Better variable quoting in sql queries.
| | |
| | | function getSQL($record, $tab, $action = 'INSERT', $primary_id = 0, $sql_ext_where = '') { |
| | | |
| | | global $app; |
| | | |
| | | $primary_id = $app->functions->intval($primary_id); |
| | | |
| | | // If there are no data records on the tab, return empty sql string |
| | | if(count($this->formDef['tabs'][$tab]['fields']) == 0) return ''; |
| | |
| | | function getDataRecord($primary_id) { |
| | | global $app; |
| | | $escape = '`'; |
| | | $primary_id = $app->functions->intval($primary_id); |
| | | $sql = "SELECT * FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$this->formDef['db_table_idx']." = ".$primary_id." AND ".$this->getAuthSQL('r', $this->formDef['db_table']); |
| | | return $app->db->queryOneRecord($sql); |
| | | } |
| | |
| | | } |
| | | |
| | | function getAuthSQL($perm, $table = '') { |
| | | global $app; |
| | | |
| | | $perm = $app->db->quote($perm); |
| | | $table = $app->db->quote($table); |
| | | |
| | | if($_SESSION["s"]["user"]["typ"] == 'admin') { |
| | | return '1'; |
| | | } else { |
| | |
| | | function checkPerm($record_id, $perm) { |
| | | global $app; |
| | | |
| | | $record_id = $app->functions->intval($record_id); |
| | | if($record_id > 0) { |
| | | // Add backticks for incomplete table names. |
| | | if(stristr($this->formDef['db_table'], '.')) { |
| | |
| | | if($limit_name == '') $app->error('Limit name missing in function checkClientLimit.'); |
| | | |
| | | // Get the limits of the client that is currently logged in |
| | | $client_group_id = $_SESSION["s"]["user"]["default_group"]; |
| | | $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]); |
| | | $client = $app->db->queryOneRecord("SELECT $limit_name as number, parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id"); |
| | | |
| | | // Check if the user may add another item |
| | |
| | | if($limit_name == '') $app->error('Limit name missing in function checkClientLimit.'); |
| | | |
| | | // Get the limits of the client that is currently logged in |
| | | $client_group_id = $_SESSION["s"]["user"]["default_group"]; |
| | | $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]); |
| | | $client = $app->db->queryOneRecord("SELECT parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id"); |
| | | |
| | | //* If the client belongs to a reseller, we will check against the reseller Limit too |
| | |
| | | |
| | | // check if the client is locked - he may not change anything, then. |
| | | if(!$app->auth->is_admin()) { |
| | | $client_group_id = $_SESSION["s"]["user"]["default_group"]; |
| | | $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]); |
| | | $client = $app->db->queryOneRecord("SELECT client.locked FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ".$app->functions->intval($client_group_id)); |
| | | if(is_array($client) && $client['locked'] == 'y') { |
| | | $app->tform->errorMessage .= $app->lng("client_you_are_locked")."<br />"; |
| | |
| | | } |
| | | } |
| | | } else { |
| | | $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM sys_user WHERE username = '".$app->db->quote($field_value)."' AND client_id != ".$client_id); |
| | | $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM sys_user WHERE username = '".$app->db->quote($field_value)."' AND client_id != ".$app->functions->intval($client_id)); |
| | | if($num_rec["number"] > 0) { |
| | | $errmsg = $validator['errmsg']; |
| | | if(isset($app->tform->wordbook[$errmsg])) { |
| | |
| | | } |
| | | |
| | | if(substr($field, -1) == '.' && $area == 'Name'){ |
| | | $soa = $app->db->queryOneRecord("SELECT * FROM soa WHERE id = ".$zoneid); |
| | | $soa = $app->db->queryOneRecord("SELECT * FROM soa WHERE id = ".intval($zoneid)); |
| | | if(substr($field, (strlen($field) - strlen($soa['origin']))) != $soa['origin']) $error .= $desc." ".$app->tform->wordbook['error_out_of_zone']."<br>\r\n"; |
| | | } |
| | | |
| | |
| | | global $app, $conf; |
| | | |
| | | // increase serial |
| | | $serial_date = substr($serial, 0, 8); |
| | | $serial_date = $app->functions->intval(substr($serial, 0, 8)); |
| | | $count = $app->functions->intval(substr($serial, 8, 2)); |
