffic WHERE mailuser_id = ".$app->functions->intval($rec['mailuser_id'])." AND month = '$tmp_date'");
        $rec['this_month'] = number_format($app->functions->intval($tmp_rec['t'])/1024/1024, 0, '.', ' ');

        //** Traffic of the current year
        $tmp_date = date('Y');
        $tmp_rec = $app->db->queryOneRecord("SELECT sum(traffic) as t FROM mail_traffic WHERE mailuser_id = ".$rec['mailuser_id']." AND month like '$tmp_date%'");
        $tmp_rec = $app->db->queryOneRecord("SELECT sum(traffic) as t FROM mail_traffic WHERE mailuser_id = ".$app->functions->intval($rec['mailuser_id'])." AND month like '$tmp_date%'");
        $rec['this_year'] = number_format($app->functions->intval($tmp_rec['t'])/1024/1024, 0, '.', ' ');

        //** Traffic of the last month
        $tmp_date = date('Y-m', mktime(0, 0, 0, date("m")-1, date("d"), date("Y")));
        $tmp_rec = $app->db->queryOneRecord("SELECT traffic as t FROM mail_traffic WHERE mailuser_id = ".$rec['mailuser_id']." AND month = '$tmp_date'");
        $tmp_rec = $app->db->queryOneRecord("SELECT traffic as t FROM mail_traffic WHERE mailuser_id = ".$app->functions->intval($rec['mailuser_id'])." AND month = '$tmp_date'");
        $rec['last_month'] = number_format($app->functions->intval($tmp_rec['t'])/1024/1024, 0, '.', ' ');

        //** Traffic of the last year
        $tmp_date = date('Y', mktime(0, 0, 0, date("m"), date("d"), date("Y")-1));
        $tmp_rec = $app->db->queryOneRecord("SELECT sum(traffic) as t FROM mail_traffic WHERE mailuser_id = ".$rec['mailuser_id']." AND month like '$tmp_date%'");
        $tmp_rec = $app->db->queryOneRecord("SELECT sum(traffic) as t FROM mail_traffic WHERE mailuser_id = ".$app->functions->intval($rec['mailuser_id'])." AND month like '$tmp_date%'");
        $rec['last_year'] = number_format($app->functions->intval($tmp_rec['t'])/1024/1024, 0, '.', ' ');

        //* The variable "id" contains always the index variable

 interface/web/mail/mail_whitelist_edit.php

@@ -88,7 +88,7 @@
        // Check the client limits, if user is not the admin
        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_mailfilter FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another mailbox.

 interface/web/mail/spamfilter_blacklist_edit.php

@@ -89,7 +89,7 @@
        // Check the client limits, if user is not the admin
        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_spamfilter_wblist FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another mailbox.

 interface/web/mail/spamfilter_config_edit.php

@@ -83,7 +83,7 @@
        $server_config_array[$section] = $app->tform->encode($this->dataRecord, $section);
        $server_config_str = $app->ini_parser->get_ini_string($server_config_array);

        $sql = "UPDATE server SET config = '".$app->db->quote($server_config_str)."' WHERE server_id = ".$server_id;
        $sql = "UPDATE server SET config = '".$app->db->quote($server_config_str)."' WHERE server_id = ".$app->functions->intval($server_id);
        $app->db->query($sql);
    }


 interface/web/mail/spamfilter_policy_edit.php

@@ -71,7 +71,7 @@
        // Check the client limits, if user is not the admin
        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_spamfilter_policy FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another mailbox.

 interface/web/mail/spamfilter_users_edit.php

@@ -87,7 +87,7 @@
        // Check the client limits, if user is not the admin
        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_spamfilter_user FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another mailbox.

 interface/web/mail/spamfilter_whitelist_edit.php

@@ -89,7 +89,7 @@
        // Check the client limits, if user is not the admin
        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_spamfilter_wblist FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another mailbox.

 interface/web/mailuser/index.php

@@ -17,7 +17,7 @@
include $lng_file;
$app->tpl->setVar($wb);

$sql = "SELECT * FROM mail_user WHERE mailuser_id = ".$_SESSION['s']['user']['mailuser_id'];
$sql = "SELECT * FROM mail_user WHERE mailuser_id = ".$app->functions->intval($_SESSION['s']['user']['mailuser_id']);
$rec = $app->db->queryOneRecord($sql);

if($rec['quota'] == 0) {
@@ -30,7 +30,7 @@

$app->tpl->setVar($rec);

$sql2 = "SELECT * FROM server WHERE server_id = ".$rec['server_id'];
$sql2 = "SELECT * FROM server WHERE server_id = ".$app->functions->intval($rec['server_id']);
$rec2 = $app->db->queryOneRecord($sql2);

$app->tpl->setVar($rec2);

 interface/web/mailuser/mail_user_filter_edit.php

@@ -83,7 +83,7 @@
        // Check the client limits if the email address is assigned to a client
        if($_SESSION["s"]["user"]["default_group"] > 0) { // if user is not admin
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_mailfilter FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another filter

 interface/web/mailuser/mail_user_filter_list.php

@@ -24,7 +24,7 @@

$list = new list_action;

$list->SQLExtWhere = "mail_user_filter.mailuser_id = ".$_SESSION['s']['user']['mailuser_id'];
$list->SQLExtWhere = "mail_user_filter.mailuser_id = ".$app->functions->intval($_SESSION['s']['user']['mailuser_id']);

$list->onLoad();


 interface/web/mailuser/mail_user_password_edit.php

@@ -52,7 +52,7 @@

    function onSubmit() {

        $this->id = $_SESSION['s']['user']['mailuser_id'];
        $this->id = $app->functions->intval($_SESSION['s']['user']['mailuser_id']);

        parent::onSubmit();


 interface/web/mailuser/mail_user_spamfilter_edit.php

@@ -52,7 +52,7 @@

    function onShow() {

        $this->id = $_SESSION['s']['user']['mailuser_id'];
        $this->id = $app->functions->intval($_SESSION['s']['user']['mailuser_id']);

        parent::onShow();

@@ -61,7 +61,7 @@
    function onSubmit() {
        global $app;

        $this->id = $_SESSION['s']['user']['mailuser_id'];
        $this->id = $app->functions->intval($_SESSION['s']['user']['mailuser_id']);

        parent::onSubmit();

@@ -85,7 +85,7 @@
            } else {
                // We create a new record
                $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `priority`, `policy_id`, `email`, `fullname`, `local`)
                        VALUES (".$domain["sys_userid"].", ".$domain["sys_groupid"].", 'riud', 'riud', '', ".$domain["server_id"].", 10, ".$policy_id.", '".$app->db->quote($rec["email"])."', '".$app->db->quote($rec["email"])."', 'Y')";
                        VALUES (".$app->functions->intval($domain["sys_userid"]).", ".$app->functions->intval($domain["sys_groupid"]).", 'riud', 'riud', '', ".$app->functions->intval($domain["server_id"]).", 10, ".$app->functions->intval($policy_id).", '".$app->db->quote($rec["email"])."', '".$app->db->quote($rec["email"])."', 'Y')";
                $app->db->datalogInsert('spamfilter_users', $insert_data, 'id');
            }
        }else {
@@ -103,7 +103,7 @@
        $app->tpl->setVar("email", $rec['email']);

        // Get the spamfilter policys for the user
        $tmp_user = $app->db->queryOneRecord("SELECT policy_id FROM spamfilter_users WHERE email = '".$rec['email']."'");
        $tmp_user = $app->db->queryOneRecord("SELECT policy_id FROM spamfilter_users WHERE email = '".$app->db->quote($rec['email'])."'");
        $sql = "SELECT id, policy_name FROM spamfilter_policy WHERE ".$app->tform->getAuthSQL('r');
        $policys = $app->db->queryAllRecords($sql);
        $policy_select = "<option value='0'>".$app->tform->lng("no_policy")."</option>";

 interface/web/sites/ajax_get_json.php

@@ -74,7 +74,7 @@

    //* Client: If the logged in user is not admin and has no sub clients (no reseller)
    if($_SESSION["s"]["user"]["typ"] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) {
        $sql_where = " AND (client_id = 0 OR client_id = ".$_SESSION["s"]["user"]["client_id"] . ")";
        $sql_where = " AND (client_id = 0 OR client_id = ".$app->functions->intval($_SESSION["s"]["user"]["client_id"]) . ")";
        //* Reseller: If the logged in user is not admin and has sub clients (is a reseller)
    } elseif ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
        $client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE groupid = $client_group_id");
@@ -158,7 +158,7 @@
    $sql = "SELECT sys_groupid FROM web_domain WHERE domain_id = $web_id AND ".$app->tform->getAuthSQL('r');
    $group = $app->db->queryOneRecord($sql);
    if($group) {
        $sql = "SELECT database_user_id, database_user FROM web_database_user WHERE sys_groupid = '" . $group['sys_groupid'] . "'";
        $sql = "SELECT database_user_id, database_user FROM web_database_user WHERE sys_groupid = '" . $app->functions->intval($group['sys_groupid']) . "'";
        $records = $app->db->queryAllRecords($sql);

        $tmp_array = array();

 interface/web/sites/cron_edit.php

@@ -86,7 +86,7 @@

        if($_SESSION["s"]["user"]["typ"] != 'admin') {
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_cron, limit_cron_type FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // When the record is updated
@@ -139,7 +139,7 @@
        //* last chance to stop this, so check frequency limit!
        if($_SESSION["s"]["user"]["typ"] != 'admin') {
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_cron_frequency FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            if($client["limit_cron_frequency"] > 1) {
@@ -164,7 +164,7 @@
        //* last chance to stop this, so check frequency limit!
        if($_SESSION["s"]["user"]["typ"] != 'admin') {
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_cron_frequency FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            if($client["limit_cron_frequency"] > 1) {
@@ -190,7 +190,7 @@
        $server_id = $web["server_id"];

        // The cron shall be owned by the same group then the website
        $sys_groupid = $web['sys_groupid'];
        $sys_groupid = $app->functions->intval($web['sys_groupid']);

        $sql = "UPDATE cron SET server_id = $server_id, sys_groupid = '$sys_groupid' WHERE id = ".$this->id;
        $app->db->query($sql);

 interface/web/sites/database_edit.php

@@ -269,11 +269,11 @@
        }

        //* Check for duplicates
        $tmp = $app->db->queryOneRecord("SELECT count(database_id) as dbnum FROM web_database WHERE database_name = '".$this->dataRecord['database_name']."' AND server_id = '".$this->dataRecord["server_id"]."' AND database_id != '".$this->id."'");
        $tmp = $app->db->queryOneRecord("SELECT count(database_id) as dbnum FROM web_database WHERE database_name = '".$app->db->quote($this->dataRecord['database_name'])."' AND server_id = '".$app->functions->intval($this->dataRecord["server_id"])."' AND database_id != '".$this->id."'");
        if($tmp['dbnum'] > 0) $app->tform->errorMessage .= $app->lng('database_name_error_unique').'<br />';

        // get the web server ip (parent domain)
        $tmp = $app->db->queryOneRecord("SELECT server_id FROM web_domain WHERE domain_id = '".$this->dataRecord['parent_domain_id']."'");
        $tmp = $app->db->queryOneRecord("SELECT server_id FROM web_domain WHERE domain_id = '".$app->functions->intval($this->dataRecord['parent_domain_id'])."'");
        if($tmp['server_id'] && $tmp['server_id'] != $this->dataRecord['server_id']) {
            // we need remote access rights for this server, so get it's ip address
            $server_config = $app->getconf->get_server_config($tmp['server_id'], 'server');
@@ -337,11 +337,11 @@
        }

        //* Check for duplicates
        $tmp = $app->db->queryOneRecord("SELECT count(database_id) as dbnum FROM web_database WHERE database_name = '".$this->dataRecord['database_name']."' AND server_id = '".$this->dataRecord["server_id"]."'");
        $tmp = $app->db->queryOneRecord("SELECT count(database_id) as dbnum FROM web_database WHERE database_name = '".$app->db->quote($this->dataRecord['database_name'])."' AND server_id = '".$app->functions->intval($this->dataRecord["server_id"])."'");
        if($tmp['dbnum'] > 0) $app->tform->errorMessage .= $app->tform->lng('database_name_error_unique').'<br />';

