gitlabFork/ISPConfig3.git - Solinfo Gitblit

parent: e9a57d4a | patch | commit | ignore whitespace

Till Brehm

2013-11-18 35509d5644f23eb109bf41b496de730d24103da3

Better variable quoting in sql queries.

20 files modified

	interface/lib/classes/tform.inc.php	13 ●●●●● patch \| view \| raw \| blame \| history
	interface/lib/classes/tform_actions.inc.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/lib/classes/validate_client.inc.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/lib/classes/validate_dns.inc.php	4 ●●●●● patch \| view \| raw \| blame \| history
	interface/lib/classes/validate_domain.inc.php	6 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/dns/dns_a_edit.php	6 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/dns/dns_aaaa_edit.php	4 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/dns/dns_alias_edit.php	4 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/dns/dns_cname_edit.php	6 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/dns/dns_hinfo_edit.php	4 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/dns/dns_import.php	10 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/dns/dns_mx_edit.php	8 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/dns/dns_ns_edit.php	4 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/dns/dns_ptr_edit.php	4 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/dns/dns_rp_edit.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/dns/dns_slave_edit.php	8 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/dns/dns_soa_edit.php	6 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/dns/dns_srv_edit.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/dns/dns_txt_edit.php	4 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/dns/dns_wizard.php	6 ●●●●● patch \| view \| raw \| blame \| history

 interface/lib/classes/tform.inc.php

@@ -1048,6 +1048,8 @@
    function getSQL($record, $tab, $action = 'INSERT', $primary_id = 0, $sql_ext_where = '') {

        global $app;
		
        $primary_id = $app->functions->intval($primary_id);

        // If there are no data records on the tab, return empty sql string
        if(count($this->formDef['tabs'][$tab]['fields']) == 0) return '';
@@ -1272,6 +1274,7 @@
    function getDataRecord($primary_id) {
        global $app;
        $escape = '`';
        $primary_id = $app->functions->intval($primary_id);
        $sql = "SELECT * FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$this->formDef['db_table_idx']." = ".$primary_id." AND ".$this->getAuthSQL('r', $this->formDef['db_table']);
        return $app->db->queryOneRecord($sql);
    }
@@ -1285,6 +1288,11 @@
    }

    function getAuthSQL($perm, $table = '') {
        global $app;
		
        $perm = $app->db->quote($perm);
        $table = $app->db->quote($table);
		
        if($_SESSION["s"]["user"]["typ"] == 'admin') {
            return '1';
        } else {
@@ -1309,6 +1317,7 @@
    function checkPerm($record_id, $perm) {
        global $app;

        $record_id = $app->functions->intval($record_id);
        if($record_id > 0) {
            // Add backticks for incomplete table names.
            if(stristr($this->formDef['db_table'], '.')) {
@@ -1403,7 +1412,7 @@
        if($limit_name == '') $app->error('Limit name missing in function checkClientLimit.');

        // Get the limits of the client that is currently logged in
        $client_group_id = $_SESSION["s"]["user"]["default_group"];
        $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
        $client = $app->db->queryOneRecord("SELECT $limit_name as number, parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

        // Check if the user may add another item
@@ -1425,7 +1434,7 @@
        if($limit_name == '') $app->error('Limit name missing in function checkClientLimit.');

        // Get the limits of the client that is currently logged in
        $client_group_id = $_SESSION["s"]["user"]["default_group"];
        $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
        $client = $app->db->queryOneRecord("SELECT parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