| | | $current_date = date("Ymd"); |
| | | if($serial_date >= $current_date){ |
| | |
| | | |
| | | if($domain['ip_address'] == '' || $domain['ipv6_address'] == ''){ |
| | | if($domain['parent_domain_id'] > 0){ |
| | | $parent_domain = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$domain['parent_domain_id']); |
| | | $parent_domain = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($domain['parent_domain_id'])); |
| | | } |
| | | } |
| | | |
| | |
| | | // if alias/subdomain: check IP addresses of parent domain |
| | | if($check['ip_address'] == '' || $check['ipv6_address'] == ''){ |
| | | if($check['parent_domain_id'] > 0){ |
| | | $check_parent_domain = $app->db->queryOneRecord("SELECT * FROM `web_domain` WHERE `domain_id` = ".$check['parent_domain_id']); |
| | | $check_parent_domain = $app->db->queryOneRecord("SELECT * FROM `web_domain` WHERE `domain_id` = ".$app->functions->intval($check['parent_domain_id'])); |
| | | } |
| | | } |
| | | |
| | |
| | | |
| | | if($_SESSION["s"]["user"]["typ"] != 'admin') { |
| | | // Get the limits of the client |
| | | $client_group_id = $_SESSION["s"]["user"]["default_group"]; |
| | | $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]); |
| | | $client = $app->db->queryOneRecord("SELECT limit_wildcard FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id"); |
| | | |
| | | if($client["limit_wildcard"] == 'y') return true; |
| | |
| | | if($_SESSION["s"]["user"]["typ"] == 'user') { |
| | | |
| | | // Get the limits of the client |
| | | $client_group_id = $_SESSION["s"]["user"]["default_group"]; |
| | | $client_group_id = intval($_SESSION["s"]["user"]["default_group"]); |
| | | $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id"); |
| | | |
| | | // Check if the user may add another mailbox. |
| | |
| | | // Check the client limits, if user is not the admin |
| | | if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin |
| | | // Get the limits of the client |
| | | $client_group_id = $_SESSION["s"]["user"]["default_group"]; |
| | | $client_group_id = intval($_SESSION["s"]["user"]["default_group"]); |
| | | $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id"); |
| | | |
| | | // Check if the user may add another mailbox. |
| | |
| | | } // end if user is not admin |
| | | |
| | | //* Check for duplicates where IP and hostname are the same |
| | | $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE (type = 'A' AND name = '".$this->dataRecord["name"]."' AND zone = '".$this->dataRecord["zone"]."' and data = '".$this->dataRecord["data"]."' and id != ".$this->id.") OR (type = 'CNAME' AND name = '".$this->dataRecord["name"]."' AND zone = '".$this->dataRecord["zone"]."' and id != ".$this->id.")"); |
| | | $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE (type = 'A' AND name = '".$app->db->quote($this->dataRecord["name"])."' AND zone = '".$app->db->quote($this->dataRecord["zone"])."' and data = '".$app->db->quote($this->dataRecord["data"])."' and id != ".$this->id.") OR (type = 'CNAME' AND name = '".$app->db->quote($this->dataRecord["name"])."' AND zone = '".$app->db->quote($this->dataRecord["zone"])."' and id != ".$this->id.")"); |
| | | if($tmp['number'] > 0) $app->tform->errorMessage .= $app->tform->lng("data_error_duplicate")."<br>"; |
| | | unset($tmp); |
| | | |
| | |
| | | // Check the client limits, if user is not the admin |
| | | if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin |
| | | // Get the limits of the client |
| | | $client_group_id = $_SESSION["s"]["user"]["default_group"]; |
| | | $client_group_id = intval($_SESSION["s"]["user"]["default_group"]); |
| | | $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id"); |
| | | |
| | | // Check if the user may add another mailbox. |
| | |
| | | |
| | | //* Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record |
| | | $soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r')); |
| | | $app->db->datalogUpdate('dns_rr', "sys_groupid = ".$soa['sys_groupid'], 'id', $this->id); |
| | | $app->db->datalogUpdate('dns_rr', "sys_groupid = ".intval($soa['sys_groupid']), 'id', $this->id); |
| | | |
| | | //* Update the serial number of the SOA record |