        // get the web server ip (parent domain)
        $tmp = $app->db->queryOneRecord("SELECT server_id FROM web_domain WHERE domain_id = '".$this->dataRecord['parent_domain_id']."'");
        $tmp = $app->db->queryOneRecord("SELECT server_id FROM web_domain WHERE domain_id = '".$app->functions->intval($this->dataRecord['parent_domain_id'])."'");
        if($tmp['server_id'] && $tmp['server_id'] != $this->dataRecord['server_id']) {
            // we need remote access rights for this server, so get it's ip address
            $server_config = $app->getconf->get_server_config($tmp['server_id'], 'server');
@@ -407,9 +407,9 @@
            $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($this->dataRecord["parent_domain_id"]));

            //* The Database user shall be owned by the same group then the website
            $sys_groupid = $web['sys_groupid'];
            $backup_interval = $web['backup_interval'];
            $backup_copies = $web['backup_copies'];
            $sys_groupid = $app->functions->intval($web['sys_groupid']);
            $backup_interval = $app->functions->intval($web['backup_interval']);
            $backup_copies = $app->functions->intval($web['backup_copies']);

            $sql = "UPDATE web_database SET sys_groupid = '$sys_groupid', backup_interval = '$backup_interval', backup_copies = '$backup_copies' WHERE database_id = ".$this->id;
            $app->db->query($sql);
@@ -423,9 +423,9 @@
            $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($this->dataRecord["parent_domain_id"]));

            //* The Database user shall be owned by the same group then the website
            $sys_groupid = $web['sys_groupid'];
            $backup_interval = $web['backup_interval'];
            $backup_copies = $web['backup_copies'];
            $sys_groupid = $app->functions->intval($web['sys_groupid']);
            $backup_interval = $app->functions->intval($web['backup_interval']);
            $backup_copies = $app->functions->intval($web['backup_copies']);

            $sql = "UPDATE web_database SET sys_groupid = '$sys_groupid', backup_interval = '$backup_interval', backup_copies = '$backup_copies' WHERE database_id = ".$this->id;
            $app->db->query($sql);

 interface/web/sites/database_user_edit.php

@@ -65,13 +65,13 @@

        if ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT client.company_name, client.contact_name, client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Fill the client select field
            $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$client['client_id']." ORDER BY sys_group.name";
            $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$app->functions->intval($client['client_id'])." ORDER BY sys_group.name";
            $records = $app->db->queryAllRecords($sql);
            $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$client['client_id']);
            $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$app->functions->intval($client['client_id']));
            $client_select = '<option value="'.$tmp['groupid'].'">'.$client['contact_name'].'</option>';
            //$tmp_data_record = $app->tform->getDataRecord($this->id);
            if(is_array($records)) {

 interface/web/sites/ftp_user_edit.php

@@ -134,13 +134,13 @@
        global $app, $conf;

        $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($this->dataRecord["parent_domain_id"]));
        $server_id = $web["server_id"];
        $dir = $web["document_root"];
        $uid = $web["system_user"];
        $gid = $web["system_group"];
        $server_id = $app->functions->intval($web["server_id"]);
        $dir = $app->db->quote($web["document_root"]);
        $uid = $app->db->quote($web["system_user"]);
        $gid = $app->db->quote($web["system_group"]);

        // The FTP user shall be owned by the same group then the website
        $sys_groupid = $web['sys_groupid'];
        $sys_groupid = $app->functions->intval($web['sys_groupid']);

        $sql = "UPDATE ftp_user SET server_id = $server_id, dir = '$dir', uid = '$uid', gid = '$gid', sys_groupid = '$sys_groupid' WHERE ftp_user_id = ".$this->id;
        $app->db->query($sql);
@@ -173,13 +173,13 @@
        //* When the site of the FTP user has been changed
        if(isset($this->dataRecord['parent_domain_id']) && $this->oldDataRecord['parent_domain_id'] != $this->dataRecord['parent_domain_id']) {
            $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($this->dataRecord["parent_domain_id"]));
            $server_id = $web["server_id"];
            $dir = $web["document_root"];
            $uid = $web["system_user"];
            $gid = $web["system_group"];
            $server_id = $app->functions->intval($web["server_id"]);
            $dir = $app->db->quote($web["document_root"]);
            $uid = $app->db->quote($web["system_user"]);
            $gid = $app->db->quote($web["system_group"]);

            // The FTP user shall be owned by the same group then the website
            $sys_groupid = $web['sys_groupid'];
            $sys_groupid = $app->functions->intval($web['sys_groupid']);

            $sql = "UPDATE ftp_user SET server_id = $server_id, dir = '$dir', uid = '$uid', gid = '$gid', sys_groupid = '$sys_groupid' WHERE ftp_user_id = ".$this->id;
            $app->db->query($sql);
@@ -194,7 +194,7 @@
            if($error_message != '') {
                $ftp_data = $app->db->queryOneRecord("SELECT parent_domain_id FROM ftp_user WHERE ftp_user_id = '".$app->db->quote($app->tform->primary_id)."'");
                $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($ftp_data["parent_domain_id"]));
                $dir = $web["document_root"];
                $dir = $app->db->quote($web["document_root"]);
                $sql = "UPDATE ftp_user SET dir = '$dir' WHERE ftp_user_id = ".$this->id;
                $app->db->query($sql);
                $app->log("Error in FTP path settings of FTP user ".$this->dataRecord['username'], 1);

 interface/web/sites/lib/lang/de_web_domain.lng

@@ -120,4 +120,5 @@
$wb['invalid_rewrite_rules_txt'] = 'Unzulässige Rewrite Rules';
$wb['allowed_rewrite_rule_directives_txt'] = 'Erlaubte Direktiven:';
$wb['configuration_error_txt'] = 'KONFIGURATIONSFEHLER';
$wb['variables_txt'] = 'Variablen';
?>

 interface/web/sites/lib/lang/en_web_domain.lng

@@ -121,4 +121,5 @@
$wb['allowed_rewrite_rule_directives_txt'] = 'Allowed Directives:';
$wb['configuration_error_txt'] = "CONFIGURATION ERROR";
$wb['server_chosen_not_ok'] = 'The selected server is not allowed for this account.';
$wb['variables_txt'] = 'Variables';
?>

 interface/web/sites/shell_user_edit.php

@@ -158,13 +158,13 @@
        global $app, $conf;

        $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($this->dataRecord["parent_domain_id"]));
        $server_id = $web["server_id"];
        $dir = $web["document_root"];
        $puser = $web["system_user"];
        $pgroup = $web["system_group"];
        $server_id = $app->functions->intval($web["server_id"]);
        $dir = $app->db->quote($web["document_root"]);
        $uid = $app->db->quote($web["system_user"]);
        $gid = $app->db->quote($web["system_group"]);

        // The FTP user shall be owned by the same group then the website
        $sys_groupid = $web['sys_groupid'];
        $sys_groupid = $app->functions->intval($web['sys_groupid']);

        $sql = "UPDATE shell_user SET server_id = $server_id, dir = '$dir', puser = '$puser', pgroup = '$pgroup', sys_groupid = '$sys_groupid' WHERE shell_user_id = ".$this->id;
        $app->db->query($sql);

 interface/web/sites/templates/web_domain_advanced.htm

@@ -84,7 +84,7 @@
            </div>
            <div class="ctrlHolder nginx">
                <label for="nginx_directives">{tmpl_var name='nginx_directives_txt'}</label>
                <textarea name="nginx_directives" id="nginx_directives" rows='10' cols='50' style="width:400px;">{tmpl_var name='nginx_directives'}</textarea>&nbsp;<b>{tmpl_var name="available_nginx_directive_snippets_txt"}</b><br><br>&nbsp;{tmpl_var name="nginx_directive_snippets_txt"}
                <textarea name="nginx_directives" id="nginx_directives" rows='10' cols='50' style="width:400px;">{tmpl_var name='nginx_directives'}</textarea>&nbsp;<b>{tmpl_var name="available_nginx_directive_snippets_txt"}</b><br><br>&nbsp;{tmpl_var name="nginx_directive_snippets_txt"}<br>----<br><b>&nbsp;{tmpl_var name='variables_txt'}:</b> <a href="javascript:void(0);" class="addPlaceholder">{DOCROOT}</a>, <a href="javascript:void(0);" class="addPlaceholder">{FASTCGIPASS}</a>
            </div>
            <div class="ctrlHolder proxy">
                <label for="proxy_directives">{tmpl_var name='proxy_directives_txt'}</label>

 interface/web/sites/web_aliasdomain_edit.php

@@ -177,7 +177,7 @@

            //* Update the old website, so that the vhost alias gets removed
            //* We force the update by inserting a transaction record without changes manually.
            $old_website = $app->db->queryOneRecord('SELECT * FROM web_domain WHERE domain_id = '.$this->oldDataRecord['domain_id']);
            $old_website = $app->db->queryOneRecord('SELECT * FROM web_domain WHERE domain_id = '.$app->functions->intval($this->oldDataRecord['domain_id']));
            $app->db->datalogSave('web_domain', 'UPDATE', 'domain_id', $this->oldDataRecord['parent_domain_id'], $old_website, $old_website, true);
        }


 interface/web/sites/web_domain_del.php

@@ -94,7 +94,7 @@
        //* Delete all records that belog to this web.
        $web_domain = $app->db->queryOneRecord("SELECT domain FROM web_domain WHERE domain_id = ".$app->functions->intval($this->id));
        if($web_domain['domain'] != ''){
            $aps_instances = $app->db->queryAllRecords("SELECT instance_id FROM aps_instances_settings WHERE name = 'main_domain' AND value = '".$web_domain['domain']."'");
            $aps_instances = $app->db->queryAllRecords("SELECT instance_id FROM aps_instances_settings WHERE name = 'main_domain' AND value = '".$app->db->quote($web_domain['domain'])."'");
            if(is_array($aps_instances) && !empty($aps_instances)){
                foreach($aps_instances as $aps_instance){
                    if($aps_instance['instance_id'] > 0){
@@ -109,7 +109,7 @@
        $records = $app->db->queryAllRecords("SELECT web_folder_id FROM web_folder WHERE parent_domain_id = '".$app->functions->intval($this->id)."'");
        foreach($records as $rec) {
            //* Delete all web folder users
            $records2 = $app->db->queryAllRecords("SELECT web_folder_user_id FROM web_folder_user WHERE web_folder_id = '".$rec['web_folder_id']."'");
            $records2 = $app->db->queryAllRecords("SELECT web_folder_user_id FROM web_folder_user WHERE web_folder_id = '".$app->functions->intval($rec['web_folder_id'])."'");
            foreach($records2 as $rec2) {
                $app->db->datalogDelete('web_folder_user', 'web_folder_user_id', $rec2['web_folder_user_id']);
            }

 interface/web/sites/web_domain_edit.php

@@ -169,10 +169,10 @@
            if(!empty($web_config['server_type'])) $server_type = $web_config['server_type'];
            if($server_type == 'nginx' && $this->dataRecord['php'] == 'fast-cgi') $this->dataRecord['php'] = 'php-fpm';
            if($this->dataRecord['php'] == 'php-fpm'){
                $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = ".($this->id > 0 ? $this->dataRecord['server_id'] : intval($client['default_webserver']))." AND (client_id = 0 OR client_id=".$_SESSION['s']['user']['client_id'].")");
                $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = ".($this->id > 0 ? $app->functions->intval($this->dataRecord['server_id']) : $app->functions->intval($client['default_webserver']))." AND (client_id = 0 OR client_id=".$app->functions->intval($_SESSION['s']['user']['client_id']).")");
            }
            if($this->dataRecord['php'] == 'fast-cgi'){
                $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fastcgi_binary != '' AND php_fastcgi_ini_dir != '' AND server_id = ".($this->id > 0 ? $this->dataRecord['server_id'] : intval($client['default_webserver']))." AND (client_id = 0 OR client_id=".$_SESSION['s']['user']['client_id'].")");
                $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fastcgi_binary != '' AND php_fastcgi_ini_dir != '' AND server_id = ".($this->id > 0 ? $app->functions->intval($this->dataRecord['server_id']) : $app->functions->intval($client['default_webserver']))." AND (client_id = 0 OR client_id=".$app->functions->intval($_SESSION['s']['user']['client_id']).")");
            }
            $php_select = "<option value=''>Default</option>";
            if(is_array($php_records) && !empty($php_records)) {
@@ -197,7 +197,7 @@
        } elseif ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSION['s']['user']['userid'])) {