        //* If the client belongs to a reseller, we will check against the reseller Limit too

 interface/lib/classes/tform_actions.inc.php

@@ -81,7 +81,7 @@

        // check if the client is locked - he may not change anything, then.
        if(!$app->auth->is_admin()) {
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT client.locked FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ".$app->functions->intval($client_group_id));
            if(is_array($client) && $client['locked'] == 'y') {
                $app->tform->errorMessage .= $app->lng("client_you_are_locked")."<br />";

 interface/lib/classes/validate_client.inc.php

@@ -53,7 +53,7 @@
                }
            }
        } else {
            $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM sys_user WHERE username = '".$app->db->quote($field_value)."' AND client_id != ".$client_id);
            $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM sys_user WHERE username = '".$app->db->quote($field_value)."' AND client_id != ".$app->functions->intval($client_id));
            if($num_rec["number"] > 0) {
                $errmsg = $validator['errmsg'];
                if(isset($app->tform->wordbook[$errmsg])) {

 interface/lib/classes/validate_dns.inc.php

@@ -104,7 +104,7 @@
        }

        if(substr($field, -1) == '.' && $area == 'Name'){
            $soa = $app->db->queryOneRecord("SELECT * FROM soa WHERE id = ".$zoneid);
            $soa = $app->db->queryOneRecord("SELECT * FROM soa WHERE id = ".intval($zoneid));
            if(substr($field, (strlen($field) - strlen($soa['origin']))) != $soa['origin']) $error .= $desc." ".$app->tform->wordbook['error_out_of_zone']."<br>\r\n";
        }

@@ -267,7 +267,7 @@
        global $app, $conf;

        // increase serial
        $serial_date = substr($serial, 0, 8);
        $serial_date = $app->functions->intval(substr($serial, 0, 8));
        $count = $app->functions->intval(substr($serial, 8, 2));
        $current_date = date("Ymd");
        if($serial_date >= $current_date){

 interface/lib/classes/validate_domain.inc.php

@@ -118,7 +118,7 @@

        if($domain['ip_address'] == '' || $domain['ipv6_address'] == ''){
            if($domain['parent_domain_id'] > 0){
                $parent_domain = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$domain['parent_domain_id']);
                $parent_domain = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($domain['parent_domain_id']));
            }
        }

@@ -217,7 +217,7 @@
                    // if alias/subdomain: check IP addresses of parent domain
                    if($check['ip_address'] == '' || $check['ipv6_address'] == ''){
                        if($check['parent_domain_id'] > 0){
                            $check_parent_domain = $app->db->queryOneRecord("SELECT * FROM `web_domain` WHERE `domain_id` = ".$check['parent_domain_id']);
                            $check_parent_domain = $app->db->queryOneRecord("SELECT * FROM `web_domain` WHERE `domain_id` = ".$app->functions->intval($check['parent_domain_id']));
                        }
                    }

@@ -282,7 +282,7 @@

        if($_SESSION["s"]["user"]["typ"] != 'admin') {
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_wildcard FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            if($client["limit_wildcard"] == 'y') return true;

 interface/web/dns/dns_a_edit.php

@@ -57,7 +57,7 @@
        if($_SESSION["s"]["user"]["typ"] == 'user') {

            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another mailbox.
@@ -84,7 +84,7 @@
        // Check the client limits, if user is not the admin
        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another mailbox.
@@ -97,7 +97,7 @@
        } // end if user is not admin

        //* Check for duplicates where IP and hostname are the same
        $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE (type = 'A' AND name = '".$this->dataRecord["name"]."' AND zone = '".$this->dataRecord["zone"]."' and data = '".$this->dataRecord["data"]."' and id != ".$this->id.") OR (type = 'CNAME' AND name = '".$this->dataRecord["name"]."' AND zone = '".$this->dataRecord["zone"]."' and id != ".$this->id.")");
        $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE (type = 'A' AND name = '".$app->db->quote($this->dataRecord["name"])."' AND zone = '".$app->db->quote($this->dataRecord["zone"])."' and data = '".$app->db->quote($this->dataRecord["data"])."' and id != ".$this->id.") OR (type = 'CNAME' AND name = '".$app->db->quote($this->dataRecord["name"])."' AND zone = '".$app->db->quote($this->dataRecord["zone"])."' and id != ".$this->id.")");
        if($tmp['number'] > 0) $app->tform->errorMessage .= $app->tform->lng("data_error_duplicate")."<br>";
        unset($tmp);


 interface/web/dns/dns_aaaa_edit.php

@@ -84,7 +84,7 @@
        // Check the client limits, if user is not the admin
        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another mailbox.
@@ -113,7 +113,7 @@