| | | $soa_id = $app->functions->intval($_POST["zone"]); |
| | |
| | | if($_SESSION["s"]["user"]["typ"] == 'user') { |
| | | |
| | | // Get the limits of the client |
| | | $client_group_id = $_SESSION["s"]["user"]["default_group"]; |
| | | $client_group_id = intval($_SESSION["s"]["user"]["default_group"]); |
| | | $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id"); |
| | | |
| | | // Check if the user may add another mailbox. |
| | |
| | | // Check the client limits, if user is not the admin |
| | | if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin |
| | | // Get the limits of the client |
| | | $client_group_id = $_SESSION["s"]["user"]["default_group"]; |
| | | $client_group_id = intval($_SESSION["s"]["user"]["default_group"]); |
| | | $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id"); |
| | | |
| | | // Check if the user may add another mailbox. |
| | |
| | | if($_SESSION["s"]["user"]["typ"] == 'user') { |
| | | |
| | | // Get the limits of the client |
| | | $client_group_id = $_SESSION["s"]["user"]["default_group"]; |
| | | $client_group_id = intval($_SESSION["s"]["user"]["default_group"]); |
| | | $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id"); |
| | | |
| | | // Check if the user may add another mailbox. |
| | |
| | | // Check the client limits, if user is not the admin |
| | | if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin |
| | | // Get the limits of the client |
| | | $client_group_id = $_SESSION["s"]["user"]["default_group"]; |
| | | $client_group_id = intval($_SESSION["s"]["user"]["default_group"]); |
| | | $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id"); |
| | | |
| | | // Check if the user may add another mailbox. |
| | |
| | | } // end if user is not admin |
| | | |
| | | //* Check for duplicates where IP and hostname are the same |
| | | $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE (type = 'A' AND name = '".$this->dataRecord["name"]."' AND zone = '".$this->dataRecord["zone"]."' and id != ".$this->id.") OR (type = 'CNAME' AND name = '".$this->dataRecord["name"]."' AND zone = '".$this->dataRecord["zone"]."' and id != ".$this->id.")"); |
| | | $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE (type = 'A' AND name = '".$app->db->quote($this->dataRecord["name"])."' AND zone = '".$app->db->quote($this->dataRecord["zone"])."' and id != ".$this->id.") OR (type = 'CNAME' AND name = '".$app->db->quote($this->dataRecord["name"])."' AND zone = '".$app->db->quote($this->dataRecord["zone"])."' and id != ".$this->id.")"); |
| | | if($tmp['number'] > 0) $app->tform->errorMessage .= $app->tform->lng("data_error_duplicate")."<br>"; |
| | | unset($tmp); |
| | | |
| | |
| | | if($_SESSION["s"]["user"]["typ"] == 'user') { |
| | | |
| | | // Get the limits of the client |
| | | $client_group_id = $_SESSION["s"]["user"]["default_group"]; |
| | | $client_group_id = intval($_SESSION["s"]["user"]["default_group"]); |
| | | $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id"); |
| | | |
| | | // Check if the user may add another mailbox. |
| | |
| | | // Check the client limits, if user is not the admin |
| | | if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin |
| | | // Get the limits of the client |
| | | $client_group_id = $_SESSION["s"]["user"]["default_group"]; |
| | | $client_group_id = intval($_SESSION["s"]["user"]["default_group"]); |
| | | $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id"); |
| | | |
| | | // Check if the user may add another mailbox. |
| | |
| | | if($_SESSION['s']['user']['typ'] == 'admin') { |
| | | $server_id = (isset($_POST['server_id']))?$app->functions->intval($_POST['server_id']):1; |
| | | } else { |
| | | $client_group_id = $_SESSION["s"]["user"]["default_group"]; |
| | | $client_group_id = intval($_SESSION["s"]["user"]["default_group"]); |
| | | $client = $app->db->queryOneRecord("SELECT default_dnsserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id"); |
| | | $server_id = $client["default_dnsserver"]; |
| | | } |
| | |
| | | if ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSION['s']['user']['userid'])) { |
| | | |
| | | // Get the limits of the client |