            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT client.client_id, client.limit_web_domain, client.default_webserver, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name, client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            //* Get global web config
@@ -220,7 +220,7 @@
            // Fill the client select field
            $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$client['client_id']." ORDER BY sys_group.name";
            $records = $app->db->queryAllRecords($sql);
            $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$client['client_id']);
            $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$app->functions->intval($client['client_id']));
            $client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';
            //$tmp_data_record = $app->tform->getDataRecord($this->id);
            if(is_array($records)) {
@@ -268,14 +268,14 @@
            $server_type = 'apache';
            if(!empty($web_config['server_type'])) $server_type = $web_config['server_type'];
            if($server_type == 'nginx' && $this->dataRecord['php'] == 'fast-cgi') $this->dataRecord['php'] = 'php-fpm';
            $selected_client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE groupid = $selected_client_group_id");
            $selected_client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE groupid = ".$app->functions->intval($selected_client_group_id));
            //$sql_where = " AND (client_id = 0 OR client_id=".$_SESSION['s']['user']['client_id']." OR client_id = ".intval($selected_client['client_id']).")";
            $sql_where = " AND (client_id = 0 OR client_id = ".intval($selected_client['client_id']).")";
            if($this->dataRecord['php'] == 'php-fpm'){
                $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = ".($this->id > 0 ? $this->dataRecord['server_id'] : intval($client['default_webserver'])).$sql_where);
                $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = ".($this->id > 0 ? $app->functions->intval($this->dataRecord['server_id']) : $app->functions->intval($client['default_webserver'])).$sql_where);
            }
            if($this->dataRecord['php'] == 'fast-cgi') {
                $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fastcgi_binary != '' AND php_fastcgi_ini_dir != '' AND server_id = ".($this->id > 0 ? $this->dataRecord['server_id'] : intval($client['default_webserver'])).$sql_where);
                $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fastcgi_binary != '' AND php_fastcgi_ini_dir != '' AND server_id = ".($this->id > 0 ? $app->functions->intval($this->dataRecord['server_id']) : $app->functions->intval($client['default_webserver'])).$sql_where);
            }
            $php_select = "<option value=''>Default</option>";
            if(is_array($php_records) && !empty($php_records)) {
@@ -364,7 +364,7 @@
            $web_config = $app->getconf->get_server_config($server_id, 'web');

            //* Fill the IPv4 select field
            $sql = "SELECT ip_address FROM server_ip WHERE ip_type = 'IPv4' AND server_id = $server_id";
            $sql = "SELECT ip_address FROM server_ip WHERE ip_type = 'IPv4' AND server_id = ".$app->functions->intval($server_id);
            $ips = $app->db->queryAllRecords($sql);
            $ip_select = ($web_config['enable_ip_wildcard'] == 'y')?"<option value='*'>*</option>":"";
            //$ip_select = "";
@@ -379,7 +379,7 @@
            unset($ips);

            //* Fill the IPv6 select field
            $sql = "SELECT ip_address FROM server_ip WHERE ip_type = 'IPv6' AND server_id = $server_id";
            $sql = "SELECT ip_address FROM server_ip WHERE ip_type = 'IPv6' AND server_id = ".$app->functions->intval($server_id);
            $ips = $app->db->queryAllRecords($sql);
            $ip_select = "<option value=''></option>";
            //$ip_select = "";
@@ -414,14 +414,14 @@
            $server_type = 'apache';
            if(!empty($web_config['server_type'])) $server_type = $web_config['server_type'];
            if($server_type == 'nginx' && $this->dataRecord['php'] == 'fast-cgi') $this->dataRecord['php'] = 'php-fpm';
            $selected_client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE groupid = $selected_client_group_id");
            $selected_client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE groupid = ".$app->functions->intval($selected_client_group_id));
            //$sql_where = " AND (client_id = 0 OR client_id=".$_SESSION['s']['user']['client_id']." OR client_id = ".intval($selected_client['client_id']).")";
            $sql_where = " AND (client_id = 0 OR client_id = ".intval($selected_client['client_id']).")";
            $sql_where = " AND (client_id = 0 OR client_id = ".$app->functions->intval($selected_client['client_id']).")";
            if($this->dataRecord['php'] == 'php-fpm'){
                $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = $server_id".$sql_where);
            }
            if($this->dataRecord['php'] == 'fast-cgi') {
                $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fastcgi_binary != '' AND php_fastcgi_ini_dir != '' AND server_id = $server_id".$sql_where);
                $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fastcgi_binary != '' AND php_fastcgi_ini_dir != '' AND server_id = ".$app->functions->intval($server_id).$sql_where);
            }
            $php_select = "<option value=''>Default</option>";
            if(is_array($php_records) && !empty($php_records)) {
@@ -545,7 +545,7 @@

        // check for configuration errors in sys_datalog
        if($this->id > 0) {
            $datalog = $app->db->queryOneRecord("SELECT sys_datalog.error, sys_log.tstamp FROM sys_datalog, sys_log WHERE sys_datalog.dbtable = 'web_domain' AND sys_datalog.dbidx = 'domain_id:".$this->id."' AND sys_datalog.datalog_id = sys_log.datalog_id AND sys_log.message = CONCAT('Processed datalog_id ',sys_log.datalog_id) ORDER BY sys_datalog.tstamp DESC");
            $datalog = $app->db->queryOneRecord("SELECT sys_datalog.error, sys_log.tstamp FROM sys_datalog, sys_log WHERE sys_datalog.dbtable = 'web_domain' AND sys_datalog.dbidx = 'domain_id:".$app->functions->intval($this->id)."' AND sys_datalog.datalog_id = sys_log.datalog_id AND sys_log.message = CONCAT('Processed datalog_id ',sys_log.datalog_id) ORDER BY sys_datalog.tstamp DESC");
            if(is_array($datalog) && !empty($datalog)){
                if(trim($datalog['error']) != ''){
                    $app->tpl->setVar("config_error_msg", nl2br(htmlentities($datalog['error'])));
@@ -834,7 +834,7 @@

        // get the ID of the client
        if($_SESSION["s"]["user"]["typ"] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) {
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = $client_group_id");
            $client_id = $app->functions->intval($client["client_id"]);
        } else {
@@ -935,7 +935,7 @@

        // get the ID of the client
        if($_SESSION["s"]["user"]["typ"] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) {
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = $client_group_id");
            $client_id = $app->functions->intval($client["client_id"]);
        } elseif (isset($this->dataRecord["client_group_id"])) {
@@ -966,7 +966,7 @@
            // Update the FTP user(s) too
            $records = $app->db->queryAllRecords("SELECT ftp_user_id FROM ftp_user WHERE parent_domain_id = ".$this->id);
            foreach($records as $rec) {
                $app->db->datalogUpdate('ftp_user', "sys_userid = '".$web_rec['sys_userid']."', sys_groupid = '".$web_rec['sys_groupid']."', uid = '$system_user', gid = '$system_group', dir = '$document_root'", 'ftp_user_id', $rec['ftp_user_id']);
                $app->db->datalogUpdate('ftp_user', "sys_userid = '".$app->functions->intval($web_rec['sys_userid'])."', sys_groupid = '".$app->functions->intval($web_rec['sys_groupid'])."', uid = '$system_user', gid = '$system_group', dir = '$document_root'", 'ftp_user_id', $app->functions->intval($rec['ftp_user_id']));
            }
            unset($records);
            unset($rec);
@@ -974,7 +974,7 @@
            // Update the Shell user(s) too
            $records = $app->db->queryAllRecords("SELECT shell_user_id FROM shell_user WHERE parent_domain_id = ".$this->id);
            foreach($records as $rec) {
                $app->db->datalogUpdate('shell_user', "sys_userid = '".$web_rec['sys_userid']."', sys_groupid = '".$web_rec['sys_groupid']."', puser = '$system_user', pgroup = '$system_group', dir = '$document_root'", 'shell_user_id', $rec['shell_user_id']);
                $app->db->datalogUpdate('shell_user', "sys_userid = '".$web_rec['sys_userid']."', sys_groupid = '".$web_rec['sys_groupid']."', puser = '$system_user', pgroup = '$system_group', dir = '$document_root'", 'shell_user_id', $app->functions->intval($rec['shell_user_id']));
            }
            unset($records);
            unset($rec);
@@ -999,7 +999,7 @@
            //* Update all databases
            $records = $app->db->queryAllRecords("SELECT database_id FROM web_database WHERE parent_domain_id = ".$this->id);
            foreach($records as $rec) {
                $app->db->datalogUpdate('web_database', "sys_userid = '".$web_rec['sys_userid']."', sys_groupid = '".$web_rec['sys_groupid']."'", 'database_id', $rec['database_id']);
                $app->db->datalogUpdate('web_database', "sys_userid = '".$app->functions->intval($web_rec['sys_userid'])."', sys_groupid = '".$app->functions->intval($web_rec['sys_groupid'])."'", 'database_id', $app->functions->intval($rec['database_id']));
            }
            unset($records);
            unset($rec);
@@ -1018,10 +1018,10 @@
            unset($subdomain);

            // Update APS instances
            $records = $app->db->queryAllRecords("SELECT id, instance_id FROM aps_instances_settings WHERE name = 'main_domain' AND value = '".$this->oldDataRecord["domain"]."'");
            $records = $app->db->queryAllRecords("SELECT id, instance_id FROM aps_instances_settings WHERE name = 'main_domain' AND value = '".$app->db->quote($this->oldDataRecord["domain"])."'");
            if(is_array($records) && !empty($records)){
                foreach($records as $rec){
                    $app->db->datalogUpdate('aps_instances_settings', "value = '".$this->dataRecord["domain"]."'", 'id', $rec['id']);
                    $app->db->datalogUpdate('aps_instances_settings', "value = '".$app->db->quote($this->dataRecord["domain"])."'", 'id', $rec['id']);
                    // Reinstall of package needed?
                    //$app->db->datalogUpdate('aps_instances', "instance_status = '1'", 'id', $rec['instance_id']);
                }
@@ -1040,7 +1040,7 @@
        if(empty($web_rec['php_open_basedir']) ||
            (!empty($this->dataRecord["domain"]) && !empty($this->oldDataRecord["domain"]) && $this->dataRecord["domain"] != $this->oldDataRecord["domain"])) {
            $php_open_basedir = $web_rec['php_open_basedir'];
            $php_open_basedir = str_replace($this->oldDataRecord['domain'], $web_rec['domain'], $php_open_basedir);
            $php_open_basedir = $app->db->quote(str_replace($this->oldDataRecord['domain'], $web_rec['domain'], $php_open_basedir));
            $sql = "UPDATE web_domain SET php_open_basedir = '$php_open_basedir' WHERE domain_id = ".$this->id;
            $app->db->query($sql);
        }
@@ -1056,8 +1056,8 @@
        //* Change database backup options when web backup options have been changed
        if(isset($this->dataRecord['backup_interval']) && ($this->dataRecord['backup_interval'] != $this->oldDataRecord['backup_interval'] || $this->dataRecord['backup_copies'] != $this->oldDataRecord['backup_copies'])) {
            //* Update all databases
            $backup_interval = $this->dataRecord['backup_interval'];
            $backup_copies = $this->dataRecord['backup_copies'];
            $backup_interval = $app->functions->intval($this->dataRecord['backup_interval']);
            $backup_copies = $app->functions->intval($this->dataRecord['backup_copies']);
            $records = $app->db->queryAllRecords("SELECT database_id FROM web_database WHERE parent_domain_id = ".$this->id);
            foreach($records as $rec) {
                $app->db->datalogUpdate('web_database', "backup_interval = '$backup_interval', backup_copies = '$backup_copies'", 'database_id', $rec['database_id']);
@@ -1072,7 +1072,7 @@
        if(isset($this->dataRecord['ip_address']) && ($this->dataRecord['ip_address'] != $this->oldDataRecord['ip_address'] || $this->dataRecord['ipv6_address'] != $this->oldDataRecord['ipv6_address'])) {
            $records = $app->db->queryAllRecords("SELECT domain_id FROM web_domain WHERE type = 'vhostsubdomain' AND parent_domain_id = ".$this->id);
            foreach($records as $rec) {
                $app->db->datalogUpdate('web_domain', "ip_address = '".$web_rec['ip_address']."', ipv6_address = '".$web_rec['ipv6_address']."'", 'domain_id', $rec['domain_id']);
                $app->db->datalogUpdate('web_domain', "ip_address = '".$app->db->quote($web_rec['ip_address'])."', ipv6_address = '".$app->db->quote($web_rec['ipv6_address'])."'", 'domain_id', $rec['domain_id']);
            }
            unset($records);
            unset($rec);
@@ -1090,7 +1090,7 @@
                $app->tform->datalogSave('DELETE', $d["domain_id"], $d, array());
            }