        //* Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record
        $soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));
        $app->db->datalogUpdate('dns_rr', "sys_groupid = ".$soa['sys_groupid'], 'id', $this->id);
        $app->db->datalogUpdate('dns_rr', "sys_groupid = ".intval($soa['sys_groupid']), 'id', $this->id);

        //* Update the serial number of the SOA record
        $soa_id = $app->functions->intval($_POST["zone"]);

 interface/web/dns/dns_alias_edit.php

@@ -57,7 +57,7 @@
        if($_SESSION["s"]["user"]["typ"] == 'user') {

            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another mailbox.
@@ -84,7 +84,7 @@
        // Check the client limits, if user is not the admin
        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another mailbox.

 interface/web/dns/dns_cname_edit.php

@@ -57,7 +57,7 @@
        if($_SESSION["s"]["user"]["typ"] == 'user') {

            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another mailbox.
@@ -84,7 +84,7 @@
        // Check the client limits, if user is not the admin
        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another mailbox.
@@ -97,7 +97,7 @@
        } // end if user is not admin

        //* Check for duplicates where IP and hostname are the same
        $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE (type = 'A' AND name = '".$this->dataRecord["name"]."' AND zone = '".$this->dataRecord["zone"]."' and id != ".$this->id.") OR (type = 'CNAME' AND name = '".$this->dataRecord["name"]."' AND zone = '".$this->dataRecord["zone"]."' and id != ".$this->id.")");
        $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE (type = 'A' AND name = '".$app->db->quote($this->dataRecord["name"])."' AND zone = '".$app->db->quote($this->dataRecord["zone"])."' and id != ".$this->id.") OR (type = 'CNAME' AND name = '".$app->db->quote($this->dataRecord["name"])."' AND zone = '".$app->db->quote($this->dataRecord["zone"])."' and id != ".$this->id.")");
        if($tmp['number'] > 0) $app->tform->errorMessage .= $app->tform->lng("data_error_duplicate")."<br>";
        unset($tmp);


 interface/web/dns/dns_hinfo_edit.php

@@ -57,7 +57,7 @@
        if($_SESSION["s"]["user"]["typ"] == 'user') {

            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another mailbox.
@@ -84,7 +84,7 @@
        // Check the client limits, if user is not the admin
        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another mailbox.

 interface/web/dns/dns_import.php

@@ -52,7 +52,7 @@
if($_SESSION['s']['user']['typ'] == 'admin') {
    $server_id = (isset($_POST['server_id']))?$app->functions->intval($_POST['server_id']):1;
} else {
    $client_group_id = $_SESSION["s"]["user"]["default_group"];
    $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
    $client = $app->db->queryOneRecord("SELECT default_dnsserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
    $server_id = $client["default_dnsserver"];
}
@@ -101,14 +101,14 @@
if ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSION['s']['user']['userid'])) {

    // Get the limits of the client
    $client_group_id = $_SESSION["s"]["user"]["default_group"];
    $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
    $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


    // load the list of clients
    $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$client['client_id'];
    $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".intval($client['client_id']);
    $clients = $app->db->queryAllRecords($sql);
    $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$client['client_id']);
    $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".intval($client['client_id']));
    $client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';
    if(is_array($clients)) {
        foreach( $clients as $client) {
@@ -648,7 +648,7 @@
            foreach($dns_rr as $rr)
            {
                $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `zone`, `name`, `type`, `data`, `aux`, `ttl`, `active`) VALUES
                ('$sys_userid', '$sys_groupid', 'riud', 'riud', '', '$server_id', '$dns_soa_id', '$rr[name]', '$rr[type]', '$rr[data]', '$rr[aux]', '$rr[ttl]', 'Y')";
                ('$sys_userid', '$sys_groupid', 'riud', 'riud', '', '$server_id', '$dns_soa_id', '".$app->db->quote($rr['name'])."', '".$app->db->quote($rr['type'])."', '".$app->db->quote($rr['data'])."', '".$app->db->quote($rr['aux'])."', '".$app->db->quote($rr['ttl'])."', 'Y')";
                $dns_rr_id = $app->db->datalogInsert('dns_rr', $insert_data, 'id');
            }
        }