| | | $client_group_id = $_SESSION["s"]["user"]["default_group"]; |
| | | $client_group_id = intval($_SESSION["s"]["user"]["default_group"]); |
| | | $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id"); |
| | | |
| | | |
| | | // load the list of clients |
| | | $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$client['client_id']; |
| | | $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".intval($client['client_id']); |
| | | $clients = $app->db->queryAllRecords($sql); |
| | | $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$client['client_id']); |
| | | $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".intval($client['client_id'])); |
| | | $client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>'; |
| | | if(is_array($clients)) { |
| | | foreach( $clients as $client) { |
| | |
| | | foreach($dns_rr as $rr) |
| | | { |
| | | $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `zone`, `name`, `type`, `data`, `aux`, `ttl`, `active`) VALUES |
| | | ('$sys_userid', '$sys_groupid', 'riud', 'riud', '', '$server_id', '$dns_soa_id', '$rr[name]', '$rr[type]', '$rr[data]', '$rr[aux]', '$rr[ttl]', 'Y')"; |
| | | ('$sys_userid', '$sys_groupid', 'riud', 'riud', '', '$server_id', '$dns_soa_id', '".$app->db->quote($rr['name'])."', '".$app->db->quote($rr['type'])."', '".$app->db->quote($rr['data'])."', '".$app->db->quote($rr['aux'])."', '".$app->db->quote($rr['ttl'])."', 'Y')"; |
| | | $dns_rr_id = $app->db->datalogInsert('dns_rr', $insert_data, 'id'); |
| | | } |
| | | } |
| | |
| | | if($_SESSION["s"]["user"]["typ"] == 'user') { |
| | | |
| | | // Get the limits of the client |
| | | $client_group_id = $_SESSION["s"]["user"]["default_group"]; |
| | | $client_group_id = intval($_SESSION["s"]["user"]["default_group"]); |
| | | $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id"); |
| | | |
| | | // Check if the user may add another mailbox. |
| | |
| | | // Check the client limits, if user is not the admin |
| | | if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin |
| | | // Get the limits of the client |
| | | $client_group_id = $_SESSION["s"]["user"]["default_group"]; |
| | | $client_group_id = intval($_SESSION["s"]["user"]["default_group"]); |
| | | $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id"); |
| | | |
| | | // Check if the user may add another mailbox. |
| | |
| | | global $app, $conf; |
| | | |
| | | // Check if record is existing already |
| | | $duplicate_mx = $app->db->queryOneRecord("SELECT * FROM dns_rr WHERE zone = ".$app->functions->intval($this->dataRecord["zone"])." AND name = '".$this->dataRecord["name"]."' AND type = '".$this->dataRecord["type"]."' AND data = '".$this->dataRecord["data"]."' AND ".$app->tform->getAuthSQL('r')); |
| | | $duplicate_mx = $app->db->queryOneRecord("SELECT * FROM dns_rr WHERE zone = ".$app->functions->intval($this->dataRecord["zone"])." AND name = '".$app->db->quote($this->dataRecord["name"])."' AND type = '".$app->db->quote($this->dataRecord["type"])."' AND data = '".$app->db->quote($this->dataRecord["data"])."' AND ".$app->tform->getAuthSQL('r')); |
| | | |
| | | if(is_array($duplicate_mx) && !empty($duplicate_mx)) $app->error($app->tform->wordbook["duplicate_mx_record_txt"]); |
| | | |
| | |
| | | global $app, $conf; |
| | | |
| | | // Check if record is existing already |
| | | $duplicate_mx = $app->db->queryOneRecord("SELECT * FROM dns_rr WHERE zone = ".$app->functions->intval($this->dataRecord["zone"])." AND name = '".$this->dataRecord["name"]."' AND type = '".$this->dataRecord["type"]."' AND data = '".$this->dataRecord["data"]."' AND id != ".$app->functions->intval($this->dataRecord["id"])." AND ".$app->tform->getAuthSQL('r')); |
| | | $duplicate_mx = $app->db->queryOneRecord("SELECT * FROM dns_rr WHERE zone = ".$app->functions->intval($this->dataRecord["zone"])." AND name = '".$app->db->quote($this->dataRecord["name"])."' AND type = '".$app->db->quote($this->dataRecord["type"])."' AND data = '".$app->db->quote($this->dataRecord["data"])."' AND id != ".$app->functions->intval($this->dataRecord["id"])." AND ".$app->tform->getAuthSQL('r')); |
| | | |
| | | if(is_array($duplicate_mx) && !empty($duplicate_mx)) $app->error($app->tform->wordbook["duplicate_mx_record_txt"]); |