            $app->db->query("DELETE FROM web_domain WHERE domain_id = ".$d["domain_id"]." LIMIT 0,1");
            $app->db->query("DELETE FROM web_domain WHERE domain_id = ".$app->functions->intval($d["domain_id"])." LIMIT 0,1");
        }
        unset($child_domains);
        unset($d);

 interface/web/sites/web_sites_stats.php

@@ -38,25 +38,25 @@
        //** Traffic of the current month
        $tmp_year = date('Y');
        $tmp_month = date('m');
        $tmp_rec = $app->db->queryOneRecord("SELECT SUM(traffic_bytes) as t FROM web_traffic WHERE hostname = '".$rec['domain']."' AND YEAR(traffic_date) = '$tmp_year' AND MONTH(traffic_date) = '$tmp_month'");
        $tmp_rec = $app->db->queryOneRecord("SELECT SUM(traffic_bytes) as t FROM web_traffic WHERE hostname = '".$app->db->quote($rec['domain'])."' AND YEAR(traffic_date) = '$tmp_year' AND MONTH(traffic_date) = '$tmp_month'");
        $rec['this_month'] = number_format($tmp_rec['t']/1024/1024, 0, '.', ' ');
        $this->sum_this_month += ($tmp_rec['t']/1024/1024);

        //** Traffic of the current year
        $tmp_rec = $app->db->queryOneRecord("SELECT sum(traffic_bytes) as t FROM web_traffic WHERE hostname = '".$rec['domain']."' AND YEAR(traffic_date) = '$tmp_year'");
        $tmp_rec = $app->db->queryOneRecord("SELECT sum(traffic_bytes) as t FROM web_traffic WHERE hostname = '".$app->db->quote($rec['domain'])."' AND YEAR(traffic_date) = '$tmp_year'");
        $rec['this_year'] = number_format($tmp_rec['t']/1024/1024, 0, '.', ' ');
        $this->sum_this_year += ($tmp_rec['t']/1024/1024);

        //** Traffic of the last month
        $tmp_year = date('Y', mktime(0, 0, 0, date("m")-1, date("d"), date("Y")));
        $tmp_month = date('m', mktime(0, 0, 0, date("m")-1, date("d"), date("Y")));
        $tmp_rec = $app->db->queryOneRecord("SELECT sum(traffic_bytes) as t FROM web_traffic WHERE hostname = '".$rec['domain']."' AND YEAR(traffic_date) = '$tmp_year' AND MONTH(traffic_date) = '$tmp_month'");
        $tmp_rec = $app->db->queryOneRecord("SELECT sum(traffic_bytes) as t FROM web_traffic WHERE hostname = '".$app->db->quote($rec['domain'])."' AND YEAR(traffic_date) = '$tmp_year' AND MONTH(traffic_date) = '$tmp_month'");
        $rec['last_month'] = number_format($tmp_rec['t']/1024/1024, 0, '.', ' ');
        $this->sum_last_month += ($tmp_rec['t']/1024/1024);

        //** Traffic of the last year
        $tmp_year = date('Y', mktime(0, 0, 0, date("m"), date("d"), date("Y")-1));
        $tmp_rec = $app->db->queryOneRecord("SELECT sum(traffic_bytes) as t FROM web_traffic WHERE hostname = '".$rec['domain']."' AND YEAR(traffic_date) = '$tmp_year'");
        $tmp_rec = $app->db->queryOneRecord("SELECT sum(traffic_bytes) as t FROM web_traffic WHERE hostname = '".$app->db->quote($rec['domain'])."' AND YEAR(traffic_date) = '$tmp_year'");
        $rec['last_year'] = number_format($tmp_rec['t']/1024/1024, 0, '.', ' ');
        $this->sum_last_year += ($tmp_rec['t']/1024/1024);


 interface/web/sites/web_subdomain_edit.php

@@ -184,8 +184,8 @@

            //* Update the old website, so that the vhost alias gets removed
            //* We force the update by inserting a transaction record without changes manually.
            $old_website = $app->db->queryOneRecord('SELECT * FROM web_domain WHERE domain_id = '.$this->oldDataRecord['domain_id']);
            $app->db->datalogSave('web_domain', 'UPDATE', 'domain_id', $this->oldDataRecord['parent_domain_id'], $old_website, $old_website, true);
            $old_website = $app->db->queryOneRecord('SELECT * FROM web_domain WHERE domain_id = '.$app->functions->intval($this->oldDataRecord['domain_id']));
            $app->db->datalogSave('web_domain', 'UPDATE', 'domain_id', $app->functions->intval($this->oldDataRecord['parent_domain_id']), $old_website, $old_website, true);
        }

    }

 interface/web/sites/web_vhost_subdomain_del.php

@@ -56,7 +56,7 @@
        $records = $app->db->queryAllRecords("SELECT web_folder_id FROM web_folder WHERE parent_domain_id = '".$app->functions->intval($this->id)."'");
        foreach($records as $rec) {
            //* Delete all web folder users
            $records2 = $app->db->queryAllRecords("SELECT web_folder_user_id FROM web_folder_user WHERE web_folder_id = '".$rec['web_folder_id']."'");
            $records2 = $app->db->queryAllRecords("SELECT web_folder_user_id FROM web_folder_user WHERE web_folder_id = '".$app->functions->intval($rec['web_folder_id'])."'");
            foreach($records2 as $rec2) {
                $app->db->datalogDelete('web_folder_user', 'web_folder_user_id', $rec2['web_folder_user_id']);
            }

 interface/web/sites/web_vhost_subdomain_edit.php

@@ -91,7 +91,7 @@
        if($_SESSION["s"]["user"]["typ"] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) {

            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT client.limit_web_subdomain, client.default_webserver, client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            //* Get global web config
@@ -102,10 +102,10 @@
            if(!empty($web_config['server_type'])) $server_type = $web_config['server_type'];
            if($server_type == 'nginx' && $this->dataRecord['php'] == 'fast-cgi') $this->dataRecord['php'] = 'php-fpm';
            if($this->dataRecord['php'] == 'php-fpm'){
                $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = ".$parent_domain['server_id']." AND (client_id = 0 OR client_id=".$_SESSION['s']['user']['client_id'].")");
                $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = ".$app->functions->intval($parent_domain['server_id'])." AND (client_id = 0 OR client_id=".$app->functions->intval($_SESSION['s']['user']['client_id']).")");
            }
            if($this->dataRecord['php'] == 'fast-cgi'){
                $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fastcgi_binary != '' AND php_fastcgi_ini_dir != '' AND server_id = ".$parent_domain['server_id']." AND (client_id = 0 OR client_id=".$_SESSION['s']['user']['client_id'].")");
                $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fastcgi_binary != '' AND php_fastcgi_ini_dir != '' AND server_id = ".$app->functions->intval($parent_domain['server_id'])." AND (client_id = 0 OR client_id=".$app->functions->intval($_SESSION['s']['user']['client_id']).")");
            }
            $php_select = "<option value=''>Default</option>";
            if(is_array($php_records) && !empty($php_records)) {
@@ -130,7 +130,7 @@
        } elseif ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSION['s']['user']['userid'])) {

            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT client.client_id, client.limit_web_subdomain, client.default_webserver, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name, client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            //* Get global web config
@@ -141,10 +141,10 @@
            if(!empty($web_config['server_type'])) $server_type = $web_config['server_type'];
            if($server_type == 'nginx' && $this->dataRecord['php'] == 'fast-cgi') $this->dataRecord['php'] = 'php-fpm';
            if($this->dataRecord['php'] == 'php-fpm'){
                $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = ".$parent_domain['server_id']." AND (client_id = 0 OR client_id=".$_SESSION['s']['user']['client_id'].")");
                $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = ".$app->functions->intval($parent_domain['server_id'])." AND (client_id = 0 OR client_id=".$app->functions->intval($_SESSION['s']['user']['client_id']).")");
            }
            if($this->dataRecord['php'] == 'fast-cgi') {
                $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fastcgi_binary != '' AND php_fastcgi_ini_dir != '' AND server_id = ".$parent_domain['server_id']." AND (client_id = 0 OR client_id=".$_SESSION['s']['user']['client_id'].")");
                $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fastcgi_binary != '' AND php_fastcgi_ini_dir != '' AND server_id = ".$app->functions->intval($parent_domain['server_id'])." AND (client_id = 0 OR client_id=".$app->functions->intval($_SESSION['s']['user']['client_id']).")");
            }
            $php_select = "<option value=''>Default</option>";
            if(is_array($php_records) && !empty($php_records)) {
@@ -223,10 +223,10 @@
            if(!empty($web_config['server_type'])) $server_type = $web_config['server_type'];
            if($server_type == 'nginx' && $this->dataRecord['php'] == 'fast-cgi') $this->dataRecord['php'] = 'php-fpm';
            if($this->dataRecord['php'] == 'php-fpm'){
                $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = " . $parent_domain['server_id']);
                $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = " . $app->functions->intval($parent_domain['server_id']));
            }
            if($this->dataRecord['php'] == 'fast-cgi') {
                $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fastcgi_binary != '' AND php_fastcgi_ini_dir != '' AND server_id = " . $parent_domain['server_id']);
                $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fastcgi_binary != '' AND php_fastcgi_ini_dir != '' AND server_id = " . $app->functions->intval($parent_domain['server_id']));
            }
            $php_select = "<option value=''>Default</option>";
            if(is_array($php_records) && !empty($php_records)) {
@@ -428,7 +428,7 @@

        if($_SESSION["s"]["user"]["typ"] != 'admin') {
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_traffic_quota, limit_web_subdomain, default_webserver, parent_client_id, limit_web_quota, client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            if($client['limit_cgi'] != 'y') $this->dataRecord['cgi'] = '-';
@@ -466,7 +466,7 @@

            if($client['parent_client_id'] > 0) {
                // Get the limits of the reseller
                $reseller = $app->db->queryOneRecord("SELECT limit_traffic_quota, limit_web_subdomain, default_webserver, limit_web_quota FROM client WHERE client_id = ".$client['parent_client_id']);
                $reseller = $app->db->queryOneRecord("SELECT limit_traffic_quota, limit_web_subdomain, default_webserver, limit_web_quota FROM client WHERE client_id = ".$app->functions->intval($client['parent_client_id']));