 interface/web/dns/dns_mx_edit.php

@@ -57,7 +57,7 @@
        if($_SESSION["s"]["user"]["typ"] == 'user') {

            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another mailbox.
@@ -84,7 +84,7 @@
        // Check the client limits, if user is not the admin
        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another mailbox.
@@ -112,7 +112,7 @@
        global $app, $conf;

        // Check if record is existing already
        $duplicate_mx = $app->db->queryOneRecord("SELECT * FROM dns_rr WHERE zone = ".$app->functions->intval($this->dataRecord["zone"])." AND name = '".$this->dataRecord["name"]."' AND type = '".$this->dataRecord["type"]."' AND data = '".$this->dataRecord["data"]."' AND ".$app->tform->getAuthSQL('r'));
        $duplicate_mx = $app->db->queryOneRecord("SELECT * FROM dns_rr WHERE zone = ".$app->functions->intval($this->dataRecord["zone"])." AND name = '".$app->db->quote($this->dataRecord["name"])."' AND type = '".$app->db->quote($this->dataRecord["type"])."' AND data = '".$app->db->quote($this->dataRecord["data"])."' AND ".$app->tform->getAuthSQL('r'));

        if(is_array($duplicate_mx) && !empty($duplicate_mx)) $app->error($app->tform->wordbook["duplicate_mx_record_txt"]);

@@ -123,7 +123,7 @@
        global $app, $conf;

        // Check if record is existing already
        $duplicate_mx = $app->db->queryOneRecord("SELECT * FROM dns_rr WHERE zone = ".$app->functions->intval($this->dataRecord["zone"])." AND name = '".$this->dataRecord["name"]."' AND type = '".$this->dataRecord["type"]."' AND data = '".$this->dataRecord["data"]."' AND id != ".$app->functions->intval($this->dataRecord["id"])." AND ".$app->tform->getAuthSQL('r'));
        $duplicate_mx = $app->db->queryOneRecord("SELECT * FROM dns_rr WHERE zone = ".$app->functions->intval($this->dataRecord["zone"])." AND name = '".$app->db->quote($this->dataRecord["name"])."' AND type = '".$app->db->quote($this->dataRecord["type"])."' AND data = '".$app->db->quote($this->dataRecord["data"])."' AND id != ".$app->functions->intval($this->dataRecord["id"])." AND ".$app->tform->getAuthSQL('r'));

        if(is_array($duplicate_mx) && !empty($duplicate_mx)) $app->error($app->tform->wordbook["duplicate_mx_record_txt"]);


 interface/web/dns/dns_ns_edit.php

@@ -57,7 +57,7 @@
        if($_SESSION["s"]["user"]["typ"] == 'user') {

            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another mailbox.
@@ -84,7 +84,7 @@
        // Check the client limits, if user is not the admin
        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another mailbox.

 interface/web/dns/dns_ptr_edit.php

@@ -57,7 +57,7 @@
        if($_SESSION["s"]["user"]["typ"] == 'user') {

            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another mailbox.
@@ -84,7 +84,7 @@
        // Check the client limits, if user is not the admin
        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another mailbox.

 interface/web/dns/dns_rp_edit.php

@@ -84,7 +84,7 @@
        // Check the client limits, if user is not the admin
        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another mailbox.

 interface/web/dns/dns_slave_edit.php

@@ -87,7 +87,7 @@
        } else if($app->auth->has_clients($_SESSION['s']['user']['userid'])) {

                // Get the limits of the client
                $client_group_id = $_SESSION["s"]["user"]["default_group"];
                $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
                $client = $app->db->queryOneRecord("SELECT client.client_id, sys_group.name, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