| | | |
| | |
| | | if($_SESSION["s"]["user"]["typ"] == 'user') { |
| | | |
| | | // Get the limits of the client |
| | | $client_group_id = $_SESSION["s"]["user"]["default_group"]; |
| | | $client_group_id = intval($_SESSION["s"]["user"]["default_group"]); |
| | | $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id"); |
| | | |
| | | // Check if the user may add another mailbox. |
| | |
| | | // Check the client limits, if user is not the admin |
| | | if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin |
| | | // Get the limits of the client |
| | | $client_group_id = $_SESSION["s"]["user"]["default_group"]; |
| | | $client_group_id = intval($_SESSION["s"]["user"]["default_group"]); |
| | | $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id"); |
| | | |
| | | // Check if the user may add another mailbox. |
| | |
| | | if($_SESSION["s"]["user"]["typ"] == 'user') { |
| | | |
| | | // Get the limits of the client |
| | | $client_group_id = $_SESSION["s"]["user"]["default_group"]; |
| | | $client_group_id = intval($_SESSION["s"]["user"]["default_group"]); |
| | | $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id"); |
| | | |
| | | // Check if the user may add another mailbox. |
| | |
| | | // Check the client limits, if user is not the admin |
| | | if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin |
| | | // Get the limits of the client |
| | | $client_group_id = $_SESSION["s"]["user"]["default_group"]; |
| | | $client_group_id = intval($_SESSION["s"]["user"]["default_group"]); |
| | | $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id"); |
| | | |
| | | // Check if the user may add another mailbox. |
| | |
| | | // Check the client limits, if user is not the admin |
| | | if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin |
| | | // Get the limits of the client |
| | | $client_group_id = $_SESSION["s"]["user"]["default_group"]; |
| | | $client_group_id = intval($_SESSION["s"]["user"]["default_group"]); |
| | | $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id"); |
| | | |
| | | // Check if the user may add another mailbox. |
| | |
| | | } else if($app->auth->has_clients($_SESSION['s']['user']['userid'])) { |
| | | |
| | | // Get the limits of the client |
| | | $client_group_id = $_SESSION["s"]["user"]["default_group"]; |
| | | $client_group_id = intval($_SESSION["s"]["user"]["default_group"]); |
| | | $client = $app->db->queryOneRecord("SELECT client.client_id, sys_group.name, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id"); |
| | | |
| | | // Fill the client select field |
| | |
| | | |
| | | if($_SESSION["s"]["user"]["typ"] != 'admin') { |
| | | // Get the limits of the client |
| | | $client_group_id = $_SESSION["s"]["user"]["default_group"]; |
| | | $client_group_id = intval($_SESSION["s"]["user"]["default_group"]); |
| | | $client = $app->db->queryOneRecord("SELECT limit_dns_slave_zone, default_slave_dnsserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id"); |
| | | |
| | | // When the record is updated |
| | |
| | | if(strlen($this->dataRecord["origin"]) > 0 && substr($this->dataRecord["origin"], -1, 1) != '.') $this->dataRecord["origin"] .= '.'; |
| | | |
| | | //* Check if a primary zone with the same name already exists |
| | | $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_soa WHERE origin = \"".$this->dataRecord["origin"]."\" AND server_id= \"".$this->dataRecord["server_id"]."\""); |
| | | $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_soa WHERE origin = \"".$app->db->quote($this->dataRecord["origin"])."\" AND server_id= \"".$app->db->quote($this->dataRecord["server_id"])."\""); |
| | | if($tmp["number"] > 0) { |
| | | $app->error($app->tform->wordbook["origin_error_unique"]); |
| | | } |
| | |
| | | global $app, $conf; |
| | | |
| | | // Check if record is existing already |
| | | $duplicate_slave = $app->db->queryOneRecord("SELECT * FROM dns_slave WHERE origin = '".$this->dataRecord["origin"]."' AND server_id = ".$app->functions->intval($this->dataRecord["server_id"])." AND ".$app->tform->getAuthSQL('r')); |