                //* Check the traffic quota of the client
                if(isset($_POST["traffic_quota"]) && $reseller["limit_traffic_quota"] > 0 && $_POST["traffic_quota"] != $old_web_values["traffic_quota"]) {

 interface/web/tools/dns_import_tupa.php

@@ -89,15 +89,15 @@
                $soa = $exdb->queryOneRecord("SELECT * FROM records WHERE type = 'SOA' AND domain_id = ".$domain['id']);
                if(is_array($soa)) {
                    $parts = explode(' ', $soa['content']);
                    $origin = addot($soa['name']);
                    $ns = addot($parts[0]);
                    $mbox = addot($parts[1]);
                    $serial = $parts[2];
                    $origin = $app->db->quote(addot($soa['name']));
                    $ns = $app->db->quote(addot($parts[0]));
                    $mbox = $app->db->quote(addot($parts[1]));
                    $serial = $app->db->quote($parts[2]);
                    $refresh = 7200;
                    $retry =  540;
                    $expire = 604800;
                    $minimum = 86400;
                    $ttl = $soa['ttl'];
                    $ttl = $app->db->quote($soa['ttl']);

                    $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `origin`, `ns`, `mbox`, `serial`, `refresh`, `retry`, `expire`, `minimum`, `ttl`, `active`, `xfer`) VALUES
                    ('$sys_userid', '$sys_groupid', 'riud', 'riud', '', '$server_id', '$origin', '$ns', '$mbox', '$serial', '$refresh', '$retry', '$expire', '$minimum', '$ttl', 'Y', '')";
@@ -111,15 +111,15 @@
                        foreach($records as $rec) {
                            $rr = array();

                            $rr['name'] = addot($rec['name']);
                            $rr['type'] = $rec['type'];
                            $rr['aux'] = $rec['prio'];
                            $rr['ttl'] = $rec['ttl'];
                            $rr['name'] = $app->db->quote(addot($rec['name']));
                            $rr['type'] = $app->db->quote($rec['type']);
                            $rr['aux'] = $app->db->quote($rec['prio']);
                            $rr['ttl'] = $app->db->quote($rec['ttl']);

                            if($rec['type'] == 'NS' || $rec['type'] == 'MX' || $rec['type'] == 'CNAME') {
                                $rr['data'] = addot($rec['content']);
                                $rr['data'] = $app->db->quote(addot($rec['content']));
                            } else {
                                $rr['data'] = $rec['content'];
                                $rr['data'] = $app->db->quote($rec['content']);
                            }

                            $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `zone`, `name`, `type`, `data`, `aux`, `ttl`, `active`) VALUES

 interface/web/tools/user_settings.php

@@ -63,7 +63,7 @@
        $app->tform->loadFormDef($tform_def_file);

        // Importing ID
        $this->id = $_SESSION['s']['user']['userid'];
        $this->id = $app->functions->intval($_SESSION['s']['user']['userid']);
        $_POST['id'] = $_SESSION['s']['user']['userid'];

        if(count($_POST) > 1) {
@@ -86,8 +86,12 @@
        if($_POST['passwort'] != $_POST['repeat_password']) {
            $app->tform->errorMessage = $app->tform->lng('password_mismatch');
        }
        $_SESSION['s']['user']['language'] = $_POST['language'];
        $_SESSION['s']['language'] = $_POST['language'];
        if(preg_match('/[a-z]{2}/',$_POST['language'])) {
            $_SESSION['s']['user']['language'] = $_POST['language'];
            $_SESSION['s']['language'] = $_POST['language'];
        } else {
            $app->error('Invalid language.');
        }
    }



 interface/web/vm/openvz_action.php

@@ -18,8 +18,8 @@
if($vm_id == 0) die('Invalid VM ID');

$vm = $app->db->queryOneRecord("SELECT server_id, veid FROM openvz_vm WHERE vm_id = $vm_id");
$veid = $vm['veid'];
$server_id = $vm['server_id'];
$veid = $app->functions->intval($vm['veid']);
$server_id = $app->functions->intval($vm['server_id']);

//* Loading classes
$app->uses('tpl');

 interface/web/vm/openvz_template_edit.php

@@ -54,8 +54,8 @@
    function onAfterInsert() {
        global $app, $conf;

        $guar_ram = $this->dataRecord['ram']*256;
        $burst_ram = $this->dataRecord['ram_burst']*256;
        $guar_ram = $app->functions->intval($this->dataRecord['ram']*256);
        $burst_ram = $app->functions->intval($this->dataRecord['ram_burst']*256);
        $sql = "UPDATE openvz_template SET shmpages = '$guar_ram:$guar_ram',vmguarpages = '$guar_ram:$guar_ram', oomguarpages = '$guar_ram:$guar_ram',privvmpages = '$burst_ram:$burst_ram' WHERE template_id = $this->id";
        $app->db->query($sql);
    }
@@ -63,8 +63,8 @@
    function onAfterUpdate() {
        global $app, $conf;

        $guar_ram = $this->dataRecord['ram']*256;
        $burst_ram = $this->dataRecord['ram_burst']*256;
        $guar_ram = $app->functions->intval($this->dataRecord['ram']*256);
        $burst_ram = $app->functions->intval($this->dataRecord['ram_burst']*256);
        $sql = "UPDATE openvz_template SET shmpages = '$guar_ram:$guar_ram',vmguarpages = '$guar_ram:$guar_ram', oomguarpages = '$guar_ram:$guar_ram',privvmpages = '$burst_ram:$burst_ram' WHERE template_id = $this->id";
        $app->db->query($sql);
    }

 interface/web/vm/openvz_vm_edit.php

@@ -73,14 +73,14 @@
        if($_SESSION["s"]["user"]["typ"] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) {

            //* Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, client.limit_openvz_vm_template_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            //* Fill the template_id field
            if($client['limit_openvz_vm_template_id'] == 0) {
                $sql = 'SELECT template_id,template_name FROM openvz_template WHERE 1 ORDER BY template_name';
            } else {
                $sql = 'SELECT template_id,template_name FROM openvz_template WHERE template_id = '.$client['limit_openvz_vm_template_id'].' ORDER BY template_name';
                $sql = 'SELECT template_id,template_name FROM openvz_template WHERE template_id = '.$app->functions->intval($client['limit_openvz_vm_template_id']).' ORDER BY template_name';
            }
            $records = $app->db->queryAllRecords($sql);
            if(is_array($records)) {
@@ -100,9 +100,9 @@


            //* Fill the client select field
            $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$client['client_id']." ORDER BY sys_group.name";
            $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$app->functions->intval($client['client_id'])." ORDER BY sys_group.name";
            $records = $app->db->queryAllRecords($sql);
            $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$client['client_id']);
            $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$app->functions->intval($client['client_id']));
            $client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';
            //$tmp_data_record = $app->tform->getDataRecord($this->id);
            if(is_array($records)) {
@@ -117,7 +117,7 @@
            if($client['limit_openvz_vm_template_id'] == 0) {
                $sql = 'SELECT template_id,template_name FROM openvz_template WHERE 1 ORDER BY template_name';
            } else {
                $sql = 'SELECT template_id,template_name FROM openvz_template WHERE template_id = '.$client['limit_openvz_vm_template_id'].' ORDER BY template_name';
                $sql = 'SELECT template_id,template_name FROM openvz_template WHERE template_id = '.$app->functions->intval($client['limit_openvz_vm_template_id']).' ORDER BY template_name';
            }
            $records = $app->db->queryAllRecords($sql);
            if(is_array($records)) {
@@ -164,7 +164,7 @@
            $vm_server_id = $app->functions->intval($this->dataRecord["server_id"]);
        } else {
            $tmp = $app->db->queryOneRecord('SELECT server_id FROM server WHERE vserver_server = 1 AND mirror_server_id = 0 ORDER BY server_name LIMIT 0,1');
            $vm_server_id = $tmp['server_id'];
            $vm_server_id = $app->functions->intval($tmp['server_id']);
        }
        $sql = "SELECT ip_address FROM openvz_ip WHERE reserved = 'n' AND (vm_id = 0 or vm_id = '".$this->id."') AND server_id = ".$app->functions->intval($vm_server_id)." ORDER BY ip_address";
        $ips = $app->db->queryAllRecords($sql);

 server/lib/classes/plugins.inc.php

@@ -134,7 +134,7 @@
    function registerAction($action_name, $plugin_name, $function_name) {
        global $app;
        $this->subscribed_actions[$action_name][] = array('plugin' => $plugin_name, 'function' => $function_name);
        if($this->debug)  $app->log("Registered function '$function_name' from plugin '$plugin_name' for action '$event_name'.", LOGLEVEL_DEBUG);
        if($this->debug)  $app->log("Registered function '$function_name' from plugin '$plugin_name' for action '$action_name'.", LOGLEVEL_DEBUG);
    }



 server/plugins-available/nginx_plugin.inc.php

@@ -1041,8 +1041,9 @@
        $nginx_directives = str_replace("\r", "\n", $nginx_directives);
        $nginx_directive_lines = explode("\n", $nginx_directives);
        if(is_array($nginx_directive_lines) && !empty($nginx_directive_lines)){
            $trans = array('{DOCROOT}' => $vhost_data['web_document_root_www'], '{FASTCGIPASS}' => 'fastcgi_pass '.($data['new']['php_fpm_use_socket'] == 'y'? 'unix:'.$fpm_socket : '127.0.0.1:'.$vhost_data['fpm_port']).';');
            foreach($nginx_directive_lines as $nginx_directive_line){
                $final_nginx_directives[] = array('nginx_directive' => $nginx_directive_line);
                $final_nginx_directives[] = array('nginx_directive' => strtr($nginx_directive_line, $trans));
            }
        }
        $tpl->setLoop('nginx_directives', $final_nginx_directives);

 server/plugins-available/shelluser_base_plugin.inc.php

@@ -74,8 +74,12 @@

        //* Check if the resulting path is inside the docroot
        $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".intval($data['new']['parent_domain_id']));
        if(substr(realpath($data['new']['dir']), 0, strlen($web['document_root'])) != $web['document_root']) {
            $app->log('Directory of the shell user is outside of website docroot.', LOGLEVEL_WARN);
        if(substr($data['new']['dir'],0,strlen($web['document_root'])) != $web['document_root']) {
            $app->log('Directory of the shell user is outside of website docroot.',LOGLEVEL_WARN);
            return false;
        }
        if(strpos($data['new']['dir'], '/../') !== false || substr($data['new']['dir'],-3) == '/..') {
            $app->log('Directory of the shell user is not valid.',LOGLEVEL_WARN);
            return false;
        }

@@ -137,8 +141,13 @@

        //* Check if the resulting path is inside the docroot
        $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".intval($data['new']['parent_domain_id']));
        if(substr(realpath($data['new']['dir']), 0, strlen($web['document_root'])) != $web['document_root']) {
            $app->log('Directory of the shell user is outside of website docroot.', LOGLEVEL_WARN);
        if(substr($data['new']['dir'],0,strlen($web['document_root'])) != $web['document_root']) {
            $app->log('Directory of the shell user is outside of website docroot.',LOGLEVEL_WARN);
            return false;
        }
		
        if(strpos($data['new']['dir'], '/../') !== false || substr($data['new']['dir'],-3) == '/..') {
            $app->log('Directory of the shell user is not valid.',LOGLEVEL_WARN);
            return false;
        }

@@ -163,6 +172,11 @@
                    $app->log("Executed command: $command ",LOGLEVEL_DEBUG);
                    */
                    //$groupinfo = $app->system->posix_getgrnam($data['new']['pgroup']);
                    if($data['new']['dir'] != $data['old']['dir'] && !is_dir($data['new']['dir'])){
                        $app->file->mkdirs(escapeshellcmd($data['new']['dir']), '0700');
                        $app->system->chown(escapeshellcmd($data['new']['dir']),escapeshellcmd($data['new']['username']));
                        $app->system->chgrp(escapeshellcmd($data['new']['dir']),escapeshellcmd($data['new']['pgroup']));
                    }
                    $app->system->usermod($data['old']['username'], 0, $app->system->getgid($data['new']['pgroup']), $data['new']['dir'], $data['new']['shell'], $data['new']['password'], $data['new']['username']);
                    $app->log("Updated shelluser: ".$data['old']['username'], LOGLEVEL_DEBUG);


 server/server.php

@@ -172,9 +172,9 @@
    $app->modules->loadModules('all');
    //** Load the plugins that are in the plugins-enabled folder
    $app->plugins->loadPlugins('all');