                // Fill the client select field
@@ -122,7 +122,7 @@

        if($_SESSION["s"]["user"]["typ"] != 'admin') {
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_dns_slave_zone, default_slave_dnsserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // When the record is updated
@@ -150,7 +150,7 @@
        if(strlen($this->dataRecord["origin"]) > 0 && substr($this->dataRecord["origin"], -1, 1) != '.') $this->dataRecord["origin"] .= '.';

        //* Check if a primary zone with the same name already exists
        $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_soa WHERE origin = \"".$this->dataRecord["origin"]."\" AND server_id= \"".$this->dataRecord["server_id"]."\"");
        $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_soa WHERE origin = \"".$app->db->quote($this->dataRecord["origin"])."\" AND server_id= \"".$app->db->quote($this->dataRecord["server_id"])."\"");
        if($tmp["number"] > 0) {
            $app->error($app->tform->wordbook["origin_error_unique"]);
        }
@@ -162,7 +162,7 @@
        global $app, $conf;

        // Check if record is existing already
        $duplicate_slave = $app->db->queryOneRecord("SELECT * FROM dns_slave WHERE origin = '".$this->dataRecord["origin"]."' AND server_id = ".$app->functions->intval($this->dataRecord["server_id"])." AND ".$app->tform->getAuthSQL('r'));
        $duplicate_slave = $app->db->queryOneRecord("SELECT * FROM dns_slave WHERE origin = '".$app->db->quote($this->dataRecord["origin"])."' AND server_id = ".$app->functions->intval($this->dataRecord["server_id"])." AND ".$app->tform->getAuthSQL('r'));

        if(is_array($duplicate_slave) && !empty($duplicate_slave)) $app->error($app->tform->wordbook["origin_error_unique"]);


 interface/web/dns/dns_soa_edit.php

@@ -97,7 +97,7 @@
        } else if($app->auth->has_clients($_SESSION['s']['user']['userid'])) {

                // Get the limits of the client
                $client_group_id = $_SESSION["s"]["user"]["default_group"];
                $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
                $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

                // Fill the client select field
@@ -132,7 +132,7 @@

        if($_SESSION["s"]["user"]["typ"] != 'admin') {
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_dns_zone, default_dnsserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // When the record is updated
@@ -177,7 +177,7 @@
        $this->dataRecord["also_notify"] = preg_replace('/\s+/', '', $this->dataRecord["also_notify"]);

        //* Check if a secondary zone with the same name already exists
        $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_slave WHERE origin = \"".$this->dataRecord["origin"]."\" AND server_id = \"".$this->dataRecord["server_id"]."\"");
        $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_slave WHERE origin = \"".$app->db->quote($this->dataRecord["origin"])."\" AND server_id = \"".$app->db->quote($this->dataRecord["server_id"])."\"");
        if($tmp["number"] > 0) {
            $app->error($app->tform->wordbook["origin_error_unique"]);
        }

 interface/web/dns/dns_srv_edit.php

@@ -57,7 +57,7 @@
        if($_SESSION["s"]["user"]["typ"] == 'user') {

            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another mailbox.

 interface/web/dns/dns_txt_edit.php

@@ -57,7 +57,7 @@
        if($_SESSION["s"]["user"]["typ"] == 'user') {

            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another mailbox.
@@ -84,7 +84,7 @@
        // Check the client limits, if user is not the admin
        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another mailbox.

 interface/web/dns/dns_wizard.php

@@ -49,9 +49,9 @@
if($_SESSION['s']['user']['typ'] == 'admin') {
    $server_id = (isset($_POST['server_id']))?$app->functions->intval($_POST['server_id']):1;
} else {
    $client_group_id = $_SESSION["s"]["user"]["default_group"];
    $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
    $client = $app->db->queryOneRecord("SELECT default_dnsserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
    $server_id = $client["default_dnsserver"];
    $server_id = intval($client["default_dnsserver"]);
}