| | | $duplicate_slave = $app->db->queryOneRecord("SELECT * FROM dns_slave WHERE origin = '".$app->db->quote($this->dataRecord["origin"])."' AND server_id = ".$app->functions->intval($this->dataRecord["server_id"])." AND ".$app->tform->getAuthSQL('r')); |
| | | |
| | | if(is_array($duplicate_slave) && !empty($duplicate_slave)) $app->error($app->tform->wordbook["origin_error_unique"]); |
| | | |
| | |
| | | } else if($app->auth->has_clients($_SESSION['s']['user']['userid'])) { |
| | | |
| | | // Get the limits of the client |
| | | $client_group_id = $_SESSION["s"]["user"]["default_group"]; |
| | | $client_group_id = intval($_SESSION["s"]["user"]["default_group"]); |
| | | $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id"); |
| | | |
| | | // Fill the client select field |
| | |
| | | |
| | | if($_SESSION["s"]["user"]["typ"] != 'admin') { |
| | | // Get the limits of the client |
| | | $client_group_id = $_SESSION["s"]["user"]["default_group"]; |
| | | $client_group_id = intval($_SESSION["s"]["user"]["default_group"]); |
| | | $client = $app->db->queryOneRecord("SELECT limit_dns_zone, default_dnsserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id"); |
| | | |
| | | // When the record is updated |
| | |
| | | $this->dataRecord["also_notify"] = preg_replace('/\s+/', '', $this->dataRecord["also_notify"]); |
| | | |
| | | //* Check if a secondary zone with the same name already exists |
| | | $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_slave WHERE origin = \"".$this->dataRecord["origin"]."\" AND server_id = \"".$this->dataRecord["server_id"]."\""); |
| | | $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_slave WHERE origin = \"".$app->db->quote($this->dataRecord["origin"])."\" AND server_id = \"".$app->db->quote($this->dataRecord["server_id"])."\""); |
| | | if($tmp["number"] > 0) { |
| | | $app->error($app->tform->wordbook["origin_error_unique"]); |
| | | } |
| | |
| | | if($_SESSION["s"]["user"]["typ"] == 'user') { |
| | | |
| | | // Get the limits of the client |
| | | $client_group_id = $_SESSION["s"]["user"]["default_group"]; |
| | | $client_group_id = intval($_SESSION["s"]["user"]["default_group"]); |
| | | $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id"); |
| | | |
| | | // Check if the user may add another mailbox. |
| | |
| | | if($_SESSION["s"]["user"]["typ"] == 'user') { |
| | | |
| | | // Get the limits of the client |
| | | $client_group_id = $_SESSION["s"]["user"]["default_group"]; |
| | | $client_group_id = intval($_SESSION["s"]["user"]["default_group"]); |
| | | $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id"); |
| | | |
| | | // Check if the user may add another mailbox. |
| | |
| | | // Check the client limits, if user is not the admin |
| | | if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin |
| | | // Get the limits of the client |
| | | $client_group_id = $_SESSION["s"]["user"]["default_group"]; |
| | | $client_group_id = intval($_SESSION["s"]["user"]["default_group"]); |
| | | $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id"); |
| | | |
| | | // Check if the user may add another mailbox. |
| | |
| | | if($_SESSION['s']['user']['typ'] == 'admin') { |
| | | $server_id = (isset($_POST['server_id']))?$app->functions->intval($_POST['server_id']):1; |
| | | } else { |
| | | $client_group_id = $_SESSION["s"]["user"]["default_group"]; |
| | | $client_group_id = intval($_SESSION["s"]["user"]["default_group"]); |
| | | $client = $app->db->queryOneRecord("SELECT default_dnsserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id"); |
| | | $server_id = $client["default_dnsserver"]; |
| | | $server_id = intval($client["default_dnsserver"]); |
| | | } |
| | | |
| | | |
| | |
| | | // load the list of clients |
| | | $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$client['client_id']; |
| | | $clients = $app->db->queryAllRecords($sql); |
| | | $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$client['client_id']); |
| | | $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".intval($client['client_id'])); |
| | | $client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>'; |
| | | if(is_array($clients)) { |
| | | foreach( $clients as $client) { |