	
    $app->plugins->raiseAction('server_plugins_loaded', '');

	
    if ($tmp_num_records > 0) {
        $app->log("Found $tmp_num_records changes, starting update process.", LOGLEVEL_DEBUG);
        //** Go through the sys_datalog table and call the processing functions

			@@ -595,7 +595,7 @@
			foreach($incomplete_pkgs as $incomplete_pkg){
			$pkg_url = @file_get_contents($this->interface_pkg_dir.'/'.$incomplete_pkg['path'].'/PKG_URL');
			if($pkg_url != ''){
			$app->db->datalogUpdate('aps_packages', "package_url = '".$pkg_url."'", 'id', $incomplete_pkg['id']);
			$app->db->datalogUpdate('aps_packages', "package_url = '".$app->db->quote($pkg_url)."'", 'id', $incomplete_pkg['id']);
			}
			}
			}

			@@ -266,18 +266,18 @@
			unset($tmp);

			// get information if the webserver is a db server, too
			$web_server = $app->db->queryOneRecord("SELECT server_id,server_name,db_server FROM server WHERE server_id = ".$websrv['server_id']);
			$web_server = $app->db->queryOneRecord("SELECT server_id,server_name,db_server FROM server WHERE server_id = ".$app->functions->intval($websrv['server_id']));
			if($web_server['db_server'] == 1) {
			// create database on "localhost" (webserver)
			$mysql_db_server_id = $websrv['server_id'];
			$mysql_db_server_id = $app->functions->intval($websrv['server_id']);
			$mysql_db_host = 'localhost';
			$mysql_db_remote_access = 'n';
			$mysql_db_remote_ips = '';
			} else {
			//* get the default database server of the client
			$client = $app->db->queryOneRecord("SELECT default_dbserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ".$websrv['sys_groupid']);
			$client = $app->db->queryOneRecord("SELECT default_dbserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ".$app->functions->intval($websrv['sys_groupid']));
			if(is_array($client) && $client['default_dbserver'] > 0 && $client['default_dbserver'] != $websrv['server_id']) {
			$mysql_db_server_id = $client['default_dbserver'];
			$mysql_db_server_id = $app->functions->intval($client['default_dbserver']);
			$dbserver_config = $web_config = $app->getconf->get_server_config($app->functions->intval($mysql_db_server_id), 'server');
			$mysql_db_host = $dbserver_config['ip_address'];
			$mysql_db_remote_access = 'y';
			@@ -301,13 +301,13 @@

			//* Find a free db name for the app
			for($n = 1; $n <= 1000; $n++) {
			$mysql_db_name = ($dbname_prefix != '' ? $dbname_prefix.'aps'.$n : uniqid('aps'));
			$mysql_db_name = $app->db->quote(($dbname_prefix != '' ? $dbname_prefix.'aps'.$n : uniqid('aps')));
			$tmp = $app->db->queryOneRecord("SELECT count(database_id) as number FROM web_database WHERE database_name = '".$app->db->quote($mysql_db_name)."'");
			if($tmp['number'] == 0) break;
			}
			//* Find a free db username for the app
			for($n = 1; $n <= 1000; $n++) {
			$mysql_db_user = ($dbuser_prefix != '' ? $dbuser_prefix.'aps'.$n : uniqid('aps'));
			$mysql_db_user = $app->db->quote(($dbuser_prefix != '' ? $dbuser_prefix.'aps'.$n : uniqid('aps')));
			$tmp = $app->db->queryOneRecord("SELECT count(database_user_id) as number FROM web_database_user WHERE database_user = '".$app->db->quote($mysql_db_user)."'");
			if($tmp['number'] == 0) break;
			}
			@@ -316,12 +316,12 @@

			//* Create the mysql database user
			$insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `database_user`, `database_user_prefix`, `database_password`)
			VALUES( ".$websrv['sys_userid'].", ".$websrv['sys_groupid'].", 'riud', '".$websrv['sys_perm_group']."', '', 0, '$mysql_db_user', '".$app->db->quote($dbuser_prefix) . "', PASSWORD('$mysql_db_password'))";
			VALUES( ".$app->functions->intval($websrv['sys_userid']).", ".$app->functions->intval($websrv['sys_groupid']).", 'riud', '".$app->functions->intval($websrv['sys_perm_group'])."', '', 0, '$mysql_db_user', '".$app->db->quote($dbuser_prefix) . "', PASSWORD('$mysql_db_password'))";
			$mysql_db_user_id = $app->db->datalogInsert('web_database_user', $insert_data, 'database_user_id');

			//* Create the mysql database
			$insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `parent_domain_id`, `type`, `database_name`, `database_name_prefix`, `database_user_id`, `database_ro_user_id`, `database_charset`, `remote_access`, `remote_ips`, `backup_copies`, `active`, `backup_interval`)
			VALUES( ".$websrv['sys_userid'].", ".$websrv['sys_groupid'].", 'riud', '".$websrv['sys_perm_group']."', '', $mysql_db_server_id, ".$websrv['domain_id'].", 'mysql', '$mysql_db_name', '" . $app->db->quote($dbname_prefix) . "', '$mysql_db_user_id', 0, '', '$mysql_db_remote_access', '$mysql_db_remote_ips', ".$websrv['backup_copies'].", 'y', '".$websrv['backup_interval']."')";
			VALUES( ".$app->functions->intval($websrv['sys_userid']).", ".$app->functions->intval($websrv['sys_groupid']).", 'riud', '".$app->functions->intval($websrv['sys_perm_group'])."', '', $mysql_db_server_id, ".$app->functions->intval($websrv['domain_id']).", 'mysql', '$mysql_db_name', '" . $app->db->quote($dbname_prefix) . "', '$mysql_db_user_id', 0, '', '$mysql_db_remote_access', '$mysql_db_remote_ips', ".$app->functions->intval($websrv['backup_copies']).", 'y', '".$app->functions->intval($websrv['backup_interval'])."')";
			$app->db->datalogInsert('web_database', $insert_data, 'database_id');

			//* Add db details to package settings
			@@ -332,7 +332,7 @@
			}

			//* Insert new package instance
			$insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `customer_id`, `package_id`, `instance_status`) VALUES (".$websrv['sys_userid'].", ".$websrv['sys_groupid'].", 'riud', '".$websrv['sys_perm_group']."', '', ".$app->db->quote($webserver_id).",".$app->db->quote($customerid).", ".$app->db->quote($packageid).", ".INSTANCE_PENDING.")";
			$insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `customer_id`, `package_id`, `instance_status`) VALUES (".$app->functions->intval($websrv['sys_userid']).", ".$app->functions->intval($websrv['sys_groupid']).", 'riud', '".$app->functions->intval($websrv['sys_perm_group'])."', '', ".$app->db->quote($webserver_id).",".$app->db->quote($customerid).", ".$app->db->quote($packageid).", ".INSTANCE_PENDING.")";
			$InstanceID = $app->db->datalogInsert('aps_instances', $insert_data, 'id');

			//* Insert all package settings
			@@ -404,7 +404,7 @@
			$app->db->datalogSave('aps', 'INSERT', 'id', $instanceid, array(), $datalog);
			*/

			$sql = "SELECT web_database.database_id as database_id FROM aps_instances_settings, web_database WHERE aps_instances_settings.value = web_database.database_name AND aps_instances_settings.value = aps_instances_settings.name = 'main_database_name' AND aps_instances_settings.instance_id = ".$instanceid." LIMIT 0,1";
			$sql = "SELECT web_database.database_id as database_id FROM aps_instances_settings, web_database WHERE aps_instances_settings.value = web_database.database_name AND aps_instances_settings.value = aps_instances_settings.name = 'main_database_name' AND aps_instances_settings.instance_id = ".$app->db->quote($instanceid)." LIMIT 0,1";
			$tmp = $app->db->queryOneRecord($sql);
			if($tmp['database_id'] > 0) $app->db->datalogDelete('web_database', 'database_id', $tmp['database_id']);

			@@ -33,7 +33,8 @@

			public function get_user_id()
			{
			return $_SESSION['s']['user']['userid'];
			global $app;
			return $app->functions->intval($_SESSION['s']['user']['userid']);
			}

			public function is_admin() {
			@@ -80,7 +81,9 @@
			public function get_client_limit($userid, $limitname)
			{
			global $app;


			$userid = $app->functions->intval($userid);

			// simple query cache
			if($this->client_limits===null)
			$this->client_limits = $app->db->queryOneRecord("SELECT client.* FROM sys_user, client WHERE sys_user.userid = $userid AND sys_user.client_id = client.client_id");

			@@ -49,7 +49,7 @@

			if($old_style == true) {
			// we have to take care of this in an other way
			$in_db = $app->db->queryAllRecords('SELECT `assigned_template_id`, `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ' . $clientId);
			$in_db = $app->db->queryAllRecords('SELECT `assigned_template_id`, `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ' . $app->functions->intval($clientId));
			if(is_array($in_db) && count($in_db) > 0) {
			foreach($in_db as $item) {
			if(array_key_exists($item['client_template_id'], $needed_types) == false) $needed_types[$item['client_template_id']] = 0;
			@@ -61,24 +61,24 @@
			if($count > 0) {
			// add new template to client (includes those from old-style without assigned_template_id)
			for($i = $count; $i > 0; $i--) {
			$app->db->query('INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (' . $clientId . ', ' . $tpl_id . ')');
			$app->db->query('INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (' . $app->functions->intval($clientId) . ', ' . $app->functions->intval($tpl_id) . ')');
			}
			} elseif($count < 0) {
			// remove old ones
			for($i = $count; $i < 0; $i++) {
			$app->db->query('DELETE FROM `client_template_assigned` WHERE client_id = ' . $clientId . ' AND client_template_id = ' . $tpl_id . ' LIMIT 1');
			$app->db->query('DELETE FROM `client_template_assigned` WHERE client_id = ' . $app->functions->intval($clientId) . ' AND client_template_id = ' . $app->functions->intval($tpl_id) . ' LIMIT 1');
			}
			}
			}
			} else {
			// we have to take care of this in an other way
			$in_db = $app->db->queryAllRecords('SELECT `assigned_template_id`, `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ' . $clientId);
			$in_db = $app->db->queryAllRecords('SELECT `assigned_template_id`, `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ' . $app->functions->intval($clientId));
			if(is_array($in_db) && count($in_db) > 0) {
			// check which templates were removed from this client
			foreach($in_db as $item) {
			if(in_array($item['assigned_template_id'], $used_assigned) == false) {
			// delete this one
			$app->db->query('DELETE FROM `client_template_assigned` WHERE `assigned_template_id` = ' . $item['assigned_template_id']);
			$app->db->query('DELETE FROM `client_template_assigned` WHERE `assigned_template_id` = ' . $app->functions->intval($item['assigned_template_id']));
			}
			}
			}
			@@ -86,7 +86,7 @@
			if(count($new_tpl) > 0) {
			foreach($new_tpl as $item) {
			// add new template to client (includes those from old-style without assigned_template_id)
			$app->db->query('INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (' . $clientId . ', ' . $item . ')');
			$app->db->query('INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (' . $app->functions->intval($clientId) . ', ' . $app->functions->intval($item) . ')');
			}
			}
			}