@@ -105,7 +105,7 @@
    // load the list of clients
    $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$client['client_id'];
    $clients = $app->db->queryAllRecords($sql);
    $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$client['client_id']);
    $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".intval($client['client_id']));
    $client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';
    if(is_array($clients)) {
        foreach( $clients as $client) {

			@@ -1048,6 +1048,8 @@
			function getSQL($record, $tab, $action = 'INSERT', $primary_id = 0, $sql_ext_where = '') {

			global $app;

			$primary_id = $app->functions->intval($primary_id);

			// If there are no data records on the tab, return empty sql string
			if(count($this->formDef['tabs'][$tab]['fields']) == 0) return '';
			@@ -1272,6 +1274,7 @@
			function getDataRecord($primary_id) {
			global $app;
			$escape = '`';
			$primary_id = $app->functions->intval($primary_id);
			$sql = "SELECT * FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$this->formDef['db_table_idx']." = ".$primary_id." AND ".$this->getAuthSQL('r', $this->formDef['db_table']);
			return $app->db->queryOneRecord($sql);
			}
			@@ -1285,6 +1288,11 @@
			}

			function getAuthSQL($perm, $table = '') {
			global $app;

			$perm = $app->db->quote($perm);
			$table = $app->db->quote($table);

			if($_SESSION["s"]["user"]["typ"] == 'admin') {
			return '1';
			} else {
			@@ -1309,6 +1317,7 @@
			function checkPerm($record_id, $perm) {
			global $app;

			$record_id = $app->functions->intval($record_id);
			if($record_id > 0) {
			// Add backticks for incomplete table names.
			if(stristr($this->formDef['db_table'], '.')) {
			@@ -1403,7 +1412,7 @@
			if($limit_name == '') $app->error('Limit name missing in function checkClientLimit.');

			// Get the limits of the client that is currently logged in
			$client_group_id = $_SESSION["s"]["user"]["default_group"];
			$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
			$client = $app->db->queryOneRecord("SELECT $limit_name as number, parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

			// Check if the user may add another item
			@@ -1425,7 +1434,7 @@
			if($limit_name == '') $app->error('Limit name missing in function checkClientLimit.');

			// Get the limits of the client that is currently logged in
			$client_group_id = $_SESSION["s"]["user"]["default_group"];
			$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
			$client = $app->db->queryOneRecord("SELECT parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

			//* If the client belongs to a reseller, we will check against the reseller Limit too

			@@ -81,7 +81,7 @@

			// check if the client is locked - he may not change anything, then.
			if(!$app->auth->is_admin()) {
			$client_group_id = $_SESSION["s"]["user"]["default_group"];
			$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
			$client = $app->db->queryOneRecord("SELECT client.locked FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ".$app->functions->intval($client_group_id));
			if(is_array($client) && $client['locked'] == 'y') {
			$app->tform->errorMessage .= $app->lng("client_you_are_locked")."<br />";

			@@ -53,7 +53,7 @@
			}
			}
			} else {
			$num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM sys_user WHERE username = '".$app->db->quote($field_value)."' AND client_id != ".$client_id);
			$num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM sys_user WHERE username = '".$app->db->quote($field_value)."' AND client_id != ".$app->functions->intval($client_id));
			if($num_rec["number"] > 0) {
			$errmsg = $validator['errmsg'];
			if(isset($app->tform->wordbook[$errmsg])) {

			@@ -104,7 +104,7 @@
			}

			if(substr($field, -1) == '.' && $area == 'Name'){
			$soa = $app->db->queryOneRecord("SELECT * FROM soa WHERE id = ".$zoneid);
			$soa = $app->db->queryOneRecord("SELECT * FROM soa WHERE id = ".intval($zoneid));
			if(substr($field, (strlen($field) - strlen($soa['origin']))) != $soa['origin']) $error .= $desc." ".$app->tform->wordbook['error_out_of_zone']."<br>\r\n";
			}

			@@ -267,7 +267,7 @@
			global $app, $conf;

			// increase serial
			$serial_date = substr($serial, 0, 8);
			$serial_date = $app->functions->intval(substr($serial, 0, 8));
			$count = $app->functions->intval(substr($serial, 8, 2));
			$current_date = date("Ymd");
			if($serial_date >= $current_date){

			@@ -118,7 +118,7 @@

			if($domain['ip_address'] == '' \|\| $domain['ipv6_address'] == ''){
			if($domain['parent_domain_id'] > 0){
			$parent_domain = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$domain['parent_domain_id']);
			$parent_domain = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($domain['parent_domain_id']));
			}
			}

			@@ -217,7 +217,7 @@
			// if alias/subdomain: check IP addresses of parent domain
			if($check['ip_address'] == '' \|\| $check['ipv6_address'] == ''){
			if($check['parent_domain_id'] > 0){
			$check_parent_domain = $app->db->queryOneRecord("SELECT * FROM `web_domain` WHERE `domain_id` = ".$check['parent_domain_id']);
			$check_parent_domain = $app->db->queryOneRecord("SELECT * FROM `web_domain` WHERE `domain_id` = ".$app->functions->intval($check['parent_domain_id']));
			}
			}

			@@ -282,7 +282,7 @@

			if($_SESSION["s"]["user"]["typ"] != 'admin') {
			// Get the limits of the client
			$client_group_id = $_SESSION["s"]["user"]["default_group"];
			$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
			$client = $app->db->queryOneRecord("SELECT limit_wildcard FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

			if($client["limit_wildcard"] == 'y') return true;

			@@ -57,7 +57,7 @@
			if($_SESSION["s"]["user"]["typ"] == 'user') {

			// Get the limits of the client
			$client_group_id = $_SESSION["s"]["user"]["default_group"];
			$client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
			$client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

			// Check if the user may add another mailbox.
			@@ -84,7 +84,7 @@
			// Check the client limits, if user is not the admin
			if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
			// Get the limits of the client
			$client_group_id = $_SESSION["s"]["user"]["default_group"];
			$client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
			$client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

			// Check if the user may add another mailbox.
			@@ -97,7 +97,7 @@
			} // end if user is not admin

			//* Check for duplicates where IP and hostname are the same
			$tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE (type = 'A' AND name = '".$this->dataRecord["name"]."' AND zone = '".$this->dataRecord["zone"]."' and data = '".$this->dataRecord["data"]."' and id != ".$this->id.") OR (type = 'CNAME' AND name = '".$this->dataRecord["name"]."' AND zone = '".$this->dataRecord["zone"]."' and id != ".$this->id.")");
			$tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE (type = 'A' AND name = '".$app->db->quote($this->dataRecord["name"])."' AND zone = '".$app->db->quote($this->dataRecord["zone"])."' and data = '".$app->db->quote($this->dataRecord["data"])."' and id != ".$this->id.") OR (type = 'CNAME' AND name = '".$app->db->quote($this->dataRecord["name"])."' AND zone = '".$app->db->quote($this->dataRecord["zone"])."' and id != ".$this->id.")");
			if($tmp['number'] > 0) $app->tform->errorMessage .= $app->tform->lng("data_error_duplicate")."<br>";
			unset($tmp);

			@@ -52,7 +52,7 @@
			if($_SESSION['s']['user']['typ'] == 'admin') {
			$server_id = (isset($_POST['server_id']))?$app->functions->intval($_POST['server_id']):1;
			} else {
			$client_group_id = $_SESSION["s"]["user"]["default_group"];
			$client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
			$client = $app->db->queryOneRecord("SELECT default_dnsserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
			$server_id = $client["default_dnsserver"];
			}
			@@ -101,14 +101,14 @@
			if ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSION['s']['user']['userid'])) {

			// Get the limits of the client
			$client_group_id = $_SESSION["s"]["user"]["default_group"];
			$client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
			$client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