			@@ -46,9 +46,9 @@

			if($_SESSION["s"]["user"]["typ"] == 'user') {
			// Get the limits of the client
			$client_group_id = $_SESSION["s"]["user"]["default_group"];
			$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
			$client = $app->db->queryOneRecord("SELECT default_dnsserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
			$sql = "SELECT server_id,server_name FROM server WHERE server_id = ".$client['default_dnsserver'];
			$sql = "SELECT server_id,server_name FROM server WHERE server_id = ".$app->functions->intval($client['default_dnsserver']);
			} else {
			$sql = "SELECT server_id,server_name FROM server WHERE dns_server = 1 ORDER BY server_name";
			}
			@@ -68,9 +68,9 @@

			if($_SESSION["s"]["user"]["typ"] == 'user') {
			// Get the limits of the client
			$client_group_id = $_SESSION["s"]["user"]["default_group"];
			$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
			$client = $app->db->queryOneRecord("SELECT default_slave_dnsserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
			$sql = "SELECT server_id,server_name FROM server WHERE server_id = ".$client['default_slave_dnsserver'];
			$sql = "SELECT server_id,server_name FROM server WHERE server_id = ".$app->functions->intval($client['default_slave_dnsserver']);
			} else {
			$sql = "SELECT server_id,server_name FROM server WHERE dns_server = 1 ORDER BY server_name";
			}
			@@ -99,7 +99,7 @@
			}
			if(count($server_ids) == 0) return array();
			$server_ids = implode(',', $server_ids);
			$records = $app->db->queryAllRecords("SELECT web_domain.domain_id, CONCAT(web_domain.domain, ' :: ', server.server_name) AS parent_domain FROM web_domain, server WHERE web_domain.type = 'vhost' AND web_domain.server_id IN (".$server_ids.") AND web_domain.server_id = server.server_id AND ".$app->tform->getAuthSQL('r', 'web_domain')." ORDER BY web_domain.domain");
			$records = $app->db->queryAllRecords("SELECT web_domain.domain_id, CONCAT(web_domain.domain, ' :: ', server.server_name) AS parent_domain FROM web_domain, server WHERE web_domain.type = 'vhost' AND web_domain.server_id IN (".$app->db->quote($server_ids).") AND web_domain.server_id = server.server_id AND ".$app->tform->getAuthSQL('r', 'web_domain')." ORDER BY web_domain.domain");

			$records_new = array();
			if(is_array($records)) {
			@@ -158,12 +158,12 @@

			if($_SESSION["s"]["user"]["typ"] == 'user') {
			// Get the limits of the client
			$client_group_id = $_SESSION["s"]["user"]["default_group"];
			$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
			$sql = "SELECT $server_type as server_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id";
			$client = $app->db->queryOneRecord($sql);
			if($client['server_id'] > 0) {
			//* Select the default server for the client
			$sql = "SELECT server_id,server_name FROM server WHERE server_id = ".$client['server_id'];
			$sql = "SELECT server_id,server_name FROM server WHERE server_id = ".$app->functions->intval($client['server_id']);
			} else {
			//* Not able to find the clients defaults, use this as fallback and add a warning message to the log
			$app->log('Unable to find default server for client in custom_datasource.inc.php', 1);

			@@ -284,7 +284,7 @@
			// Insert the server_id, if the record has a server_id
			$server_id = (isset($record_old['server_id']) && $record_old['server_id'] > 0)?$record_old['server_id']:0;
			if(isset($record_new['server_id'])) $server_id = $record_new['server_id'];

			$server_id = intval($server_id);

			if($diff_num > 0) {
			//print_r($diff_num);
			@@ -306,6 +306,9 @@
			//** Inserts a record and saves the changes into the datalog
			public function datalogInsert($tablename, $insert_data, $index_field) {
			global $app;

			$tablename = $this->quote($tablename);
			$index_field = $this->quote($index_field);

			if(is_array($insert_data)) {
			$key_str = '';
			@@ -333,6 +336,10 @@
			//** Updates a record and saves the changes into the datalog
			public function datalogUpdate($tablename, $update_data, $index_field, $index_value, $force_update = false) {
			global $app;

			$tablename = $this->quote($tablename);
			$index_field = $this->quote($index_field);
			$index_value = $this->quote($index_value);

			$old_rec = $this->queryOneRecord("SELECT * FROM $tablename WHERE $index_field = '$index_value'");

			@@ -356,6 +363,10 @@
			//** Deletes a record and saves the changes into the datalog
			public function datalogDelete($tablename, $index_field, $index_value) {
			global $app;

			$tablename = $this->quote($tablename);
			$index_field = $this->quote($index_field);
			$index_value = $this->quote($index_value);

			$old_rec = $this->queryOneRecord("SELECT * FROM $tablename WHERE $index_field = '$index_value'");
			$this->query("DELETE FROM $tablename WHERE $index_field = '$index_value'");

			@@ -1,5 +1,7 @@
			<?php

			die('Deprecated file: form.inc.php');

			/*
			Copyright (c) 2007, Till Brehm, projektfarm Gmbh
			All rights reserved.

			@@ -108,8 +108,8 @@
			}

			//* Get the data
			$web = $app->db->queryOneRecord("SELECT server_id FROM web_domain WHERE domain_id = ".$this->form->id);
			$sql = "SELECT * FROM web_backup WHERE parent_domain_id = ".$this->form->id." AND server_id = ".$web['server_id']." ORDER BY tstamp DESC, backup_type ASC";
			$web = $app->db->queryOneRecord("SELECT server_id FROM web_domain WHERE domain_id = ".$app->functions->intval($this->form->id));
			$sql = "SELECT * FROM web_backup WHERE parent_domain_id = ".$app->functions->intval($this->form->id)." AND server_id = ".$app->functions->intval($web['server_id'])." ORDER BY tstamp DESC, backup_type ASC";
			$records = $app->db->queryAllRecords($sql);

			$bgcolor = "#FFFFFF";

			@@ -69,6 +69,7 @@
			function checkPerm($record_id, $perm) {
			global $app;

			$record_id = $app->functions->intval($record_id);
			if($record_id > 0) {
			// Add backticks for incomplete table names.
			if(stristr($this->formDef['db_table'], '.')) {
			@@ -163,7 +164,7 @@
			if($limit_name == '') $app->error('Limit name missing in function checkClientLimit.');

			// Get the limits of the client that is currently logged in
			$client_group_id = $_SESSION["s"]["user"]["default_group"];
			$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
			$client = $app->db->queryOneRecord("SELECT $limit_name as number, parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

			// Check if the user may add another item
			@@ -185,7 +186,7 @@
			if($limit_name == '') $app->error('Limit name missing in function checkClientLimit.');

			// Get the limits of the client that is currently logged in
			$client_group_id = $_SESSION["s"]["user"]["default_group"];
			$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
			$client = $app->db->queryOneRecord("SELECT parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

			//* If the client belongs to a reseller, we will check against the reseller Limit too

			@@ -81,7 +81,7 @@

			// check if the client is locked - he may not change anything, then.
			if(!$app->auth->is_admin()) {
			$client_group_id = $_SESSION["s"]["user"]["default_group"];
			$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
			$client = $app->db->queryOneRecord("SELECT client.locked FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ".$app->functions->intval($client_group_id));
			if(is_array($client) && $client['locked'] == 'y') {
			$app->tform->errorMessage .= $app->lng("client_you_are_locked")."<br />";

			@@ -53,7 +53,7 @@
			}
			}
			} else {
			$num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM sys_user WHERE username = '".$app->db->quote($field_value)."' AND client_id != ".$client_id);
			$num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM sys_user WHERE username = '".$app->db->quote($field_value)."' AND client_id != ".$app->functions->intval($client_id));
			if($num_rec["number"] > 0) {
			$errmsg = $validator['errmsg'];
			if(isset($app->tform->wordbook[$errmsg])) {

			@@ -104,7 +104,7 @@
			}

			if(substr($field, -1) == '.' && $area == 'Name'){
			$soa = $app->db->queryOneRecord("SELECT * FROM soa WHERE id = ".$zoneid);
			$soa = $app->db->queryOneRecord("SELECT * FROM soa WHERE id = ".intval($zoneid));
			if(substr($field, (strlen($field) - strlen($soa['origin']))) != $soa['origin']) $error .= $desc." ".$app->tform->wordbook['error_out_of_zone']."<br>\r\n";
			}

			@@ -267,7 +267,7 @@
			global $app, $conf;

			// increase serial
			$serial_date = substr($serial, 0, 8);
			$serial_date = $app->functions->intval(substr($serial, 0, 8));
			$count = $app->functions->intval(substr($serial, 8, 2));
			$current_date = date("Ymd");
			if($serial_date >= $current_date){

			@@ -118,7 +118,7 @@

			if($domain['ip_address'] == '' \|\| $domain['ipv6_address'] == ''){
			if($domain['parent_domain_id'] > 0){
			$parent_domain = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$domain['parent_domain_id']);
			$parent_domain = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($domain['parent_domain_id']));
			}
			}

			@@ -217,7 +217,7 @@
			// if alias/subdomain: check IP addresses of parent domain
			if($check['ip_address'] == '' \|\| $check['ipv6_address'] == ''){
			if($check['parent_domain_id'] > 0){
			$check_parent_domain = $app->db->queryOneRecord("SELECT * FROM `web_domain` WHERE `domain_id` = ".$check['parent_domain_id']);
			$check_parent_domain = $app->db->queryOneRecord("SELECT * FROM `web_domain` WHERE `domain_id` = ".$app->functions->intval($check['parent_domain_id']));
			}
			}

			@@ -282,7 +282,7 @@

			if($_SESSION["s"]["user"]["typ"] != 'admin') {
			// Get the limits of the client
			$client_group_id = $_SESSION["s"]["user"]["default_group"];
			$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
			$client = $app->db->queryOneRecord("SELECT limit_wildcard FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

			if($client["limit_wildcard"] == 'y') return true;

			@@ -6,4 +6,5 @@
			$wb['active_txt'] = 'Aktiv';
			$wb['directive_snippets_name_empty'] = 'Bitte geben Sie einen Namen für den Schnipsel an.';
			$wb['directive_snippets_name_error_unique'] = 'Es existiert schon ein Direktiven-Schnipsel mit diesem Namen.';
			$wb['variables_txt'] = 'Variablen';
			?>

			@@ -6,4 +6,5 @@
			$wb["active_txt"] = 'Active';
			$wb["directive_snippets_name_empty"] = 'Please specify a name for the snippet.';
			$wb["directive_snippets_name_error_unique"] = 'There is already a directive snippet with this name.';
			$wb['variables_txt'] = 'Variables';
			?>

			@@ -51,7 +51,7 @@
			$client_id = $app->functions->intval($_GET['cid']);
			$tmp_client = $app->db->queryOneRecord("SELECT username FROM client WHERE client_id = $client_id");
			$tmp_sys_user = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE username = '".$app->db->quote($tmp_client['username'])."'");
			$userId = $tmp_sys_user['userid'];
			$userId = $app->functions->intval($tmp_sys_user['userid']);
			unset($tmp_client);
			unset($tmp_sys_user);
			$backlink = 'client/client_list.php';

			@@ -81,7 +81,7 @@
			foreach ($servers as $serverId) {
			$sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
			"VALUES (".
			(int)$serverId . ", " .
			$app->functions->intval($serverId) . ", " .
			time() . ", " .
			"'ispc_update', " .
			"'', " .

			@@ -76,7 +76,7 @@
			foreach ($servers as $serverId) {
			$sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
			"VALUES (".
			(int)$serverId . ", " .
			$app->functions->intval($serverId) . ", " .
			time() . ", " .
			"'os_update', " .
			"'', " .