			// load the list of clients
			$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$client['client_id'];
			$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".intval($client['client_id']);
			$clients = $app->db->queryAllRecords($sql);
			$tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$client['client_id']);
			$tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".intval($client['client_id']));
			$client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';
			if(is_array($clients)) {
			foreach( $clients as $client) {
			@@ -648,7 +648,7 @@
			foreach($dns_rr as $rr)
			{
			$insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `zone`, `name`, `type`, `data`, `aux`, `ttl`, `active`) VALUES
			('$sys_userid', '$sys_groupid', 'riud', 'riud', '', '$server_id', '$dns_soa_id', '$rr[name]', '$rr[type]', '$rr[data]', '$rr[aux]', '$rr[ttl]', 'Y')";
			('$sys_userid', '$sys_groupid', 'riud', 'riud', '', '$server_id', '$dns_soa_id', '".$app->db->quote($rr['name'])."', '".$app->db->quote($rr['type'])."', '".$app->db->quote($rr['data'])."', '".$app->db->quote($rr['aux'])."', '".$app->db->quote($rr['ttl'])."', 'Y')";
			$dns_rr_id = $app->db->datalogInsert('dns_rr', $insert_data, 'id');
			}
			}

			@@ -87,7 +87,7 @@
			} else if($app->auth->has_clients($_SESSION['s']['user']['userid'])) {

			// Get the limits of the client
			$client_group_id = $_SESSION["s"]["user"]["default_group"];
			$client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
			$client = $app->db->queryOneRecord("SELECT client.client_id, sys_group.name, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

			// Fill the client select field
			@@ -122,7 +122,7 @@

			if($_SESSION["s"]["user"]["typ"] != 'admin') {
			// Get the limits of the client
			$client_group_id = $_SESSION["s"]["user"]["default_group"];
			$client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
			$client = $app->db->queryOneRecord("SELECT limit_dns_slave_zone, default_slave_dnsserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

			// When the record is updated
			@@ -150,7 +150,7 @@
			if(strlen($this->dataRecord["origin"]) > 0 && substr($this->dataRecord["origin"], -1, 1) != '.') $this->dataRecord["origin"] .= '.';

			//* Check if a primary zone with the same name already exists
			$tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_soa WHERE origin = \"".$this->dataRecord["origin"]."\" AND server_id= \"".$this->dataRecord["server_id"]."\"");
			$tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_soa WHERE origin = \"".$app->db->quote($this->dataRecord["origin"])."\" AND server_id= \"".$app->db->quote($this->dataRecord["server_id"])."\"");
			if($tmp["number"] > 0) {
			$app->error($app->tform->wordbook["origin_error_unique"]);
			}
			@@ -162,7 +162,7 @@
			global $app, $conf;

			// Check if record is existing already
			$duplicate_slave = $app->db->queryOneRecord("SELECT * FROM dns_slave WHERE origin = '".$this->dataRecord["origin"]."' AND server_id = ".$app->functions->intval($this->dataRecord["server_id"])." AND ".$app->tform->getAuthSQL('r'));
			$duplicate_slave = $app->db->queryOneRecord("SELECT * FROM dns_slave WHERE origin = '".$app->db->quote($this->dataRecord["origin"])."' AND server_id = ".$app->functions->intval($this->dataRecord["server_id"])." AND ".$app->tform->getAuthSQL('r'));

			if(is_array($duplicate_slave) && !empty($duplicate_slave)) $app->error($app->tform->wordbook["origin_error_unique"]);

			@@ -49,9 +49,9 @@
			if($_SESSION['s']['user']['typ'] == 'admin') {
			$server_id = (isset($_POST['server_id']))?$app->functions->intval($_POST['server_id']):1;
			} else {
			$client_group_id = $_SESSION["s"]["user"]["default_group"];
			$client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
			$client = $app->db->queryOneRecord("SELECT default_dnsserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
			$server_id = $client["default_dnsserver"];
			$server_id = intval($client["default_dnsserver"]);
			}


			@@ -105,7 +105,7 @@
			// load the list of clients
			$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$client['client_id'];
			$clients = $app->db->queryAllRecords($sql);
			$tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$client['client_id']);
			$tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".intval($client['client_id']));
			$client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';
			if(is_array($clients)) {
			foreach( $clients as $client) {