			@@ -54,7 +54,7 @@
			global $app, $conf;

			// Getting Servers
			$sql = "SELECT server_id,server_name FROM server WHERE server_id != $this->id ORDER BY server_name";
			$sql = "SELECT server_id,server_name FROM server WHERE server_id != ".$app->functions->intval($this->id)." ORDER BY server_name";
			$mirror_servers = $app->db->queryAllRecords($sql);
			$mirror_server_select = '<option value="0">'.$app->tform->lng('- None -').'</option>';
			if(is_array($mirror_servers)) {

			@@ -56,7 +56,7 @@
			//* Check if the server has been changed
			// We do this only for the admin or reseller users, as normal clients can not change the server ID anyway
			if($_SESSION["s"]["user"]["typ"] == 'admin' \|\| $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
			$rec = $app->db->queryOneRecord("SELECT server_id from server_ip WHERE server_ip_id = ".$this->id);
			$rec = $app->db->queryOneRecord("SELECT server_id from server_ip WHERE server_ip_id = ".$app->functions->intval($this->id));
			if($rec['server_id'] != $this->dataRecord["server_id"]) {
			//* Add a error message and switch back to old server
			$app->tform->errorMessage .= $app->lng('The Server can not be changed.');

			@@ -50,7 +50,7 @@
			//* verify the key
			if($package['package_installable'] == 'key' && $install_key != '') {

			$repo = $app->db->queryOneRecord("SELECT * FROM software_repo WHERE software_repo_id = ".$package['software_repo_id']);
			$repo = $app->db->queryOneRecord("SELECT * FROM software_repo WHERE software_repo_id = ".$app->db->quote($package['software_repo_id']));

			$client = new SoapClient(null, array('location' => $repo['repo_url'],
			'uri' => $repo['repo_url']));
			@@ -62,7 +62,7 @@
			$message_err = 'Verification of the key failed.';
			} else {
			// Store the verified key into the database
			$app->db->datalogUpdate('software_package', "package_key = '$install_key'", 'package_id', $package['package_id']);
			$app->db->datalogUpdate('software_package', "package_key = '".$app->db->quote($install_key)."'", 'package_id', $package['package_id']);
			}
			} else {
			$message_ok = 'Please enter the software key for the package.';
			@@ -70,7 +70,7 @@

			//* Install packages, if all requirements are fullfilled.
			if($install_server_id > 0 && $package_name != '' && ($package['package_installable'] == 'yes' \|\| $install_key_verified == true)) {
			$sql = "SELECT software_update_id, package_name, update_title FROM software_update WHERE type = 'full' AND package_name = '$package_name' ORDER BY v1 DESC, v2 DESC, v3 DESC, v4 DESC LIMIT 0,1";
			$sql = "SELECT software_update_id, package_name, update_title FROM software_update WHERE type = 'full' AND package_name = '".$app->db->quote($package_name)."' ORDER BY v1 DESC, v2 DESC, v3 DESC, v4 DESC LIMIT 0,1";
			$tmp = $app->db->queryOneRecord($sql);
			$software_update_id = $tmp['software_update_id'];

			@@ -118,7 +118,7 @@
			$app->db->datalogUpdate('software_package', "package_config = '".$app->db->quote($package_config_str)."'", 'package_id', $package['package_id']);

			$sql = "INSERT INTO `remote_user` (`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `remote_username`, `remote_password`, `remote_functions`) VALUES
			(1, 1, 'riud', 'riud', '', '$remote_user', '$remote_password_md5', '$remote_functions');";
			(1, 1, 'riud', 'riud', '', '".$app->db->quote($remote_user)."', '".$app->db->quote($remote_password_md5)."', '".$app->db->quote($remote_functions)."');";

			$app->db->query($sql);

			@@ -127,7 +127,7 @@
			}

			//* Add the record to start the install process
			$insert_data = "(package_name, server_id, software_update_id, status) VALUES ('$package_name', '$install_server_id', '$software_update_id','installing')";
			$insert_data = "(package_name, server_id, software_update_id, status) VALUES ('".$app->db->quote($package_name)."', '".$app->db->quote($install_server_id)."', '".$app->db->quote($software_update_id)."','installing')";
			$app->db->datalogInsert('software_update_inst', $insert_data, 'software_update_inst_id');
			$message_ok = 'Starting package installation '."<a href=\"#\" onclick=\"submitForm('pageForm','admin/software_package_list.php');\">".$app->lng('next')."</a>";

			@@ -49,7 +49,7 @@
			if(is_array($packages)) {
			foreach($packages as $p) {
			$package_name = $app->db->quote($p['name']);
			$tmp = $app->db->queryOneRecord("SELECT package_id FROM software_package WHERE package_name = '$package_name'");
			$tmp = $app->db->queryOneRecord("SELECT package_id FROM software_package WHERE package_name = '".$app->db->quote($package_name)."'");

			$package_title = $app->db->quote($p['title']);
			$package_description = $app->db->quote($p['description']);
			@@ -150,7 +150,7 @@
			foreach($packages as $key => $p) {
			$installed_txt = '';
			foreach($servers as $s) {
			$inst = $app->db->queryOneRecord("SELECT * FROM software_update, software_update_inst WHERE software_update_inst.software_update_id = software_update.software_update_id AND software_update_inst.package_name = '".addslashes($p["package_name"])."' AND server_id = '".$s["server_id"]."'");
			$inst = $app->db->queryOneRecord("SELECT * FROM software_update, software_update_inst WHERE software_update_inst.software_update_id = software_update.software_update_id AND software_update_inst.package_name = '".$app->db->quote($p["package_name"])."' AND server_id = '".$app->functions->intval($s["server_id"])."'");
			$version = $inst['v1'].'.'.$inst['v2'].'.'.$inst['v3'].'.'.$inst['v4'];

			if($inst['status'] == 'installed') {

			@@ -161,11 +161,11 @@
			foreach($installed_packages as $ip) {

			// Get version number of the latest installed version
			$sql = "SELECT v1, v2, v3, v4 FROM software_update, software_update_inst WHERE software_update.software_update_id = software_update_inst.software_update_id AND server_id = ".$server_id." ORDER BY v1 DESC , v2 DESC , v3 DESC , v4 DESC LIMIT 0,1";
			$sql = "SELECT v1, v2, v3, v4 FROM software_update, software_update_inst WHERE software_update.software_update_id = software_update_inst.software_update_id AND server_id = ".$app->functions->intval($server_id)." ORDER BY v1 DESC , v2 DESC , v3 DESC , v4 DESC LIMIT 0,1";
			$lu = $app->db->queryOneRecord($sql);

			// Get all installable updates
			$sql = "SELECT * FROM software_update WHERE v1 >= $lu[v1] AND v2 >= $lu[v2] AND v3 >= $lu[v3] AND v4 >= $lu[v4] AND package_name = '$ip[package_name]' ORDER BY v1 DESC , v2 DESC , v3 DESC , v4 DESC";
			$sql = "SELECT * FROM software_update WHERE v1 >= ".$app->functions->intval($lu['v1'])." AND v2 >= ".$app->functions->intval($lu['v2'])." AND v3 >= ".$app->functions->intval($lu['v3'])." AND v4 >= ".$app->functions->intval($lu['v4'])." AND package_name = '".$app->db->quote($ip['package_name'])."' ORDER BY v1 DESC , v2 DESC , v3 DESC , v4 DESC";
			$updates = $app->db->queryAllRecords($sql);
			//die($sql);

			@@ -178,7 +178,7 @@
			if($server_config_array['misc']['maintenance_mode'] == 'y'){
			//print_r($_SESSION);
			//echo $_SESSION['s']['id'];
			$app->db->query("DELETE FROM sys_session WHERE session_id != '".$_SESSION['s']['id']."'");
			$app->db->query("DELETE FROM sys_session WHERE session_id != '".$app->db->quote($_SESSION['s']['id'])."'");
			}
			}

			@@ -17,7 +17,7 @@
			</div>
			<div class="ctrlHolder">
			<label for="snippet">{tmpl_var name='snippet_txt'}</label>
			<textarea name="snippet" id="snippet" rows='10' cols='50' style="width:400px;">{tmpl_var name='snippet'}</textarea>
			<textarea name="snippet" id="snippet" rows='10' cols='50' style="width:400px;">{tmpl_var name='snippet'}</textarea><div class="nginx">   {tmpl_var name='variables_txt'}: <a href="javascript:void(0);" class="addPlaceholder">{DOCROOT}</a>, <a href="javascript:void(0);" class="addPlaceholder">{FASTCGIPASS}</a></div>
			</div>
			<div class="ctrlHolder">
			<p class="label">{tmpl_var name='active_txt'}</p>
			@@ -35,4 +35,21 @@
			</div>
			</div>

			</div>
			</div>
			<script language="JavaScript" type="text/javascript">

			if(jQuery('#type').val() == 'nginx'){
			jQuery('.nginx:hidden').show();
			} else {
			jQuery('.nginx:visible').hide();
			}

			jQuery('#type').change(function(){
			if(jQuery(this).val() == 'nginx'){
			jQuery('.nginx:hidden').show();
			} else {
			jQuery('.nginx:visible').hide();
			}
			});

			</script>

			@@ -77,7 +77,7 @@
			global $app, $conf;

			$client = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE userid = ".$this->id);
			$client_id = $client['client_id'];
			$client_id = $app->functions->intval($client['client_id']);
			$username = $app->db->quote($this->dataRecord["username"]);
			$old_username = $app->db->quote($this->oldDataRecord['username']);

			@@ -58,7 +58,7 @@
			if($_SESSION["s"]["user"]["typ"] == 'user') {

			// Get the limits of the client
			$client_group_id = $_SESSION["s"]["user"]["default_group"];
			$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
			$client = $app->db->queryOneRecord("SELECT limit_client FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

			// Check if the user may add another website.

			@@ -65,7 +65,7 @@
			$tmp_client_ids = explode(',', $circle['client_ids']);
			$where = array();
			foreach($tmp_client_ids as $tmp_client_id){
			$where[] = 'client_id = '.$tmp_client_id;
			$where[] = 'client_id = '.$app->functions->intval($tmp_client_id);
			}
			if(!empty($where)) $where_clause = ' AND ('.implode(' OR ', $where).')';
			$sql = "SELECT * FROM client WHERE email != ''".$where_clause;

			@@ -60,7 +60,7 @@
			if($_SESSION["s"]["user"]["typ"] == 'user') {

			// Get the limits of the client
			$client_group_id = $_SESSION["s"]["user"]["default_group"];
			$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
			$client = $app->db->queryOneRecord("SELECT limit_client FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

			// Check if the user may add another website.
			@@ -83,7 +83,7 @@
			if($_SESSION["s"]["user"]["typ"] == 'user' && $this->id == 0) {

			// Get the limits of the client
			$client_group_id = $_SESSION["s"]["user"]["default_group"];
			$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
			$client = $app->db->queryOneRecord("SELECT limit_client FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

			// Check if the user may add another website.
			@@ -156,7 +156,7 @@

			$username = $app->db->quote($this->dataRecord["username"]);
			$password = $app->db->quote($this->dataRecord["password"]);
			$modules = $conf['interface_modules_enabled'] . ',client';
			$modules = $app->db->quote($conf['interface_modules_enabled'] . ',client');
			$startmodule = (stristr($modules, 'dashboard'))?'dashboard':'client';
			$usertheme = $app->db->quote($this->dataRecord["usertheme"]);
			$type = 'user';
			@@ -247,7 +247,7 @@

			// reseller status changed
			if(isset($this->dataRecord["limit_client"]) && $this->dataRecord["limit_client"] != $this->oldDataRecord["limit_client"]) {
			$modules = $conf['interface_modules_enabled'] . ',client';
			$modules = $app->db->quote($conf['interface_modules_enabled'] . ',client');
			$modules = $app->db->quote($modules);
			$client_id = $this->id;
			$sql = "UPDATE sys_user SET modules = '$modules' WHERE client_id = $client_id";

			@@ -127,7 +127,7 @@
			$tpl->setVar('is_admin', $user_is_admin);

			if($user_is_admin == false) {
			$client_group_id = $_SESSION["s"]["user"]["default_group"];
			$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
			$client = $app->db->queryOneRecord("SELECT * FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
			}

			@@ -157,7 +157,7 @@
			function _get_limit_usage($limit) {
			global $app;

			$sql = "SELECT count(sys_userid) as number FROM ".$limit['db_table']." WHERE ";
			$sql = "SELECT count(sys_userid) as number FROM ".$app->db->quote($limit['db_table'])." WHERE ";
			if($limit['db_where'] != '') $sql .= $limit['db_where']." AND ";
			$sql .= $app->tform->getAuthSQL('r');
			$rec = $app->db->queryOneRecord($sql);